src/resolve/dns-type.c

   1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
   2
   3 /***
   4   This file is part of systemd.
   5
   6   Copyright 2014 Zbigniew Jędrzejewski-Szmek
   7
   8   systemd is free software; you can redistribute it and/or modify it
   9   under the terms of the GNU Lesser General Public License as published by
  10   the Free Software Foundation; either version 2.1 of the License, or
  11   (at your option) any later version.
  12
  13   systemd is distributed in the hope that it will be useful, but
  14   WITHOUT ANY WARRANTY; without even the implied warranty of
  15   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  16   Lesser General Public License for more details.
  17
  18   You should have received a copy of the GNU Lesser General Public License
  19   along with systemd; If not, see <http://www.gnu.org/licenses/>.
  20 ***/
  21
  22 #include "dns-type.h"
  23 #include "string-util.h"
  24
  25 typedef const struct {
  26         uint16_t type;
  27         const char *name;
  28 } dns_type;
  29
  30 static const struct dns_type_name *
  31 lookup_dns_type (register const char *str, register unsigned int len);
  32
  33 #include "dns_type-from-name.h"
  34 #include "dns_type-to-name.h"
  35
  36 int dns_type_from_string(const char *s) {
  37         const struct dns_type_name *sc;
  38
  39         assert(s);
  40
  41         sc = lookup_dns_type(s, strlen(s));
  42         if (!sc)
  43                 return _DNS_TYPE_INVALID;
  44
  45         return sc->id;
  46 }
  47
  48 bool dns_type_is_pseudo(uint16_t type) {
  49
  50         /* Checks whether the specified type is a "pseudo-type". What
  51          * a "pseudo-type" precisely is, is defined only very weakly,
  52          * but apparently entails all RR types that are not actually
  53          * stored as RRs on the server and should hence also not be
  54          * cached. We use this list primarily to validate NSEC type
  55          * bitfields, and to verify what to cache. */
  56
  57         return IN_SET(type,
  58                       0, /* A Pseudo RR type, according to RFC 2931 */
  59                       DNS_TYPE_ANY,
  60                       DNS_TYPE_AXFR,
  61                       DNS_TYPE_IXFR,
  62                       DNS_TYPE_OPT,
  63                       DNS_TYPE_TSIG,
  64                       DNS_TYPE_TKEY
  65         );
  66 }
  67
  68 bool dns_class_is_pseudo(uint16_t class) {
  69         return class == DNS_TYPE_ANY;
  70 }
  71
  72 bool dns_type_is_valid_query(uint16_t type) {
  73
  74         /* The types valid as questions in packets */
  75
  76         return !IN_SET(type,
  77                        0,
  78                        DNS_TYPE_OPT,
  79                        DNS_TYPE_TSIG,
  80                        DNS_TYPE_TKEY,
  81
  82                        /* RRSIG are technically valid as questions, but we refuse doing explicit queries for them, as
  83                         * they aren't really payload, but signatures for payload, and cannot be validated on their
  84                         * own. After all they are the signatures, and have no signatures of their own validating
  85                         * them. */
  86                        DNS_TYPE_RRSIG);
  87 }
  88
  89 bool dns_type_is_valid_rr(uint16_t type) {
  90
  91         /* The types valid as RR in packets (but not necessarily
  92          * stored on servers). */
  93
  94         return !IN_SET(type,
  95                        DNS_TYPE_ANY,
  96                        DNS_TYPE_AXFR,
  97                        DNS_TYPE_IXFR);
  98 }
  99
 100 bool dns_class_is_valid_rr(uint16_t class) {
 101         return class != DNS_CLASS_ANY;
 102 }
 103
 104 bool dns_type_may_redirect(uint16_t type) {
 105         /* The following record types should never be redirected using
 106          * CNAME/DNAME RRs. See
 107          * <https://tools.ietf.org/html/rfc4035#section-2.5>. */
 108
 109         if (dns_type_is_pseudo(type))
 110                 return false;
 111
 112         return !IN_SET(type,
 113                        DNS_TYPE_CNAME,
 114                        DNS_TYPE_DNAME,
 115                        DNS_TYPE_NSEC3,
 116                        DNS_TYPE_NSEC,
 117                        DNS_TYPE_RRSIG,
 118                        DNS_TYPE_NXT,
 119                        DNS_TYPE_SIG,
 120                        DNS_TYPE_KEY);
 121 }
 122
 123 bool dns_type_may_wildcard(uint16_t type) {
 124
 125         /* The following records may not be expanded from wildcard RRsets */
 126
 127         if (dns_type_is_pseudo(type))
 128                 return false;
 129
 130         return !IN_SET(type,
 131                        DNS_TYPE_NSEC3,
 132                        DNS_TYPE_SOA,
 133
 134                        /* Prohibited by https://tools.ietf.org/html/rfc4592#section-4.4 */
 135                        DNS_TYPE_DNAME);
 136 }
 137
 138 bool dns_type_apex_only(uint16_t type) {
 139
 140         /* Returns true for all RR types that may only appear signed in a zone apex */
 141
 142         return IN_SET(type,
 143                       DNS_TYPE_SOA,
 144                       DNS_TYPE_NS,            /* this one can appear elsewhere, too, but not signed */
 145                       DNS_TYPE_DNSKEY,
 146                       DNS_TYPE_NSEC3PARAM);
 147 }
 148
 149 bool dns_type_is_dnssec(uint16_t type) {
 150         return IN_SET(type,
 151                       DNS_TYPE_DS,
 152                       DNS_TYPE_DNSKEY,
 153                       DNS_TYPE_RRSIG,
 154                       DNS_TYPE_NSEC,
 155                       DNS_TYPE_NSEC3,
 156                       DNS_TYPE_NSEC3PARAM);
 157 }
 158
 159 bool dns_type_is_obsolete(uint16_t type) {
 160         return IN_SET(type,
 161                       /* Obsoleted by RFC 973 */
 162                       DNS_TYPE_MD,
 163                       DNS_TYPE_MF,
 164                       DNS_TYPE_MAILA,
 165
 166                       /* Kinda obsoleted by RFC 2505 */
 167                       DNS_TYPE_MB,
 168                       DNS_TYPE_MG,
 169                       DNS_TYPE_MR,
 170                       DNS_TYPE_MINFO,
 171                       DNS_TYPE_MAILB,
 172
 173                       /* RFC1127 kinda obsoleted this by recommending against its use */
 174                       DNS_TYPE_WKS,
 175
 176                       /* Declared historical by RFC 6563 */
 177                       DNS_TYPE_A6,
 178
 179                       /* Obsoleted by DNSSEC-bis */
 180                       DNS_TYPE_NXT,
 181
 182                       /* RFC 1035 removed support for concepts that needed this from RFC 883 */
 183                       DNS_TYPE_NULL);
 184 }
 185
 186 const char *dns_class_to_string(uint16_t class) {
 187
 188         switch (class) {
 189
 190         case DNS_CLASS_IN:
 191                 return "IN";
 192
 193         case DNS_CLASS_ANY:
 194                 return "ANY";
 195         }
 196
 197         return NULL;
 198 }
 199
 200 int dns_class_from_string(const char *s) {
 201
 202         if (!s)
 203                 return _DNS_CLASS_INVALID;
 204
 205         if (strcaseeq(s, "IN"))
 206                 return DNS_CLASS_IN;
 207         else if (strcaseeq(s, "ANY"))
 208                 return DNS_CLASS_ANY;
 209
 210         return _DNS_CLASS_INVALID;
 211 }