src/resolve/resolved-dns-rr.h

   1 #pragma once
   2
   3 /***
   4   This file is part of systemd.
   5
   6   Copyright 2014 Lennart Poettering
   7
   8   systemd is free software; you can redistribute it and/or modify it
   9   under the terms of the GNU Lesser General Public License as published by
  10   the Free Software Foundation; either version 2.1 of the License, or
  11   (at your option) any later version.
  12
  13   systemd is distributed in the hope that it will be useful, but
  14   WITHOUT ANY WARRANTY; without even the implied warranty of
  15   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  16   Lesser General Public License for more details.
  17
  18   You should have received a copy of the GNU Lesser General Public License
  19   along with systemd; If not, see <http://www.gnu.org/licenses/>.
  20  ***/
  21
  22 #include <netinet/in.h>
  23
  24 #include "bitmap.h"
  25 #include "dns-type.h"
  26 #include "hashmap.h"
  27 #include "in-addr-util.h"
  28 #include "list.h"
  29
  30 typedef struct DnsResourceKey DnsResourceKey;
  31 typedef struct DnsResourceRecord DnsResourceRecord;
  32 typedef struct DnsTxtItem DnsTxtItem;
  33
  34 /* DNSKEY RR flags */
  35 #define DNSKEY_FLAG_SEP      (UINT16_C(1) << 0)
  36 #define DNSKEY_FLAG_REVOKE   (UINT16_C(1) << 7)
  37 #define DNSKEY_FLAG_ZONE_KEY (UINT16_C(1) << 8)
  38
  39 /* mDNS RR flags */
  40 #define MDNS_RR_CACHE_FLUSH  (UINT16_C(1) << 15)
  41
  42 /* DNSSEC algorithm identifiers, see
  43  * http://tools.ietf.org/html/rfc4034#appendix-A.1 and
  44  * https://www.iana.org/assignments/dns-sec-alg-numbers/dns-sec-alg-numbers.xhtml */
  45 enum {
  46         DNSSEC_ALGORITHM_RSAMD5 = 1,
  47         DNSSEC_ALGORITHM_DH,
  48         DNSSEC_ALGORITHM_DSA,
  49         DNSSEC_ALGORITHM_ECC,
  50         DNSSEC_ALGORITHM_RSASHA1,
  51         DNSSEC_ALGORITHM_DSA_NSEC3_SHA1,
  52         DNSSEC_ALGORITHM_RSASHA1_NSEC3_SHA1,
  53         DNSSEC_ALGORITHM_RSASHA256 = 8,        /* RFC 5702 */
  54         DNSSEC_ALGORITHM_RSASHA512 = 10,       /* RFC 5702 */
  55         DNSSEC_ALGORITHM_ECC_GOST = 12,        /* RFC 5933 */
  56         DNSSEC_ALGORITHM_ECDSAP256SHA256 = 13, /* RFC 6605 */
  57         DNSSEC_ALGORITHM_ECDSAP384SHA384 = 14, /* RFC 6605 */
  58         DNSSEC_ALGORITHM_INDIRECT = 252,
  59         DNSSEC_ALGORITHM_PRIVATEDNS,
  60         DNSSEC_ALGORITHM_PRIVATEOID,
  61         _DNSSEC_ALGORITHM_MAX_DEFINED
  62 };
  63
  64 /* DNSSEC digest identifiers, see
  65  * https://www.iana.org/assignments/ds-rr-types/ds-rr-types.xhtml */
  66 enum {
  67         DNSSEC_DIGEST_SHA1 = 1,
  68         DNSSEC_DIGEST_SHA256 = 2,              /* RFC 4509 */
  69         DNSSEC_DIGEST_GOST_R_34_11_94 = 3,     /* RFC 5933 */
  70         DNSSEC_DIGEST_SHA384 = 4,              /* RFC 6605 */
  71         _DNSSEC_DIGEST_MAX_DEFINED
  72 };
  73
  74 /* DNSSEC NSEC3 hash algorithms, see
  75  * https://www.iana.org/assignments/dnssec-nsec3-parameters/dnssec-nsec3-parameters.xhtml */
  76 enum {
  77         NSEC3_ALGORITHM_SHA1 = 1,
  78         _NSEC3_ALGORITHM_MAX_DEFINED
  79 };
  80
  81 struct DnsResourceKey {
  82         unsigned n_ref; /* (unsigned -1) for const keys, see below */
  83         uint16_t class, type;
  84         char *_name; /* don't access directy, use DNS_RESOURCE_KEY_NAME()! */
  85 };
  86
  87 /* Creates a temporary resource key. This is only useful to quickly
  88  * look up something, without allocating a full DnsResourceKey object
  89  * for it. Note that it is not OK to take references to this kind of
  90  * resource key object. */
  91 #define DNS_RESOURCE_KEY_CONST(c, t, n)                 \
  92         ((DnsResourceKey) {                             \
  93                 .n_ref = (unsigned) -1,                 \
  94                 .class = c,                             \
  95                 .type = t,                              \
  96                 ._name = (char*) n,                     \
  97         })
  98
  99
 100 struct DnsTxtItem {
 101         size_t length;
 102         LIST_FIELDS(DnsTxtItem, items);
 103         uint8_t data[];
 104 };
 105
 106 struct DnsResourceRecord {
 107         unsigned n_ref;
 108         DnsResourceKey *key;
 109
 110         char *to_string;
 111
 112         uint32_t ttl;
 113         usec_t expiry; /* RRSIG signature expiry */
 114
 115         /* How many labels to strip to determine "signer" of the RRSIG (aka, the zone). -1 if not signed. */
 116         unsigned n_skip_labels_signer;
 117         /* How many labels to strip to determine "synthesizing source" of this RR, i.e. the wildcard's immediate parent. -1 if not signed. */
 118         unsigned n_skip_labels_source;
 119
 120         bool unparseable:1;
 121
 122         bool wire_format_canonical:1;
 123         void *wire_format;
 124         size_t wire_format_size;
 125         size_t wire_format_rdata_offset;
 126
 127         union {
 128                 struct {
 129                         void *data;
 130                         size_t data_size;
 131                 } generic, opt;
 132
 133                 struct {
 134                         uint16_t priority;
 135                         uint16_t weight;
 136                         uint16_t port;
 137                         char *name;
 138                 } srv;
 139
 140                 struct {
 141                         char *name;
 142                 } ptr, ns, cname, dname;
 143
 144                 struct {
 145                         char *cpu;
 146                         char *os;
 147                 } hinfo;
 148
 149                 struct {
 150                         DnsTxtItem *items;
 151                 } txt, spf;
 152
 153                 struct {
 154                         struct in_addr in_addr;
 155                 } a;
 156
 157                 struct {
 158                         struct in6_addr in6_addr;
 159                 } aaaa;
 160
 161                 struct {
 162                         char *mname;
 163                         char *rname;
 164                         uint32_t serial;
 165                         uint32_t refresh;
 166                         uint32_t retry;
 167                         uint32_t expire;
 168                         uint32_t minimum;
 169                 } soa;
 170
 171                 struct {
 172                         uint16_t priority;
 173                         char *exchange;
 174                 } mx;
 175
 176                 /* https://tools.ietf.org/html/rfc1876 */
 177                 struct {
 178                         uint8_t version;
 179                         uint8_t size;
 180                         uint8_t horiz_pre;
 181                         uint8_t vert_pre;
 182                         uint32_t latitude;
 183                         uint32_t longitude;
 184                         uint32_t altitude;
 185                 } loc;
 186
 187                 /* https://tools.ietf.org/html/rfc4255#section-3.1 */
 188                 struct {
 189                         uint8_t algorithm;
 190                         uint8_t fptype;
 191                         void *fingerprint;
 192                         size_t fingerprint_size;
 193                 } sshfp;
 194
 195                 /* http://tools.ietf.org/html/rfc4034#section-2.1 */
 196                 struct {
 197                         uint16_t flags;
 198                         uint8_t protocol;
 199                         uint8_t algorithm;
 200                         void* key;
 201                         size_t key_size;
 202                 } dnskey;
 203
 204                 /* http://tools.ietf.org/html/rfc4034#section-3.1 */
 205                 struct {
 206                         uint16_t type_covered;
 207                         uint8_t algorithm;
 208                         uint8_t labels;
 209                         uint32_t original_ttl;
 210                         uint32_t expiration;
 211                         uint32_t inception;
 212                         uint16_t key_tag;
 213                         char *signer;
 214                         void *signature;
 215                         size_t signature_size;
 216                 } rrsig;
 217
 218                 /* https://tools.ietf.org/html/rfc4034#section-4.1 */
 219                 struct {
 220                         char *next_domain_name;
 221                         Bitmap *types;
 222                 } nsec;
 223
 224                 /* https://tools.ietf.org/html/rfc4034#section-5.1 */
 225                 struct {
 226                         uint16_t key_tag;
 227                         uint8_t algorithm;
 228                         uint8_t digest_type;
 229                         void *digest;
 230                         size_t digest_size;
 231                 } ds;
 232
 233                 struct {
 234                         uint8_t algorithm;
 235                         uint8_t flags;
 236                         uint16_t iterations;
 237                         void *salt;
 238                         size_t salt_size;
 239                         void *next_hashed_name;
 240                         size_t next_hashed_name_size;
 241                         Bitmap *types;
 242                 } nsec3;
 243
 244                 /* https://tools.ietf.org/html/draft-ietf-dane-protocol-23 */
 245                 struct {
 246                         uint8_t cert_usage;
 247                         uint8_t selector;
 248                         uint8_t matching_type;
 249                         void *data;
 250                         size_t data_size;
 251                 } tlsa;
 252         };
 253 };
 254
 255 static inline const char* DNS_RESOURCE_KEY_NAME(const DnsResourceKey *key) {
 256         if (!key)
 257                 return NULL;
 258
 259         if (key->_name)
 260                 return key->_name;
 261
 262         return (char*) key + sizeof(DnsResourceKey);
 263 }
 264
 265 static inline const void* DNS_RESOURCE_RECORD_RDATA(DnsResourceRecord *rr) {
 266         if (!rr)
 267                 return NULL;
 268
 269         if (!rr->wire_format)
 270                 return NULL;
 271
 272         assert(rr->wire_format_rdata_offset <= rr->wire_format_size);
 273         return (uint8_t*) rr->wire_format + rr->wire_format_rdata_offset;
 274 }
 275
 276 static inline size_t DNS_RESOURCE_RECORD_RDATA_SIZE(DnsResourceRecord *rr) {
 277         if (!rr)
 278                 return 0;
 279         if (!rr->wire_format)
 280                 return 0;
 281
 282         assert(rr->wire_format_rdata_offset <= rr->wire_format_size);
 283         return rr->wire_format_size - rr->wire_format_rdata_offset;
 284 }
 285
 286 DnsResourceKey* dns_resource_key_new(uint16_t class, uint16_t type, const char *name);
 287 DnsResourceKey* dns_resource_key_new_redirect(const DnsResourceKey *key, const DnsResourceRecord *cname);
 288 int dns_resource_key_new_append_suffix(DnsResourceKey **ret, DnsResourceKey *key, char *name);
 289 DnsResourceKey* dns_resource_key_new_consume(uint16_t class, uint16_t type, char *name);
 290 DnsResourceKey* dns_resource_key_ref(DnsResourceKey *key);
 291 DnsResourceKey* dns_resource_key_unref(DnsResourceKey *key);
 292 bool dns_resource_key_is_address(const DnsResourceKey *key);
 293 int dns_resource_key_equal(const DnsResourceKey *a, const DnsResourceKey *b);
 294 int dns_resource_key_match_rr(const DnsResourceKey *key, DnsResourceRecord *rr, const char *search_domain);
 295 int dns_resource_key_match_cname_or_dname(const DnsResourceKey *key, const DnsResourceKey *cname, const char *search_domain);
 296 int dns_resource_key_match_soa(const DnsResourceKey *key, const DnsResourceKey *soa);
 297 int dns_resource_key_to_string(const DnsResourceKey *key, char **ret);
 298 DEFINE_TRIVIAL_CLEANUP_FUNC(DnsResourceKey*, dns_resource_key_unref);
 299
 300 static inline bool dns_key_is_shared(const DnsResourceKey *key) {
 301         return IN_SET(key->type, DNS_TYPE_PTR);
 302 }
 303
 304 bool dns_resource_key_reduce(DnsResourceKey **a, DnsResourceKey **b);
 305
 306 DnsResourceRecord* dns_resource_record_new(DnsResourceKey *key);
 307 DnsResourceRecord* dns_resource_record_new_full(uint16_t class, uint16_t type, const char *name);
 308 DnsResourceRecord* dns_resource_record_ref(DnsResourceRecord *rr);
 309 DnsResourceRecord* dns_resource_record_unref(DnsResourceRecord *rr);
 310 int dns_resource_record_new_reverse(DnsResourceRecord **ret, int family, const union in_addr_union *address, const char *name);
 311 int dns_resource_record_new_address(DnsResourceRecord **ret, int family, const union in_addr_union *address, const char *name);
 312 int dns_resource_record_equal(const DnsResourceRecord *a, const DnsResourceRecord *b);
 313 const char* dns_resource_record_to_string(DnsResourceRecord *rr);
 314 DEFINE_TRIVIAL_CLEANUP_FUNC(DnsResourceRecord*, dns_resource_record_unref);
 315
 316 int dns_resource_record_to_wire_format(DnsResourceRecord *rr, bool canonical);
 317
 318 int dns_resource_record_signer(DnsResourceRecord *rr, const char **ret);
 319 int dns_resource_record_source(DnsResourceRecord *rr, const char **ret);
 320 int dns_resource_record_is_signer(DnsResourceRecord *rr, const char *zone);
 321 int dns_resource_record_is_synthetic(DnsResourceRecord *rr);
 322
 323 DnsTxtItem *dns_txt_item_free_all(DnsTxtItem *i);
 324 bool dns_txt_item_equal(DnsTxtItem *a, DnsTxtItem *b);
 325
 326 extern const struct hash_ops dns_resource_key_hash_ops;
 327 extern const struct hash_ops dns_resource_record_hash_ops;
 328
 329 int dnssec_algorithm_to_string_alloc(int i, char **ret);
 330 int dnssec_algorithm_from_string(const char *s) _pure_;
 331
 332 int dnssec_digest_to_string_alloc(int i, char **ret);
 333 int dnssec_digest_from_string(const char *s) _pure_;