picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

Replace DNS_RESOURCE_KEY_NAME with a version which always returns "." for root

Browse source 
This fixes formatting of root domain in debug messages:
Old:
systemd-resolved[10049]: Requesting DS to validate transaction 19313 (., DNSKEY with key tag: 19036).
New:
systemd-resolved[10049]: Requesting DS to validate transaction 19313 (, DNSKEY with key tag: 19036).
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2016-02-13 14:54:15 -05:00
parent c690b20a85
commit 1c02e7ba55
15 changed files with 155 additions and 140 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
src/resolve/resolved-bus.c
View file

@ -202,7 +202,7 @@ static void bus_method_resolve_hostname_complete(DnsQuery *q) {
/* The key names are not necessarily normalized, make sure that they are when we return them to our bus /* The key names are not necessarily normalized, make sure that they are when we return them to our bus
* clients. */ * clients. */
r = dns_name_normalize(DNS_RESOURCE_KEY_NAME(canonical->key), &normalized); r = dns_name_normalize(dns_resource_key_name(canonical->key), &normalized);
if (r < 0) if (r < 0)
goto finish; goto finish;
@ -797,7 +797,7 @@ static int append_srv(DnsQuery *q, sd_bus_message *reply, DnsResourceRecord *rr)
if (canonical) { if (canonical) {
normalized = mfree(normalized); normalized = mfree(normalized);
r = dns_name_normalize(DNS_RESOURCE_KEY_NAME(canonical->key), &normalized); r = dns_name_normalize(dns_resource_key_name(canonical->key), &normalized);
if (r < 0) if (r < 0)
return r; return r;
} }
@ -959,7 +959,7 @@ static void resolve_service_all_complete(DnsQuery *q) {
goto finish; goto finish;
assert(canonical); assert(canonical);
r = dns_service_split(DNS_RESOURCE_KEY_NAME(canonical->key), &name, &type, &domain); r = dns_service_split(dns_resource_key_name(canonical->key), &name, &type, &domain);
if (r < 0) if (r < 0)
goto finish; goto finish;

8
src/resolve/resolved-dns-answer.c
View file

@ -330,7 +330,7 @@ int dns_answer_contains_zone_nsec3(DnsAnswer *answer, const char *zone) {
if (rr->key->type != DNS_TYPE_NSEC3) if (rr->key->type != DNS_TYPE_NSEC3)
continue; continue;
p = DNS_RESOURCE_KEY_NAME(rr->key); p = dns_resource_key_name(rr->key);
r = dns_name_parent(&p); r = dns_name_parent(&p);
if (r < 0) if (r < 0)
return r; return r;
@ -363,7 +363,7 @@ int dns_answer_find_soa(DnsAnswer *a, const DnsResourceKey *key, DnsResourceReco
if (r > 0) { if (r > 0) {
if (soa) { if (soa) {
r = dns_name_endswith(DNS_RESOURCE_KEY_NAME(rr->key), DNS_RESOURCE_KEY_NAME(soa->key)); r = dns_name_endswith(dns_resource_key_name(rr->key), dns_resource_key_name(soa->key));
if (r < 0) if (r < 0)
return r; return r;
if (r > 0) if (r > 0)
@ -840,13 +840,13 @@ bool dns_answer_has_dname_for_cname(DnsAnswer *a, DnsResourceRecord *cname) {
if (rr->key->class != cname->key->class) if (rr->key->class != cname->key->class)
continue; continue;
r = dns_name_change_suffix(cname->cname.name, rr->dname.name, DNS_RESOURCE_KEY_NAME(rr->key), &n); r = dns_name_change_suffix(cname->cname.name, rr->dname.name, dns_resource_key_name(rr->key), &n);
if (r < 0) if (r < 0)
return r; return r;
if (r == 0) if (r == 0)
continue; continue;
r = dns_name_equal(n, DNS_RESOURCE_KEY_NAME(cname->key)); r = dns_name_equal(n, dns_resource_key_name(cname->key));
if (r < 0) if (r < 0)
return r; return r;
if (r > 0) if (r > 0)

4
src/resolve/resolved-dns-cache.c
View file

@ -524,7 +524,7 @@ static int dns_cache_put_negative(
if (i->type == DNS_CACHE_NXDOMAIN) { if (i->type == DNS_CACHE_NXDOMAIN) {
/* NXDOMAIN entries should apply equally to all types, so we use ANY as /* NXDOMAIN entries should apply equally to all types, so we use ANY as
* a pseudo type for this purpose here. */ * a pseudo type for this purpose here. */
i->key = dns_resource_key_new(key->class, DNS_TYPE_ANY, DNS_RESOURCE_KEY_NAME(key)); i->key = dns_resource_key_new(key->class, DNS_TYPE_ANY, dns_resource_key_name(key));
if (!i->key) if (!i->key)
return -ENOMEM; return -ENOMEM;
@ -759,7 +759,7 @@ static DnsCacheItem *dns_cache_get_by_key_follow_cname_dname_nsec(DnsCache *c, D
if (i) if (i)
return i; return i;
n = DNS_RESOURCE_KEY_NAME(k); n = dns_resource_key_name(k);
/* Check if we have an NXDOMAIN cache item for the name, notice that we use /* Check if we have an NXDOMAIN cache item for the name, notice that we use
* the pseudo-type ANY for NXDOMAIN cache items. */ * the pseudo-type ANY for NXDOMAIN cache items. */

52
src/resolve/resolved-dns-dnssec.c
View file

@ -467,7 +467,7 @@ static int dnssec_rrsig_prepare(DnsResourceRecord *rrsig) {
if (rrsig->rrsig.inception > rrsig->rrsig.expiration) if (rrsig->rrsig.inception > rrsig->rrsig.expiration)
return -EINVAL; return -EINVAL;
name = DNS_RESOURCE_KEY_NAME(rrsig->key); name = dns_resource_key_name(rrsig->key);
n_key_labels = dns_name_count_labels(name); n_key_labels = dns_name_count_labels(name);
if (n_key_labels < 0) if (n_key_labels < 0)
@ -651,7 +651,7 @@ int dnssec_verify_rrset(
return 0; return 0;
} }
name = DNS_RESOURCE_KEY_NAME(key); name = dns_resource_key_name(key);
/* Some keys may only appear signed in the zone apex, and are invalid anywhere else. (SOA, NS...) */ /* Some keys may only appear signed in the zone apex, and are invalid anywhere else. (SOA, NS...) */
if (dns_type_apex_only(rrsig->rrsig.type_covered)) { if (dns_type_apex_only(rrsig->rrsig.type_covered)) {
@ -851,7 +851,7 @@ int dnssec_rrsig_match_dnskey(DnsResourceRecord *rrsig, DnsResourceRecord *dnske
if (dnssec_keytag(dnskey, false) != rrsig->rrsig.key_tag) if (dnssec_keytag(dnskey, false) != rrsig->rrsig.key_tag)
return 0; return 0;
return dns_name_equal(DNS_RESOURCE_KEY_NAME(dnskey->key), rrsig->rrsig.signer); return dns_name_equal(dns_resource_key_name(dnskey->key), rrsig->rrsig.signer);
} }
int dnssec_key_match_rrsig(const DnsResourceKey *key, DnsResourceRecord *rrsig) { int dnssec_key_match_rrsig(const DnsResourceKey *key, DnsResourceRecord *rrsig) {
@ -867,7 +867,7 @@ int dnssec_key_match_rrsig(const DnsResourceKey *key, DnsResourceRecord *rrsig)
if (rrsig->rrsig.type_covered != key->type) if (rrsig->rrsig.type_covered != key->type)
return 0; return 0;
return dns_name_equal(DNS_RESOURCE_KEY_NAME(rrsig->key), DNS_RESOURCE_KEY_NAME(key)); return dns_name_equal(dns_resource_key_name(rrsig->key), dns_resource_key_name(key));
} }
int dnssec_verify_rrset_search( int dnssec_verify_rrset_search(
@ -1070,7 +1070,7 @@ int dnssec_verify_dnskey_by_ds(DnsResourceRecord *dnskey, DnsResourceRecord *ds,
if (ds->ds.digest_size != hash_size) if (ds->ds.digest_size != hash_size)
return 0; return 0;
r = dnssec_canonicalize(DNS_RESOURCE_KEY_NAME(dnskey->key), owner_name, sizeof(owner_name)); r = dnssec_canonicalize(dns_resource_key_name(dnskey->key), owner_name, sizeof(owner_name));
if (r < 0) if (r < 0)
return r; return r;
@ -1120,7 +1120,7 @@ int dnssec_verify_dnskey_by_ds_search(DnsResourceRecord *dnskey, DnsAnswer *vali
if (ds->key->class != dnskey->key->class) if (ds->key->class != dnskey->key->class)
continue; continue;
r = dns_name_equal(DNS_RESOURCE_KEY_NAME(dnskey->key), DNS_RESOURCE_KEY_NAME(ds->key)); r = dns_name_equal(dns_resource_key_name(dnskey->key), dns_resource_key_name(ds->key));
if (r < 0) if (r < 0)
return r; return r;
if (r == 0) if (r == 0)
@ -1272,14 +1272,14 @@ static int nsec3_is_good(DnsResourceRecord *rr, DnsResourceRecord *nsec3) {
if (memcmp(rr->nsec3.salt, nsec3->nsec3.salt, rr->nsec3.salt_size) != 0) if (memcmp(rr->nsec3.salt, nsec3->nsec3.salt, rr->nsec3.salt_size) != 0)
return 0; return 0;
a = DNS_RESOURCE_KEY_NAME(rr->key); a = dns_resource_key_name(rr->key);
r = dns_name_parent(&a); /* strip off hash */ r = dns_name_parent(&a); /* strip off hash */
if (r < 0) if (r < 0)
return r; return r;
if (r == 0) if (r == 0)
return 0; return 0;
b = DNS_RESOURCE_KEY_NAME(nsec3->key); b = dns_resource_key_name(nsec3->key);
r = dns_name_parent(&b); /* strip off hash */ r = dns_name_parent(&b); /* strip off hash */
if (r < 0) if (r < 0)
return r; return r;
@ -1353,7 +1353,7 @@ static int dnssec_test_nsec3(DnsAnswer *answer, DnsResourceKey *key, DnssecNsecR
* any NSEC3 RR in the response. Any NSEC3 record will do as all NSEC3 * any NSEC3 RR in the response. Any NSEC3 record will do as all NSEC3
* records from a given zone in a response must use the same * records from a given zone in a response must use the same
* parameters. */ * parameters. */
zone = DNS_RESOURCE_KEY_NAME(key); zone = dns_resource_key_name(key);
for (;;) { for (;;) {
DNS_ANSWER_FOREACH_FLAGS(zone_rr, flags, answer) { DNS_ANSWER_FOREACH_FLAGS(zone_rr, flags, answer) {
r = nsec3_is_good(zone_rr, NULL); r = nsec3_is_good(zone_rr, NULL);
@ -1362,7 +1362,7 @@ static int dnssec_test_nsec3(DnsAnswer *answer, DnsResourceKey *key, DnssecNsecR
if (r == 0) if (r == 0)
continue; continue;
r = dns_name_equal_skip(DNS_RESOURCE_KEY_NAME(zone_rr->key), 1, zone); r = dns_name_equal_skip(dns_resource_key_name(zone_rr->key), 1, zone);
if (r < 0) if (r < 0)
return r; return r;
if (r > 0) if (r > 0)
@ -1382,7 +1382,7 @@ static int dnssec_test_nsec3(DnsAnswer *answer, DnsResourceKey *key, DnssecNsecR
found_zone: found_zone:
/* Second step, find the closest encloser NSEC3 RR in 'answer' that matches 'key' */ /* Second step, find the closest encloser NSEC3 RR in 'answer' that matches 'key' */
p = DNS_RESOURCE_KEY_NAME(key); p = dns_resource_key_name(key);
for (;;) { for (;;) {
_cleanup_free_ char *hashed_domain = NULL; _cleanup_free_ char *hashed_domain = NULL;
@ -1405,7 +1405,7 @@ found_zone:
if (enclosure_rr->nsec3.next_hashed_name_size != (size_t) hashed_size) if (enclosure_rr->nsec3.next_hashed_name_size != (size_t) hashed_size)
continue; continue;
r = dns_name_equal(DNS_RESOURCE_KEY_NAME(enclosure_rr->key), hashed_domain); r = dns_name_equal(dns_resource_key_name(enclosure_rr->key), hashed_domain);
if (r < 0) if (r < 0)
return r; return r;
if (r > 0) { if (r > 0) {
@ -1504,7 +1504,7 @@ found_closest_encloser:
if (r < 0) if (r < 0)
return r; return r;
r = dns_name_between(DNS_RESOURCE_KEY_NAME(rr->key), next_closer_domain, next_hashed_domain); r = dns_name_between(dns_resource_key_name(rr->key), next_closer_domain, next_hashed_domain);
if (r < 0) if (r < 0)
return r; return r;
if (r > 0) { if (r > 0) {
@ -1516,7 +1516,7 @@ found_closest_encloser:
no_closer = true; no_closer = true;
} }
r = dns_name_equal(DNS_RESOURCE_KEY_NAME(rr->key), wildcard_domain); r = dns_name_equal(dns_resource_key_name(rr->key), wildcard_domain);
if (r < 0) if (r < 0)
return r; return r;
if (r > 0) { if (r > 0) {
@ -1525,7 +1525,7 @@ found_closest_encloser:
wildcard_rr = rr; wildcard_rr = rr;
} }
r = dns_name_between(DNS_RESOURCE_KEY_NAME(rr->key), wildcard_domain, next_hashed_domain); r = dns_name_between(dns_resource_key_name(rr->key), wildcard_domain, next_hashed_domain);
if (r < 0) if (r < 0)
return r; return r;
if (r > 0) { if (r > 0) {
@ -1604,7 +1604,7 @@ static int dnssec_nsec_wildcard_equal(DnsResourceRecord *rr, const char *name) {
if (rr->n_skip_labels_source != 1) if (rr->n_skip_labels_source != 1)
return 0; return 0;
n = DNS_RESOURCE_KEY_NAME(rr->key); n = dns_resource_key_name(rr->key);
r = dns_label_unescape(&n, label, sizeof(label)); r = dns_label_unescape(&n, label, sizeof(label));
if (r <= 0) if (r <= 0)
return r; return r;
@ -1643,7 +1643,7 @@ static int dnssec_nsec_in_path(DnsResourceRecord *rr, const char *name) {
return r; return r;
/* If the name we we are interested in is not a prefix of the common suffix of the NSEC RR's owner and next domain names, then we can't say anything either. */ /* If the name we we are interested in is not a prefix of the common suffix of the NSEC RR's owner and next domain names, then we can't say anything either. */
r = dns_name_common_suffix(DNS_RESOURCE_KEY_NAME(rr->key), rr->nsec.next_domain_name, &common_suffix); r = dns_name_common_suffix(dns_resource_key_name(rr->key), rr->nsec.next_domain_name, &common_suffix);
if (r < 0) if (r < 0)
return r; return r;
@ -1662,7 +1662,7 @@ static int dnssec_nsec_from_parent_zone(DnsResourceRecord *rr, const char *name)
if (r <= 0) if (r <= 0)
return r; return r;
r = dns_name_equal(name, DNS_RESOURCE_KEY_NAME(rr->key)); r = dns_name_equal(name, dns_resource_key_name(rr->key));
if (r <= 0) if (r <= 0)
return r; return r;
@ -1685,7 +1685,7 @@ static int dnssec_nsec_covers(DnsResourceRecord *rr, const char *name) {
/* Checks whether the "Next Closer" is witin the space covered by the specified RR. */ /* Checks whether the "Next Closer" is witin the space covered by the specified RR. */
r = dns_name_common_suffix(DNS_RESOURCE_KEY_NAME(rr->key), rr->nsec.next_domain_name, &common_suffix); r = dns_name_common_suffix(dns_resource_key_name(rr->key), rr->nsec.next_domain_name, &common_suffix);
if (r < 0) if (r < 0)
return r; return r;
@ -1706,7 +1706,7 @@ static int dnssec_nsec_covers(DnsResourceRecord *rr, const char *name) {
/* p is now the "Next Closer". */ /* p is now the "Next Closer". */
return dns_name_between(DNS_RESOURCE_KEY_NAME(rr->key), p, rr->nsec.next_domain_name); return dns_name_between(dns_resource_key_name(rr->key), p, rr->nsec.next_domain_name);
} }
static int dnssec_nsec_covers_wildcard(DnsResourceRecord *rr, const char *name) { static int dnssec_nsec_covers_wildcard(DnsResourceRecord *rr, const char *name) {
@ -1725,7 +1725,7 @@ static int dnssec_nsec_covers_wildcard(DnsResourceRecord *rr, const char *name)
* NSEC yyy.zzz.xoo.bar bar: indicates that a number of wildcards don#t exist either... * NSEC yyy.zzz.xoo.bar bar: indicates that a number of wildcards don#t exist either...
*/ */
r = dns_name_common_suffix(DNS_RESOURCE_KEY_NAME(rr->key), rr->nsec.next_domain_name, &common_suffix); r = dns_name_common_suffix(dns_resource_key_name(rr->key), rr->nsec.next_domain_name, &common_suffix);
if (r < 0) if (r < 0)
return r; return r;
@ -1735,7 +1735,7 @@ static int dnssec_nsec_covers_wildcard(DnsResourceRecord *rr, const char *name)
return r; return r;
wc = strjoina("*.", common_suffix, NULL); wc = strjoina("*.", common_suffix, NULL);
return dns_name_between(DNS_RESOURCE_KEY_NAME(rr->key), wc, rr->nsec.next_domain_name); return dns_name_between(dns_resource_key_name(rr->key), wc, rr->nsec.next_domain_name);
} }
int dnssec_nsec_test(DnsAnswer *answer, DnsResourceKey *key, DnssecNsecResult *result, bool *authenticated, uint32_t *ttl) { int dnssec_nsec_test(DnsAnswer *answer, DnsResourceKey *key, DnssecNsecResult *result, bool *authenticated, uint32_t *ttl) {
@ -1750,7 +1750,7 @@ int dnssec_nsec_test(DnsAnswer *answer, DnsResourceKey *key, DnssecNsecResult *r
/* Look for any NSEC/NSEC3 RRs that say something about the specified key. */ /* Look for any NSEC/NSEC3 RRs that say something about the specified key. */
name = DNS_RESOURCE_KEY_NAME(key); name = dns_resource_key_name(key);
DNS_ANSWER_FOREACH_FLAGS(rr, flags, answer) { DNS_ANSWER_FOREACH_FLAGS(rr, flags, answer) {
@ -1770,7 +1770,7 @@ int dnssec_nsec_test(DnsAnswer *answer, DnsResourceKey *key, DnssecNsecResult *r
continue; continue;
/* Check if this is a direct match. If so, we have encountered a NODATA case */ /* Check if this is a direct match. If so, we have encountered a NODATA case */
r = dns_name_equal(DNS_RESOURCE_KEY_NAME(rr->key), name); r = dns_name_equal(dns_resource_key_name(rr->key), name);
if (r < 0) if (r < 0)
return r; return r;
if (r == 0) { if (r == 0) {
@ -1900,7 +1900,7 @@ static int dnssec_nsec_test_enclosed(DnsAnswer *answer, uint16_t type, const cha
if (r == 0) if (r == 0)
continue; continue;
r = dns_name_between(DNS_RESOURCE_KEY_NAME(rr->key), name, rr->nsec.next_domain_name); r = dns_name_between(dns_resource_key_name(rr->key), name, rr->nsec.next_domain_name);
if (r < 0) if (r < 0)
return r; return r;
@ -1943,7 +1943,7 @@ static int dnssec_nsec_test_enclosed(DnsAnswer *answer, uint16_t type, const cha
if (r < 0) if (r < 0)
return r; return r;
r = dns_name_between(DNS_RESOURCE_KEY_NAME(rr->key), hashed_domain, next_hashed_domain); r = dns_name_between(dns_resource_key_name(rr->key), hashed_domain, next_hashed_domain);
if (r < 0) if (r < 0)
return r; return r;

4
src/resolve/resolved-dns-packet.c
View file

@ -577,7 +577,7 @@ int dns_packet_append_key(DnsPacket *p, const DnsResourceKey *k, size_t *start)
saved_size = p->size; saved_size = p->size;
r = dns_packet_append_name(p, DNS_RESOURCE_KEY_NAME(k), true, true, NULL); r = dns_packet_append_name(p, dns_resource_key_name(k), true, true, NULL);
if (r < 0) if (r < 0)
goto fail; goto fail;
@ -2130,7 +2130,7 @@ int dns_packet_extract(DnsPacket *p) {
continue; continue;
} }
if (!dns_name_is_root(DNS_RESOURCE_KEY_NAME(rr->key))) { if (!dns_name_is_root(dns_resource_key_name(rr->key))) {
/* If the OPT RR is not owned by the root domain, then it is bad, let's ignore /* If the OPT RR is not owned by the root domain, then it is bad, let's ignore
* it. */ * it. */
log_debug("OPT RR is not owned by root domain, ignoring."); log_debug("OPT RR is not owned by root domain, ignoring.");

10
src/resolve/resolved-dns-question.c
View file

@ -145,7 +145,7 @@ int dns_question_is_valid_for_query(DnsQuestion *q) {
if (q->n_keys > 65535) if (q->n_keys > 65535)
return 0; return 0;
name = DNS_RESOURCE_KEY_NAME(q->keys[0]); name = dns_resource_key_name(q->keys[0]);
if (!name) if (!name)
return 0; return 0;
@ -154,7 +154,7 @@ int dns_question_is_valid_for_query(DnsQuestion *q) {
assert(q->keys[i]); assert(q->keys[i]);
if (i > 0) { if (i > 0) {
r = dns_name_equal(DNS_RESOURCE_KEY_NAME(q->keys[i]), name); r = dns_name_equal(dns_resource_key_name(q->keys[i]), name);
if (r <= 0) if (r <= 0)
return r; return r;
} }
@ -235,7 +235,7 @@ int dns_question_cname_redirect(DnsQuestion *q, const DnsResourceRecord *cname,
if (cname->key->type == DNS_TYPE_CNAME) if (cname->key->type == DNS_TYPE_CNAME)
d = cname->cname.name; d = cname->cname.name;
else { else {
r = dns_name_change_suffix(DNS_RESOURCE_KEY_NAME(key), DNS_RESOURCE_KEY_NAME(cname->key), cname->dname.name, &destination); r = dns_name_change_suffix(dns_resource_key_name(key), dns_resource_key_name(cname->key), cname->dname.name, &destination);
if (r < 0) if (r < 0)
return r; return r;
if (r == 0) if (r == 0)
@ -244,7 +244,7 @@ int dns_question_cname_redirect(DnsQuestion *q, const DnsResourceRecord *cname,
d = destination; d = destination;
} }
r = dns_name_equal(DNS_RESOURCE_KEY_NAME(key), d); r = dns_name_equal(dns_resource_key_name(key), d);
if (r < 0) if (r < 0)
return r; return r;
@ -291,7 +291,7 @@ const char *dns_question_first_name(DnsQuestion *q) {
if (q->n_keys < 1) if (q->n_keys < 1)
return NULL; return NULL;
return DNS_RESOURCE_KEY_NAME(q->keys[0]); return dns_resource_key_name(q->keys[0]);
} }
int dns_question_new_address(DnsQuestion **ret, int family, const char *name, bool convert_idna) { int dns_question_new_address(DnsQuestion **ret, int family, const char *name, bool convert_idna) {

56
src/resolve/resolved-dns-rr.c
View file

@ -66,7 +66,7 @@ DnsResourceKey* dns_resource_key_new_redirect(const DnsResourceKey *key, const D
DnsResourceKey *k; DnsResourceKey *k;
char *destination = NULL; char *destination = NULL;
r = dns_name_change_suffix(DNS_RESOURCE_KEY_NAME(key), DNS_RESOURCE_KEY_NAME(cname->key), cname->dname.name, &destination); r = dns_name_change_suffix(dns_resource_key_name(key), dns_resource_key_name(cname->key), cname->dname.name, &destination);
if (r < 0) if (r < 0)
return NULL; return NULL;
if (r == 0) if (r == 0)
@ -96,7 +96,7 @@ int dns_resource_key_new_append_suffix(DnsResourceKey **ret, DnsResourceKey *key
return 0; return 0;
} }
r = dns_name_concat(DNS_RESOURCE_KEY_NAME(key), name, &joined); r = dns_name_concat(dns_resource_key_name(key), name, &joined);
if (r < 0) if (r < 0)
return r; return r;
@ -158,6 +158,23 @@ DnsResourceKey* dns_resource_key_unref(DnsResourceKey *k) {
return NULL; return NULL;
} }
const char* dns_resource_key_name(const DnsResourceKey *key) {
const char *name;
if (!key)
return NULL;
if (key->_name)
name = key->_name;
else
name = (char*) key + sizeof(DnsResourceKey);
if (dns_name_is_root(name))
return ".";
else
return name;
}
bool dns_resource_key_is_address(const DnsResourceKey *key) { bool dns_resource_key_is_address(const DnsResourceKey *key) {
assert(key); assert(key);
@ -172,7 +189,7 @@ int dns_resource_key_equal(const DnsResourceKey *a, const DnsResourceKey *b) {
if (a == b) if (a == b)
return 1; return 1;
r = dns_name_equal(DNS_RESOURCE_KEY_NAME(a), DNS_RESOURCE_KEY_NAME(b)); r = dns_name_equal(dns_resource_key_name(a), dns_resource_key_name(b));
if (r <= 0) if (r <= 0)
return r; return r;
@ -204,18 +221,18 @@ int dns_resource_key_match_rr(const DnsResourceKey *key, DnsResourceRecord *rr,
if (rr->key->type != key->type && key->type != DNS_TYPE_ANY) if (rr->key->type != key->type && key->type != DNS_TYPE_ANY)
return 0; return 0;
r = dns_name_equal(DNS_RESOURCE_KEY_NAME(rr->key), DNS_RESOURCE_KEY_NAME(key)); r = dns_name_equal(dns_resource_key_name(rr->key), dns_resource_key_name(key));
if (r != 0) if (r != 0)
return r; return r;
if (search_domain) { if (search_domain) {
_cleanup_free_ char *joined = NULL; _cleanup_free_ char *joined = NULL;
r = dns_name_concat(DNS_RESOURCE_KEY_NAME(key), search_domain, &joined); r = dns_name_concat(dns_resource_key_name(key), search_domain, &joined);
if (r < 0) if (r < 0)
return r; return r;
return dns_name_equal(DNS_RESOURCE_KEY_NAME(rr->key), joined); return dns_name_equal(dns_resource_key_name(rr->key), joined);
} }
return 0; return 0;
@ -231,9 +248,9 @@ int dns_resource_key_match_cname_or_dname(const DnsResourceKey *key, const DnsRe
return 0; return 0;
if (cname->type == DNS_TYPE_CNAME) if (cname->type == DNS_TYPE_CNAME)
r = dns_name_equal(DNS_RESOURCE_KEY_NAME(key), DNS_RESOURCE_KEY_NAME(cname)); r = dns_name_equal(dns_resource_key_name(key), dns_resource_key_name(cname));
else if (cname->type == DNS_TYPE_DNAME) else if (cname->type == DNS_TYPE_DNAME)
r = dns_name_endswith(DNS_RESOURCE_KEY_NAME(key), DNS_RESOURCE_KEY_NAME(cname)); r = dns_name_endswith(dns_resource_key_name(key), dns_resource_key_name(cname));
else else
return 0; return 0;
@ -243,14 +260,14 @@ int dns_resource_key_match_cname_or_dname(const DnsResourceKey *key, const DnsRe
if (search_domain) { if (search_domain) {
_cleanup_free_ char *joined = NULL; _cleanup_free_ char *joined = NULL;
r = dns_name_concat(DNS_RESOURCE_KEY_NAME(key), search_domain, &joined); r = dns_name_concat(dns_resource_key_name(key), search_domain, &joined);
if (r < 0) if (r < 0)
return r; return r;
if (cname->type == DNS_TYPE_CNAME) if (cname->type == DNS_TYPE_CNAME)
return dns_name_equal(joined, DNS_RESOURCE_KEY_NAME(cname)); return dns_name_equal(joined, dns_resource_key_name(cname));
else if (cname->type == DNS_TYPE_DNAME) else if (cname->type == DNS_TYPE_DNAME)
return dns_name_endswith(joined, DNS_RESOURCE_KEY_NAME(cname)); return dns_name_endswith(joined, dns_resource_key_name(cname));
} }
return 0; return 0;
@ -268,7 +285,7 @@ int dns_resource_key_match_soa(const DnsResourceKey *key, const DnsResourceKey *
if (soa->type != DNS_TYPE_SOA) if (soa->type != DNS_TYPE_SOA)
return 0; return 0;
return dns_name_endswith(DNS_RESOURCE_KEY_NAME(key), DNS_RESOURCE_KEY_NAME(soa)); return dns_name_endswith(dns_resource_key_name(key), dns_resource_key_name(soa));
} }
static void dns_resource_key_hash_func(const void *i, struct siphash *state) { static void dns_resource_key_hash_func(const void *i, struct siphash *state) {
@ -276,7 +293,7 @@ static void dns_resource_key_hash_func(const void *i, struct siphash *state) {
assert(k); assert(k);
dns_name_hash_func(DNS_RESOURCE_KEY_NAME(k), state); dns_name_hash_func(dns_resource_key_name(k), state);
siphash24_compress(&k->class, sizeof(k->class), state); siphash24_compress(&k->class, sizeof(k->class), state);
siphash24_compress(&k->type, sizeof(k->type), state); siphash24_compress(&k->type, sizeof(k->type), state);
} }
@ -285,7 +302,7 @@ static int dns_resource_key_compare_func(const void *a, const void *b) {
const DnsResourceKey *x = a, *y = b; const DnsResourceKey *x = a, *y = b;
int ret; int ret;
ret = dns_name_compare_func(DNS_RESOURCE_KEY_NAME(x), DNS_RESOURCE_KEY_NAME(y)); ret = dns_name_compare_func(dns_resource_key_name(x), dns_resource_key_name(y));
if (ret != 0) if (ret != 0)
return ret; return ret;
@ -309,7 +326,7 @@ const struct hash_ops dns_resource_key_hash_ops = {
int dns_resource_key_to_string(const DnsResourceKey *key, char **ret) { int dns_resource_key_to_string(const DnsResourceKey *key, char **ret) {
char cbuf[strlen("CLASS") + DECIMAL_STR_MAX(uint16_t)], tbuf[strlen("TYPE") + DECIMAL_STR_MAX(uint16_t)]; char cbuf[strlen("CLASS") + DECIMAL_STR_MAX(uint16_t)], tbuf[strlen("TYPE") + DECIMAL_STR_MAX(uint16_t)];
const char *c, *t, *n; const char *c, *t;
char *s; char *s;
/* If we cannot convert the CLASS/TYPE into a known string, /* If we cannot convert the CLASS/TYPE into a known string,
@ -327,8 +344,7 @@ int dns_resource_key_to_string(const DnsResourceKey *key, char **ret) {
t = tbuf; t = tbuf;
} }
n = DNS_RESOURCE_KEY_NAME(key); if (asprintf(&s, "%s %s %-5s", dns_resource_key_name(key), c, t) < 0)
if (asprintf(&s, "%s%s %s %-5s", n, endswith(n, ".") ? "" : ".", c, t) < 0)
return -ENOMEM; return -ENOMEM;
*ret = s; *ret = s;
@ -1299,7 +1315,7 @@ int dns_resource_record_signer(DnsResourceRecord *rr, const char **ret) {
if (rr->n_skip_labels_signer == (unsigned) -1) if (rr->n_skip_labels_signer == (unsigned) -1)
return -ENODATA; return -ENODATA;
n = DNS_RESOURCE_KEY_NAME(rr->key); n = dns_resource_key_name(rr->key);
r = dns_name_skip(n, rr->n_skip_labels_signer, &n); r = dns_name_skip(n, rr->n_skip_labels_signer, &n);
if (r < 0) if (r < 0)
return r; return r;
@ -1322,7 +1338,7 @@ int dns_resource_record_source(DnsResourceRecord *rr, const char **ret) {
if (rr->n_skip_labels_source == (unsigned) -1) if (rr->n_skip_labels_source == (unsigned) -1)
return -ENODATA; return -ENODATA;
n = DNS_RESOURCE_KEY_NAME(rr->key); n = dns_resource_key_name(rr->key);
r = dns_name_skip(n, rr->n_skip_labels_source, &n); r = dns_name_skip(n, rr->n_skip_labels_source, &n);
if (r < 0) if (r < 0)
return r; return r;
@ -1362,7 +1378,7 @@ int dns_resource_record_is_synthetic(DnsResourceRecord *rr) {
if (rr->n_skip_labels_source > 1) if (rr->n_skip_labels_source > 1)
return 1; return 1;
r = dns_name_startswith(DNS_RESOURCE_KEY_NAME(rr->key), "*"); r = dns_name_startswith(dns_resource_key_name(rr->key), "*");
if (r < 0) if (r < 0)
return r; return r;

14
src/resolve/resolved-dns-rr.h
View file

@ -26,6 +26,7 @@
#include "hashmap.h" #include "hashmap.h"
#include "in-addr-util.h" #include "in-addr-util.h"
#include "list.h" #include "list.h"
#include "string-util.h"
typedef struct DnsResourceKey DnsResourceKey; typedef struct DnsResourceKey DnsResourceKey;
typedef struct DnsResourceRecord DnsResourceRecord; typedef struct DnsResourceRecord DnsResourceRecord;
@ -81,7 +82,7 @@ enum {
struct DnsResourceKey { struct DnsResourceKey {
unsigned n_ref; /* (unsigned -1) for const keys, see below */ unsigned n_ref; /* (unsigned -1) for const keys, see below */
uint16_t class, type; uint16_t class, type;
char *_name; /* don't access directy, use DNS_RESOURCE_KEY_NAME()! */ char *_name; /* don't access directy, use dns_resource_key_name()! */
}; };
/* Creates a temporary resource key. This is only useful to quickly /* Creates a temporary resource key. This is only useful to quickly
@ -260,16 +261,6 @@ struct DnsResourceRecord {
}; };
}; };
static inline const char* DNS_RESOURCE_KEY_NAME(const DnsResourceKey *key) {
if (!key)
return NULL;
if (key->_name)
return key->_name;
return (char*) key + sizeof(DnsResourceKey);
}
static inline const void* DNS_RESOURCE_RECORD_RDATA(DnsResourceRecord *rr) { static inline const void* DNS_RESOURCE_RECORD_RDATA(DnsResourceRecord *rr) {
if (!rr) if (!rr)
return NULL; return NULL;
@ -297,6 +288,7 @@ int dns_resource_key_new_append_suffix(DnsResourceKey **ret, DnsResourceKey *key
DnsResourceKey* dns_resource_key_new_consume(uint16_t class, uint16_t type, char *name); DnsResourceKey* dns_resource_key_new_consume(uint16_t class, uint16_t type, char *name);
DnsResourceKey* dns_resource_key_ref(DnsResourceKey *key); DnsResourceKey* dns_resource_key_ref(DnsResourceKey *key);
DnsResourceKey* dns_resource_key_unref(DnsResourceKey *key); DnsResourceKey* dns_resource_key_unref(DnsResourceKey *key);
const char* dns_resource_key_name(const DnsResourceKey *key);
bool dns_resource_key_is_address(const DnsResourceKey *key); bool dns_resource_key_is_address(const DnsResourceKey *key);
int dns_resource_key_equal(const DnsResourceKey *a, const DnsResourceKey *b); int dns_resource_key_equal(const DnsResourceKey *a, const DnsResourceKey *b);
int dns_resource_key_match_rr(const DnsResourceKey *key, DnsResourceRecord *rr, const char *search_domain); int dns_resource_key_match_rr(const DnsResourceKey *key, DnsResourceRecord *rr, const char *search_domain);

4
src/resolve/resolved-dns-scope.c
View file

@ -514,8 +514,8 @@ bool dns_scope_good_key(DnsScope *s, const DnsResourceKey *key) {
* that those should be resolved via LLMNR or search * that those should be resolved via LLMNR or search
* path only, and should not be leaked onto the * path only, and should not be leaked onto the
* internet. */ * internet. */
return !(dns_name_is_single_label(DNS_RESOURCE_KEY_NAME(key)) || return !(dns_name_is_single_label(dns_resource_key_name(key)) ||
dns_name_is_root(DNS_RESOURCE_KEY_NAME(key))); dns_name_is_root(dns_resource_key_name(key)));
} }
/* On mDNS and LLMNR, send A and AAAA queries only on the /* On mDNS and LLMNR, send A and AAAA queries only on the

14
src/resolve/resolved-dns-synthesize.c
View file

@ -86,7 +86,7 @@ static int synthesize_localhost_rr(Manager *m, const DnsResourceKey *key, int if
if (IN_SET(key->type, DNS_TYPE_A, DNS_TYPE_ANY)) { if (IN_SET(key->type, DNS_TYPE_A, DNS_TYPE_ANY)) {
_cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL; _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
rr = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_A, DNS_RESOURCE_KEY_NAME(key)); rr = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_A, dns_resource_key_name(key));
if (!rr) if (!rr)
return -ENOMEM; return -ENOMEM;
@ -100,7 +100,7 @@ static int synthesize_localhost_rr(Manager *m, const DnsResourceKey *key, int if
if (IN_SET(key->type, DNS_TYPE_AAAA, DNS_TYPE_ANY)) { if (IN_SET(key->type, DNS_TYPE_AAAA, DNS_TYPE_ANY)) {
_cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL; _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
rr = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_AAAA, DNS_RESOURCE_KEY_NAME(key)); rr = dns_resource_record_new_full(DNS_CLASS_IN, DNS_TYPE_AAAA, dns_resource_key_name(key));
if (!rr) if (!rr)
return -ENOMEM; return -ENOMEM;
@ -140,7 +140,7 @@ static int synthesize_localhost_ptr(Manager *m, const DnsResourceKey *key, int i
if (r < 0) if (r < 0)
return r; return r;
r = answer_add_ptr(answer, DNS_RESOURCE_KEY_NAME(key), "localhost", dns_synthesize_ifindex(ifindex), DNS_ANSWER_AUTHENTICATED); r = answer_add_ptr(answer, dns_resource_key_name(key), "localhost", dns_synthesize_ifindex(ifindex), DNS_ANSWER_AUTHENTICATED);
if (r < 0) if (r < 0)
return r; return r;
} }
@ -254,11 +254,11 @@ static int synthesize_system_hostname_rr(Manager *m, const DnsResourceKey *key,
.address.in6 = in6addr_loopback, .address.in6 = in6addr_loopback,
}; };
return answer_add_addresses_rr(answer, DNS_RESOURCE_KEY_NAME(key), buffer, n); return answer_add_addresses_rr(answer, dns_resource_key_name(key), buffer, n);
} }
} }
return answer_add_addresses_rr(answer, DNS_RESOURCE_KEY_NAME(key), addresses, n); return answer_add_addresses_rr(answer, dns_resource_key_name(key), addresses, n);
} }
static int synthesize_system_hostname_ptr(Manager *m, int af, const union in_addr_union *address, int ifindex, DnsAnswer **answer) { static int synthesize_system_hostname_ptr(Manager *m, int af, const union in_addr_union *address, int ifindex, DnsAnswer **answer) {
@ -319,7 +319,7 @@ static int synthesize_gateway_rr(Manager *m, const DnsResourceKey *key, int ifin
return n; return n;
} }
return answer_add_addresses_rr(answer, DNS_RESOURCE_KEY_NAME(key), addresses, n); return answer_add_addresses_rr(answer, dns_resource_key_name(key), addresses, n);
} }
static int synthesize_gateway_ptr(Manager *m, int af, const union in_addr_union *address, int ifindex, DnsAnswer **answer) { static int synthesize_gateway_ptr(Manager *m, int af, const union in_addr_union *address, int ifindex, DnsAnswer **answer) {
@ -360,7 +360,7 @@ int dns_synthesize_answer(
key->class != DNS_CLASS_ANY) key->class != DNS_CLASS_ANY)
continue; continue;
name = DNS_RESOURCE_KEY_NAME(key); name = dns_resource_key_name(key);
if (is_localhost(name)) { if (is_localhost(name)) {

79
src/resolve/resolved-dns-transaction.c
View file

@ -522,7 +522,7 @@ static int dns_transaction_open_tcp(DnsTransaction *t) {
* the IP address, in case this is a reverse * the IP address, in case this is a reverse
* PTR lookup */ * PTR lookup */
r = dns_name_address(DNS_RESOURCE_KEY_NAME(t->key), &family, &address); r = dns_name_address(dns_resource_key_name(t->key), &family, &address);
if (r < 0) if (r < 0)
return r; return r;
if (r == 0) if (r == 0)
@ -1209,7 +1209,7 @@ static int dns_transaction_prepare(DnsTransaction *t, usec_t ts) {
return 0; return 0;
} }
if (dns_name_is_root(DNS_RESOURCE_KEY_NAME(t->key)) && if (dns_name_is_root(dns_resource_key_name(t->key)) &&
t->key->type == DNS_TYPE_DS) { t->key->type == DNS_TYPE_DS) {
/* Hmm, this is a request for the root DS? A /* Hmm, this is a request for the root DS? A
@ -1494,8 +1494,8 @@ int dns_transaction_go(DnsTransaction *t) {
return r; return r;
if (t->scope->protocol == DNS_PROTOCOL_LLMNR && if (t->scope->protocol == DNS_PROTOCOL_LLMNR &&
(dns_name_endswith(DNS_RESOURCE_KEY_NAME(t->key), "in-addr.arpa") > 0 || (dns_name_endswith(dns_resource_key_name(t->key), "in-addr.arpa") > 0 ||
dns_name_endswith(DNS_RESOURCE_KEY_NAME(t->key), "ip6.arpa") > 0)) { dns_name_endswith(dns_resource_key_name(t->key), "ip6.arpa") > 0)) {
/* RFC 4795, Section 2.4. says reverse lookups shall /* RFC 4795, Section 2.4. says reverse lookups shall
* always be made via TCP on LLMNR */ * always be made via TCP on LLMNR */
@ -1708,7 +1708,7 @@ static int dns_transaction_has_unsigned_negative_answer(DnsTransaction *t) {
/* Is this key explicitly listed as a negative trust anchor? /* Is this key explicitly listed as a negative trust anchor?
* If so, it's nothing we need to care about */ * If so, it's nothing we need to care about */
r = dns_transaction_negative_trust_anchor_lookup(t, DNS_RESOURCE_KEY_NAME(t->key)); r = dns_transaction_negative_trust_anchor_lookup(t, dns_resource_key_name(t->key));
if (r < 0) if (r < 0)
return r; return r;
if (r > 0) if (r > 0)
@ -1816,7 +1816,7 @@ int dns_transaction_request_dnssec_keys(DnsTransaction *t) {
continue; continue;
/* If this RR is in the negative trust anchor, we don't need to validate it. */ /* If this RR is in the negative trust anchor, we don't need to validate it. */
r = dns_transaction_negative_trust_anchor_lookup(t, DNS_RESOURCE_KEY_NAME(rr->key)); r = dns_transaction_negative_trust_anchor_lookup(t, dns_resource_key_name(rr->key));
if (r < 0) if (r < 0)
return r; return r;
if (r > 0) if (r > 0)
@ -1833,7 +1833,7 @@ int dns_transaction_request_dnssec_keys(DnsTransaction *t) {
* already have the DNSKEY, and we don't have * already have the DNSKEY, and we don't have
* to look for more. */ * to look for more. */
if (rr->rrsig.type_covered == DNS_TYPE_DNSKEY) { if (rr->rrsig.type_covered == DNS_TYPE_DNSKEY) {
r = dns_name_equal(rr->rrsig.signer, DNS_RESOURCE_KEY_NAME(rr->key)); r = dns_name_equal(rr->rrsig.signer, dns_resource_key_name(rr->key));
if (r < 0) if (r < 0)
return r; return r;
if (r > 0) if (r > 0)
@ -1851,7 +1851,7 @@ int dns_transaction_request_dnssec_keys(DnsTransaction *t) {
* in another transaction whose additonal RRs * in another transaction whose additonal RRs
* point back to the original transaction, and * point back to the original transaction, and
* we deadlock. */ * we deadlock. */
r = dns_name_endswith(DNS_RESOURCE_KEY_NAME(t->key), rr->rrsig.signer); r = dns_name_endswith(dns_resource_key_name(t->key), rr->rrsig.signer);
if (r < 0) if (r < 0)
return r; return r;
if (r == 0) if (r == 0)
@ -1861,7 +1861,8 @@ int dns_transaction_request_dnssec_keys(DnsTransaction *t) {
if (!dnskey) if (!dnskey)
return -ENOMEM; return -ENOMEM;
log_debug("Requesting DNSKEY to validate transaction %" PRIu16" (%s, RRSIG with key tag: %" PRIu16 ").", t->id, DNS_RESOURCE_KEY_NAME(rr->key), rr->rrsig.key_tag); log_debug("Requesting DNSKEY to validate transaction %" PRIu16" (%s, RRSIG with key tag: %" PRIu16 ").",
t->id, dns_resource_key_name(rr->key), rr->rrsig.key_tag);
r = dns_transaction_request_dnssec_rr(t, dnskey); r = dns_transaction_request_dnssec_rr(t, dnskey);
if (r < 0) if (r < 0)
return r; return r;
@ -1879,17 +1880,18 @@ int dns_transaction_request_dnssec_keys(DnsTransaction *t) {
* up in request loops, and want to keep * up in request loops, and want to keep
* additional traffic down. */ * additional traffic down. */
r = dns_name_endswith(DNS_RESOURCE_KEY_NAME(t->key), DNS_RESOURCE_KEY_NAME(rr->key)); r = dns_name_endswith(dns_resource_key_name(t->key), dns_resource_key_name(rr->key));
if (r < 0) if (r < 0)
return r; return r;
if (r == 0) if (r == 0)
continue; continue;
ds = dns_resource_key_new(rr->key->class, DNS_TYPE_DS, DNS_RESOURCE_KEY_NAME(rr->key)); ds = dns_resource_key_new(rr->key->class, DNS_TYPE_DS, dns_resource_key_name(rr->key));
if (!ds) if (!ds)
return -ENOMEM; return -ENOMEM;
log_debug("Requesting DS to validate transaction %" PRIu16" (%s, DNSKEY with key tag: %" PRIu16 ").", t->id, DNS_RESOURCE_KEY_NAME(rr->key), dnssec_keytag(rr, false)); log_debug("Requesting DS to validate transaction %" PRIu16" (%s, DNSKEY with key tag: %" PRIu16 ").",
t->id, dns_resource_key_name(rr->key), dnssec_keytag(rr, false));
r = dns_transaction_request_dnssec_rr(t, ds); r = dns_transaction_request_dnssec_rr(t, ds);
if (r < 0) if (r < 0)
return r; return r;
@ -1920,11 +1922,12 @@ int dns_transaction_request_dnssec_keys(DnsTransaction *t) {
if (r > 0) if (r > 0)
continue; continue;
ds = dns_resource_key_new(rr->key->class, DNS_TYPE_DS, DNS_RESOURCE_KEY_NAME(rr->key)); ds = dns_resource_key_new(rr->key->class, DNS_TYPE_DS, dns_resource_key_name(rr->key));
if (!ds) if (!ds)
return -ENOMEM; return -ENOMEM;
log_debug("Requesting DS to validate transaction %" PRIu16 " (%s, unsigned SOA/NS RRset).", t->id, DNS_RESOURCE_KEY_NAME(rr->key)); log_debug("Requesting DS to validate transaction %" PRIu16 " (%s, unsigned SOA/NS RRset).",
t->id, dns_resource_key_name(rr->key));
r = dns_transaction_request_dnssec_rr(t, ds); r = dns_transaction_request_dnssec_rr(t, ds);
if (r < 0) if (r < 0)
return r; return r;
@ -1966,7 +1969,7 @@ int dns_transaction_request_dnssec_keys(DnsTransaction *t) {
if (r > 0) if (r > 0)
continue; continue;
name = DNS_RESOURCE_KEY_NAME(rr->key); name = dns_resource_key_name(rr->key);
r = dns_name_parent(&name); r = dns_name_parent(&name);
if (r < 0) if (r < 0)
return r; return r;
@ -1977,7 +1980,8 @@ int dns_transaction_request_dnssec_keys(DnsTransaction *t) {
if (!soa) if (!soa)
return -ENOMEM; return -ENOMEM;
log_debug("Requesting parent SOA to validate transaction %" PRIu16 " (%s, unsigned CNAME/DNAME/DS RRset).", t->id, DNS_RESOURCE_KEY_NAME(rr->key)); log_debug("Requesting parent SOA to validate transaction %" PRIu16 " (%s, unsigned CNAME/DNAME/DS RRset).",
t->id, dns_resource_key_name(rr->key));
r = dns_transaction_request_dnssec_rr(t, soa); r = dns_transaction_request_dnssec_rr(t, soa);
if (r < 0) if (r < 0)
return r; return r;
@ -2007,11 +2011,12 @@ int dns_transaction_request_dnssec_keys(DnsTransaction *t) {
if (r > 0) if (r > 0)
continue; continue;
soa = dns_resource_key_new(rr->key->class, DNS_TYPE_SOA, DNS_RESOURCE_KEY_NAME(rr->key)); soa = dns_resource_key_new(rr->key->class, DNS_TYPE_SOA, dns_resource_key_name(rr->key));
if (!soa) if (!soa)
return -ENOMEM; return -ENOMEM;
log_debug("Requesting SOA to validate transaction %" PRIu16 " (%s, unsigned non-SOA/NS RRset <%s>).", t->id, DNS_RESOURCE_KEY_NAME(rr->key), dns_resource_record_to_string(rr)); log_debug("Requesting SOA to validate transaction %" PRIu16 " (%s, unsigned non-SOA/NS RRset <%s>).",
t->id, dns_resource_key_name(rr->key), dns_resource_record_to_string(rr));
r = dns_transaction_request_dnssec_rr(t, soa); r = dns_transaction_request_dnssec_rr(t, soa);
if (r < 0) if (r < 0)
return r; return r;
@ -2029,7 +2034,7 @@ int dns_transaction_request_dnssec_keys(DnsTransaction *t) {
if (r > 0) { if (r > 0) {
const char *name; const char *name;
name = DNS_RESOURCE_KEY_NAME(t->key); name = dns_resource_key_name(t->key);
/* If this was a SOA or NS request, then this /* If this was a SOA or NS request, then this
* indicates that we are not at a zone apex, hence ask * indicates that we are not at a zone apex, hence ask
@ -2042,11 +2047,13 @@ int dns_transaction_request_dnssec_keys(DnsTransaction *t) {
if (r < 0) if (r < 0)
return r; return r;
if (r > 0) if (r > 0)
log_debug("Requesting parent SOA to validate transaction %" PRIu16 " (%s, unsigned empty SOA/NS/DS response).", t->id, DNS_RESOURCE_KEY_NAME(t->key)); log_debug("Requesting parent SOA to validate transaction %" PRIu16 " (%s, unsigned empty SOA/NS/DS response).",
t->id, dns_resource_key_name(t->key));
else else
name = NULL; name = NULL;
} else } else
log_debug("Requesting SOA to validate transaction %" PRIu16 " (%s, unsigned empty non-SOA/NS/DS response).", t->id, DNS_RESOURCE_KEY_NAME(t->key)); log_debug("Requesting SOA to validate transaction %" PRIu16 " (%s, unsigned empty non-SOA/NS/DS response).",
t->id, dns_resource_key_name(t->key));
if (name) { if (name) {
_cleanup_(dns_resource_key_unrefp) DnsResourceKey *soa = NULL; _cleanup_(dns_resource_key_unrefp) DnsResourceKey *soa = NULL;
@ -2118,7 +2125,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord *
if (dns_type_is_pseudo(rr->key->type)) if (dns_type_is_pseudo(rr->key->type))
return -EINVAL; return -EINVAL;
r = dns_transaction_negative_trust_anchor_lookup(t, DNS_RESOURCE_KEY_NAME(rr->key)); r = dns_transaction_negative_trust_anchor_lookup(t, dns_resource_key_name(rr->key));
if (r < 0) if (r < 0)
return r; return r;
if (r > 0) if (r > 0)
@ -2144,7 +2151,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord *
if (dt->key->type != DNS_TYPE_DS) if (dt->key->type != DNS_TYPE_DS)
continue; continue;
r = dns_name_equal(DNS_RESOURCE_KEY_NAME(dt->key), DNS_RESOURCE_KEY_NAME(rr->key)); r = dns_name_equal(dns_resource_key_name(dt->key), dns_resource_key_name(rr->key));
if (r < 0) if (r < 0)
return r; return r;
if (r == 0) if (r == 0)
@ -2187,7 +2194,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord *
continue; continue;
if (!parent) { if (!parent) {
parent = DNS_RESOURCE_KEY_NAME(rr->key); parent = dns_resource_key_name(rr->key);
r = dns_name_parent(&parent); r = dns_name_parent(&parent);
if (r < 0) if (r < 0)
return r; return r;
@ -2201,7 +2208,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord *
} }
} }
r = dns_name_equal(DNS_RESOURCE_KEY_NAME(dt->key), parent); r = dns_name_equal(dns_resource_key_name(dt->key), parent);
if (r < 0) if (r < 0)
return r; return r;
if (r == 0) if (r == 0)
@ -2226,7 +2233,7 @@ static int dns_transaction_requires_rrsig(DnsTransaction *t, DnsResourceRecord *
if (dt->key->type != DNS_TYPE_SOA) if (dt->key->type != DNS_TYPE_SOA)
continue; continue;
r = dns_name_equal(DNS_RESOURCE_KEY_NAME(dt->key), DNS_RESOURCE_KEY_NAME(rr->key)); r = dns_name_equal(dns_resource_key_name(dt->key), dns_resource_key_name(rr->key));
if (r < 0) if (r < 0)
return r; return r;
if (r == 0) if (r == 0)
@ -2273,7 +2280,7 @@ static int dns_transaction_in_private_tld(DnsTransaction *t, const DnsResourceKe
if (t->scope->dnssec_mode != DNSSEC_ALLOW_DOWNGRADE) if (t->scope->dnssec_mode != DNSSEC_ALLOW_DOWNGRADE)
return false; /* In strict DNSSEC mode what doesn't exist, doesn't exist */ return false; /* In strict DNSSEC mode what doesn't exist, doesn't exist */
tld = DNS_RESOURCE_KEY_NAME(key); tld = dns_resource_key_name(key);
r = dns_name_parent(&tld); r = dns_name_parent(&tld);
if (r < 0) if (r < 0)
return r; return r;
@ -2288,7 +2295,7 @@ static int dns_transaction_in_private_tld(DnsTransaction *t, const DnsResourceKe
if (dt->key->class != key->class) if (dt->key->class != key->class)
continue; continue;
r = dns_name_equal(DNS_RESOURCE_KEY_NAME(dt->key), tld); r = dns_name_equal(dns_resource_key_name(dt->key), tld);
if (r < 0) if (r < 0)
return r; return r;
if (r == 0) if (r == 0)
@ -2321,7 +2328,7 @@ static int dns_transaction_requires_nsec(DnsTransaction *t) {
if (dns_type_is_pseudo(t->key->type)) if (dns_type_is_pseudo(t->key->type))
return -EINVAL; return -EINVAL;
r = dns_transaction_negative_trust_anchor_lookup(t, DNS_RESOURCE_KEY_NAME(t->key)); r = dns_transaction_negative_trust_anchor_lookup(t, dns_resource_key_name(t->key));
if (r < 0) if (r < 0)
return r; return r;
if (r > 0) if (r > 0)
@ -2339,7 +2346,7 @@ static int dns_transaction_requires_nsec(DnsTransaction *t) {
return false; return false;
} }
name = DNS_RESOURCE_KEY_NAME(t->key); name = dns_resource_key_name(t->key);
if (IN_SET(t->key->type, DNS_TYPE_SOA, DNS_TYPE_NS, DNS_TYPE_DS)) { if (IN_SET(t->key->type, DNS_TYPE_SOA, DNS_TYPE_NS, DNS_TYPE_DS)) {
@ -2368,7 +2375,7 @@ static int dns_transaction_requires_nsec(DnsTransaction *t) {
if (dt->key->type != DNS_TYPE_SOA) if (dt->key->type != DNS_TYPE_SOA)
continue; continue;
r = dns_name_equal(DNS_RESOURCE_KEY_NAME(dt->key), name); r = dns_name_equal(dns_resource_key_name(dt->key), name);
if (r < 0) if (r < 0)
return r; return r;
if (r == 0) if (r == 0)
@ -2390,7 +2397,7 @@ static int dns_transaction_dnskey_authenticated(DnsTransaction *t, DnsResourceRe
* the specified RRset is authenticated (i.e. has a matching * the specified RRset is authenticated (i.e. has a matching
* DS RR). */ * DS RR). */
r = dns_transaction_negative_trust_anchor_lookup(t, DNS_RESOURCE_KEY_NAME(rr->key)); r = dns_transaction_negative_trust_anchor_lookup(t, dns_resource_key_name(rr->key));
if (r < 0) if (r < 0)
return r; return r;
if (r > 0) if (r > 0)
@ -2413,7 +2420,7 @@ static int dns_transaction_dnskey_authenticated(DnsTransaction *t, DnsResourceRe
if (dt->key->type == DNS_TYPE_DNSKEY) { if (dt->key->type == DNS_TYPE_DNSKEY) {
r = dns_name_equal(DNS_RESOURCE_KEY_NAME(dt->key), rrsig->rrsig.signer); r = dns_name_equal(dns_resource_key_name(dt->key), rrsig->rrsig.signer);
if (r < 0) if (r < 0)
return r; return r;
if (r == 0) if (r == 0)
@ -2430,7 +2437,7 @@ static int dns_transaction_dnskey_authenticated(DnsTransaction *t, DnsResourceRe
} else if (dt->key->type == DNS_TYPE_DS) { } else if (dt->key->type == DNS_TYPE_DS) {
r = dns_name_equal(DNS_RESOURCE_KEY_NAME(dt->key), rrsig->rrsig.signer); r = dns_name_equal(dns_resource_key_name(dt->key), rrsig->rrsig.signer);
if (r < 0) if (r < 0)
return r; return r;
if (r == 0) if (r == 0)
@ -2460,7 +2467,7 @@ static int dns_transaction_known_signed(DnsTransaction *t, DnsResourceRecord *rr
* not to be signed, there's a problem with the DNS server */ * not to be signed, there's a problem with the DNS server */
return rr->key->class == DNS_CLASS_IN && return rr->key->class == DNS_CLASS_IN &&
dns_name_is_root(DNS_RESOURCE_KEY_NAME(rr->key)); dns_name_is_root(dns_resource_key_name(rr->key));
} }
static int dns_transaction_check_revoked_trust_anchors(DnsTransaction *t) { static int dns_transaction_check_revoked_trust_anchors(DnsTransaction *t) {
@ -2642,7 +2649,7 @@ static int dnssec_validate_records(
return r; return r;
r = dnssec_test_positive_wildcard(*validated, r = dnssec_test_positive_wildcard(*validated,
DNS_RESOURCE_KEY_NAME(rr->key), dns_resource_key_name(rr->key),
source, source,
rrsig->rrsig.signer, rrsig->rrsig.signer,
&authenticated); &authenticated);

4
src/resolve/resolved-dns-trust-anchor.c
View file

@ -651,7 +651,7 @@ static int dns_trust_anchor_check_revoked_one(DnsTrustAnchor *d, DnsResourceReco
} }
} }
a = hashmap_get(d->positive_by_key, &DNS_RESOURCE_KEY_CONST(revoked_dnskey->key->class, DNS_TYPE_DS, DNS_RESOURCE_KEY_NAME(revoked_dnskey->key))); a = hashmap_get(d->positive_by_key, &DNS_RESOURCE_KEY_CONST(revoked_dnskey->key->class, DNS_TYPE_DS, dns_resource_key_name(revoked_dnskey->key)));
if (a) { if (a) {
DnsResourceRecord *anchor; DnsResourceRecord *anchor;
@ -698,7 +698,7 @@ int dns_trust_anchor_check_revoked(DnsTrustAnchor *d, DnsResourceRecord *dnskey,
/* Could this be interesting to us at all? If not, /* Could this be interesting to us at all? If not,
* there's no point in looking for and verifying a * there's no point in looking for and verifying a
* self-signed RRSIG. */ * self-signed RRSIG. */
if (!dns_trust_anchor_knows_domain_positive(d, DNS_RESOURCE_KEY_NAME(dnskey->key))) if (!dns_trust_anchor_knows_domain_positive(d, dns_resource_key_name(dnskey->key)))
return 0; return 0;
/* Look for a self-signed RRSIG in the other rrs belonging to this DNSKEY */ /* Look for a self-signed RRSIG in the other rrs belonging to this DNSKEY */

34
src/resolve/resolved-dns-zone.c
View file

@ -68,12 +68,12 @@ static void dns_zone_item_remove_and_free(DnsZone *z, DnsZoneItem *i) {
else else
hashmap_remove(z->by_key, i->rr->key); hashmap_remove(z->by_key, i->rr->key);
first = hashmap_get(z->by_name, DNS_RESOURCE_KEY_NAME(i->rr->key)); first = hashmap_get(z->by_name, dns_resource_key_name(i->rr->key));
LIST_REMOVE(by_name, first, i); LIST_REMOVE(by_name, first, i);
if (first) if (first)
assert_se(hashmap_replace(z->by_name, DNS_RESOURCE_KEY_NAME(first->rr->key), first) >= 0); assert_se(hashmap_replace(z->by_name, dns_resource_key_name(first->rr->key), first) >= 0);
else else
hashmap_remove(z->by_name, DNS_RESOURCE_KEY_NAME(i->rr->key)); hashmap_remove(z->by_name, dns_resource_key_name(i->rr->key));
dns_zone_item_free(i); dns_zone_item_free(i);
} }
@ -147,12 +147,12 @@ static int dns_zone_link_item(DnsZone *z, DnsZoneItem *i) {
return r; return r;
} }
first = hashmap_get(z->by_name, DNS_RESOURCE_KEY_NAME(i->rr->key)); first = hashmap_get(z->by_name, dns_resource_key_name(i->rr->key));
if (first) { if (first) {
LIST_PREPEND(by_name, first, i); LIST_PREPEND(by_name, first, i);
assert_se(hashmap_replace(z->by_name, DNS_RESOURCE_KEY_NAME(first->rr->key), first) >= 0); assert_se(hashmap_replace(z->by_name, dns_resource_key_name(first->rr->key), first) >= 0);
} else { } else {
r = hashmap_put(z->by_name, DNS_RESOURCE_KEY_NAME(i->rr->key), i); r = hashmap_put(z->by_name, dns_resource_key_name(i->rr->key), i);
if (r < 0) if (r < 0)
return r; return r;
} }
@ -169,11 +169,11 @@ static int dns_zone_item_probe_start(DnsZoneItem *i) {
if (i->probe_transaction) if (i->probe_transaction)
return 0; return 0;
t = dns_scope_find_transaction(i->scope, &DNS_RESOURCE_KEY_CONST(i->rr->key->class, DNS_TYPE_ANY, DNS_RESOURCE_KEY_NAME(i->rr->key)), false); t = dns_scope_find_transaction(i->scope, &DNS_RESOURCE_KEY_CONST(i->rr->key->class, DNS_TYPE_ANY, dns_resource_key_name(i->rr->key)), false);
if (!t) { if (!t) {
_cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL; _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL;
key = dns_resource_key_new(i->rr->key->class, DNS_TYPE_ANY, DNS_RESOURCE_KEY_NAME(i->rr->key)); key = dns_resource_key_new(i->rr->key->class, DNS_TYPE_ANY, dns_resource_key_name(i->rr->key));
if (!key) if (!key)
return -ENOMEM; return -ENOMEM;
@ -303,7 +303,7 @@ int dns_zone_lookup(DnsZone *z, DnsResourceKey *key, DnsAnswer **ret_answer, Dns
* go through the list by the name and look * go through the list by the name and look
* for everything manually */ * for everything manually */
first = hashmap_get(z->by_name, DNS_RESOURCE_KEY_NAME(key)); first = hashmap_get(z->by_name, dns_resource_key_name(key));
LIST_FOREACH(by_name, j, first) { LIST_FOREACH(by_name, j, first) {
if (!IN_SET(j->state, DNS_ZONE_ITEM_PROBING, DNS_ZONE_ITEM_ESTABLISHED, DNS_ZONE_ITEM_VERIFYING)) if (!IN_SET(j->state, DNS_ZONE_ITEM_PROBING, DNS_ZONE_ITEM_ESTABLISHED, DNS_ZONE_ITEM_VERIFYING))
continue; continue;
@ -339,7 +339,7 @@ int dns_zone_lookup(DnsZone *z, DnsResourceKey *key, DnsAnswer **ret_answer, Dns
} }
if (!found) { if (!found) {
first = hashmap_get(z->by_name, DNS_RESOURCE_KEY_NAME(key)); first = hashmap_get(z->by_name, dns_resource_key_name(key));
LIST_FOREACH(by_name, j, first) { LIST_FOREACH(by_name, j, first) {
if (!IN_SET(j->state, DNS_ZONE_ITEM_PROBING, DNS_ZONE_ITEM_ESTABLISHED, DNS_ZONE_ITEM_VERIFYING)) if (!IN_SET(j->state, DNS_ZONE_ITEM_PROBING, DNS_ZONE_ITEM_ESTABLISHED, DNS_ZONE_ITEM_VERIFYING))
continue; continue;
@ -370,7 +370,7 @@ int dns_zone_lookup(DnsZone *z, DnsResourceKey *key, DnsAnswer **ret_answer, Dns
bool found = false, added = false; bool found = false, added = false;
int k; int k;
first = hashmap_get(z->by_name, DNS_RESOURCE_KEY_NAME(key)); first = hashmap_get(z->by_name, dns_resource_key_name(key));
LIST_FOREACH(by_name, j, first) { LIST_FOREACH(by_name, j, first) {
if (!IN_SET(j->state, DNS_ZONE_ITEM_PROBING, DNS_ZONE_ITEM_ESTABLISHED, DNS_ZONE_ITEM_VERIFYING)) if (!IN_SET(j->state, DNS_ZONE_ITEM_PROBING, DNS_ZONE_ITEM_ESTABLISHED, DNS_ZONE_ITEM_VERIFYING))
continue; continue;
@ -393,7 +393,7 @@ int dns_zone_lookup(DnsZone *z, DnsResourceKey *key, DnsAnswer **ret_answer, Dns
} }
if (found && !added) { if (found && !added) {
r = dns_answer_add_soa(soa, DNS_RESOURCE_KEY_NAME(key), LLMNR_DEFAULT_TTL); r = dns_answer_add_soa(soa, dns_resource_key_name(key), LLMNR_DEFAULT_TTL);
if (r < 0) if (r < 0)
return r; return r;
} }
@ -418,7 +418,7 @@ int dns_zone_lookup(DnsZone *z, DnsResourceKey *key, DnsAnswer **ret_answer, Dns
if (!found) { if (!found) {
bool add_soa = false; bool add_soa = false;
first = hashmap_get(z->by_name, DNS_RESOURCE_KEY_NAME(key)); first = hashmap_get(z->by_name, dns_resource_key_name(key));
LIST_FOREACH(by_name, j, first) { LIST_FOREACH(by_name, j, first) {
if (!IN_SET(j->state, DNS_ZONE_ITEM_PROBING, DNS_ZONE_ITEM_ESTABLISHED, DNS_ZONE_ITEM_VERIFYING)) if (!IN_SET(j->state, DNS_ZONE_ITEM_PROBING, DNS_ZONE_ITEM_ESTABLISHED, DNS_ZONE_ITEM_VERIFYING))
continue; continue;
@ -430,7 +430,7 @@ int dns_zone_lookup(DnsZone *z, DnsResourceKey *key, DnsAnswer **ret_answer, Dns
} }
if (add_soa) { if (add_soa) {
r = dns_answer_add_soa(soa, DNS_RESOURCE_KEY_NAME(key), LLMNR_DEFAULT_TTL); r = dns_answer_add_soa(soa, dns_resource_key_name(key), LLMNR_DEFAULT_TTL);
if (r < 0) if (r < 0)
return r; return r;
} }
@ -482,7 +482,7 @@ void dns_zone_item_conflict(DnsZoneItem *i) {
i->state = DNS_ZONE_ITEM_WITHDRAWN; i->state = DNS_ZONE_ITEM_WITHDRAWN;
/* Maybe change the hostname */ /* Maybe change the hostname */
if (manager_is_own_hostname(i->scope->manager, DNS_RESOURCE_KEY_NAME(i->rr->key)) > 0) if (manager_is_own_hostname(i->scope->manager, dns_resource_key_name(i->rr->key)) > 0)
manager_next_hostname(i->scope->manager); manager_next_hostname(i->scope->manager);
} }
@ -562,7 +562,7 @@ int dns_zone_check_conflicts(DnsZone *zone, DnsResourceRecord *rr) {
* so, we'll verify our RRs. */ * so, we'll verify our RRs. */
/* No conflict if we don't have the name at all. */ /* No conflict if we don't have the name at all. */
first = hashmap_get(zone->by_name, DNS_RESOURCE_KEY_NAME(rr->key)); first = hashmap_get(zone->by_name, dns_resource_key_name(rr->key));
if (!first) if (!first)
return 0; return 0;
@ -593,7 +593,7 @@ int dns_zone_verify_conflicts(DnsZone *zone, DnsResourceKey *key) {
/* Somebody else notified us about a possible conflict. Let's /* Somebody else notified us about a possible conflict. Let's
* verify if that's true. */ * verify if that's true. */
first = hashmap_get(zone->by_name, DNS_RESOURCE_KEY_NAME(key)); first = hashmap_get(zone->by_name, dns_resource_key_name(key));
if (!first) if (!first)
return 0; return 0;

4
src/resolve/resolved-etc-hosts.c
View file

@ -363,7 +363,7 @@ int manager_etc_hosts_lookup(Manager *m, DnsQuestion* q, DnsAnswer **answer) {
if (!IN_SET(t->class, DNS_CLASS_IN, DNS_CLASS_ANY)) if (!IN_SET(t->class, DNS_CLASS_IN, DNS_CLASS_ANY))
continue; continue;
r = dns_name_equal(DNS_RESOURCE_KEY_NAME(t), name); r = dns_name_equal(dns_resource_key_name(t), name);
if (r < 0) if (r < 0)
return r; return r;
if (r > 0) { if (r > 0) {
@ -413,7 +413,7 @@ int manager_etc_hosts_lookup(Manager *m, DnsQuestion* q, DnsAnswer **answer) {
if (!IN_SET(t->class, DNS_CLASS_IN, DNS_CLASS_ANY)) if (!IN_SET(t->class, DNS_CLASS_IN, DNS_CLASS_ANY))
continue; continue;
r = dns_name_equal(DNS_RESOURCE_KEY_NAME(t), name); r = dns_name_equal(dns_resource_key_name(t), name);
if (r < 0) if (r < 0)
return r; return r;
if (r == 0) if (r == 0)

2
src/resolve/resolved-mdns.c
View file

@ -106,7 +106,7 @@ static int on_mdns_packet(sd_event_source *s, int fd, uint32_t revents, void *us
dns_scope_check_conflicts(scope, p); dns_scope_check_conflicts(scope, p);
DNS_ANSWER_FOREACH(rr, p->answer) { DNS_ANSWER_FOREACH(rr, p->answer) {
const char *name = DNS_RESOURCE_KEY_NAME(rr->key); const char *name = dns_resource_key_name(rr->key);
DnsTransaction *t; DnsTransaction *t;
/* If the received reply packet contains ANY record that is not .local or .in-addr.arpa, /* If the received reply packet contains ANY record that is not .local or .in-addr.arpa,