1195. [bug] Attempts to redefine builtin acls should be caught.

[RT #2403]

CHANGES

@@ -1,3 +1,6 @@
+1195.	[bug]		Attempts to redefine builtin acls should be caught.
+			[RT #2403]
+
 1194.	[bug]		Not all duplicate zone definitions were being detected
 			at the named.conf checking stage. [RT #2431]
 

lib/bind9/check.c

@@ -15,7 +15,7 @@
  * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check.c,v 1.17 2002/02/06 05:58:06 marka Exp $ */
+/* $Id: check.c,v 1.18 2002/02/06 06:45:40 marka Exp $ */
 
 #include <config.h>
 
@@ -510,11 +510,15 @@ isc_result_t
 bind9_check_namedconf(cfg_obj_t *config, isc_log_t *logctx, isc_mem_t *mctx) {
 	cfg_obj_t *options = NULL;
 	cfg_obj_t *views = NULL;
+	cfg_obj_t *acls = NULL;
 	cfg_obj_t *obj;
 	cfg_listelt_t *velement;
 	isc_result_t result = ISC_R_SUCCESS;
 	isc_result_t tresult;
 
+	static const char *builtin[] = { "localhost", "localnets",
+					 "any", "none", 0 };
+
 	(void)cfg_map_get(config, "options", &options);
 
 	if (options != NULL &&
@@ -579,5 +583,29 @@ bind9_check_namedconf(cfg_obj_t *config, isc_log_t *logctx, isc_mem_t *mctx) {
 		}
 	}
 
+        tresult = cfg_map_get(config, "acl", &acls);
+        if (tresult == ISC_R_SUCCESS) {
+		cfg_listelt_t *elt;
+		const char *aclname;
+
+		for (elt = cfg_list_first(acls);
+		     elt != NULL;
+		     elt = cfg_list_next(elt)) {
+			cfg_obj_t *acl = cfg_listelt_value(elt);
+			int i;
+
+			aclname = cfg_obj_asstring(cfg_tuple_get(acl, "name"));
+			for (i = 0; builtin[i] != NULL; i++)
+				if (strcasecmp(aclname, builtin[i]) == 0) {
+					cfg_obj_log(acl, logctx, ISC_LOG_ERROR,
+						    "attempt to redefine "
+						    "builtin acl '%s'",
+				    		    aclname);
+					result = ISC_R_FAILURE;
+					break;
+				}
+		}
+	}
+
 	return (result);
 }