Brian Wellington
71954c9571
I lied. This should be the last change to the setuid() code. Call
...
initgroups() from ns_os_inituserinfo, and make sure that Linux initially has
the CAP_SETGID capability set so that it doesn't fail.
2000-07-08 00:12:21 +00:00
Brian Wellington
c336121fb5
Hopefully the last change to the setuid code. Only call initgroups()
...
if getuid() == 0. Don't call ns_os_changeuser() more than once (it
could happen on Linux).
The code in its current form doesn't check for root before calling
setgid() or setuid(), since they'll fail and print reasonable error
messages (unless -u is supplied with the non-root user that ran named,
in which case it would succeed). The call to initgroups() would fail for
non root, so it shouldn't be tried.
The previous (as of a few days ago) code just ignored the -u parameter
when named was run as non-root. This was not good.
2000-07-07 23:53:35 +00:00
Brian Wellington
4e5388b459
Clean up the uid switching code again so that setgid() is called in
...
ns_os_changeuser().
2000-07-07 22:10:54 +00:00
Brian Wellington
baeb4bcf32
In query_find(), if we're looking up a key and dns_db_find() returns
...
DNS_R_DELEGATION, don't use the domain & ns set found by dns_db_find().
This means that a recursive server will not immediately ask the child zone
for a key set at the apex; the resolver will determine who to ask.
2000-07-06 02:27:26 +00:00
Andreas Gustafsson
4defd73fca
This is "the glue fix". It changes the additional data lookup
...
algorithm to more closely follow RFC1035, so that root servers will
provide a more complete set of name server glue addresses in ccTLD
referral responses.
For non-referral responses, the server no longer uses glue as
additional data.
For referral responses, the servers now looks for glue A/AAAA/A6 RRs
in the zone where the NS RRs reside, even in the case where this is
different from the zone where the A/AAAA/A6 RRs would have resided had
they been authoritative data.
A6 chains included as additional info may not yet fully follow these
rules.
2000-07-05 23:10:06 +00:00
Andreas Gustafsson
c6ab6ca3fd
moved linux_keepcaps() call and check for Linux nonroot caps back
...
to earlier locations; use a separate boolean flag for keeping track of whether a
UID switch was requested rather than overloading the UID value zero
2000-07-05 22:03:42 +00:00
Andreas Gustafsson
a074e41b97
style and new comments; no functional change
2000-07-04 01:33:47 +00:00
Brian Wellington
1e105376dd
linux_keepcaps() was called without checking the various defines that
...
surrounded the function definition.
2000-07-03 20:00:44 +00:00
Brian Wellington
79e873be59
The reordering of code in the last change broke linux, since the determination
...
of whether we could call setuid() was moved after the check.
2000-07-03 18:28:38 +00:00
David Lawrence
202991557a
299. [cleanup] Get the user and group information before changing the
...
root directory, so the administrator does not need to
keep a copy of the user and group databases in the
chroot'ed environment. Suggested by Hakan Olsson.
2000-07-01 00:48:06 +00:00
Andreas Gustafsson
8f874cca90
removed unnecessary locking in ns_interface_shutdown() that
...
caused the server to deadlock on shutdown on the Alphas.
2000-06-30 02:48:06 +00:00
Michael Graff
15197aefa1
workaround for NetBSD - close FDs before dup2().
2000-06-28 16:26:40 +00:00
David Lawrence
fb1086b1f4
rm -f lwresd before trying to link it to named in the install target.
2000-06-28 02:54:55 +00:00
Jim Reid
1b32c4783f
minor corrections to -n option description as recommended by Brian
2000-06-28 02:51:46 +00:00
Brian Wellington
57506ed769
Fix memory context leak.
2000-06-28 00:06:25 +00:00
Brian Wellington
a1f8303b1b
don't print the configuration to stderr by default
2000-06-27 22:50:43 +00:00
Jim Reid
3b8403a20c
first draft of man pages for lwresd and named
2000-06-27 21:49:15 +00:00
Michael Graff
4ecbc9c96f
Don't use TCP for outgoing queries just because the client is TCP.
2000-06-26 21:42:33 +00:00
Brian Wellington
9a6bbb206e
namespace cleanup
2000-06-26 20:50:00 +00:00
David Lawrence
a38e5f0695
278. [bug] bin/named/logconf.c:category_fromconf() didn't take
...
note of when isc_log_categorybyname() wasn't able
to find the category name and would then apply the
channel list of the unknown category to all categories.
2000-06-23 17:59:08 +00:00
Mark Andrews
b03a619e1d
set AA in notify messages
2000-06-23 17:26:38 +00:00
Andreas Gustafsson
b92da7ece1
273. [func] The default for the 'transfer-format' option is
...
now 'many-answers'. This will break zone transfers
to BIND 4.9.5 and older unless there is an explicit
'one-answer' configuration.
2000-06-23 01:34:38 +00:00
Andreas Gustafsson
26c86a6fc8
273. [func] The default for the 'transfer-format' option is
...
now 'many-answers'. This will break zone transfers
to BIND 4.9.5 and older unless there is an explicit
'one-answer' configuration.
2000-06-23 01:08:29 +00:00
Mark Andrews
51eb7d0c5c
uninitaliased variable
2000-06-22 23:48:07 +00:00
David Lawrence
18f2f93039
style lint
2000-06-22 23:04:27 +00:00
David Lawrence
aa900978da
allow stderr channels to be configured
2000-06-22 22:30:12 +00:00
David Lawrence
9c3531d72a
add RCS id string
2000-06-22 22:00:42 +00:00
Mark Andrews
06430b1f6c
isc_mem_put(client->tcpbuf) not isc_mem_put(client->sendbuf);
2000-06-22 02:21:06 +00:00
David Lawrence
6dcde6ca36
update_copyrights
2000-06-22 01:27:11 +00:00
Brian Wellington
58620377da
add lwresd
2000-06-22 01:25:19 +00:00
Andreas Gustafsson
b3157263ee
272. [bug] The sending of large TCP responses was canceled
...
in mid-transmission due to a race condition
caused by the failure to set the client object's
newstate variable correctly when transitioning
to the working state.
2000-06-22 01:14:38 +00:00
Brian Wellington
04e812723c
If ns_g_cpus is 0, call isc_os_ncpus() to probe.
2000-06-22 01:09:14 +00:00
Brian Wellington
bc9515e5a2
Initialize ns_g_cpus to 0, not 1.
2000-06-22 01:08:54 +00:00
Mark Andrews
b35a009df8
270. [func] Allow maximum sized TCP answers.
2000-06-22 00:05:11 +00:00
Brian Wellington
165250c403
Move entropy and dispatchmgr create/destroy to more correct places.
2000-06-21 22:12:02 +00:00
Michael Graff
80617c8faa
Add using an entropy source to generate a random query ID seed value.
2000-06-21 21:34:43 +00:00
Brian Wellington
567ba0ae19
Return LWRES_R_INCOMPLETE when there are aliases but no addresses.
2000-06-21 18:20:00 +00:00
Brian Wellington
208e3e410d
lwresd bug fixes, command line updates, configurability stuff
2000-06-21 01:16:27 +00:00
Brian Wellington
9381314895
Return LWRES_R_NOTFOUND if a gnba lookup fails because the name isn't found.
2000-06-21 01:15:10 +00:00
David Lawrence
c05ebd0da7
removed some special files from the ignore list that are no longer generated
2000-06-20 23:45:08 +00:00
Brian Wellington
1eee03d8cf
Use the -p port option to start lwresd on a different port
2000-06-19 22:30:11 +00:00
Brian Wellington
d195e2df32
Don't start omapi if running in lwresd mode
2000-06-19 22:29:09 +00:00
Brian Wellington
d5563fcd35
Remove lwresd before creating a link to named
2000-06-19 22:25:50 +00:00
Brian Wellington
c05abe6ef4
Added rules to link named to lwresd on 'make all' and 'make install'
2000-06-19 19:23:47 +00:00
Brian Wellington
593399a67a
lwresd is no longer named -r, it's now a link
2000-06-19 18:55:46 +00:00
Michael Graff
7685c082c8
remove flags from source types. It was never used, and probably shouldn't be there.
2000-06-17 01:42:21 +00:00
Michael Graff
ca53839147
temp. change -- don't filter mcast yet
2000-06-16 18:10:44 +00:00
Brian Wellington
f6c700247a
Failing to open/bind the lwresd socket should be a fatal error, since
...
it's only attempted if the user explicitly calls named with -r.
2000-06-16 07:42:41 +00:00
Brian Wellington
7777118507
( #260 ) Running named as a non-root user failed on Linux kernels new enough to
...
support retaining capabilities after setuid().
2000-06-16 07:35:54 +00:00
Brian Wellington
bb54e57a8e
Fix shutdown problems associated with lwresd.
2000-06-16 07:21:13 +00:00