📄 check.c
字号:
element = cfg_list_next(element)) { dns_fixedname_t fixedname; dns_name_t *name; const char *dlv; isc_buffer_t b; obj = cfg_listelt_value(element); dlv = cfg_obj_asstring(cfg_tuple_get(obj, "domain")); dns_fixedname_init(&fixedname); name = dns_fixedname_name(&fixedname); isc_buffer_init(&b, dlv, strlen(dlv)); isc_buffer_add(&b, strlen(dlv)); tresult = dns_name_fromtext(name, &b, dns_rootname, ISC_TRUE, NULL); if (tresult != ISC_R_SUCCESS) { cfg_obj_log(obj, logctx, ISC_LOG_ERROR, "bad domain name '%s'", dlv); result = tresult; } if (symtab != NULL) { tresult = nameexist(obj, dlv, 1, symtab, "dnssec-lookaside '%s': " "already exists previous " "definition: %s:%u", logctx, mctx); if (tresult != ISC_R_SUCCESS && result == ISC_R_SUCCESS) result = tresult; } /* * XXXMPA to be removed when multiple lookaside * namespaces are supported. */ if (!dns_name_equal(dns_rootname, name)) { cfg_obj_log(obj, logctx, ISC_LOG_ERROR, "dnssec-lookaside '%s': " "non-root not yet supported", dlv); if (result == ISC_R_SUCCESS) result = ISC_R_FAILURE; } dlv = cfg_obj_asstring(cfg_tuple_get(obj, "trust-anchor")); dns_fixedname_init(&fixedname); isc_buffer_init(&b, dlv, strlen(dlv)); isc_buffer_add(&b, strlen(dlv)); tresult = dns_name_fromtext(name, &b, dns_rootname, ISC_TRUE, NULL); if (tresult != ISC_R_SUCCESS) { cfg_obj_log(obj, logctx, ISC_LOG_ERROR, "bad domain name '%s'", dlv); if (result == ISC_R_SUCCESS) result = tresult; } } if (symtab != NULL) isc_symtab_destroy(&symtab); } /* * Check dnssec-must-be-secure. */ obj = NULL; (void)cfg_map_get(options, "dnssec-must-be-secure", &obj); if (obj != NULL) { isc_symtab_t *symtab = NULL; tresult = isc_symtab_create(mctx, 100, freekey, mctx, ISC_FALSE, &symtab); if (tresult != ISC_R_SUCCESS) result = tresult; for (element = cfg_list_first(obj); element != NULL; element = cfg_list_next(element)) { obj = cfg_listelt_value(element); tresult = mustbesecure(obj, symtab, logctx, mctx); if (tresult != ISC_R_SUCCESS) result = tresult; } if (symtab != NULL) isc_symtab_destroy(&symtab); } return (result);}static isc_result_tget_masters_def(cfg_obj_t *cctx, char *name, cfg_obj_t **ret) { isc_result_t result; cfg_obj_t *masters = NULL; cfg_listelt_t *elt; result = cfg_map_get(cctx, "masters", &masters); if (result != ISC_R_SUCCESS) return (result); for (elt = cfg_list_first(masters); elt != NULL; elt = cfg_list_next(elt)) { cfg_obj_t *list; const char *listname; list = cfg_listelt_value(elt); listname = cfg_obj_asstring(cfg_tuple_get(list, "name")); if (strcasecmp(listname, name) == 0) { *ret = list; return (ISC_R_SUCCESS); } } return (ISC_R_NOTFOUND);}static isc_result_tvalidate_masters(cfg_obj_t *obj, cfg_obj_t *config, isc_uint32_t *countp, isc_log_t *logctx, isc_mem_t *mctx){ isc_result_t result = ISC_R_SUCCESS; isc_result_t tresult; isc_uint32_t count = 0; isc_symtab_t *symtab = NULL; isc_symvalue_t symvalue; cfg_listelt_t *element; cfg_listelt_t **stack = NULL; isc_uint32_t stackcount = 0, pushed = 0; cfg_obj_t *list; REQUIRE(countp != NULL); result = isc_symtab_create(mctx, 100, NULL, NULL, ISC_FALSE, &symtab); if (result != ISC_R_SUCCESS) return (result); newlist: list = cfg_tuple_get(obj, "addresses"); element = cfg_list_first(list); resume: for ( ; element != NULL; element = cfg_list_next(element)) { char *listname; cfg_obj_t *addr; cfg_obj_t *key; addr = cfg_tuple_get(cfg_listelt_value(element), "masterselement"); key = cfg_tuple_get(cfg_listelt_value(element), "key"); if (cfg_obj_issockaddr(addr)) { count++; continue; } if (!cfg_obj_isvoid(key)) { cfg_obj_log(key, logctx, ISC_LOG_ERROR, "unexpected token '%s'", cfg_obj_asstring(key)); if (result == ISC_R_SUCCESS) result = ISC_R_FAILURE; } listname = cfg_obj_asstring(addr); symvalue.as_pointer = addr; tresult = isc_symtab_define(symtab, listname, 1, symvalue, isc_symexists_reject); if (tresult == ISC_R_EXISTS) continue; tresult = get_masters_def(config, listname, &obj); if (tresult != ISC_R_SUCCESS) { if (result == ISC_R_SUCCESS) result = tresult; cfg_obj_log(addr, logctx, ISC_LOG_ERROR, "unable to find masters list '%s'", listname); continue; } /* Grow stack? */ if (stackcount == pushed) { void * new; isc_uint32_t newlen = stackcount + 16; size_t newsize, oldsize; newsize = newlen * sizeof(*stack); oldsize = stackcount * sizeof(*stack); new = isc_mem_get(mctx, newsize); if (new == NULL) goto cleanup; if (stackcount != 0) { memcpy(new, stack, oldsize); isc_mem_put(mctx, stack, oldsize); } stack = new; stackcount = newlen; } stack[pushed++] = cfg_list_next(element); goto newlist; } if (pushed != 0) { element = stack[--pushed]; goto resume; } cleanup: if (stack != NULL) isc_mem_put(mctx, stack, stackcount * sizeof(*stack)); isc_symtab_destroy(&symtab); *countp = count; return (result);}#define MASTERZONE 1#define SLAVEZONE 2#define STUBZONE 4#define HINTZONE 8#define FORWARDZONE 16#define DELEGATIONZONE 32typedef struct { const char *name; int allowed;} optionstable;static isc_result_tcheck_zoneconf(cfg_obj_t *zconfig, cfg_obj_t *config, isc_symtab_t *symtab, dns_rdataclass_t defclass, isc_log_t *logctx, isc_mem_t *mctx){ const char *zname; const char *typestr; unsigned int ztype; cfg_obj_t *zoptions; cfg_obj_t *obj = NULL; isc_result_t result = ISC_R_SUCCESS; isc_result_t tresult; unsigned int i; dns_rdataclass_t zclass; dns_fixedname_t fixedname; isc_buffer_t b; static optionstable options[] = { { "allow-query", MASTERZONE | SLAVEZONE | STUBZONE }, { "allow-notify", SLAVEZONE }, { "allow-transfer", MASTERZONE | SLAVEZONE }, { "notify", MASTERZONE | SLAVEZONE }, { "also-notify", MASTERZONE | SLAVEZONE }, { "dialup", MASTERZONE | SLAVEZONE | STUBZONE }, { "delegation-only", HINTZONE | STUBZONE }, { "forward", MASTERZONE | SLAVEZONE | STUBZONE | FORWARDZONE}, { "forwarders", MASTERZONE | SLAVEZONE | STUBZONE | FORWARDZONE}, { "maintain-ixfr-base", MASTERZONE | SLAVEZONE }, { "max-ixfr-log-size", MASTERZONE | SLAVEZONE }, { "notify-source", MASTERZONE | SLAVEZONE }, { "notify-source-v6", MASTERZONE | SLAVEZONE }, { "transfer-source", SLAVEZONE | STUBZONE }, { "transfer-source-v6", SLAVEZONE | STUBZONE }, { "max-transfer-time-in", SLAVEZONE | STUBZONE }, { "max-transfer-time-out", MASTERZONE | SLAVEZONE }, { "max-transfer-idle-in", SLAVEZONE | STUBZONE }, { "max-transfer-idle-out", MASTERZONE | SLAVEZONE }, { "max-retry-time", SLAVEZONE | STUBZONE }, { "min-retry-time", SLAVEZONE | STUBZONE }, { "max-refresh-time", SLAVEZONE | STUBZONE }, { "min-refresh-time", SLAVEZONE | STUBZONE }, { "sig-validity-interval", MASTERZONE }, { "zone-statistics", MASTERZONE | SLAVEZONE | STUBZONE }, { "allow-update", MASTERZONE }, { "allow-update-forwarding", SLAVEZONE }, { "file", MASTERZONE | SLAVEZONE | STUBZONE | HINTZONE}, { "ixfr-base", MASTERZONE | SLAVEZONE }, { "ixfr-tmp-file", MASTERZONE | SLAVEZONE }, { "masters", SLAVEZONE | STUBZONE }, { "pubkey", MASTERZONE | SLAVEZONE | STUBZONE }, { "update-policy", MASTERZONE }, { "database", MASTERZONE | SLAVEZONE | STUBZONE }, { "key-directory", MASTERZONE }, }; static optionstable dialups[] = { { "notify", MASTERZONE | SLAVEZONE }, { "notify-passive", SLAVEZONE }, { "refresh", SLAVEZONE | STUBZONE }, { "passive", SLAVEZONE | STUBZONE }, }; zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name")); zoptions = cfg_tuple_get(zconfig, "options"); obj = NULL; (void)cfg_map_get(zoptions, "type", &obj); if (obj == NULL) { cfg_obj_log(zconfig, logctx, ISC_LOG_ERROR, "zone '%s': type not present", zname); return (ISC_R_FAILURE); } typestr = cfg_obj_asstring(obj); if (strcasecmp(typestr, "master") == 0) ztype = MASTERZONE; else if (strcasecmp(typestr, "slave") == 0) ztype = SLAVEZONE; else if (strcasecmp(typestr, "stub") == 0) ztype = STUBZONE; else if (strcasecmp(typestr, "forward") == 0) ztype = FORWARDZONE; else if (strcasecmp(typestr, "hint") == 0) ztype = HINTZONE; else if (strcasecmp(typestr, "delegation-only") == 0) ztype = DELEGATIONZONE; else { cfg_obj_log(obj, logctx, ISC_LOG_ERROR, "zone '%s': invalid type %s", zname, typestr); return (ISC_R_FAILURE); } obj = cfg_tuple_get(zconfig, "class"); if (cfg_obj_isstring(obj)) { isc_textregion_t r; DE_CONST(cfg_obj_asstring(obj), r.base); r.length = strlen(r.base); result = dns_rdataclass_fromtext(&zclass, &r); if (result != ISC_R_SUCCESS) { cfg_obj_log(obj, logctx, ISC_LOG_ERROR, "zone '%s': invalid class %s", zname, r.base); return (ISC_R_FAILURE); } if (zclass != defclass) { cfg_obj_log(obj, logctx, ISC_LOG_ERROR, "zone '%s': class '%s' does not " "match view/default class", zname, r.base); return (ISC_R_FAILURE); } } /* * Look for an already existing zone. * We need to make this cannonical as isc_symtab_define() * deals with strings. */ dns_fixedname_init(&fixedname); isc_buffer_init(&b, zname, strlen(zname)); isc_buffer_add(&b, strlen(zname)); tresult = dns_name_fromtext(dns_fixedname_name(&fixedname), &b, dns_rootname, ISC_TRUE, NULL); if (result != ISC_R_SUCCESS) { cfg_obj_log(zconfig, logctx, ISC_LOG_ERROR, "zone '%s': is not a valid name", zname); tresult = ISC_R_FAILURE; } else { char namebuf[DNS_NAME_FORMATSIZE]; dns_name_format(dns_fixedname_name(&fixedname), namebuf, sizeof(namebuf)); tresult = nameexist(zconfig, namebuf, ztype == HINTZONE ? 1 : 2, symtab, "zone '%s': already exists " "previous definition: %s:%u", logctx, mctx); if (tresult != ISC_R_SUCCESS) result = tresult; } /* * Look for inappropriate options for the given zone type. */ for (i = 0; i < sizeof(options) / sizeof(options[0]); i++) { obj = NULL; if ((options[i].allowed & ztype) == 0 && cfg_map_get(zoptions, options[i].name, &obj) == ISC_R_SUCCESS) { if (strcmp(options[i].name, "allow-update") != 0 || ztype != SLAVEZONE) { cfg_obj_log(obj, logctx, ISC_LOG_ERROR, "option '%s' is not allowed " "in '%s' zone '%s'", options[i].name, typestr, zname); result = ISC_R_FAILURE; } else cfg_obj_log(obj, logctx, ISC_LOG_WARNING, "option '%s' is not allowed " "in '%s' zone '%s'", options[i].name, typestr, zname); } } /* * Slave & stub zones must have a "masters" field. */ if (ztype == SLAVEZONE || ztype == STUBZONE) { obj = NULL; if (cfg_map_get(zoptions, "masters", &obj) != ISC_R_SUCCESS) { cfg_obj_log(zoptions, logctx, ISC_LOG_ERROR, "zone '%s': missing 'masters' entry", zname); result = ISC_R_FAILURE; } else { isc_uint32_t count; tresult = validate_masters(obj, config, &count, logctx, mctx); if (tresult != ISC_R_SUCCESS && result == ISC_R_SUCCESS) result = tresult; if (tresult == ISC_R_SUCCESS && count == 0) { cfg_obj_log(zoptions, logctx, ISC_LOG_ERROR, "zone '%s': empty 'masters' entry", zname); result = ISC_R_FAILURE; } } } /* * Master zones can't have both "allow-update" and "update-policy". */ if (ztype == MASTERZONE) { isc_result_t res1, res2; obj = NULL; res1 = cfg_map_get(zoptions, "allow-update", &obj); obj = NULL; res2 = cfg_map_get(zoptions, "update-policy", &obj); if (res1 == ISC_R_SUCCESS && res2 == ISC_R_SUCCESS) { cfg_obj_log(obj, logctx, ISC_LOG_ERROR, "zone '%s': 'allow-update' is ignored " "when 'update-policy' is present", zname); result = ISC_R_FAILURE; } } /* * Check the excessively complicated "dialup" option. */ if (ztype == MASTERZONE || ztype == SLAVEZONE || ztype == STUBZONE) { cfg_obj_t *dialup = NULL; (void)cfg_map_get(zoptions, "dialup", &dialup); if (dialup != NULL && cfg_obj_isstring(dialup)) { char *str = cfg_obj_asstring(dialup); for (i = 0; i < sizeof(dialups) / sizeof(dialups[0]); i++) { if (strcasecmp(dialups[i].name, str) != 0) continue; if ((dialups[i].allowed & ztype) == 0) { cfg_obj_log(obj, logctx, ISC_LOG_ERROR, "dialup type '%s' is not " "allowed in '%s' " "zone '%s'", str, typestr, zname); result = ISC_R_FAILURE; } break; } if (i == sizeof(dialups) / sizeof(dialups[0])) { cfg_obj_log(obj, logctx, ISC_LOG_ERROR, "invalid dialup type '%s' in zone " "'%s'", str, zname); result = ISC_R_FAILURE; } } } /* * Check that forwarding is reasonable. */ if (check_forward(zoptions, logctx) != ISC_R_SUCCESS) result = ISC_R_FAILURE; /* * Check various options. */ tresult = check_options(zoptions, logctx, mctx);⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -