diff options
| author | Bug Magnet <marco.nikic@mullvad.net> | 2024-11-05 10:13:35 +0100 |
|---|---|---|
| committer | Bug Magnet <marco.nikic@mullvad.net> | 2024-11-26 11:03:54 +0100 |
| commit | dd66d1246b005594a16841ec945bf98914e80899 (patch) | |
| tree | 4337bf013ef0591dfee8fbf0fecf4f0401b036aa | |
| parent | 038be31659eba06001e15185256bd64ee4e105bc (diff) | |
| download | mullvadvpn-dd66d1246b005594a16841ec945bf98914e80899.tar.xz mullvadvpn-dd66d1246b005594a16841ec945bf98914e80899.zip | |
Allow override of encrypted DNS domain name
| -rw-r--r-- | ios/MullvadRustRuntime/EncryptedDNSProxy.swift | 2 | ||||
| -rw-r--r-- | ios/MullvadRustRuntime/include/mullvad_rust_runtime.h | 2 | ||||
| -rw-r--r-- | mullvad-daemon/src/api.rs | 2 | ||||
| -rw-r--r-- | mullvad-encrypted-dns-proxy/src/config_resolver.rs | 5 | ||||
| -rw-r--r-- | mullvad-encrypted-dns-proxy/src/state.rs | 4 | ||||
| -rw-r--r-- | mullvad-ios/src/encrypted_dns_proxy.rs | 16 |
6 files changed, 22 insertions, 9 deletions
diff --git a/ios/MullvadRustRuntime/EncryptedDNSProxy.swift b/ios/MullvadRustRuntime/EncryptedDNSProxy.swift index 690e2459d0..5179cbc51b 100644 --- a/ios/MullvadRustRuntime/EncryptedDNSProxy.swift +++ b/ios/MullvadRustRuntime/EncryptedDNSProxy.swift @@ -20,7 +20,7 @@ public class EncryptedDNSProxy { private let state: OpaquePointer public init() { - state = encrypted_dns_proxy_init() + state = encrypted_dns_proxy_init("frakta.eu") proxyConfig = ProxyHandle(context: nil, port: 0) } diff --git a/ios/MullvadRustRuntime/include/mullvad_rust_runtime.h b/ios/MullvadRustRuntime/include/mullvad_rust_runtime.h index 26904b89df..ad13d1f6e0 100644 --- a/ios/MullvadRustRuntime/include/mullvad_rust_runtime.h +++ b/ios/MullvadRustRuntime/include/mullvad_rust_runtime.h @@ -34,7 +34,7 @@ extern const uint16_t CONFIG_SERVICE_PORT; /** * Initializes a valid pointer to an instance of `EncryptedDnsProxyState`. */ -struct EncryptedDnsProxyState *encrypted_dns_proxy_init(void); +struct EncryptedDnsProxyState *encrypted_dns_proxy_init(const char *domain_name); /** * This must be called only once to deallocate `EncryptedDnsProxyState`. diff --git a/mullvad-daemon/src/api.rs b/mullvad-daemon/src/api.rs index 2558dbfee8..a0fef2c984 100644 --- a/mullvad-daemon/src/api.rs +++ b/mullvad-daemon/src/api.rs @@ -609,7 +609,7 @@ impl AccessModeSelector { ApiConnectionMode::Proxied(ProxyConfig::from(proxy)) } AccessMethod::BuiltIn(BuiltInAccessMethod::EncryptedDnsProxy) => { - if let Err(error) = encrypted_dns_proxy_cache.fetch_configs().await { + if let Err(error) = encrypted_dns_proxy_cache.fetch_configs("frakta.eu").await { log::warn!("Failed to fetch new Encrypted DNS Proxy configurations"); log::debug!("{error:#?}"); } diff --git a/mullvad-encrypted-dns-proxy/src/config_resolver.rs b/mullvad-encrypted-dns-proxy/src/config_resolver.rs index b763183a1b..96aa64e938 100644 --- a/mullvad-encrypted-dns-proxy/src/config_resolver.rs +++ b/mullvad-encrypted-dns-proxy/src/config_resolver.rs @@ -61,8 +61,9 @@ pub fn default_resolvers() -> Vec<Nameserver> { ] } -pub async fn resolve_default_config() -> Result<Vec<config::ProxyConfig>, Error> { - resolve_configs(&default_resolvers(), "frakta.eu").await +pub async fn resolve_default_config(domain: &str) -> Result<Vec<config::ProxyConfig>, Error> { + // TODO: We should remove the default value here and just force the callers to provide a domain instead + resolve_configs(&default_resolvers(), domain).await } /// Look up the `domain` towards the given `resolvers`, and try to deserialize all the returned diff --git a/mullvad-encrypted-dns-proxy/src/state.rs b/mullvad-encrypted-dns-proxy/src/state.rs index daad7123be..3d6a26a0ce 100644 --- a/mullvad-encrypted-dns-proxy/src/state.rs +++ b/mullvad-encrypted-dns-proxy/src/state.rs @@ -59,8 +59,8 @@ impl EncryptedDnsProxyState { } /// Fetch a config, but error out only when no existing configuration was there. - pub async fn fetch_configs(&mut self) -> Result<(), FetchConfigError> { - match resolve_default_config().await { + pub async fn fetch_configs(&mut self, domain: &str) -> Result<(), FetchConfigError> { + match resolve_default_config(domain).await { Ok(new_configs) => { self.configurations = HashSet::from_iter(new_configs.into_iter()); } diff --git a/mullvad-ios/src/encrypted_dns_proxy.rs b/mullvad-ios/src/encrypted_dns_proxy.rs index cf4219897e..d371044d48 100644 --- a/mullvad-ios/src/encrypted_dns_proxy.rs +++ b/mullvad-ios/src/encrypted_dns_proxy.rs @@ -1,5 +1,6 @@ use crate::ProxyHandle; +use libc::c_char; use mullvad_encrypted_dns_proxy::state::{EncryptedDnsProxyState as State, FetchConfigError}; use mullvad_encrypted_dns_proxy::Forwarder; use std::{ @@ -9,10 +10,13 @@ use std::{ }; use tokio::{net::TcpListener, task::JoinHandle}; +use std::ffi::CStr; + /// A thin wrapper around [`mullvad_encrypted_dns_proxy::state::EncryptedDnsProxyState`] that /// can start a local forwarder (see [`Self::start`]). pub struct EncryptedDnsProxyState { state: State, + domain: String, } #[derive(Debug)] @@ -47,7 +51,7 @@ impl From<Error> for i32 { impl EncryptedDnsProxyState { async fn start(&mut self) -> Result<ProxyHandle, Error> { self.state - .fetch_configs() + .fetch_configs(&self.domain) .await .map_err(Error::FetchConfig)?; let proxy_configuration = self.state.next_configuration().ok_or(Error::NoConfigs)?; @@ -79,9 +83,17 @@ impl EncryptedDnsProxyState { /// Initializes a valid pointer to an instance of `EncryptedDnsProxyState`. #[no_mangle] -pub unsafe extern "C" fn encrypted_dns_proxy_init() -> *mut EncryptedDnsProxyState { +pub unsafe extern "C" fn encrypted_dns_proxy_init( + domain_name: *const c_char, +) -> *mut EncryptedDnsProxyState { + let domain = unsafe { + let c_str = CStr::from_ptr(domain_name); + String::from_utf8_lossy(c_str.to_bytes()) + }; + let state = Box::new(EncryptedDnsProxyState { state: State::default(), + domain: domain.into_owned(), }); Box::into_raw(state) } |