src/resolve/resolved-conf.c

   1 /* SPDX-License-Identifier: LGPL-2.1+ */
   2
   3 #include "alloc-util.h"
   4 #include "conf-parser.h"
   5 #include "def.h"
   6 #include "extract-word.h"
   7 #include "hexdecoct.h"
   8 #include "parse-util.h"
   9 #include "resolved-conf.h"
  10 #include "resolved-dnssd.h"
  11 #include "resolved-util.h"
  12 #include "specifier.h"
  13 #include "string-table.h"
  14 #include "string-util.h"
  15 #include "utf8.h"
  16
  17 DEFINE_CONFIG_PARSE_ENUM(config_parse_dns_stub_listener_mode, dns_stub_listener_mode, DnsStubListenerMode, "Failed to parse DNS stub listener mode setting");
  18
  19 static const char* const dns_stub_listener_mode_table[_DNS_STUB_LISTENER_MODE_MAX] = {
  20         [DNS_STUB_LISTENER_NO] = "no",
  21         [DNS_STUB_LISTENER_UDP] = "udp",
  22         [DNS_STUB_LISTENER_TCP] = "tcp",
  23         [DNS_STUB_LISTENER_YES] = "yes",
  24 };
  25 DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(dns_stub_listener_mode, DnsStubListenerMode, DNS_STUB_LISTENER_YES);
  26
  27 static int manager_add_dns_server_by_string(Manager *m, DnsServerType type, const char *word) {
  28         union in_addr_union address;
  29         int family, r, ifindex = 0;
  30         DnsServer *s;
  31         _cleanup_free_ char *server_name = NULL;
  32
  33         assert(m);
  34         assert(word);
  35
  36         r = in_addr_ifindex_name_from_string_auto(word, &family, &address, &ifindex, &server_name);
  37         if (r < 0)
  38                 return r;
  39
  40         /* Silently filter out 0.0.0.0 and 127.0.0.53 (our own stub DNS listener) */
  41         if (!dns_server_address_valid(family, &address))
  42                 return 0;
  43
  44         /* Filter out duplicates */
  45         s = dns_server_find(manager_get_first_dns_server(m, type), family, &address, ifindex);
  46         if (s) {
  47                 /*
  48                  * Drop the marker. This is used to find the servers
  49                  * that ceased to exist, see
  50                  * manager_mark_dns_servers() and
  51                  * manager_flush_marked_dns_servers().
  52                  */
  53                 dns_server_move_back_and_unmark(s);
  54                 return 0;
  55         }
  56
  57         return dns_server_new(m, NULL, type, NULL, family, &address, ifindex, server_name);
  58 }
  59
  60 int manager_parse_dns_server_string_and_warn(Manager *m, DnsServerType type, const char *string) {
  61         int r;
  62
  63         assert(m);
  64         assert(string);
  65
  66         for (;;) {
  67                 _cleanup_free_ char *word = NULL;
  68
  69                 r = extract_first_word(&string, &word, NULL, 0);
  70                 if (r < 0)
  71                         return r;
  72                 if (r == 0)
  73                         break;
  74
  75                 r = manager_add_dns_server_by_string(m, type, word);
  76                 if (r < 0)
  77                         log_warning_errno(r, "Failed to add DNS server address '%s', ignoring: %m", word);
  78         }
  79
  80         return 0;
  81 }
  82
  83 static int manager_add_search_domain_by_string(Manager *m, const char *domain) {
  84         DnsSearchDomain *d;
  85         bool route_only;
  86         int r;
  87
  88         assert(m);
  89         assert(domain);
  90
  91         route_only = *domain == '~';
  92         if (route_only)
  93                 domain++;
  94
  95         if (dns_name_is_root(domain) || streq(domain, "*")) {
  96                 route_only = true;
  97                 domain = ".";
  98         }
  99
 100         r = dns_search_domain_find(m->search_domains, domain, &d);
 101         if (r < 0)
 102                 return r;
 103         if (r > 0)
 104                 dns_search_domain_move_back_and_unmark(d);
 105         else {
 106                 r = dns_search_domain_new(m, &d, DNS_SEARCH_DOMAIN_SYSTEM, NULL, domain);
 107                 if (r < 0)
 108                         return r;
 109         }
 110
 111         d->route_only = route_only;
 112         return 0;
 113 }
 114
 115 int manager_parse_search_domains_and_warn(Manager *m, const char *string) {
 116         int r;
 117
 118         assert(m);
 119         assert(string);
 120
 121         for (;;) {
 122                 _cleanup_free_ char *word = NULL;
 123
 124                 r = extract_first_word(&string, &word, NULL, EXTRACT_UNQUOTE);
 125                 if (r < 0)
 126                         return r;
 127                 if (r == 0)
 128                         break;
 129
 130                 r = manager_add_search_domain_by_string(m, word);
 131                 if (r < 0)
 132                         log_warning_errno(r, "Failed to add search domain '%s', ignoring: %m", word);
 133         }
 134
 135         return 0;
 136 }
 137
 138 int config_parse_dns_servers(
 139                 const char *unit,
 140                 const char *filename,
 141                 unsigned line,
 142                 const char *section,
 143                 unsigned section_line,
 144                 const char *lvalue,
 145                 int ltype,
 146                 const char *rvalue,
 147                 void *data,
 148                 void *userdata) {
 149
 150         Manager *m = userdata;
 151         int r;
 152
 153         assert(filename);
 154         assert(lvalue);
 155         assert(rvalue);
 156         assert(m);
 157
 158         if (isempty(rvalue))
 159                 /* Empty assignment means clear the list */
 160                 dns_server_unlink_all(manager_get_first_dns_server(m, ltype));
 161         else {
 162                 /* Otherwise, add to the list */
 163                 r = manager_parse_dns_server_string_and_warn(m, ltype, rvalue);
 164                 if (r < 0) {
 165                         log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse DNS server string '%s'. Ignoring.", rvalue);
 166                         return 0;
 167                 }
 168         }
 169
 170         /* If we have a manual setting, then we stop reading
 171          * /etc/resolv.conf */
 172         if (ltype == DNS_SERVER_SYSTEM)
 173                 m->read_resolv_conf = false;
 174         if (ltype == DNS_SERVER_FALLBACK)
 175                 m->need_builtin_fallbacks = false;
 176
 177         return 0;
 178 }
 179
 180 int config_parse_search_domains(
 181                 const char *unit,
 182                 const char *filename,
 183                 unsigned line,
 184                 const char *section,
 185                 unsigned section_line,
 186                 const char *lvalue,
 187                 int ltype,
 188                 const char *rvalue,
 189                 void *data,
 190                 void *userdata) {
 191
 192         Manager *m = userdata;
 193         int r;
 194
 195         assert(filename);
 196         assert(lvalue);
 197         assert(rvalue);
 198         assert(m);
 199
 200         if (isempty(rvalue))
 201                 /* Empty assignment means clear the list */
 202                 dns_search_domain_unlink_all(m->search_domains);
 203         else {
 204                 /* Otherwise, add to the list */
 205                 r = manager_parse_search_domains_and_warn(m, rvalue);
 206                 if (r < 0) {
 207                         log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse search domains string '%s'. Ignoring.", rvalue);
 208                         return 0;
 209                 }
 210         }
 211
 212         /* If we have a manual setting, then we stop reading
 213          * /etc/resolv.conf */
 214         m->read_resolv_conf = false;
 215
 216         return 0;
 217 }
 218
 219 int config_parse_dnssd_service_name(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata) {
 220         static const Specifier specifier_table[] = {
 221                 { 'b', specifier_boot_id,         NULL },
 222                 { 'H', specifier_host_name,       NULL },
 223                 { 'm', specifier_machine_id,      NULL },
 224                 { 'v', specifier_kernel_release,  NULL },
 225                 {}
 226         };
 227         DnssdService *s = userdata;
 228         _cleanup_free_ char *name = NULL;
 229         int r;
 230
 231         assert(filename);
 232         assert(lvalue);
 233         assert(rvalue);
 234         assert(s);
 235
 236         if (isempty(rvalue)) {
 237                 log_syntax(unit, LOG_ERR, filename, line, 0, "Service instance name can't be empty. Ignoring.");
 238                 return -EINVAL;
 239         }
 240
 241         r = free_and_strdup(&s->name_template, rvalue);
 242         if (r < 0)
 243                 return log_oom();
 244
 245         r = specifier_printf(s->name_template, specifier_table, NULL, &name);
 246         if (r < 0)
 247                 return log_debug_errno(r, "Failed to replace specifiers: %m");
 248
 249         if (!dns_service_name_is_valid(name)) {
 250                 log_syntax(unit, LOG_ERR, filename, line, 0, "Service instance name template renders to invalid name '%s'. Ignoring.", name);
 251                 return -EINVAL;
 252         }
 253
 254         return 0;
 255 }
 256
 257 int config_parse_dnssd_service_type(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata) {
 258         DnssdService *s = userdata;
 259         int r;
 260
 261         assert(filename);
 262         assert(lvalue);
 263         assert(rvalue);
 264         assert(s);
 265
 266         if (isempty(rvalue)) {
 267                 log_syntax(unit, LOG_ERR, filename, line, 0, "Service type can't be empty. Ignoring.");
 268                 return -EINVAL;
 269         }
 270
 271         if (!dnssd_srv_type_is_valid(rvalue)) {
 272                 log_syntax(unit, LOG_ERR, filename, line, 0, "Service type is invalid. Ignoring.");
 273                 return -EINVAL;
 274         }
 275
 276         r = free_and_strdup(&s->type, rvalue);
 277         if (r < 0)
 278                 return log_oom();
 279
 280         return 0;
 281 }
 282
 283 int config_parse_dnssd_txt(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata) {
 284         _cleanup_(dnssd_txtdata_freep) DnssdTxtData *txt_data = NULL;
 285         DnssdService *s = userdata;
 286         DnsTxtItem *last = NULL;
 287
 288         assert(filename);
 289         assert(lvalue);
 290         assert(rvalue);
 291         assert(s);
 292
 293         if (isempty(rvalue)) {
 294                 /* Flush out collected items */
 295                 s->txt_data_items = dnssd_txtdata_free_all(s->txt_data_items);
 296                 return 0;
 297         }
 298
 299         txt_data = new0(DnssdTxtData, 1);
 300         if (!txt_data)
 301                 return log_oom();
 302
 303         for (;;) {
 304                 _cleanup_free_ char *word = NULL;
 305                 _cleanup_free_ char *key = NULL;
 306                 _cleanup_free_ char *value = NULL;
 307                 _cleanup_free_ void *decoded = NULL;
 308                 size_t length = 0;
 309                 DnsTxtItem *i;
 310                 int r;
 311
 312                 r = extract_first_word(&rvalue, &word, NULL,
 313                                        EXTRACT_UNQUOTE|EXTRACT_CUNESCAPE|EXTRACT_CUNESCAPE_RELAX);
 314                 if (r == 0)
 315                         break;
 316                 if (r == -ENOMEM)
 317                         return log_oom();
 318                 if (r < 0)
 319                         return log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
 320
 321                 r = split_pair(word, "=", &key, &value);
 322                 if (r == -ENOMEM)
 323                         return log_oom();
 324                 if (r == -EINVAL)
 325                         key = TAKE_PTR(word);
 326
 327                 if (!ascii_is_valid(key)) {
 328                         log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid syntax, ignoring: %s", key);
 329                         return -EINVAL;
 330                 }
 331
 332                 switch (ltype) {
 333
 334                 case DNS_TXT_ITEM_DATA:
 335                         if (value) {
 336                                 r = unbase64mem(value, strlen(value), &decoded, &length);
 337                                 if (r == -ENOMEM)
 338                                         return log_oom();
 339                                 if (r < 0)
 340                                         return log_syntax(unit, LOG_ERR, filename, line, r,
 341                                                           "Invalid base64 encoding, ignoring: %s", value);
 342                         }
 343
 344                         r = dnssd_txt_item_new_from_data(key, decoded, length, &i);
 345                         if (r < 0)
 346                                 return log_oom();
 347                         break;
 348
 349                 case DNS_TXT_ITEM_TEXT:
 350                         r = dnssd_txt_item_new_from_string(key, value, &i);
 351                         if (r < 0)
 352                                 return log_oom();
 353                         break;
 354
 355                 default:
 356                         assert_not_reached("Unknown type of Txt config");
 357                 }
 358
 359                 LIST_INSERT_AFTER(items, txt_data->txt, last, i);
 360                 last = i;
 361         }
 362
 363         if (!LIST_IS_EMPTY(txt_data->txt)) {
 364                 LIST_PREPEND(items, s->txt_data_items, txt_data);
 365                 txt_data = NULL;
 366         }
 367
 368         return 0;
 369 }
 370
 371 int manager_parse_config_file(Manager *m) {
 372         int r;
 373
 374         assert(m);
 375
 376         r = config_parse_many_nulstr(PKGSYSCONFDIR "/resolved.conf",
 377                                      CONF_PATHS_NULSTR("systemd/resolved.conf.d"),
 378                                      "Resolve\0",
 379                                      config_item_perf_lookup, resolved_gperf_lookup,
 380                                      CONFIG_PARSE_WARN, m);
 381         if (r < 0)
 382                 return r;
 383
 384         if (m->need_builtin_fallbacks) {
 385                 r = manager_parse_dns_server_string_and_warn(m, DNS_SERVER_FALLBACK, DNS_SERVERS);
 386                 if (r < 0)
 387                         return r;
 388         }
 389
 390 #if ! HAVE_GCRYPT
 391         if (m->dnssec_mode != DNSSEC_NO) {
 392                 log_warning("DNSSEC option cannot be enabled or set to allow-downgrade when systemd-resolved is built without gcrypt support. Turning off DNSSEC support.");
 393                 m->dnssec_mode = DNSSEC_NO;
 394         }
 395 #endif
 396
 397 #if ! ENABLE_DNS_OVER_TLS
 398         if (m->dns_over_tls_mode != DNS_OVER_TLS_NO) {
 399                 log_warning("DNS-over-TLS option cannot be enabled or set to opportunistic when systemd-resolved is built without DNS-over-TLS support. Turning off DNS-over-TLS support.");
 400                 m->dns_over_tls_mode = DNS_OVER_TLS_NO;
 401         }
 402 #endif
 403         return 0;
 404
 405 }