]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
74b2466e | 2 | |
a8fbdf54 TA |
3 | #include <endian.h> |
4 | #include <netinet/in.h> | |
5 | #include <stdio.h> | |
a8fbdf54 TA |
6 | #include <sys/socket.h> |
7 | ||
b5efdb8a | 8 | #include "alloc-util.h" |
4ad7f276 | 9 | #include "dns-domain.h" |
e2341b6b | 10 | #include "glyph-util.h" |
a8fbdf54 | 11 | #include "hashmap.h" |
e4e73a63 | 12 | #include "hexdecoct.h" |
d65652f1 | 13 | #include "hostname-util.h" |
4917e7c7 | 14 | #include "idn-util.h" |
a8fbdf54 TA |
15 | #include "in-addr-util.h" |
16 | #include "macro.h" | |
6bedfcbb LP |
17 | #include "parse-util.h" |
18 | #include "string-util.h" | |
dc477e73 | 19 | #include "strv.h" |
0a49b6b6 | 20 | #include "utf8.h" |
74b2466e | 21 | |
7470cc4c | 22 | int dns_label_unescape(const char **name, char *dest, size_t sz, DNSLabelFlags flags) { |
74b2466e | 23 | const char *n; |
7470cc4c | 24 | char *d, last_char = 0; |
74b2466e LP |
25 | int r = 0; |
26 | ||
27 | assert(name); | |
28 | assert(*name); | |
74b2466e LP |
29 | |
30 | n = *name; | |
31 | d = dest; | |
32 | ||
33 | for (;;) { | |
ed0cb346 | 34 | if (IN_SET(*n, 0, '.')) { |
7470cc4c ZJS |
35 | if (FLAGS_SET(flags, DNS_LABEL_LDH) && last_char == '-') |
36 | /* Trailing dash */ | |
37 | return -EINVAL; | |
74b2466e | 38 | |
64c82c25 | 39 | if (n[0] == '.' && (n[1] != 0 || !FLAGS_SET(flags, DNS_LABEL_LEAVE_TRAILING_DOT))) |
7470cc4c | 40 | n++; |
64c82c25 | 41 | |
74b2466e | 42 | break; |
7470cc4c | 43 | } |
74b2466e | 44 | |
1fa65c59 LP |
45 | if (r >= DNS_LABEL_MAX) |
46 | return -EINVAL; | |
47 | ||
37ade128 LP |
48 | if (sz <= 0) |
49 | return -ENOBUFS; | |
50 | ||
74b2466e LP |
51 | if (*n == '\\') { |
52 | /* Escaped character */ | |
7470cc4c ZJS |
53 | if (FLAGS_SET(flags, DNS_LABEL_NO_ESCAPES)) |
54 | return -EINVAL; | |
74b2466e LP |
55 | |
56 | n++; | |
57 | ||
58 | if (*n == 0) | |
59 | /* Ending NUL */ | |
60 | return -EINVAL; | |
61 | ||
4c701096 | 62 | else if (IN_SET(*n, '\\', '.')) { |
74b2466e | 63 | /* Escaped backslash or dot */ |
f7455baa | 64 | |
7470cc4c ZJS |
65 | if (FLAGS_SET(flags, DNS_LABEL_LDH)) |
66 | return -EINVAL; | |
67 | ||
68 | last_char = *n; | |
f7455baa LP |
69 | if (d) |
70 | *(d++) = *n; | |
74b2466e LP |
71 | sz--; |
72 | r++; | |
f7455baa | 73 | n++; |
74b2466e LP |
74 | |
75 | } else if (n[0] >= '0' && n[0] <= '9') { | |
76 | unsigned k; | |
77 | ||
78 | /* Escaped literal ASCII character */ | |
79 | ||
80 | if (!(n[1] >= '0' && n[1] <= '9') || | |
81 | !(n[2] >= '0' && n[2] <= '9')) | |
82 | return -EINVAL; | |
83 | ||
84 | k = ((unsigned) (n[0] - '0') * 100) + | |
85 | ((unsigned) (n[1] - '0') * 10) + | |
86 | ((unsigned) (n[2] - '0')); | |
87 | ||
da890466 ZJS |
88 | /* Don't allow anything that doesn't fit in 8 bits. Note that we do allow |
89 | * control characters, as some servers (e.g. cloudflare) are happy to | |
90 | * generate labels with them inside. */ | |
c7feab76 | 91 | if (k > 255) |
74b2466e LP |
92 | return -EINVAL; |
93 | ||
7470cc4c ZJS |
94 | if (FLAGS_SET(flags, DNS_LABEL_LDH) && |
95 | !valid_ldh_char((char) k)) | |
96 | return -EINVAL; | |
97 | ||
98 | last_char = (char) k; | |
f7455baa LP |
99 | if (d) |
100 | *(d++) = (char) k; | |
74b2466e LP |
101 | sz--; |
102 | r++; | |
103 | ||
104 | n += 3; | |
105 | } else | |
106 | return -EINVAL; | |
107 | ||
07bed172 | 108 | } else if ((uint8_t) *n >= (uint8_t) ' ' && *n != 127) { |
74b2466e LP |
109 | |
110 | /* Normal character */ | |
f7455baa | 111 | |
7470cc4c ZJS |
112 | if (FLAGS_SET(flags, DNS_LABEL_LDH)) { |
113 | if (!valid_ldh_char(*n)) | |
114 | return -EINVAL; | |
115 | if (r == 0 && *n == '-') | |
116 | /* Leading dash */ | |
117 | return -EINVAL; | |
118 | } | |
119 | ||
120 | last_char = *n; | |
f7455baa LP |
121 | if (d) |
122 | *(d++) = *n; | |
74b2466e LP |
123 | sz--; |
124 | r++; | |
f7455baa | 125 | n++; |
74b2466e LP |
126 | } else |
127 | return -EINVAL; | |
128 | } | |
129 | ||
130 | /* Empty label that is not at the end? */ | |
131 | if (r == 0 && *n) | |
132 | return -EINVAL; | |
133 | ||
f35c467d | 134 | /* More than one trailing dot? */ |
64c82c25 | 135 | if (n[0] == '.' && !FLAGS_SET(flags, DNS_LABEL_LEAVE_TRAILING_DOT)) |
f35c467d MP |
136 | return -EINVAL; |
137 | ||
f7455baa | 138 | if (sz >= 1 && d) |
74b2466e LP |
139 | *d = 0; |
140 | ||
141 | *name = n; | |
142 | return r; | |
143 | } | |
144 | ||
642900d3 TG |
145 | /* @label_terminal: terminal character of a label, updated to point to the terminal character of |
146 | * the previous label (always skipping one dot) or to NULL if there are no more | |
147 | * labels. */ | |
148 | int dns_label_unescape_suffix(const char *name, const char **label_terminal, char *dest, size_t sz) { | |
149 | const char *terminal; | |
150 | int r; | |
151 | ||
152 | assert(name); | |
153 | assert(label_terminal); | |
154 | assert(dest); | |
155 | ||
156 | /* no more labels */ | |
157 | if (!*label_terminal) { | |
158 | if (sz >= 1) | |
159 | *dest = 0; | |
160 | ||
161 | return 0; | |
162 | } | |
163 | ||
56512859 | 164 | terminal = *label_terminal; |
4c701096 | 165 | assert(IN_SET(*terminal, 0, '.')); |
642900d3 | 166 | |
56512859 LP |
167 | /* Skip current terminal character (and accept domain names ending it ".") */ |
168 | if (*terminal == 0) | |
007950dc | 169 | terminal = PTR_SUB1(terminal, name); |
56512859 | 170 | if (terminal >= name && *terminal == '.') |
007950dc | 171 | terminal = PTR_SUB1(terminal, name); |
642900d3 | 172 | |
56512859 | 173 | /* Point name to the last label, and terminal to the preceding terminal symbol (or make it a NULL pointer) */ |
007950dc | 174 | while (terminal) { |
56512859 | 175 | /* Find the start of the last label */ |
642900d3 TG |
176 | if (*terminal == '.') { |
177 | const char *y; | |
178 | unsigned slashes = 0; | |
179 | ||
007950dc | 180 | for (y = PTR_SUB1(terminal, name); y && *y == '\\'; y = PTR_SUB1(y, name)) |
313cefa1 | 181 | slashes++; |
642900d3 TG |
182 | |
183 | if (slashes % 2 == 0) { | |
56512859 | 184 | /* The '.' was not escaped */ |
642900d3 TG |
185 | name = terminal + 1; |
186 | break; | |
187 | } else { | |
188 | terminal = y; | |
189 | continue; | |
190 | } | |
191 | } | |
192 | ||
007950dc | 193 | terminal = PTR_SUB1(terminal, name); |
642900d3 TG |
194 | } |
195 | ||
7470cc4c | 196 | r = dns_label_unescape(&name, dest, sz, 0); |
642900d3 TG |
197 | if (r < 0) |
198 | return r; | |
199 | ||
200 | *label_terminal = terminal; | |
201 | ||
202 | return r; | |
203 | } | |
204 | ||
422baca0 | 205 | int dns_label_escape(const char *p, size_t l, char *dest, size_t sz) { |
74b2466e | 206 | char *q; |
74b2466e | 207 | |
3b37fa73 | 208 | /* DNS labels must be between 1 and 63 characters long. A |
7ad3a370 | 209 | * zero-length label does not exist. See RFC 2181, Section |
3b37fa73 LP |
210 | * 11. */ |
211 | ||
212 | if (l <= 0 || l > DNS_LABEL_MAX) | |
1fa65c59 | 213 | return -EINVAL; |
422baca0 | 214 | if (sz < 1) |
37ade128 | 215 | return -ENOBUFS; |
1fa65c59 | 216 | |
422baca0 LP |
217 | assert(p); |
218 | assert(dest); | |
74b2466e | 219 | |
422baca0 | 220 | q = dest; |
74b2466e LP |
221 | while (l > 0) { |
222 | ||
4c701096 | 223 | if (IN_SET(*p, '.', '\\')) { |
74b2466e | 224 | |
3b37fa73 LP |
225 | /* Dot or backslash */ |
226 | ||
422baca0 | 227 | if (sz < 3) |
37ade128 | 228 | return -ENOBUFS; |
422baca0 | 229 | |
74b2466e LP |
230 | *(q++) = '\\'; |
231 | *(q++) = *p; | |
232 | ||
422baca0 LP |
233 | sz -= 2; |
234 | ||
4c701096 | 235 | } else if (IN_SET(*p, '_', '-') || |
ff25d338 LP |
236 | ascii_isdigit(*p) || |
237 | ascii_isalpha(*p)) { | |
74b2466e LP |
238 | |
239 | /* Proper character */ | |
422baca0 LP |
240 | |
241 | if (sz < 2) | |
37ade128 | 242 | return -ENOBUFS; |
422baca0 | 243 | |
74b2466e | 244 | *(q++) = *p; |
422baca0 LP |
245 | sz -= 1; |
246 | ||
c7feab76 | 247 | } else { |
74b2466e LP |
248 | |
249 | /* Everything else */ | |
422baca0 LP |
250 | |
251 | if (sz < 5) | |
37ade128 | 252 | return -ENOBUFS; |
422baca0 | 253 | |
74b2466e | 254 | *(q++) = '\\'; |
07bed172 LP |
255 | *(q++) = '0' + (char) ((uint8_t) *p / 100); |
256 | *(q++) = '0' + (char) (((uint8_t) *p / 10) % 10); | |
257 | *(q++) = '0' + (char) ((uint8_t) *p % 10); | |
74b2466e | 258 | |
422baca0 | 259 | sz -= 4; |
c7feab76 | 260 | } |
74b2466e LP |
261 | |
262 | p++; | |
263 | l--; | |
264 | } | |
265 | ||
266 | *q = 0; | |
422baca0 LP |
267 | return (int) (q - dest); |
268 | } | |
269 | ||
270 | int dns_label_escape_new(const char *p, size_t l, char **ret) { | |
271 | _cleanup_free_ char *s = NULL; | |
272 | int r; | |
273 | ||
274 | assert(p); | |
275 | assert(ret); | |
276 | ||
3b37fa73 | 277 | if (l <= 0 || l > DNS_LABEL_MAX) |
422baca0 LP |
278 | return -EINVAL; |
279 | ||
280 | s = new(char, DNS_LABEL_ESCAPED_MAX); | |
281 | if (!s) | |
282 | return -ENOMEM; | |
283 | ||
284 | r = dns_label_escape(p, l, s, DNS_LABEL_ESCAPED_MAX); | |
285 | if (r < 0) | |
286 | return r; | |
287 | ||
ae2a15bc | 288 | *ret = TAKE_PTR(s); |
74b2466e LP |
289 | |
290 | return r; | |
291 | } | |
292 | ||
349cc4a5 | 293 | #if HAVE_LIBIDN |
87057e24 | 294 | int dns_label_apply_idna(const char *encoded, size_t encoded_size, char *decoded, size_t decoded_max) { |
bdf10b5b | 295 | _cleanup_free_ uint32_t *input = NULL; |
3b37fa73 | 296 | size_t input_size, l; |
da890466 | 297 | bool contains_8_bit = false; |
3b37fa73 | 298 | char buffer[DNS_LABEL_MAX+1]; |
4917e7c7 | 299 | int r; |
bdf10b5b LP |
300 | |
301 | assert(encoded); | |
302 | assert(decoded); | |
3b37fa73 | 303 | |
5bc9ea07 | 304 | /* Converts a U-label into an A-label */ |
bdf10b5b | 305 | |
4917e7c7 LP |
306 | r = dlopen_idn(); |
307 | if (r < 0) | |
308 | return r; | |
309 | ||
bdf10b5b | 310 | if (encoded_size <= 0) |
3b37fa73 | 311 | return -EINVAL; |
bdf10b5b | 312 | |
ac2300f7 | 313 | for (const char *p = encoded; p < encoded + encoded_size; p++) |
bdf10b5b | 314 | if ((uint8_t) *p > 127) |
da890466 | 315 | contains_8_bit = true; |
bdf10b5b | 316 | |
da890466 | 317 | if (!contains_8_bit) { |
3b37fa73 LP |
318 | if (encoded_size > DNS_LABEL_MAX) |
319 | return -EINVAL; | |
320 | ||
bdf10b5b | 321 | return 0; |
3b37fa73 | 322 | } |
bdf10b5b | 323 | |
4917e7c7 | 324 | input = sym_stringprep_utf8_to_ucs4(encoded, encoded_size, &input_size); |
bdf10b5b LP |
325 | if (!input) |
326 | return -ENOMEM; | |
327 | ||
4917e7c7 | 328 | if (sym_idna_to_ascii_4i(input, input_size, buffer, 0) != 0) |
3b37fa73 LP |
329 | return -EINVAL; |
330 | ||
331 | l = strlen(buffer); | |
332 | ||
c629ff58 | 333 | /* Verify that the result is not longer than one DNS label. */ |
3b37fa73 | 334 | if (l <= 0 || l > DNS_LABEL_MAX) |
bdf10b5b | 335 | return -EINVAL; |
3b37fa73 | 336 | if (l > decoded_max) |
37ade128 | 337 | return -ENOBUFS; |
3b37fa73 LP |
338 | |
339 | memcpy(decoded, buffer, l); | |
bdf10b5b | 340 | |
3b37fa73 LP |
341 | /* If there's room, append a trailing NUL byte, but only then */ |
342 | if (decoded_max > l) | |
343 | decoded[l] = 0; | |
344 | ||
345 | return (int) l; | |
bdf10b5b LP |
346 | } |
347 | ||
348 | int dns_label_undo_idna(const char *encoded, size_t encoded_size, char *decoded, size_t decoded_max) { | |
bdf10b5b LP |
349 | size_t input_size, output_size; |
350 | _cleanup_free_ uint32_t *input = NULL; | |
351 | _cleanup_free_ char *result = NULL; | |
352 | uint32_t *output = NULL; | |
353 | size_t w; | |
4917e7c7 | 354 | int r; |
bdf10b5b | 355 | |
5bc9ea07 | 356 | /* To be invoked after unescaping. Converts an A-label into a U-label. */ |
bdf10b5b LP |
357 | |
358 | assert(encoded); | |
359 | assert(decoded); | |
360 | ||
4917e7c7 LP |
361 | r = dlopen_idn(); |
362 | if (r < 0) | |
363 | return r; | |
364 | ||
3b37fa73 LP |
365 | if (encoded_size <= 0 || encoded_size > DNS_LABEL_MAX) |
366 | return -EINVAL; | |
367 | ||
d27b725a | 368 | if (!memory_startswith(encoded, encoded_size, IDNA_ACE_PREFIX)) |
bdf10b5b LP |
369 | return 0; |
370 | ||
4917e7c7 | 371 | input = sym_stringprep_utf8_to_ucs4(encoded, encoded_size, &input_size); |
bdf10b5b LP |
372 | if (!input) |
373 | return -ENOMEM; | |
374 | ||
375 | output_size = input_size; | |
376 | output = newa(uint32_t, output_size); | |
377 | ||
4917e7c7 | 378 | sym_idna_to_unicode_44i(input, input_size, output, &output_size, 0); |
bdf10b5b | 379 | |
4917e7c7 | 380 | result = sym_stringprep_ucs4_to_utf8(output, output_size, NULL, &w); |
bdf10b5b LP |
381 | if (!result) |
382 | return -ENOMEM; | |
383 | if (w <= 0) | |
bdf10b5b | 384 | return -EINVAL; |
3b37fa73 | 385 | if (w > decoded_max) |
37ade128 | 386 | return -ENOBUFS; |
3b37fa73 LP |
387 | |
388 | memcpy(decoded, result, w); | |
389 | ||
390 | /* Append trailing NUL byte if there's space, but only then. */ | |
391 | if (decoded_max > w) | |
392 | decoded[w] = 0; | |
bdf10b5b | 393 | |
bdf10b5b | 394 | return w; |
bdf10b5b | 395 | } |
87057e24 | 396 | #endif |
bdf10b5b | 397 | |
7470cc4c | 398 | int dns_name_concat(const char *a, const char *b, DNSLabelFlags flags, char **_ret) { |
74b2466e | 399 | _cleanup_free_ char *ret = NULL; |
319a4f4b | 400 | size_t n = 0; |
3a519900 | 401 | const char *p; |
74b2466e LP |
402 | bool first = true; |
403 | int r; | |
404 | ||
3a519900 LP |
405 | if (a) |
406 | p = a; | |
1cc6c93a YW |
407 | else if (b) |
408 | p = TAKE_PTR(b); | |
409 | else | |
3a519900 | 410 | goto finish; |
74b2466e LP |
411 | |
412 | for (;;) { | |
fd7e9887 | 413 | char label[DNS_LABEL_MAX+1]; |
74b2466e | 414 | |
7470cc4c | 415 | r = dns_label_unescape(&p, label, sizeof label, flags); |
74b2466e LP |
416 | if (r < 0) |
417 | return r; | |
418 | if (r == 0) { | |
419 | if (*p != 0) | |
420 | return -EINVAL; | |
9ca45586 LP |
421 | |
422 | if (b) { | |
423 | /* Now continue with the second string, if there is one */ | |
1cc6c93a | 424 | p = TAKE_PTR(b); |
9ca45586 LP |
425 | continue; |
426 | } | |
427 | ||
74b2466e LP |
428 | break; |
429 | } | |
430 | ||
9ca45586 | 431 | if (_ret) { |
319a4f4b | 432 | if (!GREEDY_REALLOC(ret, n + !first + DNS_LABEL_ESCAPED_MAX)) |
9ca45586 | 433 | return -ENOMEM; |
74b2466e | 434 | |
422baca0 LP |
435 | r = dns_label_escape(label, r, ret + n + !first, DNS_LABEL_ESCAPED_MAX); |
436 | if (r < 0) | |
437 | return r; | |
438 | ||
9ca45586 | 439 | if (!first) |
422baca0 LP |
440 | ret[n] = '.'; |
441 | } else { | |
442 | char escaped[DNS_LABEL_ESCAPED_MAX]; | |
9ca45586 | 443 | |
422baca0 LP |
444 | r = dns_label_escape(label, r, escaped, sizeof(escaped)); |
445 | if (r < 0) | |
446 | return r; | |
9ca45586 | 447 | } |
74b2466e | 448 | |
47484dd9 YW |
449 | n += r + !first; |
450 | first = false; | |
74b2466e LP |
451 | } |
452 | ||
3a519900 | 453 | finish: |
1dfbf000 LP |
454 | if (n > DNS_HOSTNAME_MAX) |
455 | return -EINVAL; | |
456 | ||
7b9f7afc | 457 | if (_ret) { |
3a519900 LP |
458 | if (n == 0) { |
459 | /* Nothing appended? If so, generate at least a single dot, to indicate the DNS root domain */ | |
319a4f4b | 460 | if (!GREEDY_REALLOC(ret, 2)) |
3a519900 LP |
461 | return -ENOMEM; |
462 | ||
463 | ret[n++] = '.'; | |
464 | } else { | |
319a4f4b | 465 | if (!GREEDY_REALLOC(ret, n + 1)) |
3a519900 LP |
466 | return -ENOMEM; |
467 | } | |
9ca45586 LP |
468 | |
469 | ret[n] = 0; | |
1cc6c93a | 470 | *_ret = TAKE_PTR(ret); |
7b9f7afc | 471 | } |
74b2466e LP |
472 | |
473 | return 0; | |
474 | } | |
475 | ||
7a08d314 | 476 | void dns_name_hash_func(const char *p, struct siphash *state) { |
74b2466e LP |
477 | int r; |
478 | ||
479 | assert(p); | |
480 | ||
d12315a4 | 481 | for (;;) { |
74b2466e LP |
482 | char label[DNS_LABEL_MAX+1]; |
483 | ||
7470cc4c | 484 | r = dns_label_unescape(&p, label, sizeof label, 0); |
74b2466e LP |
485 | if (r < 0) |
486 | break; | |
d12315a4 LP |
487 | if (r == 0) |
488 | break; | |
74b2466e | 489 | |
509eddd2 LP |
490 | ascii_strlower_n(label, r); |
491 | siphash24_compress(label, r, state); | |
d5115566 | 492 | siphash24_compress_byte(0, state); /* make sure foobar and foo.bar result in different hashes */ |
74b2466e | 493 | } |
1e2527a6 TG |
494 | |
495 | /* enforce that all names are terminated by the empty label */ | |
496 | string_hash_func("", state); | |
74b2466e LP |
497 | } |
498 | ||
7a08d314 | 499 | int dns_name_compare_func(const char *a, const char *b) { |
5dfd7011 | 500 | const char *x, *y; |
23b298bc | 501 | int r, q; |
74b2466e LP |
502 | |
503 | assert(a); | |
504 | assert(b); | |
505 | ||
7a08d314 YW |
506 | x = a + strlen(a); |
507 | y = b + strlen(b); | |
5dfd7011 | 508 | |
74b2466e | 509 | for (;;) { |
fd7e9887 | 510 | char la[DNS_LABEL_MAX+1], lb[DNS_LABEL_MAX+1]; |
74b2466e | 511 | |
5dfd7011 | 512 | if (x == NULL && y == NULL) |
74b2466e LP |
513 | return 0; |
514 | ||
5dfd7011 TG |
515 | r = dns_label_unescape_suffix(a, &x, la, sizeof(la)); |
516 | q = dns_label_unescape_suffix(b, &y, lb, sizeof(lb)); | |
74b2466e | 517 | if (r < 0 || q < 0) |
b994fe95 | 518 | return CMP(r, q); |
74b2466e | 519 | |
34361485 | 520 | r = ascii_strcasecmp_nn(la, r, lb, q); |
74b2466e LP |
521 | if (r != 0) |
522 | return r; | |
523 | } | |
524 | } | |
525 | ||
3deed83a YW |
526 | DEFINE_HASH_OPS( |
527 | dns_name_hash_ops, | |
528 | char, | |
529 | dns_name_hash_func, | |
530 | dns_name_compare_func); | |
531 | ||
532 | DEFINE_HASH_OPS_WITH_KEY_DESTRUCTOR( | |
533 | dns_name_hash_ops_free, | |
534 | char, | |
535 | dns_name_hash_func, | |
536 | dns_name_compare_func, | |
537 | free); | |
d5099efc | 538 | |
74b2466e | 539 | int dns_name_equal(const char *x, const char *y) { |
81ec9e08 | 540 | int r, q; |
74b2466e LP |
541 | |
542 | assert(x); | |
543 | assert(y); | |
544 | ||
545 | for (;;) { | |
fd7e9887 | 546 | char la[DNS_LABEL_MAX+1], lb[DNS_LABEL_MAX+1]; |
74b2466e | 547 | |
7470cc4c | 548 | r = dns_label_unescape(&x, la, sizeof la, 0); |
74b2466e LP |
549 | if (r < 0) |
550 | return r; | |
bdf10b5b | 551 | |
7470cc4c | 552 | q = dns_label_unescape(&y, lb, sizeof lb, 0); |
74b2466e LP |
553 | if (q < 0) |
554 | return q; | |
3b37fa73 | 555 | |
3095011d LP |
556 | if (r != q) |
557 | return false; | |
558 | if (r == 0) | |
559 | return true; | |
74b2466e | 560 | |
3095011d | 561 | if (ascii_strcasecmp_n(la, lb, r) != 0) |
74b2466e LP |
562 | return false; |
563 | } | |
564 | } | |
565 | ||
566 | int dns_name_endswith(const char *name, const char *suffix) { | |
567 | const char *n, *s, *saved_n = NULL; | |
81ec9e08 | 568 | int r, q; |
74b2466e LP |
569 | |
570 | assert(name); | |
571 | assert(suffix); | |
572 | ||
573 | n = name; | |
574 | s = suffix; | |
575 | ||
576 | for (;;) { | |
fd7e9887 | 577 | char ln[DNS_LABEL_MAX+1], ls[DNS_LABEL_MAX+1]; |
74b2466e | 578 | |
7470cc4c | 579 | r = dns_label_unescape(&n, ln, sizeof ln, 0); |
74b2466e LP |
580 | if (r < 0) |
581 | return r; | |
582 | ||
583 | if (!saved_n) | |
584 | saved_n = n; | |
585 | ||
7470cc4c | 586 | q = dns_label_unescape(&s, ls, sizeof ls, 0); |
be754d54 LP |
587 | if (q < 0) |
588 | return q; | |
74b2466e LP |
589 | |
590 | if (r == 0 && q == 0) | |
591 | return true; | |
592 | if (r == 0 && saved_n == n) | |
593 | return false; | |
594 | ||
3095011d | 595 | if (r != q || ascii_strcasecmp_n(ln, ls, r) != 0) { |
74b2466e LP |
596 | |
597 | /* Not the same, let's jump back, and try with the next label again */ | |
598 | s = suffix; | |
ae2a15bc | 599 | n = TAKE_PTR(saved_n); |
74b2466e LP |
600 | } |
601 | } | |
602 | } | |
603 | ||
eb241cdb LP |
604 | int dns_name_startswith(const char *name, const char *prefix) { |
605 | const char *n, *p; | |
606 | int r, q; | |
607 | ||
608 | assert(name); | |
609 | assert(prefix); | |
610 | ||
611 | n = name; | |
612 | p = prefix; | |
613 | ||
614 | for (;;) { | |
fd7e9887 | 615 | char ln[DNS_LABEL_MAX+1], lp[DNS_LABEL_MAX+1]; |
eb241cdb | 616 | |
7470cc4c | 617 | r = dns_label_unescape(&p, lp, sizeof lp, 0); |
eb241cdb LP |
618 | if (r < 0) |
619 | return r; | |
620 | if (r == 0) | |
621 | return true; | |
622 | ||
7470cc4c | 623 | q = dns_label_unescape(&n, ln, sizeof ln, 0); |
eb241cdb LP |
624 | if (q < 0) |
625 | return q; | |
626 | ||
627 | if (r != q) | |
628 | return false; | |
629 | if (ascii_strcasecmp_n(ln, lp, r) != 0) | |
630 | return false; | |
631 | } | |
632 | } | |
633 | ||
58db254a LP |
634 | int dns_name_change_suffix(const char *name, const char *old_suffix, const char *new_suffix, char **ret) { |
635 | const char *n, *s, *saved_before = NULL, *saved_after = NULL, *prefix; | |
81ec9e08 | 636 | int r, q; |
58db254a LP |
637 | |
638 | assert(name); | |
639 | assert(old_suffix); | |
640 | assert(new_suffix); | |
641 | assert(ret); | |
642 | ||
643 | n = name; | |
644 | s = old_suffix; | |
645 | ||
646 | for (;;) { | |
fd7e9887 | 647 | char ln[DNS_LABEL_MAX+1], ls[DNS_LABEL_MAX+1]; |
58db254a LP |
648 | |
649 | if (!saved_before) | |
650 | saved_before = n; | |
651 | ||
7470cc4c | 652 | r = dns_label_unescape(&n, ln, sizeof ln, 0); |
58db254a LP |
653 | if (r < 0) |
654 | return r; | |
58db254a LP |
655 | |
656 | if (!saved_after) | |
657 | saved_after = n; | |
658 | ||
7470cc4c | 659 | q = dns_label_unescape(&s, ls, sizeof ls, 0); |
58db254a LP |
660 | if (q < 0) |
661 | return q; | |
58db254a LP |
662 | |
663 | if (r == 0 && q == 0) | |
664 | break; | |
665 | if (r == 0 && saved_after == n) { | |
666 | *ret = NULL; /* doesn't match */ | |
667 | return 0; | |
668 | } | |
669 | ||
3095011d | 670 | if (r != q || ascii_strcasecmp_n(ln, ls, r) != 0) { |
58db254a LP |
671 | |
672 | /* Not the same, let's jump back, and try with the next label again */ | |
673 | s = old_suffix; | |
1cc6c93a YW |
674 | n = TAKE_PTR(saved_after); |
675 | saved_before = NULL; | |
58db254a LP |
676 | } |
677 | } | |
678 | ||
679 | /* Found it! Now generate the new name */ | |
2f82562b | 680 | prefix = strndupa_safe(name, saved_before - name); |
58db254a | 681 | |
7470cc4c | 682 | r = dns_name_concat(prefix, new_suffix, 0, ret); |
58db254a LP |
683 | if (r < 0) |
684 | return r; | |
685 | ||
686 | return 1; | |
687 | } | |
688 | ||
ae72b22c | 689 | int dns_name_between(const char *a, const char *b, const char *c) { |
ae72b22c TG |
690 | /* Determine if b is strictly greater than a and strictly smaller than c. |
691 | We consider the order of names to be circular, so that if a is | |
692 | strictly greater than c, we consider b to be between them if it is | |
693 | either greater than a or smaller than c. This is how the canonical | |
694 | DNS name order used in NSEC records work. */ | |
695 | ||
59f2725c LP |
696 | if (dns_name_compare_func(a, c) < 0) |
697 | /* | |
698 | a and c are properly ordered: | |
699 | a<---b--->c | |
700 | */ | |
ae72b22c TG |
701 | return dns_name_compare_func(a, b) < 0 && |
702 | dns_name_compare_func(b, c) < 0; | |
703 | else | |
59f2725c LP |
704 | /* |
705 | a and c are equal or 'reversed': | |
706 | <--b--c a-----> | |
707 | or: | |
708 | <-----c a--b--> | |
709 | */ | |
ae72b22c TG |
710 | return dns_name_compare_func(b, c) < 0 || |
711 | dns_name_compare_func(a, b) < 0; | |
712 | } | |
713 | ||
74b2466e LP |
714 | int dns_name_reverse(int family, const union in_addr_union *a, char **ret) { |
715 | const uint8_t *p; | |
716 | int r; | |
717 | ||
718 | assert(a); | |
719 | assert(ret); | |
720 | ||
721 | p = (const uint8_t*) a; | |
722 | ||
723 | if (family == AF_INET) | |
724 | r = asprintf(ret, "%u.%u.%u.%u.in-addr.arpa", p[3], p[2], p[1], p[0]); | |
725 | else if (family == AF_INET6) | |
3fe1169f LP |
726 | r = asprintf(ret, "%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.%c.ip6.arpa", |
727 | hexchar(p[15] & 0xF), hexchar(p[15] >> 4), hexchar(p[14] & 0xF), hexchar(p[14] >> 4), | |
728 | hexchar(p[13] & 0xF), hexchar(p[13] >> 4), hexchar(p[12] & 0xF), hexchar(p[12] >> 4), | |
729 | hexchar(p[11] & 0xF), hexchar(p[11] >> 4), hexchar(p[10] & 0xF), hexchar(p[10] >> 4), | |
730 | hexchar(p[ 9] & 0xF), hexchar(p[ 9] >> 4), hexchar(p[ 8] & 0xF), hexchar(p[ 8] >> 4), | |
731 | hexchar(p[ 7] & 0xF), hexchar(p[ 7] >> 4), hexchar(p[ 6] & 0xF), hexchar(p[ 6] >> 4), | |
732 | hexchar(p[ 5] & 0xF), hexchar(p[ 5] >> 4), hexchar(p[ 4] & 0xF), hexchar(p[ 4] >> 4), | |
733 | hexchar(p[ 3] & 0xF), hexchar(p[ 3] >> 4), hexchar(p[ 2] & 0xF), hexchar(p[ 2] >> 4), | |
734 | hexchar(p[ 1] & 0xF), hexchar(p[ 1] >> 4), hexchar(p[ 0] & 0xF), hexchar(p[ 0] >> 4)); | |
74b2466e LP |
735 | else |
736 | return -EAFNOSUPPORT; | |
737 | if (r < 0) | |
738 | return -ENOMEM; | |
739 | ||
740 | return 0; | |
741 | } | |
742 | ||
dcbe4a68 | 743 | int dns_name_address(const char *p, int *ret_family, union in_addr_union *ret_address) { |
b914e211 LP |
744 | int r; |
745 | ||
746 | assert(p); | |
dcbe4a68 LP |
747 | assert(ret_family); |
748 | assert(ret_address); | |
b914e211 LP |
749 | |
750 | r = dns_name_endswith(p, "in-addr.arpa"); | |
751 | if (r < 0) | |
752 | return r; | |
753 | if (r > 0) { | |
754 | uint8_t a[4]; | |
b914e211 | 755 | |
ac2300f7 | 756 | for (size_t i = 0; i < ELEMENTSOF(a); i++) { |
b914e211 LP |
757 | char label[DNS_LABEL_MAX+1]; |
758 | ||
7470cc4c | 759 | r = dns_label_unescape(&p, label, sizeof label, 0); |
b914e211 LP |
760 | if (r < 0) |
761 | return r; | |
762 | if (r == 0) | |
763 | return -EINVAL; | |
764 | if (r > 3) | |
765 | return -EINVAL; | |
766 | ||
767 | r = safe_atou8(label, &a[i]); | |
768 | if (r < 0) | |
769 | return r; | |
770 | } | |
771 | ||
772 | r = dns_name_equal(p, "in-addr.arpa"); | |
773 | if (r <= 0) | |
774 | return r; | |
775 | ||
dcbe4a68 LP |
776 | *ret_family = AF_INET; |
777 | ret_address->in.s_addr = htobe32(((uint32_t) a[3] << 24) | | |
778 | ((uint32_t) a[2] << 16) | | |
779 | ((uint32_t) a[1] << 8) | | |
780 | (uint32_t) a[0]); | |
b914e211 LP |
781 | |
782 | return 1; | |
783 | } | |
784 | ||
785 | r = dns_name_endswith(p, "ip6.arpa"); | |
786 | if (r < 0) | |
787 | return r; | |
788 | if (r > 0) { | |
789 | struct in6_addr a; | |
b914e211 | 790 | |
ac2300f7 | 791 | for (size_t i = 0; i < ELEMENTSOF(a.s6_addr); i++) { |
b914e211 LP |
792 | char label[DNS_LABEL_MAX+1]; |
793 | int x, y; | |
794 | ||
7470cc4c | 795 | r = dns_label_unescape(&p, label, sizeof label, 0); |
b914e211 LP |
796 | if (r <= 0) |
797 | return r; | |
798 | if (r != 1) | |
799 | return -EINVAL; | |
800 | x = unhexchar(label[0]); | |
801 | if (x < 0) | |
802 | return -EINVAL; | |
803 | ||
7470cc4c | 804 | r = dns_label_unescape(&p, label, sizeof label, 0); |
b914e211 LP |
805 | if (r <= 0) |
806 | return r; | |
807 | if (r != 1) | |
808 | return -EINVAL; | |
809 | y = unhexchar(label[0]); | |
810 | if (y < 0) | |
811 | return -EINVAL; | |
812 | ||
813 | a.s6_addr[ELEMENTSOF(a.s6_addr) - i - 1] = (uint8_t) y << 4 | (uint8_t) x; | |
814 | } | |
815 | ||
816 | r = dns_name_equal(p, "ip6.arpa"); | |
817 | if (r <= 0) | |
818 | return r; | |
819 | ||
dcbe4a68 LP |
820 | *ret_family = AF_INET6; |
821 | ret_address->in6 = a; | |
b914e211 LP |
822 | return 1; |
823 | } | |
824 | ||
dcbe4a68 LP |
825 | *ret_family = AF_UNSPEC; |
826 | *ret_address = IN_ADDR_NULL; | |
827 | ||
b914e211 LP |
828 | return 0; |
829 | } | |
830 | ||
dc477e73 | 831 | bool dns_name_is_root(const char *name) { |
74b2466e LP |
832 | assert(name); |
833 | ||
dc477e73 LP |
834 | /* There are exactly two ways to encode the root domain name: |
835 | * as empty string, or with a single dot. */ | |
74b2466e | 836 | |
dc477e73 | 837 | return STR_IN_SET(name, "", "."); |
74b2466e LP |
838 | } |
839 | ||
dc477e73 | 840 | bool dns_name_is_single_label(const char *name) { |
74b2466e LP |
841 | int r; |
842 | ||
843 | assert(name); | |
844 | ||
f6fbd9c2 | 845 | r = dns_name_parent(&name); |
dc477e73 LP |
846 | if (r <= 0) |
847 | return false; | |
74b2466e | 848 | |
dc477e73 | 849 | return dns_name_is_root(name); |
74b2466e | 850 | } |
54adabf7 | 851 | |
50dee79b | 852 | /* Encode a domain name according to RFC 1035 Section 3.1, without compression */ |
3cd03457 | 853 | int dns_name_to_wire_format(const char *domain, uint8_t *buffer, size_t len, bool canonical) { |
c6cefd13 | 854 | uint8_t *label_length, *out; |
54adabf7 BG |
855 | int r; |
856 | ||
c6cefd13 LP |
857 | assert(domain); |
858 | assert(buffer); | |
54adabf7 BG |
859 | |
860 | out = buffer; | |
861 | ||
862 | do { | |
50dee79b | 863 | /* Reserve a byte for label length */ |
c6cefd13 | 864 | if (len <= 0) |
54adabf7 BG |
865 | return -ENOBUFS; |
866 | len--; | |
867 | label_length = out; | |
868 | out++; | |
869 | ||
50dee79b LP |
870 | /* Convert and copy a single label. Note that |
871 | * dns_label_unescape() returns 0 when it hits the end | |
872 | * of the domain name, which we rely on here to encode | |
873 | * the trailing NUL byte. */ | |
7470cc4c | 874 | r = dns_label_unescape(&domain, (char *) out, len, 0); |
54adabf7 BG |
875 | if (r < 0) |
876 | return r; | |
877 | ||
b577e3d5 LP |
878 | /* Optionally, output the name in DNSSEC canonical |
879 | * format, as described in RFC 4034, section 6.2. Or | |
880 | * in other words: in lower-case. */ | |
881 | if (canonical) | |
882 | ascii_strlower_n((char*) out, (size_t) r); | |
3cd03457 | 883 | |
50dee79b | 884 | /* Fill label length, move forward */ |
54adabf7 BG |
885 | *label_length = r; |
886 | out += r; | |
887 | len -= r; | |
50dee79b | 888 | |
54adabf7 BG |
889 | } while (r != 0); |
890 | ||
50dee79b LP |
891 | /* Verify the maximum size of the encoded name. The trailing |
892 | * dot + NUL byte account are included this time, hence | |
893 | * compare against DNS_HOSTNAME_MAX + 2 (which is 255) this | |
894 | * time. */ | |
895 | if (out - buffer > DNS_HOSTNAME_MAX + 2) | |
896 | return -EINVAL; | |
897 | ||
54adabf7 BG |
898 | return out - buffer; |
899 | } | |
0a49b6b6 | 900 | |
0e8eedbb | 901 | static bool srv_type_label_is_valid(const char *label, size_t n) { |
0e8eedbb LP |
902 | assert(label); |
903 | ||
904 | if (n < 2) /* Label needs to be at least 2 chars long */ | |
905 | return false; | |
906 | ||
907 | if (label[0] != '_') /* First label char needs to be underscore */ | |
908 | return false; | |
909 | ||
910 | /* Second char must be a letter */ | |
ff25d338 | 911 | if (!ascii_isalpha(label[1])) |
0e8eedbb LP |
912 | return false; |
913 | ||
914 | /* Third and further chars must be alphanumeric or a hyphen */ | |
ac2300f7 | 915 | for (size_t k = 2; k < n; k++) |
ff25d338 LP |
916 | if (!ascii_isalpha(label[k]) && |
917 | !ascii_isdigit(label[k]) && | |
0e8eedbb LP |
918 | label[k] != '-') |
919 | return false; | |
0e8eedbb LP |
920 | |
921 | return true; | |
922 | } | |
923 | ||
7e8131e9 | 924 | bool dns_srv_type_is_valid(const char *name) { |
0a49b6b6 LP |
925 | unsigned c = 0; |
926 | int r; | |
927 | ||
928 | if (!name) | |
7e8131e9 | 929 | return false; |
0a49b6b6 LP |
930 | |
931 | for (;;) { | |
fd7e9887 | 932 | char label[DNS_LABEL_MAX+1]; |
0a49b6b6 LP |
933 | |
934 | /* This more or less implements RFC 6335, Section 5.1 */ | |
935 | ||
7470cc4c | 936 | r = dns_label_unescape(&name, label, sizeof label, 0); |
0a49b6b6 | 937 | if (r < 0) |
7e8131e9 | 938 | return false; |
0a49b6b6 | 939 | if (r == 0) |
0e8eedbb | 940 | break; |
0a49b6b6 | 941 | |
0e8eedbb | 942 | if (c >= 2) |
7e8131e9 | 943 | return false; |
0a49b6b6 | 944 | |
0e8eedbb | 945 | if (!srv_type_label_is_valid(label, r)) |
7e8131e9 | 946 | return false; |
0a49b6b6 LP |
947 | |
948 | c++; | |
949 | } | |
0e8eedbb LP |
950 | |
951 | return c == 2; /* exactly two labels */ | |
0a49b6b6 LP |
952 | } |
953 | ||
154ae087 DR |
954 | bool dnssd_srv_type_is_valid(const char *name) { |
955 | return dns_srv_type_is_valid(name) && | |
956 | ((dns_name_endswith(name, "_tcp") > 0) || | |
957 | (dns_name_endswith(name, "_udp") > 0)); /* Specific to DNS-SD. RFC 6763, Section 7 */ | |
958 | } | |
959 | ||
0a49b6b6 LP |
960 | bool dns_service_name_is_valid(const char *name) { |
961 | size_t l; | |
962 | ||
963 | /* This more or less implements RFC 6763, Section 4.1.1 */ | |
964 | ||
965 | if (!name) | |
966 | return false; | |
967 | ||
968 | if (!utf8_is_valid(name)) | |
969 | return false; | |
970 | ||
971 | if (string_has_cc(name, NULL)) | |
972 | return false; | |
973 | ||
974 | l = strlen(name); | |
975 | if (l <= 0) | |
976 | return false; | |
678d6b4f | 977 | if (l > DNS_LABEL_MAX) |
0a49b6b6 LP |
978 | return false; |
979 | ||
980 | return true; | |
981 | } | |
0e8eedbb LP |
982 | |
983 | int dns_service_join(const char *name, const char *type, const char *domain, char **ret) { | |
422baca0 LP |
984 | char escaped[DNS_LABEL_ESCAPED_MAX]; |
985 | _cleanup_free_ char *n = NULL; | |
0e8eedbb LP |
986 | int r; |
987 | ||
988 | assert(type); | |
989 | assert(domain); | |
990 | assert(ret); | |
991 | ||
7e8131e9 | 992 | if (!dns_srv_type_is_valid(type)) |
0e8eedbb LP |
993 | return -EINVAL; |
994 | ||
995 | if (!name) | |
7470cc4c | 996 | return dns_name_concat(type, domain, 0, ret); |
0e8eedbb LP |
997 | |
998 | if (!dns_service_name_is_valid(name)) | |
999 | return -EINVAL; | |
1000 | ||
422baca0 | 1001 | r = dns_label_escape(name, strlen(name), escaped, sizeof(escaped)); |
0e8eedbb LP |
1002 | if (r < 0) |
1003 | return r; | |
1004 | ||
7470cc4c | 1005 | r = dns_name_concat(type, domain, 0, &n); |
0e8eedbb LP |
1006 | if (r < 0) |
1007 | return r; | |
1008 | ||
7470cc4c | 1009 | return dns_name_concat(escaped, n, 0, ret); |
0e8eedbb LP |
1010 | } |
1011 | ||
1012 | static bool dns_service_name_label_is_valid(const char *label, size_t n) { | |
1013 | char *s; | |
1014 | ||
1015 | assert(label); | |
1016 | ||
1017 | if (memchr(label, 0, n)) | |
1018 | return false; | |
1019 | ||
2f82562b | 1020 | s = strndupa_safe(label, n); |
0e8eedbb LP |
1021 | return dns_service_name_is_valid(s); |
1022 | } | |
1023 | ||
ec4c0147 | 1024 | int dns_service_split(const char *joined, char **ret_name, char **ret_type, char **ret_domain) { |
0e8eedbb | 1025 | _cleanup_free_ char *name = NULL, *type = NULL, *domain = NULL; |
3c4ae50a | 1026 | const char *p = joined, *q = NULL, *d = joined; |
9db01ca5 | 1027 | char a[DNS_LABEL_MAX+1], b[DNS_LABEL_MAX+1], c[DNS_LABEL_MAX+1]; |
0e8eedbb LP |
1028 | int an, bn, cn, r; |
1029 | unsigned x = 0; | |
1030 | ||
1031 | assert(joined); | |
1032 | ||
1033 | /* Get first label from the full name */ | |
7470cc4c | 1034 | an = dns_label_unescape(&p, a, sizeof(a), 0); |
0e8eedbb LP |
1035 | if (an < 0) |
1036 | return an; | |
1037 | ||
1038 | if (an > 0) { | |
1039 | x++; | |
1040 | ||
1041 | /* If there was a first label, try to get the second one */ | |
7470cc4c | 1042 | bn = dns_label_unescape(&p, b, sizeof(b), 0); |
0e8eedbb LP |
1043 | if (bn < 0) |
1044 | return bn; | |
1045 | ||
1046 | if (bn > 0) { | |
3c4ae50a YW |
1047 | if (!srv_type_label_is_valid(b, bn)) |
1048 | goto finish; | |
1049 | ||
0e8eedbb LP |
1050 | x++; |
1051 | ||
1052 | /* If there was a second label, try to get the third one */ | |
1053 | q = p; | |
7470cc4c | 1054 | cn = dns_label_unescape(&p, c, sizeof(c), 0); |
0e8eedbb LP |
1055 | if (cn < 0) |
1056 | return cn; | |
1057 | ||
3c4ae50a | 1058 | if (cn > 0 && srv_type_label_is_valid(c, cn)) |
0e8eedbb | 1059 | x++; |
3c4ae50a YW |
1060 | } |
1061 | } | |
0e8eedbb | 1062 | |
3c4ae50a YW |
1063 | switch (x) { |
1064 | case 2: | |
1065 | if (!srv_type_label_is_valid(a, an)) | |
1066 | break; | |
0e8eedbb | 1067 | |
3c4ae50a | 1068 | /* OK, got <type> . <type2> . <domain> */ |
0e8eedbb | 1069 | |
3c4ae50a | 1070 | name = NULL; |
0e8eedbb | 1071 | |
3c4ae50a YW |
1072 | type = strjoin(a, ".", b); |
1073 | if (!type) | |
1074 | return -ENOMEM; | |
0e8eedbb | 1075 | |
3c4ae50a YW |
1076 | d = q; |
1077 | break; | |
0e8eedbb | 1078 | |
3c4ae50a YW |
1079 | case 3: |
1080 | if (!dns_service_name_label_is_valid(a, an)) | |
1081 | break; | |
0e8eedbb | 1082 | |
3c4ae50a | 1083 | /* OK, got <name> . <type> . <type2> . <domain> */ |
0e8eedbb | 1084 | |
3c4ae50a YW |
1085 | name = strndup(a, an); |
1086 | if (!name) | |
1087 | return -ENOMEM; | |
0e8eedbb | 1088 | |
3c4ae50a YW |
1089 | type = strjoin(b, ".", c); |
1090 | if (!type) | |
1091 | return -ENOMEM; | |
0e8eedbb | 1092 | |
3c4ae50a YW |
1093 | d = p; |
1094 | break; | |
0e8eedbb LP |
1095 | } |
1096 | ||
0e8eedbb | 1097 | finish: |
7470cc4c | 1098 | r = dns_name_normalize(d, 0, &domain); |
0e8eedbb LP |
1099 | if (r < 0) |
1100 | return r; | |
1101 | ||
ec4c0147 YW |
1102 | if (ret_domain) |
1103 | *ret_domain = TAKE_PTR(domain); | |
0e8eedbb | 1104 | |
ec4c0147 YW |
1105 | if (ret_type) |
1106 | *ret_type = TAKE_PTR(type); | |
0e8eedbb | 1107 | |
ec4c0147 YW |
1108 | if (ret_name) |
1109 | *ret_name = TAKE_PTR(name); | |
0e8eedbb LP |
1110 | |
1111 | return 0; | |
1112 | } | |
e7ff0e0b | 1113 | |
f2a3de01 | 1114 | static int dns_name_build_suffix_table(const char *name, const char *table[]) { |
ac2300f7 | 1115 | const char *p = ASSERT_PTR(name); |
b9282bc1 | 1116 | unsigned n = 0; |
e7ff0e0b LP |
1117 | int r; |
1118 | ||
b9282bc1 | 1119 | assert(table); |
e7ff0e0b | 1120 | |
e7ff0e0b LP |
1121 | for (;;) { |
1122 | if (n > DNS_N_LABELS_MAX) | |
1123 | return -EINVAL; | |
1124 | ||
b9282bc1 | 1125 | table[n] = p; |
e7ff0e0b LP |
1126 | r = dns_name_parent(&p); |
1127 | if (r < 0) | |
1128 | return r; | |
1129 | if (r == 0) | |
1130 | break; | |
1131 | ||
1132 | n++; | |
1133 | } | |
1134 | ||
b9282bc1 LP |
1135 | return (int) n; |
1136 | } | |
1137 | ||
1138 | int dns_name_suffix(const char *name, unsigned n_labels, const char **ret) { | |
1139 | const char* labels[DNS_N_LABELS_MAX+1]; | |
1140 | int n; | |
1141 | ||
1142 | assert(name); | |
1143 | assert(ret); | |
1144 | ||
1145 | n = dns_name_build_suffix_table(name, labels); | |
1146 | if (n < 0) | |
1147 | return n; | |
1148 | ||
1149 | if ((unsigned) n < n_labels) | |
e7ff0e0b LP |
1150 | return -EINVAL; |
1151 | ||
1152 | *ret = labels[n - n_labels]; | |
1153 | return (int) (n - n_labels); | |
1154 | } | |
1155 | ||
97c67192 LP |
1156 | int dns_name_skip(const char *a, unsigned n_labels, const char **ret) { |
1157 | int r; | |
1158 | ||
1159 | assert(a); | |
1160 | assert(ret); | |
1161 | ||
313cefa1 | 1162 | for (; n_labels > 0; n_labels--) { |
97c67192 LP |
1163 | r = dns_name_parent(&a); |
1164 | if (r < 0) | |
1165 | return r; | |
1166 | if (r == 0) { | |
1167 | *ret = ""; | |
1168 | return 0; | |
1169 | } | |
1170 | } | |
1171 | ||
1172 | *ret = a; | |
1173 | return 1; | |
1174 | } | |
1175 | ||
e7ff0e0b LP |
1176 | int dns_name_count_labels(const char *name) { |
1177 | unsigned n = 0; | |
e7ff0e0b LP |
1178 | int r; |
1179 | ||
1180 | assert(name); | |
1181 | ||
35aa3069 | 1182 | for (const char *p = name;;) { |
e7ff0e0b LP |
1183 | r = dns_name_parent(&p); |
1184 | if (r < 0) | |
1185 | return r; | |
1186 | if (r == 0) | |
1187 | break; | |
1188 | ||
1189 | if (n >= DNS_N_LABELS_MAX) | |
1190 | return -EINVAL; | |
1191 | ||
1192 | n++; | |
1193 | } | |
1194 | ||
35aa3069 | 1195 | return n; |
e7ff0e0b | 1196 | } |
db5b0e92 LP |
1197 | |
1198 | int dns_name_equal_skip(const char *a, unsigned n_labels, const char *b) { | |
1199 | int r; | |
1200 | ||
1201 | assert(a); | |
1202 | assert(b); | |
1203 | ||
97c67192 LP |
1204 | r = dns_name_skip(a, n_labels, &a); |
1205 | if (r <= 0) | |
1206 | return r; | |
db5b0e92 LP |
1207 | |
1208 | return dns_name_equal(a, b); | |
1209 | } | |
b9282bc1 LP |
1210 | |
1211 | int dns_name_common_suffix(const char *a, const char *b, const char **ret) { | |
1212 | const char *a_labels[DNS_N_LABELS_MAX+1], *b_labels[DNS_N_LABELS_MAX+1]; | |
1213 | int n = 0, m = 0, k = 0, r, q; | |
1214 | ||
1215 | assert(a); | |
1216 | assert(b); | |
1217 | assert(ret); | |
1218 | ||
1219 | /* Determines the common suffix of domain names a and b */ | |
1220 | ||
1221 | n = dns_name_build_suffix_table(a, a_labels); | |
1222 | if (n < 0) | |
1223 | return n; | |
1224 | ||
1225 | m = dns_name_build_suffix_table(b, b_labels); | |
1226 | if (m < 0) | |
1227 | return m; | |
1228 | ||
1229 | for (;;) { | |
fd7e9887 | 1230 | char la[DNS_LABEL_MAX+1], lb[DNS_LABEL_MAX+1]; |
b9282bc1 LP |
1231 | const char *x, *y; |
1232 | ||
1233 | if (k >= n || k >= m) { | |
1234 | *ret = a_labels[n - k]; | |
1235 | return 0; | |
1236 | } | |
1237 | ||
1238 | x = a_labels[n - 1 - k]; | |
7470cc4c | 1239 | r = dns_label_unescape(&x, la, sizeof la, 0); |
b9282bc1 LP |
1240 | if (r < 0) |
1241 | return r; | |
1242 | ||
1243 | y = b_labels[m - 1 - k]; | |
7470cc4c | 1244 | q = dns_label_unescape(&y, lb, sizeof lb, 0); |
b9282bc1 LP |
1245 | if (q < 0) |
1246 | return q; | |
1247 | ||
1248 | if (r != q || ascii_strcasecmp_n(la, lb, r) != 0) { | |
1249 | *ret = a_labels[n - k]; | |
1250 | return 0; | |
1251 | } | |
1252 | ||
1253 | k++; | |
1254 | } | |
1255 | } | |
0cf40f55 LP |
1256 | |
1257 | int dns_name_apply_idna(const char *name, char **ret) { | |
4917e7c7 | 1258 | |
87057e24 ZJS |
1259 | /* Return negative on error, 0 if not implemented, positive on success. */ |
1260 | ||
4917e7c7 | 1261 | #if HAVE_LIBIDN2 || HAVE_LIBIDN2 |
87057e24 | 1262 | int r; |
4917e7c7 LP |
1263 | |
1264 | r = dlopen_idn(); | |
5def1f11 | 1265 | if (r == -EOPNOTSUPP) { |
4917e7c7 LP |
1266 | *ret = NULL; |
1267 | return 0; | |
1268 | } | |
1269 | if (r < 0) | |
1270 | return r; | |
1271 | #endif | |
1272 | ||
1273 | #if HAVE_LIBIDN2 | |
0926f348 | 1274 | _cleanup_free_ char *t = NULL; |
87057e24 ZJS |
1275 | |
1276 | assert(name); | |
1277 | assert(ret); | |
1278 | ||
d80e72ec | 1279 | /* First, try non-transitional mode (i.e. IDN2008 rules) */ |
4917e7c7 LP |
1280 | r = sym_idn2_lookup_u8((uint8_t*) name, (uint8_t**) &t, |
1281 | IDN2_NFC_INPUT | IDN2_NONTRANSITIONAL); | |
d80e72ec LP |
1282 | if (r == IDN2_DISALLOWED) /* If that failed, because of disallowed characters, try transitional mode. |
1283 | * (i.e. IDN2003 rules which supports some unicode chars IDN2008 doesn't allow). */ | |
1284 | r = sym_idn2_lookup_u8((uint8_t*) name, (uint8_t**) &t, | |
1285 | IDN2_NFC_INPUT | IDN2_TRANSITIONAL); | |
1286 | ||
e2341b6b | 1287 | log_debug("idn2_lookup_u8: %s %s %s", name, special_glyph(SPECIAL_GLYPH_ARROW_RIGHT), t); |
0926f348 ZJS |
1288 | if (r == IDN2_OK) { |
1289 | if (!startswith(name, "xn--")) { | |
1290 | _cleanup_free_ char *s = NULL; | |
1291 | ||
4917e7c7 | 1292 | r = sym_idn2_to_unicode_8z8z(t, &s, 0); |
0926f348 ZJS |
1293 | if (r != IDN2_OK) { |
1294 | log_debug("idn2_to_unicode_8z8z(\"%s\") failed: %d/%s", | |
4917e7c7 | 1295 | t, r, sym_idn2_strerror(r)); |
cb3714d1 | 1296 | *ret = NULL; |
0926f348 ZJS |
1297 | return 0; |
1298 | } | |
1299 | ||
1300 | if (!streq_ptr(name, s)) { | |
e2341b6b DT |
1301 | log_debug("idn2 roundtrip failed: \"%s\" %s \"%s\" %s \"%s\", ignoring.", |
1302 | name, special_glyph(SPECIAL_GLYPH_ARROW_RIGHT), t, | |
1303 | special_glyph(SPECIAL_GLYPH_ARROW_RIGHT), s); | |
cb3714d1 | 1304 | *ret = NULL; |
0926f348 ZJS |
1305 | return 0; |
1306 | } | |
1307 | } | |
1308 | ||
1cc6c93a | 1309 | *ret = TAKE_PTR(t); |
87057e24 | 1310 | return 1; /* *ret has been written */ |
0926f348 ZJS |
1311 | } |
1312 | ||
4917e7c7 | 1313 | log_debug("idn2_lookup_u8(\"%s\") failed: %d/%s", name, r, sym_idn2_strerror(r)); |
ad1f3fe6 | 1314 | if (r == IDN2_2HYPHEN) |
f21f31b2 | 1315 | /* The name has two hyphens — forbidden by IDNA2008 in some cases */ |
ad1f3fe6 ZJS |
1316 | return 0; |
1317 | if (IN_SET(r, IDN2_TOO_BIG_DOMAIN, IDN2_TOO_BIG_LABEL)) | |
87057e24 | 1318 | return -ENOSPC; |
cb3714d1 | 1319 | |
ad1f3fe6 | 1320 | return -EINVAL; |
349cc4a5 | 1321 | #elif HAVE_LIBIDN |
0cf40f55 | 1322 | _cleanup_free_ char *buf = NULL; |
764dca0e | 1323 | size_t n = 0; |
0cf40f55 LP |
1324 | bool first = true; |
1325 | int r, q; | |
1326 | ||
1327 | assert(name); | |
1328 | assert(ret); | |
1329 | ||
1330 | for (;;) { | |
fd7e9887 | 1331 | char label[DNS_LABEL_MAX+1]; |
0cf40f55 | 1332 | |
7470cc4c | 1333 | r = dns_label_unescape(&name, label, sizeof label, 0); |
0cf40f55 LP |
1334 | if (r < 0) |
1335 | return r; | |
1336 | if (r == 0) | |
1337 | break; | |
1338 | ||
7470cc4c | 1339 | q = dns_label_apply_idna(label, r, label, sizeof label); |
0cf40f55 LP |
1340 | if (q < 0) |
1341 | return q; | |
1342 | if (q > 0) | |
1343 | r = q; | |
1344 | ||
764dca0e | 1345 | if (!GREEDY_REALLOC(buf, n + !first + DNS_LABEL_ESCAPED_MAX)) |
0cf40f55 LP |
1346 | return -ENOMEM; |
1347 | ||
1348 | r = dns_label_escape(label, r, buf + n + !first, DNS_LABEL_ESCAPED_MAX); | |
1349 | if (r < 0) | |
1350 | return r; | |
1351 | ||
1352 | if (first) | |
1353 | first = false; | |
1354 | else | |
1355 | buf[n++] = '.'; | |
1356 | ||
ad1f3fe6 | 1357 | n += r; |
0cf40f55 LP |
1358 | } |
1359 | ||
1360 | if (n > DNS_HOSTNAME_MAX) | |
1361 | return -EINVAL; | |
1362 | ||
764dca0e | 1363 | if (!GREEDY_REALLOC(buf, n + 1)) |
0cf40f55 LP |
1364 | return -ENOMEM; |
1365 | ||
1366 | buf[n] = 0; | |
1cc6c93a | 1367 | *ret = TAKE_PTR(buf); |
0cf40f55 | 1368 | |
ad1f3fe6 | 1369 | return 1; |
87057e24 | 1370 | #else |
4917e7c7 | 1371 | *ret = NULL; |
87057e24 ZJS |
1372 | return 0; |
1373 | #endif | |
0cf40f55 | 1374 | } |
08a4849e LP |
1375 | |
1376 | int dns_name_is_valid_or_address(const char *name) { | |
1377 | /* Returns > 0 if the specified name is either a valid IP address formatted as string or a valid DNS name */ | |
1378 | ||
1379 | if (isempty(name)) | |
1380 | return 0; | |
1381 | ||
1382 | if (in_addr_from_string_auto(name, NULL, NULL) >= 0) | |
1383 | return 1; | |
1384 | ||
1385 | return dns_name_is_valid(name); | |
1386 | } | |
64c82c25 LP |
1387 | |
1388 | int dns_name_dot_suffixed(const char *name) { | |
1389 | const char *p = name; | |
1390 | int r; | |
1391 | ||
1392 | for (;;) { | |
1393 | if (streq(p, ".")) | |
1394 | return true; | |
1395 | ||
1396 | r = dns_label_unescape(&p, NULL, DNS_LABEL_MAX, DNS_LABEL_LEAVE_TRAILING_DOT); | |
1397 | if (r < 0) | |
1398 | return r; | |
1399 | if (r == 0) | |
1400 | return false; | |
1401 | } | |
1402 | } | |
f4526f82 LP |
1403 | |
1404 | bool dns_name_dont_resolve(const char *name) { | |
1405 | ||
1406 | /* Never respond to some of the domains listed in RFC6303 */ | |
1407 | if (dns_name_endswith(name, "0.in-addr.arpa") > 0 || | |
1408 | dns_name_equal(name, "255.255.255.255.in-addr.arpa") > 0 || | |
1409 | dns_name_equal(name, "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.ip6.arpa") > 0) | |
1410 | return true; | |
1411 | ||
1412 | /* Never respond to some of the domains listed in RFC6761 */ | |
1413 | if (dns_name_endswith(name, "invalid") > 0) | |
1414 | return true; | |
1415 | ||
bdf58b47 BJ |
1416 | /* Never respond to some of the domains listed in RFC9476 */ |
1417 | if (dns_name_endswith(name, "alt") > 0) | |
1418 | return true; | |
1419 | ||
f4526f82 LP |
1420 | return false; |
1421 | } |