← Back to branch summary

~andreserl/ubuntu/lucid/bind9/bind9-apport-533601

« back to all changes in this revision

Viewing changes to bin/named/zoneconf.c

  • Committer: Bazaar Package Importer
  • Author(s): LaMont Jones
  • Date: 2009-01-26 10:33:42 UTC
  • mfrom: (1.4.1 upstream)
  • Revision ID: james.westby@ubuntu.com-20090126103342-zfv3z8v6jgci62tg
http://bugs.debian.org/511936
http://bugs.debian.org/511768
* New upstream patch release
  - supportable version of fix from 9.5.0.dfsg.P2-5.1
  - CVE-2009-0025:  Closes: #511936
  - 2475: Overly agressive cache entry removal.  Closes: #511768
  - other bug fixes worthy of patch-release inclusion

Show diffs side-by-side

added added

removed removed

Lines of Context:
bin/named/zoneconf.c
15
15
 * PERFORMANCE OF THIS SOFTWARE.
16
16
 */
17
17
 
18
 
/* $Id: zoneconf.c,v 1.139.56.3 2008/05/21 23:26:11 each Exp $ */
 
18
/* $Id: zoneconf.c,v 1.139.56.5 2008/05/29 23:46:34 tbox Exp $ */
19
19
 
20
20
/*% */
21
21
 
45
45
#include <named/server.h>
46
46
#include <named/zoneconf.h>
47
47
 
 
48
/* ACLs associated with zone */
 
49
typedef enum {
 
50
        allow_notify,
 
51
        allow_query,
 
52
        allow_transfer,
 
53
        allow_update,
 
54
        allow_update_forwarding
 
55
} acl_type_t;
 
56
 
48
57
/*%
49
58
 * These are BIND9 server defaults, not necessarily identical to the
50
59
 * library defaults defined in zone.c.
60
69
 */
61
70
static isc_result_t
62
71
configure_zone_acl(const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,
63
 
                   const cfg_obj_t *config, const char *aclname,
 
72
                   const cfg_obj_t *config, acl_type_t acltype,
64
73
                   cfg_aclconfctx_t *actx, dns_zone_t *zone,
65
74
                   void (*setzacl)(dns_zone_t *, dns_acl_t *),
66
75
                   void (*clearzacl)(dns_zone_t *))
67
76
{
68
77
        isc_result_t result;
69
 
        const cfg_obj_t *maps[5];
 
78
        const cfg_obj_t *maps[5] = {NULL, NULL, NULL, NULL, NULL};
70
79
        const cfg_obj_t *aclobj = NULL;
71
80
        int i = 0;
72
 
        dns_acl_t *dacl = NULL;
73
 
 
74
 
        if (zconfig != NULL)
75
 
                maps[i++] = cfg_tuple_get(zconfig, "options");
 
81
        dns_acl_t **aclp = NULL, *acl = NULL;
 
82
        const char *aclname;
 
83
        dns_view_t *view;
 
84
 
 
85
        view = dns_zone_getview(zone);
 
86
 
 
87
        switch (acltype) {
 
88
            case allow_notify:
 
89
                if (view != NULL)
 
90
                        aclp = &view->notifyacl;
 
91
                aclname = "allow-notify";
 
92
                break;
 
93
            case allow_query:
 
94
                if (view != NULL)
 
95
                        aclp = &view->queryacl;
 
96
                aclname = "allow-query";
 
97
                break;
 
98
            case allow_transfer:
 
99
                if (view != NULL)
 
100
                        aclp = &view->transferacl;
 
101
                aclname = "allow-transfer";
 
102
                break;
 
103
            case allow_update:
 
104
                if (view != NULL)
 
105
                        aclp = &view->updateacl;
 
106
                aclname = "allow-update";
 
107
                break;
 
108
            case allow_update_forwarding:
 
109
                if (view != NULL)
 
110
                        aclp = &view->upfwdacl;
 
111
                aclname = "allow-update-forwarding";
 
112
                break;
 
113
            default:
 
114
                INSIST(0);
 
115
                return (ISC_R_FAILURE);
 
116
        }
 
117
 
 
118
        /* First check to see if ACL is defined within the zone */
 
119
        if (zconfig != NULL) {
 
120
                maps[0] = cfg_tuple_get(zconfig, "options");
 
121
                ns_config_get(maps, aclname, &aclobj);
 
122
                if (aclobj != NULL) {
 
123
                        aclp = NULL;
 
124
                        goto parse_acl;
 
125
                }
 
126
        }
 
127
 
 
128
        /* Failing that, see if there's a default ACL already in the view */
 
129
        if (aclp != NULL && *aclp != NULL) {
 
130
                (*setzacl)(zone, *aclp);
 
131
                return (ISC_R_SUCCESS);
 
132
        }
 
133
 
 
134
        /* Check for default ACLs that haven't been parsed yet */
76
135
        if (vconfig != NULL)
77
136
                maps[i++] = cfg_tuple_get(vconfig, "options");
78
137
        if (config != NULL) {
90
149
                return (ISC_R_SUCCESS);
91
150
        }
92
151
 
 
152
parse_acl:
93
153
        result = cfg_acl_fromconfig(aclobj, config, ns_g_lctx, actx,
94
 
                                    dns_zone_getmctx(zone), 0, &dacl);
 
154
                                    dns_zone_getmctx(zone), 0, &acl);
95
155
        if (result != ISC_R_SUCCESS)
96
156
                return (result);
97
 
        (*setzacl)(zone, dacl);
98
 
        dns_acl_detach(&dacl);
 
157
        (*setzacl)(zone, acl);
 
158
 
 
159
        /* Set the view default now */
 
160
        if (aclp != NULL)
 
161
                dns_acl_attach(acl, aclp);
 
162
 
 
163
        dns_acl_detach(&acl);
99
164
        return (ISC_R_SUCCESS);
100
165
}
101
166
 
454
519
 
455
520
        if (ztype == dns_zone_slave)
456
521
                RETERR(configure_zone_acl(zconfig, vconfig, config,
457
 
                                          "allow-notify", ac, zone,
 
522
                                          allow_notify, ac, zone,
458
523
                                          dns_zone_setnotifyacl,
459
524
                                          dns_zone_clearnotifyacl));
460
525
        /*
461
526
         * XXXAG This probably does not make sense for stubs.
462
527
         */
463
528
        RETERR(configure_zone_acl(zconfig, vconfig, config,
464
 
                                  "allow-query", ac, zone,
 
529
                                  allow_query, ac, zone,
465
530
                                  dns_zone_setqueryacl,
466
531
                                  dns_zone_clearqueryacl));
467
532
 
564
629
                dns_zone_setisself(zone, ns_client_isself, NULL);
565
630
 
566
631
                RETERR(configure_zone_acl(zconfig, vconfig, config,
567
 
                                          "allow-transfer", ac, zone,
 
632
                                          allow_transfer, ac, zone,
568
633
                                          dns_zone_setxfracl,
569
634
                                          dns_zone_clearxfracl));
570
635
 
655
720
        if (ztype == dns_zone_master) {
656
721
                dns_acl_t *updateacl;
657
722
                RETERR(configure_zone_acl(zconfig, vconfig, config,
658
 
                                          "allow-update", ac, zone,
 
723
                                          allow_update, ac, zone,
659
724
                                          dns_zone_setupdateacl,
660
725
                                          dns_zone_clearupdateacl));
661
726
 
754
819
                                   cfg_obj_asboolean(obj));
755
820
        } else if (ztype == dns_zone_slave) {
756
821
                RETERR(configure_zone_acl(zconfig, vconfig, config,
757
 
                                          "allow-update-forwarding", ac, zone,
 
822
                                          allow_update_forwarding, ac, zone,
758
823
                                          dns_zone_setforwardacl,
759
824
                                          dns_zone_clearforwardacl));
760
825
        }