diff --git a/bin/named/include/named/query.h b/bin/named/include/named/query.h index fea88a889f..467436c4af 100644 --- a/bin/named/include/named/query.h +++ b/bin/named/include/named/query.h @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.h,v 1.19 2000/07/27 09:37:23 tale Exp $ */ +/* $Id: query.h,v 1.20 2000/07/31 21:06:58 explorer Exp $ */ #ifndef NAMED_QUERY_H #define NAMED_QUERY_H 1 @@ -44,6 +44,7 @@ struct ns_query { unsigned int dboptions; unsigned int fetchoptions; dns_db_t * gluedb; + dns_db_t * authdb; dns_fetch_t * fetch; dns_a6context_t a6ctx; isc_bufferlist_t namebufs; diff --git a/bin/named/query.c b/bin/named/query.c index 4b4c49bb97..80f53e7ba1 100644 --- a/bin/named/query.c +++ b/bin/named/query.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: query.c,v 1.118 2000/07/27 09:37:06 tale Exp $ */ +/* $Id: query.c,v 1.119 2000/07/31 21:06:55 explorer Exp $ */ #include @@ -131,6 +131,9 @@ query_reset(ns_client_t *client, isc_boolean_t everything) { } ISC_LIST_INIT(client->query.activeversions); + if (client->query.authdb != NULL) + dns_db_detach(&client->query.authdb); + /* * Clean up free versions. */ @@ -171,6 +174,7 @@ query_reset(ns_client_t *client, isc_boolean_t everything) { client->query.dboptions = 0; client->query.fetchoptions = 0; client->query.gluedb = NULL; + client->query.authdb = NULL; } static void @@ -395,6 +399,7 @@ ns_query_init(ns_client_t *client) { client->query.restarts = 0; client->query.qname = NULL; client->query.fetch = NULL; + client->query.authdb = NULL; query_reset(client, ISC_FALSE); result = query_newdbversion(client, 3); if (result != ISC_R_SUCCESS) @@ -420,7 +425,8 @@ query_findversion(ns_client_t *client, dns_db_t *db, dbversion = ISC_LIST_NEXT(dbversion, link)) { if (dbversion->db == db) break; - } + } + if (dbversion == NULL) { /* * This is a new zone for this query. Add it to @@ -465,6 +471,31 @@ query_getzonedb(ns_client_t *client, dns_name_t *name, unsigned int options, if (result != ISC_R_SUCCESS) return (result); + /* + * If this is the first time we are called (that is, looking up + * the actual name in the query section) remember this database. + * + * If authdb is non-NULL, we have been here before, and the + * found database is always returned. + * + * This limits our searching to the zone where the first name + * (the query target) is found. This prevents following CNAMES + * or DNAMES into other zones and prevents returning additional + * data from other zones. + */ + if (!client->view->additionalfromauth) { + if (client->query.authdb != NULL) { + if (*dbp != client->query.authdb) { + dns_zone_detach(zonep); + dns_db_detach(dbp); + return (DNS_R_REFUSED); + } + dns_db_attach(client->query.authdb, dbp); + } else { + dns_db_attach(*dbp, &client->query.authdb); + } + } + /* * If the zone has an ACL, we'll check it, otherwise * we use the view's "allow-query" ACL. Each ACL is only checked @@ -533,7 +564,7 @@ query_getzonedb(ns_client_t *client, dns_name_t *name, unsigned int options, * the NS_QUERYATTR_QUERYOK attribute is now valid. */ client->query.attributes |= NS_QUERYATTR_QUERYOKVALID; - } + } } else result = ISC_R_SUCCESS; @@ -543,12 +574,10 @@ query_getzonedb(ns_client_t *client, dns_name_t *name, unsigned int options, */ if (result == ISC_R_SUCCESS) dbversion->queryok = ISC_TRUE; - + return (result); } - - static inline isc_result_t query_getcachedb(ns_client_t *client, dns_db_t **dbp, unsigned int options) { @@ -2859,7 +2888,8 @@ ns_query_start(ns_client_t *client) { */ client->next = query_next; - if (client->view->cachedb == NULL) { + if ((client->view->cachedb == NULL) + || (!client->view->additionalfromcache)) { /* * We don't have a cache. Turn off cache support and * recursion. diff --git a/bin/named/server.c b/bin/named/server.c index 7de164bbab..a444070412 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: server.c,v 1.205 2000/07/27 09:37:07 tale Exp $ */ +/* $Id: server.c,v 1.206 2000/07/31 21:06:56 explorer Exp $ */ #include @@ -616,6 +616,29 @@ configure_view(dns_view_t *view, dns_c_ctx_t *cctx, dns_c_view_t *cview, if (result != ISC_R_SUCCESS) view->transfer_format = dns_many_answers; + /* + * Set sources where additional data, CNAMEs, and DNAMEs may be found. + */ + result = ISC_R_NOTFOUND; + if (cview != NULL) + result = dns_c_view_getadditionalfromauth(cview, + &view->additionalfromauth); + if (result != ISC_R_SUCCESS) + result = dns_c_ctx_getadditionalfromauth(cctx, + &view->additionalfromauth); + if (result != ISC_R_SUCCESS) + view->additionalfromauth = ISC_TRUE; + + result = ISC_R_NOTFOUND; + if (cview != NULL) + result = dns_c_view_getadditionalfromcache(cview, + &view->additionalfromcache); + if (result != ISC_R_SUCCESS) + result = dns_c_ctx_getadditionalfromcache(cctx, + &view->additionalfromcache); + if (result != ISC_R_SUCCESS) + view->additionalfromcache = ISC_TRUE; + CHECK(configure_view_acl(cview, cctx, actx, ns_g_mctx, dns_c_view_getallowquery, dns_c_ctx_getallowquery, diff --git a/lib/dns/config/confctx.c b/lib/dns/config/confctx.c index a628c23aed..694f72a1b9 100644 --- a/lib/dns/config/confctx.c +++ b/lib/dns/config/confctx.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: confctx.c,v 1.77 2000/07/27 09:47:01 tale Exp $ */ +/* $Id: confctx.c,v 1.78 2000/07/31 21:07:00 explorer Exp $ */ #include @@ -982,8 +982,8 @@ dns_c_ctx_optionsprint(FILE *fp, int indent, dns_c_options_t *options) PRINT_AS_BOOLEAN(request_ixfr, "request-ixfr"); PRINT_AS_BOOLEAN(provide_ixfr, "provide-ixfr"); PRINT_AS_BOOLEAN(treat_cr_as_space, "treat-cr-as-space"); - PRINT_AS_BOOLEAN(glue_from_auth, "glue-from-auth"); - PRINT_AS_BOOLEAN(glue_from_cache, "glue-from-cache"); + PRINT_AS_BOOLEAN(additional_from_auth, "additional-from-auth"); + PRINT_AS_BOOLEAN(additional_from_cache, "additional-from-cache"); if (options->transfer_format != NULL) { dns_c_printtabs(fp, indent + 1); @@ -1499,8 +1499,8 @@ dns_c_ctx_optionsnew(isc_mem_t *mem, dns_c_options_t **options) opts->request_ixfr = NULL; opts->provide_ixfr = NULL; opts->treat_cr_as_space = NULL; - opts->glue_from_auth = NULL; - opts->glue_from_cache = NULL; + opts->additional_from_auth = NULL; + opts->additional_from_cache = NULL; opts->transfer_source = NULL; opts->transfer_source_v6 = NULL; @@ -1607,8 +1607,8 @@ dns_c_ctx_optionsdelete(dns_c_options_t **opts) FREEFIELD(request_ixfr); FREEFIELD(provide_ixfr); FREEFIELD(treat_cr_as_space); - FREEFIELD(glue_from_cache); - FREEFIELD(glue_from_auth); + FREEFIELD(additional_from_cache); + FREEFIELD(additional_from_auth); FREEFIELD(port); @@ -1975,14 +1975,14 @@ SETBOOL(treatcrasspace, treat_cr_as_space) UNSETBOOL(treatcrasspace, treat_cr_as_space) -GETBOOL(gluefromauth, glue_from_auth) -SETBOOL(gluefromauth, glue_from_auth) -UNSETBOOL(gluefromauth, glue_from_auth) +GETBOOL(additionalfromauth, additional_from_auth) +SETBOOL(additionalfromauth, additional_from_auth) +UNSETBOOL(additionalfromauth, additional_from_auth) -GETBOOL(gluefromcache, glue_from_cache) -SETBOOL(gluefromcache, glue_from_cache) -UNSETBOOL(gluefromcache, glue_from_cache) +GETBOOL(additionalfromcache, additional_from_cache) +SETBOOL(additionalfromcache, additional_from_cache) +UNSETBOOL(additionalfromcache, additional_from_cache) GETSOCKADDR(transfersource, transfer_source) diff --git a/lib/dns/config/confparser.y.dirty b/lib/dns/config/confparser.y.dirty index a5265a8568..8048b4e304 100644 --- a/lib/dns/config/confparser.y.dirty +++ b/lib/dns/config/confparser.y.dirty @@ -16,7 +16,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: confparser.y.dirty,v 1.4 2000/07/31 19:35:31 explorer Exp $ */ +/* $Id: confparser.y.dirty,v 1.5 2000/07/31 21:07:02 explorer Exp $ */ #include @@ -283,8 +283,8 @@ static isc_boolean_t int_too_big(isc_uint32_t base, isc_uint32_t mult); %token L_FIRST %token L_FORWARD %token L_FORWARDERS -%token L_GLUE_FROM_AUTH -%token L_GLUE_FROM_CACHE +%token L_ADDITIONAL_FROM_AUTH +%token L_ADDITIONAL_FROM_CACHE %token L_GRANT %token L_GROUP %token L_HAS_OLD_CLIENTS @@ -890,21 +890,21 @@ option: /* Empty */ YYABORT; } } - | L_GLUE_FROM_CACHE yea_or_nay + | L_ADDITIONAL_FROM_CACHE yea_or_nay { - tmpres = dns_c_ctx_setgluefromcache(currcfg, $2); + tmpres = dns_c_ctx_setadditionalfromcache(currcfg, $2); if (tmpres == ISC_R_EXISTS) { parser_error(ISC_FALSE, - "cannot redefine glue-from-cache"); + "cannot redefine additional-from-cache"); YYABORT; } } - | L_GLUE_FROM_AUTH yea_or_nay + | L_ADDITIONAL_FROM_AUTH yea_or_nay { - tmpres = dns_c_ctx_setgluefromauth(currcfg, $2); + tmpres = dns_c_ctx_setadditionalfromauth(currcfg, $2); if (tmpres == ISC_R_EXISTS) { parser_error(ISC_FALSE, - "cannot redefine glue-from-auth"); + "cannot redefine additional-from-auth"); YYABORT; } } @@ -3712,37 +3712,37 @@ view_option: L_FORWARD zone_forward_opt YYABORT; } } - | L_GLUE_FROM_CACHE yea_or_nay + | L_ADDITIONAL_FROM_CACHE yea_or_nay { dns_c_view_t *view = dns_c_ctx_getcurrview(currcfg); INSIST(view != NULL); - tmpres = dns_c_view_setgluefromcache(view, $2); + tmpres = dns_c_view_setadditionalfromcache(view, $2); if (tmpres == ISC_R_EXISTS) { parser_error(ISC_FALSE, - "cannot redefine view glue-from-cache"); + "cannot redefine view additional-from-cache"); YYABORT; } else if (tmpres != ISC_R_SUCCESS) { parser_error(ISC_FALSE, - "failed to set view glue-from-cache"); + "failed to set view additional-from-cache"); YYABORT; } } - | L_GLUE_FROM_AUTH yea_or_nay + | L_ADDITIONAL_FROM_AUTH yea_or_nay { dns_c_view_t *view = dns_c_ctx_getcurrview(currcfg); INSIST(view != NULL); - tmpres = dns_c_view_setgluefromauth(view, $2); + tmpres = dns_c_view_setadditionalfromauth(view, $2); if (tmpres == ISC_R_EXISTS) { parser_error(ISC_FALSE, - "cannot redefine view glue-from-auth"); + "cannot redefine view additional-from-auth"); YYABORT; } else if (tmpres != ISC_R_SUCCESS) { parser_error(ISC_FALSE, - "failed to set view glue-from-auth"); + "failed to set view additional-from-auth"); YYABORT; } } @@ -5309,8 +5309,8 @@ static struct token keyword_tokens [] = { { "first", L_FIRST }, { "forward", L_FORWARD }, { "forwarders", L_FORWARDERS }, - { "glue-from-auth", L_GLUE_FROM_AUTH }, - { "glue-from-cache", L_GLUE_FROM_CACHE }, + { "additional-from-auth", L_ADDITIONAL_FROM_AUTH }, + { "additional-from-cache", L_ADDITIONAL_FROM_CACHE }, { "grant", L_GRANT }, { "group", L_GROUP }, { "has-old-clients", L_HAS_OLD_CLIENTS }, diff --git a/lib/dns/config/confview.c b/lib/dns/config/confview.c index 70dfa40759..a551b5b540 100644 --- a/lib/dns/config/confview.c +++ b/lib/dns/config/confview.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: confview.c,v 1.40 2000/07/27 09:47:13 tale Exp $ */ +/* $Id: confview.c,v 1.41 2000/07/31 21:07:03 explorer Exp $ */ #include @@ -474,8 +474,8 @@ dns_c_view_new(isc_mem_t *mem, const char *name, dns_rdataclass_t viewclass, view->fetch_glue = NULL; view->notify = NULL; view->rfc2308_type1 = NULL; - view->glue_from_cache = NULL; - view->glue_from_auth = NULL; + view->additional_from_cache = NULL; + view->additional_from_auth = NULL; view->transfer_source = NULL; view->transfer_source_v6 = NULL; @@ -667,8 +667,8 @@ dns_c_view_print(FILE *fp, int indent, dns_c_view_t *view) { PRINT_AS_BOOLEAN(fetch_glue, "fetch-glue"); PRINT_AS_BOOLEAN(notify, "notify"); PRINT_AS_BOOLEAN(rfc2308_type1, "rfc2308-type1"); - PRINT_AS_BOOLEAN(glue_from_auth, "glue-from-auth"); - PRINT_AS_BOOLEAN(glue_from_cache, "glue-from-cache"); + PRINT_AS_BOOLEAN(additional_from_auth, "additional-from-auth"); + PRINT_AS_BOOLEAN(additional_from_cache, "additional-from-cache"); PRINT_IP(transfer_source, "transfer-source"); @@ -806,8 +806,8 @@ dns_c_view_delete(dns_c_view_t **viewptr) { FREEFIELD(fetch_glue); FREEFIELD(notify); FREEFIELD(rfc2308_type1); - FREEFIELD(glue_from_auth); - FREEFIELD(glue_from_cache); + FREEFIELD(additional_from_auth); + FREEFIELD(additional_from_cache); FREEFIELD(transfer_source); FREEFIELD(transfer_source_v6); @@ -1477,13 +1477,13 @@ SETBOOL(rfc2308type1, rfc2308_type1) GETBOOL(rfc2308type1, rfc2308_type1) UNSETBOOL(rfc2308type1, rfc2308_type1) -SETBOOL(gluefromcache, glue_from_cache) -GETBOOL(gluefromcache, glue_from_cache) -UNSETBOOL(gluefromcache, glue_from_cache) +SETBOOL(additionalfromcache, additional_from_cache) +GETBOOL(additionalfromcache, additional_from_cache) +UNSETBOOL(additionalfromcache, additional_from_cache) -SETBOOL(gluefromauth, glue_from_auth) -GETBOOL(gluefromauth, glue_from_auth) -UNSETBOOL(gluefromauth, glue_from_auth) +SETBOOL(additionalfromauth, additional_from_auth) +GETBOOL(additionalfromauth, additional_from_auth) +UNSETBOOL(additionalfromauth, additional_from_auth) GETSOCKADDR(transfersource, transfer_source) SETSOCKADDR(transfersource, transfer_source) diff --git a/lib/dns/include/dns/confctx.h b/lib/dns/include/dns/confctx.h index 88fbe2ac47..6253af01cf 100644 --- a/lib/dns/include/dns/confctx.h +++ b/lib/dns/include/dns/confctx.h @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: confctx.h,v 1.46 2000/07/27 09:47:34 tale Exp $ */ +/* $Id: confctx.h,v 1.47 2000/07/31 21:07:04 explorer Exp $ */ #ifndef DNS_CONFCTX_H #define DNS_CONFCTX_H 1 @@ -167,8 +167,8 @@ struct dns_c_options { isc_boolean_t *request_ixfr; isc_boolean_t *provide_ixfr; isc_boolean_t *treat_cr_as_space; - isc_boolean_t *glue_from_cache; - isc_boolean_t *glue_from_auth; + isc_boolean_t *additional_from_cache; + isc_boolean_t *additional_from_auth; isc_sockaddr_t *transfer_source; isc_sockaddr_t *transfer_source_v6; @@ -587,18 +587,18 @@ isc_result_t dns_c_ctx_gettreatcrasspace(dns_c_ctx_t *cfg, isc_boolean_t *retval); -isc_result_t dns_c_ctx_getgluefromcache(dns_c_ctx_t *cfg, - isc_boolean_t *retval); -isc_result_t dns_c_ctx_setgluefromcache(dns_c_ctx_t *cfg, - isc_boolean_t newval); -isc_result_t dns_c_ctx_unsetgluefromcache(dns_c_ctx_t *ctx); +isc_result_t dns_c_ctx_getadditionalfromcache(dns_c_ctx_t *cfg, + isc_boolean_t *retval); +isc_result_t dns_c_ctx_setadditionalfromcache(dns_c_ctx_t *cfg, + isc_boolean_t newval); +isc_result_t dns_c_ctx_unsetadditionalfromcache(dns_c_ctx_t *ctx); -isc_result_t dns_c_ctx_getgluefromauth(dns_c_ctx_t *cfg, - isc_boolean_t *retval); -isc_result_t dns_c_ctx_setgluefromauth(dns_c_ctx_t *cfg, - isc_boolean_t newval); -isc_result_t dns_c_ctx_unsetgluefromauth(dns_c_ctx_t *ctx); +isc_result_t dns_c_ctx_getadditionalfromauth(dns_c_ctx_t *cfg, + isc_boolean_t *retval); +isc_result_t dns_c_ctx_setadditionalfromauth(dns_c_ctx_t *cfg, + isc_boolean_t newval); +isc_result_t dns_c_ctx_unsetadditionalfromauth(dns_c_ctx_t *ctx); isc_result_t dns_c_ctx_unsettreatcrasspace(dns_c_ctx_t *cfg); diff --git a/lib/dns/include/dns/confview.h b/lib/dns/include/dns/confview.h index 306e66c591..8ee6010755 100644 --- a/lib/dns/include/dns/confview.h +++ b/lib/dns/include/dns/confview.h @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: confview.h,v 1.34 2000/07/27 09:47:44 tale Exp $ */ +/* $Id: confview.h,v 1.35 2000/07/31 21:07:06 explorer Exp $ */ #ifndef DNS_CONFVIEW_H #define DNS_CONFVIEW_H 1 @@ -124,8 +124,8 @@ struct dns_c_view { isc_boolean_t *fetch_glue; isc_boolean_t *notify; isc_boolean_t *rfc2308_type1; - isc_boolean_t *glue_from_auth; - isc_boolean_t *glue_from_cache; + isc_boolean_t *additional_from_auth; + isc_boolean_t *additional_from_cache; isc_sockaddr_t *query_source; isc_sockaddr_t *query_source_v6; @@ -351,18 +351,18 @@ isc_result_t dns_c_view_setrfc2308type1(dns_c_view_t *view, isc_result_t dns_c_view_unsetrfc2308type1(dns_c_view_t *view); -isc_result_t dns_c_view_getgluefromauth(dns_c_view_t *view, - isc_boolean_t *retval); -isc_result_t dns_c_view_setgluefromauth(dns_c_view_t *view, - isc_boolean_t newval); -isc_result_t dns_c_view_unsetgluefromauth(dns_c_view_t *view); +isc_result_t dns_c_view_getadditionalfromauth(dns_c_view_t *view, + isc_boolean_t *retval); +isc_result_t dns_c_view_setadditionalfromauth(dns_c_view_t *view, + isc_boolean_t newval); +isc_result_t dns_c_view_unsetadditionalfromauth(dns_c_view_t *view); -isc_result_t dns_c_view_getgluefromcache(dns_c_view_t *view, - isc_boolean_t *retval); -isc_result_t dns_c_view_setgluefromcache(dns_c_view_t *view, - isc_boolean_t newval); -isc_result_t dns_c_view_unsetgluefromcache(dns_c_view_t *view); +isc_result_t dns_c_view_getadditionalfromcache(dns_c_view_t *view, + isc_boolean_t *retval); +isc_result_t dns_c_view_setadditionalfromcache(dns_c_view_t *view, + isc_boolean_t newval); +isc_result_t dns_c_view_unsetadditionalfromcache(dns_c_view_t *view); diff --git a/lib/dns/include/dns/view.h b/lib/dns/include/dns/view.h index 05daeeaecb..01bfd76cb6 100644 --- a/lib/dns/include/dns/view.h +++ b/lib/dns/include/dns/view.h @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: view.h,v 1.45 2000/07/27 09:48:38 tale Exp $ */ +/* $Id: view.h,v 1.46 2000/07/31 21:07:07 explorer Exp $ */ #ifndef DNS_VIEW_H #define DNS_VIEW_H 1 @@ -100,6 +100,8 @@ struct dns_view { dns_peerlist_t * peers; isc_boolean_t recursion; isc_boolean_t auth_nxdomain; + isc_boolean_t additionalfromcache; + isc_boolean_t additionalfromauth; dns_transfer_format_t transfer_format; dns_acl_t * queryacl; dns_acl_t * recursionacl; diff --git a/lib/dns/view.c b/lib/dns/view.c index ec4f041552..7658208e53 100644 --- a/lib/dns/view.c +++ b/lib/dns/view.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: view.c,v 1.72 2000/07/27 09:46:49 tale Exp $ */ +/* $Id: view.c,v 1.73 2000/07/31 21:06:59 explorer Exp $ */ #include @@ -139,6 +139,8 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass, */ view->recursion = ISC_TRUE; view->auth_nxdomain = ISC_FALSE; /* Was true in BIND 8 */ + view->additionalfromcache = ISC_TRUE; + view->additionalfromauth = ISC_TRUE; view->transfer_format = dns_one_answer; view->queryacl = NULL; view->recursionacl = NULL;