1 /* SPDX-License-Identifier: LGPL-2.1+ */
5 This file is part of systemd.
7 Copyright 2014 Lennart Poettering
10 #include <netinet/in.h>
15 #include "in-addr-util.h"
17 #include "string-util.h"
19 typedef struct DnsResourceKey DnsResourceKey
;
20 typedef struct DnsResourceRecord DnsResourceRecord
;
21 typedef struct DnsTxtItem DnsTxtItem
;
24 #define DNSKEY_FLAG_SEP (UINT16_C(1) << 0)
25 #define DNSKEY_FLAG_REVOKE (UINT16_C(1) << 7)
26 #define DNSKEY_FLAG_ZONE_KEY (UINT16_C(1) << 8)
29 #define MDNS_RR_CACHE_FLUSH (UINT16_C(1) << 15)
31 /* DNSSEC algorithm identifiers, see
32 * http://tools.ietf.org/html/rfc4034#appendix-A.1 and
33 * https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml */
35 DNSSEC_ALGORITHM_RSAMD5
= 1,
39 DNSSEC_ALGORITHM_RSASHA1
,
40 DNSSEC_ALGORITHM_DSA_NSEC3_SHA1
,
41 DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1
,
42 DNSSEC_ALGORITHM_RSASHA256
= 8, /* RFC 5702 */
43 DNSSEC_ALGORITHM_RSASHA512
= 10, /* RFC 5702 */
44 DNSSEC_ALGORITHM_ECC_GOST
= 12, /* RFC 5933 */
45 DNSSEC_ALGORITHM_ECDSAP256SHA256
= 13, /* RFC 6605 */
46 DNSSEC_ALGORITHM_ECDSAP384SHA384
= 14, /* RFC 6605 */
47 DNSSEC_ALGORITHM_ED25519
= 15, /* RFC 8080 */
48 DNSSEC_ALGORITHM_ED448
= 16, /* RFC 8080 */
49 DNSSEC_ALGORITHM_INDIRECT
= 252,
50 DNSSEC_ALGORITHM_PRIVATEDNS
,
51 DNSSEC_ALGORITHM_PRIVATEOID
,
52 _DNSSEC_ALGORITHM_MAX_DEFINED
55 /* DNSSEC digest identifiers, see
56 * https://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml */
58 DNSSEC_DIGEST_SHA1
= 1,
59 DNSSEC_DIGEST_SHA256
= 2, /* RFC 4509 */
60 DNSSEC_DIGEST_GOST_R_34_11_94
= 3, /* RFC 5933 */
61 DNSSEC_DIGEST_SHA384
= 4, /* RFC 6605 */
62 _DNSSEC_DIGEST_MAX_DEFINED
65 /* DNSSEC NSEC3 hash algorithms, see
66 * https://www.iana.org/assignments/dnssec-nsec3-parameters/dnssec-nsec3-parameters.xhtml */
68 NSEC3_ALGORITHM_SHA1
= 1,
69 _NSEC3_ALGORITHM_MAX_DEFINED
72 struct DnsResourceKey
{
73 unsigned n_ref
; /* (unsigned -1) for const keys, see below */
75 char *_name
; /* don't access directly, use dns_resource_key_name()! */
78 /* Creates a temporary resource key. This is only useful to quickly
79 * look up something, without allocating a full DnsResourceKey object
80 * for it. Note that it is not OK to take references to this kind of
81 * resource key object. */
82 #define DNS_RESOURCE_KEY_CONST(c, t, n) \
84 .n_ref = (unsigned) -1, \
93 LIST_FIELDS(DnsTxtItem
, items
);
97 struct DnsResourceRecord
{
104 usec_t expiry
; /* RRSIG signature expiry */
106 /* How many labels to strip to determine "signer" of the RRSIG (aka, the zone). -1 if not signed. */
107 unsigned n_skip_labels_signer
;
108 /* How many labels to strip to determine "synthesizing source" of this RR, i.e. the wildcard's immediate parent. -1 if not signed. */
109 unsigned n_skip_labels_source
;
113 bool wire_format_canonical
:1;
115 size_t wire_format_size
;
116 size_t wire_format_rdata_offset
;
133 } ptr
, ns
, cname
, dname
;
145 struct in_addr in_addr
;
149 struct in6_addr in6_addr
;
167 /* https://tools.ietf.org/html/rfc1876 */
178 /* https://tools.ietf.org/html/rfc4255#section-3.1 */
183 size_t fingerprint_size
;
186 /* http://tools.ietf.org/html/rfc4034#section-2.1 */
195 /* http://tools.ietf.org/html/rfc4034#section-3.1 */
197 uint16_t type_covered
;
200 uint32_t original_ttl
;
206 size_t signature_size
;
209 /* https://tools.ietf.org/html/rfc4034#section-4.1 */
211 char *next_domain_name
;
215 /* https://tools.ietf.org/html/rfc4034#section-5.1 */
230 void *next_hashed_name
;
231 size_t next_hashed_name_size
;
235 /* https://tools.ietf.org/html/draft-ietf-dane-protocol-23 */
239 uint8_t matching_type
;
244 /* https://tools.ietf.org/html/rfc6844 */
254 static inline const void* DNS_RESOURCE_RECORD_RDATA(DnsResourceRecord
*rr
) {
258 if (!rr
->wire_format
)
261 assert(rr
->wire_format_rdata_offset
<= rr
->wire_format_size
);
262 return (uint8_t*) rr
->wire_format
+ rr
->wire_format_rdata_offset
;
265 static inline size_t DNS_RESOURCE_RECORD_RDATA_SIZE(DnsResourceRecord
*rr
) {
268 if (!rr
->wire_format
)
271 assert(rr
->wire_format_rdata_offset
<= rr
->wire_format_size
);
272 return rr
->wire_format_size
- rr
->wire_format_rdata_offset
;
275 static inline uint8_t DNS_RESOURCE_RECORD_OPT_VERSION_SUPPORTED(DnsResourceRecord
*rr
) {
277 assert(rr
->key
->type
== DNS_TYPE_OPT
);
279 return ((rr
->ttl
>> 16) & 0xFF) == 0;
282 DnsResourceKey
* dns_resource_key_new(uint16_t class, uint16_t type
, const char *name
);
283 DnsResourceKey
* dns_resource_key_new_redirect(const DnsResourceKey
*key
, const DnsResourceRecord
*cname
);
284 int dns_resource_key_new_append_suffix(DnsResourceKey
**ret
, DnsResourceKey
*key
, char *name
);
285 DnsResourceKey
* dns_resource_key_new_consume(uint16_t class, uint16_t type
, char *name
);
286 DnsResourceKey
* dns_resource_key_ref(DnsResourceKey
*key
);
287 DnsResourceKey
* dns_resource_key_unref(DnsResourceKey
*key
);
288 const char* dns_resource_key_name(const DnsResourceKey
*key
);
289 bool dns_resource_key_is_address(const DnsResourceKey
*key
);
290 bool dns_resource_key_is_dnssd_ptr(const DnsResourceKey
*key
);
291 int dns_resource_key_equal(const DnsResourceKey
*a
, const DnsResourceKey
*b
);
292 int dns_resource_key_match_rr(const DnsResourceKey
*key
, DnsResourceRecord
*rr
, const char *search_domain
);
293 int dns_resource_key_match_cname_or_dname(const DnsResourceKey
*key
, const DnsResourceKey
*cname
, const char *search_domain
);
294 int dns_resource_key_match_soa(const DnsResourceKey
*key
, const DnsResourceKey
*soa
);
296 /* _DNS_{CLASS,TYPE}_STRING_MAX include one byte for NUL, which we use for space instead below.
297 * DNS_HOSTNAME_MAX does not include the NUL byte, so we need to add 1. */
298 #define DNS_RESOURCE_KEY_STRING_MAX (_DNS_CLASS_STRING_MAX + _DNS_TYPE_STRING_MAX + DNS_HOSTNAME_MAX + 1)
300 char* dns_resource_key_to_string(const DnsResourceKey
*key
, char *buf
, size_t buf_size
);
301 ssize_t
dns_resource_record_payload(DnsResourceRecord
*rr
, void **out
);
303 DEFINE_TRIVIAL_CLEANUP_FUNC(DnsResourceKey
*, dns_resource_key_unref
);
305 static inline bool dns_key_is_shared(const DnsResourceKey
*key
) {
306 return IN_SET(key
->type
, DNS_TYPE_PTR
);
309 bool dns_resource_key_reduce(DnsResourceKey
**a
, DnsResourceKey
**b
);
311 DnsResourceRecord
* dns_resource_record_new(DnsResourceKey
*key
);
312 DnsResourceRecord
* dns_resource_record_new_full(uint16_t class, uint16_t type
, const char *name
);
313 DnsResourceRecord
* dns_resource_record_ref(DnsResourceRecord
*rr
);
314 DnsResourceRecord
* dns_resource_record_unref(DnsResourceRecord
*rr
);
315 int dns_resource_record_new_reverse(DnsResourceRecord
**ret
, int family
, const union in_addr_union
*address
, const char *name
);
316 int dns_resource_record_new_address(DnsResourceRecord
**ret
, int family
, const union in_addr_union
*address
, const char *name
);
317 int dns_resource_record_equal(const DnsResourceRecord
*a
, const DnsResourceRecord
*b
);
318 const char* dns_resource_record_to_string(DnsResourceRecord
*rr
);
319 DnsResourceRecord
*dns_resource_record_copy(DnsResourceRecord
*rr
);
320 DEFINE_TRIVIAL_CLEANUP_FUNC(DnsResourceRecord
*, dns_resource_record_unref
);
322 int dns_resource_record_to_wire_format(DnsResourceRecord
*rr
, bool canonical
);
324 int dns_resource_record_signer(DnsResourceRecord
*rr
, const char **ret
);
325 int dns_resource_record_source(DnsResourceRecord
*rr
, const char **ret
);
326 int dns_resource_record_is_signer(DnsResourceRecord
*rr
, const char *zone
);
327 int dns_resource_record_is_synthetic(DnsResourceRecord
*rr
);
329 int dns_resource_record_clamp_ttl(DnsResourceRecord
**rr
, uint32_t max_ttl
);
331 DnsTxtItem
*dns_txt_item_free_all(DnsTxtItem
*i
);
332 bool dns_txt_item_equal(DnsTxtItem
*a
, DnsTxtItem
*b
);
333 DnsTxtItem
*dns_txt_item_copy(DnsTxtItem
*i
);
334 int dns_txt_item_new_empty(DnsTxtItem
**ret
);
336 void dns_resource_record_hash_func(const void *i
, struct siphash
*state
);
338 extern const struct hash_ops dns_resource_key_hash_ops
;
339 extern const struct hash_ops dns_resource_record_hash_ops
;
341 int dnssec_algorithm_to_string_alloc(int i
, char **ret
);
342 int dnssec_algorithm_from_string(const char *s
) _pure_
;
344 int dnssec_digest_to_string_alloc(int i
, char **ret
);
345 int dnssec_digest_from_string(const char *s
) _pure_
;