diff --git a/CHANGES b/CHANGES index 6666cc80f6..7ae6f8538b 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +6253. [cleanup] Remove the support for control channel over Unix + Domain Sockets. [GL #4311] + 6252. [test] Python system tests have to be executed by invoking pytest directly. Executing them with the legacy test runner is no longer supported. [GL #4250] diff --git a/bin/named/controlconf.c b/bin/named/controlconf.c index 57783d19af..a84af436fe 100644 --- a/bin/named/controlconf.c +++ b/bin/named/controlconf.c @@ -215,12 +215,7 @@ shutdown_listener(controllistener_t *listener) { isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, NAMED_LOGMODULE_CONTROL, ISC_LOG_NOTICE, "stopping command channel on %s", socktext); -#if 0 - /* XXX: no unix domain socket support */ - if (listener->type == isc_socktype_unix) { - isc_socket_cleanunix(&listener->address, true); - } -#endif + listener->exiting = true; } @@ -237,11 +232,6 @@ address_ok(isc_sockaddr_t *sockaddr, controllistener_t *listener) { isc_result_t result; int match; - /* ACL doesn't apply to unix domain sockets */ - if (listener->type != isc_socktype_tcp) { - return (true); - } - isc_netaddr_fromsockaddr(&netaddr, sockaddr); result = dns_acl_match(&netaddr, NULL, listener->acl, env, &match, @@ -1031,33 +1021,6 @@ update_listener(named_controls_t *cp, controllistener_t **listenerp, socktext, isc_result_totext(result)); } -#if 0 - /* XXX: no unix socket support yet */ - if (result == ISC_R_SUCCESS && type == isc_socktype_unix) { - uint32_t perm, owner, group; - perm = cfg_obj_asuint32(cfg_tuple_get(control, "perm")); - owner = cfg_obj_asuint32(cfg_tuple_get(control, "owner")); - group = cfg_obj_asuint32(cfg_tuple_get(control, "group")); - result = ISC_R_SUCCESS; - if (listener->perm != perm || listener->owner != owner || - listener->group != group) - { - result = isc_socket_permunix(&listener->address, perm, - owner, group); - } - if (result == ISC_R_SUCCESS) { - listener->perm = perm; - listener->owner = owner; - listener->group = group; - } else if (control != NULL) { - cfg_obj_log(control, named_g_lctx, ISC_LOG_WARNING, - "couldn't update ownership/permission for " - "command channel %s", - socktext); - } - } -#endif - *listenerp = listener; } @@ -1129,35 +1092,14 @@ add_listener(named_controls_t *cp, controllistener_t **listenerp, pf = isc_sockaddr_pf(&listener->address); if ((pf == AF_INET && isc_net_probeipv4() != ISC_R_SUCCESS) || - (pf == AF_UNIX && isc_net_probeunix() != ISC_R_SUCCESS) || (pf == AF_INET6 && isc_net_probeipv6() != ISC_R_SUCCESS)) { CHECK(ISC_R_FAMILYNOSUPPORT); } -#if 0 - /* XXX: no unix socket support yet */ - if (type == isc_socktype_unix) { - isc_socket_cleanunix(&listener->address, false); - } -#endif - CHECK(isc_nm_listentcp(named_g_netmgr, ISC_NM_LISTEN_ONE, &listener->address, control_newconn, listener, 5, NULL, &listener->sock)); -#if 0 - /* XXX: no unix socket support yet */ - if (type == isc_socktype_unix) { - listener->perm = - cfg_obj_asuint32(cfg_tuple_get(control, "perm")); - listener->owner = - cfg_obj_asuint32(cfg_tuple_get(control, "owner")); - listener->group = - cfg_obj_asuint32(cfg_tuple_get(control, "group")); - result = isc_socket_permunix(&listener->address, listener->perm, - listener->owner, listener->group); - } -#endif isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, NAMED_LOGMODULE_CONTROL, ISC_LOG_NOTICE, @@ -1214,8 +1156,19 @@ named_controls_configure(named_controls_t *cp, const cfg_obj_t *config, { const cfg_obj_t *controls = NULL; const cfg_obj_t *inetcontrols = NULL; + const cfg_obj_t *unixcontrols = NULL; controls = cfg_listelt_value(element); + + (void)cfg_map_get(controls, "unix", &unixcontrols); + if (unixcontrols != NULL) { + cfg_obj_log(controls, named_g_lctx, + ISC_LOG_ERROR, + "UNIX domain sockets are not " + "supported"); + return (ISC_R_FAILURE); + } + (void)cfg_map_get(controls, "inet", &inetcontrols); if (inetcontrols == NULL) { continue; @@ -1231,8 +1184,8 @@ named_controls_configure(named_controls_t *cp, const cfg_obj_t *config, /* * The parser handles BIND 8 configuration file - * syntax, so it allows unix phrases as well - * inet phrases with no keys{} clause. + * syntax, so it allows inet phrases with no + * keys{} clause. */ control = cfg_listelt_value(element2); @@ -1280,91 +1233,6 @@ named_controls_configure(named_controls_t *cp, const cfg_obj_t *config, } } } - for (element = cfg_list_first(controlslist); element != NULL; - element = cfg_list_next(element)) - { - const cfg_obj_t *controls = NULL; - const cfg_obj_t *unixcontrols = NULL; - - controls = cfg_listelt_value(element); - (void)cfg_map_get(controls, "unix", &unixcontrols); - if (unixcontrols == NULL) { - continue; - } - - cfg_obj_log(controls, named_g_lctx, ISC_LOG_ERROR, - "UNIX domain sockets not yet supported"); - return (ISC_R_FAILURE); - -#if 0 - /* XXX: no unix domain socket support in netmgr */ - for (element2 = cfg_list_first(unixcontrols); - element2 != NULL; - element2 = cfg_list_next(element2)) - { - const cfg_obj_t *control = NULL; - const cfg_obj_t *path = NULL; - isc_sockaddr_t addr; - isc_result_t result; - - /* - * The parser handles BIND 8 configuration file - * syntax, so it allows unix phrases as well - * inet phrases with no keys{} clause. - */ - control = cfg_listelt_value(element2); - - path = cfg_tuple_get(control, "path"); - result = isc_sockaddr_frompath( - &addr, cfg_obj_asstring(path)); - if (result != ISC_R_SUCCESS) { - isc_log_write( - named_g_lctx, - NAMED_LOGCATEGORY_GENERAL, - NAMED_LOGMODULE_CONTROL, - ISC_LOG_DEBUG(9), - "control channel '%s': %s", - cfg_obj_asstring(path), - isc_result_totext(result)); - continue; - } - - isc_log_write(named_g_lctx, - NAMED_LOGCATEGORY_GENERAL, - NAMED_LOGMODULE_CONTROL, - ISC_LOG_DEBUG(9), - "processing control channel '%s'", - cfg_obj_asstring(path)); - - update_listener(cp, &listener, control, config, - &addr, aclconfctx, - cfg_obj_asstring(path), - isc_socktype_unix); - - if (listener != NULL) { - /* - * Remove the listener from the old - * list, so it won't be shut down. - */ - ISC_LIST_UNLINK(cp->listeners, listener, - link); - } else { - /* - * This is a new listener. - */ - add_listener(cp, &listener, control, - config, &addr, aclconfctx, - cfg_obj_asstring(path), - isc_socktype_unix); - } - - if (listener != NULL) { - ISC_LIST_APPEND(new_listeners, listener, - link); - } - } -#endif - } } else { int i; diff --git a/bin/named/statschannel.c b/bin/named/statschannel.c index 349bec0eef..7edb92e2e6 100644 --- a/bin/named/statschannel.c +++ b/bin/named/statschannel.c @@ -553,8 +553,6 @@ init_desc(void) { SET_SOCKSTATDESC(udp6open, "UDP/IPv6 sockets opened", "UDP6Open"); SET_SOCKSTATDESC(tcp4open, "TCP/IPv4 sockets opened", "TCP4Open"); SET_SOCKSTATDESC(tcp6open, "TCP/IPv6 sockets opened", "TCP6Open"); - SET_SOCKSTATDESC(unixopen, "Unix domain sockets opened", "UnixOpen"); - SET_SOCKSTATDESC(rawopen, "Raw sockets opened", "RawOpen"); SET_SOCKSTATDESC(udp4openfail, "UDP/IPv4 socket open failures", "UDP4OpenFail"); SET_SOCKSTATDESC(udp6openfail, "UDP/IPv6 socket open failures", @@ -563,18 +561,10 @@ init_desc(void) { "TCP4OpenFail"); SET_SOCKSTATDESC(tcp6openfail, "TCP/IPv6 socket open failures", "TCP6OpenFail"); - SET_SOCKSTATDESC(unixopenfail, "Unix domain socket open failures", - "UnixOpenFail"); - SET_SOCKSTATDESC(rawopenfail, "Raw socket open failures", - "RawOpenFail"); SET_SOCKSTATDESC(udp4close, "UDP/IPv4 sockets closed", "UDP4Close"); SET_SOCKSTATDESC(udp6close, "UDP/IPv6 sockets closed", "UDP6Close"); SET_SOCKSTATDESC(tcp4close, "TCP/IPv4 sockets closed", "TCP4Close"); SET_SOCKSTATDESC(tcp6close, "TCP/IPv6 sockets closed", "TCP6Close"); - SET_SOCKSTATDESC(unixclose, "Unix domain sockets closed", "UnixClose"); - SET_SOCKSTATDESC(fdwatchclose, "FDwatch sockets closed", - "FDWatchClose"); - SET_SOCKSTATDESC(rawclose, "Raw sockets closed", "RawClose"); SET_SOCKSTATDESC(udp4bindfail, "UDP/IPv4 socket bind failures", "UDP4BindFail"); SET_SOCKSTATDESC(udp6bindfail, "UDP/IPv6 socket bind failures", @@ -583,10 +573,6 @@ init_desc(void) { "TCP4BindFail"); SET_SOCKSTATDESC(tcp6bindfail, "TCP/IPv6 socket bind failures", "TCP6BindFail"); - SET_SOCKSTATDESC(unixbindfail, "Unix domain socket bind failures", - "UnixBindFail"); - SET_SOCKSTATDESC(fdwatchbindfail, "FDwatch socket bind failures", - "FdwatchBindFail"); SET_SOCKSTATDESC(udp4connectfail, "UDP/IPv4 socket connect failures", "UDP4ConnFail"); SET_SOCKSTATDESC(udp6connectfail, "UDP/IPv6 socket connect failures", @@ -595,10 +581,6 @@ init_desc(void) { "TCP4ConnFail"); SET_SOCKSTATDESC(tcp6connectfail, "TCP/IPv6 socket connect failures", "TCP6ConnFail"); - SET_SOCKSTATDESC(unixconnectfail, "Unix domain socket connect failures", - "UnixConnFail"); - SET_SOCKSTATDESC(fdwatchconnectfail, "FDwatch socket connect failures", - "FDwatchConnFail"); SET_SOCKSTATDESC(udp4connect, "UDP/IPv4 connections established", "UDP4Conn"); SET_SOCKSTATDESC(udp6connect, "UDP/IPv6 connections established", @@ -607,48 +589,26 @@ init_desc(void) { "TCP4Conn"); SET_SOCKSTATDESC(tcp6connect, "TCP/IPv6 connections established", "TCP6Conn"); - SET_SOCKSTATDESC(unixconnect, "Unix domain connections established", - "UnixConn"); - SET_SOCKSTATDESC(fdwatchconnect, - "FDwatch domain connections established", - "FDwatchConn"); SET_SOCKSTATDESC(tcp4acceptfail, "TCP/IPv4 connection accept failures", "TCP4AcceptFail"); SET_SOCKSTATDESC(tcp6acceptfail, "TCP/IPv6 connection accept failures", "TCP6AcceptFail"); - SET_SOCKSTATDESC(unixacceptfail, - "Unix domain connection accept failures", - "UnixAcceptFail"); SET_SOCKSTATDESC(tcp4accept, "TCP/IPv4 connections accepted", "TCP4Accept"); SET_SOCKSTATDESC(tcp6accept, "TCP/IPv6 connections accepted", "TCP6Accept"); - SET_SOCKSTATDESC(unixaccept, "Unix domain connections accepted", - "UnixAccept"); SET_SOCKSTATDESC(udp4sendfail, "UDP/IPv4 send errors", "UDP4SendErr"); SET_SOCKSTATDESC(udp6sendfail, "UDP/IPv6 send errors", "UDP6SendErr"); SET_SOCKSTATDESC(tcp4sendfail, "TCP/IPv4 send errors", "TCP4SendErr"); SET_SOCKSTATDESC(tcp6sendfail, "TCP/IPv6 send errors", "TCP6SendErr"); - SET_SOCKSTATDESC(unixsendfail, "Unix domain send errors", - "UnixSendErr"); - SET_SOCKSTATDESC(fdwatchsendfail, "FDwatch send errors", - "FDwatchSendErr"); SET_SOCKSTATDESC(udp4recvfail, "UDP/IPv4 recv errors", "UDP4RecvErr"); SET_SOCKSTATDESC(udp6recvfail, "UDP/IPv6 recv errors", "UDP6RecvErr"); SET_SOCKSTATDESC(tcp4recvfail, "TCP/IPv4 recv errors", "TCP4RecvErr"); SET_SOCKSTATDESC(tcp6recvfail, "TCP/IPv6 recv errors", "TCP6RecvErr"); - SET_SOCKSTATDESC(unixrecvfail, "Unix domain recv errors", - "UnixRecvErr"); - SET_SOCKSTATDESC(fdwatchrecvfail, "FDwatch recv errors", - "FDwatchRecvErr"); - SET_SOCKSTATDESC(rawrecvfail, "Raw recv errors", "RawRecvErr"); SET_SOCKSTATDESC(udp4active, "UDP/IPv4 sockets active", "UDP4Active"); SET_SOCKSTATDESC(udp6active, "UDP/IPv6 sockets active", "UDP6Active"); SET_SOCKSTATDESC(tcp4active, "TCP/IPv4 sockets active", "TCP4Active"); SET_SOCKSTATDESC(tcp6active, "TCP/IPv6 sockets active", "TCP6Active"); - SET_SOCKSTATDESC(unixactive, "Unix domain sockets active", - "UnixActive"); - SET_SOCKSTATDESC(rawactive, "Raw sockets active", "RawActive"); INSIST(i == isc_sockstatscounter_max); /* Initialize DNSSEC statistics */ diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c index 6e8261c784..e129fe8434 100644 --- a/bin/rndc/rndc.c +++ b/bin/rndc/rndc.c @@ -260,18 +260,11 @@ get_addresses(const char *host, in_port_t port) { REQUIRE(host != NULL); - if (*host == '/') { - result = isc_sockaddr_frompath(&serveraddrs[nserveraddrs], - host); - if (result == ISC_R_SUCCESS) { - nserveraddrs++; - } - } else { - count = SERVERADDRS - nserveraddrs; - result = isc_getaddresses( - host, port, &serveraddrs[nserveraddrs], count, &found); - nserveraddrs += found; - } + count = SERVERADDRS - nserveraddrs; + result = isc_getaddresses(host, port, &serveraddrs[nserveraddrs], count, + &found); + nserveraddrs += found; + if (result != ISC_R_SUCCESS) { fatal("couldn't get address for '%s': %s", host, isc_result_totext(result)); @@ -518,11 +511,6 @@ rndc_startconnect(isc_sockaddr_t *addr) { case AF_INET6: local = &local6; break; - case AF_UNIX: - /* - * TODO: support UNIX domain sockets in netgmr. - */ - fatal("UNIX domain sockets not currently supported"); default: UNREACHABLE(); } diff --git a/bin/tests/system/checkconf/bad-unix-domain-socket.conf b/bin/tests/system/checkconf/bad-unix-domain-socket.conf new file mode 100644 index 0000000000..53daa54b01 --- /dev/null +++ b/bin/tests/system/checkconf/bad-unix-domain-socket.conf @@ -0,0 +1,16 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +controls { + unix "/tmp/socket" perm 0700 owner 0 group 0; +}; diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst index 2654563b00..c26dbb6dde 100644 --- a/doc/arm/reference.rst +++ b/doc/arm/reference.rst @@ -495,15 +495,10 @@ control channels are used by the :iscman:`rndc` utility to send commands to and retrieve non-DNS results from a name server. .. namedconf:statement:: unix - :tags: server + :tags: obsolete :short: Specifies a Unix domain socket as a control channel. - A :any:`unix` control channel is a Unix domain socket listening at the - specified path in the file system. Access to the socket is specified by - the ``perm``, ``owner``, and ``group`` clauses. Note that on some platforms - (SunOS and Solaris), the permissions (``perm``) are applied to the parent - directory as the permissions on the socket itself are ignored. - + This option has been removed and using it will cause a fatal error. .. namedconf:statement:: inet :tags: server @@ -7937,17 +7932,16 @@ Socket I/O Statistics Counters ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ Socket I/O statistics counters are defined per socket type, which are -``UDP4`` (UDP/IPv4), ``UDP6`` (UDP/IPv6), ``TCP4`` (TCP/IPv4), ``TCP6`` -(TCP/IPv6), ``Unix`` (Unix Domain), and ``FDwatch`` (sockets opened -outside the socket module). In the following list, ```` represents +``UDP4`` (UDP/IPv4), ``UDP6`` (UDP/IPv6), ``TCP4`` (TCP/IPv4), and ``TCP6`` +(TCP/IPv6). In the following list, ```` represents a socket type. Not all counters are available for all socket types; exceptions are noted in the descriptions. ``Open`` - This indicates the number of sockets opened successfully. This counter does not apply to the ``FDwatch`` type. + This indicates the number of sockets opened successfully. ``OpenFail`` - This indicates the number of failures to open sockets. This counter does not apply to the ``FDwatch`` type. + This indicates the number of failures to open sockets. ``Close`` This indicates the number of closed sockets. @@ -7962,10 +7956,10 @@ exceptions are noted in the descriptions. This indicates the number of connections established successfully. ``AcceptFail`` - This indicates the number of failures to accept incoming connection requests. This counter does not apply to the ``UDP`` and ``FDwatch`` types. + This indicates the number of failures to accept incoming connection requests. This counter does not apply to the ``UDP`` type. ``Accept`` - This indicates the number of incoming connections successfully accepted. This counter does not apply to the ``UDP`` and ``FDwatch`` types. + This indicates the number of incoming connections successfully accepted. This counter does not apply to the ``UDP`` type. ``SendErr`` This indicates the number of errors in socket send operations. diff --git a/doc/notes/notes-current.rst b/doc/notes/notes-current.rst index c5d9990f0f..0cfdcb2f3f 100644 --- a/doc/notes/notes-current.rst +++ b/doc/notes/notes-current.rst @@ -32,6 +32,13 @@ Removed Features - None. +- Configuring control channel to use Unix Domain Socket has an fatal error since + BIND 9.18. Completely remove the feature and make ``named-checkconf`` also + report this as an error in the configuration. :gl:`#4311` + + The support for control channel over Unix Domain Sockets has been + non-functional since BIND 9.18 + Feature Changes ~~~~~~~~~~~~~~~ diff --git a/lib/isc/include/isc/net.h b/lib/isc/include/isc/net.h index 320c5f682d..a50bcde583 100644 --- a/lib/isc/include/isc/net.h +++ b/lib/isc/include/isc/net.h @@ -265,12 +265,6 @@ isc_net_enableipv4(void); void isc_net_enableipv6(void); -isc_result_t -isc_net_probeunix(void); -/* - * Returns whether UNIX domain sockets are supported. - */ - isc_result_t isc_net_getudpportrange(int af, in_port_t *low, in_port_t *high); /*%< diff --git a/lib/isc/include/isc/netaddr.h b/lib/isc/include/isc/netaddr.h index e2d0613ed6..a2d4be0edb 100644 --- a/lib/isc/include/isc/netaddr.h +++ b/lib/isc/include/isc/netaddr.h @@ -110,9 +110,6 @@ isc_netaddr_fromin(isc_netaddr_t *netaddr, const struct in_addr *ina); void isc_netaddr_fromin6(isc_netaddr_t *netaddr, const struct in6_addr *ina6); -isc_result_t -isc_netaddr_frompath(isc_netaddr_t *netaddr, const char *path); - void isc_netaddr_setzone(isc_netaddr_t *netaddr, uint32_t zone); diff --git a/lib/isc/include/isc/sockaddr.h b/lib/isc/include/isc/sockaddr.h index 0e6452e614..9523865c5a 100644 --- a/lib/isc/include/isc/sockaddr.h +++ b/lib/isc/include/isc/sockaddr.h @@ -33,7 +33,6 @@ struct isc_sockaddr { struct sockaddr_in sin; struct sockaddr_in6 sin6; struct sockaddr_storage ss; - struct sockaddr_un sunix; } type; unsigned int length; /* XXXRTH beginning? */ ISC_LINK(struct isc_sockaddr) link; @@ -224,17 +223,6 @@ isc_sockaddr_isnetzero(const isc_sockaddr_t *sa); * Returns true if the address is in net zero. */ -isc_result_t -isc_sockaddr_frompath(isc_sockaddr_t *sockaddr, const char *path); -/* - * Create a UNIX domain sockaddr that refers to path. - * - * Returns: - * \li ISC_R_NOSPACE - * \li ISC_R_NOTIMPLEMENTED - * \li ISC_R_SUCCESS - */ - isc_result_t isc_sockaddr_fromsockaddr(isc_sockaddr_t *isa, const struct sockaddr *sa); diff --git a/lib/isc/include/isc/stats.h b/lib/isc/include/isc/stats.h index 37d65e5f92..3cc60b0644 100644 --- a/lib/isc/include/isc/stats.h +++ b/lib/isc/include/isc/stats.h @@ -27,80 +27,57 @@ enum { * Socket statistics counters. */ isc_sockstatscounter_udp4open = 0, - isc_sockstatscounter_udp6open = 1, - isc_sockstatscounter_tcp4open = 2, - isc_sockstatscounter_tcp6open = 3, - isc_sockstatscounter_unixopen = 4, + isc_sockstatscounter_udp6open, + isc_sockstatscounter_tcp4open, + isc_sockstatscounter_tcp6open, - isc_sockstatscounter_udp4openfail = 5, - isc_sockstatscounter_udp6openfail = 6, - isc_sockstatscounter_tcp4openfail = 7, - isc_sockstatscounter_tcp6openfail = 8, - isc_sockstatscounter_unixopenfail = 9, + isc_sockstatscounter_udp4openfail, + isc_sockstatscounter_udp6openfail, + isc_sockstatscounter_tcp4openfail, + isc_sockstatscounter_tcp6openfail, - isc_sockstatscounter_udp4close = 10, - isc_sockstatscounter_udp6close = 11, - isc_sockstatscounter_tcp4close = 12, - isc_sockstatscounter_tcp6close = 13, - isc_sockstatscounter_unixclose = 14, - isc_sockstatscounter_fdwatchclose = 15, + isc_sockstatscounter_udp4close, + isc_sockstatscounter_udp6close, + isc_sockstatscounter_tcp4close, + isc_sockstatscounter_tcp6close, - isc_sockstatscounter_udp4bindfail = 16, - isc_sockstatscounter_udp6bindfail = 17, - isc_sockstatscounter_tcp4bindfail = 18, - isc_sockstatscounter_tcp6bindfail = 19, - isc_sockstatscounter_unixbindfail = 20, - isc_sockstatscounter_fdwatchbindfail = 21, + isc_sockstatscounter_udp4bindfail, + isc_sockstatscounter_udp6bindfail, + isc_sockstatscounter_tcp4bindfail, + isc_sockstatscounter_tcp6bindfail, - isc_sockstatscounter_udp4connect = 22, - isc_sockstatscounter_udp6connect = 23, - isc_sockstatscounter_tcp4connect = 24, - isc_sockstatscounter_tcp6connect = 25, - isc_sockstatscounter_unixconnect = 26, - isc_sockstatscounter_fdwatchconnect = 27, + isc_sockstatscounter_udp4connect, + isc_sockstatscounter_udp6connect, + isc_sockstatscounter_tcp4connect, + isc_sockstatscounter_tcp6connect, - isc_sockstatscounter_udp4connectfail = 28, - isc_sockstatscounter_udp6connectfail = 29, - isc_sockstatscounter_tcp4connectfail = 30, - isc_sockstatscounter_tcp6connectfail = 31, - isc_sockstatscounter_unixconnectfail = 32, - isc_sockstatscounter_fdwatchconnectfail = 33, + isc_sockstatscounter_udp4connectfail, + isc_sockstatscounter_udp6connectfail, + isc_sockstatscounter_tcp4connectfail, + isc_sockstatscounter_tcp6connectfail, - isc_sockstatscounter_tcp4accept = 34, - isc_sockstatscounter_tcp6accept = 35, - isc_sockstatscounter_unixaccept = 36, + isc_sockstatscounter_tcp4accept, + isc_sockstatscounter_tcp6accept, - isc_sockstatscounter_tcp4acceptfail = 37, - isc_sockstatscounter_tcp6acceptfail = 38, - isc_sockstatscounter_unixacceptfail = 39, + isc_sockstatscounter_tcp4acceptfail, + isc_sockstatscounter_tcp6acceptfail, - isc_sockstatscounter_udp4sendfail = 40, - isc_sockstatscounter_udp6sendfail = 41, - isc_sockstatscounter_tcp4sendfail = 42, - isc_sockstatscounter_tcp6sendfail = 43, - isc_sockstatscounter_unixsendfail = 44, - isc_sockstatscounter_fdwatchsendfail = 45, + isc_sockstatscounter_udp4sendfail, + isc_sockstatscounter_udp6sendfail, + isc_sockstatscounter_tcp4sendfail, + isc_sockstatscounter_tcp6sendfail, - isc_sockstatscounter_udp4recvfail = 46, - isc_sockstatscounter_udp6recvfail = 47, - isc_sockstatscounter_tcp4recvfail = 48, - isc_sockstatscounter_tcp6recvfail = 49, - isc_sockstatscounter_unixrecvfail = 50, - isc_sockstatscounter_fdwatchrecvfail = 51, + isc_sockstatscounter_udp4recvfail, + isc_sockstatscounter_udp6recvfail, + isc_sockstatscounter_tcp4recvfail, + isc_sockstatscounter_tcp6recvfail, - isc_sockstatscounter_udp4active = 52, - isc_sockstatscounter_udp6active = 53, - isc_sockstatscounter_tcp4active = 54, - isc_sockstatscounter_tcp6active = 55, - isc_sockstatscounter_unixactive = 56, + isc_sockstatscounter_udp4active, + isc_sockstatscounter_udp6active, + isc_sockstatscounter_tcp4active, + isc_sockstatscounter_tcp6active, - isc_sockstatscounter_rawopen = 57, - isc_sockstatscounter_rawopenfail = 58, - isc_sockstatscounter_rawclose = 59, - isc_sockstatscounter_rawrecvfail = 60, - isc_sockstatscounter_rawactive = 61, - - isc_sockstatscounter_max = 62 + isc_sockstatscounter_max, }; ISC_LANG_BEGINDECLS diff --git a/lib/isc/net.c b/lib/isc/net.c index 507fdf5dbb..038d2aa772 100644 --- a/lib/isc/net.c +++ b/lib/isc/net.c @@ -112,7 +112,6 @@ static isc_once_t once = ISC_ONCE_INIT; static isc_result_t ipv4_result = ISC_R_NOTFOUND; static isc_result_t ipv6_result = ISC_R_NOTFOUND; -static isc_result_t unix_result = ISC_R_NOTFOUND; static isc_result_t ipv6only_result = ISC_R_NOTFOUND; static isc_result_t ipv6pktinfo_result = ISC_R_NOTFOUND; @@ -188,7 +187,6 @@ static void initialize_action(void) { ipv4_result = try_proto(PF_INET); ipv6_result = try_proto(PF_INET6); - unix_result = try_proto(PF_UNIX); } static void @@ -208,12 +206,6 @@ isc_net_probeipv6(void) { return (ipv6_result); } -isc_result_t -isc_net_probeunix(void) { - initialize(); - return (unix_result); -} - static void try_ipv6only(void) { #ifdef IPV6_V6ONLY diff --git a/lib/isc/netaddr.c b/lib/isc/netaddr.c index 29d5e6834b..762be21c1e 100644 --- a/lib/isc/netaddr.c +++ b/lib/isc/netaddr.c @@ -50,11 +50,6 @@ isc_netaddr_equal(const isc_netaddr_t *a, const isc_netaddr_t *b) { return (false); } break; - case AF_UNIX: - if (strcmp(a->type.un, b->type.un) != 0) { - return (false); - } - break; default: return (false); } @@ -141,15 +136,6 @@ isc_netaddr_totext(const isc_netaddr_t *netaddr, isc_buffer_t *target) { case AF_INET6: type = &netaddr->type.in6; break; - case AF_UNIX: - alen = strlen(netaddr->type.un); - if (alen > isc_buffer_availablelength(target)) { - return (ISC_R_NOSPACE); - } - isc_buffer_putmem(target, - (const unsigned char *)(netaddr->type.un), - alen); - return (ISC_R_SUCCESS); default: return (ISC_R_FAILURE); } @@ -308,19 +294,6 @@ isc_netaddr_fromin6(isc_netaddr_t *netaddr, const struct in6_addr *ina6) { netaddr->type.in6 = *ina6; } -isc_result_t -isc_netaddr_frompath(isc_netaddr_t *netaddr, const char *path) { - if (strlen(path) > sizeof(netaddr->type.un) - 1) { - return (ISC_R_NOSPACE); - } - - memset(netaddr, 0, sizeof(*netaddr)); - netaddr->family = AF_UNIX; - strlcpy(netaddr->type.un, path, sizeof(netaddr->type.un)); - netaddr->zone = 0; - return (ISC_R_SUCCESS); -} - void isc_netaddr_setzone(isc_netaddr_t *netaddr, uint32_t zone) { /* we currently only support AF_INET6. */ @@ -347,10 +320,6 @@ isc_netaddr_fromsockaddr(isc_netaddr_t *t, const isc_sockaddr_t *s) { memmove(&t->type.in6, &s->type.sin6.sin6_addr, 16); t->zone = s->type.sin6.sin6_scope_id; break; - case AF_UNIX: - memmove(t->type.un, s->type.sunix.sun_path, sizeof(t->type.un)); - t->zone = 0; - break; default: UNREACHABLE(); } diff --git a/lib/isc/netmgr/netmgr.c b/lib/isc/netmgr/netmgr.c index e9a682df45..de49192474 100644 --- a/lib/isc/netmgr/netmgr.c +++ b/lib/isc/netmgr/netmgr.c @@ -97,23 +97,6 @@ static const isc_statscounter_t tcp6statsindex[] = { isc_sockstatscounter_tcp6active }; -#if 0 -/* XXX: not currently used */ -static const isc_statscounter_t unixstatsindex[] = { - isc_sockstatscounter_unixopen, - isc_sockstatscounter_unixopenfail, - isc_sockstatscounter_unixclose, - isc_sockstatscounter_unixbindfail, - isc_sockstatscounter_unixconnectfail, - isc_sockstatscounter_unixconnect, - isc_sockstatscounter_unixacceptfail, - isc_sockstatscounter_unixaccept, - isc_sockstatscounter_unixsendfail, - isc_sockstatscounter_unixrecvfail, - isc_sockstatscounter_unixactive -}; -#endif /* if 0 */ - static void nmsocket_maybe_destroy(isc_nmsocket_t *sock FLARG); static void diff --git a/lib/isc/sockaddr.c b/lib/isc/sockaddr.c index 512f08bdee..765e73e566 100644 --- a/lib/isc/sockaddr.c +++ b/lib/isc/sockaddr.c @@ -136,25 +136,6 @@ isc_sockaddr_totext(const isc_sockaddr_t *sockaddr, isc_buffer_t *target) { snprintf(pbuf, sizeof(pbuf), "%u", ntohs(sockaddr->type.sin6.sin6_port)); break; - case AF_UNIX: - plen = strlen(sockaddr->type.sunix.sun_path); - if (plen >= isc_buffer_availablelength(target)) { - return (ISC_R_NOSPACE); - } - - isc_buffer_putmem( - target, - (const unsigned char *)sockaddr->type.sunix.sun_path, - plen); - - /* - * Null terminate after used region. - */ - isc_buffer_availableregion(target, &avail); - INSIST(avail.length >= 1); - avail.base[0] = '\0'; - - return (ISC_R_SUCCESS); default: return (ISC_R_FAILURE); } @@ -460,19 +441,6 @@ isc_sockaddr_isnetzero(const isc_sockaddr_t *sockaddr) { return (false); } -isc_result_t -isc_sockaddr_frompath(isc_sockaddr_t *sockaddr, const char *path) { - if (strlen(path) >= sizeof(sockaddr->type.sunix.sun_path)) { - return (ISC_R_NOSPACE); - } - memset(sockaddr, 0, sizeof(*sockaddr)); - sockaddr->length = sizeof(sockaddr->type.sunix); - sockaddr->type.sunix.sun_family = AF_UNIX; - strlcpy(sockaddr->type.sunix.sun_path, path, - sizeof(sockaddr->type.sunix.sun_path)); - return (ISC_R_SUCCESS); -} - isc_result_t isc_sockaddr_fromsockaddr(isc_sockaddr_t *isa, const struct sockaddr *sa) { unsigned int length = 0; @@ -484,9 +452,6 @@ isc_sockaddr_fromsockaddr(isc_sockaddr_t *isa, const struct sockaddr *sa) { case AF_INET6: length = sizeof(isa->type.sin6); break; - case AF_UNIX: - length = sizeof(isa->type.sunix); - break; default: return (ISC_R_NOTIMPLEMENTED); } diff --git a/lib/isccfg/check.c b/lib/isccfg/check.c index 96720174ec..2575999adb 100644 --- a/lib/isccfg/check.c +++ b/lib/isccfg/check.c @@ -5638,10 +5638,7 @@ check_controls(const cfg_obj_t *config, isc_log_t *logctx, isc_mem_t *mctx) { const cfg_obj_t *unixcontrols; const cfg_obj_t *keylist = NULL; const char *path; - uint32_t perm, mask; dns_acl_t *acl = NULL; - isc_sockaddr_t addr; - int i; (void)cfg_map_get(config, "controls", &controlslist); if (controlslist == NULL) { @@ -5654,7 +5651,7 @@ check_controls(const cfg_obj_t *config, isc_log_t *logctx, isc_mem_t *mctx) { /* * INET: Check allow clause. - * UNIX: Check "perm" for sanity, check path length. + * UNIX: Not supported. */ for (element = cfg_list_first(controlslist); element != NULL; element = cfg_list_next(element)) @@ -5687,39 +5684,9 @@ check_controls(const cfg_obj_t *config, isc_log_t *logctx, isc_mem_t *mctx) { { control = cfg_listelt_value(element2); path = cfg_obj_asstring(cfg_tuple_get(control, "path")); - tresult = isc_sockaddr_frompath(&addr, path); - if (tresult == ISC_R_NOSPACE) { - cfg_obj_log(control, logctx, ISC_LOG_ERROR, - "unix control '%s': path too long", - path); - result = ISC_R_NOSPACE; - } - perm = cfg_obj_asuint32(cfg_tuple_get(control, "perm")); - for (i = 0; i < 3; i++) { -#ifdef NEED_SECURE_DIRECTORY - mask = (0x1 << (i * 3)); /* SEARCH */ -#else /* ifdef NEED_SECURE_DIRECTORY */ - mask = (0x6 << (i * 3)); /* READ + WRITE */ -#endif /* ifdef NEED_SECURE_DIRECTORY */ - if ((perm & mask) == mask) { - break; - } - } - if (i == 0) { - cfg_obj_log(control, logctx, ISC_LOG_WARNING, - "unix control '%s' allows access " - "to everyone", - path); - } else if (i == 3) { - cfg_obj_log(control, logctx, ISC_LOG_WARNING, - "unix control '%s' allows access " - "to nobody", - path); - } - tresult = check_controlskeys(control, keylist, logctx); - if (tresult != ISC_R_SUCCESS) { - result = tresult; - } + cfg_obj_log(control, logctx, ISC_LOG_ERROR, + "unix control '%s': not supported", path); + result = ISC_R_FAMILYNOSUPPORT; } } cfg_aclconfctx_detach(&actx);