dns_zone_t *zone;
isc_result_t result;
dns_message_t *answer;
- const dns_ssurule_t **rules;
- size_t ruleslen;
+ unsigned int *maxbytype;
+ size_t maxbytypelen;
};
/*%
dns_rdataclass_t zoneclass;
dns_rdatatype_t covers;
dns_name_t *zonename = NULL;
- const dns_ssurule_t **rules = NULL;
- size_t rule = 0, ruleslen = 0;
+ unsigned int *maxbytype = NULL;
+ size_t update = 0, maxbytypelen = 0;
dns_db_t *db = NULL;
dns_dbversion_t *ver = NULL;
* are illegal or violate policy.
*/
if (ssutable != NULL) {
- ruleslen = request->counts[DNS_SECTION_UPDATE];
- rules = isc_mem_get(mctx, sizeof(*rules) * ruleslen);
- memset(rules, 0, sizeof(*rules) * ruleslen);
+ maxbytypelen = request->counts[DNS_SECTION_UPDATE];
+ maxbytype = isc_mem_get(mctx,
+ sizeof(*maxbytype) * maxbytypelen);
+ memset(maxbytype, 0, sizeof(*maxbytype) * maxbytypelen);
}
- for (rule = 0,
+ for (update = 0,
result = dns_message_firstname(request, DNS_SECTION_UPDATE);
- result == ISC_R_SUCCESS;
- rule++, result = dns_message_nextname(request, DNS_SECTION_UPDATE))
+ result == ISC_R_SUCCESS; update++,
+ result = dns_message_nextname(request, DNS_SECTION_UPDATE))
{
dns_name_t *name = NULL;
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_ttl_t ttl;
dns_rdataclass_t update_class;
- INSIST(ssutable == NULL || rule < ruleslen);
+ INSIST(ssutable == NULL || update < maxbytypelen);
get_current_rr(request, DNS_SECTION_UPDATE, zoneclass, &name,
&rdata, &covers, &ttl, &update_class);
dns_rdata_ptr_t ptr;
dns_rdata_in_srv_t srv;
+ maxbytype[update] = 0;
+
isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
if (client->message->tsigkey != NULL) {
!dns_ssutable_checkrules(
ssutable, client->signer, name,
&netaddr, TCPCLIENT(client), env,
- rdata.type, target, tsigkey,
- &rules[rule]))
+ rdata.type, target, tsigkey, NULL))
{
FAILC(DNS_R_REFUSED,
"rejected by secure update");
}
} else if (rdata.type != dns_rdatatype_any) {
+ const dns_ssurule_t *ssurule = NULL;
if (!dns_ssutable_checkrules(
ssutable, client->signer, name,
&netaddr, TCPCLIENT(client), env,
rdata.type, target, tsigkey,
- &rules[rule]))
+ &ssurule))
{
FAILC(DNS_R_REFUSED,
"rejected by secure update");
}
+ maxbytype[update] = dns_ssurule_max(ssurule,
+ rdata.type);
} else {
if (!ssu_checkall(db, ver, name, ssutable,
client->signer, &netaddr, env,
sizeof(*event));
event->zone = zone;
event->result = ISC_R_SUCCESS;
- event->rules = rules;
- event->ruleslen = ruleslen;
- rules = NULL;
+ event->maxbytype = maxbytype;
+ event->maxbytypelen = maxbytypelen;
+ maxbytype = NULL;
INSIST(client->nupdates == 0);
client->nupdates++;
dns_db_detach(&db);
}
- if (rules != NULL) {
- isc_mem_put(mctx, rules, sizeof(*rules) * ruleslen);
+ if (maxbytype != NULL) {
+ isc_mem_put(mctx, maxbytype, sizeof(*maxbytype) * maxbytypelen);
}
if (ssutable != NULL) {
update_event_t *uev = (update_event_t *)event;
dns_zone_t *zone = uev->zone;
ns_client_t *client = (ns_client_t *)event->ev_arg;
- const dns_ssurule_t **rules = uev->rules;
- size_t rule = 0, ruleslen = uev->ruleslen;
+ unsigned int *maxbytype = uev->maxbytype;
+ size_t update = 0, maxbytypelen = uev->maxbytypelen;
isc_result_t result;
dns_db_t *db = NULL;
dns_dbversion_t *oldver = NULL;
/*
* Process the Update Section.
*/
- INSIST(ssutable == NULL || rules != NULL);
- for (rule = 0,
+ INSIST(ssutable == NULL || maxbytype != NULL);
+ for (update = 0,
result = dns_message_firstname(request, DNS_SECTION_UPDATE);
- result == ISC_R_SUCCESS;
- rule++, result = dns_message_nextname(request, DNS_SECTION_UPDATE))
+ result == ISC_R_SUCCESS; update++,
+ result = dns_message_nextname(request, DNS_SECTION_UPDATE))
{
dns_name_t *name = NULL;
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdataclass_t update_class;
bool flag;
- INSIST(ssutable == NULL || rule < ruleslen);
+ INSIST(ssutable == NULL || update < maxbytypelen);
get_current_rr(request, DNS_SECTION_UPDATE, zoneclass, &name,
&rdata, &covers, &ttl, &update_class);
if (update_class == zoneclass) {
- unsigned int max = 0;
-
/*
* RFC1123 doesn't allow MF and MD in master files.
*/
}
}
- if (rules != NULL && rules[rule] != NULL) {
- max = dns_ssurule_max(rules[rule], rdata.type);
- }
- if (max != 0) {
+ if (maxbytype != NULL && maxbytype[update] != 0) {
unsigned int count = 0;
CHECK(foreach_rr(db, ver, name, rdata.type,
covers, count_action, &count));
- if (count >= max) {
+ if (count >= maxbytype[update]) {
update_log(client, zone,
LOGLEVEL_PROTOCOL,
"attempt to add more "
"records than permitted by "
"policy max=%u",
- max);
+ maxbytype[update]);
continue;
}
}
dns_db_detach(&db);
}
- if (rules != NULL) {
- isc_mem_put(mctx, rules, sizeof(*rules) * ruleslen);
+ if (maxbytype != NULL) {
+ isc_mem_put(mctx, maxbytype, sizeof(*maxbytype) * maxbytypelen);
}
if (ssutable != NULL) {
projects / thirdparty / bind9.git / commitdiff
