resolved: explicitly refuse zone transfers using the bus API

2016-06-20 19:32:51 +02:00 · 2016-06-20 19:32:51 +02:00 · 6ebd1e33e6
parent 0a0fc27b80
commit 6ebd1e33e6
3 changed files with 12 additions and 0 deletions
--- a/src/resolve/dns-type.c
+++ b/src/resolve/dns-type.c
@ -96,6 +96,15 @@ bool dns_type_is_valid_query(uint16_t type) {
                       DNS_TYPE_RRSIG);
 }

+bool dns_type_is_zone_transer(uint16_t type) {
+
+        /* Zone transfers, either normal or incremental */
+
+        return IN_SET(type,
+                      DNS_TYPE_AXFR,
+                      DNS_TYPE_IXFR);
+}
+
 bool dns_type_is_valid_rr(uint16_t type) {

        /* The types valid as RR in packets (but not necessarily
--- a/src/resolve/dns-type.h
+++ b/src/resolve/dns-type.h
@ -136,6 +136,7 @@ bool dns_type_is_obsolete(uint16_t type);
 bool dns_type_may_wildcard(uint16_t type);
 bool dns_type_apex_only(uint16_t type);
 bool dns_type_needs_authentication(uint16_t type);
+bool dns_type_is_zone_transer(uint16_t type);
 int dns_type_to_af(uint16_t type);

 bool dns_class_is_pseudo(uint16_t class);
--- a/src/resolve/resolved-bus.c
+++ b/src/resolve/resolved-bus.c
@ -647,6 +647,8 @@ static int bus_method_resolve_record(sd_bus_message *message, void *userdata, sd

        if (!dns_type_is_valid_query(type))
                return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Specified resource record type %" PRIu16 " may not be used in a query.", type);
+        if (dns_type_is_zone_transer(type))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Zone transfers not permitted via this programming interface.");
        if (dns_type_is_obsolete(type))
                return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Specified DNS resource record type %" PRIu16 " is obsolete.", type);