]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/resolve/resolved-dns-query.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
update TODO
[thirdparty/systemd.git] / src / resolve / resolved-dns-query.c
CommitLineData
53e1b683 1/* SPDX-License-Identifier: LGPL-2.1+ */
74b2466e 2
b5efdb8a 3#include "alloc-util.h"
2a1037af 4#include "dns-domain.h"
011696f7 5#include "dns-type.h"
b5efdb8a 6#include "hostname-util.h"
78c6a153 7#include "local-addresses.h"
74b2466e 8#include "resolved-dns-query.h"
839a4a20 9#include "resolved-dns-synthesize.h"
dd0bc0f1 10#include "resolved-etc-hosts.h"
23b298bc 11#include "string-util.h"
74b2466e 12
8ba9fd9c 13#define CNAME_MAX 8
39762fdf 14#define QUERIES_MAX 2048
45ec7efb 15#define AUXILIARY_QUERIES_MAX 64
8ba9fd9c 16
801ad6a6
LP		 17static int dns_query_candidate_new(DnsQueryCandidate **ret, DnsQuery *q, DnsScope *s) {
18 DnsQueryCandidate *c;
74b2466e 19
801ad6a6 20 assert(ret);
faa133f3 21 assert(q);
801ad6a6 22 assert(s);
74b2466e 23
801ad6a6
LP		 24 c = new0(DnsQueryCandidate, 1);
25 if (!c)
26 return -ENOMEM;
27
28 c->query = q;
29 c->scope = s;
30
31 LIST_PREPEND(candidates_by_query, q->candidates, c);
32 LIST_PREPEND(candidates_by_scope, s->query_candidates, c);
33
34 *ret = c;
35 return 0;
36}
37
38static void dns_query_candidate_stop(DnsQueryCandidate *c) {
39 DnsTransaction *t;
74b2466e 40
801ad6a6
LP		 41 assert(c);
42
43 while ((t = set_steal_first(c->transactions))) {
547973de 44 set_remove(t->notify_query_candidates, c);
35aa04e9 45 set_remove(t->notify_query_candidates_done, c);
ec2c5e43 46 dns_transaction_gc(t);
74b2466e 47 }
74b2466e
LP		 48}
49
801ad6a6
LP		 50DnsQueryCandidate* dns_query_candidate_free(DnsQueryCandidate *c) {
51
52 if (!c)
53 return NULL;
54
55 dns_query_candidate_stop(c);
56
57 set_free(c->transactions);
58 dns_search_domain_unref(c->search_domain);
59
60 if (c->query)
61 LIST_REMOVE(candidates_by_query, c->query->candidates, c);
62
63 if (c->scope)
64 LIST_REMOVE(candidates_by_scope, c->scope->query_candidates, c);
65
6b430fdb 66 return mfree(c);
801ad6a6
LP		 67}
68
69static int dns_query_candidate_next_search_domain(DnsQueryCandidate *c) {
801ad6a6
LP		 70 DnsSearchDomain *next = NULL;
71
72 assert(c);
73
ad44b56b 74 if (c->search_domain && c->search_domain->linked)
801ad6a6 75 next = c->search_domain->domains_next;
ad44b56b
LP		 76 else
77 next = dns_scope_get_search_domains(c->scope);
801ad6a6 78
ad44b56b 79 for (;;) {
6627b7e2
LP		 80 if (!next) /* We hit the end of the list */
81 return 0;
801ad6a6 82
ad44b56b
LP		 83 if (!next->route_only)
84 break;
801ad6a6 85
ad44b56b
LP		 86 /* Skip over route-only domains */
87 next = next->domains_next;
801ad6a6
LP		 88 }
89
90 dns_search_domain_unref(c->search_domain);
91 c->search_domain = dns_search_domain_ref(next);
6627b7e2 92
801ad6a6
LP		 93 return 1;
94}
95
96static int dns_query_candidate_add_transaction(DnsQueryCandidate *c, DnsResourceKey *key) {
29bd6012 97 _cleanup_(dns_transaction_gcp) DnsTransaction *t = NULL;
801ad6a6
LP		 98 int r;
99
100 assert(c);
101 assert(key);
102
801ad6a6
LP		 103 t = dns_scope_find_transaction(c->scope, key, true);
104 if (!t) {
105 r = dns_transaction_new(&t, c->scope, key);
106 if (r < 0)
107 return r;
29bd6012
ZJS		 108 } else if (set_contains(c->transactions, t))
109 return 0;
801ad6a6 110
35aa04e9
LP		 111 r = set_ensure_allocated(&t->notify_query_candidates_done, NULL);
112 if (r < 0)
29bd6012 113 return r;
35aa04e9 114
de7fef4b 115 r = set_ensure_put(&t->notify_query_candidates, NULL, c);
801ad6a6 116 if (r < 0)
29bd6012 117 return r;
801ad6a6 118
de7fef4b 119 r = set_ensure_put(&c->transactions, NULL, t);
801ad6a6 120 if (r < 0) {
547973de 121 (void) set_remove(t->notify_query_candidates, c);
29bd6012 122 return r;
801ad6a6
LP		 123 }
124
17c8de63 125 t->clamp_ttl = c->query->clamp_ttl;
29bd6012 126 TAKE_PTR(t);
547973de 127 return 1;
801ad6a6
LP		 128}
129
130static int dns_query_candidate_go(DnsQueryCandidate *c) {
131 DnsTransaction *t;
132 Iterator i;
133 int r;
011696f7 134 unsigned n = 0;
801ad6a6
LP		 135
136 assert(c);
137
138 /* Start the transactions that are not started yet */
139 SET_FOREACH(t, c->transactions, i) {
140 if (t->state != DNS_TRANSACTION_NULL)
141 continue;
142
143 r = dns_transaction_go(t);
144 if (r < 0)
145 return r;
011696f7
LP		 146
147 n++;
801ad6a6
LP		 148 }
149
011696f7
LP		 150 /* If there was nothing to start, then let's proceed immediately */
151 if (n == 0)
152 dns_query_candidate_notify(c);
153
801ad6a6
LP		 154 return 0;
155}
156
157static DnsTransactionState dns_query_candidate_state(DnsQueryCandidate *c) {
158 DnsTransactionState state = DNS_TRANSACTION_NO_SERVERS;
159 DnsTransaction *t;
160 Iterator i;
161
162 assert(c);
163
164 if (c->error_code != 0)
7cc6ed7b 165 return DNS_TRANSACTION_ERRNO;
801ad6a6
LP		 166
167 SET_FOREACH(t, c->transactions, i) {
168
169 switch (t->state) {
170
5264131a
LP		 171 case DNS_TRANSACTION_NULL:
172 /* If there's a NULL transaction pending, then
173 * this means not all transactions where
174 * started yet, and we were called from within
175 * the stackframe that is supposed to start
176 * remaining transactions. In this case,
177 * simply claim the candidate is pending. */
178
801ad6a6 179 case DNS_TRANSACTION_PENDING:
547973de
LP		 180 case DNS_TRANSACTION_VALIDATING:
181 /* If there's one transaction currently in
182 * VALIDATING state, then this means there's
183 * also one in PENDING state, hence we can
184 * return PENDING immediately. */
185 return DNS_TRANSACTION_PENDING;
801ad6a6
LP		 186
187 case DNS_TRANSACTION_SUCCESS:
188 state = t->state;
189 break;
190
191 default:
192 if (state != DNS_TRANSACTION_SUCCESS)
193 state = t->state;
194
195 break;
196 }
197 }
198
199 return state;
200}
201
202static int dns_query_candidate_setup_transactions(DnsQueryCandidate *c) {
23b298bc 203 DnsQuestion *question;
801ad6a6
LP		 204 DnsResourceKey *key;
205 int n = 0, r;
206
207 assert(c);
208
209 dns_query_candidate_stop(c);
210
23b298bc
LP		 211 question = dns_query_question_for_protocol(c->query, c->scope->protocol);
212
801ad6a6 213 /* Create one transaction per question key */
23b298bc 214 DNS_QUESTION_FOREACH(key, question) {
801ad6a6 215 _cleanup_(dns_resource_key_unrefp) DnsResourceKey *new_key = NULL;
011696f7
LP		 216 DnsResourceKey *qkey;
217
801ad6a6
LP		 218 if (c->search_domain) {
219 r = dns_resource_key_new_append_suffix(&new_key, key, c->search_domain->name);
220 if (r < 0)
221 goto fail;
801ad6a6 222
011696f7
LP		 223 qkey = new_key;
224 } else
225 qkey = key;
226
227 if (!dns_scope_good_key(c->scope, qkey))
228 continue;
229
230 r = dns_query_candidate_add_transaction(c, qkey);
801ad6a6
LP		 231 if (r < 0)
232 goto fail;
233
234 n++;
235 }
236
237 return n;
238
239fail:
240 dns_query_candidate_stop(c);
241 return r;
242}
243
547973de 244void dns_query_candidate_notify(DnsQueryCandidate *c) {
801ad6a6
LP		 245 DnsTransactionState state;
246 int r;
247
248 assert(c);
249
250 state = dns_query_candidate_state(c);
251
547973de 252 if (DNS_TRANSACTION_IS_LIVE(state))
801ad6a6
LP		 253 return;
254
255 if (state != DNS_TRANSACTION_SUCCESS && c->search_domain) {
256
257 r = dns_query_candidate_next_search_domain(c);
258 if (r < 0)
259 goto fail;
260
261 if (r > 0) {
262 /* OK, there's another search domain to try, let's do so. */
263
264 r = dns_query_candidate_setup_transactions(c);
265 if (r < 0)
266 goto fail;
267
268 if (r > 0) {
269 /* New transactions where queued. Start them and wait */
270
271 r = dns_query_candidate_go(c);
272 if (r < 0)
273 goto fail;
274
275 return;
276 }
277 }
278
279 }
280
281 dns_query_ready(c->query);
282 return;
283
284fail:
285 log_warning_errno(r, "Failed to follow search domains: %m");
286 c->error_code = r;
287 dns_query_ready(c->query);
288}
289
290static void dns_query_stop(DnsQuery *q) {
291 DnsQueryCandidate *c;
292
293 assert(q);
294
295 q->timeout_event_source = sd_event_source_unref(q->timeout_event_source);
296
297 LIST_FOREACH(candidates_by_query, c, q->candidates)
298 dns_query_candidate_stop(c);
299}
300
7820b320
LP		 301static void dns_query_free_candidates(DnsQuery *q) {
302 assert(q);
303
304 while (q->candidates)
305 dns_query_candidate_free(q->candidates);
306}
307
308static void dns_query_reset_answer(DnsQuery *q) {
309 assert(q);
310
311 q->answer = dns_answer_unref(q->answer);
312 q->answer_rcode = 0;
313 q->answer_dnssec_result = _DNSSEC_RESULT_INVALID;
7cc6ed7b 314 q->answer_errno = 0;
7820b320
LP		 315 q->answer_authenticated = false;
316 q->answer_protocol = _DNS_PROTOCOL_INVALID;
317 q->answer_family = AF_UNSPEC;
318 q->answer_search_domain = dns_search_domain_unref(q->answer_search_domain);
319}
320
74b2466e 321DnsQuery *dns_query_free(DnsQuery *q) {
74b2466e
LP		 322 if (!q)
323 return NULL;
324
45ec7efb
LP		 325 while (q->auxiliary_queries)
326 dns_query_free(q->auxiliary_queries);
327
328 if (q->auxiliary_for) {
329 assert(q->auxiliary_for->n_auxiliary_queries > 0);
330 q->auxiliary_for->n_auxiliary_queries--;
331 LIST_REMOVE(auxiliary_queries, q->auxiliary_for->auxiliary_queries, q);
332 }
333
7820b320 334 dns_query_free_candidates(q);
322345fd 335
23b298bc
LP		 336 dns_question_unref(q->question_idna);
337 dns_question_unref(q->question_utf8);
7820b320
LP		 338
339 dns_query_reset_answer(q);
322345fd 340
ec2c5e43 341 sd_bus_message_unref(q->request);
82bd6ddd 342 sd_bus_track_unref(q->bus_track);
74b2466e 343
b30bf55d 344 dns_packet_unref(q->request_dns_packet);
e8d23f92 345 dns_packet_unref(q->reply_dns_packet);
b30bf55d
LP		 346
347 if (q->request_dns_stream) {
348 /* Detach the stream from our query, in case something else keeps a reference to it. */
b412af57
LP		 349 (void) set_remove(q->request_dns_stream->queries, q);
350 q->request_dns_stream = dns_stream_unref(q->request_dns_stream);
b30bf55d
LP		 351 }
352
23b298bc
LP		 353 free(q->request_address_string);
354
39762fdf 355 if (q->manager) {
74b2466e 356 LIST_REMOVE(queries, q->manager->dns_queries, q);
39762fdf
LP		 357 q->manager->n_dns_queries--;
358 }
74b2466e 359
6b430fdb 360 return mfree(q);
74b2466e
LP		 361}
362
23b298bc
LP		 363int dns_query_new(
364 Manager *m,
365 DnsQuery **ret,
366 DnsQuestion *question_utf8,
367 DnsQuestion *question_idna,
17c8de63
LP		 368 int ifindex,
369 uint64_t flags) {
23b298bc 370
74b2466e 371 _cleanup_(dns_query_freep) DnsQuery *q = NULL;
23b298bc
LP		 372 DnsResourceKey *key;
373 bool good = false;
faa133f3 374 int r;
202b76ae 375 char key_str[DNS_RESOURCE_KEY_STRING_MAX];
74b2466e
LP		 376
377 assert(m);
378
23b298bc
LP		 379 if (dns_question_size(question_utf8) > 0) {
380 r = dns_question_is_valid_for_query(question_utf8);
381 if (r < 0)
382 return r;
383 if (r == 0)
384 return -EINVAL;
385
386 good = true;
387 }
388
389 /* If the IDNA and UTF8 questions are the same, merge their references */
390 r = dns_question_is_equal(question_idna, question_utf8);
faa133f3
LP		 391 if (r < 0)
392 return r;
23b298bc
LP		 393 if (r > 0)
394 question_idna = question_utf8;
395 else {
396 if (dns_question_size(question_idna) > 0) {
397 r = dns_question_is_valid_for_query(question_idna);
398 if (r < 0)
399 return r;
400 if (r == 0)
401 return -EINVAL;
402
403 good = true;
404 }
405 }
406
407 if (!good) /* don't allow empty queries */
408 return -EINVAL;
74b2466e 409
39762fdf
LP		 410 if (m->n_dns_queries >= QUERIES_MAX)
411 return -EBUSY;
412
74b2466e
LP		 413 q = new0(DnsQuery, 1);
414 if (!q)
415 return -ENOMEM;
416
23b298bc
LP		 417 q->question_utf8 = dns_question_ref(question_utf8);
418 q->question_idna = dns_question_ref(question_idna);
51323288
LP		 419 q->ifindex = ifindex;
420 q->flags = flags;
7820b320 421 q->answer_dnssec_result = _DNSSEC_RESULT_INVALID;
801ad6a6 422 q->answer_protocol = _DNS_PROTOCOL_INVALID;
7820b320 423 q->answer_family = AF_UNSPEC;
322345fd 424
23b298bc 425 /* First dump UTF8 question */
202b76ae
ZJS		 426 DNS_QUESTION_FOREACH(key, question_utf8)
427 log_debug("Looking up RR for %s.",
428 dns_resource_key_to_string(key, key_str, sizeof key_str));
23b298bc
LP		 429
430 /* And then dump the IDNA question, but only what hasn't been dumped already through the UTF8 question. */
431 DNS_QUESTION_FOREACH(key, question_idna) {
23b298bc
LP		 432 r = dns_question_contains(question_utf8, key);
433 if (r < 0)
434 return r;
435 if (r > 0)
436 continue;
437
202b76ae
ZJS		 438 log_debug("Looking up IDNA RR for %s.",
439 dns_resource_key_to_string(key, key_str, sizeof key_str));
74b2466e
LP		 440 }
441
442 LIST_PREPEND(queries, m->dns_queries, q);
39762fdf 443 m->n_dns_queries++;
74b2466e
LP		 444 q->manager = m;
445
8ba9fd9c
LP		 446 if (ret)
447 *ret = q;
448 q = NULL;
449
450 return 0;
451}
452
45ec7efb
LP		 453int dns_query_make_auxiliary(DnsQuery *q, DnsQuery *auxiliary_for) {
454 assert(q);
455 assert(auxiliary_for);
456
61233823 457 /* Ensure that the query is not auxiliary yet, and
45ec7efb
LP		 458 * nothing else is auxiliary to it either */
459 assert(!q->auxiliary_for);
460 assert(!q->auxiliary_queries);
461
462 /* Ensure that the unit we shall be made auxiliary for isn't
463 * auxiliary itself */
464 assert(!auxiliary_for->auxiliary_for);
465
466 if (auxiliary_for->n_auxiliary_queries >= AUXILIARY_QUERIES_MAX)
467 return -EAGAIN;
468
469 LIST_PREPEND(auxiliary_queries, auxiliary_for->auxiliary_queries, q);
470 q->auxiliary_for = auxiliary_for;
471
472 auxiliary_for->n_auxiliary_queries++;
473 return 0;
474}
475
ec2c5e43 476static void dns_query_complete(DnsQuery *q, DnsTransactionState state) {
8ba9fd9c 477 assert(q);
547973de
LP		 478 assert(!DNS_TRANSACTION_IS_LIVE(state));
479 assert(DNS_TRANSACTION_IS_LIVE(q->state));
8ba9fd9c 480
322345fd
LP		 481 /* Note that this call might invalidate the query. Callers
482 * should hence not attempt to access the query or transaction
483 * after calling this function. */
8ba9fd9c 484
8ba9fd9c
LP		 485 q->state = state;
486
322345fd
LP		 487 dns_query_stop(q);
488 if (q->complete)
489 q->complete(q);
8ba9fd9c
LP		 490}
491
492static int on_query_timeout(sd_event_source *s, usec_t usec, void *userdata) {
493 DnsQuery *q = userdata;
494
495 assert(s);
496 assert(q);
497
ec2c5e43 498 dns_query_complete(q, DNS_TRANSACTION_TIMEOUT);
8ba9fd9c
LP		 499 return 0;
500}
501
801ad6a6 502static int dns_query_add_candidate(DnsQuery *q, DnsScope *s) {
7877e5ca 503 _cleanup_(dns_query_candidate_freep) DnsQueryCandidate *c = NULL;
faa133f3
LP		 504 int r;
505
506 assert(q);
ec2c5e43 507 assert(s);
faa133f3 508
801ad6a6 509 r = dns_query_candidate_new(&c, q, s);
faa133f3
LP		 510 if (r < 0)
511 return r;
512
801ad6a6 513 /* If this a single-label domain on DNS, we might append a suitable search domain first. */
3b5bd7d6
ZJS		 514 if (!FLAGS_SET(q->flags, SD_RESOLVED_NO_SEARCH) &&
515 dns_scope_name_wants_search_domain(s, dns_question_first_name(q->question_idna))) {
516 /* OK, we want a search domain now. Let's find one for this scope */
22f711bb 517
6da95857 518 r = dns_query_candidate_next_search_domain(c);
3b5bd7d6 519 if (r < 0)
7877e5ca 520 return r;
faa133f3
LP		 521 }
522
801ad6a6
LP		 523 r = dns_query_candidate_setup_transactions(c);
524 if (r < 0)
7877e5ca 525 return r;
801ad6a6 526
7877e5ca 527 TAKE_PTR(c);
faa133f3 528 return 0;
faa133f3
LP		 529}
530
78c6a153 531static int dns_query_synthesize_reply(DnsQuery *q, DnsTransactionState *state) {
2a1037af 532 _cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL;
dd0bc0f1 533 int r;
2a1037af
LP		 534
535 assert(q);
536 assert(state);
537
dd0bc0f1
LP		 538 /* Tries to synthesize localhost RR replies (and others) where appropriate. Note that this is done *after* the
539 * the normal lookup finished. The data from the network hence takes precedence over the data we
540 * synthesize. (But note that many scopes refuse to resolve certain domain names) */
2a1037af
LP		 541
542 if (!IN_SET(*state,
3bbdc31d 543 DNS_TRANSACTION_RCODE_FAILURE,
2a1037af
LP		 544 DNS_TRANSACTION_NO_SERVERS,
545 DNS_TRANSACTION_TIMEOUT,
edbcc1fd 546 DNS_TRANSACTION_ATTEMPTS_MAX_REACHED,
0791110f
LP		 547 DNS_TRANSACTION_NETWORK_DOWN,
548 DNS_TRANSACTION_NOT_FOUND))
78c6a153 549 return 0;
2a1037af 550
839a4a20
LP		 551 r = dns_synthesize_answer(
552 q->manager,
553 q->question_utf8,
554 q->ifindex,
dd0bc0f1 555 &answer);
acf06088
LP		 556 if (r == -ENXIO) {
557 /* If we get ENXIO this tells us to generate NXDOMAIN unconditionally. */
2a1037af 558
acf06088
LP		 559 dns_query_reset_answer(q);
560 q->answer_rcode = DNS_RCODE_NXDOMAIN;
561 q->answer_protocol = dns_synthesize_protocol(q->flags);
562 q->answer_family = dns_synthesize_family(q->flags);
563 q->answer_authenticated = true;
564 *state = DNS_TRANSACTION_RCODE_FAILURE;
565
566 return 0;
567 }
839a4a20
LP		 568 if (r <= 0)
569 return r;
2a1037af 570
839a4a20 571 dns_query_reset_answer(q);
2a1037af 572
1cc6c93a 573 q->answer = TAKE_PTR(answer);
2a1037af 574 q->answer_rcode = DNS_RCODE_SUCCESS;
dd0bc0f1
LP		 575 q->answer_protocol = dns_synthesize_protocol(q->flags);
576 q->answer_family = dns_synthesize_family(q->flags);
839a4a20 577 q->answer_authenticated = true;
2a1037af
LP		 578
579 *state = DNS_TRANSACTION_SUCCESS;
78c6a153
LP		 580
581 return 1;
2a1037af
LP		 582}
583
dd0bc0f1
LP		 584static int dns_query_try_etc_hosts(DnsQuery *q) {
585 _cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL;
586 int r;
587
588 assert(q);
589
590 /* Looks in /etc/hosts for matching entries. Note that this is done *before* the normal lookup is done. The
591 * data from /etc/hosts hence takes precedence over the network. */
592
593 r = manager_etc_hosts_lookup(
594 q->manager,
595 q->question_utf8,
596 &answer);
597 if (r <= 0)
598 return r;
599
600 dns_query_reset_answer(q);
601
1cc6c93a 602 q->answer = TAKE_PTR(answer);
dd0bc0f1
LP		 603 q->answer_rcode = DNS_RCODE_SUCCESS;
604 q->answer_protocol = dns_synthesize_protocol(q->flags);
605 q->answer_family = dns_synthesize_family(q->flags);
606 q->answer_authenticated = true;
607
608 return 1;
609}
610
322345fd 611int dns_query_go(DnsQuery *q) {
8ba9fd9c
LP		 612 DnsScopeMatch found = DNS_SCOPE_NO;
613 DnsScope *s, *first = NULL;
801ad6a6 614 DnsQueryCandidate *c;
8ba9fd9c
LP		 615 int r;
616
617 assert(q);
618
ec2c5e43 619 if (q->state != DNS_TRANSACTION_NULL)
8ba9fd9c
LP		 620 return 0;
621
dd0bc0f1
LP		 622 r = dns_query_try_etc_hosts(q);
623 if (r < 0)
624 return r;
625 if (r > 0) {
626 dns_query_complete(q, DNS_TRANSACTION_SUCCESS);
627 return 1;
628 }
629
8ba9fd9c 630 LIST_FOREACH(scopes, s, q->manager->dns_scopes) {
74b2466e 631 DnsScopeMatch match;
23b298bc
LP		 632 const char *name;
633
634 name = dns_question_first_name(dns_query_question_for_protocol(q, s->protocol));
635 if (!name)
636 continue;
74b2466e 637
51323288 638 match = dns_scope_good_domain(s, q->ifindex, q->flags, name);
a97a3b25
LP		 639 if (match < 0) {
640 log_debug("Couldn't check if '%s' matches against scope, ignoring.", name);
74b2466e 641 continue;
a97a3b25 642 }
74b2466e 643
a97a3b25
LP		 644 if (match > found) { /* Does this match better? If so, remember how well it matched, and the first one
645 * that matches this well */
646 found = match;
74b2466e 647 first = s;
74b2466e
LP		 648 }
649 }
650
2a1037af
LP		 651 if (found == DNS_SCOPE_NO) {
652 DnsTransactionState state = DNS_TRANSACTION_NO_SERVERS;
653
7cc6ed7b
LP		 654 r = dns_query_synthesize_reply(q, &state);
655 if (r < 0)
656 return r;
657
d634711b
LP		 658 dns_query_complete(q, state);
659 return 1;
2a1037af 660 }
74b2466e 661
801ad6a6 662 r = dns_query_add_candidate(q, first);
74b2466e 663 if (r < 0)
ec2c5e43 664 goto fail;
74b2466e 665
74b2466e
LP		 666 LIST_FOREACH(scopes, s, first->scopes_next) {
667 DnsScopeMatch match;
23b298bc
LP		 668 const char *name;
669
670 name = dns_question_first_name(dns_query_question_for_protocol(q, s->protocol));
671 if (!name)
672 continue;
74b2466e 673
51323288 674 match = dns_scope_good_domain(s, q->ifindex, q->flags, name);
a97a3b25 675 if (match < 0) {
4605de11 676 log_debug("Couldn't check if '%s' matches against scope, ignoring.", name);
a97a3b25
LP		 677 continue;
678 }
74b2466e 679
a97a3b25 680 if (match < found)
74b2466e
LP		 681 continue;
682
801ad6a6 683 r = dns_query_add_candidate(q, s);
74b2466e 684 if (r < 0)
ec2c5e43 685 goto fail;
74b2466e
LP		 686 }
687
ab88b6d0 688 dns_query_reset_answer(q);
74b2466e 689
39cf0351 690 r = sd_event_add_time_relative(
9a015429
LP		 691 q->manager->event,
692 &q->timeout_event_source,
693 clock_boottime_or_monotonic(),
39cf0351 694 SD_RESOLVED_QUERY_TIMEOUT_USEC,
4cbfd62b 695 0, on_query_timeout, q);
74b2466e
LP		 696 if (r < 0)
697 goto fail;
698
aa4a9deb
LP		 699 (void) sd_event_source_set_description(q->timeout_event_source, "query-timeout");
700
ec2c5e43 701 q->state = DNS_TRANSACTION_PENDING;
faa133f3 702 q->block_ready++;
74b2466e 703
801ad6a6
LP		 704 /* Start the transactions */
705 LIST_FOREACH(candidates_by_query, c, q->candidates) {
706 r = dns_query_candidate_go(c);
707 if (r < 0) {
708 q->block_ready--;
ec2c5e43 709 goto fail;
801ad6a6 710 }
74b2466e
LP		 711 }
712
faa133f3
LP		 713 q->block_ready--;
714 dns_query_ready(q);
322345fd 715
8ba9fd9c 716 return 1;
74b2466e
LP		 717
718fail:
8ba9fd9c 719 dns_query_stop(q);
74b2466e
LP		 720 return r;
721}
722
801ad6a6 723static void dns_query_accept(DnsQuery *q, DnsQueryCandidate *c) {
ec2c5e43 724 DnsTransactionState state = DNS_TRANSACTION_NO_SERVERS;
547973de 725 bool has_authenticated = false, has_non_authenticated = false;
019036a4 726 DnssecResult dnssec_result_authenticated = _DNSSEC_RESULT_INVALID, dnssec_result_non_authenticated = _DNSSEC_RESULT_INVALID;
801ad6a6 727 DnsTransaction *t;
faa133f3 728 Iterator i;
547973de 729 int r;
74b2466e
LP		 730
731 assert(q);
732
801ad6a6 733 if (!c) {
7cc6ed7b
LP		 734 r = dns_query_synthesize_reply(q, &state);
735 if (r < 0)
736 goto fail;
737
801ad6a6 738 dns_query_complete(q, state);
74b2466e 739 return;
801ad6a6 740 }
74b2466e 741
a7bf2ada
LP		 742 if (c->error_code != 0) {
743 /* If the candidate had an error condition of its own, start with that. */
744 state = DNS_TRANSACTION_ERRNO;
745 q->answer = dns_answer_unref(q->answer);
746 q->answer_rcode = 0;
747 q->answer_dnssec_result = _DNSSEC_RESULT_INVALID;
cbb1aabb 748 q->answer_authenticated = false;
a7bf2ada
LP		 749 q->answer_errno = c->error_code;
750 }
751
801ad6a6 752 SET_FOREACH(t, c->transactions, i) {
74b2466e 753
801ad6a6 754 switch (t->state) {
934e9b10 755
801ad6a6 756 case DNS_TRANSACTION_SUCCESS: {
f8e2f4d6 757 /* We found a successfully reply, merge it into the answer */
547973de 758 r = dns_answer_extend(&q->answer, t->answer);
7cc6ed7b
LP		 759 if (r < 0)
760 goto fail;
019036a4 761
ae6a4bbf 762 q->answer_rcode = t->answer_rcode;
7cc6ed7b 763 q->answer_errno = 0;
801ad6a6 764
019036a4 765 if (t->answer_authenticated) {
931851e8 766 has_authenticated = true;
019036a4
LP		 767 dnssec_result_authenticated = t->answer_dnssec_result;
768 } else {
931851e8 769 has_non_authenticated = true;
019036a4
LP		 770 dnssec_result_non_authenticated = t->answer_dnssec_result;
771 }
931851e8 772
801ad6a6
LP		 773 state = DNS_TRANSACTION_SUCCESS;
774 break;
775 }
776
801ad6a6 777 case DNS_TRANSACTION_NULL:
547973de
LP		 778 case DNS_TRANSACTION_PENDING:
779 case DNS_TRANSACTION_VALIDATING:
801ad6a6
LP		 780 case DNS_TRANSACTION_ABORTED:
781 /* Ignore transactions that didn't complete */
782 continue;
783
784 default:
cbb1aabb 785 /* Any kind of failure? Store the data away, if there's nothing stored yet. */
019036a4
LP		 786 if (state == DNS_TRANSACTION_SUCCESS)
787 continue;
934e9b10 788
cbb1aabb
LP		 789 /* If there's already an authenticated negative reply stored, then prefer that over any unauthenticated one */
790 if (q->answer_authenticated && !t->answer_authenticated)
791 continue;
792
d38d5ca6 793 q->answer = dns_answer_unref(q->answer);
019036a4
LP		 794 q->answer_rcode = t->answer_rcode;
795 q->answer_dnssec_result = t->answer_dnssec_result;
cbb1aabb 796 q->answer_authenticated = t->answer_authenticated;
7cc6ed7b 797 q->answer_errno = t->answer_errno;
934e9b10 798
019036a4 799 state = t->state;
801ad6a6 800 break;
74b2466e 801 }
801ad6a6 802 }
74b2466e 803
019036a4
LP		 804 if (state == DNS_TRANSACTION_SUCCESS) {
805 q->answer_authenticated = has_authenticated && !has_non_authenticated;
806 q->answer_dnssec_result = q->answer_authenticated ? dnssec_result_authenticated : dnssec_result_non_authenticated;
807 }
808
801ad6a6
LP		 809 q->answer_protocol = c->scope->protocol;
810 q->answer_family = c->scope->family;
934e9b10 811
801ad6a6
LP		 812 dns_search_domain_unref(q->answer_search_domain);
813 q->answer_search_domain = dns_search_domain_ref(c->search_domain);
7e8e0422 814
7cc6ed7b
LP		 815 r = dns_query_synthesize_reply(q, &state);
816 if (r < 0)
817 goto fail;
818
801ad6a6 819 dns_query_complete(q, state);
7cc6ed7b
LP		 820 return;
821
822fail:
823 q->answer_errno = -r;
824 dns_query_complete(q, DNS_TRANSACTION_ERRNO);
801ad6a6 825}
934e9b10 826
801ad6a6 827void dns_query_ready(DnsQuery *q) {
74b2466e 828
801ad6a6
LP		 829 DnsQueryCandidate *bad = NULL, *c;
830 bool pending = false;
74b2466e 831
801ad6a6 832 assert(q);
547973de 833 assert(DNS_TRANSACTION_IS_LIVE(q->state));
e4501ed4 834
801ad6a6
LP		 835 /* Note that this call might invalidate the query. Callers
836 * should hence not attempt to access the query or transaction
837 * after calling this function, unless the block_ready
838 * counter was explicitly bumped before doing so. */
839
840 if (q->block_ready > 0)
841 return;
842
843 LIST_FOREACH(candidates_by_query, c, q->candidates) {
844 DnsTransactionState state;
845
846 state = dns_query_candidate_state(c);
847 switch (state) {
848
849 case DNS_TRANSACTION_SUCCESS:
547973de 850 /* One of the candidates is successful,
801ad6a6
LP		 851 * let's use it, and copy its data out */
852 dns_query_accept(q, c);
e4501ed4
LP		 853 return;
854
801ad6a6 855 case DNS_TRANSACTION_NULL:
547973de
LP		 856 case DNS_TRANSACTION_PENDING:
857 case DNS_TRANSACTION_VALIDATING:
858 /* One of the candidates is still going on,
859 * let's maybe wait for it */
801ad6a6
LP		 860 pending = true;
861 break;
e4501ed4 862
801ad6a6
LP		 863 default:
864 /* Any kind of failure */
865 bad = c;
866 break;
867 }
faa133f3 868 }
74b2466e 869
801ad6a6
LP		 870 if (pending)
871 return;
2a1037af 872
801ad6a6 873 dns_query_accept(q, bad);
74b2466e 874}
8ba9fd9c 875
45ec7efb 876static int dns_query_cname_redirect(DnsQuery *q, const DnsResourceRecord *cname) {
23b298bc
LP		 877 _cleanup_(dns_question_unrefp) DnsQuestion *nq_idna = NULL, *nq_utf8 = NULL;
878 int r, k;
8ba9fd9c
LP		 879
880 assert(q);
881
313cefa1 882 q->n_cname_redirects++;
faa133f3 883 if (q->n_cname_redirects > CNAME_MAX)
8ba9fd9c
LP		 884 return -ELOOP;
885
23b298bc 886 r = dns_question_cname_redirect(q->question_idna, cname, &nq_idna);
faa133f3
LP		 887 if (r < 0)
888 return r;
23b298bc 889 else if (r > 0)
8ec76e6a 890 log_debug("Following CNAME/DNAME %s → %s.", dns_question_first_name(q->question_idna), dns_question_first_name(nq_idna));
23b298bc
LP		 891
892 k = dns_question_is_equal(q->question_idna, q->question_utf8);
893 if (k < 0)
894 return r;
895 if (k > 0) {
896 /* Same question? Shortcut new question generation */
897 nq_utf8 = dns_question_ref(nq_idna);
898 k = r;
899 } else {
900 k = dns_question_cname_redirect(q->question_utf8, cname, &nq_utf8);
901 if (k < 0)
902 return k;
903 else if (k > 0)
8ec76e6a 904 log_debug("Following UTF8 CNAME/DNAME %s → %s.", dns_question_first_name(q->question_utf8), dns_question_first_name(nq_utf8));
23b298bc 905 }
8ba9fd9c 906
23b298bc
LP		 907 if (r == 0 && k == 0) /* No actual cname happened? */
908 return -ELOOP;
909
8e5de09f
LP		 910 if (q->answer_protocol == DNS_PROTOCOL_DNS) {
911 /* Don't permit CNAME redirects from unicast DNS to LLMNR or MulticastDNS, so that global resources
912 * cannot invade the local namespace. The opposite way we permit: local names may redirect to global
913 * ones. */
914
915 q->flags &= ~(SD_RESOLVED_LLMNR|SD_RESOLVED_MDNS); /* mask away the local protocols */
916 }
917
918 /* Turn off searching for the new name */
919 q->flags |= SD_RESOLVED_NO_SEARCH;
920
23b298bc 921 dns_question_unref(q->question_idna);
1cc6c93a 922 q->question_idna = TAKE_PTR(nq_idna);
bc7669cf 923
23b298bc 924 dns_question_unref(q->question_utf8);
1cc6c93a 925 q->question_utf8 = TAKE_PTR(nq_utf8);
8ba9fd9c 926
7820b320
LP		 927 dns_query_free_candidates(q);
928 dns_query_reset_answer(q);
322345fd 929
8e5de09f 930 q->state = DNS_TRANSACTION_NULL;
59a89990 931
8ba9fd9c
LP		 932 return 0;
933}
82bd6ddd 934
45ec7efb
LP		 935int dns_query_process_cname(DnsQuery *q) {
936 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *cname = NULL;
23b298bc 937 DnsQuestion *question;
45ec7efb
LP		 938 DnsResourceRecord *rr;
939 int r;
940
941 assert(q);
942
7588460a
TG		 943 if (!IN_SET(q->state, DNS_TRANSACTION_SUCCESS, DNS_TRANSACTION_NULL))
944 return DNS_QUERY_NOMATCH;
45ec7efb 945
23b298bc 946 question = dns_query_question_for_protocol(q, q->answer_protocol);
45ec7efb 947
23b298bc
LP		 948 DNS_ANSWER_FOREACH(rr, q->answer) {
949 r = dns_question_matches_rr(question, rr, DNS_SEARCH_DOMAIN_NAME(q->answer_search_domain));
45ec7efb
LP		 950 if (r < 0)
951 return r;
952 if (r > 0)
7588460a 953 return DNS_QUERY_MATCH; /* The answer matches directly, no need to follow cnames */
45ec7efb 954
542e0c84 955 r = dns_question_matches_cname_or_dname(question, rr, DNS_SEARCH_DOMAIN_NAME(q->answer_search_domain));
45ec7efb
LP		 956 if (r < 0)
957 return r;
958 if (r > 0 && !cname)
959 cname = dns_resource_record_ref(rr);
960 }
961
962 if (!cname)
7588460a 963 return DNS_QUERY_NOMATCH; /* No match and no cname to follow */
45ec7efb
LP		 964
965 if (q->flags & SD_RESOLVED_NO_CNAME)
966 return -ELOOP;
967
28830a64
LP		 968 if (!q->answer_authenticated)
969 q->previous_redirect_unauthenticated = true;
970
45ec7efb
LP		 971 /* OK, let's actually follow the CNAME */
972 r = dns_query_cname_redirect(q, cname);
973 if (r < 0)
974 return r;
975
976 /* Let's see if the answer can already answer the new
977 * redirected question */
7588460a
TG		 978 r = dns_query_process_cname(q);
979 if (r != DNS_QUERY_NOMATCH)
980 return r;
45ec7efb
LP		 981
982 /* OK, it cannot, let's begin with the new query */
983 r = dns_query_go(q);
984 if (r < 0)
985 return r;
986
7588460a 987 return DNS_QUERY_RESTARTED; /* We restarted the query for a new cname */
45ec7efb
LP		 988}
989
82bd6ddd
LP		 990static int on_bus_track(sd_bus_track *t, void *userdata) {
991 DnsQuery *q = userdata;
992
993 assert(t);
994 assert(q);
995
996 log_debug("Client of active query vanished, aborting query.");
997 dns_query_complete(q, DNS_TRANSACTION_ABORTED);
998 return 0;
999}
1000
966c66e3 1001int dns_query_bus_track(DnsQuery *q, sd_bus_message *m) {
82bd6ddd
LP		 1002 int r;
1003
1004 assert(q);
1005 assert(m);
1006
1007 if (!q->bus_track) {
966c66e3 1008 r = sd_bus_track_new(sd_bus_message_get_bus(m), &q->bus_track, on_bus_track, q);
82bd6ddd
LP		 1009 if (r < 0)
1010 return r;
1011 }
1012
1013 r = sd_bus_track_add_sender(q->bus_track, m);
1014 if (r < 0)
1015 return r;
1016
1017 return 0;
1018}
23b298bc
LP		 1019
1020DnsQuestion* dns_query_question_for_protocol(DnsQuery *q, DnsProtocol protocol) {
1021 assert(q);
1022
1023 switch (protocol) {
1024
1025 case DNS_PROTOCOL_DNS:
1026 return q->question_idna;
1027
1028 case DNS_PROTOCOL_MDNS:
1029 case DNS_PROTOCOL_LLMNR:
1030 return q->question_utf8;
1031
1032 default:
1033 return NULL;
1034 }
1035}
1036
1037const char *dns_query_string(DnsQuery *q) {
1038 const char *name;
1039 int r;
1040
1041 /* Returns a somewhat useful human-readable lookup key string for this query */
1042
1043 if (q->request_address_string)
1044 return q->request_address_string;
1045
1046 if (q->request_address_valid) {
1047 r = in_addr_to_string(q->request_family, &q->request_address, &q->request_address_string);
1048 if (r >= 0)
1049 return q->request_address_string;
1050 }
1051
1052 name = dns_question_first_name(q->question_utf8);
1053 if (name)
1054 return name;
1055
1056 return dns_question_first_name(q->question_idna);
1057}
28830a64
LP		 1058
1059bool dns_query_fully_authenticated(DnsQuery *q) {
1060 assert(q);
1061
1062 return q->answer_authenticated && !q->previous_redirect_unauthenticated;
1063}
Unnamed repository; edit this file 'description' to name the repository.