1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/dns/dns_config_service_posix.h"
6
7 #include <memory>
8 #include <string>
9 #include <type_traits>
10 #include <utility>
11
12 #include "base/files/file.h"
13 #include "base/files/file_path.h"
14 #include "base/files/file_path_watcher.h"
15 #include "base/functional/bind.h"
16 #include "base/lazy_instance.h"
17 #include "base/location.h"
18 #include "base/logging.h"
19 #include "base/memory/raw_ptr.h"
20 #include "base/sequence_checker.h"
21 #include "base/task/single_thread_task_runner.h"
22 #include "base/threading/scoped_blocking_call.h"
23 #include "base/time/time.h"
24 #include "build/build_config.h"
25 #include "net/base/ip_endpoint.h"
26 #include "net/dns/dns_config.h"
27 #include "net/dns/dns_hosts.h"
28 #include "net/dns/notify_watcher_mac.h"
29 #include "net/dns/public/resolv_reader.h"
30 #include "net/dns/serial_worker.h"
31 #include "third_party/abseil-cpp/absl/types/optional.h"
32
33 #if BUILDFLAG(IS_MAC)
34 #include "net/dns/dns_config_watcher_mac.h"
35 #endif
36
37 namespace net {
38
39 namespace internal {
40
41 namespace {
42
43 const base::FilePath::CharType kFilePathHosts[] =
44 FILE_PATH_LITERAL("/etc/hosts");
45
46 #if BUILDFLAG(IS_IOS)
47 // There is no public API to watch the DNS configuration on iOS.
48 class DnsConfigWatcher {
49 public:
50 using CallbackType = base::RepeatingCallback<void(bool succeeded)>;
51
Watch(const CallbackType & callback)52 bool Watch(const CallbackType& callback) {
53 return false;
54 }
55 };
56
57 #elif BUILDFLAG(IS_MAC)
58
59 // DnsConfigWatcher for OS_MAC is in dns_config_watcher_mac.{hh,cc}.
60
61 #else // !BUILDFLAG(IS_IOS) && !BUILDFLAG(IS_MAC)
62
63 #ifndef _PATH_RESCONF // Normally defined in <resolv.h>
64 #define _PATH_RESCONF "/etc/resolv.conf"
65 #endif
66
67 const base::FilePath::CharType kFilePathConfig[] =
68 FILE_PATH_LITERAL(_PATH_RESCONF);
69
70 class DnsConfigWatcher {
71 public:
72 using CallbackType = base::RepeatingCallback<void(bool succeeded)>;
73
Watch(const CallbackType & callback)74 bool Watch(const CallbackType& callback) {
75 callback_ = callback;
76 return watcher_.Watch(base::FilePath(kFilePathConfig),
77 base::FilePathWatcher::Type::kNonRecursive,
78 base::BindRepeating(&DnsConfigWatcher::OnCallback,
79 base::Unretained(this)));
80 }
81
82 private:
OnCallback(const base::FilePath & path,bool error)83 void OnCallback(const base::FilePath& path, bool error) {
84 callback_.Run(!error);
85 }
86
87 base::FilePathWatcher watcher_;
88 CallbackType callback_;
89 };
90 #endif // BUILDFLAG(IS_IOS)
91
ReadDnsConfig()92 absl::optional<DnsConfig> ReadDnsConfig() {
93 base::ScopedBlockingCall scoped_blocking_call(FROM_HERE,
94 base::BlockingType::MAY_BLOCK);
95
96 absl::optional<DnsConfig> dns_config;
97 {
98 std::unique_ptr<ScopedResState> scoped_res_state =
99 ResolvReader().GetResState();
100 if (scoped_res_state) {
101 dns_config = ConvertResStateToDnsConfig(scoped_res_state->state());
102 }
103 }
104
105 if (!dns_config.has_value())
106 return dns_config;
107
108 #if BUILDFLAG(IS_MAC)
109 if (!DnsConfigWatcher::CheckDnsConfig(
110 dns_config->unhandled_options /* out_unhandled_options */)) {
111 return absl::nullopt;
112 }
113 #endif // BUILDFLAG(IS_MAC)
114 // Override |fallback_period| value to match default setting on Windows.
115 dns_config->fallback_period = kDnsDefaultFallbackPeriod;
116 return dns_config;
117 }
118
119 } // namespace
120
121 class DnsConfigServicePosix::Watcher : public DnsConfigService::Watcher {
122 public:
Watcher(DnsConfigServicePosix & service)123 explicit Watcher(DnsConfigServicePosix& service)
124 : DnsConfigService::Watcher(service) {}
125
126 Watcher(const Watcher&) = delete;
127 Watcher& operator=(const Watcher&) = delete;
128
129 ~Watcher() override = default;
130
Watch()131 bool Watch() override {
132 CheckOnCorrectSequence();
133
134 bool success = true;
135 if (!config_watcher_.Watch(base::BindRepeating(&Watcher::OnConfigChanged,
136 base::Unretained(this)))) {
137 LOG(ERROR) << "DNS config watch failed to start.";
138 success = false;
139 }
140 // Hosts file should never change on iOS, so don't watch it there.
141 #if !BUILDFLAG(IS_IOS)
142 if (!hosts_watcher_.Watch(
143 base::FilePath(kFilePathHosts),
144 base::FilePathWatcher::Type::kNonRecursive,
145 base::BindRepeating(&Watcher::OnHostsFilePathWatcherChange,
146 base::Unretained(this)))) {
147 LOG(ERROR) << "DNS hosts watch failed to start.";
148 success = false;
149 }
150 #endif // !BUILDFLAG(IS_IOS)
151 return success;
152 }
153
154 private:
155 #if !BUILDFLAG(IS_IOS)
OnHostsFilePathWatcherChange(const base::FilePath & path,bool error)156 void OnHostsFilePathWatcherChange(const base::FilePath& path, bool error) {
157 OnHostsChanged(!error);
158 }
159 #endif // !BUILDFLAG(IS_IOS)
160
161 DnsConfigWatcher config_watcher_;
162 #if !BUILDFLAG(IS_IOS)
163 base::FilePathWatcher hosts_watcher_;
164 #endif // !BUILDFLAG(IS_IOS)
165 };
166
167 // A SerialWorker that uses libresolv to initialize res_state and converts
168 // it to DnsConfig.
169 class DnsConfigServicePosix::ConfigReader : public SerialWorker {
170 public:
ConfigReader(DnsConfigServicePosix & service)171 explicit ConfigReader(DnsConfigServicePosix& service) : service_(&service) {
172 // Allow execution on another thread; nothing thread-specific about
173 // constructor.
174 DETACH_FROM_SEQUENCE(sequence_checker_);
175 }
176
177 ~ConfigReader() override = default;
178
179 ConfigReader(const ConfigReader&) = delete;
180 ConfigReader& operator=(const ConfigReader&) = delete;
181
CreateWorkItem()182 std::unique_ptr<SerialWorker::WorkItem> CreateWorkItem() override {
183 return std::make_unique<WorkItem>();
184 }
185
OnWorkFinished(std::unique_ptr<SerialWorker::WorkItem> serial_worker_work_item)186 bool OnWorkFinished(std::unique_ptr<SerialWorker::WorkItem>
187 serial_worker_work_item) override {
188 DCHECK(serial_worker_work_item);
189 DCHECK(!IsCancelled());
190
191 WorkItem* work_item = static_cast<WorkItem*>(serial_worker_work_item.get());
192 if (work_item->dns_config_.has_value()) {
193 service_->OnConfigRead(std::move(work_item->dns_config_).value());
194 return true;
195 } else {
196 LOG(WARNING) << "Failed to read DnsConfig.";
197 return false;
198 }
199 }
200
201 private:
202 class WorkItem : public SerialWorker::WorkItem {
203 public:
DoWork()204 void DoWork() override { dns_config_ = ReadDnsConfig(); }
205
206 private:
207 friend class ConfigReader;
208 absl::optional<DnsConfig> dns_config_;
209 };
210
211 // Raw pointer to owning DnsConfigService.
212 const raw_ptr<DnsConfigServicePosix> service_;
213 };
214
DnsConfigServicePosix()215 DnsConfigServicePosix::DnsConfigServicePosix()
216 : DnsConfigService(kFilePathHosts) {
217 // Allow constructing on one thread and living on another.
218 DETACH_FROM_SEQUENCE(sequence_checker_);
219 }
220
~DnsConfigServicePosix()221 DnsConfigServicePosix::~DnsConfigServicePosix() {
222 if (config_reader_)
223 config_reader_->Cancel();
224 }
225
RefreshConfig()226 void DnsConfigServicePosix::RefreshConfig() {
227 InvalidateConfig();
228 InvalidateHosts();
229 ReadConfigNow();
230 ReadHostsNow();
231 }
232
ReadConfigNow()233 void DnsConfigServicePosix::ReadConfigNow() {
234 if (!config_reader_)
235 CreateReader();
236 config_reader_->WorkNow();
237 }
238
StartWatching()239 bool DnsConfigServicePosix::StartWatching() {
240 CreateReader();
241 // TODO(szym): re-start watcher if that makes sense. http://crbug.com/116139
242 watcher_ = std::make_unique<Watcher>(*this);
243 return watcher_->Watch();
244 }
245
CreateReader()246 void DnsConfigServicePosix::CreateReader() {
247 DCHECK_CALLED_ON_VALID_SEQUENCE(sequence_checker_);
248 DCHECK(!config_reader_);
249 config_reader_ = std::make_unique<ConfigReader>(*this);
250 }
251
ConvertResStateToDnsConfig(const struct __res_state & res)252 absl::optional<DnsConfig> ConvertResStateToDnsConfig(
253 const struct __res_state& res) {
254 DnsConfig dns_config;
255 dns_config.unhandled_options = false;
256
257 if (!(res.options & RES_INIT))
258 return absl::nullopt;
259
260 absl::optional<std::vector<IPEndPoint>> nameservers = GetNameservers(res);
261 if (!nameservers)
262 return absl::nullopt;
263
264 dns_config.nameservers = std::move(*nameservers);
265 dns_config.search.clear();
266 for (int i = 0; (i < MAXDNSRCH) && res.dnsrch[i]; ++i) {
267 dns_config.search.emplace_back(res.dnsrch[i]);
268 }
269
270 dns_config.ndots = res.ndots;
271 dns_config.fallback_period = base::Seconds(res.retrans);
272 dns_config.attempts = res.retry;
273 #if defined(RES_ROTATE)
274 dns_config.rotate = res.options & RES_ROTATE;
275 #endif
276 #if !defined(RES_USE_DNSSEC)
277 // Some versions of libresolv don't have support for the DO bit. In this
278 // case, we proceed without it.
279 static const int RES_USE_DNSSEC = 0;
280 #endif
281
282 // The current implementation assumes these options are set. They normally
283 // cannot be overwritten by /etc/resolv.conf
284 const unsigned kRequiredOptions = RES_RECURSE | RES_DEFNAMES | RES_DNSRCH;
285 if ((res.options & kRequiredOptions) != kRequiredOptions) {
286 dns_config.unhandled_options = true;
287 return dns_config;
288 }
289
290 const unsigned kUnhandledOptions = RES_USEVC | RES_IGNTC | RES_USE_DNSSEC;
291 if (res.options & kUnhandledOptions) {
292 dns_config.unhandled_options = true;
293 return dns_config;
294 }
295
296 if (dns_config.nameservers.empty())
297 return absl::nullopt;
298
299 // If any name server is 0.0.0.0, assume the configuration is invalid.
300 // TODO(szym): Measure how often this happens. http://crbug.com/125599
301 for (const IPEndPoint& nameserver : dns_config.nameservers) {
302 if (nameserver.address().IsZero())
303 return absl::nullopt;
304 }
305 return dns_config;
306 }
307
308 } // namespace internal
309
310 // static
CreateSystemService()311 std::unique_ptr<DnsConfigService> DnsConfigService::CreateSystemService() {
312 // DnsConfigService on iOS doesn't watch the config so its result can become
313 // inaccurate at any time. Disable it to prevent promulgation of inaccurate
314 // DnsConfigs.
315 #if BUILDFLAG(IS_IOS)
316 return nullptr;
317 #else // BUILDFLAG(IS_IOS)
318 return std::make_unique<internal::DnsConfigServicePosix>();
319 #endif // BUILDFLAG(IS_IOS)
320 }
321
322 } // namespace net
323