[v4_1_esv] Check failover pools per peer in test mode

        Merges in rt29892

diff --git a/RELNOTES b/RELNOTES
index 799d7160dca8bc2f6a7cceca39455a506e66bcf5..e9443c81bee85c1eb57e42344aaf5e74de95ff5f 100644 (file)
--- a/RELNOTES
+++ b/RELNOTES
@@ -169,6 +169,11 @@ by Eric Young (eay@cryptsoft.com).
   Pitt which got to us via Andrew Pollock.
   [ISC-bugs #18183]
 
+- The server now detects failover peers that are not referenced in at least
+  one pool when run with the command line option for test mode, -T.  Prior to
+  this the check was performed too far down stream to be detected in test mode.
+  [ISC-Bugs #29892]
+
                        Changes since 4.1-ESV-R14b1
 - None
 

diff --git a/includes/dhcpd.h b/includes/dhcpd.h
index 1e3c2011de18bbdfade1f6cd5556770a812fae96..802a50909889804bedd1180b541993fae420df90 100644 (file)
--- a/includes/dhcpd.h
+++ b/includes/dhcpd.h
@@ -3,7 +3,7 @@
    Definitions for dhcpd... */
 
 /*
- * Copyright (c) 2004-2016 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2004-2017 by Internet Systems Consortium, Inc. ("ISC")
  * Copyright (c) 1996-2003 by Internet Software Consortium
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -3132,6 +3132,7 @@ int deletePTR (const struct data_string *, const struct data_string *,
 /* failover.c */
 #if defined (FAILOVER_PROTOCOL)
 extern dhcp_failover_state_t *failover_states;
+void dhcp_failover_sanity_check (void);
 void dhcp_failover_startup (void);
 int dhcp_failover_write_all_states (void);
 isc_result_t enter_failover_peer (dhcp_failover_state_t *);

diff --git a/server/dhcpd.c b/server/dhcpd.c
index e4f8cf988f7e1fa8c50e04af2a83a94a452edc8e..f81fedd4384cffa2d871314e4524963151f23690 100644 (file)
--- a/server/dhcpd.c
+++ b/server/dhcpd.c
@@ -3,7 +3,7 @@
    DHCP Server Daemon. */
 
 /*
- * Copyright (c) 2004-2016 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2004-2017 by Internet Systems Consortium, Inc. ("ISC")
  * Copyright (c) 1996-2003 by Internet Software Consortium
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -737,6 +737,10 @@ main(int argc, char **argv) {
                log_fatal ("Configuration file errors encountered -- exiting");
 
        postconf_initialization (quiet);
+
+#if defined (FAILOVER_PROTOCOL)
+       dhcp_failover_sanity_check();
+#endif
  
 #if defined (PARANOIA) && !defined (EARLY_CHROOT)
        if (set_chroot) setup_chroot (set_chroot);

diff --git a/server/failover.c b/server/failover.c
index 778c2a3efed166284920350562902f39c95fedd2..1d5e171fa81648eb6ded527edc61690c83a6c9ca 100644 (file)
--- a/server/failover.c
+++ b/server/failover.c
@@ -3,7 +3,7 @@
    Failover protocol support code... */
 
 /*
- * Copyright (c) 2004-2016 by Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (c) 2004-2017 by Internet Systems Consortium, Inc. ("ISC")
  * Copyright (c) 1999-2003 by Internet Software Consortium
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -50,6 +50,37 @@ static inline int secondary_not_hoarding(dhcp_failover_state_t *state,
                                         struct pool *p);
 static void scrub_lease(struct lease* lease, const char *file, int line);
 
+/*!
+ * \brief Performs a "pre-flight" sanity check of failover configuration
+ *
+ * Provides an opportunity to do post-parse pre-startup sanity checking
+ * of failover configuration.  This allows checks to be done under test
+ * mode (-T), without requiring full startup for validation.
+ *
+ * Currently, it enforces all failover peers be used in at lease one
+ * pool. This logic was formerly located in dhcp_failover_startup.
+ *
+ * On failure, a fatal error is logged.
+ *
+ */
+void dhcp_failover_sanity_check() {
+       dhcp_failover_state_t *state;
+       int fail_count = 0;
+
+       for (state = failover_states; state; state = state->next) {
+               if (state->pool_count == 0) {
+                       log_error ("ERROR: Failover peer, %s, has no referring"
+                                  " pools. You must refer to each peer in at"
+                                  " least one pool declaration.",
+                                  state->name);
+                       fail_count++;
+               }
+       }
+
+       if (fail_count) {
+               log_fatal ("Failover configuration sanity check failed");
+       }
+}
 
 void dhcp_failover_startup ()
 {
@@ -60,15 +91,6 @@ void dhcp_failover_startup ()
        for (state = failover_states; state; state = state -> next) {
                dhcp_failover_state_transition (state, "startup");
 
-               if (state -> pool_count == 0) {
-                       log_error ("failover peer declaration with no %s",
-                                  "referring pools.");
-                       log_error ("In order to use failover, you MUST %s",
-                                  "refer to your main failover declaration");
-                       log_error ("in each pool declaration.   You MUST %s",
-                                  "NOT use range declarations outside");
-                       log_fatal ("of pool declarations.");
-               }
                /* In case the peer is already running, immediately try
                   to establish a connection with it. */
                status = dhcp_failover_link_initiate ((omapi_object_t *)state);