etc/rc.d/named

   1 #!/bin/sh
   2 #
   3 # $FreeBSD$
   4 #
   5
   6 # PROVIDE: named
   7 # REQUIRE: SERVERS cleanvar
   8 # KEYWORD: shutdown
   9
  10 . /etc/rc.subr
  11
  12 name="named"
  13 rcvar=named_enable
  14
  15 command="/usr/sbin/named"
  16 extra_commands="reload"
  17
  18 start_precmd="named_precmd"
  19 start_postcmd="named_poststart"
  20 reload_cmd="named_reload"
  21 stop_cmd="named_stop"
  22 stop_postcmd="named_poststop"
  23
  24 # If running in a chroot cage, ensure that the appropriate files
  25 # exist inside the cage, as well as helper symlinks into the cage
  26 # from outside.
  27 #
  28 # As this is called after the is_running and required_dir checks
  29 # are made in run_rc_command(), we can safely assume ${named_chrootdir}
  30 # exists and named isn't running at this point (unless forcestart
  31 # is used).
  32 #
  33 chroot_autoupdate()
  34 {
  35         local file
  36
  37         # Create (or update) the chroot directory structure
  38         #
  39         if [ -r /etc/mtree/BIND.chroot.dist ]; then
  40                 mtree -deU -f /etc/mtree/BIND.chroot.dist \
  41                     -p ${named_chrootdir}
  42         else
  43                 warn "/etc/mtree/BIND.chroot.dist missing,"
  44                 warn "chroot directory structure not updated"
  45         fi
  46
  47         # Create /etc/namedb symlink
  48         #
  49         if [ ! -L /etc/namedb ]; then
  50                 if [ -d /etc/namedb ]; then
  51                         warn "named chroot: /etc/namedb is a directory!"
  52                 elif [ -e /etc/namedb ]; then
  53                         warn "named chroot: /etc/namedb exists!"
  54                 else
  55                         ln -s ${named_chrootdir}/etc/namedb /etc/namedb
  56                 fi
  57         else
  58                 # Make sure it points to the right place.
  59                 ln -shf ${named_chrootdir}/etc/namedb /etc/namedb
  60         fi
  61
  62         # Mount a devfs in the chroot directory if needed
  63         #
  64         if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
  65                 umount ${named_chrootdir}/dev 2>/dev/null
  66                 devfs_domount ${named_chrootdir}/dev devfsrules_hide_all
  67                 devfs -m ${named_chrootdir}/dev rule apply path null unhide
  68                 devfs -m ${named_chrootdir}/dev rule apply path random unhide
  69         else
  70                 if [ -c ${named_chrootdir}/dev/null -a \
  71                     -c ${named_chrootdir}/dev/random ]; then
  72                         info "named chroot: using pre-mounted devfs."
  73                 else
  74                         err 1 "named chroot: devfs cannot be mounted from" \
  75                             "within a jail. Thus a chrooted named cannot" \
  76                             "be run from within a jail." \
  77                             "To run named without chrooting it, set" \
  78                             "named_chrootdir=\"\" in /etc/rc.conf."
  79                 fi
  80         fi
  81
  82         # Copy and/or update key files to the chroot /etc
  83         #
  84         for file in localtime protocols services; do
  85                 if [ -r /etc/$file ]; then
  86                         cmp -s /etc/$file "${named_chrootdir}/etc/$file" ||
  87                             cp -p /etc/$file "${named_chrootdir}/etc/$file"
  88                 fi
  89         done
  90 }
  91
  92 # Make symlinks to the correct pid file
  93 #
  94 make_symlinks()
  95 {
  96         checkyesno named_symlink_enable &&
  97             ln -fs "${named_chrootdir}${pidfile}" ${pidfile}
  98 }
  99
 100 named_poststart () {
 101         make_symlinks
 102
 103         if checkyesno named_wait; then
 104                 until ${command%/sbin/named}/bin/host $named_wait_host >/dev/null 2>&1; do
 105                         echo "  Waiting for nameserver to resolve $named_wait_host"
 106                         sleep 1
 107                 done
 108         fi
 109 }
 110
 111 named_reload()
 112 {
 113         ${command%/named}/rndc reload
 114 }
 115
 116 named_stop()
 117 {
 118         # This duplicates an undesirably large amount of code from the stop
 119         # routine in rc.subr in order to use rndc to shut down the process,
 120         # and to give it a second chance in case rndc fails.
 121         rc_pid=$(check_pidfile $pidfile $command)
 122         if [ -z "$rc_pid" ]; then
 123                 [ -n "$rc_fast" ] && return 0
 124                 _run_rc_notrunning
 125                 return 1
 126         fi
 127         echo 'Stopping named.'
 128         if ${command%/named}/rndc stop 2>/dev/null; then
 129                 wait_for_pids $rc_pid
 130         else
 131                 echo -n 'rndc failed, trying kill: '
 132                 kill -TERM $rc_pid
 133                 wait_for_pids $rc_pid
 134         fi
 135 }
 136
 137 named_poststop()
 138 {
 139         if [ -n "${named_chrootdir}" -a -c ${named_chrootdir}/dev/null ]; then
 140                 if [ `${SYSCTL_N} security.jail.jailed` -eq 0 ]; then
 141                         umount ${named_chrootdir}/dev 2>/dev/null || true
 142                 else
 143                         warn "named chroot:" \
 144                             "cannot unmount devfs from inside jail!"
 145                 fi
 146         fi
 147 }
 148
 149 create_file () {
 150         if [ -e "$1" ]; then
 151                 unlink $1
 152         fi
 153         > $1
 154         chown root:wheel $1
 155         chmod 644 $1
 156 }
 157
 158 named_precmd()
 159 {
 160         local line nsip firstns
 161
 162         # Is the user using a sandbox?
 163         #
 164         if [ -n "$named_chrootdir" ]; then
 165                 rc_flags="$rc_flags -t $named_chrootdir"
 166                 checkyesno named_chroot_autoupdate && chroot_autoupdate
 167         else
 168                 named_symlink_enable=NO
 169         fi
 170
 171         # Create an rndc.key file for the user if none exists
 172         #
 173         if [ -s "${named_chrootdir}/etc/namedb/rndc.conf" ]; then
 174                 return 0
 175         fi
 176         confgen_command="${command%/named}/rndc-confgen -a -b256 -u $named_uid \
 177             -c ${named_chrootdir}/etc/namedb/rndc.key"
 178         if [ -s "${named_chrootdir}/etc/namedb/rndc.key" ]; then
 179                 case `stat -f%Su ${named_chrootdir}/etc/namedb/rndc.key` in
 180                 root|$named_uid) ;;
 181                 *) $confgen_command ;;
 182                 esac
 183         else
 184                 $confgen_command
 185         fi
 186
 187         # Create a forwarder configuration based on /etc/resolv.conf
 188         if checkyesno named_auto_forward; then
 189                 if [ ! -s /etc/resolv.conf ]; then
 190                         warn "named_auto_forward enabled, but no /etc/resolv.conf"
 191
 192                         # Empty the file in case it is included in named.conf
 193                         [ -s "${named_chrootdir}/etc/namedb/auto_forward.conf" ] &&
 194                             create_file ${named_chrootdir}/etc/namedb/auto_forward.conf
 195
 196                         ${command%/named}/named-checkconf $named_conf ||
 197                             err 3 'named-checkconf for $named_conf failed'
 198                         return
 199                 fi
 200
 201                 create_file /var/run/naf-resolv.conf
 202                 create_file /var/run/auto_forward.conf
 203
 204                 echo '  forwarders {' > /var/run/auto_forward.conf
 205
 206                 while read line; do
 207                         case "$line" in
 208                         'nameserver '*|'nameserver      '*)
 209                                 nsip=${line##nameserver[         ]}
 210
 211                                 if [ -z "$firstns" ]; then
 212                                         if [ ! "$nsip" = '127.0.0.1' ]; then
 213                                                 echo 'nameserver 127.0.0.1'
 214                                                 echo "          ${nsip};" >> /var/run/auto_forward.conf
 215                                         fi
 216
 217                                         firstns=1
 218                                 else
 219                                         [ "$nsip" = '127.0.0.1' ] && continue
 220                                         echo "          ${nsip};" >> /var/run/auto_forward.conf
 221                                 fi
 222                                 ;;
 223                         esac
 224
 225                         echo $line
 226                 done < /etc/resolv.conf > /var/run/naf-resolv.conf
 227
 228                 echo '  };' >> /var/run/auto_forward.conf
 229                 echo '' >> /var/run/auto_forward.conf
 230                 if checkyesno named_auto_forward_only; then
 231                         echo "  forward only;" >> /var/run/auto_forward.conf
 232                 else
 233                         echo "  forward first;" >> /var/run/auto_forward.conf
 234                 fi
 235
 236                 if cmp -s /etc/resolv.conf /var/run/naf-resolv.conf; then
 237                         unlink /var/run/naf-resolv.conf
 238                 else
 239                         [ -e /etc/resolv.conf ] && unlink /etc/resolv.conf
 240                         mv /var/run/naf-resolv.conf /etc/resolv.conf
 241                 fi
 242
 243                 if cmp -s ${named_chrootdir}/etc/namedb/auto_forward.conf \
 244                     /var/run/auto_forward.conf; then
 245                         unlink /var/run/auto_forward.conf
 246                 else
 247                         [ -e "${named_chrootdir}/etc/namedb/auto_forward.conf" ] &&
 248                             unlink ${named_chrootdir}/etc/namedb/auto_forward.conf
 249                         mv /var/run/auto_forward.conf \
 250                             ${named_chrootdir}/etc/namedb/auto_forward.conf
 251                 fi
 252         else
 253                 # Empty the file in case it is included in named.conf
 254                 [ -s "${named_chrootdir}/etc/namedb/auto_forward.conf" ] &&
 255                     create_file ${named_chrootdir}/etc/namedb/auto_forward.conf
 256         fi
 257
 258         ${command%/named}/named-checkconf $named_conf ||
 259             err 3 'named-checkconf for $named_conf failed'
 260 }
 261
 262 load_rc_config $name
 263 # Updating the following variables requires that rc.conf be loaded first
 264 #
 265 required_dirs="$named_chrootdir"        # if it is set, it must exist
 266 pidfile="${named_pidfile:-/var/run/named/pid}"
 267 command_args="-u ${named_uid:=root}"
 268
 269 run_rc_command "$1"