diff options
Diffstat (limited to 'src/libcharon/plugins/resolve')
| -rw-r--r-- | src/libcharon/plugins/resolve/Makefile.in | 27 | ||||
| -rw-r--r-- | src/libcharon/plugins/resolve/resolve_handler.c | 203 |
2 files changed, 180 insertions, 50 deletions
diff --git a/src/libcharon/plugins/resolve/Makefile.in b/src/libcharon/plugins/resolve/Makefile.in index 70d97cc32..38b709ef0 100644 --- a/src/libcharon/plugins/resolve/Makefile.in +++ b/src/libcharon/plugins/resolve/Makefile.in @@ -1,7 +1,7 @@ -# Makefile.in generated by automake 1.14.1 from Makefile.am. +# Makefile.in generated by automake 1.15 from Makefile.am. # @configure_input@ -# Copyright (C) 1994-2013 Free Software Foundation, Inc. +# Copyright (C) 1994-2014 Free Software Foundation, Inc. # This Makefile.in is free software; the Free Software Foundation # gives unlimited permission to copy and/or distribute it, @@ -15,7 +15,17 @@ @SET_MAKE@ VPATH = @srcdir@ -am__is_gnu_make = test -n '$(MAKEFILE_LIST)' && test -n '$(MAKELEVEL)' +am__is_gnu_make = { \ + if test -z '$(MAKELEVEL)'; then \ + false; \ + elif test -n '$(MAKE_HOST)'; then \ + true; \ + elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \ + true; \ + else \ + false; \ + fi; \ +} am__make_running_with_option = \ case $${target_option-} in \ ?) ;; \ @@ -79,8 +89,6 @@ POST_UNINSTALL = : build_triplet = @build@ host_triplet = @host@ subdir = src/libcharon/plugins/resolve -DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/Makefile.am \ - $(top_srcdir)/depcomp ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/m4/config/ltoptions.m4 \ @@ -94,6 +102,7 @@ am__aclocal_m4_deps = $(top_srcdir)/m4/config/libtool.m4 \ $(top_srcdir)/configure.ac am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \ $(ACLOCAL_M4) +DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON) mkinstalldirs = $(install_sh) -d CONFIG_HEADER = $(top_builddir)/config.h CONFIG_CLEAN_FILES = @@ -203,12 +212,14 @@ am__define_uniq_tagged_files = \ done | $(am__uniquify_input)` ETAGS = etags CTAGS = ctags +am__DIST_COMMON = $(srcdir)/Makefile.in $(top_srcdir)/depcomp DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST) ACLOCAL = @ACLOCAL@ ALLOCA = @ALLOCA@ AMTAR = @AMTAR@ AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@ AR = @AR@ +ATOMICLIB = @ATOMICLIB@ AUTOCONF = @AUTOCONF@ AUTOHEADER = @AUTOHEADER@ AUTOMAKE = @AUTOMAKE@ @@ -258,6 +269,7 @@ LIBTOOL = @LIBTOOL@ LIPO = @LIPO@ LN_S = @LN_S@ LTLIBOBJS = @LTLIBOBJS@ +LT_SYS_LIBRARY_PATH = @LT_SYS_LIBRARY_PATH@ MAKEINFO = @MAKEINFO@ MANIFEST_TOOL = @MANIFEST_TOOL@ MKDIR_P = @MKDIR_P@ @@ -292,6 +304,7 @@ PTHREADLIB = @PTHREADLIB@ PYTHON = @PYTHON@ PYTHONEGGINSTALLDIR = @PYTHONEGGINSTALLDIR@ PYTHON_EXEC_PREFIX = @PYTHON_EXEC_PREFIX@ +PYTHON_PACKAGE_VERSION = @PYTHON_PACKAGE_VERSION@ PYTHON_PLATFORM = @PYTHON_PLATFORM@ PYTHON_PREFIX = @PYTHON_PREFIX@ PYTHON_VERSION = @PYTHON_VERSION@ @@ -403,6 +416,7 @@ random_device = @random_device@ resolv_conf = @resolv_conf@ routing_table = @routing_table@ routing_table_prio = @routing_table_prio@ +runstatedir = @runstatedir@ s_plugins = @s_plugins@ sbindir = @sbindir@ scepclient_plugins = @scepclient_plugins@ @@ -462,7 +476,6 @@ $(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps) echo ' cd $(top_srcdir) && $(AUTOMAKE) --gnu src/libcharon/plugins/resolve/Makefile'; \ $(am__cd) $(top_srcdir) && \ $(AUTOMAKE) --gnu src/libcharon/plugins/resolve/Makefile -.PRECIOUS: Makefile Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status @case '$?' in \ *config.status*) \ @@ -776,6 +789,8 @@ uninstall-am: uninstall-pluginLTLIBRARIES mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \ uninstall-am uninstall-pluginLTLIBRARIES +.PRECIOUS: Makefile + # Tell versions [3.59,3.63) of GNU make to not export all variables. # Otherwise a system limit (for SysV at least) may be exceeded. diff --git a/src/libcharon/plugins/resolve/resolve_handler.c b/src/libcharon/plugins/resolve/resolve_handler.c index ec3decc4d..9077b51d4 100644 --- a/src/libcharon/plugins/resolve/resolve_handler.c +++ b/src/libcharon/plugins/resolve/resolve_handler.c @@ -1,7 +1,7 @@ /* - * Copyright (C) 2012 Tobias Brunner + * Copyright (C) 2012-2016 Tobias Brunner * Copyright (C) 2009 Martin Willi - * Hochschule fuer Technik Rapperswil + * HSR Hochschule fuer Technik Rapperswil * * This program is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License as published by the @@ -21,6 +21,8 @@ #include <unistd.h> #include <utils/debug.h> +#include <utils/process.h> +#include <collections/array.h> #include <threading/mutex.h> /* path to resolvconf executable */ @@ -47,12 +49,12 @@ struct private_resolve_handler_t { char *file; /** - * use resolvconf instead of writing directly to resolv.conf + * Use resolvconf instead of writing directly to resolv.conf */ bool use_resolvconf; /** - * prefix to be used for interface names sent to resolvconf + * Prefix to be used for interface names sent to resolvconf */ char *iface_prefix; @@ -60,13 +62,55 @@ struct private_resolve_handler_t { * Mutex to access file exclusively */ mutex_t *mutex; + + /** + * Reference counting for DNS servers dns_server_t + */ + array_t *servers; }; /** + * Reference counting for DNS servers + */ +typedef struct { + + /** + * DNS server address + */ + host_t *server; + + /** + * Reference count + */ + u_int refcount; + +} dns_server_t; + +/** + * Compare a server and a stored reference + */ +static int dns_server_find(const void *a, const void *b) +{ + host_t *server = (host_t*)a; + dns_server_t *item = (dns_server_t*)b; + return chunk_compare(server->get_address(server), + item->server->get_address(item->server)); +} + +/** + * Sort references by DNS server + */ +static int dns_server_sort(const void *a, const void *b, void *user) +{ + const dns_server_t *da = a, *db = b; + return chunk_compare(da->server->get_address(da->server), + db->server->get_address(db->server)); +} + +/** * Writes the given nameserver to resolv.conf */ -static bool write_nameserver(private_resolve_handler_t *this, - identification_t *server, host_t *addr) +static bool write_nameserver(private_resolve_handler_t *this, host_t *addr) { FILE *in, *out; char buf[1024]; @@ -79,8 +123,7 @@ static bool write_nameserver(private_resolve_handler_t *this, out = fopen(this->file, "w"); if (out) { - fprintf(out, "nameserver %H # by strongSwan, from %Y\n", addr, - server); + fprintf(out, "nameserver %H # by strongSwan\n", addr); DBG1(DBG_IKE, "installing DNS server %H to %s", addr, this->file); handled = TRUE; @@ -104,8 +147,7 @@ static bool write_nameserver(private_resolve_handler_t *this, /** * Removes the given nameserver from resolv.conf */ -static void remove_nameserver(private_resolve_handler_t *this, - identification_t *server, host_t *addr) +static void remove_nameserver(private_resolve_handler_t *this, host_t *addr) { FILE *in, *out; char line[1024], matcher[512]; @@ -119,8 +161,7 @@ static void remove_nameserver(private_resolve_handler_t *this, if (out) { snprintf(matcher, sizeof(matcher), - "nameserver %H # by strongSwan, from %Y\n", - addr, server); + "nameserver %H # by strongSwan\n", addr); /* copy all, but matching line */ while (fgets(line, sizeof(line), in)) @@ -144,50 +185,91 @@ static void remove_nameserver(private_resolve_handler_t *this, /** * Add or remove the given nameserver by invoking resolvconf. */ -static bool invoke_resolvconf(private_resolve_handler_t *this, - identification_t *server, host_t *addr, +static bool invoke_resolvconf(private_resolve_handler_t *this, host_t *addr, bool install) { - char cmd[128]; - bool success = TRUE; + process_t *process; + FILE *shell; + int in, out, retval; /* we use the nameserver's IP address as part of the interface name to * make them unique */ - if (snprintf(cmd, sizeof(cmd), "%s %s %s%H", RESOLVCONF_EXEC, - install ? "-a" : "-d", this->iface_prefix, addr) >= sizeof(cmd)) + process = process_start_shell(NULL, install ? &in : NULL, &out, NULL, + "2>&1 %s %s %s%H", RESOLVCONF_EXEC, + install ? "-a" : "-d", this->iface_prefix, addr); + + if (!process) { return FALSE; } - if (install) { - FILE *out; - - out = popen(cmd, "w"); - if (!out) + shell = fdopen(in, "w"); + if (shell) { - return FALSE; + DBG1(DBG_IKE, "installing DNS server %H via resolvconf", addr); + fprintf(shell, "nameserver %H\n", addr); + fclose(shell); } - DBG1(DBG_IKE, "installing DNS server %H via resolvconf", addr); - fprintf(out, "nameserver %H\n", addr); - success = !ferror(out); - if (pclose(out)) + else { + close(in); + close(out); + process->wait(process, NULL); return FALSE; } } else { - ignore_result(system(cmd)); + DBG1(DBG_IKE, "removing DNS server %H via resolvconf", addr); + } + shell = fdopen(out, "r"); + if (shell) + { + while (TRUE) + { + char resp[128], *e; + + if (fgets(resp, sizeof(resp), shell) == NULL) + { + if (ferror(shell)) + { + DBG1(DBG_IKE, "error reading from resolvconf"); + } + break; + } + else + { + e = resp + strlen(resp); + if (e > resp && e[-1] == '\n') + { + e[-1] = '\0'; + } + DBG1(DBG_IKE, "resolvconf: %s", resp); + } + } + fclose(shell); + } + else + { + close(out); + } + if (!process->wait(process, &retval) || retval != EXIT_SUCCESS) + { + if (install) + { /* revert changes when installing fails */ + invoke_resolvconf(this, addr, FALSE); + return FALSE; + } } - return success; + return TRUE; } METHOD(attribute_handler_t, handle, bool, private_resolve_handler_t *this, ike_sa_t *ike_sa, configuration_attribute_type_t type, chunk_t data) { - identification_t *server; + dns_server_t *found = NULL; host_t *addr; bool handled; @@ -208,16 +290,34 @@ METHOD(attribute_handler_t, handle, bool, DESTROY_IF(addr); return FALSE; } - server = ike_sa->get_other_id(ike_sa); this->mutex->lock(this->mutex); - if (this->use_resolvconf) + if (array_bsearch(this->servers, addr, dns_server_find, &found) == -1) { - handled = invoke_resolvconf(this, server, addr, TRUE); + if (this->use_resolvconf) + { + handled = invoke_resolvconf(this, addr, TRUE); + } + else + { + handled = write_nameserver(this, addr); + } + if (handled) + { + INIT(found, + .server = addr->clone(addr), + .refcount = 1, + ); + array_insert_create(&this->servers, ARRAY_TAIL, found); + array_sort(this->servers, dns_server_sort, NULL); + } } else { - handled = write_nameserver(this, server, addr); + DBG1(DBG_IKE, "DNS server %H already installed, increasing refcount", + addr); + found->refcount++; + handled = TRUE; } this->mutex->unlock(this->mutex); addr->destroy(addr); @@ -233,9 +333,9 @@ METHOD(attribute_handler_t, release, void, private_resolve_handler_t *this, ike_sa_t *ike_sa, configuration_attribute_type_t type, chunk_t data) { - identification_t *server; + dns_server_t *found = NULL; host_t *addr; - int family; + int family, idx; switch (type) { @@ -249,16 +349,30 @@ METHOD(attribute_handler_t, release, void, return; } addr = host_create_from_chunk(family, data, 0); - server = ike_sa->get_other_id(ike_sa); this->mutex->lock(this->mutex); - if (this->use_resolvconf) - { - invoke_resolvconf(this, server, addr, FALSE); - } - else + idx = array_bsearch(this->servers, addr, dns_server_find, &found); + if (idx != -1) { - remove_nameserver(this, server, addr); + if (--found->refcount > 0) + { + DBG1(DBG_IKE, "DNS server %H still used, decreasing refcount", + addr); + } + else + { + if (this->use_resolvconf) + { + invoke_resolvconf(this, addr, FALSE); + } + else + { + remove_nameserver(this, addr); + } + array_remove(this->servers, idx, NULL); + found->server->destroy(found->server); + free(found); + } } this->mutex->unlock(this->mutex); @@ -341,6 +455,7 @@ METHOD(attribute_handler_t, create_attribute_enumerator, enumerator_t*, METHOD(resolve_handler_t, destroy, void, private_resolve_handler_t *this) { + array_destroy(this->servers); this->mutex->destroy(this->mutex); free(this); } |