git.ipfire.org Git - thirdparty/bind9.git/commit

author	Artem Boldariev <artem@boldariev.com>
	Fri, 12 Nov 2021 14:53:13 +0000 (16:53 +0200)
committer	Artem Boldariev <artem@boldariev.com>
	Tue, 30 Nov 2021 10:20:22 +0000 (12:20 +0200)
commit	0ee6f66cbddb69b599be4b191ec8c5531e9e9e2f
tree	75a761006d35c80af4b41c47ecd076d58bbc1538	tree \| snapshot
parent	af2d065c21e9bc9589492a658e102b14015adfc4	commit \| diff

Integrate extended ACLs syntax featuring 'port' and 'transport' opts

This commit completes the integration of the new, extended ACL syntax
featuring 'port' and 'transport' options.

The runtime presentation and ACL loading code are extended to allow
the syntax to be used beyond the 'allow-transfer' option (e.g. in
'acl' definitions and other 'allow-*' options) and can be used to
ultimately extend the ACL support with transport-only
ACLs (e.g. 'transport-acl tls-acl port 853 transport tls'). But, due
to fundamental nature of such a change, it has not been completed as a
part of 9.17.X release series due to it being close to 9.18 stable
release status. That means that we do not have enough time to fully
test it.

The complete integration is planned as a part of 9.19.X release
series.

The code was manually verified to work as expected by temporarily
enabling the extended syntax for 'acl' statements and 'allow-query'
options, including ACL merging, negated ACLs.

lib/dns/acl.c		diff \| blob \| blame \| history
lib/dns/include/dns/acl.h		diff \| blob \| blame \| history
lib/isccfg/aclconf.c		diff \| blob \| blame \| history
lib/ns/client.c		diff \| blob \| blame \| history