Commit c3510ca6 authored by Ondřej Surý's avatar Ondřej Surý

Merge branch '1949-checknames' into 'main'

"check-names primary" and "check-names secondary" were ignored

Closes #1949

See merge request isc-projects/bind9!3702
parents 783e3f92 eaafae27
5443. [bug] The "primary" and "secondary" keywords, when used
as parameters for "check-names", were not
processed correctly and were being ignored. [GL #1949]
5442. [func] Add support for outgoing TCP connections in netmgr.
[GL #1958]
......
......@@ -751,22 +751,27 @@ strtoargv(isc_mem_t *mctx, char *s, unsigned int *argcp, char ***argvp) {
static void
checknames(dns_zonetype_t ztype, const cfg_obj_t **maps,
const cfg_obj_t **objp) {
const char *zone = NULL;
isc_result_t result;
switch (ztype) {
case dns_zone_slave:
case dns_zone_mirror:
zone = "slave";
result = named_checknames_get(maps, "secondary", objp);
if (result != ISC_R_SUCCESS) {
result = named_checknames_get(maps, "slave", objp);
}
break;
case dns_zone_master:
zone = "master";
result = named_checknames_get(maps, "primary", objp);
if (result != ISC_R_SUCCESS) {
result = named_checknames_get(maps, "master", objp);
}
break;
default:
INSIST(0);
ISC_UNREACHABLE();
}
result = named_checknames_get(maps, zone, objp);
INSIST(result == ISC_R_SUCCESS && objp != NULL && *objp != NULL);
}
......
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
options {
check-names primary warn;
check-names primary fail;
};
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
options {
check-names master warn;
check-names primary fail;
};
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
options {
check-names slave ignore;
check-names secondary warn;
};
......@@ -72,6 +72,8 @@ options {
recursive-clients 3000;
serial-query-rate 100;
server-id none;
check-names primary warn;
check-names secondary ignore;
max-cache-size 20000000000000;
nta-lifetime 604800;
nta-recheck 604800;
......
......@@ -19,7 +19,7 @@ options {
listen-on-v6 { none; };
recursion yes;
dnssec-validation yes;
check-names master ignore;
check-names primary ignore;
notify yes;
};
......
......@@ -126,7 +126,7 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
n=`expr $n + 1`
echo_i "check that updates to 'check-names master ignore;' succeed and are not logged ($n)"
echo_i "check that updates to 'check-names primary ignore;' succeed and are not logged ($n)"
ret=0
not=1
$NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 || ret=1
......
......@@ -2041,7 +2041,7 @@ Boolean Options
This option is used to restrict the character set and syntax of
certain domain names in master files and/or DNS responses received
from the network. The default varies according to usage area. For
``master`` zones the default is ``fail``. For ``slave`` zones the
``primary`` zones the default is ``fail``. For ``secondary`` zones the
default is ``warn``. For answers received from the network
(``response``), the default is ``ignore``.
......
......@@ -36,3 +36,7 @@ Bug Fixes
- The DS set returned by ``dns_keynode_dsset()`` was not thread-safe.
This could result in an INSIST being triggered. [GL #1926]
- The ``primary`` and ``secondary`` keywords, when used as parameters for
``check-names``, were not processed correctly and were being ignored.
[GL #1949]
......@@ -1586,6 +1586,81 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx,
}
}
obj = NULL;
(void)cfg_map_get(options, "check-names", &obj);
if (obj != NULL && !cfg_obj_islist(obj)) {
obj = NULL;
}
if (obj != NULL) {
enum { MAS = 1, PRI = 2, SLA = 4, SEC = 8 } values = 0;
for (const cfg_listelt_t *el = cfg_list_first(obj); el != NULL;
el = cfg_list_next(el))
{
const cfg_obj_t *tuple = cfg_listelt_value(el);
const cfg_obj_t *type = cfg_tuple_get(tuple, "type");
const char *keyword = cfg_obj_asstring(type);
if (strcasecmp(keyword, "primary") == 0) {
if ((values & PRI) == PRI) {
cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
"'check-names primary' "
"duplicated");
if (result == ISC_R_SUCCESS) {
result = ISC_R_FAILURE;
}
}
values |= PRI;
} else if (strcasecmp(keyword, "master") == 0) {
if ((values & MAS) == MAS) {
cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
"'check-names master' "
"duplicated");
if (result == ISC_R_SUCCESS) {
result = ISC_R_FAILURE;
}
}
values |= MAS;
} else if (strcasecmp(keyword, "secondary") == 0) {
if ((values & SEC) == SEC) {
cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
"'check-names secondary' "
"duplicated");
if (result == ISC_R_SUCCESS) {
result = ISC_R_FAILURE;
}
}
values |= SEC;
} else if (strcasecmp(keyword, "slave") == 0) {
if ((values & SLA) == SLA) {
cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
"'check-names slave' "
"duplicated");
if (result == ISC_R_SUCCESS) {
result = ISC_R_FAILURE;
}
}
values |= SLA;
}
}
if ((values & (PRI | MAS)) == (PRI | MAS)) {
cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
"'check-names' cannot take both "
"'primary' and 'master'");
if (result == ISC_R_SUCCESS) {
result = ISC_R_FAILURE;
}
}
if ((values & (SEC | SLA)) == (SEC | SLA)) {
cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
"'check-names' cannot take both "
"'secondary' and 'slave'");
if (result == ISC_R_SUCCESS) {
result = ISC_R_FAILURE;
}
}
}
return (result);
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment