diff options
| -rw-r--r-- | usr.sbin/bind/bin/named/include/named/globals.h | 1 | ||||
| -rw-r--r-- | usr.sbin/bind/bin/named/main.c | 23 | ||||
| -rw-r--r-- | usr.sbin/bind/bin/named/server.c | 18 |
3 files changed, 41 insertions, 1 deletions
diff --git a/usr.sbin/bind/bin/named/include/named/globals.h b/usr.sbin/bind/bin/named/include/named/globals.h index c23d87c6d50..1f3a276cba6 100644 --- a/usr.sbin/bind/bin/named/include/named/globals.h +++ b/usr.sbin/bind/bin/named/include/named/globals.h @@ -45,6 +45,7 @@ EXTERN unsigned int ns_g_cpus INIT(0); EXTERN isc_taskmgr_t * ns_g_taskmgr INIT(NULL); EXTERN dns_dispatchmgr_t * ns_g_dispatchmgr INIT(NULL); EXTERN isc_entropy_t * ns_g_entropy INIT(NULL); +EXTERN isc_entropy_t * ns_g_fallbackentropy INIT(NULL); /* * XXXRTH We're going to want multiple timer managers eventually. One * for really short timers, another for client timers, and one diff --git a/usr.sbin/bind/bin/named/main.c b/usr.sbin/bind/bin/named/main.c index cea4ba18de9..7dc7719ee46 100644 --- a/usr.sbin/bind/bin/named/main.c +++ b/usr.sbin/bind/bin/named/main.c @@ -441,6 +441,9 @@ destroy_managers(void) { ns_lwresd_shutdown(); isc_entropy_detach(&ns_g_entropy); + if (ns_g_fallbackentropy != NULL) { + isc_entropy_detach(&ns_g_fallbackentropy); + } /* * isc_taskmgr_destroy() will block until all tasks have exited, */ @@ -466,6 +469,26 @@ setup(void) { ns_os_tzset(); ns_os_opendevnull(); + /* + * Initialize system's random device as fallback entropy source + * if running chroot'ed. + */ + result = isc_entropy_create(ns_g_mctx, &ns_g_fallbackentropy); + if (result != ISC_R_SUCCESS) + ns_main_earlyfatal("isc_entropy_create() failed: %s", + isc_result_totext(result)); +#ifdef PATH_RANDOMDEV + if (ns_g_chrootdir != NULL) { + result = isc_entropy_createfilesource(ns_g_fallbackentropy, + PATH_RANDOMDEV); + if (result != ISC_R_SUCCESS) + ns_main_earlywarning("could not open pre-chroot " + "entropy source %s: %s", + PATH_RANDOMDEV, + isc_result_totext(result)); + } +#endif + ns_os_chroot(ns_g_chrootdir); /* diff --git a/usr.sbin/bind/bin/named/server.c b/usr.sbin/bind/bin/named/server.c index 521151dc297..bfe95abeb1a 100644 --- a/usr.sbin/bind/bin/named/server.c +++ b/usr.sbin/bind/bin/named/server.c @@ -1956,7 +1956,7 @@ load_configuration(const char *filename, ns_server_t *server, const char *randomdev = cfg_obj_asstring(obj); result = isc_entropy_createfilesource(ns_g_entropy, randomdev); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS && ns_g_chrootdir == NULL) { isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_SERVER, @@ -1965,6 +1965,22 @@ load_configuration(const char *filename, ns_server_t *server, "%s: %s", randomdev, isc_result_totext(result)); + } +#ifdef PATH_RANDOMDEV + if (result != ISC_R_SUCCESS && ns_g_chrootdir != NULL) { + isc_log_write(ns_g_lctx, + NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, + ISC_LOG_INFO, + "using pre-chroot entropy source " + "%s", + PATH_RANDOMDEV); + isc_entropy_detach(&ns_g_entropy); + isc_entropy_attach(ns_g_fallbackentropy, + &ns_g_entropy); + + } +#endif } } |