* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: acl.c,v 1.50.44.3 2009/01/18 23:47:35 tbox Exp $ */
+/* $Id: acl.c,v 1.53 2009/01/17 23:47:42 tbox Exp $ */
/*! \file */
#include <config.h>
-#ifdef SUPPORT_GEOIP
-#include <GeoIP.h>
-#endif
-
#include <isc/mem.h>
#include <isc/once.h>
#include <isc/string.h>
#include <dns/acl.h>
#include <dns/iptable.h>
-#ifdef SUPPORT_GEOIP
-static GeoIP *geoip = NULL;
-#endif
-
/*
* Create a new ACL, including an IP table and an array with room
* for 'n' ACL elements. The elements are uninitialized and the
dest->elements[nelem + i].node_num =
source->elements[i].node_num + dest->node_count;
-#ifdef SUPPORT_GEOIP
- /* Country */
- if (source->elements[i].type == dns_aclelementtype_ipcountry &&
- source->elements[i].country != NULL) {
- strncpy(dest->elements[nelem + i].country, source->elements[i].country, 3);
- }
-#endif
/* Duplicate nested acl. */
if (source->elements[i].type == dns_aclelementtype_nestedacl &&
source->elements[i].nestedacl != NULL)
isc_result_t result;
switch (e->type) {
-#ifdef SUPPORT_GEOIP
- case dns_aclelementtype_ipcountry:
- /* Country match */
- if (NULL == geoip) {
- geoip = GeoIP_new(GEOIP_MEMORY_CACHE);
- }
- if (NULL != geoip) {
- const char *value = NULL;
-
- if (reqaddr->family == AF_INET) {
- value = GeoIP_country_code_by_addr(geoip,inet_ntoa(reqaddr->type.in));
-#ifdef GEOIP_V6
- } else if (reqaddr->family == AF_INET6) {
- value = GeoIP_country_name_by_ipnum_v6(geoip, (geoipv6_t)reqaddr->type.in6);
-#endif
- }
-
- if ((NULL != value) && (2 == strlen(value))) {
- if ((e->country[0] == value[0]) && (e->country[1] == value[1])) {
- return (ISC_TRUE);
- }
- }
- }
- return (ISC_FALSE);
-#endif
-
case dns_aclelementtype_keyname:
if (reqsigner != NULL &&
dns_name_equal(reqsigner, &e->keyname)) {
git.samba.org / tridge / bind9.git / blobdiff