From: Wouter Wijngaards Date: Fri, 11 Jan 2008 11:24:30 +0000 (+0000) Subject: more checks by checkconf. X-Git-Tag: release-0.9~98 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=97f5d3d28ea61d0271510e4a4c45342d6c50b1bc;p=thirdparty%2Funbound.git more checks by checkconf. git-svn-id: file:///svn/unbound/trunk@842 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/doc/Changelog b/doc/Changelog index 6fef02baa..52c4465fd 100644 --- a/doc/Changelog +++ b/doc/Changelog @@ -1,6 +1,8 @@ 11 January 2008: Wouter - man page, warning removed. - added text describing the use of stub zones for private zones. + - checkconf tests for bad hostnames (IP address), and for doubled + interface lines. 10 January 2008: Wouter - typo in example.conf. diff --git a/iterator/iter_hints.c b/iterator/iter_hints.c index 024ad96c9..b7b99f906 100644 --- a/iterator/iter_hints.c +++ b/iterator/iter_hints.c @@ -434,7 +434,6 @@ hints_apply_cfg(struct iter_hints* hints, struct config_file* cfg) return 0; if(!hints_insert(hints, LDNS_RR_CLASS_IN, dp)) return 0; - delegpt_log(VERB_DETAIL, dp); } init_parents(hints); diff --git a/smallapp/unbound-checkconf.c b/smallapp/unbound-checkconf.c index 074b6a67d..f605380c3 100644 --- a/smallapp/unbound-checkconf.c +++ b/smallapp/unbound-checkconf.c @@ -86,20 +86,58 @@ check_mod(struct config_file* cfg, struct module_func_block* fb) regional_destroy(env.scratch); } -/** check configuration for errors */ +/** check localzones */ static void -morechecks(struct config_file* cfg) +localzonechecks(struct config_file* cfg) +{ + struct local_zones* zs; + if(!(zs = local_zones_create())) + fatal_exit("out of memory"); + if(!local_zones_apply_cfg(zs, cfg)) + fatal_exit("failed local-zone, local-data configuration"); + local_zones_delete(zs); +} + +/** emit warnings for IP in hosts */ +static void +warn_hosts(const char* typ, struct config_stub* list) { - int i; struct sockaddr_storage a; socklen_t alen; - struct config_str2list* acl; - struct local_zones* zs; + struct config_stub* s; + struct config_strlist* h; + for(s=list; s; s=s->next) { + for(h=s->hosts; h; h=h->next) { + if(extstrtoaddr(h->str, &a, &alen)) { + fprintf(stderr, "unbound-checkconf: warning:" + " %s %s: \"%s\" is an IP%s address, " + "and when looked up as a host name " + "during use may not resolve.\n", + s->name, typ, h->str, + addr_is_ip6(&a, alen)?"6":"4"); + } + } + } +} + +/** check interface strings */ +static void +interfacechecks(struct config_file* cfg) +{ + struct sockaddr_storage a; + socklen_t alen; + int i, j; for(i=0; inum_ifs; i++) { if(!ipstrtoaddr(cfg->ifs[i], UNBOUND_DNS_PORT, &a, &alen)) { fatal_exit("cannot parse interface specified as '%s'", cfg->ifs[i]); } + for(j=0; jnum_ifs; j++) { + if(i!=j && strcmp(cfg->ifs[i], cfg->ifs[j])==0) + fatal_exit("interface: %s present twice, " + "cannot bind same ports twice.", + cfg->ifs[i]); + } } for(i=0; inum_out_ifs; i++) { if(!ipstrtoaddr(cfg->out_ifs[i], UNBOUND_DNS_PORT, @@ -107,14 +145,40 @@ morechecks(struct config_file* cfg) fatal_exit("cannot parse outgoing-interface " "specified as '%s'", cfg->out_ifs[i]); } + for(j=0; jnum_out_ifs; j++) { + if(i!=j && strcmp(cfg->out_ifs[i], cfg->out_ifs[j])==0) + fatal_exit("outgoing-interface: %s present " + "twice, cannot bind same ports twice.", + cfg->out_ifs[i]); + } } +} + +/** check acl ips */ +static void +aclchecks(struct config_file* cfg) +{ + int d; + struct sockaddr_storage a; + socklen_t alen; + struct config_str2list* acl; for(acl=cfg->acls; acl; acl = acl->next) { if(!netblockstrtoaddr(acl->str, UNBOUND_DNS_PORT, &a, &alen, - &i)) { + &d)) { fatal_exit("cannot parse access control address %s %s", acl->str, acl->str2); } } +} + +/** check configuration for errors */ +static void +morechecks(struct config_file* cfg) +{ + warn_hosts("stub-host", cfg->stubs); + warn_hosts("forward-host", cfg->forwards); + interfacechecks(cfg); + aclchecks(cfg); if(cfg->verbosity < 0) fatal_exit("verbosity value < 0"); @@ -152,12 +216,7 @@ morechecks(struct config_file* cfg) endpwent(); } - if(!(zs = local_zones_create())) - fatal_exit("out of memory"); - if(!local_zones_apply_cfg(zs, cfg)) - fatal_exit("failed local-zone, local-data configuration"); - local_zones_print(zs); /* @@@ DEBUG */ - local_zones_delete(zs); + localzonechecks(cfg); } /** check config file */ diff --git a/testdata/04-checkconf.tpkg b/testdata/04-checkconf.tpkg index d01b6410c..ab98b86f4 100644 Binary files a/testdata/04-checkconf.tpkg and b/testdata/04-checkconf.tpkg differ diff --git a/util/net_help.c b/util/net_help.c index b2200721d..712e8c906 100644 --- a/util/net_help.c +++ b/util/net_help.c @@ -182,14 +182,12 @@ extstrtoaddr(const char* str, struct sockaddr_storage* addr, if((s=strchr(str, '@'))) { char buf[MAX_ADDR_STRLEN]; if(s-str >= MAX_ADDR_STRLEN) { - log_err("address too long: '%s'", str); return 0; } strncpy(buf, str, MAX_ADDR_STRLEN); buf[s-str] = 0; port = atoi(s+1); if(port == 0 && strcmp(s+1,"0")!=0) { - log_err("bad port spec in address: '%s", str); return 0; } return ipstrtoaddr(buf, port, addr, addrlen); @@ -212,7 +210,6 @@ ipstrtoaddr(const char* ip, int port, struct sockaddr_storage* addr, sa->sin6_family = AF_INET6; sa->sin6_port = (in_port_t)htons(p); if(inet_pton((int)sa->sin6_family, ip, &sa->sin6_addr) <= 0) { - log_err("Bad ip6 address %s", ip); return 0; } } else { /* ip4 */ @@ -222,7 +219,6 @@ ipstrtoaddr(const char* ip, int port, struct sockaddr_storage* addr, sa->sin_family = AF_INET; sa->sin_port = (in_port_t)htons(p); if(inet_pton((int)sa->sin_family, ip, &sa->sin_addr) <= 0) { - log_err("Bad ip4 address %s", ip); return 0; } }