diff options
| author | des <des@FreeBSD.org> | 2015-01-05 15:09:00 +0000 |
|---|---|---|
| committer | des <des@FreeBSD.org> | 2015-01-05 15:09:00 +0000 |
| commit | c9c57e46dacab9b036ff8296ad47f70277be6ef5 (patch) | |
| tree | d728f1c05c9bd4a55e5fe73f77a7500cbf96f09b /usr.sbin/unbound/local-setup | |
| parent | 47174a10af396376ae849d4e131d38c066b9a4b9 (diff) | |
| download | FreeBSD-src-c9c57e46dacab9b036ff8296ad47f70277be6ef5.zip FreeBSD-src-c9c57e46dacab9b036ff8296ad47f70277be6ef5.tar.gz | |
Enable remote control using a local socket in the default configuration.
Diffstat (limited to 'usr.sbin/unbound/local-setup')
| -rwxr-xr-x | usr.sbin/unbound/local-setup/local-unbound-setup.sh | 65 |
1 files changed, 52 insertions, 13 deletions
diff --git a/usr.sbin/unbound/local-setup/local-unbound-setup.sh b/usr.sbin/unbound/local-setup/local-unbound-setup.sh index a16e6d0..4c464d1 100755 --- a/usr.sbin/unbound/local-setup/local-unbound-setup.sh +++ b/usr.sbin/unbound/local-setup/local-unbound-setup.sh @@ -34,6 +34,8 @@ user="" unbound_conf="" forward_conf="" lanzones_conf="" +control_conf="" +control_socket="" workdir="" confdir="" chrootdir="" @@ -61,6 +63,8 @@ set_defaults() { : ${unbound_conf:=${workdir}/unbound.conf} : ${forward_conf:=${workdir}/forward.conf} : ${lanzones_conf:=${workdir}/lan-zones.conf} + : ${control_conf:=${workdir}/control.conf} + : ${control_socket:=/var/run/local_unbound.ctl} : ${anchor:=${workdir}/root.key} : ${pidfile:=/var/run/local_unbound.pid} : ${resolv_conf:=/etc/resolv.conf} @@ -76,7 +80,7 @@ set_defaults() { set_chrootdir() { chrootdir="${workdir}" for file in "${unbound_conf}" "${forward_conf}" \ - "${lanzones_conf}" "${anchor}" ; do + "${lanzones_conf}" "${control_conf}" "${anchor}" ; do if [ "${file#${workdir%/}/}" = "${file}" ] ; then echo "warning: ${file} is outside ${workdir}" >&2 chrootdir="" @@ -153,6 +157,14 @@ gen_resolv_conf() { } # +# Boilerplate +# +do_not_edit() { + echo "# This file was generated by $self." + echo "# Modifications will be overwritten." +} + +# # Generate resolvconf.conf so it updates forward.conf in addition to # resolv.conf. Note "in addition to" rather than "instead of", # because we still want it to update the domain name and search path @@ -160,7 +172,7 @@ gen_resolv_conf() { # the libc resolver will try unbound first. # gen_resolvconf_conf() { - echo "# Generated by $self" + do_not_edit echo "resolv_conf=\"/dev/null\" # prevent updating ${resolv_conf}" echo "unbound_conf=\"${forward_conf}\"" echo "unbound_pid=\"${pidfile}\"" @@ -173,8 +185,7 @@ gen_resolvconf_conf() { # Generate forward.conf # gen_forward_conf() { - echo "# Generated by $self" - echo "# Do not edit this file." + do_not_edit echo "forward-zone:" echo " name: ." for forwarder ; do @@ -190,8 +201,7 @@ gen_forward_conf() { # Generate lan-zones.conf # gen_lanzones_conf() { - echo "# Generated by $self" - echo "# Do not edit this file." + do_not_edit echo "server:" echo " # Unblock reverse lookups for LAN addresses" echo " unblock-lan-zones: yes" @@ -223,10 +233,21 @@ gen_lanzones_conf() { } # +# Generate control.conf +# +gen_control_conf() { + do_not_edit + echo "remote-control:" + echo " control-enable: yes" + echo " control-interface: ${control_socket}" + echo " control-use-cert: no" +} + +# # Generate unbound.conf # gen_unbound_conf() { - echo "# Generated by $self" + do_not_edit echo "server:" echo " username: ${user}" echo " directory: ${workdir}" @@ -240,6 +261,9 @@ gen_unbound_conf() { if [ -f "${lanzones_conf}" ] ; then echo "include: ${lanzones_conf}" fi + if [ -f "${control_conf}" ] ; then + echo "include: ${control_conf}" + fi if [ -d "${confdir}" ] ; then echo "include: ${confdir}/*.conf" fi @@ -278,6 +302,8 @@ usage() { echo " -C path full path to additional configuration directory" echo " -c path full path to unbound configuration file" echo " -f path full path to forwarding configuration" + echo " -O path full path to remote control socket" + echo " -o path full path to remote control configuration" echo " -p path full path to pid file" echo " -R path full path to resolvconf.conf" echo " -r path full path to resolv.conf" @@ -296,7 +322,7 @@ main() { # # Parse and validate command-line options # - while getopts "a:C:c:f:np:R:r:s:u:w:" option ; do + while getopts "a:C:c:f:no:p:R:r:s:u:w:" option ; do case $option in a) anchor="$OPTARG" @@ -313,6 +339,12 @@ main() { n) start_unbound="no" ;; + O) + control_socket="$OPTARG" + ;; + o) + control_conf="$OPTARG" + ;; p) pidfile="$OPTARG" ;; @@ -361,7 +393,7 @@ main() { fi else local tmp_forward_conf=$(mktemp -u "${forward_conf}.XXXXX") - gen_forward_conf ${forwarders} >"${tmp_forward_conf}" + gen_forward_conf ${forwarders} | unexpand >"${tmp_forward_conf}" replace "${forward_conf}" "${tmp_forward_conf}" fi @@ -369,15 +401,22 @@ main() { # Generate lan-zones.conf. # local tmp_lanzones_conf=$(mktemp -u "${lanzones_conf}.XXXXX") - gen_lanzones_conf >"${tmp_lanzones_conf}" + gen_lanzones_conf | unexpand >"${tmp_lanzones_conf}" replace "${lanzones_conf}" "${tmp_lanzones_conf}" # + # Generate control.conf. + # + local tmp_control_conf=$(mktemp -u "${control_conf}.XXXXX") + gen_control_conf | unexpand >"${tmp_control_conf}" + replace "${control_conf}" "${tmp_control_conf}" + + # # Generate unbound.conf. # local tmp_unbound_conf=$(mktemp -u "${unbound_conf}.XXXXX") set_chrootdir - gen_unbound_conf >"${tmp_unbound_conf}" + gen_unbound_conf | unexpand >"${tmp_unbound_conf}" replace "${unbound_conf}" "${tmp_unbound_conf}" # @@ -401,14 +440,14 @@ main() { # instead of resolv.conf. # local tmp_resolvconf_conf=$(mktemp -u "${resolvconf_conf}.XXXXX") - gen_resolvconf_conf >"${tmp_resolvconf_conf}" + gen_resolvconf_conf | unexpand >"${tmp_resolvconf_conf}" replace "${resolvconf_conf}" "${tmp_resolvconf_conf}" # # Finally, rewrite resolv.conf. # local tmp_resolv_conf=$(mktemp -u "${resolv_conf}.XXXXX") - gen_resolv_conf <"${resolv_conf}" >"${tmp_resolv_conf}" + gen_resolv_conf <"${resolv_conf}" | unexpand >"${tmp_resolv_conf}" replace "${resolv_conf}" "${tmp_resolv_conf}" } |
