Commit Diff
Diff:
85534ca266c1d08204c4449ecb416104a2c582af
ffd6f34769f969afd4dab4e940bb6e5d7af0e6da
Commit:
ffd6f34769f969afd4dab4e940bb6e5d7af0e6da
Tree:
b8393d11aff4bc8f9b6e16f973b0c96f11497c3a
Author:
pjp <pjp@delphinusdns.org>
Committer:
pjp <pjp@delphinusdns.org>
Date:
Sun Nov 3 15:21:19 2019 UTC
Message:
refactor. When a replicant zone file does not exist there is three ways to install it (it's a bit of a chicken and egg problem). You can get it with dddctl in two ways, dddctl configtest is the easy way, dddctl query the more complicated way. If you didn't configtest it's left up to delphinusdnsd to try (as root) to transfer the zone file from the master via AXFR. Adjust pledges, also do note that when you leave it up to the daemon to get the initial zone file there is no pledges when it does this, nor unveils.
blob - 57e8b71dd63ba1a821660db306b2006491b0d521
blob + 210238d9c3de1370ef4bded18a7839fcf8ea3526
--- ddd-db.h
+++ ddd-db.h
@@ -27,7 +27,7 @@
*/
/*
- * $Id: ddd-db.h,v 1.24 2019/11/02 17:24:27 pjp Exp $
+ * $Id: ddd-db.h,v 1.25 2019/11/03 15:21:19 pjp Exp $
*/
#ifndef _DB_H
@@ -60,6 +60,10 @@
#define RECORD_COUNT 20
#define NEGATIVE_CACHE_TIME 600 /* DNS & Bind 3rd edition page 35 */
+
+#ifndef DEFAULT_PRIVILEGE
+#define DEFAULT_PRIVILEGE "_ddd"
+#endif
/* db stuff */
blob - c7be9e01bc4a919d6ccbc93a16fe5557673cf9be
blob + aeb78453476e40024440fa8ebc2452de829d1435
--- dddctl.c
+++ dddctl.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: dddctl.c,v 1.81 2019/11/02 17:24:27 pjp Exp $
+ * $Id: dddctl.c,v 1.82 2019/11/03 15:21:19 pjp Exp $
*/
#include <sys/param.h>
@@ -7070,7 +7070,7 @@ configtest(int argc, char *argv[])
zonefile = argv[0];
#if __OpenBSD__
- if (pledge("stdio rpath wpath cpath", NULL) < 0) {
+ if (pledge("stdio rpath wpath cpath chown inet getpw", NULL) < 0) {
perror("pledge");
exit(1);
}
blob - f746a2db0d5466a89c92130d70d36cd4a3e3690a
blob + 8434643c80c2f2a578a70256ee8fe998b848d722
--- delphinusdnsd.c
+++ delphinusdnsd.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: delphinusdnsd.c,v 1.77 2019/11/02 17:24:27 pjp Exp $
+ * $Id: delphinusdnsd.c,v 1.78 2019/11/03 15:21:19 pjp Exp $
*/
@@ -181,9 +181,6 @@ void parseloop(struct cfg *, struct imsgbuf **);
/* aliases */
-#ifndef DEFAULT_PRIVILEGE
-#define DEFAULT_PRIVILEGE "_ddd"
-#endif
#define MYDB_PATH "/var/db/delphinusdns"
@@ -500,16 +497,18 @@ main(int argc, char *argv[], char *environ[])
exit(1);
}
- switch (pid = fork()) {
- case -1:
- dolog(LOG_ERR, "fork(): %s\n", strerror(errno));
- exit(1);
- case 0:
- setup_unixsocket(socketpath, child_ibuf[MY_IMSG_MASTER]);
- slave_shutdown();
- exit(1);
- default:
- break;
+ if (! debug) {
+ switch (pid = fork()) {
+ case -1:
+ dolog(LOG_ERR, "fork(): %s\n", strerror(errno));
+ exit(1);
+ case 0:
+ setup_unixsocket(socketpath, child_ibuf[MY_IMSG_MASTER]);
+ slave_shutdown();
+ exit(1);
+ default:
+ break;
+ }
}
blob - 7356fc95dc198c622629a62baff2b7efb367d3df
blob + c1514972ab5cc5b012e43e909dff25c632603645
--- examples/example9.conf
+++ examples/example9.conf
@@ -16,12 +16,11 @@ options "cool stuff" {
;dnssec;
}
-tsig-auth pass "YmFzZTY0Cg==";
rzone "internal.centroid.eu." {
- tsigkey "pass";
+ tsigkey "NOKEY";
masterport 10053;
master 192.168.177.2;
- zonename "internal.centroid.eu.";
- filename "/etc/delphinusdns/replicant/internal.centroid.eu.repl";
+ zonename "words.";
+ filename "/etc/delphinusdns/replicant/words.repl";
}
blob - d63fd44ff38092afdb6e3322212524d456e4b4c2
blob + ee7865e16fd98ec22677ca69445e92b6cfb5d0c4
--- parse.y
+++ parse.y
@@ -21,7 +21,7 @@
*/
/*
- * $Id: parse.y,v 1.77 2019/11/01 19:46:57 pjp Exp $
+ * $Id: parse.y,v 1.78 2019/11/03 15:21:19 pjp Exp $
*/
%{
@@ -46,6 +46,7 @@
#include <ctype.h>
#include <signal.h>
#include <time.h>
+#include <pwd.h>
#ifdef __linux__
#include <grp.h>
@@ -94,6 +95,7 @@ extern struct rrset * find_rr(struct rbtree *rbt, u_in
extern int add_rr(struct rbtree *rbt, char *name, int len, u_int16_t rrtype, void *rdata);
extern int display_rr(struct rrset *rrset);
extern void flag_rr(struct rbtree *);
+extern int pull_rzone(struct rzone *, time_t, int);
extern int whitelist;
@@ -3699,11 +3701,38 @@ add_rzone(void)
static int
pull_remote_zone(struct rzone *lrz)
{
- if (rename("/etc/delphinusdns/sample.zone", lrz->filename) < 0) {
- perror("rename");
+ struct passwd *pw;
+ int ret;
+ char *current;
+
+ current = getcwd(NULL, PATH_MAX);
+ if (current == NULL) {
+ dolog(LOG_INFO, "pull_remote_zone getcwd: %s\n", strerror(errno));
return -1;
}
- return 0;
+
+ if (chdir(DELPHINUS_RZONE_PATH) < 0) {
+ dolog(LOG_INFO, "pull_remote_zone chdir: %s\n", strerror(errno));
+ return -1;
+ }
+
+ ret = pull_rzone(lrz, time(NULL), 0);
+
+ pw = getpwnam(DEFAULT_PRIVILEGE);
+ if (pw == NULL) {
+ unlink(lrz->filename);
+ return -1;
+ }
+
+ if (chown(lrz->filename, pw->pw_uid, pw->pw_gid) < 0) {
+ unlink(lrz->filename);
+ return -1;
+ }
+
+ chdir(current);
+ free(current);
+
+ return (ret);
}
/*
blob - 4afe1b4fd52047e82ac23405114790ef52646e47
blob + 35224b17e2952330c9c99d30e3d6adb722073c35
--- raxfr.c
+++ raxfr.c
@@ -26,7 +26,7 @@
*
*/
/*
- * $Id: raxfr.c,v 1.20 2019/11/03 07:26:12 pjp Exp $
+ * $Id: raxfr.c,v 1.21 2019/11/03 15:21:19 pjp Exp $
*/
#include <sys/types.h>
@@ -121,7 +121,8 @@ static void schedule_retry(char *, time_t);
static void schedule_restart(char *, time_t);
static void schedule_delete(struct myschedule *);
int64_t get_remote_soa(struct rzone *rzone);
-int do_raxfr(FILE *f, int64_t serial, struct rzone *rzone);
+int do_raxfr(FILE *, struct rzone *);
+int pull_rzone(struct rzone *, time_t, int);
extern int memcasecmp(u_char *, u_char *, int);
extern char * dns_label(char *, int *);
@@ -1251,8 +1252,6 @@ void
replicantloop(ddDB *db, struct imsgbuf *ibuf, struct imsgbuf *master_ibuf)
{
struct rzone *lrz, *lrz0;
- char buf[PATH_MAX];
- char *p, *q;
time_t now, lastnow;
int apexlen, sel, endspurt = 0;
int idata;
@@ -1263,7 +1262,6 @@ replicantloop(ddDB *db, struct imsgbuf *ibuf, struct i
struct rr *rrp;
struct timeval tv;
- FILE *f = NULL;
#if __OpenBSD__
if (pledge("stdio wpath rpath cpath inet", NULL) < 0) {
@@ -1385,56 +1383,11 @@ replicantloop(ddDB *db, struct imsgbuf *ibuf, struct i
/* initiate AXFR and update zone */
dolog(LOG_INFO, "new higher serial detected (%ld vs. %ld)\n", serial, lrz->soa.serial);
- p = strrchr(lrz->filename, '/');
- if (p == NULL) {
- dolog(LOG_INFO, "can't determine temporary filename from %s\n", lrz->filename);
+ if (pull_rzone(lrz, now,1) < 0) {
schedule_retry(lrz->zonename, now + lrz->soa.retry);
goto out;
}
- p++;
- q = p;
- if (*p == '\0') {
- dolog(LOG_INFO, "can't determine temporary filename from %s (2)\n", lrz->filename);
- schedule_retry(lrz->zonename, now + lrz->soa.retry);
- goto out;
- }
-
- snprintf(buf, sizeof(buf), "%s.XXXXXXXXXXXXXX", p);
- if ((p = mktemp(buf)) == NULL) {
- dolog(LOG_INFO, "can't determine temporary filename from %s (3)\n", lrz->filename);
- schedule_retry(lrz->zonename, now + lrz->soa.retry);
- goto out;
- }
-
- umask(022);
-
- f = fopen(p, "w");
- if (f == NULL) {
- dolog(LOG_INFO, "can't create temporary filename for zone %s\n", lrz->zonename);
- schedule_retry(lrz->zonename, now + lrz->soa.retry);
- goto out;
- }
-
- fprintf(f, "; This is a REPLICANT file for zone %s gotten on %lld\n\n", lrz->zonename, now);
-
- if (do_raxfr(f, serial, lrz) < 0) {
- dolog(LOG_INFO, "do_raxfr failed\n");
- schedule_retry(lrz->zonename, now + lrz->soa.retry);
- goto out;
- }
-
- fclose(f);
-
- unlink(q);
- if (link(p, q) < 0) {
- dolog(LOG_ERR, "can't link %s to %s\n", p, q);
- schedule_retry(lrz->zonename, now + lrz->soa.retry);
- goto out;
- }
-
- unlink(p);
-
/* schedule restart */
schedule_restart(lrz->zonename, now + 100);
/*
@@ -1471,55 +1424,11 @@ replicantloop(ddDB *db, struct imsgbuf *ibuf, struct i
dolog(LOG_INFO, "new higher serial detected (%ld vs. %ld)\n", serial, lrz->soa.serial);
- p = strrchr(lrz->filename, '/');
- if (p == NULL) {
- dolog(LOG_INFO, "can't determine temporary filename from %s\n", lrz->filename);
+ if (pull_rzone(lrz, now,1) < 0) {
schedule_retry(lrz->zonename, now + lrz->soa.retry);
goto out;
}
- p++;
- q = p;
- if (*p == '\0') {
- dolog(LOG_INFO, "can't determine temporary filename from %s (2)\n", lrz->filename);
- schedule_retry(lrz->zonename, now + lrz->soa.retry);
- goto out;
- }
-
- snprintf(buf, sizeof(buf), "%s.XXXXXXXXXXXXXX", p);
- if ((p = mktemp(buf)) == NULL) {
- dolog(LOG_INFO, "can't determine temporary filename from %s (3)\n", lrz->filename);
- schedule_retry(lrz->zonename, now + lrz->soa.retry);
- goto out;
- }
-
- umask(022);
-
- f = fopen(p, "w");
- if (f == NULL) {
- dolog(LOG_INFO, "can't create temporary filename for zone %s\n", lrz->zonename);
- schedule_retry(lrz->zonename, now + lrz->soa.retry);
- goto out;
- }
-
- fprintf(f, "; This is a REPLICANT file for zone %s gotten on %lld\n\n", lrz->zonename, now);
-
- if (do_raxfr(f, serial, lrz) < 0) {
- dolog(LOG_INFO, "do_raxfr failed\n");
- schedule_retry(lrz->zonename, now + lrz->soa.retry);
- goto out;
- }
-
- fclose(f);
-
- unlink(q);
- if (link(p, q) < 0) {
- dolog(LOG_ERR, "can't link %s to %s\n", p, q);
- schedule_retry(lrz->zonename, now + lrz->soa.retry);
- goto out;
- }
-
- unlink(p);
/* schedule restart */
schedule_restart(lrz->zonename, now + 100);
/*
@@ -1884,7 +1793,7 @@ get_remote_soa(struct rzone *rzone)
}
int
-do_raxfr(FILE *f, int64_t serial, struct rzone *rzone)
+do_raxfr(FILE *f, struct rzone *rzone)
{
int so;
struct sockaddr_in sin;
@@ -1898,7 +1807,7 @@ do_raxfr(FILE *f, int64_t serial, struct rzone *rzone)
char *keyname;
int tsigpasslen, keynamelen;
int format = (TCP_FORMAT | ZONE_FORMAT);
- int len;
+ int len, dotsig = 1;
struct soa mysoa;
@@ -1937,35 +1846,108 @@ do_raxfr(FILE *f, int64_t serial, struct rzone *rzone)
return -1;
}
- keyname = dns_label(rzone->tsigkey, &keynamelen);
- if (keyname == NULL) {
- dolog(LOG_ERR, "dns_label failed\n");
+ if (strcmp(rzone->tsigkey, "NOKEY") != 0) {
+
+ keyname = dns_label(rzone->tsigkey, &keynamelen);
+ if (keyname == NULL) {
+ dolog(LOG_ERR, "dns_label failed\n");
+ close(so);
+ return -1;
+ }
+
+ if ((tsigpasslen = find_tsig_key(keyname, keynamelen, (char *)&tsigpass, sizeof(tsigpass))) < 0) {
+ dolog(LOG_ERR, "do not have a record of TSIG key %s\n", rzone->tsigkey);
+ close(so);
+ return -1;
+ }
+
+ free(keyname);
+
+ if ((len = mybase64_encode(tsigpass, tsigpasslen, humanpass, sizeof(humanpass))) < 0) {
+ dolog(LOG_ERR, "base64_encode() failed\n");
+ close(so);
+ return -1;
+ }
+
+ humanpass[len] = '\0';
+ } else {
+ dotsig = 0;
+ }
+
+
+ if (lookup_axfr(f, so, rzone->zonename, &mysoa, format, ((dotsig == 0) ? NULL : rzone->tsigkey), ((dotsig == 0) ? NULL : humanpass)) < 0) {
+ dolog(LOG_ERR, "lookup_axfr() failed\n");
close(so);
return -1;
}
+
+ close(so);
+ return (0);
+}
- if ((tsigpasslen = find_tsig_key(keyname, keynamelen, (char *)&tsigpass, sizeof(tsigpass))) < 0) {
- dolog(LOG_ERR, "do not have a record of TSIG key %s\n", rzone->tsigkey);
- close(so);
+
+int
+pull_rzone(struct rzone *lrz, time_t now, int doschedule)
+{
+ char *p, *q;
+ FILE *f;
+ char buf[PATH_MAX];
+
+ p = strrchr(lrz->filename, '/');
+ if (p == NULL) {
+ dolog(LOG_INFO, "can't determine temporary filename from %s\n", lrz->filename);
+ if (doschedule)
+ schedule_retry(lrz->zonename, now + lrz->soa.retry);
return -1;
}
- free(keyname);
+ p++;
+ q = p;
+ if (*p == '\0') {
+ dolog(LOG_INFO, "can't determine temporary filename from %s (2)\n", lrz->filename);
+ if (doschedule)
+ schedule_retry(lrz->zonename, now + lrz->soa.retry);
+ return -1;
+ }
- if ((len = mybase64_encode(tsigpass, tsigpasslen, humanpass, sizeof(humanpass))) < 0) {
- dolog(LOG_ERR, "base64_encode() failed\n");
- close(so);
+ snprintf(buf, sizeof(buf), "%s.XXXXXXXXXXXXXX", p);
+ if ((p = mktemp(buf)) == NULL) {
+ dolog(LOG_INFO, "can't determine temporary filename from %s (3)\n", lrz->filename);
+ if (doschedule)
+ schedule_retry(lrz->zonename, now + lrz->soa.retry);
return -1;
}
- humanpass[len] = '\0';
+ umask(022);
+
+ f = fopen(p, "w");
+ if (f == NULL) {
+ dolog(LOG_INFO, "can't create temporary filename for zone %s\n", lrz->zonename);
+ if (doschedule)
+ schedule_retry(lrz->zonename, now + lrz->soa.retry);
+ return -1;
+ }
- if (lookup_axfr(f, so, rzone->zonename, &mysoa, format, rzone->tsigkey, humanpass) < 0) {
- dolog(LOG_ERR, "lookup_axfr() failed\n");
- close(so);
+ fprintf(f, "; REPLICANT file for zone %s gotten on %lld\n\n", lrz->zonename, now);
+
+ if (do_raxfr(f, lrz) < 0) {
+ dolog(LOG_INFO, "do_raxfr failed\n");
+ if (doschedule)
+ schedule_retry(lrz->zonename, now + lrz->soa.retry);
return -1;
}
-
- close(so);
- return (0);
+
+ fclose(f);
+
+ unlink(q);
+ if (link(p, q) < 0) {
+ dolog(LOG_ERR, "can't link %s to %s\n", p, q);
+ if (doschedule)
+ schedule_retry(lrz->zonename, now + lrz->soa.retry);
+ return -1;
+ }
+
+ unlink(p);
+
+ return 0;
}
repomaster@centroid.eu