summaryrefslogtreecommitdiff
path: root/src/shared/dns-domain.h
AgeCommit message (Collapse)Author
2015-12-26resolved: tighten search for NSEC3 RRs a bitLennart Poettering
Be stricter when searching suitable NSEC3 RRs for proof: generalize the check we use to find suitable NSEC3 RRs, in nsec3_is_good(), and add additional checks, such as checking whether all NSEC3 RRs use the same parameters, have the same suffix and so on.
2015-12-26resolved: properly implement RRSIG validation of wildcarded RRsetsLennart Poettering
Note that this is still not complete, one additional step is still missing: when we verified that a wildcard RRset is properly signed, we still need to do an NSEC/NSEC3 proof that no more specific RRset exists.
2015-12-18shared: add dns_name_parent() call to determine parent domain of a domainLennart Poettering
2015-12-06shared: include what we useThomas Hindoe Paaboel Andersen
The next step of a general cleanup of our includes. This one mostly adds missing includes but there are a few removals as well.
2015-12-02resolved: add basic DNSSEC supportLennart Poettering
This adds most basic operation for doing DNSSEC validation on the client side. However, it does not actually add the verification logic to the resolver. Specifically, this patch only includes: - Verifying DNSKEY RRs against a DS RRs - Verifying RRSets against a combination of RRSIG and DNSKEY RRs - Matching up RRSIG RRs and DNSKEY RRs - Matching up RR keys and RRSIG RRs - Calculating the DNSSEC key tag from a DNSKEY RR All currently used DNSSEC combinations of SHA and RSA are implemented. Support for MD5 hashing and DSA or EC cyphers are not. MD5 and DSA are probably obsolete, and shouldn't be added. EC should probably be added eventually, if it actually is deployed on the Internet.
2015-12-02util-lib: update dns_name_to_wire_format() to optionally generate DNSSEC ↵Lennart Poettering
canonical names We'll need this later when putting together RR serializations to checksum.
2015-11-30dns-domain: don't accept overly long hostnamesLennart Poettering
Make sure dns_name_normalize(), dns_name_concat(), dns_name_is_valid() do not accept/generate invalidly long hostnames, i.e. longer than 253 characters.
2015-11-30dns-domain: be more strict when encoding/decoding labelsLennart Poettering
Labels of zero length are not OK, refuse them early on. The concept of a "zero-length label" doesn't exist, a zero-length full domain name however does (representing the root domain). See RFC 2181, Section 11.
2015-11-25dns-domain: rework dns_label_escape() to not imply memory allocationLennart Poettering
The new dns_label_escape() call now operates on a buffer passed in, similar to dns_label_unescape(). This should make decoding a bit faster, and nicer.
2015-11-25dns-domain: change dns_srv_type_is_valid() return value to boolLennart Poettering
For similar reasons as dns_name_is_root() got changed in the previous commit.
2015-11-25dns-domain: simplify dns_name_is_root() and dns_name_is_single_label()Lennart Poettering
Let's change the return value to bool. If we encounter an error while parsing, return "false" instead of the actual parsing error, after all the specified hostname does not qualify for what the function is supposed to test. Dealing with the additional error codes was always cumbersome, and easily misused, like for example in the DHCP code. Let's also rename the functions from dns_name_root() to dns_name_is_root(), to indicate that this function checks something and returns a bool. Similar for dns_name_is_signal_label().
2015-11-25dns-domain: remove prototype for function that doesn't existLennart Poettering
2015-11-24resolved: implement client-side DNAME resolutionLennart Poettering
Most servers apparently always implicitly convert DNAME to CNAME, but some servers don't, hence implement this properly, as this is required by edns0.
2015-11-23dns-domain: add calls to join/split SRV/DNS-SD service domainsLennart Poettering
This adds dns_service_join() and dns_service_split() which may be used to concatenate a DNS-SD service name, am SRV service type string, and a domain name into a full resolvable DNS domain name string. If the service name is specified as NULL, only the type and domain are appended, to implement classic, non-DNS-SD SRV lookups. The reverse is dns_service_split() which takes the full name, and split it into the three components again.
2015-11-23dns-domain: add code for verifying validity of DNS-SD service names and typesLennart Poettering
2015-11-17dns-domain: add dns_name_to_wire_format()Beniamino Galvani
The function converts a domain name string to the wire format described in RFC 1035 Section 3.1.
2015-10-05hashmap: refactor hash_funcTom Gundersen
All our hash functions are based on siphash24(), factor out siphash_init() and siphash24_finalize() and pass the siphash state to the hash functions rather than the hash key. This simplifies the hash functions, and in particular makes composition simpler as calling siphash24_compress() repeatedly on separate chunks of input has the same effect as first concatenating the input and then calling siphash23_compress() on the result.
2015-08-21dns-domain: add call for concatenating two domain namesLennart Poettering
This is specifically useful for appending the mDNS ".local" suffix to a single-label hostname in the most correct way. (used in later commit)
2015-07-28shared: dns-name - add dns_name_between()Tom Gundersen
Given three DNS names this function indicates if the second argument lies strictly between the first and the third according to the canonical DNS name order. Note that the order is circular, so the last name is considered to be before the first.
2015-07-28shared: dns-name - introduce dns_label_unescape_suffix()Tom Gundersen
Intended to be called repeatedly, and returns then successive unescaped labels from the most to the least significant (left to right). This is slightly inefficient as it scans the string three times (two would be sufficient): once to find the end of the string, once to find the beginning of each label and lastly once to do the actual unescaping. The latter two could be done in one go, but that seemed unnecessarily convoluted.
2015-06-10shared: add convenience function for validating dns namesNick Owens
2015-06-10resolve: move dns routines into sharedNick Owens