]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/resolved-varlink.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
license: LGPL-2.1+ -> LGPL-2.1-or-later
[thirdparty/systemd.git] / src / resolve / resolved-varlink.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include "in-addr-util.h"
4 #include "resolved-dns-synthesize.h"
5 #include "resolved-varlink.h"
6 #include "socket-netlink.h"
7
8 typedef struct LookupParameters {
9 int ifindex;
10 uint64_t flags;
11 int family;
12 union in_addr_union address;
13 size_t address_size;
14 char *name;
15 } LookupParameters;
16
17 static void lookup_parameters_destroy(LookupParameters *p) {
18 assert(p);
19 free(p->name);
20 }
21
22 static int reply_query_state(DnsQuery *q) {
23
24 assert(q);
25 assert(q->varlink_request);
26
27 switch (q->state) {
28
29 case DNS_TRANSACTION_NO_SERVERS:
30 return varlink_error(q->varlink_request, "io.systemd.Resolve.NoNameServers", NULL);
31
32 case DNS_TRANSACTION_TIMEOUT:
33 return varlink_error(q->varlink_request, "io.systemd.Resolve.QueryTimedOut", NULL);
34
35 case DNS_TRANSACTION_ATTEMPTS_MAX_REACHED:
36 return varlink_error(q->varlink_request, "io.systemd.Resolve.MaxAttemptsReached", NULL);
37
38 case DNS_TRANSACTION_INVALID_REPLY:
39 return varlink_error(q->varlink_request, "io.systemd.Resolve.InvalidReply", NULL);
40
41 case DNS_TRANSACTION_ERRNO:
42 return varlink_error_errno(q->varlink_request, q->answer_errno);
43
44 case DNS_TRANSACTION_ABORTED:
45 return varlink_error(q->varlink_request, "io.systemd.Resolve.QueryAborted", NULL);
46
47 case DNS_TRANSACTION_DNSSEC_FAILED:
48 return varlink_errorb(q->varlink_request, "io.systemd.Resolve.DNSSECValidationFailed",
49 JSON_BUILD_OBJECT(JSON_BUILD_PAIR("result", JSON_BUILD_STRING(dnssec_result_to_string(q->answer_dnssec_result)))));
50
51 case DNS_TRANSACTION_NO_TRUST_ANCHOR:
52 return varlink_error(q->varlink_request, "io.systemd.Resolve.NoTrustAnchor", NULL);
53
54 case DNS_TRANSACTION_RR_TYPE_UNSUPPORTED:
55 return varlink_error(q->varlink_request, "io.systemd.Resolve.ResourceRecordTypeUnsupported", NULL);
56
57 case DNS_TRANSACTION_NETWORK_DOWN:
58 return varlink_error(q->varlink_request, "io.systemd.Resolve.NetworkDown", NULL);
59
60 case DNS_TRANSACTION_NOT_FOUND:
61 /* We return this as NXDOMAIN. This is only generated when a host doesn't implement LLMNR/TCP, and we
62 * thus quickly know that we cannot resolve an in-addr.arpa or ip6.arpa address. */
63 return varlink_errorb(q->varlink_request, "io.systemd.Resolve.DNSError",
64 JSON_BUILD_OBJECT(JSON_BUILD_PAIR("rcode", JSON_BUILD_INTEGER(DNS_RCODE_NXDOMAIN))));
65
66 case DNS_TRANSACTION_RCODE_FAILURE:
67 return varlink_errorb(q->varlink_request, "io.systemd.Resolve.DNSError",
68 JSON_BUILD_OBJECT(JSON_BUILD_PAIR("rcode", JSON_BUILD_INTEGER(q->answer_rcode))));
69
70 case DNS_TRANSACTION_NULL:
71 case DNS_TRANSACTION_PENDING:
72 case DNS_TRANSACTION_VALIDATING:
73 case DNS_TRANSACTION_SUCCESS:
74 default:
75 assert_not_reached("Impossible state");
76 }
77 }
78
79 static void vl_on_disconnect(VarlinkServer *s, Varlink *link, void *userdata) {
80 DnsQuery *q;
81
82 assert(s);
83 assert(link);
84
85 q = varlink_get_userdata(link);
86 if (!q)
87 return;
88
89 if (!DNS_TRANSACTION_IS_LIVE(q->state))
90 return;
91
92 log_debug("Client of active query vanished, aborting query.");
93 dns_query_complete(q, DNS_TRANSACTION_ABORTED);
94 }
95
96 static bool validate_and_mangle_flags(
97 const char *name,
98 uint64_t *flags,
99 uint64_t ok) {
100
101 assert(flags);
102
103 /* This checks that the specified client-provided flags parameter actually makes sense, and mangles
104 * it slightly. Specifically:
105 *
106 * 1. We check that only the protocol flags and the NO_CNAME flag are on at most, plus the
107 * method-specific flags specified in 'ok'.
108 *
109 * 2. If no protocols are enabled we automatically convert that to "all protocols are enabled".
110 *
111 * The second rule means that clients can just pass 0 as flags for the common case, and all supported
112 * protocols are enabled. Moreover it's useful so that client's do not have to be aware of all
113 * protocols implemented in resolved, but can use 0 as protocols flags set as indicator for
114 * "everything".
115 */
116
117 if (*flags & ~(SD_RESOLVED_PROTOCOLS_ALL|SD_RESOLVED_NO_CNAME|ok))
118 return false;
119
120 if ((*flags & SD_RESOLVED_PROTOCOLS_ALL) == 0) /* If no protocol is enabled, enable all */
121 *flags |= SD_RESOLVED_PROTOCOLS_ALL;
122
123 /* If the SD_RESOLVED_NO_SEARCH flag is acceptable, and the query name is dot-suffixed, turn off
124 * search domains. Note that DNS name normalization drops the dot suffix, hence we propagate this
125 * into the flags field as early as we can. */
126 if (name && FLAGS_SET(ok, SD_RESOLVED_NO_SEARCH) && dns_name_dot_suffixed(name) > 0)
127 *flags |= SD_RESOLVED_NO_SEARCH;
128
129 return true;
130 }
131
132 static void vl_method_resolve_hostname_complete(DnsQuery *q) {
133 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *canonical = NULL;
134 _cleanup_(json_variant_unrefp) JsonVariant *array = NULL;
135 _cleanup_free_ char *normalized = NULL;
136 DnsResourceRecord *rr;
137 DnsQuestion *question;
138 int ifindex, r;
139
140 assert(q);
141
142 if (q->state != DNS_TRANSACTION_SUCCESS) {
143 r = reply_query_state(q);
144 goto finish;
145 }
146
147 r = dns_query_process_cname(q);
148 if (r == -ELOOP) {
149 r = varlink_error(q->varlink_request, "io.systemd.Resolve.CNAMELoop", NULL);
150 goto finish;
151 }
152 if (r < 0)
153 goto finish;
154 if (r == DNS_QUERY_RESTARTED) /* This was a cname, and the query was restarted. */
155 return;
156
157 question = dns_query_question_for_protocol(q, q->answer_protocol);
158
159 DNS_ANSWER_FOREACH_IFINDEX(rr, ifindex, q->answer) {
160 _cleanup_(json_variant_unrefp) JsonVariant *entry = NULL;
161 int family;
162 const void *p;
163
164 r = dns_question_matches_rr(question, rr, DNS_SEARCH_DOMAIN_NAME(q->answer_search_domain));
165 if (r < 0)
166 goto finish;
167 if (r == 0)
168 continue;
169
170 if (rr->key->type == DNS_TYPE_A) {
171 family = AF_INET;
172 p = &rr->a.in_addr;
173 } else if (rr->key->type == DNS_TYPE_AAAA) {
174 family = AF_INET6;
175 p = &rr->aaaa.in6_addr;
176 } else {
177 r = -EAFNOSUPPORT;
178 goto finish;
179 }
180
181 r = json_build(&entry,
182 JSON_BUILD_OBJECT(
183 JSON_BUILD_PAIR("ifindex", JSON_BUILD_INTEGER(ifindex)),
184 JSON_BUILD_PAIR("family", JSON_BUILD_INTEGER(family)),
185 JSON_BUILD_PAIR("address", JSON_BUILD_BYTE_ARRAY(p, FAMILY_ADDRESS_SIZE(family)))));
186 if (r < 0)
187 goto finish;
188
189 if (!canonical)
190 canonical = dns_resource_record_ref(rr);
191
192 r = json_variant_append_array(&array, entry);
193 if (r < 0)
194 goto finish;
195 }
196
197 if (json_variant_is_blank_object(array)) {
198 r = varlink_error(q->varlink_request, "io.systemd.Resolve.NoSuchResourceRecord", NULL);
199 goto finish;
200 }
201
202 assert(canonical);
203 r = dns_name_normalize(dns_resource_key_name(canonical->key), 0, &normalized);
204 if (r < 0)
205 goto finish;
206
207 r = varlink_replyb(q->varlink_request,
208 JSON_BUILD_OBJECT(
209 JSON_BUILD_PAIR("addresses", JSON_BUILD_VARIANT(array)),
210 JSON_BUILD_PAIR("name", JSON_BUILD_STRING(normalized)),
211 JSON_BUILD_PAIR("flags", JSON_BUILD_INTEGER(SD_RESOLVED_FLAGS_MAKE(q->answer_protocol, q->answer_family, dns_query_fully_authenticated(q))))));
212 finish:
213 if (r < 0) {
214 log_error_errno(r, "Failed to send hostname reply: %m");
215 r = varlink_error_errno(q->varlink_request, r);
216 }
217
218 dns_query_free(q);
219 }
220
221 static int parse_as_address(Varlink *link, LookupParameters *p) {
222 _cleanup_free_ char *canonical = NULL;
223 int r, ff, parsed_ifindex, ifindex;
224 union in_addr_union parsed;
225
226 assert(link);
227 assert(p);
228
229 /* Check if this parses as literal address. If so, just parse it and return that, do not involve networking */
230 r = in_addr_ifindex_from_string_auto(p->name, &ff, &parsed, &parsed_ifindex);
231 if (r < 0)
232 return 0; /* not a literal address */
233
234 /* Make sure the data we parsed matches what is requested */
235 if ((p->family != AF_UNSPEC && ff != p->family) ||
236 (p->ifindex > 0 && parsed_ifindex > 0 && parsed_ifindex != p->ifindex))
237 return varlink_error(link, "io.systemd.Resolve.NoSuchResourceRecord", NULL);
238
239 ifindex = parsed_ifindex > 0 ? parsed_ifindex : p->ifindex;
240
241 /* Reformat the address as string, to return as canonicalized name */
242 r = in_addr_ifindex_to_string(ff, &parsed, ifindex, &canonical);
243 if (r < 0)
244 return r;
245
246 return varlink_replyb(
247 link,
248 JSON_BUILD_OBJECT(
249 JSON_BUILD_PAIR("addresses",
250 JSON_BUILD_ARRAY(
251 JSON_BUILD_OBJECT(
252 JSON_BUILD_PAIR_CONDITION(ifindex > 0, "ifindex", JSON_BUILD_INTEGER(ifindex)),
253 JSON_BUILD_PAIR("family", JSON_BUILD_INTEGER(ff)),
254 JSON_BUILD_PAIR("address", JSON_BUILD_BYTE_ARRAY(&parsed, FAMILY_ADDRESS_SIZE(ff)))))),
255 JSON_BUILD_PAIR("name", JSON_BUILD_STRING(canonical)),
256 JSON_BUILD_PAIR("flags", JSON_BUILD_INTEGER(SD_RESOLVED_FLAGS_MAKE(dns_synthesize_protocol(p->flags), ff, true)))));
257 }
258
259 static int vl_method_resolve_hostname(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata) {
260 static const JsonDispatch dispatch_table[] = {
261 { "ifindex", JSON_VARIANT_UNSIGNED, json_dispatch_int, offsetof(LookupParameters, ifindex), 0 },
262 { "name", JSON_VARIANT_STRING, json_dispatch_string, offsetof(LookupParameters, name), JSON_MANDATORY },
263 { "family", JSON_VARIANT_UNSIGNED, json_dispatch_int, offsetof(LookupParameters, family), 0 },
264 { "flags", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(LookupParameters, flags), 0 },
265 {}
266 };
267
268 _cleanup_(dns_question_unrefp) DnsQuestion *question_idna = NULL, *question_utf8 = NULL;
269 _cleanup_(lookup_parameters_destroy) LookupParameters p = {
270 .family = AF_UNSPEC,
271 };
272 Manager *m = userdata;
273 DnsQuery *q;
274 int r;
275
276 assert(link);
277 assert(m);
278
279 if (FLAGS_SET(flags, VARLINK_METHOD_ONEWAY))
280 return -EINVAL;
281
282 r = json_dispatch(parameters, dispatch_table, NULL, 0, &p);
283 if (r < 0)
284 return r;
285
286 if (p.ifindex < 0)
287 return varlink_error_invalid_parameter(link, JSON_VARIANT_STRING_CONST("ifindex"));
288
289 r = dns_name_is_valid(p.name);
290 if (r < 0)
291 return r;
292 if (r == 0)
293 return varlink_error_invalid_parameter(link, JSON_VARIANT_STRING_CONST("name"));
294
295 if (!IN_SET(p.family, AF_UNSPEC, AF_INET, AF_INET6))
296 return varlink_error_invalid_parameter(link, JSON_VARIANT_STRING_CONST("family"));
297
298 if (!validate_and_mangle_flags(p.name, &p.flags, SD_RESOLVED_NO_SEARCH))
299 return varlink_error_invalid_parameter(link, JSON_VARIANT_STRING_CONST("flags"));
300
301 r = parse_as_address(link, &p);
302 if (r != 0)
303 return r;
304
305 r = dns_question_new_address(&question_utf8, p.family, p.name, false);
306 if (r < 0)
307 return r;
308
309 r = dns_question_new_address(&question_idna, p.family, p.name, true);
310 if (r < 0 && r != -EALREADY)
311 return r;
312
313 r = dns_query_new(m, &q, question_utf8, question_idna ?: question_utf8, p.ifindex, p.flags);
314 if (r < 0)
315 return r;
316
317 q->varlink_request = varlink_ref(link);
318 varlink_set_userdata(link, q);
319 q->request_family = p.family;
320 q->complete = vl_method_resolve_hostname_complete;
321
322 r = dns_query_go(q);
323 if (r < 0)
324 goto fail;
325
326 return 1;
327
328 fail:
329 dns_query_free(q);
330 return r;
331 }
332
333 static int json_dispatch_address(const char *name, JsonVariant *variant, JsonDispatchFlags flags, void *userdata) {
334 LookupParameters *p = userdata;
335 union in_addr_union buf = {};
336 JsonVariant *i;
337 size_t n, k = 0;
338
339 assert(variant);
340 assert(p);
341
342 if (!json_variant_is_array(variant))
343 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is not an array.", strna(name));
344
345 n = json_variant_elements(variant);
346 if (!IN_SET(n, 4, 16))
347 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "JSON field '%s' is array of unexpected size.", strna(name));
348
349 JSON_VARIANT_ARRAY_FOREACH(i, variant) {
350 intmax_t b;
351
352 if (!json_variant_is_integer(i))
353 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Element %zu of JSON field '%s' is not an integer.", k, strna(name));
354
355 b = json_variant_integer(i);
356 if (b < 0 || b > 0xff)
357 return json_log(variant, flags, SYNTHETIC_ERRNO(EINVAL), "Element %zu of JSON field '%s' is out of range 0…255.", k, strna(name));
358
359 buf.bytes[k++] = (uint8_t) b;
360 }
361
362 p->address = buf;
363 p->address_size = k;
364
365 return 0;
366 }
367
368 static void vl_method_resolve_address_complete(DnsQuery *q) {
369 _cleanup_(json_variant_unrefp) JsonVariant *array = NULL;
370 DnsQuestion *question;
371 DnsResourceRecord *rr;
372 int ifindex, r;
373
374 assert(q);
375
376 if (q->state != DNS_TRANSACTION_SUCCESS) {
377 r = reply_query_state(q);
378 goto finish;
379 }
380
381 r = dns_query_process_cname(q);
382 if (r == -ELOOP) {
383 r = varlink_error(q->varlink_request, "io.systemd.Resolve.CNAMELoop", NULL);
384 goto finish;
385 }
386 if (r < 0)
387 goto finish;
388 if (r == DNS_QUERY_RESTARTED) /* This was a cname, and the query was restarted. */
389 return;
390
391 question = dns_query_question_for_protocol(q, q->answer_protocol);
392
393 DNS_ANSWER_FOREACH_IFINDEX(rr, ifindex, q->answer) {
394 _cleanup_(json_variant_unrefp) JsonVariant *entry = NULL;
395 _cleanup_free_ char *normalized = NULL;
396
397 r = dns_question_matches_rr(question, rr, NULL);
398 if (r < 0)
399 goto finish;
400 if (r == 0)
401 continue;
402
403 r = dns_name_normalize(rr->ptr.name, 0, &normalized);
404 if (r < 0)
405 goto finish;
406
407 r = json_build(&entry,
408 JSON_BUILD_OBJECT(
409 JSON_BUILD_PAIR("ifindex", JSON_BUILD_INTEGER(ifindex)),
410 JSON_BUILD_PAIR("name", JSON_BUILD_STRING(normalized))));
411 if (r < 0)
412 goto finish;
413
414 r = json_variant_append_array(&array, entry);
415 if (r < 0)
416 goto finish;
417 }
418
419 if (json_variant_is_blank_object(array)) {
420 r = varlink_error(q->varlink_request, "io.systemd.Resolve.NoSuchResourceRecord", NULL);
421 goto finish;
422 }
423
424 r = varlink_replyb(q->varlink_request,
425 JSON_BUILD_OBJECT(
426 JSON_BUILD_PAIR("names", JSON_BUILD_VARIANT(array)),
427 JSON_BUILD_PAIR("flags", JSON_BUILD_INTEGER(SD_RESOLVED_FLAGS_MAKE(q->answer_protocol, q->answer_family, dns_query_fully_authenticated(q))))));
428 finish:
429 if (r < 0) {
430 log_error_errno(r, "Failed to send address reply: %m");
431 r = varlink_error_errno(q->varlink_request, r);
432 }
433
434 dns_query_free(q);
435 }
436
437 static int vl_method_resolve_address(Varlink *link, JsonVariant *parameters, VarlinkMethodFlags flags, void *userdata) {
438 static const JsonDispatch dispatch_table[] = {
439 { "ifindex", JSON_VARIANT_UNSIGNED, json_dispatch_int, offsetof(LookupParameters, ifindex), 0 },
440 { "family", JSON_VARIANT_UNSIGNED, json_dispatch_int, offsetof(LookupParameters, family), JSON_MANDATORY },
441 { "address", JSON_VARIANT_ARRAY, json_dispatch_address, 0, JSON_MANDATORY },
442 { "flags", JSON_VARIANT_UNSIGNED, json_dispatch_uint64, offsetof(LookupParameters, flags), 0 },
443 {}
444 };
445
446 _cleanup_(dns_question_unrefp) DnsQuestion *question = NULL;
447 _cleanup_(lookup_parameters_destroy) LookupParameters p = {
448 .family = AF_UNSPEC,
449 };
450 Manager *m = userdata;
451 DnsQuery *q;
452 int r;
453
454 assert(link);
455 assert(m);
456
457 if (FLAGS_SET(flags, VARLINK_METHOD_ONEWAY))
458 return -EINVAL;
459
460 r = json_dispatch(parameters, dispatch_table, NULL, 0, &p);
461 if (r < 0)
462 return r;
463
464 if (p.ifindex < 0)
465 return varlink_error_invalid_parameter(link, JSON_VARIANT_STRING_CONST("ifindex"));
466
467 if (!IN_SET(p.family, AF_UNSPEC, AF_INET, AF_INET6))
468 return varlink_error_invalid_parameter(link, JSON_VARIANT_STRING_CONST("family"));
469
470 if (FAMILY_ADDRESS_SIZE(p.family) != p.address_size)
471 return varlink_error(link, "io.systemd.UserDatabase.BadAddressSize", NULL);
472
473 if (!validate_and_mangle_flags(NULL, &p.flags, 0))
474 return varlink_error_invalid_parameter(link, JSON_VARIANT_STRING_CONST("flags"));
475
476 r = dns_question_new_reverse(&question, p.family, &p.address);
477 if (r < 0)
478 return r;
479
480 r = dns_query_new(m, &q, question, question, p.ifindex, p.flags|SD_RESOLVED_NO_SEARCH);
481 if (r < 0)
482 return r;
483
484 q->varlink_request = varlink_ref(link);
485 varlink_set_userdata(link, q);
486
487 q->request_family = p.family;
488 q->request_address = p.address;
489 q->complete = vl_method_resolve_address_complete;
490
491 r = dns_query_go(q);
492 if (r < 0)
493 goto fail;
494
495 return 1;
496
497 fail:
498 dns_query_free(q);
499 return r;
500 }
501
502 int manager_varlink_init(Manager *m) {
503 _cleanup_(varlink_server_unrefp) VarlinkServer *s = NULL;
504 int r;
505
506 assert(m);
507
508 if (m->varlink_server)
509 return 0;
510
511 r = varlink_server_new(&s, VARLINK_SERVER_ACCOUNT_UID);
512 if (r < 0)
513 return log_error_errno(r, "Failed to allocate varlink server object: %m");
514
515 varlink_server_set_userdata(s, m);
516
517 r = varlink_server_bind_method_many(
518 s,
519 "io.systemd.Resolve.ResolveHostname", vl_method_resolve_hostname,
520 "io.systemd.Resolve.ResolveAddress", vl_method_resolve_address);
521 if (r < 0)
522 return log_error_errno(r, "Failed to register varlink methods: %m");
523
524 r = varlink_server_bind_disconnect(s, vl_on_disconnect);
525 if (r < 0)
526 return log_error_errno(r, "Failed to register varlink disconnect handler: %m");
527
528 r = varlink_server_listen_address(s, "/run/systemd/resolve/io.systemd.Resolve", 0666);
529 if (r < 0)
530 return log_error_errno(r, "Failed to bind to varlink socket: %m");
531
532 r = varlink_server_attach_event(s, m->event, SD_EVENT_PRIORITY_NORMAL);
533 if (r < 0)
534 return log_error_errno(r, "Failed to attach varlink connection to event loop: %m");
535
536 m->varlink_server = TAKE_PTR(s);
537 return 0;
538 }
539
540 void manager_varlink_done(Manager *m) {
541 assert(m);
542
543 m->varlink_server = varlink_server_unref(m->varlink_server);
544 }
Unnamed repository; edit this file 'description' to name the repository.