summaryrefslogtreecommitdiff
path: root/src/shared/dns-domain.c
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2015-12-21 19:57:34 +0100
committerLennart Poettering <lennart@poettering.net>2015-12-26 19:09:10 +0100
commite7ff0e0b391341bdc4d9c08dff1c477e1df6a682 (patch)
tree03852136cb91d95a6549b74a983f295abdc8c250 /src/shared/dns-domain.c
parentd38d5ca65b3f8fd19348a7919cf1f1f07c955393 (diff)
resolved: properly implement RRSIG validation of wildcarded RRsets
Note that this is still not complete, one additional step is still missing: when we verified that a wildcard RRset is properly signed, we still need to do an NSEC/NSEC3 proof that no more specific RRset exists.
Diffstat (limited to 'src/shared/dns-domain.c')
-rw-r--r--src/shared/dns-domain.c56
1 files changed, 56 insertions, 0 deletions
diff --git a/src/shared/dns-domain.c b/src/shared/dns-domain.c
index c46f7d21b7..f3dbf60395 100644
--- a/src/shared/dns-domain.c
+++ b/src/shared/dns-domain.c
@@ -1159,3 +1159,59 @@ finish:
return 0;
}
+
+int dns_name_suffix(const char *name, unsigned n_labels, const char **ret) {
+ const char* labels[DNS_N_LABELS_MAX+1];
+ unsigned n = 0;
+ const char *p;
+ int r;
+
+ assert(name);
+ assert(ret);
+
+ p = name;
+ for (;;) {
+ if (n > DNS_N_LABELS_MAX)
+ return -EINVAL;
+
+ labels[n] = p;
+
+ r = dns_name_parent(&p);
+ if (r < 0)
+ return r;
+ if (r == 0)
+ break;
+
+ n++;
+ }
+
+ if (n < n_labels)
+ return -EINVAL;
+
+ *ret = labels[n - n_labels];
+ return (int) (n - n_labels);
+}
+
+int dns_name_count_labels(const char *name) {
+ unsigned n = 0;
+ const char *p;
+ int r;
+
+ assert(name);
+
+ p = name;
+ for (;;) {
+ r = dns_name_parent(&p);
+ if (r < 0)
+ return r;
+ if (r == 0)
+ break;
+
+ if (n >= DNS_N_LABELS_MAX)
+ return -EINVAL;
+
+ n++;
+ }
+
+ return (int) n;
+}