PageRenderTime 24ms CodeModel.GetById 0ms RepoModel.GetById 0ms app.codeStats 0ms

/external/bsd/blacklist/diff/named.diff

http://www.minix3.org/
diff | 216 lines | 204 code | 12 blank | 0 comment | 0 complexity | 484f1bfac25bcc94be58349b1871f7c4 MD5 | raw file
Possible License(s): MIT, WTFPL, AGPL-1.0, BSD-3-Clause, GPL-3.0, LGPL-2.0, JSON, 0BSD 
    

  1. --- /dev/null	2015-01-22 01:48:00.000000000 -0500
    2. 

  2. +++ dist/bin/named/pfilter.c	2015-01-22 01:35:16.000000000 -0500
    3. 

  3. @@ -0,0 +1,42 @@
    4. 

  4. +#include <config.h>
    5. 

  5. +
    6. 

  6. +#include <isc/platform.h>
    7. 

  7. +#include <isc/util.h>
    8. 

  8. +#include <named/types.h>
    9. 

  9. +#include <named/client.h>
    10. 

  10. +
    11. 

  11. +#include <blacklist.h>
    12. 

  12. +
    13. 

  13. +#include "pfilter.h"
    14. 

  14. +
    15. 

  15. +static struct blacklist *blstate;
    16. 

  16. +
    17. 

  17. +void
    18. 

  18. +pfilter_open(void)
    19. 

  19. +{
    20. 

  20. +	if (blstate == NULL)
    21. 

  21. +		blstate = blacklist_open();
    22. 

  22. +}
    23. 

  23. +
    24. 

  24. +#define TCP_CLIENT(c)  (((c)->attributes & NS_CLIENTATTR_TCP) != 0)
    25. 

  25. +
    26. 

  26. +void
    27. 

  27. +pfilter_notify(isc_result_t res, ns_client_t *client, const char *msg)
    28. 

  28. +{
    29. 

  29. +	isc_socket_t *socket;
    30. 

  30. +
    31. 

  31. +	pfilter_open();
    32. 

  32. +
    33. 

  33. +	if (TCP_CLIENT(client))
    34. 

  34. +		socket = client->tcpsocket;
    35. 

  35. +	else {
    36. 

  36. +		socket = client->udpsocket;
    37. 

  37. +		if (!client->peeraddr_valid)
    38. 

  38. +			return;
    39. 

  39. +	}
    40. 

  40. +	if (socket == NULL)
    41. 

  41. +		return;
    42. 

  42. +	blacklist_sa_r(blstate, 
    43. 

  43. +	    res != ISC_R_SUCCESS, isc_socket_getfd(socket),
    44. 

  44. +	    &client->peeraddr.type.sa, client->peeraddr.length, msg);
    45. 

  45. +}
    46. 

  46. --- /dev/null	2015-01-22 01:48:00.000000000 -0500
    47. 

  47. +++ dist/bin/named/pfilter.h	2015-01-22 01:16:56.000000000 -0500
    48. 

  48. @@ -0,0 +1,2 @@
    49. 

  49. +void pfilter_open(void);
    50. 

  50. +void pfilter_notify(isc_result_t, ns_client_t *, const char *);
    51. 

  51. Index: bin/named/Makefile
    52. 

  52. ===================================================================
    53. 

  53. RCS file: /cvsroot/src/external/bsd/bind/bin/named/Makefile,v
    54. 

  54. retrieving revision 1.8
    55. 

  55. diff -u -u -r1.8 Makefile
    56. 

  56. --- bin/named/Makefile	31 Dec 2013 20:23:12 -0000	1.8
    57. 

  57. +++ bin/named/Makefile	23 Jan 2015 21:37:09 -0000
    58. 

  58. @@ -33,7 +33,9 @@
    59. 

  59.  	lwaddr.c lwdclient.c lwderror.c \
    60. 

  60.  	lwdgabn.c lwdgnba.c lwdgrbn.c lwdnoop.c lwresd.c lwsearch.c \
    61. 

  61.  	main.c notify.c query.c server.c sortlist.c statschannel.c \
    62. 

  62. -	tkeyconf.c tsigconf.c \
    63. 

  63. +	pfilter.c tkeyconf.c tsigconf.c \
    64. 

  64.  	update.c xfrout.c zoneconf.c ${SRCS_UNIX}
    65. 

  65.  
    66. 

  66. +LDADD+=-lblacklist
    67. 

  67. +DPADD+=${LIBBLACKLIST}
    68. 

  68.  .include <bsd.prog.mk>
    69. 

  69. Index: dist/bin/named/client.c
    70. 

  70. ===================================================================
    71. 

  71. RCS file: /cvsroot/src/external/bsd/bind/dist/bin/named/client.c,v
    72. 

  72. retrieving revision 1.11
    73. 

  73. diff -u -u -r1.11 client.c
    74. 

  74. --- dist/bin/named/client.c	10 Dec 2014 04:37:51 -0000	1.11
    75. 

  75. +++ dist/bin/named/client.c	23 Jan 2015 21:37:09 -0000
    76. 

  76. @@ -65,6 +65,8 @@
    77. 

  77.  #include <named/server.h>
    78. 

  78.  #include <named/update.h>
    79. 

  79.  
    80. 

  80. +#include "pfilter.h"
    81. 

  81. +
    82. 

  82.  /***
    83. 

  83.   *** Client
    84. 

  84.   ***/
    85. 

  85. @@ -3101,6 +3103,7 @@
    86. 

  86.  	result = ns_client_checkaclsilent(client, sockaddr ? &netaddr : NULL,
    87. 

  87.  					  acl, default_allow);
    88. 

  88.  
    89. 

  89. +	pfilter_notify(result, client, opname);
    90. 

  90.  	if (result == ISC_R_SUCCESS)
    91. 

  91.  		ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
    92. 

  92.  			      NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
    93. 

  93. Index: dist/bin/named/main.c
    94. 

  94. ===================================================================
    95. 

  95. RCS file: /cvsroot/src/external/bsd/bind/dist/bin/named/main.c,v
    96. 

  96. retrieving revision 1.15
    97. 

  97. diff -u -u -r1.15 main.c
    98. 

  98. --- dist/bin/named/main.c	10 Dec 2014 04:37:51 -0000	1.15
    99. 

  99. +++ dist/bin/named/main.c	23 Jan 2015 21:37:09 -0000
    100. 

  100. @@ -83,6 +83,9 @@
    101. 

  101.  #ifdef HAVE_LIBXML2
    102. 

  102.  #include <libxml/xmlversion.h>
    103. 

  103.  #endif
    104. 

  104. +
    105. 

  105. +#include "pfilter.h"
    106. 

  106. +
    107. 

  107.  /*
    108. 

  108.   * Include header files for database drivers here.
    109. 

  109.   */
    110. 

  110. @@ -1206,6 +1209,8 @@
    111. 

  111.  
    112. 

  112.  	parse_command_line(argc, argv);
    113. 

  113.  
    114. 

  114. +	pfilter_open();
    115. 

  115. +
    116. 

  116.  	/*
    117. 

  117.  	 * Warn about common configuration error.
    118. 

  118.  	 */
    119. 

  119. Index: dist/bin/named/query.c
    120. 

  120. ===================================================================
    121. 

  121. RCS file: /cvsroot/src/external/bsd/bind/dist/bin/named/query.c,v
    122. 

  122. retrieving revision 1.17
    123. 

  123. diff -u -u -r1.17 query.c
    124. 

  124. --- dist/bin/named/query.c	10 Dec 2014 04:37:52 -0000	1.17
    125. 

  125. +++ dist/bin/named/query.c	23 Jan 2015 21:37:09 -0000
    126. 

  126. @@ -65,6 +65,8 @@
    127. 

  127.  #include <named/sortlist.h>
    128. 

  128.  #include <named/xfrout.h>
    129. 

  129.  
    130. 

  130. +#include "pfilter.h"
    131. 

  131. +
    132. 

  132.  #if 0
    133. 

  133.  /*
    134. 

  134.   * It has been recommended that DNS64 be changed to return excluded
    135. 

  135. @@ -762,6 +764,8 @@
    136. 

  136.  	}
    137. 

  137.  
    138. 

  138.  	result = ns_client_checkaclsilent(client, NULL, queryacl, ISC_TRUE);
    139. 

  139. +	if (result != ISC_R_SUCCESS)
    140. 

  140. +		pfilter_notify(result, client, "validatezonedb");
    141. 

  141.  	if ((options & DNS_GETDB_NOLOG) == 0) {
    142. 

  142.  		char msg[NS_CLIENT_ACLMSGSIZE("query")];
    143. 

  143.  		if (result == ISC_R_SUCCESS) {
    144. 

  144. @@ -1026,6 +1030,8 @@
    145. 

  145.  		result = ns_client_checkaclsilent(client, NULL,
    146. 

  146.  						  client->view->cacheacl,
    147. 

  147.  						  ISC_TRUE);
    148. 

  148. +		if (result == ISC_R_SUCCESS)
    149. 

  149. +			pfilter_notify(result, client, "cachedb");
    150. 

  150.  		if (result == ISC_R_SUCCESS) {
    151. 

  151.  			/*
    152. 

  152.  			 * We were allowed by the "allow-query-cache" ACL.
    153. 

  153. Index: dist/bin/named/update.c
    154. 

  154. ===================================================================
    155. 

  155. RCS file: /cvsroot/src/external/bsd/bind/dist/bin/named/update.c,v
    156. 

  156. retrieving revision 1.9
    157. 

  157. diff -u -u -r1.9 update.c
    158. 

  158. --- dist/bin/named/update.c	10 Dec 2014 04:37:52 -0000	1.9
    159. 

  159. +++ dist/bin/named/update.c	23 Jan 2015 21:37:09 -0000
    160. 

  160. @@ -59,6 +59,8 @@
    161. 

  161.  #include <named/server.h>
    162. 

  162.  #include <named/update.h>
    163. 

  163.  
    164. 

  164. +#include "pfilter.h"
    165. 

  165. +
    166. 

  166.  /*! \file
    167. 

  167.   * \brief
    168. 

  168.   * This module implements dynamic update as in RFC2136.
    169. 

  169. @@ -307,6 +309,7 @@
    170. 

  170.  
    171. 

  171.  	result = ns_client_checkaclsilent(client, NULL, queryacl, ISC_TRUE);
    172. 

  172.  	if (result != ISC_R_SUCCESS) {
    173. 

  173. +		pfilter_notify(result, client, "queryacl");
    174. 

  174.  		dns_name_format(zonename, namebuf, sizeof(namebuf));
    175. 

  175.  		dns_rdataclass_format(client->view->rdclass, classbuf,
    176. 

  176.  				      sizeof(classbuf));
    177. 

  177. @@ -324,6 +327,7 @@
    178. 

  178.  				      sizeof(classbuf));
    179. 

  179.  
    180. 

  180.  		result = DNS_R_REFUSED;
    181. 

  181. +		pfilter_notify(result, client, "updateacl");
    182. 

  182.  		ns_client_log(client, NS_LOGCATEGORY_UPDATE_SECURITY,
    183. 

  183.  			      NS_LOGMODULE_UPDATE, ISC_LOG_INFO,
    184. 

  184.  			      "update '%s/%s' denied", namebuf, classbuf);
    185. 

  185. @@ -362,6 +366,7 @@
    186. 

  186.  		msg = "disabled";
    187. 

  187.  	} else {
    188. 

  188.  		result = ns_client_checkaclsilent(client, NULL, acl, ISC_FALSE);
    189. 

  189. +		pfilter_notify(result, client, "updateacl");
    190. 

  190.  		if (result == ISC_R_SUCCESS) {
    191. 

  191.  			level = ISC_LOG_DEBUG(3);
    192. 

  192.  			msg = "approved";
    193. 

  193. Index: dist/bin/named/xfrout.c
    194. 

  194. ===================================================================
    195. 

  195. RCS file: /cvsroot/src/external/bsd/bind/dist/bin/named/xfrout.c,v
    196. 

  196. retrieving revision 1.7
    197. 

  197. diff -u -u -r1.7 xfrout.c
    198. 

  198. --- dist/bin/named/xfrout.c	10 Dec 2014 04:37:52 -0000	1.7
    199. 

  199. +++ dist/bin/named/xfrout.c	23 Jan 2015 21:37:09 -0000
    200. 

  200. @@ -54,6 +54,8 @@
    201. 

  201.  #include <named/server.h>
    202. 

  202.  #include <named/xfrout.h>
    203. 

  203.  
    204. 

  204. +#include "pfilter.h"
    205. 

  205. +
    206. 

  206.  /*! \file
    207. 

  207.   * \brief
    208. 

  208.   * Outgoing AXFR and IXFR.
    209. 

  209. @@ -822,6 +824,7 @@
    210. 

  210.  						     &client->peeraddr,
    211. 

  211.  						     &db);
    212. 

  212.  
    213. 

  213. +			pfilter_notify(result, client, "zonexfr");
    214. 

  214.  			if (result == ISC_R_NOPERM) {
    215. 

  215.  				char _buf1[DNS_NAME_FORMATSIZE];
    216. 

  216.  				char _buf2[DNS_RDATACLASS_FORMATSIZE];
    217. 

    218.