isc_result_t
ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
isc_mem_t *mctx, isc_sockaddr_t **addrsp,
isc_dscp_t **dscpsp, dns_name_t ***keysp,
isc_uint32_t *countp)
{
isc_uint32_t addrcount = 0, dscpcount = 0, keycount = 0, i = 0;
isc_uint32_t listcount = 0, l = 0, j;
isc_uint32_t stackcount = 0, pushed = 0;
isc_result_t result;
const cfg_listelt_t *element;
const cfg_obj_t *addrlist;
const cfg_obj_t *portobj;
const cfg_obj_t *dscpobj;
in_port_t port;
isc_dscp_t dscp = -1;
dns_fixedname_t fname;
isc_sockaddr_t *addrs = NULL;
isc_dscp_t *dscps = NULL;
dns_name_t **keys = NULL;
struct { const char *name; } *lists = NULL;
struct {
const cfg_listelt_t *element;
in_port_t port;
isc_dscp_t dscp;
} *stack = NULL;
REQUIRE(addrsp != NULL && *addrsp == NULL);
REQUIRE(dscpsp != NULL && *dscpsp == NULL);
REQUIRE(keysp != NULL && *keysp == NULL);
REQUIRE(countp != NULL);
/*
* Get system defaults.
*/
result = ns_config_getport(config, &port);
if (result != ISC_R_SUCCESS)
goto cleanup;
result = ns_config_getdscp(config, &dscp);
if (result != ISC_R_SUCCESS)
goto cleanup;
newlist:
addrlist = cfg_tuple_get(list, "addresses");
portobj = cfg_tuple_get(list, "port");
dscpobj = cfg_tuple_get(list, "dscp");
if (cfg_obj_isuint32(portobj)) {
isc_uint32_t val = cfg_obj_asuint32(portobj);
if (val > ISC_UINT16_MAX) {
cfg_obj_log(portobj, ns_g_lctx, ISC_LOG_ERROR,
"port '%u' out of range", val);
result = ISC_R_RANGE;
goto cleanup;
}
port = (in_port_t) val;
}
if (dscpobj != NULL && cfg_obj_isuint32(dscpobj)) {
if (cfg_obj_asuint32(dscpobj) > 63) {
cfg_obj_log(dscpobj, ns_g_lctx, ISC_LOG_ERROR,
"dscp value '%u' is out of range",
cfg_obj_asuint32(dscpobj));
result = ISC_R_RANGE;
goto cleanup;
}
dscp = (isc_dscp_t)cfg_obj_asuint32(dscpobj);
}
result = ISC_R_NOMEMORY;
element = cfg_list_first(addrlist);
resume:
for ( ;
element != NULL;
element = cfg_list_next(element))
{
const cfg_obj_t *addr;
const cfg_obj_t *key;
const char *keystr;
isc_buffer_t b;
addr = cfg_tuple_get(cfg_listelt_value(element),
"masterselement");
key = cfg_tuple_get(cfg_listelt_value(element), "key");
if (!cfg_obj_issockaddr(addr)) {
const char *listname = cfg_obj_asstring(addr);
isc_result_t tresult;
/* Grow lists? */
if (listcount == l) {
void * tmp;
isc_uint32_t newlen = listcount + 16;
size_t newsize, oldsize;
newsize = newlen * sizeof(*lists);
oldsize = listcount * sizeof(*lists);
tmp = isc_mem_get(mctx, newsize);
if (tmp == NULL)
goto cleanup;
if (listcount != 0) {
memmove(tmp, lists, oldsize);
isc_mem_put(mctx, lists, oldsize);
}
lists = tmp;
listcount = newlen;
}
/* Seen? */
for (j = 0; j < l; j++)
if (strcasecmp(lists[j].name, listname) == 0)
break;
if (j < l)
continue;
tresult = get_masters_def(config, listname, &list);
if (tresult == ISC_R_NOTFOUND) {
cfg_obj_log(addr, ns_g_lctx, ISC_LOG_ERROR,
"masters \"%s\" not found", listname);
result = tresult;
goto cleanup;
}
if (tresult != ISC_R_SUCCESS)
goto cleanup;
lists[l++].name = listname;
/* Grow stack? */
if (stackcount == pushed) {
void * tmp;
isc_uint32_t newlen = stackcount + 16;
size_t newsize, oldsize;
newsize = newlen * sizeof(*stack);
oldsize = stackcount * sizeof(*stack);
tmp = isc_mem_get(mctx, newsize);
if (tmp == NULL)
goto cleanup;
if (stackcount != 0) {
memmove(tmp, stack, oldsize);
isc_mem_put(mctx, stack, oldsize);
}
stack = tmp;
stackcount = newlen;
}
/*
* We want to resume processing this list on the
* next element.
*/
stack[pushed].element = cfg_list_next(element);
stack[pushed].port = port;
stack[pushed].dscp = dscp;
pushed++;
goto newlist;
}
if (i == addrcount) {
void * tmp;
isc_uint32_t newlen = addrcount + 16;
size_t newsize, oldsize;
newsize = newlen * sizeof(isc_sockaddr_t);
oldsize = addrcount * sizeof(isc_sockaddr_t);
tmp = isc_mem_get(mctx, newsize);
if (tmp == NULL)
goto cleanup;
if (addrcount != 0) {
memmove(tmp, addrs, oldsize);
isc_mem_put(mctx, addrs, oldsize);
}
addrs = tmp;
addrcount = newlen;
newsize = newlen * sizeof(isc_dscp_t);
oldsize = dscpcount * sizeof(isc_dscp_t);
tmp = isc_mem_get(mctx, newsize);
if (tmp == NULL)
goto cleanup;
if (dscpcount != 0) {
memmove(tmp, dscps, oldsize);
isc_mem_put(mctx, dscps, oldsize);
}
dscps = tmp;
dscpcount = newlen;
newsize = newlen * sizeof(dns_name_t *);
oldsize = keycount * sizeof(dns_name_t *);
tmp = isc_mem_get(mctx, newsize);
if (tmp == NULL)
goto cleanup;
if (keycount != 0) {
memmove(tmp, keys, oldsize);
isc_mem_put(mctx, keys, oldsize);
}
keys = tmp;
keycount = newlen;
}
addrs[i] = *cfg_obj_assockaddr(addr);
if (isc_sockaddr_getport(&addrs[i]) == 0)
isc_sockaddr_setport(&addrs[i], port);
dscps[i] = cfg_obj_getdscp(addr);
if (dscps[i] == -1)
dscps[i] = dscp;
keys[i] = NULL;
i++; /* Increment here so that cleanup on error works. */
if (!cfg_obj_isstring(key))
continue;
keys[i - 1] = isc_mem_get(mctx, sizeof(dns_name_t));
if (keys[i - 1] == NULL)
goto cleanup;
dns_name_init(keys[i - 1], NULL);
keystr = cfg_obj_asstring(key);
isc_buffer_constinit(&b, keystr, strlen(keystr));
isc_buffer_add(&b, strlen(keystr));
dns_fixedname_init(&fname);
result = dns_name_fromtext(dns_fixedname_name(&fname), &b,
dns_rootname, 0, NULL);
if (result != ISC_R_SUCCESS)
goto cleanup;
result = dns_name_dup(dns_fixedname_name(&fname), mctx,
keys[i - 1]);
if (result != ISC_R_SUCCESS)
goto cleanup;
}
if (pushed != 0) {
pushed--;
element = stack[pushed].element;
port = stack[pushed].port;
dscp = stack[pushed].dscp;
goto resume;
}
if (i < addrcount) {
void * tmp;
size_t newsize, oldsize;
newsize = i * sizeof(isc_sockaddr_t);
oldsize = addrcount * sizeof(isc_sockaddr_t);
if (i != 0) {
tmp = isc_mem_get(mctx, newsize);
if (tmp == NULL)
goto cleanup;
memmove(tmp, addrs, newsize);
} else
tmp = NULL;
isc_mem_put(mctx, addrs, oldsize);
addrs = tmp;
addrcount = i;
newsize = i * sizeof(isc_dscp_t);
oldsize = dscpcount * sizeof(isc_dscp_t);
if (i != 0) {
tmp = isc_mem_get(mctx, newsize);
if (tmp == NULL)
goto cleanup;
memmove(tmp, dscps, newsize);
} else
tmp = NULL;
isc_mem_put(mctx, dscps, oldsize);
dscps = tmp;
dscpcount = i;
newsize = i * sizeof(dns_name_t *);
oldsize = keycount * sizeof(dns_name_t *);
if (i != 0) {
tmp = isc_mem_get(mctx, newsize);
if (tmp == NULL)
goto cleanup;
memmove(tmp, keys, newsize);
} else
tmp = NULL;
isc_mem_put(mctx, keys, oldsize);
keys = tmp;
keycount = i;
}
if (lists != NULL)
isc_mem_put(mctx, lists, listcount * sizeof(*lists));
if (stack != NULL)
isc_mem_put(mctx, stack, stackcount * sizeof(*stack));
INSIST(keycount == addrcount);
*addrsp = addrs;
*dscpsp = dscps;
*keysp = keys;
*countp = addrcount;
return (ISC_R_SUCCESS);
cleanup:
if (addrs != NULL)
isc_mem_put(mctx, addrs, addrcount * sizeof(isc_sockaddr_t));
if (dscps != NULL)
isc_mem_put(mctx, dscps, dscpcount * sizeof(isc_dscp_t));
if (keys != NULL) {
for (j = 0; j < i; j++) {
if (keys[j] == NULL)
continue;
if (dns_name_dynamic(keys[j]))
dns_name_free(keys[j], mctx);
isc_mem_put(mctx, keys[j], sizeof(dns_name_t));
}
isc_mem_put(mctx, keys, keycount * sizeof(dns_name_t *));
}
if (lists != NULL)
isc_mem_put(mctx, lists, listcount * sizeof(*lists));
if (stack != NULL)
isc_mem_put(mctx, stack, stackcount * sizeof(*stack));
return (result);
}
isc_result_t
ns_acl_fromconfig(cfg_obj_t *caml,
cfg_obj_t *cctx,
ns_aclconfctx_t *ctx,
isc_mem_t *mctx,
dns_acl_t **target)
{
isc_result_t result;
unsigned int count;
dns_acl_t *dacl = NULL;
dns_aclelement_t *de;
cfg_listelt_t *elt;
REQUIRE(target != NULL && *target == NULL);
count = 0;
for (elt = cfg_list_first(caml);
elt != NULL;
elt = cfg_list_next(elt))
count++;
result = dns_acl_create(mctx, count, &dacl);
if (result != ISC_R_SUCCESS)
return (result);
de = dacl->elements;
for (elt = cfg_list_first(caml);
elt != NULL;
elt = cfg_list_next(elt))
{
cfg_obj_t *ce = cfg_listelt_value(elt);
if (cfg_obj_istuple(ce)) {
/* This must be a negated element. */
ce = cfg_tuple_get(ce, "value");
de->negative = ISC_TRUE;
} else {
de->negative = ISC_FALSE;
}
if (cfg_obj_isnetprefix(ce)) {
/* Network prefix */
de->type = dns_aclelementtype_ipprefix;
cfg_obj_asnetprefix(ce,
&de->u.ip_prefix.address,
&de->u.ip_prefix.prefixlen);
} else if (cfg_obj_istype(ce, &cfg_type_keyref)) {
/* Key name */
de->type = dns_aclelementtype_keyname;
dns_name_init(&de->u.keyname, NULL);
result = convert_keyname(ce, mctx, &de->u.keyname);
if (result != ISC_R_SUCCESS)
goto cleanup;
} else if (cfg_obj_islist(ce)) {
/* Nested ACL */
de->type = dns_aclelementtype_nestedacl;
result = ns_acl_fromconfig(ce, cctx, ctx, mctx,
&de->u.nestedacl);
if (result != ISC_R_SUCCESS)
goto cleanup;
} else if (cfg_obj_isstring(ce)) {
/* ACL name */
char *name = cfg_obj_asstring(ce);
if (strcasecmp(name, "localhost") == 0) {
de->type = dns_aclelementtype_localhost;
} else if (strcasecmp(name, "localnets") == 0) {
de->type = dns_aclelementtype_localnets;
} else if (strcasecmp(name, "any") == 0) {
de->type = dns_aclelementtype_any;
} else if (strcasecmp(name, "none") == 0) {
de->type = dns_aclelementtype_any;
de->negative = ISC_TF(! de->negative);
} else {
de->type = dns_aclelementtype_nestedacl;
result = convert_named_acl(ce, cctx, ctx, mctx,
&de->u.nestedacl);
if (result != ISC_R_SUCCESS)
goto cleanup;
}
} else {
cfg_obj_log(ce, dns_lctx, ISC_LOG_WARNING,
"address match list contains "
"unsupported element type");
result = ISC_R_FAILURE;
goto cleanup;
}
de++;
dacl->length++;
}
*target = dacl;
return (ISC_R_SUCCESS);
cleanup:
dns_acl_detach(&dacl);
return (result);
}
/*% configure the zone */
static isc_result_t
configure_zone(const char *vclass, const char *view,
const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,
const cfg_obj_t *config, isc_mem_t *mctx)
{
int i = 0;
isc_result_t result;
const char *zclass;
const char *zname;
const char *zfile;
const cfg_obj_t *maps[4];
const cfg_obj_t *zoptions = NULL;
const cfg_obj_t *classobj = NULL;
const cfg_obj_t *typeobj = NULL;
const cfg_obj_t *fileobj = NULL;
const cfg_obj_t *dbobj = NULL;
const cfg_obj_t *obj = NULL;
const cfg_obj_t *fmtobj = NULL;
dns_masterformat_t masterformat;
zone_options = DNS_ZONEOPT_CHECKNS | DNS_ZONEOPT_MANYERRORS;
zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
classobj = cfg_tuple_get(zconfig, "class");
if (!cfg_obj_isstring(classobj))
zclass = vclass;
else
zclass = cfg_obj_asstring(classobj);
zoptions = cfg_tuple_get(zconfig, "options");
maps[i++] = zoptions;
if (vconfig != NULL)
maps[i++] = cfg_tuple_get(vconfig, "options");
if (config != NULL) {
cfg_map_get(config, "options", &obj);
if (obj != NULL)
maps[i++] = obj;
}
maps[i++] = NULL;
cfg_map_get(zoptions, "type", &typeobj);
if (typeobj == NULL)
return (ISC_R_FAILURE);
if (strcasecmp(cfg_obj_asstring(typeobj), "master") != 0)
return (ISC_R_SUCCESS);
cfg_map_get(zoptions, "database", &dbobj);
if (dbobj != NULL)
return (ISC_R_SUCCESS);
cfg_map_get(zoptions, "file", &fileobj);
if (fileobj == NULL)
return (ISC_R_FAILURE);
zfile = cfg_obj_asstring(fileobj);
obj = NULL;
if (get_maps(maps, "check-mx", &obj)) {
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
zone_options |= DNS_ZONEOPT_CHECKMX;
zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL;
} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
zone_options |= DNS_ZONEOPT_CHECKMX;
zone_options |= DNS_ZONEOPT_CHECKMXFAIL;
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
zone_options &= ~DNS_ZONEOPT_CHECKMX;
zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL;
} else
INSIST(0);
} else {
zone_options |= DNS_ZONEOPT_CHECKMX;
zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL;
}
obj = NULL;
if (get_maps(maps, "check-integrity", &obj)) {
if (cfg_obj_asboolean(obj))
zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
else
zone_options &= ~DNS_ZONEOPT_CHECKINTEGRITY;
} else
zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
obj = NULL;
if (get_maps(maps, "check-mx-cname", &obj)) {
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
zone_options |= DNS_ZONEOPT_WARNMXCNAME;
zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
zone_options &= ~DNS_ZONEOPT_WARNMXCNAME;
zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
zone_options |= DNS_ZONEOPT_WARNMXCNAME;
zone_options |= DNS_ZONEOPT_IGNOREMXCNAME;
} else
INSIST(0);
} else {
zone_options |= DNS_ZONEOPT_WARNMXCNAME;
zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
}
obj = NULL;
if (get_maps(maps, "check-srv-cname", &obj)) {
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
zone_options &= ~DNS_ZONEOPT_WARNSRVCNAME;
zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
zone_options |= DNS_ZONEOPT_IGNORESRVCNAME;
} else
INSIST(0);
} else {
zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
}
obj = NULL;
if (get_maps(maps, "check-sibling", &obj)) {
if (cfg_obj_asboolean(obj))
zone_options |= DNS_ZONEOPT_CHECKSIBLING;
else
zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
}
obj = NULL;
if (get_checknames(maps, &obj)) {
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
zone_options |= DNS_ZONEOPT_CHECKNAMES;
zone_options &= ~DNS_ZONEOPT_CHECKNAMESFAIL;
} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
zone_options |= DNS_ZONEOPT_CHECKNAMES;
zone_options |= DNS_ZONEOPT_CHECKNAMESFAIL;
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
zone_options &= ~DNS_ZONEOPT_CHECKNAMES;
zone_options &= ~DNS_ZONEOPT_CHECKNAMESFAIL;
} else
INSIST(0);
} else {
zone_options |= DNS_ZONEOPT_CHECKNAMES;
zone_options |= DNS_ZONEOPT_CHECKNAMESFAIL;
}
masterformat = dns_masterformat_text;
fmtobj = NULL;
result = config_get(maps, "masterfile-format", &fmtobj);
if (result == ISC_R_SUCCESS) {
const char *masterformatstr = cfg_obj_asstring(fmtobj);
if (strcasecmp(masterformatstr, "text") == 0)
masterformat = dns_masterformat_text;
else if (strcasecmp(masterformatstr, "raw") == 0)
masterformat = dns_masterformat_raw;
else
INSIST(0);
}
result = load_zone(mctx, zname, zfile, masterformat, zclass, NULL);
if (result != ISC_R_SUCCESS)
fprintf(stderr, "%s/%s/%s: %s\n", view, zname, zclass,
dns_result_totext(result));
return(result);
}
/*% configure the zone */
static isc_result_t
configure_zone(const char *vclass, const char *view,
const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,
const cfg_obj_t *config, isc_mem_t *mctx)
{
int i = 0;
isc_result_t result;
const char *zclass;
const char *zname;
const char *zfile = NULL;
const cfg_obj_t *maps[4];
const cfg_obj_t *mastersobj = NULL;
const cfg_obj_t *zoptions = NULL;
const cfg_obj_t *classobj = NULL;
const cfg_obj_t *typeobj = NULL;
const cfg_obj_t *fileobj = NULL;
const cfg_obj_t *dlzobj = NULL;
const cfg_obj_t *dbobj = NULL;
const cfg_obj_t *obj = NULL;
const cfg_obj_t *fmtobj = NULL;
dns_masterformat_t masterformat;
dns_ttl_t maxttl = 0;
zone_options = DNS_ZONEOPT_CHECKNS | DNS_ZONEOPT_MANYERRORS;
zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
classobj = cfg_tuple_get(zconfig, "class");
if (!cfg_obj_isstring(classobj))
zclass = vclass;
else
zclass = cfg_obj_asstring(classobj);
zoptions = cfg_tuple_get(zconfig, "options");
maps[i++] = zoptions;
if (vconfig != NULL)
maps[i++] = cfg_tuple_get(vconfig, "options");
if (config != NULL) {
cfg_map_get(config, "options", &obj);
if (obj != NULL)
maps[i++] = obj;
}
maps[i] = NULL;
cfg_map_get(zoptions, "type", &typeobj);
if (typeobj == NULL)
return (ISC_R_FAILURE);
/*
* Skip checks when using an alternate data source.
*/
cfg_map_get(zoptions, "database", &dbobj);
if (dbobj != NULL &&
strcmp("rbt", cfg_obj_asstring(dbobj)) != 0 &&
strcmp("rbt64", cfg_obj_asstring(dbobj)) != 0)
return (ISC_R_SUCCESS);
cfg_map_get(zoptions, "dlz", &dlzobj);
if (dlzobj != NULL)
return (ISC_R_SUCCESS);
cfg_map_get(zoptions, "file", &fileobj);
if (fileobj != NULL)
zfile = cfg_obj_asstring(fileobj);
/*
* Check hints files for hint zones.
* Skip loading checks for any type other than
* master and redirect
*/
if (strcasecmp(cfg_obj_asstring(typeobj), "hint") == 0)
return (configure_hint(zfile, zclass, mctx));
else if ((strcasecmp(cfg_obj_asstring(typeobj), "master") != 0) &&
(strcasecmp(cfg_obj_asstring(typeobj), "redirect") != 0))
return (ISC_R_SUCCESS);
/*
* Is the redirect zone configured as a slave?
*/
if (strcasecmp(cfg_obj_asstring(typeobj), "redirect") == 0) {
cfg_map_get(zoptions, "masters", &mastersobj);
if (mastersobj != NULL)
return (ISC_R_SUCCESS);
}
if (zfile == NULL)
return (ISC_R_FAILURE);
obj = NULL;
if (get_maps(maps, "check-dup-records", &obj)) {
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
zone_options |= DNS_ZONEOPT_CHECKDUPRR;
zone_options &= ~DNS_ZONEOPT_CHECKDUPRRFAIL;
} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
zone_options |= DNS_ZONEOPT_CHECKDUPRR;
zone_options |= DNS_ZONEOPT_CHECKDUPRRFAIL;
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
zone_options &= ~DNS_ZONEOPT_CHECKDUPRR;
zone_options &= ~DNS_ZONEOPT_CHECKDUPRRFAIL;
} else
INSIST(0);
} else {
zone_options |= DNS_ZONEOPT_CHECKDUPRR;
zone_options &= ~DNS_ZONEOPT_CHECKDUPRRFAIL;
}
obj = NULL;
if (get_maps(maps, "check-mx", &obj)) {
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
zone_options |= DNS_ZONEOPT_CHECKMX;
zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL;
} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
zone_options |= DNS_ZONEOPT_CHECKMX;
zone_options |= DNS_ZONEOPT_CHECKMXFAIL;
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
zone_options &= ~DNS_ZONEOPT_CHECKMX;
zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL;
} else
INSIST(0);
} else {
zone_options |= DNS_ZONEOPT_CHECKMX;
zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL;
}
obj = NULL;
if (get_maps(maps, "check-integrity", &obj)) {
if (cfg_obj_asboolean(obj))
zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
else
zone_options &= ~DNS_ZONEOPT_CHECKINTEGRITY;
} else
zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
obj = NULL;
if (get_maps(maps, "check-mx-cname", &obj)) {
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
zone_options |= DNS_ZONEOPT_WARNMXCNAME;
zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
zone_options &= ~DNS_ZONEOPT_WARNMXCNAME;
zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
zone_options |= DNS_ZONEOPT_WARNMXCNAME;
zone_options |= DNS_ZONEOPT_IGNOREMXCNAME;
} else
INSIST(0);
} else {
zone_options |= DNS_ZONEOPT_WARNMXCNAME;
zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
}
obj = NULL;
if (get_maps(maps, "check-srv-cname", &obj)) {
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
zone_options &= ~DNS_ZONEOPT_WARNSRVCNAME;
zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
zone_options |= DNS_ZONEOPT_IGNORESRVCNAME;
} else
INSIST(0);
} else {
zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
}
obj = NULL;
if (get_maps(maps, "check-sibling", &obj)) {
if (cfg_obj_asboolean(obj))
zone_options |= DNS_ZONEOPT_CHECKSIBLING;
else
zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
}
obj = NULL;
if (get_maps(maps, "check-spf", &obj)) {
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
zone_options |= DNS_ZONEOPT_CHECKSPF;
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
zone_options &= ~DNS_ZONEOPT_CHECKSPF;
} else
INSIST(0);
} else {
zone_options |= DNS_ZONEOPT_CHECKSPF;
}
obj = NULL;
if (get_checknames(maps, &obj)) {
if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
zone_options |= DNS_ZONEOPT_CHECKNAMES;
zone_options &= ~DNS_ZONEOPT_CHECKNAMESFAIL;
} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
zone_options |= DNS_ZONEOPT_CHECKNAMES;
zone_options |= DNS_ZONEOPT_CHECKNAMESFAIL;
} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
zone_options &= ~DNS_ZONEOPT_CHECKNAMES;
zone_options &= ~DNS_ZONEOPT_CHECKNAMESFAIL;
} else
INSIST(0);
} else {
zone_options |= DNS_ZONEOPT_CHECKNAMES;
zone_options |= DNS_ZONEOPT_CHECKNAMESFAIL;
}
masterformat = dns_masterformat_text;
fmtobj = NULL;
if (get_maps(maps, "masterfile-format", &fmtobj)) {
const char *masterformatstr = cfg_obj_asstring(fmtobj);
if (strcasecmp(masterformatstr, "text") == 0)
masterformat = dns_masterformat_text;
else if (strcasecmp(masterformatstr, "raw") == 0)
masterformat = dns_masterformat_raw;
else if (strcasecmp(masterformatstr, "map") == 0)
masterformat = dns_masterformat_map;
else
INSIST(0);
}
obj = NULL;
if (get_maps(maps, "max-zone-ttl", &obj)) {
maxttl = cfg_obj_asuint32(obj);
zone_options2 |= DNS_ZONEOPT2_CHECKTTL;
}
result = load_zone(mctx, zname, zfile, masterformat,
zclass, maxttl, NULL);
if (result != ISC_R_SUCCESS)
fprintf(stderr, "%s/%s/%s: %s\n", view, zname, zclass,
dns_result_totext(result));
return (result);
}
isc_result_t
cfg_acl_fromconfig2(const cfg_obj_t *caml, const cfg_obj_t *cctx,
isc_log_t *lctx, cfg_aclconfctx_t *ctx,
isc_mem_t *mctx, unsigned int nest_level,
isc_uint16_t family, dns_acl_t **target)
{
isc_result_t result;
dns_acl_t *dacl = NULL, *inneracl = NULL;
dns_aclelement_t *de;
const cfg_listelt_t *elt;
dns_iptable_t *iptab;
int new_nest_level = 0;
if (nest_level != 0)
new_nest_level = nest_level - 1;
REQUIRE(target != NULL);
REQUIRE(*target == NULL || DNS_ACL_VALID(*target));
if (*target != NULL) {
/*
* If target already points to an ACL, then we're being
* called recursively to configure a nested ACL. The
* nested ACL's contents should just be absorbed into its
* parent ACL.
*/
dns_acl_attach(*target, &dacl);
dns_acl_detach(target);
} else {
/*
* Need to allocate a new ACL structure. Count the items
* in the ACL definition that will require space in the
* elements table. (Note that if nest_level is nonzero,
* *everything* goes in the elements table.)
*/
isc_uint32_t nelem;
if (nest_level == 0) {
result = count_acl_elements(caml, cctx, lctx, ctx,
mctx, &nelem, NULL);
if (result != ISC_R_SUCCESS)
return (result);
} else
nelem = cfg_list_length(caml, ISC_FALSE);
result = dns_acl_create(mctx, nelem, &dacl);
if (result != ISC_R_SUCCESS)
return (result);
}
de = dacl->elements;
for (elt = cfg_list_first(caml);
elt != NULL;
elt = cfg_list_next(elt)) {
const cfg_obj_t *ce = cfg_listelt_value(elt);
isc_boolean_t neg = ISC_FALSE;
INSIST(dacl->length <= dacl->alloc);
if (cfg_obj_istuple(ce)) {
/* Might be a negated element */
const cfg_obj_t *negated =
cfg_tuple_get(ce, "negated");
if (! cfg_obj_isvoid(negated)) {
neg = ISC_TRUE;
dacl->has_negatives = ISC_TRUE;
ce = negated;
}
}
/*
* If nest_level is nonzero, then every element is
* to be stored as a separate, nested ACL rather than
* merged into the main iptable.
*/
iptab = dacl->iptable;
if (nest_level != 0) {
result = dns_acl_create(mctx,
cfg_list_length(ce, ISC_FALSE),
&de->nestedacl);
if (result != ISC_R_SUCCESS)
goto cleanup;
iptab = de->nestedacl->iptable;
}
if (cfg_obj_isnetprefix(ce)) {
/* Network prefix */
isc_netaddr_t addr;
unsigned int bitlen;
cfg_obj_asnetprefix(ce, &addr, &bitlen);
if (family != 0 && family != addr.family) {
char buf[ISC_NETADDR_FORMATSIZE + 1];
isc_netaddr_format(&addr, buf, sizeof(buf));
cfg_obj_log(ce, lctx, ISC_LOG_WARNING,
"'%s': incorrect address family; "
"ignoring", buf);
if (nest_level != 0)
dns_acl_detach(&de->nestedacl);
continue;
}
result = isc_netaddr_prefixok(&addr, bitlen);
if (result != ISC_R_SUCCESS) {
char buf[ISC_NETADDR_FORMATSIZE + 1];
isc_netaddr_format(&addr, buf, sizeof(buf));
cfg_obj_log(ce, lctx, ISC_LOG_WARNING,
"'%s/%u': address/prefix length "
"mismatch", buf, bitlen);
}
/*
* If nesting ACLs (nest_level != 0), we negate
* the nestedacl element, not the iptable entry.
*/
result = dns_iptable_addprefix(iptab, &addr, bitlen,
ISC_TF(nest_level != 0 || !neg));
if (result != ISC_R_SUCCESS)
goto cleanup;
if (nest_level > 0) {
INSIST(dacl->length < dacl->alloc);
de->type = dns_aclelementtype_nestedacl;
de->negative = neg;
} else
continue;
} else if (cfg_obj_islist(ce)) {
/*
* If we're nesting ACLs, put the nested
* ACL onto the elements list; otherwise
* merge it into *this* ACL. We nest ACLs
* in two cases: 1) sortlist, 2) if the
* nested ACL contains negated members.
*/
if (inneracl != NULL)
dns_acl_detach(&inneracl);
result = cfg_acl_fromconfig(ce, cctx, lctx,
ctx, mctx, new_nest_level,
&inneracl);
if (result != ISC_R_SUCCESS)
goto cleanup;
nested_acl:
if (nest_level > 0 || inneracl->has_negatives) {
INSIST(dacl->length < dacl->alloc);
de->type = dns_aclelementtype_nestedacl;
de->negative = neg;
if (de->nestedacl != NULL)
dns_acl_detach(&de->nestedacl);
dns_acl_attach(inneracl,
&de->nestedacl);
dns_acl_detach(&inneracl);
/* Fall through. */
} else {
INSIST(dacl->length + inneracl->length
<= dacl->alloc);
dns_acl_merge(dacl, inneracl,
ISC_TF(!neg));
de += inneracl->length; /* elements added */
dns_acl_detach(&inneracl);
INSIST(dacl->length <= dacl->alloc);
continue;
}
} else if (cfg_obj_istype(ce, &cfg_type_keyref)) {
/* Key name. */
INSIST(dacl->length < dacl->alloc);
de->type = dns_aclelementtype_keyname;
de->negative = neg;
dns_name_init(&de->keyname, NULL);
result = convert_keyname(ce, lctx, mctx,
&de->keyname);
if (result != ISC_R_SUCCESS)
goto cleanup;
#ifdef HAVE_GEOIP
} else if (cfg_obj_istuple(ce) &&
cfg_obj_isvoid(cfg_tuple_get(ce, "negated")))
{
INSIST(dacl->length < dacl->alloc);
result = parse_geoip_element(ce, lctx, ctx, de);
if (result != ISC_R_SUCCESS)
goto cleanup;
de->type = dns_aclelementtype_geoip;
de->negative = neg;
#endif /* HAVE_GEOIP */
} else if (cfg_obj_isstring(ce)) {
/* ACL name. */
const char *name = cfg_obj_asstring(ce);
if (strcasecmp(name, "any") == 0) {
/* Iptable entry with zero bit length. */
result = dns_iptable_addprefix(iptab, NULL, 0,
ISC_TF(nest_level != 0 || !neg));
if (result != ISC_R_SUCCESS)
goto cleanup;
if (nest_level != 0) {
INSIST(dacl->length < dacl->alloc);
de->type = dns_aclelementtype_nestedacl;
de->negative = neg;
} else
continue;
} else if (strcasecmp(name, "none") == 0) {
/* none == !any */
/*
* We don't unconditional set
* dacl->has_negatives and
* de->negative to true so we can handle
* "!none;".
*/
result = dns_iptable_addprefix(iptab, NULL, 0,
ISC_TF(nest_level != 0 || neg));
if (result != ISC_R_SUCCESS)
goto cleanup;
if (!neg)
dacl->has_negatives = !neg;
if (nest_level != 0) {
INSIST(dacl->length < dacl->alloc);
de->type = dns_aclelementtype_nestedacl;
de->negative = !neg;
} else
continue;
} else if (strcasecmp(name, "localhost") == 0) {
INSIST(dacl->length < dacl->alloc);
de->type = dns_aclelementtype_localhost;
de->negative = neg;
} else if (strcasecmp(name, "localnets") == 0) {
INSIST(dacl->length < dacl->alloc);
de->type = dns_aclelementtype_localnets;
de->negative = neg;
} else {
if (inneracl != NULL)
dns_acl_detach(&inneracl);
/*
* This call should just find the cached
* of the named acl.
*/
result = convert_named_acl(ce, cctx, lctx, ctx,
mctx, new_nest_level,
&inneracl);
if (result != ISC_R_SUCCESS)
goto cleanup;
goto nested_acl;
}
} else {
cfg_obj_log(ce, lctx, ISC_LOG_WARNING,
"address match list contains "
"unsupported element type");
result = ISC_R_FAILURE;
goto cleanup;
}
/*
* This should only be reached for localhost, localnets
* and keyname elements, and nested ACLs if nest_level is
* nonzero (i.e., in sortlists).
*/
if (de->nestedacl != NULL &&
de->type != dns_aclelementtype_nestedacl)
dns_acl_detach(&de->nestedacl);
dacl->node_count++;
de->node_num = dacl->node_count;
dacl->length++;
de++;
INSIST(dacl->length <= dacl->alloc);
}
dns_acl_attach(dacl, target);
result = ISC_R_SUCCESS;
cleanup:
if (inneracl != NULL)
dns_acl_detach(&inneracl);
dns_acl_detach(&dacl);
return (result);
}
/*
* Recursively pre-parse an ACL definition to find the total number
* of non-IP-prefix elements (localhost, localnets, key) in all nested
* ACLs, so that the parent will have enough space allocated for the
* elements table after all the nested ACLs have been merged in to the
* parent.
*/
static isc_result_t
count_acl_elements(const cfg_obj_t *caml, const cfg_obj_t *cctx,
isc_log_t *lctx, cfg_aclconfctx_t *ctx, isc_mem_t *mctx,
isc_uint32_t *count, isc_boolean_t *has_negative)
{
const cfg_listelt_t *elt;
isc_result_t result;
isc_uint32_t n = 0;
REQUIRE(count != NULL);
if (has_negative != NULL)
*has_negative = ISC_FALSE;
for (elt = cfg_list_first(caml);
elt != NULL;
elt = cfg_list_next(elt)) {
const cfg_obj_t *ce = cfg_listelt_value(elt);
/* might be a negated element, in which case get the value. */
if (cfg_obj_istuple(ce)) {
const cfg_obj_t *negated =
cfg_tuple_get(ce, "negated");
if (! cfg_obj_isvoid(negated)) {
ce = negated;
if (has_negative != NULL)
*has_negative = ISC_TRUE;
}
}
if (cfg_obj_istype(ce, &cfg_type_keyref)) {
n++;
} else if (cfg_obj_islist(ce)) {
isc_boolean_t negative;
isc_uint32_t sub;
result = count_acl_elements(ce, cctx, lctx, ctx, mctx,
&sub, &negative);
if (result != ISC_R_SUCCESS)
return (result);
n += sub;
if (negative)
n++;
#ifdef HAVE_GEOIP
} else if (cfg_obj_istuple(ce) &&
cfg_obj_isvoid(cfg_tuple_get(ce, "negated")))
{
n++;
#endif /* HAVE_GEOIP */
} else if (cfg_obj_isstring(ce)) {
const char *name = cfg_obj_asstring(ce);
if (strcasecmp(name, "localhost") == 0 ||
strcasecmp(name, "localnets") == 0 ||
strcasecmp(name, "none") == 0)
{
n++;
} else if (strcasecmp(name, "any") != 0) {
dns_acl_t *inneracl = NULL;
/*
* Convert any named acls we reference now if
* they have not already been converted.
*/
result = convert_named_acl(ce, cctx, lctx, ctx,
mctx, 0, &inneracl);
if (result == ISC_R_SUCCESS) {
if (inneracl->has_negatives)
n++;
else
n += inneracl->length;
dns_acl_detach(&inneracl);
} else
return (result);
}
}
}
*count = n;
return (ISC_R_SUCCESS);
}
isc_result_t
cfg_acl_fromconfig(const cfg_obj_t *caml,
const cfg_obj_t *cctx,
isc_log_t *lctx,
cfg_aclconfctx_t *ctx,
isc_mem_t *mctx,
unsigned int nest_level,
dns_acl_t **target)
{
isc_result_t result;
dns_acl_t *dacl = NULL, *inneracl = NULL;
dns_aclelement_t *de;
const cfg_listelt_t *elt;
dns_iptable_t *iptab;
int new_nest_level = 0;
if (nest_level != 0)
new_nest_level = nest_level - 1;
REQUIRE(target != NULL);
REQUIRE(*target == NULL || DNS_ACL_VALID(*target));
if (*target != NULL) {
/*
* If target already points to an ACL, then we're being
* called recursively to configure a nested ACL. The
* nested ACL's contents should just be absorbed into its
* parent ACL.
*/
dns_acl_attach(*target, &dacl);
dns_acl_detach(target);
} else {
/*
* Need to allocate a new ACL structure. Count the items
* in the ACL definition that will require space in the
* elements table. (Note that if nest_level is nonzero,
* *everything* goes in the elements table.)
*/
int nelem;
if (nest_level == 0)
nelem = count_acl_elements(caml, cctx, NULL);
else
nelem = cfg_list_length(caml, ISC_FALSE);
result = dns_acl_create(mctx, nelem, &dacl);
if (result != ISC_R_SUCCESS)
return (result);
}
de = dacl->elements;
for (elt = cfg_list_first(caml);
elt != NULL;
elt = cfg_list_next(elt)) {
const cfg_obj_t *ce = cfg_listelt_value(elt);
isc_boolean_t neg;
if (cfg_obj_istuple(ce)) {
/* This must be a negated element. */
ce = cfg_tuple_get(ce, "value");
neg = ISC_TRUE;
dacl->has_negatives = ISC_TRUE;
} else
neg = ISC_FALSE;
/*
* If nest_level is nonzero, then every element is
* to be stored as a separate, nested ACL rather than
* merged into the main iptable.
*/
iptab = dacl->iptable;
if (nest_level != 0) {
result = dns_acl_create(mctx,
cfg_list_length(ce, ISC_FALSE),
&de->nestedacl);
if (result != ISC_R_SUCCESS)
goto cleanup;
iptab = de->nestedacl->iptable;
}
if (cfg_obj_isnetprefix(ce)) {
/* Network prefix */
isc_netaddr_t addr;
unsigned int bitlen;
cfg_obj_asnetprefix(ce, &addr, &bitlen);
/*
* If nesting ACLs (nest_level != 0), we negate
* the nestedacl element, not the iptable entry.
*/
result = dns_iptable_addprefix(iptab, &addr, bitlen,
ISC_TF(nest_level != 0 || !neg));
if (result != ISC_R_SUCCESS)
goto cleanup;
if (nest_level > 0) {
de->type = dns_aclelementtype_nestedacl;
de->negative = neg;
} else
continue;
} else if (cfg_obj_islist(ce)) {
/*
* If we're nesting ACLs, put the nested
* ACL onto the elements list; otherwise
* merge it into *this* ACL. We nest ACLs
* in two cases: 1) sortlist, 2) if the
* nested ACL contains negated members.
*/
if (inneracl != NULL)
dns_acl_detach(&inneracl);
result = cfg_acl_fromconfig(ce, cctx, lctx,
ctx, mctx, new_nest_level,
&inneracl);
if (result != ISC_R_SUCCESS)
goto cleanup;
nested_acl:
if (nest_level > 0 || inneracl->has_negatives) {
de->type = dns_aclelementtype_nestedacl;
de->negative = neg;
if (de->nestedacl != NULL)
dns_acl_detach(&de->nestedacl);
dns_acl_attach(inneracl,
&de->nestedacl);
dns_acl_detach(&inneracl);
/* Fall through. */
} else {
dns_acl_merge(dacl, inneracl,
ISC_TF(!neg));
de += inneracl->length; /* elements added */
dns_acl_detach(&inneracl);
continue;
}
} else if (cfg_obj_istype(ce, &cfg_type_keyref)) {
/* Key name. */
de->type = dns_aclelementtype_keyname;
de->negative = neg;
dns_name_init(&de->keyname, NULL);
result = convert_keyname(ce, lctx, mctx,
&de->keyname);
if (result != ISC_R_SUCCESS)
goto cleanup;
} else if (cfg_obj_isstring(ce)) {
/* ACL name. */
const char *name = cfg_obj_asstring(ce);
if (strcasecmp(name, "any") == 0) {
/* Iptable entry with zero bit length. */
result = dns_iptable_addprefix(iptab, NULL, 0,
ISC_TF(nest_level != 0 || !neg));
if (result != ISC_R_SUCCESS)
goto cleanup;
if (nest_level != 0) {
de->type = dns_aclelementtype_nestedacl;
de->negative = neg;
} else
continue;
} else if (strcasecmp(name, "none") == 0) {
/* none == !any */
/*
* We don't unconditional set
* dacl->has_negatives and
* de->negative to true so we can handle
* "!none;".
*/
result = dns_iptable_addprefix(iptab, NULL, 0,
ISC_TF(nest_level != 0 || neg));
if (result != ISC_R_SUCCESS)
goto cleanup;
if (!neg)
dacl->has_negatives = !neg;
if (nest_level != 0) {
de->type = dns_aclelementtype_nestedacl;
de->negative = !neg;
} else
continue;
#ifdef SUPPORT_GEOIP
} else if ((0 == (strncmp("country_", name, 8))) && (10 == strlen(name))) {
/* It is a country code */
de->type = dns_aclelementtype_ipcountry;
de->country[0] = name[8];
de->country[1] = name[9];
de->country[2] = '\0';
#endif
} else if (strcasecmp(name, "localhost") == 0) {
de->type = dns_aclelementtype_localhost;
de->negative = neg;
} else if (strcasecmp(name, "localnets") == 0) {
de->type = dns_aclelementtype_localnets;
de->negative = neg;
} else {
if (inneracl != NULL)
dns_acl_detach(&inneracl);
result = convert_named_acl(ce, cctx, lctx, ctx,
mctx, new_nest_level,
&inneracl);
if (result != ISC_R_SUCCESS)
goto cleanup;
goto nested_acl;
}
} else {
cfg_obj_log(ce, lctx, ISC_LOG_WARNING,
"address match list contains "
"unsupported element type");
result = ISC_R_FAILURE;
goto cleanup;
}
/*
* This should only be reached for localhost, localnets
* and keyname elements, and nested ACLs if nest_level is
* nonzero (i.e., in sortlists).
*/
if (de->nestedacl != NULL &&
de->type != dns_aclelementtype_nestedacl)
dns_acl_detach(&de->nestedacl);
dacl->node_count++;
de->node_num = dacl->node_count;
dacl->length++;
de++;
INSIST(dacl->length <= dacl->alloc);
}
dns_acl_attach(dacl, target);
result = ISC_R_SUCCESS;
cleanup:
if (inneracl != NULL)
dns_acl_detach(&inneracl);
dns_acl_detach(&dacl);
return (result);
}
/*%
* Set up a logging channel according to the named.conf data
* in 'cchan' and add it to 'lctx'.
*/
static isc_result_t
channel_fromconf(const cfg_obj_t *channel, isc_logconfig_t *lctx) {
isc_result_t result;
isc_logdestination_t dest;
unsigned int type;
unsigned int flags = 0;
int level;
const char *channelname;
const cfg_obj_t *fileobj = NULL;
const cfg_obj_t *syslogobj = NULL;
const cfg_obj_t *nullobj = NULL;
const cfg_obj_t *stderrobj = NULL;
const cfg_obj_t *severity = NULL;
int i;
channelname = cfg_obj_asstring(cfg_map_getname(channel));
(void)cfg_map_get(channel, "file", &fileobj);
(void)cfg_map_get(channel, "syslog", &syslogobj);
(void)cfg_map_get(channel, "null", &nullobj);
(void)cfg_map_get(channel, "stderr", &stderrobj);
i = 0;
if (fileobj != NULL)
i++;
if (syslogobj != NULL)
i++;
if (nullobj != NULL)
i++;
if (stderrobj != NULL)
i++;
if (i != 1) {
cfg_obj_log(channel, ns_g_lctx, ISC_LOG_ERROR,
"channel '%s': exactly one of file, syslog, "
"null, and stderr must be present", channelname);
return (ISC_R_FAILURE);
}
type = ISC_LOG_TONULL;
if (fileobj != NULL) {
const cfg_obj_t *pathobj = cfg_tuple_get(fileobj, "file");
const cfg_obj_t *sizeobj = cfg_tuple_get(fileobj, "size");
const cfg_obj_t *versionsobj =
cfg_tuple_get(fileobj, "versions");
isc_int32_t versions = ISC_LOG_ROLLNEVER;
isc_offset_t size = 0;
type = ISC_LOG_TOFILE;
if (versionsobj != NULL && cfg_obj_isuint32(versionsobj))
versions = cfg_obj_asuint32(versionsobj);
if (versionsobj != NULL && cfg_obj_isstring(versionsobj) &&
strcasecmp(cfg_obj_asstring(versionsobj), "unlimited") == 0)
versions = ISC_LOG_ROLLINFINITE;
if (sizeobj != NULL &&
cfg_obj_isuint64(sizeobj) &&
cfg_obj_asuint64(sizeobj) < ISC_OFFSET_MAXIMUM)
size = (isc_offset_t)cfg_obj_asuint64(sizeobj);
dest.file.stream = NULL;
dest.file.name = cfg_obj_asstring(pathobj);
dest.file.versions = versions;
dest.file.maximum_size = size;
} else if (syslogobj != NULL) {
int facility = LOG_DAEMON;
type = ISC_LOG_TOSYSLOG;
if (cfg_obj_isstring(syslogobj)) {
const char *facilitystr = cfg_obj_asstring(syslogobj);
(void)isc_syslog_facilityfromstring(facilitystr,
&facility);
}
dest.facility = facility;
} else if (stderrobj != NULL) {
type = ISC_LOG_TOFILEDESC;
dest.file.stream = stderr;
dest.file.name = NULL;
dest.file.versions = ISC_LOG_ROLLNEVER;
dest.file.maximum_size = 0;
}
/*
* Munge flags.
*/
{
const cfg_obj_t *printcat = NULL;
const cfg_obj_t *printsev = NULL;
const cfg_obj_t *printtime = NULL;
(void)cfg_map_get(channel, "print-category", &printcat);
(void)cfg_map_get(channel, "print-severity", &printsev);
(void)cfg_map_get(channel, "print-time", &printtime);
if (printcat != NULL && cfg_obj_asboolean(printcat))
flags |= ISC_LOG_PRINTCATEGORY;
if (printtime != NULL && cfg_obj_asboolean(printtime))
flags |= ISC_LOG_PRINTTIME;
if (printsev != NULL && cfg_obj_asboolean(printsev))
flags |= ISC_LOG_PRINTLEVEL;
}
level = ISC_LOG_INFO;
if (cfg_map_get(channel, "severity", &severity) == ISC_R_SUCCESS) {
if (cfg_obj_isstring(severity)) {
const char *str = cfg_obj_asstring(severity);
if (strcasecmp(str, "critical") == 0)
level = ISC_LOG_CRITICAL;
else if (strcasecmp(str, "error") == 0)
level = ISC_LOG_ERROR;
else if (strcasecmp(str, "warning") == 0)
level = ISC_LOG_WARNING;
else if (strcasecmp(str, "notice") == 0)
level = ISC_LOG_NOTICE;
else if (strcasecmp(str, "info") == 0)
level = ISC_LOG_INFO;
else if (strcasecmp(str, "dynamic") == 0)
level = ISC_LOG_DYNAMIC;
} else
/* debug */
level = cfg_obj_asuint32(severity);
}
result = isc_log_createchannel(lctx, channelname,
type, level, &dest, flags);
if (result == ISC_R_SUCCESS && type == ISC_LOG_TOFILE) {
FILE *fp;
/*
* Test that the file can be opened, since isc_log_open()
* can't effectively report failures when called in
* isc_log_doit().
*/
result = isc_stdio_open(dest.file.name, "a", &fp);
if (result != ISC_R_SUCCESS)
isc_log_write(ns_g_lctx, CFG_LOGCATEGORY_CONFIG,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"logging channel '%s' file '%s': %s",
channelname, dest.file.name,
isc_result_totext(result));
else
(void)isc_stdio_close(fp);
/*
* Allow named to continue by returning success.
*/
result = ISC_R_SUCCESS;
}
return (result);
}