+++ /dev/null
-/*
- * Copyright (C) 1999, 2000 Internet Software Consortium.
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-#include <config.h>
-
-#include <isc/string.h> /* Required for HP/UX (and others?) */
-#include <isc/util.h>
-
-#include <dns/acl.h>
-#include <dns/aclconf.h>
-#include <dns/fixedname.h>
-#include <dns/log.h>
-
-void
-dns_aclconfctx_init(dns_aclconfctx_t *ctx) {
- ISC_LIST_INIT(ctx->named_acl_cache);
-}
-
-void
-dns_aclconfctx_destroy(dns_aclconfctx_t *ctx) {
- dns_acl_t *dacl, *next;
- for (dacl = ISC_LIST_HEAD(ctx->named_acl_cache);
- dacl != NULL;
- dacl = next)
- {
- next = ISC_LIST_NEXT(dacl, nextincache);
- dacl->name = NULL;
- dns_acl_detach(&dacl);
- }
-}
-
-static isc_result_t
-convert_named_acl(char *aclname, dns_c_ctx_t *cctx,
- dns_aclconfctx_t *ctx, isc_mem_t *mctx,
- dns_acl_t **target)
-{
- isc_result_t result;
- dns_c_acl_t *cacl;
- dns_acl_t *dacl;
-
- /* Look for an already-converted version. */
- for (dacl = ISC_LIST_HEAD(ctx->named_acl_cache);
- dacl != NULL;
- dacl = ISC_LIST_NEXT(dacl, nextincache))
- {
- if (strcmp(aclname, dacl->name) == 0) {
- dns_acl_attach(dacl, target);
- return ISC_R_SUCCESS;
- }
- }
- /* Not yet converted. Convert now. */
- result = dns_c_acltable_getacl(cctx->acls, aclname, &cacl);
- if (result != ISC_R_SUCCESS) {
- isc_log_write(dns_lctx, DNS_LOGCATEGORY_SECURITY,
- DNS_LOGMODULE_ACL, ISC_LOG_WARNING,
- "undefined ACL '%s'", aclname);
- return (result);
- }
- result = dns_acl_fromconfig(cacl->ipml, cctx, ctx, mctx, &dacl);
- if (result != ISC_R_SUCCESS)
- return (result);
- dacl->name = aclname;
- ISC_LIST_APPEND(ctx->named_acl_cache, dacl, nextincache);
- dns_acl_attach(dacl, target);
- return (ISC_R_SUCCESS);
-}
-
-static isc_result_t
-convert_keyname(char *txtname, isc_mem_t *mctx, dns_name_t *dnsname) {
- isc_result_t result;
- isc_buffer_t buf;
- dns_fixedname_t fixname;
- unsigned int keylen;
-
- keylen = strlen(txtname);
- isc_buffer_init(&buf, txtname, keylen);
- isc_buffer_add(&buf, keylen);
- dns_fixedname_init(&fixname);
- result = dns_name_fromtext(dns_fixedname_name(&fixname), &buf,
- dns_rootname, ISC_FALSE, NULL);
- if (result != ISC_R_SUCCESS) {
- isc_log_write(dns_lctx, DNS_LOGCATEGORY_SECURITY,
- DNS_LOGMODULE_ACL, ISC_LOG_WARNING,
- "key name \"%s\" is not a valid domain name",
- txtname);
- return (result);
- }
- return (dns_name_dup(dns_fixedname_name(&fixname), mctx, dnsname));
-}
-
-isc_result_t
-dns_acl_fromconfig(dns_c_ipmatchlist_t *caml,
- dns_c_ctx_t *cctx,
- dns_aclconfctx_t *ctx,
- isc_mem_t *mctx,
- dns_acl_t **target)
-{
- isc_result_t result;
- unsigned int count;
- dns_acl_t *dacl = NULL;
- dns_aclelement_t *de;
- dns_c_ipmatchelement_t *ce;
-
- REQUIRE(target != NULL && *target == NULL);
-
- count = 0;
- for (ce = ISC_LIST_HEAD(caml->elements);
- ce != NULL;
- ce = ISC_LIST_NEXT(ce, next))
- count++;
-
- result = dns_acl_create(mctx, count, &dacl);
- if (result != ISC_R_SUCCESS)
- return (result);
-
- de = dacl->elements;
- for (ce = ISC_LIST_HEAD(caml->elements);
- ce != NULL;
- ce = ISC_LIST_NEXT(ce, next))
- {
- de->negative = dns_c_ipmatchelement_isneg(ce);
- switch (ce->type) {
- case dns_c_ipmatch_pattern:
- de->type = dns_aclelementtype_ipprefix;
- isc_netaddr_fromsockaddr(&de->u.ip_prefix.address,
- &ce->u.direct.address);
- /* XXX "mask" is a misnomer */
- de->u.ip_prefix.prefixlen = ce->u.direct.mask;
- break;
- case dns_c_ipmatch_key:
- de->type = dns_aclelementtype_keyname;
- dns_name_init(&de->u.keyname, NULL);
- result = convert_keyname(ce->u.key, mctx,
- &de->u.keyname);
- if (result != ISC_R_SUCCESS)
- goto cleanup;
- break;
- case dns_c_ipmatch_indirect:
- de->type = dns_aclelementtype_nestedacl;
- result = dns_acl_fromconfig(ce->u.indirect.list,
- cctx, ctx, mctx,
- &de->u.nestedacl);
- if (result != ISC_R_SUCCESS)
- goto cleanup;
- break;
- case dns_c_ipmatch_localhost:
- de->type = dns_aclelementtype_localhost;
- break;
-
- case dns_c_ipmatch_any:
- de->type = dns_aclelementtype_any;
- break;
-
- case dns_c_ipmatch_localnets:
- de->type = dns_aclelementtype_localnets;
- break;
- case dns_c_ipmatch_acl:
- de->type = dns_aclelementtype_nestedacl;
- result = convert_named_acl(ce->u.aclname,
- cctx, ctx, mctx,
- &de->u.nestedacl);
- if (result != ISC_R_SUCCESS)
- goto cleanup;
- break;
- default:
- isc_log_write(dns_lctx, DNS_LOGCATEGORY_SECURITY,
- DNS_LOGMODULE_ACL, ISC_LOG_WARNING,
- "address match list contains "
- "unsupported element type");
- result = ISC_R_FAILURE;
- goto cleanup;
- }
- de++;
- dacl->length++;
- }
-
- *target = dacl;
- return (ISC_R_SUCCESS);
-
- cleanup:
- dns_acl_detach(&dacl);
- return (result);
-}
+++ /dev/null
-/*
- * Copyright (C) 1999, 2000 Internet Software Consortium.
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-#ifndef DNS_ACLCONF_H
-#define DNS_ACLCONF_H 1
-
-#include <isc/lang.h>
-
-#include <dns/confctx.h>
-#include <dns/types.h>
-
-typedef struct dns_aclconfctx {
- ISC_LIST(dns_acl_t) named_acl_cache;
-} dns_aclconfctx_t;
-
-/***
- *** Functions
- ***/
-
-ISC_LANG_BEGINDECLS
-
-void
-dns_aclconfctx_init(dns_aclconfctx_t *ctx);
-
-void
-dns_aclconfctx_destroy(dns_aclconfctx_t *ctx);
-
-isc_result_t
-dns_acl_fromconfig(dns_c_ipmatchlist_t *caml,
- dns_c_ctx_t *cctx,
- dns_aclconfctx_t *ctx,
- isc_mem_t *mctx,
- dns_acl_t **target);
-
-ISC_LANG_ENDDECLS
-
-#endif /* DNS_ACLCONF_H */
+++ /dev/null
-/*
- * Copyright (C) 1999, 2000 Internet Software Consortium.
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-#ifndef DNS_TKEYCONF_H
-#define DNS_TKEYCONF_H 1
-
-#include <isc/types.h>
-#include <isc/lang.h>
-
-#include <dns/confctx.h>
-
-ISC_LANG_BEGINDECLS
-
-isc_result_t
-dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx,
- dns_tkey_ctx_t **tctxp);
-/*
- * Create a TKEY context and configure it, including the default DH key
- * and default domain, according to 'cfg'.
- *
- * Requires:
- * 'cfg' is a valid configuration context.
- * 'mctx' is not NULL
- * 'tctx' is not NULL
- * '*tctx' is NULL
- *
- * Returns:
- * ISC_R_SUCCESS
- * ISC_R_NOMEMORY
- */
-
-ISC_LANG_ENDDECLS
-
-#endif /* DNS_TKEYCONF_H */
+++ /dev/null
-/*
- * Copyright (C) 1999, 2000 Internet Software Consortium.
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-#ifndef DNS_TSIGCONF_H
-#define DNS_TSIGCONF_H 1
-
-#include <isc/types.h>
-#include <isc/lang.h>
-
-#include <dns/confctx.h>
-
-ISC_LANG_BEGINDECLS
-
-isc_result_t
-dns_tsigkeyring_fromconfig(dns_c_ctx_t *confctx, isc_mem_t *mctx,
- dns_tsig_keyring_t **ring);
-/*
- * Create a TSIG key ring and configure it according to 'confctx'.
- *
- * Requires:
- * 'confctx' is a valid configuration context.
- * 'mctx' is not NULL
- * 'ring' is not NULL, and '*ring' is NULL
- *
- * Returns:
- * ISC_R_SUCCESS
- * ISC_R_NOMEMORY
- */
-
-ISC_LANG_ENDDECLS
-
-#endif /* DNS_TSIGCONF_H */
+++ /dev/null
-/*
- * Copyright (C) 1999, 2000 Internet Software Consortium.
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-#ifndef DNS_ZONECONF_H
-#define DNS_ZONECONF_H 1
-
-#include <isc/lang.h>
-#include <isc/types.h>
-
-#include <dns/aclconf.h>
-
-ISC_LANG_BEGINDECLS
-
-isc_result_t
-dns_zone_configure(dns_c_ctx_t *cctx, dns_c_view_t *cview, dns_c_zone_t *czone,
- dns_aclconfctx_t *ac, dns_zone_t *zone);
-/*
- * Configure or reconfigure a zone according to the named.conf
- * data in 'cctx' and 'czone'.
- *
- * The zone origin is not configured, it is assumed to have been set
- * at zone creation time.
- *
- * Require:
- * 'lctx' to be initalised or NULL.
- * 'cctx' to be initalised or NULL.
- * 'ac' to point to an initialized ns_aclconfctx_t.
- * 'czone' to be initalised.
- * 'zone' to be initalised.
- */
-
-isc_boolean_t
-dns_zone_reusable(dns_zone_t *zone, dns_c_zone_t *czone);
-/*
- * If 'zone' can be safely reconfigured according to the configuration
- * data in 'czone', return ISC_TRUE. If the configuration data is so
- * different from the current zone state that the zone needs to be destroyed
- * and recreated, return ISC_FALSE.
- */
-
-isc_result_t
-dns_zonemgr_configure(dns_c_ctx_t *cctx, dns_zonemgr_t *zonemgr);
-/*
- * Configure the zone manager according to the named.conf data
- * in 'cctx'.
- */
-ISC_LANG_ENDDECLS
-
-#endif /* DNS_ZONECONF_H */
+++ /dev/null
-/*
- * Copyright (C) 1999, 2000 Internet Software Consortium.
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-#include <config.h>
-
-#include <isc/buffer.h>
-#include <isc/string.h> /* Required for HP/UX (and others?) */
-#include <isc/mem.h>
-
-#include <dns/keyvalues.h>
-#include <dns/name.h>
-#include <dns/tkey.h>
-#include <dns/tkeyconf.h>
-
-#define RETERR(x) do { \
- result = (x); \
- if (result != ISC_R_SUCCESS) \
- goto failure; \
- } while (0)
-
-
-isc_result_t
-dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx,
- dns_tkey_ctx_t **tctxp)
-{
- isc_result_t result;
- dns_tkey_ctx_t *tctx = NULL;
- char *s;
- int n;
- isc_buffer_t b, namebuf;
- unsigned char data[1024];
- dns_name_t domain;
-
- result = dns_tkeyctx_create(mctx, &tctx);
- if (result != ISC_R_SUCCESS)
- return (result);
-
- s = NULL;
- result = dns_c_ctx_gettkeydhkey(cfg, &s, &n);
- if (result == ISC_R_NOTFOUND) {
- *tctxp = tctx;
- return (ISC_R_SUCCESS);
- }
- RETERR(dst_key_fromfile(s, n, DNS_KEYALG_DH,
- DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
- mctx, &tctx->dhkey));
- s = NULL;
- RETERR(dns_c_ctx_gettkeydomain(cfg, &s));
- dns_name_init(&domain, NULL);
- tctx->domain = (dns_name_t *) isc_mem_get(mctx, sizeof(dns_name_t));
- if (tctx->domain == NULL) {
- result = ISC_R_NOMEMORY;
- goto failure;
- }
- dns_name_init(tctx->domain, NULL);
- isc_buffer_init(&b, s, strlen(s));
- isc_buffer_add(&b, strlen(s));
- isc_buffer_init(&namebuf, data, sizeof(data));
- RETERR(dns_name_fromtext(&domain, &b, dns_rootname, ISC_FALSE,
- &namebuf));
- RETERR(dns_name_dup(&domain, mctx, tctx->domain));
-
- *tctxp = tctx;
- return (ISC_R_SUCCESS);
-
- failure:
- if (tctx->dhkey != NULL)
- dst_key_free(&tctx->dhkey);
- if (tctx->domain != NULL) {
- dns_name_free(tctx->domain, mctx);
- isc_mem_put(mctx, tctx->domain, sizeof(dns_name_t));
- tctx->domain = NULL;
- }
- dns_tkeyctx_destroy(&tctx);
- return (result);
-}
-
+++ /dev/null
-/*
- * Copyright (C) 1999, 2000 Internet Software Consortium.
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-#include <config.h>
-
-#include <isc/base64.h>
-#include <isc/buffer.h>
-#include <isc/lex.h>
-#include <isc/mem.h>
-#include <isc/string.h>
-
-#include <dns/tsig.h>
-#include <dns/tsigconf.h>
-
-static isc_result_t
-add_initial_keys(dns_c_kdeflist_t *list, dns_tsig_keyring_t *ring,
- isc_mem_t *mctx)
-{
- isc_lex_t *lex = NULL;
- dns_c_kdef_t *key;
- unsigned char *secret = NULL;
- int secretalloc = 0;
- int secretlen = 0;
- isc_result_t ret;
- isc_stdtime_t now;
-
- key = ISC_LIST_HEAD(list->keydefs);
- while (key != NULL) {
- dns_name_t keyname;
- dns_name_t alg;
- char keynamedata[1024], algdata[1024];
- isc_buffer_t keynamesrc, keynamebuf, algsrc, algbuf;
- isc_buffer_t secretsrc, secretbuf;
-
- dns_name_init(&keyname, NULL);
- dns_name_init(&alg, NULL);
-
- /*
- * Create the key name.
- */
- isc_buffer_init(&keynamesrc, key->keyid, strlen(key->keyid));
- isc_buffer_add(&keynamesrc, strlen(key->keyid));
- isc_buffer_init(&keynamebuf, keynamedata, sizeof(keynamedata));
- ret = dns_name_fromtext(&keyname, &keynamesrc, dns_rootname,
- ISC_TRUE, &keynamebuf);
- if (ret != ISC_R_SUCCESS)
- goto failure;
-
- /*
- * Create the algorithm.
- */
- if (strcasecmp(key->algorithm, "hmac-md5") == 0)
- alg = *dns_tsig_hmacmd5_name;
- else {
- isc_buffer_init(&algsrc, key->algorithm,
- strlen(key->algorithm));
- isc_buffer_add(&algsrc, strlen(key->algorithm));
- isc_buffer_init(&algbuf, algdata, sizeof(algdata));
- ret = dns_name_fromtext(&alg, &algsrc, dns_rootname,
- ISC_TRUE, &algbuf);
- if (ret != ISC_R_SUCCESS)
- goto failure;
- }
-
- if (strlen(key->secret) % 4 != 0) {
- ret = ISC_R_BADBASE64;
- goto failure;
- }
- secretalloc = secretlen = strlen(key->secret) * 3 / 4;
- secret = isc_mem_get(mctx, secretlen);
- if (secret == NULL) {
- ret = ISC_R_NOMEMORY;
- goto failure;
- }
- isc_buffer_init(&secretsrc, key->secret, strlen(key->secret));
- isc_buffer_add(&secretsrc, strlen(key->secret));
- isc_buffer_init(&secretbuf, secret, secretlen);
- ret = isc_lex_create(mctx, strlen(key->secret), &lex);
- if (ret != ISC_R_SUCCESS)
- goto failure;
- ret = isc_lex_openbuffer(lex, &secretsrc);
- if (ret != ISC_R_SUCCESS)
- goto failure;
- ret = isc_base64_tobuffer(lex, &secretbuf, -1);
- if (ret != ISC_R_SUCCESS)
- goto failure;
- secretlen = isc_buffer_usedlength(&secretbuf);
- isc_lex_close(lex);
- isc_lex_destroy(&lex);
-
- isc_stdtime_get(&now);
- ret = dns_tsigkey_create(&keyname, &alg, secret, secretlen,
- ISC_FALSE, NULL, now, now,
- mctx, ring, NULL);
- isc_mem_put(mctx, secret, secretalloc);
- secret = NULL;
- if (ret != ISC_R_SUCCESS)
- goto failure;
- key = ISC_LIST_NEXT(key, next);
- }
- return (ISC_R_SUCCESS);
-
- failure:
- if (lex != NULL)
- isc_lex_destroy(&lex);
- if (secret != NULL)
- isc_mem_put(mctx, secret, secretlen);
- return (ret);
-
-}
-
-isc_result_t
-dns_tsigkeyring_fromconfig(dns_c_ctx_t *confctx, isc_mem_t *mctx,
- dns_tsig_keyring_t **ringp)
-{
- dns_c_kdeflist_t *keylist = NULL;
- dns_tsig_keyring_t *ring = NULL;
- isc_result_t result;
-
- result = dns_tsigkeyring_create(mctx, &ring);
- if (result != ISC_R_SUCCESS)
- return (result);
-
- result = dns_c_ctx_getkdeflist(confctx, &keylist);
- if (result == ISC_R_SUCCESS)
- result = add_initial_keys(keylist, ring, mctx);
- else if (result == ISC_R_NOTFOUND)
- result = ISC_R_SUCCESS;
- if (result != ISC_R_SUCCESS)
- goto failure;
-
- *ringp = ring;
- return (ISC_R_SUCCESS);
-
- failure:
- dns_tsigkeyring_destroy(&ring);
- return (result);
-}
+++ /dev/null
-/*
- * Copyright (C) 1999, 2000 Internet Software Consortium.
- *
- * Permission to use, copy, modify, and distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
- * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
- * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
- * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
- * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
- * SOFTWARE.
- */
-
-#include <config.h>
-
-#include <isc/string.h> /* Required for HP/UX (and others?) */
-#include <isc/util.h>
-
-#include <dns/acl.h>
-#include <dns/zone.h>
-#include <dns/zoneconf.h>
-#include <dns/ssu.h>
-
-/* XXX copied from zone.c */
-#define MAX_XFER_TIME (2*3600) /* Documented default is 2 hours. */
-#define DNS_DEFAULT_IDLEIN 3600 /* 1 hour */
-#define DNS_DEFAULT_IDLEOUT 3600 /* 1 hour */
-
-/*
- * Convenience function for configuring a single zone ACL.
- */
-static isc_result_t
-configure_zone_acl(dns_c_zone_t *czone, dns_c_ctx_t *cctx, dns_c_view_t *cview,
- dns_aclconfctx_t *aclconfctx, dns_zone_t *zone,
- isc_result_t (*getcacl)(dns_c_zone_t *,
- dns_c_ipmatchlist_t **),
- isc_result_t (*getviewcacl)(dns_c_view_t *
- , dns_c_ipmatchlist_t **),
- isc_result_t (*getglobalcacl)(dns_c_ctx_t *,
- dns_c_ipmatchlist_t **),
- void (*setzacl)(dns_zone_t *, dns_acl_t *),
- void (*clearzacl)(dns_zone_t *))
-{
- isc_result_t result;
- dns_c_ipmatchlist_t *cacl;
- dns_acl_t *dacl = NULL;
- result = (*getcacl)(czone, &cacl);
- if (result == ISC_R_NOTFOUND && getviewcacl != NULL && cview != NULL) {
- result = (*getviewcacl)(cview, &cacl);
- }
- if (result == ISC_R_NOTFOUND && getglobalcacl != NULL) {
- result = (*getglobalcacl)(cctx, &cacl);
- }
- if (result == ISC_R_SUCCESS) {
- result = dns_acl_fromconfig(cacl, cctx, aclconfctx,
- dns_zone_getmctx(zone), &dacl);
- dns_c_ipmatchlist_detach(&cacl);
- if (result != ISC_R_SUCCESS)
- return (result);
- (*setzacl)(zone, dacl);
- dns_acl_detach(&dacl);
- return (ISC_R_SUCCESS);
- } else if (result == ISC_R_NOTFOUND) {
- (*clearzacl)(zone);
- return (ISC_R_SUCCESS);
- } else {
- return (result);
- }
-}
-
-
-static dns_zonetype_t
-dns_zonetype_fromconf(dns_c_zonetype_t cztype) {
- switch (cztype) {
- case dns_c_zone_master:
- return dns_zone_master;
- case dns_c_zone_forward:
- return dns_zone_forward;
- case dns_c_zone_slave:
- return dns_zone_slave;
- case dns_c_zone_stub:
- return dns_zone_stub;
- case dns_c_zone_hint:
- return dns_zone_hint;
- }
- INSIST(0);
- return (dns_zone_none); /*NOTREACHED*/
-}
-
-isc_result_t
-dns_zone_configure(dns_c_ctx_t *cctx, dns_c_view_t *cview,
- dns_c_zone_t *czone, dns_aclconfctx_t *ac,
- dns_zone_t *zone)
-{
- isc_result_t result;
- isc_boolean_t boolean;
- const char *filename = NULL;
-#ifdef notyet
- dns_c_severity_t severity;
-#endif
- dns_c_iplist_t *iplist = NULL;
- isc_sockaddr_t sockaddr;
- isc_int32_t maxxfr;
- struct in_addr in4addr_any;
- isc_sockaddr_t sockaddr_any4, sockaddr_any6;
- dns_ssutable_t *ssutable;
-
- in4addr_any.s_addr = htonl(INADDR_ANY);
- isc_sockaddr_fromin(&sockaddr_any4, &in4addr_any, 0);
- isc_sockaddr_fromin6(&sockaddr_any6, &in6addr_any, 0);
-
- dns_zone_setclass(zone, czone->zclass);
-
- /* XXX needs to be an zone option */
- result = dns_zone_setdbtype(zone, "rbt");
- if (result != ISC_R_SUCCESS)
- return (result);
-
- switch (czone->ztype) {
- case dns_c_zone_master:
- dns_zone_settype(zone, dns_zone_master);
- result = dns_c_zone_getfile(czone, &filename);
- if (result != ISC_R_SUCCESS)
- return (result);
-
- result = dns_zone_setdatabase(zone, filename);
- if (result != ISC_R_SUCCESS)
- return (result);
-#ifdef notyet
- result = dns_c_zone_getchecknames(czone, &severity);
- if (result == ISC_R_SUCCESS)
- dns_zone_setchecknames(zone, severity);
- else
- dns_zone_setchecknames(zone, dns_c_severity_fail);
-#endif
- result = configure_zone_acl(czone, cctx, NULL, ac, zone,
- dns_c_zone_getallowupd,
- NULL, NULL,
- dns_zone_setupdateacl,
- dns_zone_clearupdateacl);
- if (result != ISC_R_SUCCESS)
- return (result);
-
- result = configure_zone_acl(czone, cctx, cview, ac, zone,
- dns_c_zone_getallowquery,
- dns_c_view_getallowquery,
- dns_c_ctx_getallowquery,
- dns_zone_setqueryacl,
- dns_zone_clearqueryacl);
- if (result != ISC_R_SUCCESS)
- return (result);
-
- result = configure_zone_acl(czone, cctx, cview, ac, zone,
- dns_c_zone_getallowtransfer,
- dns_c_view_gettransferacl,
- dns_c_ctx_getallowtransfer,
- dns_zone_setxfracl,
- dns_zone_clearxfracl);
- if (result != ISC_R_SUCCESS)
- return (result);
-
- result = dns_c_zone_getdialup(czone, &boolean);
-#ifdef notyet
- if (result != ISC_R_SUCCESS && cview != NULL)
- result = dns_c_view_getdialup(cview, &boolean);
-#endif
- if (result != ISC_R_SUCCESS)
- result = dns_c_ctx_getdialup(cctx, &boolean);
- if (result != ISC_R_SUCCESS)
- boolean = ISC_FALSE;
- dns_zone_setoption(zone, DNS_ZONE_O_DIALUP, boolean);
-
- result = dns_c_zone_getnotify(czone, &boolean);
- if (result != ISC_R_SUCCESS && cview != NULL)
- result = dns_c_view_getnotify(cview, &boolean);
- if (result != ISC_R_SUCCESS)
- result = dns_c_ctx_getnotify(cctx, &boolean);
- if (result != ISC_R_SUCCESS)
- boolean = ISC_TRUE;
- dns_zone_setoption(zone, DNS_ZONE_O_NOTIFY, boolean);
-
- result = dns_c_zone_getalsonotify(czone, &iplist);
- if (result == ISC_R_SUCCESS)
- result = dns_zone_setnotifyalso(zone, iplist->ips,
- iplist->nextidx);
- else
- result = dns_zone_setnotifyalso(zone, NULL, 0);
- if (result != ISC_R_SUCCESS)
- return (result);
-
- result = dns_c_zone_getmaxtranstimeout(czone, &maxxfr);
- if (result != ISC_R_SUCCESS && cview != NULL)
- result = dns_c_view_getmaxtransfertimeout(cview,
- &maxxfr);
- if (result != ISC_R_SUCCESS)
- result = dns_c_ctx_getmaxtransfertimeout(cctx,
- &maxxfr);
- if (result != ISC_R_SUCCESS)
- maxxfr = MAX_XFER_TIME;
- dns_zone_setmaxxfrout(zone, maxxfr);
-
- result = dns_c_zone_getmaxtransidleout(czone, &maxxfr);
- if (result != ISC_R_SUCCESS && cview != NULL)
- result = dns_c_view_getmaxtransferidleout(cview,
- &maxxfr);
- if (result != ISC_R_SUCCESS)
- result = dns_c_ctx_getmaxtransferidleout(cctx,
- &maxxfr);
- if (result != ISC_R_SUCCESS)
- maxxfr = DNS_DEFAULT_IDLEOUT;
- dns_zone_setidleout(zone, maxxfr);
-
- ssutable = NULL;
- result = dns_c_zone_getssuauth(czone, &ssutable);
- if (result == ISC_R_SUCCESS) {
- dns_ssutable_t *newssutable = NULL;
- dns_ssutable_attach(ssutable, &newssutable);
- dns_zone_setssutable(zone, newssutable);
- }
-
- break;
-
- case dns_c_zone_forward:
-#ifdef notyet
- /*
- * Forward zones are still in a state of flux.
- */
- czone->u.fzone.check_names; /* XXX unused in BIND 8 */
- czone->u.fzone.forward; /* XXX*/
- czone->u.fzone.forwarders; /* XXX*/
-#endif
- break;
-
- case dns_c_zone_slave:
- dns_zone_settype(zone, dns_zone_slave);
- result = dns_c_zone_getfile(czone, &filename);
- if (result != ISC_R_SUCCESS)
- return (result);
- result = dns_zone_setdatabase(zone, filename);
- if (result != ISC_R_SUCCESS)
- return (result);
-#ifdef notyet
- result = dns_c_zone_getchecknames(czone, &severity);
- if (result == ISC_R_SUCCESS)
- dns_zone_setchecknames(zone, severity);
- else
- dns_zone_setchecknames(zone, dns_c_severity_warn);
-#endif
- result = configure_zone_acl(czone, cctx, cview, ac, zone,
- dns_c_zone_getallowquery,
- dns_c_view_getallowquery,
- dns_c_ctx_getallowquery,
- dns_zone_setqueryacl,
- dns_zone_clearqueryacl);
- if (result != ISC_R_SUCCESS)
- return (result);
-
- result = dns_c_zone_getmasterips(czone, &iplist);
- if (result == ISC_R_SUCCESS)
- result = dns_zone_setmasters(zone, iplist->ips,
- iplist->nextidx);
- else
- result = dns_zone_setmasters(zone, NULL, 0);
- if (result != ISC_R_SUCCESS)
- return (result);
-
- result = dns_c_zone_getmaxtranstimein(czone, &maxxfr);
- if (result != ISC_R_SUCCESS)
- result = dns_c_ctx_getmaxtransfertimein(cctx, &maxxfr);
- if (result != ISC_R_SUCCESS)
- maxxfr = MAX_XFER_TIME;
- dns_zone_setmaxxfrin(zone, maxxfr);
-
- result = dns_c_zone_getmaxtransidlein(czone, &maxxfr);
- if (result != ISC_R_SUCCESS)
- result = dns_c_ctx_getmaxtransferidlein(cctx, &maxxfr);
- if (result != ISC_R_SUCCESS)
- maxxfr = DNS_DEFAULT_IDLEIN;
- dns_zone_setidlein(zone, maxxfr);
-
- result = dns_c_zone_gettransfersource(czone, &sockaddr);
- if (result != ISC_R_SUCCESS && cview != NULL)
- result = dns_c_view_gettransfersource(cview,
- &sockaddr);
- if (result != ISC_R_SUCCESS)
- result = dns_c_ctx_gettransfersource(cctx, &sockaddr);
- if (result != ISC_R_SUCCESS)
- sockaddr = sockaddr_any4;
- dns_zone_setxfrsource4(zone, &sockaddr);
-
- result = dns_c_zone_gettransfersourcev6(czone, &sockaddr);
- if (result != ISC_R_SUCCESS && cview != NULL)
- result = dns_c_view_gettransfersourcev6(cview,
- &sockaddr);
- if (result != ISC_R_SUCCESS)
- result = dns_c_ctx_gettransfersourcev6(cctx,
- &sockaddr);
- if (result != ISC_R_SUCCESS)
- sockaddr = sockaddr_any6;
- dns_zone_setxfrsource6(zone, &sockaddr);
-
- result = dns_c_zone_getmaxtranstimeout(czone, &maxxfr);
- if (result != ISC_R_SUCCESS && cview != NULL)
- result = dns_c_view_getmaxtransfertimeout(cview,
- &maxxfr);
- if (result != ISC_R_SUCCESS)
- result = dns_c_ctx_getmaxtransfertimeout(cctx,
- &maxxfr);
- if (result != ISC_R_SUCCESS)
- maxxfr = MAX_XFER_TIME;
- dns_zone_setmaxxfrout(zone, maxxfr);
-
- result = dns_c_zone_getmaxtransidleout(czone, &maxxfr);
- if (result != ISC_R_SUCCESS && cview != NULL)
- result = dns_c_view_getmaxtransferidleout(cview,
- &maxxfr);
- if (result != ISC_R_SUCCESS)
- result = dns_c_ctx_getmaxtransferidleout(cctx,
- &maxxfr);
- if (result != ISC_R_SUCCESS)
- maxxfr = DNS_DEFAULT_IDLEOUT;
- dns_zone_setidleout(zone, maxxfr);
-
- result = dns_c_zone_getdialup(czone, &boolean);
-#ifdef notyet
- if (result != ISC_R_SUCCESS && cview != NULL)
- result = dns_c_view_getdialup(cview, &boolean);
-#endif
- if (result != ISC_R_SUCCESS)
- result = dns_c_ctx_getdialup(cctx, &boolean);
- if (result != ISC_R_SUCCESS)
- boolean = ISC_FALSE;
- dns_zone_setoption(zone, DNS_ZONE_O_DIALUP, boolean);
-
- result = dns_c_zone_getnotify(czone, &boolean);
- if (result != ISC_R_SUCCESS && cview != NULL)
- result = dns_c_view_getnotify(cview, &boolean);
- if (result != ISC_R_SUCCESS)
- result = dns_c_ctx_getnotify(cctx, &boolean);
- if (result != ISC_R_SUCCESS)
- boolean = ISC_TRUE;
- dns_zone_setoption(zone, DNS_ZONE_O_NOTIFY, boolean);
-
- result = dns_c_zone_getalsonotify(czone, &iplist);
- if (result == ISC_R_SUCCESS)
- result = dns_zone_setnotifyalso(zone, iplist->ips,
- iplist->nextidx);
- else
- result = dns_zone_setnotifyalso(zone, NULL, 0);
- if (result != ISC_R_SUCCESS)
- return (result);
-
- break;
-
- case dns_c_zone_stub:
- dns_zone_settype(zone, dns_zone_stub);
- result = dns_c_zone_getfile(czone, &filename);
- if (result != ISC_R_SUCCESS)
- return (result);
- result = dns_zone_setdatabase(zone, filename);
- if (result != ISC_R_SUCCESS)
- return (result);
-#ifdef notyet
- result = dns_c_zone_getchecknames(czone, &severity);
- if (result == ISC_R_SUCCESS)
- dns_zone_setchecknames(zone, severity);
- else
- dns_zone_setchecknames(zone, dns_c_severity_warn);
-#endif
- result = configure_zone_acl(czone, cctx, cview, ac, zone,
- dns_c_zone_getallowquery,
- dns_c_view_getallowquery,
- dns_c_ctx_getallowquery,
- dns_zone_setqueryacl,
- dns_zone_clearqueryacl);
- if (result != ISC_R_SUCCESS)
- return (result);
-
- result = dns_c_zone_getmasterips(czone, &iplist);
- if (result == ISC_R_SUCCESS)
- result = dns_zone_setmasters(zone, iplist->ips,
- iplist->nextidx);
- else
- result = dns_zone_setmasters(zone, NULL, 0);
- if (result != ISC_R_SUCCESS)
- return (result);
-
- result = dns_c_zone_getmaxtranstimein(czone, &maxxfr);
- if (result != ISC_R_SUCCESS)
- result = dns_c_ctx_getmaxtransfertimein(cctx, &maxxfr);
- if (result != ISC_R_SUCCESS)
- maxxfr = MAX_XFER_TIME;
- dns_zone_setmaxxfrin(zone, maxxfr);
-
- result = dns_c_zone_getmaxtransidlein(czone, &maxxfr);
- if (result != ISC_R_SUCCESS)
- result = dns_c_ctx_getmaxtransferidlein(cctx, &maxxfr);
- if (result != ISC_R_SUCCESS)
- maxxfr = DNS_DEFAULT_IDLEIN;
- dns_zone_setidlein(zone, maxxfr);
-
- result = dns_c_zone_gettransfersource(czone, &sockaddr);
- if (result != ISC_R_SUCCESS && cview != NULL)
- result = dns_c_view_gettransfersource(cview,
- &sockaddr);
- if (result != ISC_R_SUCCESS)
- result = dns_c_ctx_gettransfersource(cctx, &sockaddr);
- if (result != ISC_R_SUCCESS)
- sockaddr = sockaddr_any4;
- dns_zone_setxfrsource4(zone, &sockaddr);
-
- result = dns_c_zone_gettransfersourcev6(czone, &sockaddr);
- if (result != ISC_R_SUCCESS && cview != NULL)
- result = dns_c_view_gettransfersourcev6(cview,
- &sockaddr);
- if (result != ISC_R_SUCCESS)
- result = dns_c_ctx_gettransfersourcev6(cctx,
- &sockaddr);
- if (result != ISC_R_SUCCESS)
- sockaddr = sockaddr_any6;
- dns_zone_setxfrsource6(zone, &sockaddr);
-
- case dns_c_zone_hint:
- dns_zone_settype(zone, dns_zone_hint);
- result = dns_c_zone_getfile(czone, &filename);
- if (result != ISC_R_SUCCESS)
- return (result);
- result = dns_zone_setdatabase(zone, filename);
- if (result != ISC_R_SUCCESS)
- return (result);
-#ifdef notyet
- result = dns_c_zone_getchecknames(czone, &severity);
- if (result == ISC_R_SUCCESS)
- dns_zone_setchecknames(zone, severity);
- else
- dns_zone_setchecknames(zone, dns_c_severity_fail);
-#endif
- break;
-
- }
-
- return (ISC_R_SUCCESS);
-}
-
-isc_boolean_t
-dns_zone_reusable(dns_zone_t *zone, dns_c_zone_t *czone) {
- const char *cfilename;
- const char *zfilename;
-
- if (dns_zonetype_fromconf(czone->ztype) != dns_zone_gettype(zone))
- return (ISC_FALSE);
-
- cfilename = NULL;
- (void) dns_c_zone_getfile(czone, &cfilename);
- zfilename = dns_zone_getdatabase(zone);
- if (cfilename == NULL || zfilename == NULL ||
- strcmp(cfilename, zfilename) != 0)
- return (ISC_FALSE);
-
- /* XXX Compare masters, too. */
-
- return (ISC_TRUE);
-}
-
-isc_result_t
-dns_zonemgr_configure(dns_c_ctx_t *cctx, dns_zonemgr_t *zmgr) {
- isc_int32_t val;
- isc_result_t result;
-
- result = dns_c_ctx_gettransfersin(cctx, &val);
- if (result != ISC_R_SUCCESS)
- val = 10;
- dns_zonemgr_settransfersin(zmgr, val);
-
- return (ISC_R_SUCCESS);
-}
-
projects / thirdparty / bind9.git / commitdiff
