src/resolve/resolved-conf.c

   1 /* SPDX-License-Identifier: LGPL-2.1+ */
   2 /***
   3   This file is part of systemd.
   4
   5   Copyright 2014 Tom Gundersen <teg@jklm.no>
   6  ***/
   7
   8 #include "alloc-util.h"
   9 #include "conf-parser.h"
  10 #include "def.h"
  11 #include "extract-word.h"
  12 #include "hexdecoct.h"
  13 #include "parse-util.h"
  14 #include "resolved-conf.h"
  15 #include "resolved-dnssd.h"
  16 #include "specifier.h"
  17 #include "string-table.h"
  18 #include "string-util.h"
  19 #include "utf8.h"
  20
  21 DEFINE_CONFIG_PARSE_ENUM(config_parse_dns_stub_listener_mode, dns_stub_listener_mode, DnsStubListenerMode, "Failed to parse DNS stub listener mode setting");
  22
  23 static const char* const dns_stub_listener_mode_table[_DNS_STUB_LISTENER_MODE_MAX] = {
  24         [DNS_STUB_LISTENER_NO] = "no",
  25         [DNS_STUB_LISTENER_UDP] = "udp",
  26         [DNS_STUB_LISTENER_TCP] = "tcp",
  27         [DNS_STUB_LISTENER_YES] = "yes",
  28 };
  29 DEFINE_STRING_TABLE_LOOKUP_WITH_BOOLEAN(dns_stub_listener_mode, DnsStubListenerMode, DNS_STUB_LISTENER_YES);
  30
  31 int manager_add_dns_server_by_string(Manager *m, DnsServerType type, const char *word) {
  32         union in_addr_union address;
  33         int family, r, ifindex = 0;
  34         DnsServer *s;
  35
  36         assert(m);
  37         assert(word);
  38
  39         r = in_addr_ifindex_from_string_auto(word, &family, &address, &ifindex);
  40         if (r < 0)
  41                 return r;
  42
  43         /* Silently filter out 0.0.0.0 and 127.0.0.53 (our own stub DNS listener) */
  44         if (!dns_server_address_valid(family, &address))
  45                 return 0;
  46
  47         /* Filter out duplicates */
  48         s = dns_server_find(manager_get_first_dns_server(m, type), family, &address, ifindex);
  49         if (s) {
  50                 /*
  51                  * Drop the marker. This is used to find the servers
  52                  * that ceased to exist, see
  53                  * manager_mark_dns_servers() and
  54                  * manager_flush_marked_dns_servers().
  55                  */
  56                 dns_server_move_back_and_unmark(s);
  57                 return 0;
  58         }
  59
  60         return dns_server_new(m, NULL, type, NULL, family, &address, ifindex);
  61 }
  62
  63 int manager_parse_dns_server_string_and_warn(Manager *m, DnsServerType type, const char *string) {
  64         int r;
  65
  66         assert(m);
  67         assert(string);
  68
  69         for (;;) {
  70                 _cleanup_free_ char *word = NULL;
  71
  72                 r = extract_first_word(&string, &word, NULL, 0);
  73                 if (r < 0)
  74                         return r;
  75                 if (r == 0)
  76                         break;
  77
  78                 r = manager_add_dns_server_by_string(m, type, word);
  79                 if (r < 0)
  80                         log_warning_errno(r, "Failed to add DNS server address '%s', ignoring: %m", word);
  81         }
  82
  83         return 0;
  84 }
  85
  86 int manager_add_search_domain_by_string(Manager *m, const char *domain) {
  87         DnsSearchDomain *d;
  88         bool route_only;
  89         int r;
  90
  91         assert(m);
  92         assert(domain);
  93
  94         route_only = *domain == '~';
  95         if (route_only)
  96                 domain++;
  97
  98         if (dns_name_is_root(domain) || streq(domain, "*")) {
  99                 route_only = true;
 100                 domain = ".";
 101         }
 102
 103         r = dns_search_domain_find(m->search_domains, domain, &d);
 104         if (r < 0)
 105                 return r;
 106         if (r > 0)
 107                 dns_search_domain_move_back_and_unmark(d);
 108         else {
 109                 r = dns_search_domain_new(m, &d, DNS_SEARCH_DOMAIN_SYSTEM, NULL, domain);
 110                 if (r < 0)
 111                         return r;
 112         }
 113
 114         d->route_only = route_only;
 115         return 0;
 116 }
 117
 118 int manager_parse_search_domains_and_warn(Manager *m, const char *string) {
 119         int r;
 120
 121         assert(m);
 122         assert(string);
 123
 124         for (;;) {
 125                 _cleanup_free_ char *word = NULL;
 126
 127                 r = extract_first_word(&string, &word, NULL, EXTRACT_QUOTES);
 128                 if (r < 0)
 129                         return r;
 130                 if (r == 0)
 131                         break;
 132
 133                 r = manager_add_search_domain_by_string(m, word);
 134                 if (r < 0)
 135                         log_warning_errno(r, "Failed to add search domain '%s', ignoring: %m", word);
 136         }
 137
 138         return 0;
 139 }
 140
 141 int config_parse_dns_servers(
 142                 const char *unit,
 143                 const char *filename,
 144                 unsigned line,
 145                 const char *section,
 146                 unsigned section_line,
 147                 const char *lvalue,
 148                 int ltype,
 149                 const char *rvalue,
 150                 void *data,
 151                 void *userdata) {
 152
 153         Manager *m = userdata;
 154         int r;
 155
 156         assert(filename);
 157         assert(lvalue);
 158         assert(rvalue);
 159         assert(m);
 160
 161         if (isempty(rvalue))
 162                 /* Empty assignment means clear the list */
 163                 dns_server_unlink_all(manager_get_first_dns_server(m, ltype));
 164         else {
 165                 /* Otherwise, add to the list */
 166                 r = manager_parse_dns_server_string_and_warn(m, ltype, rvalue);
 167                 if (r < 0) {
 168                         log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse DNS server string '%s'. Ignoring.", rvalue);
 169                         return 0;
 170                 }
 171         }
 172
 173         /* If we have a manual setting, then we stop reading
 174          * /etc/resolv.conf */
 175         if (ltype == DNS_SERVER_SYSTEM)
 176                 m->read_resolv_conf = false;
 177         if (ltype == DNS_SERVER_FALLBACK)
 178                 m->need_builtin_fallbacks = false;
 179
 180         return 0;
 181 }
 182
 183 int config_parse_search_domains(
 184                 const char *unit,
 185                 const char *filename,
 186                 unsigned line,
 187                 const char *section,
 188                 unsigned section_line,
 189                 const char *lvalue,
 190                 int ltype,
 191                 const char *rvalue,
 192                 void *data,
 193                 void *userdata) {
 194
 195         Manager *m = userdata;
 196         int r;
 197
 198         assert(filename);
 199         assert(lvalue);
 200         assert(rvalue);
 201         assert(m);
 202
 203         if (isempty(rvalue))
 204                 /* Empty assignment means clear the list */
 205                 dns_search_domain_unlink_all(m->search_domains);
 206         else {
 207                 /* Otherwise, add to the list */
 208                 r = manager_parse_search_domains_and_warn(m, rvalue);
 209                 if (r < 0) {
 210                         log_syntax(unit, LOG_ERR, filename, line, r, "Failed to parse search domains string '%s'. Ignoring.", rvalue);
 211                         return 0;
 212                 }
 213         }
 214
 215         /* If we have a manual setting, then we stop reading
 216          * /etc/resolv.conf */
 217         m->read_resolv_conf = false;
 218
 219         return 0;
 220 }
 221
 222 int config_parse_dnssd_service_name(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata) {
 223         static const Specifier specifier_table[] = {
 224                 { 'b', specifier_boot_id,         NULL },
 225                 { 'H', specifier_host_name,       NULL },
 226                 { 'm', specifier_machine_id,      NULL },
 227                 { 'v', specifier_kernel_release,  NULL },
 228                 {}
 229         };
 230         DnssdService *s = userdata;
 231         _cleanup_free_ char *name = NULL;
 232         int r;
 233
 234         assert(filename);
 235         assert(lvalue);
 236         assert(rvalue);
 237         assert(s);
 238
 239         if (isempty(rvalue)) {
 240                 log_syntax(unit, LOG_ERR, filename, line, 0, "Service instance name can't be empty. Ignoring.");
 241                 return -EINVAL;
 242         }
 243
 244         r = free_and_strdup(&s->name_template, rvalue);
 245         if (r < 0)
 246                 return log_oom();
 247
 248         r = specifier_printf(s->name_template, specifier_table, NULL, &name);
 249         if (r < 0)
 250                 return log_debug_errno(r, "Failed to replace specifiers: %m");
 251
 252         if (!dns_service_name_is_valid(name)) {
 253                 log_syntax(unit, LOG_ERR, filename, line, 0, "Service instance name template renders to invalid name '%s'. Ignoring.", name);
 254                 return -EINVAL;
 255         }
 256
 257         return 0;
 258 }
 259
 260 int config_parse_dnssd_service_type(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata) {
 261         DnssdService *s = userdata;
 262         int r;
 263
 264         assert(filename);
 265         assert(lvalue);
 266         assert(rvalue);
 267         assert(s);
 268
 269         if (isempty(rvalue)) {
 270                 log_syntax(unit, LOG_ERR, filename, line, 0, "Service type can't be empty. Ignoring.");
 271                 return -EINVAL;
 272         }
 273
 274         if (!dnssd_srv_type_is_valid(rvalue)) {
 275                 log_syntax(unit, LOG_ERR, filename, line, 0, "Service type is invalid. Ignoring.");
 276                 return -EINVAL;
 277         }
 278
 279         r = free_and_strdup(&s->type, rvalue);
 280         if (r < 0)
 281                 return log_oom();
 282
 283         return 0;
 284 }
 285
 286 int config_parse_dnssd_txt(const char *unit, const char *filename, unsigned line, const char *section, unsigned section_line, const char *lvalue, int ltype, const char *rvalue, void *data, void *userdata) {
 287         _cleanup_(dnssd_txtdata_freep) DnssdTxtData *txt_data = NULL;
 288         DnssdService *s = userdata;
 289         DnsTxtItem *last = NULL;
 290
 291         assert(filename);
 292         assert(lvalue);
 293         assert(rvalue);
 294         assert(s);
 295
 296         if (isempty(rvalue)) {
 297                 /* Flush out collected items */
 298                 s->txt_data_items = dnssd_txtdata_free_all(s->txt_data_items);
 299                 return 0;
 300         }
 301
 302         txt_data = new0(DnssdTxtData, 1);
 303         if (!txt_data)
 304                 return log_oom();
 305
 306         for (;;) {
 307                 _cleanup_free_ char *word = NULL;
 308                 _cleanup_free_ char *key = NULL;
 309                 _cleanup_free_ char *value = NULL;
 310                 _cleanup_free_ void *decoded = NULL;
 311                 size_t length = 0;
 312                 DnsTxtItem *i;
 313                 int r;
 314
 315                 r = extract_first_word(&rvalue, &word, NULL,
 316                                        EXTRACT_QUOTES|EXTRACT_CUNESCAPE|EXTRACT_CUNESCAPE_RELAX);
 317                 if (r == 0)
 318                         break;
 319                 if (r == -ENOMEM)
 320                         return log_oom();
 321                 if (r < 0)
 322                         return log_syntax(unit, LOG_ERR, filename, line, r, "Invalid syntax, ignoring: %s", rvalue);
 323
 324                 r = split_pair(word, "=", &key, &value);
 325                 if (r == -ENOMEM)
 326                         return log_oom();
 327                 if (r == -EINVAL)
 328                         key = TAKE_PTR(word);
 329
 330                 if (!ascii_is_valid(key)) {
 331                         log_syntax(unit, LOG_ERR, filename, line, 0, "Invalid syntax, ignoring: %s", key);
 332                         return -EINVAL;
 333                 }
 334
 335                 switch (ltype) {
 336
 337                 case DNS_TXT_ITEM_DATA:
 338                         if (value) {
 339                                 r = unbase64mem(value, strlen(value), &decoded, &length);
 340                                 if (r == -ENOMEM)
 341                                         return log_oom();
 342                                 if (r < 0)
 343                                         return log_syntax(unit, LOG_ERR, filename, line, r,
 344                                                           "Invalid base64 encoding, ignoring: %s", value);
 345                         }
 346
 347                         r = dnssd_txt_item_new_from_data(key, decoded, length, &i);
 348                         if (r < 0)
 349                                 return log_oom();
 350                         break;
 351
 352                 case DNS_TXT_ITEM_TEXT:
 353                         r = dnssd_txt_item_new_from_string(key, value, &i);
 354                         if (r < 0)
 355                                 return log_oom();
 356                         break;
 357
 358                 default:
 359                         assert_not_reached("Unknown type of Txt config");
 360                 }
 361
 362                 LIST_INSERT_AFTER(items, txt_data->txt, last, i);
 363                 last = i;
 364         }
 365
 366         if (!LIST_IS_EMPTY(txt_data->txt)) {
 367                 LIST_PREPEND(items, s->txt_data_items, txt_data);
 368                 txt_data = NULL;
 369         }
 370
 371         return 0;
 372 }
 373
 374 int manager_parse_config_file(Manager *m) {
 375         int r;
 376
 377         assert(m);
 378
 379         r = config_parse_many_nulstr(PKGSYSCONFDIR "/resolved.conf",
 380                                      CONF_PATHS_NULSTR("systemd/resolved.conf.d"),
 381                                      "Resolve\0",
 382                                      config_item_perf_lookup, resolved_gperf_lookup,
 383                                      CONFIG_PARSE_WARN, m);
 384         if (r < 0)
 385                 return r;
 386
 387         if (m->need_builtin_fallbacks) {
 388                 r = manager_parse_dns_server_string_and_warn(m, DNS_SERVER_FALLBACK, DNS_SERVERS);
 389                 if (r < 0)
 390                         return r;
 391         }
 392
 393 #if ! HAVE_GCRYPT
 394         if (m->dnssec_mode != DNSSEC_NO) {
 395                 log_warning("DNSSEC option cannot be enabled or set to allow-downgrade when systemd-resolved is built without gcrypt support. Turning off DNSSEC support.");
 396                 m->dnssec_mode = DNSSEC_NO;
 397         }
 398 #endif
 399
 400 #if ! HAVE_GNUTLS
 401         if (m->dns_over_tls_mode != DNS_OVER_TLS_NO) {
 402                 log_warning("DNS-over-TLS option cannot be set to opportunistic when systemd-resolved is built without gnutls support. Turning off DNS-over-TLS support.");
 403                 m->dns_over_tls_mode = DNS_OVER_TLS_NO;
 404         }
 405 #endif
 406         return 0;
 407
 408 }