]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/resolved-varlink.c
projects / thirdparty / systemd.git / blob
? search:


dc5a98acbd56c6a932d76e824c756926298087d5
[thirdparty/systemd.git] / src / resolve / resolved-varlink.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include "glyph-util.h"
4 #include "in-addr-util.h"
5 #include "resolved-dns-synthesize.h"
6 #include "resolved-varlink.h"
7 #include "socket-netlink.h"
8
9 typedef struct LookupParameters {
10 int ifindex;
11 uint64_t flags;
12 int family;
13 union in_addr_union address;
14 size_t address_size;
15 char *name;
16 } LookupParameters;
17
18 static void lookup_parameters_destroy(LookupParameters *p) {
19 assert(p);
20 free(p->name);
21 }
22
23 static int reply_query_state(DnsQuery *q) {
24
25 assert(q);
26 assert(q->varlink_request);
27
28 switch (q->state) {
29
30 case DNS_TRANSACTION_NO_SERVERS:
31 return varlink_error(q->varlink_request, "io.systemd.Resolve.NoNameServers", NULL);
32
33 case DNS_TRANSACTION_TIMEOUT:
34 return varlink_error(q->varlink_request, "io.systemd.Resolve.QueryTimedOut", NULL);
35
36 case DNS_TRANSACTION_ATTEMPTS_MAX_REACHED:
37 return varlink_error(q->varlink_request, "io.systemd.Resolve.MaxAttemptsReached", NULL);
38
39 case DNS_TRANSACTION_INVALID_REPLY:
40 return varlink_error(q->varlink_request, "io.systemd.Resolve.InvalidReply", NULL);
41
42 case DNS_TRANSACTION_ERRNO:
43 return varlink_error_errno(q->varlink_request, q->answer_errno);
44
45 case DNS_TRANSACTION_ABORTED:
46 return varlink_error(q->varlink_request, "io.systemd.Resolve.QueryAborted", NULL);
47
48 case DNS_TRANSACTION_DNSSEC_FAILED:
49 return varlink_errorb(q->varlink_request, "io.systemd.Resolve.DNSSECValidationFailed",
50 JSON_BUILD_OBJECT(JSON_BUILD_PAIR("result", JSON_BUILD_STRING(dnssec_result_to_string(q->answer_dnssec_result)))));
51
52 case DNS_TRANSACTION_NO_TRUST_ANCHOR:
53 return varlink_error(q->varlink_request, "io.systemd.Resolve.NoTrustAnchor", NULL);
54
55 case DNS_TRANSACTION_RR_TYPE_UNSUPPORTED:
56 return varlink_error(q->varlink_request, "io.systemd.Resolve.ResourceRecordTypeUnsupported", NULL);
57
58 case DNS_TRANSACTION_NETWORK_DOWN:
59 return varlink_error(q->varlink_request, "io.systemd.Resolve.NetworkDown", NULL);
60
61 case DNS_TRANSACTION_NO_SOURCE:
62 return varlink_error(q->varlink_request, "io.systemd.Resolve.NoSource", NULL);
63
64 case DNS_TRANSACTION_STUB_LOOP:
65 return varlink_error(q->varlink_request, "io.systemd.Resolve.StubLoop", NULL);
66
67 case DNS_TRANSACTION_NOT_FOUND:
68 /* We return this as NXDOMAIN. This is only generated when a host doesn't implement LLMNR/TCP, and we
69 * thus quickly know that we cannot resolve an in-addr.arpa or ip6.arpa address. */
70 return varlink_errorb(q->varlink_request, "io.systemd.Resolve.DNSError",
71 JSON_BUILD_OBJECT(JSON_BUILD_PAIR("rcode", JSON_BUILD_INTEGER(DNS_RCODE_NXDOMAIN))));
72
73 case DNS_TRANSACTION_RCODE_FAILURE:
74 return varlink_errorb(q->varlink_request, "io.systemd.Resolve.DNSError",
75 JSON_BUILD_OBJECT(JSON_BUILD_PAIR("rcode", JSON_BUILD_INTEGER(q->answer_rcode))));
76
77 case DNS_TRANSACTION_NULL:
78 case DNS_TRANSACTION_PENDING:
79 case DNS_TRANSACTION_VALIDATING:
80 case DNS_TRANSACTION_SUCCESS:
81 default:
82 assert_not_reached();
83 }
84 }
85
86 static void vl_on_disconnect(VarlinkServer *s, Varlink *link, void *userdata) {
87 DnsQuery *q;
88
89 assert(s);
90 assert(link);
91
92 q = varlink_get_userdata(link);
93 if (!q)
94 return;
95
96 if (!DNS_TRANSACTION_IS_LIVE(q->state))
97 return;
98
99 log_debug("Client of active query vanished, aborting query.");
100 dns_query_complete(q, DNS_TRANSACTION_ABORTED);
101 }
102
103 static bool validate_and_mangle_flags(
104 const char *name,
105 uint64_t *flags,
106 uint64_t ok) {
107
108 assert(flags);
109
110 /* This checks that the specified client-provided flags parameter actually makes sense, and mangles
111 * it slightly. Specifically:
112 *
113 * 1. We check that only the protocol flags and a bunch of NO_XYZ flags are on at most, plus the
114 * method-specific flags specified in 'ok'.
115 *
116 * 2. If no protocols are enabled we automatically convert that to "all protocols are enabled".
117 *
118 * The second rule means that clients can just pass 0 as flags for the common case, and all supported
119 * protocols are enabled. Moreover it's useful so that client's do not have to be aware of all
120 * protocols implemented in resolved, but can use 0 as protocols flags set as indicator for
121 * "everything".
122 */
123
124 if (*flags & ~(SD_RESOLVED_PROTOCOLS_ALL|
125 SD_RESOLVED_NO_CNAME|
126 SD_RESOLVED_NO_VALIDATE|
127 SD_RESOLVED_NO_SYNTHESIZE|
128 SD_RESOLVED_NO_CACHE|
129 SD_RESOLVED_NO_ZONE|
130 SD_RESOLVED_NO_TRUST_ANCHOR|
131 SD_RESOLVED_NO_NETWORK|
132 ok))
133 return false;
134
135 if ((*flags & SD_RESOLVED_PROTOCOLS_ALL) == 0) /* If no protocol is enabled, enable all */
136 *flags |= SD_RESOLVED_PROTOCOLS_ALL;
137
138 /* If the SD_RESOLVED_NO_SEARCH flag is acceptable, and the query name is dot-suffixed, turn off
139 * search domains. Note that DNS name normalization drops the dot suffix, hence we propagate this
140 * into the flags field as early as we can. */
141 if (name && FLAGS_SET(ok, SD_RESOLVED_NO_SEARCH) && dns_name_dot_suffixed(name) > 0)
142 *flags |= SD_RESOLVED_NO_SEARCH;
143
144 return true;
145 }
146
147 static void vl_method_resolve_hostname_complete(DnsQuery *query) {
148 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *canonical = NULL;
149 _cleanup_(json_variant_unrefp) JsonVariant *array = NULL;
150 _cleanup_(dns_query_freep) DnsQuery *q = query;
151 _cleanup_free_ char *normalized = NULL;
152 DnsResourceRecord *rr;
153 DnsQuestion *question;
154 int ifindex, r;
155
156 assert(q);
157
158 if (q->state != DNS_TRANSACTION_SUCCESS) {
159 r = reply_query_state(q);
160 goto finish;
161 }
162
163 r = dns_query_process_cname_many(q);
164 if (r == -ELOOP) {
165 r = varlink_error(q->varlink_request, "io.systemd.Resolve.CNAMELoop", NULL);
166 goto finish;
167 }
168 if (r < 0)
169 goto finish;
170 if (r == DNS_QUERY_CNAME) {
171 /* This was a cname, and the query was restarted. */
172 TAKE_PTR(q);
173 return;
174 }
175
176 question = dns_query_question_for_protocol(q, q->answer_protocol);
177
178 DNS_ANSWER_FOREACH_IFINDEX(rr, ifindex, q->answer) {
179 _cleanup_(json_variant_unrefp) JsonVariant *entry = NULL;
180 int family;
181 const void *p;
182
183 r = dns_question_matches_rr(question, rr, DNS_SEARCH_DOMAIN_NAME(q->answer_search_domain));
184 if (r < 0)
185 goto finish;
186 if (r == 0)
187 continue;
188
189 if (rr->key->type == DNS_TYPE_A) {
190 family = AF_INET;
191 p = &rr->a.in_addr;
192 } else if (rr->key->type == DNS_TYPE_AAAA) {
193 family = AF_INET6;
194 p = &rr->aaaa.in6_addr;
195 } else {
196 r = -EAFNOSUPPORT;
197 goto finish;
198 }
199
200 r = json_build(&entry,
201 JSON_BUILD_OBJECT(
202 JSON_BUILD_PAIR_CONDITION(ifindex > 0, "ifindex", JSON_BUILD_INTEGER(ifindex)),
203 JSON_BUILD_PAIR("family", JSON_BUILD_INTEGER(family)),
204 JSON_BUILD_PAIR("address", JSON_BUILD_BYTE_ARRAY(p, FAMILY_ADDRESS_SIZE(family)))));
205 if (r < 0)
206 goto finish;
207
208 if (!canonical)
209 canonical = dns_resource_record_ref(rr);
210
211 r = json_variant_append_array(&array, entry);
212 if (r < 0)
213 goto finish;
214 }
215
216 if (json_variant_is_blank_object(array)) {
217 r = varlink_error(q->varlink_request, "io.systemd.Resolve.NoSuchResourceRecord", NULL);
218 goto finish;
219 }
220
221 assert(canonical);
222 r = dns_name_normalize(dns_resource_key_name(canonical->key), 0, &normalized);
223 if (r < 0)
224 goto finish;
225
226 r = varlink_replyb(q->varlink_request,
227 JSON_BUILD_OBJECT(
228 JSON_BUILD_PAIR("addresses", JSON_BUILD_VARIANT(array)),
229 JSON_BUILD_PAIR("name", JSON_BUILD_STRING(normalized)),
230 JSON_BUILD_PAIR("flags", JSON_BUILD_INTEGER(dns_query_reply_flags_make(q)))));
231 finish:
232 if (r < 0) {
233 log_error_errno(r, "Failed to send hostname reply: %m");
234 r = varlink_error_errno(q->varlink_request, r);
235 }
236 }
237
238 static int parse_as_address(Varlink *link, LookupParameters *p) {
239 _cleanup_free_ char *canonical = NULL;
240 int r, ff, parsed_ifindex, ifindex;
241 union in_addr_union parsed;
242
243 assert(link);
244 assert(p);
245
246 /* Check if this parses as literal address. If so, just parse it and return that, do not involve networking */
247 r = in_addr_ifindex_from_string_auto(p->name, &ff, &parsed, &parsed_ifindex);
248 if (r < 0)
249 return 0; /* not a literal address */
250
251 /* Make sure the data we parsed matches what is requested */
252 if ((p->family != AF_UNSPEC && ff != p->family) ||
253 (p->ifindex > 0 && parsed_ifindex > 0 && parsed_ifindex != p->ifindex))
254 return varlink_error(link, "io.systemd.Resolve.NoSuchResourceRecord", NULL);
255
256 ifindex = parsed_ifindex > 0 ? parsed_ifindex : p->ifindex;
257
258 /* Reformat the address as string, to return as canonicalized name */
259 r = in_addr_ifindex_to_string(ff, &parsed, ifindex, &canonical);
260 if (r < 0)
261 return r;
262
263 return varlink_replyb(
264 link,
265 JSON_BUILD_OBJECT(
266 JSON_BUILD_PAIR("addresses",
267 JSON_BUILD_ARRAY(
268 JSON_BUILD_OBJECT(
269 JSON_BUILD_PAIR_CONDITION(ifindex > 0, "ifindex", JSON_BUILD_INTEGER(ifindex)),
270 JSON_BUILD_PAIR("family", JSON_BUILD_INTEGER(ff)),
271 JSON_BUILD_PAIR("address", JSON_BUILD_BYTE_ARRAY(&parsed, FAMILY_ADDRESS_SIZE(ff)))))),
272 JSON_BUILD_PAIR("name", JSON_BUILD_STRING(canonical)),
273 JSON_BUILD_PAIR("flags", JSON_BUILD_INTEGER(SD_RESOLVED_FLAGS_MAKE(dns_synthesize_protocol(p->flags), ff, true, true)|
274 SD_RESOLVED_SYNTHETIC))));
275 }
276
277 static int vl_method_resolve_hostname(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata) {
278 static const JsonDispatch dispatch_table[] = {
279 { "ifindex", JSON_VARIANT_UNSIGNED, json_dispatch_int, offsetof(LookupParameters, ifindex), 0 },
280 { "name", JSON_VARIANT_STRING, json_dispatch_string, offsetof(LookupParameters, name), JSON_MANDATORY },
281 { "family", JSON_VARIANT_UNSIGNED, json_dispatch_int, offsetof(LookupParameters, family), 0 },
282 { "flags", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(LookupParameters, flags), 0 },
283 {}
284 };
285
286 _cleanup_(dns_question_unrefp) DnsQuestion *question_idna = NULL, *question_utf8 = NULL;
287 _cleanup_(lookup_parameters_destroy) LookupParameters p = {
288 .family = AF_UNSPEC,
289 };
290 _cleanup_(dns_query_freep) DnsQuery *q = NULL;
291 Manager *m;
292 int r;
293
294 assert(link);
295
296 m = varlink_server_get_userdata(varlink_get_server(link));
297 assert(m);
298
299 if (FLAGS_SET(flags, VARLINK_METHOD_ONEWAY))
300 return -EINVAL;
301
302 r = json_dispatch(parameters, dispatch_table, NULL, 0, &p);
303 if (r < 0)
304 return r;
305
306 if (p.ifindex < 0)
307 return varlink_error_invalid_parameter(link, JSON_VARIANT_STRING_CONST("ifindex"));
308
309 r = dns_name_is_valid(p.name);
310 if (r < 0)
311 return r;
312 if (r == 0)
313 return varlink_error_invalid_parameter(link, JSON_VARIANT_STRING_CONST("name"));
314
315 if (!IN_SET(p.family, AF_UNSPEC, AF_INET, AF_INET6))
316 return varlink_error_invalid_parameter(link, JSON_VARIANT_STRING_CONST("family"));
317
318 if (!validate_and_mangle_flags(p.name, &p.flags, SD_RESOLVED_NO_SEARCH))
319 return varlink_error_invalid_parameter(link, JSON_VARIANT_STRING_CONST("flags"));
320
321 r = parse_as_address(link, &p);
322 if (r != 0)
323 return r;
324
325 r = dns_question_new_address(&question_utf8, p.family, p.name, false);
326 if (r < 0)
327 return r;
328
329 r = dns_question_new_address(&question_idna, p.family, p.name, true);
330 if (r < 0 && r != -EALREADY)
331 return r;
332
333 r = dns_query_new(m, &q, question_utf8, question_idna ?: question_utf8, NULL, p.ifindex, p.flags);
334 if (r < 0)
335 return r;
336
337 q->varlink_request = varlink_ref(link);
338 varlink_set_userdata(link, q);
339 q->request_family = p.family;
340 q->complete = vl_method_resolve_hostname_complete;
341
342 r = dns_query_go(q);
343 if (r < 0)
344 return r;
345
346 TAKE_PTR(q);
347 return 1;
348 }
349
350 static int json_dispatch_address(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
351 LookupParameters *p = userdata;
352 union in_addr_union buf = {};
353 JsonVariant *i;
354 size_t n, k = 0;
355
356 assert(variant);
357 assert(p);
358
359 if (!json_variant_is_array(variant))
360 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array.", strna(name));
361
362 n = json_variant_elements(variant);
363 if (!IN_SET(n, 4, 16))
364 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is array of unexpected size.", strna(name));
365
366 JSON_VARIANT_ARRAY_FOREACH(i, variant) {
367 int64_t b;
368
369 if (!json_variant_is_integer(i))
370 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Element %zu of JSON field '%s' is not an integer.", k, strna(name));
371
372 b = json_variant_integer(i);
373 if (b < 0 || b > 0xff)
374 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL),
375 "Element %zu of JSON field '%s' is out of range 0%s255.",
376 k, strna(name), special_glyph(SPECIAL_GLYPH_ELLIPSIS));
377
378 buf.bytes[k++] = (uint8_t) b;
379 }
380
381 p->address = buf;
382 p->address_size = k;
383
384 return 0;
385 }
386
387 static void vl_method_resolve_address_complete(DnsQuery *query) {
388 _cleanup_(json_variant_unrefp) JsonVariant *array = NULL;
389 _cleanup_(dns_query_freep) DnsQuery *q = query;
390 DnsQuestion *question;
391 DnsResourceRecord *rr;
392 int ifindex, r;
393
394 assert(q);
395
396 if (q->state != DNS_TRANSACTION_SUCCESS) {
397 r = reply_query_state(q);
398 goto finish;
399 }
400
401 r = dns_query_process_cname_many(q);
402 if (r == -ELOOP) {
403 r = varlink_error(q->varlink_request, "io.systemd.Resolve.CNAMELoop", NULL);
404 goto finish;
405 }
406 if (r < 0)
407 goto finish;
408 if (r == DNS_QUERY_CNAME) {
409 /* This was a cname, and the query was restarted. */
410 TAKE_PTR(q);
411 return;
412 }
413
414 question = dns_query_question_for_protocol(q, q->answer_protocol);
415
416 DNS_ANSWER_FOREACH_IFINDEX(rr, ifindex, q->answer) {
417 _cleanup_(json_variant_unrefp) JsonVariant *entry = NULL;
418 _cleanup_free_ char *normalized = NULL;
419
420 r = dns_question_matches_rr(question, rr, NULL);
421 if (r < 0)
422 goto finish;
423 if (r == 0)
424 continue;
425
426 r = dns_name_normalize(rr->ptr.name, 0, &normalized);
427 if (r < 0)
428 goto finish;
429
430 r = json_build(&entry,
431 JSON_BUILD_OBJECT(
432 JSON_BUILD_PAIR_CONDITION(ifindex > 0, "ifindex", JSON_BUILD_INTEGER(ifindex)),
433 JSON_BUILD_PAIR("name", JSON_BUILD_STRING(normalized))));
434 if (r < 0)
435 goto finish;
436
437 r = json_variant_append_array(&array, entry);
438 if (r < 0)
439 goto finish;
440 }
441
442 if (json_variant_is_blank_object(array)) {
443 r = varlink_error(q->varlink_request, "io.systemd.Resolve.NoSuchResourceRecord", NULL);
444 goto finish;
445 }
446
447 r = varlink_replyb(q->varlink_request,
448 JSON_BUILD_OBJECT(
449 JSON_BUILD_PAIR("names", JSON_BUILD_VARIANT(array)),
450 JSON_BUILD_PAIR("flags", JSON_BUILD_INTEGER(dns_query_reply_flags_make(q)))));
451 finish:
452 if (r < 0) {
453 log_error_errno(r, "Failed to send address reply: %m");
454 r = varlink_error_errno(q->varlink_request, r);
455 }
456 }
457
458 static int vl_method_resolve_address(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata) {
459 static const JsonDispatch dispatch_table[] = {
460 { "ifindex", JSON_VARIANT_UNSIGNED, json_dispatch_int, offsetof(LookupParameters, ifindex), 0 },
461 { "family", JSON_VARIANT_UNSIGNED, json_dispatch_int, offsetof(LookupParameters, family), JSON_MANDATORY },
462 { "address", JSON_VARIANT_ARRAY, json_dispatch_address, 0, JSON_MANDATORY },
463 { "flags", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(LookupParameters, flags), 0 },
464 {}
465 };
466
467 _cleanup_(dns_question_unrefp) DnsQuestion *question = NULL;
468 _cleanup_(lookup_parameters_destroy) LookupParameters p = {
469 .family = AF_UNSPEC,
470 };
471 _cleanup_(dns_query_freep) DnsQuery *q = NULL;
472 Manager *m;
473 int r;
474
475 assert(link);
476
477 m = varlink_server_get_userdata(varlink_get_server(link));
478 assert(m);
479
480 if (FLAGS_SET(flags, VARLINK_METHOD_ONEWAY))
481 return -EINVAL;
482
483 r = json_dispatch(parameters, dispatch_table, NULL, 0, &p);
484 if (r < 0)
485 return r;
486
487 if (p.ifindex < 0)
488 return varlink_error_invalid_parameter(link, JSON_VARIANT_STRING_CONST("ifindex"));
489
490 if (!IN_SET(p.family, AF_INET, AF_INET6))
491 return varlink_error_invalid_parameter(link, JSON_VARIANT_STRING_CONST("family"));
492
493 if (FAMILY_ADDRESS_SIZE(p.family) != p.address_size)
494 return varlink_error(link, "io.systemd.UserDatabase.BadAddressSize", NULL);
495
496 if (!validate_and_mangle_flags(NULL, &p.flags, 0))
497 return varlink_error_invalid_parameter(link, JSON_VARIANT_STRING_CONST("flags"));
498
499 r = dns_question_new_reverse(&question, p.family, &p.address);
500 if (r < 0)
501 return r;
502
503 r = dns_query_new(m, &q, question, question, NULL, p.ifindex, p.flags|SD_RESOLVED_NO_SEARCH);
504 if (r < 0)
505 return r;
506
507 q->varlink_request = varlink_ref(link);
508 varlink_set_userdata(link, q);
509
510 q->request_family = p.family;
511 q->request_address = p.address;
512 q->complete = vl_method_resolve_address_complete;
513
514 r = dns_query_go(q);
515 if (r < 0)
516 return r;
517
518 TAKE_PTR(q);
519 return 1;
520 }
521
522 int manager_varlink_init(Manager *m) {
523 _cleanup_(varlink_server_unrefp) VarlinkServer *s = NULL;
524 int r;
525
526 assert(m);
527
528 if (m->varlink_server)
529 return 0;
530
531 r = varlink_server_new(&s, VARLINK_SERVER_ACCOUNT_UID);
532 if (r < 0)
533 return log_error_errno(r, "Failed to allocate varlink server object: %m");
534
535 varlink_server_set_userdata(s, m);
536
537 r = varlink_server_bind_method_many(
538 s,
539 "io.systemd.Resolve.ResolveHostname", vl_method_resolve_hostname,
540 "io.systemd.Resolve.ResolveAddress", vl_method_resolve_address);
541 if (r < 0)
542 return log_error_errno(r, "Failed to register varlink methods: %m");
543
544 r = varlink_server_bind_disconnect(s, vl_on_disconnect);
545 if (r < 0)
546 return log_error_errno(r, "Failed to register varlink disconnect handler: %m");
547
548 r = varlink_server_listen_address(s, "/run/systemd/resolve/io.systemd.Resolve", 0666);
549 if (r < 0)
550 return log_error_errno(r, "Failed to bind to varlink socket: %m");
551
552 r = varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL);
553 if (r < 0)
554 return log_error_errno(r, "Failed to attach varlink connection to event loop: %m");
555
556 m->varlink_server = TAKE_PTR(s);
557 return 0;
558 }
559
560 void manager_varlink_done(Manager *m) {
561 assert(m);
562
563 m->varlink_server = varlink_server_unref(m->varlink_server);
564 }
Unnamed repository; edit this file 'description' to name the repository.