45
45
#include <named/server.h>
46
46
#include <named/zoneconf.h>
48
/* ACLs associated with zone */
54
allow_update_forwarding
49
58
* These are BIND9 server defaults, not necessarily identical to the
50
59
* library defaults defined in zone.c.
61
70
static isc_result_t
62
71
configure_zone_acl(const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,
63
const cfg_obj_t *config, const char *aclname,
72
const cfg_obj_t *config, acl_type_t acltype,
64
73
cfg_aclconfctx_t *actx, dns_zone_t *zone,
65
74
void (*setzacl)(dns_zone_t *, dns_acl_t *),
66
75
void (*clearzacl)(dns_zone_t *))
68
77
isc_result_t result;
69
const cfg_obj_t *maps[5];
78
const cfg_obj_t *maps[5] = {NULL, NULL, NULL, NULL, NULL};
70
79
const cfg_obj_t *aclobj = NULL;
72
dns_acl_t *dacl = NULL;
75
maps[i++] = cfg_tuple_get(zconfig, "options");
81
dns_acl_t **aclp = NULL, *acl = NULL;
85
view = dns_zone_getview(zone);
90
aclp = &view->notifyacl;
91
aclname = "allow-notify";
95
aclp = &view->queryacl;
96
aclname = "allow-query";
100
aclp = &view->transferacl;
101
aclname = "allow-transfer";
105
aclp = &view->updateacl;
106
aclname = "allow-update";
108
case allow_update_forwarding:
110
aclp = &view->upfwdacl;
111
aclname = "allow-update-forwarding";
115
return (ISC_R_FAILURE);
118
/* First check to see if ACL is defined within the zone */
119
if (zconfig != NULL) {
120
maps[0] = cfg_tuple_get(zconfig, "options");
121
ns_config_get(maps, aclname, &aclobj);
122
if (aclobj != NULL) {
128
/* Failing that, see if there's a default ACL already in the view */
129
if (aclp != NULL && *aclp != NULL) {
130
(*setzacl)(zone, *aclp);
131
return (ISC_R_SUCCESS);
134
/* Check for default ACLs that haven't been parsed yet */
76
135
if (vconfig != NULL)
77
136
maps[i++] = cfg_tuple_get(vconfig, "options");
78
137
if (config != NULL) {
90
149
return (ISC_R_SUCCESS);
93
153
result = cfg_acl_fromconfig(aclobj, config, ns_g_lctx, actx,
94
dns_zone_getmctx(zone), 0, &dacl);
154
dns_zone_getmctx(zone), 0, &acl);
95
155
if (result != ISC_R_SUCCESS)
97
(*setzacl)(zone, dacl);
98
dns_acl_detach(&dacl);
157
(*setzacl)(zone, acl);
159
/* Set the view default now */
161
dns_acl_attach(acl, aclp);
163
dns_acl_detach(&acl);
99
164
return (ISC_R_SUCCESS);
455
520
if (ztype == dns_zone_slave)
456
521
RETERR(configure_zone_acl(zconfig, vconfig, config,
457
"allow-notify", ac, zone,
522
allow_notify, ac, zone,
458
523
dns_zone_setnotifyacl,
459
524
dns_zone_clearnotifyacl));
461
526
* XXXAG This probably does not make sense for stubs.
463
528
RETERR(configure_zone_acl(zconfig, vconfig, config,
464
"allow-query", ac, zone,
529
allow_query, ac, zone,
465
530
dns_zone_setqueryacl,
466
531
dns_zone_clearqueryacl));
564
629
dns_zone_setisself(zone, ns_client_isself, NULL);
566
631
RETERR(configure_zone_acl(zconfig, vconfig, config,
567
"allow-transfer", ac, zone,
632
allow_transfer, ac, zone,
568
633
dns_zone_setxfracl,
569
634
dns_zone_clearxfracl));
655
720
if (ztype == dns_zone_master) {
656
721
dns_acl_t *updateacl;
657
722
RETERR(configure_zone_acl(zconfig, vconfig, config,
658
"allow-update", ac, zone,
723
allow_update, ac, zone,
659
724
dns_zone_setupdateacl,
660
725
dns_zone_clearupdateacl));
754
819
cfg_obj_asboolean(obj));
755
820
} else if (ztype == dns_zone_slave) {
756
821
RETERR(configure_zone_acl(zconfig, vconfig, config,
757
"allow-update-forwarding", ac, zone,
822
allow_update_forwarding, ac, zone,
758
823
dns_zone_setforwardacl,
759
824
dns_zone_clearforwardacl));