[master] forbid inline-signing slave with no file

3491. [bug] Slave zones using inline-signing must specify a file name. [RT #31946]

[master] forbid inline-signing slave with no file
3491. [bug] Slave zones using inline-signing must specify a file name. [RT #31946]
a81ae06e · Evan Hunt · 2425d8bb · a81ae06e · a81ae06e · a81ae06e
Commit a81ae06e authored Feb 20, 2013 by Evan Hunt
--- a/CHANGES
+++ b/CHANGES
+3491.	[bug]		Slave zones using inline-signing must specify a
+			file name. [RT #31946]
+
 3490.	[bug]		When logging RDATA during update, truncate if it's
                        too long. [RT #32365]


--- a/bin/tests/system/checkconf/bad-inline-slave.conf
+++ b/bin/tests/system/checkconf/bad-inline-slave.conf
+/*
+ * Copyright (C) 2005, 2007, 2010-2012  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+ /*
+  * An inline-signing slave should be forced to have a file option
+  */
+  
+  zone "." {
+          type slave;
+          inline-signing yes;
+          masters { 10.53.0.1; };
+  };
\ No newline at end of file
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -1876,6 +1876,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
 	/*
 	 * If the zone type is rbt/rbt64 then master/hint zones
 	 * require file clauses.
+	 * If inline signing is used, then slave zones require a
+	 * file clause as well
 	 */
 	obj = NULL;
 	dlz = ISC_FALSE;
@@ -1896,13 +1898,17 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
 	     (strcmp("rbt", cfg_obj_asstring(obj)) == 0 ||
 	      strcmp("rbt64", cfg_obj_asstring(obj)) == 0))))
 	{
+		isc_result_t res1;
 		obj = NULL;
 		tresult = cfg_map_get(zoptions, "file", &obj);
-		if (tresult != ISC_R_SUCCESS &&
-		    (ztype == MASTERZONE || ztype == HINTZONE)) {
+		obj = NULL;
+		res1 = cfg_map_get(zoptions, "inline-signing", &obj);
+		if ((tresult != ISC_R_SUCCESS &&
+		    (ztype == MASTERZONE || ztype == HINTZONE)) || 
+		    (ztype == SLAVEZONE && res1 == ISC_R_SUCCESS)) {
 			cfg_obj_log(zconfig, logctx, ISC_LOG_ERROR,
-				    "zone '%s': missing 'file' entry",
-				    znamestr);
+			    "zone '%s': missing 'file' entry",
+			    znamestr);
 			result = tresult;
 		}
 	}