Commit 08f860f8 authored by Evan Hunt's avatar Evan Hunt
Browse files

2630. [func] Improved syntax for DDNS autoconfiguration: use

			"update-policy local;" to switch on local DDNS in a
			zone.  [RT #19875]
parent 38cd4d14
2630. [func] Improved syntax for DDNS autoconfiguration: use
"update-policy local;" to switch on local DDNS in a
zone. [RT #19875]
2629. [port] Check for seteuid()/setegid(), use setresuid()/ 2629. [port] Check for seteuid()/setegid(), use setresuid()/
setresgid() if not present. [RT #19932] setresgid() if not present. [RT #19932]
......
...@@ -12,7 +12,7 @@ ...@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE. # PERFORMANCE OF THIS SOFTWARE.
# $Id: Makefile.in,v 1.3 2009/06/11 23:47:55 tbox Exp $ # $Id: Makefile.in,v 1.4 2009/07/14 22:54:56 each Exp $
srcdir = @srcdir@ srcdir = @srcdir@
VPATH = @srcdir@ VPATH = @srcdir@
...@@ -68,9 +68,7 @@ rndc-confgen.@O@: rndc-confgen.c ...@@ -68,9 +68,7 @@ rndc-confgen.@O@: rndc-confgen.c
-c ${srcdir}/rndc-confgen.c -c ${srcdir}/rndc-confgen.c
ddns-confgen.@O@: ddns-confgen.c ddns-confgen.@O@: ddns-confgen.c
${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \ ${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -c ${srcdir}/ddns-confgen.c
-DDDNS_KEYFILE=\"${localstatedir}/run/named/ddns.key\" \
-c ${srcdir}/ddns-confgen.c
rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS} rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS} ${CONFDEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ rndc-confgen.@O@ util.@O@ keygen.@O@ \ ${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ rndc-confgen.@O@ util.@O@ keygen.@O@ \
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: config.c,v 1.98 2009/06/30 02:52:32 each Exp $ */ /* $Id: config.c,v 1.99 2009/07/14 22:54:56 each Exp $ */
/*! \file */ /*! \file */
...@@ -59,9 +59,9 @@ options {\n\ ...@@ -59,9 +59,9 @@ options {\n\
files unlimited;\n\ files unlimited;\n\
stacksize default;\n" stacksize default;\n"
#endif #endif
"# ddns-keyfile \"" NS_LOCALSTATEDIR "/run/named/ddns.key\";\n\ "# session-keyfile \"" NS_LOCALSTATEDIR "/run/named/session.key\";\n\
ddns-keyname local-ddns;\n\ session-keyname local-ddns;\n\
ddns-keyalg hmac-sha256;\n\ session-keyalg hmac-sha256;\n\
deallocate-on-exit true;\n\ deallocate-on-exit true;\n\
# directory <none>\n\ # directory <none>\n\
dump-file \"named_dump.db\";\n\ dump-file \"named_dump.db\";\n\
...@@ -168,7 +168,6 @@ options {\n\ ...@@ -168,7 +168,6 @@ options {\n\
notify-delay 5;\n\ notify-delay 5;\n\
notify-to-soa no;\n\ notify-to-soa no;\n\
dialup no;\n\ dialup no;\n\
ddns-autoconf no;\n\
# forward <none>\n\ # forward <none>\n\
# forwarders <none>\n\ # forwarders <none>\n\
maintain-ixfr-base no;\n\ maintain-ixfr-base no;\n\
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: globals.h,v 1.83 2009/06/10 00:27:21 each Exp $ */ /* $Id: globals.h,v 1.84 2009/07/14 22:54:56 each Exp $ */
#ifndef NAMED_GLOBALS_H #ifndef NAMED_GLOBALS_H
#define NAMED_GLOBALS_H 1 #define NAMED_GLOBALS_H 1
...@@ -92,8 +92,8 @@ EXTERN cfg_obj_t * ns_g_bindkeys INIT(NULL); ...@@ -92,8 +92,8 @@ EXTERN cfg_obj_t * ns_g_bindkeys INIT(NULL);
EXTERN const char * ns_g_keyfile INIT(NS_SYSCONFDIR EXTERN const char * ns_g_keyfile INIT(NS_SYSCONFDIR
"/rndc.key"); "/rndc.key");
EXTERN dns_tsigkey_t * ns_g_ddnskey INIT(NULL); EXTERN dns_tsigkey_t * ns_g_sessionkey INIT(NULL);
EXTERN dns_name_t ns_g_ddnskeyname; EXTERN dns_name_t ns_g_sessionkeyname;
EXTERN const char * lwresd_g_conffile INIT(NS_SYSCONFDIR EXTERN const char * lwresd_g_conffile INIT(NS_SYSCONFDIR
"/lwresd.conf"); "/lwresd.conf");
...@@ -119,9 +119,9 @@ EXTERN const char * ns_g_chrootdir INIT(NULL); ...@@ -119,9 +119,9 @@ EXTERN const char * ns_g_chrootdir INIT(NULL);
EXTERN isc_boolean_t ns_g_foreground INIT(ISC_FALSE); EXTERN isc_boolean_t ns_g_foreground INIT(ISC_FALSE);
EXTERN isc_boolean_t ns_g_logstderr INIT(ISC_FALSE); EXTERN isc_boolean_t ns_g_logstderr INIT(ISC_FALSE);
EXTERN const char * ns_g_defaultddnskeyfile INIT(NS_LOCALSTATEDIR EXTERN const char * ns_g_defaultsessionkeyfile
"/run/named/" INIT(NS_LOCALSTATEDIR "/run/named/"
"ddns.key"); "session.key");
#if NS_RUN_PID_DIR #if NS_RUN_PID_DIR
EXTERN const char * ns_g_defaultpidfile INIT(NS_LOCALSTATEDIR EXTERN const char * ns_g_defaultpidfile INIT(NS_LOCALSTATEDIR
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: server.h,v 1.100 2009/07/02 07:39:02 marka Exp $ */ /* $Id: server.h,v 1.101 2009/07/14 22:54:56 each Exp $ */
#ifndef NAMED_SERVER_H #ifndef NAMED_SERVER_H
#define NAMED_SERVER_H 1 #define NAMED_SERVER_H 1
...@@ -110,11 +110,11 @@ struct ns_server { ...@@ -110,11 +110,11 @@ struct ns_server {
ns_statschannellist_t statschannels; ns_statschannellist_t statschannels;
dns_tsigkey_t *ddnskey; dns_tsigkey_t *sessionkey;
char *ddns_keyfile; char *session_keyfile;
dns_name_t *ddns_keyname; dns_name_t *session_keyname;
unsigned int ddns_keyalg; unsigned int session_keyalg;
isc_uint16_t ddns_keybits; isc_uint16_t session_keybits;
}; };
#define NS_SERVER_MAGIC ISC_MAGIC('S','V','E','R') #define NS_SERVER_MAGIC ISC_MAGIC('S','V','E','R')
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: server.c,v 1.537 2009/07/02 07:39:02 marka Exp $ */ /* $Id: server.c,v 1.538 2009/07/14 22:54:56 each Exp $ */
/*! \file */ /*! \file */
...@@ -1786,9 +1786,9 @@ configure_view(dns_view_t *view, const cfg_obj_t *config, ...@@ -1786,9 +1786,9 @@ configure_view(dns_view_t *view, const cfg_obj_t *config,
* Configure the view's TSIG keys. * Configure the view's TSIG keys.
*/ */
CHECK(ns_tsigkeyring_fromconfig(config, vconfig, view->mctx, &ring)); CHECK(ns_tsigkeyring_fromconfig(config, vconfig, view->mctx, &ring));
if (ns_g_server->ddnskey != NULL) { if (ns_g_server->sessionkey != NULL) {
CHECK(dns_tsigkeyring_add(ring, ns_g_server->ddns_keyname, CHECK(dns_tsigkeyring_add(ring, ns_g_server->session_keyname,
ns_g_server->ddnskey)); ns_g_server->sessionkey));
} }
dns_view_setkeyring(view, ring); dns_view_setkeyring(view, ring);
ring = NULL; /* ownership transferred */ ring = NULL; /* ownership transferred */
...@@ -3327,24 +3327,24 @@ removed(dns_zone_t *zone, void *uap) { ...@@ -3327,24 +3327,24 @@ removed(dns_zone_t *zone, void *uap) {
static void static void
cleanup_session_key(ns_server_t *server, isc_mem_t *mctx) { cleanup_session_key(ns_server_t *server, isc_mem_t *mctx) {
if (server->ddns_keyfile != NULL) { if (server->session_keyfile != NULL) {
isc_file_remove(server->ddns_keyfile); isc_file_remove(server->session_keyfile);
isc_mem_free(mctx, server->ddns_keyfile); isc_mem_free(mctx, server->session_keyfile);
server->ddns_keyfile = NULL; server->session_keyfile = NULL;
} }
if (server->ddns_keyname != NULL) { if (server->session_keyname != NULL) {
if (dns_name_dynamic(server->ddns_keyname)) if (dns_name_dynamic(server->session_keyname))
dns_name_free(server->ddns_keyname, mctx); dns_name_free(server->session_keyname, mctx);
isc_mem_put(mctx, server->ddns_keyname, sizeof(dns_name_t)); isc_mem_put(mctx, server->session_keyname, sizeof(dns_name_t));
server->ddns_keyname = NULL; server->session_keyname = NULL;
} }
if (server->ddnskey != NULL) if (server->sessionkey != NULL)
dns_tsigkey_detach(&server->ddnskey); dns_tsigkey_detach(&server->sessionkey);
server->ddns_keyalg = DST_ALG_UNKNOWN; server->session_keyalg = DST_ALG_UNKNOWN;
server->ddns_keybits = 0; server->session_keybits = 0;
} }
static isc_result_t static isc_result_t
...@@ -3395,7 +3395,13 @@ generate_session_key(const char *filename, const char *keynamestr, ...@@ -3395,7 +3395,13 @@ generate_session_key(const char *filename, const char *keynamestr,
key = NULL; /* ownership of key has been transferred */ key = NULL; /* ownership of key has been transferred */
/* Dump the key to the key file. */ /* Dump the key to the key file. */
CHECK(isc_file_safecreate(filename, &fp)); result = isc_file_safecreate(filename, &fp);
if (result != ISC_R_SUCCESS) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"could not create %s", filename);
goto cleanup;
}
fprintf(fp, "key \"%s\" {\n" fprintf(fp, "key \"%s\" {\n"
"\talgorithm %s;\n" "\talgorithm %s;\n"
...@@ -3439,17 +3445,17 @@ configure_session_key(const cfg_obj_t **maps, ns_server_t *server, ...@@ -3439,17 +3445,17 @@ configure_session_key(const cfg_obj_t **maps, ns_server_t *server,
isc_result_t result; isc_result_t result;
obj = NULL; obj = NULL;
result = ns_config_get(maps, "ddns-keyfile", &obj); result = ns_config_get(maps, "session-keyfile", &obj);
if (result == ISC_R_SUCCESS) { if (result == ISC_R_SUCCESS) {
if (cfg_obj_isvoid(obj)) if (cfg_obj_isvoid(obj))
keyfile = NULL; /* disable it */ keyfile = NULL; /* disable it */
else else
keyfile = cfg_obj_asstring(obj); keyfile = cfg_obj_asstring(obj);
} else } else
keyfile = ns_g_defaultddnskeyfile; keyfile = ns_g_defaultsessionkeyfile;
obj = NULL; obj = NULL;
result = ns_config_get(maps, "ddns-keyname", &obj); result = ns_config_get(maps, "session-keyname", &obj);
INSIST(result == ISC_R_SUCCESS); INSIST(result == ISC_R_SUCCESS);
keynamestr = cfg_obj_asstring(obj); keynamestr = cfg_obj_asstring(obj);
dns_fixedname_init(&fname); dns_fixedname_init(&fname);
...@@ -3462,7 +3468,7 @@ configure_session_key(const cfg_obj_t **maps, ns_server_t *server, ...@@ -3462,7 +3468,7 @@ configure_session_key(const cfg_obj_t **maps, ns_server_t *server,
return (result); return (result);
obj = NULL; obj = NULL;
result = ns_config_get(maps, "ddns-keyalg", &obj); result = ns_config_get(maps, "session-keyalg", &obj);
INSIST(result == ISC_R_SUCCESS); INSIST(result == ISC_R_SUCCESS);
algstr = cfg_obj_asstring(obj); algstr = cfg_obj_asstring(obj);
algname = NULL; algname = NULL;
...@@ -3470,58 +3476,58 @@ configure_session_key(const cfg_obj_t **maps, ns_server_t *server, ...@@ -3470,58 +3476,58 @@ configure_session_key(const cfg_obj_t **maps, ns_server_t *server,
if (result != ISC_R_SUCCESS) { if (result != ISC_R_SUCCESS) {
const char *s = " (keeping current key)"; const char *s = " (keeping current key)";
cfg_obj_log(obj, ns_g_lctx, ISC_LOG_ERROR, "ddns-keyalg: " cfg_obj_log(obj, ns_g_lctx, ISC_LOG_ERROR, "session-keyalg: "
"unsupported or unknown algorithm '%s'%s", "unsupported or unknown algorithm '%s'%s",
algstr, algstr,
server->ddns_keyfile != NULL ? s : ""); server->session_keyfile != NULL ? s : "");
return (result); return (result);
} }
/* See if we need to (re)generate a new key. */ /* See if we need to (re)generate a new key. */
if (keyfile == NULL) { if (keyfile == NULL) {
if (server->ddns_keyfile != NULL) if (server->session_keyfile != NULL)
need_deleteold = ISC_TRUE; need_deleteold = ISC_TRUE;
} else if (server->ddns_keyfile == NULL) } else if (server->session_keyfile == NULL)
need_createnew = ISC_TRUE; need_createnew = ISC_TRUE;
else if (strcmp(keyfile, server->ddns_keyfile) != 0 || else if (strcmp(keyfile, server->session_keyfile) != 0 ||
!dns_name_equal(server->ddns_keyname, keyname) || !dns_name_equal(server->session_keyname, keyname) ||
server->ddns_keyalg != algtype || server->session_keyalg != algtype ||
server->ddns_keybits != bits) { server->session_keybits != bits) {
need_deleteold = ISC_TRUE; need_deleteold = ISC_TRUE;
need_createnew = ISC_TRUE; need_createnew = ISC_TRUE;
} }
if (need_deleteold) { if (need_deleteold) {
INSIST(server->ddns_keyfile != NULL); INSIST(server->session_keyfile != NULL);
INSIST(server->ddns_keyname != NULL); INSIST(server->session_keyname != NULL);
INSIST(server->ddnskey != NULL); INSIST(server->sessionkey != NULL);
cleanup_session_key(server, mctx); cleanup_session_key(server, mctx);
} }
if (need_createnew) { if (need_createnew) {
INSIST(server->ddnskey == NULL); INSIST(server->sessionkey == NULL);
INSIST(server->ddns_keyfile == NULL); INSIST(server->session_keyfile == NULL);
INSIST(server->ddns_keyname == NULL); INSIST(server->session_keyname == NULL);
INSIST(server->ddns_keyalg == DST_ALG_UNKNOWN); INSIST(server->session_keyalg == DST_ALG_UNKNOWN);
INSIST(server->ddns_keybits == 0); INSIST(server->session_keybits == 0);
server->ddns_keyname = isc_mem_get(mctx, sizeof(dns_name_t)); server->session_keyname = isc_mem_get(mctx, sizeof(dns_name_t));
if (server->ddns_keyname == NULL) if (server->session_keyname == NULL)
goto cleanup; goto cleanup;
dns_name_init(server->ddns_keyname, NULL); dns_name_init(server->session_keyname, NULL);
CHECK(dns_name_dup(keyname, mctx, server->ddns_keyname)); CHECK(dns_name_dup(keyname, mctx, server->session_keyname));
server->ddns_keyfile = isc_mem_strdup(mctx, keyfile); server->session_keyfile = isc_mem_strdup(mctx, keyfile);
if (server->ddns_keyfile == NULL) if (server->session_keyfile == NULL)
goto cleanup; goto cleanup;
server->ddns_keyalg = algtype; server->session_keyalg = algtype;
server->ddns_keybits = bits; server->session_keybits = bits;
CHECK(generate_session_key(keyfile, keynamestr, keyname, algstr, CHECK(generate_session_key(keyfile, keynamestr, keyname, algstr,
algname, algtype, bits, mctx, algname, algtype, bits, mctx,
&server->ddnskey)); &server->sessionkey));
} }
return (result); return (result);
...@@ -3962,9 +3968,25 @@ load_configuration(const char *filename, ns_server_t *server, ...@@ -3962,9 +3968,25 @@ load_configuration(const char *filename, ns_server_t *server,
CHECK(isc_timer_reset(server->pps_timer, isc_timertype_ticker, NULL, CHECK(isc_timer_reset(server->pps_timer, isc_timertype_ticker, NULL,
&interval, ISC_FALSE)); &interval, ISC_FALSE));
/*
* Write the PID file.
*/
obj = NULL;
if (ns_config_get(maps, "pid-file", &obj) == ISC_R_SUCCESS)
if (cfg_obj_isvoid(obj))
ns_os_writepidfile(NULL, first_time);
else
ns_os_writepidfile(cfg_obj_asstring(obj), first_time);
else if (ns_g_lwresdonly)
ns_os_writepidfile(lwresd_g_defaultpidfile, first_time);
else
ns_os_writepidfile(ns_g_defaultpidfile, first_time);
/* /*
* Configure the server-wide session key. This must be done before * Configure the server-wide session key. This must be done before
* configure views because zone configuration may require ddns-keyname. * configure views because zone configuration may need to know
* session-keyname.
*
* Failure of session key generation isn't fatal at this time; if it * Failure of session key generation isn't fatal at this time; if it
* turns out that a session key is really needed but doesn't exist, * turns out that a session key is really needed but doesn't exist,
* we'll treat it as a fatal error then. * we'll treat it as a fatal error then.
...@@ -4128,17 +4150,6 @@ load_configuration(const char *filename, ns_server_t *server, ...@@ -4128,17 +4150,6 @@ load_configuration(const char *filename, ns_server_t *server,
} }
} }
obj = NULL;
if (ns_config_get(maps, "pid-file", &obj) == ISC_R_SUCCESS)
if (cfg_obj_isvoid(obj))
ns_os_writepidfile(NULL, first_time);
else
ns_os_writepidfile(cfg_obj_asstring(obj), first_time);
else if (ns_g_lwresdonly)
ns_os_writepidfile(lwresd_g_defaultpidfile, first_time);
else
ns_os_writepidfile(ns_g_defaultpidfile, first_time);
/* /*
* Relinquish root privileges. * Relinquish root privileges.
*/ */
...@@ -4557,9 +4568,9 @@ shutdown_server(isc_task_t *task, isc_event_t *event) { ...@@ -4557,9 +4568,9 @@ shutdown_server(isc_task_t *task, isc_event_t *event) {
dns_zonemgr_shutdown(server->zonemgr); dns_zonemgr_shutdown(server->zonemgr);
if (ns_g_ddnskey != NULL) { if (ns_g_sessionkey != NULL) {
dns_tsigkey_detach(&ns_g_ddnskey); dns_tsigkey_detach(&ns_g_sessionkey);
dns_name_free(&ns_g_ddnskeyname, server->mctx); dns_name_free(&ns_g_sessionkeyname, server->mctx);
} }
if (server->blackholeacl != NULL) if (server->blackholeacl != NULL)
...@@ -4719,11 +4730,11 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) { ...@@ -4719,11 +4730,11 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) {
ISC_LIST_INIT(server->cachelist); ISC_LIST_INIT(server->cachelist);
server->ddnskey = NULL; server->sessionkey = NULL;
server->ddns_keyfile = NULL; server->session_keyfile = NULL;
server->ddns_keyname = NULL; server->session_keyname = NULL;
server->ddns_keyalg = DST_ALG_UNKNOWN; server->session_keyalg = DST_ALG_UNKNOWN;
server->ddns_keybits = 0; server->session_keybits = 0;
server->magic = NS_SERVER_MAGIC; server->magic = NS_SERVER_MAGIC;
*serverp = server; *serverp = server;
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: os.c,v 1.34 2009/06/12 02:33:21 each Exp $ */ /* $Id: os.c,v 1.35 2009/07/14 22:54:56 each Exp $ */
#include <config.h> #include <config.h>
#include <stdarg.h> #include <stdarg.h>
...@@ -66,7 +66,7 @@ ns_paths_init() { ...@@ -66,7 +66,7 @@ ns_paths_init() {
ns_g_defaultpidfile = isc_ntpaths_get(NAMED_PID_PATH); ns_g_defaultpidfile = isc_ntpaths_get(NAMED_PID_PATH);
lwresd_g_defaultpidfile = isc_ntpaths_get(LWRESD_PID_PATH); lwresd_g_defaultpidfile = isc_ntpaths_get(LWRESD_PID_PATH);
ns_g_keyfile = isc_ntpaths_get(RNDC_KEY_PATH); ns_g_keyfile = isc_ntpaths_get(RNDC_KEY_PATH);
ns_g_defaultddnskeyfile = isc_ntpaths_get(DDNS_KEY_PATH); ns_g_defaultsessionkeyfile = isc_ntpaths_get(SESSION_KEY_PATH);
Initialized = TRUE; Initialized = TRUE;
} }
......
...@@ -15,7 +15,7 @@ ...@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: zoneconf.c,v 1.151 2009/06/10 23:47:47 tbox Exp $ */ /* $Id: zoneconf.c,v 1.152 2009/07/14 22:54:56 each Exp $ */
/*% */ /*% */
...@@ -172,21 +172,27 @@ parse_acl: ...@@ -172,21 +172,27 @@ parse_acl:
*/ */
static isc_result_t static isc_result_t
configure_zone_ssutable(const cfg_obj_t *zconfig, dns_zone_t *zone, configure_zone_ssutable(const cfg_obj_t *zconfig, dns_zone_t *zone,
const char *zname, isc_boolean_t autoddns) const char *zname) {
{
const cfg_obj_t *updatepolicy = NULL; const cfg_obj_t *updatepolicy = NULL;
const cfg_listelt_t *element, *element2; const cfg_listelt_t *element, *element2;
dns_ssutable_t *table = NULL; dns_ssutable_t *table = NULL;
isc_mem_t *mctx = dns_zone_getmctx(zone); isc_mem_t *mctx = dns_zone_getmctx(zone);
isc_boolean_t autoddns = ISC_FALSE;
isc_result_t result; isc_result_t result;
(void)cfg_map_get(zconfig, "update-policy", &updatepolicy); (void)cfg_map_get(zconfig, "update-policy", &updatepolicy);
if (updatepolicy == NULL && !autoddns) { if (updatepolicy == NULL) {
dns_zone_setssutable(zone, NULL); dns_zone_setssutable(zone, NULL);
return (ISC_R_SUCCESS); return (ISC_R_SUCCESS);
} }
if (cfg_obj_isstring(updatepolicy) &&
strcmp("local", cfg_obj_asstring(updatepolicy)) == 0) {
autoddns = ISC_TRUE;
updatepolicy = NULL;
}
result = dns_ssutable_create(mctx, &table); result = dns_ssutable_create(mctx, &table);
if (result != ISC_R_SUCCESS) if (result != ISC_R_SUCCESS)
return (result); return (result);
...@@ -336,14 +342,14 @@ configure_zone_ssutable(const cfg_obj_t *zconfig, dns_zone_t *zone, ...@@ -336,14 +342,14 @@ configure_zone_ssutable(const cfg_obj_t *zconfig, dns_zone_t *zone,
} }
/* /*
* If this is a "ddns-autoconf" zone and a DDNS session key exists, * If "update-policy local;" and a session key exists,
* then use the default policy, equivalent to: * then use the default policy, which is equivalent to:
* update-policy { grant <ddns-keyname> zonesub any; }; * update-policy { grant <session-keyname> zonesub any; };
*/ */
if (autoddns) { if (autoddns) {
dns_rdatatype_t any = dns_rdatatype_any; dns_rdatatype_t any = dns_rdatatype_any;
if (ns_g_server->ddns_keyname == NULL) { if (ns_g_server->session_keyname == NULL) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR, NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"failed to enable auto DDNS policy " "failed to enable auto DDNS policy "
...@@ -354,7 +360,7 @@ configure_zone_ssutable(const cfg_obj_t *zconfig, dns_zone_t *zone, ...@@ -354,7 +360,7 @@ configure_zone_ssutable(const cfg_obj_t *zconfig, dns_zone_t *zone,
} }
result = dns_ssutable_addrule(table, ISC_TRUE,