]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/dns-type.c
2 This file is part of systemd.
4 Copyright 2014 Zbigniew Jędrzejewski-Szmek
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
20 #include <sys/socket.h>
23 #include "parse-util.h"
24 #include "string-util.h"
26 typedef const struct {
31 static const struct dns_type_name
*
32 lookup_dns_type (register const char *str
, register unsigned int len
);
34 #include "dns_type-from-name.h"
35 #include "dns_type-to-name.h"
37 int dns_type_from_string(const char *s
) {
38 const struct dns_type_name
*sc
;
42 sc
= lookup_dns_type(s
, strlen(s
));
46 s
= startswith_no_case(s
, "TYPE");
50 if (safe_atou(s
, &x
) >= 0 &&
55 return _DNS_TYPE_INVALID
;
58 bool dns_type_is_pseudo(uint16_t type
) {
60 /* Checks whether the specified type is a "pseudo-type". What
61 * a "pseudo-type" precisely is, is defined only very weakly,
62 * but apparently entails all RR types that are not actually
63 * stored as RRs on the server and should hence also not be
64 * cached. We use this list primarily to validate NSEC type
65 * bitfields, and to verify what to cache. */
68 0, /* A Pseudo RR type, according to RFC 2931 */
78 bool dns_class_is_pseudo(uint16_t class) {
79 return class == DNS_TYPE_ANY
;
82 bool dns_type_is_valid_query(uint16_t type
) {
84 /* The types valid as questions in packets */
92 /* RRSIG are technically valid as questions, but we refuse doing explicit queries for them, as
93 * they aren't really payload, but signatures for payload, and cannot be validated on their
94 * own. After all they are the signatures, and have no signatures of their own validating
99 bool dns_type_is_valid_rr(uint16_t type
) {
101 /* The types valid as RR in packets (but not necessarily
102 * stored on servers). */
110 bool dns_class_is_valid_rr(uint16_t class) {
111 return class != DNS_CLASS_ANY
;
114 bool dns_type_may_redirect(uint16_t type
) {
115 /* The following record types should never be redirected using
116 * CNAME/DNAME RRs. See
117 * <https://tools.ietf.org/html/rfc4035#section-2.5>. */
119 if (dns_type_is_pseudo(type
))
133 bool dns_type_may_wildcard(uint16_t type
) {
135 /* The following records may not be expanded from wildcard RRsets */
137 if (dns_type_is_pseudo(type
))
144 /* Prohibited by https://tools.ietf.org/html/rfc4592#section-4.4 */
148 bool dns_type_apex_only(uint16_t type
) {
150 /* Returns true for all RR types that may only appear signed in a zone apex */
154 DNS_TYPE_NS
, /* this one can appear elsewhere, too, but not signed */
156 DNS_TYPE_NSEC3PARAM
);
159 bool dns_type_is_dnssec(uint16_t type
) {
166 DNS_TYPE_NSEC3PARAM
);
169 bool dns_type_is_obsolete(uint16_t type
) {
171 /* Obsoleted by RFC 973 */
176 /* Kinda obsoleted by RFC 2505 */
183 /* RFC1127 kinda obsoleted this by recommending against its use */
186 /* Declared historical by RFC 6563 */
189 /* Obsoleted by DNSSEC-bis */
192 /* RFC 1035 removed support for concepts that needed this from RFC 883 */
196 bool dns_type_needs_authentication(uint16_t type
) {
198 /* Returns true for all (non-obsolete) RR types where records are not useful if they aren't
199 * authenticated. I.e. everything that contains crypto keys. */
213 int dns_type_to_af(uint16_t t
) {
230 const char *dns_class_to_string(uint16_t class) {
244 int dns_class_from_string(const char *s
) {
247 return _DNS_CLASS_INVALID
;
249 if (strcaseeq(s
, "IN"))
251 else if (strcaseeq(s
, "ANY"))
252 return DNS_CLASS_ANY
;
254 return _DNS_CLASS_INVALID
;
257 const char* tlsa_cert_usage_to_string(uint8_t cert_usage
) {
259 switch (cert_usage
) {
262 return "CA constraint";
265 return "Service certificate constraint";
268 return "Trust anchor assertion";
271 return "Domain-issued certificate";
277 return "Private use";
280 return NULL
; /* clang cannot count that we covered everything */
283 const char* tlsa_selector_to_string(uint8_t selector
) {
287 return "Full Certificate";
290 return "SubjectPublicKeyInfo";
296 return "Private use";
302 const char* tlsa_matching_type_to_string(uint8_t selector
) {
307 return "No hash used";
319 return "Private use";