summaryrefslogtreecommitdiffstats
path: root/contrib/bind9/lib/bind9/check.c
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/bind9/lib/bind9/check.c')
-rw-r--r--contrib/bind9/lib/bind9/check.c66
1 files changed, 49 insertions, 17 deletions
diff --git a/contrib/bind9/lib/bind9/check.c b/contrib/bind9/lib/bind9/check.c
index 6711f28..695a230 100644
--- a/contrib/bind9/lib/bind9/check.c
+++ b/contrib/bind9/lib/bind9/check.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2012 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2001-2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: check.c,v 1.125.14.6 2011-06-17 07:04:31 each Exp $ */
+/* $Id$ */
/*! \file */
@@ -671,8 +671,17 @@ typedef struct {
unsigned int max;
} intervaltable;
+typedef enum {
+ optlevel_config,
+ optlevel_options,
+ optlevel_view,
+ optlevel_zone
+} optlevel_t;
+
static isc_result_t
-check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx) {
+check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx,
+ optlevel_t optlevel)
+{
isc_result_t result = ISC_R_SUCCESS;
isc_result_t tresult;
unsigned int i;
@@ -844,19 +853,23 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx) {
element = cfg_list_next(element))
{
const char *dlv;
- const cfg_obj_t *anchor;
+ const cfg_obj_t *dlvobj, *anchor;
obj = cfg_listelt_value(element);
- dlv = cfg_obj_asstring(cfg_tuple_get(obj, "domain"));
anchor = cfg_tuple_get(obj, "trust-anchor");
+ dlvobj = cfg_tuple_get(obj, "domain");
+ dlv = cfg_obj_asstring(dlvobj);
/*
- * If domain is "auto" and trust anchor is missing,
- * skip remaining tests
+ * If domain is "auto" or "no" and trust anchor
+ * is missing, skip remaining tests
*/
- if (!strcmp(dlv, "auto") && cfg_obj_isvoid(anchor))
- continue;
+ if (cfg_obj_isvoid(anchor)) {
+ if (!strcasecmp(dlv, "no") ||
+ !strcasecmp(dlv, "auto"))
+ continue;
+ }
isc_buffer_init(&b, dlv, strlen(dlv));
isc_buffer_add(&b, strlen(dlv));
@@ -908,8 +921,8 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx) {
} else {
cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
"dnssec-lookaside requires "
- "either 'auto' or a domain and "
- "trust anchor");
+ "either 'auto' or 'no', or a "
+ "domain and trust anchor");
if (result == ISC_R_SUCCESS)
result = ISC_R_FAILURE;
}
@@ -920,6 +933,21 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx) {
}
/*
+ * Check auto-dnssec at the view/options level
+ */
+ obj = NULL;
+ (void)cfg_map_get(options, "auto-dnssec", &obj);
+ if (obj != NULL) {
+ const char *arg = cfg_obj_asstring(obj);
+ if (optlevel != optlevel_zone && strcasecmp(arg, "off") != 0) {
+ cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
+ "auto-dnssec may only be activated at the "
+ "zone level");
+ result = ISC_R_FAILURE;
+ }
+ }
+
+ /*
* Check dnssec-must-be-secure.
*/
obj = NULL;
@@ -1644,7 +1672,7 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
/*
* Check various options.
*/
- tresult = check_options(zoptions, logctx, mctx);
+ tresult = check_options(zoptions, logctx, mctx, optlevel_zone);
if (tresult != ISC_R_SUCCESS)
result = tresult;
@@ -2101,7 +2129,7 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
* Check that all zone statements are syntactically correct and
* there are no duplicate zones.
*/
- tresult = isc_symtab_create(mctx, 100, freekey, mctx,
+ tresult = isc_symtab_create(mctx, 1000, freekey, mctx,
ISC_FALSE, &symtab);
if (tresult != ISC_R_SUCCESS)
return (ISC_R_NOMEMORY);
@@ -2165,7 +2193,7 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
* Check that all key statements are syntactically correct and
* there are no duplicate keys.
*/
- tresult = isc_symtab_create(mctx, 100, freekey, mctx,
+ tresult = isc_symtab_create(mctx, 1000, freekey, mctx,
ISC_FALSE, &symtab);
if (tresult != ISC_R_SUCCESS)
return (ISC_R_NOMEMORY);
@@ -2277,13 +2305,16 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
result = tresult;
}
}
+
/*
* Check options.
*/
if (voptions != NULL)
- tresult = check_options(voptions, logctx, mctx);
+ tresult = check_options(voptions, logctx, mctx,
+ optlevel_view);
else
- tresult = check_options(config, logctx, mctx);
+ tresult = check_options(config, logctx, mctx,
+ optlevel_config);
if (tresult != ISC_R_SUCCESS)
result = tresult;
@@ -2574,7 +2605,8 @@ bind9_check_namedconf(const cfg_obj_t *config, isc_log_t *logctx,
(void)cfg_map_get(config, "options", &options);
if (options != NULL &&
- check_options(options, logctx, mctx) != ISC_R_SUCCESS)
+ check_options(options, logctx, mctx,
+ optlevel_options) != ISC_R_SUCCESS)
result = ISC_R_FAILURE;
if (bind9_check_logging(config, logctx, mctx) != ISC_R_SUCCESS)
OpenPOWER on IntegriCloud