Commit e20db129 authored by Mark Andrews's avatar Mark Andrews
Browse files

4541. [bug] rndc addzone should properly reject non master/slave

                        zones. [RT #43665]
parent dd0e6170
4541. [bug] rndc addzone should properly reject non master/slave
zones. [RT #43665]
4540. [bug] Correctly handle ecs entries in dns_acl_isinsecure.
[RT #43601]
......
......@@ -2147,8 +2147,9 @@ catz_addmodzone_taskaction(isc_task_t *task, isc_event_t *event0) {
RUNTIME_CHECK(result == ISC_R_SUCCESS);
dns_view_thaw(ev->view);
result = configure_zone(cfg->config, zoneobj, cfg->vconfig,
ev->cbd->server->mctx, ev->view, NULL,
cfg->actx, ISC_TRUE, ISC_FALSE, ev->mod);
ev->cbd->server->mctx, ev->view,
&ev->cbd->server->viewlist, cfg->actx,
ISC_TRUE, ISC_FALSE, ev->mod);
dns_view_freeze(ev->view);
isc_task_endexclusive(task);
......@@ -4994,7 +4995,7 @@ configure_forward(const cfg_obj_t *config, dns_view_t *view, dns_name_t *origin,
if (ISC_LIST_EMPTY(fwdlist)) {
if (forwardtype != NULL)
cfg_obj_log(forwarders, ns_g_lctx, ISC_LOG_WARNING,
cfg_obj_log(forwardtype, ns_g_lctx, ISC_LOG_WARNING,
"no forwarders seen; disabling "
"forwarding");
fwdpolicy = dns_fwdpolicy_none;
......@@ -6656,8 +6657,8 @@ configure_newzones(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
element = cfg_list_next(element))
{
const cfg_obj_t *zconfig = cfg_listelt_value(element);
CHECK(configure_zone(config, zconfig, vconfig,
mctx, view, NULL, actx,
CHECK(configure_zone(config, zconfig, vconfig, mctx,
view, &ns_g_server->viewlist, actx,
ISC_TRUE, ISC_FALSE, ISC_FALSE));
}
......@@ -6785,8 +6786,8 @@ configure_newzones(dns_view_t *view, cfg_obj_t *config, cfg_obj_t *vconfig,
CHECK(ISC_R_FAILURE);
zoneobj = cfg_listelt_value(cfg_list_first(zlist));
CHECK(configure_zone(config, zoneobj, vconfig,
mctx, view, NULL, actx,
CHECK(configure_zone(config, zoneobj, vconfig, mctx,
view, &ns_g_server->viewlist, actx,
ISC_TRUE, ISC_FALSE, ISC_FALSE));
cfg_obj_destroy(ns_g_addparser, &zoneconf);
......@@ -11252,6 +11253,7 @@ newzone_parse(ns_server_t *server, char *command, dns_view_t **viewp,
cfg_obj_t *zoneconf = NULL;
const cfg_obj_t *zlist = NULL;
const cfg_obj_t *zoneobj = NULL;
const cfg_obj_t *zoptions = NULL;
const cfg_obj_t *obj = NULL;
const char *viewname = NULL;
dns_rdataclass_t rdclass;
......@@ -11259,6 +11261,8 @@ newzone_parse(ns_server_t *server, char *command, dns_view_t **viewp,
const char *bn;
REQUIRE(viewp != NULL && *viewp == NULL);
REQUIRE(zoneobjp != NULL && *zoneobjp == NULL);
REQUIRE(zoneconfp != NULL && *zoneconfp == NULL);
/* Try to parse the argument string */
isc_buffer_init(&argbuf, command, (unsigned int) strlen(command));
......@@ -11281,12 +11285,40 @@ newzone_parse(ns_server_t *server, char *command, dns_view_t **viewp,
CHECK(cfg_parse_buffer3(ns_g_addparser, &argbuf, bn, 0,
&cfg_type_addzoneconf, &zoneconf));
CHECK(cfg_map_get(zoneconf, "zone", &zlist));
if (! cfg_obj_islist(zlist))
if (!cfg_obj_islist(zlist))
CHECK(ISC_R_FAILURE);
/* For now we only support adding one zone at a time */
zoneobj = cfg_listelt_value(cfg_list_first(zlist));
/* Check the zone type for ones that are not supported by addzone. */
zoptions = cfg_tuple_get(zoneobj, "options");
obj = NULL;
(void)cfg_map_get(zoptions, "type", &obj);
if (obj == NULL) {
(void) cfg_map_get(zoptions, "in-view", &obj);
if (obj != NULL) {
(void) putstr(text,
"'in-view' zones not supported by ");
(void) putstr(text, bn);
} else
(void) putstr(text, "zone type not specified");
CHECK(ISC_R_FAILURE);
}
if (strcasecmp(cfg_obj_asstring(obj), "hint") == 0 ||
strcasecmp(cfg_obj_asstring(obj), "forward") == 0 ||
strcasecmp(cfg_obj_asstring(obj), "redirect") == 0 ||
strcasecmp(cfg_obj_asstring(obj), "delegation-only") == 0)
{
(void) putstr(text, "'");
(void) putstr(text, cfg_obj_asstring(obj));
(void) putstr(text, "' zones not supported by ");
(void) putstr(text, bn);
CHECK(ISC_R_FAILURE);
}
/* Make sense of optional class argument */
obj = cfg_tuple_get(zoneobj, "class");
CHECK(ns_config_getclass(obj, dns_rdataclass_in, &rdclass));
......@@ -11344,7 +11376,7 @@ delete_zoneconf(dns_view_t *view, cfg_parser_t *pctx,
cfg_map_get(config, "zone", &zl);
if (! cfg_obj_islist(zl))
if (!cfg_obj_islist(zl))
CHECK(ISC_R_FAILURE);
DE_CONST(&zl->value.list, list);
......@@ -11446,8 +11478,8 @@ do_addzone(ns_server_t *server, ns_cfgctx_t *cfg, dns_view_t *view,
/* Mark view unfrozen and configure zone */
dns_view_thaw(view);
result = configure_zone(cfg->config, zoneobj, cfg->vconfig,
server->mctx, view, NULL, cfg->actx,
ISC_TRUE, ISC_FALSE, ISC_FALSE);
server->mctx, view, &server->viewlist,
cfg->actx, ISC_TRUE, ISC_FALSE, ISC_FALSE);
dns_view_freeze(view);
isc_task_endexclusive(server->task);
......@@ -11594,8 +11626,8 @@ do_modzone(ns_server_t *server, ns_cfgctx_t *cfg, dns_view_t *view,
/* Reconfigure the zone */
dns_view_thaw(view);
result = configure_zone(cfg->config, zoneobj, cfg->vconfig,
server->mctx, view, NULL, cfg->actx,
ISC_TRUE, ISC_FALSE, ISC_TRUE);
server->mctx, view, &server->viewlist,
cfg->actx, ISC_TRUE, ISC_FALSE, ISC_TRUE);
dns_view_freeze(view);
exclusive = ISC_FALSE;
......@@ -11754,7 +11786,8 @@ ns_server_changezone(ns_server_t *server, char *command, isc_buffer_t **text) {
addzone = ISC_FALSE;
}
CHECK(newzone_parse(server, command, &view, &zoneconf, &zoneobj, text));
CHECK(newzone_parse(server, command, &view, &zoneconf,
&zoneobj, text));
/* Are we accepting new zones in this view? */
#ifdef HAVE_LMDB
......
; Copyright (C) 2000, 2001, 2004, 2007, 2016 Internet Systems Consortium, Inc. ("ISC")
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
; $Id: root.hint,v 1.5 2007/06/19 23:47:01 tbox Exp $
$TTL 999999
. IN NS a.root-servers.nil.
a.root-servers.nil. IN A 10.53.0.1
; Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC")
;
; This Source Code Form is subject to the terms of the Mozilla Public
; License, v. 2.0. If a copy of the MPL was not distributed with this
; file, You can obtain one at http://mozilla.org/MPL/2.0/.
@ 0 SOA . . 0 0 0 0 0
@ 0 NS .
......@@ -179,8 +179,12 @@ status=`expr $status + $ret`
echo "I:delete a normally-loaded zone ($n)"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone normal.example 2> rndc.out.ns2.$n
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 delzone normal.example > rndc.out.ns2.$n 2>&1
$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n
grep "is no longer active and will be deleted" rndc.out.ns2.$n > /dev/null || ret=1
grep "To keep it from returning when the server is restarted" rndc.out.ns2.$n > /dev/null || ret=1
grep "must also be removed from named.conf." rndc.out.ns2.$n > /dev/null || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -288,6 +292,68 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:check that adding a 'stub' zone works ($n)"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'stub.example { type stub; masters { 1.2.3.4; }; file "stub.example.bk"; };' > rndc.out.ns2.$n 2>&1 || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:check that adding a 'static-stub' zone works ($n)"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'static-stub.example { type static-stub; server-addresses { 1.2.3.4; }; };' > rndc.out.ns2.$n 2>&1 || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:check that zone type 'redirect' (master) is properly rejected ($n)"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone '"." { type redirect; file "redirect.db"; };' > rndc.out.ns2.$n 2>&1 && ret=1
grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:check that zone type 'redirect' (slave) is properly rejected ($n)"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone '"." { type redirect; masters { 1.2.3.4; }; file "redirect.bk"; };' > rndc.out.ns2.$n 2>&1 && ret=1
grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:check that zone type 'hint' is properly rejected ($n)"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone '"." { type hint; file "hints.db"; };' > rndc.out.ns2.$n 2>&1 && ret=1
grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:check that zone type 'forward' is properly rejected ($n)"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'forward.example { type forward; forwarders { 1.2.3.4; }; forward only; };' > rndc.out.ns2.$n 2>&1 && ret=1
grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:check that zone type 'delegation-only' is properly rejected ($n)"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'delegation-only.example { type delegation-only; };' > rndc.out.ns2.$n 2>&1 && ret=1
grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:check that 'in-view' zones are properly rejected ($n)"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 addzone 'in-view.example { in-view "_default"; };' > rndc.out.ns2.$n 2>&1 && ret=1
grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:reconfiguring server with multiple views"
rm -f ns2/named.conf
cp -f ns2/named2.conf ns2/named.conf
......@@ -352,7 +418,7 @@ echo "I:checking rndc showzone with newly added zone ($n)"
# loaded from the NZDB at this point.
for try in 0 1 2 3 4 5; do
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 showzone added.example in external > rndc.out.ns2.$n
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 showzone added.example in external > rndc.out.ns2.$n 2>/dev/null
if [ -z "$NZD" ]; then
expected='zone "added.example" in external { type master; file "added.db"; };'
else
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment