From 7693d4de8fca501dfe6989a7f30d8d3c86fe096a Mon Sep 17 00:00:00 2001 From: Andreas Gustafsson Date: Thu, 13 Jan 2000 23:38:55 +0000 Subject: [PATCH] added dns_acl_any(), dns_acl_none() --- bin/named/aclconf.c | 27 +++------------- lib/dns/acl.c | 66 ++++++++++++++++++++++++++++++++++++++- lib/dns/aclconf.c | 27 +++------------- lib/dns/include/dns/acl.h | 17 ++++++++++ 4 files changed, 90 insertions(+), 47 deletions(-) diff --git a/bin/named/aclconf.c b/bin/named/aclconf.c index 76f8ec7b6f..f36c22cab6 100644 --- a/bin/named/aclconf.c +++ b/bin/named/aclconf.c @@ -101,7 +101,7 @@ convert_keyname(char *txtname, isc_mem_t *mctx, dns_name_t *dnsname) { } return (dns_name_dup(dns_fixedname_name(&fixname), mctx, dnsname)); } - + isc_result_t dns_acl_fromconfig(dns_c_ipmatchlist_t *caml, dns_c_ctx_t *cctx, @@ -123,27 +123,9 @@ dns_acl_fromconfig(dns_c_ipmatchlist_t *caml, ce = ISC_LIST_NEXT(ce, next)) count++; - dacl = isc_mem_get(mctx, sizeof(*dacl)); - if (dacl == NULL) - return (ISC_R_NOMEMORY); - dacl->mctx = mctx; - dacl->name = NULL; - dacl->refcount = 1; - dacl->elements = NULL; - dacl->alloc = 0; - dacl->length = 0; - - ISC_LINK_INIT(dacl, nextincache); - /* Must set magic early because we use dns_acl_detach() to clean up. */ - dacl->magic = DNS_ACL_MAGIC; - - dacl->elements = isc_mem_get(mctx, count * sizeof(dns_aclelement_t)); - if (dacl->elements == NULL) { - result = ISC_R_NOMEMORY; - goto cleanup; - } - dacl->alloc = count; - memset(dacl->elements, 0, count * sizeof(dns_aclelement_t)); + result = dns_acl_create(mctx, count, &dacl); + if (result != ISC_R_SUCCESS) + return (result); de = dacl->elements; for (ce = ISC_LIST_HEAD(caml->elements); @@ -204,4 +186,3 @@ dns_acl_fromconfig(dns_c_ipmatchlist_t *caml, dns_acl_detach(&dacl); return (result); } - diff --git a/lib/dns/acl.c b/lib/dns/acl.c index 951ab8e6e4..8988fe95a2 100644 --- a/lib/dns/acl.c +++ b/lib/dns/acl.c @@ -27,6 +27,69 @@ #include #include +/* + * Create a new ACL with 'n' uninitialized elements. + */ +isc_result_t +dns_acl_create(isc_mem_t *mctx, int n, dns_acl_t **target) +{ + isc_result_t result; + dns_acl_t *acl; + + acl = isc_mem_get(mctx, sizeof(*acl)); + if (acl == NULL) + return (ISC_R_NOMEMORY); + acl->mctx = mctx; + acl->name = NULL; + acl->refcount = 1; + acl->elements = NULL; + acl->alloc = 0; + acl->length = 0; + + ISC_LINK_INIT(acl, nextincache); + /* Must set magic early because we use dns_acl_detach() to clean up. */ + acl->magic = DNS_ACL_MAGIC; + + acl->elements = isc_mem_get(mctx, n * sizeof(dns_aclelement_t)); + if (acl->elements == NULL) { + result = ISC_R_NOMEMORY; + goto cleanup; + } + acl->alloc = n; + memset(acl->elements, 0, n * sizeof(dns_aclelement_t)); + *target = acl; + return (ISC_R_SUCCESS); + + cleanup: + dns_acl_detach(&acl); + return (result); +} + +static isc_result_t +dns_acl_anyornone(isc_mem_t *mctx, isc_boolean_t neg, dns_acl_t **target) +{ + isc_result_t result; + dns_acl_t *acl = NULL; + result = dns_acl_create(mctx, 1, &acl); + if (result != ISC_R_SUCCESS) + return (result); + acl->elements[0].negative = neg; + acl->elements[0].type = dns_aclelementtype_any; + acl->length = 1; + *target = acl; + return (result); +} + +isc_result_t +dns_acl_any(isc_mem_t *mctx, dns_acl_t **target) { + return (dns_acl_anyornone(mctx, ISC_FALSE, target)); +} + +isc_result_t +dns_acl_none(isc_mem_t *mctx, dns_acl_t **target) { + return (dns_acl_anyornone(mctx, ISC_TRUE, target)); +} + isc_result_t dns_acl_checkrequest(dns_name_t *signer, isc_sockaddr_t *reqaddr, const char *opname, @@ -121,6 +184,7 @@ dns_acl_match(isc_sockaddr_t *reqaddr, *matchelt = NULL; break; + case dns_aclelementtype_any: matched: *match = e->negative ? -(i+1) : (i+1); if (matchelt != NULL) @@ -202,6 +266,7 @@ dns_aclelement_equal(dns_aclelement_t *ea, dns_aclelement_t *eb) return (dns_acl_equal(ea->u.nestedacl, eb->u.nestedacl)); case dns_aclelementtype_localhost: case dns_aclelementtype_localnets: + case dns_aclelementtype_any: return (ISC_TRUE); default: INSIST(0); @@ -209,7 +274,6 @@ dns_aclelement_equal(dns_aclelement_t *ea, dns_aclelement_t *eb) } } - isc_boolean_t dns_acl_equal(dns_acl_t *a, dns_acl_t *b) { unsigned int i; diff --git a/lib/dns/aclconf.c b/lib/dns/aclconf.c index 76f8ec7b6f..f36c22cab6 100644 --- a/lib/dns/aclconf.c +++ b/lib/dns/aclconf.c @@ -101,7 +101,7 @@ convert_keyname(char *txtname, isc_mem_t *mctx, dns_name_t *dnsname) { } return (dns_name_dup(dns_fixedname_name(&fixname), mctx, dnsname)); } - + isc_result_t dns_acl_fromconfig(dns_c_ipmatchlist_t *caml, dns_c_ctx_t *cctx, @@ -123,27 +123,9 @@ dns_acl_fromconfig(dns_c_ipmatchlist_t *caml, ce = ISC_LIST_NEXT(ce, next)) count++; - dacl = isc_mem_get(mctx, sizeof(*dacl)); - if (dacl == NULL) - return (ISC_R_NOMEMORY); - dacl->mctx = mctx; - dacl->name = NULL; - dacl->refcount = 1; - dacl->elements = NULL; - dacl->alloc = 0; - dacl->length = 0; - - ISC_LINK_INIT(dacl, nextincache); - /* Must set magic early because we use dns_acl_detach() to clean up. */ - dacl->magic = DNS_ACL_MAGIC; - - dacl->elements = isc_mem_get(mctx, count * sizeof(dns_aclelement_t)); - if (dacl->elements == NULL) { - result = ISC_R_NOMEMORY; - goto cleanup; - } - dacl->alloc = count; - memset(dacl->elements, 0, count * sizeof(dns_aclelement_t)); + result = dns_acl_create(mctx, count, &dacl); + if (result != ISC_R_SUCCESS) + return (result); de = dacl->elements; for (ce = ISC_LIST_HEAD(caml->elements); @@ -204,4 +186,3 @@ dns_acl_fromconfig(dns_c_ipmatchlist_t *caml, dns_acl_detach(&dacl); return (result); } - diff --git a/lib/dns/include/dns/acl.h b/lib/dns/include/dns/acl.h index e7bca104a1..ad96f9effb 100644 --- a/lib/dns/include/dns/acl.h +++ b/lib/dns/include/dns/acl.h @@ -44,6 +44,7 @@ typedef enum { dns_aclelementtype_nestedacl, dns_aclelementtype_localhost, dns_aclelementtype_localnets, + dns_aclelementtype_any } dns_aclelemettype_t; struct dns_aclelement { @@ -79,6 +80,22 @@ struct dns_acl { ISC_LANG_BEGINDECLS +isc_result_t dns_acl_create(isc_mem_t *mctx, int n, dns_acl_t **target); +/* + * Create a new ACL with place for 'n' elements. + * The elements are uninitialized and the length is 0. + */ + +isc_result_t dns_acl_any(isc_mem_t *mctx, dns_acl_t **target); +/* + * Create a new ACL that matches everything. + */ + +isc_result_t dns_acl_none(isc_mem_t *mctx, dns_acl_t **target); +/* + * Create a new ACL that matches nothing. + */ + void dns_acl_attach(dns_acl_t *source, dns_acl_t **target); void dns_acl_detach(dns_acl_t **aclp);