Bug#191936: ip-up-diald and up/down scripts for bind

[Richard Hawes]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

get_desc() { cat <<DESCRIPTION_END
# . fix.desc -i "-m 444" --
Debian Linux tip for fixing diald for using with ppp and bind

Here are the configuration files for fixing diald for using
bind. This was used on a Debian system.

Latest version of this is at: www.dma.org/~rhawes/tips/fix.txt

All my diald/ppp problems seem to go away when I make the ip-up
script sleep 2 seconds before doing run-parts.

Another way, when variable DIALD_DEVICE = DEVICE, ip-up defers
execution to ip-up-diald. This has to be configured in ip-conf. If not,
wait 2 seconds.

So, now I have a nice ip-up-diald program that probably does
everything anybody ever wanted it to do.

HISTORY

Because the default route is on the proxy device when pppd is
called, bind should not be triggered to look at the interfaces until
diald runs it's ip-up script, or has had enough time to change the
default route. Otherwise name service is lost, and the pppd gets stuck.
Bind does a name lookup and udp does awaken diald, which then reroutes
the the default route, however, this is no help to bind.

This means the a good solution is for pppd's ip-up to check if
diald is running, then save export variables for diald's ip-up to source.
This gets consistent results.

I have been using bind with diald and pppd for several months.
After several months of frustration and inconsistent results, I filed
bug report #191936 because of this problem with diald and pppd ( although
the report went on WWWOFFLE).

INSTALL

for debug mode, type: export INSTALL_SPLIT_DEBUG=y;
unset to install

enter 'sh fix.txt' in an empty directory
to uninstall enter './install-split --uninstall'
to reinstall enter './install-split --reinstall'

- --
Richard L. Hawes
email: rha...@dma.org key: http://www.dma.org/~rhawes/pgp/key

DESCRIPTION_END
}

DIR=fix;
[ -d $DIR ]||mkdir $DIR&&
cd $DIR&&
#use this to split this file:
csplit - '/^#!\/bin\/sh/' '{4}' '/~CSPLIT$/' '/^#!/usr/bin/suidperl/' '/xx00$/' < $0 &&

#then run this
exec sh ./xx05 -i -C ./xx01 .

exit 0

#!/bin/sh
#
# configuration for install-split
DIALD_DEFAULTS="/etc/diald/diald.defaults";
do_add() {
#and add these lines to /etc/diald/diald.defaults
cat <<-DEFAULTS >>"$DIALD_DEFAULTS"
priority -15
ip-goingdown /etc/ppp/ip-goingdown
ip-up /etc/ppp/ip-up-diald
DEFAULTS
}

pointer() {
$RBR "$DIALD_DEFAULTS";
$NXT do_add;
}

opt_s(){
local SYM;
$NXT cd "$DIR"||return;
for SYM in "$@";do
$RBR "$DIR/$SYM";
$NXT ln -fvs "$BAS" "$SYM";
done
$NXT cd - >&3;
}

ERN=pointer;
EOP="s:";

MD5=xx08;
MWC='312';

#!/bin/sh -e
# /etc/ppp ip-up-diald -ci "-vD" -s "ip-up ip-goingdown ip-down" -- \
# ip-up-diald -- This script handles ip-(up|goingdown|down) for ppp|diald
# Copyright (C) 2003 by Richard Hawes <rha...@dma.org>
# under GNU General Public License version 2
# see www.dma.org/~rhawes/site/COPYING
# $Revision: 1.36 $
# latest version: www.dma.org/~rhawes/programs/ip-up-diald

exec 3<>/dev/null;

# USAGE: make symbolic links to this program
# in /etc/ppp/ for ip-up ip-down ip-goingdown
#
# ip-goingdown can be called from diald or a script such as poff
# the first parameter has to be the interface name

p_init() {
SCRIPTNAME="$1";
VARNAME="$2";
eval export PARAM_$2=\"$3\";

# source ip-conf
_if_test -f . "$_ETC/ip-conf"||:;

TIME_STAMP="$TMPDIR/${IFNAME}.goingdown";
PPP_EXPORTS="$TMPDIR/${IFNAME}.exports";

# set DIALD_PID
_if_test -f "read DIALD_PID <" "$_DIALDRUN"&&kill -0 $DIALD_PID 2>&3||
DIALD_PID=;
}
p_log() { logger $_LOG_OPT -t "$SCRIPTNAME[$$]";}
p_param() {
export PPP_IPPARAM="$6" PPP_TTYNAME=`basename "$DEVICE"`;
#the other parameters are in the environment
# $1 == IFNAME
# $2 == DEVICE
# $3 == SPEED
# $4 == IPLOCAL
# $5 == IPREMOTE
# but because scripts use these variables . . .
export PPP_IFACE="$1" PPP_TTY="$2" PPP_SPEED="$3"
export PPP_LOCAL="$4" PPP_REMOTE="$5"
}
# because run-parts version 1.15 does not work with suidperl
# unless all parent directories have permission o+x
run_parts() {
local FILE;
cd "$1"||return;
for FILE in `ls | grep '^[-_[:alnum:]]\+$'`; do
if [ ! -d "$FILE" ]&&[ -x "$FILE" ];then
"./$FILE" $2||
echo "run_parts: $1/$FILE returned $?" >&2
fi
done
cd - >&3;
}
r_pts() {
export SCRIPTNAME VARNAME DIALD_PID;
eval "$1";
eval "$2";
_if_exec "$3"||:;
_if_exec "${3}.${PPP_TTYNAME}"||:;
_if_test -d run_parts "${4}.${PPP_TTYNAME}" "$PPP_IPPARAM"||
_if_test -d run_parts "${4}" "$PPP_IPPARAM"
_if_exec "$5"||:;
_if_exec "${5}.${PPP_TTYNAME}"||:;
eval "$6";
eval "$7";
}
r_parts() {
eval renice \$_NICE_$1 $$;
eval r_pts \"\$E_PRE$1\" \"\$E_PRE$1_${PPP_TTYNAME}\" \"\$S_PRE$1\" \
\"\$D_$1\" \"\$S_POST$1\" \"\$E_POST$1\" \"\$E_POST$1_${PPP_TTYNAME}\"
}
r_pts_down() {
[ -f "$TIME_STAMP" ]&&[ "$PPP_EXPORTS" -ot "$TIME_STAMP" ]||
{
touch "$TIME_STAMP";
r_parts DOWN;
}
}
r_pts_up() {
# give diald time to make new device the default route
_if_test -f "mv -vfb" "$TMPDIR" "${TMPDIR}.orig.$$"||:;
_if_test '! -d' "mkdir -vp" "$TMPDIR"||:;
# save exports for goingdown
export -p >"$PPP_EXPORTS";
if [ "$DIALD_PID" ];then
if [ "$DIALD_DEVICE" != "$DEVICE" ];then
sleep $_DELAY;
r_parts UP;
fi
else
r_parts UP;
fi
}

# functions that could be used in ip-conf
_if_test() { [ $1 "$3" ]&&{ shift; eval "$@";};}
_if_exec() { [ -x "$1" ]&&"$@";}

_ETC=/etc/ppp;
# variables that could be changed in ip-conf
_DELAY=2;
_DIALDRUN="/var/run/diald.pid";
_LOG_OPT="-p user.debug";
_NICE_DOWN="+0";
_NICE_UP="+19";
D_DOWN="$_ETC/ip-down.d";
D_UP="$_ETC/ip-up.d";
E_PREDOWN=":";
E_PREUP=":";
E_POSTDOWN=":";
E_POSTUP=":";
S_PREDOWN="$_ETC/ip-predown";
S_PREUP="$_ETC/ip-preup";
S_POSTDOWN="$_ETC/ip-postdown";
S_POSTUP="$_ETC/ip-postup";
DIALD_DEVICE="";
PATH=/usr/local/sbin:/usr/sbin:/sbin:/usr/local/bin:/usr/bin:/bin;
TMPDIR=/var/tmp/ppp;
export PATH TMPDIR DIALD_DEVICE;

#base names of symbolic links to this program
P_UP="ip-up";
P_UP_DIALD="ip-up-diald";
P_DOWN="ip-down";
P_GOINGDOWN="ip-goingdown";

case "$0" in
*"$P_UP")
p_param "$@";
p_init "$P_UP" IP_UP "$*";
r_pts_up 2>&1 | p_log;;
*"$P_UP_DIALD")
IFNAME="$1";
p_init "$P_UP_DIALD" IP_UP_DIALD "$*";
{
. "$PPP_EXPORTS";
[ "$DIALD_DEVICE" != "$DEVICE" ]||
r_parts UP;
} 2>&1 | p_log;;
*"$P_GOINGDOWN")
IFNAME="$1";
p_init "$P_GOINGDOWN" IP_GOINGDOWN "$*";
{ . "$PPP_EXPORTS"; r_pts_down;} 2>&1 | p_log;;
*"$P_DOWN")
p_param "$@";
p_init "$P_DOWN" IP_DOWN "$*";
r_pts_down 2>&1 | p_log;;
*) echo "called with invalid name: $0" >&2; exit 1;;
esac

#!/bin/sh -e
# /etc/ppp/ip-up.d 007_bind -ci "-vD" -- \
# This script sets up forwarding dns
# Copyright (C) 2003 by Richard Hawes <rha...@dma.org>
# This is free software; see the GNU General Public License version 2
# or later for copying conditions. There is NO warranty.

test -x /usr/sbin/rndc -a -x /usr/sbin/named || exit 0

set -- ${PPP_IPPARAM}
PROVIDER="$1"

BIND_DIR="/etc/bind"
DNS_PEERS="$BIND_DIR/peers/${PROVIDER}.conf"
FORWARD="$BIND_DIR/isp_dns.conf"
BINDRUN=/var/run/named.pid;

if [ "$USEPEERDNS" ] && [ "$DNS1" ] ; then
# use dns provided by peer
(
echo "\
// PPP_IPPARAM = $PPP_IPPARAM
forwarders {
$DNS1;"
if [ "$DNS2" ] ; then
echo "\
$DNS2;"
fi
echo "\
};"

) > "$FORWARD";

elif [ "$PROVIDER" -a -f $DNS_PEERS ] ; then
# use dns provided in file
/bin/cp $DNS_PEERS $FORWARD
fi

# if bind is running send hang up signal to reload the database
[ -f "$BINDRUN" ]&&read PID <"$BINDRUN"&&kill -0 "$PID"&&kill -HUP "$PID"||:;

#!/bin/sh -e
# /etc/ppp/ip-down.d zzz90_bind -ci "-vD" -- \
# Dump data base and optionally flush cache.
# Copyright (C) 2003 by Richard Hawes <rha...@dma.org>
# This is free software; see the GNU General Public License version 2
# or later for copying conditions. There is NO warranty.

RNDC="/usr/sbin/rndc";
test -x $RNDC -a -x /usr/sbin/named || exit 0

BINDRUN="/var/run/named.pid"

set -- ${PPP_IPPARAM}
PROVIDER="$1"
[ $# -eq 0 ] || shift;

FLUSH_CACHE="";
# ipparam options:
# * -d ip down
# * -g global
# * -u ip up
while getopts ":d:g:u:" PARAM_OPT; do
case $PARAM_OPT in
d) [ "$OPTARG" != bind_flush ]||FLUSH_CACHE="y";;
*) ;;
esac
done

# if bind is running . . .
if [ -f "$BINDRUN" ]&& read PID <"$BINDRUN"&&kill -0 "$PID"; then
#dump cache into file
$RNDC dumpdb
# flush is needed for dynamically assigned ip addresses
if [ "$FLUSH_CACHE" ]; then
# flush the cache to make auto-dial trigger on name lookup
$RNDC flush
echo "flushing bind's domain name cache";
fi
fi

#!/bin/sh -u
# /usr/local/sbin install-split -i "-vDb" -- \
# install split text files
RVS='$Revision: 1.38 $';version(){ cat <<VRS
$P0$2
Copyright (C) 2003 by Richard Hawes <rha...@dma.org>
This is free software; see the GNU General Public License version 2
or later for copying conditions. There is NO warranty.
VRS
exit;
}

_install(){
[ ! -e $CHG ]||{ er ${Oi}ed previously\?;}
if [ -e "$MD5" ];then
[ $MWC -eq `wc -c <$MD5` ]||er $MD5 size is not $MWC;
md5sum -vc $MD5||exit;
fi
rbr_nxt echo "$DG :"|tee $CHG|arkiv $OLD;
rbr_nxt : "$DG";
$DG touch -t 200101010000 $NEW;
[ -z "$DG" ]||mv $CHG ${CHG}.debug;
}

_reinstall(){ restor "$NEW" "$OLD";}

_uninstall(){ restor "$OLD" "$NEW";}

arkiv(){ xargs -r ls 2>&3|$DG cpio -ovF $1 -H newc;}

ev(){ eval "$@";}

er(){ warn ERROR: "$@";exit 1;}

help(){
echo "USAGE: $P0-[$ONE] [ -C config_file . . . ] dir"
for LR in $ONE; do ev echo \"\ -$LR\ --\ \$O$LR\";done
echo "second line of each file contains:
$LN2"

exit 2;
}

restor(){
[ -e $CHG ]||{ er not ${Oi}ed;}
[ $2 -ot $1 ]||{ er $2 is newer than $1;}
arkiv $2 <$CHG;
$DG xargs -r rm -f <$CHG;
$DG cpio -ivmuF $1;
}

rbr_nxt(){
RBR=$1;NXT="$2";
for XXN in xx*;do if { read LN1&&read $LN2;}<$XXN&&
[ "$DIR" ]&&[ "$BAS" ]&&[ "$PRM" ];then
ev xxprm $PRM;
fi;done;
ev $ERN;
}

warn(){ echo "$@" >&2;}

opt_c(){ $RBR "$FIL";}

opt_i(){ $NXT $Oi "$@" $XXN "$FIL"&& $NXT rm $XXN;}

xxprm(){
FIL="$DIR/$BAS";
OPTIND=1;
while getopts "ci:$EOP" LR;do
[ "$LR" = '?' ]&&break||opt_$LR ${OPTARG:-};
done;
}

OH=help;
OV=version;
Oi=install;
Or=re$Oi;
Ou=un$Oi;
P0="$Oi-split ";

CHG=change.list;
EOP=;
ERN=;
LN2="COM DIR BAS PRM";
MD5=;
MWC=;
NEW=new.cpio;
OLD=old.cpio;
ONE="H V i r u";

DG=;
[ -z "${INSTALL_SPLIT_DEBUG:-}" ]||DG=warn;

exec 3<>/dev/null;
SN=;
GO="$ONE";
while getopts "C:$GO" LR;do case $LR in
[iru]) SN=O$LR;;
C) . "$OPTARG";;
V) $OV $RVS;;
H|\?) $OH;;
esac;GO=;done;
shift $(($OPTIND-1));
[ $# -eq 1 ]&&cd "$1"||$OH;
{ ev echo $P0 \$$SN;ev _\$$SN;} 2>&1|tee -a log;

// ~CSPLIT
// /etc/bind named.conf -ci "-vDm 644" --
// This is the primary configuration file for the BIND DNS server named.
//

options {
directory "/var/cache/bind";

// include file generated by 00bind
// for dynamically assigned dns
// forwarders { . . . };

include "/etc/bind/isp_dns.conf";

auth-nxdomain no; # conform to RFC1035
dialup refresh; # minimize refresh

};

// prime the server with knowledge of the root servers
zone "." {
type hint;
file "/etc/bind/db.root";
};

// be authoritative for the localhost forward and reverse zones, and for
// broadcast zones as per RFC 1912

zone "localhost" {
type master;
file "/etc/bind/db.local";
forwarders { };
};

zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
forwarders { };
};

zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
forwarders { };
};

zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
forwarders { };
};

// add entries for other zones below here

#!/usr/bin/suidperl -w
# /usr/local/bin ip-goingdown -ci "-vDm 4750 -g dialout" -- \
# ip-goingdown -- This script handles ip-goingdown for ppp
my $revision = '$Revision: 1.7 $'; sub copyleft { print <<"COPYLEFT";
Copyright (C) 2003 by Richard L. Hawes <rhawes\@dma.org>
This is free software; see the GNU General Public License version 2
or later for copying conditions. There is NO warranty.

latest version: www.dma.org/~rhawes/programs/ip-goingdown
COPYLEFT
}

use strict;

sub help { print <<"HELP";
USAGE: ip-goingdown "interface_name" (i.e. ppp0)
secure suid wrapper for /etc/ppp/ip-goingdown
HELP
}
sub version {
print STDOUT 'ip-goingdown ', ( split(' ', $revision ) )[1], "\n" ;
copyleft;
}

BEGIN {
$ENV{PATH} = '/bin:/usr/bin';
$ENV{SHELL} = '/bin/sh' if exists $ENV{SHELL};
delete @ENV{qw(IFS CDPATH ENV BASH_ENV)};
}

my $goingdown = "/etc/ppp/ip-goingdown";

for ( @ARGV ) {
if(/--version/) { version(); last; }
if(/--help/) { help(); last; }
exec $goingdown, $_;
}

45813161b2a229bfed427e531fa90209 xx00
355c66a6b367ee53c03e6c4ae311bb9a xx01
509a689f2cbe855630aef07c11a2fb87 xx02
b9676be6f8b243efa2d135b939a8561e xx03
68e473e0dec96983a7a6c14cf4acd08d xx04
1d9f28fc0c10e6bfbd95aedd81ab483c xx05
267fab057ea5c1e574de72e465869601 xx06
ef7ea26dd16b5071aa413d7930625f43 xx07

-----BEGIN PGP SIGNATURE-----
Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv

iQA/AwUBPwQY5bdlcLd2+QdSEQKV5ACdETTqeMWJqM/8zUX8BzhRZO7J3tMAnRh2
1Y7jOkJE62/YjI3Wv/YGA0s0
=L1qL
-----END PGP SIGNATURE-----