Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files. =================================================================== RCS file: /ftp/cvs/cvsroot/src/external/mpl/bind/dist/bin/named/zoneconf.c,v rcsdiff: /ftp/cvs/cvsroot/src/external/mpl/bind/dist/bin/named/zoneconf.c,v: warning: Unknown phrases like `commitid ...;' are present. retrieving revision 1.1.1.5 retrieving revision 1.1.1.6 diff -u -p -r1.1.1.5 -r1.1.1.6 --- src/external/mpl/bind/dist/bin/named/zoneconf.c 2019/11/24 19:56:53 1.1.1.5 +++ src/external/mpl/bind/dist/bin/named/zoneconf.c 2020/05/24 19:36:31 1.1.1.6 @@ -1,4 +1,4 @@ -/* $NetBSD: zoneconf.c,v 1.1.1.5 2019/11/24 19:56:53 christos Exp $ */ +/* $NetBSD: zoneconf.c,v 1.1.1.6 2020/05/24 19:36:31 christos Exp $ */ /* * Copyright (C) Internet Systems Consortium, Inc. ("ISC") @@ -11,8 +11,6 @@ * information regarding copyright ownership. */ -#include - #include #include @@ -21,21 +19,22 @@ #include #include #include -#include /* Required for HP/UX (and others?) */ +#include /* Required for HP/UX (and others?) */ #include #include #include -#include #include +#include #include +#include #include -#include #include +#include #include -#include -#include #include +#include +#include #include #include #include @@ -62,16 +61,18 @@ typedef enum { allow_update_forwarding } acl_type_t; -#define RETERR(x) do { \ - isc_result_t _r = (x); \ - if (_r != ISC_R_SUCCESS) \ - return (_r); \ +#define RETERR(x) \ + do { \ + isc_result_t _r = (x); \ + if (_r != ISC_R_SUCCESS) \ + return ((_r)); \ } while (0) -#define CHECK(x) do { \ - result = (x); \ - if (result != ISC_R_SUCCESS) \ - goto cleanup; \ +#define CHECK(x) \ + do { \ + result = (x); \ + if (result != ISC_R_SUCCESS) \ + goto cleanup; \ } while (0) /*% @@ -82,10 +83,9 @@ configure_zone_acl(const cfg_obj_t *zcon const cfg_obj_t *config, acl_type_t acltype, cfg_aclconfctx_t *actx, dns_zone_t *zone, void (*setzacl)(dns_zone_t *, dns_acl_t *), - void (*clearzacl)(dns_zone_t *)) -{ + void (*clearzacl)(dns_zone_t *)) { isc_result_t result; - const cfg_obj_t *maps[5] = {NULL, NULL, NULL, NULL, NULL}; + const cfg_obj_t *maps[5] = { NULL, NULL, NULL, NULL, NULL }; const cfg_obj_t *aclobj = NULL; int i = 0; dns_acl_t **aclp = NULL, *acl = NULL; @@ -95,37 +95,43 @@ configure_zone_acl(const cfg_obj_t *zcon view = dns_zone_getview(zone); switch (acltype) { - case allow_notify: - if (view != NULL) + case allow_notify: + if (view != NULL) { aclp = &view->notifyacl; + } aclname = "allow-notify"; break; - case allow_query: - if (view != NULL) + case allow_query: + if (view != NULL) { aclp = &view->queryacl; + } aclname = "allow-query"; break; - case allow_query_on: - if (view != NULL) + case allow_query_on: + if (view != NULL) { aclp = &view->queryonacl; + } aclname = "allow-query-on"; break; - case allow_transfer: - if (view != NULL) + case allow_transfer: + if (view != NULL) { aclp = &view->transferacl; + } aclname = "allow-transfer"; break; - case allow_update: - if (view != NULL) + case allow_update: + if (view != NULL) { aclp = &view->updateacl; + } aclname = "allow-update"; break; - case allow_update_forwarding: - if (view != NULL) + case allow_update_forwarding: + if (view != NULL) { aclp = &view->upfwdacl; + } aclname = "allow-update-forwarding"; break; - default: + default: INSIST(0); ISC_UNREACHABLE(); } @@ -149,14 +155,16 @@ configure_zone_acl(const cfg_obj_t *zcon /* Check for default ACLs that haven't been parsed yet */ if (vconfig != NULL) { const cfg_obj_t *options = cfg_tuple_get(vconfig, "options"); - if (options != NULL) + if (options != NULL) { maps[i++] = options; + } } if (config != NULL) { const cfg_obj_t *options = NULL; (void)cfg_map_get(config, "options", &options); - if (options != NULL) + if (options != NULL) { maps[i++] = options; + } } maps[i++] = named_g_defaults; maps[i] = NULL; @@ -170,13 +178,15 @@ configure_zone_acl(const cfg_obj_t *zcon parse_acl: result = cfg_acl_fromconfig(aclobj, config, named_g_lctx, actx, dns_zone_getmctx(zone), 0, &acl); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) { return (result); + } (*setzacl)(zone, acl); /* Set the view default now */ - if (aclp != NULL) + if (aclp != NULL) { dns_acl_attach(acl, aclp); + } dns_acl_detach(&acl); return (ISC_R_SUCCESS); @@ -187,8 +197,7 @@ parse_acl: */ static isc_result_t configure_zone_ssutable(const cfg_obj_t *zconfig, dns_zone_t *zone, - const char *zname) -{ + const char *zname) { const cfg_obj_t *updatepolicy = NULL; const cfg_listelt_t *element, *element2; dns_ssutable_t *table = NULL; @@ -204,17 +213,18 @@ configure_zone_ssutable(const cfg_obj_t } if (cfg_obj_isstring(updatepolicy) && - strcmp("local", cfg_obj_asstring(updatepolicy)) == 0) { + strcmp("local", cfg_obj_asstring(updatepolicy)) == 0) + { autoddns = true; updatepolicy = NULL; } result = dns_ssutable_create(mctx, &table); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) { return (result); + } - for (element = cfg_list_first(updatepolicy); - element != NULL; + for (element = cfg_list_first(updatepolicy); element != NULL; element = cfg_list_next(element)) { const cfg_obj_t *stmt = cfg_listelt_value(element); @@ -263,7 +273,7 @@ configure_zone_ssutable(const cfg_obj_t dns_fixedname_init(&fname); if (usezone) { dns_name_copynf(dns_zone_getorigin(zone), - dns_fixedname_name(&fname)); + dns_fixedname_name(&fname)); } else { str = cfg_obj_asstring(dname); isc_buffer_constinit(&b, str, strlen(str)); @@ -279,19 +289,14 @@ configure_zone_ssutable(const cfg_obj_t } n = named_config_listcount(typelist); - if (n == 0) + if (n == 0) { types = NULL; - else { + } else { types = isc_mem_get(mctx, n * sizeof(dns_rdatatype_t)); - if (types == NULL) { - result = ISC_R_NOMEMORY; - goto cleanup; - } } i = 0; - for (element2 = cfg_list_first(typelist); - element2 != NULL; + for (element2 = cfg_list_first(typelist); element2 != NULL; element2 = cfg_list_next(element2)) { const cfg_obj_t *typeobj; @@ -316,13 +321,12 @@ configure_zone_ssutable(const cfg_obj_t } INSIST(i == n); - result = dns_ssutable_addrule(table, grant, - dns_fixedname_name(&fident), - mtype, - dns_fixedname_name(&fname), - n, types); - if (types != NULL) + result = dns_ssutable_addrule( + table, grant, dns_fixedname_name(&fident), mtype, + dns_fixedname_name(&fname), n, types); + if (types != NULL) { isc_mem_put(mctx, types, n * sizeof(dns_rdatatype_t)); + } if (result != ISC_R_SUCCESS) { goto cleanup; } @@ -346,20 +350,20 @@ configure_zone_ssutable(const cfg_obj_t goto cleanup; } - result = dns_ssutable_addrule(table, true, - named_g_server->session_keyname, - dns_ssumatchtype_local, - dns_zone_getorigin(zone), - 1, &any); + result = dns_ssutable_addrule( + table, true, named_g_server->session_keyname, + dns_ssumatchtype_local, dns_zone_getorigin(zone), 1, + &any); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) { goto cleanup; + } } result = ISC_R_SUCCESS; dns_zone_setssutable(zone, table); - cleanup: +cleanup: dns_ssutable_detach(&table); return (result); } @@ -383,19 +387,17 @@ static isc_result_t configure_staticstub_serveraddrs(const cfg_obj_t *zconfig, dns_zone_t *zone, dns_rdatalist_t *rdatalist_ns, dns_rdatalist_t *rdatalist_a, - dns_rdatalist_t *rdatalist_aaaa) -{ + dns_rdatalist_t *rdatalist_aaaa) { const cfg_listelt_t *element; isc_mem_t *mctx = dns_zone_getmctx(zone); isc_region_t region, sregion; dns_rdata_t *rdata; isc_result_t result = ISC_R_SUCCESS; - for (element = cfg_list_first(zconfig); - element != NULL; + for (element = cfg_list_first(zconfig); element != NULL; element = cfg_list_next(element)) { - const isc_sockaddr_t* sa; + const isc_sockaddr_t *sa; isc_netaddr_t na; const cfg_obj_t *address = cfg_listelt_value(element); dns_rdatalist_t *rdatalist; @@ -410,9 +412,9 @@ configure_staticstub_serveraddrs(const c isc_netaddr_fromsockaddr(&na, sa); if (isc_netaddr_getzone(&na) != 0) { cfg_obj_log(zconfig, named_g_lctx, ISC_LOG_ERROR, - "scoped address is not allowed " - "for static stub " - "server-addresses"); + "scoped address is not allowed " + "for static stub " + "server-addresses"); return (ISC_R_FAILURE); } @@ -429,8 +431,6 @@ configure_staticstub_serveraddrs(const c } rdata = isc_mem_get(mctx, sizeof(*rdata) + region.length); - if (rdata == NULL) - return (ISC_R_NOMEMORY); region.base = (unsigned char *)(rdata + 1); memmove(region.base, &na.type, region.length); dns_rdata_init(rdata); @@ -451,19 +451,12 @@ configure_staticstub_serveraddrs(const c /* Add to the list an apex NS with the ns name being the origin name */ dns_name_toregion(dns_zone_getorigin(zone), &sregion); rdata = isc_mem_get(mctx, sizeof(*rdata) + sregion.length); - if (rdata == NULL) { - /* - * Already allocated data will be freed in the caller, so - * we can simply return here. - */ - return (ISC_R_NOMEMORY); - } region.length = sregion.length; region.base = (unsigned char *)(rdata + 1); memmove(region.base, sregion.base, region.length); dns_rdata_init(rdata); - dns_rdata_fromregion(rdata, dns_zone_getclass(zone), - dns_rdatatype_ns, ®ion); + dns_rdata_fromregion(rdata, dns_zone_getclass(zone), dns_rdatatype_ns, + ®ion); ISC_LIST_APPEND(rdatalist_ns->rdata, rdata, link); return (result); @@ -477,16 +470,15 @@ configure_staticstub_serveraddrs(const c */ static isc_result_t configure_staticstub_servernames(const cfg_obj_t *zconfig, dns_zone_t *zone, - dns_rdatalist_t *rdatalist, const char *zname) -{ + dns_rdatalist_t *rdatalist, + const char *zname) { const cfg_listelt_t *element; isc_mem_t *mctx = dns_zone_getmctx(zone); dns_rdata_t *rdata; isc_region_t sregion, region; isc_result_t result = ISC_R_SUCCESS; - for (element = cfg_list_first(zconfig); - element != NULL; + for (element = cfg_list_first(zconfig); element != NULL; element = cfg_list_next(element)) { const cfg_obj_t *obj; @@ -505,8 +497,9 @@ configure_staticstub_servernames(const c result = dns_name_fromtext(nsname, &b, dns_rootname, 0, NULL); if (result != ISC_R_SUCCESS) { cfg_obj_log(zconfig, named_g_lctx, ISC_LOG_ERROR, - "server-name '%s' is not a valid " - "name", str); + "server-name '%s' is not a valid " + "name", + str); return (result); } if (dns_name_issubdomain(nsname, dns_zone_getorigin(zone))) { @@ -519,8 +512,6 @@ configure_staticstub_servernames(const c dns_name_toregion(nsname, &sregion); rdata = isc_mem_get(mctx, sizeof(*rdata) + sregion.length); - if (rdata == NULL) - return (ISC_R_NOMEMORY); region.length = sregion.length; region.base = (unsigned char *)(rdata + 1); memmove(region.base, sregion.base, region.length); @@ -538,8 +529,7 @@ configure_staticstub_servernames(const c */ static isc_result_t configure_staticstub(const cfg_obj_t *zconfig, dns_zone_t *zone, - const char *zname, const char *dbtype) -{ + const char *zname, const char *dbtype) { int i = 0; const cfg_obj_t *obj; isc_mem_t *mctx = dns_zone_getmctx(zone); @@ -550,16 +540,15 @@ configure_staticstub(const cfg_obj_t *zc isc_result_t result; dns_rdataset_t rdataset; dns_rdatalist_t rdatalist_ns, rdatalist_a, rdatalist_aaaa; - dns_rdatalist_t* rdatalists[] = { - &rdatalist_ns, &rdatalist_a, &rdatalist_aaaa, NULL - }; + dns_rdatalist_t *rdatalists[] = { &rdatalist_ns, &rdatalist_a, + &rdatalist_aaaa, NULL }; dns_rdata_t *rdata; isc_region_t region; /* Create the DB beforehand */ RETERR(dns_db_create(mctx, dbtype, dns_zone_getorigin(zone), - dns_dbtype_stub, dns_zone_getclass(zone), - 0, NULL, &db)); + dns_dbtype_stub, dns_zone_getclass(zone), 0, NULL, + &db)); dns_rdataset_init(&rdataset); @@ -583,8 +572,7 @@ configure_staticstub(const cfg_obj_t *zc result = cfg_map_get(zconfig, "server-addresses", &obj); if (result == ISC_R_SUCCESS) { INSIST(obj != NULL); - CHECK(configure_staticstub_serveraddrs(obj, zone, - &rdatalist_ns, + CHECK(configure_staticstub_serveraddrs(obj, zone, &rdatalist_ns, &rdatalist_a, &rdatalist_aaaa)); } @@ -593,8 +581,7 @@ configure_staticstub(const cfg_obj_t *zc result = cfg_map_get(zconfig, "server-names", &obj); if (result == ISC_R_SUCCESS) { INSIST(obj != NULL); - CHECK(configure_staticstub_servernames(obj, zone, - &rdatalist_ns, + CHECK(configure_staticstub_servernames(obj, zone, &rdatalist_ns, zname)); } @@ -606,7 +593,8 @@ configure_staticstub(const cfg_obj_t *zc isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR, "No NS record is configured for a " - "static-stub zone '%s'", zname); + "static-stub zone '%s'", + zname); result = ISC_R_FAILURE; goto cleanup; } @@ -623,28 +611,29 @@ configure_staticstub(const cfg_obj_t *zc CHECK(dns_db_findnode(db, &apexname, false, &apexnode)); /* Add NS RRset */ - RUNTIME_CHECK(dns_rdatalist_tordataset(&rdatalist_ns, &rdataset) - == ISC_R_SUCCESS); - CHECK(dns_db_addrdataset(db, apexnode, dbversion, 0, &rdataset, - 0, NULL)); + RUNTIME_CHECK(dns_rdatalist_tordataset(&rdatalist_ns, &rdataset) == + ISC_R_SUCCESS); + CHECK(dns_db_addrdataset(db, apexnode, dbversion, 0, &rdataset, 0, + NULL)); dns_rdataset_disassociate(&rdataset); /* Add glue A RRset, if any */ if (!ISC_LIST_EMPTY(rdatalist_a.rdata)) { - RUNTIME_CHECK(dns_rdatalist_tordataset(&rdatalist_a, &rdataset) - == ISC_R_SUCCESS); - CHECK(dns_db_addrdataset(db, apexnode, dbversion, 0, - &rdataset, 0, NULL)); + RUNTIME_CHECK( + dns_rdatalist_tordataset(&rdatalist_a, &rdataset) == + ISC_R_SUCCESS); + CHECK(dns_db_addrdataset(db, apexnode, dbversion, 0, &rdataset, + 0, NULL)); dns_rdataset_disassociate(&rdataset); } /* Add glue AAAA RRset, if any */ if (!ISC_LIST_EMPTY(rdatalist_aaaa.rdata)) { - RUNTIME_CHECK(dns_rdatalist_tordataset(&rdatalist_aaaa, - &rdataset) - == ISC_R_SUCCESS); - CHECK(dns_db_addrdataset(db, apexnode, dbversion, 0, - &rdataset, 0, NULL)); + RUNTIME_CHECK( + dns_rdatalist_tordataset(&rdatalist_aaaa, &rdataset) == + ISC_R_SUCCESS); + CHECK(dns_db_addrdataset(db, apexnode, dbversion, 0, &rdataset, + 0, NULL)); dns_rdataset_disassociate(&rdataset); } @@ -653,7 +642,7 @@ configure_staticstub(const cfg_obj_t *zc result = ISC_R_SUCCESS; - cleanup: +cleanup: if (dns_rdataset_isassociated(&rdataset)) { dns_rdataset_disassociate(&rdataset); } @@ -697,31 +686,32 @@ zonetype_fromconfig(const cfg_obj_t *map * Helper function for strtoargv(). Pardon the gratuitous recursion. */ static isc_result_t -strtoargvsub(isc_mem_t *mctx, char *s, unsigned int *argcp, - char ***argvp, unsigned int n) -{ +strtoargvsub(isc_mem_t *mctx, char *s, unsigned int *argcp, char ***argvp, + unsigned int n) { isc_result_t result; /* Discard leading whitespace. */ - while (*s == ' ' || *s == '\t') + while (*s == ' ' || *s == '\t') { s++; + } if (*s == '\0') { /* We have reached the end of the string. */ *argcp = n; *argvp = isc_mem_get(mctx, n * sizeof(char *)); - if (*argvp == NULL) - return (ISC_R_NOMEMORY); } else { char *p = s; - while (*p != ' ' && *p != '\t' && *p != '\0') + while (*p != ' ' && *p != '\t' && *p != '\0') { p++; - if (*p != '\0') + } + if (*p != '\0') { *p++ = '\0'; + } result = strtoargvsub(mctx, p, argcp, argvp, n + 1); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) { return (result); + } (*argvp)[n] = s; } return (ISC_R_SUCCESS); @@ -741,8 +731,7 @@ strtoargv(isc_mem_t *mctx, char *s, unsi static void checknames(dns_zonetype_t ztype, const cfg_obj_t **maps, - const cfg_obj_t **objp) -{ + const cfg_obj_t **objp) { const char *zone = NULL; isc_result_t result; @@ -771,49 +760,52 @@ checknames(dns_zonetype_t ztype, const c * are updated when the appropriate task has exclusivity. */ static bool -isself(dns_view_t *myview, dns_tsigkey_t *mykey, - const isc_sockaddr_t *srcaddr, const isc_sockaddr_t *dstaddr, - dns_rdataclass_t rdclass, void *arg) -{ - ns_interfacemgr_t *interfacemgr = (ns_interfacemgr_t *) arg; +isself(dns_view_t *myview, dns_tsigkey_t *mykey, const isc_sockaddr_t *srcaddr, + const isc_sockaddr_t *dstaddr, dns_rdataclass_t rdclass, void *arg) { + ns_interfacemgr_t *interfacemgr = (ns_interfacemgr_t *)arg; dns_aclenv_t *env = ns_interfacemgr_getaclenv(interfacemgr); dns_view_t *view; dns_tsigkey_t *key = NULL; isc_netaddr_t netsrc; isc_netaddr_t netdst; - if (interfacemgr == NULL) + if (interfacemgr == NULL) { return (true); + } - if (!ns_interfacemgr_listeningon(interfacemgr, dstaddr)) + if (!ns_interfacemgr_listeningon(interfacemgr, dstaddr)) { return (false); + } isc_netaddr_fromsockaddr(&netsrc, srcaddr); isc_netaddr_fromsockaddr(&netdst, dstaddr); - for (view = ISC_LIST_HEAD(named_g_server->viewlist); - view != NULL; + for (view = ISC_LIST_HEAD(named_g_server->viewlist); view != NULL; view = ISC_LIST_NEXT(view, link)) { const dns_name_t *tsig = NULL; - if (view->matchrecursiveonly) + if (view->matchrecursiveonly) { continue; + } - if (rdclass != view->rdclass) + if (rdclass != view->rdclass) { continue; + } if (mykey != NULL) { bool match; isc_result_t result; result = dns_view_gettsig(view, &mykey->name, &key); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) { continue; + } match = dst_key_compare(mykey->key, key->key); dns_tsigkey_detach(&key); - if (!match) + if (!match) { continue; + } tsig = dns_tsigkey_identity(mykey); } @@ -834,8 +826,7 @@ isself(dns_view_t *myview, dns_tsigkey_t */ static dns_notifytype_t process_notifytype(dns_notifytype_t ntype, dns_zonetype_t ztype, - const char *zname, const cfg_obj_t **maps) -{ + const char *zname, const cfg_obj_t **maps) { const cfg_obj_t *obj = NULL; /* @@ -853,7 +844,8 @@ process_notifytype(dns_notifytype_t ntyp if (named_config_get(maps, "notify", &obj) == ISC_R_SUCCESS) { cfg_obj_log(obj, named_g_lctx, ISC_LOG_INFO, "'notify explicit;' will be used for mirror zone " - "'%s'", zname); + "'%s'", + zname); } return (dns_notifytype_explicit); @@ -861,9 +853,9 @@ process_notifytype(dns_notifytype_t ntyp isc_result_t named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig, - const cfg_obj_t *zconfig, cfg_aclconfctx_t *ac, - dns_zone_t *zone, dns_zone_t *raw) -{ + const cfg_obj_t *zconfig, cfg_aclconfctx_t *ac, + dns_kasplist_t *kasplist, dns_zone_t *zone, + dns_zone_t *raw) { isc_result_t result; const char *zname; dns_rdataclass_t zclass; @@ -874,6 +866,7 @@ named_zone_configure(const cfg_obj_t *co const cfg_obj_t *options = NULL; const cfg_obj_t *obj; const char *filename = NULL; + const char *kaspname = NULL; const char *dupcheck; dns_notifytype_t notifytype = dns_notifytype_yes; uint32_t count; @@ -889,7 +882,8 @@ named_zone_configure(const cfg_obj_t *co int32_t journal_size; bool multi; bool alt; - dns_view_t *view; + dns_view_t *view = NULL; + dns_kasp_t *kasp = NULL; bool check = false, fail = false; bool warn = false, ignore = false; bool ixfrdiff; @@ -898,7 +892,6 @@ named_zone_configure(const cfg_obj_t *co isc_stats_t *zoneqrystats; dns_stats_t *rcvquerystats; dns_stats_t *dnssecsignstats; - dns_stats_t *dnssecrefreshstats; dns_zonestat_level_t statlevel = dns_zonestat_none; int seconds; dns_zone_t *mayberaw = (raw != NULL) ? raw : zone; @@ -925,11 +918,12 @@ named_zone_configure(const cfg_obj_t *co maps[i++] = named_g_defaults; maps[i] = NULL; - if (vconfig != NULL) + if (vconfig != NULL) { RETERR(named_config_getclass(cfg_tuple_get(vconfig, "class"), - dns_rdataclass_in, &vclass)); - else + dns_rdataclass_in, &vclass)); + } else { vclass = dns_rdataclass_in; + } /* * Configure values common to all zone types. @@ -937,25 +931,29 @@ named_zone_configure(const cfg_obj_t *co zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name")); - RETERR(named_config_getclass(cfg_tuple_get(zconfig, "class"), - vclass, &zclass)); + RETERR(named_config_getclass(cfg_tuple_get(zconfig, "class"), vclass, + &zclass)); dns_zone_setclass(zone, zclass); - if (raw != NULL) + if (raw != NULL) { dns_zone_setclass(raw, zclass); + } ztype = zonetype_fromconfig(zoptions); if (raw != NULL) { dns_zone_settype(raw, ztype); dns_zone_settype(zone, dns_zone_master); - } else + } else { dns_zone_settype(zone, ztype); + } obj = NULL; result = cfg_map_get(zoptions, "database", &obj); - if (result == ISC_R_SUCCESS) + if (result == ISC_R_SUCCESS) { cpval = isc_mem_strdup(mctx, cfg_obj_asstring(obj)); - if (cpval == NULL) - return(ISC_R_NOMEMORY); + } + if (cpval == NULL) { + return (ISC_R_NOMEMORY); + } obj = NULL; result = cfg_map_get(zoptions, "dlz", &obj); @@ -964,17 +962,16 @@ named_zone_configure(const cfg_obj_t *co size_t len; if (cpval != default_dbtype) { - isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, - NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR, - "zone '%s': both 'database' and 'dlz' " - "specified", zname); - return (ISC_R_FAILURE); + isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, + NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR, + "zone '%s': both 'database' and 'dlz' " + "specified", + zname); + return (ISC_R_FAILURE); } len = strlen(dlzname) + 5; cpval = isc_mem_allocate(mctx, len); - if (cpval == NULL) - return (ISC_R_NOMEMORY); snprintf(cpval, len, "dlz %s", dlzname); } @@ -989,17 +986,17 @@ named_zone_configure(const cfg_obj_t *co * cannot be promoted automatically to (const char * const *) by the * compiler w/o generating a warning. */ - result = dns_zone_setdbtype(zone, dbargc, (const char * const *)dbargv); + dns_zone_setdbtype(zone, dbargc, (const char *const *)dbargv); isc_mem_put(mctx, dbargv, dbargc * sizeof(*dbargv)); - if (cpval != default_dbtype && cpval != dlz_dbtype) + if (cpval != default_dbtype && cpval != dlz_dbtype) { isc_mem_free(mctx, cpval); - if (result != ISC_R_SUCCESS) - return (result); + } obj = NULL; result = cfg_map_get(zoptions, "file", &obj); - if (result == ISC_R_SUCCESS) + if (result == ISC_R_SUCCESS) { filename = cfg_obj_asstring(obj); + } /* * Unless we're using some alternative database, a master zone @@ -1009,15 +1006,15 @@ named_zone_configure(const cfg_obj_t *co filename == NULL) { isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR, - "zone '%s': 'file' not specified", - zname); + "zone '%s': 'file' not specified", zname); return (ISC_R_FAILURE); } - if (ztype == dns_zone_slave || ztype == dns_zone_mirror) + if (ztype == dns_zone_slave || ztype == dns_zone_mirror) { masterformat = dns_masterformat_raw; - else + } else { masterformat = dns_masterformat_text; + } obj = NULL; result = named_config_get(maps, "masterfile-format", &obj); if (result == ISC_R_SUCCESS) { @@ -1044,7 +1041,8 @@ named_zone_configure(const cfg_obj_t *co cfg_obj_log(obj, named_g_lctx, ISC_LOG_ERROR, "zone '%s': 'masterfile-style' " "can only be used with " - "'masterfile-format text'", zname); + "'masterfile-format text'", + zname); return (ISC_R_FAILURE); } @@ -1064,81 +1062,85 @@ named_zone_configure(const cfg_obj_t *co isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR, "zone '%s': 'max-zone-ttl' is not compatible " - "with 'masterfile-format map'", zname); + "with 'masterfile-format map'", + zname); return (ISC_R_FAILURE); } else if (result == ISC_R_SUCCESS) { - dns_ttl_t maxttl = 0; /* unlimited */ + dns_ttl_t maxttl = 0; /* unlimited */ - if (cfg_obj_isuint32(obj)) - maxttl = cfg_obj_asuint32(obj); + if (cfg_obj_isduration(obj)) { + maxttl = cfg_obj_asduration(obj); + } dns_zone_setmaxttl(zone, maxttl); - if (raw != NULL) + if (raw != NULL) { dns_zone_setmaxttl(raw, maxttl); + } } obj = NULL; result = named_config_get(maps, "max-records", &obj); INSIST(result == ISC_R_SUCCESS && obj != NULL); dns_zone_setmaxrecords(mayberaw, cfg_obj_asuint32(obj)); - if (zone != mayberaw) + if (zone != mayberaw) { dns_zone_setmaxrecords(zone, 0); + } if (raw != NULL && filename != NULL) { #define SIGNED ".signed" size_t signedlen = strlen(filename) + sizeof(SIGNED); char *signedname; - RETERR(dns_zone_setfile(raw, filename, - masterformat, masterstyle)); + RETERR(dns_zone_setfile(raw, filename, masterformat, + masterstyle)); signedname = isc_mem_get(mctx, signedlen); - if (signedname == NULL) - return (ISC_R_NOMEMORY); (void)snprintf(signedname, signedlen, "%s" SIGNED, filename); result = dns_zone_setfile(zone, signedname, dns_masterformat_raw, NULL); isc_mem_put(mctx, signedname, signedlen); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) { return (result); - } else - RETERR(dns_zone_setfile(zone, filename, - masterformat, masterstyle)); + } + } else { + RETERR(dns_zone_setfile(zone, filename, masterformat, + masterstyle)); + } obj = NULL; result = cfg_map_get(zoptions, "journal", &obj); - if (result == ISC_R_SUCCESS) + if (result == ISC_R_SUCCESS) { RETERR(dns_zone_setjournal(mayberaw, cfg_obj_asstring(obj))); + } /* * Notify messages are processed by the raw zone if it exists. */ - if (ztype == dns_zone_slave || ztype == dns_zone_mirror) - RETERR(configure_zone_acl(zconfig, vconfig, config, - allow_notify, ac, mayberaw, - dns_zone_setnotifyacl, - dns_zone_clearnotifyacl)); + if (ztype == dns_zone_slave || ztype == dns_zone_mirror) { + RETERR(configure_zone_acl( + zconfig, vconfig, config, allow_notify, ac, mayberaw, + dns_zone_setnotifyacl, dns_zone_clearnotifyacl)); + } /* * XXXAG This probably does not make sense for stubs. */ - RETERR(configure_zone_acl(zconfig, vconfig, config, - allow_query, ac, zone, - dns_zone_setqueryacl, + RETERR(configure_zone_acl(zconfig, vconfig, config, allow_query, ac, + zone, dns_zone_setqueryacl, dns_zone_clearqueryacl)); - RETERR(configure_zone_acl(zconfig, vconfig, config, - allow_query_on, ac, zone, - dns_zone_setqueryonacl, + RETERR(configure_zone_acl(zconfig, vconfig, config, allow_query_on, ac, + zone, dns_zone_setqueryonacl, dns_zone_clearqueryonacl)); obj = NULL; result = named_config_get(maps, "dialup", &obj); INSIST(result == ISC_R_SUCCESS && obj != NULL); if (cfg_obj_isboolean(obj)) { - if (cfg_obj_asboolean(obj)) + if (cfg_obj_asboolean(obj)) { dialup = dns_dialuptype_yes; - else + } else { dialup = dns_dialuptype_no; + } } else { const char *dialupstr = cfg_obj_asstring(obj); if (strcasecmp(dialupstr, "notify") == 0) { @@ -1154,18 +1156,20 @@ named_zone_configure(const cfg_obj_t *co ISC_UNREACHABLE(); } } - if (raw != NULL) + if (raw != NULL) { dns_zone_setdialup(raw, dialup); + } dns_zone_setdialup(zone, dialup); obj = NULL; result = named_config_get(maps, "zone-statistics", &obj); INSIST(result == ISC_R_SUCCESS && obj != NULL); if (cfg_obj_isboolean(obj)) { - if (cfg_obj_asboolean(obj)) + if (cfg_obj_asboolean(obj)) { statlevel = dns_zonestat_full; - else + } else { statlevel = dns_zonestat_none; + } } else { const char *levelstr = cfg_obj_asstring(obj); if (strcasecmp(levelstr, "full") == 0) { @@ -1181,34 +1185,29 @@ named_zone_configure(const cfg_obj_t *co } dns_zone_setstatlevel(zone, statlevel); - zoneqrystats = NULL; + zoneqrystats = NULL; rcvquerystats = NULL; dnssecsignstats = NULL; - dnssecrefreshstats = NULL; if (statlevel == dns_zonestat_full) { RETERR(isc_stats_create(mctx, &zoneqrystats, ns_statscounter_max)); RETERR(dns_rdatatypestats_create(mctx, &rcvquerystats)); RETERR(dns_dnssecsignstats_create(mctx, &dnssecsignstats)); - RETERR(dns_dnssecsignstats_create(mctx, &dnssecrefreshstats)); } - dns_zone_setrequeststats(zone, zoneqrystats); + dns_zone_setrequeststats(zone, zoneqrystats); dns_zone_setrcvquerystats(zone, rcvquerystats); dns_zone_setdnssecsignstats(zone, dnssecsignstats); - dns_zone_setdnssecrefreshstats(zone, dnssecrefreshstats); - if (zoneqrystats != NULL) + if (zoneqrystats != NULL) { isc_stats_detach(&zoneqrystats); + } - if(rcvquerystats != NULL) + if (rcvquerystats != NULL) { dns_stats_detach(&rcvquerystats); - - if(dnssecsignstats != NULL) { - dns_stats_detach(&dnssecsignstats); } - if(dnssecrefreshstats != NULL) { - dns_stats_detach(&dnssecrefreshstats); + if (dnssecsignstats != NULL) { + dns_stats_detach(&dnssecsignstats); } /* @@ -1217,15 +1216,36 @@ named_zone_configure(const cfg_obj_t *co * acting as masters (type "slave"), but not to stubs. */ if (ztype != dns_zone_stub && ztype != dns_zone_staticstub && - ztype != dns_zone_redirect) { + ztype != dns_zone_redirect) + { + obj = NULL; + result = named_config_get(maps, "dnssec-policy", &obj); + if (result == ISC_R_SUCCESS) { + kaspname = cfg_obj_asstring(obj); + if (strcmp(kaspname, "none") != 0) { + result = dns_kasplist_find(kasplist, kaspname, + &kasp); + if (result != ISC_R_SUCCESS) { + cfg_obj_log(obj, named_g_lctx, + ISC_LOG_ERROR, + "'dnssec-policy '%s' not " + "found ", + kaspname); + RETERR(result); + } + dns_zone_setkasp(zone, kasp); + } + } + obj = NULL; result = named_config_get(maps, "notify", &obj); INSIST(result == ISC_R_SUCCESS && obj != NULL); if (cfg_obj_isboolean(obj)) { - if (cfg_obj_asboolean(obj)) + if (cfg_obj_asboolean(obj)) { notifytype = dns_notifytype_yes; - else + } else { notifytype = dns_notifytype_no; + } } else { const char *notifystr = cfg_obj_asstring(obj); if (strcasecmp(notifystr, "explicit") == 0) { @@ -1239,8 +1259,9 @@ named_zone_configure(const cfg_obj_t *co } notifytype = process_notifytype(notifytype, ztype, zname, nodefault); - if (raw != NULL) + if (raw != NULL) { dns_zone_setnotifytype(raw, dns_notifytype_no); + } dns_zone_setnotifytype(zone, notifytype); obj = NULL; @@ -1255,24 +1276,24 @@ named_zone_configure(const cfg_obj_t *co dns_ipkeylist_init(&ipkl); RETERR(named_config_getipandkeylist(config, obj, mctx, - &ipkl)); - result = dns_zone_setalsonotifydscpkeys(zone, - ipkl.addrs, - ipkl.dscps, - ipkl.keys, - ipkl.count); + &ipkl)); + result = dns_zone_setalsonotifydscpkeys( + zone, ipkl.addrs, ipkl.dscps, ipkl.keys, + ipkl.count); dns_ipkeylist_clear(mctx, &ipkl); RETERR(result); - } else + } else { RETERR(dns_zone_setalsonotify(zone, NULL, 0)); + } obj = NULL; result = named_config_get(maps, "notify-source", &obj); INSIST(result == ISC_R_SUCCESS && obj != NULL); RETERR(dns_zone_setnotifysrc4(zone, cfg_obj_assockaddr(obj))); dscp = cfg_obj_getdscp(obj); - if (dscp == -1) + if (dscp == -1) { dscp = named_g_dscp; + } RETERR(dns_zone_setnotifysrc4dscp(zone, dscp)); named_add_reserved_dispatch(named_g_server, cfg_obj_assockaddr(obj)); @@ -1282,8 +1303,9 @@ named_zone_configure(const cfg_obj_t *co INSIST(result == ISC_R_SUCCESS && obj != NULL); RETERR(dns_zone_setnotifysrc6(zone, cfg_obj_assockaddr(obj))); dscp = cfg_obj_getdscp(obj); - if (dscp == -1) + if (dscp == -1) { dscp = named_g_dscp; + } RETERR(dns_zone_setnotifysrc6dscp(zone, dscp)); named_add_reserved_dispatch(named_g_server, cfg_obj_assockaddr(obj)); @@ -1296,10 +1318,9 @@ named_zone_configure(const cfg_obj_t *co dns_zone_setisself(zone, isself, named_g_server->interfacemgr); - RETERR(configure_zone_acl(zconfig, vconfig, config, - allow_transfer, ac, zone, - dns_zone_setxfracl, - dns_zone_clearxfracl)); + RETERR(configure_zone_acl( + zconfig, vconfig, config, allow_transfer, ac, zone, + dns_zone_setxfracl, dns_zone_clearxfracl)); obj = NULL; result = named_config_get(maps, "max-transfer-time-out", &obj); @@ -1314,8 +1335,9 @@ named_zone_configure(const cfg_obj_t *co obj = NULL; result = named_config_get(maps, "max-journal-size", &obj); INSIST(result == ISC_R_SUCCESS && obj != NULL); - if (raw != NULL) + if (raw != NULL) { dns_zone_setjournalsize(raw, -1); + } dns_zone_setjournalsize(zone, -1); if (cfg_obj_isstring(obj)) { const char *str = cfg_obj_asstring(obj); @@ -1329,8 +1351,7 @@ named_zone_configure(const cfg_obj_t *co isc_resourcevalue_t value; value = cfg_obj_asuint64(obj); if (value > DNS_JOURNAL_SIZE_MAX) { - cfg_obj_log(obj, named_g_lctx, - ISC_LOG_ERROR, + cfg_obj_log(obj, named_g_lctx, ISC_LOG_ERROR, "'max-journal-size " "%" PRId64 "' " "is too large", @@ -1339,8 +1360,9 @@ named_zone_configure(const cfg_obj_t *co } journal_size = (uint32_t)value; } - if (raw != NULL) + if (raw != NULL) { dns_zone_setjournalsize(raw, journal_size); + } dns_zone_setjournalsize(zone, journal_size); obj = NULL; @@ -1348,17 +1370,14 @@ named_zone_configure(const cfg_obj_t *co INSIST(result == ISC_R_SUCCESS && obj != NULL); if (cfg_obj_isboolean(obj)) { ixfrdiff = cfg_obj_asboolean(obj); - } else if ((strcasecmp(cfg_obj_asstring(obj), - "primary") == 0 || - strcasecmp(cfg_obj_asstring(obj), - "master") == 0) && + } else if ((strcasecmp(cfg_obj_asstring(obj), "primary") == 0 || + strcasecmp(cfg_obj_asstring(obj), "master") == 0) && ztype == dns_zone_master) { ixfrdiff = true; - } else if ((strcasecmp(cfg_obj_asstring(obj), - "secondary") == 0 || - strcasecmp(cfg_obj_asstring(obj), - "slave") == 0) && + } else if ((strcasecmp(cfg_obj_asstring(obj), "secondary") == + 0 || + strcasecmp(cfg_obj_asstring(obj), "slave") == 0) && ztype == dns_zone_slave) { ixfrdiff = true; @@ -1370,9 +1389,10 @@ named_zone_configure(const cfg_obj_t *co true); dns_zone_setoption(zone, DNS_ZONEOPT_IXFRFROMDIFFS, false); - } else + } else { dns_zone_setoption(zone, DNS_ZONEOPT_IXFRFROMDIFFS, ixfrdiff); + } obj = NULL; result = named_config_get(maps, "request-expire", &obj); @@ -1398,17 +1418,14 @@ named_zone_configure(const cfg_obj_t *co ISC_UNREACHABLE(); } if (raw != NULL) { - dns_zone_setoption(raw, DNS_ZONEOPT_CHECKNAMES, - check); + dns_zone_setoption(raw, DNS_ZONEOPT_CHECKNAMES, check); dns_zone_setoption(raw, DNS_ZONEOPT_CHECKNAMESFAIL, fail); - dns_zone_setoption(zone, DNS_ZONEOPT_CHECKNAMES, - false); + dns_zone_setoption(zone, DNS_ZONEOPT_CHECKNAMES, false); dns_zone_setoption(zone, DNS_ZONEOPT_CHECKNAMESFAIL, false); } else { - dns_zone_setoption(zone, DNS_ZONEOPT_CHECKNAMES, - check); + dns_zone_setoption(zone, DNS_ZONEOPT_CHECKNAMES, check); dns_zone_setoption(zone, DNS_ZONEOPT_CHECKNAMESFAIL, fail); } @@ -1466,8 +1483,7 @@ named_zone_configure(const cfg_obj_t *co isc_resourcevalue_t value; value = cfg_obj_asuint64(obj); if (value > DNS_JOURNAL_SIZE_MAX) { - cfg_obj_log(obj, named_g_lctx, - ISC_LOG_ERROR, + cfg_obj_log(obj, named_g_lctx, ISC_LOG_ERROR, "'max-journal-size " "%" PRId64 "' " "is too large", @@ -1486,18 +1502,18 @@ named_zone_configure(const cfg_obj_t *co if (ztype == dns_zone_master) { dns_acl_t *updateacl; - RETERR(configure_zone_acl(zconfig, vconfig, config, - allow_update, ac, mayberaw, - dns_zone_setupdateacl, - dns_zone_clearupdateacl)); + RETERR(configure_zone_acl( + zconfig, vconfig, config, allow_update, ac, mayberaw, + dns_zone_setupdateacl, dns_zone_clearupdateacl)); updateacl = dns_zone_getupdateacl(mayberaw); - if (updateacl != NULL && dns_acl_isinsecure(updateacl)) + if (updateacl != NULL && dns_acl_isinsecure(updateacl)) { isc_log_write(named_g_lctx, DNS_LOGCATEGORY_SECURITY, NAMED_LOGMODULE_SERVER, ISC_LOG_WARNING, "zone '%s' allows unsigned updates " "from remote hosts, which is insecure", zname); + } RETERR(configure_zone_ssutable(zoptions, mayberaw, zname)); } @@ -1507,38 +1523,52 @@ named_zone_configure(const cfg_obj_t *co bool allow = false, maint = false; bool sigvalinsecs; - obj = NULL; - result = named_config_get(maps, "dnskey-sig-validity", &obj); - INSIST(result == ISC_R_SUCCESS && obj != NULL); - seconds = cfg_obj_asuint32(obj) * 86400; + if (kasp) { + seconds = (uint32_t)dns_kasp_sigvalidity_dnskey(kasp); + } else { + obj = NULL; + result = named_config_get(maps, "dnskey-sig-validity", + &obj); + INSIST(result == ISC_R_SUCCESS && obj != NULL); + seconds = cfg_obj_asuint32(obj) * 86400; + } dns_zone_setkeyvalidityinterval(zone, seconds); - obj = NULL; - result = named_config_get(maps, "sig-validity-interval", &obj); - INSIST(result == ISC_R_SUCCESS && obj != NULL); + if (kasp) { + seconds = (uint32_t)dns_kasp_sigvalidity(kasp); + dns_zone_setsigvalidityinterval(zone, seconds); + seconds = (uint32_t)dns_kasp_sigrefresh(kasp); + dns_zone_setsigresigninginterval(zone, seconds); + } else { + obj = NULL; + result = named_config_get(maps, "sig-validity-interval", + &obj); + INSIST(result == ISC_R_SUCCESS && obj != NULL); - sigvalinsecs = ns_server_getoption(named_g_server->sctx, - NS_SERVER_SIGVALINSECS); - validity = cfg_tuple_get(obj, "validity"); - seconds = cfg_obj_asuint32(validity); - if (!sigvalinsecs) { - seconds *= 86400; - } - dns_zone_setsigvalidityinterval(zone, seconds); - - resign = cfg_tuple_get(obj, "re-sign"); - if (cfg_obj_isvoid(resign)) { - seconds /= 4; - } else if (!sigvalinsecs) { - if (seconds > 7 * 86400) { - seconds = cfg_obj_asuint32(resign) * 86400; + sigvalinsecs = ns_server_getoption( + named_g_server->sctx, NS_SERVER_SIGVALINSECS); + validity = cfg_tuple_get(obj, "validity"); + seconds = cfg_obj_asuint32(validity); + if (!sigvalinsecs) { + seconds *= 86400; + } + dns_zone_setsigvalidityinterval(zone, seconds); + + resign = cfg_tuple_get(obj, "re-sign"); + if (cfg_obj_isvoid(resign)) { + seconds /= 4; + } else if (!sigvalinsecs) { + seconds = cfg_obj_asuint32(resign); + if (seconds > 7 * 86400) { + seconds *= 86400; + } else { + seconds *= 3600; + } } else { - seconds = cfg_obj_asuint32(resign) * 3600; + seconds = cfg_obj_asuint32(resign); } - } else { - seconds = cfg_obj_asuint32(resign); + dns_zone_setsigresigninginterval(zone, seconds); } - dns_zone_setsigresigninginterval(zone, seconds); obj = NULL; result = named_config_get(maps, "key-directory", &obj); @@ -1567,12 +1597,20 @@ named_zone_configure(const cfg_obj_t *co INSIST(result == ISC_R_SUCCESS && obj != NULL); dns_zone_setoption(zone, DNS_ZONEOPT_UPDATECHECKKSK, cfg_obj_asboolean(obj)); + /* + * This setting will be ignored if dnssec-policy is used. + * named-checkconf will error if both are configured. + */ obj = NULL; result = named_config_get(maps, "dnssec-dnskey-kskonly", &obj); INSIST(result == ISC_R_SUCCESS && obj != NULL); dns_zone_setoption(zone, DNS_ZONEOPT_DNSKEYKSKONLY, cfg_obj_asboolean(obj)); + /* + * This setting will be ignored if dnssec-policy is used. + * named-checkconf will error if both are configured. + */ obj = NULL; result = named_config_get(maps, "dnssec-loadkeys-interval", @@ -1583,27 +1621,32 @@ named_zone_configure(const cfg_obj_t *co obj = NULL; result = cfg_map_get(zoptions, "auto-dnssec", &obj); - if (result == ISC_R_SUCCESS) { + if (dns_zone_getkasp(zone) != NULL) { + dns_zone_setkeyopt(zone, DNS_ZONEKEY_ALLOW, true); + dns_zone_setkeyopt(zone, DNS_ZONEKEY_CREATE, true); + dns_zone_setkeyopt(zone, DNS_ZONEKEY_MAINTAIN, true); + } else if (result == ISC_R_SUCCESS) { const char *arg = cfg_obj_asstring(obj); if (strcasecmp(arg, "allow") == 0) { allow = true; } else if (strcasecmp(arg, "maintain") == 0) { allow = maint = true; } else if (strcasecmp(arg, "off") == 0) { - ; + /* Default */ } else { INSIST(0); ISC_UNREACHABLE(); } dns_zone_setkeyopt(zone, DNS_ZONEKEY_ALLOW, allow); + dns_zone_setkeyopt(zone, DNS_ZONEKEY_CREATE, false); dns_zone_setkeyopt(zone, DNS_ZONEKEY_MAINTAIN, maint); } } if (ztype == dns_zone_slave || ztype == dns_zone_mirror) { RETERR(configure_zone_acl(zconfig, vconfig, config, - allow_update_forwarding, ac, - mayberaw, dns_zone_setforwardacl, + allow_update_forwarding, ac, mayberaw, + dns_zone_setforwardacl, dns_zone_clearforwardacl)); } @@ -1613,10 +1656,11 @@ named_zone_configure(const cfg_obj_t *co if (ztype == dns_zone_master) { obj = NULL; result = named_config_get(maps, "check-wildcard", &obj); - if (result == ISC_R_SUCCESS) + if (result == ISC_R_SUCCESS) { check = cfg_obj_asboolean(obj); - else + } else { check = false; + } dns_zone_setoption(mayberaw, DNS_ZONEOPT_CHECKWILDCARD, check); /* @@ -1632,13 +1676,12 @@ named_zone_configure(const cfg_obj_t *co dupcheck = cfg_obj_asstring(obj); } else { result = named_config_get(nodefault, - "check-dup-records", - &obj); - if (result == ISC_R_SUCCESS) + "check-dup-records", &obj); + if (result == ISC_R_SUCCESS) { dupcheck = cfg_obj_asstring(obj); - else + } else { dupcheck = "ignore"; - + } } if (strcasecmp(dupcheck, "warn") == 0) { fail = false; @@ -1686,9 +1729,10 @@ named_zone_configure(const cfg_obj_t *co } else { check = false; result = named_config_get(nodefault, "check-integrity", - &obj); - if (result == ISC_R_SUCCESS) + &obj); + if (result == ISC_R_SUCCESS) { check = cfg_obj_asboolean(obj); + } dns_zone_setoption(mayberaw, DNS_ZONEOPT_CHECKINTEGRITY, check); } @@ -1743,7 +1787,7 @@ named_zone_configure(const cfg_obj_t *co dns_zone_setkeyopt(zone, DNS_ZONEKEY_NORESIGN, true); } else if (strcasecmp(arg, "maintain") == 0) { - ; + /* Default */ } else { INSIST(0); ISC_UNREACHABLE(); @@ -1753,15 +1797,16 @@ named_zone_configure(const cfg_obj_t *co obj = NULL; result = named_config_get(maps, "serial-update-method", &obj); INSIST(result == ISC_R_SUCCESS && obj != NULL); - if (strcasecmp(cfg_obj_asstring(obj), "unixtime") == 0) - dns_zone_setserialupdatemethod(zone, - dns_updatemethod_unixtime); - else if (strcasecmp(cfg_obj_asstring(obj), "date") == 0) + if (strcasecmp(cfg_obj_asstring(obj), "unixtime") == 0) { + dns_zone_setserialupdatemethod( + zone, dns_updatemethod_unixtime); + } else if (strcasecmp(cfg_obj_asstring(obj), "date") == 0) { dns_zone_setserialupdatemethod(zone, dns_updatemethod_date); - else - dns_zone_setserialupdatemethod(zone, - dns_updatemethod_increment); + } else { + dns_zone_setserialupdatemethod( + zone, dns_updatemethod_increment); + } } /* @@ -1781,7 +1826,7 @@ named_zone_configure(const cfg_obj_t *co dns_zone_setxfracl(zone, none); dns_acl_detach(&none); } - /* FALLTHROUGH */ + /* FALLTHROUGH */ case dns_zone_slave: case dns_zone_stub: case dns_zone_redirect: @@ -1795,9 +1840,9 @@ named_zone_configure(const cfg_obj_t *co if (obj == NULL && ztype == dns_zone_mirror && dns_name_equal(dns_zone_getorigin(zone), dns_rootname)) { - result = named_config_getmastersdef(named_g_config, - DEFAULT_IANA_ROOT_ZONE_MASTERS, - &obj); + result = named_config_getmastersdef( + named_g_config, DEFAULT_IANA_ROOT_ZONE_MASTERS, + &obj); RETERR(result); } if (obj != NULL) { @@ -1805,16 +1850,15 @@ named_zone_configure(const cfg_obj_t *co dns_ipkeylist_init(&ipkl); RETERR(named_config_getipandkeylist(config, obj, mctx, - &ipkl)); - result = dns_zone_setmasterswithkeys(mayberaw, - ipkl.addrs, - ipkl.keys, - ipkl.count); + &ipkl)); + result = dns_zone_setmasterswithkeys( + mayberaw, ipkl.addrs, ipkl.keys, ipkl.count); count = ipkl.count; dns_ipkeylist_clear(mctx, &ipkl); RETERR(result); - } else + } else { result = dns_zone_setmasters(mayberaw, NULL, 0); + } RETERR(result); multi = false; @@ -1862,8 +1906,9 @@ named_zone_configure(const cfg_obj_t *co RETERR(dns_zone_setxfrsource4(mayberaw, cfg_obj_assockaddr(obj))); dscp = cfg_obj_getdscp(obj); - if (dscp == -1) + if (dscp == -1) { dscp = named_g_dscp; + } RETERR(dns_zone_setxfrsource4dscp(mayberaw, dscp)); named_add_reserved_dispatch(named_g_server, cfg_obj_assockaddr(obj)); @@ -1874,8 +1919,9 @@ named_zone_configure(const cfg_obj_t *co RETERR(dns_zone_setxfrsource6(mayberaw, cfg_obj_assockaddr(obj))); dscp = cfg_obj_getdscp(obj); - if (dscp == -1) + if (dscp == -1) { dscp = named_g_dscp; + } RETERR(dns_zone_setxfrsource6dscp(mayberaw, dscp)); named_add_reserved_dispatch(named_g_server, cfg_obj_assockaddr(obj)); @@ -1886,8 +1932,9 @@ named_zone_configure(const cfg_obj_t *co RETERR(dns_zone_setaltxfrsource4(mayberaw, cfg_obj_assockaddr(obj))); dscp = cfg_obj_getdscp(obj); - if (dscp == -1) + if (dscp == -1) { dscp = named_g_dscp; + } RETERR(dns_zone_setaltxfrsource4dscp(mayberaw, dscp)); obj = NULL; @@ -1896,8 +1943,9 @@ named_zone_configure(const cfg_obj_t *co RETERR(dns_zone_setaltxfrsource6(mayberaw, cfg_obj_assockaddr(obj))); dscp = cfg_obj_getdscp(obj); - if (dscp == -1) + if (dscp == -1) { dscp = named_g_dscp; + } RETERR(dns_zone_setaltxfrsource6dscp(mayberaw, dscp)); obj = NULL; @@ -1909,11 +1957,14 @@ named_zone_configure(const cfg_obj_t *co */ view = dns_zone_getview(zone); if (view != NULL && strcmp(view->name, "_default") == 0) + { alt = true; - else + } else { alt = false; - } else + } + } else { alt = cfg_obj_asboolean(obj); + } dns_zone_setoption(mayberaw, DNS_ZONEOPT_USEALTXFRSRC, alt); obj = NULL; @@ -1938,11 +1989,8 @@ named_zone_configure(const cfg_obj_t *co * Set up a DLZ zone as writeable */ isc_result_t -named_zone_configure_writeable_dlz(dns_dlzdb_t *dlzdatabase, - dns_zone_t *zone, - dns_rdataclass_t rdclass, - dns_name_t *name) -{ +named_zone_configure_writeable_dlz(dns_dlzdb_t *dlzdatabase, dns_zone_t *zone, + dns_rdataclass_t rdclass, dns_name_t *name) { dns_db_t *db = NULL; isc_time_t now; isc_result_t result; @@ -1951,8 +1999,9 @@ named_zone_configure_writeable_dlz(dns_d dns_zone_settype(zone, dns_zone_dlz); result = dns_sdlz_setdb(dlzdatabase, rdclass, name, &db); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) { return (result); + } result = dns_zone_dlzpostload(zone, db); dns_db_detach(&db); return (result); @@ -2013,10 +2062,11 @@ named_zone_reusable(dns_zone_t *zone, co obj = NULL; (void)cfg_map_get(zoptions, "file", &obj); - if (obj != NULL) + if (obj != NULL) { cfilename = cfg_obj_asstring(obj); - else + } else { cfilename = NULL; + } if (!((cfilename == NULL && zfilename == NULL) || (cfilename != NULL && zfilename != NULL && strcmp(cfilename, zfilename) == 0)))