acl.c revision 9c3531d72aeaad6c5f01efe6a1c82023e1379e4d
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * Copyright (C) 1999, 2000 Internet Software Consortium.
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * Permission to use, copy, modify, and distribute this software for any
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * purpose with or without fee is hereby granted, provided that the above
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * copyright notice and this permission notice appear in all copies.
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
70e5a7403f0e0a3bd292b8287c5fed5772c15270Automatic Updater * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer/* $Id: acl.c,v 1.11 2000/06/22 21:54:16 tale Exp $ */
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayerdns_acl_create(isc_mem_t *mctx, int n, dns_acl_t **target) {
6fedbb60b2adf453249eff484b5a6cab22be5a09Danny Mayer * Work around silly limitation of isc_mem_get().
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer * Must set magic early because we use dns_acl_detach() to clean up.
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer acl->elements = isc_mem_get(mctx, n * sizeof(dns_aclelement_t));
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer memset(acl->elements, 0, n * sizeof(dns_aclelement_t));
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayerdns_acl_appendelement(dns_acl_t *acl, dns_aclelement_t *elt) {
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer * Resize the ACL.
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer unsigned int newalloc;
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer * Append the new element.
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayerdns_acl_anyornone(isc_mem_t *mctx, isc_boolean_t neg, dns_acl_t **target) {
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayerdns_acl_any(isc_mem_t *mctx, dns_acl_t **target) {
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer return (dns_acl_anyornone(mctx, ISC_FALSE, target));
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayerdns_acl_none(isc_mem_t *mctx, dns_acl_t **target) {
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer return (dns_acl_anyornone(mctx, ISC_TRUE, target));
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer unsigned int i;
6fedbb60b2adf453249eff484b5a6cab22be5a09Danny Mayer switch (e->type) {
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer * Treat negative matches in indirect ACLs as
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer * "no match".
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer * That way, a negated indirect ACL will never become
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer * a surprise positive match through double negation.
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer * XXXDCL this should be documented.
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer * A negative indirect match may have set *matchelt,
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer * but we don't want it set when we return.
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer /* No match. */
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayerdns_acl_attach(dns_acl_t *source, dns_acl_t **target) {
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer unsigned int i;
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayerdns_aclelement_equal(dns_aclelement_t *ea, dns_aclelement_t *eb) {
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer return (isc_netaddr_equal(&ea->u.ip_prefix.address,
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer return (dns_name_equal(&ea->u.keyname, &eb->u.keyname));
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer return (dns_acl_equal(ea->u.nestedacl, eb->u.nestedacl));
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer unsigned int i;
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer for (i = 0; i < a->length; i++) {
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayerdns_aclenv_init(isc_mem_t *mctx, dns_aclenv_t *env) {
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer result = dns_acl_create(mctx, 0, &env->localhost);
6f2e507e7e27509af16f5b48cac577fe09b66147Danny Mayer result = dns_acl_create(mctx, 0, &env->localnets);