"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "nsd.c" between
nsd-4.3.6.tar.gz and nsd-4.3.7.tar.gz

About: NSD is an authoritative only, high performance, simple name server daemon.

nsd.c  (nsd-4.3.6):nsd.c  (nsd-4.3.7)
skipping to change at line 28 skipping to change at line 28
#include <netinet/in.h> #include <netinet/in.h>
#include <arpa/inet.h> #include <arpa/inet.h>
#ifdef HAVE_GRP_H #ifdef HAVE_GRP_H
#include <grp.h> #include <grp.h>
#endif /* HAVE_GRP_H */ #endif /* HAVE_GRP_H */
#ifdef HAVE_SETUSERCONTEXT #ifdef HAVE_SETUSERCONTEXT
#ifdef HAVE_LOGIN_CAP_H #ifdef HAVE_LOGIN_CAP_H
#include <login_cap.h> #include <login_cap.h>
#endif /* HAVE_LOGIN_CAP_H */ #endif /* HAVE_LOGIN_CAP_H */
#endif /* HAVE_SETUSERCONTEXT */ #endif /* HAVE_SETUSERCONTEXT */
#ifdef HAVE_OPENSSL_RAND_H
#include <openssl/rand.h>
#endif
#include <assert.h> #include <assert.h>
#include <ctype.h> #include <ctype.h>
#include <errno.h> #include <errno.h>
#include <fcntl.h> #include <fcntl.h>
#include <limits.h> #include <limits.h>
#include <netdb.h> #include <netdb.h>
#include <pwd.h> #include <pwd.h>
#include <signal.h> #include <signal.h>
#include <stdarg.h> #include <stdarg.h>
skipping to change at line 263 skipping to change at line 266
} }
} }
} }
static void static void
figure_default_sockets( figure_default_sockets(
struct nsd_socket **udp, struct nsd_socket **tcp, size_t *ifs, struct nsd_socket **udp, struct nsd_socket **tcp, size_t *ifs,
const char *udp_port, const char *tcp_port, const char *udp_port, const char *tcp_port,
const struct addrinfo *hints) const struct addrinfo *hints)
{ {
int r;
size_t i = 0, n = 1; size_t i = 0, n = 1;
struct addrinfo ai[2] = { *hints, *hints }; struct addrinfo ai[2] = { *hints, *hints };
assert(udp != NULL); assert(udp != NULL);
assert(tcp != NULL); assert(tcp != NULL);
assert(ifs != NULL); assert(ifs != NULL);
ai[0].ai_socktype = SOCK_DGRAM; ai[0].ai_socktype = SOCK_DGRAM;
ai[1].ai_socktype = SOCK_STREAM; ai[1].ai_socktype = SOCK_STREAM;
skipping to change at line 304 skipping to change at line 306
* the wildcard address (unless the -4 or -6 flags are * the wildcard address (unless the -4 or -6 flags are
* specified). * specified).
* *
* However, this is only supported on platforms where * However, this is only supported on platforms where
* we can turn the socket option IPV6_V6ONLY _on_. * we can turn the socket option IPV6_V6ONLY _on_.
* Otherwise we just listen to a single IPv6 socket * Otherwise we just listen to a single IPv6 socket
* and any incoming IPv4 connections will be * and any incoming IPv4 connections will be
* automatically mapped to our IPv6 socket. * automatically mapped to our IPv6 socket.
*/ */
#ifdef IPV6_V6ONLY #ifdef IPV6_V6ONLY
int r;
struct addrinfo *addrs[2] = { NULL, NULL }; struct addrinfo *addrs[2] = { NULL, NULL };
if((r = getaddrinfo(NULL, udp_port, &ai[0], &addrs[0])) == 0 && if((r = getaddrinfo(NULL, udp_port, &ai[0], &addrs[0])) == 0 &&
(r = getaddrinfo(NULL, tcp_port, &ai[1], &addrs[1])) == 0) (r = getaddrinfo(NULL, tcp_port, &ai[1], &addrs[1])) == 0)
{ {
(*udp)[i].flags |= NSD_SOCKET_IS_OPTIONAL; (*udp)[i].flags |= NSD_SOCKET_IS_OPTIONAL;
(*udp)[i].fib = -1; (*udp)[i].fib = -1;
copyaddrinfo(&(*udp)[i].addr, addrs[0]); copyaddrinfo(&(*udp)[i].addr, addrs[0]);
figure_socket_servers(&(*udp)[i], NULL); figure_socket_servers(&(*udp)[i], NULL);
(*tcp)[i].flags |= NSD_SOCKET_IS_OPTIONAL; (*tcp)[i].flags |= NSD_SOCKET_IS_OPTIONAL;
skipping to change at line 554 skipping to change at line 557
servercnt = udp[0].servers->size; servercnt = udp[0].servers->size;
serverbufsz = (((servercnt / 10) * servercnt) + servercnt) + 1; serverbufsz = (((servercnt / 10) * servercnt) + servercnt) + 1;
serverbuf = xalloc(serverbufsz); serverbuf = xalloc(serverbufsz);
/* warn user of unused servers */ /* warn user of unused servers */
servers = xalloc(nsd_bitset_size(servercnt)); servers = xalloc(nsd_bitset_size(servercnt));
nsd_bitset_init(servers, (size_t)servercnt); nsd_bitset_init(servers, (size_t)servercnt);
for(i = 0; i < ifs; i++) { for(i = 0; i < ifs; i++) {
assert(udp[i].servers->size == servercnt); assert(udp[i].servers->size == servercnt);
addrport2str(&udp[i].addr.ai_addr, sockbuf, sizeof(sockbuf)); addrport2str((void*)&udp[i].addr.ai_addr, sockbuf, sizeof(sockbuf ));
print_socket_servers(&udp[i], serverbuf, serverbufsz); print_socket_servers(&udp[i], serverbuf, serverbufsz);
nsd_bitset_or(servers, servers, udp[i].servers); nsd_bitset_or(servers, servers, udp[i].servers);
VERBOSITY(3, (LOG_NOTICE, fmt, sockbuf, "udp", serverbuf)); VERBOSITY(3, (LOG_NOTICE, fmt, sockbuf, "udp", serverbuf));
assert(tcp[i].servers->size == servercnt); assert(tcp[i].servers->size == servercnt);
addrport2str(&tcp[i].addr.ai_addr, sockbuf, sizeof(sockbuf)); addrport2str((void*)&tcp[i].addr.ai_addr, sockbuf, sizeof(sockbuf ));
print_socket_servers(&tcp[i], serverbuf, serverbufsz); print_socket_servers(&tcp[i], serverbuf, serverbufsz);
nsd_bitset_or(servers, servers, tcp[i].servers); nsd_bitset_or(servers, servers, tcp[i].servers);
VERBOSITY(3, (LOG_NOTICE, fmt, sockbuf, "tcp", serverbuf)); VERBOSITY(3, (LOG_NOTICE, fmt, sockbuf, "tcp", serverbuf));
} }
/* warn user of unused servers */ /* warn user of unused servers */
for(i = 0; i < servercnt; i++) { for(i = 0; i < servercnt; i++) {
if(!nsd_bitset_isset(servers, i)) { if(!nsd_bitset_isset(servers, i)) {
log_msg(LOG_WARNING, "server %zu will not listen on " log_msg(LOG_WARNING, "server %zu will not listen on "
"any specified ip-address", i+1); "any specified ip-address", i+1);
skipping to change at line 830 skipping to change at line 833
nsd->st.opcode[OPCODE_QUERY], nsd->st.opcode[OPCODE_IQUER Y], nsd->st.wrongzone, nsd->st.opcode[OPCODE_QUERY], nsd->st.opcode[OPCODE_IQUER Y], nsd->st.wrongzone,
(unsigned long)0, nsd->st.ctcp + nsd->st.ctcp6, (unsigned long)0, nsd->st.ctcp + nsd->st.ctcp6,
(unsigned long)0, nsd->st.rcode[RCODE_SERVFAIL], nsd->st. rcode[RCODE_FORMAT], (unsigned long)0, nsd->st.rcode[RCODE_SERVFAIL], nsd->st. rcode[RCODE_FORMAT],
nsd->st.nona, nsd->st.rcode[RCODE_NXDOMAIN], nsd->st.nona, nsd->st.rcode[RCODE_NXDOMAIN],
(unsigned long)0, (unsigned long)0, (unsigned long)0, nsd ->st.opcode[OPCODE_UPDATE]); (unsigned long)0, (unsigned long)0, (unsigned long)0, nsd ->st.opcode[OPCODE_UPDATE]);
} }
} }
#endif /* BIND8_STATS */ #endif /* BIND8_STATS */
static
int cookie_secret_file_read(nsd_type* nsd) {
char secret[NSD_COOKIE_SECRET_SIZE * 2 + 2/*'\n' and '\0'*/];
char const* file = nsd->options->cookie_secret_file;
FILE* f;
int corrupt = 0;
size_t count;
assert( nsd->options->cookie_secret_file != NULL );
f = fopen(file, "r");
/* a non-existing cookie file is not an error */
if( f == NULL ) { return errno != EPERM; }
/* cookie secret file exists and is readable */
nsd->cookie_count = 0;
for( count = 0; count < NSD_COOKIE_HISTORY_SIZE; count++ ) {
size_t secret_len = 0;
ssize_t decoded_len = 0;
if( fgets(secret, sizeof(secret), f) == NULL ) { break; }
secret_len = strlen(secret);
if( secret_len == 0 ) { break; }
assert( secret_len <= sizeof(secret) );
secret_len = secret[secret_len - 1] == '\n' ? secret_len - 1 : se
cret_len;
if( secret_len != NSD_COOKIE_SECRET_SIZE * 2 ) { corrupt++; break
; }
/* needed for `hex_pton`; stripping potential `\n` */
secret[secret_len] = '\0';
decoded_len = hex_pton(secret, nsd->cookie_secrets[count].cookie_
secret,
NSD_COOKIE_SECRET_SIZE);
if( decoded_len != NSD_COOKIE_SECRET_SIZE ) { corrupt++; break; }
nsd->cookie_count++;
}
fclose(f);
return corrupt == 0;
}
extern char *optarg; extern char *optarg;
extern int optind; extern int optind;
int int
main(int argc, char *argv[]) main(int argc, char *argv[])
{ {
/* Scratch variables... */ /* Scratch variables... */
int c; int c;
pid_t oldpid; pid_t oldpid;
size_t i; size_t i;
skipping to change at line 871 skipping to change at line 908
nsd.server_kind = NSD_SERVER_MAIN; nsd.server_kind = NSD_SERVER_MAIN;
memset(&hints, 0, sizeof(hints)); memset(&hints, 0, sizeof(hints));
hints.ai_family = DEFAULT_AI_FAMILY; hints.ai_family = DEFAULT_AI_FAMILY;
hints.ai_flags = AI_PASSIVE; hints.ai_flags = AI_PASSIVE;
nsd.identity = 0; nsd.identity = 0;
nsd.version = VERSION; nsd.version = VERSION;
nsd.username = 0; nsd.username = 0;
nsd.chrootdir = 0; nsd.chrootdir = 0;
nsd.nsid = NULL; nsd.nsid = NULL;
nsd.nsid_len = 0; nsd.nsid_len = 0;
nsd.cookie_count = 0;
nsd.child_count = 0; nsd.child_count = 0;
nsd.maximum_tcp_count = 0; nsd.maximum_tcp_count = 0;
nsd.current_tcp_count = 0; nsd.current_tcp_count = 0;
nsd.file_rotation_ok = 0; nsd.file_rotation_ok = 0;
nsd.do_answer_cookie = 1;
/* Set up our default identity to gethostname(2) */ /* Set up our default identity to gethostname(2) */
if (gethostname(hostname, MAXHOSTNAMELEN) == 0) { if (gethostname(hostname, MAXHOSTNAMELEN) == 0) {
nsd.identity = hostname; nsd.identity = hostname;
} else { } else {
log_msg(LOG_ERR, log_msg(LOG_ERR,
"failed to get the host name: %s - using default identity ", "failed to get the host name: %s - using default identity ",
strerror(errno)); strerror(errno));
nsd.identity = IDENTITY; nsd.identity = IDENTITY;
} }
skipping to change at line 1153 skipping to change at line 1193
#if defined(IPV6_USE_MIN_MTU) || defined(IPV6_MTU) #if defined(IPV6_USE_MIN_MTU) || defined(IPV6_MTU)
edns_init_data(&nsd.edns_ipv6, nsd.options->ipv6_edns_size); edns_init_data(&nsd.edns_ipv6, nsd.options->ipv6_edns_size);
#else /* no way to set IPV6 MTU, send no bigger than that. */ #else /* no way to set IPV6 MTU, send no bigger than that. */
if (nsd.options->ipv6_edns_size < IPV6_MIN_MTU) if (nsd.options->ipv6_edns_size < IPV6_MIN_MTU)
edns_init_data(&nsd.edns_ipv6, nsd.options->ipv6_edns_size); edns_init_data(&nsd.edns_ipv6, nsd.options->ipv6_edns_size);
else else
edns_init_data(&nsd.edns_ipv6, IPV6_MIN_MTU); edns_init_data(&nsd.edns_ipv6, IPV6_MIN_MTU);
#endif /* IPV6 MTU) */ #endif /* IPV6 MTU) */
#endif /* defined(INET6) */ #endif /* defined(INET6) */
nsd.do_answer_cookie = nsd.options->answer_cookie;
if (nsd.cookie_count > 0)
; /* pass */
else if (nsd.options->cookie_secret) {
ssize_t len = hex_pton(nsd.options->cookie_secret,
nsd.cookie_secrets[0].cookie_secret, NSD_COOKIE_SECRET_SI
ZE);
if (len != NSD_COOKIE_SECRET_SIZE ) {
error("A cookie secret must be a "
"128 bit hex string");
}
nsd.cookie_count = 1;
} else {
size_t j;
size_t const cookie_secret_len = NSD_COOKIE_SECRET_SIZE;
/* Calculate a new random secret */
srandom(getpid() ^ time(NULL));
for( j = 0; j < NSD_COOKIE_HISTORY_SIZE; j++) {
#if defined(HAVE_SSL)
if (!RAND_status()
|| !RAND_bytes(nsd.cookie_secrets[j].cookie_secret, c
ookie_secret_len))
#endif
for (i = 0; i < cookie_secret_len; i++)
nsd.cookie_secrets[j].cookie_secret[i] = random_g
enerate(256);
}
// XXX: all we have is a random cookie, still pretend we have one
nsd.cookie_count = 1;
}
if (nsd.nsid_len == 0 && nsd.options->nsid) { if (nsd.nsid_len == 0 && nsd.options->nsid) {
if (strlen(nsd.options->nsid) % 2 != 0) { if (strlen(nsd.options->nsid) % 2 != 0) {
error("the NSID must be a hex string of an even length.") ; error("the NSID must be a hex string of an even length.") ;
} }
nsd.nsid = xalloc(strlen(nsd.options->nsid) / 2); nsd.nsid = xalloc(strlen(nsd.options->nsid) / 2);
nsd.nsid_len = strlen(nsd.options->nsid) / 2; nsd.nsid_len = strlen(nsd.options->nsid) / 2;
if (hex_pton(nsd.options->nsid, nsd.nsid, nsd.nsid_len) == -1) { if (hex_pton(nsd.options->nsid, nsd.nsid, nsd.nsid_len) == -1) {
error("hex string cannot be parsed '%s' in NSID.", nsd.op tions->nsid); error("hex string cannot be parsed '%s' in NSID.", nsd.op tions->nsid);
} }
} }
skipping to change at line 1434 skipping to change at line 1504
error("could not perform remote control setup"); error("could not perform remote control setup");
} }
if(nsd.options->tls_service_key && nsd.options->tls_service_key[0] if(nsd.options->tls_service_key && nsd.options->tls_service_key[0]
&& nsd.options->tls_service_pem && nsd.options->tls_service_pem[0]) { && nsd.options->tls_service_pem && nsd.options->tls_service_pem[0]) {
if(!(nsd.tls_ctx = server_tls_ctx_create(&nsd, NULL, if(!(nsd.tls_ctx = server_tls_ctx_create(&nsd, NULL,
nsd.options->tls_service_ocsp))) nsd.options->tls_service_ocsp)))
error("could not set up tls SSL_CTX"); error("could not set up tls SSL_CTX");
} }
#endif /* HAVE_SSL */ #endif /* HAVE_SSL */
if(nsd.options->cookie_secret_file && nsd.options->cookie_secret_file[0]
&& !cookie_secret_file_read(&nsd) ) {
log_msg(LOG_ERR, "cookie secret file corrupt or not readable");
}
/* Unless we're debugging, fork... */ /* Unless we're debugging, fork... */
if (!nsd.debug) { if (!nsd.debug) {
int fd; int fd;
/* Take off... */ /* Take off... */
switch (fork()) { switch (fork()) {
case 0: case 0:
/* Child */ /* Child */
break; break;
case -1: case -1:
skipping to change at line 1588 skipping to change at line 1663
DEBUG(DEBUG_IPC,1, (LOG_INFO, "dropped user privileges, run as %s ", DEBUG(DEBUG_IPC,1, (LOG_INFO, "dropped user privileges, run as %s ",
nsd.username)); nsd.username));
} }
#endif /* HAVE_GETPWNAM */ #endif /* HAVE_GETPWNAM */
xfrd_make_tempdir(&nsd); xfrd_make_tempdir(&nsd);
#ifdef USE_ZONE_STATS #ifdef USE_ZONE_STATS
options_zonestatnames_create(nsd.options); options_zonestatnames_create(nsd.options);
server_zonestat_alloc(&nsd); server_zonestat_alloc(&nsd);
#endif /* USE_ZONE_STATS */ #endif /* USE_ZONE_STATS */
#ifdef USE_DNSTAP
if(nsd.options->dnstap_enable) {
nsd.dt_collector = dt_collector_create(&nsd);
dt_collector_start(nsd.dt_collector, &nsd);
}
#endif /* USE_DNSTAP */
if(nsd.server_kind == NSD_SERVER_MAIN) { if(nsd.server_kind == NSD_SERVER_MAIN) {
server_prepare_xfrd(&nsd); server_prepare_xfrd(&nsd);
/* xfrd forks this before reading database, so it does not get /* xfrd forks this before reading database, so it does not get
* the memory size of the database */ * the memory size of the database */
server_start_xfrd(&nsd, 0, 0); server_start_xfrd(&nsd, 0, 0);
/* close zonelistfile in non-xfrd processes */ /* close zonelistfile in non-xfrd processes */
zone_list_close(nsd.options); zone_list_close(nsd.options);
#ifdef USE_DNSTAP
if(nsd.options->dnstap_enable) {
nsd.dt_collector = dt_collector_create(&nsd);
dt_collector_start(nsd.dt_collector, &nsd);
}
#endif /* USE_DNSTAP */
} }
if (server_prepare(&nsd) != 0) { if (server_prepare(&nsd) != 0) {
unlinkpid(nsd.pidfile); unlinkpid(nsd.pidfile);
error("server preparation failed, %s could " error("server preparation failed, %s could "
"not be started", argv0); "not be started", argv0);
} }
if(nsd.server_kind == NSD_SERVER_MAIN) { if(nsd.server_kind == NSD_SERVER_MAIN) {
server_send_soa_xfrd(&nsd, 0); server_send_soa_xfrd(&nsd, 0);
} }
 End of changes. 12 change blocks. 
10 lines changed or deleted 90 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)