From fd0bc40a2580299d20ae212d89bda13862d78b3a Mon Sep 17 00:00:00 2001 From: Andreas Gustafsson Date: Tue, 15 Feb 2000 19:53:05 +0000 Subject: [PATCH] IP addresses in ACLs are now represented as isc_netaddr_t, not isc_sockaddr_t --- bin/named/aclconf.c | 3 ++- bin/named/interfacemgr.c | 28 +++++++++++++++------------- lib/dns/acl.c | 17 ++++++++++------- lib/dns/aclconf.c | 3 ++- lib/dns/include/dns/acl.h | 6 +++--- 5 files changed, 32 insertions(+), 25 deletions(-) diff --git a/bin/named/aclconf.c b/bin/named/aclconf.c index 2bbdd0dabf..e31bd6c6d7 100644 --- a/bin/named/aclconf.c +++ b/bin/named/aclconf.c @@ -137,7 +137,8 @@ dns_acl_fromconfig(dns_c_ipmatchlist_t *caml, switch (ce->type) { case dns_c_ipmatch_pattern: de->type = dns_aclelementtype_ipprefix; - de->u.ip_prefix.address = ce->u.direct.address; + isc_netaddr_fromsockaddr(&de->u.ip_prefix.address, + &ce->u.direct.address); /* XXX "mask" is a misnomer */ de->u.ip_prefix.prefixlen = ce->u.direct.mask; break; diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c index ac3304d015..edb6bc55ef 100644 --- a/bin/named/interfacemgr.c +++ b/bin/named/interfacemgr.c @@ -521,8 +521,7 @@ do_ipv4(ns_interfacemgr_t *mgr) { goto ignore_interface; elt.type = dns_aclelementtype_ipprefix; elt.negative = ISC_FALSE; - isc_sockaddr_fromnetaddr(&elt.u.ip_prefix.address, - &interface.address, 0); /* XXX */ + elt.u.ip_prefix.address = interface.address; elt.u.ip_prefix.prefixlen = prefixlen; /* XXX suppress duplicates */ result = dns_acl_appendelement(mgr->aclenv.localnets, &elt); @@ -538,7 +537,8 @@ do_ipv4(ns_interfacemgr_t *mgr) { le = ISC_LIST_NEXT(le, link)) { int match; - isc_sockaddr_t listen_addr; + isc_netaddr_t listen_netaddr; + isc_sockaddr_t listen_sockaddr; char buf[128]; const char *addrstr; @@ -546,15 +546,17 @@ do_ipv4(ns_interfacemgr_t *mgr) { * Construct a socket address for this IP/port * combination. */ - isc_sockaddr_fromin(&listen_addr, - &interface.address.type.in, - le->port); + isc_netaddr_fromin(&listen_netaddr, + &interface.address.type.in); + isc_sockaddr_fromnetaddr(&listen_sockaddr, + &listen_netaddr, + le->port); /* * Construct a human-readable version of same. */ - addrstr = inet_ntop(listen_addr.type.sin.sin_family, - &listen_addr.type.sin.sin_addr, + addrstr = inet_ntop(listen_netaddr.family, + &listen_netaddr.type, buf, sizeof(buf)); if (addrstr == NULL) addrstr = "(bad address)"; @@ -563,13 +565,13 @@ do_ipv4(ns_interfacemgr_t *mgr) { * See if the address matches the listen-on statement; * if not, ignore the interface. */ - result = dns_acl_match(&listen_addr, NULL, + result = dns_acl_match(&listen_netaddr, NULL, le->acl, &mgr->aclenv, &match, NULL); if (match <= 0) continue; - ifp = find_matching_interface(mgr, &listen_addr); + ifp = find_matching_interface(mgr, &listen_sockaddr); if (ifp != NULL) { ifp->generation = mgr->generation; } else { @@ -578,11 +580,11 @@ do_ipv4(ns_interfacemgr_t *mgr) { "listening on IPv4 interface " "%s, %s port %u", interface.name, addrstr, - ntohs(listen_addr.type. - sin.sin_port)); + le->port); result = ns_interface_setup(mgr, - &listen_addr, &ifp); + &listen_sockaddr, + &ifp); if (result != DNS_R_SUCCESS) { isc_log_write(IFMGR_COMMON_LOGARGS, ISC_LOG_ERROR, diff --git a/lib/dns/acl.c b/lib/dns/acl.c index c6a882ac9d..3eb84eb547 100644 --- a/lib/dns/acl.c +++ b/lib/dns/acl.c @@ -137,6 +137,7 @@ dns_acl_checkrequest(dns_name_t *signer, isc_sockaddr_t *reqaddr, { isc_result_t result; int match; + isc_netaddr_t netaddr; dns_acl_t *acl = NULL; if (main_acl != NULL) @@ -148,7 +149,9 @@ dns_acl_checkrequest(dns_name_t *signer, isc_sockaddr_t *reqaddr, else goto deny; - result = dns_acl_match(reqaddr, signer, acl, env, + isc_netaddr_fromsockaddr(&netaddr, reqaddr); + + result = dns_acl_match(&netaddr, signer, acl, env, &match, NULL); if (result != DNS_R_SUCCESS) goto deny; /* Internal error, already logged. */ @@ -170,7 +173,7 @@ dns_acl_checkrequest(dns_name_t *signer, isc_sockaddr_t *reqaddr, } isc_result_t -dns_acl_match(isc_sockaddr_t *reqaddr, +dns_acl_match(isc_netaddr_t *reqaddr, dns_name_t *reqsigner, dns_acl_t *acl, dns_aclenv_t *env, @@ -189,9 +192,9 @@ dns_acl_match(isc_sockaddr_t *reqaddr, switch (e->type) { case dns_aclelementtype_ipprefix: - if (isc_sockaddr_eqaddrprefix(reqaddr, - &e->u.ip_prefix.address, - e->u.ip_prefix.prefixlen)) + if (isc_netaddr_eqprefix(reqaddr, + &e->u.ip_prefix.address, + e->u.ip_prefix.prefixlen)) goto matched; break; @@ -315,8 +318,8 @@ dns_aclelement_equal(dns_aclelement_t *ea, dns_aclelement_t *eb) if (ea->u.ip_prefix.prefixlen != eb->u.ip_prefix.prefixlen) return (ISC_FALSE); - return (isc_sockaddr_equal(&ea->u.ip_prefix.address, - &eb->u.ip_prefix.address)); + return (isc_netaddr_equal(&ea->u.ip_prefix.address, + &eb->u.ip_prefix.address)); case dns_aclelementtype_keyname: return (dns_name_equal(&ea->u.keyname, &eb->u.keyname)); case dns_aclelementtype_nestedacl: diff --git a/lib/dns/aclconf.c b/lib/dns/aclconf.c index 2bbdd0dabf..e31bd6c6d7 100644 --- a/lib/dns/aclconf.c +++ b/lib/dns/aclconf.c @@ -137,7 +137,8 @@ dns_acl_fromconfig(dns_c_ipmatchlist_t *caml, switch (ce->type) { case dns_c_ipmatch_pattern: de->type = dns_aclelementtype_ipprefix; - de->u.ip_prefix.address = ce->u.direct.address; + isc_netaddr_fromsockaddr(&de->u.ip_prefix.address, + &ce->u.direct.address); /* XXX "mask" is a misnomer */ de->u.ip_prefix.prefixlen = ce->u.direct.mask; break; diff --git a/lib/dns/include/dns/acl.h b/lib/dns/include/dns/acl.h index 97adfc3155..03c7fdb997 100644 --- a/lib/dns/include/dns/acl.h +++ b/lib/dns/include/dns/acl.h @@ -32,7 +32,7 @@ #include #include -#include +#include /*** *** Types @@ -52,7 +52,7 @@ struct dns_aclelement { isc_boolean_t negative; union { struct { - isc_sockaddr_t address; /* IP4/IP6 */ + isc_netaddr_t address; /* IP4/IP6 */ unsigned int prefixlen; } ip_prefix; dns_name_t keyname; @@ -160,7 +160,7 @@ dns_acl_checkrequest(dns_name_t *signer, isc_sockaddr_t *reqaddr, */ isc_result_t -dns_acl_match(isc_sockaddr_t *reqaddr, +dns_acl_match(isc_netaddr_t *reqaddr, dns_name_t *reqsigner, dns_acl_t *acl, dns_aclenv_t *env,