mirror of
https://github.com/NLnetLabs/unbound.git
synced 2025-12-24 00:29:58 -05:00
- Fix that first control-interface determines if TLS is used. Warn
when IP address interfaces are used without TLS. git-svn-id: file:///svn/unbound/trunk@4730 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards
parent
12251022ec
commit
9cb404ba5f
8 changed files with 35 additions and 24 deletions
|
|
@ -215,8 +215,13 @@ daemon_remote_create(struct config_file* cfg)
|
||||||
}
|
}
|
||||||
rc->use_cert = 1;
|
rc->use_cert = 1;
|
||||||
} else {
|
} else {
|
||||||
|
struct config_strlist* p;
|
||||||
rc->ctx = NULL;
|
rc->ctx = NULL;
|
||||||
rc->use_cert = 0;
|
rc->use_cert = 0;
|
||||||
|
for(p = cfg->control_ifs.first; p; p = p->next) {
|
||||||
|
if(p->str && p->str[0] != '/')
|
||||||
|
log_warn("control-interface %s is not using TLS, but plain transfer, because first control-interface in config file is a local socket (starts with a /).", p->str);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
return rc;
|
return rc;
|
||||||
}
|
}
|
||||||
|
|
@ -358,9 +363,9 @@ struct listen_port* daemon_remote_open_ports(struct config_file* cfg)
|
||||||
{
|
{
|
||||||
struct listen_port* l = NULL;
|
struct listen_port* l = NULL;
|
||||||
log_assert(cfg->remote_control_enable && cfg->control_port);
|
log_assert(cfg->remote_control_enable && cfg->control_port);
|
||||||
if(cfg->control_ifs) {
|
if(cfg->control_ifs.first) {
|
||||||
struct config_strlist* p;
|
struct config_strlist* p;
|
||||||
for(p = cfg->control_ifs; p; p = p->next) {
|
for(p = cfg->control_ifs.first; p; p = p->next) {
|
||||||
if(!add_open(p->str, cfg->control_port, &l, 1, cfg)) {
|
if(!add_open(p->str, cfg->control_port, &l, 1, cfg)) {
|
||||||
listening_ports_free(l);
|
listening_ports_free(l);
|
||||||
return NULL;
|
return NULL;
|
||||||
|
|
|
||||||
|
|
@ -1,6 +1,8 @@
|
||||||
14 June 2018: Wouter
|
14 June 2018: Wouter
|
||||||
- #4103: Fix that auth-zone does not insist on SOA record first in
|
- #4103: Fix that auth-zone does not insist on SOA record first in
|
||||||
file for url downloads.
|
file for url downloads.
|
||||||
|
- Fix that first control-interface determines if TLS is used. Warn
|
||||||
|
when IP address interfaces are used without TLS.
|
||||||
|
|
||||||
12 June 2018: Ralph
|
12 June 2018: Ralph
|
||||||
- Don't count CNAME response types received during qname minimisation as
|
- Don't count CNAME response types received during qname minimisation as
|
||||||
|
|
|
||||||
|
|
@ -883,7 +883,7 @@ struct config_file {
|
||||||
struct config_strlist* local_zones_nodefault;
|
struct config_strlist* local_zones_nodefault;
|
||||||
struct config_strlist* local_data;
|
struct config_strlist* local_data;
|
||||||
int remote_control_enable;
|
int remote_control_enable;
|
||||||
struct config_strlist* control_ifs;
|
struct config_strlist_head control_ifs;
|
||||||
int control_port;
|
int control_port;
|
||||||
char* server_key_file;
|
char* server_key_file;
|
||||||
char* server_cert_file;
|
char* server_cert_file;
|
||||||
|
|
|
||||||
|
|
@ -491,8 +491,8 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd)
|
||||||
int fd, useport = 1;
|
int fd, useport = 1;
|
||||||
/* use svr or the first config entry */
|
/* use svr or the first config entry */
|
||||||
if(!svr) {
|
if(!svr) {
|
||||||
if(cfg->control_ifs) {
|
if(cfg->control_ifs.first) {
|
||||||
svr = cfg->control_ifs->str;
|
svr = cfg->control_ifs.first->str;
|
||||||
} else if(cfg->do_ip4) {
|
} else if(cfg->do_ip4) {
|
||||||
svr = "127.0.0.1";
|
svr = "127.0.0.1";
|
||||||
} else {
|
} else {
|
||||||
|
|
|
||||||
|
|
@ -244,7 +244,8 @@ config_create(void)
|
||||||
cfg->insecure_lan_zones = 0;
|
cfg->insecure_lan_zones = 0;
|
||||||
cfg->python_script = NULL;
|
cfg->python_script = NULL;
|
||||||
cfg->remote_control_enable = 0;
|
cfg->remote_control_enable = 0;
|
||||||
cfg->control_ifs = NULL;
|
cfg->control_ifs.first = NULL;
|
||||||
|
cfg->control_ifs.last = NULL;
|
||||||
cfg->control_port = UNBOUND_CONTROL_PORT;
|
cfg->control_port = UNBOUND_CONTROL_PORT;
|
||||||
cfg->minimal_responses = 0;
|
cfg->minimal_responses = 0;
|
||||||
cfg->rrset_roundrobin = 0;
|
cfg->rrset_roundrobin = 0;
|
||||||
|
|
@ -385,6 +386,9 @@ struct config_file* config_create_forlib(void)
|
||||||
#define S_STRLIST_UNIQ(str, var) if(strcmp(opt, str)==0) \
|
#define S_STRLIST_UNIQ(str, var) if(strcmp(opt, str)==0) \
|
||||||
{ if(cfg_strlist_find(cfg->var, val)) { return 0;} \
|
{ if(cfg_strlist_find(cfg->var, val)) { return 0;} \
|
||||||
return cfg_strlist_insert(&cfg->var, strdup(val)); }
|
return cfg_strlist_insert(&cfg->var, strdup(val)); }
|
||||||
|
/** append string to strlist */
|
||||||
|
#define S_STRLIST_APPEND(str, var) if(strcmp(opt, str)==0) \
|
||||||
|
{ return cfg_strlist_append(&cfg->var, strdup(val)); }
|
||||||
|
|
||||||
int config_set_option(struct config_file* cfg, const char* opt,
|
int config_set_option(struct config_file* cfg, const char* opt,
|
||||||
const char* val)
|
const char* val)
|
||||||
|
|
@ -555,7 +559,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
||||||
else S_YNO("unblock-lan-zones:", unblock_lan_zones)
|
else S_YNO("unblock-lan-zones:", unblock_lan_zones)
|
||||||
else S_YNO("insecure-lan-zones:", insecure_lan_zones)
|
else S_YNO("insecure-lan-zones:", insecure_lan_zones)
|
||||||
else S_YNO("control-enable:", remote_control_enable)
|
else S_YNO("control-enable:", remote_control_enable)
|
||||||
else S_STRLIST("control-interface:", control_ifs)
|
else S_STRLIST_APPEND("control-interface:", control_ifs)
|
||||||
else S_NUMBER_NONZERO("control-port:", control_port)
|
else S_NUMBER_NONZERO("control-port:", control_port)
|
||||||
else S_STR("server-key-file:", server_key_file)
|
else S_STR("server-key-file:", server_key_file)
|
||||||
else S_STR("server-cert-file:", server_cert_file)
|
else S_STR("server-cert-file:", server_cert_file)
|
||||||
|
|
@ -941,7 +945,7 @@ config_get_option(struct config_file* cfg, const char* opt,
|
||||||
else O_YNO(opt, "trust-anchor-signaling", trust_anchor_signaling)
|
else O_YNO(opt, "trust-anchor-signaling", trust_anchor_signaling)
|
||||||
else O_YNO(opt, "root-key-sentinel", root_key_sentinel)
|
else O_YNO(opt, "root-key-sentinel", root_key_sentinel)
|
||||||
else O_LST(opt, "dlv-anchor", dlv_anchor_list)
|
else O_LST(opt, "dlv-anchor", dlv_anchor_list)
|
||||||
else O_LST(opt, "control-interface", control_ifs)
|
else O_LST(opt, "control-interface", control_ifs.first)
|
||||||
else O_LST(opt, "domain-insecure", domain_insecure)
|
else O_LST(opt, "domain-insecure", domain_insecure)
|
||||||
else O_UNS(opt, "val-override-date", val_date_override)
|
else O_UNS(opt, "val-override-date", val_date_override)
|
||||||
else O_YNO(opt, "minimal-responses", minimal_responses)
|
else O_YNO(opt, "minimal-responses", minimal_responses)
|
||||||
|
|
@ -1344,7 +1348,7 @@ config_delete(struct config_file* cfg)
|
||||||
config_del_strbytelist(cfg->respip_tags);
|
config_del_strbytelist(cfg->respip_tags);
|
||||||
config_deltrplstrlist(cfg->acl_tag_actions);
|
config_deltrplstrlist(cfg->acl_tag_actions);
|
||||||
config_deltrplstrlist(cfg->acl_tag_datas);
|
config_deltrplstrlist(cfg->acl_tag_datas);
|
||||||
config_delstrlist(cfg->control_ifs);
|
config_delstrlist(cfg->control_ifs.first);
|
||||||
free(cfg->server_key_file);
|
free(cfg->server_key_file);
|
||||||
free(cfg->server_cert_file);
|
free(cfg->server_cert_file);
|
||||||
free(cfg->control_key_file);
|
free(cfg->control_key_file);
|
||||||
|
|
@ -2268,8 +2272,8 @@ void errinf_dname(struct module_qstate* qstate, const char* str, uint8_t* dname)
|
||||||
int options_remote_is_address(struct config_file* cfg)
|
int options_remote_is_address(struct config_file* cfg)
|
||||||
{
|
{
|
||||||
if(!cfg->remote_control_enable) return 0;
|
if(!cfg->remote_control_enable) return 0;
|
||||||
if(!cfg->control_ifs) return 1;
|
if(!cfg->control_ifs.first) return 1;
|
||||||
if(!cfg->control_ifs->str) return 1;
|
if(!cfg->control_ifs.first->str) return 1;
|
||||||
if(cfg->control_ifs->str[0] == 0) return 1;
|
if(cfg->control_ifs.first->str[0] == 0) return 1;
|
||||||
return (cfg->control_ifs->str[0] != '/');
|
return (cfg->control_ifs.first->str[0] != '/');
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -53,6 +53,14 @@ struct sock_list;
|
||||||
struct ub_packed_rrset_key;
|
struct ub_packed_rrset_key;
|
||||||
struct regional;
|
struct regional;
|
||||||
|
|
||||||
|
/** List head for strlist processing, used for append operation. */
|
||||||
|
struct config_strlist_head {
|
||||||
|
/** first in list of text items */
|
||||||
|
struct config_strlist* first;
|
||||||
|
/** last in list of text items */
|
||||||
|
struct config_strlist* last;
|
||||||
|
};
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* The configuration options.
|
* The configuration options.
|
||||||
* Strings are malloced.
|
* Strings are malloced.
|
||||||
|
|
@ -374,7 +382,7 @@ struct config_file {
|
||||||
/** remote control section. enable toggle. */
|
/** remote control section. enable toggle. */
|
||||||
int remote_control_enable;
|
int remote_control_enable;
|
||||||
/** the interfaces the remote control should listen on */
|
/** the interfaces the remote control should listen on */
|
||||||
struct config_strlist* control_ifs;
|
struct config_strlist_head control_ifs;
|
||||||
/** port number for the control port */
|
/** port number for the control port */
|
||||||
int control_port;
|
int control_port;
|
||||||
/** private key file for server */
|
/** private key file for server */
|
||||||
|
|
@ -651,14 +659,6 @@ struct config_strbytelist {
|
||||||
size_t str2len;
|
size_t str2len;
|
||||||
};
|
};
|
||||||
|
|
||||||
/** List head for strlist processing, used for append operation. */
|
|
||||||
struct config_strlist_head {
|
|
||||||
/** first in list of text items */
|
|
||||||
struct config_strlist* first;
|
|
||||||
/** last in list of text items */
|
|
||||||
struct config_strlist* last;
|
|
||||||
};
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Create config file structure. Filled with default values.
|
* Create config file structure. Filled with default values.
|
||||||
* @return: the new structure or NULL on memory error.
|
* @return: the new structure or NULL on memory error.
|
||||||
|
|
|
||||||
|
|
@ -5072,7 +5072,7 @@ yyreduce:
|
||||||
#line 2288 "./util/configparser.y" /* yacc.c:1646 */
|
#line 2288 "./util/configparser.y" /* yacc.c:1646 */
|
||||||
{
|
{
|
||||||
OUTYY(("P(control_interface:%s)\n", (yyvsp[0].str)));
|
OUTYY(("P(control_interface:%s)\n", (yyvsp[0].str)));
|
||||||
if(!cfg_strlist_insert(&cfg_parser->cfg->control_ifs, (yyvsp[0].str)))
|
if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, (yyvsp[0].str)))
|
||||||
yyerror("out of memory");
|
yyerror("out of memory");
|
||||||
}
|
}
|
||||||
#line 5079 "util/configparser.c" /* yacc.c:1646 */
|
#line 5079 "util/configparser.c" /* yacc.c:1646 */
|
||||||
|
|
|
||||||
|
|
@ -2287,7 +2287,7 @@ rc_control_port: VAR_CONTROL_PORT STRING_ARG
|
||||||
rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG
|
rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG
|
||||||
{
|
{
|
||||||
OUTYY(("P(control_interface:%s)\n", $2));
|
OUTYY(("P(control_interface:%s)\n", $2));
|
||||||
if(!cfg_strlist_insert(&cfg_parser->cfg->control_ifs, $2))
|
if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, $2))
|
||||||
yyerror("out of memory");
|
yyerror("out of memory");
|
||||||
}
|
}
|
||||||
;
|
;
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue