- Contrib windows scripts from Yuri Voinov added to src/contrib:

create_unbound_ad_servers.cmd: enters anti-ad server lists.
  unbound_cache.cmd: saves and loads the cache.
- Added unbound-control-setup.cmd from Yuri Voinov to the windows
  unbound distribution set.  It requires openssl installed in %PATH%.


git-svn-id: file:///svn/unbound/trunk@3128 be551aaa-1e26-0410-a405-d3ace91eadb9

contrib/README

@@ -19,3 +19,6 @@ distribution but may be helpful.
 	Contributed by Ilya Bakulin, 2012-08-28.
 * patch_rsamd5_enable.diff: this patch enables RSAMD5 validation (otherwise
   it is treated as insecure).  The RSAMD5 algorithm is deprecated (RFC6725).
+* create_unbound_ad_servers.cmd: windows script to enter anti-ad server lists.
+* unbound_cache.cmd: windows script to save and load the cache.
+

contrib/create_unbound_ad_servers.cmd

@@ -0,0 +1,36 @@
+@Echo off
+rem Convert the Yoyo.org anti-ad server listing
+rem into an unbound dns spoof redirection list.
+rem Written by Y.Voinov (c) 2014
+
+rem Note: Wget required!
+
+rem Variables
+set prefix="C:\Program Files (x86)"
+set dst_dir=%prefix%\Unbound
+set work_dir=%TEMP%
+set list_addr="http://pgl.yoyo.org/adservers/serverlist.php?hostformat=nohtml&showintro=1&startdate%5Bday%5D=&startdate%5Bmonth%5D=&startdate%5Byear%5D="
+
+rem Check Wget installed
+for /f "delims=" %%a in ('where wget') do @set wget="%%a"
+if /I %wget% == "" (
+echo Wget not found. If installed, add path to PATH environment variable.
+exit 1
+)
+echo Wget found: %wget%
+
+%wget% -O %work_dir%\yoyo_ad_servers %list_addr%
+
+del /Q /F /S %dst_dir%\unbound_ad_servers
+
+for /F "eol=; tokens=*" %%a in (%work_dir%\yoyo_ad_servers) do (
+echo local-zone: %%a redirect>>%dst_dir%\unbound_ad_servers
+echo local-data: "%%a A 127.0.0.1">>%dst_dir%\unbound_ad_servers
+)
+
+echo Done.
+rem  then add an include line to your unbound.conf pointing to the full path of
+rem  the unbound_ad_servers file:
+rem
+rem   include: $dst_dir/unbound_ad_servers
+rem

contrib/unbound_cache.cmd

@@ -0,0 +1,65 @@
+@echo off
+rem --------------------------------------------------------------
+rem -- DNS cache save/load script
+rem --
+rem -- Version 1.0
+rem -- By Yuri Voinov (c) 2014
+rem --------------------------------------------------------------
+
+rem Variables
+set prefix="C:\Program Files (x86)"
+set program_path=%prefix%\Unbound
+set uc=%program_path%\unbound-control.exe
+set fname="unbound_cache.dmp"
+
+rem Check Unbound installed
+if exist %uc% goto start
+echo Unbound control not found. Exiting...
+exit 1
+
+:start
+
+set arg=%1
+
+if /I "%arg%" == "-h" goto help
+
+if "%arg%" == "" (
+echo Loading cache from %program_path%\%fname%
+type %program_path%\%fname%|%uc% load_cache
+goto end
+)
+
+if /I "%arg%" == "-s" (
+echo Saving cache to %program_path%\%fname%
+%uc% dump_cache>%program_path%\%fname%
+echo ok
+goto end
+)
+
+if /I "%arg%" == "-l" (
+echo Loading cache from %program_path%\%fname%
+type %program_path%\%fname%|%uc% load_cache
+goto end
+)
+
+if /I "%arg%" == "-r" (
+echo Saving cache to %program_path%\%fname%
+%uc% dump_cache>%program_path%\%fname%
+echo ok
+echo Loading cache from %program_path%\%fname%
+type %program_path%\%fname%|%uc% load_cache
+goto end
+)
+
+:help
+echo Usage: unbound_cache.cmd [-s] or [-l] or [-r] or [-h]
+echo.
+echo l - Load - default mode. Warming up Unbound DNS cache from saved file. cache-ttl must be high value.
+echo s - Save - save Unbound DNS cache contents to plain file with domain names.
+echo r - Reload - reloadind new cache entries and refresh existing cache
+echo h - this screen.
+echo Note: Run without any arguments will be in default mode.
+echo       Also, unbound-control must be configured.
+exit 1
+
+:end

doc/Changelog

@@ -1,3 +1,10 @@
+8 May 2014: Wouter
+	- Contrib windows scripts from Yuri Voinov added to src/contrib:
+	  create_unbound_ad_servers.cmd: enters anti-ad server lists.
+	  unbound_cache.cmd: saves and loads the cache.
+	- Added unbound-control-setup.cmd from Yuri Voinov to the windows
+	  unbound distribution set.  It requires openssl installed in %PATH%.
+
 6 May 2014: Wouter
 	- Change MAX_SENT_COUNT from 16 to 32 to resolve some cases easier.
 

makedist.sh

@@ -290,9 +290,9 @@ if [ "$DOWIN" = "yes" ]; then
     $strip unbound-service-remove.exe
     cd tmp.$$
     cp ../doc/example.conf example.conf
-    cp ../unbound.exe ../unbound-anchor.exe ../unbound-host.exe ../unbound-control.exe ../unbound-checkconf.exe ../unbound-service-install.exe ../unbound-service-remove.exe ../LICENSE ../winrc/unbound-website.url ../winrc/service.conf ../winrc/README.txt .
+    cp ../unbound.exe ../unbound-anchor.exe ../unbound-host.exe ../unbound-control.exe ../unbound-checkconf.exe ../unbound-service-install.exe ../unbound-service-remove.exe ../LICENSE ../winrc/unbound-control-setup.cmd ../winrc/unbound-website.url ../winrc/service.conf ../winrc/README.txt .
     # zipfile
-    zip ../$file LICENSE README.txt unbound.exe unbound-anchor.exe unbound-host.exe unbound-control.exe unbound-checkconf.exe unbound-service-install.exe unbound-service-remove.exe example.conf service.conf unbound-website.url
+    zip ../$file LICENSE README.txt unbound.exe unbound-anchor.exe unbound-host.exe unbound-control.exe unbound-checkconf.exe unbound-service-install.exe unbound-service-remove.exe unbound-control-setup.cmd example.conf service.conf unbound-website.url
     info "Testing $file"
     (cd .. ; zip -T $file )
     # installer

winrc/setup.nsi

@@ -107,6 +107,7 @@ section "-hidden.postinstall"
 	File "..\unbound-service-install.exe"
 	File "..\unbound-service-remove.exe"
 	File "..\anchor-update.exe"
+	File "unbound-control-setup.cmd"
 	File "unbound-website.url"
 	File "service.conf"
 	File "..\doc\example.conf"
@@ -209,6 +210,7 @@ section "un.Unbound"
 	Delete "$INSTDIR\unbound-service-install.exe"
 	Delete "$INSTDIR\unbound-service-remove.exe"
 	Delete "$INSTDIR\anchor-update.exe"
+	Delete "$INSTDIR\unbound-control-setup.cmd"
 	Delete "$INSTDIR\unbound-website.url"
 	Delete "$INSTDIR\service.conf"
 	Delete "$INSTDIR\example.conf"

winrc/unbound-control-setup.cmd

@@ -0,0 +1,167 @@
+@Echo off
+rem
+rem unbound-control-setup.cmd - set up SSL certificates for unbound-control
+rem
+rem Copyright (c) 2008, NLnet Labs. All rights reserved.
+rem Modified for Windows by Y.Voinov (c) 2014
+rem
+rem This software is open source.
+rem 
+rem Redistribution and use in source and binary forms, with or without
+rem modification, are permitted provided that the following conditions
+rem are met:
+rem 
+rem Redistributions of source code must retain the above copyright notice,
+rem this list of conditions and the following disclaimer.
+rem 
+rem Redistributions in binary form must reproduce the above copyright notice,
+rem this list of conditions and the following disclaimer in the documentation
+rem and/or other materials provided with the distribution.
+rem 
+rem Neither the name of the NLNET LABS nor the names of its contributors may
+rem be used to endorse or promote products derived from this software without
+rem specific prior written permission.
+rem 
+rem THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+rem "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+rem LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+rem A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+rem HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+rem SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+rem TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+rem PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+rem LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+rem NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+rem SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+rem settings:
+
+rem directory for files
+set prefix="C:\Program Files (x86)"
+set DESTDIR=%prefix%\Unbound
+
+rem issuer and subject name for certificates
+set SERVERNAME=unbound
+set CLIENTNAME=unbound-control
+
+rem validity period for certificates
+set DAYS=7200
+
+rem size of keys in bits
+set BITS=1536
+
+rem hash algorithm
+set HASH=sha256
+
+rem base name for unbound server keys
+set SVR_BASE=unbound_server
+
+rem base name for unbound-control keys
+set CTL_BASE=unbound_control
+
+rem end of options
+
+rem Check OpenSSL installed
+for /f "delims=" %%a in ('where openssl') do @set SSL_PROGRAM=%%a
+if /I %SSL_PROGRAM%=="" (
+echo SSL not found. If installed, add path to PATH environment variable.
+exit 1
+)
+echo SSL found: %SSL_PROGRAM%
+
+set arg=%1
+if /I "%arg%" == "-h" goto help
+if /I "%arg%"=="-d" set DESTDIR=%2
+
+rem go!:
+echo setup in directory %DESTDIR%
+cd %$DESTDIR%
+
+rem create certificate keys; do not recreate if they already exist.
+if exist $SVR_BASE.key (
+echo %SVR_BASE%.key exists
+goto next
+)
+echo generating %SVR_BASE%.key
+%SSL_PROGRAM% genrsa -out %SVR_BASE%.key %BITS% || echo could not genrsa && exit 1
+
+:next
+if exist %CTL_BASE%.key (
+echo %CTL_BASE%.key exists
+goto next2
+)
+echo generating %CTL_BASE%.key
+%SSL_PROGRAM% genrsa -out %CTL_BASE%.key %BITS% || echo could not genrsa && exit 1
+
+:next2
+rem create self-signed cert for server
+if exist request.cfg (del /F /Q /S request.cfg)
+echo [req]>>request.cfg
+echo default_bits=%BITS%>>request.cfg
+echo default_md=%HASH%>>request.cfg
+echo prompt=no>>request.cfg
+echo distinguished_name=req_distinguished_name>>request.cfg
+echo.>>request.cfg
+echo [req_distinguished_name]>>request.cfg
+echo commonName=%SERVERNAME%>>request.cfg
+
+if not exist request.cfg (
+echo could not create request.cfg
+exit 1
+)
+
+echo create %SVR_BASE%.pem (self signed certificate)
+%SSL_PROGRAM% req -key %SVR_BASE%.key -config request.cfg  -new -x509 -days %DAYS% -out %SVR_BASE%.pem || echo could not create %SVR_BASE%.pem && exit 1
+rem create trusted usage pem
+%SSL_PROGRAM% x509 -in %SVR_BASE%.pem -addtrust serverAuth -out %SVR_BASE%_trust.pem
+
+rem create client request and sign it
+if exist request.cfg (del /F /Q /S request.cfg)
+echo [req]>>request.cfg
+echo default_bits=%BITS%>>request.cfg
+echo default_md=%HASH%>>request.cfg
+echo prompt=no>>request.cfg
+echo distinguished_name=req_distinguished_name>>request.cfg
+echo.>>request.cfg
+echo [req_distinguished_name]>>request.cfg
+echo commonName=%CLIENTNAME%>>request.cfg
+
+if not exist request.cfg (
+echo could not create request.cfg
+exit 1
+)
+
+echo create %CTL_BASE%.pem (signed client certificate)
+%SSL_PROGRAM% req -key %CTL_BASE%.key -config request.cfg -new | %SSL_PROGRAM% x509 -req -days %DAYS% -CA %SVR_BASE%_trust.pem -CAkey %SVR_BASE%.key -CAcreateserial -%HASH% -out %CTL_BASE%.pem
+
+if not exist %CTL_BASE%.pem (
+echo could not create %CTL_BASE%.pem
+exit 1
+)
+rem create trusted usage pem
+rem %SSL_PROGRAM% x509 -in %CTL_BASE%.pem -addtrust clientAuth -out %CTL_BASE%_trust.pem
+
+rem see details with %SSL_PROGRAM% x509 -noout -text < %SVR_BASE%.pem
+rem echo "create %CTL_BASE%_browser.pfx (web client certificate)"
+rem echo "create webbrowser PKCSrem12 .PFX certificate file. In Firefox import in:"
+rem echo "preferences - advanced - encryption - view certificates - your certs"
+rem echo "empty password is used, simply click OK on the password dialog box."
+rem %SSL_PROGRAM% pkcs12 -export -in %CTL_BASE%_trust.pem -inkey %CTL_BASE%.key -name "unbound remote control client cert" -out %CTL_BASE%_browser.pfx -password "pass:" || echo could not create browser certificate && exit 1
+
+rem remove crap
+del /F /Q /S request.cfg
+del /F /Q /S %CTL_BASE%_trust.pem 
+del /F /Q /S %SVR_BASE%_trust.pem 
+del /F /Q /S %SVR_BASE%_trust.srl
+
+echo Setup success. Certificates created. Enable in unbound.conf file to use
+
+exit 0
+
+:help
+echo unbound-control-setup.cmd - setup SSL keys for unbound-control
+echo 	-d dir	use directory to store keys and certificates.
+echo 		default: %DESTDIR%
+echo please run this command using the same user id that the 
+echo unbound daemon uses, it needs read privileges.
+exit 1