]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/resolved-dns-rr.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
network: also introduce UseDomains= for [DHCPv6] section
[thirdparty/systemd.git] / src / resolve / resolved-dns-rr.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <math.h>
4
5 #include "alloc-util.h"
6 #include "dns-domain.h"
7 #include "dns-type.h"
8 #include "escape.h"
9 #include "hexdecoct.h"
10 #include "memory-util.h"
11 #include "resolved-dns-dnssec.h"
12 #include "resolved-dns-packet.h"
13 #include "resolved-dns-rr.h"
14 #include "string-table.h"
15 #include "string-util.h"
16 #include "strv.h"
17 #include "terminal-util.h"
18
19 DnsResourceKey* dns_resource_key_new(uint16_t class, uint16_t type, const char *name) {
20 DnsResourceKey *k;
21 size_t l;
22
23 assert(name);
24
25 l = strlen(name);
26 k = malloc0(sizeof(DnsResourceKey) + l + 1);
27 if (!k)
28 return NULL;
29
30 k->n_ref = 1;
31 k->class = class;
32 k->type = type;
33
34 strcpy((char*) k + sizeof(DnsResourceKey), name);
35
36 return k;
37 }
38
39 DnsResourceKey* dns_resource_key_new_redirect(const DnsResourceKey *key, const DnsResourceRecord *cname) {
40 int r;
41
42 assert(key);
43 assert(cname);
44
45 assert(IN_SET(cname->key->type, DNS_TYPE_CNAME, DNS_TYPE_DNAME));
46
47 if (cname->key->type == DNS_TYPE_CNAME)
48 return dns_resource_key_new(key->class, key->type, cname->cname.name);
49 else {
50 DnsResourceKey *k;
51 char *destination = NULL;
52
53 r = dns_name_change_suffix(dns_resource_key_name(key), dns_resource_key_name(cname->key), cname->dname.name, &destination);
54 if (r < 0)
55 return NULL;
56 if (r == 0)
57 return dns_resource_key_ref((DnsResourceKey*) key);
58
59 k = dns_resource_key_new_consume(key->class, key->type, destination);
60 if (!k)
61 return mfree(destination);
62
63 return k;
64 }
65 }
66
67 int dns_resource_key_new_append_suffix(DnsResourceKey **ret, DnsResourceKey *key, char *name) {
68 DnsResourceKey *new_key;
69 char *joined;
70 int r;
71
72 assert(ret);
73 assert(key);
74 assert(name);
75
76 if (dns_name_is_root(name)) {
77 *ret = dns_resource_key_ref(key);
78 return 0;
79 }
80
81 r = dns_name_concat(dns_resource_key_name(key), name, 0, &joined);
82 if (r < 0)
83 return r;
84
85 new_key = dns_resource_key_new_consume(key->class, key->type, joined);
86 if (!new_key) {
87 free(joined);
88 return -ENOMEM;
89 }
90
91 *ret = new_key;
92 return 0;
93 }
94
95 DnsResourceKey* dns_resource_key_new_consume(uint16_t class, uint16_t type, char *name) {
96 DnsResourceKey *k;
97
98 assert(name);
99
100 k = new(DnsResourceKey, 1);
101 if (!k)
102 return NULL;
103
104 *k = (DnsResourceKey) {
105 .n_ref = 1,
106 .class = class,
107 .type = type,
108 ._name = name,
109 };
110
111 return k;
112 }
113
114 DnsResourceKey* dns_resource_key_ref(DnsResourceKey *k) {
115
116 if (!k)
117 return NULL;
118
119 /* Static/const keys created with DNS_RESOURCE_KEY_CONST will
120 * set this to -1, they should not be reffed/unreffed */
121 assert(k->n_ref != UINT_MAX);
122
123 assert(k->n_ref > 0);
124 k->n_ref++;
125
126 return k;
127 }
128
129 DnsResourceKey* dns_resource_key_unref(DnsResourceKey *k) {
130 if (!k)
131 return NULL;
132
133 assert(k->n_ref != UINT_MAX);
134 assert(k->n_ref > 0);
135
136 if (k->n_ref == 1) {
137 free(k->_name);
138 free(k);
139 } else
140 k->n_ref--;
141
142 return NULL;
143 }
144
145 const char* dns_resource_key_name(const DnsResourceKey *key) {
146 const char *name;
147
148 if (!key)
149 return NULL;
150
151 if (key->_name)
152 name = key->_name;
153 else
154 name = (char*) key + sizeof(DnsResourceKey);
155
156 if (dns_name_is_root(name))
157 return ".";
158 else
159 return name;
160 }
161
162 bool dns_resource_key_is_address(const DnsResourceKey *key) {
163 assert(key);
164
165 /* Check if this is an A or AAAA resource key */
166
167 return key->class == DNS_CLASS_IN && IN_SET(key->type, DNS_TYPE_A, DNS_TYPE_AAAA);
168 }
169
170 bool dns_resource_key_is_dnssd_ptr(const DnsResourceKey *key) {
171 assert(key);
172
173 /* Check if this is a PTR resource key used in
174 Service Instance Enumeration as described in RFC6763 p4.1. */
175
176 if (key->type != DNS_TYPE_PTR)
177 return false;
178
179 return dns_name_endswith(dns_resource_key_name(key), "_tcp.local") ||
180 dns_name_endswith(dns_resource_key_name(key), "_udp.local");
181 }
182
183 int dns_resource_key_equal(const DnsResourceKey *a, const DnsResourceKey *b) {
184 int r;
185
186 if (a == b)
187 return 1;
188
189 r = dns_name_equal(dns_resource_key_name(a), dns_resource_key_name(b));
190 if (r <= 0)
191 return r;
192
193 if (a->class != b->class)
194 return 0;
195
196 if (a->type != b->type)
197 return 0;
198
199 return 1;
200 }
201
202 int dns_resource_key_match_rr(const DnsResourceKey *key, DnsResourceRecord *rr, const char *search_domain) {
203 int r;
204
205 assert(key);
206 assert(rr);
207
208 if (key == rr->key)
209 return 1;
210
211 /* Checks if an rr matches the specified key. If a search
212 * domain is specified, it will also be checked if the key
213 * with the search domain suffixed might match the RR. */
214
215 if (rr->key->class != key->class && key->class != DNS_CLASS_ANY)
216 return 0;
217
218 if (rr->key->type != key->type && key->type != DNS_TYPE_ANY)
219 return 0;
220
221 r = dns_name_equal(dns_resource_key_name(rr->key), dns_resource_key_name(key));
222 if (r != 0)
223 return r;
224
225 if (search_domain) {
226 _cleanup_free_ char *joined = NULL;
227
228 r = dns_name_concat(dns_resource_key_name(key), search_domain, 0, &joined);
229 if (r < 0)
230 return r;
231
232 return dns_name_equal(dns_resource_key_name(rr->key), joined);
233 }
234
235 return 0;
236 }
237
238 int dns_resource_key_match_cname_or_dname(const DnsResourceKey *key, const DnsResourceKey *cname, const char *search_domain) {
239 int r;
240
241 assert(key);
242 assert(cname);
243
244 if (cname->class != key->class && key->class != DNS_CLASS_ANY)
245 return 0;
246
247 if (!dns_type_may_redirect(key->type))
248 return 0;
249
250 if (cname->type == DNS_TYPE_CNAME)
251 r = dns_name_equal(dns_resource_key_name(key), dns_resource_key_name(cname));
252 else if (cname->type == DNS_TYPE_DNAME)
253 r = dns_name_endswith(dns_resource_key_name(key), dns_resource_key_name(cname));
254 else
255 return 0;
256
257 if (r != 0)
258 return r;
259
260 if (search_domain) {
261 _cleanup_free_ char *joined = NULL;
262
263 r = dns_name_concat(dns_resource_key_name(key), search_domain, 0, &joined);
264 if (r < 0)
265 return r;
266
267 if (cname->type == DNS_TYPE_CNAME)
268 return dns_name_equal(joined, dns_resource_key_name(cname));
269 else if (cname->type == DNS_TYPE_DNAME)
270 return dns_name_endswith(joined, dns_resource_key_name(cname));
271 }
272
273 return 0;
274 }
275
276 int dns_resource_key_match_soa(const DnsResourceKey *key, const DnsResourceKey *soa) {
277 assert(soa);
278 assert(key);
279
280 /* Checks whether 'soa' is a SOA record for the specified key. */
281
282 if (soa->class != key->class)
283 return 0;
284
285 if (soa->type != DNS_TYPE_SOA)
286 return 0;
287
288 return dns_name_endswith(dns_resource_key_name(key), dns_resource_key_name(soa));
289 }
290
291 static void dns_resource_key_hash_func(const DnsResourceKey *k, struct siphash *state) {
292 assert(k);
293
294 dns_name_hash_func(dns_resource_key_name(k), state);
295 siphash24_compress(&k->class, sizeof(k->class), state);
296 siphash24_compress(&k->type, sizeof(k->type), state);
297 }
298
299 static int dns_resource_key_compare_func(const DnsResourceKey *x, const DnsResourceKey *y) {
300 int r;
301
302 r = dns_name_compare_func(dns_resource_key_name(x), dns_resource_key_name(y));
303 if (r != 0)
304 return r;
305
306 r = CMP(x->type, y->type);
307 if (r != 0)
308 return r;
309
310 return CMP(x->class, y->class);
311 }
312
313 DEFINE_HASH_OPS(dns_resource_key_hash_ops, DnsResourceKey, dns_resource_key_hash_func, dns_resource_key_compare_func);
314
315 char* dns_resource_key_to_string(const DnsResourceKey *key, char *buf, size_t buf_size) {
316 const char *c, *t;
317 char *ans = buf;
318
319 /* If we cannot convert the CLASS/TYPE into a known string,
320 use the format recommended by RFC 3597, Section 5. */
321
322 c = dns_class_to_string(key->class);
323 t = dns_type_to_string(key->type);
324
325 snprintf(buf, buf_size, "%s %s%s%.0u %s%s%.0u",
326 dns_resource_key_name(key),
327 strempty(c), c ? "" : "CLASS", c ? 0 : key->class,
328 strempty(t), t ? "" : "TYPE", t ? 0 : key->type);
329
330 return ans;
331 }
332
333 bool dns_resource_key_reduce(DnsResourceKey **a, DnsResourceKey **b) {
334 assert(a);
335 assert(b);
336
337 /* Try to replace one RR key by another if they are identical, thus saving a bit of memory. Note that we do
338 * this only for RR keys, not for RRs themselves, as they carry a lot of additional metadata (where they come
339 * from, validity data, and suchlike), and cannot be replaced so easily by other RRs that have the same
340 * superficial data. */
341
342 if (!*a)
343 return false;
344 if (!*b)
345 return false;
346
347 /* We refuse merging const keys */
348 if ((*a)->n_ref == UINT_MAX)
349 return false;
350 if ((*b)->n_ref == UINT_MAX)
351 return false;
352
353 /* Already the same? */
354 if (*a == *b)
355 return true;
356
357 /* Are they really identical? */
358 if (dns_resource_key_equal(*a, *b) <= 0)
359 return false;
360
361 /* Keep the one which already has more references. */
362 if ((*a)->n_ref > (*b)->n_ref) {
363 dns_resource_key_unref(*b);
364 *b = dns_resource_key_ref(*a);
365 } else {
366 dns_resource_key_unref(*a);
367 *a = dns_resource_key_ref(*b);
368 }
369
370 return true;
371 }
372
373 DnsResourceRecord* dns_resource_record_new(DnsResourceKey *key) {
374 DnsResourceRecord *rr;
375
376 rr = new(DnsResourceRecord, 1);
377 if (!rr)
378 return NULL;
379
380 *rr = (DnsResourceRecord) {
381 .n_ref = 1,
382 .key = dns_resource_key_ref(key),
383 .expiry = USEC_INFINITY,
384 .n_skip_labels_signer = UINT_MAX,
385 .n_skip_labels_source = UINT_MAX,
386 };
387
388 return rr;
389 }
390
391 DnsResourceRecord* dns_resource_record_new_full(uint16_t class, uint16_t type, const char *name) {
392 _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL;
393
394 key = dns_resource_key_new(class, type, name);
395 if (!key)
396 return NULL;
397
398 return dns_resource_record_new(key);
399 }
400
401 static DnsResourceRecord* dns_resource_record_free(DnsResourceRecord *rr) {
402 assert(rr);
403
404 if (rr->key) {
405 switch(rr->key->type) {
406
407 case DNS_TYPE_SRV:
408 free(rr->srv.name);
409 break;
410
411 case DNS_TYPE_PTR:
412 case DNS_TYPE_NS:
413 case DNS_TYPE_CNAME:
414 case DNS_TYPE_DNAME:
415 free(rr->ptr.name);
416 break;
417
418 case DNS_TYPE_HINFO:
419 free(rr->hinfo.cpu);
420 free(rr->hinfo.os);
421 break;
422
423 case DNS_TYPE_TXT:
424 case DNS_TYPE_SPF:
425 dns_txt_item_free_all(rr->txt.items);
426 break;
427
428 case DNS_TYPE_SOA:
429 free(rr->soa.mname);
430 free(rr->soa.rname);
431 break;
432
433 case DNS_TYPE_MX:
434 free(rr->mx.exchange);
435 break;
436
437 case DNS_TYPE_DS:
438 free(rr->ds.digest);
439 break;
440
441 case DNS_TYPE_SSHFP:
442 free(rr->sshfp.fingerprint);
443 break;
444
445 case DNS_TYPE_DNSKEY:
446 free(rr->dnskey.key);
447 break;
448
449 case DNS_TYPE_RRSIG:
450 free(rr->rrsig.signer);
451 free(rr->rrsig.signature);
452 break;
453
454 case DNS_TYPE_NSEC:
455 free(rr->nsec.next_domain_name);
456 bitmap_free(rr->nsec.types);
457 break;
458
459 case DNS_TYPE_NSEC3:
460 free(rr->nsec3.next_hashed_name);
461 free(rr->nsec3.salt);
462 bitmap_free(rr->nsec3.types);
463 break;
464
465 case DNS_TYPE_LOC:
466 case DNS_TYPE_A:
467 case DNS_TYPE_AAAA:
468 break;
469
470 case DNS_TYPE_TLSA:
471 free(rr->tlsa.data);
472 break;
473
474 case DNS_TYPE_CAA:
475 free(rr->caa.tag);
476 free(rr->caa.value);
477 break;
478
479 case DNS_TYPE_OPENPGPKEY:
480 default:
481 if (!rr->unparsable)
482 free(rr->generic.data);
483 }
484
485 if (rr->unparsable)
486 free(rr->generic.data);
487
488 free(rr->wire_format);
489 dns_resource_key_unref(rr->key);
490 }
491
492 free(rr->to_string);
493 return mfree(rr);
494 }
495
496 DEFINE_TRIVIAL_REF_UNREF_FUNC(DnsResourceRecord, dns_resource_record, dns_resource_record_free);
497
498 int dns_resource_record_new_reverse(DnsResourceRecord **ret, int family, const union in_addr_union *address, const char *hostname) {
499 _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL;
500 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
501 _cleanup_free_ char *ptr = NULL;
502 int r;
503
504 assert(ret);
505 assert(address);
506 assert(hostname);
507
508 r = dns_name_reverse(family, address, &ptr);
509 if (r < 0)
510 return r;
511
512 key = dns_resource_key_new_consume(DNS_CLASS_IN, DNS_TYPE_PTR, ptr);
513 if (!key)
514 return -ENOMEM;
515
516 ptr = NULL;
517
518 rr = dns_resource_record_new(key);
519 if (!rr)
520 return -ENOMEM;
521
522 rr->ptr.name = strdup(hostname);
523 if (!rr->ptr.name)
524 return -ENOMEM;
525
526 *ret = TAKE_PTR(rr);
527
528 return 0;
529 }
530
531 int dns_resource_record_new_address(DnsResourceRecord **ret, int family, const union in_addr_union *address, const char *name) {
532 DnsResourceRecord *rr;
533
534 assert(ret);
535 assert(address);
536 assert(family);
537
538 if (family == AF_INET) {
539
540 rr = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_A, name);
541 if (!rr)
542 return -ENOMEM;
543
544 rr->a.in_addr = address->in;
545
546 } else if (family == AF_INET6) {
547
548 rr = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_AAAA, name);
549 if (!rr)
550 return -ENOMEM;
551
552 rr->aaaa.in6_addr = address->in6;
553 } else
554 return -EAFNOSUPPORT;
555
556 *ret = rr;
557
558 return 0;
559 }
560
561 #define FIELD_EQUAL(a, b, field) \
562 ((a).field ## _size == (b).field ## _size && \
563 memcmp_safe((a).field, (b).field, (a).field ## _size) == 0)
564
565 int dns_resource_record_payload_equal(const DnsResourceRecord *a, const DnsResourceRecord *b) {
566 int r;
567
568 /* Check if a and b are the same, but don't look at their keys */
569
570 if (a->unparsable != b->unparsable)
571 return 0;
572
573 switch (a->unparsable ? _DNS_TYPE_INVALID : a->key->type) {
574
575 case DNS_TYPE_SRV:
576 r = dns_name_equal(a->srv.name, b->srv.name);
577 if (r <= 0)
578 return r;
579
580 return a->srv.priority == b->srv.priority &&
581 a->srv.weight == b->srv.weight &&
582 a->srv.port == b->srv.port;
583
584 case DNS_TYPE_PTR:
585 case DNS_TYPE_NS:
586 case DNS_TYPE_CNAME:
587 case DNS_TYPE_DNAME:
588 return dns_name_equal(a->ptr.name, b->ptr.name);
589
590 case DNS_TYPE_HINFO:
591 return strcaseeq(a->hinfo.cpu, b->hinfo.cpu) &&
592 strcaseeq(a->hinfo.os, b->hinfo.os);
593
594 case DNS_TYPE_SPF: /* exactly the same as TXT */
595 case DNS_TYPE_TXT:
596 return dns_txt_item_equal(a->txt.items, b->txt.items);
597
598 case DNS_TYPE_A:
599 return memcmp(&a->a.in_addr, &b->a.in_addr, sizeof(struct in_addr)) == 0;
600
601 case DNS_TYPE_AAAA:
602 return memcmp(&a->aaaa.in6_addr, &b->aaaa.in6_addr, sizeof(struct in6_addr)) == 0;
603
604 case DNS_TYPE_SOA:
605 r = dns_name_equal(a->soa.mname, b->soa.mname);
606 if (r <= 0)
607 return r;
608 r = dns_name_equal(a->soa.rname, b->soa.rname);
609 if (r <= 0)
610 return r;
611
612 return a->soa.serial == b->soa.serial &&
613 a->soa.refresh == b->soa.refresh &&
614 a->soa.retry == b->soa.retry &&
615 a->soa.expire == b->soa.expire &&
616 a->soa.minimum == b->soa.minimum;
617
618 case DNS_TYPE_MX:
619 if (a->mx.priority != b->mx.priority)
620 return 0;
621
622 return dns_name_equal(a->mx.exchange, b->mx.exchange);
623
624 case DNS_TYPE_LOC:
625 assert(a->loc.version == b->loc.version);
626
627 return a->loc.size == b->loc.size &&
628 a->loc.horiz_pre == b->loc.horiz_pre &&
629 a->loc.vert_pre == b->loc.vert_pre &&
630 a->loc.latitude == b->loc.latitude &&
631 a->loc.longitude == b->loc.longitude &&
632 a->loc.altitude == b->loc.altitude;
633
634 case DNS_TYPE_DS:
635 return a->ds.key_tag == b->ds.key_tag &&
636 a->ds.algorithm == b->ds.algorithm &&
637 a->ds.digest_type == b->ds.digest_type &&
638 FIELD_EQUAL(a->ds, b->ds, digest);
639
640 case DNS_TYPE_SSHFP:
641 return a->sshfp.algorithm == b->sshfp.algorithm &&
642 a->sshfp.fptype == b->sshfp.fptype &&
643 FIELD_EQUAL(a->sshfp, b->sshfp, fingerprint);
644
645 case DNS_TYPE_DNSKEY:
646 return a->dnskey.flags == b->dnskey.flags &&
647 a->dnskey.protocol == b->dnskey.protocol &&
648 a->dnskey.algorithm == b->dnskey.algorithm &&
649 FIELD_EQUAL(a->dnskey, b->dnskey, key);
650
651 case DNS_TYPE_RRSIG:
652 /* do the fast comparisons first */
653 return a->rrsig.type_covered == b->rrsig.type_covered &&
654 a->rrsig.algorithm == b->rrsig.algorithm &&
655 a->rrsig.labels == b->rrsig.labels &&
656 a->rrsig.original_ttl == b->rrsig.original_ttl &&
657 a->rrsig.expiration == b->rrsig.expiration &&
658 a->rrsig.inception == b->rrsig.inception &&
659 a->rrsig.key_tag == b->rrsig.key_tag &&
660 FIELD_EQUAL(a->rrsig, b->rrsig, signature) &&
661 dns_name_equal(a->rrsig.signer, b->rrsig.signer);
662
663 case DNS_TYPE_NSEC:
664 return dns_name_equal(a->nsec.next_domain_name, b->nsec.next_domain_name) &&
665 bitmap_equal(a->nsec.types, b->nsec.types);
666
667 case DNS_TYPE_NSEC3:
668 return a->nsec3.algorithm == b->nsec3.algorithm &&
669 a->nsec3.flags == b->nsec3.flags &&
670 a->nsec3.iterations == b->nsec3.iterations &&
671 FIELD_EQUAL(a->nsec3, b->nsec3, salt) &&
672 FIELD_EQUAL(a->nsec3, b->nsec3, next_hashed_name) &&
673 bitmap_equal(a->nsec3.types, b->nsec3.types);
674
675 case DNS_TYPE_TLSA:
676 return a->tlsa.cert_usage == b->tlsa.cert_usage &&
677 a->tlsa.selector == b->tlsa.selector &&
678 a->tlsa.matching_type == b->tlsa.matching_type &&
679 FIELD_EQUAL(a->tlsa, b->tlsa, data);
680
681 case DNS_TYPE_CAA:
682 return a->caa.flags == b->caa.flags &&
683 streq(a->caa.tag, b->caa.tag) &&
684 FIELD_EQUAL(a->caa, b->caa, value);
685
686 case DNS_TYPE_OPENPGPKEY:
687 default:
688 return FIELD_EQUAL(a->generic, b->generic, data);
689 }
690 }
691
692 int dns_resource_record_equal(const DnsResourceRecord *a, const DnsResourceRecord *b) {
693 int r;
694
695 assert(a);
696 assert(b);
697
698 if (a == b)
699 return 1;
700
701 r = dns_resource_key_equal(a->key, b->key);
702 if (r <= 0)
703 return r;
704
705 return dns_resource_record_payload_equal(a, b);
706 }
707
708 static char* format_location(uint32_t latitude, uint32_t longitude, uint32_t altitude,
709 uint8_t size, uint8_t horiz_pre, uint8_t vert_pre) {
710 char *s;
711 char NS = latitude >= 1U<<31 ? 'N' : 'S';
712 char EW = longitude >= 1U<<31 ? 'E' : 'W';
713
714 int lat = latitude >= 1U<<31 ? (int) (latitude - (1U<<31)) : (int) ((1U<<31) - latitude);
715 int lon = longitude >= 1U<<31 ? (int) (longitude - (1U<<31)) : (int) ((1U<<31) - longitude);
716 double alt = altitude >= 10000000u ? altitude - 10000000u : -(double)(10000000u - altitude);
717 double siz = (size >> 4) * exp10((double) (size & 0xF));
718 double hor = (horiz_pre >> 4) * exp10((double) (horiz_pre & 0xF));
719 double ver = (vert_pre >> 4) * exp10((double) (vert_pre & 0xF));
720
721 if (asprintf(&s, "%d %d %.3f %c %d %d %.3f %c %.2fm %.2fm %.2fm %.2fm",
722 (lat / 60000 / 60),
723 (lat / 60000) % 60,
724 (lat % 60000) / 1000.,
725 NS,
726 (lon / 60000 / 60),
727 (lon / 60000) % 60,
728 (lon % 60000) / 1000.,
729 EW,
730 alt / 100.,
731 siz / 100.,
732 hor / 100.,
733 ver / 100.) < 0)
734 return NULL;
735
736 return s;
737 }
738
739 static int format_timestamp_dns(char *buf, size_t l, time_t sec) {
740 struct tm tm;
741
742 assert(buf);
743 assert(l > STRLEN("YYYYMMDDHHmmSS"));
744
745 if (!gmtime_r(&sec, &tm))
746 return -EINVAL;
747
748 if (strftime(buf, l, "%Y%m%d%H%M%S", &tm) <= 0)
749 return -EINVAL;
750
751 return 0;
752 }
753
754 static char *format_types(Bitmap *types) {
755 _cleanup_strv_free_ char **strv = NULL;
756 _cleanup_free_ char *str = NULL;
757 unsigned type;
758 int r;
759
760 BITMAP_FOREACH(type, types) {
761 if (dns_type_to_string(type)) {
762 r = strv_extend(&strv, dns_type_to_string(type));
763 if (r < 0)
764 return NULL;
765 } else {
766 char *t;
767
768 r = asprintf(&t, "TYPE%u", type);
769 if (r < 0)
770 return NULL;
771
772 r = strv_consume(&strv, t);
773 if (r < 0)
774 return NULL;
775 }
776 }
777
778 str = strv_join(strv, " ");
779 if (!str)
780 return NULL;
781
782 return strjoin("( ", str, " )");
783 }
784
785 static char *format_txt(DnsTxtItem *first) {
786 DnsTxtItem *i;
787 size_t c = 1;
788 char *p, *s;
789
790 LIST_FOREACH(items, i, first)
791 c += i->length * 4 + 3;
792
793 p = s = new(char, c);
794 if (!s)
795 return NULL;
796
797 LIST_FOREACH(items, i, first) {
798 size_t j;
799
800 if (i != first)
801 *(p++) = ' ';
802
803 *(p++) = '"';
804
805 for (j = 0; j < i->length; j++) {
806 if (i->data[j] < ' ' || i->data[j] == '"' || i->data[j] >= 127) {
807 *(p++) = '\\';
808 *(p++) = '0' + (i->data[j] / 100);
809 *(p++) = '0' + ((i->data[j] / 10) % 10);
810 *(p++) = '0' + (i->data[j] % 10);
811 } else
812 *(p++) = i->data[j];
813 }
814
815 *(p++) = '"';
816 }
817
818 *p = 0;
819 return s;
820 }
821
822 const char *dns_resource_record_to_string(DnsResourceRecord *rr) {
823 _cleanup_free_ char *t = NULL;
824 char *s, k[DNS_RESOURCE_KEY_STRING_MAX];
825 int r;
826
827 assert(rr);
828
829 if (rr->to_string)
830 return rr->to_string;
831
832 dns_resource_key_to_string(rr->key, k, sizeof(k));
833
834 switch (rr->unparsable ? _DNS_TYPE_INVALID : rr->key->type) {
835
836 case DNS_TYPE_SRV:
837 r = asprintf(&s, "%s %u %u %u %s",
838 k,
839 rr->srv.priority,
840 rr->srv.weight,
841 rr->srv.port,
842 strna(rr->srv.name));
843 if (r < 0)
844 return NULL;
845 break;
846
847 case DNS_TYPE_PTR:
848 case DNS_TYPE_NS:
849 case DNS_TYPE_CNAME:
850 case DNS_TYPE_DNAME:
851 s = strjoin(k, " ", rr->ptr.name);
852 if (!s)
853 return NULL;
854
855 break;
856
857 case DNS_TYPE_HINFO:
858 s = strjoin(k, " ", rr->hinfo.cpu, " ", rr->hinfo.os);
859 if (!s)
860 return NULL;
861 break;
862
863 case DNS_TYPE_SPF: /* exactly the same as TXT */
864 case DNS_TYPE_TXT:
865 t = format_txt(rr->txt.items);
866 if (!t)
867 return NULL;
868
869 s = strjoin(k, " ", t);
870 if (!s)
871 return NULL;
872 break;
873
874 case DNS_TYPE_A: {
875 _cleanup_free_ char *x = NULL;
876
877 r = in_addr_to_string(AF_INET, (const union in_addr_union*) &rr->a.in_addr, &x);
878 if (r < 0)
879 return NULL;
880
881 s = strjoin(k, " ", x);
882 if (!s)
883 return NULL;
884 break;
885 }
886
887 case DNS_TYPE_AAAA:
888 r = in_addr_to_string(AF_INET6, (const union in_addr_union*) &rr->aaaa.in6_addr, &t);
889 if (r < 0)
890 return NULL;
891
892 s = strjoin(k, " ", t);
893 if (!s)
894 return NULL;
895 break;
896
897 case DNS_TYPE_SOA:
898 r = asprintf(&s, "%s %s %s %u %u %u %u %u",
899 k,
900 strna(rr->soa.mname),
901 strna(rr->soa.rname),
902 rr->soa.serial,
903 rr->soa.refresh,
904 rr->soa.retry,
905 rr->soa.expire,
906 rr->soa.minimum);
907 if (r < 0)
908 return NULL;
909 break;
910
911 case DNS_TYPE_MX:
912 r = asprintf(&s, "%s %u %s",
913 k,
914 rr->mx.priority,
915 rr->mx.exchange);
916 if (r < 0)
917 return NULL;
918 break;
919
920 case DNS_TYPE_LOC:
921 assert(rr->loc.version == 0);
922
923 t = format_location(rr->loc.latitude,
924 rr->loc.longitude,
925 rr->loc.altitude,
926 rr->loc.size,
927 rr->loc.horiz_pre,
928 rr->loc.vert_pre);
929 if (!t)
930 return NULL;
931
932 s = strjoin(k, " ", t);
933 if (!s)
934 return NULL;
935 break;
936
937 case DNS_TYPE_DS:
938 t = hexmem(rr->ds.digest, rr->ds.digest_size);
939 if (!t)
940 return NULL;
941
942 r = asprintf(&s, "%s %u %u %u %s",
943 k,
944 rr->ds.key_tag,
945 rr->ds.algorithm,
946 rr->ds.digest_type,
947 t);
948 if (r < 0)
949 return NULL;
950 break;
951
952 case DNS_TYPE_SSHFP:
953 t = hexmem(rr->sshfp.fingerprint, rr->sshfp.fingerprint_size);
954 if (!t)
955 return NULL;
956
957 r = asprintf(&s, "%s %u %u %s",
958 k,
959 rr->sshfp.algorithm,
960 rr->sshfp.fptype,
961 t);
962 if (r < 0)
963 return NULL;
964 break;
965
966 case DNS_TYPE_DNSKEY: {
967 _cleanup_free_ char *alg = NULL;
968 char *ss;
969 uint16_t key_tag;
970
971 key_tag = dnssec_keytag(rr, true);
972
973 r = dnssec_algorithm_to_string_alloc(rr->dnskey.algorithm, &alg);
974 if (r < 0)
975 return NULL;
976
977 r = asprintf(&s, "%s %u %u %s",
978 k,
979 rr->dnskey.flags,
980 rr->dnskey.protocol,
981 alg);
982 if (r < 0)
983 return NULL;
984
985 r = base64_append(&s, r,
986 rr->dnskey.key, rr->dnskey.key_size,
987 8, columns());
988 if (r < 0)
989 return NULL;
990
991 r = asprintf(&ss, "%s\n"
992 " -- Flags:%s%s%s\n"
993 " -- Key tag: %u",
994 s,
995 rr->dnskey.flags & DNSKEY_FLAG_SEP ? " SEP" : "",
996 rr->dnskey.flags & DNSKEY_FLAG_REVOKE ? " REVOKE" : "",
997 rr->dnskey.flags & DNSKEY_FLAG_ZONE_KEY ? " ZONE_KEY" : "",
998 key_tag);
999 if (r < 0)
1000 return NULL;
1001 free(s);
1002 s = ss;
1003
1004 break;
1005 }
1006
1007 case DNS_TYPE_RRSIG: {
1008 _cleanup_free_ char *alg = NULL;
1009 char expiration[STRLEN("YYYYMMDDHHmmSS") + 1], inception[STRLEN("YYYYMMDDHHmmSS") + 1];
1010 const char *type;
1011
1012 type = dns_type_to_string(rr->rrsig.type_covered);
1013
1014 r = dnssec_algorithm_to_string_alloc(rr->rrsig.algorithm, &alg);
1015 if (r < 0)
1016 return NULL;
1017
1018 r = format_timestamp_dns(expiration, sizeof(expiration), rr->rrsig.expiration);
1019 if (r < 0)
1020 return NULL;
1021
1022 r = format_timestamp_dns(inception, sizeof(inception), rr->rrsig.inception);
1023 if (r < 0)
1024 return NULL;
1025
1026 /* TYPE?? follows
1027 * http://tools.ietf.org/html/rfc3597#section-5 */
1028
1029 r = asprintf(&s, "%s %s%.*u %s %u %u %s %s %u %s",
1030 k,
1031 type ?: "TYPE",
1032 type ? 0 : 1, type ? 0u : (unsigned) rr->rrsig.type_covered,
1033 alg,
1034 rr->rrsig.labels,
1035 rr->rrsig.original_ttl,
1036 expiration,
1037 inception,
1038 rr->rrsig.key_tag,
1039 rr->rrsig.signer);
1040 if (r < 0)
1041 return NULL;
1042
1043 r = base64_append(&s, r,
1044 rr->rrsig.signature, rr->rrsig.signature_size,
1045 8, columns());
1046 if (r < 0)
1047 return NULL;
1048
1049 break;
1050 }
1051
1052 case DNS_TYPE_NSEC:
1053 t = format_types(rr->nsec.types);
1054 if (!t)
1055 return NULL;
1056
1057 r = asprintf(&s, "%s %s %s",
1058 k,
1059 rr->nsec.next_domain_name,
1060 t);
1061 if (r < 0)
1062 return NULL;
1063 break;
1064
1065 case DNS_TYPE_NSEC3: {
1066 _cleanup_free_ char *salt = NULL, *hash = NULL;
1067
1068 if (rr->nsec3.salt_size > 0) {
1069 salt = hexmem(rr->nsec3.salt, rr->nsec3.salt_size);
1070 if (!salt)
1071 return NULL;
1072 }
1073
1074 hash = base32hexmem(rr->nsec3.next_hashed_name, rr->nsec3.next_hashed_name_size, false);
1075 if (!hash)
1076 return NULL;
1077
1078 t = format_types(rr->nsec3.types);
1079 if (!t)
1080 return NULL;
1081
1082 r = asprintf(&s, "%s %"PRIu8" %"PRIu8" %"PRIu16" %s %s %s",
1083 k,
1084 rr->nsec3.algorithm,
1085 rr->nsec3.flags,
1086 rr->nsec3.iterations,
1087 rr->nsec3.salt_size > 0 ? salt : "-",
1088 hash,
1089 t);
1090 if (r < 0)
1091 return NULL;
1092
1093 break;
1094 }
1095
1096 case DNS_TYPE_TLSA: {
1097 const char *cert_usage, *selector, *matching_type;
1098
1099 cert_usage = tlsa_cert_usage_to_string(rr->tlsa.cert_usage);
1100 selector = tlsa_selector_to_string(rr->tlsa.selector);
1101 matching_type = tlsa_matching_type_to_string(rr->tlsa.matching_type);
1102
1103 t = hexmem(rr->sshfp.fingerprint, rr->sshfp.fingerprint_size);
1104 if (!t)
1105 return NULL;
1106
1107 r = asprintf(&s,
1108 "%s %u %u %u %s\n"
1109 " -- Cert. usage: %s\n"
1110 " -- Selector: %s\n"
1111 " -- Matching type: %s",
1112 k,
1113 rr->tlsa.cert_usage,
1114 rr->tlsa.selector,
1115 rr->tlsa.matching_type,
1116 t,
1117 cert_usage,
1118 selector,
1119 matching_type);
1120 if (r < 0)
1121 return NULL;
1122
1123 break;
1124 }
1125
1126 case DNS_TYPE_CAA: {
1127 _cleanup_free_ char *value;
1128
1129 value = octescape(rr->caa.value, rr->caa.value_size);
1130 if (!value)
1131 return NULL;
1132
1133 r = asprintf(&s, "%s %u %s \"%s\"%s%s%s%.0u",
1134 k,
1135 rr->caa.flags,
1136 rr->caa.tag,
1137 value,
1138 rr->caa.flags ? "\n -- Flags:" : "",
1139 rr->caa.flags & CAA_FLAG_CRITICAL ? " critical" : "",
1140 rr->caa.flags & ~CAA_FLAG_CRITICAL ? " " : "",
1141 rr->caa.flags & ~CAA_FLAG_CRITICAL);
1142 if (r < 0)
1143 return NULL;
1144
1145 break;
1146 }
1147
1148 case DNS_TYPE_OPENPGPKEY: {
1149 r = asprintf(&s, "%s", k);
1150 if (r < 0)
1151 return NULL;
1152
1153 r = base64_append(&s, r,
1154 rr->generic.data, rr->generic.data_size,
1155 8, columns());
1156 if (r < 0)
1157 return NULL;
1158 break;
1159 }
1160
1161 default:
1162 t = hexmem(rr->generic.data, rr->generic.data_size);
1163 if (!t)
1164 return NULL;
1165
1166 /* Format as documented in RFC 3597, Section 5 */
1167 r = asprintf(&s, "%s \\# %zu %s", k, rr->generic.data_size, t);
1168 if (r < 0)
1169 return NULL;
1170 break;
1171 }
1172
1173 rr->to_string = s;
1174 return s;
1175 }
1176
1177 ssize_t dns_resource_record_payload(DnsResourceRecord *rr, void **out) {
1178 assert(rr);
1179 assert(out);
1180
1181 switch(rr->unparsable ? _DNS_TYPE_INVALID : rr->key->type) {
1182 case DNS_TYPE_SRV:
1183 case DNS_TYPE_PTR:
1184 case DNS_TYPE_NS:
1185 case DNS_TYPE_CNAME:
1186 case DNS_TYPE_DNAME:
1187 case DNS_TYPE_HINFO:
1188 case DNS_TYPE_SPF:
1189 case DNS_TYPE_TXT:
1190 case DNS_TYPE_A:
1191 case DNS_TYPE_AAAA:
1192 case DNS_TYPE_SOA:
1193 case DNS_TYPE_MX:
1194 case DNS_TYPE_LOC:
1195 case DNS_TYPE_DS:
1196 case DNS_TYPE_DNSKEY:
1197 case DNS_TYPE_RRSIG:
1198 case DNS_TYPE_NSEC:
1199 case DNS_TYPE_NSEC3:
1200 return -EINVAL;
1201
1202 case DNS_TYPE_SSHFP:
1203 *out = rr->sshfp.fingerprint;
1204 return rr->sshfp.fingerprint_size;
1205
1206 case DNS_TYPE_TLSA:
1207 *out = rr->tlsa.data;
1208 return rr->tlsa.data_size;
1209
1210 case DNS_TYPE_OPENPGPKEY:
1211 default:
1212 *out = rr->generic.data;
1213 return rr->generic.data_size;
1214 }
1215 }
1216
1217 int dns_resource_record_to_wire_format(DnsResourceRecord *rr, bool canonical) {
1218
1219 DnsPacket packet = {
1220 .n_ref = 1,
1221 .protocol = DNS_PROTOCOL_DNS,
1222 .on_stack = true,
1223 .refuse_compression = true,
1224 .canonical_form = canonical,
1225 };
1226
1227 size_t start, rds;
1228 int r;
1229
1230 assert(rr);
1231
1232 /* Generates the RR in wire-format, optionally in the
1233 * canonical form as discussed in the DNSSEC RFC 4034, Section
1234 * 6.2. We allocate a throw-away DnsPacket object on the stack
1235 * here, because we need some book-keeping for memory
1236 * management, and can reuse the DnsPacket serializer, that
1237 * can generate the canonical form, too, but also knows label
1238 * compression and suchlike. */
1239
1240 if (rr->wire_format && rr->wire_format_canonical == canonical)
1241 return 0;
1242
1243 r = dns_packet_append_rr(&packet, rr, 0, &start, &rds);
1244 if (r < 0)
1245 return r;
1246
1247 assert(start == 0);
1248 assert(packet._data);
1249
1250 free(rr->wire_format);
1251 rr->wire_format = packet._data;
1252 rr->wire_format_size = packet.size;
1253 rr->wire_format_rdata_offset = rds;
1254 rr->wire_format_canonical = canonical;
1255
1256 packet._data = NULL;
1257 dns_packet_unref(&packet);
1258
1259 return 0;
1260 }
1261
1262 int dns_resource_record_signer(DnsResourceRecord *rr, const char **ret) {
1263 const char *n;
1264 int r;
1265
1266 assert(rr);
1267 assert(ret);
1268
1269 /* Returns the RRset's signer, if it is known. */
1270
1271 if (rr->n_skip_labels_signer == UINT_MAX)
1272 return -ENODATA;
1273
1274 n = dns_resource_key_name(rr->key);
1275 r = dns_name_skip(n, rr->n_skip_labels_signer, &n);
1276 if (r < 0)
1277 return r;
1278 if (r == 0)
1279 return -EINVAL;
1280
1281 *ret = n;
1282 return 0;
1283 }
1284
1285 int dns_resource_record_source(DnsResourceRecord *rr, const char **ret) {
1286 const char *n;
1287 int r;
1288
1289 assert(rr);
1290 assert(ret);
1291
1292 /* Returns the RRset's synthesizing source, if it is known. */
1293
1294 if (rr->n_skip_labels_source == UINT_MAX)
1295 return -ENODATA;
1296
1297 n = dns_resource_key_name(rr->key);
1298 r = dns_name_skip(n, rr->n_skip_labels_source, &n);
1299 if (r < 0)
1300 return r;
1301 if (r == 0)
1302 return -EINVAL;
1303
1304 *ret = n;
1305 return 0;
1306 }
1307
1308 int dns_resource_record_is_signer(DnsResourceRecord *rr, const char *zone) {
1309 const char *signer;
1310 int r;
1311
1312 assert(rr);
1313
1314 r = dns_resource_record_signer(rr, &signer);
1315 if (r < 0)
1316 return r;
1317
1318 return dns_name_equal(zone, signer);
1319 }
1320
1321 int dns_resource_record_is_synthetic(DnsResourceRecord *rr) {
1322 int r;
1323
1324 assert(rr);
1325
1326 /* Returns > 0 if the RR is generated from a wildcard, and is not the asterisk name itself */
1327
1328 if (rr->n_skip_labels_source == UINT_MAX)
1329 return -ENODATA;
1330
1331 if (rr->n_skip_labels_source == 0)
1332 return 0;
1333
1334 if (rr->n_skip_labels_source > 1)
1335 return 1;
1336
1337 r = dns_name_startswith(dns_resource_key_name(rr->key), "*");
1338 if (r < 0)
1339 return r;
1340
1341 return !r;
1342 }
1343
1344 void dns_resource_record_hash_func(const DnsResourceRecord *rr, struct siphash *state) {
1345 assert(rr);
1346
1347 dns_resource_key_hash_func(rr->key, state);
1348
1349 switch (rr->unparsable ? _DNS_TYPE_INVALID : rr->key->type) {
1350
1351 case DNS_TYPE_SRV:
1352 siphash24_compress(&rr->srv.priority, sizeof(rr->srv.priority), state);
1353 siphash24_compress(&rr->srv.weight, sizeof(rr->srv.weight), state);
1354 siphash24_compress(&rr->srv.port, sizeof(rr->srv.port), state);
1355 dns_name_hash_func(rr->srv.name, state);
1356 break;
1357
1358 case DNS_TYPE_PTR:
1359 case DNS_TYPE_NS:
1360 case DNS_TYPE_CNAME:
1361 case DNS_TYPE_DNAME:
1362 dns_name_hash_func(rr->ptr.name, state);
1363 break;
1364
1365 case DNS_TYPE_HINFO:
1366 string_hash_func(rr->hinfo.cpu, state);
1367 string_hash_func(rr->hinfo.os, state);
1368 break;
1369
1370 case DNS_TYPE_TXT:
1371 case DNS_TYPE_SPF: {
1372 DnsTxtItem *j;
1373
1374 LIST_FOREACH(items, j, rr->txt.items) {
1375 siphash24_compress_safe(j->data, j->length, state);
1376
1377 /* Add an extra NUL byte, so that "a" followed by "b" doesn't result in the same hash as "ab"
1378 * followed by "". */
1379 siphash24_compress_byte(0, state);
1380 }
1381 break;
1382 }
1383
1384 case DNS_TYPE_A:
1385 siphash24_compress(&rr->a.in_addr, sizeof(rr->a.in_addr), state);
1386 break;
1387
1388 case DNS_TYPE_AAAA:
1389 siphash24_compress(&rr->aaaa.in6_addr, sizeof(rr->aaaa.in6_addr), state);
1390 break;
1391
1392 case DNS_TYPE_SOA:
1393 dns_name_hash_func(rr->soa.mname, state);
1394 dns_name_hash_func(rr->soa.rname, state);
1395 siphash24_compress(&rr->soa.serial, sizeof(rr->soa.serial), state);
1396 siphash24_compress(&rr->soa.refresh, sizeof(rr->soa.refresh), state);
1397 siphash24_compress(&rr->soa.retry, sizeof(rr->soa.retry), state);
1398 siphash24_compress(&rr->soa.expire, sizeof(rr->soa.expire), state);
1399 siphash24_compress(&rr->soa.minimum, sizeof(rr->soa.minimum), state);
1400 break;
1401
1402 case DNS_TYPE_MX:
1403 siphash24_compress(&rr->mx.priority, sizeof(rr->mx.priority), state);
1404 dns_name_hash_func(rr->mx.exchange, state);
1405 break;
1406
1407 case DNS_TYPE_LOC:
1408 siphash24_compress(&rr->loc.version, sizeof(rr->loc.version), state);
1409 siphash24_compress(&rr->loc.size, sizeof(rr->loc.size), state);
1410 siphash24_compress(&rr->loc.horiz_pre, sizeof(rr->loc.horiz_pre), state);
1411 siphash24_compress(&rr->loc.vert_pre, sizeof(rr->loc.vert_pre), state);
1412 siphash24_compress(&rr->loc.latitude, sizeof(rr->loc.latitude), state);
1413 siphash24_compress(&rr->loc.longitude, sizeof(rr->loc.longitude), state);
1414 siphash24_compress(&rr->loc.altitude, sizeof(rr->loc.altitude), state);
1415 break;
1416
1417 case DNS_TYPE_SSHFP:
1418 siphash24_compress(&rr->sshfp.algorithm, sizeof(rr->sshfp.algorithm), state);
1419 siphash24_compress(&rr->sshfp.fptype, sizeof(rr->sshfp.fptype), state);
1420 siphash24_compress_safe(rr->sshfp.fingerprint, rr->sshfp.fingerprint_size, state);
1421 break;
1422
1423 case DNS_TYPE_DNSKEY:
1424 siphash24_compress(&rr->dnskey.flags, sizeof(rr->dnskey.flags), state);
1425 siphash24_compress(&rr->dnskey.protocol, sizeof(rr->dnskey.protocol), state);
1426 siphash24_compress(&rr->dnskey.algorithm, sizeof(rr->dnskey.algorithm), state);
1427 siphash24_compress_safe(rr->dnskey.key, rr->dnskey.key_size, state);
1428 break;
1429
1430 case DNS_TYPE_RRSIG:
1431 siphash24_compress(&rr->rrsig.type_covered, sizeof(rr->rrsig.type_covered), state);
1432 siphash24_compress(&rr->rrsig.algorithm, sizeof(rr->rrsig.algorithm), state);
1433 siphash24_compress(&rr->rrsig.labels, sizeof(rr->rrsig.labels), state);
1434 siphash24_compress(&rr->rrsig.original_ttl, sizeof(rr->rrsig.original_ttl), state);
1435 siphash24_compress(&rr->rrsig.expiration, sizeof(rr->rrsig.expiration), state);
1436 siphash24_compress(&rr->rrsig.inception, sizeof(rr->rrsig.inception), state);
1437 siphash24_compress(&rr->rrsig.key_tag, sizeof(rr->rrsig.key_tag), state);
1438 dns_name_hash_func(rr->rrsig.signer, state);
1439 siphash24_compress_safe(rr->rrsig.signature, rr->rrsig.signature_size, state);
1440 break;
1441
1442 case DNS_TYPE_NSEC:
1443 dns_name_hash_func(rr->nsec.next_domain_name, state);
1444 /* FIXME: we leave out the type bitmap here. Hash
1445 * would be better if we'd take it into account
1446 * too. */
1447 break;
1448
1449 case DNS_TYPE_DS:
1450 siphash24_compress(&rr->ds.key_tag, sizeof(rr->ds.key_tag), state);
1451 siphash24_compress(&rr->ds.algorithm, sizeof(rr->ds.algorithm), state);
1452 siphash24_compress(&rr->ds.digest_type, sizeof(rr->ds.digest_type), state);
1453 siphash24_compress_safe(rr->ds.digest, rr->ds.digest_size, state);
1454 break;
1455
1456 case DNS_TYPE_NSEC3:
1457 siphash24_compress(&rr->nsec3.algorithm, sizeof(rr->nsec3.algorithm), state);
1458 siphash24_compress(&rr->nsec3.flags, sizeof(rr->nsec3.flags), state);
1459 siphash24_compress(&rr->nsec3.iterations, sizeof(rr->nsec3.iterations), state);
1460 siphash24_compress_safe(rr->nsec3.salt, rr->nsec3.salt_size, state);
1461 siphash24_compress_safe(rr->nsec3.next_hashed_name, rr->nsec3.next_hashed_name_size, state);
1462 /* FIXME: We leave the bitmaps out */
1463 break;
1464
1465 case DNS_TYPE_TLSA:
1466 siphash24_compress(&rr->tlsa.cert_usage, sizeof(rr->tlsa.cert_usage), state);
1467 siphash24_compress(&rr->tlsa.selector, sizeof(rr->tlsa.selector), state);
1468 siphash24_compress(&rr->tlsa.matching_type, sizeof(rr->tlsa.matching_type), state);
1469 siphash24_compress_safe(rr->tlsa.data, rr->tlsa.data_size, state);
1470 break;
1471
1472 case DNS_TYPE_CAA:
1473 siphash24_compress(&rr->caa.flags, sizeof(rr->caa.flags), state);
1474 string_hash_func(rr->caa.tag, state);
1475 siphash24_compress_safe(rr->caa.value, rr->caa.value_size, state);
1476 break;
1477
1478 case DNS_TYPE_OPENPGPKEY:
1479 default:
1480 siphash24_compress_safe(rr->generic.data, rr->generic.data_size, state);
1481 break;
1482 }
1483 }
1484
1485 int dns_resource_record_compare_func(const DnsResourceRecord *x, const DnsResourceRecord *y) {
1486 int r;
1487
1488 r = dns_resource_key_compare_func(x->key, y->key);
1489 if (r != 0)
1490 return r;
1491
1492 if (dns_resource_record_payload_equal(x, y) > 0)
1493 return 0;
1494
1495 /* We still use CMP() here, even though don't implement proper
1496 * ordering, since the hashtable doesn't need ordering anyway. */
1497 return CMP(x, y);
1498 }
1499
1500 DEFINE_HASH_OPS(dns_resource_record_hash_ops, DnsResourceRecord, dns_resource_record_hash_func, dns_resource_record_compare_func);
1501
1502 DnsResourceRecord *dns_resource_record_copy(DnsResourceRecord *rr) {
1503 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *copy = NULL;
1504 DnsResourceRecord *t;
1505
1506 assert(rr);
1507
1508 copy = dns_resource_record_new(rr->key);
1509 if (!copy)
1510 return NULL;
1511
1512 copy->ttl = rr->ttl;
1513 copy->expiry = rr->expiry;
1514 copy->n_skip_labels_signer = rr->n_skip_labels_signer;
1515 copy->n_skip_labels_source = rr->n_skip_labels_source;
1516 copy->unparsable = rr->unparsable;
1517
1518 switch (rr->unparsable ? _DNS_TYPE_INVALID : rr->key->type) {
1519
1520 case DNS_TYPE_SRV:
1521 copy->srv.priority = rr->srv.priority;
1522 copy->srv.weight = rr->srv.weight;
1523 copy->srv.port = rr->srv.port;
1524 copy->srv.name = strdup(rr->srv.name);
1525 if (!copy->srv.name)
1526 return NULL;
1527 break;
1528
1529 case DNS_TYPE_PTR:
1530 case DNS_TYPE_NS:
1531 case DNS_TYPE_CNAME:
1532 case DNS_TYPE_DNAME:
1533 copy->ptr.name = strdup(rr->ptr.name);
1534 if (!copy->ptr.name)
1535 return NULL;
1536 break;
1537
1538 case DNS_TYPE_HINFO:
1539 copy->hinfo.cpu = strdup(rr->hinfo.cpu);
1540 if (!copy->hinfo.cpu)
1541 return NULL;
1542
1543 copy->hinfo.os = strdup(rr->hinfo.os);
1544 if (!copy->hinfo.os)
1545 return NULL;
1546 break;
1547
1548 case DNS_TYPE_TXT:
1549 case DNS_TYPE_SPF:
1550 copy->txt.items = dns_txt_item_copy(rr->txt.items);
1551 if (!copy->txt.items)
1552 return NULL;
1553 break;
1554
1555 case DNS_TYPE_A:
1556 copy->a = rr->a;
1557 break;
1558
1559 case DNS_TYPE_AAAA:
1560 copy->aaaa = rr->aaaa;
1561 break;
1562
1563 case DNS_TYPE_SOA:
1564 copy->soa.mname = strdup(rr->soa.mname);
1565 if (!copy->soa.mname)
1566 return NULL;
1567 copy->soa.rname = strdup(rr->soa.rname);
1568 if (!copy->soa.rname)
1569 return NULL;
1570 copy->soa.serial = rr->soa.serial;
1571 copy->soa.refresh = rr->soa.refresh;
1572 copy->soa.retry = rr->soa.retry;
1573 copy->soa.expire = rr->soa.expire;
1574 copy->soa.minimum = rr->soa.minimum;
1575 break;
1576
1577 case DNS_TYPE_MX:
1578 copy->mx.priority = rr->mx.priority;
1579 copy->mx.exchange = strdup(rr->mx.exchange);
1580 if (!copy->mx.exchange)
1581 return NULL;
1582 break;
1583
1584 case DNS_TYPE_LOC:
1585 copy->loc = rr->loc;
1586 break;
1587
1588 case DNS_TYPE_SSHFP:
1589 copy->sshfp.algorithm = rr->sshfp.algorithm;
1590 copy->sshfp.fptype = rr->sshfp.fptype;
1591 copy->sshfp.fingerprint = memdup(rr->sshfp.fingerprint, rr->sshfp.fingerprint_size);
1592 if (!copy->sshfp.fingerprint)
1593 return NULL;
1594 copy->sshfp.fingerprint_size = rr->sshfp.fingerprint_size;
1595 break;
1596
1597 case DNS_TYPE_DNSKEY:
1598 copy->dnskey.flags = rr->dnskey.flags;
1599 copy->dnskey.protocol = rr->dnskey.protocol;
1600 copy->dnskey.algorithm = rr->dnskey.algorithm;
1601 copy->dnskey.key = memdup(rr->dnskey.key, rr->dnskey.key_size);
1602 if (!copy->dnskey.key)
1603 return NULL;
1604 copy->dnskey.key_size = rr->dnskey.key_size;
1605 break;
1606
1607 case DNS_TYPE_RRSIG:
1608 copy->rrsig.type_covered = rr->rrsig.type_covered;
1609 copy->rrsig.algorithm = rr->rrsig.algorithm;
1610 copy->rrsig.labels = rr->rrsig.labels;
1611 copy->rrsig.original_ttl = rr->rrsig.original_ttl;
1612 copy->rrsig.expiration = rr->rrsig.expiration;
1613 copy->rrsig.inception = rr->rrsig.inception;
1614 copy->rrsig.key_tag = rr->rrsig.key_tag;
1615 copy->rrsig.signer = strdup(rr->rrsig.signer);
1616 if (!copy->rrsig.signer)
1617 return NULL;
1618 copy->rrsig.signature = memdup(rr->rrsig.signature, rr->rrsig.signature_size);
1619 if (!copy->rrsig.signature)
1620 return NULL;
1621 copy->rrsig.signature_size = rr->rrsig.signature_size;
1622 break;
1623
1624 case DNS_TYPE_NSEC:
1625 copy->nsec.next_domain_name = strdup(rr->nsec.next_domain_name);
1626 if (!copy->nsec.next_domain_name)
1627 return NULL;
1628 copy->nsec.types = bitmap_copy(rr->nsec.types);
1629 if (!copy->nsec.types)
1630 return NULL;
1631 break;
1632
1633 case DNS_TYPE_DS:
1634 copy->ds.key_tag = rr->ds.key_tag;
1635 copy->ds.algorithm = rr->ds.algorithm;
1636 copy->ds.digest_type = rr->ds.digest_type;
1637 copy->ds.digest = memdup(rr->ds.digest, rr->ds.digest_size);
1638 if (!copy->ds.digest)
1639 return NULL;
1640 copy->ds.digest_size = rr->ds.digest_size;
1641 break;
1642
1643 case DNS_TYPE_NSEC3:
1644 copy->nsec3.algorithm = rr->nsec3.algorithm;
1645 copy->nsec3.flags = rr->nsec3.flags;
1646 copy->nsec3.iterations = rr->nsec3.iterations;
1647 copy->nsec3.salt = memdup(rr->nsec3.salt, rr->nsec3.salt_size);
1648 if (!copy->nsec3.salt)
1649 return NULL;
1650 copy->nsec3.salt_size = rr->nsec3.salt_size;
1651 copy->nsec3.next_hashed_name = memdup(rr->nsec3.next_hashed_name, rr->nsec3.next_hashed_name_size);
1652 if (!copy->nsec3.next_hashed_name)
1653 return NULL;
1654 copy->nsec3.next_hashed_name_size = rr->nsec3.next_hashed_name_size;
1655 copy->nsec3.types = bitmap_copy(rr->nsec3.types);
1656 if (!copy->nsec3.types)
1657 return NULL;
1658 break;
1659
1660 case DNS_TYPE_TLSA:
1661 copy->tlsa.cert_usage = rr->tlsa.cert_usage;
1662 copy->tlsa.selector = rr->tlsa.selector;
1663 copy->tlsa.matching_type = rr->tlsa.matching_type;
1664 copy->tlsa.data = memdup(rr->tlsa.data, rr->tlsa.data_size);
1665 if (!copy->tlsa.data)
1666 return NULL;
1667 copy->tlsa.data_size = rr->tlsa.data_size;
1668 break;
1669
1670 case DNS_TYPE_CAA:
1671 copy->caa.flags = rr->caa.flags;
1672 copy->caa.tag = strdup(rr->caa.tag);
1673 if (!copy->caa.tag)
1674 return NULL;
1675 copy->caa.value = memdup(rr->caa.value, rr->caa.value_size);
1676 if (!copy->caa.value)
1677 return NULL;
1678 copy->caa.value_size = rr->caa.value_size;
1679 break;
1680
1681 case DNS_TYPE_OPT:
1682 default:
1683 copy->generic.data = memdup(rr->generic.data, rr->generic.data_size);
1684 if (!copy->generic.data)
1685 return NULL;
1686 copy->generic.data_size = rr->generic.data_size;
1687 break;
1688 }
1689
1690 t = TAKE_PTR(copy);
1691
1692 return t;
1693 }
1694
1695 int dns_resource_record_clamp_ttl(DnsResourceRecord **rr, uint32_t max_ttl) {
1696 DnsResourceRecord *old_rr, *new_rr;
1697 uint32_t new_ttl;
1698
1699 assert(rr);
1700 old_rr = *rr;
1701
1702 if (old_rr->key->type == DNS_TYPE_OPT)
1703 return -EINVAL;
1704
1705 new_ttl = MIN(old_rr->ttl, max_ttl);
1706 if (new_ttl == old_rr->ttl)
1707 return 0;
1708
1709 if (old_rr->n_ref == 1) {
1710 /* Patch in place */
1711 old_rr->ttl = new_ttl;
1712 return 1;
1713 }
1714
1715 new_rr = dns_resource_record_copy(old_rr);
1716 if (!new_rr)
1717 return -ENOMEM;
1718
1719 new_rr->ttl = new_ttl;
1720
1721 dns_resource_record_unref(*rr);
1722 *rr = new_rr;
1723
1724 return 1;
1725 }
1726
1727 bool dns_resource_record_is_link_local_address(DnsResourceRecord *rr) {
1728 assert(rr);
1729
1730 if (rr->key->class != DNS_CLASS_IN)
1731 return false;
1732
1733 if (rr->key->type == DNS_TYPE_A)
1734 return in4_addr_is_link_local(&rr->a.in_addr);
1735
1736 if (rr->key->type == DNS_TYPE_AAAA)
1737 return in6_addr_is_link_local(&rr->aaaa.in6_addr);
1738
1739 return false;
1740 }
1741
1742 int dns_resource_record_get_cname_target(DnsResourceKey *key, DnsResourceRecord *cname, char **ret) {
1743 _cleanup_free_ char *d = NULL;
1744 int r;
1745
1746 assert(key);
1747 assert(cname);
1748
1749 /* Checks if the RR `cname` is a CNAME/DNAME RR that matches the specified `key`. If so, returns the
1750 * target domain. If not, returns -EUNATCH */
1751
1752 if (key->class != cname->key->class && key->class != DNS_CLASS_ANY)
1753 return -EUNATCH;
1754
1755 if (!dns_type_may_redirect(key->type)) /* This key type is not subject to CNAME/DNAME redirection?
1756 * Then let's refuse right-away */
1757 return -EUNATCH;
1758
1759 if (cname->key->type == DNS_TYPE_CNAME) {
1760 r = dns_name_equal(dns_resource_key_name(key),
1761 dns_resource_key_name(cname->key));
1762 if (r < 0)
1763 return r;
1764 if (r == 0)
1765 return -EUNATCH; /* CNAME RR key doesn't actually match the original key */
1766
1767 d = strdup(cname->cname.name);
1768 if (!d)
1769 return -ENOMEM;
1770
1771 } else if (cname->key->type == DNS_TYPE_DNAME) {
1772
1773 r = dns_name_change_suffix(
1774 dns_resource_key_name(key),
1775 dns_resource_key_name(cname->key),
1776 cname->dname.name,
1777 &d);
1778 if (r < 0)
1779 return r;
1780 if (r == 0)
1781 return -EUNATCH; /* DNAME RR key doesn't actually match the original key */
1782
1783 } else
1784 return -EUNATCH; /* Not a CNAME/DNAME RR, hence doesn't match the proposition either */
1785
1786 *ret = TAKE_PTR(d);
1787 return 0;
1788 }
1789
1790 DnsTxtItem *dns_txt_item_free_all(DnsTxtItem *i) {
1791 DnsTxtItem *n;
1792
1793 if (!i)
1794 return NULL;
1795
1796 n = i->items_next;
1797
1798 free(i);
1799 return dns_txt_item_free_all(n);
1800 }
1801
1802 bool dns_txt_item_equal(DnsTxtItem *a, DnsTxtItem *b) {
1803
1804 if (a == b)
1805 return true;
1806
1807 if (!a != !b)
1808 return false;
1809
1810 if (!a)
1811 return true;
1812
1813 if (a->length != b->length)
1814 return false;
1815
1816 if (memcmp(a->data, b->data, a->length) != 0)
1817 return false;
1818
1819 return dns_txt_item_equal(a->items_next, b->items_next);
1820 }
1821
1822 DnsTxtItem *dns_txt_item_copy(DnsTxtItem *first) {
1823 DnsTxtItem *i, *copy = NULL, *end = NULL;
1824
1825 LIST_FOREACH(items, i, first) {
1826 DnsTxtItem *j;
1827
1828 j = memdup(i, offsetof(DnsTxtItem, data) + i->length + 1);
1829 if (!j) {
1830 dns_txt_item_free_all(copy);
1831 return NULL;
1832 }
1833
1834 LIST_INSERT_AFTER(items, copy, end, j);
1835 end = j;
1836 }
1837
1838 return copy;
1839 }
1840
1841 int dns_txt_item_new_empty(DnsTxtItem **ret) {
1842 DnsTxtItem *i;
1843
1844 /* RFC 6763, section 6.1 suggests to treat
1845 * empty TXT RRs as equivalent to a TXT record
1846 * with a single empty string. */
1847
1848 i = malloc0(offsetof(DnsTxtItem, data) + 1); /* for safety reasons we add an extra NUL byte */
1849 if (!i)
1850 return -ENOMEM;
1851
1852 *ret = i;
1853
1854 return 0;
1855 }
1856
1857 static const char* const dnssec_algorithm_table[_DNSSEC_ALGORITHM_MAX_DEFINED] = {
1858 /* Mnemonics as listed on https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml */
1859 [DNSSEC_ALGORITHM_RSAMD5] = "RSAMD5",
1860 [DNSSEC_ALGORITHM_DH] = "DH",
1861 [DNSSEC_ALGORITHM_DSA] = "DSA",
1862 [DNSSEC_ALGORITHM_ECC] = "ECC",
1863 [DNSSEC_ALGORITHM_RSASHA1] = "RSASHA1",
1864 [DNSSEC_ALGORITHM_DSA_NSEC3_SHA1] = "DSA-NSEC3-SHA1",
1865 [DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1] = "RSASHA1-NSEC3-SHA1",
1866 [DNSSEC_ALGORITHM_RSASHA256] = "RSASHA256",
1867 [DNSSEC_ALGORITHM_RSASHA512] = "RSASHA512",
1868 [DNSSEC_ALGORITHM_ECC_GOST] = "ECC-GOST",
1869 [DNSSEC_ALGORITHM_ECDSAP256SHA256] = "ECDSAP256SHA256",
1870 [DNSSEC_ALGORITHM_ECDSAP384SHA384] = "ECDSAP384SHA384",
1871 [DNSSEC_ALGORITHM_ED25519] = "ED25519",
1872 [DNSSEC_ALGORITHM_ED448] = "ED448",
1873 [DNSSEC_ALGORITHM_INDIRECT] = "INDIRECT",
1874 [DNSSEC_ALGORITHM_PRIVATEDNS] = "PRIVATEDNS",
1875 [DNSSEC_ALGORITHM_PRIVATEOID] = "PRIVATEOID",
1876 };
1877 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(dnssec_algorithm, int, 255);
1878
1879 static const char* const dnssec_digest_table[_DNSSEC_DIGEST_MAX_DEFINED] = {
1880 /* Names as listed on https://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml */
1881 [DNSSEC_DIGEST_SHA1] = "SHA-1",
1882 [DNSSEC_DIGEST_SHA256] = "SHA-256",
1883 [DNSSEC_DIGEST_GOST_R_34_11_94] = "GOST_R_34.11-94",
1884 [DNSSEC_DIGEST_SHA384] = "SHA-384",
1885 };
1886 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(dnssec_digest, int, 255);
Unnamed repository; edit this file 'description' to name the repository.