From 0c29904b27c9ab3b85ecbde159b22ae1323bdbcd Mon Sep 17 00:00:00 2001 From: Mukund Sivaraman Date: Mon, 8 Feb 2016 13:56:19 +0530 Subject: [PATCH] Check that configured view class isn't a meta class (#41572) --- CHANGES | 3 ++ bin/check/named-checkconf.c | 39 ++++++++++++++----- bin/named/server.c | 12 +++++- bin/tests/system/checkconf/tests.sh | 24 ++++++++++++ .../system/checkconf/view-class-any1.conf | 17 ++++++++ .../system/checkconf/view-class-any2.conf | 17 ++++++++ .../system/checkconf/view-class-in1.conf | 17 ++++++++ .../system/checkconf/view-class-in2.conf | 17 ++++++++ 8 files changed, 135 insertions(+), 11 deletions(-) create mode 100644 bin/tests/system/checkconf/view-class-any1.conf create mode 100644 bin/tests/system/checkconf/view-class-any2.conf create mode 100644 bin/tests/system/checkconf/view-class-in1.conf create mode 100644 bin/tests/system/checkconf/view-class-in2.conf diff --git a/CHANGES b/CHANGES index c0a4b8dae5..f6f15606bb 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +4315. [bug] Check that configured view class isn't a meta class. + [RT #41572]. + 4314. [contrib] Added 'dnsperf-2.1.0.0-1', a set of performance testing tools provided by Nominum, Inc. diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c index 62f7433a52..d37621e5a2 100644 --- a/bin/check/named-checkconf.c +++ b/bin/check/named-checkconf.c @@ -441,15 +441,27 @@ configure_view(const char *vclass, const char *view, const cfg_obj_t *config, return (result); } +static isc_result_t +config_getclass(const cfg_obj_t *classobj, dns_rdataclass_t defclass, + dns_rdataclass_t *classp) +{ + isc_textregion_t r; + + if (!cfg_obj_isstring(classobj)) { + *classp = defclass; + return (ISC_R_SUCCESS); + } + DE_CONST(cfg_obj_asstring(classobj), r.base); + r.length = strlen(r.base); + return (dns_rdataclass_fromtext(classp, &r)); +} /*% load zones from the configuration */ static isc_result_t load_zones_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx) { const cfg_listelt_t *element; - const cfg_obj_t *classobj; const cfg_obj_t *views; const cfg_obj_t *vconfig; - const char *vclass; isc_result_t result = ISC_R_SUCCESS; isc_result_t tresult; @@ -460,17 +472,24 @@ load_zones_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx) { element != NULL; element = cfg_list_next(element)) { + const cfg_obj_t *classobj; + dns_rdataclass_t viewclass; const char *vname; + char buf[sizeof("CLASS65535")]; - vclass = "IN"; vconfig = cfg_listelt_value(element); - if (vconfig != NULL) { - classobj = cfg_tuple_get(vconfig, "class"); - if (cfg_obj_isstring(classobj)) - vclass = cfg_obj_asstring(classobj); - } + if (vconfig == NULL) + continue; + + classobj = cfg_tuple_get(vconfig, "class"); + CHECK(config_getclass(classobj, dns_rdataclass_in, + &viewclass)); + if (dns_rdataclass_ismeta(viewclass)) + CHECK(ISC_R_FAILURE); + + dns_rdataclass_format(viewclass, buf, sizeof(buf)); vname = cfg_obj_asstring(cfg_tuple_get(vconfig, "name")); - tresult = configure_view(vclass, vname, config, vconfig, mctx); + tresult = configure_view(buf, vname, config, vconfig, mctx); if (tresult != ISC_R_SUCCESS) result = tresult; } @@ -480,6 +499,8 @@ load_zones_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx) { if (tresult != ISC_R_SUCCESS) result = tresult; } + +cleanup: return (result); } diff --git a/bin/named/server.c b/bin/named/server.c index e5954aa0fc..554e2414aa 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -4419,8 +4419,15 @@ get_viewinfo(const cfg_obj_t *vconfig, const char **namep, viewname = cfg_obj_asstring(cfg_tuple_get(vconfig, "name")); classobj = cfg_tuple_get(vconfig, "class"); - result = ns_config_getclass(classobj, dns_rdataclass_in, - &viewclass); + CHECK(ns_config_getclass(classobj, dns_rdataclass_in, + &viewclass)); + if (dns_rdataclass_ismeta(viewclass)) { + isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, + NS_LOGMODULE_SERVER, ISC_LOG_ERROR, + "view '%s': class must not be meta", + viewname); + CHECK(ISC_R_FAILURE); + } } else { viewname = "_default"; viewclass = dns_rdataclass_in; @@ -4429,6 +4436,7 @@ get_viewinfo(const cfg_obj_t *vconfig, const char **namep, *namep = viewname; *classp = viewclass; +cleanup: return (result); } diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh index 4324c582c9..ad53c3ad22 100644 --- a/bin/tests/system/checkconf/tests.sh +++ b/bin/tests/system/checkconf/tests.sh @@ -199,6 +199,30 @@ $CHECKCONF -z altdlz.conf > /dev/null 2>&1 || ret=1 if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi status=`expr $status + $ret` +echo "I: checking that named-checkconf -z fails on view with ANY class" +ret=0 +$CHECKCONF -z view-class-any1.conf > /dev/null 2>&1 && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi +status=`expr $status + $ret` + +echo "I: checking that named-checkconf -z fails on view with CLASS255 class" +ret=0 +$CHECKCONF -z view-class-any2.conf > /dev/null 2>&1 && ret=1 +if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi +status=`expr $status + $ret` + +echo "I: checking that named-checkconf -z passes on view with IN class" +ret=0 +$CHECKCONF -z view-class-in1.conf > /dev/null 2>&1 || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi +status=`expr $status + $ret` + +echo "I: checking that named-checkconf -z passes on view with CLASS1 class" +ret=0 +$CHECKCONF -z view-class-in2.conf > /dev/null 2>&1 || ret=1 +if [ $ret != 0 ]; then echo "I:failed"; ret=1; fi +status=`expr $status + $ret` + echo "I: check that check-names fails as configured" ret=0 $CHECKCONF -z check-names-fail.conf > checkconf.out1 2>&1 && ret=1 diff --git a/bin/tests/system/checkconf/view-class-any1.conf b/bin/tests/system/checkconf/view-class-any1.conf new file mode 100644 index 0000000000..21c56c33d7 --- /dev/null +++ b/bin/tests/system/checkconf/view-class-any1.conf @@ -0,0 +1,17 @@ +/* + * Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +view "example" any { }; diff --git a/bin/tests/system/checkconf/view-class-any2.conf b/bin/tests/system/checkconf/view-class-any2.conf new file mode 100644 index 0000000000..49782fd5a1 --- /dev/null +++ b/bin/tests/system/checkconf/view-class-any2.conf @@ -0,0 +1,17 @@ +/* + * Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +view "example" class255 { }; diff --git a/bin/tests/system/checkconf/view-class-in1.conf b/bin/tests/system/checkconf/view-class-in1.conf new file mode 100644 index 0000000000..3cb6f1e203 --- /dev/null +++ b/bin/tests/system/checkconf/view-class-in1.conf @@ -0,0 +1,17 @@ +/* + * Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +view "example" in { }; diff --git a/bin/tests/system/checkconf/view-class-in2.conf b/bin/tests/system/checkconf/view-class-in2.conf new file mode 100644 index 0000000000..0cc3b2ea48 --- /dev/null +++ b/bin/tests/system/checkconf/view-class-in2.conf @@ -0,0 +1,17 @@ +/* + * Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC") + * + * Permission to use, copy, modify, and/or distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH + * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY + * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, + * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM + * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE + * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR + * PERFORMANCE OF THIS SOFTWARE. + */ + +view "example" class1 { };