Check parental-agents config

Add checks for "parental-agents" configuration, checking for the option
being at wrong type of zone (only allowed for primaries and
secondaries), duplicate definitions, duplicate references, and
undefined parental clauses (the name referenced in the zone clause
does not have a matching "parental-agent" clause).

bin/tests/system/checkconf/bad-parental-agents-def-options.conf

@@ -0,0 +1,19 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+	parental-agents { 192.168.1.2; };
+};
+
+zone "example.net" {
+	type primary;
+	file "example.net.db";
+};

bin/tests/system/checkconf/bad-parental-agents-def-view.conf

@@ -0,0 +1,18 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+view "test" {
+	parental-agents { 192.168.1.2; };
+	zone "example.net" {
+		type primary;
+		file "example.net.db";
+	};
+};

bin/tests/system/checkconf/bad-parental-agents-def-view2.conf

@@ -0,0 +1,20 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+view "test" {
+	parental-agents "net" {
+		192.168.1.2;
+	 };
+	zone "example.net" {
+		type primary;
+		file "example.net.db";
+	};
+};

bin/tests/system/checkconf/bad-parental-agents-def-zone.conf

@@ -0,0 +1,16 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+zone "example.net" {
+	type primary;
+	file "example.net.db";
+	parental-agents "net" { 192.168.1.1; };
+};

bin/tests/system/checkconf/bad-parental-agents-dup.conf

@@ -0,0 +1,17 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+zone "example.net" {
+	type primary;
+	file "example.net.db";
+	parental-agents { 192.168.1.1; };
+	parental-agents { 192.168.1.1; };
+};

bin/tests/system/checkconf/bad-parental-agents-dupdef.conf

@@ -0,0 +1,24 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+parental-agents "net" {
+	192.168.1.1;
+};
+
+parental-agents "net" {
+	192.168.1.2;
+};
+
+zone "example.net" {
+	type primary;
+	file "example.net.db";
+	parental-agents { "net"; };
+};

bin/tests/system/checkconf/bad-parental-agents-empty.conf

@@ -0,0 +1,18 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+parental-agents "net" { };
+
+zone "example.net" {
+	type primary;
+	file "example.net.db";
+	parental-agents { "net"; };
+};

bin/tests/system/checkconf/bad-parental-agents-empty2.conf

@@ -0,0 +1,16 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+zone "example.net" {
+	type primary;
+	file "example.net.db";
+	parental-agents { };
+};

bin/tests/system/checkconf/bad-parental-agents-mirror.conf

@@ -0,0 +1,16 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+zone "." {
+	type mirror;
+	file "root.mirror";
+	parental-agents { 192.168.1.1; };
+};

bin/tests/system/checkconf/bad-parental-agents-notfound.conf

@@ -0,0 +1,20 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+parental-agents "com" {
+	192.168.1.2;
+};
+
+zone "example.net" {
+	type primary;
+	file "example.net.db";
+	parental-agents { "net"; };
+};

bin/tests/system/checkconf/bad-primaries-notfound.conf

@@ -0,0 +1,19 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+primaries "net" {
+	 192.168.1.2;
+};
+
+zone "example.net" {
+	type secondary;
+	primaries { "foo"; };
+};

lib/bind9/check.c

@@ -1841,12 +1841,12 @@ check_options(const cfg_obj_t *options, const cfg_obj_t *config,
 }
 
 /*
- * Check "primaries" style list.
+ * Check "remote-servers" style list.
  */
 static isc_result_t
-bind9_check_primarylist(const cfg_obj_t *cctx, const char *list,
-			isc_log_t *logctx, isc_symtab_t *symtab,
-			isc_mem_t *mctx) {
+bind9_check_remoteserverlist(const cfg_obj_t *cctx, const char *list,
+			     isc_log_t *logctx, isc_symtab_t *symtab,
+			     isc_mem_t *mctx) {
 	isc_symvalue_t symvalue;
 	isc_result_t result, tresult;
 	const cfg_obj_t *obj = NULL;
@@ -1883,9 +1883,9 @@ bind9_check_primarylist(const cfg_obj_t *cctx, const char *list,
 				file = "<unknown file>";
 			}
 			cfg_obj_log(obj, logctx, ISC_LOG_ERROR,
-				    "primaries list '%s' is duplicated: "
+				    "%s list '%s' is duplicated: "
 				    "also defined at %s:%u",
-				    name, file, line);
+				    list, name, file, line);
 			isc_mem_free(mctx, tmp);
 			result = tresult;
 			break;
@@ -1913,13 +1913,35 @@ bind9_check_primarylists(const cfg_obj_t *cctx, isc_log_t *logctx,
 	if (result != ISC_R_SUCCESS) {
 		return (result);
 	}
-	tresult = bind9_check_primarylist(cctx, "primaries", logctx, symtab,
-					  mctx);
+	tresult = bind9_check_remoteserverlist(cctx, "primaries", logctx,
+					       symtab, mctx);
 	if (tresult != ISC_R_SUCCESS) {
 		result = tresult;
 	}
-	tresult = bind9_check_primarylist(cctx, "masters", logctx, symtab,
-					  mctx);
+	tresult = bind9_check_remoteserverlist(cctx, "masters", logctx, symtab,
+					       mctx);
+	if (tresult != ISC_R_SUCCESS) {
+		result = tresult;
+	}
+	isc_symtab_destroy(&symtab);
+	return (result);
+}
+
+/*
+ * Check parental-agents lists for duplicates.
+ */
+static isc_result_t
+bind9_check_parentalagentlists(const cfg_obj_t *cctx, isc_log_t *logctx,
+			       isc_mem_t *mctx) {
+	isc_result_t result, tresult;
+	isc_symtab_t *symtab = NULL;
+
+	result = isc_symtab_create(mctx, 100, freekey, mctx, false, &symtab);
+	if (result != ISC_R_SUCCESS) {
+		return (result);
+	}
+	tresult = bind9_check_remoteserverlist(cctx, "parental-agents", logctx,
+					       symtab, mctx);
 	if (tresult != ISC_R_SUCCESS) {
 		result = tresult;
 	}
@@ -1928,8 +1950,8 @@ bind9_check_primarylists(const cfg_obj_t *cctx, isc_log_t *logctx,
 }
 
 static isc_result_t
-get_primaries(const cfg_obj_t *cctx, const char *list, const char *name,
-	      const cfg_obj_t **ret) {
+get_remotes(const cfg_obj_t *cctx, const char *list, const char *name,
+	    const cfg_obj_t **ret) {
 	isc_result_t result;
 	const cfg_obj_t *obj = NULL;
 	const cfg_listelt_t *elt = NULL;
@@ -1958,20 +1980,25 @@ get_primaries(const cfg_obj_t *cctx, const char *list, const char *name,
 }
 
 static isc_result_t
-get_primaries_def(const cfg_obj_t *cctx, const char *name,
-		  const cfg_obj_t **ret) {
-	isc_result_t result;
+get_remoteservers_def(const char *list, const char *name, const cfg_obj_t *cctx,
+		      const cfg_obj_t **ret) {
+	isc_result_t result = ISC_R_NOTFOUND;
 
-	result = get_primaries(cctx, "primaries", name, ret);
-	if (result != ISC_R_SUCCESS) {
-		result = get_primaries(cctx, "masters", name, ret);
+	if (strcmp(list, "primaries") == 0) {
+		result = get_remotes(cctx, "primaries", name, ret);
+		if (result != ISC_R_SUCCESS) {
+			result = get_remotes(cctx, "masters", name, ret);
+		}
+	} else if (strcmp(list, "parental-agents") == 0) {
+		result = get_remotes(cctx, "parental-agents", name, ret);
 	}
 	return (result);
 }
 
 static isc_result_t
-validate_primaries(const cfg_obj_t *obj, const cfg_obj_t *config,
-		   uint32_t *countp, isc_log_t *logctx, isc_mem_t *mctx) {
+validate_remotes(const char *list, const cfg_obj_t *obj,
+		 const cfg_obj_t *config, uint32_t *countp, isc_log_t *logctx,
+		 isc_mem_t *mctx) {
 	isc_result_t result = ISC_R_SUCCESS;
 	isc_result_t tresult;
 	uint32_t count = 0;
@@ -1980,7 +2007,7 @@ validate_primaries(const cfg_obj_t *obj, const cfg_obj_t *config,
 	const cfg_listelt_t *element;
 	const cfg_listelt_t **stack = NULL;
 	uint32_t stackcount = 0, pushed = 0;
-	const cfg_obj_t *list;
+	const cfg_obj_t *listobj;
 
 	REQUIRE(countp != NULL);
 	result = isc_symtab_create(mctx, 100, NULL, NULL, false, &symtab);
@@ -1990,8 +2017,8 @@ validate_primaries(const cfg_obj_t *obj, const cfg_obj_t *config,
 	}
 
 newlist:
-	list = cfg_tuple_get(obj, "addresses");
-	element = cfg_list_first(list);
+	listobj = cfg_tuple_get(obj, "addresses");
+	element = cfg_list_first(listobj);
 resume:
 	for (; element != NULL; element = cfg_list_next(element)) {
 		const char *listname;
@@ -2021,13 +2048,13 @@ resume:
 		if (tresult == ISC_R_EXISTS) {
 			continue;
 		}
-		tresult = get_primaries_def(config, listname, &obj);
+		tresult = get_remoteservers_def(list, listname, config, &obj);
 		if (tresult != ISC_R_SUCCESS) {
 			if (result == ISC_R_SUCCESS) {
 				result = tresult;
 			}
 			cfg_obj_log(addr, logctx, ISC_LOG_ERROR,
-				    "unable to find primaries list '%s'",
+				    "unable to find %s list '%s'", list,
 				    listname);
 			continue;
 		}
@@ -2764,8 +2791,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
 		}
 		if (tresult == ISC_R_SUCCESS && donotify) {
 			uint32_t count;
-			tresult = validate_primaries(obj, config, &count,
-						     logctx, mctx);
+			tresult = validate_remotes("primaries", obj, config,
+						   &count, logctx, mctx);
 			if (tresult != ISC_R_SUCCESS && result == ISC_R_SUCCESS)
 			{
 				result = tresult;
@@ -2806,8 +2833,8 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
 			result = ISC_R_FAILURE;
 		} else {
 			uint32_t count;
-			tresult = validate_primaries(obj, config, &count,
-						     logctx, mctx);
+			tresult = validate_remotes("primaries", obj, config,
+						   &count, logctx, mctx);
 			if (tresult != ISC_R_SUCCESS && result == ISC_R_SUCCESS)
 			{
 				result = tresult;
@@ -2822,6 +2849,32 @@ check_zoneconf(const cfg_obj_t *zconfig, const cfg_obj_t *voptions,
 		}
 	}
 
+	/*
+	 * Primary and secondary zones that have a "parental-agents" field,
+	 * must have a corresponding "parental-agents" clause.
+	 */
+	if (ztype == CFG_ZONE_MASTER || ztype == CFG_ZONE_SLAVE) {
+		obj = NULL;
+		(void)cfg_map_get(zoptions, "parental-agents", &obj);
+		if (obj != NULL) {
+			uint32_t count;
+			tresult = validate_remotes("parental-agents", obj,
+						   config, &count, logctx,
+						   mctx);
+			if (tresult != ISC_R_SUCCESS && result == ISC_R_SUCCESS)
+			{
+				result = tresult;
+			}
+			if (tresult == ISC_R_SUCCESS && count == 0) {
+				cfg_obj_log(zoptions, logctx, ISC_LOG_ERROR,
+					    "zone '%s': "
+					    "empty 'parental-agents' entry",
+					    znamestr);
+				result = ISC_R_FAILURE;
+			}
+		}
+	}
+
 	/*
 	 * Configuring a mirror zone and disabling recursion at the same time
 	 * contradicts the purpose of the former.
@@ -5148,6 +5201,11 @@ bind9_check_namedconf(const cfg_obj_t *config, bool check_plugins,
 		result = ISC_R_FAILURE;
 	}
 
+	if (bind9_check_parentalagentlists(config, logctx, mctx) !=
+	    ISC_R_SUCCESS) {
+		result = ISC_R_FAILURE;
+	}
+
 	(void)cfg_map_get(config, "view", &views);
 
 	if (views != NULL && options != NULL) {