Commit Diff
Diff:
7a36eaa49b2f490f646dc87508c1c2ad35dc4092
916a5937a551f23ef315033183fb59dd29d361f5
Commit:
916a5937a551f23ef315033183fb59dd29d361f5
Tree:
583e4e2b8f66a168f73b5d8dbb8a2fe50de8f329
Author:
pjp <pjp@delphinusdns.org>
Committer:
pjp <pjp@delphinusdns.org>
Date:
Mon Nov 25 15:14:42 2019 UTC
Message:
remove remote logging, which was programmed into wildcarddnsd (predecessor of delphinusdnsd) on june 28, 2011. Since then in 2014 OpenBSD revamped its syslog (with TLS and TCP support) making this remote logging superfluous. On top of that this was protected by a SHA1 HMAC and is not up to the times anymore. tested on OpenBSD
blob - d22fdb47986a93035162ad4e037820af7723728b
blob + 5bee29c9cf8b86baee111c27c136acd9203ae893
--- ddd-db.h
+++ ddd-db.h
@@ -27,7 +27,7 @@
*/
/*
- * $Id: ddd-db.h,v 1.29 2019/11/14 18:02:12 pjp Exp $
+ * $Id: ddd-db.h,v 1.30 2019/11/25 15:14:42 pjp Exp $
*/
#ifndef _DB_H
@@ -264,18 +264,6 @@ struct sreply {
};
-struct logging {
- int active;
- char *hostname;
- int bind;
- char *loghost;
- struct sockaddr_storage loghost2;
- char *logport;
- u_int16_t logport2;
- char *logpasswd;
-};
-
-
/* ddd command socket */
#define SOCKPATH "/var/run/delphinusdnsd.sock"
@@ -367,7 +355,6 @@ struct cfg {
#define MY_IMSG_RAXFR 4
#define MY_IMSG_MAX 5
int recurse; /* recurse socket */
- int log; /* logging socket */
int sockcount; /* set sockets */
int nth;
pid_t pid;
blob - fac6a05f31eb74b5c5df9973c31d08f9a71692a9
blob + 27b00333fe7b0f6d8d208a507b7c077edffcedb0
--- delphinusdns.conf.5
+++ delphinusdns.conf.5
@@ -158,8 +158,8 @@ Syntax for
in BNF:
.Bd -literal
line = ( version | axfrport | include | zinclude | zone | region |
- axfr | mzone | whitelist | filter | recurse | logging
- | comment | options )
+ axfr | mzone | whitelist | filter | recurse | comment |
+ options )
version = "version" ("number") ;
@@ -210,13 +210,6 @@ optrzonename = "zonename" ("string") ;
optfilename = "filename" ("string") ;
rzone = "rzone" ("string") [ "{" rzonelist "}" ]
-
-logging = "logging" ("string") [ "{" logstatements "}" ]
-logstatements = ( "logbind" | "logpasswd" | "logport" | "loghost" )
-logbind = "logbind" ("string") ;
-logpasswd = "logpasswd" ("string") ;
-logport = "logport" number ;
-loghost = "loghost" cidr-address ;
comment = ( ; | pound ) line
blob - 4a8921c0b89510af41ed9f814fc611c0aa20c138
blob + 1d1c90f7a604244c9b5246d33cf7c270a01c1a7c
--- delphinusdnsd.c
+++ delphinusdnsd.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: delphinusdnsd.c,v 1.85 2019/11/14 18:02:12 pjp Exp $
+ * $Id: delphinusdnsd.c,v 1.86 2019/11/25 15:14:42 pjp Exp $
*/
@@ -149,7 +149,6 @@ extern int reply_ds(struct sreply *, ddDB *);
extern int reply_nsec(struct sreply *, ddDB *);
extern int reply_nsec3(struct sreply *, ddDB *);
extern int reply_nsec3param(struct sreply *, ddDB *);
-extern int remotelog(int, char *, ...);
extern char *rrlimit_setup(int);
extern char *dns_label(char *, int *);
extern void slave_shutdown(void);
@@ -243,7 +242,6 @@ struct tcpentry {
/* global variables */
extern char *__progname;
-extern struct logging logging;
extern int axfrport;
extern int ratelimit;
extern int ratelimit_packets_per_second;
@@ -291,7 +289,6 @@ main(int argc, char *argv[], char *environ[])
static int tcp[DEFAULT_SOCKET];
static int afd[DEFAULT_SOCKET];
static int uafd[DEFAULT_SOCKET];
- int lfd = -1;
int n;
int ch, i, j;
@@ -849,70 +846,6 @@ main(int argc, char *argv[], char *environ[])
}
} /* if bflag? */
- /* if we are binding a log socket do it now */
- if (logging.bind == 1 || logging.active == 1) {
- switch (logging.loghost2.ss_family) {
- case AF_INET:
- lfd = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
- if (lfd < 0) {
- dolog(LOG_INFO, "logging socket: %s\n", strerror(errno));
- slave_shutdown();
- exit(1);
- }
- sin = (struct sockaddr_in *)&logging.loghost2;
- sin->sin_port = htons(logging.logport2);
- break;
- case AF_INET6:
- lfd = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);
- if (lfd < 0) {
- dolog(LOG_INFO, "logging socket: %s\n", strerror(errno));
- slave_shutdown();
- exit(1);
- }
- sin6 = (struct sockaddr_in6 *)&logging.loghost2;
- sin6->sin6_port = htons(logging.logport2);
- break;
- }
-
- if (logging.bind == 1) {
- if (bind(lfd, (struct sockaddr *)&logging.loghost2,
- ((logging.loghost2.ss_family == AF_INET6) ?
- sizeof(struct sockaddr_in6) :
- sizeof(struct sockaddr_in))
- ) < 0) {
- dolog(LOG_INFO, "binding log socket: %s\n", strerror(errno));
- slave_shutdown();
- exit(1);
- }
-
-#ifndef __linux__
- if (shutdown(lfd, SHUT_WR) < 0) {
- dolog(LOG_INFO, "shutdown log socket: %s\n", strerror(errno));
- slave_shutdown();
- exit(1);
- }
-#endif
-
- } else {
- if (connect(lfd, (struct sockaddr *)&logging.loghost2,
- ((logging.loghost2.ss_family == AF_INET6) ?
- sizeof(struct sockaddr_in6) :
- sizeof(struct sockaddr_in))) < 0) {
- dolog(LOG_INFO, "connecting log socket: %s\n", strerror(errno));
- slave_shutdown();
- exit(1);
- }
-
- if (shutdown(lfd, SHUT_RD) < 0) {
- dolog(LOG_INFO, "shutdown log socket: %s\n", strerror(errno));
- slave_shutdown();
- exit(1);
- }
-
- } /* if logging.bind */
-
- } /* if logging.bind */
-
#if __OpenBSD__
if (unveil(DELPHINUS_RZONE_PATH, "rwc") < 0) {
perror("unveil");
@@ -1126,8 +1059,6 @@ main(int argc, char *argv[], char *environ[])
cfg->ident[i] = strdup(ident[i]);
}
- cfg->log = lfd;
-
close(cfg->my_imsg[MY_IMSG_MAX + n].imsg_fds[0]);
imsg_init(child_ibuf[MY_IMSG_MAX + n], cfg->my_imsg[MY_IMSG_MAX + n].imsg_fds[1]);
@@ -1153,9 +1084,7 @@ main(int argc, char *argv[], char *environ[])
cfg->ident[i] = strdup(ident[i]);
}
- cfg->log = lfd;
-
(void)mainloop(cfg, child_ibuf);
/* NOTREACHED */
@@ -1463,7 +1392,6 @@ mainloop(struct cfg *cfg, struct imsgbuf **ibuf)
int blacklist = 1;
int require_tsig = 0;
int sp;
- int lfd;
int idata;
u_int32_t received_ttl;
@@ -1486,12 +1414,10 @@ mainloop(struct cfg *cfg, struct imsgbuf **ibuf)
} sockaddr_large;
socklen_t fromlen = sizeof(sockaddr_large);
- socklen_t logfromlen = sizeof(struct sockaddr_storage);
struct sockaddr *from = (void *)&sockaddr_large;
struct sockaddr_in *sin;
struct sockaddr_in6 *sin6;
- struct sockaddr_storage logfrom;
struct question *question = NULL, *fakequestion = NULL;
struct parsequestion pq;
@@ -1596,7 +1522,6 @@ mainloop(struct cfg *cfg, struct imsgbuf **ibuf)
sp = cfg->recurse;
- lfd = cfg->log;
for (;;) {
is_ipv6 = 0;
@@ -1616,12 +1541,6 @@ mainloop(struct cfg *cfg, struct imsgbuf **ibuf)
FD_SET(cfg->axfr[i], &rset);
}
- if (logging.bind == 1) {
- if (maxso < lfd)
- maxso = lfd;
- FD_SET(lfd, &rset);
- }
-
tv.tv_sec = 10;
tv.tv_usec = 0;
@@ -2178,10 +2097,6 @@ axfrentry:
}
- if (logging.active == 1 && logging.bind == 0) {
- remotelog(lfd, "request on descriptor %u interface \"%s\" from %s (ttl=%u, region=%d) for \"%s\" type=%s class=%u, %s%sanswering \"%s\" (%d/%d)", so, cfg->ident[i], address, received_ttl, aregion, question->converted_name, get_dns_type(ntohs(question->hdr->qtype), 1), ntohs(question->hdr->qclass), (question->edns0len ? "edns0, ": ""), (question->dnssecok ? "dnssecok" : ""), replystring, len, slen);
- }
-
if (fakequestion != NULL) {
free_question(fakequestion);
}
@@ -2201,15 +2116,6 @@ axfrentry:
} /* for */
- if (logging.bind == 1 && FD_ISSET(lfd, &rset)) {
- logfromlen = sizeof(struct sockaddr_storage);
- len = recvfrom(lfd, buf, sizeof(buf), 0, (struct sockaddr *)&logfrom, &logfromlen);
- if (len < 0) {
- dolog(LOG_INFO, "recvfrom: logging %s\n", strerror(errno));
- } else
- receivelog(buf, len);
- }
-
drop:
if (rbt0) {
@@ -2449,7 +2355,6 @@ tcploop(struct cfg *cfg, struct imsgbuf **ibuf)
int require_tsig = 0;
int axfr_acl = 0;
int sp;
- int lfd;
int idata;
uint conncnt = 0;
int tcpflags;
@@ -2540,7 +2445,6 @@ tcploop(struct cfg *cfg, struct imsgbuf **ibuf)
sp = cfg->recurse;
- lfd = cfg->log;
/*
* listen on descriptors
blob - e21c71fb3406e507461077eb33b6d96cdf03c46e
blob + efe3578453ff4138ddbec409646373fd05ad7083
--- log.c
+++ log.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: log.c,v 1.8 2019/11/20 18:30:07 pjp Exp $
+ * $Id: log.c,v 1.9 2019/11/25 15:14:42 pjp Exp $
*/
@@ -66,13 +66,10 @@
#include "ddd-dns.h"
#include "ddd-db.h"
-extern struct logging logging;
extern int debug;
extern int verbose;
void dolog(int pri, char *fmt, ...);
-void receivelog(char *buf, int len);
-int remotelog(int fd, char *fmt, ...);
char *input_sanitize(char *);
@@ -189,81 +186,4 @@ dolog(int pri, char *fmt, ...)
va_end(ap);
-}
-
-/*
- * remotelog() - is like syslog() only the first argument is a filedescriptor
- * instead of severity, it will send a packet to the loghost
- * signed.
- */
-
-int
-remotelog(int fd, char *fmt, ...)
-{
- va_list ap;
- static char buf[1500];
- static char outbuf[1500];
- char sign[20];
- char *p;
- u_int rlen;
- static u_int64_t sequence = 0;
-
-
- va_start(ap, fmt);
- vsnprintf(buf, sizeof(buf), fmt, ap);
- va_end(ap);
-
-#ifdef __NetBSD__
- snprintf(outbuf, sizeof(outbuf), "XXXXXXXXXXXXXXXXXXXX%lu %s %s",
-#else
- snprintf(outbuf, sizeof(outbuf), "XXXXXXXXXXXXXXXXXXXX%llu %s %s",
-#endif
- sequence++, logging.hostname, buf);
-
- p = &outbuf[20];
-
-
- HMAC(EVP_sha1(), logging.logpasswd, strlen(logging.logpasswd),
- (unsigned char *)p, strlen(p), (unsigned char *)&sign,
- &rlen);
-
- memcpy(outbuf, sign, 20);
-
- return (send(fd, outbuf, strlen(outbuf), 0));
-}
-
-
-void
-receivelog(char *buf, int len)
-{
- static char inbuf[1500];
- char sign[20];
- char *p;
- int rlen;
-
- if (len < 21 || len > 1450)
- return;
-
- memcpy(&inbuf, buf, len);
- inbuf[len] = '\0';
-
- p = &inbuf[20];
-
- HMAC(EVP_sha1(), logging.logpasswd, strlen(logging.logpasswd),
- (unsigned char *)p, strlen(p), (unsigned char *)&sign,
- (unsigned int *)&rlen);
-
- if (memcmp(inbuf, sign, 20) != 0)
- return;
-
- /* skip sequence number */
- p = strchr(p, ' ');
- if (p == NULL)
- return;
-
- p++;
-
- syslog(LOG_INFO, "%s", p);
-
- return;
}
blob - 2c0c29e07d969838e12b53277d0d93fceba61d48
blob + f53d0f403089fc845b05c4995e4657931ead8ed1
--- parse.y
+++ parse.y
@@ -21,7 +21,7 @@
*/
/*
- * $Id: parse.y,v 1.90 2019/11/19 19:10:25 pjp Exp $
+ * $Id: parse.y,v 1.91 2019/11/25 15:14:42 pjp Exp $
*/
%{
@@ -153,7 +153,7 @@ SLIST_HEAD(mzones ,mzone) mzones = SLIST_HEAD_INITIALI
#define CONFIG_INCLUDE 0x10
#define CONFIG_WILDCARDONLYFOR 0x20
#define CONFIG_RECURSEFOR 0x40
-#define CONFIG_LOGGING 0x80
+#define CONFIG_LOGGING 0x80 /* deprecated */
#define CONFIG_AXFRFOR 0x100
#define CONFIG_AXFRPORT 0x200
#define CONFIG_ZINCLUDE 0x400
@@ -185,7 +185,6 @@ YYSTYPE yylval;
char *converted_name;
int converted_namelen;
ddDBT key, data;
-struct logging logging;
int axfrport = 0;
time_t time_changed;
int dnssec = 0;
@@ -238,7 +237,7 @@ int drop_privs(char *, struct passwd *);
%token VERSION OBRACE EBRACE REGION RZONE AXFRFOR
%token DOT COLON TEXT WOF INCLUDE ZONE COMMA CRLF
-%token ERROR AXFRPORT LOGGING OPTIONS FILTER MZONE
+%token ERROR AXFRPORT OPTIONS FILTER MZONE
%token WHITELIST ZINCLUDE MASTER MASTERPORT TSIGAUTH
%token TSIG NOTIFYDEST NOTIFYBIND PORT
@@ -275,7 +274,6 @@ cmd :
| whitelist CRLF
| tsig CRLF
| filter CRLF
- | logging
| comment CRLF
| options
;
@@ -1280,166 +1278,6 @@ optionsstatement:
| comment CRLF
;
-/* logging below */
-
-logging:
- LOGGING logginglabel loggingcontent
- {
- if ((confstatus & CONFIG_VERSION) != CONFIG_VERSION) {
- dolog(LOG_INFO, "There must be a version at the top of the first configfile\n");
- return (-1);
- }
- }
- ;
-
-logginglabel:
- QUOTEDSTRING
- ;
-
-loggingcontent:
- OBRACE loggingstatements EBRACE CRLF
- | OBRACE CRLF loggingstatements EBRACE CRLF
- ;
-
-loggingstatements:
- loggingstatement CRLF
- | loggingstatements loggingstatement CRLF
- ;
-
-loggingstatement:
- STRING STRING SEMICOLON
- {
- char buf[512];
-
- if (file->descend == DESCEND_YES) {
- if (strcasecmp($1, "logbind") == 0) {
- logging.active = 1;
- logging.bind = 0;
-
- gethostname(buf, sizeof(buf));
- logging.hostname = strdup(buf);
- if (logging.hostname == NULL) {
- dolog(LOG_ERR, "strdup failed\n");
- return (-1);
- }
-
- if (strcmp($2, "yes") == 0) {
- logging.bind = 1;
- }
- } else if (strcasecmp($1, "logpasswd") == 0) {
-
- logging.logpasswd = strdup($2);
-
- if (logging.logpasswd == NULL) {
- dolog(LOG_ERR, "strdup failed\n");
- return (-1);
- }
-
- } else {
- if (debug)
- printf("another logging statement I don't know?\n");
- return (-1);
- }
- }
- }
- |
- STRING NUMBER SEMICOLON
- {
- char buf[16];
-
- if (file->descend == DESCEND_YES) {
- if (strcasecmp($1, "logport") == 0) {
- snprintf(buf, sizeof(buf), "%lld", $2);
- logging.logport = strdup(buf);
- if (logging.logport == NULL) {
- dolog(LOG_ERR, "strdup failed\n");
- return (-1);
- }
- logging.logport2 = $2;
- }
- }
- }
- |
- STRING ipcidr SEMICOLON
- {
- struct addrinfo hints, *res0;
- struct sockaddr_in6 *psin6;
- struct sockaddr_in *psin;
- int error;
-
- if (file->descend == DESCEND_YES) {
- if (strcasecmp($1, "loghost") == 0) {
- logging.loghost = strdup($2);
- if (logging.loghost == NULL) {
- dolog(LOG_ERR, "strdup failed\n");
-
- return (-1);
- }
-
- if (strchr($2, ':') != NULL) {
- memset(&hints, 0, sizeof(hints));
- hints.ai_family = AF_INET6;
- hints.ai_socktype = SOCK_STREAM;
- hints.ai_flags = AI_NUMERICHOST;
-
- error = getaddrinfo($2, "www", &hints, &res0);
- if (error) {
- dolog(LOG_ERR, "%s line %d: %s\n",
- file->name, file->lineno,
- gai_strerror(error));
-
- return (-1);
- }
-
- if (res0 == NULL) {
- dolog(LOG_ERR, "%s line %d: could not"
- " determine IPv6 address\n"
- , file->name, file->lineno);
- return (-1);
- }
-
- psin6 = (struct sockaddr_in6 *)&logging.loghost2;
- psin6->sin6_family = res0->ai_family;
- memcpy(psin6, res0->ai_addr, res0->ai_addrlen);
- freeaddrinfo(res0);
- } else {
- memset(&hints, 0, sizeof(hints));
-
- hints.ai_family = AF_INET;
- hints.ai_socktype = SOCK_STREAM;
- hints.ai_flags = AI_NUMERICHOST;
-
- error = getaddrinfo($2, "www", &hints, &res0);
- if (error) {
- dolog(LOG_ERR, "%s line %d: %s\n",
- file->name, file->lineno,
- gai_strerror(error));
-
- return (-1);
- }
-
- if (res0 == NULL) {
- dolog(LOG_ERR, "%s line %d: could not"
- " determine IPv6 address\n"
- , file->name, file->lineno);
- return (-1);
- }
-
- psin = (struct sockaddr_in *)&logging.loghost2;
- psin->sin_family = res0->ai_family;
- memcpy(psin, res0->ai_addr, res0->ai_addrlen);
-
- freeaddrinfo(res0);
- }
- } else {
- if (debug)
- printf("2 another logging statement I don't know?\n");
- return (-1);
- }
- }
- }
- | comment CRLF
- ;
/* tsig "these hosts" { .. } */
tsig:
@@ -1733,7 +1571,6 @@ struct tab cmdtab[] = {
{ "whitelist", WHITELIST, STATE_IP },
{ "filter", FILTER, STATE_IP },
{ "include", INCLUDE, 0 },
- { "logging", LOGGING, 0 },
{ "master", MASTER, 0 },
{ "masterport", MASTERPORT, 0 },
{ "mzone", MZONE, 0},
@@ -1777,8 +1614,6 @@ parse_file(ddDB *db, char *filename, uint32_t flags)
if (flags & PARSEFILE_FLAG_NOSOCKET)
pullzone = 0;
- memset(&logging, 0, sizeof(struct logging));
- logging.active = 0;
(void)add_rzone();
repomaster@centroid.eu