]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/resolve/resolved-dns-query.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Two CODING_STYLE additions
[thirdparty/systemd.git] / src / resolve / resolved-dns-query.c
CommitLineData
74b2466e
LP		 1/***
2 This file is part of systemd.
3
4 Copyright 2014 Lennart Poettering
5
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
10
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
15
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
18***/
19
b5efdb8a 20#include "alloc-util.h"
2a1037af 21#include "dns-domain.h"
011696f7 22#include "dns-type.h"
b5efdb8a 23#include "hostname-util.h"
78c6a153 24#include "local-addresses.h"
74b2466e 25#include "resolved-dns-query.h"
839a4a20 26#include "resolved-dns-synthesize.h"
dd0bc0f1 27#include "resolved-etc-hosts.h"
23b298bc 28#include "string-util.h"
74b2466e 29
0c903ae7 30/* How long to wait for the query in total */
74b2466e 31#define QUERY_TIMEOUT_USEC (30 * USEC_PER_SEC)
0c903ae7 32
8ba9fd9c 33#define CNAME_MAX 8
39762fdf 34#define QUERIES_MAX 2048
45ec7efb 35#define AUXILIARY_QUERIES_MAX 64
8ba9fd9c 36
801ad6a6
LP		 37static int dns_query_candidate_new(DnsQueryCandidate **ret, DnsQuery *q, DnsScope *s) {
38 DnsQueryCandidate *c;
74b2466e 39
801ad6a6 40 assert(ret);
faa133f3 41 assert(q);
801ad6a6 42 assert(s);
74b2466e 43
801ad6a6
LP		 44 c = new0(DnsQueryCandidate, 1);
45 if (!c)
46 return -ENOMEM;
47
48 c->query = q;
49 c->scope = s;
50
51 LIST_PREPEND(candidates_by_query, q->candidates, c);
52 LIST_PREPEND(candidates_by_scope, s->query_candidates, c);
53
54 *ret = c;
55 return 0;
56}
57
58static void dns_query_candidate_stop(DnsQueryCandidate *c) {
59 DnsTransaction *t;
74b2466e 60
801ad6a6
LP		 61 assert(c);
62
63 while ((t = set_steal_first(c->transactions))) {
547973de 64 set_remove(t->notify_query_candidates, c);
35aa04e9 65 set_remove(t->notify_query_candidates_done, c);
ec2c5e43 66 dns_transaction_gc(t);
74b2466e 67 }
74b2466e
LP		 68}
69
801ad6a6
LP		 70DnsQueryCandidate* dns_query_candidate_free(DnsQueryCandidate *c) {
71
72 if (!c)
73 return NULL;
74
75 dns_query_candidate_stop(c);
76
77 set_free(c->transactions);
78 dns_search_domain_unref(c->search_domain);
79
80 if (c->query)
81 LIST_REMOVE(candidates_by_query, c->query->candidates, c);
82
83 if (c->scope)
84 LIST_REMOVE(candidates_by_scope, c->scope->query_candidates, c);
85
86 free(c);
87
88 return NULL;
89}
90
91static int dns_query_candidate_next_search_domain(DnsQueryCandidate *c) {
801ad6a6
LP		 92 DnsSearchDomain *next = NULL;
93
94 assert(c);
95
ad44b56b 96 if (c->search_domain && c->search_domain->linked)
801ad6a6 97 next = c->search_domain->domains_next;
ad44b56b
LP		 98 else
99 next = dns_scope_get_search_domains(c->scope);
801ad6a6 100
ad44b56b 101 for (;;) {
6627b7e2
LP		 102 if (!next) /* We hit the end of the list */
103 return 0;
801ad6a6 104
ad44b56b
LP		 105 if (!next->route_only)
106 break;
801ad6a6 107
ad44b56b
LP		 108 /* Skip over route-only domains */
109 next = next->domains_next;
801ad6a6
LP		 110 }
111
112 dns_search_domain_unref(c->search_domain);
113 c->search_domain = dns_search_domain_ref(next);
6627b7e2 114
801ad6a6
LP		 115 return 1;
116}
117
118static int dns_query_candidate_add_transaction(DnsQueryCandidate *c, DnsResourceKey *key) {
119 DnsTransaction *t;
120 int r;
121
122 assert(c);
123 assert(key);
124
801ad6a6
LP		 125 t = dns_scope_find_transaction(c->scope, key, true);
126 if (!t) {
127 r = dns_transaction_new(&t, c->scope, key);
128 if (r < 0)
129 return r;
547973de
LP		 130 } else {
131 if (set_contains(c->transactions, t))
132 return 0;
801ad6a6
LP		 133 }
134
547973de
LP		 135 r = set_ensure_allocated(&c->transactions, NULL);
136 if (r < 0)
137 goto gc;
138
139 r = set_ensure_allocated(&t->notify_query_candidates, NULL);
801ad6a6
LP		 140 if (r < 0)
141 goto gc;
142
35aa04e9
LP		 143 r = set_ensure_allocated(&t->notify_query_candidates_done, NULL);
144 if (r < 0)
145 goto gc;
146
547973de 147 r = set_put(t->notify_query_candidates, c);
801ad6a6
LP		 148 if (r < 0)
149 goto gc;
150
151 r = set_put(c->transactions, t);
152 if (r < 0) {
547973de 153 (void) set_remove(t->notify_query_candidates, c);
801ad6a6
LP		 154 goto gc;
155 }
156
547973de 157 return 1;
801ad6a6
LP		 158
159gc:
160 dns_transaction_gc(t);
161 return r;
162}
163
164static int dns_query_candidate_go(DnsQueryCandidate *c) {
165 DnsTransaction *t;
166 Iterator i;
167 int r;
011696f7 168 unsigned n = 0;
801ad6a6
LP		 169
170 assert(c);
171
172 /* Start the transactions that are not started yet */
173 SET_FOREACH(t, c->transactions, i) {
174 if (t->state != DNS_TRANSACTION_NULL)
175 continue;
176
177 r = dns_transaction_go(t);
178 if (r < 0)
179 return r;
011696f7
LP		 180
181 n++;
801ad6a6
LP		 182 }
183
011696f7
LP		 184 /* If there was nothing to start, then let's proceed immediately */
185 if (n == 0)
186 dns_query_candidate_notify(c);
187
801ad6a6
LP		 188 return 0;
189}
190
191static DnsTransactionState dns_query_candidate_state(DnsQueryCandidate *c) {
192 DnsTransactionState state = DNS_TRANSACTION_NO_SERVERS;
193 DnsTransaction *t;
194 Iterator i;
195
196 assert(c);
197
198 if (c->error_code != 0)
7cc6ed7b 199 return DNS_TRANSACTION_ERRNO;
801ad6a6
LP		 200
201 SET_FOREACH(t, c->transactions, i) {
202
203 switch (t->state) {
204
5264131a
LP		 205 case DNS_TRANSACTION_NULL:
206 /* If there's a NULL transaction pending, then
207 * this means not all transactions where
208 * started yet, and we were called from within
209 * the stackframe that is supposed to start
210 * remaining transactions. In this case,
211 * simply claim the candidate is pending. */
212
801ad6a6 213 case DNS_TRANSACTION_PENDING:
547973de
LP		 214 case DNS_TRANSACTION_VALIDATING:
215 /* If there's one transaction currently in
216 * VALIDATING state, then this means there's
217 * also one in PENDING state, hence we can
218 * return PENDING immediately. */
219 return DNS_TRANSACTION_PENDING;
801ad6a6
LP		 220
221 case DNS_TRANSACTION_SUCCESS:
222 state = t->state;
223 break;
224
225 default:
226 if (state != DNS_TRANSACTION_SUCCESS)
227 state = t->state;
228
229 break;
230 }
231 }
232
233 return state;
234}
235
011696f7
LP		 236static bool dns_query_candidate_is_routable(DnsQueryCandidate *c, uint16_t type) {
237 int family;
238
239 assert(c);
240
241 /* Checks whether the specified RR type matches an address family that is routable on the link(s) the scope of
242 * this candidate belongs to. Specifically, whether there's a routable IPv4 address on it if we query an A RR,
243 * or a routable IPv6 address if we query an AAAA RR. */
244
245 if (!c->query->suppress_unroutable_family)
246 return true;
247
248 if (c->scope->protocol != DNS_PROTOCOL_DNS)
249 return true;
250
251 family = dns_type_to_af(type);
252 if (family < 0)
253 return true;
254
255 if (c->scope->link)
256 return link_relevant(c->scope->link, family, false);
257 else
258 return manager_routable(c->scope->manager, family);
259}
260
801ad6a6 261static int dns_query_candidate_setup_transactions(DnsQueryCandidate *c) {
23b298bc 262 DnsQuestion *question;
801ad6a6
LP		 263 DnsResourceKey *key;
264 int n = 0, r;
265
266 assert(c);
267
268 dns_query_candidate_stop(c);
269
23b298bc
LP		 270 question = dns_query_question_for_protocol(c->query, c->scope->protocol);
271
801ad6a6 272 /* Create one transaction per question key */
23b298bc 273 DNS_QUESTION_FOREACH(key, question) {
801ad6a6 274 _cleanup_(dns_resource_key_unrefp) DnsResourceKey *new_key = NULL;
011696f7
LP		 275 DnsResourceKey *qkey;
276
277 if (!dns_query_candidate_is_routable(c, key->type))
278 continue;
801ad6a6
LP		 279
280 if (c->search_domain) {
281 r = dns_resource_key_new_append_suffix(&new_key, key, c->search_domain->name);
282 if (r < 0)
283 goto fail;
801ad6a6 284
011696f7
LP		 285 qkey = new_key;
286 } else
287 qkey = key;
288
289 if (!dns_scope_good_key(c->scope, qkey))
290 continue;
291
292 r = dns_query_candidate_add_transaction(c, qkey);
801ad6a6
LP		 293 if (r < 0)
294 goto fail;
295
296 n++;
297 }
298
299 return n;
300
301fail:
302 dns_query_candidate_stop(c);
303 return r;
304}
305
547973de 306void dns_query_candidate_notify(DnsQueryCandidate *c) {
801ad6a6
LP		 307 DnsTransactionState state;
308 int r;
309
310 assert(c);
311
312 state = dns_query_candidate_state(c);
313
547973de 314 if (DNS_TRANSACTION_IS_LIVE(state))
801ad6a6
LP		 315 return;
316
317 if (state != DNS_TRANSACTION_SUCCESS && c->search_domain) {
318
319 r = dns_query_candidate_next_search_domain(c);
320 if (r < 0)
321 goto fail;
322
323 if (r > 0) {
324 /* OK, there's another search domain to try, let's do so. */
325
326 r = dns_query_candidate_setup_transactions(c);
327 if (r < 0)
328 goto fail;
329
330 if (r > 0) {
331 /* New transactions where queued. Start them and wait */
332
333 r = dns_query_candidate_go(c);
334 if (r < 0)
335 goto fail;
336
337 return;
338 }
339 }
340
341 }
342
343 dns_query_ready(c->query);
344 return;
345
346fail:
347 log_warning_errno(r, "Failed to follow search domains: %m");
348 c->error_code = r;
349 dns_query_ready(c->query);
350}
351
352static void dns_query_stop(DnsQuery *q) {
353 DnsQueryCandidate *c;
354
355 assert(q);
356
357 q->timeout_event_source = sd_event_source_unref(q->timeout_event_source);
358
359 LIST_FOREACH(candidates_by_query, c, q->candidates)
360 dns_query_candidate_stop(c);
361}
362
7820b320
LP		 363static void dns_query_free_candidates(DnsQuery *q) {
364 assert(q);
365
366 while (q->candidates)
367 dns_query_candidate_free(q->candidates);
368}
369
370static void dns_query_reset_answer(DnsQuery *q) {
371 assert(q);
372
373 q->answer = dns_answer_unref(q->answer);
374 q->answer_rcode = 0;
375 q->answer_dnssec_result = _DNSSEC_RESULT_INVALID;
7cc6ed7b 376 q->answer_errno = 0;
7820b320
LP		 377 q->answer_authenticated = false;
378 q->answer_protocol = _DNS_PROTOCOL_INVALID;
379 q->answer_family = AF_UNSPEC;
380 q->answer_search_domain = dns_search_domain_unref(q->answer_search_domain);
381}
382
74b2466e 383DnsQuery *dns_query_free(DnsQuery *q) {
74b2466e
LP		 384 if (!q)
385 return NULL;
386
45ec7efb
LP		 387 while (q->auxiliary_queries)
388 dns_query_free(q->auxiliary_queries);
389
390 if (q->auxiliary_for) {
391 assert(q->auxiliary_for->n_auxiliary_queries > 0);
392 q->auxiliary_for->n_auxiliary_queries--;
393 LIST_REMOVE(auxiliary_queries, q->auxiliary_for->auxiliary_queries, q);
394 }
395
7820b320 396 dns_query_free_candidates(q);
322345fd 397
23b298bc
LP		 398 dns_question_unref(q->question_idna);
399 dns_question_unref(q->question_utf8);
7820b320
LP		 400
401 dns_query_reset_answer(q);
322345fd 402
ec2c5e43 403 sd_bus_message_unref(q->request);
82bd6ddd 404 sd_bus_track_unref(q->bus_track);
74b2466e 405
23b298bc
LP		 406 free(q->request_address_string);
407
39762fdf 408 if (q->manager) {
74b2466e 409 LIST_REMOVE(queries, q->manager->dns_queries, q);
39762fdf
LP		 410 q->manager->n_dns_queries--;
411 }
74b2466e 412
74b2466e
LP		 413 free(q);
414
415 return NULL;
416}
417
23b298bc
LP		 418int dns_query_new(
419 Manager *m,
420 DnsQuery **ret,
421 DnsQuestion *question_utf8,
422 DnsQuestion *question_idna,
423 int ifindex, uint64_t flags) {
424
74b2466e 425 _cleanup_(dns_query_freep) DnsQuery *q = NULL;
23b298bc
LP		 426 DnsResourceKey *key;
427 bool good = false;
faa133f3 428 int r;
202b76ae 429 char key_str[DNS_RESOURCE_KEY_STRING_MAX];
74b2466e
LP		 430
431 assert(m);
432
23b298bc
LP		 433 if (dns_question_size(question_utf8) > 0) {
434 r = dns_question_is_valid_for_query(question_utf8);
435 if (r < 0)
436 return r;
437 if (r == 0)
438 return -EINVAL;
439
440 good = true;
441 }
442
443 /* If the IDNA and UTF8 questions are the same, merge their references */
444 r = dns_question_is_equal(question_idna, question_utf8);
faa133f3
LP		 445 if (r < 0)
446 return r;
23b298bc
LP		 447 if (r > 0)
448 question_idna = question_utf8;
449 else {
450 if (dns_question_size(question_idna) > 0) {
451 r = dns_question_is_valid_for_query(question_idna);
452 if (r < 0)
453 return r;
454 if (r == 0)
455 return -EINVAL;
456
457 good = true;
458 }
459 }
460
461 if (!good) /* don't allow empty queries */
462 return -EINVAL;
74b2466e 463
39762fdf
LP		 464 if (m->n_dns_queries >= QUERIES_MAX)
465 return -EBUSY;
466
74b2466e
LP		 467 q = new0(DnsQuery, 1);
468 if (!q)
469 return -ENOMEM;
470
23b298bc
LP		 471 q->question_utf8 = dns_question_ref(question_utf8);
472 q->question_idna = dns_question_ref(question_idna);
51323288
LP		 473 q->ifindex = ifindex;
474 q->flags = flags;
7820b320 475 q->answer_dnssec_result = _DNSSEC_RESULT_INVALID;
801ad6a6 476 q->answer_protocol = _DNS_PROTOCOL_INVALID;
7820b320 477 q->answer_family = AF_UNSPEC;
322345fd 478
23b298bc 479 /* First dump UTF8 question */
202b76ae
ZJS		 480 DNS_QUESTION_FOREACH(key, question_utf8)
481 log_debug("Looking up RR for %s.",
482 dns_resource_key_to_string(key, key_str, sizeof key_str));
23b298bc
LP		 483
484 /* And then dump the IDNA question, but only what hasn't been dumped already through the UTF8 question. */
485 DNS_QUESTION_FOREACH(key, question_idna) {
23b298bc
LP		 486 r = dns_question_contains(question_utf8, key);
487 if (r < 0)
488 return r;
489 if (r > 0)
490 continue;
491
202b76ae
ZJS		 492 log_debug("Looking up IDNA RR for %s.",
493 dns_resource_key_to_string(key, key_str, sizeof key_str));
74b2466e
LP		 494 }
495
496 LIST_PREPEND(queries, m->dns_queries, q);
39762fdf 497 m->n_dns_queries++;
74b2466e
LP		 498 q->manager = m;
499
8ba9fd9c
LP		 500 if (ret)
501 *ret = q;
502 q = NULL;
503
504 return 0;
505}
506
45ec7efb
LP		 507int dns_query_make_auxiliary(DnsQuery *q, DnsQuery *auxiliary_for) {
508 assert(q);
509 assert(auxiliary_for);
510
511 /* Ensure that that the query is not auxiliary yet, and
512 * nothing else is auxiliary to it either */
513 assert(!q->auxiliary_for);
514 assert(!q->auxiliary_queries);
515
516 /* Ensure that the unit we shall be made auxiliary for isn't
517 * auxiliary itself */
518 assert(!auxiliary_for->auxiliary_for);
519
520 if (auxiliary_for->n_auxiliary_queries >= AUXILIARY_QUERIES_MAX)
521 return -EAGAIN;
522
523 LIST_PREPEND(auxiliary_queries, auxiliary_for->auxiliary_queries, q);
524 q->auxiliary_for = auxiliary_for;
525
526 auxiliary_for->n_auxiliary_queries++;
527 return 0;
528}
529
ec2c5e43 530static void dns_query_complete(DnsQuery *q, DnsTransactionState state) {
8ba9fd9c 531 assert(q);
547973de
LP		 532 assert(!DNS_TRANSACTION_IS_LIVE(state));
533 assert(DNS_TRANSACTION_IS_LIVE(q->state));
8ba9fd9c 534
322345fd
LP		 535 /* Note that this call might invalidate the query. Callers
536 * should hence not attempt to access the query or transaction
537 * after calling this function. */
8ba9fd9c 538
8ba9fd9c
LP		 539 q->state = state;
540
322345fd
LP		 541 dns_query_stop(q);
542 if (q->complete)
543 q->complete(q);
8ba9fd9c
LP		 544}
545
546static int on_query_timeout(sd_event_source *s, usec_t usec, void *userdata) {
547 DnsQuery *q = userdata;
548
549 assert(s);
550 assert(q);
551
ec2c5e43 552 dns_query_complete(q, DNS_TRANSACTION_TIMEOUT);
8ba9fd9c
LP		 553 return 0;
554}
555
801ad6a6
LP		 556static int dns_query_add_candidate(DnsQuery *q, DnsScope *s) {
557 DnsQueryCandidate *c;
faa133f3
LP		 558 int r;
559
560 assert(q);
ec2c5e43 561 assert(s);
faa133f3 562
801ad6a6 563 r = dns_query_candidate_new(&c, q, s);
faa133f3
LP		 564 if (r < 0)
565 return r;
566
801ad6a6 567 /* If this a single-label domain on DNS, we might append a suitable search domain first. */
22f711bb 568 if ((q->flags & SD_RESOLVED_NO_SEARCH) == 0) {
23b298bc 569 r = dns_scope_name_needs_search_domain(s, dns_question_first_name(q->question_idna));
22f711bb 570 if (r < 0)
801ad6a6 571 goto fail;
22f711bb
LP		 572 if (r > 0) {
573 /* OK, we need a search domain now. Let's find one for this scope */
574
575 r = dns_query_candidate_next_search_domain(c);
576 if (r <= 0) /* if there's no search domain, then we won't add any transaction. */
577 goto fail;
578 }
faa133f3
LP		 579 }
580
801ad6a6
LP		 581 r = dns_query_candidate_setup_transactions(c);
582 if (r < 0)
583 goto fail;
584
faa133f3
LP		 585 return 0;
586
801ad6a6
LP		 587fail:
588 dns_query_candidate_free(c);
faa133f3
LP		 589 return r;
590}
591
78c6a153 592static int dns_query_synthesize_reply(DnsQuery *q, DnsTransactionState *state) {
2a1037af 593 _cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL;
dd0bc0f1 594 int r;
2a1037af
LP		 595
596 assert(q);
597 assert(state);
598
dd0bc0f1
LP		 599 /* Tries to synthesize localhost RR replies (and others) where appropriate. Note that this is done *after* the
600 * the normal lookup finished. The data from the network hence takes precedence over the data we
601 * synthesize. (But note that many scopes refuse to resolve certain domain names) */
2a1037af
LP		 602
603 if (!IN_SET(*state,
3bbdc31d 604 DNS_TRANSACTION_RCODE_FAILURE,
2a1037af
LP		 605 DNS_TRANSACTION_NO_SERVERS,
606 DNS_TRANSACTION_TIMEOUT,
edbcc1fd 607 DNS_TRANSACTION_ATTEMPTS_MAX_REACHED,
0791110f
LP		 608 DNS_TRANSACTION_NETWORK_DOWN,
609 DNS_TRANSACTION_NOT_FOUND))
78c6a153 610 return 0;
2a1037af 611
839a4a20
LP		 612 r = dns_synthesize_answer(
613 q->manager,
614 q->question_utf8,
615 q->ifindex,
dd0bc0f1 616 &answer);
2a1037af 617
839a4a20
LP		 618 if (r <= 0)
619 return r;
2a1037af 620
839a4a20 621 dns_query_reset_answer(q);
2a1037af 622
2a1037af
LP		 623 q->answer = answer;
624 answer = NULL;
2a1037af 625 q->answer_rcode = DNS_RCODE_SUCCESS;
dd0bc0f1
LP		 626 q->answer_protocol = dns_synthesize_protocol(q->flags);
627 q->answer_family = dns_synthesize_family(q->flags);
839a4a20 628 q->answer_authenticated = true;
2a1037af
LP		 629
630 *state = DNS_TRANSACTION_SUCCESS;
78c6a153
LP		 631
632 return 1;
2a1037af
LP		 633}
634
dd0bc0f1
LP		 635static int dns_query_try_etc_hosts(DnsQuery *q) {
636 _cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL;
637 int r;
638
639 assert(q);
640
641 /* Looks in /etc/hosts for matching entries. Note that this is done *before* the normal lookup is done. The
642 * data from /etc/hosts hence takes precedence over the network. */
643
644 r = manager_etc_hosts_lookup(
645 q->manager,
646 q->question_utf8,
647 &answer);
648 if (r <= 0)
649 return r;
650
651 dns_query_reset_answer(q);
652
653 q->answer = answer;
654 answer = NULL;
655 q->answer_rcode = DNS_RCODE_SUCCESS;
656 q->answer_protocol = dns_synthesize_protocol(q->flags);
657 q->answer_family = dns_synthesize_family(q->flags);
658 q->answer_authenticated = true;
659
660 return 1;
661}
662
322345fd 663int dns_query_go(DnsQuery *q) {
8ba9fd9c
LP		 664 DnsScopeMatch found = DNS_SCOPE_NO;
665 DnsScope *s, *first = NULL;
801ad6a6 666 DnsQueryCandidate *c;
8ba9fd9c
LP		 667 int r;
668
669 assert(q);
670
ec2c5e43 671 if (q->state != DNS_TRANSACTION_NULL)
8ba9fd9c
LP		 672 return 0;
673
dd0bc0f1
LP		 674 r = dns_query_try_etc_hosts(q);
675 if (r < 0)
676 return r;
677 if (r > 0) {
678 dns_query_complete(q, DNS_TRANSACTION_SUCCESS);
679 return 1;
680 }
681
8ba9fd9c 682 LIST_FOREACH(scopes, s, q->manager->dns_scopes) {
74b2466e 683 DnsScopeMatch match;
23b298bc
LP		 684 const char *name;
685
686 name = dns_question_first_name(dns_query_question_for_protocol(q, s->protocol));
687 if (!name)
688 continue;
74b2466e 689
51323288 690 match = dns_scope_good_domain(s, q->ifindex, q->flags, name);
74b2466e
LP		 691 if (match < 0)
692 return match;
693
694 if (match == DNS_SCOPE_NO)
695 continue;
696
697 found = match;
698
699 if (match == DNS_SCOPE_YES) {
700 first = s;
701 break;
702 } else {
703 assert(match == DNS_SCOPE_MAYBE);
704
705 if (!first)
706 first = s;
707 }
708 }
709
2a1037af
LP		 710 if (found == DNS_SCOPE_NO) {
711 DnsTransactionState state = DNS_TRANSACTION_NO_SERVERS;
712
7cc6ed7b
LP		 713 r = dns_query_synthesize_reply(q, &state);
714 if (r < 0)
715 return r;
716
d634711b
LP		 717 dns_query_complete(q, state);
718 return 1;
2a1037af 719 }
74b2466e 720
801ad6a6 721 r = dns_query_add_candidate(q, first);
74b2466e 722 if (r < 0)
ec2c5e43 723 goto fail;
74b2466e 724
74b2466e
LP		 725 LIST_FOREACH(scopes, s, first->scopes_next) {
726 DnsScopeMatch match;
23b298bc
LP		 727 const char *name;
728
729 name = dns_question_first_name(dns_query_question_for_protocol(q, s->protocol));
730 if (!name)
731 continue;
74b2466e 732
51323288 733 match = dns_scope_good_domain(s, q->ifindex, q->flags, name);
74b2466e 734 if (match < 0)
ec2c5e43 735 goto fail;
74b2466e
LP		 736
737 if (match != found)
738 continue;
739
801ad6a6 740 r = dns_query_add_candidate(q, s);
74b2466e 741 if (r < 0)
ec2c5e43 742 goto fail;
74b2466e
LP		 743 }
744
ab88b6d0 745 dns_query_reset_answer(q);
74b2466e 746
9a015429
LP		 747 r = sd_event_add_time(
748 q->manager->event,
749 &q->timeout_event_source,
750 clock_boottime_or_monotonic(),
751 now(clock_boottime_or_monotonic()) + QUERY_TIMEOUT_USEC, 0,
752 on_query_timeout, q);
74b2466e
LP		 753 if (r < 0)
754 goto fail;
755
aa4a9deb
LP		 756 (void) sd_event_source_set_description(q->timeout_event_source, "query-timeout");
757
ec2c5e43 758 q->state = DNS_TRANSACTION_PENDING;
faa133f3 759 q->block_ready++;
74b2466e 760
801ad6a6
LP		 761 /* Start the transactions */
762 LIST_FOREACH(candidates_by_query, c, q->candidates) {
763 r = dns_query_candidate_go(c);
764 if (r < 0) {
765 q->block_ready--;
ec2c5e43 766 goto fail;
801ad6a6 767 }
74b2466e
LP		 768 }
769
faa133f3
LP		 770 q->block_ready--;
771 dns_query_ready(q);
322345fd 772
8ba9fd9c 773 return 1;
74b2466e
LP		 774
775fail:
8ba9fd9c 776 dns_query_stop(q);
74b2466e
LP		 777 return r;
778}
779
801ad6a6 780static void dns_query_accept(DnsQuery *q, DnsQueryCandidate *c) {
ec2c5e43 781 DnsTransactionState state = DNS_TRANSACTION_NO_SERVERS;
547973de 782 bool has_authenticated = false, has_non_authenticated = false;
019036a4 783 DnssecResult dnssec_result_authenticated = _DNSSEC_RESULT_INVALID, dnssec_result_non_authenticated = _DNSSEC_RESULT_INVALID;
801ad6a6 784 DnsTransaction *t;
faa133f3 785 Iterator i;
547973de 786 int r;
74b2466e
LP		 787
788 assert(q);
789
801ad6a6 790 if (!c) {
7cc6ed7b
LP		 791 r = dns_query_synthesize_reply(q, &state);
792 if (r < 0)
793 goto fail;
794
801ad6a6 795 dns_query_complete(q, state);
74b2466e 796 return;
801ad6a6 797 }
74b2466e 798
a7bf2ada
LP		 799 if (c->error_code != 0) {
800 /* If the candidate had an error condition of its own, start with that. */
801 state = DNS_TRANSACTION_ERRNO;
802 q->answer = dns_answer_unref(q->answer);
803 q->answer_rcode = 0;
804 q->answer_dnssec_result = _DNSSEC_RESULT_INVALID;
805 q->answer_errno = c->error_code;
806 }
807
801ad6a6 808 SET_FOREACH(t, c->transactions, i) {
74b2466e 809
801ad6a6 810 switch (t->state) {
934e9b10 811
801ad6a6 812 case DNS_TRANSACTION_SUCCESS: {
f8e2f4d6 813 /* We found a successfully reply, merge it into the answer */
547973de 814 r = dns_answer_extend(&q->answer, t->answer);
7cc6ed7b
LP		 815 if (r < 0)
816 goto fail;
019036a4 817
ae6a4bbf 818 q->answer_rcode = t->answer_rcode;
7cc6ed7b 819 q->answer_errno = 0;
801ad6a6 820
019036a4 821 if (t->answer_authenticated) {
931851e8 822 has_authenticated = true;
019036a4
LP		 823 dnssec_result_authenticated = t->answer_dnssec_result;
824 } else {
931851e8 825 has_non_authenticated = true;
019036a4
LP		 826 dnssec_result_non_authenticated = t->answer_dnssec_result;
827 }
931851e8 828
801ad6a6
LP		 829 state = DNS_TRANSACTION_SUCCESS;
830 break;
831 }
832
801ad6a6 833 case DNS_TRANSACTION_NULL:
547973de
LP		 834 case DNS_TRANSACTION_PENDING:
835 case DNS_TRANSACTION_VALIDATING:
801ad6a6
LP		 836 case DNS_TRANSACTION_ABORTED:
837 /* Ignore transactions that didn't complete */
838 continue;
839
840 default:
841 /* Any kind of failure? Store the data away,
842 * if there's nothing stored yet. */
934e9b10 843
019036a4
LP		 844 if (state == DNS_TRANSACTION_SUCCESS)
845 continue;
934e9b10 846
d38d5ca6 847 q->answer = dns_answer_unref(q->answer);
019036a4
LP		 848 q->answer_rcode = t->answer_rcode;
849 q->answer_dnssec_result = t->answer_dnssec_result;
7cc6ed7b 850 q->answer_errno = t->answer_errno;
934e9b10 851
019036a4 852 state = t->state;
801ad6a6 853 break;
74b2466e 854 }
801ad6a6 855 }
74b2466e 856
019036a4
LP		 857 if (state == DNS_TRANSACTION_SUCCESS) {
858 q->answer_authenticated = has_authenticated && !has_non_authenticated;
859 q->answer_dnssec_result = q->answer_authenticated ? dnssec_result_authenticated : dnssec_result_non_authenticated;
860 }
861
801ad6a6
LP		 862 q->answer_protocol = c->scope->protocol;
863 q->answer_family = c->scope->family;
934e9b10 864
801ad6a6
LP		 865 dns_search_domain_unref(q->answer_search_domain);
866 q->answer_search_domain = dns_search_domain_ref(c->search_domain);
7e8e0422 867
7cc6ed7b
LP		 868 r = dns_query_synthesize_reply(q, &state);
869 if (r < 0)
870 goto fail;
871
801ad6a6 872 dns_query_complete(q, state);
7cc6ed7b
LP		 873 return;
874
875fail:
876 q->answer_errno = -r;
877 dns_query_complete(q, DNS_TRANSACTION_ERRNO);
801ad6a6 878}
934e9b10 879
801ad6a6 880void dns_query_ready(DnsQuery *q) {
74b2466e 881
801ad6a6
LP		 882 DnsQueryCandidate *bad = NULL, *c;
883 bool pending = false;
74b2466e 884
801ad6a6 885 assert(q);
547973de 886 assert(DNS_TRANSACTION_IS_LIVE(q->state));
e4501ed4 887
801ad6a6
LP		 888 /* Note that this call might invalidate the query. Callers
889 * should hence not attempt to access the query or transaction
890 * after calling this function, unless the block_ready
891 * counter was explicitly bumped before doing so. */
892
893 if (q->block_ready > 0)
894 return;
895
896 LIST_FOREACH(candidates_by_query, c, q->candidates) {
897 DnsTransactionState state;
898
899 state = dns_query_candidate_state(c);
900 switch (state) {
901
902 case DNS_TRANSACTION_SUCCESS:
547973de 903 /* One of the candidates is successful,
801ad6a6
LP		 904 * let's use it, and copy its data out */
905 dns_query_accept(q, c);
e4501ed4
LP		 906 return;
907
801ad6a6 908 case DNS_TRANSACTION_NULL:
547973de
LP		 909 case DNS_TRANSACTION_PENDING:
910 case DNS_TRANSACTION_VALIDATING:
911 /* One of the candidates is still going on,
912 * let's maybe wait for it */
801ad6a6
LP		 913 pending = true;
914 break;
e4501ed4 915
801ad6a6
LP		 916 default:
917 /* Any kind of failure */
918 bad = c;
919 break;
920 }
faa133f3 921 }
74b2466e 922
801ad6a6
LP		 923 if (pending)
924 return;
2a1037af 925
801ad6a6 926 dns_query_accept(q, bad);
74b2466e 927}
8ba9fd9c 928
45ec7efb 929static int dns_query_cname_redirect(DnsQuery *q, const DnsResourceRecord *cname) {
23b298bc
LP		 930 _cleanup_(dns_question_unrefp) DnsQuestion *nq_idna = NULL, *nq_utf8 = NULL;
931 int r, k;
8ba9fd9c
LP		 932
933 assert(q);
934
313cefa1 935 q->n_cname_redirects++;
faa133f3 936 if (q->n_cname_redirects > CNAME_MAX)
8ba9fd9c
LP		 937 return -ELOOP;
938
23b298bc 939 r = dns_question_cname_redirect(q->question_idna, cname, &nq_idna);
faa133f3
LP		 940 if (r < 0)
941 return r;
23b298bc 942 else if (r > 0)
8ec76e6a 943 log_debug("Following CNAME/DNAME %s → %s.", dns_question_first_name(q->question_idna), dns_question_first_name(nq_idna));
23b298bc
LP		 944
945 k = dns_question_is_equal(q->question_idna, q->question_utf8);
946 if (k < 0)
947 return r;
948 if (k > 0) {
949 /* Same question? Shortcut new question generation */
950 nq_utf8 = dns_question_ref(nq_idna);
951 k = r;
952 } else {
953 k = dns_question_cname_redirect(q->question_utf8, cname, &nq_utf8);
954 if (k < 0)
955 return k;
956 else if (k > 0)
8ec76e6a 957 log_debug("Following UTF8 CNAME/DNAME %s → %s.", dns_question_first_name(q->question_utf8), dns_question_first_name(nq_utf8));
23b298bc 958 }
8ba9fd9c 959
23b298bc
LP		 960 if (r == 0 && k == 0) /* No actual cname happened? */
961 return -ELOOP;
962
8e5de09f
LP		 963 if (q->answer_protocol == DNS_PROTOCOL_DNS) {
964 /* Don't permit CNAME redirects from unicast DNS to LLMNR or MulticastDNS, so that global resources
965 * cannot invade the local namespace. The opposite way we permit: local names may redirect to global
966 * ones. */
967
968 q->flags &= ~(SD_RESOLVED_LLMNR|SD_RESOLVED_MDNS); /* mask away the local protocols */
969 }
970
971 /* Turn off searching for the new name */
972 q->flags |= SD_RESOLVED_NO_SEARCH;
973
23b298bc
LP		 974 dns_question_unref(q->question_idna);
975 q->question_idna = nq_idna;
976 nq_idna = NULL;
bc7669cf 977
23b298bc
LP		 978 dns_question_unref(q->question_utf8);
979 q->question_utf8 = nq_utf8;
980 nq_utf8 = NULL;
8ba9fd9c 981
7820b320
LP		 982 dns_query_free_candidates(q);
983 dns_query_reset_answer(q);
322345fd 984
8e5de09f 985 q->state = DNS_TRANSACTION_NULL;
59a89990 986
8ba9fd9c
LP		 987 return 0;
988}
82bd6ddd 989
45ec7efb
LP		 990int dns_query_process_cname(DnsQuery *q) {
991 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *cname = NULL;
23b298bc 992 DnsQuestion *question;
45ec7efb
LP		 993 DnsResourceRecord *rr;
994 int r;
995
996 assert(q);
997
7588460a
TG		 998 if (!IN_SET(q->state, DNS_TRANSACTION_SUCCESS, DNS_TRANSACTION_NULL))
999 return DNS_QUERY_NOMATCH;
45ec7efb 1000
23b298bc 1001 question = dns_query_question_for_protocol(q, q->answer_protocol);
45ec7efb 1002
23b298bc
LP		 1003 DNS_ANSWER_FOREACH(rr, q->answer) {
1004 r = dns_question_matches_rr(question, rr, DNS_SEARCH_DOMAIN_NAME(q->answer_search_domain));
45ec7efb
LP		 1005 if (r < 0)
1006 return r;
1007 if (r > 0)
7588460a 1008 return DNS_QUERY_MATCH; /* The answer matches directly, no need to follow cnames */
45ec7efb 1009
542e0c84 1010 r = dns_question_matches_cname_or_dname(question, rr, DNS_SEARCH_DOMAIN_NAME(q->answer_search_domain));
45ec7efb
LP		 1011 if (r < 0)
1012 return r;
1013 if (r > 0 && !cname)
1014 cname = dns_resource_record_ref(rr);
1015 }
1016
1017 if (!cname)
7588460a 1018 return DNS_QUERY_NOMATCH; /* No match and no cname to follow */
45ec7efb
LP		 1019
1020 if (q->flags & SD_RESOLVED_NO_CNAME)
1021 return -ELOOP;
1022
1023 /* OK, let's actually follow the CNAME */
1024 r = dns_query_cname_redirect(q, cname);
1025 if (r < 0)
1026 return r;
1027
1028 /* Let's see if the answer can already answer the new
1029 * redirected question */
7588460a
TG		 1030 r = dns_query_process_cname(q);
1031 if (r != DNS_QUERY_NOMATCH)
1032 return r;
45ec7efb
LP		 1033
1034 /* OK, it cannot, let's begin with the new query */
1035 r = dns_query_go(q);
1036 if (r < 0)
1037 return r;
1038
7588460a 1039 return DNS_QUERY_RESTARTED; /* We restarted the query for a new cname */
45ec7efb
LP		 1040}
1041
82bd6ddd
LP		 1042static int on_bus_track(sd_bus_track *t, void *userdata) {
1043 DnsQuery *q = userdata;
1044
1045 assert(t);
1046 assert(q);
1047
1048 log_debug("Client of active query vanished, aborting query.");
1049 dns_query_complete(q, DNS_TRANSACTION_ABORTED);
1050 return 0;
1051}
1052
966c66e3 1053int dns_query_bus_track(DnsQuery *q, sd_bus_message *m) {
82bd6ddd
LP		 1054 int r;
1055
1056 assert(q);
1057 assert(m);
1058
1059 if (!q->bus_track) {
966c66e3 1060 r = sd_bus_track_new(sd_bus_message_get_bus(m), &q->bus_track, on_bus_track, q);
82bd6ddd
LP		 1061 if (r < 0)
1062 return r;
1063 }
1064
1065 r = sd_bus_track_add_sender(q->bus_track, m);
1066 if (r < 0)
1067 return r;
1068
1069 return 0;
1070}
23b298bc
LP		 1071
1072DnsQuestion* dns_query_question_for_protocol(DnsQuery *q, DnsProtocol protocol) {
1073 assert(q);
1074
1075 switch (protocol) {
1076
1077 case DNS_PROTOCOL_DNS:
1078 return q->question_idna;
1079
1080 case DNS_PROTOCOL_MDNS:
1081 case DNS_PROTOCOL_LLMNR:
1082 return q->question_utf8;
1083
1084 default:
1085 return NULL;
1086 }
1087}
1088
1089const char *dns_query_string(DnsQuery *q) {
1090 const char *name;
1091 int r;
1092
1093 /* Returns a somewhat useful human-readable lookup key string for this query */
1094
1095 if (q->request_address_string)
1096 return q->request_address_string;
1097
1098 if (q->request_address_valid) {
1099 r = in_addr_to_string(q->request_family, &q->request_address, &q->request_address_string);
1100 if (r >= 0)
1101 return q->request_address_string;
1102 }
1103
1104 name = dns_question_first_name(q->question_utf8);
1105 if (name)
1106 return name;
1107
1108 return dns_question_first_name(q->question_idna);
1109}
Unnamed repository; edit this file 'description' to name the repository.