diff options
author | Lennart Poettering <lennart@poettering.net> | 2016-06-20 19:32:51 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2016-06-21 13:20:48 +0200 |
commit | 6ebd1e33e6ab3dd56e1aa34f4f0e17a752fb1233 (patch) | |
tree | 9d3f8e9161fc461b4a5db4f59509e34bfcd09a1e | |
parent | 0a0fc27b80796c603cb64728b38c55f8f2084f36 (diff) |
resolved: explicitly refuse zone transfers using the bus API
-rw-r--r-- | src/resolve/dns-type.c | 9 | ||||
-rw-r--r-- | src/resolve/dns-type.h | 1 | ||||
-rw-r--r-- | src/resolve/resolved-bus.c | 2 |
3 files changed, 12 insertions, 0 deletions
diff --git a/src/resolve/dns-type.c b/src/resolve/dns-type.c index 78d9d5733f..aaf5ed62c1 100644 --- a/src/resolve/dns-type.c +++ b/src/resolve/dns-type.c @@ -96,6 +96,15 @@ bool dns_type_is_valid_query(uint16_t type) { DNS_TYPE_RRSIG); } +bool dns_type_is_zone_transer(uint16_t type) { + + /* Zone transfers, either normal or incremental */ + + return IN_SET(type, + DNS_TYPE_AXFR, + DNS_TYPE_IXFR); +} + bool dns_type_is_valid_rr(uint16_t type) { /* The types valid as RR in packets (but not necessarily diff --git a/src/resolve/dns-type.h b/src/resolve/dns-type.h index 7b79d29d7e..e675fe4ea3 100644 --- a/src/resolve/dns-type.h +++ b/src/resolve/dns-type.h @@ -136,6 +136,7 @@ bool dns_type_is_obsolete(uint16_t type); bool dns_type_may_wildcard(uint16_t type); bool dns_type_apex_only(uint16_t type); bool dns_type_needs_authentication(uint16_t type); +bool dns_type_is_zone_transer(uint16_t type); int dns_type_to_af(uint16_t type); bool dns_class_is_pseudo(uint16_t class); diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c index 1fe473ff76..1f7883c067 100644 --- a/src/resolve/resolved-bus.c +++ b/src/resolve/resolved-bus.c @@ -647,6 +647,8 @@ static int bus_method_resolve_record(sd_bus_message *message, void *userdata, sd if (!dns_type_is_valid_query(type)) return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Specified resource record type %" PRIu16 " may not be used in a query.", type); + if (dns_type_is_zone_transer(type)) + return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Zone transfers not permitted via this programming interface."); if (dns_type_is_obsolete(type)) return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Specified DNS resource record type %" PRIu16 " is obsolete.", type); |