From 27250ec8d2a253118d1df1d980ef1f9e5d66ab38 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Wed, 9 Nov 2022 09:50:32 +0000 Subject: [PATCH 1/2] named-checkzone -z ignored the check-wildcard option Lookup and set the wildcard option according to the configuration settings. The default is on as per bin/named/config.c. (cherry picked from commit dfc5c1e018e1cd1219987fb7d910acbdbb11f035) --- CHANGES | 3 +++ bin/check/named-checkconf.c | 11 +++++++++++ 2 files changed, 14 insertions(+) diff --git a/CHANGES b/CHANGES index 8648e9d870..34f7df49f8 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +6020. [bug] Ensure 'named-checkconf -z' respects the check-wildcard + option when loading a zone. [GL #1905] + 6017. [bug] The view's zone table was not locked when it should have been leading to race conditions when external extensions that manipulate the zone table where in diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c index 204bd1fffc..6b3616c0a3 100644 --- a/bin/check/named-checkconf.c +++ b/bin/check/named-checkconf.c @@ -403,6 +403,17 @@ configure_zone(const char *vclass, const char *view, const cfg_obj_t *zconfig, zone_options |= DNS_ZONEOPT_CHECKSPF; } + obj = NULL; + if (get_maps(maps, "check-wildcard", &obj)) { + if (cfg_obj_asboolean(obj)) { + zone_options |= DNS_ZONEOPT_CHECKWILDCARD; + } else { + zone_options &= ~DNS_ZONEOPT_CHECKWILDCARD; + } + } else { + zone_options |= DNS_ZONEOPT_CHECKWILDCARD; + } + obj = NULL; if (get_checknames(maps, &obj)) { if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) { From 4906ae9fe04196fd28ad8e283a03050ddc9de570 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Wed, 9 Nov 2022 11:12:20 +0000 Subject: [PATCH 2/2] Check 'named-checkconf -z' and check-wildcard Add tests to check the behavior of 'named-checkconf -z' and check-wildcard setting in named.conf. (cherry picked from commit 708dadac59afb50fdc1810cc591e4e5af6971136) --- .../system/checkconf/check-wildcard-no.conf | 18 +++++++++++++++ .../system/checkconf/check-wildcard.conf | 18 +++++++++++++++ bin/tests/system/checkconf/check-wildcard.db | 23 +++++++++++++++++++ bin/tests/system/checkconf/tests.sh | 17 ++++++++++++++ 4 files changed, 76 insertions(+) create mode 100644 bin/tests/system/checkconf/check-wildcard-no.conf create mode 100644 bin/tests/system/checkconf/check-wildcard.conf create mode 100644 bin/tests/system/checkconf/check-wildcard.db diff --git a/bin/tests/system/checkconf/check-wildcard-no.conf b/bin/tests/system/checkconf/check-wildcard-no.conf new file mode 100644 index 0000000000..beb641a9bd --- /dev/null +++ b/bin/tests/system/checkconf/check-wildcard-no.conf @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "check-wildcard" { + type primary; + file "check-wildcard.db"; + check-wildcard no; +}; diff --git a/bin/tests/system/checkconf/check-wildcard.conf b/bin/tests/system/checkconf/check-wildcard.conf new file mode 100644 index 0000000000..263f8b4a65 --- /dev/null +++ b/bin/tests/system/checkconf/check-wildcard.conf @@ -0,0 +1,18 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * SPDX-License-Identifier: MPL-2.0 + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, you can obtain one at https://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +zone "check-wildcard" { + type primary; + file "check-wildcard.db"; + check-wildcard yes; +}; diff --git a/bin/tests/system/checkconf/check-wildcard.db b/bin/tests/system/checkconf/check-wildcard.db new file mode 100644 index 0000000000..1db5af00e3 --- /dev/null +++ b/bin/tests/system/checkconf/check-wildcard.db @@ -0,0 +1,23 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; SPDX-License-Identifier: MPL-2.0 +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, you can obtain one at https://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 600 ; 10 minutes +@ IN SOA mname1. . ( + 1 ; serial + 20 ; refresh (20 seconds) + 20 ; retry (20 seconds) + 1814400 ; expire (3 weeks) + 3600 ; minimum (1 hour) + ) + NS ns2 +ns2 A 10.53.0.2 +; an interior wildcard name +foo.* TXT The owner name contains an interior wildcard diff --git a/bin/tests/system/checkconf/tests.sh b/bin/tests/system/checkconf/tests.sh index 3a6b95f623..ba683f57e2 100644 --- a/bin/tests/system/checkconf/tests.sh +++ b/bin/tests/system/checkconf/tests.sh @@ -624,6 +624,23 @@ $CHECKCONF warn-random-device.conf > checkconf.out$n 2>/dev/null || ret=1 grep "option 'random-device' is obsolete and should be removed" < checkconf.out$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check that 'check-wildcard no;' succeeds as configured ($n)" +ret=0 +$CHECKCONF -z check-wildcard-no.conf > checkconf.out$n 2>&1 || ret=1 +grep -F "warning: ownername 'foo.*.check-wildcard' contains an non-terminal wildcard" checkconf.out$n > /dev/null && ret=1 +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + +n=`expr $n + 1` +echo_i "check that 'check-wildcard yes;' warns as configured ($n)" +ret=0 +$CHECKCONF -z check-wildcard.conf > checkconf.out$n 2>&1 || ret=1 +grep -F "warning: ownername 'foo.*.check-wildcard' contains an non-terminal wildcard" checkconf.out$n > /dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; ret=1; fi +status=`expr $status + $ret` + rmdir keys echo_i "exit status: $status"