diff options
| -rw-r--r-- | scripts/.gitignore | 1 | ||||
| -rw-r--r-- | scripts/Makefile.am | 5 | ||||
| -rw-r--r-- | scripts/dnssec.c | 125 |
3 files changed, 130 insertions, 1 deletions
diff --git a/scripts/.gitignore b/scripts/.gitignore index 2c8b8008d..b97347fbd 100644 --- a/scripts/.gitignore +++ b/scripts/.gitignore @@ -11,3 +11,4 @@ crypt_burn hash_burn tls_test fetch +dnssec diff --git a/scripts/Makefile.am b/scripts/Makefile.am index ea399e84c..f7ecd9ef6 100644 --- a/scripts/Makefile.am +++ b/scripts/Makefile.am @@ -3,7 +3,8 @@ AM_CFLAGS = \ -DPLUGINS="\"${scripts_plugins}\"" noinst_PROGRAMS = bin2array bin2sql id2sql key2keyid keyid2sql oid2der \ - thread_analysis dh_speed pubkey_speed crypt_burn hash_burn fetch + thread_analysis dh_speed pubkey_speed crypt_burn hash_burn fetch \ + dnssec if USE_TLS noinst_PROGRAMS += tls_test @@ -24,6 +25,7 @@ pubkey_speed_SOURCES = pubkey_speed.c crypt_burn_SOURCES = crypt_burn.c hash_burn_SOURCES = hash_burn.c fetch_SOURCES = fetch.c +dnssec_SOURCES = dnssec.c id2sql_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la key2keyid_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la keyid2sql_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la @@ -33,6 +35,7 @@ pubkey_speed_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la -lrt crypt_burn_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la hash_burn_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la fetch_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la +dnssec_LDADD = $(top_builddir)/src/libstrongswan/libstrongswan.la key2keyid.o : $(top_builddir)/config.status diff --git a/scripts/dnssec.c b/scripts/dnssec.c new file mode 100644 index 000000000..89ea56ea6 --- /dev/null +++ b/scripts/dnssec.c @@ -0,0 +1,125 @@ +/* + * Copyright (C) 2011-2012 Reto Guadagnini + * Hochschule fuer Technik Rapperswil + * + * This program is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License as published by the + * Free Software Foundation; either version 2 of the License, or (at your + * option) any later version. See <http://www.fsf.org/copyleft/gpl.txt>. + * + * This program is distributed in the hope that it will be useful, but + * WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY + * or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * for more details. + */ + +#include <stdio.h> + +#include <library.h> + +int main(int argc, char *argv[]) +{ + resolver_t *resolver; + resolver_response_t *response; + enumerator_t *enumerator; + rr_set_t *rrset; + rr_t *rr; + chunk_t chunk; + + library_init(NULL); + atexit(library_deinit); + if (!lib->plugins->load(lib->plugins, NULL, PLUGINS)) + { + return 1; + } + if (argc != 2) + { + fprintf(stderr, "usage: %s <name>\n", argv[0]); + return 1; + } + + resolver = lib->resolver->create(lib->resolver); + if (!resolver) + { + printf("failed to create a resolver!\n"); + return 1; + } + + response = resolver->query(resolver, argv[1], RR_CLASS_IN, RR_TYPE_A); + if (!response) + { + printf("no response received!\n"); + resolver->destroy(resolver); + return 1; + } + + printf("DNS response:\n"); + if (!response->has_data(response) || !response->query_name_exist(response)) + { + if (!response->has_data(response)) + { + printf(" no data in the response\n"); + } + if (!response->query_name_exist(response)) + { + printf(" query name does not exist\n"); + } + response->destroy(response); + resolver->destroy(resolver); + return 1; + } + + printf(" RRs in the response:\n"); + rrset = response->get_rr_set(response); + if (!rrset) + { + printf(" response contains no RRset!\n"); + response->destroy(response); + resolver->destroy(resolver); + return 1; + } + + enumerator = rrset->create_rr_enumerator(rrset); + while (enumerator->enumerate(enumerator, &rr)) + { + printf(" name: "); + printf(rr->get_name(rr)); + printf("\n"); + } + + enumerator = rrset->create_rrsig_enumerator(rrset); + if (enumerator) + { + printf(" RRSIGs for the RRset:\n"); + while (enumerator->enumerate(enumerator, &rr)) + { + printf(" name: "); + printf(rr->get_name(rr)); + printf("\n RDATA: "); + chunk = rr->get_rdata(rr); + chunk = chunk_to_hex(chunk, NULL, TRUE); + printf(chunk.ptr); + printf("\n"); + } + } + + printf(" security status of the response: "); + switch (response->get_security_state(response)) + { + case SECURE: + printf("SECURE\n\n"); + break; + case INSECURE: + printf("INSECURE\n\n"); + break; + case BOGUS: + printf("BOGUS\n\n"); + break; + case INDETERMINATE: + printf("INDETERMINATE\n\n"); + break; + } + response->destroy(response); + resolver->destroy(resolver); + return 0; +} |