upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-20 23:00:56 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

- Code cleanup patch from Dag-Erling Smorgrav, with compiler issue

Browse source 
fixes from FreeBSD's copy of Unbound, he notes:
  Generate unbound-control-setup.sh at build time so it respects
  prefix and sysconfdir from the configure script.  Also fix the
  umask to match the comment, and the comment to match the umask.
  Add const and static where needed.  Use unions instead of
  playing pointer poker.  Move declarations that are needed in
  multiple source files into a shared header.  Move sldns_bgetc()
  from parse.c to buffer.c where it belongs.  Introduce a new
  header file, worker.h, which declares the callbacks that
  all workers must define.  Remove those declarations from
  libworker.h.	Include the correct headers in the correct places.
  Fix a few dummy callbacks that don't match their prototype.
  Fix some casts.  Hide the sbrk madness behind #ifdef HAVE_SBRK.
  Remove a useless printf which breaks reproducible builds.
  Get rid of CONFIGURE_{TARGET,DATE,BUILD_WITH} now that they're
  no longer used.  Add unbound-control-setup.sh to the list of
  generated files.



git-svn-id: file:///svn/unbound/trunk@3137 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2014-05-28 08:07:12 +00:00
parent 684fd0aa15
commit 3468dce5c2
22 changed files with 589 additions and 441 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
config.h.in
View file

@ -6,15 +6,6 @@
/* Pathname to the Unbound configuration file */
#undef CONFIGFILE
/* configure flags */
#undef CONFIGURE_BUILD_WITH
/* configure date */
#undef CONFIGURE_DATE
/* configure target system */
#undef CONFIGURE_TARGET
/* Define this if on macOSX10.4-darwin8 and setreuid and setregid do not work
*/
#undef DARWIN_BROKEN_SETREUID

287
configure vendored
View file

@ -702,6 +702,14 @@ FGREP
SED
LIBTOOL
AR
host_os
host_vendor
host_cpu
host
build_os
build_vendor
build_cpu
build
libtool
STRIP
doxygen
@ -730,18 +738,6 @@ CPPFLAGS
LDFLAGS
CFLAGS
CC
target_os
target_vendor
target_cpu
target
host_os
host_vendor
host_cpu
host
build_os
build_vendor
build_cpu
build
LIBUNBOUND_AGE
LIBUNBOUND_REVISION
LIBUNBOUND_CURRENT
@ -1441,7 +1437,6 @@ _ACEOF
System types:
--build=BUILD configure for building on BUILD [guessed]
--host=HOST cross-compile to build programs to run on HOST [BUILD]
--target=TARGET configure for building compilers for TARGET [HOST]
_ACEOF
fi
@ -2745,169 +2740,6 @@ LIBUNBOUND_AGE=2
pretty_cmdline() {
cmdline=""
while test -n "$1"; do
cmdline="$cmdline '"`echo $1 | sed -e 's/\\\\/\\\\\\\\/g' | sed -e 's/"/\\\\"/g' `"'"
shift
done
}
pretty_cmdline $@
cat >>confdefs.h <<_ACEOF
#define CONFIGURE_BUILD_WITH "$cmdline"
_ACEOF
ac_aux_dir=
for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
if test -f "$ac_dir/install-sh"; then
ac_aux_dir=$ac_dir
ac_install_sh="$ac_aux_dir/install-sh -c"
break
elif test -f "$ac_dir/install.sh"; then
ac_aux_dir=$ac_dir
ac_install_sh="$ac_aux_dir/install.sh -c"
break
elif test -f "$ac_dir/shtool"; then
ac_aux_dir=$ac_dir
ac_install_sh="$ac_aux_dir/shtool install -c"
break
fi
done
if test -z "$ac_aux_dir"; then
as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5
fi
# These three variables are undocumented and unsupported,
# and are intended to be withdrawn in a future Autoconf release.
# They can cause serious problems if a builder's source tree is in a directory
# whose full name contains unusual characters.
ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var.
ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var.
ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
# Make sure we can run config.sub.
$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
$as_echo_n "checking build system type... " >&6; }
if ${ac_cv_build+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_build_alias=$build_alias
test "x$ac_build_alias" = x &&
ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
test "x$ac_build_alias" = x &&
as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5
ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
$as_echo "$ac_cv_build" >&6; }
case $ac_cv_build in
*-*-*) ;;
*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;;
esac
build=$ac_cv_build
ac_save_IFS=$IFS; IFS='-'
set x $ac_cv_build
shift
build_cpu=$1
build_vendor=$2
shift; shift
# Remember, the first character of IFS is used to create $*,
# except with old shells:
build_os=$*
IFS=$ac_save_IFS
case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
$as_echo_n "checking host system type... " >&6; }
if ${ac_cv_host+:} false; then :
$as_echo_n "(cached) " >&6
else
if test "x$host_alias" = x; then
ac_cv_host=$ac_cv_build
else
ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5
fi
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
$as_echo "$ac_cv_host" >&6; }
case $ac_cv_host in
*-*-*) ;;
*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;;
esac
host=$ac_cv_host
ac_save_IFS=$IFS; IFS='-'
set x $ac_cv_host
shift
host_cpu=$1
host_vendor=$2
shift; shift
# Remember, the first character of IFS is used to create $*,
# except with old shells:
host_os=$*
IFS=$ac_save_IFS
case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking target system type" >&5
$as_echo_n "checking target system type... " >&6; }
if ${ac_cv_target+:} false; then :
$as_echo_n "(cached) " >&6
else
if test "x$target_alias" = x; then
ac_cv_target=$ac_cv_host
else
ac_cv_target=`$SHELL "$ac_aux_dir/config.sub" $target_alias` ||
as_fn_error $? "$SHELL $ac_aux_dir/config.sub $target_alias failed" "$LINENO" 5
fi
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_target" >&5
$as_echo "$ac_cv_target" >&6; }
case $ac_cv_target in
*-*-*) ;;
*) as_fn_error $? "invalid value of canonical target" "$LINENO" 5;;
esac
target=$ac_cv_target
ac_save_IFS=$IFS; IFS='-'
set x $ac_cv_target
shift
target_cpu=$1
target_vendor=$2
shift; shift
# Remember, the first character of IFS is used to create $*,
# except with old shells:
target_os=$*
IFS=$ac_save_IFS
case $target_os in *\ *) target_os=`echo "$target_os" | sed 's/ /-/g'`;; esac
# The aliases save the names the user supplied, while $host etc.
# will get canonicalized.
test -n "$target_alias" &&
test "$program_prefix$program_suffix$program_transform_name" = \
NONENONEs,x,x, &&
program_prefix=${target_alias}-
cat >>confdefs.h <<_ACEOF
#define CONFIGURE_TARGET "$target"
_ACEOF
cat >>confdefs.h <<_ACEOF
#define CONFIGURE_DATE "`date`"
_ACEOF
CFLAGS="$CFLAGS"
ac_ext=c
ac_cpp='$CPP $CPPFLAGS'
@ -6477,6 +6309,106 @@ else
STRIP="$ac_cv_prog_STRIP"
fi
ac_aux_dir=
for ac_dir in "$srcdir" "$srcdir/.." "$srcdir/../.."; do
if test -f "$ac_dir/install-sh"; then
ac_aux_dir=$ac_dir
ac_install_sh="$ac_aux_dir/install-sh -c"
break
elif test -f "$ac_dir/install.sh"; then
ac_aux_dir=$ac_dir
ac_install_sh="$ac_aux_dir/install.sh -c"
break
elif test -f "$ac_dir/shtool"; then
ac_aux_dir=$ac_dir
ac_install_sh="$ac_aux_dir/shtool install -c"
break
fi
done
if test -z "$ac_aux_dir"; then
as_fn_error $? "cannot find install-sh, install.sh, or shtool in \"$srcdir\" \"$srcdir/..\" \"$srcdir/../..\"" "$LINENO" 5
fi
# These three variables are undocumented and unsupported,
# and are intended to be withdrawn in a future Autoconf release.
# They can cause serious problems if a builder's source tree is in a directory
# whose full name contains unusual characters.
ac_config_guess="$SHELL $ac_aux_dir/config.guess" # Please don't use this var.
ac_config_sub="$SHELL $ac_aux_dir/config.sub" # Please don't use this var.
ac_configure="$SHELL $ac_aux_dir/configure" # Please don't use this var.
# Make sure we can run config.sub.
$SHELL "$ac_aux_dir/config.sub" sun4 >/dev/null 2>&1 ||
as_fn_error $? "cannot run $SHELL $ac_aux_dir/config.sub" "$LINENO" 5
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking build system type" >&5
$as_echo_n "checking build system type... " >&6; }
if ${ac_cv_build+:} false; then :
$as_echo_n "(cached) " >&6
else
ac_build_alias=$build_alias
test "x$ac_build_alias" = x &&
ac_build_alias=`$SHELL "$ac_aux_dir/config.guess"`
test "x$ac_build_alias" = x &&
as_fn_error $? "cannot guess build type; you must specify one" "$LINENO" 5
ac_cv_build=`$SHELL "$ac_aux_dir/config.sub" $ac_build_alias` ||
as_fn_error $? "$SHELL $ac_aux_dir/config.sub $ac_build_alias failed" "$LINENO" 5
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_build" >&5
$as_echo "$ac_cv_build" >&6; }
case $ac_cv_build in
*-*-*) ;;
*) as_fn_error $? "invalid value of canonical build" "$LINENO" 5;;
esac
build=$ac_cv_build
ac_save_IFS=$IFS; IFS='-'
set x $ac_cv_build
shift
build_cpu=$1
build_vendor=$2
shift; shift
# Remember, the first character of IFS is used to create $*,
# except with old shells:
build_os=$*
IFS=$ac_save_IFS
case $build_os in *\ *) build_os=`echo "$build_os" | sed 's/ /-/g'`;; esac
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking host system type" >&5
$as_echo_n "checking host system type... " >&6; }
if ${ac_cv_host+:} false; then :
$as_echo_n "(cached) " >&6
else
if test "x$host_alias" = x; then
ac_cv_host=$ac_cv_build
else
ac_cv_host=`$SHELL "$ac_aux_dir/config.sub" $host_alias` ||
as_fn_error $? "$SHELL $ac_aux_dir/config.sub $host_alias failed" "$LINENO" 5
fi
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_host" >&5
$as_echo "$ac_cv_host" >&6; }
case $ac_cv_host in
*-*-*) ;;
*) as_fn_error $? "invalid value of canonical host" "$LINENO" 5;;
esac
host=$ac_cv_host
ac_save_IFS=$IFS; IFS='-'
set x $ac_cv_host
shift
host_cpu=$1
host_vendor=$2
shift; shift
# Remember, the first character of IFS is used to create $*,
# except with old shells:
host_os=$*
IFS=$ac_save_IFS
case $host_os in *\ *) host_os=`echo "$host_os" | sed 's/ /-/g'`;; esac
# skip these tests, we do not need them.
@ -18368,7 +18300,7 @@ _ACEOF
ac_config_files="$ac_config_files Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1"
ac_config_files="$ac_config_files Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh"
ac_config_headers="$ac_config_headers config.h"
@ -19358,6 +19290,7 @@ do
"doc/unbound.conf.5") CONFIG_FILES="$CONFIG_FILES doc/unbound.conf.5" ;;
"doc/unbound-control.8") CONFIG_FILES="$CONFIG_FILES doc/unbound-control.8" ;;
"doc/unbound-host.1") CONFIG_FILES="$CONFIG_FILES doc/unbound-host.1" ;;
"smallapp/unbound-control-setup.sh") CONFIG_FILES="$CONFIG_FILES smallapp/unbound-control-setup.sh" ;;
"config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
*) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;

15
configure.ac
View file

@ -79,19 +79,6 @@ AC_SUBST(LIBUNBOUND_CURRENT)
AC_SUBST(LIBUNBOUND_REVISION)
AC_SUBST(LIBUNBOUND_AGE)
pretty_cmdline() {
cmdline=""
while test -n "$1"; do
cmdline="$cmdline '"`echo $1 | sed -e 's/\\\\/\\\\\\\\/g' | sed -e 's/"/\\\\"/g' `"'"
shift
done
}
pretty_cmdline $@
AC_DEFINE_UNQUOTED(CONFIGURE_BUILD_WITH, ["$cmdline"], [configure flags])
AC_CANONICAL_TARGET
AC_DEFINE_UNQUOTED(CONFIGURE_TARGET, ["$target"], [configure target system])
AC_DEFINE_UNQUOTED(CONFIGURE_DATE, ["`date`"], [configure date])
CFLAGS="$CFLAGS"
AC_AIX
if test "$ac_cv_header_minix_config_h" = "yes"; then
@ -1224,6 +1211,6 @@ void *unbound_stat_realloc_log(void *ptr, size_t size, const char* file,
])
AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1])
AC_CONFIG_FILES([Makefile doc/example.conf doc/libunbound.3 doc/unbound.8 doc/unbound-anchor.8 doc/unbound-checkconf.8 doc/unbound.conf.5 doc/unbound-control.8 doc/unbound-host.1 smallapp/unbound-control-setup.sh])
AC_CONFIG_HEADER([config.h])
AC_OUTPUT

2
daemon/cachedump.c
View file

@ -229,7 +229,7 @@ copy_msg(struct regional* region, struct lruhash_entry* e,
sizeof(struct ub_packed_rrset_key*) * rep->rrset_count);
if(!*d)
return 0;
(*d)->rrsets = (struct ub_packed_rrset_key**)(
(*d)->rrsets = (struct ub_packed_rrset_key**)(void *)(
(uint8_t*)(&((*d)->ref[0])) +
sizeof(struct rrset_ref) * rep->rrset_count);
*k = (struct query_info*)regional_alloc_init(region,

4
daemon/remote.c
View file

@ -651,7 +651,7 @@ print_thread_stats(SSL* ssl, int i, struct stats_info* s)
/** print long number */
static int
print_longnum(SSL* ssl, char* desc, size_t x)
print_longnum(SSL* ssl, const char* desc, size_t x)
{
if(x > 1024*1024*1024) {
/* more than a Gb */
@ -1463,7 +1463,7 @@ do_flush_name(SSL* ssl, struct worker* w, char* arg)
/** printout a delegation point info */
static int
ssl_print_name_dp(SSL* ssl, char* str, uint8_t* nm, uint16_t dclass,
ssl_print_name_dp(SSL* ssl, const char* str, uint8_t* nm, uint16_t dclass,
struct delegpt* dp)
{
char buf[257];

9
daemon/remote.h
View file

@ -157,12 +157,6 @@ void daemon_remote_start_accept(struct daemon_remote* rc);
*/
void daemon_remote_exec(struct worker* worker);
/** handle remote control accept callbacks */
int remote_accept_callback(struct comm_point*, void*, int, struct comm_reply*);
/** handle remote control data callbacks */
int remote_control_callback(struct comm_point*, void*, int, struct comm_reply*);
#ifdef HAVE_SSL
/**
* Print fixed line of text over ssl connection in blocking mode
@ -192,7 +186,4 @@ int ssl_printf(SSL* ssl, const char* format, ...)
int ssl_read_line(SSL* ssl, char* buf, size_t max);
#endif /* HAVE_SSL */
/** routine to printout option values over SSL */
void remote_get_opt_ssl(char* line, void* arg);
#endif /* DAEMON_REMOTE_H */

5
daemon/unbound.c
View file

@ -53,6 +53,7 @@
#include "services/listen_dnsport.h"
#include "services/cache/rrset.h"
#include "services/cache/infra.h"
#include "util/fptr_wlist.h"
#include "util/data/msgreply.h"
#include "util/module.h"
#include "util/net_help.h"
@ -101,8 +102,10 @@
# include "nss.h"
#endif
#ifdef HAVE_SBRK
/** global debug value to keep track of heap memory allocation */
void* unbound_start_brk = 0;
#endif
#if !defined(HAVE_EVENT_BASE_GET_METHOD) && (defined(HAVE_EV_LOOP) || defined(HAVE_EV_DEFAULT_LOOP))
static const char* ev_backend2str(int b)
@ -183,8 +186,6 @@ static void usage()
for(m = module_list_avail(); *m; m++)
printf(" %s", *m);
printf("\n");
printf("configured for %s on %s with options:%s\n",
CONFIGURE_TARGET, CONFIGURE_DATE, CONFIGURE_BUILD_WITH);
printf("BSD licensed, see LICENSE in source package for details.\n");
printf("Report bugs to %s\n", PACKAGE_BUGREPORT);
}

19
daemon/worker.c
View file

@ -69,6 +69,8 @@
#include "iterator/iter_hints.h"
#include "validator/autotrust.h"
#include "validator/val_anchor.h"
#include "libunbound/context.h"
#include "libunbound/libworker.h"
#include "ldns/sbuffer.h"
#ifdef HAVE_SYS_TYPES_H
@ -718,7 +720,7 @@ answer_chaos(struct worker* w, struct query_info* qinfo,
return 0;
}
int
static int
deny_refuse(struct comm_point* c, enum acl_access acl,
enum acl_access deny, enum acl_access refuse,
struct worker* worker, struct comm_reply* repinfo)
@ -750,14 +752,14 @@ deny_refuse(struct comm_point* c, enum acl_access acl,
return -1;
}
int
static int
deny_refuse_all(struct comm_point* c, enum acl_access acl,
struct worker* worker, struct comm_reply* repinfo)
{
return deny_refuse(c, acl, acl_deny, acl_refuse, worker, repinfo);
}
int
static int
deny_refuse_non_local(struct comm_point* c, enum acl_access acl,
struct worker* worker, struct comm_reply* repinfo)
{
@ -846,7 +848,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
verbose(VERB_ALGO, "query with bad edns version.");
log_addr(VERB_CLIENT,"from",&repinfo->addr, repinfo->addrlen);
error_encode(c->buffer, EDNS_RCODE_BADVERS&0xf, &qinfo,
*(uint16_t*)sldns_buffer_begin(c->buffer),
*(uint16_t*)(void *)sldns_buffer_begin(c->buffer),
sldns_buffer_read_u16_at(c->buffer, 2), NULL);
attach_edns_record(c->buffer, &edns);
return 1;
@ -928,7 +930,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
/* answer from cache - we have acquired a readlock on it */
if(answer_from_cache(worker, &qinfo,
(struct reply_info*)e->data,
*(uint16_t*)sldns_buffer_begin(c->buffer),
*(uint16_t*)(void *)sldns_buffer_begin(c->buffer),
sldns_buffer_read_u16_at(c->buffer, 2), repinfo,
&edns)) {
/* prefetch it if the prefetch TTL expired */
@ -950,7 +952,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
}
if(!LDNS_RD_WIRE(sldns_buffer_begin(c->buffer))) {
if(answer_norec_from_cache(worker, &qinfo,
*(uint16_t*)sldns_buffer_begin(c->buffer),
*(uint16_t*)(void *)sldns_buffer_begin(c->buffer),
sldns_buffer_read_u16_at(c->buffer, 2), repinfo,
&edns)) {
return 1;
@ -972,7 +974,7 @@ worker_handle_request(struct comm_point* c, void* arg, int error,
/* grab a work request structure for this new request */
mesh_new_client(worker->env.mesh, &qinfo,
sldns_buffer_read_u16_at(c->buffer, 2),
&edns, repinfo, *(uint16_t*)sldns_buffer_begin(c->buffer));
&edns, repinfo, *(uint16_t*)(void *)sldns_buffer_begin(c->buffer));
worker_mem_report(worker, NULL);
return 0;
}
@ -1349,7 +1351,8 @@ struct outbound_entry* libworker_send_query(uint8_t* ATTR_UNUSED(qname),
uint16_t ATTR_UNUSED(qclass), uint16_t ATTR_UNUSED(flags),
int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec),
struct sockaddr_storage* ATTR_UNUSED(addr),
socklen_t ATTR_UNUSED(addrlen), struct module_qstate* ATTR_UNUSED(q))
socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone),
size_t ATTR_UNUSED(zonelen), struct module_qstate* ATTR_UNUSED(q))
{
log_assert(0);
return 0;

69
daemon/worker.h
View file

@ -43,6 +43,7 @@
#ifndef DAEMON_WORKER_H
#define DAEMON_WORKER_H
#include "libunbound/worker.h"
#include "util/netevent.h"
#include "util/locks.h"
#include "util/alloc.h"
@ -157,78 +158,10 @@ void worker_delete(struct worker* worker);
*/
void worker_send_cmd(struct worker* worker, enum worker_commands cmd);
/**
* Worker signal handler function. User argument is the worker itself.
* @param sig: signal number.
* @param arg: the worker (main worker) that handles signals.
*/
void worker_sighandler(int sig, void* arg);
/**
* Worker service routine to send serviced queries to authoritative servers.
* @param qname: query name. (host order)
* @param qnamelen: length in bytes of qname, including trailing 0.
* @param qtype: query type. (host order)
* @param qclass: query class. (host order)
* @param flags: host order flags word, with opcode and CD bit.
* @param dnssec: if set, EDNS record will have DO bit set.
* @param want_dnssec: signatures needed.
* @param addr: where to.
* @param addrlen: length of addr.
* @param zone: wireformat dname of the zone.
* @param zonelen: length of zone name.
* @param q: wich query state to reactivate upon return.
* @return: false on failure (memory or socket related). no query was
* sent.
*/
struct outbound_entry* worker_send_query(uint8_t* qname, size_t qnamelen,
uint16_t qtype, uint16_t qclass, uint16_t flags, int dnssec,
int want_dnssec, struct sockaddr_storage* addr, socklen_t addrlen,
uint8_t* zone, size_t zonelen, struct module_qstate* q);
/**
* process control messages from the main thread. Frees the control
* command message.
* @param tube: tube control message came on.
* @param msg: message contents. Is freed.
* @param len: length of message.
* @param error: if error (NETEVENT_*) happened.
* @param arg: user argument
*/
void worker_handle_control_cmd(struct tube* tube, uint8_t* msg, size_t len,
int error, void* arg);
/** handles callbacks from listening event interface */
int worker_handle_request(struct comm_point* c, void* arg, int error,
struct comm_reply* repinfo);
/** process incoming replies from the network */
int worker_handle_reply(struct comm_point* c, void* arg, int error,
struct comm_reply* reply_info);
/** process incoming serviced query replies from the network */
int worker_handle_service_reply(struct comm_point* c, void* arg, int error,
struct comm_reply* reply_info);
/** cleanup the cache to remove all rrset IDs from it, arg is worker */
void worker_alloc_cleanup(void* arg);
/**
* Init worker stats - includes server_stats_init, outside network and mesh.
* @param worker: the worker to init
*/
void worker_stats_clear(struct worker* worker);
/** statistics timer callback handler */
void worker_stat_timer_cb(void* arg);
/** probe timer callback handler */
void worker_probe_timer_cb(void* arg);
/** start accept callback handler */
void worker_start_accept(void* arg);
/** stop accept callback handler */
void worker_stop_accept(void* arg);
#endif /* DAEMON_WORKER_H */

20
doc/Changelog
View file

@ -1,3 +1,23 @@
28 May 2014: Wouter
- Code cleanup patch from Dag-Erling Smorgrav, with compiler issue
fixes from FreeBSD's copy of Unbound, he notes:
Generate unbound-control-setup.sh at build time so it respects
prefix and sysconfdir from the configure script. Also fix the
umask to match the comment, and the comment to match the umask.
Add const and static where needed. Use unions instead of
playing pointer poker. Move declarations that are needed in
multiple source files into a shared header. Move sldns_bgetc()
from parse.c to buffer.c where it belongs. Introduce a new
header file, worker.h, which declares the callbacks that
all workers must define. Remove those declarations from
libworker.h. Include the correct headers in the correct places.
Fix a few dummy callbacks that don't match their prototype.
Fix some casts. Hide the sbrk madness behind #ifdef HAVE_SBRK.
Remove a useless printf which breaks reproducible builds.
Get rid of CONFIGURE_{TARGET,DATE,BUILD_WITH} now that they're
no longer used. Add unbound-control-setup.sh to the list of
generated files.
23 May 2014: Wouter
- unbound-host -D enabled dnssec and reads root trust anchor from
the default root key file that was compiled in.

11
ldns/parse.c
View file

@ -218,6 +218,17 @@ sldns_fget_keyword_data_l(FILE *f, const char *keyword, const char *k_del, char
}
}
int
sldns_bgetc(sldns_buffer *buffer)
{
if (!sldns_buffer_available_at(buffer, buffer->_position, sizeof(uint8_t))) {
sldns_buffer_set_position(buffer, sldns_buffer_limit(buffer));
/* sldns_buffer_rewind(buffer);*/
return EOF;
}
return (int)sldns_buffer_read_u8(buffer);
}
ssize_t
sldns_bget_token(sldns_buffer *b, char *token, const char *delim, size_t limit)
{

11
ldns/sbuffer.c
View file

@ -165,17 +165,6 @@ sldns_buffer_export(sldns_buffer *buffer)
return buffer->_data;
}
int
sldns_bgetc(sldns_buffer *buffer)
{
if (!sldns_buffer_available_at(buffer, buffer->_position, sizeof(uint8_t))) {
sldns_buffer_set_position(buffer, sldns_buffer_limit(buffer));
/* sldns_buffer_rewind(buffer);*/
return EOF;
}
return (int)sldns_buffer_read_u8(buffer);
}
void
sldns_buffer_copy(sldns_buffer* result, sldns_buffer* from)
{

5
libunbound/libworker.c
View file

@ -48,12 +48,14 @@
#include "libunbound/libworker.h"
#include "libunbound/context.h"
#include "libunbound/unbound.h"
#include "libunbound/worker.h"
#include "libunbound/unbound-event.h"
#include "services/outside_network.h"
#include "services/mesh.h"
#include "services/localzone.h"
#include "services/cache/rrset.h"
#include "services/outbound_list.h"
#include "util/fptr_wlist.h"
#include "util/module.h"
#include "util/regional.h"
#include "util/random.h"
@ -952,7 +954,8 @@ struct outbound_entry* worker_send_query(uint8_t* ATTR_UNUSED(qname),
uint16_t ATTR_UNUSED(qclass), uint16_t ATTR_UNUSED(flags),
int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec),
struct sockaddr_storage* ATTR_UNUSED(addr),
socklen_t ATTR_UNUSED(addrlen), struct module_qstate* ATTR_UNUSED(q))
socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone),
size_t ATTR_UNUSED(zonelen), struct module_qstate* ATTR_UNUSED(q))
{
log_assert(0);
return 0;

52
libunbound/libworker.h
View file

@ -41,8 +41,8 @@
* and if in the background continues until exit, if in the foreground
* returns from the procedure when done.
*/
#ifndef LIBUNBOUND_WORKER_H
#define LIBUNBOUND_WORKER_H
#ifndef LIBUNBOUND_LIBWORKER_H
#define LIBUNBOUND_LIBWORKER_H
#include "util/data/packed_rrset.h"
struct ub_ctx;
struct ub_result;
@ -136,52 +136,6 @@ void libworker_delete_event(struct libworker* w);
/** cleanup the cache to remove all rrset IDs from it, arg is libworker */
void libworker_alloc_cleanup(void* arg);
/**
* Worker service routine to send serviced queries to authoritative servers.
* @param qname: query name. (host order)
* @param qnamelen: length in bytes of qname, including trailing 0.
* @param qtype: query type. (host order)
* @param qclass: query class. (host order)
* @param flags: host order flags word, with opcode and CD bit.
* @param dnssec: if set, EDNS record will have DO bit set.
* @param want_dnssec: signatures needed.
* @param addr: where to.
* @param addrlen: length of addr.
* @param zone: delegation point name.
* @param zonelen: length of zone name wireformat dname.
* @param q: wich query state to reactivate upon return.
* @return: false on failure (memory or socket related). no query was
* sent.
*/
struct outbound_entry* libworker_send_query(uint8_t* qname, size_t qnamelen,
uint16_t qtype, uint16_t qclass, uint16_t flags, int dnssec,
int want_dnssec, struct sockaddr_storage* addr, socklen_t addrlen,
uint8_t* zone, size_t zonelen, struct module_qstate* q);
/** process incoming replies from the network */
int libworker_handle_reply(struct comm_point* c, void* arg, int error,
struct comm_reply* reply_info);
/** process incoming serviced query replies from the network */
int libworker_handle_service_reply(struct comm_point* c, void* arg, int error,
struct comm_reply* reply_info);
/** handle control command coming into server */
void libworker_handle_control_cmd(struct tube* tube, uint8_t* msg, size_t len,
int err, void* arg);
/** handle opportunity to write result back */
void libworker_handle_result_write(struct tube* tube, uint8_t* msg, size_t len,
int err, void* arg);
/** mesh callback with fg results */
void libworker_fg_done_cb(void* arg, int rcode, struct sldns_buffer* buf,
enum sec_status s, char* why_bogus);
/** mesh callback with bg results */
void libworker_bg_done_cb(void* arg, int rcode, struct sldns_buffer* buf,
enum sec_status s, char* why_bogus);
/** mesh callback with event results */
void libworker_event_done_cb(void* arg, int rcode, struct sldns_buffer* buf,
enum sec_status s, char* why_bogus);
@ -198,4 +152,4 @@ void libworker_event_done_cb(void* arg, int rcode, struct sldns_buffer* buf,
void libworker_enter_result(struct ub_result* res, struct sldns_buffer* buf,
struct regional* temp, enum sec_status msg_security);
#endif /* LIBUNBOUND_WORKER_H */
#endif /* LIBUNBOUND_LIBWORKER_H */

171
libunbound/worker.h Normal file
View file

@ -0,0 +1,171 @@
/*
* libunbound/worker.h - prototypes for worker methods.
*
* Copyright (c) 2007, NLnet Labs. All rights reserved.
*
* This software is open source.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
*
* Redistributions of source code must retain the above copyright notice,
* this list of conditions and the following disclaimer.
*
* Redistributions in binary form must reproduce the above copyright notice,
* this list of conditions and the following disclaimer in the documentation
* and/or other materials provided with the distribution.
*
* Neither the name of the NLNET LABS nor the names of its contributors may
* be used to endorse or promote products derived from this software without
* specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
* TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
* PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
*/
/**
* \file
*
* This file declares the methods any worker has to implement.
*/
#ifndef LIBUNBOUND_WORKER_H
#define LIBUNBOUND_WORKER_H
#include "ldns/sbuffer.h"
#include "util/data/packed_rrset.h" /* for enum sec_status */
struct comm_reply;
struct comm_point;
struct module_qstate;
struct tube;
/**
* Worker service routine to send serviced queries to authoritative servers.
* @param qname: query name. (host order)
* @param qnamelen: length in bytes of qname, including trailing 0.
* @param qtype: query type. (host order)
* @param qclass: query class. (host order)
* @param flags: host order flags word, with opcode and CD bit.
* @param dnssec: if set, EDNS record will have DO bit set.
* @param want_dnssec: signatures needed.
* @param addr: where to.
* @param addrlen: length of addr.
* @param zone: delegation point name.
* @param zonelen: length of zone name wireformat dname.
* @param q: wich query state to reactivate upon return.
* @return: false on failure (memory or socket related). no query was
* sent.
*/
struct outbound_entry* libworker_send_query(uint8_t* qname, size_t qnamelen,
uint16_t qtype, uint16_t qclass, uint16_t flags, int dnssec,
int want_dnssec, struct sockaddr_storage* addr, socklen_t addrlen,
uint8_t* zone, size_t zonelen, struct module_qstate* q);
/** process incoming replies from the network */
int libworker_handle_reply(struct comm_point* c, void* arg, int error,
struct comm_reply* reply_info);
/** process incoming serviced query replies from the network */
int libworker_handle_service_reply(struct comm_point* c, void* arg, int error,
struct comm_reply* reply_info);
/** handle control command coming into server */
void libworker_handle_control_cmd(struct tube* tube, uint8_t* msg, size_t len,
int err, void* arg);
/** mesh callback with fg results */
void libworker_fg_done_cb(void* arg, int rcode, sldns_buffer* buf,
enum sec_status s, char* why_bogus);
/** mesh callback with bg results */
void libworker_bg_done_cb(void* arg, int rcode, sldns_buffer* buf,
enum sec_status s, char* why_bogus);
/**
* Worker signal handler function. User argument is the worker itself.
* @param sig: signal number.
* @param arg: the worker (main worker) that handles signals.
*/
void worker_sighandler(int sig, void* arg);
/**
* Worker service routine to send serviced queries to authoritative servers.
* @param qname: query name. (host order)
* @param qnamelen: length in bytes of qname, including trailing 0.
* @param qtype: query type. (host order)
* @param qclass: query class. (host order)
* @param flags: host order flags word, with opcode and CD bit.
* @param dnssec: if set, EDNS record will have DO bit set.
* @param want_dnssec: signatures needed.
* @param addr: where to.
* @param addrlen: length of addr.
* @param zone: wireformat dname of the zone.
* @param zonelen: length of zone name.
* @param q: wich query state to reactivate upon return.
* @return: false on failure (memory or socket related). no query was
* sent.
*/
struct outbound_entry* worker_send_query(uint8_t* qname, size_t qnamelen,
uint16_t qtype, uint16_t qclass, uint16_t flags, int dnssec,
int want_dnssec, struct sockaddr_storage* addr, socklen_t addrlen,
uint8_t* zone, size_t zonelen, struct module_qstate* q);
/**
* process control messages from the main thread. Frees the control
* command message.
* @param tube: tube control message came on.
* @param msg: message contents. Is freed.
* @param len: length of message.
* @param error: if error (NETEVENT_*) happened.
* @param arg: user argument
*/
void worker_handle_control_cmd(struct tube* tube, uint8_t* msg, size_t len,
int error, void* arg);
/** handles callbacks from listening event interface */
int worker_handle_request(struct comm_point* c, void* arg, int error,
struct comm_reply* repinfo);
/** process incoming replies from the network */
int worker_handle_reply(struct comm_point* c, void* arg, int error,
struct comm_reply* reply_info);
/** process incoming serviced query replies from the network */
int worker_handle_service_reply(struct comm_point* c, void* arg, int error,
struct comm_reply* reply_info);
/** cleanup the cache to remove all rrset IDs from it, arg is worker */
void worker_alloc_cleanup(void* arg);
/** statistics timer callback handler */
void worker_stat_timer_cb(void* arg);
/** probe timer callback handler */
void worker_probe_timer_cb(void* arg);
/** start accept callback handler */
void worker_start_accept(void* arg);
/** stop accept callback handler */
void worker_stop_accept(void* arg);
/** handle remote control accept callbacks */
int remote_accept_callback(struct comm_point*, void*, int, struct comm_reply*);
/** handle remote control data callbacks */
int remote_control_callback(struct comm_point*, void*, int, struct comm_reply*);
/** routine to printout option values over SSL */
void remote_get_opt_ssl(char* line, void* arg);
#endif /* LIBUNBOUND_WORKER_H */

129
smallapp/unbound-anchor.c
View file

@ -244,7 +244,7 @@ get_builtin_ds(void)
/** print hex data */
static void
print_data(char* msg, char* data, int len)
print_data(const char* msg, const char* data, int len)
{
int i;
printf("%s: ", msg);
@ -268,8 +268,8 @@ ub_ctx_error_exit(struct ub_ctx* ctx, const char* str, const char* str2)
* Create a new unbound context with the commandline settings applied
*/
static struct ub_ctx*
create_unbound_context(char* res_conf, char* root_hints, char* debugconf,
int ip4only, int ip6only)
create_unbound_context(const char* res_conf, const char* root_hints,
const char* debugconf, int ip4only, int ip6only)
{
int r;
struct ub_ctx* ctx = ub_ctx_create();
@ -306,7 +306,7 @@ create_unbound_context(char* res_conf, char* root_hints, char* debugconf,
/** printout certificate in detail */
static void
verb_cert(char* msg, X509* x)
verb_cert(const char* msg, X509* x)
{
if(verb == 0 || verb == 1) return;
if(verb == 2) {
@ -322,7 +322,7 @@ verb_cert(char* msg, X509* x)
/** printout certificates in detail */
static void
verb_certs(char* msg, STACK_OF(X509)* sk)
verb_certs(const char* msg, STACK_OF(X509)* sk)
{
int i, num = sk_X509_num(sk);
if(verb == 0 || verb == 1) return;
@ -360,7 +360,7 @@ read_cert_bio(BIO* bio)
/* read the certificate file */
static STACK_OF(X509)*
read_cert_file(char* file)
read_cert_file(const char* file)
{
STACK_OF(X509)* sk;
FILE* in;
@ -435,7 +435,7 @@ read_builtin_cert(void)
/** read update cert file or use builtin */
static STACK_OF(X509)*
read_cert_or_builtin(char* file)
read_cert_or_builtin(const char* file)
{
STACK_OF(X509) *sk = read_cert_file(file);
if(!sk) {
@ -459,7 +459,7 @@ do_list_builtin(void)
/** printout IP address with message */
static void
verb_addr(char* msg, struct ip_list* ip)
verb_addr(const char* msg, struct ip_list* ip)
{
if(verb) {
char out[100];
@ -526,7 +526,7 @@ RR_to_ip(int tp, char* data, int len, int port)
/** Resolve name, type, class and add addresses to iplist */
static void
resolve_host_ip(struct ub_ctx* ctx, char* host, int port, int tp, int cl,
resolve_host_ip(struct ub_ctx* ctx, const char* host, int port, int tp, int cl,
struct ip_list** head)
{
struct ub_result* res = NULL;
@ -561,29 +561,27 @@ resolve_host_ip(struct ub_ctx* ctx, char* host, int port, int tp, int cl,
/** parse a text IP address into a sockaddr */
static struct ip_list*
parse_ip_addr(char* str, int port)
parse_ip_addr(const char* str, int port)
{
socklen_t len = 0;
struct sockaddr_storage* addr = NULL;
struct sockaddr_in6 a6;
struct sockaddr_in a;
union {
struct sockaddr_in6 a6;
struct sockaddr_in a;
} addr;
struct ip_list* ip;
uint16_t p = (uint16_t)port;
memset(&a6, 0, sizeof(a6));
memset(&a, 0, sizeof(a));
memset(&addr, 0, sizeof(addr));
if(inet_pton(AF_INET6, str, &a6.sin6_addr) > 0) {
if(inet_pton(AF_INET6, str, &addr.a6.sin6_addr) > 0) {
/* it is an IPv6 */
a6.sin6_family = AF_INET6;
a6.sin6_port = (in_port_t)htons(p);
addr = (struct sockaddr_storage*)&a6;
len = (socklen_t)sizeof(struct sockaddr_in6);
addr.a6.sin6_family = AF_INET6;
addr.a6.sin6_port = (in_port_t)htons(p);
len = (socklen_t)sizeof(addr.a6);
}
if(inet_pton(AF_INET, str, &a.sin_addr) > 0) {
if(inet_pton(AF_INET, str, &addr.a.sin_addr) > 0) {
/* it is an IPv4 */
a.sin_family = AF_INET;
a.sin_port = (in_port_t)htons(p);
addr = (struct sockaddr_storage*)&a;
addr.a.sin_family = AF_INET;
addr.a.sin_port = (in_port_t)htons(p);
len = (socklen_t)sizeof(struct sockaddr_in);
}
if(!len) return NULL;
@ -593,7 +591,7 @@ parse_ip_addr(char* str, int port)
exit(0);
}
ip->len = len;
memmove(&ip->addr, addr, len);
memmove(&ip->addr, &addr, len);
if(verb) printf("server address is %s\n", str);
return ip;
}
@ -613,8 +611,8 @@ parse_ip_addr(char* str, int port)
* @return list of IP addresses.
*/
static struct ip_list*
resolve_name(char* host, int port, char* res_conf, char* root_hints,
char* debugconf, int ip4only, int ip6only)
resolve_name(const char* host, int port, const char* res_conf,
const char* root_hints, const char* debugconf, int ip4only, int ip6only)
{
struct ub_ctx* ctx;
struct ip_list* list = NULL;
@ -810,7 +808,7 @@ TLS_shutdown(int fd, SSL* ssl, SSL_CTX* sslctx)
/** write a line over SSL */
static int
write_ssl_line(SSL* ssl, char* str, char* sec)
write_ssl_line(SSL* ssl, const char* str, const char* sec)
{
char buf[1024];
size_t l;
@ -1029,7 +1027,7 @@ do_chunked_read(SSL* ssl)
/** start HTTP1.1 transaction on SSL */
static int
write_http_get(SSL* ssl, char* pathname, char* urlname)
write_http_get(SSL* ssl, const char* pathname, const char* urlname)
{
if(write_ssl_line(ssl, "GET /%s HTTP/1.1", pathname) &&
write_ssl_line(ssl, "Host: %s", urlname) &&
@ -1100,7 +1098,7 @@ read_http_result(SSL* ssl)
/** https to an IP addr, return BIO with pathname or NULL */
static BIO*
https_to_ip(struct ip_list* ip, char* pathname, char* urlname)
https_to_ip(struct ip_list* ip, const char* pathname, const char* urlname)
{
int fd;
SSL* ssl;
@ -1140,7 +1138,7 @@ https_to_ip(struct ip_list* ip, char* pathname, char* urlname)
* @return a memory BIO with the file in it.
*/
static BIO*
https(struct ip_list* ip_list, char* pathname, char* urlname)
https(struct ip_list* ip_list, const char* pathname, const char* urlname)
{
struct ip_list* ip;
BIO* bio = NULL;
@ -1222,7 +1220,7 @@ xml_selectbio(struct xml_data* data, const char* tag)
* NOT zero terminated.
* @param len: length of this part of the data.
*/
void
static void
xml_charhandle(void *userData, const XML_Char *s, int len)
{
struct xml_data* data = (struct xml_data*)userData;
@ -1265,7 +1263,7 @@ xml_charhandle(void *userData, const XML_Char *s, int len)
* @return the value or NULL. (ptr into atts).
*/
static const XML_Char*
find_att(const XML_Char **atts, XML_Char* name)
find_att(const XML_Char **atts, const XML_Char* name)
{
int i;
for(i=0; atts[i]; i+=2) {
@ -1379,7 +1377,7 @@ handle_keydigest(struct xml_data* data, const XML_Char **atts)
/** See if XML element equals the zone name */
static int
xml_is_zone_name(BIO* zone, char* name)
xml_is_zone_name(BIO* zone, const char* name)
{
char buf[1024];
char* z = NULL;
@ -1611,8 +1609,6 @@ xml_parse(BIO* xml, time_t now)
XML_ParserFree(parser);
if(verb >= 4) {
char* pp = NULL;
int len;
(void)BIO_seek(data.ds, 0);
len = BIO_get_mem_data(data.ds, &pp);
printf("got DS bio %d: '", len);
@ -1655,7 +1651,7 @@ get_usage_of_ex(X509* cert)
/** get valid signers from the list of signers in the signature */
static STACK_OF(X509)*
get_valid_signers(PKCS7* p7, char* p7signer)
get_valid_signers(PKCS7* p7, const char* p7signer)
{
int i;
STACK_OF(X509)* validsigners = sk_X509_new_null();
@ -1738,7 +1734,7 @@ get_valid_signers(PKCS7* p7, char* p7signer)
/** verify a PKCS7 signature, false on failure */
static int
verify_p7sig(BIO* data, BIO* p7s, STACK_OF(X509)* trust, char* p7signer)
verify_p7sig(BIO* data, BIO* p7s, STACK_OF(X509)* trust, const char* p7signer)
{
PKCS7* p7;
X509_STORE *store = X509_STORE_new();
@ -1816,7 +1812,7 @@ verify_p7sig(BIO* data, BIO* p7s, STACK_OF(X509)* trust, char* p7signer)
/** write unsigned root anchor file, a 5011 revoked tp */
static void
write_unsigned_root(char* root_anchor_file)
write_unsigned_root(const char* root_anchor_file)
{
FILE* out;
time_t now = time(NULL);
@ -1842,7 +1838,7 @@ write_unsigned_root(char* root_anchor_file)
/** write root anchor file */
static void
write_root_anchor(char* root_anchor_file, BIO* ds)
write_root_anchor(const char* root_anchor_file, BIO* ds)
{
char* pp = NULL;
int len;
@ -1868,8 +1864,8 @@ write_root_anchor(char* root_anchor_file, BIO* ds)
/** Perform the verification and update of the trustanchor file */
static void
verify_and_update_anchor(char* root_anchor_file, BIO* xml, BIO* p7s,
STACK_OF(X509)* cert, char* p7signer)
verify_and_update_anchor(const char* root_anchor_file, BIO* xml, BIO* p7s,
STACK_OF(X509)* cert, const char* p7signer)
{
BIO* ds;
@ -1897,10 +1893,11 @@ static void do_wsa_cleanup(void) { WSACleanup(); }
/** perform actual certupdate work */
static int
do_certupdate(char* root_anchor_file, char* root_cert_file,
char* urlname, char* xmlname, char* p7sname, char* p7signer,
char* res_conf, char* root_hints, char* debugconf,
int ip4only, int ip6only, int port, struct ub_result* dnskey)
do_certupdate(const char* root_anchor_file, const char* root_cert_file,
const char* urlname, const char* xmlname, const char* p7sname,
const char* p7signer, const char* res_conf, const char* root_hints,
const char* debugconf, int ip4only, int ip6only, int port,
struct ub_result* dnskey)
{
STACK_OF(X509)* cert;
BIO *xml, *p7s;
@ -1954,7 +1951,7 @@ do_certupdate(char* root_anchor_file, char* root_cert_file,
* 2 if it is OK.
*/
static int
try_read_anchor(char* file)
try_read_anchor(const char* file)
{
int empty = 1;
char line[10240];
@ -1998,7 +1995,7 @@ try_read_anchor(char* file)
/** Write the builtin root anchor to a file */
static void
write_builtin_anchor(char* file)
write_builtin_anchor(const char* file)
{
const char* builtin_root_anchor = get_builtin_ds();
FILE* out = fopen(file, "w");
@ -2024,7 +2021,7 @@ write_builtin_anchor(char* file)
* @return 0 if trustpoint is insecure, 1 on success. Exit on failure.
*/
static int
provide_builtin(char* root_anchor_file, int* used_builtin)
provide_builtin(const char* root_anchor_file, int* used_builtin)
{
/* try to read it */
switch(try_read_anchor(root_anchor_file))
@ -2046,7 +2043,7 @@ provide_builtin(char* root_anchor_file, int* used_builtin)
* add an autotrust anchor for the root to the context
*/
static void
add_5011_probe_root(struct ub_ctx* ctx, char* root_anchor_file)
add_5011_probe_root(struct ub_ctx* ctx, const char* root_anchor_file)
{
int r;
r = ub_ctx_set_option(ctx, "auto-trust-anchor-file:", root_anchor_file);
@ -2083,7 +2080,7 @@ prime_root_key(struct ub_ctx* ctx)
/** see if ADDPEND keys exist in autotrust file (if possible) */
static int
read_if_pending_keys(char* file)
read_if_pending_keys(const char* file)
{
FILE* in = fopen(file, "r");
char line[8192];
@ -2105,7 +2102,7 @@ read_if_pending_keys(char* file)
/** read last successful probe time from autotrust file (if possible) */
static int32_t
read_last_success_time(char* file)
read_last_success_time(const char* file)
{
FILE* in = fopen(file, "r");
char line[1024];
@ -2142,7 +2139,7 @@ read_last_success_time(char* file)
* @return true if certupdate is ok.
*/
static int
probe_date_allows_certupdate(char* root_anchor_file)
probe_date_allows_certupdate(const char* root_anchor_file)
{
int has_pending_keys = read_if_pending_keys(root_anchor_file);
int32_t last_success = read_last_success_time(root_anchor_file);
@ -2180,10 +2177,10 @@ probe_date_allows_certupdate(char* root_anchor_file)
/** perform the unbound-anchor work */
static int
do_root_update_work(char* root_anchor_file, char* root_cert_file,
char* urlname, char* xmlname, char* p7sname, char* p7signer,
char* res_conf, char* root_hints, char* debugconf,
int ip4only, int ip6only, int force, int port)
do_root_update_work(const char* root_anchor_file, const char* root_cert_file,
const char* urlname, const char* xmlname, const char* p7sname,
const char* p7signer, const char* res_conf, const char* root_hints,
const char* debugconf, int ip4only, int ip6only, int force, int port)
{
struct ub_ctx* ctx;
struct ub_result* dnskey;
@ -2233,15 +2230,15 @@ extern char* optarg;
int main(int argc, char* argv[])
{
int c;
char* root_anchor_file = ROOT_ANCHOR_FILE;
char* root_cert_file = ROOT_CERT_FILE;
char* urlname = URLNAME;
char* xmlname = XMLNAME;
char* p7sname = P7SNAME;
char* p7signer = P7SIGNER;
char* res_conf = NULL;
char* root_hints = NULL;
char* debugconf = NULL;
const char* root_anchor_file = ROOT_ANCHOR_FILE;
const char* root_cert_file = ROOT_CERT_FILE;
const char* urlname = URLNAME;
const char* xmlname = XMLNAME;
const char* p7sname = P7SNAME;
const char* p7signer = P7SIGNER;
const char* res_conf = NULL;
const char* root_hints = NULL;
const char* debugconf = NULL;
int dolist=0, ip4only=0, ip6only=0, force=0, port = HTTPS_PORT;
/* parse the options */
while( (c=getopt(argc, argv, "46C:FP:a:c:f:hln:r:s:u:vx:")) != -1) {

7
smallapp/unbound-control-setup.sh
View file

@ -36,7 +36,8 @@
# settings:
# directory for files
DESTDIR=/usr/local/etc/unbound
prefix=/usr/local
DESTDIR=${prefix}/etc/unbound
# issuer and subject name for certificates
SERVERNAME=unbound
@ -57,8 +58,8 @@ SVR_BASE=unbound_server
# base name for unbound-control keys
CTL_BASE=unbound_control
# we want -rw-r--- access (say you run this as root: grp=yes (server), all=no).
umask 0026
# we want -rw-r----- access (say you run this as root: grp=yes (server), all=no).
umask 0027
# end of options

163
smallapp/unbound-control-setup.sh.in Normal file
View file

@ -0,0 +1,163 @@
#!/bin/sh
#
# unbound-control-setup.sh - set up SSL certificates for unbound-control
#
# Copyright (c) 2008, NLnet Labs. All rights reserved.
#
# This software is open source.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
#
# Redistributions of source code must retain the above copyright notice,
# this list of conditions and the following disclaimer.
#
# Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# Neither the name of the NLNET LABS nor the names of its contributors may
# be used to endorse or promote products derived from this software without
# specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
# TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
# PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
# LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
# NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
# SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# settings:
# directory for files
prefix=@prefix@
DESTDIR=@sysconfdir@/unbound
# issuer and subject name for certificates
SERVERNAME=unbound
CLIENTNAME=unbound-control
# validity period for certificates
DAYS=7200
# size of keys in bits
BITS=1536
# hash algorithm
HASH=sha256
# base name for unbound server keys
SVR_BASE=unbound_server
# base name for unbound-control keys
CTL_BASE=unbound_control
# we want -rw-r----- access (say you run this as root: grp=yes (server), all=no).
umask 0027
# end of options
# functions:
error ( ) {
echo "$0 fatal error: $1"
exit 1
}
# check arguments:
while test $# -ne 0; do
case $1 in
-d)
if test $# -eq 1; then error "need argument for -d"; fi
DESTDIR="$2"
shift
;;
*)
echo "unbound-control-setup.sh - setup SSL keys for unbound-control"
echo " -d dir use directory to store keys and certificates."
echo " default: $DESTDIR"
echo "please run this command using the same user id that the "
echo "unbound daemon uses, it needs read privileges."
exit 1
;;
esac
shift
done
# go!:
echo "setup in directory $DESTDIR"
cd "$DESTDIR" || error "could not cd to $DESTDIR"
# create certificate keys; do not recreate if they already exist.
if test -f $SVR_BASE.key; then
echo "$SVR_BASE.key exists"
else
echo "generating $SVR_BASE.key"
openssl genrsa -out $SVR_BASE.key $BITS || error "could not genrsa"
fi
if test -f $CTL_BASE.key; then
echo "$CTL_BASE.key exists"
else
echo "generating $CTL_BASE.key"
openssl genrsa -out $CTL_BASE.key $BITS || error "could not genrsa"
fi
# create self-signed cert for server
cat >request.cfg <<EOF
[req]
default_bits=$BITS
default_md=$HASH
prompt=no
distinguished_name=req_distinguished_name
[req_distinguished_name]
commonName=$SERVERNAME
EOF
test -f request.cfg || error "could not create request.cfg"
echo "create $SVR_BASE.pem (self signed certificate)"
openssl req -key $SVR_BASE.key -config request.cfg -new -x509 -days $DAYS -out $SVR_BASE.pem || error "could not create $SVR_BASE.pem"
# create trusted usage pem
openssl x509 -in $SVR_BASE.pem -addtrust serverAuth -out $SVR_BASE"_trust.pem"
# create client request and sign it, piped
cat >request.cfg <<EOF
[req]
default_bits=$BITS
default_md=$HASH
prompt=no
distinguished_name=req_distinguished_name
[req_distinguished_name]
commonName=$CLIENTNAME
EOF
test -f request.cfg || error "could not create request.cfg"
echo "create $CTL_BASE.pem (signed client certificate)"
openssl req -key $CTL_BASE.key -config request.cfg -new | openssl x509 -req -days $DAYS -CA $SVR_BASE"_trust.pem" -CAkey $SVR_BASE.key -CAcreateserial -$HASH -out $CTL_BASE.pem
test -f $CTL_BASE.pem || error "could not create $CTL_BASE.pem"
# create trusted usage pem
# openssl x509 -in $CTL_BASE.pem -addtrust clientAuth -out $CTL_BASE"_trust.pem"
# see details with openssl x509 -noout -text < $SVR_BASE.pem
# echo "create $CTL_BASE""_browser.pfx (web client certificate)"
# echo "create webbrowser PKCS#12 .PFX certificate file. In Firefox import in:"
# echo "preferences - advanced - encryption - view certificates - your certs"
# echo "empty password is used, simply click OK on the password dialog box."
# openssl pkcs12 -export -in $CTL_BASE"_trust.pem" -inkey $CTL_BASE.key -name "unbound remote control client cert" -out $CTL_BASE"_browser.pfx" -password "pass:" || error "could not create browser certificate"
# remove unused permissions
chmod o-rw $SVR_BASE.pem $SVR_BASE.key $CTL_BASE.pem $CTL_BASE.key
# remove crap
rm -f request.cfg
rm -f $CTL_BASE"_trust.pem" $SVR_BASE"_trust.pem" $SVR_BASE"_trust.srl"
echo "Setup success. Certificates created. Enable in unbound.conf file to use"
exit 0

15
smallapp/worker_cb.c
View file

@ -41,12 +41,11 @@
* linked into the resulting program.
*/
#include "config.h"
#include "libunbound/context.h"
#include "libunbound/worker.h"
#include "util/fptr_wlist.h"
#include "util/log.h"
#include "services/mesh.h"
struct comm_reply;
struct comm_point;
struct module_qstate;
struct tube;
void worker_handle_control_cmd(struct tube* ATTR_UNUSED(tube),
uint8_t* ATTR_UNUSED(buffer), size_t ATTR_UNUSED(len),
@ -103,9 +102,10 @@ void worker_sighandler(int ATTR_UNUSED(sig), void* ATTR_UNUSED(arg))
struct outbound_entry* worker_send_query(uint8_t* ATTR_UNUSED(qname),
size_t ATTR_UNUSED(qnamelen), uint16_t ATTR_UNUSED(qtype),
uint16_t ATTR_UNUSED(qclass), uint16_t ATTR_UNUSED(flags),
int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec),
int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec),
struct sockaddr_storage* ATTR_UNUSED(addr),
socklen_t ATTR_UNUSED(addrlen), struct module_qstate* ATTR_UNUSED(q))
socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone),
size_t ATTR_UNUSED(zonelen), struct module_qstate* ATTR_UNUSED(q))
{
log_assert(0);
return 0;
@ -136,7 +136,8 @@ struct outbound_entry* libworker_send_query(uint8_t* ATTR_UNUSED(qname),
uint16_t ATTR_UNUSED(qclass), uint16_t ATTR_UNUSED(flags),
int ATTR_UNUSED(dnssec), int ATTR_UNUSED(want_dnssec),
struct sockaddr_storage* ATTR_UNUSED(addr),
socklen_t ATTR_UNUSED(addrlen), struct module_qstate* ATTR_UNUSED(q))
socklen_t ATTR_UNUSED(addrlen), uint8_t* ATTR_UNUSED(zone),
size_t ATTR_UNUSED(zonelen), struct module_qstate* ATTR_UNUSED(q))
{
log_assert(0);
return 0;

12
util/config_file.c
View file

@ -63,18 +63,6 @@
/** global config during parsing */
struct config_parser_state* cfg_parser = 0;
/** lex in file */
extern FILE* ub_c_in;
/** lex out file */
extern FILE* ub_c_out;
/** the yacc lex generated parse function */
int ub_c_parse(void);
/** the lexer function */
int ub_c_lex(void);
/** wrap function */
int ub_c_wrap(void);
/** init lex state */
void init_cfg_parse(void);
/** init ports possible for use */
static void init_outgoing_availports(int* array, int num);

12
util/config_file.h
View file

@ -641,6 +641,18 @@ struct config_parser_state {
/** global config parser object used during config parsing */
extern struct config_parser_state* cfg_parser;
/** init lex state */
void init_cfg_parse(void);
/** lex in file */
extern FILE* ub_c_in;
/** lex out file */
extern FILE* ub_c_out;
/** the yacc lex generated parse function */
int ub_c_parse(void);
/** the lexer function */
int ub_c_lex(void);
/** wrap function */
int ub_c_wrap(void);
/** parsing helpers: print error with file and line numbers */
void ub_c_error(const char* msg);
/** parsing helpers: print error with file and line numbers */

3
util/fptr_wlist.c
View file

@ -46,8 +46,6 @@
#include "config.h"
#include "util/fptr_wlist.h"
#include "util/mini_event.h"
#include "daemon/worker.h"
#include "daemon/remote.h"
#include "services/outside_network.h"
#include "services/mesh.h"
#include "services/localzone.h"
@ -69,6 +67,7 @@
#include "util/locks.h"
#include "libunbound/libworker.h"
#include "libunbound/context.h"
#include "libunbound/worker.h"
#include "util/tube.h"
#include "util/config_file.h"
#ifdef UB_ON_WINDOWS