Commit 3ddd92da authored by Andreas Gustafsson's avatar Andreas Gustafsson
Browse files

improved support for mnemonics in DNSSEC RR types

parent 5f0e2c89
......@@ -27,6 +27,7 @@ ISC_LANG_BEGINDECLS
dns_result_t dns_cert_fromtext(dns_cert_t *certp, isc_textregion_t *source);
/*
* Convert the text 'source' refers to into a certificate type.
* The text may contain either a mnemonic type name or a decimal type number.
*
* Requires:
* 'certp' is a valid pointer.
......@@ -35,7 +36,8 @@ dns_result_t dns_cert_fromtext(dns_cert_t *certp, isc_textregion_t *source);
*
* Returns:
* DNS_R_SUCCESS on success
* DNS_R_UNKNOWN type is unknown
* DNS_R_UNKNOWN mnemonic type is unknown
* DNS_R_RANGE numeric type is out of range
*/
dns_result_t dns_cert_totext(dns_cert_t cert, isc_buffer_t *target);
......
/*
* Copyright (C) 1999 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
*/
#ifndef DNS_KEYFLAGS_H
#define DNS_KEYFLAGS_H 1
#include <isc/lang.h>
#include <dns/types.h>
ISC_LANG_BEGINDECLS
dns_result_t dns_keyflags_fromtext(dns_keyflags_t *flagsp,
isc_textregion_t *source);
/*
* Convert the text 'source' refers to into a DNSSEC KEY flags value.
* The text may contain either a set of flag mnemonics separated by
* vertical bars or a decimal flags value. For compatibility with
* older versions of BIND and the DNSSEC signer, octal values
* prefixed with a zero and hexadecimal values prefixed with "0x"
* are also accepted.
*
* Requires:
* 'flagsp' is a valid pointer.
*
* 'source' is a valid text region.
*
* Returns:
* DNS_R_SUCCESS on success
* DNS_R_UNKNOWN mnemonic flag is unknown
* DNS_R_RANGE numeric flag value is out of range
*/
ISC_LANG_ENDDECLS
#endif /* DNS_KEYFLAGS_H */
......@@ -28,6 +28,8 @@ dns_result_t dns_secalg_fromtext(dns_secalg_t *secalgp,
isc_textregion_t *source);
/*
* Convert the text 'source' refers to into a DNSSEC security algorithm value.
* The text may contain either a mnemonic algorithm name or a decimal algorithm
* number.
*
* Requires:
* 'secalgp' is a valid pointer.
......@@ -36,7 +38,8 @@ dns_result_t dns_secalg_fromtext(dns_secalg_t *secalgp,
*
* Returns:
* DNS_R_SUCCESS on success
* DNS_R_UNKNOWN type is unknown
* DNS_R_UNKNOWN mnemonic type is unknown
* DNS_R_RANGE numeric type is out of range
*/
dns_result_t dns_secalg_totext(dns_secalg_t secalg, isc_buffer_t *target);
......
/*
* Copyright (C) 1999 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
*/
#ifndef DNS_SECPROTO_H
#define DNS_SECPROTO_H 1
#include <isc/lang.h>
#include <dns/types.h>
ISC_LANG_BEGINDECLS
dns_result_t dns_secproto_fromtext(dns_secproto_t *secprotop,
isc_textregion_t *source);
/*
* Convert the text 'source' refers to into a DNSSEC security protocol value.
* The text may contain either a mnemonic protocol name or a decimal protocol
* number.
*
* Requires:
* 'secprotop' is a valid pointer.
*
* 'source' is a valid text region.
*
* Returns:
* DNS_R_SUCCESS on success
* DNS_R_UNKNOWN mnemonic type is unknown
* DNS_R_RANGE numeric type is out of range
*/
dns_result_t dns_secproto_totext(dns_secproto_t secproto, isc_buffer_t *target);
/*
* Put a textual representation of the DNSSEC security protocol 'secproto'
* into 'target'.
*
* Requires:
* 'secproto' is a valid secproto.
*
* 'target' is a valid text buffer.
*
* Ensures:
* If the result is success:
* The used space in 'target' is updated.
*
* Returns:
* DNS_R_SUCCESS on success
* DNS_R_NOSPACE target buffer is too small
*/
ISC_LANG_ENDDECLS
#endif /* DNS_SECPROTO_H */
......@@ -47,6 +47,8 @@ typedef unsigned char dns_offsets_t[128];
typedef struct dns_compress dns_compress_t;
typedef struct dns_decompress dns_decompress_t;
typedef isc_uint8_t dns_secalg_t;
typedef isc_uint8_t dns_secproto_t;
typedef isc_uint16_t dns_keyflags_t;
typedef isc_uint16_t dns_rdataclass_t;
typedef isc_uint16_t dns_rdatatype_t;
typedef isc_uint16_t dns_rcode_t;
......
......@@ -15,7 +15,7 @@
* SOFTWARE.
*/
/* $Id: rdata.c,v 1.61 1999/09/15 23:03:25 explorer Exp $ */
/* $Id: rdata.c,v 1.62 1999/09/17 09:22:39 gson Exp $ */
#include <config.h>
......@@ -37,6 +37,8 @@
#include <dns/rcode.h>
#include <dns/cert.h>
#include <dns/secalg.h>
#include <dns/secproto.h>
#include <dns/keyflags.h>
#include <dns/fixedname.h>
#include <dns/rdatastruct.h>
#include <dns/time.h>
......@@ -168,7 +170,7 @@ static const char octdigits[] = "01234567";
{ 254, "OID", 0}, \
{ 0, NULL, 0}
/* draft-ietf-dnssec-secext2-07.txt section 7 */
/* RFC2535 section 7 */
#define SECALGNAMES \
{ 1, "RSAMD5", 0 }, \
......@@ -180,6 +182,16 @@ static const char octdigits[] = "01234567";
{ 254, "PRIVATEOID", 0 }, \
{ 0, NULL, 0}
/* RFC2535 section 7.1 */
#define SECPROTONAMES \
{ 0, "NONE", 0 }, \
{ 1, "TLS", 0 }, \
{ 2, "EMAIL", 0 }, \
{ 3, "DNSSEC", 0 }, \
{ 4, "IPSEC", 0 }, \
{ 255, "ALL", 0 }, \
{ 0, NULL, 0}
static struct tbl {
unsigned int value;
......@@ -189,7 +201,47 @@ static struct tbl {
classes[] = { METACLASSES CLASSNAMES EMPTYCLASSES { 0, NULL, 0} },
rcodes[] = { RCODENAMES },
certs[] = { CERTNAMES },
secalgs[] = { SECALGNAMES };
secalgs[] = { SECALGNAMES },
secprotos[] = { SECPROTONAMES };
static struct keyflag {
char *name;
unsigned int value;
unsigned int mask;
} keyflags[] = {
{ "NOCONF", 0x4000, 0xC000 },
{ "NOAUTH", 0x8000, 0xC000 },
{ "NOKEY", 0xC000, 0xC000 },
{ "FLAG2", 0x2000, 0x2000 },
{ "EXTEND", 0x1000, 0x1000 },
{ "FLAG4", 0x0800, 0x0800 },
{ "FLAG5", 0x0400, 0x0400 },
{ "USER", 0x0000, 0x0300 },
{ "ZONE", 0x0100, 0x0300 },
{ "HOST", 0x0200, 0x0300 },
{ "NTYP3", 0x0300, 0x0300 },
{ "FLAG8", 0x0080, 0x0080 },
{ "FLAG9", 0x0040, 0x0040 },
{ "FLAG10", 0x0020, 0x0020 },
{ "FLAG11", 0x0010, 0x0010 },
{ "SIG0", 0x0000, 0x000F },
{ "SIG1", 0x0001, 0x000F },
{ "SIG2", 0x0002, 0x000F },
{ "SIG3", 0x0003, 0x000F },
{ "SIG4", 0x0004, 0x000F },
{ "SIG5", 0x0005, 0x000F },
{ "SIG6", 0x0006, 0x000F },
{ "SIG7", 0x0007, 0x000F },
{ "SIG8", 0x0008, 0x000F },
{ "SIG9", 0x0009, 0x000F },
{ "SIG10", 0x000A, 0x000F },
{ "SIG11", 0x000B, 0x000F },
{ "SIG12", 0x000C, 0x000F },
{ "SIG13", 0x000D, 0x000F },
{ "SIG14", 0x000E, 0x000F },
{ "SIG15", 0x000F, 0x000F },
{ NULL, 0, 0 }
};
/***
*** Initialization
......@@ -587,6 +639,64 @@ dns_rdata_digest(dns_rdata_t *rdata, dns_digestfunc_t digest, void *arg) {
return (result);
}
#define NUMBERSIZE sizeof("037777777777") /* 2^32-1 octal + NUL */
static dns_result_t
dns_mnemonic_fromtext(unsigned int *valuep, isc_textregion_t *source,
struct tbl *table, unsigned int max)
{
int i;
if (isdigit(source->base[0]) && source->length <= NUMBERSIZE - 1) {
unsigned int n;
char *e;
char buffer[NUMBERSIZE];
/*
* We have a potential number. Try to parse it with strtoul().
* strtoul() requires null termination, so we must make
* a copy.
*/
strncpy(buffer, source->base, NUMBERSIZE);
INSIST(buffer[source->length] == '\0');
n = strtoul(buffer, &e, 10);
if (*e == 0) {
if (n > max)
return (DNS_R_RANGE);
*valuep = n;
return (DNS_R_SUCCESS);
}
/* It was not a number after all; fall through. */
}
for (i = 0; table[i].name != NULL; i++) {
unsigned int n;
n = strlen(table[i].name);
if (n == source->length &&
strncasecmp(source->base, table[i].name, n) == 0) {
*valuep = table[i].value;
return (DNS_R_SUCCESS);
}
}
return (DNS_R_UNKNOWN);
}
static dns_result_t
dns_mnemonic_totext(unsigned int value, isc_buffer_t *target,
struct tbl *table)
{
int i = 0;
char buf[sizeof "4294967296"];
while (table[i].name != NULL) {
if (table[i].value == value) {
return (str_totext(table[i].name, target));
}
i++;
}
sprintf(buf, "%u", value);
return (str_totext(buf, target));
}
dns_result_t
dns_rdataclass_fromtext(dns_rdataclass_t *classp, isc_textregion_t *source) {
int i = 0;
......@@ -610,17 +720,7 @@ dns_rdataclass_fromtext(dns_rdataclass_t *classp, isc_textregion_t *source) {
dns_result_t
dns_rdataclass_totext(dns_rdataclass_t rdclass, isc_buffer_t *target) {
int i = 0;
char buf[sizeof "65000"];
while (classes[i].name != NULL) {
if (classes[i].value == rdclass) {
return (str_totext(classes[i].name, target));
}
i++;
}
sprintf(buf, "%u", rdclass);
return (str_totext(buf, target));
return (dns_mnemonic_totext(rdclass, target, classes));
}
/* XXXRTH Should we use a hash table here? */
......@@ -648,17 +748,7 @@ dns_rdatatype_fromtext(dns_rdatatype_t *typep, isc_textregion_t *source) {
dns_result_t
dns_rdatatype_totext(dns_rdatatype_t type, isc_buffer_t *target) {
int i = 0;
char buf[sizeof "65000"];
while (types[i].name != NULL) {
if (types[i].value == type) {
return (str_totext(types[i].name, target));
}
i++;
}
sprintf(buf, "%u", type);
return (str_totext(buf, target));
return (dns_mnemonic_totext(type, target, types));
}
/* XXXRTH Should we use a hash table here? */
......@@ -682,84 +772,109 @@ dns_rcode_fromtext(dns_rcode_t *rcodep, isc_textregion_t *source) {
dns_result_t
dns_rcode_totext(dns_rcode_t rcode, isc_buffer_t *target) {
int i = 0;
char buf[sizeof "65000"];
while (rcodes[i].name != NULL) {
if (rcodes[i].value == rcode) {
return (str_totext(rcodes[i].name, target));
}
i++;
}
sprintf(buf, "%u", rcode);
return (str_totext(buf, target));
return (dns_mnemonic_totext(rcode, target, rcodes));
}
dns_result_t
dns_cert_fromtext(dns_cert_t *certp, isc_textregion_t *source) {
int i = 0;
unsigned int n;
unsigned int value;
RETERR(dns_mnemonic_fromtext(&value, source, certs, 0xffff));
*certp = value;
return (DNS_R_SUCCESS);
}
while (certs[i].name != NULL) {
n = strlen(certs[i].name);
if (n == source->length &&
strncasecmp(source->base, certs[i].name, n) == 0) {
*certp = certs[i].value;
return (DNS_R_SUCCESS);
}
i++;
}
return (DNS_R_UNKNOWN);
dns_result_t
dns_cert_totext(dns_cert_t cert, isc_buffer_t *target) {
return (dns_mnemonic_totext(cert, target, certs));
}
dns_result_t
dns_cert_totext(dns_cert_t cert, isc_buffer_t *target) {
int i = 0;
char buf[sizeof "65000"];
dns_secalg_fromtext(dns_secalg_t *secalgp, isc_textregion_t *source) {
unsigned int value;
RETERR(dns_mnemonic_fromtext(&value, source, secalgs, 0xff));
*secalgp = value;
return (DNS_R_SUCCESS);
}
while (certs[i].name != NULL) {
if (certs[i].value == cert) {
return (str_totext(certs[i].name, target));
}
i++;
}
sprintf(buf, "%u", cert);
return (str_totext(buf, target));
dns_result_t
dns_secalg_totext(dns_secalg_t secalg, isc_buffer_t *target) {
return (dns_mnemonic_totext(secalg, target, secalgs));
}
dns_result_t
dns_secalg_fromtext(dns_secalg_t *secalgp, isc_textregion_t *source) {
int i = 0;
unsigned int n;
dns_secproto_fromtext(dns_secproto_t *secprotop, isc_textregion_t *source) {
unsigned int value;
RETERR(dns_mnemonic_fromtext(&value, source, secprotos, 0xff));
*secprotop = value;
return (DNS_R_SUCCESS);
}
while (secalgs[i].name != NULL) {
n = strlen(secalgs[i].name);
if (n == source->length &&
strncasecmp(source->base, secalgs[i].name, n) == 0) {
*secalgp = secalgs[i].value;
return (DNS_R_SUCCESS);
}
i++;
}
return (DNS_R_UNKNOWN);
dns_result_t
dns_secproto_totext(dns_secproto_t secproto, isc_buffer_t *target) {
return (dns_mnemonic_totext(secproto, target, secprotos));
}
dns_result_t
dns_secalg_totext(dns_secalg_t secalg, isc_buffer_t *target) {
int i = 0;
char buf[sizeof "65000"];
dns_keyflags_fromtext(dns_keyflags_t *flagsp, isc_textregion_t *source)
{
char *text, *end;
unsigned int value, mask;
if (isdigit(source->base[0]) && source->length <= NUMBERSIZE - 1) {
unsigned int n;
char *e;
char buffer[NUMBERSIZE];
/*
* We have a potential number. Try to parse it with strtoul().
* strtoul() requires null termination, so we must make
* a copy.
*/
strncpy(buffer, source->base, NUMBERSIZE);
INSIST(buffer[source->length] == '\0');
n = strtoul(buffer, &e, 0); /* Allow hex/octal. */
if (*e == 0) {
if (n > 0xffff)
return (DNS_R_RANGE);
*flagsp = n;
return (DNS_R_SUCCESS);
}
/* It was not a number after all; fall through. */
}
while (secalgs[i].name != NULL) {
if (secalgs[i].value == secalg) {
return (str_totext(secalgs[i].name, target));
text = source->base;
end = source->base + source->length;
value = mask = 0;
while (text < end) {
struct keyflag *p;
unsigned int len;
char *delim = memchr(text, '|', end - text);
if (delim != NULL)
len = delim - text;
else
len = end - text;
for (p = keyflags; p->name != NULL; p++) {
if (strncasecmp(p->name, text, len) == 0)
break;
}
i++;
if (p->name == NULL)
return (DNS_R_UNKNOWN);
value |= p->value;
#ifdef notyet
if ((mask & p->mask) != 0)
warn("overlapping key flags");
#endif
mask |= p->mask;
text += len;
if (delim != NULL)
text++; /* Skip "|" */
}
sprintf(buf, "%u", secalg);
return (str_totext(buf, target));
*flagsp = value;
return (DNS_R_SUCCESS);
}
/* Private function */
/* Private function */
static unsigned int
name_length(dns_name_t *name) {
......
......@@ -15,7 +15,7 @@
* SOFTWARE.
*/
/* $Id: cert_37.c,v 1.14 1999/09/15 23:03:27 explorer Exp $ */
/* $Id: cert_37.c,v 1.15 1999/09/17 09:22:40 gson Exp $ */
/* draft-ietf-dnssec-certs-04.txt */
......@@ -35,20 +35,14 @@ fromtext_cert(dns_rdataclass_t rdclass, dns_rdatatype_t type,
REQUIRE(type == 37);
rdclass = rdclass; /*unused*/
rdclass = rdclass; /*unused*/
origin = origin; /*unused*/
downcase = downcase; /*unused*/
/* cert type */
RETERR(gettoken(lexer, &token, isc_tokentype_string, ISC_FALSE));
n = strtol(token.value.as_pointer, &e, 10);
if (*e != 0) {
RETERR(dns_cert_fromtext(&cert, &token.value.as_textregion));
} else {
if (n < 0 || n > 0xffff)
return (DNS_R_RANGE);
cert = n;
}
RETERR(dns_cert_fromtext(&cert, &token.value.as_textregion));
RETERR(uint16_tobuffer(cert, target));
/* key tag */
......@@ -59,15 +53,7 @@ fromtext_cert(dns_rdataclass_t rdclass, dns_rdatatype_t type,
/* algorithm */
RETERR(gettoken(lexer, &token, isc_tokentype_string, ISC_FALSE));
n = strtol(token.value.as_pointer, &e, 10);
if (*e != 0) {
RETERR(dns_secalg_fromtext(&secalg,
&token.value.as_textregion));
} else {
if (n < 0 || n > 0xff)
return (DNS_R_RANGE);
secalg = n;
}
RETERR(dns_secalg_fromtext(&secalg, &token.value.as_textregion));
RETERR(mem_tobuffer(target, &secalg, 1));
return (isc_base64_tobuffer(lexer, target, -1));
......
......@@ -15,7 +15,7 @@
* SOFTWARE.
*/
/* $Id: key_25.c,v 1.12 1999/09/15 23:03:29 explorer Exp $ */
/* $Id: key_25.c,v 1.13 1999/09/17 09:22:40 gson Exp $ */
/* RFC 2065 */
......@@ -28,32 +28,30 @@ fromtext_key(dns_rdataclass_t rdclass, dns_rdatatype_t type,
isc_boolean_t downcase, isc_buffer_t *target)
{
isc_token_t token;
unsigned char c;
unsigned int flags;
dns_secalg_t alg;
dns_secproto_t proto;
dns_keyflags_t flags;
REQUIRE(type == 25);
rdclass = rdclass; /*unused*/
rdclass = rdclass; /*unused*/
origin = origin; /*unused*/
downcase = downcase; /*unused*/
RETERR(gettoken(lexer, &token, isc_tokentype_number, ISC_FALSE));
if (token.value.as_ulong > 0xffff)
return (DNS_R_RANGE);
RETERR(uint16_tobuffer(token.value.as_ulong, target));
flags = token.value.as_ulong;
RETERR(gettoken(lexer, &token, isc_tokentype_number, ISC_FALSE));
if (token.value.as_ulong > 0xff)
return (DNS_R_RANGE);
c = token.value.as_ulong;
RETERR(mem_tobuffer(target, &c, 1));
RETERR(gettoken(lexer, &token, isc_tokentype_number, ISC_FALSE));
if (token.value.as_ulong > 0xff)
return (DNS_R_RANGE);
c = token.value.as_ulong;
RETERR(mem_tobuffer(target, &c, 1));
/* flags */
RETERR(gettoken(lexer, &token, isc_tokentype_string, ISC_FALSE));
RETERR(dns_keyflags_fromtext(&flags, &token.value.as_textregion));
RETERR(uint16_tobuffer(flags, target));
/* protocol */
RETERR(gettoken(lexer, &token, isc_tokentype_string, ISC_FALSE));
RETERR(dns_secproto_fromtext(&proto, &token.value.as_textregion));