Commit aa49af83 authored by Mark Andrews's avatar Mark Andrews

3385. [bug] named-checkconf didn't detect missing master lists

                        in also-notify clauses. [RT #30810]
parent 74069f29
3385. [bug] named-checkconf didn't detect missing master lists
in also-notify clauses. [RT #30810]
3384. [bug] Improved logging of crypto errors. [RT #30963] 3384. [bug] Improved logging of crypto errors. [RT #30963]
3383. [security] A certain combination of records in the RBT could 3383. [security] A certain combination of records in the RBT could
......
/*
* Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
*
* Permission to use, copy, modify, and/or distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
/*
* Missing master in also-notify clause.
*/
zone dummy {
type master;
file "xxxx";
also-notify { xxxx; };
};
...@@ -34,17 +34,14 @@ cmp good.conf.in good.conf.out || ret=1 ...@@ -34,17 +34,14 @@ cmp good.conf.in good.conf.out || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret` status=`expr $status + $ret`
echo "I: checking that named-checkconf handles a known bad config" for bad in bad*.conf
ret=0 do
$CHECKCONF bad.conf > /dev/null 2>&1 && ret=1 ret=0
if [ $? != 1 ]; then echo "I:failed"; ret=1; fi echo "I: checking that named-checkconf detects error in $bad"
status=`expr $status + $ret` $CHECKCONF $bad > /dev/null 2>&1
if [ $? != 1 ]; then echo "I:failed"; ret=1; fi
echo "I: checking that named-checkconf handles a known bad tsig secret" status=`expr $status + $ret`
ret=0 done
$CHECKCONF badtsig.conf > /dev/null 2>&1
if [ $? != 1 ]; then echo "I:failed"; ret=1; fi
status=`expr $status + $ret`
echo "I: checking named-checkconf dnssec warnings" echo "I: checking named-checkconf dnssec warnings"
ret=0 ret=0
......
...@@ -1548,6 +1548,21 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions, ...@@ -1548,6 +1548,21 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
} }
/*
* Master & slave zones must have a "also-notify" field.
*/
if (ztype == MASTERZONE || ztype == SLAVEZONE ) {
obj = NULL;
tresult = cfg_map_get(zoptions, "also-notify", &obj);
if (tresult == ISC_R_SUCCESS) {
isc_uint32_t count;
tresult = validate_masters(obj, config, &count,
logctx, mctx);
if (tresult != ISC_R_SUCCESS && result == ISC_R_SUCCESS)
result = tresult;
}
}
/* /*
* Slave & stub zones must have a "masters" field. * Slave & stub zones must have a "masters" field.
*/ */
......
...@@ -1492,7 +1492,7 @@ dumptostreaminc(dns_dumpctx_t *dctx) { ...@@ -1492,7 +1492,7 @@ dumptostreaminc(dns_dumpctx_t *dctx) {
} }
result = dns_dbiterator_first(dctx->dbiter); result = dns_dbiterator_first(dctx->dbiter);
if (result != ISC_R_SUCCESS && result != ISC_R_NOMORE) if (result != ISC_R_SUCCESS)
goto cleanup; goto cleanup;
dctx->first = ISC_FALSE; dctx->first = ISC_FALSE;
......
...@@ -654,8 +654,9 @@ ...@@ -654,8 +654,9 @@
./bin/tests/system/cacheclean/ns1/named.conf CONF-C 2001,2004,2005,2007,2011 ./bin/tests/system/cacheclean/ns1/named.conf CONF-C 2001,2004,2005,2007,2011
./bin/tests/system/cacheclean/ns2/named.conf CONF-C 2001,2004,2005,2007,2011 ./bin/tests/system/cacheclean/ns2/named.conf CONF-C 2001,2004,2005,2007,2011
./bin/tests/system/cacheclean/tests.sh SH 2001,2004,2007,2011,2012 ./bin/tests/system/cacheclean/tests.sh SH 2001,2004,2007,2011,2012
./bin/tests/system/checkconf/bad.conf CONF-C 2005,2007 ./bin/tests/system/checkconf/bad-also-notify.conf CONF-C 2012
./bin/tests/system/checkconf/badtsig.conf CONF-C 2012 ./bin/tests/system/checkconf/bad-many.conf CONF-C 2005,2012
./bin/tests/system/checkconf/bad-tsig.conf CONF-C 2012
./bin/tests/system/checkconf/clean.sh SH 2011,2012 ./bin/tests/system/checkconf/clean.sh SH 2011,2012
./bin/tests/system/checkconf/dnssec.1 CONF-C 2011 ./bin/tests/system/checkconf/dnssec.1 CONF-C 2011
./bin/tests/system/checkconf/dnssec.2 CONF-C 2011 ./bin/tests/system/checkconf/dnssec.2 CONF-C 2011
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment