diff options
Diffstat (limited to 'contrib/bind9/bin/rndc')
-rw-r--r-- | contrib/bind9/bin/rndc/Makefile.in | 102 | ||||
-rw-r--r-- | contrib/bind9/bin/rndc/include/rndc/os.h | 44 | ||||
-rw-r--r-- | contrib/bind9/bin/rndc/rndc-confgen.8 | 140 | ||||
-rw-r--r-- | contrib/bind9/bin/rndc/rndc-confgen.c | 323 | ||||
-rw-r--r-- | contrib/bind9/bin/rndc/rndc-confgen.docbook | 273 | ||||
-rw-r--r-- | contrib/bind9/bin/rndc/rndc-confgen.html | 538 | ||||
-rw-r--r-- | contrib/bind9/bin/rndc/rndc.8 | 118 | ||||
-rw-r--r-- | contrib/bind9/bin/rndc/rndc.c | 687 | ||||
-rw-r--r-- | contrib/bind9/bin/rndc/rndc.conf | 36 | ||||
-rw-r--r-- | contrib/bind9/bin/rndc/rndc.conf.5 | 142 | ||||
-rw-r--r-- | contrib/bind9/bin/rndc/rndc.conf.docbook | 210 | ||||
-rw-r--r-- | contrib/bind9/bin/rndc/rndc.conf.html | 377 | ||||
-rw-r--r-- | contrib/bind9/bin/rndc/rndc.docbook | 228 | ||||
-rw-r--r-- | contrib/bind9/bin/rndc/rndc.html | 388 | ||||
-rw-r--r-- | contrib/bind9/bin/rndc/unix/Makefile.in | 36 | ||||
-rw-r--r-- | contrib/bind9/bin/rndc/unix/os.c | 68 | ||||
-rw-r--r-- | contrib/bind9/bin/rndc/util.c | 55 | ||||
-rw-r--r-- | contrib/bind9/bin/rndc/util.h | 49 |
18 files changed, 3814 insertions, 0 deletions
diff --git a/contrib/bind9/bin/rndc/Makefile.in b/contrib/bind9/bin/rndc/Makefile.in new file mode 100644 index 000000000000..e6773151126b --- /dev/null +++ b/contrib/bind9/bin/rndc/Makefile.in @@ -0,0 +1,102 @@ +# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2000-2002 Internet Software Consortium. +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +# $Id: Makefile.in,v 1.32.2.3.8.8 2004/07/20 07:01:50 marka Exp $ + +srcdir = @srcdir@ +VPATH = @srcdir@ +top_srcdir = @top_srcdir@ + +@BIND9_VERSION@ + +@BIND9_MAKE_INCLUDES@ + +CINCLUDES = -I${srcdir}/include ${ISC_INCLUDES} ${ISCCC_INCLUDES} \ + ${ISCCFG_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES} + +CDEFINES = +CWARNINGS = + +ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@ +ISCCCLIBS = ../../lib/isccc/libisccc.@A@ +ISCLIBS = ../../lib/isc/libisc.@A@ +DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@ +BIND9LIBS = ../../lib/bind9/libbind9.@A@ + +ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@ +ISCCCDEPLIBS = ../../lib/isccc/libisccc.@A@ +ISCDEPLIBS = ../../lib/isc/libisc.@A@ +DNSDEPLIBS = ../../lib/dns/libdns.@A@ +BIND9DEPLIBS = ../../lib/bind9/libbind9.@A@ + +RNDCLIBS = ${ISCCFGLIBS} ${ISCCCLIBS} ${BIND9LIBS} ${DNSLIBS} ${ISCLIBS} @LIBS@ +RNDCDEPLIBS = ${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${BIND9DEPLIBS} ${DNSDEPLIBS} ${ISCDEPLIBS} + +CONFLIBS = ${DNSLIBS} ${ISCLIBS} @LIBS@ +CONFDEPLIBS = ${DNSDEPLIBS} ${ISCDEPLIBS} + +SUBDIRS = unix + +TARGETS = rndc@EXEEXT@ rndc-confgen@EXEEXT@ + +MANPAGES = rndc.8 rndc-confgen.8 rndc.conf.5 + +HTMLPAGES = rndc.html rndc-confgen.html rndc.conf.html + +MANOBJS = ${MANPAGES} ${HTMLPAGES} + +UOBJS = unix/os.@O@ + +@BIND9_MAKE_RULES@ + +rndc.@O@: rndc.c + ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ + -DVERSION=\"${VERSION}\" \ + -DRNDC_CONFFILE=\"${sysconfdir}/rndc.conf\" \ + -DRNDC_KEYFILE=\"${sysconfdir}/rndc.key\" \ + -c ${srcdir}/rndc.c + +rndc-confgen.@O@: rndc-confgen.c + ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ + -DRNDC_KEYFILE=\"${sysconfdir}/rndc.key\" \ + -c ${srcdir}/rndc-confgen.c + +rndc@EXEEXT@: rndc.@O@ util.@O@ ${RNDCDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ rndc.@O@ util.@O@ \ + ${RNDCLIBS} + +rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ ${UOBJS} ${CONFDEPLIBS} + ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ rndc-confgen.@O@ util.@O@ \ + ${UOBJS} ${CONFLIBS} + +doc man:: ${MANOBJS} + +docclean manclean maintainer-clean:: + rm -f ${MANOBJS} + +installdirs: + $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir} + $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8 + $(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man5 + +install:: rndc@EXEEXT@ rndc-confgen@EXEEXT@ installdirs + ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} rndc@EXEEXT@ ${DESTDIR}${sbindir} + ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} rndc-confgen@EXEEXT@ ${DESTDIR}${sbindir} + ${INSTALL_DATA} ${srcdir}/rndc.8 ${DESTDIR}${mandir}/man8 + ${INSTALL_DATA} ${srcdir}/rndc-confgen.8 ${DESTDIR}${mandir}/man8 + ${INSTALL_DATA} ${srcdir}/rndc.conf.5 ${DESTDIR}${mandir}/man5 + +clean distclean maintainer-clean:: + rm -f ${TARGETS} diff --git a/contrib/bind9/bin/rndc/include/rndc/os.h b/contrib/bind9/bin/rndc/include/rndc/os.h new file mode 100644 index 000000000000..b5ade476b9f1 --- /dev/null +++ b/contrib/bind9/bin/rndc/include/rndc/os.h @@ -0,0 +1,44 @@ +/* + * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: os.h,v 1.4.206.1 2004/03/06 10:21:33 marka Exp $ */ + +#ifndef RNDC_OS_H +#define RNDC_OS_H 1 + +#include <isc/lang.h> +#include <stdio.h> + +ISC_LANG_BEGINDECLS + +FILE *safe_create(const char *filename); +/* + * Open 'filename' for writing, truncate if necessary. If the file was + * created ensure that only the owner can read/write it. + */ + +int set_user(FILE *fd, const char *user); +/* + * Set the owner of the file refernced by 'fd' to 'user'. + * Returns: + * 0 success + * -1 insufficient permissions, or 'user' does not exist. + */ + +ISC_LANG_ENDDECLS + +#endif diff --git a/contrib/bind9/bin/rndc/rndc-confgen.8 b/contrib/bind9/bin/rndc/rndc-confgen.8 new file mode 100644 index 000000000000..b12e90cc569e --- /dev/null +++ b/contrib/bind9/bin/rndc/rndc-confgen.8 @@ -0,0 +1,140 @@ +.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2001-2003 Internet Software Consortium. +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +.\" PERFORMANCE OF THIS SOFTWARE. +.\" +.\" $Id: rndc-confgen.8,v 1.3.2.5.2.3 2004/06/03 05:35:48 marka Exp $ +.\" +.TH "RNDC-CONFGEN" "8" "Aug 27, 2001" "BIND9" "" +.SH NAME +rndc-confgen \- rndc key generation tool +.SH SYNOPSIS +.sp +\fBrndc-confgen\fR [ \fB-a\fR ] [ \fB-b \fIkeysize\fB\fR ] [ \fB-c \fIkeyfile\fB\fR ] [ \fB-h\fR ] [ \fB-k \fIkeyname\fB\fR ] [ \fB-p \fIport\fB\fR ] [ \fB-r \fIrandomfile\fB\fR ] [ \fB-s \fIaddress\fB\fR ] [ \fB-t \fIchrootdir\fB\fR ] [ \fB-u \fIuser\fB\fR ] +.SH "DESCRIPTION" +.PP +\fBrndc-confgen\fR generates configuration files +for \fBrndc\fR. It can be used as a +convenient alternative to writing the +\fIrndc.conf\fR file +and the corresponding \fBcontrols\fR +and \fBkey\fR +statements in \fInamed.conf\fR by hand. +Alternatively, it can be run with the \fB-a\fR +option to set up a \fIrndc.key\fR file and +avoid the need for a \fIrndc.conf\fR file +and a \fBcontrols\fR statement altogether. +.SH "OPTIONS" +.TP +\fB-a\fR +Do automatic \fBrndc\fR configuration. +This creates a file \fIrndc.key\fR +in \fI/etc\fR (or whatever +sysconfdir +was specified as when BIND was built) +that is read by both \fBrndc\fR +and \fBnamed\fR on startup. The +\fIrndc.key\fR file defines a default +command channel and authentication key allowing +\fBrndc\fR to communicate with +\fBnamed\fR on the local host +with no further configuration. + +Running \fBrndc-confgen -a\fR allows +BIND 9 and \fBrndc\fR to be used as drop-in +replacements for BIND 8 and \fBndc\fR, +with no changes to the existing BIND 8 +\fInamed.conf\fR file. + +If a more elaborate configuration than that +generated by \fBrndc-confgen -a\fR +is required, for example if rndc is to be used remotely, +you should run \fBrndc-confgen\fR without the +\fB-a\fR option and set up a +\fIrndc.conf\fR and +\fInamed.conf\fR +as directed. +.TP +\fB-b \fIkeysize\fB\fR +Specifies the size of the authentication key in bits. +Must be between 1 and 512 bits; the default is 128. +.TP +\fB-c \fIkeyfile\fB\fR +Used with the \fB-a\fR option to specify +an alternate location for \fIrndc.key\fR. +.TP +\fB-h\fR +Prints a short summary of the options and arguments to +\fBrndc-confgen\fR. +.TP +\fB-k \fIkeyname\fB\fR +Specifies the key name of the rndc authentication key. +This must be a valid domain name. +The default is rndc-key. +.TP +\fB-p \fIport\fB\fR +Specifies the command channel port where \fBnamed\fR +listens for connections from \fBrndc\fR. +The default is 953. +.TP +\fB-r \fIrandomfile\fB\fR +Specifies a source of random data for generating the +authorization. If the operating +system does not provide a \fI/dev/random\fR +or equivalent device, the default source of randomness +is keyboard input. \fIrandomdev\fR specifies +the name of a character device or file containing random +data to be used instead of the default. The special value +\fIkeyboard\fR indicates that keyboard +input should be used. +.TP +\fB-s \fIaddress\fB\fR +Specifies the IP address where \fBnamed\fR +listens for command channel connections from +\fBrndc\fR. The default is the loopback +address 127.0.0.1. +.TP +\fB-t \fIchrootdir\fB\fR +Used with the \fB-a\fR option to specify +a directory where \fBnamed\fR will run +chrooted. An additional copy of the \fIrndc.key\fR +will be written relative to this directory so that +it will be found by the chrooted \fBnamed\fR. +.TP +\fB-u \fIuser\fB\fR +Used with the \fB-a\fR option to set the owner +of the \fIrndc.key\fR file generated. If +\fB-t\fR is also specified only the file in +the chroot area has its owner changed. +.SH "EXAMPLES" +.PP +To allow \fBrndc\fR to be used with +no manual configuration, run +.PP +\fBrndc-confgen -a\fR +.PP +To print a sample \fIrndc.conf\fR file and +corresponding \fBcontrols\fR and \fBkey\fR +statements to be manually inserted into \fInamed.conf\fR, +run +.PP +\fBrndc-confgen\fR +.SH "SEE ALSO" +.PP +\fBrndc\fR(8), +\fBrndc.conf\fR(5), +\fBnamed\fR(8), +\fIBIND 9 Administrator Reference Manual\fR. +.SH "AUTHOR" +.PP +Internet Systems Consortium diff --git a/contrib/bind9/bin/rndc/rndc-confgen.c b/contrib/bind9/bin/rndc/rndc-confgen.c new file mode 100644 index 000000000000..ef0d4973186c --- /dev/null +++ b/contrib/bind9/bin/rndc/rndc-confgen.c @@ -0,0 +1,323 @@ +/* + * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2001, 2003 Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: rndc-confgen.c,v 1.9.2.6.2.4 2004/03/06 10:21:31 marka Exp $ */ + +#include <config.h> + +#include <stdlib.h> +#include <stdarg.h> + +#include <isc/assertions.h> +#include <isc/base64.h> +#include <isc/buffer.h> +#include <isc/commandline.h> +#include <isc/entropy.h> +#include <isc/file.h> +#include <isc/keyboard.h> +#include <isc/mem.h> +#include <isc/net.h> +#include <isc/print.h> +#include <isc/result.h> +#include <isc/string.h> +#include <isc/time.h> +#include <isc/util.h> + +#include <dns/keyvalues.h> +#include <dns/name.h> + +#include <dst/dst.h> +#include <rndc/os.h> + +#include "util.h" + +#define DEFAULT_KEYLENGTH 128 /* Bits. */ +#define DEFAULT_KEYNAME "rndc-key" +#define DEFAULT_SERVER "127.0.0.1" +#define DEFAULT_PORT 953 + +static char program[256]; +char *progname; + +isc_boolean_t verbose = ISC_FALSE; + +const char *keyfile, *keydef; + +static void +usage(int status) { + + fprintf(stderr, "\ +Usage:\n\ + %s [-a] [-b bits] [-c keyfile] [-k keyname] [-p port] [-r randomfile] \ +[-s addr] [-t chrootdir] [-u user]\n\ + -a: generate just the key clause and write it to keyfile (%s)\n\ + -b bits: from 1 through 512, default %d; total length of the secret\n\ + -c keyfile: specify an alternate key file (requires -a)\n\ + -k keyname: the name as it will be used in named.conf and rndc.conf\n\ + -p port: the port named will listen on and rndc will connect to\n\ + -r randomfile: a file containing random data\n\ + -s addr: the address to which rndc should connect\n\ + -t chrootdir: write a keyfile in chrootdir as well (requires -a)\n\ + -u user: set the keyfile owner to \"user\" (requires -a)\n", + progname, keydef, DEFAULT_KEYLENGTH); + + exit (status); +} + +/* + * Write an rndc.key file to 'keyfile'. If 'user' is non-NULL, + * make that user the owner of the file. The key will have + * the name 'keyname' and the secret in the buffer 'secret'. + */ +static void +write_key_file(const char *keyfile, const char *user, + const char *keyname, isc_buffer_t *secret ) +{ + FILE *fd; + + fd = safe_create(keyfile); + if (fd == NULL) + fatal( "unable to create \"%s\"\n", keyfile); + if (user != NULL) { + if (set_user(fd, user) == -1) + fatal("unable to set file owner\n"); + } + fprintf(fd, "key \"%s\" {\n\talgorithm hmac-md5;\n" + "\tsecret \"%.*s\";\n};\n", keyname, + (int)isc_buffer_usedlength(secret), + (char *)isc_buffer_base(secret)); + fflush(fd); + if (ferror(fd)) + fatal("write to %s failed\n", keyfile); + if (fclose(fd)) + fatal("fclose(%s) failed\n", keyfile); + fprintf(stderr, "wrote key file \"%s\"\n", keyfile); +} + +int +main(int argc, char **argv) { + isc_boolean_t show_final_mem = ISC_FALSE; + isc_buffer_t key_rawbuffer; + isc_buffer_t key_txtbuffer; + isc_region_t key_rawregion; + isc_mem_t *mctx = NULL; + isc_entropy_t *ectx = NULL; + isc_entropysource_t *entropy_source = NULL; + isc_result_t result = ISC_R_SUCCESS; + dst_key_t *key = NULL; + const char *keyname = NULL; + const char *randomfile = NULL; + const char *serveraddr = NULL; + char key_rawsecret[64]; + char key_txtsecret[256]; + char *p; + int ch; + int port; + int keysize; + int entropy_flags = 0; + int open_keyboard = ISC_ENTROPY_KEYBOARDMAYBE; + struct in_addr addr4_dummy; + struct in6_addr addr6_dummy; + char *chrootdir = NULL; + char *user = NULL; + isc_boolean_t keyonly = ISC_FALSE; + int len; + + keydef = keyfile = RNDC_KEYFILE; + + result = isc_file_progname(*argv, program, sizeof(program)); + if (result != ISC_R_SUCCESS) + memcpy(program, "rndc-confgen", 13); + progname = program; + + keyname = DEFAULT_KEYNAME; + keysize = DEFAULT_KEYLENGTH; + serveraddr = DEFAULT_SERVER; + port = DEFAULT_PORT; + + while ((ch = isc_commandline_parse(argc, argv, + "ab:c:hk:Mmp:r:s:t:u:Vy")) != -1) { + switch (ch) { + case 'a': + keyonly = ISC_TRUE; + break; + case 'b': + keysize = strtol(isc_commandline_argument, &p, 10); + if (*p != '\0' || keysize < 0) + fatal("-b requires a non-negative number"); + if (keysize < 1 || keysize > 512) + fatal("-b must be in the range 1 through 512"); + break; + case 'c': + keyfile = isc_commandline_argument; + break; + case 'h': + usage(0); + case 'k': + case 'y': /* Compatible with rndc -y. */ + keyname = isc_commandline_argument; + break; + case 'M': + isc_mem_debugging = ISC_MEM_DEBUGTRACE; + break; + + case 'm': + show_final_mem = ISC_TRUE; + break; + case 'p': + port = strtol(isc_commandline_argument, &p, 10); + if (*p != '\0' || port < 0 || port > 65535) + fatal("port '%s' out of range", + isc_commandline_argument); + break; + case 'r': + randomfile = isc_commandline_argument; + break; + case 's': + serveraddr = isc_commandline_argument; + if (inet_pton(AF_INET, serveraddr, &addr4_dummy) != 1 && + inet_pton(AF_INET6, serveraddr, &addr6_dummy) != 1) + fatal("-s should be an IPv4 or IPv6 address"); + break; + case 't': + chrootdir = isc_commandline_argument; + break; + case 'u': + user = isc_commandline_argument; + break; + case 'V': + verbose = ISC_TRUE; + break; + case '?': + usage(1); + break; + default: + fatal("unexpected error parsing command arguments: " + "got %c\n", ch); + break; + } + } + + argc -= isc_commandline_index; + argv += isc_commandline_index; + + if (argc > 0) + usage(1); + + DO("create memory context", isc_mem_create(0, 0, &mctx)); + + DO("create entropy context", isc_entropy_create(mctx, &ectx)); + + if (randomfile != NULL && strcmp(randomfile, "keyboard") == 0) { + randomfile = NULL; + open_keyboard = ISC_ENTROPY_KEYBOARDYES; + } + DO("start entropy source", isc_entropy_usebestsource(ectx, + &entropy_source, + randomfile, + open_keyboard)); + + entropy_flags = ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY; + + DO("initialize dst library", dst_lib_init(mctx, ectx, entropy_flags)); + + DO("generate key", dst_key_generate(dns_rootname, DST_ALG_HMACMD5, + keysize, 0, 0, + DNS_KEYPROTO_ANY, + dns_rdataclass_in, mctx, &key)); + + isc_buffer_init(&key_rawbuffer, &key_rawsecret, sizeof(key_rawsecret)); + + DO("dump key to buffer", dst_key_tobuffer(key, &key_rawbuffer)); + + isc_buffer_init(&key_txtbuffer, &key_txtsecret, sizeof(key_txtsecret)); + isc_buffer_usedregion(&key_rawbuffer, &key_rawregion); + + DO("bsse64 encode secret", isc_base64_totext(&key_rawregion, -1, "", + &key_txtbuffer)); + + /* + * Shut down the entropy source now so the "stop typing" message + * does not muck with the output. + */ + if (entropy_source != NULL) + isc_entropy_destroysource(&entropy_source); + + if (key != NULL) + dst_key_free(&key); + + isc_entropy_detach(&ectx); + dst_lib_destroy(); + + if (keyonly) { + write_key_file(keyfile, chrootdir == NULL ? user : NULL, + keyname, &key_txtbuffer); + + if (chrootdir != NULL) { + char *buf; + len = strlen(chrootdir) + strlen(keyfile) + 2; + buf = isc_mem_get(mctx, len); + if (buf == NULL) + fatal("isc_mem_get(%d) failed\n", len); + snprintf(buf, len, "%s/%s", chrootdir, keyfile); + + write_key_file(buf, user, keyname, &key_txtbuffer); + isc_mem_put(mctx, buf, len); + } + } else { + printf("\ +# Start of rndc.conf\n\ +key \"%s\" {\n\ + algorithm hmac-md5;\n\ + secret \"%.*s\";\n\ +};\n\ +\n\ +options {\n\ + default-key \"%s\";\n\ + default-server %s;\n\ + default-port %d;\n\ +};\n\ +# End of rndc.conf\n\ +\n\ +# Use with the following in named.conf, adjusting the allow list as needed:\n\ +# key \"%s\" {\n\ +# algorithm hmac-md5;\n\ +# secret \"%.*s\";\n\ +# };\n\ +# \n\ +# controls {\n\ +# inet %s port %d\n\ +# allow { %s; } keys { \"%s\"; };\n\ +# };\n\ +# End of named.conf\n", + keyname, + (int)isc_buffer_usedlength(&key_txtbuffer), + (char *)isc_buffer_base(&key_txtbuffer), + keyname, serveraddr, port, + keyname, + (int)isc_buffer_usedlength(&key_txtbuffer), + (char *)isc_buffer_base(&key_txtbuffer), + serveraddr, port, serveraddr, keyname); + } + + if (show_final_mem) + isc_mem_stats(mctx, stderr); + + isc_mem_destroy(&mctx); + + return (0); +} diff --git a/contrib/bind9/bin/rndc/rndc-confgen.docbook b/contrib/bind9/bin/rndc/rndc-confgen.docbook new file mode 100644 index 000000000000..272de459c19a --- /dev/null +++ b/contrib/bind9/bin/rndc/rndc-confgen.docbook @@ -0,0 +1,273 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<!-- + - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2001, 2003 Internet Software Consortium. + - + - Permission to use, copy, modify, and distribute this software for any + - purpose with or without fee is hereby granted, provided that the above + - copyright notice and this permission notice appear in all copies. + - + - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + - PERFORMANCE OF THIS SOFTWARE. +--> + +<!-- $Id: rndc-confgen.docbook,v 1.3.2.1.4.3 2004/06/03 02:24:58 marka Exp $ --> + +<refentry> + <refentryinfo> + <date>Aug 27, 2001</date> + </refentryinfo> + + <refmeta> + <refentrytitle><application>rndc-confgen</application></refentrytitle> + <manvolnum>8</manvolnum> + <refmiscinfo>BIND9</refmiscinfo> + </refmeta> + + <refnamediv> + <refname><application>rndc-confgen</application></refname> + <refpurpose>rndc key generation tool</refpurpose> + </refnamediv> + + <refsynopsisdiv> + <cmdsynopsis> + <command>rndc-confgen</command> + <arg><option>-a</option></arg> + <arg><option>-b <replaceable class="parameter">keysize</replaceable></option></arg> + <arg><option>-c <replaceable class="parameter">keyfile</replaceable></option></arg> + <arg><option>-h</option></arg> + <arg><option>-k <replaceable class="parameter">keyname</replaceable></option></arg> + <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg> + <arg><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg> + <arg><option>-s <replaceable class="parameter">address</replaceable></option></arg> + <arg><option>-t <replaceable class="parameter">chrootdir</replaceable></option></arg> + <arg><option>-u <replaceable class="parameter">user</replaceable></option></arg> + </cmdsynopsis> + </refsynopsisdiv> + + <refsect1> + <title>DESCRIPTION</title> + <para> + <command>rndc-confgen</command> generates configuration files + for <command>rndc</command>. It can be used as a + convenient alternative to writing the + <filename>rndc.conf</filename> file + and the corresponding <command>controls</command> + and <command>key</command> + statements in <filename>named.conf</filename> by hand. + Alternatively, it can be run with the <command>-a</command> + option to set up a <filename>rndc.key</filename> file and + avoid the need for a <filename>rndc.conf</filename> file + and a <command>controls</command> statement altogether. + </para> + + </refsect1> + + <refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>-a</term> + <listitem> + <para> + Do automatic <command>rndc</command> configuration. + This creates a file <filename>rndc.key</filename> + in <filename>/etc</filename> (or whatever + <varname>sysconfdir</varname> + was specified as when <acronym>BIND</acronym> was built) + that is read by both <command>rndc</command> + and <command>named</command> on startup. The + <filename>rndc.key</filename> file defines a default + command channel and authentication key allowing + <command>rndc</command> to communicate with + <command>named</command> on the local host + with no further configuration. + </para> + <para> + Running <command>rndc-confgen -a</command> allows + BIND 9 and <command>rndc</command> to be used as drop-in + replacements for BIND 8 and <command>ndc</command>, + with no changes to the existing BIND 8 + <filename>named.conf</filename> file. + </para> + <para> + If a more elaborate configuration than that + generated by <command>rndc-confgen -a</command> + is required, for example if rndc is to be used remotely, + you should run <command>rndc-confgen</command> without the + <command>-a</command> option and set up a + <filename>rndc.conf</filename> and + <filename>named.conf</filename> + as directed. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-b <replaceable class="parameter">keysize</replaceable></term> + <listitem> + <para> + Specifies the size of the authentication key in bits. + Must be between 1 and 512 bits; the default is 128. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-c <replaceable class="parameter">keyfile</replaceable></term> + <listitem> + <para> + Used with the <command>-a</command> option to specify + an alternate location for <filename>rndc.key</filename>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-h</term> + <listitem> + <para> + Prints a short summary of the options and arguments to + <command>rndc-confgen</command>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-k <replaceable class="parameter">keyname</replaceable></term> + <listitem> + <para> + Specifies the key name of the rndc authentication key. + This must be a valid domain name. + The default is <constant>rndc-key</constant>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-p <replaceable class="parameter">port</replaceable></term> + <listitem> + <para> + Specifies the command channel port where <command>named</command> + listens for connections from <command>rndc</command>. + The default is 953. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-r <replaceable class="parameter">randomfile</replaceable></term> + <listitem> + <para> + Specifies a source of random data for generating the + authorization. If the operating + system does not provide a <filename>/dev/random</filename> + or equivalent device, the default source of randomness + is keyboard input. <filename>randomdev</filename> specifies + the name of a character device or file containing random + data to be used instead of the default. The special value + <filename>keyboard</filename> indicates that keyboard + input should be used. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-s <replaceable class="parameter">address</replaceable></term> + <listitem> + <para> + Specifies the IP address where <command>named</command> + listens for command channel connections from + <command>rndc</command>. The default is the loopback + address 127.0.0.1. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-t <replaceable class="parameter">chrootdir</replaceable></term> + <listitem> + <para> + Used with the <command>-a</command> option to specify + a directory where <command>named</command> will run + chrooted. An additional copy of the <filename>rndc.key</filename> + will be written relative to this directory so that + it will be found by the chrooted <command>named</command>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-u <replaceable class="parameter">user</replaceable></term> + <listitem> + <para> + Used with the <command>-a</command> option to set the owner + of the <filename>rndc.key</filename> file generated. If + <command>-t</command> is also specified only the file in + the chroot area has its owner changed. + </para> + </listitem> + </varlistentry> + + </variablelist> + </refsect1> + + <refsect1> + <title>EXAMPLES</title> + <para> + To allow <command>rndc</command> to be used with + no manual configuration, run + </para> + <para> + <userinput>rndc-confgen -a</userinput> + </para> + <para> + To print a sample <filename>rndc.conf</filename> file and + corresponding <command>controls</command> and <command>key</command> + statements to be manually inserted into <filename>named.conf</filename>, + run + </para> + <para> + <userinput>rndc-confgen</userinput> + </para> + </refsect1> + + <refsect1> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>rndc</refentrytitle> + <manvolnum>8</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>rndc.conf</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>named</refentrytitle> + <manvolnum>8</manvolnum> + </citerefentry>, + <citetitle>BIND 9 Administrator Reference Manual</citetitle>. + </para> + </refsect1> + + <refsect1> + <title>AUTHOR</title> + <para> + <corpauthor>Internet Systems Consortium</corpauthor> + </para> + </refsect1> + +</refentry> + +<!-- + - Local variables: + - mode: sgml + - End: +--> diff --git a/contrib/bind9/bin/rndc/rndc-confgen.html b/contrib/bind9/bin/rndc/rndc-confgen.html new file mode 100644 index 000000000000..7292be2f99dc --- /dev/null +++ b/contrib/bind9/bin/rndc/rndc-confgen.html @@ -0,0 +1,538 @@ +<!-- + - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2001-2003 Internet Software Consortium. + - + - Permission to use, copy, modify, and distribute this software for any + - purpose with or without fee is hereby granted, provided that the above + - copyright notice and this permission notice appear in all copies. + - + - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + - PERFORMANCE OF THIS SOFTWARE. +--> + +<!-- $Id: rndc-confgen.html,v 1.3.2.5.2.4 2004/08/22 23:39:00 marka Exp $ --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML +><HEAD +><TITLE +>rndc-confgen</TITLE +><META +NAME="GENERATOR" +CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD +><BODY +CLASS="REFENTRY" +BGCOLOR="#FFFFFF" +TEXT="#000000" +LINK="#0000FF" +VLINK="#840084" +ALINK="#0000FF" +><H1 +><A +NAME="AEN1" +></A +><SPAN +CLASS="APPLICATION" +>rndc-confgen</SPAN +></H1 +><DIV +CLASS="REFNAMEDIV" +><A +NAME="AEN9" +></A +><H2 +>Name</H2 +><SPAN +CLASS="APPLICATION" +>rndc-confgen</SPAN +> -- rndc key generation tool</DIV +><DIV +CLASS="REFSYNOPSISDIV" +><A +NAME="AEN13" +></A +><H2 +>Synopsis</H2 +><P +><B +CLASS="COMMAND" +>rndc-confgen</B +> [<VAR +CLASS="OPTION" +>-a</VAR +>] [<VAR +CLASS="OPTION" +>-b <VAR +CLASS="REPLACEABLE" +>keysize</VAR +></VAR +>] [<VAR +CLASS="OPTION" +>-c <VAR +CLASS="REPLACEABLE" +>keyfile</VAR +></VAR +>] [<VAR +CLASS="OPTION" +>-h</VAR +>] [<VAR +CLASS="OPTION" +>-k <VAR +CLASS="REPLACEABLE" +>keyname</VAR +></VAR +>] [<VAR +CLASS="OPTION" +>-p <VAR +CLASS="REPLACEABLE" +>port</VAR +></VAR +>] [<VAR +CLASS="OPTION" +>-r <VAR +CLASS="REPLACEABLE" +>randomfile</VAR +></VAR +>] [<VAR +CLASS="OPTION" +>-s <VAR +CLASS="REPLACEABLE" +>address</VAR +></VAR +>] [<VAR +CLASS="OPTION" +>-t <VAR +CLASS="REPLACEABLE" +>chrootdir</VAR +></VAR +>] [<VAR +CLASS="OPTION" +>-u <VAR +CLASS="REPLACEABLE" +>user</VAR +></VAR +>]</P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN44" +></A +><H2 +>DESCRIPTION</H2 +><P +> <B +CLASS="COMMAND" +>rndc-confgen</B +> generates configuration files + for <B +CLASS="COMMAND" +>rndc</B +>. It can be used as a + convenient alternative to writing the + <TT +CLASS="FILENAME" +>rndc.conf</TT +> file + and the corresponding <B +CLASS="COMMAND" +>controls</B +> + and <B +CLASS="COMMAND" +>key</B +> + statements in <TT +CLASS="FILENAME" +>named.conf</TT +> by hand. + Alternatively, it can be run with the <B +CLASS="COMMAND" +>-a</B +> + option to set up a <TT +CLASS="FILENAME" +>rndc.key</TT +> file and + avoid the need for a <TT +CLASS="FILENAME" +>rndc.conf</TT +> file + and a <B +CLASS="COMMAND" +>controls</B +> statement altogether. + </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN57" +></A +><H2 +>OPTIONS</H2 +><P +></P +><DIV +CLASS="VARIABLELIST" +><DL +><DT +>-a</DT +><DD +><P +> Do automatic <B +CLASS="COMMAND" +>rndc</B +> configuration. + This creates a file <TT +CLASS="FILENAME" +>rndc.key</TT +> + in <TT +CLASS="FILENAME" +>/etc</TT +> (or whatever + <VAR +CLASS="VARNAME" +>sysconfdir</VAR +> + was specified as when <ACRONYM +CLASS="ACRONYM" +>BIND</ACRONYM +> was built) + that is read by both <B +CLASS="COMMAND" +>rndc</B +> + and <B +CLASS="COMMAND" +>named</B +> on startup. The + <TT +CLASS="FILENAME" +>rndc.key</TT +> file defines a default + command channel and authentication key allowing + <B +CLASS="COMMAND" +>rndc</B +> to communicate with + <B +CLASS="COMMAND" +>named</B +> on the local host + with no further configuration. + </P +><P +> Running <B +CLASS="COMMAND" +>rndc-confgen -a</B +> allows + BIND 9 and <B +CLASS="COMMAND" +>rndc</B +> to be used as drop-in + replacements for BIND 8 and <B +CLASS="COMMAND" +>ndc</B +>, + with no changes to the existing BIND 8 + <TT +CLASS="FILENAME" +>named.conf</TT +> file. + </P +><P +> If a more elaborate configuration than that + generated by <B +CLASS="COMMAND" +>rndc-confgen -a</B +> + is required, for example if rndc is to be used remotely, + you should run <B +CLASS="COMMAND" +>rndc-confgen</B +> without the + <B +CLASS="COMMAND" +>-a</B +> option and set up a + <TT +CLASS="FILENAME" +>rndc.conf</TT +> and + <TT +CLASS="FILENAME" +>named.conf</TT +> + as directed. + </P +></DD +><DT +>-b <VAR +CLASS="REPLACEABLE" +>keysize</VAR +></DT +><DD +><P +> Specifies the size of the authentication key in bits. + Must be between 1 and 512 bits; the default is 128. + </P +></DD +><DT +>-c <VAR +CLASS="REPLACEABLE" +>keyfile</VAR +></DT +><DD +><P +> Used with the <B +CLASS="COMMAND" +>-a</B +> option to specify + an alternate location for <TT +CLASS="FILENAME" +>rndc.key</TT +>. + </P +></DD +><DT +>-h</DT +><DD +><P +> Prints a short summary of the options and arguments to + <B +CLASS="COMMAND" +>rndc-confgen</B +>. + </P +></DD +><DT +>-k <VAR +CLASS="REPLACEABLE" +>keyname</VAR +></DT +><DD +><P +> Specifies the key name of the rndc authentication key. + This must be a valid domain name. + The default is <CODE +CLASS="CONSTANT" +>rndc-key</CODE +>. + </P +></DD +><DT +>-p <VAR +CLASS="REPLACEABLE" +>port</VAR +></DT +><DD +><P +> Specifies the command channel port where <B +CLASS="COMMAND" +>named</B +> + listens for connections from <B +CLASS="COMMAND" +>rndc</B +>. + The default is 953. + </P +></DD +><DT +>-r <VAR +CLASS="REPLACEABLE" +>randomfile</VAR +></DT +><DD +><P +> Specifies a source of random data for generating the + authorization. If the operating + system does not provide a <TT +CLASS="FILENAME" +>/dev/random</TT +> + or equivalent device, the default source of randomness + is keyboard input. <TT +CLASS="FILENAME" +>randomdev</TT +> specifies + the name of a character device or file containing random + data to be used instead of the default. The special value + <TT +CLASS="FILENAME" +>keyboard</TT +> indicates that keyboard + input should be used. + </P +></DD +><DT +>-s <VAR +CLASS="REPLACEABLE" +>address</VAR +></DT +><DD +><P +> Specifies the IP address where <B +CLASS="COMMAND" +>named</B +> + listens for command channel connections from + <B +CLASS="COMMAND" +>rndc</B +>. The default is the loopback + address 127.0.0.1. + </P +></DD +><DT +>-t <VAR +CLASS="REPLACEABLE" +>chrootdir</VAR +></DT +><DD +><P +> Used with the <B +CLASS="COMMAND" +>-a</B +> option to specify + a directory where <B +CLASS="COMMAND" +>named</B +> will run + chrooted. An additional copy of the <TT +CLASS="FILENAME" +>rndc.key</TT +> + will be written relative to this directory so that + it will be found by the chrooted <B +CLASS="COMMAND" +>named</B +>. + </P +></DD +><DT +>-u <VAR +CLASS="REPLACEABLE" +>user</VAR +></DT +><DD +><P +> Used with the <B +CLASS="COMMAND" +>-a</B +> option to set the owner + of the <TT +CLASS="FILENAME" +>rndc.key</TT +> file generated. If + <B +CLASS="COMMAND" +>-t</B +> is also specified only the file in + the chroot area has its owner changed. + </P +></DD +></DL +></DIV +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN147" +></A +><H2 +>EXAMPLES</H2 +><P +> To allow <B +CLASS="COMMAND" +>rndc</B +> to be used with + no manual configuration, run + </P +><P +> <KBD +CLASS="USERINPUT" +>rndc-confgen -a</KBD +> + </P +><P +> To print a sample <TT +CLASS="FILENAME" +>rndc.conf</TT +> file and + corresponding <B +CLASS="COMMAND" +>controls</B +> and <B +CLASS="COMMAND" +>key</B +> + statements to be manually inserted into <TT +CLASS="FILENAME" +>named.conf</TT +>, + run + </P +><P +> <KBD +CLASS="USERINPUT" +>rndc-confgen</KBD +> + </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN160" +></A +><H2 +>SEE ALSO</H2 +><P +> <SPAN +CLASS="CITEREFENTRY" +><SPAN +CLASS="REFENTRYTITLE" +>rndc</SPAN +>(8)</SPAN +>, + <SPAN +CLASS="CITEREFENTRY" +><SPAN +CLASS="REFENTRYTITLE" +>rndc.conf</SPAN +>(5)</SPAN +>, + <SPAN +CLASS="CITEREFENTRY" +><SPAN +CLASS="REFENTRYTITLE" +>named</SPAN +>(8)</SPAN +>, + <I +CLASS="CITETITLE" +>BIND 9 Administrator Reference Manual</I +>. + </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN173" +></A +><H2 +>AUTHOR</H2 +><P +> Internet Systems Consortium + </P +></DIV +></BODY +></HTML +> diff --git a/contrib/bind9/bin/rndc/rndc.8 b/contrib/bind9/bin/rndc/rndc.8 new file mode 100644 index 000000000000..356883bc4147 --- /dev/null +++ b/contrib/bind9/bin/rndc/rndc.8 @@ -0,0 +1,118 @@ +.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2000, 2001 Internet Software Consortium. +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +.\" PERFORMANCE OF THIS SOFTWARE. +.\" +.\" $Id: rndc.8,v 1.24.206.2 2004/06/03 05:35:49 marka Exp $ +.\" +.TH "RNDC" "8" "June 30, 2000" "BIND9" "" +.SH NAME +rndc \- name server control utility +.SH SYNOPSIS +.sp +\fBrndc\fR [ \fB-c \fIconfig-file\fB\fR ] [ \fB-k \fIkey-file\fB\fR ] [ \fB-s \fIserver\fB\fR ] [ \fB-p \fIport\fB\fR ] [ \fB-V\fR ] [ \fB-y \fIkey_id\fB\fR ] \fBcommand\fR +.SH "DESCRIPTION" +.PP +\fBrndc\fR controls the operation of a name +server. It supersedes the \fBndc\fR utility +that was provided in old BIND releases. If +\fBrndc\fR is invoked with no command line +options or arguments, it prints a short summary of the +supported commands and the available options and their +arguments. +.PP +\fBrndc\fR communicates with the name server +over a TCP connection, sending commands authenticated with +digital signatures. In the current versions of +\fBrndc\fR and \fBnamed\fR named +the only supported authentication algorithm is HMAC-MD5, +which uses a shared secret on each end of the connection. +This provides TSIG-style authentication for the command +request and the name server's response. All commands sent +over the channel must be signed by a key_id known to the +server. +.PP +\fBrndc\fR reads a configuration file to +determine how to contact the name server and decide what +algorithm and key it should use. +.SH "OPTIONS" +.TP +\fB-c \fIconfig-file\fB\fR +Use \fIconfig-file\fR +as the configuration file instead of the default, +\fI/etc/rndc.conf\fR. +.TP +\fB-k \fIkey-file\fB\fR +Use \fIkey-file\fR +as the key file instead of the default, +\fI/etc/rndc.key\fR. The key in +\fI/etc/rndc.key\fR will be used to authenticate +commands sent to the server if the \fIconfig-file\fR +does not exist. +.TP +\fB-s \fIserver\fB\fR +\fIserver\fR is +the name or address of the server which matches a +server statement in the configuration file for +\fBrndc\fR. If no server is supplied on the +command line, the host named by the default-server clause +in the option statement of the configuration file will be +used. +.TP +\fB-p \fIport\fB\fR +Send commands to TCP port +\fIport\fR instead +of BIND 9's default control channel port, 953. +.TP +\fB-V\fR +Enable verbose logging. +.TP +\fB-y \fIkeyid\fB\fR +Use the key \fIkeyid\fR +from the configuration file. +\fIkeyid\fR must be +known by named with the same algorithm and secret string +in order for control message validation to succeed. +If no \fIkeyid\fR +is specified, \fBrndc\fR will first look +for a key clause in the server statement of the server +being used, or if no server statement is present for that +host, then the default-key clause of the options statement. +Note that the configuration file contains shared secrets +which are used to send authenticated control commands +to name servers. It should therefore not have general read +or write access. +.PP +For the complete set of commands supported by \fBrndc\fR, +see the BIND 9 Administrator Reference Manual or run +\fBrndc\fR without arguments to see its help message. +.PP +.SH "LIMITATIONS" +.PP +\fBrndc\fR does not yet support all the commands of +the BIND 8 \fBndc\fR utility. +.PP +There is currently no way to provide the shared secret for a +\fBkey_id\fR without using the configuration file. +.PP +Several error messages could be clearer. +.SH "SEE ALSO" +.PP +\fBrndc.conf\fR(5), +\fBnamed\fR(8), +\fBnamed.conf\fR(5) +\fBndc\fR(8), +\fIBIND 9 Administrator Reference Manual\fR. +.SH "AUTHOR" +.PP +Internet Systems Consortium diff --git a/contrib/bind9/bin/rndc/rndc.c b/contrib/bind9/bin/rndc/rndc.c new file mode 100644 index 000000000000..9ea07ac00eb3 --- /dev/null +++ b/contrib/bind9/bin/rndc/rndc.c @@ -0,0 +1,687 @@ +/* + * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2000-2003 Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: rndc.c,v 1.77.2.5.2.12 2004/03/08 04:04:23 marka Exp $ */ + +/* + * Principal Author: DCL + */ + +#include <config.h> + +#include <stdlib.h> + +#include <isc/app.h> +#include <isc/buffer.h> +#include <isc/commandline.h> +#include <isc/file.h> +#include <isc/log.h> +#include <isc/mem.h> +#include <isc/random.h> +#include <isc/socket.h> +#include <isc/stdtime.h> +#include <isc/string.h> +#include <isc/task.h> +#include <isc/thread.h> +#include <isc/util.h> + +#include <isccfg/namedconf.h> + +#include <isccc/alist.h> +#include <isccc/base64.h> +#include <isccc/cc.h> +#include <isccc/ccmsg.h> +#include <isccc/result.h> +#include <isccc/sexpr.h> +#include <isccc/types.h> +#include <isccc/util.h> + +#include <bind9/getaddresses.h> + +#include "util.h" + +#define SERVERADDRS 10 + +char *progname; +isc_boolean_t verbose; + +static const char *admin_conffile; +static const char *admin_keyfile; +static const char *version = VERSION; +static const char *servername = NULL; +static isc_sockaddr_t serveraddrs[SERVERADDRS]; +static int nserveraddrs; +static int currentaddr = 0; +static unsigned int remoteport = 0; +static isc_socketmgr_t *socketmgr = NULL; +static unsigned char databuf[2048]; +static isccc_ccmsg_t ccmsg; +static isccc_region_t secret; +static isc_boolean_t failed = ISC_FALSE; +static isc_mem_t *mctx; +static int sends, recvs, connects; +static char *command; +static char *args; +static char program[256]; +static isc_socket_t *sock = NULL; +static isc_uint32_t serial; + +static void rndc_startconnect(isc_sockaddr_t *addr, isc_task_t *task); + +static void +usage(int status) { + fprintf(stderr, "\ +Usage: %s [-c config] [-s server] [-p port]\n\ + [-k key-file ] [-y key] [-V] command\n\ +\n\ +command is one of the following:\n\ +\n\ + reload Reload configuration file and zones.\n\ + reload zone [class [view]]\n\ + Reload a single zone.\n\ + refresh zone [class [view]]\n\ + Schedule immediate maintenance for a zone.\n\ + retransfer zone [class [view]]\n\ + Retransfer a single zone without checking serial number.\n\ + freeze zone [class [view]]\n\ + Suspend updates to a dynamic zone.\n\ + unfreeze zone [class [view]]\n\ + Enable updates to a frozen dynamic zone and reload it.\n\ + reconfig Reload configuration file and new zones only.\n\ + stats Write server statistics to the statistics file.\n\ + querylog Toggle query logging.\n\ + dumpdb Dump cache(s) to the dump file (named_dump.db).\n\ + stop Save pending updates to master files and stop the server.\n\ + stop -p Save pending updates to master files and stop the server\n\ + reporting process id.\n\ + halt Stop the server without saving pending updates.\n\ + halt -p Stop the server without saving pending updates reporting\n\ + process id.\n\ + trace Increment debugging level by one.\n\ + trace level Change the debugging level.\n\ + notrace Set debugging level to 0.\n\ + flush Flushes all of the server's caches.\n\ + flush [view] Flushes the server's cache for a view.\n\ + flushname name [view]\n\ + Flush the given name from the server's cache(s)\n\ + status Display status of the server.\n\ + recursing Dump the queries that are currently recursing (named.recursing)\n\ + *restart Restart the server.\n\ +\n\ +* == not yet implemented\n\ +Version: %s\n", + progname, version); + + exit(status); +} + +static void +get_addresses(const char *host, in_port_t port) { + isc_result_t result; + + isc_app_block(); + result = bind9_getaddresses(servername, port, + serveraddrs, SERVERADDRS, &nserveraddrs); + isc_app_unblock(); + if (result != ISC_R_SUCCESS) + fatal("couldn't get address for '%s': %s", + host, isc_result_totext(result)); + INSIST(nserveraddrs > 0); +} + +static void +rndc_senddone(isc_task_t *task, isc_event_t *event) { + isc_socketevent_t *sevent = (isc_socketevent_t *)event; + + UNUSED(task); + + sends--; + if (sevent->result != ISC_R_SUCCESS) + fatal("send failed: %s", isc_result_totext(sevent->result)); + isc_event_free(&event); +} + +static void +rndc_recvdone(isc_task_t *task, isc_event_t *event) { + isccc_sexpr_t *response = NULL; + isccc_sexpr_t *data; + isccc_region_t source; + char *errormsg = NULL; + char *textmsg = NULL; + isc_result_t result; + + recvs--; + + if (ccmsg.result == ISC_R_EOF) + fatal("connection to remote host closed\n" + "This may indicate that the remote server is using " + "an older version of \n" + "the command protocol, this host is not authorized " + "to connect,\nor the key is invalid."); + + if (ccmsg.result != ISC_R_SUCCESS) + fatal("recv failed: %s", isc_result_totext(ccmsg.result)); + + source.rstart = isc_buffer_base(&ccmsg.buffer); + source.rend = isc_buffer_used(&ccmsg.buffer); + + DO("parse message", isccc_cc_fromwire(&source, &response, &secret)); + + data = isccc_alist_lookup(response, "_data"); + if (data == NULL) + fatal("no data section in response"); + result = isccc_cc_lookupstring(data, "err", &errormsg); + if (result == ISC_R_SUCCESS) { + failed = ISC_TRUE; + fprintf(stderr, "%s: '%s' failed: %s\n", + progname, command, errormsg); + } + else if (result != ISC_R_NOTFOUND) + fprintf(stderr, "%s: parsing response failed: %s\n", + progname, isc_result_totext(result)); + + result = isccc_cc_lookupstring(data, "text", &textmsg); + if (result == ISC_R_SUCCESS) + printf("%s\n", textmsg); + else if (result != ISC_R_NOTFOUND) + fprintf(stderr, "%s: parsing response failed: %s\n", + progname, isc_result_totext(result)); + + isc_event_free(&event); + isccc_sexpr_free(&response); + isc_socket_detach(&sock); + isc_task_shutdown(task); + RUNTIME_CHECK(isc_app_shutdown() == ISC_R_SUCCESS); +} + +static void +rndc_recvnonce(isc_task_t *task, isc_event_t *event) { + isccc_sexpr_t *response = NULL; + isccc_sexpr_t *_ctrl; + isccc_region_t source; + isc_result_t result; + isc_uint32_t nonce; + isccc_sexpr_t *request = NULL; + isccc_time_t now; + isc_region_t r; + isccc_sexpr_t *data; + isccc_region_t message; + isc_uint32_t len; + isc_buffer_t b; + + recvs--; + + if (ccmsg.result == ISC_R_EOF) + fatal("connection to remote host closed\n" + "This may indicate that the remote server is using " + "an older version of \n" + "the command protocol, this host is not authorized " + "to connect,\nor the key is invalid."); + + if (ccmsg.result != ISC_R_SUCCESS) + fatal("recv failed: %s", isc_result_totext(ccmsg.result)); + + source.rstart = isc_buffer_base(&ccmsg.buffer); + source.rend = isc_buffer_used(&ccmsg.buffer); + + DO("parse message", isccc_cc_fromwire(&source, &response, &secret)); + + _ctrl = isccc_alist_lookup(response, "_ctrl"); + if (_ctrl == NULL) + fatal("_ctrl section missing"); + nonce = 0; + if (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS) + nonce = 0; + + isc_stdtime_get(&now); + + DO("create message", isccc_cc_createmessage(1, NULL, NULL, ++serial, + now, now + 60, &request)); + data = isccc_alist_lookup(request, "_data"); + if (data == NULL) + fatal("_data section missing"); + if (isccc_cc_definestring(data, "type", args) == NULL) + fatal("out of memory"); + if (nonce != 0) { + _ctrl = isccc_alist_lookup(request, "_ctrl"); + if (_ctrl == NULL) + fatal("_ctrl section missing"); + if (isccc_cc_defineuint32(_ctrl, "_nonce", nonce) == NULL) + fatal("out of memory"); + } + message.rstart = databuf + 4; + message.rend = databuf + sizeof(databuf); + DO("render message", isccc_cc_towire(request, &message, &secret)); + len = sizeof(databuf) - REGION_SIZE(message); + isc_buffer_init(&b, databuf, 4); + isc_buffer_putuint32(&b, len - 4); + r.length = len; + r.base = databuf; + + isccc_ccmsg_cancelread(&ccmsg); + DO("schedule recv", isccc_ccmsg_readmessage(&ccmsg, task, + rndc_recvdone, NULL)); + recvs++; + DO("send message", isc_socket_send(sock, &r, task, rndc_senddone, + NULL)); + sends++; + + isc_event_free(&event); + isccc_sexpr_free(&response); + return; +} + +static void +rndc_connected(isc_task_t *task, isc_event_t *event) { + isc_socketevent_t *sevent = (isc_socketevent_t *)event; + isccc_sexpr_t *request = NULL; + isccc_sexpr_t *data; + isccc_time_t now; + isccc_region_t message; + isc_region_t r; + isc_uint32_t len; + isc_buffer_t b; + isc_result_t result; + + connects--; + + if (sevent->result != ISC_R_SUCCESS) { + if (sevent->result != ISC_R_CANCELED && + currentaddr < nserveraddrs) + { + notify("connection failed: %s", + isc_result_totext(sevent->result)); + isc_socket_detach(&sock); + isc_event_free(&event); + rndc_startconnect(&serveraddrs[currentaddr++], task); + return; + } else + fatal("connect failed: %s", + isc_result_totext(sevent->result)); + } + + isc_stdtime_get(&now); + DO("create message", isccc_cc_createmessage(1, NULL, NULL, ++serial, + now, now + 60, &request)); + data = isccc_alist_lookup(request, "_data"); + if (data == NULL) + fatal("_data section missing"); + if (isccc_cc_definestring(data, "type", "null") == NULL) + fatal("out of memory"); + message.rstart = databuf + 4; + message.rend = databuf + sizeof(databuf); + DO("render message", isccc_cc_towire(request, &message, &secret)); + len = sizeof(databuf) - REGION_SIZE(message); + isc_buffer_init(&b, databuf, 4); + isc_buffer_putuint32(&b, len - 4); + r.length = len; + r.base = databuf; + + isccc_ccmsg_init(mctx, sock, &ccmsg); + isccc_ccmsg_setmaxsize(&ccmsg, 1024); + + DO("schedule recv", isccc_ccmsg_readmessage(&ccmsg, task, + rndc_recvnonce, NULL)); + recvs++; + DO("send message", isc_socket_send(sock, &r, task, rndc_senddone, + NULL)); + sends++; + isc_event_free(&event); +} + +static void +rndc_startconnect(isc_sockaddr_t *addr, isc_task_t *task) { + isc_result_t result; + + char socktext[ISC_SOCKADDR_FORMATSIZE]; + + isc_sockaddr_format(addr, socktext, sizeof(socktext)); + + notify("using server %s (%s)", servername, socktext); + + DO("create socket", isc_socket_create(socketmgr, + isc_sockaddr_pf(addr), + isc_sockettype_tcp, &sock)); + DO("connect", isc_socket_connect(sock, addr, task, rndc_connected, + NULL)); + connects++; +} + +static void +rndc_start(isc_task_t *task, isc_event_t *event) { + isc_event_free(&event); + + get_addresses(servername, (in_port_t) remoteport); + + currentaddr = 0; + rndc_startconnect(&serveraddrs[currentaddr++], task); +} + +static void +parse_config(isc_mem_t *mctx, isc_log_t *log, const char *keyname, + cfg_parser_t **pctxp, cfg_obj_t **configp) +{ + isc_result_t result; + const char *conffile = admin_conffile; + cfg_obj_t *defkey = NULL; + cfg_obj_t *options = NULL; + cfg_obj_t *servers = NULL; + cfg_obj_t *server = NULL; + cfg_obj_t *keys = NULL; + cfg_obj_t *key = NULL; + cfg_obj_t *defport = NULL; + cfg_obj_t *secretobj = NULL; + cfg_obj_t *algorithmobj = NULL; + cfg_obj_t *config = NULL; + cfg_listelt_t *elt; + const char *secretstr; + const char *algorithm; + static char secretarray[1024]; + const cfg_type_t *conftype = &cfg_type_rndcconf; + isc_boolean_t key_only = ISC_FALSE; + + if (! isc_file_exists(conffile)) { + conffile = admin_keyfile; + conftype = &cfg_type_rndckey; + + if (! isc_file_exists(conffile)) + fatal("neither %s nor %s was found", + admin_conffile, admin_keyfile); + key_only = ISC_TRUE; + } + + DO("create parser", cfg_parser_create(mctx, log, pctxp)); + + /* + * The parser will output its own errors, so DO() is not used. + */ + result = cfg_parse_file(*pctxp, conffile, conftype, &config); + if (result != ISC_R_SUCCESS) + fatal("could not load rndc configuration"); + + if (!key_only) + (void)cfg_map_get(config, "options", &options); + + if (key_only && servername == NULL) + servername = "127.0.0.1"; + else if (servername == NULL && options != NULL) { + cfg_obj_t *defserverobj = NULL; + (void)cfg_map_get(options, "default-server", &defserverobj); + if (defserverobj != NULL) + servername = cfg_obj_asstring(defserverobj); + } + + if (servername == NULL) + fatal("no server specified and no default"); + + if (!key_only) { + (void)cfg_map_get(config, "server", &servers); + if (servers != NULL) { + for (elt = cfg_list_first(servers); + elt != NULL; + elt = cfg_list_next(elt)) + { + const char *name; + server = cfg_listelt_value(elt); + name = cfg_obj_asstring(cfg_map_getname(server)); + if (strcasecmp(name, servername) == 0) + break; + server = NULL; + } + } + } + + /* + * Look for the name of the key to use. + */ + if (keyname != NULL) + ; /* Was set on command line, do nothing. */ + else if (server != NULL) { + DO("get key for server", cfg_map_get(server, "key", &defkey)); + keyname = cfg_obj_asstring(defkey); + } else if (options != NULL) { + DO("get default key", cfg_map_get(options, "default-key", + &defkey)); + keyname = cfg_obj_asstring(defkey); + } else if (!key_only) + fatal("no key for server and no default"); + + /* + * Get the key's definition. + */ + if (key_only) + DO("get key", cfg_map_get(config, "key", &key)); + else { + DO("get config key list", cfg_map_get(config, "key", &keys)); + for (elt = cfg_list_first(keys); + elt != NULL; + elt = cfg_list_next(elt)) + { + key = cfg_listelt_value(elt); + if (strcasecmp(cfg_obj_asstring(cfg_map_getname(key)), + keyname) == 0) + break; + } + if (elt == NULL) + fatal("no key definition for name %s", keyname); + } + (void)cfg_map_get(key, "secret", &secretobj); + (void)cfg_map_get(key, "algorithm", &algorithmobj); + if (secretobj == NULL || algorithmobj == NULL) + fatal("key must have algorithm and secret"); + + secretstr = cfg_obj_asstring(secretobj); + algorithm = cfg_obj_asstring(algorithmobj); + + if (strcasecmp(algorithm, "hmac-md5") != 0) + fatal("unsupported algorithm: %s", algorithm); + + secret.rstart = (unsigned char *)secretarray; + secret.rend = (unsigned char *)secretarray + sizeof(secretarray); + DO("decode base64 secret", isccc_base64_decode(secretstr, &secret)); + secret.rend = secret.rstart; + secret.rstart = (unsigned char *)secretarray; + + /* + * Find the port to connect to. + */ + if (remoteport != 0) + ; /* Was set on command line, do nothing. */ + else { + if (server != NULL) + (void)cfg_map_get(server, "port", &defport); + if (defport == NULL && options != NULL) + (void)cfg_map_get(options, "default-port", &defport); + } + if (defport != NULL) { + remoteport = cfg_obj_asuint32(defport); + if (remoteport > 65535 || remoteport == 0) + fatal("port %d out of range", remoteport); + } else if (remoteport == 0) + remoteport = NS_CONTROL_PORT; + + *configp = config; +} + +int +main(int argc, char **argv) { + isc_boolean_t show_final_mem = ISC_FALSE; + isc_result_t result = ISC_R_SUCCESS; + isc_taskmgr_t *taskmgr = NULL; + isc_task_t *task = NULL; + isc_log_t *log = NULL; + isc_logconfig_t *logconfig = NULL; + isc_logdestination_t logdest; + cfg_parser_t *pctx = NULL; + cfg_obj_t *config = NULL; + const char *keyname = NULL; + char *p; + size_t argslen; + int ch; + int i; + + result = isc_file_progname(*argv, program, sizeof(program)); + if (result != ISC_R_SUCCESS) + memcpy(program, "rndc", 5); + progname = program; + + admin_conffile = RNDC_CONFFILE; + admin_keyfile = RNDC_KEYFILE; + + result = isc_app_start(); + if (result != ISC_R_SUCCESS) + fatal("isc_app_start() failed: %s", isc_result_totext(result)); + + while ((ch = isc_commandline_parse(argc, argv, "c:k:Mmp:s:Vy:")) + != -1) { + switch (ch) { + case 'c': + admin_conffile = isc_commandline_argument; + break; + + case 'k': + admin_keyfile = isc_commandline_argument; + break; + + case 'M': + isc_mem_debugging = ISC_MEM_DEBUGTRACE; + break; + + case 'm': + show_final_mem = ISC_TRUE; + break; + + case 'p': + remoteport = atoi(isc_commandline_argument); + if (remoteport > 65535 || remoteport == 0) + fatal("port '%s' out of range", + isc_commandline_argument); + break; + + case 's': + servername = isc_commandline_argument; + break; + case 'V': + verbose = ISC_TRUE; + break; + case 'y': + keyname = isc_commandline_argument; + break; + case '?': + usage(0); + break; + default: + fatal("unexpected error parsing command arguments: " + "got %c\n", ch); + break; + } + } + + argc -= isc_commandline_index; + argv += isc_commandline_index; + + if (argc < 1) + usage(1); + + isc_random_get(&serial); + + DO("create memory context", isc_mem_create(0, 0, &mctx)); + DO("create socket manager", isc_socketmgr_create(mctx, &socketmgr)); + DO("create task manager", isc_taskmgr_create(mctx, 1, 0, &taskmgr)); + DO("create task", isc_task_create(taskmgr, 0, &task)); + + DO("create logging context", isc_log_create(mctx, &log, &logconfig)); + isc_log_setcontext(log); + DO("setting log tag", isc_log_settag(logconfig, progname)); + logdest.file.stream = stderr; + logdest.file.name = NULL; + logdest.file.versions = ISC_LOG_ROLLNEVER; + logdest.file.maximum_size = 0; + DO("creating log channel", + isc_log_createchannel(logconfig, "stderr", + ISC_LOG_TOFILEDESC, ISC_LOG_INFO, &logdest, + ISC_LOG_PRINTTAG|ISC_LOG_PRINTLEVEL)); + DO("enabling log channel", isc_log_usechannel(logconfig, "stderr", + NULL, NULL)); + + parse_config(mctx, log, keyname, &pctx, &config); + + isccc_result_register(); + + command = *argv; + + /* + * Convert argc/argv into a space-delimited command string + * similar to what the user might enter in interactive mode + * (if that were implemented). + */ + argslen = 0; + for (i = 0; i < argc; i++) + argslen += strlen(argv[i]) + 1; + + args = isc_mem_get(mctx, argslen); + if (args == NULL) + DO("isc_mem_get", ISC_R_NOMEMORY); + + p = args; + for (i = 0; i < argc; i++) { + size_t len = strlen(argv[i]); + memcpy(p, argv[i], len); + p += len; + *p++ = ' '; + } + + p--; + *p++ = '\0'; + INSIST(p == args + argslen); + + notify("%s", command); + + if (strcmp(command, "restart") == 0) + fatal("'%s' is not implemented", command); + + DO("post event", isc_app_onrun(mctx, task, rndc_start, NULL)); + + result = isc_app_run(); + if (result != ISC_R_SUCCESS) + fatal("isc_app_run() failed: %s", isc_result_totext(result)); + + if (connects > 0 || sends > 0 || recvs > 0) + isc_socket_cancel(sock, task, ISC_SOCKCANCEL_ALL); + + isc_task_detach(&task); + isc_taskmgr_destroy(&taskmgr); + isc_socketmgr_destroy(&socketmgr); + isc_log_destroy(&log); + isc_log_setcontext(NULL); + + cfg_obj_destroy(pctx, &config); + cfg_parser_destroy(&pctx); + + isc_mem_put(mctx, args, argslen); + isccc_ccmsg_invalidate(&ccmsg); + + if (show_final_mem) + isc_mem_stats(mctx, stderr); + + isc_mem_destroy(&mctx); + + if (failed) + return (1); + + return (0); +} diff --git a/contrib/bind9/bin/rndc/rndc.conf b/contrib/bind9/bin/rndc/rndc.conf new file mode 100644 index 000000000000..1dc56074d715 --- /dev/null +++ b/contrib/bind9/bin/rndc/rndc.conf @@ -0,0 +1,36 @@ +/* + * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2000, 2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: rndc.conf,v 1.7.206.1 2004/03/06 10:21:32 marka Exp $ */ + +/* + * Sample rndc configuration file. + */ + +options { + default-server localhost; + default-key "key"; +}; + +server localhost { + key "key"; +}; + +key "key" { + algorithm hmac-md5; + secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K"; +}; diff --git a/contrib/bind9/bin/rndc/rndc.conf.5 b/contrib/bind9/bin/rndc/rndc.conf.5 new file mode 100644 index 000000000000..5b61cfb00c1e --- /dev/null +++ b/contrib/bind9/bin/rndc/rndc.conf.5 @@ -0,0 +1,142 @@ +.\" Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") +.\" Copyright (C) 2000, 2001 Internet Software Consortium. +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +.\" PERFORMANCE OF THIS SOFTWARE. +.\" +.\" $Id: rndc.conf.5,v 1.21.206.2 2004/06/03 05:35:50 marka Exp $ +.\" +.TH "RNDC.CONF" "5" "June 30, 2000" "BIND9" "" +.SH NAME +rndc.conf \- rndc configuration file +.SH SYNOPSIS +.sp +\fBrndc.conf\fR +.SH "DESCRIPTION" +.PP +\fIrndc.conf\fR is the configuration file +for \fBrndc\fR, the BIND 9 name server control +utility. This file has a similar structure and syntax to +\fInamed.conf\fR. Statements are enclosed +in braces and terminated with a semi-colon. Clauses in +the statements are also semi-colon terminated. The usual +comment styles are supported: +.PP +C style: /* */ +.PP +C++ style: // to end of line +.PP +Unix style: # to end of line +.PP +\fIrndc.conf\fR is much simpler than +\fInamed.conf\fR. The file uses three +statements: an options statement, a server statement +and a key statement. +.PP +The \fBoptions\fR statement contains three clauses. +The \fBdefault-server\fR clause is followed by the +name or address of a name server. This host will be used when +no name server is given as an argument to +\fBrndc\fR. The \fBdefault-key\fR +clause is followed by the name of a key which is identified by +a \fBkey\fR statement. If no +\fBkeyid\fR is provided on the rndc command line, +and no \fBkey\fR clause is found in a matching +\fBserver\fR statement, this default key will be +used to authenticate the server's commands and responses. The +\fBdefault-port\fR clause is followed by the port +to connect to on the remote name server. If no +\fBport\fR option is provided on the rndc command +line, and no \fBport\fR clause is found in a +matching \fBserver\fR statement, this default port +will be used to connect. +.PP +After the \fBserver\fR keyword, the server statement +includes a string which is the hostname or address for a name +server. The statement has two possible clauses: +\fBkey\fR and \fBport\fR. The key name must +match the name of a key statement in the file. The port number +specifies the port to connect to. +.PP +The \fBkey\fR statement begins with an identifying +string, the name of the key. The statement has two clauses. +\fBalgorithm\fR identifies the encryption algorithm +for \fBrndc\fR to use; currently only HMAC-MD5 is +supported. This is followed by a secret clause which contains +the base-64 encoding of the algorithm's encryption key. The +base-64 string is enclosed in double quotes. +.PP +There are two common ways to generate the base-64 string for the +secret. The BIND 9 program \fBrndc-confgen\fR can +be used to generate a random key, or the +\fBmmencode\fR program, also known as +\fBmimencode\fR, can be used to generate a base-64 +string from known input. \fBmmencode\fR does not +ship with BIND 9 but is available on many systems. See the +EXAMPLE section for sample command lines for each. +.SH "EXAMPLE" +.sp +.nf + options { + default-server localhost; + default-key samplekey; + }; + + server localhost { + key samplekey; + }; + + key samplekey { + algorithm hmac-md5; + secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K"; + }; + +.sp +.fi +.PP +In the above example, \fBrndc\fR will by default use +the server at localhost (127.0.0.1) and the key called samplekey. +Commands to the localhost server will use the samplekey key, which +must also be defined in the server's configuration file with the +same name and secret. The key statement indicates that samplekey +uses the HMAC-MD5 algorithm and its secret clause contains the +base-64 encoding of the HMAC-MD5 secret enclosed in double quotes. +.PP +To generate a random secret with \fBrndc-confgen\fR: +.PP +\fBrndc-confgen\fR +.PP +A complete \fIrndc.conf\fR file, including the +randomly generated key, will be written to the standard +output. Commented out \fBkey\fR and +\fBcontrols\fR statements for +\fInamed.conf\fR are also printed. +.PP +To generate a base-64 secret with \fBmmencode\fR: +.PP +\fBecho "known plaintext for a secret" | mmencode\fR +.SH "NAME SERVER CONFIGURATION" +.PP +The name server must be configured to accept rndc connections and +to recognize the key specified in the \fIrndc.conf\fR +file, using the controls statement in \fInamed.conf\fR. +See the sections on the \fBcontrols\fR statement in the +BIND 9 Administrator Reference Manual for details. +.SH "SEE ALSO" +.PP +\fBrndc\fR(8), +\fBrndc-confgen\fR(8), +\fBmmencode\fR(1), +\fIBIND 9 Administrator Reference Manual\fR. +.SH "AUTHOR" +.PP +Internet Systems Consortium diff --git a/contrib/bind9/bin/rndc/rndc.conf.docbook b/contrib/bind9/bin/rndc/rndc.conf.docbook new file mode 100644 index 000000000000..95f158b7602a --- /dev/null +++ b/contrib/bind9/bin/rndc/rndc.conf.docbook @@ -0,0 +1,210 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<!-- + - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2001 Internet Software Consortium. + - + - Permission to use, copy, modify, and distribute this software for any + - purpose with or without fee is hereby granted, provided that the above + - copyright notice and this permission notice appear in all copies. + - + - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + - PERFORMANCE OF THIS SOFTWARE. +--> + +<!-- $Id: rndc.conf.docbook,v 1.4.206.2 2004/06/03 02:24:58 marka Exp $ --> + +<refentry> + <refentryinfo> + <date>June 30, 2000</date> + </refentryinfo> + + <refmeta> + <refentrytitle><filename>rndc.conf</filename></refentrytitle> + <manvolnum>5</manvolnum> + <refmiscinfo>BIND9</refmiscinfo> + </refmeta> + + <refnamediv> + <refname><filename>rndc.conf</filename></refname> + <refpurpose>rndc configuration file</refpurpose> + </refnamediv> + + <refsynopsisdiv> + <cmdsynopsis> + <command>rndc.conf</command> + </cmdsynopsis> + </refsynopsisdiv> + + <refsect1> + <title>DESCRIPTION</title> + <para> + <filename>rndc.conf</filename> is the configuration file + for <command>rndc</command>, the BIND 9 name server control + utility. This file has a similar structure and syntax to + <filename>named.conf</filename>. Statements are enclosed + in braces and terminated with a semi-colon. Clauses in + the statements are also semi-colon terminated. The usual + comment styles are supported: + </para> + <para> + C style: /* */ + </para> + <para> + C++ style: // to end of line + </para> + <para> + Unix style: # to end of line + </para> + <para> + <filename>rndc.conf</filename> is much simpler than + <filename>named.conf</filename>. The file uses three + statements: an options statement, a server statement + and a key statement. + </para> + <para> + The <option>options</option> statement contains three clauses. + The <option>default-server</option> clause is followed by the + name or address of a name server. This host will be used when + no name server is given as an argument to + <command>rndc</command>. The <option>default-key</option> + clause is followed by the name of a key which is identified by + a <option>key</option> statement. If no + <option>keyid</option> is provided on the rndc command line, + and no <option>key</option> clause is found in a matching + <option>server</option> statement, this default key will be + used to authenticate the server's commands and responses. The + <option>default-port</option> clause is followed by the port + to connect to on the remote name server. If no + <option>port</option> option is provided on the rndc command + line, and no <option>port</option> clause is found in a + matching <option>server</option> statement, this default port + will be used to connect. + </para> + <para> + After the <option>server</option> keyword, the server statement + includes a string which is the hostname or address for a name + server. The statement has two possible clauses: + <option>key</option> and <option>port</option>. The key name must + match the name of a key statement in the file. The port number + specifies the port to connect to. + </para> + <para> + The <option>key</option> statement begins with an identifying + string, the name of the key. The statement has two clauses. + <option>algorithm</option> identifies the encryption algorithm + for <command>rndc</command> to use; currently only HMAC-MD5 is + supported. This is followed by a secret clause which contains + the base-64 encoding of the algorithm's encryption key. The + base-64 string is enclosed in double quotes. + </para> + <para> + There are two common ways to generate the base-64 string for the + secret. The BIND 9 program <command>rndc-confgen</command> can + be used to generate a random key, or the + <command>mmencode</command> program, also known as + <command>mimencode</command>, can be used to generate a base-64 + string from known input. <command>mmencode</command> does not + ship with BIND 9 but is available on many systems. See the + EXAMPLE section for sample command lines for each. + </para> + </refsect1> + + <refsect1> + <title>EXAMPLE</title> + + <programlisting> + options { + default-server localhost; + default-key samplekey; + }; + + server localhost { + key samplekey; + }; + + key samplekey { + algorithm hmac-md5; + secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K"; + }; + </programlisting> + + <para> + In the above example, <command>rndc</command> will by default use + the server at localhost (127.0.0.1) and the key called samplekey. + Commands to the localhost server will use the samplekey key, which + must also be defined in the server's configuration file with the + same name and secret. The key statement indicates that samplekey + uses the HMAC-MD5 algorithm and its secret clause contains the + base-64 encoding of the HMAC-MD5 secret enclosed in double quotes. + </para> + <para> + To generate a random secret with <command>rndc-confgen</command>: + </para> + <para> + <userinput>rndc-confgen</userinput> + </para> + <para> + A complete <filename>rndc.conf</filename> file, including the + randomly generated key, will be written to the standard + output. Commented out <option>key</option> and + <option>controls</option> statements for + <filename>named.conf</filename> are also printed. + </para> + <para> + To generate a base-64 secret with <command>mmencode</command>: + </para> + <para> + <userinput>echo "known plaintext for a secret" | mmencode</userinput> + </para> + </refsect1> + + <refsect1> + <title>NAME SERVER CONFIGURATION</title> + <para> + The name server must be configured to accept rndc connections and + to recognize the key specified in the <filename>rndc.conf</filename> + file, using the controls statement in <filename>named.conf</filename>. + See the sections on the <option>controls</option> statement in the + BIND 9 Administrator Reference Manual for details. + </para> + </refsect1> + + <refsect1> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>rndc</refentrytitle> + <manvolnum>8</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>rndc-confgen</refentrytitle> + <manvolnum>8</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>mmencode</refentrytitle> + <manvolnum>1</manvolnum> + </citerefentry>, + <citetitle>BIND 9 Administrator Reference Manual</citetitle>. + </para> + </refsect1> + + <refsect1> + <title>AUTHOR</title> + <para> + <corpauthor>Internet Systems Consortium</corpauthor> + </para> + </refsect1> + +</refentry> + +<!-- + - Local variables: + - mode: sgml + - End: +--> + diff --git a/contrib/bind9/bin/rndc/rndc.conf.html b/contrib/bind9/bin/rndc/rndc.conf.html new file mode 100644 index 000000000000..ea087c8be60e --- /dev/null +++ b/contrib/bind9/bin/rndc/rndc.conf.html @@ -0,0 +1,377 @@ +<!-- + - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2001 Internet Software Consortium. + - + - Permission to use, copy, modify, and distribute this software for any + - purpose with or without fee is hereby granted, provided that the above + - copyright notice and this permission notice appear in all copies. + - + - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + - PERFORMANCE OF THIS SOFTWARE. +--> + +<!-- $Id: rndc.conf.html,v 1.5.2.1.4.3 2004/08/22 23:39:00 marka Exp $ --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML +><HEAD +><TITLE +>rndc.conf</TITLE +><META +NAME="GENERATOR" +CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD +><BODY +CLASS="REFENTRY" +BGCOLOR="#FFFFFF" +TEXT="#000000" +LINK="#0000FF" +VLINK="#840084" +ALINK="#0000FF" +><H1 +><A +NAME="AEN1" +></A +><TT +CLASS="FILENAME" +>rndc.conf</TT +></H1 +><DIV +CLASS="REFNAMEDIV" +><A +NAME="AEN9" +></A +><H2 +>Name</H2 +><TT +CLASS="FILENAME" +>rndc.conf</TT +> -- rndc configuration file</DIV +><DIV +CLASS="REFSYNOPSISDIV" +><A +NAME="AEN13" +></A +><H2 +>Synopsis</H2 +><P +><B +CLASS="COMMAND" +>rndc.conf</B +> </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN16" +></A +><H2 +>DESCRIPTION</H2 +><P +> <TT +CLASS="FILENAME" +>rndc.conf</TT +> is the configuration file + for <B +CLASS="COMMAND" +>rndc</B +>, the BIND 9 name server control + utility. This file has a similar structure and syntax to + <TT +CLASS="FILENAME" +>named.conf</TT +>. Statements are enclosed + in braces and terminated with a semi-colon. Clauses in + the statements are also semi-colon terminated. The usual + comment styles are supported: + </P +><P +> C style: /* */ + </P +><P +> C++ style: // to end of line + </P +><P +> Unix style: # to end of line + </P +><P +> <TT +CLASS="FILENAME" +>rndc.conf</TT +> is much simpler than + <TT +CLASS="FILENAME" +>named.conf</TT +>. The file uses three + statements: an options statement, a server statement + and a key statement. + </P +><P +> The <VAR +CLASS="OPTION" +>options</VAR +> statement contains three clauses. + The <VAR +CLASS="OPTION" +>default-server</VAR +> clause is followed by the + name or address of a name server. This host will be used when + no name server is given as an argument to + <B +CLASS="COMMAND" +>rndc</B +>. The <VAR +CLASS="OPTION" +>default-key</VAR +> + clause is followed by the name of a key which is identified by + a <VAR +CLASS="OPTION" +>key</VAR +> statement. If no + <VAR +CLASS="OPTION" +>keyid</VAR +> is provided on the rndc command line, + and no <VAR +CLASS="OPTION" +>key</VAR +> clause is found in a matching + <VAR +CLASS="OPTION" +>server</VAR +> statement, this default key will be + used to authenticate the server's commands and responses. The + <VAR +CLASS="OPTION" +>default-port</VAR +> clause is followed by the port + to connect to on the remote name server. If no + <VAR +CLASS="OPTION" +>port</VAR +> option is provided on the rndc command + line, and no <VAR +CLASS="OPTION" +>port</VAR +> clause is found in a + matching <VAR +CLASS="OPTION" +>server</VAR +> statement, this default port + will be used to connect. + </P +><P +> After the <VAR +CLASS="OPTION" +>server</VAR +> keyword, the server statement + includes a string which is the hostname or address for a name + server. The statement has two possible clauses: + <VAR +CLASS="OPTION" +>key</VAR +> and <VAR +CLASS="OPTION" +>port</VAR +>. The key name must + match the name of a key statement in the file. The port number + specifies the port to connect to. + </P +><P +> The <VAR +CLASS="OPTION" +>key</VAR +> statement begins with an identifying + string, the name of the key. The statement has two clauses. + <VAR +CLASS="OPTION" +>algorithm</VAR +> identifies the encryption algorithm + for <B +CLASS="COMMAND" +>rndc</B +> to use; currently only HMAC-MD5 is + supported. This is followed by a secret clause which contains + the base-64 encoding of the algorithm's encryption key. The + base-64 string is enclosed in double quotes. + </P +><P +> There are two common ways to generate the base-64 string for the + secret. The BIND 9 program <B +CLASS="COMMAND" +>rndc-confgen</B +> can + be used to generate a random key, or the + <B +CLASS="COMMAND" +>mmencode</B +> program, also known as + <B +CLASS="COMMAND" +>mimencode</B +>, can be used to generate a base-64 + string from known input. <B +CLASS="COMMAND" +>mmencode</B +> does not + ship with BIND 9 but is available on many systems. See the + EXAMPLE section for sample command lines for each. + </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN54" +></A +><H2 +>EXAMPLE</H2 +><PRE +CLASS="PROGRAMLISTING" +> options { + default-server localhost; + default-key samplekey; + }; + + server localhost { + key samplekey; + }; + + key samplekey { + algorithm hmac-md5; + secret "c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K"; + }; + </PRE +><P +> In the above example, <B +CLASS="COMMAND" +>rndc</B +> will by default use + the server at localhost (127.0.0.1) and the key called samplekey. + Commands to the localhost server will use the samplekey key, which + must also be defined in the server's configuration file with the + same name and secret. The key statement indicates that samplekey + uses the HMAC-MD5 algorithm and its secret clause contains the + base-64 encoding of the HMAC-MD5 secret enclosed in double quotes. + </P +><P +> To generate a random secret with <B +CLASS="COMMAND" +>rndc-confgen</B +>: + </P +><P +> <KBD +CLASS="USERINPUT" +>rndc-confgen</KBD +> + </P +><P +> A complete <TT +CLASS="FILENAME" +>rndc.conf</TT +> file, including the + randomly generated key, will be written to the standard + output. Commented out <VAR +CLASS="OPTION" +>key</VAR +> and + <VAR +CLASS="OPTION" +>controls</VAR +> statements for + <TT +CLASS="FILENAME" +>named.conf</TT +> are also printed. + </P +><P +> To generate a base-64 secret with <B +CLASS="COMMAND" +>mmencode</B +>: + </P +><P +> <KBD +CLASS="USERINPUT" +>echo "known plaintext for a secret" | mmencode</KBD +> + </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN72" +></A +><H2 +>NAME SERVER CONFIGURATION</H2 +><P +> The name server must be configured to accept rndc connections and + to recognize the key specified in the <TT +CLASS="FILENAME" +>rndc.conf</TT +> + file, using the controls statement in <TT +CLASS="FILENAME" +>named.conf</TT +>. + See the sections on the <VAR +CLASS="OPTION" +>controls</VAR +> statement in the + BIND 9 Administrator Reference Manual for details. + </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN78" +></A +><H2 +>SEE ALSO</H2 +><P +> <SPAN +CLASS="CITEREFENTRY" +><SPAN +CLASS="REFENTRYTITLE" +>rndc</SPAN +>(8)</SPAN +>, + <SPAN +CLASS="CITEREFENTRY" +><SPAN +CLASS="REFENTRYTITLE" +>rndc-confgen</SPAN +>(8)</SPAN +>, + <SPAN +CLASS="CITEREFENTRY" +><SPAN +CLASS="REFENTRYTITLE" +>mmencode</SPAN +>(1)</SPAN +>, + <I +CLASS="CITETITLE" +>BIND 9 Administrator Reference Manual</I +>. + </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN91" +></A +><H2 +>AUTHOR</H2 +><P +> Internet Systems Consortium + </P +></DIV +></BODY +></HTML +> diff --git a/contrib/bind9/bin/rndc/rndc.docbook b/contrib/bind9/bin/rndc/rndc.docbook new file mode 100644 index 000000000000..d4529ccfa6e2 --- /dev/null +++ b/contrib/bind9/bin/rndc/rndc.docbook @@ -0,0 +1,228 @@ +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook V4.1//EN"> +<!-- + - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2001 Internet Software Consortium. + - + - Permission to use, copy, modify, and distribute this software for any + - purpose with or without fee is hereby granted, provided that the above + - copyright notice and this permission notice appear in all copies. + - + - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + - PERFORMANCE OF THIS SOFTWARE. +--> + +<!-- $Id: rndc.docbook,v 1.7.206.2 2004/06/03 02:24:58 marka Exp $ --> + +<refentry> + <refentryinfo> + <date>June 30, 2000</date> + </refentryinfo> + + <refmeta> + <refentrytitle><application>rndc</application></refentrytitle> + <manvolnum>8</manvolnum> + <refmiscinfo>BIND9</refmiscinfo> + </refmeta> + + <refnamediv> + <refname><application>rndc</application></refname> + <refpurpose>name server control utility</refpurpose> + </refnamediv> + + <refsynopsisdiv> + <cmdsynopsis> + <command>rndc</command> + <arg><option>-c <replaceable class="parameter">config-file</replaceable></option></arg> + <arg><option>-k <replaceable class="parameter">key-file</replaceable></option></arg> + <arg><option>-s <replaceable class="parameter">server</replaceable></option></arg> + <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg> + <arg><option>-V</option></arg> + <arg><option>-y <replaceable class="parameter">key_id</replaceable></option></arg> + <arg choice="req">command</arg> + </cmdsynopsis> + </refsynopsisdiv> + + <refsect1> + <title>DESCRIPTION</title> + <para> + <command>rndc</command> controls the operation of a name + server. It supersedes the <command>ndc</command> utility + that was provided in old BIND releases. If + <command>rndc</command> is invoked with no command line + options or arguments, it prints a short summary of the + supported commands and the available options and their + arguments. + </para> + <para> + <command>rndc</command> communicates with the name server + over a TCP connection, sending commands authenticated with + digital signatures. In the current versions of + <command>rndc</command> and <command>named</command> named + the only supported authentication algorithm is HMAC-MD5, + which uses a shared secret on each end of the connection. + This provides TSIG-style authentication for the command + request and the name server's response. All commands sent + over the channel must be signed by a key_id known to the + server. + </para> + <para> + <command>rndc</command> reads a configuration file to + determine how to contact the name server and decide what + algorithm and key it should use. + </para> + </refsect1> + + <refsect1> + <title>OPTIONS</title> + + <variablelist> + <varlistentry> + <term>-c <replaceable class="parameter">config-file</replaceable></term> + <listitem> + <para> + Use <replaceable class="parameter">config-file</replaceable> + as the configuration file instead of the default, + <filename>/etc/rndc.conf</filename>. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-k <replaceable class="parameter">key-file</replaceable></term> + <listitem> + <para> + Use <replaceable class="parameter">key-file</replaceable> + as the key file instead of the default, + <filename>/etc/rndc.key</filename>. The key in + <filename>/etc/rndc.key</filename> will be used to authenticate + commands sent to the server if the <replaceable class="parameter">config-file</replaceable> + does not exist. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-s <replaceable class="parameter">server</replaceable></term> + <listitem> + <para> + <replaceable class="parameter">server</replaceable> is + the name or address of the server which matches a + server statement in the configuration file for + <command>rndc</command>. If no server is supplied on the + command line, the host named by the default-server clause + in the option statement of the configuration file will be + used. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-p <replaceable class="parameter">port</replaceable></term> + <listitem> + <para> + Send commands to TCP port + <replaceable class="parameter">port</replaceable> instead + of BIND 9's default control channel port, 953. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-V</term> + <listitem> + <para> + Enable verbose logging. + </para> + </listitem> + </varlistentry> + + <varlistentry> + <term>-y <replaceable class="parameter">keyid</replaceable></term> + <listitem> + <para> + Use the key <replaceable class="parameter">keyid</replaceable> + from the configuration file. + <replaceable class="parameter">keyid</replaceable> must be + known by named with the same algorithm and secret string + in order for control message validation to succeed. + If no <replaceable class="parameter">keyid</replaceable> + is specified, <command>rndc</command> will first look + for a key clause in the server statement of the server + being used, or if no server statement is present for that + host, then the default-key clause of the options statement. + Note that the configuration file contains shared secrets + which are used to send authenticated control commands + to name servers. It should therefore not have general read + or write access. + </para> + </listitem> + </varlistentry> + + </variablelist> + + <para> + For the complete set of commands supported by <command>rndc</command>, + see the BIND 9 Administrator Reference Manual or run + <command>rndc</command> without arguments to see its help message. + </para> + + </refsect1> + + <refsect1> + <title>LIMITATIONS</title> + <para> + <command>rndc</command> does not yet support all the commands of + the BIND 8 <command>ndc</command> utility. + </para> + <para> + There is currently no way to provide the shared secret for a + <option>key_id</option> without using the configuration file. + </para> + <para> + Several error messages could be clearer. + </para> + </refsect1> + + <refsect1> + <title>SEE ALSO</title> + <para> + <citerefentry> + <refentrytitle>rndc.conf</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>named</refentrytitle> + <manvolnum>8</manvolnum> + </citerefentry>, + <citerefentry> + <refentrytitle>named.conf</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry> + <citerefentry> + <refentrytitle>ndc</refentrytitle> + <manvolnum>8</manvolnum> + </citerefentry>, + <citetitle>BIND 9 Administrator Reference Manual</citetitle>. + </para> + </refsect1> + + <refsect1> + <title>AUTHOR</title> + <para> + <corpauthor>Internet Systems Consortium</corpauthor> + </para> + </refsect1> + +</refentry> + +<!-- + - Local variables: + - mode: sgml + - End: +--> + diff --git a/contrib/bind9/bin/rndc/rndc.html b/contrib/bind9/bin/rndc/rndc.html new file mode 100644 index 000000000000..56f1aa1dba15 --- /dev/null +++ b/contrib/bind9/bin/rndc/rndc.html @@ -0,0 +1,388 @@ +<!-- + - Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + - Copyright (C) 2001 Internet Software Consortium. + - + - Permission to use, copy, modify, and distribute this software for any + - purpose with or without fee is hereby granted, provided that the above + - copyright notice and this permission notice appear in all copies. + - + - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + - PERFORMANCE OF THIS SOFTWARE. +--> + +<!-- $Id: rndc.html,v 1.7.2.1.4.3 2004/08/22 23:39:00 marka Exp $ --> + +<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN"> +<HTML +><HEAD +><TITLE +>rndc</TITLE +><META +NAME="GENERATOR" +CONTENT="Modular DocBook HTML Stylesheet Version 1.7"></HEAD +><BODY +CLASS="REFENTRY" +BGCOLOR="#FFFFFF" +TEXT="#000000" +LINK="#0000FF" +VLINK="#840084" +ALINK="#0000FF" +><H1 +><A +NAME="AEN1" +></A +><SPAN +CLASS="APPLICATION" +>rndc</SPAN +></H1 +><DIV +CLASS="REFNAMEDIV" +><A +NAME="AEN9" +></A +><H2 +>Name</H2 +><SPAN +CLASS="APPLICATION" +>rndc</SPAN +> -- name server control utility</DIV +><DIV +CLASS="REFSYNOPSISDIV" +><A +NAME="AEN13" +></A +><H2 +>Synopsis</H2 +><P +><B +CLASS="COMMAND" +>rndc</B +> [<VAR +CLASS="OPTION" +>-c <VAR +CLASS="REPLACEABLE" +>config-file</VAR +></VAR +>] [<VAR +CLASS="OPTION" +>-k <VAR +CLASS="REPLACEABLE" +>key-file</VAR +></VAR +>] [<VAR +CLASS="OPTION" +>-s <VAR +CLASS="REPLACEABLE" +>server</VAR +></VAR +>] [<VAR +CLASS="OPTION" +>-p <VAR +CLASS="REPLACEABLE" +>port</VAR +></VAR +>] [<VAR +CLASS="OPTION" +>-V</VAR +>] [<VAR +CLASS="OPTION" +>-y <VAR +CLASS="REPLACEABLE" +>key_id</VAR +></VAR +>] {command}</P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN34" +></A +><H2 +>DESCRIPTION</H2 +><P +> <B +CLASS="COMMAND" +>rndc</B +> controls the operation of a name + server. It supersedes the <B +CLASS="COMMAND" +>ndc</B +> utility + that was provided in old BIND releases. If + <B +CLASS="COMMAND" +>rndc</B +> is invoked with no command line + options or arguments, it prints a short summary of the + supported commands and the available options and their + arguments. + </P +><P +> <B +CLASS="COMMAND" +>rndc</B +> communicates with the name server + over a TCP connection, sending commands authenticated with + digital signatures. In the current versions of + <B +CLASS="COMMAND" +>rndc</B +> and <B +CLASS="COMMAND" +>named</B +> named + the only supported authentication algorithm is HMAC-MD5, + which uses a shared secret on each end of the connection. + This provides TSIG-style authentication for the command + request and the name server's response. All commands sent + over the channel must be signed by a key_id known to the + server. + </P +><P +> <B +CLASS="COMMAND" +>rndc</B +> reads a configuration file to + determine how to contact the name server and decide what + algorithm and key it should use. + </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN46" +></A +><H2 +>OPTIONS</H2 +><P +></P +><DIV +CLASS="VARIABLELIST" +><DL +><DT +>-c <VAR +CLASS="REPLACEABLE" +>config-file</VAR +></DT +><DD +><P +> Use <VAR +CLASS="REPLACEABLE" +>config-file</VAR +> + as the configuration file instead of the default, + <TT +CLASS="FILENAME" +>/etc/rndc.conf</TT +>. + </P +></DD +><DT +>-k <VAR +CLASS="REPLACEABLE" +>key-file</VAR +></DT +><DD +><P +> Use <VAR +CLASS="REPLACEABLE" +>key-file</VAR +> + as the key file instead of the default, + <TT +CLASS="FILENAME" +>/etc/rndc.key</TT +>. The key in + <TT +CLASS="FILENAME" +>/etc/rndc.key</TT +> will be used to authenticate + commands sent to the server if the <VAR +CLASS="REPLACEABLE" +>config-file</VAR +> + does not exist. + </P +></DD +><DT +>-s <VAR +CLASS="REPLACEABLE" +>server</VAR +></DT +><DD +><P +> <VAR +CLASS="REPLACEABLE" +>server</VAR +> is + the name or address of the server which matches a + server statement in the configuration file for + <B +CLASS="COMMAND" +>rndc</B +>. If no server is supplied on the + command line, the host named by the default-server clause + in the option statement of the configuration file will be + used. + </P +></DD +><DT +>-p <VAR +CLASS="REPLACEABLE" +>port</VAR +></DT +><DD +><P +> Send commands to TCP port + <VAR +CLASS="REPLACEABLE" +>port</VAR +> instead + of BIND 9's default control channel port, 953. + </P +></DD +><DT +>-V</DT +><DD +><P +> Enable verbose logging. + </P +></DD +><DT +>-y <VAR +CLASS="REPLACEABLE" +>keyid</VAR +></DT +><DD +><P +> Use the key <VAR +CLASS="REPLACEABLE" +>keyid</VAR +> + from the configuration file. + <VAR +CLASS="REPLACEABLE" +>keyid</VAR +> must be + known by named with the same algorithm and secret string + in order for control message validation to succeed. + If no <VAR +CLASS="REPLACEABLE" +>keyid</VAR +> + is specified, <B +CLASS="COMMAND" +>rndc</B +> will first look + for a key clause in the server statement of the server + being used, or if no server statement is present for that + host, then the default-key clause of the options statement. + Note that the configuration file contains shared secrets + which are used to send authenticated control commands + to name servers. It should therefore not have general read + or write access. + </P +></DD +></DL +></DIV +><P +> For the complete set of commands supported by <B +CLASS="COMMAND" +>rndc</B +>, + see the BIND 9 Administrator Reference Manual or run + <B +CLASS="COMMAND" +>rndc</B +> without arguments to see its help message. + </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN94" +></A +><H2 +>LIMITATIONS</H2 +><P +> <B +CLASS="COMMAND" +>rndc</B +> does not yet support all the commands of + the BIND 8 <B +CLASS="COMMAND" +>ndc</B +> utility. + </P +><P +> There is currently no way to provide the shared secret for a + <VAR +CLASS="OPTION" +>key_id</VAR +> without using the configuration file. + </P +><P +> Several error messages could be clearer. + </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN102" +></A +><H2 +>SEE ALSO</H2 +><P +> <SPAN +CLASS="CITEREFENTRY" +><SPAN +CLASS="REFENTRYTITLE" +>rndc.conf</SPAN +>(5)</SPAN +>, + <SPAN +CLASS="CITEREFENTRY" +><SPAN +CLASS="REFENTRYTITLE" +>named</SPAN +>(8)</SPAN +>, + <SPAN +CLASS="CITEREFENTRY" +><SPAN +CLASS="REFENTRYTITLE" +>named.conf</SPAN +>(5)</SPAN +> + <SPAN +CLASS="CITEREFENTRY" +><SPAN +CLASS="REFENTRYTITLE" +>ndc</SPAN +>(8)</SPAN +>, + <I +CLASS="CITETITLE" +>BIND 9 Administrator Reference Manual</I +>. + </P +></DIV +><DIV +CLASS="REFSECT1" +><A +NAME="AEN118" +></A +><H2 +>AUTHOR</H2 +><P +> Internet Systems Consortium + </P +></DIV +></BODY +></HTML +> diff --git a/contrib/bind9/bin/rndc/unix/Makefile.in b/contrib/bind9/bin/rndc/unix/Makefile.in new file mode 100644 index 000000000000..0409a188838f --- /dev/null +++ b/contrib/bind9/bin/rndc/unix/Makefile.in @@ -0,0 +1,36 @@ +# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2001 Internet Software Consortium. +# +# Permission to use, copy, modify, and distribute this software for any +# purpose with or without fee is hereby granted, provided that the above +# copyright notice and this permission notice appear in all copies. +# +# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH +# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY +# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, +# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM +# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE +# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR +# PERFORMANCE OF THIS SOFTWARE. + +# $Id: Makefile.in,v 1.1.12.3 2004/03/08 04:04:24 marka Exp $ + +srcdir = @srcdir@ +VPATH = @srcdir@ +top_srcdir = @top_srcdir@ + +@BIND9_MAKE_INCLUDES@ + +CINCLUDES = -I${srcdir}/include -I${srcdir}/../include \ + ${DNS_INCLUDES} ${ISC_INCLUDES} + +CDEFINES = +CWARNINGS = + +OBJS = os.@O@ + +SRCS = os.c + +TARGETS = ${OBJS} + +@BIND9_MAKE_RULES@ diff --git a/contrib/bind9/bin/rndc/unix/os.c b/contrib/bind9/bin/rndc/unix/os.c new file mode 100644 index 000000000000..1adfdee9f15e --- /dev/null +++ b/contrib/bind9/bin/rndc/unix/os.c @@ -0,0 +1,68 @@ +/* + * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: os.c,v 1.5.206.1 2004/03/06 10:21:33 marka Exp $ */ + +#include <config.h> + +#include <rndc/os.h> + +#include <fcntl.h> +#include <unistd.h> +#include <sys/types.h> +#include <pwd.h> +#include <errno.h> +#include <stdio.h> +#include <sys/stat.h> + +int +set_user(FILE *fd, const char *user) { + struct passwd *pw; + + pw = getpwnam(user); + if (pw == NULL) { + errno = EINVAL; + return (-1); + } + return (fchown(fileno(fd), pw->pw_uid, -1)); +} + +FILE * +safe_create(const char *filename) { + int fd; + FILE *f; + struct stat sb; + int flags = O_WRONLY; + + if (stat(filename, &sb) == -1) { + if (errno != ENOENT) + return (NULL); + flags = O_WRONLY | O_CREAT | O_EXCL; + } else if ((sb.st_mode & S_IFREG) == 0) { + errno = EOPNOTSUPP; + return (NULL); + } else + flags = O_WRONLY | O_TRUNC; + + fd = open(filename, flags, S_IRUSR | S_IWUSR); + if (fd == -1) + return (NULL); + f = fdopen(fd, "w"); + if (f == NULL) + close(fd); + return (f); +} diff --git a/contrib/bind9/bin/rndc/util.c b/contrib/bind9/bin/rndc/util.c new file mode 100644 index 000000000000..249cbe2ab1c1 --- /dev/null +++ b/contrib/bind9/bin/rndc/util.c @@ -0,0 +1,55 @@ +/* + * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2000, 2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: util.c,v 1.2.206.1 2004/03/06 10:21:32 marka Exp $ */ + +#include <config.h> + +#include <stdarg.h> +#include <stdlib.h> +#include <stdio.h> + +#include <isc/boolean.h> + +#include "util.h" + +extern isc_boolean_t verbose; +extern const char *progname; + +void +notify(const char *fmt, ...) { + va_list ap; + + if (verbose) { + va_start(ap, fmt); + vfprintf(stderr, fmt, ap); + va_end(ap); + fputs("\n", stderr); + } +} + +void +fatal(const char *format, ...) { + va_list args; + + fprintf(stderr, "%s: ", progname); + va_start(args, format); + vfprintf(stderr, format, args); + va_end(args); + fprintf(stderr, "\n"); + exit(1); +} diff --git a/contrib/bind9/bin/rndc/util.h b/contrib/bind9/bin/rndc/util.h new file mode 100644 index 000000000000..3c19cd447575 --- /dev/null +++ b/contrib/bind9/bin/rndc/util.h @@ -0,0 +1,49 @@ +/* + * Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2000, 2001 Internet Software Consortium. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +/* $Id: util.h,v 1.5.206.1 2004/03/06 10:21:32 marka Exp $ */ + +#ifndef RNDC_UTIL_H +#define RNDC_UTIL_H 1 + +#include <isc/lang.h> + +#include <isc/formatcheck.h> + +#define NS_CONTROL_PORT 953 + +#undef DO +#define DO(name, function) \ + do { \ + result = function; \ + if (result != ISC_R_SUCCESS) \ + fatal("%s: %s", name, isc_result_totext(result)); \ + else \ + notify("%s", name); \ + } while (0) + +ISC_LANG_BEGINDECLS + +void +notify(const char *fmt, ...) ISC_FORMAT_PRINTF(1, 2); + +void +fatal(const char *format, ...) ISC_FORMAT_PRINTF(1, 2); + +ISC_LANG_ENDDECLS + +#endif /* RNDC_UTIL_H */ |