diff --git a/src/dns_conf.c b/src/dns_conf.c index df95cb7..5d25539 100644 --- a/src/dns_conf.c +++ b/src/dns_conf.c @@ -3297,31 +3297,6 @@ errout: return -1; } -static int _check_and_create_cert(void) -{ - if (dns_conf_need_cert == 0) { - return 0; - } - - if (dns_conf_bind_ca_file[0] != 0 && dns_conf_bind_ca_key_file[0] != 0) { - return -1; - } - - conf_get_conf_fullpath("smartdns-cert.pem", dns_conf_bind_ca_file, sizeof(dns_conf_bind_ca_file)); - conf_get_conf_fullpath("smartdns-key.pem", dns_conf_bind_ca_key_file, sizeof(dns_conf_bind_ca_key_file)); - if (access(dns_conf_bind_ca_file, F_OK) == 0 && access(dns_conf_bind_ca_key_file, F_OK) == 0) { - return 0; - } - - tlog(TLOG_INFO, "Generate default ssl cert and key file."); - if (generate_cert_key(dns_conf_bind_ca_key_file, dns_conf_bind_ca_file, NULL, 365 * 3) != 0) { - tlog(TLOG_WARN, "Generate default ssl cert and key file failed."); - return -1; - } - - return 0; -} - static int _dns_conf_load_post(void) { _config_setup_smartdns_domain(); @@ -3347,8 +3322,6 @@ static int _dns_conf_load_post(void) _config_domain_set_name_table_destroy(); - _check_and_create_cert(); - return 0; } diff --git a/src/dns_conf.h b/src/dns_conf.h index 844fc61..eeb7e6b 100644 --- a/src/dns_conf.h +++ b/src/dns_conf.h @@ -413,6 +413,7 @@ extern int dns_conf_bind_ip_num; extern char dns_conf_bind_ca_file[DNS_MAX_PATH]; extern char dns_conf_bind_ca_key_file[DNS_MAX_PATH]; extern char dns_conf_bind_ca_key_pass[DNS_MAX_PATH]; +extern char dns_conf_need_cert; extern int dns_conf_tcp_idle_time; extern int dns_conf_cachesize; diff --git a/src/smartdns.c b/src/smartdns.c index d7c18f9..39b9334 100644 --- a/src/smartdns.c +++ b/src/smartdns.c @@ -214,6 +214,7 @@ static int _smartdns_load_from_resolv(void) safe_strncpy(dns_conf_servers[dns_conf_server_num].server, ns_ip, DNS_MAX_IPLEN); dns_conf_servers[dns_conf_server_num].port = port; dns_conf_servers[dns_conf_server_num].type = DNS_SERVER_UDP; + dns_conf_servers[dns_conf_server_num].set_mark = -1; dns_conf_server_num++; ret = 0; } @@ -344,6 +345,42 @@ static int _smartdns_set_ecs_ip(void) return ret; } +static int _smartdns_create_cert(void) +{ + int uid = 0; + int gid = 0; + + if (dns_conf_need_cert == 0) { + return 0; + } + + if (dns_conf_bind_ca_file[0] != 0 && dns_conf_bind_ca_key_file[0] != 0) { + return -1; + } + + conf_get_conf_fullpath("smartdns-cert.pem", dns_conf_bind_ca_file, sizeof(dns_conf_bind_ca_file)); + conf_get_conf_fullpath("smartdns-key.pem", dns_conf_bind_ca_key_file, sizeof(dns_conf_bind_ca_key_file)); + if (access(dns_conf_bind_ca_file, F_OK) == 0 && access(dns_conf_bind_ca_key_file, F_OK) == 0) { + return 0; + } + + if (generate_cert_key(dns_conf_bind_ca_key_file, dns_conf_bind_ca_file, NULL, 365 * 3) != 0) { + tlog(TLOG_WARN, "Generate default ssl cert and key file failed. %s", strerror(errno)); + return -1; + } + + int unused __attribute__((unused)) = 0; + + if (get_uid_gid(&uid, &gid) != 0) { + return -1; + } + + unused = chown(dns_conf_bind_ca_file, uid, gid); + unused = chown(dns_conf_bind_ca_key_file, uid, gid); + + return 0; +} + static int _smartdns_init_ssl(void) { #if OPENSSL_API_COMPAT < 0x10100000L @@ -582,6 +619,11 @@ static int _smartdns_init_pre(void) _set_rlimit(); + if (_smartdns_create_cert() != 0) { + tlog(TLOG_ERROR, "create cert failed."); + return -1; + } + return 0; } diff --git a/src/util.c b/src/util.c index ca34c08..035a145 100644 --- a/src/util.c +++ b/src/util.c @@ -37,6 +37,7 @@ #include #include #include +#include #include #include #include