picnoir/Systemd
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity
47791 commits 2 branches 0 tags 166 MiB
Commit graph

1616 commits

Author SHA1 Message Date
Lennart Poettering 4d926a69bc resolved: bypass local cache when we issue a transaction for verification purposes 2014-08-05 01:52:24 +02:00
Lennart Poettering cd1b20f90a resolved: if there's already an RR established that has the same name of an RR to be established, skip probing the name 
After all, what has been probed once, doesn't need to be probed again.
 2014-08-05 01:52:24 +02:00
Lennart Poettering 21d73c87b0 resolved: actually read the initial state data from networkd when we initialize 2014-08-04 23:08:49 +02:00
Lennart Poettering 19b50b5ba7 resolved: read the per-interface LLMNR setting from networkd and act on it 2014-08-04 23:08:03 +02:00
Lennart Poettering f0e1546763 resolved: fix order in which we destroy manager resources 2014-08-04 19:59:05 +02:00
Lennart Poettering edc501d467 resolved: when there's already somebody listening on the LLMNR ports, simple disable LLMNR and warn, but continue 
This allows us to run resolved inside an nspawn container that shares
the network namespace with the host, if there's already an instance
running.
 2014-08-04 19:48:03 +02:00
Zbigniew Jędrzejewski-Szmek 151226ab4b resolved: RRSIG records 2014-08-03 22:02:32 -04:00
Zbigniew Jędrzejewski-Szmek ff3d6560be resolved: add identifiers for dnssec algorithms 2014-08-03 22:02:32 -04:00
Zbigniew Jędrzejewski-Szmek 8db0d2f5c3 resolved: DNSKEY records 2014-08-03 22:02:32 -04:00
Zbigniew Jędrzejewski-Szmek de292aa1dd resolve-host: make arg_type an int 
We are using it also to store _DNS_TYPE_INVALID, so it should be signed.
 2014-08-03 22:02:32 -04:00
Zbigniew Jędrzejewski-Szmek 7263f72499 resolve: add more record types and convert to gperf table 
We are unlikely to evert support most of them, but we can at least
display the types properly.

The list is taken from the IANA list.

The table of number->name mappings is converted to a switch
statement. gcc does a nice job of optimizing lookup (when optimization
is enabled).

systemd-resolve-host -t is now case insensitive.
 2014-08-03 22:02:32 -04:00
Zbigniew Jędrzejewski-Szmek 23432a1c24 resolved: align last rr column 2014-08-03 21:46:08 -04:00
Thomas Hindoe Paaboel Andersen 75cd513ef8 resolved: avoid possible dereference of null pointer 
In dns_scope_make_reply_packet the structs q, answer, and soa can be
null. We should check for null before reading their fields.
 2014-08-03 23:01:57 +02:00
Thomas Hindoe Paaboel Andersen e850d8e1ac resolved: remove unused variables 2014-08-03 13:19:19 +02:00
Lennart Poettering 7b4c2ee75f resolved: always drop multicast membership before adding one 
This is apparently necessary on some devices, such as veth.
 2014-08-01 20:27:27 +02:00
Lennart Poettering 747c0ff564 resolved: IPV6_UNICAST_IF may fail if we already are bound to a device, like we are for link-local addresses 2014-08-01 19:25:06 +02:00
Lennart Poettering 2c27fbca2d resolved: flush cache each time we change to a different DNS server 2014-08-01 18:10:01 +02:00
Lennart Poettering 5cb36f41f0 resolved: read the system /etc/resolv.conf unless we wrote it ourselves 
This way we integrate nicely with foreign network management stacks,
such as NM.
 2014-08-01 18:10:01 +02:00
Lennart Poettering 39d8db043b resolved: rename resolved.h to resolved-manager.h 
After all it pretty much exlcusively containers definitions about the
"Manager" object, hence let's call this the most obvious way.
 2014-08-01 16:14:59 +02:00
Lennart Poettering 4e945a6f79 resolved: beef up DNS server configuration logic 
We now maintain two lists of DNS servers: system servers and fallback
servers.

system servers are used in combination with any per-link servers.

fallback servers are only used if there are no system servers or
per-link servers configured.

The system server list is supposed to be populated from a foreign tool's
/etc/resolv.conf (not implemented yet).

Also adds a configuration switch for LLMNR, that allows configuring
whether LLMNR shall be used simply for resolving or also for responding.
 2014-08-01 16:06:39 +02:00
Lennart Poettering 95dd6257a6 resolved: don't bother caching negative RRs when the SOA TTL is 0 anyway 2014-08-01 00:58:13 +02:00
Lennart Poettering 9a015429b3 resolved: use CLOCK_BOOTTIME instead of CLOCK_MONOTONIC when aging caches and timeing out transactions 
That way the cache doens't get confused when the system is suspended.
 2014-08-01 00:58:12 +02:00
Lennart Poettering 7da40fc108 resolved: fix negative caching of IDNA domains 2014-08-01 00:58:12 +02:00
Lennart Poettering bdf10b5b4d resolved: handle IDNA domains 
Make sure we format UTF-8 labels as IDNA when writing them to DNS
packets, and as native UTF-8 when writing them to mDNS or LLMNR packets.

When comparing or processing labels always consider native UTF-8 and
IDNA formats equivalent.
 2014-08-01 00:58:12 +02:00
Zbigniew Jędrzejewski-Szmek afbc4f267b resolved: fix serialization of LOC records, check correctness 2014-07-31 17:42:14 -04:00
Lennart Poettering eb60f9cd4e hostnamed: watch system hostname changes and update LLMNR RRs accordingly 2014-07-31 19:54:43 +02:00
Lennart Poettering 8581858257 resolved: fix deserialization of UTF8 host names 2014-07-31 19:54:24 +02:00
Lennart Poettering 7b9f7afcc0 resolved: accept UTF-8 hostnames from bus clients 2014-07-31 19:53:59 +02:00
Lennart Poettering 07bed172ed resolved: various fixes regarding encoding of UTF8 characters in DNS RRs 2014-07-31 19:51:11 +02:00
Lennart Poettering fd0b4602f6 resolved: properly compare RRs we cannot parse 2014-07-31 18:41:54 +02:00
Lennart Poettering 42cc2eebb0 resolved: properly process SSHFP RRs 2014-07-31 18:41:41 +02:00
Lennart Poettering 9c92ce6d67 resolved: properly process SRV records 2014-07-31 18:23:34 +02:00
Lennart Poettering c0eb11cfd0 resolved: provide properly named way to access SPF data in RRs 2014-07-31 18:23:34 +02:00
Lennart Poettering 6a6fc3df74 resolved: make sure we always initialize r when parsing TXT records 2014-07-31 18:23:34 +02:00
Lennart Poettering 8ac4e9e1e5 resolved: properly process DNAME RRs 2014-07-31 18:02:24 +02:00
Lennart Poettering ec2c5e4398 resolved: implement LLMNR uniqueness verification 2014-07-31 17:47:19 +02:00
Zbigniew Jędrzejewski-Szmek cbd67a86fb resolved: fix multi-record packets with TXTs 2014-07-31 10:45:24 -04:00
Zbigniew Jędrzejewski-Szmek 0dae31d468 resolved: LOC records 
LOC records have a version field. So far only version 0 has been
published, but if a record with a different version was encountered,
our only recourse is to treat it as an unknown type. This is
implemented with the 'unparseable' flag, which causes the
serialization/deserialization and printing function to cause the
record as a blob. The flag can be used if other packet types cannot be
parsed for whatever reason.
 2014-07-31 08:56:03 -04:00
Zbigniew Jędrzejewski-Szmek 9de3e32940 resolved: SPF records 2014-07-31 08:56:03 -04:00
Zbigniew Jędrzejewski-Szmek 2e276efc7b resolved: TXT records 2014-07-31 08:56:03 -04:00
Zbigniew Jędrzejewski-Szmek 946c70944e resolved: MX records 2014-07-31 08:56:03 -04:00
Zbigniew Jędrzejewski-Szmek b93312f596 resolve-host: list types and classes 
Also update systemctl to similar style.
 2014-07-31 08:56:03 -04:00
Zbigniew Jędrzejewski-Szmek b2fadec604 Properly report invalid quoted strings 
$ systemd-analyze verify trailing-g.service
[./trailing-g.service:2] Trailing garbage, ignoring.
trailing-g.service lacks ExecStart setting. Refusing.
Error: org.freedesktop.systemd1.LoadFailed: Unit trailing-g.service failed to load: Invalid argument.
Failed to create trailing-g.service/start: Invalid argument
 2014-07-31 08:56:03 -04:00
Zbigniew Jędrzejewski-Szmek a2a5291b3f Reject invalid quoted strings 
String which ended in an unfinished quote were accepted, potentially
with bad memory accesses.

Reject anything which ends in a unfished quote, or contains
non-whitespace characters right after the closing quote.

_FOREACH_WORD now returns the invalid character in *state. But this return
value is not checked anywhere yet.

Also, make 'word' and 'state' variables const pointers, and rename 'w'
to 'word' in various places. Things are easier to read if the same name
is used consistently.

mbiebl_> am I correct that something like this doesn't work
mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-passwd "Unlock EncFS"'
mbiebl_> systemd seems to strip of the quotes
mbiebl_> systemctl status shows
mbiebl_> ExecStart=/usr/bin/encfs --extpass='/bin/systemd-ask-password Unlock EncFS  $RootDir $MountPoint
mbiebl_> which is pretty weird
 2014-07-31 04:00:31 -04:00
Lennart Poettering e4501ed4e6 resolved: when we got a successful DNS reply, then only wait for other transactions on the same scope, nowhere else 2014-07-30 20:39:52 +02:00
Lennart Poettering 57f5ad3149 resolved: properly set TTL in SOA records 2014-07-30 19:34:50 +02:00
Lennart Poettering fcf57f9cf7 resolved: don't attempt to order empty answer array 2014-07-30 19:24:13 +02:00
Lennart Poettering 351e6342d5 resolved: properly return start index when appending RR to packet 2014-07-30 19:24:13 +02:00
Lennart Poettering 2d4c5cbc0e resolved: add API for resolving specific RRs 2014-07-30 19:24:13 +02:00
Lennart Poettering 3339cb71d4 resolved: properly pass empty answers back to bus clients 2014-07-30 17:53:19 +02:00
Lennart Poettering 8bf52d3d17 resolved: include SOA records in LLMNR replies for non-existing RRs to allow negative caching 2014-07-30 16:47:21 +02:00
Lennart Poettering 34b9656f0b resolved: fix cname handling 2014-07-30 14:46:40 +02:00
Lennart Poettering 0ec7c46eed resolved: properly handle adding empty replies to cache 2014-07-30 14:21:18 +02:00
Lennart Poettering ddf163393b resolved: never cache ANY lookups 2014-07-30 14:05:48 +02:00
Lennart Poettering d532366133 resolved: respond to ANY queries from our zone 2014-07-30 02:06:09 +02:00
Lennart Poettering 0e2bcd6a17 resolved: don't accept messages with ANY RRs 2014-07-30 02:05:23 +02:00
Lennart Poettering 1d3b690fbd resolved: don't allow adding of ANY class/type RRs to local zones 2014-07-30 02:04:07 +02:00
Lennart Poettering 8bea3d6f88 resolved: don't do llmnr on interfaces lacking multicasting 2014-07-30 01:48:22 +02:00
Lennart Poettering 0c903ae7db resolved: follow more closely the recommend timeouts and TTLs from the LLMNR spec 2014-07-30 01:47:48 +02:00
Lennart Poettering d2f47562d5 resolved: only cache answer RRs, never additional or authoritative RRs of responses 2014-07-30 01:47:10 +02:00
Lennart Poettering 0f05c38759 resolved: never attempt negative caching of SOA records 2014-07-30 01:45:52 +02:00
Lennart Poettering af93291cc4 resolved: when answer A or AAAA questions, order responses by whether addresses are link-local or not 2014-07-30 00:48:59 +02:00
Lennart Poettering 2442b93d15 resolved: the llmnr destination address check applies to queries, not to responses 2014-07-29 23:53:08 +02:00
Lennart Poettering a2a416f768 resolved: add more debug logging 2014-07-29 23:53:08 +02:00
Lennart Poettering bf3f1271e2 resolved: set LLMNR TCP and UDP TTLs to the values suggested by the RFC 2014-07-29 23:53:08 +02:00
Lennart Poettering 2f82f5eae4 resolved: we don't need the DNS server "source" concept anymore, remove it 2014-07-29 23:53:08 +02:00
Lennart Poettering ea917db9e6 resolved: discard more invalid llmnr messages 2014-07-29 20:57:58 +02:00
Lennart Poettering b914e211f3 resolved: when resolving an address PTR record via llmnr, make a tcp connection by default 2014-07-29 20:57:58 +02:00
Lennart Poettering 623a4c97b9 resolve: add llmnr responder side for UDP and TCP 
Name defending is still missing.
 2014-07-29 20:57:58 +02:00
Tom Gundersen 6f4dedb250 sd-network: expose DNS/NTP servers as strings 
This avoids having to distinguish between IPv4 and IPv6, allowing us
to keep their internal orderings. The consumers now has to turn the
strings into addresses.
 2014-07-23 23:54:52 +02:00
Tom Gundersen 6073b6f26a resolved: don't read DHCP leases 
networkd will expose both statically configured DNS servers and servers
receieved over DHCP in sd_network_get_dns(), so no need to keep
the distinction in resolved.
 2014-07-23 23:54:52 +02:00
Tom Gundersen b0e39c8284 networkd: merge DNS and NTP entries when exporting 
In the state files, do not distinguish where the various entries came from
(static or DHCP), but include them all in the same list.
 2014-07-23 23:54:51 +02:00
Lennart Poettering 934e9b10b4 resolved: most DNS servers can't handle more than one question per packet, hence let's not generate that 2014-07-23 02:00:40 +02:00
Lennart Poettering 7e8e0422ae resolved: implement negative caching 2014-07-23 02:00:40 +02:00
Lennart Poettering faa133f3aa resolved: rework logic so that we can share transactions between queries of different clients 2014-07-23 02:00:40 +02:00
Zbigniew Jędrzejewski-Szmek 901fd81647 resolved: do not use unitialized variable 2014-07-18 21:44:34 -04:00
Lennart Poettering cbd4560ea2 resolved: various bad memory access fixes to the cache 2014-07-18 21:01:40 +02:00
Lennart Poettering 878cd63db2 resolved: fix bus signatures to follow family as int change 2014-07-18 21:01:07 +02:00
Lennart Poettering 46f08bea4b in-addr-util: remove family_to_string() API 
we already have a more complete one with af_to_name(), that is generated
from the header files, no need to duplicate this.
 2014-07-18 16:15:12 +02:00
Lennart Poettering 0dd25fb9f0 change type for address family to "int" 
Let's settle on a single type for all address family values, even if
UNIX is very inconsitent on the precise type otherwise. Given that
socket() is the primary entrypoint for the sockets API, and that uses
"int", and "int" is relatively simple and generic, we settle on "int"
for this.
 2014-07-18 16:10:51 +02:00
Lennart Poettering 3c0cf50279 resolved: add more const 2014-07-18 14:01:01 +02:00
Lennart Poettering 1716f6dcf5 resolved: add LLMNR support for looking up names 2014-07-18 12:38:32 +02:00
Thomas Hindoe Paaboel Andersen 962225baa8 resolved: silence warnings 
No need to write to r here since it will be overwritten as the first
step in parse_fail.
 2014-07-17 21:12:39 +02:00
Thomas Hindoe Paaboel Andersen f12ea7dad0 resolved: remove unused variable 2014-07-17 19:59:47 +02:00
Lennart Poettering 322345fdb9 resolved: add DNS cache 2014-07-17 19:39:50 +02:00
Lennart Poettering c5ed93163e resolved: don't trip up when an rtlink message does not include the MTU 2014-07-17 19:39:50 +02:00
Lennart Poettering 39762fdf67 resolved: enforce limit on concurrent outstanding queries 2014-07-17 01:58:14 +02:00
Lennart Poettering a2ba62c719 sd-network: remove redundant array size parameter from functions that return arrays 
As long as the number of array entries is relatively small it's nicer to
simply return the number of entries directly, instead of using a size_t*
return parameter for it.
 2014-07-17 01:42:26 +02:00
Lennart Poettering b45d9e86e4 resolved: fix check for mdns names 2014-07-17 01:41:52 +02:00
Lennart Poettering faec72d5de resolved: we are never authoritative for localhost 2014-07-17 01:41:52 +02:00
Lennart Poettering e1c959948c resolved: properly handle MTU logic 2014-07-17 01:41:52 +02:00
Lennart Poettering 76f468c8ea dns-domain: enforce maximum DNS domain name length 2014-07-17 01:41:52 +02:00
Lennart Poettering 0014a4ad50 sd-network: fix parameter order for sd_network_monitor_new() 
Constructors should return the object they created as first parameter,
except when they are generated as a child/member object of some other
object in which case that should be first.
 2014-07-17 01:41:52 +02:00
Zbigniew Jędrzejewski-Szmek 36f822c4bd Let config_parse open file where applicable 
Special care is needed so that we get an error message if the
file failed to parse, but not when it is missing. To avoid duplicating
the same error check in every caller, add an additional 'warn' boolean
to tell config_parse whether a message should be issued.
This makes things both shorter and more robust wrt. to error reporting.
 2014-07-16 18:47:20 -04:00
Kay Sievers e1bbf3d12f resolved: do not free() sd_dhcp_lease_get_dns() results 2014-07-16 23:50:45 +02:00
Lennart Poettering 309e9d86f0 resolved: properly pass canonical name information to resolving client 
Also, hook up nss-resolve to make use of this information
 2014-07-16 22:51:50 +02:00
Lennart Poettering 8ba9fd9cee resolved: add CNAME lookup support 2014-07-16 22:51:50 +02:00
Lennart Poettering ad86766293 resolved: support for TCP DNS queries 2014-07-16 20:15:47 +02:00
Lennart Poettering c73ce96b56 dns-packet: allow dynamic resizing of DNS packets 2014-07-16 18:04:14 +02:00
Lennart Poettering 3cb10d3a0b dns-domain: introduce macros for accessing all DNS header fields 2014-07-16 18:03:46 +02:00
Zbigniew Jędrzejewski-Szmek 4e0296a943 resolve: avoid use of uninitalized variable 2014-07-15 22:47:03 -04:00
Zbigniew Jędrzejewski-Szmek e9f3d2d508 Constify ConfigTableItem tables 2014-07-15 22:34:40 -04:00
Kay Sievers 18641cb17e resolved: add legacy dbus service and policy files 2014-07-16 03:41:39 +02:00
Lennart Poettering 4d1cf1e229 resolved: add small NSS module that uses resolved to resolve DNS names 2014-07-16 03:31:30 +02:00
Lennart Poettering 1fa65c593c dns-domain: never allow labels that are larger than 63 chars 2014-07-16 03:29:20 +02:00
Lennart Poettering 3fe1169fe3 dns-domain: fix generation of reverse IP address lookup name 2014-07-16 03:28:52 +02:00
Lennart Poettering b9d394ea56 resolve: add distinct bus error code for hosts that exist but lack A or AAAA records 2014-07-16 03:28:18 +02:00
Lennart Poettering 74b2466e14 resolved: add a DNS client stub resolver 
Let's turn resolved into a something truly useful: a fully asynchronous
DNS stub resolver that subscribes to network changes.

(More to come: caching, LLMNR, mDNS/DNS-SD, DNSSEC, IDN, NSS module)
 2014-07-16 00:31:38 +02:00
Lennart Poettering 3b653205cf shared: split out in_addr related calls from socket-util.[ch] into its private in-addr-util.[ch] 
These are enough calls for a new file, and they are sufficiently
different from the sockaddr-related calls, hence let's split this out.
 2014-07-10 21:15:26 +02:00
Lennart Poettering 096b677388 resolved: properly free network monitor 2014-07-10 20:12:34 +02:00
Lennart Poettering c92e531c82 resolved: make use of union in_addr_union in resolved, too 2014-07-07 23:11:48 +02:00
Lennart Poettering b9e7a9d870 resolved: make sure SIGTER/SIGINT actually can be caught and processed 2014-07-07 23:09:02 +02:00
Lennart Poettering 987d561fe2 resolved: let config_parse() open the configuration file for us 2014-07-07 23:03:17 +02:00
Tom Gundersen 682265d5e2 resolved: run as unpriviliged "systemd-resolve" user 
This service is not yet network facing, but let's prepare nonetheless.
Currently all caps are dropped, but some may need to be kept in the
future.
 2014-06-03 10:40:28 +02:00
Tom Gundersen b686acb27e resolved: move resolv.conf to resolved's runtime dir 2014-06-02 15:14:32 +02:00
Tom Gundersen 091a364c80 resolved: add daemon to manage resolv.conf 
Also remove the equivalent functionality from networkd.
 2014-05-19 18:14:56 +02:00