From f8dfdef682c54f61cacebfb31260f3d6ba4ea54a Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Tue, 27 Jan 2004 02:13:22 +0000 Subject: [PATCH] 1564. [func] Attempt to provide a fallback entropy source to be used if named is running chrooted and named is unable to open entropy source within the chroot area. [RT #10133] --- CHANGES | 5 +++++ bin/named/include/named/globals.h | 4 +++- bin/named/main.c | 28 +++++++++++++++++++++++++++- bin/named/server.c | 19 ++++++++++++++++++- 4 files changed, 53 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index 6c1e6082a9..0c0d386889 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,8 @@ +1564. [func] Attempt to provide a fallback entropy source to be + used if named is running chrooted and named is unable + to open entropy source within the chroot area. + [RT #10133] + 1563. [bug] Gracefully fail when unable to obtain neither an IPv4 nor an IPv6 dispatch. [RT #10230] diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h index 567ae9c66a..4d5be9467d 100644 --- a/bin/named/include/named/globals.h +++ b/bin/named/include/named/globals.h @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: globals.h,v 1.62 2003/07/25 02:22:23 marka Exp $ */ +/* $Id: globals.h,v 1.63 2004/01/27 02:13:22 marka Exp $ */ #ifndef NAMED_GLOBALS_H #define NAMED_GLOBALS_H 1 @@ -45,6 +45,8 @@ EXTERN unsigned int ns_g_cpus INIT(0); EXTERN isc_taskmgr_t * ns_g_taskmgr INIT(NULL); EXTERN dns_dispatchmgr_t * ns_g_dispatchmgr INIT(NULL); EXTERN isc_entropy_t * ns_g_entropy INIT(NULL); +EXTERN isc_entropy_t * ns_g_fallbackentropy INIT(NULL); + /* * XXXRTH We're going to want multiple timer managers eventually. One * for really short timers, another for client timers, and one diff --git a/bin/named/main.c b/bin/named/main.c index c63b0d681c..c2aaa908a5 100644 --- a/bin/named/main.c +++ b/bin/named/main.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: main.c,v 1.133 2004/01/07 06:17:04 marka Exp $ */ +/* $Id: main.c,v 1.134 2004/01/27 02:13:22 marka Exp $ */ #include @@ -511,6 +511,9 @@ destroy_managers(void) { ns_lwresd_shutdown(); isc_entropy_detach(&ns_g_entropy); + if (ns_g_fallbackentropy != NULL) + isc_entropy_detach(&ns_g_fallbackentropy); + /* * isc_taskmgr_destroy() will block until all tasks have exited, */ @@ -544,6 +547,29 @@ setup(void) { ns_os_opendevnull(); +#ifdef PATH_RANDOMDEV + /* + * Initialize system's random device as fallback entropy source + * if running chroot'ed. + */ + if (ns_g_chrootdir != NULL) { + result = isc_entropy_create(ns_g_mctx, &ns_g_fallbackentropy); + if (result != ISC_R_SUCCESS) + ns_main_earlyfatal("isc_entropy_create() failed: %s", + isc_result_totext(result)); + + result = isc_entropy_createfilesource(ns_g_fallbackentropy, + PATH_RANDOMDEV); + if (result != ISC_R_SUCCESS) { + ns_main_earlywarning("could not open pre-chroot " + "entropy source %s: %s", + PATH_RANDOMDEV, + isc_result_totext(result)); + isc_entropy_detach(&ns_g_fallbackentropy); + } + } +#endif + ns_os_chroot(ns_g_chrootdir); /* diff --git a/bin/named/server.c b/bin/named/server.c index f625a1120a..ebb1076eec 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: server.c,v 1.410 2004/01/27 01:19:41 marka Exp $ */ +/* $Id: server.c,v 1.411 2004/01/27 02:13:22 marka Exp $ */ #include @@ -2358,6 +2358,23 @@ load_configuration(const char *filename, ns_server_t *server, "%s: %s", randomdev, isc_result_totext(result)); +#ifdef PATH_RANDOMDEV + if (ns_g_fallbackentropy != NULL) { + if (result != ISC_R_SUCCESS) { + isc_log_write(ns_g_lctx, + NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, + ISC_LOG_INFO, + "using pre-chroot entropy source " + "%s", + PATH_RANDOMDEV); + isc_entropy_detach(&ns_g_entropy); + isc_entropy_attach(ns_g_fallbackentropy, + &ns_g_entropy); + } + isc_entropy_detach(&ns_g_fallbackentropy); + } +#endif } }