New config options.

git-svn-id: file:///svn/unbound/trunk@138 be551aaa-1e26-0410-a405-d3ace91eadb9

daemon/worker.c

@@ -240,8 +240,9 @@ worker_init(struct config_file *cfg, struct listen_port* ports,
 		return NULL;
 	}
 	worker->back = outside_network_create(worker->base,
-		buffer_size, (size_t)cfg->outgoing_num_ports, NULL, 0, 
+		buffer_size, (size_t)cfg->outgoing_num_ports, cfg->ifs, 
-		cfg->do_ip4, cfg->do_ip6, cfg->outgoing_base_port);
+		cfg->num_ifs, cfg->do_ip4, cfg->do_ip6, 
+		cfg->outgoing_base_port);
 	if(!worker->back) {
 		log_err("could not create outgoing sockets");
 		worker_delete(worker);

doc/Changelog

@@ -3,6 +3,7 @@
 	  except the listening ports. Then the config file is reread.
 	  And everything is started again (and listening ports if needed).
 	- Ports for queries are shared.
+	- config file added interface:, chroot: and username:.
 
 22 February 2007: Wouter
 	- Have a config file. Removed commandline options, moved to config.

doc/example.conf

@@ -18,6 +18,10 @@ server:
 	# number of threads to create. 1 disables threading.
 	# num-threads: 1
 
+	# specify the interfaces to answer queries from by ip-address.
+	# If you give none the default (all) interface is used.
+	# interface: 127.0.0.1
+
 	# port to answer queries from
 	# port: 53
 
@@ -52,3 +56,9 @@ server:
 	# The port number to send forwarded queries to.
 	# forward-to-port: 53
 
+	# if given, a chroot(2) is done to the given directory.
+	# chroot: "/some/directory"
+
+	# if given, user privileges are dropped (after binding port),
+	# and the given username is assumed. Default is nothing "".
+	# username: "unbound"

doc/unbound.conf.5

@@ -49,6 +49,9 @@ output per query. Level 3 gives algorithm level information.
 The number of threads to create to serve clients. Use 1 for no threading.
 .It \fBport:\fR <port number>
 The port number, default 53, on which the server responds to queries.
+.It \fBinterface:\fR <ip address>
+Interface to use to connect to the network. Can be given multiple times to
+work on several interfaces. If none are given the default (all) is used.
 .It \fBoutgoing-port:\fR <port number>
 The starting port number where the outgoing query port range is allocated.
 Default is 1053.
@@ -71,6 +74,14 @@ The ip address is used to forward all DNS queries to.
 .It \fBforward-to-port:\fR <port number>
 The port on which the remote server is running that answers forwarded queries.
 Default is 53.
+.It \fBchroot:\fR <directory>
+If given a chroot is done to the given directory. The default is none ("").
+.It \fBusername:\fR <name>
+If given, after binding the port the user privileges are dropped. Default is
+not to change user, username: "". If this user is not capable of binding the
+port, reloads (by signal HUP) will work, however, if you change the port
+number in the config file, and that port number requires privileges, then
+a reload will fail to bind to the new port number; a restart is needed.
 
 .Sh FILES
 .Bl -tag -width indent

services/outside_network.c

@@ -229,7 +229,7 @@ make_udp_range(struct comm_point** coms, const char* ifname,
 
 /** calculate number of ip4 and ip6 interfaces, times multiplier. */
 static void 
-calc_num46(const char** ifs, int num_ifs, int do_ip4, int do_ip6, 
+calc_num46(char** ifs, int num_ifs, int do_ip4, int do_ip6, 
 	size_t multiplier, size_t* num_ip4, size_t* num_ip6)
 {
 	int i;
@@ -268,7 +268,7 @@ pending_udp_timer_cb(void *arg)
 
 struct outside_network* 
 outside_network_create(struct comm_base *base, size_t bufsize, 
-	size_t num_ports, const char** ifs, int num_ifs, int do_ip4, 
+	size_t num_ports, char** ifs, int num_ifs, int do_ip4, 
 	int do_ip6, int port_base)
 {
 	struct outside_network* outnet = (struct outside_network*)

services/outside_network.h

@@ -119,7 +119,7 @@ struct pending {
  * @return: the new structure (with no pending answers) or NULL on error.
  */
 struct outside_network* outside_network_create(struct comm_base* base,
-	size_t bufsize, size_t num_ports, const char** ifs, int num_ifs,
+	size_t bufsize, size_t num_ports, char** ifs, int num_ifs,
 	int do_ip4, int do_ip6, int port_base);
 
 /**

testcode/fake_event.c

@@ -617,7 +617,7 @@ comm_point_drop_reply(struct comm_reply* repinfo)
 
 struct outside_network* 
 outside_network_create(struct comm_base* base, size_t bufsize, 
-	size_t ATTR_UNUSED(num_ports), const char** ATTR_UNUSED(ifs), 
+	size_t ATTR_UNUSED(num_ports), char** ATTR_UNUSED(ifs), 
 	int ATTR_UNUSED(num_ifs), int ATTR_UNUSED(do_ip4), 
 	int ATTR_UNUSED(do_ip6), int ATTR_UNUSED(port_base))
 {

util/config_file.c

@@ -140,6 +140,12 @@ config_delete(struct config_file* cfg)
 	free(cfg->fwd_address);
 	free(cfg->username);
 	free(cfg->chrootdir);
+	if(cfg->ifs) {
+		int i;
+		for(i=0; i<cfg->num_ifs; i++)
+			free(cfg->ifs[i]);
+		free(cfg->ifs);
+	}
 	free(cfg);
 }
 

util/configlexer.lex

@@ -108,6 +108,9 @@ do-udp{COLON}		{ LEXOUT(("v(%s) ", yytext)); return VAR_DO_UDP;}
 do-tcp{COLON}		{ LEXOUT(("v(%s) ", yytext)); return VAR_DO_TCP;}
 forward-to{COLON}	{ LEXOUT(("v(%s) ", yytext)); return VAR_FORWARD_TO;}
 forward-to-port{COLON}	{ LEXOUT(("v(%s) ", yytext)); return VAR_FORWARD_TO_PORT;}
+interface{COLON}	{ LEXOUT(("v(%s) ", yytext)); return VAR_INTERFACE;}
+chroot{COLON}		{ LEXOUT(("v(%s) ", yytext)); return VAR_CHROOT;}
+username{COLON}		{ LEXOUT(("v(%s) ", yytext)); return VAR_USERNAME;}
 {NEWLINE}		{ LEXOUT(("NL\n")); cfg_parser->line++;}
 
 	/* Quoted strings. Strip leading and ending quotes */
@@ -123,6 +126,8 @@ forward-to-port{COLON}	{ LEXOUT(("v(%s) ", yytext)); return VAR_FORWARD_TO_PORT;
         BEGIN(INITIAL);
         yytext[yyleng - 1] = '\0';
 	yylval.str = strdup(yytext);
+	if(!yylval.str)
+		yyerror("out of memory");
         return STRING;
 }
 

util/configparser.y

@@ -67,10 +67,10 @@ extern struct config_parser_state* cfg_parser;
 %token SPACE LETTER NEWLINE COMMENT COLON ANY ZONESTR
 %token <str> STRING
 %token VAR_SERVER VAR_VERBOSITY VAR_NUM_THREADS VAR_PORT
-%token VAR_OUTGOING_PORT VAR_OUTGOING_RANGE
+%token VAR_OUTGOING_PORT VAR_OUTGOING_RANGE VAR_INTERFACE
 %token VAR_DO_IP4 VAR_DO_IP6 VAR_DO_UDP VAR_DO_TCP
-%token VAR_FORWARD_TO VAR_FORWARD_TO_PORT
+%token VAR_FORWARD_TO VAR_FORWARD_TO_PORT VAR_CHROOT
-
+%token VAR_USERNAME
 
 %%
 toplevelvars: /* empty */ | toplevelvars toplevelvar ;
@@ -89,7 +89,8 @@ contents_server: contents_server content_server | ;
 content_server: server_num_threads | server_verbosity | server_port |
 	server_outgoing_port | server_outgoing_range | server_do_ip4 |
 	server_do_ip6 | server_do_udp | server_do_tcp | server_forward_to |
-	server_forward_to_port;
+	server_forward_to_port | server_interface | server_chroot | 
+	server_username;
 server_num_threads: VAR_NUM_THREADS STRING 
 	{ 
 		OUTYY(("P(server_num_threads:%s)\n", $2)); 
@@ -117,6 +118,19 @@ server_port: VAR_PORT STRING
 		free($2);
 	}
 	;
+server_interface: VAR_INTERFACE STRING
+	{
+		OUTYY(("P(server_interface:%s)\n", $2));
+		if(cfg_parser->cfg->num_ifs == 0)
+			cfg_parser->cfg->ifs = calloc(1, sizeof(char*));
+		else 	cfg_parser->cfg->ifs = realloc(cfg_parser->cfg->ifs,
+				(cfg_parser->cfg->num_ifs+1)*sizeof(char*));
+		if(!cfg_parser->cfg->ifs)
+			yyerror("out of memory");
+		else
+			cfg_parser->cfg->ifs[cfg_parser->cfg->num_ifs++] = $2;
+	}
+	;
 server_outgoing_port: VAR_OUTGOING_PORT STRING
 	{
 		OUTYY(("P(server_outgoing_port:%s)\n", $2));
@@ -187,6 +201,20 @@ server_forward_to_port: VAR_FORWARD_TO_PORT STRING
 		free($2);
 	}
 	;
+server_chroot: VAR_CHROOT STRING
+	{
+		OUTYY(("P(server_chroot:%s)\n", $2));
+		free(cfg_parser->cfg->chrootdir);
+		cfg_parser->cfg->chrootdir = $2;
+	}
+	;
+server_username: VAR_USERNAME STRING
+	{
+		OUTYY(("P(server_username:%s)\n", $2));
+		free(cfg_parser->cfg->username);
+		cfg_parser->cfg->username = $2;
+	}
+	;
 %%
 
 /* parse helper routines could be here */