From 486edb10db3957e39e9e2a7a63134f9700e1c043 Mon Sep 17 00:00:00 2001
From: Ralph Dolmans <ralph@nlnetlabs.nl>
Date: Tue, 30 May 2017 13:04:19 +0000
Subject: [PATCH] - Fix #1269: inconsistent use of built-in local zones with
 views. - Add defaults for new local-zone trees added to views using
 unbound-control.

git-svn-id: file:///svn/unbound/trunk@4199 be551aaa-1e26-0410-a405-d3ace91eadb9
---
 daemon/remote.c      |  8 ++++++++
 doc/Changelog        |  5 +++++
 services/localzone.c | 11 ++++++++---
 services/localzone.h |  9 +++++++++
 services/view.c      | 16 ++++++++++++++++
 util/config_file.c   |  1 +
 util/config_file.h   |  2 ++
 7 files changed, 49 insertions(+), 3 deletions(-)

diff --git a/daemon/remote.c b/daemon/remote.c
index 01663fad6..fb2fec6da 100644
--- a/daemon/remote.c
+++ b/daemon/remote.c
@@ -1393,6 +1393,14 @@ do_view_zone_add(SSL* ssl, struct worker* worker, char* arg)
 			ssl_printf(ssl,"error out of memory\n");
 			return;
 		}
+		if(!v->isfirst) {
+			/* Global local-zone is not used for this view,
+			 * therefore add defaults to this view-specic
+			 * local-zone. */
+			struct config_file lz_cfg;
+			memset(&lz_cfg, 0, sizeof(lz_cfg));
+			local_zone_enter_defaults(v->local_zones, &lz_cfg);
+		}
 	}
 	do_zone_add(ssl, v->local_zones, arg2);
 	lock_rw_unlock(&v->lock);
diff --git a/doc/Changelog b/doc/Changelog
index 291a13ec1..d5fe23eea 100644
--- a/doc/Changelog
+++ b/doc/Changelog
@@ -1,3 +1,8 @@
+30 May 2017: Ralph
+	- Fix #1269: inconsistent use of built-in local zones with views.
+	- Add defaults for new local-zone trees added to views using
+	  unbound-control.
+
 30 May 2017: Wouter
 	- Support for openssl EVP_DigestVerify.
 	- Support for the ED25519 algorithm with openssl (from openssl 1.1.1).
diff --git a/services/localzone.c b/services/localzone.c
index 9b83081d1..3ab1ce861 100644
--- a/services/localzone.c
+++ b/services/localzone.c
@@ -746,12 +746,15 @@ add_as112_default(struct local_zones* zones, struct config_file* cfg,
 }
 
 /** enter default zones */
-static int
-lz_enter_defaults(struct local_zones* zones, struct config_file* cfg)
+int local_zone_enter_defaults(struct local_zones* zones, struct config_file* cfg)
 {
 	struct local_zone* z;
 	const char** zstr;
 
+	/* Do not add any default */
+	if(cfg->local_zones_disable_default)
+		return 1;
+
 	/* this list of zones is from RFC 6303 and RFC 7686 */
 
 	/* block localhost level zones first, then onion and later the LAN zones */
@@ -1021,7 +1024,7 @@ local_zones_apply_cfg(struct local_zones* zones, struct config_file* cfg)
 		return 0;
 	}
 	/* apply default zones+content (unless disabled, or overridden) */
-	if(!lz_enter_defaults(zones, cfg)) {
+	if(!local_zone_enter_defaults(zones, cfg)) {
 		return 0;
 	}
 	/* enter local zone overrides */
@@ -1672,6 +1675,8 @@ int local_zone_str2type(const char* type, enum localzone_type* t)
 		*t = local_zone_always_refuse;
 	else if(strcmp(type, "always_nxdomain") == 0)
 		*t = local_zone_always_nxdomain;
+	else if(strcmp(type, "nodefault") == 0)
+		*t = local_zone_nodefault;
 	else return 0;
 	return 1;
 }
diff --git a/services/localzone.h b/services/localzone.h
index 658f28024..fcdad4166 100644
--- a/services/localzone.h
+++ b/services/localzone.h
@@ -427,6 +427,15 @@ enum localzone_type local_data_find_tag_action(const uint8_t* taglist,
 	const uint8_t* tagactions, size_t tagactionssize,
 	enum localzone_type lzt, int* tag, char* const* tagname, int num_tags);
 
+/**
+ * Enter defaults to local zone.
+ * @param zones: to add defaults to
+ * @param cfg: containing list of zones to exclude from default set.
+ * @return 1 on success; 0 otherwise.
+ */
+int local_zone_enter_defaults(struct local_zones* zones,
+	struct config_file* cfg);
+
 /**
   * Parses resource record string into wire format, also returning its field values.
   * @param str: input resource record
diff --git a/services/view.c b/services/view.c
index 33f4f4986..e7b3d692e 100644
--- a/services/view.c
+++ b/services/view.c
@@ -167,6 +167,22 @@ views_apply_cfg(struct views* vs, struct config_file* cfg)
 			lz_cfg.local_data = cv->local_data;
 			lz_cfg.local_zones_nodefault =
 				cv->local_zones_nodefault;
+			if(v->isfirst) {
+				/* Do not add defaults to view-specific
+				 * local-zone when global local zone will be
+				 * used. */
+				struct config_strlist* nd;
+				lz_cfg.local_zones_disable_default = 1;
+				/* Add nodefault zones to list of zones to add,
+				 * so they will be used as if they are
+				 * configured as type transparent */
+				for(nd = cv->local_zones_nodefault; nd;
+					nd = nd->next) {
+					cfg_str2list_insert(&lz_cfg.local_zones,
+						strdup(nd->str),
+						strdup("nodefault"));
+				}
+			}
 			if(!local_zones_apply_cfg(v->local_zones, &lz_cfg)){
 				lock_rw_unlock(&v->lock);
 				return 0;
diff --git a/util/config_file.c b/util/config_file.c
index 0904b4089..8fd6181c5 100644
--- a/util/config_file.c
+++ b/util/config_file.c
@@ -228,6 +228,7 @@ config_create(void)
 	cfg->neg_cache_size = 1 * 1024 * 1024;
 	cfg->local_zones = NULL;
 	cfg->local_zones_nodefault = NULL;
+	cfg->local_zones_disable_default = 0;
 	cfg->local_data = NULL;
 	cfg->local_zone_overrides = NULL;
 	cfg->unblock_lan_zones = 0;
diff --git a/util/config_file.h b/util/config_file.h
index 9ccd6f117..d97cfde31 100644
--- a/util/config_file.h
+++ b/util/config_file.h
@@ -319,6 +319,8 @@ struct config_file {
 	struct config_str2list* local_zones;
 	/** local zones nodefault list */
 	struct config_strlist* local_zones_nodefault;
+	/** do not add any default local zone */
+	int local_zones_disable_default;
 	/** local data RRs configured */
 	struct config_strlist* local_data;
 	/** local zone override types per netblock */
-- 
2.47.3