error on allow-update and allow-update-forwarding at options/view level

diff --git a/bin/tests/system/checkconf/bad-allow-update-forwarding-view.conf b/bin/tests/system/checkconf/bad-allow-update-forwarding-view.conf
new file mode 100644 (file)
index 0000000..47f3495
--- /dev/null
+++ b/bin/tests/system/checkconf/bad-allow-update-forwarding-view.conf
@@ -0,0 +1,14 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+view {
+       allow-update-forwarding { any; };
+};

diff --git a/bin/tests/system/checkconf/bad-allow-update-forwarding.conf b/bin/tests/system/checkconf/bad-allow-update-forwarding.conf
new file mode 100644 (file)
index 0000000..08203e1
--- /dev/null
+++ b/bin/tests/system/checkconf/bad-allow-update-forwarding.conf
@@ -0,0 +1,14 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+       allow-update-forwarding { any; };
+};

diff --git a/bin/tests/system/checkconf/bad-allow-update-view.conf b/bin/tests/system/checkconf/bad-allow-update-view.conf
new file mode 100644 (file)
index 0000000..22c4361
--- /dev/null
+++ b/bin/tests/system/checkconf/bad-allow-update-view.conf
@@ -0,0 +1,14 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+view {
+       allow-update { any; };
+};

diff --git a/bin/tests/system/checkconf/bad-allow-update.conf b/bin/tests/system/checkconf/bad-allow-update.conf
new file mode 100644 (file)
index 0000000..67f41d6
--- /dev/null
+++ b/bin/tests/system/checkconf/bad-allow-update.conf
@@ -0,0 +1,14 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+       allow-update { any; };
+};

diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf
index 8fb844fb2fd062f69bd4e223139b367af999f32d..467e96c7555d167646f35d4968901c20b2f3b9f8 100644 (file)
--- a/bin/tests/system/checkconf/good.conf
+++ b/bin/tests/system/checkconf/good.conf
@@ -133,6 +133,9 @@ view "third" {
        zone "dnssec" {
                type master;
                file "file";
+               allow-update {
+                       "any";
+               };
                auto-dnssec maintain;
        };
        zone "p" {
@@ -145,9 +148,6 @@ view "third" {
                        1.2.3.4;
                };
        };
-       allow-update {
-               "any";
-       };
 };
 view "chaos" chaos {
        zone "hostname.bind" chaos {

diff --git a/lib/bind9/check.c b/lib/bind9/check.c
index 8b14d3a3cd8640b68b5142586ec8323f326fb7bd..6f5f7684849590c6a30c7592dfbebebcd42386e2 100644 (file)
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -484,6 +484,43 @@ check_viewacls(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions,
        return (result);
 }
 
+static isc_result_t
+check_non_viewacls(const cfg_obj_t *voptions, const cfg_obj_t *config,
+                  isc_log_t *logctx)
+{
+       const cfg_obj_t *aclobj = NULL;
+       const cfg_obj_t *options;
+       const char *where = NULL;
+       int i;
+
+       static const char *acls[] = {
+               "allow-update", "allow-update-forwarding", NULL
+       };
+
+       for (i = 0; acls[i] != NULL; i++) {
+               if (voptions != NULL && aclobj == NULL) {
+                       cfg_map_get(voptions, acls[i], &aclobj);
+                       where = "view";
+               }
+               if (config != NULL && aclobj == NULL) {
+                       options = NULL;
+                       cfg_map_get(config, "options", &options);
+                       if (options != NULL) {
+                               cfg_map_get(options, acls[i], &aclobj);
+                               where = "options";
+                       }
+               }
+               if (aclobj != NULL) {
+                       cfg_obj_log(aclobj, logctx, ISC_LOG_ERROR,
+                                   "'%s' can only be set per-zone, "
+                                   "not in '%s'", acls[i], where);
+                       return (ISC_R_FAILURE);
+               }
+       }
+
+       return (ISC_R_SUCCESS);
+}
+
 static const unsigned char zeros[16];
 
 static isc_result_t
@@ -3692,6 +3729,11 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions,
        if (tresult != ISC_R_SUCCESS)
                result = tresult;
 
+       tresult = check_non_viewacls(voptions, config, logctx);
+       if (tresult != ISC_R_SUCCESS) {
+               result = tresult;
+       }
+
        tresult = check_recursionacls(actx, voptions, viewname,
                                      config, logctx, mctx);
        if (tresult != ISC_R_SUCCESS)