/* Pathname to the Unbound configuration file */
#undef CONFIGFILE
-/* configure flags */
-#undef CONFIGURE_BUILD_WITH
-
-/* configure date */
-#undef CONFIGURE_DATE
-
-/* configure target system */
-#undef CONFIGURE_TARGET
-
/* Define this if on macOSX10.4-darwin8 and setreuid and setregid do not work
*/
#undef DARWIN_BROKEN_SETREUID
SED
LIBTOOL
AR
+host_os
+host_vendor
+host_cpu
+host
+build_os
+build_vendor
+build_cpu
+build
libtool
STRIP
doxygen
LDFLAGS
CFLAGS
CC
-target_os
-target_vendor
-target_cpu
-target
-host_os
-host_vendor
-host_cpu
-host
-build_os
-build_vendor
-build_cpu
-build
LIBUNBOUND_AGE
LIBUNBOUND_REVISION
LIBUNBOUND_CURRENT
System types:
--build=BUILD configure for building on BUILD [guessed]
--host=HOST cross-compile to build programs to run on HOST [BUILD]
- --target=TARGET configure for building compilers for TARGET [HOST]
_ACEOF
fi
-pretty_cmdline() {
- cmdline=""
- while test -n "$1"; do
- cmdline="$cmdline '"`echo $1 | sed -e 's/\\\\/\\\\\\\\/g' | sed -e 's/"/\\\\"/g' `"'"
- shift
- done
-}
-pretty_cmdline $@
-
-cat >>confdefs.h <<_ACEOF
-#define CONFIGURE_BUILD_WITH "$cmdline"
-_ACEOF
-
-ac_aux_dir=
-for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
- if test -f "$ac_dir/install-sh"; then
- ac_aux_dir=$ac_dir
- ac_install_sh="$ac_aux_dir/install-sh -c"
- break
- elif test -f "$ac_dir/install.sh"; then
- ac_aux_dir=$ac_dir
- ac_install_sh="$ac_aux_dir/install.sh -c"
- break
- elif test -f "$ac_dir/shtool"; then
- ac_aux_dir=$ac_dir
- ac_install_sh="$ac_aux_dir/shtool install -c"
- break
- fi
-done
-if test -z "$ac_aux_dir"; then
- as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5
-fi
-
-# These three variables are undocumented and unsupported,
-# and are intended to be withdrawn in a future Autoconf release.
-# They can cause serious problems if a builder's source tree is in a directory
-# whose full name contains unusual characters.
-ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var.
-ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var.
-ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
-
-
-# Make sure we can run config.sub.
-$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
- as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
-$as_echo_n "checking build system type... " >&6; }
-if ${ac_cv_build+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- ac_build_alias=$build_alias
-test "x$ac_build_alias" = x &&
- ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
-test "x$ac_build_alias" = x &&
- as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5
-ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
- as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
-$as_echo "$ac_cv_build" >&6; }
-case $ac_cv_build in
-*-*-*) ;;
-*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;;
-esac
-build=$ac_cv_build
-ac_save_IFS=$IFS; IFS='-'
-set x $ac_cv_build
-shift
-build_cpu=$1
-build_vendor=$2
-shift; shift
-# Remember, the first character of IFS is used to create $*,
-# except with old shells:
-build_os=$*
-IFS=$ac_save_IFS
-case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
-$as_echo_n "checking host system type... " >&6; }
-if ${ac_cv_host+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if test "x$host_alias" = x; then
- ac_cv_host=$ac_cv_build
-else
- ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
- as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5
-fi
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
-$as_echo "$ac_cv_host" >&6; }
-case $ac_cv_host in
-*-*-*) ;;
-*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;;
-esac
-host=$ac_cv_host
-ac_save_IFS=$IFS; IFS='-'
-set x $ac_cv_host
-shift
-host_cpu=$1
-host_vendor=$2
-shift; shift
-# Remember, the first character of IFS is used to create $*,
-# except with old shells:
-host_os=$*
-IFS=$ac_save_IFS
-case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
-
-
-{ $as_echo "$as_me:${as_lineno-$LINENO}: checking target system type" >&5
-$as_echo_n "checking target system type... " >&6; }
-if ${ac_cv_target+:} false; then :
- $as_echo_n "(cached) " >&6
-else
- if test "x$target_alias" = x; then
- ac_cv_target=$ac_cv_host
-else
- ac_cv_target=`$SHELL "$ac_aux_dir/config.sub" $target_alias` ||
- as_fn_error $? "$SHELL $ac_aux_dir/config.sub $target_alias failed" "$LINENO" 5
-fi
-
-fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_target" >&5
-$as_echo "$ac_cv_target" >&6; }
-case $ac_cv_target in
-*-*-*) ;;
-*) as_fn_error $? "invalid value of canonical target" "$LINENO" 5;;
-esac
-target=$ac_cv_target
-ac_save_IFS=$IFS; IFS='-'
-set x $ac_cv_target
-shift
-target_cpu=$1
-target_vendor=$2
-shift; shift
-# Remember, the first character of IFS is used to create $*,
-# except with old shells:
-target_os=$*
-IFS=$ac_save_IFS
-case $target_os in *\ *) target_os=`echo "$target_os" | sed 's/ /-/g'`;; esac
-
-
-# The aliases save the names the user supplied, while $host etc.
-# will get canonicalized.
-test -n "$target_alias" &&
- test "$program_prefix$program_suffix$program_transform_name" = \
- NONENONEs,x,x, &&
- program_prefix=${target_alias}-
-
-cat >>confdefs.h <<_ACEOF
-#define CONFIGURE_TARGET "$target"
-_ACEOF
-
-
-cat >>confdefs.h <<_ACEOF
-#define CONFIGURE_DATE "`date`"
-_ACEOF
-
-
CFLAGS="$CFLAGS"
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
STRIP="$ac_cv_prog_STRIP"
fi
+ac_aux_dir=
+for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
+ if test -f "$ac_dir/install-sh"; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/install-sh -c"
+ break
+ elif test -f "$ac_dir/install.sh"; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/install.sh -c"
+ break
+ elif test -f "$ac_dir/shtool"; then
+ ac_aux_dir=$ac_dir
+ ac_install_sh="$ac_aux_dir/shtool install -c"
+ break
+ fi
+done
+if test -z "$ac_aux_dir"; then
+ as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5
+fi
+
+# These three variables are undocumented and unsupported,
+# and are intended to be withdrawn in a future Autoconf release.
+# They can cause serious problems if a builder's source tree is in a directory
+# whose full name contains unusual characters.
+ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var.
+ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var.
+ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
+
+
+# Make sure we can run config.sub.
+$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
+ as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
+$as_echo_n "checking build system type... " >&6; }
+if ${ac_cv_build+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ ac_build_alias=$build_alias
+test "x$ac_build_alias" = x &&
+ ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
+test "x$ac_build_alias" = x &&
+ as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5
+ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
+ as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
+$as_echo "$ac_cv_build" >&6; }
+case $ac_cv_build in
+*-*-*) ;;
+*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;;
+esac
+build=$ac_cv_build
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_build
+shift
+build_cpu=$1
+build_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+build_os=$*
+IFS=$ac_save_IFS
+case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
+
+
+{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
+$as_echo_n "checking host system type... " >&6; }
+if ${ac_cv_host+:} false; then :
+ $as_echo_n "(cached) " >&6
+else
+ if test "x$host_alias" = x; then
+ ac_cv_host=$ac_cv_build
+else
+ ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
+ as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5
+fi
+
+fi
+{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
+$as_echo "$ac_cv_host" >&6; }
+case $ac_cv_host in
+*-*-*) ;;
+*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;;
+esac
+host=$ac_cv_host
+ac_save_IFS=$IFS; IFS='-'
+set x $ac_cv_host
+shift
+host_cpu=$1
+host_vendor=$2
+shift; shift
+# Remember, the first character of IFS is used to create $*,
+# except with old shells:
+host_os=$*
+IFS=$ac_save_IFS
+case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
+
+
# skip these tests, we do not need them.
-ac_config_files="$ac_config_files Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1"
+ac_config_files="$ac_config_files Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh"
ac_config_headers="$ac_config_headers config.h"
"doc/unbound.conf.5") CONFIG_FILES="$CONFIG_FILES doc/unbound.conf.5" ;;
"doc/unbound-control.8") CONFIG_FILES="$CONFIG_FILES doc/unbound-control.8" ;;
"doc/unbound-host.1") CONFIG_FILES="$CONFIG_FILES doc/unbound-host.1" ;;
+ "smallapp/unbound-control-setup.sh") CONFIG_FILES="$CONFIG_FILES smallapp/unbound-control-setup.sh" ;;
"config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
*) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;
AC_SUBST(LIBUNBOUND_REVISION)
AC_SUBST(LIBUNBOUND_AGE)
-pretty_cmdline() {
- cmdline=""
- while test -n "$1"; do
- cmdline="$cmdline '"`echo $1 | sed -e 's/\\\\/\\\\\\\\/g' | sed -e 's/"/\\\\"/g' `"'"
- shift
- done
-}
-pretty_cmdline $@
-AC_DEFINE_UNQUOTED(CONFIGURE_BUILD_WITH, ["$cmdline"], [configure flags])
-AC_CANONICAL_TARGET
-AC_DEFINE_UNQUOTED(CONFIGURE_TARGET, ["$target"], [configure target system])
-AC_DEFINE_UNQUOTED(CONFIGURE_DATE, ["`date`"], [configure date])
-
CFLAGS="$CFLAGS"
AC_AIX
if test "$ac_cv_header_minix_config_h" = "yes"; then
])
-AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1])
+AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh])
AC_CONFIG_HEADER([config.h])
AC_OUTPUT
sizeof(struct ub_packed_rrset_key*) * rep->rrset_count);
if(!*d)
return 0;
- (*d)->rrsets = (struct ub_packed_rrset_key**)(
+ (*d)->rrsets = (struct ub_packed_rrset_key**)(void *)(
(uint8_t*)(&((*d)->ref[0])) +
sizeof(struct rrset_ref) * rep->rrset_count);
*k = (struct query_info*)regional_alloc_init(region,
/** print long number */
static int
-print_longnum(SSL* ssl, char* desc, size_t x)
+print_longnum(SSL* ssl, const char* desc, size_t x)
{
if(x > 1024*1024*1024) {
/* more than a Gb */
/** printout a delegation point info */
static int
-ssl_print_name_dp(SSL* ssl, char* str, uint8_t* nm, uint16_t dclass,
+ssl_print_name_dp(SSL* ssl, const char* str, uint8_t* nm, uint16_t dclass,
struct delegpt* dp)
{
char buf[257];
*/
void daemon_remote_exec(struct worker* worker);
-/** handle remote control accept callbacks */
-int remote_accept_callback(struct comm_point*, void*, int, struct comm_reply*);
-
-/** handle remote control data callbacks */
-int remote_control_callback(struct comm_point*, void*, int, struct comm_reply*);
-
#ifdef HAVE_SSL
/**
* Print fixed line of text over ssl connection in blocking mode
int ssl_read_line(SSL* ssl, char* buf, size_t max);
#endif /* HAVE_SSL */
-/** routine to printout option values over SSL */
-void remote_get_opt_ssl(char* line, void* arg);
-
#endif /* DAEMON_REMOTE_H */
#include "services/listen_dnsport.h"
#include "services/cache/rrset.h"
#include "services/cache/infra.h"
+#include "util/fptr_wlist.h"
#include "util/data/msgreply.h"
#include "util/module.h"
#include "util/net_help.h"
# include "nss.h"
#endif
+#ifdef HAVE_SBRK
/** global debug value to keep track of heap memory allocation */
void* unbound_start_brk = 0;
+#endif
#if !defined(HAVE_EVENT_BASE_GET_METHOD) && (defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP))
static const char* ev_backend2str(int b)
for(m = module_list_avail(); *m; m++)
printf(" %s", *m);
printf("\n");
- printf("configured for %s on %s with options:%s\n",
- CONFIGURE_TARGET, CONFIGURE_DATE, CONFIGURE_BUILD_WITH);
printf("BSD licensed, see LICENSE in source package for details.\n");
printf("Report bugs to %s\n", PACKAGE_BUGREPORT);
}
#include "iterator/iter_hints.h"
#include "validator/autotrust.h"
#include "validator/val_anchor.h"
+#include "libunbound/context.h"
+#include "libunbound/libworker.h"
#include "ldns/sbuffer.h"
#ifdef HAVE_SYS_TYPES_H
return 0;
}
-int
+static int
deny_refuse(struct comm_point* c, enum acl_access acl,
enum acl_access deny, enum acl_access refuse,
struct worker* worker, struct comm_reply* repinfo)
return -1;
}
-int
+static int
deny_refuse_all(struct comm_point* c, enum acl_access acl,
struct worker* worker, struct comm_reply* repinfo)
{
return deny_refuse(c, acl, acl_deny, acl_refuse, worker, repinfo);
}
-int
+static int
deny_refuse_non_local(struct comm_point* c, enum acl_access acl,
struct worker* worker, struct comm_reply* repinfo)
{
verbose(VERB_ALGO, "query with bad edns version.");
log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen);
error_encode(c->buffer, EDNS_RCODE_BADVERS&0xf, &qinfo,
- *(uint16_t*)sldns_buffer_begin(c->buffer),
+ *(uint16_t*)(void *)sldns_buffer_begin(c->buffer),
sldns_buffer_read_u16_at(c->buffer, 2), NULL);
attach_edns_record(c->buffer, &edns);
return 1;
/* answer from cache - we have acquired a readlock on it */
if(answer_from_cache(worker, &qinfo,
(struct reply_info*)e->data,
- *(uint16_t*)sldns_buffer_begin(c->buffer),
+ *(uint16_t*)(void *)sldns_buffer_begin(c->buffer),
sldns_buffer_read_u16_at(c->buffer, 2), repinfo,
&edns)) {
/* prefetch it if the prefetch TTL expired */
}
if(!LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) {
if(answer_norec_from_cache(worker, &qinfo,
- *(uint16_t*)sldns_buffer_begin(c->buffer),
+ *(uint16_t*)(void *)sldns_buffer_begin(c->buffer),
sldns_buffer_read_u16_at(c->buffer, 2), repinfo,
&edns)) {
return 1;
/* grab a work request structure for this new request */
mesh_new_client(worker->env.mesh, &qinfo,
sldns_buffer_read_u16_at(c->buffer, 2),
- &edns, repinfo, *(uint16_t*)sldns_buffer_begin(c->buffer));
+ &edns, repinfo, *(uint16_t*)(void *)sldns_buffer_begin(c->buffer));
worker_mem_report(worker, NULL);
return 0;
}
uint16_t ATTR_UNUSED(qclass), uint16_t ATTR_UNUSED(flags),
int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec),
struct sockaddr_storage* ATTR_UNUSED(addr),
- socklen_t ATTR_UNUSED(addrlen), struct module_qstate* ATTR_UNUSED(q))
+ socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone),
+ size_t ATTR_UNUSED(zonelen), struct module_qstate* ATTR_UNUSED(q))
{
log_assert(0);
return 0;
#ifndef DAEMON_WORKER_H
#define DAEMON_WORKER_H
+#include "libunbound/worker.h"
#include "util/netevent.h"
#include "util/locks.h"
#include "util/alloc.h"
*/
void worker_send_cmd(struct worker* worker, enum worker_commands cmd);
-/**
- * Worker signal handler function. User argument is the worker itself.
- * @param sig: signal number.
- * @param arg: the worker (main worker) that handles signals.
- */
-void worker_sighandler(int sig, void* arg);
-
-/**
- * Worker service routine to send serviced queries to authoritative servers.
- * @param qname: query name. (host order)
- * @param qnamelen: length in bytes of qname, including trailing 0.
- * @param qtype: query type. (host order)
- * @param qclass: query class. (host order)
- * @param flags: host order flags word, with opcode and CD bit.
- * @param dnssec: if set, EDNS record will have DO bit set.
- * @param want_dnssec: signatures needed.
- * @param addr: where to.
- * @param addrlen: length of addr.
- * @param zone: wireformat dname of the zone.
- * @param zonelen: length of zone name.
- * @param q: wich query state to reactivate upon return.
- * @return: false on failure (memory or socket related). no query was
- * sent.
- */
-struct outbound_entry* worker_send_query(uint8_t* qname, size_t qnamelen,
- uint16_t qtype, uint16_t qclass, uint16_t flags, int dnssec,
- int want_dnssec, struct sockaddr_storage* addr, socklen_t addrlen,
- uint8_t* zone, size_t zonelen, struct module_qstate* q);
-
-/**
- * process control messages from the main thread. Frees the control
- * command message.
- * @param tube: tube control message came on.
- * @param msg: message contents. Is freed.
- * @param len: length of message.
- * @param error: if error (NETEVENT_*) happened.
- * @param arg: user argument
- */
-void worker_handle_control_cmd(struct tube* tube, uint8_t* msg, size_t len,
- int error, void* arg);
-
-/** handles callbacks from listening event interface */
-int worker_handle_request(struct comm_point* c, void* arg, int error,
- struct comm_reply* repinfo);
-
-/** process incoming replies from the network */
-int worker_handle_reply(struct comm_point* c, void* arg, int error,
- struct comm_reply* reply_info);
-
-/** process incoming serviced query replies from the network */
-int worker_handle_service_reply(struct comm_point* c, void* arg, int error,
- struct comm_reply* reply_info);
-
-/** cleanup the cache to remove all rrset IDs from it, arg is worker */
-void worker_alloc_cleanup(void* arg);
-
/**
* Init worker stats - includes server_stats_init, outside network and mesh.
* @param worker: the worker to init
*/
void worker_stats_clear(struct worker* worker);
-/** statistics timer callback handler */
-void worker_stat_timer_cb(void* arg);
-
-/** probe timer callback handler */
-void worker_probe_timer_cb(void* arg);
-
-/** start accept callback handler */
-void worker_start_accept(void* arg);
-
-/** stop accept callback handler */
-void worker_stop_accept(void* arg);
-
#endif /* DAEMON_WORKER_H */
+28 May 2014: Wouter
+ - Code cleanup patch from Dag-Erling Smorgrav, with compiler issue
+ fixes from FreeBSD's copy of Unbound, he notes:
+ Generate unbound-control-setup.sh at build time so it respects
+ prefix and sysconfdir from the configure script. Also fix the
+ umask to match the comment, and the comment to match the umask.
+ Add const and static where needed. Use unions instead of
+ playing pointer poker. Move declarations that are needed in
+ multiple source files into a shared header. Move sldns_bgetc()
+ from parse.c to buffer.c where it belongs. Introduce a new
+ header file, worker.h, which declares the callbacks that
+ all workers must define. Remove those declarations from
+ libworker.h. Include the correct headers in the correct places.
+ Fix a few dummy callbacks that don't match their prototype.
+ Fix some casts. Hide the sbrk madness behind #ifdef HAVE_SBRK.
+ Remove a useless printf which breaks reproducible builds.
+ Get rid of CONFIGURE_{TARGET,DATE,BUILD_WITH} now that they're
+ no longer used. Add unbound-control-setup.sh to the list of
+ generated files.
+
23 May 2014: Wouter
- unbound-host -D enabled dnssec and reads root trust anchor from
the default root key file that was compiled in.
}
}
+int
+sldns_bgetc(sldns_buffer *buffer)
+{
+ if (!sldns_buffer_available_at(buffer, buffer->_position, sizeof(uint8_t))) {
+ sldns_buffer_set_position(buffer, sldns_buffer_limit(buffer));
+ /* sldns_buffer_rewind(buffer);*/
+ return EOF;
+ }
+ return (int)sldns_buffer_read_u8(buffer);
+}
+
ssize_t
sldns_bget_token(sldns_buffer *b, char *token, const char *delim, size_t limit)
{
return buffer->_data;
}
-int
-sldns_bgetc(sldns_buffer *buffer)
-{
- if (!sldns_buffer_available_at(buffer, buffer->_position, sizeof(uint8_t))) {
- sldns_buffer_set_position(buffer, sldns_buffer_limit(buffer));
- /* sldns_buffer_rewind(buffer);*/
- return EOF;
- }
- return (int)sldns_buffer_read_u8(buffer);
-}
-
void
sldns_buffer_copy(sldns_buffer* result, sldns_buffer* from)
{
#include "libunbound/libworker.h"
#include "libunbound/context.h"
#include "libunbound/unbound.h"
+#include "libunbound/worker.h"
#include "libunbound/unbound-event.h"
#include "services/outside_network.h"
#include "services/mesh.h"
#include "services/localzone.h"
#include "services/cache/rrset.h"
#include "services/outbound_list.h"
+#include "util/fptr_wlist.h"
#include "util/module.h"
#include "util/regional.h"
#include "util/random.h"
uint16_t ATTR_UNUSED(qclass), uint16_t ATTR_UNUSED(flags),
int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec),
struct sockaddr_storage* ATTR_UNUSED(addr),
- socklen_t ATTR_UNUSED(addrlen), struct module_qstate* ATTR_UNUSED(q))
+ socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone),
+ size_t ATTR_UNUSED(zonelen), struct module_qstate* ATTR_UNUSED(q))
{
log_assert(0);
return 0;
* and if in the background continues until exit, if in the foreground
* returns from the procedure when done.
*/
-#ifndef LIBUNBOUND_WORKER_H
-#define LIBUNBOUND_WORKER_H
+#ifndef LIBUNBOUND_LIBWORKER_H
+#define LIBUNBOUND_LIBWORKER_H
#include "util/data/packed_rrset.h"
struct ub_ctx;
struct ub_result;
/** cleanup the cache to remove all rrset IDs from it, arg is libworker */
void libworker_alloc_cleanup(void* arg);
-/**
- * Worker service routine to send serviced queries to authoritative servers.
- * @param qname: query name. (host order)
- * @param qnamelen: length in bytes of qname, including trailing 0.
- * @param qtype: query type. (host order)
- * @param qclass: query class. (host order)
- * @param flags: host order flags word, with opcode and CD bit.
- * @param dnssec: if set, EDNS record will have DO bit set.
- * @param want_dnssec: signatures needed.
- * @param addr: where to.
- * @param addrlen: length of addr.
- * @param zone: delegation point name.
- * @param zonelen: length of zone name wireformat dname.
- * @param q: wich query state to reactivate upon return.
- * @return: false on failure (memory or socket related). no query was
- * sent.
- */
-struct outbound_entry* libworker_send_query(uint8_t* qname, size_t qnamelen,
- uint16_t qtype, uint16_t qclass, uint16_t flags, int dnssec,
- int want_dnssec, struct sockaddr_storage* addr, socklen_t addrlen,
- uint8_t* zone, size_t zonelen, struct module_qstate* q);
-
-/** process incoming replies from the network */
-int libworker_handle_reply(struct comm_point* c, void* arg, int error,
- struct comm_reply* reply_info);
-
-/** process incoming serviced query replies from the network */
-int libworker_handle_service_reply(struct comm_point* c, void* arg, int error,
- struct comm_reply* reply_info);
-
-/** handle control command coming into server */
-void libworker_handle_control_cmd(struct tube* tube, uint8_t* msg, size_t len,
- int err, void* arg);
-
-/** handle opportunity to write result back */
-void libworker_handle_result_write(struct tube* tube, uint8_t* msg, size_t len,
- int err, void* arg);
-
-/** mesh callback with fg results */
-void libworker_fg_done_cb(void* arg, int rcode, struct sldns_buffer* buf,
- enum sec_status s, char* why_bogus);
-
-/** mesh callback with bg results */
-void libworker_bg_done_cb(void* arg, int rcode, struct sldns_buffer* buf,
- enum sec_status s, char* why_bogus);
-
/** mesh callback with event results */
void libworker_event_done_cb(void* arg, int rcode, struct sldns_buffer* buf,
enum sec_status s, char* why_bogus);
void libworker_enter_result(struct ub_result* res, struct sldns_buffer* buf,
struct regional* temp, enum sec_status msg_security);
-#endif /* LIBUNBOUND_WORKER_H */
+#endif /* LIBUNBOUND_LIBWORKER_H */
--- /dev/null
+/*
+ * libunbound/worker.h - prototypes for worker methods.
+ *
+ * Copyright (c) 2007, NLnet Labs. All rights reserved.
+ *
+ * This software is open source.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * Redistributions of source code must retain the above copyright notice,
+ * this list of conditions and the following disclaimer.
+ *
+ * Redistributions in binary form must reproduce the above copyright notice,
+ * this list of conditions and the following disclaimer in the documentation
+ * and/or other materials provided with the distribution.
+ *
+ * Neither the name of the NLNET LABS nor the names of its contributors may
+ * be used to endorse or promote products derived from this software without
+ * specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+
+/**
+ * \file
+ *
+ * This file declares the methods any worker has to implement.
+ */
+
+#ifndef LIBUNBOUND_WORKER_H
+#define LIBUNBOUND_WORKER_H
+
+#include "ldns/sbuffer.h"
+#include "util/data/packed_rrset.h" /* for enum sec_status */
+struct comm_reply;
+struct comm_point;
+struct module_qstate;
+struct tube;
+
+/**
+ * Worker service routine to send serviced queries to authoritative servers.
+ * @param qname: query name. (host order)
+ * @param qnamelen: length in bytes of qname, including trailing 0.
+ * @param qtype: query type. (host order)
+ * @param qclass: query class. (host order)
+ * @param flags: host order flags word, with opcode and CD bit.
+ * @param dnssec: if set, EDNS record will have DO bit set.
+ * @param want_dnssec: signatures needed.
+ * @param addr: where to.
+ * @param addrlen: length of addr.
+ * @param zone: delegation point name.
+ * @param zonelen: length of zone name wireformat dname.
+ * @param q: wich query state to reactivate upon return.
+ * @return: false on failure (memory or socket related). no query was
+ * sent.
+ */
+struct outbound_entry* libworker_send_query(uint8_t* qname, size_t qnamelen,
+ uint16_t qtype, uint16_t qclass, uint16_t flags, int dnssec,
+ int want_dnssec, struct sockaddr_storage* addr, socklen_t addrlen,
+ uint8_t* zone, size_t zonelen, struct module_qstate* q);
+
+/** process incoming replies from the network */
+int libworker_handle_reply(struct comm_point* c, void* arg, int error,
+ struct comm_reply* reply_info);
+
+/** process incoming serviced query replies from the network */
+int libworker_handle_service_reply(struct comm_point* c, void* arg, int error,
+ struct comm_reply* reply_info);
+
+/** handle control command coming into server */
+void libworker_handle_control_cmd(struct tube* tube, uint8_t* msg, size_t len,
+ int err, void* arg);
+
+/** mesh callback with fg results */
+void libworker_fg_done_cb(void* arg, int rcode, sldns_buffer* buf,
+ enum sec_status s, char* why_bogus);
+
+/** mesh callback with bg results */
+void libworker_bg_done_cb(void* arg, int rcode, sldns_buffer* buf,
+ enum sec_status s, char* why_bogus);
+
+/**
+ * Worker signal handler function. User argument is the worker itself.
+ * @param sig: signal number.
+ * @param arg: the worker (main worker) that handles signals.
+ */
+void worker_sighandler(int sig, void* arg);
+
+/**
+ * Worker service routine to send serviced queries to authoritative servers.
+ * @param qname: query name. (host order)
+ * @param qnamelen: length in bytes of qname, including trailing 0.
+ * @param qtype: query type. (host order)
+ * @param qclass: query class. (host order)
+ * @param flags: host order flags word, with opcode and CD bit.
+ * @param dnssec: if set, EDNS record will have DO bit set.
+ * @param want_dnssec: signatures needed.
+ * @param addr: where to.
+ * @param addrlen: length of addr.
+ * @param zone: wireformat dname of the zone.
+ * @param zonelen: length of zone name.
+ * @param q: wich query state to reactivate upon return.
+ * @return: false on failure (memory or socket related). no query was
+ * sent.
+ */
+struct outbound_entry* worker_send_query(uint8_t* qname, size_t qnamelen,
+ uint16_t qtype, uint16_t qclass, uint16_t flags, int dnssec,
+ int want_dnssec, struct sockaddr_storage* addr, socklen_t addrlen,
+ uint8_t* zone, size_t zonelen, struct module_qstate* q);
+
+/**
+ * process control messages from the main thread. Frees the control
+ * command message.
+ * @param tube: tube control message came on.
+ * @param msg: message contents. Is freed.
+ * @param len: length of message.
+ * @param error: if error (NETEVENT_*) happened.
+ * @param arg: user argument
+ */
+void worker_handle_control_cmd(struct tube* tube, uint8_t* msg, size_t len,
+ int error, void* arg);
+
+/** handles callbacks from listening event interface */
+int worker_handle_request(struct comm_point* c, void* arg, int error,
+ struct comm_reply* repinfo);
+
+/** process incoming replies from the network */
+int worker_handle_reply(struct comm_point* c, void* arg, int error,
+ struct comm_reply* reply_info);
+
+/** process incoming serviced query replies from the network */
+int worker_handle_service_reply(struct comm_point* c, void* arg, int error,
+ struct comm_reply* reply_info);
+
+/** cleanup the cache to remove all rrset IDs from it, arg is worker */
+void worker_alloc_cleanup(void* arg);
+
+/** statistics timer callback handler */
+void worker_stat_timer_cb(void* arg);
+
+/** probe timer callback handler */
+void worker_probe_timer_cb(void* arg);
+
+/** start accept callback handler */
+void worker_start_accept(void* arg);
+
+/** stop accept callback handler */
+void worker_stop_accept(void* arg);
+
+/** handle remote control accept callbacks */
+int remote_accept_callback(struct comm_point*, void*, int, struct comm_reply*);
+
+/** handle remote control data callbacks */
+int remote_control_callback(struct comm_point*, void*, int, struct comm_reply*);
+
+/** routine to printout option values over SSL */
+void remote_get_opt_ssl(char* line, void* arg);
+
+#endif /* LIBUNBOUND_WORKER_H */
/** print hex data */
static void
-print_data(char* msg, char* data, int len)
+print_data(const char* msg, const char* data, int len)
{
int i;
printf("%s: ", msg);
* Create a new unbound context with the commandline settings applied
*/
static struct ub_ctx*
-create_unbound_context(char* res_conf, char* root_hints, char* debugconf,
- int ip4only, int ip6only)
+create_unbound_context(const char* res_conf, const char* root_hints,
+ const char* debugconf, int ip4only, int ip6only)
{
int r;
struct ub_ctx* ctx = ub_ctx_create();
/** printout certificate in detail */
static void
-verb_cert(char* msg, X509* x)
+verb_cert(const char* msg, X509* x)
{
if(verb == 0 || verb == 1) return;
if(verb == 2) {
/** printout certificates in detail */
static void
-verb_certs(char* msg, STACK_OF(X509)* sk)
+verb_certs(const char* msg, STACK_OF(X509)* sk)
{
int i, num = sk_X509_num(sk);
if(verb == 0 || verb == 1) return;
/* read the certificate file */
static STACK_OF(X509)*
-read_cert_file(char* file)
+read_cert_file(const char* file)
{
STACK_OF(X509)* sk;
FILE* in;
/** read update cert file or use builtin */
static STACK_OF(X509)*
-read_cert_or_builtin(char* file)
+read_cert_or_builtin(const char* file)
{
STACK_OF(X509) *sk = read_cert_file(file);
if(!sk) {
/** printout IP address with message */
static void
-verb_addr(char* msg, struct ip_list* ip)
+verb_addr(const char* msg, struct ip_list* ip)
{
if(verb) {
char out[100];
/** Resolve name, type, class and add addresses to iplist */
static void
-resolve_host_ip(struct ub_ctx* ctx, char* host, int port, int tp, int cl,
+resolve_host_ip(struct ub_ctx* ctx, const char* host, int port, int tp, int cl,
struct ip_list** head)
{
struct ub_result* res = NULL;
/** parse a text IP address into a sockaddr */
static struct ip_list*
-parse_ip_addr(char* str, int port)
+parse_ip_addr(const char* str, int port)
{
socklen_t len = 0;
- struct sockaddr_storage* addr = NULL;
- struct sockaddr_in6 a6;
- struct sockaddr_in a;
+ union {
+ struct sockaddr_in6 a6;
+ struct sockaddr_in a;
+ } addr;
struct ip_list* ip;
uint16_t p = (uint16_t)port;
- memset(&a6, 0, sizeof(a6));
- memset(&a, 0, sizeof(a));
+ memset(&addr, 0, sizeof(addr));
- if(inet_pton(AF_INET6, str, &a6.sin6_addr) > 0) {
+ if(inet_pton(AF_INET6, str, &addr.a6.sin6_addr) > 0) {
/* it is an IPv6 */
- a6.sin6_family = AF_INET6;
- a6.sin6_port = (in_port_t)htons(p);
- addr = (struct sockaddr_storage*)&a6;
- len = (socklen_t)sizeof(struct sockaddr_in6);
+ addr.a6.sin6_family = AF_INET6;
+ addr.a6.sin6_port = (in_port_t)htons(p);
+ len = (socklen_t)sizeof(addr.a6);
}
- if(inet_pton(AF_INET, str, &a.sin_addr) > 0) {
+ if(inet_pton(AF_INET, str, &addr.a.sin_addr) > 0) {
/* it is an IPv4 */
- a.sin_family = AF_INET;
- a.sin_port = (in_port_t)htons(p);
- addr = (struct sockaddr_storage*)&a;
+ addr.a.sin_family = AF_INET;
+ addr.a.sin_port = (in_port_t)htons(p);
len = (socklen_t)sizeof(struct sockaddr_in);
}
if(!len) return NULL;
exit(0);
}
ip->len = len;
- memmove(&ip->addr, addr, len);
+ memmove(&ip->addr, &addr, len);
if(verb) printf("server address is %s\n", str);
return ip;
}
* @return list of IP addresses.
*/
static struct ip_list*
-resolve_name(char* host, int port, char* res_conf, char* root_hints,
- char* debugconf, int ip4only, int ip6only)
+resolve_name(const char* host, int port, const char* res_conf,
+ const char* root_hints, const char* debugconf, int ip4only, int ip6only)
{
struct ub_ctx* ctx;
struct ip_list* list = NULL;
/** write a line over SSL */
static int
-write_ssl_line(SSL* ssl, char* str, char* sec)
+write_ssl_line(SSL* ssl, const char* str, const char* sec)
{
char buf[1024];
size_t l;
/** start HTTP1.1 transaction on SSL */
static int
-write_http_get(SSL* ssl, char* pathname, char* urlname)
+write_http_get(SSL* ssl, const char* pathname, const char* urlname)
{
if(write_ssl_line(ssl, "GET /%s HTTP/1.1", pathname) &&
write_ssl_line(ssl, "Host: %s", urlname) &&
/** https to an IP addr, return BIO with pathname or NULL */
static BIO*
-https_to_ip(struct ip_list* ip, char* pathname, char* urlname)
+https_to_ip(struct ip_list* ip, const char* pathname, const char* urlname)
{
int fd;
SSL* ssl;
* @return a memory BIO with the file in it.
*/
static BIO*
-https(struct ip_list* ip_list, char* pathname, char* urlname)
+https(struct ip_list* ip_list, const char* pathname, const char* urlname)
{
struct ip_list* ip;
BIO* bio = NULL;
* NOT zero terminated.
* @param len: length of this part of the data.
*/
-void
+static void
xml_charhandle(void *userData, const XML_Char *s, int len)
{
struct xml_data* data = (struct xml_data*)userData;
* @return the value or NULL. (ptr into atts).
*/
static const XML_Char*
-find_att(const XML_Char **atts, XML_Char* name)
+find_att(const XML_Char **atts, const XML_Char* name)
{
int i;
for(i=0; atts[i]; i+=2) {
/** See if XML element equals the zone name */
static int
-xml_is_zone_name(BIO* zone, char* name)
+xml_is_zone_name(BIO* zone, const char* name)
{
char buf[1024];
char* z = NULL;
XML_ParserFree(parser);
if(verb >= 4) {
- char* pp = NULL;
- int len;
(void)BIO_seek(data.ds, 0);
len = BIO_get_mem_data(data.ds, &pp);
printf("got DS bio %d: '", len);
/** get valid signers from the list of signers in the signature */
static STACK_OF(X509)*
-get_valid_signers(PKCS7* p7, char* p7signer)
+get_valid_signers(PKCS7* p7, const char* p7signer)
{
int i;
STACK_OF(X509)* validsigners = sk_X509_new_null();
/** verify a PKCS7 signature, false on failure */
static int
-verify_p7sig(BIO* data, BIO* p7s, STACK_OF(X509)* trust, char* p7signer)
+verify_p7sig(BIO* data, BIO* p7s, STACK_OF(X509)* trust, const char* p7signer)
{
PKCS7* p7;
X509_STORE *store = X509_STORE_new();
/** write unsigned root anchor file, a 5011 revoked tp */
static void
-write_unsigned_root(char* root_anchor_file)
+write_unsigned_root(const char* root_anchor_file)
{
FILE* out;
time_t now = time(NULL);
/** write root anchor file */
static void
-write_root_anchor(char* root_anchor_file, BIO* ds)
+write_root_anchor(const char* root_anchor_file, BIO* ds)
{
char* pp = NULL;
int len;
/** Perform the verification and update of the trustanchor file */
static void
-verify_and_update_anchor(char* root_anchor_file, BIO* xml, BIO* p7s,
- STACK_OF(X509)* cert, char* p7signer)
+verify_and_update_anchor(const char* root_anchor_file, BIO* xml, BIO* p7s,
+ STACK_OF(X509)* cert, const char* p7signer)
{
BIO* ds;
/** perform actual certupdate work */
static int
-do_certupdate(char* root_anchor_file, char* root_cert_file,
- char* urlname, char* xmlname, char* p7sname, char* p7signer,
- char* res_conf, char* root_hints, char* debugconf,
- int ip4only, int ip6only, int port, struct ub_result* dnskey)
+do_certupdate(const char* root_anchor_file, const char* root_cert_file,
+ const char* urlname, const char* xmlname, const char* p7sname,
+ const char* p7signer, const char* res_conf, const char* root_hints,
+ const char* debugconf, int ip4only, int ip6only, int port,
+ struct ub_result* dnskey)
{
STACK_OF(X509)* cert;
BIO *xml, *p7s;
* 2 if it is OK.
*/
static int
-try_read_anchor(char* file)
+try_read_anchor(const char* file)
{
int empty = 1;
char line[10240];
/** Write the builtin root anchor to a file */
static void
-write_builtin_anchor(char* file)
+write_builtin_anchor(const char* file)
{
const char* builtin_root_anchor = get_builtin_ds();
FILE* out = fopen(file, "w");
* @return 0 if trustpoint is insecure, 1 on success. Exit on failure.
*/
static int
-provide_builtin(char* root_anchor_file, int* used_builtin)
+provide_builtin(const char* root_anchor_file, int* used_builtin)
{
/* try to read it */
switch(try_read_anchor(root_anchor_file))
* add an autotrust anchor for the root to the context
*/
static void
-add_5011_probe_root(struct ub_ctx* ctx, char* root_anchor_file)
+add_5011_probe_root(struct ub_ctx* ctx, const char* root_anchor_file)
{
int r;
r = ub_ctx_set_option(ctx, "auto-trust-anchor-file:", root_anchor_file);
/** see if ADDPEND keys exist in autotrust file (if possible) */
static int
-read_if_pending_keys(char* file)
+read_if_pending_keys(const char* file)
{
FILE* in = fopen(file, "r");
char line[8192];
/** read last successful probe time from autotrust file (if possible) */
static int32_t
-read_last_success_time(char* file)
+read_last_success_time(const char* file)
{
FILE* in = fopen(file, "r");
char line[1024];
* @return true if certupdate is ok.
*/
static int
-probe_date_allows_certupdate(char* root_anchor_file)
+probe_date_allows_certupdate(const char* root_anchor_file)
{
int has_pending_keys = read_if_pending_keys(root_anchor_file);
int32_t last_success = read_last_success_time(root_anchor_file);
/** perform the unbound-anchor work */
static int
-do_root_update_work(char* root_anchor_file, char* root_cert_file,
- char* urlname, char* xmlname, char* p7sname, char* p7signer,
- char* res_conf, char* root_hints, char* debugconf,
- int ip4only, int ip6only, int force, int port)
+do_root_update_work(const char* root_anchor_file, const char* root_cert_file,
+ const char* urlname, const char* xmlname, const char* p7sname,
+ const char* p7signer, const char* res_conf, const char* root_hints,
+ const char* debugconf, int ip4only, int ip6only, int force, int port)
{
struct ub_ctx* ctx;
struct ub_result* dnskey;
int main(int argc, char* argv[])
{
int c;
- char* root_anchor_file = ROOT_ANCHOR_FILE;
- char* root_cert_file = ROOT_CERT_FILE;
- char* urlname = URLNAME;
- char* xmlname = XMLNAME;
- char* p7sname = P7SNAME;
- char* p7signer = P7SIGNER;
- char* res_conf = NULL;
- char* root_hints = NULL;
- char* debugconf = NULL;
+ const char* root_anchor_file = ROOT_ANCHOR_FILE;
+ const char* root_cert_file = ROOT_CERT_FILE;
+ const char* urlname = URLNAME;
+ const char* xmlname = XMLNAME;
+ const char* p7sname = P7SNAME;
+ const char* p7signer = P7SIGNER;
+ const char* res_conf = NULL;
+ const char* root_hints = NULL;
+ const char* debugconf = NULL;
int dolist=0, ip4only=0, ip6only=0, force=0, port = HTTPS_PORT;
/* parse the options */
while( (c=getopt(argc, argv, "46C:FP:a:c:f:hln:r:s:u:vx:")) != -1) {
# settings:
# directory for files
-DESTDIR=/usr/local/etc/unbound
+prefix=/usr/local
+DESTDIR=${prefix}/etc/unbound
# issuer and subject name for certificates
SERVERNAME=unbound
# base name for unbound-control keys
CTL_BASE=unbound_control
-# we want -rw-r--- access (say you run this as root: grp=yes (server), all=no).
-umask 0026
+# we want -rw-r----- access (say you run this as root: grp=yes (server), all=no).
+umask 0027
# end of options
--- /dev/null
+#!/bin/sh
+#
+# unbound-control-setup.sh - set up SSL certificates for unbound-control
+#
+# Copyright (c) 2008, NLnet Labs. All rights reserved.
+#
+# This software is open source.
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions
+# are met:
+#
+# Redistributions of source code must retain the above copyright notice,
+# this list of conditions and the following disclaimer.
+#
+# Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation
+# and/or other materials provided with the distribution.
+#
+# Neither the name of the NLNET LABS nor the names of its contributors may
+# be used to endorse or promote products derived from this software without
+# specific prior written permission.
+#
+# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+# settings:
+
+# directory for files
+prefix=@prefix@
+DESTDIR=@sysconfdir@/unbound
+
+# issuer and subject name for certificates
+SERVERNAME=unbound
+CLIENTNAME=unbound-control
+
+# validity period for certificates
+DAYS=7200
+
+# size of keys in bits
+BITS=1536
+
+# hash algorithm
+HASH=sha256
+
+# base name for unbound server keys
+SVR_BASE=unbound_server
+
+# base name for unbound-control keys
+CTL_BASE=unbound_control
+
+# we want -rw-r----- access (say you run this as root: grp=yes (server), all=no).
+umask 0027
+
+# end of options
+
+# functions:
+error ( ) {
+ echo "$0 fatal error: $1"
+ exit 1
+}
+
+# check arguments:
+while test $# -ne 0; do
+ case $1 in
+ -d)
+ if test $# -eq 1; then error "need argument for -d"; fi
+ DESTDIR="$2"
+ shift
+ ;;
+ *)
+ echo "unbound-control-setup.sh - setup SSL keys for unbound-control"
+ echo " -d dir use directory to store keys and certificates."
+ echo " default: $DESTDIR"
+ echo "please run this command using the same user id that the "
+ echo "unbound daemon uses, it needs read privileges."
+ exit 1
+ ;;
+ esac
+ shift
+done
+
+# go!:
+echo "setup in directory $DESTDIR"
+cd "$DESTDIR" || error "could not cd to $DESTDIR"
+
+# create certificate keys; do not recreate if they already exist.
+if test -f $SVR_BASE.key; then
+ echo "$SVR_BASE.key exists"
+else
+ echo "generating $SVR_BASE.key"
+ openssl genrsa -out $SVR_BASE.key $BITS || error "could not genrsa"
+fi
+if test -f $CTL_BASE.key; then
+ echo "$CTL_BASE.key exists"
+else
+ echo "generating $CTL_BASE.key"
+ openssl genrsa -out $CTL_BASE.key $BITS || error "could not genrsa"
+fi
+
+# create self-signed cert for server
+cat >request.cfg <<EOF
+[req]
+default_bits=$BITS
+default_md=$HASH
+prompt=no
+distinguished_name=req_distinguished_name
+
+[req_distinguished_name]
+commonName=$SERVERNAME
+EOF
+test -f request.cfg || error "could not create request.cfg"
+
+echo "create $SVR_BASE.pem (self signed certificate)"
+openssl req -key $SVR_BASE.key -config request.cfg -new -x509 -days $DAYS -out $SVR_BASE.pem || error "could not create $SVR_BASE.pem"
+# create trusted usage pem
+openssl x509 -in $SVR_BASE.pem -addtrust serverAuth -out $SVR_BASE"_trust.pem"
+
+# create client request and sign it, piped
+cat >request.cfg <<EOF
+[req]
+default_bits=$BITS
+default_md=$HASH
+prompt=no
+distinguished_name=req_distinguished_name
+
+[req_distinguished_name]
+commonName=$CLIENTNAME
+EOF
+test -f request.cfg || error "could not create request.cfg"
+
+echo "create $CTL_BASE.pem (signed client certificate)"
+openssl req -key $CTL_BASE.key -config request.cfg -new | openssl x509 -req -days $DAYS -CA $SVR_BASE"_trust.pem" -CAkey $SVR_BASE.key -CAcreateserial -$HASH -out $CTL_BASE.pem
+test -f $CTL_BASE.pem || error "could not create $CTL_BASE.pem"
+# create trusted usage pem
+# openssl x509 -in $CTL_BASE.pem -addtrust clientAuth -out $CTL_BASE"_trust.pem"
+
+# see details with openssl x509 -noout -text < $SVR_BASE.pem
+# echo "create $CTL_BASE""_browser.pfx (web client certificate)"
+# echo "create webbrowser PKCS#12 .PFX certificate file. In Firefox import in:"
+# echo "preferences - advanced - encryption - view certificates - your certs"
+# echo "empty password is used, simply click OK on the password dialog box."
+# openssl pkcs12 -export -in $CTL_BASE"_trust.pem" -inkey $CTL_BASE.key -name "unbound remote control client cert" -out $CTL_BASE"_browser.pfx" -password "pass:" || error "could not create browser certificate"
+
+# remove unused permissions
+chmod o-rw $SVR_BASE.pem $SVR_BASE.key $CTL_BASE.pem $CTL_BASE.key
+
+# remove crap
+rm -f request.cfg
+rm -f $CTL_BASE"_trust.pem" $SVR_BASE"_trust.pem" $SVR_BASE"_trust.srl"
+
+echo "Setup success. Certificates created. Enable in unbound.conf file to use"
+
+exit 0
* linked into the resulting program.
*/
#include "config.h"
+#include "libunbound/context.h"
+#include "libunbound/worker.h"
+#include "util/fptr_wlist.h"
#include "util/log.h"
#include "services/mesh.h"
-struct comm_reply;
-struct comm_point;
-struct module_qstate;
-struct tube;
void worker_handle_control_cmd(struct tube* ATTR_UNUSED(tube),
uint8_t* ATTR_UNUSED(buffer), size_t ATTR_UNUSED(len),
struct outbound_entry* worker_send_query(uint8_t* ATTR_UNUSED(qname),
size_t ATTR_UNUSED(qnamelen), uint16_t ATTR_UNUSED(qtype),
uint16_t ATTR_UNUSED(qclass), uint16_t ATTR_UNUSED(flags),
- int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec),
+ int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec),
struct sockaddr_storage* ATTR_UNUSED(addr),
- socklen_t ATTR_UNUSED(addrlen), struct module_qstate* ATTR_UNUSED(q))
+ socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone),
+ size_t ATTR_UNUSED(zonelen), struct module_qstate* ATTR_UNUSED(q))
{
log_assert(0);
return 0;
uint16_t ATTR_UNUSED(qclass), uint16_t ATTR_UNUSED(flags),
int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec),
struct sockaddr_storage* ATTR_UNUSED(addr),
- socklen_t ATTR_UNUSED(addrlen), struct module_qstate* ATTR_UNUSED(q))
+ socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone),
+ size_t ATTR_UNUSED(zonelen), struct module_qstate* ATTR_UNUSED(q))
{
log_assert(0);
return 0;
/** global config during parsing */
struct config_parser_state* cfg_parser = 0;
-/** lex in file */
-extern FILE* ub_c_in;
-/** lex out file */
-extern FILE* ub_c_out;
-/** the yacc lex generated parse function */
-int ub_c_parse(void);
-/** the lexer function */
-int ub_c_lex(void);
-/** wrap function */
-int ub_c_wrap(void);
-/** init lex state */
-void init_cfg_parse(void);
/** init ports possible for use */
static void init_outgoing_availports(int* array, int num);
/** global config parser object used during config parsing */
extern struct config_parser_state* cfg_parser;
+/** init lex state */
+void init_cfg_parse(void);
+/** lex in file */
+extern FILE* ub_c_in;
+/** lex out file */
+extern FILE* ub_c_out;
+/** the yacc lex generated parse function */
+int ub_c_parse(void);
+/** the lexer function */
+int ub_c_lex(void);
+/** wrap function */
+int ub_c_wrap(void);
/** parsing helpers: print error with file and line numbers */
void ub_c_error(const char* msg);
/** parsing helpers: print error with file and line numbers */
#include "config.h"
#include "util/fptr_wlist.h"
#include "util/mini_event.h"
-#include "daemon/worker.h"
-#include "daemon/remote.h"
#include "services/outside_network.h"
#include "services/mesh.h"
#include "services/localzone.h"
#include "util/locks.h"
#include "libunbound/libworker.h"
#include "libunbound/context.h"
+#include "libunbound/worker.h"
#include "util/tube.h"
#include "util/config_file.h"
#ifdef UB_ON_WINDOWS
projects / thirdparty / unbound.git / commitdiff
