Lines Matching +full:- +full:cfg
2 * smallapp/unbound-checkconf.c - config file checker for unbound.conf file.
79 #include "edns-subnet/subnet-whitelist.h"
86 printf("Usage: local-unbound-checkconf [file]\n"); in usage()
89 printf("-o option print value of option to stdout.\n"); in usage()
90 printf("-f output full pathname with chroot applied, eg. with -o pidfile.\n"); in usage()
91 printf("-q quiet (suppress output on success).\n"); in usage()
92 printf("-h show this usage help.\n"); in usage()
101 * @param cfg: config
107 print_option(struct config_file* cfg, const char* opt, int final) in print_option() argument
110 char *p = fname_after_chroot(cfg->pidfile, cfg, 1); in print_option()
116 if(strcmp(opt, "auto-trust-anchor-file") == 0 && final) { in print_option()
117 struct config_strlist* s = cfg->auto_trust_anchor_file_list; in print_option()
118 for(; s; s=s->next) { in print_option()
119 char *p = fname_after_chroot(s->str, cfg, 1); in print_option()
126 if(!config_get_option(cfg, opt, config_print_func, stdout)) in print_option()
132 check_mod(struct config_file* cfg, struct module_func_block* fb) in check_mod() argument
136 env.cfg = cfg; in check_mod()
143 if(fb->startup && !(*fb->startup)(&env, 0)) in check_mod()
144 fatal_exit("bad config during startup for %s module", fb->name); in check_mod()
145 if(!(*fb->init)(&env, 0)) in check_mod()
146 fatal_exit("bad config during init for %s module", fb->name); in check_mod()
147 (*fb->deinit)(&env, 0); in check_mod()
148 if(fb->destartup) in check_mod()
149 (*fb->destartup)(&env, 0); in check_mod()
165 /** check do-not-query-localhost */
167 donotquerylocalhostcheck(struct config_file* cfg) in donotquerylocalhostcheck() argument
169 if(cfg->donotquery_localhost) { in donotquerylocalhostcheck()
172 for(p=cfg->forwards; p; p=p->next) { in donotquerylocalhostcheck()
173 for(s=p->addrs; s; s=s->next) { in donotquerylocalhostcheck()
174 if(str_addr_is_localhost(s->str)) { in donotquerylocalhostcheck()
175 …fprintf(stderr, "unbound-checkconf: warning: forward-addr: '%s' is specified for forward-zone: '%s… in donotquerylocalhostcheck()
176 s->str, p->name); in donotquerylocalhostcheck()
180 for(p=cfg->stubs; p; p=p->next) { in donotquerylocalhostcheck()
181 for(s=p->addrs; s; s=s->next) { in donotquerylocalhostcheck()
182 if(str_addr_is_localhost(s->str)) { in donotquerylocalhostcheck()
183 …fprintf(stderr, "unbound-checkconf: warning: stub-addr: '%s' is specified for stub-zone: '%s', but… in donotquerylocalhostcheck()
184 s->str, p->name); in donotquerylocalhostcheck()
193 localzonechecks(struct config_file* cfg) in localzonechecks() argument
198 if(!local_zones_apply_cfg(zs, cfg)) in localzonechecks()
199 fatal_exit("failed local-zone, local-data configuration"); in localzonechecks()
205 acl_view_tag_checks(struct config_file* cfg, struct views* views) in acl_view_tag_checks() argument
215 for(acl=cfg->acl_view; acl; acl = acl->next) { in acl_view_tag_checks()
217 if(!netblockstrtoaddr(acl->str, UNBOUND_DNS_PORT, &a, &alen, in acl_view_tag_checks()
219 fatal_exit("cannot parse access-control-view " in acl_view_tag_checks()
220 "address %s %s", acl->str, acl->str2); in acl_view_tag_checks()
222 v = views_find_view(views, acl->str2, 0); in acl_view_tag_checks()
225 "access-control-view: %s %s", in acl_view_tag_checks()
226 acl->str, acl->str2); in acl_view_tag_checks()
228 lock_rw_unlock(&v->lock); in acl_view_tag_checks()
232 for(sb=cfg->acl_tags; sb; sb = sb->next) { in acl_view_tag_checks()
233 if(!netblockstrtoaddr(sb->str, UNBOUND_DNS_PORT, &a, &alen, in acl_view_tag_checks()
235 fatal_exit("cannot parse access-control-tags " in acl_view_tag_checks()
236 "address %s", sb->str); in acl_view_tag_checks()
241 for(s3=cfg->acl_tag_actions; s3; s3 = s3->next) { in acl_view_tag_checks()
243 if(!netblockstrtoaddr(s3->str, UNBOUND_DNS_PORT, &a, &alen, in acl_view_tag_checks()
245 fatal_exit("cannot parse access-control-tag-actions " in acl_view_tag_checks()
247 s3->str, s3->str2, s3->str3); in acl_view_tag_checks()
249 if(find_tag_id(cfg, s3->str2) == -1) { in acl_view_tag_checks()
250 fatal_exit("cannot parse tag %s (define-tag it), " in acl_view_tag_checks()
251 "for access-control-tag-actions: %s %s %s", in acl_view_tag_checks()
252 s3->str2, s3->str, s3->str2, s3->str3); in acl_view_tag_checks()
254 if(!local_zone_str2type(s3->str3, &t)) { in acl_view_tag_checks()
256 " for access-control-tag-actions: %s %s %s", in acl_view_tag_checks()
257 s3->str3, s3->str, s3->str2, s3->str3); in acl_view_tag_checks()
262 for(s3=cfg->acl_tag_datas; s3; s3 = s3->next) { in acl_view_tag_checks()
267 if(!netblockstrtoaddr(s3->str, UNBOUND_DNS_PORT, &a, &alen, in acl_view_tag_checks()
269 fatal_exit("cannot parse access-control-tag-datas address %s %s '%s'", in acl_view_tag_checks()
270 s3->str, s3->str2, s3->str3); in acl_view_tag_checks()
272 if(find_tag_id(cfg, s3->str2) == -1) { in acl_view_tag_checks()
273 fatal_exit("cannot parse tag %s (define-tag it), " in acl_view_tag_checks()
274 "for access-control-tag-datas: %s %s '%s'", in acl_view_tag_checks()
275 s3->str2, s3->str, s3->str2, s3->str3); in acl_view_tag_checks()
279 snprintf(buf, sizeof(buf), "%s %s", ".", s3->str3); in acl_view_tag_checks()
283 …fatal_exit("cannot parse rr data [char %d] parse error %s, for access-control-tag-datas: %s %s '%s… in acl_view_tag_checks()
284 (int)LDNS_WIREPARSE_OFFSET(res)-2, in acl_view_tag_checks()
286 s3->str, s3->str2, s3->str3); in acl_view_tag_checks()
291 /** check view and response-ip configuration */
293 view_and_respipchecks(struct config_file* cfg) in view_and_respipchecks() argument
303 if(!views_apply_cfg(views, cfg)) in view_and_respipchecks()
305 if(!respip_global_apply_cfg(respip, cfg)) in view_and_respipchecks()
307 if(!respip_views_apply_cfg(views, cfg, &have_view_respip_cfg)) in view_and_respipchecks()
308 fatal_exit("Could not setup per-view respip sets"); in view_and_respipchecks()
310 if(use_response_ip && !strstr(cfg->module_conf, "respip")) in view_and_respipchecks()
311 fatal_exit("response-ip options require respip module"); in view_and_respipchecks()
312 acl_view_tag_checks(cfg, views); in view_and_respipchecks()
325 for(s=list; s; s=s->next) { in warn_hosts()
326 for(h=s->hosts; h; h=h->next) { in warn_hosts()
327 if(extstrtoaddr(h->str, &a, &alen, UNBOUND_DNS_PORT)) { in warn_hosts()
328 fprintf(stderr, "unbound-checkconf: warning:" in warn_hosts()
332 s->name, typ, h->str, in warn_hosts()
341 interfacechecks(struct config_file* cfg) in interfacechecks() argument
350 if(cfg->num_ifs != 0) { in interfacechecks()
351 resif = (char***)calloc(cfg->num_ifs, sizeof(char**)); in interfacechecks()
353 num_resif = (int*)calloc(cfg->num_ifs, sizeof(int)); in interfacechecks()
356 for(i=0; i<cfg->num_ifs; i++) { in interfacechecks()
359 if(strcmp(cfg->ifs[i], cfg->ifs[i2]) == 0) { in interfacechecks()
362 cfg->ifs[i]); in interfacechecks()
365 if(!resolve_interface_names(&cfg->ifs[i], 1, NULL, &resif[i], in interfacechecks()
368 cfg->ifs[i]); in interfacechecks()
371 if(if_is_pp2(resif[i][0], cfg->port, cfg->proxy_protocol_port)) { in interfacechecks()
372 if(if_is_dnscrypt(resif[i][0], cfg->port, in interfacechecks()
373 cfg->dnscrypt_port)) { in interfacechecks()
376 } else if(if_is_https(resif[i][0], cfg->port, in interfacechecks()
377 cfg->https_port)) { in interfacechecks()
380 } else if(if_is_quic(resif[i][0], cfg->port, in interfacechecks()
381 cfg->quic_port)) { in interfacechecks()
388 if(!extstrtoaddr(resif[i][j], &a, &alen, cfg->port)) { in interfacechecks()
389 if(strcmp(cfg->ifs[i], resif[i][j]) != 0) in interfacechecks()
391 resif[i][j], cfg->ifs[i]); in interfacechecks()
394 cfg->ifs[i]); in interfacechecks()
401 if(strcmp(cfg->ifs[i], resif[i][j]) != 0) in interfacechecks()
402 snprintf(info1, sizeof(info1), "address %s from interface: %s", resif[i][j], cfg->ifs[i]); in interfacechecks()
403 else snprintf(info1, sizeof(info1), "interface: %s", cfg->ifs[i]); in interfacechecks()
404 if(strcmp(cfg->ifs[i2], resif[i2][j2]) != 0) in interfacechecks()
405 snprintf(info2, sizeof(info2), "address %s from interface: %s", resif[i2][j2], cfg->ifs[i2]); in interfacechecks()
406 else snprintf(info2, sizeof(info2), "interface: %s", cfg->ifs[i2]); in interfacechecks()
414 for(i=0; i<cfg->num_ifs; i++) { in interfacechecks()
420 for(i=0; i<cfg->num_out_ifs; i++) { in interfacechecks()
421 if(!ipstrtoaddr(cfg->out_ifs[i], UNBOUND_DNS_PORT, &a, &alen) && in interfacechecks()
422 !netblockstrtoaddr(cfg->out_ifs[i], UNBOUND_DNS_PORT, &a, &alen, &d)) { in interfacechecks()
423 fatal_exit("cannot parse outgoing-interface " in interfacechecks()
424 "specified as '%s'", cfg->out_ifs[i]); in interfacechecks()
426 for(j=0; j<cfg->num_out_ifs; j++) { in interfacechecks()
427 if(i!=j && strcmp(cfg->out_ifs[i], cfg->out_ifs[j])==0) in interfacechecks()
428 fatal_exit("outgoing-interface: %s present " in interfacechecks()
430 cfg->out_ifs[i]); in interfacechecks()
435 /** check interface-automatic-ports */
450 …fatal_exit("interface-automatic-ports: port out of range at position %d in '%s'", (int)(now-ifauto… in ifautomaticportschecks()
452 …fatal_exit("interface-automatic-ports: parse error at position %d in '%s'", (int)(now-ifautomaticp… in ifautomaticportschecks()
459 controlinterfacechecks(struct config_file* cfg) in controlinterfacechecks() argument
462 for(p = cfg->control_ifs.first; p; p = p->next) { in controlinterfacechecks()
468 if(p->str && p->str[0] == '/') in controlinterfacechecks()
470 if(!resolve_interface_names(&p->str, 1, NULL, &rcif, in controlinterfacechecks()
472 fatal_exit("could not resolve interface names, for control-interface: %s", in controlinterfacechecks()
473 p->str); in controlinterfacechecks()
477 cfg->control_port)) { in controlinterfacechecks()
478 if(strcmp(p->str, rcif[i])!=0) in controlinterfacechecks()
479 …fatal_exit("cannot parse control-interface address '%s' from the control-interface specified as '%… in controlinterfacechecks()
480 rcif[i], p->str); in controlinterfacechecks()
482 fatal_exit("cannot parse control-interface specified as '%s'", in controlinterfacechecks()
483 p->str); in controlinterfacechecks()
492 aclchecks(struct config_file* cfg) in aclchecks() argument
498 for(acl=cfg->acls; acl; acl = acl->next) { in aclchecks()
499 if(!netblockstrtoaddr(acl->str, UNBOUND_DNS_PORT, &a, &alen, in aclchecks()
502 acl->str, acl->str2); in aclchecks()
509 tcpconnlimitchecks(struct config_file* cfg) in tcpconnlimitchecks() argument
515 for(tcl=cfg->tcp_connection_limits; tcl; tcl = tcl->next) { in tcpconnlimitchecks()
516 if(!netblockstrtoaddr(tcl->str, UNBOUND_DNS_PORT, &a, &alen, in tcpconnlimitchecks()
519 tcl->str, tcl->str2); in tcpconnlimitchecks()
580 const char* chrootdir, struct config_file* cfg) in check_chroot_string() argument
584 *ss = fname_after_chroot(str, cfg, 1); in check_chroot_string()
602 const char* chrootdir, struct config_file* cfg) in check_chroot_filelist() argument
605 for(p=list; p; p=p->next) { in check_chroot_filelist()
606 check_chroot_string(desc, &p->str, chrootdir, cfg); in check_chroot_filelist()
613 const char* chrootdir, struct config_file* cfg) in check_chroot_filelist_wild() argument
616 for(p=list; p; p=p->next) { in check_chroot_filelist_wild()
618 if(strchr(p->str, '*') || strchr(p->str, '[') || in check_chroot_filelist_wild()
619 strchr(p->str, '?') || strchr(p->str, '{') || in check_chroot_filelist_wild()
620 strchr(p->str, '~')) { in check_chroot_filelist_wild()
621 char* s = p->str; in check_chroot_filelist_wild()
623 p->str = fname_after_chroot(p->str, cfg, 1); in check_chroot_filelist_wild()
627 check_chroot_string(desc, &p->str, chrootdir, cfg); in check_chroot_filelist_wild()
634 ecs_conf_checks(struct config_file* cfg) in ecs_conf_checks() argument
639 if(!ecs_whitelist_apply_cfg(whitelist, cfg)) in ecs_conf_checks()
668 n[sizeof(n)-1]=0; in check_modules_exist()
669 for(j=0; j<sizeof(n)-1; j++) { in check_modules_exist()
676 fatal_exit("Unknown value in module-config, module: " in check_modules_exist()
679 "with unbound -V", n); in check_modules_exist()
687 morechecks(struct config_file* cfg) in morechecks() argument
689 warn_hosts("stub-host", cfg->stubs); in morechecks()
690 warn_hosts("forward-host", cfg->forwards); in morechecks()
691 interfacechecks(cfg); in morechecks()
692 ifautomaticportschecks(cfg->if_automatic_ports); in morechecks()
693 aclchecks(cfg); in morechecks()
694 tcpconnlimitchecks(cfg); in morechecks()
696 if(cfg->verbosity < 0) in morechecks()
698 if(cfg->num_threads <= 0 || cfg->num_threads > 10000) in morechecks()
700 if(!cfg->do_ip4 && !cfg->do_ip6) in morechecks()
702 if(!cfg->do_ip4 && cfg->prefer_ip4) in morechecks()
704 if(!cfg->do_ip6 && cfg->prefer_ip6) in morechecks()
706 if(!cfg->do_udp && !cfg->do_tcp) in morechecks()
708 if(cfg->edns_buffer_size > cfg->msg_buffer_size) in morechecks()
709 fatal_exit("edns-buffer-size larger than msg-buffer-size, " in morechecks()
712 w_config_adjust_directory(cfg); in morechecks()
714 if(cfg->chrootdir && cfg->chrootdir[0] && in morechecks()
715 cfg->chrootdir[strlen(cfg->chrootdir)-1] == '/') in morechecks()
717 cfg->chrootdir); in morechecks()
718 if(cfg->chrootdir && cfg->chrootdir[0] && in morechecks()
719 !is_dir(cfg->chrootdir)) { in morechecks()
722 if(cfg->directory && cfg->directory[0]) { in morechecks()
723 char* ad = fname_after_chroot(cfg->directory, cfg, 0); in morechecks()
728 if( (cfg->chrootdir && cfg->chrootdir[0]) || in morechecks()
729 (cfg->directory && cfg->directory[0])) { in morechecks()
730 if(cfg->pidfile && cfg->pidfile[0]) { in morechecks()
731 char* ad = (cfg->pidfile[0]=='/')?strdup(cfg->pidfile): in morechecks()
732 fname_after_chroot(cfg->pidfile, cfg, 1); in morechecks()
738 if(cfg->logfile && cfg->logfile[0]) { in morechecks()
739 char* ad = fname_after_chroot(cfg->logfile, cfg, 1); in morechecks()
747 check_chroot_filelist("file with root-hints", in morechecks()
748 cfg->root_hints, cfg->chrootdir, cfg); in morechecks()
749 check_chroot_filelist("trust-anchor-file", in morechecks()
750 cfg->trust_anchor_file_list, cfg->chrootdir, cfg); in morechecks()
751 check_chroot_filelist("auto-trust-anchor-file", in morechecks()
752 cfg->auto_trust_anchor_file_list, cfg->chrootdir, cfg); in morechecks()
753 check_chroot_filelist_wild("trusted-keys-file", in morechecks()
754 cfg->trusted_keys_file_list, cfg->chrootdir, cfg); in morechecks()
755 if(cfg->disable_edns_do && strstr(cfg->module_conf, "validator") in morechecks()
756 && (cfg->trust_anchor_file_list in morechecks()
757 || cfg->trust_anchor_list in morechecks()
758 || cfg->auto_trust_anchor_file_list in morechecks()
759 || cfg->trusted_keys_file_list)) { in morechecks()
761 if(cfg->auto_trust_anchor_file_list) in morechecks()
762 key = cfg->auto_trust_anchor_file_list->str; in morechecks()
763 if(!key && cfg->trust_anchor_file_list) in morechecks()
764 key = cfg->trust_anchor_file_list->str; in morechecks()
765 if(!key && cfg->trust_anchor_list) in morechecks()
766 key = cfg->trust_anchor_list->str; in morechecks()
767 if(!key && cfg->trusted_keys_file_list) in morechecks()
768 key = cfg->trusted_keys_file_list->str; in morechecks()
770 …fatal_exit("disable-edns-do does not allow DNSSEC to work, but the validator module uses a trust a… in morechecks()
773 if(cfg->ipsecmod_enabled && strstr(cfg->module_conf, "ipsecmod")) { in morechecks()
775 check_chroot_string("ipsecmod-hook", &cfg->ipsecmod_hook, in morechecks()
776 cfg->chrootdir, cfg); in morechecks()
780 free(cfg->chrootdir); in morechecks()
781 cfg->chrootdir = NULL; in morechecks()
784 check_modules_exist(cfg->module_conf); in morechecks()
787 if(strcmp(cfg->module_conf, "iterator") != 0 in morechecks()
788 && strcmp(cfg->module_conf, "validator iterator") != 0 in morechecks()
789 && strcmp(cfg->module_conf, "dns64 validator iterator") != 0 in morechecks()
790 && strcmp(cfg->module_conf, "dns64 iterator") != 0 in morechecks()
791 && strcmp(cfg->module_conf, "respip iterator") != 0 in morechecks()
792 && strcmp(cfg->module_conf, "respip validator iterator") != 0 in morechecks()
793 && strcmp(cfg->module_conf, "respip dns64 validator iterator") != 0 in morechecks()
794 && strcmp(cfg->module_conf, "respip dns64 iterator") != 0 in morechecks()
796 && strcmp(cfg->module_conf, "python iterator") != 0 in morechecks()
797 && strcmp(cfg->module_conf, "python respip iterator") != 0 in morechecks()
798 && strcmp(cfg->module_conf, "python validator iterator") != 0 in morechecks()
799 && strcmp(cfg->module_conf, "python respip validator iterator") != 0 in morechecks()
800 && strcmp(cfg->module_conf, "validator python iterator") != 0 in morechecks()
801 && strcmp(cfg->module_conf, "dns64 python iterator") != 0 in morechecks()
802 && strcmp(cfg->module_conf, "dns64 python validator iterator") != 0 in morechecks()
803 && strcmp(cfg->module_conf, "dns64 validator python iterator") != 0 in morechecks()
804 && strcmp(cfg->module_conf, "python dns64 iterator") != 0 in morechecks()
805 && strcmp(cfg->module_conf, "python dns64 validator iterator") != 0 in morechecks()
808 && strcmp(cfg->module_conf, "dynlib iterator") != 0 in morechecks()
809 && strcmp(cfg->module_conf, "dynlib dynlib iterator") != 0 in morechecks()
810 && strcmp(cfg->module_conf, "dynlib dynlib dynlib iterator") != 0 in morechecks()
811 && strcmp(cfg->module_conf, "python dynlib iterator") != 0 in morechecks()
812 && strcmp(cfg->module_conf, "python dynlib dynlib iterator") != 0 in morechecks()
813 && strcmp(cfg->module_conf, "python dynlib dynlib dynlib iterator") != 0 in morechecks()
814 && strcmp(cfg->module_conf, "dynlib respip iterator") != 0 in morechecks()
815 && strcmp(cfg->module_conf, "dynlib validator iterator") != 0 in morechecks()
816 && strcmp(cfg->module_conf, "dynlib dynlib validator iterator") != 0 in morechecks()
817 && strcmp(cfg->module_conf, "dynlib dynlib dynlib validator iterator") != 0 in morechecks()
818 && strcmp(cfg->module_conf, "python dynlib validator iterator") != 0 in morechecks()
819 && strcmp(cfg->module_conf, "python dynlib dynlib validator iterator") != 0 in morechecks()
820 && strcmp(cfg->module_conf, "python dynlib dynlib dynlib validator iterator") != 0 in morechecks()
821 && strcmp(cfg->module_conf, "dynlib respip validator iterator") != 0 in morechecks()
822 && strcmp(cfg->module_conf, "validator dynlib iterator") != 0 in morechecks()
823 && strcmp(cfg->module_conf, "dns64 dynlib iterator") != 0 in morechecks()
824 && strcmp(cfg->module_conf, "dns64 dynlib validator iterator") != 0 in morechecks()
825 && strcmp(cfg->module_conf, "dns64 validator dynlib iterator") != 0 in morechecks()
826 && strcmp(cfg->module_conf, "dynlib dns64 iterator") != 0 in morechecks()
827 && strcmp(cfg->module_conf, "dynlib dns64 validator iterator") != 0 in morechecks()
828 && strcmp(cfg->module_conf, "dynlib dns64 cachedb iterator") != 0 in morechecks()
829 && strcmp(cfg->module_conf, "dynlib dns64 validator cachedb iterator") != 0 in morechecks()
830 && strcmp(cfg->module_conf, "dns64 dynlib cachedb iterator") != 0 in morechecks()
831 && strcmp(cfg->module_conf, "dns64 dynlib validator cachedb iterator") != 0 in morechecks()
832 && strcmp(cfg->module_conf, "dynlib cachedb iterator") != 0 in morechecks()
833 && strcmp(cfg->module_conf, "dynlib respip cachedb iterator") != 0 in morechecks()
834 && strcmp(cfg->module_conf, "dynlib validator cachedb iterator") != 0 in morechecks()
835 && strcmp(cfg->module_conf, "dynlib respip validator cachedb iterator") != 0 in morechecks()
836 && strcmp(cfg->module_conf, "cachedb dynlib iterator") != 0 in morechecks()
837 && strcmp(cfg->module_conf, "respip cachedb dynlib iterator") != 0 in morechecks()
838 && strcmp(cfg->module_conf, "validator cachedb dynlib iterator") != 0 in morechecks()
839 && strcmp(cfg->module_conf, "respip validator cachedb dynlib iterator") != 0 in morechecks()
840 && strcmp(cfg->module_conf, "validator dynlib cachedb iterator") != 0 in morechecks()
841 && strcmp(cfg->module_conf, "respip validator dynlib cachedb iterator") != 0 in morechecks()
842 && strcmp(cfg->module_conf, "dynlib subnetcache iterator") != 0 in morechecks()
843 && strcmp(cfg->module_conf, "dynlib respip subnetcache iterator") != 0 in morechecks()
844 && strcmp(cfg->module_conf, "subnetcache dynlib iterator") != 0 in morechecks()
845 && strcmp(cfg->module_conf, "respip subnetcache dynlib iterator") != 0 in morechecks()
846 && strcmp(cfg->module_conf, "dynlib subnetcache validator iterator") != 0 in morechecks()
847 && strcmp(cfg->module_conf, "dynlib respip subnetcache validator iterator") != 0 in morechecks()
848 && strcmp(cfg->module_conf, "subnetcache dynlib validator iterator") != 0 in morechecks()
849 && strcmp(cfg->module_conf, "respip subnetcache dynlib validator iterator") != 0 in morechecks()
850 && strcmp(cfg->module_conf, "subnetcache validator dynlib iterator") != 0 in morechecks()
851 && strcmp(cfg->module_conf, "respip subnetcache validator dynlib iterator") != 0 in morechecks()
852 && strcmp(cfg->module_conf, "dynlib ipsecmod iterator") != 0 in morechecks()
853 && strcmp(cfg->module_conf, "dynlib ipsecmod respip iterator") != 0 in morechecks()
854 && strcmp(cfg->module_conf, "ipsecmod dynlib iterator") != 0 in morechecks()
855 && strcmp(cfg->module_conf, "ipsecmod dynlib respip iterator") != 0 in morechecks()
856 && strcmp(cfg->module_conf, "ipsecmod validator iterator") != 0 in morechecks()
857 && strcmp(cfg->module_conf, "ipsecmod respip validator iterator") != 0 in morechecks()
858 && strcmp(cfg->module_conf, "dynlib ipsecmod validator iterator") != 0 in morechecks()
859 && strcmp(cfg->module_conf, "dynlib ipsecmod respip validator iterator") != 0 in morechecks()
860 && strcmp(cfg->module_conf, "ipsecmod dynlib validator iterator") != 0 in morechecks()
861 && strcmp(cfg->module_conf, "ipsecmod dynlib respip validator iterator") != 0 in morechecks()
862 && strcmp(cfg->module_conf, "ipsecmod validator dynlib iterator") != 0 in morechecks()
863 && strcmp(cfg->module_conf, "ipsecmod respip validator dynlib iterator") != 0 in morechecks()
866 && strcmp(cfg->module_conf, "validator cachedb iterator") != 0 in morechecks()
867 && strcmp(cfg->module_conf, "respip validator cachedb iterator") != 0 in morechecks()
868 && strcmp(cfg->module_conf, "cachedb iterator") != 0 in morechecks()
869 && strcmp(cfg->module_conf, "respip cachedb iterator") != 0 in morechecks()
870 && strcmp(cfg->module_conf, "dns64 validator cachedb iterator") != 0 in morechecks()
871 && strcmp(cfg->module_conf, "dns64 cachedb iterator") != 0 in morechecks()
874 && strcmp(cfg->module_conf, "python dns64 cachedb iterator") != 0 in morechecks()
875 && strcmp(cfg->module_conf, "python dns64 validator cachedb iterator") != 0 in morechecks()
876 && strcmp(cfg->module_conf, "dns64 python cachedb iterator") != 0 in morechecks()
877 && strcmp(cfg->module_conf, "dns64 python validator cachedb iterator") != 0 in morechecks()
878 && strcmp(cfg->module_conf, "python cachedb iterator") != 0 in morechecks()
879 && strcmp(cfg->module_conf, "python respip cachedb iterator") != 0 in morechecks()
880 && strcmp(cfg->module_conf, "python validator cachedb iterator") != 0 in morechecks()
881 && strcmp(cfg->module_conf, "python respip validator cachedb iterator") != 0 in morechecks()
882 && strcmp(cfg->module_conf, "cachedb python iterator") != 0 in morechecks()
883 && strcmp(cfg->module_conf, "respip cachedb python iterator") != 0 in morechecks()
884 && strcmp(cfg->module_conf, "validator cachedb python iterator") != 0 in morechecks()
885 && strcmp(cfg->module_conf, "respip validator cachedb python iterator") != 0 in morechecks()
886 && strcmp(cfg->module_conf, "validator python cachedb iterator") != 0 in morechecks()
887 && strcmp(cfg->module_conf, "respip validator python cachedb iterator") != 0 in morechecks()
890 && strcmp(cfg->module_conf, "respip subnetcache validator cachedb iterator") != 0 in morechecks()
891 && strcmp(cfg->module_conf, "subnetcache validator cachedb iterator") != 0 in morechecks()
894 && strcmp(cfg->module_conf, "subnetcache iterator") != 0 in morechecks()
895 && strcmp(cfg->module_conf, "respip subnetcache iterator") != 0 in morechecks()
896 && strcmp(cfg->module_conf, "subnetcache validator iterator") != 0 in morechecks()
897 && strcmp(cfg->module_conf, "respip subnetcache validator iterator") != 0 in morechecks()
898 && strcmp(cfg->module_conf, "dns64 subnetcache iterator") != 0 in morechecks()
899 && strcmp(cfg->module_conf, "dns64 subnetcache validator iterator") != 0 in morechecks()
900 && strcmp(cfg->module_conf, "dns64 subnetcache respip iterator") != 0 in morechecks()
901 && strcmp(cfg->module_conf, "dns64 subnetcache respip validator iterator") != 0 in morechecks()
904 && strcmp(cfg->module_conf, "python subnetcache iterator") != 0 in morechecks()
905 && strcmp(cfg->module_conf, "python respip subnetcache iterator") != 0 in morechecks()
906 && strcmp(cfg->module_conf, "subnetcache python iterator") != 0 in morechecks()
907 && strcmp(cfg->module_conf, "respip subnetcache python iterator") != 0 in morechecks()
908 && strcmp(cfg->module_conf, "python subnetcache validator iterator") != 0 in morechecks()
909 && strcmp(cfg->module_conf, "python respip subnetcache validator iterator") != 0 in morechecks()
910 && strcmp(cfg->module_conf, "subnetcache python validator iterator") != 0 in morechecks()
911 && strcmp(cfg->module_conf, "respip subnetcache python validator iterator") != 0 in morechecks()
912 && strcmp(cfg->module_conf, "subnetcache validator python iterator") != 0 in morechecks()
913 && strcmp(cfg->module_conf, "respip subnetcache validator python iterator") != 0 in morechecks()
916 && strcmp(cfg->module_conf, "ipsecmod iterator") != 0 in morechecks()
917 && strcmp(cfg->module_conf, "ipsecmod respip iterator") != 0 in morechecks()
918 && strcmp(cfg->module_conf, "ipsecmod validator iterator") != 0 in morechecks()
919 && strcmp(cfg->module_conf, "ipsecmod respip validator iterator") != 0 in morechecks()
922 && strcmp(cfg->module_conf, "python ipsecmod iterator") != 0 in morechecks()
923 && strcmp(cfg->module_conf, "python ipsecmod respip iterator") != 0 in morechecks()
924 && strcmp(cfg->module_conf, "ipsecmod python iterator") != 0 in morechecks()
925 && strcmp(cfg->module_conf, "ipsecmod python respip iterator") != 0 in morechecks()
926 && strcmp(cfg->module_conf, "ipsecmod validator iterator") != 0 in morechecks()
927 && strcmp(cfg->module_conf, "ipsecmod respip validator iterator") != 0 in morechecks()
928 && strcmp(cfg->module_conf, "python ipsecmod validator iterator") != 0 in morechecks()
929 && strcmp(cfg->module_conf, "python ipsecmod respip validator iterator") != 0 in morechecks()
930 && strcmp(cfg->module_conf, "ipsecmod python validator iterator") != 0 in morechecks()
931 && strcmp(cfg->module_conf, "ipsecmod python respip validator iterator") != 0 in morechecks()
932 && strcmp(cfg->module_conf, "ipsecmod validator python iterator") != 0 in morechecks()
933 && strcmp(cfg->module_conf, "ipsecmod respip validator python iterator") != 0 in morechecks()
936 && strcmp(cfg->module_conf, "validator ipset iterator") != 0 in morechecks()
937 && strcmp(cfg->module_conf, "validator ipset respip iterator") != 0 in morechecks()
938 && strcmp(cfg->module_conf, "ipset iterator") != 0 in morechecks()
939 && strcmp(cfg->module_conf, "ipset respip iterator") != 0 in morechecks()
943 cfg->module_conf); in morechecks()
947 if(cfg->username && cfg->username[0]) { in morechecks()
948 if(getpwnam(cfg->username) == NULL) in morechecks()
949 fatal_exit("user '%s' does not exist.", cfg->username); in morechecks()
955 if(cfg->remote_control_enable && options_remote_is_address(cfg) in morechecks()
956 && cfg->control_use_cert) { in morechecks()
957 check_chroot_string("server-key-file", &cfg->server_key_file, in morechecks()
958 cfg->chrootdir, cfg); in morechecks()
959 check_chroot_string("server-cert-file", &cfg->server_cert_file, in morechecks()
960 cfg->chrootdir, cfg); in morechecks()
961 if(!is_file(cfg->control_key_file)) in morechecks()
962 fatal_exit("control-key-file: \"%s\" does not exist", in morechecks()
963 cfg->control_key_file); in morechecks()
964 if(!is_file(cfg->control_cert_file)) in morechecks()
965 fatal_exit("control-cert-file: \"%s\" does not exist", in morechecks()
966 cfg->control_cert_file); in morechecks()
968 if(cfg->remote_control_enable) in morechecks()
969 controlinterfacechecks(cfg); in morechecks()
971 donotquerylocalhostcheck(cfg); in morechecks()
972 localzonechecks(cfg); in morechecks()
973 view_and_respipchecks(cfg); in morechecks()
975 ecs_conf_checks(cfg); in morechecks()
981 check_fwd(struct config_file* cfg) in check_fwd() argument
984 if(!fwd || !forwards_apply_cfg(fwd, cfg)) { in check_fwd()
992 check_hints(struct config_file* cfg) in check_hints() argument
995 if(!hints || !hints_apply_cfg(hints, cfg)) { in check_hints()
1003 check_auth(struct config_file* cfg) in check_auth() argument
1007 if(!az || !auth_zones_apply_cfg(az, cfg, 0, &is_rpz, NULL, NULL)) { in check_auth()
1010 if(is_rpz && !strstr(cfg->module_conf, "respip")) in check_auth()
1020 struct config_file* cfg = config_create(); in checkconf() local
1021 if(!cfg) in checkconf()
1028 if(!config_read(cfg, cfgfile, NULL)) { in checkconf()
1030 config_delete(cfg); in checkconf()
1033 if(oldwd[0] && chdir(oldwd) == -1) in checkconf()
1036 print_option(cfg, opt, final); in checkconf()
1037 config_delete(cfg); in checkconf()
1040 morechecks(cfg); in checkconf()
1041 check_mod(cfg, iter_get_funcblock()); in checkconf()
1042 check_mod(cfg, val_get_funcblock()); in checkconf()
1044 if(strstr(cfg->module_conf, "python")) in checkconf()
1045 check_mod(cfg, pythonmod_get_funcblock()); in checkconf()
1047 check_fwd(cfg); in checkconf()
1048 check_hints(cfg); in checkconf()
1049 check_auth(cfg); in checkconf()
1050 if(!quiet) { printf("unbound-checkconf: no errors in %s\n", cfgfile); } in checkconf()
1051 config_delete(cfg); in checkconf()
1069 log_ident_set("unbound-checkconf"); in main()
1077 while( (c=getopt(argc, argv, "fhqo:")) != -1) { in main()
1094 argc -= optind; in main()