contrib/bind9/lib/dns/rcode.c

   1 /*
   2  * Copyright (C) 2004-2012  Internet Systems Consortium, Inc. ("ISC")
   3  * Copyright (C) 1998-2003  Internet Software Consortium.
   4  *
   5  * Permission to use, copy, modify, and/or distribute this software for any
   6  * purpose with or without fee is hereby granted, provided that the above
   7  * copyright notice and this permission notice appear in all copies.
   8  *
   9  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
  10  * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
  11  * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
  12  * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
  13  * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
  14  * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  15  * PERFORMANCE OF THIS SOFTWARE.
  16  */
  17
  18 /* $Id$ */
  19
  20 #include <config.h>
  21 #include <ctype.h>
  22
  23 #include <isc/buffer.h>
  24 #include <isc/parseint.h>
  25 #include <isc/print.h>
  26 #include <isc/region.h>
  27 #include <isc/result.h>
  28 #include <isc/stdio.h>
  29 #include <isc/stdlib.h>
  30 #include <isc/string.h>
  31 #include <isc/types.h>
  32 #include <isc/util.h>
  33
  34 #include <dns/cert.h>
  35 #include <dns/keyflags.h>
  36 #include <dns/keyvalues.h>
  37 #include <dns/rcode.h>
  38 #include <dns/rdataclass.h>
  39 #include <dns/result.h>
  40 #include <dns/secalg.h>
  41 #include <dns/secproto.h>
  42
  43 #define RETERR(x) \
  44         do { \
  45                 isc_result_t _r = (x); \
  46                 if (_r != ISC_R_SUCCESS) \
  47                         return (_r); \
  48         } while (0)
  49
  50 #define NUMBERSIZE sizeof("037777777777") /* 2^32-1 octal + NUL */
  51
  52 #define RCODENAMES \
  53         /* standard rcodes */ \
  54         { dns_rcode_noerror, "NOERROR", 0}, \
  55         { dns_rcode_formerr, "FORMERR", 0}, \
  56         { dns_rcode_servfail, "SERVFAIL", 0}, \
  57         { dns_rcode_nxdomain, "NXDOMAIN", 0}, \
  58         { dns_rcode_notimp, "NOTIMP", 0}, \
  59         { dns_rcode_refused, "REFUSED", 0}, \
  60         { dns_rcode_yxdomain, "YXDOMAIN", 0}, \
  61         { dns_rcode_yxrrset, "YXRRSET", 0}, \
  62         { dns_rcode_nxrrset, "NXRRSET", 0}, \
  63         { dns_rcode_notauth, "NOTAUTH", 0}, \
  64         { dns_rcode_notzone, "NOTZONE", 0},
  65
  66 #define ERCODENAMES \
  67         /* extended rcodes */ \
  68         { dns_rcode_badvers, "BADVERS", 0}, \
  69         { 0, NULL, 0 }
  70
  71 #define TSIGRCODENAMES \
  72         /* extended rcodes */ \
  73         { dns_tsigerror_badsig, "BADSIG", 0}, \
  74         { dns_tsigerror_badkey, "BADKEY", 0}, \
  75         { dns_tsigerror_badtime, "BADTIME", 0}, \
  76         { dns_tsigerror_badmode, "BADMODE", 0}, \
  77         { dns_tsigerror_badname, "BADNAME", 0}, \
  78         { dns_tsigerror_badalg, "BADALG", 0}, \
  79         { dns_tsigerror_badtrunc, "BADTRUNC", 0}, \
  80         { 0, NULL, 0 }
  81
  82 /* RFC4398 section 2.1 */
  83
  84 #define CERTNAMES \
  85         { 1, "PKIX", 0}, \
  86         { 2, "SPKI", 0}, \
  87         { 3, "PGP", 0}, \
  88         { 4, "IPKIX", 0}, \
  89         { 5, "ISPKI", 0}, \
  90         { 6, "IPGP", 0}, \
  91         { 7, "ACPKIX", 0}, \
  92         { 8, "IACPKIX", 0}, \
  93         { 253, "URI", 0}, \
  94         { 254, "OID", 0}, \
  95         { 0, NULL, 0}
  96
  97 /* RFC2535 section 7, RFC3110 */
  98
  99 #define SECALGNAMES \
 100         { DNS_KEYALG_RSAMD5, "RSAMD5", 0 }, \
 101         { DNS_KEYALG_RSAMD5, "RSA", 0 }, \
 102         { DNS_KEYALG_DH, "DH", 0 }, \
 103         { DNS_KEYALG_DSA, "DSA", 0 }, \
 104         { DNS_KEYALG_NSEC3DSA, "NSEC3DSA", 0 }, \
 105         { DNS_KEYALG_ECC, "ECC", 0 }, \
 106         { DNS_KEYALG_RSASHA1, "RSASHA1", 0 }, \
 107         { DNS_KEYALG_NSEC3RSASHA1, "NSEC3RSASHA1", 0 }, \
 108         { DNS_KEYALG_RSASHA256, "RSASHA256", 0 }, \
 109         { DNS_KEYALG_RSASHA512, "RSASHA512", 0 }, \
 110         { DNS_KEYALG_ECCGOST, "ECCGOST", 0 }, \
 111         { DNS_KEYALG_ECDSA256, "ECDSAP256SHA256", 0 }, \
 112         { DNS_KEYALG_ECDSA384, "ECDSAP384SHA384", 0 }, \
 113         { DNS_KEYALG_INDIRECT, "INDIRECT", 0 }, \
 114         { DNS_KEYALG_PRIVATEDNS, "PRIVATEDNS", 0 }, \
 115         { DNS_KEYALG_PRIVATEOID, "PRIVATEOID", 0 }, \
 116         { 0, NULL, 0}
 117
 118 /* RFC2535 section 7.1 */
 119
 120 #define SECPROTONAMES \
 121         {   0,    "NONE", 0 }, \
 122         {   1,    "TLS", 0 }, \
 123         {   2,    "EMAIL", 0 }, \
 124         {   3,    "DNSSEC", 0 }, \
 125         {   4,    "IPSEC", 0 }, \
 126         { 255,    "ALL", 0 }, \
 127         { 0, NULL, 0}
 128
 129 #define HASHALGNAMES \
 130         { 1, "SHA-1", 0 }, \
 131         { 0, NULL, 0 }
 132
 133 struct tbl {
 134         unsigned int    value;
 135         const char      *name;
 136         int             flags;
 137 };
 138
 139 static struct tbl rcodes[] = { RCODENAMES ERCODENAMES };
 140 static struct tbl tsigrcodes[] = { RCODENAMES TSIGRCODENAMES };
 141 static struct tbl certs[] = { CERTNAMES };
 142 static struct tbl secalgs[] = { SECALGNAMES };
 143 static struct tbl secprotos[] = { SECPROTONAMES };
 144 static struct tbl hashalgs[] = { HASHALGNAMES };
 145
 146 static struct keyflag {
 147         const char *name;
 148         unsigned int value;
 149         unsigned int mask;
 150 } keyflags[] = {
 151         { "NOCONF", 0x4000, 0xC000 },
 152         { "NOAUTH", 0x8000, 0xC000 },
 153         { "NOKEY",  0xC000, 0xC000 },
 154         { "FLAG2",  0x2000, 0x2000 },
 155         { "EXTEND", 0x1000, 0x1000 },
 156         { "FLAG4",  0x0800, 0x0800 },
 157         { "FLAG5",  0x0400, 0x0400 },
 158         { "USER",   0x0000, 0x0300 },
 159         { "ZONE",   0x0100, 0x0300 },
 160         { "HOST",   0x0200, 0x0300 },
 161         { "NTYP3",  0x0300, 0x0300 },
 162         { "FLAG8",  0x0080, 0x0080 },
 163         { "FLAG9",  0x0040, 0x0040 },
 164         { "FLAG10", 0x0020, 0x0020 },
 165         { "FLAG11", 0x0010, 0x0010 },
 166         { "SIG0",   0x0000, 0x000F },
 167         { "SIG1",   0x0001, 0x000F },
 168         { "SIG2",   0x0002, 0x000F },
 169         { "SIG3",   0x0003, 0x000F },
 170         { "SIG4",   0x0004, 0x000F },
 171         { "SIG5",   0x0005, 0x000F },
 172         { "SIG6",   0x0006, 0x000F },
 173         { "SIG7",   0x0007, 0x000F },
 174         { "SIG8",   0x0008, 0x000F },
 175         { "SIG9",   0x0009, 0x000F },
 176         { "SIG10",  0x000A, 0x000F },
 177         { "SIG11",  0x000B, 0x000F },
 178         { "SIG12",  0x000C, 0x000F },
 179         { "SIG13",  0x000D, 0x000F },
 180         { "SIG14",  0x000E, 0x000F },
 181         { "SIG15",  0x000F, 0x000F },
 182         { "KSK",  DNS_KEYFLAG_KSK, DNS_KEYFLAG_KSK },
 183         { NULL,     0, 0 }
 184 };
 185
 186 static isc_result_t
 187 str_totext(const char *source, isc_buffer_t *target) {
 188         unsigned int l;
 189         isc_region_t region;
 190
 191         isc_buffer_availableregion(target, &region);
 192         l = strlen(source);
 193
 194         if (l > region.length)
 195                 return (ISC_R_NOSPACE);
 196
 197         memcpy(region.base, source, l);
 198         isc_buffer_add(target, l);
 199         return (ISC_R_SUCCESS);
 200 }
 201
 202 static isc_result_t
 203 maybe_numeric(unsigned int *valuep, isc_textregion_t *source,
 204               unsigned int max, isc_boolean_t hex_allowed)
 205 {
 206         isc_result_t result;
 207         isc_uint32_t n;
 208         char buffer[NUMBERSIZE];
 209
 210         if (! isdigit(source->base[0] & 0xff) ||
 211             source->length > NUMBERSIZE - 1)
 212                 return (ISC_R_BADNUMBER);
 213
 214         /*
 215          * We have a potential number.  Try to parse it with
 216          * isc_parse_uint32().  isc_parse_uint32() requires
 217          * null termination, so we must make a copy.
 218          */
 219         strncpy(buffer, source->base, NUMBERSIZE);
 220         INSIST(buffer[source->length] == '\0');
 221
 222         result = isc_parse_uint32(&n, buffer, 10);
 223         if (result == ISC_R_BADNUMBER && hex_allowed)
 224                 result = isc_parse_uint32(&n, buffer, 16);
 225         if (result != ISC_R_SUCCESS)
 226                 return (result);
 227         if (n > max)
 228                 return (ISC_R_RANGE);
 229         *valuep = n;
 230         return (ISC_R_SUCCESS);
 231 }
 232
 233 static isc_result_t
 234 dns_mnemonic_fromtext(unsigned int *valuep, isc_textregion_t *source,
 235                       struct tbl *table, unsigned int max)
 236 {
 237         isc_result_t result;
 238         int i;
 239
 240         result = maybe_numeric(valuep, source, max, ISC_FALSE);
 241         if (result != ISC_R_BADNUMBER)
 242                 return (result);
 243
 244         for (i = 0; table[i].name != NULL; i++) {
 245                 unsigned int n;
 246                 n = strlen(table[i].name);
 247                 if (n == source->length &&
 248                     strncasecmp(source->base, table[i].name, n) == 0) {
 249                         *valuep = table[i].value;
 250                         return (ISC_R_SUCCESS);
 251                 }
 252         }
 253         return (DNS_R_UNKNOWN);
 254 }
 255
 256 static isc_result_t
 257 dns_mnemonic_totext(unsigned int value, isc_buffer_t *target,
 258                     struct tbl *table)
 259 {
 260         int i = 0;
 261         char buf[sizeof("4294967296")];
 262         while (table[i].name != NULL) {
 263                 if (table[i].value == value) {
 264                         return (str_totext(table[i].name, target));
 265                 }
 266                 i++;
 267         }
 268         snprintf(buf, sizeof(buf), "%u", value);
 269         return (str_totext(buf, target));
 270 }
 271
 272 isc_result_t
 273 dns_rcode_fromtext(dns_rcode_t *rcodep, isc_textregion_t *source) {
 274         unsigned int value;
 275         RETERR(dns_mnemonic_fromtext(&value, source, rcodes, 0xffff));
 276         *rcodep = value;
 277         return (ISC_R_SUCCESS);
 278 }
 279
 280 isc_result_t
 281 dns_rcode_totext(dns_rcode_t rcode, isc_buffer_t *target) {
 282         return (dns_mnemonic_totext(rcode, target, rcodes));
 283 }
 284
 285 isc_result_t
 286 dns_tsigrcode_fromtext(dns_rcode_t *rcodep, isc_textregion_t *source) {
 287         unsigned int value;
 288         RETERR(dns_mnemonic_fromtext(&value, source, tsigrcodes, 0xffff));
 289         *rcodep = value;
 290         return (ISC_R_SUCCESS);
 291 }
 292
 293 isc_result_t
 294 dns_tsigrcode_totext(dns_rcode_t rcode, isc_buffer_t *target) {
 295         return (dns_mnemonic_totext(rcode, target, tsigrcodes));
 296 }
 297
 298 isc_result_t
 299 dns_cert_fromtext(dns_cert_t *certp, isc_textregion_t *source) {
 300         unsigned int value;
 301         RETERR(dns_mnemonic_fromtext(&value, source, certs, 0xffff));
 302         *certp = value;
 303         return (ISC_R_SUCCESS);
 304 }
 305
 306 isc_result_t
 307 dns_cert_totext(dns_cert_t cert, isc_buffer_t *target) {
 308         return (dns_mnemonic_totext(cert, target, certs));
 309 }
 310
 311 isc_result_t
 312 dns_secalg_fromtext(dns_secalg_t *secalgp, isc_textregion_t *source) {
 313         unsigned int value;
 314         RETERR(dns_mnemonic_fromtext(&value, source, secalgs, 0xff));
 315         *secalgp = value;
 316         return (ISC_R_SUCCESS);
 317 }
 318
 319 isc_result_t
 320 dns_secalg_totext(dns_secalg_t secalg, isc_buffer_t *target) {
 321         return (dns_mnemonic_totext(secalg, target, secalgs));
 322 }
 323
 324 void
 325 dns_secalg_format(dns_secalg_t alg, char *cp, unsigned int size) {
 326         isc_buffer_t b;
 327         isc_region_t r;
 328         isc_result_t result;
 329
 330         REQUIRE(cp != NULL && size > 0);
 331         isc_buffer_init(&b, cp, size - 1);
 332         result = dns_secalg_totext(alg, &b);
 333         isc_buffer_usedregion(&b, &r);
 334         r.base[r.length] = 0;
 335         if (result != ISC_R_SUCCESS)
 336                 r.base[0] = 0;
 337 }
 338
 339 isc_result_t
 340 dns_secproto_fromtext(dns_secproto_t *secprotop, isc_textregion_t *source) {
 341         unsigned int value;
 342         RETERR(dns_mnemonic_fromtext(&value, source, secprotos, 0xff));
 343         *secprotop = value;
 344         return (ISC_R_SUCCESS);
 345 }
 346
 347 isc_result_t
 348 dns_secproto_totext(dns_secproto_t secproto, isc_buffer_t *target) {
 349         return (dns_mnemonic_totext(secproto, target, secprotos));
 350 }
 351
 352 isc_result_t
 353 dns_hashalg_fromtext(unsigned char *hashalg, isc_textregion_t *source) {
 354         unsigned int value;
 355         RETERR(dns_mnemonic_fromtext(&value, source, hashalgs, 0xff));
 356         *hashalg = value;
 357         return (ISC_R_SUCCESS);
 358 }
 359
 360 isc_result_t
 361 dns_keyflags_fromtext(dns_keyflags_t *flagsp, isc_textregion_t *source)
 362 {
 363         isc_result_t result;
 364         char *text, *end;
 365         unsigned int value, mask;
 366
 367         result = maybe_numeric(&value, source, 0xffff, ISC_TRUE);
 368         if (result == ISC_R_SUCCESS) {
 369                 *flagsp = value;
 370                 return (ISC_R_SUCCESS);
 371         }
 372         if (result != ISC_R_BADNUMBER)
 373                 return (result);
 374
 375         text = source->base;
 376         end = source->base + source->length;
 377         value = mask = 0;
 378
 379         while (text < end) {
 380                 struct keyflag *p;
 381                 unsigned int len;
 382                 char *delim = memchr(text, '|', end - text);
 383                 if (delim != NULL)
 384                         len = delim - text;
 385                 else
 386                         len = end - text;
 387                 for (p = keyflags; p->name != NULL; p++) {
 388                         if (strncasecmp(p->name, text, len) == 0)
 389                                 break;
 390                 }
 391                 if (p->name == NULL)
 392                         return (DNS_R_UNKNOWNFLAG);
 393                 value |= p->value;
 394 #ifdef notyet
 395                 if ((mask & p->mask) != 0)
 396                         warn("overlapping key flags");
 397 #endif
 398                 mask |= p->mask;
 399                 text += len;
 400                 if (delim != NULL)
 401                         text++; /* Skip "|" */
 402         }
 403         *flagsp = value;
 404         return (ISC_R_SUCCESS);
 405 }
 406
 407 /*
 408  * This uses lots of hard coded values, but how often do we actually
 409  * add classes?
 410  */
 411 isc_result_t
 412 dns_rdataclass_fromtext(dns_rdataclass_t *classp, isc_textregion_t *source) {
 413 #define COMPARE(string, rdclass) \
 414         if (((sizeof(string) - 1) == source->length) \
 415             && (strncasecmp(source->base, string, source->length) == 0)) { \
 416                 *classp = rdclass; \
 417                 return (ISC_R_SUCCESS); \
 418         }
 419
 420         switch (tolower((unsigned char)source->base[0])) {
 421         case 'a':
 422                 COMPARE("any", dns_rdataclass_any);
 423                 break;
 424         case 'c':
 425                 /*
 426                  * RFC1035 says the mnemonic for the CHAOS class is CH,
 427                  * but historical BIND practice is to call it CHAOS.
 428                  * We will accept both forms, but only generate CH.
 429                  */
 430                 COMPARE("ch", dns_rdataclass_chaos);
 431                 COMPARE("chaos", dns_rdataclass_chaos);
 432
 433                 if (source->length > 5 &&
 434                     source->length < (5 + sizeof("65000")) &&
 435                     strncasecmp("class", source->base, 5) == 0) {
 436                         char buf[sizeof("65000")];
 437                         char *endp;
 438                         unsigned int val;
 439
 440                         strncpy(buf, source->base + 5, source->length - 5);
 441                         buf[source->length - 5] = '\0';
 442                         val = strtoul(buf, &endp, 10);
 443                         if (*endp == '\0' && val <= 0xffff) {
 444                                 *classp = (dns_rdataclass_t)val;
 445                                 return (ISC_R_SUCCESS);
 446                         }
 447                 }
 448                 break;
 449         case 'h':
 450                 COMPARE("hs", dns_rdataclass_hs);
 451                 COMPARE("hesiod", dns_rdataclass_hs);
 452                 break;
 453         case 'i':
 454                 COMPARE("in", dns_rdataclass_in);
 455                 break;
 456         case 'n':
 457                 COMPARE("none", dns_rdataclass_none);
 458                 break;
 459         case 'r':
 460                 COMPARE("reserved0", dns_rdataclass_reserved0);
 461                 break;
 462         }
 463
 464 #undef COMPARE
 465
 466         return (DNS_R_UNKNOWN);
 467 }
 468
 469 isc_result_t
 470 dns_rdataclass_totext(dns_rdataclass_t rdclass, isc_buffer_t *target) {
 471         char buf[sizeof("CLASS65535")];
 472
 473         switch (rdclass) {
 474         case dns_rdataclass_any:
 475                 return (str_totext("ANY", target));
 476         case dns_rdataclass_chaos:
 477                 return (str_totext("CH", target));
 478         case dns_rdataclass_hs:
 479                 return (str_totext("HS", target));
 480         case dns_rdataclass_in:
 481                 return (str_totext("IN", target));
 482         case dns_rdataclass_none:
 483                 return (str_totext("NONE", target));
 484         case dns_rdataclass_reserved0:
 485                 return (str_totext("RESERVED0", target));
 486         default:
 487                 snprintf(buf, sizeof(buf), "CLASS%u", rdclass);
 488                 return (str_totext(buf, target));
 489         }
 490 }
 491
 492 void
 493 dns_rdataclass_format(dns_rdataclass_t rdclass,
 494                       char *array, unsigned int size)
 495 {
 496         isc_result_t result;
 497         isc_buffer_t buf;
 498
 499         if (size == 0U)
 500                 return;
 501
 502         isc_buffer_init(&buf, array, size);
 503         result = dns_rdataclass_totext(rdclass, &buf);
 504         /*
 505          * Null terminate.
 506          */
 507         if (result == ISC_R_SUCCESS) {
 508                 if (isc_buffer_availablelength(&buf) >= 1)
 509                         isc_buffer_putuint8(&buf, 0);
 510                 else
 511                         result = ISC_R_NOSPACE;
 512         }
 513         if (result != ISC_R_SUCCESS)
 514                 strlcpy(array, "<unknown>", size);
 515 }