From: Colin Vidal Date: Thu, 30 Oct 2025 09:00:59 +0000 (+0100) Subject: "named-checkconf -b" dumps built-in config X-Git-Tag: v9.21.15~8^2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a18cac7917411ce0d36267cd46f711deb51d91ca;p=thirdparty%2Fbind9.git "named-checkconf -b" dumps built-in config `named-checkconf` now supports the command line switch `-b`, which prints the default built-in configuration used by `named`. When `-b` is in use, other options are ignored. --- diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c index 0949b7c0f39..6355079f40c 100644 --- a/bin/check/named-checkconf.c +++ b/bin/check/named-checkconf.c @@ -58,7 +58,7 @@ usage(void); static void usage(void) { fprintf(stderr, - "usage: %s [-achijklvz] [-pe [-x]] [-t directory] " + "usage: %s [-achijklvz] [-pe [-x]] [-b] [-t directory] " "[named.conf]\n", isc_commandline_progname); exit(EXIT_SUCCESS); @@ -536,6 +536,23 @@ cleanup: return result; } +static isc_result_t +parse_builtin(cfg_obj_t **defaultconfig) { + isc_buffer_t b; + + REQUIRE(defaultconfig != NULL && *defaultconfig == NULL); + + isc_buffer_constinit(&b, common_named_defaultconf, + sizeof(common_named_defaultconf) - 1); + isc_buffer_add(&b, sizeof(common_named_defaultconf) - 1); + + return cfg_parse_buffer( + isc_g_mctx, &b, __FILE__, 0, &cfg_type_namedconf, + CFG_PCTX_NODEPRECATED | CFG_PCTX_NOOBSOLETE | + CFG_PCTX_NOEXPERIMENTAL | CFG_PCTX_BUILTIN, + defaultconfig); +} + static void output(void *closure, const char *text, int textlen) { if (fwrite(text, 1, textlen, stdout) != (size_t)textlen) { @@ -556,6 +573,7 @@ main(int argc, char **argv) { bool list_zones = false; bool print = false; bool effective = false; + bool builtin = false; unsigned int flags = 0; unsigned int parserflags = 0; unsigned int checkflags = BIND_CHECK_PLUGINS | BIND_CHECK_ALGORITHMS; @@ -567,7 +585,7 @@ main(int argc, char **argv) { /* * Process memory debugging argument first. */ -#define CMDLINE_FLAGS "acdehijklm:nt:pvxz" +#define CMDLINE_FLAGS "abcdehijklm:nt:pvxz" while ((c = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) { switch (c) { case 'm': @@ -596,6 +614,11 @@ main(int argc, char **argv) { checkflags &= ~BIND_CHECK_ALGORITHMS; break; + case 'b': + print = true; + builtin = true; + break; + case 'c': checkflags &= ~BIND_CHECK_PLUGINS; break; @@ -679,6 +702,11 @@ main(int argc, char **argv) { } } + if (builtin) { + CHECK(parse_builtin(&config)); + goto printx; + } + if (((flags & CFG_PRINTER_XKEY) != 0) && !print) { fprintf(stderr, "%s: -x cannot be used without -p\n", isc_commandline_progname); @@ -711,17 +739,8 @@ main(int argc, char **argv) { if (effective) { cfg_obj_t *effectiveconf = NULL; cfg_obj_t *defaultconfig = NULL; - isc_buffer_t b; - - isc_buffer_constinit(&b, common_named_defaultconf, - sizeof(common_named_defaultconf) - 1); - isc_buffer_add(&b, sizeof(common_named_defaultconf) - 1); - CHECK(cfg_parse_buffer( - isc_g_mctx, &b, __FILE__, 0, &cfg_type_namedconf, - CFG_PCTX_NODEPRECATED | CFG_PCTX_NOOBSOLETE | - CFG_PCTX_NOEXPERIMENTAL | CFG_PCTX_BUILTIN, - &defaultconfig)); + CHECK(parse_builtin(&defaultconfig)); effectiveconf = cfg_effective_config(config, defaultconfig); cfg_obj_detach(&defaultconfig); @@ -729,6 +748,7 @@ main(int argc, char **argv) { config = effectiveconf; } +printx: if (print) { cfg_printx(config, flags, output, &result); } diff --git a/bin/check/named-checkconf.rst b/bin/check/named-checkconf.rst index bfe2385fe71..fb267a13b43 100644 --- a/bin/check/named-checkconf.rst +++ b/bin/check/named-checkconf.rst @@ -21,7 +21,8 @@ named-checkconf - named configuration file syntax checking tool Synopsis ~~~~~~~~ -:program:`named-checkconf` [**-achjklnvz**] [**-pe** [**-x** ]] [**-t** directory] {filename} +:program:`named-checkconf` [**-achjklnvz**] [**-pe** [**-x** ]] [**-b**] +[**-t** directory] {filename} Description ~~~~~~~~~~~ @@ -48,6 +49,17 @@ Options a `named.conf` intended to be run on another machine with possibly a different set of supported DNSSEC key algorithms. +.. option:: -b + + This option prints the built-in server confguration for :iscman:`named`. + See :option:`-e` for more details. + + Note that default settings may change between releases, so this + information is only reliable if :program:`named-checkconf` and + :program:`named` are from the same release. + + When :option:`-b` is in use, the other switches are ignored. + .. option:: -e This option prints the effective server configuration that would @@ -55,11 +67,15 @@ Options were detected, in canonical form. The effective configuration is the result of loading a configuration - file and applying it on top of the default settings for :iscman:`named`. + file and applying it on top of the default settings for :program:`named`. All configurable settings are included. - See also the :option:`-x` and :option:`-p` options. + Note that default settings may change between releases, so the + effective configuration generated by :program:`named-checkconf` is only + expected to be correct for the same version of :program:`named`, + built with the same compile-time options. + See also the :option:`-b`, :option:`-x` and :option:`-p` options. .. option:: -h diff --git a/bin/tests/system/checkconf/tests_checkconf.py b/bin/tests/system/checkconf/tests_checkconf.py index 082133481dd..83abdb1e2f1 100644 --- a/bin/tests/system/checkconf/tests_checkconf.py +++ b/bin/tests/system/checkconf/tests_checkconf.py @@ -19,8 +19,21 @@ def test_checkconf_effective(): checkconf_output = proc.stdout.decode() assert "listen-on port 5353 {\n\t\t127.1.2.3/32;\n\t};" in checkconf_output assert 'view "_bind" chaos {' in checkconf_output + assert 'remote-servers "_default_iana_root_zone_primaries" {' in checkconf_output assert 'view "foo" {\n}' in checkconf_output # builtin-trust-anchors is non documented and internal clause only, it must # not be visible. assert "builtin-trust-anchors" not in checkconf_output + + +def test_checkconf_builtin(): + proc = isctest.run.cmd([os.environ["CHECKCONF"], "-b"]) + checkconf_output = proc.stdout.decode() + assert 'listen-on {\n\t\t"any";\n\t};' in checkconf_output + assert 'view "_bind" chaos {' in checkconf_output + assert 'remote-servers "_default_iana_root_zone_primaries" {' in checkconf_output + + # builtin-trust-anchors is non documented and internal clause only, it must + # not be visible. + assert "builtin-trust-anchors" not in checkconf_output