Merge branch '913-allow-update-v9_14' into 'v9_14'

restore inheritance of 'allow-update' and 'allow-update-forwarding'

See merge request isc-projects/bind9!1743

CHANGES

@@ -1,3 +1,7 @@
+5195.	[bug]		"allow-update" and "allow-update-forwarding" were
+			treated as configuration errors if used at the
+			options or view level. [GL #913]
+
 5194.	[bug]		Enforce non empty ZOMEMD hash. [GL #899]
 
 5193.	[bug]		EID and NIMLOC failed to do multi-line output

bin/named/server.c

@@ -5021,8 +5021,9 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
 
 	/*
 	 * Configure default allow-update and allow-update-forwarding ACLs,
-	 * so they can be inherited by zones.  (Note these cannot be set at
-	 * options/view level.)
+	 * so they can be inherited by zones. (XXX: These are not
+	 * read from the options/view level here. However, they may be
+	 * read from there in zoneconf.c:configure_zone_acl() later.)
 	 */
 	if (view->updateacl == NULL) {
 		CHECK(configure_view_acl(NULL, NULL, named_g_config,

bin/tests/system/checkconf/good-allow-update-forwarding-view.conf

@@ -9,6 +9,6 @@
  * information regarding copyright ownership.
  */
 
-view {
+view one {
 	allow-update-forwarding { any; };
 };

bin/tests/system/checkconf/good-allow-update-view.conf

@@ -9,6 +9,6 @@
  * information regarding copyright ownership.
  */
 
-view {
+view one {
 	allow-update { any; };
 };

doc/arm/Bv9ARM-book.xml

@@ -7051,15 +7051,21 @@ options {
 		  When set in the <command>zone</command> statement for
 		  a master zone, specifies which hosts are allowed to
 		  submit Dynamic DNS updates to that zone.  The default
-		  is to deny updates from all hosts.  This can only
-		  be set at the <command>zone</command> level, not in
-		  <command>options</command> or <command>view</command>.
+		  is to deny updates from all hosts.
 		</para>
 		<para>
 		  Note that allowing updates based on the
 		  requestor's IP address is insecure; see
 		  <xref linkend="dynamic_update_security"/> for details.
 		</para>
+		<para>
+		  In general this option should only be set at the
+		  <command>zone</command> level. While a default
+		  value can be set at the <command>options</command> or
+		  <command>view</command> level and inherited by zones,
+		  this could lead to some zones unintentionally allowing
+		  updates.
+		</para>
 	      </listitem>
 	    </varlistentry>
 
@@ -7072,9 +7078,7 @@ options {
 		  submit Dynamic DNS updates and have them be forwarded
 		  to the master.  The default is
 		  <userinput>{ none; }</userinput>, which means that no
-		  update forwarding will be performed.  This can only be
-		  set at the <command>zone</command> level, not in
-		  <command>options</command> or <command>view</command>.
+		  update forwarding will be performed.
 		</para>
 		<para>
 		  To enable update forwarding, specify
@@ -7092,6 +7096,14 @@ options {
 		  on insecure IP-address-based access control; see
 		  <xref linkend="dynamic_update_security"/> for more details.
 		</para>
+		<para>
+		  In general this option should only be set at the
+		  <command>zone</command> level. While a default
+		  value can be set at the <command>options</command> or
+		  <command>view</command> level and inherited by zones,
+		  this can lead to some zones unintentionally forwarding
+		  updates.
+		</para>
 	      </listitem>
 	    </varlistentry>
 

doc/arm/notes.xml

@@ -112,8 +112,13 @@
   <section xml:id="relnotes_bugs"><info><title>Bug Fixes</title></info>
     <itemizedlist>
       <listitem>
-	<para>
-	  None.
+        <para>
+	  The <command>allow-update</command> and
+	  <command>allow-update-forwarding</command> options were
+	  inadvertently treated as configuration errors when used at the
+	  <command>options</command> or <command>view</command> level.
+	  This has now been corrected.
+	  [GL #913]
 	</para>
       </listitem>
     </itemizedlist>

lib/bind9/check.c

@@ -484,43 +484,6 @@ check_viewacls(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions,
 	return (result);
 }
 
-static isc_result_t
-check_non_viewacls(const cfg_obj_t *voptions, const cfg_obj_t *config,
-		   isc_log_t *logctx)
-{
-	const cfg_obj_t *aclobj = NULL;
-	const cfg_obj_t *options;
-	const char *where = NULL;
-	int i;
-
-	static const char *acls[] = {
-		"allow-update", "allow-update-forwarding", NULL
-	};
-
-	for (i = 0; acls[i] != NULL; i++) {
-		if (voptions != NULL && aclobj == NULL) {
-			cfg_map_get(voptions, acls[i], &aclobj);
-			where = "view";
-		}
-		if (config != NULL && aclobj == NULL) {
-			options = NULL;
-			cfg_map_get(config, "options", &options);
-			if (options != NULL) {
-				cfg_map_get(options, acls[i], &aclobj);
-				where = "options";
-			}
-		}
-		if (aclobj != NULL) {
-			cfg_obj_log(aclobj, logctx, ISC_LOG_ERROR,
-				    "'%s' can only be set per-zone, "
-				    "not in '%s'", acls[i], where);
-			return (ISC_R_FAILURE);
-		}
-	}
-
-	return (ISC_R_SUCCESS);
-}
-
 static const unsigned char zeros[16];
 
 static isc_result_t
@@ -3740,11 +3703,6 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
 	if (tresult != ISC_R_SUCCESS)
 		result = tresult;
 
-	tresult = check_non_viewacls(voptions, config, logctx);
-	if (tresult != ISC_R_SUCCESS) {
-		result = tresult;
-	}
-
 	tresult = check_recursionacls(actx, voptions, viewname,
 				      config, logctx, mctx);
 	if (tresult != ISC_R_SUCCESS)