Commit ac430136 authored by Witold Krecicki's avatar Witold Krecicki

Merge branch '525-cleanup-platform-h-for-stuff-not-exposed-to-the-headers' into 'master'

Resolve "Cleanup platform.h for stuff not exposed to the headers"

Closes #525

See merge request isc-projects/bind9!756
parents 3949450f 68e01779
5031. [cleanup] Various defines in platform.h has been either dropped
if always or never triggered on supported platforms
or replaced with config.h equivalents if the defines
didn't have any impact on public headers. Workarounds
for LinuxThreads have been removed because NPTL is
available since Linux kernel 2.6.0. [GL #525]
5030. [bug] Align CMSG buffers to a 64-bit boundary, fixes crash
on architectures with strict alignment. [GL #521]
......
......@@ -66,3 +66,4 @@ These are platforms on which BIND is known *not* to build or run:
* Windows Server 2012 and older
* Platforms that don't support IPv6 Advanced Socket API (RFC 3542)
* Platforms that don't support atomic operations (via compiler or library)
* Linux without NPTL (Native POSIX Thread Library)
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
/*! \file */
/***
*** This file is not to be included by any public header files, because
*** it does not get installed.
***/
@TOP@
/** define if your system needs pthread_init() before using pthreads */
#undef NEED_PTHREAD_INIT
/** define if your system has sigwait() */
#undef HAVE_SIGWAIT
/** define if sigwait() is the UnixWare flavor */
#undef HAVE_UNIXWARE_SIGWAIT
/** define if LinuxThreads is in use */
#undef HAVE_LINUXTHREADS
/** define if sysconf() is available */
#undef HAVE_SYSCONF
/** define if sysctlbyname() is available */
#undef HAVE_SYSCTLBYNAME
/** define if catgets() is available */
#undef HAVE_CATGETS
/** define if getifaddrs() exists */
#undef HAVE_GETIFADDRS
/** define if you have the NET_RT_IFLIST sysctl variable and sys/sysctl.h */
#undef HAVE_IFLIST_SYSCTL
/** define if tzset() is available */
#undef HAVE_TZSET
/**
* define if pthread_setconcurrency() should be called to tell the
* OS how many threads we might want to run.
*/
#undef CALL_PTHREAD_SETCONCURRENCY
/** define if flockfile() is available */
#undef HAVE_FLOCKFILE
/** define if getc_unlocked() is available */
#undef HAVE_GETCUNLOCKED
/** define if the system has a random number generating device */
#undef PATH_RANDOMDEV
/** define if pthread_attr_getstacksize() is available */
#undef HAVE_PTHREAD_ATTR_GETSTACKSIZE
/** define if pthread_attr_setstacksize() is available */
#undef HAVE_PTHREAD_ATTR_SETSTACKSIZE
/** define if you have strerror in the C library. */
#undef HAVE_STRERROR
/* Define to the length type used by the socket API (socklen_t, size_t, int). */
#undef ISC_SOCKADDR_LEN_T
/* Define if threads need PTHREAD_SCOPE_SYSTEM */
#undef NEED_PTHREAD_SCOPE_SYSTEM
/* Define to 1 if you have the uname library function. */
#undef HAVE_UNAME
......@@ -59,54 +59,6 @@ static int singletonfd = -1;
#define ISC_FACILITY LOG_DAEMON
#endif
/*
* If there's no <sys/capability.h>, we don't care about <sys/prctl.h>
*/
#ifndef HAVE_SYS_CAPABILITY_H
#undef HAVE_SYS_PRCTL_H
#endif
/*
* Linux defines:
* (T) HAVE_LINUXTHREADS
* (C) HAVE_SYS_CAPABILITY_H
* (P) HAVE_SYS_PRCTL_H
* The possible cases are:
* none: setuid() normally
* T: no setuid()
* C: setuid() normally, drop caps (keep CAP_SETUID)
* T+C: no setuid(), drop caps (don't keep CAP_SETUID)
* T+C+P: setuid() early, drop caps (keep CAP_SETUID)
* C+P: setuid() normally, drop caps (keep CAP_SETUID)
* P: not possible
* T+P: not possible
*
* if (C)
* caps = BIND_SERVICE + CHROOT + SETGID
* if ((T && C && P) || !T)
* caps += SETUID
* endif
* capset(caps)
* endif
* if (T && C && P && -u)
* setuid()
* else if (T && -u)
* fail
* --> start threads
* if (!T && -u)
* setuid()
* if (C && (P || !-u))
* caps = BIND_SERVICE
* capset(caps)
* endif
*
* It will be nice when Linux threads work properly with setuid().
*/
#ifdef HAVE_LINUXTHREADS
static pid_t mainpid = 0;
#endif
static struct passwd *runas_pw = NULL;
static bool done_setuid = false;
static int dfd[2] = { -1, -1 };
......@@ -117,10 +69,7 @@ static bool non_root = false;
static bool non_root_caps = false;
#include <sys/capability.h>
#ifdef HAVE_SYS_PRCTL_H
#include <sys/prctl.h> /* Required for prctl(). */
#endif /* HAVE_SYS_PRCTL_H */
#include <sys/prctl.h>
static void
linux_setcaps(cap_t caps) {
......@@ -201,15 +150,11 @@ linux_initialprivs(void) {
*/
SET_CAP(CAP_SYS_CHROOT);
#if defined(HAVE_SYS_PRCTL_H) || !defined(HAVE_LINUXTHREADS)
/*
* We can setuid() only if either the kernel supports keeping
* capabilities after setuid() (which we don't know until we've
* tried) or we're not using threads. If either of these is
* true, we want the setuid capability.
* We need setuid() as the kernel supports keeping capabilities after
* setuid().
*/
SET_CAP(CAP_SETUID);
#endif
/*
* Since we call initgroups, we need this.
......@@ -275,7 +220,6 @@ linux_minprivs(void) {
FREE_CAP;
}
#ifdef HAVE_SYS_PRCTL_H
static void
linux_keepcaps(void) {
char strbuf[ISC_STRERRORSIZE];
......@@ -295,11 +239,9 @@ linux_keepcaps(void) {
non_root = true;
}
}
#endif
#endif /* HAVE_SYS_CAPABILITY_H */
static void
setup_syslog(const char *progname) {
int options;
......@@ -317,9 +259,6 @@ named_os_init(const char *progname) {
#ifdef HAVE_SYS_CAPABILITY_H
linux_initialprivs();
#endif
#ifdef HAVE_LINUXTHREADS
mainpid = getpid();
#endif
#ifdef SIGXFSZ
signal(SIGXFSZ, SIG_IGN);
#endif
......@@ -362,10 +301,6 @@ named_os_daemonize(void) {
* We're the child.
*/
#ifdef HAVE_LINUXTHREADS
mainpid = getpid();
#endif
if (setsid() == -1) {
strerror_r(errno, strbuf, sizeof(strbuf));
named_main_earlyfatal("setsid(): %s", strbuf);
......@@ -499,20 +434,6 @@ named_os_changeuser(void) {
done_setuid = true;
#ifdef HAVE_LINUXTHREADS
#ifdef HAVE_SYS_CAPABILITY_H
if (!non_root_caps) {
named_main_earlyfatal("-u with Linux threads not supported: "
"requires kernel support for "
"prctl(PR_SET_KEEPCAPS)");
}
#else
named_main_earlyfatal("-u with Linux threads not supported: "
"no capabilities support or capabilities "
"disabled at build time");
#endif
#endif
if (setgid(runas_pw->pw_gid) < 0) {
strerror_r(errno, strbuf, sizeof(strbuf));
named_main_earlyfatal("setgid(): %s", strbuf);
......@@ -523,7 +444,7 @@ named_os_changeuser(void) {
named_main_earlyfatal("setuid(): %s", strbuf);
}
#if defined(HAVE_SYS_PRCTL_H) && defined(PR_SET_DUMPABLE)
#if defined(HAVE_SYS_CAPABILITY_H)
/*
* Restore the ability of named to drop core after the setuid()
* call has disabled it.
......@@ -533,8 +454,7 @@ named_os_changeuser(void) {
named_main_earlywarning("prctl(PR_SET_DUMPABLE) failed: %s",
strbuf);
}
#endif
#if defined(HAVE_SYS_CAPABILITY_H) && !defined(HAVE_LINUXTHREADS)
linux_minprivs();
#endif
}
......@@ -548,7 +468,7 @@ ns_os_uid(void) {
void
named_os_adjustnofile(void) {
#ifdef HAVE_LINUXTHREADS
#if defined(__linux__)
isc_result_t result;
isc_resourcevalue_t newvalue;
......@@ -566,15 +486,8 @@ named_os_adjustnofile(void) {
void
named_os_minprivs(void) {
#ifdef HAVE_SYS_PRCTL_H
#if defined(HAVE_SYS_CAPABILITY_H)
linux_keepcaps();
#endif
#ifdef HAVE_LINUXTHREADS
named_os_changeuser(); /* Call setuid() before threads are started */
#endif
#if defined(HAVE_SYS_CAPABILITY_H) && defined(HAVE_LINUXTHREADS)
linux_minprivs();
#endif
}
......@@ -759,21 +672,16 @@ named_os_openfile(const char *filename, mode_t mode, bool switch_user) {
free(f);
if (switch_user && runas_pw != NULL) {
#ifndef HAVE_LINUXTHREADS
gid_t oldgid = getgid();
#endif
/* Set UID/GID to the one we'll be running with eventually */
setperms(runas_pw->pw_uid, runas_pw->pw_gid);
fd = safe_open(filename, mode, false);
#ifndef HAVE_LINUXTHREADS
/* Restore UID/GID to root */
setperms(0, oldgid);
#endif /* HAVE_LINUXTHREADS */
if (fd == -1) {
#ifndef HAVE_LINUXTHREADS
fd = safe_open(filename, mode, false);
if (fd != -1) {
named_main_earlywarning("Required root "
......@@ -786,13 +694,6 @@ named_os_openfile(const char *filename, mode_t mode, bool switch_user) {
named_main_earlywarning("Please check file and "
"directory permissions "
"or reconfigure the filename.");
#else /* HAVE_LINUXTHREADS */
named_main_earlywarning("Could not open "
"'%s'.", filename);
named_main_earlywarning("Please check file and "
"directory permissions "
"or reconfigure the filename.");
#endif /* HAVE_LINUXTHREADS */
}
} else {
fd = safe_open(filename, mode, false);
......@@ -846,11 +747,7 @@ named_os_writepidfile(const char *filename, bool first_time) {
cleanup_pidfile();
return;
}
#ifdef HAVE_LINUXTHREADS
pid = mainpid;
#else
pid = getpid();
#endif
if (fprintf(fh, "%ld\n", (long)pid) < 0) {
(*report)("fprintf() to pid file '%s' failed", filename);
(void)fclose(fh);
......@@ -956,11 +853,7 @@ named_os_shutdownmsg(char *command, isc_buffer_t *text) {
return;
}
#ifdef HAVE_LINUXTHREADS
pid = mainpid;
#else
pid = getpid();
#endif
(void)isc_buffer_printf(text, "pid: %ld", (long)pid);
}
......
......@@ -12,6 +12,7 @@
#include <config.h>
#include <sys/param.h>
#include <sys/select.h>
#include <sys/types.h>
#include <sys/time.h>
......@@ -35,10 +36,6 @@
#include <dns/result.h>
#include <dns/zone.h>
#ifdef ISC_PLATFORM_NEEDSYSSELECTH
#include <sys/select.h>
#endif
static int debug = 0;
static int quiet = 0;
static int stats = 0;
......
......@@ -148,7 +148,6 @@ PYTHON=@PYTHON@
#
# Determine if we support various optional features.
#
CHECK_DSA=@CHECK_DSA@
HAVEXMLSTATS=@XMLSTATS@
HAVEJSONSTATS=@JSONSTATS@
ZLIB=@ZLIB@
......
......@@ -147,7 +147,6 @@ PYTHON=@PYTHON@
#
# Determine if we support various optional features.
#
CHECK_DSA=@CHECK_DSA@
HAVEXMLSTATS=@XMLSTATS@
HAVEJSONSTATS=@JSONSTATS@
ZLIB=@ZLIB@
......
......@@ -175,7 +175,7 @@ main(int argc, char **argv) {
int s;
int n = -1;
int v6only = -1;
ISC_SOCKADDR_LEN_T len = sizeof(v6only);
socklen_t len = sizeof(v6only);
s = socket(AF_INET6, SOCK_DGRAM, IPPROTO_UDP);
if (s >= 0) {
......
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
if [ "@CHECK_DSA@" -eq 0 ]; then
exit 1
fi
if [ ! -r /dev/random -o ! -r /dev/urandom ]; then
exit 1
fi
exit 0
......@@ -135,22 +135,6 @@ rm -f K${zone}.+*+*.private
for alg in ECDSAP256SHA256 NSEC3RSASHA1 DSA
do
case $alg in
DSA)
$SHELL ../checkdsa.sh 2> /dev/null || continue
checkfile=../checkdsa
touch $checkfile ;;
ECDSAP256SHA256)
fail=0
$KEYGEN -q -a ecdsap256sha256 test > /dev/null 2>&1 || fail=1
rm -f Ktest*
[ $fail != 0 ] && continue
$SHELL ../checkdsa.sh 2> /dev/null || continue
checkfile=../checkecdsa
touch $checkfile ;;
*) ;;
esac
k1=`$KEYGEN -q -a $alg -b 1024 -n zone -f KSK $zone`
k2=`$KEYGEN -q -a $alg -b 1024 -n zone $zone`
k3=`$KEYGEN -q -a $alg -b 1024 -n zone $zone`
......@@ -161,9 +145,9 @@ do
rm -f $k1.private
mv $k1.key a-file
$IMPORTKEY -P now -D now+3600 -f a-file $zone > /dev/null 2>&1 ||
( echo "importkey failed: $alg"; rm -f $checkfile )
( echo "importkey failed: $alg" )
rm -f $k2.private
mv $k2.key a-file
$IMPORTKEY -f a-file $zone > /dev/null 2>&1 ||
( echo "importkey failed: $alg"; rm -f $checkfile )
( echo "importkey failed: $alg" )
done
/* config.h.in. Generated from configure.in by autoheader. */
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
/*! \file */
/***
*** This file is not to be included by any public header files, because
*** it does not get installed.
***/
/** define if your system needs pthread_init() before using pthreads */
#undef NEED_PTHREAD_INIT
/** define if your system has sigwait() */
#undef HAVE_SIGWAIT
/** define if sigwait() is the UnixWare flavor */
#undef HAVE_UNIXWARE_SIGWAIT
/** define if LinuxThreads is in use */
#undef HAVE_LINUXTHREADS
/** define if sysconf() is available */
#undef HAVE_SYSCONF
/** define if sysctlbyname() is available */
#undef HAVE_SYSCTLBYNAME
/** define if catgets() is available */
#undef HAVE_CATGETS
/** define if getifaddrs() exists */
#undef HAVE_GETIFADDRS
/** define if you have the NET_RT_IFLIST sysctl variable and sys/sysctl.h */
#undef HAVE_IFLIST_SYSCTL
/** define if tzset() is available */
#undef HAVE_TZSET
/**
* define if pthread_setconcurrency() should be called to tell the
* OS how many threads we might want to run.
*/
#undef CALL_PTHREAD_SETCONCURRENCY
/** define if flockfile() is available */
#undef HAVE_FLOCKFILE
/** define if getc_unlocked() is available */
#undef HAVE_GETCUNLOCKED
/** define if the system has a random number generating device */
#undef PATH_RANDOMDEV
/** define if pthread_attr_getstacksize() is available */
#undef HAVE_PTHREAD_ATTR_GETSTACKSIZE
/** define if pthread_attr_setstacksize() is available */
#undef HAVE_PTHREAD_ATTR_SETSTACKSIZE
/** define if you have strerror in the C library. */
#undef HAVE_STRERROR
/* Define to the length type used by the socket API (socklen_t, size_t, int). */
#undef ISC_SOCKADDR_LEN_T
/* Define if threads need PTHREAD_SCOPE_SYSTEM */
#undef NEED_PTHREAD_SCOPE_SYSTEM
/* Define to 1 if you have the uname library function. */
#undef HAVE_UNAME
/* Define if building universal (internal helper macro) */
#undef AC_APPLE_UNIVERSAL_BUILD
......@@ -110,6 +30,9 @@
/* Define to enable rpz nsip rules. */
#undef ENABLE_RPZ_NSIP
/* define if you want TCP_FASTOPEN enabled if available */
#undef ENABLE_TCP_FASTOPEN
/* Solaris hack to get select_large_fdset. */
#undef FD_SETSIZE
......@@ -137,6 +60,9 @@
/* Define to 1 if the compiler supports __builtin_expect. */
#undef HAVE_BUILTIN_EXPECT
/* Define to 1 if you have the `catgets' function. */
#undef HAVE_CATGETS
/* Define to 1 if you have the `chroot' function. */
#undef HAVE_CHROOT
......@@ -188,6 +114,9 @@
/* Define to 1 if you have the <edit/readline/readline.h> header file. */
#undef HAVE_EDIT_READLINE_READLINE_H
/* Define to 1 if you have the `epoll_create1' function. */
#undef HAVE_EPOLL_CREATE1
/* Define to 1 if you have the `EVP_aes_128_ecb' function. */
#undef HAVE_EVP_AES_128_ECB
......@@ -251,7 +180,7 @@
/* Define to 1 if you have the <idn2.h> header file. */
#undef HAVE_IDN2_H
/* Define to 1 if you have the if_nametoindex function. */
/* Define to 1 if you have the `if_nametoindex' function. */
#undef HAVE_IF_NAMETOINDEX
/* Define to 1 if you have the <inttypes.h> header file. */
......@@ -266,13 +195,16 @@
/* Define to 1 if you have the <kerberosv5/krb5.h> header file. */
#undef HAVE_KERBEROSV5_KRB5_H
/* Define to 1 if you have the `kqueue' function. */
#undef HAVE_KQUEUE
/* Define to 1 if you have the <krb5.h> header file. */
#undef HAVE_KRB5_H
/* Define to 1 if you have the <krb5/krb5.h> header file. */
#undef HAVE_KRB5_KRB5_H
/* if system have backtrace function */
/* define if system have backtrace function */
#undef HAVE_LIBCTRACE
/* Define if libidn2 was found */
......@@ -389,6 +321,9 @@
/* Define to 1 if you have the `sigwait' function. */
#undef HAVE_SIGWAIT
/* define if struct stat has st_mtim.tv_nsec field */
#undef HAVE_STAT_NSEC
/* Define to 1 if you have the <stdatomic.h> header file. */
#undef HAVE_STDATOMIC_H
......@@ -404,6 +339,18 @@
/* Define to 1 if you have the <string.h> header file. */
#undef HAVE_STRING_H
/* Define to 1 if you have the `strlcat' function. */
#undef HAVE_STRLCAT
/* Define to 1 if you have the `strlcpy' function. */
#undef HAVE_STRLCPY
/* Define to 1 if you have the `sysconf' function. */
#undef HAVE_SYSCONF
/* Define to 1 if you have the `sysctlbyname' function. */
#undef HAVE_SYSCTLBYNAME
/* Define to 1 if you have the <sys/capability.h> header file. */
#undef HAVE_SYS_CAPABILITY_H
......@@ -416,9 +363,6 @@
/* Define to 1 if you have the <sys/param.h> header file. */
#undef HAVE_SYS_PARAM_H
/* Define to 1 if you have the <sys/prctl.h> header file. */
#undef HAVE_SYS_PRCTL_H
/* Define to 1 if you have the <sys/select.h> header file. */
#undef HAVE_SYS_SELECT_H
......@@ -452,12 +396,18 @@
/* Define if Thread-Local Storage is available */
#undef HAVE_TLS
/* Define to 1 if you have the `tzset' function. */
#undef HAVE_TZSET
/* Define to 1 if you have the <uchar.h> header file. */
#undef HAVE_UCHAR_H
/* Define to 1 if the system has the type `uintptr_t'. */
#undef HAVE_UINTPTR_T
/* define if uname is available */
#undef HAVE_UNAME
/* Define to 1 if you have the <unistd.h> header file. */
#undef HAVE_UNISTD_H
......@@ -539,6 +489,9 @@
/* Define to use large-system tuning. */
#undef TUNE_LARGE
/* define if we can use backtrace */
#undef USE_BACKTRACE
/* Enable DNS Response Policy Service API */
#undef USE_DNSRPS
......
......@@ -67,24 +67,15 @@
/* define on DEC OSF to enable 4.4BSD style sa_len support */
/* #undef _SOCKADDR_LEN */
/* define if your system needs pthread_init() before using pthreads */
/* #undef NEED_PTHREAD_INIT */
/* define if your system has sigwait() */
/* #undef HAVE_SIGWAIT */
/* define on Solaris to get sigwait() to work using pthreads semantics */
/* #undef _POSIX_PTHREAD_SEMANTICS */
/* define if LinuxThreads is in use */
/* #undef HAVE_LINUXTHREADS */
/* define if catgets() is available */
/* #undef HAVE_CATGETS */
/* define if you have the NET_RT_IFLIST sysctl variable. */
#define HAVE_IFLIST_SYSCTL 1
/* define if you need to #define _XPG4_2 before including sys/socket.h */
/* #undef NEED_XPG4_2_BEFORE_SOCKET_H */
......@@ -236,9 +227,6 @@ typedef __int64 off_t;
*/
#include <versions.h>
/* We actually are using the CryptAPI and not a device */
#define PATH_RANDOMDEV "CryptAPI"
#include <stddef.h>
#include <stdio.h>
#include <stdarg.h>
......@@ -367,6 +355,9 @@ typedef __int64 off_t;
/* Large system tuning */
@TUNE_LARGE@
/* define if we can use backtrace */
@USE_BACKTRACE@
/* the default value of dnssec-validation option */
@VALIDATION_DEFAULT@
......
This diff is collapsed.
......@@ -458,9 +458,10 @@ AC_CHECK_HEADERS([threads.h],
AC_C_CONST
AC_C_INLINE
AC_C_VOLATILE
AC_CHECK_FUNC(sysctlbyname, AC_DEFINE(HAVE_SYSCTLBYNAME))
AC_C_FLEXIBLE_ARRAY_MEMBER
AC_CHECK_FUNCS([sysctlbyname])
#
# Check for the existence of mmap to enable the fast format zones
#
......@@ -476,43 +477,29 @@ AC_TYPE_SIZE_T
AC_TYPE_SSIZE_T
AC_TYPE_UINTPTR_T
AC_CHECK_TYPE(socklen_t,
[AC_DEFINE(ISC_SOCKADDR_LEN_T, socklen_t)],
[
AC_TRY_COMPILE(
[
#include <sys/types.h>
#include <sys/socket.h>
int getsockname(int, struct sockaddr *, size_t *);
],[],
[AC_DEFINE(ISC_SOCKADDR_LEN_T, size_t)],
[AC_DEFINE(ISC_SOCKADDR_LEN_T, int)])
],
[