]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/resolve/resolve-tool.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
resolve: print a noisy warning if we show crypto keys that could not be authenticated
[thirdparty/systemd.git] / src / resolve / resolve-tool.c
1 /***
2 This file is part of systemd.
3
4 Copyright 2014 Zbigniew Jędrzejewski-Szmek
5
6 systemd is free software; you can redistribute it and/or modify it
7 under the terms of the GNU Lesser General Public License as published by
8 the Free Software Foundation; either version 2.1 of the License, or
9 (at your option) any later version.
10
11 systemd is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
15
16 You should have received a copy of the GNU Lesser General Public License
17 along with systemd; If not, see <http://www.gnu.org/licenses/>.
18 ***/
19
20 #include <gcrypt.h>
21 #include <getopt.h>
22 #include <net/if.h>
23
24 #include "sd-bus.h"
25
26 #include "af-list.h"
27 #include "alloc-util.h"
28 #include "bus-error.h"
29 #include "bus-util.h"
30 #include "escape.h"
31 #include "in-addr-util.h"
32 #include "gcrypt-util.h"
33 #include "parse-util.h"
34 #include "resolved-def.h"
35 #include "resolved-dns-packet.h"
36 #include "terminal-util.h"
37
38 #define DNS_CALL_TIMEOUT_USEC (45*USEC_PER_SEC)
39
40 static int arg_family = AF_UNSPEC;
41 static int arg_ifindex = 0;
42 static uint16_t arg_type = 0;
43 static uint16_t arg_class = 0;
44 static bool arg_legend = true;
45 static uint64_t arg_flags = 0;
46
47 static enum {
48 MODE_RESOLVE_HOST,
49 MODE_RESOLVE_RECORD,
50 MODE_RESOLVE_SERVICE,
51 MODE_RESOLVE_OPENPGP,
52 MODE_STATISTICS,
53 MODE_RESET_STATISTICS,
54 } arg_mode = MODE_RESOLVE_HOST;
55
56 static void print_source(uint64_t flags, usec_t rtt) {
57 char rtt_str[FORMAT_TIMESTAMP_MAX];
58
59 if (!arg_legend)
60 return;
61
62 if (flags == 0)
63 return;
64
65 fputs("\n-- Information acquired via", stdout);
66
67 if (flags != 0)
68 printf(" protocol%s%s%s%s%s",
69 flags & SD_RESOLVED_DNS ? " DNS" :"",
70 flags & SD_RESOLVED_LLMNR_IPV4 ? " LLMNR/IPv4" : "",
71 flags & SD_RESOLVED_LLMNR_IPV6 ? " LLMNR/IPv6" : "",
72 flags & SD_RESOLVED_MDNS_IPV4 ? "mDNS/IPv4" : "",
73 flags & SD_RESOLVED_MDNS_IPV6 ? "mDNS/IPv6" : "");
74
75 assert_se(format_timespan(rtt_str, sizeof(rtt_str), rtt, 100));
76
77 printf(" in %s", rtt_str);
78
79 fputc('.', stdout);
80 fputc('\n', stdout);
81
82 printf("-- Data is authenticated: %s\n", yes_no(flags & SD_RESOLVED_AUTHENTICATED));
83 }
84
85 static int resolve_host(sd_bus *bus, const char *name) {
86
87 _cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL;
88 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
89 const char *canonical = NULL;
90 char ifname[IF_NAMESIZE] = "";
91 unsigned c = 0;
92 int r;
93 uint64_t flags;
94 usec_t ts;
95
96 assert(name);
97
98 if (arg_ifindex > 0 && !if_indextoname(arg_ifindex, ifname))
99 return log_error_errno(errno, "Failed to resolve interface name for index %i: %m", arg_ifindex);
100
101 log_debug("Resolving %s (family %s, interface %s).", name, af_to_name(arg_family) ?: "*", isempty(ifname) ? "*" : ifname);
102
103 r = sd_bus_message_new_method_call(
104 bus,
105 &req,
106 "org.freedesktop.resolve1",
107 "/org/freedesktop/resolve1",
108 "org.freedesktop.resolve1.Manager",
109 "ResolveHostname");
110 if (r < 0)
111 return bus_log_create_error(r);
112
113 r = sd_bus_message_append(req, "isit", arg_ifindex, name, arg_family, arg_flags);
114 if (r < 0)
115 return bus_log_create_error(r);
116
117 ts = now(CLOCK_MONOTONIC);
118
119 r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
120 if (r < 0)
121 return log_error_errno(r, "%s: resolve call failed: %s", name, bus_error_message(&error, r));
122
123 ts = now(CLOCK_MONOTONIC) - ts;
124
125 r = sd_bus_message_enter_container(reply, 'a', "(iiay)");
126 if (r < 0)
127 return bus_log_parse_error(r);
128
129 while ((r = sd_bus_message_enter_container(reply, 'r', "iiay")) > 0) {
130 _cleanup_free_ char *pretty = NULL;
131 int ifindex, family;
132 const void *a;
133 size_t sz;
134
135 assert_cc(sizeof(int) == sizeof(int32_t));
136
137 r = sd_bus_message_read(reply, "ii", &ifindex, &family);
138 if (r < 0)
139 return bus_log_parse_error(r);
140
141 r = sd_bus_message_read_array(reply, 'y', &a, &sz);
142 if (r < 0)
143 return bus_log_parse_error(r);
144
145 r = sd_bus_message_exit_container(reply);
146 if (r < 0)
147 return bus_log_parse_error(r);
148
149 if (!IN_SET(family, AF_INET, AF_INET6)) {
150 log_debug("%s: skipping entry with family %d (%s)", name, family, af_to_name(family) ?: "unknown");
151 continue;
152 }
153
154 if (sz != FAMILY_ADDRESS_SIZE(family)) {
155 log_error("%s: systemd-resolved returned address of invalid size %zu for family %s", name, sz, af_to_name(family) ?: "unknown");
156 return -EINVAL;
157 }
158
159 ifname[0] = 0;
160 if (ifindex > 0 && !if_indextoname(ifindex, ifname))
161 log_warning_errno(errno, "Failed to resolve interface name for index %i: %m", ifindex);
162
163 r = in_addr_to_string(family, a, &pretty);
164 if (r < 0)
165 return log_error_errno(r, "Failed to print address for %s: %m", name);
166
167 printf("%*s%s %s%s%s\n",
168 (int) strlen(name), c == 0 ? name : "", c == 0 ? ":" : " ",
169 pretty,
170 isempty(ifname) ? "" : "%", ifname);
171
172 c++;
173 }
174 if (r < 0)
175 return bus_log_parse_error(r);
176
177 r = sd_bus_message_exit_container(reply);
178 if (r < 0)
179 return bus_log_parse_error(r);
180
181 r = sd_bus_message_read(reply, "st", &canonical, &flags);
182 if (r < 0)
183 return bus_log_parse_error(r);
184
185 if (!streq(name, canonical))
186 printf("%*s%s (%s)\n",
187 (int) strlen(name), c == 0 ? name : "", c == 0 ? ":" : " ",
188 canonical);
189
190 if (c == 0) {
191 log_error("%s: no addresses found", name);
192 return -ESRCH;
193 }
194
195 print_source(flags, ts);
196
197 return 0;
198 }
199
200 static int resolve_address(sd_bus *bus, int family, const union in_addr_union *address, int ifindex) {
201 _cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL;
202 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
203 _cleanup_free_ char *pretty = NULL;
204 char ifname[IF_NAMESIZE] = "";
205 uint64_t flags;
206 unsigned c = 0;
207 usec_t ts;
208 int r;
209
210 assert(bus);
211 assert(IN_SET(family, AF_INET, AF_INET6));
212 assert(address);
213
214 if (ifindex <= 0)
215 ifindex = arg_ifindex;
216
217 r = in_addr_to_string(family, address, &pretty);
218 if (r < 0)
219 return log_oom();
220
221 if (ifindex > 0 && !if_indextoname(ifindex, ifname))
222 return log_error_errno(errno, "Failed to resolve interface name for index %i: %m", ifindex);
223
224 log_debug("Resolving %s%s%s.", pretty, isempty(ifname) ? "" : "%", ifname);
225
226 r = sd_bus_message_new_method_call(
227 bus,
228 &req,
229 "org.freedesktop.resolve1",
230 "/org/freedesktop/resolve1",
231 "org.freedesktop.resolve1.Manager",
232 "ResolveAddress");
233 if (r < 0)
234 return bus_log_create_error(r);
235
236 r = sd_bus_message_append(req, "ii", ifindex, family);
237 if (r < 0)
238 return bus_log_create_error(r);
239
240 r = sd_bus_message_append_array(req, 'y', address, FAMILY_ADDRESS_SIZE(family));
241 if (r < 0)
242 return bus_log_create_error(r);
243
244 r = sd_bus_message_append(req, "t", arg_flags);
245 if (r < 0)
246 return bus_log_create_error(r);
247
248 ts = now(CLOCK_MONOTONIC);
249
250 r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
251 if (r < 0) {
252 log_error("%s: resolve call failed: %s", pretty, bus_error_message(&error, r));
253 return r;
254 }
255
256 ts = now(CLOCK_MONOTONIC) - ts;
257
258 r = sd_bus_message_enter_container(reply, 'a', "(is)");
259 if (r < 0)
260 return bus_log_create_error(r);
261
262 while ((r = sd_bus_message_enter_container(reply, 'r', "is")) > 0) {
263 const char *n;
264
265 assert_cc(sizeof(int) == sizeof(int32_t));
266
267 r = sd_bus_message_read(reply, "is", &ifindex, &n);
268 if (r < 0)
269 return r;
270
271 r = sd_bus_message_exit_container(reply);
272 if (r < 0)
273 return r;
274
275 ifname[0] = 0;
276 if (ifindex > 0 && !if_indextoname(ifindex, ifname))
277 log_warning_errno(errno, "Failed to resolve interface name for index %i: %m", ifindex);
278
279 printf("%*s%*s%*s%s %s\n",
280 (int) strlen(pretty), c == 0 ? pretty : "",
281 isempty(ifname) ? 0 : 1, c > 0 || isempty(ifname) ? "" : "%",
282 (int) strlen(ifname), c == 0 ? ifname : "",
283 c == 0 ? ":" : " ",
284 n);
285
286 c++;
287 }
288 if (r < 0)
289 return bus_log_parse_error(r);
290
291 r = sd_bus_message_exit_container(reply);
292 if (r < 0)
293 return bus_log_parse_error(r);
294
295 r = sd_bus_message_read(reply, "t", &flags);
296 if (r < 0)
297 return bus_log_parse_error(r);
298
299 if (c == 0) {
300 log_error("%s: no names found", pretty);
301 return -ESRCH;
302 }
303
304 print_source(flags, ts);
305
306 return 0;
307 }
308
309 static int parse_address(const char *s, int *family, union in_addr_union *address, int *ifindex) {
310 const char *percent, *a;
311 int ifi = 0;
312 int r;
313
314 percent = strchr(s, '%');
315 if (percent) {
316 if (parse_ifindex(percent+1, &ifi) < 0) {
317 ifi = if_nametoindex(percent+1);
318 if (ifi <= 0)
319 return -EINVAL;
320 }
321
322 a = strndupa(s, percent - s);
323 } else
324 a = s;
325
326 r = in_addr_from_string_auto(a, family, address);
327 if (r < 0)
328 return r;
329
330 *ifindex = ifi;
331 return 0;
332 }
333
334 static int resolve_record(sd_bus *bus, const char *name, uint16_t class, uint16_t type) {
335 _cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL;
336 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
337 char ifname[IF_NAMESIZE] = "";
338 unsigned n = 0;
339 uint64_t flags;
340 int r;
341 usec_t ts;
342 bool needs_authentication = false;
343
344 assert(name);
345
346 if (arg_ifindex > 0 && !if_indextoname(arg_ifindex, ifname))
347 return log_error_errno(errno, "Failed to resolve interface name for index %i: %m", arg_ifindex);
348
349 log_debug("Resolving %s %s %s (interface %s).", name, dns_class_to_string(class), dns_type_to_string(type), isempty(ifname) ? "*" : ifname);
350
351 r = sd_bus_message_new_method_call(
352 bus,
353 &req,
354 "org.freedesktop.resolve1",
355 "/org/freedesktop/resolve1",
356 "org.freedesktop.resolve1.Manager",
357 "ResolveRecord");
358 if (r < 0)
359 return bus_log_create_error(r);
360
361 r = sd_bus_message_append(req, "isqqt", arg_ifindex, name, class, type, arg_flags);
362 if (r < 0)
363 return bus_log_create_error(r);
364
365 ts = now(CLOCK_MONOTONIC);
366
367 r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
368 if (r < 0) {
369 log_error("%s: resolve call failed: %s", name, bus_error_message(&error, r));
370 return r;
371 }
372
373 ts = now(CLOCK_MONOTONIC) - ts;
374
375 r = sd_bus_message_enter_container(reply, 'a', "(iqqay)");
376 if (r < 0)
377 return bus_log_parse_error(r);
378
379 while ((r = sd_bus_message_enter_container(reply, 'r', "iqqay")) > 0) {
380 _cleanup_(dns_resource_record_unrefp) DnsResourceRecord *rr = NULL;
381 _cleanup_(dns_packet_unrefp) DnsPacket *p = NULL;
382 const char *s;
383 uint16_t c, t;
384 int ifindex;
385 const void *d;
386 size_t l;
387
388 assert_cc(sizeof(int) == sizeof(int32_t));
389
390 r = sd_bus_message_read(reply, "iqq", &ifindex, &c, &t);
391 if (r < 0)
392 return bus_log_parse_error(r);
393
394 r = sd_bus_message_read_array(reply, 'y', &d, &l);
395 if (r < 0)
396 return bus_log_parse_error(r);
397
398 r = sd_bus_message_exit_container(reply);
399 if (r < 0)
400 return bus_log_parse_error(r);
401
402 r = dns_packet_new(&p, DNS_PROTOCOL_DNS, 0);
403 if (r < 0)
404 return log_oom();
405
406 p->refuse_compression = true;
407
408 r = dns_packet_append_blob(p, d, l, NULL);
409 if (r < 0)
410 return log_oom();
411
412 r = dns_packet_read_rr(p, &rr, NULL, NULL);
413 if (r < 0)
414 return log_error_errno(r, "Failed to parse RR: %m");
415
416 s = dns_resource_record_to_string(rr);
417 if (!s)
418 return log_oom();
419
420 ifname[0] = 0;
421 if (ifindex > 0 && !if_indextoname(ifindex, ifname))
422 log_warning_errno(errno, "Failed to resolve interface name for index %i: %m", ifindex);
423
424 printf("%s%s%s\n", s, isempty(ifname) ? "" : " # interface ", ifname);
425
426 if (dns_type_needs_authentication(t))
427 needs_authentication = true;
428
429 n++;
430 }
431 if (r < 0)
432 return bus_log_parse_error(r);
433
434 r = sd_bus_message_exit_container(reply);
435 if (r < 0)
436 return bus_log_parse_error(r);
437
438 r = sd_bus_message_read(reply, "t", &flags);
439 if (r < 0)
440 return bus_log_parse_error(r);
441
442 if (n == 0) {
443 log_error("%s: no records found", name);
444 return -ESRCH;
445 }
446
447 print_source(flags, ts);
448
449 if ((flags & SD_RESOLVED_AUTHENTICATED) == 0 && needs_authentication) {
450 fflush(stdout);
451
452 fprintf(stderr, "\n%s"
453 "WARNING: The resources shown contain cryptographic key data which could not be\n"
454 " authenticated. It is not suitable to authenticate any communication.\n"
455 " This is usually indication that DNSSEC authentication was not enabled\n"
456 " or is not available for the selected protocol or DNS servers.%s\n",
457 ansi_highlight_red(),
458 ansi_normal());
459 }
460
461 return 0;
462 }
463
464 static int resolve_rfc4501(sd_bus *bus, const char *name) {
465 uint16_t type = 0, class = 0;
466 const char *p, *q, *n;
467 int r;
468
469 assert(bus);
470 assert(name);
471 assert(startswith(name, "dns:"));
472
473 /* Parse RFC 4501 dns: URIs */
474
475 p = name + 4;
476
477 if (p[0] == '/') {
478 const char *e;
479
480 if (p[1] != '/')
481 goto invalid;
482
483 e = strchr(p + 2, '/');
484 if (!e)
485 goto invalid;
486
487 if (e != p + 2)
488 log_warning("DNS authority specification not supported; ignoring specified authority.");
489
490 p = e + 1;
491 }
492
493 q = strchr(p, '?');
494 if (q) {
495 n = strndupa(p, q - p);
496 q++;
497
498 for (;;) {
499 const char *f;
500
501 f = startswith_no_case(q, "class=");
502 if (f) {
503 _cleanup_free_ char *t = NULL;
504 const char *e;
505
506 if (class != 0) {
507 log_error("DNS class specified twice.");
508 return -EINVAL;
509 }
510
511 e = strchrnul(f, ';');
512 t = strndup(f, e - f);
513 if (!t)
514 return log_oom();
515
516 r = dns_class_from_string(t);
517 if (r < 0) {
518 log_error("Unknown DNS class %s.", t);
519 return -EINVAL;
520 }
521
522 class = r;
523
524 if (*e == ';') {
525 q = e + 1;
526 continue;
527 }
528
529 break;
530 }
531
532 f = startswith_no_case(q, "type=");
533 if (f) {
534 _cleanup_free_ char *t = NULL;
535 const char *e;
536
537 if (type != 0) {
538 log_error("DNS type specified twice.");
539 return -EINVAL;
540 }
541
542 e = strchrnul(f, ';');
543 t = strndup(f, e - f);
544 if (!t)
545 return log_oom();
546
547 r = dns_type_from_string(t);
548 if (r < 0) {
549 log_error("Unknown DNS type %s.", t);
550 return -EINVAL;
551 }
552
553 type = r;
554
555 if (*e == ';') {
556 q = e + 1;
557 continue;
558 }
559
560 break;
561 }
562
563 goto invalid;
564 }
565 } else
566 n = p;
567
568 if (class == 0)
569 class = arg_class ?: DNS_CLASS_IN;
570 if (type == 0)
571 type = arg_type ?: DNS_TYPE_A;
572
573 return resolve_record(bus, n, class, type);
574
575 invalid:
576 log_error("Invalid DNS URI: %s", name);
577 return -EINVAL;
578 }
579
580 static int resolve_service(sd_bus *bus, const char *name, const char *type, const char *domain) {
581 const char *canonical_name, *canonical_type, *canonical_domain;
582 _cleanup_(sd_bus_message_unrefp) sd_bus_message *req = NULL, *reply = NULL;
583 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
584 char ifname[IF_NAMESIZE] = "";
585 size_t indent, sz;
586 uint64_t flags;
587 const char *p;
588 unsigned c;
589 usec_t ts;
590 int r;
591
592 assert(bus);
593 assert(domain);
594
595 if (isempty(name))
596 name = NULL;
597 if (isempty(type))
598 type = NULL;
599
600 if (arg_ifindex > 0 && !if_indextoname(arg_ifindex, ifname))
601 return log_error_errno(errno, "Failed to resolve interface name for index %i: %m", arg_ifindex);
602
603 if (name)
604 log_debug("Resolving service \"%s\" of type %s in %s (family %s, interface %s).", name, type, domain, af_to_name(arg_family) ?: "*", isempty(ifname) ? "*" : ifname);
605 else if (type)
606 log_debug("Resolving service type %s of %s (family %s, interface %s).", type, domain, af_to_name(arg_family) ?: "*", isempty(ifname) ? "*" : ifname);
607 else
608 log_debug("Resolving service type %s (family %s, interface %s).", domain, af_to_name(arg_family) ?: "*", isempty(ifname) ? "*" : ifname);
609
610 r = sd_bus_message_new_method_call(
611 bus,
612 &req,
613 "org.freedesktop.resolve1",
614 "/org/freedesktop/resolve1",
615 "org.freedesktop.resolve1.Manager",
616 "ResolveService");
617 if (r < 0)
618 return bus_log_create_error(r);
619
620 r = sd_bus_message_append(req, "isssit", arg_ifindex, name, type, domain, arg_family, arg_flags);
621 if (r < 0)
622 return bus_log_create_error(r);
623
624 ts = now(CLOCK_MONOTONIC);
625
626 r = sd_bus_call(bus, req, DNS_CALL_TIMEOUT_USEC, &error, &reply);
627 if (r < 0)
628 return log_error_errno(r, "Resolve call failed: %s", bus_error_message(&error, r));
629
630 ts = now(CLOCK_MONOTONIC) - ts;
631
632 r = sd_bus_message_enter_container(reply, 'a', "(qqqsa(iiay)s)");
633 if (r < 0)
634 return bus_log_parse_error(r);
635
636 indent =
637 (name ? strlen(name) + 1 : 0) +
638 (type ? strlen(type) + 1 : 0) +
639 strlen(domain) + 2;
640
641 c = 0;
642 while ((r = sd_bus_message_enter_container(reply, 'r', "qqqsa(iiay)s")) > 0) {
643 uint16_t priority, weight, port;
644 const char *hostname, *canonical;
645
646 r = sd_bus_message_read(reply, "qqqs", &priority, &weight, &port, &hostname);
647 if (r < 0)
648 return bus_log_parse_error(r);
649
650 if (name)
651 printf("%*s%s", (int) strlen(name), c == 0 ? name : "", c == 0 ? "/" : " ");
652 if (type)
653 printf("%*s%s", (int) strlen(type), c == 0 ? type : "", c == 0 ? "/" : " ");
654
655 printf("%*s%s %s:%u [priority=%u, weight=%u]\n",
656 (int) strlen(domain), c == 0 ? domain : "",
657 c == 0 ? ":" : " ",
658 hostname, port,
659 priority, weight);
660
661 r = sd_bus_message_enter_container(reply, 'a', "(iiay)");
662 if (r < 0)
663 return bus_log_parse_error(r);
664
665 while ((r = sd_bus_message_enter_container(reply, 'r', "iiay")) > 0) {
666 _cleanup_free_ char *pretty = NULL;
667 int ifindex, family;
668 const void *a;
669
670 assert_cc(sizeof(int) == sizeof(int32_t));
671
672 r = sd_bus_message_read(reply, "ii", &ifindex, &family);
673 if (r < 0)
674 return bus_log_parse_error(r);
675
676 r = sd_bus_message_read_array(reply, 'y', &a, &sz);
677 if (r < 0)
678 return bus_log_parse_error(r);
679
680 r = sd_bus_message_exit_container(reply);
681 if (r < 0)
682 return bus_log_parse_error(r);
683
684 if (!IN_SET(family, AF_INET, AF_INET6)) {
685 log_debug("%s: skipping entry with family %d (%s)", name, family, af_to_name(family) ?: "unknown");
686 continue;
687 }
688
689 if (sz != FAMILY_ADDRESS_SIZE(family)) {
690 log_error("%s: systemd-resolved returned address of invalid size %zu for family %s", name, sz, af_to_name(family) ?: "unknown");
691 return -EINVAL;
692 }
693
694 ifname[0] = 0;
695 if (ifindex > 0 && !if_indextoname(ifindex, ifname))
696 log_warning_errno(errno, "Failed to resolve interface name for index %i: %m", ifindex);
697
698 r = in_addr_to_string(family, a, &pretty);
699 if (r < 0)
700 return log_error_errno(r, "Failed to print address for %s: %m", name);
701
702 printf("%*s%s%s%s\n", (int) indent, "", pretty, isempty(ifname) ? "" : "%s", ifname);
703 }
704 if (r < 0)
705 return bus_log_parse_error(r);
706
707 r = sd_bus_message_exit_container(reply);
708 if (r < 0)
709 return bus_log_parse_error(r);
710
711 r = sd_bus_message_read(reply, "s", &canonical);
712 if (r < 0)
713 return bus_log_parse_error(r);
714
715 if (!streq(hostname, canonical))
716 printf("%*s(%s)\n", (int) indent, "", canonical);
717
718 r = sd_bus_message_exit_container(reply);
719 if (r < 0)
720 return bus_log_parse_error(r);
721
722 c++;
723 }
724 if (r < 0)
725 return bus_log_parse_error(r);
726
727 r = sd_bus_message_exit_container(reply);
728 if (r < 0)
729 return bus_log_parse_error(r);
730
731 r = sd_bus_message_enter_container(reply, 'a', "ay");
732 if (r < 0)
733 return bus_log_parse_error(r);
734
735 c = 0;
736 while ((r = sd_bus_message_read_array(reply, 'y', (const void**) &p, &sz)) > 0) {
737 _cleanup_free_ char *escaped = NULL;
738
739 escaped = cescape_length(p, sz);
740 if (!escaped)
741 return log_oom();
742
743 printf("%*s%s\n", (int) indent, "", escaped);
744 c++;
745 }
746 if (r < 0)
747 return bus_log_parse_error(r);
748
749 r = sd_bus_message_exit_container(reply);
750 if (r < 0)
751 return bus_log_parse_error(r);
752
753 r = sd_bus_message_read(reply, "ssst", &canonical_name, &canonical_type, &canonical_domain, &flags);
754 if (r < 0)
755 return bus_log_parse_error(r);
756
757 if (isempty(canonical_name))
758 canonical_name = NULL;
759 if (isempty(canonical_type))
760 canonical_type = NULL;
761
762 if (!streq_ptr(name, canonical_name) ||
763 !streq_ptr(type, canonical_type) ||
764 !streq_ptr(domain, canonical_domain)) {
765
766 printf("%*s(", (int) indent, "");
767
768 if (canonical_name)
769 printf("%s/", canonical_name);
770 if (canonical_type)
771 printf("%s/", canonical_type);
772
773 printf("%s)\n", canonical_domain);
774 }
775
776 print_source(flags, ts);
777
778 return 0;
779 }
780
781 static int resolve_openpgp(sd_bus *bus, const char *address) {
782 const char *domain, *full;
783 int r;
784 _cleanup_free_ char *hashed = NULL;
785
786 assert(bus);
787 assert(address);
788
789 domain = strrchr(address, '@');
790 if (!domain) {
791 log_error("Address does not contain '@': \"%s\"", address);
792 return -EINVAL;
793 } else if (domain == address || domain[1] == '\0') {
794 log_error("Address starts or ends with '@': \"%s\"", address);
795 return -EINVAL;
796 }
797 domain++;
798
799 r = string_hashsum(address, domain - 1 - address, GCRY_MD_SHA224, &hashed);
800 if (r < 0)
801 return log_error_errno(r, "Hashing failed: %m");
802
803 full = strjoina(hashed, "._openpgpkey.", domain);
804 log_debug("Looking up \"%s\".", full);
805
806 return resolve_record(bus, full,
807 arg_class ?: DNS_CLASS_IN,
808 arg_type ?: DNS_TYPE_OPENPGPKEY);
809 }
810
811 static int show_statistics(sd_bus *bus) {
812 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
813 _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
814 uint64_t n_current_transactions, n_total_transactions,
815 cache_size, n_cache_hit, n_cache_miss,
816 n_dnssec_secure, n_dnssec_insecure, n_dnssec_bogus, n_dnssec_indeterminate;
817 int r, dnssec_supported;
818
819 assert(bus);
820
821 r = sd_bus_get_property_trivial(bus,
822 "org.freedesktop.resolve1",
823 "/org/freedesktop/resolve1",
824 "org.freedesktop.resolve1.Manager",
825 "DNSSECSupported",
826 &error,
827 'b',
828 &dnssec_supported);
829 if (r < 0)
830 return log_error_errno(r, "Failed to get DNSSEC supported state: %s", bus_error_message(&error, r));
831
832 printf("DNSSEC supported by current servers: %s%s%s\n\n",
833 ansi_highlight(),
834 yes_no(dnssec_supported),
835 ansi_normal());
836
837 r = sd_bus_get_property(bus,
838 "org.freedesktop.resolve1",
839 "/org/freedesktop/resolve1",
840 "org.freedesktop.resolve1.Manager",
841 "TransactionStatistics",
842 &error,
843 &reply,
844 "(tt)");
845 if (r < 0)
846 return log_error_errno(r, "Failed to get transaction statistics: %s", bus_error_message(&error, r));
847
848 r = sd_bus_message_read(reply, "(tt)",
849 &n_current_transactions,
850 &n_total_transactions);
851 if (r < 0)
852 return bus_log_parse_error(r);
853
854 printf("%sTransactions%s\n"
855 "Current Transactions: %" PRIu64 "\n"
856 " Total Transactions: %" PRIu64 "\n",
857 ansi_highlight(),
858 ansi_normal(),
859 n_current_transactions,
860 n_total_transactions);
861
862 reply = sd_bus_message_unref(reply);
863
864 r = sd_bus_get_property(bus,
865 "org.freedesktop.resolve1",
866 "/org/freedesktop/resolve1",
867 "org.freedesktop.resolve1.Manager",
868 "CacheStatistics",
869 &error,
870 &reply,
871 "(ttt)");
872 if (r < 0)
873 return log_error_errno(r, "Failed to get cache statistics: %s", bus_error_message(&error, r));
874
875 r = sd_bus_message_read(reply, "(ttt)",
876 &cache_size,
877 &n_cache_hit,
878 &n_cache_miss);
879 if (r < 0)
880 return bus_log_parse_error(r);
881
882 printf("\n%sCache%s\n"
883 " Current Cache Size: %" PRIu64 "\n"
884 " Cache Hits: %" PRIu64 "\n"
885 " Cache Misses: %" PRIu64 "\n",
886 ansi_highlight(),
887 ansi_normal(),
888 cache_size,
889 n_cache_hit,
890 n_cache_miss);
891
892 reply = sd_bus_message_unref(reply);
893
894 r = sd_bus_get_property(bus,
895 "org.freedesktop.resolve1",
896 "/org/freedesktop/resolve1",
897 "org.freedesktop.resolve1.Manager",
898 "DNSSECStatistics",
899 &error,
900 &reply,
901 "(tttt)");
902 if (r < 0)
903 return log_error_errno(r, "Failed to get DNSSEC statistics: %s", bus_error_message(&error, r));
904
905 r = sd_bus_message_read(reply, "(tttt)",
906 &n_dnssec_secure,
907 &n_dnssec_insecure,
908 &n_dnssec_bogus,
909 &n_dnssec_indeterminate);
910 if (r < 0)
911 return bus_log_parse_error(r);
912
913 printf("\n%sDNSSEC Verdicts%s\n"
914 " Secure: %" PRIu64 "\n"
915 " Insecure: %" PRIu64 "\n"
916 " Bogus: %" PRIu64 "\n"
917 " Indeterminate: %" PRIu64 "\n",
918 ansi_highlight(),
919 ansi_normal(),
920 n_dnssec_secure,
921 n_dnssec_insecure,
922 n_dnssec_bogus,
923 n_dnssec_indeterminate);
924
925 return 0;
926 }
927
928 static int reset_statistics(sd_bus *bus) {
929 _cleanup_(sd_bus_error_free) sd_bus_error error = SD_BUS_ERROR_NULL;
930 int r;
931
932 r = sd_bus_call_method(bus,
933 "org.freedesktop.resolve1",
934 "/org/freedesktop/resolve1",
935 "org.freedesktop.resolve1.Manager",
936 "ResetStatistics",
937 &error,
938 NULL,
939 NULL);
940 if (r < 0)
941 return log_error_errno(r, "Failed to reset statistics: %s", bus_error_message(&error, r));
942
943 return 0;
944 }
945
946 static void help_protocol_types(void) {
947 if (arg_legend)
948 puts("Known protocol types:");
949 puts("dns\nllmnr\nllmnr-ipv4\nllmnr-ipv6");
950 }
951
952 static void help_dns_types(void) {
953 int i;
954 const char *t;
955
956 if (arg_legend)
957 puts("Known DNS RR types:");
958 for (i = 0; i < _DNS_TYPE_MAX; i++) {
959 t = dns_type_to_string(i);
960 if (t)
961 puts(t);
962 }
963 }
964
965 static void help_dns_classes(void) {
966 int i;
967 const char *t;
968
969 if (arg_legend)
970 puts("Known DNS RR classes:");
971 for (i = 0; i < _DNS_CLASS_MAX; i++) {
972 t = dns_class_to_string(i);
973 if (t)
974 puts(t);
975 }
976 }
977
978 static void help(void) {
979 printf("%s [OPTIONS...] NAME...\n"
980 "%s [OPTIONS...] --service [[NAME] TYPE] DOMAIN\n\n"
981 "Resolve domain names, IPv4 and IPv6 addresses, DNS resource records, and services.\n\n"
982 " -h --help Show this help\n"
983 " --version Show package version\n"
984 " -4 Resolve IPv4 addresses\n"
985 " -6 Resolve IPv6 addresses\n"
986 " -i --interface=INTERFACE Look on interface\n"
987 " -p --protocol=PROTOCOL|help Look via protocol\n"
988 " -t --type=TYPE|help Query RR with DNS type\n"
989 " -c --class=CLASS|help Query RR with DNS class\n"
990 " --service Resolve service (SRV)\n"
991 " --service-address=BOOL Do [not] resolve address for services\n"
992 " --service-txt=BOOL Do [not] resolve TXT records for services\n"
993 " --openpgp Query OpenPGP public key\n"
994 " --cname=BOOL Do [not] follow CNAME redirects\n"
995 " --search=BOOL Do [not] use search domains\n"
996 " --legend=BOOL Do [not] print column headers and meta information\n"
997 " --statistics Show resolver statistics\n"
998 " --reset-statistics Reset resolver statistics\n"
999 , program_invocation_short_name, program_invocation_short_name);
1000 }
1001
1002 static int parse_argv(int argc, char *argv[]) {
1003 enum {
1004 ARG_VERSION = 0x100,
1005 ARG_LEGEND,
1006 ARG_SERVICE,
1007 ARG_CNAME,
1008 ARG_SERVICE_ADDRESS,
1009 ARG_SERVICE_TXT,
1010 ARG_OPENPGP,
1011 ARG_SEARCH,
1012 ARG_STATISTICS,
1013 ARG_RESET_STATISTICS,
1014 };
1015
1016 static const struct option options[] = {
1017 { "help", no_argument, NULL, 'h' },
1018 { "version", no_argument, NULL, ARG_VERSION },
1019 { "type", required_argument, NULL, 't' },
1020 { "class", required_argument, NULL, 'c' },
1021 { "legend", required_argument, NULL, ARG_LEGEND },
1022 { "interface", required_argument, NULL, 'i' },
1023 { "protocol", required_argument, NULL, 'p' },
1024 { "cname", required_argument, NULL, ARG_CNAME },
1025 { "service", no_argument, NULL, ARG_SERVICE },
1026 { "service-address", required_argument, NULL, ARG_SERVICE_ADDRESS },
1027 { "service-txt", required_argument, NULL, ARG_SERVICE_TXT },
1028 { "openpgp", no_argument, NULL, ARG_OPENPGP },
1029 { "search", required_argument, NULL, ARG_SEARCH },
1030 { "statistics", no_argument, NULL, ARG_STATISTICS, },
1031 { "reset-statistics", no_argument, NULL, ARG_RESET_STATISTICS },
1032 {}
1033 };
1034
1035 int c, r;
1036
1037 assert(argc >= 0);
1038 assert(argv);
1039
1040 while ((c = getopt_long(argc, argv, "h46i:t:c:p:", options, NULL)) >= 0)
1041 switch(c) {
1042
1043 case 'h':
1044 help();
1045 return 0; /* done */;
1046
1047 case ARG_VERSION:
1048 return version();
1049
1050 case '4':
1051 arg_family = AF_INET;
1052 break;
1053
1054 case '6':
1055 arg_family = AF_INET6;
1056 break;
1057
1058 case 'i': {
1059 int ifi;
1060
1061 if (parse_ifindex(optarg, &ifi) >= 0)
1062 arg_ifindex = ifi;
1063 else {
1064 ifi = if_nametoindex(optarg);
1065 if (ifi <= 0)
1066 return log_error_errno(errno, "Unknown interface %s: %m", optarg);
1067
1068 arg_ifindex = ifi;
1069 }
1070
1071 break;
1072 }
1073
1074 case 't':
1075 if (streq(optarg, "help")) {
1076 help_dns_types();
1077 return 0;
1078 }
1079
1080 r = dns_type_from_string(optarg);
1081 if (r < 0) {
1082 log_error("Failed to parse RR record type %s", optarg);
1083 return r;
1084 }
1085 arg_type = (uint16_t) r;
1086 assert((int) arg_type == r);
1087
1088 arg_mode = MODE_RESOLVE_RECORD;
1089 break;
1090
1091 case 'c':
1092 if (streq(optarg, "help")) {
1093 help_dns_classes();
1094 return 0;
1095 }
1096
1097 r = dns_class_from_string(optarg);
1098 if (r < 0) {
1099 log_error("Failed to parse RR record class %s", optarg);
1100 return r;
1101 }
1102 arg_class = (uint16_t) r;
1103 assert((int) arg_class == r);
1104
1105 break;
1106
1107 case ARG_LEGEND:
1108 r = parse_boolean(optarg);
1109 if (r < 0)
1110 return log_error_errno(r, "Failed to parse --legend= argument");
1111
1112 arg_legend = r;
1113 break;
1114
1115 case 'p':
1116 if (streq(optarg, "help")) {
1117 help_protocol_types();
1118 return 0;
1119 } else if (streq(optarg, "dns"))
1120 arg_flags |= SD_RESOLVED_DNS;
1121 else if (streq(optarg, "llmnr"))
1122 arg_flags |= SD_RESOLVED_LLMNR;
1123 else if (streq(optarg, "llmnr-ipv4"))
1124 arg_flags |= SD_RESOLVED_LLMNR_IPV4;
1125 else if (streq(optarg, "llmnr-ipv6"))
1126 arg_flags |= SD_RESOLVED_LLMNR_IPV6;
1127 else {
1128 log_error("Unknown protocol specifier: %s", optarg);
1129 return -EINVAL;
1130 }
1131
1132 break;
1133
1134 case ARG_SERVICE:
1135 arg_mode = MODE_RESOLVE_SERVICE;
1136 break;
1137
1138 case ARG_OPENPGP:
1139 arg_mode = MODE_RESOLVE_OPENPGP;
1140 break;
1141
1142 case ARG_CNAME:
1143 r = parse_boolean(optarg);
1144 if (r < 0)
1145 return log_error_errno(r, "Failed to parse --cname= argument.");
1146 if (r == 0)
1147 arg_flags |= SD_RESOLVED_NO_CNAME;
1148 else
1149 arg_flags &= ~SD_RESOLVED_NO_CNAME;
1150 break;
1151
1152 case ARG_SERVICE_ADDRESS:
1153 r = parse_boolean(optarg);
1154 if (r < 0)
1155 return log_error_errno(r, "Failed to parse --service-address= argument.");
1156 if (r == 0)
1157 arg_flags |= SD_RESOLVED_NO_ADDRESS;
1158 else
1159 arg_flags &= ~SD_RESOLVED_NO_ADDRESS;
1160 break;
1161
1162 case ARG_SERVICE_TXT:
1163 r = parse_boolean(optarg);
1164 if (r < 0)
1165 return log_error_errno(r, "Failed to parse --service-txt= argument.");
1166 if (r == 0)
1167 arg_flags |= SD_RESOLVED_NO_TXT;
1168 else
1169 arg_flags &= ~SD_RESOLVED_NO_TXT;
1170 break;
1171
1172 case ARG_SEARCH:
1173 r = parse_boolean(optarg);
1174 if (r < 0)
1175 return log_error_errno(r, "Failed to parse --search argument.");
1176 if (r == 0)
1177 arg_flags |= SD_RESOLVED_NO_SEARCH;
1178 else
1179 arg_flags &= ~SD_RESOLVED_NO_SEARCH;
1180 break;
1181
1182 case ARG_STATISTICS:
1183 arg_mode = MODE_STATISTICS;
1184 break;
1185
1186 case ARG_RESET_STATISTICS:
1187 arg_mode = MODE_RESET_STATISTICS;
1188 break;
1189
1190 case '?':
1191 return -EINVAL;
1192
1193 default:
1194 assert_not_reached("Unhandled option");
1195 }
1196
1197 if (arg_type == 0 && arg_class != 0) {
1198 log_error("--class= may only be used in conjunction with --type=.");
1199 return -EINVAL;
1200 }
1201
1202 if (arg_type != 0 && arg_mode != MODE_RESOLVE_RECORD) {
1203 log_error("--service and --type= may not be combined.");
1204 return -EINVAL;
1205 }
1206
1207 if (arg_type != 0 && arg_class == 0)
1208 arg_class = DNS_CLASS_IN;
1209
1210 if (arg_class != 0 && arg_type == 0)
1211 arg_type = DNS_TYPE_A;
1212
1213 return 1 /* work to do */;
1214 }
1215
1216 int main(int argc, char **argv) {
1217 _cleanup_(sd_bus_flush_close_unrefp) sd_bus *bus = NULL;
1218 int r;
1219
1220 log_parse_environment();
1221 log_open();
1222
1223 r = parse_argv(argc, argv);
1224 if (r <= 0)
1225 goto finish;
1226
1227 r = sd_bus_open_system(&bus);
1228 if (r < 0) {
1229 log_error_errno(r, "sd_bus_open_system: %m");
1230 goto finish;
1231 }
1232
1233 switch (arg_mode) {
1234
1235 case MODE_RESOLVE_HOST:
1236 if (optind >= argc) {
1237 log_error("No arguments passed.");
1238 r = -EINVAL;
1239 goto finish;
1240 }
1241
1242 while (argv[optind]) {
1243 int family, ifindex, k;
1244 union in_addr_union a;
1245
1246 if (startswith(argv[optind], "dns:"))
1247 k = resolve_rfc4501(bus, argv[optind]);
1248 else {
1249 k = parse_address(argv[optind], &family, &a, &ifindex);
1250 if (k >= 0)
1251 k = resolve_address(bus, family, &a, ifindex);
1252 else
1253 k = resolve_host(bus, argv[optind]);
1254 }
1255
1256 if (r == 0)
1257 r = k;
1258
1259 optind++;
1260 }
1261 break;
1262
1263 case MODE_RESOLVE_RECORD:
1264 if (optind >= argc) {
1265 log_error("No arguments passed.");
1266 r = -EINVAL;
1267 goto finish;
1268 }
1269
1270 while (argv[optind]) {
1271 int k;
1272
1273 k = resolve_record(bus, argv[optind], arg_class, arg_type);
1274 if (r == 0)
1275 r = k;
1276
1277 optind++;
1278 }
1279 break;
1280
1281 case MODE_RESOLVE_SERVICE:
1282 if (argc < optind + 1) {
1283 log_error("Domain specification required.");
1284 r = -EINVAL;
1285 goto finish;
1286
1287 } else if (argc == optind + 1)
1288 r = resolve_service(bus, NULL, NULL, argv[optind]);
1289 else if (argc == optind + 2)
1290 r = resolve_service(bus, NULL, argv[optind], argv[optind+1]);
1291 else if (argc == optind + 3)
1292 r = resolve_service(bus, argv[optind], argv[optind+1], argv[optind+2]);
1293 else {
1294 log_error("Too many arguments.");
1295 r = -EINVAL;
1296 goto finish;
1297 }
1298
1299 break;
1300
1301 case MODE_RESOLVE_OPENPGP:
1302 if (argc < optind + 1) {
1303 log_error("E-mail address required.");
1304 r = -EINVAL;
1305 goto finish;
1306
1307 }
1308
1309 r = 0;
1310 while (optind < argc) {
1311 int k;
1312
1313 k = resolve_openpgp(bus, argv[optind++]);
1314 if (k < 0)
1315 r = k;
1316 }
1317 break;
1318
1319 case MODE_STATISTICS:
1320 if (argc > optind) {
1321 log_error("Too many arguments.");
1322 r = -EINVAL;
1323 goto finish;
1324 }
1325
1326 r = show_statistics(bus);
1327 break;
1328
1329 case MODE_RESET_STATISTICS:
1330 if (argc > optind) {
1331 log_error("Too many arguments.");
1332 r = -EINVAL;
1333 goto finish;
1334 }
1335
1336 r = reset_statistics(bus);
1337 break;
1338 }
1339
1340 finish:
1341 return r == 0 ? EXIT_SUCCESS : EXIT_FAILURE;
1342 }
Unnamed repository; edit this file 'description' to name the repository.