summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorTodd C. Miller <millert@cvs.openbsd.org>1998-05-23 19:24:57 +0000
committerTodd C. Miller <millert@cvs.openbsd.org>1998-05-23 19:24:57 +0000
commit0aa08ff3124bbea801482fbcabdff4ab1789425e (patch)
tree92af530f1ffdeebaa7e44360c5214aebaf35a9f1
parentb50b44b25702e59c16baa14890a084ff8e87558a (diff)
support for easy chroot'ing to /var/named and install named-xfer in /var/named as a static binary
-rw-r--r--usr.sbin/named/Makefile.inc3
-rw-r--r--usr.sbin/named/man/named.88
-rw-r--r--usr.sbin/named/named-xfer/Makefile7
-rw-r--r--usr.sbin/named/named/db_func.h4
-rw-r--r--usr.sbin/named/named/db_reload.c10
-rw-r--r--usr.sbin/named/named/ns_glob.h5
-rw-r--r--usr.sbin/named/named/ns_main.c26
-rw-r--r--usr.sbin/named/named/ns_maint.c10
-rw-r--r--usr.sbin/named/ndc/Makefile3
-rw-r--r--usr.sbin/named/ndc/ndc.sh30
10 files changed, 75 insertions, 31 deletions
diff --git a/usr.sbin/named/Makefile.inc b/usr.sbin/named/Makefile.inc
index 18f527c4914..7b20ac4350b 100644
--- a/usr.sbin/named/Makefile.inc
+++ b/usr.sbin/named/Makefile.inc
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile.inc,v 1.6 1997/09/21 11:43:59 deraadt Exp $
+# $OpenBSD: Makefile.inc,v 1.7 1998/05/23 19:24:45 millert Exp $
BIND_DIR= ${.CURDIR}/..
@@ -6,6 +6,7 @@ VER!= awk -F' *= *' '$$1 == "VER" { print $$2 ; exit }' \
${BIND_DIR}/Makefile
PIDDIR= /var/run
+CHROOTDIR= /var/named
PS= ps
IOT= ABRT
diff --git a/usr.sbin/named/man/named.8 b/usr.sbin/named/man/named.8
index 952a9ef1608..d66de8d9d92 100644
--- a/usr.sbin/named/man/named.8
+++ b/usr.sbin/named/man/named.8
@@ -1,4 +1,4 @@
-.\" $OpenBSD: named.8,v 1.4 1998/05/22 07:09:12 millert Exp $
+.\" $OpenBSD: named.8,v 1.5 1998/05/23 19:24:46 millert Exp $
.\" ++Copyright++ 1985
.\" -
.\" Copyright (c) 1985
@@ -130,6 +130,12 @@ specified may be either a username or a numeric user id. If the
flag is not specified, then the group id used will be the primary group of
the user specified (initgroups() is called, so all of the user's groups will
be available to the server).
+.br
+\fINote:\fP normally, \fInamed\fP will rescan the active ethernet
+interfaces when it receives SIGHUP. Use of the
+.B \-u
+option makes this impossible since the default port that named listens
+on is a reserved port that only the superuser may bind to.
.TP
.B \-g
Specifies the group the server should run as after it initializes. The value
diff --git a/usr.sbin/named/named-xfer/Makefile b/usr.sbin/named/named-xfer/Makefile
index bc424061fb6..42b0ebf22bb 100644
--- a/usr.sbin/named/named-xfer/Makefile
+++ b/usr.sbin/named/named-xfer/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.2 1997/03/12 10:42:43 downsj Exp $
+# $OpenBSD: Makefile,v 1.3 1998/05/23 19:24:54 millert Exp $
# $NetBSD: Makefile,v 1.2 1996/02/04 12:02:12 mrg Exp $
# from: $Id: Makefile,v 8.2 1995/12/31 23:28:01 vixie Exp
@@ -7,10 +7,11 @@
PROG= named-xfer
SRCS= named-xfer.c db_glue.c storage.c version.c
-CFLAGS+= ${INCLUDE} -I${.CURDIR}/../named ${CONFIG}
+CFLAGS+= ${INCLUDE} -I${.CURDIR}/../named ${CONFIG}
LDADD= ${LIBRESOLV}
MAN= named-xfer.8
-BINDIR= /usr/libexec
+BINDIR= /var/named
+LDSTATIC= ${STATIC}
.include <bsd.prog.mk>
.include "../../Makefile.inc"
diff --git a/usr.sbin/named/named/db_func.h b/usr.sbin/named/named/db_func.h
index 43486481f1b..b0e006a7f1e 100644
--- a/usr.sbin/named/named/db_func.h
+++ b/usr.sbin/named/named/db_func.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: db_func.h,v 1.3 1998/05/22 00:47:32 millert Exp $ */
+/* $OpenBSD: db_func.h,v 1.4 1998/05/23 19:24:48 millert Exp $ */
/* db_proc.h - prototypes for functions in db_*.c
*
@@ -17,7 +17,7 @@ extern void fixttl __P((struct databuf *dp));
/* --from db_update.c-- */
/* ++from db_reload.c++ */
-extern void db_reload __P((void));
+extern void db_reload __P((int));
/* --from db_reload.c-- */
/* ++from db_save.c++ */
diff --git a/usr.sbin/named/named/db_reload.c b/usr.sbin/named/named/db_reload.c
index 39871ff658d..22ca1717d32 100644
--- a/usr.sbin/named/named/db_reload.c
+++ b/usr.sbin/named/named/db_reload.c
@@ -1,11 +1,11 @@
-/* $OpenBSD: db_reload.c,v 1.2 1997/03/12 10:42:25 downsj Exp $ */
+/* $OpenBSD: db_reload.c,v 1.3 1998/05/23 19:24:49 millert Exp $ */
#if !defined(lint) && !defined(SABER)
#if 0
static char sccsid[] = "@(#)db_reload.c 4.22 (Berkeley) 3/21/91";
static char rcsid[] = "$From: db_reload.c,v 8.3 1996/08/27 08:33:23 vixie Exp $";
#else
-static char rcsid[] = "$OpenBSD: db_reload.c,v 1.2 1997/03/12 10:42:25 downsj Exp $";
+static char rcsid[] = "$OpenBSD: db_reload.c,v 1.3 1998/05/23 19:24:49 millert Exp $";
#endif
#endif /* not lint */
@@ -78,14 +78,16 @@ static char rcsid[] = "$OpenBSD: db_reload.c,v 1.2 1997/03/12 10:42:25 downsj Ex
* Flush and reload data base.
*/
void
-db_reload()
+db_reload(reloadnets)
+ int reloadnets;
{
dprintf(3, (ddt, "reload()\n"));
syslog(LOG_NOTICE, "reloading nameserver\n");
qflush();
sqflush(NULL);
- getnetconf();
+ if (reloadnets)
+ getnetconf();
#ifdef FORCED_RELOAD
reloading = 1; /* to force transfer if secondary and backing up */
#endif
diff --git a/usr.sbin/named/named/ns_glob.h b/usr.sbin/named/named/ns_glob.h
index 87eaed92a68..8302ed8810c 100644
--- a/usr.sbin/named/named/ns_glob.h
+++ b/usr.sbin/named/named/ns_glob.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: ns_glob.h,v 1.3 1998/05/22 00:47:39 millert Exp $ */
+/* $OpenBSD: ns_glob.h,v 1.4 1998/05/23 19:24:50 millert Exp $ */
/*
* from ns.h 4.33 (Berkeley) 8/23/90
@@ -197,6 +197,9 @@ DECL char *debugfile INIT(DEBUGFILE);
DECL char *debugfile INIT(_PATH_DEBUG);
#endif
+ /* default path to named-xfer */
+DECL char *NamedXfer INIT(_PATH_XFER);
+
#ifdef WANT_PIDFILE
/* file to store current named PID */
#ifdef PIDFILE
diff --git a/usr.sbin/named/named/ns_main.c b/usr.sbin/named/named/ns_main.c
index af9c08baf39..94db109ec7b 100644
--- a/usr.sbin/named/named/ns_main.c
+++ b/usr.sbin/named/named/ns_main.c
@@ -1,11 +1,11 @@
-/* $OpenBSD: ns_main.c,v 1.13 1998/05/22 19:34:44 millert Exp $ */
+/* $OpenBSD: ns_main.c,v 1.14 1998/05/23 19:24:51 millert Exp $ */
#if !defined(lint) && !defined(SABER)
#if 0
static char sccsid[] = "@(#)ns_main.c 4.55 (Berkeley) 7/1/91";
static char rcsid[] = "$From: ns_main.c,v 8.26 1998/05/11 04:19:45 vixie Exp $";
#else
-static char rcsid[] = "$OpenBSD: ns_main.c,v 1.13 1998/05/22 19:34:44 millert Exp $";
+static char rcsid[] = "$OpenBSD: ns_main.c,v 1.14 1998/05/23 19:24:51 millert Exp $";
#endif
#endif /* not lint */
@@ -397,6 +397,25 @@ main(argc, argv, envp)
strerror(errno));
exit(1);
}
+ /*
+ * Paths to boot file, pid file and named-xfer need to
+ * be relative if their parent dirs do not exist. This
+ * is to allow chroot'ing to the named homedir.
+ */
+ p = dirname(bootfile);
+ if ((stat(bootfile, &sb) != 0 || !S_ISDIR(sb.st_mode)) &&
+ (p = strrchr(bootfile, '/')))
+ bootfile = p + 1;
+
+ p = dirname(PidFile);
+ if ((stat(PidFile, &sb) != 0 || !S_ISDIR(sb.st_mode)) &&
+ (p = strrchr(PidFile, '/')))
+ PidFile = p + 1;
+
+ p = dirname(NamedXfer);
+ if ((stat(NamedXfer, &sb) != 0 || !S_ISDIR(sb.st_mode)) &&
+ (p = strrchr(NamedXfer, '/')))
+ NamedXfer = p + 1;
}
n = 0;
@@ -739,7 +758,7 @@ main(argc, argv, envp)
#endif /* XSTATS */
if (needreload) {
needreload = 0;
- db_reload();
+ db_reload((user_name == NULL));
}
if (needStatsDump) {
needStatsDump = 0;
@@ -1229,6 +1248,7 @@ getnetconf()
dqp->dq_addr = ((struct sockaddr_in *)
&ifreq.ifr_addr)->sin_addr;
dqp->dq_gen = my_generation;
+ /* XXX - this will fail on reload if we run as non-root */
opensocket(dqp);
dprintf(1, (ddt, "listening [%s]\n",
inet_ntoa(((struct sockaddr_in *)
diff --git a/usr.sbin/named/named/ns_maint.c b/usr.sbin/named/named/ns_maint.c
index fa56f8755a7..c555795b82f 100644
--- a/usr.sbin/named/named/ns_maint.c
+++ b/usr.sbin/named/named/ns_maint.c
@@ -1,11 +1,11 @@
-/* $OpenBSD: ns_maint.c,v 1.2 1997/03/12 10:42:31 downsj Exp $ */
+/* $OpenBSD: ns_maint.c,v 1.3 1998/05/23 19:24:52 millert Exp $ */
#if !defined(lint) && !defined(SABER)
#if 0
static char sccsid[] = "@(#)ns_maint.c 4.39 (Berkeley) 3/2/91";
static char rcsid[] = "$From: ns_maint.c,v 8.18 1996/09/22 00:13:10 vixie Exp $";
#else
-static char rcsid[] = "$OpenBSD: ns_maint.c,v 1.2 1997/03/12 10:42:31 downsj Exp $";
+static char rcsid[] = "$OpenBSD: ns_maint.c,v 1.3 1998/05/23 19:24:52 millert Exp $";
#endif
#endif /* not lint */
@@ -407,7 +407,7 @@ startxfer(zp)
dprintf(1, (ddt, "startxfer() %s\n", zp->z_origin));
- argv[argc++] = _PATH_XFER;
+ argv[argc++] = NamedXfer;
argv[argc++] = "-z";
argv[argc++] = zp->z_origin;
argv[argc++] = "-f";
@@ -495,8 +495,8 @@ startxfer(zp)
if (pid == 0) {
/* Child. */
- execv(_PATH_XFER, argv);
- syslog(LOG_ERR, "can't exec %s: %m", _PATH_XFER);
+ execv(NamedXfer, argv);
+ syslog(LOG_ERR, "can't exec %s: %m", NamedXfer);
_exit(XFER_FAIL); /* Avoid duplicate buffer flushes. */
}
/* Parent. */
diff --git a/usr.sbin/named/ndc/Makefile b/usr.sbin/named/ndc/Makefile
index 2b02af67feb..73500375150 100644
--- a/usr.sbin/named/ndc/Makefile
+++ b/usr.sbin/named/ndc/Makefile
@@ -1,4 +1,4 @@
-# $OpenBSD: Makefile,v 1.6 1997/04/27 20:57:02 millert Exp $
+# $OpenBSD: Makefile,v 1.7 1998/05/23 19:24:55 millert Exp $
# $NetBSD: Makefile,v 1.1 1996/02/02 15:29:48 mrg Exp $
# from: $Id: Makefile,v 8.1 1994/12/15 06:23:47 vixie Exp
@@ -14,6 +14,7 @@ realinstall: ndc
ndc: ndc.sh Makefile ${.CURDIR}/../Makefile.inc
sed -e "s|%PIDDIR%|${PIDDIR}|" \
+ -e "s|%CHROOTDIR%|${CHROOTDIR}|" \
-e "s|%PS%|${PS}|" \
-e "s|%DESTSBIN%|${BINDIR}|" \
-e "s|%IOT%|${IOT}|" \
diff --git a/usr.sbin/named/ndc/ndc.sh b/usr.sbin/named/ndc/ndc.sh
index db5a0e2d624..250fc966687 100644
--- a/usr.sbin/named/ndc/ndc.sh
+++ b/usr.sbin/named/ndc/ndc.sh
@@ -1,5 +1,5 @@
#!/bin/sh
-# $OpenBSD: ndc.sh,v 1.7 1998/05/23 18:51:27 millert Exp $
+# $OpenBSD: ndc.sh,v 1.8 1998/05/23 19:24:56 millert Exp $
USAGE='echo \
"usage: $0 \
@@ -8,27 +8,37 @@ USAGE='echo \
"; exit 1'
PATH=%DESTSBIN%:/bin:/usr/bin:/usr/ucb:$PATH
-PIDFILE=%PIDDIR%/named.pid
+CHROOTDIR=%CHROOTDIR%
+PIDFILE=${CHROOTDIR}/named.pid
NAMED_CMD=named
RUNNING=0
-if [ -f $PIDFILE ]
-then
+#
+# Pid file may live in chroot dir, check there first.
+#
+if [ -f $PIDFILE ]; then
PID=`sed 1q $PIDFILE`
NAMED_CMD=`tail -1 $PIDFILE`
case "`kill -0 $PID 2>&1`" in
""|*"not permitted"*) RUNNING=1;;
esac
+fi
+if [ ${RUNNING} -eq 0 -a -f %PIDDIR%/named.pid ]; then
+ PIDFILE=%PIDDIR%/named.pid
+ PID=`sed 1q $PIDFILE`
+ NAMED_CMD=`tail -1 $PIDFILE`
+ case "`kill -0 $PID 2>&1`" in
+ ""|*"not permitted"*) RUNNING=1;;
+ esac
+fi
+
+if [ ${RUNNING} -eq 1 ]; then
PS=`%PS% $PID | tail -1 | grep $PID`
[ `echo $PS | wc -w` -ne 0 ] || {
- if [ $RUNNING -eq 1 ]; then
- PS="named (pid $PID) can't get name list"
- else
- PS="named (pid $PID?) not running"
- fi
+ PS="named (pid $PID) can't get name list"
}
else
- PS="named (no pid file) not running"
+ PS="named not running"
fi
for ARG