src/resolve/dns-type.c

   1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
   2
   3 /***
   4   This file is part of systemd.
   5
   6   Copyright 2014 Zbigniew Jędrzejewski-Szmek
   7
   8   systemd is free software; you can redistribute it and/or modify it
   9   under the terms of the GNU Lesser General Public License as published by
  10   the Free Software Foundation; either version 2.1 of the License, or
  11   (at your option) any later version.
  12
  13   systemd is distributed in the hope that it will be useful, but
  14   WITHOUT ANY WARRANTY; without even the implied warranty of
  15   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  16   Lesser General Public License for more details.
  17
  18   You should have received a copy of the GNU Lesser General Public License
  19   along with systemd; If not, see <http://www.gnu.org/licenses/>.
  20 ***/
  21
  22 #include <sys/socket.h>
  23
  24 #include "dns-type.h"
  25 #include "parse-util.h"
  26 #include "string-util.h"
  27
  28 typedef const struct {
  29         uint16_t type;
  30         const char *name;
  31 } dns_type;
  32
  33 static const struct dns_type_name *
  34 lookup_dns_type (register const char *str, register unsigned int len);
  35
  36 #include "dns_type-from-name.h"
  37 #include "dns_type-to-name.h"
  38
  39 int dns_type_from_string(const char *s) {
  40         const struct dns_type_name *sc;
  41
  42         assert(s);
  43
  44         sc = lookup_dns_type(s, strlen(s));
  45         if (sc)
  46                 return sc->id;
  47
  48         s = startswith_no_case(s, "TYPE");
  49         if (s) {
  50                 unsigned x;
  51
  52                 if (safe_atou(s, &x) >= 0 &&
  53                     x <= UINT16_MAX)
  54                         return (int) x;
  55         }
  56
  57         return _DNS_TYPE_INVALID;
  58 }
  59
  60 bool dns_type_is_pseudo(uint16_t type) {
  61
  62         /* Checks whether the specified type is a "pseudo-type". What
  63          * a "pseudo-type" precisely is, is defined only very weakly,
  64          * but apparently entails all RR types that are not actually
  65          * stored as RRs on the server and should hence also not be
  66          * cached. We use this list primarily to validate NSEC type
  67          * bitfields, and to verify what to cache. */
  68
  69         return IN_SET(type,
  70                       0, /* A Pseudo RR type, according to RFC 2931 */
  71                       DNS_TYPE_ANY,
  72                       DNS_TYPE_AXFR,
  73                       DNS_TYPE_IXFR,
  74                       DNS_TYPE_OPT,
  75                       DNS_TYPE_TSIG,
  76                       DNS_TYPE_TKEY
  77         );
  78 }
  79
  80 bool dns_class_is_pseudo(uint16_t class) {
  81         return class == DNS_TYPE_ANY;
  82 }
  83
  84 bool dns_type_is_valid_query(uint16_t type) {
  85
  86         /* The types valid as questions in packets */
  87
  88         return !IN_SET(type,
  89                        0,
  90                        DNS_TYPE_OPT,
  91                        DNS_TYPE_TSIG,
  92                        DNS_TYPE_TKEY,
  93
  94                        /* RRSIG are technically valid as questions, but we refuse doing explicit queries for them, as
  95                         * they aren't really payload, but signatures for payload, and cannot be validated on their
  96                         * own. After all they are the signatures, and have no signatures of their own validating
  97                         * them. */
  98                        DNS_TYPE_RRSIG);
  99 }
 100
 101 bool dns_type_is_valid_rr(uint16_t type) {
 102
 103         /* The types valid as RR in packets (but not necessarily
 104          * stored on servers). */
 105
 106         return !IN_SET(type,
 107                        DNS_TYPE_ANY,
 108                        DNS_TYPE_AXFR,
 109                        DNS_TYPE_IXFR);
 110 }
 111
 112 bool dns_class_is_valid_rr(uint16_t class) {
 113         return class != DNS_CLASS_ANY;
 114 }
 115
 116 bool dns_type_may_redirect(uint16_t type) {
 117         /* The following record types should never be redirected using
 118          * CNAME/DNAME RRs. See
 119          * <https://tools.ietf.org/html/rfc4035#section-2.5>. */
 120
 121         if (dns_type_is_pseudo(type))
 122                 return false;
 123
 124         return !IN_SET(type,
 125                        DNS_TYPE_CNAME,
 126                        DNS_TYPE_DNAME,
 127                        DNS_TYPE_NSEC3,
 128                        DNS_TYPE_NSEC,
 129                        DNS_TYPE_RRSIG,
 130                        DNS_TYPE_NXT,
 131                        DNS_TYPE_SIG,
 132                        DNS_TYPE_KEY);
 133 }
 134
 135 bool dns_type_may_wildcard(uint16_t type) {
 136
 137         /* The following records may not be expanded from wildcard RRsets */
 138
 139         if (dns_type_is_pseudo(type))
 140                 return false;
 141
 142         return !IN_SET(type,
 143                        DNS_TYPE_NSEC3,
 144                        DNS_TYPE_SOA,
 145
 146                        /* Prohibited by https://tools.ietf.org/html/rfc4592#section-4.4 */
 147                        DNS_TYPE_DNAME);
 148 }
 149
 150 bool dns_type_apex_only(uint16_t type) {
 151
 152         /* Returns true for all RR types that may only appear signed in a zone apex */
 153
 154         return IN_SET(type,
 155                       DNS_TYPE_SOA,
 156                       DNS_TYPE_NS,            /* this one can appear elsewhere, too, but not signed */
 157                       DNS_TYPE_DNSKEY,
 158                       DNS_TYPE_NSEC3PARAM);
 159 }
 160
 161 bool dns_type_is_dnssec(uint16_t type) {
 162         return IN_SET(type,
 163                       DNS_TYPE_DS,
 164                       DNS_TYPE_DNSKEY,
 165                       DNS_TYPE_RRSIG,
 166                       DNS_TYPE_NSEC,
 167                       DNS_TYPE_NSEC3,
 168                       DNS_TYPE_NSEC3PARAM);
 169 }
 170
 171 bool dns_type_is_obsolete(uint16_t type) {
 172         return IN_SET(type,
 173                       /* Obsoleted by RFC 973 */
 174                       DNS_TYPE_MD,
 175                       DNS_TYPE_MF,
 176                       DNS_TYPE_MAILA,
 177
 178                       /* Kinda obsoleted by RFC 2505 */
 179                       DNS_TYPE_MB,
 180                       DNS_TYPE_MG,
 181                       DNS_TYPE_MR,
 182                       DNS_TYPE_MINFO,
 183                       DNS_TYPE_MAILB,
 184
 185                       /* RFC1127 kinda obsoleted this by recommending against its use */
 186                       DNS_TYPE_WKS,
 187
 188                       /* Declared historical by RFC 6563 */
 189                       DNS_TYPE_A6,
 190
 191                       /* Obsoleted by DNSSEC-bis */
 192                       DNS_TYPE_NXT,
 193
 194                       /* RFC 1035 removed support for concepts that needed this from RFC 883 */
 195                       DNS_TYPE_NULL);
 196 }
 197
 198 int dns_type_to_af(uint16_t t) {
 199         switch (t) {
 200
 201         case DNS_TYPE_A:
 202                 return AF_INET;
 203
 204         case DNS_TYPE_AAAA:
 205                 return AF_INET6;
 206
 207         case DNS_TYPE_ANY:
 208                 return AF_UNSPEC;
 209
 210         default:
 211                 return -EINVAL;
 212         }
 213 }
 214
 215 const char *dns_class_to_string(uint16_t class) {
 216
 217         switch (class) {
 218
 219         case DNS_CLASS_IN:
 220                 return "IN";
 221
 222         case DNS_CLASS_ANY:
 223                 return "ANY";
 224         }
 225
 226         return NULL;
 227 }
 228
 229 int dns_class_from_string(const char *s) {
 230
 231         if (!s)
 232                 return _DNS_CLASS_INVALID;
 233
 234         if (strcaseeq(s, "IN"))
 235                 return DNS_CLASS_IN;
 236         else if (strcaseeq(s, "ANY"))
 237                 return DNS_CLASS_ANY;
 238
 239         return _DNS_CLASS_INVALID;
 240 }
 241
 242 const char* tlsa_cert_usage_to_string(uint8_t cert_usage) {
 243
 244         switch (cert_usage) {
 245
 246         case 0:
 247                 return "CA constraint";
 248
 249         case 1:
 250                 return "Service certificate constraint";
 251
 252         case 2:
 253                 return "Trust anchor assertion";
 254
 255         case 3:
 256                 return "Domain-issued certificate";
 257
 258         case 4 ... 254:
 259                 return "Unassigned";
 260
 261         case 255:
 262                 return "Private use";
 263         }
 264
 265         return NULL;  /* clang cannot count that we covered everything */
 266 }
 267
 268 const char* tlsa_selector_to_string(uint8_t selector) {
 269         switch (selector) {
 270
 271         case 0:
 272                 return "Full Certificate";
 273
 274         case 1:
 275                 return "SubjectPublicKeyInfo";
 276
 277         case 2 ... 254:
 278                 return "Unassigned";
 279
 280         case 255:
 281                 return "Private use";
 282         }
 283
 284         return NULL;
 285 }
 286
 287 const char* tlsa_matching_type_to_string(uint8_t selector) {
 288
 289         switch (selector) {
 290
 291         case 0:
 292                 return "No hash used";
 293
 294         case 1:
 295                 return "SHA-256";
 296
 297         case 2:
 298                 return "SHA-512";
 299
 300         case 3 ... 254:
 301                 return "Unassigned";
 302
 303         case 255:
 304                 return "Private use";
 305         }
 306
 307         return NULL;
 308 }