]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/resolved-dns-rr.c
projects / thirdparty / systemd.git / blob
? search:


3b0fece1775c51df2aa11d820696c0719163b65b
[thirdparty/systemd.git] / src / resolve / resolved-dns-rr.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <math.h>
4
5 #include "alloc-util.h"
6 #include "dns-domain.h"
7 #include "dns-type.h"
8 #include "escape.h"
9 #include "hexdecoct.h"
10 #include "memory-util.h"
11 #include "resolved-dns-dnssec.h"
12 #include "resolved-dns-packet.h"
13 #include "resolved-dns-rr.h"
14 #include "string-table.h"
15 #include "string-util.h"
16 #include "strv.h"
17 #include "terminal-util.h"
18
19 DnsResourceKey* dns_resource_key_new(uint16_t class, uint16_t type, const char *name) {
20 DnsResourceKey *k;
21 size_t l;
22
23 assert(name);
24
25 l = strlen(name);
26 k = malloc0(sizeof(DnsResourceKey) + l + 1);
27 if (!k)
28 return NULL;
29
30 k->n_ref = 1;
31 k->class = class;
32 k->type = type;
33
34 strcpy((char*) k + sizeof(DnsResourceKey), name);
35
36 return k;
37 }
38
39 DnsResourceKey* dns_resource_key_new_redirect(const DnsResourceKey *key, const DnsResourceRecord *cname) {
40 int r;
41
42 assert(key);
43 assert(cname);
44
45 assert(IN_SET(cname->key->type, DNS_TYPE_CNAME, DNS_TYPE_DNAME));
46
47 if (cname->key->type == DNS_TYPE_CNAME)
48 return dns_resource_key_new(key->class, key->type, cname->cname.name);
49 else {
50 _cleanup_free_ char *destination = NULL;
51 DnsResourceKey *k;
52
53 r = dns_name_change_suffix(dns_resource_key_name(key), dns_resource_key_name(cname->key), cname->dname.name, &destination);
54 if (r < 0)
55 return NULL;
56 if (r == 0)
57 return dns_resource_key_ref((DnsResourceKey*) key);
58
59 k = dns_resource_key_new_consume(key->class, key->type, destination);
60 if (!k)
61 return NULL;
62
63 TAKE_PTR(destination);
64 return k;
65 }
66 }
67
68 int dns_resource_key_new_append_suffix(DnsResourceKey **ret, DnsResourceKey *key, char *name) {
69 DnsResourceKey *new_key;
70 char *joined;
71 int r;
72
73 assert(ret);
74 assert(key);
75 assert(name);
76
77 if (dns_name_is_root(name)) {
78 *ret = dns_resource_key_ref(key);
79 return 0;
80 }
81
82 r = dns_name_concat(dns_resource_key_name(key), name, 0, &joined);
83 if (r < 0)
84 return r;
85
86 new_key = dns_resource_key_new_consume(key->class, key->type, joined);
87 if (!new_key) {
88 free(joined);
89 return -ENOMEM;
90 }
91
92 *ret = new_key;
93 return 0;
94 }
95
96 DnsResourceKey* dns_resource_key_new_consume(uint16_t class, uint16_t type, char *name) {
97 DnsResourceKey *k;
98
99 assert(name);
100
101 k = new(DnsResourceKey, 1);
102 if (!k)
103 return NULL;
104
105 *k = (DnsResourceKey) {
106 .n_ref = 1,
107 .class = class,
108 .type = type,
109 ._name = name,
110 };
111
112 return k;
113 }
114
115 DnsResourceKey* dns_resource_key_ref(DnsResourceKey *k) {
116
117 if (!k)
118 return NULL;
119
120 /* Static/const keys created with DNS_RESOURCE_KEY_CONST will
121 * set this to -1, they should not be reffed/unreffed */
122 assert(k->n_ref != UINT_MAX);
123
124 assert(k->n_ref > 0);
125 k->n_ref++;
126
127 return k;
128 }
129
130 DnsResourceKey* dns_resource_key_unref(DnsResourceKey *k) {
131 if (!k)
132 return NULL;
133
134 assert(k->n_ref != UINT_MAX);
135 assert(k->n_ref > 0);
136
137 if (k->n_ref == 1) {
138 free(k->_name);
139 free(k);
140 } else
141 k->n_ref--;
142
143 return NULL;
144 }
145
146 const char* dns_resource_key_name(const DnsResourceKey *key) {
147 const char *name;
148
149 if (!key)
150 return NULL;
151
152 if (key->_name)
153 name = key->_name;
154 else
155 name = (char*) key + sizeof(DnsResourceKey);
156
157 if (dns_name_is_root(name))
158 return ".";
159 else
160 return name;
161 }
162
163 bool dns_resource_key_is_address(const DnsResourceKey *key) {
164 assert(key);
165
166 /* Check if this is an A or AAAA resource key */
167
168 return key->class == DNS_CLASS_IN && IN_SET(key->type, DNS_TYPE_A, DNS_TYPE_AAAA);
169 }
170
171 bool dns_resource_key_is_dnssd_ptr(const DnsResourceKey *key) {
172 assert(key);
173
174 /* Check if this is a PTR resource key used in
175 Service Instance Enumeration as described in RFC6763 p4.1. */
176
177 if (key->type != DNS_TYPE_PTR)
178 return false;
179
180 return dns_name_endswith(dns_resource_key_name(key), "_tcp.local") ||
181 dns_name_endswith(dns_resource_key_name(key), "_udp.local");
182 }
183
184 int dns_resource_key_equal(const DnsResourceKey *a, const DnsResourceKey *b) {
185 int r;
186
187 if (a == b)
188 return 1;
189
190 r = dns_name_equal(dns_resource_key_name(a), dns_resource_key_name(b));
191 if (r <= 0)
192 return r;
193
194 if (a->class != b->class)
195 return 0;
196
197 if (a->type != b->type)
198 return 0;
199
200 return 1;
201 }
202
203 int dns_resource_key_match_rr(const DnsResourceKey *key, DnsResourceRecord *rr, const char *search_domain) {
204 int r;
205
206 assert(key);
207 assert(rr);
208
209 if (key == rr->key)
210 return 1;
211
212 /* Checks if an rr matches the specified key. If a search
213 * domain is specified, it will also be checked if the key
214 * with the search domain suffixed might match the RR. */
215
216 if (rr->key->class != key->class && key->class != DNS_CLASS_ANY)
217 return 0;
218
219 if (rr->key->type != key->type && key->type != DNS_TYPE_ANY)
220 return 0;
221
222 r = dns_name_equal(dns_resource_key_name(rr->key), dns_resource_key_name(key));
223 if (r != 0)
224 return r;
225
226 if (search_domain) {
227 _cleanup_free_ char *joined = NULL;
228
229 r = dns_name_concat(dns_resource_key_name(key), search_domain, 0, &joined);
230 if (r < 0)
231 return r;
232
233 return dns_name_equal(dns_resource_key_name(rr->key), joined);
234 }
235
236 return 0;
237 }
238
239 int dns_resource_key_match_cname_or_dname(const DnsResourceKey *key, const DnsResourceKey *cname, const char *search_domain) {
240 int r;
241
242 assert(key);
243 assert(cname);
244
245 if (cname->class != key->class && key->class != DNS_CLASS_ANY)
246 return 0;
247
248 if (!dns_type_may_redirect(key->type))
249 return 0;
250
251 if (cname->type == DNS_TYPE_CNAME)
252 r = dns_name_equal(dns_resource_key_name(key), dns_resource_key_name(cname));
253 else if (cname->type == DNS_TYPE_DNAME)
254 r = dns_name_endswith(dns_resource_key_name(key), dns_resource_key_name(cname));
255 else
256 return 0;
257
258 if (r != 0)
259 return r;
260
261 if (search_domain) {
262 _cleanup_free_ char *joined = NULL;
263
264 r = dns_name_concat(dns_resource_key_name(key), search_domain, 0, &joined);
265 if (r < 0)
266 return r;
267
268 if (cname->type == DNS_TYPE_CNAME)
269 return dns_name_equal(joined, dns_resource_key_name(cname));
270 else if (cname->type == DNS_TYPE_DNAME)
271 return dns_name_endswith(joined, dns_resource_key_name(cname));
272 }
273
274 return 0;
275 }
276
277 int dns_resource_key_match_soa(const DnsResourceKey *key, const DnsResourceKey *soa) {
278 assert(soa);
279 assert(key);
280
281 /* Checks whether 'soa' is a SOA record for the specified key. */
282
283 if (soa->class != key->class)
284 return 0;
285
286 if (soa->type != DNS_TYPE_SOA)
287 return 0;
288
289 return dns_name_endswith(dns_resource_key_name(key), dns_resource_key_name(soa));
290 }
291
292 static void dns_resource_key_hash_func(const DnsResourceKey *k, struct siphash *state) {
293 assert(k);
294
295 dns_name_hash_func(dns_resource_key_name(k), state);
296 siphash24_compress_typesafe(k->class, state);
297 siphash24_compress_typesafe(k->type, state);
298 }
299
300 static int dns_resource_key_compare_func(const DnsResourceKey *x, const DnsResourceKey *y) {
301 int r;
302
303 r = dns_name_compare_func(dns_resource_key_name(x), dns_resource_key_name(y));
304 if (r != 0)
305 return r;
306
307 r = CMP(x->type, y->type);
308 if (r != 0)
309 return r;
310
311 return CMP(x->class, y->class);
312 }
313
314 DEFINE_HASH_OPS(dns_resource_key_hash_ops, DnsResourceKey, dns_resource_key_hash_func, dns_resource_key_compare_func);
315
316 char* dns_resource_key_to_string(const DnsResourceKey *key, char *buf, size_t buf_size) {
317 const char *c, *t;
318 char *ans = buf;
319
320 /* If we cannot convert the CLASS/TYPE into a known string,
321 use the format recommended by RFC 3597, Section 5. */
322
323 c = dns_class_to_string(key->class);
324 t = dns_type_to_string(key->type);
325
326 (void) snprintf(buf, buf_size, "%s %s%s%.0u %s%s%.0u",
327 dns_resource_key_name(key),
328 strempty(c), c ? "" : "CLASS", c ? 0u : key->class,
329 strempty(t), t ? "" : "TYPE", t ? 0u : key->type);
330
331 return ans;
332 }
333
334 bool dns_resource_key_reduce(DnsResourceKey **a, DnsResourceKey **b) {
335 assert(a);
336 assert(b);
337
338 /* Try to replace one RR key by another if they are identical, thus saving a bit of memory. Note that we do
339 * this only for RR keys, not for RRs themselves, as they carry a lot of additional metadata (where they come
340 * from, validity data, and suchlike), and cannot be replaced so easily by other RRs that have the same
341 * superficial data. */
342
343 if (!*a)
344 return false;
345 if (!*b)
346 return false;
347
348 /* We refuse merging const keys */
349 if ((*a)->n_ref == UINT_MAX)
350 return false;
351 if ((*b)->n_ref == UINT_MAX)
352 return false;
353
354 /* Already the same? */
355 if (*a == *b)
356 return true;
357
358 /* Are they really identical? */
359 if (dns_resource_key_equal(*a, *b) <= 0)
360 return false;
361
362 /* Keep the one which already has more references. */
363 if ((*a)->n_ref > (*b)->n_ref)
364 DNS_RESOURCE_KEY_REPLACE(*b, dns_resource_key_ref(*a));
365 else
366 DNS_RESOURCE_KEY_REPLACE(*a, dns_resource_key_ref(*b));
367
368 return true;
369 }
370
371 DnsResourceRecord* dns_resource_record_new(DnsResourceKey *key) {
372 DnsResourceRecord *rr;
373
374 rr = new(DnsResourceRecord, 1);
375 if (!rr)
376 return NULL;
377
378 *rr = (DnsResourceRecord) {
379 .n_ref = 1,
380 .key = dns_resource_key_ref(key),
381 .expiry = USEC_INFINITY,
382 .n_skip_labels_signer = UINT8_MAX,
383 .n_skip_labels_source = UINT8_MAX,
384 };
385
386 return rr;
387 }
388
389 DnsResourceRecord* dns_resource_record_new_full(uint16_t class, uint16_t type, const char *name) {
390 _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL;
391
392 key = dns_resource_key_new(class, type, name);
393 if (!key)
394 return NULL;
395
396 return dns_resource_record_new(key);
397 }
398
399 static DnsResourceRecord* dns_resource_record_free(DnsResourceRecord *rr) {
400 assert(rr);
401
402 if (rr->key) {
403 switch (rr->key->type) {
404
405 case DNS_TYPE_SRV:
406 free(rr->srv.name);
407 break;
408
409 case DNS_TYPE_PTR:
410 case DNS_TYPE_NS:
411 case DNS_TYPE_CNAME:
412 case DNS_TYPE_DNAME:
413 free(rr->ptr.name);
414 break;
415
416 case DNS_TYPE_HINFO:
417 free(rr->hinfo.cpu);
418 free(rr->hinfo.os);
419 break;
420
421 case DNS_TYPE_TXT:
422 case DNS_TYPE_SPF:
423 dns_txt_item_free_all(rr->txt.items);
424 break;
425
426 case DNS_TYPE_SOA:
427 free(rr->soa.mname);
428 free(rr->soa.rname);
429 break;
430
431 case DNS_TYPE_MX:
432 free(rr->mx.exchange);
433 break;
434
435 case DNS_TYPE_DS:
436 free(rr->ds.digest);
437 break;
438
439 case DNS_TYPE_SSHFP:
440 free(rr->sshfp.fingerprint);
441 break;
442
443 case DNS_TYPE_DNSKEY:
444 free(rr->dnskey.key);
445 break;
446
447 case DNS_TYPE_RRSIG:
448 free(rr->rrsig.signer);
449 free(rr->rrsig.signature);
450 break;
451
452 case DNS_TYPE_NSEC:
453 free(rr->nsec.next_domain_name);
454 bitmap_free(rr->nsec.types);
455 break;
456
457 case DNS_TYPE_NSEC3:
458 free(rr->nsec3.next_hashed_name);
459 free(rr->nsec3.salt);
460 bitmap_free(rr->nsec3.types);
461 break;
462
463 case DNS_TYPE_LOC:
464 case DNS_TYPE_A:
465 case DNS_TYPE_AAAA:
466 break;
467
468 case DNS_TYPE_TLSA:
469 free(rr->tlsa.data);
470 break;
471
472 case DNS_TYPE_SVCB:
473 case DNS_TYPE_HTTPS:
474 free(rr->svcb.target_name);
475 dns_svc_param_free_all(rr->svcb.params);
476 break;
477
478 case DNS_TYPE_CAA:
479 free(rr->caa.tag);
480 free(rr->caa.value);
481 break;
482
483 case DNS_TYPE_OPENPGPKEY:
484 default:
485 if (!rr->unparsable)
486 free(rr->generic.data);
487 }
488
489 if (rr->unparsable)
490 free(rr->generic.data);
491
492 free(rr->wire_format);
493 dns_resource_key_unref(rr->key);
494 }
495
496 free(rr->to_string);
497 return mfree(rr);
498 }
499
500 DEFINE_TRIVIAL_REF_UNREF_FUNC(DnsResourceRecord, dns_resource_record, dns_resource_record_free);
501
502 int dns_resource_record_new_reverse(DnsResourceRecord **ret, int family, const union in_addr_union *address, const char *hostname) {
503 _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL;
504 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
505 _cleanup_free_ char *ptr = NULL;
506 int r;
507
508 assert(ret);
509 assert(address);
510 assert(hostname);
511
512 r = dns_name_reverse(family, address, &ptr);
513 if (r < 0)
514 return r;
515
516 key = dns_resource_key_new_consume(DNS_CLASS_IN, DNS_TYPE_PTR, ptr);
517 if (!key)
518 return -ENOMEM;
519
520 ptr = NULL;
521
522 rr = dns_resource_record_new(key);
523 if (!rr)
524 return -ENOMEM;
525
526 rr->ptr.name = strdup(hostname);
527 if (!rr->ptr.name)
528 return -ENOMEM;
529
530 *ret = TAKE_PTR(rr);
531
532 return 0;
533 }
534
535 int dns_resource_record_new_address(DnsResourceRecord **ret, int family, const union in_addr_union *address, const char *name) {
536 DnsResourceRecord *rr;
537
538 assert(ret);
539 assert(address);
540 assert(family);
541
542 if (family == AF_INET) {
543
544 rr = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_A, name);
545 if (!rr)
546 return -ENOMEM;
547
548 rr->a.in_addr = address->in;
549
550 } else if (family == AF_INET6) {
551
552 rr = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_AAAA, name);
553 if (!rr)
554 return -ENOMEM;
555
556 rr->aaaa.in6_addr = address->in6;
557 } else
558 return -EAFNOSUPPORT;
559
560 *ret = rr;
561
562 return 0;
563 }
564
565 #define FIELD_EQUAL(a, b, field) \
566 ((a).field ## _size == (b).field ## _size && \
567 memcmp_safe((a).field, (b).field, (a).field ## _size) == 0)
568
569 int dns_resource_record_payload_equal(const DnsResourceRecord *a, const DnsResourceRecord *b) {
570 int r;
571
572 /* Check if a and b are the same, but don't look at their keys */
573
574 if (a->unparsable != b->unparsable)
575 return 0;
576
577 switch (a->unparsable ? _DNS_TYPE_INVALID : a->key->type) {
578
579 case DNS_TYPE_SRV:
580 r = dns_name_equal(a->srv.name, b->srv.name);
581 if (r <= 0)
582 return r;
583
584 return a->srv.priority == b->srv.priority &&
585 a->srv.weight == b->srv.weight &&
586 a->srv.port == b->srv.port;
587
588 case DNS_TYPE_PTR:
589 case DNS_TYPE_NS:
590 case DNS_TYPE_CNAME:
591 case DNS_TYPE_DNAME:
592 return dns_name_equal(a->ptr.name, b->ptr.name);
593
594 case DNS_TYPE_HINFO:
595 return strcaseeq(a->hinfo.cpu, b->hinfo.cpu) &&
596 strcaseeq(a->hinfo.os, b->hinfo.os);
597
598 case DNS_TYPE_SPF: /* exactly the same as TXT */
599 case DNS_TYPE_TXT:
600 return dns_txt_item_equal(a->txt.items, b->txt.items);
601
602 case DNS_TYPE_A:
603 return memcmp(&a->a.in_addr, &b->a.in_addr, sizeof(struct in_addr)) == 0;
604
605 case DNS_TYPE_AAAA:
606 return memcmp(&a->aaaa.in6_addr, &b->aaaa.in6_addr, sizeof(struct in6_addr)) == 0;
607
608 case DNS_TYPE_SOA:
609 r = dns_name_equal(a->soa.mname, b->soa.mname);
610 if (r <= 0)
611 return r;
612 r = dns_name_equal(a->soa.rname, b->soa.rname);
613 if (r <= 0)
614 return r;
615
616 return a->soa.serial == b->soa.serial &&
617 a->soa.refresh == b->soa.refresh &&
618 a->soa.retry == b->soa.retry &&
619 a->soa.expire == b->soa.expire &&
620 a->soa.minimum == b->soa.minimum;
621
622 case DNS_TYPE_MX:
623 if (a->mx.priority != b->mx.priority)
624 return 0;
625
626 return dns_name_equal(a->mx.exchange, b->mx.exchange);
627
628 case DNS_TYPE_LOC:
629 assert(a->loc.version == b->loc.version);
630
631 return a->loc.size == b->loc.size &&
632 a->loc.horiz_pre == b->loc.horiz_pre &&
633 a->loc.vert_pre == b->loc.vert_pre &&
634 a->loc.latitude == b->loc.latitude &&
635 a->loc.longitude == b->loc.longitude &&
636 a->loc.altitude == b->loc.altitude;
637
638 case DNS_TYPE_DS:
639 return a->ds.key_tag == b->ds.key_tag &&
640 a->ds.algorithm == b->ds.algorithm &&
641 a->ds.digest_type == b->ds.digest_type &&
642 FIELD_EQUAL(a->ds, b->ds, digest);
643
644 case DNS_TYPE_SSHFP:
645 return a->sshfp.algorithm == b->sshfp.algorithm &&
646 a->sshfp.fptype == b->sshfp.fptype &&
647 FIELD_EQUAL(a->sshfp, b->sshfp, fingerprint);
648
649 case DNS_TYPE_DNSKEY:
650 return a->dnskey.flags == b->dnskey.flags &&
651 a->dnskey.protocol == b->dnskey.protocol &&
652 a->dnskey.algorithm == b->dnskey.algorithm &&
653 FIELD_EQUAL(a->dnskey, b->dnskey, key);
654
655 case DNS_TYPE_RRSIG:
656 /* do the fast comparisons first */
657 return a->rrsig.type_covered == b->rrsig.type_covered &&
658 a->rrsig.algorithm == b->rrsig.algorithm &&
659 a->rrsig.labels == b->rrsig.labels &&
660 a->rrsig.original_ttl == b->rrsig.original_ttl &&
661 a->rrsig.expiration == b->rrsig.expiration &&
662 a->rrsig.inception == b->rrsig.inception &&
663 a->rrsig.key_tag == b->rrsig.key_tag &&
664 FIELD_EQUAL(a->rrsig, b->rrsig, signature) &&
665 dns_name_equal(a->rrsig.signer, b->rrsig.signer);
666
667 case DNS_TYPE_NSEC:
668 return dns_name_equal(a->nsec.next_domain_name, b->nsec.next_domain_name) &&
669 bitmap_equal(a->nsec.types, b->nsec.types);
670
671 case DNS_TYPE_NSEC3:
672 return a->nsec3.algorithm == b->nsec3.algorithm &&
673 a->nsec3.flags == b->nsec3.flags &&
674 a->nsec3.iterations == b->nsec3.iterations &&
675 FIELD_EQUAL(a->nsec3, b->nsec3, salt) &&
676 FIELD_EQUAL(a->nsec3, b->nsec3, next_hashed_name) &&
677 bitmap_equal(a->nsec3.types, b->nsec3.types);
678
679 case DNS_TYPE_TLSA:
680 return a->tlsa.cert_usage == b->tlsa.cert_usage &&
681 a->tlsa.selector == b->tlsa.selector &&
682 a->tlsa.matching_type == b->tlsa.matching_type &&
683 FIELD_EQUAL(a->tlsa, b->tlsa, data);
684
685 case DNS_TYPE_SVCB:
686 case DNS_TYPE_HTTPS:
687 return a->svcb.priority == b->svcb.priority &&
688 dns_name_equal(a->svcb.target_name, b->svcb.target_name) &&
689 dns_svc_params_equal(a->svcb.params, b->svcb.params);
690
691 case DNS_TYPE_CAA:
692 return a->caa.flags == b->caa.flags &&
693 streq(a->caa.tag, b->caa.tag) &&
694 FIELD_EQUAL(a->caa, b->caa, value);
695
696 case DNS_TYPE_OPENPGPKEY:
697 default:
698 return FIELD_EQUAL(a->generic, b->generic, data);
699 }
700 }
701
702 int dns_resource_record_equal(const DnsResourceRecord *a, const DnsResourceRecord *b) {
703 int r;
704
705 assert(a);
706 assert(b);
707
708 if (a == b)
709 return 1;
710
711 r = dns_resource_key_equal(a->key, b->key);
712 if (r <= 0)
713 return r;
714
715 return dns_resource_record_payload_equal(a, b);
716 }
717
718 static char* format_location(uint32_t latitude, uint32_t longitude, uint32_t altitude,
719 uint8_t size, uint8_t horiz_pre, uint8_t vert_pre) {
720 char *s;
721 char NS = latitude >= 1U<<31 ? 'N' : 'S';
722 char EW = longitude >= 1U<<31 ? 'E' : 'W';
723
724 int lat = latitude >= 1U<<31 ? (int) (latitude - (1U<<31)) : (int) ((1U<<31) - latitude);
725 int lon = longitude >= 1U<<31 ? (int) (longitude - (1U<<31)) : (int) ((1U<<31) - longitude);
726 double alt = altitude >= 10000000u ? altitude - 10000000u : -(double)(10000000u - altitude);
727 double siz = (size >> 4) * exp10((double) (size & 0xF));
728 double hor = (horiz_pre >> 4) * exp10((double) (horiz_pre & 0xF));
729 double ver = (vert_pre >> 4) * exp10((double) (vert_pre & 0xF));
730
731 if (asprintf(&s, "%d %d %.3f %c %d %d %.3f %c %.2fm %.2fm %.2fm %.2fm",
732 (lat / 60000 / 60),
733 (lat / 60000) % 60,
734 (lat % 60000) / 1000.,
735 NS,
736 (lon / 60000 / 60),
737 (lon / 60000) % 60,
738 (lon % 60000) / 1000.,
739 EW,
740 alt / 100.,
741 siz / 100.,
742 hor / 100.,
743 ver / 100.) < 0)
744 return NULL;
745
746 return s;
747 }
748
749 static int format_timestamp_dns(char *buf, size_t l, time_t sec) {
750 struct tm tm;
751
752 assert(buf);
753 assert(l > STRLEN("YYYYMMDDHHmmSS"));
754
755 if (!gmtime_r(&sec, &tm))
756 return -EINVAL;
757
758 if (strftime(buf, l, "%Y%m%d%H%M%S", &tm) <= 0)
759 return -EINVAL;
760
761 return 0;
762 }
763
764 static char *format_types(Bitmap *types) {
765 _cleanup_strv_free_ char **strv = NULL;
766 _cleanup_free_ char *str = NULL;
767 unsigned type;
768 int r;
769
770 BITMAP_FOREACH(type, types) {
771 if (dns_type_to_string(type)) {
772 r = strv_extend(&strv, dns_type_to_string(type));
773 if (r < 0)
774 return NULL;
775 } else {
776 char *t;
777
778 r = asprintf(&t, "TYPE%u", type);
779 if (r < 0)
780 return NULL;
781
782 r = strv_consume(&strv, t);
783 if (r < 0)
784 return NULL;
785 }
786 }
787
788 str = strv_join(strv, " ");
789 if (!str)
790 return NULL;
791
792 return strjoin("( ", str, " )");
793 }
794
795 static char *format_txt(DnsTxtItem *first) {
796 size_t c = 1;
797 char *p, *s;
798
799 LIST_FOREACH(items, i, first)
800 c += i->length * 4 + 3;
801
802 p = s = new(char, c);
803 if (!s)
804 return NULL;
805
806 LIST_FOREACH(items, i, first) {
807 if (i != first)
808 *(p++) = ' ';
809
810 *(p++) = '"';
811
812 for (size_t j = 0; j < i->length; j++) {
813 if (i->data[j] < ' ' || i->data[j] == '"' || i->data[j] >= 127) {
814 *(p++) = '\\';
815 *(p++) = '0' + (i->data[j] / 100);
816 *(p++) = '0' + ((i->data[j] / 10) % 10);
817 *(p++) = '0' + (i->data[j] % 10);
818 } else
819 *(p++) = i->data[j];
820 }
821
822 *(p++) = '"';
823 }
824
825 *p = 0;
826 return s;
827 }
828
829 const char *dns_resource_record_to_string(DnsResourceRecord *rr) {
830 _cleanup_free_ char *s = NULL, *t = NULL;
831 char k[DNS_RESOURCE_KEY_STRING_MAX];
832 int r;
833
834 assert(rr);
835
836 if (rr->to_string)
837 return rr->to_string;
838
839 dns_resource_key_to_string(rr->key, k, sizeof(k));
840
841 switch (rr->unparsable ? _DNS_TYPE_INVALID : rr->key->type) {
842
843 case DNS_TYPE_SRV:
844 r = asprintf(&s, "%s %u %u %u %s",
845 k,
846 rr->srv.priority,
847 rr->srv.weight,
848 rr->srv.port,
849 strna(rr->srv.name));
850 if (r < 0)
851 return NULL;
852 break;
853
854 case DNS_TYPE_PTR:
855 case DNS_TYPE_NS:
856 case DNS_TYPE_CNAME:
857 case DNS_TYPE_DNAME:
858 s = strjoin(k, " ", rr->ptr.name);
859 if (!s)
860 return NULL;
861
862 break;
863
864 case DNS_TYPE_HINFO:
865 s = strjoin(k, " ", rr->hinfo.cpu, " ", rr->hinfo.os);
866 if (!s)
867 return NULL;
868 break;
869
870 case DNS_TYPE_SPF: /* exactly the same as TXT */
871 case DNS_TYPE_TXT:
872 t = format_txt(rr->txt.items);
873 if (!t)
874 return NULL;
875
876 s = strjoin(k, " ", t);
877 if (!s)
878 return NULL;
879 break;
880
881 case DNS_TYPE_A:
882 r = in_addr_to_string(AF_INET, (const union in_addr_union*) &rr->a.in_addr, &t);
883 if (r < 0)
884 return NULL;
885
886 s = strjoin(k, " ", t);
887 if (!s)
888 return NULL;
889 break;
890
891 case DNS_TYPE_AAAA:
892 r = in_addr_to_string(AF_INET6, (const union in_addr_union*) &rr->aaaa.in6_addr, &t);
893 if (r < 0)
894 return NULL;
895
896 s = strjoin(k, " ", t);
897 if (!s)
898 return NULL;
899 break;
900
901 case DNS_TYPE_SOA:
902 r = asprintf(&s, "%s %s %s %u %u %u %u %u",
903 k,
904 strna(rr->soa.mname),
905 strna(rr->soa.rname),
906 rr->soa.serial,
907 rr->soa.refresh,
908 rr->soa.retry,
909 rr->soa.expire,
910 rr->soa.minimum);
911 if (r < 0)
912 return NULL;
913 break;
914
915 case DNS_TYPE_MX:
916 r = asprintf(&s, "%s %u %s",
917 k,
918 rr->mx.priority,
919 rr->mx.exchange);
920 if (r < 0)
921 return NULL;
922 break;
923
924 case DNS_TYPE_LOC:
925 assert(rr->loc.version == 0);
926
927 t = format_location(rr->loc.latitude,
928 rr->loc.longitude,
929 rr->loc.altitude,
930 rr->loc.size,
931 rr->loc.horiz_pre,
932 rr->loc.vert_pre);
933 if (!t)
934 return NULL;
935
936 s = strjoin(k, " ", t);
937 if (!s)
938 return NULL;
939 break;
940
941 case DNS_TYPE_DS:
942 t = hexmem(rr->ds.digest, rr->ds.digest_size);
943 if (!t)
944 return NULL;
945
946 r = asprintf(&s, "%s %u %u %u %s",
947 k,
948 rr->ds.key_tag,
949 rr->ds.algorithm,
950 rr->ds.digest_type,
951 t);
952 if (r < 0)
953 return NULL;
954 break;
955
956 case DNS_TYPE_SSHFP:
957 t = hexmem(rr->sshfp.fingerprint, rr->sshfp.fingerprint_size);
958 if (!t)
959 return NULL;
960
961 r = asprintf(&s, "%s %u %u %s",
962 k,
963 rr->sshfp.algorithm,
964 rr->sshfp.fptype,
965 t);
966 if (r < 0)
967 return NULL;
968 break;
969
970 case DNS_TYPE_DNSKEY: {
971 _cleanup_free_ char *alg = NULL;
972 uint16_t key_tag;
973
974 key_tag = dnssec_keytag(rr, true);
975
976 r = dnssec_algorithm_to_string_alloc(rr->dnskey.algorithm, &alg);
977 if (r < 0)
978 return NULL;
979
980 r = asprintf(&t, "%s %u %u %s",
981 k,
982 rr->dnskey.flags,
983 rr->dnskey.protocol,
984 alg);
985 if (r < 0)
986 return NULL;
987
988 r = base64_append(&t, r,
989 rr->dnskey.key, rr->dnskey.key_size,
990 8, columns());
991 if (r < 0)
992 return NULL;
993
994 r = asprintf(&s, "%s\n"
995 " -- Flags:%s%s%s\n"
996 " -- Key tag: %u",
997 t,
998 rr->dnskey.flags & DNSKEY_FLAG_SEP ? " SEP" : "",
999 rr->dnskey.flags & DNSKEY_FLAG_REVOKE ? " REVOKE" : "",
1000 rr->dnskey.flags & DNSKEY_FLAG_ZONE_KEY ? " ZONE_KEY" : "",
1001 key_tag);
1002 if (r < 0)
1003 return NULL;
1004
1005 break;
1006 }
1007
1008 case DNS_TYPE_RRSIG: {
1009 _cleanup_free_ char *alg = NULL;
1010 char expiration[STRLEN("YYYYMMDDHHmmSS") + 1], inception[STRLEN("YYYYMMDDHHmmSS") + 1];
1011 const char *type;
1012
1013 type = dns_type_to_string(rr->rrsig.type_covered);
1014
1015 r = dnssec_algorithm_to_string_alloc(rr->rrsig.algorithm, &alg);
1016 if (r < 0)
1017 return NULL;
1018
1019 r = format_timestamp_dns(expiration, sizeof(expiration), rr->rrsig.expiration);
1020 if (r < 0)
1021 return NULL;
1022
1023 r = format_timestamp_dns(inception, sizeof(inception), rr->rrsig.inception);
1024 if (r < 0)
1025 return NULL;
1026
1027 /* TYPE?? follows
1028 * http://tools.ietf.org/html/rfc3597#section-5 */
1029
1030 r = asprintf(&s, "%s %s%.*u %s %u %u %s %s %u %s",
1031 k,
1032 type ?: "TYPE",
1033 type ? 0 : 1, type ? 0u : (unsigned) rr->rrsig.type_covered,
1034 alg,
1035 rr->rrsig.labels,
1036 rr->rrsig.original_ttl,
1037 expiration,
1038 inception,
1039 rr->rrsig.key_tag,
1040 rr->rrsig.signer);
1041 if (r < 0)
1042 return NULL;
1043
1044 r = base64_append(&s, r,
1045 rr->rrsig.signature, rr->rrsig.signature_size,
1046 8, columns());
1047 if (r < 0)
1048 return NULL;
1049
1050 break;
1051 }
1052
1053 case DNS_TYPE_NSEC:
1054 t = format_types(rr->nsec.types);
1055 if (!t)
1056 return NULL;
1057
1058 r = asprintf(&s, "%s %s %s",
1059 k,
1060 rr->nsec.next_domain_name,
1061 t);
1062 if (r < 0)
1063 return NULL;
1064 break;
1065
1066 case DNS_TYPE_NSEC3: {
1067 _cleanup_free_ char *salt = NULL, *hash = NULL;
1068
1069 if (rr->nsec3.salt_size > 0) {
1070 salt = hexmem(rr->nsec3.salt, rr->nsec3.salt_size);
1071 if (!salt)
1072 return NULL;
1073 }
1074
1075 hash = base32hexmem(rr->nsec3.next_hashed_name, rr->nsec3.next_hashed_name_size, false);
1076 if (!hash)
1077 return NULL;
1078
1079 t = format_types(rr->nsec3.types);
1080 if (!t)
1081 return NULL;
1082
1083 r = asprintf(&s, "%s %"PRIu8" %"PRIu8" %"PRIu16" %s %s %s",
1084 k,
1085 rr->nsec3.algorithm,
1086 rr->nsec3.flags,
1087 rr->nsec3.iterations,
1088 rr->nsec3.salt_size > 0 ? salt : "-",
1089 hash,
1090 t);
1091 if (r < 0)
1092 return NULL;
1093
1094 break;
1095 }
1096
1097 case DNS_TYPE_TLSA:
1098 t = hexmem(rr->tlsa.data, rr->tlsa.data_size);
1099 if (!t)
1100 return NULL;
1101
1102 r = asprintf(&s,
1103 "%s %u %u %u %s\n"
1104 " -- Cert. usage: %s\n"
1105 " -- Selector: %s\n"
1106 " -- Matching type: %s",
1107 k,
1108 rr->tlsa.cert_usage,
1109 rr->tlsa.selector,
1110 rr->tlsa.matching_type,
1111 t,
1112 tlsa_cert_usage_to_string(rr->tlsa.cert_usage),
1113 tlsa_selector_to_string(rr->tlsa.selector),
1114 tlsa_matching_type_to_string(rr->tlsa.matching_type));
1115 if (r < 0)
1116 return NULL;
1117
1118 break;
1119
1120 case DNS_TYPE_CAA:
1121 t = octescape(rr->caa.value, rr->caa.value_size);
1122 if (!t)
1123 return NULL;
1124
1125 r = asprintf(&s, "%s %u %s \"%s\"%s%s%s%.0u",
1126 k,
1127 rr->caa.flags,
1128 rr->caa.tag,
1129 t,
1130 rr->caa.flags ? "\n -- Flags:" : "",
1131 rr->caa.flags & CAA_FLAG_CRITICAL ? " critical" : "",
1132 rr->caa.flags & ~CAA_FLAG_CRITICAL ? " " : "",
1133 rr->caa.flags & ~CAA_FLAG_CRITICAL);
1134 if (r < 0)
1135 return NULL;
1136
1137 break;
1138
1139 case DNS_TYPE_OPENPGPKEY:
1140 r = asprintf(&s, "%s", k);
1141 if (r < 0)
1142 return NULL;
1143
1144 r = base64_append(&s, r,
1145 rr->generic.data, rr->generic.data_size,
1146 8, columns());
1147 if (r < 0)
1148 return NULL;
1149 break;
1150
1151 default:
1152 /* Format as documented in RFC 3597, Section 5 */
1153 if (rr->generic.data_size == 0)
1154 r = asprintf(&s, "%s \\# 0", k);
1155 else {
1156 t = hexmem(rr->generic.data, rr->generic.data_size);
1157 if (!t)
1158 return NULL;
1159 r = asprintf(&s, "%s \\# %zu %s", k, rr->generic.data_size, t);
1160 }
1161 if (r < 0)
1162 return NULL;
1163 break;
1164 }
1165
1166 rr->to_string = s;
1167 return TAKE_PTR(s);
1168 }
1169
1170 ssize_t dns_resource_record_payload(DnsResourceRecord *rr, void **out) {
1171 assert(rr);
1172 assert(out);
1173
1174 switch (rr->unparsable ? _DNS_TYPE_INVALID : rr->key->type) {
1175 case DNS_TYPE_SRV:
1176 case DNS_TYPE_PTR:
1177 case DNS_TYPE_NS:
1178 case DNS_TYPE_CNAME:
1179 case DNS_TYPE_DNAME:
1180 case DNS_TYPE_HINFO:
1181 case DNS_TYPE_SPF:
1182 case DNS_TYPE_TXT:
1183 case DNS_TYPE_A:
1184 case DNS_TYPE_AAAA:
1185 case DNS_TYPE_SOA:
1186 case DNS_TYPE_MX:
1187 case DNS_TYPE_LOC:
1188 case DNS_TYPE_DS:
1189 case DNS_TYPE_DNSKEY:
1190 case DNS_TYPE_RRSIG:
1191 case DNS_TYPE_NSEC:
1192 case DNS_TYPE_NSEC3:
1193 return -EINVAL;
1194
1195 case DNS_TYPE_SSHFP:
1196 *out = rr->sshfp.fingerprint;
1197 return rr->sshfp.fingerprint_size;
1198
1199 case DNS_TYPE_TLSA:
1200 *out = rr->tlsa.data;
1201 return rr->tlsa.data_size;
1202
1203 case DNS_TYPE_OPENPGPKEY:
1204 default:
1205 *out = rr->generic.data;
1206 return rr->generic.data_size;
1207 }
1208 }
1209
1210 int dns_resource_record_to_wire_format(DnsResourceRecord *rr, bool canonical) {
1211
1212 _cleanup_(dns_packet_unref) DnsPacket packet = {
1213 .n_ref = 1,
1214 .protocol = DNS_PROTOCOL_DNS,
1215 .on_stack = true,
1216 .refuse_compression = true,
1217 .canonical_form = canonical,
1218 };
1219
1220 size_t start, rds;
1221 int r;
1222
1223 assert(rr);
1224
1225 /* Generates the RR in wire-format, optionally in the
1226 * canonical form as discussed in the DNSSEC RFC 4034, Section
1227 * 6.2. We allocate a throw-away DnsPacket object on the stack
1228 * here, because we need some book-keeping for memory
1229 * management, and can reuse the DnsPacket serializer, that
1230 * can generate the canonical form, too, but also knows label
1231 * compression and suchlike. */
1232
1233 if (rr->wire_format && rr->wire_format_canonical == canonical)
1234 return 0;
1235
1236 r = dns_packet_append_rr(&packet, rr, 0, &start, &rds);
1237 if (r < 0)
1238 return r;
1239
1240 assert(start == 0);
1241 assert(packet._data);
1242
1243 free(rr->wire_format);
1244 rr->wire_format = TAKE_PTR(packet._data);
1245 rr->wire_format_size = packet.size;
1246 rr->wire_format_rdata_offset = rds;
1247 rr->wire_format_canonical = canonical;
1248
1249 return 0;
1250 }
1251
1252 int dns_resource_record_signer(DnsResourceRecord *rr, const char **ret) {
1253 const char *n;
1254 int r;
1255
1256 assert(rr);
1257 assert(ret);
1258
1259 /* Returns the RRset's signer, if it is known. */
1260
1261 if (rr->n_skip_labels_signer == UINT8_MAX)
1262 return -ENODATA;
1263
1264 n = dns_resource_key_name(rr->key);
1265 r = dns_name_skip(n, rr->n_skip_labels_signer, &n);
1266 if (r < 0)
1267 return r;
1268 if (r == 0)
1269 return -EINVAL;
1270
1271 *ret = n;
1272 return 0;
1273 }
1274
1275 int dns_resource_record_source(DnsResourceRecord *rr, const char **ret) {
1276 const char *n;
1277 int r;
1278
1279 assert(rr);
1280 assert(ret);
1281
1282 /* Returns the RRset's synthesizing source, if it is known. */
1283
1284 if (rr->n_skip_labels_source == UINT8_MAX)
1285 return -ENODATA;
1286
1287 n = dns_resource_key_name(rr->key);
1288 r = dns_name_skip(n, rr->n_skip_labels_source, &n);
1289 if (r < 0)
1290 return r;
1291 if (r == 0)
1292 return -EINVAL;
1293
1294 *ret = n;
1295 return 0;
1296 }
1297
1298 int dns_resource_record_is_signer(DnsResourceRecord *rr, const char *zone) {
1299 const char *signer;
1300 int r;
1301
1302 assert(rr);
1303
1304 r = dns_resource_record_signer(rr, &signer);
1305 if (r < 0)
1306 return r;
1307
1308 return dns_name_equal(zone, signer);
1309 }
1310
1311 int dns_resource_record_is_synthetic(DnsResourceRecord *rr) {
1312 int r;
1313
1314 assert(rr);
1315
1316 /* Returns > 0 if the RR is generated from a wildcard, and is not the asterisk name itself */
1317
1318 if (rr->n_skip_labels_source == UINT8_MAX)
1319 return -ENODATA;
1320
1321 if (rr->n_skip_labels_source == 0)
1322 return 0;
1323
1324 if (rr->n_skip_labels_source > 1)
1325 return 1;
1326
1327 r = dns_name_startswith(dns_resource_key_name(rr->key), "*");
1328 if (r < 0)
1329 return r;
1330
1331 return !r;
1332 }
1333
1334 void dns_resource_record_hash_func(const DnsResourceRecord *rr, struct siphash *state) {
1335 assert(rr);
1336
1337 dns_resource_key_hash_func(rr->key, state);
1338
1339 switch (rr->unparsable ? _DNS_TYPE_INVALID : rr->key->type) {
1340
1341 case DNS_TYPE_SRV:
1342 siphash24_compress_typesafe(rr->srv.priority, state);
1343 siphash24_compress_typesafe(rr->srv.weight, state);
1344 siphash24_compress_typesafe(rr->srv.port, state);
1345 dns_name_hash_func(rr->srv.name, state);
1346 break;
1347
1348 case DNS_TYPE_PTR:
1349 case DNS_TYPE_NS:
1350 case DNS_TYPE_CNAME:
1351 case DNS_TYPE_DNAME:
1352 dns_name_hash_func(rr->ptr.name, state);
1353 break;
1354
1355 case DNS_TYPE_HINFO:
1356 string_hash_func(rr->hinfo.cpu, state);
1357 string_hash_func(rr->hinfo.os, state);
1358 break;
1359
1360 case DNS_TYPE_TXT:
1361 case DNS_TYPE_SPF: {
1362 LIST_FOREACH(items, j, rr->txt.items) {
1363 siphash24_compress_safe(j->data, j->length, state);
1364
1365 /* Add an extra NUL byte, so that "a" followed by "b" doesn't result in the same hash as "ab"
1366 * followed by "". */
1367 siphash24_compress_byte(0, state);
1368 }
1369 break;
1370 }
1371
1372 case DNS_TYPE_A:
1373 siphash24_compress_typesafe(rr->a.in_addr, state);
1374 break;
1375
1376 case DNS_TYPE_AAAA:
1377 siphash24_compress_typesafe(rr->aaaa.in6_addr, state);
1378 break;
1379
1380 case DNS_TYPE_SOA:
1381 dns_name_hash_func(rr->soa.mname, state);
1382 dns_name_hash_func(rr->soa.rname, state);
1383 siphash24_compress_typesafe(rr->soa.serial, state);
1384 siphash24_compress_typesafe(rr->soa.refresh, state);
1385 siphash24_compress_typesafe(rr->soa.retry, state);
1386 siphash24_compress_typesafe(rr->soa.expire, state);
1387 siphash24_compress_typesafe(rr->soa.minimum, state);
1388 break;
1389
1390 case DNS_TYPE_MX:
1391 siphash24_compress_typesafe(rr->mx.priority, state);
1392 dns_name_hash_func(rr->mx.exchange, state);
1393 break;
1394
1395 case DNS_TYPE_LOC:
1396 siphash24_compress_typesafe(rr->loc.version, state);
1397 siphash24_compress_typesafe(rr->loc.size, state);
1398 siphash24_compress_typesafe(rr->loc.horiz_pre, state);
1399 siphash24_compress_typesafe(rr->loc.vert_pre, state);
1400 siphash24_compress_typesafe(rr->loc.latitude, state);
1401 siphash24_compress_typesafe(rr->loc.longitude, state);
1402 siphash24_compress_typesafe(rr->loc.altitude, state);
1403 break;
1404
1405 case DNS_TYPE_SSHFP:
1406 siphash24_compress_typesafe(rr->sshfp.algorithm, state);
1407 siphash24_compress_typesafe(rr->sshfp.fptype, state);
1408 siphash24_compress_safe(rr->sshfp.fingerprint, rr->sshfp.fingerprint_size, state);
1409 break;
1410
1411 case DNS_TYPE_DNSKEY:
1412 siphash24_compress_typesafe(rr->dnskey.flags, state);
1413 siphash24_compress_typesafe(rr->dnskey.protocol, state);
1414 siphash24_compress_typesafe(rr->dnskey.algorithm, state);
1415 siphash24_compress_safe(rr->dnskey.key, rr->dnskey.key_size, state);
1416 break;
1417
1418 case DNS_TYPE_RRSIG:
1419 siphash24_compress_typesafe(rr->rrsig.type_covered, state);
1420 siphash24_compress_typesafe(rr->rrsig.algorithm, state);
1421 siphash24_compress_typesafe(rr->rrsig.labels, state);
1422 siphash24_compress_typesafe(rr->rrsig.original_ttl, state);
1423 siphash24_compress_typesafe(rr->rrsig.expiration, state);
1424 siphash24_compress_typesafe(rr->rrsig.inception, state);
1425 siphash24_compress_typesafe(rr->rrsig.key_tag, state);
1426 dns_name_hash_func(rr->rrsig.signer, state);
1427 siphash24_compress_safe(rr->rrsig.signature, rr->rrsig.signature_size, state);
1428 break;
1429
1430 case DNS_TYPE_NSEC:
1431 dns_name_hash_func(rr->nsec.next_domain_name, state);
1432 /* FIXME: we leave out the type bitmap here. Hash
1433 * would be better if we'd take it into account
1434 * too. */
1435 break;
1436
1437 case DNS_TYPE_DS:
1438 siphash24_compress_typesafe(rr->ds.key_tag, state);
1439 siphash24_compress_typesafe(rr->ds.algorithm, state);
1440 siphash24_compress_typesafe(rr->ds.digest_type, state);
1441 siphash24_compress_safe(rr->ds.digest, rr->ds.digest_size, state);
1442 break;
1443
1444 case DNS_TYPE_NSEC3:
1445 siphash24_compress_typesafe(rr->nsec3.algorithm, state);
1446 siphash24_compress_typesafe(rr->nsec3.flags, state);
1447 siphash24_compress_typesafe(rr->nsec3.iterations, state);
1448 siphash24_compress_safe(rr->nsec3.salt, rr->nsec3.salt_size, state);
1449 siphash24_compress_safe(rr->nsec3.next_hashed_name, rr->nsec3.next_hashed_name_size, state);
1450 /* FIXME: We leave the bitmaps out */
1451 break;
1452
1453 case DNS_TYPE_TLSA:
1454 siphash24_compress_typesafe(rr->tlsa.cert_usage, state);
1455 siphash24_compress_typesafe(rr->tlsa.selector, state);
1456 siphash24_compress_typesafe(rr->tlsa.matching_type, state);
1457 siphash24_compress_safe(rr->tlsa.data, rr->tlsa.data_size, state);
1458 break;
1459
1460 case DNS_TYPE_SVCB:
1461 case DNS_TYPE_HTTPS:
1462 dns_name_hash_func(rr->svcb.target_name, state);
1463 siphash24_compress_typesafe(rr->svcb.priority, state);
1464 LIST_FOREACH(params, j, rr->svcb.params) {
1465 siphash24_compress_typesafe(j->key, state);
1466 siphash24_compress_safe(j->value, j->length, state);
1467 }
1468 break;
1469
1470 case DNS_TYPE_CAA:
1471 siphash24_compress_typesafe(rr->caa.flags, state);
1472 string_hash_func(rr->caa.tag, state);
1473 siphash24_compress_safe(rr->caa.value, rr->caa.value_size, state);
1474 break;
1475
1476 case DNS_TYPE_OPENPGPKEY:
1477 default:
1478 siphash24_compress_safe(rr->generic.data, rr->generic.data_size, state);
1479 break;
1480 }
1481 }
1482
1483 int dns_resource_record_compare_func(const DnsResourceRecord *x, const DnsResourceRecord *y) {
1484 int r;
1485
1486 r = dns_resource_key_compare_func(x->key, y->key);
1487 if (r != 0)
1488 return r;
1489
1490 if (dns_resource_record_payload_equal(x, y) > 0)
1491 return 0;
1492
1493 /* We still use CMP() here, even though don't implement proper
1494 * ordering, since the hashtable doesn't need ordering anyway. */
1495 return CMP(x, y);
1496 }
1497
1498 DEFINE_HASH_OPS(dns_resource_record_hash_ops, DnsResourceRecord, dns_resource_record_hash_func, dns_resource_record_compare_func);
1499
1500 DnsResourceRecord *dns_resource_record_copy(DnsResourceRecord *rr) {
1501 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *copy = NULL;
1502 DnsResourceRecord *t;
1503
1504 assert(rr);
1505
1506 copy = dns_resource_record_new(rr->key);
1507 if (!copy)
1508 return NULL;
1509
1510 copy->ttl = rr->ttl;
1511 copy->expiry = rr->expiry;
1512 copy->n_skip_labels_signer = rr->n_skip_labels_signer;
1513 copy->n_skip_labels_source = rr->n_skip_labels_source;
1514 copy->unparsable = rr->unparsable;
1515
1516 switch (rr->unparsable ? _DNS_TYPE_INVALID : rr->key->type) {
1517
1518 case DNS_TYPE_SRV:
1519 copy->srv.priority = rr->srv.priority;
1520 copy->srv.weight = rr->srv.weight;
1521 copy->srv.port = rr->srv.port;
1522 copy->srv.name = strdup(rr->srv.name);
1523 if (!copy->srv.name)
1524 return NULL;
1525 break;
1526
1527 case DNS_TYPE_PTR:
1528 case DNS_TYPE_NS:
1529 case DNS_TYPE_CNAME:
1530 case DNS_TYPE_DNAME:
1531 copy->ptr.name = strdup(rr->ptr.name);
1532 if (!copy->ptr.name)
1533 return NULL;
1534 break;
1535
1536 case DNS_TYPE_HINFO:
1537 copy->hinfo.cpu = strdup(rr->hinfo.cpu);
1538 if (!copy->hinfo.cpu)
1539 return NULL;
1540
1541 copy->hinfo.os = strdup(rr->hinfo.os);
1542 if (!copy->hinfo.os)
1543 return NULL;
1544 break;
1545
1546 case DNS_TYPE_TXT:
1547 case DNS_TYPE_SPF:
1548 copy->txt.items = dns_txt_item_copy(rr->txt.items);
1549 if (!copy->txt.items)
1550 return NULL;
1551 break;
1552
1553 case DNS_TYPE_A:
1554 copy->a = rr->a;
1555 break;
1556
1557 case DNS_TYPE_AAAA:
1558 copy->aaaa = rr->aaaa;
1559 break;
1560
1561 case DNS_TYPE_SOA:
1562 copy->soa.mname = strdup(rr->soa.mname);
1563 if (!copy->soa.mname)
1564 return NULL;
1565 copy->soa.rname = strdup(rr->soa.rname);
1566 if (!copy->soa.rname)
1567 return NULL;
1568 copy->soa.serial = rr->soa.serial;
1569 copy->soa.refresh = rr->soa.refresh;
1570 copy->soa.retry = rr->soa.retry;
1571 copy->soa.expire = rr->soa.expire;
1572 copy->soa.minimum = rr->soa.minimum;
1573 break;
1574
1575 case DNS_TYPE_MX:
1576 copy->mx.priority = rr->mx.priority;
1577 copy->mx.exchange = strdup(rr->mx.exchange);
1578 if (!copy->mx.exchange)
1579 return NULL;
1580 break;
1581
1582 case DNS_TYPE_LOC:
1583 copy->loc = rr->loc;
1584 break;
1585
1586 case DNS_TYPE_SSHFP:
1587 copy->sshfp.algorithm = rr->sshfp.algorithm;
1588 copy->sshfp.fptype = rr->sshfp.fptype;
1589 copy->sshfp.fingerprint = memdup(rr->sshfp.fingerprint, rr->sshfp.fingerprint_size);
1590 if (!copy->sshfp.fingerprint)
1591 return NULL;
1592 copy->sshfp.fingerprint_size = rr->sshfp.fingerprint_size;
1593 break;
1594
1595 case DNS_TYPE_DNSKEY:
1596 copy->dnskey.flags = rr->dnskey.flags;
1597 copy->dnskey.protocol = rr->dnskey.protocol;
1598 copy->dnskey.algorithm = rr->dnskey.algorithm;
1599 copy->dnskey.key = memdup(rr->dnskey.key, rr->dnskey.key_size);
1600 if (!copy->dnskey.key)
1601 return NULL;
1602 copy->dnskey.key_size = rr->dnskey.key_size;
1603 break;
1604
1605 case DNS_TYPE_RRSIG:
1606 copy->rrsig.type_covered = rr->rrsig.type_covered;
1607 copy->rrsig.algorithm = rr->rrsig.algorithm;
1608 copy->rrsig.labels = rr->rrsig.labels;
1609 copy->rrsig.original_ttl = rr->rrsig.original_ttl;
1610 copy->rrsig.expiration = rr->rrsig.expiration;
1611 copy->rrsig.inception = rr->rrsig.inception;
1612 copy->rrsig.key_tag = rr->rrsig.key_tag;
1613 copy->rrsig.signer = strdup(rr->rrsig.signer);
1614 if (!copy->rrsig.signer)
1615 return NULL;
1616 copy->rrsig.signature = memdup(rr->rrsig.signature, rr->rrsig.signature_size);
1617 if (!copy->rrsig.signature)
1618 return NULL;
1619 copy->rrsig.signature_size = rr->rrsig.signature_size;
1620 break;
1621
1622 case DNS_TYPE_NSEC:
1623 copy->nsec.next_domain_name = strdup(rr->nsec.next_domain_name);
1624 if (!copy->nsec.next_domain_name)
1625 return NULL;
1626 if (rr->nsec.types) {
1627 copy->nsec.types = bitmap_copy(rr->nsec.types);
1628 if (!copy->nsec.types)
1629 return NULL;
1630 }
1631 break;
1632
1633 case DNS_TYPE_DS:
1634 copy->ds.key_tag = rr->ds.key_tag;
1635 copy->ds.algorithm = rr->ds.algorithm;
1636 copy->ds.digest_type = rr->ds.digest_type;
1637 copy->ds.digest = memdup(rr->ds.digest, rr->ds.digest_size);
1638 if (!copy->ds.digest)
1639 return NULL;
1640 copy->ds.digest_size = rr->ds.digest_size;
1641 break;
1642
1643 case DNS_TYPE_NSEC3:
1644 copy->nsec3.algorithm = rr->nsec3.algorithm;
1645 copy->nsec3.flags = rr->nsec3.flags;
1646 copy->nsec3.iterations = rr->nsec3.iterations;
1647 copy->nsec3.salt = memdup(rr->nsec3.salt, rr->nsec3.salt_size);
1648 if (!copy->nsec3.salt)
1649 return NULL;
1650 copy->nsec3.salt_size = rr->nsec3.salt_size;
1651 copy->nsec3.next_hashed_name = memdup(rr->nsec3.next_hashed_name, rr->nsec3.next_hashed_name_size);
1652 if (!copy->nsec3.next_hashed_name)
1653 return NULL;
1654 copy->nsec3.next_hashed_name_size = rr->nsec3.next_hashed_name_size;
1655 if (rr->nsec3.types) {
1656 copy->nsec3.types = bitmap_copy(rr->nsec3.types);
1657 if (!copy->nsec3.types)
1658 return NULL;
1659 }
1660 break;
1661
1662 case DNS_TYPE_TLSA:
1663 copy->tlsa.cert_usage = rr->tlsa.cert_usage;
1664 copy->tlsa.selector = rr->tlsa.selector;
1665 copy->tlsa.matching_type = rr->tlsa.matching_type;
1666 copy->tlsa.data = memdup(rr->tlsa.data, rr->tlsa.data_size);
1667 if (!copy->tlsa.data)
1668 return NULL;
1669 copy->tlsa.data_size = rr->tlsa.data_size;
1670 break;
1671
1672 case DNS_TYPE_CAA:
1673 copy->caa.flags = rr->caa.flags;
1674 copy->caa.tag = strdup(rr->caa.tag);
1675 if (!copy->caa.tag)
1676 return NULL;
1677 copy->caa.value = memdup(rr->caa.value, rr->caa.value_size);
1678 if (!copy->caa.value)
1679 return NULL;
1680 copy->caa.value_size = rr->caa.value_size;
1681 break;
1682
1683 case DNS_TYPE_SVCB:
1684 case DNS_TYPE_HTTPS:
1685 copy->svcb.priority = rr->svcb.priority;
1686 copy->svcb.target_name = strdup(rr->svcb.target_name);
1687 if (!copy->svcb.target_name)
1688 return NULL;
1689 copy->svcb.params = dns_svc_params_copy(rr->svcb.params);
1690 if (rr->svcb.params && !copy->svcb.params)
1691 return NULL;
1692 break;
1693
1694 case DNS_TYPE_OPT:
1695 default:
1696 copy->generic.data = memdup(rr->generic.data, rr->generic.data_size);
1697 if (!copy->generic.data)
1698 return NULL;
1699 copy->generic.data_size = rr->generic.data_size;
1700 break;
1701 }
1702
1703 t = TAKE_PTR(copy);
1704
1705 return t;
1706 }
1707
1708 int dns_resource_record_clamp_ttl(DnsResourceRecord **rr, uint32_t max_ttl) {
1709 DnsResourceRecord *old_rr, *new_rr;
1710 uint32_t new_ttl;
1711
1712 assert(rr);
1713 old_rr = *rr;
1714
1715 if (old_rr->key->type == DNS_TYPE_OPT)
1716 return -EINVAL;
1717
1718 new_ttl = MIN(old_rr->ttl, max_ttl);
1719 if (new_ttl == old_rr->ttl)
1720 return 0;
1721
1722 if (old_rr->n_ref == 1) {
1723 /* Patch in place */
1724 old_rr->ttl = new_ttl;
1725 return 1;
1726 }
1727
1728 new_rr = dns_resource_record_copy(old_rr);
1729 if (!new_rr)
1730 return -ENOMEM;
1731
1732 new_rr->ttl = new_ttl;
1733
1734 DNS_RR_REPLACE(*rr, new_rr);
1735 return 1;
1736 }
1737
1738 bool dns_resource_record_is_link_local_address(DnsResourceRecord *rr) {
1739 assert(rr);
1740
1741 if (rr->key->class != DNS_CLASS_IN)
1742 return false;
1743
1744 if (rr->key->type == DNS_TYPE_A)
1745 return in4_addr_is_link_local(&rr->a.in_addr);
1746
1747 if (rr->key->type == DNS_TYPE_AAAA)
1748 return in6_addr_is_link_local(&rr->aaaa.in6_addr);
1749
1750 return false;
1751 }
1752
1753 int dns_resource_record_get_cname_target(DnsResourceKey *key, DnsResourceRecord *cname, char **ret) {
1754 _cleanup_free_ char *d = NULL;
1755 int r;
1756
1757 assert(key);
1758 assert(cname);
1759
1760 /* Checks if the RR `cname` is a CNAME/DNAME RR that matches the specified `key`. If so, returns the
1761 * target domain. If not, returns -EUNATCH */
1762
1763 if (key->class != cname->key->class && key->class != DNS_CLASS_ANY)
1764 return -EUNATCH;
1765
1766 if (!dns_type_may_redirect(key->type)) /* This key type is not subject to CNAME/DNAME redirection?
1767 * Then let's refuse right-away */
1768 return -EUNATCH;
1769
1770 if (cname->key->type == DNS_TYPE_CNAME) {
1771 r = dns_name_equal(dns_resource_key_name(key),
1772 dns_resource_key_name(cname->key));
1773 if (r < 0)
1774 return r;
1775 if (r == 0)
1776 return -EUNATCH; /* CNAME RR key doesn't actually match the original key */
1777
1778 d = strdup(cname->cname.name);
1779 if (!d)
1780 return -ENOMEM;
1781
1782 } else if (cname->key->type == DNS_TYPE_DNAME) {
1783
1784 r = dns_name_change_suffix(
1785 dns_resource_key_name(key),
1786 dns_resource_key_name(cname->key),
1787 cname->dname.name,
1788 &d);
1789 if (r < 0)
1790 return r;
1791 if (r == 0)
1792 return -EUNATCH; /* DNAME RR key doesn't actually match the original key */
1793
1794 } else
1795 return -EUNATCH; /* Not a CNAME/DNAME RR, hence doesn't match the proposition either */
1796
1797 *ret = TAKE_PTR(d);
1798 return 0;
1799 }
1800
1801 DnsTxtItem *dns_txt_item_free_all(DnsTxtItem *first) {
1802 LIST_FOREACH(items, i, first)
1803 free(i);
1804
1805 return NULL;
1806 }
1807
1808 DnsSvcParam *dns_svc_param_free_all(DnsSvcParam *first) {
1809 LIST_FOREACH(params, i, first)
1810 free(i);
1811
1812 return NULL;
1813 }
1814
1815 bool dns_txt_item_equal(DnsTxtItem *a, DnsTxtItem *b) {
1816 DnsTxtItem *bb = b;
1817
1818 if (a == b)
1819 return true;
1820
1821 LIST_FOREACH(items, aa, a) {
1822 if (!bb)
1823 return false;
1824
1825 if (memcmp_nn(aa->data, aa->length, bb->data, bb->length) != 0)
1826 return false;
1827
1828 bb = bb->items_next;
1829 }
1830
1831 return !bb;
1832 }
1833
1834 DnsTxtItem *dns_txt_item_copy(DnsTxtItem *first) {
1835 DnsTxtItem *copy = NULL, *end = NULL;
1836
1837 LIST_FOREACH(items, i, first) {
1838 DnsTxtItem *j;
1839
1840 j = memdup(i, offsetof(DnsTxtItem, data) + i->length + 1);
1841 if (!j)
1842 return dns_txt_item_free_all(copy);
1843
1844 LIST_INSERT_AFTER(items, copy, end, j);
1845 end = j;
1846 }
1847
1848 return copy;
1849 }
1850
1851 bool dns_svc_params_equal(DnsSvcParam *a, DnsSvcParam *b) {
1852 DnsSvcParam *bb = b;
1853
1854 if (a == b)
1855 return true;
1856
1857 LIST_FOREACH(params, aa, a) {
1858 if (!bb)
1859 return false;
1860
1861 if (aa->key != bb->key)
1862 return false;
1863
1864 if (memcmp_nn(aa->value, aa->length, bb->value, bb->length) != 0)
1865 return false;
1866
1867 bb = bb->params_next;
1868 }
1869
1870 return !bb;
1871 }
1872
1873 DnsSvcParam *dns_svc_params_copy(DnsSvcParam *first) {
1874 DnsSvcParam *copy = NULL, *end = NULL;
1875
1876 LIST_FOREACH(params, i, first) {
1877 DnsSvcParam *j;
1878
1879 j = memdup(i, offsetof(DnsSvcParam, value) + i->length);
1880 if (!j)
1881 return dns_svc_param_free_all(copy);
1882
1883 LIST_INSERT_AFTER(params, copy, end, j);
1884 end = j;
1885 }
1886
1887 return copy;
1888 }
1889
1890 int dns_txt_item_new_empty(DnsTxtItem **ret) {
1891 DnsTxtItem *i;
1892
1893 assert(ret);
1894
1895 /* RFC 6763, section 6.1 suggests to treat
1896 * empty TXT RRs as equivalent to a TXT record
1897 * with a single empty string. */
1898
1899 i = malloc0(offsetof(DnsTxtItem, data) + 1); /* for safety reasons we add an extra NUL byte */
1900 if (!i)
1901 return -ENOMEM;
1902
1903 *ret = i;
1904 return 0;
1905 }
1906
1907 int dns_resource_record_new_from_raw(DnsResourceRecord **ret, const void *data, size_t size) {
1908 _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
1909 int r;
1910
1911 r = dns_packet_new(&p, DNS_PROTOCOL_DNS, 0, DNS_PACKET_SIZE_MAX);
1912 if (r < 0)
1913 return r;
1914
1915 p->refuse_compression = true;
1916
1917 r = dns_packet_append_blob(p, data, size, NULL);
1918 if (r < 0)
1919 return r;
1920
1921 return dns_packet_read_rr(p, ret, NULL, NULL);
1922 }
1923
1924 int dns_resource_key_to_json(DnsResourceKey *key, JsonVariant **ret) {
1925 assert(key);
1926 assert(ret);
1927
1928 return json_build(ret,
1929 JSON_BUILD_OBJECT(
1930 JSON_BUILD_PAIR("class", JSON_BUILD_INTEGER(key->class)),
1931 JSON_BUILD_PAIR("type", JSON_BUILD_INTEGER(key->type)),
1932 JSON_BUILD_PAIR("name", JSON_BUILD_STRING(dns_resource_key_name(key)))));
1933 }
1934
1935 int dns_resource_key_from_json(JsonVariant *v, DnsResourceKey **ret) {
1936 _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL;
1937 uint16_t type = 0, class = 0;
1938 const char *name = NULL;
1939 int r;
1940
1941 JsonDispatch dispatch_table[] = {
1942 { "class", _JSON_VARIANT_TYPE_INVALID, json_dispatch_uint16, PTR_TO_SIZE(&class), JSON_MANDATORY },
1943 { "type", _JSON_VARIANT_TYPE_INVALID, json_dispatch_uint16, PTR_TO_SIZE(&type), JSON_MANDATORY },
1944 { "name", JSON_VARIANT_STRING, json_dispatch_const_string, PTR_TO_SIZE(&name), JSON_MANDATORY },
1945 {}
1946 };
1947
1948 assert(v);
1949 assert(ret);
1950
1951 r = json_dispatch(v, dispatch_table, 0, NULL);
1952 if (r < 0)
1953 return r;
1954
1955 key = dns_resource_key_new(class, type, name);
1956 if (!key)
1957 return -ENOMEM;
1958
1959 *ret = TAKE_PTR(key);
1960 return 0;
1961 }
1962
1963 static int type_bitmap_to_json(Bitmap *b, JsonVariant **ret) {
1964 _cleanup_(json_variant_unrefp) JsonVariant *l = NULL;
1965 unsigned t;
1966 int r;
1967
1968 assert(ret);
1969
1970 BITMAP_FOREACH(t, b) {
1971 _cleanup_(json_variant_unrefp) JsonVariant *v = NULL;
1972
1973 r = json_variant_new_unsigned(&v, t);
1974 if (r < 0)
1975 return r;
1976
1977 r = json_variant_append_array(&l, v);
1978 if (r < 0)
1979 return r;
1980 }
1981
1982 if (!l)
1983 return json_variant_new_array(ret, NULL, 0);
1984
1985 *ret = TAKE_PTR(l);
1986 return 0;
1987 }
1988
1989 static int txt_to_json(DnsTxtItem *items, JsonVariant **ret) {
1990 JsonVariant **elements = NULL;
1991 size_t n = 0;
1992 int r;
1993
1994 assert(ret);
1995
1996 LIST_FOREACH(items, i, items) {
1997 if (!GREEDY_REALLOC(elements, n + 1)) {
1998 r = -ENOMEM;
1999 goto finalize;
2000 }
2001
2002 r = json_variant_new_octescape(elements + n, i->data, i->length);
2003 if (r < 0)
2004 goto finalize;
2005
2006 n++;
2007 }
2008
2009 r = json_variant_new_array(ret, elements, n);
2010
2011 finalize:
2012 for (size_t i = 0; i < n; i++)
2013 json_variant_unref(elements[i]);
2014
2015 free(elements);
2016 return r;
2017 }
2018
2019 int dns_resource_record_to_json(DnsResourceRecord *rr, JsonVariant **ret) {
2020 _cleanup_(json_variant_unrefp) JsonVariant *k = NULL;
2021 int r;
2022
2023 assert(rr);
2024 assert(ret);
2025
2026 r = dns_resource_key_to_json(rr->key, &k);
2027 if (r < 0)
2028 return r;
2029
2030 switch (rr->unparsable ? _DNS_TYPE_INVALID : rr->key->type) {
2031
2032 case DNS_TYPE_SRV:
2033 return json_build(ret,
2034 JSON_BUILD_OBJECT(
2035 JSON_BUILD_PAIR("key", JSON_BUILD_VARIANT(k)),
2036 JSON_BUILD_PAIR("priority", JSON_BUILD_UNSIGNED(rr->srv.priority)),
2037 JSON_BUILD_PAIR("weight", JSON_BUILD_UNSIGNED(rr->srv.weight)),
2038 JSON_BUILD_PAIR("port", JSON_BUILD_UNSIGNED(rr->srv.port)),
2039 JSON_BUILD_PAIR("name", JSON_BUILD_STRING(rr->srv.name))));
2040
2041 case DNS_TYPE_PTR:
2042 case DNS_TYPE_NS:
2043 case DNS_TYPE_CNAME:
2044 case DNS_TYPE_DNAME:
2045 return json_build(ret,
2046 JSON_BUILD_OBJECT(
2047 JSON_BUILD_PAIR("key", JSON_BUILD_VARIANT(k)),
2048 JSON_BUILD_PAIR("name", JSON_BUILD_STRING(rr->ptr.name))));
2049
2050 case DNS_TYPE_HINFO:
2051 return json_build(ret,
2052 JSON_BUILD_OBJECT(
2053 JSON_BUILD_PAIR("key", JSON_BUILD_VARIANT(k)),
2054 JSON_BUILD_PAIR("cpu", JSON_BUILD_STRING(rr->hinfo.cpu)),
2055 JSON_BUILD_PAIR("os", JSON_BUILD_STRING(rr->hinfo.os))));
2056
2057 case DNS_TYPE_SPF:
2058 case DNS_TYPE_TXT: {
2059 _cleanup_(json_variant_unrefp) JsonVariant *l = NULL;
2060
2061 r = txt_to_json(rr->txt.items, &l);
2062 if (r < 0)
2063 return r;
2064
2065 return json_build(ret,
2066 JSON_BUILD_OBJECT(
2067 JSON_BUILD_PAIR("key", JSON_BUILD_VARIANT(k)),
2068 JSON_BUILD_PAIR("items", JSON_BUILD_VARIANT(l))));
2069 }
2070
2071 case DNS_TYPE_A:
2072 return json_build(ret,
2073 JSON_BUILD_OBJECT(
2074 JSON_BUILD_PAIR("key", JSON_BUILD_VARIANT(k)),
2075 JSON_BUILD_PAIR("address", JSON_BUILD_IN4_ADDR(&rr->a.in_addr))));
2076
2077 case DNS_TYPE_AAAA:
2078 return json_build(ret,
2079 JSON_BUILD_OBJECT(
2080 JSON_BUILD_PAIR("key", JSON_BUILD_VARIANT(k)),
2081 JSON_BUILD_PAIR("address", JSON_BUILD_IN6_ADDR(&rr->aaaa.in6_addr))));
2082
2083 case DNS_TYPE_SOA:
2084 return json_build(ret,
2085 JSON_BUILD_OBJECT(
2086 JSON_BUILD_PAIR("key", JSON_BUILD_VARIANT(k)),
2087 JSON_BUILD_PAIR("mname", JSON_BUILD_STRING(rr->soa.mname)),
2088 JSON_BUILD_PAIR("rname", JSON_BUILD_STRING(rr->soa.rname)),
2089 JSON_BUILD_PAIR("serial", JSON_BUILD_UNSIGNED(rr->soa.serial)),
2090 JSON_BUILD_PAIR("refresh", JSON_BUILD_UNSIGNED(rr->soa.refresh)),
2091 JSON_BUILD_PAIR("expire", JSON_BUILD_UNSIGNED(rr->soa.retry)),
2092 JSON_BUILD_PAIR("minimum", JSON_BUILD_UNSIGNED(rr->soa.minimum))));
2093
2094 case DNS_TYPE_MX:
2095 return json_build(ret,
2096 JSON_BUILD_OBJECT(
2097 JSON_BUILD_PAIR("key", JSON_BUILD_VARIANT(k)),
2098 JSON_BUILD_PAIR("priority", JSON_BUILD_UNSIGNED(rr->mx.priority)),
2099 JSON_BUILD_PAIR("exchange", JSON_BUILD_STRING(rr->mx.exchange))));
2100 case DNS_TYPE_LOC:
2101 return json_build(ret,
2102 JSON_BUILD_OBJECT(
2103 JSON_BUILD_PAIR("key", JSON_BUILD_VARIANT(k)),
2104 JSON_BUILD_PAIR("version", JSON_BUILD_UNSIGNED(rr->loc.version)),
2105 JSON_BUILD_PAIR("size", JSON_BUILD_UNSIGNED(rr->loc.size)),
2106 JSON_BUILD_PAIR("horiz_pre", JSON_BUILD_UNSIGNED(rr->loc.horiz_pre)),
2107 JSON_BUILD_PAIR("vert_pre", JSON_BUILD_UNSIGNED(rr->loc.vert_pre)),
2108 JSON_BUILD_PAIR("latitude", JSON_BUILD_UNSIGNED(rr->loc.latitude)),
2109 JSON_BUILD_PAIR("longitude", JSON_BUILD_UNSIGNED(rr->loc.longitude)),
2110 JSON_BUILD_PAIR("altitude", JSON_BUILD_UNSIGNED(rr->loc.altitude))));
2111
2112 case DNS_TYPE_DS:
2113 return json_build(ret,
2114 JSON_BUILD_OBJECT(
2115 JSON_BUILD_PAIR("key", JSON_BUILD_VARIANT(k)),
2116 JSON_BUILD_PAIR("keyTag", JSON_BUILD_UNSIGNED(rr->ds.key_tag)),
2117 JSON_BUILD_PAIR("algorithm", JSON_BUILD_UNSIGNED(rr->ds.algorithm)),
2118 JSON_BUILD_PAIR("digestType", JSON_BUILD_UNSIGNED(rr->ds.digest_type)),
2119 JSON_BUILD_PAIR("digest", JSON_BUILD_HEX(rr->ds.digest, rr->ds.digest_size))));
2120
2121 case DNS_TYPE_SSHFP:
2122 return json_build(ret,
2123 JSON_BUILD_OBJECT(
2124 JSON_BUILD_PAIR("key", JSON_BUILD_VARIANT(k)),
2125 JSON_BUILD_PAIR("algorithm", JSON_BUILD_UNSIGNED(rr->sshfp.algorithm)),
2126 JSON_BUILD_PAIR("fptype", JSON_BUILD_UNSIGNED(rr->sshfp.fptype)),
2127 JSON_BUILD_PAIR("fingerprint", JSON_BUILD_HEX(rr->sshfp.fingerprint, rr->sshfp.fingerprint_size))));
2128
2129 case DNS_TYPE_DNSKEY:
2130 return json_build(ret,
2131 JSON_BUILD_OBJECT(
2132 JSON_BUILD_PAIR("key", JSON_BUILD_VARIANT(k)),
2133 JSON_BUILD_PAIR("flags", JSON_BUILD_UNSIGNED(rr->dnskey.flags)),
2134 JSON_BUILD_PAIR("protocol", JSON_BUILD_UNSIGNED(rr->dnskey.protocol)),
2135 JSON_BUILD_PAIR("algorithm", JSON_BUILD_UNSIGNED(rr->dnskey.algorithm)),
2136 JSON_BUILD_PAIR("dnskey", JSON_BUILD_BASE64(rr->dnskey.key, rr->dnskey.key_size))));
2137
2138
2139 case DNS_TYPE_RRSIG:
2140 return json_build(ret,
2141 JSON_BUILD_OBJECT(
2142 JSON_BUILD_PAIR("key", JSON_BUILD_VARIANT(k)),
2143 JSON_BUILD_PAIR("signer", JSON_BUILD_STRING(rr->rrsig.signer)),
2144 JSON_BUILD_PAIR("typeCovered", JSON_BUILD_UNSIGNED(rr->rrsig.type_covered)),
2145 JSON_BUILD_PAIR("algorithm", JSON_BUILD_UNSIGNED(rr->rrsig.algorithm)),
2146 JSON_BUILD_PAIR("labels", JSON_BUILD_UNSIGNED(rr->rrsig.labels)),
2147 JSON_BUILD_PAIR("originalTtl", JSON_BUILD_UNSIGNED(rr->rrsig.original_ttl)),
2148 JSON_BUILD_PAIR("expiration", JSON_BUILD_UNSIGNED(rr->rrsig.expiration)),
2149 JSON_BUILD_PAIR("inception", JSON_BUILD_UNSIGNED(rr->rrsig.inception)),
2150 JSON_BUILD_PAIR("keyTag", JSON_BUILD_UNSIGNED(rr->rrsig.key_tag)),
2151 JSON_BUILD_PAIR("signature", JSON_BUILD_BASE64(rr->rrsig.signature, rr->rrsig.signature_size))));
2152
2153 case DNS_TYPE_NSEC: {
2154 _cleanup_(json_variant_unrefp) JsonVariant *bm = NULL;
2155
2156 r = type_bitmap_to_json(rr->nsec.types, &bm);
2157 if (r < 0)
2158 return r;
2159
2160 return json_build(ret,
2161 JSON_BUILD_OBJECT(
2162 JSON_BUILD_PAIR("key", JSON_BUILD_VARIANT(k)),
2163 JSON_BUILD_PAIR("nextDomain", JSON_BUILD_STRING(rr->nsec.next_domain_name)),
2164 JSON_BUILD_PAIR("types", JSON_BUILD_VARIANT(bm))));
2165 }
2166
2167 case DNS_TYPE_NSEC3: {
2168 _cleanup_(json_variant_unrefp) JsonVariant *bm = NULL;
2169
2170 r = type_bitmap_to_json(rr->nsec3.types, &bm);
2171 if (r < 0)
2172 return r;
2173
2174 return json_build(ret,
2175 JSON_BUILD_OBJECT(
2176 JSON_BUILD_PAIR("key", JSON_BUILD_VARIANT(k)),
2177 JSON_BUILD_PAIR("algorithm", JSON_BUILD_UNSIGNED(rr->nsec3.algorithm)),
2178 JSON_BUILD_PAIR("flags", JSON_BUILD_UNSIGNED(rr->nsec3.flags)),
2179 JSON_BUILD_PAIR("iterations", JSON_BUILD_UNSIGNED(rr->nsec3.iterations)),
2180 JSON_BUILD_PAIR("salt", JSON_BUILD_HEX(rr->nsec3.salt, rr->nsec3.salt_size)),
2181 JSON_BUILD_PAIR("hash", JSON_BUILD_BASE32HEX(rr->nsec3.next_hashed_name, rr->nsec3.next_hashed_name_size)),
2182 JSON_BUILD_PAIR("types", JSON_BUILD_VARIANT(bm))));
2183 }
2184
2185 case DNS_TYPE_TLSA:
2186 return json_build(ret,
2187 JSON_BUILD_OBJECT(
2188 JSON_BUILD_PAIR("key", JSON_BUILD_VARIANT(k)),
2189 JSON_BUILD_PAIR("certUsage", JSON_BUILD_UNSIGNED(rr->tlsa.cert_usage)),
2190 JSON_BUILD_PAIR("selector", JSON_BUILD_UNSIGNED(rr->tlsa.selector)),
2191 JSON_BUILD_PAIR("matchingType", JSON_BUILD_UNSIGNED(rr->tlsa.matching_type)),
2192 JSON_BUILD_PAIR("data", JSON_BUILD_HEX(rr->tlsa.data, rr->tlsa.data_size))));
2193
2194 case DNS_TYPE_CAA:
2195 return json_build(ret,
2196 JSON_BUILD_OBJECT(
2197 JSON_BUILD_PAIR("key", JSON_BUILD_VARIANT(k)),
2198 JSON_BUILD_PAIR("flags", JSON_BUILD_UNSIGNED(rr->caa.flags)),
2199 JSON_BUILD_PAIR("tag", JSON_BUILD_STRING(rr->caa.tag)),
2200 JSON_BUILD_PAIR("value", JSON_BUILD_OCTESCAPE(rr->caa.value, rr->caa.value_size))));
2201
2202 default:
2203 /* Can't provide broken-down format */
2204 *ret = NULL;
2205 return 0;
2206 }
2207 }
2208
2209 static const char* const dnssec_algorithm_table[_DNSSEC_ALGORITHM_MAX_DEFINED] = {
2210 /* Mnemonics as listed on https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml */
2211 [DNSSEC_ALGORITHM_RSAMD5] = "RSAMD5",
2212 [DNSSEC_ALGORITHM_DH] = "DH",
2213 [DNSSEC_ALGORITHM_DSA] = "DSA",
2214 [DNSSEC_ALGORITHM_ECC] = "ECC",
2215 [DNSSEC_ALGORITHM_RSASHA1] = "RSASHA1",
2216 [DNSSEC_ALGORITHM_DSA_NSEC3_SHA1] = "DSA-NSEC3-SHA1",
2217 [DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1] = "RSASHA1-NSEC3-SHA1",
2218 [DNSSEC_ALGORITHM_RSASHA256] = "RSASHA256",
2219 [DNSSEC_ALGORITHM_RSASHA512] = "RSASHA512",
2220 [DNSSEC_ALGORITHM_ECC_GOST] = "ECC-GOST",
2221 [DNSSEC_ALGORITHM_ECDSAP256SHA256] = "ECDSAP256SHA256",
2222 [DNSSEC_ALGORITHM_ECDSAP384SHA384] = "ECDSAP384SHA384",
2223 [DNSSEC_ALGORITHM_ED25519] = "ED25519",
2224 [DNSSEC_ALGORITHM_ED448] = "ED448",
2225 [DNSSEC_ALGORITHM_INDIRECT] = "INDIRECT",
2226 [DNSSEC_ALGORITHM_PRIVATEDNS] = "PRIVATEDNS",
2227 [DNSSEC_ALGORITHM_PRIVATEOID] = "PRIVATEOID",
2228 };
2229 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(dnssec_algorithm, int, 255);
2230
2231 static const char* const dnssec_digest_table[_DNSSEC_DIGEST_MAX_DEFINED] = {
2232 /* Names as listed on https://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml */
2233 [DNSSEC_DIGEST_SHA1] = "SHA-1",
2234 [DNSSEC_DIGEST_SHA256] = "SHA-256",
2235 [DNSSEC_DIGEST_GOST_R_34_11_94] = "GOST_R_34.11-94",
2236 [DNSSEC_DIGEST_SHA384] = "SHA-384",
2237 };
2238 DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(dnssec_digest, int, 255);
Unnamed repository; edit this file 'description' to name the repository.