160
160
return (dns_name_dup(dns_fixedname_name(&fixname), mctx, dnsname));
164
* Recursively pre-parse an ACL definition to find the total number
165
* of non-IP-prefix elements (localhost, localnets, key) in all nested
166
* ACLs, so that the parent will have enough space allocated for the
167
* elements table after all the nested ACLs have been merged in to the
171
count_acl_elements(const cfg_obj_t *caml, const cfg_obj_t *cctx)
173
const cfg_listelt_t *elt;
174
const cfg_obj_t *cacl = NULL;
178
for (elt = cfg_list_first(caml);
180
elt = cfg_list_next(elt)) {
181
const cfg_obj_t *ce = cfg_listelt_value(elt);
183
/* negated element; just get the value. */
184
if (cfg_obj_istuple(ce))
185
ce = cfg_tuple_get(ce, "value");
187
if (cfg_obj_istype(ce, &cfg_type_keyref)) {
189
} else if (cfg_obj_islist(ce)) {
190
n += count_acl_elements(ce, cctx);
191
} else if (cfg_obj_isstring(ce)) {
192
const char *name = cfg_obj_asstring(ce);
193
if (strcasecmp(name, "localhost") == 0 ||
194
strcasecmp(name, "localnets") == 0) {
196
} else if (strcasecmp(name, "any") != 0 &&
197
strcasecmp(name, "none") != 0) {
198
result = get_acl_def(cctx, name, &cacl);
199
if (result == ISC_R_SUCCESS)
200
n += count_acl_elements(cacl, cctx) + 1;
164
209
cfg_acl_fromconfig(const cfg_obj_t *caml,
165
210
const cfg_obj_t *cctx,
196
241
* Need to allocate a new ACL structure. Count the items
197
* in the ACL definition and allocate space for that many
198
* elements (even though some or all of them may end up in
199
* the iptable instead of the element array).
242
* in the ACL definition that will require space in the
243
* elemnts table. (Note that if nest_level is nonzero,
244
* *everything* goes in the elements table.)
201
isc_boolean_t recurse = ISC_TF(nest_level == 0);
202
result = dns_acl_create(mctx,
203
cfg_list_length(caml, recurse),
249
nelem = count_acl_elements(caml, cctx);
251
nelem = cfg_list_length(caml, ISC_FALSE);
253
result = dns_acl_create(mctx, nelem, &dacl);
205
254
if (result != ISC_R_SUCCESS)