mirror of
https://github.com/NLnetLabs/unbound.git
synced 2025-12-20 23:00:56 -05:00
- Fix that first control-interface determines if TLS is used. Warn
when IP address interfaces are used without TLS. git-svn-id: file:///svn/unbound/trunk@4730 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards
parent
12251022ec
commit
9cb404ba5f
8 changed files with 35 additions and 24 deletions
|
|
@ -215,8 +215,13 @@ daemon_remote_create(struct config_file* cfg)
|
|||
}
|
||||
rc->use_cert = 1;
|
||||
} else {
|
||||
struct config_strlist* p;
|
||||
rc->ctx = NULL;
|
||||
rc->use_cert = 0;
|
||||
for(p = cfg->control_ifs.first; p; p = p->next) {
|
||||
if(p->str && p->str[0] != '/')
|
||||
log_warn("control-interface %s is not using TLS, but plain transfer, because first control-interface in config file is a local socket (starts with a /).", p->str);
|
||||
}
|
||||
}
|
||||
return rc;
|
||||
}
|
||||
|
|
@ -358,9 +363,9 @@ struct listen_port* daemon_remote_open_ports(struct config_file* cfg)
|
|||
{
|
||||
struct listen_port* l = NULL;
|
||||
log_assert(cfg->remote_control_enable && cfg->control_port);
|
||||
if(cfg->control_ifs) {
|
||||
if(cfg->control_ifs.first) {
|
||||
struct config_strlist* p;
|
||||
for(p = cfg->control_ifs; p; p = p->next) {
|
||||
for(p = cfg->control_ifs.first; p; p = p->next) {
|
||||
if(!add_open(p->str, cfg->control_port, &l, 1, cfg)) {
|
||||
listening_ports_free(l);
|
||||
return NULL;
|
||||
|
|
|
|||
|
|
@ -1,6 +1,8 @@
|
|||
14 June 2018: Wouter
|
||||
- #4103: Fix that auth-zone does not insist on SOA record first in
|
||||
file for url downloads.
|
||||
- Fix that first control-interface determines if TLS is used. Warn
|
||||
when IP address interfaces are used without TLS.
|
||||
|
||||
12 June 2018: Ralph
|
||||
- Don't count CNAME response types received during qname minimisation as
|
||||
|
|
|
|||
|
|
@ -883,7 +883,7 @@ struct config_file {
|
|||
struct config_strlist* local_zones_nodefault;
|
||||
struct config_strlist* local_data;
|
||||
int remote_control_enable;
|
||||
struct config_strlist* control_ifs;
|
||||
struct config_strlist_head control_ifs;
|
||||
int control_port;
|
||||
char* server_key_file;
|
||||
char* server_cert_file;
|
||||
|
|
|
|||
|
|
@ -491,8 +491,8 @@ contact_server(const char* svr, struct config_file* cfg, int statuscmd)
|
|||
int fd, useport = 1;
|
||||
/* use svr or the first config entry */
|
||||
if(!svr) {
|
||||
if(cfg->control_ifs) {
|
||||
svr = cfg->control_ifs->str;
|
||||
if(cfg->control_ifs.first) {
|
||||
svr = cfg->control_ifs.first->str;
|
||||
} else if(cfg->do_ip4) {
|
||||
svr = "127.0.0.1";
|
||||
} else {
|
||||
|
|
|
|||
|
|
@ -244,7 +244,8 @@ config_create(void)
|
|||
cfg->insecure_lan_zones = 0;
|
||||
cfg->python_script = NULL;
|
||||
cfg->remote_control_enable = 0;
|
||||
cfg->control_ifs = NULL;
|
||||
cfg->control_ifs.first = NULL;
|
||||
cfg->control_ifs.last = NULL;
|
||||
cfg->control_port = UNBOUND_CONTROL_PORT;
|
||||
cfg->minimal_responses = 0;
|
||||
cfg->rrset_roundrobin = 0;
|
||||
|
|
@ -385,6 +386,9 @@ struct config_file* config_create_forlib(void)
|
|||
#define S_STRLIST_UNIQ(str, var) if(strcmp(opt, str)==0) \
|
||||
{ if(cfg_strlist_find(cfg->var, val)) { return 0;} \
|
||||
return cfg_strlist_insert(&cfg->var, strdup(val)); }
|
||||
/** append string to strlist */
|
||||
#define S_STRLIST_APPEND(str, var) if(strcmp(opt, str)==0) \
|
||||
{ return cfg_strlist_append(&cfg->var, strdup(val)); }
|
||||
|
||||
int config_set_option(struct config_file* cfg, const char* opt,
|
||||
const char* val)
|
||||
|
|
@ -555,7 +559,7 @@ int config_set_option(struct config_file* cfg, const char* opt,
|
|||
else S_YNO("unblock-lan-zones:", unblock_lan_zones)
|
||||
else S_YNO("insecure-lan-zones:", insecure_lan_zones)
|
||||
else S_YNO("control-enable:", remote_control_enable)
|
||||
else S_STRLIST("control-interface:", control_ifs)
|
||||
else S_STRLIST_APPEND("control-interface:", control_ifs)
|
||||
else S_NUMBER_NONZERO("control-port:", control_port)
|
||||
else S_STR("server-key-file:", server_key_file)
|
||||
else S_STR("server-cert-file:", server_cert_file)
|
||||
|
|
@ -941,7 +945,7 @@ config_get_option(struct config_file* cfg, const char* opt,
|
|||
else O_YNO(opt, "trust-anchor-signaling", trust_anchor_signaling)
|
||||
else O_YNO(opt, "root-key-sentinel", root_key_sentinel)
|
||||
else O_LST(opt, "dlv-anchor", dlv_anchor_list)
|
||||
else O_LST(opt, "control-interface", control_ifs)
|
||||
else O_LST(opt, "control-interface", control_ifs.first)
|
||||
else O_LST(opt, "domain-insecure", domain_insecure)
|
||||
else O_UNS(opt, "val-override-date", val_date_override)
|
||||
else O_YNO(opt, "minimal-responses", minimal_responses)
|
||||
|
|
@ -1344,7 +1348,7 @@ config_delete(struct config_file* cfg)
|
|||
config_del_strbytelist(cfg->respip_tags);
|
||||
config_deltrplstrlist(cfg->acl_tag_actions);
|
||||
config_deltrplstrlist(cfg->acl_tag_datas);
|
||||
config_delstrlist(cfg->control_ifs);
|
||||
config_delstrlist(cfg->control_ifs.first);
|
||||
free(cfg->server_key_file);
|
||||
free(cfg->server_cert_file);
|
||||
free(cfg->control_key_file);
|
||||
|
|
@ -2268,8 +2272,8 @@ void errinf_dname(struct module_qstate* qstate, const char* str, uint8_t* dname)
|
|||
int options_remote_is_address(struct config_file* cfg)
|
||||
{
|
||||
if(!cfg->remote_control_enable) return 0;
|
||||
if(!cfg->control_ifs) return 1;
|
||||
if(!cfg->control_ifs->str) return 1;
|
||||
if(cfg->control_ifs->str[0] == 0) return 1;
|
||||
return (cfg->control_ifs->str[0] != '/');
|
||||
if(!cfg->control_ifs.first) return 1;
|
||||
if(!cfg->control_ifs.first->str) return 1;
|
||||
if(cfg->control_ifs.first->str[0] == 0) return 1;
|
||||
return (cfg->control_ifs.first->str[0] != '/');
|
||||
}
|
||||
|
|
|
|||
|
|
@ -53,6 +53,14 @@ struct sock_list;
|
|||
struct ub_packed_rrset_key;
|
||||
struct regional;
|
||||
|
||||
/** List head for strlist processing, used for append operation. */
|
||||
struct config_strlist_head {
|
||||
/** first in list of text items */
|
||||
struct config_strlist* first;
|
||||
/** last in list of text items */
|
||||
struct config_strlist* last;
|
||||
};
|
||||
|
||||
/**
|
||||
* The configuration options.
|
||||
* Strings are malloced.
|
||||
|
|
@ -374,7 +382,7 @@ struct config_file {
|
|||
/** remote control section. enable toggle. */
|
||||
int remote_control_enable;
|
||||
/** the interfaces the remote control should listen on */
|
||||
struct config_strlist* control_ifs;
|
||||
struct config_strlist_head control_ifs;
|
||||
/** port number for the control port */
|
||||
int control_port;
|
||||
/** private key file for server */
|
||||
|
|
@ -651,14 +659,6 @@ struct config_strbytelist {
|
|||
size_t str2len;
|
||||
};
|
||||
|
||||
/** List head for strlist processing, used for append operation. */
|
||||
struct config_strlist_head {
|
||||
/** first in list of text items */
|
||||
struct config_strlist* first;
|
||||
/** last in list of text items */
|
||||
struct config_strlist* last;
|
||||
};
|
||||
|
||||
/**
|
||||
* Create config file structure. Filled with default values.
|
||||
* @return: the new structure or NULL on memory error.
|
||||
|
|
|
|||
|
|
@ -5072,7 +5072,7 @@ yyreduce:
|
|||
#line 2288 "./util/configparser.y" /* yacc.c:1646 */
|
||||
{
|
||||
OUTYY(("P(control_interface:%s)\n", (yyvsp[0].str)));
|
||||
if(!cfg_strlist_insert(&cfg_parser->cfg->control_ifs, (yyvsp[0].str)))
|
||||
if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, (yyvsp[0].str)))
|
||||
yyerror("out of memory");
|
||||
}
|
||||
#line 5079 "util/configparser.c" /* yacc.c:1646 */
|
||||
|
|
|
|||
|
|
@ -2287,7 +2287,7 @@ rc_control_port: VAR_CONTROL_PORT STRING_ARG
|
|||
rc_control_interface: VAR_CONTROL_INTERFACE STRING_ARG
|
||||
{
|
||||
OUTYY(("P(control_interface:%s)\n", $2));
|
||||
if(!cfg_strlist_insert(&cfg_parser->cfg->control_ifs, $2))
|
||||
if(!cfg_strlist_append(&cfg_parser->cfg->control_ifs, $2))
|
||||
yyerror("out of memory");
|
||||
}
|
||||
;
|
||||
|
|
|
|||
Loading…
Reference in a new issue