mirror of
https://github.com/NLnetLabs/unbound.git
synced 2024-09-21 06:37:08 +00:00
- #4102 for NSD, but for Unbound. Named unix pipes do not use
certificate and key files, access can be restricted with file and directory permissions. The option control-use-cert is no longer used, and ignored if found in unbound.conf. git-svn-id: file:///svn/unbound/trunk@4718 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
parent
3f837bc440
commit
7fd32916e8
@ -62,7 +62,7 @@
|
||||
|
||||
/** dump one rrset zonefile line */
|
||||
static int
|
||||
dump_rrset_line(SSL* ssl, struct ub_packed_rrset_key* k, time_t now, size_t i)
|
||||
dump_rrset_line(RES* ssl, struct ub_packed_rrset_key* k, time_t now, size_t i)
|
||||
{
|
||||
char s[65535];
|
||||
if(!packed_rr_to_string(k, i, now, s, sizeof(s))) {
|
||||
@ -73,7 +73,7 @@ dump_rrset_line(SSL* ssl, struct ub_packed_rrset_key* k, time_t now, size_t i)
|
||||
|
||||
/** dump rrset key and data info */
|
||||
static int
|
||||
dump_rrset(SSL* ssl, struct ub_packed_rrset_key* k,
|
||||
dump_rrset(RES* ssl, struct ub_packed_rrset_key* k,
|
||||
struct packed_rrset_data* d, time_t now)
|
||||
{
|
||||
size_t i;
|
||||
@ -99,7 +99,7 @@ dump_rrset(SSL* ssl, struct ub_packed_rrset_key* k,
|
||||
|
||||
/** dump lruhash rrset cache */
|
||||
static int
|
||||
dump_rrset_lruhash(SSL* ssl, struct lruhash* h, time_t now)
|
||||
dump_rrset_lruhash(RES* ssl, struct lruhash* h, time_t now)
|
||||
{
|
||||
struct lruhash_entry* e;
|
||||
/* lruhash already locked by caller */
|
||||
@ -118,7 +118,7 @@ dump_rrset_lruhash(SSL* ssl, struct lruhash* h, time_t now)
|
||||
|
||||
/** dump rrset cache */
|
||||
static int
|
||||
dump_rrset_cache(SSL* ssl, struct worker* worker)
|
||||
dump_rrset_cache(RES* ssl, struct worker* worker)
|
||||
{
|
||||
struct rrset_cache* r = worker->env.rrset_cache;
|
||||
size_t slab;
|
||||
@ -137,7 +137,7 @@ dump_rrset_cache(SSL* ssl, struct worker* worker)
|
||||
|
||||
/** dump message to rrset reference */
|
||||
static int
|
||||
dump_msg_ref(SSL* ssl, struct ub_packed_rrset_key* k)
|
||||
dump_msg_ref(RES* ssl, struct ub_packed_rrset_key* k)
|
||||
{
|
||||
char* nm, *tp, *cl;
|
||||
nm = sldns_wire2str_dname(k->rk.dname, k->rk.dname_len);
|
||||
@ -164,7 +164,7 @@ dump_msg_ref(SSL* ssl, struct ub_packed_rrset_key* k)
|
||||
|
||||
/** dump message entry */
|
||||
static int
|
||||
dump_msg(SSL* ssl, struct query_info* k, struct reply_info* d,
|
||||
dump_msg(RES* ssl, struct query_info* k, struct reply_info* d,
|
||||
time_t now)
|
||||
{
|
||||
size_t i;
|
||||
@ -246,7 +246,7 @@ copy_msg(struct regional* region, struct lruhash_entry* e,
|
||||
|
||||
/** dump lruhash msg cache */
|
||||
static int
|
||||
dump_msg_lruhash(SSL* ssl, struct worker* worker, struct lruhash* h)
|
||||
dump_msg_lruhash(RES* ssl, struct worker* worker, struct lruhash* h)
|
||||
{
|
||||
struct lruhash_entry* e;
|
||||
struct query_info* k;
|
||||
@ -274,7 +274,7 @@ dump_msg_lruhash(SSL* ssl, struct worker* worker, struct lruhash* h)
|
||||
|
||||
/** dump msg cache */
|
||||
static int
|
||||
dump_msg_cache(SSL* ssl, struct worker* worker)
|
||||
dump_msg_cache(RES* ssl, struct worker* worker)
|
||||
{
|
||||
struct slabhash* sh = worker->env.msg_cache;
|
||||
size_t slab;
|
||||
@ -291,7 +291,7 @@ dump_msg_cache(SSL* ssl, struct worker* worker)
|
||||
}
|
||||
|
||||
int
|
||||
dump_cache(SSL* ssl, struct worker* worker)
|
||||
dump_cache(RES* ssl, struct worker* worker)
|
||||
{
|
||||
if(!dump_rrset_cache(ssl, worker))
|
||||
return 0;
|
||||
@ -302,7 +302,7 @@ dump_cache(SSL* ssl, struct worker* worker)
|
||||
|
||||
/** read a line from ssl into buffer */
|
||||
static int
|
||||
ssl_read_buf(SSL* ssl, sldns_buffer* buf)
|
||||
ssl_read_buf(RES* ssl, sldns_buffer* buf)
|
||||
{
|
||||
return ssl_read_line(ssl, (char*)sldns_buffer_begin(buf),
|
||||
sldns_buffer_capacity(buf));
|
||||
@ -310,7 +310,7 @@ ssl_read_buf(SSL* ssl, sldns_buffer* buf)
|
||||
|
||||
/** check fixed text on line */
|
||||
static int
|
||||
read_fixed(SSL* ssl, sldns_buffer* buf, const char* str)
|
||||
read_fixed(RES* ssl, sldns_buffer* buf, const char* str)
|
||||
{
|
||||
if(!ssl_read_buf(ssl, buf)) return 0;
|
||||
return (strcmp((char*)sldns_buffer_begin(buf), str) == 0);
|
||||
@ -318,7 +318,7 @@ read_fixed(SSL* ssl, sldns_buffer* buf, const char* str)
|
||||
|
||||
/** load an RR into rrset */
|
||||
static int
|
||||
load_rr(SSL* ssl, sldns_buffer* buf, struct regional* region,
|
||||
load_rr(RES* ssl, sldns_buffer* buf, struct regional* region,
|
||||
struct ub_packed_rrset_key* rk, struct packed_rrset_data* d,
|
||||
unsigned int i, int is_rrsig, int* go_on, time_t now)
|
||||
{
|
||||
@ -435,7 +435,7 @@ move_into_cache(struct ub_packed_rrset_key* k,
|
||||
|
||||
/** load an rrset entry */
|
||||
static int
|
||||
load_rrset(SSL* ssl, sldns_buffer* buf, struct worker* worker)
|
||||
load_rrset(RES* ssl, sldns_buffer* buf, struct worker* worker)
|
||||
{
|
||||
char* s = (char*)sldns_buffer_begin(buf);
|
||||
struct regional* region = worker->scratchpad;
|
||||
@ -519,7 +519,7 @@ load_rrset(SSL* ssl, sldns_buffer* buf, struct worker* worker)
|
||||
|
||||
/** load rrset cache */
|
||||
static int
|
||||
load_rrset_cache(SSL* ssl, struct worker* worker)
|
||||
load_rrset_cache(RES* ssl, struct worker* worker)
|
||||
{
|
||||
sldns_buffer* buf = worker->env.scratch_buffer;
|
||||
if(!read_fixed(ssl, buf, "START_RRSET_CACHE")) return 0;
|
||||
@ -575,7 +575,7 @@ load_qinfo(char* str, struct query_info* qinfo, struct regional* region)
|
||||
|
||||
/** load a msg rrset reference */
|
||||
static int
|
||||
load_ref(SSL* ssl, sldns_buffer* buf, struct worker* worker,
|
||||
load_ref(RES* ssl, sldns_buffer* buf, struct worker* worker,
|
||||
struct regional *region, struct ub_packed_rrset_key** rrset,
|
||||
int* go_on)
|
||||
{
|
||||
@ -620,7 +620,7 @@ load_ref(SSL* ssl, sldns_buffer* buf, struct worker* worker,
|
||||
|
||||
/** load a msg entry */
|
||||
static int
|
||||
load_msg(SSL* ssl, sldns_buffer* buf, struct worker* worker)
|
||||
load_msg(RES* ssl, sldns_buffer* buf, struct worker* worker)
|
||||
{
|
||||
struct regional* region = worker->scratchpad;
|
||||
struct query_info qinf;
|
||||
@ -685,7 +685,7 @@ load_msg(SSL* ssl, sldns_buffer* buf, struct worker* worker)
|
||||
|
||||
/** load msg cache */
|
||||
static int
|
||||
load_msg_cache(SSL* ssl, struct worker* worker)
|
||||
load_msg_cache(RES* ssl, struct worker* worker)
|
||||
{
|
||||
sldns_buffer* buf = worker->env.scratch_buffer;
|
||||
if(!read_fixed(ssl, buf, "START_MSG_CACHE")) return 0;
|
||||
@ -698,7 +698,7 @@ load_msg_cache(SSL* ssl, struct worker* worker)
|
||||
}
|
||||
|
||||
int
|
||||
load_cache(SSL* ssl, struct worker* worker)
|
||||
load_cache(RES* ssl, struct worker* worker)
|
||||
{
|
||||
if(!load_rrset_cache(ssl, worker))
|
||||
return 0;
|
||||
@ -709,7 +709,7 @@ load_cache(SSL* ssl, struct worker* worker)
|
||||
|
||||
/** print details on a delegation point */
|
||||
static void
|
||||
print_dp_details(SSL* ssl, struct worker* worker, struct delegpt* dp)
|
||||
print_dp_details(RES* ssl, struct worker* worker, struct delegpt* dp)
|
||||
{
|
||||
char buf[257];
|
||||
struct delegpt_addr* a;
|
||||
@ -785,7 +785,7 @@ print_dp_details(SSL* ssl, struct worker* worker, struct delegpt* dp)
|
||||
|
||||
/** print main dp info */
|
||||
static void
|
||||
print_dp_main(SSL* ssl, struct delegpt* dp, struct dns_msg* msg)
|
||||
print_dp_main(RES* ssl, struct delegpt* dp, struct dns_msg* msg)
|
||||
{
|
||||
size_t i, n_ns, n_miss, n_addr, n_res, n_avail;
|
||||
|
||||
@ -813,7 +813,7 @@ print_dp_main(SSL* ssl, struct delegpt* dp, struct dns_msg* msg)
|
||||
return;
|
||||
}
|
||||
|
||||
int print_deleg_lookup(SSL* ssl, struct worker* worker, uint8_t* nm,
|
||||
int print_deleg_lookup(RES* ssl, struct worker* worker, uint8_t* nm,
|
||||
size_t nmlen, int ATTR_UNUSED(nmlabs))
|
||||
{
|
||||
/* deep links into the iterator module */
|
||||
|
@ -72,6 +72,7 @@
|
||||
#ifndef DAEMON_DUMPCACHE_H
|
||||
#define DAEMON_DUMPCACHE_H
|
||||
struct worker;
|
||||
#include "daemon/remote.h"
|
||||
|
||||
/**
|
||||
* Dump cache(s) to text
|
||||
@ -80,7 +81,7 @@ struct worker;
|
||||
* ptrs to the caches.
|
||||
* @return false on ssl print error.
|
||||
*/
|
||||
int dump_cache(SSL* ssl, struct worker* worker);
|
||||
int dump_cache(RES* ssl, struct worker* worker);
|
||||
|
||||
/**
|
||||
* Load cache(s) from text
|
||||
@ -89,7 +90,7 @@ int dump_cache(SSL* ssl, struct worker* worker);
|
||||
* ptrs to the caches.
|
||||
* @return false on ssl error.
|
||||
*/
|
||||
int load_cache(SSL* ssl, struct worker* worker);
|
||||
int load_cache(RES* ssl, struct worker* worker);
|
||||
|
||||
/**
|
||||
* Print the delegation used to lookup for this name.
|
||||
@ -101,7 +102,7 @@ int load_cache(SSL* ssl, struct worker* worker);
|
||||
* @param nmlabs: labels in name.
|
||||
* @return false on ssl error.
|
||||
*/
|
||||
int print_deleg_lookup(SSL* ssl, struct worker* worker, uint8_t* nm,
|
||||
int print_deleg_lookup(RES* ssl, struct worker* worker, uint8_t* nm,
|
||||
size_t nmlen, int nmlabs);
|
||||
|
||||
#endif /* DAEMON_DUMPCACHE_H */
|
||||
|
496
daemon/remote.c
496
daemon/remote.c
File diff suppressed because it is too large
Load Diff
@ -73,6 +73,8 @@ struct rc_state {
|
||||
/** the ssl state */
|
||||
SSL* ssl;
|
||||
#endif
|
||||
/** file descriptor */
|
||||
int fd;
|
||||
/** the rc this is part of */
|
||||
struct daemon_remote* rc;
|
||||
};
|
||||
@ -103,6 +105,17 @@ struct daemon_remote {
|
||||
#endif
|
||||
};
|
||||
|
||||
/**
|
||||
* Connection to print to, either SSL or plain over fd
|
||||
*/
|
||||
struct remote_stream {
|
||||
/** SSL structure, nonNULL if using SSL */
|
||||
SSL* ssl;
|
||||
/** file descriptor for plain transfer */
|
||||
int fd;
|
||||
};
|
||||
typedef struct remote_stream RES;
|
||||
|
||||
/**
|
||||
* Create new remote control state for the daemon.
|
||||
* @param cfg: config file with key file settings.
|
||||
@ -166,26 +179,26 @@ void daemon_remote_exec(struct worker* worker);
|
||||
* @param text: the text.
|
||||
* @return false on connection failure.
|
||||
*/
|
||||
int ssl_print_text(SSL* ssl, const char* text);
|
||||
int ssl_print_text(RES* ssl, const char* text);
|
||||
|
||||
/**
|
||||
* printf style printing to the ssl connection
|
||||
* @param ssl: the SSL connection to print to. Blocking.
|
||||
* @param ssl: the RES connection to print to. Blocking.
|
||||
* @param format: printf style format string.
|
||||
* @return success or false on a network failure.
|
||||
*/
|
||||
int ssl_printf(SSL* ssl, const char* format, ...)
|
||||
int ssl_printf(RES* ssl, const char* format, ...)
|
||||
ATTR_FORMAT(printf, 2, 3);
|
||||
|
||||
/**
|
||||
* Read until \n is encountered
|
||||
* If SSL signals EOF, the string up to then is returned (without \n).
|
||||
* @param ssl: the SSL connection to read from. blocking.
|
||||
* If stream signals EOF, the string up to then is returned (without \n).
|
||||
* @param ssl: the RES connection to read from. blocking.
|
||||
* @param buf: buffer to read to.
|
||||
* @param max: size of buffer.
|
||||
* @return false on connection failure.
|
||||
*/
|
||||
int ssl_read_line(SSL* ssl, char* buf, size_t max);
|
||||
int ssl_read_line(RES* ssl, char* buf, size_t max);
|
||||
#endif /* HAVE_SSL */
|
||||
|
||||
#endif /* DAEMON_REMOTE_H */
|
||||
|
@ -1,3 +1,9 @@
|
||||
12 June 2018: Wouter
|
||||
- #4102 for NSD, but for Unbound. Named unix pipes do not use
|
||||
certificate and key files, access can be restricted with file and
|
||||
directory permissions. The option control-use-cert is no longer
|
||||
used, and ignored if found in unbound.conf.
|
||||
|
||||
6 June 2018: Wouter
|
||||
- Patch to fix openwrt for mac os build darwin detection in configure.
|
||||
|
||||
|
@ -774,12 +774,10 @@ remote-control:
|
||||
# set up the keys and certificates with unbound-control-setup.
|
||||
# control-enable: no
|
||||
|
||||
# Set to no and use an absolute path as control-interface to use
|
||||
# a unix local named pipe for unbound-control.
|
||||
# control-use-cert: yes
|
||||
|
||||
# what interfaces are listened to for remote control.
|
||||
# give 0.0.0.0 and ::0 to listen to all interfaces.
|
||||
# set to an absolute path to use a unix local name pipe, certificates
|
||||
# are not used for that, so key and cert files need not be present.
|
||||
# control-interface: 127.0.0.1
|
||||
# control-interface: ::1
|
||||
|
||||
|
@ -1369,6 +1369,14 @@ By default localhost (127.0.0.1 and ::1) is listened to.
|
||||
Use 0.0.0.0 and ::0 to listen to all interfaces.
|
||||
If you change this and permissions have been dropped, you must restart
|
||||
the server for the change to take effect.
|
||||
.IP
|
||||
If you set it to an absolute path, a local socket is used. The local socket
|
||||
does not use the certificates and keys, so those files need not be present.
|
||||
To restrict access, unbound sets permissions on the file to the user and
|
||||
group that is configured, the access bits are set to allow the group members
|
||||
to access the control socket file. Put users that need to access the socket
|
||||
in the that group. To restrict access further, create a directory to put
|
||||
the control socket in and restrict access to that directory.
|
||||
.TP 5
|
||||
.B control\-port: \fI<port number>
|
||||
The port number to listen on for IPv4 or IPv6 control interfaces,
|
||||
@ -1376,13 +1384,6 @@ default is 8953.
|
||||
If you change this and permissions have been dropped, you must restart
|
||||
the server for the change to take effect.
|
||||
.TP 5
|
||||
.B control\-use\-cert: \fI<yes or no>
|
||||
Whether to require certificate authentication of control connections.
|
||||
The default is "yes".
|
||||
This should not be changed unless there are other mechanisms in place
|
||||
to prevent untrusted users from accessing the remote control
|
||||
interface.
|
||||
.TP 5
|
||||
.B server\-key\-file: \fI<private key file>
|
||||
Path to the server private key, by default unbound_server.key.
|
||||
This file is generated by the \fIunbound\-control\-setup\fR utility.
|
||||
|
@ -542,7 +542,7 @@ morechecks(struct config_file* cfg, const char* fname)
|
||||
# endif
|
||||
}
|
||||
#endif
|
||||
if(cfg->remote_control_enable && cfg->remote_control_use_cert) {
|
||||
if(cfg->remote_control_enable && options_remote_is_address(cfg)) {
|
||||
check_chroot_string("server-key-file", &cfg->server_key_file,
|
||||
cfg->chrootdir, cfg);
|
||||
check_chroot_string("server-cert-file", &cfg->server_cert_file,
|
||||
|
@ -451,47 +451,33 @@ setup_ctx(struct config_file* cfg)
|
||||
char* s_cert=NULL, *c_key=NULL, *c_cert=NULL;
|
||||
SSL_CTX* ctx;
|
||||
|
||||
if(cfg->remote_control_use_cert) {
|
||||
s_cert = fname_after_chroot(cfg->server_cert_file, cfg, 1);
|
||||
c_key = fname_after_chroot(cfg->control_key_file, cfg, 1);
|
||||
c_cert = fname_after_chroot(cfg->control_cert_file, cfg, 1);
|
||||
if(!s_cert || !c_key || !c_cert)
|
||||
fatal_exit("out of memory");
|
||||
}
|
||||
if(!options_remote_is_address(cfg))
|
||||
return NULL;
|
||||
s_cert = fname_after_chroot(cfg->server_cert_file, cfg, 1);
|
||||
c_key = fname_after_chroot(cfg->control_key_file, cfg, 1);
|
||||
c_cert = fname_after_chroot(cfg->control_cert_file, cfg, 1);
|
||||
if(!s_cert || !c_key || !c_cert)
|
||||
fatal_exit("out of memory");
|
||||
ctx = SSL_CTX_new(SSLv23_client_method());
|
||||
if(!ctx)
|
||||
ssl_err("could not allocate SSL_CTX pointer");
|
||||
if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv2) & SSL_OP_NO_SSLv2)
|
||||
!= SSL_OP_NO_SSLv2)
|
||||
ssl_err("could not set SSL_OP_NO_SSLv2");
|
||||
if(cfg->remote_control_use_cert) {
|
||||
if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)
|
||||
!= SSL_OP_NO_SSLv3)
|
||||
ssl_err("could not set SSL_OP_NO_SSLv3");
|
||||
if(!SSL_CTX_use_certificate_chain_file(ctx,c_cert) ||
|
||||
!SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM)
|
||||
|| !SSL_CTX_check_private_key(ctx))
|
||||
ssl_err("Error setting up SSL_CTX client key and cert");
|
||||
if (SSL_CTX_load_verify_locations(ctx, s_cert, NULL) != 1)
|
||||
ssl_err("Error setting up SSL_CTX verify, server cert");
|
||||
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
|
||||
if((SSL_CTX_set_options(ctx, SSL_OP_NO_SSLv3) & SSL_OP_NO_SSLv3)
|
||||
!= SSL_OP_NO_SSLv3)
|
||||
ssl_err("could not set SSL_OP_NO_SSLv3");
|
||||
if(!SSL_CTX_use_certificate_chain_file(ctx,c_cert) ||
|
||||
!SSL_CTX_use_PrivateKey_file(ctx,c_key,SSL_FILETYPE_PEM)
|
||||
|| !SSL_CTX_check_private_key(ctx))
|
||||
ssl_err("Error setting up SSL_CTX client key and cert");
|
||||
if (SSL_CTX_load_verify_locations(ctx, s_cert, NULL) != 1)
|
||||
ssl_err("Error setting up SSL_CTX verify, server cert");
|
||||
SSL_CTX_set_verify(ctx, SSL_VERIFY_PEER, NULL);
|
||||
|
||||
free(s_cert);
|
||||
free(c_key);
|
||||
free(c_cert);
|
||||
} else {
|
||||
/* Use ciphers that don't require authentication */
|
||||
#if defined(SSL_OP_NO_TLSv1_3)
|
||||
/* in openssl 1.1.1, negotiation code for tls 1.3 does
|
||||
* not allow the unauthenticated aNULL and eNULL ciphers */
|
||||
SSL_CTX_set_options(ctx, SSL_OP_NO_TLSv1_3);
|
||||
#endif
|
||||
#ifdef HAVE_SSL_CTX_SET_SECURITY_LEVEL
|
||||
SSL_CTX_set_security_level(ctx, 0);
|
||||
#endif
|
||||
if(!SSL_CTX_set_cipher_list(ctx, "aNULL:eNULL"))
|
||||
ssl_err("Error setting NULL cipher!");
|
||||
}
|
||||
free(s_cert);
|
||||
free(c_key);
|
||||
free(c_cert);
|
||||
return ctx;
|
||||
}
|
||||
|
||||
@ -571,12 +557,13 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd)
|
||||
|
||||
/** setup SSL on the connection */
|
||||
static SSL*
|
||||
setup_ssl(SSL_CTX* ctx, int fd, struct config_file* cfg)
|
||||
setup_ssl(SSL_CTX* ctx, int fd)
|
||||
{
|
||||
SSL* ssl;
|
||||
X509* x;
|
||||
int r;
|
||||
|
||||
if(!ctx) return NULL;
|
||||
ssl = SSL_new(ctx);
|
||||
if(!ssl)
|
||||
ssl_err("could not SSL_new");
|
||||
@ -597,78 +584,106 @@ setup_ssl(SSL_CTX* ctx, int fd, struct config_file* cfg)
|
||||
/* check authenticity of server */
|
||||
if(SSL_get_verify_result(ssl) != X509_V_OK)
|
||||
ssl_err("SSL verification failed");
|
||||
if(cfg->remote_control_use_cert) {
|
||||
x = SSL_get_peer_certificate(ssl);
|
||||
if(!x)
|
||||
ssl_err("Server presented no peer certificate");
|
||||
X509_free(x);
|
||||
}
|
||||
x = SSL_get_peer_certificate(ssl);
|
||||
if(!x)
|
||||
ssl_err("Server presented no peer certificate");
|
||||
X509_free(x);
|
||||
|
||||
return ssl;
|
||||
}
|
||||
|
||||
/** read from ssl or fd, fatalexit on error, 0 EOF, 1 success */
|
||||
static int
|
||||
remote_read(SSL* ssl, int fd, char* buf, size_t len)
|
||||
{
|
||||
if(ssl) {
|
||||
int r;
|
||||
ERR_clear_error();
|
||||
if((r = SSL_read(ssl, buf, (int)len-1)) <= 0) {
|
||||
if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN) {
|
||||
/* EOF */
|
||||
return 0;
|
||||
}
|
||||
ssl_err("could not SSL_read");
|
||||
}
|
||||
buf[r] = 0;
|
||||
} else {
|
||||
ssize_t rr = read(fd, buf, len-1);
|
||||
if(rr <= 0) {
|
||||
if(rr == 0) {
|
||||
/* EOF */
|
||||
return 0;
|
||||
}
|
||||
fatal_exit("could not read: %s", strerror(errno));
|
||||
}
|
||||
buf[rr] = 0;
|
||||
}
|
||||
return 1;
|
||||
}
|
||||
|
||||
/** write to ssl or fd, fatalexit on error */
|
||||
static void
|
||||
remote_write(SSL* ssl, int fd, const char* buf, size_t len)
|
||||
{
|
||||
if(ssl) {
|
||||
if(SSL_write(ssl, buf, (int)len) <= 0)
|
||||
ssl_err("could not SSL_write");
|
||||
} else {
|
||||
if(write(fd, buf, len) < (ssize_t)len)
|
||||
fatal_exit("could not write: %s", strerror(errno));
|
||||
}
|
||||
}
|
||||
|
||||
/** send stdin to server */
|
||||
static void
|
||||
send_file(SSL* ssl, FILE* in, char* buf, size_t sz)
|
||||
send_file(SSL* ssl, int fd, FILE* in, char* buf, size_t sz)
|
||||
{
|
||||
while(fgets(buf, (int)sz, in)) {
|
||||
if(SSL_write(ssl, buf, (int)strlen(buf)) <= 0)
|
||||
ssl_err("could not SSL_write contents");
|
||||
remote_write(ssl, fd, buf, strlen(buf));
|
||||
}
|
||||
}
|
||||
|
||||
/** send end-of-file marker to server */
|
||||
static void
|
||||
send_eof(SSL* ssl)
|
||||
send_eof(SSL* ssl, int fd)
|
||||
{
|
||||
char e[] = {0x04, 0x0a};
|
||||
if(SSL_write(ssl, e, (int)sizeof(e)) <= 0)
|
||||
ssl_err("could not SSL_write end-of-file marker");
|
||||
remote_write(ssl, fd, e, sizeof(e));
|
||||
}
|
||||
|
||||
/** send command and display result */
|
||||
static int
|
||||
go_cmd(SSL* ssl, int quiet, int argc, char* argv[])
|
||||
go_cmd(SSL* ssl, int fd, int quiet, int argc, char* argv[])
|
||||
{
|
||||
char pre[10];
|
||||
const char* space=" ";
|
||||
const char* newline="\n";
|
||||
int was_error = 0, first_line = 1;
|
||||
int r, i;
|
||||
int i;
|
||||
char buf[1024];
|
||||
snprintf(pre, sizeof(pre), "UBCT%d ", UNBOUND_CONTROL_VERSION);
|
||||
if(SSL_write(ssl, pre, (int)strlen(pre)) <= 0)
|
||||
ssl_err("could not SSL_write");
|
||||
remote_write(ssl, fd, pre, strlen(pre));
|
||||
for(i=0; i<argc; i++) {
|
||||
if(SSL_write(ssl, space, (int)strlen(space)) <= 0)
|
||||
ssl_err("could not SSL_write");
|
||||
if(SSL_write(ssl, argv[i], (int)strlen(argv[i])) <= 0)
|
||||
ssl_err("could not SSL_write");
|
||||
remote_write(ssl, fd, space, strlen(space));
|
||||
remote_write(ssl, fd, argv[i], strlen(argv[i]));
|
||||
}
|
||||
if(SSL_write(ssl, newline, (int)strlen(newline)) <= 0)
|
||||
ssl_err("could not SSL_write");
|
||||
remote_write(ssl, fd, newline, strlen(newline));
|
||||
|
||||
if(argc == 1 && strcmp(argv[0], "load_cache") == 0) {
|
||||
send_file(ssl, stdin, buf, sizeof(buf));
|
||||
send_file(ssl, fd, stdin, buf, sizeof(buf));
|
||||
}
|
||||
else if(argc == 1 && (strcmp(argv[0], "local_zones") == 0 ||
|
||||
strcmp(argv[0], "local_zones_remove") == 0 ||
|
||||
strcmp(argv[0], "local_datas") == 0 ||
|
||||
strcmp(argv[0], "local_datas_remove") == 0)) {
|
||||
send_file(ssl, stdin, buf, sizeof(buf));
|
||||
send_eof(ssl);
|
||||
send_file(ssl, fd, stdin, buf, sizeof(buf));
|
||||
send_eof(ssl, fd);
|
||||
}
|
||||
|
||||
while(1) {
|
||||
ERR_clear_error();
|
||||
if((r = SSL_read(ssl, buf, (int)sizeof(buf)-1)) <= 0) {
|
||||
if(SSL_get_error(ssl, r) == SSL_ERROR_ZERO_RETURN) {
|
||||
/* EOF */
|
||||
break;
|
||||
}
|
||||
ssl_err("could not SSL_read");
|
||||
if(remote_read(ssl, fd, buf, sizeof(buf)) == 0) {
|
||||
break; /* EOF */
|
||||
}
|
||||
buf[r] = 0;
|
||||
if(first_line && strncmp(buf, "error", 5) == 0) {
|
||||
printf("%s", buf);
|
||||
was_error = 1;
|
||||
@ -703,18 +718,18 @@ go(const char* cfgfile, char* svr, int quiet, int argc, char* argv[])
|
||||
|
||||
/* contact server */
|
||||
fd = contact_server(svr, cfg, argc>0&&strcmp(argv[0],"status")==0);
|
||||
ssl = setup_ssl(ctx, fd, cfg);
|
||||
ssl = setup_ssl(ctx, fd);
|
||||
|
||||
/* send command */
|
||||
ret = go_cmd(ssl, quiet, argc, argv);
|
||||
ret = go_cmd(ssl, fd, quiet, argc, argv);
|
||||
|
||||
SSL_free(ssl);
|
||||
if(ssl) SSL_free(ssl);
|
||||
#ifndef USE_WINSOCK
|
||||
close(fd);
|
||||
#else
|
||||
closesocket(fd);
|
||||
#endif
|
||||
SSL_CTX_free(ctx);
|
||||
if(ctx) SSL_CTX_free(ctx);
|
||||
config_delete(cfg);
|
||||
return ret;
|
||||
}
|
||||
|
@ -246,7 +246,6 @@ config_create(void)
|
||||
cfg->remote_control_enable = 0;
|
||||
cfg->control_ifs = NULL;
|
||||
cfg->control_port = UNBOUND_CONTROL_PORT;
|
||||
cfg->remote_control_use_cert = 1;
|
||||
cfg->minimal_responses = 0;
|
||||
cfg->rrset_roundrobin = 0;
|
||||
cfg->max_udp_size = 4096;
|
||||
@ -2264,3 +2263,12 @@ void errinf_dname(struct module_qstate* qstate, const char* str, uint8_t* dname)
|
||||
snprintf(b, sizeof(b), "%s %s", str, buf);
|
||||
errinf(qstate, b);
|
||||
}
|
||||
|
||||
int options_remote_is_address(struct config_file* cfg)
|
||||
{
|
||||
if(!cfg->remote_control_enable) return 0;
|
||||
if(!cfg->control_ifs) return 1;
|
||||
if(!cfg->control_ifs->str) return 1;
|
||||
if(cfg->control_ifs->str[0] == 0) return 1;
|
||||
return (cfg->control_ifs->str[0] != '/');
|
||||
}
|
||||
|
@ -377,8 +377,6 @@ struct config_file {
|
||||
struct config_strlist* control_ifs;
|
||||
/** port number for the control port */
|
||||
int control_port;
|
||||
/** use certificates for remote control */
|
||||
int remote_control_use_cert;
|
||||
/** private key file for server */
|
||||
char* server_key_file;
|
||||
/** certificate file for server */
|
||||
@ -894,6 +892,10 @@ void config_delview(struct config_view* p);
|
||||
*/
|
||||
void config_delviews(struct config_view* list);
|
||||
|
||||
/** check if config turns on IP-address interface with certificates or a
|
||||
* named pipe without certificates. */
|
||||
int options_remote_is_address(struct config_file* cfg);
|
||||
|
||||
/**
|
||||
* Convert 14digit to time value
|
||||
* @param str: string of 14 digits
|
||||
|
@ -999,15 +999,15 @@ static const yytype_uint16 yyrline[] =
|
||||
2025, 2034, 2044, 2054, 2064, 2071, 2078, 2087, 2097, 2107,
|
||||
2114, 2121, 2128, 2136, 2146, 2156, 2166, 2176, 2206, 2216,
|
||||
2224, 2233, 2248, 2257, 2262, 2263, 2264, 2264, 2264, 2265,
|
||||
2265, 2265, 2266, 2266, 2268, 2278, 2287, 2294, 2304, 2311,
|
||||
2318, 2325, 2332, 2337, 2338, 2339, 2339, 2340, 2340, 2341,
|
||||
2341, 2342, 2343, 2344, 2345, 2346, 2347, 2349, 2357, 2364,
|
||||
2372, 2380, 2387, 2394, 2403, 2412, 2421, 2430, 2439, 2448,
|
||||
2453, 2454, 2455, 2457, 2463, 2473, 2480, 2489, 2497, 2503,
|
||||
2504, 2506, 2506, 2506, 2507, 2507, 2508, 2509, 2510, 2511,
|
||||
2512, 2514, 2524, 2534, 2541, 2550, 2557, 2566, 2574, 2587,
|
||||
2595, 2608, 2613, 2614, 2615, 2615, 2616, 2616, 2616, 2618,
|
||||
2632, 2647, 2659, 2674
|
||||
2265, 2265, 2266, 2266, 2268, 2278, 2287, 2294, 2301, 2308,
|
||||
2315, 2322, 2329, 2334, 2335, 2336, 2336, 2337, 2337, 2338,
|
||||
2338, 2339, 2340, 2341, 2342, 2343, 2344, 2346, 2354, 2361,
|
||||
2369, 2377, 2384, 2391, 2400, 2409, 2418, 2427, 2436, 2445,
|
||||
2450, 2451, 2452, 2454, 2460, 2470, 2477, 2486, 2494, 2500,
|
||||
2501, 2503, 2503, 2503, 2504, 2504, 2505, 2506, 2507, 2508,
|
||||
2509, 2511, 2521, 2531, 2538, 2547, 2554, 2563, 2571, 2584,
|
||||
2592, 2605, 2610, 2611, 2612, 2612, 2613, 2613, 2613, 2615,
|
||||
2629, 2644, 2656, 2671
|
||||
};
|
||||
#endif
|
||||
|
||||
@ -5082,128 +5082,125 @@ yyreduce:
|
||||
#line 2295 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(control_use_cert:%s)\n", (yyvsp[0].str)));
|
||||
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
|
||||
yyerror("expected yes or no.");
|
||||
else cfg_parser->cfg->remote_control_use_cert =
|
||||
(strcmp((yyvsp[0].str), "yes")==0);
|
||||
/* ignored */
|
||||
free((yyvsp[0].str));
|
||||
}
|
||||
#line 5092 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5089 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 428:
|
||||
#line 2305 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2302 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(rc_server_key_file:%s)\n", (yyvsp[0].str)));
|
||||
free(cfg_parser->cfg->server_key_file);
|
||||
cfg_parser->cfg->server_key_file = (yyvsp[0].str);
|
||||
}
|
||||
#line 5102 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5099 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 429:
|
||||
#line 2312 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2309 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(rc_server_cert_file:%s)\n", (yyvsp[0].str)));
|
||||
free(cfg_parser->cfg->server_cert_file);
|
||||
cfg_parser->cfg->server_cert_file = (yyvsp[0].str);
|
||||
}
|
||||
#line 5112 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5109 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 430:
|
||||
#line 2319 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2316 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(rc_control_key_file:%s)\n", (yyvsp[0].str)));
|
||||
free(cfg_parser->cfg->control_key_file);
|
||||
cfg_parser->cfg->control_key_file = (yyvsp[0].str);
|
||||
}
|
||||
#line 5122 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5119 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 431:
|
||||
#line 2326 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2323 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(rc_control_cert_file:%s)\n", (yyvsp[0].str)));
|
||||
free(cfg_parser->cfg->control_cert_file);
|
||||
cfg_parser->cfg->control_cert_file = (yyvsp[0].str);
|
||||
}
|
||||
#line 5132 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5129 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 432:
|
||||
#line 2333 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2330 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("\nP(dnstap:)\n"));
|
||||
}
|
||||
#line 5140 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5137 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 447:
|
||||
#line 2350 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2347 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dt_dnstap_enable:%s)\n", (yyvsp[0].str)));
|
||||
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
|
||||
yyerror("expected yes or no.");
|
||||
else cfg_parser->cfg->dnstap = (strcmp((yyvsp[0].str), "yes")==0);
|
||||
}
|
||||
#line 5151 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5148 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 448:
|
||||
#line 2358 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2355 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dt_dnstap_socket_path:%s)\n", (yyvsp[0].str)));
|
||||
free(cfg_parser->cfg->dnstap_socket_path);
|
||||
cfg_parser->cfg->dnstap_socket_path = (yyvsp[0].str);
|
||||
}
|
||||
#line 5161 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5158 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 449:
|
||||
#line 2365 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2362 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dt_dnstap_send_identity:%s)\n", (yyvsp[0].str)));
|
||||
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
|
||||
yyerror("expected yes or no.");
|
||||
else cfg_parser->cfg->dnstap_send_identity = (strcmp((yyvsp[0].str), "yes")==0);
|
||||
}
|
||||
#line 5172 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5169 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 450:
|
||||
#line 2373 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2370 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dt_dnstap_send_version:%s)\n", (yyvsp[0].str)));
|
||||
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
|
||||
yyerror("expected yes or no.");
|
||||
else cfg_parser->cfg->dnstap_send_version = (strcmp((yyvsp[0].str), "yes")==0);
|
||||
}
|
||||
#line 5183 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5180 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 451:
|
||||
#line 2381 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2378 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dt_dnstap_identity:%s)\n", (yyvsp[0].str)));
|
||||
free(cfg_parser->cfg->dnstap_identity);
|
||||
cfg_parser->cfg->dnstap_identity = (yyvsp[0].str);
|
||||
}
|
||||
#line 5193 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5190 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 452:
|
||||
#line 2388 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2385 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dt_dnstap_version:%s)\n", (yyvsp[0].str)));
|
||||
free(cfg_parser->cfg->dnstap_version);
|
||||
cfg_parser->cfg->dnstap_version = (yyvsp[0].str);
|
||||
}
|
||||
#line 5203 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5200 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 453:
|
||||
#line 2395 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2392 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dt_dnstap_log_resolver_query_messages:%s)\n", (yyvsp[0].str)));
|
||||
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
|
||||
@ -5211,11 +5208,11 @@ yyreduce:
|
||||
else cfg_parser->cfg->dnstap_log_resolver_query_messages =
|
||||
(strcmp((yyvsp[0].str), "yes")==0);
|
||||
}
|
||||
#line 5215 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5212 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 454:
|
||||
#line 2404 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2401 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dt_dnstap_log_resolver_response_messages:%s)\n", (yyvsp[0].str)));
|
||||
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
|
||||
@ -5223,11 +5220,11 @@ yyreduce:
|
||||
else cfg_parser->cfg->dnstap_log_resolver_response_messages =
|
||||
(strcmp((yyvsp[0].str), "yes")==0);
|
||||
}
|
||||
#line 5227 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5224 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 455:
|
||||
#line 2413 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2410 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dt_dnstap_log_client_query_messages:%s)\n", (yyvsp[0].str)));
|
||||
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
|
||||
@ -5235,11 +5232,11 @@ yyreduce:
|
||||
else cfg_parser->cfg->dnstap_log_client_query_messages =
|
||||
(strcmp((yyvsp[0].str), "yes")==0);
|
||||
}
|
||||
#line 5239 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5236 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 456:
|
||||
#line 2422 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2419 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dt_dnstap_log_client_response_messages:%s)\n", (yyvsp[0].str)));
|
||||
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
|
||||
@ -5247,11 +5244,11 @@ yyreduce:
|
||||
else cfg_parser->cfg->dnstap_log_client_response_messages =
|
||||
(strcmp((yyvsp[0].str), "yes")==0);
|
||||
}
|
||||
#line 5251 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5248 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 457:
|
||||
#line 2431 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2428 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dt_dnstap_log_forwarder_query_messages:%s)\n", (yyvsp[0].str)));
|
||||
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
|
||||
@ -5259,11 +5256,11 @@ yyreduce:
|
||||
else cfg_parser->cfg->dnstap_log_forwarder_query_messages =
|
||||
(strcmp((yyvsp[0].str), "yes")==0);
|
||||
}
|
||||
#line 5263 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5260 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 458:
|
||||
#line 2440 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2437 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dt_dnstap_log_forwarder_response_messages:%s)\n", (yyvsp[0].str)));
|
||||
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
|
||||
@ -5271,29 +5268,29 @@ yyreduce:
|
||||
else cfg_parser->cfg->dnstap_log_forwarder_response_messages =
|
||||
(strcmp((yyvsp[0].str), "yes")==0);
|
||||
}
|
||||
#line 5275 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5272 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 459:
|
||||
#line 2449 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2446 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("\nP(python:)\n"));
|
||||
}
|
||||
#line 5283 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5280 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 463:
|
||||
#line 2458 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2455 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(python-script:%s)\n", (yyvsp[0].str)));
|
||||
free(cfg_parser->cfg->python_script);
|
||||
cfg_parser->cfg->python_script = (yyvsp[0].str);
|
||||
}
|
||||
#line 5293 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5290 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 464:
|
||||
#line 2464 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2461 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(disable_dnssec_lame_check:%s)\n", (yyvsp[0].str)));
|
||||
if (strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
|
||||
@ -5302,21 +5299,21 @@ yyreduce:
|
||||
(strcmp((yyvsp[0].str), "yes")==0);
|
||||
free((yyvsp[0].str));
|
||||
}
|
||||
#line 5306 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5303 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 465:
|
||||
#line 2474 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2471 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(server_log_identity:%s)\n", (yyvsp[0].str)));
|
||||
free(cfg_parser->cfg->log_identity);
|
||||
cfg_parser->cfg->log_identity = (yyvsp[0].str);
|
||||
}
|
||||
#line 5316 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5313 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 466:
|
||||
#line 2481 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2478 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(server_response_ip:%s %s)\n", (yyvsp[-1].str), (yyvsp[0].str)));
|
||||
validate_respip_action((yyvsp[0].str));
|
||||
@ -5324,31 +5321,31 @@ yyreduce:
|
||||
(yyvsp[-1].str), (yyvsp[0].str)))
|
||||
fatal_exit("out of memory adding response-ip");
|
||||
}
|
||||
#line 5328 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5325 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 467:
|
||||
#line 2490 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2487 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(server_response_ip_data:%s)\n", (yyvsp[-1].str)));
|
||||
if(!cfg_str2list_insert(&cfg_parser->cfg->respip_data,
|
||||
(yyvsp[-1].str), (yyvsp[0].str)))
|
||||
fatal_exit("out of memory adding response-ip-data");
|
||||
}
|
||||
#line 5339 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5336 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 468:
|
||||
#line 2498 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2495 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("\nP(dnscrypt:)\n"));
|
||||
OUTYY(("\nP(dnscrypt:)\n"));
|
||||
}
|
||||
#line 5348 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5345 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 481:
|
||||
#line 2515 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2512 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dnsc_dnscrypt_enable:%s)\n", (yyvsp[0].str)));
|
||||
if(strcmp((yyvsp[0].str), "yes") != 0 && strcmp((yyvsp[0].str), "no") != 0)
|
||||
@ -5356,11 +5353,11 @@ yyreduce:
|
||||
else cfg_parser->cfg->dnscrypt = (strcmp((yyvsp[0].str), "yes")==0);
|
||||
free((yyvsp[0].str));
|
||||
}
|
||||
#line 5360 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5357 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 482:
|
||||
#line 2525 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2522 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dnsc_dnscrypt_port:%s)\n", (yyvsp[0].str)));
|
||||
|
||||
@ -5369,21 +5366,21 @@ yyreduce:
|
||||
else cfg_parser->cfg->dnscrypt_port = atoi((yyvsp[0].str));
|
||||
free((yyvsp[0].str));
|
||||
}
|
||||
#line 5373 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5370 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 483:
|
||||
#line 2535 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2532 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dnsc_dnscrypt_provider:%s)\n", (yyvsp[0].str)));
|
||||
free(cfg_parser->cfg->dnscrypt_provider);
|
||||
cfg_parser->cfg->dnscrypt_provider = (yyvsp[0].str);
|
||||
}
|
||||
#line 5383 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5380 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 484:
|
||||
#line 2542 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2539 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dnsc_dnscrypt_provider_cert:%s)\n", (yyvsp[0].str)));
|
||||
if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str)))
|
||||
@ -5391,21 +5388,21 @@ yyreduce:
|
||||
if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert, (yyvsp[0].str)))
|
||||
fatal_exit("out of memory adding dnscrypt-provider-cert");
|
||||
}
|
||||
#line 5395 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5392 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 485:
|
||||
#line 2551 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2548 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dnsc_dnscrypt_provider_cert_rotated:%s)\n", (yyvsp[0].str)));
|
||||
if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_provider_cert_rotated, (yyvsp[0].str)))
|
||||
fatal_exit("out of memory adding dnscrypt-provider-cert-rotated");
|
||||
}
|
||||
#line 5405 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5402 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 486:
|
||||
#line 2558 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2555 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dnsc_dnscrypt_secret_key:%s)\n", (yyvsp[0].str)));
|
||||
if(cfg_strlist_find(cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str)))
|
||||
@ -5413,22 +5410,22 @@ yyreduce:
|
||||
if(!cfg_strlist_insert(&cfg_parser->cfg->dnscrypt_secret_key, (yyvsp[0].str)))
|
||||
fatal_exit("out of memory adding dnscrypt-secret-key");
|
||||
}
|
||||
#line 5417 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5414 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 487:
|
||||
#line 2567 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2564 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dnscrypt_shared_secret_cache_size:%s)\n", (yyvsp[0].str)));
|
||||
if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_shared_secret_cache_size))
|
||||
yyerror("memory size expected");
|
||||
free((yyvsp[0].str));
|
||||
}
|
||||
#line 5428 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5425 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 488:
|
||||
#line 2575 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2572 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dnscrypt_shared_secret_cache_slabs:%s)\n", (yyvsp[0].str)));
|
||||
if(atoi((yyvsp[0].str)) == 0)
|
||||
@ -5440,22 +5437,22 @@ yyreduce:
|
||||
}
|
||||
free((yyvsp[0].str));
|
||||
}
|
||||
#line 5444 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5441 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 489:
|
||||
#line 2588 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2585 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dnscrypt_nonce_cache_size:%s)\n", (yyvsp[0].str)));
|
||||
if(!cfg_parse_memsize((yyvsp[0].str), &cfg_parser->cfg->dnscrypt_nonce_cache_size))
|
||||
yyerror("memory size expected");
|
||||
free((yyvsp[0].str));
|
||||
}
|
||||
#line 5455 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5452 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 490:
|
||||
#line 2596 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2593 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(dnscrypt_nonce_cache_slabs:%s)\n", (yyvsp[0].str)));
|
||||
if(atoi((yyvsp[0].str)) == 0)
|
||||
@ -5467,19 +5464,19 @@ yyreduce:
|
||||
}
|
||||
free((yyvsp[0].str));
|
||||
}
|
||||
#line 5471 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5468 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 491:
|
||||
#line 2609 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2606 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("\nP(cachedb:)\n"));
|
||||
}
|
||||
#line 5479 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5476 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 499:
|
||||
#line 2619 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2616 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
#ifdef USE_CACHEDB
|
||||
OUTYY(("P(backend:%s)\n", (yyvsp[0].str)));
|
||||
@ -5492,11 +5489,11 @@ yyreduce:
|
||||
OUTYY(("P(Compiled without cachedb, ignoring)\n"));
|
||||
#endif
|
||||
}
|
||||
#line 5496 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5493 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 500:
|
||||
#line 2633 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2630 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
#ifdef USE_CACHEDB
|
||||
OUTYY(("P(secret-seed:%s)\n", (yyvsp[0].str)));
|
||||
@ -5510,11 +5507,11 @@ yyreduce:
|
||||
free((yyvsp[0].str));
|
||||
#endif
|
||||
}
|
||||
#line 5514 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5511 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 501:
|
||||
#line 2648 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2645 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
#if defined(USE_CACHEDB) && defined(USE_REDIS)
|
||||
OUTYY(("P(redis_server_host:%s)\n", (yyvsp[0].str)));
|
||||
@ -5525,11 +5522,11 @@ yyreduce:
|
||||
free((yyvsp[0].str));
|
||||
#endif
|
||||
}
|
||||
#line 5529 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5526 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 502:
|
||||
#line 2660 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2657 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
#if defined(USE_CACHEDB) && defined(USE_REDIS)
|
||||
int port;
|
||||
@ -5543,11 +5540,11 @@ yyreduce:
|
||||
#endif
|
||||
free((yyvsp[0].str));
|
||||
}
|
||||
#line 5547 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5544 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
case 503:
|
||||
#line 2675 "./util/configparser.y" /* yacc.c:1646 */
|
||||
#line 2672 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
#if defined(USE_CACHEDB) && defined(USE_REDIS)
|
||||
OUTYY(("P(redis_timeout:%s)\n", (yyvsp[0].str)));
|
||||
@ -5559,11 +5556,11 @@ yyreduce:
|
||||
#endif
|
||||
free((yyvsp[0].str));
|
||||
}
|
||||
#line 5563 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5560 "util/configparser.c" /* yacc.c:1646 */
|
||||
break;
|
||||
|
||||
|
||||
#line 5567 "util/configparser.c" /* yacc.c:1646 */
|
||||
#line 5564 "util/configparser.c" /* yacc.c:1646 */
|
||||
default: break;
|
||||
}
|
||||
/* User semantic actions sometimes alter yychar, and that requires
|
||||
@ -5791,7 +5788,7 @@ yyreturn:
|
||||
#endif
|
||||
return yyresult;
|
||||
}
|
||||
#line 2687 "./util/configparser.y" /* yacc.c:1906 */
|
||||
#line 2684 "./util/configparser.y" /* yacc.c:1906 */
|
||||
|
||||
|
||||
/* parse helper routines could be here */
|
||||
|
@ -2294,10 +2294,7 @@ rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG
|
||||
rc_control_use_cert: VAR_CONTROL_USE_CERT STRING_ARG
|
||||
{
|
||||
OUTYY(("P(control_use_cert:%s)\n", $2));
|
||||
if(strcmp($2, "yes") != 0 && strcmp($2, "no") != 0)
|
||||
yyerror("expected yes or no.");
|
||||
else cfg_parser->cfg->remote_control_use_cert =
|
||||
(strcmp($2, "yes")==0);
|
||||
/* ignored */
|
||||
free($2);
|
||||
}
|
||||
;
|
||||
|
Loading…
Reference in New Issue
Block a user