mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-09-03 16:15:27 +00:00
542. [func] Add allow-update-forwarding support.
This commit is contained in:
Mark Andrews
2
CHANGES
2
CHANGES
@@ -1,3 +1,5 @@
|
||||
542. [func] Add allow-update-forwarding support.
|
||||
|
||||
541. [func] Add bogus server support.
|
||||
|
||||
540. [func] Add dialup support.
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: update.c,v 1.71 2000/10/31 03:21:45 marka Exp $ */
|
||||
/* $Id: update.c,v 1.72 2000/11/06 08:11:04 marka Exp $ */
|
||||
|
||||
#include <config.h>
|
||||
|
||||
@@ -1891,9 +1891,27 @@ ns_update_start(ns_client_t *client, isc_result_t sigresult) {
|
||||
CHECK(send_update_event(client, zone));
|
||||
break; /* OK. */
|
||||
case dns_zone_slave:
|
||||
if (dns_message_gettsig(client->message, NULL) == NULL)
|
||||
if (dns_message_gettsig(client->message, NULL) == NULL) {
|
||||
dns_acl_t *forwardacl;
|
||||
|
||||
/*
|
||||
* We only REFUSE if policy is explicitly set and
|
||||
* we fail to match.
|
||||
*/
|
||||
forwardacl = dns_zone_getforwardacl(zone);
|
||||
if (forwardacl == NULL) {
|
||||
FAILS(DNS_R_NOTIMP,
|
||||
"unsigned updates not forwarded");
|
||||
"unsigned updates not forwarded (noacl)");
|
||||
} else {
|
||||
result = ns_client_checkacl(client,
|
||||
"update-forward",
|
||||
forwardacl,
|
||||
ISC_FALSE,
|
||||
ISC_LOG_INFO);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
FAIL(DNS_R_REFUSED);
|
||||
}
|
||||
}
|
||||
CHECK(send_forward_event(client, zone));
|
||||
break; /* OK. */
|
||||
default:
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: zoneconf.c,v 1.65 2000/11/03 07:15:52 marka Exp $ */
|
||||
/* $Id: zoneconf.c,v 1.66 2000/11/06 08:11:08 marka Exp $ */
|
||||
|
||||
#include <config.h>
|
||||
|
||||
@@ -361,6 +361,13 @@ dns_zone_configure(dns_c_ctx_t *cctx, dns_c_view_t *cview,
|
||||
if (result != ISC_R_SUCCESS)
|
||||
uintval = 30 * 24 * 3600;
|
||||
dns_zone_setsigvalidityinterval(zone, uintval);
|
||||
} else if (czone->ztype == dns_c_zone_slave) {
|
||||
RETERR(configure_zone_acl(czone, cctx, NULL, ac, zone,
|
||||
dns_c_zone_getallowupdateforwarding,
|
||||
dns_c_view_getallowupdateforwarding,
|
||||
dns_c_ctx_getallowupdateforwarding,
|
||||
dns_zone_setforwardacl,
|
||||
dns_zone_clearforwardacl));
|
||||
}
|
||||
|
||||
result = dns_c_zone_gettransfersource(czone, &sockaddr);
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
|
||||
"http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd">
|
||||
|
||||
<!-- File: $Id: Bv9ARM-book.xml,v 1.25 2000/11/05 00:29:15 marka Exp $ -->
|
||||
<!-- File: $Id: Bv9ARM-book.xml,v 1.26 2000/11/06 08:11:05 marka Exp $ -->
|
||||
|
||||
<book>
|
||||
|
||||
@@ -3670,9 +3670,13 @@ updates from all hosts.</para></entry>
|
||||
<entry colname = "1"><para><command>allow-update-forwarding</command></para></entry>
|
||||
<entry colname = "2"><para>Specifies which hosts are allowed to
|
||||
submit Dynamic DNS updates to slave zones to be forwarded to the
|
||||
master. The default is to deny update forwarding from all hosts.</para><note>
|
||||
<simpara>Update
|
||||
forwarding is not yet implemented.</simpara></note></entry>
|
||||
master.
|
||||
This applies only to unsigned updates.
|
||||
Signed updates are always forwarded.
|
||||
If there is no acl defined then the server will return NOTIMPL, causing the
|
||||
client to skip to the next server. If an acl is defined and there is no
|
||||
match then the default is to deny update forwarding.</para>
|
||||
</entry>
|
||||
</row>
|
||||
<row rowsep = "0">
|
||||
<entry colname = "1"><para><command>also-notify</command></para></entry>
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: confctx.c,v 1.96 2000/11/03 07:15:57 marka Exp $ */
|
||||
/* $Id: confctx.c,v 1.97 2000/11/06 08:11:10 marka Exp $ */
|
||||
|
||||
#include <config.h>
|
||||
|
||||
@@ -533,14 +533,6 @@ dns_c_checkconfig(dns_c_ctx_t *cfg)
|
||||
"option 'rrset-order' is not yet implemented");
|
||||
}
|
||||
|
||||
if (dns_c_ctx_getallowupdateforwarding(cfg, &ipml) != ISC_R_NOTFOUND) {
|
||||
dns_c_ipmatchlist_detach(&ipml);
|
||||
isc_log_write(dns_lctx, DNS_LOGCATEGORY_CONFIG,
|
||||
DNS_LOGMODULE_CONFIG, ISC_LOG_WARNING,
|
||||
"option 'allow-update-forwarding' is not "
|
||||
"yet implemented");
|
||||
}
|
||||
|
||||
if (cfg->zlist != NULL) {
|
||||
tmpres = dns_c_zonelist_checkzones(cfg->zlist);
|
||||
if (tmpres != ISC_R_SUCCESS) {
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: zone.h,v 1.84 2000/11/03 18:43:53 gson Exp $ */
|
||||
/* $Id: zone.h,v 1.85 2000/11/06 08:11:11 marka Exp $ */
|
||||
|
||||
#ifndef DNS_ZONE_H
|
||||
#define DNS_ZONE_H 1
|
||||
@@ -591,6 +591,16 @@ dns_zone_setupdateacl(dns_zone_t *zone, dns_acl_t *acl);
|
||||
* 'acl' to be valid acl.
|
||||
*/
|
||||
|
||||
void
|
||||
dns_zone_setforwardacl(dns_zone_t *zone, dns_acl_t *acl);
|
||||
/*
|
||||
* Sets the forward unsigned updates acl list for the zone.
|
||||
*
|
||||
* Require:
|
||||
* 'zone' to be a valid zone.
|
||||
* 'acl' to be valid acl.
|
||||
*/
|
||||
|
||||
void
|
||||
dns_zone_setxfracl(dns_zone_t *zone, dns_acl_t *acl);
|
||||
/*
|
||||
@@ -642,6 +652,19 @@ dns_zone_getupdateacl(dns_zone_t *zone);
|
||||
* NULL
|
||||
*/
|
||||
|
||||
dns_acl_t *
|
||||
dns_zone_getforwardacl(dns_zone_t *zone);
|
||||
/*
|
||||
* Returns the current forward unsigned updates acl or NULL.
|
||||
*
|
||||
* Require:
|
||||
* 'zone' to be a valid zone.
|
||||
*
|
||||
* Returns:
|
||||
* acl a pointer to the acl.
|
||||
* NULL
|
||||
*/
|
||||
|
||||
dns_acl_t *
|
||||
dns_zone_getxfracl(dns_zone_t *zone);
|
||||
/*
|
||||
@@ -664,6 +687,15 @@ dns_zone_clearupdateacl(dns_zone_t *zone);
|
||||
* 'zone' to be a valid zone.
|
||||
*/
|
||||
|
||||
void
|
||||
dns_zone_clearforwardacl(dns_zone_t *zone);
|
||||
/*
|
||||
* Clear the current forward unsigned updates acl.
|
||||
*
|
||||
* Require:
|
||||
* 'zone' to be a valid zone.
|
||||
*/
|
||||
|
||||
#ifndef NOMINUM_PUBLIC
|
||||
void
|
||||
dns_zone_clearnotifyacl(dns_zone_t *zone);
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: zone.c,v 1.245 2000/11/03 07:15:50 marka Exp $ */
|
||||
/* $Id: zone.c,v 1.246 2000/11/06 08:11:07 marka Exp $ */
|
||||
|
||||
#include <config.h>
|
||||
|
||||
@@ -160,6 +160,7 @@ struct dns_zone {
|
||||
dns_xfrin_ctx_t *xfr;
|
||||
/* Access Control Lists */
|
||||
dns_acl_t *update_acl;
|
||||
dns_acl_t *forward_acl;
|
||||
#ifndef NOMINUM_PUBLIC
|
||||
dns_acl_t *notify_acl;
|
||||
#endif /* NOMINUM_PUBLIC */
|
||||
@@ -490,6 +491,7 @@ dns_zone_create(dns_zone_t **zonep, isc_mem_t *mctx) {
|
||||
zone->notifycnt = 0;
|
||||
zone->task = NULL;
|
||||
zone->update_acl = NULL;
|
||||
zone->forward_acl = NULL;
|
||||
#ifndef NOMINUM_PUBLIC
|
||||
zone->notify_acl = NULL;
|
||||
#endif /* NOMINUM_PUBLIC */
|
||||
@@ -583,6 +585,8 @@ zone_free(dns_zone_t *zone) {
|
||||
zone->check_names = dns_severity_ignore;
|
||||
if (zone->update_acl != NULL)
|
||||
dns_acl_detach(&zone->update_acl);
|
||||
if (zone->forward_acl != NULL)
|
||||
dns_acl_detach(&zone->forward_acl);
|
||||
#ifndef NOMINUM_PUBLIC
|
||||
if (zone->notify_acl != NULL)
|
||||
dns_acl_detach(&zone->notify_acl);
|
||||
@@ -3911,6 +3915,18 @@ dns_zone_setupdateacl(dns_zone_t *zone, dns_acl_t *acl) {
|
||||
UNLOCK(&zone->lock);
|
||||
}
|
||||
|
||||
void
|
||||
dns_zone_setforwardacl(dns_zone_t *zone, dns_acl_t *acl) {
|
||||
|
||||
REQUIRE(DNS_ZONE_VALID(zone));
|
||||
|
||||
LOCK(&zone->lock);
|
||||
if (zone->forward_acl != NULL)
|
||||
dns_acl_detach(&zone->forward_acl);
|
||||
dns_acl_attach(acl, &zone->forward_acl);
|
||||
UNLOCK(&zone->lock);
|
||||
}
|
||||
|
||||
void
|
||||
dns_zone_setxfracl(dns_zone_t *zone, dns_acl_t *acl) {
|
||||
|
||||
@@ -3949,6 +3965,14 @@ dns_zone_getupdateacl(dns_zone_t *zone) {
|
||||
return (zone->update_acl);
|
||||
}
|
||||
|
||||
dns_acl_t *
|
||||
dns_zone_getforwardacl(dns_zone_t *zone) {
|
||||
|
||||
REQUIRE(DNS_ZONE_VALID(zone));
|
||||
|
||||
return (zone->forward_acl);
|
||||
}
|
||||
|
||||
dns_acl_t *
|
||||
dns_zone_getxfracl(dns_zone_t *zone) {
|
||||
|
||||
@@ -3968,6 +3992,17 @@ dns_zone_clearupdateacl(dns_zone_t *zone) {
|
||||
UNLOCK(&zone->lock);
|
||||
}
|
||||
|
||||
void
|
||||
dns_zone_clearforwardacl(dns_zone_t *zone) {
|
||||
|
||||
REQUIRE(DNS_ZONE_VALID(zone));
|
||||
|
||||
LOCK(&zone->lock);
|
||||
if (zone->forward_acl != NULL)
|
||||
dns_acl_detach(&zone->forward_acl);
|
||||
UNLOCK(&zone->lock);
|
||||
}
|
||||
|
||||
#ifndef NOMINUM_PUBLIC
|
||||
void
|
||||
dns_zone_clearnotifyacl(dns_zone_t *zone) {
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: zoneconf.c,v 1.65 2000/11/03 07:15:52 marka Exp $ */
|
||||
/* $Id: zoneconf.c,v 1.66 2000/11/06 08:11:08 marka Exp $ */
|
||||
|
||||
#include <config.h>
|
||||
|
||||
@@ -361,6 +361,13 @@ dns_zone_configure(dns_c_ctx_t *cctx, dns_c_view_t *cview,
|
||||
if (result != ISC_R_SUCCESS)
|
||||
uintval = 30 * 24 * 3600;
|
||||
dns_zone_setsigvalidityinterval(zone, uintval);
|
||||
} else if (czone->ztype == dns_c_zone_slave) {
|
||||
RETERR(configure_zone_acl(czone, cctx, NULL, ac, zone,
|
||||
dns_c_zone_getallowupdateforwarding,
|
||||
dns_c_view_getallowupdateforwarding,
|
||||
dns_c_ctx_getallowupdateforwarding,
|
||||
dns_zone_setforwardacl,
|
||||
dns_zone_clearforwardacl));
|
||||
}
|
||||
|
||||
result = dns_c_zone_gettransfersource(czone, &sockaddr);
|
||||
|
||||
Reference in New Issue
Block a user