Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
BIND
Commits
1c5990c2
Commit
1c5990c2
authored
Sep 29, 2014
by
Mark Andrews
Browse files
3958. [bug] Detect when writeable files have multiple references
in named.conf. [RT #37172]
parent
60c29cf2
Changes
9
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
1c5990c2
3958. [bug] Detect when writeable files have multiple references
in named.conf. [RT #37172]
3957. [bug] "dnssec-keygen -S" failed for ECCGOST, ECDSAP256SHA256
and ECDSAP384SHA384. [RT #37183]
...
...
bin/tests/system/checkconf/bad-sharedwritable1.conf
0 → 100644
View file @
1c5990c2
/*
*
Copyright
(
C
)
2014
Internet
Systems
Consortium
,
Inc
. (
"ISC"
)
*
*
Permission
to
use
,
copy
,
modify
,
and
/
or
distribute
this
software
for
any
*
purpose
with
or
without
fee
is
hereby
granted
,
provided
that
the
above
*
copyright
notice
and
this
permission
notice
appear
in
all
copies
.
*
*
THE
SOFTWARE
IS
PROVIDED
"AS IS"
AND
ISC
DISCLAIMS
ALL
WARRANTIES
WITH
*
REGARD
TO
THIS
SOFTWARE
INCLUDING
ALL
IMPLIED
WARRANTIES
OF
MERCHANTABILITY
*
AND
FITNESS
.
IN
NO
EVENT
SHALL
ISC
BE
LIABLE
FOR
ANY
SPECIAL
,
DIRECT
,
*
INDIRECT
,
OR
CONSEQUENTIAL
DAMAGES
OR
ANY
DAMAGES
WHATSOEVER
RESULTING
FROM
*
LOSS
OF
USE
,
DATA
OR
PROFITS
,
WHETHER
IN
AN
ACTION
OF
CONTRACT
,
NEGLIGENCE
*
OR
OTHER
TORTIOUS
ACTION
,
ARISING
OUT
OF
OR
IN
CONNECTION
WITH
THE
USE
OR
*
PERFORMANCE
OF
THIS
SOFTWARE
.
*/
zone
a
{
type
master
;
file
"shared.db"
;
};
zone
b
{
type
slave
;
file
"shared.db"
;
masters
{
1
.
2
.
3
.
4
; };
};
bin/tests/system/checkconf/bad-sharedwritable2.conf
0 → 100644
View file @
1c5990c2
/*
*
Copyright
(
C
)
2014
Internet
Systems
Consortium
,
Inc
. (
"ISC"
)
*
*
Permission
to
use
,
copy
,
modify
,
and
/
or
distribute
this
software
for
any
*
purpose
with
or
without
fee
is
hereby
granted
,
provided
that
the
above
*
copyright
notice
and
this
permission
notice
appear
in
all
copies
.
*
*
THE
SOFTWARE
IS
PROVIDED
"AS IS"
AND
ISC
DISCLAIMS
ALL
WARRANTIES
WITH
*
REGARD
TO
THIS
SOFTWARE
INCLUDING
ALL
IMPLIED
WARRANTIES
OF
MERCHANTABILITY
*
AND
FITNESS
.
IN
NO
EVENT
SHALL
ISC
BE
LIABLE
FOR
ANY
SPECIAL
,
DIRECT
,
*
INDIRECT
,
OR
CONSEQUENTIAL
DAMAGES
OR
ANY
DAMAGES
WHATSOEVER
RESULTING
FROM
*
LOSS
OF
USE
,
DATA
OR
PROFITS
,
WHETHER
IN
AN
ACTION
OF
CONTRACT
,
NEGLIGENCE
*
OR
OTHER
TORTIOUS
ACTION
,
ARISING
OUT
OF
OR
IN
CONNECTION
WITH
THE
USE
OR
*
PERFORMANCE
OF
THIS
SOFTWARE
.
*/
zone
a
{
type
slave
;
file
"shared.db"
;
masters
{
1
.
2
.
3
.
4
; };
};
zone
b
{
type
slave
;
file
"shared.db"
;
masters
{
1
.
2
.
3
.
4
; };
};
bin/tests/system/checkconf/good.conf
View file @
1c5990c2
...
...
@@ -93,7 +93,7 @@ view "second" {
};
zone
"example1"
{
type
master
;
file
"
yyy
"
;
file
"
zzz
"
;
update
-
policy
local
;
zone
-
statistics
yes
;
};
...
...
bin/tests/system/checkconf/max-ttl.conf
View file @
1c5990c2
...
...
@@ -35,4 +35,3 @@ zone "maxttl3.example" {
file
"maxttl-bad.db"
;
max
-
zone
-
ttl
120
;
};
bin/tests/system/inline/clean.sh
View file @
1c5990c2
...
...
@@ -25,6 +25,8 @@ rm -f ns2/bits.db.jnl
rm
-f
ns1/signer.out
rm
-f
ns2/retransfer.db
rm
-f
ns2/retransfer.db.jnl
rm
-f
ns2/retransfer3.db
rm
-f
ns2/retransfer3.db.jnl
rm
-f
ns3/K
*
rm
-f
ns3/bits.bk
rm
-f
ns3/bits.bk.jnl
...
...
bin/tests/system/inline/ns2/named.conf
View file @
1c5990c2
...
...
@@ -51,7 +51,7 @@ zone "retransfer" {
zone
"retransfer3"
{
type
master
;
file
"retransfer.db"
;
file
"retransfer
3
.db"
;
allow
-
update
{
any
; };
notify
no
;
};
bin/tests/system/inline/setup.sh
View file @
1c5990c2
...
...
@@ -25,6 +25,7 @@ rm -f ns1/root.db.signed
touch
ns2/trusted.conf
cp
ns2/bits.db.in ns2/bits.db
cp
ns2/bits.db.in ns2/retransfer.db
cp
ns2/bits.db.in ns2/retransfer3.db
rm
-f
ns2/bits.db.jnl
cp
ns3/master.db.in ns3/master.db
...
...
lib/bind9/check.c
View file @
1c5990c2
...
...
@@ -62,6 +62,10 @@
#include
<bind9/check.h>
static
isc_result_t
fileexist
(
const
cfg_obj_t
*
obj
,
isc_symtab_t
*
symtab
,
isc_boolean_t
writeable
,
isc_log_t
*
logctxlogc
);
static
void
freekey
(
char
*
key
,
unsigned
int
type
,
isc_symvalue_t
value
,
void
*
userarg
)
{
UNUSED
(
type
);
...
...
@@ -1504,8 +1508,8 @@ check_nonzero(const cfg_obj_t *options, isc_log_t *logctx) {
static
isc_result_t
check_zoneconf
(
const
cfg_obj_t
*
zconfig
,
const
cfg_obj_t
*
voptions
,
const
cfg_obj_t
*
config
,
isc_symtab_t
*
symtab
,
dns_rdataclass_t
defclass
,
cfg_aclconfctx_t
*
actx
,
isc_log_t
*
logctx
,
isc_mem_t
*
mctx
)
isc_symtab_t
*
files
,
dns_rdataclass_t
defclass
,
cfg_aclconfctx_t
*
actx
,
isc_log_t
*
logctx
,
isc_mem_t
*
mctx
)
{
const
char
*
znamestr
;
const
char
*
typestr
;
...
...
@@ -1523,6 +1527,7 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
const
cfg_listelt_t
*
element
;
isc_boolean_t
dlz
;
dns_masterformat_t
masterformat
;
isc_boolean_t
ddns
=
ISC_FALSE
;
static
optionstable
options
[]
=
{
{
"allow-notify"
,
SLAVEZONE
|
CHECKACL
},
...
...
@@ -1827,7 +1832,7 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
* Master zones can't have both "allow-update" and "update-policy".
*/
if
(
ztype
==
MASTERZONE
||
ztype
==
SLAVEZONE
)
{
isc_boolean_t
ddns
=
ISC_FALSE
,
signing
=
ISC_FALSE
;
isc_boolean_t
signing
=
ISC_FALSE
;
isc_result_t
res1
,
res2
,
res3
;
const
cfg_obj_t
*
au
=
NULL
;
const
char
*
arg
;
...
...
@@ -1853,7 +1858,6 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
* we should also check for allow-update at the
* view and options levels.
*/
obj
=
NULL
;
if
(
res1
!=
ISC_R_SUCCESS
&&
voptions
!=
NULL
)
res1
=
cfg_map_get
(
voptions
,
"allow-update"
,
&
au
);
if
(
res1
!=
ISC_R_SUCCESS
&&
goptions
!=
NULL
)
...
...
@@ -2153,8 +2157,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
strcmp
(
"rbt64"
,
cfg_obj_asstring
(
obj
))
==
0
))))
{
isc_result_t
res1
;
obj
=
NULL
;
tresult
=
cfg_map_get
(
zoptions
,
"file"
,
&
obj
);
const
cfg_obj_t
*
file
obj
=
NULL
;
tresult
=
cfg_map_get
(
zoptions
,
"file"
,
&
file
obj
);
obj
=
NULL
;
res1
=
cfg_map_get
(
zoptions
,
"inline-signing"
,
&
obj
);
if
((
tresult
!=
ISC_R_SUCCESS
&&
...
...
@@ -2165,6 +2169,16 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
"zone '%s': missing 'file' entry"
,
znamestr
);
result
=
tresult
;
}
else
if
(
tresult
==
ISC_R_SUCCESS
&&
(
ztype
==
SLAVEZONE
||
ddns
))
{
tresult
=
fileexist
(
fileobj
,
files
,
ISC_TRUE
,
logctx
);
if
(
tresult
!=
ISC_R_SUCCESS
)
result
=
tresult
;
}
else
if
(
tresult
==
ISC_R_SUCCESS
&&
(
ztype
==
MASTERZONE
||
ztype
==
HINTZONE
))
{
tresult
=
fileexist
(
fileobj
,
files
,
ISC_FALSE
,
logctx
);
if
(
tresult
!=
ISC_R_SUCCESS
)
result
=
tresult
;
}
}
...
...
@@ -2270,6 +2284,47 @@ bind9_check_key(const cfg_obj_t *key, isc_log_t *logctx) {
return
(
ISC_R_SUCCESS
);
}
static
isc_result_t
fileexist
(
const
cfg_obj_t
*
obj
,
isc_symtab_t
*
symtab
,
isc_boolean_t
writeable
,
isc_log_t
*
logctx
)
{
isc_result_t
result
;
isc_symvalue_t
symvalue
;
unsigned
int
line
;
const
char
*
file
;
result
=
isc_symtab_lookup
(
symtab
,
cfg_obj_asstring
(
obj
),
0
,
&
symvalue
);
if
(
result
==
ISC_R_SUCCESS
)
{
if
(
writeable
)
{
file
=
cfg_obj_file
(
symvalue
.
as_cpointer
);
line
=
cfg_obj_line
(
symvalue
.
as_cpointer
);
cfg_obj_log
(
obj
,
logctx
,
ISC_LOG_ERROR
,
"writeable file '%s': already in use: "
"%s:%u"
,
cfg_obj_asstring
(
obj
),
file
,
line
);
return
(
ISC_R_EXISTS
);
}
result
=
isc_symtab_lookup
(
symtab
,
cfg_obj_asstring
(
obj
),
2
,
&
symvalue
);
if
(
result
==
ISC_R_SUCCESS
)
{
file
=
cfg_obj_file
(
symvalue
.
as_cpointer
);
line
=
cfg_obj_line
(
symvalue
.
as_cpointer
);
cfg_obj_log
(
obj
,
logctx
,
ISC_LOG_ERROR
,
"writeable file '%s': already in use: "
"%s:%u"
,
cfg_obj_asstring
(
obj
),
file
,
line
);
return
(
ISC_R_EXISTS
);
}
return
(
ISC_R_SUCCESS
);
}
symvalue
.
as_cpointer
=
obj
;
result
=
isc_symtab_define
(
symtab
,
cfg_obj_asstring
(
obj
),
writeable
?
2
:
1
,
symvalue
,
isc_symexists_reject
);
return
(
result
);
}
/*
* Check key list for duplicates key names and that the key names
* are valid domain names as these keys are used for TSIG.
...
...
@@ -2577,7 +2632,7 @@ check_trusted_key(const cfg_obj_t *key, isc_boolean_t managed,
static
isc_result_t
check_viewconf
(
const
cfg_obj_t
*
config
,
const
cfg_obj_t
*
voptions
,
const
char
*
viewname
,
dns_rdataclass_t
vclass
,
isc_log_t
*
logctx
,
isc_mem_t
*
mctx
)
isc_symtab_t
*
files
,
isc_log_t
*
logctx
,
isc_mem_t
*
mctx
)
{
const
cfg_obj_t
*
zones
=
NULL
;
const
cfg_obj_t
*
keys
=
NULL
;
...
...
@@ -2620,7 +2675,8 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
const
cfg_obj_t
*
zone
=
cfg_listelt_value
(
element
);
tresult
=
check_zoneconf
(
zone
,
voptions
,
config
,
symtab
,
vclass
,
actx
,
logctx
,
mctx
);
files
,
vclass
,
actx
,
logctx
,
mctx
);
if
(
tresult
!=
ISC_R_SUCCESS
)
result
=
ISC_R_FAILURE
;
}
...
...
@@ -3081,6 +3137,7 @@ bind9_check_namedconf(const cfg_obj_t *config, isc_log_t *logctx,
isc_result_t
result
=
ISC_R_SUCCESS
;
isc_result_t
tresult
;
isc_symtab_t
*
symtab
=
NULL
;
isc_symtab_t
*
files
=
NULL
;
static
const
char
*
builtin
[]
=
{
"localhost"
,
"localnets"
,
"any"
,
"none"
};
...
...
@@ -3108,9 +3165,19 @@ bind9_check_namedconf(const cfg_obj_t *config, isc_log_t *logctx,
if
(
check_dual_stack
(
options
,
logctx
)
!=
ISC_R_SUCCESS
)
result
=
ISC_R_FAILURE
;
/*
* Use case insensitve comparision as not all file systems are
* case sensitive. This will prevent people using FOO.DB and foo.db
* on case sensitive file systems but that shouldn't be a major issue.
*/
tresult
=
isc_symtab_create
(
mctx
,
100
,
NULL
,
NULL
,
ISC_FALSE
,
&
files
);
if
(
tresult
!=
ISC_R_SUCCESS
)
result
=
tresult
;
if
(
views
==
NULL
)
{
if
(
check_viewconf
(
config
,
NULL
,
NULL
,
dns_rdataclass_in
,
logctx
,
mctx
)
!=
ISC_R_SUCCESS
)
files
,
logctx
,
mctx
)
!=
ISC_R_SUCCESS
)
result
=
ISC_R_FAILURE
;
}
else
{
const
cfg_obj_t
*
zones
=
NULL
;
...
...
@@ -3181,13 +3248,15 @@ bind9_check_namedconf(const cfg_obj_t *config, isc_log_t *logctx,
}
}
if
(
tresult
==
ISC_R_SUCCESS
)
tresult
=
check_viewconf
(
config
,
voptions
,
key
,
vclas
s
,
logctx
,
mctx
);
tresult
=
check_viewconf
(
config
,
voptions
,
key
,
vclass
,
file
s
,
logctx
,
mctx
);
if
(
tresult
!=
ISC_R_SUCCESS
)
result
=
ISC_R_FAILURE
;
}
if
(
symtab
!=
NULL
)
isc_symtab_destroy
(
&
symtab
);
if
(
files
!=
NULL
)
isc_symtab_destroy
(
&
files
);
if
(
views
!=
NULL
&&
options
!=
NULL
)
{
obj
=
NULL
;
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment