1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
3 #include "glyph-util.h"
4 #include "in-addr-util.h"
5 #include "resolved-dns-synthesize.h"
6 #include "resolved-varlink.h"
7 #include "socket-netlink.h"
9 typedef struct LookupParameters
{
13 union in_addr_union address
;
18 static void lookup_parameters_destroy(LookupParameters
*p
) {
23 static int reply_query_state(DnsQuery
*q
) {
26 assert(q
->varlink_request
);
30 case DNS_TRANSACTION_NO_SERVERS
:
31 return varlink_error(q
->varlink_request
, "io.systemd.Resolve.NoNameServers", NULL
);
33 case DNS_TRANSACTION_TIMEOUT
:
34 return varlink_error(q
->varlink_request
, "io.systemd.Resolve.QueryTimedOut", NULL
);
36 case DNS_TRANSACTION_ATTEMPTS_MAX_REACHED
:
37 return varlink_error(q
->varlink_request
, "io.systemd.Resolve.MaxAttemptsReached", NULL
);
39 case DNS_TRANSACTION_INVALID_REPLY
:
40 return varlink_error(q
->varlink_request
, "io.systemd.Resolve.InvalidReply", NULL
);
42 case DNS_TRANSACTION_ERRNO
:
43 return varlink_error_errno(q
->varlink_request
, q
->answer_errno
);
45 case DNS_TRANSACTION_ABORTED
:
46 return varlink_error(q
->varlink_request
, "io.systemd.Resolve.QueryAborted", NULL
);
48 case DNS_TRANSACTION_DNSSEC_FAILED
:
49 return varlink_errorb(q
->varlink_request
, "io.systemd.Resolve.DNSSECValidationFailed",
50 JSON_BUILD_OBJECT(JSON_BUILD_PAIR("result", JSON_BUILD_STRING(dnssec_result_to_string(q
->answer_dnssec_result
)))));
52 case DNS_TRANSACTION_NO_TRUST_ANCHOR
:
53 return varlink_error(q
->varlink_request
, "io.systemd.Resolve.NoTrustAnchor", NULL
);
55 case DNS_TRANSACTION_RR_TYPE_UNSUPPORTED
:
56 return varlink_error(q
->varlink_request
, "io.systemd.Resolve.ResourceRecordTypeUnsupported", NULL
);
58 case DNS_TRANSACTION_NETWORK_DOWN
:
59 return varlink_error(q
->varlink_request
, "io.systemd.Resolve.NetworkDown", NULL
);
61 case DNS_TRANSACTION_NO_SOURCE
:
62 return varlink_error(q
->varlink_request
, "io.systemd.Resolve.NoSource", NULL
);
64 case DNS_TRANSACTION_STUB_LOOP
:
65 return varlink_error(q
->varlink_request
, "io.systemd.Resolve.StubLoop", NULL
);
67 case DNS_TRANSACTION_NOT_FOUND
:
68 /* We return this as NXDOMAIN. This is only generated when a host doesn't implement LLMNR/TCP, and we
69 * thus quickly know that we cannot resolve an in-addr.arpa or ip6.arpa address. */
70 return varlink_errorb(q
->varlink_request
, "io.systemd.Resolve.DNSError",
71 JSON_BUILD_OBJECT(JSON_BUILD_PAIR("rcode", JSON_BUILD_INTEGER(DNS_RCODE_NXDOMAIN
))));
73 case DNS_TRANSACTION_RCODE_FAILURE
:
74 return varlink_errorb(q
->varlink_request
, "io.systemd.Resolve.DNSError",
75 JSON_BUILD_OBJECT(JSON_BUILD_PAIR("rcode", JSON_BUILD_INTEGER(q
->answer_rcode
))));
77 case DNS_TRANSACTION_NULL
:
78 case DNS_TRANSACTION_PENDING
:
79 case DNS_TRANSACTION_VALIDATING
:
80 case DNS_TRANSACTION_SUCCESS
:
86 static void vl_on_disconnect(VarlinkServer
*s
, Varlink
*link
, void *userdata
) {
92 q
= varlink_get_userdata(link
);
96 if (!DNS_TRANSACTION_IS_LIVE(q
->state
))
99 log_debug("Client of active query vanished, aborting query.");
100 dns_query_complete(q
, DNS_TRANSACTION_ABORTED
);
103 static bool validate_and_mangle_flags(
110 /* This checks that the specified client-provided flags parameter actually makes sense, and mangles
111 * it slightly. Specifically:
113 * 1. We check that only the protocol flags and a bunch of NO_XYZ flags are on at most, plus the
114 * method-specific flags specified in 'ok'.
116 * 2. If no protocols are enabled we automatically convert that to "all protocols are enabled".
118 * The second rule means that clients can just pass 0 as flags for the common case, and all supported
119 * protocols are enabled. Moreover it's useful so that client's do not have to be aware of all
120 * protocols implemented in resolved, but can use 0 as protocols flags set as indicator for
124 if (*flags
& ~(SD_RESOLVED_PROTOCOLS_ALL
|
125 SD_RESOLVED_NO_CNAME
|
126 SD_RESOLVED_NO_VALIDATE
|
127 SD_RESOLVED_NO_SYNTHESIZE
|
128 SD_RESOLVED_NO_CACHE
|
130 SD_RESOLVED_NO_TRUST_ANCHOR
|
131 SD_RESOLVED_NO_NETWORK
|
135 if ((*flags
& SD_RESOLVED_PROTOCOLS_ALL
) == 0) /* If no protocol is enabled, enable all */
136 *flags
|= SD_RESOLVED_PROTOCOLS_ALL
;
138 /* If the SD_RESOLVED_NO_SEARCH flag is acceptable, and the query name is dot-suffixed, turn off
139 * search domains. Note that DNS name normalization drops the dot suffix, hence we propagate this
140 * into the flags field as early as we can. */
141 if (name
&& FLAGS_SET(ok
, SD_RESOLVED_NO_SEARCH
) && dns_name_dot_suffixed(name
) > 0)
142 *flags
|= SD_RESOLVED_NO_SEARCH
;
147 static void vl_method_resolve_hostname_complete(DnsQuery
*query
) {
148 _cleanup_(dns_resource_record_unrefp
) DnsResourceRecord
*canonical
= NULL
;
149 _cleanup_(json_variant_unrefp
) JsonVariant
*array
= NULL
;
150 _cleanup_(dns_query_freep
) DnsQuery
*q
= query
;
151 _cleanup_free_
char *normalized
= NULL
;
152 DnsResourceRecord
*rr
;
153 DnsQuestion
*question
;
158 if (q
->state
!= DNS_TRANSACTION_SUCCESS
) {
159 r
= reply_query_state(q
);
163 r
= dns_query_process_cname_many(q
);
165 r
= varlink_error(q
->varlink_request
, "io.systemd.Resolve.CNAMELoop", NULL
);
170 if (r
== DNS_QUERY_CNAME
) {
171 /* This was a cname, and the query was restarted. */
176 question
= dns_query_question_for_protocol(q
, q
->answer_protocol
);
178 DNS_ANSWER_FOREACH_IFINDEX(rr
, ifindex
, q
->answer
) {
179 _cleanup_(json_variant_unrefp
) JsonVariant
*entry
= NULL
;
183 r
= dns_question_matches_rr(question
, rr
, DNS_SEARCH_DOMAIN_NAME(q
->answer_search_domain
));
189 if (rr
->key
->type
== DNS_TYPE_A
) {
192 } else if (rr
->key
->type
== DNS_TYPE_AAAA
) {
194 p
= &rr
->aaaa
.in6_addr
;
200 r
= json_build(&entry
,
202 JSON_BUILD_PAIR_CONDITION(ifindex
> 0, "ifindex", JSON_BUILD_INTEGER(ifindex
)),
203 JSON_BUILD_PAIR("family", JSON_BUILD_INTEGER(family
)),
204 JSON_BUILD_PAIR("address", JSON_BUILD_BYTE_ARRAY(p
, FAMILY_ADDRESS_SIZE(family
)))));
209 canonical
= dns_resource_record_ref(rr
);
211 r
= json_variant_append_array(&array
, entry
);
216 if (json_variant_is_blank_object(array
)) {
217 r
= varlink_error(q
->varlink_request
, "io.systemd.Resolve.NoSuchResourceRecord", NULL
);
222 r
= dns_name_normalize(dns_resource_key_name(canonical
->key
), 0, &normalized
);
226 r
= varlink_replyb(q
->varlink_request
,
228 JSON_BUILD_PAIR("addresses", JSON_BUILD_VARIANT(array
)),
229 JSON_BUILD_PAIR("name", JSON_BUILD_STRING(normalized
)),
230 JSON_BUILD_PAIR("flags", JSON_BUILD_INTEGER(dns_query_reply_flags_make(q
)))));
233 log_error_errno(r
, "Failed to send hostname reply: %m");
234 r
= varlink_error_errno(q
->varlink_request
, r
);
238 static int parse_as_address(Varlink
*link
, LookupParameters
*p
) {
239 _cleanup_free_
char *canonical
= NULL
;
240 int r
, ff
, parsed_ifindex
, ifindex
;
241 union in_addr_union parsed
;
246 /* Check if this parses as literal address. If so, just parse it and return that, do not involve networking */
247 r
= in_addr_ifindex_from_string_auto(p
->name
, &ff
, &parsed
, &parsed_ifindex
);
249 return 0; /* not a literal address */
251 /* Make sure the data we parsed matches what is requested */
252 if ((p
->family
!= AF_UNSPEC
&& ff
!= p
->family
) ||
253 (p
->ifindex
> 0 && parsed_ifindex
> 0 && parsed_ifindex
!= p
->ifindex
))
254 return varlink_error(link
, "io.systemd.Resolve.NoSuchResourceRecord", NULL
);
256 ifindex
= parsed_ifindex
> 0 ? parsed_ifindex
: p
->ifindex
;
258 /* Reformat the address as string, to return as canonicalized name */
259 r
= in_addr_ifindex_to_string(ff
, &parsed
, ifindex
, &canonical
);
263 return varlink_replyb(
266 JSON_BUILD_PAIR("addresses",
269 JSON_BUILD_PAIR_CONDITION(ifindex
> 0, "ifindex", JSON_BUILD_INTEGER(ifindex
)),
270 JSON_BUILD_PAIR("family", JSON_BUILD_INTEGER(ff
)),
271 JSON_BUILD_PAIR("address", JSON_BUILD_BYTE_ARRAY(&parsed
, FAMILY_ADDRESS_SIZE(ff
)))))),
272 JSON_BUILD_PAIR("name", JSON_BUILD_STRING(canonical
)),
273 JSON_BUILD_PAIR("flags", JSON_BUILD_INTEGER(SD_RESOLVED_FLAGS_MAKE(dns_synthesize_protocol(p
->flags
), ff
, true, true)|
274 SD_RESOLVED_SYNTHETIC
))));
277 static int vl_method_resolve_hostname(Varlink
*link
, JsonVariant
*parameters
, VarlinkMethodFlags flags
, void *userdata
) {
278 static const JsonDispatch dispatch_table
[] = {
279 { "ifindex", JSON_VARIANT_UNSIGNED
, json_dispatch_int
, offsetof(LookupParameters
, ifindex
), 0 },
280 { "name", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(LookupParameters
, name
), JSON_MANDATORY
},
281 { "family", JSON_VARIANT_UNSIGNED
, json_dispatch_int
, offsetof(LookupParameters
, family
), 0 },
282 { "flags", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(LookupParameters
, flags
), 0 },
286 _cleanup_(dns_question_unrefp
) DnsQuestion
*question_idna
= NULL
, *question_utf8
= NULL
;
287 _cleanup_(lookup_parameters_destroy
) LookupParameters p
= {
290 _cleanup_(dns_query_freep
) DnsQuery
*q
= NULL
;
296 m
= varlink_server_get_userdata(varlink_get_server(link
));
299 if (FLAGS_SET(flags
, VARLINK_METHOD_ONEWAY
))
302 r
= json_dispatch(parameters
, dispatch_table
, NULL
, 0, &p
);
307 return varlink_error_invalid_parameter(link
, JSON_VARIANT_STRING_CONST("ifindex"));
309 r
= dns_name_is_valid(p
.name
);
313 return varlink_error_invalid_parameter(link
, JSON_VARIANT_STRING_CONST("name"));
315 if (!IN_SET(p
.family
, AF_UNSPEC
, AF_INET
, AF_INET6
))
316 return varlink_error_invalid_parameter(link
, JSON_VARIANT_STRING_CONST("family"));
318 if (!validate_and_mangle_flags(p
.name
, &p
.flags
, SD_RESOLVED_NO_SEARCH
))
319 return varlink_error_invalid_parameter(link
, JSON_VARIANT_STRING_CONST("flags"));
321 r
= parse_as_address(link
, &p
);
325 r
= dns_question_new_address(&question_utf8
, p
.family
, p
.name
, false);
329 r
= dns_question_new_address(&question_idna
, p
.family
, p
.name
, true);
330 if (r
< 0 && r
!= -EALREADY
)
333 r
= dns_query_new(m
, &q
, question_utf8
, question_idna
?: question_utf8
, NULL
, p
.ifindex
, p
.flags
);
337 q
->varlink_request
= varlink_ref(link
);
338 varlink_set_userdata(link
, q
);
339 q
->request_family
= p
.family
;
340 q
->complete
= vl_method_resolve_hostname_complete
;
350 static int json_dispatch_address(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
351 LookupParameters
*p
= userdata
;
352 union in_addr_union buf
= {};
359 if (!json_variant_is_array(variant
))
360 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not an array.", strna(name
));
362 n
= json_variant_elements(variant
);
363 if (!IN_SET(n
, 4, 16))
364 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is array of unexpected size.", strna(name
));
366 JSON_VARIANT_ARRAY_FOREACH(i
, variant
) {
369 if (!json_variant_is_integer(i
))
370 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "Element %zu of JSON field '%s' is not an integer.", k
, strna(name
));
372 b
= json_variant_integer(i
);
373 if (b
< 0 || b
> 0xff)
374 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
),
375 "Element %zu of JSON field '%s' is out of range 0%s255.",
376 k
, strna(name
), special_glyph(SPECIAL_GLYPH_ELLIPSIS
));
378 buf
.bytes
[k
++] = (uint8_t) b
;
387 static void vl_method_resolve_address_complete(DnsQuery
*query
) {
388 _cleanup_(json_variant_unrefp
) JsonVariant
*array
= NULL
;
389 _cleanup_(dns_query_freep
) DnsQuery
*q
= query
;
390 DnsQuestion
*question
;
391 DnsResourceRecord
*rr
;
396 if (q
->state
!= DNS_TRANSACTION_SUCCESS
) {
397 r
= reply_query_state(q
);
401 r
= dns_query_process_cname_many(q
);
403 r
= varlink_error(q
->varlink_request
, "io.systemd.Resolve.CNAMELoop", NULL
);
408 if (r
== DNS_QUERY_CNAME
) {
409 /* This was a cname, and the query was restarted. */
414 question
= dns_query_question_for_protocol(q
, q
->answer_protocol
);
416 DNS_ANSWER_FOREACH_IFINDEX(rr
, ifindex
, q
->answer
) {
417 _cleanup_(json_variant_unrefp
) JsonVariant
*entry
= NULL
;
418 _cleanup_free_
char *normalized
= NULL
;
420 r
= dns_question_matches_rr(question
, rr
, NULL
);
426 r
= dns_name_normalize(rr
->ptr
.name
, 0, &normalized
);
430 r
= json_build(&entry
,
432 JSON_BUILD_PAIR_CONDITION(ifindex
> 0, "ifindex", JSON_BUILD_INTEGER(ifindex
)),
433 JSON_BUILD_PAIR("name", JSON_BUILD_STRING(normalized
))));
437 r
= json_variant_append_array(&array
, entry
);
442 if (json_variant_is_blank_object(array
)) {
443 r
= varlink_error(q
->varlink_request
, "io.systemd.Resolve.NoSuchResourceRecord", NULL
);
447 r
= varlink_replyb(q
->varlink_request
,
449 JSON_BUILD_PAIR("names", JSON_BUILD_VARIANT(array
)),
450 JSON_BUILD_PAIR("flags", JSON_BUILD_INTEGER(dns_query_reply_flags_make(q
)))));
453 log_error_errno(r
, "Failed to send address reply: %m");
454 r
= varlink_error_errno(q
->varlink_request
, r
);
458 static int vl_method_resolve_address(Varlink
*link
, JsonVariant
*parameters
, VarlinkMethodFlags flags
, void *userdata
) {
459 static const JsonDispatch dispatch_table
[] = {
460 { "ifindex", JSON_VARIANT_UNSIGNED
, json_dispatch_int
, offsetof(LookupParameters
, ifindex
), 0 },
461 { "family", JSON_VARIANT_UNSIGNED
, json_dispatch_int
, offsetof(LookupParameters
, family
), JSON_MANDATORY
},
462 { "address", JSON_VARIANT_ARRAY
, json_dispatch_address
, 0, JSON_MANDATORY
},
463 { "flags", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(LookupParameters
, flags
), 0 },
467 _cleanup_(dns_question_unrefp
) DnsQuestion
*question
= NULL
;
468 _cleanup_(lookup_parameters_destroy
) LookupParameters p
= {
471 _cleanup_(dns_query_freep
) DnsQuery
*q
= NULL
;
477 m
= varlink_server_get_userdata(varlink_get_server(link
));
480 if (FLAGS_SET(flags
, VARLINK_METHOD_ONEWAY
))
483 r
= json_dispatch(parameters
, dispatch_table
, NULL
, 0, &p
);
488 return varlink_error_invalid_parameter(link
, JSON_VARIANT_STRING_CONST("ifindex"));
490 if (!IN_SET(p
.family
, AF_INET
, AF_INET6
))
491 return varlink_error_invalid_parameter(link
, JSON_VARIANT_STRING_CONST("family"));
493 if (FAMILY_ADDRESS_SIZE(p
.family
) != p
.address_size
)
494 return varlink_error(link
, "io.systemd.UserDatabase.BadAddressSize", NULL
);
496 if (!validate_and_mangle_flags(NULL
, &p
.flags
, 0))
497 return varlink_error_invalid_parameter(link
, JSON_VARIANT_STRING_CONST("flags"));
499 r
= dns_question_new_reverse(&question
, p
.family
, &p
.address
);
503 r
= dns_query_new(m
, &q
, question
, question
, NULL
, p
.ifindex
, p
.flags
|SD_RESOLVED_NO_SEARCH
);
507 q
->varlink_request
= varlink_ref(link
);
508 varlink_set_userdata(link
, q
);
510 q
->request_family
= p
.family
;
511 q
->request_address
= p
.address
;
512 q
->complete
= vl_method_resolve_address_complete
;
522 int manager_varlink_init(Manager
*m
) {
523 _cleanup_(varlink_server_unrefp
) VarlinkServer
*s
= NULL
;
528 if (m
->varlink_server
)
531 r
= varlink_server_new(&s
, VARLINK_SERVER_ACCOUNT_UID
);
533 return log_error_errno(r
, "Failed to allocate varlink server object: %m");
535 varlink_server_set_userdata(s
, m
);
537 r
= varlink_server_bind_method_many(
539 "io.systemd.Resolve.ResolveHostname", vl_method_resolve_hostname
,
540 "io.systemd.Resolve.ResolveAddress", vl_method_resolve_address
);
542 return log_error_errno(r
, "Failed to register varlink methods: %m");
544 r
= varlink_server_bind_disconnect(s
, vl_on_disconnect
);
546 return log_error_errno(r
, "Failed to register varlink disconnect handler: %m");
548 r
= varlink_server_listen_address(s
, "/run/systemd/resolve/io.systemd.Resolve", 0666);
550 return log_error_errno(r
, "Failed to bind to varlink socket: %m");
552 r
= varlink_server_attach_event(s
, m
->event
, SD_EVENT_PRIORITY_NORMAL
);
554 return log_error_errno(r
, "Failed to attach varlink connection to event loop: %m");
556 m
->varlink_server
= TAKE_PTR(s
);
560 void manager_varlink_done(Manager
*m
) {
563 m
->varlink_server
= varlink_server_unref(m
->varlink_server
);