2017-11-18 17:09:20 +01:00
|
|
|
/* SPDX-License-Identifier: LGPL-2.1+ */
|
2014-07-29 14:24:02 +02:00
|
|
|
/***
|
|
|
|
|
This file is part of systemd.
|
|
|
|
|
|
|
|
|
|
Copyright 2014 Lennart Poettering
|
|
|
|
|
|
|
|
|
|
systemd is free software; you can redistribute it and/or modify it
|
|
|
|
|
under the terms of the GNU Lesser General Public License as published by
|
|
|
|
|
the Free Software Foundation; either version 2.1 of the License, or
|
|
|
|
|
(at your option) any later version.
|
|
|
|
|
|
|
|
|
|
systemd is distributed in the hope that it will be useful, but
|
|
|
|
|
WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
|
|
|
Lesser General Public License for more details.
|
|
|
|
|
|
|
|
|
|
You should have received a copy of the GNU Lesser General Public License
|
|
|
|
|
along with systemd; If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
|
***/
|
|
|
|
|
|
2015-10-27 03:01:06 +01:00
|
|
|
#include "alloc-util.h"
|
2015-06-02 20:49:43 +02:00
|
|
|
#include "dns-domain.h"
|
2015-10-24 22:58:24 +02:00
|
|
|
#include "list.h"
|
2014-07-29 14:24:02 +02:00
|
|
|
#include "resolved-dns-packet.h"
|
2015-10-24 22:58:24 +02:00
|
|
|
#include "resolved-dns-zone.h"
|
2017-10-23 13:46:13 +02:00
|
|
|
#include "resolved-dnssd.h"
|
2015-10-24 22:58:24 +02:00
|
|
|
#include "string-util.h"
|
2014-07-29 14:24:02 +02:00
|
|
|
|
|
|
|
|
/* Never allow more than 1K entries */
|
|
|
|
|
#define ZONE_MAX 1024
|
|
|
|
|
|
2014-08-10 22:28:12 +02:00
|
|
|
void dns_zone_item_probe_stop(DnsZoneItem *i) {
|
2014-07-31 17:46:40 +02:00
|
|
|
DnsTransaction *t;
|
|
|
|
|
assert(i);
|
2014-07-29 14:24:02 +02:00
|
|
|
|
2014-07-31 17:46:40 +02:00
|
|
|
if (!i->probe_transaction)
|
|
|
|
|
return;
|
|
|
|
|
|
2018-03-22 16:53:26 +01:00
|
|
|
t = TAKE_PTR(i->probe_transaction);
|
2014-07-31 17:46:40 +02:00
|
|
|
|
resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabled
This adds initial support for validating RRSIG/DNSKEY/DS chains when
doing lookups. Proof-of-non-existance, or proof-of-unsigned-zones is not
implemented yet.
With this change DnsTransaction objects will generate additional
DnsTransaction objects when looking for DNSKEY or DS RRs to validate an
RRSIG on a response. DnsTransaction objects are thus created for three
reasons now:
1) Because a user asked for something to be resolved, i.e. requested by
a DnsQuery/DnsQueryCandidate object.
2) As result of LLMNR RR probing, requested by a DnsZoneItem.
3) Because another DnsTransaction requires the requested RRs for
validation of its own response.
DnsTransactions are shared between all these users, and are GC
automatically as soon as all of these users don't need a specific
transaction anymore.
To unify the handling of these three reasons for existance for a
DnsTransaction, a new common naming is introduced: each DnsTransaction
now tracks its "owners" via a Set* object named "notify_xyz", containing
all owners to notify on completion.
A new DnsTransaction state is introduced called "VALIDATING" that is
entered after a response has been receieved which needs to be validated,
as long as we are still waiting for the DNSKEY/DS RRs from other
DnsTransactions.
This patch will request the DNSKEY/DS RRs bottom-up, and then validate
them top-down.
Caching of RRs is now only done after verification, so that the cache is
not poisoned with known invalid data.
The "DnsAnswer" object gained a substantial number of new calls, since
we need to add/remove RRs to it dynamically now.
2015-12-09 18:13:16 +01:00
|
|
|
set_remove(t->notify_zone_items, i);
|
2016-02-22 20:39:45 +01:00
|
|
|
set_remove(t->notify_zone_items_done, i);
|
2014-07-31 17:46:40 +02:00
|
|
|
dns_transaction_gc(t);
|
|
|
|
|
}
|
2014-07-29 14:24:02 +02:00
|
|
|
|
|
|
|
|
static void dns_zone_item_free(DnsZoneItem *i) {
|
|
|
|
|
if (!i)
|
|
|
|
|
return;
|
|
|
|
|
|
2014-07-31 17:46:40 +02:00
|
|
|
dns_zone_item_probe_stop(i);
|
2014-07-29 14:24:02 +02:00
|
|
|
dns_resource_record_unref(i->rr);
|
2014-07-31 17:46:40 +02:00
|
|
|
|
2014-07-29 14:24:02 +02:00
|
|
|
free(i);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
DEFINE_TRIVIAL_CLEANUP_FUNC(DnsZoneItem*, dns_zone_item_free);
|
|
|
|
|
|
|
|
|
|
static void dns_zone_item_remove_and_free(DnsZone *z, DnsZoneItem *i) {
|
|
|
|
|
DnsZoneItem *first;
|
|
|
|
|
|
|
|
|
|
assert(z);
|
|
|
|
|
|
|
|
|
|
if (!i)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
first = hashmap_get(z->by_key, i->rr->key);
|
|
|
|
|
LIST_REMOVE(by_key, first, i);
|
|
|
|
|
if (first)
|
|
|
|
|
assert_se(hashmap_replace(z->by_key, first->rr->key, first) >= 0);
|
|
|
|
|
else
|
|
|
|
|
hashmap_remove(z->by_key, i->rr->key);
|
|
|
|
|
|
2016-02-13 20:54:15 +01:00
|
|
|
first = hashmap_get(z->by_name, dns_resource_key_name(i->rr->key));
|
2014-07-29 14:24:02 +02:00
|
|
|
LIST_REMOVE(by_name, first, i);
|
|
|
|
|
if (first)
|
2016-02-13 20:54:15 +01:00
|
|
|
assert_se(hashmap_replace(z->by_name, dns_resource_key_name(first->rr->key), first) >= 0);
|
2014-07-29 14:24:02 +02:00
|
|
|
else
|
2016-02-13 20:54:15 +01:00
|
|
|
hashmap_remove(z->by_name, dns_resource_key_name(i->rr->key));
|
2014-07-29 14:24:02 +02:00
|
|
|
|
|
|
|
|
dns_zone_item_free(i);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void dns_zone_flush(DnsZone *z) {
|
|
|
|
|
DnsZoneItem *i;
|
|
|
|
|
|
|
|
|
|
assert(z);
|
|
|
|
|
|
|
|
|
|
while ((i = hashmap_first(z->by_key)))
|
|
|
|
|
dns_zone_item_remove_and_free(z, i);
|
|
|
|
|
|
|
|
|
|
assert(hashmap_size(z->by_key) == 0);
|
|
|
|
|
assert(hashmap_size(z->by_name) == 0);
|
|
|
|
|
|
2015-09-09 23:12:07 +02:00
|
|
|
z->by_key = hashmap_free(z->by_key);
|
|
|
|
|
z->by_name = hashmap_free(z->by_name);
|
2014-07-29 14:24:02 +02:00
|
|
|
}
|
|
|
|
|
|
2017-10-17 10:35:06 +02:00
|
|
|
DnsZoneItem* dns_zone_get(DnsZone *z, DnsResourceRecord *rr) {
|
2014-07-29 14:24:02 +02:00
|
|
|
DnsZoneItem *i;
|
|
|
|
|
|
|
|
|
|
assert(z);
|
|
|
|
|
assert(rr);
|
|
|
|
|
|
|
|
|
|
LIST_FOREACH(by_key, i, hashmap_get(z->by_key, rr->key))
|
2014-08-06 16:14:53 +02:00
|
|
|
if (dns_resource_record_equal(i->rr, rr) > 0)
|
2014-07-29 14:24:02 +02:00
|
|
|
return i;
|
|
|
|
|
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
void dns_zone_remove_rr(DnsZone *z, DnsResourceRecord *rr) {
|
|
|
|
|
DnsZoneItem *i;
|
|
|
|
|
|
|
|
|
|
assert(z);
|
|
|
|
|
assert(rr);
|
|
|
|
|
|
|
|
|
|
i = dns_zone_get(z, rr);
|
|
|
|
|
if (i)
|
|
|
|
|
dns_zone_item_remove_and_free(z, i);
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-04 10:34:39 +02:00
|
|
|
int dns_zone_remove_rrs_by_key(DnsZone *z, DnsResourceKey *key) {
|
|
|
|
|
_cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL, *soa = NULL;
|
|
|
|
|
DnsResourceRecord *rr;
|
|
|
|
|
bool tentative;
|
|
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
r = dns_zone_lookup(z, key, 0, &answer, &soa, &tentative);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
|
|
|
|
DNS_ANSWER_FOREACH(rr, answer)
|
|
|
|
|
dns_zone_remove_rr(z, rr);
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2014-07-29 14:24:02 +02:00
|
|
|
static int dns_zone_init(DnsZone *z) {
|
|
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
assert(z);
|
|
|
|
|
|
2014-08-13 01:00:18 +02:00
|
|
|
r = hashmap_ensure_allocated(&z->by_key, &dns_resource_key_hash_ops);
|
2014-07-29 14:24:02 +02:00
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
2014-08-13 01:00:18 +02:00
|
|
|
r = hashmap_ensure_allocated(&z->by_name, &dns_name_hash_ops);
|
2014-07-29 14:24:02 +02:00
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int dns_zone_link_item(DnsZone *z, DnsZoneItem *i) {
|
|
|
|
|
DnsZoneItem *first;
|
|
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
first = hashmap_get(z->by_key, i->rr->key);
|
|
|
|
|
if (first) {
|
|
|
|
|
LIST_PREPEND(by_key, first, i);
|
|
|
|
|
assert_se(hashmap_replace(z->by_key, first->rr->key, first) >= 0);
|
|
|
|
|
} else {
|
|
|
|
|
r = hashmap_put(z->by_key, i->rr->key, i);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
}
|
|
|
|
|
|
2016-02-13 20:54:15 +01:00
|
|
|
first = hashmap_get(z->by_name, dns_resource_key_name(i->rr->key));
|
2014-07-29 14:24:02 +02:00
|
|
|
if (first) {
|
|
|
|
|
LIST_PREPEND(by_name, first, i);
|
2016-02-13 20:54:15 +01:00
|
|
|
assert_se(hashmap_replace(z->by_name, dns_resource_key_name(first->rr->key), first) >= 0);
|
2014-07-29 14:24:02 +02:00
|
|
|
} else {
|
2016-02-13 20:54:15 +01:00
|
|
|
r = hashmap_put(z->by_name, dns_resource_key_name(i->rr->key), i);
|
2014-07-29 14:24:02 +02:00
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2014-07-31 17:46:40 +02:00
|
|
|
static int dns_zone_item_probe_start(DnsZoneItem *i) {
|
|
|
|
|
DnsTransaction *t;
|
|
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
assert(i);
|
|
|
|
|
|
|
|
|
|
if (i->probe_transaction)
|
|
|
|
|
return 0;
|
|
|
|
|
|
2016-02-13 20:54:15 +01:00
|
|
|
t = dns_scope_find_transaction(i->scope, &DNS_RESOURCE_KEY_CONST(i->rr->key->class, DNS_TYPE_ANY, dns_resource_key_name(i->rr->key)), false);
|
2014-07-31 17:46:40 +02:00
|
|
|
if (!t) {
|
2015-12-03 17:27:13 +01:00
|
|
|
_cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL;
|
|
|
|
|
|
2016-02-13 20:54:15 +01:00
|
|
|
key = dns_resource_key_new(i->rr->key->class, DNS_TYPE_ANY, dns_resource_key_name(i->rr->key));
|
2015-12-03 17:27:13 +01:00
|
|
|
if (!key)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
2015-08-21 22:55:01 +02:00
|
|
|
r = dns_transaction_new(&t, i->scope, key);
|
2014-07-31 17:46:40 +02:00
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
}
|
|
|
|
|
|
resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabled
This adds initial support for validating RRSIG/DNSKEY/DS chains when
doing lookups. Proof-of-non-existance, or proof-of-unsigned-zones is not
implemented yet.
With this change DnsTransaction objects will generate additional
DnsTransaction objects when looking for DNSKEY or DS RRs to validate an
RRSIG on a response. DnsTransaction objects are thus created for three
reasons now:
1) Because a user asked for something to be resolved, i.e. requested by
a DnsQuery/DnsQueryCandidate object.
2) As result of LLMNR RR probing, requested by a DnsZoneItem.
3) Because another DnsTransaction requires the requested RRs for
validation of its own response.
DnsTransactions are shared between all these users, and are GC
automatically as soon as all of these users don't need a specific
transaction anymore.
To unify the handling of these three reasons for existance for a
DnsTransaction, a new common naming is introduced: each DnsTransaction
now tracks its "owners" via a Set* object named "notify_xyz", containing
all owners to notify on completion.
A new DnsTransaction state is introduced called "VALIDATING" that is
entered after a response has been receieved which needs to be validated,
as long as we are still waiting for the DNSKEY/DS RRs from other
DnsTransactions.
This patch will request the DNSKEY/DS RRs bottom-up, and then validate
them top-down.
Caching of RRs is now only done after verification, so that the cache is
not poisoned with known invalid data.
The "DnsAnswer" object gained a substantial number of new calls, since
we need to add/remove RRs to it dynamically now.
2015-12-09 18:13:16 +01:00
|
|
|
r = set_ensure_allocated(&t->notify_zone_items, NULL);
|
2014-07-31 17:46:40 +02:00
|
|
|
if (r < 0)
|
|
|
|
|
goto gc;
|
|
|
|
|
|
2016-02-22 20:39:45 +01:00
|
|
|
r = set_ensure_allocated(&t->notify_zone_items_done, NULL);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
goto gc;
|
|
|
|
|
|
resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabled
This adds initial support for validating RRSIG/DNSKEY/DS chains when
doing lookups. Proof-of-non-existance, or proof-of-unsigned-zones is not
implemented yet.
With this change DnsTransaction objects will generate additional
DnsTransaction objects when looking for DNSKEY or DS RRs to validate an
RRSIG on a response. DnsTransaction objects are thus created for three
reasons now:
1) Because a user asked for something to be resolved, i.e. requested by
a DnsQuery/DnsQueryCandidate object.
2) As result of LLMNR RR probing, requested by a DnsZoneItem.
3) Because another DnsTransaction requires the requested RRs for
validation of its own response.
DnsTransactions are shared between all these users, and are GC
automatically as soon as all of these users don't need a specific
transaction anymore.
To unify the handling of these three reasons for existance for a
DnsTransaction, a new common naming is introduced: each DnsTransaction
now tracks its "owners" via a Set* object named "notify_xyz", containing
all owners to notify on completion.
A new DnsTransaction state is introduced called "VALIDATING" that is
entered after a response has been receieved which needs to be validated,
as long as we are still waiting for the DNSKEY/DS RRs from other
DnsTransactions.
This patch will request the DNSKEY/DS RRs bottom-up, and then validate
them top-down.
Caching of RRs is now only done after verification, so that the cache is
not poisoned with known invalid data.
The "DnsAnswer" object gained a substantial number of new calls, since
we need to add/remove RRs to it dynamically now.
2015-12-09 18:13:16 +01:00
|
|
|
r = set_put(t->notify_zone_items, i);
|
2014-07-31 17:46:40 +02:00
|
|
|
if (r < 0)
|
|
|
|
|
goto gc;
|
|
|
|
|
|
|
|
|
|
i->probe_transaction = t;
|
2016-12-02 14:01:56 +01:00
|
|
|
t->probing = true;
|
2014-07-31 17:46:40 +02:00
|
|
|
|
|
|
|
|
if (t->state == DNS_TRANSACTION_NULL) {
|
|
|
|
|
|
|
|
|
|
i->block_ready++;
|
|
|
|
|
r = dns_transaction_go(t);
|
|
|
|
|
i->block_ready--;
|
|
|
|
|
|
|
|
|
|
if (r < 0) {
|
|
|
|
|
dns_zone_item_probe_stop(i);
|
|
|
|
|
return r;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabled
This adds initial support for validating RRSIG/DNSKEY/DS chains when
doing lookups. Proof-of-non-existance, or proof-of-unsigned-zones is not
implemented yet.
With this change DnsTransaction objects will generate additional
DnsTransaction objects when looking for DNSKEY or DS RRs to validate an
RRSIG on a response. DnsTransaction objects are thus created for three
reasons now:
1) Because a user asked for something to be resolved, i.e. requested by
a DnsQuery/DnsQueryCandidate object.
2) As result of LLMNR RR probing, requested by a DnsZoneItem.
3) Because another DnsTransaction requires the requested RRs for
validation of its own response.
DnsTransactions are shared between all these users, and are GC
automatically as soon as all of these users don't need a specific
transaction anymore.
To unify the handling of these three reasons for existance for a
DnsTransaction, a new common naming is introduced: each DnsTransaction
now tracks its "owners" via a Set* object named "notify_xyz", containing
all owners to notify on completion.
A new DnsTransaction state is introduced called "VALIDATING" that is
entered after a response has been receieved which needs to be validated,
as long as we are still waiting for the DNSKEY/DS RRs from other
DnsTransactions.
This patch will request the DNSKEY/DS RRs bottom-up, and then validate
them top-down.
Caching of RRs is now only done after verification, so that the cache is
not poisoned with known invalid data.
The "DnsAnswer" object gained a substantial number of new calls, since
we need to add/remove RRs to it dynamically now.
2015-12-09 18:13:16 +01:00
|
|
|
dns_zone_item_notify(i);
|
2014-07-31 17:46:40 +02:00
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
gc:
|
|
|
|
|
dns_transaction_gc(t);
|
|
|
|
|
return r;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int dns_zone_put(DnsZone *z, DnsScope *s, DnsResourceRecord *rr, bool probe) {
|
2014-07-29 14:24:02 +02:00
|
|
|
_cleanup_(dns_zone_item_freep) DnsZoneItem *i = NULL;
|
|
|
|
|
DnsZoneItem *existing;
|
|
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
assert(z);
|
2014-07-31 17:46:40 +02:00
|
|
|
assert(s);
|
2014-07-29 14:24:02 +02:00
|
|
|
assert(rr);
|
|
|
|
|
|
2015-12-18 19:06:23 +01:00
|
|
|
if (dns_class_is_pseudo(rr->key->class))
|
2014-07-30 02:04:07 +02:00
|
|
|
return -EINVAL;
|
2015-12-18 19:06:23 +01:00
|
|
|
if (dns_type_is_pseudo(rr->key->type))
|
2014-07-30 02:04:07 +02:00
|
|
|
return -EINVAL;
|
|
|
|
|
|
2014-07-29 14:24:02 +02:00
|
|
|
existing = dns_zone_get(z, rr);
|
|
|
|
|
if (existing)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
r = dns_zone_init(z);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
|
|
|
|
i = new0(DnsZoneItem, 1);
|
|
|
|
|
if (!i)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
2014-07-31 17:46:40 +02:00
|
|
|
i->scope = s;
|
2014-07-29 14:24:02 +02:00
|
|
|
i->rr = dns_resource_record_ref(rr);
|
2014-07-31 17:46:40 +02:00
|
|
|
i->probing_enabled = probe;
|
2014-07-29 14:24:02 +02:00
|
|
|
|
|
|
|
|
r = dns_zone_link_item(z, i);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
2014-07-31 17:46:40 +02:00
|
|
|
if (probe) {
|
2014-08-05 01:38:13 +02:00
|
|
|
DnsZoneItem *first, *j;
|
|
|
|
|
bool established = false;
|
|
|
|
|
|
|
|
|
|
/* Check if there's already an RR with the same name
|
|
|
|
|
* established. If so, it has been probed already, and
|
|
|
|
|
* we don't ned to probe again. */
|
|
|
|
|
|
|
|
|
|
LIST_FIND_HEAD(by_name, i, first);
|
|
|
|
|
LIST_FOREACH(by_name, j, first) {
|
|
|
|
|
if (i == j)
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
if (j->state == DNS_ZONE_ITEM_ESTABLISHED)
|
|
|
|
|
established = true;
|
2014-07-31 17:46:40 +02:00
|
|
|
}
|
|
|
|
|
|
2014-08-05 01:38:13 +02:00
|
|
|
if (established)
|
|
|
|
|
i->state = DNS_ZONE_ITEM_ESTABLISHED;
|
|
|
|
|
else {
|
2014-08-05 04:16:26 +02:00
|
|
|
i->state = DNS_ZONE_ITEM_PROBING;
|
|
|
|
|
|
2014-08-05 01:38:13 +02:00
|
|
|
r = dns_zone_item_probe_start(i);
|
|
|
|
|
if (r < 0) {
|
|
|
|
|
dns_zone_item_remove_and_free(z, i);
|
|
|
|
|
i = NULL;
|
|
|
|
|
return r;
|
|
|
|
|
}
|
|
|
|
|
}
|
2014-07-31 17:46:40 +02:00
|
|
|
} else
|
|
|
|
|
i->state = DNS_ZONE_ITEM_ESTABLISHED;
|
|
|
|
|
|
2014-07-29 14:24:02 +02:00
|
|
|
i = NULL;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2017-10-31 09:34:58 +01:00
|
|
|
static int dns_zone_add_authenticated_answer(DnsAnswer *a, DnsZoneItem *i, int ifindex) {
|
|
|
|
|
DnsAnswerFlags flags;
|
|
|
|
|
|
|
|
|
|
/* From RFC 6762, Section 10.2
|
|
|
|
|
* "They (the rules about when to set the cache-flush bit) apply to
|
|
|
|
|
* startup announcements as described in Section 8.3, "Announcing",
|
|
|
|
|
* and to responses generated as a result of receiving query messages."
|
|
|
|
|
* So, set the cache-flush bit for mDNS answers except for DNS-SD
|
|
|
|
|
* service enumeration PTRs described in RFC 6763, Section 4.1. */
|
|
|
|
|
if (i->scope->protocol == DNS_PROTOCOL_MDNS &&
|
|
|
|
|
!dns_resource_key_is_dnssd_ptr(i->rr->key))
|
|
|
|
|
flags = DNS_ANSWER_AUTHENTICATED|DNS_ANSWER_CACHE_FLUSH;
|
|
|
|
|
else
|
|
|
|
|
flags = DNS_ANSWER_AUTHENTICATED;
|
|
|
|
|
|
|
|
|
|
return dns_answer_add(a, i->rr, ifindex, flags);
|
|
|
|
|
}
|
|
|
|
|
|
2016-06-14 23:28:54 +02:00
|
|
|
int dns_zone_lookup(DnsZone *z, DnsResourceKey *key, int ifindex, DnsAnswer **ret_answer, DnsAnswer **ret_soa, bool *ret_tentative) {
|
2014-07-30 16:30:25 +02:00
|
|
|
_cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL, *soa = NULL;
|
2015-11-18 15:30:54 +01:00
|
|
|
unsigned n_answer = 0;
|
|
|
|
|
DnsZoneItem *j, *first;
|
|
|
|
|
bool tentative = true, need_soa = false;
|
2014-07-30 02:06:09 +02:00
|
|
|
int r;
|
2014-07-29 14:24:02 +02:00
|
|
|
|
2016-06-14 23:28:54 +02:00
|
|
|
/* Note that we don't actually need the ifindex for anything. However when it is passed we'll initialize the
|
|
|
|
|
* ifindex field in the answer with it */
|
|
|
|
|
|
2014-07-29 14:24:02 +02:00
|
|
|
assert(z);
|
2015-11-18 15:30:54 +01:00
|
|
|
assert(key);
|
2014-07-30 16:30:25 +02:00
|
|
|
assert(ret_answer);
|
2014-07-29 14:24:02 +02:00
|
|
|
|
2015-11-18 15:30:54 +01:00
|
|
|
/* First iteration, count what we have */
|
2014-07-31 17:46:40 +02:00
|
|
|
|
2015-11-18 15:30:54 +01:00
|
|
|
if (key->type == DNS_TYPE_ANY || key->class == DNS_CLASS_ANY) {
|
|
|
|
|
bool found = false, added = false;
|
|
|
|
|
int k;
|
2014-07-29 14:24:02 +02:00
|
|
|
|
2015-11-18 15:30:54 +01:00
|
|
|
/* If this is a generic match, then we have to
|
|
|
|
|
* go through the list by the name and look
|
|
|
|
|
* for everything manually */
|
2014-07-29 14:24:02 +02:00
|
|
|
|
2016-02-13 20:54:15 +01:00
|
|
|
first = hashmap_get(z->by_name, dns_resource_key_name(key));
|
2015-11-18 15:30:54 +01:00
|
|
|
LIST_FOREACH(by_name, j, first) {
|
|
|
|
|
if (!IN_SET(j->state, DNS_ZONE_ITEM_PROBING, DNS_ZONE_ITEM_ESTABLISHED, DNS_ZONE_ITEM_VERIFYING))
|
|
|
|
|
continue;
|
2014-07-30 02:06:09 +02:00
|
|
|
|
2015-11-18 15:30:54 +01:00
|
|
|
found = true;
|
2014-07-30 02:06:09 +02:00
|
|
|
|
2015-11-25 20:47:27 +01:00
|
|
|
k = dns_resource_key_match_rr(key, j->rr, NULL);
|
2015-11-18 15:30:54 +01:00
|
|
|
if (k < 0)
|
|
|
|
|
return k;
|
|
|
|
|
if (k > 0) {
|
|
|
|
|
n_answer++;
|
|
|
|
|
added = true;
|
|
|
|
|
}
|
2014-07-31 17:46:40 +02:00
|
|
|
|
2015-11-18 15:30:54 +01:00
|
|
|
}
|
2014-07-31 17:46:40 +02:00
|
|
|
|
2015-11-18 15:30:54 +01:00
|
|
|
if (found && !added)
|
|
|
|
|
need_soa = true;
|
2014-07-31 17:46:40 +02:00
|
|
|
|
2015-11-18 15:30:54 +01:00
|
|
|
} else {
|
|
|
|
|
bool found = false;
|
2014-07-30 02:06:09 +02:00
|
|
|
|
2015-11-18 15:30:54 +01:00
|
|
|
/* If this is a specific match, then look for
|
|
|
|
|
* the right key immediately */
|
2014-07-31 17:46:40 +02:00
|
|
|
|
2015-11-18 15:30:54 +01:00
|
|
|
first = hashmap_get(z->by_key, key);
|
|
|
|
|
LIST_FOREACH(by_key, j, first) {
|
|
|
|
|
if (!IN_SET(j->state, DNS_ZONE_ITEM_PROBING, DNS_ZONE_ITEM_ESTABLISHED, DNS_ZONE_ITEM_VERIFYING))
|
|
|
|
|
continue;
|
2014-07-31 17:46:40 +02:00
|
|
|
|
2015-11-18 15:30:54 +01:00
|
|
|
found = true;
|
|
|
|
|
n_answer++;
|
|
|
|
|
}
|
2014-07-31 17:46:40 +02:00
|
|
|
|
2015-11-18 15:30:54 +01:00
|
|
|
if (!found) {
|
2016-02-13 20:54:15 +01:00
|
|
|
first = hashmap_get(z->by_name, dns_resource_key_name(key));
|
2015-11-18 15:30:54 +01:00
|
|
|
LIST_FOREACH(by_name, j, first) {
|
2014-07-31 17:46:40 +02:00
|
|
|
if (!IN_SET(j->state, DNS_ZONE_ITEM_PROBING, DNS_ZONE_ITEM_ESTABLISHED, DNS_ZONE_ITEM_VERIFYING))
|
|
|
|
|
continue;
|
|
|
|
|
|
2015-11-18 15:30:54 +01:00
|
|
|
need_soa = true;
|
|
|
|
|
break;
|
2014-07-30 02:06:09 +02:00
|
|
|
}
|
|
|
|
|
}
|
2014-07-29 14:24:02 +02:00
|
|
|
}
|
|
|
|
|
|
2015-11-18 15:30:54 +01:00
|
|
|
if (n_answer <= 0 && !need_soa)
|
|
|
|
|
goto return_empty;
|
2014-07-29 14:24:02 +02:00
|
|
|
|
2014-07-30 16:30:25 +02:00
|
|
|
if (n_answer > 0) {
|
|
|
|
|
answer = dns_answer_new(n_answer);
|
|
|
|
|
if (!answer)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
}
|
2014-07-29 14:24:02 +02:00
|
|
|
|
2015-11-18 15:30:54 +01:00
|
|
|
if (need_soa) {
|
|
|
|
|
soa = dns_answer_new(1);
|
2014-07-30 16:30:25 +02:00
|
|
|
if (!soa)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Second iteration, actually add the RRs to the answers */
|
2015-11-18 15:30:54 +01:00
|
|
|
if (key->type == DNS_TYPE_ANY || key->class == DNS_CLASS_ANY) {
|
|
|
|
|
bool found = false, added = false;
|
|
|
|
|
int k;
|
2014-07-30 02:06:09 +02:00
|
|
|
|
2016-02-13 20:54:15 +01:00
|
|
|
first = hashmap_get(z->by_name, dns_resource_key_name(key));
|
2015-11-18 15:30:54 +01:00
|
|
|
LIST_FOREACH(by_name, j, first) {
|
|
|
|
|
if (!IN_SET(j->state, DNS_ZONE_ITEM_PROBING, DNS_ZONE_ITEM_ESTABLISHED, DNS_ZONE_ITEM_VERIFYING))
|
|
|
|
|
continue;
|
2014-07-31 17:46:40 +02:00
|
|
|
|
2015-11-18 15:30:54 +01:00
|
|
|
found = true;
|
2014-07-31 17:46:40 +02:00
|
|
|
|
2015-11-18 15:30:54 +01:00
|
|
|
if (j->state != DNS_ZONE_ITEM_PROBING)
|
|
|
|
|
tentative = false;
|
2014-07-31 17:46:40 +02:00
|
|
|
|
2015-11-25 20:47:27 +01:00
|
|
|
k = dns_resource_key_match_rr(key, j->rr, NULL);
|
2015-11-18 15:30:54 +01:00
|
|
|
if (k < 0)
|
|
|
|
|
return k;
|
|
|
|
|
if (k > 0) {
|
2017-10-31 09:34:58 +01:00
|
|
|
r = dns_zone_add_authenticated_answer(answer, j, ifindex);
|
2014-07-30 02:06:09 +02:00
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
2015-11-18 15:30:54 +01:00
|
|
|
|
|
|
|
|
added = true;
|
2014-07-30 02:06:09 +02:00
|
|
|
}
|
2015-11-18 15:30:54 +01:00
|
|
|
}
|
2014-07-30 02:06:09 +02:00
|
|
|
|
2015-11-18 15:30:54 +01:00
|
|
|
if (found && !added) {
|
2016-06-14 23:28:54 +02:00
|
|
|
r = dns_answer_add_soa(soa, dns_resource_key_name(key), LLMNR_DEFAULT_TTL, ifindex);
|
2015-11-18 15:30:54 +01:00
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
}
|
|
|
|
|
} else {
|
|
|
|
|
bool found = false;
|
2014-07-31 17:46:40 +02:00
|
|
|
|
2015-11-18 15:30:54 +01:00
|
|
|
first = hashmap_get(z->by_key, key);
|
|
|
|
|
LIST_FOREACH(by_key, j, first) {
|
|
|
|
|
if (!IN_SET(j->state, DNS_ZONE_ITEM_PROBING, DNS_ZONE_ITEM_ESTABLISHED, DNS_ZONE_ITEM_VERIFYING))
|
|
|
|
|
continue;
|
2014-07-31 17:46:40 +02:00
|
|
|
|
2015-11-18 15:30:54 +01:00
|
|
|
found = true;
|
2014-07-31 17:46:40 +02:00
|
|
|
|
2015-11-18 15:30:54 +01:00
|
|
|
if (j->state != DNS_ZONE_ITEM_PROBING)
|
|
|
|
|
tentative = false;
|
2014-07-31 17:46:40 +02:00
|
|
|
|
2017-10-31 09:34:58 +01:00
|
|
|
r = dns_zone_add_authenticated_answer(answer, j, ifindex);
|
2015-11-18 15:30:54 +01:00
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
}
|
2014-07-31 17:46:40 +02:00
|
|
|
|
2015-11-18 15:30:54 +01:00
|
|
|
if (!found) {
|
|
|
|
|
bool add_soa = false;
|
2014-07-31 17:46:40 +02:00
|
|
|
|
2016-02-13 20:54:15 +01:00
|
|
|
first = hashmap_get(z->by_name, dns_resource_key_name(key));
|
2015-11-18 15:30:54 +01:00
|
|
|
LIST_FOREACH(by_name, j, first) {
|
|
|
|
|
if (!IN_SET(j->state, DNS_ZONE_ITEM_PROBING, DNS_ZONE_ITEM_ESTABLISHED, DNS_ZONE_ITEM_VERIFYING))
|
|
|
|
|
continue;
|
2014-07-31 17:46:40 +02:00
|
|
|
|
2015-11-18 15:30:54 +01:00
|
|
|
if (j->state != DNS_ZONE_ITEM_PROBING)
|
|
|
|
|
tentative = false;
|
2014-07-31 17:46:40 +02:00
|
|
|
|
2015-11-18 15:30:54 +01:00
|
|
|
add_soa = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (add_soa) {
|
2016-06-14 23:28:54 +02:00
|
|
|
r = dns_answer_add_soa(soa, dns_resource_key_name(key), LLMNR_DEFAULT_TTL, ifindex);
|
2015-11-18 15:30:54 +01:00
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
2014-07-30 02:06:09 +02:00
|
|
|
}
|
2014-07-29 14:24:02 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-18 15:30:54 +01:00
|
|
|
/* If the caller sets ret_tentative to NULL, then use this as
|
|
|
|
|
* indication to not return tentative entries */
|
|
|
|
|
|
|
|
|
|
if (!ret_tentative && tentative)
|
|
|
|
|
goto return_empty;
|
|
|
|
|
|
2014-07-30 16:30:25 +02:00
|
|
|
*ret_answer = answer;
|
2014-07-29 14:24:02 +02:00
|
|
|
answer = NULL;
|
|
|
|
|
|
2015-11-18 15:30:54 +01:00
|
|
|
if (ret_soa) {
|
|
|
|
|
*ret_soa = soa;
|
|
|
|
|
soa = NULL;
|
|
|
|
|
}
|
2014-07-30 16:30:25 +02:00
|
|
|
|
2014-07-31 17:46:40 +02:00
|
|
|
if (ret_tentative)
|
|
|
|
|
*ret_tentative = tentative;
|
|
|
|
|
|
2014-07-29 14:24:02 +02:00
|
|
|
return 1;
|
2015-11-18 15:30:54 +01:00
|
|
|
|
|
|
|
|
return_empty:
|
|
|
|
|
*ret_answer = NULL;
|
|
|
|
|
|
|
|
|
|
if (ret_soa)
|
|
|
|
|
*ret_soa = NULL;
|
|
|
|
|
|
|
|
|
|
if (ret_tentative)
|
|
|
|
|
*ret_tentative = false;
|
|
|
|
|
|
|
|
|
|
return 0;
|
2014-07-29 14:24:02 +02:00
|
|
|
}
|
2014-07-31 17:46:40 +02:00
|
|
|
|
|
|
|
|
void dns_zone_item_conflict(DnsZoneItem *i) {
|
|
|
|
|
assert(i);
|
|
|
|
|
|
2014-08-06 16:15:35 +02:00
|
|
|
if (!IN_SET(i->state, DNS_ZONE_ITEM_PROBING, DNS_ZONE_ITEM_VERIFYING, DNS_ZONE_ITEM_ESTABLISHED))
|
|
|
|
|
return;
|
|
|
|
|
|
2015-12-21 16:31:29 +01:00
|
|
|
log_info("Detected conflict on %s", strna(dns_resource_record_to_string(i->rr)));
|
2014-07-31 17:46:40 +02:00
|
|
|
|
2014-08-05 04:17:45 +02:00
|
|
|
dns_zone_item_probe_stop(i);
|
|
|
|
|
|
2014-07-31 17:46:40 +02:00
|
|
|
/* Withdraw the conflict item */
|
|
|
|
|
i->state = DNS_ZONE_ITEM_WITHDRAWN;
|
|
|
|
|
|
2017-10-23 13:46:13 +02:00
|
|
|
dnssd_signal_conflict(i->scope->manager, dns_resource_key_name(i->rr->key));
|
|
|
|
|
|
2014-07-31 17:46:40 +02:00
|
|
|
/* Maybe change the hostname */
|
2016-02-13 20:54:15 +01:00
|
|
|
if (manager_is_own_hostname(i->scope->manager, dns_resource_key_name(i->rr->key)) > 0)
|
2014-07-31 17:46:40 +02:00
|
|
|
manager_next_hostname(i->scope->manager);
|
|
|
|
|
}
|
|
|
|
|
|
resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabled
This adds initial support for validating RRSIG/DNSKEY/DS chains when
doing lookups. Proof-of-non-existance, or proof-of-unsigned-zones is not
implemented yet.
With this change DnsTransaction objects will generate additional
DnsTransaction objects when looking for DNSKEY or DS RRs to validate an
RRSIG on a response. DnsTransaction objects are thus created for three
reasons now:
1) Because a user asked for something to be resolved, i.e. requested by
a DnsQuery/DnsQueryCandidate object.
2) As result of LLMNR RR probing, requested by a DnsZoneItem.
3) Because another DnsTransaction requires the requested RRs for
validation of its own response.
DnsTransactions are shared between all these users, and are GC
automatically as soon as all of these users don't need a specific
transaction anymore.
To unify the handling of these three reasons for existance for a
DnsTransaction, a new common naming is introduced: each DnsTransaction
now tracks its "owners" via a Set* object named "notify_xyz", containing
all owners to notify on completion.
A new DnsTransaction state is introduced called "VALIDATING" that is
entered after a response has been receieved which needs to be validated,
as long as we are still waiting for the DNSKEY/DS RRs from other
DnsTransactions.
This patch will request the DNSKEY/DS RRs bottom-up, and then validate
them top-down.
Caching of RRs is now only done after verification, so that the cache is
not poisoned with known invalid data.
The "DnsAnswer" object gained a substantial number of new calls, since
we need to add/remove RRs to it dynamically now.
2015-12-09 18:13:16 +01:00
|
|
|
void dns_zone_item_notify(DnsZoneItem *i) {
|
2014-07-31 17:46:40 +02:00
|
|
|
assert(i);
|
|
|
|
|
assert(i->probe_transaction);
|
|
|
|
|
|
|
|
|
|
if (i->block_ready > 0)
|
|
|
|
|
return;
|
|
|
|
|
|
resolved: chase DNSKEY/DS RRs when doing look-ups with DNSSEC enabled
This adds initial support for validating RRSIG/DNSKEY/DS chains when
doing lookups. Proof-of-non-existance, or proof-of-unsigned-zones is not
implemented yet.
With this change DnsTransaction objects will generate additional
DnsTransaction objects when looking for DNSKEY or DS RRs to validate an
RRSIG on a response. DnsTransaction objects are thus created for three
reasons now:
1) Because a user asked for something to be resolved, i.e. requested by
a DnsQuery/DnsQueryCandidate object.
2) As result of LLMNR RR probing, requested by a DnsZoneItem.
3) Because another DnsTransaction requires the requested RRs for
validation of its own response.
DnsTransactions are shared between all these users, and are GC
automatically as soon as all of these users don't need a specific
transaction anymore.
To unify the handling of these three reasons for existance for a
DnsTransaction, a new common naming is introduced: each DnsTransaction
now tracks its "owners" via a Set* object named "notify_xyz", containing
all owners to notify on completion.
A new DnsTransaction state is introduced called "VALIDATING" that is
entered after a response has been receieved which needs to be validated,
as long as we are still waiting for the DNSKEY/DS RRs from other
DnsTransactions.
This patch will request the DNSKEY/DS RRs bottom-up, and then validate
them top-down.
Caching of RRs is now only done after verification, so that the cache is
not poisoned with known invalid data.
The "DnsAnswer" object gained a substantial number of new calls, since
we need to add/remove RRs to it dynamically now.
2015-12-09 18:13:16 +01:00
|
|
|
if (IN_SET(i->probe_transaction->state, DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING, DNS_TRANSACTION_VALIDATING))
|
2014-07-31 17:46:40 +02:00
|
|
|
return;
|
|
|
|
|
|
2014-08-06 16:15:35 +02:00
|
|
|
if (i->probe_transaction->state == DNS_TRANSACTION_SUCCESS) {
|
|
|
|
|
bool we_lost = false;
|
2014-07-31 17:46:40 +02:00
|
|
|
|
2014-08-06 16:15:35 +02:00
|
|
|
/* The probe got a successful reply. If we so far
|
2017-10-13 11:19:21 +02:00
|
|
|
* weren't established we just give up.
|
|
|
|
|
*
|
|
|
|
|
* In LLMNR case if we already
|
2014-08-06 16:15:35 +02:00
|
|
|
* were established, and the peer has the
|
2014-08-10 22:48:16 +02:00
|
|
|
* lexicographically larger IP address we continue
|
2014-08-06 16:15:35 +02:00
|
|
|
* and defend it. */
|
|
|
|
|
|
2014-08-06 17:21:00 +02:00
|
|
|
if (!IN_SET(i->state, DNS_ZONE_ITEM_ESTABLISHED, DNS_ZONE_ITEM_VERIFYING)) {
|
|
|
|
|
log_debug("Got a successful probe for not yet established RR, we lost.");
|
2014-08-06 16:15:35 +02:00
|
|
|
we_lost = true;
|
2017-10-13 11:19:21 +02:00
|
|
|
} else if (i->probe_transaction->scope->protocol == DNS_PROTOCOL_LLMNR) {
|
2014-08-06 16:15:35 +02:00
|
|
|
assert(i->probe_transaction->received);
|
2014-08-10 22:48:16 +02:00
|
|
|
we_lost = memcmp(&i->probe_transaction->received->sender, &i->probe_transaction->received->destination, FAMILY_ADDRESS_SIZE(i->probe_transaction->received->family)) < 0;
|
2014-08-06 17:21:00 +02:00
|
|
|
if (we_lost)
|
2014-08-10 22:48:16 +02:00
|
|
|
log_debug("Got a successful probe reply for an established RR, and we have a lexicographically larger IP address and thus lost.");
|
2014-08-06 16:15:35 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (we_lost) {
|
|
|
|
|
dns_zone_item_conflict(i);
|
|
|
|
|
return;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
log_debug("Got a successful probe reply, but peer has lexicographically lower IP address and thus lost.");
|
|
|
|
|
}
|
|
|
|
|
|
2015-12-21 16:31:29 +01:00
|
|
|
log_debug("Record %s successfully probed.", strna(dns_resource_record_to_string(i->rr)));
|
2014-07-31 17:46:40 +02:00
|
|
|
|
2014-08-06 16:15:35 +02:00
|
|
|
dns_zone_item_probe_stop(i);
|
|
|
|
|
i->state = DNS_ZONE_ITEM_ESTABLISHED;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
static int dns_zone_item_verify(DnsZoneItem *i) {
|
|
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
assert(i);
|
|
|
|
|
|
|
|
|
|
if (i->state != DNS_ZONE_ITEM_ESTABLISHED)
|
|
|
|
|
return 0;
|
|
|
|
|
|
2015-12-21 16:31:29 +01:00
|
|
|
log_debug("Verifying RR %s", strna(dns_resource_record_to_string(i->rr)));
|
2014-08-06 17:21:00 +02:00
|
|
|
|
2014-08-06 16:15:35 +02:00
|
|
|
i->state = DNS_ZONE_ITEM_VERIFYING;
|
|
|
|
|
r = dns_zone_item_probe_start(i);
|
|
|
|
|
if (r < 0) {
|
2014-11-28 13:19:16 +01:00
|
|
|
log_error_errno(r, "Failed to start probing for verifying RR: %m");
|
2014-07-31 17:46:40 +02:00
|
|
|
i->state = DNS_ZONE_ITEM_ESTABLISHED;
|
2014-08-06 16:15:35 +02:00
|
|
|
return r;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int dns_zone_check_conflicts(DnsZone *zone, DnsResourceRecord *rr) {
|
|
|
|
|
DnsZoneItem *i, *first;
|
2014-08-12 04:42:33 +02:00
|
|
|
int c = 0;
|
2014-08-06 16:15:35 +02:00
|
|
|
|
|
|
|
|
assert(zone);
|
|
|
|
|
assert(rr);
|
|
|
|
|
|
|
|
|
|
/* This checks whether a response RR we received from somebody
|
|
|
|
|
* else is one that we actually thought was uniquely ours. If
|
|
|
|
|
* so, we'll verify our RRs. */
|
|
|
|
|
|
|
|
|
|
/* No conflict if we don't have the name at all. */
|
2016-02-13 20:54:15 +01:00
|
|
|
first = hashmap_get(zone->by_name, dns_resource_key_name(rr->key));
|
2014-08-06 16:15:35 +02:00
|
|
|
if (!first)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
/* No conflict if we have the exact same RR */
|
|
|
|
|
if (dns_zone_get(zone, rr))
|
|
|
|
|
return 0;
|
|
|
|
|
|
2017-10-27 11:16:54 +02:00
|
|
|
/* No conflict if it is DNS-SD RR used for service enumeration. */
|
|
|
|
|
if (dns_resource_key_is_dnssd_ptr(rr->key))
|
|
|
|
|
return 0;
|
|
|
|
|
|
2014-08-06 16:15:35 +02:00
|
|
|
/* OK, somebody else has RRs for the same name. Yuck! Let's
|
|
|
|
|
* start probing again */
|
|
|
|
|
|
|
|
|
|
LIST_FOREACH(by_name, i, first) {
|
|
|
|
|
if (dns_resource_record_equal(i->rr, rr))
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
dns_zone_item_verify(i);
|
|
|
|
|
c++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return c;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int dns_zone_verify_conflicts(DnsZone *zone, DnsResourceKey *key) {
|
|
|
|
|
DnsZoneItem *i, *first;
|
2014-08-12 04:42:33 +02:00
|
|
|
int c = 0;
|
2014-08-06 16:15:35 +02:00
|
|
|
|
|
|
|
|
assert(zone);
|
|
|
|
|
|
|
|
|
|
/* Somebody else notified us about a possible conflict. Let's
|
|
|
|
|
* verify if that's true. */
|
|
|
|
|
|
2016-02-13 20:54:15 +01:00
|
|
|
first = hashmap_get(zone->by_name, dns_resource_key_name(key));
|
2014-08-06 16:15:35 +02:00
|
|
|
if (!first)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
LIST_FOREACH(by_name, i, first) {
|
|
|
|
|
dns_zone_item_verify(i);
|
|
|
|
|
c++;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return c;
|
2014-07-31 17:46:40 +02:00
|
|
|
}
|
2014-08-06 16:59:48 +02:00
|
|
|
|
|
|
|
|
void dns_zone_verify_all(DnsZone *zone) {
|
|
|
|
|
DnsZoneItem *i;
|
|
|
|
|
Iterator iterator;
|
|
|
|
|
|
|
|
|
|
assert(zone);
|
|
|
|
|
|
|
|
|
|
HASHMAP_FOREACH(i, zone->by_key, iterator) {
|
|
|
|
|
DnsZoneItem *j;
|
|
|
|
|
|
|
|
|
|
LIST_FOREACH(by_key, j, i)
|
|
|
|
|
dns_zone_item_verify(j);
|
|
|
|
|
}
|
|
|
|
|
}
|
2015-08-26 09:41:45 +02:00
|
|
|
|
|
|
|
|
void dns_zone_dump(DnsZone *zone, FILE *f) {
|
|
|
|
|
Iterator iterator;
|
|
|
|
|
DnsZoneItem *i;
|
|
|
|
|
|
|
|
|
|
if (!zone)
|
|
|
|
|
return;
|
|
|
|
|
|
|
|
|
|
if (!f)
|
|
|
|
|
f = stdout;
|
|
|
|
|
|
|
|
|
|
HASHMAP_FOREACH(i, zone->by_key, iterator) {
|
|
|
|
|
DnsZoneItem *j;
|
|
|
|
|
|
|
|
|
|
LIST_FOREACH(by_key, j, i) {
|
2015-12-21 16:31:29 +01:00
|
|
|
const char *t;
|
2015-08-26 09:41:45 +02:00
|
|
|
|
2015-12-21 16:31:29 +01:00
|
|
|
t = dns_resource_record_to_string(j->rr);
|
|
|
|
|
if (!t) {
|
2015-08-26 09:41:45 +02:00
|
|
|
log_oom();
|
|
|
|
|
continue;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
fputc('\t', f);
|
|
|
|
|
fputs(t, f);
|
|
|
|
|
fputc('\n', f);
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
bool dns_zone_is_empty(DnsZone *zone) {
|
|
|
|
|
if (!zone)
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
return hashmap_isempty(zone->by_key);
|
|
|
|
|
}
|
2017-10-04 09:07:44 +02:00
|
|
|
|
|
|
|
|
bool dns_zone_contains_name(DnsZone *z, const char *name) {
|
|
|
|
|
DnsZoneItem *i, *first;
|
|
|
|
|
|
|
|
|
|
first = hashmap_get(z->by_name, name);
|
|
|
|
|
if (!first)
|
|
|
|
|
return false;
|
|
|
|
|
|
|
|
|
|
LIST_FOREACH(by_name, i, first) {
|
|
|
|
|
if (!IN_SET(i->state, DNS_ZONE_ITEM_PROBING, DNS_ZONE_ITEM_ESTABLISHED, DNS_ZONE_ITEM_VERIFYING))
|
|
|
|
|
continue;
|
|
|
|
|
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
}
|