[thirdparty/systemd.git] / src / resolve / resolved-conf.c

/* SPDX-License-Identifier: LGPL-2.1+ */
/***
  This file is part of systemd.

  Copyright 2014 Tom Gundersen <teg@jklm.no>

  systemd is free software; you can redistribute it and/or modify it
  under the terms of the GNU Lesser General Public License as published by
  the Free Software Foundation; either version 2.1 of the License, or
  (at your option) any later version.

  systemd is distributed in the hope that it will be useful, but
  WITHOUT ANY WARRANTY; without even the implied warranty of
  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  Lesser General Public License for more details.

  You should have received a copy of the GNU Lesser General Public License
  along with systemd; If not, see <http://www.gnu.org/licenses/>.
 ***/

#include "alloc-util.h"
#include "conf-parser.h"
#include "def.h"
#include "extract-word.h"
#include "parse-util.h"
#include "resolved-conf.h"
#include "string-table.h"
#include "string-util.h"

DEFINE_CONFIG_PARSE_ENUM(config_parse_dns_stub_listener_mode, dns_stub_listener_mode, DnsStubListenerMode, "Failed to parse DNS stub listener mode setting");

static const char* const dns_stub_listener_mode_table[_DNS_STUB_LISTENER_MODE_MAX] = {
        [DNS_STUB_LISTENER_NO] = "no",
        [DNS_STUB_LISTENER_UDP] = "udp",
        [DNS_STUB_LISTENER_TCP] = "tcp",
        [DNS_STUB_LISTENER_YES] = "yes",
};
DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(dns_stub_listener_mode, DnsStubListenerMode, DNS_STUB_LISTENER_YES);

int manager_add_dns_server_by_string(Manager *m, DnsServerType type, const char *word) {
        union in_addr_union address;
        int family, r, ifindex = 0;
        DnsServer *s;

        assert(m);
        assert(word);

        r = in_addr_ifindex_from_string_auto(word, &family, &address, &ifindex);
        if (r < 0)
                return r;

        /* Silently filter out 0.0.0.0 and 127.0.0.53 (our own stub DNS listener) */
        if (!dns_server_address_valid(family, &address))
                return 0;

        /* Filter out duplicates */
        s = dns_server_find(manager_get_first_dns_server(m, type), family, &address, ifindex);
        if (s) {
                /*
                 * Drop the marker. This is used to find the servers
                 * that ceased to exist, see
                 * manager_mark_dns_servers() and
                 * manager_flush_marked_dns_servers().
                 */
                dns_server_move_back_and_unmark(s);
                return 0;
        }

        return dns_server_new(m, NULL, type, NULL, family, &address, ifindex);
}

int manager_parse_dns_server_string_and_warn(Manager *m, DnsServerType type, const char *string) {
        int r;

        assert(m);
        assert(string);

        for (;;) {
                _cleanup_free_ char *word = NULL;

                r = extract_first_word(&string, &word, NULL, 0);
                if (r < 0)
                        return r;
                if (r == 0)
                        break;

                r = manager_add_dns_server_by_string(m, type, word);
                if (r < 0)
                        log_warning_errno(r, "Failed to add DNS server address '%s', ignoring: %m", word);
        }

        return 0;
}

int manager_add_search_domain_by_string(Manager *m, const char *domain) {
        DnsSearchDomain *d;
        bool route_only;
        int r;

        assert(m);
        assert(domain);

        route_only = *domain == '~';
        if (route_only)
                domain++;

        if (dns_name_is_root(domain) || streq(domain, "*")) {
                route_only = true;
                domain = ".";
        }

        r = dns_search_domain_find(m->search_domains, domain, &d);
        if (r < 0)
                return r;
        if (r > 0)
                dns_search_domain_move_back_and_unmark(d);
        else {
                r = dns_search_domain_new(m, &d, DNS_SEARCH_DOMAIN_SYSTEM, NULL, domain);
                if (r < 0)
                        return r;
        }

        d->route_only = route_only;
        return 0;
}

int manager_parse_search_domains_and_warn(Manager *m, const char *string) {
        int r;

        assert(m);
        assert(string);

        for (;;) {
                _cleanup_free_ char *word = NULL;

                r = extract_first_word(&string, &word, NULL, EXTRACT_QUOTES);
                if (r < 0)
                        return r;
                if (r == 0)
                        break;

                r = manager_add_search_domain_by_string(m, word);
                if (r < 0)
                        log_warning_errno(r, "Failed to add search domain '%s', ignoring: %m", word);
        }

        return 0;
}

int config_parse_dns_servers(
                const char *unit,
                const char *filename,
                unsigned line,
                const char *section,
                unsigned section_line,
                const char *lvalue,
                int ltype,
                const char *rvalue,
                void *data,
                void *userdata) {

        Manager *m = userdata;
        int r;

        assert(filename);
        assert(lvalue);
        assert(rvalue);
        assert(m);

        if (isempty(rvalue))
                /* Empty assignment means clear the list */
                dns_server_unlink_all(manager_get_first_dns_server(m, ltype));
        else {
                /* Otherwise, add to the list */
                r = manager_parse_dns_server_string_and_warn(m, ltype, rvalue);
                if (r < 0) {
                        log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse DNS server string '%s'. Ignoring.", rvalue);
                        return 0;
                }
        }

        /* If we have a manual setting, then we stop reading
         * /etc/resolv.conf */
        if (ltype == DNS_SERVER_SYSTEM)
                m->read_resolv_conf = false;
        if (ltype == DNS_SERVER_FALLBACK)
                m->need_builtin_fallbacks = false;

        return 0;
}

int config_parse_search_domains(
                const char *unit,
                const char *filename,
                unsigned line,
                const char *section,
                unsigned section_line,
                const char *lvalue,
                int ltype,
                const char *rvalue,
                void *data,
                void *userdata) {

        Manager *m = userdata;
        int r;

        assert(filename);
        assert(lvalue);
        assert(rvalue);
        assert(m);

        if (isempty(rvalue))
                /* Empty assignment means clear the list */
                dns_search_domain_unlink_all(m->search_domains);
        else {
                /* Otherwise, add to the list */
                r = manager_parse_search_domains_and_warn(m, rvalue);
                if (r < 0) {
                        log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse search domains string '%s'. Ignoring.", rvalue);
                        return 0;
                }
        }

        /* If we have a manual setting, then we stop reading
         * /etc/resolv.conf */
        m->read_resolv_conf = false;

        return 0;
}

int manager_parse_config_file(Manager *m) {
        int r;

        assert(m);

        r = config_parse_many_nulstr(PKGSYSCONFDIR "/resolved.conf",
                                     CONF_PATHS_NULSTR("systemd/resolved.conf.d"),
                                     "Resolve\0",
                                     config_item_perf_lookup, resolved_gperf_lookup,
                                     CONFIG_PARSE_WARN, m);
        if (r < 0)
                return r;

        if (m->need_builtin_fallbacks) {
                r = manager_parse_dns_server_string_and_warn(m, DNS_SERVER_FALLBACK, DNS_SERVERS);
                if (r < 0)
                        return r;
        }

#if ! HAVE_GCRYPT
        if (m->dnssec_mode != DNSSEC_NO) {
                log_warning("DNSSEC option cannot be enabled or set to allow-downgrade when systemd-resolved is built without gcrypt support. Turning off DNSSEC support.");
                m->dnssec_mode = DNSSEC_NO;
        }
#endif
        return 0;

}
Commit	Line	Data
53e1b683	1	/* SPDX-License-Identifier: LGPL-2.1+ */
4e945a6f LP	2	/***
	3	This file is part of systemd.
	4
	5	Copyright 2014 Tom Gundersen <teg@jklm.no>
	6
	7	systemd is free software; you can redistribute it and/or modify it
	8	under the terms of the GNU Lesser General Public License as published by
	9	the Free Software Foundation; either version 2.1 of the License, or
	10	(at your option) any later version.
	11
	12	systemd is distributed in the hope that it will be useful, but
	13	WITHOUT ANY WARRANTY; without even the implied warranty of
	14	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
	15	Lesser General Public License for more details.
	16
	17	You should have received a copy of the GNU Lesser General Public License
	18	along with systemd; If not, see <http://www.gnu.org/licenses/>.
	19	***/
	20
b5efdb8a	21	#include "alloc-util.h"
4e945a6f	22	#include "conf-parser.h"
a0f29c76	23	#include "def.h"
b5efdb8a	24	#include "extract-word.h"
6bedfcbb	25	#include "parse-util.h"
4e945a6f	26	#include "resolved-conf.h"
1ae43295	27	#include "string-table.h"
6bedfcbb	28	#include "string-util.h"
4e945a6f	29
1ae43295 DM	30	DEFINE_CONFIG_PARSE_ENUM(config_parse_dns_stub_listener_mode, dns_stub_listener_mode, DnsStubListenerMode, "Failed to parse DNS stub listener mode setting");
	31
	32	static const char* const dns_stub_listener_mode_table[_DNS_STUB_LISTENER_MODE_MAX] = {
	33	[DNS_STUB_LISTENER_NO] = "no",
	34	[DNS_STUB_LISTENER_UDP] = "udp",
	35	[DNS_STUB_LISTENER_TCP] = "tcp",
	36	[DNS_STUB_LISTENER_YES] = "yes",
	37	};
	38	DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(dns_stub_listener_mode, DnsStubListenerMode, DNS_STUB_LISTENER_YES);
	39
636e813d LP	40	int manager_add_dns_server_by_string(Manager m, DnsServerType type, const char word) {
636e813d LP	41	union in_addr_union address;
2817157b	42	int family, r, ifindex = 0;
0eac4623	43	DnsServer *s;
4e945a6f LP	44
4e945a6f LP	45	assert(m);
636e813d LP	46	assert(word);
636e813d LP	47
2817157b	48	r = in_addr_ifindex_from_string_auto(word, &family, &address, &ifindex);
636e813d LP	49	if (r < 0)
636e813d LP	50	return r;
4e945a6f	51
b30bf55d LP	52	/* Silently filter out 0.0.0.0 and 127.0.0.53 (our own stub DNS listener) */
	53	if (!dns_server_address_valid(family, &address))
	54	return 0;
	55
636e813d	56	/* Filter out duplicates */
2817157b	57	s = dns_server_find(manager_get_first_dns_server(m, type), family, &address, ifindex);
636e813d LP	58	if (s) {
	59	/*
	60	* Drop the marker. This is used to find the servers
	61	* that ceased to exist, see
	62	* manager_mark_dns_servers() and
	63	* manager_flush_marked_dns_servers().
	64	*/
0b58db65	65	dns_server_move_back_and_unmark(s);
636e813d LP	66	return 0;
	67	}
	68
2817157b	69	return dns_server_new(m, NULL, type, NULL, family, &address, ifindex);
636e813d LP	70	}
	71
	72	int manager_parse_dns_server_string_and_warn(Manager m, DnsServerType type, const char string) {
	73	int r;
	74
	75	assert(m);
	76	assert(string);
	77
9ed794a3	78	for (;;) {
b5efdb8a	79	_cleanup_free_ char *word = NULL;
880603a1 SS	80
	81	r = extract_first_word(&string, &word, NULL, 0);
	82	if (r < 0)
636e813d	83	return r;
880603a1 SS	84	if (r == 0)
880603a1 SS	85	break;
4e945a6f	86
636e813d	87	r = manager_add_dns_server_by_string(m, type, word);
a51c1048	88	if (r < 0)
2817157b	89	log_warning_errno(r, "Failed to add DNS server address '%s', ignoring: %m", word);
a51c1048 LP	90	}
	91
	92	return 0;
	93	}
	94
	95	int manager_add_search_domain_by_string(Manager m, const char domain) {
	96	DnsSearchDomain *d;
adc800a6	97	bool route_only;
a51c1048 LP	98	int r;
	99
	100	assert(m);
	101	assert(domain);
	102
adc800a6 LP	103	route_only = *domain == '~';
	104	if (route_only)
	105	domain++;
	106
	107	if (dns_name_is_root(domain) \|\| streq(domain, "*")) {
	108	route_only = true;
	109	domain = ".";
	110	}
	111
a51c1048 LP	112	r = dns_search_domain_find(m->search_domains, domain, &d);
	113	if (r < 0)
	114	return r;
adc800a6	115	if (r > 0)
a51c1048	116	dns_search_domain_move_back_and_unmark(d);
adc800a6 LP	117	else {
	118	r = dns_search_domain_new(m, &d, DNS_SEARCH_DOMAIN_SYSTEM, NULL, domain);
	119	if (r < 0)
	120	return r;
a51c1048 LP	121	}
a51c1048 LP	122
adc800a6 LP	123	d->route_only = route_only;
adc800a6 LP	124	return 0;
a51c1048 LP	125	}
	126
	127	int manager_parse_search_domains_and_warn(Manager m, const char string) {
	128	int r;
	129
	130	assert(m);
	131	assert(string);
	132
9ed794a3	133	for (;;) {
a51c1048 LP	134	_cleanup_free_ char *word = NULL;
	135
	136	r = extract_first_word(&string, &word, NULL, EXTRACT_QUOTES);
	137	if (r < 0)
	138	return r;
	139	if (r == 0)
	140	break;
	141
	142	r = manager_add_search_domain_by_string(m, word);
	143	if (r < 0)
2817157b	144	log_warning_errno(r, "Failed to add search domain '%s', ignoring: %m", word);
4e945a6f LP	145	}
	146
	147	return 0;
	148	}
	149
636e813d	150	int config_parse_dns_servers(
4e945a6f LP	151	const char *unit,
	152	const char *filename,
	153	unsigned line,
	154	const char *section,
	155	unsigned section_line,
	156	const char *lvalue,
	157	int ltype,
	158	const char *rvalue,
	159	void *data,
	160	void *userdata) {
	161
	162	Manager *m = userdata;
4e945a6f LP	163	int r;
	164
	165	assert(filename);
	166	assert(lvalue);
	167	assert(rvalue);
	168	assert(m);
	169
3e684349	170	if (isempty(rvalue))
5cb36f41	171	/* Empty assignment means clear the list */
4b95f179	172	dns_server_unlink_all(manager_get_first_dns_server(m, ltype));
3e684349	173	else {
b938cb90	174	/* Otherwise, add to the list */
636e813d	175	r = manager_parse_dns_server_string_and_warn(m, ltype, rvalue);
5cb36f41	176	if (r < 0) {
12ca818f	177	log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse DNS server string '%s'. Ignoring.", rvalue);
5cb36f41 LP	178	return 0;
5cb36f41 LP	179	}
4e945a6f LP	180	}
4e945a6f LP	181
5cb36f41 LP	182	/* If we have a manual setting, then we stop reading
	183	* /etc/resolv.conf */
	184	if (ltype == DNS_SERVER_SYSTEM)
	185	m->read_resolv_conf = false;
00fa60ae LP	186	if (ltype == DNS_SERVER_FALLBACK)
00fa60ae LP	187	m->need_builtin_fallbacks = false;
5cb36f41	188
4e945a6f LP	189	return 0;
	190	}
	191
a51c1048 LP	192	int config_parse_search_domains(
	193	const char *unit,
	194	const char *filename,
	195	unsigned line,
	196	const char *section,
	197	unsigned section_line,
	198	const char *lvalue,
	199	int ltype,
	200	const char *rvalue,
	201	void *data,
	202	void *userdata) {
	203
	204	Manager *m = userdata;
	205	int r;
	206
	207	assert(filename);
	208	assert(lvalue);
	209	assert(rvalue);
	210	assert(m);
	211
	212	if (isempty(rvalue))
	213	/* Empty assignment means clear the list */
	214	dns_search_domain_unlink_all(m->search_domains);
	215	else {
	216	/* Otherwise, add to the list */
	217	r = manager_parse_search_domains_and_warn(m, rvalue);
	218	if (r < 0) {
	219	log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse search domains string '%s'. Ignoring.", rvalue);
	220	return 0;
	221	}
	222	}
	223
	224	/* If we have a manual setting, then we stop reading
	225	* /etc/resolv.conf */
	226	m->read_resolv_conf = false;
	227
	228	return 0;
	229	}
	230
4e945a6f	231	int manager_parse_config_file(Manager *m) {
00fa60ae LP	232	int r;
00fa60ae LP	233
4e945a6f LP	234	assert(m);
4e945a6f LP	235
43688c49	236	r = config_parse_many_nulstr(PKGSYSCONFDIR "/resolved.conf",
da412854 YW	237	CONF_PATHS_NULSTR("systemd/resolved.conf.d"),
	238	"Resolve\0",
	239	config_item_perf_lookup, resolved_gperf_lookup,
bcde742e	240	CONFIG_PARSE_WARN, m);
00fa60ae LP	241	if (r < 0)
	242	return r;
	243
	244	if (m->need_builtin_fallbacks) {
	245	r = manager_parse_dns_server_string_and_warn(m, DNS_SERVER_FALLBACK, DNS_SERVERS);
	246	if (r < 0)
	247	return r;
	248	}
	249
349cc4a5	250	#if ! HAVE_GCRYPT
42303dcb YW	251	if (m->dnssec_mode != DNSSEC_NO) {
	252	log_warning("DNSSEC option cannot be enabled or set to allow-downgrade when systemd-resolved is built without gcrypt support. Turning off DNSSEC support.");
	253	m->dnssec_mode = DNSSEC_NO;
	254	}
	255	#endif
00fa60ae LP	256	return 0;
00fa60ae LP	257
4e945a6f	258	}