MFV (r277045): merge upstream version of the local socket patch.
This commit is contained in:
commit
748bd82957
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=277057
@ -351,6 +351,9 @@
|
|||||||
/* Define to 1 if `ipi_spec_dst' is a member of `struct in_pktinfo'. */
|
/* Define to 1 if `ipi_spec_dst' is a member of `struct in_pktinfo'. */
|
||||||
/* #undef HAVE_STRUCT_IN_PKTINFO_IPI_SPEC_DST */
|
/* #undef HAVE_STRUCT_IN_PKTINFO_IPI_SPEC_DST */
|
||||||
|
|
||||||
|
/* Define to 1 if `sun_len' is a member of `struct sockaddr_un'. */
|
||||||
|
#define HAVE_STRUCT_SOCKADDR_UN_SUN_LEN 1
|
||||||
|
|
||||||
/* Define if you have Swig libraries and header files. */
|
/* Define if you have Swig libraries and header files. */
|
||||||
/* #undef HAVE_SWIG */
|
/* #undef HAVE_SWIG */
|
||||||
|
|
||||||
|
@ -350,6 +350,9 @@
|
|||||||
/* Define to 1 if `ipi_spec_dst' is a member of `struct in_pktinfo'. */
|
/* Define to 1 if `ipi_spec_dst' is a member of `struct in_pktinfo'. */
|
||||||
#undef HAVE_STRUCT_IN_PKTINFO_IPI_SPEC_DST
|
#undef HAVE_STRUCT_IN_PKTINFO_IPI_SPEC_DST
|
||||||
|
|
||||||
|
/* Define to 1 if `sun_len' is a member of `struct sockaddr_un'. */
|
||||||
|
#undef HAVE_STRUCT_SOCKADDR_UN_SUN_LEN
|
||||||
|
|
||||||
/* Define if you have Swig libraries and header files. */
|
/* Define if you have Swig libraries and header files. */
|
||||||
#undef HAVE_SWIG
|
#undef HAVE_SWIG
|
||||||
|
|
||||||
|
1518
contrib/unbound/configure
vendored
1518
contrib/unbound/configure
vendored
File diff suppressed because it is too large
Load Diff
@ -938,6 +938,12 @@ if test $ac_cv_func_daemon = yes; then
|
|||||||
])
|
])
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
AC_CHECK_MEMBERS([struct sockaddr_un.sun_len],,,[
|
||||||
|
AC_INCLUDES_DEFAULT
|
||||||
|
#ifdef HAVE_SYS_UN_H
|
||||||
|
#include <sys/un.h>
|
||||||
|
#endif
|
||||||
|
])
|
||||||
AC_CHECK_MEMBERS([struct in_pktinfo.ipi_spec_dst],,,[
|
AC_CHECK_MEMBERS([struct in_pktinfo.ipi_spec_dst],,,[
|
||||||
AC_INCLUDES_DEFAULT
|
AC_INCLUDES_DEFAULT
|
||||||
#if HAVE_SYS_PARAM_H
|
#if HAVE_SYS_PARAM_H
|
||||||
|
@ -142,6 +142,7 @@ timeval_divide(struct timeval* avg, const struct timeval* sum, size_t d)
|
|||||||
* The following function was generated using the openssl utility, using
|
* The following function was generated using the openssl utility, using
|
||||||
* the command : "openssl dhparam -dsaparam -C 512"
|
* the command : "openssl dhparam -dsaparam -C 512"
|
||||||
*/
|
*/
|
||||||
|
#ifndef S_SPLINT_S
|
||||||
DH *get_dh512()
|
DH *get_dh512()
|
||||||
{
|
{
|
||||||
static unsigned char dh512_p[]={
|
static unsigned char dh512_p[]={
|
||||||
@ -170,6 +171,7 @@ DH *get_dh512()
|
|||||||
dh->length = 160;
|
dh->length = 160;
|
||||||
return(dh);
|
return(dh);
|
||||||
}
|
}
|
||||||
|
#endif /* SPLINT */
|
||||||
|
|
||||||
struct daemon_remote*
|
struct daemon_remote*
|
||||||
daemon_remote_create(struct config_file* cfg)
|
daemon_remote_create(struct config_file* cfg)
|
||||||
@ -299,6 +301,7 @@ void daemon_remote_delete(struct daemon_remote* rc)
|
|||||||
* @param nr: port nr
|
* @param nr: port nr
|
||||||
* @param list: list head
|
* @param list: list head
|
||||||
* @param noproto_is_err: if lack of protocol support is an error.
|
* @param noproto_is_err: if lack of protocol support is an error.
|
||||||
|
* @param cfg: config with username for chown of unix-sockets.
|
||||||
* @return false on failure.
|
* @return false on failure.
|
||||||
*/
|
*/
|
||||||
static int
|
static int
|
||||||
@ -326,7 +329,7 @@ add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err,
|
|||||||
if(fd != -1) {
|
if(fd != -1) {
|
||||||
if (cfg->username && cfg->username[0])
|
if (cfg->username && cfg->username[0])
|
||||||
chown(ip, cfg->uid, cfg->gid);
|
chown(ip, cfg->uid, cfg->gid);
|
||||||
chmod(ip, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
|
chmod(ip, (mode_t)(S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP));
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
hints.ai_socktype = SOCK_STREAM;
|
hints.ai_socktype = SOCK_STREAM;
|
||||||
|
@ -441,8 +441,6 @@ static void
|
|||||||
perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
|
perform_setup(struct daemon* daemon, struct config_file* cfg, int debug_mode,
|
||||||
const char** cfgfile)
|
const char** cfgfile)
|
||||||
{
|
{
|
||||||
log_assert(cfg);
|
|
||||||
|
|
||||||
#ifdef HAVE_GETPWNAM
|
#ifdef HAVE_GETPWNAM
|
||||||
struct passwd *pwd = NULL;
|
struct passwd *pwd = NULL;
|
||||||
|
|
||||||
@ -653,6 +651,7 @@ run_daemon(const char* cfgfile, int cmdline_verbose, int debug_mode)
|
|||||||
log_warn("Continuing with default config settings");
|
log_warn("Continuing with default config settings");
|
||||||
}
|
}
|
||||||
apply_settings(daemon, cfg, cmdline_verbose, debug_mode);
|
apply_settings(daemon, cfg, cmdline_verbose, debug_mode);
|
||||||
|
config_lookup_uid(cfg);
|
||||||
|
|
||||||
/* prepare */
|
/* prepare */
|
||||||
if(!daemon_open_shared_ports(daemon))
|
if(!daemon_open_shared_ports(daemon))
|
||||||
|
@ -1,6 +1,11 @@
|
|||||||
8 December 2014: Wouter
|
8 December 2014: Wouter
|
||||||
- Fix CVE-2014-8602: denial of service by making resolver chase
|
- Fix CVE-2014-8602: denial of service by making resolver chase
|
||||||
endless series of delegations.
|
endless series of delegations.
|
||||||
|
- patch for remote control over local sockets, from Dag-Erling
|
||||||
|
Smorgrav, Ilya Bakulin. Use control-interface: /path/sock and
|
||||||
|
control-use-cert: no.
|
||||||
|
- Fixup that patch and uid lookup (only for daemon).
|
||||||
|
- coded the default of control-use-cert, to yes.
|
||||||
|
|
||||||
1 December 2014: Wouter
|
1 December 2014: Wouter
|
||||||
- Fix bug#632: unbound fails to build on AArch64, protects
|
- Fix bug#632: unbound fails to build on AArch64, protects
|
||||||
|
@ -976,7 +976,7 @@ default is 8953.
|
|||||||
If you change this and permissions have been dropped, you must restart
|
If you change this and permissions have been dropped, you must restart
|
||||||
the server for the change to take effect.
|
the server for the change to take effect.
|
||||||
.TP 5
|
.TP 5
|
||||||
.B control-use-cert: \fI<yes or no>
|
.B control\-use\-cert: \fI<yes or no>
|
||||||
Whether to require certificate authentication of control connections.
|
Whether to require certificate authentication of control connections.
|
||||||
The default is "yes".
|
The default is "yes".
|
||||||
This should not be changed unless there are other mechanisms in place
|
This should not be changed unless there are other mechanisms in place
|
||||||
|
@ -976,7 +976,7 @@ default is 8953.
|
|||||||
If you change this and permissions have been dropped, you must restart
|
If you change this and permissions have been dropped, you must restart
|
||||||
the server for the change to take effect.
|
the server for the change to take effect.
|
||||||
.TP 5
|
.TP 5
|
||||||
.B control-use-cert: \fI<yes or no>
|
.B control\-use\-cert: \fI<yes or no>
|
||||||
Whether to require certificate authentication of control connections.
|
Whether to require certificate authentication of control connections.
|
||||||
The default is "yes".
|
The default is "yes".
|
||||||
This should not be changed unless there are other mechanisms in place
|
This should not be changed unless there are other mechanisms in place
|
||||||
|
@ -576,15 +576,19 @@ create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto,
|
|||||||
}
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
create_local_accept_sock(char *path, int* noproto)
|
create_local_accept_sock(const char *path, int* noproto)
|
||||||
{
|
{
|
||||||
#ifdef HAVE_SYS_UN_H
|
#ifdef HAVE_SYS_UN_H
|
||||||
int s;
|
int s;
|
||||||
struct sockaddr_un sun;
|
struct sockaddr_un sun;
|
||||||
|
|
||||||
sun.sun_len = sizeof(sun);
|
#ifdef HAVE_STRUCT_SOCKADDR_UN_SUN_LEN
|
||||||
|
/* this member exists on BSDs, not Linux */
|
||||||
|
sun.sun_len = (sa_family_t)sizeof(sun);
|
||||||
|
#endif
|
||||||
sun.sun_family = AF_LOCAL;
|
sun.sun_family = AF_LOCAL;
|
||||||
strlcpy(sun.sun_path, path, 104);
|
/* length is 92-108, 104 on FreeBSD */
|
||||||
|
(void)strlcpy(sun.sun_path, path, sizeof(sun.sun_path));
|
||||||
|
|
||||||
if ((s = socket(PF_LOCAL, SOCK_STREAM, 0)) == -1) {
|
if ((s = socket(PF_LOCAL, SOCK_STREAM, 0)) == -1) {
|
||||||
log_err("Cannot create local socket %s (%s)",
|
log_err("Cannot create local socket %s (%s)",
|
||||||
@ -600,7 +604,7 @@ create_local_accept_sock(char *path, int* noproto)
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (bind(s, (struct sockaddr *)&sun,
|
if (bind(s, (struct sockaddr *)&sun,
|
||||||
sizeof(struct sockaddr_un)) == -1) {
|
(socklen_t)sizeof(struct sockaddr_un)) == -1) {
|
||||||
log_err("Cannot bind local socket %s (%s)",
|
log_err("Cannot bind local socket %s (%s)",
|
||||||
path, strerror(errno));
|
path, strerror(errno));
|
||||||
return -1;
|
return -1;
|
||||||
@ -616,6 +620,7 @@ create_local_accept_sock(char *path, int* noproto)
|
|||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
(void)noproto; /*unused*/
|
||||||
return s;
|
return s;
|
||||||
#else
|
#else
|
||||||
log_err("Local sockets are not supported");
|
log_err("Local sockets are not supported");
|
||||||
|
@ -214,6 +214,6 @@ int create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto,
|
|||||||
* are not supported.
|
* are not supported.
|
||||||
* @return: the socket. -1 on error.
|
* @return: the socket. -1 on error.
|
||||||
*/
|
*/
|
||||||
int create_local_accept_sock(char* path, int* noproto);
|
int create_local_accept_sock(const char* path, int* noproto);
|
||||||
|
|
||||||
#endif /* LISTEN_DNSPORT_H */
|
#endif /* LISTEN_DNSPORT_H */
|
||||||
|
@ -140,7 +140,7 @@ static void ssl_err(const char* s)
|
|||||||
static SSL_CTX*
|
static SSL_CTX*
|
||||||
setup_ctx(struct config_file* cfg)
|
setup_ctx(struct config_file* cfg)
|
||||||
{
|
{
|
||||||
char* s_cert, *c_key, *c_cert;
|
char* s_cert=NULL, *c_key=NULL, *c_cert=NULL;
|
||||||
SSL_CTX* ctx;
|
SSL_CTX* ctx;
|
||||||
|
|
||||||
if(cfg->remote_control_use_cert) {
|
if(cfg->remote_control_use_cert) {
|
||||||
@ -206,9 +206,11 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd)
|
|||||||
} else if(svr[0] == '/') {
|
} else if(svr[0] == '/') {
|
||||||
struct sockaddr_un* sun = (struct sockaddr_un *) &addr;
|
struct sockaddr_un* sun = (struct sockaddr_un *) &addr;
|
||||||
sun->sun_family = AF_LOCAL;
|
sun->sun_family = AF_LOCAL;
|
||||||
sun->sun_len = sizeof(sun);
|
#ifdef HAVE_STRUCT_SOCKADDR_UN_SUN_LEN
|
||||||
strlcpy(sun->sun_path, svr, 104);
|
sun->sun_len = (sa_family_t)sizeof(sun);
|
||||||
addrlen = sizeof(struct sockaddr_un);
|
#endif
|
||||||
|
(void)strlcpy(sun->sun_path, svr, sizeof(sun->sun_path));
|
||||||
|
addrlen = (socklen_t)sizeof(struct sockaddr_un);
|
||||||
addrfamily = AF_LOCAL;
|
addrfamily = AF_LOCAL;
|
||||||
#endif
|
#endif
|
||||||
} else {
|
} else {
|
||||||
|
@ -201,6 +201,7 @@ config_create(void)
|
|||||||
cfg->remote_control_enable = 0;
|
cfg->remote_control_enable = 0;
|
||||||
cfg->control_ifs = NULL;
|
cfg->control_ifs = NULL;
|
||||||
cfg->control_port = UNBOUND_CONTROL_PORT;
|
cfg->control_port = UNBOUND_CONTROL_PORT;
|
||||||
|
cfg->remote_control_use_cert = 1;
|
||||||
cfg->minimal_responses = 0;
|
cfg->minimal_responses = 0;
|
||||||
cfg->rrset_roundrobin = 0;
|
cfg->rrset_roundrobin = 0;
|
||||||
cfg->max_udp_size = 4096;
|
cfg->max_udp_size = 4096;
|
||||||
@ -805,16 +806,6 @@ config_read(struct config_file* cfg, const char* filename, const char* chroot)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
#ifdef HAVE_GETPWNAM
|
|
||||||
/* translate username into uid and gid */
|
|
||||||
if(cfg->username && cfg->username[0]) {
|
|
||||||
struct passwd *pwd;
|
|
||||||
if((pwd = getpwnam(cfg->username)) == NULL)
|
|
||||||
log_err("user '%s' does not exist.", cfg->username);
|
|
||||||
cfg->uid = pwd->pw_uid;
|
|
||||||
cfg->gid = pwd->pw_gid;
|
|
||||||
}
|
|
||||||
#endif
|
|
||||||
return 1;
|
return 1;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1203,6 +1194,20 @@ config_apply(struct config_file* config)
|
|||||||
log_set_time_asc(config->log_time_ascii);
|
log_set_time_asc(config->log_time_ascii);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void config_lookup_uid(struct config_file* cfg)
|
||||||
|
{
|
||||||
|
#ifdef HAVE_GETPWNAM
|
||||||
|
/* translate username into uid and gid */
|
||||||
|
if(cfg->username && cfg->username[0]) {
|
||||||
|
struct passwd *pwd;
|
||||||
|
if((pwd = getpwnam(cfg->username)) == NULL)
|
||||||
|
log_err("user '%s' does not exist.", cfg->username);
|
||||||
|
cfg->uid = pwd->pw_uid;
|
||||||
|
cfg->gid = pwd->pw_gid;
|
||||||
|
}
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Calculate string length of full pathname in original filesys
|
* Calculate string length of full pathname in original filesys
|
||||||
* @param fname: the path name to convert.
|
* @param fname: the path name to convert.
|
||||||
|
@ -426,6 +426,12 @@ void config_delete(struct config_file* config);
|
|||||||
*/
|
*/
|
||||||
void config_apply(struct config_file* config);
|
void config_apply(struct config_file* config);
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Find username, sets uid and gid.
|
||||||
|
* @param config: the config structure.
|
||||||
|
*/
|
||||||
|
void config_lookup_uid(struct config_file* config);
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Set the given keyword to the given value.
|
* Set the given keyword to the given value.
|
||||||
* @param config: where to store config
|
* @param config: where to store config
|
||||||
|
Loading…
Reference in New Issue
Block a user