diff options
| author | dougb <dougb@FreeBSD.org> | 2009-05-31 00:11:36 +0000 |
|---|---|---|
| committer | dougb <dougb@FreeBSD.org> | 2009-05-31 00:11:36 +0000 |
| commit | fd553238c94c3abfef11bfdfc5cb05b32cbe5f76 (patch) | |
| tree | 72d567a9bc3fb8adcfcbaa9baedc122d53071209 /lib/bind9 | |
| parent | d342cb576b0154d48c90bc32e251331282264cd4 (diff) | |
| download | FreeBSD-src-fd553238c94c3abfef11bfdfc5cb05b32cbe5f76.zip FreeBSD-src-fd553238c94c3abfef11bfdfc5cb05b32cbe5f76.tar.gz | |
Vendor import of BIND 9.6.1rc1
Diffstat (limited to 'lib/bind9')
| -rw-r--r-- | lib/bind9/Makefile.in | 6 | ||||
| -rw-r--r-- | lib/bind9/api | 6 | ||||
| -rw-r--r-- | lib/bind9/check.c | 432 | ||||
| -rw-r--r-- | lib/bind9/getaddresses.c | 6 | ||||
| -rw-r--r-- | lib/bind9/include/Makefile.in | 6 | ||||
| -rw-r--r-- | lib/bind9/include/bind9/Makefile.in | 6 | ||||
| -rw-r--r-- | lib/bind9/include/bind9/check.h | 8 | ||||
| -rw-r--r-- | lib/bind9/include/bind9/getaddresses.h | 12 | ||||
| -rw-r--r-- | lib/bind9/include/bind9/version.h | 8 | ||||
| -rw-r--r-- | lib/bind9/version.c | 6 |
10 files changed, 364 insertions, 132 deletions
diff --git a/lib/bind9/Makefile.in b/lib/bind9/Makefile.in index 270e9ae..7c1e5b0 100644 --- a/lib/bind9/Makefile.in +++ b/lib/bind9/Makefile.in @@ -1,7 +1,7 @@ -# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2001 Internet Software Consortium. # -# Permission to use, copy, modify, and distribute this software for any +# Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.4.18.5 2004/12/10 00:11:50 marka Exp $ +# $Id: Makefile.in,v 1.11 2007/06/19 23:47:16 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ diff --git a/lib/bind9/api b/lib/bind9/api index 3a74aee..39934b4 100644 --- a/lib/bind9/api +++ b/lib/bind9/api @@ -1,3 +1,3 @@ -LIBINTERFACE = 31 -LIBREVISION = 1 -LIBAGE = 1 +LIBINTERFACE = 50 +LIBREVISION = 2 +LIBAGE = 0 diff --git a/lib/bind9/check.c b/lib/bind9/check.c index 2967650..800cbf9 100644 --- a/lib/bind9/check.c +++ b/lib/bind9/check.c @@ -1,5 +1,5 @@ /* - * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001-2003 Internet Software Consortium. * * Permission to use, copy, modify, and/or distribute this software for any @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: check.c,v 1.44.18.41 2008/03/29 23:46:10 tbox Exp $ */ +/* $Id: check.c,v 1.95.12.3 2009/02/17 03:43:07 marka Exp $ */ /*! \file */ @@ -46,10 +46,6 @@ #include <bind9/check.h> -#ifndef DNS_RDATASET_FIXED -#define DNS_RDATASET_FIXED 1 -#endif - static void freekey(char *key, unsigned int type, isc_symvalue_t value, void *userarg) { UNUSED(type); @@ -128,7 +124,8 @@ check_orderent(const cfg_obj_t *ent, isc_log_t *logctx) { } else if (strcasecmp(cfg_obj_asstring(obj), "fixed") == 0) { #if !DNS_RDATASET_FIXED cfg_obj_log(obj, logctx, ISC_LOG_WARNING, - "rrset-order: order 'fixed' not fully implemented"); + "rrset-order: order 'fixed' was disabled at " + "compilation time"); #endif } else if (strcasecmp(cfg_obj_asstring(obj), "random") != 0 && strcasecmp(cfg_obj_asstring(obj), "cyclic") != 0) { @@ -390,7 +387,8 @@ checkacl(const char *aclname, cfg_aclconfctx_t *actx, const cfg_obj_t *zconfig, } if (aclobj == NULL) return (ISC_R_SUCCESS); - result = cfg_acl_fromconfig(aclobj, config, logctx, actx, mctx, &acl); + result = cfg_acl_fromconfig(aclobj, config, logctx, + actx, mctx, 0, &acl); if (acl != NULL) dns_acl_detach(&acl); return (result); @@ -403,9 +401,10 @@ check_viewacls(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions, isc_result_t result = ISC_R_SUCCESS, tresult; int i = 0; - static const char *acls[] = { "allow-query", "allow-query-cache", - "allow-recursion", "blackhole", "match-clients", - "match-destinations", "sortlist", NULL }; + static const char *acls[] = { "allow-query", "allow-query-on", + "allow-query-cache", "allow-query-cache-on", + "blackhole", "match-clients", "match-destinations", + "sortlist", NULL }; while (acls[i] != NULL) { tresult = checkacl(acls[i++], actx, NULL, voptions, config, @@ -416,6 +415,81 @@ check_viewacls(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions, return (result); } +/* + * Check allow-recursion and allow-recursion-on acls, and also log a + * warning if they're inconsistent with the "recursion" option. + */ +static isc_result_t +check_recursionacls(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions, + const char *viewname, const cfg_obj_t *config, + isc_log_t *logctx, isc_mem_t *mctx) +{ + const cfg_obj_t *options, *aclobj, *obj = NULL; + dns_acl_t *acl = NULL; + isc_result_t result = ISC_R_SUCCESS, tresult; + isc_boolean_t recursion; + const char *forview = " for view "; + int i = 0; + + static const char *acls[] = { "allow-recursion", "allow-recursion-on", + NULL }; + + if (voptions != NULL) + cfg_map_get(voptions, "recursion", &obj); + if (obj == NULL && config != NULL) { + options = NULL; + cfg_map_get(config, "options", &options); + if (options != NULL) + cfg_map_get(options, "recursion", &obj); + } + if (obj == NULL) + recursion = ISC_TRUE; + else + recursion = cfg_obj_asboolean(obj); + + if (viewname == NULL) { + viewname = ""; + forview = ""; + } + + for (i = 0; acls[i] != NULL; i++) { + aclobj = options = NULL; + acl = NULL; + + if (voptions != NULL) + cfg_map_get(voptions, acls[i], &aclobj); + if (config != NULL && aclobj == NULL) { + options = NULL; + cfg_map_get(config, "options", &options); + if (options != NULL) + cfg_map_get(options, acls[i], &aclobj); + } + if (aclobj == NULL) + continue; + + tresult = cfg_acl_fromconfig(aclobj, config, logctx, + actx, mctx, 0, &acl); + + if (tresult != ISC_R_SUCCESS) + result = tresult; + + if (acl == NULL) + continue; + + if (recursion == ISC_FALSE && !dns_acl_isnone(acl)) { + cfg_obj_log(aclobj, logctx, ISC_LOG_WARNING, + "both \"recursion no;\" and " + "\"%s\" active%s%s", + acls[i], forview, viewname); + } + + if (acl != NULL) + dns_acl_detach(&acl); + } + + return (result); +} + typedef struct { const char *name; unsigned int scale; @@ -428,6 +502,7 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx) { isc_result_t tresult; unsigned int i; const cfg_obj_t *obj = NULL; + const cfg_obj_t *resignobj = NULL; const cfg_listelt_t *element; isc_symtab_t *symtab = NULL; dns_fixedname_t fixed; @@ -443,7 +518,6 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx) { { "max-transfer-idle-out", 60, 28 * 24 * 60 }, /* 28 days */ { "max-transfer-time-in", 60, 28 * 24 * 60 }, /* 28 days */ { "max-transfer-time-out", 60, 28 * 24 * 60 }, /* 28 days */ - { "sig-validity-interval", 86400, 10 * 366 }, /* 10 years */ { "statistics-interval", 60, 28 * 24 * 60 }, /* 28 days */ }; @@ -471,6 +545,43 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx) { result = ISC_R_RANGE; } } + + obj = NULL; + cfg_map_get(options, "sig-validity-interval", &obj); + if (obj != NULL) { + isc_uint32_t validity, resign = 0; + + validity = cfg_obj_asuint32(cfg_tuple_get(obj, "validity")); + resignobj = cfg_tuple_get(obj, "re-sign"); + if (!cfg_obj_isvoid(resignobj)) + resign = cfg_obj_asuint32(resignobj); + + if (validity > 3660 || validity == 0) { /* 10 years */ + cfg_obj_log(obj, logctx, ISC_LOG_ERROR, + "%s '%u' is out of range (1..3660)", + "sig-validity-interval", validity); + result = ISC_R_RANGE; + } + + if (!cfg_obj_isvoid(resignobj)) { + if (resign > 3660 || resign == 0) { /* 10 years */ + cfg_obj_log(obj, logctx, ISC_LOG_ERROR, + "%s '%u' is out of range (1..3660)", + "sig-validity-interval (re-sign)", + validity); + result = ISC_R_RANGE; + } else if ((validity > 7 && validity < resign) || + (validity <= 7 && validity * 24 < resign)) { + cfg_obj_log(obj, logctx, ISC_LOG_ERROR, + "validity interval (%u days) " + "less than re-signing interval " + "(%u %s)", validity, resign, + (validity > 7) ? "days" : "hours"); + result = ISC_R_RANGE; + } + } + } + obj = NULL; (void)cfg_map_get(options, "preferred-glue", &obj); if (obj != NULL) { @@ -483,6 +594,7 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx) { "preferred-glue unexpected value '%s'", str); } + obj = NULL; (void)cfg_map_get(options, "root-delegation-only", &obj); if (obj != NULL) { @@ -543,7 +655,7 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx) { (void)cfg_map_get(options, "dnssec-lookaside", &obj); if (obj != NULL) { tresult = isc_symtab_create(mctx, 100, freekey, mctx, - ISC_TRUE, &symtab); + ISC_FALSE, &symtab); if (tresult != ISC_R_SUCCESS) result = tresult; for (element = cfg_list_first(obj); @@ -680,6 +792,19 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx) { } } + /* + * Check that server-id is not too long. + * 1024 bytes should be big enough. + */ + obj = NULL; + (void)cfg_map_get(options, "server-id", &obj); + if (obj != NULL && cfg_obj_isstring(obj) && + strlen(cfg_obj_asstring(obj)) > 1024U) { + cfg_obj_log(obj, logctx, ISC_LOG_ERROR, + "'server-id' too big (>1024 bytes)"); + result = ISC_R_FAILURE; + } + return (result); } @@ -784,8 +909,11 @@ validate_masters(const cfg_obj_t *obj, const cfg_obj_t *config, if (new == NULL) goto cleanup; if (stackcount != 0) { + void *ptr; + + DE_CONST(stack, ptr); memcpy(new, stack, oldsize); - isc_mem_put(mctx, stack, oldsize); + isc_mem_put(mctx, ptr, oldsize); } stack = new; stackcount = newlen; @@ -798,8 +926,12 @@ validate_masters(const cfg_obj_t *obj, const cfg_obj_t *config, goto resume; } cleanup: - if (stack != NULL) - isc_mem_put(mctx, stack, stackcount * sizeof(*stack)); + if (stack != NULL) { + void *ptr; + + DE_CONST(stack, ptr); + isc_mem_put(mctx, ptr, stackcount * sizeof(*stack)); + } isc_symtab_destroy(&symtab); *countp = count; return (result); @@ -936,6 +1068,10 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions, { "max-refresh-time", SLAVEZONE | STUBZONE }, { "min-refresh-time", SLAVEZONE | STUBZONE }, { "sig-validity-interval", MASTERZONE }, + { "sig-re-signing-interval", MASTERZONE }, + { "sig-signing-nodes", MASTERZONE }, + { "sig-signing-type", MASTERZONE }, + { "sig-signing-signatures", MASTERZONE }, { "zone-statistics", MASTERZONE | SLAVEZONE | STUBZONE }, { "allow-update", MASTERZONE | CHECKACL }, { "allow-update-forwarding", SLAVEZONE | CHECKACL }, @@ -955,6 +1091,7 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions, { "check-srv-cname", MASTERZONE }, { "masterfile-format", MASTERZONE | SLAVEZONE | STUBZONE | HINTZONE }, { "update-check-ksk", MASTERZONE }, + { "try-tcp-refresh", SLAVEZONE }, }; static optionstable dialups[] = { @@ -1020,7 +1157,7 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions, /* * Look for an already existing zone. - * We need to make this cannonical as isc_symtab_define() + * We need to make this canonical as isc_symtab_define() * deals with strings. */ dns_fixedname_init(&fixedname); @@ -1125,6 +1262,17 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions, } else if (res2 == ISC_R_SUCCESS && check_update_policy(obj, logctx) != ISC_R_SUCCESS) result = ISC_R_FAILURE; + obj = NULL; + res1 = cfg_map_get(zoptions, "sig-signing-type", &obj); + if (res1 == ISC_R_SUCCESS) { + isc_uint32_t type = cfg_obj_asuint32(obj); + if (type < 0xff00U || type > 0xffffU) + cfg_obj_log(obj, logctx, ISC_LOG_ERROR, + "sig-signing-type: %u out of " + "range [%u..%u]", type, + 0xff00U, 0xffffU); + result = ISC_R_FAILURE; + } } /* @@ -1297,27 +1445,56 @@ bind9_check_key(const cfg_obj_t *key, isc_log_t *logctx) { return (ISC_R_SUCCESS); } +/* + * Check key list for duplicates key names and that the key names + * are valid domain names as these keys are used for TSIG. + * + * Check the key contents for validity. + */ static isc_result_t -check_keylist(const cfg_obj_t *keys, isc_symtab_t *symtab, isc_log_t *logctx) { +check_keylist(const cfg_obj_t *keys, isc_symtab_t *symtab, + isc_mem_t *mctx, isc_log_t *logctx) +{ + char namebuf[DNS_NAME_FORMATSIZE]; + dns_fixedname_t fname; + dns_name_t *name; isc_result_t result = ISC_R_SUCCESS; isc_result_t tresult; const cfg_listelt_t *element; + dns_fixedname_init(&fname); + name = dns_fixedname_name(&fname); for (element = cfg_list_first(keys); element != NULL; element = cfg_list_next(element)) { const cfg_obj_t *key = cfg_listelt_value(element); - const char *keyname = cfg_obj_asstring(cfg_map_getname(key)); + const char *keyid = cfg_obj_asstring(cfg_map_getname(key)); isc_symvalue_t symvalue; + isc_buffer_t b; + char *keyname; + isc_buffer_init(&b, keyid, strlen(keyid)); + isc_buffer_add(&b, strlen(keyid)); + tresult = dns_name_fromtext(name, &b, dns_rootname, + ISC_FALSE, NULL); + if (tresult != ISC_R_SUCCESS) { + cfg_obj_log(key, logctx, ISC_LOG_ERROR, + "key '%s': bad key name", keyid); + result = tresult; + continue; + } tresult = bind9_check_key(key, logctx); if (tresult != ISC_R_SUCCESS) return (tresult); + dns_name_format(name, namebuf, sizeof(namebuf)); + keyname = isc_mem_strdup(mctx, namebuf); + if (keyname == NULL) + return (ISC_R_NOMEMORY); symvalue.as_cpointer = key; - tresult = isc_symtab_define(symtab, keyname, 1, - symvalue, isc_symexists_reject); + tresult = isc_symtab_define(symtab, keyname, 1, symvalue, + isc_symexists_reject); if (tresult == ISC_R_EXISTS) { const char *file; unsigned int line; @@ -1332,10 +1509,13 @@ check_keylist(const cfg_obj_t *keys, isc_symtab_t *symtab, isc_log_t *logctx) { cfg_obj_log(key, logctx, ISC_LOG_ERROR, "key '%s': already exists " "previous definition: %s:%u", - keyname, file, line); + keyid, file, line); + isc_mem_free(mctx, keyname); result = tresult; - } else if (tresult != ISC_R_SUCCESS) + } else if (tresult != ISC_R_SUCCESS) { + isc_mem_free(mctx, keyname); return (tresult); + } } return (result); } @@ -1350,18 +1530,60 @@ static struct { { NULL, NULL } }; +/* + * RNDC keys are not normalised unlike TSIG keys. + * + * "foo." is different to "foo". + */ +static isc_boolean_t +rndckey_exists(const cfg_obj_t *keylist, const char *keyname) { + const cfg_listelt_t *element; + const cfg_obj_t *obj; + const char *str; + + if (keylist == NULL) + return (ISC_FALSE); + + for (element = cfg_list_first(keylist); + element != NULL; + element = cfg_list_next(element)) + { + obj = cfg_listelt_value(element); + str = cfg_obj_asstring(cfg_map_getname(obj)); + if (!strcasecmp(str, keyname)) + return (ISC_TRUE); + } + return (ISC_FALSE); +} + static isc_result_t -check_servers(const cfg_obj_t *servers, isc_log_t *logctx) { +check_servers(const cfg_obj_t *config, const cfg_obj_t *voptions, + isc_symtab_t *symtab, isc_log_t *logctx) +{ + dns_fixedname_t fname; isc_result_t result = ISC_R_SUCCESS; isc_result_t tresult; const cfg_listelt_t *e1, *e2; - const cfg_obj_t *v1, *v2; + const cfg_obj_t *v1, *v2, *keys; + const cfg_obj_t *servers; isc_netaddr_t n1, n2; unsigned int p1, p2; const cfg_obj_t *obj; char buf[ISC_NETADDR_FORMATSIZE]; + char namebuf[DNS_NAME_FORMATSIZE]; const char *xfr; + const char *keyval; + isc_buffer_t b; int source; + dns_name_t *keyname; + + servers = NULL; + if (voptions != NULL) + (void)cfg_map_get(voptions, "server", &servers); + if (servers == NULL) + (void)cfg_map_get(config, "server", &servers); + if (servers == NULL) + return (ISC_R_SUCCESS); for (e1 = cfg_list_first(servers); e1 != NULL; e1 = cfg_list_next(e1)) { v1 = cfg_listelt_value(e1); @@ -1389,8 +1611,8 @@ check_servers(const cfg_obj_t *servers, isc_log_t *logctx) { if (obj != NULL) { isc_netaddr_format(&n1, buf, sizeof(buf)); cfg_obj_log(v1, logctx, ISC_LOG_ERROR, - "server '%s': %s not legal", - buf, xfr); + "server '%s/%u': %s not legal", + buf, p1, xfr); result = ISC_R_FAILURE; } } while (sources[++source].v4 != NULL); @@ -1413,15 +1635,42 @@ check_servers(const cfg_obj_t *servers, isc_log_t *logctx) { result = ISC_R_FAILURE; } } + keys = NULL; + cfg_map_get(v1, "keys", &keys); + if (keys != NULL) { + /* + * Normalize key name. + */ + keyval = cfg_obj_asstring(keys); + dns_fixedname_init(&fname); + isc_buffer_init(&b, keyval, strlen(keyval)); + isc_buffer_add(&b, strlen(keyval)); + keyname = dns_fixedname_name(&fname); + tresult = dns_name_fromtext(keyname, &b, dns_rootname, + ISC_FALSE, NULL); + if (tresult != ISC_R_SUCCESS) { + cfg_obj_log(keys, logctx, ISC_LOG_ERROR, + "bad key name '%s'", keyval); + result = ISC_R_FAILURE; + continue; + } + dns_name_format(keyname, namebuf, sizeof(namebuf)); + tresult = isc_symtab_lookup(symtab, namebuf, 1, NULL); + if (tresult != ISC_R_SUCCESS) { + cfg_obj_log(keys, logctx, ISC_LOG_ERROR, + "unknown key '%s'", keyval); + result = ISC_R_FAILURE; + } + } } return (result); } static isc_result_t check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions, - dns_rdataclass_t vclass, isc_log_t *logctx, isc_mem_t *mctx) + const char *viewname, dns_rdataclass_t vclass, + isc_log_t *logctx, isc_mem_t *mctx) { - const cfg_obj_t *servers = NULL; const cfg_obj_t *zones = NULL; const cfg_obj_t *keys = NULL; const cfg_listelt_t *element; @@ -1464,37 +1713,6 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions, isc_symtab_destroy(&symtab); /* - * Check that all key statements are syntactically correct and - * there are no duplicate keys. - */ - tresult = isc_symtab_create(mctx, 100, NULL, NULL, ISC_TRUE, &symtab); - if (tresult != ISC_R_SUCCESS) - return (ISC_R_NOMEMORY); - - (void)cfg_map_get(config, "key", &keys); - tresult = check_keylist(keys, symtab, logctx); - if (tresult == ISC_R_EXISTS) - result = ISC_R_FAILURE; - else if (tresult != ISC_R_SUCCESS) { - isc_symtab_destroy(&symtab); - return (tresult); - } - - if (voptions != NULL) { - keys = NULL; - (void)cfg_map_get(voptions, "key", &keys); - tresult = check_keylist(keys, symtab, logctx); - if (tresult == ISC_R_EXISTS) - result = ISC_R_FAILURE; - else if (tresult != ISC_R_SUCCESS) { - isc_symtab_destroy(&symtab); - return (tresult); - } - } - - isc_symtab_destroy(&symtab); - - /* * Check that forwarding is reasonable. */ if (voptions == NULL) { @@ -1508,6 +1726,7 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions, if (check_forward(voptions, NULL, logctx) != ISC_R_SUCCESS) result = ISC_R_FAILURE; } + /* * Check that dual-stack-servers is reasonable. */ @@ -1530,14 +1749,45 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions, result = ISC_R_FAILURE; } + /* + * Check that all key statements are syntactically correct and + * there are no duplicate keys. + */ + tresult = isc_symtab_create(mctx, 100, freekey, mctx, + ISC_FALSE, &symtab); + if (tresult != ISC_R_SUCCESS) + return (ISC_R_NOMEMORY); + + (void)cfg_map_get(config, "key", &keys); + tresult = check_keylist(keys, symtab, mctx, logctx); + if (tresult == ISC_R_EXISTS) + result = ISC_R_FAILURE; + else if (tresult != ISC_R_SUCCESS) { + isc_symtab_destroy(&symtab); + return (tresult); + } + if (voptions != NULL) { - (void)cfg_map_get(voptions, "server", &servers); - if (servers != NULL && - check_servers(servers, logctx) != ISC_R_SUCCESS) + keys = NULL; + (void)cfg_map_get(voptions, "key", &keys); + tresult = check_keylist(keys, symtab, mctx, logctx); + if (tresult == ISC_R_EXISTS) result = ISC_R_FAILURE; + else if (tresult != ISC_R_SUCCESS) { + isc_symtab_destroy(&symtab); + return (tresult); + } } /* + * Global servers can refer to keys in views. + */ + if (check_servers(config, voptions, symtab, logctx) != ISC_R_SUCCESS) + result = ISC_R_FAILURE; + + isc_symtab_destroy(&symtab); + + /* * Check that dnssec-enable/dnssec-validation are sensible. */ obj = NULL; @@ -1575,6 +1825,11 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions, if (tresult != ISC_R_SUCCESS) result = tresult; + tresult = check_recursionacls(&actx, voptions, viewname, + config, logctx, mctx); + if (tresult != ISC_R_SUCCESS) + result = tresult; + cfg_aclconfctx_destroy(&actx); return (result); @@ -1698,33 +1953,14 @@ bind9_check_logging(const cfg_obj_t *config, isc_log_t *logctx, } static isc_result_t -key_exists(const cfg_obj_t *keylist, const char *keyname) { - const cfg_listelt_t *element; - const char *str; - const cfg_obj_t *obj; - - if (keylist == NULL) - return (ISC_R_NOTFOUND); - for (element = cfg_list_first(keylist); - element != NULL; - element = cfg_list_next(element)) - { - obj = cfg_listelt_value(element); - str = cfg_obj_asstring(cfg_map_getname(obj)); - if (strcasecmp(str, keyname) == 0) - return (ISC_R_SUCCESS); - } - return (ISC_R_NOTFOUND); -} - -static isc_result_t bind9_check_controlskeys(const cfg_obj_t *control, const cfg_obj_t *keylist, isc_log_t *logctx) { - isc_result_t result = ISC_R_SUCCESS, tresult; + isc_result_t result = ISC_R_SUCCESS; const cfg_obj_t *control_keylist; const cfg_listelt_t *element; const cfg_obj_t *key; + const char *keyval; control_keylist = cfg_tuple_get(control, "keys"); if (cfg_obj_isvoid(control_keylist)) @@ -1735,11 +1971,12 @@ bind9_check_controlskeys(const cfg_obj_t *control, const cfg_obj_t *keylist, element = cfg_list_next(element)) { key = cfg_listelt_value(element); - tresult = key_exists(keylist, cfg_obj_asstring(key)); - if (tresult != ISC_R_SUCCESS) { + keyval = cfg_obj_asstring(key); + + if (!rndckey_exists(keylist, keyval)) { cfg_obj_log(key, logctx, ISC_LOG_ERROR, - "unknown key '%s'", cfg_obj_asstring(key)); - result = tresult; + "unknown key '%s'", keyval); + result = ISC_R_NOTFOUND; } } return (result); @@ -1791,7 +2028,7 @@ bind9_check_controls(const cfg_obj_t *config, isc_log_t *logctx, control = cfg_listelt_value(element2); allow = cfg_tuple_get(control, "allow"); tresult = cfg_acl_fromconfig(allow, config, logctx, - &actx, mctx, &acl); + &actx, mctx, 0, &acl); if (acl != NULL) dns_acl_detach(&acl); if (tresult != ISC_R_SUCCESS) @@ -1847,7 +2084,6 @@ bind9_check_namedconf(const cfg_obj_t *config, isc_log_t *logctx, isc_mem_t *mctx) { const cfg_obj_t *options = NULL; - const cfg_obj_t *servers = NULL; const cfg_obj_t *views = NULL; const cfg_obj_t *acls = NULL; const cfg_obj_t *kals = NULL; @@ -1866,11 +2102,6 @@ bind9_check_namedconf(const cfg_obj_t *config, isc_log_t *logctx, check_options(options, logctx, mctx) != ISC_R_SUCCESS) result = ISC_R_FAILURE; - (void)cfg_map_get(config, "server", &servers); - if (servers != NULL && - check_servers(servers, logctx) != ISC_R_SUCCESS) - result = ISC_R_FAILURE; - if (bind9_check_logging(config, logctx, mctx) != ISC_R_SUCCESS) result = ISC_R_FAILURE; @@ -1888,7 +2119,7 @@ bind9_check_namedconf(const cfg_obj_t *config, isc_log_t *logctx, result = ISC_R_FAILURE; if (views == NULL) { - if (check_viewconf(config, NULL, dns_rdataclass_in, + if (check_viewconf(config, NULL, NULL, dns_rdataclass_in, logctx, mctx) != ISC_R_SUCCESS) result = ISC_R_FAILURE; } else { @@ -1960,7 +2191,7 @@ bind9_check_namedconf(const cfg_obj_t *config, isc_log_t *logctx, } } if (tresult == ISC_R_SUCCESS) - tresult = check_viewconf(config, voptions, + tresult = check_viewconf(config, voptions, key, vclass, logctx, mctx); if (tresult != ISC_R_SUCCESS) result = ISC_R_FAILURE; @@ -1979,8 +2210,9 @@ bind9_check_namedconf(const cfg_obj_t *config, isc_log_t *logctx, } } - tresult = cfg_map_get(config, "acl", &acls); - if (tresult == ISC_R_SUCCESS) { + cfg_map_get(config, "acl", &acls); + + if (acls != NULL) { const cfg_listelt_t *elt; const cfg_listelt_t *elt2; const char *aclname; @@ -1989,6 +2221,7 @@ bind9_check_namedconf(const cfg_obj_t *config, isc_log_t *logctx, elt != NULL; elt = cfg_list_next(elt)) { const cfg_obj_t *acl = cfg_listelt_value(elt); + unsigned int line = cfg_obj_line(acl); unsigned int i; aclname = cfg_obj_asstring(cfg_tuple_get(acl, "name")); @@ -2013,7 +2246,6 @@ bind9_check_namedconf(const cfg_obj_t *config, isc_log_t *logctx, "name")); if (strcasecmp(aclname, name) == 0) { const char *file = cfg_obj_file(acl); - unsigned int line = cfg_obj_line(acl); if (file == NULL) file = "<unknown file>"; diff --git a/lib/bind9/getaddresses.c b/lib/bind9/getaddresses.c index b6edce0..a75e14e 100644 --- a/lib/bind9/getaddresses.c +++ b/lib/bind9/getaddresses.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001, 2002 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: getaddresses.c,v 1.15.18.5 2005/10/14 01:28:24 marka Exp $ */ +/* $Id: getaddresses.c,v 1.22 2007/06/19 23:47:16 tbox Exp $ */ /*! \file */ diff --git a/lib/bind9/include/Makefile.in b/lib/bind9/include/Makefile.in index 6c6611e..65eecb0 100644 --- a/lib/bind9/include/Makefile.in +++ b/lib/bind9/include/Makefile.in @@ -1,7 +1,7 @@ -# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2001 Internet Software Consortium. # -# Permission to use, copy, modify, and distribute this software for any +# Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.2 2004/03/05 05:09:08 marka Exp $ +# $Id: Makefile.in,v 1.4 2007/06/19 23:47:16 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ diff --git a/lib/bind9/include/bind9/Makefile.in b/lib/bind9/include/bind9/Makefile.in index 8ef5c32..8abfaf6 100644 --- a/lib/bind9/include/bind9/Makefile.in +++ b/lib/bind9/include/bind9/Makefile.in @@ -1,7 +1,7 @@ -# Copyright (C) 2004 Internet Systems Consortium, Inc. ("ISC") +# Copyright (C) 2004, 2007 Internet Systems Consortium, Inc. ("ISC") # Copyright (C) 2001 Internet Software Consortium. # -# Permission to use, copy, modify, and distribute this software for any +# Permission to use, copy, modify, and/or distribute this software for any # purpose with or without fee is hereby granted, provided that the above # copyright notice and this permission notice appear in all copies. # @@ -13,7 +13,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.6 2004/03/05 05:09:10 marka Exp $ +# $Id: Makefile.in,v 1.8 2007/06/19 23:47:16 tbox Exp $ srcdir = @srcdir@ VPATH = @srcdir@ diff --git a/lib/bind9/include/bind9/check.h b/lib/bind9/include/bind9/check.h index 25a8e0c..1647568 100644 --- a/lib/bind9/include/bind9/check.h +++ b/lib/bind9/include/bind9/check.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: check.h,v 1.2.18.4 2006/03/02 00:37:21 marka Exp $ */ +/* $Id: check.h,v 1.9 2007/06/19 23:47:16 tbox Exp $ */ #ifndef BIND9_CHECK_H #define BIND9_CHECK_H 1 -/*! \file */ +/*! \file bind9/check.h */ #include <isc/lang.h> #include <isc/types.h> diff --git a/lib/bind9/include/bind9/getaddresses.h b/lib/bind9/include/bind9/getaddresses.h index e6d030d..736feb6 100644 --- a/lib/bind9/include/bind9/getaddresses.h +++ b/lib/bind9/include/bind9/getaddresses.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,12 +15,12 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: getaddresses.h,v 1.3.18.2 2005/04/29 00:15:48 marka Exp $ */ +/* $Id: getaddresses.h,v 1.9.332.2 2009/01/18 23:47:35 tbox Exp $ */ #ifndef BIND9_GETADDRESSES_H #define BIND9_GETADDRESSES_H 1 -/*! \file */ +/*! \file bind9/getaddresses.h */ #include <isc/lang.h> #include <isc/types.h> @@ -40,7 +40,7 @@ bind9_getaddresses(const char *hostname, in_port_t port, * first 'addrsize' are returned and the remainder silently truncated. * * This routine may block. If called by a program using the isc_app - * framework, it should be surounded by isc_app_block()/isc_app_unblock(). + * framework, it should be surrounded by isc_app_block()/isc_app_unblock(). * * Requires: *\li 'hostname' is not NULL. @@ -48,7 +48,7 @@ bind9_getaddresses(const char *hostname, in_port_t port, *\li 'addrsize' > 0 *\li 'addrcount' is not NULL. * - * + * * Returns: *\li #ISC_R_SUCCESS *\li #ISC_R_NOTFOUND diff --git a/lib/bind9/include/bind9/version.h b/lib/bind9/include/bind9/version.h index 154e240d..5b08b7c 100644 --- a/lib/bind9/include/bind9/version.h +++ b/lib/bind9/include/bind9/version.h @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,9 +15,9 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: version.h,v 1.3.18.2 2005/04/29 00:15:48 marka Exp $ */ +/* $Id: version.h,v 1.9 2007/06/19 23:47:16 tbox Exp $ */ -/*! \file */ +/*! \file bind9/version.h */ #include <isc/platform.h> diff --git a/lib/bind9/version.c b/lib/bind9/version.c index 2cc17da..d5934cc 100644 --- a/lib/bind9/version.c +++ b/lib/bind9/version.c @@ -1,8 +1,8 @@ /* - * Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC") + * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC") * Copyright (C) 2001 Internet Software Consortium. * - * Permission to use, copy, modify, and distribute this software for any + * Permission to use, copy, modify, and/or distribute this software for any * purpose with or without fee is hereby granted, provided that the above * copyright notice and this permission notice appear in all copies. * @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: version.c,v 1.4.18.2 2005/04/29 00:15:47 marka Exp $ */ +/* $Id: version.c,v 1.8 2007/06/19 23:47:16 tbox Exp $ */ /*! \file */ |
