summaryrefslogtreecommitdiffstats
path: root/contrib/bind9/lib/dns/ssu.c
diff options
context:
space:
mode:
Diffstat (limited to 'contrib/bind9/lib/dns/ssu.c')
-rw-r--r--contrib/bind9/lib/dns/ssu.c68
1 files changed, 64 insertions, 4 deletions
diff --git a/contrib/bind9/lib/dns/ssu.c b/contrib/bind9/lib/dns/ssu.c
index 128071c..eb13551 100644
--- a/contrib/bind9/lib/dns/ssu.c
+++ b/contrib/bind9/lib/dns/ssu.c
@@ -1,5 +1,5 @@
/*
- * Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008, 2010, 2011 Internet Systems Consortium, Inc. ("ISC")
* Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
*
* Permission to use, copy, modify, and/or distribute this software for any
@@ -17,7 +17,7 @@
/*! \file */
/*
- * $Id: ssu.c,v 1.34 2008-01-18 23:46:58 tbox Exp $
+ * $Id: ssu.c,v 1.38 2011-01-06 23:47:00 tbox Exp $
* Principal Author: Brian Wellington
*/
@@ -30,11 +30,13 @@
#include <isc/string.h>
#include <isc/util.h>
+#include <dns/dlz.h>
#include <dns/fixedname.h>
#include <dns/name.h>
#include <dns/ssu.h>
#include <dst/gssapi.h>
+#include <dst/dst.h>
#define SSUTABLEMAGIC ISC_MAGIC('S', 'S', 'U', 'T')
#define VALID_SSUTABLE(table) ISC_MAGIC_VALID(table, SSUTABLEMAGIC)
@@ -59,6 +61,7 @@ struct dns_ssutable {
isc_mem_t *mctx;
unsigned int references;
isc_mutex_t lock;
+ dns_dlzdb_t *dlzdatabase;
ISC_LIST(dns_ssurule_t) rules;
};
@@ -345,7 +348,8 @@ stf_from_address(dns_name_t *stfself, isc_netaddr_t *tcpaddr) {
isc_boolean_t
dns_ssutable_checkrules(dns_ssutable_t *table, dns_name_t *signer,
dns_name_t *name, isc_netaddr_t *tcpaddr,
- dns_rdatatype_t type)
+ dns_rdatatype_t type,
+ const dst_key_t *key)
{
dns_ssurule_t *rule;
unsigned int i;
@@ -483,10 +487,27 @@ dns_ssutable_checkrules(dns_ssutable_t *table, dns_name_t *signer,
if (!dns_name_equal(stfself, name))
continue;
break;
+ case DNS_SSUMATCHTYPE_EXTERNAL:
+ if (!dns_ssu_external_match(rule->identity, signer,
+ name, tcpaddr, type, key,
+ table->mctx))
+ continue;
+ break;
+ case DNS_SSUMATCHTYPE_DLZ:
+ if (!dns_dlz_ssumatch(table->dlzdatabase, signer,
+ name, tcpaddr, type, key))
+ continue;
+ break;
}
if (rule->ntypes == 0) {
- if (!isusertype(type))
+ /*
+ * If this is a DLZ rule, then the DLZ ssu
+ * checks will have already checked
+ * the type.
+ */
+ if (rule->matchtype != DNS_SSUMATCHTYPE_DLZ &&
+ !isusertype(type))
continue;
} else {
for (i = 0; i < rule->ntypes; i++) {
@@ -550,3 +571,42 @@ dns_ssutable_nextrule(dns_ssurule_t *rule, dns_ssurule_t **nextrule) {
*nextrule = ISC_LIST_NEXT(rule, link);
return (*nextrule != NULL ? ISC_R_SUCCESS : ISC_R_NOMORE);
}
+
+/*
+ * Create a specialised SSU table that points at an external DLZ database
+ */
+isc_result_t
+dns_ssutable_createdlz(isc_mem_t *mctx, dns_ssutable_t **tablep,
+ dns_dlzdb_t *dlzdatabase)
+{
+ isc_result_t result;
+ dns_ssurule_t *rule;
+ dns_ssutable_t *table = NULL;
+
+ REQUIRE(tablep != NULL && *tablep == NULL);
+
+ result = dns_ssutable_create(mctx, &table);
+ if (result != ISC_R_SUCCESS)
+ return (result);
+
+ table->dlzdatabase = dlzdatabase;
+
+ rule = isc_mem_get(table->mctx, sizeof(dns_ssurule_t));
+ if (rule == NULL) {
+ dns_ssutable_detach(&table);
+ return (ISC_R_NOMEMORY);
+ }
+
+ rule->identity = NULL;
+ rule->name = NULL;
+ rule->types = NULL;
+ rule->grant = ISC_TRUE;
+ rule->matchtype = DNS_SSUMATCHTYPE_DLZ;
+ rule->ntypes = 0;
+ rule->types = NULL;
+ rule->magic = SSURULEMAGIC;
+
+ ISC_LIST_INITANDAPPEND(table->rules, rule, link);
+ *tablep = table;
+ return (ISC_R_SUCCESS);
+}
OpenPOWER on IntegriCloud