Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add rlm_unbound a wrapper around libunbound
- Loading branch information
Showing
6 changed files
with
878 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,4 @@ | ||
unbound dns { | ||
# filename = "${raddbdir}/mods-config/unbound/default.conf" | ||
# xlat_timeout = 3000 | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,2 @@ | ||
server: | ||
num-threads: 2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,13 @@ | ||
TARGETNAME := @targetname@ | ||
|
||
ifneq "$(TARGETNAME)" "" | ||
TARGET := $(TARGETNAME).a | ||
endif | ||
|
||
SOURCES := $(TARGETNAME).c | ||
|
||
SRC_CFLAGS := @mod_cflags@ | ||
TGT_LDLIBS := @mod_ldflags@ | ||
|
||
MAN := rlm_unbound.5 | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,54 @@ | ||
AC_PREREQ([2.53]) | ||
AC_INIT(rlm_unbound.c) | ||
AC_REVISION($Revision$) | ||
AC_DEFUN(modname,[rlm_unbound]) | ||
|
||
if test x$with_[]modname != xno; then | ||
AC_PROG_CC | ||
AC_PROG_CPP | ||
|
||
FR_SMART_CHECK_LIB(unbound, ub_ctx_create) | ||
if test "x$ac_cv_lib_unbound_ub_ctx_create" != "xyes"; then | ||
fail="$fail libunbound" | ||
fi | ||
|
||
FR_SMART_CHECK_INCLUDE(unbound.h) | ||
if test "$ac_cv_header_unbound_h" != "yes"; then | ||
fail="$fail unbound.h" | ||
fi | ||
|
||
dnl # This needs work as libunbound could be using NSS or various other | ||
dnl # mixes of incompatible options and header/lib availability may occur. | ||
dnl # Since libunbound needs openssl locking set up, and may be | ||
dnl # linked against openssl even when we are not, play it safe. | ||
FR_SMART_CHECK_INCLUDE(openssl/crypto.h) | ||
if test "$ac_cv_header_openssl_crypto_h" != "yes"; then | ||
fail="$fail openssl/crypto.h" | ||
fi | ||
|
||
targetname=modname | ||
else | ||
targetname= | ||
echo \*\*\* module modname is disabled. | ||
fi | ||
|
||
if test x"$fail" != x""; then | ||
if test x"${enable_strict_dependencies}" = x"yes"; then | ||
AC_MSG_ERROR([set --without-]modname[ to disable it explicitly.]) | ||
else | ||
AC_MSG_WARN([silently not building ]modname[.]) | ||
AC_MSG_WARN([FAILURE: ]modname[ requires: $fail.]); | ||
targetname="" | ||
fi | ||
fi | ||
|
||
mod_ldflags="${SMART_LIBS}" | ||
mod_cflags="${SMART_CFLAGS}" | ||
|
||
AC_SUBST(mod_cflags) | ||
AC_SUBST(mod_ldflags) | ||
|
||
AC_CONFIG_HEADER(config.h) | ||
|
||
AC_SUBST(targetname) | ||
AC_OUTPUT(all.mk) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
.\" # DS - begin display | ||
.de DS | ||
.RS | ||
.nf | ||
.sp | ||
.. | ||
.\" # DE - end display | ||
.de DE | ||
.fi | ||
.RE | ||
.sp | ||
.. | ||
.TH rlm_unbound 5 "8 July 2013" "" "FreeRADIUS Module" | ||
.SH NAME | ||
rlm_unbound \- FreeRADIUS Module | ||
.SH DESCRIPTION | ||
Each instance of \fIrlm_unbound\fP provides an embedded DNS client | ||
for performing DNS lookups. Each instance may be configured separately | ||
to query different DNS horizons, change DNSSEC options, etc. | ||
.PP | ||
The module is primarily intended for use by other modules through | ||
internal APIs, and so, instances should be initialized earlier than | ||
those modules which use them. Each instance does also provide some | ||
xlat functionalities for general use and for troubleshooting. | ||
.PP | ||
Each instance of rlm_unbound may take the following parameters: | ||
.IP filename | ||
This file must exist and must point to a valid libunbound configuration file. | ||
The default is ${raddbdir}/mods-config/unbound/default.conf. | ||
.IP xlat_timeout | ||
While libunbound provides an asyncronous API for internal use, using any xlat | ||
is done syncronously from the perspective of unlang. This value limits the | ||
amount of time a request will wait for DNS to respond, after which the xlat | ||
will fail. The default is 3000 milliseconds. This setting is independent of | ||
any libunbound configuration values. | ||
.PP | ||
An instance named, for example, "dns" will provide the following xlat | ||
functionalities: | ||
.IP %{dns-a:<owner>} | ||
Performs an A lookup for the owner name, returning a stringified IPv4 | ||
address. Only the first A record in the RRSET will be returned. | ||
.IP %{dns-aaaa:<owner>} | ||
Performs an AAAA lookup for the owner name, returning a stringified IPv6 | ||
address. Only the first AAAA record in the RRSET will be returned. | ||
.IP %{dns-ptr:<owner>} | ||
Performs a PTR lookup for the owner. | ||
.PP | ||
.SH CAVEATS | ||
Logging from rlm_unbound can be problematic, especialy if more than one | ||
instantiation of the module is used. This is due to the need for additional | ||
features in the underlying libunbound which hopefully will be enhanced over | ||
time. | ||
.PP | ||
There is a potential for a FreeRADIUS server using rlm_unbound to either | ||
fail to terminate cleanly (leaving zombie processes, failing to clean up | ||
other modules, and hanging after a SIGTERM until a SIGKILL is sent) or | ||
to fail valgrind checks during termination when run with -m. Likewise this | ||
problem will rely on upstream enhancements before it can be fixed, and the | ||
exact behavior may change in interim releases until then. | ||
.PP | ||
The logging behavior of rlm_unbound may vary depending on whether | ||
FreeRADIUS is compiled with support for threads. | ||
.PP | ||
.SH FILES | ||
.I /etc/raddb/modules-available/rlm_unbound | ||
.I /etc/raddb/modules-config/unbound/ | ||
.PP | ||
.SH "SEE ALSO" | ||
.BR radiusd (8), | ||
.BR radiusd.conf (5) | ||
.BR libunbound (3) | ||
.BR unbound.conf (5) | ||
.SH AUTHOR | ||
Brian S. Julin, bjulin@clarku.edu | ||
|
Oops, something went wrong.