Source-Changes-HG archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[src/trunk]: src/external/mpl/bind put back the blacklistd integration that g...



details:   https://anonhg.NetBSD.org/src/rev/22d05cfce324
branches:  trunk
changeset: 1003310:22d05cfce324
user:      christos <christos%NetBSD.org@localhost>
date:      Mon Sep 09 14:40:39 2019 +0000

description:
put back the blacklistd integration that got lost in the bsd -> mpl move.

diffstat:

 external/mpl/bind/Makefile.inc                     |   5 +-
 external/mpl/bind/bin/named/Makefile               |   6 +-
 external/mpl/bind/dist/bin/named/main.c            |   6 +-
 external/mpl/bind/dist/bin/named/pfilter.c         |  47 --------------------
 external/mpl/bind/dist/bin/named/pfilter.h         |   2 -
 external/mpl/bind/dist/lib/ns/Makefile.in          |   4 +-
 external/mpl/bind/dist/lib/ns/include/ns/pfilter.h |   2 +
 external/mpl/bind/dist/lib/ns/pfilter.c            |  50 ++++++++++++++++++++++
 external/mpl/bind/dist/lib/ns/query.c              |   9 +++-
 external/mpl/bind/dist/lib/ns/update.c             |   7 ++-
 external/mpl/bind/dist/lib/ns/xfrout.c             |   5 +-
 external/mpl/bind/lib/libns/Makefile               |   4 +-
 12 files changed, 83 insertions(+), 64 deletions(-)

diffs (truncated from 331 to 300 lines):

diff -r e600d0a9de16 -r 22d05cfce324 external/mpl/bind/Makefile.inc
--- a/external/mpl/bind/Makefile.inc    Mon Sep 09 13:57:13 2019 +0000
+++ b/external/mpl/bind/Makefile.inc    Mon Sep 09 14:40:39 2019 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: Makefile.inc,v 1.4 2019/02/28 22:18:21 joerg Exp $
+#      $NetBSD: Makefile.inc,v 1.5 2019/09/09 14:40:39 christos Exp $
 
 .if !defined(BIND9_MAKEFILE_INC)
 BIND9_MAKEFILE_INC=yes
@@ -77,6 +77,9 @@
 #CPPFLAGS+= -DUSE_MEMIMPREGISTER -DUSE_APPIMPREGISTER -DUSE_SOCKETIMPREGISTER \
 #    -DUSE_TIMERIMPREGISTER
 
+LDADD+=-lblacklist
+DPADD+=${LIBBLACKLIST}
+
 .if ${NAMED_USE_PTHREADS} == "yes"
 # XXX: Not ready yet
 # CPPFLAGS+=   -DISC_PLATFORM_USE_NATIVE_RWLOCKS
diff -r e600d0a9de16 -r 22d05cfce324 external/mpl/bind/bin/named/Makefile
--- a/external/mpl/bind/bin/named/Makefile      Mon Sep 09 13:57:13 2019 +0000
+++ b/external/mpl/bind/bin/named/Makefile      Mon Sep 09 14:40:39 2019 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: Makefile,v 1.2 2018/08/14 11:52:56 christos Exp $
+#      $NetBSD: Makefile,v 1.3 2019/09/09 14:40:39 christos Exp $
 
 LDADD+=-lns
 DPADD+=${LIBNS}
@@ -35,11 +35,9 @@
 SRCS=  builtin.c config.c control.c controlconf.c \
        log.c logconf.c \
        main.c server.c statschannel.c \
-       pfilter.c tkeyconf.c tsigconf.c \
+       tkeyconf.c tsigconf.c \
        zoneconf.c ${SRCS_UNIX}
 
 main.o: ${VERSIONFILE}
 
-LDADD+=-lblacklist
-DPADD+=${LIBBLACKLIST}
 .include <bsd.prog.mk>
diff -r e600d0a9de16 -r 22d05cfce324 external/mpl/bind/dist/bin/named/main.c
--- a/external/mpl/bind/dist/bin/named/main.c   Mon Sep 09 13:57:13 2019 +0000
+++ b/external/mpl/bind/dist/bin/named/main.c   Mon Sep 09 14:40:39 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: main.c,v 1.4 2019/02/24 20:01:27 christos Exp $        */
+/*     $NetBSD: main.c,v 1.5 2019/09/09 14:40:39 christos Exp $        */
 
 /*
  * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
@@ -89,7 +89,7 @@
 #include <zlib.h>
 #endif
 
-#include "pfilter.h"
+#include <ns/pfilter.h>
 /*
  * Include header files for database drivers here.
  */
@@ -1404,7 +1404,7 @@
 
        parse_command_line(argc, argv);
 
-       pfilter_open();
+       pfilter_enable();
 
 #ifdef ENABLE_AFL
        if (named_g_fuzz_type != isc_fuzz_none) {
diff -r e600d0a9de16 -r 22d05cfce324 external/mpl/bind/dist/bin/named/pfilter.c
--- a/external/mpl/bind/dist/bin/named/pfilter.c        Mon Sep 09 13:57:13 2019 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,47 +0,0 @@
-#include <config.h>
-
-#include <isc/platform.h>
-#include <isc/util.h>
-#include <named/types.h>
-#include <ns/client.h>
-
-#include <blacklist.h>
-
-#include "pfilter.h"
-
-static struct blacklist *blstate;
-
-void
-pfilter_open(void)
-{
-       if (blstate == NULL)
-               blstate = blacklist_open();
-}
-
-#define TCP_CLIENT(c)  (((c)->attributes & NS_CLIENTATTR_TCP) != 0)
-
-void
-pfilter_notify(isc_result_t res, ns_client_t *client, const char *msg)
-{
-       isc_socket_t *socket;
-
-       pfilter_open();
-
-       if (TCP_CLIENT(client))
-               socket = client->tcpsocket;
-       else {
-               socket = client->udpsocket;
-               if (!client->peeraddr_valid)
-                       return;
-       }
-
-       if (socket == NULL)
-               return;
-
-       if (blstate == NULL)
-               return;
-
-       blacklist_sa_r(blstate, 
-           res != ISC_R_SUCCESS, isc_socket_getfd(socket),
-           &client->peeraddr.type.sa, client->peeraddr.length, msg);
-}
diff -r e600d0a9de16 -r 22d05cfce324 external/mpl/bind/dist/bin/named/pfilter.h
--- a/external/mpl/bind/dist/bin/named/pfilter.h        Mon Sep 09 13:57:13 2019 +0000
+++ /dev/null   Thu Jan 01 00:00:00 1970 +0000
@@ -1,2 +0,0 @@
-void pfilter_open(void);
-void pfilter_notify(isc_result_t, ns_client_t *, const char *);
diff -r e600d0a9de16 -r 22d05cfce324 external/mpl/bind/dist/lib/ns/Makefile.in
--- a/external/mpl/bind/dist/lib/ns/Makefile.in Mon Sep 09 13:57:13 2019 +0000
+++ b/external/mpl/bind/dist/lib/ns/Makefile.in Mon Sep 09 14:40:39 2019 +0000
@@ -42,11 +42,11 @@
 OBJS =         client.@O@ hooks.@O@ interfacemgr.@O@ lib.@O@ \
                listenlist.@O@ log.@O@ notify.@O@ query.@O@ \
                server.@O@ sortlist.@O@ stats.@O@ update.@O@ \
-               version.@O@ xfrout.@O@
+               version.@O@ xfrout.@O@ pfilter.@O@
 
 SRCS =         client.c hooks.c interfacemgr.c lib.c listenlist.c \
                log.c notify.c query.c server.c sortlist.c stats.c \
-               update.c version.c xfrout.c
+               update.c version.c xfrout.c pfilter.c
 
 SUBDIRS =      include
 TESTDIRS =     @UNITTESTS@
diff -r e600d0a9de16 -r 22d05cfce324 external/mpl/bind/dist/lib/ns/include/ns/pfilter.h
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/external/mpl/bind/dist/lib/ns/include/ns/pfilter.h        Mon Sep 09 14:40:39 2019 +0000
@@ -0,0 +1,2 @@
+void pfilter_enable(void);
+void pfilter_notify(isc_result_t, ns_client_t *, const char *);
diff -r e600d0a9de16 -r 22d05cfce324 external/mpl/bind/dist/lib/ns/pfilter.c
--- /dev/null   Thu Jan 01 00:00:00 1970 +0000
+++ b/external/mpl/bind/dist/lib/ns/pfilter.c   Mon Sep 09 14:40:39 2019 +0000
@@ -0,0 +1,50 @@
+#include <config.h>
+
+#include <isc/platform.h>
+#include <isc/util.h>
+#include <ns/types.h>
+#include <ns/client.h>
+
+#include <blacklist.h>
+
+#include <ns/pfilter.h>
+
+static struct blacklist *blstate;
+static int blenable;
+
+void
+pfilter_enable(void) {
+       blenable = 1;
+}
+
+#define TCP_CLIENT(c)  (((c)->attributes & NS_CLIENTATTR_TCP) != 0)
+
+void
+pfilter_notify(isc_result_t res, ns_client_t *client, const char *msg)
+{
+       isc_socket_t *socket;
+
+       if (!blenable)
+               return;
+
+       if (blstate == NULL)
+               blstate = blacklist_open();
+
+       if (blstate == NULL)
+               return;
+
+       if (TCP_CLIENT(client))
+               socket = client->tcpsocket;
+       else {
+               socket = client->udpsocket;
+               if (!client->peeraddr_valid)
+                       return;
+       }
+
+       if (socket == NULL)
+               return;
+
+       blacklist_sa_r(blstate, 
+           res != ISC_R_SUCCESS, isc_socket_getfd(socket),
+           &client->peeraddr.type.sa, client->peeraddr.length, msg);
+}
diff -r e600d0a9de16 -r 22d05cfce324 external/mpl/bind/dist/lib/ns/query.c
--- a/external/mpl/bind/dist/lib/ns/query.c     Mon Sep 09 13:57:13 2019 +0000
+++ b/external/mpl/bind/dist/lib/ns/query.c     Mon Sep 09 14:40:39 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: query.c,v 1.6 2019/09/05 19:33:00 christos Exp $       */
+/*     $NetBSD: query.c,v 1.7 2019/09/09 14:40:40 christos Exp $       */
 
 /*
  * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
@@ -71,6 +71,8 @@
 #include <ns/stats.h>
 #include <ns/xfrout.h>
 
+#include <ns/pfilter.h>
+
 #if 0
 /*
  * It has been recommended that DNS64 be changed to return excluded
@@ -868,6 +870,8 @@
                                              msg);
                        }
                } else if (log) {
+                       pfilter_notify(result, client, "checkcacheaccess");
+
                        /*
                         * We were denied by the "allow-query-cache" ACL.
                         * There is no need to clear NS_QUERYATTR_CACHEACLOK
@@ -999,6 +1003,7 @@
                                              "%s approved", msg);
                        }
                } else {
+                       pfilter_notify(result, client, "validatezonedb");
                        ns_client_aclmsg("query", name, qtype,
                                         client->view->rdclass,
                                         msg, sizeof(msg));
@@ -1032,6 +1037,8 @@
 
                result = ns_client_checkaclsilent(client, &client->destaddr,
                                                  queryonacl, true);
+               if (result != ISC_R_SUCCESS)
+                       pfilter_notify(result, client, "validatezonedb");
                if ((options & DNS_GETDB_NOLOG) == 0 &&
                    result != ISC_R_SUCCESS)
                        ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
diff -r e600d0a9de16 -r 22d05cfce324 external/mpl/bind/dist/lib/ns/update.c
--- a/external/mpl/bind/dist/lib/ns/update.c    Mon Sep 09 13:57:13 2019 +0000
+++ b/external/mpl/bind/dist/lib/ns/update.c    Mon Sep 09 14:40:39 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: update.c,v 1.4 2019/02/24 20:01:32 christos Exp $      */
+/*     $NetBSD: update.c,v 1.5 2019/09/09 14:40:40 christos Exp $      */
 
 /*
  * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
@@ -56,6 +56,8 @@
 #include <ns/stats.h>
 #include <ns/update.h>
 
+#include <ns/pfilter.h>
+
 /*! \file
  * \brief
  * This module implements dynamic update as in RFC2136.
@@ -337,6 +339,7 @@
 
        result = ns_client_checkaclsilent(client, NULL, queryacl, true);
        if (result != ISC_R_SUCCESS) {
+               pfilter_notify(result, client, "queryacl");
                dns_name_format(zonename, namebuf, sizeof(namebuf));
                dns_rdataclass_format(client->view->rdclass, classbuf,
                                      sizeof(classbuf));
@@ -349,6 +352,7 @@
                              "update '%s/%s' denied due to allow-query",
                              namebuf, classbuf);
        } else if (updateacl == NULL && ssutable == NULL) {
+               pfilter_notify(result, client, "updateacl");
                dns_name_format(zonename, namebuf, sizeof(namebuf));
                dns_rdataclass_format(client->view->rdclass, classbuf,
                                      sizeof(classbuf));
@@ -392,6 +396,7 @@
                msg = "disabled";
        } else {
                result = ns_client_checkaclsilent(client, NULL, acl, false);
+               pfilter_notify(result, client, "updateacl");
                if (result == ISC_R_SUCCESS) {
                        level = ISC_LOG_DEBUG(3);
                        msg = "approved";
diff -r e600d0a9de16 -r 22d05cfce324 external/mpl/bind/dist/lib/ns/xfrout.c
--- a/external/mpl/bind/dist/lib/ns/xfrout.c    Mon Sep 09 13:57:13 2019 +0000
+++ b/external/mpl/bind/dist/lib/ns/xfrout.c    Mon Sep 09 14:40:39 2019 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: xfrout.c,v 1.5 2019/09/05 19:33:00 christos Exp $      */
+/*     $NetBSD: xfrout.c,v 1.6 2019/09/09 14:40:40 christos Exp $      */
 
 /*
  * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
@@ -50,6 +50,8 @@
 #include <ns/stats.h>
 #include <ns/xfrout.h>



Home | Main Index | Thread Index | Old Index