Commit 53a82252 authored by Evan Hunt's avatar Evan Hunt
Browse files

Created b10-recurse--mostly copied from b10-auth, but with references

to datasrc, xfrin, xfrout and so on removed.  This is simply the
client-facing side of a name server; it can receive and send packets
but can't process them in any way yet.  It will become a simple forwarder,
and then a proper resolver, in future work.

git-svn-id: svn://bind10.isc.org/svn/bind10/branches/trac327@2958 e5f2f494-b856-4b98-b285-d166d9295462
parent 7783f8a3
......@@ -423,6 +423,8 @@ AC_CONFIG_FILES([Makefile
src/bin/msgq/tests/Makefile
src/bin/auth/Makefile
src/bin/auth/tests/Makefile
src/bin/recurse/Makefile
src/bin/recurse/tests/Makefile
src/bin/xfrin/Makefile
src/bin/xfrin/tests/Makefile
src/bin/xfrout/Makefile
......@@ -497,6 +499,8 @@ AC_OUTPUT([src/bin/cfgmgr/b10-cfgmgr.py
src/bin/msgq/run_msgq.sh
src/bin/auth/auth.spec.pre
src/bin/auth/spec_config.h.pre
src/bin/recurse/recurse.spec.pre
src/bin/recurse/spec_config.h.pre
src/lib/config/tests/data_def_unittests_config.h
src/lib/python/isc/config/tests/config_test
src/lib/python/isc/cc/tests/cc_test
......
SUBDIRS = bind10 bindctl cfgmgr loadzone msgq host cmdctl auth xfrin xfrout usermgr zonemgr
SUBDIRS = bind10 bindctl cfgmgr loadzone msgq host cmdctl auth recurse xfrin xfrout usermgr zonemgr
......@@ -17,14 +17,12 @@ pkglibexecdir = $(libexecdir)/@PACKAGE@
CLEANFILES = *.gcno *.gcda auth.spec spec_config.h
if ENABLE_MAN
man_MANS = b10-auth.8
EXTRA_DIST = $(man_MANS) b10-auth.xml
if ENABLE_MAN
b10-auth.8: b10-auth.xml
xsltproc --novalid --xinclude --nonet -o $@ http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $(srcdir)/b10-auth.xml
endif
auth.spec: auth.spec.pre
......
......@@ -33,7 +33,7 @@ class MessageRenderer;
namespace xfr {
class AbstractXfroutClient;
};
}
}
namespace asiolink {
......
......@@ -51,6 +51,7 @@ using namespace isc::cc;
using namespace isc::config;
using namespace isc::dns;
using namespace isc::xfr;
using namespace asiolink;
namespace {
......@@ -64,7 +65,7 @@ const char* DNSPORT = "5300";
* class itself? */
AuthSrv *auth_server;
asiolink::IOService* io_service;
IOService* io_service;
ConstElementPtr
my_config_handler(ConstElementPtr new_config) {
......@@ -176,8 +177,8 @@ main(int argc, char* argv[]) {
auth_server->setVerbose(verbose_mode);
cout << "[b10-auth] Server created." << endl;
asiolink::CheckinProvider* checkin = auth_server->getCheckinProvider();
asiolink::DNSProvider* process = auth_server->getDNSProvider();
CheckinProvider* checkin = auth_server->getCheckinProvider();
DNSProvider* process = auth_server->getDNSProvider();
if (address != NULL) {
// XXX: we can only specify at most one explicit address.
......@@ -186,10 +187,10 @@ main(int argc, char* argv[]) {
// We don't bother to fix this problem, however. The -a option
// is a short term workaround until we support dynamic listening
// port allocation.
io_service = new asiolink::IOService(*port, *address,
io_service = new IOService(*port, *address,
checkin, process);
} else {
io_service = new asiolink::IOService(*port, use_ipv4, use_ipv6,
io_service = new IOService(*port, use_ipv4, use_ipv6,
checkin, process);
}
cout << "[b10-auth] IOService created." << endl;
......
SUBDIRS = . tests
AM_CPPFLAGS = -I$(top_srcdir)/src/lib -I$(top_builddir)/src/lib
AM_CPPFLAGS += -I$(top_srcdir)/src/bin -I$(top_builddir)/src/bin
AM_CPPFLAGS += -I$(top_srcdir)/src/lib/dns -I$(top_builddir)/src/lib/dns
AM_CPPFLAGS += -I$(top_srcdir)/src/lib/cc -I$(top_builddir)/src/lib/cc
AM_CPPFLAGS += -I$(top_srcdir)/src/lib/asiolink
AM_CPPFLAGS += -I$(top_builddir)/src/lib/asiolink
AM_CXXFLAGS = $(B10_CXXFLAGS)
if USE_STATIC_LINK
AM_LDFLAGS = -static
endif
pkglibexecdir = $(libexecdir)/@PACKAGE@
CLEANFILES = *.gcno *.gcda recurse.spec spec_config.h
man_MANS = b10-recurse.8
EXTRA_DIST = $(man_MANS) b10-recurse.xml
# if ENABLE_MAN
b10-recurse.8: b10-recurse.xml
xsltproc --novalid --xinclude --nonet -o $@ http://docbook.sourceforge.net/release/xsl/current/manpages/docbook.xsl $(srcdir)/b10-recurse.xml
# endif
recurse.spec: recurse.spec.pre
$(SED) -e "s|@@LOCALSTATEDIR@@|$(localstatedir)|" recurse.spec.pre >$@
spec_config.h: spec_config.h.pre
$(SED) -e "s|@@LOCALSTATEDIR@@|$(localstatedir)|" spec_config.h.pre >$@
BUILT_SOURCES = spec_config.h
pkglibexec_PROGRAMS = b10-recurse
b10_recurse_SOURCES = recursor.cc recursor.h
b10_recurse_SOURCES += change_user.cc change_user.h
b10_recurse_SOURCES += common.h
b10_recurse_SOURCES += main.cc
b10_recurse_LDADD = $(top_builddir)/src/lib/dns/libdns++.la
b10_recurse_LDADD += $(top_builddir)/src/lib/config/libcfgclient.la
b10_recurse_LDADD += $(top_builddir)/src/lib/cc/libcc.la
b10_recurse_LDADD += $(top_builddir)/src/lib/exceptions/libexceptions.la
b10_recurse_LDADD += $(top_builddir)/src/lib/asiolink/libasiolink.a
b10_recurse_LDADD += $(top_builddir)/src/lib/xfr/libxfr.la
b10_recurse_LDFLAGS = -pthread
# TODO: config.h.in is wrong because doesn't honor pkgdatadir
# and can't use @datadir@ because doesn't expand default ${prefix}
b10_recursedir = $(DESTDIR)$(pkgdatadir)
b10_recurse_DATA = recurse.spec
'\" t
.\" Title: b10-recurse
.\" Author: [FIXME: author] [see http://docbook.sf.net/el/author]
.\" Generator: DocBook XSL Stylesheets v1.75.2 <http://docbook.sf.net/>
.\" Date: September 16, 2010
.\" Manual: BIND10
.\" Source: BIND10
.\" Language: English
.\"
.TH "B10\-RECURSE" "8" "September 16, 2010" "BIND10" "BIND10"
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
b10-recurse \- Recursive DNS server
.SH "SYNOPSIS"
.HP \w'\fBb10\-recurse\fR\ 'u
\fBb10\-recurse\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-a\ \fR\fB\fIaddress\fR\fR] [\fB\-n\fR] [\fB\-p\ \fR\fB\fInumber\fR\fR] [\fB\-u\ \fR\fB\fIusername\fR\fR] [\fB\-v\fR]
.SH "DESCRIPTION"
.PP
The
\fBb10\-recurse\fR
daemon provides the BIND 10 recursive DNS server\&. Normally it is started by the
\fBbind10\fR(8)
boss process\&.
.PP
This daemon communicates with other BIND 10 components over a
\fBb10-msgq\fR(8)
C\-Channel connection\&. If this connection is not established,
\fBb10\-recurse\fR
will exit\&.
.PP
It also receives its configurations from
\fBb10-cfgmgr\fR(8)\&. Currently no configuration commands are defined\&.
.if n \{\
.sp
.\}
.RS 4
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBNote\fR
.ps -1
.br
.PP
This prototype version only supports forwarding\&. Future versions will introduce full recursion, cache, lookup of local authoritative data (as in
\fBb10\-auth\fR), and DNSSEC validation\&.
.sp .5v
.RE
.SH "OPTIONS"
.PP
The arguments are as follows:
.PP
\fB\-4\fR
.RS 4
Enables IPv4 only mode\&. This switch may not be used with
\fB\-6\fR
nor
\fB\-a\fR\&. By default, it listens on both IPv4 and IPv6 (if capable)\&.
.RE
.PP
\fB\-6\fR
.RS 4
Enables IPv6 only mode\&. This switch may not be used with
\fB\-4\fR
nor
\fB\-a\fR\&. By default, it listens on both IPv4 and IPv6 (if capable)\&.
.RE
.PP
\fB\-a \fR\fB\fIaddress\fR\fR
.RS 4
The IPv4 or IPv6 address to listen on\&. This switch may not be used with
\fB\-4\fR
nor
\fB\-6\fR\&. The default is to listen on all addresses\&. (This is a short term workaround\&. This argument may change\&.)
.RE
.PP
\fB\-n\fR
.RS 4
Do not cache answers in memory\&. The default is to use the cache for faster responses\&. The cache keeps the most recent 30,000 answers (positive and negative) in memory for 30 seconds (instead of querying the data source, such as SQLite3 database, each time)\&.
.RE
.PP
\fB\-p \fR\fB\fInumber\fR\fR
.RS 4
The port number it listens on\&. The default is 5300\&.
.if n \{\
.sp
.\}
.RS 4
.it 1 an-trap
.nr an-no-space-flag 1
.nr an-break-flag 1
.br
.ps +1
\fBNote\fR
.ps -1
.br
The Y1 prototype runs on all interfaces and on this nonstandard port\&.
.sp .5v
.RE
.RE
.PP
\fB\-u \fR\fB\fIusername\fR\fR
.RS 4
The user name of the
\fBb10\-recurse\fR
daemon\&. If specified, the daemon changes the process owner to the specified user\&. The
\fIusername\fR
must be either a valid numeric user ID or a valid user name\&. By default the daemon runs as the user who invokes it\&.
.RE
.PP
\fB\-v\fR
.RS 4
Enabled verbose mode\&. This enables diagnostic messages to STDERR\&.
.RE
.SH "FILES"
.PP
None\&.
.SH "SEE ALSO"
.PP
\fBb10-cfgmgr\fR(8),
\fBb10-cmdctl\fR(8),
\fBb10-loadzone\fR(8),
\fBb10-msgq\fR(8),
\fBbind10\fR(8),
BIND 10 Guide\&.
.SH "HISTORY"
.PP
The
\fBb10\-recurse\fR
daemon was first coded in September 2010\&.
.SH "COPYRIGHT"
.br
Copyright \(co 2010 Internet Systems Consortium, Inc. ("ISC")
.br
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
[<!ENTITY mdash "&#8212;">]>
<!--
- Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
-
- Permission to use, copy, modify, and/or distribute this software for any
- purpose with or without fee is hereby granted, provided that the above
- copyright notice and this permission notice appear in all copies.
-
- THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id$ -->
<refentry>
<refentryinfo>
<date>September 16, 2010</date>
</refentryinfo>
<refmeta>
<refentrytitle>b10-recurse</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo>BIND10</refmiscinfo>
</refmeta>
<refnamediv>
<refname>b10-recurse</refname>
<refpurpose>Recursive DNS server</refpurpose>
</refnamediv>
<docinfo>
<copyright>
<year>2010</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
<refsynopsisdiv>
<cmdsynopsis>
<command>b10-recurse</command>
<arg><option>-4</option></arg>
<arg><option>-6</option></arg>
<arg><option>-a <replaceable>address</replaceable></option></arg>
<arg><option>-n</option></arg>
<arg><option>-p <replaceable>number</replaceable></option></arg>
<arg><option>-u <replaceable>username</replaceable></option></arg>
<arg><option>-v</option></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>DESCRIPTION</title>
<para>The <command>b10-recurse</command> daemon provides the BIND 10
recursive DNS server. Normally it is started by the
<citerefentry><refentrytitle>bind10</refentrytitle><manvolnum>8</manvolnum></citerefentry>
boss process.
</para>
<para>
This daemon communicates with other BIND 10 components over a
<citerefentry><refentrytitle>b10-msgq</refentrytitle><manvolnum>8</manvolnum></citerefentry>
C-Channel connection. If this connection is not established,
<command>b10-recurse</command> will exit.
</para>
<para>
It also receives its configurations from
<citerefentry><refentrytitle>b10-cfgmgr</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
Currently no configuration commands are defined.
</para>
<note><para>
This prototype version only supports forwarding. Future versions
will introduce full recursion, cache, lookup of local authoritative
data (as in <command>b10-auth</command>), and DNSSEC validation.
</para></note>
</refsect1>
<refsect1>
<title>OPTIONS</title>
<para>The arguments are as follows:</para>
<variablelist>
<varlistentry>
<term><option>-4</option></term>
<listitem><para>
Enables IPv4 only mode.
This switch may not be used with <option>-6</option> nor
<option>-a</option>.
By default, it listens on both IPv4 and IPv6 (if capable).
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>-6</option></term>
<listitem><para>
Enables IPv6 only mode.
This switch may not be used with <option>-4</option> nor
<option>-a</option>.
By default, it listens on both IPv4 and IPv6 (if capable).
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>-a <replaceable>address</replaceable></option></term>
<listitem>
<para>The IPv4 or IPv6 address to listen on.
This switch may not be used with <option>-4</option> nor
<option>-6</option>.
The default is to listen on all addresses.
(This is a short term workaround. This argument may change.)
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-n</option></term>
<listitem><para>
Do not cache answers in memory.
The default is to use the cache for faster responses.
The cache keeps the most recent 30,000 answers (positive
and negative) in memory for 30 seconds (instead of querying
the data source, such as SQLite3 database, each time).
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>-p <replaceable>number</replaceable></option></term>
<listitem><para>
The port number it listens on.
The default is 5300.</para>
<note><simpara>The Y1 prototype runs on all interfaces
and on this nonstandard port.</simpara></note>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-u <replaceable>username</replaceable></option></term>
<listitem>
<para>
The user name of the <command>b10-recurse</command> daemon.
If specified, the daemon changes the process owner to the
specified user.
The <replaceable>username</replaceable> must be either a
valid numeric user ID or a valid user name.
By default the daemon runs as the user who invokes it.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-v</option></term>
<listitem><para>
Enabled verbose mode. This enables diagnostic messages to
STDERR.
</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>FILES</title>
<para>
None.
</para>
<!-- TODO: this is not correct yet. -->
</refsect1>
<refsect1>
<title>SEE ALSO</title>
<para>
<citerefentry>
<refentrytitle>b10-cfgmgr</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>b10-cmdctl</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>b10-loadzone</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>b10-msgq</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citerefentry>
<refentrytitle>bind10</refentrytitle><manvolnum>8</manvolnum>
</citerefentry>,
<citetitle>BIND 10 Guide</citetitle>.
</para>
</refsect1>
<refsect1>
<title>HISTORY</title>
<para>
The <command>b10-recurse</command> daemon was first coded in
September 2010.
</para>
</refsect1>
</refentry><!--
- Local variables:
- mode: sgml
- End:
-->
// Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
// AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
// PERFORMANCE OF THIS SOFTWARE.
// $Id$
#include <errno.h>
#include <string.h>
#include <pwd.h>
#include <unistd.h>
#include <boost/lexical_cast.hpp>
#include <exceptions/exceptions.h>
#include <auth/common.h>
using namespace boost;
void
changeUser(const char* const username) {
const struct passwd *runas_pw = NULL;
runas_pw = getpwnam(username);
endpwent();
if (runas_pw == NULL) {
try {
runas_pw = getpwuid(lexical_cast<uid_t>(username));
endpwent();
} catch (const bad_lexical_cast&) {
; // fall through to isc_throw below.
}
}
if (runas_pw == NULL) {
isc_throw(FatalError, "Unknown user name or UID:" << username);
}
if (setgid(runas_pw->pw_gid) < 0) {
isc_throw(FatalError, "setgid() failed: " << strerror(errno));
}
if (setuid(runas_pw->pw_uid) < 0) {
isc_throw(FatalError, "setuid() failed: " << strerror(errno));
}
}
// Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
// AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
// PERFORMANCE OF THIS SOFTWARE.
// $Id$
#ifndef __CHANGE_USER_H
#define __CHANGE_USER_H 1
/// \brief Change the run time user.
///
/// This function changes the user and its group of the authoritative server
/// process.
///
/// On success the user ID of the process is changed to the specified user,
/// and the group is changed to that of the new user.
///
/// This is considered a short term workaround until we develop clearer
/// privilege separation, where the server won't even have to open privileged
/// ports and can be started by a non privileged user from the beginning.
/// This function therefore ignores some corner case problems (see below)
/// which we would address otherwise.
///
/// \c username can be either a textual user name or its numeric ID.
/// If the specified user name (or ID) doesn't specify a local user ID
/// or the user originally starting the process doesn't have a permission
/// of changing the user to \c username, this function throws an exception
/// of class \c FatalError.
///
/// This function internally uses system libraries that do not guarantee
/// reentrancy. In fact, it doesn't even expect to be called more than once.
/// The behavior is undefined if this function is called from multiple threads
/// simultaneously or more generally called multiple times.
///
/// This function only offers the basic exception guarantee, that is, if
/// an exception is thrown from this function, it's possible that an exception
/// is thrown after changing the group ID. This function doesn't recover
/// from that situation. In practice, the process is expected to consider
/// this event a fatal error and will immediately exit, and shouldn't cause
/// a real trouble.
///
/// \param username User name or ID of the new effective user.
void changeUser(const char* const username);
#endif // __CHANGE_USER_H
// Local Variables:
// mode: c++
// End:
// Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY