From: Pieter Lexis <pieter.lexis@powerdns.com>
Date: Tue, 18 Jun 2019 15:09:35 +0000 (+0200)
Subject: auth: ensure control socket can be created when running in systemd
X-Git-Tag: dnsdist-1.4.0-rc3~15^2~1
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=2dfe5b32717bc2694a32b872d04f53f769474f48;p=pdns

auth: ensure control socket can be created when running in systemd
---

diff --git a/builder-support/debian/authoritative/debian-buster/pdns-server.pdns.init b/builder-support/debian/authoritative/debian-buster/pdns-server.pdns.init
index 16ce98be8..fc5b17a84 100644
--- a/builder-support/debian/authoritative/debian-buster/pdns-server.pdns.init
+++ b/builder-support/debian/authoritative/debian-buster/pdns-server.pdns.init
@@ -21,7 +21,8 @@ NAME=pdns
 DAEMON=/usr/sbin/pdns_server
 DAEMON_ARGS=""
 CONTROL=/usr/bin/pdns_control
-PIDFILE=/var/run/$NAME.pid
+SOCKETDIR=/var/run/pdns
+PIDFILE=$SOCKETDIR/$NAME.pid
 SCRIPTNAME=/etc/init.d/$NAME
 
 [ -x "$DAEMON" ] || exit 0
@@ -36,7 +37,7 @@ if [ -n "$suffix" ]; then
 	DAEMON_ARGS="$DAEMON_ARGS $SUFFIX"
 	NAME="$NAME-$suffix"
 	DESC="$DESC (config name $suffix)"
-	PIDFILE="/var/run/$NAME-$suffix.pid"
+	PIDFILE="/var/run/pdns/$NAME-$suffix.pid"
 fi
 
 # Load lsb stuff for systemd redirection (if available).
@@ -69,6 +70,7 @@ do_start()
 	if isrunning; then
 		return 1
 	fi
+	mkdir -p $SOCKETDIR
 	start-stop-daemon --start --quiet \
 		--pidfile $PIDFILE --exec $DAEMON -- \
 		$DAEMON_ARGS --daemon --guardian=yes \
diff --git a/builder-support/debian/authoritative/debian-jessie/pdns-server.pdns.init b/builder-support/debian/authoritative/debian-jessie/pdns-server.pdns.init
index 16ce98be8..fc5b17a84 100644
--- a/builder-support/debian/authoritative/debian-jessie/pdns-server.pdns.init
+++ b/builder-support/debian/authoritative/debian-jessie/pdns-server.pdns.init
@@ -21,7 +21,8 @@ NAME=pdns
 DAEMON=/usr/sbin/pdns_server
 DAEMON_ARGS=""
 CONTROL=/usr/bin/pdns_control
-PIDFILE=/var/run/$NAME.pid
+SOCKETDIR=/var/run/pdns
+PIDFILE=$SOCKETDIR/$NAME.pid
 SCRIPTNAME=/etc/init.d/$NAME
 
 [ -x "$DAEMON" ] || exit 0
@@ -36,7 +37,7 @@ if [ -n "$suffix" ]; then
 	DAEMON_ARGS="$DAEMON_ARGS $SUFFIX"
 	NAME="$NAME-$suffix"
 	DESC="$DESC (config name $suffix)"
-	PIDFILE="/var/run/$NAME-$suffix.pid"
+	PIDFILE="/var/run/pdns/$NAME-$suffix.pid"
 fi
 
 # Load lsb stuff for systemd redirection (if available).
@@ -69,6 +70,7 @@ do_start()
 	if isrunning; then
 		return 1
 	fi
+	mkdir -p $SOCKETDIR
 	start-stop-daemon --start --quiet \
 		--pidfile $PIDFILE --exec $DAEMON -- \
 		$DAEMON_ARGS --daemon --guardian=yes \
diff --git a/builder-support/debian/authoritative/debian-stretch/pdns-server.pdns.init b/builder-support/debian/authoritative/debian-stretch/pdns-server.pdns.init
index 16ce98be8..fc5b17a84 100644
--- a/builder-support/debian/authoritative/debian-stretch/pdns-server.pdns.init
+++ b/builder-support/debian/authoritative/debian-stretch/pdns-server.pdns.init
@@ -21,7 +21,8 @@ NAME=pdns
 DAEMON=/usr/sbin/pdns_server
 DAEMON_ARGS=""
 CONTROL=/usr/bin/pdns_control
-PIDFILE=/var/run/$NAME.pid
+SOCKETDIR=/var/run/pdns
+PIDFILE=$SOCKETDIR/$NAME.pid
 SCRIPTNAME=/etc/init.d/$NAME
 
 [ -x "$DAEMON" ] || exit 0
@@ -36,7 +37,7 @@ if [ -n "$suffix" ]; then
 	DAEMON_ARGS="$DAEMON_ARGS $SUFFIX"
 	NAME="$NAME-$suffix"
 	DESC="$DESC (config name $suffix)"
-	PIDFILE="/var/run/$NAME-$suffix.pid"
+	PIDFILE="/var/run/pdns/$NAME-$suffix.pid"
 fi
 
 # Load lsb stuff for systemd redirection (if available).
@@ -69,6 +70,7 @@ do_start()
 	if isrunning; then
 		return 1
 	fi
+	mkdir -p $SOCKETDIR
 	start-stop-daemon --start --quiet \
 		--pidfile $PIDFILE --exec $DAEMON -- \
 		$DAEMON_ARGS --daemon --guardian=yes \
diff --git a/builder-support/debian/authoritative/ubuntu-trusty/pdns-server.pdns.init b/builder-support/debian/authoritative/ubuntu-trusty/pdns-server.pdns.init
index 16ce98be8..fc5b17a84 100644
--- a/builder-support/debian/authoritative/ubuntu-trusty/pdns-server.pdns.init
+++ b/builder-support/debian/authoritative/ubuntu-trusty/pdns-server.pdns.init
@@ -21,7 +21,8 @@ NAME=pdns
 DAEMON=/usr/sbin/pdns_server
 DAEMON_ARGS=""
 CONTROL=/usr/bin/pdns_control
-PIDFILE=/var/run/$NAME.pid
+SOCKETDIR=/var/run/pdns
+PIDFILE=$SOCKETDIR/$NAME.pid
 SCRIPTNAME=/etc/init.d/$NAME
 
 [ -x "$DAEMON" ] || exit 0
@@ -36,7 +37,7 @@ if [ -n "$suffix" ]; then
 	DAEMON_ARGS="$DAEMON_ARGS $SUFFIX"
 	NAME="$NAME-$suffix"
 	DESC="$DESC (config name $suffix)"
-	PIDFILE="/var/run/$NAME-$suffix.pid"
+	PIDFILE="/var/run/pdns/$NAME-$suffix.pid"
 fi
 
 # Load lsb stuff for systemd redirection (if available).
@@ -69,6 +70,7 @@ do_start()
 	if isrunning; then
 		return 1
 	fi
+	mkdir -p $SOCKETDIR
 	start-stop-daemon --start --quiet \
 		--pidfile $PIDFILE --exec $DAEMON -- \
 		$DAEMON_ARGS --daemon --guardian=yes \
diff --git a/builder-support/specs/pdns.init b/builder-support/specs/pdns.init
index c544f9a95..7fd9b4929 100644
--- a/builder-support/specs/pdns.init
+++ b/builder-support/specs/pdns.init
@@ -20,12 +20,13 @@ prefix=/usr
 exec_prefix=/usr
 BINARYPATH=/usr/bin
 SBINARYPATH=/usr/sbin
-SOCKETPATH=/var/run
+SOCKETPATH=/var/run/pdns
 
 [ -f "$SBINARYPATH/pdns_server" ] || exit 0
 
 [ -r /etc/default/pdns ] && . /etc/default/pdns
 
+mkdir -p $SOCKETPATH
 cd $SOCKETPATH
 suffix=$(basename $0 | cut -d- -f2- -s)
 if [ -n "$suffix" ] 
diff --git a/pdns/common_startup.cc b/pdns/common_startup.cc
index c1b3c1c29..0a4351cc6 100644
--- a/pdns/common_startup.cc
+++ b/pdns/common_startup.cc
@@ -66,7 +66,7 @@ void declareArguments()
 {
   ::arg().set("config-dir","Location of configuration directory (pdns.conf)")=SYSCONFDIR;
   ::arg().set("config-name","Name of this virtual configuration - will rename the binary image")="";
-  ::arg().set("socket-dir",string("Where the controlsocket will live, ")+LOCALSTATEDIR+" when unset and not chrooted" )="";
+  ::arg().set("socket-dir",string("Where the controlsocket will live, ")+LOCALSTATEDIR+"/pdns when unset and not chrooted" )="";
   ::arg().set("module-dir","Default directory for modules")=PKGLIBDIR;
   ::arg().set("chroot","If set, chroot to this directory for more security")="";
   ::arg().set("logging-facility","Log under a specific facility")="";
diff --git a/pdns/dynlistener.cc b/pdns/dynlistener.cc
index 59776a39b..2deb2182b 100644
--- a/pdns/dynlistener.cc
+++ b/pdns/dynlistener.cc
@@ -177,7 +177,7 @@ DynListener::DynListener(const string &progname)
     string socketname = ::arg()["socket-dir"];
     if (::arg()["socket-dir"].empty()) {
       if (::arg()["chroot"].empty())
-        socketname = LOCALSTATEDIR;
+        socketname = std::string(LOCALSTATEDIR) + "/pdns";
       else
         socketname = ::arg()["chroot"];
     } else if (!::arg()["socket-dir"].empty() && !::arg()["chroot"].empty()) {
diff --git a/pdns/dynloader.cc b/pdns/dynloader.cc
index 7654d6a02..212a41613 100644
--- a/pdns/dynloader.cc
+++ b/pdns/dynloader.cc
@@ -58,7 +58,7 @@ int main(int argc, char **argv)
   string s_programname="pdns";
 
   ::arg().set("config-dir","Location of configuration directory (pdns.conf)")=SYSCONFDIR;
-  ::arg().set("socket-dir",string("Where the controlsocket will live, ")+LOCALSTATEDIR+" when unset and not chrooted" )="";
+  ::arg().set("socket-dir",string("Where the controlsocket will live, ")+LOCALSTATEDIR+"/pdns when unset and not chrooted" )="";
   ::arg().set("remote-address","Remote address to query");
   ::arg().set("remote-port","Remote port to query")="53000";
   ::arg().set("secret","Secret needed to connect to remote PowerDNS");
@@ -97,7 +97,7 @@ int main(int argc, char **argv)
   string socketname=::arg()["socket-dir"];
   if (::arg()["socket-dir"].empty()) {
     if (::arg()["chroot"].empty())
-      socketname = LOCALSTATEDIR;
+      socketname = std::string(LOCALSTATEDIR) + "/pdns";
     else
       socketname = ::arg()["chroot"] + "/";
   } else if (!::arg()["socket-dir"].empty() && !::arg()["chroot"].empty()) {
diff --git a/pdns/pdns.init.in b/pdns/pdns.init.in
index 63c1a54a6..7aba99be0 100755
--- a/pdns/pdns.init.in
+++ b/pdns/pdns.init.in
@@ -19,7 +19,7 @@ set -e
 exec_prefix=@exec_prefix@
 BINARYPATH=@bindir@
 SBINARYPATH=@sbindir@
-SOCKETPATH=@socketdir@
+SOCKETPATH=@socketdir@/pdns
 DAEMON_ARGS=""
 
 [ -f "$SBINARYPATH/pdns_server" ] || exit 0
diff --git a/pdns/pdns.service.in b/pdns/pdns.service.in
index a272eddfb..6613ba17b 100644
--- a/pdns/pdns.service.in
+++ b/pdns/pdns.service.in
@@ -13,6 +13,7 @@ Type=notify
 Restart=on-failure
 RestartSec=1
 StartLimitInterval=0
+RuntimeDirectory=pdns
 
 # Sandboxing
 CapabilityBoundingSet=CAP_NET_BIND_SERVICE CAP_CHOWN
diff --git a/pdns/receiver.cc b/pdns/receiver.cc
index e01c378b9..40944349f 100644
--- a/pdns/receiver.cc
+++ b/pdns/receiver.cc
@@ -137,7 +137,7 @@ static void writePid(void)
   string fname=::arg()["socket-dir"];
   if (::arg()["socket-dir"].empty()) {
     if (::arg()["chroot"].empty())
-      fname = LOCALSTATEDIR;
+      fname = std::string(LOCALSTATEDIR) + "/pdns";
     else
       fname = ::arg()["chroot"] + "/";
   } else if (!::arg()["socket-dir"].empty() && !::arg()["chroot"].empty()) {