diff options
Diffstat (limited to 'src/resolve/resolved-dns-answer.c')
| -rw-r--r-- | src/resolve/resolved-dns-answer.c | 353 | 
1 files changed, 304 insertions, 49 deletions
| diff --git a/src/resolve/resolved-dns-answer.c b/src/resolve/resolved-dns-answer.c index 55e6ffbad7..b50558e280 100644 --- a/src/resolve/resolved-dns-answer.c +++ b/src/resolve/resolved-dns-answer.c @@ -22,6 +22,7 @@  #include "alloc-util.h"  #include "dns-domain.h"  #include "resolved-dns-answer.h" +#include "resolved-dns-dnssec.h"  #include "string-util.h"  DnsAnswer *dns_answer_new(unsigned n) { @@ -73,7 +74,7 @@ DnsAnswer *dns_answer_unref(DnsAnswer *a) {          return NULL;  } -static int dns_answer_add_raw(DnsAnswer *a, DnsResourceRecord *rr, int ifindex) { +static int dns_answer_add_raw(DnsAnswer *a, DnsResourceRecord *rr, int ifindex, DnsAnswerFlags flags) {          assert(rr);          if (!a) @@ -82,19 +83,22 @@ static int dns_answer_add_raw(DnsAnswer *a, DnsResourceRecord *rr, int ifindex)          if (a->n_rrs >= a->n_allocated)                  return -ENOSPC; -        a->items[a->n_rrs].rr = dns_resource_record_ref(rr); -        a->items[a->n_rrs].ifindex = ifindex; -        a->n_rrs++; +        a->items[a->n_rrs++] = (DnsAnswerItem) { +                .rr = dns_resource_record_ref(rr), +                .ifindex = ifindex, +                .flags = flags, +        };          return 1;  }  static int dns_answer_add_raw_all(DnsAnswer *a, DnsAnswer *source) {          DnsResourceRecord *rr; +        DnsAnswerFlags flags;          int ifindex, r; -        DNS_ANSWER_FOREACH_IFINDEX(rr, ifindex, source) { -                r = dns_answer_add_raw(a, rr, ifindex); +        DNS_ANSWER_FOREACH_FULL(rr, ifindex, flags, source) { +                r = dns_answer_add_raw(a, rr, ifindex, flags);                  if (r < 0)                          return r;          } @@ -102,7 +106,7 @@ static int dns_answer_add_raw_all(DnsAnswer *a, DnsAnswer *source) {          return 0;  } -int dns_answer_add(DnsAnswer *a, DnsResourceRecord *rr, int ifindex) { +int dns_answer_add(DnsAnswer *a, DnsResourceRecord *rr, int ifindex, DnsAnswerFlags flags) {          unsigned i;          int r; @@ -121,28 +125,48 @@ int dns_answer_add(DnsAnswer *a, DnsResourceRecord *rr, int ifindex) {                  if (r < 0)                          return r;                  if (r > 0) { -                        /* Entry already exists, keep the entry with -                         * the higher RR, or the one with TTL 0 */ +                        /* Don't mix contradicting TTLs (see below) */ +                        if ((rr->ttl == 0) != (a->items[i].rr->ttl == 0)) +                                return -EINVAL; -                        if (rr->ttl == 0 || (rr->ttl > a->items[i].rr->ttl && a->items[i].rr->ttl != 0)) { +                        /* Entry already exists, keep the entry with +                         * the higher RR. */ +                        if (rr->ttl > a->items[i].rr->ttl) {                                  dns_resource_record_ref(rr);                                  dns_resource_record_unref(a->items[i].rr);                                  a->items[i].rr = rr;                          } +                        a->items[i].flags |= flags;                          return 0;                  } + +                r = dns_resource_key_equal(a->items[i].rr->key, rr->key); +                if (r < 0) +                        return r; +                if (r > 0) { +                        /* There's already an RR of the same RRset in +                         * place! Let's see if the TTLs more or less +                         * match. We don't really care if they match +                         * precisely, but we do care whether one is 0 +                         * and the other is not. See RFC 2181, Section +                         * 5.2.*/ + +                        if ((rr->ttl == 0) != (a->items[i].rr->ttl == 0)) +                                return -EINVAL; +                }          } -        return dns_answer_add_raw(a, rr, ifindex); +        return dns_answer_add_raw(a, rr, ifindex, flags);  }  static int dns_answer_add_all(DnsAnswer *a, DnsAnswer *b) {          DnsResourceRecord *rr; +        DnsAnswerFlags flags;          int ifindex, r; -        DNS_ANSWER_FOREACH_IFINDEX(rr, ifindex, b) { -                r = dns_answer_add(a, rr, ifindex); +        DNS_ANSWER_FOREACH_FULL(rr, ifindex, flags, b) { +                r = dns_answer_add(a, rr, ifindex, flags);                  if (r < 0)                          return r;          } @@ -150,7 +174,7 @@ static int dns_answer_add_all(DnsAnswer *a, DnsAnswer *b) {          return 0;  } -int dns_answer_add_extend(DnsAnswer **a, DnsResourceRecord *rr, int ifindex) { +int dns_answer_add_extend(DnsAnswer **a, DnsResourceRecord *rr, int ifindex, DnsAnswerFlags flags) {          int r;          assert(a); @@ -160,7 +184,7 @@ int dns_answer_add_extend(DnsAnswer **a, DnsResourceRecord *rr, int ifindex) {          if (r < 0)                  return r; -        return dns_answer_add(*a, rr, ifindex); +        return dns_answer_add(*a, rr, ifindex, flags);  }  int dns_answer_add_soa(DnsAnswer *a, const char *name, uint32_t ttl) { @@ -186,85 +210,177 @@ int dns_answer_add_soa(DnsAnswer *a, const char *name, uint32_t ttl) {          soa->soa.expire = 1;          soa->soa.minimum = ttl; -        return dns_answer_add(a, soa, 0); +        return dns_answer_add(a, soa, 0, DNS_ANSWER_AUTHENTICATED);  } -int dns_answer_match_key(DnsAnswer *a, const DnsResourceKey *key) { +int dns_answer_match_key(DnsAnswer *a, const DnsResourceKey *key, DnsAnswerFlags *ret_flags) { +        DnsAnswerFlags flags = 0, i_flags;          DnsResourceRecord *i; +        bool found = false;          int r;          assert(key); -        if (!a) -                return 0; - -        DNS_ANSWER_FOREACH(i, a) { +        DNS_ANSWER_FOREACH_FLAGS(i, i_flags, a) {                  r = dns_resource_key_match_rr(key, i, NULL);                  if (r < 0)                          return r; -                if (r > 0) +                if (r == 0) +                        continue; + +                if (!ret_flags)                          return 1; + +                if (found) +                        flags &= i_flags; +                else { +                        flags = i_flags; +                        found = true; +                }          } -        return 0; +        if (ret_flags) +                *ret_flags = flags; + +        return found;  } -int dns_answer_contains_rr(DnsAnswer *a, DnsResourceRecord *rr) { +int dns_answer_contains_rr(DnsAnswer *a, DnsResourceRecord *rr, DnsAnswerFlags *ret_flags) { +        DnsAnswerFlags flags = 0, i_flags;          DnsResourceRecord *i; +        bool found = false;          int r;          assert(rr); -        DNS_ANSWER_FOREACH(i, a) { +        DNS_ANSWER_FOREACH_FLAGS(i, i_flags, a) {                  r = dns_resource_record_equal(i, rr);                  if (r < 0)                          return r; -                if (r > 0) +                if (r == 0) +                        continue; + +                if (!ret_flags)                          return 1; + +                if (found) +                        flags &= i_flags; +                else { +                        flags = i_flags; +                        found = true; +                }          } -        return 0; +        if (ret_flags) +                *ret_flags = flags; + +        return found;  } -int dns_answer_find_soa(DnsAnswer *a, const DnsResourceKey *key, DnsResourceRecord **ret) { -        DnsResourceRecord *rr; +int dns_answer_contains_key(DnsAnswer *a, const DnsResourceKey *key, DnsAnswerFlags *ret_flags) { +        DnsAnswerFlags flags = 0, i_flags; +        DnsResourceRecord *i; +        bool found = false; +        int r;          assert(key); -        assert(ret); -        if (!a) -                return 0; +        DNS_ANSWER_FOREACH_FLAGS(i, i_flags, a) { +                r = dns_resource_key_equal(i->key, key); +                if (r < 0) +                        return r; +                if (r == 0) +                        continue; + +                if (!ret_flags) +                        return true; + +                if (found) +                        flags &= i_flags; +                else { +                        flags = i_flags; +                        found = true; +                } +        } + +        if (ret_flags) +                *ret_flags = flags; + +        return found; +} + +int dns_answer_contains_nsec_or_nsec3(DnsAnswer *a) { +        DnsResourceRecord *i; + +        DNS_ANSWER_FOREACH(i, a) { +                if (IN_SET(i->key->type, DNS_TYPE_NSEC, DNS_TYPE_NSEC3)) +                        return true; +        } + +        return false; +} + +int dns_answer_find_soa(DnsAnswer *a, const DnsResourceKey *key, DnsResourceRecord **ret, DnsAnswerFlags *flags) { +        DnsResourceRecord *rr, *soa = NULL; +        DnsAnswerFlags rr_flags, soa_flags = 0; +        int r; + +        assert(key);          /* For a SOA record we can never find a matching SOA record */          if (key->type == DNS_TYPE_SOA)                  return 0; -        DNS_ANSWER_FOREACH(rr, a) { -                if (dns_resource_key_match_soa(key, rr->key)) { -                        *ret = rr; -                        return 1; +        DNS_ANSWER_FOREACH_FLAGS(rr, rr_flags, a) { +                r = dns_resource_key_match_soa(key, rr->key); +                if (r < 0) +                        return r; +                if (r > 0) { + +                        if (soa) { +                                r = dns_name_endswith(DNS_RESOURCE_KEY_NAME(rr->key), DNS_RESOURCE_KEY_NAME(soa->key)); +                                if (r < 0) +                                        return r; +                                if (r > 0) +                                        continue; +                        } + +                        soa = rr; +                        soa_flags = rr_flags;                  }          } -        return 0; +        if (!soa) +                return 0; + +        if (ret) +                *ret = soa; +        if (flags) +                *flags = soa_flags; + +        return 1;  } -int dns_answer_find_cname_or_dname(DnsAnswer *a, const DnsResourceKey *key, DnsResourceRecord **ret) { +int dns_answer_find_cname_or_dname(DnsAnswer *a, const DnsResourceKey *key, DnsResourceRecord **ret, DnsAnswerFlags *flags) {          DnsResourceRecord *rr; +        DnsAnswerFlags rr_flags; +        int r;          assert(key); -        if (!a) -                return 0; -          /* For a {C,D}NAME record we can never find a matching {C,D}NAME record */ -        if (key->type == DNS_TYPE_CNAME || key->type == DNS_TYPE_DNAME) +        if (!dns_type_may_redirect(key->type))                  return 0; -        DNS_ANSWER_FOREACH(rr, a) { -                if (dns_resource_key_match_cname_or_dname(key, rr->key, NULL)) { +        DNS_ANSWER_FOREACH_FLAGS(rr, rr_flags, a) { +                r = dns_resource_key_match_cname_or_dname(key, rr->key, NULL); +                if (r < 0) +                        return r; +                if (r > 0) {                          if (ret)                                  *ret = rr; +                        if (flags) +                                *flags = rr_flags;                          return 1;                  }          } @@ -356,20 +472,21 @@ int dns_answer_remove_by_key(DnsAnswer **a, const DnsResourceKey *key) {          if ((*a)->n_ref > 1) {                  _cleanup_(dns_answer_unrefp) DnsAnswer *copy = NULL; +                DnsAnswerFlags flags;                  int ifindex;                  copy = dns_answer_new((*a)->n_rrs);                  if (!copy)                          return -ENOMEM; -                DNS_ANSWER_FOREACH_IFINDEX(rr, ifindex, *a) { +                DNS_ANSWER_FOREACH_FULL(rr, ifindex, flags, *a) {                          r = dns_resource_key_equal(rr->key, key);                          if (r < 0)                                  return r;                          if (r > 0)                                  continue; -                        r = dns_answer_add_raw(copy, rr, ifindex); +                        r = dns_answer_add_raw(copy, rr, ifindex, flags);                          if (r < 0)                                  return r;                  } @@ -407,16 +524,103 @@ int dns_answer_remove_by_key(DnsAnswer **a, const DnsResourceKey *key) {          return 1;  } -int dns_answer_copy_by_key(DnsAnswer **a, DnsAnswer *source, const DnsResourceKey *key) { +int dns_answer_remove_by_rr(DnsAnswer **a, DnsResourceRecord *rm) { +        bool found = false, other = false; +        DnsResourceRecord *rr; +        unsigned i; +        int r; + +        assert(a); +        assert(rm); + +        /* Remove all entries matching the specified RR from *a */ + +        DNS_ANSWER_FOREACH(rr, *a) { +                r = dns_resource_record_equal(rr, rm); +                if (r < 0) +                        return r; +                if (r > 0) +                        found = true; +                else +                        other = true; + +                if (found && other) +                        break; +        } + +        if (!found) +                return 0; + +        if (!other) { +                *a = dns_answer_unref(*a); /* Return NULL for the empty answer */ +                return 1; +        } + +        if ((*a)->n_ref > 1) { +                _cleanup_(dns_answer_unrefp) DnsAnswer *copy = NULL; +                DnsAnswerFlags flags; +                int ifindex; + +                copy = dns_answer_new((*a)->n_rrs); +                if (!copy) +                        return -ENOMEM; + +                DNS_ANSWER_FOREACH_FULL(rr, ifindex, flags, *a) { +                        r = dns_resource_record_equal(rr, rm); +                        if (r < 0) +                                return r; +                        if (r > 0) +                                continue; + +                        r = dns_answer_add_raw(copy, rr, ifindex, flags); +                        if (r < 0) +                                return r; +                } + +                dns_answer_unref(*a); +                *a = copy; +                copy = NULL; + +                return 1; +        } + +        /* Only a single reference, edit in-place */ + +        i = 0; +        for (;;) { +                if (i >= (*a)->n_rrs) +                        break; + +                r = dns_resource_record_equal((*a)->items[i].rr, rm); +                if (r < 0) +                        return r; +                if (r > 0) { +                        /* Kill this entry */ + +                        dns_resource_record_unref((*a)->items[i].rr); +                        memmove((*a)->items + i, (*a)->items + i + 1, sizeof(DnsAnswerItem) * ((*a)->n_rrs - i - 1)); +                        (*a)->n_rrs --; +                        continue; + +                } else +                        /* Keep this entry */ +                        i++; +        } + +        return 1; +} + +int dns_answer_copy_by_key(DnsAnswer **a, DnsAnswer *source, const DnsResourceKey *key, DnsAnswerFlags or_flags) {          DnsResourceRecord *rr_source;          int ifindex_source, r; +        DnsAnswerFlags flags_source;          assert(a);          assert(key);          /* Copy all RRs matching the specified key from source into *a */ -        DNS_ANSWER_FOREACH_IFINDEX(rr_source, ifindex_source, source) { +        DNS_ANSWER_FOREACH_FULL(rr_source, ifindex_source, flags_source, source) {                  r = dns_resource_key_equal(rr_source->key, key);                  if (r < 0) @@ -429,7 +633,7 @@ int dns_answer_copy_by_key(DnsAnswer **a, DnsAnswer *source, const DnsResourceKe                  if (r < 0)                          return r; -                r = dns_answer_add(*a, rr_source, ifindex_source); +                r = dns_answer_add(*a, rr_source, ifindex_source, flags_source|or_flags);                  if (r < 0)                          return r;          } @@ -437,6 +641,20 @@ int dns_answer_copy_by_key(DnsAnswer **a, DnsAnswer *source, const DnsResourceKe          return 0;  } +int dns_answer_move_by_key(DnsAnswer **to, DnsAnswer **from, const DnsResourceKey *key, DnsAnswerFlags or_flags) { +        int r; + +        assert(to); +        assert(from); +        assert(key); + +        r = dns_answer_copy_by_key(to, *from, key, or_flags); +        if (r < 0) +                return r; + +        return dns_answer_remove_by_key(from, key); +} +  void dns_answer_order_by_scope(DnsAnswer *a, bool prefer_link_local) {          DnsAnswerItem *items;          unsigned i, start, end; @@ -539,3 +757,40 @@ int dns_answer_reserve_or_clone(DnsAnswer **a, unsigned n_free) {          return 0;  } + +void dns_answer_dump(DnsAnswer *answer, FILE *f) { +        DnsResourceRecord *rr; +        DnsAnswerFlags flags; +        int ifindex; + +        if (!f) +                f = stdout; + +        DNS_ANSWER_FOREACH_FULL(rr, ifindex, flags, answer) { +                const char *t; + +                fputc('\t', f); + +                t = dns_resource_record_to_string(rr); +                if (!t) { +                        log_oom(); +                        continue; +                } + +                fputs(t, f); + +                if (ifindex != 0 || flags & (DNS_ANSWER_AUTHENTICATED|DNS_ANSWER_CACHEABLE|DNS_ANSWER_SHARED_OWNER)) +                        fputs("\t;", f); + +                if (ifindex != 0) +                        printf(" ifindex=%i", ifindex); +                if (flags & DNS_ANSWER_AUTHENTICATED) +                        fputs(" authenticated", f); +                if (flags & DNS_ANSWER_CACHEABLE) +                        fputs(" cachable", f); +                if (flags & DNS_ANSWER_SHARED_OWNER) +                        fputs(" shared-owner", f); + +                fputc('\n', f); +        } +} | 
