ref: b5690a5ae71a92459cd6a32d0ae0e377f1bdd914
parent: 5fd4fa912ef622333b38268786ff4609c81f2ec9
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Sun Feb 14 09:25:41 EST 2021
ndb/dns: implement RFC6844 certificate authority authorization record type
--- a/sys/src/cmd/ndb/convDNS2M.c
+++ b/sys/src/cmd/ndb/convDNS2M.c
@@ -299,6 +299,11 @@
UCHAR(rp->cert->alg);
BYTES(rp->cert->data, rp->cert->dlen);
break;
+ case Tcaa:
+ UCHAR(rp->caa->flags);
+ SYMBOL(rp->caa->tag->name);
+ BYTES(rp->caa->data, rp->caa->dlen);
+ break;
}
/* stuff in the rdata section length */
--- a/sys/src/cmd/ndb/convM2DNS.c
+++ b/sys/src/cmd/ndb/convM2DNS.c
@@ -472,6 +472,11 @@
UCHAR(rp->cert->alg);
BYTES(rp->cert->data, rp->cert->dlen);
break;
+ case Tcaa:
+ UCHAR(rp->caa->flags);
+ SYMBOL(rp->caa->tag);
+ BYTES(rp->caa->data, rp->caa->dlen);
+ break;
}
if(sp->p - data != len) {char ptype[64];
--- a/sys/src/cmd/ndb/dblookup.c
+++ b/sys/src/cmd/ndb/dblookup.c
@@ -40,7 +40,7 @@
static RR* srvrr(Ndbtuple*, Ndbtuple*);
static RR* txtrr(Ndbtuple*, Ndbtuple*);
-static int implemented[Tall] =
+static int implemented[] =
{[Ta] 1,
[Taaaa] 1,
@@ -118,7 +118,7 @@
rp = nil;
if(type == Tall){- for (type = Ta; type < Tall; type++)
+ for (type = 0; type < nelem(implemented); type++)
if(implemented[type])
rrcat(&rp, dblookup(name, class, type, auth, ttl));
--- a/sys/src/cmd/ndb/dn.c
+++ b/sys/src/cmd/ndb/dn.c
@@ -35,7 +35,7 @@
} dnvars;
/* names of RR types */
-char *rrtname[] =
+static char *rrtname[] =
{[Ta] "ip",
[Tns] "ns",
@@ -97,7 +97,7 @@
[Tmailb] "mailb",
[Tmaila] "maila",
[Tall] "all",
- 0,
+[Tcaa] "caa",
};
/* names of response codes */
@@ -462,6 +462,9 @@
case Tsig:
MARK(rp->sig->signer);
break;
+ case Tcaa:
+ MARK(rp->caa->tag);
+ break;
}
}
@@ -872,6 +875,7 @@
SOA *soa;
Srv *srv;
Key *key;
+ Caa *caa;
Cert *cert;
Sig *sig;
Null *null;
@@ -902,6 +906,14 @@
key->data = emalloc(key->dlen);
memmove(key->data, rp->key->data, rp->key->dlen);
break;
+ case Tcaa:
+ caa = nrp->caa;
+ *nrp = *rp;
+ nrp->caa = caa;
+ *caa = *rp->caa;
+ caa->data = emalloc(caa->dlen);
+ memmove(caa->data, rp->caa->data, rp->caa->dlen);
+ break;
case Tcert:
cert = nrp->cert;
*nrp = *rp;
@@ -1043,7 +1055,7 @@
{int i;
- for(i = 0; i <= Tall; i++)
+ for(i = 0; i < nelem(rrtname); i++)
if(rrtname[i] && strcmp(rrtname[i], atype) == 0)
return i;
@@ -1062,7 +1074,7 @@
int
rrsupported(int type)
{- if(type < 0 || type >Tall)
+ if(type < 0 || type >= nelem(rrtname))
return 0;
return rrtname[type] != nil;
}
@@ -1299,6 +1311,14 @@
fmtprint(&fstr, "\t%d %d %d",
rp->cert->type, rp->cert->tag, rp->cert->alg);
break;
+ case Tcaa:
+ if (rp->caa == nil)
+ fmtprint(&fstr, "\t<null> <null> <null>");
+ else
+ fmtprint(&fstr, "\t%d %s %.*s",
+ rp->caa->flags, dnname(rp->caa->tag),
+ rp->caa->dlen, (char*)rp->caa->data);
+ break;
}
out:
strp = fmtstrflush(&fstr);
@@ -1441,6 +1461,14 @@
fmtprint(&fstr, " type=%d tag=%d alg=%d",
rp->cert->type, rp->cert->tag, rp->cert->alg);
break;
+ case Tcaa:
+ if (rp->caa == nil)
+ fmtprint(&fstr, " flags=<null> tag=<null> value=<null>");
+ else
+ fmtprint(&fstr, " flags=%d tag=%s value=%.*s",
+ rp->caa->flags, dnname(rp->caa->tag),
+ rp->caa->dlen, (char*)rp->caa->data);
+ break;
}
out:
strp = fmtstrflush(&fstr);
@@ -1596,6 +1624,8 @@
return blockequiv(r1->null, r2->null);
case Ttxt:
return txtequiv(r1->txt, r2->txt);
+ case Tcaa:
+ return r1->caa->flags == r2->caa->flags && r1->caa->tag == r2->caa->tag && blockequiv(r1->caa, r2->caa);
}
return 1;
}
@@ -1894,7 +1924,7 @@
char *t;
t = nil;
- if(type >= 0 && type <= Tall)
+ if(type >= 0 && type < nelem(rrtname))
t = rrtname[type];
if(t==nil){snprint(buf, len, "%d", type);
@@ -1959,6 +1989,10 @@
rp->key = emalloc(sizeof(*rp->key));
setmalloctag(rp->key, rp->pc);
break;
+ case Tcaa:
+ rp->caa = emalloc(sizeof(*rp->caa));
+ setmalloctag(rp->caa, rp->pc);
+ break;
case Tcert:
rp->cert = emalloc(sizeof(*rp->cert));
setmalloctag(rp->cert, rp->pc);
@@ -2018,6 +2052,10 @@
free(rp->null->data);
memset(rp->null, 0, sizeof *rp->null); /* cause trouble */
free(rp->null);
+ break;
+ case Tcaa:
+ free(rp->caa->data);
+ memset(rp->caa, 0, sizeof *rp->caa); /* cause trouble */
break;
case Ttxt:
while(t = rp->txt){--- a/sys/src/cmd/ndb/dns.h
+++ b/sys/src/cmd/ndb/dns.h
@@ -71,6 +71,7 @@
Tmailb= 253, /* { Tmb, Tmg, Tmr } */Tmaila= 254, /* obsolete */
Tall= 255, /* all records */
+ Tcaa= 257, /* certification authority authorization */
/* classes */
Csym= 0, /* internal symbols */
@@ -171,6 +172,7 @@
typedef struct Sig Sig;
typedef struct Srv Srv;
typedef struct Txt Txt;
+typedef struct Caa Caa;
/*
* a structure to track a request and any slave process handling it
@@ -216,6 +218,12 @@
int alg;
Block;
};
+struct Caa
+{+ int flags;
+ DN *tag;
+ Block;
+};
struct Cert
{int type;
@@ -288,6 +296,7 @@
SOA *soa; /* soa timers - soa */
Srv *srv;
Key *key;
+ Caa *caa;
Cert *cert;
Sig *sig;
Null *null;
@@ -432,7 +441,6 @@
/* dn.c */
-extern char *rrtname[];
extern char *rname[];
extern unsigned nrname;
extern char *opname[];
--- a/sys/src/cmd/ndb/dnsdebug.c
+++ b/sys/src/cmd/ndb/dnsdebug.c
@@ -243,6 +243,11 @@
seprint(p, e, "\t%d %d %d",
rp->sig->type, rp->sig->tag, rp->sig->alg);
break;
+ case Tcaa:
+ seprint(p, e, "\t%d %s %.*s",
+ rp->caa->flags, rp->caa->tag->name,
+ rp->caa->dlen, (char*)rp->caa->data);
+ break;
}
out:
return fmtstrcpy(f, buf);