Problems with include in acl file
Chris Thompson
cet1 at cam.ac.uk
Sun Oct 18 14:35:34 UTC 2009
On Oct 18 2009, Joseph S D Yao wrote:
>On Sat, Oct 17, 2009 at 10:33:37PM -0400, Robert Moskowitz wrote:
>> I am trying to build up an environment where the user can maintain
>> custom files and leave the basic files alone.
>>
>> So I have a named.acl that works, I add an include line:
>>
>> acl "hdanets" {
>> 192.168.1.0/24; // hda network
>> include "custom.acl";
>> };
>>
>>
>> and get the error:
>>
>> Starting named:
>> Error in named configuration:
>> named.acl:3: missing ';' before '"'
>...
>
>
>Glancing through the 9.6 ARM <https://www.isc.org/files/Bv9.6ARM.pdf>,
>it seems to me that "include" is a statement, and needs to be parsed
>outside of any other statements, not inside a statement.
That's what it *says* ... but it is being economical with the truth!
> Inside the
>"acl" statement the parser would expect to see IP addresses, networks in
>the ip.ad.dr.ess/xx format, keys with the name prepended by the keyword
>"key", and the names of other ACLs. When it encounters the word
>"include" in this context, it parses it as the name of an ACL - after
>which, the '"' is out of place.
As long ago as BIND 9.2, you'll find this in the CHANGES file:
764. [func] Configuration files now allow "include" directives
in more places, such as inside the "view" statement.
[RT #377, #728, #860]
Roughly, "include" can occur instead of a keyword in any list where all
list elements are introduced by keywords; e.g. "view", "options", "logging",
"zone". But not "acl" because the elements there do not (in general) start
with keywords.
For the whole truth, you need to look at lib/isccfg/namedconf.c and
lib/isccfg/parser.c and work out in exactly which cases cfg_parse_mapbody
in the latter gets called :-(
--
Chris Thompson
Email: cet1 at cam.ac.uk
More information about the bind-users
mailing list