resolved: explicitly refuse zone transfers using the bus API

author Lennart Poettering <lennart@poettering.net>

Mon, 20 Jun 2016 17:32:51 +0000 (19:32 +0200)

committer Lennart Poettering <lennart@poettering.net>

Tue, 21 Jun 2016 11:20:48 +0000 (13:20 +0200)
author Lennart Poettering <lennart@poettering.net>
Mon, 20 Jun 2016 17:32:51 +0000 (19:32 +0200)
committer Lennart Poettering <lennart@poettering.net>
Tue, 21 Jun 2016 11:20:48 +0000 (13:20 +0200)
diff --git a/src/resolve/dns-type.c b/src/resolve/dns-type.c

index 78d9d5733f9cec4ccc80557aa7c882998b078817..aaf5ed62c14ea3e149c0e86cb0c07964fb147e47 100644 (file)
--- a/src/resolve/dns-type.c
+++ b/src/resolve/dns-type.c
@@ -96,6 +96,15 @@ bool dns_type_is_valid_query(uint16_t type) {
                         DNS_TYPE_RRSIG);
  }
  
+bool dns_type_is_zone_transer(uint16_t type) {
+
+        /* Zone transfers, either normal or incremental */
+
+        return IN_SET(type,
+                      DNS_TYPE_AXFR,
+                      DNS_TYPE_IXFR);
+}
+
  bool dns_type_is_valid_rr(uint16_t type) {
  
          /* The types valid as RR in packets (but not necessarily
diff --git a/src/resolve/dns-type.h b/src/resolve/dns-type.h

index 7b79d29d7ef1eaef3df09a5fdd8b82a60e5b08d3..e675fe4ea310592c1862043a39d525ca3f3687e9 100644 (file)
--- a/src/resolve/dns-type.h
+++ b/src/resolve/dns-type.h
@@ -136,6 +136,7 @@ bool dns_type_is_obsolete(uint16_t type);
  bool dns_type_may_wildcard(uint16_t type);
  bool dns_type_apex_only(uint16_t type);
  bool dns_type_needs_authentication(uint16_t type);
+bool dns_type_is_zone_transer(uint16_t type);
  int dns_type_to_af(uint16_t type);
  
  bool dns_class_is_pseudo(uint16_t class);
diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c

index 1fe473ff76372f395cc1314d89971f5cdf3968dc..1f7883c067757f2a3f9c013504eca658a62f9f09 100644 (file)
--- a/src/resolve/resolved-bus.c
+++ b/src/resolve/resolved-bus.c
@@ -647,6 +647,8 @@ static int bus_method_resolve_record(sd_bus_message *message, void *userdata, sd
  
          if (!dns_type_is_valid_query(type))
                  return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Specified resource record type %" PRIu16 " may not be used in a query.", type);
+        if (dns_type_is_zone_transer(type))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Zone transfers not permitted via this programming interface.");
          if (dns_type_is_obsolete(type))
                  return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Specified DNS resource record type %" PRIu16 " is obsolete.", type);
author	Lennart Poettering <lennart@poettering.net>
	Mon, 20 Jun 2016 17:32:51 +0000 (19:32 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Tue, 21 Jun 2016 11:20:48 +0000 (13:20 +0200)
src/resolve/dns-type.c		patch \| blob \| blame \| history
src/resolve/dns-type.h		patch \| blob \| blame \| history
src/resolve/resolved-bus.c		patch \| blob \| blame \| history