This updates to the head of the unbound tree, adding Ilya Bakulin's code to
support unbound-control over a unix domain socket rather than SSL. I don't
see many standard cases needing the SSL socket any more, so I've removed
the code from the rc.d script that automatically generates SSL keys when
control-enable is used, if somebody wants to control from a remote machine
they can always do this themselves.
Any comments/OKs?
Index: etc/unbound.conf
===================================================================
RCS file: /cvs/src/etc/unbound.conf,v
retrieving revision 1.4
diff -u -p -r1.4 unbound.conf
--- etc/unbound.conf 2 Apr 2014 21:43:30 -0000 1.4
+++ etc/unbound.conf 17 Feb 2015 00:53:05 -0000
@@ -37,6 +37,11 @@ server:
#
#tcp-upstream: yes
+remote-control:
+ control-enable: yes
+ control-use-cert: no
+ control-interface: /var/run/unbound.sock
+
# Use an upstream forwarder (recursive resolver) for specific zones.
# Example addresses given below are public resolvers valid as of 2014/03.
#
Index: etc/rc.d/unbound
===================================================================
RCS file: /cvs/src/etc/rc.d/unbound,v
retrieving revision 1.2
diff -u -p -r1.2 unbound
--- etc/rc.d/unbound 29 Dec 2014 11:17:43 -0000 1.2
+++ etc/rc.d/unbound 17 Feb 2015 00:53:05 -0000
@@ -8,16 +8,9 @@ daemon_flags="-c /var/unbound/etc/unboun
. /etc/rc.d/rc.subr
pexp="unbound${daemon_flags:+ ${daemon_flags}}"
+rc_reload=NO
rc_pre() {
- if grep '^[[:space:]]*control-enable:[[:space:]]*yes' \
- /var/unbound/etc/unbound.conf > /dev/null 2>&1 && \
- ! [[ -f /var/unbound/etc/unbound_server.key ||
- -f /var/unbound/etc/unbound_server.pem ||
- -f /var/unbound/etc/unbound_control.key ||
- -f /var/unbound/etc/unbound_control.pem ]]; then
- /usr/sbin/unbound-control-setup 2> /dev/null
- fi
if grep '^[[:space:]]*auto-trust-anchor-file:' \
/var/unbound/etc/unbound.conf > /dev/null 2>&1; then
/usr/sbin/unbound-anchor -v || true
Index: usr.sbin/unbound/Makefile.in
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/Makefile.in,v
retrieving revision 1.13
diff -u -p -r1.13 Makefile.in
--- usr.sbin/unbound/Makefile.in 11 Dec 2014 16:26:58 -0000 1.13
+++ usr.sbin/unbound/Makefile.in 17 Feb 2015 00:53:05 -0000
@@ -459,8 +459,8 @@ strip:
$(STRIP) unbound$(EXEEXT)
$(STRIP) unbound-checkconf$(EXEEXT)
$(STRIP) unbound-control$(EXEEXT)
- $(STRIP) unbound-host$(EXEEXT)
- $(STRIP) unbound-anchor$(EXEEXT)
+ $(STRIP) unbound-host$(EXEEXT) || $(STRIP) .libs/unbound-host$(EXEEXT)
+ $(STRIP) unbound-anchor$(EXEEXT) || $(STRIP)
.libs/unbound-anchor$(EXEEXT)
pythonmod-install:
$(INSTALL) -m 755 -d $(DESTDIR)$(PYTHON_SITE_PKG)
@@ -579,6 +579,7 @@ depend:
-e
's?$$(srcdir)/util/configlexer.c?util/configlexer.c?g' \
-e
's?$$(srcdir)/util/configparser.c?util/configparser.c?g' \
-e
's?$$(srcdir)/util/configparser.h?util/configparser.h?g' \
+ -e 's?$$(srcdir)/dnstap/dnstap_config.h??g' \
-e
's?$$(srcdir)/pythonmod/pythonmod.h?$$(PYTHONMOD_HEADER)?g' \
-e 's!\(.*\)\.o[ :]*!\1.lo \1.o: !g' \
> $(DEPEND_TMP)
@@ -692,13 +693,14 @@ iter_utils.lo iter_utils.o: $(srcdir)/it
$(srcdir)/validator/val_utils.h $(srcdir)/validator/val_sigcrypt.h
$(srcdir)/ldns/sbuffer.h
listen_dnsport.lo listen_dnsport.o: $(srcdir)/services/listen_dnsport.c
config.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h
$(srcdir)/services/outside_network.h \
- $(srcdir)/util/rbtree.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h
$(srcdir)/util/net_help.h \
- $(srcdir)/ldns/sbuffer.h
+ $(srcdir)/util/rbtree.h $(srcdir)/util/log.h $(srcdir)/util/config_file.h \
+ $(srcdir)/util/net_help.h $(srcdir)/ldns/sbuffer.h
localzone.lo localzone.o: $(srcdir)/services/localzone.c config.h
$(srcdir)/services/localzone.h \
$(srcdir)/util/rbtree.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
$(srcdir)/ldns/str2wire.h $(srcdir)/ldns/rrdef.h \
$(srcdir)/ldns/sbuffer.h $(srcdir)/util/regional.h
$(srcdir)/util/config_file.h $(srcdir)/util/data/dname.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/data/packed_rrset.h
$(srcdir)/util/data/msgencode.h \
- $(srcdir)/util/net_help.h $(srcdir)/util/data/msgreply.h
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h
+ $(srcdir)/util/net_help.h $(srcdir)/util/netevent.h
$(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h
mesh.lo mesh.o: $(srcdir)/services/mesh.c config.h $(srcdir)/services/mesh.h
$(srcdir)/util/rbtree.h \
$(srcdir)/util/netevent.h $(srcdir)/util/data/msgparse.h
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h \
$(srcdir)/util/log.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h \
@@ -714,15 +716,16 @@ modstack.lo modstack.o: $(srcdir)/servic
$(srcdir)/services/outbound_list.h $(srcdir)/validator/validator.h
$(srcdir)/validator/val_utils.h
outbound_list.lo outbound_list.o: $(srcdir)/services/outbound_list.c config.h \
$(srcdir)/services/outbound_list.h $(srcdir)/services/outside_network.h
$(srcdir)/util/rbtree.h \
- $(srcdir)/util/netevent.h
+ $(srcdir)/util/netevent.h
outside_network.lo outside_network.o: $(srcdir)/services/outside_network.c
config.h \
$(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h
$(srcdir)/util/netevent.h \
- $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/infra.h
$(srcdir)/util/storage/lruhash.h \
- $(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/rtt.h
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h \
- $(srcdir)/ldns/rrdef.h $(srcdir)/util/data/msgreply.h
$(srcdir)/util/data/packed_rrset.h \
- $(srcdir)/util/data/msgencode.h $(srcdir)/util/data/dname.h
$(srcdir)/util/net_help.h $(srcdir)/util/random.h \
- $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/tube.h
$(srcdir)/services/mesh.h \
- $(srcdir)/services/modstack.h $(srcdir)/ldns/sbuffer.h \
+ $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/infra.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
$(srcdir)/util/rtt.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h
$(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgencode.h
$(srcdir)/util/data/dname.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/random.h $(srcdir)/util/fptr_wlist.h
$(srcdir)/util/module.h \
+ $(srcdir)/util/tube.h $(srcdir)/services/mesh.h $(srcdir)/services/modstack.h
$(srcdir)/ldns/sbuffer.h \
+ $(srcdir)/dnstap/dnstap.h \
alloc.lo alloc.o: $(srcdir)/util/alloc.c config.h $(srcdir)/util/alloc.h
$(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/util/regional.h $(srcdir)/util/data/packed_rrset.h
$(srcdir)/util/storage/lruhash.h \
@@ -735,8 +738,8 @@ config_file.lo config_file.o: $(srcdir)/
$(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/module.h
$(srcdir)/util/data/msgreply.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/regional.h
$(srcdir)/util/fptr_wlist.h \
$(srcdir)/util/netevent.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h
$(srcdir)/util/rbtree.h \
- $(srcdir)/services/modstack.h $(srcdir)/util/data/dname.h
$(srcdir)/ldns/wire2str.h $(srcdir)/ldns/parseutil.h \
- $(srcdir)/util/iana_ports.inc
+ $(srcdir)/services/modstack.h $(srcdir)/util/data/dname.h
$(srcdir)/util/rtt.h $(srcdir)/ldns/wire2str.h \
+ $(srcdir)/ldns/parseutil.h $(srcdir)/util/iana_ports.inc
configlexer.lo configlexer.o: util/configlexer.c config.h
$(srcdir)/util/configyyrename.h \
$(srcdir)/util/config_file.h util/configparser.h
configparser.lo configparser.o: util/configparser.c config.h
$(srcdir)/util/configyyrename.h \
@@ -746,15 +749,16 @@ fptr_wlist.lo fptr_wlist.o: $(srcdir)/ut
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h
$(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h
$(srcdir)/util/tube.h \
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h
$(srcdir)/services/modstack.h $(srcdir)/util/mini_event.h \
- $(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h
$(srcdir)/services/localzone.h \
- $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h
$(srcdir)/services/cache/rrset.h \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/dns64/dns64.h
$(srcdir)/iterator/iterator.h \
- $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_fwd.h
$(srcdir)/validator/validator.h \
- $(srcdir)/validator/val_utils.h $(srcdir)/validator/val_anchor.h
$(srcdir)/validator/val_nsec3.h \
- $(srcdir)/validator/val_sigcrypt.h $(srcdir)/validator/val_kentry.h
$(srcdir)/validator/val_neg.h \
- $(srcdir)/validator/autotrust.h $(srcdir)/util/storage/dnstree.h
$(srcdir)/libunbound/libworker.h \
- $(srcdir)/libunbound/context.h $(srcdir)/util/alloc.h
$(srcdir)/libunbound/unbound.h \
- $(srcdir)/libunbound/worker.h $(srcdir)/ldns/sbuffer.h
$(srcdir)/util/config_file.h
+ $(srcdir)/util/rbtree.h $(srcdir)/services/outside_network.h \
+ $(srcdir)/services/localzone.h $(srcdir)/services/cache/infra.h
$(srcdir)/util/rtt.h \
+ $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h
$(srcdir)/dns64/dns64.h \
+ $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h
$(srcdir)/iterator/iter_fwd.h \
+ $(srcdir)/validator/validator.h $(srcdir)/validator/val_utils.h
$(srcdir)/validator/val_anchor.h \
+ $(srcdir)/validator/val_nsec3.h $(srcdir)/validator/val_sigcrypt.h
$(srcdir)/validator/val_kentry.h \
+ $(srcdir)/validator/val_neg.h $(srcdir)/validator/autotrust.h
$(srcdir)/util/storage/dnstree.h \
+ $(srcdir)/libunbound/libworker.h $(srcdir)/libunbound/context.h
$(srcdir)/util/alloc.h \
+ $(srcdir)/libunbound/unbound.h $(srcdir)/libunbound/worker.h
$(srcdir)/ldns/sbuffer.h \
+ $(srcdir)/util/config_file.h
locks.lo locks.o: $(srcdir)/util/locks.c config.h $(srcdir)/util/locks.h
$(srcdir)/util/log.h
log.lo log.o: $(srcdir)/util/log.c config.h $(srcdir)/util/log.h
$(srcdir)/util/locks.h $(srcdir)/ldns/sbuffer.h
mini_event.lo mini_event.o: $(srcdir)/util/mini_event.c config.h
$(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h \
@@ -770,6 +774,7 @@ netevent.lo netevent.o: $(srcdir)/util/n
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h
$(srcdir)/util/data/packed_rrset.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h
$(srcdir)/util/tube.h \
$(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h
$(srcdir)/services/modstack.h $(srcdir)/ldns/sbuffer.h \
+ $(srcdir)/dnstap/dnstap.h \
$(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h
net_help.lo net_help.o: $(srcdir)/util/net_help.c config.h
$(srcdir)/util/net_help.h $(srcdir)/util/log.h \
$(srcdir)/util/data/dname.h $(srcdir)/util/storage/lruhash.h
$(srcdir)/util/locks.h $(srcdir)/util/module.h \
@@ -857,8 +862,8 @@ val_nsec.lo val_nsec.o: $(srcdir)/valida
$(srcdir)/validator/val_utils.h $(srcdir)/util/data/msgreply.h
$(srcdir)/util/data/dname.h \
$(srcdir)/util/net_help.h $(srcdir)/util/module.h
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h \
$(srcdir)/ldns/rrdef.h $(srcdir)/services/cache/rrset.h
$(srcdir)/util/storage/slabhash.h
-val_secalgo.lo val_secalgo.o: $(srcdir)/validator/val_secalgo.c config.h
$(srcdir)/validator/val_secalgo.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h
$(srcdir)/util/locks.h $(srcdir)/util/log.h \
+val_secalgo.lo val_secalgo.o: $(srcdir)/validator/val_secalgo.c config.h
$(srcdir)/util/data/packed_rrset.h \
+ $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
$(srcdir)/validator/val_secalgo.h \
$(srcdir)/ldns/rrdef.h $(srcdir)/ldns/keyraw.h \
$(srcdir)/ldns/sbuffer.h \
@@ -887,6 +892,11 @@ dns64.lo dns64.o: $(srcdir)/dns64/dns64.
$(srcdir)/util/regional.h
checklocks.lo checklocks.o: $(srcdir)/testcode/checklocks.c config.h
$(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/testcode/checklocks.h
+dnstap.lo dnstap.o: $(srcdir)/dnstap/dnstap.c config.h
$(srcdir)/ldns/sbuffer.h \
+ $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h $(srcdir)/util/log.h
$(srcdir)/util/netevent.h \
+ $(srcdir)/dnstap/dnstap.h \
+ $(srcdir)/dnstap/dnstap.pb-c.h
+dnstap.pb-c.lo dnstap.pb-c.o: $(srcdir)/dnstap/dnstap.pb-c.c
$(srcdir)/dnstap/dnstap.pb-c.h
unitanchor.lo unitanchor.o: $(srcdir)/testcode/unitanchor.c config.h
$(srcdir)/util/log.h $(srcdir)/util/data/dname.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h
$(srcdir)/testcode/unitmain.h \
$(srcdir)/validator/val_anchor.h $(srcdir)/util/rbtree.h
$(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/rrdef.h
@@ -897,7 +907,8 @@ unitlruhash.lo unitlruhash.o: $(srcdir)/
$(srcdir)/util/log.h $(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h
$(srcdir)/util/storage/slabhash.h
unitmain.lo unitmain.o: $(srcdir)/testcode/unitmain.c config.h \
$(srcdir)/ldns/rrdef.h $(srcdir)/ldns/keyraw.h \
- $(srcdir)/util/log.h $(srcdir)/testcode/unitmain.h $(srcdir)/util/alloc.h
$(srcdir)/util/locks.h $(srcdir)/util/net_help.h \
+ $(srcdir)/util/log.h \
+ $(srcdir)/testcode/unitmain.h $(srcdir)/util/alloc.h $(srcdir)/util/locks.h
$(srcdir)/util/net_help.h \
$(srcdir)/util/config_file.h $(srcdir)/util/rtt.h
$(srcdir)/services/cache/infra.h \
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/random.h
unitmsgparse.lo unitmsgparse.o: $(srcdir)/testcode/unitmsgparse.c config.h
$(srcdir)/util/log.h \
@@ -938,19 +949,21 @@ cachedump.lo cachedump.o: $(srcdir)/daem
$(srcdir)/ldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h
$(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/util/netevent.h
$(srcdir)/util/alloc.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h
$(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \
- $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h
$(srcdir)/services/cache/rrset.h \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/dns.h
$(srcdir)/services/cache/infra.h \
- $(srcdir)/util/rtt.h $(srcdir)/util/regional.h $(srcdir)/util/net_help.h
$(srcdir)/util/data/dname.h \
- $(srcdir)/iterator/iterator.h $(srcdir)/services/outbound_list.h
$(srcdir)/iterator/iter_delegpt.h \
- $(srcdir)/iterator/iter_utils.h $(srcdir)/iterator/iter_resptype.h
$(srcdir)/iterator/iter_fwd.h \
- $(srcdir)/util/rbtree.h $(srcdir)/iterator/iter_hints.h
$(srcdir)/util/storage/dnstree.h \
- $(srcdir)/ldns/wire2str.h $(srcdir)/ldns/str2wire.h
+ $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h
$(srcdir)/dnstap/dnstap.h \
+ $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h \
+ $(srcdir)/services/cache/dns.h $(srcdir)/services/cache/infra.h
$(srcdir)/util/rtt.h $(srcdir)/util/regional.h \
+ $(srcdir)/util/net_help.h $(srcdir)/util/data/dname.h
$(srcdir)/iterator/iterator.h \
+ $(srcdir)/services/outbound_list.h $(srcdir)/iterator/iter_delegpt.h
$(srcdir)/iterator/iter_utils.h \
+ $(srcdir)/iterator/iter_resptype.h $(srcdir)/iterator/iter_fwd.h
$(srcdir)/util/rbtree.h \
+ $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h
$(srcdir)/ldns/wire2str.h \
+ $(srcdir)/ldns/str2wire.h
daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \
$(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
$(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
- $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h
$(srcdir)/ldns/sbuffer.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h
$(srcdir)/util/netevent.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h
$(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \
- $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h
$(srcdir)/daemon/remote.h \
+ $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \
+ $(srcdir)/ldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h
$(srcdir)/util/storage/lruhash.h \
+ $(srcdir)/util/netevent.h $(srcdir)/util/data/msgreply.h
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h \
+ $(srcdir)/ldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h
$(srcdir)/util/module.h \
+ $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \
$(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h
$(srcdir)/util/rbtree.h \
$(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h
$(srcdir)/util/storage/slabhash.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h
$(srcdir)/services/cache/infra.h \
@@ -962,11 +975,12 @@ remote.lo remote.o: $(srcdir)/daemon/rem
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h
$(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/util/netevent.h $(srcdir)/util/alloc.h
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/daemon/stats.h
$(srcdir)/util/timehist.h $(srcdir)/util/module.h \
- $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h
$(srcdir)/daemon/cachedump.h \
- $(srcdir)/util/config_file.h $(srcdir)/util/net_help.h
$(srcdir)/services/listen_dnsport.h \
- $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h
$(srcdir)/services/cache/infra.h \
- $(srcdir)/util/rtt.h $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h
$(srcdir)/services/localzone.h \
- $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/data/dname.h
$(srcdir)/validator/validator.h \
+ $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \
+ $(srcdir)/services/modstack.h $(srcdir)/daemon/cachedump.h
$(srcdir)/util/config_file.h \
+ $(srcdir)/util/net_help.h $(srcdir)/services/listen_dnsport.h
$(srcdir)/services/cache/rrset.h \
+ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/cache/infra.h
$(srcdir)/util/rtt.h \
+ $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h
$(srcdir)/services/localzone.h $(srcdir)/util/fptr_wlist.h \
+ $(srcdir)/util/tube.h $(srcdir)/util/data/dname.h
$(srcdir)/validator/validator.h \
$(srcdir)/validator/val_utils.h $(srcdir)/validator/val_kcache.h
$(srcdir)/validator/val_kentry.h \
$(srcdir)/validator/val_anchor.h $(srcdir)/iterator/iterator.h
$(srcdir)/services/outbound_list.h \
$(srcdir)/iterator/iter_fwd.h $(srcdir)/iterator/iter_hints.h
$(srcdir)/util/storage/dnstree.h \
@@ -976,14 +990,15 @@ stats.lo stats.o: $(srcdir)/daemon/stats
$(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h
$(srcdir)/ldns/sbuffer.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h
$(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/util/netevent.h $(srcdir)/util/alloc.h
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/module.h
$(srcdir)/daemon/daemon.h \
- $(srcdir)/services/modstack.h $(srcdir)/services/mesh.h
$(srcdir)/util/rbtree.h \
- $(srcdir)/services/outside_network.h $(srcdir)/util/config_file.h
$(srcdir)/util/tube.h \
- $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h
$(srcdir)/validator/val_utils.h \
- $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h
$(srcdir)/services/cache/infra.h \
- $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h
+ $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/module.h
$(srcdir)/dnstap/dnstap.h \
+ $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \
+ $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h
$(srcdir)/services/outside_network.h \
+ $(srcdir)/util/config_file.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h
$(srcdir)/validator/validator.h \
+ $(srcdir)/validator/val_utils.h $(srcdir)/services/cache/rrset.h
$(srcdir)/util/storage/slabhash.h \
+ $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h
$(srcdir)/validator/val_kcache.h
unbound.lo unbound.o: $(srcdir)/daemon/unbound.c config.h $(srcdir)/util/log.h
$(srcdir)/daemon/daemon.h \
- $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h
$(srcdir)/daemon/remote.h \
+ $(srcdir)/util/locks.h $(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
+ $(srcdir)/daemon/remote.h \
$(srcdir)/util/config_file.h $(srcdir)/util/storage/slabhash.h
$(srcdir)/util/storage/lruhash.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/util/netevent.h
$(srcdir)/services/cache/rrset.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h
$(srcdir)/util/rtt.h \
@@ -996,7 +1011,8 @@ worker.lo worker.o: $(srcdir)/daemon/wor
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h
$(srcdir)/util/locks.h \
$(srcdir)/util/netevent.h $(srcdir)/util/alloc.h
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/daemon/stats.h
$(srcdir)/util/timehist.h $(srcdir)/util/module.h \
- $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h
$(srcdir)/daemon/remote.h \
+ $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \
+ $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \
$(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h
$(srcdir)/util/rbtree.h \
$(srcdir)/util/config_file.h $(srcdir)/util/regional.h
$(srcdir)/util/storage/slabhash.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \
@@ -1011,9 +1027,10 @@ testbound.lo testbound.o: $(srcdir)/test
$(srcdir)/daemon/remote.h \
$(srcdir)/util/config_file.h $(srcdir)/ldns/keyraw.h
$(srcdir)/daemon/unbound.c $(srcdir)/util/log.h \
$(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/alloc.h
$(srcdir)/services/modstack.h \
- $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h
$(srcdir)/services/listen_dnsport.h \
- $(srcdir)/services/cache/rrset.h $(srcdir)/util/data/packed_rrset.h
$(srcdir)/services/cache/infra.h \
- $(srcdir)/util/rtt.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h
$(srcdir)/util/data/msgreply.h \
+ $(srcdir)/util/storage/slabhash.h $(srcdir)/util/storage/lruhash.h \
+ $(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h \
+ $(srcdir)/util/data/packed_rrset.h $(srcdir)/services/cache/infra.h
$(srcdir)/util/rtt.h \
+ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h
$(srcdir)/util/data/msgreply.h \
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h
$(srcdir)/util/tube.h \
$(srcdir)/services/mesh.h $(srcdir)/util/net_help.h
$(srcdir)/util/mini_event.h $(srcdir)/util/rbtree.h
testpkts.lo testpkts.o: $(srcdir)/testcode/testpkts.c config.h
$(srcdir)/testcode/testpkts.h \
@@ -1024,7 +1041,8 @@ worker.lo worker.o: $(srcdir)/daemon/wor
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h
$(srcdir)/util/locks.h \
$(srcdir)/util/netevent.h $(srcdir)/util/alloc.h
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \
$(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/daemon/stats.h
$(srcdir)/util/timehist.h $(srcdir)/util/module.h \
- $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h
$(srcdir)/daemon/remote.h \
+ $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/daemon.h \
+ $(srcdir)/services/modstack.h $(srcdir)/daemon/remote.h \
$(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h
$(srcdir)/util/rbtree.h \
$(srcdir)/util/config_file.h $(srcdir)/util/regional.h
$(srcdir)/util/storage/slabhash.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/outside_network.h \
@@ -1039,10 +1057,11 @@ acl_list.lo acl_list.o: $(srcdir)/daemon
$(srcdir)/util/config_file.h $(srcdir)/util/net_help.h
daemon.lo daemon.o: $(srcdir)/daemon/daemon.c config.h \
$(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
$(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
- $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h
$(srcdir)/ldns/sbuffer.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h
$(srcdir)/util/netevent.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h
$(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \
- $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h
$(srcdir)/daemon/remote.h \
+ $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \
+ $(srcdir)/ldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h
$(srcdir)/util/storage/lruhash.h \
+ $(srcdir)/util/netevent.h $(srcdir)/util/data/msgreply.h
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h \
+ $(srcdir)/ldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h
$(srcdir)/util/module.h \
+ $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \
$(srcdir)/daemon/acl_list.h $(srcdir)/util/storage/dnstree.h
$(srcdir)/util/rbtree.h \
$(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h
$(srcdir)/util/storage/slabhash.h \
$(srcdir)/services/listen_dnsport.h $(srcdir)/services/cache/rrset.h
$(srcdir)/services/cache/infra.h \
@@ -1052,12 +1071,12 @@ stats.lo stats.o: $(srcdir)/daemon/stats
$(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h
$(srcdir)/ldns/sbuffer.h \
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h
$(srcdir)/util/locks.h $(srcdir)/util/log.h \
$(srcdir)/util/netevent.h $(srcdir)/util/alloc.h
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h \
- $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/module.h
$(srcdir)/daemon/daemon.h \
- $(srcdir)/services/modstack.h $(srcdir)/services/mesh.h
$(srcdir)/util/rbtree.h \
- $(srcdir)/services/outside_network.h $(srcdir)/util/config_file.h
$(srcdir)/util/tube.h \
- $(srcdir)/util/net_help.h $(srcdir)/validator/validator.h
$(srcdir)/validator/val_utils.h \
- $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h
$(srcdir)/services/cache/infra.h \
- $(srcdir)/util/rtt.h $(srcdir)/validator/val_kcache.h
+ $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h $(srcdir)/util/module.h
$(srcdir)/dnstap/dnstap.h \
+ $(srcdir)/daemon/daemon.h $(srcdir)/services/modstack.h \
+ $(srcdir)/services/mesh.h $(srcdir)/util/rbtree.h
$(srcdir)/services/outside_network.h \
+ $(srcdir)/util/config_file.h $(srcdir)/util/tube.h $(srcdir)/util/net_help.h
$(srcdir)/validator/validator.h \
+ $(srcdir)/validator/val_utils.h $(srcdir)/services/cache/rrset.h
$(srcdir)/util/storage/slabhash.h \
+ $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h
$(srcdir)/validator/val_kcache.h
replay.lo replay.o: $(srcdir)/testcode/replay.c config.h $(srcdir)/util/log.h
$(srcdir)/util/net_help.h \
$(srcdir)/util/config_file.h $(srcdir)/testcode/replay.h
$(srcdir)/util/netevent.h $(srcdir)/testcode/testpkts.h \
$(srcdir)/util/rbtree.h $(srcdir)/testcode/fake_event.h
$(srcdir)/ldns/str2wire.h $(srcdir)/ldns/rrdef.h
@@ -1066,10 +1085,10 @@ fake_event.lo fake_event.o: $(srcdir)/te
$(srcdir)/util/storage/lruhash.h $(srcdir)/util/locks.h
$(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \
$(srcdir)/util/data/msgreply.h $(srcdir)/util/data/packed_rrset.h
$(srcdir)/util/data/msgencode.h \
$(srcdir)/util/data/dname.h $(srcdir)/util/config_file.h
$(srcdir)/services/listen_dnsport.h \
- $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h
$(srcdir)/services/cache/infra.h \
- $(srcdir)/util/rtt.h $(srcdir)/testcode/replay.h
$(srcdir)/testcode/testpkts.h $(srcdir)/util/fptr_wlist.h \
- $(srcdir)/util/module.h $(srcdir)/util/tube.h $(srcdir)/services/mesh.h
$(srcdir)/services/modstack.h \
- $(srcdir)/ldns/sbuffer.h $(srcdir)/ldns/wire2str.h $(srcdir)/ldns/str2wire.h
+ $(srcdir)/services/outside_network.h $(srcdir)/util/rbtree.h \
+ $(srcdir)/services/cache/infra.h $(srcdir)/util/rtt.h
$(srcdir)/testcode/replay.h $(srcdir)/testcode/testpkts.h \
+ $(srcdir)/util/fptr_wlist.h $(srcdir)/util/module.h $(srcdir)/util/tube.h
$(srcdir)/services/mesh.h \
+ $(srcdir)/services/modstack.h $(srcdir)/ldns/sbuffer.h
$(srcdir)/ldns/wire2str.h $(srcdir)/ldns/str2wire.h
lock_verify.lo lock_verify.o: $(srcdir)/testcode/lock_verify.c config.h
$(srcdir)/util/log.h $(srcdir)/util/rbtree.h \
$(srcdir)/util/locks.h $(srcdir)/util/fptr_wlist.h $(srcdir)/util/netevent.h
$(srcdir)/util/storage/lruhash.h \
$(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h
$(srcdir)/util/data/packed_rrset.h \
@@ -1121,13 +1140,14 @@ libworker.lo libworker.o: $(srcdir)/libu
$(srcdir)/util/locks.h $(srcdir)/util/log.h $(srcdir)/libunbound/context.h
$(srcdir)/util/alloc.h $(srcdir)/util/rbtree.h \
$(srcdir)/services/modstack.h $(srcdir)/libunbound/unbound.h
$(srcdir)/libunbound/worker.h \
$(srcdir)/ldns/sbuffer.h $(srcdir)/libunbound/unbound-event.h
$(srcdir)/services/outside_network.h \
- $(srcdir)/util/netevent.h $(srcdir)/services/mesh.h
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h \
- $(srcdir)/ldns/rrdef.h $(srcdir)/util/module.h $(srcdir)/util/data/msgreply.h
$(srcdir)/services/localzone.h \
- $(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h
$(srcdir)/services/outbound_list.h \
- $(srcdir)/util/fptr_wlist.h $(srcdir)/util/tube.h $(srcdir)/util/regional.h
$(srcdir)/util/random.h \
- $(srcdir)/util/config_file.h $(srcdir)/util/storage/lookup3.h
$(srcdir)/util/net_help.h \
- $(srcdir)/util/data/dname.h $(srcdir)/util/data/msgencode.h
$(srcdir)/iterator/iter_fwd.h \
- $(srcdir)/iterator/iter_hints.h $(srcdir)/util/storage/dnstree.h
$(srcdir)/ldns/str2wire.h
+ $(srcdir)/util/netevent.h $(srcdir)/services/mesh.h \
+ $(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h
$(srcdir)/util/module.h \
+ $(srcdir)/util/data/msgreply.h $(srcdir)/services/localzone.h
$(srcdir)/services/cache/rrset.h \
+ $(srcdir)/util/storage/slabhash.h $(srcdir)/services/outbound_list.h
$(srcdir)/util/fptr_wlist.h \
+ $(srcdir)/util/tube.h $(srcdir)/util/regional.h $(srcdir)/util/random.h
$(srcdir)/util/config_file.h \
+ $(srcdir)/util/storage/lookup3.h $(srcdir)/util/net_help.h
$(srcdir)/util/data/dname.h \
+ $(srcdir)/util/data/msgencode.h $(srcdir)/iterator/iter_fwd.h
$(srcdir)/iterator/iter_hints.h \
+ $(srcdir)/util/storage/dnstree.h $(srcdir)/ldns/str2wire.h
unbound-host.lo unbound-host.o: $(srcdir)/smallapp/unbound-host.c config.h
$(srcdir)/libunbound/unbound.h \
$(srcdir)/ldns/rrdef.h $(srcdir)/ldns/wire2str.h
asynclook.lo asynclook.o: $(srcdir)/testcode/asynclook.c config.h
$(srcdir)/libunbound/unbound.h \
@@ -1147,7 +1167,8 @@ perf.lo perf.o: $(srcdir)/testcode/perf.
delayer.lo delayer.o: $(srcdir)/testcode/delayer.c config.h
$(srcdir)/util/net_help.h $(srcdir)/util/log.h \
$(srcdir)/util/config_file.h $(srcdir)/ldns/sbuffer.h
unbound-control.lo unbound-control.o: $(srcdir)/smallapp/unbound-control.c
config.h \
- $(srcdir)/util/log.h $(srcdir)/util/config_file.h $(srcdir)/util/locks.h
$(srcdir)/util/net_help.h
+ $(srcdir)/util/log.h \
+ $(srcdir)/util/config_file.h $(srcdir)/util/locks.h $(srcdir)/util/net_help.h
unbound-anchor.lo unbound-anchor.o: $(srcdir)/smallapp/unbound-anchor.c
config.h $(srcdir)/libunbound/unbound.h \
$(srcdir)/ldns/rrdef.h \
@@ -1158,13 +1179,14 @@ pythonmod_utils.lo pythonmod_utils.o: $(
$(srcdir)/util/data/packed_rrset.h $(srcdir)/util/data/msgparse.h
$(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \
$(srcdir)/util/netevent.h $(srcdir)/util/net_help.h
$(srcdir)/services/cache/dns.h \
$(srcdir)/services/cache/rrset.h $(srcdir)/util/storage/slabhash.h
$(srcdir)/util/regional.h \
- $(srcdir)/ldns/sbuffer.h
+ $(srcdir)/iterator/iter_delegpt.h $(srcdir)/ldns/sbuffer.h
win_svc.lo win_svc.o: $(srcdir)/winrc/win_svc.c config.h
$(srcdir)/winrc/win_svc.h $(srcdir)/winrc/w_inst.h \
$(srcdir)/daemon/daemon.h $(srcdir)/util/locks.h $(srcdir)/util/log.h
$(srcdir)/util/alloc.h $(srcdir)/services/modstack.h \
- $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h
$(srcdir)/ldns/sbuffer.h \
- $(srcdir)/util/data/packed_rrset.h $(srcdir)/util/storage/lruhash.h
$(srcdir)/util/netevent.h \
- $(srcdir)/util/data/msgreply.h $(srcdir)/util/data/msgparse.h
$(srcdir)/ldns/pkthdr.h $(srcdir)/ldns/rrdef.h \
- $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h $(srcdir)/util/module.h
$(srcdir)/daemon/remote.h \
+ $(srcdir)/daemon/worker.h $(srcdir)/libunbound/worker.h \
+ $(srcdir)/ldns/sbuffer.h $(srcdir)/util/data/packed_rrset.h
$(srcdir)/util/storage/lruhash.h \
+ $(srcdir)/util/netevent.h $(srcdir)/util/data/msgreply.h
$(srcdir)/util/data/msgparse.h $(srcdir)/ldns/pkthdr.h \
+ $(srcdir)/ldns/rrdef.h $(srcdir)/daemon/stats.h $(srcdir)/util/timehist.h
$(srcdir)/util/module.h \
+ $(srcdir)/dnstap/dnstap.h $(srcdir)/daemon/remote.h \
$(srcdir)/util/config_file.h $(srcdir)/util/winsock_event.h
w_inst.lo w_inst.o: $(srcdir)/winrc/w_inst.c config.h $(srcdir)/winrc/w_inst.h
$(srcdir)/winrc/win_svc.h
unbound-service-install.lo unbound-service-install.o:
$(srcdir)/winrc/unbound-service-install.c config.h \
Index: usr.sbin/unbound/config.h.in
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/config.h.in,v
retrieving revision 1.1.1.7
diff -u -p -r1.1.1.7 config.h.in
--- usr.sbin/unbound/config.h.in 11 Dec 2014 16:17:58 -0000 1.1.1.7
+++ usr.sbin/unbound/config.h.in 17 Feb 2015 00:53:05 -0000
@@ -42,7 +42,7 @@
/* Whether the C compiler accepts the "unused" attribute */
#undef HAVE_ATTR_UNUSED
-/* Define to 1 if your system has a working `chown' function. */
+/* Define to 1 if you have the `chown' function. */
#undef HAVE_CHOWN
/* Define to 1 if you have the `chroot' function. */
@@ -146,6 +146,9 @@
/* Whether getaddrinfo is available */
#undef HAVE_GETADDRINFO
+/* Define to 1 if you have the `getauxval' function. */
+#undef HAVE_GETAUXVAL
+
/* Define to 1 if you have the `getentropy' function. */
#undef HAVE_GETENTROPY
@@ -350,6 +353,9 @@
/* Define to 1 if `ipi_spec_dst' is a member of `struct in_pktinfo'. */
#undef HAVE_STRUCT_IN_PKTINFO_IPI_SPEC_DST
+/* Define to 1 if `sun_len' is a member of `struct sockaddr_un'. */
+#undef HAVE_STRUCT_SOCKADDR_UN_SUN_LEN
+
/* Define if you have Swig libraries and header files. */
#undef HAVE_SWIG
@@ -380,6 +386,9 @@
/* Define to 1 if you have the <sys/uio.h> header file. */
#undef HAVE_SYS_UIO_H
+/* Define to 1 if you have the <sys/un.h> header file. */
+#undef HAVE_SYS_UN_H
+
/* Define to 1 if you have the <sys/wait.h> header file. */
#undef HAVE_SYS_WAIT_H
@@ -791,6 +800,10 @@
#define ARG_LL "%ll"
#else
#define ARG_LL "%I64"
+#endif
+
+#ifndef AF_LOCAL
+#define AF_LOCAL AF_UNIX
#endif
Index: usr.sbin/unbound/configure
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/configure,v
retrieving revision 1.12
diff -u -p -r1.12 configure
--- usr.sbin/unbound/configure 5 Jan 2015 13:27:33 -0000 1.12
+++ usr.sbin/unbound/configure 17 Feb 2015 00:53:06 -0000
@@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.69 for unbound 1.5.1.
+# Generated by GNU Autoconf 2.69 for unbound 1.5.2.
#
# Report bugs to <[email protected]>.
#
@@ -590,8 +590,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='unbound'
PACKAGE_TARNAME='unbound'
-PACKAGE_VERSION='1.5.1'
-PACKAGE_STRING='unbound 1.5.1'
+PACKAGE_VERSION='1.5.2'
+PACKAGE_STRING='unbound 1.5.2'
PACKAGE_BUGREPORT='[email protected]'
PACKAGE_URL=''
@@ -1388,7 +1388,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures unbound 1.5.1 to adapt to many kinds of systems.
+\`configure' configures unbound 1.5.2 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1453,7 +1453,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of unbound 1.5.1:";;
+ short | recursive ) echo "Configuration of unbound 1.5.2:";;
esac
cat <<\_ACEOF
@@ -1628,7 +1628,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-unbound configure 1.5.1
+unbound configure 1.5.2
generated by GNU Autoconf 2.69
Copyright (C) 2012 Free Software Foundation, Inc.
@@ -2337,7 +2337,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by unbound $as_me 1.5.1, which was
+It was created by unbound $as_me 1.5.2, which was
generated by GNU Autoconf 2.69. Invocation command line was
$ $0 $@
@@ -2689,11 +2689,11 @@ UNBOUND_VERSION_MAJOR=1
UNBOUND_VERSION_MINOR=5
-UNBOUND_VERSION_MICRO=1
+UNBOUND_VERSION_MICRO=2
LIBUNBOUND_CURRENT=5
-LIBUNBOUND_REVISION=3
+LIBUNBOUND_REVISION=5
LIBUNBOUND_AGE=3
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@@ -2733,7 +2733,8 @@ LIBUNBOUND_AGE=3
# 1.4.21 had 4:1:2
# 1.4.22 had 4:1:2
# 1.5.0 had 5:3:3 # adds ub_ctx_add_ta_autr
-# 1.5.1 had 5:4:3
+# 1.5.1 had 5:3:3
+# 1.5.2 had 5:5:3
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
@@ -13738,7 +13739,7 @@ CC="$lt_save_CC"
# Checks for header files.
-for ac_header in stdarg.h stdbool.h netinet/in.h sys/param.h sys/socket.h
sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h
grp.h login_cap.h winsock2.h ws2tcpip.h endian.h
+for ac_header in stdarg.h stdbool.h netinet/in.h sys/param.h sys/socket.h
sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h
glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h
do :
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header"
"$ac_includes_default
@@ -17845,6 +17846,22 @@ fi
fi
+ac_fn_c_check_member "$LINENO" "struct sockaddr_un" "sun_len"
"ac_cv_member_struct_sockaddr_un_sun_len" "
+$ac_includes_default
+#ifdef HAVE_SYS_UN_H
+#include <sys/un.h>
+#endif
+
+"
+if test "x$ac_cv_member_struct_sockaddr_un_sun_len" = xyes; then :
+
+cat >>confdefs.h <<_ACEOF
+#define HAVE_STRUCT_SOCKADDR_UN_SUN_LEN 1
+_ACEOF
+
+
+fi
+
ac_fn_c_check_member "$LINENO" "struct in_pktinfo" "ipi_spec_dst"
"ac_cv_member_struct_in_pktinfo_ipi_spec_dst" "
$ac_includes_default
#if HAVE_SYS_PARAM_H
@@ -17941,7 +17958,7 @@ if test "$ac_res" != no; then :
fi
-for ac_func in tzset sigprocmask fcntl getpwnam getrlimit setrlimit setsid
sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev socketpair
glob initgroups strftime localtime_r setusercontext _beginthreadex endservent
endprotoent
+for ac_func in tzset sigprocmask fcntl getpwnam getrlimit setrlimit setsid
sbrk chroot kill chown sleep usleep random srandom recvmsg sendmsg writev
socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex
endservent endprotoent
do :
as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh`
ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var"
@@ -18280,6 +18297,17 @@ fi
done
+ for ac_func in getauxval
+do :
+ ac_fn_c_check_func "$LINENO" "getauxval" "ac_cv_func_getauxval"
+if test "x$ac_cv_func_getauxval" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_GETAUXVAL 1
+_ACEOF
+
+fi
+done
+
{ $as_echo "$as_me:${as_lineno-$LINENO}:
checking for library containing clock_gettime" >&5
$as_echo_n "checking for library containing clock_gettime... " >&6; }
if ${ac_cv_search_clock_gettime+:} false; then :
@@ -18777,7 +18805,7 @@ _ACEOF
-version=1.5.1
+version=1.5.2
date=`date +'%b %e, %Y'`
@@ -19292,7 +19320,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_wri
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by unbound $as_me 1.5.1, which was
+This file was extended by unbound $as_me 1.5.2, which was
generated by GNU Autoconf 2.69. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -19358,7 +19386,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //;
s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-unbound config.status 1.5.1
+unbound config.status 1.5.2
configured by $0, generated by GNU Autoconf 2.69,
with options \\"\$ac_cs_config\\"
Index: usr.sbin/unbound/configure.ac
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/configure.ac,v
retrieving revision 1.12
diff -u -p -r1.12 configure.ac
--- usr.sbin/unbound/configure.ac 5 Jan 2015 13:27:28 -0000 1.12
+++ usr.sbin/unbound/configure.ac 17 Feb 2015 00:53:06 -0000
@@ -10,14 +10,14 @@ sinclude(dnstap/dnstap.m4)
# must be numbers. ac_defun because of later processing
m4_define([VERSION_MAJOR],[1])
m4_define([VERSION_MINOR],[5])
-m4_define([VERSION_MICRO],[1])
+m4_define([VERSION_MICRO],[2])
AC_INIT(unbound,
m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]),
[email protected], unbound)
AC_SUBST(UNBOUND_VERSION_MAJOR, [VERSION_MAJOR])
AC_SUBST(UNBOUND_VERSION_MINOR, [VERSION_MINOR])
AC_SUBST(UNBOUND_VERSION_MICRO, [VERSION_MICRO])
LIBUNBOUND_CURRENT=5
-LIBUNBOUND_REVISION=3
+LIBUNBOUND_REVISION=5
LIBUNBOUND_AGE=3
# 1.0.0 had 0:12:0
# 1.0.1 had 0:13:0
@@ -57,7 +57,8 @@ LIBUNBOUND_AGE=3
# 1.4.21 had 4:1:2
# 1.4.22 had 4:1:2
# 1.5.0 had 5:3:3 # adds ub_ctx_add_ta_autr
-# 1.5.1 had 5:4:3
+# 1.5.1 had 5:3:3
+# 1.5.2 had 5:5:3
# Current -- the number of the binary API that we're implementing
# Revision -- which iteration of the implementation of the binary
@@ -118,7 +119,7 @@ AC_ARG_WITH([conf_file],
AC_SUBST(ub_conf_file)
ACX_ESCAPE_BACKSLASH($ub_conf_file, hdr_config)
AC_DEFINE_UNQUOTED(CONFIGFILE, ["$hdr_config"], [Pathname to the Unbound
configuration file])
-ub_conf_dir=`AS_DIRNAME(["$ub_conf_file"])`
+ub_conf_dir=`AS_DIRNAME(["$ub_conf_file"])`
AC_SUBST(ub_conf_dir)
# Determine run, chroot directory and pidfile locations
@@ -268,7 +269,7 @@ AC_CHECK_TOOL(STRIP, strip)
ACX_LIBTOOL_C_ONLY
# Checks for header files.
-AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h sys/param.h sys/socket.h
sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h glob.h
grp.h login_cap.h winsock2.h ws2tcpip.h endian.h],,, [AC_INCLUDES_DEFAULT])
+AC_CHECK_HEADERS([stdarg.h stdbool.h netinet/in.h sys/param.h sys/socket.h
sys/un.h sys/uio.h sys/resource.h arpa/inet.h syslog.h netdb.h sys/wait.h pwd.h
glob.h grp.h login_cap.h winsock2.h ws2tcpip.h endian.h],,,
[AC_INCLUDES_DEFAULT])
# check for types.
# Using own tests for int64* because autoconf builtin only give 32bit.
@@ -940,6 +941,12 @@ if test $ac_cv_func_daemon = yes; then
])
fi
+AC_CHECK_MEMBERS([struct sockaddr_un.sun_len],,,[
+AC_INCLUDES_DEFAULT
+#ifdef HAVE_SYS_UN_H
+#include <sys/un.h>
+#endif
+])
AC_CHECK_MEMBERS([struct in_pktinfo.ipi_spec_dst],,,[
AC_INCLUDES_DEFAULT
#if HAVE_SYS_PARAM_H
@@ -971,7 +978,7 @@ AC_INCLUDES_DEFAULT
#endif
])
AC_SEARCH_LIBS([setusercontext], [util])
-AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam getrlimit setrlimit setsid
sbrk chroot kill sleep usleep random srandom recvmsg sendmsg writev socketpair
glob initgroups strftime localtime_r setusercontext _beginthreadex endservent
endprotoent])
+AC_CHECK_FUNCS([tzset sigprocmask fcntl getpwnam getrlimit setrlimit setsid
sbrk chroot kill chown sleep usleep random srandom recvmsg sendmsg writev
socketpair glob initgroups strftime localtime_r setusercontext _beginthreadex
endservent endprotoent])
AC_CHECK_FUNCS([setresuid],,[AC_CHECK_FUNCS([setreuid])])
AC_CHECK_FUNCS([setresgid],,[AC_CHECK_FUNCS([setregid])])
@@ -1022,6 +1029,7 @@ if test "$USE_NSS" = "no"; then
AC_LIBOBJ(sha512)
])
AC_CHECK_HEADERS([sys/sysctl.h],,,
[AC_INCLUDES_DEFAULT])
+ AC_CHECK_FUNCS([getauxval])
AC_SEARCH_LIBS([clock_gettime], [rt])
;;
esac
@@ -1206,6 +1214,10 @@ dnl includes
#define ARG_LL "%ll"
#else
#define ARG_LL "%I64"
+#endif
+
+#ifndef AF_LOCAL
+#define AF_LOCAL AF_UNIX
#endif
]
Index: usr.sbin/unbound/daemon/remote.c
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/daemon/remote.c,v
retrieving revision 1.9
diff -u -p -r1.9 remote.c
--- usr.sbin/unbound/daemon/remote.c 11 Dec 2014 16:26:58 -0000 1.9
+++ usr.sbin/unbound/daemon/remote.c 17 Feb 2015 00:53:07 -0000
@@ -46,6 +46,10 @@
#ifdef HAVE_OPENSSL_ERR_H
#include <openssl/err.h>
#endif
+#ifndef HEADER_DH_H
+#include <openssl/dh.h>
+#endif
+
#include <ctype.h>
#include "daemon/remote.h"
#include "daemon/worker.h"
@@ -82,6 +86,9 @@
#ifdef HAVE_SYS_TYPES_H
# include <sys/types.h>
#endif
+#ifdef HAVE_SYS_STAT_H
+#include <sys/stat.h>
+#endif
#ifdef HAVE_NETDB_H
#include <netdb.h>
#endif
@@ -131,6 +138,41 @@ timeval_divide(struct timeval* avg, cons
#endif
}
+/*
+ * The following function was generated using the openssl utility, using
+ * the command : "openssl dhparam -dsaparam -C 512"
+ */
+#ifndef S_SPLINT_S
+DH *get_dh512()
+{
+ static unsigned char dh512_p[]={
+ 0xC9,0xD7,0x05,0xDA,0x5F,0xAB,0x14,0xE8,0x11,0x56,0x77,0x85,
+ 0xB1,0x24,0x2C,0x95,0x60,0xEA,0xE2,0x10,0x6F,0x0F,0x84,0xEC,
+ 0xF4,0x45,0xE8,0x90,0x7A,0xA7,0x03,0xFF,0x5B,0x88,0x53,0xDE,
+ 0xC4,0xDE,0xBC,0x42,0x78,0x71,0x23,0x7E,0x24,0xA5,0x5E,0x4E,
+ 0xEF,0x6F,0xFF,0x5F,0xAF,0xBE,0x8A,0x77,0x62,0xB4,0x65,0x82,
+ 0x7E,0xC9,0xED,0x2F,
+ };
+ static unsigned char dh512_g[]={
+ 0x8D,0x3A,0x52,0xBC,0x8A,0x71,0x94,0x33,0x2F,0xE1,0xE8,0x4C,
+ 0x73,0x47,0x03,0x4E,0x7D,0x40,0xE5,0x84,0xA0,0xB5,0x6D,0x10,
+ 0x6F,0x90,0x43,0x05,0x1A,0xF9,0x0B,0x6A,0xD1,0x2A,0x9C,0x25,
+ 0x0A,0xB9,0xD1,0x14,0xDC,0x35,0x1C,0x48,0x7C,0xC6,0x0C,0x6D,
+ 0x32,0x1D,0xD3,0xC8,0x10,0xA8,0x82,0x14,0xA2,0x1C,0xF4,0x53,
+ 0x23,0x3B,0x1C,0xB9,
+ };
+ DH *dh;
+
+ if ((dh=DH_new()) == NULL) return(NULL);
+ dh->p=BN_bin2bn(dh512_p,sizeof(dh512_p),NULL);
+ dh->g=BN_bin2bn(dh512_g,sizeof(dh512_g),NULL);
+ if ((dh->p == NULL) || (dh->g == NULL))
+ { DH_free(dh); return(NULL); }
+ dh->length = 160;
+ return(dh);
+}
+#endif /* SPLINT */
+
struct daemon_remote*
daemon_remote_create(struct config_file* cfg)
{
@@ -165,6 +207,24 @@ daemon_remote_create(struct config_file*
daemon_remote_delete(rc);
return NULL;
}
+
+ if (cfg->remote_control_use_cert == 0) {
+ /* No certificates are requested */
+ if(!SSL_CTX_set_cipher_list(rc->ctx, "aNULL")) {
+ log_crypto_err("Failed to set aNULL cipher list");
+ return NULL;
+ }
+
+ /* Since we have no certificates and hence no source of
+ * DH params, let's generate and set them
+ */
+ if(!SSL_CTX_set_tmp_dh(rc->ctx,get_dh512())) {
+ log_crypto_err("Wanted to set DH param, but failed");
+ return NULL;
+ }
+ return rc;
+ }
+ rc->use_cert = 1;
s_cert = fname_after_chroot(cfg->server_cert_file, cfg, 1);
s_key = fname_after_chroot(cfg->server_key_file, cfg, 1);
if(!s_cert || !s_key) {
@@ -241,10 +301,12 @@ void daemon_remote_delete(struct daemon_
* @param nr: port nr
* @param list: list head
* @param noproto_is_err: if lack of protocol support is an error.
+ * @param cfg: config with username for chown of unix-sockets.
* @return false on failure.
*/
static int
-add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err)
+add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err,
+ struct config_file* cfg)
{
struct addrinfo hints;
struct addrinfo* res;
@@ -255,29 +317,50 @@ add_open(const char* ip, int nr, struct
snprintf(port, sizeof(port), "%d", nr);
port[sizeof(port)-1]=0;
memset(&hints, 0, sizeof(hints));
- hints.ai_socktype = SOCK_STREAM;
- hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST;
- if((r = getaddrinfo(ip, port, &hints, &res)) != 0 || !res) {
-#ifdef USE_WINSOCK
- if(!noproto_is_err && r == EAI_NONAME) {
- /* tried to lookup the address as name */
- return 1; /* return success, but do nothing */
+
+ if(ip[0] == '/') {
+ /* This looks like a local socket */
+ fd = create_local_accept_sock(ip, &noproto);
+ /*
+ * Change socket ownership and permissions so users other
+ * than root can access it provided they are in the same
+ * group as the user we run as.
+ */
+ if(fd != -1) {
+#ifdef HAVE_CHOWN
+ if (cfg->username && cfg->username[0])
+ chown(ip, cfg->uid, cfg->gid);
+ chmod(ip, (mode_t)(S_IRUSR | S_IWUSR | S_IRGRP |
S_IWGRP));
+#else
+ (void)cfg;
+#endif
}
+ } else {
+ hints.ai_socktype = SOCK_STREAM;
+ hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST;
+ if((r = getaddrinfo(ip, port, &hints, &res)) != 0 || !res) {
+#ifdef USE_WINSOCK
+ if(!noproto_is_err && r == EAI_NONAME) {
+ /* tried to lookup the address as name */
+ return 1; /* return success, but do nothing */
+ }
#endif /* USE_WINSOCK */
- log_err("control interface %s:%s getaddrinfo: %s %s",
- ip?ip:"default", port, gai_strerror(r),
+ log_err("control interface %s:%s getaddrinfo: %s %s",
+ ip?ip:"default", port, gai_strerror(r),
#ifdef EAI_SYSTEM
- r==EAI_SYSTEM?(char*)strerror(errno):""
+ r==EAI_SYSTEM?(char*)strerror(errno):""
#else
- ""
+ ""
#endif
);
- return 0;
+ return 0;
+ }
+
+ /* open fd */
+ fd = create_tcp_accept_sock(res, 1, &noproto, 0);
+ freeaddrinfo(res);
}
- /* open fd */
- fd = create_tcp_accept_sock(res, 1, &noproto, 0);
- freeaddrinfo(res);
if(fd == -1 && noproto) {
if(!noproto_is_err)
return 1; /* return success, but do nothing */
@@ -314,7 +397,7 @@ struct listen_port* daemon_remote_open_p
if(cfg->control_ifs) {
struct config_strlist* p;
for(p = cfg->control_ifs; p; p = p->next) {
- if(!add_open(p->str, cfg->control_port, &l, 1)) {
+ if(!add_open(p->str, cfg->control_port, &l, 1, cfg)) {
listening_ports_free(l);
return NULL;
}
@@ -322,12 +405,12 @@ struct listen_port* daemon_remote_open_p
} else {
/* defaults */
if(cfg->do_ip6 &&
- !add_open("::1", cfg->control_port, &l, 0)) {
+ !add_open("::1", cfg->control_port, &l, 0, cfg)) {
listening_ports_free(l);
return NULL;
}
if(cfg->do_ip4 &&
- !add_open("127.0.0.1", cfg->control_port, &l, 1)) {
+ !add_open("127.0.0.1", cfg->control_port, &l, 1, cfg)) {
listening_ports_free(l);
return NULL;
}
@@ -2434,7 +2517,9 @@ int remote_control_callback(struct comm_
s->shake_state = rc_none;
/* once handshake has completed, check authentication */
- if(SSL_get_verify_result(s->ssl) == X509_V_OK) {
+ if (!rc->use_cert) {
+ verbose(VERB_ALGO, "unauthenticated remote control connection");
+ } else if(SSL_get_verify_result(s->ssl) == X509_V_OK) {
X509* x = SSL_get_peer_certificate(s->ssl);
if(!x) {
verbose(VERB_DETAIL, "remote control connection "
Index: usr.sbin/unbound/daemon/remote.h
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/daemon/remote.h,v
retrieving revision 1.5
diff -u -p -r1.5 remote.h
--- usr.sbin/unbound/daemon/remote.h 20 Nov 2014 00:11:14 -0000 1.5
+++ usr.sbin/unbound/daemon/remote.h 17 Feb 2015 00:53:07 -0000
@@ -89,6 +89,8 @@ struct daemon_remote {
struct worker* worker;
/** commpoints for accepting remote control connections */
struct listen_list* accept_list;
+ /* if certificates are used */
+ int use_cert;
/** number of active commpoints that are handling remote control */
int active;
/** max active commpoints */
Index: usr.sbin/unbound/daemon/unbound.c
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/daemon/unbound.c,v
retrieving revision 1.7
diff -u -p -r1.7 unbound.c
--- usr.sbin/unbound/daemon/unbound.c 20 Nov 2014 01:15:19 -0000 1.7
+++ usr.sbin/unbound/daemon/unbound.c 17 Feb 2015 00:53:07 -0000
@@ -443,18 +443,10 @@ perform_setup(struct daemon* daemon, str
{
#ifdef HAVE_GETPWNAM
struct passwd *pwd = NULL;
- uid_t uid;
- gid_t gid;
- /* initialize, but not to 0 (root) */
- memset(&uid, 112, sizeof(uid));
- memset(&gid, 112, sizeof(gid));
- log_assert(cfg);
if(cfg->username && cfg->username[0]) {
if((pwd = getpwnam(cfg->username)) == NULL)
fatal_exit("user '%s' does not exist.", cfg->username);
- uid = pwd->pw_uid;
- gid = pwd->pw_gid;
/* endpwent below, in case we need pwd for setusercontext */
}
#endif
@@ -511,24 +503,19 @@ perform_setup(struct daemon* daemon, str
#ifdef HAVE_KILL
if(cfg->pidfile && cfg->pidfile[0]) {
writepid(daemon->pidfile, getpid());
- if(!(cfg->chrootdir && cfg->chrootdir[0]) ||
- (cfg->chrootdir && cfg->chrootdir[0] &&
- strncmp(daemon->pidfile, cfg->chrootdir,
- strlen(cfg->chrootdir))==0)) {
- /* delete of pidfile could potentially work,
- * chown to get permissions */
- if(cfg->username && cfg->username[0]) {
- if(chown(daemon->pidfile, uid, gid) == -1) {
+ if(cfg->username && cfg->username[0]) {
+# ifdef HAVE_CHOWN
+ if(chown(daemon->pidfile, cfg->uid, cfg->gid) == -1) {
log_err("cannot chown %u.%u %s: %s",
- (unsigned)uid, (unsigned)gid,
+ (unsigned)cfg->uid, (unsigned)cfg->gid,
daemon->pidfile, strerror(errno));
- }
}
+# endif /* HAVE_CHOWN */
}
}
#else
(void)daemon;
-#endif
+#endif /* HAVE_KILL */
/* Set user context */
#ifdef HAVE_GETPWNAM
@@ -537,7 +524,7 @@ perform_setup(struct daemon* daemon, str
/* setusercontext does initgroups, setuid, setgid, and
* also resource limits from login config, but we
* still call setresuid, setresgid to be sure to set all uid*/
- if(setusercontext(NULL, pwd, uid, (unsigned)
+ if(setusercontext(NULL, pwd, cfg->uid, (unsigned)
LOGIN_SETALL & ~LOGIN_SETUSER & ~LOGIN_SETGROUP) != 0)
log_warn("unable to setusercontext %s: %s",
cfg->username, strerror(errno));
@@ -601,27 +588,27 @@ perform_setup(struct daemon* daemon, str
#ifdef HAVE_GETPWNAM
if(cfg->username && cfg->username[0]) {
# ifdef HAVE_INITGROUPS
- if(initgroups(cfg->username, gid) != 0)
+ if(initgroups(cfg->username, cfg->gid) != 0)
log_warn("unable to initgroups %s: %s",
cfg->username, strerror(errno));
# endif /* HAVE_INITGROUPS */
endpwent();
#ifdef HAVE_SETRESGID
- if(setresgid(gid,gid,gid) != 0)
+ if(setresgid(cfg->gid,cfg->gid,cfg->gid) != 0)
#elif defined(HAVE_SETREGID) && !defined(DARWIN_BROKEN_SETREUID)
- if(setregid(gid,gid) != 0)
+ if(setregid(cfg->gid,cfg->gid) != 0)
#else /* use setgid */
- if(setgid(gid) != 0)
+ if(setgid(cfg->gid) != 0)
#endif /* HAVE_SETRESGID */
fatal_exit("unable to set group id of %s: %s",
cfg->username, strerror(errno));
#ifdef HAVE_SETRESUID
- if(setresuid(uid,uid,uid) != 0)
+ if(setresuid(cfg->uid,cfg->uid,cfg->uid) != 0)
#elif defined(HAVE_SETREUID) && !defined(DARWIN_BROKEN_SETREUID)
- if(setreuid(uid,uid) != 0)
+ if(setreuid(cfg->uid,cfg->uid) != 0)
#else /* use setuid */
- if(setuid(uid) != 0)
+ if(setuid(cfg->uid) != 0)
#endif /* HAVE_SETRESUID */
fatal_exit("unable to set user id of %s: %s",
cfg->username, strerror(errno));
@@ -666,6 +653,7 @@ run_daemon(const char* cfgfile, int cmdl
log_warn("Continuing with default config settings");
}
apply_settings(daemon, cfg, cmdline_verbose, debug_mode);
+ config_lookup_uid(cfg);
/* prepare */
if(!daemon_open_shared_ports(daemon))
Index: usr.sbin/unbound/daemon/worker.c
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/daemon/worker.c,v
retrieving revision 1.7
diff -u -p -r1.7 worker.c
--- usr.sbin/unbound/daemon/worker.c 20 Nov 2014 01:15:19 -0000 1.7
+++ usr.sbin/unbound/daemon/worker.c 17 Feb 2015 00:53:07 -0000
@@ -900,7 +900,7 @@ worker_handle_request(struct comm_point*
goto send_reply;
}
if(local_zones_answer(worker->daemon->local_zones, &qinfo, &edns,
- c->buffer, worker->scratchpad)) {
+ c->buffer, worker->scratchpad, repinfo)) {
regional_free_all(worker->scratchpad);
if(sldns_buffer_limit(c->buffer) == 0) {
comm_point_drop_reply(repinfo);
Index: usr.sbin/unbound/doc/Changelog
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/doc/Changelog,v
retrieving revision 1.9
diff -u -p -r1.9 Changelog
--- usr.sbin/unbound/doc/Changelog 11 Dec 2014 16:26:58 -0000 1.9
+++ usr.sbin/unbound/doc/Changelog 17 Feb 2015 00:53:07 -0000
@@ -1,3 +1,90 @@
+13 February 2015: Wouter
+ - Fix #643: doc/example.conf.in: unnecessary whitespace.
+
+12 February 2015: Wouter
+ - tag 1.5.2rc1
+
+11 February 2015: Wouter
+ - iana portlist update.
+
+10 February 2015: Wouter
+ - Fix scrubber with harden-glue turned off to reject NS (and other
+ not-address) records.
+
+9 February 2015: Wouter
+ - Fix validation failure in case upstream forwarder (ISC BIND) does
+ not have the same trust anchors and decides to insert unsigned NS
+ record in authority section.
+
+2 February 2015: Wouter
+ - infra-cache-min-rtt patch from Florian Riehm, for expected long
+ uplink roundtrip times.
+
+30 January 2015: Wouter
+ - Fix 0x20 capsforid fallback to omit gratuitous NS and additional
+ section changes.
+ - Portability fix for Solaris ('sun' is not usable for a variable).
+
+29 January 2015: Wouter
+ - Fix pyunbound byte string representation for python3.
+
+26 January 2015: Wouter
+ - Fix unintended use of gcc extension for incomplete enum types,
+ compile with pedantic c99 compliance (from Daniel Dickman).
+
+23 January 2015: Wouter
+ - windows port fixes, no AF_LOCAL, no chown, no chmod(grp).
+
+16 January 2015: Wouter
+ - unit test for local unix connection. Documentation and log_addr
+ does not inspect port for AF_LOCAL.
+ - unbound-checkconf -f prints chroot with pidfile path.
+
+13 January 2015: Wouter
+ - iana portlist update.
+
+12 January 2015: Wouter
+ - Cast sun_len sizeof to socklen_t.
+ - Fix pyunbound ord call, portable for python 2 and 3.
+
+7 January 2015: Wouter
+ - Fix warnings in pythonmod changes.
+
+6 January 2015: Wouter
+ - iana portlist update.
+ - patch for remote control over local sockets, from Dag-Erling
+ Smorgrav, Ilya Bakulin. Use control-interface: /path/sock and
+ control-use-cert: no.
+ - Fixup that patch and uid lookup (only for daemon).
+ - coded the default of control-use-cert, to yes.
+
+5 January 2015: Wouter
+ - getauxval test for ppc64 linux compatibility.
+ - make strip works for unbound-host and unbound-anchor.
+ - patch from Stephane Lapie that adds to the python API, that
+ exposes struct delegpt, and adds the find_delegation function.
+ - print query name when max target count is exceeded.
+ - patch from Stuart Henderson that fixes DESTDIR in
+ unbound-control-setup for installs where config is not in
+ the prefix location.
+ - Fix #634: fix fail to start on Linux LTS 3.14.X, ignores missing
+ IP_MTU_DISCOVER OMIT option (fix from Remi Gacogne).
+ - Updated contrib warmup.cmd/sh to support two modes - load
+ from pre-defined list of domains or (with filename as argument)
+ load from user-specified list of domains, and updated contrib
+ unbound_cache.sh/cmd to support loading/save/reload cache to/from
+ default path or (with secondary argument) arbitrary path/filename,
+ from Yuri Voinov.
+ - Patch from Philip Paeps to contrib/unbound_munin_ that uses
+ type ABSOLUTE. Allows munin.conf: [idleserver.example.net]
+ unbound_munin_hits.graph_period minute
+
+9 December 2014: Wouter
+ - svn trunk has 1.5.2 in development.
+ - config.guess and config.sub update from libtoolize.
+ - local-zone: example.com inform makes unbound log a message with
+ client IP for queries in that zone. Eg. for finding infected hosts.
+
8 December 2014: Wouter
- Fix CVE-2014-8602: denial of service by making resolver chase
endless series of delegations.
Index: usr.sbin/unbound/doc/example.conf.in
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/doc/example.conf.in,v
retrieving revision 1.1.1.7
diff -u -p -r1.1.1.7 example.conf.in
--- usr.sbin/unbound/doc/example.conf.in 11 Dec 2014 16:18:03 -0000
1.1.1.7
+++ usr.sbin/unbound/doc/example.conf.in 17 Feb 2015 00:53:07 -0000
@@ -138,6 +138,9 @@ server:
# the time to live (TTL) value for cached roundtrip times, lameness and
# EDNS version information for hosts. In seconds.
# infra-host-ttl: 900
+
+ # minimum wait time for responses, increase if uplink is long. In msec.
+ # infra-cache-min-rtt: 50
# the number of slabs to use for the Infrastructure cache.
# the number of slabs must be a power of 2.
@@ -437,7 +440,7 @@ server:
# the amount of memory to use for the negative cache (used for DLV).
# plain value in bytes or you can append k, m or G. default is "1Mb".
# neg-cache-size: 1m
-
+
# By default, for a number of zones a small default 'nothing here'
# reply is built-in. Query traffic is thus blocked. If you
# wish to serve such zone you can unblock them by uncommenting one
@@ -497,6 +500,7 @@ server:
# o redirect serves the zone data for any subdomain in the zone.
# o nodefault can be used to normally resolve AS112 zones.
# o typetransparent resolves normally for other types and other names
+ # o inform resolves normally, but logs client IP address
#
# defaults are localhost address, reverse for 127.0.0.1 and ::1
# and nxdomain for AS112 zones. If you configure one of these zones
@@ -551,6 +555,10 @@ remote-control:
# Enable remote control with unbound-control(8) here.
# set up the keys and certificates with unbound-control-setup.
# control-enable: no
+
+ # Set to no and use an absolute path as control-interface to use
+ # a unix local named pipe for unbound-control.
+ # control-use-cert: yes
# what interfaces are listened to for remote control.
# give 0.0.0.0 and ::0 to listen to all interfaces.
Index: usr.sbin/unbound/doc/unbound-checkconf.8.in
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/doc/unbound-checkconf.8.in,v
retrieving revision 1.1.1.7
diff -u -p -r1.1.1.7 unbound-checkconf.8.in
--- usr.sbin/unbound/doc/unbound-checkconf.8.in 11 Dec 2014 16:17:59 -0000
1.1.1.7
+++ usr.sbin/unbound/doc/unbound-checkconf.8.in 17 Feb 2015 00:53:07 -0000
@@ -13,6 +13,7 @@ unbound\-checkconf
.SH "SYNOPSIS"
.B unbound\-checkconf
.RB [ \-h ]
+.RB [ \-f ]
.RB [ \-o
.IR option ]
.RI [ cfgfile ]
@@ -28,6 +29,9 @@ The available options are:
.TP
.B \-h
Show the version and commandline option help.
+.TP
+.B \-f
+Print full pathname, with chroot applied to it. Use with the -o option.
.TP
.B \-o\fI option
If given, after checking the config file the value of this option is
Index: usr.sbin/unbound/doc/unbound-host.1.in
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/doc/unbound-host.1.in,v
retrieving revision 1.3
diff -u -p -r1.3 unbound-host.1.in
--- usr.sbin/unbound/doc/unbound-host.1.in 11 Dec 2014 16:26:58 -0000
1.3
+++ usr.sbin/unbound/doc/unbound-host.1.in 17 Feb 2015 00:53:08 -0000
@@ -8,11 +8,13 @@
.\"
.\"
.SH "NAME"
+.LP
.B unbound\-host
\- unbound DNS lookup utility
.SH "SYNOPSIS"
+.LP
.B unbound\-host
-.RB [ \-vdhr46D ]
+.RB [ \-vdhr46 ]
.RB [ \-c
.IR class ]
.RB [ \-t
@@ -27,6 +29,7 @@
.RB [ \-C
.IR configfile ]
.SH "DESCRIPTION"
+.LP
.B Unbound\-host
uses the unbound validating resolver to query for the hostname and display
results. With the \fB\-v\fR option it displays validation
@@ -71,10 +74,6 @@ of trust that is built up from the trust
to validate the response message. Can be given as a DS or DNSKEY record.
For example \-y "example.com DS 31560 5 1
1CFED84787E6E19CCF9372C1187325972FE546CD".
.TP
-.B \-D
-Enables DNSSEC validation. Reads the root anchor from the default configured
-root anchor at the default location, \fI@UNBOUND_ROOTKEY_FILE@\fR.
-.TP
.B \-f \fIkeyfile
Reads keys from a file. Every line has a DS or DNSKEY record, in the format
as for \-y. The zone file format, the same as dig and drill produce.
@@ -99,6 +98,7 @@ Use solely the IPv4 network for sending
.B \-6
Use solely the IPv6 network for sending packets.
.SH "EXAMPLES"
+.LP
Some examples of use. The keys shown below are fakes, thus a security failure
is encountered.
.P
Index: usr.sbin/unbound/doc/unbound.conf.5.in
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/doc/unbound.conf.5.in,v
retrieving revision 1.1.1.7
diff -u -p -r1.1.1.7 unbound.conf.5.in
--- usr.sbin/unbound/doc/unbound.conf.5.in 11 Dec 2014 16:18:03 -0000
1.1.1.7
+++ usr.sbin/unbound/doc/unbound.conf.5.in 17 Feb 2015 00:53:08 -0000
@@ -301,6 +301,11 @@ by threads. Must be set to a power of 2.
.B infra\-cache\-numhosts: \fI<number>
Number of hosts for which information is cached. Default is 10000.
.TP
+.B infra\-cache\-min\-rtt: \fI<msec>
+Lower limit for dynamic retransmit timeout calculation in infrastructure
+cache. Default is 50 milliseconds. Increase this value if using forwarders
+needing more time to do recursive name resolution.
+.TP
.B do\-ip4: \fI<yes or no>
Enable or disable whether ip4 queries are answered or issued. Default is yes.
.TP
@@ -791,7 +796,7 @@ data leakage about the local network to
.B local\-zone: \fI<zone> <type>
Configure a local zone. The type determines the answer to give if
there is no match from local\-data. The types are deny, refuse, static,
-transparent, redirect, nodefault, typetransparent, and are explained
+transparent, redirect, nodefault, typetransparent, inform, and are explained
below. After that the default settings are listed. Use local\-data: to
enter data into the local zone. Answers for local zones are authoritative
DNS answers. By default the zones are class IN.
@@ -841,6 +846,13 @@ local\-data: "example.com. A 127.0.0.1"
queries for www.example.com and www.foo.example.com are redirected, so
that users with web browsers cannot access sites with suffix example.com.
.TP 10
+\h'5'\fIinform\fR
+The query is answered normally. The client IP address (@portnumber)
+is printed to the logfile. The log message is: timestamp, unbound-pid,
+info: zonename inform IP@port queryname type class. This option can be
+used for normal resolution, but machines looking up infected names are
+logged, eg. to run antivirus on them.
+.TP 10
\h'5'\fInodefault\fR
Used to turn off default contents for AS112 zones. The other types
also turn off default contents for the zone. The 'nodefault' option
@@ -958,36 +970,47 @@ to setup SSLv3 / TLSv1 security for the
section for options. To setup the correct self\-signed certificates use the
\fIunbound\-control\-setup\fR(8) utility.
.TP 5
-.B control\-enable: \fI<yes or no>
+.B control\-enable: \fI<yes or no>
The option is used to enable remote control, default is "no".
If turned off, the server does not listen for control commands.
.TP 5
-.B control\-interface: <ip address>
-Give IPv4 or IPv6 addresses to listen on for control commands.
+.B control\-interface: \fI<ip address or path>
+Give IPv4 or IPv6 addresses or local socket path to listen on for
+control commands.
By default localhost (127.0.0.1 and ::1) is listened to.
Use 0.0.0.0 and ::0 to listen to all interfaces.
+If you change this and permissions have been dropped, you must restart
+the server for the change to take effect.
+.TP 5
+.B control\-port: \fI<port number>
+The port number to listen on for IPv4 or IPv6 control interfaces,
+default is 8953.
+If you change this and permissions have been dropped, you must restart
+the server for the change to take effect.
.TP 5
-.B control\-port: <port number>
-The port number to listen on for control commands, default is 8953.
-If you change this port number, and permissions have been dropped,
-a reload is not sufficient to open the port again, you must then restart.
+.B control\-use\-cert: \fI<yes or no>
+Whether to require certificate authentication of control connections.
+The default is "yes".
+This should not be changed unless there are other mechanisms in place
+to prevent untrusted users from accessing the remote control
+interface.
.TP 5
-.B server\-key\-file: "<private key file>"
+.B server\-key\-file: \fI<private key file>
Path to the server private key, by default unbound_server.key.
This file is generated by the \fIunbound\-control\-setup\fR utility.
This file is used by the unbound server, but not by \fIunbound\-control\fR.
.TP 5
-.B server\-cert\-file: "<certificate file.pem>"
+.B server\-cert\-file: \fI<certificate file.pem>
Path to the server self signed certificate, by default unbound_server.pem.
This file is generated by the \fIunbound\-control\-setup\fR utility.
This file is used by the unbound server, and also by \fIunbound\-control\fR.
.TP 5
-.B control\-key\-file: "<private key file>"
+.B control\-key\-file: \fI<private key file>
Path to the control client private key, by default unbound_control.key.
This file is generated by the \fIunbound\-control\-setup\fR utility.
This file is used by \fIunbound\-control\fR.
.TP 5
-.B control\-cert\-file: "<certificate file.pem>"
+.B control\-cert\-file: \fI<certificate file.pem>
Path to the control client certificate, by default unbound_control.pem.
This certificate has to be signed with the server certificate.
This file is generated by the \fIunbound\-control\-setup\fR utility.
Index: usr.sbin/unbound/iterator/iterator.c
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/iterator/iterator.c,v
retrieving revision 1.4
diff -u -p -r1.4 iterator.c
--- usr.sbin/unbound/iterator/iterator.c 31 Jan 2015 23:34:17 -0000
1.4
+++ usr.sbin/unbound/iterator/iterator.c 17 Feb 2015 00:53:08 -0000
@@ -1383,8 +1383,10 @@ query_for_targets(struct module_qstate*
return 0;
if(iq->depth > 0 && iq->target_count &&
iq->target_count[1] > MAX_TARGET_COUNT) {
- verbose(VERB_QUERY, "request has exceeded the maximum "
- "number of glue fetches %d", iq->target_count[1]);
+ char s[LDNS_MAX_DOMAINLEN+1];
+ dname_str(qstate->qinfo.qname, s);
+ verbose(VERB_QUERY, "request %s has exceeded the maximum "
+ "number of glue fetches %d", s, iq->target_count[1]);
return 0;
}
@@ -1581,8 +1583,10 @@ processLastResort(struct module_qstate*
}
if(iq->depth > 0 && iq->target_count &&
iq->target_count[1] > MAX_TARGET_COUNT) {
- verbose(VERB_QUERY, "request has exceeded the maximum "
- "number of glue fetches %d", iq->target_count[1]);
+ char s[LDNS_MAX_DOMAINLEN+1];
+ dname_str(qstate->qinfo.qname, s);
+ verbose(VERB_QUERY, "request %s has exceeded the maximum "
+ "number of glue fetches %d", s, iq->target_count[1]);
return error_response_cache(qstate, id, LDNS_RCODE_SERVFAIL);
}
/* mark cycle targets for parent-side lookups */
Index: usr.sbin/unbound/libunbound/libworker.c
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/libunbound/libworker.c,v
retrieving revision 1.7
diff -u -p -r1.7 libworker.c
--- usr.sbin/unbound/libunbound/libworker.c 20 Nov 2014 00:11:14 -0000
1.7
+++ usr.sbin/unbound/libunbound/libworker.c 17 Feb 2015 00:53:08 -0000
@@ -606,7 +606,7 @@ int libworker_fg(struct ub_ctx* ctx, str
sldns_buffer_write_u16_at(w->back->udp_buff, 0, qid);
sldns_buffer_write_u16_at(w->back->udp_buff, 2, qflags);
if(local_zones_answer(ctx->local_zones, &qinfo, &edns,
- w->back->udp_buff, w->env->scratch)) {
+ w->back->udp_buff, w->env->scratch, NULL)) {
regional_free_all(w->env->scratch);
libworker_fillup_fg(q, LDNS_RCODE_NOERROR,
w->back->udp_buff, sec_status_insecure, NULL);
@@ -676,7 +676,7 @@ int libworker_attach_mesh(struct ub_ctx*
sldns_buffer_write_u16_at(w->back->udp_buff, 0, qid);
sldns_buffer_write_u16_at(w->back->udp_buff, 2, qflags);
if(local_zones_answer(ctx->local_zones, &qinfo, &edns,
- w->back->udp_buff, w->env->scratch)) {
+ w->back->udp_buff, w->env->scratch, NULL)) {
regional_free_all(w->env->scratch);
free(qinfo.qname);
libworker_event_done_cb(q, LDNS_RCODE_NOERROR,
@@ -796,7 +796,7 @@ handle_newq(struct libworker* w, uint8_t
sldns_buffer_write_u16_at(w->back->udp_buff, 0, qid);
sldns_buffer_write_u16_at(w->back->udp_buff, 2, qflags);
if(local_zones_answer(w->ctx->local_zones, &qinfo, &edns,
- w->back->udp_buff, w->env->scratch)) {
+ w->back->udp_buff, w->env->scratch, NULL)) {
regional_free_all(w->env->scratch);
q->msg_security = sec_status_insecure;
add_bg_result(w, q, w->back->udp_buff, UB_NOERROR, NULL);
Index: usr.sbin/unbound/services/listen_dnsport.c
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/services/listen_dnsport.c,v
retrieving revision 1.6
diff -u -p -r1.6 listen_dnsport.c
--- usr.sbin/unbound/services/listen_dnsport.c 20 Nov 2014 00:11:14 -0000
1.6
+++ usr.sbin/unbound/services/listen_dnsport.c 17 Feb 2015 00:53:08 -0000
@@ -56,6 +56,10 @@
#endif
#include <fcntl.h>
+#ifdef HAVE_SYS_UN_H
+#include <sys/un.h>
+#endif
+
/** number of queued TCP connections for listen() */
#define TCP_BACKLOG 256
@@ -368,29 +372,47 @@ create_udp_sock(int family, int socktype
* (and also uses the interface mtu to determine the size of the packets).
* So there won't be any EMSGSIZE error. Against DNS fragmentation attacks.
* FreeBSD already has same semantics without setting the option. */
-# if defined(IP_PMTUDISC_OMIT)
- int action = IP_PMTUDISC_OMIT;
-# else
- int action = IP_PMTUDISC_DONT;
-# endif
+ int omit_set = 0;
+ int action;
+# if defined(IP_PMTUDISC_OMIT)
+ action = IP_PMTUDISC_OMIT;
if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER,
&action, (socklen_t)sizeof(action)) < 0) {
- log_err("setsockopt(..., IP_MTU_DISCOVER, "
-# if defined(IP_PMTUDISC_OMIT)
- "IP_PMTUDISC_OMIT"
+
+ if (errno != EINVAL) {
+ log_err("setsockopt(..., IP_MTU_DISCOVER,
IP_PMTUDISC_OMIT...) failed: %s",
+ strerror(errno));
+
+# ifndef USE_WINSOCK
+ close(s);
# else
- "IP_PMTUDISC_DONT"
+ closesocket(s);
# endif
- "...) failed: %s",
- strerror(errno));
+ *noproto = 0;
+ *inuse = 0;
+ return -1;
+ }
+ }
+ else
+ {
+ omit_set = 1;
+ }
+# endif
+ if (omit_set == 0) {
+ action = IP_PMTUDISC_DONT;
+ if (setsockopt(s, IPPROTO_IP, IP_MTU_DISCOVER,
+ &action, (socklen_t)sizeof(action)) < 0) {
+ log_err("setsockopt(..., IP_MTU_DISCOVER,
IP_PMTUDISC_DONT...) failed: %s",
+ strerror(errno));
# ifndef USE_WINSOCK
- close(s);
+ close(s);
# else
- closesocket(s);
+ closesocket(s);
# endif
- *noproto = 0;
- *inuse = 0;
- return -1;
+ *noproto = 0;
+ *inuse = 0;
+ return -1;
+ }
}
# elif defined(IP_DONTFRAG)
int off = 0;
@@ -570,6 +592,63 @@ create_tcp_accept_sock(struct addrinfo *
}
return s;
}
+
+int
+create_local_accept_sock(const char *path, int* noproto)
+{
+#ifdef HAVE_SYS_UN_H
+ int s;
+ struct sockaddr_un usock;
+
+ verbose(VERB_ALGO, "creating unix socket %s", path);
+#ifdef HAVE_STRUCT_SOCKADDR_UN_SUN_LEN
+ /* this member exists on BSDs, not Linux */
+ usock.sun_len = (socklen_t)sizeof(usock);
+#endif
+ usock.sun_family = AF_LOCAL;
+ /* length is 92-108, 104 on FreeBSD */
+ (void)strlcpy(usock.sun_path, path, sizeof(usock.sun_path));
+
+ if ((s = socket(PF_LOCAL, SOCK_STREAM, 0)) == -1) {
+ log_err("Cannot create local socket %s (%s)",
+ path, strerror(errno));
+ return -1;
+ }
+
+ if (unlink(path) && errno != ENOENT) {
+ /* The socket already exists and cannot be removed */
+ log_err("Cannot remove old local socket %s (%s)",
+ path, strerror(errno));
+ return -1;
+ }
+
+ if (bind(s, (struct sockaddr *)&usock,
+ (socklen_t)sizeof(struct sockaddr_un)) == -1) {
+ log_err("Cannot bind local socket %s (%s)",
+ path, strerror(errno));
+ return -1;
+ }
+
+ if (!fd_set_nonblock(s)) {
+ log_err("Cannot set non-blocking mode");
+ return -1;
+ }
+
+ if (listen(s, TCP_BACKLOG) == -1) {
+ log_err("can't listen: %s", strerror(errno));
+ return -1;
+ }
+
+ (void)noproto; /*unused*/
+ return s;
+#else
+ (void)path;
+ log_err("Local sockets are not supported");
+ *noproto = 1;
+ return -1;
+#endif
+}
+
/**
* Create socket from getaddrinfo results
Index: usr.sbin/unbound/services/listen_dnsport.h
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/services/listen_dnsport.h,v
retrieving revision 1.4
diff -u -p -r1.4 listen_dnsport.h
--- usr.sbin/unbound/services/listen_dnsport.h 20 Nov 2014 00:11:14 -0000
1.4
+++ usr.sbin/unbound/services/listen_dnsport.h 17 Feb 2015 00:53:08 -0000
@@ -207,4 +207,13 @@ int create_udp_sock(int family, int sock
int create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto,
int* reuseport);
+/**
+ * Create and bind local listening socket
+ * @param path: path to the socket.
+ * @param noproto: on error, this is set true if cause is that local sockets
+ * are not supported.
+ * @return: the socket. -1 on error.
+ */
+int create_local_accept_sock(const char* path, int* noproto);
+
#endif /* LISTEN_DNSPORT_H */
Index: usr.sbin/unbound/services/localzone.c
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/services/localzone.c,v
retrieving revision 1.1.1.4
diff -u -p -r1.1.1.4 localzone.c
--- usr.sbin/unbound/services/localzone.c 20 Nov 2014 00:00:32 -0000
1.1.1.4
+++ usr.sbin/unbound/services/localzone.c 17 Feb 2015 00:53:08 -0000
@@ -48,6 +48,7 @@
#include "util/data/packed_rrset.h"
#include "util/data/msgencode.h"
#include "util/net_help.h"
+#include "util/netevent.h"
#include "util/data/msgreply.h"
#include "util/data/msgparse.h"
@@ -1022,6 +1023,10 @@ void local_zones_print(struct local_zone
log_nametypeclass(0, "static zone",
z->name, 0, z->dclass);
break;
+ case local_zone_inform:
+ log_nametypeclass(0, "inform zone",
+ z->name, 0, z->dclass);
+ break;
default:
log_nametypeclass(0, "badtyped zone",
z->name, 0, z->dclass);
@@ -1169,9 +1174,25 @@ lz_zone_answer(struct local_zone* z, str
return 0;
}
+/** print log information for an inform zone query */
+static void
+lz_inform_print(struct local_zone* z, struct query_info* qinfo,
+ struct comm_reply* repinfo)
+{
+ char ip[128], txt[512];
+ char zname[LDNS_MAX_DOMAINLEN+1];
+ uint16_t port = ntohs(((struct sockaddr_in*)&repinfo->addr)->sin_port);
+ dname_str(z->name, zname);
+ addr_to_str(&repinfo->addr, repinfo->addrlen, ip, sizeof(ip));
+ snprintf(txt, sizeof(txt), "%s inform %s@%u", zname, ip,
+ (unsigned)port);
+ log_nametypeclass(0, txt, qinfo->qname, qinfo->qtype, qinfo->qclass);
+}
+
int
local_zones_answer(struct local_zones* zones, struct query_info* qinfo,
- struct edns_data* edns, sldns_buffer* buf, struct regional* temp)
+ struct edns_data* edns, sldns_buffer* buf, struct regional* temp,
+ struct comm_reply* repinfo)
{
/* see if query is covered by a zone,
* if so: - try to match (exact) local data
@@ -1190,6 +1211,9 @@ local_zones_answer(struct local_zones* z
lock_rw_rdlock(&z->lock);
lock_rw_unlock(&zones->lock);
+ if(z->type == local_zone_inform && repinfo)
+ lz_inform_print(z, qinfo, repinfo);
+
if(local_data_answer(z, qinfo, edns, buf, temp, labs, &ld)) {
lock_rw_unlock(&z->lock);
return 1;
@@ -1209,6 +1233,7 @@ const char* local_zone_type2str(enum loc
case local_zone_typetransparent: return "typetransparent";
case local_zone_static: return "static";
case local_zone_nodefault: return "nodefault";
+ case local_zone_inform: return "inform";
}
return "badtyped";
}
@@ -1227,6 +1252,8 @@ int local_zone_str2type(const char* type
*t = local_zone_typetransparent;
else if(strcmp(type, "redirect") == 0)
*t = local_zone_redirect;
+ else if(strcmp(type, "inform") == 0)
+ *t = local_zone_inform;
else return 0;
return 1;
}
Index: usr.sbin/unbound/services/localzone.h
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/services/localzone.h,v
retrieving revision 1.1.1.2
diff -u -p -r1.1.1.2 localzone.h
--- usr.sbin/unbound/services/localzone.h 16 Mar 2014 11:38:25 -0000
1.1.1.2
+++ usr.sbin/unbound/services/localzone.h 17 Feb 2015 00:53:08 -0000
@@ -49,6 +49,7 @@ struct config_file;
struct edns_data;
struct query_info;
struct sldns_buffer;
+struct comm_reply;
/**
* Local zone type
@@ -70,7 +71,9 @@ enum localzone_type {
local_zone_redirect,
/** remove default AS112 blocking contents for zone
* nodefault is used in config not during service. */
- local_zone_nodefault
+ local_zone_nodefault,
+ /** log client address, but no block (transparent) */
+ local_zone_inform
};
/**
@@ -220,12 +223,14 @@ void local_zones_print(struct local_zone
* @param edns: edns info (parsed).
* @param buf: buffer with query ID and flags, also for reply.
* @param temp: temporary storage region.
+ * @param repinfo: source address for checks. may be NULL.
* @return true if answer is in buffer. false if query is not answered
* by authority data. If the reply should be dropped altogether, the return
* value is true, but the buffer is cleared (empty).
*/
int local_zones_answer(struct local_zones* zones, struct query_info* qinfo,
- struct edns_data* edns, struct sldns_buffer* buf, struct regional*
temp);
+ struct edns_data* edns, struct sldns_buffer* buf, struct regional* temp,
+ struct comm_reply* repinfo);
/**
* Parse the string into localzone type.
Index: usr.sbin/unbound/smallapp/unbound-checkconf.c
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/smallapp/unbound-checkconf.c,v
retrieving revision 1.1.1.4
diff -u -p -r1.1.1.4 unbound-checkconf.c
--- usr.sbin/unbound/smallapp/unbound-checkconf.c 20 Nov 2014 00:00:32
-0000 1.1.1.4
+++ usr.sbin/unbound/smallapp/unbound-checkconf.c 17 Feb 2015 00:53:08
-0000
@@ -78,6 +78,7 @@ usage()
printf(" Checks unbound configuration file for errors.\n");
printf("file if omitted %s is used.\n", CONFIGFILE);
printf("-o option print value of option to stdout.\n");
+ printf("-f output full pathname with chroot applied, eg.
with -o pidfile.\n");
printf("-h show this usage help.\n");
printf("Version %s\n", PACKAGE_VERSION);
printf("BSD licensed, see LICENSE in source package for details.\n");
@@ -90,10 +91,15 @@ usage()
* @param cfg: config
* @param opt: option name without trailing :.
* This is different from config_set_option.
+ * @param final: if final pathname with chroot applied has to be printed.
*/
static void
-print_option(struct config_file* cfg, const char* opt)
+print_option(struct config_file* cfg, const char* opt, int final)
{
+ if(strcmp(opt, "pidfile") == 0 && final) {
+ printf("%s\n", fname_after_chroot(cfg->pidfile, cfg, 1));
+ return;
+ }
if(!config_get_option(cfg, opt, config_print_func, stdout))
fatal_exit("cannot print option '%s'", opt);
}
@@ -416,7 +422,7 @@ morechecks(struct config_file* cfg, cons
endpwent();
}
#endif
- if(cfg->remote_control_enable) {
+ if(cfg->remote_control_enable && cfg->remote_control_use_cert) {
check_chroot_string("server-key-file", &cfg->server_key_file,
cfg->chrootdir, cfg);
check_chroot_string("server-cert-file", &cfg->server_cert_file,
@@ -456,7 +462,7 @@ check_hints(struct config_file* cfg)
/** check config file */
static void
-checkconf(const char* cfgfile, const char* opt)
+checkconf(const char* cfgfile, const char* opt, int final)
{
struct config_file* cfg = config_create();
if(!cfg)
@@ -467,7 +473,7 @@ checkconf(const char* cfgfile, const cha
exit(1);
}
if(opt) {
- print_option(cfg, opt);
+ print_option(cfg, opt, final);
config_delete(cfg);
return;
}
@@ -493,6 +499,7 @@ extern char* optarg;
int main(int argc, char* argv[])
{
int c;
+ int final = 0;
const char* f;
const char* opt = NULL;
const char* cfgfile = CONFIGFILE;
@@ -505,8 +512,11 @@ int main(int argc, char* argv[])
cfgfile = CONFIGFILE;
#endif /* USE_WINSOCK */
/* parse the options */
- while( (c=getopt(argc, argv, "ho:")) != -1) {
+ while( (c=getopt(argc, argv, "fho:")) != -1) {
switch(c) {
+ case 'f':
+ final = 1;
+ break;
case 'o':
opt = optarg;
break;
@@ -523,7 +533,7 @@ int main(int argc, char* argv[])
if(argc == 1)
f = argv[0];
else f = cfgfile;
- checkconf(f, opt);
+ checkconf(f, opt, final);
checklock_stop();
return 0;
}
Index: usr.sbin/unbound/smallapp/unbound-control.c
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/smallapp/unbound-control.c,v
retrieving revision 1.1.1.6
diff -u -p -r1.1.1.6 unbound-control.c
--- usr.sbin/unbound/smallapp/unbound-control.c 20 Nov 2014 00:00:31 -0000
1.1.1.6
+++ usr.sbin/unbound/smallapp/unbound-control.c 17 Feb 2015 00:53:08 -0000
@@ -59,6 +59,10 @@
#include "util/locks.h"
#include "util/net_help.h"
+#ifdef HAVE_SYS_UN_H
+#include <sys/un.h>
+#endif
+
/** Give unbound-control usage, and exit (1). */
static void
usage()
@@ -136,32 +140,40 @@ static void ssl_err(const char* s)
static SSL_CTX*
setup_ctx(struct config_file* cfg)
{
- char* s_cert, *c_key, *c_cert;
+ char* s_cert=NULL, *c_key=NULL, *c_cert=NULL;
SSL_CTX* ctx;
- s_cert = fname_after_chroot(cfg->server_cert_file, cfg, 1);
- c_key = fname_after_chroot(cfg->control_key_file, cfg, 1);
- c_cert = fname_after_chroot(cfg->control_cert_file, cfg, 1);
- if(!s_cert || !c_key || !c_cert)
- fatal_exit("out of memory");
+ if(cfg->remote_control_use_cert) {
+ s_cert = fname_after_chroot(cfg->server_cert_file, cfg, 1);
+ c_key = fname_after_chroot(cfg->control_key_file, cfg, 1);
+ c_cert = fname_after_chroot(cfg->control_cert_file, cfg, 1);
+ if(!s_cert || !c_key || !c_cert)
+ fatal_exit("out of memory");
+ }
ctx = SSL_CTX_new(SSLv23_client_method());
if(!ctx)
ssl_err("could not allocate SSL_CTX pointer");
if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2))
ssl_err("could not set SSL_OP_NO_SSLv2");
- if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3))
- ssl_err("could not set SSL_OP_NO_SSLv3");
- if(!SSL_CTX_use_certificate_file(ctx,c_cert,SSL_FILETYPE_PEM) ||
- !SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM)
- || !SSL_CTX_check_private_key(ctx))
- ssl_err("Error setting up SSL_CTX client key and cert");
- if (SSL_CTX_load_verify_locations(ctx, s_cert, NULL) != 1)
- ssl_err("Error setting up SSL_CTX verify, server cert");
- SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
-
- free(s_cert);
- free(c_key);
- free(c_cert);
+ if(cfg->remote_control_use_cert) {
+ if(!(SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) &
SSL_OP_NO_SSLv3))
+ ssl_err("could not set SSL_OP_NO_SSLv3");
+ if(!SSL_CTX_use_certificate_file(ctx,c_cert,SSL_FILETYPE_PEM) ||
+ !SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM)
+ || !SSL_CTX_check_private_key(ctx))
+ ssl_err("Error setting up SSL_CTX client key and cert");
+ if (SSL_CTX_load_verify_locations(ctx, s_cert, NULL) != 1)
+ ssl_err("Error setting up SSL_CTX verify, server cert");
+ SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
+
+ free(s_cert);
+ free(c_key);
+ free(c_cert);
+ } else {
+ /* Use ciphers that don't require authentication */
+ if(!SSL_CTX_set_cipher_list(ctx, "aNULL"))
+ ssl_err("Error setting NULL cipher!");
+ }
return ctx;
}
@@ -171,6 +183,7 @@ contact_server(const char* svr, struct c
{
struct sockaddr_storage addr;
socklen_t addrlen;
+ int addrfamily = 0;
int fd;
/* use svr or the first config entry */
if(!svr) {
@@ -189,12 +202,25 @@ contact_server(const char* svr, struct c
if(strchr(svr, '@')) {
if(!extstrtoaddr(svr, &addr, &addrlen))
fatal_exit("could not parse IP@port: %s", svr);
+#ifdef HAVE_SYS_UN_H
+ } else if(svr[0] == '/') {
+ struct sockaddr_un* usock = (struct sockaddr_un *) &addr;
+ usock->sun_family = AF_LOCAL;
+#ifdef HAVE_STRUCT_SOCKADDR_UN_SUN_LEN
+ usock->sun_len = (socklen_t)sizeof(usock);
+#endif
+ (void)strlcpy(usock->sun_path, svr, sizeof(usock->sun_path));
+ addrlen = (socklen_t)sizeof(struct sockaddr_un);
+ addrfamily = AF_LOCAL;
+#endif
} else {
if(!ipstrtoaddr(svr, cfg->control_port, &addr, &addrlen))
fatal_exit("could not parse IP: %s", svr);
}
- fd = socket(addr_is_ip6(&addr, addrlen)?AF_INET6:AF_INET,
- SOCK_STREAM, 0);
+
+ if(addrfamily == 0)
+ addrfamily = addr_is_ip6(&addr, addrlen)?AF_INET6:AF_INET;
+ fd = socket(addrfamily, SOCK_STREAM, 0);
if(fd == -1) {
#ifndef USE_WINSOCK
fatal_exit("socket: %s", strerror(errno));
@@ -223,7 +249,7 @@ contact_server(const char* svr, struct c
/** setup SSL on the connection */
static SSL*
-setup_ssl(SSL_CTX* ctx, int fd)
+setup_ssl(SSL_CTX* ctx, int fd, struct config_file* cfg)
{
SSL* ssl;
X509* x;
@@ -249,10 +275,13 @@ setup_ssl(SSL_CTX* ctx, int fd)
/* check authenticity of server */
if(SSL_get_verify_result(ssl) != X509_V_OK)
ssl_err("SSL verification failed");
- x = SSL_get_peer_certificate(ssl);
- if(!x)
- ssl_err("Server presented no peer certificate");
- X509_free(x);
+ if(cfg->remote_control_use_cert) {
+ x = SSL_get_peer_certificate(ssl);
+ if(!x)
+ ssl_err("Server presented no peer certificate");
+ X509_free(x);
+ }
+
return ssl;
}
@@ -330,11 +359,11 @@ go(const char* cfgfile, char* svr, int q
if(!cfg->remote_control_enable)
log_warn("control-enable is 'no' in the config file.");
ctx = setup_ctx(cfg);
-
+
/* contact server */
fd = contact_server(svr, cfg, argc>0&&strcmp(argv[0],"status")==0);
- ssl = setup_ssl(ctx, fd);
-
+ ssl = setup_ssl(ctx, fd, cfg);
+
/* send command */
ret = go_cmd(ssl, quiet, argc, argv);
Index: usr.sbin/unbound/util/config_file.c
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/util/config_file.c,v
retrieving revision 1.3
diff -u -p -r1.3 config_file.c
--- usr.sbin/unbound/util/config_file.c 20 Nov 2014 00:11:14 -0000 1.3
+++ usr.sbin/unbound/util/config_file.c 17 Feb 2015 00:53:08 -0000
@@ -55,11 +55,15 @@
#include "util/regional.h"
#include "util/fptr_wlist.h"
#include "util/data/dname.h"
+#include "util/rtt.h"
#include "ldns/wire2str.h"
#include "ldns/parseutil.h"
#ifdef HAVE_GLOB_H
# include <glob.h>
#endif
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
/** global config during parsing */
struct config_parser_state* cfg_parser = 0;
@@ -126,11 +130,14 @@ config_create(void)
cfg->prefetch_key = 0;
cfg->infra_cache_slabs = 4;
cfg->infra_cache_numhosts = 10000;
+ cfg->infra_cache_min_rtt = 50;
cfg->delay_close = 0;
if(!(cfg->outgoing_avail_ports = (int*)calloc(65536, sizeof(int))))
goto error_exit;
init_outgoing_availports(cfg->outgoing_avail_ports, 65536);
if(!(cfg->username = strdup(UB_USERNAME))) goto error_exit;
+ cfg->uid = (uid_t)-1;
+ cfg->gid = (gid_t)-1;
#ifdef HAVE_CHROOT
if(!(cfg->chrootdir = strdup(CHROOT_DIR))) goto error_exit;
#endif
@@ -196,6 +203,7 @@ config_create(void)
cfg->remote_control_enable = 0;
cfg->control_ifs = NULL;
cfg->control_port = UNBOUND_CONTROL_PORT;
+ cfg->remote_control_use_cert = 1;
cfg->minimal_responses = 0;
cfg->rrset_roundrobin = 0;
cfg->max_udp_size = 4096;
@@ -369,6 +377,10 @@ int config_set_option(struct config_file
{ IS_NUMBER_OR_ZERO; cfg->max_ttl = atoi(val);
MAX_TTL=(time_t)cfg->max_ttl;}
else if(strcmp(opt, "cache-min-ttl:") == 0)
{ IS_NUMBER_OR_ZERO; cfg->min_ttl = atoi(val);
MIN_TTL=(time_t)cfg->min_ttl;}
+ else if(strcmp(opt, "infra-cache-min-rtt:") == 0) {
+ IS_NUMBER_OR_ZERO; cfg->infra_cache_min_rtt = atoi(val);
+ RTT_MIN_TIMEOUT=cfg->infra_cache_min_rtt;
+ }
else S_NUMBER_OR_ZERO("infra-host-ttl:", host_ttl)
else S_POW2("infra-cache-slabs:", infra_cache_slabs)
else S_SIZET_NONZERO("infra-cache-numhosts:", infra_cache_numhosts)
@@ -617,6 +629,7 @@ config_get_option(struct config_file* cf
else O_DEC(opt, "cache-min-ttl", min_ttl)
else O_DEC(opt, "infra-host-ttl", host_ttl)
else O_DEC(opt, "infra-cache-slabs", infra_cache_slabs)
+ else O_DEC(opt, "infra-cache-min-rtt", infra_cache_min_rtt)
else O_MEM(opt, "infra-cache-numhosts", infra_cache_numhosts)
else O_UNS(opt, "delay-close", delay_close)
else O_YNO(opt, "do-ip4", do_ip4)
@@ -799,6 +812,7 @@ config_read(struct config_file* cfg, con
errno=EINVAL;
return 0;
}
+
return 1;
}
@@ -1181,10 +1195,27 @@ config_apply(struct config_file* config)
{
MAX_TTL = (time_t)config->max_ttl;
MIN_TTL = (time_t)config->min_ttl;
+ RTT_MIN_TIMEOUT = config->infra_cache_min_rtt;
EDNS_ADVERTISED_SIZE = (uint16_t)config->edns_buffer_size;
MINIMAL_RESPONSES = config->minimal_responses;
RRSET_ROUNDROBIN = config->rrset_roundrobin;
log_set_time_asc(config->log_time_ascii);
+}
+
+void config_lookup_uid(struct config_file* cfg)
+{
+#ifdef HAVE_GETPWNAM
+ /* translate username into uid and gid */
+ if(cfg->username && cfg->username[0]) {
+ struct passwd *pwd;
+ if((pwd = getpwnam(cfg->username)) == NULL)
+ log_err("user '%s' does not exist.", cfg->username);
+ cfg->uid = pwd->pw_uid;
+ cfg->gid = pwd->pw_gid;
+ }
+#else
+ (void)cfg;
+#endif
}
/**
Index: usr.sbin/unbound/util/config_file.h
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/util/config_file.h,v
retrieving revision 1.1.1.5
diff -u -p -r1.1.1.5 config_file.h
--- usr.sbin/unbound/util/config_file.h 20 Nov 2014 00:00:27 -0000 1.1.1.5
+++ usr.sbin/unbound/util/config_file.h 17 Feb 2015 00:53:08 -0000
@@ -119,6 +119,8 @@ struct config_file {
size_t infra_cache_slabs;
/** max number of hosts in the infra cache */
size_t infra_cache_numhosts;
+ /** min value for infra cache rtt */
+ int infra_cache_min_rtt;
/** delay close of udp-timeouted ports, if 0 no delayclose. in msec */
int delay_close;
@@ -192,6 +194,8 @@ struct config_file {
char* chrootdir;
/** username to change to, if not "". */
char* username;
+ uid_t uid;
+ gid_t gid;
/** working directory */
char* directory;
/** filename to log to. */
@@ -282,6 +286,8 @@ struct config_file {
struct config_strlist* control_ifs;
/** port number for the control port */
int control_port;
+ /** use certificates for remote control */
+ int remote_control_use_cert;
/** private key file for server */
char* server_key_file;
/** certificate file for server */
@@ -421,6 +427,12 @@ void config_delete(struct config_file* c
* @param config: to apply. Side effect: global constants change.
*/
void config_apply(struct config_file* config);
+
+/**
+ * Find username, sets uid and gid.
+ * @param config: the config structure.
+ */
+void config_lookup_uid(struct config_file* config);
/**
* Set the given keyword to the given value.
Index: usr.sbin/unbound/util/configlexer.lex
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/util/configlexer.lex,v
retrieving revision 1.1.1.5
diff -u -p -r1.1.1.5 configlexer.lex
--- usr.sbin/unbound/util/configlexer.lex 20 Nov 2014 00:00:29 -0000
1.1.1.5
+++ usr.sbin/unbound/util/configlexer.lex 17 Feb 2015 00:53:08 -0000
@@ -245,6 +245,7 @@ infra-lame-ttl{COLON} { YDVAR(1, VAR_IN
infra-cache-slabs{COLON} { YDVAR(1, VAR_INFRA_CACHE_SLABS) }
infra-cache-numhosts{COLON} { YDVAR(1, VAR_INFRA_CACHE_NUMHOSTS) }
infra-cache-lame-size{COLON} { YDVAR(1, VAR_INFRA_CACHE_LAME_SIZE) }
+infra-cache-min-rtt{COLON} { YDVAR(1, VAR_INFRA_CACHE_MIN_RTT) }
num-queries-per-thread{COLON} { YDVAR(1, VAR_NUM_QUERIES_PER_THREAD) }
jostle-timeout{COLON} { YDVAR(1, VAR_JOSTLE_TIMEOUT) }
delay-close{COLON} { YDVAR(1, VAR_DELAY_CLOSE) }
@@ -315,6 +316,7 @@ remote-control{COLON} { YDVAR(0, VAR_RE
control-enable{COLON} { YDVAR(1, VAR_CONTROL_ENABLE) }
control-interface{COLON} { YDVAR(1, VAR_CONTROL_INTERFACE) }
control-port{COLON} { YDVAR(1, VAR_CONTROL_PORT) }
+control-use-cert{COLON} { YDVAR(1, VAR_CONTROL_USE_CERT) }
server-key-file{COLON} { YDVAR(1, VAR_SERVER_KEY_FILE) }
server-cert-file{COLON} { YDVAR(1, VAR_SERVER_CERT_FILE) }
control-key-file{COLON} { YDVAR(1, VAR_CONTROL_KEY_FILE) }
Index: usr.sbin/unbound/util/configparser.y
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/util/configparser.y,v
retrieving revision 1.1.1.5
diff -u -p -r1.1.1.5 configparser.y
--- usr.sbin/unbound/util/configparser.y 20 Nov 2014 00:00:28 -0000
1.1.1.5
+++ usr.sbin/unbound/util/configparser.y 17 Feb 2015 00:53:09 -0000
@@ -95,6 +95,7 @@ extern struct config_parser_state* cfg_p
%token VAR_PRIVATE_DOMAIN VAR_REMOTE_CONTROL VAR_CONTROL_ENABLE
%token VAR_CONTROL_INTERFACE VAR_CONTROL_PORT VAR_SERVER_KEY_FILE
%token VAR_SERVER_CERT_FILE VAR_CONTROL_KEY_FILE VAR_CONTROL_CERT_FILE
+%token VAR_CONTROL_USE_CERT
%token VAR_EXTENDED_STATISTICS VAR_LOCAL_DATA_PTR VAR_JOSTLE_TIMEOUT
%token VAR_STUB_PRIME VAR_UNWANTED_REPLY_THRESHOLD VAR_LOG_TIME_ASCII
%token VAR_DOMAIN_INSECURE VAR_PYTHON VAR_PYTHON_SCRIPT VAR_VAL_SIG_SKEW_MIN
@@ -106,6 +107,7 @@ extern struct config_parser_state* cfg_p
%token VAR_SSL_SERVICE_KEY VAR_SSL_SERVICE_PEM VAR_SSL_PORT VAR_FORWARD_FIRST
%token VAR_STUB_FIRST VAR_MINIMAL_RESPONSES VAR_RRSET_ROUNDROBIN
%token VAR_MAX_UDP_SIZE VAR_DELAY_CLOSE VAR_UNBLOCK_LAN_ZONES
+%token VAR_INFRA_CACHE_MIN_RTT
%token VAR_DNS64_PREFIX VAR_DNS64_SYNTHALL
%token VAR_DNSTAP VAR_DNSTAP_ENABLE VAR_DNSTAP_SOCKET_PATH
%token VAR_DNSTAP_SEND_IDENTITY VAR_DNSTAP_SEND_VERSION
@@ -174,7 +176,8 @@ content_server: server_num_threads | ser
server_ssl_service_key | server_ssl_service_pem | server_ssl_port |
server_minimal_responses | server_rrset_roundrobin |
server_max_udp_size |
server_so_reuseport | server_delay_close | server_unblock_lan_zones |
- server_dns64_prefix | server_dns64_synthall
+ server_dns64_prefix | server_dns64_synthall |
+ server_infra_cache_min_rtt
;
stubstart: VAR_STUB_ZONE
{
@@ -767,6 +770,15 @@ server_infra_cache_slabs: VAR_INFRA_CACH
free($2);
}
;
+server_infra_cache_min_rtt: VAR_INFRA_CACHE_MIN_RTT STRING_ARG
+ {
+ OUTYY(("P(server_infra_cache_min_rtt:%s)\n", $2));
+ if(atoi($2) == 0 && strcmp($2, "0") != 0)
+ yyerror("number expected");
+ else cfg_parser->cfg->infra_cache_min_rtt = atoi($2);
+ free($2);
+ }
+ ;
server_target_fetch_policy: VAR_TARGET_FETCH_POLICY STRING_ARG
{
OUTYY(("P(server_target_fetch_policy:%s)\n", $2));
@@ -1104,10 +1116,11 @@ server_local_zone: VAR_LOCAL_ZONE STRING
if(strcmp($3, "static")!=0 && strcmp($3, "deny")!=0 &&
strcmp($3, "refuse")!=0 && strcmp($3, "redirect")!=0 &&
strcmp($3, "transparent")!=0 && strcmp($3, "nodefault")!=0
- && strcmp($3, "typetransparent")!=0)
+ && strcmp($3, "typetransparent")!=0 &&
+ strcmp($3, "inform")!=0)
yyerror("local-zone type: expected static, deny, "
"refuse, redirect, transparent, "
- "typetransparent or nodefault");
+ "typetransparent, inform or nodefault");
else if(strcmp($3, "nodefault")==0) {
if(!cfg_strlist_insert(&cfg_parser->cfg->
local_zones_nodefault, $2))
@@ -1270,7 +1283,7 @@ contents_rc: contents_rc content_rc
| ;
content_rc: rc_control_enable | rc_control_interface | rc_control_port |
rc_server_key_file | rc_server_cert_file | rc_control_key_file |
- rc_control_cert_file
+ rc_control_cert_file | rc_control_use_cert
;
rc_control_enable: VAR_CONTROL_ENABLE STRING_ARG
{
@@ -1296,6 +1309,16 @@ rc_control_interface: VAR_CONTROL_INTERF
OUTYY(("P(control_interface:%s)\n", $2));
if(!cfg_strlist_insert(&cfg_parser->cfg->control_ifs, $2))
yyerror("out of memory");
+ }
+ ;
+rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG
+ {
+ OUTYY(("P(control_use_cert:%s)\n", $2));
+ if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
+ yyerror("expected yes or no.");
+ else cfg_parser->cfg->remote_control_use_cert =
+ (strcmp($2, "yes")==0);
+ free($2);
}
;
rc_server_key_file: VAR_SERVER_KEY_FILE STRING_ARG
Index: usr.sbin/unbound/util/iana_ports.inc
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/util/iana_ports.inc,v
retrieving revision 1.1.1.7
diff -u -p -r1.1.1.7 iana_ports.inc
--- usr.sbin/unbound/util/iana_ports.inc 11 Dec 2014 16:18:04 -0000
1.1.1.7
+++ usr.sbin/unbound/util/iana_ports.inc 17 Feb 2015 00:53:09 -0000
@@ -3819,6 +3819,7 @@
4359,
4361,
4362,
+4366,
4368,
4369,
4370,
@@ -4399,6 +4400,7 @@
6163,
6200,
6201,
+6209,
6222,
6241,
6242,
@@ -4488,6 +4490,8 @@
6628,
6633,
6634,
+6635,
+6636,
6653,
6657,
6670,
@@ -4671,6 +4675,7 @@
7778,
7779,
7781,
+7784,
7786,
7787,
7789,
Index: usr.sbin/unbound/util/net_help.c
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/util/net_help.c,v
retrieving revision 1.2
diff -u -p -r1.2 net_help.c
--- usr.sbin/unbound/util/net_help.c 20 Nov 2014 01:15:19 -0000 1.2
+++ usr.sbin/unbound/util/net_help.c 17 Feb 2015 00:53:09 -0000
@@ -156,7 +156,12 @@ log_addr(enum verbosity_value v, const c
case AF_INET6: family="ip6";
sinaddr = &((struct sockaddr_in6*)addr)->sin6_addr;
break;
- case AF_UNIX: family="unix"; break;
+ case AF_LOCAL:
+ dest[0]=0;
+ (void)inet_ntop(af, sinaddr, dest,
+ (socklen_t)sizeof(dest));
+ verbose(v, "%s local %s", str, dest);
+ return; /* do not continue and try to get port */
default: break;
}
if(inet_ntop(af, sinaddr, dest, (socklen_t)sizeof(dest)) == 0) {
@@ -313,7 +318,7 @@ void log_name_addr(enum verbosity_value
case AF_INET6: family="";
sinaddr = &((struct sockaddr_in6*)addr)->sin6_addr;
break;
- case AF_UNIX: family="unix_family "; break;
+ case AF_LOCAL: family="local "; break;
default: break;
}
if(inet_ntop(af, sinaddr, dest, (socklen_t)sizeof(dest)) == 0) {
Index: usr.sbin/unbound/util/rtt.c
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/util/rtt.c,v
retrieving revision 1.1.1.3
diff -u -p -r1.1.1.3 rtt.c
--- usr.sbin/unbound/util/rtt.c 16 Mar 2014 11:38:22 -0000 1.1.1.3
+++ usr.sbin/unbound/util/rtt.c 17 Feb 2015 00:53:09 -0000
@@ -42,6 +42,8 @@
#include "config.h"
#include "util/rtt.h"
+/* overwritten by config: infra_cache_min_rtt: */
+int RTT_MIN_TIMEOUT = 50;
/** calculate RTO from rtt information */
static int
calc_rto(const struct rtt_info* rtt)
Index: usr.sbin/unbound/util/rtt.h
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/util/rtt.h,v
retrieving revision 1.1.1.2
diff -u -p -r1.1.1.2 rtt.h
--- usr.sbin/unbound/util/rtt.h 16 Mar 2014 11:38:23 -0000 1.1.1.2
+++ usr.sbin/unbound/util/rtt.h 17 Feb 2015 00:53:09 -0000
@@ -56,7 +56,7 @@ struct rtt_info {
};
/** min retransmit timeout value, in milliseconds */
-#define RTT_MIN_TIMEOUT 50
+extern int RTT_MIN_TIMEOUT;
/** max retransmit timeout value, in milliseconds */
#define RTT_MAX_TIMEOUT 120000
Index: usr.sbin/unbound/validator/val_secalgo.c
===================================================================
RCS file: /cvs/src/usr.sbin/unbound/validator/val_secalgo.c,v
retrieving revision 1.1.1.3
diff -u -p -r1.1.1.3 val_secalgo.c
--- usr.sbin/unbound/validator/val_secalgo.c 16 Mar 2014 11:38:28 -0000
1.1.1.3
+++ usr.sbin/unbound/validator/val_secalgo.c 17 Feb 2015 00:53:09 -0000
@@ -41,8 +41,9 @@
* and do the library calls (for the crypto library in use).
*/
#include "config.h"
-#include "validator/val_secalgo.h"
+/* packed_rrset on top to define enum types (forced by c99 standard) */
#include "util/data/packed_rrset.h"
+#include "validator/val_secalgo.h"
#include "util/log.h"
#include "ldns/rrdef.h"
#include "ldns/keyraw.h"
