TODO

@@ -110,6 +110,7 @@ Features:
 
 * make us use dynamically fewer deps for containers in general purpose distros:
   o turn into dlopen() deps:
+    - libidn2 (always)
     - elfutils (always)
     - p11-kit-trust (always)
     - kmod-libs (only when called from PID 1)

src/resolve/meson.build

@@ -142,7 +142,7 @@ libsystemd_resolve_core = static_library(
 
 systemd_resolved_sources += [resolved_gperf_c, resolved_dnssd_gperf_c]
 
-systemd_resolved_dependencies = [threads, libgpg_error, libm]
+systemd_resolved_dependencies = [threads, libgpg_error, libm, libidn]
 if conf.get('ENABLE_DNS_OVER_TLS') == 1
         if conf.get('DNS_OVER_TLS_USE_GNUTLS') == 1
                 systemd_resolved_sources += files('resolved-dnstls-gnutls.c',

src/resolve/resolved-dns-packet.c

@@ -689,14 +689,7 @@ fail:
 }
 
 /* Append the OPT pseudo-RR described in RFC6891 */
-int dns_packet_append_opt(
-                DnsPacket *p,
-                uint16_t max_udp_size,
-                bool edns0_do,
-                bool include_rfc6975,
-                int rcode,
-                size_t *start) {
-
+int dns_packet_append_opt(DnsPacket *p, uint16_t max_udp_size, bool edns0_do, int rcode, size_t *start) {
         size_t saved_size;
         int r;
 
@@ -739,10 +732,8 @@ int dns_packet_append_opt(
                 goto fail;
 
         /* RDLENGTH */
-        if (edns0_do && include_rfc6975) {
-                /* If DO is on and this is requested, also append RFC6975 Algorithm data. This is supposed to
-                 * be done on queries, not on replies, hencer callers should turn this off when finishing off
-                 * replies. */
+        if (edns0_do && !DNS_PACKET_QR(p)) {
+                /* If DO is on and this is not a reply, also append RFC6975 Algorithm data */
 
                 static const uint8_t rfc6975[] = {
 

src/resolve/resolved-dns-packet.h

@@ -198,7 +198,7 @@ int dns_packet_append_label(DnsPacket *p, const char *s, size_t l, bool canonica
 int dns_packet_append_name(DnsPacket *p, const char *name, bool allow_compression, bool canonical_candidate, size_t *start);
 int dns_packet_append_key(DnsPacket *p, const DnsResourceKey *key, const DnsAnswerFlags flags, size_t *start);
 int dns_packet_append_rr(DnsPacket *p, const DnsResourceRecord *rr, const DnsAnswerFlags flags, size_t *start, size_t *rdata_start);
-int dns_packet_append_opt(DnsPacket *p, uint16_t max_udp_size, bool edns0_do, bool include_rfc6975, int rcode, size_t *start);
+int dns_packet_append_opt(DnsPacket *p, uint16_t max_udp_size, bool edns0_do, int rcode, size_t *start);
 int dns_packet_append_question(DnsPacket *p, DnsQuestion *q);
 int dns_packet_append_answer(DnsPacket *p, DnsAnswer *a);
 

src/resolve/resolved-dns-server.c

@@ -535,7 +535,7 @@ int dns_server_adjust_opt(DnsServer *server, DnsPacket *packet, DnsServerFeature
         else
                 packet_size = server->received_udp_packet_max;
 
-        return dns_packet_append_opt(packet, packet_size, edns_do, /* include_rfc6975 = */ true, 0, NULL);
+        return dns_packet_append_opt(packet, packet_size, edns_do, 0, NULL);
 }
 
 int dns_server_ifindex(const DnsServer *s) {

src/resolve/resolved-dns-stub.c

@@ -162,7 +162,7 @@ static int dns_stub_finish_reply_packet(
         assert(p);
 
         if (add_opt) {
-                r = dns_packet_append_opt(p, ADVERTISE_DATAGRAM_SIZE_MAX, edns0_do, /* include_rfc6975 = */ false, rcode, NULL);
+                r = dns_packet_append_opt(p, ADVERTISE_DATAGRAM_SIZE_MAX, edns0_do, rcode, NULL);
                 if (r == -EMSGSIZE) /* Hit the size limit? then indicate truncation */
                         tc = true;
                 else if (r < 0)

src/resolve/resolved-manager.c

@@ -8,6 +8,10 @@
 #include <sys/types.h>
 #include <unistd.h>
 
+#if HAVE_LIBIDN2
+#include <idn2.h>
+#endif
+
 #include "af-list.h"
 #include "alloc-util.h"
 #include "bus-polkit.h"
@@ -16,7 +20,6 @@
 #include "fd-util.h"
 #include "fileio.h"
 #include "hostname-util.h"
-#include "idn-util.h"
 #include "io-util.h"
 #include "missing_network.h"
 #include "netlink-util.h"
@@ -343,38 +346,29 @@ static int determine_hostname(char **full_hostname, char **llmnr_hostname, char
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
                                        "Couldn't find a single label in hostname.");
 
-#if HAVE_LIBIDN || HAVE_LIBIDN2
-        r = dlopen_idn();
-        if (r < 0) {
-                log_debug_errno(r, "Failed to initialize IDN support, ignoring: %m");
-                decoded = label; /* no decoding */
-        } else
-#endif
-        {
 #if HAVE_LIBIDN2
-                r = sym_idn2_to_unicode_8z8z(label, &utf8, 0);
-                if (r != IDN2_OK)
-                        return log_error_errno(SYNTHETIC_ERRNO(EUCLEAN),
-                                               "Failed to undo IDNA: %s", sym_idn2_strerror(r));
-                assert(utf8_is_valid(utf8));
+        r = idn2_to_unicode_8z8z(label, &utf8, 0);
+        if (r != IDN2_OK)
+                return log_error_errno(SYNTHETIC_ERRNO(EUCLEAN),
+                                       "Failed to undo IDNA: %s", idn2_strerror(r));
+        assert(utf8_is_valid(utf8));
 
-                r = strlen(utf8);
-                decoded = utf8;
+        r = strlen(utf8);
+        decoded = utf8;
 #elif HAVE_LIBIDN
-                k = dns_label_undo_idna(label, r, label, sizeof label);
-                if (k < 0)
-                        return log_error_errno(k, "Failed to undo IDNA: %m");
-                if (k > 0)
-                        r = k;
+        k = dns_label_undo_idna(label, r, label, sizeof label);
+        if (k < 0)
+                return log_error_errno(k, "Failed to undo IDNA: %m");
+        if (k > 0)
+                r = k;
 
-                if (!utf8_is_valid(label))
-                        return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
-                                               "System hostname is not UTF-8 clean.");
-                decoded = label;
+        if (!utf8_is_valid(label))
+                return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
+                                       "System hostname is not UTF-8 clean.");
+        decoded = label;
 #else
-                decoded = label; /* no decoding */
+        decoded = label; /* no decoding */
 #endif
-        }
 
         r = dns_label_escape_new(decoded, r, &n);
         if (r < 0)

src/shared/dns-domain.c

@@ -1,5 +1,12 @@
 /* SPDX-License-Identifier: LGPL-2.1+ */
 
+#if HAVE_LIBIDN2
+#  include <idn2.h>
+#elif HAVE_LIBIDN
+#  include <idna.h>
+#  include <stringprep.h>
+#endif
+
 #include <endian.h>
 #include <netinet/in.h>
 #include <stdio.h>
@@ -10,7 +17,6 @@
 #include "hashmap.h"
 #include "hexdecoct.h"
 #include "hostname-util.h"
-#include "idn-util.h"
 #include "in-addr-util.h"
 #include "macro.h"
 #include "parse-util.h"
@@ -306,17 +312,12 @@ int dns_label_apply_idna(const char *encoded, size_t encoded_size, char *decoded
         const char *p;
         bool contains_8bit = false;
         char buffer[DNS_LABEL_MAX+1];
-        int r;
 
         assert(encoded);
         assert(decoded);
 
         /* Converts an U-label into an A-label */
 
-        r = dlopen_idn();
-        if (r < 0)
-                return r;
-
         if (encoded_size <= 0)
                 return -EINVAL;
 
@@ -331,11 +332,11 @@ int dns_label_apply_idna(const char *encoded, size_t encoded_size, char *decoded
                 return 0;
         }
 
-        input = sym_stringprep_utf8_to_ucs4(encoded, encoded_size, &input_size);
+        input = stringprep_utf8_to_ucs4(encoded, encoded_size, &input_size);
         if (!input)
                 return -ENOMEM;
 
-        if (sym_idna_to_ascii_4i(input, input_size, buffer, 0) != 0)
+        if (idna_to_ascii_4i(input, input_size, buffer, 0) != 0)
                 return -EINVAL;
 
         l = strlen(buffer);
@@ -361,33 +362,28 @@ int dns_label_undo_idna(const char *encoded, size_t encoded_size, char *decoded,
         _cleanup_free_ char *result = NULL;
         uint32_t *output = NULL;
         size_t w;
-        int r;
 
         /* To be invoked after unescaping. Converts an A-label into an U-label. */
 
         assert(encoded);
         assert(decoded);
 
-        r = dlopen_idn();
-        if (r < 0)
-                return r;
-
         if (encoded_size <= 0 || encoded_size > DNS_LABEL_MAX)
                 return -EINVAL;
 
         if (!memory_startswith(encoded, encoded_size, IDNA_ACE_PREFIX))
                 return 0;
 
-        input = sym_stringprep_utf8_to_ucs4(encoded, encoded_size, &input_size);
+        input = stringprep_utf8_to_ucs4(encoded, encoded_size, &input_size);
         if (!input)
                 return -ENOMEM;
 
         output_size = input_size;
         output = newa(uint32_t, output_size);
 
-        sym_idna_to_unicode_44i(input, input_size, output, &output_size, 0);
+        idna_to_unicode_44i(input, input_size, output, &output_size, 0);
 
-        result = sym_stringprep_ucs4_to_utf8(output, output_size, NULL, &w);
+        result = stringprep_ucs4_to_utf8(output, output_size, NULL, &w);
         if (!result)
                 return -ENOMEM;
         if (w <= 0)
@@ -1270,38 +1266,26 @@ int dns_name_common_suffix(const char *a, const char *b, const char **ret) {
 }
 
 int dns_name_apply_idna(const char *name, char **ret) {
-
         /* Return negative on error, 0 if not implemented, positive on success. */
 
-#if HAVE_LIBIDN2 || HAVE_LIBIDN2
-        int r;
-
-        r = dlopen_idn();
-        if (r == EOPNOTSUPP) {
-                *ret = NULL;
-                return 0;
-        }
-        if (r < 0)
-                return r;
-#endif
-
 #if HAVE_LIBIDN2
+        int r;
         _cleanup_free_ char *t = NULL;
 
         assert(name);
         assert(ret);
 
-        r = sym_idn2_lookup_u8((uint8_t*) name, (uint8_t**) &t,
-                               IDN2_NFC_INPUT | IDN2_NONTRANSITIONAL);
+        r = idn2_lookup_u8((uint8_t*) name, (uint8_t**) &t,
+                           IDN2_NFC_INPUT | IDN2_NONTRANSITIONAL);
         log_debug("idn2_lookup_u8: %s → %s", name, t);
         if (r == IDN2_OK) {
                 if (!startswith(name, "xn--")) {
                         _cleanup_free_ char *s = NULL;
 
-                        r = sym_idn2_to_unicode_8z8z(t, &s, 0);
+                        r = idn2_to_unicode_8z8z(t, &s, 0);
                         if (r != IDN2_OK) {
                                 log_debug("idn2_to_unicode_8z8z(\"%s\") failed: %d/%s",
-                                          t, r, sym_idn2_strerror(r));
+                                          t, r, idn2_strerror(r));
                                 return 0;
                         }
 
@@ -1317,7 +1301,7 @@ int dns_name_apply_idna(const char *name, char **ret) {
                 return 1; /* *ret has been written */
         }
 
-        log_debug("idn2_lookup_u8(\"%s\") failed: %d/%s", name, r, sym_idn2_strerror(r));
+        log_debug("idn2_lookup_u8(\"%s\") failed: %d/%s", name, r, idn2_strerror(r));
         if (r == IDN2_2HYPHEN)
                 /* The name has two hyphens — forbidden by IDNA2008 in some cases */
                 return 0;
@@ -1374,7 +1358,6 @@ int dns_name_apply_idna(const char *name, char **ret) {
 
         return 1;
 #else
-        *ret = NULL;
         return 0;
 #endif
 }

src/shared/idn-util.c

@@ -1,91 +0,0 @@
-/* SPDX-License-Identifier: LGPL-2.1+ */
-
-#if HAVE_LIBIDN2
-#  include <idn2.h>
-#elif HAVE_LIBIDN
-#  include <idna.h>
-#  include <stringprep.h>
-#endif
-
-#include "alloc-util.h"
-#include "dlfcn-util.h"
-#include "idn-util.h"
-
-#if HAVE_LIBIDN || HAVE_LIBIDN2
-static void* idn_dl = NULL;
-#endif
-
-#if HAVE_LIBIDN2
-int (*sym_idn2_lookup_u8)(const uint8_t* src, uint8_t** lookupname, int flags) = NULL;
-const char *(*sym_idn2_strerror)(int rc) = NULL;
-int (*sym_idn2_to_unicode_8z8z)(const char * input, char ** output, int flags) = NULL;
-
-int dlopen_idn(void) {
-        _cleanup_(dlclosep) void *dl = NULL;
-        int r;
-
-        if (idn_dl)
-                return 0; /* Already loaded */
-
-        dl = dlopen("libidn2.so.0", RTLD_LAZY);
-        if (!dl)
-                return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
-                                       "libidn2 support is not installed: %s", dlerror());
-
-        r = dlsym_many_and_warn(
-                        dl,
-                        LOG_DEBUG,
-                        &sym_idn2_lookup_u8, "idn2_lookup_u8",
-                        &sym_idn2_strerror, "idn2_strerror",
-                        &sym_idn2_to_unicode_8z8z, "idn2_to_unicode_8z8z",
-                        NULL);
-        if (r < 0)
-                return r;
-
-        /* Note that we never release the reference here, because there's no real reason to, after all this
-         * was traditionally a regular shared library dependency which lives forever too. */
-        idn_dl = TAKE_PTR(dl);
-
-        return 1;
-}
-#endif
-
-#if HAVE_LIBIDN
-int (*sym_idna_to_ascii_4i)(const uint32_t * in, size_t inlen, char *out, int flags);
-int (*sym_idna_to_unicode_44i)(const uint32_t * in, size_t inlen,uint32_t * out, size_t * outlen, int flags);
-char* (*sym_stringprep_ucs4_to_utf8)(const uint32_t * str, ssize_t len, size_t * items_read, size_t * items_written);
-uint32_t* (*sym_stringprep_utf8_to_ucs4)(const char *str, ssize_t len, size_t *items_written);
-
-int dlopen_idn(void) {
-        _cleanup_(dlclosep) void *dl = NULL;
-        int r;
-
-        if (idn_dl)
-                return 0; /* Already loaded */
-
-        dl = dlopen("libidn.so.12", RTLD_LAZY);
-        if (!dl) {
-                /* libidn broke ABI in 1.34, but not in a way we care about (a new field got added to an
-                 * open-coded struct we do not use), hence support both versions. */
-                dl = dlopen("libidn.so.11", RTLD_LAZY);
-                if (!dl)
-                        return log_debug_errno(SYNTHETIC_ERRNO(EOPNOTSUPP),
-                                               "libidn support is not installed: %s", dlerror());
-        }
-
-        r = dlsym_many_and_warn(
-                        dl,
-                        LOG_DEBUG,
-                        &sym_idna_to_ascii_4i, "idna_to_ascii_4i",
-                        &sym_idna_to_unicode_44i, "idna_to_unicode_44i",
-                        &sym_stringprep_ucs4_to_utf8, "stringprep_ucs4_to_utf8",
-                        &sym_stringprep_utf8_to_ucs4, "stringprep_utf8_to_ucs4",
-                        NULL);
-        if (r < 0)
-                return r;
-
-        idn_dl = TAKE_PTR(dl);
-
-        return 1;
-}
-#endif

src/shared/idn-util.h

@@ -1,32 +0,0 @@
-/* SPDX-License-Identifier: LGPL-2.1+ */
-#pragma once
-
-#if HAVE_LIBIDN2
-#  include <idn2.h>
-#elif HAVE_LIBIDN
-#  include <idna.h>
-#  include <stringprep.h>
-#endif
-
-#include <inttypes.h>
-
-#if HAVE_LIBIDN2 || HAVE_LIBIDN
-int dlopen_idn(void);
-#else
-static inline int dlopen_idn(void) {
-        return -EOPNOTSUPP;
-}
-#endif
-
-#if HAVE_LIBIDN2
-extern int (*sym_idn2_lookup_u8)(const uint8_t* src, uint8_t** lookupname, int flags);
-extern const char *(*sym_idn2_strerror)(int rc);
-extern int (*sym_idn2_to_unicode_8z8z)(const char * input, char ** output, int flags);
-#endif
-
-#if HAVE_LIBIDN
-extern int (*sym_idna_to_ascii_4i)(const uint32_t * in, size_t inlen, char *out, int flags);
-extern int (*sym_idna_to_unicode_44i)(const uint32_t * in, size_t inlen,uint32_t * out, size_t * outlen, int flags);
-extern char* (*sym_stringprep_ucs4_to_utf8)(const uint32_t * str, ssize_t len, size_t * items_read, size_t * items_written);
-extern uint32_t* (*sym_stringprep_utf8_to_ucs4)(const char *str, ssize_t len, size_t *items_written);
-#endif

src/shared/meson.build

@@ -117,8 +117,6 @@ shared_sources = files('''
         group-record.h
         id128-print.c
         id128-print.h
-        idn-util.c
-        idn-util.h
         ima-util.c
         ima-util.h
         import-util.c
@@ -357,6 +355,7 @@ libshared_deps = [threads,
                   libcap,
                   libcrypt,
                   libgcrypt,
+                  libidn,
                   libiptc,
                   libkmod,
                   liblz4,