1 /* SPDX-License-Identifier: LGPL-2.1+ */
4 #include <netinet/in.h>
5 #include <sys/capability.h>
7 #include "alloc-util.h"
8 #include "bus-common-errors.h"
9 #include "bus-get-properties.h"
10 #include "bus-polkit.h"
11 #include "parse-util.h"
12 #include "resolve-util.h"
13 #include "resolved-bus.h"
14 #include "resolved-link-bus.h"
15 #include "resolved-resolv-conf.h"
16 #include "socket-netlink.h"
17 #include "stdio-util.h"
19 #include "user-util.h"
21 static BUS_DEFINE_PROPERTY_GET(property_get_dnssec_supported
, "b", Link
, link_dnssec_supported
);
22 static BUS_DEFINE_PROPERTY_GET2(property_get_dnssec_mode
, "s", Link
, link_get_dnssec_mode
, dnssec_mode_to_string
);
24 static int property_get_dns_over_tls_mode(
27 const char *interface
,
29 sd_bus_message
*reply
,
31 sd_bus_error
*error
) {
38 return sd_bus_message_append(reply
, "s", dns_over_tls_mode_to_string(link_get_dns_over_tls_mode(l
)));
41 static int property_get_dns_internal(
44 const char *interface
,
46 sd_bus_message
*reply
,
58 r
= sd_bus_message_open_container(reply
, 'a', extended
? "(iayqs)" : "(iay)");
62 LIST_FOREACH(servers
, s
, l
->dns_servers
) {
63 r
= bus_dns_server_append(reply
, s
, false, extended
);
68 return sd_bus_message_close_container(reply
);
71 static int property_get_dns(
74 const char *interface
,
76 sd_bus_message
*reply
,
78 sd_bus_error
*error
) {
79 return property_get_dns_internal(bus
, path
, interface
, property
, reply
, userdata
, error
, false);
82 static int property_get_dns_ex(
85 const char *interface
,
87 sd_bus_message
*reply
,
89 sd_bus_error
*error
) {
90 return property_get_dns_internal(bus
, path
, interface
, property
, reply
, userdata
, error
, true);
93 static int property_get_current_dns_server_internal(
96 const char *interface
,
98 sd_bus_message
*reply
,
108 s
= *(DnsServer
**) userdata
;
110 return bus_dns_server_append(reply
, s
, false, extended
);
113 static int property_get_current_dns_server(
116 const char *interface
,
117 const char *property
,
118 sd_bus_message
*reply
,
120 sd_bus_error
*error
) {
121 return property_get_current_dns_server_internal(bus
, path
, interface
, property
, reply
, userdata
, error
, false);
124 static int property_get_current_dns_server_ex(
127 const char *interface
,
128 const char *property
,
129 sd_bus_message
*reply
,
131 sd_bus_error
*error
) {
132 return property_get_current_dns_server_internal(bus
, path
, interface
, property
, reply
, userdata
, error
, true);
135 static int property_get_domains(
138 const char *interface
,
139 const char *property
,
140 sd_bus_message
*reply
,
142 sd_bus_error
*error
) {
151 r
= sd_bus_message_open_container(reply
, 'a', "(sb)");
155 LIST_FOREACH(domains
, d
, l
->search_domains
) {
156 r
= sd_bus_message_append(reply
, "(sb)", d
->name
, d
->route_only
);
161 return sd_bus_message_close_container(reply
);
164 static int property_get_default_route(
167 const char *interface
,
168 const char *property
,
169 sd_bus_message
*reply
,
171 sd_bus_error
*error
) {
178 /* Return what is configured, if there's something configured */
179 if (l
->default_route
>= 0)
180 return sd_bus_message_append(reply
, "b", l
->default_route
);
182 /* Otherwise report what is in effect */
183 if (l
->unicast_scope
)
184 return sd_bus_message_append(reply
, "b", dns_scope_is_default_route(l
->unicast_scope
));
186 return sd_bus_message_append(reply
, "b", false);
189 static int property_get_scopes_mask(
192 const char *interface
,
193 const char *property
,
194 sd_bus_message
*reply
,
196 sd_bus_error
*error
) {
204 mask
= (l
->unicast_scope
? SD_RESOLVED_DNS
: 0) |
205 (l
->llmnr_ipv4_scope
? SD_RESOLVED_LLMNR_IPV4
: 0) |
206 (l
->llmnr_ipv6_scope
? SD_RESOLVED_LLMNR_IPV6
: 0) |
207 (l
->mdns_ipv4_scope
? SD_RESOLVED_MDNS_IPV4
: 0) |
208 (l
->mdns_ipv6_scope
? SD_RESOLVED_MDNS_IPV6
: 0);
210 return sd_bus_message_append(reply
, "t", mask
);
213 static int property_get_ntas(
216 const char *interface
,
217 const char *property
,
218 sd_bus_message
*reply
,
220 sd_bus_error
*error
) {
230 r
= sd_bus_message_open_container(reply
, 'a', "s");
234 SET_FOREACH(name
, l
->dnssec_negative_trust_anchors
, i
) {
235 r
= sd_bus_message_append(reply
, "s", name
);
240 return sd_bus_message_close_container(reply
);
243 static int verify_unmanaged_link(Link
*l
, sd_bus_error
*error
) {
246 if (l
->flags
& IFF_LOOPBACK
)
247 return sd_bus_error_setf(error
, BUS_ERROR_LINK_BUSY
, "Link %s is loopback device.", l
->ifname
);
249 return sd_bus_error_setf(error
, BUS_ERROR_LINK_BUSY
, "Link %s is managed.", l
->ifname
);
254 static int bus_link_method_set_dns_servers_internal(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
, bool extended
) {
255 struct in_addr_full
**dns
= NULL
;
256 size_t allocated
= 0, n
= 0;
263 r
= verify_unmanaged_link(l
, error
);
267 r
= sd_bus_message_enter_container(message
, 'a', extended
? "(iayqs)" : "(iay)");
272 const char *server_name
= NULL
;
273 union in_addr_union a
;
279 assert_cc(sizeof(int) == sizeof(int32_t));
281 r
= sd_bus_message_enter_container(message
, 'r', extended
? "iayqs" : "iay");
287 r
= sd_bus_message_read(message
, "i", &family
);
291 if (!IN_SET(family
, AF_INET
, AF_INET6
)) {
292 r
= sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Unknown address family %i", family
);
296 r
= sd_bus_message_read_array(message
, 'y', &d
, &sz
);
299 if (sz
!= FAMILY_ADDRESS_SIZE(family
)) {
300 r
= sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid address size");
304 if (!dns_server_address_valid(family
, d
)) {
305 r
= sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid DNS server address");
310 r
= sd_bus_message_read(message
, "q", &port
);
314 if (IN_SET(port
, 53, 853))
317 r
= sd_bus_message_read(message
, "s", &server_name
);
322 r
= sd_bus_message_exit_container(message
);
326 if (!GREEDY_REALLOC(dns
, allocated
, n
+1)) {
332 r
= in_addr_full_new(family
, &a
, port
, 0, server_name
, dns
+ n
);
338 r
= sd_bus_message_exit_container(message
);
342 r
= bus_verify_polkit_async(message
, CAP_NET_ADMIN
,
343 "org.freedesktop.resolve1.set-dns-servers",
344 NULL
, true, UID_INVALID
,
345 &l
->manager
->polkit_registry
, error
);
349 r
= 1; /* Polkit will call us back */
353 dns_server_mark_all(l
->dns_servers
);
355 for (size_t i
= 0; i
< n
; i
++) {
358 s
= dns_server_find(l
->dns_servers
, dns
[i
]->family
, &dns
[i
]->address
, dns
[i
]->port
, 0, dns
[i
]->server_name
);
360 dns_server_move_back_and_unmark(s
);
362 r
= dns_server_new(l
->manager
, NULL
, DNS_SERVER_LINK
, l
, dns
[i
]->family
, &dns
[i
]->address
, dns
[i
]->port
, 0, dns
[i
]->server_name
);
364 dns_server_unlink_all(l
->dns_servers
);
371 dns_server_unlink_marked(l
->dns_servers
);
372 link_allocate_scopes(l
);
374 (void) link_save_user(l
);
375 (void) manager_write_resolv_conf(l
->manager
);
376 (void) manager_send_changed(l
->manager
, "DNS");
378 r
= sd_bus_reply_method_return(message
, NULL
);
381 for (size_t i
= 0; i
< n
; i
++)
382 in_addr_full_free(dns
[i
]);
388 int bus_link_method_set_dns_servers(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
389 return bus_link_method_set_dns_servers_internal(message
, userdata
, error
, false);
392 int bus_link_method_set_dns_servers_ex(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
393 return bus_link_method_set_dns_servers_internal(message
, userdata
, error
, true);
396 int bus_link_method_set_domains(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
403 r
= verify_unmanaged_link(l
, error
);
407 r
= sd_bus_message_enter_container(message
, 'a', "(sb)");
415 r
= sd_bus_message_read(message
, "(sb)", &name
, &route_only
);
421 r
= dns_name_is_valid(name
);
425 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid search domain %s", name
);
426 if (!route_only
&& dns_name_is_root(name
))
427 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Root domain is not suitable as search domain");
430 r
= sd_bus_message_rewind(message
, false);
434 r
= bus_verify_polkit_async(message
, CAP_NET_ADMIN
,
435 "org.freedesktop.resolve1.set-domains",
436 NULL
, true, UID_INVALID
,
437 &l
->manager
->polkit_registry
, error
);
441 return 1; /* Polkit will call us back */
443 dns_search_domain_mark_all(l
->search_domains
);
450 r
= sd_bus_message_read(message
, "(sb)", &name
, &route_only
);
456 r
= dns_search_domain_find(l
->search_domains
, name
, &d
);
461 dns_search_domain_move_back_and_unmark(d
);
463 r
= dns_search_domain_new(l
->manager
, &d
, DNS_SEARCH_DOMAIN_LINK
, l
, name
);
468 d
->route_only
= route_only
;
471 r
= sd_bus_message_exit_container(message
);
475 dns_search_domain_unlink_marked(l
->search_domains
);
477 (void) link_save_user(l
);
478 (void) manager_write_resolv_conf(l
->manager
);
480 return sd_bus_reply_method_return(message
, NULL
);
483 dns_search_domain_unlink_all(l
->search_domains
);
487 int bus_link_method_set_default_route(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
494 r
= verify_unmanaged_link(l
, error
);
498 r
= sd_bus_message_read(message
, "b", &b
);
502 r
= bus_verify_polkit_async(message
, CAP_NET_ADMIN
,
503 "org.freedesktop.resolve1.set-default-route",
504 NULL
, true, UID_INVALID
,
505 &l
->manager
->polkit_registry
, error
);
509 return 1; /* Polkit will call us back */
511 if (l
->default_route
!= b
) {
512 l
->default_route
= b
;
514 (void) link_save_user(l
);
515 (void) manager_write_resolv_conf(l
->manager
);
518 return sd_bus_reply_method_return(message
, NULL
);
521 int bus_link_method_set_llmnr(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
530 r
= verify_unmanaged_link(l
, error
);
534 r
= sd_bus_message_read(message
, "s", &llmnr
);
539 mode
= RESOLVE_SUPPORT_YES
;
541 mode
= resolve_support_from_string(llmnr
);
543 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid LLMNR setting: %s", llmnr
);
546 r
= bus_verify_polkit_async(message
, CAP_NET_ADMIN
,
547 "org.freedesktop.resolve1.set-llmnr",
548 NULL
, true, UID_INVALID
,
549 &l
->manager
->polkit_registry
, error
);
553 return 1; /* Polkit will call us back */
555 l
->llmnr_support
= mode
;
556 link_allocate_scopes(l
);
557 link_add_rrs(l
, false);
559 (void) link_save_user(l
);
561 return sd_bus_reply_method_return(message
, NULL
);
564 int bus_link_method_set_mdns(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
573 r
= verify_unmanaged_link(l
, error
);
577 r
= sd_bus_message_read(message
, "s", &mdns
);
582 mode
= RESOLVE_SUPPORT_NO
;
584 mode
= resolve_support_from_string(mdns
);
586 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid MulticastDNS setting: %s", mdns
);
589 r
= bus_verify_polkit_async(message
, CAP_NET_ADMIN
,
590 "org.freedesktop.resolve1.set-mdns",
591 NULL
, true, UID_INVALID
,
592 &l
->manager
->polkit_registry
, error
);
596 return 1; /* Polkit will call us back */
598 l
->mdns_support
= mode
;
599 link_allocate_scopes(l
);
600 link_add_rrs(l
, false);
602 (void) link_save_user(l
);
604 return sd_bus_reply_method_return(message
, NULL
);
607 int bus_link_method_set_dns_over_tls(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
609 const char *dns_over_tls
;
616 r
= verify_unmanaged_link(l
, error
);
620 r
= sd_bus_message_read(message
, "s", &dns_over_tls
);
624 if (isempty(dns_over_tls
))
625 mode
= _DNS_OVER_TLS_MODE_INVALID
;
627 mode
= dns_over_tls_mode_from_string(dns_over_tls
);
629 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid DNSOverTLS setting: %s", dns_over_tls
);
632 r
= bus_verify_polkit_async(message
, CAP_NET_ADMIN
,
633 "org.freedesktop.resolve1.set-dns-over-tls",
634 NULL
, true, UID_INVALID
,
635 &l
->manager
->polkit_registry
, error
);
639 return 1; /* Polkit will call us back */
641 link_set_dns_over_tls_mode(l
, mode
);
643 (void) link_save_user(l
);
645 return sd_bus_reply_method_return(message
, NULL
);
648 int bus_link_method_set_dnssec(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
657 r
= verify_unmanaged_link(l
, error
);
661 r
= sd_bus_message_read(message
, "s", &dnssec
);
666 mode
= _DNSSEC_MODE_INVALID
;
668 mode
= dnssec_mode_from_string(dnssec
);
670 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid DNSSEC setting: %s", dnssec
);
673 r
= bus_verify_polkit_async(message
, CAP_NET_ADMIN
,
674 "org.freedesktop.resolve1.set-dnssec",
675 NULL
, true, UID_INVALID
,
676 &l
->manager
->polkit_registry
, error
);
680 return 1; /* Polkit will call us back */
682 link_set_dnssec_mode(l
, mode
);
684 (void) link_save_user(l
);
686 return sd_bus_reply_method_return(message
, NULL
);
689 int bus_link_method_set_dnssec_negative_trust_anchors(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
690 _cleanup_set_free_free_ Set
*ns
= NULL
;
691 _cleanup_strv_free_
char **ntas
= NULL
;
699 r
= verify_unmanaged_link(l
, error
);
703 ns
= set_new(&dns_name_hash_ops
);
707 r
= sd_bus_message_read_strv(message
, &ntas
);
711 STRV_FOREACH(i
, ntas
) {
712 r
= dns_name_is_valid(*i
);
716 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
,
717 "Invalid negative trust anchor domain: %s", *i
);
719 r
= set_put_strdup(&ns
, *i
);
724 r
= bus_verify_polkit_async(message
, CAP_NET_ADMIN
,
725 "org.freedesktop.resolve1.set-dnssec-negative-trust-anchors",
726 NULL
, true, UID_INVALID
,
727 &l
->manager
->polkit_registry
, error
);
731 return 1; /* Polkit will call us back */
733 set_free_free(l
->dnssec_negative_trust_anchors
);
734 l
->dnssec_negative_trust_anchors
= TAKE_PTR(ns
);
736 (void) link_save_user(l
);
738 return sd_bus_reply_method_return(message
, NULL
);
741 int bus_link_method_revert(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
748 r
= verify_unmanaged_link(l
, error
);
752 r
= bus_verify_polkit_async(message
, CAP_NET_ADMIN
,
753 "org.freedesktop.resolve1.revert",
754 NULL
, true, UID_INVALID
,
755 &l
->manager
->polkit_registry
, error
);
759 return 1; /* Polkit will call us back */
761 link_flush_settings(l
);
762 link_allocate_scopes(l
);
763 link_add_rrs(l
, false);
765 (void) link_save_user(l
);
766 (void) manager_write_resolv_conf(l
->manager
);
767 (void) manager_send_changed(l
->manager
, "DNS");
769 return sd_bus_reply_method_return(message
, NULL
);
772 static int link_object_find(sd_bus
*bus
, const char *path
, const char *interface
, void *userdata
, void **found
, sd_bus_error
*error
) {
773 _cleanup_free_
char *e
= NULL
;
774 Manager
*m
= userdata
;
784 r
= sd_bus_path_decode(path
, "/org/freedesktop/resolve1/link", &e
);
788 ifindex
= parse_ifindex(e
);
792 link
= hashmap_get(m
->links
, INT_TO_PTR(ifindex
));
800 char *link_bus_path(const Link
*link
) {
801 char *p
, ifindex
[DECIMAL_STR_MAX(link
->ifindex
)];
806 xsprintf(ifindex
, "%i", link
->ifindex
);
808 r
= sd_bus_path_encode("/org/freedesktop/resolve1/link", ifindex
, &p
);
815 static int link_node_enumerator(sd_bus
*bus
, const char *path
, void *userdata
, char ***nodes
, sd_bus_error
*error
) {
816 _cleanup_strv_free_
char **l
= NULL
;
817 Manager
*m
= userdata
;
827 l
= new0(char*, hashmap_size(m
->links
) + 1);
831 HASHMAP_FOREACH(link
, m
->links
, i
) {
834 p
= link_bus_path(link
);
842 *nodes
= TAKE_PTR(l
);
847 static const sd_bus_vtable link_vtable
[] = {
848 SD_BUS_VTABLE_START(0),
850 SD_BUS_PROPERTY("ScopesMask", "t", property_get_scopes_mask
, 0, 0),
851 SD_BUS_PROPERTY("DNS", "a(iay)", property_get_dns
, 0, 0),
852 SD_BUS_PROPERTY("DNSEx", "a(iayqs)", property_get_dns_ex
, 0, 0),
853 SD_BUS_PROPERTY("CurrentDNSServer", "(iay)", property_get_current_dns_server
, offsetof(Link
, current_dns_server
), 0),
854 SD_BUS_PROPERTY("CurrentDNSServerEx", "(iayqs)", property_get_current_dns_server_ex
, offsetof(Link
, current_dns_server
), 0),
855 SD_BUS_PROPERTY("Domains", "a(sb)", property_get_domains
, 0, 0),
856 SD_BUS_PROPERTY("DefaultRoute", "b", property_get_default_route
, 0, 0),
857 SD_BUS_PROPERTY("LLMNR", "s", bus_property_get_resolve_support
, offsetof(Link
, llmnr_support
), 0),
858 SD_BUS_PROPERTY("MulticastDNS", "s", bus_property_get_resolve_support
, offsetof(Link
, mdns_support
), 0),
859 SD_BUS_PROPERTY("DNSOverTLS", "s", property_get_dns_over_tls_mode
, 0, 0),
860 SD_BUS_PROPERTY("DNSSEC", "s", property_get_dnssec_mode
, 0, 0),
861 SD_BUS_PROPERTY("DNSSECNegativeTrustAnchors", "as", property_get_ntas
, 0, 0),
862 SD_BUS_PROPERTY("DNSSECSupported", "b", property_get_dnssec_supported
, 0, 0),
864 SD_BUS_METHOD_WITH_ARGS("SetDNS",
865 SD_BUS_ARGS("a(iay)", addresses
),
867 bus_link_method_set_dns_servers
,
868 SD_BUS_VTABLE_UNPRIVILEGED
),
869 SD_BUS_METHOD_WITH_ARGS("SetDNSEx",
870 SD_BUS_ARGS("a(iayqs)", addresses
),
872 bus_link_method_set_dns_servers_ex
,
873 SD_BUS_VTABLE_UNPRIVILEGED
),
874 SD_BUS_METHOD_WITH_ARGS("SetDomains",
875 SD_BUS_ARGS("a(sb)", domains
),
877 bus_link_method_set_domains
,
878 SD_BUS_VTABLE_UNPRIVILEGED
),
879 SD_BUS_METHOD_WITH_ARGS("SetDefaultRoute",
880 SD_BUS_ARGS("b", enable
),
882 bus_link_method_set_default_route
,
883 SD_BUS_VTABLE_UNPRIVILEGED
),
884 SD_BUS_METHOD_WITH_ARGS("SetLLMNR",
885 SD_BUS_ARGS("s", mode
),
887 bus_link_method_set_llmnr
,
888 SD_BUS_VTABLE_UNPRIVILEGED
),
889 SD_BUS_METHOD_WITH_ARGS("SetMulticastDNS",
890 SD_BUS_ARGS("s", mode
),
892 bus_link_method_set_mdns
,
893 SD_BUS_VTABLE_UNPRIVILEGED
),
894 SD_BUS_METHOD_WITH_ARGS("SetDNSOverTLS",
895 SD_BUS_ARGS("s", mode
),
897 bus_link_method_set_dns_over_tls
,
898 SD_BUS_VTABLE_UNPRIVILEGED
),
899 SD_BUS_METHOD_WITH_ARGS("SetDNSSEC",
900 SD_BUS_ARGS("s", mode
),
902 bus_link_method_set_dnssec
,
903 SD_BUS_VTABLE_UNPRIVILEGED
),
904 SD_BUS_METHOD_WITH_ARGS("SetDNSSECNegativeTrustAnchors",
905 SD_BUS_ARGS("as", names
),
907 bus_link_method_set_dnssec_negative_trust_anchors
,
908 SD_BUS_VTABLE_UNPRIVILEGED
),
909 SD_BUS_METHOD_WITH_ARGS("Revert",
912 bus_link_method_revert
,
913 SD_BUS_VTABLE_UNPRIVILEGED
),
918 const BusObjectImplementation link_object
= {
919 "/org/freedesktop/resolve1/link",
920 "org.freedesktop.resolve1.Link",
921 .fallback_vtables
= BUS_FALLBACK_VTABLES({link_vtable
, link_object_find
}),
922 .node_enumerator
= link_node_enumerator
,