[v9_9] inline-signing slave with no file

3491.	[bug]		Slave zones using inline-signing must specify a
			file name. [RT #31946]

diff --git a/CHANGES b/CHANGES
index 257b83d7cc4e048e86fab3e7998e63547bd96522..bba23b0ca189539507cb43a9626f594c87658c29 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+3491.  [bug]           Slave zones using inline-signing must specify a
+                       file name. [RT #31946]
+
 3489.  [bug]           --enable-developer now turns on ISC_LIST_CHECKINIT.
                        When cloning a rdataset do not copy the link contents.
                        [RT #32651]

diff --git a/bin/tests/system/checkconf/bad-inline-slave.conf b/bin/tests/system/checkconf/bad-inline-slave.conf
new file mode 100644 (file)
index 0000000..06d9cfd
--- /dev/null
+++ b/bin/tests/system/checkconf/bad-inline-slave.conf
@@ -0,0 +1,25 @@
+/*
+ * Copyright (C) 2005, 2007, 2010-2012  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+ /*
+  * An inline-signing slave should be forced to have a file option
+  */
+  
+  zone "." {
+          type slave;
+          inline-signing yes;
+          masters { 10.53.0.1; };
+  };
\ No newline at end of file

diff --git a/lib/bind9/check.c b/lib/bind9/check.c
index 3186a90a825654c7fe88ced92042b45a4e2f4967..95a124f569e337202f0049fcbd9929e235970f01 100644 (file)
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -1785,20 +1785,27 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
        /*
         * If the zone type is rbt/rbt64 then master/hint zones
         * require file clauses.
+        * If inline signing is used, then slave zones require a
+        * file clause as well
         */
        obj = NULL;
        tresult = cfg_map_get(zoptions, "database", &obj);
        if (tresult == ISC_R_NOTFOUND ||
            (tresult == ISC_R_SUCCESS &&
             (strcmp("rbt", cfg_obj_asstring(obj)) == 0 ||
-             strcmp("rbt64", cfg_obj_asstring(obj)) == 0))) {
+             strcmp("rbt64", cfg_obj_asstring(obj)) == 0)))
+       {
+               isc_result_t res1;
                obj = NULL;
                tresult = cfg_map_get(zoptions, "file", &obj);
-               if (tresult != ISC_R_SUCCESS &&
-                   (ztype == MASTERZONE || ztype == HINTZONE)) {
+               obj = NULL;
+               res1 = cfg_map_get(zoptions, "inline-signing", &obj);
+               if ((tresult != ISC_R_SUCCESS &&
+                   (ztype == MASTERZONE || ztype == HINTZONE)) || 
+                   (ztype == SLAVEZONE && res1 == ISC_R_SUCCESS)) {
                        cfg_obj_log(zconfig, logctx, ISC_LOG_ERROR,
-                                   "zone '%s': missing 'file' entry",
-                                   znamestr);
+                           "zone '%s': missing 'file' entry",
+                           znamestr);
                        result = tresult;
                }
        }