]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/resolve/resolved-dns-query.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
resolved: use DNS_{QUESTION|ANSWER}_FOREACH macros at two more places
[thirdparty/systemd.git] / src / resolve / resolved-dns-query.c
CommitLineData
74b2466e
LP		 1/***
2 This file is part of systemd.
3
4 Copyright 2014 Lennart Poettering
5
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
10
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
15
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
18***/
19
b5efdb8a 20#include "alloc-util.h"
2a1037af 21#include "dns-domain.h"
011696f7 22#include "dns-type.h"
b5efdb8a 23#include "hostname-util.h"
78c6a153 24#include "local-addresses.h"
74b2466e 25#include "resolved-dns-query.h"
839a4a20 26#include "resolved-dns-synthesize.h"
dd0bc0f1 27#include "resolved-etc-hosts.h"
23b298bc 28#include "string-util.h"
74b2466e 29
0c903ae7 30/* How long to wait for the query in total */
74b2466e 31#define QUERY_TIMEOUT_USEC (30 * USEC_PER_SEC)
0c903ae7 32
8ba9fd9c 33#define CNAME_MAX 8
39762fdf 34#define QUERIES_MAX 2048
45ec7efb 35#define AUXILIARY_QUERIES_MAX 64
8ba9fd9c 36
801ad6a6
LP		 37static int dns_query_candidate_new(DnsQueryCandidate **ret, DnsQuery *q, DnsScope *s) {
38 DnsQueryCandidate *c;
74b2466e 39
801ad6a6 40 assert(ret);
faa133f3 41 assert(q);
801ad6a6 42 assert(s);
74b2466e 43
801ad6a6
LP		 44 c = new0(DnsQueryCandidate, 1);
45 if (!c)
46 return -ENOMEM;
47
48 c->query = q;
49 c->scope = s;
50
51 LIST_PREPEND(candidates_by_query, q->candidates, c);
52 LIST_PREPEND(candidates_by_scope, s->query_candidates, c);
53
54 *ret = c;
55 return 0;
56}
57
58static void dns_query_candidate_stop(DnsQueryCandidate *c) {
59 DnsTransaction *t;
74b2466e 60
801ad6a6
LP		 61 assert(c);
62
63 while ((t = set_steal_first(c->transactions))) {
547973de 64 set_remove(t->notify_query_candidates, c);
35aa04e9 65 set_remove(t->notify_query_candidates_done, c);
ec2c5e43 66 dns_transaction_gc(t);
74b2466e 67 }
74b2466e
LP		 68}
69
801ad6a6
LP		 70DnsQueryCandidate* dns_query_candidate_free(DnsQueryCandidate *c) {
71
72 if (!c)
73 return NULL;
74
75 dns_query_candidate_stop(c);
76
77 set_free(c->transactions);
78 dns_search_domain_unref(c->search_domain);
79
80 if (c->query)
81 LIST_REMOVE(candidates_by_query, c->query->candidates, c);
82
83 if (c->scope)
84 LIST_REMOVE(candidates_by_scope, c->scope->query_candidates, c);
85
86 free(c);
87
88 return NULL;
89}
90
91static int dns_query_candidate_next_search_domain(DnsQueryCandidate *c) {
801ad6a6
LP		 92 DnsSearchDomain *next = NULL;
93
94 assert(c);
95
ad44b56b 96 if (c->search_domain && c->search_domain->linked)
801ad6a6 97 next = c->search_domain->domains_next;
ad44b56b
LP		 98 else
99 next = dns_scope_get_search_domains(c->scope);
801ad6a6 100
ad44b56b 101 for (;;) {
6627b7e2
LP		 102 if (!next) /* We hit the end of the list */
103 return 0;
801ad6a6 104
ad44b56b
LP		 105 if (!next->route_only)
106 break;
801ad6a6 107
ad44b56b
LP		 108 /* Skip over route-only domains */
109 next = next->domains_next;
801ad6a6
LP		 110 }
111
112 dns_search_domain_unref(c->search_domain);
113 c->search_domain = dns_search_domain_ref(next);
6627b7e2 114
801ad6a6
LP		 115 return 1;
116}
117
118static int dns_query_candidate_add_transaction(DnsQueryCandidate *c, DnsResourceKey *key) {
119 DnsTransaction *t;
120 int r;
121
122 assert(c);
123 assert(key);
124
801ad6a6
LP		 125 t = dns_scope_find_transaction(c->scope, key, true);
126 if (!t) {
127 r = dns_transaction_new(&t, c->scope, key);
128 if (r < 0)
129 return r;
547973de
LP		 130 } else {
131 if (set_contains(c->transactions, t))
132 return 0;
801ad6a6
LP		 133 }
134
547973de
LP		 135 r = set_ensure_allocated(&c->transactions, NULL);
136 if (r < 0)
137 goto gc;
138
139 r = set_ensure_allocated(&t->notify_query_candidates, NULL);
801ad6a6
LP		 140 if (r < 0)
141 goto gc;
142
35aa04e9
LP		 143 r = set_ensure_allocated(&t->notify_query_candidates_done, NULL);
144 if (r < 0)
145 goto gc;
146
547973de 147 r = set_put(t->notify_query_candidates, c);
801ad6a6
LP		 148 if (r < 0)
149 goto gc;
150
151 r = set_put(c->transactions, t);
152 if (r < 0) {
547973de 153 (void) set_remove(t->notify_query_candidates, c);
801ad6a6
LP		 154 goto gc;
155 }
156
17c8de63 157 t->clamp_ttl = c->query->clamp_ttl;
547973de 158 return 1;
801ad6a6
LP		 159
160gc:
161 dns_transaction_gc(t);
162 return r;
163}
164
165static int dns_query_candidate_go(DnsQueryCandidate *c) {
166 DnsTransaction *t;
167 Iterator i;
168 int r;
011696f7 169 unsigned n = 0;
801ad6a6
LP		 170
171 assert(c);
172
173 /* Start the transactions that are not started yet */
174 SET_FOREACH(t, c->transactions, i) {
175 if (t->state != DNS_TRANSACTION_NULL)
176 continue;
177
178 r = dns_transaction_go(t);
179 if (r < 0)
180 return r;
011696f7
LP		 181
182 n++;
801ad6a6
LP		 183 }
184
011696f7
LP		 185 /* If there was nothing to start, then let's proceed immediately */
186 if (n == 0)
187 dns_query_candidate_notify(c);
188
801ad6a6
LP		 189 return 0;
190}
191
192static DnsTransactionState dns_query_candidate_state(DnsQueryCandidate *c) {
193 DnsTransactionState state = DNS_TRANSACTION_NO_SERVERS;
194 DnsTransaction *t;
195 Iterator i;
196
197 assert(c);
198
199 if (c->error_code != 0)
7cc6ed7b 200 return DNS_TRANSACTION_ERRNO;
801ad6a6
LP		 201
202 SET_FOREACH(t, c->transactions, i) {
203
204 switch (t->state) {
205
5264131a
LP		 206 case DNS_TRANSACTION_NULL:
207 /* If there's a NULL transaction pending, then
208 * this means not all transactions where
209 * started yet, and we were called from within
210 * the stackframe that is supposed to start
211 * remaining transactions. In this case,
212 * simply claim the candidate is pending. */
213
801ad6a6 214 case DNS_TRANSACTION_PENDING:
547973de
LP		 215 case DNS_TRANSACTION_VALIDATING:
216 /* If there's one transaction currently in
217 * VALIDATING state, then this means there's
218 * also one in PENDING state, hence we can
219 * return PENDING immediately. */
220 return DNS_TRANSACTION_PENDING;
801ad6a6
LP		 221
222 case DNS_TRANSACTION_SUCCESS:
223 state = t->state;
224 break;
225
226 default:
227 if (state != DNS_TRANSACTION_SUCCESS)
228 state = t->state;
229
230 break;
231 }
232 }
233
234 return state;
235}
236
011696f7
LP		 237static bool dns_query_candidate_is_routable(DnsQueryCandidate *c, uint16_t type) {
238 int family;
239
240 assert(c);
241
242 /* Checks whether the specified RR type matches an address family that is routable on the link(s) the scope of
243 * this candidate belongs to. Specifically, whether there's a routable IPv4 address on it if we query an A RR,
244 * or a routable IPv6 address if we query an AAAA RR. */
245
246 if (!c->query->suppress_unroutable_family)
247 return true;
248
249 if (c->scope->protocol != DNS_PROTOCOL_DNS)
250 return true;
251
252 family = dns_type_to_af(type);
253 if (family < 0)
254 return true;
255
256 if (c->scope->link)
257 return link_relevant(c->scope->link, family, false);
258 else
259 return manager_routable(c->scope->manager, family);
260}
261
801ad6a6 262static int dns_query_candidate_setup_transactions(DnsQueryCandidate *c) {
23b298bc 263 DnsQuestion *question;
801ad6a6
LP		 264 DnsResourceKey *key;
265 int n = 0, r;
266
267 assert(c);
268
269 dns_query_candidate_stop(c);
270
23b298bc
LP		 271 question = dns_query_question_for_protocol(c->query, c->scope->protocol);
272
801ad6a6 273 /* Create one transaction per question key */
23b298bc 274 DNS_QUESTION_FOREACH(key, question) {
801ad6a6 275 _cleanup_(dns_resource_key_unrefp) DnsResourceKey *new_key = NULL;
011696f7
LP		 276 DnsResourceKey *qkey;
277
278 if (!dns_query_candidate_is_routable(c, key->type))
279 continue;
801ad6a6
LP		 280
281 if (c->search_domain) {
282 r = dns_resource_key_new_append_suffix(&new_key, key, c->search_domain->name);
283 if (r < 0)
284 goto fail;
801ad6a6 285
011696f7
LP		 286 qkey = new_key;
287 } else
288 qkey = key;
289
290 if (!dns_scope_good_key(c->scope, qkey))
291 continue;
292
293 r = dns_query_candidate_add_transaction(c, qkey);
801ad6a6
LP		 294 if (r < 0)
295 goto fail;
296
297 n++;
298 }
299
300 return n;
301
302fail:
303 dns_query_candidate_stop(c);
304 return r;
305}
306
547973de 307void dns_query_candidate_notify(DnsQueryCandidate *c) {
801ad6a6
LP		 308 DnsTransactionState state;
309 int r;
310
311 assert(c);
312
313 state = dns_query_candidate_state(c);
314
547973de 315 if (DNS_TRANSACTION_IS_LIVE(state))
801ad6a6
LP		 316 return;
317
318 if (state != DNS_TRANSACTION_SUCCESS && c->search_domain) {
319
320 r = dns_query_candidate_next_search_domain(c);
321 if (r < 0)
322 goto fail;
323
324 if (r > 0) {
325 /* OK, there's another search domain to try, let's do so. */
326
327 r = dns_query_candidate_setup_transactions(c);
328 if (r < 0)
329 goto fail;
330
331 if (r > 0) {
332 /* New transactions where queued. Start them and wait */
333
334 r = dns_query_candidate_go(c);
335 if (r < 0)
336 goto fail;
337
338 return;
339 }
340 }
341
342 }
343
344 dns_query_ready(c->query);
345 return;
346
347fail:
348 log_warning_errno(r, "Failed to follow search domains: %m");
349 c->error_code = r;
350 dns_query_ready(c->query);
351}
352
353static void dns_query_stop(DnsQuery *q) {
354 DnsQueryCandidate *c;
355
356 assert(q);
357
358 q->timeout_event_source = sd_event_source_unref(q->timeout_event_source);
359
360 LIST_FOREACH(candidates_by_query, c, q->candidates)
361 dns_query_candidate_stop(c);
362}
363
7820b320
LP		 364static void dns_query_free_candidates(DnsQuery *q) {
365 assert(q);
366
367 while (q->candidates)
368 dns_query_candidate_free(q->candidates);
369}
370
371static void dns_query_reset_answer(DnsQuery *q) {
372 assert(q);
373
374 q->answer = dns_answer_unref(q->answer);
375 q->answer_rcode = 0;
376 q->answer_dnssec_result = _DNSSEC_RESULT_INVALID;
7cc6ed7b 377 q->answer_errno = 0;
7820b320
LP		 378 q->answer_authenticated = false;
379 q->answer_protocol = _DNS_PROTOCOL_INVALID;
380 q->answer_family = AF_UNSPEC;
381 q->answer_search_domain = dns_search_domain_unref(q->answer_search_domain);
382}
383
74b2466e 384DnsQuery *dns_query_free(DnsQuery *q) {
74b2466e
LP		 385 if (!q)
386 return NULL;
387
45ec7efb
LP		 388 while (q->auxiliary_queries)
389 dns_query_free(q->auxiliary_queries);
390
391 if (q->auxiliary_for) {
392 assert(q->auxiliary_for->n_auxiliary_queries > 0);
393 q->auxiliary_for->n_auxiliary_queries--;
394 LIST_REMOVE(auxiliary_queries, q->auxiliary_for->auxiliary_queries, q);
395 }
396
7820b320 397 dns_query_free_candidates(q);
322345fd 398
23b298bc
LP		 399 dns_question_unref(q->question_idna);
400 dns_question_unref(q->question_utf8);
7820b320
LP		 401
402 dns_query_reset_answer(q);
322345fd 403
ec2c5e43 404 sd_bus_message_unref(q->request);
82bd6ddd 405 sd_bus_track_unref(q->bus_track);
74b2466e 406
23b298bc
LP		 407 free(q->request_address_string);
408
39762fdf 409 if (q->manager) {
74b2466e 410 LIST_REMOVE(queries, q->manager->dns_queries, q);
39762fdf
LP		 411 q->manager->n_dns_queries--;
412 }
74b2466e 413
74b2466e
LP		 414 free(q);
415
416 return NULL;
417}
418
23b298bc
LP		 419int dns_query_new(
420 Manager *m,
421 DnsQuery **ret,
422 DnsQuestion *question_utf8,
423 DnsQuestion *question_idna,
17c8de63
LP		 424 int ifindex,
425 uint64_t flags) {
23b298bc 426
74b2466e 427 _cleanup_(dns_query_freep) DnsQuery *q = NULL;
23b298bc
LP		 428 DnsResourceKey *key;
429 bool good = false;
faa133f3 430 int r;
202b76ae 431 char key_str[DNS_RESOURCE_KEY_STRING_MAX];
74b2466e
LP		 432
433 assert(m);
434
23b298bc
LP		 435 if (dns_question_size(question_utf8) > 0) {
436 r = dns_question_is_valid_for_query(question_utf8);
437 if (r < 0)
438 return r;
439 if (r == 0)
440 return -EINVAL;
441
442 good = true;
443 }
444
445 /* If the IDNA and UTF8 questions are the same, merge their references */
446 r = dns_question_is_equal(question_idna, question_utf8);
faa133f3
LP		 447 if (r < 0)
448 return r;
23b298bc
LP		 449 if (r > 0)
450 question_idna = question_utf8;
451 else {
452 if (dns_question_size(question_idna) > 0) {
453 r = dns_question_is_valid_for_query(question_idna);
454 if (r < 0)
455 return r;
456 if (r == 0)
457 return -EINVAL;
458
459 good = true;
460 }
461 }
462
463 if (!good) /* don't allow empty queries */
464 return -EINVAL;
74b2466e 465
39762fdf
LP		 466 if (m->n_dns_queries >= QUERIES_MAX)
467 return -EBUSY;
468
74b2466e
LP		 469 q = new0(DnsQuery, 1);
470 if (!q)
471 return -ENOMEM;
472
23b298bc
LP		 473 q->question_utf8 = dns_question_ref(question_utf8);
474 q->question_idna = dns_question_ref(question_idna);
51323288
LP		 475 q->ifindex = ifindex;
476 q->flags = flags;
7820b320 477 q->answer_dnssec_result = _DNSSEC_RESULT_INVALID;
801ad6a6 478 q->answer_protocol = _DNS_PROTOCOL_INVALID;
7820b320 479 q->answer_family = AF_UNSPEC;
322345fd 480
23b298bc 481 /* First dump UTF8 question */
202b76ae
ZJS		 482 DNS_QUESTION_FOREACH(key, question_utf8)
483 log_debug("Looking up RR for %s.",
484 dns_resource_key_to_string(key, key_str, sizeof key_str));
23b298bc
LP		 485
486 /* And then dump the IDNA question, but only what hasn't been dumped already through the UTF8 question. */
487 DNS_QUESTION_FOREACH(key, question_idna) {
23b298bc
LP		 488 r = dns_question_contains(question_utf8, key);
489 if (r < 0)
490 return r;
491 if (r > 0)
492 continue;
493
202b76ae
ZJS		 494 log_debug("Looking up IDNA RR for %s.",
495 dns_resource_key_to_string(key, key_str, sizeof key_str));
74b2466e
LP		 496 }
497
498 LIST_PREPEND(queries, m->dns_queries, q);
39762fdf 499 m->n_dns_queries++;
74b2466e
LP		 500 q->manager = m;
501
8ba9fd9c
LP		 502 if (ret)
503 *ret = q;
504 q = NULL;
505
506 return 0;
507}
508
45ec7efb
LP		 509int dns_query_make_auxiliary(DnsQuery *q, DnsQuery *auxiliary_for) {
510 assert(q);
511 assert(auxiliary_for);
512
513 /* Ensure that that the query is not auxiliary yet, and
514 * nothing else is auxiliary to it either */
515 assert(!q->auxiliary_for);
516 assert(!q->auxiliary_queries);
517
518 /* Ensure that the unit we shall be made auxiliary for isn't
519 * auxiliary itself */
520 assert(!auxiliary_for->auxiliary_for);
521
522 if (auxiliary_for->n_auxiliary_queries >= AUXILIARY_QUERIES_MAX)
523 return -EAGAIN;
524
525 LIST_PREPEND(auxiliary_queries, auxiliary_for->auxiliary_queries, q);
526 q->auxiliary_for = auxiliary_for;
527
528 auxiliary_for->n_auxiliary_queries++;
529 return 0;
530}
531
ec2c5e43 532static void dns_query_complete(DnsQuery *q, DnsTransactionState state) {
8ba9fd9c 533 assert(q);
547973de
LP		 534 assert(!DNS_TRANSACTION_IS_LIVE(state));
535 assert(DNS_TRANSACTION_IS_LIVE(q->state));
8ba9fd9c 536
322345fd
LP		 537 /* Note that this call might invalidate the query. Callers
538 * should hence not attempt to access the query or transaction
539 * after calling this function. */
8ba9fd9c 540
8ba9fd9c
LP		 541 q->state = state;
542
322345fd
LP		 543 dns_query_stop(q);
544 if (q->complete)
545 q->complete(q);
8ba9fd9c
LP		 546}
547
548static int on_query_timeout(sd_event_source *s, usec_t usec, void *userdata) {
549 DnsQuery *q = userdata;
550
551 assert(s);
552 assert(q);
553
ec2c5e43 554 dns_query_complete(q, DNS_TRANSACTION_TIMEOUT);
8ba9fd9c
LP		 555 return 0;
556}
557
801ad6a6
LP		 558static int dns_query_add_candidate(DnsQuery *q, DnsScope *s) {
559 DnsQueryCandidate *c;
faa133f3
LP		 560 int r;
561
562 assert(q);
ec2c5e43 563 assert(s);
faa133f3 564
801ad6a6 565 r = dns_query_candidate_new(&c, q, s);
faa133f3
LP		 566 if (r < 0)
567 return r;
568
801ad6a6 569 /* If this a single-label domain on DNS, we might append a suitable search domain first. */
22f711bb 570 if ((q->flags & SD_RESOLVED_NO_SEARCH) == 0) {
23b298bc 571 r = dns_scope_name_needs_search_domain(s, dns_question_first_name(q->question_idna));
22f711bb 572 if (r < 0)
801ad6a6 573 goto fail;
22f711bb
LP		 574 if (r > 0) {
575 /* OK, we need a search domain now. Let's find one for this scope */
576
577 r = dns_query_candidate_next_search_domain(c);
578 if (r <= 0) /* if there's no search domain, then we won't add any transaction. */
579 goto fail;
580 }
faa133f3
LP		 581 }
582
801ad6a6
LP		 583 r = dns_query_candidate_setup_transactions(c);
584 if (r < 0)
585 goto fail;
586
faa133f3
LP		 587 return 0;
588
801ad6a6
LP		 589fail:
590 dns_query_candidate_free(c);
faa133f3
LP		 591 return r;
592}
593
78c6a153 594static int dns_query_synthesize_reply(DnsQuery *q, DnsTransactionState *state) {
2a1037af 595 _cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL;
dd0bc0f1 596 int r;
2a1037af
LP		 597
598 assert(q);
599 assert(state);
600
dd0bc0f1
LP		 601 /* Tries to synthesize localhost RR replies (and others) where appropriate. Note that this is done *after* the
602 * the normal lookup finished. The data from the network hence takes precedence over the data we
603 * synthesize. (But note that many scopes refuse to resolve certain domain names) */
2a1037af
LP		 604
605 if (!IN_SET(*state,
3bbdc31d 606 DNS_TRANSACTION_RCODE_FAILURE,
2a1037af
LP		 607 DNS_TRANSACTION_NO_SERVERS,
608 DNS_TRANSACTION_TIMEOUT,
edbcc1fd 609 DNS_TRANSACTION_ATTEMPTS_MAX_REACHED,
0791110f
LP		 610 DNS_TRANSACTION_NETWORK_DOWN,
611 DNS_TRANSACTION_NOT_FOUND))
78c6a153 612 return 0;
2a1037af 613
839a4a20
LP		 614 r = dns_synthesize_answer(
615 q->manager,
616 q->question_utf8,
617 q->ifindex,
dd0bc0f1 618 &answer);
2a1037af 619
839a4a20
LP		 620 if (r <= 0)
621 return r;
2a1037af 622
839a4a20 623 dns_query_reset_answer(q);
2a1037af 624
2a1037af
LP		 625 q->answer = answer;
626 answer = NULL;
2a1037af 627 q->answer_rcode = DNS_RCODE_SUCCESS;
dd0bc0f1
LP		 628 q->answer_protocol = dns_synthesize_protocol(q->flags);
629 q->answer_family = dns_synthesize_family(q->flags);
839a4a20 630 q->answer_authenticated = true;
2a1037af
LP		 631
632 *state = DNS_TRANSACTION_SUCCESS;
78c6a153
LP		 633
634 return 1;
2a1037af
LP		 635}
636
dd0bc0f1
LP		 637static int dns_query_try_etc_hosts(DnsQuery *q) {
638 _cleanup_(dns_answer_unrefp) DnsAnswer *answer = NULL;
639 int r;
640
641 assert(q);
642
643 /* Looks in /etc/hosts for matching entries. Note that this is done *before* the normal lookup is done. The
644 * data from /etc/hosts hence takes precedence over the network. */
645
646 r = manager_etc_hosts_lookup(
647 q->manager,
648 q->question_utf8,
649 &answer);
650 if (r <= 0)
651 return r;
652
653 dns_query_reset_answer(q);
654
655 q->answer = answer;
656 answer = NULL;
657 q->answer_rcode = DNS_RCODE_SUCCESS;
658 q->answer_protocol = dns_synthesize_protocol(q->flags);
659 q->answer_family = dns_synthesize_family(q->flags);
660 q->answer_authenticated = true;
661
662 return 1;
663}
664
322345fd 665int dns_query_go(DnsQuery *q) {
8ba9fd9c
LP		 666 DnsScopeMatch found = DNS_SCOPE_NO;
667 DnsScope *s, *first = NULL;
801ad6a6 668 DnsQueryCandidate *c;
8ba9fd9c
LP		 669 int r;
670
671 assert(q);
672
ec2c5e43 673 if (q->state != DNS_TRANSACTION_NULL)
8ba9fd9c
LP		 674 return 0;
675
dd0bc0f1
LP		 676 r = dns_query_try_etc_hosts(q);
677 if (r < 0)
678 return r;
679 if (r > 0) {
680 dns_query_complete(q, DNS_TRANSACTION_SUCCESS);
681 return 1;
682 }
683
8ba9fd9c 684 LIST_FOREACH(scopes, s, q->manager->dns_scopes) {
74b2466e 685 DnsScopeMatch match;
23b298bc
LP		 686 const char *name;
687
688 name = dns_question_first_name(dns_query_question_for_protocol(q, s->protocol));
689 if (!name)
690 continue;
74b2466e 691
51323288 692 match = dns_scope_good_domain(s, q->ifindex, q->flags, name);
74b2466e
LP		 693 if (match < 0)
694 return match;
695
696 if (match == DNS_SCOPE_NO)
697 continue;
698
699 found = match;
700
701 if (match == DNS_SCOPE_YES) {
702 first = s;
703 break;
704 } else {
705 assert(match == DNS_SCOPE_MAYBE);
706
707 if (!first)
708 first = s;
709 }
710 }
711
2a1037af
LP		 712 if (found == DNS_SCOPE_NO) {
713 DnsTransactionState state = DNS_TRANSACTION_NO_SERVERS;
714
7cc6ed7b
LP		 715 r = dns_query_synthesize_reply(q, &state);
716 if (r < 0)
717 return r;
718
d634711b
LP		 719 dns_query_complete(q, state);
720 return 1;
2a1037af 721 }
74b2466e 722
801ad6a6 723 r = dns_query_add_candidate(q, first);
74b2466e 724 if (r < 0)
ec2c5e43 725 goto fail;
74b2466e 726
74b2466e
LP		 727 LIST_FOREACH(scopes, s, first->scopes_next) {
728 DnsScopeMatch match;
23b298bc
LP		 729 const char *name;
730
731 name = dns_question_first_name(dns_query_question_for_protocol(q, s->protocol));
732 if (!name)
733 continue;
74b2466e 734
51323288 735 match = dns_scope_good_domain(s, q->ifindex, q->flags, name);
74b2466e 736 if (match < 0)
ec2c5e43 737 goto fail;
74b2466e
LP		 738
739 if (match != found)
740 continue;
741
801ad6a6 742 r = dns_query_add_candidate(q, s);
74b2466e 743 if (r < 0)
ec2c5e43 744 goto fail;
74b2466e
LP		 745 }
746
ab88b6d0 747 dns_query_reset_answer(q);
74b2466e 748
9a015429
LP		 749 r = sd_event_add_time(
750 q->manager->event,
751 &q->timeout_event_source,
752 clock_boottime_or_monotonic(),
753 now(clock_boottime_or_monotonic()) + QUERY_TIMEOUT_USEC, 0,
754 on_query_timeout, q);
74b2466e
LP		 755 if (r < 0)
756 goto fail;
757
aa4a9deb
LP		 758 (void) sd_event_source_set_description(q->timeout_event_source, "query-timeout");
759
ec2c5e43 760 q->state = DNS_TRANSACTION_PENDING;
faa133f3 761 q->block_ready++;
74b2466e 762
801ad6a6
LP		 763 /* Start the transactions */
764 LIST_FOREACH(candidates_by_query, c, q->candidates) {
765 r = dns_query_candidate_go(c);
766 if (r < 0) {
767 q->block_ready--;
ec2c5e43 768 goto fail;
801ad6a6 769 }
74b2466e
LP		 770 }
771
faa133f3
LP		 772 q->block_ready--;
773 dns_query_ready(q);
322345fd 774
8ba9fd9c 775 return 1;
74b2466e
LP		 776
777fail:
8ba9fd9c 778 dns_query_stop(q);
74b2466e
LP		 779 return r;
780}
781
801ad6a6 782static void dns_query_accept(DnsQuery *q, DnsQueryCandidate *c) {
ec2c5e43 783 DnsTransactionState state = DNS_TRANSACTION_NO_SERVERS;
547973de 784 bool has_authenticated = false, has_non_authenticated = false;
019036a4 785 DnssecResult dnssec_result_authenticated = _DNSSEC_RESULT_INVALID, dnssec_result_non_authenticated = _DNSSEC_RESULT_INVALID;
801ad6a6 786 DnsTransaction *t;
faa133f3 787 Iterator i;
547973de 788 int r;
74b2466e
LP		 789
790 assert(q);
791
801ad6a6 792 if (!c) {
7cc6ed7b
LP		 793 r = dns_query_synthesize_reply(q, &state);
794 if (r < 0)
795 goto fail;
796
801ad6a6 797 dns_query_complete(q, state);
74b2466e 798 return;
801ad6a6 799 }
74b2466e 800
a7bf2ada
LP		 801 if (c->error_code != 0) {
802 /* If the candidate had an error condition of its own, start with that. */
803 state = DNS_TRANSACTION_ERRNO;
804 q->answer = dns_answer_unref(q->answer);
805 q->answer_rcode = 0;
806 q->answer_dnssec_result = _DNSSEC_RESULT_INVALID;
807 q->answer_errno = c->error_code;
808 }
809
801ad6a6 810 SET_FOREACH(t, c->transactions, i) {
74b2466e 811
801ad6a6 812 switch (t->state) {
934e9b10 813
801ad6a6 814 case DNS_TRANSACTION_SUCCESS: {
f8e2f4d6 815 /* We found a successfully reply, merge it into the answer */
547973de 816 r = dns_answer_extend(&q->answer, t->answer);
7cc6ed7b
LP		 817 if (r < 0)
818 goto fail;
019036a4 819
ae6a4bbf 820 q->answer_rcode = t->answer_rcode;
7cc6ed7b 821 q->answer_errno = 0;
801ad6a6 822
019036a4 823 if (t->answer_authenticated) {
931851e8 824 has_authenticated = true;
019036a4
LP		 825 dnssec_result_authenticated = t->answer_dnssec_result;
826 } else {
931851e8 827 has_non_authenticated = true;
019036a4
LP		 828 dnssec_result_non_authenticated = t->answer_dnssec_result;
829 }
931851e8 830
801ad6a6
LP		 831 state = DNS_TRANSACTION_SUCCESS;
832 break;
833 }
834
801ad6a6 835 case DNS_TRANSACTION_NULL:
547973de
LP		 836 case DNS_TRANSACTION_PENDING:
837 case DNS_TRANSACTION_VALIDATING:
801ad6a6
LP		 838 case DNS_TRANSACTION_ABORTED:
839 /* Ignore transactions that didn't complete */
840 continue;
841
842 default:
843 /* Any kind of failure? Store the data away,
844 * if there's nothing stored yet. */
934e9b10 845
019036a4
LP		 846 if (state == DNS_TRANSACTION_SUCCESS)
847 continue;
934e9b10 848
d38d5ca6 849 q->answer = dns_answer_unref(q->answer);
019036a4
LP		 850 q->answer_rcode = t->answer_rcode;
851 q->answer_dnssec_result = t->answer_dnssec_result;
7cc6ed7b 852 q->answer_errno = t->answer_errno;
934e9b10 853
019036a4 854 state = t->state;
801ad6a6 855 break;
74b2466e 856 }
801ad6a6 857 }
74b2466e 858
019036a4
LP		 859 if (state == DNS_TRANSACTION_SUCCESS) {
860 q->answer_authenticated = has_authenticated && !has_non_authenticated;
861 q->answer_dnssec_result = q->answer_authenticated ? dnssec_result_authenticated : dnssec_result_non_authenticated;
862 }
863
801ad6a6
LP		 864 q->answer_protocol = c->scope->protocol;
865 q->answer_family = c->scope->family;
934e9b10 866
801ad6a6
LP		 867 dns_search_domain_unref(q->answer_search_domain);
868 q->answer_search_domain = dns_search_domain_ref(c->search_domain);
7e8e0422 869
7cc6ed7b
LP		 870 r = dns_query_synthesize_reply(q, &state);
871 if (r < 0)
872 goto fail;
873
801ad6a6 874 dns_query_complete(q, state);
7cc6ed7b
LP		 875 return;
876
877fail:
878 q->answer_errno = -r;
879 dns_query_complete(q, DNS_TRANSACTION_ERRNO);
801ad6a6 880}
934e9b10 881
801ad6a6 882void dns_query_ready(DnsQuery *q) {
74b2466e 883
801ad6a6
LP		 884 DnsQueryCandidate *bad = NULL, *c;
885 bool pending = false;
74b2466e 886
801ad6a6 887 assert(q);
547973de 888 assert(DNS_TRANSACTION_IS_LIVE(q->state));
e4501ed4 889
801ad6a6
LP		 890 /* Note that this call might invalidate the query. Callers
891 * should hence not attempt to access the query or transaction
892 * after calling this function, unless the block_ready
893 * counter was explicitly bumped before doing so. */
894
895 if (q->block_ready > 0)
896 return;
897
898 LIST_FOREACH(candidates_by_query, c, q->candidates) {
899 DnsTransactionState state;
900
901 state = dns_query_candidate_state(c);
902 switch (state) {
903
904 case DNS_TRANSACTION_SUCCESS:
547973de 905 /* One of the candidates is successful,
801ad6a6
LP		 906 * let's use it, and copy its data out */
907 dns_query_accept(q, c);
e4501ed4
LP		 908 return;
909
801ad6a6 910 case DNS_TRANSACTION_NULL:
547973de
LP		 911 case DNS_TRANSACTION_PENDING:
912 case DNS_TRANSACTION_VALIDATING:
913 /* One of the candidates is still going on,
914 * let's maybe wait for it */
801ad6a6
LP		 915 pending = true;
916 break;
e4501ed4 917
801ad6a6
LP		 918 default:
919 /* Any kind of failure */
920 bad = c;
921 break;
922 }
faa133f3 923 }
74b2466e 924
801ad6a6
LP		 925 if (pending)
926 return;
2a1037af 927
801ad6a6 928 dns_query_accept(q, bad);
74b2466e 929}
8ba9fd9c 930
45ec7efb 931static int dns_query_cname_redirect(DnsQuery *q, const DnsResourceRecord *cname) {
23b298bc
LP		 932 _cleanup_(dns_question_unrefp) DnsQuestion *nq_idna = NULL, *nq_utf8 = NULL;
933 int r, k;
8ba9fd9c
LP		 934
935 assert(q);
936
313cefa1 937 q->n_cname_redirects++;
faa133f3 938 if (q->n_cname_redirects > CNAME_MAX)
8ba9fd9c
LP		 939 return -ELOOP;
940
23b298bc 941 r = dns_question_cname_redirect(q->question_idna, cname, &nq_idna);
faa133f3
LP		 942 if (r < 0)
943 return r;
23b298bc 944 else if (r > 0)
8ec76e6a 945 log_debug("Following CNAME/DNAME %s → %s.", dns_question_first_name(q->question_idna), dns_question_first_name(nq_idna));
23b298bc
LP		 946
947 k = dns_question_is_equal(q->question_idna, q->question_utf8);
948 if (k < 0)
949 return r;
950 if (k > 0) {
951 /* Same question? Shortcut new question generation */
952 nq_utf8 = dns_question_ref(nq_idna);
953 k = r;
954 } else {
955 k = dns_question_cname_redirect(q->question_utf8, cname, &nq_utf8);
956 if (k < 0)
957 return k;
958 else if (k > 0)
8ec76e6a 959 log_debug("Following UTF8 CNAME/DNAME %s → %s.", dns_question_first_name(q->question_utf8), dns_question_first_name(nq_utf8));
23b298bc 960 }
8ba9fd9c 961
23b298bc
LP		 962 if (r == 0 && k == 0) /* No actual cname happened? */
963 return -ELOOP;
964
8e5de09f
LP		 965 if (q->answer_protocol == DNS_PROTOCOL_DNS) {
966 /* Don't permit CNAME redirects from unicast DNS to LLMNR or MulticastDNS, so that global resources
967 * cannot invade the local namespace. The opposite way we permit: local names may redirect to global
968 * ones. */
969
970 q->flags &= ~(SD_RESOLVED_LLMNR|SD_RESOLVED_MDNS); /* mask away the local protocols */
971 }
972
973 /* Turn off searching for the new name */
974 q->flags |= SD_RESOLVED_NO_SEARCH;
975
23b298bc
LP		 976 dns_question_unref(q->question_idna);
977 q->question_idna = nq_idna;
978 nq_idna = NULL;
bc7669cf 979
23b298bc
LP		 980 dns_question_unref(q->question_utf8);
981 q->question_utf8 = nq_utf8;
982 nq_utf8 = NULL;
8ba9fd9c 983
7820b320
LP		 984 dns_query_free_candidates(q);
985 dns_query_reset_answer(q);
322345fd 986
8e5de09f 987 q->state = DNS_TRANSACTION_NULL;
59a89990 988
8ba9fd9c
LP		 989 return 0;
990}
82bd6ddd 991
45ec7efb
LP		 992int dns_query_process_cname(DnsQuery *q) {
993 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *cname = NULL;
23b298bc 994 DnsQuestion *question;
45ec7efb
LP		 995 DnsResourceRecord *rr;
996 int r;
997
998 assert(q);
999
7588460a
TG		 1000 if (!IN_SET(q->state, DNS_TRANSACTION_SUCCESS, DNS_TRANSACTION_NULL))
1001 return DNS_QUERY_NOMATCH;
45ec7efb 1002
23b298bc 1003 question = dns_query_question_for_protocol(q, q->answer_protocol);
45ec7efb 1004
23b298bc
LP		 1005 DNS_ANSWER_FOREACH(rr, q->answer) {
1006 r = dns_question_matches_rr(question, rr, DNS_SEARCH_DOMAIN_NAME(q->answer_search_domain));
45ec7efb
LP		 1007 if (r < 0)
1008 return r;
1009 if (r > 0)
7588460a 1010 return DNS_QUERY_MATCH; /* The answer matches directly, no need to follow cnames */
45ec7efb 1011
542e0c84 1012 r = dns_question_matches_cname_or_dname(question, rr, DNS_SEARCH_DOMAIN_NAME(q->answer_search_domain));
45ec7efb
LP		 1013 if (r < 0)
1014 return r;
1015 if (r > 0 && !cname)
1016 cname = dns_resource_record_ref(rr);
1017 }
1018
1019 if (!cname)
7588460a 1020 return DNS_QUERY_NOMATCH; /* No match and no cname to follow */
45ec7efb
LP		 1021
1022 if (q->flags & SD_RESOLVED_NO_CNAME)
1023 return -ELOOP;
1024
1025 /* OK, let's actually follow the CNAME */
1026 r = dns_query_cname_redirect(q, cname);
1027 if (r < 0)
1028 return r;
1029
1030 /* Let's see if the answer can already answer the new
1031 * redirected question */
7588460a
TG		 1032 r = dns_query_process_cname(q);
1033 if (r != DNS_QUERY_NOMATCH)
1034 return r;
45ec7efb
LP		 1035
1036 /* OK, it cannot, let's begin with the new query */
1037 r = dns_query_go(q);
1038 if (r < 0)
1039 return r;
1040
7588460a 1041 return DNS_QUERY_RESTARTED; /* We restarted the query for a new cname */
45ec7efb
LP		 1042}
1043
82bd6ddd
LP		 1044static int on_bus_track(sd_bus_track *t, void *userdata) {
1045 DnsQuery *q = userdata;
1046
1047 assert(t);
1048 assert(q);
1049
1050 log_debug("Client of active query vanished, aborting query.");
1051 dns_query_complete(q, DNS_TRANSACTION_ABORTED);
1052 return 0;
1053}
1054
966c66e3 1055int dns_query_bus_track(DnsQuery *q, sd_bus_message *m) {
82bd6ddd
LP		 1056 int r;
1057
1058 assert(q);
1059 assert(m);
1060
1061 if (!q->bus_track) {
966c66e3 1062 r = sd_bus_track_new(sd_bus_message_get_bus(m), &q->bus_track, on_bus_track, q);
82bd6ddd
LP		 1063 if (r < 0)
1064 return r;
1065 }
1066
1067 r = sd_bus_track_add_sender(q->bus_track, m);
1068 if (r < 0)
1069 return r;
1070
1071 return 0;
1072}
23b298bc
LP		 1073
1074DnsQuestion* dns_query_question_for_protocol(DnsQuery *q, DnsProtocol protocol) {
1075 assert(q);
1076
1077 switch (protocol) {
1078
1079 case DNS_PROTOCOL_DNS:
1080 return q->question_idna;
1081
1082 case DNS_PROTOCOL_MDNS:
1083 case DNS_PROTOCOL_LLMNR:
1084 return q->question_utf8;
1085
1086 default:
1087 return NULL;
1088 }
1089}
1090
1091const char *dns_query_string(DnsQuery *q) {
1092 const char *name;
1093 int r;
1094
1095 /* Returns a somewhat useful human-readable lookup key string for this query */
1096
1097 if (q->request_address_string)
1098 return q->request_address_string;
1099
1100 if (q->request_address_valid) {
1101 r = in_addr_to_string(q->request_family, &q->request_address, &q->request_address_string);
1102 if (r >= 0)
1103 return q->request_address_string;
1104 }
1105
1106 name = dns_question_first_name(q->question_utf8);
1107 if (name)
1108 return name;
1109
1110 return dns_question_first_name(q->question_idna);
1111}
Unnamed repository; edit this file 'description' to name the repository.