📄 check.c

📁 非常好的dns解析软件
💻 C
📖 第 1 页 / 共 4 页
字号:
上一页 1 2 34
		cfg_obj_log(obj, logctx, ISC_LOG_WARNING,			    "'dnssec-validation yes;' and 'dnssec-enable no;'");	if (voptions != NULL)		tresult = check_options(voptions, logctx, mctx);	else		tresult = check_options(config, logctx, mctx);	if (tresult != ISC_R_SUCCESS)		result = tresult;	tresult = check_viewacls(&actx, voptions, config, logctx, mctx);	if (tresult != ISC_R_SUCCESS)		result = tresult;	cfg_aclconfctx_destroy(&actx);	return (result);}static const char *default_channels[] = {	"default_syslog",	"default_stderr",	"default_debug",	"null",	NULL};static isc_result_tbind9_check_logging(const cfg_obj_t *config, isc_log_t *logctx,		    isc_mem_t *mctx){	const cfg_obj_t *categories = NULL;	const cfg_obj_t *category;	const cfg_obj_t *channels = NULL;	const cfg_obj_t *channel;	const cfg_listelt_t *element;	const cfg_listelt_t *delement;	const char *channelname;	const char *catname;	const cfg_obj_t *fileobj = NULL;        const cfg_obj_t *syslogobj = NULL;        const cfg_obj_t *nullobj = NULL;        const cfg_obj_t *stderrobj = NULL;        const cfg_obj_t *logobj = NULL;	isc_result_t result = ISC_R_SUCCESS;	isc_result_t tresult;	isc_symtab_t *symtab = NULL;	isc_symvalue_t symvalue;	int i;	(void)cfg_map_get(config, "logging", &logobj);	if (logobj == NULL)		return (ISC_R_SUCCESS);	result = isc_symtab_create(mctx, 100, NULL, NULL, ISC_FALSE, &symtab);	if (result != ISC_R_SUCCESS)		return (result);	symvalue.as_cpointer = NULL;	for (i = 0; default_channels[i] != NULL; i++) {		tresult = isc_symtab_define(symtab, default_channels[i], 1,					    symvalue, isc_symexists_replace);		if (tresult != ISC_R_SUCCESS)			result = tresult;	}	cfg_map_get(logobj, "channel", &channels);	for (element = cfg_list_first(channels);	     element != NULL;	     element = cfg_list_next(element))	{		channel = cfg_listelt_value(element);		channelname = cfg_obj_asstring(cfg_map_getname(channel));		fileobj = syslogobj = nullobj = stderrobj = NULL;		(void)cfg_map_get(channel, "file", &fileobj);		(void)cfg_map_get(channel, "syslog", &syslogobj);		(void)cfg_map_get(channel, "null", &nullobj);		(void)cfg_map_get(channel, "stderr", &stderrobj);		i = 0;		if (fileobj != NULL)			i++;		if (syslogobj != NULL)			i++;		if (nullobj != NULL)			i++;		if (stderrobj != NULL)			i++;		if (i != 1) {			cfg_obj_log(channel, logctx, ISC_LOG_ERROR,				    "channel '%s': exactly one of file, syslog, "				    "null, and stderr must be present",				     channelname);			result = ISC_R_FAILURE;		}		tresult = isc_symtab_define(symtab, channelname, 1,					    symvalue, isc_symexists_replace);		if (tresult != ISC_R_SUCCESS)			result = tresult;	}	cfg_map_get(logobj, "category", &categories);	for (element = cfg_list_first(categories);             element != NULL;             element = cfg_list_next(element))        {		category = cfg_listelt_value(element);		catname = cfg_obj_asstring(cfg_tuple_get(category, "name"));		if (isc_log_categorybyname(logctx, catname) == NULL) {			cfg_obj_log(category, logctx, ISC_LOG_ERROR,				    "undefined category: '%s'", catname);			result = ISC_R_FAILURE;		}		channels = cfg_tuple_get(category, "destinations");		for (delement = cfg_list_first(channels);		     delement != NULL;		     delement = cfg_list_next(delement))		{			channel = cfg_listelt_value(delement);			channelname = cfg_obj_asstring(channel);			tresult = isc_symtab_lookup(symtab, channelname, 1,                                          	    &symvalue);			if (tresult != ISC_R_SUCCESS) {				cfg_obj_log(channel, logctx, ISC_LOG_ERROR,					    "undefined channel: '%s'",					    channelname);				result = tresult;			}		}	}	isc_symtab_destroy(&symtab);	return (result);}static isc_result_tkey_exists(const cfg_obj_t *keylist, const char *keyname) {	const cfg_listelt_t *element;	const char *str;	const cfg_obj_t *obj;		if (keylist == NULL)		return (ISC_R_NOTFOUND);	for (element = cfg_list_first(keylist);	     element != NULL;   	     element = cfg_list_next(element)) 	{		obj = cfg_listelt_value(element);		str = cfg_obj_asstring(cfg_map_getname(obj));		if (strcasecmp(str, keyname) == 0)			return (ISC_R_SUCCESS);	}	return (ISC_R_NOTFOUND);}static isc_result_tbind9_check_controlskeys(const cfg_obj_t *control, const cfg_obj_t *keylist,			 isc_log_t *logctx){	isc_result_t result = ISC_R_SUCCESS, tresult;	const cfg_obj_t *control_keylist;	const cfg_listelt_t *element;	const cfg_obj_t *key;		control_keylist = cfg_tuple_get(control, "keys");	if (cfg_obj_isvoid(control_keylist))		return (ISC_R_SUCCESS);	for (element = cfg_list_first(control_keylist);	     element != NULL;	     element = cfg_list_next(element))	{		key = cfg_listelt_value(element);		tresult = key_exists(keylist, cfg_obj_asstring(key));		if (tresult != ISC_R_SUCCESS) {			cfg_obj_log(key, logctx, ISC_LOG_ERROR,				    "unknown key '%s'", cfg_obj_asstring(key));			result = tresult;		}	}	return (result);}static isc_result_tbind9_check_controls(const cfg_obj_t *config, isc_log_t *logctx,		     isc_mem_t *mctx){	isc_result_t result = ISC_R_SUCCESS, tresult;	cfg_aclconfctx_t actx;	const cfg_listelt_t *element, *element2;	const cfg_obj_t *allow;	const cfg_obj_t *control;	const cfg_obj_t *controls;	const cfg_obj_t *controlslist = NULL;	const cfg_obj_t *inetcontrols;	const cfg_obj_t *unixcontrols;	const cfg_obj_t *keylist = NULL;	const char *path;	isc_uint32_t perm, mask;	dns_acl_t *acl = NULL;	isc_sockaddr_t addr;	int i;	(void)cfg_map_get(config, "controls", &controlslist);	if (controlslist == NULL)		return (ISC_R_SUCCESS);	(void)cfg_map_get(config, "key", &keylist);	cfg_aclconfctx_init(&actx);	/*	 * INET: Check allow clause.	 * UNIX: Check "perm" for sanity, check path length.	 */	for (element = cfg_list_first(controlslist);	     element != NULL;	     element = cfg_list_next(element)) {		controls = cfg_listelt_value(element);		unixcontrols = NULL;		inetcontrols = NULL;		(void)cfg_map_get(controls, "unix", &unixcontrols);		(void)cfg_map_get(controls, "inet", &inetcontrols);		for (element2 = cfg_list_first(inetcontrols);		     element2 != NULL;		     element2 = cfg_list_next(element2)) {			control = cfg_listelt_value(element2);			allow = cfg_tuple_get(control, "allow");			tresult = cfg_acl_fromconfig(allow, config, logctx,						     &actx, mctx, &acl);			if (acl != NULL)				dns_acl_detach(&acl);			if (tresult != ISC_R_SUCCESS)				result = tresult;			tresult = bind9_check_controlskeys(control, keylist,							   logctx);			if (tresult != ISC_R_SUCCESS)				result = tresult;		}		for (element2 = cfg_list_first(unixcontrols);		     element2 != NULL;		     element2 = cfg_list_next(element2)) {			control = cfg_listelt_value(element2);			path = cfg_obj_asstring(cfg_tuple_get(control, "path"));			tresult = isc_sockaddr_frompath(&addr, path);			if (tresult == ISC_R_NOSPACE) {				cfg_obj_log(control, logctx, ISC_LOG_ERROR,					    "unix control '%s': path too long",					    path);				result = ISC_R_NOSPACE;			}			perm = cfg_obj_asuint32(cfg_tuple_get(control, "perm"));			for (i = 0; i < 3; i++) {#ifdef NEED_SECURE_DIRECTORY				mask = (0x1 << (i*3));	/* SEARCH */#else				mask = (0x6 << (i*3)); 	/* READ + WRITE */#endif				if ((perm & mask) == mask)					break;			}			if (i == 0) {				cfg_obj_log(control, logctx, ISC_LOG_WARNING,					    "unix control '%s' allows access "					    "to everyone", path);			} else if (i == 3) {				cfg_obj_log(control, logctx, ISC_LOG_WARNING,					    "unix control '%s' allows access "					    "to nobody", path);			}			tresult = bind9_check_controlskeys(control, keylist,							   logctx);			if (tresult != ISC_R_SUCCESS)				result = tresult;		}	}	cfg_aclconfctx_destroy(&actx);	return (result);}isc_result_tbind9_check_namedconf(const cfg_obj_t *config, isc_log_t *logctx,		      isc_mem_t *mctx){	const cfg_obj_t *options = NULL;	const cfg_obj_t *servers = NULL;	const cfg_obj_t *views = NULL;	const cfg_obj_t *acls = NULL;	const cfg_obj_t *kals = NULL;	const cfg_obj_t *obj;	const cfg_listelt_t *velement;	isc_result_t result = ISC_R_SUCCESS;	isc_result_t tresult;	isc_symtab_t *symtab = NULL;	static const char *builtin[] = { "localhost", "localnets",					 "any", "none"};	(void)cfg_map_get(config, "options", &options);	if (options != NULL &&	    check_options(options, logctx, mctx) != ISC_R_SUCCESS)		result = ISC_R_FAILURE;	(void)cfg_map_get(config, "server", &servers);	if (servers != NULL &&	    check_servers(servers, logctx) != ISC_R_SUCCESS)		result = ISC_R_FAILURE;	if (bind9_check_logging(config, logctx, mctx) != ISC_R_SUCCESS)		result = ISC_R_FAILURE;	if (bind9_check_controls(config, logctx, mctx) != ISC_R_SUCCESS)		result = ISC_R_FAILURE;	if (options != NULL && 	    check_order(options, logctx) != ISC_R_SUCCESS)		result = ISC_R_FAILURE;	(void)cfg_map_get(config, "view", &views);	if (views != NULL && options != NULL)		if (check_dual_stack(options, logctx) != ISC_R_SUCCESS)			result = ISC_R_FAILURE;	if (views == NULL) {		if (check_viewconf(config, NULL, dns_rdataclass_in,				   logctx, mctx) != ISC_R_SUCCESS)			result = ISC_R_FAILURE;	} else {		const cfg_obj_t *zones = NULL;		(void)cfg_map_get(config, "zone", &zones);		if (zones != NULL) {			cfg_obj_log(zones, logctx, ISC_LOG_ERROR,				    "when using 'view' statements, "				    "all zones must be in views");			result = ISC_R_FAILURE;		}	}	tresult = isc_symtab_create(mctx, 100, NULL, NULL, ISC_TRUE, &symtab);	if (tresult != ISC_R_SUCCESS)		result = tresult;	for (velement = cfg_list_first(views);	     velement != NULL;	     velement = cfg_list_next(velement))	{		const cfg_obj_t *view = cfg_listelt_value(velement);		const cfg_obj_t *vname = cfg_tuple_get(view, "name");		const cfg_obj_t *voptions = cfg_tuple_get(view, "options");		const cfg_obj_t *vclassobj = cfg_tuple_get(view, "class");		dns_rdataclass_t vclass = dns_rdataclass_in;		isc_result_t tresult = ISC_R_SUCCESS;		const char *key = cfg_obj_asstring(vname);		isc_symvalue_t symvalue;		if (cfg_obj_isstring(vclassobj)) {			isc_textregion_t r;			DE_CONST(cfg_obj_asstring(vclassobj), r.base);			r.length = strlen(r.base);			tresult = dns_rdataclass_fromtext(&vclass, &r);			if (tresult != ISC_R_SUCCESS)				cfg_obj_log(vclassobj, logctx, ISC_LOG_ERROR,					    "view '%s': invalid class %s",					    cfg_obj_asstring(vname), r.base);		}		if (tresult == ISC_R_SUCCESS && symtab != NULL) {			symvalue.as_cpointer = view;			tresult = isc_symtab_define(symtab, key, vclass,						    symvalue,						    isc_symexists_reject);			if (tresult == ISC_R_EXISTS) {				const char *file;				unsigned int line;				RUNTIME_CHECK(isc_symtab_lookup(symtab, key,				           vclass, &symvalue) == ISC_R_SUCCESS);				file = cfg_obj_file(symvalue.as_cpointer);				line = cfg_obj_line(symvalue.as_cpointer);				cfg_obj_log(view, logctx, ISC_LOG_ERROR,					    "view '%s': already exists "					    "previous definition: %s:%u",					    key, file, line);				result = tresult;			} else if (result != ISC_R_SUCCESS) {				result = tresult;			} else if ((strcasecmp(key, "_bind") == 0 &&				    vclass == dns_rdataclass_ch) ||				   (strcasecmp(key, "_default") == 0 &&				    vclass == dns_rdataclass_in)) {				cfg_obj_log(view, logctx, ISC_LOG_ERROR,					    "attempt to redefine builtin view "					    "'%s'", key);				result = ISC_R_EXISTS;			}		}		if (tresult == ISC_R_SUCCESS)			tresult = check_viewconf(config, voptions,						 vclass, logctx, mctx);		if (tresult != ISC_R_SUCCESS)			result = ISC_R_FAILURE;	}	if (symtab != NULL)		isc_symtab_destroy(&symtab);	if (views != NULL && options != NULL) {		obj = NULL;		tresult = cfg_map_get(options, "cache-file", &obj);		if (tresult == ISC_R_SUCCESS) {			cfg_obj_log(obj, logctx, ISC_LOG_ERROR,				    "'cache-file' cannot be a global "				    "option if views are present");			result = ISC_R_FAILURE;		}	}        tresult = cfg_map_get(config, "acl", &acls);        if (tresult == ISC_R_SUCCESS) {		const cfg_listelt_t *elt;		const cfg_listelt_t *elt2;		const char *aclname;		for (elt = cfg_list_first(acls);		     elt != NULL;		     elt = cfg_list_next(elt)) {			const cfg_obj_t *acl = cfg_listelt_value(elt);			unsigned int i;			aclname = cfg_obj_asstring(cfg_tuple_get(acl, "name"));			for (i = 0;			     i < sizeof(builtin) / sizeof(builtin[0]);			     i++)				if (strcasecmp(aclname, builtin[i]) == 0) {					cfg_obj_log(acl, logctx, ISC_LOG_ERROR,						    "attempt to redefine "						    "builtin acl '%s'",				    		    aclname);					result = ISC_R_FAILURE;					break;				}			for (elt2 = cfg_list_next(elt);			     elt2 != NULL;			     elt2 = cfg_list_next(elt2)) {				const cfg_obj_t *acl2 = cfg_listelt_value(elt2);				const char *name;				name = cfg_obj_asstring(cfg_tuple_get(acl2,								      "name"));				if (strcasecmp(aclname, name) == 0) {					const char *file = cfg_obj_file(acl);					unsigned int line = cfg_obj_line(acl);					if (file == NULL)						file = "<unknown file>";					cfg_obj_log(acl2, logctx, ISC_LOG_ERROR,						    "attempt to redefine "						    "acl '%s' previous "						    "definition: %s:%u",						     name, file, line);					result = ISC_R_FAILURE;				}			}		}	}        tresult = cfg_map_get(config, "kal", &kals);        if (tresult == ISC_R_SUCCESS) {		const cfg_listelt_t *elt;		const cfg_listelt_t *elt2;		const char *aclname;		for (elt = cfg_list_first(kals);		     elt != NULL;		     elt = cfg_list_next(elt)) {			const cfg_obj_t *acl = cfg_listelt_value(elt);			aclname = cfg_obj_asstring(cfg_tuple_get(acl, "name"));			for (elt2 = cfg_list_next(elt);			     elt2 != NULL;			     elt2 = cfg_list_next(elt2)) {				const cfg_obj_t *acl2 = cfg_listelt_value(elt2);				const char *name;				name = cfg_obj_asstring(cfg_tuple_get(acl2,								      "name"));				if (strcasecmp(aclname, name) == 0) {					const char *file = cfg_obj_file(acl);					unsigned int line = cfg_obj_line(acl);					if (file == NULL)						file = "<unknown file>";					cfg_obj_log(acl2, logctx, ISC_LOG_ERROR,						    "attempt to redefine "						    "kal '%s' previous "						    "definition: %s:%u",						     name, file, line);					result = ISC_R_FAILURE;				}			}		}	}	return (result);}
上一页 1 2 34
⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -