]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/nss-resolve/nss-resolve.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #31524 from poettering/secure-getenv-naming-fix
[thirdparty/systemd.git] / src / nss-resolve / nss-resolve.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <errno.h>
4 #include <netdb.h>
5 #include <nss.h>
6 #include <pthread.h>
7 #include <stdlib.h>
8 #include <sys/types.h>
9 #include <unistd.h>
10
11 #include "env-util.h"
12 #include "errno-util.h"
13 #include "glyph-util.h"
14 #include "in-addr-util.h"
15 #include "macro.h"
16 #include "nss-util.h"
17 #include "resolved-def.h"
18 #include "signal-util.h"
19 #include "string-util.h"
20 #include "strv.h"
21 #include "varlink.h"
22
23 static JsonDispatchFlags json_dispatch_flags = JSON_ALLOW_EXTENSIONS;
24
25 static void setup_logging(void) {
26 log_parse_environment_variables();
27
28 if (DEBUG_LOGGING)
29 json_dispatch_flags = JSON_LOG;
30 }
31
32 static void setup_logging_once(void) {
33 static pthread_once_t once = PTHREAD_ONCE_INIT;
34 assert_se(pthread_once(&once, setup_logging) == 0);
35 }
36
37 #define NSS_ENTRYPOINT_BEGIN \
38 BLOCK_SIGNALS(NSS_SIGNALS_BLOCK); \
39 setup_logging_once()
40
41 NSS_GETHOSTBYNAME_PROTOTYPES(resolve);
42 NSS_GETHOSTBYADDR_PROTOTYPES(resolve);
43
44 static bool error_shall_fallback(const char *error_id) {
45 /* The Varlink errors where we shall signal "please fallback" back to the NSS stack, so that some
46 * fallback module can be loaded. (These are mostly all Varlink-internal errors, as apparently we
47 * then were unable to even do IPC with systemd-resolved.) */
48 return STR_IN_SET(error_id,
49 VARLINK_ERROR_DISCONNECTED,
50 VARLINK_ERROR_TIMEOUT,
51 VARLINK_ERROR_PROTOCOL,
52 VARLINK_ERROR_INTERFACE_NOT_FOUND,
53 VARLINK_ERROR_METHOD_NOT_FOUND,
54 VARLINK_ERROR_METHOD_NOT_IMPLEMENTED);
55 }
56
57 static bool error_shall_try_again(const char *error_id) {
58 /* The Varlink errors where we shall signal "can't answer now but might be able to later" back to the
59 * NSS stack. These are all errors that indicate lack of configuration or network problems. */
60 return STR_IN_SET(error_id,
61 "io.systemd.Resolve.NoNameServers",
62 "io.systemd.Resolve.QueryTimedOut",
63 "io.systemd.Resolve.MaxAttemptsReached",
64 "io.systemd.Resolve.NetworkDown");
65 }
66
67 static int connect_to_resolved(Varlink **ret) {
68 _cleanup_(varlink_unrefp) Varlink *link = NULL;
69 int r;
70
71 r = varlink_connect_address(&link, "/run/systemd/resolve/io.systemd.Resolve");
72 if (r < 0)
73 return r;
74
75 r = varlink_set_relative_timeout(link, SD_RESOLVED_QUERY_TIMEOUT_USEC);
76 if (r < 0)
77 return r;
78
79 *ret = TAKE_PTR(link);
80 return 0;
81 }
82
83 static uint32_t ifindex_to_scopeid(int family, const void *a, int ifindex) {
84 struct in6_addr in6;
85
86 if (family != AF_INET6 || ifindex == 0)
87 return 0;
88
89 /* Some apps can't deal with the scope ID attached to non-link-local addresses. Hence, let's suppress that. */
90
91 assert(sizeof(in6) == FAMILY_ADDRESS_SIZE(AF_INET6));
92 memcpy(&in6, a, sizeof(struct in6_addr));
93
94 return in6_addr_is_link_local(&in6) ? ifindex : 0;
95 }
96
97 static int json_dispatch_ifindex(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
98 int *ifi = ASSERT_PTR(userdata);
99 int64_t t;
100
101 assert(variant);
102
103 if (!json_variant_is_integer(variant))
104 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an integer.", strna(name));
105
106 t = json_variant_integer(variant);
107 if (t > INT_MAX)
108 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is out of bounds for an interface index.", strna(name));
109
110 *ifi = (int) t;
111 return 0;
112 }
113
114 static int json_dispatch_family(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
115 int *family = ASSERT_PTR(userdata);
116 int64_t t;
117
118 assert(variant);
119
120 if (!json_variant_is_integer(variant))
121 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an integer.", strna(name));
122
123 t = json_variant_integer(variant);
124 if (t < 0 || t > INT_MAX)
125 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not a valid family.", strna(name));
126
127 *family = (int) t;
128 return 0;
129 }
130
131 typedef struct ResolveHostnameReply {
132 JsonVariant *addresses;
133 char *name;
134 uint64_t flags;
135 } ResolveHostnameReply;
136
137 static void resolve_hostname_reply_destroy(ResolveHostnameReply *p) {
138 assert(p);
139
140 json_variant_unref(p->addresses);
141 free(p->name);
142 }
143
144 static const JsonDispatch resolve_hostname_reply_dispatch_table[] = {
145 { "addresses", JSON_VARIANT_ARRAY, json_dispatch_variant, offsetof(ResolveHostnameReply, addresses), JSON_MANDATORY },
146 { "name", JSON_VARIANT_STRING, json_dispatch_string, offsetof(ResolveHostnameReply, name), 0 },
147 { "flags", _JSON_VARIANT_TYPE_INVALID, json_dispatch_uint64, offsetof(ResolveHostnameReply, flags), 0 },
148 {}
149 };
150
151 typedef struct AddressParameters {
152 int ifindex;
153 int family;
154 union in_addr_union address;
155 size_t address_size;
156 } AddressParameters;
157
158 static int json_dispatch_address(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
159 AddressParameters *p = ASSERT_PTR(userdata);
160 union in_addr_union buf = {};
161 JsonVariant *i;
162 size_t n, k = 0;
163
164 assert(variant);
165
166 if (!json_variant_is_array(variant))
167 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array.", strna(name));
168
169 n = json_variant_elements(variant);
170 if (!IN_SET(n, 4, 16))
171 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is array of unexpected size.", strna(name));
172
173 JSON_VARIANT_ARRAY_FOREACH(i, variant) {
174 int64_t b;
175
176 if (!json_variant_is_integer(i))
177 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Element %zu of JSON field '%s' is not an integer.", k, strna(name));
178
179 b = json_variant_integer(i);
180 if (b < 0 || b > 0xff)
181 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL),
182 "Element %zu of JSON field '%s' is out of range 0%s255.",
183 k, strna(name), special_glyph(SPECIAL_GLYPH_ELLIPSIS));
184
185 buf.bytes[k++] = (uint8_t) b;
186 }
187
188 p->address = buf;
189 p->address_size = k;
190
191 return 0;
192 }
193
194 static const JsonDispatch address_parameters_dispatch_table[] = {
195 { "ifindex", JSON_VARIANT_INTEGER, json_dispatch_ifindex, offsetof(AddressParameters, ifindex), 0 },
196 { "family", JSON_VARIANT_INTEGER, json_dispatch_family, offsetof(AddressParameters, family), JSON_MANDATORY },
197 { "address", JSON_VARIANT_ARRAY, json_dispatch_address, 0, JSON_MANDATORY },
198 {}
199 };
200
201 static uint64_t query_flag(
202 const char *name,
203 const int value,
204 uint64_t flag) {
205
206 int r;
207
208 r = secure_getenv_bool(name);
209 if (r >= 0)
210 return r == value ? flag : 0;
211 if (r != -ENXIO)
212 log_debug_errno(r, "Failed to parse $%s, ignoring.", name);
213 return 0;
214 }
215
216 static uint64_t query_flags(void) {
217 /* Allow callers to turn off validation, synthetization, caching, etc., when we resolve via
218 * nss-resolve. */
219 return query_flag("SYSTEMD_NSS_RESOLVE_VALIDATE", 0, SD_RESOLVED_NO_VALIDATE) |
220 query_flag("SYSTEMD_NSS_RESOLVE_SYNTHESIZE", 0, SD_RESOLVED_NO_SYNTHESIZE) |
221 query_flag("SYSTEMD_NSS_RESOLVE_CACHE", 0, SD_RESOLVED_NO_CACHE) |
222 query_flag("SYSTEMD_NSS_RESOLVE_ZONE", 0, SD_RESOLVED_NO_ZONE) |
223 query_flag("SYSTEMD_NSS_RESOLVE_TRUST_ANCHOR", 0, SD_RESOLVED_NO_TRUST_ANCHOR) |
224 query_flag("SYSTEMD_NSS_RESOLVE_NETWORK", 0, SD_RESOLVED_NO_NETWORK);
225 }
226
227 enum nss_status _nss_resolve_gethostbyname4_r(
228 const char *name,
229 struct gaih_addrtuple **pat,
230 char *buffer, size_t buflen,
231 int *errnop, int *h_errnop,
232 int32_t *ttlp) {
233
234 _cleanup_(varlink_unrefp) Varlink *link = NULL;
235 _cleanup_(json_variant_unrefp) JsonVariant *cparams = NULL;
236 _cleanup_(resolve_hostname_reply_destroy) ResolveHostnameReply p = {};
237 JsonVariant *rparams, *entry;
238 int r;
239
240 PROTECT_ERRNO;
241 NSS_ENTRYPOINT_BEGIN;
242
243 assert(name);
244 assert(pat);
245 assert(buffer);
246 assert(errnop);
247 assert(h_errnop);
248
249 r = connect_to_resolved(&link);
250 if (r < 0)
251 goto fail;
252
253 r = json_build(&cparams, JSON_BUILD_OBJECT(
254 JSON_BUILD_PAIR("name", JSON_BUILD_STRING(name)),
255 JSON_BUILD_PAIR("flags", JSON_BUILD_UNSIGNED(query_flags()))));
256 if (r < 0)
257 goto fail;
258
259 /* Return NSS_STATUS_UNAVAIL when communication with systemd-resolved fails, allowing falling
260 * back to other nss modules. Treat all other error conditions as NOTFOUND. This includes
261 * DNSSEC errors and suchlike. (We don't use UNAVAIL in this case so that the nsswitch.conf
262 * configuration can distinguish such executed but negative replies from complete failure to
263 * talk to resolved). */
264 const char *error_id;
265 r = varlink_call(link, "io.systemd.Resolve.ResolveHostname", cparams, &rparams, &error_id);
266 if (r < 0)
267 goto fail;
268 if (!isempty(error_id)) {
269 if (error_shall_try_again(error_id))
270 goto try_again;
271 if (error_shall_fallback(error_id))
272 goto fail;
273 if (streq(error_id, "io.systemd.Resolve.NoSuchResourceRecord"))
274 goto no_data;
275 goto not_found;
276 }
277
278 r = json_dispatch(rparams, resolve_hostname_reply_dispatch_table, json_dispatch_flags, &p);
279 if (r < 0)
280 goto fail;
281 if (json_variant_is_blank_object(p.addresses))
282 goto not_found;
283
284 size_t n_addresses = 0;
285 JSON_VARIANT_ARRAY_FOREACH(entry, p.addresses) {
286 AddressParameters q = {};
287
288 r = json_dispatch(entry, address_parameters_dispatch_table, json_dispatch_flags, &q);
289 if (r < 0)
290 goto fail;
291
292 if (!IN_SET(q.family, AF_INET, AF_INET6))
293 continue;
294
295 if (q.address_size != FAMILY_ADDRESS_SIZE(q.family)) {
296 r = -EINVAL;
297 goto fail;
298 }
299
300 n_addresses++;
301 }
302
303 const char *canonical = p.name ?: name;
304 size_t l = strlen(canonical);
305 size_t idx, ms = ALIGN(l+1) + ALIGN(sizeof(struct gaih_addrtuple)) * n_addresses;
306
307 if (buflen < ms) {
308 UNPROTECT_ERRNO;
309 *errnop = ERANGE;
310 *h_errnop = NETDB_INTERNAL;
311 return NSS_STATUS_TRYAGAIN;
312 }
313
314 /* First, append name */
315 char *r_name = buffer;
316 memcpy(r_name, canonical, l + 1);
317 idx = ALIGN(l + 1);
318
319 /* Second, append addresses */
320 struct gaih_addrtuple *r_tuple = NULL,
321 *r_tuple_first = (struct gaih_addrtuple*) (buffer + idx);
322
323 JSON_VARIANT_ARRAY_FOREACH(entry, p.addresses) {
324 AddressParameters q = {};
325
326 r = json_dispatch(entry, address_parameters_dispatch_table, json_dispatch_flags, &q);
327 if (r < 0)
328 goto fail;
329
330 if (!IN_SET(q.family, AF_INET, AF_INET6))
331 continue;
332
333 r_tuple = (struct gaih_addrtuple*) (buffer + idx);
334 r_tuple->next = (struct gaih_addrtuple*) ((char*) r_tuple + ALIGN(sizeof(struct gaih_addrtuple)));
335 r_tuple->name = r_name;
336 r_tuple->family = q.family;
337 r_tuple->scopeid = ifindex_to_scopeid(q.family, &q.address, q.ifindex);
338 memcpy(r_tuple->addr, &q.address, q.address_size);
339
340 idx += ALIGN(sizeof(struct gaih_addrtuple));
341 }
342
343 assert(r_tuple); /* We had at least one address, so r_tuple must be set */
344 r_tuple->next = NULL; /* Override last next pointer */
345
346 assert(idx == ms);
347
348 if (*pat)
349 **pat = *r_tuple_first;
350 else
351 *pat = r_tuple_first;
352
353 if (ttlp)
354 *ttlp = 0;
355
356 /* Explicitly reset both *h_errnop and h_errno to work around
357 * https://bugzilla.redhat.com/show_bug.cgi?id=1125975 */
358 *h_errnop = NETDB_SUCCESS;
359 h_errno = 0;
360
361 return NSS_STATUS_SUCCESS;
362
363 fail:
364 UNPROTECT_ERRNO;
365 *errnop = -r;
366 *h_errnop = NO_RECOVERY;
367 return NSS_STATUS_UNAVAIL;
368
369 not_found:
370 *h_errnop = HOST_NOT_FOUND;
371 return NSS_STATUS_NOTFOUND;
372
373 no_data:
374 *h_errnop = NO_DATA;
375 return NSS_STATUS_NOTFOUND;
376
377 try_again:
378 UNPROTECT_ERRNO;
379 *errnop = -r;
380 *h_errnop = TRY_AGAIN;
381 return NSS_STATUS_TRYAGAIN;
382 }
383
384 enum nss_status _nss_resolve_gethostbyname3_r(
385 const char *name,
386 int af,
387 struct hostent *result,
388 char *buffer, size_t buflen,
389 int *errnop, int *h_errnop,
390 int32_t *ttlp,
391 char **canonp) {
392
393 _cleanup_(varlink_unrefp) Varlink *link = NULL;
394 _cleanup_(json_variant_unrefp) JsonVariant *cparams = NULL;
395 _cleanup_(resolve_hostname_reply_destroy) ResolveHostnameReply p = {};
396 JsonVariant *rparams, *entry;
397 int r;
398
399 PROTECT_ERRNO;
400 NSS_ENTRYPOINT_BEGIN;
401
402 assert(name);
403 assert(result);
404 assert(buffer);
405 assert(errnop);
406 assert(h_errnop);
407
408 if (af == AF_UNSPEC)
409 af = AF_INET;
410
411 if (!IN_SET(af, AF_INET, AF_INET6)) {
412 r = -EAFNOSUPPORT;
413 goto fail;
414 }
415
416 r = connect_to_resolved(&link);
417 if (r < 0)
418 goto fail;
419
420 r = json_build(&cparams, JSON_BUILD_OBJECT(JSON_BUILD_PAIR("name", JSON_BUILD_STRING(name)),
421 JSON_BUILD_PAIR("family", JSON_BUILD_INTEGER(af)),
422 JSON_BUILD_PAIR("flags", JSON_BUILD_UNSIGNED(query_flags()))));
423 if (r < 0)
424 goto fail;
425
426 const char *error_id;
427 r = varlink_call(link, "io.systemd.Resolve.ResolveHostname", cparams, &rparams, &error_id);
428 if (r < 0)
429 goto fail;
430 if (!isempty(error_id)) {
431 if (error_shall_try_again(error_id))
432 goto try_again;
433 if (error_shall_fallback(error_id))
434 goto fail;
435 if (streq(error_id, "io.systemd.Resolve.NoSuchResourceRecord"))
436 goto no_data;
437 goto not_found;
438 }
439
440 r = json_dispatch(rparams, resolve_hostname_reply_dispatch_table, json_dispatch_flags, &p);
441 if (r < 0)
442 goto fail;
443 if (json_variant_is_blank_object(p.addresses))
444 goto not_found;
445
446 size_t n_addresses = 0;
447 JSON_VARIANT_ARRAY_FOREACH(entry, p.addresses) {
448 AddressParameters q = {};
449
450 r = json_dispatch(entry, address_parameters_dispatch_table, json_dispatch_flags, &q);
451 if (r < 0)
452 goto fail;
453
454 if (!IN_SET(q.family, AF_INET, AF_INET6))
455 continue;
456
457 if (q.address_size != FAMILY_ADDRESS_SIZE(q.family)) {
458 r = -EINVAL;
459 goto fail;
460 }
461
462 n_addresses++;
463 }
464
465 const char *canonical = p.name ?: name;
466
467 size_t alen = FAMILY_ADDRESS_SIZE(af);
468 size_t l = strlen(canonical);
469
470 size_t idx, ms = ALIGN(l + 1) + n_addresses * ALIGN(alen) + (n_addresses + 2) * sizeof(char*);
471
472 if (buflen < ms) {
473 UNPROTECT_ERRNO;
474 *errnop = ERANGE;
475 *h_errnop = NETDB_INTERNAL;
476 return NSS_STATUS_TRYAGAIN;
477 }
478
479 /* First, append name */
480 char *r_name = buffer;
481 memcpy(r_name, canonical, l+1);
482 idx = ALIGN(l+1);
483
484 /* Second, create empty aliases array */
485 char *r_aliases = buffer + idx;
486 ((char**) r_aliases)[0] = NULL;
487 idx += sizeof(char*);
488
489 /* Third, append addresses */
490 char *r_addr = buffer + idx;
491
492 size_t i = 0;
493 JSON_VARIANT_ARRAY_FOREACH(entry, p.addresses) {
494 AddressParameters q = {};
495
496 r = json_dispatch(entry, address_parameters_dispatch_table, json_dispatch_flags, &q);
497 if (r < 0)
498 goto fail;
499
500 if (q.family != af)
501 continue;
502
503 if (q.address_size != alen) {
504 r = -EINVAL;
505 goto fail;
506 }
507
508 memcpy(r_addr + i*ALIGN(alen), &q.address, alen);
509 i++;
510 }
511
512 assert(i == n_addresses);
513 idx += n_addresses * ALIGN(alen);
514
515 /* Fourth, append address pointer array */
516 char *r_addr_list = buffer + idx;
517 for (i = 0; i < n_addresses; i++)
518 ((char**) r_addr_list)[i] = r_addr + i*ALIGN(alen);
519
520 ((char**) r_addr_list)[i] = NULL;
521 idx += (n_addresses + 1) * sizeof(char*);
522
523 assert(idx == ms);
524
525 result->h_name = r_name;
526 result->h_aliases = (char**) r_aliases;
527 result->h_addrtype = af;
528 result->h_length = alen;
529 result->h_addr_list = (char**) r_addr_list;
530
531 if (ttlp)
532 *ttlp = 0;
533
534 if (canonp)
535 *canonp = r_name;
536
537 /* Explicitly reset both *h_errnop and h_errno to work around
538 * https://bugzilla.redhat.com/show_bug.cgi?id=1125975 */
539 *h_errnop = NETDB_SUCCESS;
540 h_errno = 0;
541
542 return NSS_STATUS_SUCCESS;
543
544 fail:
545 UNPROTECT_ERRNO;
546 *errnop = -r;
547 *h_errnop = NO_RECOVERY;
548 return NSS_STATUS_UNAVAIL;
549
550 not_found:
551 *h_errnop = HOST_NOT_FOUND;
552 return NSS_STATUS_NOTFOUND;
553
554 no_data:
555 *h_errnop = NO_DATA;
556 return NSS_STATUS_NOTFOUND;
557
558 try_again:
559 UNPROTECT_ERRNO;
560 *errnop = -r;
561 *h_errnop = TRY_AGAIN;
562 return NSS_STATUS_TRYAGAIN;
563 }
564
565 typedef struct ResolveAddressReply {
566 JsonVariant *names;
567 uint64_t flags;
568 } ResolveAddressReply;
569
570 static void resolve_address_reply_destroy(ResolveAddressReply *p) {
571 assert(p);
572
573 json_variant_unref(p->names);
574 }
575
576 static const JsonDispatch resolve_address_reply_dispatch_table[] = {
577 { "names", JSON_VARIANT_ARRAY, json_dispatch_variant, offsetof(ResolveAddressReply, names), JSON_MANDATORY },
578 { "flags", _JSON_VARIANT_TYPE_INVALID, json_dispatch_uint64, offsetof(ResolveAddressReply, flags), 0 },
579 {}
580 };
581
582 typedef struct NameParameters {
583 int ifindex;
584 char *name;
585 } NameParameters;
586
587 static void name_parameters_destroy(NameParameters *p) {
588 assert(p);
589
590 free(p->name);
591 }
592
593 static const JsonDispatch name_parameters_dispatch_table[] = {
594 { "ifindex", JSON_VARIANT_INTEGER, json_dispatch_ifindex, offsetof(NameParameters, ifindex), 0 },
595 { "name", JSON_VARIANT_STRING, json_dispatch_string, offsetof(NameParameters, name), JSON_MANDATORY },
596 {}
597 };
598
599 enum nss_status _nss_resolve_gethostbyaddr2_r(
600 const void* addr, socklen_t len,
601 int af,
602 struct hostent *result,
603 char *buffer, size_t buflen,
604 int *errnop, int *h_errnop,
605 int32_t *ttlp) {
606
607 _cleanup_(varlink_unrefp) Varlink *link = NULL;
608 _cleanup_(json_variant_unrefp) JsonVariant *cparams = NULL;
609 _cleanup_(resolve_address_reply_destroy) ResolveAddressReply p = {};
610 JsonVariant *rparams, *entry;
611 int r;
612
613 PROTECT_ERRNO;
614 NSS_ENTRYPOINT_BEGIN;
615
616 assert(addr);
617 assert(result);
618 assert(buffer);
619 assert(errnop);
620 assert(h_errnop);
621
622 if (!IN_SET(af, AF_INET, AF_INET6)) {
623 UNPROTECT_ERRNO;
624 *errnop = EAFNOSUPPORT;
625 *h_errnop = NO_DATA;
626 return NSS_STATUS_UNAVAIL;
627 }
628
629 if (len != FAMILY_ADDRESS_SIZE(af)) {
630 r = -EINVAL;
631 goto fail;
632 }
633
634 r = connect_to_resolved(&link);
635 if (r < 0)
636 goto fail;
637
638 r = json_build(&cparams, JSON_BUILD_OBJECT(JSON_BUILD_PAIR("address", JSON_BUILD_BYTE_ARRAY(addr, len)),
639 JSON_BUILD_PAIR("family", JSON_BUILD_INTEGER(af)),
640 JSON_BUILD_PAIR("flags", JSON_BUILD_UNSIGNED(query_flags()))));
641 if (r < 0)
642 goto fail;
643
644 const char* error_id;
645 r = varlink_call(link, "io.systemd.Resolve.ResolveAddress", cparams, &rparams, &error_id);
646 if (r < 0)
647 goto fail;
648 if (!isempty(error_id)) {
649 if (error_shall_try_again(error_id))
650 goto try_again;
651 if (error_shall_fallback(error_id))
652 goto fail;
653 goto not_found;
654 }
655
656 r = json_dispatch(rparams, resolve_address_reply_dispatch_table, json_dispatch_flags, &p);
657 if (r < 0)
658 goto fail;
659 if (json_variant_is_blank_object(p.names))
660 goto not_found;
661
662 size_t ms = 0, idx;
663
664 JSON_VARIANT_ARRAY_FOREACH(entry, p.names) {
665 _cleanup_(name_parameters_destroy) NameParameters q = {};
666
667 r = json_dispatch(entry, name_parameters_dispatch_table, json_dispatch_flags, &q);
668 if (r < 0)
669 goto fail;
670
671 ms += ALIGN(strlen(q.name) + 1);
672 }
673
674 size_t n_names = json_variant_elements(p.names);
675 ms += ALIGN(len) + /* the address */
676 2 * sizeof(char*) + /* pointer to the address, plus trailing NULL */
677 n_names * sizeof(char*); /* pointers to aliases, plus trailing NULL */
678
679 if (buflen < ms) {
680 UNPROTECT_ERRNO;
681 *errnop = ERANGE;
682 *h_errnop = NETDB_INTERNAL;
683 return NSS_STATUS_TRYAGAIN;
684 }
685
686 /* First, place address */
687 char *r_addr = buffer;
688 memcpy(r_addr, addr, len);
689 idx = ALIGN(len);
690
691 /* Second, place address list */
692 char *r_addr_list = buffer + idx;
693 ((char**) r_addr_list)[0] = r_addr;
694 ((char**) r_addr_list)[1] = NULL;
695 idx += sizeof(char*) * 2;
696
697 /* Third, reserve space for the aliases array, plus trailing NULL */
698 char *r_aliases = buffer + idx;
699 idx += sizeof(char*) * n_names;
700
701 /* Fourth, place aliases */
702 char *r_name = buffer + idx;
703
704 size_t i = 0;
705 JSON_VARIANT_ARRAY_FOREACH(entry, p.names) {
706 _cleanup_(name_parameters_destroy) NameParameters q = {};
707
708 r = json_dispatch(entry, name_parameters_dispatch_table, json_dispatch_flags, &q);
709 if (r < 0)
710 goto fail;
711
712 size_t l = strlen(q.name);
713 char *z = buffer + idx;
714 memcpy(z, q.name, l + 1);
715
716 if (i > 0)
717 ((char**) r_aliases)[i - 1] = z;
718 i++;
719
720 idx += ALIGN(l + 1);
721 }
722 ((char**) r_aliases)[n_names - 1] = NULL;
723
724 assert(idx == ms);
725
726 result->h_name = r_name;
727 result->h_aliases = (char**) r_aliases;
728 result->h_addrtype = af;
729 result->h_length = len;
730 result->h_addr_list = (char**) r_addr_list;
731
732 if (ttlp)
733 *ttlp = 0;
734
735 /* Explicitly reset both *h_errnop and h_errno to work around
736 * https://bugzilla.redhat.com/show_bug.cgi?id=1125975 */
737 *h_errnop = NETDB_SUCCESS;
738 h_errno = 0;
739
740 return NSS_STATUS_SUCCESS;
741
742 fail:
743 UNPROTECT_ERRNO;
744 *errnop = -r;
745 *h_errnop = NO_RECOVERY;
746 return NSS_STATUS_UNAVAIL;
747
748 not_found:
749 *h_errnop = HOST_NOT_FOUND;
750 return NSS_STATUS_NOTFOUND;
751
752 try_again:
753 UNPROTECT_ERRNO;
754 *errnop = -r;
755 *h_errnop = TRY_AGAIN;
756 return NSS_STATUS_TRYAGAIN;
757 }
758
759 NSS_GETHOSTBYNAME_FALLBACKS(resolve);
760 NSS_GETHOSTBYADDR_FALLBACKS(resolve);
Unnamed repository; edit this file 'description' to name the repository.