]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
7263f724 | 2 | /*** |
96b2fb93 | 3 | Copyright © 2014 Zbigniew Jędrzejewski-Szmek |
7263f724 ZJS |
4 | ***/ |
5 | ||
d07b43a1 | 6 | #include <sys/socket.h> |
dccca82b | 7 | #include <errno.h> |
d07b43a1 | 8 | |
7263f724 | 9 | #include "dns-type.h" |
869b3b67 | 10 | #include "parse-util.h" |
4b548ef3 | 11 | #include "string-util.h" |
7263f724 ZJS |
12 | |
13 | typedef const struct { | |
14 | uint16_t type; | |
15 | const char *name; | |
16 | } dns_type; | |
17 | ||
18 | static const struct dns_type_name * | |
c9f7b4d3 | 19 | lookup_dns_type (register const char *str, register GPERF_LEN_TYPE len); |
7263f724 ZJS |
20 | |
21 | #include "dns_type-from-name.h" | |
22 | #include "dns_type-to-name.h" | |
23 | ||
de292aa1 | 24 | int dns_type_from_string(const char *s) { |
7263f724 ZJS |
25 | const struct dns_type_name *sc; |
26 | ||
27 | assert(s); | |
7263f724 ZJS |
28 | |
29 | sc = lookup_dns_type(s, strlen(s)); | |
869b3b67 ZJS |
30 | if (sc) |
31 | return sc->id; | |
7263f724 | 32 | |
869b3b67 ZJS |
33 | s = startswith_no_case(s, "TYPE"); |
34 | if (s) { | |
35 | unsigned x; | |
36 | ||
37 | if (safe_atou(s, &x) >= 0 && | |
38 | x <= UINT16_MAX) | |
39 | return (int) x; | |
40 | } | |
41 | ||
42 | return _DNS_TYPE_INVALID; | |
7263f724 | 43 | } |
8e6edc49 | 44 | |
bea4c76f LP |
45 | bool dns_type_is_pseudo(uint16_t type) { |
46 | ||
47 | /* Checks whether the specified type is a "pseudo-type". What | |
48 | * a "pseudo-type" precisely is, is defined only very weakly, | |
49 | * but apparently entails all RR types that are not actually | |
50 | * stored as RRs on the server and should hence also not be | |
51 | * cached. We use this list primarily to validate NSEC type | |
c33be4a6 | 52 | * bitfields, and to verify what to cache. */ |
bea4c76f LP |
53 | |
54 | return IN_SET(type, | |
55 | 0, /* A Pseudo RR type, according to RFC 2931 */ | |
56 | DNS_TYPE_ANY, | |
57 | DNS_TYPE_AXFR, | |
58 | DNS_TYPE_IXFR, | |
59 | DNS_TYPE_OPT, | |
60 | DNS_TYPE_TSIG, | |
61 | DNS_TYPE_TKEY | |
62 | ); | |
8e6edc49 | 63 | } |
c463eb78 | 64 | |
4b548ef3 LP |
65 | bool dns_class_is_pseudo(uint16_t class) { |
66 | return class == DNS_TYPE_ANY; | |
67 | } | |
68 | ||
c463eb78 LP |
69 | bool dns_type_is_valid_query(uint16_t type) { |
70 | ||
71 | /* The types valid as questions in packets */ | |
72 | ||
73 | return !IN_SET(type, | |
74 | 0, | |
75 | DNS_TYPE_OPT, | |
76 | DNS_TYPE_TSIG, | |
04680e36 LP |
77 | DNS_TYPE_TKEY, |
78 | ||
79 | /* RRSIG are technically valid as questions, but we refuse doing explicit queries for them, as | |
80 | * they aren't really payload, but signatures for payload, and cannot be validated on their | |
81 | * own. After all they are the signatures, and have no signatures of their own validating | |
82 | * them. */ | |
83 | DNS_TYPE_RRSIG); | |
c463eb78 LP |
84 | } |
85 | ||
6ebd1e33 LP |
86 | bool dns_type_is_zone_transer(uint16_t type) { |
87 | ||
88 | /* Zone transfers, either normal or incremental */ | |
89 | ||
90 | return IN_SET(type, | |
91 | DNS_TYPE_AXFR, | |
92 | DNS_TYPE_IXFR); | |
93 | } | |
94 | ||
c463eb78 LP |
95 | bool dns_type_is_valid_rr(uint16_t type) { |
96 | ||
97 | /* The types valid as RR in packets (but not necessarily | |
98 | * stored on servers). */ | |
99 | ||
100 | return !IN_SET(type, | |
101 | DNS_TYPE_ANY, | |
102 | DNS_TYPE_AXFR, | |
103 | DNS_TYPE_IXFR); | |
104 | } | |
4b548ef3 LP |
105 | |
106 | bool dns_class_is_valid_rr(uint16_t class) { | |
107 | return class != DNS_CLASS_ANY; | |
108 | } | |
109 | ||
d3c7e913 LP |
110 | bool dns_type_may_redirect(uint16_t type) { |
111 | /* The following record types should never be redirected using | |
112 | * CNAME/DNAME RRs. See | |
113 | * <https://tools.ietf.org/html/rfc4035#section-2.5>. */ | |
114 | ||
115 | if (dns_type_is_pseudo(type)) | |
116 | return false; | |
117 | ||
118 | return !IN_SET(type, | |
119 | DNS_TYPE_CNAME, | |
120 | DNS_TYPE_DNAME, | |
121 | DNS_TYPE_NSEC3, | |
122 | DNS_TYPE_NSEC, | |
123 | DNS_TYPE_RRSIG, | |
124 | DNS_TYPE_NXT, | |
125 | DNS_TYPE_SIG, | |
126 | DNS_TYPE_KEY); | |
127 | } | |
128 | ||
e8233bce LP |
129 | bool dns_type_may_wildcard(uint16_t type) { |
130 | ||
131 | /* The following records may not be expanded from wildcard RRsets */ | |
132 | ||
133 | if (dns_type_is_pseudo(type)) | |
134 | return false; | |
135 | ||
136 | return !IN_SET(type, | |
137 | DNS_TYPE_NSEC3, | |
138 | DNS_TYPE_SOA, | |
139 | ||
140 | /* Prohibited by https://tools.ietf.org/html/rfc4592#section-4.4 */ | |
141 | DNS_TYPE_DNAME); | |
142 | } | |
143 | ||
588c53d0 LP |
144 | bool dns_type_apex_only(uint16_t type) { |
145 | ||
146 | /* Returns true for all RR types that may only appear signed in a zone apex */ | |
147 | ||
148 | return IN_SET(type, | |
149 | DNS_TYPE_SOA, | |
150 | DNS_TYPE_NS, /* this one can appear elsewhere, too, but not signed */ | |
151 | DNS_TYPE_DNSKEY, | |
152 | DNS_TYPE_NSEC3PARAM); | |
153 | } | |
154 | ||
91adc4db LP |
155 | bool dns_type_is_dnssec(uint16_t type) { |
156 | return IN_SET(type, | |
157 | DNS_TYPE_DS, | |
158 | DNS_TYPE_DNSKEY, | |
159 | DNS_TYPE_RRSIG, | |
160 | DNS_TYPE_NSEC, | |
161 | DNS_TYPE_NSEC3, | |
162 | DNS_TYPE_NSEC3PARAM); | |
163 | } | |
164 | ||
d0129ddb LP |
165 | bool dns_type_is_obsolete(uint16_t type) { |
166 | return IN_SET(type, | |
167 | /* Obsoleted by RFC 973 */ | |
168 | DNS_TYPE_MD, | |
169 | DNS_TYPE_MF, | |
170 | DNS_TYPE_MAILA, | |
171 | ||
172 | /* Kinda obsoleted by RFC 2505 */ | |
173 | DNS_TYPE_MB, | |
174 | DNS_TYPE_MG, | |
175 | DNS_TYPE_MR, | |
176 | DNS_TYPE_MINFO, | |
177 | DNS_TYPE_MAILB, | |
178 | ||
179 | /* RFC1127 kinda obsoleted this by recommending against its use */ | |
180 | DNS_TYPE_WKS, | |
181 | ||
182 | /* Declared historical by RFC 6563 */ | |
183 | DNS_TYPE_A6, | |
184 | ||
185 | /* Obsoleted by DNSSEC-bis */ | |
186 | DNS_TYPE_NXT, | |
187 | ||
188 | /* RFC 1035 removed support for concepts that needed this from RFC 883 */ | |
189 | DNS_TYPE_NULL); | |
190 | } | |
191 | ||
41815a4a LP |
192 | bool dns_type_needs_authentication(uint16_t type) { |
193 | ||
194 | /* Returns true for all (non-obsolete) RR types where records are not useful if they aren't | |
195 | * authenticated. I.e. everything that contains crypto keys. */ | |
196 | ||
197 | return IN_SET(type, | |
198 | DNS_TYPE_CERT, | |
199 | DNS_TYPE_SSHFP, | |
200 | DNS_TYPE_IPSECKEY, | |
201 | DNS_TYPE_DS, | |
202 | DNS_TYPE_DNSKEY, | |
203 | DNS_TYPE_TLSA, | |
204 | DNS_TYPE_CDNSKEY, | |
205 | DNS_TYPE_OPENPGPKEY, | |
206 | DNS_TYPE_CAA); | |
207 | } | |
208 | ||
d07b43a1 LP |
209 | int dns_type_to_af(uint16_t t) { |
210 | switch (t) { | |
211 | ||
212 | case DNS_TYPE_A: | |
213 | return AF_INET; | |
214 | ||
215 | case DNS_TYPE_AAAA: | |
216 | return AF_INET6; | |
217 | ||
218 | case DNS_TYPE_ANY: | |
219 | return AF_UNSPEC; | |
220 | ||
221 | default: | |
222 | return -EINVAL; | |
223 | } | |
224 | } | |
225 | ||
4b548ef3 LP |
226 | const char *dns_class_to_string(uint16_t class) { |
227 | ||
228 | switch (class) { | |
229 | ||
230 | case DNS_CLASS_IN: | |
231 | return "IN"; | |
232 | ||
233 | case DNS_CLASS_ANY: | |
234 | return "ANY"; | |
235 | } | |
236 | ||
237 | return NULL; | |
238 | } | |
239 | ||
240 | int dns_class_from_string(const char *s) { | |
241 | ||
242 | if (!s) | |
243 | return _DNS_CLASS_INVALID; | |
244 | ||
245 | if (strcaseeq(s, "IN")) | |
246 | return DNS_CLASS_IN; | |
247 | else if (strcaseeq(s, "ANY")) | |
248 | return DNS_CLASS_ANY; | |
249 | ||
250 | return _DNS_CLASS_INVALID; | |
251 | } | |
cfb90da3 ZJS |
252 | |
253 | const char* tlsa_cert_usage_to_string(uint8_t cert_usage) { | |
fb8a9fc9 LP |
254 | |
255 | switch (cert_usage) { | |
256 | ||
257 | case 0: | |
258 | return "CA constraint"; | |
259 | ||
260 | case 1: | |
261 | return "Service certificate constraint"; | |
262 | ||
263 | case 2: | |
264 | return "Trust anchor assertion"; | |
265 | ||
266 | case 3: | |
267 | return "Domain-issued certificate"; | |
268 | ||
269 | case 4 ... 254: | |
270 | return "Unassigned"; | |
271 | ||
272 | case 255: | |
273 | return "Private use"; | |
cfb90da3 | 274 | } |
fb8a9fc9 LP |
275 | |
276 | return NULL; /* clang cannot count that we covered everything */ | |
cfb90da3 ZJS |
277 | } |
278 | ||
279 | const char* tlsa_selector_to_string(uint8_t selector) { | |
fb8a9fc9 LP |
280 | switch (selector) { |
281 | ||
282 | case 0: | |
283 | return "Full Certificate"; | |
284 | ||
285 | case 1: | |
286 | return "SubjectPublicKeyInfo"; | |
287 | ||
288 | case 2 ... 254: | |
289 | return "Unassigned"; | |
290 | ||
291 | case 255: | |
292 | return "Private use"; | |
cfb90da3 | 293 | } |
fb8a9fc9 LP |
294 | |
295 | return NULL; | |
cfb90da3 ZJS |
296 | } |
297 | ||
298 | const char* tlsa_matching_type_to_string(uint8_t selector) { | |
fb8a9fc9 LP |
299 | |
300 | switch (selector) { | |
301 | ||
302 | case 0: | |
303 | return "No hash used"; | |
304 | ||
305 | case 1: | |
306 | return "SHA-256"; | |
307 | ||
308 | case 2: | |
309 | return "SHA-512"; | |
310 | ||
311 | case 3 ... 254: | |
312 | return "Unassigned"; | |
313 | ||
314 | case 255: | |
315 | return "Private use"; | |
cfb90da3 | 316 | } |
fb8a9fc9 LP |
317 | |
318 | return NULL; | |
cfb90da3 | 319 | } |