diff options
Diffstat (limited to '')
-rw-r--r-- | external/unbound/winrc/setup.nsi | 6 | ||||
-rw-r--r-- | external/unbound/winrc/unbound-control-setup.cmd | 328 | ||||
-rw-r--r-- | external/unbound/winrc/vista_admin.manifest | 19 | ||||
-rw-r--r-- | external/unbound/winrc/win_svc.c | 8 |
4 files changed, 193 insertions, 168 deletions
diff --git a/external/unbound/winrc/setup.nsi b/external/unbound/winrc/setup.nsi index bf47165f3..513b30015 100644 --- a/external/unbound/winrc/setup.nsi +++ b/external/unbound/winrc/setup.nsi @@ -1,6 +1,8 @@ # The NSIS (http://nsis.sourceforge.net) install script. # This script is BSD licensed. -SetCompressor /solid /final lzma + +# use the default compression to help anti-virus in scanning us +#SetCompressor /solid /final lzma !include LogicLib.nsh !include MUI2.nsh @@ -92,6 +94,7 @@ section "-hidden.postinstall" File "unbound-website.url" File "service.conf" File "..\doc\example.conf" + File "..\doc\Changelog" # Store Root Key choice SectionGetFlags ${SectionRootKey} $R0 @@ -178,6 +181,7 @@ section "un.Unbound" Delete "$INSTDIR\unbound-website.url" Delete "$INSTDIR\service.conf" Delete "$INSTDIR\example.conf" + Delete "$INSTDIR\Changelog" Delete "$INSTDIR\root.key" RMDir "$INSTDIR" diff --git a/external/unbound/winrc/unbound-control-setup.cmd b/external/unbound/winrc/unbound-control-setup.cmd index 13617927a..ddf4a06e0 100644 --- a/external/unbound/winrc/unbound-control-setup.cmd +++ b/external/unbound/winrc/unbound-control-setup.cmd @@ -1,164 +1,164 @@ -@Echo off -rem -rem unbound-control-setup.cmd - set up SSL certificates for unbound-control -rem -rem Copyright (c) 2008, NLnet Labs. All rights reserved. -rem Modified for Windows by Y.Voinov (c) 2014 -rem -rem This software is open source. -rem -rem Redistribution and use in source and binary forms, with or without -rem modification, are permitted provided that the following conditions -rem are met: -rem -rem Redistributions of source code must retain the above copyright notice, -rem this list of conditions and the following disclaimer. -rem -rem Redistributions in binary form must reproduce the above copyright notice, -rem this list of conditions and the following disclaimer in the documentation -rem and/or other materials provided with the distribution. -rem -rem Neither the name of the NLNET LABS nor the names of its contributors may -rem be used to endorse or promote products derived from this software without -rem specific prior written permission. -rem -rem THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS -rem "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT -rem LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR -rem A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT -rem HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, -rem SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED -rem TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR -rem PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF -rem LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING -rem NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS -rem SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -rem settings: - -rem directory for files -set prefix="C:\Program Files (x86)" -set DESTDIR=%prefix%\Unbound - -rem issuer and subject name for certificates -set SERVERNAME=unbound -set CLIENTNAME=unbound-control - -rem validity period for certificates -set DAYS=7200 - -rem size of keys in bits -set BITS=1536 - -rem hash algorithm -set HASH=sha256 - -rem base name for unbound server keys -set SVR_BASE=unbound_server - -rem base name for unbound-control keys -set CTL_BASE=unbound_control - -rem end of options - -rem Check OpenSSL installed -for /f "delims=" %%a in ('where openssl') do @set SSL_PROGRAM=%%a -if /I "%SSL_PROGRAM%"=="" echo SSL not found. If installed, add path to PATH environment variable. & exit 1 -echo SSL found: %SSL_PROGRAM% - -set arg=%1 -if /I "%arg%" == "-h" goto help -if /I "%arg%"=="-d" set DESTDIR=%2 - -rem go!: -echo setup in directory %DESTDIR% -cd %$DESTDIR% - -rem create certificate keys; do not recreate if they already exist. -if exist $SVR_BASE.key ( -echo %SVR_BASE%.key exists -goto next -) -echo generating %SVR_BASE%.key -"%SSL_PROGRAM%" genrsa -out %SVR_BASE%.key %BITS% || echo could not genrsa && exit 1 - -:next -if exist %CTL_BASE%.key ( -echo %CTL_BASE%.key exists -goto next2 -) -echo generating %CTL_BASE%.key -"%SSL_PROGRAM%" genrsa -out %CTL_BASE%.key %BITS% || echo could not genrsa && exit 1 - -:next2 -rem create self-signed cert for server -if exist request.cfg (del /F /Q /S request.cfg) -echo [req]>>request.cfg -echo default_bits=%BITS%>>request.cfg -echo default_md=%HASH%>>request.cfg -echo prompt=no>>request.cfg -echo distinguished_name=req_distinguished_name>>request.cfg -echo.>>request.cfg -echo [req_distinguished_name]>>request.cfg -echo commonName=%SERVERNAME%>>request.cfg - -if not exist request.cfg ( -echo could not create request.cfg -exit 1 -) - -echo create %SVR_BASE%.pem (self signed certificate) -"%SSL_PROGRAM%" req -key %SVR_BASE%.key -config request.cfg -new -x509 -days %DAYS% -out %SVR_BASE%.pem || echo could not create %SVR_BASE%.pem && exit 1 -rem create trusted usage pem -"%SSL_PROGRAM%" x509 -in %SVR_BASE%.pem -addtrust serverAuth -out %SVR_BASE%_trust.pem - -rem create client request and sign it -if exist request.cfg (del /F /Q /S request.cfg) -echo [req]>>request.cfg -echo default_bits=%BITS%>>request.cfg -echo default_md=%HASH%>>request.cfg -echo prompt=no>>request.cfg -echo distinguished_name=req_distinguished_name>>request.cfg -echo.>>request.cfg -echo [req_distinguished_name]>>request.cfg -echo commonName=%CLIENTNAME%>>request.cfg - -if not exist request.cfg ( -echo could not create request.cfg -exit 1 -) - -echo create %CTL_BASE%.pem (signed client certificate) -"%SSL_PROGRAM%" req -key %CTL_BASE%.key -config request.cfg -new | "%SSL_PROGRAM%" x509 -req -days %DAYS% -CA %SVR_BASE%_trust.pem -CAkey %SVR_BASE%.key -CAcreateserial -%HASH% -out %CTL_BASE%.pem - -if not exist %CTL_BASE%.pem ( -echo could not create %CTL_BASE%.pem -exit 1 -) -rem create trusted usage pem -rem "%SSL_PROGRAM%" x509 -in %CTL_BASE%.pem -addtrust clientAuth -out %CTL_BASE%_trust.pem - -rem see details with "%SSL_PROGRAM%" x509 -noout -text < %SVR_BASE%.pem -rem echo "create %CTL_BASE%_browser.pfx (web client certificate)" -rem echo "create webbrowser PKCSrem12 .PFX certificate file. In Firefox import in:" -rem echo "preferences - advanced - encryption - view certificates - your certs" -rem echo "empty password is used, simply click OK on the password dialog box." -rem "%SSL_PROGRAM%" pkcs12 -export -in %CTL_BASE%_trust.pem -inkey %CTL_BASE%.key -name "unbound remote control client cert" -out %CTL_BASE%_browser.pfx -password "pass:" || echo could not create browser certificate && exit 1 - -rem remove crap -del /F /Q /S request.cfg -del /F /Q /S %CTL_BASE%_trust.pem -del /F /Q /S %SVR_BASE%_trust.pem -del /F /Q /S %SVR_BASE%_trust.srl - -echo Setup success. Certificates created. Enable in unbound.conf file to use - -exit 0 - -:help -echo unbound-control-setup.cmd - setup SSL keys for unbound-control -echo -d dir use directory to store keys and certificates. -echo default: %DESTDIR% -echo please run this command using the same user id that the -echo unbound daemon uses, it needs read privileges. -exit 1 +@Echo off
+rem
+rem unbound-control-setup.cmd - set up SSL certificates for unbound-control
+rem
+rem Copyright (c) 2008, NLnet Labs. All rights reserved.
+rem Modified for Windows by Y.Voinov (c) 2014
+rem
+rem This software is open source.
+rem
+rem Redistribution and use in source and binary forms, with or without
+rem modification, are permitted provided that the following conditions
+rem are met:
+rem
+rem Redistributions of source code must retain the above copyright notice,
+rem this list of conditions and the following disclaimer.
+rem
+rem Redistributions in binary form must reproduce the above copyright notice,
+rem this list of conditions and the following disclaimer in the documentation
+rem and/or other materials provided with the distribution.
+rem
+rem Neither the name of the NLNET LABS nor the names of its contributors may
+rem be used to endorse or promote products derived from this software without
+rem specific prior written permission.
+rem
+rem THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+rem "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+rem LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
+rem A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
+rem HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+rem SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
+rem TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
+rem PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
+rem LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
+rem NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
+rem SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+
+rem settings:
+
+rem directory for files
+set prefix="C:\Program Files (x86)"
+set DESTDIR=%prefix%\Unbound
+
+rem issuer and subject name for certificates
+set SERVERNAME=unbound
+set CLIENTNAME=unbound-control
+
+rem validity period for certificates
+set DAYS=7200
+
+rem size of keys in bits
+set BITS=1536
+
+rem hash algorithm
+set HASH=sha256
+
+rem base name for unbound server keys
+set SVR_BASE=unbound_server
+
+rem base name for unbound-control keys
+set CTL_BASE=unbound_control
+
+rem end of options
+
+rem Check OpenSSL installed
+for /f "delims=" %%a in ('where openssl') do @set SSL_PROGRAM=%%a
+if /I "%SSL_PROGRAM%"=="" echo SSL not found. If installed, add path to PATH environment variable. & exit 1
+echo SSL found: %SSL_PROGRAM%
+
+set arg=%1
+if /I "%arg%" == "-h" goto help
+if /I "%arg%"=="-d" set DESTDIR=%2
+
+rem go!:
+echo setup in directory %DESTDIR%
+cd %DESTDIR%
+
+rem create certificate keys; do not recreate if they already exist.
+if exist %SVR_BASE%.key (
+echo %SVR_BASE%.key exists
+goto next
+)
+echo generating %SVR_BASE%.key
+"%SSL_PROGRAM%" genrsa -out %SVR_BASE%.key %BITS% || echo could not genrsa && exit 1
+
+:next
+if exist %CTL_BASE%.key (
+echo %CTL_BASE%.key exists
+goto next2
+)
+echo generating %CTL_BASE%.key
+"%SSL_PROGRAM%" genrsa -out %CTL_BASE%.key %BITS% || echo could not genrsa && exit 1
+
+:next2
+rem create self-signed cert for server
+if exist request.cfg (del /F /Q /S request.cfg)
+echo [req]>>request.cfg
+echo default_bits=%BITS%>>request.cfg
+echo default_md=%HASH%>>request.cfg
+echo prompt=no>>request.cfg
+echo distinguished_name=req_distinguished_name>>request.cfg
+echo.>>request.cfg
+echo [req_distinguished_name]>>request.cfg
+echo commonName=%SERVERNAME%>>request.cfg
+
+if not exist request.cfg (
+echo could not create request.cfg
+exit 1
+)
+
+echo create %SVR_BASE%.pem (self signed certificate)
+"%SSL_PROGRAM%" req -key %SVR_BASE%.key -config request.cfg -new -x509 -days %DAYS% -out %SVR_BASE%.pem || echo could not create %SVR_BASE%.pem && exit 1
+rem create trusted usage pem
+"%SSL_PROGRAM%" x509 -in %SVR_BASE%.pem -addtrust serverAuth -out %SVR_BASE%_trust.pem
+
+rem create client request and sign it
+if exist request.cfg (del /F /Q /S request.cfg)
+echo [req]>>request.cfg
+echo default_bits=%BITS%>>request.cfg
+echo default_md=%HASH%>>request.cfg
+echo prompt=no>>request.cfg
+echo distinguished_name=req_distinguished_name>>request.cfg
+echo.>>request.cfg
+echo [req_distinguished_name]>>request.cfg
+echo commonName=%CLIENTNAME%>>request.cfg
+
+if not exist request.cfg (
+echo could not create request.cfg
+exit 1
+)
+
+echo create %CTL_BASE%.pem (signed client certificate)
+"%SSL_PROGRAM%" req -key %CTL_BASE%.key -config request.cfg -new | "%SSL_PROGRAM%" x509 -req -days %DAYS% -CA %SVR_BASE%_trust.pem -CAkey %SVR_BASE%.key -CAcreateserial -%HASH% -out %CTL_BASE%.pem
+
+if not exist %CTL_BASE%.pem (
+echo could not create %CTL_BASE%.pem
+exit 1
+)
+rem create trusted usage pem
+rem "%SSL_PROGRAM%" x509 -in %CTL_BASE%.pem -addtrust clientAuth -out %CTL_BASE%_trust.pem
+
+rem see details with "%SSL_PROGRAM%" x509 -noout -text < %SVR_BASE%.pem
+rem echo "create %CTL_BASE%_browser.pfx (web client certificate)"
+rem echo "create webbrowser PKCSrem12 .PFX certificate file. In Firefox import in:"
+rem echo "preferences - advanced - encryption - view certificates - your certs"
+rem echo "empty password is used, simply click OK on the password dialog box."
+rem "%SSL_PROGRAM%" pkcs12 -export -in %CTL_BASE%_trust.pem -inkey %CTL_BASE%.key -name "unbound remote control client cert" -out %CTL_BASE%_browser.pfx -password "pass:" || echo could not create browser certificate && exit 1
+
+rem remove crap
+del /F /Q /S request.cfg
+del /F /Q /S %CTL_BASE%_trust.pem
+del /F /Q /S %SVR_BASE%_trust.pem
+del /F /Q /S %SVR_BASE%_trust.srl
+
+echo Setup success. Certificates created. Enable in unbound.conf file to use
+
+exit 0
+
+:help
+echo unbound-control-setup.cmd - setup SSL keys for unbound-control
+echo -d dir use directory to store keys and certificates.
+echo default: %DESTDIR%
+echo please run this command using the same user id that the
+echo unbound daemon uses, it needs read privileges.
+exit 1
diff --git a/external/unbound/winrc/vista_admin.manifest b/external/unbound/winrc/vista_admin.manifest index 560801440..32eb1d6aa 100644 --- a/external/unbound/winrc/vista_admin.manifest +++ b/external/unbound/winrc/vista_admin.manifest @@ -13,4 +13,23 @@ </ms_asmv2:requestedPrivileges> </ms_asmv2:security> </ms_asmv2:trustInfo> + <compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"> + <application> + <!--This Id value indicates the application supports Windows Vista/Server + 2008 functionality --> + <supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/> + <!--This Id value indicates the application supports Windows 7/Server 2008 + R2 functionality--> + <supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/> + <!--This Id value indicates the application supports Windows 8/Server 2012 + functionality--> + <supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/> + <!-- This Id value indicates the application supports Windows Blue/Server + 2012 R2 functionality--> + <supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/> + <!-- This Id value indicates the application supports Windows Threshold + functionality ; Windows 10 --> + <supportedOS Id="{8e0f7a12-bfb3-4fe8-b9a5-48fd50a15a9a}"/> + </application> + </compatibility> </assembly> diff --git a/external/unbound/winrc/win_svc.c b/external/unbound/winrc/win_svc.c index 57a160d6a..9d6926dbe 100644 --- a/external/unbound/winrc/win_svc.c +++ b/external/unbound/winrc/win_svc.c @@ -333,15 +333,17 @@ service_init(int r, struct daemon** d, struct config_file** c) verbose(VERB_QUERY, "winservice - apply settings"); /* apply settings and init */ verbosity = cfg->verbosity + service_cmdline_verbose; + w_config_adjust_directory(cfg); if(cfg->directory && cfg->directory[0]) { - if(chdir(cfg->directory)) { + char* dir = cfg->directory; + if(chdir(dir)) { log_err("could not chdir to %s: %s", - cfg->directory, strerror(errno)); + dir, strerror(errno)); if(errno != ENOENT) return 0; log_warn("could not change directory - continuing"); } else - verbose(VERB_QUERY, "chdir to %s", cfg->directory); + verbose(VERB_QUERY, "chdir to %s", dir); } log_init(cfg->logfile, cfg->use_syslog, cfg->chrootdir); if(!r) report_status(SERVICE_START_PENDING, NO_ERROR, 2400); |