"check-names primary" and "check-names secondary" were ignored

these keywords were added to the parser as synonyms for "master"
and "slave" but were never hooked in to the configuration of named,
so they were ignored. this has been fixed and the option is now
checked for correctness.

(cherry picked from commit ba31b189b4f8dd9f259559d10abe5e1618ba9771)

diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c
index 12eddd79c2639c846e848ebebf24a9a6bc54c660..41c1a598db1df1b395ed0036d5b32abc065a53e7 100644 (file)
--- a/bin/named/zoneconf.c
+++ b/bin/named/zoneconf.c
@@ -730,22 +730,27 @@ strtoargv(isc_mem_t *mctx, char *s, unsigned int *argcp, char ***argvp) {
 static void
 checknames(dns_zonetype_t ztype, const cfg_obj_t **maps,
           const cfg_obj_t **objp) {
-       const char *zone = NULL;
        isc_result_t result;
 
        switch (ztype) {
        case dns_zone_slave:
        case dns_zone_mirror:
-               zone = "slave";
+               result = named_checknames_get(maps, "secondary", objp);
+               if (result != ISC_R_SUCCESS) {
+                       result = named_checknames_get(maps, "slave", objp);
+               }
                break;
        case dns_zone_master:
-               zone = "master";
+               result = named_checknames_get(maps, "primary", objp);
+               if (result != ISC_R_SUCCESS) {
+                       result = named_checknames_get(maps, "master", objp);
+               }
                break;
        default:
                INSIST(0);
                ISC_UNREACHABLE();
        }
-       result = named_checknames_get(maps, zone, objp);
+
        INSIST(result == ISC_R_SUCCESS && objp != NULL && *objp != NULL);
 }
 

diff --git a/bin/tests/system/checkconf/bad-checknames-primary-dup-2.conf b/bin/tests/system/checkconf/bad-checknames-primary-dup-2.conf
new file mode 100644 (file)
index 0000000..5ac12cc
--- /dev/null
+++ b/bin/tests/system/checkconf/bad-checknames-primary-dup-2.conf
@@ -0,0 +1,15 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+       check-names primary warn;
+       check-names primary fail;
+};

diff --git a/bin/tests/system/checkconf/bad-checknames-primary-dup.conf b/bin/tests/system/checkconf/bad-checknames-primary-dup.conf
new file mode 100644 (file)
index 0000000..b0934fa
--- /dev/null
+++ b/bin/tests/system/checkconf/bad-checknames-primary-dup.conf
@@ -0,0 +1,15 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+       check-names master warn;
+       check-names primary fail;
+};

diff --git a/bin/tests/system/checkconf/bad-checknames-secondary-dup.conf b/bin/tests/system/checkconf/bad-checknames-secondary-dup.conf
new file mode 100644 (file)
index 0000000..f60a84d
--- /dev/null
+++ b/bin/tests/system/checkconf/bad-checknames-secondary-dup.conf
@@ -0,0 +1,15 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+       check-names slave ignore;
+       check-names secondary warn;
+};

diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf
index 4f65c0621ec40b73c7276eda15d23f29f957962d..8c3c2394563f263ce5d37f6c097e5c88bb4d1af0 100644 (file)
--- a/bin/tests/system/checkconf/good.conf
+++ b/bin/tests/system/checkconf/good.conf
@@ -72,6 +72,8 @@ options {
        recursive-clients 3000;
        serial-query-rate 100;
        server-id none;
+       check-names primary warn;
+       check-names secondary ignore;
        max-cache-size 20000000000000;
        nta-lifetime 604800;
        nta-recheck 604800;

diff --git a/bin/tests/system/checknames/ns4/named.conf.in b/bin/tests/system/checknames/ns4/named.conf.in
index d4065cafab6ebd95ea97e267c3fadbdfd1137de8..8ae4a8ecca19dd4ac68ac7bcf4ef73a2cf45f1f2 100644 (file)
--- a/bin/tests/system/checknames/ns4/named.conf.in
+++ b/bin/tests/system/checknames/ns4/named.conf.in
@@ -19,7 +19,7 @@ options {
        listen-on-v6 { none; };
        recursion yes;
        dnssec-validation yes;
-       check-names master ignore;
+       check-names primary ignore;
        notify yes;
 };
 

diff --git a/bin/tests/system/checknames/tests.sh b/bin/tests/system/checknames/tests.sh
index 74f783e4d3c630d693ea4c5089f379f723fd175b..2ca2f1ae1a6ab5eed6db074c1928e92df9c8cf1e 100644 (file)
--- a/bin/tests/system/checknames/tests.sh
+++ b/bin/tests/system/checknames/tests.sh
@@ -127,7 +127,7 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 n=`expr $n + 1`
 
-echo_i "check that updates to 'check-names master ignore;' succeed and are not logged ($n)"
+echo_i "check that updates to 'check-names primary ignore;' succeed and are not logged ($n)"
 ret=0
 not=1
 $NSUPDATE -d <<END > nsupdate.out.test$n 2>&1 || ret=1

diff --git a/doc/arm/reference.rst b/doc/arm/reference.rst
index e01b58a294345238c880df05a985e3bff2323e38..6cc4b39a42aad04a71c38e0291f3af2ecd64cda1 100644 (file)
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -2051,7 +2051,7 @@ Boolean Options
    This option is used to restrict the character set and syntax of
    certain domain names in master files and/or DNS responses received
    from the network. The default varies according to usage area. For
-   ``master`` zones the default is ``fail``. For ``slave`` zones the
+   ``primary`` zones the default is ``fail``. For ``secondary`` zones the
    default is ``warn``. For answers received from the network
    (``response``), the default is ``ignore``.
 

diff --git a/lib/bind9/check.c b/lib/bind9/check.c
index 40192669ad7d9d0202620bc22682fa258ba4f1f2..c676ff4d22d594fa785e1ae2de8c05e0a254d606 100644 (file)
--- a/lib/bind9/check.c
+++ b/lib/bind9/check.c
@@ -1567,6 +1567,81 @@ check_options(const cfg_obj_t *options, isc_log_t *logctx, isc_mem_t *mctx,
                }
        }
 
+       obj = NULL;
+       (void)cfg_map_get(options, "check-names", &obj);
+       if (obj != NULL && !cfg_obj_islist(obj)) {
+               obj = NULL;
+       }
+       if (obj != NULL) {
+               enum { MAS = 1, PRI = 2, SLA = 4, SEC = 8 } values = 0;
+               for (const cfg_listelt_t *el = cfg_list_first(obj); el != NULL;
+                    el = cfg_list_next(el))
+               {
+                       const cfg_obj_t *tuple = cfg_listelt_value(el);
+                       const cfg_obj_t *type = cfg_tuple_get(tuple, "type");
+                       const char *keyword = cfg_obj_asstring(type);
+                       if (strcasecmp(keyword, "primary") == 0) {
+                               if ((values & PRI) == PRI) {
+                                       cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
+                                                   "'check-names primary' "
+                                                   "duplicated");
+                                       if (result == ISC_R_SUCCESS) {
+                                               result = ISC_R_FAILURE;
+                                       }
+                               }
+                               values |= PRI;
+                       } else if (strcasecmp(keyword, "master") == 0) {
+                               if ((values & MAS) == MAS) {
+                                       cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
+                                                   "'check-names master' "
+                                                   "duplicated");
+                                       if (result == ISC_R_SUCCESS) {
+                                               result = ISC_R_FAILURE;
+                                       }
+                               }
+                               values |= MAS;
+                       } else if (strcasecmp(keyword, "secondary") == 0) {
+                               if ((values & SEC) == SEC) {
+                                       cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
+                                                   "'check-names secondary' "
+                                                   "duplicated");
+                                       if (result == ISC_R_SUCCESS) {
+                                               result = ISC_R_FAILURE;
+                                       }
+                               }
+                               values |= SEC;
+                       } else if (strcasecmp(keyword, "slave") == 0) {
+                               if ((values & SLA) == SLA) {
+                                       cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
+                                                   "'check-names slave' "
+                                                   "duplicated");
+                                       if (result == ISC_R_SUCCESS) {
+                                               result = ISC_R_FAILURE;
+                                       }
+                               }
+                               values |= SLA;
+                       }
+               }
+
+               if ((values & (PRI | MAS)) == (PRI | MAS)) {
+                       cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
+                                   "'check-names' cannot take both "
+                                   "'primary' and 'master'");
+                       if (result == ISC_R_SUCCESS) {
+                               result = ISC_R_FAILURE;
+                       }
+               }
+
+               if ((values & (SEC | SLA)) == (SEC | SLA)) {
+                       cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
+                                   "'check-names' cannot take both "
+                                   "'secondary' and 'slave'");
+                       if (result == ISC_R_SUCCESS) {
+                               result = ISC_R_FAILURE;
+                       }
+               }
+       }
+
        return (result);
 }