Delete IPrivateDnsServer.h am: 86e45646

#include <string>

#include <vector>

#include <netdutils/InternetAddresses.h>

#include <netinet/in.h>

#include <params.h>

#include "IPrivateDnsServer.h"

#include "PrivateDnsCommon.h"

namespace android {

namespace net {

// DnsTlsServer represents a recursive resolver that supports, or may support, a

// secure protocol.

struct DnsTlsServer : public IPrivateDnsServer {

struct DnsTlsServer {

    // Default constructor.

    DnsTlsServer() {}

    explicit DnsTlsServer(const netdutils::IPAddress& ip)

        : DnsTlsServer(netdutils::IPSockAddr(ip, 853)) {}

        : DnsTlsServer(netdutils::IPSockAddr(ip, kDotPort)) {}

    explicit DnsTlsServer(const netdutils::IPSockAddr& addr) : ss(addr) {}

    // The server location, including IP and port.

    bool wasExplicitlyConfigured() const;

    std::string toIpString() const;

    PrivateDnsTransport transport() const override { return PrivateDnsTransport::kDot; }

    std::string provider() const override { return name; }

    netdutils::IPSockAddr addr() const override { return netdutils::IPSockAddr::toIPSockAddr(ss); }

    uint32_t validationMark() const override { return mark; }

    std::string provider() const { return name; }

    netdutils::IPSockAddr addr() const { return netdutils::IPSockAddr::toIPSockAddr(ss); }

    uint32_t validationMark() const { return mark; }

    Validation validationState() const override { return mValidation; }

    void setValidationState(Validation val) override { mValidation = val; }

    bool probe() override {

        // TODO: implement it.

        return false;

    }

    Validation validationState() const { return mValidation; }

    void setValidationState(Validation val) { mValidation = val; }

    // The socket mark used for validation.

    // Note that the mark of a connection to which the DnsResolver sends app's DNS requests can

    // Return whether or not the server can be used for a network. It depends on

    // the resolver configuration.

    bool active() const override { return mActive; }

    void setActive(bool val) override { mActive = val; }

    bool active() const { return mActive; }

    void setActive(bool val) { mActive = val; }

  private:

    // State, unrelated to the comparison of DnsTlsServer objects.

/*

 * Copyright (C) 2021 The Android Open Source Project

 *

 * Licensed under the Apache License, Version 2.0 (the "License");

 * you may not use this file except in compliance with the License.

 * You may obtain a copy of the License at

 *

 *      http://www.apache.org/licenses/LICENSE-2.0

 *

 * Unless required by applicable law or agreed to in writing, software

 * distributed under the License is distributed on an "AS IS" BASIS,

 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

 * See the License for the specific language governing permissions and

 * limitations under the License.

 */

#pragma once

#include <string>

#include <netdutils/InternetAddresses.h>

#include "PrivateDnsCommon.h"

namespace android::net {

class IPrivateDnsServer {

  public:

    virtual ~IPrivateDnsServer(){};

    virtual PrivateDnsTransport transport() const = 0;

    bool isDot() const { return transport() == PrivateDnsTransport::kDot; }

    bool isDoh() const { return transport() == PrivateDnsTransport::kDoh; }

    // Returns the provider name of the server.

    virtual std::string provider() const = 0;

    // Returns the IP address of the server.

    virtual netdutils::IPSockAddr addr() const = 0;

    // Returns the socket mark used for probe.

    virtual uint32_t validationMark() const = 0;

    // Sets the validation state.

    virtual void setValidationState(Validation val) = 0;

    // Returns the validation state.

    virtual Validation validationState() const = 0;

    // Checks the server supports private DNS.

    virtual bool probe() = 0;

    // Sets if the server should be active.

    virtual void setActive(bool val) = 0;

    // Returns if the server is active.

    virtual bool active() const = 0;

};

}  // namespace android::net

    PrivateDnsTracker tmp;

    for (const auto& s : servers) {

        // The IP addresses are guaranteed to be valid.

        auto server = std::make_unique<DnsTlsServer>(IPAddress::forString(s));

        server->name = name;

        server->certificate = caCert;

        server->mark = mark;

        tmp[ServerIdentity(*server)] = std::move(server);

        DnsTlsServer server(IPAddress::forString(s));

        server.name = name;

        server.certificate = caCert;

        server.mark = mark;

        tmp[ServerIdentity(server)] = server;

    }

    // Create the tracker if it was not present

    auto& tracker = mPrivateDnsTransports[netId];

    // Add the servers if not contained in tracker.

    for (auto& [identity, server] : tmp) {

    for (const auto& [identity, server] : tmp) {

        if (tracker.find(identity) == tracker.end()) {

            tracker[identity] = std::move(server);

            tracker[identity] = server;

        }

    }

    for (auto& [identity, server] : tracker) {

        const bool active = tmp.find(identity) != tmp.end();

        server->setActive(active);

        server.setActive(active);

        // For simplicity, deem the validation result of inactive servers as unreliable.

        if (!server->active() && server->validationState() == Validation::success) {

        if (!server.active() && server.validationState() == Validation::success) {

            updateServerState(identity, Validation::success_but_expired, netId);

        }

        if (needsValidation(*server)) {

        if (needsValidation(server)) {

            updateServerState(identity, Validation::in_process, netId);

            startValidation(identity, netId, false);

        }

    const auto netPair = mPrivateDnsTransports.find(netId);

    if (netPair != mPrivateDnsTransports.end()) {

        for (const auto& [_, server] : netPair->second) {

            if (server->isDot() && server->active()) {

                DnsTlsServer& dotServer = *static_cast<DnsTlsServer*>(server.get());

                status.dotServersMap.emplace(dotServer, server->validationState());

            if (server.active()) {

                status.dotServersMap.emplace(server, server.validationState());

            }

        }

    }

        return result.error();

    }

    const IPrivateDnsServer* server = result.value();

    const DnsTlsServer* target = result.value();

    if (!server->active()) return Errorf("Server is not active");

    if (!target->active()) return Errorf("Server is not active");

    if (server->validationState() != Validation::success) {

    if (target->validationState() != Validation::success) {

        return Errorf("Server validation state mismatched");

    }

    // Don't run the validation if |mark| (from android_net_context.dns_mark) is different.

    // This is to protect validation from running on unexpected marks.

    // Validation should be associated with a mark gotten by system permission.

    if (server->validationMark() != mark) return Errorf("Socket mark mismatched");

    if (target->validationMark() != mark) return Errorf("Socket mark mismatched");

    updateServerState(identity, Validation::in_process, netId);

    startValidation(identity, netId, true);

    // TODO: consider moving these code to the thread.

    const auto result = getPrivateDnsLocked(identity, netId);

    if (!result.ok()) return;

    DnsTlsServer server = *static_cast<const DnsTlsServer*>(result.value());

    DnsTlsServer server = *result.value();

    std::thread validate_thread([this, identity, server, netId, isRevalidation] {

        setThreadName(fmt::format("TlsVerify_{}", netId));

                     << " was removed during private DNS validation";

        success = false;

        reevaluationStatus = DONT_REEVALUATE;

    } else if (!serverPair->second->active()) {

    } else if (!serverPair->second.active()) {

        LOG(WARNING) << "Server " << identity.sockaddr.ip().toString()

                     << " was removed from the configuration";

        success = false;

    mPrivateDnsLog.push(std::move(record));

}

bool PrivateDnsConfiguration::needsValidation(const IPrivateDnsServer& server) const {

bool PrivateDnsConfiguration::needsValidation(const DnsTlsServer& server) const {

    // The server is not expected to be used on the network.

    if (!server.active()) return false;

    return false;

}

base::Result<IPrivateDnsServer*> PrivateDnsConfiguration::getPrivateDns(

        const ServerIdentity& identity, unsigned netId) {

base::Result<DnsTlsServer*> PrivateDnsConfiguration::getPrivateDns(const ServerIdentity& identity,

                                                                   unsigned netId) {

    std::lock_guard guard(mPrivateDnsLock);

    return getPrivateDnsLocked(identity, netId);

}

base::Result<IPrivateDnsServer*> PrivateDnsConfiguration::getPrivateDnsLocked(

base::Result<DnsTlsServer*> PrivateDnsConfiguration::getPrivateDnsLocked(

        const ServerIdentity& identity, unsigned netId) {

    auto netPair = mPrivateDnsTransports.find(netId);

    if (netPair == mPrivateDnsTransports.end()) {

                      identity.provider);

    }

    return iter->second.get();

    return &iter->second;

}

void PrivateDnsConfiguration::setObserver(PrivateDnsValidationObserver* observer) {

            for (const auto& [id, server] : netPair->second) {

                if ((identity.sockaddr.ip() == id.sockaddr.ip()) &&

                    (identity.sockaddr.port() != id.sockaddr.port()) &&

                    (server->validationState() == Validation::success)) {

                    (server.validationState() == Validation::success)) {

                    LOG(DEBUG) << __func__

                               << ": Skip reporting DoH validation failure event, server addr: "

                               << identity.sockaddr.ip().toString();

namespace android {

namespace net {

// TODO: decouple the dependency of DnsTlsServer.

struct PrivateDnsStatus {

    PrivateDnsMode mode;

        const netdutils::IPSockAddr sockaddr;

        const std::string provider;

        explicit ServerIdentity(const IPrivateDnsServer& server)

        explicit ServerIdentity(const DnsTlsServer& server)

            : sockaddr(server.addr()), provider(server.provider()) {}

        ServerIdentity(const netdutils::IPSockAddr& addr, const std::string& host)

            : sockaddr(addr), provider(host) {}

            EXCLUDES(mPrivateDnsLock);

  private:

    typedef std::map<ServerIdentity, std::unique_ptr<IPrivateDnsServer>> PrivateDnsTracker;

    typedef std::map<ServerIdentity, DnsTlsServer> PrivateDnsTracker;

    PrivateDnsConfiguration() = default;

    // Decide if a validation for |server| is needed. Note that servers that have failed

    // multiple validation attempts but for which there is still a validating

    // thread running are marked as being Validation::in_process.

    bool needsValidation(const IPrivateDnsServer& server) const REQUIRES(mPrivateDnsLock);

    bool needsValidation(const DnsTlsServer& server) const REQUIRES(mPrivateDnsLock);

    void updateServerState(const ServerIdentity& identity, Validation state, uint32_t netId)

            REQUIRES(mPrivateDnsLock);

    // For testing.

    base::Result<IPrivateDnsServer*> getPrivateDns(const ServerIdentity& identity, unsigned netId)

    base::Result<DnsTlsServer*> getPrivateDns(const ServerIdentity& identity, unsigned netId)

            EXCLUDES(mPrivateDnsLock);

    base::Result<IPrivateDnsServer*> getPrivateDnsLocked(const ServerIdentity& identity,

                                                         unsigned netId) REQUIRES(mPrivateDnsLock);

    base::Result<DnsTlsServer*> getPrivateDnsLocked(const ServerIdentity& identity, unsigned netId)

            REQUIRES(mPrivateDnsLock);

    void initDohLocked() REQUIRES(mPrivateDnsLock);

    int setDoh(int32_t netId, uint32_t mark, const std::vector<std::string>& servers,