[src/trunk]: src/external/bsd/bind blasklist hooks

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/9e6f524fc8f8
branches:  trunk
changeset: 335824:9e6f524fc8f8
user:      christos <christos%NetBSD.org@localhost>
date:      Sun Jan 25 15:51:53 2015 +0000

description:
blasklist hooks

diffstat:

 external/bsd/bind/bin/named/Makefile      |  6 ++++--
 external/bsd/bind/dist/bin/named/client.c |  5 ++++-
 external/bsd/bind/dist/bin/named/main.c   |  7 ++++++-
 external/bsd/bind/dist/bin/named/query.c  |  8 +++++++-
 external/bsd/bind/dist/bin/named/update.c |  7 ++++++-
 external/bsd/bind/dist/bin/named/xfrout.c |  5 ++++-
 6 files changed, 31 insertions(+), 7 deletions(-)

diffs (178 lines):

diff -r 673210c8a4fa -r 9e6f524fc8f8 external/bsd/bind/bin/named/Makefile
--- a/external/bsd/bind/bin/named/Makefile      Sun Jan 25 15:51:17 2015 +0000
+++ b/external/bsd/bind/bin/named/Makefile      Sun Jan 25 15:51:53 2015 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: Makefile,v 1.8 2013/12/31 20:23:12 christos Exp $
+#      $NetBSD: Makefile,v 1.9 2015/01/25 15:51:53 christos Exp $
 
 .include <bsd.own.mk>
 
@@ -33,7 +33,9 @@
        lwaddr.c lwdclient.c lwderror.c \
        lwdgabn.c lwdgnba.c lwdgrbn.c lwdnoop.c lwresd.c lwsearch.c \
        main.c notify.c query.c server.c sortlist.c statschannel.c \
-       tkeyconf.c tsigconf.c \
+       pfilter.c tkeyconf.c tsigconf.c \
        update.c xfrout.c zoneconf.c ${SRCS_UNIX}
 
+LDADD+=-lblacklist
+DPADD+=${LIBBLACKLIST}
 .include <bsd.prog.mk>
diff -r 673210c8a4fa -r 9e6f524fc8f8 external/bsd/bind/dist/bin/named/client.c
--- a/external/bsd/bind/dist/bin/named/client.c Sun Jan 25 15:51:17 2015 +0000
+++ b/external/bsd/bind/dist/bin/named/client.c Sun Jan 25 15:51:53 2015 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: client.c,v 1.11 2014/12/10 04:37:51 christos Exp $     */
+/*     $NetBSD: client.c,v 1.12 2015/01/25 15:51:53 christos Exp $     */
 
 /*
  * Copyright (C) 2004-2014  Internet Systems Consortium, Inc. ("ISC")
@@ -65,6 +65,8 @@
 #include <named/server.h>
 #include <named/update.h>
 
+#include "pfilter.h"
+
 /***
  *** Client
  ***/
@@ -3101,6 +3103,7 @@
        result = ns_client_checkaclsilent(client, sockaddr ? &netaddr : NULL,
                                          acl, default_allow);
 
+       pfilter_notify(result, client, opname);
        if (result == ISC_R_SUCCESS)
                ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
                              NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
diff -r 673210c8a4fa -r 9e6f524fc8f8 external/bsd/bind/dist/bin/named/main.c
--- a/external/bsd/bind/dist/bin/named/main.c   Sun Jan 25 15:51:17 2015 +0000
+++ b/external/bsd/bind/dist/bin/named/main.c   Sun Jan 25 15:51:53 2015 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: main.c,v 1.15 2014/12/10 04:37:51 christos Exp $       */
+/*     $NetBSD: main.c,v 1.16 2015/01/25 15:51:53 christos Exp $       */
 
 /*
  * Copyright (C) 2004-2014  Internet Systems Consortium, Inc. ("ISC")
@@ -83,6 +83,9 @@
 #ifdef HAVE_LIBXML2
 #include <libxml/xmlversion.h>
 #endif
+
+#include "pfilter.h"
+
 /*
  * Include header files for database drivers here.
  */
@@ -1206,6 +1209,8 @@
 
        parse_command_line(argc, argv);
 
+       pfilter_open();
+
        /*
         * Warn about common configuration error.
         */
diff -r 673210c8a4fa -r 9e6f524fc8f8 external/bsd/bind/dist/bin/named/query.c
--- a/external/bsd/bind/dist/bin/named/query.c  Sun Jan 25 15:51:17 2015 +0000
+++ b/external/bsd/bind/dist/bin/named/query.c  Sun Jan 25 15:51:53 2015 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: query.c,v 1.17 2014/12/10 04:37:52 christos Exp $      */
+/*     $NetBSD: query.c,v 1.18 2015/01/25 15:51:53 christos Exp $      */
 
 /*
  * Copyright (C) 2004-2014  Internet Systems Consortium, Inc. ("ISC")
@@ -65,6 +65,8 @@
 #include <named/sortlist.h>
 #include <named/xfrout.h>
 
+#include "pfilter.h"
+
 #if 0
 /*
  * It has been recommended that DNS64 be changed to return excluded
@@ -762,6 +764,8 @@
        }
 
        result = ns_client_checkaclsilent(client, NULL, queryacl, ISC_TRUE);
+       if (result != ISC_R_SUCCESS)
+               pfilter_notify(result, client, "validatezonedb");
        if ((options & DNS_GETDB_NOLOG) == 0) {
                char msg[NS_CLIENT_ACLMSGSIZE("query")];
                if (result == ISC_R_SUCCESS) {
@@ -1026,6 +1030,8 @@
                result = ns_client_checkaclsilent(client, NULL,
                                                  client->view->cacheacl,
                                                  ISC_TRUE);
+               if (result == ISC_R_SUCCESS)
+                       pfilter_notify(result, client, "cachedb");
                if (result == ISC_R_SUCCESS) {
                        /*
                         * We were allowed by the "allow-query-cache" ACL.
diff -r 673210c8a4fa -r 9e6f524fc8f8 external/bsd/bind/dist/bin/named/update.c
--- a/external/bsd/bind/dist/bin/named/update.c Sun Jan 25 15:51:17 2015 +0000
+++ b/external/bsd/bind/dist/bin/named/update.c Sun Jan 25 15:51:53 2015 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: update.c,v 1.9 2014/12/10 04:37:52 christos Exp $      */
+/*     $NetBSD: update.c,v 1.10 2015/01/25 15:51:53 christos Exp $     */
 
 /*
  * Copyright (C) 2004-2014  Internet Systems Consortium, Inc. ("ISC")
@@ -59,6 +59,8 @@
 #include <named/server.h>
 #include <named/update.h>
 
+#include "pfilter.h"
+
 /*! \file
  * \brief
  * This module implements dynamic update as in RFC2136.
@@ -307,6 +309,7 @@
 
        result = ns_client_checkaclsilent(client, NULL, queryacl, ISC_TRUE);
        if (result != ISC_R_SUCCESS) {
+               pfilter_notify(result, client, "queryacl");
                dns_name_format(zonename, namebuf, sizeof(namebuf));
                dns_rdataclass_format(client->view->rdclass, classbuf,
                                      sizeof(classbuf));
@@ -324,6 +327,7 @@
                                      sizeof(classbuf));
 
                result = DNS_R_REFUSED;
+               pfilter_notify(result, client, "updateacl");
                ns_client_log(client, NS_LOGCATEGORY_UPDATE_SECURITY,
                              NS_LOGMODULE_UPDATE, ISC_LOG_INFO,
                              "update '%s/%s' denied", namebuf, classbuf);
@@ -362,6 +366,7 @@
                msg = "disabled";
        } else {
                result = ns_client_checkaclsilent(client, NULL, acl, ISC_FALSE);
+               pfilter_notify(result, client, "updateacl");
                if (result == ISC_R_SUCCESS) {
                        level = ISC_LOG_DEBUG(3);
                        msg = "approved";
diff -r 673210c8a4fa -r 9e6f524fc8f8 external/bsd/bind/dist/bin/named/xfrout.c
--- a/external/bsd/bind/dist/bin/named/xfrout.c Sun Jan 25 15:51:17 2015 +0000
+++ b/external/bsd/bind/dist/bin/named/xfrout.c Sun Jan 25 15:51:53 2015 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: xfrout.c,v 1.7 2014/12/10 04:37:52 christos Exp $      */
+/*     $NetBSD: xfrout.c,v 1.8 2015/01/25 15:51:53 christos Exp $      */
 
 /*
  * Copyright (C) 2004-2014  Internet Systems Consortium, Inc. ("ISC")
@@ -54,6 +54,8 @@
 #include <named/server.h>
 #include <named/xfrout.h>
 
+#include "pfilter.h"
+
 /*! \file
  * \brief
  * Outgoing AXFR and IXFR.
@@ -822,6 +824,7 @@
                                                     &client->peeraddr,
                                                     &db);
 
+                       pfilter_notify(result, client, "zonexfr");
                        if (result == ISC_R_NOPERM) {
                                char _buf1[DNS_NAME_FORMATSIZE];
                                char _buf2[DNS_RDATACLASS_FORMATSIZE];