Age | Commit message (Collapse) | Author |
|
Previously the calls for emitting DNS UDP packets were just called
dns_{transacion|scope}_emit(), but the one to establish a DNS TCP
connection was called dns_transaction_open_tcp(). Clean this up, and
rename them dns_{transaction|scope}_emit_udp() and
dns_transaction_open_tcp().
|
|
This adds a mode that makes resolved automatically downgrade from DNSSEC
support to classic non-DNSSEC resolving if the configured DNS server is
not capable of DNSSEC. Enabling this mode increases compatibility with
crappy network equipment, but of course opens up the system to
downgrading attacks.
The new mode can be enabled by setting DNSSEC=downgrade-ok in
resolved.conf. DNSSEC=yes otoh remains a "strict" mode, where DNS
resolving rather fails then allow downgrading.
Downgrading is done:
- when the server does not support EDNS0+DO
- or when the server supports it but does not augment returned RRs with
RRSIGs. The latter is detected when requesting DS or SOA RRs for the
root domain (which is necessary to do proofs for unsigned data)
|
|
The call already updates possible_features, it's pointless doing this in
the caller a second time.
|
|
We previously set it once in the scope code and once in the stream code.
Remove it from the latter, as all other socket options are set in the
former.
|
|
via TCP
Previously, if we couldn't reach a server via UDP we'd generate an
MAX_ATTEMPTS transaction result, but if we couldn't reach it via TCP
we'd generate a RESOURCES transaction result. While it is OK to generate
two different errors I think, "RESOURCES" is certainly a misnomer.
Introduce a new transaction result "CONNECTION_FAILURE" instead.
|
|
Previously, we'd insist on an RRSIG for all DS/NSEC/NSEC3 RRs. With this
change we don't do that anymore, but also allow unsigned DS/NSEC/NSEC3
if we can prove that the zone they are located in is unsigned.
|
|
|
|
This collects statistical data about transactions, dnssec verifications
and the cache, and exposes it over the bus. The systemd-resolve-host
tool learns new options to query these statistics and reset them.
|
|
But keep track that the proof is not authenticated.
|
|
|
|
|
|
|
|
|
|
Be stricter when searching suitable NSEC3 RRs for proof: generalize the
check we use to find suitable NSEC3 RRs, in nsec3_is_good(), and add
additional checks, such as checking whether all NSEC3 RRs use the same
parameters, have the same suffix and so on.
|
|
When doing an NSEC3 proof, before detrmining whether a name is the
closest encloser we first need to figure out the longest common suffix
we have with any NSEC3 RR in the reply.
|
|
Note that this is still not complete, one additional step is still
missing: when we verified that a wildcard RRset is properly signed, we
still need to do an NSEC/NSEC3 proof that no more specific RRset exists.
|
|
Otherwise if we have an A lookup that failed DNSSEC validation, but an
AAAA lookup that succeeded, we might end up using the A data, but we
really should not.
|
|
This might happen in some cases (empty non-terminals...) and we should
not choke on it.
|
|
It's weird doing bitwise operations on booleans. Let's use the boolean
XOR (i.e. "!=") instead of the bitweise XOR (i.e. "^") on them.
|
|
|
|
Let's simplify usage and memory management of DnsResourceRecord's
dns_resource_record_to_string() call: cache the formatted string as
part of the object, and return it on subsequent calls, freeing it when
the DnsResourceRecord itself is freed.
|
|
|
|
|
|
If there are multiple SOA RRs, and we look for a suitable one covering
our request, then make sure to pick the one that is furthest away from
the root name, not just the first one we encounter.
|
|
entries
We use ANY RR keys to store NXDOMAIN information, but we previously
didn't flush out old ANY RR items in the cache when adding new entries.
Fix that.
|
|
Let's abstract which RRs shall honour CNAMEs, and which ones should not.
|
|
|
|
Add Seal option in the configuration file for journald-remote
|
|
Closes #2223.
|
|
LLDP type system name and system description should
be with in 255 characters and unique.
Let's add the validation to discard corrupt packets.
|
|
|
|
analyze: verify verifies templates too
|
|
core: re-sync bus name list after deserializing during daemon-reload
|
|
When the daemon reloads, it doesn not actually give up its DBus connection,
as wrongly stated in an earlier commit. However, even though the bus
connection stays open, the daemon flushes out all its internal state.
Hence, if there is a NameOwnerChanged signal after the flush and before the
deserialization, it cannot be matched against any pending unit.
To fix this, rename bus_list_names() to manager_sync_bus_names() and call
it explicitly at the end of the daemon reload operation.
|
|
Journal decompression fixes
|
|
Core: plug a memory leak in socket.c, and some related cleanups
|
|
A socket shouldn't be used after socket_done() returns, but follow the
general guideline here and avoid dangling pointers anyway.
|
|
Plug a small memory leak.
|
|
core: fix bus name synchronization after daemon-reload
|
|
sd-event: improve debugging of event source errors
|
|
Printing the pointer variable really doesn't help, so drop that.
Instead, add a string lookup table for the EventSourceType enum, and print
the type of event source in case of errors.
|
|
man: fix typo in systemctl(1)
|
|
|
|
During daemon-reload, PID1 temporarly loses its DBus connection, so there's
a small window in which all signals sent by dbus-daemon are lost.
This is a problem, since we rely on the NameOwnerChanged signals in order to
consider a service with Type=dbus fully started or terminated, respectively.
In order to fix this, a rewrite of bus_list_names() is necessary. We used
to walk the current list of names on the bus, and blindly triggered the
bus_name_owner_change() callback on each service, providing the actual name
as current owner. This implementation has a number of problems:
* We cannot detect if the the name was moved from one owner to the other
while we were reloading
* We don't notify services which missed the name loss signal
* Providing the actual name as current owner is a hack, as the comment also
admits.
To fix this, this patch carries the following changes:
* Track the name of the current bus name owner, and (de-)serialize it
during reload. This way, we can detect changes.
* In bus_list_names(), walk the list of bus names we're interested in
first, and then see if the name is active on the bus. If it is,
check it it's still the same as it used to be, and synthesize
NameOwnerChanged signals for the name add and/or loss.
This should fully synchronize the current name list with the internal
state of all services.
|
|
resolve: fix indentation
|
|
|
|
While journal received remotely can be sealed, it can only be done
on the command line using --seal, so for consistency, we will
also permit to set it in the configuration file.
|
|
Add DNSSEC proof of unsignedness and NSEC3 proof
|
|
Fix typo on logind-dbus.c
|
|
method_schedule_shutdown referenced org.freedesktop.login1.poweroff*
which is never registered in polkit.
Now refers to org.freedesktop.login1.power-off*
Signed-off-by: Joost Bremmer <toost.b@gmail.com>
|