2020-11-09 05:23:58 +01:00
|
|
|
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
2016-02-16 20:05:15 +01:00
|
|
|
#pragma once
|
|
|
|
|
2015-12-03 21:13:37 +01:00
|
|
|
#include <errno.h>
|
|
|
|
#include <stdbool.h>
|
|
|
|
#include <stddef.h>
|
|
|
|
#include <stdint.h>
|
|
|
|
|
2014-07-16 00:26:02 +02:00
|
|
|
#include "hashmap.h"
|
|
|
|
#include "in-addr-util.h"
|
|
|
|
|
2015-11-29 14:12:05 +01:00
|
|
|
/* Length of a single label, with all escaping removed, excluding any trailing dot or NUL byte */
|
2014-07-16 00:26:02 +02:00
|
|
|
#define DNS_LABEL_MAX 63
|
2015-11-29 14:12:05 +01:00
|
|
|
|
|
|
|
/* Worst case length of a single label, with all escaping applied and room for a trailing NUL byte. */
|
2015-11-25 21:56:48 +01:00
|
|
|
#define DNS_LABEL_ESCAPED_MAX (DNS_LABEL_MAX*4+1)
|
2014-07-16 00:26:02 +02:00
|
|
|
|
2015-11-29 14:27:28 +01:00
|
|
|
/* Maximum length of a full hostname, consisting of a series of unescaped labels, and no trailing dot or NUL byte */
|
|
|
|
#define DNS_HOSTNAME_MAX 253
|
|
|
|
|
2015-12-02 21:20:37 +01:00
|
|
|
/* Maximum length of a full hostname, on the wire, including the final NUL byte */
|
2018-06-08 16:05:18 +02:00
|
|
|
#define DNS_WIRE_FORMAT_HOSTNAME_MAX 255
|
2015-12-02 21:20:37 +01:00
|
|
|
|
2015-12-21 19:57:34 +01:00
|
|
|
/* Maximum number of labels per valid hostname */
|
|
|
|
#define DNS_N_LABELS_MAX 127
|
|
|
|
|
resolve: reject host names with leading or trailing dashes in /etc/hosts
https://tools.ietf.org/html/rfc1035#section-2.3.1 says (approximately)
that only letters, numbers, and non-leading non-trailing dashes are allowed
(for entries with A/AAAA records). We set no restrictions.
hosts(5) says:
> Host names may contain only alphanumeric characters, minus signs ("-"), and
> periods ("."). They must begin with an alphabetic character and end with an
> alphanumeric character.
nss-files follows those rules, and will ignore names in /etc/hosts that do not
follow this rule.
Let's follow the documented rules for /etc/hosts. In particular, this makes us
consitent with nss-files, reducing surprises for the user.
I'm pretty sure we should apply stricter filtering to names received over DNS
and LLMNR and MDNS, but it's a bigger project, because the rules differ
depepending on which level the label appears (rules for top-level names are
stricter), and this patch takes the minimalistic approach and only changes
behaviour for /etc/hosts.
Escape syntax is also disallowed in /etc/hosts, even if the resulting character
would be allowed. Other tools that parse /etc/hosts do not support this, and
there is no need to use it because no allowed characters benefit from escaping.
2018-11-21 22:58:13 +01:00
|
|
|
typedef enum DNSLabelFlags {
|
2020-09-29 11:52:15 +02:00
|
|
|
DNS_LABEL_LDH = 1 << 0, /* Follow the "LDH" rule — only letters, digits, and internal hyphens. */
|
|
|
|
DNS_LABEL_NO_ESCAPES = 1 << 1, /* Do not treat backslashes specially */
|
|
|
|
DNS_LABEL_LEAVE_TRAILING_DOT = 1 << 2, /* Leave trailing dot in place */
|
resolve: reject host names with leading or trailing dashes in /etc/hosts
https://tools.ietf.org/html/rfc1035#section-2.3.1 says (approximately)
that only letters, numbers, and non-leading non-trailing dashes are allowed
(for entries with A/AAAA records). We set no restrictions.
hosts(5) says:
> Host names may contain only alphanumeric characters, minus signs ("-"), and
> periods ("."). They must begin with an alphabetic character and end with an
> alphanumeric character.
nss-files follows those rules, and will ignore names in /etc/hosts that do not
follow this rule.
Let's follow the documented rules for /etc/hosts. In particular, this makes us
consitent with nss-files, reducing surprises for the user.
I'm pretty sure we should apply stricter filtering to names received over DNS
and LLMNR and MDNS, but it's a bigger project, because the rules differ
depepending on which level the label appears (rules for top-level names are
stricter), and this patch takes the minimalistic approach and only changes
behaviour for /etc/hosts.
Escape syntax is also disallowed in /etc/hosts, even if the resulting character
would be allowed. Other tools that parse /etc/hosts do not support this, and
there is no need to use it because no allowed characters benefit from escaping.
2018-11-21 22:58:13 +01:00
|
|
|
} DNSLabelFlags;
|
|
|
|
|
|
|
|
int dns_label_unescape(const char **name, char *dest, size_t sz, DNSLabelFlags flags);
|
2015-07-20 16:01:03 +02:00
|
|
|
int dns_label_unescape_suffix(const char *name, const char **label_end, char *dest, size_t sz);
|
2015-11-25 21:56:48 +01:00
|
|
|
int dns_label_escape(const char *p, size_t l, char *dest, size_t sz);
|
|
|
|
int dns_label_escape_new(const char *p, size_t l, char **ret);
|
2014-07-16 00:26:02 +02:00
|
|
|
|
2015-12-18 14:16:03 +01:00
|
|
|
static inline int dns_name_parent(const char **name) {
|
resolve: reject host names with leading or trailing dashes in /etc/hosts
https://tools.ietf.org/html/rfc1035#section-2.3.1 says (approximately)
that only letters, numbers, and non-leading non-trailing dashes are allowed
(for entries with A/AAAA records). We set no restrictions.
hosts(5) says:
> Host names may contain only alphanumeric characters, minus signs ("-"), and
> periods ("."). They must begin with an alphabetic character and end with an
> alphanumeric character.
nss-files follows those rules, and will ignore names in /etc/hosts that do not
follow this rule.
Let's follow the documented rules for /etc/hosts. In particular, this makes us
consitent with nss-files, reducing surprises for the user.
I'm pretty sure we should apply stricter filtering to names received over DNS
and LLMNR and MDNS, but it's a bigger project, because the rules differ
depepending on which level the label appears (rules for top-level names are
stricter), and this patch takes the minimalistic approach and only changes
behaviour for /etc/hosts.
Escape syntax is also disallowed in /etc/hosts, even if the resulting character
would be allowed. Other tools that parse /etc/hosts do not support this, and
there is no need to use it because no allowed characters benefit from escaping.
2018-11-21 22:58:13 +01:00
|
|
|
return dns_label_unescape(name, NULL, DNS_LABEL_MAX, 0);
|
2015-12-18 14:16:03 +01:00
|
|
|
}
|
|
|
|
|
2017-10-03 10:41:51 +02:00
|
|
|
#if HAVE_LIBIDN
|
2014-07-31 23:43:10 +02:00
|
|
|
int dns_label_apply_idna(const char *encoded, size_t encoded_size, char *decoded, size_t decoded_max);
|
|
|
|
int dns_label_undo_idna(const char *encoded, size_t encoded_size, char *decoded, size_t decoded_max);
|
2017-05-10 03:56:34 +02:00
|
|
|
#endif
|
2014-07-31 23:43:10 +02:00
|
|
|
|
resolve: reject host names with leading or trailing dashes in /etc/hosts
https://tools.ietf.org/html/rfc1035#section-2.3.1 says (approximately)
that only letters, numbers, and non-leading non-trailing dashes are allowed
(for entries with A/AAAA records). We set no restrictions.
hosts(5) says:
> Host names may contain only alphanumeric characters, minus signs ("-"), and
> periods ("."). They must begin with an alphabetic character and end with an
> alphanumeric character.
nss-files follows those rules, and will ignore names in /etc/hosts that do not
follow this rule.
Let's follow the documented rules for /etc/hosts. In particular, this makes us
consitent with nss-files, reducing surprises for the user.
I'm pretty sure we should apply stricter filtering to names received over DNS
and LLMNR and MDNS, but it's a bigger project, because the rules differ
depepending on which level the label appears (rules for top-level names are
stricter), and this patch takes the minimalistic approach and only changes
behaviour for /etc/hosts.
Escape syntax is also disallowed in /etc/hosts, even if the resulting character
would be allowed. Other tools that parse /etc/hosts do not support this, and
there is no need to use it because no allowed characters benefit from escaping.
2018-11-21 22:58:13 +01:00
|
|
|
int dns_name_concat(const char *a, const char *b, DNSLabelFlags flags, char **ret);
|
2015-08-18 00:05:41 +02:00
|
|
|
|
resolve: reject host names with leading or trailing dashes in /etc/hosts
https://tools.ietf.org/html/rfc1035#section-2.3.1 says (approximately)
that only letters, numbers, and non-leading non-trailing dashes are allowed
(for entries with A/AAAA records). We set no restrictions.
hosts(5) says:
> Host names may contain only alphanumeric characters, minus signs ("-"), and
> periods ("."). They must begin with an alphabetic character and end with an
> alphanumeric character.
nss-files follows those rules, and will ignore names in /etc/hosts that do not
follow this rule.
Let's follow the documented rules for /etc/hosts. In particular, this makes us
consitent with nss-files, reducing surprises for the user.
I'm pretty sure we should apply stricter filtering to names received over DNS
and LLMNR and MDNS, but it's a bigger project, because the rules differ
depepending on which level the label appears (rules for top-level names are
stricter), and this patch takes the minimalistic approach and only changes
behaviour for /etc/hosts.
Escape syntax is also disallowed in /etc/hosts, even if the resulting character
would be allowed. Other tools that parse /etc/hosts do not support this, and
there is no need to use it because no allowed characters benefit from escaping.
2018-11-21 22:58:13 +01:00
|
|
|
static inline int dns_name_normalize(const char *s, DNSLabelFlags flags, char **ret) {
|
2015-08-18 00:05:41 +02:00
|
|
|
/* dns_name_concat() normalizes as a side-effect */
|
resolve: reject host names with leading or trailing dashes in /etc/hosts
https://tools.ietf.org/html/rfc1035#section-2.3.1 says (approximately)
that only letters, numbers, and non-leading non-trailing dashes are allowed
(for entries with A/AAAA records). We set no restrictions.
hosts(5) says:
> Host names may contain only alphanumeric characters, minus signs ("-"), and
> periods ("."). They must begin with an alphabetic character and end with an
> alphanumeric character.
nss-files follows those rules, and will ignore names in /etc/hosts that do not
follow this rule.
Let's follow the documented rules for /etc/hosts. In particular, this makes us
consitent with nss-files, reducing surprises for the user.
I'm pretty sure we should apply stricter filtering to names received over DNS
and LLMNR and MDNS, but it's a bigger project, because the rules differ
depepending on which level the label appears (rules for top-level names are
stricter), and this patch takes the minimalistic approach and only changes
behaviour for /etc/hosts.
Escape syntax is also disallowed in /etc/hosts, even if the resulting character
would be allowed. Other tools that parse /etc/hosts do not support this, and
there is no need to use it because no allowed characters benefit from escaping.
2018-11-21 22:58:13 +01:00
|
|
|
return dns_name_concat(s, NULL, flags, ret);
|
2015-08-18 00:05:41 +02:00
|
|
|
}
|
|
|
|
|
2015-06-03 01:29:39 +02:00
|
|
|
static inline int dns_name_is_valid(const char *s) {
|
|
|
|
int r;
|
2015-08-18 00:05:41 +02:00
|
|
|
|
|
|
|
/* dns_name_normalize() verifies as a side effect */
|
resolve: reject host names with leading or trailing dashes in /etc/hosts
https://tools.ietf.org/html/rfc1035#section-2.3.1 says (approximately)
that only letters, numbers, and non-leading non-trailing dashes are allowed
(for entries with A/AAAA records). We set no restrictions.
hosts(5) says:
> Host names may contain only alphanumeric characters, minus signs ("-"), and
> periods ("."). They must begin with an alphabetic character and end with an
> alphanumeric character.
nss-files follows those rules, and will ignore names in /etc/hosts that do not
follow this rule.
Let's follow the documented rules for /etc/hosts. In particular, this makes us
consitent with nss-files, reducing surprises for the user.
I'm pretty sure we should apply stricter filtering to names received over DNS
and LLMNR and MDNS, but it's a bigger project, because the rules differ
depepending on which level the label appears (rules for top-level names are
stricter), and this patch takes the minimalistic approach and only changes
behaviour for /etc/hosts.
Escape syntax is also disallowed in /etc/hosts, even if the resulting character
would be allowed. Other tools that parse /etc/hosts do not support this, and
there is no need to use it because no allowed characters benefit from escaping.
2018-11-21 22:58:13 +01:00
|
|
|
r = dns_name_normalize(s, 0, NULL);
|
|
|
|
if (r == -EINVAL)
|
|
|
|
return 0;
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
return 1;
|
|
|
|
}
|
|
|
|
|
|
|
|
static inline int dns_name_is_valid_ldh(const char *s) {
|
|
|
|
int r;
|
|
|
|
|
|
|
|
r = dns_name_concat(s, NULL, DNS_LABEL_LDH|DNS_LABEL_NO_ESCAPES, NULL);
|
2015-06-03 01:29:39 +02:00
|
|
|
if (r == -EINVAL)
|
|
|
|
return 0;
|
|
|
|
if (r < 0)
|
|
|
|
return r;
|
|
|
|
return 1;
|
|
|
|
}
|
2014-07-16 00:26:02 +02:00
|
|
|
|
2018-11-27 14:25:20 +01:00
|
|
|
void dns_name_hash_func(const char *s, struct siphash *state);
|
|
|
|
int dns_name_compare_func(const char *a, const char *b);
|
2014-08-13 01:00:18 +02:00
|
|
|
extern const struct hash_ops dns_name_hash_ops;
|
2014-07-16 00:26:02 +02:00
|
|
|
|
2015-07-20 02:02:45 +02:00
|
|
|
int dns_name_between(const char *a, const char *b, const char *c);
|
2014-07-16 00:26:02 +02:00
|
|
|
int dns_name_equal(const char *x, const char *y);
|
|
|
|
int dns_name_endswith(const char *name, const char *suffix);
|
2016-01-13 02:23:08 +01:00
|
|
|
int dns_name_startswith(const char *name, const char *prefix);
|
2014-07-16 00:26:02 +02:00
|
|
|
|
2015-11-24 00:18:49 +01:00
|
|
|
int dns_name_change_suffix(const char *name, const char *old_suffix, const char *new_suffix, char **ret);
|
|
|
|
|
2014-07-16 00:26:02 +02:00
|
|
|
int dns_name_reverse(int family, const union in_addr_union *a, char **ret);
|
2014-07-29 19:49:45 +02:00
|
|
|
int dns_name_address(const char *p, int *family, union in_addr_union *a);
|
2014-07-16 00:26:02 +02:00
|
|
|
|
2015-11-25 21:07:17 +01:00
|
|
|
bool dns_name_is_root(const char *name);
|
|
|
|
bool dns_name_is_single_label(const char *name);
|
2015-11-16 17:35:50 +01:00
|
|
|
|
2015-12-02 20:47:11 +01:00
|
|
|
int dns_name_to_wire_format(const char *domain, uint8_t *buffer, size_t len, bool canonical);
|
2015-11-20 17:52:36 +01:00
|
|
|
|
2015-11-25 21:15:07 +01:00
|
|
|
bool dns_srv_type_is_valid(const char *name);
|
2017-10-10 14:58:45 +02:00
|
|
|
bool dnssd_srv_type_is_valid(const char *name);
|
2015-11-20 17:52:36 +01:00
|
|
|
bool dns_service_name_is_valid(const char *name);
|
2015-11-23 21:21:13 +01:00
|
|
|
|
|
|
|
int dns_service_join(const char *name, const char *type, const char *domain, char **ret);
|
|
|
|
int dns_service_split(const char *joined, char **name, char **type, char **domain);
|
2015-12-21 19:57:34 +01:00
|
|
|
|
|
|
|
int dns_name_suffix(const char *name, unsigned n_labels, const char **ret);
|
|
|
|
int dns_name_count_labels(const char *name);
|
2015-12-21 21:06:29 +01:00
|
|
|
|
2016-01-14 18:03:03 +01:00
|
|
|
int dns_name_skip(const char *a, unsigned n_labels, const char **ret);
|
2015-12-21 21:06:29 +01:00
|
|
|
int dns_name_equal_skip(const char *a, unsigned n_labels, const char *b);
|
2016-01-14 20:12:29 +01:00
|
|
|
|
|
|
|
int dns_name_common_suffix(const char *a, const char *b, const char **ret);
|
2016-01-18 20:18:28 +01:00
|
|
|
|
|
|
|
int dns_name_apply_idna(const char *name, char **ret);
|
2016-11-18 16:55:01 +01:00
|
|
|
|
|
|
|
int dns_name_is_valid_or_address(const char *name);
|
2020-09-29 11:52:15 +02:00
|
|
|
|
|
|
|
int dns_name_dot_suffixed(const char *name);
|