summaryrefslogtreecommitdiff
path: root/contrib/unbound/smallapp/unbound-checkconf.c
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/unbound/smallapp/unbound-checkconf.c')
-rw-r--r--contrib/unbound/smallapp/unbound-checkconf.c154
1 files changed, 153 insertions, 1 deletions
diff --git a/contrib/unbound/smallapp/unbound-checkconf.c b/contrib/unbound/smallapp/unbound-checkconf.c
index 91ad54abd8db..eddd406a8067 100644
--- a/contrib/unbound/smallapp/unbound-checkconf.c
+++ b/contrib/unbound/smallapp/unbound-checkconf.c
@@ -58,6 +58,7 @@
#include "services/authzone.h"
#include "respip/respip.h"
#include "sldns/sbuffer.h"
+#include "sldns/str2wire.h"
#ifdef HAVE_GETOPT_H
#include <getopt.h>
#endif
@@ -194,6 +195,94 @@ localzonechecks(struct config_file* cfg)
local_zones_delete(zs);
}
+/** checks for acl and views */
+static void
+acl_view_tag_checks(struct config_file* cfg, struct views* views)
+{
+ int d;
+ struct sockaddr_storage a;
+ socklen_t alen;
+ struct config_str2list* acl;
+ struct config_str3list* s3;
+ struct config_strbytelist* sb;
+
+ /* acl_view */
+ for(acl=cfg->acl_view; acl; acl = acl->next) {
+ struct view* v;
+ if(!netblockstrtoaddr(acl->str, UNBOUND_DNS_PORT, &a, &alen,
+ &d)) {
+ fatal_exit("cannot parse access-control-view "
+ "address %s %s", acl->str, acl->str2);
+ }
+ v = views_find_view(views, acl->str2, 0);
+ if(!v) {
+ fatal_exit("cannot find view for "
+ "access-control-view: %s %s",
+ acl->str, acl->str2);
+ }
+ lock_rw_unlock(&v->lock);
+ }
+
+ /* acl_tags */
+ for(sb=cfg->acl_tags; sb; sb = sb->next) {
+ if(!netblockstrtoaddr(sb->str, UNBOUND_DNS_PORT, &a, &alen,
+ &d)) {
+ fatal_exit("cannot parse access-control-tags "
+ "address %s", sb->str);
+ }
+ }
+
+ /* acl_tag_actions */
+ for(s3=cfg->acl_tag_actions; s3; s3 = s3->next) {
+ enum localzone_type t;
+ if(!netblockstrtoaddr(s3->str, UNBOUND_DNS_PORT, &a, &alen,
+ &d)) {
+ fatal_exit("cannot parse access-control-tag-actions "
+ "address %s %s %s",
+ s3->str, s3->str2, s3->str3);
+ }
+ if(find_tag_id(cfg, s3->str2) == -1) {
+ fatal_exit("cannot parse tag %s (define-tag it), "
+ "for access-control-tag-actions: %s %s %s",
+ s3->str2, s3->str, s3->str2, s3->str3);
+ }
+ if(!local_zone_str2type(s3->str3, &t)) {
+ fatal_exit("cannot parse access control action type %s"
+ " for access-control-tag-actions: %s %s %s",
+ s3->str3, s3->str, s3->str2, s3->str3);
+ }
+ }
+
+ /* acl_tag_datas */
+ for(s3=cfg->acl_tag_datas; s3; s3 = s3->next) {
+ char buf[65536];
+ uint8_t rr[LDNS_RR_BUF_SIZE];
+ size_t len = sizeof(rr);
+ int res;
+ if(!netblockstrtoaddr(s3->str, UNBOUND_DNS_PORT, &a, &alen,
+ &d)) {
+ fatal_exit("cannot parse access-control-tag-datas address %s %s '%s'",
+ s3->str, s3->str2, s3->str3);
+ }
+ if(find_tag_id(cfg, s3->str2) == -1) {
+ fatal_exit("cannot parse tag %s (define-tag it), "
+ "for access-control-tag-datas: %s %s '%s'",
+ s3->str2, s3->str, s3->str2, s3->str3);
+ }
+ /* '.' is sufficient for validation, and it makes the call to
+ * sldns_wirerr_get_type() simpler below. */
+ snprintf(buf, sizeof(buf), "%s %s", ".", s3->str3);
+ res = sldns_str2wire_rr_buf(buf, rr, &len, NULL, 3600, NULL,
+ 0, NULL, 0);
+ if(res != 0) {
+ fatal_exit("cannot parse rr data [char %d] parse error %s, for access-control-tag-datas: %s %s '%s'",
+ (int)LDNS_WIREPARSE_OFFSET(res)-2,
+ sldns_get_errorstr_parse(res),
+ s3->str, s3->str2, s3->str3);
+ }
+ }
+}
+
/** check view and response-ip configuration */
static void
view_and_respipchecks(struct config_file* cfg)
@@ -211,6 +300,7 @@ view_and_respipchecks(struct config_file* cfg)
fatal_exit("Could not setup respip set");
if(!respip_views_apply_cfg(views, cfg, &ignored))
fatal_exit("Could not setup per-view respip sets");
+ acl_view_tag_checks(cfg, views);
views_delete(views);
respip_set_delete(respip);
}
@@ -481,6 +571,8 @@ morechecks(struct config_file* cfg)
fatal_exit("num_threads value weird");
if(!cfg->do_ip4 && !cfg->do_ip6)
fatal_exit("ip4 and ip6 are both disabled, pointless");
+ if(!cfg->do_ip4 && cfg->prefer_ip4)
+ fatal_exit("cannot prefer and disable ip4, pointless");
if(!cfg->do_ip6 && cfg->prefer_ip6)
fatal_exit("cannot prefer and disable ip6, pointless");
if(!cfg->do_udp && !cfg->do_tcp)
@@ -567,6 +659,64 @@ morechecks(struct config_file* cfg)
&& strcmp(cfg->module_conf, "python dns64 iterator") != 0
&& strcmp(cfg->module_conf, "python dns64 validator iterator") != 0
#endif
+#ifdef WITH_DYNLIBMODULE
+ && strcmp(cfg->module_conf, "dynlib iterator") != 0
+ && strcmp(cfg->module_conf, "dynlib dynlib iterator") != 0
+ && strcmp(cfg->module_conf, "dynlib dynlib dynlib iterator") != 0
+ && strcmp(cfg->module_conf, "python dynlib iterator") != 0
+ && strcmp(cfg->module_conf, "python dynlib dynlib iterator") != 0
+ && strcmp(cfg->module_conf, "python dynlib dynlib dynlib iterator") != 0
+ && strcmp(cfg->module_conf, "dynlib respip iterator") != 0
+ && strcmp(cfg->module_conf, "dynlib validator iterator") != 0
+ && strcmp(cfg->module_conf, "dynlib dynlib validator iterator") != 0
+ && strcmp(cfg->module_conf, "dynlib dynlib dynlib validator iterator") != 0
+ && strcmp(cfg->module_conf, "python dynlib validator iterator") != 0
+ && strcmp(cfg->module_conf, "python dynlib dynlib validator iterator") != 0
+ && strcmp(cfg->module_conf, "python dynlib dynlib dynlib validator iterator") != 0
+ && strcmp(cfg->module_conf, "dynlib respip validator iterator") != 0
+ && strcmp(cfg->module_conf, "validator dynlib iterator") != 0
+ && strcmp(cfg->module_conf, "dns64 dynlib iterator") != 0
+ && strcmp(cfg->module_conf, "dns64 dynlib validator iterator") != 0
+ && strcmp(cfg->module_conf, "dns64 validator dynlib iterator") != 0
+ && strcmp(cfg->module_conf, "dynlib dns64 iterator") != 0
+ && strcmp(cfg->module_conf, "dynlib dns64 validator iterator") != 0
+ && strcmp(cfg->module_conf, "dynlib dns64 cachedb iterator") != 0
+ && strcmp(cfg->module_conf, "dynlib dns64 validator cachedb iterator") != 0
+ && strcmp(cfg->module_conf, "dns64 dynlib cachedb iterator") != 0
+ && strcmp(cfg->module_conf, "dns64 dynlib validator cachedb iterator") != 0
+ && strcmp(cfg->module_conf, "dynlib cachedb iterator") != 0
+ && strcmp(cfg->module_conf, "dynlib respip cachedb iterator") != 0
+ && strcmp(cfg->module_conf, "dynlib validator cachedb iterator") != 0
+ && strcmp(cfg->module_conf, "dynlib respip validator cachedb iterator") != 0
+ && strcmp(cfg->module_conf, "cachedb dynlib iterator") != 0
+ && strcmp(cfg->module_conf, "respip cachedb dynlib iterator") != 0
+ && strcmp(cfg->module_conf, "validator cachedb dynlib iterator") != 0
+ && strcmp(cfg->module_conf, "respip validator cachedb dynlib iterator") != 0
+ && strcmp(cfg->module_conf, "validator dynlib cachedb iterator") != 0
+ && strcmp(cfg->module_conf, "respip validator dynlib cachedb iterator") != 0
+ && strcmp(cfg->module_conf, "dynlib subnetcache iterator") != 0
+ && strcmp(cfg->module_conf, "dynlib respip subnetcache iterator") != 0
+ && strcmp(cfg->module_conf, "subnetcache dynlib iterator") != 0
+ && strcmp(cfg->module_conf, "respip subnetcache dynlib iterator") != 0
+ && strcmp(cfg->module_conf, "dynlib subnetcache validator iterator") != 0
+ && strcmp(cfg->module_conf, "dynlib respip subnetcache validator iterator") != 0
+ && strcmp(cfg->module_conf, "subnetcache dynlib validator iterator") != 0
+ && strcmp(cfg->module_conf, "respip subnetcache dynlib validator iterator") != 0
+ && strcmp(cfg->module_conf, "subnetcache validator dynlib iterator") != 0
+ && strcmp(cfg->module_conf, "respip subnetcache validator dynlib iterator") != 0
+ && strcmp(cfg->module_conf, "dynlib ipsecmod iterator") != 0
+ && strcmp(cfg->module_conf, "dynlib ipsecmod respip iterator") != 0
+ && strcmp(cfg->module_conf, "ipsecmod dynlib iterator") != 0
+ && strcmp(cfg->module_conf, "ipsecmod dynlib respip iterator") != 0
+ && strcmp(cfg->module_conf, "ipsecmod validator iterator") != 0
+ && strcmp(cfg->module_conf, "ipsecmod respip validator iterator") != 0
+ && strcmp(cfg->module_conf, "dynlib ipsecmod validator iterator") != 0
+ && strcmp(cfg->module_conf, "dynlib ipsecmod respip validator iterator") != 0
+ && strcmp(cfg->module_conf, "ipsecmod dynlib validator iterator") != 0
+ && strcmp(cfg->module_conf, "ipsecmod dynlib respip validator iterator") != 0
+ && strcmp(cfg->module_conf, "ipsecmod validator dynlib iterator") != 0
+ && strcmp(cfg->module_conf, "ipsecmod respip validator dynlib iterator") != 0
+#endif
#ifdef USE_CACHEDB
&& strcmp(cfg->module_conf, "validator cachedb iterator") != 0
&& strcmp(cfg->module_conf, "respip validator cachedb iterator") != 0
@@ -598,6 +748,8 @@ morechecks(struct config_file* cfg)
&& strcmp(cfg->module_conf, "respip subnetcache validator iterator") != 0
&& strcmp(cfg->module_conf, "dns64 subnetcache iterator") != 0
&& strcmp(cfg->module_conf, "dns64 subnetcache validator iterator") != 0
+ && strcmp(cfg->module_conf, "dns64 subnetcache respip iterator") != 0
+ && strcmp(cfg->module_conf, "dns64 subnetcache respip validator iterator") != 0
#endif
#if defined(WITH_PYTHONMODULE) && defined(CLIENT_SUBNET)
&& strcmp(cfg->module_conf, "python subnetcache iterator") != 0
@@ -701,7 +853,7 @@ check_auth(struct config_file* cfg)
{
int is_rpz = 0;
struct auth_zones* az = auth_zones_create();
- if(!az || !auth_zones_apply_cfg(az, cfg, 0i, &is_rpz)) {
+ if(!az || !auth_zones_apply_cfg(az, cfg, 0, &is_rpz)) {
fatal_exit("Could not setup authority zones");
}
auth_zones_delete(az);
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-22 18:26:51 +0000