mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-09-02 23:55:27 +00:00
542. [func] Add allow-update-forwarding support.
This commit is contained in:
Mark Andrews
2
CHANGES
2
CHANGES
@@ -1,3 +1,5 @@
|
|||||||
|
542. [func] Add allow-update-forwarding support.
|
||||||
|
|
||||||
541. [func] Add bogus server support.
|
541. [func] Add bogus server support.
|
||||||
|
|
||||||
540. [func] Add dialup support.
|
540. [func] Add dialup support.
|
||||||
|
|||||||
@@ -15,7 +15,7 @@
|
|||||||
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* $Id: update.c,v 1.71 2000/10/31 03:21:45 marka Exp $ */
|
/* $Id: update.c,v 1.72 2000/11/06 08:11:04 marka Exp $ */
|
||||||
|
|
||||||
#include <config.h>
|
#include <config.h>
|
||||||
|
|
||||||
@@ -1891,9 +1891,27 @@ ns_update_start(ns_client_t *client, isc_result_t sigresult) {
|
|||||||
CHECK(send_update_event(client, zone));
|
CHECK(send_update_event(client, zone));
|
||||||
break; /* OK. */
|
break; /* OK. */
|
||||||
case dns_zone_slave:
|
case dns_zone_slave:
|
||||||
if (dns_message_gettsig(client->message, NULL) == NULL)
|
if (dns_message_gettsig(client->message, NULL) == NULL) {
|
||||||
FAILS(DNS_R_NOTIMP,
|
dns_acl_t *forwardacl;
|
||||||
"unsigned updates not forwarded");
|
|
||||||
|
/*
|
||||||
|
* We only REFUSE if policy is explicitly set and
|
||||||
|
* we fail to match.
|
||||||
|
*/
|
||||||
|
forwardacl = dns_zone_getforwardacl(zone);
|
||||||
|
if (forwardacl == NULL) {
|
||||||
|
FAILS(DNS_R_NOTIMP,
|
||||||
|
"unsigned updates not forwarded (noacl)");
|
||||||
|
} else {
|
||||||
|
result = ns_client_checkacl(client,
|
||||||
|
"update-forward",
|
||||||
|
forwardacl,
|
||||||
|
ISC_FALSE,
|
||||||
|
ISC_LOG_INFO);
|
||||||
|
if (result != ISC_R_SUCCESS)
|
||||||
|
FAIL(DNS_R_REFUSED);
|
||||||
|
}
|
||||||
|
}
|
||||||
CHECK(send_forward_event(client, zone));
|
CHECK(send_forward_event(client, zone));
|
||||||
break; /* OK. */
|
break; /* OK. */
|
||||||
default:
|
default:
|
||||||
|
|||||||
@@ -15,7 +15,7 @@
|
|||||||
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* $Id: zoneconf.c,v 1.65 2000/11/03 07:15:52 marka Exp $ */
|
/* $Id: zoneconf.c,v 1.66 2000/11/06 08:11:08 marka Exp $ */
|
||||||
|
|
||||||
#include <config.h>
|
#include <config.h>
|
||||||
|
|
||||||
@@ -361,6 +361,13 @@ dns_zone_configure(dns_c_ctx_t *cctx, dns_c_view_t *cview,
|
|||||||
if (result != ISC_R_SUCCESS)
|
if (result != ISC_R_SUCCESS)
|
||||||
uintval = 30 * 24 * 3600;
|
uintval = 30 * 24 * 3600;
|
||||||
dns_zone_setsigvalidityinterval(zone, uintval);
|
dns_zone_setsigvalidityinterval(zone, uintval);
|
||||||
|
} else if (czone->ztype == dns_c_zone_slave) {
|
||||||
|
RETERR(configure_zone_acl(czone, cctx, NULL, ac, zone,
|
||||||
|
dns_c_zone_getallowupdateforwarding,
|
||||||
|
dns_c_view_getallowupdateforwarding,
|
||||||
|
dns_c_ctx_getallowupdateforwarding,
|
||||||
|
dns_zone_setforwardacl,
|
||||||
|
dns_zone_clearforwardacl));
|
||||||
}
|
}
|
||||||
|
|
||||||
result = dns_c_zone_gettransfersource(czone, &sockaddr);
|
result = dns_c_zone_gettransfersource(czone, &sockaddr);
|
||||||
|
|||||||
@@ -2,7 +2,7 @@
|
|||||||
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
|
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
|
||||||
"http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd">
|
"http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd">
|
||||||
|
|
||||||
<!-- File: $Id: Bv9ARM-book.xml,v 1.25 2000/11/05 00:29:15 marka Exp $ -->
|
<!-- File: $Id: Bv9ARM-book.xml,v 1.26 2000/11/06 08:11:05 marka Exp $ -->
|
||||||
|
|
||||||
<book>
|
<book>
|
||||||
|
|
||||||
@@ -3670,9 +3670,13 @@ updates from all hosts.</para></entry>
|
|||||||
<entry colname = "1"><para><command>allow-update-forwarding</command></para></entry>
|
<entry colname = "1"><para><command>allow-update-forwarding</command></para></entry>
|
||||||
<entry colname = "2"><para>Specifies which hosts are allowed to
|
<entry colname = "2"><para>Specifies which hosts are allowed to
|
||||||
submit Dynamic DNS updates to slave zones to be forwarded to the
|
submit Dynamic DNS updates to slave zones to be forwarded to the
|
||||||
master. The default is to deny update forwarding from all hosts.</para><note>
|
master.
|
||||||
<simpara>Update
|
This applies only to unsigned updates.
|
||||||
forwarding is not yet implemented.</simpara></note></entry>
|
Signed updates are always forwarded.
|
||||||
|
If there is no acl defined then the server will return NOTIMPL, causing the
|
||||||
|
client to skip to the next server. If an acl is defined and there is no
|
||||||
|
match then the default is to deny update forwarding.</para>
|
||||||
|
</entry>
|
||||||
</row>
|
</row>
|
||||||
<row rowsep = "0">
|
<row rowsep = "0">
|
||||||
<entry colname = "1"><para><command>also-notify</command></para></entry>
|
<entry colname = "1"><para><command>also-notify</command></para></entry>
|
||||||
|
|||||||
@@ -15,7 +15,7 @@
|
|||||||
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* $Id: confctx.c,v 1.96 2000/11/03 07:15:57 marka Exp $ */
|
/* $Id: confctx.c,v 1.97 2000/11/06 08:11:10 marka Exp $ */
|
||||||
|
|
||||||
#include <config.h>
|
#include <config.h>
|
||||||
|
|
||||||
@@ -533,14 +533,6 @@ dns_c_checkconfig(dns_c_ctx_t *cfg)
|
|||||||
"option 'rrset-order' is not yet implemented");
|
"option 'rrset-order' is not yet implemented");
|
||||||
}
|
}
|
||||||
|
|
||||||
if (dns_c_ctx_getallowupdateforwarding(cfg, &ipml) != ISC_R_NOTFOUND) {
|
|
||||||
dns_c_ipmatchlist_detach(&ipml);
|
|
||||||
isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG,
|
|
||||||
DNS_LOGMODULE_CONFIG, ISC_LOG_WARNING,
|
|
||||||
"option 'allow-update-forwarding' is not "
|
|
||||||
"yet implemented");
|
|
||||||
}
|
|
||||||
|
|
||||||
if (cfg->zlist != NULL) {
|
if (cfg->zlist != NULL) {
|
||||||
tmpres = dns_c_zonelist_checkzones(cfg->zlist);
|
tmpres = dns_c_zonelist_checkzones(cfg->zlist);
|
||||||
if (tmpres != ISC_R_SUCCESS) {
|
if (tmpres != ISC_R_SUCCESS) {
|
||||||
|
|||||||
@@ -15,7 +15,7 @@
|
|||||||
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* $Id: zone.h,v 1.84 2000/11/03 18:43:53 gson Exp $ */
|
/* $Id: zone.h,v 1.85 2000/11/06 08:11:11 marka Exp $ */
|
||||||
|
|
||||||
#ifndef DNS_ZONE_H
|
#ifndef DNS_ZONE_H
|
||||||
#define DNS_ZONE_H 1
|
#define DNS_ZONE_H 1
|
||||||
@@ -591,6 +591,16 @@ dns_zone_setupdateacl(dns_zone_t *zone, dns_acl_t *acl);
|
|||||||
* 'acl' to be valid acl.
|
* 'acl' to be valid acl.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
void
|
||||||
|
dns_zone_setforwardacl(dns_zone_t *zone, dns_acl_t *acl);
|
||||||
|
/*
|
||||||
|
* Sets the forward unsigned updates acl list for the zone.
|
||||||
|
*
|
||||||
|
* Require:
|
||||||
|
* 'zone' to be a valid zone.
|
||||||
|
* 'acl' to be valid acl.
|
||||||
|
*/
|
||||||
|
|
||||||
void
|
void
|
||||||
dns_zone_setxfracl(dns_zone_t *zone, dns_acl_t *acl);
|
dns_zone_setxfracl(dns_zone_t *zone, dns_acl_t *acl);
|
||||||
/*
|
/*
|
||||||
@@ -642,6 +652,19 @@ dns_zone_getupdateacl(dns_zone_t *zone);
|
|||||||
* NULL
|
* NULL
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
dns_acl_t *
|
||||||
|
dns_zone_getforwardacl(dns_zone_t *zone);
|
||||||
|
/*
|
||||||
|
* Returns the current forward unsigned updates acl or NULL.
|
||||||
|
*
|
||||||
|
* Require:
|
||||||
|
* 'zone' to be a valid zone.
|
||||||
|
*
|
||||||
|
* Returns:
|
||||||
|
* acl a pointer to the acl.
|
||||||
|
* NULL
|
||||||
|
*/
|
||||||
|
|
||||||
dns_acl_t *
|
dns_acl_t *
|
||||||
dns_zone_getxfracl(dns_zone_t *zone);
|
dns_zone_getxfracl(dns_zone_t *zone);
|
||||||
/*
|
/*
|
||||||
@@ -664,6 +687,15 @@ dns_zone_clearupdateacl(dns_zone_t *zone);
|
|||||||
* 'zone' to be a valid zone.
|
* 'zone' to be a valid zone.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
void
|
||||||
|
dns_zone_clearforwardacl(dns_zone_t *zone);
|
||||||
|
/*
|
||||||
|
* Clear the current forward unsigned updates acl.
|
||||||
|
*
|
||||||
|
* Require:
|
||||||
|
* 'zone' to be a valid zone.
|
||||||
|
*/
|
||||||
|
|
||||||
#ifndef NOMINUM_PUBLIC
|
#ifndef NOMINUM_PUBLIC
|
||||||
void
|
void
|
||||||
dns_zone_clearnotifyacl(dns_zone_t *zone);
|
dns_zone_clearnotifyacl(dns_zone_t *zone);
|
||||||
|
|||||||
@@ -15,7 +15,7 @@
|
|||||||
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* $Id: zone.c,v 1.245 2000/11/03 07:15:50 marka Exp $ */
|
/* $Id: zone.c,v 1.246 2000/11/06 08:11:07 marka Exp $ */
|
||||||
|
|
||||||
#include <config.h>
|
#include <config.h>
|
||||||
|
|
||||||
@@ -160,6 +160,7 @@ struct dns_zone {
|
|||||||
dns_xfrin_ctx_t *xfr;
|
dns_xfrin_ctx_t *xfr;
|
||||||
/* Access Control Lists */
|
/* Access Control Lists */
|
||||||
dns_acl_t *update_acl;
|
dns_acl_t *update_acl;
|
||||||
|
dns_acl_t *forward_acl;
|
||||||
#ifndef NOMINUM_PUBLIC
|
#ifndef NOMINUM_PUBLIC
|
||||||
dns_acl_t *notify_acl;
|
dns_acl_t *notify_acl;
|
||||||
#endif /* NOMINUM_PUBLIC */
|
#endif /* NOMINUM_PUBLIC */
|
||||||
@@ -490,6 +491,7 @@ dns_zone_create(dns_zone_t **zonep, isc_mem_t *mctx) {
|
|||||||
zone->notifycnt = 0;
|
zone->notifycnt = 0;
|
||||||
zone->task = NULL;
|
zone->task = NULL;
|
||||||
zone->update_acl = NULL;
|
zone->update_acl = NULL;
|
||||||
|
zone->forward_acl = NULL;
|
||||||
#ifndef NOMINUM_PUBLIC
|
#ifndef NOMINUM_PUBLIC
|
||||||
zone->notify_acl = NULL;
|
zone->notify_acl = NULL;
|
||||||
#endif /* NOMINUM_PUBLIC */
|
#endif /* NOMINUM_PUBLIC */
|
||||||
@@ -583,6 +585,8 @@ zone_free(dns_zone_t *zone) {
|
|||||||
zone->check_names = dns_severity_ignore;
|
zone->check_names = dns_severity_ignore;
|
||||||
if (zone->update_acl != NULL)
|
if (zone->update_acl != NULL)
|
||||||
dns_acl_detach(&zone->update_acl);
|
dns_acl_detach(&zone->update_acl);
|
||||||
|
if (zone->forward_acl != NULL)
|
||||||
|
dns_acl_detach(&zone->forward_acl);
|
||||||
#ifndef NOMINUM_PUBLIC
|
#ifndef NOMINUM_PUBLIC
|
||||||
if (zone->notify_acl != NULL)
|
if (zone->notify_acl != NULL)
|
||||||
dns_acl_detach(&zone->notify_acl);
|
dns_acl_detach(&zone->notify_acl);
|
||||||
@@ -3911,6 +3915,18 @@ dns_zone_setupdateacl(dns_zone_t *zone, dns_acl_t *acl) {
|
|||||||
UNLOCK(&zone->lock);
|
UNLOCK(&zone->lock);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
dns_zone_setforwardacl(dns_zone_t *zone, dns_acl_t *acl) {
|
||||||
|
|
||||||
|
REQUIRE(DNS_ZONE_VALID(zone));
|
||||||
|
|
||||||
|
LOCK(&zone->lock);
|
||||||
|
if (zone->forward_acl != NULL)
|
||||||
|
dns_acl_detach(&zone->forward_acl);
|
||||||
|
dns_acl_attach(acl, &zone->forward_acl);
|
||||||
|
UNLOCK(&zone->lock);
|
||||||
|
}
|
||||||
|
|
||||||
void
|
void
|
||||||
dns_zone_setxfracl(dns_zone_t *zone, dns_acl_t *acl) {
|
dns_zone_setxfracl(dns_zone_t *zone, dns_acl_t *acl) {
|
||||||
|
|
||||||
@@ -3949,6 +3965,14 @@ dns_zone_getupdateacl(dns_zone_t *zone) {
|
|||||||
return (zone->update_acl);
|
return (zone->update_acl);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
dns_acl_t *
|
||||||
|
dns_zone_getforwardacl(dns_zone_t *zone) {
|
||||||
|
|
||||||
|
REQUIRE(DNS_ZONE_VALID(zone));
|
||||||
|
|
||||||
|
return (zone->forward_acl);
|
||||||
|
}
|
||||||
|
|
||||||
dns_acl_t *
|
dns_acl_t *
|
||||||
dns_zone_getxfracl(dns_zone_t *zone) {
|
dns_zone_getxfracl(dns_zone_t *zone) {
|
||||||
|
|
||||||
@@ -3968,6 +3992,17 @@ dns_zone_clearupdateacl(dns_zone_t *zone) {
|
|||||||
UNLOCK(&zone->lock);
|
UNLOCK(&zone->lock);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void
|
||||||
|
dns_zone_clearforwardacl(dns_zone_t *zone) {
|
||||||
|
|
||||||
|
REQUIRE(DNS_ZONE_VALID(zone));
|
||||||
|
|
||||||
|
LOCK(&zone->lock);
|
||||||
|
if (zone->forward_acl != NULL)
|
||||||
|
dns_acl_detach(&zone->forward_acl);
|
||||||
|
UNLOCK(&zone->lock);
|
||||||
|
}
|
||||||
|
|
||||||
#ifndef NOMINUM_PUBLIC
|
#ifndef NOMINUM_PUBLIC
|
||||||
void
|
void
|
||||||
dns_zone_clearnotifyacl(dns_zone_t *zone) {
|
dns_zone_clearnotifyacl(dns_zone_t *zone) {
|
||||||
|
|||||||
@@ -15,7 +15,7 @@
|
|||||||
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
/* $Id: zoneconf.c,v 1.65 2000/11/03 07:15:52 marka Exp $ */
|
/* $Id: zoneconf.c,v 1.66 2000/11/06 08:11:08 marka Exp $ */
|
||||||
|
|
||||||
#include <config.h>
|
#include <config.h>
|
||||||
|
|
||||||
@@ -361,6 +361,13 @@ dns_zone_configure(dns_c_ctx_t *cctx, dns_c_view_t *cview,
|
|||||||
if (result != ISC_R_SUCCESS)
|
if (result != ISC_R_SUCCESS)
|
||||||
uintval = 30 * 24 * 3600;
|
uintval = 30 * 24 * 3600;
|
||||||
dns_zone_setsigvalidityinterval(zone, uintval);
|
dns_zone_setsigvalidityinterval(zone, uintval);
|
||||||
|
} else if (czone->ztype == dns_c_zone_slave) {
|
||||||
|
RETERR(configure_zone_acl(czone, cctx, NULL, ac, zone,
|
||||||
|
dns_c_zone_getallowupdateforwarding,
|
||||||
|
dns_c_view_getallowupdateforwarding,
|
||||||
|
dns_c_ctx_getallowupdateforwarding,
|
||||||
|
dns_zone_setforwardacl,
|
||||||
|
dns_zone_clearforwardacl));
|
||||||
}
|
}
|
||||||
|
|
||||||
result = dns_c_zone_gettransfersource(czone, &sockaddr);
|
result = dns_c_zone_gettransfersource(czone, &sockaddr);
|
||||||
|
|||||||
Reference in New Issue
Block a user