Add support for using a local socket for the remote control connection

by specifying uts path instead of (or in addition to) an IP address as
an argument to the control-interface configuration variable.

Add support for unencrypted and unauthenticated control connections
through a new configuration variable, control-use-cert.  To avoid the
complexity of supporting both SSL socket and plain socket descriptors
in the same code, we just use an unencrypted SSL context and forego
authentication.  The downside is that we still have to perform DH kex
when establishing the connection.

This patch was derived (with significant modifications) from the
contrib/unbound_unixsock.diff patch originally submitted by Ilya
Bakulin of Genua mbH.

1 files changed, 16 insertions, 0 deletions

diff --git a/util/config_file.c b/util/config_file.c
index 35bc645..bb39cf9 100644
--- a/util/config_file.c
+++ b/util/config_file.c
@@ -60,6 +60,9 @@
 #ifdef HAVE_GLOB_H
 # include <glob.h>
 #endif
+#ifdef HAVE_PWD_H
+#include <pwd.h>
+#endif
 
 /** global config during parsing */
 struct config_parser_state* cfg_parser = 0;
@@ -131,6 +134,8 @@ config_create(void)
 		goto error_exit;
 	init_outgoing_availports(cfg->outgoing_avail_ports, 65536);
 	if(!(cfg->username = strdup(UB_USERNAME))) goto error_exit;
+	cfg->uid = (uid_t)-1;
+	cfg->gid = (gid_t)-1;
 #ifdef HAVE_CHROOT
 	if(!(cfg->chrootdir = strdup(CHROOT_DIR))) goto error_exit;
 #endif
@@ -799,6 +804,17 @@ config_read(struct config_file* cfg, const char* filename, const char* chroot)
 		errno=EINVAL;
 		return 0;
 	}
+
+#ifdef HAVE_GETPWNAM
+	/* translate username into uid and gid */
+	if(cfg->username && cfg->username[0]) {
+		struct passwd *pwd;
+		if((pwd = getpwnam(cfg->username)) == NULL)
+			log_err("user '%s' does not exist.", cfg->username);
+		cfg->uid = pwd->pw_uid;
+		cfg->gid = pwd->pw_gid;
+	}
+#endif
 	return 1;
 }