1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
4 #include <netinet/in.h>
5 #include <sys/capability.h>
7 #include "alloc-util.h"
8 #include "bus-common-errors.h"
9 #include "bus-get-properties.h"
10 #include "bus-message-util.h"
11 #include "bus-polkit.h"
13 #include "parse-util.h"
14 #include "resolve-util.h"
15 #include "resolved-bus.h"
16 #include "resolved-link-bus.h"
17 #include "resolved-resolv-conf.h"
18 #include "socket-netlink.h"
19 #include "stdio-util.h"
21 #include "user-util.h"
23 static BUS_DEFINE_PROPERTY_GET(property_get_dnssec_supported
, "b", Link
, link_dnssec_supported
);
24 static BUS_DEFINE_PROPERTY_GET2(property_get_dnssec_mode
, "s", Link
, link_get_dnssec_mode
, dnssec_mode_to_string
);
25 static BUS_DEFINE_PROPERTY_GET2(property_get_llmnr_support
, "s", Link
, link_get_llmnr_support
, resolve_support_to_string
);
26 static BUS_DEFINE_PROPERTY_GET2(property_get_mdns_support
, "s", Link
, link_get_mdns_support
, resolve_support_to_string
);
28 static int property_get_dns_over_tls_mode(
31 const char *interface
,
33 sd_bus_message
*reply
,
35 sd_bus_error
*error
) {
37 Link
*l
= ASSERT_PTR(userdata
);
41 return sd_bus_message_append(reply
, "s", dns_over_tls_mode_to_string(link_get_dns_over_tls_mode(l
)));
44 static int property_get_dns_internal(
47 const char *interface
,
49 sd_bus_message
*reply
,
54 Link
*l
= ASSERT_PTR(userdata
);
59 r
= sd_bus_message_open_container(reply
, 'a', extended
? "(iayqs)" : "(iay)");
63 LIST_FOREACH(servers
, s
, l
->dns_servers
) {
64 r
= bus_dns_server_append(reply
, s
, false, extended
);
69 return sd_bus_message_close_container(reply
);
72 static int property_get_dns(
75 const char *interface
,
77 sd_bus_message
*reply
,
79 sd_bus_error
*error
) {
80 return property_get_dns_internal(bus
, path
, interface
, property
, reply
, userdata
, error
, false);
83 static int property_get_dns_ex(
86 const char *interface
,
88 sd_bus_message
*reply
,
90 sd_bus_error
*error
) {
91 return property_get_dns_internal(bus
, path
, interface
, property
, reply
, userdata
, error
, true);
94 static int property_get_current_dns_server_internal(
97 const char *interface
,
99 sd_bus_message
*reply
,
109 s
= *(DnsServer
**) userdata
;
111 return bus_dns_server_append(reply
, s
, false, extended
);
114 static int property_get_current_dns_server(
117 const char *interface
,
118 const char *property
,
119 sd_bus_message
*reply
,
121 sd_bus_error
*error
) {
122 return property_get_current_dns_server_internal(bus
, path
, interface
, property
, reply
, userdata
, error
, false);
125 static int property_get_current_dns_server_ex(
128 const char *interface
,
129 const char *property
,
130 sd_bus_message
*reply
,
132 sd_bus_error
*error
) {
133 return property_get_current_dns_server_internal(bus
, path
, interface
, property
, reply
, userdata
, error
, true);
136 static int property_get_domains(
139 const char *interface
,
140 const char *property
,
141 sd_bus_message
*reply
,
143 sd_bus_error
*error
) {
145 Link
*l
= ASSERT_PTR(userdata
);
150 r
= sd_bus_message_open_container(reply
, 'a', "(sb)");
154 LIST_FOREACH(domains
, d
, l
->search_domains
) {
155 r
= sd_bus_message_append(reply
, "(sb)", d
->name
, d
->route_only
);
160 return sd_bus_message_close_container(reply
);
163 static int property_get_default_route(
166 const char *interface
,
167 const char *property
,
168 sd_bus_message
*reply
,
170 sd_bus_error
*error
) {
172 Link
*l
= ASSERT_PTR(userdata
);
176 /* Return what is configured, if there's something configured */
177 if (l
->default_route
>= 0)
178 return sd_bus_message_append(reply
, "b", l
->default_route
);
180 /* Otherwise report what is in effect */
181 if (l
->unicast_scope
)
182 return sd_bus_message_append(reply
, "b", dns_scope_is_default_route(l
->unicast_scope
));
184 return sd_bus_message_append(reply
, "b", false);
187 static int property_get_scopes_mask(
190 const char *interface
,
191 const char *property
,
192 sd_bus_message
*reply
,
194 sd_bus_error
*error
) {
196 Link
*l
= ASSERT_PTR(userdata
);
201 mask
= (l
->unicast_scope
? SD_RESOLVED_DNS
: 0) |
202 (l
->llmnr_ipv4_scope
? SD_RESOLVED_LLMNR_IPV4
: 0) |
203 (l
->llmnr_ipv6_scope
? SD_RESOLVED_LLMNR_IPV6
: 0) |
204 (l
->mdns_ipv4_scope
? SD_RESOLVED_MDNS_IPV4
: 0) |
205 (l
->mdns_ipv6_scope
? SD_RESOLVED_MDNS_IPV6
: 0);
207 return sd_bus_message_append(reply
, "t", mask
);
210 static int verify_unmanaged_link(Link
*l
, sd_bus_error
*error
) {
213 if (l
->flags
& IFF_LOOPBACK
)
214 return sd_bus_error_setf(error
, BUS_ERROR_LINK_BUSY
, "Link %s is loopback device.", l
->ifname
);
216 return sd_bus_error_setf(error
, BUS_ERROR_LINK_BUSY
, "Link %s is managed.", l
->ifname
);
221 static int bus_link_method_set_dns_servers_internal(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
, bool extended
) {
222 _cleanup_free_
char *j
= NULL
;
223 struct in_addr_full
**dns
;
224 bool changed
= false;
225 Link
*l
= ASSERT_PTR(userdata
);
231 r
= verify_unmanaged_link(l
, error
);
235 r
= bus_message_read_dns_servers(message
, error
, extended
, &dns
, &n
);
239 r
= bus_verify_polkit_async(
241 "org.freedesktop.resolve1.set-dns-servers",
243 &l
->manager
->polkit_registry
, error
);
247 r
= 1; /* Polkit will call us back */
251 for (size_t i
= 0; i
< n
; i
++) {
254 s
= in_addr_full_to_string(dns
[i
]);
260 if (!strextend_with_separator(&j
, ", ", s
)) {
266 bus_client_log(message
, "DNS server change");
268 dns_server_mark_all(l
->dns_servers
);
270 for (size_t i
= 0; i
< n
; i
++) {
273 s
= dns_server_find(l
->dns_servers
, dns
[i
]->family
, &dns
[i
]->address
, dns
[i
]->port
, 0, dns
[i
]->server_name
);
275 dns_server_move_back_and_unmark(s
);
277 r
= dns_server_new(l
->manager
, NULL
, DNS_SERVER_LINK
, l
, dns
[i
]->family
, &dns
[i
]->address
, dns
[i
]->port
, 0, dns
[i
]->server_name
);
279 dns_server_unlink_all(l
->dns_servers
);
288 changed
= dns_server_unlink_marked(l
->dns_servers
) || changed
;
291 link_allocate_scopes(l
);
293 (void) link_save_user(l
);
294 (void) manager_write_resolv_conf(l
->manager
);
295 (void) manager_send_changed(l
->manager
, "DNS");
298 log_link_info(l
, "Bus client set DNS server list to: %s", j
);
300 log_link_info(l
, "Bus client reset DNS server list.");
303 r
= sd_bus_reply_method_return(message
, NULL
);
306 for (size_t i
= 0; i
< n
; i
++)
307 in_addr_full_free(dns
[i
]);
313 int bus_link_method_set_dns_servers(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
314 return bus_link_method_set_dns_servers_internal(message
, userdata
, error
, false);
317 int bus_link_method_set_dns_servers_ex(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
318 return bus_link_method_set_dns_servers_internal(message
, userdata
, error
, true);
321 int bus_link_method_set_domains(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
322 _cleanup_free_
char *j
= NULL
;
323 Link
*l
= ASSERT_PTR(userdata
);
324 bool changed
= false;
329 r
= verify_unmanaged_link(l
, error
);
333 r
= sd_bus_message_enter_container(message
, 'a', "(sb)");
338 _cleanup_free_
char *prefixed
= NULL
;
342 r
= sd_bus_message_read(message
, "(sb)", &name
, &route_only
);
348 r
= dns_name_is_valid(name
);
352 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid search domain %s", name
);
353 if (!route_only
&& dns_name_is_root(name
))
354 return sd_bus_error_set(error
, SD_BUS_ERROR_INVALID_ARGS
, "Root domain is not suitable as search domain");
357 prefixed
= strjoin("~", name
);
364 if (!strextend_with_separator(&j
, ", ", name
))
368 r
= sd_bus_message_rewind(message
, false);
372 r
= bus_verify_polkit_async(
374 "org.freedesktop.resolve1.set-domains",
376 &l
->manager
->polkit_registry
,
381 return 1; /* Polkit will call us back */
383 bus_client_log(message
, "dns domains change");
385 dns_search_domain_mark_all(l
->search_domains
);
392 r
= sd_bus_message_read(message
, "(sb)", &name
, &route_only
);
398 r
= dns_search_domain_find(l
->search_domains
, name
, &d
);
403 dns_search_domain_move_back_and_unmark(d
);
405 r
= dns_search_domain_new(l
->manager
, &d
, DNS_SEARCH_DOMAIN_LINK
, l
, name
);
412 d
->route_only
= route_only
;
415 r
= sd_bus_message_exit_container(message
);
419 changed
= dns_search_domain_unlink_marked(l
->search_domains
) || changed
;
422 (void) link_save_user(l
);
423 (void) manager_write_resolv_conf(l
->manager
);
426 log_link_info(l
, "Bus client set search domain list to: %s", j
);
428 log_link_info(l
, "Bus client reset search domain list.");
431 return sd_bus_reply_method_return(message
, NULL
);
434 dns_search_domain_unlink_all(l
->search_domains
);
438 int bus_link_method_set_default_route(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
439 Link
*l
= ASSERT_PTR(userdata
);
444 r
= verify_unmanaged_link(l
, error
);
448 r
= sd_bus_message_read(message
, "b", &b
);
452 r
= bus_verify_polkit_async(
454 "org.freedesktop.resolve1.set-default-route",
456 &l
->manager
->polkit_registry
,
461 return 1; /* Polkit will call us back */
463 bus_client_log(message
, "dns default route change");
465 if (l
->default_route
!= b
) {
466 l
->default_route
= b
;
468 (void) link_save_user(l
);
469 (void) manager_write_resolv_conf(l
->manager
);
471 log_link_info(l
, "Bus client set default route setting: %s", yes_no(b
));
474 return sd_bus_reply_method_return(message
, NULL
);
477 int bus_link_method_set_llmnr(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
478 Link
*l
= ASSERT_PTR(userdata
);
485 r
= verify_unmanaged_link(l
, error
);
489 r
= sd_bus_message_read(message
, "s", &llmnr
);
494 mode
= RESOLVE_SUPPORT_YES
;
496 mode
= resolve_support_from_string(llmnr
);
498 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid LLMNR setting: %s", llmnr
);
501 r
= bus_verify_polkit_async(
503 "org.freedesktop.resolve1.set-llmnr",
505 &l
->manager
->polkit_registry
,
510 return 1; /* Polkit will call us back */
512 bus_client_log(message
, "LLMNR change");
514 if (l
->llmnr_support
!= mode
) {
515 l
->llmnr_support
= mode
;
516 link_allocate_scopes(l
);
517 link_add_rrs(l
, false);
519 (void) link_save_user(l
);
521 log_link_info(l
, "Bus client set LLMNR setting: %s", resolve_support_to_string(mode
));
524 return sd_bus_reply_method_return(message
, NULL
);
527 int bus_link_method_set_mdns(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
528 Link
*l
= ASSERT_PTR(userdata
);
535 r
= verify_unmanaged_link(l
, error
);
539 r
= sd_bus_message_read(message
, "s", &mdns
);
544 mode
= RESOLVE_SUPPORT_YES
;
546 mode
= resolve_support_from_string(mdns
);
548 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid MulticastDNS setting: %s", mdns
);
551 r
= bus_verify_polkit_async(
553 "org.freedesktop.resolve1.set-mdns",
555 &l
->manager
->polkit_registry
,
560 return 1; /* Polkit will call us back */
562 bus_client_log(message
, "mDNS change");
564 if (l
->mdns_support
!= mode
) {
565 l
->mdns_support
= mode
;
566 link_allocate_scopes(l
);
567 link_add_rrs(l
, false);
569 (void) link_save_user(l
);
571 log_link_info(l
, "Bus client set MulticastDNS setting: %s", resolve_support_to_string(mode
));
574 return sd_bus_reply_method_return(message
, NULL
);
577 int bus_link_method_set_dns_over_tls(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
578 Link
*l
= ASSERT_PTR(userdata
);
579 const char *dns_over_tls
;
585 r
= verify_unmanaged_link(l
, error
);
589 r
= sd_bus_message_read(message
, "s", &dns_over_tls
);
593 if (isempty(dns_over_tls
))
594 mode
= _DNS_OVER_TLS_MODE_INVALID
;
596 mode
= dns_over_tls_mode_from_string(dns_over_tls
);
598 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid DNSOverTLS setting: %s", dns_over_tls
);
601 r
= bus_verify_polkit_async(
603 "org.freedesktop.resolve1.set-dns-over-tls",
605 &l
->manager
->polkit_registry
,
610 return 1; /* Polkit will call us back */
612 bus_client_log(message
, "D-o-T change");
614 if (l
->dns_over_tls_mode
!= mode
) {
615 link_set_dns_over_tls_mode(l
, mode
);
616 link_allocate_scopes(l
);
618 (void) link_save_user(l
);
620 log_link_info(l
, "Bus client set DNSOverTLS setting: %s",
621 mode
< 0 ? "default" : dns_over_tls_mode_to_string(mode
));
624 return sd_bus_reply_method_return(message
, NULL
);
627 int bus_link_method_set_dnssec(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
628 Link
*l
= ASSERT_PTR(userdata
);
635 r
= verify_unmanaged_link(l
, error
);
639 r
= sd_bus_message_read(message
, "s", &dnssec
);
644 mode
= _DNSSEC_MODE_INVALID
;
646 mode
= dnssec_mode_from_string(dnssec
);
648 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid DNSSEC setting: %s", dnssec
);
651 r
= bus_verify_polkit_async(
653 "org.freedesktop.resolve1.set-dnssec",
655 &l
->manager
->polkit_registry
,
660 return 1; /* Polkit will call us back */
662 bus_client_log(message
, "DNSSEC change");
664 if (l
->dnssec_mode
!= mode
) {
665 link_set_dnssec_mode(l
, mode
);
666 link_allocate_scopes(l
);
668 (void) link_save_user(l
);
670 log_link_info(l
, "Bus client set DNSSEC setting: %s",
671 mode
< 0 ? "default" : dnssec_mode_to_string(mode
));
674 return sd_bus_reply_method_return(message
, NULL
);
677 int bus_link_method_set_dnssec_negative_trust_anchors(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
678 _cleanup_set_free_free_ Set
*ns
= NULL
;
679 _cleanup_strv_free_
char **ntas
= NULL
;
680 _cleanup_free_
char *j
= NULL
;
681 Link
*l
= ASSERT_PTR(userdata
);
686 r
= verify_unmanaged_link(l
, error
);
690 ns
= set_new(&dns_name_hash_ops
);
694 r
= sd_bus_message_read_strv(message
, &ntas
);
698 STRV_FOREACH(i
, ntas
) {
699 r
= dns_name_is_valid(*i
);
703 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
,
704 "Invalid negative trust anchor domain: %s", *i
);
706 r
= set_put_strdup(&ns
, *i
);
710 if (!strextend_with_separator(&j
, ", ", *i
))
714 r
= bus_verify_polkit_async(
716 "org.freedesktop.resolve1.set-dnssec-negative-trust-anchors",
718 &l
->manager
->polkit_registry
,
723 return 1; /* Polkit will call us back */
725 bus_client_log(message
, "DNSSEC NTA change");
727 if (!set_equal(ns
, l
->dnssec_negative_trust_anchors
)) {
728 set_free_free(l
->dnssec_negative_trust_anchors
);
729 l
->dnssec_negative_trust_anchors
= TAKE_PTR(ns
);
731 (void) link_save_user(l
);
734 log_link_info(l
, "Bus client set NTA list to: %s", j
);
736 log_link_info(l
, "Bus client reset NTA list.");
739 return sd_bus_reply_method_return(message
, NULL
);
742 int bus_link_method_revert(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
743 Link
*l
= ASSERT_PTR(userdata
);
748 r
= verify_unmanaged_link(l
, error
);
752 r
= bus_verify_polkit_async(
754 "org.freedesktop.resolve1.revert",
756 &l
->manager
->polkit_registry
,
761 return 1; /* Polkit will call us back */
763 bus_client_log(message
, "revert");
765 link_flush_settings(l
);
766 link_allocate_scopes(l
);
767 link_add_rrs(l
, false);
769 (void) link_save_user(l
);
770 (void) manager_write_resolv_conf(l
->manager
);
771 (void) manager_send_changed(l
->manager
, "DNS");
773 return sd_bus_reply_method_return(message
, NULL
);
776 static int link_object_find(sd_bus
*bus
, const char *path
, const char *interface
, void *userdata
, void **found
, sd_bus_error
*error
) {
777 _cleanup_free_
char *e
= NULL
;
778 Manager
*m
= ASSERT_PTR(userdata
);
787 r
= sd_bus_path_decode(path
, "/org/freedesktop/resolve1/link", &e
);
791 ifindex
= parse_ifindex(e
);
795 link
= hashmap_get(m
->links
, INT_TO_PTR(ifindex
));
803 char *link_bus_path(const Link
*link
) {
804 char *p
, ifindex
[DECIMAL_STR_MAX(link
->ifindex
)];
809 xsprintf(ifindex
, "%i", link
->ifindex
);
811 r
= sd_bus_path_encode("/org/freedesktop/resolve1/link", ifindex
, &p
);
818 static int link_node_enumerator(sd_bus
*bus
, const char *path
, void *userdata
, char ***nodes
, sd_bus_error
*error
) {
819 _cleanup_strv_free_
char **l
= NULL
;
820 Manager
*m
= ASSERT_PTR(userdata
);
828 l
= new0(char*, hashmap_size(m
->links
) + 1);
832 HASHMAP_FOREACH(link
, m
->links
) {
835 p
= link_bus_path(link
);
843 *nodes
= TAKE_PTR(l
);
848 static const sd_bus_vtable link_vtable
[] = {
849 SD_BUS_VTABLE_START(0),
851 SD_BUS_PROPERTY("ScopesMask", "t", property_get_scopes_mask
, 0, 0),
852 SD_BUS_PROPERTY("DNS", "a(iay)", property_get_dns
, 0, 0),
853 SD_BUS_PROPERTY("DNSEx", "a(iayqs)", property_get_dns_ex
, 0, 0),
854 SD_BUS_PROPERTY("CurrentDNSServer", "(iay)", property_get_current_dns_server
, offsetof(Link
, current_dns_server
), 0),
855 SD_BUS_PROPERTY("CurrentDNSServerEx", "(iayqs)", property_get_current_dns_server_ex
, offsetof(Link
, current_dns_server
), 0),
856 SD_BUS_PROPERTY("Domains", "a(sb)", property_get_domains
, 0, 0),
857 SD_BUS_PROPERTY("DefaultRoute", "b", property_get_default_route
, 0, 0),
858 SD_BUS_PROPERTY("LLMNR", "s", property_get_llmnr_support
, 0, 0),
859 SD_BUS_PROPERTY("MulticastDNS", "s", property_get_mdns_support
, 0, 0),
860 SD_BUS_PROPERTY("DNSOverTLS", "s", property_get_dns_over_tls_mode
, 0, 0),
861 SD_BUS_PROPERTY("DNSSEC", "s", property_get_dnssec_mode
, 0, 0),
862 SD_BUS_PROPERTY("DNSSECNegativeTrustAnchors", "as", bus_property_get_string_set
, offsetof(Link
, dnssec_negative_trust_anchors
), 0),
863 SD_BUS_PROPERTY("DNSSECSupported", "b", property_get_dnssec_supported
, 0, 0),
865 SD_BUS_METHOD_WITH_ARGS("SetDNS",
866 SD_BUS_ARGS("a(iay)", addresses
),
868 bus_link_method_set_dns_servers
,
869 SD_BUS_VTABLE_UNPRIVILEGED
),
870 SD_BUS_METHOD_WITH_ARGS("SetDNSEx",
871 SD_BUS_ARGS("a(iayqs)", addresses
),
873 bus_link_method_set_dns_servers_ex
,
874 SD_BUS_VTABLE_UNPRIVILEGED
),
875 SD_BUS_METHOD_WITH_ARGS("SetDomains",
876 SD_BUS_ARGS("a(sb)", domains
),
878 bus_link_method_set_domains
,
879 SD_BUS_VTABLE_UNPRIVILEGED
),
880 SD_BUS_METHOD_WITH_ARGS("SetDefaultRoute",
881 SD_BUS_ARGS("b", enable
),
883 bus_link_method_set_default_route
,
884 SD_BUS_VTABLE_UNPRIVILEGED
),
885 SD_BUS_METHOD_WITH_ARGS("SetLLMNR",
886 SD_BUS_ARGS("s", mode
),
888 bus_link_method_set_llmnr
,
889 SD_BUS_VTABLE_UNPRIVILEGED
),
890 SD_BUS_METHOD_WITH_ARGS("SetMulticastDNS",
891 SD_BUS_ARGS("s", mode
),
893 bus_link_method_set_mdns
,
894 SD_BUS_VTABLE_UNPRIVILEGED
),
895 SD_BUS_METHOD_WITH_ARGS("SetDNSOverTLS",
896 SD_BUS_ARGS("s", mode
),
898 bus_link_method_set_dns_over_tls
,
899 SD_BUS_VTABLE_UNPRIVILEGED
),
900 SD_BUS_METHOD_WITH_ARGS("SetDNSSEC",
901 SD_BUS_ARGS("s", mode
),
903 bus_link_method_set_dnssec
,
904 SD_BUS_VTABLE_UNPRIVILEGED
),
905 SD_BUS_METHOD_WITH_ARGS("SetDNSSECNegativeTrustAnchors",
906 SD_BUS_ARGS("as", names
),
908 bus_link_method_set_dnssec_negative_trust_anchors
,
909 SD_BUS_VTABLE_UNPRIVILEGED
),
910 SD_BUS_METHOD_WITH_ARGS("Revert",
913 bus_link_method_revert
,
914 SD_BUS_VTABLE_UNPRIVILEGED
),
919 const BusObjectImplementation link_object
= {
920 "/org/freedesktop/resolve1/link",
921 "org.freedesktop.resolve1.Link",
922 .fallback_vtables
= BUS_FALLBACK_VTABLES({link_vtable
, link_object_find
}),
923 .node_enumerator
= link_node_enumerator
,