check.c 16.3 KB
Newer Older
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
/*
 * Copyright (C) 2001  Internet Software Consortium.
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
 * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
 * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
 * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
 * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

Mark Andrews's avatar
re-do:    
Mark Andrews committed
18
/* $Id: check.c,v 1.14 2002/01/14 04:15:58 marka Exp $ */
19
20
21
22
23
24
25
26

#include <config.h>

#include <stdlib.h>
#include <string.h>

#include <isc/log.h>
#include <isc/result.h>
27
#include <isc/symtab.h>
Brian Wellington's avatar
Brian Wellington committed
28
#include <isc/util.h>
29
30
31
#include <isc/region.h>

#include <dns/rdataclass.h>
32
33

#include <isccfg/cfg.h>
34
35

#include <bind9/check.h>
36

37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
static isc_result_t
check_forward(cfg_obj_t *options, isc_log_t *logctx) {
	cfg_obj_t *forward = NULL;
	cfg_obj_t *forwarders = NULL;

	(void)cfg_map_get(options, "forward", &forward);
	(void)cfg_map_get(options, "forwarders", &forwarders);

	if (forward != NULL && forwarders == NULL) {
		cfg_obj_log(forward, logctx, ISC_LOG_ERROR,
			    "no matching 'forwarders' statement");
		return (ISC_R_FAILURE);
	}
	return (ISC_R_SUCCESS);
}

53
54
55
typedef struct {
	const char *name;
	unsigned int scale;
56
	unsigned int max;
57
58
59
} intervaltable;

static isc_result_t
Mark Andrews's avatar
re-do:    
Mark Andrews committed
60
check_options(cfg_obj_t *options, isc_log_t *logctx, isc_boolean_t toplevel) {
61
62
	isc_result_t result = ISC_R_SUCCESS;
	unsigned int i;
63
	cfg_obj_t *obj = NULL;
64
65

	static intervaltable intervals[] = {
66
67
68
69
70
71
72
73
74
	{ "cleaning-interval", 60, 28 * 24 * 60 },	/* 28 days */
	{ "heartbeat-interval", 60, 28 * 24 * 60 },	/* 28 days */
	{ "interface-interval", 60, 28 * 24 * 60 },	/* 28 days */
	{ "max-transfer-idle-in", 60, 28 * 24 * 60 },	/* 28 days */
	{ "max-transfer-idle-out", 60, 28 * 24 * 60 },	/* 28 days */
	{ "max-transfer-time-in", 60, 28 * 24 * 60 },	/* 28 days */
	{ "max-transfer-time-out", 60, 28 * 24 * 60 },	/* 28 days */
	{ "sig-validity-interval", 86400, 10 * 366 },	/* 10 years */
	{ "statistics-interval", 60, 28 * 24 * 60 },	/* 28 days */
75
76
77
78
79
80
81
82
	};

	/*
	 * Check that fields specified in units of time other than seconds
	 * have reasonable values.
	 */
	for (i = 0; i < sizeof(intervals) / sizeof(intervals[0]); i++) {
		isc_uint32_t val;
83
		obj = NULL;
84
85
86
87
		(void)cfg_map_get(options, intervals[i].name, &obj);
		if (obj == NULL)
			continue;
		val = cfg_obj_asuint32(obj);
88
89
90
91
92
93
94
		if (val > intervals[i].max) {
			cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
				    "%s '%u' is out of range (0..%u)",
				    intervals[i].name, val,
				    intervals[i].max);
			result = ISC_R_RANGE;
		} else if (val > (ISC_UINT32_MAX / intervals[i].scale)) {
95
96
97
98
99
100
			cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
				    "%s '%d' is out of range",
				    intervals[i].name, val);
			result = ISC_R_RANGE;
		}
	}
101
102
103
104
	obj = NULL;
	(void)cfg_map_get(options, "also-notify", &obj);
	if (obj != NULL) {
		cfg_obj_t *addrlist = NULL;
Mark Andrews's avatar
re-do:    
Mark Andrews committed
105
		cfg_obj_t *port = NULL;
106
		addrlist = cfg_tuple_get(obj, "addresses");
Mark Andrews's avatar
re-do:    
Mark Andrews committed
107
		port = cfg_tuple_get(obj, "port");
108
		if (cfg_list_first(addrlist) == NULL) {
Mark Andrews's avatar
re-do:    
Mark Andrews committed
109
110
111
112
113
114
115
116
117
118
119
120
			if (toplevel) {
				cfg_obj_log(options, logctx, ISC_LOG_ERROR,
					    "empty 'also-notify' entry");
				if (result == ISC_R_SUCCESS)
					result = ISC_R_FAILURE;
			} else if (cfg_obj_isuint32(port)) {
				cfg_obj_log(options, logctx, ISC_LOG_ERROR,
					    "port specified with "
					    "empty 'also-notify'");
				if (result == ISC_R_SUCCESS)
					result = ISC_R_FAILURE;
			}
121
122
		}
	}
123
124
125
	return (result);
}

126
127
128
129
130
131
132
133
134
135
136
137
#define MASTERZONE	1
#define SLAVEZONE	2
#define STUBZONE	4
#define HINTZONE	8
#define FORWARDZONE	16

typedef struct {
	const char *name;
	int allowed;
} optionstable;

static isc_result_t
138
139
140
check_zoneconf(cfg_obj_t *zconfig, isc_symtab_t *symtab,
	       dns_rdataclass_t defclass, isc_log_t *logctx)
{
141
142
143
144
145
	const char *zname;
	const char *typestr;
	unsigned int ztype;
	cfg_obj_t *zoptions;
	cfg_obj_t *obj = NULL;
146
	cfg_obj_t *addrlist = NULL;
147
	isc_symvalue_t symvalue;
Brian Wellington's avatar
Brian Wellington committed
148
	isc_result_t result = ISC_R_SUCCESS;
149
	isc_result_t tresult;
150
	unsigned int i;
151
	dns_rdataclass_t zclass;
152
153
154

	static optionstable options[] = {
	{ "allow-query", MASTERZONE | SLAVEZONE | STUBZONE },
155
	{ "allow-notify", SLAVEZONE },
156
	{ "allow-transfer", MASTERZONE | SLAVEZONE },
157
158
159
160
161
162
163
	{ "notify", MASTERZONE | SLAVEZONE },
	{ "also-notify", MASTERZONE | SLAVEZONE },
	{ "dialup", MASTERZONE | SLAVEZONE | STUBZONE },
	{ "forward", MASTERZONE | SLAVEZONE | STUBZONE | FORWARDZONE},
	{ "forwarders", MASTERZONE | SLAVEZONE | STUBZONE | FORWARDZONE},
	{ "maintain-ixfr-base", MASTERZONE | SLAVEZONE },
	{ "max-ixfr-log-size", MASTERZONE | SLAVEZONE },
164
165
	{ "notify-source", MASTERZONE | SLAVEZONE },
	{ "notify-source-v6", MASTERZONE | SLAVEZONE },
166
167
	{ "transfer-source", SLAVEZONE | STUBZONE },
	{ "transfer-source-v6", SLAVEZONE | STUBZONE },
168
169
170
171
172
173
174
175
176
177
178
	{ "max-transfer-time-in", SLAVEZONE | STUBZONE },
	{ "max-transfer-time-out", MASTERZONE | SLAVEZONE },
	{ "max-transfer-idle-in", SLAVEZONE | STUBZONE },
	{ "max-transfer-idle-out", MASTERZONE | SLAVEZONE },
	{ "max-retry-time", SLAVEZONE | STUBZONE },
	{ "min-retry-time", SLAVEZONE | STUBZONE },
	{ "max-refresh-time", SLAVEZONE | STUBZONE },
	{ "min-refresh-time", SLAVEZONE | STUBZONE },
	{ "sig-validity-interval", MASTERZONE },
	{ "zone-statistics", MASTERZONE | SLAVEZONE | STUBZONE },
	{ "allow-update", MASTERZONE },
179
	{ "allow-update-forwarding", SLAVEZONE },
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
	{ "file", MASTERZONE | SLAVEZONE | STUBZONE | HINTZONE},
	{ "ixfr-base", MASTERZONE | SLAVEZONE },
	{ "ixfr-tmp-file", MASTERZONE | SLAVEZONE },
	{ "masters", SLAVEZONE | STUBZONE },
	{ "pubkey", MASTERZONE | SLAVEZONE | STUBZONE },
	{ "update-policy", MASTERZONE },
	{ "database", MASTERZONE | SLAVEZONE | STUBZONE },
	};

	static optionstable dialups[] = {
	{ "notify", MASTERZONE | SLAVEZONE },
	{ "notify-passive", SLAVEZONE },
	{ "refresh", SLAVEZONE | STUBZONE },
	{ "passive", SLAVEZONE | STUBZONE },
	};

Brian Wellington's avatar
bugs    
Brian Wellington committed
196
197
198
	zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));

	zoptions = cfg_tuple_get(zconfig, "options");
199
200

	obj = NULL;
Brian Wellington's avatar
bugs    
Brian Wellington committed
201
	(void)cfg_map_get(zoptions, "type", &obj);
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
	if (obj == NULL) {
		cfg_obj_log(zconfig, logctx, ISC_LOG_ERROR,
			    "zone '%s': type not present", zname);
		return (ISC_R_FAILURE);
	}

	typestr = cfg_obj_asstring(obj);
	if (strcasecmp(typestr, "master") == 0)
		ztype = MASTERZONE;
	else if (strcasecmp(typestr, "slave") == 0)
		ztype = SLAVEZONE;
	else if (strcasecmp(typestr, "stub") == 0)
		ztype = STUBZONE;
	else if (strcasecmp(typestr, "forward") == 0)
		ztype = FORWARDZONE;
	else if (strcasecmp(typestr, "hint") == 0)
		ztype = HINTZONE;
	else {
		cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
			    "zone '%s': invalid type %s",
			    zname, typestr);
		return (ISC_R_FAILURE);
	}

226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
	obj = cfg_tuple_get(zconfig, "class");
	if (cfg_obj_isstring(obj)) {
		isc_textregion_t r;

		DE_CONST(cfg_obj_asstring(obj), r.base);
		r.length = strlen(r.base);
		result = dns_rdataclass_fromtext(&zclass, &r);
		if (result != ISC_R_SUCCESS) {
			cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
				    "zone '%s': invalid class %s",
				    zname, r.base);
			return (ISC_R_FAILURE);
		}
		if (zclass != defclass) {
			cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
				    "zone '%s': class '%s' does not "
				    "match view/default class",
				    zname, r.base);
			return (ISC_R_FAILURE);
		}
	}

248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
	/*
	 * Look for an already existing zone.
	 */
	symvalue.as_pointer = NULL;
	tresult = isc_symtab_define(symtab, zname,
				    ztype == HINTZONE ? 1 : 2,
				    symvalue, isc_symexists_reject);
	if (tresult == ISC_R_EXISTS) {
		cfg_obj_log(zconfig, logctx, ISC_LOG_ERROR,
			    "zone '%s': already exists ", zname);
		result = ISC_R_FAILURE;
	} else if (tresult != ISC_R_SUCCESS)
		return (tresult);

	/*
	 * Look for inappropriate options for the given zone type.
	 */
265
266
267
268
269
270
271
272
273
274
275
276
277
278
	for (i = 0; i < sizeof(options) / sizeof(options[0]); i++) {
		obj = NULL;
		if ((options[i].allowed & ztype) == 0 &&
		    cfg_map_get(zoptions, options[i].name, &obj) ==
		    ISC_R_SUCCESS)
		{
			cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
				    "option '%s' is not allowed in '%s' "
				    "zone '%s'",
				    options[i].name, typestr, zname);
			result = ISC_R_FAILURE;
		}
	}

279
280
281
	/*
	 * Slave & stub zones must have a "masters" field.
	 */
282
283
284
	if (ztype == SLAVEZONE || ztype == STUBZONE) {
		obj = NULL;
		if (cfg_map_get(zoptions, "masters", &obj) != ISC_R_SUCCESS) {
285
			cfg_obj_log(zoptions, logctx, ISC_LOG_ERROR,
286
287
288
289
				    "zone '%s': missing 'masters' entry",
				    zname);
			result = ISC_R_FAILURE;
		}
290
291
292
293
294
295
296
		addrlist = cfg_tuple_get(obj, "addresses");
		if (cfg_list_first(addrlist) == NULL) {
			cfg_obj_log(zoptions, logctx, ISC_LOG_ERROR,
				    "zone '%s': empty 'masters' entry",
				    zname);
			result = ISC_R_FAILURE;
		}
297
298
	}

299
300
301
	/*
	 * Master zones can't have both "allow-update" and "update-policy".
	 */
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
	if (ztype == MASTERZONE) {
		isc_result_t res1, res2;
		obj = NULL;
		res1 = cfg_map_get(zoptions, "allow-update", &obj);
		obj = NULL;
		res2 = cfg_map_get(zoptions, "update-policy", &obj);
		if (res1 == ISC_R_SUCCESS && res2 == ISC_R_SUCCESS) {
			cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
				    "zone '%s': 'allow-update' is ignored "
				    "when 'update-policy' is present",
				    zname);
			result = ISC_R_FAILURE;
		}
	}

317
318
319
	/*
	 * Check the excessively complicated "dialup" option.
	 */
320
321
	if (ztype == MASTERZONE || ztype == SLAVEZONE || ztype == STUBZONE) {
		cfg_obj_t *dialup = NULL;
322
		(void)cfg_map_get(zoptions, "dialup", &dialup);
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
		if (dialup != NULL && cfg_obj_isstring(dialup)) {
			char *str = cfg_obj_asstring(dialup);
			for (i = 0;
			     i < sizeof(dialups) / sizeof(dialups[0]);
			     i++)
			{
				if (strcasecmp(dialups[i].name, str) != 0)
					continue;
				if ((dialups[i].allowed & ztype) == 0) {
					cfg_obj_log(obj, logctx,
						    ISC_LOG_ERROR,
						    "dialup type '%s' is not "
						    "allowed in '%s' "
						    "zone '%s'",
						    str, typestr, zname);
					result = ISC_R_FAILURE;
				}
				break;
			}
			if (i == sizeof(dialups) / sizeof(dialups[0])) {
				cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
					    "invalid dialup type '%s' in zone "
					    "'%s'", str, zname);
				result = ISC_R_FAILURE;
			}
		}
	}

351
352
353
354
355
356
	/*
	 * Check that forwarding is reasonable.
	 */
	if (check_forward(zoptions, logctx) != ISC_R_SUCCESS)
		result = ISC_R_FAILURE;

357
358
359
	/*
	 * Check various options.
	 */
Mark Andrews's avatar
re-do:    
Mark Andrews committed
360
	tresult = check_options(zoptions, logctx, ISC_FALSE);
361
362
363
	if (tresult != ISC_R_SUCCESS)
		result = tresult;

364
365
366
	return (result);
}

367
isc_result_t
368
bind9_check_key(cfg_obj_t *key, isc_log_t *logctx) {
369
370
371
372
	cfg_obj_t *algobj = NULL;
	cfg_obj_t *secretobj = NULL;
	const char *keyname = cfg_obj_asstring(cfg_map_getname(key));
	
373
374
	(void)cfg_map_get(key, "algorithm", &algobj);
	(void)cfg_map_get(key, "secret", &secretobj);
375
376
377
378
379
	if (secretobj == NULL || algobj == NULL) {
		cfg_obj_log(key, logctx, ISC_LOG_ERROR,
			    "key '%s' must have both 'secret' and "
			    "'algorithm' defined",
			    keyname);
Brian Wellington's avatar
style    
Brian Wellington committed
380
		return (ISC_R_FAILURE);
381
	}
Brian Wellington's avatar
style    
Brian Wellington committed
382
	return (ISC_R_SUCCESS);
383
}
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414

static isc_result_t
check_keylist(cfg_obj_t *keys, isc_symtab_t *symtab, isc_log_t *logctx) {
	isc_result_t result = ISC_R_SUCCESS;
	isc_result_t tresult;
	cfg_listelt_t *element;

	for (element = cfg_list_first(keys);
	     element != NULL;
	     element = cfg_list_next(element))
	{
		cfg_obj_t *key = cfg_listelt_value(element);
		const char *keyname = cfg_obj_asstring(cfg_map_getname(key));
		isc_symvalue_t symvalue;

		symvalue.as_pointer = NULL;
		tresult = isc_symtab_define(symtab, keyname, 1,
					    symvalue, isc_symexists_reject);
		if (tresult == ISC_R_EXISTS) {
			cfg_obj_log(key, logctx, ISC_LOG_ERROR,
				    "key '%s': already exists ", keyname);
			result = tresult;
		} else if (tresult != ISC_R_SUCCESS)
			return (tresult);

		tresult = bind9_check_key(key, logctx);
		if (tresult != ISC_R_SUCCESS)
			return (tresult);
	}
	return (result);
}
415
		
Brian Wellington's avatar
Brian Wellington committed
416
static isc_result_t
417
check_viewconf(cfg_obj_t *config, cfg_obj_t *vconfig, dns_rdataclass_t vclass,
418
	       isc_log_t *logctx, isc_mem_t *mctx)
419
{
Brian Wellington's avatar
Brian Wellington committed
420
421
422
	cfg_obj_t *zones = NULL;
	cfg_obj_t *keys = NULL;
	cfg_listelt_t *element;
423
	isc_symtab_t *symtab = NULL;
Brian Wellington's avatar
Brian Wellington committed
424
	isc_result_t result = ISC_R_SUCCESS;
425
	isc_result_t tresult = ISC_R_SUCCESS;
Brian Wellington's avatar
Brian Wellington committed
426

427
428
429
430
	/*
	 * Check that all zone statements are syntactically correct and
	 * there are no duplicate zones.
	 */
431
432
	tresult = isc_symtab_create(mctx, 100, NULL, NULL, ISC_TRUE, &symtab);
	if (tresult != ISC_R_SUCCESS)
433
434
		return (ISC_R_NOMEMORY);

435
436
437
438
	if (vconfig != NULL)
		(void)cfg_map_get(vconfig, "zone", &zones);
	else
		(void)cfg_map_get(config, "zone", &zones);
439

Brian Wellington's avatar
Brian Wellington committed
440
441
442
443
	for (element = cfg_list_first(zones);
	     element != NULL;
	     element = cfg_list_next(element))
	{
444
		isc_result_t tresult;
Brian Wellington's avatar
Brian Wellington committed
445
446
		cfg_obj_t *zone = cfg_listelt_value(element);

447
448
		tresult = check_zoneconf(zone, symtab, vclass, logctx);
		if (tresult != ISC_R_SUCCESS)
Brian Wellington's avatar
Brian Wellington committed
449
450
451
			result = ISC_R_FAILURE;
	}

452
453
454
455
456
457
	isc_symtab_destroy(&symtab);

	/*
	 * Check that all key statements are syntactically correct and
	 * there are no duplicate keys.
	 */
458
459
	tresult = isc_symtab_create(mctx, 100, NULL, NULL, ISC_TRUE, &symtab);
	if (tresult != ISC_R_SUCCESS)
460
461
		return (ISC_R_NOMEMORY);

462
	(void)cfg_map_get(config, "key", &keys);
463
464
465
466
467
468
469
470
471
472
473
474
475
	tresult = check_keylist(keys, symtab, logctx);
	if (tresult == ISC_R_EXISTS)
		result = ISC_R_FAILURE;
	else if (tresult != ISC_R_SUCCESS) {
		isc_symtab_destroy(&symtab);
		return (tresult);
	}
	
	if (vconfig != NULL) {
		keys = NULL;
		(void)cfg_map_get(vconfig, "key", &keys);
		tresult = check_keylist(keys, symtab, logctx);
		if (tresult == ISC_R_EXISTS)
476
			result = ISC_R_FAILURE;
477
		else if (tresult != ISC_R_SUCCESS) {
478
479
			isc_symtab_destroy(&symtab);
			return (tresult);
Brian Wellington's avatar
Brian Wellington committed
480
481
482
		}
	}

483
484
	isc_symtab_destroy(&symtab);

485
486
487
	/*
	 * Check that forwarding is reasonable.
	 */
488
	if (vconfig == NULL) {
489
		cfg_obj_t *options = NULL;
490
		(void)cfg_map_get(config, "options", &options);
491
492
493
494
495
496
497
498
		if (options != NULL)
			if (check_forward(options, logctx) != ISC_R_SUCCESS)
				result = ISC_R_FAILURE;
	} else {
		if (check_forward(vconfig, logctx) != ISC_R_SUCCESS)
			result = ISC_R_FAILURE;
	}

499
	if (vconfig != NULL)
Mark Andrews's avatar
re-do:    
Mark Andrews committed
500
		tresult = check_options(vconfig, logctx, ISC_FALSE);
501
	else
Mark Andrews's avatar
re-do:    
Mark Andrews committed
502
		tresult = check_options(config, logctx, ISC_TRUE);
503
504
505
	if (tresult != ISC_R_SUCCESS)
		result = tresult;

Brian Wellington's avatar
Brian Wellington committed
506
507
508
509
	return (result);
}


510
isc_result_t
511
bind9_check_namedconf(cfg_obj_t *config, isc_log_t *logctx, isc_mem_t *mctx) {
512
	cfg_obj_t *options = NULL;
513
514
515
	cfg_obj_t *views = NULL;
	cfg_obj_t *obj;
	cfg_listelt_t *velement;
Brian Wellington's avatar
Brian Wellington committed
516
	isc_result_t result = ISC_R_SUCCESS;
517
	isc_result_t tresult;
518

519
520
	(void)cfg_map_get(config, "options", &options);

521
	if (options != NULL &&
Mark Andrews's avatar
re-do:    
Mark Andrews committed
522
	    check_options(options, logctx, ISC_TRUE) != ISC_R_SUCCESS)
523
		result = ISC_R_FAILURE;
524

525
526
527
	(void)cfg_map_get(config, "view", &views);

	if (views == NULL) {
528
		if (check_viewconf(config, NULL, dns_rdataclass_in,
529
				   logctx, mctx) != ISC_R_SUCCESS)
Brian Wellington's avatar
Brian Wellington committed
530
			result = ISC_R_FAILURE;
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
	} else {
		cfg_obj_t *zones = NULL;

		(void)cfg_map_get(config, "zone", &zones);
		if (zones != NULL) {
			cfg_obj_log(zones, logctx, ISC_LOG_ERROR,
				    "when using 'view' statements, "
				    "all zones must be in views");
			result = ISC_R_FAILURE;
		}
	}

	for (velement = cfg_list_first(views);
	     velement != NULL;
	     velement = cfg_list_next(velement))
	{
		cfg_obj_t *view = cfg_listelt_value(velement);
Brian Wellington's avatar
Brian Wellington committed
548
		cfg_obj_t *vname = cfg_tuple_get(view, "name");
549
		cfg_obj_t *voptions = cfg_tuple_get(view, "options");
550
551
552
		cfg_obj_t *vclassobj = cfg_tuple_get(view, "class");
		dns_rdataclass_t vclass = dns_rdataclass_in;
		isc_result_t tresult = ISC_R_SUCCESS;
553

554
555
556
557
558
559
560
		if (cfg_obj_isstring(vclassobj)) {
			isc_textregion_t r;

			DE_CONST(cfg_obj_asstring(vclassobj), r.base);
			r.length = strlen(r.base);
			tresult = dns_rdataclass_fromtext(&vclass, &r);
			if (tresult != ISC_R_SUCCESS)
561
				cfg_obj_log(vclassobj, logctx, ISC_LOG_ERROR,
562
563
564
565
					    "view '%s': invalid class %s",
					    cfg_obj_asstring(vname), r.base);
		}
		if (tresult == ISC_R_SUCCESS)
566
			tresult = check_viewconf(config, voptions,
567
568
						 vclass, logctx, mctx);
		if (tresult != ISC_R_SUCCESS)
Brian Wellington's avatar
Brian Wellington committed
569
			result = ISC_R_FAILURE;
570
571
	}

572
573
	if (views != NULL && options != NULL) {
		obj = NULL;
574
575
		tresult = cfg_map_get(options, "cache-file", &obj);
		if (tresult == ISC_R_SUCCESS) {
576
577
578
579
580
581
			cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
				    "'cache-file' cannot be a global "
				    "option if views are present");
			result = ISC_R_FAILURE;
		}
	}
582
583
584

	return (result);
}