1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
3 #include "in-addr-util.h"
4 #include "resolved-dns-synthesize.h"
5 #include "resolved-varlink.h"
6 #include "socket-netlink.h"
8 typedef struct LookupParameters
{
12 union in_addr_union address
;
17 static void lookup_parameters_destroy(LookupParameters
*p
) {
22 static int reply_query_state(DnsQuery
*q
) {
25 assert(q
->varlink_request
);
29 case DNS_TRANSACTION_NO_SERVERS
:
30 return varlink_error(q
->varlink_request
, "io.systemd.Resolve.NoNameServers", NULL
);
32 case DNS_TRANSACTION_TIMEOUT
:
33 return varlink_error(q
->varlink_request
, "io.systemd.Resolve.QueryTimedOut", NULL
);
35 case DNS_TRANSACTION_ATTEMPTS_MAX_REACHED
:
36 return varlink_error(q
->varlink_request
, "io.systemd.Resolve.MaxAttemptsReached", NULL
);
38 case DNS_TRANSACTION_INVALID_REPLY
:
39 return varlink_error(q
->varlink_request
, "io.systemd.Resolve.InvalidReply", NULL
);
41 case DNS_TRANSACTION_ERRNO
:
42 return varlink_error_errno(q
->varlink_request
, q
->answer_errno
);
44 case DNS_TRANSACTION_ABORTED
:
45 return varlink_error(q
->varlink_request
, "io.systemd.Resolve.QueryAborted", NULL
);
47 case DNS_TRANSACTION_DNSSEC_FAILED
:
48 return varlink_errorb(q
->varlink_request
, "io.systemd.Resolve.DNSSECValidationFailed",
49 JSON_BUILD_OBJECT(JSON_BUILD_PAIR("result", JSON_BUILD_STRING(dnssec_result_to_string(q
->answer_dnssec_result
)))));
51 case DNS_TRANSACTION_NO_TRUST_ANCHOR
:
52 return varlink_error(q
->varlink_request
, "io.systemd.Resolve.NoTrustAnchor", NULL
);
54 case DNS_TRANSACTION_RR_TYPE_UNSUPPORTED
:
55 return varlink_error(q
->varlink_request
, "io.systemd.Resolve.ResourceRecordTypeUnsupported", NULL
);
57 case DNS_TRANSACTION_NETWORK_DOWN
:
58 return varlink_error(q
->varlink_request
, "io.systemd.Resolve.NetworkDown", NULL
);
60 case DNS_TRANSACTION_NOT_FOUND
:
61 /* We return this as NXDOMAIN. This is only generated when a host doesn't implement LLMNR/TCP, and we
62 * thus quickly know that we cannot resolve an in-addr.arpa or ip6.arpa address. */
63 return varlink_errorb(q
->varlink_request
, "io.systemd.Resolve.DNSError",
64 JSON_BUILD_OBJECT(JSON_BUILD_PAIR("rcode", JSON_BUILD_INTEGER(DNS_RCODE_NXDOMAIN
))));
66 case DNS_TRANSACTION_RCODE_FAILURE
:
67 return varlink_errorb(q
->varlink_request
, "io.systemd.Resolve.DNSError",
68 JSON_BUILD_OBJECT(JSON_BUILD_PAIR("rcode", JSON_BUILD_INTEGER(q
->answer_rcode
))));
70 case DNS_TRANSACTION_NULL
:
71 case DNS_TRANSACTION_PENDING
:
72 case DNS_TRANSACTION_VALIDATING
:
73 case DNS_TRANSACTION_SUCCESS
:
75 assert_not_reached("Impossible state");
79 static void vl_on_disconnect(VarlinkServer
*s
, Varlink
*link
, void *userdata
) {
85 q
= varlink_get_userdata(link
);
89 if (!DNS_TRANSACTION_IS_LIVE(q
->state
))
92 log_debug("Client of active query vanished, aborting query.");
93 dns_query_complete(q
, DNS_TRANSACTION_ABORTED
);
96 static bool validate_and_mangle_flags(
103 /* This checks that the specified client-provided flags parameter actually makes sense, and mangles
104 * it slightly. Specifically:
106 * 1. We check that only the protocol flags and the NO_CNAME flag are on at most, plus the
107 * method-specific flags specified in 'ok'.
109 * 2. If no protocols are enabled we automatically convert that to "all protocols are enabled".
111 * The second rule means that clients can just pass 0 as flags for the common case, and all supported
112 * protocols are enabled. Moreover it's useful so that client's do not have to be aware of all
113 * protocols implemented in resolved, but can use 0 as protocols flags set as indicator for
117 if (*flags
& ~(SD_RESOLVED_PROTOCOLS_ALL
|SD_RESOLVED_NO_CNAME
|ok
))
120 if ((*flags
& SD_RESOLVED_PROTOCOLS_ALL
) == 0) /* If no protocol is enabled, enable all */
121 *flags
|= SD_RESOLVED_PROTOCOLS_ALL
;
123 /* If the SD_RESOLVED_NO_SEARCH flag is acceptable, and the query name is dot-suffixed, turn off
124 * search domains. Note that DNS name normalization drops the dot suffix, hence we propagate this
125 * into the flags field as early as we can. */
126 if (name
&& FLAGS_SET(ok
, SD_RESOLVED_NO_SEARCH
) && dns_name_dot_suffixed(name
) > 0)
127 *flags
|= SD_RESOLVED_NO_SEARCH
;
132 static void vl_method_resolve_hostname_complete(DnsQuery
*q
) {
133 _cleanup_(dns_resource_record_unrefp
) DnsResourceRecord
*canonical
= NULL
;
134 _cleanup_(json_variant_unrefp
) JsonVariant
*array
= NULL
;
135 _cleanup_free_
char *normalized
= NULL
;
136 DnsResourceRecord
*rr
;
137 DnsQuestion
*question
;
142 if (q
->state
!= DNS_TRANSACTION_SUCCESS
) {
143 r
= reply_query_state(q
);
147 r
= dns_query_process_cname(q
);
149 r
= varlink_error(q
->varlink_request
, "io.systemd.Resolve.CNAMELoop", NULL
);
154 if (r
== DNS_QUERY_RESTARTED
) /* This was a cname, and the query was restarted. */
157 question
= dns_query_question_for_protocol(q
, q
->answer_protocol
);
159 DNS_ANSWER_FOREACH_IFINDEX(rr
, ifindex
, q
->answer
) {
160 _cleanup_(json_variant_unrefp
) JsonVariant
*entry
= NULL
;
164 r
= dns_question_matches_rr(question
, rr
, DNS_SEARCH_DOMAIN_NAME(q
->answer_search_domain
));
170 if (rr
->key
->type
== DNS_TYPE_A
) {
173 } else if (rr
->key
->type
== DNS_TYPE_AAAA
) {
175 p
= &rr
->aaaa
.in6_addr
;
181 r
= json_build(&entry
,
183 JSON_BUILD_PAIR("ifindex", JSON_BUILD_INTEGER(ifindex
)),
184 JSON_BUILD_PAIR("family", JSON_BUILD_INTEGER(family
)),
185 JSON_BUILD_PAIR("address", JSON_BUILD_BYTE_ARRAY(p
, FAMILY_ADDRESS_SIZE(family
)))));
190 canonical
= dns_resource_record_ref(rr
);
192 r
= json_variant_append_array(&array
, entry
);
197 if (json_variant_is_blank_object(array
)) {
198 r
= varlink_error(q
->varlink_request
, "io.systemd.Resolve.NoSuchResourceRecord", NULL
);
203 r
= dns_name_normalize(dns_resource_key_name(canonical
->key
), 0, &normalized
);
207 r
= varlink_replyb(q
->varlink_request
,
209 JSON_BUILD_PAIR("addresses", JSON_BUILD_VARIANT(array
)),
210 JSON_BUILD_PAIR("name", JSON_BUILD_STRING(normalized
)),
211 JSON_BUILD_PAIR("flags", JSON_BUILD_INTEGER(SD_RESOLVED_FLAGS_MAKE(q
->answer_protocol
, q
->answer_family
, dns_query_fully_authenticated(q
))))));
214 log_error_errno(r
, "Failed to send hostname reply: %m");
215 r
= varlink_error_errno(q
->varlink_request
, r
);
221 static int parse_as_address(Varlink
*link
, LookupParameters
*p
) {
222 _cleanup_free_
char *canonical
= NULL
;
223 int r
, ff
, parsed_ifindex
, ifindex
;
224 union in_addr_union parsed
;
229 /* Check if this parses as literal address. If so, just parse it and return that, do not involve networking */
230 r
= in_addr_ifindex_from_string_auto(p
->name
, &ff
, &parsed
, &parsed_ifindex
);
232 return 0; /* not a literal address */
234 /* Make sure the data we parsed matches what is requested */
235 if ((p
->family
!= AF_UNSPEC
&& ff
!= p
->family
) ||
236 (p
->ifindex
> 0 && parsed_ifindex
> 0 && parsed_ifindex
!= p
->ifindex
))
237 return varlink_error(link
, "io.systemd.Resolve.NoSuchResourceRecord", NULL
);
239 ifindex
= parsed_ifindex
> 0 ? parsed_ifindex
: p
->ifindex
;
241 /* Reformat the address as string, to return as canonicalized name */
242 r
= in_addr_ifindex_to_string(ff
, &parsed
, ifindex
, &canonical
);
246 return varlink_replyb(
249 JSON_BUILD_PAIR("addresses",
252 JSON_BUILD_PAIR_CONDITION(ifindex
> 0, "ifindex", JSON_BUILD_INTEGER(ifindex
)),
253 JSON_BUILD_PAIR("family", JSON_BUILD_INTEGER(ff
)),
254 JSON_BUILD_PAIR("address", JSON_BUILD_BYTE_ARRAY(&parsed
, FAMILY_ADDRESS_SIZE(ff
)))))),
255 JSON_BUILD_PAIR("name", JSON_BUILD_STRING(canonical
)),
256 JSON_BUILD_PAIR("flags", JSON_BUILD_INTEGER(SD_RESOLVED_FLAGS_MAKE(dns_synthesize_protocol(p
->flags
), ff
, true)))));
259 static int vl_method_resolve_hostname(Varlink
*link
, JsonVariant
*parameters
, VarlinkMethodFlags flags
, void *userdata
) {
260 static const JsonDispatch dispatch_table
[] = {
261 { "ifindex", JSON_VARIANT_UNSIGNED
, json_dispatch_int
, offsetof(LookupParameters
, ifindex
), 0 },
262 { "name", JSON_VARIANT_STRING
, json_dispatch_string
, offsetof(LookupParameters
, name
), JSON_MANDATORY
},
263 { "family", JSON_VARIANT_UNSIGNED
, json_dispatch_int
, offsetof(LookupParameters
, family
), 0 },
264 { "flags", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(LookupParameters
, flags
), 0 },
268 _cleanup_(dns_question_unrefp
) DnsQuestion
*question_idna
= NULL
, *question_utf8
= NULL
;
269 _cleanup_(lookup_parameters_destroy
) LookupParameters p
= {
272 Manager
*m
= userdata
;
279 if (FLAGS_SET(flags
, VARLINK_METHOD_ONEWAY
))
282 r
= json_dispatch(parameters
, dispatch_table
, NULL
, 0, &p
);
287 return varlink_error_invalid_parameter(link
, JSON_VARIANT_STRING_CONST("ifindex"));
289 r
= dns_name_is_valid(p
.name
);
293 return varlink_error_invalid_parameter(link
, JSON_VARIANT_STRING_CONST("name"));
295 if (!IN_SET(p
.family
, AF_UNSPEC
, AF_INET
, AF_INET6
))
296 return varlink_error_invalid_parameter(link
, JSON_VARIANT_STRING_CONST("family"));
298 if (!validate_and_mangle_flags(p
.name
, &p
.flags
, SD_RESOLVED_NO_SEARCH
))
299 return varlink_error_invalid_parameter(link
, JSON_VARIANT_STRING_CONST("flags"));
301 r
= parse_as_address(link
, &p
);
305 r
= dns_question_new_address(&question_utf8
, p
.family
, p
.name
, false);
309 r
= dns_question_new_address(&question_idna
, p
.family
, p
.name
, true);
310 if (r
< 0 && r
!= -EALREADY
)
313 r
= dns_query_new(m
, &q
, question_utf8
, question_idna
?: question_utf8
, p
.ifindex
, p
.flags
);
317 q
->varlink_request
= varlink_ref(link
);
318 varlink_set_userdata(link
, q
);
319 q
->request_family
= p
.family
;
320 q
->complete
= vl_method_resolve_hostname_complete
;
333 static int json_dispatch_address(const char *name
, JsonVariant
*variant
, JsonDispatchFlags flags
, void *userdata
) {
334 LookupParameters
*p
= userdata
;
335 union in_addr_union buf
= {};
342 if (!json_variant_is_array(variant
))
343 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is not an array.", strna(name
));
345 n
= json_variant_elements(variant
);
346 if (!IN_SET(n
, 4, 16))
347 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "JSON field '%s' is array of unexpected size.", strna(name
));
349 JSON_VARIANT_ARRAY_FOREACH(i
, variant
) {
352 if (!json_variant_is_integer(i
))
353 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "Element %zu of JSON field '%s' is not an integer.", k
, strna(name
));
355 b
= json_variant_integer(i
);
356 if (b
< 0 || b
> 0xff)
357 return json_log(variant
, flags
, SYNTHETIC_ERRNO(EINVAL
), "Element %zu of JSON field '%s' is out of range 0…255.", k
, strna(name
));
359 buf
.bytes
[k
++] = (uint8_t) b
;
368 static void vl_method_resolve_address_complete(DnsQuery
*q
) {
369 _cleanup_(json_variant_unrefp
) JsonVariant
*array
= NULL
;
370 DnsQuestion
*question
;
371 DnsResourceRecord
*rr
;
376 if (q
->state
!= DNS_TRANSACTION_SUCCESS
) {
377 r
= reply_query_state(q
);
381 r
= dns_query_process_cname(q
);
383 r
= varlink_error(q
->varlink_request
, "io.systemd.Resolve.CNAMELoop", NULL
);
388 if (r
== DNS_QUERY_RESTARTED
) /* This was a cname, and the query was restarted. */
391 question
= dns_query_question_for_protocol(q
, q
->answer_protocol
);
393 DNS_ANSWER_FOREACH_IFINDEX(rr
, ifindex
, q
->answer
) {
394 _cleanup_(json_variant_unrefp
) JsonVariant
*entry
= NULL
;
395 _cleanup_free_
char *normalized
= NULL
;
397 r
= dns_question_matches_rr(question
, rr
, NULL
);
403 r
= dns_name_normalize(rr
->ptr
.name
, 0, &normalized
);
407 r
= json_build(&entry
,
409 JSON_BUILD_PAIR("ifindex", JSON_BUILD_INTEGER(ifindex
)),
410 JSON_BUILD_PAIR("name", JSON_BUILD_STRING(normalized
))));
414 r
= json_variant_append_array(&array
, entry
);
419 if (json_variant_is_blank_object(array
)) {
420 r
= varlink_error(q
->varlink_request
, "io.systemd.Resolve.NoSuchResourceRecord", NULL
);
424 r
= varlink_replyb(q
->varlink_request
,
426 JSON_BUILD_PAIR("names", JSON_BUILD_VARIANT(array
)),
427 JSON_BUILD_PAIR("flags", JSON_BUILD_INTEGER(SD_RESOLVED_FLAGS_MAKE(q
->answer_protocol
, q
->answer_family
, dns_query_fully_authenticated(q
))))));
430 log_error_errno(r
, "Failed to send address reply: %m");
431 r
= varlink_error_errno(q
->varlink_request
, r
);
437 static int vl_method_resolve_address(Varlink
*link
, JsonVariant
*parameters
, VarlinkMethodFlags flags
, void *userdata
) {
438 static const JsonDispatch dispatch_table
[] = {
439 { "ifindex", JSON_VARIANT_UNSIGNED
, json_dispatch_int
, offsetof(LookupParameters
, ifindex
), 0 },
440 { "family", JSON_VARIANT_UNSIGNED
, json_dispatch_int
, offsetof(LookupParameters
, family
), JSON_MANDATORY
},
441 { "address", JSON_VARIANT_ARRAY
, json_dispatch_address
, 0, JSON_MANDATORY
},
442 { "flags", JSON_VARIANT_UNSIGNED
, json_dispatch_uint64
, offsetof(LookupParameters
, flags
), 0 },
446 _cleanup_(dns_question_unrefp
) DnsQuestion
*question
= NULL
;
447 _cleanup_(lookup_parameters_destroy
) LookupParameters p
= {
450 Manager
*m
= userdata
;
457 if (FLAGS_SET(flags
, VARLINK_METHOD_ONEWAY
))
460 r
= json_dispatch(parameters
, dispatch_table
, NULL
, 0, &p
);
465 return varlink_error_invalid_parameter(link
, JSON_VARIANT_STRING_CONST("ifindex"));
467 if (!IN_SET(p
.family
, AF_UNSPEC
, AF_INET
, AF_INET6
))
468 return varlink_error_invalid_parameter(link
, JSON_VARIANT_STRING_CONST("family"));
470 if (FAMILY_ADDRESS_SIZE(p
.family
) != p
.address_size
)
471 return varlink_error(link
, "io.systemd.UserDatabase.BadAddressSize", NULL
);
473 if (!validate_and_mangle_flags(NULL
, &p
.flags
, 0))
474 return varlink_error_invalid_parameter(link
, JSON_VARIANT_STRING_CONST("flags"));
476 r
= dns_question_new_reverse(&question
, p
.family
, &p
.address
);
480 r
= dns_query_new(m
, &q
, question
, question
, p
.ifindex
, p
.flags
|SD_RESOLVED_NO_SEARCH
);
484 q
->varlink_request
= varlink_ref(link
);
485 varlink_set_userdata(link
, q
);
487 q
->request_family
= p
.family
;
488 q
->request_address
= p
.address
;
489 q
->complete
= vl_method_resolve_address_complete
;
502 int manager_varlink_init(Manager
*m
) {
503 _cleanup_(varlink_server_unrefp
) VarlinkServer
*s
= NULL
;
508 if (m
->varlink_server
)
511 r
= varlink_server_new(&s
, VARLINK_SERVER_ACCOUNT_UID
);
513 return log_error_errno(r
, "Failed to allocate varlink server object: %m");
515 varlink_server_set_userdata(s
, m
);
517 r
= varlink_server_bind_method_many(
519 "io.systemd.Resolve.ResolveHostname", vl_method_resolve_hostname
,
520 "io.systemd.Resolve.ResolveAddress", vl_method_resolve_address
);
522 return log_error_errno(r
, "Failed to register varlink methods: %m");
524 r
= varlink_server_bind_disconnect(s
, vl_on_disconnect
);
526 return log_error_errno(r
, "Failed to register varlink disconnect handler: %m");
528 r
= varlink_server_listen_address(s
, "/run/systemd/resolve/io.systemd.Resolve", 0666);
530 return log_error_errno(r
, "Failed to bind to varlink socket: %m");
532 r
= varlink_server_attach_event(s
, m
->event
, SD_EVENT_PRIORITY_NORMAL
);
534 return log_error_errno(r
, "Failed to attach varlink connection to event loop: %m");
536 m
->varlink_server
= TAKE_PTR(s
);
540 void manager_varlink_done(Manager
*m
) {
543 m
->varlink_server
= varlink_server_unref(m
->varlink_server
);