Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/external/bsd/blacklist/diff new diffs from the top
details: https://anonhg.NetBSD.org/src/rev/9ee04317f39a
branches: trunk
changeset: 335753:9ee04317f39a
user: christos <christos%NetBSD.org@localhost>
date: Thu Jan 22 21:42:06 2015 +0000
description:
new diffs from the top
diffstat:
external/bsd/blacklist/diff/named.diff | 294 +++++++++++++++++---------------
external/bsd/blacklist/diff/ssh.diff | 156 ++++++++--------
2 files changed, 234 insertions(+), 216 deletions(-)
diffs (truncated from 476 to 300 lines):
diff -r 92a272d52f71 -r 9ee04317f39a external/bsd/blacklist/diff/named.diff
--- a/external/bsd/blacklist/diff/named.diff Thu Jan 22 21:32:30 2015 +0000
+++ b/external/bsd/blacklist/diff/named.diff Thu Jan 22 21:42:06 2015 +0000
@@ -1,141 +1,5 @@
-Index: client.c
-===================================================================
-RCS file: /cvsroot/src/external/bsd/bind/dist/bin/named/client.c,v
-retrieving revision 1.11
-diff -u -u -r1.11 client.c
---- client.c 10 Dec 2014 04:37:51 -0000 1.11
-+++ client.c 22 Jan 2015 17:54:19 -0000
-@@ -65,6 +65,8 @@
- #include <named/server.h>
- #include <named/update.h>
-
-+#include "pfilter.h"
-+
- /***
- *** Client
- ***/
-@@ -3101,6 +3103,7 @@
- result = ns_client_checkaclsilent(client, sockaddr ? &netaddr : NULL,
- acl, default_allow);
-
-+ pfilter_notify(result, client, opname);
- if (result == ISC_R_SUCCESS)
- ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
- NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
-Index: main.c
-===================================================================
-RCS file: /cvsroot/src/external/bsd/bind/dist/bin/named/main.c,v
-retrieving revision 1.15
-diff -u -u -r1.15 main.c
---- main.c 10 Dec 2014 04:37:51 -0000 1.15
-+++ main.c 22 Jan 2015 17:54:19 -0000
-@@ -95,6 +95,8 @@
- #include <dlz/dlz_drivers.h>
- #endif
-
-+#include "pfilter.h"
-+
- /*
- * The maximum number of stack frames to dump on assertion failure.
- */
-@@ -1206,6 +1208,7 @@
-
- parse_command_line(argc, argv);
-
-+ pfilter_open();
- /*
- * Warn about common configuration error.
- */
-Index: query.c
-===================================================================
-RCS file: /cvsroot/src/external/bsd/bind/dist/bin/named/query.c,v
-retrieving revision 1.17
-diff -u -u -r1.17 query.c
---- query.c 10 Dec 2014 04:37:52 -0000 1.17
-+++ query.c 22 Jan 2015 17:54:19 -0000
-@@ -65,6 +65,8 @@
- #include <named/sortlist.h>
- #include <named/xfrout.h>
-
-+#include "pfilter.h"
-+
- #if 0
- /*
- * It has been recommended that DNS64 be changed to return excluded
-@@ -762,6 +764,7 @@
- }
-
- result = ns_client_checkaclsilent(client, NULL, queryacl, ISC_TRUE);
-+ pfilter_notify(result, client, "validatezonedb");
- if ((options & DNS_GETDB_NOLOG) == 0) {
- char msg[NS_CLIENT_ACLMSGSIZE("query")];
- if (result == ISC_R_SUCCESS) {
-@@ -1026,6 +1029,7 @@
- result = ns_client_checkaclsilent(client, NULL,
- client->view->cacheacl,
- ISC_TRUE);
-+ pfilter_notify(result, client, "cachedb");
- if (result == ISC_R_SUCCESS) {
- /*
- * We were allowed by the "allow-query-cache" ACL.
-Index: update.c
-===================================================================
-RCS file: /cvsroot/src/external/bsd/bind/dist/bin/named/update.c,v
-retrieving revision 1.9
-diff -u -u -r1.9 update.c
---- update.c 10 Dec 2014 04:37:52 -0000 1.9
-+++ update.c 22 Jan 2015 17:54:19 -0000
-@@ -59,6 +59,8 @@
- #include <named/server.h>
- #include <named/update.h>
-
-+#include "pfilter.h"
-+
- /*! \file
- * \brief
- * This module implements dynamic update as in RFC2136.
-@@ -306,6 +308,7 @@
- isc_result_t result;
-
- result = ns_client_checkaclsilent(client, NULL, queryacl, ISC_TRUE);
-+ pfilter_notify(result, client, "queryacl");
- if (result != ISC_R_SUCCESS) {
- dns_name_format(zonename, namebuf, sizeof(namebuf));
- dns_rdataclass_format(client->view->rdclass, classbuf,
-@@ -362,6 +365,7 @@
- msg = "disabled";
- } else {
- result = ns_client_checkaclsilent(client, NULL, acl, ISC_FALSE);
-+ pfilter_notify(result, client, "updateacl");
- if (result == ISC_R_SUCCESS) {
- level = ISC_LOG_DEBUG(3);
- msg = "approved";
-Index: xfrout.c
-===================================================================
-RCS file: /cvsroot/src/external/bsd/bind/dist/bin/named/xfrout.c,v
-retrieving revision 1.7
-diff -u -u -r1.7 xfrout.c
---- xfrout.c 10 Dec 2014 04:37:52 -0000 1.7
-+++ xfrout.c 22 Jan 2015 17:54:19 -0000
-@@ -54,6 +54,8 @@
- #include <named/server.h>
- #include <named/xfrout.h>
-
-+#include "pfilter.h"
-+
- /*! \file
- * \brief
- * Outgoing AXFR and IXFR.
-@@ -822,6 +824,7 @@
- &client->peeraddr,
- &db);
-
-+ pfilter_notify(result, client, "zonexfr");
- if (result == ISC_R_NOPERM) {
- char _buf1[DNS_NAME_FORMATSIZE];
- char _buf2[DNS_RDATACLASS_FORMATSIZE];
--- /dev/null 2015-01-22 01:48:00.000000000 -0500
-+++ pfilter.c 2015-01-22 01:35:16.000000000 -0500
++++ dist/bin/named/pfilter.c 2015-01-22 01:35:16.000000000 -0500
@@ -0,0 +1,42 @@
+#include <config.h>
+
@@ -180,7 +44,161 @@
+ &client->peeraddr.type.sa, client->peeraddr.length, msg);
+}
--- /dev/null 2015-01-22 01:48:00.000000000 -0500
-+++ pfilter.h 2015-01-22 01:16:56.000000000 -0500
++++ dist/bin/named/pfilter.h 2015-01-22 01:16:56.000000000 -0500
@@ -0,0 +1,2 @@
+void pfilter_open(void);
+void pfilter_notify(isc_result_t, ns_client_t *, const char *);
+Index: bin/named/Makefile
+===================================================================
+RCS file: /cvsroot/src/external/bsd/bind/bin/named/Makefile,v
+retrieving revision 1.8
+diff -u -u -r1.8 Makefile
+--- bin/named/Makefile 31 Dec 2013 20:23:12 -0000 1.8
++++ bin/named/Makefile 22 Jan 2015 21:40:38 -0000
+@@ -33,7 +33,9 @@
+ lwaddr.c lwdclient.c lwderror.c \
+ lwdgabn.c lwdgnba.c lwdgrbn.c lwdnoop.c lwresd.c lwsearch.c \
+ main.c notify.c query.c server.c sortlist.c statschannel.c \
+- tkeyconf.c tsigconf.c \
++ pfilter.c tkeyconf.c tsigconf.c \
+ update.c xfrout.c zoneconf.c ${SRCS_UNIX}
+
++LDADD+=-lblacklist
++DPADD+=${LIBBLACKLIST}
+ .include <bsd.prog.mk>
+Index: dist/bin/named/client.c
+===================================================================
+RCS file: /cvsroot/src/external/bsd/bind/dist/bin/named/client.c,v
+retrieving revision 1.11
+diff -u -u -r1.11 client.c
+--- dist/bin/named/client.c 10 Dec 2014 04:37:51 -0000 1.11
++++ dist/bin/named/client.c 22 Jan 2015 21:40:38 -0000
+@@ -65,6 +65,8 @@
+ #include <named/server.h>
+ #include <named/update.h>
+
++#include "pfilter.h"
++
+ /***
+ *** Client
+ ***/
+@@ -3101,6 +3103,7 @@
+ result = ns_client_checkaclsilent(client, sockaddr ? &netaddr : NULL,
+ acl, default_allow);
+
++ pfilter_notify(result, client, opname);
+ if (result == ISC_R_SUCCESS)
+ ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
+ NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
+Index: dist/bin/named/main.c
+===================================================================
+RCS file: /cvsroot/src/external/bsd/bind/dist/bin/named/main.c,v
+retrieving revision 1.15
+diff -u -u -r1.15 main.c
+--- dist/bin/named/main.c 10 Dec 2014 04:37:51 -0000 1.15
++++ dist/bin/named/main.c 22 Jan 2015 21:40:38 -0000
+@@ -95,6 +95,8 @@
+ #include <dlz/dlz_drivers.h>
+ #endif
+
++#include "pfilter.h"
++
+ /*
+ * The maximum number of stack frames to dump on assertion failure.
+ */
+@@ -1206,6 +1208,7 @@
+
+ parse_command_line(argc, argv);
+
++ pfilter_open();
+ /*
+ * Warn about common configuration error.
+ */
+Index: dist/bin/named/query.c
+===================================================================
+RCS file: /cvsroot/src/external/bsd/bind/dist/bin/named/query.c,v
+retrieving revision 1.17
+diff -u -u -r1.17 query.c
+--- dist/bin/named/query.c 10 Dec 2014 04:37:52 -0000 1.17
++++ dist/bin/named/query.c 22 Jan 2015 21:40:39 -0000
+@@ -65,6 +65,8 @@
+ #include <named/sortlist.h>
+ #include <named/xfrout.h>
+
++#include "pfilter.h"
++
+ #if 0
+ /*
+ * It has been recommended that DNS64 be changed to return excluded
+@@ -762,6 +764,7 @@
+ }
+
+ result = ns_client_checkaclsilent(client, NULL, queryacl, ISC_TRUE);
++ pfilter_notify(result, client, "validatezonedb");
+ if ((options & DNS_GETDB_NOLOG) == 0) {
+ char msg[NS_CLIENT_ACLMSGSIZE("query")];
+ if (result == ISC_R_SUCCESS) {
+@@ -1026,6 +1029,7 @@
+ result = ns_client_checkaclsilent(client, NULL,
+ client->view->cacheacl,
+ ISC_TRUE);
++ pfilter_notify(result, client, "cachedb");
+ if (result == ISC_R_SUCCESS) {
+ /*
+ * We were allowed by the "allow-query-cache" ACL.
+Index: dist/bin/named/update.c
+===================================================================
+RCS file: /cvsroot/src/external/bsd/bind/dist/bin/named/update.c,v
+retrieving revision 1.9
+diff -u -u -r1.9 update.c
+--- dist/bin/named/update.c 10 Dec 2014 04:37:52 -0000 1.9
++++ dist/bin/named/update.c 22 Jan 2015 21:40:39 -0000
+@@ -59,6 +59,8 @@
+ #include <named/server.h>
+ #include <named/update.h>
+
++#include "pfilter.h"
++
+ /*! \file
+ * \brief
+ * This module implements dynamic update as in RFC2136.
+@@ -306,6 +308,7 @@
+ isc_result_t result;
+
+ result = ns_client_checkaclsilent(client, NULL, queryacl, ISC_TRUE);
++ pfilter_notify(result, client, "queryacl");
+ if (result != ISC_R_SUCCESS) {
+ dns_name_format(zonename, namebuf, sizeof(namebuf));
+ dns_rdataclass_format(client->view->rdclass, classbuf,
+@@ -362,6 +365,7 @@
+ msg = "disabled";
+ } else {
+ result = ns_client_checkaclsilent(client, NULL, acl, ISC_FALSE);
++ pfilter_notify(result, client, "updateacl");
+ if (result == ISC_R_SUCCESS) {
+ level = ISC_LOG_DEBUG(3);
+ msg = "approved";
+Index: dist/bin/named/xfrout.c
+===================================================================
+RCS file: /cvsroot/src/external/bsd/bind/dist/bin/named/xfrout.c,v
+retrieving revision 1.7
+diff -u -u -r1.7 xfrout.c
+--- dist/bin/named/xfrout.c 10 Dec 2014 04:37:52 -0000 1.7
++++ dist/bin/named/xfrout.c 22 Jan 2015 21:40:39 -0000
+@@ -54,6 +54,8 @@
+ #include <named/server.h>
+ #include <named/xfrout.h>
+
++#include "pfilter.h"
++
+ /*! \file
+ * \brief
Home |
Main Index |
Thread Index |
Old Index