check.c 18.4 KB
Newer Older
1
/*
Mark Andrews's avatar
Mark Andrews committed
2
 * Copyright (C) 2001, 2002  Internet Software Consortium.
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
 * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
 * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
 * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
 * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

Mark Andrews's avatar
Mark Andrews committed
18
/* $Id: check.c,v 1.25 2002/02/20 03:34:09 marka Exp $ */
19
20
21
22
23
24

#include <config.h>

#include <stdlib.h>
#include <string.h>

25
#include <isc/buffer.h>
26
#include <isc/log.h>
27
28
#include <isc/mem.h>
#include <isc/region.h>
29
#include <isc/result.h>
30
#include <isc/symtab.h>
Brian Wellington's avatar
Brian Wellington committed
31
#include <isc/util.h>
32
33

#include <dns/rdataclass.h>
34
#include <dns/fixedname.h>
35
36

#include <isccfg/cfg.h>
37
38

#include <bind9/check.h>
39

40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
static isc_result_t
check_forward(cfg_obj_t *options, isc_log_t *logctx) {
	cfg_obj_t *forward = NULL;
	cfg_obj_t *forwarders = NULL;

	(void)cfg_map_get(options, "forward", &forward);
	(void)cfg_map_get(options, "forwarders", &forwarders);

	if (forward != NULL && forwarders == NULL) {
		cfg_obj_log(forward, logctx, ISC_LOG_ERROR,
			    "no matching 'forwarders' statement");
		return (ISC_R_FAILURE);
	}
	return (ISC_R_SUCCESS);
}

56
57
58
typedef struct {
	const char *name;
	unsigned int scale;
59
	unsigned int max;
60
61
62
} intervaltable;

static isc_result_t
63
check_options(cfg_obj_t *options, isc_log_t *logctx) {
64
65
	isc_result_t result = ISC_R_SUCCESS;
	unsigned int i;
66
	cfg_obj_t *obj = NULL;
67
68

	static intervaltable intervals[] = {
69
70
71
72
73
74
75
76
77
	{ "cleaning-interval", 60, 28 * 24 * 60 },	/* 28 days */
	{ "heartbeat-interval", 60, 28 * 24 * 60 },	/* 28 days */
	{ "interface-interval", 60, 28 * 24 * 60 },	/* 28 days */
	{ "max-transfer-idle-in", 60, 28 * 24 * 60 },	/* 28 days */
	{ "max-transfer-idle-out", 60, 28 * 24 * 60 },	/* 28 days */
	{ "max-transfer-time-in", 60, 28 * 24 * 60 },	/* 28 days */
	{ "max-transfer-time-out", 60, 28 * 24 * 60 },	/* 28 days */
	{ "sig-validity-interval", 86400, 10 * 366 },	/* 10 years */
	{ "statistics-interval", 60, 28 * 24 * 60 },	/* 28 days */
78
79
80
81
82
83
84
85
	};

	/*
	 * Check that fields specified in units of time other than seconds
	 * have reasonable values.
	 */
	for (i = 0; i < sizeof(intervals) / sizeof(intervals[0]); i++) {
		isc_uint32_t val;
86
		obj = NULL;
87
88
89
90
		(void)cfg_map_get(options, intervals[i].name, &obj);
		if (obj == NULL)
			continue;
		val = cfg_obj_asuint32(obj);
91
92
93
94
95
96
97
		if (val > intervals[i].max) {
			cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
				    "%s '%u' is out of range (0..%u)",
				    intervals[i].name, val,
				    intervals[i].max);
			result = ISC_R_RANGE;
		} else if (val > (ISC_UINT32_MAX / intervals[i].scale)) {
98
99
100
101
102
103
104
105
106
			cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
				    "%s '%d' is out of range",
				    intervals[i].name, val);
			result = ISC_R_RANGE;
		}
	}
	return (result);
}

107
108
109
110
111
112
113
114
115
116
117
118
#define MASTERZONE	1
#define SLAVEZONE	2
#define STUBZONE	4
#define HINTZONE	8
#define FORWARDZONE	16

typedef struct {
	const char *name;
	int allowed;
} optionstable;

static isc_result_t
119
check_zoneconf(cfg_obj_t *zconfig, isc_symtab_t *symtab,
120
	       dns_rdataclass_t defclass, isc_log_t *logctx, isc_mem_t *mctx)
121
{
122
123
124
125
126
	const char *zname;
	const char *typestr;
	unsigned int ztype;
	cfg_obj_t *zoptions;
	cfg_obj_t *obj = NULL;
127
	cfg_obj_t *addrlist = NULL;
128
	isc_symvalue_t symvalue;
Brian Wellington's avatar
Brian Wellington committed
129
	isc_result_t result = ISC_R_SUCCESS;
130
	isc_result_t tresult;
131
	unsigned int i;
132
	dns_rdataclass_t zclass;
133
134
	dns_fixedname_t fixedname;
	isc_buffer_t b;
135
136
137

	static optionstable options[] = {
	{ "allow-query", MASTERZONE | SLAVEZONE | STUBZONE },
138
	{ "allow-notify", SLAVEZONE },
139
	{ "allow-transfer", MASTERZONE | SLAVEZONE },
140
141
142
143
144
145
146
	{ "notify", MASTERZONE | SLAVEZONE },
	{ "also-notify", MASTERZONE | SLAVEZONE },
	{ "dialup", MASTERZONE | SLAVEZONE | STUBZONE },
	{ "forward", MASTERZONE | SLAVEZONE | STUBZONE | FORWARDZONE},
	{ "forwarders", MASTERZONE | SLAVEZONE | STUBZONE | FORWARDZONE},
	{ "maintain-ixfr-base", MASTERZONE | SLAVEZONE },
	{ "max-ixfr-log-size", MASTERZONE | SLAVEZONE },
147
148
	{ "notify-source", MASTERZONE | SLAVEZONE },
	{ "notify-source-v6", MASTERZONE | SLAVEZONE },
149
150
	{ "transfer-source", SLAVEZONE | STUBZONE },
	{ "transfer-source-v6", SLAVEZONE | STUBZONE },
151
152
153
154
155
156
157
158
159
160
161
	{ "max-transfer-time-in", SLAVEZONE | STUBZONE },
	{ "max-transfer-time-out", MASTERZONE | SLAVEZONE },
	{ "max-transfer-idle-in", SLAVEZONE | STUBZONE },
	{ "max-transfer-idle-out", MASTERZONE | SLAVEZONE },
	{ "max-retry-time", SLAVEZONE | STUBZONE },
	{ "min-retry-time", SLAVEZONE | STUBZONE },
	{ "max-refresh-time", SLAVEZONE | STUBZONE },
	{ "min-refresh-time", SLAVEZONE | STUBZONE },
	{ "sig-validity-interval", MASTERZONE },
	{ "zone-statistics", MASTERZONE | SLAVEZONE | STUBZONE },
	{ "allow-update", MASTERZONE },
162
	{ "allow-update-forwarding", SLAVEZONE },
163
164
165
166
167
168
169
	{ "file", MASTERZONE | SLAVEZONE | STUBZONE | HINTZONE},
	{ "ixfr-base", MASTERZONE | SLAVEZONE },
	{ "ixfr-tmp-file", MASTERZONE | SLAVEZONE },
	{ "masters", SLAVEZONE | STUBZONE },
	{ "pubkey", MASTERZONE | SLAVEZONE | STUBZONE },
	{ "update-policy", MASTERZONE },
	{ "database", MASTERZONE | SLAVEZONE | STUBZONE },
170
	{ "key-directory", MASTERZONE },
171
172
173
174
175
176
177
178
179
	};

	static optionstable dialups[] = {
	{ "notify", MASTERZONE | SLAVEZONE },
	{ "notify-passive", SLAVEZONE },
	{ "refresh", SLAVEZONE | STUBZONE },
	{ "passive", SLAVEZONE | STUBZONE },
	};

Brian Wellington's avatar
bugs    
Brian Wellington committed
180
181
182
	zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));

	zoptions = cfg_tuple_get(zconfig, "options");
183
184

	obj = NULL;
Brian Wellington's avatar
bugs    
Brian Wellington committed
185
	(void)cfg_map_get(zoptions, "type", &obj);
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
	if (obj == NULL) {
		cfg_obj_log(zconfig, logctx, ISC_LOG_ERROR,
			    "zone '%s': type not present", zname);
		return (ISC_R_FAILURE);
	}

	typestr = cfg_obj_asstring(obj);
	if (strcasecmp(typestr, "master") == 0)
		ztype = MASTERZONE;
	else if (strcasecmp(typestr, "slave") == 0)
		ztype = SLAVEZONE;
	else if (strcasecmp(typestr, "stub") == 0)
		ztype = STUBZONE;
	else if (strcasecmp(typestr, "forward") == 0)
		ztype = FORWARDZONE;
	else if (strcasecmp(typestr, "hint") == 0)
		ztype = HINTZONE;
	else {
		cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
			    "zone '%s': invalid type %s",
			    zname, typestr);
		return (ISC_R_FAILURE);
	}

210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
	obj = cfg_tuple_get(zconfig, "class");
	if (cfg_obj_isstring(obj)) {
		isc_textregion_t r;

		DE_CONST(cfg_obj_asstring(obj), r.base);
		r.length = strlen(r.base);
		result = dns_rdataclass_fromtext(&zclass, &r);
		if (result != ISC_R_SUCCESS) {
			cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
				    "zone '%s': invalid class %s",
				    zname, r.base);
			return (ISC_R_FAILURE);
		}
		if (zclass != defclass) {
			cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
				    "zone '%s': class '%s' does not "
				    "match view/default class",
				    zname, r.base);
			return (ISC_R_FAILURE);
		}
	}

232
233
	/*
	 * Look for an already existing zone.
234
235
	 * We need to make this cannonical as isc_symtab_define()
	 * deals with strings.
236
	 */
237
238
239
240
241
242
	dns_fixedname_init(&fixedname);
	isc_buffer_init(&b, zname, strlen(zname));
	isc_buffer_add(&b, strlen(zname));
	result = dns_name_fromtext(dns_fixedname_name(&fixedname), &b,
				   dns_rootname, ISC_TRUE, NULL);
	if (result != ISC_R_SUCCESS) {
243
		cfg_obj_log(zconfig, logctx, ISC_LOG_ERROR,
244
			    "zone '%s': is not a valid name", zname);
245
		result = ISC_R_FAILURE;
246
247
	} else {
		char namebuf[DNS_NAME_FORMATSIZE];
248
249
		char *key;

250
251
		dns_name_format(dns_fixedname_name(&fixedname),
				namebuf, sizeof(namebuf));
252
253
254
		key = isc_mem_strdup(mctx, namebuf);
		if (key == NULL)
			return (ISC_R_NOMEMORY);
255
		symvalue.as_pointer = zconfig;
256
		tresult = isc_symtab_define(symtab, key,
257
258
259
					    ztype == HINTZONE ? 1 : 2,
					    symvalue, isc_symexists_reject);
		if (tresult == ISC_R_EXISTS) {
260
261
262
263
264
265
			const char *file;
			unsigned int line;

			RUNTIME_CHECK(isc_symtab_lookup(symtab, key,
					    ztype == HINTZONE ? 1 : 2,
					    &symvalue) == ISC_R_SUCCESS);
Mark Andrews's avatar
Mark Andrews committed
266
			isc_mem_free(mctx, key);
267
268
269
270
271
			file = cfg_obj_file(symvalue.as_pointer);
			line = cfg_obj_line(symvalue.as_pointer);

			if (file == NULL)
				file = "<unknown file>";
272
			cfg_obj_log(zconfig, logctx, ISC_LOG_ERROR,
273
274
275
				    "zone '%s': already exists "
				    "previous definition: %s:%u",
				    zname, file, line);
276
			result = ISC_R_FAILURE;
Mark Andrews's avatar
Mark Andrews committed
277
278
		} else if (tresult != ISC_R_SUCCESS) {
			isc_mem_strdup(mctx, key);
279
			return (tresult);
Mark Andrews's avatar
Mark Andrews committed
280
		}
281
	}
282
283
284
285

	/*
	 * Look for inappropriate options for the given zone type.
	 */
286
287
288
289
290
291
292
293
294
295
296
297
298
299
	for (i = 0; i < sizeof(options) / sizeof(options[0]); i++) {
		obj = NULL;
		if ((options[i].allowed & ztype) == 0 &&
		    cfg_map_get(zoptions, options[i].name, &obj) ==
		    ISC_R_SUCCESS)
		{
			cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
				    "option '%s' is not allowed in '%s' "
				    "zone '%s'",
				    options[i].name, typestr, zname);
			result = ISC_R_FAILURE;
		}
	}

300
301
302
	/*
	 * Slave & stub zones must have a "masters" field.
	 */
303
304
305
	if (ztype == SLAVEZONE || ztype == STUBZONE) {
		obj = NULL;
		if (cfg_map_get(zoptions, "masters", &obj) != ISC_R_SUCCESS) {
306
			cfg_obj_log(zoptions, logctx, ISC_LOG_ERROR,
307
308
309
310
				    "zone '%s': missing 'masters' entry",
				    zname);
			result = ISC_R_FAILURE;
		}
311
312
313
314
315
316
317
		addrlist = cfg_tuple_get(obj, "addresses");
		if (cfg_list_first(addrlist) == NULL) {
			cfg_obj_log(zoptions, logctx, ISC_LOG_ERROR,
				    "zone '%s': empty 'masters' entry",
				    zname);
			result = ISC_R_FAILURE;
		}
318
319
	}

320
321
322
	/*
	 * Master zones can't have both "allow-update" and "update-policy".
	 */
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
	if (ztype == MASTERZONE) {
		isc_result_t res1, res2;
		obj = NULL;
		res1 = cfg_map_get(zoptions, "allow-update", &obj);
		obj = NULL;
		res2 = cfg_map_get(zoptions, "update-policy", &obj);
		if (res1 == ISC_R_SUCCESS && res2 == ISC_R_SUCCESS) {
			cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
				    "zone '%s': 'allow-update' is ignored "
				    "when 'update-policy' is present",
				    zname);
			result = ISC_R_FAILURE;
		}
	}

338
339
340
	/*
	 * Check the excessively complicated "dialup" option.
	 */
341
342
	if (ztype == MASTERZONE || ztype == SLAVEZONE || ztype == STUBZONE) {
		cfg_obj_t *dialup = NULL;
343
		(void)cfg_map_get(zoptions, "dialup", &dialup);
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
		if (dialup != NULL && cfg_obj_isstring(dialup)) {
			char *str = cfg_obj_asstring(dialup);
			for (i = 0;
			     i < sizeof(dialups) / sizeof(dialups[0]);
			     i++)
			{
				if (strcasecmp(dialups[i].name, str) != 0)
					continue;
				if ((dialups[i].allowed & ztype) == 0) {
					cfg_obj_log(obj, logctx,
						    ISC_LOG_ERROR,
						    "dialup type '%s' is not "
						    "allowed in '%s' "
						    "zone '%s'",
						    str, typestr, zname);
					result = ISC_R_FAILURE;
				}
				break;
			}
			if (i == sizeof(dialups) / sizeof(dialups[0])) {
				cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
					    "invalid dialup type '%s' in zone "
					    "'%s'", str, zname);
				result = ISC_R_FAILURE;
			}
		}
	}

372
373
374
375
376
377
	/*
	 * Check that forwarding is reasonable.
	 */
	if (check_forward(zoptions, logctx) != ISC_R_SUCCESS)
		result = ISC_R_FAILURE;

378
379
380
	/*
	 * Check various options.
	 */
381
	tresult = check_options(zoptions, logctx);
382
383
384
	if (tresult != ISC_R_SUCCESS)
		result = tresult;

385
386
387
	return (result);
}

388
isc_result_t
389
bind9_check_key(cfg_obj_t *key, isc_log_t *logctx) {
390
391
392
393
	cfg_obj_t *algobj = NULL;
	cfg_obj_t *secretobj = NULL;
	const char *keyname = cfg_obj_asstring(cfg_map_getname(key));
	
394
395
	(void)cfg_map_get(key, "algorithm", &algobj);
	(void)cfg_map_get(key, "secret", &secretobj);
396
397
398
399
400
	if (secretobj == NULL || algobj == NULL) {
		cfg_obj_log(key, logctx, ISC_LOG_ERROR,
			    "key '%s' must have both 'secret' and "
			    "'algorithm' defined",
			    keyname);
Brian Wellington's avatar
style    
Brian Wellington committed
401
		return (ISC_R_FAILURE);
402
	}
Brian Wellington's avatar
style    
Brian Wellington committed
403
	return (ISC_R_SUCCESS);
404
}
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435

static isc_result_t
check_keylist(cfg_obj_t *keys, isc_symtab_t *symtab, isc_log_t *logctx) {
	isc_result_t result = ISC_R_SUCCESS;
	isc_result_t tresult;
	cfg_listelt_t *element;

	for (element = cfg_list_first(keys);
	     element != NULL;
	     element = cfg_list_next(element))
	{
		cfg_obj_t *key = cfg_listelt_value(element);
		const char *keyname = cfg_obj_asstring(cfg_map_getname(key));
		isc_symvalue_t symvalue;

		symvalue.as_pointer = NULL;
		tresult = isc_symtab_define(symtab, keyname, 1,
					    symvalue, isc_symexists_reject);
		if (tresult == ISC_R_EXISTS) {
			cfg_obj_log(key, logctx, ISC_LOG_ERROR,
				    "key '%s': already exists ", keyname);
			result = tresult;
		} else if (tresult != ISC_R_SUCCESS)
			return (tresult);

		tresult = bind9_check_key(key, logctx);
		if (tresult != ISC_R_SUCCESS)
			return (tresult);
	}
	return (result);
}
436
437
438
439
440
441
442

static void
freekey(char *key, unsigned int type, isc_symvalue_t value, void *userarg) {
	UNUSED(type);
	UNUSED(value);
	isc_mem_free(userarg, key);
}
443
		
Brian Wellington's avatar
Brian Wellington committed
444
static isc_result_t
445
check_viewconf(cfg_obj_t *config, cfg_obj_t *vconfig, dns_rdataclass_t vclass,
446
	       isc_log_t *logctx, isc_mem_t *mctx)
447
{
Brian Wellington's avatar
Brian Wellington committed
448
449
450
	cfg_obj_t *zones = NULL;
	cfg_obj_t *keys = NULL;
	cfg_listelt_t *element;
451
	isc_symtab_t *symtab = NULL;
Brian Wellington's avatar
Brian Wellington committed
452
	isc_result_t result = ISC_R_SUCCESS;
453
	isc_result_t tresult = ISC_R_SUCCESS;
Brian Wellington's avatar
Brian Wellington committed
454

455
456
457
458
	/*
	 * Check that all zone statements are syntactically correct and
	 * there are no duplicate zones.
	 */
459
460
	tresult = isc_symtab_create(mctx, 100, freekey, mctx,
				    ISC_TRUE, &symtab);
461
	if (tresult != ISC_R_SUCCESS)
462
463
		return (ISC_R_NOMEMORY);

464
465
466
467
	if (vconfig != NULL)
		(void)cfg_map_get(vconfig, "zone", &zones);
	else
		(void)cfg_map_get(config, "zone", &zones);
468

Brian Wellington's avatar
Brian Wellington committed
469
470
471
472
	for (element = cfg_list_first(zones);
	     element != NULL;
	     element = cfg_list_next(element))
	{
473
		isc_result_t tresult;
Brian Wellington's avatar
Brian Wellington committed
474
475
		cfg_obj_t *zone = cfg_listelt_value(element);

476
		tresult = check_zoneconf(zone, symtab, vclass, logctx, mctx);
477
		if (tresult != ISC_R_SUCCESS)
Brian Wellington's avatar
Brian Wellington committed
478
479
480
			result = ISC_R_FAILURE;
	}

481
482
483
484
485
486
	isc_symtab_destroy(&symtab);

	/*
	 * Check that all key statements are syntactically correct and
	 * there are no duplicate keys.
	 */
487
488
	tresult = isc_symtab_create(mctx, 100, NULL, NULL, ISC_TRUE, &symtab);
	if (tresult != ISC_R_SUCCESS)
489
490
		return (ISC_R_NOMEMORY);

491
	(void)cfg_map_get(config, "key", &keys);
492
493
494
495
496
497
498
499
500
501
502
503
504
	tresult = check_keylist(keys, symtab, logctx);
	if (tresult == ISC_R_EXISTS)
		result = ISC_R_FAILURE;
	else if (tresult != ISC_R_SUCCESS) {
		isc_symtab_destroy(&symtab);
		return (tresult);
	}
	
	if (vconfig != NULL) {
		keys = NULL;
		(void)cfg_map_get(vconfig, "key", &keys);
		tresult = check_keylist(keys, symtab, logctx);
		if (tresult == ISC_R_EXISTS)
505
			result = ISC_R_FAILURE;
506
		else if (tresult != ISC_R_SUCCESS) {
507
508
			isc_symtab_destroy(&symtab);
			return (tresult);
Brian Wellington's avatar
Brian Wellington committed
509
510
511
		}
	}

512
513
	isc_symtab_destroy(&symtab);

514
515
516
	/*
	 * Check that forwarding is reasonable.
	 */
517
	if (vconfig == NULL) {
518
		cfg_obj_t *options = NULL;
519
		(void)cfg_map_get(config, "options", &options);
520
521
522
523
524
525
526
527
		if (options != NULL)
			if (check_forward(options, logctx) != ISC_R_SUCCESS)
				result = ISC_R_FAILURE;
	} else {
		if (check_forward(vconfig, logctx) != ISC_R_SUCCESS)
			result = ISC_R_FAILURE;
	}

528
	if (vconfig != NULL)
529
		tresult = check_options(vconfig, logctx);
530
	else
531
		tresult = check_options(config, logctx);
532
533
534
	if (tresult != ISC_R_SUCCESS)
		result = tresult;

Brian Wellington's avatar
Brian Wellington committed
535
536
537
538
	return (result);
}


539
isc_result_t
540
bind9_check_namedconf(cfg_obj_t *config, isc_log_t *logctx, isc_mem_t *mctx) {
541
	cfg_obj_t *options = NULL;
542
	cfg_obj_t *views = NULL;
543
	cfg_obj_t *acls = NULL;
544
545
	cfg_obj_t *obj;
	cfg_listelt_t *velement;
Brian Wellington's avatar
Brian Wellington committed
546
	isc_result_t result = ISC_R_SUCCESS;
547
	isc_result_t tresult;
548

549
	static const char *builtin[] = { "localhost", "localnets",
550
					 "any", "none"};
551

552
553
	(void)cfg_map_get(config, "options", &options);

554
	if (options != NULL &&
555
	    check_options(options, logctx) != ISC_R_SUCCESS)
556
		result = ISC_R_FAILURE;
557

558
559
560
	(void)cfg_map_get(config, "view", &views);

	if (views == NULL) {
561
		if (check_viewconf(config, NULL, dns_rdataclass_in,
562
				   logctx, mctx) != ISC_R_SUCCESS)
Brian Wellington's avatar
Brian Wellington committed
563
			result = ISC_R_FAILURE;
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
	} else {
		cfg_obj_t *zones = NULL;

		(void)cfg_map_get(config, "zone", &zones);
		if (zones != NULL) {
			cfg_obj_log(zones, logctx, ISC_LOG_ERROR,
				    "when using 'view' statements, "
				    "all zones must be in views");
			result = ISC_R_FAILURE;
		}
	}

	for (velement = cfg_list_first(views);
	     velement != NULL;
	     velement = cfg_list_next(velement))
	{
		cfg_obj_t *view = cfg_listelt_value(velement);
Brian Wellington's avatar
Brian Wellington committed
581
		cfg_obj_t *vname = cfg_tuple_get(view, "name");
582
		cfg_obj_t *voptions = cfg_tuple_get(view, "options");
583
584
585
		cfg_obj_t *vclassobj = cfg_tuple_get(view, "class");
		dns_rdataclass_t vclass = dns_rdataclass_in;
		isc_result_t tresult = ISC_R_SUCCESS;
586

587
588
589
590
591
592
593
		if (cfg_obj_isstring(vclassobj)) {
			isc_textregion_t r;

			DE_CONST(cfg_obj_asstring(vclassobj), r.base);
			r.length = strlen(r.base);
			tresult = dns_rdataclass_fromtext(&vclass, &r);
			if (tresult != ISC_R_SUCCESS)
594
				cfg_obj_log(vclassobj, logctx, ISC_LOG_ERROR,
595
596
597
598
					    "view '%s': invalid class %s",
					    cfg_obj_asstring(vname), r.base);
		}
		if (tresult == ISC_R_SUCCESS)
599
			tresult = check_viewconf(config, voptions,
600
601
						 vclass, logctx, mctx);
		if (tresult != ISC_R_SUCCESS)
Brian Wellington's avatar
Brian Wellington committed
602
			result = ISC_R_FAILURE;
603
604
	}

605
606
	if (views != NULL && options != NULL) {
		obj = NULL;
607
608
		tresult = cfg_map_get(options, "cache-file", &obj);
		if (tresult == ISC_R_SUCCESS) {
609
610
611
612
613
614
			cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
				    "'cache-file' cannot be a global "
				    "option if views are present");
			result = ISC_R_FAILURE;
		}
	}
615

616
617
618
        tresult = cfg_map_get(config, "acl", &acls);
        if (tresult == ISC_R_SUCCESS) {
		cfg_listelt_t *elt;
619
		cfg_listelt_t *elt2;
620
621
622
623
624
625
		const char *aclname;

		for (elt = cfg_list_first(acls);
		     elt != NULL;
		     elt = cfg_list_next(elt)) {
			cfg_obj_t *acl = cfg_listelt_value(elt);
626
			unsigned int i;
627
628

			aclname = cfg_obj_asstring(cfg_tuple_get(acl, "name"));
629
630
631
			for (i = 0;
			     i < sizeof(builtin) / sizeof(builtin[0]);
			     i++)
632
633
634
635
636
637
638
639
				if (strcasecmp(aclname, builtin[i]) == 0) {
					cfg_obj_log(acl, logctx, ISC_LOG_ERROR,
						    "attempt to redefine "
						    "builtin acl '%s'",
				    		    aclname);
					result = ISC_R_FAILURE;
					break;
				}
640
641
642
643
644
645
646
647
648

			for (elt2 = cfg_list_next(elt);
			     elt2 != NULL;
			     elt2 = cfg_list_next(elt2)) {
				cfg_obj_t *acl2 = cfg_listelt_value(elt2);
				const char *name;
				name = cfg_obj_asstring(cfg_tuple_get(acl2,
								      "name"));
				if (strcasecmp(aclname, name) == 0) {
649
650
651
652
653
654
					const char *file = cfg_obj_file(acl);
					unsigned int line = cfg_obj_line(acl);

					if (file == NULL)
						file = "<unknown file>";

655
656
					cfg_obj_log(acl2, logctx, ISC_LOG_ERROR,
						    "attempt to redefine "
657
658
659
						    "acl '%s' previous "
						    "definition: %s:%u",
						     name, file, line);
660
661
662
					result = ISC_R_FAILURE;
				}
			}
663
664
665
		}
	}

666
667
	return (result);
}