Merge branch 'develop'

Author: wtoorop

ChangeLog

@@ -1,4 +1,10 @@
+* 2019-04-03: Version 0.2.6
+ * Windows: use appropriate system and user configuration directories.
+ * Windows: replace references to C:\Program Files with %PROGRAMFILES%.
+ * Windows: use location of stubby.bat to find stubby.exe and stubby.yml.
+
 * 2019-01-11: Version 0.2.5
+ * Fix builds on Windows.
  * RFE getdnsapi/getdns#408: Document trust_anchors_backoff_time
    in stubby.yml.example. Thanks Jonathan Underwood
  * RFE #148: Document tls_ciphersuites, tls_cipher_list, tls_min_version

configure.ac

@@ -1,5 +1,5 @@
 AC_PREREQ([2.68])
-AC_INIT([Stubby], [0.2.5], [[email protected]])
+AC_INIT([Stubby], [0.2.6], [[email protected]])
 AC_CANONICAL_TARGET
 AM_INIT_AUTOMAKE
 AC_CONFIG_SRCDIR([src/stubby.c])

macos/stubby-setdns-macos.sh

@@ -48,7 +48,7 @@ usage () {
 RESET=0
 LIST=0
 SERVERS="127.0.0.1 ::1"
-OS_X=`uname -a | grep -c 'Darwin'`
+OS_X=$(uname -a | grep -c 'Darwin')
 
 while getopts ":rlh" opt; do
     case $opt in
@@ -69,9 +69,9 @@ fi
 
 if [[ $LIST -eq 1 ]]; then
     echo "** Current DNS settings **"
-    networksetup -listallnetworkservices 2>/dev/null | grep -v '*' | while read x ; do
-        RESULT=`networksetup -getdnsservers "$x"`
-        RESULT=`echo $RESULT`
+    networksetup -listallnetworkservices 2>/dev/null | grep -v '\*' | while read -r x ; do
+        RESULT=$(networksetup -getdnsservers "$x")
+        RESULT=$(echo $RESULT)
         printf '%-30s %s\n' "$x:" "$RESULT"
     done
     exit 1
@@ -84,13 +84,12 @@ fi
 
 if [[ $RESET -eq 1 ]]; then
     SERVERS="empty"
-    echo "Setting DNS servers to '"$SERVERS"' - the system will use default DNS service."
+    echo "Setting DNS servers to $SERVERS - the system will use default DNS service."
 else
-    echo "Setting DNS servers to '"$SERVERS"' - the system will use Stubby if it is running."
+    echo "Setting DNS servers to $SERVERS - the system will use Stubby if it is running."
 fi
 
 ### Set the DNS settings via networksetup ###
-networksetup -listallnetworkservices 2>/dev/null | grep -v '*' | while read x ; do
+networksetup -listallnetworkservices 2>/dev/null | grep -v '\*' | while read -r x ; do
     networksetup -setdnsservers "$x" $SERVERS
-done
-
+done

src/Makefile.am

@@ -6,4 +6,4 @@ stubby_SOURCES = stubby.c yaml/convert_yaml_to_json.c sldns/sbuffer.c
 else
 stubby_SOURCES = stubby.c
 endif
-AM_CPPFLAGS = -DSTUBBYCONFDIR=\"$(sysconfdir)/stubby\" -DRUNSTATEDIR=\"$(runstatedir)\"
+AM_CPPFLAGS = -DSTUBBYCONFDIR='"$(sysconfdir)/stubby"' -DRUNSTATEDIR='"$(runstatedir)"'

src/stubby.c

@@ -32,7 +32,10 @@
 #include <errno.h>
 #include <limits.h>
 #include <assert.h>
-#if !defined(STUBBY_ON_WINDOWS) && !defined(GETDNS_ON_WINDOWS)
+#if defined(STUBBY_ON_WINDOWS) || defined(GETDNS_ON_WINDOWS)
+#include <shlobj.h>
+#else
+#include <pwd.h>
 #include <unistd.h>
 #endif
 #include <signal.h>
@@ -62,7 +65,17 @@ getdns_yaml2dict(const char *str, getdns_dict **dict)
 }
 #endif
 
-#define STUBBYPIDFILE RUNSTATEDIR"/stubby.pid"
+static char *make_config_file_path(const char *dir, const char *fname)
+{
+	int reslen = strlen(dir) + strlen(fname) + 1;
+	char *res = malloc(reslen);
+
+	if (res == NULL)
+		return NULL;
+
+	snprintf(res, reslen, "%s%s", dir, fname);
+	return res;
+}
 
 #if defined(STUBBY_ON_WINDOWS) || defined(GETDNS_ON_WINDOWS)
 #define DEBUG_ON(...) do { \
@@ -78,7 +91,31 @@ getdns_yaml2dict(const char *str, getdns_dict **dict)
 	                fprintf(stderr, "[%s.%.6d] ", buf_dEbUgSyM, (int)tv_dEbUgSyM.tv_usec); \
 	                fprintf(stderr, __VA_ARGS__); \
 	        } while (0)
+
+static char *folder_config_file(int csidl)
+{
+	TCHAR szPath[MAX_PATH];
+
+	if (!SUCCEEDED(SHGetFolderPath(NULL,
+	    csidl | CSIDL_FLAG_CREATE, NULL, 0, szPath)))
+		return NULL;
+
+	return make_config_file_path(szPath, "\\Stubby\\stubby.yml");
+}
+
+// %APPDATA%/Stubby/stubby.yml.
+char *home_config_file()
+{
+	return folder_config_file(CSIDL_APPDATA);
+}
+
+char *system_config_file()
+{
+	return folder_config_file(CSIDL_PROGRAM_FILES);
+}
 #else
+#define STUBBYPIDFILE RUNSTATEDIR"/stubby.pid"
+
 #define DEBUG_ON(...) do { \
 	                struct timeval tv_dEbUgSyM; \
 	                struct tm tm_dEbUgSyM; \
@@ -90,6 +127,20 @@ getdns_yaml2dict(const char *str, getdns_dict **dict)
 	                fprintf(stderr, "[%s.%.6d] ", buf_dEbUgSyM, (int)tv_dEbUgSyM.tv_usec); \
 	                fprintf(stderr, __VA_ARGS__); \
 	        } while (0)
+
+char *home_config_file()
+{
+	struct passwd *p = getpwuid(getuid());
+	char *home = p ? p->pw_dir : getenv("HOME");
+	if (!home)
+		return NULL;
+	return make_config_file_path(home, "/.stubby.yml");
+}
+
+char *system_config_file()
+{
+	return make_config_file_path(STUBBYCONFDIR, "/stubby.yml");
+}
 #endif
 #define DEBUG_OFF(...) do {} while (0)
 
@@ -126,6 +177,8 @@ static void stubby_local_log(void *userarg, uint64_t system,
 void
 print_usage(FILE *out)
 {
+	char *home_conf_fn = home_config_file();
+	char *system_conf_fn = system_config_file();
 	fprintf(out, "usage: " STUBBY_PACKAGE " [<option> ...] \\\n");
 	fprintf(out, "\t-C\t<filename>\n");
 	fprintf(out, "\t\tRead settings from config file <filename>\n");
@@ -135,16 +188,16 @@ print_usage(FILE *out)
 	fprintf(out, "\t\tspecified on the command line.)\n");
 	fprintf(out, "\t\tBy default, the configuration file location is obtained\n");
 	fprintf(out, "\t\tby looking for YAML files in the following order:\n");
-	fprintf(out, "\t\t\t\"%s/.stubby.yml\"\n", getenv("HOME"));
-	fprintf(out, "\t\t\t\"%s/stubby.yml\"\n", STUBBYCONFDIR);
-	fprintf(out, "\t\tAn default file (Using Strict mode) is installed as\n");
-	fprintf(out, "\t\t\t\"%s/stubby.yml\"\n", STUBBYCONFDIR);
+	fprintf(out, "\t\t\t\"%s\"\n", home_conf_fn);
+	fprintf(out, "\t\t\t\"%s\"\n", system_conf_fn);
+	fprintf(out, "\t\tA default file (Using Strict mode) is installed as\n");
+	fprintf(out, "\t\t\t\"%s\"\n", system_conf_fn);
 #if !defined(STUBBY_ON_WINDOWS) && !defined(GETDNS_ON_WINDOWS)
 	fprintf(out, "\t-g\tRun stubby in background (default is foreground)\n");
 #endif
 	fprintf(out, "\t-h\tPrint this help\n");
 	fprintf(out, "\t-i\tValidate and print the configuration only. Useful to validate config file\n");
-	fprintf(out, "\t\t\tcontents. Note: does not attempt to bind to the listen addresses.\n");
+	fprintf(out, "\t\tcontents. Note: does not attempt to bind to the listen addresses.\n");
 	fprintf(out, "\t-l\tEnable logging of all logs (same as -v 7)\n");
 	fprintf(out, "\t-v\tSpecify logging level (overrides -l option). Values are\n");
 	fprintf(out, "\t\t\t0: EMERG  - %s\n", GETDNS_LOG_EMERG_TEXT);
@@ -156,6 +209,8 @@ print_usage(FILE *out)
 	fprintf(out, "\t\t\t6: INFO   - %s\n", GETDNS_LOG_INFO_TEXT);
 	fprintf(out, "\t\t\t7: DEBUG  - %s\n", GETDNS_LOG_DEBUG_TEXT);
 	fprintf(out, "\t-V\tPrint the " STUBBY_PACKAGE " version\n");
+	free(home_conf_fn);
+	free(system_conf_fn);
 }
 
 void
@@ -702,9 +757,9 @@ void stubby_local_log(void *userarg, uint64_t system,
 int
 main(int argc, char **argv)
 {
-	char home_stubby_conf_fn_spc[1024], *home_stubby_conf_fn = NULL;
+	char *conf_fn;
 	const char *custom_config_fn = NULL;
-	int fn_sz;
+	int found_conf = 0;
 	int print_api_info = 0;
 	int log_connections = 0;
 	getdns_return_t r;
@@ -771,48 +826,36 @@ main(int argc, char **argv)
 			return r;
 		}
 	} else {
-		fn_sz = snprintf( home_stubby_conf_fn_spc
-				, sizeof(home_stubby_conf_fn_spc)
-				, "%s/.stubby.yml"
-				, getenv("HOME")
-				);
-
-		if (fn_sz > 0 && fn_sz < (int)sizeof(home_stubby_conf_fn_spc))
-			home_stubby_conf_fn = home_stubby_conf_fn_spc;
-
-		else if (fn_sz > 0) {
-			if (!(home_stubby_conf_fn = malloc(fn_sz + 1)) ||
-			    snprintf( home_stubby_conf_fn, fn_sz
-				    , "%s/.stubby.yml", getenv("HOME")) != fn_sz) {
-				if (home_stubby_conf_fn) {
-					free(home_stubby_conf_fn);
-					home_stubby_conf_fn = NULL;
-				}
-			}
+		conf_fn = home_config_file();
+		if (!conf_fn) {
+			fprintf(stderr, "Error getting user config file");
+			exit(EXIT_FAILURE);
 		}
-		if (home_stubby_conf_fn &&
-		    (r = parse_config_file(home_stubby_conf_fn))) {
-			if (r != GETDNS_RETURN_IO_ERROR)
+		r = parse_config_file(conf_fn);
+		if (r == GETDNS_RETURN_GOOD)
+			found_conf = 1;
+		else if (r != GETDNS_RETURN_IO_ERROR)
+			fprintf( stderr, "Error parsing config file "
+				 "\"%s\": %s\n", conf_fn
+				 , _getdns_strerror(r));
+		free(conf_fn);
+		if (!found_conf) {
+			conf_fn = system_config_file();
+			if (!conf_fn) {
+				fprintf(stderr, "Error getting system config file");
+				exit(EXIT_FAILURE);
+			}
+			r = parse_config_file(conf_fn);
+			if (r == GETDNS_RETURN_GOOD)
+				found_conf = 1;
+			else if (r != GETDNS_RETURN_IO_ERROR)
 				fprintf( stderr, "Error parsing config file "
-				         "\"%s\": %s\n", home_stubby_conf_fn
+				         "\"%s\": %s\n", conf_fn
 				       , _getdns_strerror(r));
-			if (home_stubby_conf_fn != home_stubby_conf_fn_spc)
-				free(home_stubby_conf_fn);
-			home_stubby_conf_fn = NULL;
+			free(conf_fn);
 		}
-		if (!home_stubby_conf_fn &&
-		    (r = parse_config_file(STUBBYCONFDIR"/stubby.yml"))) {
-			if (r != GETDNS_RETURN_IO_ERROR) {
-				fprintf( stderr, "Error parsing config file \"%s\": %s\n"
-			            , STUBBYCONFDIR"/stubby.yml"
-			            , _getdns_strerror(r));
-			}
+		if (!found_conf)
 			fprintf(stderr, "WARNING: No Stubby config file found... using minimal default config (Opportunistic Usage)\n");
-		}
-		if (home_stubby_conf_fn &&
-		    home_stubby_conf_fn != home_stubby_conf_fn_spc) {
-			free(home_stubby_conf_fn);
-		}
 	}
 	if ((r = getdns_context_set_resolution_type(context, GETDNS_RESOLUTION_STUB))) {
 		fprintf( stderr, "Error while trying to configure stubby for "

stubby.yml.example

@@ -65,12 +65,12 @@ edns_client_subnet_private : 1
 ############################# CONNECTION SETTINGS ##############################
 # Set to 1 to instruct stubby to distribute queries across all available name
 # servers - this will use multiple simultaneous connections which can give
-# better performance is most (but not all) cases.
+# better performance in most (but not all) cases.
 # Set to 0 to treat the upstreams below as an ordered list and use a single
 # upstream until it becomes unavailable, then use the next one.
 round_robin_upstreams: 1
 
-# EDNS0 option for keepalive idle timeout in ms as specified in
+# EDNS0 option for keepalive idle timeout in milliseconds as specified in
 # https://tools.ietf.org/html/rfc7828
 # This keeps idle TLS connections open to avoid the overhead of opening a new
 # connection for every query.
@@ -84,16 +84,16 @@ idle_timeout: 10000
 # individual upstream after failures under normal circumstances (default 3600)
 # tls_backoff_time: 300
 
-# Specify where the location for CA certificates for verification purposes are
-# located.
+# Specify the location for CA certificates used for verification purposes are
+# located - this overrides the OS specific default location.
 # tls_ca_path: "/etc/ssl/certs/"
 
 # Limit the total number of outstanding queries permitted
 # limit_outstanding_queries: 100
 
-# Specify the timeout on getting a response to an individual request
-# (default 5s)
-# timeout: 1
+# Specify the timeout in milliseconds on getting a response to an individual
+# request (default 5000)
+# timeout: 1000
 
 # Set the acceptable ciphers for DNS over TLS.  With OpenSSL 1.1.1 this list is
 # for TLS1.2 and older only. Ciphers for TLS1.3 should be set with the
@@ -132,8 +132,9 @@ listen_addresses:
 # Stubby tries to fetch and validate the DNSSEC root trust anchor on the fly
 # when needed (Zero configuration DNSSEC), but only if it can store then
 # somewhere.  The default location to store these files is the ".getdns"
-# subdirectory in the user's home directory. If there is no home directory, or
-# the .getdns subdirectory could not be created (or is not present), Stubby
+# subdirectory in the user's home directory on Unixes, and the %appdata%\getdns
+# directory on Windows. If there is no home directory, or
+# the required subdirectory could not be created (or is not present), Stubby
 # will fall back to the current working directory to try to store the
 # trust-anchor files.
 #
@@ -223,8 +224,7 @@ upstream_recursive_servers:
 ## Quad 9 'secure' service - Filters, does DNSSEC, doesn't send ECS
 #  - address_data: 9.9.9.9
 #    tls_auth_name: "dns.quad9.net"
-## Quad 9 'insecure' service - No filtering, does DNSSEC, may send ECS (it is
-## unclear if it honours the edns_client_subnet_private request from stubby)
+## Quad 9 'insecure' service - No filtering, no DNSSEC, doesn't send ECS
 #  - address_data: 9.9.9.10
 #    tls_auth_name: "dns.quad9.net"
 ## Cloudflare 1.1.1.1 and 1.0.0.1
@@ -249,6 +249,16 @@ upstream_recursive_servers:
 #    tls_auth_name: "dns.google"
 #  - address_data: 8.8.4.4
 #    tls_auth_name: "dns.google"
+## Adguard Default servers
+#  - address_data: 176.103.130.130
+#    tls_auth_name: "dns.adguard.com"
+#  - address_data: 176.103.130.131
+#    tls_auth_name: "dns.adguard.com"
+## Adguard Family Protection servers
+#  - address_data: 176.103.130.132
+#    tls_auth_name: "dns-family.adguard.com"
+#  - address_data: 176.103.130.134
+#    tls_auth_name: "dns-family.adguard.com"
 ### Test servers ###
 ## A Surfnet/Sinodun server supporting TLS 1.2 and 1.3
 #  - address_data: 145.100.185.18
@@ -350,6 +360,16 @@ upstream_recursive_servers:
 #    tls_auth_name: "dns.google"
 #  - address_data: 2001:4860:4860::8844
 #    tls_auth_name: "dns.google"
+## Adguard Default servers
+#  - address_data: 2a00:5a60::ad1:0ff
+#    tls_auth_name: "dns.adguard.com"
+#  - address_data: 2a00:5a60::ad2:0ff
+#    tls_auth_name: "dns.adguard.com"
+## Adguard Family Protection servers
+#  - address_data: 2a00:5a60::bad1:0ff
+#    tls_auth_name: "dns-family.adguard.com"
+#  - address_data: 2a00:5a60::bad2:0ff
+#    tls_auth_name: "dns-family.adguard.com"
 ### Test servers ###
 ## The Uncensored DNS server
 #  - address_data: 2a01:3a0:53:53::0