mirror of
https://github.com/isc-projects/bind9.git
synced 2026-02-27 03:51:16 -05:00
"check-names primary" and "check-names secondary" were ignored
these keywords were added to the parser as synonyms for "master"
and "slave" but were never hooked in to the configuration of named,
so they were ignored. this has been fixed and the option is now
checked for correctness.
(cherry picked from commit ba31b189b4)
This commit is contained in:
Evan Hunt
Ondřej Surý
parent
98f5a27f6d
commit
dca3658720
9 changed files with 134 additions and 7 deletions
|
|
@ -730,22 +730,27 @@ strtoargv(isc_mem_t *mctx, char *s, unsigned int *argcp, char ***argvp) {
|
|||
static void
|
||||
checknames(dns_zonetype_t ztype, const cfg_obj_t **maps,
|
||||
const cfg_obj_t **objp) {
|
||||
const char *zone = NULL;
|
||||
isc_result_t result;
|
||||
|
||||
switch (ztype) {
|
||||
case dns_zone_slave:
|
||||
case dns_zone_mirror:
|
||||
zone = "slave";
|
||||
result = named_checknames_get(maps, "secondary", objp);
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
result = named_checknames_get(maps, "slave", objp);
|
||||
}
|
||||
break;
|
||||
case dns_zone_master:
|
||||
zone = "master";
|
||||
result = named_checknames_get(maps, "primary", objp);
|
||||
if (result != ISC_R_SUCCESS) {
|
||||
result = named_checknames_get(maps, "master", objp);
|
||||
}
|
||||
break;
|
||||
default:
|
||||
INSIST(0);
|
||||
ISC_UNREACHABLE();
|
||||
}
|
||||
result = named_checknames_get(maps, zone, objp);
|
||||
|
||||
INSIST(result == ISC_R_SUCCESS && objp != NULL && *objp != NULL);
|
||||
}
|
||||
|
||||
|
|
|
|||
15
bin/tests/system/checkconf/bad-checknames-primary-dup-2.conf
Normal file
15
bin/tests/system/checkconf/bad-checknames-primary-dup-2.conf
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
/*
|
||||
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*
|
||||
* See the COPYRIGHT file distributed with this work for additional
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
options {
|
||||
check-names primary warn;
|
||||
check-names primary fail;
|
||||
};
|
||||
15
bin/tests/system/checkconf/bad-checknames-primary-dup.conf
Normal file
15
bin/tests/system/checkconf/bad-checknames-primary-dup.conf
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
/*
|
||||
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*
|
||||
* See the COPYRIGHT file distributed with this work for additional
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
options {
|
||||
check-names master warn;
|
||||
check-names primary fail;
|
||||
};
|
||||
15
bin/tests/system/checkconf/bad-checknames-secondary-dup.conf
Normal file
15
bin/tests/system/checkconf/bad-checknames-secondary-dup.conf
Normal file
|
|
@ -0,0 +1,15 @@
|
|||
/*
|
||||
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
||||
*
|
||||
* This Source Code Form is subject to the terms of the Mozilla Public
|
||||
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
||||
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
|
||||
*
|
||||
* See the COPYRIGHT file distributed with this work for additional
|
||||
* information regarding copyright ownership.
|
||||
*/
|
||||
|
||||
options {
|
||||
check-names slave ignore;
|
||||
check-names secondary warn;
|
||||
};
|
||||
|
|
@ -72,6 +72,8 @@ options {
|
|||
recursive-clients 3000;
|
||||
serial-query-rate 100;
|
||||
server-id none;
|
||||
check-names primary warn;
|
||||
check-names secondary ignore;
|
||||
max-cache-size 20000000000000;
|
||||
nta-lifetime 604800;
|
||||
nta-recheck 604800;
|
||||
|
|
|
|||
|
|
@ -19,7 +19,7 @@ options {
|
|||
listen-on-v6 { none; };
|
||||
recursion yes;
|
||||
dnssec-validation yes;
|
||||
check-names master ignore;
|
||||
check-names primary ignore;
|
||||
notify yes;
|
||||
};
|
||||
|
||||
|
|
|
|||
|
|
@ -127,7 +127,7 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
|
|||
status=`expr $status + $ret`
|
||||
n=`expr $n + 1`
|
||||
|
||||
echo_i "check that updates to 'check-names master ignore;' succeed and are not logged ($n)"
|
||||
echo_i "check that updates to 'check-names primary ignore;' succeed and are not logged ($n)"
|
||||
ret=0
|
||||
not=1
|
||||
$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 || ret=1
|
||||
|
|
|
|||
|
|
@ -2051,7 +2051,7 @@ Boolean Options
|
|||
This option is used to restrict the character set and syntax of
|
||||
certain domain names in master files and/or DNS responses received
|
||||
from the network. The default varies according to usage area. For
|
||||
``master`` zones the default is ``fail``. For ``slave`` zones the
|
||||
``primary`` zones the default is ``fail``. For ``secondary`` zones the
|
||||
default is ``warn``. For answers received from the network
|
||||
(``response``), the default is ``ignore``.
|
||||
|
||||
|
|
|
|||
|
|
@ -1567,6 +1567,81 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx,
|
|||
}
|
||||
}
|
||||
|
||||
obj = NULL;
|
||||
(void)cfg_map_get(options, "check-names", &obj);
|
||||
if (obj != NULL && !cfg_obj_islist(obj)) {
|
||||
obj = NULL;
|
||||
}
|
||||
if (obj != NULL) {
|
||||
enum { MAS = 1, PRI = 2, SLA = 4, SEC = 8 } values = 0;
|
||||
for (const cfg_listelt_t *el = cfg_list_first(obj); el != NULL;
|
||||
el = cfg_list_next(el))
|
||||
{
|
||||
const cfg_obj_t *tuple = cfg_listelt_value(el);
|
||||
const cfg_obj_t *type = cfg_tuple_get(tuple, "type");
|
||||
const char *keyword = cfg_obj_asstring(type);
|
||||
if (strcasecmp(keyword, "primary") == 0) {
|
||||
if ((values & PRI) == PRI) {
|
||||
cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
|
||||
"'check-names primary' "
|
||||
"duplicated");
|
||||
if (result == ISC_R_SUCCESS) {
|
||||
result = ISC_R_FAILURE;
|
||||
}
|
||||
}
|
||||
values |= PRI;
|
||||
} else if (strcasecmp(keyword, "master") == 0) {
|
||||
if ((values & MAS) == MAS) {
|
||||
cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
|
||||
"'check-names master' "
|
||||
"duplicated");
|
||||
if (result == ISC_R_SUCCESS) {
|
||||
result = ISC_R_FAILURE;
|
||||
}
|
||||
}
|
||||
values |= MAS;
|
||||
} else if (strcasecmp(keyword, "secondary") == 0) {
|
||||
if ((values & SEC) == SEC) {
|
||||
cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
|
||||
"'check-names secondary' "
|
||||
"duplicated");
|
||||
if (result == ISC_R_SUCCESS) {
|
||||
result = ISC_R_FAILURE;
|
||||
}
|
||||
}
|
||||
values |= SEC;
|
||||
} else if (strcasecmp(keyword, "slave") == 0) {
|
||||
if ((values & SLA) == SLA) {
|
||||
cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
|
||||
"'check-names slave' "
|
||||
"duplicated");
|
||||
if (result == ISC_R_SUCCESS) {
|
||||
result = ISC_R_FAILURE;
|
||||
}
|
||||
}
|
||||
values |= SLA;
|
||||
}
|
||||
}
|
||||
|
||||
if ((values & (PRI | MAS)) == (PRI | MAS)) {
|
||||
cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
|
||||
"'check-names' cannot take both "
|
||||
"'primary' and 'master'");
|
||||
if (result == ISC_R_SUCCESS) {
|
||||
result = ISC_R_FAILURE;
|
||||
}
|
||||
}
|
||||
|
||||
if ((values & (SEC | SLA)) == (SEC | SLA)) {
|
||||
cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
|
||||
"'check-names' cannot take both "
|
||||
"'secondary' and 'slave'");
|
||||
if (result == ISC_R_SUCCESS) {
|
||||
result = ISC_R_FAILURE;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return (result);
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue