+++ /dev/null
-diff --git a/daemon/remote.c b/daemon/remote.c
-index a2b2204..b6990f3 100644
---- a/daemon/remote.c
-+++ b/daemon/remote.c
-@@ -81,6 +81,11 @@
- #ifdef HAVE_NETDB_H
- #include <netdb.h>
- #endif
-+#ifdef HAVE_PWD_H
-+#include <pwd.h>
-+#include <sys/stat.h>
-+#include <fcntl.h>
-+#endif
-
- /* just for portability */
- #ifdef SQ
-@@ -235,7 +240,8 @@ void daemon_remote_delete(struct daemon_remote* rc)
- * @return false on failure.
- */
- static int
--add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err)
-+add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err,
-+ struct config_file* cfg)
- {
- struct addrinfo hints;
- struct addrinfo* res;
-@@ -246,29 +252,74 @@ add_open(const char* ip, int nr, struct listen_port** list, int noproto_is_err)
- snprintf(port, sizeof(port), "%d", nr);
- port[sizeof(port)-1]=0;
- memset(&hints, 0, sizeof(hints));
-- hints.ai_socktype = SOCK_STREAM;
-- hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST;
-- if((r = getaddrinfo(ip, port, &hints, &res)) != 0 || !res) {
--#ifdef USE_WINSOCK
-- if(!noproto_is_err && r == EAI_NONAME) {
-- /* tried to lookup the address as name */
-- return 1; /* return success, but do nothing */
-+
-+ if(ip[0] == '/') {
-+ /* This looks like UNIX socket! */
-+ fd = create_domain_accept_sock(ip);
-+/*
-+ * When unbound starts, it first creates a socket and then
-+ * drops privs, so the socket is created as root user.
-+ * This is fine, but we would like to set _unbound user group
-+ * for this socket, and permissions should be 0660 so only
-+ * root and _unbound group members can invoke unbound-control.
-+ * The username used here is the same as username that unbound
-+ * uses for its worker processes.
-+ */
-+
-+/*
-+ * Note: this code is an exact copy of code from daemon.c
-+ * Normally this should be either wrapped into a function,
-+ * or gui/gid values should be retrieved at config parsing time
-+ * and then stored in configfile structure.
-+ * This requires action from unbound developers!
-+*/
-+#ifdef HAVE_GETPWNAM
-+ struct passwd *pwd = NULL;
-+ uid_t uid;
-+ gid_t gid;
-+ /* initialize, but not to 0 (root) */
-+ memset(&uid, 112, sizeof(uid));
-+ memset(&gid, 112, sizeof(gid));
-+ log_assert(cfg);
-+
-+ if(cfg->username && cfg->username[0]) {
-+ if((pwd = getpwnam(cfg->username)) == NULL)
-+ fatal_exit("user '%s' does not exist.",
-+ cfg->username);
-+ uid = pwd->pw_uid;
-+ gid = pwd->pw_gid;
-+ endpwent();
- }
-+
-+ chown(ip, 0, gid);
-+ chmod(ip, S_IRUSR | S_IWUSR | S_IRGRP | S_IWGRP);
-+#endif
-+ } else {
-+ hints.ai_socktype = SOCK_STREAM;
-+ hints.ai_flags = AI_PASSIVE | AI_NUMERICHOST;
-+ if((r = getaddrinfo(ip, port, &hints, &res)) != 0 || !res) {
-+#ifdef USE_WINSOCK
-+ if(!noproto_is_err && r == EAI_NONAME) {
-+ /* tried to lookup the address as name */
-+ return 1; /* return success, but do nothing */
-+ }
- #endif /* USE_WINSOCK */
-- log_err("control interface %s:%s getaddrinfo: %s %s",
-- ip?ip:"default", port, gai_strerror(r),
-+ log_err("control interface %s:%s getaddrinfo: %s %s",
-+ ip?ip:"default", port, gai_strerror(r),
- #ifdef EAI_SYSTEM
- r==EAI_SYSTEM?(char*)strerror(errno):""
- #else
- ""
- #endif
- );
-- return 0;
-+ return 0;
-+ }
-+
-+ /* open fd */
-+ fd = create_tcp_accept_sock(res, 1, &noproto);
-+ freeaddrinfo(res);
- }
-
-- /* open fd */
-- fd = create_tcp_accept_sock(res, 1, &noproto);
-- freeaddrinfo(res);
- if(fd == -1 && noproto) {
- if(!noproto_is_err)
- return 1; /* return success, but do nothing */
-@@ -305,7 +356,7 @@ struct listen_port* daemon_remote_open_ports(struct config_file* cfg)
- if(cfg->control_ifs) {
- struct config_strlist* p;
- for(p = cfg->control_ifs; p; p = p->next) {
-- if(!add_open(p->str, cfg->control_port, &l, 1)) {
-+ if(!add_open(p->str, cfg->control_port, &l, 1, cfg)) {
- listening_ports_free(l);
- return NULL;
- }
-@@ -313,12 +364,12 @@ struct listen_port* daemon_remote_open_ports(struct config_file* cfg)
- } else {
- /* defaults */
- if(cfg->do_ip6 &&
-- !add_open("::1", cfg->control_port, &l, 0)) {
-+ !add_open("::1", cfg->control_port, &l, 0, cfg)) {
- listening_ports_free(l);
- return NULL;
- }
- if(cfg->do_ip4 &&
-- !add_open("127.0.0.1", cfg->control_port, &l, 1)) {
-+ !add_open("127.0.0.1", cfg->control_port, &l, 1, cfg)) {
- listening_ports_free(l);
- return NULL;
- }
-diff --git a/services/listen_dnsport.c b/services/listen_dnsport.c
-index ea7ec3a..4cb04e2 100644
---- a/services/listen_dnsport.c
-+++ b/services/listen_dnsport.c
-@@ -55,6 +55,10 @@
- #endif
- #include <fcntl.h>
-
-+#ifndef USE_WINSOCK
-+#include <sys/un.h>
-+#endif
-+
- /** number of queued TCP connections for listen() */
- #define TCP_BACKLOG 5
-
-@@ -376,6 +380,53 @@ create_udp_sock(int family, int socktype, struct sockaddr* addr,
- }
-
- int
-+create_domain_accept_sock(char *path) {
-+ int s;
-+ struct sockaddr_un unixaddr;
-+
-+#ifndef USE_WINSOCK
-+ unixaddr.sun_len = sizeof(unixaddr);
-+ unixaddr.sun_family = AF_UNIX;
-+ strlcpy(unixaddr.sun_path, path, 104);
-+
-+ if((s = socket(AF_UNIX, SOCK_STREAM, 0)) == -1) {
-+ log_err("Cannot create UNIX socket %s (%s)",
-+ path, strerror(errno));
-+ return -1;
-+ }
-+
-+ if(unlink(path) && errno != ENOENT) {
-+ /* The socket already exists and cannot be removed */
-+ log_err("Cannot remove old UNIX socket %s (%s)",
-+ path, strerror(errno));
-+ return -1;
-+ }
-+
-+ if(bind(s, (struct sockaddr *) &unixaddr,
-+ sizeof(struct sockaddr_un)) == -1) {
-+ log_err("Cannot bind UNIX socket %s (%s)",
-+ path, strerror(errno));
-+ return -1;
-+ }
-+
-+ if(!fd_set_nonblock(s)) {
-+ log_err("Cannot set non-blocking mode");
-+ return -1;
-+ }
-+
-+ if(listen(s, TCP_BACKLOG) == -1) {
-+ log_err("can't listen: %s", strerror(errno));
-+ return -1;
-+ }
-+
-+ return s;
-+#else
-+ log_err("UNIX sockets are not supported");
-+ return -1;
-+#endif
-+}
-+
-+int
- create_tcp_accept_sock(struct addrinfo *addr, int v6only, int* noproto)
- {
- int s;
-diff --git a/smallapp/unbound-control.c b/smallapp/unbound-control.c
-index a872f92..10631fd 100644
---- a/smallapp/unbound-control.c
-+++ b/smallapp/unbound-control.c
-@@ -59,6 +59,8 @@
- #include "util/locks.h"
- #include "util/net_help.h"
-
-+#include <sys/un.h>
-+
- /** Give unbound-control usage, and exit (1). */
- static void
- usage()
-@@ -158,6 +160,7 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd)
- {
- struct sockaddr_storage addr;
- socklen_t addrlen;
-+ int addrfamily = 0;
- int fd;
- /* use svr or the first config entry */
- if(!svr) {
-@@ -176,12 +179,21 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd)
- if(strchr(svr, '@')) {
- if(!extstrtoaddr(svr, &addr, &addrlen))
- fatal_exit("could not parse IP@port: %s", svr);
-+ } else if(svr[0] == '/') {
-+ struct sockaddr_un* unixsock = (struct sockaddr_un *) &addr;
-+ unixsock->sun_family = AF_UNIX;
-+ unixsock->sun_len = sizeof(unixsock);
-+ strlcpy(unixsock->sun_path, svr, 104);
-+ addrlen = sizeof(struct sockaddr_un);
-+ addrfamily = AF_UNIX;
- } else {
- if(!ipstrtoaddr(svr, cfg->control_port, &addr, &addrlen))
- fatal_exit("could not parse IP: %s", svr);
- }
-- fd = socket(addr_is_ip6(&addr, addrlen)?AF_INET6:AF_INET,
-- SOCK_STREAM, 0);
-+
-+ if(addrfamily != AF_UNIX)
-+ addrfamily = addr_is_ip6(&addr, addrlen)?AF_INET6:AF_INET;
-+ fd = socket(addrfamily, SOCK_STREAM, 0);
- if(fd == -1) {
- #ifndef USE_WINSOCK
- fatal_exit("socket: %s", strerror(errno));
-diff --git a/util/net_help.c b/util/net_help.c
-index b3136a3..5b5b4a3 100644
---- a/util/net_help.c
-+++ b/util/net_help.c
-@@ -45,6 +45,7 @@
- #include "util/module.h"
- #include "util/regional.h"
- #include <fcntl.h>
-+#include <sys/un.h>
- #include <openssl/ssl.h>
- #include <openssl/err.h>
-
-@@ -135,7 +136,7 @@ log_addr(enum verbosity_value v, const char* str,
- {
- uint16_t port;
- const char* family = "unknown";
-- char dest[100];
-+ char dest[108];
- int af = (int)((struct sockaddr_in*)addr)->sin_family;
- void* sinaddr = &((struct sockaddr_in*)addr)->sin_addr;
- if(verbosity < v)
-@@ -148,15 +149,23 @@ log_addr(enum verbosity_value v, const char* str,
- case AF_UNIX: family="unix"; break;
- default: break;
- }
-- if(inet_ntop(af, sinaddr, dest, (socklen_t)sizeof(dest)) == 0) {
-- strncpy(dest, "(inet_ntop error)", sizeof(dest));
-+
-+ if(af != AF_UNIX) {
-+ if(inet_ntop(af, sinaddr, dest, (socklen_t)sizeof(dest)) == 0) {
-+ strncpy(dest, "(inet_ntop error)", sizeof(dest));
-+ }
-+ dest[sizeof(dest)-1] = 0;
-+ port = ntohs(((struct sockaddr_in*)addr)->sin_port);
-+ if(verbosity >= 4)
-+ verbose(v, "%s %s %s port %d (len %d)", str, family,
-+ dest, (int)port, (int)addrlen);
-+ else verbose(v, "%s %s port %d", str, dest, (int)port);
-+ } else {
-+ struct sockaddr_un* unixsock;
-+ unixsock = (struct sockaddr_un *) addr;
-+ strlcpy(dest, unixsock->sun_path, sizeof(dest));
-+ verbose(v, "%s %s %s", str, family, dest);
- }
-- dest[sizeof(dest)-1] = 0;
-- port = ntohs(((struct sockaddr_in*)addr)->sin_port);
-- if(verbosity >= 4)
-- verbose(v, "%s %s %s port %d (len %d)", str, family, dest,
-- (int)port, (int)addrlen);
-- else verbose(v, "%s %s port %d", str, dest, (int)port);
- }
-
- int
projects / thirdparty / unbound.git / commitdiff
