mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 14:07:59 +00:00
Code Issues Releases Wiki Activity

add HAVE_GEOIP2 #ifdef branches, without implementing yet

Browse Source
This commit is contained in:
Evan Hunt 2019-06-11 18:36:52 -07:00
parent fea6b5bf10
commit fe46d5bc34
14 changed files with 195 additions and 137 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
bin/named/geoip.c
View File

@ -24,7 +24,7 @@ static dns_geoip_databases_t geoip_table = {
};
static void
init_geoip_db(GeoIP **dbp, GeoIPDBTypes edition, GeoIPDBTypes fallback,
init_geoip_db(void **dbp, GeoIPDBTypes edition, GeoIPDBTypes fallback,
GeoIPOptions method, const char *name)
{
char *info;
@ -32,7 +32,7 @@ init_geoip_db(GeoIP **dbp, GeoIPDBTypes edition, GeoIPDBTypes fallback,
REQUIRE(dbp != NULL);
db = *dbp;
db = (GeoIP *)*dbp;
if (db != NULL) {
GeoIP_delete(db);
@ -79,23 +79,22 @@ init_geoip_db(GeoIP **dbp, GeoIPDBTypes edition, GeoIPDBTypes fallback,
void
named_geoip_init(void) {
#ifndef HAVE_GEOIP
return;
#else
#if defined(HAVE_GEOIP2)
/* TODO GEOIP2 */
#elif defined(HAVE_GEOIP)
GeoIP_cleanup();
if (named_g_geoip == NULL)
named_g_geoip = &geoip_table;
#else
return;
#endif
}
void
named_geoip_load(char *dir) {
#ifndef HAVE_GEOIP
UNUSED(dir);
return;
#else
#if defined(HAVE_GEOIP2)
/* TODO GEOIP2 */
#elif defined(HAVE_GEOIP)
GeoIPOptions method;
#ifdef _WIN32
@ -139,5 +138,9 @@ named_geoip_load(char *dir) {
method, "Domain");
init_geoip_db(&named_g_geoip->netspeed, GEOIP_NETSPEED_EDITION, 0,
method, "NetSpeed");
#endif /* HAVE_GEOIP */
#else
UNUSED(dir);
return;
#endif
}

2
bin/named/include/named/globals.h
View File

@ -154,7 +154,7 @@ EXTERN bool named_g_keepstderr INIT(false);
EXTERN unsigned int named_g_tat_interval INIT(24*3600);
#ifdef HAVE_GEOIP
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
EXTERN dns_geoip_databases_t *named_g_geoip INIT(NULL);
#endif

27
bin/named/server.c
View File

@ -105,9 +105,9 @@
#include <named/config.h>
#include <named/control.h>
#ifdef HAVE_GEOIP
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#include <named/geoip.h>
#endif /* HAVE_GEOIP */
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
#include <named/log.h>
#include <named/logconf.h>
#include <named/main.h>
@ -8261,7 +8261,7 @@ load_configuration(const char *filename, named_server_t *server,
}
isc_socketmgr_setreserved(named_g_socketmgr, reserved);
#ifdef HAVE_GEOIP
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
/*
* Initialize GeoIP databases from the configured location.
* This should happen before configuring any ACLs, so that we
@ -8278,7 +8278,7 @@ load_configuration(const char *filename, named_server_t *server,
named_geoip_load(NULL);
}
named_g_aclconfctx->geoip = named_g_geoip;
#endif /* HAVE_GEOIP */
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
/*
* Configure various server options.
@ -9491,25 +9491,18 @@ run_server(isc_task_t *task, isc_event_t *event) {
dns_dispatchmgr_setstats(named_g_dispatchmgr, server->resolverstats);
#ifdef HAVE_GEOIP
CHECKFATAL(ns_interfacemgr_create(named_g_mctx, server->sctx,
named_g_taskmgr, named_g_timermgr,
named_g_socketmgr,
named_g_dispatchmgr,
server->task, named_g_udpdisp,
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
named_g_geoip,
&server->interfacemgr),
"creating interface manager");
#else
CHECKFATAL(ns_interfacemgr_create(named_g_mctx, server->sctx,
named_g_taskmgr, named_g_timermgr,
named_g_socketmgr,
named_g_dispatchmgr,
server->task, named_g_udpdisp,
NULL,
#endif
&server->interfacemgr),
"creating interface manager");
#endif
CHECKFATAL(isc_timer_create(named_g_timermgr, isc_timertype_inactive,
NULL, NULL, server->task,
@ -9631,9 +9624,9 @@ shutdown_server(isc_task_t *task, isc_event_t *event) {
#ifdef HAVE_DNSTAP
dns_dt_shutdown();
#endif
#ifdef HAVE_GEOIP
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
dns_geoip_shutdown();
#endif
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
dns_db_detach(&server->in_roothints);
@ -9749,14 +9742,14 @@ named_server_create(isc_mem_t *mctx, named_server_t **serverp) {
&server->sctx),
"creating server context");
#ifdef HAVE_GEOIP
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
/*
* GeoIP must be initialized before the interface
* manager (which includes the ACL environment)
* is created
*/
named_geoip_init();
#endif
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
#ifdef ENABLE_AFL
server->sctx->fuzztype = named_g_fuzz_type;

8
bin/tests/system/feature-test.c
View File

@ -125,6 +125,14 @@ main(int argc, char **argv) {
#endif
}
if (strcmp(argv[1], "--have-geoip2") == 0) {
#ifdef HAVE_GEOIP2
return (0);
#else
return (1);
#endif
}
if (strcmp(argv[1], "--have-libxml2") == 0) {
#ifdef HAVE_LIBXML2
return (0);

10
lib/dns/acl.c
View File

@ -329,7 +329,7 @@ dns_acl_merge(dns_acl_t *dest, dns_acl_t *source, bool pos)
return result;
}
#ifdef HAVE_GEOIP
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
/* Duplicate GeoIP data */
if (source->elements[i].type == dns_aclelementtype_geoip) {
dest->elements[nelem + i].geoip_elem =
@ -407,7 +407,7 @@ dns_aclelement_match(const isc_netaddr_t *reqaddr,
inner = env->localnets;
break;
#ifdef HAVE_GEOIP
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
case dns_aclelementtype_geoip:
if (env == NULL || env->geoip == NULL)
return (false);
@ -583,7 +583,7 @@ dns_acl_isinsecure(const dns_acl_t *a) {
return (true);
continue;
#ifdef HAVE_GEOIP
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
case dns_aclelementtype_geoip:
#endif
case dns_aclelementtype_localnets:
@ -636,7 +636,7 @@ dns_aclenv_init(isc_mem_t *mctx, dns_aclenv_t *env) {
if (result != ISC_R_SUCCESS)
goto cleanup_localhost;
env->match_mapped = false;
#ifdef HAVE_GEOIP
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
env->geoip = NULL;
#endif
return (ISC_R_SUCCESS);
@ -654,7 +654,7 @@ dns_aclenv_copy(dns_aclenv_t *t, dns_aclenv_t *s) {
dns_acl_detach(&t->localnets);
dns_acl_attach(s->localnets, &t->localnets);
t->match_mapped = s->match_mapped;
#ifdef HAVE_GEOIP
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
t->geoip = s->geoip;
#endif
}

16
lib/dns/include/dns/acl.h
View File

@ -32,14 +32,16 @@
#include <isc/netaddr.h>
#include <isc/refcount.h>
#ifdef HAVE_GEOIP
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
#include <dns/geoip.h>
#endif
#include <dns/name.h>
#include <dns/types.h>
#include <dns/iptable.h>
#ifdef HAVE_GEOIP
#if defined(HAVE_GEOIP2)
#include <maxminddb.h>
#elif defined(HAVE_GEOIP)
#include <GeoIP.h>
#endif
@ -53,9 +55,9 @@ typedef enum {
dns_aclelementtype_nestedacl,
dns_aclelementtype_localhost,
dns_aclelementtype_localnets,
#ifdef HAVE_GEOIP
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
dns_aclelementtype_geoip,
#endif /* HAVE_GEOIP */
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
dns_aclelementtype_any
} dns_aclelementtype_t;
@ -70,9 +72,9 @@ struct dns_aclelement {
dns_aclelementtype_t type;
bool negative;
dns_name_t keyname;
#ifdef HAVE_GEOIP
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
dns_geoip_elem_t geoip_elem;
#endif /* HAVE_GEOIP */
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
dns_acl_t *nestedacl;
int node_num;
};
@ -95,7 +97,7 @@ struct dns_aclenv {
dns_acl_t *localhost;
dns_acl_t *localnets;
bool match_mapped;
#ifdef HAVE_GEOIP
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
dns_geoip_databases_t *geoip;
#endif
};

36
lib/dns/include/dns/geoip.h
View File

@ -36,12 +36,6 @@
#include <dns/types.h>
#include <dns/iptable.h>
#ifdef HAVE_GEOIP
#include <GeoIP.h>
#else
typedef void GeoIP;
#endif
/***
*** Types
***/
@ -78,7 +72,7 @@ typedef enum {
typedef struct dns_geoip_elem {
dns_geoip_subtype_t subtype;
GeoIP *db;
void *db;
union {
char as_string[256];
int as_int;
@ -86,16 +80,24 @@ typedef struct dns_geoip_elem {
} dns_geoip_elem_t;
typedef struct dns_geoip_databases {
GeoIP *country_v4; /* DB 1 */
GeoIP *city_v4; /* DB 2 or 6 */
GeoIP *region; /* DB 3 or 7 */
GeoIP *isp; /* DB 4 */
GeoIP *org; /* DB 5 */
GeoIP *as; /* DB 9 */
GeoIP *netspeed; /* DB 10 */
GeoIP *domain; /* DB 11 */
GeoIP *country_v6; /* DB 12 */
GeoIP *city_v6; /* DB 30 or 31 */
#if defined(HAVE_GEOIP2)
void *country; /* GeoIP2-Country or GeoLite2-Country */
void *city; /* GeoIP2-CIty or GeoLite2-City */
void *domain; /* GeoIP2-Domain */
void *isp; /* GeoIP2-ISP */
void *as; /* GeoIP2-ASN or GeoLite2-ASN */
#elif defined(HAVE_GEOIP)
void *country_v4; /* DB 1 */
void *city_v4; /* DB 2 or 6 */
void *region; /* DB 3 or 7 */
void *isp; /* DB 4 */
void *org; /* DB 5 */
void *as; /* DB 9 */
void *netspeed; /* DB 10 */
void *domain; /* DB 11 */
void *country_v6; /* DB 12 */
void *city_v6; /* DB 30 or 31 */
#endif
} dns_geoip_databases_t;
/***

16
lib/dns/tests/acl_test.c
View File

@ -64,11 +64,11 @@ dns_acl_isinsecure_test(void **state) {
dns_acl_t *none = NULL;
dns_acl_t *notnone = NULL;
dns_acl_t *notany = NULL;
#ifdef HAVE_GEOIP
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
dns_acl_t *geoip = NULL;
dns_acl_t *notgeoip = NULL;
dns_aclelement_t *de;
#endif
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
UNUSED(state);
@ -90,7 +90,7 @@ dns_acl_isinsecure_test(void **state) {
result = dns_acl_merge(notany, any, false);
assert_int_equal(result, ISC_R_SUCCESS);
#ifdef HAVE_GEOIP
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
result = dns_acl_create(dt_mctx, 1, &geoip);
assert_int_equal(result, ISC_R_SUCCESS);
@ -111,26 +111,26 @@ dns_acl_isinsecure_test(void **state) {
result = dns_acl_merge(notgeoip, geoip, false);
assert_int_equal(result, ISC_R_SUCCESS);
#endif
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
assert_true(dns_acl_isinsecure(any)); /* any; */
assert_false(dns_acl_isinsecure(none)); /* none; */
assert_false(dns_acl_isinsecure(notany)); /* !any; */
assert_false(dns_acl_isinsecure(notnone)); /* !none; */
#ifdef HAVE_GEOIP
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
assert_true(dns_acl_isinsecure(geoip)); /* geoip; */
assert_false(dns_acl_isinsecure(notgeoip)); /* !geoip; */
#endif
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
dns_acl_detach(&any);
dns_acl_detach(&none);
dns_acl_detach(&notany);
dns_acl_detach(&notnone);
#ifdef HAVE_GEOIP
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
dns_acl_detach(&geoip);
dns_acl_detach(&notgeoip);
#endif
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
}
int

22
lib/dns/tests/geoip_test.c
View File

@ -32,12 +32,19 @@
#include "dnstest.h"
#ifdef HAVE_GEOIP
#if defined(HAVE_GEOIP2)
#include <maxminddb.h>
/* TODO GEOIP2 */
#define TEST_GEOIP_DATA ""
#elif defined(HAVE_GEOI2)
#include <GeoIP.h>
/* We use GeoIP databases from the 'geoip' system test */
#define TEST_GEOIP_DATA "../../../bin/tests/system/geoip/data"
#endif
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
static int
_setup(void **state) {
isc_result_t result;
@ -58,7 +65,9 @@ _teardown(void **state) {
return (0);
}
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
#ifdef HAVE_GEOIP
/*
* Helper functions
* (Mostly copied from bin/named/geoip.c)
@ -68,14 +77,14 @@ static dns_geoip_databases_t geoip = {
};
static void
init_geoip_db(GeoIP **dbp, GeoIPDBTypes edition, GeoIPDBTypes fallback,
init_geoip_db(void **dbp, GeoIPDBTypes edition, GeoIPDBTypes fallback,
GeoIPOptions method, const char *name)
{
GeoIP *db;
REQUIRE(dbp != NULL);
db = *dbp;
db = (GeoIP *)*dbp;
if (db != NULL) {
GeoIP_delete(db);
@ -563,7 +572,10 @@ netspeed(void **state) {
int
main(void) {
#ifdef HAVE_GEOIP
#if defined(HAVE_GEOIP2)
/* TODO GEOIP2 */
print_message("1..0 # Skip geoip2 tests not complete\n");
#elif defined(HAVE_GEOIP)
const struct CMUnitTest tests[] = {
cmocka_unit_test_setup_teardown(country, _setup, _teardown),
cmocka_unit_test_setup_teardown(country_v6, _setup, _teardown),
@ -581,7 +593,7 @@ main(void) {
return (cmocka_run_group_tests(tests, NULL, NULL));
#else
print_message("1..0 # Skip geoip not enabled\n");
#endif /* HAVE_GEOIP */
#endif
}
#else /* HAVE_CMOCKA */

150
lib/isccfg/aclconf.c
View File

@ -49,7 +49,7 @@ cfg_aclconfctx_create(isc_mem_t *mctx, cfg_aclconfctx_t **ret) {
isc_mem_attach(mctx, &actx->mctx);
ISC_LIST_INIT(actx->named_acl_cache);
#ifdef HAVE_GEOIP
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
actx->geoip = NULL;
#endif
@ -104,7 +104,8 @@ get_acl_def(const cfg_obj_t *cctx, const char *name, const cfg_obj_t **ret) {
elt != NULL;
elt = cfg_list_next(elt)) {
const cfg_obj_t *acl = cfg_listelt_value(elt);
const char *aclname = cfg_obj_asstring(cfg_tuple_get(acl, "name"));
const char *aclname =
cfg_obj_asstring(cfg_tuple_get(acl, "name"));
if (strcasecmp(aclname, name) == 0) {
if (ret != NULL) {
*ret = cfg_tuple_get(acl, "value");
@ -246,12 +247,12 @@ count_acl_elements(const cfg_obj_t *caml, const cfg_obj_t *cctx,
n += sub;
if (negative)
n++;
#ifdef HAVE_GEOIP
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
} else if (cfg_obj_istuple(ce) &&
cfg_obj_isvoid(cfg_tuple_get(ce, "negated")))
{
n++;
#endif /* HAVE_GEOIP */
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
} else if (cfg_obj_isstring(ce)) {
const char *name = cfg_obj_asstring(ce);
if (strcasecmp(name, "localhost") == 0 ||
@ -283,58 +284,64 @@ count_acl_elements(const cfg_obj_t *caml, const cfg_obj_t *cctx,
return (ISC_R_SUCCESS);
}
#ifdef HAVE_GEOIP
#if defined(HAVE_GEOIP)
static dns_geoip_subtype_t
get_subtype(const cfg_obj_t *obj, isc_log_t *lctx,
dns_geoip_subtype_t subtype, const char *dbname)
{
if (dbname == NULL)
if (dbname == NULL) {
return (subtype);
}
switch (subtype) {
case dns_geoip_countrycode:
if (strcasecmp(dbname, "city") == 0)
if (strcasecmp(dbname, "city") == 0) {
return (dns_geoip_city_countrycode);
else if (strcasecmp(dbname, "region") == 0)
} else if (strcasecmp(dbname, "region") == 0) {
return (dns_geoip_region_countrycode);
else if (strcasecmp(dbname, "country") == 0)
} else if (strcasecmp(dbname, "country") == 0) {
return (dns_geoip_country_code);
}
cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
"invalid GeoIP DB specified for "
"country search: ignored");
return (subtype);
case dns_geoip_countrycode3:
if (strcasecmp(dbname, "city") == 0)
if (strcasecmp(dbname, "city") == 0) {
return (dns_geoip_city_countrycode3);
else if (strcasecmp(dbname, "country") == 0)
} else if (strcasecmp(dbname, "country") == 0) {
return (dns_geoip_country_code3);
}
cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
"invalid GeoIP DB specified for "
"country search: ignored");
return (subtype);
case dns_geoip_countryname:
if (strcasecmp(dbname, "city") == 0)
if (strcasecmp(dbname, "city") == 0) {
return (dns_geoip_city_countryname);
else if (strcasecmp(dbname, "country") == 0)
} else if (strcasecmp(dbname, "country") == 0) {
return (dns_geoip_country_name);
}
cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
"invalid GeoIP DB specified for "
"country search: ignored");
return (subtype);
case dns_geoip_region:
if (strcasecmp(dbname, "city") == 0)
if (strcasecmp(dbname, "city") == 0) {
return (dns_geoip_city_region);
else if (strcasecmp(dbname, "region") == 0)
} else if (strcasecmp(dbname, "region") == 0) {
return (dns_geoip_region_code);
}
cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
"invalid GeoIP DB specified for "
"region search: ignored");
return (subtype);
case dns_geoip_regionname:
if (strcasecmp(dbname, "city") == 0)
if (strcasecmp(dbname, "city") == 0) {
return (dns_geoip_city_region);
else if (strcasecmp(dbname, "region") == 0)
} else if (strcasecmp(dbname, "region") == 0) {
return (dns_geoip_region_name);
}
cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
"invalid GeoIP DB specified for "
"region search: ignored");
@ -350,40 +357,46 @@ get_subtype(const cfg_obj_t *obj, isc_log_t *lctx,
case dns_geoip_city_areacode:
case dns_geoip_city_continentcode:
case dns_geoip_city_timezonecode:
if (strcasecmp(dbname, "city") != 0)
if (strcasecmp(dbname, "city") != 0) {
cfg_obj_log(obj, lctx, ISC_LOG_WARNING,
"invalid GeoIP DB specified for "
"a 'city'-only search type: ignoring");
}
return (subtype);
case dns_geoip_isp_name:
if (strcasecmp(dbname, "isp") != 0)
if (strcasecmp(dbname, "isp") != 0) {
cfg_obj_log(obj, lctx, ISC_LOG_WARNING,
"invalid GeoIP DB specified for "
"an 'isp' search: ignoring");
}
return (subtype);
case dns_geoip_org_name:
if (strcasecmp(dbname, "org") != 0)
if (strcasecmp(dbname, "org") != 0) {
cfg_obj_log(obj, lctx, ISC_LOG_WARNING,
"invalid GeoIP DB specified for "
"an 'org' search: ignoring");
}
return (subtype);
case dns_geoip_as_asnum:
if (strcasecmp(dbname, "asnum") != 0)
if (strcasecmp(dbname, "asnum") != 0) {
cfg_obj_log(obj, lctx, ISC_LOG_WARNING,
"invalid GeoIP DB specified for "
"an 'asnum' search: ignoring");
}
return (subtype);
case dns_geoip_domain_name:
if (strcasecmp(dbname, "domain") != 0)
if (strcasecmp(dbname, "domain") != 0) {
cfg_obj_log(obj, lctx, ISC_LOG_WARNING,
"invalid GeoIP DB specified for "
"a 'domain' search: ignoring");
}
return (subtype);
case dns_geoip_netspeed_id:
if (strcasecmp(dbname, "netspeed") != 0)
if (strcasecmp(dbname, "netspeed") != 0) {
cfg_obj_log(obj, lctx, ISC_LOG_WARNING,
"invalid GeoIP DB specified for "
"a 'netspeed' search: ignoring");
}
return (subtype);
default:
INSIST(0);
@ -393,8 +406,9 @@ get_subtype(const cfg_obj_t *obj, isc_log_t *lctx,
static bool
geoip_can_answer(dns_aclelement_t *elt, cfg_aclconfctx_t *ctx) {
if (ctx->geoip == NULL)
if (ctx->geoip == NULL) {
return (true);
}
switch (elt->geoip_elem.subtype) {
case dns_geoip_countrycode:
@ -440,31 +454,39 @@ geoip_can_answer(dns_aclelement_t *elt, cfg_aclconfctx_t *ctx) {
case dns_geoip_city_timezonecode:
if (ctx->geoip->city_v4 != NULL ||
ctx->geoip->city_v6 != NULL)
{
return (true);
}
/* FALLTHROUGH */
case dns_geoip_isp_name:
if (ctx->geoip->isp != NULL)
if (ctx->geoip->isp != NULL) {
return (true);
}
/* FALLTHROUGH */
case dns_geoip_org_name:
if (ctx->geoip->org != NULL)
if (ctx->geoip->org != NULL) {
return (true);
}
/* FALLTHROUGH */
case dns_geoip_as_asnum:
if (ctx->geoip->as != NULL)
if (ctx->geoip->as != NULL) {
return (true);
}
/* FALLTHROUGH */
case dns_geoip_domain_name:
if (ctx->geoip->domain != NULL)
if (ctx->geoip->domain != NULL) {
return (true);
}
/* FALLTHROUGH */
case dns_geoip_netspeed_id:
if (ctx->geoip->netspeed != NULL)
if (ctx->geoip->netspeed != NULL) {
return (true);
}
}
return (false);
}
#endif
static isc_result_t
parse_geoip_element(const cfg_obj_t *obj, isc_log_t *lctx,
@ -482,8 +504,9 @@ parse_geoip_element(const cfg_obj_t *obj, isc_log_t *lctx,
de = *dep;
ge = cfg_tuple_get(obj, "db");
if (!cfg_obj_isvoid(ge))
if (!cfg_obj_isvoid(ge)) {
dbname = cfg_obj_asstring(ge);
}
stype = cfg_obj_asstring(cfg_tuple_get(obj, "subtype"));
search = cfg_obj_asstring(cfg_tuple_get(obj, "search"));
@ -600,7 +623,6 @@ parse_geoip_element(const cfg_obj_t *obj, isc_log_t *lctx,
return (ISC_R_SUCCESS);
}
#endif
isc_result_t
cfg_acl_fromconfig(const cfg_obj_t *caml, const cfg_obj_t *cctx,
@ -655,12 +677,14 @@ cfg_acl_fromconfig2(const cfg_obj_t *caml, const cfg_obj_t *cctx,
mctx, &nelem, NULL);
if (result != ISC_R_SUCCESS)
return (result);
} else
} else {
nelem = cfg_list_length(caml, false);
}
result = dns_acl_create(mctx, nelem, &dacl);
if (result != ISC_R_SUCCESS)
if (result != ISC_R_SUCCESS) {
return (result);
}
}
de = dacl->elements;
@ -694,8 +718,9 @@ cfg_acl_fromconfig2(const cfg_obj_t *caml, const cfg_obj_t *cctx,
result = dns_acl_create(mctx,
cfg_list_length(ce, false),
&de->nestedacl);
if (result != ISC_R_SUCCESS)
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
iptab = de->nestedacl->iptable;
}
@ -711,8 +736,9 @@ cfg_acl_fromconfig2(const cfg_obj_t *caml, const cfg_obj_t *cctx,
cfg_obj_log(ce, lctx, ISC_LOG_WARNING,
"'%s': incorrect address family; "
"ignoring", buf);
if (nest_level != 0)
if (nest_level != 0) {
dns_acl_detach(&de->nestedacl);
}
continue;
}
result = isc_netaddr_prefixok(&addr, bitlen);
@ -732,15 +758,17 @@ cfg_acl_fromconfig2(const cfg_obj_t *caml, const cfg_obj_t *cctx,
setpos = (nest_level != 0 || !neg);
result = dns_iptable_addprefix(iptab, &addr, bitlen,
setpos);
if (result != ISC_R_SUCCESS)
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
if (nest_level > 0) {
INSIST(dacl->length < dacl->alloc);
de->type = dns_aclelementtype_nestedacl;
de->negative = neg;
} else
} else {
continue;
}
} else if (cfg_obj_islist(ce)) {
/*
* If we're nesting ACLs, put the nested
@ -749,29 +777,30 @@ cfg_acl_fromconfig2(const cfg_obj_t *caml, const cfg_obj_t *cctx,
* in two cases: 1) sortlist, 2) if the
* nested ACL contains negated members.
*/
if (inneracl != NULL)
if (inneracl != NULL) {
dns_acl_detach(&inneracl);
}
result = cfg_acl_fromconfig(ce, cctx, lctx,
ctx, mctx, new_nest_level,
&inneracl);
if (result != ISC_R_SUCCESS)
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
nested_acl:
if (nest_level > 0 || inneracl->has_negatives) {
INSIST(dacl->length < dacl->alloc);
de->type = dns_aclelementtype_nestedacl;
de->negative = neg;
if (de->nestedacl != NULL)
if (de->nestedacl != NULL) {
dns_acl_detach(&de->nestedacl);
dns_acl_attach(inneracl,
&de->nestedacl);
}
dns_acl_attach(inneracl, &de->nestedacl);
dns_acl_detach(&inneracl);
/* Fall through. */
} else {
INSIST(dacl->length + inneracl->length
<= dacl->alloc);
dns_acl_merge(dacl, inneracl,
!neg);
dns_acl_merge(dacl, inneracl, !neg);
de += inneracl->length; /* elements added */
dns_acl_detach(&inneracl);
INSIST(dacl->length <= dacl->alloc);
@ -785,19 +814,21 @@ nested_acl:
dns_name_init(&de->keyname, NULL);
result = convert_keyname(ce, lctx, mctx,
&de->keyname);
if (result != ISC_R_SUCCESS)
if (result != ISC_R_SUCCESS) {
goto cleanup;
#ifdef HAVE_GEOIP
}
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
} else if (cfg_obj_istuple(ce) &&
cfg_obj_isvoid(cfg_tuple_get(ce, "negated")))
{
INSIST(dacl->length < dacl->alloc);
result = parse_geoip_element(ce, lctx, ctx, de);
if (result != ISC_R_SUCCESS)
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
de->type = dns_aclelementtype_geoip;
de->negative = neg;
#endif /* HAVE_GEOIP */
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
} else if (cfg_obj_isstring(ce)) {
/* ACL name. */
const char *name = cfg_obj_asstring(ce);
@ -806,15 +837,17 @@ nested_acl:
setpos = (nest_level != 0 || !neg);
result = dns_iptable_addprefix(iptab, NULL, 0,
setpos);
if (result != ISC_R_SUCCESS)
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
if (nest_level != 0) {
INSIST(dacl->length < dacl->alloc);
de->type = dns_aclelementtype_nestedacl;
de->negative = neg;
} else
} else {
continue;
}
} else if (strcasecmp(name, "none") == 0) {
/* none == !any */
/*
@ -826,18 +859,21 @@ nested_acl:
setpos = (nest_level != 0 || neg);
result = dns_iptable_addprefix(iptab, NULL, 0,
setpos);
if (result != ISC_R_SUCCESS)
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
if (!neg)
if (!neg) {
dacl->has_negatives = !neg;
}
if (nest_level != 0) {
INSIST(dacl->length < dacl->alloc);
de->type = dns_aclelementtype_nestedacl;
de->negative = !neg;
} else
} else {
continue;
}
} else if (strcasecmp(name, "localhost") == 0) {
INSIST(dacl->length < dacl->alloc);
de->type = dns_aclelementtype_localhost;
@ -856,8 +892,9 @@ nested_acl:
result = convert_named_acl(ce, cctx, lctx, ctx,
mctx, new_nest_level,
&inneracl);
if (result != ISC_R_SUCCESS)
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
goto nested_acl;
}
@ -876,7 +913,9 @@ nested_acl:
*/
if (de->nestedacl != NULL &&
de->type != dns_aclelementtype_nestedacl)
{
dns_acl_detach(&de->nestedacl);
}
dacl->node_count++;
de->node_num = dacl->node_count;
@ -890,8 +929,9 @@ nested_acl:
result = ISC_R_SUCCESS;
cleanup:
if (inneracl != NULL)
if (inneracl != NULL) {
dns_acl_detach(&inneracl);
}
dns_acl_detach(&dacl);
return (result);
}

4
lib/isccfg/include/isccfg/aclconf.h
View File

@ -19,15 +19,13 @@
#include <isccfg/cfg.h>
#ifdef HAVE_GEOIP
#include <dns/geoip.h>
#endif
#include <dns/types.h>
typedef struct cfg_aclconfctx {
ISC_LIST(dns_acl_t) named_acl_cache;
isc_mem_t *mctx;
#ifdef HAVE_GEOIP
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
dns_geoip_databases_t *geoip;
#endif
isc_refcount_t references;

2
lib/isccfg/namedconf.c
View File

@ -1075,7 +1075,7 @@ options_clauses[] = {
{ "fstrm-set-reopen-interval", &cfg_type_ttlval,
CFG_CLAUSEFLAG_NOTCONFIGURED },
#endif /* HAVE_DNSTAP */
#ifdef HAVE_GEOIP
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
{ "geoip-directory", &cfg_type_qstringornone, 0 },
#else
{ "geoip-directory", &cfg_type_qstringornone,

10
lib/isccfg/parser.c
View File

@ -100,7 +100,7 @@ static void
parser_complain(cfg_parser_t *pctx, bool is_warning,
unsigned int flags, const char *format, va_list args);
#ifdef HAVE_GEOIP
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
static isc_result_t
parse_geoip(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret);
@ -109,7 +109,7 @@ print_geoip(cfg_printer_t *pctx, const cfg_obj_t *obj);
static void
doc_geoip(cfg_printer_t *pctx, const cfg_type_t *type);
#endif /* HAVE_GEOIP */
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
/*
* Data representations. These correspond to members of the
@ -1312,7 +1312,7 @@ LIBISCCFG_EXTERNAL_DATA cfg_type_t cfg_type_bracketed_text = {
&cfg_rep_string, NULL
};
#ifdef HAVE_GEOIP
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
/*
* "geoip" ACL element:
* geoip [ db <database> ] search-type <string>
@ -1406,7 +1406,7 @@ doc_geoip(cfg_printer_t *pctx, const cfg_type_t *type) {
cfg_print_cstr(pctx, " ");
cfg_print_cstr(pctx, "<quoted_string>");
}
#endif /* HAVE_GEOIP */
#endif /* HAVE_GEOIP || HAVE_GEOIP2 */
static cfg_type_t cfg_type_addrmatchelt;
static cfg_type_t cfg_type_negated;
@ -1427,7 +1427,7 @@ parse_addrmatchelt(cfg_parser_t *pctx, const cfg_type_t *type,
CHECK(cfg_parse_obj(pctx, &cfg_type_keyref, ret));
} else if (pctx->token.type == isc_tokentype_string &&
(strcasecmp(TOKEN_STRING(pctx), "geoip") == 0)) {
#ifdef HAVE_GEOIP
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
CHECK(cfg_gettoken(pctx, 0));
CHECK(cfg_parse_obj(pctx, &cfg_type_geoip, ret));
#else

2
lib/ns/interfacemgr.c
View File

@ -230,7 +230,7 @@ ns_interfacemgr_create(isc_mem_t *mctx,
result = dns_aclenv_init(mctx, &mgr->aclenv);
if (result != ISC_R_SUCCESS)
goto cleanup_listenon;
#ifdef HAVE_GEOIP
#if defined(HAVE_GEOIP) || defined(HAVE_GEOIP2)
mgr->aclenv.geoip = geoip;
#else
UNUSED(geoip);