Use SIGINT (instead of overloading SIGHUP) to turn on DNSSEC time validation.

3c973ad9 · Simon Kelley · faaf306a · 3c973ad9 · 3c973ad9 · 3c973ad9
Commit 3c973ad9 authored Jan 14, 2018 by Simon Kelley
Hide whitespace changes
Inline Side-by-side

Showing with 38 additions and 14 deletions

CHANGELOG CHANGELOG +4 -0

man/dnsmasq.8 man/dnsmasq.8 +6 -2

src/dnsmasq.c src/dnsmasq.c +25 -11

src/dnsmasq.h src/dnsmasq.h +1 -0

src/helper.c src/helper.c +2 -1

No files found.
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -19,6 +19,10 @@ version 2.79
 	Fix incorrect error exit code from dhcp_release6 utility.
 	Thanks Gaudenz Steinlin for the bug report.
+	Use SIGINT (instead of overloading SIGHUP) to turn on DNSSEC
+	time validation when --dnssec-no-timecheck is in use.
+	Note that this is an incompatible change from earlier releases.
 version 2.78
        Fix logic of appending ".<layer>" to PXE basename. Thanks to Chris

--- a/man/dnsmasq.8
+++ b/man/dnsmasq.8
@@ -736,10 +736,14 @@ section on
 DNSSEC signatures are only valid for specified time windows, and should be rejected outside those windows. This generates an
 interesting chicken-and-egg problem for machines which don't have a hardware real time clock. For these machines to determine the correct 
 time typically requires use of NTP and therefore DNS, but validating DNS requires that the correct time is already known. Setting this flag
-removes the time-window checks (but not other DNSSEC validation.) only until the dnsmasq process receives SIGHUP. The intention is
+removes the time-window checks (but not other DNSSEC validation.) only until the dnsmasq process receives SIGINT. The intention is
 that dnsmasq should be started with this flag when the platform determines that reliable time is not currently available. As soon as 
-reliable time is established, a SIGHUP should be sent to dnsmasq, which enables time checking, and purges the cache of DNS records
+reliable time is established, a SIGINT should be sent to dnsmasq, which enables time checking, and purges the cache of DNS records
 which have not been thoroughly checked.
+Earlier versions of dnsmasq overloaded SIGHUP (which re-reads much configuration) to also enable time validation.
+If dnsmasq is run in debug mode (-d flag) then SIGINT retains its usual meaning of terminating the dnsmasq process.
 .TP
 .B --dnssec-timestamp=<path>
 Enables an alternative way of checking the validity of the system time for DNSSEC (see --dnssec-no-timecheck). In this case, the 

--- a/src/dnsmasq.c
+++ b/src/dnsmasq.c
@@ -77,7 +77,8 @@ int main (int argc, char **argv)
  sigaction(SIGTERM, &sigact, NULL);
  sigaction(SIGALRM, &sigact, NULL);
  sigaction(SIGCHLD, &sigact, NULL);
+  sigaction(SIGINT, &sigact, NULL);
  /* ignore SIGPIPE */
  sigact.sa_handler = SIG_IGN;
  sigaction(SIGPIPE, &sigact, NULL);
@@ -759,7 +760,7 @@ int main (int argc, char **argv)
      daemon->dnssec_no_time_check = option_bool(OPT_DNSSEC_TIME);
      if (option_bool(OPT_DNSSEC_TIME) && !daemon->back_to_the_future)
-	my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until first cache reload"));
+	my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until receipt of SIGINT"));
      if (rc == 1)
 	my_syslog(LOG_INFO, _("DNSSEC signature timestamps not checked until system time valid"));
@@ -1083,7 +1084,7 @@ static void sig_handler(int sig)
    {
      /* ignore anything other than TERM during startup
 	 and in helper proc. (helper ignore TERM too) */
-      if (sig == SIGTERM)
+      if (sig == SIGTERM || sig == SIGINT)
 	exit(EC_MISC);
    }
  else if (pid != getpid())
@@ -1109,6 +1110,15 @@ static void sig_handler(int sig)
 	event = EVENT_DUMP;
      else if (sig == SIGUSR2)
 	event = EVENT_REOPEN;
+      else if (sig == SIGINT)
+	{
+	  /* Handle SIGINT normally in debug mode, so
+	     ctrl-c continues to operate. */
+	  if (option_bool(OPT_DEBUG))
+	    exit(EC_MISC);
+	  else
+	    event = EVENT_TIME;
+	}
      else
 	return;
@@ -1236,14 +1246,7 @@ static void async_event(int pipe, time_t now)
      {
      case EVENT_RELOAD:
 	daemon->soa_sn++; /* Bump zone serial, as it may have changed. */
-#ifdef HAVE_DNSSEC
-	if (daemon->dnssec_no_time_check && option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME))
-	  {
-	    my_syslog(LOG_INFO, _("now checking DNSSEC signature timestamps"));
-	    daemon->dnssec_no_time_check = 0;
-	  } 
-#endif
 	/* fall through */
      case EVENT_INIT:
@@ -1352,6 +1355,17 @@ static void async_event(int pipe, time_t now)
 	poll_resolv(0, 1, now);
 	break;
+      case EVENT_TIME:
+#ifdef HAVE_DNSSEC
+	if (daemon->dnssec_no_time_check && option_bool(OPT_DNSSEC_VALID) && option_bool(OPT_DNSSEC_TIME))
+	  {
+	    my_syslog(LOG_INFO, _("now checking DNSSEC signature timestamps"));
+	    daemon->dnssec_no_time_check = 0;
+	    clear_cache_and_reload(now);
+	  }
+#endif
+	break;
      case EVENT_TERM:
 	/* Knock all our children on the head. */
 	for (i = 0; i < MAX_PROCS; i++)

--- a/src/dnsmasq.h
+++ b/src/dnsmasq.h
@@ -179,6 +179,7 @@ struct event_desc {
 #define EVENT_NEWROUTE   23
 #define EVENT_TIME_ERR   24
 #define EVENT_SCRIPT_LOG 25
+#define EVENT_TIME       26
 /* Exit codes. */
 #define EC_GOOD        0

--- a/src/helper.c
+++ b/src/helper.c
@@ -97,13 +97,14 @@ int create_helper(int event_fd, int err_fd, uid_t uid, gid_t gid, long max_fd)
      return pipefd[1];
    }
-  /* ignore SIGTERM, so that we can clean up when the main process gets hit
+  /* ignore SIGTERM and SIGINT, so that we can clean up when the main process gets hit
     and SIGALRM so that we can use sleep() */
  sigact.sa_handler = SIG_IGN;
  sigact.sa_flags = 0;
  sigemptyset(&sigact.sa_mask);
  sigaction(SIGTERM, &sigact, NULL);
  sigaction(SIGALRM, &sigact, NULL);
+  sigaction(SIGINT, &sigact, NULL);
  if (!option_bool(OPT_DEBUG) && uid != 0)
    {