I need to resolve some hostnames from my application. Is there any alternative to gethostbyname where I can give as a parameter my own DNS server to use as a resolver?
I have already coded my own function, but I thought there may be one I don't know about.
I am using Linux/C language. My libc is uclibc. But I am also curious about GNU LibC.
Thanks.
You'll need to do your own query, but it isn't difficult.
To do this, you would want to use the res_query() family of functions, which allow you to specify the resolver through an environmental variable:
The res_init() function reads the configuration files (see resolv.conf(5)) to get the default domain name, search order and name server address(es). If no server is given, the local host is tried. If no domain is given, that associated with the local host is used. It can be overridden with the environment variable LOCALDOMAIN
IBM's docs go a little more in depth with how to set the variable:
The configured search list (struct state.defdname and struct state.dnsrch) can be overridden by setting the environment variable LOCALDOMAIN to a space-separated list of up to 6 search domains with a total of 256 characters (including spaces). If a search list is specified, the default local domain is not used on queries.
Notes -
You should call setenv() prior to calling res_init(), or the setting will not be picked up. Remember to unset it once done, if applicable
If you use hostnames for the search domains, /etc/hosts still takes precedence.
res_init() was made properly reentrant in uclibc in 2007, so I'm pretty sure you could just use it for whatever purpose.
These functions have the additional benefit of being able to retrieve more detailed data (MX, etc) as well. Still, if you have something smaller that works equally well, there's no sense in not using it.
You can change the default DNS and use your own DNS server and then set it back to original DNS once you are done with your DNS services in your application.
First query the DNS and save the old DNS.
Set new DNS
Do your DNS services
Set the original back
Basically all the above steps is done by editing /etc/resolv.conf which can done by http://linux.die.net/man/3/resolver command in Linux.
Related
I'm working on a C project that makes connections to remote servers. Commonly, this involves using some small terminal macros I've added to my makefile to scp an executable to that remote server. While convenient, the only part of this I've not been able to readily streamline is the part where I need to enter the password.
Additionally, in my code, I'm already using system() calls to accomplish some minor terminal commands (like sort). I'd ALSO like to be able to enter a password if necessary here. For instance, if I wanted to build a string in my code to scp a local file to my remote server, it'd be really nice to have my code pull (and use) a password from somewhere so it can actually access that server.
Does anyone a little more experienced with Make know a way to build passwords into a makefile and/or a system() call in C? Bonus points if I can do it without any third-party software/libraries. I'm trying to keep this as self-contained as possible.
Edit: In reading responses, it's looking like the best strategy is to establish a preexisting ssh key relationship with the server to avoid the login process via something more secure. More work up front for less work in the future, by the sound of it, with additional security.
Thanks for the suggestions, all.
The solution is to not use a password. SSH, and thus SCP, has, among many many others, public key authentication, which is described all over the internet. Use that.
Generally, the problem you're trying to solve is called secret management, and the takeaway is that your authentication tokens (passwords, public keys, API keys…) should not be owned by your application software, but by something instructing the authenticating layer. In other words, the way forward really is that you enable SSH to connect on its own without you entering a password by choosing something that happens to not be an interactive authentication method. So, using a password here is less elegant than just using the generally favorable method of using a public key to authenticate with your server.
Passing passwords as command line option is generally a bad idea – that leaks these passwords into things like process listings, potentially log entries and so on. Don't do it.
Running ssh-keygen to create the keys. Then, adding/appending the local system's (e.g) .ssh/id_rsa.pub file to the remote's .ssh/authorized_keys file is the best way to go.
But, I had remote systems to access without passwords but the file was not installed on the remote (needing ssh-keygen to be run on the remote). Or, the remote .ssh/authorized_keys files did not have the public key from my local system in it.
I wanted a one-time automated/unattended script to add it. A chicken-and-the-egg problem.
I found sshpass
It will work like ssh and provide the password (similar to what expect does).
I installed it once on the local system.
Using this, the script would:
run ssh-keygen on the remote [if necessary]
Append the local .ssh/id_rsa.pub public key file to the remote's .ssh/authorized_keys
Copy back the remote's .ssh/id_rsa.pub file to the local system's .ssh/authorized_keys file [if desired]
Then, ssh etc. worked without any passwords.
UPDATE:
ssh_copy_id is your fried, too.
I had forgotten about that. But, when I was doing this, I had more complex requirements.
The aforementioned script would merge/combine all the public keys and update all the authorized_keys files on all the systems. This would be repeated anytime any new system was added to the mix.
you never need to run ssh-keygen on a remote host, especially not to generate an authorized_keys file. –
Marcus Müller
I think that was inferred but not implied as a requirement [particularly in context]. I hope the answer wasn't -1 for that.
Note that (1) ssh-keygen is needed for (3) copy back the public key.
Ironically, one of the tutorial pages for ssh-copy-id says run ssh-keygen first ...
It's been my exerience when setting up certain types of systems/clusters (e.g. a development host/PC and several remote/target/test ones), if one wants to do local-to-remote actions, invariably one wants to do:
remote-to-local actions -- (e.g.) I'm ssh'ed into a remote system and want to do rcp back to the development system.
The remote system needs to do a git clone/pull from [and, sometimes, git push to] the local git server.
remote-to-remote -- copying/streaming data between target systems.
This requires that each system have a private/public key pair and all systems have an authorized_keys file that has the public keys of all the other systems.
When I've not set up the systems that way it usually comes back to haunt me [usually late at night when I'm tired]. So, I just [axiomatically] set it up that way at the outset.
One of the reasons that I developed the script in the first place. Also, since we didn't want to have to maintain a fork of a given system/distro installer for production systems, we would:
Use the stock/standard distro installer CD/USB
Use the script to add the extra/custom config, S/W, drivers, etc.
I'm implementing a RESTful web API in an embedded stack which provides a webserver without the REST feature. To be precise, the embedded stack is RTCS which runs on top of the MQX RT operating system, the microcontroller is a Kinetis K60 from Freescale. I'm able to distinguish GET/POST/DELETE/PUT requests and to get the url with the parameters (let's say /this/firstValue/that/secondValue/...).
I use strtok to separate the different elements of the url and take decisions. But my code is just ugly because it's full of strcmp functions and if statements. I also need to check bounds for firstValue and secondValue (which I could do in set/get functions, but 2 functions for each parameter will be repetitve). Moreover I'd like to be able to add parameters without messing around with the decision tree.
I have two questions:
How would you make the code nice and dry?
Do you think a REST webservice is appropriate to control my microcontroller over the network? Do you have examples of such things? I'm using a REST webservice because it provides authentication (no secrecy however because I can't setup SSL sockets yet) and I think it's an elegant solution.
I evaluated some other solutions:
SNMP (snmpset/snmpget): it worked but setting up the MIBs was a real pain, and since it's SNMPv2 there is still no secrecy.
telnet server (I have no SSH solution yet): I don't see any advantage/drawback aside that REST will probably be easier to control from the outside, I'm testing it with curl :)
SOAP Remote Procedure Call (I just don't like it)
Any other idea ? I need something simple and scalable since there could be multiple targets to control. I have limited resources :s. I would need secrecy at some point, and I expect to have it when CyaSSL (an embedded ssl implemetation) is ported to MQX. They said it's happening next month so secrecy won't be an issue anymore but if you have other ideas...
--
Emilien
REST is an architectual pattern, So i guess you mean your server provides HTTP.
A resource is 'any data that can be named'. e.g. an LED on your embedded device could be a URI of '/leds/led3' You could change the data it holds (its state, rgb led? etc) with the standard PUT request, and GET should return its current state.
As for coding it, a generic tree structure maybe wise if memory permits to make path finding as simple as possible. With the data and function pointers (emulating objects) at the leafs
I have a linux server has an ad-hoc wireless network for clients to connect to. Once connected I want users to always be redirected to it's own web server no matter what URL they type in. The large solution would be to set up a full DNS server (with BIND or equivalent) but that seems like overkill. All I need is a simple program that will listen for any DNS request and always respond with the same IP address.
I looked around for one but couldn't seem to find one. It would preferably be written in C or Perl as I don't really want to install any other scripting languages.
Use Net::DNS::Nameserver and write your own reply handler.
For C, look at:
How to Build a custom simple DNS server in C/C++
Create custom DNS name server in C
I would suggest using dnsmasq. It's more full-featured than you absolutely need, but it's very well-written, small, and easy to install, and the only configuration you would need to give it is --address='/#/1.2.3.4' to tell it to answer all queries (that don't match some other rule) with the address 1.2.3.4. dnsmasq is well-known and maintained and probably a more robust server than Net::DNS::Nameserver.
I've used fakedns.py when reversing malware. It may be too limited for your situation.
As I answered in the other related question, I wrote a basic DNS server in C++ for a job interview under BSD license.
I think the code was pretty clean, though I didn't made unit tests :-(
I tested it with dig, and it took about a week understanding DNS protocol + implementing + documentation.
If anyone would want to extend it, I guess it would not be very difficult.
Because I think it only supported inverse queries, as that was asked in the exercise.
The code could be found here:
http://code.google.com/p/dns-server/
It was migrated to: https://github.com/tomasorti/dns-server
Looking for ideas on how to generate a Name Resolution request and specify to which server to dispatch the request.
I'm working on Linux.
Up until now, I found two options:
Use an external library which can be hooked for achieving this.
Anyone knows a reliable DNS library that can be used for a production system?
Use Network Namespaces to virtualize the stack and use mounting to link the name resolution server files per namespace (see iproute2 latest version). Requests issued from each namespace may have different servers.
please share your thoughts...
Linux actually comes with a resolver API. See the man(3) page for 'resolver', and link your application with -lresolv.
The libsres library (dnsval) from the DNSSEC-Tools project definitely lets you send queries to a particular server. I know because I've done just that inside the DNSSEC-Check application, which is also part of the DNSSEC-Tools project.
I am currently using libproxy to get the proxy information (if any) on RedHat and Debian Linux. It doesn't work all that well, but it's the only way I know I can use to get the proxy information from my code.
I need to stop using the lib since in most cases it doesn't recognize the proxy.
Is there any way to acquire the proxy information? What i mean is, is there a file (or group of files) i can read, or an env variable or an API or system call that i can use to get the information?
Gnome based code is OK, KDE might help as well but i am looking for something more generic.
The code is C.
Now, before anyone asks, I don't want to use libproxy anymore. Period. I don't want to start investigating why it doesn't work. I don't really want to know whether there is a new version of that lib. I know it might work, I just don't want to use it. i can't use it (just because). So please don't point me that way.
Code is appreciated.
thanks.
In linux, the "global proxy setting" is typically just environment variables that are usually set in /etc/profile. You can examine those variables to see what proxy is set.
The variables are:
http_proxy - the proxy for HTTP connections
ftp_proxy - the proxy for FTP connections
Using the Network Proxy Preferences tool under Gnome saves information in the GConf database. The path to the keys are /system/http_proxy and /system/proxy. You can read about the detail in those trees at this page.
You can access the GConf database using the library API. Note that GConf is based on GObject. To examine the contents of this tree using the command line, try the following:
gconftool-2 -R /system/http_proxy
This will provide a "name = value" listing of the tree, which may be usable in your application. Note that this requires a system() call, so it's not recommended for a deployed application, but it might help you get started.
GNOME has its own place to store the Proxy settings, and I am sure KDE or any other DE has its own place too. May be you can look for any mention of where Proxy settings should be store in the Linux Standard Base. That could hint you a standard of doing it irrespective of Distro or DE.
DE -> Desktop Environment
char* proxy = getenv("all_proxy");
This statement puts the value of the environment variable called all_proxy, which is used by the system as a global proxy, in your C variable.
To print it in bash, try env | grep 'all_proxy' | cut -d= -f 2.