Merge branch 'ctl_afunix_default' of /git/repositories/knot

7bc9e3a1 · Jan Včelák · b7031075 · f4333494 · 7bc9e3a1 · 7bc9e3a1
Commit 7bc9e3a1 authored 11 years ago by Jan Včelák
--- a/doc/configuration.texi
+++ b/doc/configuration.texi
@@ -223,12 +223,13 @@ Deleting a last RR also removes its RRSIG.
 @section Remote control interface

 As of v1.3.0, it is possible to control running daemon using UNIX sockets,
-which is also preferred over internet sockets.
+which is also preferred over internet sockets. You don't need any specific configuration,
+since it is enabled by default and the UNIX socket is placed in the rundir.
+To disable remote control completely, add an empty @code{control} section to the
+configuration like:

 @example
-control @{
-	listen-on "knot.sock";
-@}
+control @{ @}
 @end example

 However you can still use IPv4/IPv6 address, although with several shortcomings.
@@ -238,6 +239,13 @@ but the default port for remote control protocol is @code{5533}.
 However keep in mind, that the transferred data isn't encrypted and could be
 susceptible to replay attack in a short timeframe.

+Example configuration:
+@example
+control @{
+	listen-on @{ address 127.0.0.1@@5533; @}
+@}
+@end example
+
 @node Enabling zone semantic checks
 @section Enabling zone semantic checks
 You can turn on more detailed semantic

--- a/doc/reference.texi
+++ b/doc/reference.texi
@@ -623,8 +623,7 @@ control @{
 The @code{control} statement specifies on which interface to listen for remote control commands.
 Caution: The control protocol is not encrypted,
 and susceptible to replay attack in a short timeframe until message digest expires,
-for that reason, it is recommended to enable remote control only on private networks
-or loopback.
+for that reason, it is recommended to use default UNIX sockets.

 @menu
 * control Syntax::
@@ -652,8 +651,8 @@ Control interface @code{listen-on} either defines a UNIX socket or an
 IPv4/IPv6 @code{interface} definition as in @ref{interfaces}.
 Default port for IPv4/v6 control interface is @code{5533},
 however UNIX socket is preferred.
-UNIX socke address is relative to @code{rundir} if not specified as an absolute
-path.
+UNIX socket address is relative to @code{rundir} if not specified as an absolute
+path. Without any configuration, the socket will be created in @code{rundir/knot.sock}.

 @node control Examples
 @subsection Examples
@@ -661,7 +660,7 @@ path.
 UNIX socket example:
 @example
 control @{
-        listen-on "knot.sock";
+        listen-on "/var/run/knot/knot.sock";
 @}
 @end example


--- a/samples/knot.full.conf
+++ b/samples/knot.full.conf
@@ -184,7 +184,7 @@ groups {
 control {

  # Specifies interface, syntax is exactly the same as in 'interfaces' section
-  # Default: OFF
+  # Default: $(run_dir)/knot.sock
  listen-on "knot.sock";

  # As an alternative, you can use an IPv4/v6 address and port

--- a/src/knot/conf/cf-parse.y
+++ b/src/knot/conf/cf-parse.y
@@ -1002,7 +1002,7 @@ ctl_allow_start:
  ;

 control:
-   CONTROL '{'
+   CONTROL '{' { new_config->ctl.have = true; }
 | control ctl_listen_start '{' interface '}' {
     if (this_iface->address == 0) {
       cf_error(scanner, "control interface has no defined address");

--- a/src/knot/conf/conf.c
+++ b/src/knot/conf/conf.c
@@ -215,8 +215,17 @@ static int conf_process(conf_t *conf)
 		}
 	}

-	/* Control interface. */
+	/* Default interface. */
 	conf_iface_t *ctl_if = conf->ctl.iface;
+	if (!conf->ctl.have && ctl_if == NULL) {
+		ctl_if = malloc(sizeof(conf_iface_t));
+		memset(ctl_if, 0, sizeof(conf_iface_t));
+		ctl_if->family = AF_UNIX;
+		ctl_if->address = strdup("knot.sock");
+		conf->ctl.iface = ctl_if;
+	}
+
+	/* Control interface. */
 	if (ctl_if) {
 		if (ctl_if->family == AF_UNIX) {
 			ctl_if->address = conf_abs_path(conf->rundir,

--- a/src/knot/conf/conf.h
+++ b/src/knot/conf/conf.h
@@ -178,6 +178,7 @@ typedef struct conf_control_t {
 	conf_iface_t *iface; /*!< Remote control interface. */
 	list allow;          /*!< List of allowed remotes. */
 	acl_t* acl;          /*!< ACL. */
+	bool have;           /*!< Set if configured. */
 } conf_control_t;

 /*!

--- a/src/knot/main.c
+++ b/src/knot/main.c
@@ -304,9 +304,9 @@ int main(int argc, char **argv)
 		/* Bind to control interface. */
 		uint8_t buf[65535]; /*! \todo #2035 should be on heap */
 		size_t buflen = sizeof(buf);
-		conf_iface_t *ctl_if = conf()->ctl.iface;
 		int remote = -1;
-		if (ctl_if != NULL) {
+		if (conf()->ctl.iface != NULL) {
+			conf_iface_t *ctl_if = conf()->ctl.iface;
 			memset(buf, 0, buflen);
 			if (ctl_if->port)
 				snprintf((char*)buf, buflen, "@%d", ctl_if->port);
@@ -328,7 +328,8 @@ int main(int argc, char **argv)

 			/* Events. */
 			if (ret > 0) {
-				ret = remote_process(server, ctl_if, remote, buf, buflen);
+				ret = remote_process(server, conf()->ctl.iface,
+				                     remote, buf, buflen);
 				switch(ret) {
 				case KNOT_CTL_RESTART:
 					sig_req_rst = 1; /* Fall through */