diff options
author | Todd C. Miller <millert@cvs.openbsd.org> | 1998-05-23 19:24:57 +0000 |
---|---|---|
committer | Todd C. Miller <millert@cvs.openbsd.org> | 1998-05-23 19:24:57 +0000 |
commit | 0aa08ff3124bbea801482fbcabdff4ab1789425e (patch) | |
tree | 92af530f1ffdeebaa7e44360c5214aebaf35a9f1 | |
parent | b50b44b25702e59c16baa14890a084ff8e87558a (diff) |
support for easy chroot'ing to /var/named and install named-xfer in /var/named as a static binary
-rw-r--r-- | usr.sbin/named/Makefile.inc | 3 | ||||
-rw-r--r-- | usr.sbin/named/man/named.8 | 8 | ||||
-rw-r--r-- | usr.sbin/named/named-xfer/Makefile | 7 | ||||
-rw-r--r-- | usr.sbin/named/named/db_func.h | 4 | ||||
-rw-r--r-- | usr.sbin/named/named/db_reload.c | 10 | ||||
-rw-r--r-- | usr.sbin/named/named/ns_glob.h | 5 | ||||
-rw-r--r-- | usr.sbin/named/named/ns_main.c | 26 | ||||
-rw-r--r-- | usr.sbin/named/named/ns_maint.c | 10 | ||||
-rw-r--r-- | usr.sbin/named/ndc/Makefile | 3 | ||||
-rw-r--r-- | usr.sbin/named/ndc/ndc.sh | 30 |
10 files changed, 75 insertions, 31 deletions
diff --git a/usr.sbin/named/Makefile.inc b/usr.sbin/named/Makefile.inc index 18f527c4914..7b20ac4350b 100644 --- a/usr.sbin/named/Makefile.inc +++ b/usr.sbin/named/Makefile.inc @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile.inc,v 1.6 1997/09/21 11:43:59 deraadt Exp $ +# $OpenBSD: Makefile.inc,v 1.7 1998/05/23 19:24:45 millert Exp $ BIND_DIR= ${.CURDIR}/.. @@ -6,6 +6,7 @@ VER!= awk -F' *= *' '$$1 == "VER" { print $$2 ; exit }' \ ${BIND_DIR}/Makefile PIDDIR= /var/run +CHROOTDIR= /var/named PS= ps IOT= ABRT diff --git a/usr.sbin/named/man/named.8 b/usr.sbin/named/man/named.8 index 952a9ef1608..d66de8d9d92 100644 --- a/usr.sbin/named/man/named.8 +++ b/usr.sbin/named/man/named.8 @@ -1,4 +1,4 @@ -.\" $OpenBSD: named.8,v 1.4 1998/05/22 07:09:12 millert Exp $ +.\" $OpenBSD: named.8,v 1.5 1998/05/23 19:24:46 millert Exp $ .\" ++Copyright++ 1985 .\" - .\" Copyright (c) 1985 @@ -130,6 +130,12 @@ specified may be either a username or a numeric user id. If the flag is not specified, then the group id used will be the primary group of the user specified (initgroups() is called, so all of the user's groups will be available to the server). +.br +\fINote:\fP normally, \fInamed\fP will rescan the active ethernet +interfaces when it receives SIGHUP. Use of the +.B \-u +option makes this impossible since the default port that named listens +on is a reserved port that only the superuser may bind to. .TP .B \-g Specifies the group the server should run as after it initializes. The value diff --git a/usr.sbin/named/named-xfer/Makefile b/usr.sbin/named/named-xfer/Makefile index bc424061fb6..42b0ebf22bb 100644 --- a/usr.sbin/named/named-xfer/Makefile +++ b/usr.sbin/named/named-xfer/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.2 1997/03/12 10:42:43 downsj Exp $ +# $OpenBSD: Makefile,v 1.3 1998/05/23 19:24:54 millert Exp $ # $NetBSD: Makefile,v 1.2 1996/02/04 12:02:12 mrg Exp $ # from: $Id: Makefile,v 8.2 1995/12/31 23:28:01 vixie Exp @@ -7,10 +7,11 @@ PROG= named-xfer SRCS= named-xfer.c db_glue.c storage.c version.c -CFLAGS+= ${INCLUDE} -I${.CURDIR}/../named ${CONFIG} +CFLAGS+= ${INCLUDE} -I${.CURDIR}/../named ${CONFIG} LDADD= ${LIBRESOLV} MAN= named-xfer.8 -BINDIR= /usr/libexec +BINDIR= /var/named +LDSTATIC= ${STATIC} .include <bsd.prog.mk> .include "../../Makefile.inc" diff --git a/usr.sbin/named/named/db_func.h b/usr.sbin/named/named/db_func.h index 43486481f1b..b0e006a7f1e 100644 --- a/usr.sbin/named/named/db_func.h +++ b/usr.sbin/named/named/db_func.h @@ -1,4 +1,4 @@ -/* $OpenBSD: db_func.h,v 1.3 1998/05/22 00:47:32 millert Exp $ */ +/* $OpenBSD: db_func.h,v 1.4 1998/05/23 19:24:48 millert Exp $ */ /* db_proc.h - prototypes for functions in db_*.c * @@ -17,7 +17,7 @@ extern void fixttl __P((struct databuf *dp)); /* --from db_update.c-- */ /* ++from db_reload.c++ */ -extern void db_reload __P((void)); +extern void db_reload __P((int)); /* --from db_reload.c-- */ /* ++from db_save.c++ */ diff --git a/usr.sbin/named/named/db_reload.c b/usr.sbin/named/named/db_reload.c index 39871ff658d..22ca1717d32 100644 --- a/usr.sbin/named/named/db_reload.c +++ b/usr.sbin/named/named/db_reload.c @@ -1,11 +1,11 @@ -/* $OpenBSD: db_reload.c,v 1.2 1997/03/12 10:42:25 downsj Exp $ */ +/* $OpenBSD: db_reload.c,v 1.3 1998/05/23 19:24:49 millert Exp $ */ #if !defined(lint) && !defined(SABER) #if 0 static char sccsid[] = "@(#)db_reload.c 4.22 (Berkeley) 3/21/91"; static char rcsid[] = "$From: db_reload.c,v 8.3 1996/08/27 08:33:23 vixie Exp $"; #else -static char rcsid[] = "$OpenBSD: db_reload.c,v 1.2 1997/03/12 10:42:25 downsj Exp $"; +static char rcsid[] = "$OpenBSD: db_reload.c,v 1.3 1998/05/23 19:24:49 millert Exp $"; #endif #endif /* not lint */ @@ -78,14 +78,16 @@ static char rcsid[] = "$OpenBSD: db_reload.c,v 1.2 1997/03/12 10:42:25 downsj Ex * Flush and reload data base. */ void -db_reload() +db_reload(reloadnets) + int reloadnets; { dprintf(3, (ddt, "reload()\n")); syslog(LOG_NOTICE, "reloading nameserver\n"); qflush(); sqflush(NULL); - getnetconf(); + if (reloadnets) + getnetconf(); #ifdef FORCED_RELOAD reloading = 1; /* to force transfer if secondary and backing up */ #endif diff --git a/usr.sbin/named/named/ns_glob.h b/usr.sbin/named/named/ns_glob.h index 87eaed92a68..8302ed8810c 100644 --- a/usr.sbin/named/named/ns_glob.h +++ b/usr.sbin/named/named/ns_glob.h @@ -1,4 +1,4 @@ -/* $OpenBSD: ns_glob.h,v 1.3 1998/05/22 00:47:39 millert Exp $ */ +/* $OpenBSD: ns_glob.h,v 1.4 1998/05/23 19:24:50 millert Exp $ */ /* * from ns.h 4.33 (Berkeley) 8/23/90 @@ -197,6 +197,9 @@ DECL char *debugfile INIT(DEBUGFILE); DECL char *debugfile INIT(_PATH_DEBUG); #endif + /* default path to named-xfer */ +DECL char *NamedXfer INIT(_PATH_XFER); + #ifdef WANT_PIDFILE /* file to store current named PID */ #ifdef PIDFILE diff --git a/usr.sbin/named/named/ns_main.c b/usr.sbin/named/named/ns_main.c index af9c08baf39..94db109ec7b 100644 --- a/usr.sbin/named/named/ns_main.c +++ b/usr.sbin/named/named/ns_main.c @@ -1,11 +1,11 @@ -/* $OpenBSD: ns_main.c,v 1.13 1998/05/22 19:34:44 millert Exp $ */ +/* $OpenBSD: ns_main.c,v 1.14 1998/05/23 19:24:51 millert Exp $ */ #if !defined(lint) && !defined(SABER) #if 0 static char sccsid[] = "@(#)ns_main.c 4.55 (Berkeley) 7/1/91"; static char rcsid[] = "$From: ns_main.c,v 8.26 1998/05/11 04:19:45 vixie Exp $"; #else -static char rcsid[] = "$OpenBSD: ns_main.c,v 1.13 1998/05/22 19:34:44 millert Exp $"; +static char rcsid[] = "$OpenBSD: ns_main.c,v 1.14 1998/05/23 19:24:51 millert Exp $"; #endif #endif /* not lint */ @@ -397,6 +397,25 @@ main(argc, argv, envp) strerror(errno)); exit(1); } + /* + * Paths to boot file, pid file and named-xfer need to + * be relative if their parent dirs do not exist. This + * is to allow chroot'ing to the named homedir. + */ + p = dirname(bootfile); + if ((stat(bootfile, &sb) != 0 || !S_ISDIR(sb.st_mode)) && + (p = strrchr(bootfile, '/'))) + bootfile = p + 1; + + p = dirname(PidFile); + if ((stat(PidFile, &sb) != 0 || !S_ISDIR(sb.st_mode)) && + (p = strrchr(PidFile, '/'))) + PidFile = p + 1; + + p = dirname(NamedXfer); + if ((stat(NamedXfer, &sb) != 0 || !S_ISDIR(sb.st_mode)) && + (p = strrchr(NamedXfer, '/'))) + NamedXfer = p + 1; } n = 0; @@ -739,7 +758,7 @@ main(argc, argv, envp) #endif /* XSTATS */ if (needreload) { needreload = 0; - db_reload(); + db_reload((user_name == NULL)); } if (needStatsDump) { needStatsDump = 0; @@ -1229,6 +1248,7 @@ getnetconf() dqp->dq_addr = ((struct sockaddr_in *) &ifreq.ifr_addr)->sin_addr; dqp->dq_gen = my_generation; + /* XXX - this will fail on reload if we run as non-root */ opensocket(dqp); dprintf(1, (ddt, "listening [%s]\n", inet_ntoa(((struct sockaddr_in *) diff --git a/usr.sbin/named/named/ns_maint.c b/usr.sbin/named/named/ns_maint.c index fa56f8755a7..c555795b82f 100644 --- a/usr.sbin/named/named/ns_maint.c +++ b/usr.sbin/named/named/ns_maint.c @@ -1,11 +1,11 @@ -/* $OpenBSD: ns_maint.c,v 1.2 1997/03/12 10:42:31 downsj Exp $ */ +/* $OpenBSD: ns_maint.c,v 1.3 1998/05/23 19:24:52 millert Exp $ */ #if !defined(lint) && !defined(SABER) #if 0 static char sccsid[] = "@(#)ns_maint.c 4.39 (Berkeley) 3/2/91"; static char rcsid[] = "$From: ns_maint.c,v 8.18 1996/09/22 00:13:10 vixie Exp $"; #else -static char rcsid[] = "$OpenBSD: ns_maint.c,v 1.2 1997/03/12 10:42:31 downsj Exp $"; +static char rcsid[] = "$OpenBSD: ns_maint.c,v 1.3 1998/05/23 19:24:52 millert Exp $"; #endif #endif /* not lint */ @@ -407,7 +407,7 @@ startxfer(zp) dprintf(1, (ddt, "startxfer() %s\n", zp->z_origin)); - argv[argc++] = _PATH_XFER; + argv[argc++] = NamedXfer; argv[argc++] = "-z"; argv[argc++] = zp->z_origin; argv[argc++] = "-f"; @@ -495,8 +495,8 @@ startxfer(zp) if (pid == 0) { /* Child. */ - execv(_PATH_XFER, argv); - syslog(LOG_ERR, "can't exec %s: %m", _PATH_XFER); + execv(NamedXfer, argv); + syslog(LOG_ERR, "can't exec %s: %m", NamedXfer); _exit(XFER_FAIL); /* Avoid duplicate buffer flushes. */ } /* Parent. */ diff --git a/usr.sbin/named/ndc/Makefile b/usr.sbin/named/ndc/Makefile index 2b02af67feb..73500375150 100644 --- a/usr.sbin/named/ndc/Makefile +++ b/usr.sbin/named/ndc/Makefile @@ -1,4 +1,4 @@ -# $OpenBSD: Makefile,v 1.6 1997/04/27 20:57:02 millert Exp $ +# $OpenBSD: Makefile,v 1.7 1998/05/23 19:24:55 millert Exp $ # $NetBSD: Makefile,v 1.1 1996/02/02 15:29:48 mrg Exp $ # from: $Id: Makefile,v 8.1 1994/12/15 06:23:47 vixie Exp @@ -14,6 +14,7 @@ realinstall: ndc ndc: ndc.sh Makefile ${.CURDIR}/../Makefile.inc sed -e "s|%PIDDIR%|${PIDDIR}|" \ + -e "s|%CHROOTDIR%|${CHROOTDIR}|" \ -e "s|%PS%|${PS}|" \ -e "s|%DESTSBIN%|${BINDIR}|" \ -e "s|%IOT%|${IOT}|" \ diff --git a/usr.sbin/named/ndc/ndc.sh b/usr.sbin/named/ndc/ndc.sh index db5a0e2d624..250fc966687 100644 --- a/usr.sbin/named/ndc/ndc.sh +++ b/usr.sbin/named/ndc/ndc.sh @@ -1,5 +1,5 @@ #!/bin/sh -# $OpenBSD: ndc.sh,v 1.7 1998/05/23 18:51:27 millert Exp $ +# $OpenBSD: ndc.sh,v 1.8 1998/05/23 19:24:56 millert Exp $ USAGE='echo \ "usage: $0 \ @@ -8,27 +8,37 @@ USAGE='echo \ "; exit 1' PATH=%DESTSBIN%:/bin:/usr/bin:/usr/ucb:$PATH -PIDFILE=%PIDDIR%/named.pid +CHROOTDIR=%CHROOTDIR% +PIDFILE=${CHROOTDIR}/named.pid NAMED_CMD=named RUNNING=0 -if [ -f $PIDFILE ] -then +# +# Pid file may live in chroot dir, check there first. +# +if [ -f $PIDFILE ]; then PID=`sed 1q $PIDFILE` NAMED_CMD=`tail -1 $PIDFILE` case "`kill -0 $PID 2>&1`" in ""|*"not permitted"*) RUNNING=1;; esac +fi +if [ ${RUNNING} -eq 0 -a -f %PIDDIR%/named.pid ]; then + PIDFILE=%PIDDIR%/named.pid + PID=`sed 1q $PIDFILE` + NAMED_CMD=`tail -1 $PIDFILE` + case "`kill -0 $PID 2>&1`" in + ""|*"not permitted"*) RUNNING=1;; + esac +fi + +if [ ${RUNNING} -eq 1 ]; then PS=`%PS% $PID | tail -1 | grep $PID` [ `echo $PS | wc -w` -ne 0 ] || { - if [ $RUNNING -eq 1 ]; then - PS="named (pid $PID) can't get name list" - else - PS="named (pid $PID?) not running" - fi + PS="named (pid $PID) can't get name list" } else - PS="named (no pid file) not running" + PS="named not running" fi for ARG |