Commit 4d9f3f00 authored by Mark Andrews's avatar Mark Andrews
Browse files

1249. [func] named-checkzone will now check if nameservers that

                        appear to be IP addresses.  Available modes "fail",
                        "warn" (default) and "ignore" the results of the
                        check.
parent 0d2dcaf4
1249. [func] named-checkzone will now check if nameservers that
appear to be IP addresses. Available modes "fail",
"warn" (default) and "ignore" the results of the
check.
1248. [bug] The validator could incorrectly verify an invalid
negative proof.
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: check-tool.c,v 1.7 2002/04/02 06:54:00 marka Exp $ */
/* $Id: check-tool.c,v 1.8 2002/07/19 02:34:57 marka Exp $ */
#include <config.h>
......@@ -47,6 +47,7 @@ static const char *dbtype[] = { "rbt" };
int debug = 0;
isc_boolean_t nomerge = ISC_TRUE;
unsigned int zone_options = DNS_ZONEOPT_CHECKNS|DNS_ZONEOPT_MANYERRORS;
isc_result_t
setup_logging(isc_mem_t *mctx, isc_log_t **logp) {
......@@ -109,7 +110,7 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
CHECK(dns_rdataclass_fromtext(&rdclass, &region));
dns_zone_setclass(zone, rdclass);
dns_zone_setoption(zone, DNS_ZONEOPT_MANYERRORS, ISC_TRUE);
dns_zone_setoption(zone, zone_options, ISC_TRUE);
dns_zone_setoption(zone, DNS_ZONEOPT_NOMERGE, nomerge);
CHECK(dns_zone_load(zone));
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: check-tool.h,v 1.4 2002/04/02 06:54:02 marka Exp $ */
/* $Id: check-tool.h,v 1.5 2002/07/19 02:34:58 marka Exp $ */
#ifndef CHECK_TOOL_H
#define CHECK_TOOL_H
......@@ -36,6 +36,7 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
extern int debug;
extern isc_boolean_t nomerge;
extern unsigned int zone_options;
ISC_LANG_ENDDECLS
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named-checkzone.c,v 1.23 2002/07/11 04:50:36 marka Exp $ */
/* $Id: named-checkzone.c,v 1.24 2002/07/19 02:34:58 marka Exp $ */
#include <config.h>
......@@ -81,7 +81,7 @@ main(int argc, char **argv) {
char *classname = classname_in;
const char *workdir = NULL;
while ((c = isc_commandline_parse(argc, argv, "c:dijqst:vw:")) != EOF) {
while ((c = isc_commandline_parse(argc, argv, "c:dijn:qst:vw:")) != EOF) {
switch (c) {
case 'c':
classname = isc_commandline_argument;
......@@ -95,6 +95,18 @@ main(int argc, char **argv) {
nomerge = ISC_FALSE;
break;
case 'n':
if (!strcmp(isc_commandline_argument, "ignore"))
zone_options &= ~(DNS_ZONEOPT_CHECKNS|
DNS_ZONEOPT_FATALNS);
else if (!strcmp(isc_commandline_argument, "warn")) {
zone_options |= DNS_ZONEOPT_CHECKNS;
zone_options &= ~DNS_ZONEOPT_FATALNS;
} else if (!strcmp(isc_commandline_argument, "fail"))
zone_options |= DNS_ZONEOPT_CHECKNS|
DNS_ZONEOPT_FATALNS;
break;
case 'q':
quiet++;
break;
......
......@@ -16,7 +16,7 @@
- WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: named-checkzone.docbook,v 1.7 2002/07/11 05:36:12 marka Exp $ -->
<!-- $Id: named-checkzone.docbook,v 1.8 2002/07/19 02:34:58 marka Exp $ -->
<refentry>
<refentryinfo>
......@@ -42,6 +42,7 @@
<arg><option>-q</option></arg>
<arg><option>-v</option></arg>
<arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
<arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
<arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
<arg choice="req">zonename</arg>
......@@ -109,6 +110,18 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-n <replaceable class="parameter">mode</replaceable></term>
<listitem>
<para>
Specify whether NS records should be checked to see if they
are addresses. Possible modes are <command>"fail"</command>,
<command>"warn"</command> (default) and
<command>"ignore"</command>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-t <replaceable class="parameter">directory</replaceable></term>
<listitem>
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: master.h,v 1.35 2002/02/21 00:45:11 bwelling Exp $ */
/* $Id: master.h,v 1.36 2002/07/19 02:34:56 marka Exp $ */
#ifndef DNS_MASTER_H
#define DNS_MASTER_H 1
......@@ -39,6 +39,10 @@
#define DNS_MASTER_ZONE 0x00000008 /* Loading a zone master file. */
#define DNS_MASTER_HINT 0x00000010 /* Loading a hint master file. */
#define DNS_MASTER_SLAVE 0x00000020 /* Loading a slave master file. */
#define DNS_MASTER_CHECKNS 0x00000040 /* Check NS records to see if
* they are an address */
#define DNS_MASTER_FATALNS 0x00000080 /* Treat DNS_MASTER_CHECKNS
* matches as fatal */
ISC_LANG_BEGINDECLS
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: result.h,v 1.89 2002/06/17 04:01:32 marka Exp $ */
/* $Id: result.h,v 1.90 2002/07/19 02:34:56 marka Exp $ */
#ifndef DNS_RESULT_H
#define DNS_RESULT_H 1
......@@ -121,8 +121,9 @@
#define DNS_R_UNKNOWNFLAG (ISC_RESULTCLASS_DNS + 82)
#define DNS_R_EXPECTEDRESPONSE (ISC_RESULTCLASS_DNS + 83)
#define DNS_R_NOVALIDDS (ISC_RESULTCLASS_DNS + 84)
#define DNS_R_NSISADDRESS (ISC_RESULTCLASS_DNS + 85)
#define DNS_R_NRESULTS 85 /* Number of results */
#define DNS_R_NRESULTS 86 /* Number of results */
/*
* DNS wire format rcodes.
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: zone.h,v 1.115 2002/06/13 07:05:47 marka Exp $ */
/* $Id: zone.h,v 1.116 2002/07/19 02:34:57 marka Exp $ */
#ifndef DNS_ZONE_H
#define DNS_ZONE_H 1
......@@ -46,6 +46,8 @@ typedef enum {
#define DNS_ZONEOPT_MANYERRORS 0x00000010U /* return many errors on load */
#define DNS_ZONEOPT_IXFRFROMDIFFS 0x00000020U /* calculate differences */
#define DNS_ZONEOPT_NOMERGE 0x00000040U /* don't merge journal */
#define DNS_ZONEOPT_CHECKNS 0x00000080U /* check if NS's are addresses */
#define DNS_ZONEOPT_FATALNS 0x00000100U /* DNS_ZONEOPT_CHECKNS is fatal */
#ifndef NOMINUM_PUBLIC
/*
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: master.c,v 1.141 2002/03/12 04:10:57 marka Exp $ */
/* $Id: master.c,v 1.142 2002/07/19 02:34:55 marka Exp $ */
#include <config.h>
......@@ -780,6 +780,44 @@ limit_ttl(dns_rdatacallbacks_t *callbacks, const char *source, unsigned int line
}
}
static isc_result_t
check_ns(dns_loadctx_t *lctx, isc_token_t *token, const char *source,
unsigned long line)
{
char *tmp = NULL;
isc_result_t result = ISC_R_SUCCESS;
void (*callback)(struct dns_rdatacallbacks *, const char *, ...);
if ((lctx->options & DNS_MASTER_FATALNS) != 0)
callback = lctx->callbacks->error;
else
callback = lctx->callbacks->warn;
if (token->type == isc_tokentype_string) {
struct in_addr addr;
struct in6_addr addr6;
tmp = isc_mem_strdup(lctx->mctx, DNS_AS_STR(*token));
if (tmp == NULL)
return (ISC_R_NOMEMORY);
/*
* Catch both "1.2.3.4" and "1.2.3.4."
*/
if (tmp[strlen(tmp) - 1] == '.')
tmp[strlen(tmp) - 1] = '\0';
if (inet_aton(tmp, &addr) == 1 ||
inet_pton(AF_INET6, tmp, &addr6) == 1)
result = DNS_R_NSISADDRESS;
}
if (result != ISC_R_SUCCESS)
(*callback)(lctx->callbacks, "%s:%lu: NS record '%s' "
"appears to be an address",
source, line, DNS_AS_STR(*token));
if (tmp != NULL)
isc_mem_free(lctx->mctx, tmp);
return (result);
}
static isc_result_t
load(dns_loadctx_t *lctx) {
dns_rdataclass_t rdclass;
......@@ -1422,6 +1460,24 @@ load(dns_loadctx_t *lctx) {
rdata = new_rdata;
}
/*
* Peek at the NS record.
*/
if (type == dns_rdatatype_ns &&
lctx->zclass == dns_rdataclass_in &&
(lctx->options & DNS_MASTER_CHECKNS) != 0) {
GETTOKEN(lctx->lex, 0, &token, ISC_FALSE);
result = check_ns(lctx, &token, source, line);
isc_lex_ungettoken(lctx->lex, &token);
if ((lctx->options & DNS_MASTER_FATALNS) != 0) {
if (MANYERRS(lctx, result)) {
SETRESULT(lctx, result);
} else if (result != ISC_R_SUCCESS)
goto insist_and_cleanup;
}
}
/*
* Read rdata contents.
*/
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: result.c,v 1.99 2002/06/17 04:01:25 marka Exp $ */
/* $Id: result.c,v 1.100 2002/07/19 02:34:56 marka Exp $ */
#include <config.h>
......@@ -126,7 +126,9 @@ static const char *text[DNS_R_NRESULTS] = {
"already frozen", /* 81 DNS_R_FROZEN */
"unknown flag", /* 82 DNS_R_UNKNOWNFLAG */
"expected a response", /* 83 DNS_R_EXPECTEDRESPONSE */
"no valid DS" /* 84 DNS_R_NOVALIDDS */
"no valid DS", /* 84 DNS_R_NOVALIDDS */
"NS is an address" /* 85 DNS_R_NSISADDRESS */
};
static const char *rcode_text[DNS_R_NRCODERESULTS] = {
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: zone.c,v 1.371 2002/06/19 06:47:22 marka Exp $ */
/* $Id: zone.c,v 1.372 2002/07/19 02:34:56 marka Exp $ */
#include <config.h>
......@@ -1078,6 +1078,10 @@ zone_gotreadhandle(isc_task_t *task, isc_event_t *event) {
options = DNS_MASTER_ZONE;
if (load->zone->type == dns_zone_slave)
options |= DNS_MASTER_SLAVE;
if (DNS_ZONE_OPTION(load->zone, DNS_ZONEOPT_CHECKNS))
options |= DNS_MASTER_CHECKNS;
if (DNS_ZONE_OPTION(load->zone, DNS_ZONEOPT_FATALNS))
options |= DNS_MASTER_FATALNS;
result = dns_master_loadfileinc(load->zone->masterfile,
dns_db_origin(load->db),
dns_db_origin(load->db),
......@@ -1133,6 +1137,17 @@ zone_startload(dns_db_t *db, dns_zone_t *zone, isc_time_t loadtime) {
dns_load_t *load;
isc_result_t result;
isc_result_t tresult;
unsigned int options;
options = DNS_MASTER_ZONE;
if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_MANYERRORS))
options |= DNS_MASTER_MANYERRORS;
if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKNS))
options |= DNS_MASTER_CHECKNS;
if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_FATALNS))
options |= DNS_MASTER_FATALNS;
if (zone->type == dns_zone_slave)
options |= DNS_MASTER_SLAVE;
if (zone->zmgr != NULL && zone->db != NULL && zone->task != NULL) {
load = isc_mem_get(zone->mctx, sizeof(*load));
......@@ -1164,26 +1179,20 @@ zone_startload(dns_db_t *db, dns_zone_t *zone, isc_time_t loadtime) {
goto cleanup;
} else
result = DNS_R_CONTINUE;
} else if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_MANYERRORS)) {
dns_rdatacallbacks_t callbacks;
unsigned int options;
} else {
dns_rdatacallbacks_t callbacks;
dns_rdatacallbacks_init(&callbacks);
result = dns_db_beginload(db, &callbacks.add,
&callbacks.add_private);
if (result != ISC_R_SUCCESS)
return (result);
options = DNS_MASTER_MANYERRORS|DNS_MASTER_ZONE;
if (zone->type == dns_zone_slave)
options |= DNS_MASTER_SLAVE;
result = dns_master_loadfile(zone->masterfile, &zone->origin,
&zone->origin, zone->rdclass,
options, &callbacks, zone->mctx);
tresult = dns_db_endload(db, &callbacks.add_private);
if (result == ISC_R_SUCCESS)
result = tresult;
} else {
result = dns_db_load(db, zone->masterfile);
}
return (result);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment