ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity

IP addresses in ACLs are now represented as

Browse Source 
isc_netaddr_t, not isc_sockaddr_t
This commit is contained in:
Andreas Gustafsson
2000-02-15 19:53:05 +00:00
parent be1395f914
commit fd0bc40a25
5 changed files with 32 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
bin/named/aclconf.c
View File

@@ -137,7 +137,8 @@ dns_acl_fromconfig(dns_c_ipmatchlist_t *caml,
switch (ce->type) {
case dns_c_ipmatch_pattern:
de->type = dns_aclelementtype_ipprefix;
de->u.ip_prefix.address = ce->u.direct.address;
isc_netaddr_fromsockaddr(&de->u.ip_prefix.address,
&ce->u.direct.address);
/* XXX "mask" is a misnomer */
de->u.ip_prefix.prefixlen = ce->u.direct.mask;
break;

28
bin/named/interfacemgr.c
View File

@@ -521,8 +521,7 @@ do_ipv4(ns_interfacemgr_t *mgr) {
goto ignore_interface;
elt.type = dns_aclelementtype_ipprefix;
elt.negative = ISC_FALSE;
isc_sockaddr_fromnetaddr(&elt.u.ip_prefix.address,
&interface.address, 0); /* XXX */
elt.u.ip_prefix.address = interface.address;
elt.u.ip_prefix.prefixlen = prefixlen;
/* XXX suppress duplicates */
result = dns_acl_appendelement(mgr->aclenv.localnets, &elt);
@@ -538,7 +537,8 @@ do_ipv4(ns_interfacemgr_t *mgr) {
le = ISC_LIST_NEXT(le, link))
{
int match;
isc_sockaddr_t listen_addr;
isc_netaddr_t listen_netaddr;
isc_sockaddr_t listen_sockaddr;
char buf[128];
const char *addrstr;
@@ -546,15 +546,17 @@ do_ipv4(ns_interfacemgr_t *mgr) {
* Construct a socket address for this IP/port
* combination.
*/
isc_sockaddr_fromin(&listen_addr,
&interface.address.type.in,
le->port);
isc_netaddr_fromin(&listen_netaddr,
&interface.address.type.in);
isc_sockaddr_fromnetaddr(&listen_sockaddr,
&listen_netaddr,
le->port);
/*
* Construct a human-readable version of same.
*/
addrstr = inet_ntop(listen_addr.type.sin.sin_family,
&listen_addr.type.sin.sin_addr,
addrstr = inet_ntop(listen_netaddr.family,
&listen_netaddr.type,
buf, sizeof(buf));
if (addrstr == NULL)
addrstr = "(bad address)";
@@ -563,13 +565,13 @@ do_ipv4(ns_interfacemgr_t *mgr) {
* See if the address matches the listen-on statement;
* if not, ignore the interface.
*/
result = dns_acl_match(&listen_addr, NULL,
result = dns_acl_match(&listen_netaddr, NULL,
le->acl, &mgr->aclenv,
&match, NULL);
if (match <= 0)
continue;
ifp = find_matching_interface(mgr, &listen_addr);
ifp = find_matching_interface(mgr, &listen_sockaddr);
if (ifp != NULL) {
ifp->generation = mgr->generation;
} else {
@@ -578,11 +580,11 @@ do_ipv4(ns_interfacemgr_t *mgr) {
"listening on IPv4 interface "
"%s, %s port %u",
interface.name, addrstr,
ntohs(listen_addr.type.
sin.sin_port));
le->port);
result = ns_interface_setup(mgr,
&listen_addr, &ifp);
&listen_sockaddr,
&ifp);
if (result != DNS_R_SUCCESS) {
isc_log_write(IFMGR_COMMON_LOGARGS,
ISC_LOG_ERROR,

17
lib/dns/acl.c
View File

@@ -137,6 +137,7 @@ dns_acl_checkrequest(dns_name_t *signer, isc_sockaddr_t *reqaddr,
{
isc_result_t result;
int match;
isc_netaddr_t netaddr;
dns_acl_t *acl = NULL;
if (main_acl != NULL)
@@ -148,7 +149,9 @@ dns_acl_checkrequest(dns_name_t *signer, isc_sockaddr_t *reqaddr,
else
goto deny;
result = dns_acl_match(reqaddr, signer, acl, env,
isc_netaddr_fromsockaddr(&netaddr, reqaddr);
result = dns_acl_match(&netaddr, signer, acl, env,
&match, NULL);
if (result != DNS_R_SUCCESS)
goto deny; /* Internal error, already logged. */
@@ -170,7 +173,7 @@ dns_acl_checkrequest(dns_name_t *signer, isc_sockaddr_t *reqaddr,
}
isc_result_t
dns_acl_match(isc_sockaddr_t *reqaddr,
dns_acl_match(isc_netaddr_t *reqaddr,
dns_name_t *reqsigner,
dns_acl_t *acl,
dns_aclenv_t *env,
@@ -189,9 +192,9 @@ dns_acl_match(isc_sockaddr_t *reqaddr,
switch (e->type) {
case dns_aclelementtype_ipprefix:
if (isc_sockaddr_eqaddrprefix(reqaddr,
&e->u.ip_prefix.address,
e->u.ip_prefix.prefixlen))
if (isc_netaddr_eqprefix(reqaddr,
&e->u.ip_prefix.address,
e->u.ip_prefix.prefixlen))
goto matched;
break;
@@ -315,8 +318,8 @@ dns_aclelement_equal(dns_aclelement_t *ea, dns_aclelement_t *eb)
if (ea->u.ip_prefix.prefixlen !=
eb->u.ip_prefix.prefixlen)
return (ISC_FALSE);
return (isc_sockaddr_equal(&ea->u.ip_prefix.address,
&eb->u.ip_prefix.address));
return (isc_netaddr_equal(&ea->u.ip_prefix.address,
&eb->u.ip_prefix.address));
case dns_aclelementtype_keyname:
return (dns_name_equal(&ea->u.keyname, &eb->u.keyname));
case dns_aclelementtype_nestedacl:

3
lib/dns/aclconf.c
View File

@@ -137,7 +137,8 @@ dns_acl_fromconfig(dns_c_ipmatchlist_t *caml,
switch (ce->type) {
case dns_c_ipmatch_pattern:
de->type = dns_aclelementtype_ipprefix;
de->u.ip_prefix.address = ce->u.direct.address;
isc_netaddr_fromsockaddr(&de->u.ip_prefix.address,
&ce->u.direct.address);
/* XXX "mask" is a misnomer */
de->u.ip_prefix.prefixlen = ce->u.direct.mask;
break;

6
lib/dns/include/dns/acl.h
View File

@@ -32,7 +32,7 @@
#include <dns/types.h>
#include <dns/name.h>
#include <isc/sockaddr.h>
#include <isc/netaddr.h>
/***
*** Types
@@ -52,7 +52,7 @@ struct dns_aclelement {
isc_boolean_t negative;
union {
struct {
isc_sockaddr_t address; /* IP4/IP6 */
isc_netaddr_t address; /* IP4/IP6 */
unsigned int prefixlen;
} ip_prefix;
dns_name_t keyname;
@@ -160,7 +160,7 @@ dns_acl_checkrequest(dns_name_t *signer, isc_sockaddr_t *reqaddr,
*/
isc_result_t
dns_acl_match(isc_sockaddr_t *reqaddr,
dns_acl_match(isc_netaddr_t *reqaddr,
dns_name_t *reqsigner,
dns_acl_t *acl,
dns_aclenv_t *env,