From 1bf968f36393666f2c57953b1748e6219c027dee Mon Sep 17 00:00:00 2001 From: Tom Gundersen Date: Mon, 13 Jul 2015 00:21:50 +0200 Subject: [PATCH 1/4] resolved: rr - print DNSKEY and RRSIG in base64 As mandated by RFC4034. --- TODO | 1 - src/resolve/resolved-dns-rr.c | 4 ++-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/TODO b/TODO index 2904e2b445..17295fe383 100644 --- a/TODO +++ b/TODO @@ -342,7 +342,6 @@ Features: - put networkd events and rtnl events at a higher priority, so that we always process them before we process client requests - DNSSEC - - use base64 for key presentation? - add display of private key types (http://tools.ietf.org/html/rfc4034#appendix-A.1.1)? - add nice formatting of DNS timestamps - DNS diff --git a/src/resolve/resolved-dns-rr.c b/src/resolve/resolved-dns-rr.c index c1818eef9c..f46f8689c3 100644 --- a/src/resolve/resolved-dns-rr.c +++ b/src/resolve/resolved-dns-rr.c @@ -608,7 +608,7 @@ int dns_resource_record_to_string(const DnsResourceRecord *rr, char **ret) { alg = dnssec_algorithm_to_string(rr->dnskey.algorithm); - t = hexmem(rr->dnskey.key, rr->dnskey.key_size); + t = base64mem(rr->dnskey.key, rr->dnskey.key_size); if (!t) return -ENOMEM; @@ -629,7 +629,7 @@ int dns_resource_record_to_string(const DnsResourceRecord *rr, char **ret) { type = dns_type_to_string(rr->rrsig.type_covered); alg = dnssec_algorithm_to_string(rr->rrsig.algorithm); - t = hexmem(rr->rrsig.signature, rr->rrsig.signature_size); + t = base64mem(rr->rrsig.signature, rr->rrsig.signature_size); if (!t) return -ENOMEM; From 7c6423e19136a7b7b6ef3fe06b94822e582dda27 Mon Sep 17 00:00:00 2001 From: Tom Gundersen Date: Mon, 13 Jul 2015 00:58:00 +0200 Subject: [PATCH 2/4] resolved: rr - print formated timestamps in RRSIG --- TODO | 1 - src/resolve/resolved-dns-rr.c | 30 +++++++++++++++++++++++++++--- 2 files changed, 27 insertions(+), 4 deletions(-) diff --git a/TODO b/TODO index 17295fe383..b3406dd6dd 100644 --- a/TODO +++ b/TODO @@ -343,7 +343,6 @@ Features: we always process them before we process client requests - DNSSEC - add display of private key types (http://tools.ietf.org/html/rfc4034#appendix-A.1.1)? - - add nice formatting of DNS timestamps - DNS - search paths - mDNS/DNS-SD diff --git a/src/resolve/resolved-dns-rr.c b/src/resolve/resolved-dns-rr.c index f46f8689c3..44716448aa 100644 --- a/src/resolve/resolved-dns-rr.c +++ b/src/resolve/resolved-dns-rr.c @@ -474,6 +474,21 @@ static char* format_location(uint32_t latitude, uint32_t longitude, uint32_t alt return s; } +static int format_timestamp_dns(char *buf, size_t l, time_t sec) { + struct tm tm; + + assert(buf); + assert(l > strlen("YYYYMMDDHHmmSS")); + + if (!gmtime_r(&sec, &tm)) + return -EINVAL; + + if (strftime(buf, l, "%Y%m%d%H%M%S", &tm) <= 0) + return -EINVAL; + + return 0; +} + int dns_resource_record_to_string(const DnsResourceRecord *rr, char **ret) { _cleanup_free_ char *k = NULL, *t = NULL; char *s; @@ -625,6 +640,7 @@ int dns_resource_record_to_string(const DnsResourceRecord *rr, char **ret) { case DNS_TYPE_RRSIG: { const char *type, *alg; + char expiration[strlen("YYYYMMDDHHmmSS") + 1], inception[strlen("YYYYMMDDHHmmSS") + 1]; type = dns_type_to_string(rr->rrsig.type_covered); alg = dnssec_algorithm_to_string(rr->rrsig.algorithm); @@ -633,10 +649,18 @@ int dns_resource_record_to_string(const DnsResourceRecord *rr, char **ret) { if (!t) return -ENOMEM; + r = format_timestamp_dns(expiration, sizeof(expiration), rr->rrsig.expiration); + if (r < 0) + return r; + + r = format_timestamp_dns(inception, sizeof(inception), rr->rrsig.inception); + if (r < 0) + return r; + /* TYPE?? follows * http://tools.ietf.org/html/rfc3597#section-5 */ - r = asprintf(&s, "%s %s%.*u %.*s%.*u %u %u %u %u %u %s %s", + r = asprintf(&s, "%s %s%.*u %.*s%.*u %u %u %s %s %u %s %s", k, type ?: "TYPE", type ? 0 : 1, type ? 0u : (unsigned) rr->rrsig.type_covered, @@ -644,8 +668,8 @@ int dns_resource_record_to_string(const DnsResourceRecord *rr, char **ret) { alg ? 0 : 1, alg ? 0u : (unsigned) rr->rrsig.algorithm, rr->rrsig.labels, rr->rrsig.original_ttl, - rr->rrsig.expiration, - rr->rrsig.inception, + expiration, + inception, rr->rrsig.key_tag, rr->rrsig.signer, t); From abf126a355e2f2b62b6c51ab3bb37895d1e3eee7 Mon Sep 17 00:00:00 2001 From: Tom Gundersen Date: Mon, 13 Jul 2015 01:51:03 +0200 Subject: [PATCH 3/4] resolved: rr - add DS support Needed for DNSSEC. --- src/resolve/resolved-dns-packet.c | 36 +++++++++++++++++++++++++++++++ src/resolve/resolved-dns-rr.c | 26 ++++++++++++++++++++++ src/resolve/resolved-dns-rr.h | 8 +++++++ 3 files changed, 70 insertions(+) diff --git a/src/resolve/resolved-dns-packet.c b/src/resolve/resolved-dns-packet.c index fa0516f8a0..ea7975a094 100644 --- a/src/resolve/resolved-dns-packet.c +++ b/src/resolve/resolved-dns-packet.c @@ -652,6 +652,22 @@ int dns_packet_append_rr(DnsPacket *p, const DnsResourceRecord *rr, size_t *star r = dns_packet_append_uint32(p, rr->loc.altitude, NULL); break; + case DNS_TYPE_DS: + r = dns_packet_append_uint16(p, rr->ds.key_tag, NULL); + if (r < 0) + goto fail; + + r = dns_packet_append_uint8(p, rr->ds.algorithm, NULL); + if (r < 0) + goto fail; + + r = dns_packet_append_uint8(p, rr->ds.digest_type, NULL); + if (r < 0) + goto fail; + + r = dns_packet_append_blob(p, rr->ds.digest, rr->ds.digest_size, NULL); + break; + case DNS_TYPE_SSHFP: r = dns_packet_append_uint8(p, rr->sshfp.algorithm, NULL); if (r < 0) @@ -1262,6 +1278,26 @@ int dns_packet_read_rr(DnsPacket *p, DnsResourceRecord **ret, size_t *start) { } } + case DNS_TYPE_DS: + r = dns_packet_read_uint16(p, &rr->ds.key_tag, NULL); + if (r < 0) + goto fail; + + r = dns_packet_read_uint8(p, &rr->ds.algorithm, NULL); + if (r < 0) + goto fail; + + r = dns_packet_read_uint8(p, &rr->ds.digest_type, NULL); + if (r < 0) + goto fail; + + r = dns_packet_read_public_key(p, rdlength - 4, + &rr->ds.digest, &rr->ds.digest_size, + NULL); + if (r < 0) + goto fail; + + break; case DNS_TYPE_SSHFP: r = dns_packet_read_uint8(p, &rr->sshfp.algorithm, NULL); if (r < 0) diff --git a/src/resolve/resolved-dns-rr.c b/src/resolve/resolved-dns-rr.c index 44716448aa..dd3e44f6de 100644 --- a/src/resolve/resolved-dns-rr.c +++ b/src/resolve/resolved-dns-rr.c @@ -271,6 +271,10 @@ DnsResourceRecord* dns_resource_record_unref(DnsResourceRecord *rr) { free(rr->mx.exchange); break; + case DNS_TYPE_DS: + free(rr->ds.digest); + break; + case DNS_TYPE_SSHFP: free(rr->sshfp.key); break; @@ -409,6 +413,13 @@ int dns_resource_record_equal(const DnsResourceRecord *a, const DnsResourceRecor a->loc.longitude == b->loc.longitude && a->loc.altitude == b->loc.altitude; + case DNS_TYPE_DS: + return a->ds.key_tag == b->ds.key_tag && + a->ds.algorithm == b->ds.algorithm && + a->ds.digest_type == b->ds.digest_type && + a->ds.digest_size == b->ds.digest_size && + memcmp(a->ds.digest, b->ds.digest, a->ds.digest_size) == 0; + case DNS_TYPE_SSHFP: return a->sshfp.algorithm == b->sshfp.algorithm && a->sshfp.fptype == b->sshfp.fptype && @@ -604,6 +615,21 @@ int dns_resource_record_to_string(const DnsResourceRecord *rr, char **ret) { return -ENOMEM; break; + case DNS_TYPE_DS: + t = hexmem(rr->ds.digest, rr->ds.digest_size); + if (!t) + return -ENOMEM; + + r = asprintf(&s, "%s %u %u %u %s", + k, + rr->ds.key_tag, + rr->ds.algorithm, + rr->ds.digest_type, + t); + if (r < 0) + return -ENOMEM; + break; + case DNS_TYPE_SSHFP: t = hexmem(rr->sshfp.key, rr->sshfp.key_size); if (!t) diff --git a/src/resolve/resolved-dns-rr.h b/src/resolve/resolved-dns-rr.h index 26796c842b..b375d6b9fc 100644 --- a/src/resolve/resolved-dns-rr.h +++ b/src/resolve/resolved-dns-rr.h @@ -108,6 +108,14 @@ struct DnsResourceRecord { uint32_t altitude; } loc; + struct { + uint16_t key_tag; + uint8_t algorithm; + uint8_t digest_type; + void *digest; + size_t digest_size; + } ds; + struct { uint8_t algorithm; uint8_t fptype; From d23a27a964748967e1ad20e86de869a753af555b Mon Sep 17 00:00:00 2001 From: Tom Gundersen Date: Tue, 14 Jul 2015 04:32:29 +0200 Subject: [PATCH 4/4] resolved: improve printing of unknown RRs This implements the recommendations from RFC3597. --- src/resolve/resolved-dns-rr.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/resolve/resolved-dns-rr.c b/src/resolve/resolved-dns-rr.c index dd3e44f6de..676b77713e 100644 --- a/src/resolve/resolved-dns-rr.c +++ b/src/resolve/resolved-dns-rr.c @@ -171,19 +171,19 @@ const struct hash_ops dns_resource_key_hash_ops = { }; int dns_resource_key_to_string(const DnsResourceKey *key, char **ret) { - char cbuf[DECIMAL_STR_MAX(uint16_t)], tbuf[DECIMAL_STR_MAX(uint16_t)]; + char cbuf[strlen("CLASS") + DECIMAL_STR_MAX(uint16_t)], tbuf[strlen("TYPE") + DECIMAL_STR_MAX(uint16_t)]; const char *c, *t; char *s; c = dns_class_to_string(key->class); if (!c) { - sprintf(cbuf, "%i", key->class); + sprintf(cbuf, "CLASS%u", key->class); c = cbuf; } t = dns_type_to_string(key->type); if (!t){ - sprintf(tbuf, "%i", key->type); + sprintf(tbuf, "TYPE%u", key->type); t = tbuf; } @@ -709,8 +709,8 @@ int dns_resource_record_to_string(const DnsResourceRecord *rr, char **ret) { if (!t) return -ENOMEM; - s = strjoin(k, " ", t, NULL); - if (!s) + r = asprintf(&s, "%s \\# %"PRIu8" %s", k, rr->generic.size, t); + if (r < 0) return -ENOMEM; break; }