~ubuntu-branches/ubuntu/maverick/bind9/maverick

Committer: Bazaar Package Importer
Author(s): Ben Hutchings
Date: 2009-01-02 16:51:42 UTC
mfrom: (8.1.1 sid)
Revision ID: james.westby@ubuntu.com-20090102165142-bh9b429julpd8bz8

Tags: 1:9.5.0.dfsg.P2-5.1

http://bugs.debian.org/496954

http://bugs.debian.org/501800

http://bugs.debian.org/486196

* Non-maintainer upload.
* Apply upstream ACL fixes from 9.5.1 to fix RC bug. Patch was provided
  by Evan Hunt (upstream bind9 developer) after Emmanuel Bouthenot
  contacted him. Closes: #496954, #501800.
* Remove obsolete dh_installmanpages invocation which was adding
  unwanted manual pages to bind9. Closes: #486196.

files added:
debian/po/pl.po

files modified:
configure

configure.in

debian/apparmor-profile

debian/changelog

debian/control

debian/rules

lib/dns/acl.c

lib/dns/iptable.c

lib/isc/include/isc/radix.h

lib/isc/radix.c

lib/isccfg/aclconf.c

Show diffs side-by-side

added added

removed removed

lib/isccfg/aclconf.c

160

return (dns_name_dup(dns_fixedname_name(&fixname), mctx, dnsname));

161

}

162

163

164

* Recursively pre-parse an ACL definition to find the total number

165

* of non-IP-prefix elements (localhost, localnets, key) in all nested

166

* ACLs, so that the parent will have enough space allocated for the

167

* elements table after all the nested ACLs have been merged in to the

168

* parent.

169

170

static int

171

count_acl_elements(const cfg_obj_t *caml, const cfg_obj_t *cctx)

172

{

173

const cfg_listelt_t *elt;

174

const cfg_obj_t *cacl = NULL;

175

isc_result_t result;

176

int n = 0;

177

178

for (elt = cfg_list_first(caml);

179

elt != NULL;

180

elt = cfg_list_next(elt)) {

181

const cfg_obj_t *ce = cfg_listelt_value(elt);

182

183

/* negated element; just get the value. */

184

if (cfg_obj_istuple(ce))

185

ce = cfg_tuple_get(ce, "value");

186

187

if (cfg_obj_istype(ce, &cfg_type_keyref)) {

188

n++;

189

} else if (cfg_obj_islist(ce)) {

190

n += count_acl_elements(ce, cctx);

191

} else if (cfg_obj_isstring(ce)) {

192

const char *name = cfg_obj_asstring(ce);

193

if (strcasecmp(name, "localhost") == 0 ||

194

strcasecmp(name, "localnets") == 0) {

195

n++;

196

} else if (strcasecmp(name, "any") != 0 &&

197

strcasecmp(name, "none") != 0) {

198

result = get_acl_def(cctx, name, &cacl);

199

if (result == ISC_R_SUCCESS)

200

n += count_acl_elements(cacl, cctx) + 1;

201

}

202

}

203

}

204

205

return n;

206

}

207

163

208

isc_result_t

164

209

cfg_acl_fromconfig(const cfg_obj_t *caml,

165

210

const cfg_obj_t *cctx,

194

239

} else {

195

240

196

241

* Need to allocate a new ACL structure. Count the items

197

* in the ACL definition and allocate space for that many

198

* elements (even though some or all of them may end up in

199

* the iptable instead of the element array).

242

* in the ACL definition that will require space in the

243

* elemnts table. (Note that if nest_level is nonzero,

244

* *everything* goes in the elements table.)

200

245

201

isc_boolean_t recurse = ISC_TF(nest_level == 0);

202

result = dns_acl_create(mctx,

203

cfg_list_length(caml, recurse),

204

&dacl);

246

int nelem;

247

248

if (nest_level == 0)

249

nelem = count_acl_elements(caml, cctx);

250

else

251

nelem = cfg_list_length(caml, ISC_FALSE);

252

253

result = dns_acl_create(mctx, nelem, &dacl);

205

254

if (result != ISC_R_SUCCESS)

206

255

return (result);

207

256

}

Older »