Merge tag 'systemd/v231-1.parabola1' into systemd/parabola

1 files changed, 59 insertions, 25 deletions

diff --git a/src/resolve/resolved-bus.c b/src/resolve/resolved-bus.c
index 33f7c61557..2ca65e6953 100644
--- a/src/resolve/resolved-bus.c
+++ b/src/resolve/resolved-bus.c
@@ -245,17 +245,22 @@ static int parse_as_address(sd_bus_message *m, int ifindex, const char *hostname
         _cleanup_(sd_bus_message_unrefp) sd_bus_message *reply = NULL;
         _cleanup_free_ char *canonical = NULL;
         union in_addr_union parsed;
-        int r, ff;
+        int r, ff, parsed_ifindex = 0;
 
         /* Check if the hostname is actually already an IP address formatted as string. In that case just parse it,
          * let's not attempt to look it up. */
 
-        r = in_addr_from_string_auto(hostname, &ff, &parsed);
+        r = in_addr_ifindex_from_string_auto(hostname, &ff, &parsed, &parsed_ifindex);
         if (r < 0) /* not an address */
                 return 0;
 
         if (family != AF_UNSPEC && ff != family)
                 return sd_bus_reply_method_errorf(m, BUS_ERROR_NO_SUCH_RR, "The specified address is not of the requested family.");
+        if (ifindex > 0 && parsed_ifindex > 0 && parsed_ifindex != ifindex)
+                return sd_bus_reply_method_errorf(m, BUS_ERROR_NO_SUCH_RR, "The specified address interface index does not match requested interface.");
+
+        if (parsed_ifindex > 0)
+                ifindex = parsed_ifindex;
 
         r = sd_bus_message_new_method_return(m, &reply);
         if (r < 0)
@@ -288,7 +293,7 @@ static int parse_as_address(sd_bus_message *m, int ifindex, const char *hostname
         /* When an IP address is specified we just return it as canonical name, in order to avoid a DNS
          * look-up. However, we reformat it to make sure it's in a truly canonical form (i.e. on IPv6 the inner
          * omissions are always done the same way). */
-        r = in_addr_to_string(ff, &parsed, &canonical);
+        r = in_addr_ifindex_to_string(ff, &parsed, ifindex, &canonical);
         if (r < 0)
                 return r;
 
@@ -642,6 +647,8 @@ static int bus_method_resolve_record(sd_bus_message *message, void *userdata, sd
 
         if (!dns_type_is_valid_query(type))
                 return sd_bus_error_setf(error, SD_BUS_ERROR_INVALID_ARGS, "Specified resource record type %" PRIu16 " may not be used in a query.", type);
+        if (dns_type_is_zone_transer(type))
+                return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Zone transfers not permitted via this programming interface.");
         if (dns_type_is_obsolete(type))
                 return sd_bus_error_setf(error, SD_BUS_ERROR_NOT_SUPPORTED, "Specified DNS resource record type %" PRIu16 " is obsolete.", type);
 
@@ -665,6 +672,10 @@ static int bus_method_resolve_record(sd_bus_message *message, void *userdata, sd
         if (r < 0)
                 return r;
 
+        /* Let's request that the TTL is fixed up for locally cached entries, after all we return it in the wire format
+         * blob */
+        q->clamp_ttl = true;
+
         q->request = sd_bus_message_ref(message);
         q->complete = bus_method_resolve_record_complete;
 
@@ -1221,7 +1232,7 @@ int bus_dns_server_append(sd_bus_message *reply, DnsServer *s, bool with_ifindex
                 return r;
 
         if (with_ifindex) {
-                r = sd_bus_message_append(reply, "i", s->link ? s->link->ifindex : 0);
+                r = sd_bus_message_append(reply, "i", dns_server_ifindex(s));
                 if (r < 0)
                         return r;
         }
@@ -1409,6 +1420,36 @@ static int bus_property_get_dnssec_supported(
         return sd_bus_message_append(reply, "b", manager_dnssec_supported(m));
 }
 
+static int bus_property_get_ntas(
+                sd_bus *bus,
+                const char *path,
+                const char *interface,
+                const char *property,
+                sd_bus_message *reply,
+                void *userdata,
+                sd_bus_error *error) {
+
+        Manager *m = userdata;
+        const char *domain;
+        Iterator i;
+        int r;
+
+        assert(reply);
+        assert(m);
+
+        r = sd_bus_message_open_container(reply, 'a', "s");
+        if (r < 0)
+                return r;
+
+        SET_FOREACH(domain, m->trust_anchor.negative_by_name, i) {
+                r = sd_bus_message_append(reply, "s", domain);
+                if (r < 0)
+                        return r;
+        }
+
+        return sd_bus_message_close_container(reply);
+}
+
 static int bus_method_reset_statistics(sd_bus_message *message, void *userdata, sd_bus_error *error) {
         Manager *m = userdata;
         DnsScope *s;
@@ -1442,26 +1483,6 @@ static int get_any_link(Manager *m, int ifindex, Link **ret, sd_bus_error *error
         return 0;
 }
 
-static int get_unmanaged_link(Manager *m, int ifindex, Link **ret, sd_bus_error *error) {
-        Link *l;
-        int r;
-
-        assert(m);
-        assert(ret);
-
-        r = get_any_link(m, ifindex, &l, error);
-        if (r < 0)
-                return r;
-
-        if (l->flags & IFF_LOOPBACK)
-                return sd_bus_error_setf(error, BUS_ERROR_LINK_BUSY, "Link %s is loopback device.", l->name);
-        if (l->is_managed)
-                return sd_bus_error_setf(error, BUS_ERROR_LINK_BUSY, "Link %s is managed.", l->name);
-
-        *ret = l;
-        return 0;
-}
-
 static int call_link_method(Manager *m, sd_bus_message *message, sd_bus_message_handler_t handler, sd_bus_error *error) {
         int ifindex, r;
         Link *l;
@@ -1475,7 +1496,7 @@ static int call_link_method(Manager *m, sd_bus_message *message, sd_bus_message_
         if (r < 0)
                 return r;
 
-        r = get_unmanaged_link(m, ifindex, &l, error);
+        r = get_any_link(m, ifindex, &l, error);
         if (r < 0)
                 return r;
 
@@ -1535,6 +1556,17 @@ static int bus_method_get_link(sd_bus_message *message, void *userdata, sd_bus_e
         return sd_bus_reply_method_return(message, "o", p);
 }
 
+static int bus_method_flush_caches(sd_bus_message *message, void *userdata, sd_bus_error *error) {
+        Manager *m = userdata;
+
+        assert(message);
+        assert(m);
+
+        manager_flush_caches(m);
+
+        return sd_bus_reply_method_return(message, NULL);
+}
+
 static const sd_bus_vtable resolve_vtable[] = {
         SD_BUS_VTABLE_START(0),
         SD_BUS_PROPERTY("LLMNRHostname", "s", NULL, offsetof(Manager, llmnr_hostname), 0),
@@ -1544,12 +1576,14 @@ static const sd_bus_vtable resolve_vtable[] = {
         SD_BUS_PROPERTY("CacheStatistics", "(ttt)", bus_property_get_cache_statistics, 0, 0),
         SD_BUS_PROPERTY("DNSSECStatistics", "(tttt)", bus_property_get_dnssec_statistics, 0, 0),
         SD_BUS_PROPERTY("DNSSECSupported", "b", bus_property_get_dnssec_supported, 0, 0),
+        SD_BUS_PROPERTY("DNSSECNegativeTrustAnchors", "as", bus_property_get_ntas, 0, 0),
 
         SD_BUS_METHOD("ResolveHostname", "isit", "a(iiay)st", bus_method_resolve_hostname, SD_BUS_VTABLE_UNPRIVILEGED),
         SD_BUS_METHOD("ResolveAddress", "iiayt", "a(is)t", bus_method_resolve_address, SD_BUS_VTABLE_UNPRIVILEGED),
         SD_BUS_METHOD("ResolveRecord", "isqqt", "a(iqqay)t", bus_method_resolve_record, SD_BUS_VTABLE_UNPRIVILEGED),
         SD_BUS_METHOD("ResolveService", "isssit", "a(qqqsa(iiay)s)aayssst", bus_method_resolve_service, SD_BUS_VTABLE_UNPRIVILEGED),
         SD_BUS_METHOD("ResetStatistics", NULL, NULL, bus_method_reset_statistics, 0),
+        SD_BUS_METHOD("FlushCaches", NULL, NULL, bus_method_flush_caches, 0),
         SD_BUS_METHOD("GetLink", "i", "o", bus_method_get_link, SD_BUS_VTABLE_UNPRIVILEGED),
         SD_BUS_METHOD("SetLinkDNS", "ia(iay)", NULL, bus_method_set_link_dns_servers, 0),
         SD_BUS_METHOD("SetLinkDomains", "ia(sb)", NULL, bus_method_set_link_domains, 0),