src/resolve/resolved-conf.c

   1 /* SPDX-License-Identifier: LGPL-2.1+ */
   2 /***
   3   This file is part of systemd.
   4
   5   Copyright 2014 Tom Gundersen <teg@jklm.no>
   6
   7   systemd is free software; you can redistribute it and/or modify it
   8   under the terms of the GNU Lesser General Public License as published by
   9   the Free Software Foundation; either version 2.1 of the License, or
  10   (at your option) any later version.
  11
  12   systemd is distributed in the hope that it will be useful, but
  13   WITHOUT ANY WARRANTY; without even the implied warranty of
  14   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  15   Lesser General Public License for more details.
  16
  17   You should have received a copy of the GNU Lesser General Public License
  18   along with systemd; If not, see <http://www.gnu.org/licenses/>.
  19  ***/
  20
  21 #include "alloc-util.h"
  22 #include "conf-parser.h"
  23 #include "def.h"
  24 #include "extract-word.h"
  25 #include "parse-util.h"
  26 #include "resolved-conf.h"
  27 #include "string-table.h"
  28 #include "string-util.h"
  29
  30 DEFINE_CONFIG_PARSE_ENUM(config_parse_dns_stub_listener_mode, dns_stub_listener_mode, DnsStubListenerMode, "Failed to parse DNS stub listener mode setting");
  31
  32 static const char* const dns_stub_listener_mode_table[_DNS_STUB_LISTENER_MODE_MAX] = {
  33         [DNS_STUB_LISTENER_NO] = "no",
  34         [DNS_STUB_LISTENER_UDP] = "udp",
  35         [DNS_STUB_LISTENER_TCP] = "tcp",
  36         [DNS_STUB_LISTENER_YES] = "yes",
  37 };
  38 DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(dns_stub_listener_mode, DnsStubListenerMode, DNS_STUB_LISTENER_YES);
  39
  40 int manager_add_dns_server_by_string(Manager *m, DnsServerType type, const char *word) {
  41         union in_addr_union address;
  42         int family, r, ifindex = 0;
  43         DnsServer *s;
  44
  45         assert(m);
  46         assert(word);
  47
  48         r = in_addr_ifindex_from_string_auto(word, &family, &address, &ifindex);
  49         if (r < 0)
  50                 return r;
  51
  52         /* Silently filter out 0.0.0.0 and 127.0.0.53 (our own stub DNS listener) */
  53         if (!dns_server_address_valid(family, &address))
  54                 return 0;
  55
  56         /* Filter out duplicates */
  57         s = dns_server_find(manager_get_first_dns_server(m, type), family, &address, ifindex);
  58         if (s) {
  59                 /*
  60                  * Drop the marker. This is used to find the servers
  61                  * that ceased to exist, see
  62                  * manager_mark_dns_servers() and
  63                  * manager_flush_marked_dns_servers().
  64                  */
  65                 dns_server_move_back_and_unmark(s);
  66                 return 0;
  67         }
  68
  69         return dns_server_new(m, NULL, type, NULL, family, &address, ifindex);
  70 }
  71
  72 int manager_parse_dns_server_string_and_warn(Manager *m, DnsServerType type, const char *string) {
  73         int r;
  74
  75         assert(m);
  76         assert(string);
  77
  78         for (;;) {
  79                 _cleanup_free_ char *word = NULL;
  80
  81                 r = extract_first_word(&string, &word, NULL, 0);
  82                 if (r < 0)
  83                         return r;
  84                 if (r == 0)
  85                         break;
  86
  87                 r = manager_add_dns_server_by_string(m, type, word);
  88                 if (r < 0)
  89                         log_warning_errno(r, "Failed to add DNS server address '%s', ignoring: %m", word);
  90         }
  91
  92         return 0;
  93 }
  94
  95 int manager_add_search_domain_by_string(Manager *m, const char *domain) {
  96         DnsSearchDomain *d;
  97         bool route_only;
  98         int r;
  99
 100         assert(m);
 101         assert(domain);
 102
 103         route_only = *domain == '~';
 104         if (route_only)
 105                 domain++;
 106
 107         if (dns_name_is_root(domain) || streq(domain, "*")) {
 108                 route_only = true;
 109                 domain = ".";
 110         }
 111
 112         r = dns_search_domain_find(m->search_domains, domain, &d);
 113         if (r < 0)
 114                 return r;
 115         if (r > 0)
 116                 dns_search_domain_move_back_and_unmark(d);
 117         else {
 118                 r = dns_search_domain_new(m, &d, DNS_SEARCH_DOMAIN_SYSTEM, NULL, domain);
 119                 if (r < 0)
 120                         return r;
 121         }
 122
 123         d->route_only = route_only;
 124         return 0;
 125 }
 126
 127 int manager_parse_search_domains_and_warn(Manager *m, const char *string) {
 128         int r;
 129
 130         assert(m);
 131         assert(string);
 132
 133         for (;;) {
 134                 _cleanup_free_ char *word = NULL;
 135
 136                 r = extract_first_word(&string, &word, NULL, EXTRACT_QUOTES);
 137                 if (r < 0)
 138                         return r;
 139                 if (r == 0)
 140                         break;
 141
 142                 r = manager_add_search_domain_by_string(m, word);
 143                 if (r < 0)
 144                         log_warning_errno(r, "Failed to add search domain '%s', ignoring: %m", word);
 145         }
 146
 147         return 0;
 148 }
 149
 150 int config_parse_dns_servers(
 151                 const char *unit,
 152                 const char *filename,
 153                 unsigned line,
 154                 const char *section,
 155                 unsigned section_line,
 156                 const char *lvalue,
 157                 int ltype,
 158                 const char *rvalue,
 159                 void *data,
 160                 void *userdata) {
 161
 162         Manager *m = userdata;
 163         int r;
 164
 165         assert(filename);
 166         assert(lvalue);
 167         assert(rvalue);
 168         assert(m);
 169
 170         if (isempty(rvalue))
 171                 /* Empty assignment means clear the list */
 172                 dns_server_unlink_all(manager_get_first_dns_server(m, ltype));
 173         else {
 174                 /* Otherwise, add to the list */
 175                 r = manager_parse_dns_server_string_and_warn(m, ltype, rvalue);
 176                 if (r < 0) {
 177                         log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse DNS server string '%s'. Ignoring.", rvalue);
 178                         return 0;
 179                 }
 180         }
 181
 182         /* If we have a manual setting, then we stop reading
 183          * /etc/resolv.conf */
 184         if (ltype == DNS_SERVER_SYSTEM)
 185                 m->read_resolv_conf = false;
 186         if (ltype == DNS_SERVER_FALLBACK)
 187                 m->need_builtin_fallbacks = false;
 188
 189         return 0;
 190 }
 191
 192 int config_parse_search_domains(
 193                 const char *unit,
 194                 const char *filename,
 195                 unsigned line,
 196                 const char *section,
 197                 unsigned section_line,
 198                 const char *lvalue,
 199                 int ltype,
 200                 const char *rvalue,
 201                 void *data,
 202                 void *userdata) {
 203
 204         Manager *m = userdata;
 205         int r;
 206
 207         assert(filename);
 208         assert(lvalue);
 209         assert(rvalue);
 210         assert(m);
 211
 212         if (isempty(rvalue))
 213                 /* Empty assignment means clear the list */
 214                 dns_search_domain_unlink_all(m->search_domains);
 215         else {
 216                 /* Otherwise, add to the list */
 217                 r = manager_parse_search_domains_and_warn(m, rvalue);
 218                 if (r < 0) {
 219                         log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse search domains string '%s'. Ignoring.", rvalue);
 220                         return 0;
 221                 }
 222         }
 223
 224         /* If we have a manual setting, then we stop reading
 225          * /etc/resolv.conf */
 226         m->read_resolv_conf = false;
 227
 228         return 0;
 229 }
 230
 231 int manager_parse_config_file(Manager *m) {
 232         int r;
 233
 234         assert(m);
 235
 236         r = config_parse_many_nulstr(PKGSYSCONFDIR "/resolved.conf",
 237                                      CONF_PATHS_NULSTR("systemd/resolved.conf.d"),
 238                                      "Resolve\0",
 239                                      config_item_perf_lookup, resolved_gperf_lookup,
 240                                      CONFIG_PARSE_WARN, m);
 241         if (r < 0)
 242                 return r;
 243
 244         if (m->need_builtin_fallbacks) {
 245                 r = manager_parse_dns_server_string_and_warn(m, DNS_SERVER_FALLBACK, DNS_SERVERS);
 246                 if (r < 0)
 247                         return r;
 248         }
 249
 250 #if ! HAVE_GCRYPT
 251         if (m->dnssec_mode != DNSSEC_NO) {
 252                 log_warning("DNSSEC option cannot be enabled or set to allow-downgrade when systemd-resolved is built without gcrypt support. Turning off DNSSEC support.");
 253                 m->dnssec_mode = DNSSEC_NO;
 254         }
 255 #endif
 256         return 0;
 257
 258 }