#include <editline/readline.h>
#endif
+#include "dnsdist-systemd.hh"
#ifdef HAVE_SYSTEMD
#include <systemd/sd-daemon.h>
#endif
return pool->getServers();
}
-static void spoofResponseFromString(DNSQuestion& dq, const string& spoofContent)
+static void spoofResponseFromString(DNSQuestion& dq, const string& spoofContent, bool raw)
{
string result;
- std::vector<std::string> addrs;
- stringtok(addrs, spoofContent, " ,");
+ if (raw) {
+ SpoofAction sa(spoofContent);
+ sa(&dq, &result);
+ }
+ else {
+ std::vector<std::string> addrs;
+ stringtok(addrs, spoofContent, " ,");
- if (addrs.size() == 1) {
- try {
- ComboAddress spoofAddr(spoofContent);
- SpoofAction sa({spoofAddr});
- sa(&dq, &result);
- }
- catch(const PDNSException &e) {
- SpoofAction sa(spoofContent); // CNAME then
- sa(&dq, &result);
- }
- } else {
- std::vector<ComboAddress> cas;
- for (const auto& addr : addrs) {
+ if (addrs.size() == 1) {
try {
- cas.push_back(ComboAddress(addr));
+ ComboAddress spoofAddr(spoofContent);
+ SpoofAction sa({spoofAddr});
+ sa(&dq, &result);
+ }
+ catch(const PDNSException &e) {
+ DNSName cname(spoofContent);
+ SpoofAction sa(cname); // CNAME then
+ sa(&dq, &result);
}
- catch (...) {
+ } else {
+ std::vector<ComboAddress> cas;
+ for (const auto& addr : addrs) {
+ try {
+ cas.push_back(ComboAddress(addr));
+ }
+ catch (...) {
+ }
}
+ SpoofAction sa(cas);
+ sa(&dq, &result);
}
- SpoofAction sa(cas);
- sa(&dq, &result);
}
}
return true;
break;
case DNSAction::Action::Spoof:
- spoofResponseFromString(dq, ruleresult);
+ spoofResponseFromString(dq, ruleresult, false);
+ return true;
+ break;
+ case DNSAction::Action::SpoofRaw:
+ spoofResponseFromString(dq, ruleresult, true);
return true;
break;
case DNSAction::Action::Truncate:
}
}
- if (!handleEDNSClientSubnet(dq, &(dq.ednsAdded), &(dq.ecsAdded), g_preserveTrailingData)) {
+ if (!handleEDNSClientSubnet(dq, dq.ednsAdded, dq.ecsAdded, g_preserveTrailingData)) {
vinfolog("Dropping query from %s because we couldn't insert the ECS value", dq.remote->toStringWithPort());
return ProcessQueryResult::Drop;
}
}
#endif
- uid_t newgid=0;
- gid_t newuid=0;
+ uid_t newgid=getegid();
+ gid_t newuid=geteuid();
if(!g_cmdLine.gid.empty())
newgid = strToGID(g_cmdLine.gid.c_str());
if(!g_cmdLine.uid.empty())
newuid = strToUID(g_cmdLine.uid.c_str());
- dropGroupPrivs(newgid);
- dropUserPrivs(newuid);
+ if (getegid() != newgid) {
+ if (running_in_service_mgr()) {
+ errlog("--gid/-g set on command-line, but dnsdist was started as a systemd service. Use the 'Group' setting in the systemd unit file to set the group to run as");
+ _exit(EXIT_FAILURE);
+ }
+ dropGroupPrivs(newgid);
+ }
+
+ if (geteuid() != newuid) {
+ if (running_in_service_mgr()) {
+ errlog("--uid/-u set on command-line, but dnsdist was started as a systemd service. Use the 'User' setting in the systemd unit file to set the user to run as");
+ _exit(EXIT_FAILURE);
+ }
+ dropUserPrivs(newuid);
+ }
+
try {
/* we might still have capabilities remaining,
for example if we have been started as root