shithub: plan9front

Download patch

ref: b5690a5ae71a92459cd6a32d0ae0e377f1bdd914
parent: 5fd4fa912ef622333b38268786ff4609c81f2ec9
author: cinap_lenrek <cinap_lenrek@felloff.net>
date: Sun Feb 14 08:25:41 EST 2021

ndb/dns: implement RFC6844 certificate authority authorization record type

--- a/sys/src/cmd/ndb/convDNS2M.c
+++ b/sys/src/cmd/ndb/convDNS2M.c
@@ -299,6 +299,11 @@
 		UCHAR(rp->cert->alg);
 		BYTES(rp->cert->data, rp->cert->dlen);
 		break;
+	case Tcaa:
+		UCHAR(rp->caa->flags);
+		SYMBOL(rp->caa->tag->name);
+		BYTES(rp->caa->data, rp->caa->dlen);
+		break;
 	}
 
 	/* stuff in the rdata section length */
--- a/sys/src/cmd/ndb/convM2DNS.c
+++ b/sys/src/cmd/ndb/convM2DNS.c
@@ -472,6 +472,11 @@
 		UCHAR(rp->cert->alg);
 		BYTES(rp->cert->data, rp->cert->dlen);
 		break;
+	case Tcaa:
+		UCHAR(rp->caa->flags);
+		SYMBOL(rp->caa->tag);
+		BYTES(rp->caa->data, rp->caa->dlen);
+		break;
 	}
 	if(sp->p - data != len) {
 		char ptype[64];
--- a/sys/src/cmd/ndb/dblookup.c
+++ b/sys/src/cmd/ndb/dblookup.c
@@ -40,7 +40,7 @@
 static RR*	srvrr(Ndbtuple*, Ndbtuple*);
 static RR*	txtrr(Ndbtuple*, Ndbtuple*);
 
-static int	implemented[Tall] =
+static int	implemented[] =
 {
 	[Ta]		1,
 	[Taaaa]		1,
@@ -118,7 +118,7 @@
 	rp = nil;
 
 	if(type == Tall){
-		for (type = Ta; type < Tall; type++)
+		for (type = 0; type < nelem(implemented); type++)
 			if(implemented[type])
 				rrcat(&rp, dblookup(name, class, type, auth, ttl));
 
--- a/sys/src/cmd/ndb/dn.c
+++ b/sys/src/cmd/ndb/dn.c
@@ -35,7 +35,7 @@
 } dnvars;
 
 /* names of RR types */
-char *rrtname[] =
+static char *rrtname[] =
 {
 [Ta]		"ip",
 [Tns]		"ns",
@@ -97,7 +97,7 @@
 [Tmailb]	"mailb",
 [Tmaila]	"maila",
 [Tall]		"all",
-		0,
+[Tcaa]		"caa",
 };
 
 /* names of response codes */
@@ -462,6 +462,9 @@
 		case Tsig:
 			MARK(rp->sig->signer);
 			break;
+		case Tcaa:
+			MARK(rp->caa->tag);
+			break;
 		}
 	}
 
@@ -872,6 +875,7 @@
 	SOA *soa;
 	Srv *srv;
 	Key *key;
+	Caa *caa;
 	Cert *cert;
 	Sig *sig;
 	Null *null;
@@ -902,6 +906,14 @@
 		key->data = emalloc(key->dlen);
 		memmove(key->data, rp->key->data, rp->key->dlen);
 		break;
+	case Tcaa:
+		caa = nrp->caa;
+		*nrp = *rp;
+		nrp->caa = caa;
+		*caa = *rp->caa;
+		caa->data = emalloc(caa->dlen);
+		memmove(caa->data, rp->caa->data, rp->caa->dlen);
+		break;
 	case Tcert:
 		cert = nrp->cert;
 		*nrp = *rp;
@@ -1043,7 +1055,7 @@
 {
 	int i;
 
-	for(i = 0; i <= Tall; i++)
+	for(i = 0; i < nelem(rrtname); i++)
 		if(rrtname[i] && strcmp(rrtname[i], atype) == 0)
 			return i;
 
@@ -1062,7 +1074,7 @@
 int
 rrsupported(int type)
 {
-	if(type < 0 || type >Tall)
+	if(type < 0 || type >= nelem(rrtname))
 		return 0;
 	return rrtname[type] != nil;
 }
@@ -1299,6 +1311,14 @@
 			fmtprint(&fstr, "\t%d %d %d",
 				rp->cert->type, rp->cert->tag, rp->cert->alg);
 		break;
+	case Tcaa:
+		if (rp->caa == nil)
+			fmtprint(&fstr, "\t<null> <null> <null>");
+		else
+			fmtprint(&fstr, "\t%d %s %.*s",
+				rp->caa->flags, dnname(rp->caa->tag),
+				rp->caa->dlen, (char*)rp->caa->data);
+		break;
 	}
 out:
 	strp = fmtstrflush(&fstr);
@@ -1441,6 +1461,14 @@
 			fmtprint(&fstr, " type=%d tag=%d alg=%d",
 				rp->cert->type, rp->cert->tag, rp->cert->alg);
 		break;
+	case Tcaa:
+		if (rp->caa == nil)
+			fmtprint(&fstr, " flags=<null> tag=<null> value=<null>");
+		else
+			fmtprint(&fstr, " flags=%d tag=%s value=%.*s",
+				rp->caa->flags, dnname(rp->caa->tag),
+				rp->caa->dlen, (char*)rp->caa->data);
+		break;
 	}
 out:
 	strp = fmtstrflush(&fstr);
@@ -1596,6 +1624,8 @@
 		return blockequiv(r1->null, r2->null);
 	case Ttxt:
 		return txtequiv(r1->txt, r2->txt);
+	case Tcaa:
+		return r1->caa->flags == r2->caa->flags && r1->caa->tag == r2->caa->tag && blockequiv(r1->caa, r2->caa);
 	}
 	return 1;
 }
@@ -1894,7 +1924,7 @@
 	char *t;
 
 	t = nil;
-	if(type >= 0 && type <= Tall)
+	if(type >= 0 && type < nelem(rrtname))
 		t = rrtname[type];
 	if(t==nil){
 		snprint(buf, len, "%d", type);
@@ -1959,6 +1989,10 @@
 		rp->key = emalloc(sizeof(*rp->key));
 		setmalloctag(rp->key, rp->pc);
 		break;
+	case Tcaa:
+		rp->caa = emalloc(sizeof(*rp->caa));
+		setmalloctag(rp->caa, rp->pc);
+		break;
 	case Tcert:
 		rp->cert = emalloc(sizeof(*rp->cert));
 		setmalloctag(rp->cert, rp->pc);
@@ -2018,6 +2052,10 @@
 		free(rp->null->data);
 		memset(rp->null, 0, sizeof *rp->null);	/* cause trouble */
 		free(rp->null);
+		break;
+	case Tcaa:
+		free(rp->caa->data);
+		memset(rp->caa, 0, sizeof *rp->caa);	/* cause trouble */
 		break;
 	case Ttxt:
 		while(t = rp->txt){
--- a/sys/src/cmd/ndb/dns.h
+++ b/sys/src/cmd/ndb/dns.h
@@ -71,6 +71,7 @@
 	Tmailb=	253,	/* { Tmb, Tmg, Tmr } */
 	Tmaila= 254,	/* obsolete */
 	Tall=	255,	/* all records */
+	Tcaa=	257,	/* certification authority authorization */
 
 	/* classes */
 	Csym=	0,	/* internal symbols */
@@ -171,6 +172,7 @@
 typedef struct Sig	Sig;
 typedef struct Srv	Srv;
 typedef struct Txt	Txt;
+typedef struct Caa	Caa;
 
 /*
  *  a structure to track a request and any slave process handling it
@@ -216,6 +218,12 @@
 	int	alg;
 	Block;
 };
+struct Caa
+{
+	int	flags;
+	DN	*tag;
+	Block;
+};
 struct Cert
 {
 	int	type;
@@ -288,6 +296,7 @@
 		SOA	*soa;	/* soa timers - soa */
 		Srv	*srv;
 		Key	*key;
+		Caa	*caa;
 		Cert	*cert;
 		Sig	*sig;
 		Null	*null;
@@ -432,7 +441,6 @@
 
 
 /* dn.c */
-extern char	*rrtname[];
 extern char	*rname[];
 extern unsigned	nrname;
 extern char	*opname[];
--- a/sys/src/cmd/ndb/dnsdebug.c
+++ b/sys/src/cmd/ndb/dnsdebug.c
@@ -243,6 +243,11 @@
 		seprint(p, e, "\t%d %d %d",
 			rp->sig->type, rp->sig->tag, rp->sig->alg);
 		break;
+	case Tcaa:
+		seprint(p, e, "\t%d %s %.*s",
+			rp->caa->flags, rp->caa->tag->name,
+			rp->caa->dlen, (char*)rp->caa->data);
+		break;
 	}
 out:
 	return fmtstrcpy(f, buf);