1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
3 #include "alloc-util.h"
4 #include "conf-parser.h"
6 #include "extract-word.h"
8 #include "parse-util.h"
9 #include "resolved-conf.h"
10 #include "resolved-dnssd.h"
11 #include "resolved-manager.h"
12 #include "resolved-dns-search-domain.h"
13 #include "resolved-dns-stub.h"
14 #include "dns-domain.h"
15 #include "socket-netlink.h"
16 #include "specifier.h"
17 #include "string-table.h"
18 #include "string-util.h"
22 DEFINE_CONFIG_PARSE_ENUM(config_parse_dns_stub_listener_mode
, dns_stub_listener_mode
, DnsStubListenerMode
, "Failed to parse DNS stub listener mode setting");
24 static int manager_add_dns_server_by_string(Manager
*m
, DnsServerType type
, const char *word
) {
25 _cleanup_free_
char *server_name
= NULL
;
26 union in_addr_union address
;
27 int family
, r
, ifindex
= 0;
34 r
= in_addr_port_ifindex_name_from_string_auto(word
, &family
, &address
, &port
, &ifindex
, &server_name
);
38 /* Silently filter out 0.0.0.0, 127.0.0.53, 127.0.0.54 (our own stub DNS listener) */
39 if (!dns_server_address_valid(family
, &address
))
42 /* By default, the port number is determined with the transaction feature level.
43 * See dns_transaction_port() and dns_server_port(). */
44 if (IN_SET(port
, 53, 853))
47 /* Filter out duplicates */
48 s
= dns_server_find(manager_get_first_dns_server(m
, type
), family
, &address
, port
, ifindex
, server_name
);
50 /* Drop the marker. This is used to find the servers that ceased to exist, see
51 * manager_mark_dns_servers() and manager_flush_marked_dns_servers(). */
52 dns_server_move_back_and_unmark(s
);
56 return dns_server_new(m
, NULL
, type
, NULL
, family
, &address
, port
, ifindex
, server_name
);
59 int manager_parse_dns_server_string_and_warn(Manager
*m
, DnsServerType type
, const char *string
) {
66 _cleanup_free_
char *word
= NULL
;
68 r
= extract_first_word(&string
, &word
, NULL
, 0);
72 r
= manager_add_dns_server_by_string(m
, type
, word
);
74 log_warning_errno(r
, "Failed to add DNS server address '%s', ignoring: %m", word
);
78 static int manager_add_search_domain_by_string(Manager
*m
, const char *domain
) {
86 route_only
= *domain
== '~';
90 if (dns_name_is_root(domain
) || streq(domain
, "*")) {
95 r
= dns_search_domain_find(m
->search_domains
, domain
, &d
);
99 dns_search_domain_move_back_and_unmark(d
);
101 r
= dns_search_domain_new(m
, &d
, DNS_SEARCH_DOMAIN_SYSTEM
, NULL
, domain
);
106 d
->route_only
= route_only
;
110 int manager_parse_search_domains_and_warn(Manager
*m
, const char *string
) {
117 _cleanup_free_
char *word
= NULL
;
119 r
= extract_first_word(&string
, &word
, NULL
, EXTRACT_UNQUOTE
);
123 r
= manager_add_search_domain_by_string(m
, word
);
125 log_warning_errno(r
, "Failed to add search domain '%s', ignoring: %m", word
);
129 int config_parse_dns_servers(
131 const char *filename
,
134 unsigned section_line
,
141 Manager
*m
= ASSERT_PTR(userdata
);
149 /* Empty assignment means clear the list */
150 dns_server_unlink_all(manager_get_first_dns_server(m
, ltype
));
152 /* Otherwise, add to the list */
153 r
= manager_parse_dns_server_string_and_warn(m
, ltype
, rvalue
);
155 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
156 "Failed to parse DNS server string '%s', ignoring.", rvalue
);
161 /* If we have a manual setting, then we stop reading
162 * /etc/resolv.conf */
163 if (ltype
== DNS_SERVER_SYSTEM
)
164 m
->read_resolv_conf
= false;
165 if (ltype
== DNS_SERVER_FALLBACK
)
166 m
->need_builtin_fallbacks
= false;
171 int config_parse_search_domains(
173 const char *filename
,
176 unsigned section_line
,
183 Manager
*m
= ASSERT_PTR(userdata
);
191 /* Empty assignment means clear the list */
192 dns_search_domain_unlink_all(m
->search_domains
);
194 /* Otherwise, add to the list */
195 r
= manager_parse_search_domains_and_warn(m
, rvalue
);
197 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
198 "Failed to parse search domains string '%s', ignoring.", rvalue
);
203 /* If we have a manual setting, then we stop reading
204 * /etc/resolv.conf */
205 m
->read_resolv_conf
= false;
210 int config_parse_dnssd_service_name(
212 const char *filename
,
215 unsigned section_line
,
222 static const Specifier specifier_table
[] = {
223 { 'a', specifier_architecture
, NULL
},
224 { 'b', specifier_boot_id
, NULL
},
225 { 'B', specifier_os_build_id
, NULL
},
226 { 'H', specifier_hostname
, NULL
}, /* We will use specifier_dnssd_hostname(). */
227 { 'm', specifier_machine_id
, NULL
},
228 { 'o', specifier_os_id
, NULL
},
229 { 'v', specifier_kernel_release
, NULL
},
230 { 'w', specifier_os_version_id
, NULL
},
231 { 'W', specifier_os_variant_id
, NULL
},
234 DnssdService
*s
= ASSERT_PTR(userdata
);
235 _cleanup_free_
char *name
= NULL
;
242 if (isempty(rvalue
)) {
243 s
->name_template
= mfree(s
->name_template
);
247 r
= specifier_printf(rvalue
, DNS_LABEL_MAX
, specifier_table
, NULL
, NULL
, &name
);
249 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
250 "Invalid service instance name template '%s', ignoring assignment: %m", rvalue
);
254 if (!dns_service_name_is_valid(name
)) {
255 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0,
256 "Service instance name template '%s' renders to invalid name '%s'. Ignoring assignment.",
261 return free_and_strdup_warn(&s
->name_template
, rvalue
);
264 int config_parse_dnssd_service_type(
266 const char *filename
,
269 unsigned section_line
,
276 DnssdService
*s
= ASSERT_PTR(userdata
);
283 if (isempty(rvalue
)) {
284 s
->type
= mfree(s
->type
);
288 if (!dnssd_srv_type_is_valid(rvalue
)) {
289 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Service type is invalid. Ignoring.");
293 r
= free_and_strdup(&s
->type
, rvalue
);
300 int config_parse_dnssd_txt(
302 const char *filename
,
305 unsigned section_line
,
312 _cleanup_(dnssd_txtdata_freep
) DnssdTxtData
*txt_data
= NULL
;
313 DnssdService
*s
= ASSERT_PTR(userdata
);
314 DnsTxtItem
*last
= NULL
;
320 if (isempty(rvalue
)) {
321 /* Flush out collected items */
322 s
->txt_data_items
= dnssd_txtdata_free_all(s
->txt_data_items
);
326 txt_data
= new0(DnssdTxtData
, 1);
331 _cleanup_free_
char *word
= NULL
, *key
= NULL
, *value
= NULL
;
332 _cleanup_free_
void *decoded
= NULL
;
337 r
= extract_first_word(&rvalue
, &word
, NULL
,
338 EXTRACT_UNQUOTE
|EXTRACT_CUNESCAPE
|EXTRACT_UNESCAPE_RELAX
);
344 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
, "Invalid syntax, ignoring: %s", rvalue
);
348 r
= split_pair(word
, "=", &key
, &value
);
352 key
= TAKE_PTR(word
);
354 if (!ascii_is_valid(key
)) {
355 log_syntax(unit
, LOG_WARNING
, filename
, line
, 0, "Invalid key, ignoring: %s", key
);
361 case DNS_TXT_ITEM_DATA
:
363 r
= unbase64mem(value
, strlen(value
), &decoded
, &length
);
367 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
368 "Invalid base64 encoding, ignoring: %s", value
);
373 r
= dnssd_txt_item_new_from_data(key
, decoded
, length
, &i
);
378 case DNS_TXT_ITEM_TEXT
:
379 r
= dnssd_txt_item_new_from_string(key
, value
, &i
);
385 assert_not_reached();
388 LIST_INSERT_AFTER(items
, txt_data
->txts
, last
, i
);
392 if (txt_data
->txts
) {
393 LIST_PREPEND(items
, s
->txt_data_items
, txt_data
);
400 int config_parse_dns_stub_listener_extra(
402 const char *filename
,
405 unsigned section_line
,
412 _cleanup_free_ DnsStubListenerExtra
*stub
= NULL
;
413 Manager
*m
= userdata
;
422 if (isempty(rvalue
)) {
423 m
->dns_extra_stub_listeners
= ordered_set_free(m
->dns_extra_stub_listeners
);
427 r
= dns_stub_listener_extra_new(m
, &stub
);
431 p
= startswith(rvalue
, "udp:");
433 stub
->mode
= DNS_STUB_LISTENER_UDP
;
435 p
= startswith(rvalue
, "tcp:");
437 stub
->mode
= DNS_STUB_LISTENER_TCP
;
439 stub
->mode
= DNS_STUB_LISTENER_YES
;
444 r
= in_addr_port_ifindex_name_from_string_auto(p
, &stub
->family
, &stub
->address
, &stub
->port
, NULL
, NULL
);
446 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
447 "Failed to parse address in %s=%s, ignoring assignment: %m",
452 r
= ordered_set_ensure_put(&m
->dns_extra_stub_listeners
, &dns_stub_listener_extra_hash_ops
, stub
);
456 log_syntax(unit
, LOG_WARNING
, filename
, line
, r
,
457 "Failed to store %s=%s, ignoring assignment: %m", lvalue
, rvalue
);
466 int manager_parse_config_file(Manager
*m
) {
471 r
= config_parse_many_nulstr(
472 PKGSYSCONFDIR
"/resolved.conf",
473 CONF_PATHS_NULSTR("systemd/resolved.conf.d"),
475 config_item_perf_lookup
, resolved_gperf_lookup
,
482 if (m
->need_builtin_fallbacks
) {
483 r
= manager_parse_dns_server_string_and_warn(m
, DNS_SERVER_FALLBACK
, DNS_SERVERS
);
488 #if !HAVE_OPENSSL_OR_GCRYPT
489 if (m
->dnssec_mode
!= DNSSEC_NO
) {
490 log_warning("DNSSEC option cannot be enabled or set to allow-downgrade when systemd-resolved is built without a cryptographic library. Turning off DNSSEC support.");
491 m
->dnssec_mode
= DNSSEC_NO
;
495 #if !ENABLE_DNS_OVER_TLS
496 if (m
->dns_over_tls_mode
!= DNS_OVER_TLS_NO
) {
497 log_warning("DNS-over-TLS option cannot be enabled or set to opportunistic when systemd-resolved is built without DNS-over-TLS support. Turning off DNS-over-TLS support.");
498 m
->dns_over_tls_mode
= DNS_OVER_TLS_NO
;