search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Ignore machine-check MSRs
[freebsd-src/fkvm-freebsd.git] / contrib / bind9 / bin / named / zoneconf.c
bloba0c1babd6d0e3836c5627c7425296131b81e9e74
1 /*
2 * Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
3 * Copyright (C) 1999-2003 Internet Software Consortium.
4 *
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
8 *
9 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15 * PERFORMANCE OF THIS SOFTWARE.
16 */
17
18 /* $Id: zoneconf.c,v 1.110.18.23 2006/05/16 03:39:57 marka Exp $ */
19
20 /*% */
21
22 #include <config.h>
23
24 #include <isc/buffer.h>
25 #include <isc/file.h>
26 #include <isc/mem.h>
27 #include <isc/print.h>
28 #include <isc/string.h> /* Required for HP/UX (and others?) */
29 #include <isc/util.h>
30
31 #include <dns/acl.h>
32 #include <dns/fixedname.h>
33 #include <dns/log.h>
34 #include <dns/name.h>
35 #include <dns/rdatatype.h>
36 #include <dns/ssu.h>
37 #include <dns/view.h>
38 #include <dns/zone.h>
39
40 #include <named/client.h>
41 #include <named/config.h>
42 #include <named/globals.h>
43 #include <named/log.h>
44 #include <named/server.h>
45 #include <named/zoneconf.h>
46
47 /*%
48 * These are BIND9 server defaults, not necessarily identical to the
49 * library defaults defined in zone.c.
50 */
51 #define RETERR(x) do { \
52 isc_result_t _r = (x); \
53 if (_r != ISC_R_SUCCESS) \
54 return (_r); \
55 } while (0)
56
57 /*%
58 * Convenience function for configuring a single zone ACL.
59 */
60 static isc_result_t
61 configure_zone_acl(const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,
62 const cfg_obj_t *config, const char *aclname,
63 cfg_aclconfctx_t *actx, dns_zone_t *zone,
64 void (*setzacl)(dns_zone_t *, dns_acl_t *),
65 void (*clearzacl)(dns_zone_t *))
66 {
67 isc_result_t result;
68 const cfg_obj_t *maps[5];
69 const cfg_obj_t *aclobj = NULL;
70 int i = 0;
71 dns_acl_t *dacl = NULL;
72
73 if (zconfig != NULL)
74 maps[i++] = cfg_tuple_get(zconfig, "options");
75 if (vconfig != NULL)
76 maps[i++] = cfg_tuple_get(vconfig, "options");
77 if (config != NULL) {
78 const cfg_obj_t *options = NULL;
79 (void)cfg_map_get(config, "options", &options);
80 if (options != NULL)
81 maps[i++] = options;
82 }
83 maps[i++] = ns_g_defaults;
84 maps[i] = NULL;
85
86 result = ns_config_get(maps, aclname, &aclobj);
87 if (aclobj == NULL) {
88 (*clearzacl)(zone);
89 return (ISC_R_SUCCESS);
90 }
91
92 result = cfg_acl_fromconfig(aclobj, config, ns_g_lctx, actx,
93 dns_zone_getmctx(zone), &dacl);
94 if (result != ISC_R_SUCCESS)
95 return (result);
96 (*setzacl)(zone, dacl);
97 dns_acl_detach(&dacl);
98 return (ISC_R_SUCCESS);
99 }
100
101 /*%
102 * Parse the zone update-policy statement.
103 */
104 static isc_result_t
105 configure_zone_ssutable(const cfg_obj_t *zconfig, dns_zone_t *zone) {
106 const cfg_obj_t *updatepolicy = NULL;
107 const cfg_listelt_t *element, *element2;
108 dns_ssutable_t *table = NULL;
109 isc_mem_t *mctx = dns_zone_getmctx(zone);
110 isc_result_t result;
111
112 (void)cfg_map_get(zconfig, "update-policy", &updatepolicy);
113 if (updatepolicy == NULL) {
114 dns_zone_setssutable(zone, NULL);
115 return (ISC_R_SUCCESS);
116 }
117
118 result = dns_ssutable_create(mctx, &table);
119 if (result != ISC_R_SUCCESS)
120 return (result);
121
122 for (element = cfg_list_first(updatepolicy);
123 element != NULL;
124 element = cfg_list_next(element))
125 {
126 const cfg_obj_t *stmt = cfg_listelt_value(element);
127 const cfg_obj_t *mode = cfg_tuple_get(stmt, "mode");
128 const cfg_obj_t *identity = cfg_tuple_get(stmt, "identity");
129 const cfg_obj_t *matchtype = cfg_tuple_get(stmt, "matchtype");
130 const cfg_obj_t *dname = cfg_tuple_get(stmt, "name");
131 const cfg_obj_t *typelist = cfg_tuple_get(stmt, "types");
132 const char *str;
133 isc_boolean_t grant = ISC_FALSE;
134 unsigned int mtype = DNS_SSUMATCHTYPE_NAME;
135 dns_fixedname_t fname, fident;
136 isc_buffer_t b;
137 dns_rdatatype_t *types;
138 unsigned int i, n;
139
140 str = cfg_obj_asstring(mode);
141 if (strcasecmp(str, "grant") == 0)
142 grant = ISC_TRUE;
143 else if (strcasecmp(str, "deny") == 0)
144 grant = ISC_FALSE;
145 else
146 INSIST(0);
147
148 str = cfg_obj_asstring(matchtype);
149 if (strcasecmp(str, "name") == 0)
150 mtype = DNS_SSUMATCHTYPE_NAME;
151 else if (strcasecmp(str, "subdomain") == 0)
152 mtype = DNS_SSUMATCHTYPE_SUBDOMAIN;
153 else if (strcasecmp(str, "wildcard") == 0)
154 mtype = DNS_SSUMATCHTYPE_WILDCARD;
155 else if (strcasecmp(str, "self") == 0)
156 mtype = DNS_SSUMATCHTYPE_SELF;
157 else if (strcasecmp(str, "selfsub") == 0)
158 mtype = DNS_SSUMATCHTYPE_SELFSUB;
159 else if (strcasecmp(str, "selfwild") == 0)
160 mtype = DNS_SSUMATCHTYPE_SELFWILD;
161 else
162 INSIST(0);
163
164 dns_fixedname_init(&fident);
165 str = cfg_obj_asstring(identity);
166 isc_buffer_init(&b, str, strlen(str));
167 isc_buffer_add(&b, strlen(str));
168 result = dns_name_fromtext(dns_fixedname_name(&fident), &b,
169 dns_rootname, ISC_FALSE, NULL);
170 if (result != ISC_R_SUCCESS) {
171 cfg_obj_log(identity, ns_g_lctx, ISC_LOG_ERROR,
172 "'%s' is not a valid name", str);
173 goto cleanup;
174 }
175
176 dns_fixedname_init(&fname);
177 str = cfg_obj_asstring(dname);
178 isc_buffer_init(&b, str, strlen(str));
179 isc_buffer_add(&b, strlen(str));
180 result = dns_name_fromtext(dns_fixedname_name(&fname), &b,
181 dns_rootname, ISC_FALSE, NULL);
182 if (result != ISC_R_SUCCESS) {
183 cfg_obj_log(identity, ns_g_lctx, ISC_LOG_ERROR,
184 "'%s' is not a valid name", str);
185 goto cleanup;
186 }
187
188 n = ns_config_listcount(typelist);
189 if (n == 0)
190 types = NULL;
191 else {
192 types = isc_mem_get(mctx, n * sizeof(dns_rdatatype_t));
193 if (types == NULL) {
194 result = ISC_R_NOMEMORY;
195 goto cleanup;
196 }
197 }
198
199 i = 0;
200 for (element2 = cfg_list_first(typelist);
201 element2 != NULL;
202 element2 = cfg_list_next(element2))
203 {
204 const cfg_obj_t *typeobj;
205 isc_textregion_t r;
206
207 INSIST(i < n);
208
209 typeobj = cfg_listelt_value(element2);
210 str = cfg_obj_asstring(typeobj);
211 DE_CONST(str, r.base);
212 r.length = strlen(str);
213
214 result = dns_rdatatype_fromtext(&types[i++], &r);
215 if (result != ISC_R_SUCCESS) {
216 cfg_obj_log(identity, ns_g_lctx, ISC_LOG_ERROR,
217 "'%s' is not a valid type", str);
218 isc_mem_put(mctx, types,
219 n * sizeof(dns_rdatatype_t));
220 goto cleanup;
221 }
222 }
223 INSIST(i == n);
224
225 result = dns_ssutable_addrule(table, grant,
226 dns_fixedname_name(&fident),
227 mtype,
228 dns_fixedname_name(&fname),
229 n, types);
230 if (types != NULL)
231 isc_mem_put(mctx, types, n * sizeof(dns_rdatatype_t));
232 if (result != ISC_R_SUCCESS) {
233 goto cleanup;
234 }
235
236 }
237
238 result = ISC_R_SUCCESS;
239 dns_zone_setssutable(zone, table);
240
241 cleanup:
242 dns_ssutable_detach(&table);
243 return (result);
244 }
245
246 /*%
247 * Convert a config file zone type into a server zone type.
248 */
249 static inline dns_zonetype_t
250 zonetype_fromconfig(const cfg_obj_t *map) {
251 const cfg_obj_t *obj = NULL;
252 isc_result_t result;
253
254 result = cfg_map_get(map, "type", &obj);
255 INSIST(result == ISC_R_SUCCESS);
256 return (ns_config_getzonetype(obj));
257 }
258
259 /*%
260 * Helper function for strtoargv(). Pardon the gratuitous recursion.
261 */
262 static isc_result_t
263 strtoargvsub(isc_mem_t *mctx, char *s, unsigned int *argcp,
264 char ***argvp, unsigned int n)
265 {
266 isc_result_t result;
267
268 /* Discard leading whitespace. */
269 while (*s == ' ' || *s == '\t')
270 s++;
271
272 if (*s == '\0') {
273 /* We have reached the end of the string. */
274 *argcp = n;
275 *argvp = isc_mem_get(mctx, n * sizeof(char *));
276 if (*argvp == NULL)
277 return (ISC_R_NOMEMORY);
278 } else {
279 char *p = s;
280 while (*p != ' ' && *p != '\t' && *p != '\0')
281 p++;
282 if (*p != '\0')
283 *p++ = '\0';
284
285 result = strtoargvsub(mctx, p, argcp, argvp, n + 1);
286 if (result != ISC_R_SUCCESS)
287 return (result);
288 (*argvp)[n] = s;
289 }
290 return (ISC_R_SUCCESS);
291 }
292
293 /*%
294 * Tokenize the string "s" into whitespace-separated words,
295 * return the number of words in '*argcp' and an array
296 * of pointers to the words in '*argvp'. The caller
297 * must free the array using isc_mem_put(). The string
298 * is modified in-place.
299 */
300 static isc_result_t
301 strtoargv(isc_mem_t *mctx, char *s, unsigned int *argcp, char ***argvp) {
302 return (strtoargvsub(mctx, s, argcp, argvp, 0));
303 }
304
305 static void
306 checknames(dns_zonetype_t ztype, const cfg_obj_t **maps,
307 const cfg_obj_t **objp)
308 {
309 const char *zone = NULL;
310 isc_result_t result;
311
312 switch (ztype) {
313 case dns_zone_slave: zone = "slave"; break;
314 case dns_zone_master: zone = "master"; break;
315 default:
316 INSIST(0);
317 }
318 result = ns_checknames_get(maps, zone, objp);
319 INSIST(result == ISC_R_SUCCESS);
320 }
321
322 isc_result_t
323 ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
324 const cfg_obj_t *zconfig, cfg_aclconfctx_t *ac,
325 dns_zone_t *zone)
326 {
327 isc_result_t result;
328 const char *zname;
329 dns_rdataclass_t zclass;
330 dns_rdataclass_t vclass;
331 const cfg_obj_t *maps[5];
332 const cfg_obj_t *zoptions = NULL;
333 const cfg_obj_t *options = NULL;
334 const cfg_obj_t *obj;
335 const char *filename = NULL;
336 dns_notifytype_t notifytype = dns_notifytype_yes;
337 isc_sockaddr_t *addrs;
338 dns_name_t **keynames;
339 isc_uint32_t count;
340 char *cpval;
341 unsigned int dbargc;
342 char **dbargv;
343 static char default_dbtype[] = "rbt";
344 isc_mem_t *mctx = dns_zone_getmctx(zone);
345 dns_dialuptype_t dialup = dns_dialuptype_no;
346 dns_zonetype_t ztype;
347 int i;
348 isc_int32_t journal_size;
349 isc_boolean_t multi;
350 isc_boolean_t alt;
351 dns_view_t *view;
352 isc_boolean_t check = ISC_FALSE, fail = ISC_FALSE;
353 isc_boolean_t warn = ISC_FALSE, ignore = ISC_FALSE;
354 isc_boolean_t ixfrdiff;
355 dns_masterformat_t masterformat;
356
357 i = 0;
358 if (zconfig != NULL) {
359 zoptions = cfg_tuple_get(zconfig, "options");
360 maps[i++] = zoptions;
361 }
362 if (vconfig != NULL)
363 maps[i++] = cfg_tuple_get(vconfig, "options");
364 if (config != NULL) {
365 (void)cfg_map_get(config, "options", &options);
366 if (options != NULL)
367 maps[i++] = options;
368 }
369 maps[i++] = ns_g_defaults;
370 maps[i++] = NULL;
371
372 if (vconfig != NULL)
373 RETERR(ns_config_getclass(cfg_tuple_get(vconfig, "class"),
374 dns_rdataclass_in, &vclass));
375 else
376 vclass = dns_rdataclass_in;
377
378 /*
379 * Configure values common to all zone types.
380 */
381
382 zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
383
384 RETERR(ns_config_getclass(cfg_tuple_get(zconfig, "class"),
385 vclass, &zclass));
386 dns_zone_setclass(zone, zclass);
387
388 ztype = zonetype_fromconfig(zoptions);
389 dns_zone_settype(zone, ztype);
390
391 obj = NULL;
392 result = cfg_map_get(zoptions, "database", &obj);
393 if (result == ISC_R_SUCCESS)
394 cpval = isc_mem_strdup(mctx, cfg_obj_asstring(obj));
395 else
396 cpval = default_dbtype;
397
398 if (cpval == NULL)
399 return(ISC_R_NOMEMORY);
400
401 result = strtoargv(mctx, cpval, &dbargc, &dbargv);
402 if (result != ISC_R_SUCCESS && cpval != default_dbtype) {
403 isc_mem_free(mctx, cpval);
404 return (result);
405 }
406
407 /*
408 * ANSI C is strange here. There is no logical reason why (char **)
409 * cannot be promoted automatically to (const char * const *) by the
410 * compiler w/o generating a warning.
411 */
412 result = dns_zone_setdbtype(zone, dbargc, (const char * const *)dbargv);
413 isc_mem_put(mctx, dbargv, dbargc * sizeof(*dbargv));
414 if (cpval != default_dbtype)
415 isc_mem_free(mctx, cpval);
416 if (result != ISC_R_SUCCESS)
417 return (result);
418
419 obj = NULL;
420 result = cfg_map_get(zoptions, "file", &obj);
421 if (result == ISC_R_SUCCESS)
422 filename = cfg_obj_asstring(obj);
423
424 masterformat = dns_masterformat_text;
425 obj = NULL;
426 result= ns_config_get(maps, "masterfile-format", &obj);
427 if (result == ISC_R_SUCCESS) {
428 const char *masterformatstr = cfg_obj_asstring(obj);
429
430 if (strcasecmp(masterformatstr, "text") == 0)
431 masterformat = dns_masterformat_text;
432 else if (strcasecmp(masterformatstr, "raw") == 0)
433 masterformat = dns_masterformat_raw;
434 else
435 INSIST(0);
436 }
437 RETERR(dns_zone_setfile2(zone, filename, masterformat));
438
439 obj = NULL;
440 result = cfg_map_get(zoptions, "journal", &obj);
441 if (result == ISC_R_SUCCESS)
442 RETERR(dns_zone_setjournal(zone, cfg_obj_asstring(obj)));
443
444 if (ztype == dns_zone_slave)
445 RETERR(configure_zone_acl(zconfig, vconfig, config,
446 "allow-notify", ac, zone,
447 dns_zone_setnotifyacl,
448 dns_zone_clearnotifyacl));
449 /*
450 * XXXAG This probably does not make sense for stubs.
451 */
452 RETERR(configure_zone_acl(zconfig, vconfig, config,
453 "allow-query", ac, zone,
454 dns_zone_setqueryacl,
455 dns_zone_clearqueryacl));
456
457 obj = NULL;
458 result = ns_config_get(maps, "dialup", &obj);
459 INSIST(result == ISC_R_SUCCESS);
460 if (cfg_obj_isboolean(obj)) {
461 if (cfg_obj_asboolean(obj))
462 dialup = dns_dialuptype_yes;
463 else
464 dialup = dns_dialuptype_no;
465 } else {
466 const char *dialupstr = cfg_obj_asstring(obj);
467 if (strcasecmp(dialupstr, "notify") == 0)
468 dialup = dns_dialuptype_notify;
469 else if (strcasecmp(dialupstr, "notify-passive") == 0)
470 dialup = dns_dialuptype_notifypassive;
471 else if (strcasecmp(dialupstr, "refresh") == 0)
472 dialup = dns_dialuptype_refresh;
473 else if (strcasecmp(dialupstr, "passive") == 0)
474 dialup = dns_dialuptype_passive;
475 else
476 INSIST(0);
477 }
478 dns_zone_setdialup(zone, dialup);
479
480 obj = NULL;
481 result = ns_config_get(maps, "zone-statistics", &obj);
482 INSIST(result == ISC_R_SUCCESS);
483 RETERR(dns_zone_setstatistics(zone, cfg_obj_asboolean(obj)));
484
485 /*
486 * Configure master functionality. This applies
487 * to primary masters (type "master") and slaves
488 * acting as masters (type "slave"), but not to stubs.
489 */
490 if (ztype != dns_zone_stub) {
491 obj = NULL;
492 result = ns_config_get(maps, "notify", &obj);
493 INSIST(result == ISC_R_SUCCESS);
494 if (cfg_obj_isboolean(obj)) {
495 if (cfg_obj_asboolean(obj))
496 notifytype = dns_notifytype_yes;
497 else
498 notifytype = dns_notifytype_no;
499 } else {
500 const char *notifystr = cfg_obj_asstring(obj);
501 if (strcasecmp(notifystr, "explicit") == 0)
502 notifytype = dns_notifytype_explicit;
503 else if (strcasecmp(notifystr, "master-only") == 0)
504 notifytype = dns_notifytype_masteronly;
505 else
506 INSIST(0);
507 }
508 dns_zone_setnotifytype(zone, notifytype);
509
510 obj = NULL;
511 result = ns_config_get(maps, "also-notify", &obj);
512 if (result == ISC_R_SUCCESS) {
513 isc_sockaddr_t *addrs = NULL;
514 isc_uint32_t addrcount;
515 result = ns_config_getiplist(config, obj, 0, mctx,
516 &addrs, &addrcount);
517 if (result != ISC_R_SUCCESS)
518 return (result);
519 result = dns_zone_setalsonotify(zone, addrs,
520 addrcount);
521 ns_config_putiplist(mctx, &addrs, addrcount);
522 if (result != ISC_R_SUCCESS)
523 return (result);
524 } else
525 RETERR(dns_zone_setalsonotify(zone, NULL, 0));
526
527 obj = NULL;
528 result = ns_config_get(maps, "notify-source", &obj);
529 INSIST(result == ISC_R_SUCCESS);
530 RETERR(dns_zone_setnotifysrc4(zone, cfg_obj_assockaddr(obj)));
531 ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));
532
533 obj = NULL;
534 result = ns_config_get(maps, "notify-source-v6", &obj);
535 INSIST(result == ISC_R_SUCCESS);
536 RETERR(dns_zone_setnotifysrc6(zone, cfg_obj_assockaddr(obj)));
537 ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));
538
539 dns_zone_setisself(zone, ns_client_isself, NULL);
540
541 RETERR(configure_zone_acl(zconfig, vconfig, config,
542 "allow-transfer", ac, zone,
543 dns_zone_setxfracl,
544 dns_zone_clearxfracl));
545
546 obj = NULL;
547 result = ns_config_get(maps, "max-transfer-time-out", &obj);
548 INSIST(result == ISC_R_SUCCESS);
549 dns_zone_setmaxxfrout(zone, cfg_obj_asuint32(obj) * 60);
550
551 obj = NULL;
552 result = ns_config_get(maps, "max-transfer-idle-out", &obj);
553 INSIST(result == ISC_R_SUCCESS);
554 dns_zone_setidleout(zone, cfg_obj_asuint32(obj) * 60);
555
556 obj = NULL;
557 result = ns_config_get(maps, "max-journal-size", &obj);
558 INSIST(result == ISC_R_SUCCESS);
559 dns_zone_setjournalsize(zone, -1);
560 if (cfg_obj_isstring(obj)) {
561 const char *str = cfg_obj_asstring(obj);
562 INSIST(strcasecmp(str, "unlimited") == 0);
563 journal_size = ISC_UINT32_MAX / 2;
564 } else {
565 isc_resourcevalue_t value;
566 value = cfg_obj_asuint64(obj);
567 if (value > ISC_UINT32_MAX / 2) {
568 cfg_obj_log(obj, ns_g_lctx,
569 ISC_LOG_ERROR,
570 "'max-journal-size "
571 "%" ISC_PRINT_QUADFORMAT "d' "
572 "is too large",
573 value);
574 RETERR(ISC_R_RANGE);
575 }
576 journal_size = (isc_uint32_t)value;
577 }
578 dns_zone_setjournalsize(zone, journal_size);
579
580 obj = NULL;
581 result = ns_config_get(maps, "ixfr-from-differences", &obj);
582 INSIST(result == ISC_R_SUCCESS);
583 if (cfg_obj_isboolean(obj))
584 ixfrdiff = cfg_obj_asboolean(obj);
585 else if (strcasecmp(cfg_obj_asstring(obj), "master") &&
586 ztype == dns_zone_master)
587 ixfrdiff = ISC_TRUE;
588 else if (strcasecmp(cfg_obj_asstring(obj), "slave") &&
589 ztype == dns_zone_slave)
590 ixfrdiff = ISC_TRUE;
591 else
592 ixfrdiff = ISC_FALSE;
593 dns_zone_setoption(zone, DNS_ZONEOPT_IXFRFROMDIFFS, ixfrdiff);
594
595 checknames(ztype, maps, &obj);
596 INSIST(obj != NULL);
597 if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
598 fail = ISC_FALSE;
599 check = ISC_TRUE;
600 } else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
601 fail = check = ISC_TRUE;
602 } else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
603 fail = check = ISC_FALSE;
604 } else
605 INSIST(0);
606 dns_zone_setoption(zone, DNS_ZONEOPT_CHECKNAMES, check);
607 dns_zone_setoption(zone, DNS_ZONEOPT_CHECKNAMESFAIL, fail);
608
609 obj = NULL;
610 result = ns_config_get(maps, "notify-delay", &obj);
611 INSIST(result == ISC_R_SUCCESS);
612 dns_zone_setnotifydelay(zone, cfg_obj_asuint32(obj));
613
614 obj = NULL;
615 result = ns_config_get(maps, "check-sibling", &obj);
616 INSIST(result == ISC_R_SUCCESS);
617 dns_zone_setoption(zone, DNS_ZONEOPT_CHECKSIBLING,
618 cfg_obj_asboolean(obj));
619
620 obj = NULL;
621 result = ns_config_get(maps, "zero-no-soa-ttl", &obj);
622 INSIST(result == ISC_R_SUCCESS);
623 dns_zone_setzeronosoattl(zone, cfg_obj_asboolean(obj));
624 }
625
626 /*
627 * Configure update-related options. These apply to
628 * primary masters only.
629 */
630 if (ztype == dns_zone_master) {
631 dns_acl_t *updateacl;
632 RETERR(configure_zone_acl(zconfig, vconfig, config,
633 "allow-update", ac, zone,
634 dns_zone_setupdateacl,
635 dns_zone_clearupdateacl));
636
637 updateacl = dns_zone_getupdateacl(zone);
638 if (updateacl != NULL && dns_acl_isinsecure(updateacl))
639 isc_log_write(ns_g_lctx, DNS_LOGCATEGORY_SECURITY,
640 NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
641 "zone '%s' allows updates by IP "
642 "address, which is insecure",
643 zname);
644
645 RETERR(configure_zone_ssutable(zoptions, zone));
646
647 obj = NULL;
648 result = ns_config_get(maps, "sig-validity-interval", &obj);
649 INSIST(result == ISC_R_SUCCESS);
650 dns_zone_setsigvalidityinterval(zone,
651 cfg_obj_asuint32(obj) * 86400);
652
653 obj = NULL;
654 result = ns_config_get(maps, "key-directory", &obj);
655 if (result == ISC_R_SUCCESS) {
656 filename = cfg_obj_asstring(obj);
657 if (!isc_file_isabsolute(filename)) {
658 cfg_obj_log(obj, ns_g_lctx, ISC_LOG_ERROR,
659 "key-directory '%s' "
660 "is not absolute", filename);
661 return (ISC_R_FAILURE);
662 }
663 RETERR(dns_zone_setkeydirectory(zone, filename));
664 }
665
666 obj = NULL;
667 result = ns_config_get(maps, "check-wildcard", &obj);
668 if (result == ISC_R_SUCCESS)
669 check = cfg_obj_asboolean(obj);
670 else
671 check = ISC_FALSE;
672 dns_zone_setoption(zone, DNS_ZONEOPT_CHECKWILDCARD, check);
673
674 obj = NULL;
675 result = ns_config_get(maps, "check-mx", &obj);
676 INSIST(obj != NULL);
677 if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
678 fail = ISC_FALSE;
679 check = ISC_TRUE;
680 } else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
681 fail = check = ISC_TRUE;
682 } else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
683 fail = check = ISC_FALSE;
684 } else
685 INSIST(0);
686 dns_zone_setoption(zone, DNS_ZONEOPT_CHECKMX, check);
687 dns_zone_setoption(zone, DNS_ZONEOPT_CHECKMXFAIL, fail);
688
689 obj = NULL;
690 result = ns_config_get(maps, "check-integrity", &obj);
691 INSIST(obj != NULL);
692 dns_zone_setoption(zone, DNS_ZONEOPT_CHECKINTEGRITY,
693 cfg_obj_asboolean(obj));
694
695 obj = NULL;
696 result = ns_config_get(maps, "check-mx-cname", &obj);
697 INSIST(obj != NULL);
698 if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
699 warn = ISC_TRUE;
700 ignore = ISC_FALSE;
701 } else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
702 warn = ignore = ISC_FALSE;
703 } else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
704 warn = ignore = ISC_TRUE;
705 } else
706 INSIST(0);
707 dns_zone_setoption(zone, DNS_ZONEOPT_WARNMXCNAME, warn);
708 dns_zone_setoption(zone, DNS_ZONEOPT_IGNOREMXCNAME, ignore);
709
710 obj = NULL;
711 result = ns_config_get(maps, "check-srv-cname", &obj);
712 INSIST(obj != NULL);
713 if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
714 warn = ISC_TRUE;
715 ignore = ISC_FALSE;
716 } else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
717 warn = ignore = ISC_FALSE;
718 } else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
719 warn = ignore = ISC_TRUE;
720 } else
721 INSIST(0);
722 dns_zone_setoption(zone, DNS_ZONEOPT_WARNSRVCNAME, warn);
723 dns_zone_setoption(zone, DNS_ZONEOPT_IGNORESRVCNAME, ignore);
724
725 obj = NULL;
726 result = ns_config_get(maps, "update-check-ksk", &obj);
727 INSIST(result == ISC_R_SUCCESS);
728 dns_zone_setoption(zone, DNS_ZONEOPT_UPDATECHECKKSK,
729 cfg_obj_asboolean(obj));
730 }
731
732 /*
733 * Configure update-related options. These apply to
734 * primary masters only.
735 */
736 if (ztype == dns_zone_master) {
737 dns_acl_t *updateacl;
738 RETERR(configure_zone_acl(zconfig, vconfig, config,
739 "allow-update", ac, zone,
740 dns_zone_setupdateacl,
741 dns_zone_clearupdateacl));
742
743 updateacl = dns_zone_getupdateacl(zone);
744 if (updateacl != NULL && dns_acl_isinsecure(updateacl))
745 isc_log_write(ns_g_lctx, DNS_LOGCATEGORY_SECURITY,
746 NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
747 "zone '%s' allows updates by IP "
748 "address, which is insecure",
749 zname);
750
751 RETERR(configure_zone_ssutable(zoptions, zone));
752
753 obj = NULL;
754 result = ns_config_get(maps, "sig-validity-interval", &obj);
755 INSIST(result == ISC_R_SUCCESS);
756 dns_zone_setsigvalidityinterval(zone,
757 cfg_obj_asuint32(obj) * 86400);
758
759 obj = NULL;
760 result = ns_config_get(maps, "key-directory", &obj);
761 if (result == ISC_R_SUCCESS) {
762 filename = cfg_obj_asstring(obj);
763 if (!isc_file_isabsolute(filename)) {
764 cfg_obj_log(obj, ns_g_lctx, ISC_LOG_ERROR,
765 "key-directory '%s' "
766 "is not absolute", filename);
767 return (ISC_R_FAILURE);
768 }
769 RETERR(dns_zone_setkeydirectory(zone, filename));
770 }
771
772 } else if (ztype == dns_zone_slave) {
773 RETERR(configure_zone_acl(zconfig, vconfig, config,
774 "allow-update-forwarding", ac, zone,
775 dns_zone_setforwardacl,
776 dns_zone_clearforwardacl));
777 }
778
779 /*
780 * Configure slave functionality.
781 */
782 switch (ztype) {
783 case dns_zone_slave:
784 case dns_zone_stub:
785 count = 0;
786 obj = NULL;
787 result = cfg_map_get(zoptions, "masters", &obj);
788 if (obj != NULL) {
789 addrs = NULL;
790 keynames = NULL;
791 RETERR(ns_config_getipandkeylist(config, obj, mctx,
792 &addrs, &keynames,
793 &count));
794 result = dns_zone_setmasterswithkeys(zone, addrs,
795 keynames, count);
796 ns_config_putipandkeylist(mctx, &addrs, &keynames,
797 count);
798 } else
799 result = dns_zone_setmasters(zone, NULL, 0);
800 RETERR(result);
801
802 multi = ISC_FALSE;
803 if (count > 1) {
804 obj = NULL;
805 result = ns_config_get(maps, "multi-master", &obj);
806 INSIST(result == ISC_R_SUCCESS);
807 multi = cfg_obj_asboolean(obj);
808 }
809 dns_zone_setoption(zone, DNS_ZONEOPT_MULTIMASTER, multi);
810
811 obj = NULL;
812 result = ns_config_get(maps, "max-transfer-time-in", &obj);
813 INSIST(result == ISC_R_SUCCESS);
814 dns_zone_setmaxxfrin(zone, cfg_obj_asuint32(obj) * 60);
815
816 obj = NULL;
817 result = ns_config_get(maps, "max-transfer-idle-in", &obj);
818 INSIST(result == ISC_R_SUCCESS);
819 dns_zone_setidlein(zone, cfg_obj_asuint32(obj) * 60);
820
821 obj = NULL;
822 result = ns_config_get(maps, "max-refresh-time", &obj);
823 INSIST(result == ISC_R_SUCCESS);
824 dns_zone_setmaxrefreshtime(zone, cfg_obj_asuint32(obj));
825
826 obj = NULL;
827 result = ns_config_get(maps, "min-refresh-time", &obj);
828 INSIST(result == ISC_R_SUCCESS);
829 dns_zone_setminrefreshtime(zone, cfg_obj_asuint32(obj));
830
831 obj = NULL;
832 result = ns_config_get(maps, "max-retry-time", &obj);
833 INSIST(result == ISC_R_SUCCESS);
834 dns_zone_setmaxretrytime(zone, cfg_obj_asuint32(obj));
835
836 obj = NULL;
837 result = ns_config_get(maps, "min-retry-time", &obj);
838 INSIST(result == ISC_R_SUCCESS);
839 dns_zone_setminretrytime(zone, cfg_obj_asuint32(obj));
840
841 obj = NULL;
842 result = ns_config_get(maps, "transfer-source", &obj);
843 INSIST(result == ISC_R_SUCCESS);
844 RETERR(dns_zone_setxfrsource4(zone, cfg_obj_assockaddr(obj)));
845 ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));
846
847 obj = NULL;
848 result = ns_config_get(maps, "transfer-source-v6", &obj);
849 INSIST(result == ISC_R_SUCCESS);
850 RETERR(dns_zone_setxfrsource6(zone, cfg_obj_assockaddr(obj)));
851 ns_add_reserved_dispatch(ns_g_server, cfg_obj_assockaddr(obj));
852
853 obj = NULL;
854 result = ns_config_get(maps, "alt-transfer-source", &obj);
855 INSIST(result == ISC_R_SUCCESS);
856 RETERR(dns_zone_setaltxfrsource4(zone, cfg_obj_assockaddr(obj)));
857
858 obj = NULL;
859 result = ns_config_get(maps, "alt-transfer-source-v6", &obj);
860 INSIST(result == ISC_R_SUCCESS);
861 RETERR(dns_zone_setaltxfrsource6(zone, cfg_obj_assockaddr(obj)));
862
863 obj = NULL;
864 (void)ns_config_get(maps, "use-alt-transfer-source", &obj);
865 if (obj == NULL) {
866 /*
867 * Default off when views are in use otherwise
868 * on for BIND 8 compatibility.
869 */
870 view = dns_zone_getview(zone);
871 if (view != NULL && strcmp(view->name, "_default") == 0)
872 alt = ISC_TRUE;
873 else
874 alt = ISC_FALSE;
875 } else
876 alt = cfg_obj_asboolean(obj);
877 dns_zone_setoption(zone, DNS_ZONEOPT_USEALTXFRSRC, alt);
878
879 break;
880
881 default:
882 break;
883 }
884
885 return (ISC_R_SUCCESS);
886 }
887
888 isc_boolean_t
889 ns_zone_reusable(dns_zone_t *zone, const cfg_obj_t *zconfig) {
890 const cfg_obj_t *zoptions = NULL;
891 const cfg_obj_t *obj = NULL;
892 const char *cfilename;
893 const char *zfilename;
894
895 zoptions = cfg_tuple_get(zconfig, "options");
896
897 if (zonetype_fromconfig(zoptions) != dns_zone_gettype(zone))
898 return (ISC_FALSE);
899
900 obj = NULL;
901 (void)cfg_map_get(zoptions, "file", &obj);
902 if (obj != NULL)
903 cfilename = cfg_obj_asstring(obj);
904 else
905 cfilename = NULL;
906 zfilename = dns_zone_getfile(zone);
907 if (!((cfilename == NULL && zfilename == NULL) ||
908 (cfilename != NULL && zfilename != NULL &&
909 strcmp(cfilename, zfilename) == 0)))
910 return (ISC_FALSE);
911
912 return (ISC_TRUE);
913 }
FreeBSD kvm: FreeBSD sources