resolve: always align flags to 8th column and print CAA flags

Left-over unknown flags are printed numerically. Otherwise,
it wouldn't be known what bits are remaining without knowning
what the known bits are.

A test case is added to verify the flag printing code:
============== src/resolve/test-data/fake-caa.pkts ==============
google.com. IN CAA   0 issue "symantec.com"
google.com. IN CAA   128 issue "symantec.com"
        -- Flags: critical
google.com. IN CAA   129 issue "symantec.com"
        -- Flags: critical 1
google.com. IN CAA   22 issue "symantec.com"
        -- Flags: 22

diff --git a/Makefile.am b/Makefile.am
index 8ab04e74bac6f384ae3334261950b5c98bb1385b..5d39967f2c67afa4cb2eaf078b108d42416f51da 100644 (file)
--- a/Makefile.am
+++ b/Makefile.am
@@ -5326,7 +5326,8 @@ EXTRA_DIST += \
        src/resolve/test-data/teamits.com.pkts \
        src/resolve/test-data/zbyszek@fedoraproject.org.pkts \
        src/resolve/test-data/_443._tcp.fedoraproject.org.pkts \
-       src/resolve/test-data/kyhwana.org.pkts
+       src/resolve/test-data/kyhwana.org.pkts \
+       src/resolve/test-data/fake-caa.pkts
 
 test_dnssec_SOURCES = \
        src/resolve/test-dnssec.c \

diff --git a/src/resolve/dns-type.h b/src/resolve/dns-type.h
index d025544babd600614898ed91ba2e1d6bfbaba3c0..ea51dfdb6515791890dc37be51c42a1a33775714 100644 (file)
--- a/src/resolve/dns-type.h
+++ b/src/resolve/dns-type.h
@@ -154,3 +154,6 @@ const char *tlsa_selector_to_string(uint8_t selector);
 
 /* https://tools.ietf.org/html/draft-ietf-dane-protocol-23#section-7.4 */
 const char *tlsa_matching_type_to_string(uint8_t selector);
+
+/* https://tools.ietf.org/html/rfc6844#section-5.1 */
+#define CAA_FLAG_CRITICAL (1u << 7)

diff --git a/src/resolve/resolved-dns-rr.c b/src/resolve/resolved-dns-rr.c
index 35c0de1a6da82570353d60a2e27af3d48fe92f9a..d54645fc7a00eabeeecd813581b09b9dabc93bf7 100644 (file)
--- a/src/resolve/resolved-dns-rr.c
+++ b/src/resolve/resolved-dns-rr.c
@@ -980,7 +980,7 @@ const char *dns_resource_record_to_string(DnsResourceRecord *rr) {
         case DNS_TYPE_DNSKEY: {
                 _cleanup_free_ char *alg = NULL;
                 char *ss;
-                int n, n1;
+                int n;
                 uint16_t key_tag;
 
                 key_tag = dnssec_keytag(rr, true);
@@ -989,9 +989,8 @@ const char *dns_resource_record_to_string(DnsResourceRecord *rr) {
                 if (r < 0)
                         return NULL;
 
-                r = asprintf(&s, "%s %n%u %u %s %n",
+                r = asprintf(&s, "%s %u %u %s %n",
                              k,
-                             &n1,
                              rr->dnskey.flags,
                              rr->dnskey.protocol,
                              alg,
@@ -1006,14 +1005,12 @@ const char *dns_resource_record_to_string(DnsResourceRecord *rr) {
                         return NULL;
 
                 r = asprintf(&ss, "%s\n"
-                             "%*s-- Flags:%s%s%s\n"
-                             "%*s-- Key tag: %u",
+                             "        -- Flags:%s%s%s\n"
+                             "        -- Key tag: %u",
                              s,
-                             n1, "",
                              rr->dnskey.flags & DNSKEY_FLAG_SEP ? " SEP" : "",
                              rr->dnskey.flags & DNSKEY_FLAG_REVOKE ? " REVOKE" : "",
                              rr->dnskey.flags & DNSKEY_FLAG_ZONE_KEY ? " ZONE_KEY" : "",
-                             n1, "",
                              key_tag);
                 if (r < 0)
                         return NULL;
@@ -1139,13 +1136,13 @@ const char *dns_resource_record_to_string(DnsResourceRecord *rr) {
                         return NULL;
 
                 r = asprintf(&ss, "%s\n"
-                             "%*s-- Cert. usage: %s\n"
-                             "%*s-- Selector: %s\n"
-                             "%*s-- Matching type: %s",
+                             "        -- Cert. usage: %s\n"
+                             "        -- Selector: %s\n"
+                             "        -- Matching type: %s",
                              s,
-                             n - 6, "", cert_usage,
-                             n - 6, "", selector,
-                             n - 6, "", matching_type);
+                             cert_usage,
+                             selector,
+                             matching_type);
                 if (r < 0)
                         return NULL;
                 free(s);
@@ -1161,11 +1158,15 @@ const char *dns_resource_record_to_string(DnsResourceRecord *rr) {
                 if (!value)
                         return NULL;
 
-                r = asprintf(&s, "%s %u %s \"%s\"",
+                r = asprintf(&s, "%s %u %s \"%s\"%s%s%s%.0u",
                              k,
                              rr->caa.flags,
                              rr->caa.tag,
-                             value);
+                             value,
+                             rr->caa.flags ? "\n        -- Flags:" : "",
+                             rr->caa.flags & CAA_FLAG_CRITICAL ? " critical" : "",
+                             rr->caa.flags & ~CAA_FLAG_CRITICAL ? " " : "",
+                             rr->caa.flags & ~CAA_FLAG_CRITICAL);
                 if (r < 0)
                         return NULL;
 

diff --git a/src/resolve/test-data/fake-caa.pkts b/src/resolve/test-data/fake-caa.pkts
new file mode 100644 (file)
index 0000000..1c3ecc5
Binary files /dev/null and b/src/resolve/test-data/fake-caa.pkts differ