1 /* SPDX-License-Identifier: LGPL-2.1+ */
4 #include <netinet/in.h>
5 #include <sys/capability.h>
7 #include "alloc-util.h"
8 #include "bus-common-errors.h"
9 #include "bus-get-properties.h"
10 #include "bus-message-util.h"
11 #include "bus-polkit.h"
12 #include "parse-util.h"
13 #include "resolve-util.h"
14 #include "resolved-bus.h"
15 #include "resolved-link-bus.h"
16 #include "resolved-resolv-conf.h"
17 #include "socket-netlink.h"
18 #include "stdio-util.h"
20 #include "user-util.h"
22 static BUS_DEFINE_PROPERTY_GET(property_get_dnssec_supported
, "b", Link
, link_dnssec_supported
);
23 static BUS_DEFINE_PROPERTY_GET2(property_get_dnssec_mode
, "s", Link
, link_get_dnssec_mode
, dnssec_mode_to_string
);
25 static int property_get_dns_over_tls_mode(
28 const char *interface
,
30 sd_bus_message
*reply
,
32 sd_bus_error
*error
) {
39 return sd_bus_message_append(reply
, "s", dns_over_tls_mode_to_string(link_get_dns_over_tls_mode(l
)));
42 static int property_get_dns_internal(
45 const char *interface
,
47 sd_bus_message
*reply
,
59 r
= sd_bus_message_open_container(reply
, 'a', extended
? "(iayqs)" : "(iay)");
63 LIST_FOREACH(servers
, s
, l
->dns_servers
) {
64 r
= bus_dns_server_append(reply
, s
, false, extended
);
69 return sd_bus_message_close_container(reply
);
72 static int property_get_dns(
75 const char *interface
,
77 sd_bus_message
*reply
,
79 sd_bus_error
*error
) {
80 return property_get_dns_internal(bus
, path
, interface
, property
, reply
, userdata
, error
, false);
83 static int property_get_dns_ex(
86 const char *interface
,
88 sd_bus_message
*reply
,
90 sd_bus_error
*error
) {
91 return property_get_dns_internal(bus
, path
, interface
, property
, reply
, userdata
, error
, true);
94 static int property_get_current_dns_server_internal(
97 const char *interface
,
99 sd_bus_message
*reply
,
109 s
= *(DnsServer
**) userdata
;
111 return bus_dns_server_append(reply
, s
, false, extended
);
114 static int property_get_current_dns_server(
117 const char *interface
,
118 const char *property
,
119 sd_bus_message
*reply
,
121 sd_bus_error
*error
) {
122 return property_get_current_dns_server_internal(bus
, path
, interface
, property
, reply
, userdata
, error
, false);
125 static int property_get_current_dns_server_ex(
128 const char *interface
,
129 const char *property
,
130 sd_bus_message
*reply
,
132 sd_bus_error
*error
) {
133 return property_get_current_dns_server_internal(bus
, path
, interface
, property
, reply
, userdata
, error
, true);
136 static int property_get_domains(
139 const char *interface
,
140 const char *property
,
141 sd_bus_message
*reply
,
143 sd_bus_error
*error
) {
152 r
= sd_bus_message_open_container(reply
, 'a', "(sb)");
156 LIST_FOREACH(domains
, d
, l
->search_domains
) {
157 r
= sd_bus_message_append(reply
, "(sb)", d
->name
, d
->route_only
);
162 return sd_bus_message_close_container(reply
);
165 static int property_get_default_route(
168 const char *interface
,
169 const char *property
,
170 sd_bus_message
*reply
,
172 sd_bus_error
*error
) {
179 /* Return what is configured, if there's something configured */
180 if (l
->default_route
>= 0)
181 return sd_bus_message_append(reply
, "b", l
->default_route
);
183 /* Otherwise report what is in effect */
184 if (l
->unicast_scope
)
185 return sd_bus_message_append(reply
, "b", dns_scope_is_default_route(l
->unicast_scope
));
187 return sd_bus_message_append(reply
, "b", false);
190 static int property_get_scopes_mask(
193 const char *interface
,
194 const char *property
,
195 sd_bus_message
*reply
,
197 sd_bus_error
*error
) {
205 mask
= (l
->unicast_scope
? SD_RESOLVED_DNS
: 0) |
206 (l
->llmnr_ipv4_scope
? SD_RESOLVED_LLMNR_IPV4
: 0) |
207 (l
->llmnr_ipv6_scope
? SD_RESOLVED_LLMNR_IPV6
: 0) |
208 (l
->mdns_ipv4_scope
? SD_RESOLVED_MDNS_IPV4
: 0) |
209 (l
->mdns_ipv6_scope
? SD_RESOLVED_MDNS_IPV6
: 0);
211 return sd_bus_message_append(reply
, "t", mask
);
214 static int property_get_ntas(
217 const char *interface
,
218 const char *property
,
219 sd_bus_message
*reply
,
221 sd_bus_error
*error
) {
231 r
= sd_bus_message_open_container(reply
, 'a', "s");
235 SET_FOREACH(name
, l
->dnssec_negative_trust_anchors
, i
) {
236 r
= sd_bus_message_append(reply
, "s", name
);
241 return sd_bus_message_close_container(reply
);
244 static int verify_unmanaged_link(Link
*l
, sd_bus_error
*error
) {
247 if (l
->flags
& IFF_LOOPBACK
)
248 return sd_bus_error_setf(error
, BUS_ERROR_LINK_BUSY
, "Link %s is loopback device.", l
->ifname
);
250 return sd_bus_error_setf(error
, BUS_ERROR_LINK_BUSY
, "Link %s is managed.", l
->ifname
);
255 static int bus_link_method_set_dns_servers_internal(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
, bool extended
) {
256 struct in_addr_full
**dns
;
264 r
= verify_unmanaged_link(l
, error
);
268 r
= bus_message_read_dns_servers(message
, error
, extended
, &dns
, &n
);
272 r
= bus_verify_polkit_async(message
, CAP_NET_ADMIN
,
273 "org.freedesktop.resolve1.set-dns-servers",
274 NULL
, true, UID_INVALID
,
275 &l
->manager
->polkit_registry
, error
);
279 r
= 1; /* Polkit will call us back */
283 dns_server_mark_all(l
->dns_servers
);
285 for (size_t i
= 0; i
< n
; i
++) {
288 s
= dns_server_find(l
->dns_servers
, dns
[i
]->family
, &dns
[i
]->address
, dns
[i
]->port
, 0, dns
[i
]->server_name
);
290 dns_server_move_back_and_unmark(s
);
292 r
= dns_server_new(l
->manager
, NULL
, DNS_SERVER_LINK
, l
, dns
[i
]->family
, &dns
[i
]->address
, dns
[i
]->port
, 0, dns
[i
]->server_name
);
294 dns_server_unlink_all(l
->dns_servers
);
301 dns_server_unlink_marked(l
->dns_servers
);
302 link_allocate_scopes(l
);
304 (void) link_save_user(l
);
305 (void) manager_write_resolv_conf(l
->manager
);
306 (void) manager_send_changed(l
->manager
, "DNS");
308 r
= sd_bus_reply_method_return(message
, NULL
);
311 for (size_t i
= 0; i
< n
; i
++)
312 in_addr_full_free(dns
[i
]);
318 int bus_link_method_set_dns_servers(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
319 return bus_link_method_set_dns_servers_internal(message
, userdata
, error
, false);
322 int bus_link_method_set_dns_servers_ex(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
323 return bus_link_method_set_dns_servers_internal(message
, userdata
, error
, true);
326 int bus_link_method_set_domains(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
333 r
= verify_unmanaged_link(l
, error
);
337 r
= sd_bus_message_enter_container(message
, 'a', "(sb)");
345 r
= sd_bus_message_read(message
, "(sb)", &name
, &route_only
);
351 r
= dns_name_is_valid(name
);
355 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid search domain %s", name
);
356 if (!route_only
&& dns_name_is_root(name
))
357 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Root domain is not suitable as search domain");
360 r
= sd_bus_message_rewind(message
, false);
364 r
= bus_verify_polkit_async(message
, CAP_NET_ADMIN
,
365 "org.freedesktop.resolve1.set-domains",
366 NULL
, true, UID_INVALID
,
367 &l
->manager
->polkit_registry
, error
);
371 return 1; /* Polkit will call us back */
373 dns_search_domain_mark_all(l
->search_domains
);
380 r
= sd_bus_message_read(message
, "(sb)", &name
, &route_only
);
386 r
= dns_search_domain_find(l
->search_domains
, name
, &d
);
391 dns_search_domain_move_back_and_unmark(d
);
393 r
= dns_search_domain_new(l
->manager
, &d
, DNS_SEARCH_DOMAIN_LINK
, l
, name
);
398 d
->route_only
= route_only
;
401 r
= sd_bus_message_exit_container(message
);
405 dns_search_domain_unlink_marked(l
->search_domains
);
407 (void) link_save_user(l
);
408 (void) manager_write_resolv_conf(l
->manager
);
410 return sd_bus_reply_method_return(message
, NULL
);
413 dns_search_domain_unlink_all(l
->search_domains
);
417 int bus_link_method_set_default_route(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
424 r
= verify_unmanaged_link(l
, error
);
428 r
= sd_bus_message_read(message
, "b", &b
);
432 r
= bus_verify_polkit_async(message
, CAP_NET_ADMIN
,
433 "org.freedesktop.resolve1.set-default-route",
434 NULL
, true, UID_INVALID
,
435 &l
->manager
->polkit_registry
, error
);
439 return 1; /* Polkit will call us back */
441 if (l
->default_route
!= b
) {
442 l
->default_route
= b
;
444 (void) link_save_user(l
);
445 (void) manager_write_resolv_conf(l
->manager
);
448 return sd_bus_reply_method_return(message
, NULL
);
451 int bus_link_method_set_llmnr(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
460 r
= verify_unmanaged_link(l
, error
);
464 r
= sd_bus_message_read(message
, "s", &llmnr
);
469 mode
= RESOLVE_SUPPORT_YES
;
471 mode
= resolve_support_from_string(llmnr
);
473 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid LLMNR setting: %s", llmnr
);
476 r
= bus_verify_polkit_async(message
, CAP_NET_ADMIN
,
477 "org.freedesktop.resolve1.set-llmnr",
478 NULL
, true, UID_INVALID
,
479 &l
->manager
->polkit_registry
, error
);
483 return 1; /* Polkit will call us back */
485 l
->llmnr_support
= mode
;
486 link_allocate_scopes(l
);
487 link_add_rrs(l
, false);
489 (void) link_save_user(l
);
491 return sd_bus_reply_method_return(message
, NULL
);
494 int bus_link_method_set_mdns(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
503 r
= verify_unmanaged_link(l
, error
);
507 r
= sd_bus_message_read(message
, "s", &mdns
);
512 mode
= RESOLVE_SUPPORT_NO
;
514 mode
= resolve_support_from_string(mdns
);
516 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid MulticastDNS setting: %s", mdns
);
519 r
= bus_verify_polkit_async(message
, CAP_NET_ADMIN
,
520 "org.freedesktop.resolve1.set-mdns",
521 NULL
, true, UID_INVALID
,
522 &l
->manager
->polkit_registry
, error
);
526 return 1; /* Polkit will call us back */
528 l
->mdns_support
= mode
;
529 link_allocate_scopes(l
);
530 link_add_rrs(l
, false);
532 (void) link_save_user(l
);
534 return sd_bus_reply_method_return(message
, NULL
);
537 int bus_link_method_set_dns_over_tls(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
539 const char *dns_over_tls
;
546 r
= verify_unmanaged_link(l
, error
);
550 r
= sd_bus_message_read(message
, "s", &dns_over_tls
);
554 if (isempty(dns_over_tls
))
555 mode
= _DNS_OVER_TLS_MODE_INVALID
;
557 mode
= dns_over_tls_mode_from_string(dns_over_tls
);
559 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid DNSOverTLS setting: %s", dns_over_tls
);
562 r
= bus_verify_polkit_async(message
, CAP_NET_ADMIN
,
563 "org.freedesktop.resolve1.set-dns-over-tls",
564 NULL
, true, UID_INVALID
,
565 &l
->manager
->polkit_registry
, error
);
569 return 1; /* Polkit will call us back */
571 link_set_dns_over_tls_mode(l
, mode
);
573 (void) link_save_user(l
);
575 return sd_bus_reply_method_return(message
, NULL
);
578 int bus_link_method_set_dnssec(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
587 r
= verify_unmanaged_link(l
, error
);
591 r
= sd_bus_message_read(message
, "s", &dnssec
);
596 mode
= _DNSSEC_MODE_INVALID
;
598 mode
= dnssec_mode_from_string(dnssec
);
600 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
, "Invalid DNSSEC setting: %s", dnssec
);
603 r
= bus_verify_polkit_async(message
, CAP_NET_ADMIN
,
604 "org.freedesktop.resolve1.set-dnssec",
605 NULL
, true, UID_INVALID
,
606 &l
->manager
->polkit_registry
, error
);
610 return 1; /* Polkit will call us back */
612 link_set_dnssec_mode(l
, mode
);
614 (void) link_save_user(l
);
616 return sd_bus_reply_method_return(message
, NULL
);
619 int bus_link_method_set_dnssec_negative_trust_anchors(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
620 _cleanup_set_free_free_ Set
*ns
= NULL
;
621 _cleanup_strv_free_
char **ntas
= NULL
;
629 r
= verify_unmanaged_link(l
, error
);
633 ns
= set_new(&dns_name_hash_ops
);
637 r
= sd_bus_message_read_strv(message
, &ntas
);
641 STRV_FOREACH(i
, ntas
) {
642 r
= dns_name_is_valid(*i
);
646 return sd_bus_error_setf(error
, SD_BUS_ERROR_INVALID_ARGS
,
647 "Invalid negative trust anchor domain: %s", *i
);
649 r
= set_put_strdup(&ns
, *i
);
654 r
= bus_verify_polkit_async(message
, CAP_NET_ADMIN
,
655 "org.freedesktop.resolve1.set-dnssec-negative-trust-anchors",
656 NULL
, true, UID_INVALID
,
657 &l
->manager
->polkit_registry
, error
);
661 return 1; /* Polkit will call us back */
663 set_free_free(l
->dnssec_negative_trust_anchors
);
664 l
->dnssec_negative_trust_anchors
= TAKE_PTR(ns
);
666 (void) link_save_user(l
);
668 return sd_bus_reply_method_return(message
, NULL
);
671 int bus_link_method_revert(sd_bus_message
*message
, void *userdata
, sd_bus_error
*error
) {
678 r
= verify_unmanaged_link(l
, error
);
682 r
= bus_verify_polkit_async(message
, CAP_NET_ADMIN
,
683 "org.freedesktop.resolve1.revert",
684 NULL
, true, UID_INVALID
,
685 &l
->manager
->polkit_registry
, error
);
689 return 1; /* Polkit will call us back */
691 link_flush_settings(l
);
692 link_allocate_scopes(l
);
693 link_add_rrs(l
, false);
695 (void) link_save_user(l
);
696 (void) manager_write_resolv_conf(l
->manager
);
697 (void) manager_send_changed(l
->manager
, "DNS");
699 return sd_bus_reply_method_return(message
, NULL
);
702 static int link_object_find(sd_bus
*bus
, const char *path
, const char *interface
, void *userdata
, void **found
, sd_bus_error
*error
) {
703 _cleanup_free_
char *e
= NULL
;
704 Manager
*m
= userdata
;
714 r
= sd_bus_path_decode(path
, "/org/freedesktop/resolve1/link", &e
);
718 ifindex
= parse_ifindex(e
);
722 link
= hashmap_get(m
->links
, INT_TO_PTR(ifindex
));
730 char *link_bus_path(const Link
*link
) {
731 char *p
, ifindex
[DECIMAL_STR_MAX(link
->ifindex
)];
736 xsprintf(ifindex
, "%i", link
->ifindex
);
738 r
= sd_bus_path_encode("/org/freedesktop/resolve1/link", ifindex
, &p
);
745 static int link_node_enumerator(sd_bus
*bus
, const char *path
, void *userdata
, char ***nodes
, sd_bus_error
*error
) {
746 _cleanup_strv_free_
char **l
= NULL
;
747 Manager
*m
= userdata
;
757 l
= new0(char*, hashmap_size(m
->links
) + 1);
761 HASHMAP_FOREACH(link
, m
->links
, i
) {
764 p
= link_bus_path(link
);
772 *nodes
= TAKE_PTR(l
);
777 static const sd_bus_vtable link_vtable
[] = {
778 SD_BUS_VTABLE_START(0),
780 SD_BUS_PROPERTY("ScopesMask", "t", property_get_scopes_mask
, 0, 0),
781 SD_BUS_PROPERTY("DNS", "a(iay)", property_get_dns
, 0, 0),
782 SD_BUS_PROPERTY("DNSEx", "a(iayqs)", property_get_dns_ex
, 0, 0),
783 SD_BUS_PROPERTY("CurrentDNSServer", "(iay)", property_get_current_dns_server
, offsetof(Link
, current_dns_server
), 0),
784 SD_BUS_PROPERTY("CurrentDNSServerEx", "(iayqs)", property_get_current_dns_server_ex
, offsetof(Link
, current_dns_server
), 0),
785 SD_BUS_PROPERTY("Domains", "a(sb)", property_get_domains
, 0, 0),
786 SD_BUS_PROPERTY("DefaultRoute", "b", property_get_default_route
, 0, 0),
787 SD_BUS_PROPERTY("LLMNR", "s", bus_property_get_resolve_support
, offsetof(Link
, llmnr_support
), 0),
788 SD_BUS_PROPERTY("MulticastDNS", "s", bus_property_get_resolve_support
, offsetof(Link
, mdns_support
), 0),
789 SD_BUS_PROPERTY("DNSOverTLS", "s", property_get_dns_over_tls_mode
, 0, 0),
790 SD_BUS_PROPERTY("DNSSEC", "s", property_get_dnssec_mode
, 0, 0),
791 SD_BUS_PROPERTY("DNSSECNegativeTrustAnchors", "as", property_get_ntas
, 0, 0),
792 SD_BUS_PROPERTY("DNSSECSupported", "b", property_get_dnssec_supported
, 0, 0),
794 SD_BUS_METHOD_WITH_ARGS("SetDNS",
795 SD_BUS_ARGS("a(iay)", addresses
),
797 bus_link_method_set_dns_servers
,
798 SD_BUS_VTABLE_UNPRIVILEGED
),
799 SD_BUS_METHOD_WITH_ARGS("SetDNSEx",
800 SD_BUS_ARGS("a(iayqs)", addresses
),
802 bus_link_method_set_dns_servers_ex
,
803 SD_BUS_VTABLE_UNPRIVILEGED
),
804 SD_BUS_METHOD_WITH_ARGS("SetDomains",
805 SD_BUS_ARGS("a(sb)", domains
),
807 bus_link_method_set_domains
,
808 SD_BUS_VTABLE_UNPRIVILEGED
),
809 SD_BUS_METHOD_WITH_ARGS("SetDefaultRoute",
810 SD_BUS_ARGS("b", enable
),
812 bus_link_method_set_default_route
,
813 SD_BUS_VTABLE_UNPRIVILEGED
),
814 SD_BUS_METHOD_WITH_ARGS("SetLLMNR",
815 SD_BUS_ARGS("s", mode
),
817 bus_link_method_set_llmnr
,
818 SD_BUS_VTABLE_UNPRIVILEGED
),
819 SD_BUS_METHOD_WITH_ARGS("SetMulticastDNS",
820 SD_BUS_ARGS("s", mode
),
822 bus_link_method_set_mdns
,
823 SD_BUS_VTABLE_UNPRIVILEGED
),
824 SD_BUS_METHOD_WITH_ARGS("SetDNSOverTLS",
825 SD_BUS_ARGS("s", mode
),
827 bus_link_method_set_dns_over_tls
,
828 SD_BUS_VTABLE_UNPRIVILEGED
),
829 SD_BUS_METHOD_WITH_ARGS("SetDNSSEC",
830 SD_BUS_ARGS("s", mode
),
832 bus_link_method_set_dnssec
,
833 SD_BUS_VTABLE_UNPRIVILEGED
),
834 SD_BUS_METHOD_WITH_ARGS("SetDNSSECNegativeTrustAnchors",
835 SD_BUS_ARGS("as", names
),
837 bus_link_method_set_dnssec_negative_trust_anchors
,
838 SD_BUS_VTABLE_UNPRIVILEGED
),
839 SD_BUS_METHOD_WITH_ARGS("Revert",
842 bus_link_method_revert
,
843 SD_BUS_VTABLE_UNPRIVILEGED
),
848 const BusObjectImplementation link_object
= {
849 "/org/freedesktop/resolve1/link",
850 "org.freedesktop.resolve1.Link",
851 .fallback_vtables
= BUS_FALLBACK_VTABLES({link_vtable
, link_object_find
}),
852 .node_enumerator
= link_node_enumerator
,