From: Evan Hunt Date: Wed, 12 Jun 2019 01:36:52 +0000 (-0700) Subject: add HAVE_GEOIP2 #ifdef branches, without implementing yet X-Git-Tag: v9.11.9~7^2~5 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=a553ac45ed0bebd89395a39ba88ce209a87070d2;p=thirdparty%2Fbind9.git add HAVE_GEOIP2 #ifdef branches, without implementing yet (cherry picked from commit fe46d5bc3413a0599e5cd03c56d23ac0a8c03d18) (cherry picked from commit 7fc92bee0c526c5c5fcea762584e3d91f69c6b64) --- diff --git a/bin/named/config.c b/bin/named/config.c index 323231c1bfa..1d6e9d4b1ea 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -170,7 +170,7 @@ options {\n\ filter-aaaa-on-v6 no;\n\ filter-aaaa { any; };\n" #endif -#ifdef HAVE_GEOIP +#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2) " geoip-use-ecs yes;\n" #endif " lame-ttl 600;\n" diff --git a/bin/named/geoip.c b/bin/named/geoip.c index 5bc504ef5d1..f29de0112ab 100644 --- a/bin/named/geoip.c +++ b/bin/named/geoip.c @@ -26,7 +26,7 @@ static dns_geoip_databases_t geoip_table = { }; static void -init_geoip_db(GeoIP **dbp, GeoIPDBTypes edition, GeoIPDBTypes fallback, +init_geoip_db(void **dbp, GeoIPDBTypes edition, GeoIPDBTypes fallback, GeoIPOptions method, const char *name) { char *info; @@ -34,7 +34,7 @@ init_geoip_db(GeoIP **dbp, GeoIPDBTypes edition, GeoIPDBTypes fallback, REQUIRE(dbp != NULL); - db = *dbp; + db = (GeoIP *)*dbp; if (db != NULL) { GeoIP_delete(db); @@ -81,23 +81,22 @@ init_geoip_db(GeoIP **dbp, GeoIPDBTypes edition, GeoIPDBTypes fallback, void ns_geoip_init(void) { -#ifndef HAVE_GEOIP - return; -#else +#if defined(HAVE_GEOIP2) + /* TODO GEOIP2 */ +#elif defined(HAVE_GEOIP) GeoIP_cleanup(); if (ns_g_geoip == NULL) ns_g_geoip = &geoip_table; +#else + return; #endif } void ns_geoip_load(char *dir) { -#ifndef HAVE_GEOIP - - UNUSED(dir); - - return; -#else +#if defined(HAVE_GEOIP2) + /* TODO GEOIP2 */ +#elif defined(HAVE_GEOIP) GeoIPOptions method; #ifdef _WIN32 @@ -141,5 +140,9 @@ ns_geoip_load(char *dir) { method, "Domain"); init_geoip_db(&ns_g_geoip->netspeed, GEOIP_NETSPEED_EDITION, 0, method, "NetSpeed"); -#endif /* HAVE_GEOIP */ +#else + UNUSED(dir); + + return; +#endif } diff --git a/bin/named/include/named/globals.h b/bin/named/include/named/globals.h index 5b605a041c9..eda2214363e 100644 --- a/bin/named/include/named/globals.h +++ b/bin/named/include/named/globals.h @@ -188,7 +188,7 @@ EXTERN unsigned int ns_g_tat_interval INIT(24*3600); EXTERN bool ns_g_fixedlocal INIT(false); EXTERN bool ns_g_sigvalinsecs INIT(false); -#ifdef HAVE_GEOIP +#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2) EXTERN dns_geoip_databases_t *ns_g_geoip INIT(NULL); #endif diff --git a/bin/named/interfacemgr.c b/bin/named/interfacemgr.c index 135533be6be..9bd1f936c06 100644 --- a/bin/named/interfacemgr.c +++ b/bin/named/interfacemgr.c @@ -211,7 +211,7 @@ ns_interfacemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr, result = dns_aclenv_init(mctx, &mgr->aclenv); if (result != ISC_R_SUCCESS) goto cleanup_listenon; -#ifdef HAVE_GEOIP +#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2) mgr->aclenv.geoip = ns_g_geoip; #endif diff --git a/bin/named/server.c b/bin/named/server.c index 0abbbed5313..242d61eae1e 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -105,9 +105,9 @@ #include #include #include -#ifdef HAVE_GEOIP +#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2) #include -#endif /* HAVE_GEOIP */ +#endif /* HAVE_GEOIP || HAVE_GEOIP2 */ #include #include #include @@ -7631,7 +7631,7 @@ load_configuration(const char *filename, ns_server_t *server, } isc__socketmgr_setreserved(ns_g_socketmgr, reserved); -#ifdef HAVE_GEOIP +#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2) /* * Initialize GeoIP databases from the configured location. * This should happen before configuring any ACLs, so that we @@ -7653,7 +7653,7 @@ load_configuration(const char *filename, ns_server_t *server, result = ns_config_get(maps, "geoip-use-ecs", &obj); INSIST(result == ISC_R_SUCCESS); ns_g_server->aclenv.geoip_use_ecs = cfg_obj_asboolean(obj); -#endif /* HAVE_GEOIP */ +#endif /* HAVE_GEOIP || HAVE_GEOIP2 */ /* * Configure various server options. @@ -8960,9 +8960,9 @@ shutdown_server(isc_task_t *task, isc_event_t *event) { #ifdef HAVE_DNSTAP dns_dt_shutdown(); #endif -#ifdef HAVE_GEOIP +#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2) dns_geoip_shutdown(); -#endif +#endif /* HAVE_GEOIP || HAVE_GEOIP2 */ dns_db_detach(&server->in_roothints); @@ -8995,7 +8995,7 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp) { result = dns_aclenv_init(mctx, &server->aclenv); RUNTIME_CHECK(result == ISC_R_SUCCESS); -#ifdef HAVE_GEOIP +#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2) /* Initialize GeoIP before using ACL environment */ ns_geoip_init(); server->aclenv.geoip = ns_g_geoip; diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c index 3ac34e83d14..826d8f0c4c1 100644 --- a/bin/tests/system/feature-test.c +++ b/bin/tests/system/feature-test.c @@ -129,6 +129,14 @@ main(int argc, char **argv) { #endif } + if (strcmp(argv[1], "--have-geoip2") == 0) { +#ifdef HAVE_GEOIP2 + return (0); +#else + return (1); +#endif + } + if (strcmp(argv[1], "--have-libxml2") == 0) { #ifdef HAVE_LIBXML2 return (0); diff --git a/lib/dns/acl.c b/lib/dns/acl.c index e8911946b9a..0c82b4069aa 100644 --- a/lib/dns/acl.c +++ b/lib/dns/acl.c @@ -389,7 +389,7 @@ dns_acl_merge(dns_acl_t *dest, dns_acl_t *source, bool pos) return result; } -#ifdef HAVE_GEOIP +#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2) /* Duplicate GeoIP data */ if (source->elements[i].type == dns_aclelementtype_geoip) { dest->elements[nelem + i].geoip_elem = @@ -485,7 +485,7 @@ dns_aclelement_match2(const isc_netaddr_t *reqaddr, inner = env->localnets; break; -#ifdef HAVE_GEOIP +#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2) case dns_aclelementtype_geoip: if (env == NULL || env->geoip == NULL) return (false); @@ -665,7 +665,7 @@ dns_acl_isinsecure(const dns_acl_t *a) { return (true); continue; -#ifdef HAVE_GEOIP +#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2) case dns_aclelementtype_geoip: #endif case dns_aclelementtype_localnets: @@ -697,7 +697,7 @@ dns_aclenv_init(isc_mem_t *mctx, dns_aclenv_t *env) { if (result != ISC_R_SUCCESS) goto cleanup_localhost; env->match_mapped = false; -#ifdef HAVE_GEOIP +#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2) env->geoip = NULL; env->geoip_use_ecs = false; #endif @@ -716,8 +716,9 @@ dns_aclenv_copy(dns_aclenv_t *t, dns_aclenv_t *s) { dns_acl_detach(&t->localnets); dns_acl_attach(s->localnets, &t->localnets); t->match_mapped = s->match_mapped; -#ifdef HAVE_GEOIP +#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2) t->geoip_use_ecs = s->geoip_use_ecs; + t->geoip = s->geoip; #endif } diff --git a/lib/dns/include/dns/acl.h b/lib/dns/include/dns/acl.h index c8a783361c8..8091cc15598 100644 --- a/lib/dns/include/dns/acl.h +++ b/lib/dns/include/dns/acl.h @@ -9,8 +9,6 @@ * information regarding copyright ownership. */ -/* $Id: acl.h,v 1.35 2011/06/17 23:47:49 tbox Exp $ */ - #ifndef DNS_ACL_H #define DNS_ACL_H 1 @@ -34,14 +32,16 @@ #include #include -#ifdef HAVE_GEOIP +#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2) #include #endif #include #include #include -#ifdef HAVE_GEOIP +#if defined(HAVE_GEOIP2) +#include +#elif defined(HAVE_GEOIP) #include #endif @@ -55,9 +55,9 @@ typedef enum { dns_aclelementtype_nestedacl, dns_aclelementtype_localhost, dns_aclelementtype_localnets, -#ifdef HAVE_GEOIP +#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2) dns_aclelementtype_geoip, -#endif /* HAVE_GEOIP */ +#endif /* HAVE_GEOIP || HAVE_GEOIP2 */ dns_aclelementtype_any } dns_aclelementtype_t; @@ -72,9 +72,9 @@ struct dns_aclelement { dns_aclelementtype_t type; bool negative; dns_name_t keyname; -#ifdef HAVE_GEOIP +#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2) dns_geoip_elem_t geoip_elem; -#endif /* HAVE_GEOIP */ +#endif /* HAVE_GEOIP || HAVE_GEOIP2 */ dns_acl_t *nestedacl; int node_num; }; @@ -97,7 +97,7 @@ struct dns_aclenv { dns_acl_t *localhost; dns_acl_t *localnets; bool match_mapped; -#ifdef HAVE_GEOIP +#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2) dns_geoip_databases_t *geoip; bool geoip_use_ecs; #endif diff --git a/lib/dns/include/dns/geoip.h b/lib/dns/include/dns/geoip.h index d9028e5f6f4..fc0fc094fbd 100644 --- a/lib/dns/include/dns/geoip.h +++ b/lib/dns/include/dns/geoip.h @@ -35,12 +35,6 @@ #include #include -#ifdef HAVE_GEOIP -#include -#else -typedef void GeoIP; -#endif - /*** *** Types ***/ @@ -77,7 +71,7 @@ typedef enum { typedef struct dns_geoip_elem { dns_geoip_subtype_t subtype; - GeoIP *db; + void *db; union { char as_string[256]; int as_int; @@ -85,16 +79,24 @@ typedef struct dns_geoip_elem { } dns_geoip_elem_t; typedef struct dns_geoip_databases { - GeoIP *country_v4; /* DB 1 */ - GeoIP *city_v4; /* DB 2 or 6 */ - GeoIP *region; /* DB 3 or 7 */ - GeoIP *isp; /* DB 4 */ - GeoIP *org; /* DB 5 */ - GeoIP *as; /* DB 9 */ - GeoIP *netspeed; /* DB 10 */ - GeoIP *domain; /* DB 11 */ - GeoIP *country_v6; /* DB 12 */ - GeoIP *city_v6; /* DB 30 or 31 */ +#if defined(HAVE_GEOIP2) + void *country; /* GeoIP2-Country or GeoLite2-Country */ + void *city; /* GeoIP2-CIty or GeoLite2-City */ + void *domain; /* GeoIP2-Domain */ + void *isp; /* GeoIP2-ISP */ + void *as; /* GeoIP2-ASN or GeoLite2-ASN */ +#elif defined(HAVE_GEOIP) + void *country_v4; /* DB 1 */ + void *city_v4; /* DB 2 or 6 */ + void *region; /* DB 3 or 7 */ + void *isp; /* DB 4 */ + void *org; /* DB 5 */ + void *as; /* DB 9 */ + void *netspeed; /* DB 10 */ + void *domain; /* DB 11 */ + void *country_v6; /* DB 12 */ + void *city_v6; /* DB 30 or 31 */ +#endif } dns_geoip_databases_t; /*** diff --git a/lib/dns/tests/acl_test.c b/lib/dns/tests/acl_test.c index 554991f0c5a..3b6c338b2a7 100644 --- a/lib/dns/tests/acl_test.c +++ b/lib/dns/tests/acl_test.c @@ -78,11 +78,11 @@ dns_acl_isinsecure_test(void **state) { dns_acl_t *none = NULL; dns_acl_t *notnone = NULL; dns_acl_t *notany = NULL; -#ifdef HAVE_GEOIP +#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2) dns_acl_t *geoip = NULL; dns_acl_t *notgeoip = NULL; dns_aclelement_t *de; -#endif +#endif /* HAVE_GEOIP || HAVE_GEOIP2 */ dns_acl_t *pos4pos6 = NULL; dns_acl_t *notpos4pos6 = NULL; dns_acl_t *neg4pos6 = NULL; @@ -126,7 +126,7 @@ dns_acl_isinsecure_test(void **state) { result = dns_acl_merge(notany, any, false); assert_int_equal(result, ISC_R_SUCCESS); -#ifdef HAVE_GEOIP +#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2) result = dns_acl_create(mctx, 1, &geoip); assert_int_equal(result, ISC_R_SUCCESS); @@ -147,26 +147,26 @@ dns_acl_isinsecure_test(void **state) { result = dns_acl_merge(notgeoip, geoip, false); assert_int_equal(result, ISC_R_SUCCESS); -#endif +#endif /* HAVE_GEOIP || HAVE_GEOIP2 */ assert_true(dns_acl_isinsecure(any)); /* any; */ assert_false(dns_acl_isinsecure(none)); /* none; */ assert_false(dns_acl_isinsecure(notany)); /* !any; */ assert_false(dns_acl_isinsecure(notnone)); /* !none; */ -#ifdef HAVE_GEOIP +#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2) assert_true(dns_acl_isinsecure(geoip)); /* geoip; */ assert_false(dns_acl_isinsecure(notgeoip)); /* !geoip; */ -#endif +#endif /* HAVE_GEOIP || HAVE_GEOIP2 */ dns_acl_detach(&any); dns_acl_detach(&none); dns_acl_detach(¬any); dns_acl_detach(¬none); -#ifdef HAVE_GEOIP +#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2) dns_acl_detach(&geoip); dns_acl_detach(¬geoip); -#endif +#endif /* HAVE_GEOIP || HAVE_GEOIP2 */ for (pass = 0; pass < sizeof(ecs)/sizeof(ecs[0]); pass++) { result = dns_acl_create(mctx, 1, &pos4pos6); diff --git a/lib/dns/tests/geoip_test.c b/lib/dns/tests/geoip_test.c index 8938ff125e4..58469fc65d4 100644 --- a/lib/dns/tests/geoip_test.c +++ b/lib/dns/tests/geoip_test.c @@ -34,12 +34,19 @@ #include "dnstest.h" -#ifdef HAVE_GEOIP +#if defined(HAVE_GEOIP2) +#include + +/* TODO GEOIP2 */ +#define TEST_GEOIP_DATA "" +#elif defined(HAVE_GEOI2) #include /* We use GeoIP databases from the 'geoip' system test */ #define TEST_GEOIP_DATA "../../../bin/tests/system/geoip/data" +#endif +#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2) static int _setup(void **state) { isc_result_t result; @@ -60,7 +67,9 @@ _teardown(void **state) { return (0); } +#endif /* HAVE_GEOIP || HAVE_GEOIP2 */ +#ifdef HAVE_GEOIP /* * Helper functions * (Mostly copied from bin/named/geoip.c) @@ -70,14 +79,14 @@ static dns_geoip_databases_t geoip = { }; static void -init_geoip_db(GeoIP **dbp, GeoIPDBTypes edition, GeoIPDBTypes fallback, +init_geoip_db(void **dbp, GeoIPDBTypes edition, GeoIPDBTypes fallback, GeoIPOptions method, const char *name) { GeoIP *db; REQUIRE(dbp != NULL); - db = *dbp; + db = (GeoIP *)*dbp; if (db != NULL) { GeoIP_delete(db); @@ -580,7 +589,10 @@ netspeed(void **state) { int main(void) { -#ifdef HAVE_GEOIP +#if defined(HAVE_GEOIP2) + /* TODO GEOIP2 */ + print_message("1..0 # Skip geoip2 tests not complete\n"); +#elif defined(HAVE_GEOIP) const struct CMUnitTest tests[] = { cmocka_unit_test_setup_teardown(country, _setup, _teardown), cmocka_unit_test_setup_teardown(country_v6, _setup, _teardown), @@ -598,7 +610,7 @@ main(void) { return (cmocka_run_group_tests(tests, dns_test_init, dns_test_final)); #else print_message("1..0 # Skip geoip not enabled\n"); -#endif /* HAVE_GEOIP */ +#endif } #else /* HAVE_CMOCKA */ diff --git a/lib/isccfg/aclconf.c b/lib/isccfg/aclconf.c index e653c8b2813..deaa1c579c0 100644 --- a/lib/isccfg/aclconf.c +++ b/lib/isccfg/aclconf.c @@ -54,7 +54,7 @@ cfg_aclconfctx_create(isc_mem_t *mctx, cfg_aclconfctx_t **ret) { isc_mem_attach(mctx, &actx->mctx); ISC_LIST_INIT(actx->named_acl_cache); -#ifdef HAVE_GEOIP +#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2) actx->geoip = NULL; #endif @@ -118,7 +118,8 @@ get_acl_def(const cfg_obj_t *cctx, const char *name, const cfg_obj_t **ret) { elt != NULL; elt = cfg_list_next(elt)) { const cfg_obj_t *acl = cfg_listelt_value(elt); - const char *aclname = cfg_obj_asstring(cfg_tuple_get(acl, "name")); + const char *aclname = + cfg_obj_asstring(cfg_tuple_get(acl, "name")); if (strcasecmp(aclname, name) == 0) { if (ret != NULL) { *ret = cfg_tuple_get(acl, "value"); @@ -260,12 +261,12 @@ count_acl_elements(const cfg_obj_t *caml, const cfg_obj_t *cctx, n += sub; if (negative) n++; -#ifdef HAVE_GEOIP +#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2) } else if (cfg_obj_istuple(ce) && cfg_obj_isvoid(cfg_tuple_get(ce, "negated"))) { n++; -#endif /* HAVE_GEOIP */ +#endif /* HAVE_GEOIP || HAVE_GEOIP2 */ } else if (cfg_obj_isstring(ce)) { const char *name = cfg_obj_asstring(ce); if (strcasecmp(name, "localhost") == 0 || @@ -297,58 +298,64 @@ count_acl_elements(const cfg_obj_t *caml, const cfg_obj_t *cctx, return (ISC_R_SUCCESS); } -#ifdef HAVE_GEOIP +#if defined(HAVE_GEOIP) static dns_geoip_subtype_t get_subtype(const cfg_obj_t *obj, isc_log_t *lctx, dns_geoip_subtype_t subtype, const char *dbname) { - if (dbname == NULL) + if (dbname == NULL) { return (subtype); + } switch (subtype) { case dns_geoip_countrycode: - if (strcasecmp(dbname, "city") == 0) + if (strcasecmp(dbname, "city") == 0) { return (dns_geoip_city_countrycode); - else if (strcasecmp(dbname, "region") == 0) + } else if (strcasecmp(dbname, "region") == 0) { return (dns_geoip_region_countrycode); - else if (strcasecmp(dbname, "country") == 0) + } else if (strcasecmp(dbname, "country") == 0) { return (dns_geoip_country_code); + } cfg_obj_log(obj, lctx, ISC_LOG_ERROR, "invalid GeoIP DB specified for " "country search: ignored"); return (subtype); case dns_geoip_countrycode3: - if (strcasecmp(dbname, "city") == 0) + if (strcasecmp(dbname, "city") == 0) { return (dns_geoip_city_countrycode3); - else if (strcasecmp(dbname, "country") == 0) + } else if (strcasecmp(dbname, "country") == 0) { return (dns_geoip_country_code3); + } cfg_obj_log(obj, lctx, ISC_LOG_ERROR, "invalid GeoIP DB specified for " "country search: ignored"); return (subtype); case dns_geoip_countryname: - if (strcasecmp(dbname, "city") == 0) + if (strcasecmp(dbname, "city") == 0) { return (dns_geoip_city_countryname); - else if (strcasecmp(dbname, "country") == 0) + } else if (strcasecmp(dbname, "country") == 0) { return (dns_geoip_country_name); + } cfg_obj_log(obj, lctx, ISC_LOG_ERROR, "invalid GeoIP DB specified for " "country search: ignored"); return (subtype); case dns_geoip_region: - if (strcasecmp(dbname, "city") == 0) + if (strcasecmp(dbname, "city") == 0) { return (dns_geoip_city_region); - else if (strcasecmp(dbname, "region") == 0) + } else if (strcasecmp(dbname, "region") == 0) { return (dns_geoip_region_code); + } cfg_obj_log(obj, lctx, ISC_LOG_ERROR, "invalid GeoIP DB specified for " "region search: ignored"); return (subtype); case dns_geoip_regionname: - if (strcasecmp(dbname, "city") == 0) + if (strcasecmp(dbname, "city") == 0) { return (dns_geoip_city_region); - else if (strcasecmp(dbname, "region") == 0) + } else if (strcasecmp(dbname, "region") == 0) { return (dns_geoip_region_name); + } cfg_obj_log(obj, lctx, ISC_LOG_ERROR, "invalid GeoIP DB specified for " "region search: ignored"); @@ -364,40 +371,46 @@ get_subtype(const cfg_obj_t *obj, isc_log_t *lctx, case dns_geoip_city_areacode: case dns_geoip_city_continentcode: case dns_geoip_city_timezonecode: - if (strcasecmp(dbname, "city") != 0) + if (strcasecmp(dbname, "city") != 0) { cfg_obj_log(obj, lctx, ISC_LOG_WARNING, "invalid GeoIP DB specified for " "a 'city'-only search type: ignoring"); + } return (subtype); case dns_geoip_isp_name: - if (strcasecmp(dbname, "isp") != 0) + if (strcasecmp(dbname, "isp") != 0) { cfg_obj_log(obj, lctx, ISC_LOG_WARNING, "invalid GeoIP DB specified for " "an 'isp' search: ignoring"); + } return (subtype); case dns_geoip_org_name: - if (strcasecmp(dbname, "org") != 0) + if (strcasecmp(dbname, "org") != 0) { cfg_obj_log(obj, lctx, ISC_LOG_WARNING, "invalid GeoIP DB specified for " "an 'org' search: ignoring"); + } return (subtype); case dns_geoip_as_asnum: - if (strcasecmp(dbname, "asnum") != 0) + if (strcasecmp(dbname, "asnum") != 0) { cfg_obj_log(obj, lctx, ISC_LOG_WARNING, "invalid GeoIP DB specified for " "an 'asnum' search: ignoring"); + } return (subtype); case dns_geoip_domain_name: - if (strcasecmp(dbname, "domain") != 0) + if (strcasecmp(dbname, "domain") != 0) { cfg_obj_log(obj, lctx, ISC_LOG_WARNING, "invalid GeoIP DB specified for " "a 'domain' search: ignoring"); + } return (subtype); case dns_geoip_netspeed_id: - if (strcasecmp(dbname, "netspeed") != 0) + if (strcasecmp(dbname, "netspeed") != 0) { cfg_obj_log(obj, lctx, ISC_LOG_WARNING, "invalid GeoIP DB specified for " "a 'netspeed' search: ignoring"); + } return (subtype); default: INSIST(0); @@ -407,8 +420,9 @@ get_subtype(const cfg_obj_t *obj, isc_log_t *lctx, static bool geoip_can_answer(dns_aclelement_t *elt, cfg_aclconfctx_t *ctx) { - if (ctx->geoip == NULL) + if (ctx->geoip == NULL) { return (true); + } switch (elt->geoip_elem.subtype) { case dns_geoip_countrycode: @@ -454,31 +468,39 @@ geoip_can_answer(dns_aclelement_t *elt, cfg_aclconfctx_t *ctx) { case dns_geoip_city_timezonecode: if (ctx->geoip->city_v4 != NULL || ctx->geoip->city_v6 != NULL) + { return (true); + } /* FALLTHROUGH */ case dns_geoip_isp_name: - if (ctx->geoip->isp != NULL) + if (ctx->geoip->isp != NULL) { return (true); + } /* FALLTHROUGH */ case dns_geoip_org_name: - if (ctx->geoip->org != NULL) + if (ctx->geoip->org != NULL) { return (true); + } /* FALLTHROUGH */ case dns_geoip_as_asnum: - if (ctx->geoip->as != NULL) + if (ctx->geoip->as != NULL) { return (true); + } /* FALLTHROUGH */ case dns_geoip_domain_name: - if (ctx->geoip->domain != NULL) + if (ctx->geoip->domain != NULL) { return (true); + } /* FALLTHROUGH */ case dns_geoip_netspeed_id: - if (ctx->geoip->netspeed != NULL) + if (ctx->geoip->netspeed != NULL) { return (true); + } } return (false); } +#endif static isc_result_t parse_geoip_element(const cfg_obj_t *obj, isc_log_t *lctx, @@ -496,8 +518,9 @@ parse_geoip_element(const cfg_obj_t *obj, isc_log_t *lctx, de = *dep; ge = cfg_tuple_get(obj, "db"); - if (!cfg_obj_isvoid(ge)) + if (!cfg_obj_isvoid(ge)) { dbname = cfg_obj_asstring(ge); + } stype = cfg_obj_asstring(cfg_tuple_get(obj, "subtype")); search = cfg_obj_asstring(cfg_tuple_get(obj, "search")); @@ -614,7 +637,6 @@ parse_geoip_element(const cfg_obj_t *obj, isc_log_t *lctx, return (ISC_R_SUCCESS); } -#endif isc_result_t cfg_acl_fromconfig(const cfg_obj_t *caml, const cfg_obj_t *cctx, @@ -668,12 +690,14 @@ cfg_acl_fromconfig2(const cfg_obj_t *caml, const cfg_obj_t *cctx, mctx, &nelem, NULL); if (result != ISC_R_SUCCESS) return (result); - } else + } else { nelem = cfg_list_length(caml, false); + } result = dns_acl_create(mctx, nelem, &dacl); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) { return (result); + } } de = dacl->elements; @@ -707,8 +731,9 @@ cfg_acl_fromconfig2(const cfg_obj_t *caml, const cfg_obj_t *cctx, result = dns_acl_create(mctx, cfg_list_length(ce, false), &de->nestedacl); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) { goto cleanup; + } iptab = de->nestedacl->iptable; } @@ -725,8 +750,9 @@ cfg_acl_fromconfig2(const cfg_obj_t *caml, const cfg_obj_t *cctx, cfg_obj_log(ce, lctx, ISC_LOG_WARNING, "'%s': incorrect address family; " "ignoring", buf); - if (nest_level != 0) + if (nest_level != 0) { dns_acl_detach(&de->nestedacl); + } continue; } result = isc_netaddr_prefixok(&addr, bitlen); @@ -746,15 +772,17 @@ cfg_acl_fromconfig2(const cfg_obj_t *caml, const cfg_obj_t *cctx, setecs = cfg_obj_istype(ce, &cfg_type_ecsprefix); result = dns_iptable_addprefix2(iptab, &addr, bitlen, setpos, setecs); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) { goto cleanup; + } if (nest_level > 0) { INSIST(dacl->length < dacl->alloc); de->type = dns_aclelementtype_nestedacl; de->negative = neg; - } else + } else { continue; + } } else if (cfg_obj_islist(ce)) { /* * If we're nesting ACLs, put the nested @@ -763,29 +791,30 @@ cfg_acl_fromconfig2(const cfg_obj_t *caml, const cfg_obj_t *cctx, * in two cases: 1) sortlist, 2) if the * nested ACL contains negated members. */ - if (inneracl != NULL) + if (inneracl != NULL) { dns_acl_detach(&inneracl); + } result = cfg_acl_fromconfig(ce, cctx, lctx, ctx, mctx, new_nest_level, &inneracl); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) { goto cleanup; + } nested_acl: if (nest_level > 0 || inneracl->has_negatives) { INSIST(dacl->length < dacl->alloc); de->type = dns_aclelementtype_nestedacl; de->negative = neg; - if (de->nestedacl != NULL) + if (de->nestedacl != NULL) { dns_acl_detach(&de->nestedacl); - dns_acl_attach(inneracl, - &de->nestedacl); + } + dns_acl_attach(inneracl, &de->nestedacl); dns_acl_detach(&inneracl); /* Fall through. */ } else { INSIST(dacl->length + inneracl->length <= dacl->alloc); - dns_acl_merge(dacl, inneracl, - !neg); + dns_acl_merge(dacl, inneracl, !neg); de += inneracl->length; /* elements added */ dns_acl_detach(&inneracl); INSIST(dacl->length <= dacl->alloc); @@ -799,19 +828,21 @@ nested_acl: dns_name_init(&de->keyname, NULL); result = convert_keyname(ce, lctx, mctx, &de->keyname); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) { goto cleanup; -#ifdef HAVE_GEOIP + } +#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2) } else if (cfg_obj_istuple(ce) && cfg_obj_isvoid(cfg_tuple_get(ce, "negated"))) { INSIST(dacl->length < dacl->alloc); result = parse_geoip_element(ce, lctx, ctx, de); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) { goto cleanup; + } de->type = dns_aclelementtype_geoip; de->negative = neg; -#endif /* HAVE_GEOIP */ +#endif /* HAVE_GEOIP || HAVE_GEOIP2 */ } else if (cfg_obj_isstring(ce)) { /* ACL name. */ const char *name = cfg_obj_asstring(ce); @@ -819,15 +850,17 @@ nested_acl: /* Iptable entry with zero bit length. */ result = dns_iptable_addprefix(iptab, NULL, 0, (nest_level != 0 || !neg)); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) { goto cleanup; + } if (nest_level != 0) { INSIST(dacl->length < dacl->alloc); de->type = dns_aclelementtype_nestedacl; de->negative = neg; - } else + } else { continue; + } } else if (strcasecmp(name, "none") == 0) { /* none == !any */ /* @@ -838,18 +871,21 @@ nested_acl: */ result = dns_iptable_addprefix(iptab, NULL, 0, (nest_level != 0 || neg)); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) { goto cleanup; + } - if (!neg) + if (!neg) { dacl->has_negatives = !neg; + } if (nest_level != 0) { INSIST(dacl->length < dacl->alloc); de->type = dns_aclelementtype_nestedacl; de->negative = !neg; - } else + } else { continue; + } } else if (strcasecmp(name, "localhost") == 0) { INSIST(dacl->length < dacl->alloc); de->type = dns_aclelementtype_localhost; @@ -868,8 +904,9 @@ nested_acl: result = convert_named_acl(ce, cctx, lctx, ctx, mctx, new_nest_level, &inneracl); - if (result != ISC_R_SUCCESS) + if (result != ISC_R_SUCCESS) { goto cleanup; + } goto nested_acl; } @@ -888,7 +925,9 @@ nested_acl: */ if (de->nestedacl != NULL && de->type != dns_aclelementtype_nestedacl) + { dns_acl_detach(&de->nestedacl); + } dacl->node_count++; de->node_num = dacl->node_count; @@ -902,8 +941,9 @@ nested_acl: result = ISC_R_SUCCESS; cleanup: - if (inneracl != NULL) + if (inneracl != NULL) { dns_acl_detach(&inneracl); + } dns_acl_detach(&dacl); return (result); } diff --git a/lib/isccfg/include/isccfg/aclconf.h b/lib/isccfg/include/isccfg/aclconf.h index 005827ea6fb..2da770ee992 100644 --- a/lib/isccfg/include/isccfg/aclconf.h +++ b/lib/isccfg/include/isccfg/aclconf.h @@ -20,15 +20,13 @@ #include -#ifdef HAVE_GEOIP #include -#endif #include typedef struct cfg_aclconfctx { ISC_LIST(dns_acl_t) named_acl_cache; isc_mem_t *mctx; -#ifdef HAVE_GEOIP +#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2) dns_geoip_databases_t *geoip; #endif isc_refcount_t references; diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index fbc62cc06d4..94bfc71b8cd 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -82,7 +82,7 @@ doc_keyvalue(cfg_printer_t *pctx, const cfg_type_t *type); static void doc_optional_keyvalue(cfg_printer_t *pctx, const cfg_type_t *type); -#ifdef HAVE_GEOIP +#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2) static isc_result_t parse_geoip(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret); @@ -91,7 +91,7 @@ print_geoip(cfg_printer_t *pctx, const cfg_obj_t *obj); static void doc_geoip(cfg_printer_t *pctx, const cfg_type_t *type); -#endif /* HAVE_GEOIP */ +#endif /* HAVE_GEOIP || HAVE_GEOIP2 */ static cfg_type_t cfg_type_acl; static cfg_type_t cfg_type_addrmatchelt; @@ -1080,14 +1080,14 @@ options_clauses[] = { { "fstrm-set-reopen-interval", &cfg_type_uint32, CFG_CLAUSEFLAG_NOTCONFIGURED }, #endif /* HAVE_DNSTAP */ -#ifdef HAVE_GEOIP +#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2) { "geoip-directory", &cfg_type_qstringornone, 0 }, { "geoip-use-ecs", &cfg_type_boolean, 0 }, #else { "geoip-directory", &cfg_type_qstringornone, CFG_CLAUSEFLAG_NOTCONFIGURED }, { "geoip-use-ecs", &cfg_type_boolean, CFG_CLAUSEFLAG_NOTCONFIGURED }, -#endif /* HAVE_GEOIP */ +#endif /* HAVE_GEOIP || HAVE_GEOIP2 */ { "has-old-clients", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, { "heartbeat-interval", &cfg_type_uint32, 0 }, { "host-statistics", &cfg_type_boolean, CFG_CLAUSEFLAG_NOTIMP }, @@ -2777,102 +2777,6 @@ static cfg_type_t cfg_type_optional_keyref = { doc_optional_keyvalue, &cfg_rep_string, &key_kw }; -#ifdef HAVE_GEOIP -/* - * "geoip" ACL element: - * geoip [ db ] search-type - */ -static const char *geoiptype_enums[] = { - "area", "areacode", "asnum", "city", "continent", "country", - "country3", "countryname", "domain", "isp", "metro", "metrocode", - "netspeed", "org", "postal", "postalcode", "region", "regionname", - "timezone", "tz", NULL -}; -static cfg_type_t cfg_type_geoiptype = { - "geoiptype", cfg_parse_enum, cfg_print_ustring, - cfg_doc_enum, &cfg_rep_string, &geoiptype_enums -}; - -static const char *geoipdb_enums[] = { - "asnum", "city", "country", "domain", "isp", "netspeed", - "org", "region", NULL -}; -static cfg_type_t cfg_type_geoipdb = { - "geoipdb", cfg_parse_enum, cfg_print_ustring, - cfg_doc_enum, &cfg_rep_string, &geoipdb_enums -}; - -static cfg_tuplefielddef_t geoip_fields[] = { - { "negated", &cfg_type_void, 0 }, - { "db", &cfg_type_geoipdb, 0 }, - { "subtype", &cfg_type_geoiptype, 0 }, - { "search", &cfg_type_astring, 0 }, - { NULL, NULL, 0 } -}; - -static cfg_type_t cfg_type_geoip = { - "geoip", parse_geoip, print_geoip, doc_geoip, - &cfg_rep_tuple, geoip_fields -}; - -static isc_result_t -parse_geoip(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { - isc_result_t result; - cfg_obj_t *obj = NULL; - const cfg_tuplefielddef_t *fields = type->of; - - CHECK(cfg_create_tuple(pctx, type, &obj)); - CHECK(cfg_parse_void(pctx, NULL, &obj->value.tuple[0])); - - /* Parse the optional "db" field. */ - CHECK(cfg_peektoken(pctx, 0)); - if (pctx->token.type == isc_tokentype_string) { - CHECK(cfg_gettoken(pctx, 0)); - if (strcasecmp(TOKEN_STRING(pctx), "db") == 0 && - obj->value.tuple[1] == NULL) { - CHECK(cfg_parse_obj(pctx, fields[1].type, - &obj->value.tuple[1])); - } else { - CHECK(cfg_parse_void(pctx, NULL, - &obj->value.tuple[1])); - cfg_ungettoken(pctx); - } - } - - CHECK(cfg_parse_obj(pctx, fields[2].type, &obj->value.tuple[2])); - CHECK(cfg_parse_obj(pctx, fields[3].type, &obj->value.tuple[3])); - - *ret = obj; - return (ISC_R_SUCCESS); - - cleanup: - CLEANUP_OBJ(obj); - return (result); -} - -static void -print_geoip(cfg_printer_t *pctx, const cfg_obj_t *obj) { - if (obj->value.tuple[1]->type->print != cfg_print_void) { - cfg_print_cstr(pctx, " db "); - cfg_print_obj(pctx, obj->value.tuple[1]); - } - cfg_print_obj(pctx, obj->value.tuple[2]); - cfg_print_obj(pctx, obj->value.tuple[3]); -} - -static void -doc_geoip(cfg_printer_t *pctx, const cfg_type_t *type) { - UNUSED(type); - cfg_print_cstr(pctx, "[ db "); - cfg_doc_enum(pctx, &cfg_type_geoipdb); - cfg_print_cstr(pctx, " ]"); - cfg_print_cstr(pctx, " "); - cfg_doc_enum(pctx, &cfg_type_geoiptype); - cfg_print_cstr(pctx, " "); - cfg_print_cstr(pctx, ""); -} -#endif /* HAVE_GEOIP */ - /*% * An EDNS client subnet address */ @@ -3212,6 +3116,93 @@ static cfg_type_t cfg_type_querysource = { "querysource", NULL, print_querysource, NULL, &cfg_rep_sockaddr, NULL }; +#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2) +/* + * "geoip" ACL element: + * geoip [ db ] search-type + */ +static const char *geoiptype_enums[] = { + "area", "areacode", "asnum", "city", "continent", "country", + "country3", "countryname", "domain", "isp", "metro", "metrocode", + "netspeed", "org", "postal", "postalcode", "region", "regionname", + "timezone", "tz", NULL +}; +static cfg_type_t cfg_type_geoiptype = { + "geoiptype", cfg_parse_enum, cfg_print_ustring, + cfg_doc_enum, &cfg_rep_string, &geoiptype_enums +}; + +static cfg_tuplefielddef_t geoip_fields[] = { + { "negated", &cfg_type_void, 0 }, + { "db", &cfg_type_astring, 0 }, + { "subtype", &cfg_type_geoiptype, 0 }, + { "search", &cfg_type_astring, 0 }, + { NULL, NULL, 0 } +}; + +static cfg_type_t cfg_type_geoip = { + "geoip", parse_geoip, print_geoip, doc_geoip, + &cfg_rep_tuple, geoip_fields +}; + +static isc_result_t +parse_geoip(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { + isc_result_t result; + cfg_obj_t *obj = NULL; + const cfg_tuplefielddef_t *fields = type->of; + + CHECK(cfg_create_tuple(pctx, type, &obj)); + CHECK(cfg_parse_void(pctx, NULL, &obj->value.tuple[0])); + + /* Parse the optional "db" field. */ + CHECK(cfg_peektoken(pctx, 0)); + if (pctx->token.type == isc_tokentype_string) { + CHECK(cfg_gettoken(pctx, 0)); + if (strcasecmp(TOKEN_STRING(pctx), "db") == 0 && + obj->value.tuple[1] == NULL) { + CHECK(cfg_parse_obj(pctx, fields[1].type, + &obj->value.tuple[1])); + } else { + CHECK(cfg_parse_void(pctx, NULL, + &obj->value.tuple[1])); + cfg_ungettoken(pctx); + } + } + + CHECK(cfg_parse_obj(pctx, fields[2].type, &obj->value.tuple[2])); + CHECK(cfg_parse_obj(pctx, fields[3].type, &obj->value.tuple[3])); + + *ret = obj; + return (ISC_R_SUCCESS); + + cleanup: + CLEANUP_OBJ(obj); + return (result); +} + +static void +print_geoip(cfg_printer_t *pctx, const cfg_obj_t *obj) { + if (obj->value.tuple[1]->type->print != cfg_print_void) { + cfg_print_cstr(pctx, " db "); + cfg_print_obj(pctx, obj->value.tuple[1]); + } + cfg_print_obj(pctx, obj->value.tuple[2]); + cfg_print_obj(pctx, obj->value.tuple[3]); +} + +static void +doc_geoip(cfg_printer_t *pctx, const cfg_type_t *type) { + UNUSED(type); + cfg_print_cstr(pctx, "[ db "); + cfg_doc_obj(pctx, &cfg_type_astring); + cfg_print_cstr(pctx, " ]"); + cfg_print_cstr(pctx, " "); + cfg_doc_enum(pctx, &cfg_type_geoiptype); + cfg_print_cstr(pctx, " "); + cfg_doc_obj(pctx, &cfg_type_astring); +} +#endif /* HAVE_GEOIP || HAVE_GEOIP2 */ + /*% addrmatchelt */ static isc_result_t @@ -3233,7 +3224,7 @@ parse_addrmatchelt(cfg_parser_t *pctx, const cfg_type_t *type, CHECK(cfg_parse_obj(pctx, &cfg_type_ecsprefix, ret)); } else if (pctx->token.type == isc_tokentype_string && (strcasecmp(TOKEN_STRING(pctx), "geoip") == 0)) { -#ifdef HAVE_GEOIP +#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2) CHECK(cfg_gettoken(pctx, 0)); CHECK(cfg_parse_obj(pctx, &cfg_type_geoip, ret)); #else