[thirdparty/systemd.git] / src / resolve / dns-type.c

/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/

/***
  This file is part of systemd.

  Copyright 2014 Zbigniew Jędrzejewski-Szmek

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/

#include <sys/socket.h>

#include "dns-type.h"
#include "parse-util.h"
#include "string-util.h"

typedef const struct {
        uint16_t type;
        const char *name;
} dns_type;

static const struct dns_type_name *
lookup_dns_type (register const char *str, register unsigned int len);

#include "dns_type-from-name.h"
#include "dns_type-to-name.h"

int dns_type_from_string(const char *s) {
        const struct dns_type_name *sc;

        assert(s);

        sc = lookup_dns_type(s, strlen(s));
        if (sc)
                return sc->id;

        s = startswith_no_case(s, "TYPE");
        if (s) {
                unsigned x;

                if (safe_atou(s, &x) >= 0 &&
                    x <= UINT16_MAX)
                        return (int) x;
        }

        return _DNS_TYPE_INVALID;
}

bool dns_type_is_pseudo(uint16_t type) {

        /* Checks whether the specified type is a "pseudo-type". What
         * a "pseudo-type" precisely is, is defined only very weakly,
         * but apparently entails all RR types that are not actually
         * stored as RRs on the server and should hence also not be
         * cached. We use this list primarily to validate NSEC type
         * bitfields, and to verify what to cache. */

        return IN_SET(type,
                      0, /* A Pseudo RR type, according to RFC 2931 */
                      DNS_TYPE_ANY,
                      DNS_TYPE_AXFR,
                      DNS_TYPE_IXFR,
                      DNS_TYPE_OPT,
                      DNS_TYPE_TSIG,
                      DNS_TYPE_TKEY
        );
}

bool dns_class_is_pseudo(uint16_t class) {
        return class == DNS_TYPE_ANY;
}

bool dns_type_is_valid_query(uint16_t type) {

        /* The types valid as questions in packets */

        return !IN_SET(type,
                       0,
                       DNS_TYPE_OPT,
                       DNS_TYPE_TSIG,
                       DNS_TYPE_TKEY,

                       /* RRSIG are technically valid as questions, but we refuse doing explicit queries for them, as
                        * they aren't really payload, but signatures for payload, and cannot be validated on their
                        * own. After all they are the signatures, and have no signatures of their own validating
                        * them. */
                       DNS_TYPE_RRSIG);
}

bool dns_type_is_valid_rr(uint16_t type) {

        /* The types valid as RR in packets (but not necessarily
         * stored on servers). */

        return !IN_SET(type,
                       DNS_TYPE_ANY,
                       DNS_TYPE_AXFR,
                       DNS_TYPE_IXFR);
}

bool dns_class_is_valid_rr(uint16_t class) {
        return class != DNS_CLASS_ANY;
}

bool dns_type_may_redirect(uint16_t type) {
        /* The following record types should never be redirected using
         * CNAME/DNAME RRs. See
         * <https://tools.ietf.org/html/rfc4035#section-2.5>. */

        if (dns_type_is_pseudo(type))
                return false;

        return !IN_SET(type,
                       DNS_TYPE_CNAME,
                       DNS_TYPE_DNAME,
                       DNS_TYPE_NSEC3,
                       DNS_TYPE_NSEC,
                       DNS_TYPE_RRSIG,
                       DNS_TYPE_NXT,
                       DNS_TYPE_SIG,
                       DNS_TYPE_KEY);
}

bool dns_type_may_wildcard(uint16_t type) {

        /* The following records may not be expanded from wildcard RRsets */

        if (dns_type_is_pseudo(type))
                return false;

        return !IN_SET(type,
                       DNS_TYPE_NSEC3,
                       DNS_TYPE_SOA,

                       /* Prohibited by https://tools.ietf.org/html/rfc4592#section-4.4 */
                       DNS_TYPE_DNAME);
}

bool dns_type_apex_only(uint16_t type) {

        /* Returns true for all RR types that may only appear signed in a zone apex */

        return IN_SET(type,
                      DNS_TYPE_SOA,
                      DNS_TYPE_NS,            /* this one can appear elsewhere, too, but not signed */
                      DNS_TYPE_DNSKEY,
                      DNS_TYPE_NSEC3PARAM);
}

bool dns_type_is_dnssec(uint16_t type) {
        return IN_SET(type,
                      DNS_TYPE_DS,
                      DNS_TYPE_DNSKEY,
                      DNS_TYPE_RRSIG,
                      DNS_TYPE_NSEC,
                      DNS_TYPE_NSEC3,
                      DNS_TYPE_NSEC3PARAM);
}

bool dns_type_is_obsolete(uint16_t type) {
        return IN_SET(type,
                      /* Obsoleted by RFC 973 */
                      DNS_TYPE_MD,
                      DNS_TYPE_MF,
                      DNS_TYPE_MAILA,

                      /* Kinda obsoleted by RFC 2505 */
                      DNS_TYPE_MB,
                      DNS_TYPE_MG,
                      DNS_TYPE_MR,
                      DNS_TYPE_MINFO,
                      DNS_TYPE_MAILB,

                      /* RFC1127 kinda obsoleted this by recommending against its use */
                      DNS_TYPE_WKS,

                      /* Declared historical by RFC 6563 */
                      DNS_TYPE_A6,

                      /* Obsoleted by DNSSEC-bis */
                      DNS_TYPE_NXT,

                      /* RFC 1035 removed support for concepts that needed this from RFC 883 */
                      DNS_TYPE_NULL);
}

int dns_type_to_af(uint16_t t) {
        switch (t) {

        case DNS_TYPE_A:
                return AF_INET;

        case DNS_TYPE_AAAA:
                return AF_INET6;

        case DNS_TYPE_ANY:
                return AF_UNSPEC;

        default:
                return -EINVAL;
        }
}

const char *dns_class_to_string(uint16_t class) {

        switch (class) {

        case DNS_CLASS_IN:
                return "IN";

        case DNS_CLASS_ANY:
                return "ANY";
        }

        return NULL;
}

int dns_class_from_string(const char *s) {

        if (!s)
                return _DNS_CLASS_INVALID;

        if (strcaseeq(s, "IN"))
                return DNS_CLASS_IN;
        else if (strcaseeq(s, "ANY"))
                return DNS_CLASS_ANY;

        return _DNS_CLASS_INVALID;
}

const char* tlsa_cert_usage_to_string(uint8_t cert_usage) {

        switch (cert_usage) {

        case 0:
                return "CA constraint";

        case 1:
                return "Service certificate constraint";

        case 2:
                return "Trust anchor assertion";

        case 3:
                return "Domain-issued certificate";

        case 4 ... 254:
                return "Unassigned";

        case 255:
                return "Private use";
        }

        return NULL;  /* clang cannot count that we covered everything */
}

const char* tlsa_selector_to_string(uint8_t selector) {
        switch (selector) {

        case 0:
                return "Full Certificate";

        case 1:
                return "SubjectPublicKeyInfo";

        case 2 ... 254:
                return "Unassigned";

        case 255:
                return "Private use";
        }

        return NULL;
}

const char* tlsa_matching_type_to_string(uint8_t selector) {

        switch (selector) {

        case 0:
                return "No hash used";

        case 1:
                return "SHA-256";

        case 2:
                return "SHA-512";

        case 3 ... 254:
                return "Unassigned";

        case 255:
                return "Private use";
        }

        return NULL;
}
Commit	Line	Data
7263f724 ZJS	1	/-- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil --/
	2
	3	/***
	4	This file is part of systemd.
	5
	6	Copyright 2014 Zbigniew Jędrzejewski-Szmek
	7
	8	systemd is free software; you can redistribute it and/or modify it
	9	under the terms of the GNU Lesser General Public License as published by
	10	the Free Software Foundation; either version 2.1 of the License, or
	11	(at your option) any later version.
	12
	13	systemd is distributed in the hope that it will be useful, but
	14	WITHOUT ANY WARRANTY; without even the implied warranty of
	15	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	16	Lesser General Public License for more details.
	17
	18	You should have received a copy of the GNU Lesser General Public License
	19	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	20	***/
	21
d07b43a1 LP	22	#include <sys/socket.h>
d07b43a1 LP	23
7263f724	24	#include "dns-type.h"
869b3b67	25	#include "parse-util.h"
4b548ef3	26	#include "string-util.h"
7263f724 ZJS	27
	28	typedef const struct {
	29	uint16_t type;
	30	const char *name;
	31	} dns_type;
	32
	33	static const struct dns_type_name *
	34	lookup_dns_type (register const char *str, register unsigned int len);
	35
	36	#include "dns_type-from-name.h"
	37	#include "dns_type-to-name.h"
	38
de292aa1	39	int dns_type_from_string(const char *s) {
7263f724 ZJS	40	const struct dns_type_name *sc;
	41
	42	assert(s);
7263f724 ZJS	43
7263f724 ZJS	44	sc = lookup_dns_type(s, strlen(s));
869b3b67 ZJS	45	if (sc)
869b3b67 ZJS	46	return sc->id;
7263f724	47
869b3b67 ZJS	48	s = startswith_no_case(s, "TYPE");
	49	if (s) {
	50	unsigned x;
	51
	52	if (safe_atou(s, &x) >= 0 &&
	53	x <= UINT16_MAX)
	54	return (int) x;
	55	}
	56
	57	return _DNS_TYPE_INVALID;
7263f724	58	}
8e6edc49	59
bea4c76f LP	60	bool dns_type_is_pseudo(uint16_t type) {
	61
	62	/* Checks whether the specified type is a "pseudo-type". What
	63	* a "pseudo-type" precisely is, is defined only very weakly,
	64	* but apparently entails all RR types that are not actually
	65	* stored as RRs on the server and should hence also not be
	66	* cached. We use this list primarily to validate NSEC type
c33be4a6	67	* bitfields, and to verify what to cache. */
bea4c76f LP	68
	69	return IN_SET(type,
	70	0, /* A Pseudo RR type, according to RFC 2931 */
	71	DNS_TYPE_ANY,
	72	DNS_TYPE_AXFR,
	73	DNS_TYPE_IXFR,
	74	DNS_TYPE_OPT,
	75	DNS_TYPE_TSIG,
	76	DNS_TYPE_TKEY
	77	);
8e6edc49	78	}
c463eb78	79
4b548ef3 LP	80	bool dns_class_is_pseudo(uint16_t class) {
	81	return class == DNS_TYPE_ANY;
	82	}
	83
c463eb78 LP	84	bool dns_type_is_valid_query(uint16_t type) {
	85
	86	/* The types valid as questions in packets */
	87
	88	return !IN_SET(type,
	89	0,
	90	DNS_TYPE_OPT,
	91	DNS_TYPE_TSIG,
04680e36 LP	92	DNS_TYPE_TKEY,
	93
	94	/* RRSIG are technically valid as questions, but we refuse doing explicit queries for them, as
	95	* they aren't really payload, but signatures for payload, and cannot be validated on their
	96	* own. After all they are the signatures, and have no signatures of their own validating
	97	* them. */
	98	DNS_TYPE_RRSIG);
c463eb78 LP	99	}
	100
	101	bool dns_type_is_valid_rr(uint16_t type) {
	102
	103	/* The types valid as RR in packets (but not necessarily
	104	* stored on servers). */
	105
	106	return !IN_SET(type,
	107	DNS_TYPE_ANY,
	108	DNS_TYPE_AXFR,
	109	DNS_TYPE_IXFR);
	110	}
4b548ef3 LP	111
	112	bool dns_class_is_valid_rr(uint16_t class) {
	113	return class != DNS_CLASS_ANY;
	114	}
	115
d3c7e913 LP	116	bool dns_type_may_redirect(uint16_t type) {
	117	/* The following record types should never be redirected using
	118	* CNAME/DNAME RRs. See
	119	* <https://tools.ietf.org/html/rfc4035#section-2.5>. */
	120
	121	if (dns_type_is_pseudo(type))
	122	return false;
	123
	124	return !IN_SET(type,
	125	DNS_TYPE_CNAME,
	126	DNS_TYPE_DNAME,
	127	DNS_TYPE_NSEC3,
	128	DNS_TYPE_NSEC,
	129	DNS_TYPE_RRSIG,
	130	DNS_TYPE_NXT,
	131	DNS_TYPE_SIG,
	132	DNS_TYPE_KEY);
	133	}
	134
e8233bce LP	135	bool dns_type_may_wildcard(uint16_t type) {
	136
	137	/* The following records may not be expanded from wildcard RRsets */
	138
	139	if (dns_type_is_pseudo(type))
	140	return false;
	141
	142	return !IN_SET(type,
	143	DNS_TYPE_NSEC3,
	144	DNS_TYPE_SOA,
	145
	146	/* Prohibited by https://tools.ietf.org/html/rfc4592#section-4.4 */
	147	DNS_TYPE_DNAME);
	148	}
	149
588c53d0 LP	150	bool dns_type_apex_only(uint16_t type) {
	151
	152	/* Returns true for all RR types that may only appear signed in a zone apex */
	153
	154	return IN_SET(type,
	155	DNS_TYPE_SOA,
	156	DNS_TYPE_NS, /* this one can appear elsewhere, too, but not signed */
	157	DNS_TYPE_DNSKEY,
	158	DNS_TYPE_NSEC3PARAM);
	159	}
	160
91adc4db LP	161	bool dns_type_is_dnssec(uint16_t type) {
	162	return IN_SET(type,
	163	DNS_TYPE_DS,
	164	DNS_TYPE_DNSKEY,
	165	DNS_TYPE_RRSIG,
	166	DNS_TYPE_NSEC,
	167	DNS_TYPE_NSEC3,
	168	DNS_TYPE_NSEC3PARAM);
	169	}
	170
d0129ddb LP	171	bool dns_type_is_obsolete(uint16_t type) {
	172	return IN_SET(type,
	173	/* Obsoleted by RFC 973 */
	174	DNS_TYPE_MD,
	175	DNS_TYPE_MF,
	176	DNS_TYPE_MAILA,
	177
	178	/* Kinda obsoleted by RFC 2505 */
	179	DNS_TYPE_MB,
	180	DNS_TYPE_MG,
	181	DNS_TYPE_MR,
	182	DNS_TYPE_MINFO,
	183	DNS_TYPE_MAILB,
	184
	185	/* RFC1127 kinda obsoleted this by recommending against its use */
	186	DNS_TYPE_WKS,
	187
	188	/* Declared historical by RFC 6563 */
	189	DNS_TYPE_A6,
	190
	191	/* Obsoleted by DNSSEC-bis */
	192	DNS_TYPE_NXT,
	193
	194	/* RFC 1035 removed support for concepts that needed this from RFC 883 */
	195	DNS_TYPE_NULL);
	196	}
	197
d07b43a1 LP	198	int dns_type_to_af(uint16_t t) {
	199	switch (t) {
	200
	201	case DNS_TYPE_A:
	202	return AF_INET;
	203
	204	case DNS_TYPE_AAAA:
	205	return AF_INET6;
	206
	207	case DNS_TYPE_ANY:
	208	return AF_UNSPEC;
	209
	210	default:
	211	return -EINVAL;
	212	}
	213	}
	214
4b548ef3 LP	215	const char *dns_class_to_string(uint16_t class) {
	216
	217	switch (class) {
	218
	219	case DNS_CLASS_IN:
	220	return "IN";
	221
	222	case DNS_CLASS_ANY:
	223	return "ANY";
	224	}
	225
	226	return NULL;
	227	}
	228
	229	int dns_class_from_string(const char *s) {
	230
	231	if (!s)
	232	return _DNS_CLASS_INVALID;
	233
	234	if (strcaseeq(s, "IN"))
	235	return DNS_CLASS_IN;
	236	else if (strcaseeq(s, "ANY"))
	237	return DNS_CLASS_ANY;
	238
	239	return _DNS_CLASS_INVALID;
	240	}
cfb90da3 ZJS	241
cfb90da3 ZJS	242	const char* tlsa_cert_usage_to_string(uint8_t cert_usage) {
fb8a9fc9 LP	243
	244	switch (cert_usage) {
	245
	246	case 0:
	247	return "CA constraint";
	248
	249	case 1:
	250	return "Service certificate constraint";
	251
	252	case 2:
	253	return "Trust anchor assertion";
	254
	255	case 3:
	256	return "Domain-issued certificate";
	257
	258	case 4 ... 254:
	259	return "Unassigned";
	260
	261	case 255:
	262	return "Private use";
cfb90da3	263	}
fb8a9fc9 LP	264
fb8a9fc9 LP	265	return NULL; /* clang cannot count that we covered everything */
cfb90da3 ZJS	266	}
	267
	268	const char* tlsa_selector_to_string(uint8_t selector) {
fb8a9fc9 LP	269	switch (selector) {
	270
	271	case 0:
	272	return "Full Certificate";
	273
	274	case 1:
	275	return "SubjectPublicKeyInfo";
	276
	277	case 2 ... 254:
	278	return "Unassigned";
	279
	280	case 255:
	281	return "Private use";
cfb90da3	282	}
fb8a9fc9 LP	283
fb8a9fc9 LP	284	return NULL;
cfb90da3 ZJS	285	}
	286
	287	const char* tlsa_matching_type_to_string(uint8_t selector) {
fb8a9fc9 LP	288
	289	switch (selector) {
	290
	291	case 0:
	292	return "No hash used";
	293
	294	case 1:
	295	return "SHA-256";
	296
	297	case 2:
	298	return "SHA-512";
	299
	300	case 3 ... 254:
	301	return "Unassigned";
	302
	303	case 255:
	304	return "Private use";
cfb90da3	305	}
fb8a9fc9 LP	306
fb8a9fc9 LP	307	return NULL;
cfb90da3	308	}