]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/resolved-dns-answer.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
tree-wide: drop 'This file is part of systemd' blurb
[thirdparty/systemd.git] / src / resolve / resolved-dns-answer.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2 /***
3 Copyright 2014 Lennart Poettering
4 ***/
5
6 #include "alloc-util.h"
7 #include "dns-domain.h"
8 #include "resolved-dns-answer.h"
9 #include "resolved-dns-dnssec.h"
10 #include "string-util.h"
11
12 DnsAnswer *dns_answer_new(size_t n) {
13 DnsAnswer *a;
14
15 a = malloc0(offsetof(DnsAnswer, items) + sizeof(DnsAnswerItem) * n);
16 if (!a)
17 return NULL;
18
19 a->n_ref = 1;
20 a->n_allocated = n;
21
22 return a;
23 }
24
25 DnsAnswer *dns_answer_ref(DnsAnswer *a) {
26 if (!a)
27 return NULL;
28
29 assert(a->n_ref > 0);
30 a->n_ref++;
31 return a;
32 }
33
34 static void dns_answer_flush(DnsAnswer *a) {
35 DnsResourceRecord *rr;
36
37 if (!a)
38 return;
39
40 DNS_ANSWER_FOREACH(rr, a)
41 dns_resource_record_unref(rr);
42
43 a->n_rrs = 0;
44 }
45
46 DnsAnswer *dns_answer_unref(DnsAnswer *a) {
47 if (!a)
48 return NULL;
49
50 assert(a->n_ref > 0);
51
52 if (a->n_ref == 1) {
53 dns_answer_flush(a);
54 free(a);
55 } else
56 a->n_ref--;
57
58 return NULL;
59 }
60
61 static int dns_answer_add_raw(DnsAnswer *a, DnsResourceRecord *rr, int ifindex, DnsAnswerFlags flags) {
62 assert(rr);
63
64 if (!a)
65 return -ENOSPC;
66
67 if (a->n_rrs >= a->n_allocated)
68 return -ENOSPC;
69
70 a->items[a->n_rrs++] = (DnsAnswerItem) {
71 .rr = dns_resource_record_ref(rr),
72 .ifindex = ifindex,
73 .flags = flags,
74 };
75
76 return 1;
77 }
78
79 static int dns_answer_add_raw_all(DnsAnswer *a, DnsAnswer *source) {
80 DnsResourceRecord *rr;
81 DnsAnswerFlags flags;
82 int ifindex, r;
83
84 DNS_ANSWER_FOREACH_FULL(rr, ifindex, flags, source) {
85 r = dns_answer_add_raw(a, rr, ifindex, flags);
86 if (r < 0)
87 return r;
88 }
89
90 return 0;
91 }
92
93 int dns_answer_add(DnsAnswer *a, DnsResourceRecord *rr, int ifindex, DnsAnswerFlags flags) {
94 size_t i;
95 int r;
96
97 assert(rr);
98
99 if (!a)
100 return -ENOSPC;
101 if (a->n_ref > 1)
102 return -EBUSY;
103
104 for (i = 0; i < a->n_rrs; i++) {
105 if (a->items[i].ifindex != ifindex)
106 continue;
107
108 r = dns_resource_record_equal(a->items[i].rr, rr);
109 if (r < 0)
110 return r;
111 if (r > 0) {
112 /* Don't mix contradicting TTLs (see below) */
113 if ((rr->ttl == 0) != (a->items[i].rr->ttl == 0))
114 return -EINVAL;
115
116 /* Entry already exists, keep the entry with
117 * the higher RR. */
118 if (rr->ttl > a->items[i].rr->ttl) {
119 dns_resource_record_ref(rr);
120 dns_resource_record_unref(a->items[i].rr);
121 a->items[i].rr = rr;
122 }
123
124 a->items[i].flags |= flags;
125 return 0;
126 }
127
128 r = dns_resource_key_equal(a->items[i].rr->key, rr->key);
129 if (r < 0)
130 return r;
131 if (r > 0) {
132 /* There's already an RR of the same RRset in
133 * place! Let's see if the TTLs more or less
134 * match. We don't really care if they match
135 * precisely, but we do care whether one is 0
136 * and the other is not. See RFC 2181, Section
137 * 5.2. */
138
139 if ((rr->ttl == 0) != (a->items[i].rr->ttl == 0))
140 return -EINVAL;
141 }
142 }
143
144 return dns_answer_add_raw(a, rr, ifindex, flags);
145 }
146
147 static int dns_answer_add_all(DnsAnswer *a, DnsAnswer *b) {
148 DnsResourceRecord *rr;
149 DnsAnswerFlags flags;
150 int ifindex, r;
151
152 DNS_ANSWER_FOREACH_FULL(rr, ifindex, flags, b) {
153 r = dns_answer_add(a, rr, ifindex, flags);
154 if (r < 0)
155 return r;
156 }
157
158 return 0;
159 }
160
161 int dns_answer_add_extend(DnsAnswer **a, DnsResourceRecord *rr, int ifindex, DnsAnswerFlags flags) {
162 int r;
163
164 assert(a);
165 assert(rr);
166
167 r = dns_answer_reserve_or_clone(a, 1);
168 if (r < 0)
169 return r;
170
171 return dns_answer_add(*a, rr, ifindex, flags);
172 }
173
174 int dns_answer_add_soa(DnsAnswer *a, const char *name, uint32_t ttl, int ifindex) {
175 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *soa = NULL;
176
177 soa = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_SOA, name);
178 if (!soa)
179 return -ENOMEM;
180
181 soa->ttl = ttl;
182
183 soa->soa.mname = strdup(name);
184 if (!soa->soa.mname)
185 return -ENOMEM;
186
187 soa->soa.rname = strappend("root.", name);
188 if (!soa->soa.rname)
189 return -ENOMEM;
190
191 soa->soa.serial = 1;
192 soa->soa.refresh = 1;
193 soa->soa.retry = 1;
194 soa->soa.expire = 1;
195 soa->soa.minimum = ttl;
196
197 return dns_answer_add(a, soa, ifindex, DNS_ANSWER_AUTHENTICATED);
198 }
199
200 int dns_answer_match_key(DnsAnswer *a, const DnsResourceKey *key, DnsAnswerFlags *ret_flags) {
201 DnsAnswerFlags flags = 0, i_flags;
202 DnsResourceRecord *i;
203 bool found = false;
204 int r;
205
206 assert(key);
207
208 DNS_ANSWER_FOREACH_FLAGS(i, i_flags, a) {
209 r = dns_resource_key_match_rr(key, i, NULL);
210 if (r < 0)
211 return r;
212 if (r == 0)
213 continue;
214
215 if (!ret_flags)
216 return 1;
217
218 if (found)
219 flags &= i_flags;
220 else {
221 flags = i_flags;
222 found = true;
223 }
224 }
225
226 if (ret_flags)
227 *ret_flags = flags;
228
229 return found;
230 }
231
232 int dns_answer_contains_rr(DnsAnswer *a, DnsResourceRecord *rr, DnsAnswerFlags *ret_flags) {
233 DnsAnswerFlags flags = 0, i_flags;
234 DnsResourceRecord *i;
235 bool found = false;
236 int r;
237
238 assert(rr);
239
240 DNS_ANSWER_FOREACH_FLAGS(i, i_flags, a) {
241 r = dns_resource_record_equal(i, rr);
242 if (r < 0)
243 return r;
244 if (r == 0)
245 continue;
246
247 if (!ret_flags)
248 return 1;
249
250 if (found)
251 flags &= i_flags;
252 else {
253 flags = i_flags;
254 found = true;
255 }
256 }
257
258 if (ret_flags)
259 *ret_flags = flags;
260
261 return found;
262 }
263
264 int dns_answer_contains_key(DnsAnswer *a, const DnsResourceKey *key, DnsAnswerFlags *ret_flags) {
265 DnsAnswerFlags flags = 0, i_flags;
266 DnsResourceRecord *i;
267 bool found = false;
268 int r;
269
270 assert(key);
271
272 DNS_ANSWER_FOREACH_FLAGS(i, i_flags, a) {
273 r = dns_resource_key_equal(i->key, key);
274 if (r < 0)
275 return r;
276 if (r == 0)
277 continue;
278
279 if (!ret_flags)
280 return true;
281
282 if (found)
283 flags &= i_flags;
284 else {
285 flags = i_flags;
286 found = true;
287 }
288 }
289
290 if (ret_flags)
291 *ret_flags = flags;
292
293 return found;
294 }
295
296 int dns_answer_contains_nsec_or_nsec3(DnsAnswer *a) {
297 DnsResourceRecord *i;
298
299 DNS_ANSWER_FOREACH(i, a) {
300 if (IN_SET(i->key->type, DNS_TYPE_NSEC, DNS_TYPE_NSEC3))
301 return true;
302 }
303
304 return false;
305 }
306
307 int dns_answer_contains_zone_nsec3(DnsAnswer *answer, const char *zone) {
308 DnsResourceRecord *rr;
309 int r;
310
311 /* Checks whether the specified answer contains at least one NSEC3 RR in the specified zone */
312
313 DNS_ANSWER_FOREACH(rr, answer) {
314 const char *p;
315
316 if (rr->key->type != DNS_TYPE_NSEC3)
317 continue;
318
319 p = dns_resource_key_name(rr->key);
320 r = dns_name_parent(&p);
321 if (r < 0)
322 return r;
323 if (r == 0)
324 continue;
325
326 r = dns_name_equal(p, zone);
327 if (r != 0)
328 return r;
329 }
330
331 return false;
332 }
333
334 int dns_answer_find_soa(DnsAnswer *a, const DnsResourceKey *key, DnsResourceRecord **ret, DnsAnswerFlags *flags) {
335 DnsResourceRecord *rr, *soa = NULL;
336 DnsAnswerFlags rr_flags, soa_flags = 0;
337 int r;
338
339 assert(key);
340
341 /* For a SOA record we can never find a matching SOA record */
342 if (key->type == DNS_TYPE_SOA)
343 return 0;
344
345 DNS_ANSWER_FOREACH_FLAGS(rr, rr_flags, a) {
346 r = dns_resource_key_match_soa(key, rr->key);
347 if (r < 0)
348 return r;
349 if (r > 0) {
350
351 if (soa) {
352 r = dns_name_endswith(dns_resource_key_name(rr->key), dns_resource_key_name(soa->key));
353 if (r < 0)
354 return r;
355 if (r > 0)
356 continue;
357 }
358
359 soa = rr;
360 soa_flags = rr_flags;
361 }
362 }
363
364 if (!soa)
365 return 0;
366
367 if (ret)
368 *ret = soa;
369 if (flags)
370 *flags = soa_flags;
371
372 return 1;
373 }
374
375 int dns_answer_find_cname_or_dname(DnsAnswer *a, const DnsResourceKey *key, DnsResourceRecord **ret, DnsAnswerFlags *flags) {
376 DnsResourceRecord *rr;
377 DnsAnswerFlags rr_flags;
378 int r;
379
380 assert(key);
381
382 /* For a {C,D}NAME record we can never find a matching {C,D}NAME record */
383 if (!dns_type_may_redirect(key->type))
384 return 0;
385
386 DNS_ANSWER_FOREACH_FLAGS(rr, rr_flags, a) {
387 r = dns_resource_key_match_cname_or_dname(key, rr->key, NULL);
388 if (r < 0)
389 return r;
390 if (r > 0) {
391 if (ret)
392 *ret = rr;
393 if (flags)
394 *flags = rr_flags;
395 return 1;
396 }
397 }
398
399 return 0;
400 }
401
402 int dns_answer_merge(DnsAnswer *a, DnsAnswer *b, DnsAnswer **ret) {
403 _cleanup_(dns_answer_unrefp) DnsAnswer *k = NULL;
404 int r;
405
406 assert(ret);
407
408 if (dns_answer_size(a) <= 0) {
409 *ret = dns_answer_ref(b);
410 return 0;
411 }
412
413 if (dns_answer_size(b) <= 0) {
414 *ret = dns_answer_ref(a);
415 return 0;
416 }
417
418 k = dns_answer_new(a->n_rrs + b->n_rrs);
419 if (!k)
420 return -ENOMEM;
421
422 r = dns_answer_add_raw_all(k, a);
423 if (r < 0)
424 return r;
425
426 r = dns_answer_add_all(k, b);
427 if (r < 0)
428 return r;
429
430 *ret = TAKE_PTR(k);
431
432 return 0;
433 }
434
435 int dns_answer_extend(DnsAnswer **a, DnsAnswer *b) {
436 DnsAnswer *merged;
437 int r;
438
439 assert(a);
440
441 r = dns_answer_merge(*a, b, &merged);
442 if (r < 0)
443 return r;
444
445 dns_answer_unref(*a);
446 *a = merged;
447
448 return 0;
449 }
450
451 int dns_answer_remove_by_key(DnsAnswer **a, const DnsResourceKey *key) {
452 bool found = false, other = false;
453 DnsResourceRecord *rr;
454 size_t i;
455 int r;
456
457 assert(a);
458 assert(key);
459
460 /* Remove all entries matching the specified key from *a */
461
462 DNS_ANSWER_FOREACH(rr, *a) {
463 r = dns_resource_key_equal(rr->key, key);
464 if (r < 0)
465 return r;
466 if (r > 0)
467 found = true;
468 else
469 other = true;
470
471 if (found && other)
472 break;
473 }
474
475 if (!found)
476 return 0;
477
478 if (!other) {
479 *a = dns_answer_unref(*a); /* Return NULL for the empty answer */
480 return 1;
481 }
482
483 if ((*a)->n_ref > 1) {
484 _cleanup_(dns_answer_unrefp) DnsAnswer *copy = NULL;
485 DnsAnswerFlags flags;
486 int ifindex;
487
488 copy = dns_answer_new((*a)->n_rrs);
489 if (!copy)
490 return -ENOMEM;
491
492 DNS_ANSWER_FOREACH_FULL(rr, ifindex, flags, *a) {
493 r = dns_resource_key_equal(rr->key, key);
494 if (r < 0)
495 return r;
496 if (r > 0)
497 continue;
498
499 r = dns_answer_add_raw(copy, rr, ifindex, flags);
500 if (r < 0)
501 return r;
502 }
503
504 dns_answer_unref(*a);
505 *a = TAKE_PTR(copy);
506
507 return 1;
508 }
509
510 /* Only a single reference, edit in-place */
511
512 i = 0;
513 for (;;) {
514 if (i >= (*a)->n_rrs)
515 break;
516
517 r = dns_resource_key_equal((*a)->items[i].rr->key, key);
518 if (r < 0)
519 return r;
520 if (r > 0) {
521 /* Kill this entry */
522
523 dns_resource_record_unref((*a)->items[i].rr);
524 memmove((*a)->items + i, (*a)->items + i + 1, sizeof(DnsAnswerItem) * ((*a)->n_rrs - i - 1));
525 (*a)->n_rrs--;
526 continue;
527
528 } else
529 /* Keep this entry */
530 i++;
531 }
532
533 return 1;
534 }
535
536 int dns_answer_remove_by_rr(DnsAnswer **a, DnsResourceRecord *rm) {
537 bool found = false, other = false;
538 DnsResourceRecord *rr;
539 size_t i;
540 int r;
541
542 assert(a);
543 assert(rm);
544
545 /* Remove all entries matching the specified RR from *a */
546
547 DNS_ANSWER_FOREACH(rr, *a) {
548 r = dns_resource_record_equal(rr, rm);
549 if (r < 0)
550 return r;
551 if (r > 0)
552 found = true;
553 else
554 other = true;
555
556 if (found && other)
557 break;
558 }
559
560 if (!found)
561 return 0;
562
563 if (!other) {
564 *a = dns_answer_unref(*a); /* Return NULL for the empty answer */
565 return 1;
566 }
567
568 if ((*a)->n_ref > 1) {
569 _cleanup_(dns_answer_unrefp) DnsAnswer *copy = NULL;
570 DnsAnswerFlags flags;
571 int ifindex;
572
573 copy = dns_answer_new((*a)->n_rrs);
574 if (!copy)
575 return -ENOMEM;
576
577 DNS_ANSWER_FOREACH_FULL(rr, ifindex, flags, *a) {
578 r = dns_resource_record_equal(rr, rm);
579 if (r < 0)
580 return r;
581 if (r > 0)
582 continue;
583
584 r = dns_answer_add_raw(copy, rr, ifindex, flags);
585 if (r < 0)
586 return r;
587 }
588
589 dns_answer_unref(*a);
590 *a = TAKE_PTR(copy);
591
592 return 1;
593 }
594
595 /* Only a single reference, edit in-place */
596
597 i = 0;
598 for (;;) {
599 if (i >= (*a)->n_rrs)
600 break;
601
602 r = dns_resource_record_equal((*a)->items[i].rr, rm);
603 if (r < 0)
604 return r;
605 if (r > 0) {
606 /* Kill this entry */
607
608 dns_resource_record_unref((*a)->items[i].rr);
609 memmove((*a)->items + i, (*a)->items + i + 1, sizeof(DnsAnswerItem) * ((*a)->n_rrs - i - 1));
610 (*a)->n_rrs--;
611 continue;
612
613 } else
614 /* Keep this entry */
615 i++;
616 }
617
618 return 1;
619 }
620
621 int dns_answer_copy_by_key(DnsAnswer **a, DnsAnswer *source, const DnsResourceKey *key, DnsAnswerFlags or_flags) {
622 DnsResourceRecord *rr_source;
623 int ifindex_source, r;
624 DnsAnswerFlags flags_source;
625
626 assert(a);
627 assert(key);
628
629 /* Copy all RRs matching the specified key from source into *a */
630
631 DNS_ANSWER_FOREACH_FULL(rr_source, ifindex_source, flags_source, source) {
632
633 r = dns_resource_key_equal(rr_source->key, key);
634 if (r < 0)
635 return r;
636 if (r == 0)
637 continue;
638
639 /* Make space for at least one entry */
640 r = dns_answer_reserve_or_clone(a, 1);
641 if (r < 0)
642 return r;
643
644 r = dns_answer_add(*a, rr_source, ifindex_source, flags_source|or_flags);
645 if (r < 0)
646 return r;
647 }
648
649 return 0;
650 }
651
652 int dns_answer_move_by_key(DnsAnswer **to, DnsAnswer **from, const DnsResourceKey *key, DnsAnswerFlags or_flags) {
653 int r;
654
655 assert(to);
656 assert(from);
657 assert(key);
658
659 r = dns_answer_copy_by_key(to, *from, key, or_flags);
660 if (r < 0)
661 return r;
662
663 return dns_answer_remove_by_key(from, key);
664 }
665
666 void dns_answer_order_by_scope(DnsAnswer *a, bool prefer_link_local) {
667 DnsAnswerItem *items;
668 size_t i, start, end;
669
670 if (!a)
671 return;
672
673 if (a->n_rrs <= 1)
674 return;
675
676 start = 0;
677 end = a->n_rrs-1;
678
679 /* RFC 4795, Section 2.6 suggests we should order entries
680 * depending on whether the sender is a link-local address. */
681
682 items = newa(DnsAnswerItem, a->n_rrs);
683 for (i = 0; i < a->n_rrs; i++) {
684
685 if (a->items[i].rr->key->class == DNS_CLASS_IN &&
686 ((a->items[i].rr->key->type == DNS_TYPE_A && in_addr_is_link_local(AF_INET, (union in_addr_union*) &a->items[i].rr->a.in_addr) != prefer_link_local) ||
687 (a->items[i].rr->key->type == DNS_TYPE_AAAA && in_addr_is_link_local(AF_INET6, (union in_addr_union*) &a->items[i].rr->aaaa.in6_addr) != prefer_link_local)))
688 /* Order address records that are not preferred to the end of the array */
689 items[end--] = a->items[i];
690 else
691 /* Order all other records to the beginning of the array */
692 items[start++] = a->items[i];
693 }
694
695 assert(start == end+1);
696 memcpy(a->items, items, sizeof(DnsAnswerItem) * a->n_rrs);
697 }
698
699 int dns_answer_reserve(DnsAnswer **a, size_t n_free) {
700 DnsAnswer *n;
701
702 assert(a);
703
704 if (n_free <= 0)
705 return 0;
706
707 if (*a) {
708 size_t ns;
709
710 if ((*a)->n_ref > 1)
711 return -EBUSY;
712
713 ns = (*a)->n_rrs + n_free;
714
715 if ((*a)->n_allocated >= ns)
716 return 0;
717
718 /* Allocate more than we need */
719 ns *= 2;
720
721 n = realloc(*a, offsetof(DnsAnswer, items) + sizeof(DnsAnswerItem) * ns);
722 if (!n)
723 return -ENOMEM;
724
725 n->n_allocated = ns;
726 } else {
727 n = dns_answer_new(n_free);
728 if (!n)
729 return -ENOMEM;
730 }
731
732 *a = n;
733 return 0;
734 }
735
736 int dns_answer_reserve_or_clone(DnsAnswer **a, size_t n_free) {
737 _cleanup_(dns_answer_unrefp) DnsAnswer *n = NULL;
738 int r;
739
740 assert(a);
741
742 /* Tries to extend the DnsAnswer object. And if that's not
743 * possible, since we are not the sole owner, then allocate a
744 * new, appropriately sized one. Either way, after this call
745 * the object will only have a single reference, and has room
746 * for at least the specified number of RRs. */
747
748 r = dns_answer_reserve(a, n_free);
749 if (r != -EBUSY)
750 return r;
751
752 assert(*a);
753
754 n = dns_answer_new(((*a)->n_rrs + n_free) * 2);
755 if (!n)
756 return -ENOMEM;
757
758 r = dns_answer_add_raw_all(n, *a);
759 if (r < 0)
760 return r;
761
762 dns_answer_unref(*a);
763 *a = TAKE_PTR(n);
764
765 return 0;
766 }
767
768 void dns_answer_dump(DnsAnswer *answer, FILE *f) {
769 DnsResourceRecord *rr;
770 DnsAnswerFlags flags;
771 int ifindex;
772
773 if (!f)
774 f = stdout;
775
776 DNS_ANSWER_FOREACH_FULL(rr, ifindex, flags, answer) {
777 const char *t;
778
779 fputc('\t', f);
780
781 t = dns_resource_record_to_string(rr);
782 if (!t) {
783 log_oom();
784 continue;
785 }
786
787 fputs(t, f);
788
789 if (ifindex != 0 || flags & (DNS_ANSWER_AUTHENTICATED|DNS_ANSWER_CACHEABLE|DNS_ANSWER_SHARED_OWNER))
790 fputs("\t;", f);
791
792 if (ifindex != 0)
793 printf(" ifindex=%i", ifindex);
794 if (flags & DNS_ANSWER_AUTHENTICATED)
795 fputs(" authenticated", f);
796 if (flags & DNS_ANSWER_CACHEABLE)
797 fputs(" cachable", f);
798 if (flags & DNS_ANSWER_SHARED_OWNER)
799 fputs(" shared-owner", f);
800
801 fputc('\n', f);
802 }
803 }
804
805 bool dns_answer_has_dname_for_cname(DnsAnswer *a, DnsResourceRecord *cname) {
806 DnsResourceRecord *rr;
807 int r;
808
809 assert(cname);
810
811 /* Checks whether the answer contains a DNAME record that indicates that the specified CNAME record is
812 * synthesized from it */
813
814 if (cname->key->type != DNS_TYPE_CNAME)
815 return 0;
816
817 DNS_ANSWER_FOREACH(rr, a) {
818 _cleanup_free_ char *n = NULL;
819
820 if (rr->key->type != DNS_TYPE_DNAME)
821 continue;
822 if (rr->key->class != cname->key->class)
823 continue;
824
825 r = dns_name_change_suffix(cname->cname.name, rr->dname.name, dns_resource_key_name(rr->key), &n);
826 if (r < 0)
827 return r;
828 if (r == 0)
829 continue;
830
831 r = dns_name_equal(n, dns_resource_key_name(cname->key));
832 if (r < 0)
833 return r;
834 if (r > 0)
835 return 1;
836
837 }
838
839 return 0;
840 }
Unnamed repository; edit this file 'description' to name the repository.