|
 |
9d5aef |
#!/bin/sh
|
|
|
9d5aef |
#
|
|
|
9d5aef |
# NetworkManager trigger for in dispatcher.d
|
|
|
9d5aef |
# config items
|
|
|
9d5aef |
alias unbound-control="/usr/sbin/unbound-control"
|
|
|
9d5aef |
alias dnssec-trigger-control="/usr/sbin/dnssec-trigger-control"
|
|
|
9d5aef |
alias pidof="/usr/sbin/pidof"
|
|
|
9d5aef |
alias nmcli="/usr/bin/nmcli"
|
|
|
9d5aef |
|
|
|
9d5aef |
state_dir="/var/run/dnssec-trigger"
|
|
|
9d5aef |
validate_forward_zones="no"
|
|
|
9d5aef |
|
|
|
9d5aef |
# implementation
|
|
|
9d5aef |
ifname="$1"
|
|
|
9d5aef |
action="$2"
|
|
|
9d5aef |
domains=""
|
|
|
9d5aef |
nameservers=""
|
|
|
9d5aef |
global_nameservers=""
|
|
|
9d5aef |
conn_zones_file="$state_dir/$CONNECTION_UUID"
|
|
|
9d5aef |
|
|
|
9d5aef |
################################################################
|
|
|
9d5aef |
# get domains and nameservers if provided by connection going up
|
|
|
9d5aef |
case "$action" in
|
|
|
9d5aef |
"vpn-up" )
|
|
|
9d5aef |
domains="`echo $VPN_IP4_DOMAINS $VPN_IP6_DOMAINS | tr " " "\n" | sort -u | tr "\n" " " | sed '$s/.$//'`"
|
|
|
9d5aef |
nameservers="`echo $VPN_IP4_NAMESERVERS $VPN_IP6_NAMESERVERS`"
|
|
|
9d5aef |
;;
|
|
|
9d5aef |
"up" )
|
|
|
9d5aef |
domains="`echo $IP4_DOMAINS $IP6_DOMAINS | tr " " "\n" | sort -u | tr "\n" " " | sed '$s/.$//'`"
|
|
|
9d5aef |
nameservers="`echo $IP4_NAMESERVERS $IP6_NAMESERVERS`"
|
|
|
9d5aef |
;;
|
|
|
9d5aef |
esac
|
|
|
9d5aef |
|
|
|
9d5aef |
#########################
|
|
|
9d5aef |
# get global nameservers
|
|
|
9d5aef |
if [ -x "`which $nmcli 2>&1`" ]; then
|
|
|
9d5aef |
global_nameservers="`$nmcli -f IP4,IP6 dev list | fgrep 'DNS' | awk '{print $2;}'`"
|
|
|
9d5aef |
else
|
|
|
9d5aef |
global_nameservers="`nm-tool | grep 'DNS:' | awk '{print $2;}'`"
|
|
|
9d5aef |
fi
|
|
|
9d5aef |
# fix whitespaces
|
|
|
9d5aef |
global_nameservers="`echo $global_nameservers`"
|
|
|
9d5aef |
|
|
|
9d5aef |
|
|
|
9d5aef |
############################################################
|
|
|
9d5aef |
# configure global nameservers using dnssec-trigger-control
|
|
|
9d5aef |
if [ -n "`pidof dnssec-triggerd`" ] ; then
|
|
|
9d5aef |
dnssec-trigger-control submit "$global_nameservers" &> /dev/null
|
|
|
9d5aef |
logger "dnssec-trigger-hook(networkmanager) $ifname $action added global DNS $global_nameservers"
|
|
|
9d5aef |
else
|
|
|
9d5aef |
logger "dnssec-trigger-hook(networkmanager) $ifname $action NOT added global DNS - dnssec-triggerd is not running"
|
|
|
9d5aef |
fi
|
|
|
9d5aef |
|
|
|
9d5aef |
######################################################
|
|
|
9d5aef |
# add forward zones into unbound using unbound-control
|
|
|
9d5aef |
if [ -n "`pidof unbound`" ]; then
|
|
|
9d5aef |
if [ -r "$conn_zones_file" ]; then
|
|
|
9d5aef |
for domain in `cat $conn_zones_file`; do
|
|
|
9d5aef |
# Remove forward zone from unbound
|
|
|
9d5aef |
if [ "$validate_forward_zones" == "no" ]; then
|
|
|
9d5aef |
unbound-control forward_remove +i $domain &> /dev/null
|
|
|
9d5aef |
else
|
|
|
9d5aef |
unbound-control forward_remove $domain &> /dev/null
|
|
|
9d5aef |
fi
|
|
|
9d5aef |
unbound-control flush_zone $domain &> /dev/null
|
|
|
9d5aef |
unbound-control flush_requestlist &> /dev/null
|
|
|
9d5aef |
|
|
|
9d5aef |
logger "dnssec-trigger-hook(networkmanager) $ifname $action removed forward DNS zone $domain"
|
|
|
9d5aef |
done
|
|
|
9d5aef |
|
|
|
9d5aef |
# Remove file with zones for this connection
|
|
|
9d5aef |
rm -f $conn_zones_file &> /dev/null
|
|
|
9d5aef |
fi
|
|
|
9d5aef |
|
|
|
9d5aef |
if [ "$action" == "vpn-up" ] || [ "$action" == "up" ]; then
|
|
|
9d5aef |
if [ -n "$domains" ]; then
|
|
|
9d5aef |
for domain in $domains; do
|
|
|
9d5aef |
# Add forward zone into unbound
|
|
|
9d5aef |
if [ "$validate_forward_zones" == "no" ]; then
|
|
|
9d5aef |
unbound-control forward_add +i $domain $nameservers &> /dev/null
|
|
|
9d5aef |
else
|
|
|
9d5aef |
unbound-control forward_add $domain $nameservers &> /dev/null
|
|
|
9d5aef |
fi
|
|
|
9d5aef |
unbound-control flush_zone $domain &> /dev/null
|
|
|
9d5aef |
unbound-control flush_requestlist &> /dev/null
|
|
|
9d5aef |
|
|
|
9d5aef |
# Create zone info file
|
|
|
9d5aef |
echo $domain >> $conn_zones_file
|
|
|
9d5aef |
|
|
|
9d5aef |
logger "dnssec-trigger-hook(networkmanager) $ifname $action added forward DNS zone $domain $nameservers"
|
|
|
9d5aef |
done
|
|
|
9d5aef |
fi
|
|
|
9d5aef |
fi
|
|
|
9d5aef |
else
|
|
|
9d5aef |
logger "dnssec-trigger-hook(networkmanager) $ifname $action NOT added forward DNS zone(s) - unbound is not running"
|
|
|
9d5aef |
fi
|
|
|
9d5aef |
|
|
|
9d5aef |
exit 0
|