Commit 508f61f8 authored by Mark Andrews's avatar Mark Andrews

1794. [func] Named and named-checkzone can now both check for

                        non-terminal wildcard records.
parent c0a1ebb1
1795. [placeholder] rt13396
1794. [placeholder] rt13382
1794. [func] Named and named-checkzone can now both check for
non-terminal wildcard records.
1793. [placeholder] rt13378
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: check-tool.c,v 1.13 2004/11/30 01:08:48 marka Exp $ */
/* $Id: check-tool.c,v 1.14 2005/01/09 23:39:56 marka Exp $ */
#include <config.h>
......@@ -51,7 +51,8 @@ int debug = 0;
isc_boolean_t nomerge = ISC_TRUE;
unsigned int zone_options = DNS_ZONEOPT_CHECKNS |
DNS_ZONEOPT_MANYERRORS |
DNS_ZONEOPT_CHECKNAMES;
DNS_ZONEOPT_CHECKNAMES |
DNS_ZONEOPT_CHECKWILDCARD;
/*
* This needs to match the list in bin/named/log.c.
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named-checkzone.c,v 1.31 2004/10/25 01:27:53 marka Exp $ */
/* $Id: named-checkzone.c,v 1.32 2005/01/09 23:39:56 marka Exp $ */
#include <config.h>
......@@ -67,7 +67,7 @@ usage(void) {
fprintf(stderr,
"usage: named-checkzone [-djqvD] [-c class] [-o output] "
"[-t directory] [-w directory] [-k (ignore|warn|fail)] "
"[-n (ignore|warn|fail)] zonename filename\n");
"[-n (ignore|warn|fail)] [-W (ignore|warn)] zonename filename\n");
exit(1);
}
......@@ -88,7 +88,7 @@ main(int argc, char **argv) {
char *classname = classname_in;
const char *workdir = NULL;
while ((c = isc_commandline_parse(argc, argv, "c:dijk:n:qst:o:vw:D")) != EOF) {
while ((c = isc_commandline_parse(argc, argv, "c:dijk:n:qst:o:vw:DW:")) != EOF) {
switch (c) {
case 'c':
classname = isc_commandline_argument;
......@@ -165,6 +165,13 @@ main(int argc, char **argv) {
dumpzone++;
break;
case 'W':
if (!strcmp(isc_commandline_argument, "warn"))
zone_options |= DNS_ZONEOPT_CHECKWILDCARD;
else if (!strcmp(isc_commandline_argument, "ignore"))
zone_options &= ~DNS_ZONEOPT_CHECKWILDCARD;
break;
default:
usage();
}
......
......@@ -16,7 +16,7 @@
- PERFORMANCE OF THIS SOFTWARE.
-->
<!-- $Id: named-checkzone.docbook,v 1.12 2004/06/03 02:22:35 marka Exp $ -->
<!-- $Id: named-checkzone.docbook,v 1.13 2005/01/09 23:39:57 marka Exp $ -->
<refentry>
<refentryinfo>
......@@ -48,6 +48,7 @@
<arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
<arg><option>-D</option></arg>
<arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
<arg choice="req">zonename</arg>
<arg choice="req">filename</arg>
</cmdsynopsis>
......@@ -178,6 +179,19 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-W <replaceable class="parameter">mode</replaceable></term>
<listitem>
<para>
Specify whether to check for non-terminal wildcards.
Non-terminal wildcards are almost always the result of a
failure to understand the wildcard matching algorithm (RFC 1034).
Possible modes are <command>"warn"</command> (default) and
<command>"ignore"</command>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>zonename</term>
<listitem>
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: config.c,v 1.52 2004/12/21 10:45:15 jinmei Exp $ */
/* $Id: config.c,v 1.53 2005/01/09 23:39:57 marka Exp $ */
#include <config.h>
......@@ -158,6 +158,7 @@ options {\n\
zone-statistics false;\n\
max-journal-size unlimited;\n\
ixfr-from-differences false;\n\
check-wildcard yes;\n\
};\n\
"
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: update.c,v 1.118 2004/10/21 01:29:29 marka Exp $ */
/* $Id: update.c,v 1.119 2005/01/09 23:39:58 marka Exp $ */
#include <config.h>
......@@ -2149,6 +2149,7 @@ update_action(isc_task_t *task, isc_event_t *event) {
dns_ssutable_t *ssutable = NULL;
dns_fixedname_t tmpnamefixed;
dns_name_t *tmpname = NULL;
unsigned int options;
INSIST(event->ev_type == DNS_EVENT_UPDATE);
......@@ -2382,6 +2383,7 @@ update_action(isc_task_t *task, isc_event_t *event) {
* Process the Update Section.
*/
options = dns_zone_getoptions(zone);
for (result = dns_message_firstname(request, DNS_SECTION_UPDATE);
result == ISC_R_SUCCESS;
result = dns_message_nextname(request, DNS_SECTION_UPDATE))
......@@ -2468,6 +2470,15 @@ update_action(isc_task_t *task, isc_event_t *event) {
}
soa_serial_changed = ISC_TRUE;
}
if ((options & DNS_ZONEOPT_CHECKWILDCARD) != 0 &&
dns_name_internalwildcard(name)) {
char namestr[DNS_NAME_FORMATSIZE];
dns_name_format(name, namestr,
sizeof(namestr));
update_log(client, zone, LOGLEVEL_PROTOCOL,
"warning: ownername '%s' contains "
"a non-terminal wildcard", namestr);
}
if (isc_log_wouldlog(ns_g_lctx, LOGLEVEL_PROTOCOL)) {
char namestr[DNS_NAME_FORMATSIZE];
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: zoneconf.c,v 1.114 2004/10/14 00:49:33 marka Exp $ */
/* $Id: zoneconf.c,v 1.115 2005/01/09 23:39:58 marka Exp $ */
#include <config.h>
......@@ -602,7 +602,13 @@ ns_zone_configure(cfg_obj_t *config, cfg_obj_t *vconfig, cfg_obj_t *zconfig,
}
RETERR(dns_zone_setkeydirectory(zone, filename));
}
obj = NULL;
result = ns_config_get(maps, "check-wildcard", &obj);
if (result == ISC_R_SUCCESS)
check = cfg_obj_asboolean(obj);
else
check = ISC_FALSE;
dns_zone_setoption(zone, DNS_ZONEOPT_CHECKWILDCARD, check);
} else if (ztype == dns_zone_slave) {
RETERR(configure_zone_acl(zconfig, vconfig, config,
"allow-update-forwarding", ac, zone,
......
......@@ -2,7 +2,7 @@
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
"http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd">
<!-- File: $Id: Bv9ARM-book.xml,v 1.260 2004/12/21 10:45:16 jinmei Exp $ -->
<!-- File: $Id: Bv9ARM-book.xml,v 1.261 2005/01/09 23:39:59 marka Exp $ -->
<book>
<title>BIND 9 Administrator Reference Manual</title>
......@@ -2733,6 +2733,7 @@ statement in the <filename>named.conf</filename> file:</para>
<optional> forwarders { <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ; <optional> <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ; ... </optional> }; </optional>
<optional> dual-stack-servers <optional>port <replaceable>ip_port</replaceable></optional> { ( <replaceable>domain_name</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> | <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ) ; ... }; </optional>
<optional> check-names ( <replaceable>master</replaceable> | <replaceable>slave</replaceable> | <replaceable>response</replaceable> )( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
<optional> check-wildcard <replaceable>yes_or_no</replaceable>; </optional>
<optional> allow-notify { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-query { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-query-cache { <replaceable>address_match_list</replaceable> }; </optional>
......@@ -3384,6 +3385,16 @@ IN-ADDR.ARPA, IP6.ARPA, IP6.INT).
</para>
</listitem></varlistentry>
<varlistentry><term><command>check-wildcard</command></term>
<listitem><para>
This option is used to check for non-terminal wildcards.
The use of non-terminal wildcards is almost always as a result of a failure
to understand the wildcard matching algorithm (RFC 1034). This option
affects master zones. The default (<command>yes</command>) is to check
for non-terminal wildcards and issue a warning.
</para>
</listitem></varlistentry>
</variablelist>
</sect3>
......@@ -4686,6 +4697,7 @@ Statement Grammar</title>
<optional> allow-update-forwarding { <replaceable>address_match_list</replaceable> } ; </optional>
<optional> also-notify { <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ; <optional> <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ; ... </optional> }; </optional>
<optional> check-names (<constant>warn</constant>|<constant>fail</constant>|<constant>ignore</constant>) ; </optional>
<optional> check-wildcard <replaceable>yes_or_no</replaceable>; </optional>
<optional> dialup <replaceable>dialup_option</replaceable> ; </optional>
<optional> delegation-only <replaceable>yes_or_no</replaceable> ; </optional>
<optional> file <replaceable>string</replaceable> ; </optional>
......@@ -4908,6 +4920,11 @@ zones the default is <command>warn</command>.
</para>
</listitem></varlistentry>
<varlistentry><term><command>check-wildcard</command></term>
<listitem><para>See the description of
<command>check-wildcard</command> in <xref linkend="boolean_options"/>.</para>
</listitem></varlistentry>
<varlistentry><term><command>database</command></term>
<listitem><para>Specify the type of database to be used for storing the
zone data. The string following the <command>database</command> keyword
......
......@@ -126,6 +126,7 @@ options {
use-alt-transfer-source <boolean>;
zone-statistics <boolean>;
key-directory <quoted_string>;
check-wildcard <boolean>;
};
controls {
......@@ -218,6 +219,7 @@ view <string> <optional_class> {
use-alt-transfer-source <boolean>;
zone-statistics <boolean>;
key-directory <quoted_string>;
check-wildcard <boolean>;
};
server ( <ipv4_address> | <ipv6_address> ) {
bogus <boolean>;
......@@ -312,6 +314,7 @@ view <string> <optional_class> {
use-alt-transfer-source <boolean>;
zone-statistics <boolean>;
key-directory <quoted_string>;
check-wildcard <boolean>;
};
lwres {
......@@ -378,6 +381,7 @@ zone <string> <optional_class> {
use-alt-transfer-source <boolean>;
zone-statistics <boolean>;
key-directory <quoted_string>;
check-wildcard <boolean>;
};
server ( <ipv4_address> | <ipv6_address> ) {
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: check.c,v 1.51 2004/11/22 05:03:11 marka Exp $ */
/* $Id: check.c,v 1.52 2005/01/09 23:40:00 marka Exp $ */
#include <config.h>
......@@ -741,6 +741,7 @@ check_zoneconf(cfg_obj_t *zconfig, cfg_obj_t *config, isc_symtab_t *symtab,
{ "update-policy", MASTERZONE },
{ "database", MASTERZONE | SLAVEZONE | STUBZONE },
{ "key-directory", MASTERZONE },
{ "check-wildcard", MASTERZONE },
};
static optionstable dialups[] = {
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: master.h,v 1.38 2004/03/05 05:09:43 marka Exp $ */
/* $Id: master.h,v 1.39 2005/01/09 23:40:03 marka Exp $ */
#ifndef DNS_MASTER_H
#define DNS_MASTER_H 1
......@@ -45,6 +45,7 @@
* matches as fatal */
#define DNS_MASTER_CHECKNAMES 0x00000100
#define DNS_MASTER_CHECKNAMESFAIL 0x00000200
#define DNS_MASTER_CHECKWILDCARD 0x00000400 /* Check for internal wilcards. */
ISC_LANG_BEGINDECLS
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: name.h,v 1.111 2004/09/08 00:26:14 marka Exp $ */
/* $Id: name.h,v 1.112 2005/01/09 23:40:03 marka Exp $ */
#ifndef DNS_NAME_H
#define DNS_NAME_H 1
......@@ -1167,6 +1167,15 @@ dns_name_ismailbox(const dns_name_t *name);
* 'name' to be valid.
*/
isc_boolean_t
dns_name_internalwildcard(const dns_name_t *name);
/*
* Return if 'name' contains a internal wildcard name.
*
* Requires:
* 'name' to be valid.
*/
ISC_LANG_ENDDECLS
/***
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: zone.h,v 1.128 2004/12/21 10:45:19 jinmei Exp $ */
/* $Id: zone.h,v 1.129 2005/01/09 23:40:03 marka Exp $ */
#ifndef DNS_ZONE_H
#define DNS_ZONE_H 1
......@@ -52,6 +52,7 @@ typedef enum {
#define DNS_ZONEOPT_USEALTXFRSRC 0x00000400U /* use alternate transfer sources */
#define DNS_ZONEOPT_CHECKNAMES 0x00000800U /* check-names */
#define DNS_ZONEOPT_CHECKNAMESFAIL 0x00001000U /* fatal check-name failures */
#define DNS_ZONEOPT_CHECKWILDCARD 0x00002000U /* check for internal wildcards */
#ifndef NOMINUM_PUBLIC
/*
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: master.c,v 1.149 2004/05/05 01:32:58 marka Exp $ */
/* $Id: master.c,v 1.150 2005/01/09 23:40:01 marka Exp $ */
#include <config.h>
......@@ -862,6 +862,23 @@ check_ns(dns_loadctx_t *lctx, isc_token_t *token, const char *source,
return (result);
}
static void
check_wildcard(dns_incctx_t *ictx, const char *source, unsigned long line,
dns_rdatacallbacks_t *callbacks)
{
dns_name_t *name;
name = (ictx->glue != NULL) ? ictx->glue : ictx->current;
if (dns_name_internalwildcard(name)) {
char namebuf[DNS_NAME_FORMATSIZE];
dns_name_format(name, namebuf, sizeof(namebuf));
(*callbacks->warn)(callbacks, "%s:%lu: warning: ownername "
"'%s' contains an non-terminal wildcard",
source, line, namebuf);
}
}
static isc_result_t
load(dns_loadctx_t *lctx) {
dns_rdataclass_t rdclass;
......@@ -1346,6 +1363,14 @@ load(dns_loadctx_t *lctx) {
isc_buffer_init(&target, target_mem,
target_size);
}
/*
* Check for internal wildcards.
*/
if ((lctx->options & DNS_MASTER_CHECKWILDCARD)
!= 0)
check_wildcard(ictx, source, line,
callbacks);
}
if ((lctx->options & DNS_MASTER_ZONE) != 0 &&
(lctx->options & DNS_MASTER_SLAVE) == 0 &&
......@@ -1571,7 +1596,7 @@ load(dns_loadctx_t *lctx) {
isc_boolean_t ok;
dns_name_t *name;
name = (ictx->glue != NULL) ? ictx-> glue :
name = (ictx->glue != NULL) ? ictx->glue :
ictx->current;
ok = dns_rdata_checkowner(name, lctx->zclass, type,
ISC_TRUE);
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: name.c,v 1.146 2004/09/01 05:13:05 marka Exp $ */
/* $Id: name.c,v 1.147 2005/01/09 23:40:01 marka Exp $ */
#include <config.h>
......@@ -385,6 +385,41 @@ dns_name_iswildcard(const dns_name_t *name) {
return (ISC_FALSE);
}
isc_boolean_t
dns_name_internalwildcard(const dns_name_t *name) {
unsigned char *ndata;
unsigned int count;
unsigned int label;
/*
* Does 'name' contain a internal wildcard?
*/
REQUIRE(VALID_NAME(name));
REQUIRE(name->labels > 0);
/*
* Skip first label.
*/
ndata = name->ndata;
count = *ndata++;
INSIST(count <= 63);
ndata += count;
label = 1;
/*
* Check all but the last of the remaining labels.
*/
while (label + 1 < name->labels) {
count = *ndata++;
INSIST(count <= 63);
if (count == 1 && *ndata == '*')
return (ISC_TRUE);
ndata += count;
label++;
}
return (ISC_FALSE);
}
static inline unsigned int
name_hash(dns_name_t *name, isc_boolean_t case_sensitive) {
unsigned int length;
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: zone.c,v 1.426 2004/12/21 10:45:18 jinmei Exp $ */
/* $Id: zone.c,v 1.427 2005/01/09 23:40:02 marka Exp $ */
#include <config.h>
......@@ -1148,6 +1148,8 @@ zone_gotreadhandle(isc_task_t *task, isc_event_t *event) {
options |= DNS_MASTER_CHECKNAMES;
if (DNS_ZONE_OPTION(load->zone, DNS_ZONEOPT_CHECKNAMESFAIL))
options |= DNS_MASTER_CHECKNAMESFAIL;
if (DNS_ZONE_OPTION(load->zone, DNS_ZONEOPT_CHECKWILDCARD))
options |= DNS_MASTER_CHECKWILDCARD;
result = dns_master_loadfileinc(load->zone->masterfile,
dns_db_origin(load->db),
dns_db_origin(load->db),
......@@ -1218,6 +1220,8 @@ zone_startload(dns_db_t *db, dns_zone_t *zone, isc_time_t loadtime) {
options |= DNS_MASTER_CHECKNAMES;
if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKNAMESFAIL))
options |= DNS_MASTER_CHECKNAMESFAIL;
if (DNS_ZONE_OPTION(zone, DNS_ZONEOPT_CHECKWILDCARD))
options |= DNS_MASTER_CHECKWILDCARD;
if (zone->zmgr != NULL && zone->db != NULL && zone->task != NULL) {
load = isc_mem_get(zone->mctx, sizeof(*load));
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: namedconf.c,v 1.42 2004/12/21 10:45:20 jinmei Exp $ */
/* $Id: namedconf.c,v 1.43 2005/01/09 23:40:04 marka Exp $ */
#include <config.h>
......@@ -788,6 +788,7 @@ zone_clauses[] = {
{ "use-alt-transfer-source", &cfg_type_boolean, 0 },
{ "zone-statistics", &cfg_type_boolean, 0 },
{ "key-directory", &cfg_type_qstring, 0 },
{ "check-wildcard", &cfg_type_boolean, 0 },
{ NULL, NULL, 0 }
};
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment