]>
Commit | Line | Data |
---|---|---|
74b2466e LP |
1 | #pragma once |
2 | ||
3 | /*** | |
4 | This file is part of systemd. | |
5 | ||
6 | Copyright 2014 Lennart Poettering | |
7 | ||
8 | systemd is free software; you can redistribute it and/or modify it | |
9 | under the terms of the GNU Lesser General Public License as published by | |
10 | the Free Software Foundation; either version 2.1 of the License, or | |
11 | (at your option) any later version. | |
12 | ||
13 | systemd is distributed in the hope that it will be useful, but | |
14 | WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU | |
16 | Lesser General Public License for more details. | |
17 | ||
18 | You should have received a copy of the GNU Lesser General Public License | |
19 | along with systemd; If not, see <http://www.gnu.org/licenses/>. | |
20 | ***/ | |
21 | ||
74b2466e LP |
22 | #include <netinet/in.h> |
23 | ||
50f1e641 | 24 | #include "bitmap.h" |
71d35b6b | 25 | #include "dns-type.h" |
322345fd | 26 | #include "hashmap.h" |
623a4c97 | 27 | #include "in-addr-util.h" |
2001c805 | 28 | #include "list.h" |
74b2466e LP |
29 | |
30 | typedef struct DnsResourceKey DnsResourceKey; | |
31 | typedef struct DnsResourceRecord DnsResourceRecord; | |
2001c805 | 32 | typedef struct DnsTxtItem DnsTxtItem; |
74b2466e | 33 | |
8730bccf | 34 | /* DNSKEY RR flags */ |
8730bccf | 35 | #define DNSKEY_FLAG_SEP (UINT16_C(1) << 0) |
28b8191e LP |
36 | #define DNSKEY_FLAG_REVOKE (UINT16_C(1) << 7) |
37 | #define DNSKEY_FLAG_ZONE_KEY (UINT16_C(1) << 8) | |
8730bccf | 38 | |
23502de3 DM |
39 | /* mDNS RR flags */ |
40 | #define MDNS_RR_CACHE_FLUSH (UINT16_C(1) << 15) | |
41 | ||
8730bccf LP |
42 | /* DNSSEC algorithm identifiers, see |
43 | * http://tools.ietf.org/html/rfc4034#appendix-A.1 and | |
44 | * https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml */ | |
45 | enum { | |
46 | DNSSEC_ALGORITHM_RSAMD5 = 1, | |
47 | DNSSEC_ALGORITHM_DH, | |
48 | DNSSEC_ALGORITHM_DSA, | |
49 | DNSSEC_ALGORITHM_ECC, | |
50 | DNSSEC_ALGORITHM_RSASHA1, | |
51 | DNSSEC_ALGORITHM_DSA_NSEC3_SHA1, | |
52 | DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1, | |
6f717d08 LP |
53 | DNSSEC_ALGORITHM_RSASHA256 = 8, /* RFC 5702 */ |
54 | DNSSEC_ALGORITHM_RSASHA512 = 10, /* RFC 5702 */ | |
55 | DNSSEC_ALGORITHM_ECC_GOST = 12, /* RFC 5933 */ | |
e0240c64 LP |
56 | DNSSEC_ALGORITHM_ECDSAP256SHA256 = 13, /* RFC 6605 */ |
57 | DNSSEC_ALGORITHM_ECDSAP384SHA384 = 14, /* RFC 6605 */ | |
8730bccf LP |
58 | DNSSEC_ALGORITHM_INDIRECT = 252, |
59 | DNSSEC_ALGORITHM_PRIVATEDNS, | |
60 | DNSSEC_ALGORITHM_PRIVATEOID, | |
61 | _DNSSEC_ALGORITHM_MAX_DEFINED | |
62 | }; | |
63 | ||
64 | /* DNSSEC digest identifiers, see | |
65 | * https://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml */ | |
66 | enum { | |
67 | DNSSEC_DIGEST_SHA1 = 1, | |
6f717d08 LP |
68 | DNSSEC_DIGEST_SHA256 = 2, /* RFC 4509 */ |
69 | DNSSEC_DIGEST_GOST_R_34_11_94 = 3, /* RFC 5933 */ | |
70 | DNSSEC_DIGEST_SHA384 = 4, /* RFC 6605 */ | |
8730bccf LP |
71 | _DNSSEC_DIGEST_MAX_DEFINED |
72 | }; | |
73 | ||
d15ad742 LP |
74 | /* DNSSEC NSEC3 hash algorithms, see |
75 | * https://www.iana.org/assignments/dnssec-nsec3-parameters/dnssec-nsec3-parameters.xhtml */ | |
76 | enum { | |
77 | NSEC3_ALGORITHM_SHA1 = 1, | |
78 | _NSEC3_ALGORITHM_MAX_DEFINED | |
79 | }; | |
80 | ||
74b2466e | 81 | struct DnsResourceKey { |
f57e3cd5 | 82 | unsigned n_ref; /* (unsigned -1) for const keys, see below */ |
faa133f3 LP |
83 | uint16_t class, type; |
84 | char *_name; /* don't access directy, use DNS_RESOURCE_KEY_NAME()! */ | |
74b2466e LP |
85 | }; |
86 | ||
1b4f6e79 LP |
87 | /* Creates a temporary resource key. This is only useful to quickly |
88 | * look up something, without allocating a full DnsResourceKey object | |
89 | * for it. Note that it is not OK to take references to this kind of | |
90 | * resource key object. */ | |
91 | #define DNS_RESOURCE_KEY_CONST(c, t, n) \ | |
92 | ((DnsResourceKey) { \ | |
93 | .n_ref = (unsigned) -1, \ | |
94 | .class = c, \ | |
95 | .type = t, \ | |
96 | ._name = (char*) n, \ | |
97 | }) | |
98 | ||
99 | ||
2001c805 LP |
100 | struct DnsTxtItem { |
101 | size_t length; | |
102 | LIST_FIELDS(DnsTxtItem, items); | |
103 | uint8_t data[]; | |
104 | }; | |
105 | ||
74b2466e LP |
106 | struct DnsResourceRecord { |
107 | unsigned n_ref; | |
faa133f3 | 108 | DnsResourceKey *key; |
97c67192 | 109 | |
7b50eb2e | 110 | char *to_string; |
97c67192 | 111 | |
74b2466e | 112 | uint32_t ttl; |
ee3d6aff | 113 | usec_t expiry; /* RRSIG signature expiry */ |
97c67192 LP |
114 | |
115 | /* How many labels to strip to determine "signer" of the RRSIG (aka, the zone). -1 if not signed. */ | |
116 | unsigned n_skip_labels_signer; | |
117 | /* How many labels to strip to determine "synthesizing source" of this RR, i.e. the wildcard's immediate parent. -1 if not signed. */ | |
118 | unsigned n_skip_labels_source; | |
119 | ||
a8812dd7 | 120 | bool unparseable:1; |
97c67192 | 121 | |
a8812dd7 LP |
122 | bool wire_format_canonical:1; |
123 | void *wire_format; | |
124 | size_t wire_format_size; | |
125 | size_t wire_format_rdata_offset; | |
97c67192 | 126 | |
74b2466e LP |
127 | union { |
128 | struct { | |
129 | void *data; | |
a43a068a | 130 | size_t data_size; |
d75acfb0 | 131 | } generic, opt; |
74b2466e | 132 | |
9c92ce6d LP |
133 | struct { |
134 | uint16_t priority; | |
135 | uint16_t weight; | |
136 | uint16_t port; | |
137 | char *name; | |
138 | } srv; | |
74b2466e LP |
139 | |
140 | struct { | |
141 | char *name; | |
8ac4e9e1 | 142 | } ptr, ns, cname, dname; |
74b2466e LP |
143 | |
144 | struct { | |
145 | char *cpu; | |
146 | char *os; | |
147 | } hinfo; | |
148 | ||
2e276efc | 149 | struct { |
2001c805 | 150 | DnsTxtItem *items; |
c0eb11cf | 151 | } txt, spf; |
74b2466e LP |
152 | |
153 | struct { | |
154 | struct in_addr in_addr; | |
155 | } a; | |
156 | ||
157 | struct { | |
158 | struct in6_addr in6_addr; | |
159 | } aaaa; | |
7e8e0422 LP |
160 | |
161 | struct { | |
162 | char *mname; | |
163 | char *rname; | |
164 | uint32_t serial; | |
165 | uint32_t refresh; | |
166 | uint32_t retry; | |
167 | uint32_t expire; | |
168 | uint32_t minimum; | |
169 | } soa; | |
946c7094 ZJS |
170 | |
171 | struct { | |
172 | uint16_t priority; | |
173 | char *exchange; | |
174 | } mx; | |
0dae31d4 | 175 | |
6af47493 | 176 | /* https://tools.ietf.org/html/rfc1876 */ |
0dae31d4 ZJS |
177 | struct { |
178 | uint8_t version; | |
179 | uint8_t size; | |
180 | uint8_t horiz_pre; | |
181 | uint8_t vert_pre; | |
182 | uint32_t latitude; | |
183 | uint32_t longitude; | |
184 | uint32_t altitude; | |
185 | } loc; | |
42cc2eeb | 186 | |
549c1a25 | 187 | /* https://tools.ietf.org/html/rfc4255#section-3.1 */ |
42cc2eeb LP |
188 | struct { |
189 | uint8_t algorithm; | |
190 | uint8_t fptype; | |
549c1a25 TG |
191 | void *fingerprint; |
192 | size_t fingerprint_size; | |
42cc2eeb | 193 | } sshfp; |
8db0d2f5 ZJS |
194 | |
195 | /* http://tools.ietf.org/html/rfc4034#section-2.1 */ | |
196 | struct { | |
f91dc240 LP |
197 | uint16_t flags; |
198 | uint8_t protocol; | |
8db0d2f5 ZJS |
199 | uint8_t algorithm; |
200 | void* key; | |
201 | size_t key_size; | |
202 | } dnskey; | |
151226ab ZJS |
203 | |
204 | /* http://tools.ietf.org/html/rfc4034#section-3.1 */ | |
205 | struct { | |
206 | uint16_t type_covered; | |
207 | uint8_t algorithm; | |
208 | uint8_t labels; | |
209 | uint32_t original_ttl; | |
210 | uint32_t expiration; | |
211 | uint32_t inception; | |
212 | uint16_t key_tag; | |
213 | char *signer; | |
214 | void *signature; | |
215 | size_t signature_size; | |
216 | } rrsig; | |
50f1e641 | 217 | |
9ead3519 | 218 | /* https://tools.ietf.org/html/rfc4034#section-4.1 */ |
50f1e641 TG |
219 | struct { |
220 | char *next_domain_name; | |
221 | Bitmap *types; | |
222 | } nsec; | |
5d45a880 | 223 | |
6af47493 LP |
224 | /* https://tools.ietf.org/html/rfc4034#section-5.1 */ |
225 | struct { | |
226 | uint16_t key_tag; | |
227 | uint8_t algorithm; | |
228 | uint8_t digest_type; | |
229 | void *digest; | |
230 | size_t digest_size; | |
231 | } ds; | |
232 | ||
5d45a880 TG |
233 | struct { |
234 | uint8_t algorithm; | |
235 | uint8_t flags; | |
236 | uint16_t iterations; | |
237 | void *salt; | |
238 | size_t salt_size; | |
239 | void *next_hashed_name; | |
240 | size_t next_hashed_name_size; | |
241 | Bitmap *types; | |
242 | } nsec3; | |
48d45d2b ZJS |
243 | |
244 | /* https://tools.ietf.org/html/draft-ietf-dane-protocol-23 */ | |
245 | struct { | |
246 | uint8_t cert_usage; | |
247 | uint8_t selector; | |
248 | uint8_t matching_type; | |
249 | void *data; | |
250 | size_t data_size; | |
251 | } tlsa; | |
95052df3 ZJS |
252 | |
253 | /* https://tools.ietf.org/html/rfc6844 */ | |
254 | struct { | |
255 | uint8_t flags; | |
256 | char *tag; | |
257 | void *value; | |
258 | size_t value_size; | |
259 | } caa; | |
74b2466e LP |
260 | }; |
261 | }; | |
262 | ||
faa133f3 | 263 | static inline const char* DNS_RESOURCE_KEY_NAME(const DnsResourceKey *key) { |
85aeaccc | 264 | if (!key) |
faa133f3 LP |
265 | return NULL; |
266 | ||
267 | if (key->_name) | |
268 | return key->_name; | |
269 | ||
270 | return (char*) key + sizeof(DnsResourceKey); | |
271 | } | |
74b2466e | 272 | |
85aeaccc LP |
273 | static inline const void* DNS_RESOURCE_RECORD_RDATA(DnsResourceRecord *rr) { |
274 | if (!rr) | |
275 | return NULL; | |
276 | ||
277 | if (!rr->wire_format) | |
278 | return NULL; | |
279 | ||
280 | assert(rr->wire_format_rdata_offset <= rr->wire_format_size); | |
281 | return (uint8_t*) rr->wire_format + rr->wire_format_rdata_offset; | |
282 | } | |
283 | ||
284 | static inline size_t DNS_RESOURCE_RECORD_RDATA_SIZE(DnsResourceRecord *rr) { | |
285 | if (!rr) | |
286 | return 0; | |
287 | if (!rr->wire_format) | |
288 | return 0; | |
289 | ||
290 | assert(rr->wire_format_rdata_offset <= rr->wire_format_size); | |
291 | return rr->wire_format_size - rr->wire_format_rdata_offset; | |
292 | } | |
293 | ||
faa133f3 | 294 | DnsResourceKey* dns_resource_key_new(uint16_t class, uint16_t type, const char *name); |
36d9205d | 295 | DnsResourceKey* dns_resource_key_new_redirect(const DnsResourceKey *key, const DnsResourceRecord *cname); |
801ad6a6 | 296 | int dns_resource_key_new_append_suffix(DnsResourceKey **ret, DnsResourceKey *key, char *name); |
faa133f3 LP |
297 | DnsResourceKey* dns_resource_key_new_consume(uint16_t class, uint16_t type, char *name); |
298 | DnsResourceKey* dns_resource_key_ref(DnsResourceKey *key); | |
299 | DnsResourceKey* dns_resource_key_unref(DnsResourceKey *key); | |
28b9b764 | 300 | bool dns_resource_key_is_address(const DnsResourceKey *key); |
faa133f3 | 301 | int dns_resource_key_equal(const DnsResourceKey *a, const DnsResourceKey *b); |
105e1512 | 302 | int dns_resource_key_match_rr(const DnsResourceKey *key, DnsResourceRecord *rr, const char *search_domain); |
5d27351f | 303 | int dns_resource_key_match_cname_or_dname(const DnsResourceKey *key, const DnsResourceKey *cname, const char *search_domain); |
547973de | 304 | int dns_resource_key_match_soa(const DnsResourceKey *key, const DnsResourceKey *soa); |
2d4c5cbc | 305 | int dns_resource_key_to_string(const DnsResourceKey *key, char **ret); |
2e74028a ZJS |
306 | ssize_t dns_resource_record_payload(DnsResourceRecord *rr, void **out); |
307 | ||
faa133f3 | 308 | DEFINE_TRIVIAL_CLEANUP_FUNC(DnsResourceKey*, dns_resource_key_unref); |
322345fd | 309 | |
7778dfff DM |
310 | static inline bool dns_key_is_shared(const DnsResourceKey *key) { |
311 | return IN_SET(key->type, DNS_TYPE_PTR); | |
312 | } | |
313 | ||
f57e3cd5 LP |
314 | bool dns_resource_key_reduce(DnsResourceKey **a, DnsResourceKey **b); |
315 | ||
faa133f3 | 316 | DnsResourceRecord* dns_resource_record_new(DnsResourceKey *key); |
8bf52d3d | 317 | DnsResourceRecord* dns_resource_record_new_full(uint16_t class, uint16_t type, const char *name); |
74b2466e LP |
318 | DnsResourceRecord* dns_resource_record_ref(DnsResourceRecord *rr); |
319 | DnsResourceRecord* dns_resource_record_unref(DnsResourceRecord *rr); | |
623a4c97 | 320 | int dns_resource_record_new_reverse(DnsResourceRecord **ret, int family, const union in_addr_union *address, const char *name); |
78c6a153 | 321 | int dns_resource_record_new_address(DnsResourceRecord **ret, int family, const union in_addr_union *address, const char *name); |
322345fd | 322 | int dns_resource_record_equal(const DnsResourceRecord *a, const DnsResourceRecord *b); |
7b50eb2e | 323 | const char* dns_resource_record_to_string(DnsResourceRecord *rr); |
faa133f3 | 324 | DEFINE_TRIVIAL_CLEANUP_FUNC(DnsResourceRecord*, dns_resource_record_unref); |
322345fd | 325 | |
a8812dd7 LP |
326 | int dns_resource_record_to_wire_format(DnsResourceRecord *rr, bool canonical); |
327 | ||
97c67192 LP |
328 | int dns_resource_record_signer(DnsResourceRecord *rr, const char **ret); |
329 | int dns_resource_record_source(DnsResourceRecord *rr, const char **ret); | |
330 | int dns_resource_record_is_signer(DnsResourceRecord *rr, const char *zone); | |
ab481675 | 331 | int dns_resource_record_is_synthetic(DnsResourceRecord *rr); |
97c67192 | 332 | |
2001c805 LP |
333 | DnsTxtItem *dns_txt_item_free_all(DnsTxtItem *i); |
334 | bool dns_txt_item_equal(DnsTxtItem *a, DnsTxtItem *b); | |
335 | ||
6d99904f ZJS |
336 | void dns_resource_record_hash_func(const void *i, struct siphash *state); |
337 | ||
d5099efc | 338 | extern const struct hash_ops dns_resource_key_hash_ops; |
c9c72065 | 339 | extern const struct hash_ops dns_resource_record_hash_ops; |
8730bccf | 340 | |
8e54f5d9 | 341 | int dnssec_algorithm_to_string_alloc(int i, char **ret); |
8730bccf LP |
342 | int dnssec_algorithm_from_string(const char *s) _pure_; |
343 | ||
8e54f5d9 | 344 | int dnssec_digest_to_string_alloc(int i, char **ret); |
8730bccf | 345 | int dnssec_digest_from_string(const char *s) _pure_; |