1394. [func] It is now possible to check if a particular element is

in a acl. Remove duplicate entries from the localnets acl. 1393. [port] Bind to individual IPv6 interfaces if IPV6_IPV6ONLY is not available in the kernel to prevent accidently listening on IPv4 interfaces. developer: jinmei reviewer: marka
2025-08-31 14:35:26 +00:00 · 2002-10-29 04:40:26 +00:00
parent 2357adb0d4
commit aa39170da8
9 changed files with 308 additions and 24 deletions
--- a/lib/dns/acl.c
+++ b/lib/dns/acl.c
@@ -15,7 +15,7 @@
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: acl.c,v 1.23 2001/05/31 10:43:37 tale Exp $ */
+/* $Id: acl.c,v 1.24 2002/10/29 04:40:23 marka Exp $ */

 #include <config.h>

@@ -149,6 +149,29 @@ dns_acl_match(isc_netaddr_t *reqaddr,
 	return (ISC_R_SUCCESS);
 }

+isc_result_t
+dns_acl_elementmatch(dns_acl_t *acl,
+		     dns_aclelement_t *elt,
+		     dns_aclelement_t **matchelt)
+{
+	unsigned int i;
+
+	REQUIRE(elt != NULL);
+	REQUIRE(matchelt == NULL || *matchelt == NULL);
+	
+	for (i = 0; i < acl->length; i++) {
+		dns_aclelement_t *e = &acl->elements[i];
+
+		if (dns_aclelement_equal(e, elt) == ISC_TRUE) {
+			if (matchelt != NULL)
+				*matchelt = e;
+			return (ISC_R_SUCCESS);
+		}
+	}
+
+	return (ISC_R_NOTFOUND);
+}
+
 isc_boolean_t
 dns_aclelement_match(isc_netaddr_t *reqaddr,
 		     dns_name_t *reqsigner,
@@ -297,8 +320,9 @@ dns_aclelement_equal(dns_aclelement_t *ea, dns_aclelement_t *eb) {
 		if (ea->u.ip_prefix.prefixlen !=
 		    eb->u.ip_prefix.prefixlen)
 			return (ISC_FALSE);
-		return (isc_netaddr_equal(&ea->u.ip_prefix.address,
-					  &eb->u.ip_prefix.address));
+		return (isc_netaddr_eqprefix(&ea->u.ip_prefix.address,
+					     &eb->u.ip_prefix.address,
+					     ea->u.ip_prefix.prefixlen));
 	case dns_aclelementtype_keyname:
 		return (dns_name_equal(&ea->u.keyname, &eb->u.keyname));
 	case dns_aclelementtype_nestedacl:
--- a/lib/dns/include/dns/acl.h
+++ b/lib/dns/include/dns/acl.h
@@ -15,7 +15,7 @@
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: acl.h,v 1.20 2001/08/28 03:58:11 marka Exp $ */
+/* $Id: acl.h,v 1.21 2002/10/29 04:40:24 marka Exp $ */

 #ifndef DNS_ACL_H
 #define DNS_ACL_H 1
@@ -199,6 +199,23 @@ dns_aclelement_match(isc_netaddr_t *reqaddr,
 * returned through 'matchelt' is not necessarily 'e' itself.
 */

+isc_result_t
+dns_acl_elementmatch(dns_acl_t *acl,
+		     dns_aclelement_t *elt,
+		     dns_aclelement_t **matchelt);
+/*
+ * Search for an ACL element in 'acl' which is exactly the same as 'elt'.
+ * If there is one, and 'matchelt' is non NULL, then '*matchelt' will point
+ * to the entry.
+ *
+ * This function is intended to be used for avoiding duplicated ACL entries
+ * before adding an entry.
+ *
+ * Returns:
+ *	ISC_R_SUCCESS		Match succeeds.
+ *	ISC_R_NOTFOUND		Match fails.
+ */
+
 ISC_LANG_ENDDECLS

 #endif /* DNS_ACL_H */