diff --git a/bin/named/server.c b/bin/named/server.c index b199d36fc7..ae72b80985 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -11059,6 +11059,7 @@ listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, cfg_aclconfctx_t *actx, isc_mem_t *mctx, uint16_t family, ns_listenelt_t **target) { isc_result_t result; + const cfg_obj_t *ltup = NULL; const cfg_obj_t *tlsobj = NULL, *httpobj = NULL; const cfg_obj_t *portobj = NULL, *dscpobj = NULL; const cfg_obj_t *http_server = NULL; @@ -11070,7 +11071,10 @@ listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, REQUIRE(target != NULL && *target == NULL); - tlsobj = cfg_tuple_get(listener, "tls"); + ltup = cfg_tuple_get(listener, "tuple"); + RUNTIME_CHECK(ltup != NULL); + + tlsobj = cfg_tuple_get(ltup, "tls"); if (tlsobj != NULL && cfg_obj_isstring(tlsobj)) { const char *tlsname = cfg_obj_asstring(tlsobj); @@ -11097,7 +11101,7 @@ listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, } } - httpobj = cfg_tuple_get(listener, "http"); + httpobj = cfg_tuple_get(ltup, "http"); if (httpobj != NULL && cfg_obj_isstring(httpobj)) { const char *httpname = cfg_obj_asstring(httpobj); @@ -11120,7 +11124,7 @@ listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, http = true; } - portobj = cfg_tuple_get(listener, "port"); + portobj = cfg_tuple_get(ltup, "port"); if (!cfg_obj_isuint32(portobj)) { if (http && do_tls) { if (named_g_httpsport != 0) { @@ -11174,7 +11178,7 @@ listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, port = (in_port_t)cfg_obj_asuint32(portobj); } - dscpobj = cfg_tuple_get(listener, "dscp"); + dscpobj = cfg_tuple_get(ltup, "dscp"); if (!cfg_obj_isuint32(dscpobj)) { dscp = named_g_dscp; } else { diff --git a/bin/tests/system/checkconf/good-doh-global.conf b/bin/tests/system/checkconf/good-doh-2.conf similarity index 81% rename from bin/tests/system/checkconf/good-doh-global.conf rename to bin/tests/system/checkconf/good-doh-2.conf index f5eb63477f..52f2be3e9f 100644 --- a/bin/tests/system/checkconf/good-doh-global.conf +++ b/bin/tests/system/checkconf/good-doh-2.conf @@ -22,6 +22,6 @@ options { listen-on { 10.53.0.1; }; http-port 80; https-port 443; - listen-on port 443 tls local-tls http local-http-server { 10.53.0.1; }; - listen-on port 8080 http local-http-server { 10.53.0.1; }; + listen-on port 443 http local-http-server tls local-tls { 10.53.0.1; }; + listen-on port 8080 tls none http local-http-server { 10.53.0.1; }; }; diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index e90ab215f8..7c29970a81 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -76,6 +76,15 @@ doc_keyvalue(cfg_printer_t *pctx, const cfg_type_t *type); static void doc_optional_keyvalue(cfg_printer_t *pctx, const cfg_type_t *type); +static isc_result_t +cfg_parse_kv_tuple(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret); + +static void +cfg_print_kv_tuple(cfg_printer_t *pctx, const cfg_obj_t *obj); + +static void +cfg_doc_kv_tuple(cfg_printer_t *pctx, const cfg_type_t *type); + static cfg_type_t cfg_type_acl; static cfg_type_t cfg_type_bracketed_dscpsockaddrlist; static cfg_type_t cfg_type_bracketed_namesockaddrkeylist; @@ -91,7 +100,6 @@ static cfg_type_t cfg_type_dnssecpolicy; static cfg_type_t cfg_type_dnstap; static cfg_type_t cfg_type_dnstapoutput; static cfg_type_t cfg_type_dyndb; -static cfg_type_t cfg_type_plugin; static cfg_type_t cfg_type_http_description; static cfg_type_t cfg_type_ixfrdifftype; static cfg_type_t cfg_type_ixfrratio; @@ -110,12 +118,12 @@ static cfg_type_t cfg_type_optional_allow; static cfg_type_t cfg_type_optional_class; static cfg_type_t cfg_type_optional_dscp; static cfg_type_t cfg_type_optional_facility; -static cfg_type_t cfg_type_optional_http; static cfg_type_t cfg_type_optional_keyref; static cfg_type_t cfg_type_optional_port; static cfg_type_t cfg_type_optional_uint32; static cfg_type_t cfg_type_optional_tls; static cfg_type_t cfg_type_options; +static cfg_type_t cfg_type_plugin; static cfg_type_t cfg_type_portiplist; static cfg_type_t cfg_type_printtime; static cfg_type_t cfg_type_qminmethod; @@ -150,11 +158,20 @@ static cfg_type_t cfg_type_tkey_dhkey = { "tkey-dhkey", cfg_parse_tuple, /*% listen-on */ -static cfg_tuplefielddef_t listenon_fields[] = { +static cfg_tuplefielddef_t listenon_tuple_fields[] = { { "port", &cfg_type_optional_port, 0 }, - { "dscp", &cfg_type_optional_dscp, 0 }, - { "tls", &cfg_type_optional_tls, 0 }, - { "http", &cfg_type_optional_http, 0 }, + { "dscp", &cfg_type_uint32, 0 }, + { "tls", &cfg_type_astring, 0 }, + { "http", &cfg_type_astring, 0 }, + { NULL, NULL, 0 } +}; +static cfg_type_t cfg_type_listen_tuple = { + "listenon tuple", cfg_parse_kv_tuple, cfg_print_kv_tuple, + cfg_doc_kv_tuple, &cfg_rep_tuple, listenon_tuple_fields +}; + +static cfg_tuplefielddef_t listenon_fields[] = { + { "tuple", &cfg_type_listen_tuple, 0 }, { "acl", &cfg_type_bracketed_aml, 0 }, { NULL, NULL, 0 } }; @@ -3842,8 +3859,6 @@ static cfg_clausedef_t tls_clauses[] = { { "cert-file", &cfg_type_qstring, 0 }, { "ca-file", &cfg_type_qstring, 0 }, { "hostname", &cfg_type_qstring, 0 }, - /* { "trusted-cert-file", &cfg_type_qstring, * - CFG_CLAUSEFLAG_EXPERIMENTAL}, */ { "dh-param", &cfg_type_qstring, CFG_CLAUSEFLAG_EXPERIMENTAL }, { "protocols", &cfg_type_sslprotos, CFG_CLAUSEFLAG_EXPERIMENTAL }, { "ciphers", &cfg_type_astring, CFG_CLAUSEFLAG_EXPERIMENTAL }, @@ -3882,9 +3897,3 @@ static cfg_type_t cfg_type_http_description = { "http_desc", cfg_parse_named_map, cfg_print_map, cfg_doc_map, &cfg_rep_map, http_description_clausesets }; - -static keyword_type_t http_kw = { "http", &cfg_type_astring }; -static cfg_type_t cfg_type_optional_http = { - "http_optional", parse_optional_keyvalue, print_keyvalue, - doc_optional_keyvalue, &cfg_rep_string, &http_kw -};