bind/lib/dns/ssu.c

/*
 * $Id: ssu.c,v 1.6 2000/03/06 19:06:00 bwelling Exp $
 * Principal Author: Brian Wellington
 */

#include <config.h>

#include <string.h>

#include <isc/assertions.h>
#include <isc/error.h>
#include <isc/list.h>
#include <isc/magic.h>
#include <isc/result.h>
#include <isc/types.h>
#include <isc/mutex.h>
#include <isc/util.h>

#include <dns/name.h>
#include <dns/ssu.h>

#define SSUTABLEMAGIC		0x53535554 /* SSUT */
#define VALID_SSUTABLE(table)	ISC_MAGIC_VALID((table), SSUTABLEMAGIC)
#define SSURULEMAGIC		0x53535552 /* SSUR */
#define VALID_SSURULE(table)	ISC_MAGIC_VALID((table), SSURULEMAGIC)

struct dns_ssurule {
	isc_uint32_t magic;
	isc_boolean_t grant;	/* is this a grant or a deny? */
	unsigned int matchtype;	/* which type of pattern match? */
	dns_name_t *identity;	/* the identity to match */
	dns_name_t *name;	/* the name being updated */
	unsigned int ntypes;	/* number of data types covered */
	dns_rdatatype_t *types;	/* the data types.  Can include ANY, */
				/* defaults to all but SIG,SOA,NS if NULL*/
	ISC_LINK(dns_ssurule_t) link;
};

struct dns_ssutable {
	isc_uint32_t magic;
	isc_mem_t *mctx;
	unsigned int references;
	isc_mutex_t lock;
	ISC_LIST(dns_ssurule_t) rules;
};

isc_result_t
dns_ssutable_create(isc_mem_t *mctx, dns_ssutable_t **tablep) {
	isc_result_t result;
	dns_ssutable_t *table;

	REQUIRE(tablep != NULL && *tablep == NULL);
	REQUIRE(mctx != NULL);

	table = isc_mem_get(mctx, sizeof(dns_ssutable_t));
	if (table == NULL)
		return (ISC_R_NOMEMORY);
	result = isc_mutex_init(&table->lock);
	if (result != ISC_R_SUCCESS) {
		isc_mem_put(mctx, table, sizeof(dns_ssutable_t));
		return (result);
	}
	table->references = 1;
	table->mctx = mctx;
	ISC_LIST_INIT(table->rules);
	table->magic = SSUTABLEMAGIC;
	*tablep = table;
	return (ISC_R_SUCCESS);
}

static inline void
destroy(dns_ssutable_t *table) {
	isc_mem_t *mctx;

	REQUIRE(VALID_SSUTABLE(table));

	mctx = table->mctx;
	while (!ISC_LIST_EMPTY(table->rules)) {
		dns_ssurule_t *rule = ISC_LIST_HEAD(table->rules);
		if (rule->identity != NULL) {
			dns_name_free(rule->identity, mctx);
			isc_mem_put(mctx, rule->identity, sizeof(dns_name_t));
		}
		if (rule->name != NULL) {
			dns_name_free(rule->name, mctx);
			isc_mem_put(mctx, rule->name, sizeof(dns_name_t));
		}
		if (rule->types != NULL)
			isc_mem_put(mctx, rule->types,
				    rule->ntypes * sizeof(dns_rdatatype_t));
		ISC_LIST_UNLINK(table->rules, rule, link);
		rule->magic = 0;
		isc_mem_put(mctx, rule, sizeof(dns_ssurule_t));
	}
	isc_mutex_destroy(&table->lock);
	table->magic = 0;
	isc_mem_put(mctx, table, sizeof(dns_ssutable_t));
}

void
dns_ssutable_attach(dns_ssutable_t *source, dns_ssutable_t **targetp) {
	REQUIRE(VALID_SSUTABLE(source));
	REQUIRE(targetp != NULL && *targetp == NULL);

	LOCK(&source->lock);

	INSIST(source->references > 0);
	source->references++;
	INSIST(source->references != 0);

	UNLOCK(&source->lock);

	*targetp = source;
}

void
dns_ssutable_detach(dns_ssutable_t **tablep) {
	dns_ssutable_t *table;
	isc_boolean_t done = ISC_FALSE;

	REQUIRE(tablep != NULL);
	table = *tablep;
	REQUIRE(VALID_SSUTABLE(table));

	LOCK(&table->lock);

	INSIST(table->references > 0);
	if (--table->references == 0)
		done = ISC_TRUE;
	UNLOCK(&table->lock);

	*tablep = NULL;

	if (done)
		destroy(table);
}

isc_result_t
dns_ssutable_addrule(dns_ssutable_t *table, isc_boolean_t grant,
		     dns_name_t *identity, unsigned int matchtype,
		     dns_name_t *name, unsigned int ntypes,
		     dns_rdatatype_t *types)
{
	dns_ssurule_t *rule;
	isc_mem_t *mctx;
	isc_result_t result;

	REQUIRE(VALID_SSUTABLE(table));
	REQUIRE(dns_name_isabsolute(identity));
	REQUIRE(dns_name_isabsolute(name));
	REQUIRE(matchtype <= DNS_SSUMATCHTYPE_SELF);
	if (matchtype == DNS_SSUMATCHTYPE_WILDCARD)
		REQUIRE(dns_name_iswildcard(name));
	if (ntypes > 0)
		REQUIRE(types != NULL);

	mctx = table->mctx;
	rule = isc_mem_get(mctx, sizeof(dns_ssurule_t));
	if (rule == NULL)
		return (ISC_R_NOMEMORY);

	rule->identity = NULL;
	rule->name = NULL;
	rule->types = NULL;

	rule->grant = grant;

	rule->identity = isc_mem_get(mctx, sizeof(dns_name_t));
	if (rule->identity == NULL) {
		result = ISC_R_NOMEMORY;
		goto failure;
	}
	dns_name_init(rule->identity, NULL);
	result = dns_name_dup(identity, mctx, rule->identity);
	if (result != ISC_R_SUCCESS)
		goto failure;

	rule->name = isc_mem_get(mctx, sizeof(dns_name_t));
	if (rule->name == NULL) {
		result = ISC_R_NOMEMORY;
		goto failure;
	}
	dns_name_init(rule->name, NULL);
	result = dns_name_dup(name, mctx, rule->name);
	if (result != ISC_R_SUCCESS)
		goto failure;

	rule->matchtype = matchtype;

	rule->ntypes = ntypes;
	if (ntypes > 0) {
		rule->types = isc_mem_get(mctx,
					  ntypes * sizeof(dns_rdatatype_t));
		if (rule->types == NULL) {
			result = ISC_R_NOMEMORY;
			goto failure;
		}
		memcpy(rule->types, types, ntypes * sizeof(dns_rdatatype_t));
	}
	else
		rule->types = NULL;

	rule->magic = SSURULEMAGIC;
	ISC_LIST_APPEND(table->rules, rule, link);

	return (ISC_R_SUCCESS);

 failure:
	if (rule->identity != NULL) {
		if (dns_name_dynamic(rule->identity))
			dns_name_free(rule->identity, mctx);
		isc_mem_put(mctx, rule->identity, sizeof(dns_name_t));
	}
	if (rule->name != NULL) {
		if (dns_name_dynamic(rule->name))
			dns_name_free(rule->name, mctx);
		isc_mem_put(mctx, rule->name, sizeof(dns_name_t));
	}
	if (rule->types != NULL)
		isc_mem_put(mctx, rule->types,
			    ntypes * sizeof(dns_rdatatype_t));
	isc_mem_put(mctx, rule, sizeof(dns_ssurule_t));

	return (result);
}

static inline isc_boolean_t
isusertype(dns_rdatatype_t type) {
	return (type != dns_rdatatype_ns &&
		type != dns_rdatatype_soa &&
		type != dns_rdatatype_sig);
}

isc_boolean_t
dns_ssutable_checkrules(dns_ssutable_t *table, dns_name_t *signer,
			dns_name_t *name, dns_rdatatype_t type)
{
	dns_ssurule_t *rule;
	unsigned int i;

	REQUIRE(VALID_SSUTABLE(table));
	REQUIRE(signer == NULL || dns_name_isabsolute(signer));
	REQUIRE(dns_name_isabsolute(name));

	if (signer == NULL)
		return (ISC_FALSE);
	rule = ISC_LIST_HEAD(table->rules);
		rule = ISC_LIST_NEXT(rule, link);
	for (rule = ISC_LIST_HEAD(table->rules);
	     rule != NULL;
	     rule = ISC_LIST_NEXT(rule, link))
	{
		if (dns_name_iswildcard(rule->identity)) {
			if (!dns_name_matcheswildcard(signer, rule->identity))
				continue;
		}
		else {
			if (!dns_name_equal(signer, rule->identity))
				continue;
		}

		if (rule->matchtype == DNS_SSUMATCHTYPE_NAME) {
			if (!dns_name_equal(name, rule->name))
				continue;
		}
		else if (rule->matchtype == DNS_SSUMATCHTYPE_SUBDOMAIN) {
			if (!dns_name_issubdomain(name, rule->name))
				continue;
		}
		else if (rule->matchtype == DNS_SSUMATCHTYPE_WILDCARD) {
			if (!dns_name_matcheswildcard(name, rule->name))
				continue;
			
		}
		else if (rule->matchtype == DNS_SSUMATCHTYPE_SELF) {
			if (!dns_name_equal(signer, name))
				continue;
		}

		if (rule->ntypes == 0) {
			if (!isusertype(type))
				continue;
		}
		else {
			for (i = 0; i < rule->ntypes; i++) {
				if (rule->types[i] == dns_rdatatype_any ||
				    rule->types[i] == type)
					break;
			}
			if (i == rule->ntypes)
				continue;
		}
		return (rule->grant);
	}

	return (ISC_FALSE);
}

isc_boolean_t
dns_ssurule_isgrant(const dns_ssurule_t *rule) {
	REQUIRE(VALID_SSURULE(rule));
	return (rule->grant);
}

dns_name_t *
dns_ssurule_identity(const dns_ssurule_t *rule) {
	REQUIRE(VALID_SSURULE(rule));
	return (rule->identity);
}

unsigned int
dns_ssurule_matchtype(const dns_ssurule_t *rule) {
	REQUIRE(VALID_SSURULE(rule));
	return (rule->matchtype);
}

dns_name_t *
dns_ssurule_name(const dns_ssurule_t *rule) {
	REQUIRE(VALID_SSURULE(rule));
	return (rule->name);
}

unsigned int
dns_ssurule_types(const dns_ssurule_t *rule, dns_rdatatype_t **types) {
	REQUIRE(VALID_SSURULE(rule));
	REQUIRE(types != NULL && *types != NULL);
	*types = rule->types;
	return (rule->ntypes);
}

isc_result_t
dns_ssutable_firstrule(const dns_ssutable_t *table, dns_ssurule_t **rule) {
	REQUIRE(VALID_SSUTABLE(table));
	REQUIRE(rule != NULL && *rule == NULL);
	*rule = ISC_LIST_HEAD(table->rules);
	return (*rule != NULL ? ISC_R_SUCCESS : ISC_R_NOMORE);
}

isc_result_t
dns_ssutable_nextrule(dns_ssurule_t *rule, dns_ssurule_t **nextrule) {
	REQUIRE(VALID_SSURULE(rule));
	REQUIRE(nextrule != NULL && *nextrule == NULL);
	*nextrule = ISC_LIST_NEXT(rule, link);
	return (*nextrule != NULL ? ISC_R_SUCCESS : ISC_R_NOMORE);
}
* empty log message * 2000-02-14 21:00:38 +00:00			`/*`
ssutables are now attached/detached; zones get ssutables from config structs 2000-03-06 19:06:07 +00:00			`* $Id: ssu.c,v 1.6 2000/03/06 19:06:00 bwelling Exp $`
* empty log message * 2000-02-14 21:00:38 +00:00			`* Principal Author: Brian Wellington`
			`*/`

			`#include <config.h>`

			`#include <string.h>`

			`#include <isc/assertions.h>`
			`#include <isc/error.h>`
			`#include <isc/list.h>`
			`#include <isc/magic.h>`
			`#include <isc/result.h>`
			`#include <isc/types.h>`
ssutables are now attached/detached; zones get ssutables from config structs 2000-03-06 19:06:07 +00:00			`#include <isc/mutex.h>`
			`#include <isc/util.h>`
* empty log message * 2000-02-14 21:00:38 +00:00
			`#include <dns/name.h>`
			`#include <dns/ssu.h>`

Added a rule iterator and rule accessor functions 2000-03-01 23:28:31 +00:00			`#define SSUTABLEMAGIC 0x53535554 /* SSUT */`
			`#define VALID_SSUTABLE(table) ISC_MAGIC_VALID((table), SSUTABLEMAGIC)`
			`#define SSURULEMAGIC 0x53535552 /* SSUR */`
			`#define VALID_SSURULE(table) ISC_MAGIC_VALID((table), SSURULEMAGIC)`
Initial commit of simple secure update. Not compiled in by default. 2000-02-14 21:09:16 +00:00
* empty log message * 2000-02-14 21:00:38 +00:00			`struct dns_ssurule {`
Added a rule iterator and rule accessor functions 2000-03-01 23:28:31 +00:00			`isc_uint32_t magic;`
* empty log message * 2000-02-14 21:00:38 +00:00			`isc_boolean_t grant; /* is this a grant or a deny? */`
Added a rule iterator and rule accessor functions 2000-03-01 23:28:31 +00:00			`unsigned int matchtype; /* which type of pattern match? */`
added matchtype support 2000-02-15 21:54:59 +00:00			`dns_name_t identity; / the identity to match */`
			`dns_name_t name; / the name being updated */`
* empty log message * 2000-02-14 21:00:38 +00:00			`unsigned int ntypes; /* number of data types covered */`
			`dns_rdatatype_t types; / the data types. Can include ANY, */`
			`/* defaults to all but SIG,SOA,NS if NULL*/`
			`ISC_LINK(dns_ssurule_t) link;`
			`};`

			`struct dns_ssutable {`
			`isc_uint32_t magic;`
			`isc_mem_t *mctx;`
ssutables are now attached/detached; zones get ssutables from config structs 2000-03-06 19:06:07 +00:00			`unsigned int references;`
			`isc_mutex_t lock;`
* empty log message * 2000-02-14 21:00:38 +00:00			`ISC_LIST(dns_ssurule_t) rules;`
			`};`

			`isc_result_t`
ssutables are now attached/detached; zones get ssutables from config structs 2000-03-06 19:06:07 +00:00			`dns_ssutable_create(isc_mem_t mctx, dns_ssutable_t *tablep) {`
			`isc_result_t result;`
			`dns_ssutable_t *table;`

			`REQUIRE(tablep != NULL && *tablep == NULL);`
* empty log message * 2000-02-14 21:00:38 +00:00			`REQUIRE(mctx != NULL);`

ssutables are now attached/detached; zones get ssutables from config structs 2000-03-06 19:06:07 +00:00			`table = isc_mem_get(mctx, sizeof(dns_ssutable_t));`
			`if (table == NULL)`
* empty log message * 2000-02-14 21:00:38 +00:00			`return (ISC_R_NOMEMORY);`
ssutables are now attached/detached; zones get ssutables from config structs 2000-03-06 19:06:07 +00:00			`result = isc_mutex_init(&table->lock);`
			`if (result != ISC_R_SUCCESS) {`
			`isc_mem_put(mctx, table, sizeof(dns_ssutable_t));`
			`return (result);`
			`}`
			`table->references = 1;`
			`table->mctx = mctx;`
			`ISC_LIST_INIT(table->rules);`
			`table->magic = SSUTABLEMAGIC;`
			`*tablep = table;`
* empty log message * 2000-02-14 21:00:38 +00:00			`return (ISC_R_SUCCESS);`
			`}`

ssutables are now attached/detached; zones get ssutables from config structs 2000-03-06 19:06:07 +00:00			`static inline void`
			`destroy(dns_ssutable_t *table) {`
* empty log message * 2000-02-14 21:00:38 +00:00			`isc_mem_t *mctx;`

ssutables are now attached/detached; zones get ssutables from config structs 2000-03-06 19:06:07 +00:00			`REQUIRE(VALID_SSUTABLE(table));`
* empty log message * 2000-02-14 21:00:38 +00:00
ssutables are now attached/detached; zones get ssutables from config structs 2000-03-06 19:06:07 +00:00			`mctx = table->mctx;`
			`while (!ISC_LIST_EMPTY(table->rules)) {`
			`dns_ssurule_t *rule = ISC_LIST_HEAD(table->rules);`
* empty log message * 2000-02-14 21:00:38 +00:00			`if (rule->identity != NULL) {`
			`dns_name_free(rule->identity, mctx);`
			`isc_mem_put(mctx, rule->identity, sizeof(dns_name_t));`
			`}`
			`if (rule->name != NULL) {`
			`dns_name_free(rule->name, mctx);`
			`isc_mem_put(mctx, rule->name, sizeof(dns_name_t));`
			`}`
			`if (rule->types != NULL)`
			`isc_mem_put(mctx, rule->types,`
			`rule->ntypes * sizeof(dns_rdatatype_t));`
ssutables are now attached/detached; zones get ssutables from config structs 2000-03-06 19:06:07 +00:00			`ISC_LIST_UNLINK(table->rules, rule, link);`
Added a rule iterator and rule accessor functions 2000-03-01 23:28:31 +00:00			`rule->magic = 0;`
* empty log message * 2000-02-14 21:00:38 +00:00			`isc_mem_put(mctx, rule, sizeof(dns_ssurule_t));`
			`}`
ssutables are now attached/detached; zones get ssutables from config structs 2000-03-06 19:06:07 +00:00			`isc_mutex_destroy(&table->lock);`
			`table->magic = 0;`
			`isc_mem_put(mctx, table, sizeof(dns_ssutable_t));`
			`}`

			`void`
			`dns_ssutable_attach(dns_ssutable_t source, dns_ssutable_t *targetp) {`
			`REQUIRE(VALID_SSUTABLE(source));`
			`REQUIRE(targetp != NULL && *targetp == NULL);`

			`LOCK(&source->lock);`

			`INSIST(source->references > 0);`
			`source->references++;`
			`INSIST(source->references != 0);`

			`UNLOCK(&source->lock);`

			`*targetp = source;`
			`}`

			`void`
			`dns_ssutable_detach(dns_ssutable_t **tablep) {`
			`dns_ssutable_t *table;`
			`isc_boolean_t done = ISC_FALSE;`

			`REQUIRE(tablep != NULL);`
			`table = *tablep;`
			`REQUIRE(VALID_SSUTABLE(table));`

			`LOCK(&table->lock);`

			`INSIST(table->references > 0);`
			`if (--table->references == 0)`
			`done = ISC_TRUE;`
			`UNLOCK(&table->lock);`

			`*tablep = NULL;`

			`if (done)`
			`destroy(table);`
* empty log message * 2000-02-14 21:00:38 +00:00			`}`

			`isc_result_t`
			`dns_ssutable_addrule(dns_ssutable_t *table, isc_boolean_t grant,`
added matchtype support 2000-02-15 21:54:59 +00:00			`dns_name_t *identity, unsigned int matchtype,`
			`dns_name_t *name, unsigned int ntypes,`
			`dns_rdatatype_t *types)`
* empty log message * 2000-02-14 21:00:38 +00:00			`{`
			`dns_ssurule_t *rule;`
			`isc_mem_t *mctx;`
			`isc_result_t result;`

			`REQUIRE(VALID_SSUTABLE(table));`
added matchtype support 2000-02-15 21:54:59 +00:00			`REQUIRE(dns_name_isabsolute(identity));`
			`REQUIRE(dns_name_isabsolute(name));`
			`REQUIRE(matchtype <= DNS_SSUMATCHTYPE_SELF);`
			`if (matchtype == DNS_SSUMATCHTYPE_WILDCARD)`
			`REQUIRE(dns_name_iswildcard(name));`
* empty log message * 2000-02-14 21:00:38 +00:00			`if (ntypes > 0)`
			`REQUIRE(types != NULL);`

			`mctx = table->mctx;`
			`rule = isc_mem_get(mctx, sizeof(dns_ssurule_t));`
			`if (rule == NULL)`
			`return (ISC_R_NOMEMORY);`

			`rule->identity = NULL;`
			`rule->name = NULL;`
			`rule->types = NULL;`

			`rule->grant = grant;`

added matchtype support 2000-02-15 21:54:59 +00:00			`rule->identity = isc_mem_get(mctx, sizeof(dns_name_t));`
			`if (rule->identity == NULL) {`
			`result = ISC_R_NOMEMORY;`
			`goto failure;`
* empty log message * 2000-02-14 21:00:38 +00:00			`}`
added matchtype support 2000-02-15 21:54:59 +00:00			`dns_name_init(rule->identity, NULL);`
			`result = dns_name_dup(identity, mctx, rule->identity);`
			`if (result != ISC_R_SUCCESS)`
			`goto failure;`

			`rule->name = isc_mem_get(mctx, sizeof(dns_name_t));`
			`if (rule->name == NULL) {`
			`result = ISC_R_NOMEMORY;`
			`goto failure;`
* empty log message * 2000-02-14 21:00:38 +00:00			`}`
added matchtype support 2000-02-15 21:54:59 +00:00			`dns_name_init(rule->name, NULL);`
			`result = dns_name_dup(name, mctx, rule->name);`
			`if (result != ISC_R_SUCCESS)`
			`goto failure;`
* empty log message * 2000-02-14 21:00:38 +00:00
added matchtype support 2000-02-15 21:54:59 +00:00			`rule->matchtype = matchtype;`
* empty log message * 2000-02-14 21:00:38 +00:00
			`rule->ntypes = ntypes;`
			`if (ntypes > 0) {`
			`rule->types = isc_mem_get(mctx,`
			`ntypes * sizeof(dns_rdatatype_t));`
			`if (rule->types == NULL) {`
			`result = ISC_R_NOMEMORY;`
			`goto failure;`
			`}`
			`memcpy(rule->types, types, ntypes * sizeof(dns_rdatatype_t));`
			`}`
			`else`
			`rule->types = NULL;`

Added a rule iterator and rule accessor functions 2000-03-01 23:28:31 +00:00			`rule->magic = SSURULEMAGIC;`
* empty log message * 2000-02-14 21:00:38 +00:00			`ISC_LIST_APPEND(table->rules, rule, link);`

			`return (ISC_R_SUCCESS);`

			`failure:`
			`if (rule->identity != NULL) {`
			`if (dns_name_dynamic(rule->identity))`
			`dns_name_free(rule->identity, mctx);`
			`isc_mem_put(mctx, rule->identity, sizeof(dns_name_t));`
			`}`
			`if (rule->name != NULL) {`
			`if (dns_name_dynamic(rule->name))`
			`dns_name_free(rule->name, mctx);`
			`isc_mem_put(mctx, rule->name, sizeof(dns_name_t));`
			`}`
			`if (rule->types != NULL)`
			`isc_mem_put(mctx, rule->types,`
			`ntypes * sizeof(dns_rdatatype_t));`
			`isc_mem_put(mctx, rule, sizeof(dns_ssurule_t));`

			`return (result);`
			`}`

			`static inline isc_boolean_t`
			`isusertype(dns_rdatatype_t type) {`
			`return (type != dns_rdatatype_ns &&`
			`type != dns_rdatatype_soa &&`
			`type != dns_rdatatype_sig);`
			`}`

			`isc_boolean_t`
			`dns_ssutable_checkrules(dns_ssutable_t table, dns_name_t signer,`
			`dns_name_t *name, dns_rdatatype_t type)`
			`{`
			`dns_ssurule_t *rule;`
			`unsigned int i;`

			`REQUIRE(VALID_SSUTABLE(table));`
			`REQUIRE(signer == NULL \|\| dns_name_isabsolute(signer));`
			`REQUIRE(dns_name_isabsolute(name));`

			`if (signer == NULL)`
			`return (ISC_FALSE);`
			`rule = ISC_LIST_HEAD(table->rules);`
			`rule = ISC_LIST_NEXT(rule, link);`
			`for (rule = ISC_LIST_HEAD(table->rules);`
			`rule != NULL;`
			`rule = ISC_LIST_NEXT(rule, link))`
			`{`
added matchtype support 2000-02-15 21:54:59 +00:00			`if (dns_name_iswildcard(rule->identity)) {`
			`if (!dns_name_matcheswildcard(signer, rule->identity))`
			`continue;`
* empty log message * 2000-02-14 21:00:38 +00:00			`}`
added matchtype support 2000-02-15 21:54:59 +00:00			`else {`
			`if (!dns_name_equal(signer, rule->identity))`
			`continue;`
			`}`

			`if (rule->matchtype == DNS_SSUMATCHTYPE_NAME) {`
			`if (!dns_name_equal(name, rule->name))`
			`continue;`
* empty log message * 2000-02-14 21:00:38 +00:00			`}`
added matchtype support 2000-02-15 21:54:59 +00:00			`else if (rule->matchtype == DNS_SSUMATCHTYPE_SUBDOMAIN) {`
			`if (!dns_name_issubdomain(name, rule->name))`
			`continue;`
			`}`
			`else if (rule->matchtype == DNS_SSUMATCHTYPE_WILDCARD) {`
			`if (!dns_name_matcheswildcard(name, rule->name))`
			`continue;`

			`}`
			`else if (rule->matchtype == DNS_SSUMATCHTYPE_SELF) {`
			`if (!dns_name_equal(signer, name))`
			`continue;`
			`}`

* empty log message * 2000-02-14 21:00:38 +00:00			`if (rule->ntypes == 0) {`
			`if (!isusertype(type))`
			`continue;`
			`}`
			`else {`
			`for (i = 0; i < rule->ntypes; i++) {`
			`if (rule->types[i] == dns_rdatatype_any \|\|`
			`rule->types[i] == type)`
			`break;`
			`}`
			`if (i == rule->ntypes)`
			`continue;`
			`}`
			`return (rule->grant);`
			`}`

			`return (ISC_FALSE);`
			`}`
Added a rule iterator and rule accessor functions 2000-03-01 23:28:31 +00:00
			`isc_boolean_t`
			`dns_ssurule_isgrant(const dns_ssurule_t *rule) {`
			`REQUIRE(VALID_SSURULE(rule));`
			`return (rule->grant);`
			`}`

			`dns_name_t *`
			`dns_ssurule_identity(const dns_ssurule_t *rule) {`
			`REQUIRE(VALID_SSURULE(rule));`
			`return (rule->identity);`
			`}`

			`unsigned int`
			`dns_ssurule_matchtype(const dns_ssurule_t *rule) {`
			`REQUIRE(VALID_SSURULE(rule));`
			`return (rule->matchtype);`
			`}`

			`dns_name_t *`
			`dns_ssurule_name(const dns_ssurule_t *rule) {`
			`REQUIRE(VALID_SSURULE(rule));`
			`return (rule->name);`
			`}`

			`unsigned int`
			`dns_ssurule_types(const dns_ssurule_t rule, dns_rdatatype_t *types) {`
			`REQUIRE(VALID_SSURULE(rule));`
			`REQUIRE(types != NULL && *types != NULL);`
			`*types = rule->types;`
			`return (rule->ntypes);`
			`}`

			`isc_result_t`
			`dns_ssutable_firstrule(const dns_ssutable_t table, dns_ssurule_t *rule) {`
			`REQUIRE(VALID_SSUTABLE(table));`
Fix boolean test 2000-03-02 20:39:23 +00:00			`REQUIRE(rule != NULL && *rule == NULL);`
Added a rule iterator and rule accessor functions 2000-03-01 23:28:31 +00:00			`*rule = ISC_LIST_HEAD(table->rules);`
			`return (*rule != NULL ? ISC_R_SUCCESS : ISC_R_NOMORE);`
			`}`

			`isc_result_t`
			`dns_ssutable_nextrule(dns_ssurule_t rule, dns_ssurule_t *nextrule) {`
			`REQUIRE(VALID_SSURULE(rule));`
Fix boolean test 2000-03-02 20:39:23 +00:00			`REQUIRE(nextrule != NULL && *nextrule == NULL);`
Added a rule iterator and rule accessor functions 2000-03-01 23:28:31 +00:00			`*nextrule = ISC_LIST_NEXT(rule, link);`
			`return (*nextrule != NULL ? ISC_R_SUCCESS : ISC_R_NOMORE);`
			`}`