summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2016-06-20 19:32:51 +0200
committerLennart Poettering <lennart@poettering.net>2016-06-21 13:20:48 +0200
commit6ebd1e33e6ab3dd56e1aa34f4f0e17a752fb1233 (patch)
tree9d3f8e9161fc461b4a5db4f59509e34bfcd09a1e
parent0a0fc27b80796c603cb64728b38c55f8f2084f36 (diff)
resolved: explicitly refuse zone transfers using the bus API
-rw-r--r--src/resolve/dns-type.c9
-rw-r--r--src/resolve/dns-type.h1
-rw-r--r--src/resolve/resolved-bus.c2
3 files changed, 12 insertions, 0 deletions
diff --git a/src/resolve/dns-type.c b/src/resolve/dns-type.c
index 78d9d5733f..aaf5ed62c1 100644
--- a/src/resolve/dns-type.c
+++ b/src/resolve/dns-type.c
@@ -96,6 +96,15 @@ bool dns_type_is_valid_query(uint16_t type) {
DNS_TYPE_RRSIG);
}
+bool dns_type_is_zone_transer(uint16_t type) {
+
+ /* Zone transfers, either normal or incremental */
+
+ return IN_SET(type,
+ DNS_TYPE_AXFR,
+ DNS_TYPE_IXFR);
+}
+
bool dns_type_is_valid_rr(uint16_t type) {
/* The types valid as RR in packets (but not necessarily
diff --git a/src/resolve/dns-type.h b/src/resolve/dns-type.h
index 7b79d29d7e..e675fe4ea3 100644
--- a/src/resolve/dns-type.h
+++ b/src/resolve/dns-type.h
@@ -136,6 +136,7 @@ bool dns_type_is_obsolete(uint16_t type);
bool dns_type_may_wildcard(uint16_t type);
bool dns_type_apex_only(uint16_t type);
bool dns_type_needs_authentication(uint16_t type);
+bool dns_type_is_zone_transer(uint16_t type);
int dns_type_to_af(uint16_t type);
bool dns_class_is_pseudo(uint16_t class);
diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c
index 1fe473ff76..1f7883c067 100644
--- a/src/resolve/resolved-bus.c
+++ b/src/resolve/resolved-bus.c
@@ -647,6 +647,8 @@ static int bus_method_resolve_record(sd_bus_message *message, void *userdata, sd
if (!dns_type_is_valid_query(type))
return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Specified resource record type %" PRIu16 " may not be used in a query.", type);
+ if (dns_type_is_zone_transer(type))
+ return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Zone transfers not permitted via this programming interface.");
if (dns_type_is_obsolete(type))
return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Specified DNS resource record type %" PRIu16 " is obsolete.", type);