components/network/bind/Solaris/dns-server.sh

   1 #!/sbin/sh
   2
   3 # CDDL HEADER START
   4 #
   5 # The contents of this file are subject to the terms of the
   6 # Common Development and Distribution License (the "License").
   7 # You may not use this file except in compliance with the License.
   8 #
   9 # You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE
  10 # or http://www.opensolaris.org/os/licensing.
  11 # See the License for the specific language governing permissions
  12 # and limitations under the License.
  13 #
  14 # When distributing Covered Code, include this CDDL HEADER in each
  15 # file and include the License file at usr/src/OPENSOLARIS.LICENSE.
  16 # If applicable, add the following below this CDDL HEADER, with the
  17 # fields enclosed by brackets "[]" replaced with your own identifying
  18 # information: Portions Copyright [yyyy] [name of copyright owner]
  19 #
  20 # CDDL HEADER END
  21 #
  22 # Copyright (c) 2007, 2012, Oracle and/or its affiliates. All rights reserved.
  23 # Copyright 2016 Hans Rosenfeld <rosenfeld@grumpf.hope-2000.org>
  24 # Copyright 2023 Gary Mills
  25 #
  26 # smf_method(5) start/stop script required for server DNS
  27
  28 . /lib/svc/share/smf_include.sh
  29
  30 mount_chroot ()
  31 {
  32     c=$1
  33     shift
  34     for f in $*; do
  35         if [ -z "${f}" -o ! -f "${f}" -o \
  36              -z "${c}" -o ! -d "${c}" ]; then
  37              exit ${SMF_EXIT_ERR_CONFIG}
  38         fi
  39
  40         umount ${c}/${f} >/dev/null 2>&1
  41         mkdir -p `dirname ${c}/${f}`
  42         touch ${c}/${f}
  43         mount -Flofs ${f} ${c}/${f}
  44     done
  45 }
  46
  47 umount_chroot ()
  48 {
  49     c=$1
  50     shift
  51     for f in $*; do
  52         umount ${c}/${f} >/dev/null 2>&1
  53     done
  54 }
  55
  56 get_config ()
  57 {
  58     configuration_file=/etc/named.conf
  59     rndc_config_file=/etc/rndc.conf
  60     rndc_key_file=/etc/rndc.key
  61     rndc_cmd_opts="-a"
  62     libraries="/lib/openssl/engines/libpk11.so /usr/lib/security/pkcs11_kernel.so.1"
  63     cmdopts=""
  64     checkopts=""
  65     properties="debug_level ip_interfaces listen_on_port
  66         threads chroot_dir configuration_file server user"
  67
  68     for prop in $properties
  69     do
  70         value=`/usr/bin/svcprop -p options/${prop} ${SMF_FMRI}`
  71         if [ -z "${value}" -o "${value}" = '""' ]; then
  72             continue;
  73         fi
  74
  75         case $prop in
  76         'debug_level')
  77             if [ ${value} -gt 0 ]; then
  78                 cmdopts="${cmdopts} -d ${value}"
  79             fi
  80             ;;
  81         'ip_interfaces')
  82             case ${value} in
  83                 'IPv4')
  84                     cmdopts="${cmdopts} -4";;
  85                 'IPv6')
  86                     cmdopts="${cmdopts} -6";;
  87                 'all')
  88                     :   # Default is all, therefore ignore.
  89                     ;;
  90                 *)
  91                     echo "$I: Unrecognised value in service instance property" >&2
  92                     echo "$I: options/${prop} : ${value}" >&2
  93                     ;;
  94             esac
  95             ;;
  96         'listen_on_port')
  97             if [ ${value} -gt 0 ]; then
  98                 cmdopts="${cmdopts} -p ${value}"
  99             fi
 100             ;;
 101         'threads')
 102             if [ ${value} -gt 0 ]; then
 103                 cmdopts="${cmdopts} -n ${value}"
 104             fi
 105             ;;
 106         'chroot_dir')
 107             cmdopts="${cmdopts} -t ${value}"
 108             checkopts="${checkopts} -t ${value}"
 109             chroot_dir=${value};
 110             ;;
 111         'configuration_file')
 112             cmdopts="${cmdopts} -c ${value}"
 113             checkopts="${checkopts} ${value}"
 114             configuration_file=${value};
 115             ;;
 116         'server')
 117             set -- `echo ${value} | /usr/bin/sed -e  's/\\\\//g'`
 118             server=$@
 119             ;;
 120         'user')
 121             cmdopts="${cmdopts} -u ${value}"
 122             cmduser=${value};
 123             ;;
 124         esac
 125     done
 126
 127     configuration_dir=$(sed -n -e 's,^[[:space:]]*directory.*"\(.*\)";,\1,p' \
 128         ${configuration_file})
 129     [ "${configuration_dir}" == "" ] && configuration_dir=/etc/namedb
 130
 131     configuration_files=$(sed -n -e \
 132         "s,^[[:space:]]*file.*\"\(.*\)\";,${configuration_dir}/\1,p" \
 133         ${configuration_file} | sort -u)
 134     configuration_files="${configuration_files} ${configuration_file}"
 135 }
 136
 137 result=${SMF_EXIT_OK}
 138
 139 # Read command line arguments
 140 method="$1"             # %m
 141 instance="$2"           # %i
 142 contract="$3"           # %{restarter/contract}
 143
 144 # Set defaults; SMF_FMRI should have been set, but just in case.
 145 if [ -z "$SMF_FMRI" ]; then
 146     SMF_FMRI="svc:/network/dns/server:${instance}"
 147 fi
 148 server="/usr/sbin/named"
 149 checkconf="/usr/sbin/named-checkconf"
 150 I=`/usr/bin/basename $0`
 151
 152 case "$method" in
 153 'start')
 154     get_config
 155
 156     # Check configuration file exists.
 157     if [ ! -f ${configuration_file} ]; then
 158         msg="$I: Configuration file ${configuration_file} does not exist!"
 159         echo ${msg} >&2
 160         /usr/bin/logger -p daemon.error ${msg}
 161         # dns-server should be placed in maintenance state.
 162         result=${SMF_EXIT_ERR_CONFIG}
 163     fi
 164
 165     # If chroot option is set, note zones(5) are preferred, then
 166     # configuration file lives under chroot directory.
 167     if [ "${chroot_dir}" != "" ]; then
 168         if [ "${chroot_dir}" = "/" ]; then
 169             msg="$I: chroot_dir must not be /"
 170             echo ${msg} >&2
 171             /usr/bin/logger -p daemon.error ${msg}
 172             # dns-server should be placed in maintenance state.
 173             exit ${SMF_EXIT_ERR_CONFIG}
 174         fi
 175
 176         server="env LD_NOLAZYLOAD=1 ${server}"
 177         checkconf="env LD_NOLAZYLOAD=1 ${checkconf}"
 178
 179         mkdir -p ${chroot_dir}
 180
 181         if [ "${SMF_ZONENAME}" = "global" ]; then
 182             for dev in crypto log null poll random urandom; do
 183                 rm -f ${chroot_dir}/dev/${dev}
 184                 pax -rw -H -pe /dev/${dev} ${chroot_dir}
 185             done
 186         fi
 187
 188         missing=""
 189         for dev in crypto null poll random urandom; do
 190             if [ ! -c ${chroot_dir}/dev/${dev} ]; then
 191                 missing="${missing} ${dev}"
 192             fi
 193         done
 194
 195         if [ ! -z "${missing}" ]; then
 196             msg="$I: missing device nodes in ${chroot_dir}: ${missing}"
 197             echo ${msg} >&2
 198             /usr/bin/logger -p daemon.error ${msg}
 199             # dns-server should be placed in maintenance state.
 200             exit ${SMF_EXIT_ERR_CONFIG}
 201         fi
 202
 203         mkdir -p ${chroot_dir}/etc/crypto
 204         echo "/usr/lib/security/pkcs11_kernel.so.1" > ${chroot_dir}/etc/crypto/pkcs11.conf
 205
 206         mount_chroot ${chroot_dir} ${configuration_files} ${libraries}
 207
 208         mkdir -p ${chroot_dir}/var/run/named
 209         chown ${cmduser}:${cmduser} ${chroot_dir}/var/run/named
 210
 211         configuration_file=${chroot_dir}${configuration_file}
 212         rndc_config_file=${chroot_dir}${rndc_config_file}
 213         rndc_key_file=${chroot_dir}${rndc_key_file}
 214         rndc_cmd_opts="${rndc_cmd_opts} -t ${chroot_dir}"
 215     fi
 216
 217     # Check if the rndc config file exists.
 218     if [ ! -f ${rndc_config_file} ]; then
 219         # If not, check if the default rndc key file exists.
 220         if [ ! -f ${rndc_key_file} ]; then
 221             echo "$I: Creating default rndc key file: ${rndc_key_file}." >&2
 222             /usr/sbin/rndc-confgen ${rndc_cmd_opts}
 223             if [ $? -ne 0 ]; then
 224                 echo "$I : Warning: rndc configuration failed! Use of 'rndc' to" \
 225                     "control 'named' may fail and 'named' may report further error" \
 226                     "messages to the system log. This is not fatal. For more" \
 227                     "information see rndc(1M) and rndc-confgen(1M)." >&2
 228             fi
 229         fi
 230     fi
 231
 232     if [ ${result} = ${SMF_EXIT_OK} ]; then
 233         ${checkconf} -z ${checkopts}
 234         result=$?
 235         if [ $result -ne 0 ]; then
 236             msg="$I: named-checkconf failed to verify configuration"
 237             echo ${msg} >&2
 238             /usr/bin/logger -p daemon.error ${msg}
 239             if [ "${chroot_dir}" != "" -a "${chroot_dir}" != "/" ]; then
 240                 umount_chroot ${chroot_dir} ${configuration_files} ${libraries}
 241             fi
 242             # dns-server should be placed in maintenance state.
 243             exit ${SMF_EXIT_ERR_CONFIG}
 244         fi
 245     fi
 246
 247     if [ ${result} = ${SMF_EXIT_OK} ]; then
 248         echo "$I: Executing: ${server} ${cmdopts} in '${PWD}'" >&2
 249         # Execute named(1M) with relevant command line options.  Note
 250         # the server forks before reading named.conf(4) and so a
 251         # good exit code here does not mean the service is ready.
 252         ${server} ${cmdopts}
 253         result=$?
 254         if [ $result -ne 0 ]; then
 255             echo "$I : start failed! Check syslog for further information." >&2
 256             exit ${result}
 257         fi
 258         if [ "${cmduser}" != "" ]; then
 259
 260             # Wait for the setuid to complete
 261             numsec=0
 262             for N in 1 1 2 2 4 4 9 9
 263             do
 264                 numsec=`/usr/bin/expr ${numsec} + $N`
 265                 if [ $N = 9 ]; then
 266                     echo "$I: Process ${cmduser} did not appear"
 267                     exit 0
 268                 fi
 269                 sleep ${numsec}
 270                 svrpid=`/usr/bin/pgrep -f -u ${cmduser} /usr/sbin/named`
 271                 numpids=`echo ${svrpid} | /usr/bin/wc -l`
 272                 if [ "${svrpid}" = "" ]; then
 273                     continue
 274                 fi
 275                 if [ ${numpids} -eq 1 ]; then
 276                     break
 277                 fi
 278                 if [ ${numpids} -gt 1 ]; then
 279                     echo "$I: Nameserver is already running"
 280                     exit 0
 281                 fi
 282             done
 283
 284             # Set process privileges to allow binding to a privileged port
 285             /usr/bin/ppriv -s A+net_privaddr ${svrpid}
 286         fi
 287     fi
 288     ;;
 289 'stop')
 290     get_config
 291
 292     smf_kill_contract ${contract} TERM 1
 293     [ $? -ne 0 ] && exit 1
 294
 295     if [ "${chroot_dir}" != "" -a "${chroot_dir}" != "/" ]; then
 296         umount_chroot ${chroot_dir} ${configuration_files} ${libraries}
 297     fi
 298
 299     ;;
 300 *)
 301     echo "Usage: $I [stop|start] <instance>" >&2
 302     exit 1
 303     ;;
 304 esac
 305 exit ${result}