- apply chroot to auth-zone zonefile in unbound-checkconf

author Ralph Dolmans <ralph@nlnetlabs.nl>

Thu, 11 Apr 2019 13:07:49 +0000 (15:07 +0200)

committer Ralph Dolmans <ralph@nlnetlabs.nl>

Thu, 11 Apr 2019 13:07:49 +0000 (15:07 +0200)
author Ralph Dolmans <ralph@nlnetlabs.nl>
Thu, 11 Apr 2019 13:07:49 +0000 (15:07 +0200)
committer Ralph Dolmans <ralph@nlnetlabs.nl>
Thu, 11 Apr 2019 13:07:49 +0000 (15:07 +0200)
diff --git a/smallapp/unbound-checkconf.c b/smallapp/unbound-checkconf.c

index eddd3e172821e30cb91286164cf0dbc30446a5e8..0cf3d35aa4925d1436b37c4158e5a84517505450 100644 (file)
--- a/smallapp/unbound-checkconf.c
+++ b/smallapp/unbound-checkconf.c
@@ -433,6 +433,7 @@ check_modules_exist(const char* module_conf)
  static void
  morechecks(struct config_file* cfg)
  {
+       struct config_auth* auth;
         warn_hosts("stub-host", cfg->stubs);
         warn_hosts("forward-host", cfg->forwards);
         interfacechecks(cfg);
@@ -498,6 +499,12 @@ morechecks(struct config_file* cfg)
                 cfg->trusted_keys_file_list, cfg->chrootdir, cfg);
         check_chroot_string("dlv-anchor-file", &cfg->dlv_anchor_file,
                 cfg->chrootdir, cfg);
+       for(auth = cfg->auths; auth; auth = auth->next) {
+               char* az = (auth->isrpz) ? "rpz zonefile" :
+                       "auth-zone zonefile";
+               check_chroot_string(az, &auth->zonefile,
+                       cfg->chrootdir, cfg);
+       }
  #ifdef USE_IPSECMOD
         if(cfg->ipsecmod_enabled && strstr(cfg->module_conf, "ipsecmod")) {
                 /* only check hook if enabled */
author	Ralph Dolmans <ralph@nlnetlabs.nl>
	Thu, 11 Apr 2019 13:07:49 +0000 (15:07 +0200)
committer	Ralph Dolmans <ralph@nlnetlabs.nl>
	Thu, 11 Apr 2019 13:07:49 +0000 (15:07 +0200)