Skip to content
This repository

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse code

Add client support for multiple domain names.

For fun, support multiple domain names:

    sdt sshdns.a.example.com sshdns.b.example.com \
        sshdns.a.example1.com sshdns.b.example1.com

Update server to check a list of domain names. The server checks domain
names to prevent responding to random queries/scans. This can be disabled
by using the keyword "any" as a domain name, i.e.:

    sods any
  • Loading branch information...
commit 728463479073207dff47e5df616e98fb5228f6e9 1 parent 6508a9d
Michael Santos authored January 04, 2010
26  sdt/sdt.c
@@ -40,6 +40,7 @@ main(int argc, char *argv[])
40 40
     pid_t pid = 0;
41 41
     int nd = 0;
42 42
     int ch = 0;
  43
+    int di = 0;
43 44
 
44 45
     IS_NULL(ss = (SDT_STATE *)calloc(1, sizeof(SDT_STATE)));
45 46
 
@@ -57,7 +58,9 @@ main(int argc, char *argv[])
57 58
     ss->type = ns_t_txt;
58 59
     ss->verbose_lines = 100;
59 60
 
60  
-    while ( (ch = getopt(argc, argv, "A:B:b:dF:hM:m:R:r:S:s:T:t:vx:")) != -1) {
  61
+    ss->dname_next = &sdt_dns_dn_roundrobin;
  62
+
  63
+    while ( (ch = getopt(argc, argv, "A:B:b:dF:hM:m:n:R:r:S:s:T:t:vx:")) != -1) {
61 64
         switch (ch) {
62 65
             case 'A':	/* alarm, delay buf */
63 66
                 ss->delay = (u_int32_t)atoi(optarg);
@@ -80,6 +83,14 @@ main(int argc, char *argv[])
80 83
             case 'm':
81 84
                 ss->sleep = (u_int32_t)atoi(optarg);
82 85
                 break;
  86
+            case 'n':   /* strategy for shuffling domain name list */
  87
+                if (strcasecmp(optarg, "roundrobin") == 0)
  88
+                    ss->dname_next = &sdt_dns_dn_roundrobin;
  89
+                else if (strcasecmp(optarg, "random") == 0)
  90
+                    ss->dname_next = &sdt_dns_dn_random;
  91
+                else
  92
+                    usage(ss);
  93
+                break;
83 94
             case 'R':   /* Retry lookup */
84 95
                 sdt_dns_setopt(SDT_RES_RETRY, (u_int32_t)atoi(optarg));
85 96
                 break;
@@ -129,10 +140,16 @@ main(int argc, char *argv[])
129 140
     argc -= optind;
130 141
     argv += optind;
131 142
 
132  
-    if ( (argc != 1) || (strlen(argv[0]) > NS_MAXCDNAME - 1))
  143
+    if ( (argc == 0) || (argc >= MAXDNAMELIST))
133 144
         usage(ss);
134 145
 
135  
-    IS_NULL(ss->dname = strdup(argv[0]));
  146
+    ss->dname_max = argc;
  147
+    IS_NULL(ss->dname = (char **)calloc(argc, 1));
  148
+    for ( di = 0; di < argc; di++) {
  149
+        if (strlen(argv[di]) > NS_MAXCDNAME - 1)
  150
+            usage(ss);
  151
+        IS_NULL(ss->dname[di] = strdup(argv[di]));
  152
+    }
136 153
 
137 154
     IS_ERR(nd = open("/dev/null", O_RDWR, 0));
138 155
 
@@ -390,8 +407,9 @@ usage(SDT_STATE *ss)
390 407
     (void)fprintf(stderr, "-F <num>\tFast start, number of small packets to pass w/out buffering (0 to disable) [default: %d]\n", ss->faststart);
391 408
     (void)fprintf(stderr, "-M\tMaximum number of polling query failures [default: %d]\n", ss->maxpollfail);
392 409
     (void)fprintf(stderr, "-m\tMinimum time to sleep between nameserver queries [default: %d us]\n", ss->sleep);
  410
+    (void)fprintf(stderr, "-n <roundrobin|random>\tStrategy for shuffling domain names [default: roundrobin]\n");
393 411
     (void)fprintf(stderr, "-R <number>\tNumber of retries for lookup\n");
394  
-    (void)fprintf(stderr, "-r\tNameserver (or keyword: random, opendns, verizon, speakeasy)\n");
  412
+    (void)fprintf(stderr, "-r\tNameserver (or keyword: random, opendns, verizon, speakeasy, google)\n");
395 413
     (void)fprintf(stderr, "-S [rotate|blast]\tResolver strategy\n");
396 414
     (void)fprintf(stderr, "-T <number>\tUse TCP [0 = new connection for each request, 1 = pipeline requests]\n");
397 415
     (void)fprintf(stderr, "-t <DNS type>\tTXT, CNAME [Default = TXT]\n");
17  sdt/sdt.h
@@ -98,6 +98,8 @@
98 98
 #define MAXBACKOFF  3000    /* 3000 * 20000  = 60,000,000 (1/minute) */
99 99
 #define MAXPOLLFAIL  10      /* Number of TXT record failures before giving up */
100 100
 
  101
+#define MAXDNAMELIST 256    /* arbitrary cutoff for number of domains */
  102
+
101 103
 
102 104
 typedef union _SDT_ID {
103 105
     struct {
@@ -109,7 +111,9 @@ typedef union _SDT_ID {
109 111
 } SDT_ID;
110 112
 
111 113
 typedef struct _SDT_STATE {
112  
-    char        *dname;
  114
+    char        **dname;
  115
+    int         dname_max;
  116
+    int         dname_iterator;
113 117
     SDT_ID      sess;   
114 118
     size_t      sum;
115 119
     size_t      sum_up;
@@ -125,6 +129,8 @@ typedef struct _SDT_STATE {
125 129
     pid_t       child;
126 130
     int         verbose;
127 131
     int         verbose_lines;
  132
+
  133
+    char *(*dname_next)(void *state);
128 134
 } SDT_STATE;
129 135
 
130 136
 /* Resolver options */
@@ -151,10 +157,13 @@ int sdt_dns_parsens(SDT_STATE *ss, char *buf);
151 157
 int sdt_dns_A(SDT_STATE *ss, char *buf, ssize_t n);
152 158
 char *sdt_dns_poll(SDT_STATE *ss, size_t *len);
153 159
 char *sdt_dns_parse(SDT_STATE *ss, char *pkt, int *pktlen);
154  
-char * sdt_dns_dec_CNAME(SDT_STATE *ss, u_char *data, u_int16_t *n);
155  
-char * sdt_dns_dec_TXT(SDT_STATE *ss, u_char *data, u_int16_t *n);
156  
-char * sdt_dns_dec_NULL(SDT_STATE *ss, u_char *data, u_int16_t *n);
  160
+char *sdt_dns_dec_CNAME(SDT_STATE *ss, u_char *data, u_int16_t *n);
  161
+char *sdt_dns_dec_TXT(SDT_STATE *ss, u_char *data, u_int16_t *n);
  162
+char *sdt_dns_dec_NULL(SDT_STATE *ss, u_char *data, u_int16_t *n);
157 163
 void sdt_dns_print_servers(SDT_STATE *ss);
  164
+char *sdt_dns_dn_roundrobin(void *state);
  165
+char *sdt_dns_dn_random(void *state);
  166
+
158 167
 
159 168
 void sdt_rand_init(void);
160 169
 #ifndef HAVE_ARC4RANDOM
22  sdt/sdt_dns.c
@@ -136,7 +136,7 @@ sdt_dns_A(SDT_STATE *ss, char *buf, ssize_t n)
136 136
      *  $temp_payload.$nonce-$sum_up.id-$id.up.$extension
137 137
      */
138 138
     (void)snprintf(query, sizeof(query), "%s.%u-%u.id-%u.up.%s",
139  
-            dn, nonce, (u_int32_t)ss->sum_up, htonl(ss->sess.id), ss->dname);
  139
+            dn, nonce, (u_int32_t)ss->sum_up, htonl(ss->sess.id), ss->dname_next(ss));
140 140
 
141 141
     VERBOSE(2, "A:%s\n", query);
142 142
     if (res_search(query, ns_c_in, ns_t_a, (u_char *)&pkt, sizeof(pkt)) < 0) {
@@ -166,7 +166,7 @@ sdt_dns_poll(SDT_STATE *ss, size_t *len)
166 166
      *  $sum-$nonce.id-$id.down.$extension
167 167
      */
168 168
     (void)snprintf(query, sizeof(query), "%u-%u.id-%u.down.%s",
169  
-            (u_int32_t)ss->sum, nonce, htonl(ss->sess.id), ss->dname);
  169
+            (u_int32_t)ss->sum, nonce, htonl(ss->sess.id), ss->dname_next(ss));
170 170
 
171 171
     VERBOSE(2, "POLL:%s\n", query);
172 172
 
@@ -415,3 +415,21 @@ sdt_dns_print_servers(SDT_STATE *ss)
415 415
     }
416 416
 }
417 417
 
  418
+
  419
+/* Strategies for iterating through multiple
  420
+ * domain names */
  421
+    char *
  422
+sdt_dns_dn_roundrobin(void *state)
  423
+{
  424
+    SDT_STATE *ss = state;
  425
+    return (ss->dname[ss->dname_iterator++ % ss->dname_max]);
  426
+}
  427
+
  428
+    char *
  429
+sdt_dns_dn_random(void *state)
  430
+{
  431
+    SDT_STATE *ss = state;
  432
+    return (ss->dname[sdt_rand() % ss->dname_max]);
  433
+}
  434
+
  435
+
11  sods/sods.c
@@ -39,6 +39,7 @@ main (int argc, char *argv[])
39 39
     SDS_STATE *ss = NULL;
40 40
 
41 41
     int ch = 0;
  42
+    int di = 0;
42 43
 
43 44
     IS_NULL(ss = (SDS_STATE *)calloc(1, sizeof(SDS_STATE)));
44 45
 
@@ -102,10 +103,16 @@ main (int argc, char *argv[])
102 103
     argc -= optind;
103 104
     argv += optind;
104 105
 
105  
-    if ( (argc != 1) || (strlen(argv[0]) > NS_MAXDNAME - 1))
  106
+    if ( (argc == 0) || (argc >= MAXDNAMELIST))
106 107
         usage(ss);
107 108
 
108  
-    IS_NULL(ss->dn = strdup(argv[0]));
  109
+    ss->dn_max = argc;
  110
+    IS_NULL(ss->dn = (char **)calloc(argc, 1));
  111
+    for ( di = 0; di < argc; di++) {
  112
+        if (strlen(argv[di]) > NS_MAXCDNAME - 1)
  113
+            usage(ss);
  114
+            IS_NULL(ss->dn[di] = strdup(argv[di]));
  115
+    }
109 116
 
110 117
     if (ss->fwd == NULL)
111 118
         (void)sds_parse_forward(ss, "127.0.0.1:22");
6  sods/sods.h
@@ -80,7 +80,8 @@
80 80
 #define BUFLEN          110
81 81
 #define NS_TXTREC       65535   /* see http://www.zeroconf.org/Rendezvous/txtrecords.html */
82 82
 
83  
-#define MAXFWDS  32     /* Maximum number of allowed forwarders */
  83
+#define MAXFWDS         32      /* Maximum number of allowed forwarders */
  84
+#define MAXDNAMELIST    256     /* Maximum number of domain names */
84 85
 
85 86
 typedef struct _SDS_FWD {
86 87
     u_int8_t    sess;           /* Unused */
@@ -89,7 +90,8 @@ typedef struct _SDS_FWD {
89 90
 
90 91
 typedef struct _SDS_STATE {
91 92
     int s;
92  
-    char *dn;
  93
+    char **dn;
  94
+    int dn_max;
93 95
     char *func;                     /* sshdns, socket ... */
94 96
     SDS_FWD *fwd;
95 97
     size_t fwds;                    /* number of forwarded sessions */
13  sods/sods_dns.c
@@ -408,6 +408,7 @@ sds_dns_packet(SDS_PKT *pkt, void *data, size_t len)
408 408
 sds_dns_checkdn(SDS_STATE *ss, char *domain)
409 409
 {
410 410
     char *p = NULL;
  411
+    int i = 0;
411 412
 
412 413
     p = strchr(domain, '.');
413 414
     *p++ = '\0';
@@ -417,11 +418,15 @@ sds_dns_checkdn(SDS_STATE *ss, char *domain)
417 418
         return (-1);
418 419
 #endif
419 420
 
420  
-    if (strncmp(ss->dn, p, strlen(ss->dn)+1) != 0) {
421  
-        VERBOSE(1, "rejecting request for domain: %s\n", p);
422  
-        return (-1);
  421
+    if (strcmp(ss->dn[0], "any") == 0)
  422
+        return (0);
  423
+
  424
+    for ( i = 0; i < ss->dn_max; i++) {
  425
+        if (strncmp(ss->dn[i], p, strlen(ss->dn[i])+1) == 0)
  426
+            return (0);
423 427
     }
424 428
 
425  
-    return (0);
  429
+    VERBOSE(1, "rejecting request for domain: %s\n", p);
  430
+    return (-1);
426 431
 }
427 432
 

0 notes on commit 7284634

Please sign in to comment.
Something went wrong with that request. Please try again.