]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/resolved-dns-zone.c
projects / thirdparty / systemd.git / blob
? search:


850eed8cb8414f6b5a8b03f58ab9358031f1f8ff
[thirdparty/systemd.git] / src / resolve / resolved-dns-zone.c
1 /***
2 This file is part of systemd.
3
4 Copyright 2014 Lennart Poettering
5
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
10
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
15
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
18 ***/
19
20 #include "alloc-util.h"
21 #include "dns-domain.h"
22 #include "list.h"
23 #include "resolved-dns-packet.h"
24 #include "resolved-dns-zone.h"
25 #include "string-util.h"
26
27 /* Never allow more than 1K entries */
28 #define ZONE_MAX 1024
29
30 void dns_zone_item_probe_stop(DnsZoneItem *i) {
31 DnsTransaction *t;
32 assert(i);
33
34 if (!i->probe_transaction)
35 return;
36
37 t = i->probe_transaction;
38 i->probe_transaction = NULL;
39
40 set_remove(t->notify_zone_items, i);
41 set_remove(t->notify_zone_items_done, i);
42 dns_transaction_gc(t);
43 }
44
45 static void dns_zone_item_free(DnsZoneItem *i) {
46 if (!i)
47 return;
48
49 dns_zone_item_probe_stop(i);
50 dns_resource_record_unref(i->rr);
51
52 free(i);
53 }
54
55 DEFINE_TRIVIAL_CLEANUP_FUNC(DnsZoneItem*, dns_zone_item_free);
56
57 static void dns_zone_item_remove_and_free(DnsZone *z, DnsZoneItem *i) {
58 DnsZoneItem *first;
59
60 assert(z);
61
62 if (!i)
63 return;
64
65 first = hashmap_get(z->by_key, i->rr->key);
66 LIST_REMOVE(by_key, first, i);
67 if (first)
68 assert_se(hashmap_replace(z->by_key, first->rr->key, first) >= 0);
69 else
70 hashmap_remove(z->by_key, i->rr->key);
71
72 first = hashmap_get(z->by_name, dns_resource_key_name(i->rr->key));
73 LIST_REMOVE(by_name, first, i);
74 if (first)
75 assert_se(hashmap_replace(z->by_name, dns_resource_key_name(first->rr->key), first) >= 0);
76 else
77 hashmap_remove(z->by_name, dns_resource_key_name(i->rr->key));
78
79 dns_zone_item_free(i);
80 }
81
82 void dns_zone_flush(DnsZone *z) {
83 DnsZoneItem *i;
84
85 assert(z);
86
87 while ((i = hashmap_first(z->by_key)))
88 dns_zone_item_remove_and_free(z, i);
89
90 assert(hashmap_size(z->by_key) == 0);
91 assert(hashmap_size(z->by_name) == 0);
92
93 z->by_key = hashmap_free(z->by_key);
94 z->by_name = hashmap_free(z->by_name);
95 }
96
97 static DnsZoneItem* dns_zone_get(DnsZone *z, DnsResourceRecord *rr) {
98 DnsZoneItem *i;
99
100 assert(z);
101 assert(rr);
102
103 LIST_FOREACH(by_key, i, hashmap_get(z->by_key, rr->key))
104 if (dns_resource_record_equal(i->rr, rr) > 0)
105 return i;
106
107 return NULL;
108 }
109
110 void dns_zone_remove_rr(DnsZone *z, DnsResourceRecord *rr) {
111 DnsZoneItem *i;
112
113 assert(z);
114 assert(rr);
115
116 i = dns_zone_get(z, rr);
117 if (i)
118 dns_zone_item_remove_and_free(z, i);
119 }
120
121 static int dns_zone_init(DnsZone *z) {
122 int r;
123
124 assert(z);
125
126 r = hashmap_ensure_allocated(&z->by_key, &dns_resource_key_hash_ops);
127 if (r < 0)
128 return r;
129
130 r = hashmap_ensure_allocated(&z->by_name, &dns_name_hash_ops);
131 if (r < 0)
132 return r;
133
134 return 0;
135 }
136
137 static int dns_zone_link_item(DnsZone *z, DnsZoneItem *i) {
138 DnsZoneItem *first;
139 int r;
140
141 first = hashmap_get(z->by_key, i->rr->key);
142 if (first) {
143 LIST_PREPEND(by_key, first, i);
144 assert_se(hashmap_replace(z->by_key, first->rr->key, first) >= 0);
145 } else {
146 r = hashmap_put(z->by_key, i->rr->key, i);
147 if (r < 0)
148 return r;
149 }
150
151 first = hashmap_get(z->by_name, dns_resource_key_name(i->rr->key));
152 if (first) {
153 LIST_PREPEND(by_name, first, i);
154 assert_se(hashmap_replace(z->by_name, dns_resource_key_name(first->rr->key), first) >= 0);
155 } else {
156 r = hashmap_put(z->by_name, dns_resource_key_name(i->rr->key), i);
157 if (r < 0)
158 return r;
159 }
160
161 return 0;
162 }
163
164 static int dns_zone_item_probe_start(DnsZoneItem *i) {
165 DnsTransaction *t;
166 int r;
167
168 assert(i);
169
170 if (i->probe_transaction)
171 return 0;
172
173 t = dns_scope_find_transaction(i->scope, &DNS_RESOURCE_KEY_CONST(i->rr->key->class, DNS_TYPE_ANY, dns_resource_key_name(i->rr->key)), false);
174 if (!t) {
175 _cleanup_(dns_resource_key_unrefp) DnsResourceKey *key = NULL;
176
177 key = dns_resource_key_new(i->rr->key->class, DNS_TYPE_ANY, dns_resource_key_name(i->rr->key));
178 if (!key)
179 return -ENOMEM;
180
181 r = dns_transaction_new(&t, i->scope, key);
182 if (r < 0)
183 return r;
184 }
185
186 r = set_ensure_allocated(&t->notify_zone_items, NULL);
187 if (r < 0)
188 goto gc;
189
190 r = set_ensure_allocated(&t->notify_zone_items_done, NULL);
191 if (r < 0)
192 goto gc;
193
194 r = set_put(t->notify_zone_items, i);
195 if (r < 0)
196 goto gc;
197
198 i->probe_transaction = t;
199
200 if (t->state == DNS_TRANSACTION_NULL) {
201
202 i->block_ready++;
203 r = dns_transaction_go(t);
204 i->block_ready--;
205
206 if (r < 0) {
207 dns_zone_item_probe_stop(i);
208 return r;
209 }
210 }
211
212 dns_zone_item_notify(i);
213 return 0;
214
215 gc:
216 dns_transaction_gc(t);
217 return r;
218 }
219
220 int dns_zone_put(DnsZone *z, DnsScope *s, DnsResourceRecord *rr, bool probe) {
221 _cleanup_(dns_zone_item_freep) DnsZoneItem *i = NULL;
222 DnsZoneItem *existing;
223 int r;
224
225 assert(z);
226 assert(s);
227 assert(rr);
228
229 if (dns_class_is_pseudo(rr->key->class))
230 return -EINVAL;
231 if (dns_type_is_pseudo(rr->key->type))
232 return -EINVAL;
233
234 existing = dns_zone_get(z, rr);
235 if (existing)
236 return 0;
237
238 r = dns_zone_init(z);
239 if (r < 0)
240 return r;
241
242 i = new0(DnsZoneItem, 1);
243 if (!i)
244 return -ENOMEM;
245
246 i->scope = s;
247 i->rr = dns_resource_record_ref(rr);
248 i->probing_enabled = probe;
249
250 r = dns_zone_link_item(z, i);
251 if (r < 0)
252 return r;
253
254 if (probe) {
255 DnsZoneItem *first, *j;
256 bool established = false;
257
258 /* Check if there's already an RR with the same name
259 * established. If so, it has been probed already, and
260 * we don't ned to probe again. */
261
262 LIST_FIND_HEAD(by_name, i, first);
263 LIST_FOREACH(by_name, j, first) {
264 if (i == j)
265 continue;
266
267 if (j->state == DNS_ZONE_ITEM_ESTABLISHED)
268 established = true;
269 }
270
271 if (established)
272 i->state = DNS_ZONE_ITEM_ESTABLISHED;
273 else {
274 i->state = DNS_ZONE_ITEM_PROBING;
275
276 r = dns_zone_item_probe_start(i);
277 if (r < 0) {
278 dns_zone_item_remove_and_free(z, i);
279 i = NULL;
280 return r;
281 }
282 }
283 } else
284 i->state = DNS_ZONE_ITEM_ESTABLISHED;
285
286 i = NULL;
287 return 0;
288 }
289
290 int dns_zone_lookup(DnsZone *z, DnsResourceKey *key, DnsAnswer **ret_answer, DnsAnswer **ret_soa, bool *ret_tentative) {
291 _cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL, *soa = NULL;
292 unsigned n_answer = 0;
293 DnsZoneItem *j, *first;
294 bool tentative = true, need_soa = false;
295 int r;
296
297 assert(z);
298 assert(key);
299 assert(ret_answer);
300
301 /* First iteration, count what we have */
302
303 if (key->type == DNS_TYPE_ANY || key->class == DNS_CLASS_ANY) {
304 bool found = false, added = false;
305 int k;
306
307 /* If this is a generic match, then we have to
308 * go through the list by the name and look
309 * for everything manually */
310
311 first = hashmap_get(z->by_name, dns_resource_key_name(key));
312 LIST_FOREACH(by_name, j, first) {
313 if (!IN_SET(j->state, DNS_ZONE_ITEM_PROBING, DNS_ZONE_ITEM_ESTABLISHED, DNS_ZONE_ITEM_VERIFYING))
314 continue;
315
316 found = true;
317
318 k = dns_resource_key_match_rr(key, j->rr, NULL);
319 if (k < 0)
320 return k;
321 if (k > 0) {
322 n_answer++;
323 added = true;
324 }
325
326 }
327
328 if (found && !added)
329 need_soa = true;
330
331 } else {
332 bool found = false;
333
334 /* If this is a specific match, then look for
335 * the right key immediately */
336
337 first = hashmap_get(z->by_key, key);
338 LIST_FOREACH(by_key, j, first) {
339 if (!IN_SET(j->state, DNS_ZONE_ITEM_PROBING, DNS_ZONE_ITEM_ESTABLISHED, DNS_ZONE_ITEM_VERIFYING))
340 continue;
341
342 found = true;
343 n_answer++;
344 }
345
346 if (!found) {
347 first = hashmap_get(z->by_name, dns_resource_key_name(key));
348 LIST_FOREACH(by_name, j, first) {
349 if (!IN_SET(j->state, DNS_ZONE_ITEM_PROBING, DNS_ZONE_ITEM_ESTABLISHED, DNS_ZONE_ITEM_VERIFYING))
350 continue;
351
352 need_soa = true;
353 break;
354 }
355 }
356 }
357
358 if (n_answer <= 0 && !need_soa)
359 goto return_empty;
360
361 if (n_answer > 0) {
362 answer = dns_answer_new(n_answer);
363 if (!answer)
364 return -ENOMEM;
365 }
366
367 if (need_soa) {
368 soa = dns_answer_new(1);
369 if (!soa)
370 return -ENOMEM;
371 }
372
373 /* Second iteration, actually add the RRs to the answers */
374 if (key->type == DNS_TYPE_ANY || key->class == DNS_CLASS_ANY) {
375 bool found = false, added = false;
376 int k;
377
378 first = hashmap_get(z->by_name, dns_resource_key_name(key));
379 LIST_FOREACH(by_name, j, first) {
380 if (!IN_SET(j->state, DNS_ZONE_ITEM_PROBING, DNS_ZONE_ITEM_ESTABLISHED, DNS_ZONE_ITEM_VERIFYING))
381 continue;
382
383 found = true;
384
385 if (j->state != DNS_ZONE_ITEM_PROBING)
386 tentative = false;
387
388 k = dns_resource_key_match_rr(key, j->rr, NULL);
389 if (k < 0)
390 return k;
391 if (k > 0) {
392 r = dns_answer_add(answer, j->rr, 0, DNS_ANSWER_AUTHENTICATED);
393 if (r < 0)
394 return r;
395
396 added = true;
397 }
398 }
399
400 if (found && !added) {
401 r = dns_answer_add_soa(soa, dns_resource_key_name(key), LLMNR_DEFAULT_TTL);
402 if (r < 0)
403 return r;
404 }
405 } else {
406 bool found = false;
407
408 first = hashmap_get(z->by_key, key);
409 LIST_FOREACH(by_key, j, first) {
410 if (!IN_SET(j->state, DNS_ZONE_ITEM_PROBING, DNS_ZONE_ITEM_ESTABLISHED, DNS_ZONE_ITEM_VERIFYING))
411 continue;
412
413 found = true;
414
415 if (j->state != DNS_ZONE_ITEM_PROBING)
416 tentative = false;
417
418 r = dns_answer_add(answer, j->rr, 0, DNS_ANSWER_AUTHENTICATED);
419 if (r < 0)
420 return r;
421 }
422
423 if (!found) {
424 bool add_soa = false;
425
426 first = hashmap_get(z->by_name, dns_resource_key_name(key));
427 LIST_FOREACH(by_name, j, first) {
428 if (!IN_SET(j->state, DNS_ZONE_ITEM_PROBING, DNS_ZONE_ITEM_ESTABLISHED, DNS_ZONE_ITEM_VERIFYING))
429 continue;
430
431 if (j->state != DNS_ZONE_ITEM_PROBING)
432 tentative = false;
433
434 add_soa = true;
435 }
436
437 if (add_soa) {
438 r = dns_answer_add_soa(soa, dns_resource_key_name(key), LLMNR_DEFAULT_TTL);
439 if (r < 0)
440 return r;
441 }
442 }
443 }
444
445 /* If the caller sets ret_tentative to NULL, then use this as
446 * indication to not return tentative entries */
447
448 if (!ret_tentative && tentative)
449 goto return_empty;
450
451 *ret_answer = answer;
452 answer = NULL;
453
454 if (ret_soa) {
455 *ret_soa = soa;
456 soa = NULL;
457 }
458
459 if (ret_tentative)
460 *ret_tentative = tentative;
461
462 return 1;
463
464 return_empty:
465 *ret_answer = NULL;
466
467 if (ret_soa)
468 *ret_soa = NULL;
469
470 if (ret_tentative)
471 *ret_tentative = false;
472
473 return 0;
474 }
475
476 void dns_zone_item_conflict(DnsZoneItem *i) {
477 assert(i);
478
479 if (!IN_SET(i->state, DNS_ZONE_ITEM_PROBING, DNS_ZONE_ITEM_VERIFYING, DNS_ZONE_ITEM_ESTABLISHED))
480 return;
481
482 log_info("Detected conflict on %s", strna(dns_resource_record_to_string(i->rr)));
483
484 dns_zone_item_probe_stop(i);
485
486 /* Withdraw the conflict item */
487 i->state = DNS_ZONE_ITEM_WITHDRAWN;
488
489 /* Maybe change the hostname */
490 if (manager_is_own_hostname(i->scope->manager, dns_resource_key_name(i->rr->key)) > 0)
491 manager_next_hostname(i->scope->manager);
492 }
493
494 void dns_zone_item_notify(DnsZoneItem *i) {
495 assert(i);
496 assert(i->probe_transaction);
497
498 if (i->block_ready > 0)
499 return;
500
501 if (IN_SET(i->probe_transaction->state, DNS_TRANSACTION_NULL, DNS_TRANSACTION_PENDING, DNS_TRANSACTION_VALIDATING))
502 return;
503
504 if (i->probe_transaction->state == DNS_TRANSACTION_SUCCESS) {
505 bool we_lost = false;
506
507 /* The probe got a successful reply. If we so far
508 * weren't established we just give up. If we already
509 * were established, and the peer has the
510 * lexicographically larger IP address we continue
511 * and defend it. */
512
513 if (!IN_SET(i->state, DNS_ZONE_ITEM_ESTABLISHED, DNS_ZONE_ITEM_VERIFYING)) {
514 log_debug("Got a successful probe for not yet established RR, we lost.");
515 we_lost = true;
516 } else {
517 assert(i->probe_transaction->received);
518 we_lost = memcmp(&i->probe_transaction->received->sender, &i->probe_transaction->received->destination, FAMILY_ADDRESS_SIZE(i->probe_transaction->received->family)) < 0;
519 if (we_lost)
520 log_debug("Got a successful probe reply for an established RR, and we have a lexicographically larger IP address and thus lost.");
521 }
522
523 if (we_lost) {
524 dns_zone_item_conflict(i);
525 return;
526 }
527
528 log_debug("Got a successful probe reply, but peer has lexicographically lower IP address and thus lost.");
529 }
530
531 log_debug("Record %s successfully probed.", strna(dns_resource_record_to_string(i->rr)));
532
533 dns_zone_item_probe_stop(i);
534 i->state = DNS_ZONE_ITEM_ESTABLISHED;
535 }
536
537 static int dns_zone_item_verify(DnsZoneItem *i) {
538 int r;
539
540 assert(i);
541
542 if (i->state != DNS_ZONE_ITEM_ESTABLISHED)
543 return 0;
544
545 log_debug("Verifying RR %s", strna(dns_resource_record_to_string(i->rr)));
546
547 i->state = DNS_ZONE_ITEM_VERIFYING;
548 r = dns_zone_item_probe_start(i);
549 if (r < 0) {
550 log_error_errno(r, "Failed to start probing for verifying RR: %m");
551 i->state = DNS_ZONE_ITEM_ESTABLISHED;
552 return r;
553 }
554
555 return 0;
556 }
557
558 int dns_zone_check_conflicts(DnsZone *zone, DnsResourceRecord *rr) {
559 DnsZoneItem *i, *first;
560 int c = 0;
561
562 assert(zone);
563 assert(rr);
564
565 /* This checks whether a response RR we received from somebody
566 * else is one that we actually thought was uniquely ours. If
567 * so, we'll verify our RRs. */
568
569 /* No conflict if we don't have the name at all. */
570 first = hashmap_get(zone->by_name, dns_resource_key_name(rr->key));
571 if (!first)
572 return 0;
573
574 /* No conflict if we have the exact same RR */
575 if (dns_zone_get(zone, rr))
576 return 0;
577
578 /* OK, somebody else has RRs for the same name. Yuck! Let's
579 * start probing again */
580
581 LIST_FOREACH(by_name, i, first) {
582 if (dns_resource_record_equal(i->rr, rr))
583 continue;
584
585 dns_zone_item_verify(i);
586 c++;
587 }
588
589 return c;
590 }
591
592 int dns_zone_verify_conflicts(DnsZone *zone, DnsResourceKey *key) {
593 DnsZoneItem *i, *first;
594 int c = 0;
595
596 assert(zone);
597
598 /* Somebody else notified us about a possible conflict. Let's
599 * verify if that's true. */
600
601 first = hashmap_get(zone->by_name, dns_resource_key_name(key));
602 if (!first)
603 return 0;
604
605 LIST_FOREACH(by_name, i, first) {
606 dns_zone_item_verify(i);
607 c++;
608 }
609
610 return c;
611 }
612
613 void dns_zone_verify_all(DnsZone *zone) {
614 DnsZoneItem *i;
615 Iterator iterator;
616
617 assert(zone);
618
619 HASHMAP_FOREACH(i, zone->by_key, iterator) {
620 DnsZoneItem *j;
621
622 LIST_FOREACH(by_key, j, i)
623 dns_zone_item_verify(j);
624 }
625 }
626
627 void dns_zone_dump(DnsZone *zone, FILE *f) {
628 Iterator iterator;
629 DnsZoneItem *i;
630
631 if (!zone)
632 return;
633
634 if (!f)
635 f = stdout;
636
637 HASHMAP_FOREACH(i, zone->by_key, iterator) {
638 DnsZoneItem *j;
639
640 LIST_FOREACH(by_key, j, i) {
641 const char *t;
642
643 t = dns_resource_record_to_string(j->rr);
644 if (!t) {
645 log_oom();
646 continue;
647 }
648
649 fputc('\t', f);
650 fputs(t, f);
651 fputc('\n', f);
652 }
653 }
654 }
655
656 bool dns_zone_is_empty(DnsZone *zone) {
657 if (!zone)
658 return true;
659
660 return hashmap_isempty(zone->by_key);
661 }
Unnamed repository; edit this file 'description' to name the repository.