1/* 2 * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC") 3 * Copyright (C) 1998-2003 Internet Software Consortium. 4 * 5 * Permission to use, copy, modify, and/or distribute this software for any 6 * purpose with or without fee is hereby granted, provided that the above 7 * copyright notice and this permission notice appear in all copies. 8 * 9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15 * PERFORMANCE OF THIS SOFTWARE. 16 */ 17 18/* $Id$ */ 19 20#include <config.h> 21#include <ctype.h> 22 23#include <isc/buffer.h> 24#include <isc/parseint.h> 25#include <isc/print.h> 26#include <isc/region.h> 27#include <isc/result.h> 28#include <isc/stdio.h> 29#include <isc/stdlib.h> 30#include <isc/string.h> 31#include <isc/types.h> 32#include <isc/util.h> 33 34#include <dns/cert.h> 35#include <dns/keyflags.h> 36#include <dns/keyvalues.h> 37#include <dns/rcode.h> 38#include <dns/rdataclass.h> 39#include <dns/result.h> 40#include <dns/secalg.h> 41#include <dns/secproto.h> 42 43#define RETERR(x) \ 44 do { \ 45 isc_result_t _r = (x); \ 46 if (_r != ISC_R_SUCCESS) \ 47 return (_r); \ 48 } while (0) 49 50#define NUMBERSIZE sizeof("037777777777") /* 2^32-1 octal + NUL */ 51 52#define RCODENAMES \ 53 /* standard rcodes */ \ 54 { dns_rcode_noerror, "NOERROR", 0}, \ 55 { dns_rcode_formerr, "FORMERR", 0}, \ 56 { dns_rcode_servfail, "SERVFAIL", 0}, \ 57 { dns_rcode_nxdomain, "NXDOMAIN", 0}, \ 58 { dns_rcode_notimp, "NOTIMP", 0}, \ 59 { dns_rcode_refused, "REFUSED", 0}, \ 60 { dns_rcode_yxdomain, "YXDOMAIN", 0}, \ 61 { dns_rcode_yxrrset, "YXRRSET", 0}, \ 62 { dns_rcode_nxrrset, "NXRRSET", 0}, \ 63 { dns_rcode_notauth, "NOTAUTH", 0}, \ 64 { dns_rcode_notzone, "NOTZONE", 0}, 65 66#define ERCODENAMES \ 67 /* extended rcodes */ \ 68 { dns_rcode_badvers, "BADVERS", 0}, \ 69 { 0, NULL, 0 } 70 71#define TSIGRCODENAMES \ 72 /* extended rcodes */ \ 73 { dns_tsigerror_badsig, "BADSIG", 0}, \ 74 { dns_tsigerror_badkey, "BADKEY", 0}, \ 75 { dns_tsigerror_badtime, "BADTIME", 0}, \ 76 { dns_tsigerror_badmode, "BADMODE", 0}, \ 77 { dns_tsigerror_badname, "BADNAME", 0}, \ 78 { dns_tsigerror_badalg, "BADALG", 0}, \ 79 { dns_tsigerror_badtrunc, "BADTRUNC", 0}, \ 80 { 0, NULL, 0 } 81 82/* RFC4398 section 2.1 */ 83 84#define CERTNAMES \ 85 { 1, "PKIX", 0}, \ 86 { 2, "SPKI", 0}, \ 87 { 3, "PGP", 0}, \ 88 { 4, "IPKIX", 0}, \ 89 { 5, "ISPKI", 0}, \ 90 { 6, "IPGP", 0}, \ 91 { 7, "ACPKIX", 0}, \ 92 { 8, "IACPKIX", 0}, \ 93 { 253, "URI", 0}, \ 94 { 254, "OID", 0}, \ 95 { 0, NULL, 0} 96 97/* RFC2535 section 7, RFC3110 */ 98 99#define SECALGNAMES \ 100 { DNS_KEYALG_RSAMD5, "RSAMD5", 0 }, \ 101 { DNS_KEYALG_RSAMD5, "RSA", 0 }, \ 102 { DNS_KEYALG_DH, "DH", 0 }, \ 103 { DNS_KEYALG_DSA, "DSA", 0 }, \ 104 { DNS_KEYALG_NSEC3DSA, "NSEC3DSA", 0 }, \ 105 { DNS_KEYALG_ECC, "ECC", 0 }, \ 106 { DNS_KEYALG_RSASHA1, "RSASHA1", 0 }, \ 107 { DNS_KEYALG_NSEC3RSASHA1, "NSEC3RSASHA1", 0 }, \ 108 { DNS_KEYALG_RSASHA256, "RSASHA256", 0 }, \ 109 { DNS_KEYALG_RSASHA512, "RSASHA512", 0 }, \ 110 { DNS_KEYALG_ECCGOST, "ECCGOST", 0 }, \ 111 { DNS_KEYALG_INDIRECT, "INDIRECT", 0 }, \ 112 { DNS_KEYALG_PRIVATEDNS, "PRIVATEDNS", 0 }, \ 113 { DNS_KEYALG_PRIVATEOID, "PRIVATEOID", 0 }, \ 114 { 0, NULL, 0} 115 116/* RFC2535 section 7.1 */ 117 118#define SECPROTONAMES \ 119 { 0, "NONE", 0 }, \ 120 { 1, "TLS", 0 }, \ 121 { 2, "EMAIL", 0 }, \ 122 { 3, "DNSSEC", 0 }, \ 123 { 4, "IPSEC", 0 }, \ 124 { 255, "ALL", 0 }, \ 125 { 0, NULL, 0} 126 127#define HASHALGNAMES \ 128 { 1, "SHA-1", 0 }, \ 129 { 0, NULL, 0 } 130 131struct tbl { 132 unsigned int value; 133 const char *name; 134 int flags; 135}; 136 137static struct tbl rcodes[] = { RCODENAMES ERCODENAMES }; 138static struct tbl tsigrcodes[] = { RCODENAMES TSIGRCODENAMES }; 139static struct tbl certs[] = { CERTNAMES }; 140static struct tbl secalgs[] = { SECALGNAMES }; 141static struct tbl secprotos[] = { SECPROTONAMES }; 142static struct tbl hashalgs[] = { HASHALGNAMES }; 143 144static struct keyflag { 145 const char *name; 146 unsigned int value; 147 unsigned int mask; 148} keyflags[] = { 149 { "NOCONF", 0x4000, 0xC000 }, 150 { "NOAUTH", 0x8000, 0xC000 }, 151 { "NOKEY", 0xC000, 0xC000 }, 152 { "FLAG2", 0x2000, 0x2000 }, 153 { "EXTEND", 0x1000, 0x1000 }, 154 { "FLAG4", 0x0800, 0x0800 }, 155 { "FLAG5", 0x0400, 0x0400 }, 156 { "USER", 0x0000, 0x0300 }, 157 { "ZONE", 0x0100, 0x0300 }, 158 { "HOST", 0x0200, 0x0300 }, 159 { "NTYP3", 0x0300, 0x0300 }, 160 { "FLAG8", 0x0080, 0x0080 }, 161 { "FLAG9", 0x0040, 0x0040 }, 162 { "FLAG10", 0x0020, 0x0020 }, 163 { "FLAG11", 0x0010, 0x0010 }, 164 { "SIG0", 0x0000, 0x000F }, 165 { "SIG1", 0x0001, 0x000F }, 166 { "SIG2", 0x0002, 0x000F }, 167 { "SIG3", 0x0003, 0x000F }, 168 { "SIG4", 0x0004, 0x000F }, 169 { "SIG5", 0x0005, 0x000F }, 170 { "SIG6", 0x0006, 0x000F }, 171 { "SIG7", 0x0007, 0x000F }, 172 { "SIG8", 0x0008, 0x000F }, 173 { "SIG9", 0x0009, 0x000F }, 174 { "SIG10", 0x000A, 0x000F }, 175 { "SIG11", 0x000B, 0x000F }, 176 { "SIG12", 0x000C, 0x000F }, 177 { "SIG13", 0x000D, 0x000F }, 178 { "SIG14", 0x000E, 0x000F }, 179 { "SIG15", 0x000F, 0x000F }, 180 { "KSK", DNS_KEYFLAG_KSK, DNS_KEYFLAG_KSK }, 181 { NULL, 0, 0 } 182}; 183 184static isc_result_t 185str_totext(const char *source, isc_buffer_t *target) { 186 unsigned int l; 187 isc_region_t region; 188 189 isc_buffer_availableregion(target, ®ion); 190 l = strlen(source); 191 192 if (l > region.length) 193 return (ISC_R_NOSPACE); 194 195 memcpy(region.base, source, l); 196 isc_buffer_add(target, l); 197 return (ISC_R_SUCCESS); 198} 199 200static isc_result_t 201maybe_numeric(unsigned int *valuep, isc_textregion_t *source, 202 unsigned int max, isc_boolean_t hex_allowed) 203{ 204 isc_result_t result; 205 isc_uint32_t n; 206 char buffer[NUMBERSIZE]; 207 208 if (! isdigit(source->base[0] & 0xff) || 209 source->length > NUMBERSIZE - 1) 210 return (ISC_R_BADNUMBER); 211 212 /* 213 * We have a potential number. Try to parse it with 214 * isc_parse_uint32(). isc_parse_uint32() requires 215 * null termination, so we must make a copy. 216 */ 217 strncpy(buffer, source->base, NUMBERSIZE); 218 INSIST(buffer[source->length] == '\0'); 219 220 result = isc_parse_uint32(&n, buffer, 10); 221 if (result == ISC_R_BADNUMBER && hex_allowed) 222 result = isc_parse_uint32(&n, buffer, 16); 223 if (result != ISC_R_SUCCESS) 224 return (result); 225 if (n > max) 226 return (ISC_R_RANGE); 227 *valuep = n; 228 return (ISC_R_SUCCESS); 229} 230 231static isc_result_t 232dns_mnemonic_fromtext(unsigned int *valuep, isc_textregion_t *source, 233 struct tbl *table, unsigned int max) 234{ 235 isc_result_t result; 236 int i; 237 238 result = maybe_numeric(valuep, source, max, ISC_FALSE); 239 if (result != ISC_R_BADNUMBER) 240 return (result); 241 242 for (i = 0; table[i].name != NULL; i++) { 243 unsigned int n; 244 n = strlen(table[i].name); 245 if (n == source->length && 246 strncasecmp(source->base, table[i].name, n) == 0) { 247 *valuep = table[i].value; 248 return (ISC_R_SUCCESS); 249 } 250 } 251 return (DNS_R_UNKNOWN); 252} 253 254static isc_result_t 255dns_mnemonic_totext(unsigned int value, isc_buffer_t *target, 256 struct tbl *table) 257{ 258 int i = 0; 259 char buf[sizeof("4294967296")]; 260 while (table[i].name != NULL) { 261 if (table[i].value == value) { 262 return (str_totext(table[i].name, target)); 263 } 264 i++; 265 } 266 snprintf(buf, sizeof(buf), "%u", value); 267 return (str_totext(buf, target)); 268} 269 270isc_result_t 271dns_rcode_fromtext(dns_rcode_t *rcodep, isc_textregion_t *source) { 272 unsigned int value; 273 RETERR(dns_mnemonic_fromtext(&value, source, rcodes, 0xffff)); 274 *rcodep = value; 275 return (ISC_R_SUCCESS); 276} 277 278isc_result_t 279dns_rcode_totext(dns_rcode_t rcode, isc_buffer_t *target) { 280 return (dns_mnemonic_totext(rcode, target, rcodes)); 281} 282 283isc_result_t 284dns_tsigrcode_fromtext(dns_rcode_t *rcodep, isc_textregion_t *source) { 285 unsigned int value; 286 RETERR(dns_mnemonic_fromtext(&value, source, tsigrcodes, 0xffff)); 287 *rcodep = value; 288 return (ISC_R_SUCCESS); 289} 290 291isc_result_t 292dns_tsigrcode_totext(dns_rcode_t rcode, isc_buffer_t *target) { 293 return (dns_mnemonic_totext(rcode, target, tsigrcodes)); 294} 295 296isc_result_t 297dns_cert_fromtext(dns_cert_t *certp, isc_textregion_t *source) { 298 unsigned int value; 299 RETERR(dns_mnemonic_fromtext(&value, source, certs, 0xffff)); 300 *certp = value; 301 return (ISC_R_SUCCESS); 302} 303 304isc_result_t 305dns_cert_totext(dns_cert_t cert, isc_buffer_t *target) { 306 return (dns_mnemonic_totext(cert, target, certs)); 307} 308 309isc_result_t 310dns_secalg_fromtext(dns_secalg_t *secalgp, isc_textregion_t *source) { 311 unsigned int value; 312 RETERR(dns_mnemonic_fromtext(&value, source, secalgs, 0xff)); 313 *secalgp = value; 314 return (ISC_R_SUCCESS); 315} 316 317isc_result_t 318dns_secalg_totext(dns_secalg_t secalg, isc_buffer_t *target) { 319 return (dns_mnemonic_totext(secalg, target, secalgs)); 320} 321 322void 323dns_secalg_format(dns_secalg_t alg, char *cp, unsigned int size) { 324 isc_buffer_t b; 325 isc_region_t r; 326 isc_result_t result; 327 328 REQUIRE(cp != NULL && size > 0); 329 isc_buffer_init(&b, cp, size - 1); 330 result = dns_secalg_totext(alg, &b); 331 isc_buffer_usedregion(&b, &r); 332 r.base[r.length] = 0; 333 if (result != ISC_R_SUCCESS) 334 r.base[0] = 0; 335} 336 337isc_result_t 338dns_secproto_fromtext(dns_secproto_t *secprotop, isc_textregion_t *source) { 339 unsigned int value; 340 RETERR(dns_mnemonic_fromtext(&value, source, secprotos, 0xff)); 341 *secprotop = value; 342 return (ISC_R_SUCCESS); 343} 344 345isc_result_t 346dns_secproto_totext(dns_secproto_t secproto, isc_buffer_t *target) { 347 return (dns_mnemonic_totext(secproto, target, secprotos)); 348} 349 350isc_result_t 351dns_hashalg_fromtext(unsigned char *hashalg, isc_textregion_t *source) { 352 unsigned int value; 353 RETERR(dns_mnemonic_fromtext(&value, source, hashalgs, 0xff)); 354 *hashalg = value; 355 return (ISC_R_SUCCESS); 356} 357 358isc_result_t 359dns_keyflags_fromtext(dns_keyflags_t *flagsp, isc_textregion_t *source) 360{ 361 isc_result_t result; 362 char *text, *end; 363 unsigned int value, mask; 364 365 result = maybe_numeric(&value, source, 0xffff, ISC_TRUE); 366 if (result == ISC_R_SUCCESS) { 367 *flagsp = value; 368 return (ISC_R_SUCCESS); 369 } 370 if (result != ISC_R_BADNUMBER) 371 return (result); 372 373 text = source->base; 374 end = source->base + source->length; 375 value = mask = 0; 376 377 while (text < end) { 378 struct keyflag *p; 379 unsigned int len; 380 char *delim = memchr(text, '|', end - text); 381 if (delim != NULL) 382 len = delim - text; 383 else 384 len = end - text; 385 for (p = keyflags; p->name != NULL; p++) { 386 if (strncasecmp(p->name, text, len) == 0) 387 break; 388 } 389 if (p->name == NULL) 390 return (DNS_R_UNKNOWNFLAG); 391 value |= p->value; 392#ifdef notyet 393 if ((mask & p->mask) != 0) 394 warn("overlapping key flags"); 395#endif 396 mask |= p->mask; 397 text += len; 398 if (delim != NULL) 399 text++; /* Skip "|" */ 400 } 401 *flagsp = value; 402 return (ISC_R_SUCCESS); 403} 404 405/* 406 * This uses lots of hard coded values, but how often do we actually 407 * add classes? 408 */ 409isc_result_t 410dns_rdataclass_fromtext(dns_rdataclass_t *classp, isc_textregion_t *source) { 411#define COMPARE(string, rdclass) \ 412 if (((sizeof(string) - 1) == source->length) \ 413 && (strncasecmp(source->base, string, source->length) == 0)) { \ 414 *classp = rdclass; \ 415 return (ISC_R_SUCCESS); \ 416 } 417 418 switch (tolower((unsigned char)source->base[0])) { 419 case 'a': 420 COMPARE("any", dns_rdataclass_any); 421 break; 422 case 'c': 423 /* 424 * RFC1035 says the mnemonic for the CHAOS class is CH, 425 * but historical BIND practice is to call it CHAOS. 426 * We will accept both forms, but only generate CH. 427 */ 428 COMPARE("ch", dns_rdataclass_chaos); 429 COMPARE("chaos", dns_rdataclass_chaos); 430 431 if (source->length > 5 && 432 source->length < (5 + sizeof("65000")) && 433 strncasecmp("class", source->base, 5) == 0) { 434 char buf[sizeof("65000")]; 435 char *endp; 436 unsigned int val; 437 438 strncpy(buf, source->base + 5, source->length - 5); 439 buf[source->length - 5] = '\0'; 440 val = strtoul(buf, &endp, 10); 441 if (*endp == '\0' && val <= 0xffff) { 442 *classp = (dns_rdataclass_t)val; 443 return (ISC_R_SUCCESS); 444 } 445 } 446 break; 447 case 'h': 448 COMPARE("hs", dns_rdataclass_hs); 449 COMPARE("hesiod", dns_rdataclass_hs); 450 break; 451 case 'i': 452 COMPARE("in", dns_rdataclass_in); 453 break; 454 case 'n': 455 COMPARE("none", dns_rdataclass_none); 456 break; 457 case 'r': 458 COMPARE("reserved0", dns_rdataclass_reserved0); 459 break; 460 } 461 462#undef COMPARE 463 464 return (DNS_R_UNKNOWN); 465} 466 467isc_result_t 468dns_rdataclass_totext(dns_rdataclass_t rdclass, isc_buffer_t *target) { 469 char buf[sizeof("CLASS65535")]; 470 471 switch (rdclass) { 472 case dns_rdataclass_any: 473 return (str_totext("ANY", target)); 474 case dns_rdataclass_chaos: 475 return (str_totext("CH", target)); 476 case dns_rdataclass_hs: 477 return (str_totext("HS", target)); 478 case dns_rdataclass_in: 479 return (str_totext("IN", target)); 480 case dns_rdataclass_none: 481 return (str_totext("NONE", target)); 482 case dns_rdataclass_reserved0: 483 return (str_totext("RESERVED0", target)); 484 default: 485 snprintf(buf, sizeof(buf), "CLASS%u", rdclass); 486 return (str_totext(buf, target)); 487 } 488} 489 490void 491dns_rdataclass_format(dns_rdataclass_t rdclass, 492 char *array, unsigned int size) 493{ 494 isc_result_t result; 495 isc_buffer_t buf; 496 497 if (size == 0U) 498 return; 499 500 isc_buffer_init(&buf, array, size); 501 result = dns_rdataclass_totext(rdclass, &buf); 502 /* 503 * Null terminate. 504 */ 505 if (result == ISC_R_SUCCESS) { 506 if (isc_buffer_availablelength(&buf) >= 1) 507 isc_buffer_putuint8(&buf, 0); 508 else 509 result = ISC_R_NOSPACE; 510 } 511 if (result != ISC_R_SUCCESS) 512 strlcpy(array, "<unknown>", size); 513} 514