diff options
Diffstat (limited to 'dns/bind916/files/named.in')
-rw-r--r-- | dns/bind916/files/named.in | 464 |
1 files changed, 0 insertions, 464 deletions
diff --git a/dns/bind916/files/named.in b/dns/bind916/files/named.in deleted file mode 100644 index 6e225efe0733..000000000000 --- a/dns/bind916/files/named.in +++ /dev/null @@ -1,464 +0,0 @@ -#!/bin/sh - -# PROVIDE: named -# REQUIRE: %%NAMED_REQUIRE%% -# BEFORE: %%NAMED_BEFORE%% -# KEYWORD: shutdown - -# -# Add the following lines to /etc/rc.conf to enable BIND: -# named_enable (bool): Run named, the DNS server (or NO). -# named_program (str): Path to named, if you want a different one. -# named_conf (str): Path to the configuration file -# named_flags (str): Use this for flags OTHER than -u and -c -# named_uid (str): User to run named as -# named_chrootdir (str): Chroot directory (or "" not to auto-chroot it) -# Historically, was /var/named -# named_chroot_autoupdate (bool): Automatically install/update chrooted -# components of named. -# named_symlink_enable (bool): Symlink the chrooted pid file -# named_wait (bool): Wait for working name service before exiting -# named_wait_host (str): Hostname to check if named_wait is enabled -# named_auto_forward (str): Set up forwarders from /etc/resolv.conf -# named_auto_forward_only (str): Do "forward only" instead of "forward first" -%%NATIVE_PKCS11%%# named_pkcs11_engine (str): Path to the PKCS#11 library to use. -# - -. /etc/rc.subr - -name=named -desc="named BIND startup script" -rcvar=named_enable - -load_rc_config ${name} - -extra_commands=reload - -start_precmd=named_prestart -start_postcmd=named_poststart -reload_cmd=named_reload -stop_cmd=named_stop -stop_postcmd=named_poststop - -named_enable=${named_enable:-"NO"} -named_program=${named_program:-"%%PREFIX%%/sbin/named"} -named_conf=${named_conf:-"%%ETCDIR%%/named.conf"} -named_flags=${named_flags:-""} -named_uid=${named_uid:-"bind"} -named_chrootdir=${named_chrootdir:-""} -named_chroot_autoupdate=${named_chroot_autoupdate:-"YES"} -named_symlink_enable=${named_symlink_enable:-"YES"} -named_wait=${named_wait:-"NO"} -named_wait_host=${named_wait_host:-"localhost"} -named_auto_forward=${named_auto_forward:-"NO"} -named_auto_forward_only=${named_auto_forward_only:-"NO"} -%%NATIVE_PKCS11%%named_pkcs11_engine=${named_pkcs11_engine:-""} - -# Not configuration variables but having them here keeps rclint happy -required_dirs="${named_chrootdir}" -_named_confdirroot="${named_conf%/*}" -_named_confdir="${named_chrootdir}${_named_confdirroot}" -_named_program_root="${named_program%/sbin/named}" -_openssl_engines="%%ENGINES%%" - -# Needed if named.conf and rndc.conf are moved or if rndc.conf is used -rndc_conf=${rndc_conf:-"$_named_confdir/rndc.conf"} -rndc_key=${rndc_key:-"$_named_confdir/rndc.key"} - -# If running in a chroot cage, ensure that the appropriate files -# exist inside the cage, as well as helper symlinks into the cage -# from outside. -# -# As this is called after the is_running and required_dir checks -# are made in run_rc_command(), we can safely assume ${named_chrootdir} -# exists and named isn't running at this point (unless forcestart -# is used). -# -chroot_autoupdate() -{ - local file - - # If it's the first time around, fiddle with things and move the - # current configuration to the chroot. - if [ -d ${_named_confdirroot} -a ! -d ${_named_confdir} ]; then - warn "named chroot: Moving current configuration in the chroot!" - install -d ${_named_confdir%/*} - mv ${_named_confdirroot} ${_named_confdir} - fi - - # Create (or update) the chroot directory structure - # - if [ -r %%PREFIX%%/etc/mtree/BIND.chroot.dist ]; then - mtree -deU -f %%PREFIX%%/etc/mtree/BIND.chroot.dist \ - -p ${named_chrootdir} - else - warn "%%PREFIX%%/etc/mtree/BIND.chroot.dist missing," - warn "${named_chrootdir} directory structure not updated" - fi - if [ -r %%PREFIX%%/etc/mtree/BIND.chroot.local.dist ]; then - mkdir -p ${named_chrootdir}%%PREFIX%% - mtree -deU -f %%PREFIX%%/etc/mtree/BIND.chroot.local.dist \ - -p ${named_chrootdir}%%PREFIX%% - else - warn "%%PREFIX%%/etc/mtree/BIND.chroot.local.dist missing," - warn "${named_chrootdir}%%PREFIX%% directory structure not updated" - fi - - # Create (or update) the configuration directory symlink - # - if [ ! -L "${_named_confdirroot}" ]; then - if [ -d "${_named_confdirroot}" ]; then - warn "named chroot: ${_named_confdirroot} is a directory!" - elif [ -e "${_named_confdirroot}" ]; then - warn "named chroot: ${_named_confdirroot} exists!" - else - ln -s ${_named_confdir} ${_named_confdirroot} - fi - else - # Make sure it points to the right place. - ln -shf ${_named_confdir} ${_named_confdirroot} - fi - - # Mount a devfs in the chroot directory if needed - # - if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then - umount ${named_chrootdir}/dev 2>/dev/null - devfs_domount ${named_chrootdir}/dev devfsrules_hide_all - devfs -m ${named_chrootdir}/dev rule apply path null unhide - devfs -m ${named_chrootdir}/dev rule apply path random unhide - else - if [ -c ${named_chrootdir}/dev/null -a \ - -c ${named_chrootdir}/dev/random ]; then - info "named chroot: using pre-mounted devfs." - else - err 1 "named chroot: devfs cannot be mounted from " \ - "within a jail. Thus a chrooted named cannot " \ - "be run from within a jail. Either mount the " \ - "devfs with null and random from the host, or " \ - "run named without chrooting it, set " \ - "named_chrootdir=\"\" in /etc/rc.conf." - fi - fi - - # The OpenSSL engines and BIND9 plugins should be present in the - # chroot, named loads them after chrooting. - null_mount_or_copy ${_openssl_engines} - null_mount_or_copy %%PREFIX%%/lib/named - - # Copy and/or update key files to the chroot /etc - # - for file in localtime protocols services; do - if [ -r /etc/${file} ] && \ - ! cmp -s /etc/${file} "${named_chrootdir}/etc/${file}"; then - cp -p /etc/${file} "${named_chrootdir}/etc/${file}" - fi - done -} - -# Make symlinks to the correct pid file -# -make_symlinks() -{ - checkyesno named_symlink_enable && - ln -fs "${named_chrootdir}${pidfile}" ${pidfile} && - ln -fs "${named_chrootdir}${sessionkeyfile}" ${sessionkeyfile} -} - -named_poststart() -{ - make_symlinks - - if checkyesno named_wait; then - until ${_named_program_root}/bin/host ${named_wait_host} >/dev/null 2>&1; do - echo " Waiting for nameserver to resolve ${named_wait_host}" - sleep 1 - done - fi -} - -named_reload() -{ - # This is a one line function, but ${named_program} is not defined early - # enough to be there when the reload_cmd variable is defined up there. - rndc reload -} - -find_pidfile() -{ - if get_pidfile_from_conf pid-file ${named_conf}; then - pidfile="${_pidfile_from_conf}" - else - pidfile="/var/run/named/pid" - fi -} - -find_sessionkeyfile() -{ - if get_pidfile_from_conf session-keyfile ${named_conf}; then - sessionkeyfile="${_pidfile_from_conf}" - else - sessionkeyfile="/var/run/named/session.key" - fi -} - -named_stop() -{ - find_pidfile - - # This duplicates an undesirably large amount of code from the stop - # routine in rc.subr in order to use rndc to shut down the process, - # and to give it a second chance in case rndc fails. - rc_pid=$(check_pidfile ${pidfile} ${command}) - if [ -z "${rc_pid}" ]; then - [ -n "${rc_fast}" ] && return 0 - _run_rc_notrunning - return 1 - fi - echo 'Stopping named.' - if rndc stop; then - wait_for_pids ${rc_pid} - else - echo -n 'rndc failed, trying kill: ' - kill -TERM ${rc_pid} - wait_for_pids ${rc_pid} - fi -} - -named_poststop() -{ - if [ -n "${named_chrootdir}" ]; then - null_umount %%PREFIX%%/lib/named - null_umount ${_openssl_engines} - if [ -c ${named_chrootdir}/dev/null ]; then - # unmount /dev - if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then - umount ${named_chrootdir}/dev 2>/dev/null || true - else - warn "named chroot:" \ - "cannot unmount devfs from inside jail!" - fi - fi - fi -} - -can_mount() -{ - local kld - kld=$1 - if ! load_kld $kld; then - return 1 - fi - if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ] || - [ `${SYSCTL_N} security.jail.mount_allowed` -eq 1 ] || - [ `${SYSCTL_N} security.jail.mount_${kld}_allowed` -eq 1 ] ; then - return 0 - fi - return 1 -} - -null_mount_or_copy() -{ - local dir - dir=$1 - - if [ -d ${dir} ]; then - mkdir -p ${named_chrootdir}${dir} - if can_mount nullfs ; then - mount -t nullfs ${dir} ${named_chrootdir}${dir} - else - warn "named chroot: cannot nullfs mount OpenSSL" \ - "engines into the chroot, will copy the shared" \ - "libraries instead." - cp -f ${dir}/*.so ${named_chrootdir}${dir} - fi - fi -} - -null_umount() -{ - local dir - dir=$1 - - if [ -d ${dir} ]; then - if can_mount nullfs; then - umount ${named_chrootdir}${dir} - fi - fi -} - -create_file() -{ - if [ -e "$1" ]; then - unlink $1 - fi - install -o root -g wheel -m 0644 /dev/null $1 -} - -rndc() -{ - if [ -z "${rndc_flags}" ]; then - if [ -s "${rndc_conf}" ] ; then - rndc_flags="-c ${rndc_conf}" - elif [ -s "${rndc_key}" ] ; then - rndc_flags="-k ${rndc_key}" - else - rndc_flags="" - fi - fi - - ${_named_program_root}/sbin/rndc ${rndc_flags} "$@" -} - -named_prestart() -{ - # Is the user using a sandbox? - # - if [ -n "${named_chrootdir}" ]; then - rc_flags="${rc_flags} -t ${named_chrootdir}" - checkyesno named_chroot_autoupdate && chroot_autoupdate - - case "${altlog_proglist}" in - *named*) - ;; - *) - warn 'Using chroot without setting altlog_proglist, logging may not' - warn 'work correctly. Run sysrc altlog_proglist+=named' - ;; - esac - else - named_symlink_enable=NO - fi - - find_pidfile - find_sessionkeyfile - - if [ -n "${named_pidfile}" ]; then - warn 'named_pidfile: now determined from the conf file' - fi - - if [ -n "${named_sessionkeyfile}" ]; then - warn 'named_sessionkeyfile: now determined from the conf file' - fi - - piddir=`/usr/bin/dirname ${pidfile}` - if [ ! -d ${piddir} ]; then - install -d -o ${named_uid} -g ${named_uid} ${piddir} - fi - - sessionkeydir=`/usr/bin/dirname ${sessionkeyfile}` - if [ ! -d ${sessionkeydir} ]; then - install -d -o ${named_uid} -g ${named_uid} ${sessionkeydir} - fi - - command_args="-u ${named_uid:=root} -c ${named_conf} ${command_args}" - -%%NATIVE_PKCS11%% if [ -z "${named_pkcs11_engine}"]; then -%%NATIVE_PKCS11%% err 3 "named_pkcs11_engine has to be set to the PKCS#11 engine's library you want to use" -%%NATIVE_PKCS11%% elif [ ! -f ${named_pkcs11_engine} ]; then -%%NATIVE_PKCS11%% err 3 "named_pkcs11_engine the PKCS#11 engine's library you want to use doesn't exist" -%%NATIVE_PKCS11%% else -%%NATIVE_PKCS11%% mkdir -p ${named_chrootdir}${named_pkcs11_engine%/*} -%%NATIVE_PKCS11%% cp -p ${named_pkcs11_engine} ${named_chrootdir}${named_pkcs11_engine} -%%NATIVE_PKCS11%% command_args="-E ${named_pkcs11_engine} ${command_args}" -%%NATIVE_PKCS11%% fi - - local line nsip firstns - - # Create an rndc.key file for the user if none exists - # - confgen_command="${_named_program_root}/sbin/rndc-confgen -a -b256 -u ${named_uid} \ - -c ${_named_confdir}/rndc.key" - if [ -s "${_named_confdir}/rndc.conf" ]; then - unset confgen_command - fi - if [ -s "${_named_confdir}/rndc.key" ]; then - case `stat -f%Su ${_named_confdir}/rndc.key` in - root|${named_uid}) ;; - *) ${confgen_command} ;; - esac - else - ${confgen_command} - fi - - local checkconf - - checkconf="${_named_program_root}/sbin/named-checkconf" - if ! checkyesno named_chroot_autoupdate && [ -n "${named_chrootdir}" ]; then - checkconf="${checkconf} -t ${named_chrootdir}" - fi - - # Create a forwarder configuration based on /etc/resolv.conf - if checkyesno named_auto_forward; then - if [ ! -s /etc/resolv.conf ]; then - warn "named_auto_forward enabled, but no /etc/resolv.conf" - - # Empty the file in case it is included in named.conf - [ -s "${_named_confdir}/auto_forward.conf" ] && - create_file ${_named_confdir}/auto_forward.conf - - ${checkconf} ${named_conf} || - err 3 'named-checkconf for ${named_conf} failed' - return - fi - - create_file /var/run/naf-resolv.conf - create_file /var/run/auto_forward.conf - - echo ' forwarders {' > /var/run/auto_forward.conf - - while read line; do - case "${line}" in - 'nameserver '*|'nameserver '*) - nsip=${line##nameserver[ ]} - - if [ -z "${firstns}" ]; then - if [ ! "${nsip}" = '127.0.0.1' ]; then - echo 'nameserver 127.0.0.1' - echo " ${nsip};" >> /var/run/auto_forward.conf - fi - - firstns=1 - else - [ "${nsip}" = '127.0.0.1' ] && continue - echo " ${nsip};" >> /var/run/auto_forward.conf - fi - ;; - esac - - echo ${line} - done < /etc/resolv.conf > /var/run/naf-resolv.conf - - echo ' };' >> /var/run/auto_forward.conf - echo '' >> /var/run/auto_forward.conf - if checkyesno named_auto_forward_only; then - echo " forward only;" >> /var/run/auto_forward.conf - else - echo " forward first;" >> /var/run/auto_forward.conf - fi - - if cmp -s /etc/resolv.conf /var/run/naf-resolv.conf; then - unlink /var/run/naf-resolv.conf - else - [ -e /etc/resolv.conf ] && unlink /etc/resolv.conf - mv /var/run/naf-resolv.conf /etc/resolv.conf - fi - - if cmp -s ${_named_confdir}/auto_forward.conf \ - /var/run/auto_forward.conf; then - unlink /var/run/auto_forward.conf - else - [ -e "${_named_confdir}/auto_forward.conf" ] && - unlink ${_named_confdir}/auto_forward.conf - mv /var/run/auto_forward.conf \ - ${_named_confdir}/auto_forward.conf - fi - else - # Empty the file in case it is included in named.conf - [ -s "${_named_confdir}/auto_forward.conf" ] && - create_file ${_named_confdir}/auto_forward.conf - fi - - ${checkconf} ${named_conf} || err 3 "named-checkconf for ${named_conf} failed" -} - -run_rc_command "$1" |