clones/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2024-09-21 06:37:08 +00:00
Code Issues Packages Projects Releases Wiki Activity

- #4102 for NSD, but for Unbound. Named unix pipes do not use

Browse Source 
certificate and key files, access can be restricted with file and
  directory permissions.  The option control-use-cert is no longer
  used, and ignored if found in unbound.conf.


git-svn-id: file:///svn/unbound/trunk@4718 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2018-06-12 07:43:52 +00:00
parent 3f837bc440
commit 7fd32916e8
13 changed files with 488 additions and 480 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
daemon/cachedump.c
View File

@ -62,7 +62,7 @@
/** dump one rrset zonefile line */
static int
dump_rrset_line(SSL* ssl, struct ub_packed_rrset_key* k, time_t now, size_t i)
dump_rrset_line(RES* ssl, struct ub_packed_rrset_key* k, time_t now, size_t i)
{
char s[65535];
if(!packed_rr_to_string(k, i, now, s, sizeof(s))) {
@ -73,7 +73,7 @@ dump_rrset_line(SSL* ssl, struct ub_packed_rrset_key* k, time_t now, size_t i)
/** dump rrset key and data info */
static int
dump_rrset(SSL* ssl, struct ub_packed_rrset_key* k,
dump_rrset(RES* ssl, struct ub_packed_rrset_key* k,
struct packed_rrset_data* d, time_t now)
{
size_t i;
@ -99,7 +99,7 @@ dump_rrset(SSL* ssl, struct ub_packed_rrset_key* k,
/** dump lruhash rrset cache */
static int
dump_rrset_lruhash(SSL* ssl, struct lruhash* h, time_t now)
dump_rrset_lruhash(RES* ssl, struct lruhash* h, time_t now)
{
struct lruhash_entry* e;
/* lruhash already locked by caller */
@ -118,7 +118,7 @@ dump_rrset_lruhash(SSL* ssl, struct lruhash* h, time_t now)
/** dump rrset cache */
static int
dump_rrset_cache(SSL* ssl, struct worker* worker)
dump_rrset_cache(RES* ssl, struct worker* worker)
{
struct rrset_cache* r = worker->env.rrset_cache;
size_t slab;
@ -137,7 +137,7 @@ dump_rrset_cache(SSL* ssl, struct worker* worker)
/** dump message to rrset reference */
static int
dump_msg_ref(SSL* ssl, struct ub_packed_rrset_key* k)
dump_msg_ref(RES* ssl, struct ub_packed_rrset_key* k)
{
char* nm, *tp, *cl;
nm = sldns_wire2str_dname(k->rk.dname, k->rk.dname_len);
@ -164,7 +164,7 @@ dump_msg_ref(SSL* ssl, struct ub_packed_rrset_key* k)
/** dump message entry */
static int
dump_msg(SSL* ssl, struct query_info* k, struct reply_info* d,
dump_msg(RES* ssl, struct query_info* k, struct reply_info* d,
time_t now)
{
size_t i;
@ -246,7 +246,7 @@ copy_msg(struct regional* region, struct lruhash_entry* e,
/** dump lruhash msg cache */
static int
dump_msg_lruhash(SSL* ssl, struct worker* worker, struct lruhash* h)
dump_msg_lruhash(RES* ssl, struct worker* worker, struct lruhash* h)
{
struct lruhash_entry* e;
struct query_info* k;
@ -274,7 +274,7 @@ dump_msg_lruhash(SSL* ssl, struct worker* worker, struct lruhash* h)
/** dump msg cache */
static int
dump_msg_cache(SSL* ssl, struct worker* worker)
dump_msg_cache(RES* ssl, struct worker* worker)
{
struct slabhash* sh = worker->env.msg_cache;
size_t slab;
@ -291,7 +291,7 @@ dump_msg_cache(SSL* ssl, struct worker* worker)
}
int
dump_cache(SSL* ssl, struct worker* worker)
dump_cache(RES* ssl, struct worker* worker)
{
if(!dump_rrset_cache(ssl, worker))
return 0;
@ -302,7 +302,7 @@ dump_cache(SSL* ssl, struct worker* worker)
/** read a line from ssl into buffer */
static int
ssl_read_buf(SSL* ssl, sldns_buffer* buf)
ssl_read_buf(RES* ssl, sldns_buffer* buf)
{
return ssl_read_line(ssl, (char*)sldns_buffer_begin(buf),
sldns_buffer_capacity(buf));
@ -310,7 +310,7 @@ ssl_read_buf(SSL* ssl, sldns_buffer* buf)
/** check fixed text on line */
static int
read_fixed(SSL* ssl, sldns_buffer* buf, const char* str)
read_fixed(RES* ssl, sldns_buffer* buf, const char* str)
{
if(!ssl_read_buf(ssl, buf)) return 0;
return (strcmp((char*)sldns_buffer_begin(buf), str) == 0);
@ -318,7 +318,7 @@ read_fixed(SSL* ssl, sldns_buffer* buf, const char* str)
/** load an RR into rrset */
static int
load_rr(SSL* ssl, sldns_buffer* buf, struct regional* region,
load_rr(RES* ssl, sldns_buffer* buf, struct regional* region,
struct ub_packed_rrset_key* rk, struct packed_rrset_data* d,
unsigned int i, int is_rrsig, int* go_on, time_t now)
{
@ -435,7 +435,7 @@ move_into_cache(struct ub_packed_rrset_key* k,
/** load an rrset entry */
static int
load_rrset(SSL* ssl, sldns_buffer* buf, struct worker* worker)
load_rrset(RES* ssl, sldns_buffer* buf, struct worker* worker)
{
char* s = (char*)sldns_buffer_begin(buf);
struct regional* region = worker->scratchpad;
@ -519,7 +519,7 @@ load_rrset(SSL* ssl, sldns_buffer* buf, struct worker* worker)
/** load rrset cache */
static int
load_rrset_cache(SSL* ssl, struct worker* worker)
load_rrset_cache(RES* ssl, struct worker* worker)
{
sldns_buffer* buf = worker->env.scratch_buffer;
if(!read_fixed(ssl, buf, "START_RRSET_CACHE")) return 0;
@ -575,7 +575,7 @@ load_qinfo(char* str, struct query_info* qinfo, struct regional* region)
/** load a msg rrset reference */
static int
load_ref(SSL* ssl, sldns_buffer* buf, struct worker* worker,
load_ref(RES* ssl, sldns_buffer* buf, struct worker* worker,
struct regional *region, struct ub_packed_rrset_key** rrset,
int* go_on)
{
@ -620,7 +620,7 @@ load_ref(SSL* ssl, sldns_buffer* buf, struct worker* worker,
/** load a msg entry */
static int
load_msg(SSL* ssl, sldns_buffer* buf, struct worker* worker)
load_msg(RES* ssl, sldns_buffer* buf, struct worker* worker)
{
struct regional* region = worker->scratchpad;
struct query_info qinf;
@ -685,7 +685,7 @@ load_msg(SSL* ssl, sldns_buffer* buf, struct worker* worker)
/** load msg cache */
static int
load_msg_cache(SSL* ssl, struct worker* worker)
load_msg_cache(RES* ssl, struct worker* worker)
{
sldns_buffer* buf = worker->env.scratch_buffer;
if(!read_fixed(ssl, buf, "START_MSG_CACHE")) return 0;
@ -698,7 +698,7 @@ load_msg_cache(SSL* ssl, struct worker* worker)
}
int
load_cache(SSL* ssl, struct worker* worker)
load_cache(RES* ssl, struct worker* worker)
{
if(!load_rrset_cache(ssl, worker))
return 0;
@ -709,7 +709,7 @@ load_cache(SSL* ssl, struct worker* worker)
/** print details on a delegation point */
static void
print_dp_details(SSL* ssl, struct worker* worker, struct delegpt* dp)
print_dp_details(RES* ssl, struct worker* worker, struct delegpt* dp)
{
char buf[257];
struct delegpt_addr* a;
@ -785,7 +785,7 @@ print_dp_details(SSL* ssl, struct worker* worker, struct delegpt* dp)
/** print main dp info */
static void
print_dp_main(SSL* ssl, struct delegpt* dp, struct dns_msg* msg)
print_dp_main(RES* ssl, struct delegpt* dp, struct dns_msg* msg)
{
size_t i, n_ns, n_miss, n_addr, n_res, n_avail;
@ -813,7 +813,7 @@ print_dp_main(SSL* ssl, struct delegpt* dp, struct dns_msg* msg)
return;
}
int print_deleg_lookup(SSL* ssl, struct worker* worker, uint8_t* nm,
int print_deleg_lookup(RES* ssl, struct worker* worker, uint8_t* nm,
size_t nmlen, int ATTR_UNUSED(nmlabs))
{
/* deep links into the iterator module */

7
daemon/cachedump.h
View File

@ -72,6 +72,7 @@
#ifndef DAEMON_DUMPCACHE_H
#define DAEMON_DUMPCACHE_H
struct worker;
#include "daemon/remote.h"
/**
* Dump cache(s) to text
@ -80,7 +81,7 @@ struct worker;
* ptrs to the caches.
* @return false on ssl print error.
*/
int dump_cache(SSL* ssl, struct worker* worker);
int dump_cache(RES* ssl, struct worker* worker);
/**
* Load cache(s) from text
@ -89,7 +90,7 @@ int dump_cache(SSL* ssl, struct worker* worker);
* ptrs to the caches.
* @return false on ssl error.
*/
int load_cache(SSL* ssl, struct worker* worker);
int load_cache(RES* ssl, struct worker* worker);
/**
* Print the delegation used to lookup for this name.
@ -101,7 +102,7 @@ int load_cache(SSL* ssl, struct worker* worker);
* @param nmlabs: labels in name.
* @return false on ssl error.
*/
int print_deleg_lookup(SSL* ssl, struct worker* worker, uint8_t* nm,
int print_deleg_lookup(RES* ssl, struct worker* worker, uint8_t* nm,
size_t nmlen, int nmlabs);
#endif /* DAEMON_DUMPCACHE_H */

496
daemon/remote.c
View File

File diff suppressed because it is too large Load Diff

25
daemon/remote.h
View File

@ -73,6 +73,8 @@ struct rc_state {
/** the ssl state */
SSL* ssl;
#endif
/** file descriptor */
int fd;
/** the rc this is part of */
struct daemon_remote* rc;
};
@ -103,6 +105,17 @@ struct daemon_remote {
#endif
};
/**
* Connection to print to, either SSL or plain over fd
*/
struct remote_stream {
/** SSL structure, nonNULL if using SSL */
SSL* ssl;
/** file descriptor for plain transfer */
int fd;
};
typedef struct remote_stream RES;
/**
* Create new remote control state for the daemon.
* @param cfg: config file with key file settings.
@ -166,26 +179,26 @@ void daemon_remote_exec(struct worker* worker);
* @param text: the text.
* @return false on connection failure.
*/
int ssl_print_text(SSL* ssl, const char* text);
int ssl_print_text(RES* ssl, const char* text);
/**
* printf style printing to the ssl connection
* @param ssl: the SSL connection to print to. Blocking.
* @param ssl: the RES connection to print to. Blocking.
* @param format: printf style format string.
* @return success or false on a network failure.
*/
int ssl_printf(SSL* ssl, const char* format, ...)
int ssl_printf(RES* ssl, const char* format, ...)
ATTR_FORMAT(printf, 2, 3);
/**
* Read until \n is encountered
* If SSL signals EOF, the string up to then is returned (without \n).
* @param ssl: the SSL connection to read from. blocking.
* If stream signals EOF, the string up to then is returned (without \n).
* @param ssl: the RES connection to read from. blocking.
* @param buf: buffer to read to.
* @param max: size of buffer.
* @return false on connection failure.
*/
int ssl_read_line(SSL* ssl, char* buf, size_t max);
int ssl_read_line(RES* ssl, char* buf, size_t max);
#endif /* HAVE_SSL */
#endif /* DAEMON_REMOTE_H */

6
doc/Changelog
View File

@ -1,3 +1,9 @@
12 June 2018: Wouter
- #4102 for NSD, but for Unbound. Named unix pipes do not use
certificate and key files, access can be restricted with file and
directory permissions. The option control-use-cert is no longer
used, and ignored if found in unbound.conf.
6 June 2018: Wouter
- Patch to fix openwrt for mac os build darwin detection in configure.

6
doc/example.conf.in
View File

@ -774,12 +774,10 @@ remote-control:
# set up the keys and certificates with unbound-control-setup.
# control-enable: no
# Set to no and use an absolute path as control-interface to use
# a unix local named pipe for unbound-control.
# control-use-cert: yes
# what interfaces are listened to for remote control.
# give 0.0.0.0 and ::0 to listen to all interfaces.
# set to an absolute path to use a unix local name pipe, certificates
# are not used for that, so key and cert files need not be present.
# control-interface: 127.0.0.1
# control-interface: ::1

15
doc/unbound.conf.5.in
View File

@ -1369,6 +1369,14 @@ By default localhost (127.0.0.1 and ::1) is listened to.
Use 0.0.0.0 and ::0 to listen to all interfaces.
If you change this and permissions have been dropped, you must restart
the server for the change to take effect.
.IP
If you set it to an absolute path, a local socket is used. The local socket
does not use the certificates and keys, so those files need not be present.
To restrict access, unbound sets permissions on the file to the user and
group that is configured, the access bits are set to allow the group members
to access the control socket file. Put users that need to access the socket
in the that group. To restrict access further, create a directory to put
the control socket in and restrict access to that directory.
.TP 5
.B control\-port: \fI<port number>
The port number to listen on for IPv4 or IPv6 control interfaces,
@ -1376,13 +1384,6 @@ default is 8953.
If you change this and permissions have been dropped, you must restart
the server for the change to take effect.
.TP 5
.B control\-use\-cert: \fI<yes or no>
Whether to require certificate authentication of control connections.
The default is "yes".
This should not be changed unless there are other mechanisms in place
to prevent untrusted users from accessing the remote control
interface.
.TP 5
.B server\-key\-file: \fI<private key file>
Path to the server private key, by default unbound_server.key.
This file is generated by the \fIunbound\-control\-setup\fR utility.

2
smallapp/unbound-checkconf.c
View File

@ -542,7 +542,7 @@ morechecks(struct config_file* cfg, const char* fname)
# endif
}
#endif
if(cfg->remote_control_enable && cfg->remote_control_use_cert) {
if(cfg->remote_control_enable && options_remote_is_address(cfg)) {
check_chroot_string("server-key-file", &cfg->server_key_file,
cfg->chrootdir, cfg);
check_chroot_string("server-cert-file", &cfg->server_cert_file,

159
smallapp/unbound-control.c
View File

@ -451,47 +451,33 @@ setup_ctx(struct config_file* cfg)
char* s_cert=NULL, *c_key=NULL, *c_cert=NULL;
SSL_CTX* ctx;
if(cfg->remote_control_use_cert) {
s_cert = fname_after_chroot(cfg->server_cert_file, cfg, 1);
c_key = fname_after_chroot(cfg->control_key_file, cfg, 1);
c_cert = fname_after_chroot(cfg->control_cert_file, cfg, 1);
if(!s_cert || !c_key || !c_cert)
fatal_exit("out of memory");
}
if(!options_remote_is_address(cfg))
return NULL;
s_cert = fname_after_chroot(cfg->server_cert_file, cfg, 1);
c_key = fname_after_chroot(cfg->control_key_file, cfg, 1);
c_cert = fname_after_chroot(cfg->control_cert_file, cfg, 1);
if(!s_cert || !c_key || !c_cert)
fatal_exit("out of memory");
ctx = SSL_CTX_new(SSLv23_client_method());
if(!ctx)
ssl_err("could not allocate SSL_CTX pointer");
if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)
!= SSL_OP_NO_SSLv2)
ssl_err("could not set SSL_OP_NO_SSLv2");
if(cfg->remote_control_use_cert) {
if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)
!= SSL_OP_NO_SSLv3)
ssl_err("could not set SSL_OP_NO_SSLv3");
if(!SSL_CTX_use_certificate_chain_file(ctx,c_cert) ||
!SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM)
|| !SSL_CTX_check_private_key(ctx))
ssl_err("Error setting up SSL_CTX client key and cert");
if (SSL_CTX_load_verify_locations(ctx, s_cert, NULL) != 1)
ssl_err("Error setting up SSL_CTX verify, server cert");
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)
!= SSL_OP_NO_SSLv3)
ssl_err("could not set SSL_OP_NO_SSLv3");
if(!SSL_CTX_use_certificate_chain_file(ctx,c_cert) ||
!SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM)
|| !SSL_CTX_check_private_key(ctx))
ssl_err("Error setting up SSL_CTX client key and cert");
if (SSL_CTX_load_verify_locations(ctx, s_cert, NULL) != 1)
ssl_err("Error setting up SSL_CTX verify, server cert");
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
free(s_cert);
free(c_key);
free(c_cert);
} else {
/* Use ciphers that don't require authentication */
#if defined(SSL_OP_NO_TLSv1_3)
/* in openssl 1.1.1, negotiation code for tls 1.3 does
* not allow the unauthenticated aNULL and eNULL ciphers */
SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_3);
#endif
#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL
SSL_CTX_set_security_level(ctx, 0);
#endif
if(!SSL_CTX_set_cipher_list(ctx, "aNULL:eNULL"))
ssl_err("Error setting NULL cipher!");
}
free(s_cert);
free(c_key);
free(c_cert);
return ctx;
}
@ -571,12 +557,13 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd)
/** setup SSL on the connection */
static SSL*
setup_ssl(SSL_CTX* ctx, int fd, struct config_file* cfg)
setup_ssl(SSL_CTX* ctx, int fd)
{
SSL* ssl;
X509* x;
int r;
if(!ctx) return NULL;
ssl = SSL_new(ctx);
if(!ssl)
ssl_err("could not SSL_new");
@ -597,78 +584,106 @@ setup_ssl(SSL_CTX* ctx, int fd, struct config_file* cfg)
/* check authenticity of server */
if(SSL_get_verify_result(ssl) != X509_V_OK)
ssl_err("SSL verification failed");
if(cfg->remote_control_use_cert) {
x = SSL_get_peer_certificate(ssl);
if(!x)
ssl_err("Server presented no peer certificate");
X509_free(x);
}
x = SSL_get_peer_certificate(ssl);
if(!x)
ssl_err("Server presented no peer certificate");
X509_free(x);
return ssl;
}
/** read from ssl or fd, fatalexit on error, 0 EOF, 1 success */
static int
remote_read(SSL* ssl, int fd, char* buf, size_t len)
{
if(ssl) {
int r;
ERR_clear_error();
if((r = SSL_read(ssl, buf, (int)len-1)) <= 0) {
if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN) {
/* EOF */
return 0;
}
ssl_err("could not SSL_read");
}
buf[r] = 0;
} else {
ssize_t rr = read(fd, buf, len-1);
if(rr <= 0) {
if(rr == 0) {
/* EOF */
return 0;
}
fatal_exit("could not read: %s", strerror(errno));
}
buf[rr] = 0;
}
return 1;
}
/** write to ssl or fd, fatalexit on error */
static void
remote_write(SSL* ssl, int fd, const char* buf, size_t len)
{
if(ssl) {
if(SSL_write(ssl, buf, (int)len) <= 0)
ssl_err("could not SSL_write");
} else {
if(write(fd, buf, len) < (ssize_t)len)
fatal_exit("could not write: %s", strerror(errno));
}
}
/** send stdin to server */
static void
send_file(SSL* ssl, FILE* in, char* buf, size_t sz)
send_file(SSL* ssl, int fd, FILE* in, char* buf, size_t sz)
{
while(fgets(buf, (int)sz, in)) {
if(SSL_write(ssl, buf, (int)strlen(buf)) <= 0)
ssl_err("could not SSL_write contents");
remote_write(ssl, fd, buf, strlen(buf));
}
}
/** send end-of-file marker to server */
static void
send_eof(SSL* ssl)
send_eof(SSL* ssl, int fd)
{
char e[] = {0x04, 0x0a};
if(SSL_write(ssl, e, (int)sizeof(e)) <= 0)
ssl_err("could not SSL_write end-of-file marker");
remote_write(ssl, fd, e, sizeof(e));
}
/** send command and display result */
static int
go_cmd(SSL* ssl, int quiet, int argc, char* argv[])
go_cmd(SSL* ssl, int fd, int quiet, int argc, char* argv[])
{
char pre[10];
const char* space=" ";
const char* newline="\n";
int was_error = 0, first_line = 1;
int r, i;
int i;
char buf[1024];
snprintf(pre, sizeof(pre), "UBCT%d ", UNBOUND_CONTROL_VERSION);
if(SSL_write(ssl, pre, (int)strlen(pre)) <= 0)
ssl_err("could not SSL_write");
remote_write(ssl, fd, pre, strlen(pre));
for(i=0; i<argc; i++) {
if(SSL_write(ssl, space, (int)strlen(space)) <= 0)
ssl_err("could not SSL_write");
if(SSL_write(ssl, argv[i], (int)strlen(argv[i])) <= 0)
ssl_err("could not SSL_write");
remote_write(ssl, fd, space, strlen(space));
remote_write(ssl, fd, argv[i], strlen(argv[i]));
}
if(SSL_write(ssl, newline, (int)strlen(newline)) <= 0)
ssl_err("could not SSL_write");
remote_write(ssl, fd, newline, strlen(newline));
if(argc == 1 && strcmp(argv[0], "load_cache") == 0) {
send_file(ssl, stdin, buf, sizeof(buf));
send_file(ssl, fd, stdin, buf, sizeof(buf));
}
else if(argc == 1 && (strcmp(argv[0], "local_zones") == 0 ||
strcmp(argv[0], "local_zones_remove") == 0 ||
strcmp(argv[0], "local_datas") == 0 ||
strcmp(argv[0], "local_datas_remove") == 0)) {
send_file(ssl, stdin, buf, sizeof(buf));
send_eof(ssl);
send_file(ssl, fd, stdin, buf, sizeof(buf));
send_eof(ssl, fd);
}
while(1) {
ERR_clear_error();
if((r = SSL_read(ssl, buf, (int)sizeof(buf)-1)) <= 0) {
if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN) {
/* EOF */
break;
}
ssl_err("could not SSL_read");
if(remote_read(ssl, fd, buf, sizeof(buf)) == 0) {
break; /* EOF */
}
buf[r] = 0;
if(first_line && strncmp(buf, "error", 5) == 0) {
printf("%s", buf);
was_error = 1;
@ -703,18 +718,18 @@ go(const char* cfgfile, char* svr, int quiet, int argc, char* argv[])
/* contact server */
fd = contact_server(svr, cfg, argc>0&&strcmp(argv[0],"status")==0);
ssl = setup_ssl(ctx, fd, cfg);
ssl = setup_ssl(ctx, fd);
/* send command */
ret = go_cmd(ssl, quiet, argc, argv);
ret = go_cmd(ssl, fd, quiet, argc, argv);
SSL_free(ssl);
if(ssl) SSL_free(ssl);
#ifndef USE_WINSOCK
close(fd);
#else
closesocket(fd);
#endif
SSL_CTX_free(ctx);
if(ctx) SSL_CTX_free(ctx);
config_delete(cfg);
return ret;
}

10
util/config_file.c
View File

@ -246,7 +246,6 @@ config_create(void)
cfg->remote_control_enable = 0;
cfg->control_ifs = NULL;
cfg->control_port = UNBOUND_CONTROL_PORT;
cfg->remote_control_use_cert = 1;
cfg->minimal_responses = 0;
cfg->rrset_roundrobin = 0;
cfg->max_udp_size = 4096;
@ -2264,3 +2263,12 @@ void errinf_dname(struct module_qstate* qstate, const char* str, uint8_t* dname)
snprintf(b, sizeof(b), "%s %s", str, buf);
errinf(qstate, b);
}
int options_remote_is_address(struct config_file* cfg)
{
if(!cfg->remote_control_enable) return 0;
if(!cfg->control_ifs) return 1;
if(!cfg->control_ifs->str) return 1;
if(cfg->control_ifs->str[0] == 0) return 1;
return (cfg->control_ifs->str[0] != '/');
}

6
util/config_file.h
View File

@ -377,8 +377,6 @@ struct config_file {
struct config_strlist* control_ifs;
/** port number for the control port */
int control_port;
/** use certificates for remote control */
int remote_control_use_cert;
/** private key file for server */
char* server_key_file;
/** certificate file for server */
@ -894,6 +892,10 @@ void config_delview(struct config_view* p);
*/
void config_delviews(struct config_view* list);
/** check if config turns on IP-address interface with certificates or a
* named pipe without certificates. */
int options_remote_is_address(struct config_file* cfg);
/**
* Convert 14digit to time value
* @param str: string of 14 digits

189
util/configparser.c
View File

@ -999,15 +999,15 @@ static const yytype_uint16 yyrline[] =
2025, 2034, 2044, 2054, 2064, 2071, 2078, 2087, 2097, 2107,
2114, 2121, 2128, 2136, 2146, 2156, 2166, 2176, 2206, 2216,
2224, 2233, 2248, 2257, 2262, 2263, 2264, 2264, 2264, 2265,
2265, 2265, 2266, 2266, 2268, 2278, 2287, 2294, 2304, 2311,
2318, 2325, 2332, 2337, 2338, 2339, 2339, 2340, 2340, 2341,
2341, 2342, 2343, 2344, 2345, 2346, 2347, 2349, 2357, 2364,
2372, 2380, 2387, 2394, 2403, 2412, 2421, 2430, 2439, 2448,
2453, 2454, 2455, 2457, 2463, 2473, 2480, 2489, 2497, 2503,
2504, 2506, 2506, 2506, 2507, 2507, 2508, 2509, 2510, 2511,
2512, 2514, 2524, 2534, 2541, 2550, 2557, 2566, 2574, 2587,
2595, 2608, 2613, 2614, 2615, 2615, 2616, 2616, 2616, 2618,
2632, 2647, 2659, 2674
2265, 2265, 2266, 2266, 2268, 2278, 2287, 2294, 2301, 2308,
2315, 2322, 2329, 2334, 2335, 2336, 2336, 2337, 2337, 2338,
2338, 2339, 2340, 2341, 2342, 2343, 2344, 2346, 2354, 2361,
2369, 2377, 2384, 2391, 2400, 2409, 2418, 2427, 2436, 2445,
2450, 2451, 2452, 2454, 2460, 2470, 2477, 2486, 2494, 2500,
2501, 2503, 2503, 2503, 2504, 2504, 2505, 2506, 2507, 2508,
2509, 2511, 2521, 2531, 2538, 2547, 2554, 2563, 2571, 2584,
2592, 2605, 2610, 2611, 2612, 2612, 2613, 2613, 2613, 2615,
2629, 2644, 2656, 2671
};
#endif
@ -5082,128 +5082,125 @@ yyreduce:
#line 2295 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(control_use_cert:%s)\n", (yyvsp[0].str)));
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
yyerror("expected yes or no.");
else cfg_parser->cfg->remote_control_use_cert =
(strcmp((yyvsp[0].str), "yes")==0);
/* ignored */
free((yyvsp[0].str));
}
#line 5092 "util/configparser.c" /* yacc.c:1646 */
#line 5089 "util/configparser.c" /* yacc.c:1646 */
break;
case 428:
#line 2305 "./util/configparser.y" /* yacc.c:1646 */
#line 2302 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(rc_server_key_file:%s)\n", (yyvsp[0].str)));
free(cfg_parser->cfg->server_key_file);
cfg_parser->cfg->server_key_file = (yyvsp[0].str);
}
#line 5102 "util/configparser.c" /* yacc.c:1646 */
#line 5099 "util/configparser.c" /* yacc.c:1646 */
break;
case 429:
#line 2312 "./util/configparser.y" /* yacc.c:1646 */
#line 2309 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(rc_server_cert_file:%s)\n", (yyvsp[0].str)));
free(cfg_parser->cfg->server_cert_file);
cfg_parser->cfg->server_cert_file = (yyvsp[0].str);
}
#line 5112 "util/configparser.c" /* yacc.c:1646 */
#line 5109 "util/configparser.c" /* yacc.c:1646 */
break;
case 430:
#line 2319 "./util/configparser.y" /* yacc.c:1646 */
#line 2316 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(rc_control_key_file:%s)\n", (yyvsp[0].str)));
free(cfg_parser->cfg->control_key_file);
cfg_parser->cfg->control_key_file = (yyvsp[0].str);
}
#line 5122 "util/configparser.c" /* yacc.c:1646 */
#line 5119 "util/configparser.c" /* yacc.c:1646 */
break;
case 431:
#line 2326 "./util/configparser.y" /* yacc.c:1646 */
#line 2323 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(rc_control_cert_file:%s)\n", (yyvsp[0].str)));
free(cfg_parser->cfg->control_cert_file);
cfg_parser->cfg->control_cert_file = (yyvsp[0].str);
}
#line 5132 "util/configparser.c" /* yacc.c:1646 */
#line 5129 "util/configparser.c" /* yacc.c:1646 */
break;
case 432:
#line 2333 "./util/configparser.y" /* yacc.c:1646 */
#line 2330 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("\nP(dnstap:)\n"));
}
#line 5140 "util/configparser.c" /* yacc.c:1646 */
#line 5137 "util/configparser.c" /* yacc.c:1646 */
break;
case 447:
#line 2350 "./util/configparser.y" /* yacc.c:1646 */
#line 2347 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dt_dnstap_enable:%s)\n", (yyvsp[0].str)));
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
yyerror("expected yes or no.");
else cfg_parser->cfg->dnstap = (strcmp((yyvsp[0].str), "yes")==0);
}
#line 5151 "util/configparser.c" /* yacc.c:1646 */
#line 5148 "util/configparser.c" /* yacc.c:1646 */
break;
case 448:
#line 2358 "./util/configparser.y" /* yacc.c:1646 */
#line 2355 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dt_dnstap_socket_path:%s)\n", (yyvsp[0].str)));
free(cfg_parser->cfg->dnstap_socket_path);
cfg_parser->cfg->dnstap_socket_path = (yyvsp[0].str);
}
#line 5161 "util/configparser.c" /* yacc.c:1646 */
#line 5158 "util/configparser.c" /* yacc.c:1646 */
break;
case 449:
#line 2365 "./util/configparser.y" /* yacc.c:1646 */
#line 2362 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dt_dnstap_send_identity:%s)\n", (yyvsp[0].str)));
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
yyerror("expected yes or no.");
else cfg_parser->cfg->dnstap_send_identity = (strcmp((yyvsp[0].str), "yes")==0);
}
#line 5172 "util/configparser.c" /* yacc.c:1646 */
#line 5169 "util/configparser.c" /* yacc.c:1646 */
break;
case 450:
#line 2373 "./util/configparser.y" /* yacc.c:1646 */
#line 2370 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dt_dnstap_send_version:%s)\n", (yyvsp[0].str)));
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
yyerror("expected yes or no.");
else cfg_parser->cfg->dnstap_send_version = (strcmp((yyvsp[0].str), "yes")==0);
}
#line 5183 "util/configparser.c" /* yacc.c:1646 */
#line 5180 "util/configparser.c" /* yacc.c:1646 */
break;
case 451:
#line 2381 "./util/configparser.y" /* yacc.c:1646 */
#line 2378 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dt_dnstap_identity:%s)\n", (yyvsp[0].str)));
free(cfg_parser->cfg->dnstap_identity);
cfg_parser->cfg->dnstap_identity = (yyvsp[0].str);
}
#line 5193 "util/configparser.c" /* yacc.c:1646 */
#line 5190 "util/configparser.c" /* yacc.c:1646 */
break;
case 452:
#line 2388 "./util/configparser.y" /* yacc.c:1646 */
#line 2385 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dt_dnstap_version:%s)\n", (yyvsp[0].str)));
free(cfg_parser->cfg->dnstap_version);
cfg_parser->cfg->dnstap_version = (yyvsp[0].str);
}
#line 5203 "util/configparser.c" /* yacc.c:1646 */
#line 5200 "util/configparser.c" /* yacc.c:1646 */
break;
case 453:
#line 2395 "./util/configparser.y" /* yacc.c:1646 */
#line 2392 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", (yyvsp[0].str)));
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@ -5211,11 +5208,11 @@ yyreduce:
else cfg_parser->cfg->dnstap_log_resolver_query_messages =
(strcmp((yyvsp[0].str), "yes")==0);
}
#line 5215 "util/configparser.c" /* yacc.c:1646 */
#line 5212 "util/configparser.c" /* yacc.c:1646 */
break;
case 454:
#line 2404 "./util/configparser.y" /* yacc.c:1646 */
#line 2401 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", (yyvsp[0].str)));
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@ -5223,11 +5220,11 @@ yyreduce:
else cfg_parser->cfg->dnstap_log_resolver_response_messages =
(strcmp((yyvsp[0].str), "yes")==0);
}
#line 5227 "util/configparser.c" /* yacc.c:1646 */
#line 5224 "util/configparser.c" /* yacc.c:1646 */
break;
case 455:
#line 2413 "./util/configparser.y" /* yacc.c:1646 */
#line 2410 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", (yyvsp[0].str)));
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@ -5235,11 +5232,11 @@ yyreduce:
else cfg_parser->cfg->dnstap_log_client_query_messages =
(strcmp((yyvsp[0].str), "yes")==0);
}
#line 5239 "util/configparser.c" /* yacc.c:1646 */
#line 5236 "util/configparser.c" /* yacc.c:1646 */
break;
case 456:
#line 2422 "./util/configparser.y" /* yacc.c:1646 */
#line 2419 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", (yyvsp[0].str)));
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@ -5247,11 +5244,11 @@ yyreduce:
else cfg_parser->cfg->dnstap_log_client_response_messages =
(strcmp((yyvsp[0].str), "yes")==0);
}
#line 5251 "util/configparser.c" /* yacc.c:1646 */
#line 5248 "util/configparser.c" /* yacc.c:1646 */
break;
case 457:
#line 2431 "./util/configparser.y" /* yacc.c:1646 */
#line 2428 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", (yyvsp[0].str)));
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@ -5259,11 +5256,11 @@ yyreduce:
else cfg_parser->cfg->dnstap_log_forwarder_query_messages =
(strcmp((yyvsp[0].str), "yes")==0);
}
#line 5263 "util/configparser.c" /* yacc.c:1646 */
#line 5260 "util/configparser.c" /* yacc.c:1646 */
break;
case 458:
#line 2440 "./util/configparser.y" /* yacc.c:1646 */
#line 2437 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", (yyvsp[0].str)));
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@ -5271,29 +5268,29 @@ yyreduce:
else cfg_parser->cfg->dnstap_log_forwarder_response_messages =
(strcmp((yyvsp[0].str), "yes")==0);
}
#line 5275 "util/configparser.c" /* yacc.c:1646 */
#line 5272 "util/configparser.c" /* yacc.c:1646 */
break;
case 459:
#line 2449 "./util/configparser.y" /* yacc.c:1646 */
#line 2446 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("\nP(python:)\n"));
}
#line 5283 "util/configparser.c" /* yacc.c:1646 */
#line 5280 "util/configparser.c" /* yacc.c:1646 */
break;
case 463:
#line 2458 "./util/configparser.y" /* yacc.c:1646 */
#line 2455 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(python-script:%s)\n", (yyvsp[0].str)));
free(cfg_parser->cfg->python_script);
cfg_parser->cfg->python_script = (yyvsp[0].str);
}
#line 5293 "util/configparser.c" /* yacc.c:1646 */
#line 5290 "util/configparser.c" /* yacc.c:1646 */
break;
case 464:
#line 2464 "./util/configparser.y" /* yacc.c:1646 */
#line 2461 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(disable_dnssec_lame_check:%s)\n", (yyvsp[0].str)));
if (strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@ -5302,21 +5299,21 @@ yyreduce:
(strcmp((yyvsp[0].str), "yes")==0);
free((yyvsp[0].str));
}
#line 5306 "util/configparser.c" /* yacc.c:1646 */
#line 5303 "util/configparser.c" /* yacc.c:1646 */
break;
case 465:
#line 2474 "./util/configparser.y" /* yacc.c:1646 */
#line 2471 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(server_log_identity:%s)\n", (yyvsp[0].str)));
free(cfg_parser->cfg->log_identity);
cfg_parser->cfg->log_identity = (yyvsp[0].str);
}
#line 5316 "util/configparser.c" /* yacc.c:1646 */
#line 5313 "util/configparser.c" /* yacc.c:1646 */
break;
case 466:
#line 2481 "./util/configparser.y" /* yacc.c:1646 */
#line 2478 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(server_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
validate_respip_action((yyvsp[0].str));
@ -5324,31 +5321,31 @@ yyreduce:
(yyvsp[-1].str), (yyvsp[0].str)))
fatal_exit("out of memory adding response-ip");
}
#line 5328 "util/configparser.c" /* yacc.c:1646 */
#line 5325 "util/configparser.c" /* yacc.c:1646 */
break;
case 467:
#line 2490 "./util/configparser.y" /* yacc.c:1646 */
#line 2487 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(server_response_ip_data:%s)\n", (yyvsp[-1].str)));
if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data,
(yyvsp[-1].str), (yyvsp[0].str)))
fatal_exit("out of memory adding response-ip-data");
}
#line 5339 "util/configparser.c" /* yacc.c:1646 */
#line 5336 "util/configparser.c" /* yacc.c:1646 */
break;
case 468:
#line 2498 "./util/configparser.y" /* yacc.c:1646 */
#line 2495 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("\nP(dnscrypt:)\n"));
OUTYY(("\nP(dnscrypt:)\n"));
}
#line 5348 "util/configparser.c" /* yacc.c:1646 */
#line 5345 "util/configparser.c" /* yacc.c:1646 */
break;
case 481:
#line 2515 "./util/configparser.y" /* yacc.c:1646 */
#line 2512 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", (yyvsp[0].str)));
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
@ -5356,11 +5353,11 @@ yyreduce:
else cfg_parser->cfg->dnscrypt = (strcmp((yyvsp[0].str), "yes")==0);
free((yyvsp[0].str));
}
#line 5360 "util/configparser.c" /* yacc.c:1646 */
#line 5357 "util/configparser.c" /* yacc.c:1646 */
break;
case 482:
#line 2525 "./util/configparser.y" /* yacc.c:1646 */
#line 2522 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dnsc_dnscrypt_port:%s)\n", (yyvsp[0].str)));
@ -5369,21 +5366,21 @@ yyreduce:
else cfg_parser->cfg->dnscrypt_port = atoi((yyvsp[0].str));
free((yyvsp[0].str));
}
#line 5373 "util/configparser.c" /* yacc.c:1646 */
#line 5370 "util/configparser.c" /* yacc.c:1646 */
break;
case 483:
#line 2535 "./util/configparser.y" /* yacc.c:1646 */
#line 2532 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", (yyvsp[0].str)));
free(cfg_parser->cfg->dnscrypt_provider);
cfg_parser->cfg->dnscrypt_provider = (yyvsp[0].str);
}
#line 5383 "util/configparser.c" /* yacc.c:1646 */
#line 5380 "util/configparser.c" /* yacc.c:1646 */
break;
case 484:
#line 2542 "./util/configparser.y" /* yacc.c:1646 */
#line 2539 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", (yyvsp[0].str)));
if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str)))
@ -5391,21 +5388,21 @@ yyreduce:
if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str)))
fatal_exit("out of memory adding dnscrypt-provider-cert");
}
#line 5395 "util/configparser.c" /* yacc.c:1646 */
#line 5392 "util/configparser.c" /* yacc.c:1646 */
break;
case 485:
#line 2551 "./util/configparser.y" /* yacc.c:1646 */
#line 2548 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", (yyvsp[0].str)));
if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, (yyvsp[0].str)))
fatal_exit("out of memory adding dnscrypt-provider-cert-rotated");
}
#line 5405 "util/configparser.c" /* yacc.c:1646 */
#line 5402 "util/configparser.c" /* yacc.c:1646 */
break;
case 486:
#line 2558 "./util/configparser.y" /* yacc.c:1646 */
#line 2555 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", (yyvsp[0].str)));
if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str)))
@ -5413,22 +5410,22 @@ yyreduce:
if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str)))
fatal_exit("out of memory adding dnscrypt-secret-key");
}
#line 5417 "util/configparser.c" /* yacc.c:1646 */
#line 5414 "util/configparser.c" /* yacc.c:1646 */
break;
case 487:
#line 2567 "./util/configparser.y" /* yacc.c:1646 */
#line 2564 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", (yyvsp[0].str)));
if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
yyerror("memory size expected");
free((yyvsp[0].str));
}
#line 5428 "util/configparser.c" /* yacc.c:1646 */
#line 5425 "util/configparser.c" /* yacc.c:1646 */
break;
case 488:
#line 2575 "./util/configparser.y" /* yacc.c:1646 */
#line 2572 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", (yyvsp[0].str)));
if(atoi((yyvsp[0].str)) == 0)
@ -5440,22 +5437,22 @@ yyreduce:
}
free((yyvsp[0].str));
}
#line 5444 "util/configparser.c" /* yacc.c:1646 */
#line 5441 "util/configparser.c" /* yacc.c:1646 */
break;
case 489:
#line 2588 "./util/configparser.y" /* yacc.c:1646 */
#line 2585 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", (yyvsp[0].str)));
if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_nonce_cache_size))
yyerror("memory size expected");
free((yyvsp[0].str));
}
#line 5455 "util/configparser.c" /* yacc.c:1646 */
#line 5452 "util/configparser.c" /* yacc.c:1646 */
break;
case 490:
#line 2596 "./util/configparser.y" /* yacc.c:1646 */
#line 2593 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", (yyvsp[0].str)));
if(atoi((yyvsp[0].str)) == 0)
@ -5467,19 +5464,19 @@ yyreduce:
}
free((yyvsp[0].str));
}
#line 5471 "util/configparser.c" /* yacc.c:1646 */
#line 5468 "util/configparser.c" /* yacc.c:1646 */
break;
case 491:
#line 2609 "./util/configparser.y" /* yacc.c:1646 */
#line 2606 "./util/configparser.y" /* yacc.c:1646 */
{
OUTYY(("\nP(cachedb:)\n"));
}
#line 5479 "util/configparser.c" /* yacc.c:1646 */
#line 5476 "util/configparser.c" /* yacc.c:1646 */
break;
case 499:
#line 2619 "./util/configparser.y" /* yacc.c:1646 */
#line 2616 "./util/configparser.y" /* yacc.c:1646 */
{
#ifdef USE_CACHEDB
OUTYY(("P(backend:%s)\n", (yyvsp[0].str)));
@ -5492,11 +5489,11 @@ yyreduce:
OUTYY(("P(Compiled without cachedb, ignoring)\n"));
#endif
}
#line 5496 "util/configparser.c" /* yacc.c:1646 */
#line 5493 "util/configparser.c" /* yacc.c:1646 */
break;
case 500:
#line 2633 "./util/configparser.y" /* yacc.c:1646 */
#line 2630 "./util/configparser.y" /* yacc.c:1646 */
{
#ifdef USE_CACHEDB
OUTYY(("P(secret-seed:%s)\n", (yyvsp[0].str)));
@ -5510,11 +5507,11 @@ yyreduce:
free((yyvsp[0].str));
#endif
}
#line 5514 "util/configparser.c" /* yacc.c:1646 */
#line 5511 "util/configparser.c" /* yacc.c:1646 */
break;
case 501:
#line 2648 "./util/configparser.y" /* yacc.c:1646 */
#line 2645 "./util/configparser.y" /* yacc.c:1646 */
{
#if defined(USE_CACHEDB) && defined(USE_REDIS)
OUTYY(("P(redis_server_host:%s)\n", (yyvsp[0].str)));
@ -5525,11 +5522,11 @@ yyreduce:
free((yyvsp[0].str));
#endif
}
#line 5529 "util/configparser.c" /* yacc.c:1646 */
#line 5526 "util/configparser.c" /* yacc.c:1646 */
break;
case 502:
#line 2660 "./util/configparser.y" /* yacc.c:1646 */
#line 2657 "./util/configparser.y" /* yacc.c:1646 */
{
#if defined(USE_CACHEDB) && defined(USE_REDIS)
int port;
@ -5543,11 +5540,11 @@ yyreduce:
#endif
free((yyvsp[0].str));
}
#line 5547 "util/configparser.c" /* yacc.c:1646 */
#line 5544 "util/configparser.c" /* yacc.c:1646 */
break;
case 503:
#line 2675 "./util/configparser.y" /* yacc.c:1646 */
#line 2672 "./util/configparser.y" /* yacc.c:1646 */
{
#if defined(USE_CACHEDB) && defined(USE_REDIS)
OUTYY(("P(redis_timeout:%s)\n", (yyvsp[0].str)));
@ -5559,11 +5556,11 @@ yyreduce:
#endif
free((yyvsp[0].str));
}
#line 5563 "util/configparser.c" /* yacc.c:1646 */
#line 5560 "util/configparser.c" /* yacc.c:1646 */
break;
#line 5567 "util/configparser.c" /* yacc.c:1646 */
#line 5564 "util/configparser.c" /* yacc.c:1646 */
default: break;
}
/* User semantic actions sometimes alter yychar, and that requires
@ -5791,7 +5788,7 @@ yyreturn:
#endif
return yyresult;
}
#line 2687 "./util/configparser.y" /* yacc.c:1906 */
#line 2684 "./util/configparser.y" /* yacc.c:1906 */
/* parse helper routines could be here */

5
util/configparser.y
View File

@ -2294,10 +2294,7 @@ rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG
rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG
{
OUTYY(("P(control_use_cert:%s)\n", $2));
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
yyerror("expected yes or no.");
else cfg_parser->cfg->remote_control_use_cert =
(strcmp($2, "yes")==0);
/* ignored */
free($2);
}
;