mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 22:15:20 +00:00
Code Issues Releases Wiki Activity

Merge branch '4311-remove-sockaddr_unix' into 'main'

Browse Source 
Completely remove the Unix Domain Socket support from BIND 9

Closes #4311

See merge request isc-projects/bind9!8292
This commit is contained in:
Ondřej Surý
2023-09-19 17:29:53 +00:00
parent 652f2725a0 da4ba38c81
commit 17b08fa614
16 changed files with 97 additions and 429 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@@ -1,3 +1,6 @@
6253. [cleanup] Remove the support for control channel over Unix
Domain Sockets. [GL #4311]
6252. [test] Python system tests have to be executed by invoking
pytest directly. Executing them with the legacy test
runner is no longer supported. [GL #4250]

160
bin/named/controlconf.c
View File

@@ -215,12 +215,7 @@ shutdown_listener(controllistener_t *listener) {
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_CONTROL, ISC_LOG_NOTICE,
"stopping command channel on %s", socktext);
#if 0
/* XXX: no unix domain socket support */
if (listener->type == isc_socktype_unix) {
isc_socket_cleanunix(&listener->address, true);
}
#endif
listener->exiting = true;
}
@@ -237,11 +232,6 @@ address_ok(isc_sockaddr_t *sockaddr, controllistener_t *listener) {
isc_result_t result;
int match;
/* ACL doesn't apply to unix domain sockets */
if (listener->type != isc_socktype_tcp) {
return (true);
}
isc_netaddr_fromsockaddr(&netaddr, sockaddr);
result = dns_acl_match(&netaddr, NULL, listener->acl, env, &match,
@@ -1031,33 +1021,6 @@ update_listener(named_controls_t *cp, controllistener_t **listenerp,
socktext, isc_result_totext(result));
}
#if 0
/* XXX: no unix socket support yet */
if (result == ISC_R_SUCCESS && type == isc_socktype_unix) {
uint32_t perm, owner, group;
perm = cfg_obj_asuint32(cfg_tuple_get(control, "perm"));
owner = cfg_obj_asuint32(cfg_tuple_get(control, "owner"));
group = cfg_obj_asuint32(cfg_tuple_get(control, "group"));
result = ISC_R_SUCCESS;
if (listener->perm != perm || listener->owner != owner ||
listener->group != group)
{
result = isc_socket_permunix(&listener->address, perm,
owner, group);
}
if (result == ISC_R_SUCCESS) {
listener->perm = perm;
listener->owner = owner;
listener->group = group;
} else if (control != NULL) {
cfg_obj_log(control, named_g_lctx, ISC_LOG_WARNING,
"couldn't update ownership/permission for "
"command channel %s",
socktext);
}
}
#endif
*listenerp = listener;
}
@@ -1129,35 +1092,14 @@ add_listener(named_controls_t *cp, controllistener_t **listenerp,
pf = isc_sockaddr_pf(&listener->address);
if ((pf == AF_INET && isc_net_probeipv4() != ISC_R_SUCCESS) ||
(pf == AF_UNIX && isc_net_probeunix() != ISC_R_SUCCESS) ||
(pf == AF_INET6 && isc_net_probeipv6() != ISC_R_SUCCESS))
{
CHECK(ISC_R_FAMILYNOSUPPORT);
}
#if 0
/* XXX: no unix socket support yet */
if (type == isc_socktype_unix) {
isc_socket_cleanunix(&listener->address, false);
}
#endif
CHECK(isc_nm_listentcp(named_g_netmgr, ISC_NM_LISTEN_ONE,
&listener->address, control_newconn, listener, 5,
NULL, &listener->sock));
#if 0
/* XXX: no unix socket support yet */
if (type == isc_socktype_unix) {
listener->perm =
cfg_obj_asuint32(cfg_tuple_get(control, "perm"));
listener->owner =
cfg_obj_asuint32(cfg_tuple_get(control, "owner"));
listener->group =
cfg_obj_asuint32(cfg_tuple_get(control, "group"));
result = isc_socket_permunix(&listener->address, listener->perm,
listener->owner, listener->group);
}
#endif
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_CONTROL, ISC_LOG_NOTICE,
@@ -1214,8 +1156,19 @@ named_controls_configure(named_controls_t *cp, const cfg_obj_t *config,
{
const cfg_obj_t *controls = NULL;
const cfg_obj_t *inetcontrols = NULL;
const cfg_obj_t *unixcontrols = NULL;
controls = cfg_listelt_value(element);
(void)cfg_map_get(controls, "unix", &unixcontrols);
if (unixcontrols != NULL) {
cfg_obj_log(controls, named_g_lctx,
ISC_LOG_ERROR,
"UNIX domain sockets are not "
"supported");
return (ISC_R_FAILURE);
}
(void)cfg_map_get(controls, "inet", &inetcontrols);
if (inetcontrols == NULL) {
continue;
@@ -1231,8 +1184,8 @@ named_controls_configure(named_controls_t *cp, const cfg_obj_t *config,
/*
* The parser handles BIND 8 configuration file
* syntax, so it allows unix phrases as well
* inet phrases with no keys{} clause.
* syntax, so it allows inet phrases with no
* keys{} clause.
*/
control = cfg_listelt_value(element2);
@@ -1280,91 +1233,6 @@ named_controls_configure(named_controls_t *cp, const cfg_obj_t *config,
}
}
}
for (element = cfg_list_first(controlslist); element != NULL;
element = cfg_list_next(element))
{
const cfg_obj_t *controls = NULL;
const cfg_obj_t *unixcontrols = NULL;
controls = cfg_listelt_value(element);
(void)cfg_map_get(controls, "unix", &unixcontrols);
if (unixcontrols == NULL) {
continue;
}
cfg_obj_log(controls, named_g_lctx, ISC_LOG_ERROR,
"UNIX domain sockets not yet supported");
return (ISC_R_FAILURE);
#if 0
/* XXX: no unix domain socket support in netmgr */
for (element2 = cfg_list_first(unixcontrols);
element2 != NULL;
element2 = cfg_list_next(element2))
{
const cfg_obj_t *control = NULL;
const cfg_obj_t *path = NULL;
isc_sockaddr_t addr;
isc_result_t result;
/*
* The parser handles BIND 8 configuration file
* syntax, so it allows unix phrases as well
* inet phrases with no keys{} clause.
*/
control = cfg_listelt_value(element2);
path = cfg_tuple_get(control, "path");
result = isc_sockaddr_frompath(
&addr, cfg_obj_asstring(path));
if (result != ISC_R_SUCCESS) {
isc_log_write(
named_g_lctx,
NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_CONTROL,
ISC_LOG_DEBUG(9),
"control channel '%s': %s",
cfg_obj_asstring(path),
isc_result_totext(result));
continue;
}
isc_log_write(named_g_lctx,
NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_CONTROL,
ISC_LOG_DEBUG(9),
"processing control channel '%s'",
cfg_obj_asstring(path));
update_listener(cp, &listener, control, config,
&addr, aclconfctx,
cfg_obj_asstring(path),
isc_socktype_unix);
if (listener != NULL) {
/*
* Remove the listener from the old
* list, so it won't be shut down.
*/
ISC_LIST_UNLINK(cp->listeners, listener,
link);
} else {
/*
* This is a new listener.
*/
add_listener(cp, &listener, control,
config, &addr, aclconfctx,
cfg_obj_asstring(path),
isc_socktype_unix);
}
if (listener != NULL) {
ISC_LIST_APPEND(new_listeners, listener,
link);
}
}
#endif
}
} else {
int i;

40
bin/named/statschannel.c
View File

@@ -553,8 +553,6 @@ init_desc(void) {
SET_SOCKSTATDESC(udp6open, "UDP/IPv6 sockets opened", "UDP6Open");
SET_SOCKSTATDESC(tcp4open, "TCP/IPv4 sockets opened", "TCP4Open");
SET_SOCKSTATDESC(tcp6open, "TCP/IPv6 sockets opened", "TCP6Open");
SET_SOCKSTATDESC(unixopen, "Unix domain sockets opened", "UnixOpen");
SET_SOCKSTATDESC(rawopen, "Raw sockets opened", "RawOpen");
SET_SOCKSTATDESC(udp4openfail, "UDP/IPv4 socket open failures",
"UDP4OpenFail");
SET_SOCKSTATDESC(udp6openfail, "UDP/IPv6 socket open failures",
@@ -563,18 +561,10 @@ init_desc(void) {
"TCP4OpenFail");
SET_SOCKSTATDESC(tcp6openfail, "TCP/IPv6 socket open failures",
"TCP6OpenFail");
SET_SOCKSTATDESC(unixopenfail, "Unix domain socket open failures",
"UnixOpenFail");
SET_SOCKSTATDESC(rawopenfail, "Raw socket open failures",
"RawOpenFail");
SET_SOCKSTATDESC(udp4close, "UDP/IPv4 sockets closed", "UDP4Close");
SET_SOCKSTATDESC(udp6close, "UDP/IPv6 sockets closed", "UDP6Close");
SET_SOCKSTATDESC(tcp4close, "TCP/IPv4 sockets closed", "TCP4Close");
SET_SOCKSTATDESC(tcp6close, "TCP/IPv6 sockets closed", "TCP6Close");
SET_SOCKSTATDESC(unixclose, "Unix domain sockets closed", "UnixClose");
SET_SOCKSTATDESC(fdwatchclose, "FDwatch sockets closed",
"FDWatchClose");
SET_SOCKSTATDESC(rawclose, "Raw sockets closed", "RawClose");
SET_SOCKSTATDESC(udp4bindfail, "UDP/IPv4 socket bind failures",
"UDP4BindFail");
SET_SOCKSTATDESC(udp6bindfail, "UDP/IPv6 socket bind failures",
@@ -583,10 +573,6 @@ init_desc(void) {
"TCP4BindFail");
SET_SOCKSTATDESC(tcp6bindfail, "TCP/IPv6 socket bind failures",
"TCP6BindFail");
SET_SOCKSTATDESC(unixbindfail, "Unix domain socket bind failures",
"UnixBindFail");
SET_SOCKSTATDESC(fdwatchbindfail, "FDwatch socket bind failures",
"FdwatchBindFail");
SET_SOCKSTATDESC(udp4connectfail, "UDP/IPv4 socket connect failures",
"UDP4ConnFail");
SET_SOCKSTATDESC(udp6connectfail, "UDP/IPv6 socket connect failures",
@@ -595,10 +581,6 @@ init_desc(void) {
"TCP4ConnFail");
SET_SOCKSTATDESC(tcp6connectfail, "TCP/IPv6 socket connect failures",
"TCP6ConnFail");
SET_SOCKSTATDESC(unixconnectfail, "Unix domain socket connect failures",
"UnixConnFail");
SET_SOCKSTATDESC(fdwatchconnectfail, "FDwatch socket connect failures",
"FDwatchConnFail");
SET_SOCKSTATDESC(udp4connect, "UDP/IPv4 connections established",
"UDP4Conn");
SET_SOCKSTATDESC(udp6connect, "UDP/IPv6 connections established",
@@ -607,48 +589,26 @@ init_desc(void) {
"TCP4Conn");
SET_SOCKSTATDESC(tcp6connect, "TCP/IPv6 connections established",
"TCP6Conn");
SET_SOCKSTATDESC(unixconnect, "Unix domain connections established",
"UnixConn");
SET_SOCKSTATDESC(fdwatchconnect,
"FDwatch domain connections established",
"FDwatchConn");
SET_SOCKSTATDESC(tcp4acceptfail, "TCP/IPv4 connection accept failures",
"TCP4AcceptFail");
SET_SOCKSTATDESC(tcp6acceptfail, "TCP/IPv6 connection accept failures",
"TCP6AcceptFail");
SET_SOCKSTATDESC(unixacceptfail,
"Unix domain connection accept failures",
"UnixAcceptFail");
SET_SOCKSTATDESC(tcp4accept, "TCP/IPv4 connections accepted",
"TCP4Accept");
SET_SOCKSTATDESC(tcp6accept, "TCP/IPv6 connections accepted",
"TCP6Accept");
SET_SOCKSTATDESC(unixaccept, "Unix domain connections accepted",
"UnixAccept");
SET_SOCKSTATDESC(udp4sendfail, "UDP/IPv4 send errors", "UDP4SendErr");
SET_SOCKSTATDESC(udp6sendfail, "UDP/IPv6 send errors", "UDP6SendErr");
SET_SOCKSTATDESC(tcp4sendfail, "TCP/IPv4 send errors", "TCP4SendErr");
SET_SOCKSTATDESC(tcp6sendfail, "TCP/IPv6 send errors", "TCP6SendErr");
SET_SOCKSTATDESC(unixsendfail, "Unix domain send errors",
"UnixSendErr");
SET_SOCKSTATDESC(fdwatchsendfail, "FDwatch send errors",
"FDwatchSendErr");
SET_SOCKSTATDESC(udp4recvfail, "UDP/IPv4 recv errors", "UDP4RecvErr");
SET_SOCKSTATDESC(udp6recvfail, "UDP/IPv6 recv errors", "UDP6RecvErr");
SET_SOCKSTATDESC(tcp4recvfail, "TCP/IPv4 recv errors", "TCP4RecvErr");
SET_SOCKSTATDESC(tcp6recvfail, "TCP/IPv6 recv errors", "TCP6RecvErr");
SET_SOCKSTATDESC(unixrecvfail, "Unix domain recv errors",
"UnixRecvErr");
SET_SOCKSTATDESC(fdwatchrecvfail, "FDwatch recv errors",
"FDwatchRecvErr");
SET_SOCKSTATDESC(rawrecvfail, "Raw recv errors", "RawRecvErr");
SET_SOCKSTATDESC(udp4active, "UDP/IPv4 sockets active", "UDP4Active");
SET_SOCKSTATDESC(udp6active, "UDP/IPv6 sockets active", "UDP6Active");
SET_SOCKSTATDESC(tcp4active, "TCP/IPv4 sockets active", "TCP4Active");
SET_SOCKSTATDESC(tcp6active, "TCP/IPv6 sockets active", "TCP6Active");
SET_SOCKSTATDESC(unixactive, "Unix domain sockets active",
"UnixActive");
SET_SOCKSTATDESC(rawactive, "Raw sockets active", "RawActive");
INSIST(i == isc_sockstatscounter_max);
/* Initialize DNSSEC statistics */

22
bin/rndc/rndc.c
View File

@@ -260,18 +260,11 @@ get_addresses(const char *host, in_port_t port) {
REQUIRE(host != NULL);
if (*host == '/') {
result = isc_sockaddr_frompath(&serveraddrs[nserveraddrs],
host);
if (result == ISC_R_SUCCESS) {
nserveraddrs++;
}
} else {
count = SERVERADDRS - nserveraddrs;
result = isc_getaddresses(
host, port, &serveraddrs[nserveraddrs], count, &found);
nserveraddrs += found;
}
count = SERVERADDRS - nserveraddrs;
result = isc_getaddresses(host, port, &serveraddrs[nserveraddrs], count,
&found);
nserveraddrs += found;
if (result != ISC_R_SUCCESS) {
fatal("couldn't get address for '%s': %s", host,
isc_result_totext(result));
@@ -518,11 +511,6 @@ rndc_startconnect(isc_sockaddr_t *addr) {
case AF_INET6:
local = &local6;
break;
case AF_UNIX:
/*
* TODO: support UNIX domain sockets in netgmr.
*/
fatal("UNIX domain sockets not currently supported");
default:
UNREACHABLE();
}

16
bin/tests/system/checkconf/bad-unix-domain-socket.conf Normal file
View File

@@ -0,0 +1,16 @@
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
controls {
unix "/tmp/socket" perm 0700 owner 0 group 0;
};

22
doc/arm/reference.rst
View File

@@ -495,15 +495,10 @@ control channels are used by the :iscman:`rndc` utility to send commands to
and retrieve non-DNS results from a name server.
.. namedconf:statement:: unix
:tags: server
:tags: obsolete
:short: Specifies a Unix domain socket as a control channel.
A :any:`unix` control channel is a Unix domain socket listening at the
specified path in the file system. Access to the socket is specified by
the ``perm``, ``owner``, and ``group`` clauses. Note that on some platforms
(SunOS and Solaris), the permissions (``perm``) are applied to the parent
directory as the permissions on the socket itself are ignored.
This option has been removed and using it will cause a fatal error.
.. namedconf:statement:: inet
:tags: server
@@ -7937,17 +7932,16 @@ Socket I/O Statistics Counters
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
Socket I/O statistics counters are defined per socket type, which are
``UDP4`` (UDP/IPv4), ``UDP6`` (UDP/IPv6), ``TCP4`` (TCP/IPv4), ``TCP6``
(TCP/IPv6), ``Unix`` (Unix Domain), and ``FDwatch`` (sockets opened
outside the socket module). In the following list, ``<TYPE>`` represents
``UDP4`` (UDP/IPv4), ``UDP6`` (UDP/IPv6), ``TCP4`` (TCP/IPv4), and ``TCP6``
(TCP/IPv6). In the following list, ``<TYPE>`` represents
a socket type. Not all counters are available for all socket types;
exceptions are noted in the descriptions.
``<TYPE>Open``
This indicates the number of sockets opened successfully. This counter does not apply to the ``FDwatch`` type.
This indicates the number of sockets opened successfully.
``<TYPE>OpenFail``
This indicates the number of failures to open sockets. This counter does not apply to the ``FDwatch`` type.
This indicates the number of failures to open sockets.
``<TYPE>Close``
This indicates the number of closed sockets.
@@ -7962,10 +7956,10 @@ exceptions are noted in the descriptions.
This indicates the number of connections established successfully.
``<TYPE>AcceptFail``
This indicates the number of failures to accept incoming connection requests. This counter does not apply to the ``UDP`` and ``FDwatch`` types.
This indicates the number of failures to accept incoming connection requests. This counter does not apply to the ``UDP`` type.
``<TYPE>Accept``
This indicates the number of incoming connections successfully accepted. This counter does not apply to the ``UDP`` and ``FDwatch`` types.
This indicates the number of incoming connections successfully accepted. This counter does not apply to the ``UDP`` type.
``<TYPE>SendErr``
This indicates the number of errors in socket send operations.

7
doc/notes/notes-current.rst
View File

@@ -32,6 +32,13 @@ Removed Features
- None.
- Configuring control channel to use Unix Domain Socket has an fatal error since
BIND 9.18. Completely remove the feature and make ``named-checkconf`` also
report this as an error in the configuration. :gl:`#4311`
The support for control channel over Unix Domain Sockets has been
non-functional since BIND 9.18
Feature Changes
~~~~~~~~~~~~~~~

6
lib/isc/include/isc/net.h
View File

@@ -265,12 +265,6 @@ isc_net_enableipv4(void);
void
isc_net_enableipv6(void);
isc_result_t
isc_net_probeunix(void);
/*
* Returns whether UNIX domain sockets are supported.
*/
isc_result_t
isc_net_getudpportrange(int af, in_port_t *low, in_port_t *high);
/*%<

3
lib/isc/include/isc/netaddr.h
View File

@@ -110,9 +110,6 @@ isc_netaddr_fromin(isc_netaddr_t *netaddr, const struct in_addr *ina);
void
isc_netaddr_fromin6(isc_netaddr_t *netaddr, const struct in6_addr *ina6);
isc_result_t
isc_netaddr_frompath(isc_netaddr_t *netaddr, const char *path);
void
isc_netaddr_setzone(isc_netaddr_t *netaddr, uint32_t zone);

12
lib/isc/include/isc/sockaddr.h
View File

@@ -33,7 +33,6 @@ struct isc_sockaddr {
struct sockaddr_in sin;
struct sockaddr_in6 sin6;
struct sockaddr_storage ss;
struct sockaddr_un sunix;
} type;
unsigned int length; /* XXXRTH beginning? */
ISC_LINK(struct isc_sockaddr) link;
@@ -224,17 +223,6 @@ isc_sockaddr_isnetzero(const isc_sockaddr_t *sa);
* Returns true if the address is in net zero.
*/
isc_result_t
isc_sockaddr_frompath(isc_sockaddr_t *sockaddr, const char *path);
/*
* Create a UNIX domain sockaddr that refers to path.
*
* Returns:
* \li ISC_R_NOSPACE
* \li ISC_R_NOTIMPLEMENTED
* \li ISC_R_SUCCESS
*/
isc_result_t
isc_sockaddr_fromsockaddr(isc_sockaddr_t *isa, const struct sockaddr *sa);

103
lib/isc/include/isc/stats.h
View File

@@ -27,80 +27,57 @@ enum {
* Socket statistics counters.
*/
isc_sockstatscounter_udp4open = 0,
isc_sockstatscounter_udp6open = 1,
isc_sockstatscounter_tcp4open = 2,
isc_sockstatscounter_tcp6open = 3,
isc_sockstatscounter_unixopen = 4,
isc_sockstatscounter_udp6open,
isc_sockstatscounter_tcp4open,
isc_sockstatscounter_tcp6open,
isc_sockstatscounter_udp4openfail = 5,
isc_sockstatscounter_udp6openfail = 6,
isc_sockstatscounter_tcp4openfail = 7,
isc_sockstatscounter_tcp6openfail = 8,
isc_sockstatscounter_unixopenfail = 9,
isc_sockstatscounter_udp4openfail,
isc_sockstatscounter_udp6openfail,
isc_sockstatscounter_tcp4openfail,
isc_sockstatscounter_tcp6openfail,
isc_sockstatscounter_udp4close = 10,
isc_sockstatscounter_udp6close = 11,
isc_sockstatscounter_tcp4close = 12,
isc_sockstatscounter_tcp6close = 13,
isc_sockstatscounter_unixclose = 14,
isc_sockstatscounter_fdwatchclose = 15,
isc_sockstatscounter_udp4close,
isc_sockstatscounter_udp6close,
isc_sockstatscounter_tcp4close,
isc_sockstatscounter_tcp6close,
isc_sockstatscounter_udp4bindfail = 16,
isc_sockstatscounter_udp6bindfail = 17,
isc_sockstatscounter_tcp4bindfail = 18,
isc_sockstatscounter_tcp6bindfail = 19,
isc_sockstatscounter_unixbindfail = 20,
isc_sockstatscounter_fdwatchbindfail = 21,
isc_sockstatscounter_udp4bindfail,
isc_sockstatscounter_udp6bindfail,
isc_sockstatscounter_tcp4bindfail,
isc_sockstatscounter_tcp6bindfail,
isc_sockstatscounter_udp4connect = 22,
isc_sockstatscounter_udp6connect = 23,
isc_sockstatscounter_tcp4connect = 24,
isc_sockstatscounter_tcp6connect = 25,
isc_sockstatscounter_unixconnect = 26,
isc_sockstatscounter_fdwatchconnect = 27,
isc_sockstatscounter_udp4connect,
isc_sockstatscounter_udp6connect,
isc_sockstatscounter_tcp4connect,
isc_sockstatscounter_tcp6connect,
isc_sockstatscounter_udp4connectfail = 28,
isc_sockstatscounter_udp6connectfail = 29,
isc_sockstatscounter_tcp4connectfail = 30,
isc_sockstatscounter_tcp6connectfail = 31,
isc_sockstatscounter_unixconnectfail = 32,
isc_sockstatscounter_fdwatchconnectfail = 33,
isc_sockstatscounter_udp4connectfail,
isc_sockstatscounter_udp6connectfail,
isc_sockstatscounter_tcp4connectfail,
isc_sockstatscounter_tcp6connectfail,
isc_sockstatscounter_tcp4accept = 34,
isc_sockstatscounter_tcp6accept = 35,
isc_sockstatscounter_unixaccept = 36,
isc_sockstatscounter_tcp4accept,
isc_sockstatscounter_tcp6accept,
isc_sockstatscounter_tcp4acceptfail = 37,
isc_sockstatscounter_tcp6acceptfail = 38,
isc_sockstatscounter_unixacceptfail = 39,
isc_sockstatscounter_tcp4acceptfail,
isc_sockstatscounter_tcp6acceptfail,
isc_sockstatscounter_udp4sendfail = 40,
isc_sockstatscounter_udp6sendfail = 41,
isc_sockstatscounter_tcp4sendfail = 42,
isc_sockstatscounter_tcp6sendfail = 43,
isc_sockstatscounter_unixsendfail = 44,
isc_sockstatscounter_fdwatchsendfail = 45,
isc_sockstatscounter_udp4sendfail,
isc_sockstatscounter_udp6sendfail,
isc_sockstatscounter_tcp4sendfail,
isc_sockstatscounter_tcp6sendfail,
isc_sockstatscounter_udp4recvfail = 46,
isc_sockstatscounter_udp6recvfail = 47,
isc_sockstatscounter_tcp4recvfail = 48,
isc_sockstatscounter_tcp6recvfail = 49,
isc_sockstatscounter_unixrecvfail = 50,
isc_sockstatscounter_fdwatchrecvfail = 51,
isc_sockstatscounter_udp4recvfail,
isc_sockstatscounter_udp6recvfail,
isc_sockstatscounter_tcp4recvfail,
isc_sockstatscounter_tcp6recvfail,
isc_sockstatscounter_udp4active = 52,
isc_sockstatscounter_udp6active = 53,
isc_sockstatscounter_tcp4active = 54,
isc_sockstatscounter_tcp6active = 55,
isc_sockstatscounter_unixactive = 56,
isc_sockstatscounter_udp4active,
isc_sockstatscounter_udp6active,
isc_sockstatscounter_tcp4active,
isc_sockstatscounter_tcp6active,
isc_sockstatscounter_rawopen = 57,
isc_sockstatscounter_rawopenfail = 58,
isc_sockstatscounter_rawclose = 59,
isc_sockstatscounter_rawrecvfail = 60,
isc_sockstatscounter_rawactive = 61,
isc_sockstatscounter_max = 62
isc_sockstatscounter_max,
};
ISC_LANG_BEGINDECLS

8
lib/isc/net.c
View File

@@ -112,7 +112,6 @@ static isc_once_t once = ISC_ONCE_INIT;
static isc_result_t ipv4_result = ISC_R_NOTFOUND;
static isc_result_t ipv6_result = ISC_R_NOTFOUND;
static isc_result_t unix_result = ISC_R_NOTFOUND;
static isc_result_t ipv6only_result = ISC_R_NOTFOUND;
static isc_result_t ipv6pktinfo_result = ISC_R_NOTFOUND;
@@ -188,7 +187,6 @@ static void
initialize_action(void) {
ipv4_result = try_proto(PF_INET);
ipv6_result = try_proto(PF_INET6);
unix_result = try_proto(PF_UNIX);
}
static void
@@ -208,12 +206,6 @@ isc_net_probeipv6(void) {
return (ipv6_result);
}
isc_result_t
isc_net_probeunix(void) {
initialize();
return (unix_result);
}
static void
try_ipv6only(void) {
#ifdef IPV6_V6ONLY

31
lib/isc/netaddr.c
View File

@@ -50,11 +50,6 @@ isc_netaddr_equal(const isc_netaddr_t *a, const isc_netaddr_t *b) {
return (false);
}
break;
case AF_UNIX:
if (strcmp(a->type.un, b->type.un) != 0) {
return (false);
}
break;
default:
return (false);
}
@@ -141,15 +136,6 @@ isc_netaddr_totext(const isc_netaddr_t *netaddr, isc_buffer_t *target) {
case AF_INET6:
type = &netaddr->type.in6;
break;
case AF_UNIX:
alen = strlen(netaddr->type.un);
if (alen > isc_buffer_availablelength(target)) {
return (ISC_R_NOSPACE);
}
isc_buffer_putmem(target,
(const unsigned char *)(netaddr->type.un),
alen);
return (ISC_R_SUCCESS);
default:
return (ISC_R_FAILURE);
}
@@ -308,19 +294,6 @@ isc_netaddr_fromin6(isc_netaddr_t *netaddr, const struct in6_addr *ina6) {
netaddr->type.in6 = *ina6;
}
isc_result_t
isc_netaddr_frompath(isc_netaddr_t *netaddr, const char *path) {
if (strlen(path) > sizeof(netaddr->type.un) - 1) {
return (ISC_R_NOSPACE);
}
memset(netaddr, 0, sizeof(*netaddr));
netaddr->family = AF_UNIX;
strlcpy(netaddr->type.un, path, sizeof(netaddr->type.un));
netaddr->zone = 0;
return (ISC_R_SUCCESS);
}
void
isc_netaddr_setzone(isc_netaddr_t *netaddr, uint32_t zone) {
/* we currently only support AF_INET6. */
@@ -347,10 +320,6 @@ isc_netaddr_fromsockaddr(isc_netaddr_t *t, const isc_sockaddr_t *s) {
memmove(&t->type.in6, &s->type.sin6.sin6_addr, 16);
t->zone = s->type.sin6.sin6_scope_id;
break;
case AF_UNIX:
memmove(t->type.un, s->type.sunix.sun_path, sizeof(t->type.un));
t->zone = 0;
break;
default:
UNREACHABLE();
}

17
lib/isc/netmgr/netmgr.c
View File

@@ -97,23 +97,6 @@ static const isc_statscounter_t tcp6statsindex[] = {
isc_sockstatscounter_tcp6active
};
#if 0
/* XXX: not currently used */
static const isc_statscounter_t unixstatsindex[] = {
isc_sockstatscounter_unixopen,
isc_sockstatscounter_unixopenfail,
isc_sockstatscounter_unixclose,
isc_sockstatscounter_unixbindfail,
isc_sockstatscounter_unixconnectfail,
isc_sockstatscounter_unixconnect,
isc_sockstatscounter_unixacceptfail,
isc_sockstatscounter_unixaccept,
isc_sockstatscounter_unixsendfail,
isc_sockstatscounter_unixrecvfail,
isc_sockstatscounter_unixactive
};
#endif /* if 0 */
static void
nmsocket_maybe_destroy(isc_nmsocket_t *sock FLARG);
static void

35
lib/isc/sockaddr.c
View File

@@ -136,25 +136,6 @@ isc_sockaddr_totext(const isc_sockaddr_t *sockaddr, isc_buffer_t *target) {
snprintf(pbuf, sizeof(pbuf), "%u",
ntohs(sockaddr->type.sin6.sin6_port));
break;
case AF_UNIX:
plen = strlen(sockaddr->type.sunix.sun_path);
if (plen >= isc_buffer_availablelength(target)) {
return (ISC_R_NOSPACE);
}
isc_buffer_putmem(
target,
(const unsigned char *)sockaddr->type.sunix.sun_path,
plen);
/*
* Null terminate after used region.
*/
isc_buffer_availableregion(target, &avail);
INSIST(avail.length >= 1);
avail.base[0] = '\0';
return (ISC_R_SUCCESS);
default:
return (ISC_R_FAILURE);
}
@@ -460,19 +441,6 @@ isc_sockaddr_isnetzero(const isc_sockaddr_t *sockaddr) {
return (false);
}
isc_result_t
isc_sockaddr_frompath(isc_sockaddr_t *sockaddr, const char *path) {
if (strlen(path) >= sizeof(sockaddr->type.sunix.sun_path)) {
return (ISC_R_NOSPACE);
}
memset(sockaddr, 0, sizeof(*sockaddr));
sockaddr->length = sizeof(sockaddr->type.sunix);
sockaddr->type.sunix.sun_family = AF_UNIX;
strlcpy(sockaddr->type.sunix.sun_path, path,
sizeof(sockaddr->type.sunix.sun_path));
return (ISC_R_SUCCESS);
}
isc_result_t
isc_sockaddr_fromsockaddr(isc_sockaddr_t *isa, const struct sockaddr *sa) {
unsigned int length = 0;
@@ -484,9 +452,6 @@ isc_sockaddr_fromsockaddr(isc_sockaddr_t *isa, const struct sockaddr *sa) {
case AF_INET6:
length = sizeof(isa->type.sin6);
break;
case AF_UNIX:
length = sizeof(isa->type.sunix);
break;
default:
return (ISC_R_NOTIMPLEMENTED);
}

41
lib/isccfg/check.c
View File

@@ -5638,10 +5638,7 @@ check_controls(const cfg_obj_t *config, isc_log_t *logctx, isc_mem_t *mctx) {
const cfg_obj_t *unixcontrols;
const cfg_obj_t *keylist = NULL;
const char *path;
uint32_t perm, mask;
dns_acl_t *acl = NULL;
isc_sockaddr_t addr;
int i;
(void)cfg_map_get(config, "controls", &controlslist);
if (controlslist == NULL) {
@@ -5654,7 +5651,7 @@ check_controls(const cfg_obj_t *config, isc_log_t *logctx, isc_mem_t *mctx) {
/*
* INET: Check allow clause.
* UNIX: Check "perm" for sanity, check path length.
* UNIX: Not supported.
*/
for (element = cfg_list_first(controlslist); element != NULL;
element = cfg_list_next(element))
@@ -5687,39 +5684,9 @@ check_controls(const cfg_obj_t *config, isc_log_t *logctx, isc_mem_t *mctx) {
{
control = cfg_listelt_value(element2);
path = cfg_obj_asstring(cfg_tuple_get(control, "path"));
tresult = isc_sockaddr_frompath(&addr, path);
if (tresult == ISC_R_NOSPACE) {
cfg_obj_log(control, logctx, ISC_LOG_ERROR,
"unix control '%s': path too long",
path);
result = ISC_R_NOSPACE;
}
perm = cfg_obj_asuint32(cfg_tuple_get(control, "perm"));
for (i = 0; i < 3; i++) {
#ifdef NEED_SECURE_DIRECTORY
mask = (0x1 << (i * 3)); /* SEARCH */
#else /* ifdef NEED_SECURE_DIRECTORY */
mask = (0x6 << (i * 3)); /* READ + WRITE */
#endif /* ifdef NEED_SECURE_DIRECTORY */
if ((perm & mask) == mask) {
break;
}
}
if (i == 0) {
cfg_obj_log(control, logctx, ISC_LOG_WARNING,
"unix control '%s' allows access "
"to everyone",
path);
} else if (i == 3) {
cfg_obj_log(control, logctx, ISC_LOG_WARNING,
"unix control '%s' allows access "
"to nobody",
path);
}
tresult = check_controlskeys(control, keylist, logctx);
if (tresult != ISC_R_SUCCESS) {
result = tresult;
}
cfg_obj_log(control, logctx, ISC_LOG_ERROR,
"unix control '%s': not supported", path);
result = ISC_R_FAMILYNOSUPPORT;
}
}
cfg_aclconfctx_detach(&actx);