the type and class of the CNAME dns_rdata_t,
causing random failures.
+ 320. [func] Multiple rndc changes: parses an rndc.conf file,
+ uses authentication to talk to named, command
+ line syntax changed. This will all be described
+ in the ARM.
+
+ 319. [func] The named.conf "controls" statement is now used
+ to configure the OMAPI command channel.
+
+ 317. [func] Use callbacks from libomapi to determine if a
+ new connection is valid, and if a key requested
+ to be used with that connection is valid.
+
316. [bug] Generate a warning if we detect an unexpected <eof>
but treat as <eol><eof>.
315. [bug] Handle non-empty blanks lines. (RT #163)
+ 314. [func] The named.conf controls statement can now have
+ more than one key specified for the inet clause.
+
313. [bug] When parsing resolv.conf, don't terminate on an
error. Instead, parse as much as possible, but
still return an error if one was found.
311. [bug] lwres_conf_parse failed when the first line of
resolv.conf was empty or a comment.
+ 310. [func] Changes to named.conf "controls" statement (inet
+ subtype only)
+
+ - support "keys" clause
+
+ controls {
+ inet * port 1024
+ allow { any; } keys { "foo"; }
+ }
+
+ - allow "port xxx" to be left out of statement,
+ in which case it defaults to omapi's default port
+ of 953.
+
309. [bug] When sending a referral, the server did not look
for name server addresses as glue in the zone
holding the NS RRset in the case where this zone
# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
# SOFTWARE.
-# $Id: Makefile.in,v 1.49.2.1 2000/06/28 02:56:24 tale Exp $
+# $Id: Makefile.in,v 1.49.2.2 2000/07/11 17:23:01 gson Exp $
srcdir = @srcdir@
VPATH = @srcdir@
OBJS = client.@O@ interfacemgr.@O@ listenlist.@O@ \
log.@O@ logconf.@O@ main.@O@ notify.@O@ omapi.@O@ \
- query.@O@ server.@O@ update.@O@ xfrout.@O@ \
+ omapiconf.@O@ query.@O@ server.@O@ update.@O@ xfrout.@O@ \
lwresd.@O@ lwdclient.@O@ lwderror.@O@ lwdgabn.@O@ \
lwdgnba.@O@ lwdnoop.@O@
SRCS = client.c interfacemgr.c listenlist.c \
log.c logconf.c main.c notify.c omapi.c \
- query.c server.c update.c xfrout.c \
+ omapiconf.c query.c server.c update.c xfrout.c \
lwresd.c lwdclient.c lwderror.c lwdgabn.c \
lwdgnba.c lwdnoop.c
* SOFTWARE.
*/
-/* $Id: omapi.h,v 1.7 2000/06/22 21:49:49 tale Exp $ */
+/* $Id: omapi.h,v 1.7.2.1 2000/07/11 17:23:07 gson Exp $ */
#ifndef NAMED_OMAPI_H
#define NAMED_OMAPI_H 1
+#include <dns/aclconf.h>
+#include <dns/confctx.h>
+
#include <omapi/omapi.h>
#define NS_OMAPI_PORT 953
ns_omapi_init(void);
isc_result_t
-ns_omapi_listen(omapi_object_t **managerp);
+ns_omapi_configure(isc_mem_t *mctx, dns_c_ctx_t *cctx,
+ dns_aclconfctx_t *aclconfctx);
+
+void
+ns_omapi_shutdown(isc_boolean_t exiting);
#endif /* NAMED_OMAPI_H */
* SOFTWARE.
*/
-/* $Id: main.c,v 1.71.2.1 2000/07/10 21:35:35 gson Exp $ */
+/* $Id: main.c,v 1.71.2.2 2000/07/11 17:23:02 gson Exp $ */
#include <config.h>
static void
destroy_managers(void) {
- if (!lwresd_only) {
- if (ns_g_omapimgr != NULL)
- omapi_listener_shutdown(ns_g_omapimgr);
- else
- omapi_lib_destroy();
- }
+ if (!lwresd_only)
+ /*
+ * The omapi listeners need to be stopped here so that
+ * isc_taskmgr_destroy() won't block on the omapi task.
+ */
+ ns_omapi_shutdown(ISC_TRUE);
isc_entropy_detach(&ns_g_entropy);
/*
if (!lwresd_only) {
result = ns_omapi_init();
if (result != ISC_R_SUCCESS)
- ns_main_earlyfatal("omapi_lib_init() failed: %s",
+ ns_main_earlyfatal("ns_omapi_init() failed: %s",
isc_result_totext(result));
-
- result = ns_omapi_listen(&ns_g_omapimgr);
- if (result == ISC_R_SUCCESS)
- isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
- NS_LOGMODULE_MAIN, ISC_LOG_DEBUG(3),
- "OMAPI started");
- else
- isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
- NS_LOGMODULE_MAIN, ISC_LOG_WARNING,
- "OMAPI failed to start: %s",
- isc_result_totext(result));
}
}
static void
cleanup(void) {
destroy_managers();
+
if (lwresd_only)
ns_lwresd_destroy(&ns_g_lwresd);
else
ns_server_destroy(&ns_g_server);
+
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_MAIN,
ISC_LOG_NOTICE, "exiting");
ns_log_shutdown();
return (0);
}
-
-
* SOFTWARE.
*/
-/* $Id: omapi.c,v 1.13 2000/05/08 14:32:57 tale Exp $ */
+/* $Id: omapi.c,v 1.13.2.1 2000/07/11 17:23:04 gson Exp $ */
/*
* Principal Author: DCL
static control_object_t control;
static omapi_objecttype_t *control_type;
-static void
-listen_done(isc_task_t *task, isc_event_t *event);
-
#undef REGION_FMT
/*
* Ok, kind of gross. Sorry. A little.
return (result);
}
-
-isc_result_t
-ns_omapi_listen(omapi_object_t **managerp) {
- omapi_object_t *manager = NULL;
- isc_result_t result;
- isc_sockaddr_t sockaddr;
- isc_netaddr_t netaddr;
- dns_acl_t *acl; /* XXXDCL make a parameter */
- dns_aclelement_t elt;
- struct in_addr inaddr4;
-
- REQUIRE(managerp != NULL && *managerp == NULL);
-
- /*
- * Listen on localhost (127.0.0.1).
- * XXXDCL should be configurable.
- */
- inaddr4.s_addr = htonl(0x7F000001);
- isc_sockaddr_fromin(&sockaddr, &inaddr4, NS_OMAPI_PORT);
-
- /*
- * XXXDCL this is not right either
- */
- isc_netaddr_fromsockaddr(&netaddr, &sockaddr);
- elt.type = dns_aclelementtype_ipprefix;
- elt.negative = ISC_FALSE;
- elt.u.ip_prefix.address = netaddr;
- elt.u.ip_prefix.prefixlen = 32;
-
- result = dns_acl_create(ns_g_mctx, 1, &acl);
-
- if (result == ISC_R_SUCCESS)
- result = dns_acl_appendelement(acl, &elt);
-
- if (result == ISC_R_SUCCESS)
- /*
- * Create a generic object to be the manager for handling
- * incoming server connections.
- */
- result = omapi_object_create(&manager, NULL, 0);
-
- if (result == ISC_R_SUCCESS) {
- /*
- * Start listening for connections.
- */
- result = omapi_protocol_listen(manager, &sockaddr, acl, 1,
- listen_done, ns_g_omapimgr);
- dns_acl_detach(&acl);
- }
-
- if (result == ISC_R_SUCCESS)
- *managerp = manager;
-
- else
- if (manager != NULL)
- omapi_object_dereference(&manager);
-
- return (result);
-}
-
-static void
-listen_done(isc_task_t *task, isc_event_t *event) {
- isc_event_free(&event);
-
- UNUSED(task);
-
- if (ns_g_omapimgr != NULL)
- omapi_object_dereference(&ns_g_omapimgr);
-
- omapi_lib_destroy();
-}
* SOFTWARE.
*/
-/* $Id: server.c,v 1.200.2.1 2000/07/10 21:35:37 gson Exp $ */
+/* $Id: server.c,v 1.200.2.2 2000/07/11 17:23:06 gson Exp $ */
#include <config.h>
#include <named/interfacemgr.h>
#include <named/log.h>
#include <named/logconf.h>
+#include <named/omapi.h>
#include <named/os.h>
#include <named/server.h>
if (*aclp != NULL)
dns_acl_detach(aclp);
if (getvcacl != NULL && cview != NULL)
- (void) (*getvcacl)(cview, &cacl);
+ (void)(*getvcacl)(cview, &cacl);
if (cacl == NULL && getscacl != NULL)
- (void) (*getscacl)(cctx, &cacl);
+ (void)(*getscacl)(cctx, &cacl);
if (cacl == NULL) {
- /* No value available. *aclp == NULL. */
+ /*
+ * No value available. *aclp == NULL.
+ */
return (ISC_R_SUCCESS);
}
return (result);
}
-
/*
- * Convert a null-terminated string of base64 text into
- * binary, storing it in a buffer.
- * 'mctx' is only used internally.
+ * Convert a null-terminated string of base64 text into binary,
+ * storing it in a buffer. 'mctx' is only used internally.
*/
static isc_result_t
-base64_cstring_tobuffer(isc_mem_t *mctx, char *cstr, isc_buffer_t *target)
-{
+base64_cstring_tobuffer(isc_mem_t *mctx, char *cstr, isc_buffer_t *target) {
isc_result_t result;
isc_buffer_t source;
isc_lex_t *lex = NULL;
cleanup:
if (isopen)
- (void) isc_lex_close(lex);
+ (void)isc_lex_close(lex);
if (lex != NULL)
isc_lex_destroy(&lex);
return (result);
strlen(ckey->domain));
isc_buffer_add(&namebuf, strlen(ckey->domain));
CHECK(dns_name_fromtext(keyname, &namebuf,
- dns_rootname, ISC_FALSE, NULL));
+ dns_rootname, ISC_FALSE,
+ NULL));
CHECK(dst_key_fromdns(keyname, &rrdatabuf, mctx,
&dstkey));
* eliminated.
*/
if ((cview != NULL &&
- dns_c_view_getforward(cview, &forward) == ISC_R_SUCCESS) ||
- (dns_c_ctx_getforward(cctx, &forward) == ISC_R_SUCCESS)) {
+ dns_c_view_getforward(cview, &forward) == ISC_R_SUCCESS)
+ || dns_c_ctx_getforward(cctx, &forward) == ISC_R_SUCCESS) {
INSIST(forward == dns_c_forw_first ||
forward == dns_c_forw_only);
if (forward == dns_c_forw_only)
* Configure other configurable data.
*/
view->recursion = ISC_TRUE;
- (void) dns_c_ctx_getrecursion(cctx, &view->recursion);
+ (void)dns_c_ctx_getrecursion(cctx, &view->recursion);
if (cview != NULL)
- (void) dns_c_view_getrecursion(cview, &view->recursion);
+ (void)dns_c_view_getrecursion(cview, &view->recursion);
view->auth_nxdomain = ISC_FALSE; /* Was true in BIND 8 */
- (void) dns_c_ctx_getauthnxdomain(cctx, &view->auth_nxdomain);
+ (void)dns_c_ctx_getauthnxdomain(cctx, &view->auth_nxdomain);
if (cview != NULL)
- (void) dns_c_view_getauthnxdomain(cview, &view->auth_nxdomain);
+ (void)dns_c_view_getauthnxdomain(cview, &view->auth_nxdomain);
result = ISC_R_NOTFOUND;
if (cview != NULL)
*/
{
isc_uint32_t transfersin = 10;
- (void) dns_c_ctx_gettransfersin(cctx, &transfersin);
+ (void)dns_c_ctx_gettransfersin(cctx, &transfersin);
dns_zonemgr_settransfersin(server->zonemgr, transfersin);
}
{
isc_uint32_t transfersperns = 2;
- (void) dns_c_ctx_gettransfersperns(cctx, &transfersperns);
+ (void)dns_c_ctx_gettransfersperns(cctx, &transfersperns);
dns_zonemgr_settransfersperns(server->zonemgr, transfersperns);
}
dns_c_lstnlist_t *clistenon = NULL;
ns_listenlist_t *listenon = NULL;
- (void) dns_c_ctx_getlistenlist(cctx, &clistenon);
+ (void)dns_c_ctx_getlistenlist(cctx, &clistenon);
if (clistenon != NULL) {
result = ns_listenlist_fromconfig(clistenon,
cctx,
ns_g_mctx,
&listenon);
} else {
- /* Not specified, use default. */
+ /*
+ * Not specified, use default.
+ */
CHECK(ns_listenlist_default(ns_g_mctx, listen_port,
ISC_TRUE, &listenon));
}
dns_c_lstnlist_t *clistenon = NULL;
ns_listenlist_t *listenon = NULL;
- (void) dns_c_ctx_getv6listenlist(cctx, &clistenon);
+ (void)dns_c_ctx_getv6listenlist(cctx, &clistenon);
if (clistenon != NULL) {
result = ns_listenlist_fromconfig(clistenon,
cctx,
ns_g_mctx,
&listenon);
} else {
- /* Not specified, use default. */
+ /*
+ * Not specified, use default.
+ */
CHECK(ns_listenlist_default(ns_g_mctx, listen_port,
ISC_FALSE, &listenon));
}
* as specified by the "interface-interval" option.
*/
interface_interval = 3600; /* Default is 1 hour. */
- (void) dns_c_ctx_getinterfaceinterval(cctx, &interface_interval);
+ (void)dns_c_ctx_getinterfaceinterval(cctx, &interface_interval);
if (interface_interval == 0) {
isc_timer_reset(server->interface_timer,
isc_timertype_inactive,
server->tkeyctx = t;
}
+ /*
+ * Bind the OMAPI port(s).
+ */
+ CHECKM(ns_omapi_configure(ns_g_mctx, cctx, &aclconfctx),
+ "binding control channel(s)");
+
/*
* Relinquish root privileges.
*/
CHECKM(isc_logconfig_create(ns_g_lctx, &logc),
"creating new logging configuration");
- (void) dns_c_ctx_getlogging(cctx, &clog);
+ (void)dns_c_ctx_getlogging(cctx, &clog);
if (clog != NULL) {
CHECKM(ns_log_configure(logc, clog),
"configuring logging");
# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
# SOFTWARE.
-# $Id: Makefile.in,v 1.7.2.1 2000/06/28 16:28:03 tale Exp $
+# $Id: Makefile.in,v 1.7.2.2 2000/07/11 17:23:09 gson Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@BIND9_MAKE_RULES@
+rndc.@O@ rndc.c:
+ ${LIBTOOL} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
+ -DRNDC_SYSCONFDIR=\"${sysconfdir}\" -c ${srcdir}/rndc.c
+
rndc: ${OBJS} ${DEPLIBS}
${LIBTOOL} ${CC} ${CFLAGS} -o $@ ${OBJS} ${LIBS}
* SOFTWARE.
*/
-/* $Id: rndc.c,v 1.12.2.2 2000/06/28 16:13:46 tale Exp $ */
+/* $Id: rndc.c,v 1.12.2.3 2000/07/11 17:23:10 gson Exp $ */
/*
* Principal Author: DCL
#include <named/omapi.h>
static const char *progname;
-static const char *conffile = "/etc/rndc.conf";
+static const char *conffile = RNDC_SYSCONFDIR "/rndc.conf";
+static const char *version = VERSION;
static isc_boolean_t verbose;
static isc_mem_t *mctx;
return (result);
}
-/*
- * XXXDCL
- * Usage: %s [-c config] [-s server] [-p port] [-m] command [command ...]\n\
- */
static void
usage(void) {
fprintf(stderr, "\
-Usage: %s [-p port] [-m] server command [command ...]\n\
+Usage: %s [-c config] [-s server] [-p port] [-y key] command [command ...]\n\
\n\
command is one of the following for named:\n\
\n\
*stop Stop the server.\n\
*restart Restart the server.\n\
\n\
-* == not yet implemented\n",
- progname);
+* == not yet implemented\n\
+Version: %s\n",
+ progname, version);
}
#undef DO
int
main(int argc, char **argv) {
isc_boolean_t show_final_mem = ISC_FALSE;
-#ifdef notyet /* XXXDCL no authentication in 9.0.0 */
isc_entropy_t *entropy = NULL;
-#endif
isc_result_t result = ISC_R_SUCCESS;
isc_socketmgr_t *socketmgr = NULL;
isc_taskmgr_t *taskmgr = NULL;
omapi_object_t *omapimgr = NULL;
-#ifdef notyet /* XXXDCL match documentation for 9.0; no authentication */
dns_c_ndcctx_t *config = NULL;
dns_c_ndcopts_t *configopts = NULL;
dns_c_ndcserver_t *server = NULL;
dns_c_kdef_t *key = NULL;
const char *keyname = NULL;
const char *secret = NULL;
-#endif /* notyet */
char *command;
const char *servername = NULL;
const char *host = NULL;
unsigned int port = NS_OMAPI_PORT;
-#ifdef notyet /* XXXDCL */
unsigned int algorithm;
-#endif
int ch;
progname = strrchr(*argv, '/');
else
progname = *argv;
- /*
- * XXXDCL "c:mp:s:v"
- */
-
- while ((ch = isc_commandline_parse(argc, argv, "mp:v")) != -1) {
+ while ((ch = isc_commandline_parse(argc, argv, "c:Mmp:s:vy:")) != -1) {
switch (ch) {
case 'c':
conffile = isc_commandline_argument;
break;
+ case 'M':
+ isc_mem_debugging = ISC_TRUE;
+ break;
+
case 'm':
show_final_mem = ISC_TRUE;
break;
verbose = ISC_TRUE;
break;
+ case 'y':
+ keyname = isc_commandline_argument;
+ break;
+
case '?':
usage();
exit(1);
argc -= isc_commandline_index;
argv += isc_commandline_index;
- /*
- * XXXDCL change to 1 after 9.0.0.
- */
- if (argc < 2) {
+ if (argc < 1) {
usage();
exit(1);
}
- servername = *argv;
- argc--;
-
DO("create memory context", isc_mem_create(0, 0, &mctx));
DO("create socket manager", isc_socketmgr_create(mctx, &socketmgr));
DO("create task manager", isc_taskmgr_create(mctx, 1, 0, &taskmgr));
-#ifdef notyet /* XXXDCL match documentation for 9.0; no authentication */
DO("create entropy pool", isc_entropy_create(mctx, &entropy));
/* XXXDCL probably should use ISC_ENTROPY_GOOD. talk with graff. */
DO("initialize digital signatures",
- dst_lib_init(mctx, entropy, ISC_ENTROPY_BLOCKING));
+ dst_lib_init(mctx, entropy, NULL));
DO(conffile, dns_c_ndcparseconf(conffile, mctx, &config));
exit (1);
}
- if (server != NULL)
+ /*
+ * Look for the name of the key to use.
+ */
+ if (keyname != NULL)
+ ; /* Was set on command line, do nothing. */
+ else if (server != NULL)
DO("get key for server", dns_c_ndcserver_getkey(server,
&keyname));
else if (configopts != NULL)
exit(1);
}
+ /*
+ * Get the key's definition.
+ */
DO("get config key list", dns_c_ndcctx_getkeys(config, &keys));
DO("get key definition", dns_c_kdeflist_find(keys, keyname, &key));
if (server != NULL)
(void)dns_c_ndcserver_gethost(server, &host);
-#endif /* notyet */
if (host == NULL)
host = servername;
ndc_g_ndc.refcnt = 1;
ndc_g_ndc.type = ndc_type;
-#ifdef notyet /* XXXDCL match documentation for 9.0; no authentication */
DO("register local authenticator",
omapi_auth_register(keyname, secret, algorithm));
-#endif /* notyet */
DO("create protocol manager", omapi_object_create(&omapimgr, NULL, 0));
DO("connect", omapi_protocol_connect(omapimgr, host, (in_port_t)port,
NULL));
-#ifdef notyet /* XXXDCL match documentation for 9.0; no authentication */
DO("send remote authenticator",
omapi_auth_use(omapimgr, keyname, algorithm));
-#endif /* notyet */
/*
* Preload the waitresult as successful.
*/
ndc_g_ndc.waitresult = ISC_R_SUCCESS;
- while ((command = *++argv) != NULL &&
+ while ((command = *argv++) != NULL &&
result == ISC_R_SUCCESS &&
ndc_g_ndc.waitresult == ISC_R_SUCCESS) {
isc_result_totext(ndc_g_ndc.waitresult));
else
- fprintf(stdout, "%s: %s command successful\n",
- progname, command);
+ printf("%s: %s command successful\n",
+ progname, command);
}
notify("command loop done");
omapi_object_dereference(&omapimgr);
}
- omapi_lib_destroy();
+ dns_c_ndcctx_destroy(&config);
+ omapi_lib_destroy();
-#ifdef notyet /* XXXDCL no authentication in 9.0.0. */
dst_lib_destroy();
isc_entropy_detach(&entropy);
-#endif /* notyet */
isc_socketmgr_destroy(&socketmgr);
isc_taskmgr_destroy(&taskmgr);
* SOFTWARE.
*/
-/* $Id: named.conf,v 1.38 2000/06/22 21:50:34 tale Exp $ */
+/* $Id: named.conf,v 1.38.2.1 2000/07/11 17:23:12 gson Exp $ */
/*
* This is a worthless, nonrunnable example of a named.conf file that has
*/
controls {
inet * port 52 allow { any; }; // a bad idea
+ inet 10.0.0.1 allow { any; }; // a bad idea
+ inet 10.0.0.2 allow { none; } keys "foo"; // a bad idea
unix "/var/run/ndc" perm 0600 owner 0 group 0; // the default
};
* SOFTWARE.
*/
-/* $Id: confctl.c,v 1.20 2000/05/13 19:44:53 tale Exp $ */
+/* $Id: confctl.c,v 1.20.2.1 2000/07/11 17:23:14 gson Exp $ */
#include <config.h>
REQUIRE(DNS_C_CONFCTLLIST_VALID(cl));
fprintf(fp, "controls {\n");
- ctl = ISC_LIST_HEAD(cl->elements);
+
+ ctl = dns_c_ctrllist_head(cl);
if (ctl == NULL) {
dns_c_printtabs(fp, indent + 1);
fprintf(fp,"/* empty list */\n");
while (ctl != NULL) {
dns_c_printtabs(fp, indent + 1);
dns_c_ctrl_print(fp, indent + 1, ctl);
- ctl = ISC_LIST_NEXT(ctl, next);
+ ctl = dns_c_ctrl_next(ctl);
}
}
+
fprintf(fp, "};\n");
}
isc_result_t
dns_c_ctrlinet_new(isc_mem_t *mem, dns_c_ctrl_t **control,
isc_sockaddr_t addr, in_port_t port,
- dns_c_ipmatchlist_t *iml, isc_boolean_t copy)
+ dns_c_ipmatchlist_t *iml, dns_c_kidlist_t *keylist,
+ isc_boolean_t copy)
{
dns_c_ctrl_t *ctrl;
isc_result_t res;
REQUIRE(control != NULL);
ctrl = isc_mem_get(mem, sizeof *ctrl);
- if (ctrl == NULL) {
+ if (ctrl == NULL)
return (ISC_R_NOMEMORY);
- }
ctrl->magic = DNS_C_CONFCTL_MAGIC;
ctrl->mem = mem;
ctrl->control_type = dns_c_inet_control;
+ isc_sockaddr_setport(&addr, port);
ctrl->u.inet_v.addr = addr;
- ctrl->u.inet_v.port = port;
+ ctrl->keyidlist = keylist;
if (copy) {
res = dns_c_ipmatchlist_copy(mem,
ctrl->u.unix_v.perm = perm;
ctrl->u.unix_v.owner = uid;
ctrl->u.unix_v.group = gid;
+
+ ctrl->keyidlist = NULL;
*control = ctrl;
u.inet_v.matchlist);
else
res = ISC_R_SUCCESS;
+
break;
case dns_c_unix_control:
break;
}
+ if (ctrl->keyidlist != NULL) {
+ dns_c_kidlist_delete(&ctrl->keyidlist);
+ }
+
ctrl->magic = 0;
isc_mem_put(mem, ctrl, sizeof *ctrl);
(void) indent;
if (ctl->control_type == dns_c_inet_control) {
- port = ctl->u.inet_v.port;
+ port = isc_sockaddr_getport(&ctl->u.inet_v.addr);
iml = ctl->u.inet_v.matchlist;
fprintf(fp, "inet ");
dns_c_printtabs(fp, indent + 1);
fprintf(fp, "allow ");
dns_c_ipmatchlist_print(fp, indent + 2, iml);
+
+ if (ctl->keyidlist != NULL) {
+ fprintf(fp, "\n");
+ dns_c_kidlist_print(fp, indent + 1, ctl->keyidlist);
+ }
+
fprintf(fp, ";\n");
} else {
/* The "#" means force a leading zero */
}
+
+dns_c_ctrl_t *
+dns_c_ctrllist_head (dns_c_ctrllist_t *list)
+{
+ REQUIRE(DNS_C_CONFCTLLIST_VALID(list));
+
+ return(ISC_LIST_HEAD(list->elements));
+}
+
+
+dns_c_ctrl_t *
+dns_c_ctrl_next(dns_c_ctrl_t *ctl)
+{
+ REQUIRE(DNS_C_CONFCTL_VALID(ctl));
+
+ return (ISC_LIST_NEXT(ctl, next));
+}
+
+
* SOFTWARE.
*/
-/* $Id: confparser.y,v 1.99 2000/06/21 22:44:19 tale Exp $ */
+/* $Id: confparser.y,v 1.99.2.1 2000/07/11 17:23:15 gson Exp $ */
#include <config.h>
static dns_c_cbks_t *callbacks;
static isc_lexspecials_t specials;
+
+/*
+ * XXXJAB The #define for the default OMAPI port is not available
+ * to us, so we make our own.
+ */
+
+#define OMAPI_DEFAULT_PORT 953
+
#define CONF_MAX_IDENT 1024
/* This should be sufficient to permit multiple parsers and lexers if needed */
%type <port_int> maybe_port
%type <port_int> maybe_wild_port
%type <port_int> maybe_zero_port
+%type <port_int> control_port
%type <rdatatype> rdatatype
%type <rdatatypelist> rdatatype_list
%type <rrclass> class_name
%type <text> channel_name
%type <text> domain_name
%type <text> key_value
+%type <text> control_key
%type <text> ordering_name
%type <text> secret
%type <tformat> transfer_format
;
control: /* Empty */
- | L_INET maybe_wild_addr L_PORT in_port
- L_ALLOW L_LBRACE address_match_list L_RBRACE
+ | L_INET maybe_wild_addr control_port
+ L_ALLOW L_LBRACE address_match_list L_RBRACE control_key
{
dns_c_ctrl_t *control;
tmpres = dns_c_ctrlinet_new(currcfg->mem, &control,
- $2, $4, $7, ISC_FALSE);
+ $2, $3, $6, $8, ISC_FALSE);
+
+ if ($8 != NULL) {
+ isc_mem_free(memctx, $8);
+ }
+
if (tmpres != ISC_R_SUCCESS) {
parser_error(ISC_FALSE,
"failed to build inet control structure");
}
;
+
+control_key: /* nothing */
+ {
+ $$ = NULL;
+ }
+ | L_KEYS key_value
+ {
+ $$ = $2;
+ };
+
+
+
+control_port: /* nothing */
+ {
+ $$ = OMAPI_DEFAULT_PORT;
+ }
+ | L_PORT in_port
+ {
+ $$ = $2;
+ };
+
+
rrset_ordering_list: rrset_ordering_element L_EOS
| rrset_ordering_list rrset_ordering_element L_EOS
;
* SOFTWARE.
*/
-/* $Id: confctl.h,v 1.15 2000/06/22 21:55:19 tale Exp $ */
+/* $Id: confctl.h,v 1.15.2.1 2000/07/11 17:23:18 gson Exp $ */
#ifndef DNS_CONFCTL_H
#define DNS_CONFCTL_H 1
#include <isc/magic.h>
#include <dns/confip.h>
+#include <dns/confkeys.h>
#define DNS_C_CONFCTL_MAGIC 0x4363746cU
#define DNS_C_CONFCTLLIST_MAGIC 0x4354424cU
union {
struct {
isc_sockaddr_t addr;
- in_port_t port;
dns_c_ipmatchlist_t *matchlist;
} inet_v; /* when control_type == dns_c_inet_control */
struct {
gid_t group;
} unix_v; /* when control_type == dns_c_unix_control */
} u;
+ dns_c_kidlist_t *keyidlist;
ISC_LINK(dns_c_ctrl_t) next;
};
isc_result_t
dns_c_ctrlinet_new(isc_mem_t *mem, dns_c_ctrl_t **control,
isc_sockaddr_t addr, in_port_t port,
- dns_c_ipmatchlist_t *iml, isc_boolean_t copy);
+ dns_c_ipmatchlist_t *iml, dns_c_kidlist_t *keylist,
+ isc_boolean_t copy);
/*
* Creates a new INET control object. If COPY is true then a deep copy is
* made of IML, otherwise the value of IML is stored directly in the new
*
*/
+
+dns_c_ctrl_t *dns_c_ctrllist_head (dns_c_ctrllist_t *list);
+dns_c_ctrl_t *dns_c_ctrl_next(dns_c_ctrl_t *ctrl);
+
+
ISC_LANG_ENDDECLS
#endif /* DNS_CONFCTL_H */
* SOFTWARE.
*/
-/* $Id: omapi.h,v 1.13 2000/06/23 21:05:21 tale Exp $ */
+/* $Id: omapi.h,v 1.13.2.1 2000/07/11 17:23:23 gson Exp $ */
/*
* Definitions for the object management API and protocol.
void
omapi_protocol_disconnect(omapi_object_t *handle, isc_boolean_t force);
+/*
+ * XXXDCL The use of one void *arg for all three callbacks/taskactions is
+ * questionable.
+ */
isc_result_t
omapi_protocol_listen(omapi_object_t *mgr, isc_sockaddr_t *addr,
- dns_acl_t *acl, int backlog,
- isc_taskaction_t destroy_action, void *destroy_arg);
+ isc_boolean_t ((*verify_connection)
+ (isc_sockaddr_t *incoming,
+ void *connect_arg)),
+ isc_boolean_t ((*verify_key)
+ (const char *name,
+ unsigned int algorithm,
+ void *key_arg)),
+ isc_taskaction_t destroy_action, void *arg);
/*
* Public functions defined in connection.c.
*/
isc_result_t
omapi_listener_listen(omapi_object_t *mgr, isc_sockaddr_t *addr,
- dns_acl_t *acl, unsigned int backlog,
- isc_taskaction_t destroy_action, void *destroy_arg);
+ isc_boolean_t ((*verify_connection)
+ (isc_sockaddr_t *incoming,
+ void *connect_arg)),
+ isc_boolean_t ((*verify_key)
+ (const char *name,
+ unsigned int algorithm,
+ void *key_arg)),
+ isc_taskaction_t destroy_action, void *arg);
void
omapi_listener_shutdown(omapi_object_t *mgr);
* SOFTWARE.
*/
-/* $Id: private.h,v 1.21 2000/06/23 21:28:31 tale Exp $ */
+/* $Id: private.h,v 1.21.2.1 2000/07/11 17:23:24 gson Exp $ */
/*****
***** Private master include file for the OMAPI library.
isc_region_t signature_in;
isc_buffer_t *signature_out;
isc_result_t verify_result;
+ /*
+ * A callback to find out whether a requested key is valid on
+ * the connection, and the arg the caller wants to help it decide.
+ * Only gets set on the server side.
+ */
+ isc_boolean_t ((*verify_key)(const char *name,
+ unsigned int algorithm,
+ void *key_arg));
+ void * verify_key_arg;
};
/*****
* SOFTWARE.
*/
-/* $Id: listener.c,v 1.26 2000/06/23 22:28:22 tale Exp $ */
+/* $Id: listener.c,v 1.26.2.1 2000/07/11 17:23:20 gson Exp $ */
/*
* Subroutines that support the generic listener object.
isc_mutex_t mutex;
isc_task_t *task;
isc_socket_t *socket; /* Listening socket. */
- dns_acl_t *acl;
+ isc_boolean_t (*verify_connection)(isc_sockaddr_t *sockaddr,
+ void *connect_arg);
+ isc_boolean_t (*verify_key)(const char *name, unsigned int algorithm,
+ void *key_arg);
+ void *callback_arg;
/*
* Locked by mutex.
*/
isc_buffer_t *ibuffer = NULL;
isc_buffer_t *obuffer = NULL;
isc_task_t *connection_task = NULL;
- isc_socket_t *socket;
+ isc_socket_t *sock;
isc_sockaddr_t sockaddr;
- isc_netaddr_t netaddr;
omapi_connection_t *connection = NULL;
- omapi_object_t *protocol = NULL;
+ omapi_protocol_t *protocol = NULL;
omapi_listener_t *listener;
- int match;
/*
* XXXDCL audit error handling
*/
result = ((isc_socket_newconnev_t *)event)->result;
- socket = ((isc_socket_newconnev_t *)event)->newsocket;
+ sock = ((isc_socket_newconnev_t *)event)->newsocket;
listener = (omapi_listener_t *)event->ev_arg;
/*
/*
* Is the connection from a valid host?
*/
- result = isc_socket_getpeername(socket, &sockaddr);
-
- if (result == ISC_R_SUCCESS) {
- isc_netaddr_fromsockaddr(&netaddr, &sockaddr);
-
- result = dns_acl_match(&netaddr, NULL, listener->acl,
- NULL, &match, NULL);
- }
-
- if (result != ISC_R_SUCCESS || match <= 0) {
+ result = isc_socket_getpeername(sock, &sockaddr);
+ if (result != ISC_R_SUCCESS ||
+ !listener->verify_connection(&sockaddr, listener->callback_arg)) {
/*
* Permission denied. Close the connection.
* XXXDCL isc_log_write an error.
*/
- isc_socket_detach(&socket);
+ isc_socket_detach(&sock);
return;
}
connection->task = connection_task;
connection->state = omapi_connection_connected;
- connection->socket = socket;
+ connection->socket = sock;
connection->is_client = ISC_FALSE;
ISC_LIST_INIT(connection->input_buffers);
* connection.
*/
protocol = NULL;
- result = omapi_object_create(&protocol, omapi_type_protocol,
+ result = omapi_object_create((omapi_object_t **)&protocol,
+ omapi_type_protocol,
sizeof(omapi_protocol_t));
if (result != ISC_R_SUCCESS)
goto free_connection_object;
+
+ /*
+ * Hand off the key verification information to the protocol object.
+ */
+ protocol->verify_key = listener->verify_key;
+ protocol->verify_key_arg = listener->callback_arg;
+
/*
* Tie the protocol object bidirectionally to the connection
* object, with the connection as the outer object.
}
isc_result_t
-omapi_listener_listen(omapi_object_t *caller, isc_sockaddr_t *addr,
- dns_acl_t *acl, unsigned int backlog,
- isc_taskaction_t destroy_action, void *destroy_arg)
+omapi_listener_listen(omapi_object_t *manager, isc_sockaddr_t *addr,
+ isc_boolean_t ((*verify_connection)
+ (isc_sockaddr_t *incoming,
+ void *connect_arg)),
+ isc_boolean_t ((*verify_key)
+ (const char *name,
+ unsigned int algorithm,
+ void *key_arg)),
+ isc_taskaction_t destroy_action, void *arg)
{
isc_result_t result;
isc_task_t *task;
omapi_listener_t *listener;
- REQUIRE(caller != NULL);
+ REQUIRE(manager != NULL);
REQUIRE(addr != NULL && isc_sockaddr_getport(addr) != 0);
task = NULL;
/*
* Now tell the kernel to listen for connections.
*/
- result = isc_socket_listen(listener->socket, backlog);
+ result = isc_socket_listen(listener->socket, 0);
if (result == ISC_R_SUCCESS) {
/*
* Queue up the first accept event. The listener object
* will be passed to listener_accept() when it is called.
*/
- dns_acl_attach(acl, &listener->acl);
listener->listening = ISC_TRUE;
result = isc_socket_accept(listener->socket, task,
listener_accept, listener);
/*
* Tie the listener object to the calling object.
*/
- OBJECT_REF(&caller->outer, listener);
- OBJECT_REF(&listener->inner, caller);
+ OBJECT_REF(&manager->outer, listener);
+ OBJECT_REF(&listener->inner, manager);
/*
- * The callback is not set until here because it should
+ * The destroy action is not set until here because it should
* only be called if the listener was successfully set up.
*/
listener->destroy_action = destroy_action;
- listener->destroy_arg = destroy_arg;
-
+ listener->destroy_arg = arg;
+ listener->verify_connection = verify_connection;
+ listener->verify_key = verify_key;
+ listener->callback_arg = arg;
} else {
/*
if (l->socket != NULL)
isc_socket_detach(&l->socket);
-
- if (l->acl != NULL)
- dns_acl_detach(&l->acl);
}
static isc_result_t
* SOFTWARE.
*/
-/* $Id: protocol.c,v 1.28 2000/06/23 21:36:57 tale Exp $ */
+/* $Id: protocol.c,v 1.28.2.1 2000/07/11 17:23:21 gson Exp $ */
/*
* Functions supporting the object management protocol.
*/
isc_result_t
omapi_protocol_listen(omapi_object_t *manager, isc_sockaddr_t *addr,
- dns_acl_t *acl, int max,
- isc_taskaction_t destroy_action, void *destroy_arg)
+ isc_boolean_t ((*verify_connection)
+ (isc_sockaddr_t *incoming,
+ void *connect_arg)),
+ isc_boolean_t ((*verify_key)
+ (const char *name,
+ unsigned int algorithm,
+ void *key_arg)),
+ isc_taskaction_t destroy_action, void *arg)
{
- return (omapi_listener_listen((omapi_object_t *)manager, addr,
- acl, max, destroy_action, destroy_arg));
+ return (omapi_listener_listen(manager, addr, verify_connection,
+ verify_key, destroy_action, arg));
}
isc_result_t
if (p->authname != NULL && p->algorithm != 0) {
unsigned int sigsize;
+ /*
+ * Verifying the key through a callback is (currently) only
+ * done by the server.
+ * XXXDCL the client should have some way of checking whether
+ * what is being set is what it asked for.
+ */
+ if (p->verify_key != NULL &&
+ !p->verify_key(p->authname, p->algorithm,
+ p->verify_key_arg))
+ return (ISC_R_NOPERM);
+
+ if (p->key != NULL)
+ dst_key_free(&p->key);
+
result = auth_makekey(p->authname, p->algorithm, &p->key);
if (result == ISC_R_SUCCESS)
projects / thirdparty / bind9.git / commitdiff
