Cross Reference: /bind-9.11.3/lib/dns/acl.c

Lines Matching defs:acl
18 #include <dns/acl.h>
30 	dns_acl_t *acl;
38 	acl = isc_mem_get(mctx, sizeof(*acl));
39 	if (acl == NULL)
42 	acl->mctx = NULL;
43 	isc_mem_attach(mctx, &acl->mctx);
45 	acl->name = NULL;
47 	result = isc_refcount_init(&acl->refcount, 1);
49 		isc_mem_put(mctx, acl, sizeof(*acl));
53 	result = dns_iptable_create(mctx, &acl->iptable);
55 		isc_mem_put(mctx, acl, sizeof(*acl));
59 	acl->elements = NULL;
60 	acl->alloc = 0;
61 	acl->length = 0;
62 	acl->has_negatives = ISC_FALSE;
64 	ISC_LINK_INIT(acl, nextincache);
68 	acl->magic = DNS_ACL_MAGIC;
70 	acl->elements = isc_mem_get(mctx, n * sizeof(dns_aclelement_t));
71 	if (acl->elements == NULL) {
75 	acl->alloc = n;
76 	memset(acl->elements, 0, n * sizeof(dns_aclelement_t));
77 	*target = acl;
81 	dns_acl_detach(&acl);
94 	dns_acl_t *acl = NULL;
96 	result = dns_acl_create(mctx, 0, &acl);
100 	result = dns_iptable_addprefix(acl->iptable, NULL, 0, ISC_TF(!neg));
102 		dns_acl_detach(&acl);
106 	*target = acl;
127  * If pos is ISC_TRUE, test whether acl is set to "{ any; }"
128  * If pos is ISC_FALSE, test whether acl is set to "{ none; }"
131 dns_acl_isanyornone(dns_acl_t *acl, isc_boolean_t pos)
134 	if (acl == NULL ||
135 	    acl->iptable == NULL ||
136 	    acl->iptable->radix == NULL ||
137 	    acl->iptable->radix->head == NULL ||
138 	    acl->iptable->radix->head->prefix == NULL)
141 	if (acl->length != 0 || acl->node_count != 1)
144 	if (acl->iptable->radix->head->prefix->bitlen == 0 &&
145 	    acl->iptable->radix->head->data[0] != NULL &&
146 	    acl->iptable->radix->head->data[0] ==
147 		    acl->iptable->radix->head->data[1] &&
148 	    *(isc_boolean_t *) (acl->iptable->radix->head->data[0]) == pos)
155  * Test whether acl is set to "{ any; }"
158 dns_acl_isany(dns_acl_t *acl)
160 	return (dns_acl_isanyornone(acl, ISC_TRUE));
164  * Test whether acl is set to "{ none; }"
167 dns_acl_isnone(dns_acl_t *acl)
169 	return (dns_acl_isanyornone(acl, ISC_FALSE));
181 	      const dns_acl_t *acl,
186 	return (dns_acl_match2(reqaddr, reqsigner, NULL, 0, NULL, acl, env,
196 	       const dns_acl_t *acl,
230 	result = isc_radix_search(acl->iptable->radix, &node, &pfx);
262 		result = isc_radix_search(acl->iptable->radix, &node, &pfx);
282 	for (i = 0; i < acl->length; i++) {
283 		dns_aclelement_t *e = &acl->elements[i];
368 		/* Duplicate nested acl. */
392 		/* reverse sense of positives if this is a negative acl */
555 	dns_acl_t *acl = *aclp;
558 	REQUIRE(DNS_ACL_VALID(acl));
560 	isc_refcount_decrement(&acl->refcount, &refs);
562 		destroy(acl);
615  * Return ISC_TRUE iff the acl 'a' is considered insecure, that is,