diff --git a/bin/hooks/filter-aaaa.c b/bin/hooks/filter-aaaa.c index 2f316dbc35..6bd1cdc9d8 100644 --- a/bin/hooks/filter-aaaa.c +++ b/bin/hooks/filter-aaaa.c @@ -19,6 +19,10 @@ #include #include +#include +#include +#include + #include #include @@ -27,6 +31,13 @@ #include #include +#define CHECK(r) \ + do { \ + result = (r); \ + if (result != ISC_R_SUCCESS) \ + goto cleanup; \ + } while (0) + ns_hook_destroy_t hook_destroy; ns_hook_register_t hook_register; ns_hook_version_t hook_version; @@ -70,11 +81,120 @@ ns_hook_t filter_donesend = { .callback = filter_query_done_send, }; +/* + * Configuration support. + */ + +static dns_aaaa_t v4_aaaa; +static dns_aaaa_t v6_aaaa; +static dns_acl_t *aaaa_acl = NULL; + +static const char *filter_aaaa_enums[] = { "break-dnssec", NULL }; +static isc_result_t +parse_filter_aaaa(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { + return (cfg_parse_enum_or_other(pctx, type, &cfg_type_boolean, ret)); +} +static void +doc_filter_aaaa(cfg_printer_t *pctx, const cfg_type_t *type) { + cfg_doc_enum_or_other(pctx, type, &cfg_type_boolean); +} +static cfg_type_t cfg_type_filter_aaaa = { + "filter_aaaa", parse_filter_aaaa, cfg_print_ustring, + doc_filter_aaaa, &cfg_rep_string, filter_aaaa_enums, +}; + +static cfg_clausedef_t param_clauses[] = { + { "filter-aaaa", &cfg_type_bracketed_aml, 0 }, + { "filter-aaaa-on-v4", &cfg_type_filter_aaaa, 0 }, + { "filter-aaaa-on-v6", &cfg_type_filter_aaaa, 0 }, +}; + +static cfg_clausedef_t *param_clausesets[] = { + param_clauses, + NULL +}; + +static cfg_type_t cfg_type_parameters = { + "filter-aaaa-params", cfg_parse_mapbody, cfg_print_mapbody, + cfg_doc_mapbody, &cfg_rep_map, param_clausesets +}; + +static isc_result_t +parse_filter_aaaa_on(const cfg_obj_t *param_obj, const char *param_name, + dns_aaaa_t *dstp) +{ + const cfg_obj_t *obj = NULL; + isc_result_t result; + + result = cfg_map_get(param_obj, param_name, &obj); + if (result != ISC_R_SUCCESS) { + return (ISC_R_SUCCESS); + } + + if (cfg_obj_isboolean(obj)) { + if (cfg_obj_asboolean(obj)) { + *dstp = dns_aaaa_filter; + } else { + *dstp = dns_aaaa_ok; + } + } else if (strcasecmp(cfg_obj_asstring(obj), "break-dnssec") == 0) { + *dstp = dns_aaaa_break_dnssec; + } else { + result = ISC_R_UNEXPECTED; + } + + return (result); +} + +static isc_result_t +parse_parameters(const char *parameters, const void *cfg, + void *actx, ns_hookctx_t *hctx) +{ + isc_result_t result = ISC_R_SUCCESS; + cfg_parser_t *parser = NULL; + cfg_obj_t *param_obj = NULL; + const cfg_obj_t *obj = NULL; + isc_buffer_t b; + + CHECK(cfg_parser_create(hctx->mctx, hctx->lctx, &parser)); + + isc_buffer_constinit(&b, parameters, strlen(parameters)); + isc_buffer_add(&b, strlen(parameters)); + CHECK(cfg_parse_buffer(parser, &b, &cfg_type_parameters, + ¶m_obj)); + + CHECK(parse_filter_aaaa_on(param_obj, "filter-aaaa-on-v4", &v4_aaaa)); + CHECK(parse_filter_aaaa_on(param_obj, "filter-aaaa-on-v6", &v6_aaaa)); + + obj = NULL; + result = cfg_map_get(param_obj, "filter-aaaa", &obj); + if (result == ISC_R_SUCCESS) { + CHECK(cfg_acl_fromconfig(obj, (const cfg_obj_t *) cfg, + hctx->lctx, + (cfg_aclconfctx_t *) actx, + hctx->mctx, 0, &aaaa_acl)); + } else { + CHECK(dns_acl_any(hctx->mctx, &aaaa_acl)); + } + + cleanup: + if (param_obj != NULL) { + cfg_obj_destroy(parser, ¶m_obj); + } + if (parser != NULL) { + cfg_parser_destroy(&parser); + } + return (result); +} + +/* + * Mandatory hook API functions. + */ isc_result_t hook_register(const char *parameters, const char *file, unsigned long line, - ns_hookctx_t *hctx, ns_hooktable_t *hooktable, void **instp) + const void *cfg, void *actx, ns_hookctx_t *hctx, + ns_hooktable_t *hooktable, void **instp) { - UNUSED(parameters); UNUSED(instp); if (parameters != NULL) { @@ -83,6 +203,8 @@ hook_register(const char *parameters, const char *file, unsigned long line, "loading params for 'filter-aaaa' " "module from %s:%lu", file, line); + + parse_parameters(parameters, cfg, actx, hctx); } else { isc_log_write(hctx->lctx, NS_LOGCATEGORY_GENERAL, NS_LOGMODULE_HOOKS, ISC_LOG_INFO, @@ -91,11 +213,6 @@ hook_register(const char *parameters, const char *file, unsigned long line, file, line); } - /* - * TODO: - * configure with parameters here - */ - ns_hook_add(hooktable, NS_QUERY_RESPOND_BEGIN, &filter_respbegin); ns_hook_add(hooktable, NS_QUERY_RESPOND_ANY_FOUND, @@ -118,6 +235,10 @@ void hook_destroy(void **instp) { UNUSED(instp); + if (aaaa_acl != NULL) { + dns_acl_detach(&aaaa_acl); + } + return; } @@ -170,22 +291,19 @@ filter_prep_response_begin(void *hookdata, void *cbdata, isc_result_t *resp) { UNUSED(cbdata); qctx->filter_aaaa = dns_aaaa_ok; - if (qctx->client->view->v4_aaaa != dns_aaaa_ok || - qctx->client->view->v6_aaaa != dns_aaaa_ok) - { + if (v4_aaaa != dns_aaaa_ok || v6_aaaa != dns_aaaa_ok) { result = ns_client_checkaclsilent(qctx->client, NULL, - qctx->client->view->aaaa_acl, - true); + aaaa_acl, true); if (result == ISC_R_SUCCESS && - qctx->client->view->v4_aaaa != dns_aaaa_ok && + v4_aaaa != dns_aaaa_ok && is_v4_client(qctx->client)) { - qctx->filter_aaaa = qctx->client->view->v4_aaaa; + qctx->filter_aaaa = v4_aaaa; } else if (result == ISC_R_SUCCESS && - qctx->client->view->v6_aaaa != dns_aaaa_ok && + v6_aaaa != dns_aaaa_ok && is_v6_client(qctx->client)) { - qctx->filter_aaaa = qctx->client->view->v6_aaaa; + qctx->filter_aaaa = v6_aaaa; } } diff --git a/bin/named/config.c b/bin/named/config.c index 039d2632b4..6b81e35d2d 100644 --- a/bin/named/config.c +++ b/bin/named/config.c @@ -154,10 +154,7 @@ options {\n\ # fetch-glue ;\n\ fetch-quota-params 100 0.1 0.3 0.7;\n\ fetches-per-server 0;\n\ - fetches-per-zone 0;\n\ - filter-aaaa-on-v4 no;\n\ - filter-aaaa-on-v6 no;\n\ - filter-aaaa { any; };\n" + fetches-per-zone 0;\n" #ifdef HAVE_GEOIP " geoip-use-ecs yes;\n" #endif diff --git a/bin/named/server.c b/bin/named/server.c index c3da40ed25..a6a55bd11b 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -1538,7 +1538,7 @@ configure_dyndb(const cfg_obj_t *dyndb, isc_mem_t *mctx, static isc_result_t configure_hook(ns_hooktable_t *hooktable, const cfg_obj_t *hook, - ns_hookctx_t *hctx) + const cfg_obj_t *config, ns_hookctx_t *hctx) { isc_result_t result = ISC_R_SUCCESS; const cfg_obj_t *obj; @@ -1563,11 +1563,15 @@ configure_hook(ns_hooktable_t *hooktable, const cfg_obj_t *hook, cfg_obj_asstring(obj), cfg_obj_file(obj), cfg_obj_line(obj), + config, + named_g_aclconfctx, hctx, hooktable); } else { result = ns_hookmodule_load(library, NULL, cfg_obj_file(hook), cfg_obj_line(hook), + config, + named_g_aclconfctx, hctx, hooktable); } @@ -5134,46 +5138,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, dns_quotatype_zone, r); } - obj = NULL; - result = named_config_get(maps, "filter-aaaa-on-v4", &obj); - INSIST(result == ISC_R_SUCCESS); - if (cfg_obj_isboolean(obj)) { - if (cfg_obj_asboolean(obj)) - view->v4_aaaa = dns_aaaa_filter; - else - view->v4_aaaa = dns_aaaa_ok; - } else { - const char *v4_aaaastr = cfg_obj_asstring(obj); - if (strcasecmp(v4_aaaastr, "break-dnssec") == 0) { - view->v4_aaaa = dns_aaaa_break_dnssec; - } else { - INSIST(0); - ISC_UNREACHABLE(); - } - } - - obj = NULL; - result = named_config_get(maps, "filter-aaaa-on-v6", &obj); - INSIST(result == ISC_R_SUCCESS); - if (cfg_obj_isboolean(obj)) { - if (cfg_obj_asboolean(obj)) - view->v6_aaaa = dns_aaaa_filter; - else - view->v6_aaaa = dns_aaaa_ok; - } else { - const char *v6_aaaastr = cfg_obj_asstring(obj); - if (strcasecmp(v6_aaaastr, "break-dnssec") == 0) { - view->v6_aaaa = dns_aaaa_break_dnssec; - } else { - INSIST(0); - ISC_UNREACHABLE(); - } - } - - CHECK(configure_view_acl(vconfig, config, named_g_config, - "filter-aaaa", NULL, actx, - named_g_mctx, &view->aaaa_acl)); - obj = NULL; result = named_config_get(maps, "prefetch", &obj); if (result == ISC_R_SUCCESS) { @@ -5368,7 +5332,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, CHECK(ns_hook_createctx(mctx, &hctx)); } - CHECK(configure_hook(view->hooktable, hook, hctx)); + CHECK(configure_hook(view->hooktable, hook, config, hctx)); } #endif diff --git a/bin/tests/system/filter-aaaa/conf/bad1.conf b/bin/tests/system/filter-aaaa/conf/bad1.conf deleted file mode 100644 index 9a23fd8b96..0000000000 --- a/bin/tests/system/filter-aaaa/conf/bad1.conf +++ /dev/null @@ -1,15 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - filter-aaaa-on-v4 yes; - filter-aaaa { none; }; -}; diff --git a/bin/tests/system/filter-aaaa/conf/bad2.conf b/bin/tests/system/filter-aaaa/conf/bad2.conf deleted file mode 100644 index 798f4fd6e2..0000000000 --- a/bin/tests/system/filter-aaaa/conf/bad2.conf +++ /dev/null @@ -1,24 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - /* - * While this matches the defaults, it is not a good configuration - * to have in named.conf as the two options contradict each other - * indicating a error on behalf of the operator. - * - * The default is to have filter-aaaa-on-v4 off, but if it is turned - * on then it applies to all IPv4 queries. This results in - * contradictory defaults. - */ - filter-aaaa-on-v4 no; - filter-aaaa { any; }; -}; diff --git a/bin/tests/system/filter-aaaa/conf/bad3.conf b/bin/tests/system/filter-aaaa/conf/bad3.conf deleted file mode 100644 index 3c068bbb71..0000000000 --- a/bin/tests/system/filter-aaaa/conf/bad3.conf +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - filter-aaaa-on-v4 no; -}; - -view myview { - filter-aaaa { any; }; -}; diff --git a/bin/tests/system/filter-aaaa/conf/bad4.conf b/bin/tests/system/filter-aaaa/conf/bad4.conf deleted file mode 100644 index 5744c8b2c5..0000000000 --- a/bin/tests/system/filter-aaaa/conf/bad4.conf +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - filter-aaaa { any; }; -}; - -view myview { - filter-aaaa-on-v4 no; -}; diff --git a/bin/tests/system/filter-aaaa/conf/bad5.conf b/bin/tests/system/filter-aaaa/conf/bad5.conf deleted file mode 100644 index 39f9acca51..0000000000 --- a/bin/tests/system/filter-aaaa/conf/bad5.conf +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - filter-aaaa { none; }; -}; - -view myview { - filter-aaaa-on-v4 yes; -}; diff --git a/bin/tests/system/filter-aaaa/conf/bad6.conf b/bin/tests/system/filter-aaaa/conf/bad6.conf deleted file mode 100644 index e92bb1e5f2..0000000000 --- a/bin/tests/system/filter-aaaa/conf/bad6.conf +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - filter-aaaa-on-v4 yes; -}; - -view myview { - filter-aaaa { none; }; -}; diff --git a/bin/tests/system/filter-aaaa/conf/good1.conf b/bin/tests/system/filter-aaaa/conf/good1.conf deleted file mode 100644 index 2a93ef6fb0..0000000000 --- a/bin/tests/system/filter-aaaa/conf/good1.conf +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - filter-aaaa-on-v4 yes; -}; diff --git a/bin/tests/system/filter-aaaa/conf/good2.conf b/bin/tests/system/filter-aaaa/conf/good2.conf deleted file mode 100644 index 916af8e971..0000000000 --- a/bin/tests/system/filter-aaaa/conf/good2.conf +++ /dev/null @@ -1,14 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - filter-aaaa-on-v4 break-dnssec; -}; diff --git a/bin/tests/system/filter-aaaa/conf/good3.conf b/bin/tests/system/filter-aaaa/conf/good3.conf deleted file mode 100644 index b3f8de4d95..0000000000 --- a/bin/tests/system/filter-aaaa/conf/good3.conf +++ /dev/null @@ -1,15 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - filter-aaaa-on-v4 break-dnssec; - filter-aaaa { 1.0.0.0/8; }; -}; diff --git a/bin/tests/system/filter-aaaa/conf/good4.conf b/bin/tests/system/filter-aaaa/conf/good4.conf deleted file mode 100644 index d789f30b57..0000000000 --- a/bin/tests/system/filter-aaaa/conf/good4.conf +++ /dev/null @@ -1,15 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - filter-aaaa-on-v4 yes; - filter-aaaa { 1.0.0.0/8; }; -}; diff --git a/bin/tests/system/filter-aaaa/conf/good5.conf b/bin/tests/system/filter-aaaa/conf/good5.conf deleted file mode 100644 index 95baae5b28..0000000000 --- a/bin/tests/system/filter-aaaa/conf/good5.conf +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - filter-aaaa-on-v4 yes; -}; - -view myview { - filter-aaaa { 1.0.0.0/8; }; -}; diff --git a/bin/tests/system/filter-aaaa/conf/good6.conf b/bin/tests/system/filter-aaaa/conf/good6.conf deleted file mode 100644 index 9e783670a0..0000000000 --- a/bin/tests/system/filter-aaaa/conf/good6.conf +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - filter-aaaa { 1.0.0.0/8; }; -}; - -view myview { - filter-aaaa-on-v4 yes; -}; diff --git a/bin/tests/system/filter-aaaa/conf/good7.conf b/bin/tests/system/filter-aaaa/conf/good7.conf deleted file mode 100644 index 2531de95b6..0000000000 --- a/bin/tests/system/filter-aaaa/conf/good7.conf +++ /dev/null @@ -1,18 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { -}; - -view myview { - filter-aaaa { 1.0.0.0/8; }; - filter-aaaa-on-v4 yes; -}; diff --git a/bin/tests/system/filter-aaaa/conf/good8.conf b/bin/tests/system/filter-aaaa/conf/good8.conf deleted file mode 100644 index f28fdd96ab..0000000000 --- a/bin/tests/system/filter-aaaa/conf/good8.conf +++ /dev/null @@ -1,19 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, You can obtain one at http://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -options { - filter-aaaa-on-v4 no; -}; - -view myview { - filter-aaaa { 1.0.0.0/8; }; - filter-aaaa-on-v4 yes; -}; diff --git a/bin/tests/system/filter-aaaa/ns1/named1.conf.in b/bin/tests/system/filter-aaaa/ns1/named1.conf.in index bde197748e..cd05abc9e9 100644 --- a/bin/tests/system/filter-aaaa/ns1/named1.conf.in +++ b/bin/tests/system/filter-aaaa/ns1/named1.conf.in @@ -20,12 +20,15 @@ options { recursion no; dnssec-validation yes; notify yes; - filter-aaaa-on-v4 yes; - filter-aaaa { 10.53.0.1; }; minimal-responses no; }; -hook query "../../../../hooks/lib/filter-aaaa.so"; +acl filterees { 10.53.0.1; }; + +hook query "../../../../hooks/lib/filter-aaaa.so" { + filter-aaaa-on-v4 yes; + filter-aaaa { filterees; }; +}; key rndc_key { secret "1234abcd8765"; diff --git a/bin/tests/system/filter-aaaa/ns1/named2.conf.in b/bin/tests/system/filter-aaaa/ns1/named2.conf.in index 8d29d583aa..3201f7c9b3 100644 --- a/bin/tests/system/filter-aaaa/ns1/named2.conf.in +++ b/bin/tests/system/filter-aaaa/ns1/named2.conf.in @@ -20,12 +20,13 @@ options { recursion no; dnssec-validation yes; notify yes; - filter-aaaa-on-v6 yes; - filter-aaaa { fd92:7065:b8e:ffff::1; }; minimal-responses no; }; -hook query "../../../../hooks/lib/filter-aaaa.so"; +hook query "../../../../hooks/lib/filter-aaaa.so" { + filter-aaaa-on-v6 yes; + filter-aaaa { fd92:7065:b8e:ffff::1; }; +}; key rndc_key { secret "1234abcd8765"; diff --git a/bin/tests/system/filter-aaaa/ns2/named1.conf.in b/bin/tests/system/filter-aaaa/ns2/named1.conf.in index 5d8e06cdfd..5d9aeec8a4 100644 --- a/bin/tests/system/filter-aaaa/ns2/named1.conf.in +++ b/bin/tests/system/filter-aaaa/ns2/named1.conf.in @@ -20,12 +20,13 @@ options { recursion yes; dnssec-validation yes; notify yes; - filter-aaaa-on-v4 yes; - filter-aaaa { 10.53.0.2; }; minimal-responses no; }; -hook query "../../../../hooks/lib/filter-aaaa.so"; +hook query "../../../../hooks/lib/filter-aaaa.so" { + filter-aaaa-on-v4 yes; + filter-aaaa { 10.53.0.2; }; +}; key rndc_key { secret "1234abcd8765"; diff --git a/bin/tests/system/filter-aaaa/ns2/named2.conf.in b/bin/tests/system/filter-aaaa/ns2/named2.conf.in index 56e388ce49..a313403c98 100644 --- a/bin/tests/system/filter-aaaa/ns2/named2.conf.in +++ b/bin/tests/system/filter-aaaa/ns2/named2.conf.in @@ -20,12 +20,13 @@ options { recursion yes; dnssec-validation yes; notify yes; - filter-aaaa-on-v6 yes; - filter-aaaa { fd92:7065:b8e:ffff::2; }; minimal-responses no; }; -hook query "../../../../hooks/lib/filter-aaaa.so"; +hook query "../../../../hooks/lib/filter-aaaa.so" { + filter-aaaa-on-v6 yes; + filter-aaaa { fd92:7065:b8e:ffff::2; }; +}; key rndc_key { secret "1234abcd8765"; diff --git a/bin/tests/system/filter-aaaa/ns3/named1.conf.in b/bin/tests/system/filter-aaaa/ns3/named1.conf.in index b0f4ba0667..7c24809a0c 100644 --- a/bin/tests/system/filter-aaaa/ns3/named1.conf.in +++ b/bin/tests/system/filter-aaaa/ns3/named1.conf.in @@ -20,12 +20,13 @@ options { recursion yes; dnssec-validation yes; notify yes; - filter-aaaa-on-v4 break-dnssec; - filter-aaaa { 10.53.0.3; }; minimal-responses no; }; -hook query "../../../../hooks/lib/filter-aaaa.so"; +hook query "../../../../hooks/lib/filter-aaaa.so" { + filter-aaaa-on-v4 break-dnssec; + filter-aaaa { 10.53.0.3; }; +}; key rndc_key { secret "1234abcd8765"; diff --git a/bin/tests/system/filter-aaaa/ns3/named2.conf.in b/bin/tests/system/filter-aaaa/ns3/named2.conf.in index 847bdfe0d3..cd5df44938 100644 --- a/bin/tests/system/filter-aaaa/ns3/named2.conf.in +++ b/bin/tests/system/filter-aaaa/ns3/named2.conf.in @@ -20,12 +20,13 @@ options { recursion yes; dnssec-validation yes; notify yes; - filter-aaaa-on-v6 break-dnssec; - filter-aaaa { fd92:7065:b8e:ffff::3; }; minimal-responses no; }; -hook query "../../../../hooks/lib/filter-aaaa.so"; +hook query "../../../../hooks/lib/filter-aaaa.so" { + filter-aaaa-on-v6 break-dnssec; + filter-aaaa { fd92:7065:b8e:ffff::3; }; +}; key rndc_key { secret "1234abcd8765"; diff --git a/bin/tests/system/filter-aaaa/ns4/named1.conf.in b/bin/tests/system/filter-aaaa/ns4/named1.conf.in index 915f55d44b..87e2eadcf5 100644 --- a/bin/tests/system/filter-aaaa/ns4/named1.conf.in +++ b/bin/tests/system/filter-aaaa/ns4/named1.conf.in @@ -20,12 +20,13 @@ options { recursion no; dnssec-validation no; notify yes; - filter-aaaa-on-v4 break-dnssec; - filter-aaaa { 10.53.0.4; }; minimal-responses no; }; -hook query "../../../../hooks/lib/filter-aaaa.so"; +hook query "../../../../hooks/lib/filter-aaaa.so" { + filter-aaaa-on-v4 break-dnssec; + filter-aaaa { 10.53.0.4; }; +}; key rndc_key { secret "1234abcd8765"; diff --git a/bin/tests/system/filter-aaaa/ns4/named2.conf.in b/bin/tests/system/filter-aaaa/ns4/named2.conf.in index c6818b8f76..79b5ce8eff 100644 --- a/bin/tests/system/filter-aaaa/ns4/named2.conf.in +++ b/bin/tests/system/filter-aaaa/ns4/named2.conf.in @@ -20,12 +20,13 @@ options { recursion no; dnssec-validation no; notify yes; - filter-aaaa-on-v6 break-dnssec; - filter-aaaa { fd92:7065:b8e:ffff::4; }; minimal-responses no; }; -hook query "../../../../hooks/lib/filter-aaaa.so"; +hook query "../../../../hooks/lib/filter-aaaa.so" { + filter-aaaa-on-v6 break-dnssec; + filter-aaaa { fd92:7065:b8e:ffff::4; }; +}; key rndc_key { secret "1234abcd8765"; diff --git a/bin/tests/system/filter-aaaa/ns5/named.conf.in b/bin/tests/system/filter-aaaa/ns5/named.conf.in index a27ee016d6..df507b3016 100644 --- a/bin/tests/system/filter-aaaa/ns5/named.conf.in +++ b/bin/tests/system/filter-aaaa/ns5/named.conf.in @@ -25,12 +25,13 @@ options { exclude { any; }; mapped { any; }; }; - filter-aaaa-on-v4 break-dnssec; - filter-aaaa { any; }; minimal-responses no; }; -hook query "../../../../hooks/lib/filter-aaaa.so"; +hook query "../../../../hooks/lib/filter-aaaa.so" { + filter-aaaa-on-v4 break-dnssec; + filter-aaaa { any; }; +}; key rndc_key { secret "1234abcd8765"; diff --git a/bin/tests/system/filter-aaaa/tests.sh b/bin/tests/system/filter-aaaa/tests.sh index f3e06b4fe4..86d0c7cb7b 100644 --- a/bin/tests/system/filter-aaaa/tests.sh +++ b/bin/tests/system/filter-aaaa/tests.sh @@ -20,26 +20,6 @@ rm -f dig.out.* DIGOPTS="+tcp +noadd +nosea +nostat +nocmd -p ${PORT}" RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s" -for conf in conf/good*.conf -do - n=`expr $n + 1` - echo_i "checking that $conf is accepted ($n)" - ret=0 - $CHECKCONF "$conf" || ret=1 - if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` -done - -for conf in conf/bad*.conf -do - n=`expr $n + 1` - echo_i "checking that $conf is rejected ($n)" - ret=0 - $CHECKCONF "$conf" >/dev/null && ret=1 - if [ $ret != 0 ]; then echo_i "failed"; fi - status=`expr $status + $ret` -done - # # Authoritative tests against: # filter-aaaa-on-v4 yes; diff --git a/lib/bind9/check.c b/lib/bind9/check.c index 953b7746a4..4fac8e9b85 100644 --- a/lib/bind9/check.c +++ b/lib/bind9/check.c @@ -471,7 +471,7 @@ check_viewacls(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions, static const char *acls[] = { "allow-query", "allow-query-on", "allow-query-cache", "allow-query-cache-on", "blackhole", "keep-response-order", "match-clients", - "match-destinations", "sortlist", "filter-aaaa", NULL }; + "match-destinations", "sortlist", NULL }; while (acls[i] != NULL) { tresult = checkacl(acls[i++], actx, NULL, voptions, config, @@ -789,102 +789,6 @@ check_recursionacls(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions, return (result); } -static isc_result_t -check_filteraaaa(cfg_aclconfctx_t *actx, const cfg_obj_t *voptions, - const char *viewname, const cfg_obj_t *config, - isc_log_t *logctx, isc_mem_t *mctx) -{ - const cfg_obj_t *options, *aclobj, *obj; - dns_acl_t *acl = NULL; - isc_result_t result = ISC_R_SUCCESS; - dns_aaaa_t filter4, filter6; - const char *forview = " for view "; - - if (viewname == NULL) { - viewname = ""; - forview = ""; - } - - aclobj = options = NULL; - acl = NULL; - - if (voptions != NULL) - cfg_map_get(voptions, "filter-aaaa", &aclobj); - if (config != NULL && aclobj == NULL) { - options = NULL; - cfg_map_get(config, "options", &options); - if (options != NULL) - cfg_map_get(options, "filter-aaaa", &aclobj); - } - if (aclobj == NULL) - return (result); - - result = cfg_acl_fromconfig(aclobj, config, logctx, - actx, mctx, 0, &acl); - if (result != ISC_R_SUCCESS) - goto failure; - - obj = NULL; - if (voptions != NULL) - cfg_map_get(voptions, "filter-aaaa-on-v4", &obj); - if (obj == NULL && config != NULL) { - options = NULL; - cfg_map_get(config, "options", &options); - if (options != NULL) - cfg_map_get(options, "filter-aaaa-on-v4", &obj); - } - - if (obj == NULL) - filter4 = dns_aaaa_ok; /* default */ - else if (cfg_obj_isboolean(obj)) - filter4 = cfg_obj_asboolean(obj) ? dns_aaaa_filter : - dns_aaaa_ok; - else - filter4 = dns_aaaa_break_dnssec; /* break-dnssec */ - - obj = NULL; - if (voptions != NULL) - cfg_map_get(voptions, "filter-aaaa-on-v6", &obj); - if (obj == NULL && config != NULL) { - options = NULL; - cfg_map_get(config, "options", &options); - if (options != NULL) - cfg_map_get(options, "filter-aaaa-on-v6", &obj); - } - - if (obj == NULL) - filter6 = dns_aaaa_ok; /* default */ - else if (cfg_obj_isboolean(obj)) - filter6 = cfg_obj_asboolean(obj) ? dns_aaaa_filter : - dns_aaaa_ok; - else - filter6 = dns_aaaa_break_dnssec; /* break-dnssec */ - - if ((filter4 != dns_aaaa_ok || filter6 != dns_aaaa_ok) && - dns_acl_isnone(acl)) - { - cfg_obj_log(aclobj, logctx, ISC_LOG_WARNING, - "\"filter-aaaa\" is 'none;' but " - "either filter-aaaa-on-v4 or filter-aaaa-on-v6 " - "is enabled%s%s", forview, viewname); - result = ISC_R_FAILURE; - } else if (filter4 == dns_aaaa_ok && filter6 == dns_aaaa_ok && - !dns_acl_isnone(acl)) - { - cfg_obj_log(aclobj, logctx, ISC_LOG_WARNING, - "\"filter-aaaa\" is set but " - "neither filter-aaaa-on-v4 or filter-aaaa-on-v6 " - "is enabled%s%s", forview, viewname); - result = ISC_R_FAILURE; - } - - failure: - if (acl != NULL) - dns_acl_detach(&acl); - - return (result); -} - typedef struct { const char *name; unsigned int scale; @@ -3750,11 +3654,6 @@ check_viewconf(const cfg_obj_t *config, const cfg_obj_t *voptions, if (tresult != ISC_R_SUCCESS) result = tresult; - tresult = check_filteraaaa(actx, voptions, viewname, config, - logctx, mctx); - if (tresult != ISC_R_SUCCESS) - result = tresult; - tresult = check_dns64(actx, voptions, config, logctx, mctx); if (tresult != ISC_R_SUCCESS) result = tresult; diff --git a/lib/dns/include/dns/view.h b/lib/dns/include/dns/view.h index 0032bd0dc0..c80dc5da5e 100644 --- a/lib/dns/include/dns/view.h +++ b/lib/dns/include/dns/view.h @@ -179,9 +179,6 @@ struct dns_view { uint16_t padding; dns_acl_t * pad_acl; unsigned int maxbits; - dns_aaaa_t v4_aaaa; - dns_aaaa_t v6_aaaa; - dns_acl_t * aaaa_acl; dns_dns64list_t dns64; unsigned int dns64cnt; dns_rpz_zones_t *rpzs; diff --git a/lib/dns/view.c b/lib/dns/view.c index 05a656e9ef..357f102625 100644 --- a/lib/dns/view.c +++ b/lib/dns/view.c @@ -225,9 +225,6 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass, view->padding = 0; view->pad_acl = NULL; view->maxbits = 0; - view->v4_aaaa = dns_aaaa_ok; - view->v6_aaaa = dns_aaaa_ok; - view->aaaa_acl = NULL; view->rpzs = NULL; view->catzs = NULL; dns_fixedname_init(&view->dlv_fixed); @@ -457,8 +454,6 @@ destroy(dns_view_t *view) { dns_acl_detach(&view->upfwdacl); if (view->denyansweracl != NULL) dns_acl_detach(&view->denyansweracl); - if (view->aaaa_acl != NULL) - dns_acl_detach(&view->aaaa_acl); if (view->pad_acl != NULL) dns_acl_detach(&view->pad_acl); if (view->answeracl_exclude != NULL) diff --git a/lib/isccfg/include/isccfg/grammar.h b/lib/isccfg/include/isccfg/grammar.h index f813f41bf2..ba9115458c 100644 --- a/lib/isccfg/include/isccfg/grammar.h +++ b/lib/isccfg/include/isccfg/grammar.h @@ -301,8 +301,10 @@ LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_qstring; LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_astring; LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_ustring; LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_sstring; +LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_bracketed_aml; LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_bracketed_text; LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_optional_bracketed_text; +LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_keyref; LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_sockaddr; LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_sockaddrdscp; LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_netaddr; @@ -433,6 +435,14 @@ cfg_parse_enum(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret); void cfg_doc_enum(cfg_printer_t *pctx, const cfg_type_t *type); +isc_result_t +cfg_parse_enum_or_other(cfg_parser_t *pctx, const cfg_type_t *enumtype, + const cfg_type_t *othertype, cfg_obj_t **ret); + +void +cfg_doc_enum_or_other(cfg_printer_t *pctx, const cfg_type_t *enumtype, + const cfg_type_t *othertype); + void cfg_print_chars(cfg_printer_t *pctx, const char *text, int len); /*%< Print 'len' characters at 'text' */ diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c index 7a8f3a71f0..9ac2235b0a 100644 --- a/lib/isccfg/namedconf.c +++ b/lib/isccfg/namedconf.c @@ -49,14 +49,6 @@ * Forward declarations of static functions. */ -static isc_result_t -parse_enum_or_other(cfg_parser_t *pctx, const cfg_type_t *enumtype, - const cfg_type_t *othertype, cfg_obj_t **ret); - -static void -doc_enum_or_other(cfg_printer_t *pctx, const cfg_type_t *enumtype, - const cfg_type_t *othertype); - static isc_result_t parse_keyvalue(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret); @@ -94,8 +86,6 @@ doc_geoip(cfg_printer_t *pctx, const cfg_type_t *type); #endif /* HAVE_GEOIP */ static cfg_type_t cfg_type_acl; -static cfg_type_t cfg_type_addrmatchelt; -static cfg_type_t cfg_type_bracketed_aml; static cfg_type_t cfg_type_bracketed_dscpsockaddrlist; static cfg_type_t cfg_type_bracketed_namesockaddrkeylist; static cfg_type_t cfg_type_bracketed_netaddrlist; @@ -108,7 +98,6 @@ static cfg_type_t cfg_type_dlz; static cfg_type_t cfg_type_dnstap; static cfg_type_t cfg_type_dnstapoutput; static cfg_type_t cfg_type_dyndb; -static cfg_type_t cfg_type_filter_aaaa; static cfg_type_t cfg_type_hook; static cfg_type_t cfg_type_ixfrdifftype; static cfg_type_t cfg_type_key; @@ -121,7 +110,6 @@ static cfg_type_t cfg_type_masterselement; static cfg_type_t cfg_type_maxttl; static cfg_type_t cfg_type_minimal; static cfg_type_t cfg_type_nameportiplist; -static cfg_type_t cfg_type_negated; static cfg_type_t cfg_type_notifytype; static cfg_type_t cfg_type_optional_allow; static cfg_type_t cfg_type_optional_class; @@ -607,11 +595,11 @@ static cfg_type_t cfg_type_updatemethod = { static const char *zonestat_enums[] = { "full", "terse", "none", NULL }; static isc_result_t parse_zonestat(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { - return (parse_enum_or_other(pctx, type, &cfg_type_boolean, ret)); + return (cfg_parse_enum_or_other(pctx, type, &cfg_type_boolean, ret)); } static void doc_zonestat(cfg_printer_t *pctx, const cfg_type_t *type) { - doc_enum_or_other(pctx, type, &cfg_type_boolean); + cfg_doc_enum_or_other(pctx, type, &cfg_type_boolean); } static cfg_type_t cfg_type_zonestat = { "zonestat", parse_zonestat, cfg_print_ustring, doc_zonestat, @@ -952,7 +940,7 @@ static isc_result_t parse_optional_enum(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { - return (parse_enum_or_other(pctx, type, &cfg_type_void, ret)); + return (cfg_parse_enum_or_other(pctx, type, &cfg_type_void, ret)); } static void @@ -1909,9 +1897,9 @@ view_clauses[] = { { "fetch-quota-params", &cfg_type_fetchquota, 0 }, { "fetches-per-server", &cfg_type_fetchesper, 0 }, { "fetches-per-zone", &cfg_type_fetchesper, 0 }, - { "filter-aaaa", &cfg_type_bracketed_aml, 0 }, - { "filter-aaaa-on-v4", &cfg_type_filter_aaaa, 0 }, - { "filter-aaaa-on-v6", &cfg_type_filter_aaaa, 0 }, + { "filter-aaaa", &cfg_type_bracketed_aml, CFG_CLAUSEFLAG_OBSOLETE }, + { "filter-aaaa-on-v4", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, + { "filter-aaaa-on-v6", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, { "glue-cache", &cfg_type_boolean, 0 }, { "ixfr-from-differences", &cfg_type_ixfrdifftype, 0 }, { "lame-ttl", &cfg_type_ttlval, 0 }, @@ -2495,11 +2483,11 @@ static const char *printtime_enums[] = { }; static isc_result_t parse_printtime(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { - return (parse_enum_or_other(pctx, type, &cfg_type_boolean, ret)); + return (cfg_parse_enum_or_other(pctx, type, &cfg_type_boolean, ret)); } static void doc_printtime(cfg_printer_t *pctx, const cfg_type_t *type) { - doc_enum_or_other(pctx, type, &cfg_type_boolean); + cfg_doc_enum_or_other(pctx, type, &cfg_type_boolean); } static cfg_type_t cfg_type_printtime = { "printtime", parse_printtime, cfg_print_ustring, doc_printtime, @@ -2715,12 +2703,12 @@ static cfg_type_t cfg_type_sizeval = { static isc_result_t parse_size(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { - return (parse_enum_or_other(pctx, type, &cfg_type_sizeval, ret)); + return (cfg_parse_enum_or_other(pctx, type, &cfg_type_sizeval, ret)); } static void doc_size(cfg_printer_t *pctx, const cfg_type_t *type) { - doc_enum_or_other(pctx, type, &cfg_type_sizeval); + cfg_doc_enum_or_other(pctx, type, &cfg_type_sizeval); } static const char *size_enums[] = { "default", "unlimited", NULL }; @@ -2754,13 +2742,18 @@ static isc_result_t parse_size_or_percent(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { - return (parse_enum_or_other(pctx, type, &cfg_type_sizeval_percent, + return (cfg_parse_enum_or_other(pctx, type, &cfg_type_sizeval_percent, ret)); } static void doc_parse_size_or_percent(cfg_printer_t *pctx, const cfg_type_t *type) { - doc_enum_or_other(pctx, type, &cfg_type_sizeval_percent); + UNUSED(type); + cfg_print_cstr(pctx, "( default | unlimited | "); + cfg_doc_terminal(pctx, &cfg_type_sizeval); + cfg_print_cstr(pctx, " | "); + cfg_doc_terminal(pctx, &cfg_type_percentage); + cfg_print_cstr(pctx, " )"); } static const char *sizeorpercent_enums[] = { "default", "unlimited", NULL }; @@ -2801,59 +2794,6 @@ parse_maybe_optional_keyvalue(cfg_parser_t *pctx, const cfg_type_t *type, return (result); } -static isc_result_t -parse_enum_or_other(cfg_parser_t *pctx, const cfg_type_t *enumtype, - const cfg_type_t *othertype, cfg_obj_t **ret) -{ - isc_result_t result; - CHECK(cfg_peektoken(pctx, 0)); - if (pctx->token.type == isc_tokentype_string && - cfg_is_enum(TOKEN_STRING(pctx), enumtype->of)) { - CHECK(cfg_parse_enum(pctx, enumtype, ret)); - } else { - CHECK(cfg_parse_obj(pctx, othertype, ret)); - } - cleanup: - return (result); -} - -static void -doc_enum_or_other(cfg_printer_t *pctx, const cfg_type_t *enumtype, - const cfg_type_t *othertype) -{ - const char * const *p; - bool first = true; - - /* - * If othertype is cfg_type_void, it means that enumtype is - * optional. - */ - - if (othertype == &cfg_type_void) - cfg_print_cstr(pctx, "[ "); - cfg_print_cstr(pctx, "( "); - for (p = enumtype->of; *p != NULL; p++) { - if (!first) - cfg_print_cstr(pctx, " | "); - first = false; - cfg_print_cstr(pctx, *p); - } - if (othertype == &cfg_type_sizeval_percent) { - if (!first) - cfg_print_cstr(pctx, " | "); - cfg_doc_terminal(pctx, &cfg_type_sizeval); - cfg_print_cstr(pctx, " | "); - cfg_doc_terminal(pctx, &cfg_type_percentage); - } else if (othertype != &cfg_type_void) { - if (!first) - cfg_print_cstr(pctx, " | "); - cfg_doc_terminal(pctx, othertype); - } - cfg_print_cstr(pctx, " )"); - if (othertype == &cfg_type_void) - cfg_print_cstr(pctx, " ]"); -} - static isc_result_t parse_keyvalue(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { return (parse_maybe_optional_keyvalue(pctx, type, false, ret)); @@ -2899,11 +2839,11 @@ static isc_result_t parse_dialup_type(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { - return (parse_enum_or_other(pctx, type, &cfg_type_boolean, ret)); + return (cfg_parse_enum_or_other(pctx, type, &cfg_type_boolean, ret)); } static void doc_dialup_type(cfg_printer_t *pctx, const cfg_type_t *type) { - doc_enum_or_other(pctx, type, &cfg_type_boolean); + cfg_doc_enum_or_other(pctx, type, &cfg_type_boolean); } static cfg_type_t cfg_type_dialuptype = { "dialuptype", parse_dialup_type, cfg_print_ustring, doc_dialup_type, @@ -2915,11 +2855,11 @@ static isc_result_t parse_notify_type(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { - return (parse_enum_or_other(pctx, type, &cfg_type_boolean, ret)); + return (cfg_parse_enum_or_other(pctx, type, &cfg_type_boolean, ret)); } static void doc_notify_type(cfg_printer_t *pctx, const cfg_type_t *type) { - doc_enum_or_other(pctx, type, &cfg_type_boolean); + cfg_doc_enum_or_other(pctx, type, &cfg_type_boolean); } static cfg_type_t cfg_type_notifytype = { "notifytype", parse_notify_type, cfg_print_ustring, doc_notify_type, @@ -2929,11 +2869,11 @@ static cfg_type_t cfg_type_notifytype = { static const char *minimal_enums[] = { "no-auth", "no-auth-recursive", NULL }; static isc_result_t parse_minimal(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { - return (parse_enum_or_other(pctx, type, &cfg_type_boolean, ret)); + return (cfg_parse_enum_or_other(pctx, type, &cfg_type_boolean, ret)); } static void doc_minimal(cfg_printer_t *pctx, const cfg_type_t *type) { - doc_enum_or_other(pctx, type, &cfg_type_boolean); + cfg_doc_enum_or_other(pctx, type, &cfg_type_boolean); } static cfg_type_t cfg_type_minimal = { "mimimal", parse_minimal, cfg_print_ustring, doc_minimal, @@ -2947,32 +2887,17 @@ static isc_result_t parse_ixfrdiff_type(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { - return (parse_enum_or_other(pctx, type, &cfg_type_boolean, ret)); + return (cfg_parse_enum_or_other(pctx, type, &cfg_type_boolean, ret)); } static void doc_ixfrdiff_type(cfg_printer_t *pctx, const cfg_type_t *type) { - doc_enum_or_other(pctx, type, &cfg_type_boolean); + cfg_doc_enum_or_other(pctx, type, &cfg_type_boolean); } static cfg_type_t cfg_type_ixfrdifftype = { "ixfrdiff", parse_ixfrdiff_type, cfg_print_ustring, doc_ixfrdiff_type, &cfg_rep_string, ixfrdiff_enums, }; -static const char *filter_aaaa_enums[] = { "break-dnssec", NULL }; -static isc_result_t -parse_filter_aaaa(cfg_parser_t *pctx, const cfg_type_t *type, - cfg_obj_t **ret) { - return (parse_enum_or_other(pctx, type, &cfg_type_boolean, ret)); -} -static void -doc_filter_aaaa(cfg_printer_t *pctx, const cfg_type_t *type) { - doc_enum_or_other(pctx, type, &cfg_type_boolean); -} -static cfg_type_t cfg_type_filter_aaaa = { - "filter_aaaa", parse_filter_aaaa, cfg_print_ustring, - doc_filter_aaaa, &cfg_rep_string, filter_aaaa_enums, -}; - static keyword_type_t key_kw = { "key", &cfg_type_astring }; LIBISCCFG_EXTERNAL_DATA cfg_type_t cfg_type_keyref = { @@ -3419,99 +3344,6 @@ static cfg_type_t cfg_type_querysource = { "querysource", NULL, print_querysource, NULL, &cfg_rep_sockaddr, NULL }; -/*% addrmatchelt */ - -static isc_result_t -parse_addrmatchelt(cfg_parser_t *pctx, const cfg_type_t *type, - cfg_obj_t **ret) -{ - isc_result_t result; - UNUSED(type); - - CHECK(cfg_peektoken(pctx, CFG_LEXOPT_QSTRING)); - - if (pctx->token.type == isc_tokentype_string || - pctx->token.type == isc_tokentype_qstring) { - if (pctx->token.type == isc_tokentype_string && - (strcasecmp(TOKEN_STRING(pctx), "key") == 0)) { - CHECK(cfg_parse_obj(pctx, &cfg_type_keyref, ret)); - } else if (pctx->token.type == isc_tokentype_string && - (strcasecmp(TOKEN_STRING(pctx), "geoip") == 0)) { -#ifdef HAVE_GEOIP - CHECK(cfg_gettoken(pctx, 0)); - CHECK(cfg_parse_obj(pctx, &cfg_type_geoip, ret)); -#else - cfg_parser_error(pctx, CFG_LOG_NEAR, "'geoip' " - "not supported in this build"); - return (ISC_R_UNEXPECTEDTOKEN); -#endif - } else { - if (cfg_lookingat_netaddr(pctx, CFG_ADDR_V4OK | - CFG_ADDR_V4PREFIXOK | - CFG_ADDR_V6OK)) - { - CHECK(cfg_parse_netprefix(pctx, NULL, ret)); - } else { - CHECK(cfg_parse_astring(pctx, NULL, ret)); - } - } - } else if (pctx->token.type == isc_tokentype_special) { - if (pctx->token.value.as_char == '{') { - /* Nested match list. */ - CHECK(cfg_parse_obj(pctx, - &cfg_type_bracketed_aml, ret)); - } else if (pctx->token.value.as_char == '!') { - CHECK(cfg_gettoken(pctx, 0)); /* read "!" */ - CHECK(cfg_parse_obj(pctx, &cfg_type_negated, ret)); - } else { - goto bad; - } - } else { - bad: - cfg_parser_error(pctx, CFG_LOG_NEAR, - "expected IP match list element"); - return (ISC_R_UNEXPECTEDTOKEN); - } - cleanup: - return (result); -} - -/*% - * A negated address match list element (like "! 10.0.0.1"). - * Somewhat sneakily, the caller is expected to parse the - * "!", but not to print it. - */ - -static cfg_tuplefielddef_t negated_fields[] = { - { "negated", &cfg_type_addrmatchelt, 0 }, - { NULL, NULL, 0 } -}; - -static void -print_negated(cfg_printer_t *pctx, const cfg_obj_t *obj) { - cfg_print_cstr(pctx, "!"); - cfg_print_tuple(pctx, obj); -} - -static cfg_type_t cfg_type_negated = { - "negated", cfg_parse_tuple, print_negated, NULL, &cfg_rep_tuple, - &negated_fields -}; - -/*% An address match list element */ - -static cfg_type_t cfg_type_addrmatchelt = { - "address_match_element", parse_addrmatchelt, NULL, cfg_doc_terminal, - NULL, NULL -}; - -/*% A bracketed address match list */ - -static cfg_type_t cfg_type_bracketed_aml = { - "bracketed_aml", cfg_parse_bracketed_list, cfg_print_bracketed_list, - cfg_doc_bracketed_list, &cfg_rep_list, &cfg_type_addrmatchelt -}; - /*% * The socket address syntax in the "controls" statement is silly. * It allows both socket address families, but also allows "*", @@ -3656,12 +3488,12 @@ static isc_result_t parse_logversions(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { - return (parse_enum_or_other(pctx, type, &cfg_type_uint32, ret)); + return (cfg_parse_enum_or_other(pctx, type, &cfg_type_uint32, ret)); } static void doc_logversions(cfg_printer_t *pctx, const cfg_type_t *type) { - doc_enum_or_other(pctx, type, &cfg_type_uint32); + cfg_doc_enum_or_other(pctx, type, &cfg_type_uint32); } static cfg_type_t cfg_type_logversions = { @@ -4070,12 +3902,12 @@ static cfg_type_t cfg_type_ttlval = { static isc_result_t parse_maxttl(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { - return (parse_enum_or_other(pctx, type, &cfg_type_ttlval, ret)); + return (cfg_parse_enum_or_other(pctx, type, &cfg_type_ttlval, ret)); } static void doc_maxttl(cfg_printer_t *pctx, const cfg_type_t *type) { - doc_enum_or_other(pctx, type, &cfg_type_ttlval); + cfg_doc_enum_or_other(pctx, type, &cfg_type_ttlval); } /*% diff --git a/lib/isccfg/parser.c b/lib/isccfg/parser.c index 233eb26b52..5af9ae2228 100644 --- a/lib/isccfg/parser.c +++ b/lib/isccfg/parser.c @@ -1192,6 +1192,58 @@ cfg_doc_enum(cfg_printer_t *pctx, const cfg_type_t *type) { cfg_print_cstr(pctx, " )"); } +isc_result_t +cfg_parse_enum_or_other(cfg_parser_t *pctx, const cfg_type_t *enumtype, + const cfg_type_t *othertype, cfg_obj_t **ret) +{ + isc_result_t result; + CHECK(cfg_peektoken(pctx, 0)); + if (pctx->token.type == isc_tokentype_string && + cfg_is_enum(TOKEN_STRING(pctx), enumtype->of)) + { + CHECK(cfg_parse_enum(pctx, enumtype, ret)); + } else { + CHECK(cfg_parse_obj(pctx, othertype, ret)); + } + cleanup: + return (result); +} + +void +cfg_doc_enum_or_other(cfg_printer_t *pctx, const cfg_type_t *enumtype, + const cfg_type_t *othertype) +{ + const char * const *p; + bool first = true; + + /* + * If othertype is cfg_type_void, it means that enumtype is + * optional. + */ + + if (othertype == &cfg_type_void) { + cfg_print_cstr(pctx, "[ "); + } + cfg_print_cstr(pctx, "( "); + for (p = enumtype->of; *p != NULL; p++) { + if (!first) { + cfg_print_cstr(pctx, " | "); + } + first = false; + cfg_print_cstr(pctx, *p); + } + if (othertype != &cfg_type_void) { + if (!first) { + cfg_print_cstr(pctx, " | "); + } + cfg_doc_terminal(pctx, othertype); + } + cfg_print_cstr(pctx, " )"); + if (othertype == &cfg_type_void) { + cfg_print_cstr(pctx, " ]"); + } +} + void cfg_print_ustring(cfg_printer_t *pctx, const cfg_obj_t *obj) { REQUIRE(pctx != NULL); @@ -1274,6 +1326,101 @@ LIBISCCFG_EXTERNAL_DATA cfg_type_t cfg_type_bracketed_text = { &cfg_rep_string, NULL }; +/*% + * A bracketed address match list + */ + +static cfg_type_t cfg_type_addrmatchelt; +static cfg_type_t cfg_type_negated; + +static isc_result_t +parse_addrmatchelt(cfg_parser_t *pctx, const cfg_type_t *type, + cfg_obj_t **ret) +{ + isc_result_t result; + UNUSED(type); + + CHECK(cfg_peektoken(pctx, CFG_LEXOPT_QSTRING)); + + if (pctx->token.type == isc_tokentype_string || + pctx->token.type == isc_tokentype_qstring) { + if (pctx->token.type == isc_tokentype_string && + (strcasecmp(TOKEN_STRING(pctx), "key") == 0)) { + CHECK(cfg_parse_obj(pctx, &cfg_type_keyref, ret)); + } else if (pctx->token.type == isc_tokentype_string && + (strcasecmp(TOKEN_STRING(pctx), "geoip") == 0)) { +#ifdef HAVE_GEOIP + CHECK(cfg_gettoken(pctx, 0)); + CHECK(cfg_parse_obj(pctx, &cfg_type_geoip, ret)); +#else + cfg_parser_error(pctx, CFG_LOG_NEAR, "'geoip' " + "not supported in this build"); + return (ISC_R_UNEXPECTEDTOKEN); +#endif + } else { + if (cfg_lookingat_netaddr(pctx, CFG_ADDR_V4OK | + CFG_ADDR_V4PREFIXOK | + CFG_ADDR_V6OK)) + { + CHECK(cfg_parse_netprefix(pctx, NULL, ret)); + } else { + CHECK(cfg_parse_astring(pctx, NULL, ret)); + } + } + } else if (pctx->token.type == isc_tokentype_special) { + if (pctx->token.value.as_char == '{') { + /* Nested match list. */ + CHECK(cfg_parse_obj(pctx, + &cfg_type_bracketed_aml, ret)); + } else if (pctx->token.value.as_char == '!') { + CHECK(cfg_gettoken(pctx, 0)); /* read "!" */ + CHECK(cfg_parse_obj(pctx, &cfg_type_negated, ret)); + } else { + goto bad; + } + } else { + bad: + cfg_parser_error(pctx, CFG_LOG_NEAR, + "expected IP match list element"); + return (ISC_R_UNEXPECTEDTOKEN); + } + cleanup: + return (result); +} + +/*% + * A negated address match list element (like "! 10.0.0.1"). + * Somewhat sneakily, the caller is expected to parse the + * "!", but not to print it. + */ +static cfg_tuplefielddef_t negated_fields[] = { + { "negated", &cfg_type_addrmatchelt, 0 }, + { NULL, NULL, 0 } +}; + +static void +print_negated(cfg_printer_t *pctx, const cfg_obj_t *obj) { + cfg_print_cstr(pctx, "!"); + cfg_print_tuple(pctx, obj); +} + +static cfg_type_t cfg_type_negated = { + "negated", cfg_parse_tuple, print_negated, NULL, &cfg_rep_tuple, + &negated_fields +}; + +/*% An address match list element */ + +static cfg_type_t cfg_type_addrmatchelt = { + "address_match_element", parse_addrmatchelt, NULL, cfg_doc_terminal, + NULL, NULL +}; + +LIBISCCFG_EXTERNAL_DATA cfg_type_t cfg_type_bracketed_aml = { + "bracketed_aml", cfg_parse_bracketed_list, cfg_print_bracketed_list, + cfg_doc_bracketed_list, &cfg_rep_list, &cfg_type_addrmatchelt +}; + /* * Optional bracketed text */ @@ -2045,6 +2192,7 @@ static struct flagtext { { CFG_CLAUSEFLAG_MULTI, "may occur multiple times" }, { CFG_CLAUSEFLAG_EXPERIMENTAL, "experimental" }, { CFG_CLAUSEFLAG_NOOP, "non-operational" }, + { CFG_CLAUSEFLAG_DEPRECATED, "deprecated" }, { 0, NULL } }; diff --git a/lib/isccfg/win32/libisccfg.def b/lib/isccfg/win32/libisccfg.def index c5e9be790c..3538e01e2f 100644 --- a/lib/isccfg/win32/libisccfg.def +++ b/lib/isccfg/win32/libisccfg.def @@ -14,6 +14,7 @@ cfg_create_obj cfg_create_tuple cfg_doc_bracketed_list cfg_doc_enum +cfg_doc_enum_or_other cfg_doc_map cfg_doc_mapbody cfg_doc_obj @@ -71,6 +72,7 @@ cfg_parse_buffer3 cfg_parse_buffer4 cfg_parse_dscp cfg_parse_enum +cfg_parse_enum_or_other cfg_parse_file cfg_parse_fixedpoint cfg_parse_listelt diff --git a/lib/ns/hooks.c b/lib/ns/hooks.c index 902cb8915c..6835617b4c 100644 --- a/lib/ns/hooks.c +++ b/lib/ns/hooks.c @@ -330,6 +330,7 @@ unload_library(ns_hook_module_t **hmodp) { isc_result_t ns_hookmodule_load(const char *libname, const char *parameters, const char *file, unsigned long line, + const void *cfg, void *actx, ns_hookctx_t *hctx, ns_hooktable_t *hooktable) { isc_result_t result; @@ -342,8 +343,9 @@ ns_hookmodule_load(const char *libname, const char *parameters, "loading module '%s'", libname); CHECK(load_library(hctx->mctx, libname, &module)); - CHECK(module->register_func(parameters, file, line, hctx, - hooktable, &module->inst)); + CHECK(module->register_func(parameters, file, line, + cfg, actx, hctx, hooktable, + &module->inst)); APPEND(hook_modules, module, link); result = ISC_R_SUCCESS; diff --git a/lib/ns/include/ns/hooks.h b/lib/ns/include/ns/hooks.h index 8c249274d1..f89201a48b 100644 --- a/lib/ns/include/ns/hooks.h +++ b/lib/ns/include/ns/hooks.h @@ -238,6 +238,8 @@ typedef struct ns_hookctx { typedef isc_result_t ns_hook_register_t(const char *parameters, const char *file, unsigned long line, + const void *cfg, + void *actx, ns_hookctx_t *hctx, ns_hooktable_t *hooktable, void **instp); @@ -312,6 +314,7 @@ ns_hook_destroyctx(ns_hookctx_t **hctxp); isc_result_t ns_hookmodule_load(const char *libname, const char *parameters, const char *file, unsigned long line, + const void *cfg, void *actx, ns_hookctx_t *hctx, ns_hooktable_t *hooktable); void ns_hookmodule_cleanup(void); diff --git a/lib/ns/query.c b/lib/ns/query.c index 57d25f3f82..a83730c362 100644 --- a/lib/ns/query.c +++ b/lib/ns/query.c @@ -6961,8 +6961,6 @@ query_respond(query_ctx_t *qctx) { dns_rdataset_t **sigrdatasetp = NULL; isc_result_t result; - PROCESS_HOOK(NS_QUERY_RESPOND_BEGIN, qctx); - /* * If we have a zero ttl from the cache, refetch. */ @@ -7016,6 +7014,16 @@ query_respond(query_ctx_t *qctx) { return (query_lookup(qctx)); } + /* + * XXX: This hook is meant to be at the top of this function, + * but is postponed until after DNS64 in order to avoid an + * assertion if the hook causes recursion. (When DNS64 also + * becomes a hook module, it will be necessary to find some + * other way to prevent that assertion, since the order in + * which hook modules are configured can't be enforced.) + */ + PROCESS_HOOK(NS_QUERY_RESPOND_BEGIN, qctx); + if (WANTDNSSEC(qctx->client) && qctx->sigrdataset != NULL) { sigrdatasetp = &qctx->sigrdataset; }