* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: check.c,v 1.114.4.2 2010/03/04 23:49:19 tbox Exp $ */
+/* $Id: check.c,v 1.114.4.6 2010/08/11 18:19:57 each Exp $ */
/*! \file */
static const char *acls[] = { "allow-query", "allow-query-on",
"allow-query-cache", "allow-query-cache-on",
"blackhole", "match-clients", "match-destinations",
- "sortlist", NULL };
+ "sortlist", "filter-aaaa", NULL };
while (acls[i] != NULL) {
tresult = checkacl(acls[i++], actx, NULL, voptions, config,
return (result);
}
+static isc_result_t
+check_filteraaaa(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions,
+ const char *viewname, const cfg_obj_t *config,
+ isc_log_t *logctx, isc_mem_t *mctx)
+{
+ const cfg_obj_t *options, *aclobj, *obj = NULL;
+ dns_acl_t *acl = NULL;
+ isc_result_t result = ISC_R_SUCCESS, tresult;
+ dns_v4_aaaa_t filter;
+ const char *forview = " for view ";
+
+ if (voptions != NULL)
+ cfg_map_get(voptions, "filter-aaaa-on-v4", &obj);
+ if (obj == NULL && config != NULL) {
+ options = NULL;
+ cfg_map_get(config, "options", &options);
+ if (options != NULL)
+ cfg_map_get(options, "filter-aaaa-on-v4", &obj);
+ }
+
+ if (obj == NULL)
+ filter = dns_v4_aaaa_ok; /* default */
+ else if (cfg_obj_isboolean(obj))
+ filter = cfg_obj_asboolean(obj) ? dns_v4_aaaa_filter :
+ dns_v4_aaaa_ok;
+ else
+ filter = dns_v4_aaaa_break_dnssec; /* break-dnssec */
+
+ if (viewname == NULL) {
+ viewname = "";
+ forview = "";
+ }
+
+ aclobj = options = NULL;
+ acl = NULL;
+
+ if (voptions != NULL)
+ cfg_map_get(voptions, "filter-aaaa", &aclobj);
+ if (config != NULL && aclobj == NULL) {
+ options = NULL;
+ cfg_map_get(config, "options", &options);
+ if (options != NULL)
+ cfg_map_get(options, "filter-aaaa", &aclobj);
+ }
+ if (aclobj == NULL)
+ return (result);
+
+ tresult = cfg_acl_fromconfig(aclobj, config, logctx,
+ actx, mctx, 0, &acl);
+
+ if (tresult != ISC_R_SUCCESS) {
+ result = tresult;
+ } else if (filter != dns_v4_aaaa_ok && dns_acl_isnone(acl)) {
+ cfg_obj_log(aclobj, logctx, ISC_LOG_WARNING,
+ "both \"filter-aaaa-on-v4 %s;\" and "
+ "\"filter-aaaa\" is 'none;'%s%s",
+ filter == dns_v4_aaaa_break_dnssec ?
+ "break-dnssec" : "yes", forview, viewname);
+ result = ISC_R_FAILURE;
+ } else if (filter == dns_v4_aaaa_ok && !dns_acl_isnone(acl)) {
+ cfg_obj_log(aclobj, logctx, ISC_LOG_WARNING,
+ "both \"filter-aaaa-on-v4 no;\" and "
+ "\"filter-aaaa\" is set%s%s", forview, viewname);
+ result = ISC_R_FAILURE;
+ }
+
+ if (acl != NULL)
+ dns_acl_detach(&acl);
+
+ return (result);
+}
+
typedef struct {
const char *name;
unsigned int scale;
if (tresult != ISC_R_SUCCESS)
result = tresult;
- cfg_aclconfctx_destroy(&actx);
+ tresult = check_filteraaaa(&actx, voptions, viewname, config,
+ logctx, mctx);
+ if (tresult != ISC_R_SUCCESS)
+ result = tresult;
+
+ cfg_aclconfctx_clear(&actx);
return (result);
}
result = tresult;
}
}
- cfg_aclconfctx_destroy(&actx);
+ cfg_aclconfctx_clear(&actx);
return (result);
}
git.samba.org / tridge / bind9.git / blobdiff