lib/dns/ssu.c

	ssu.c revision 92ef1a9b9dbd48ecb507b42ac62c15afefdaf838
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews/*
279c6ec074be17dce62dd1b2c6ed7c2cc56a7b78David Lawrence * Copyright (C) 2000, 2001  Internet Software Consortium.
2e61d171bc1fa47ea4d551b87546ebcf78f61e4aMark Andrews *
281bfa2a98f1d1721538086e1b550185559f1d8bMark Andrews * Permission to use, copy, modify, and distribute this software for any
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence * purpose with or without fee is hereby granted, provided that the above
7de2c6e6d51f38daeb2d346f3f21dc01ccece6daEvan Hunt * copyright notice and this permission notice appear in all copies.
279c6ec074be17dce62dd1b2c6ed7c2cc56a7b78David Lawrence *
279c6ec074be17dce62dd1b2c6ed7c2cc56a7b78David Lawrence * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
281bfa2a98f1d1721538086e1b550185559f1d8bMark Andrews * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
281bfa2a98f1d1721538086e1b550185559f1d8bMark Andrews * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
281bfa2a98f1d1721538086e1b550185559f1d8bMark Andrews * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
281bfa2a98f1d1721538086e1b550185559f1d8bMark Andrews * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
281bfa2a98f1d1721538086e1b550185559f1d8bMark Andrews * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
281bfa2a98f1d1721538086e1b550185559f1d8bMark Andrews * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
281bfa2a98f1d1721538086e1b550185559f1d8bMark Andrews */
279c6ec074be17dce62dd1b2c6ed7c2cc56a7b78David Lawrence
279c6ec074be17dce62dd1b2c6ed7c2cc56a7b78David Lawrence/*
588f79e557cd66ef77c90378a997b0d377af9db7Tatuya JINMEI 神明達哉 * $Id: ssu.c,v 1.21 2001/06/04 19:33:11 tale Exp $
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein * Principal Author: Brian Wellington
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein */
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington
279c6ec074be17dce62dd1b2c6ed7c2cc56a7b78David Lawrence#include <config.h>
279c6ec074be17dce62dd1b2c6ed7c2cc56a7b78David Lawrence
279c6ec074be17dce62dd1b2c6ed7c2cc56a7b78David Lawrence#include <isc/magic.h>
279c6ec074be17dce62dd1b2c6ed7c2cc56a7b78David Lawrence#include <isc/mem.h>
a5d43b72413db3edd6b36a58f9bdf2cf6ff692f2Bob Halley#include <isc/string.h>     /* Required for HP/UX (and others?) */
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein#include <isc/util.h>
a30e7fc23415fd238d067a8a871607bca36068baMichael Graff
a30e7fc23415fd238d067a8a871607bca36068baMichael Graff#include <dns/name.h>
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein#include <dns/ssu.h>
8d4257cff01b3821abcb9a21f46c6c6a43bb1e72Bob Halley
8d4257cff01b3821abcb9a21f46c6c6a43bb1e72Bob Halley#define SSUTABLEMAGIC       ISC_MAGIC('S', 'S', 'U', 'T')
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein#define VALID_SSUTABLE(table)   ISC_MAGIC_VALID(table, SSUTABLEMAGIC)
8d4257cff01b3821abcb9a21f46c6c6a43bb1e72Bob Halley
8d4257cff01b3821abcb9a21f46c6c6a43bb1e72Bob Halley#define SSURULEMAGIC        ISC_MAGIC('S', 'S', 'U', 'R')
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein#define VALID_SSURULE(table)    ISC_MAGIC_VALID(table, SSURULEMAGIC)
dc97fe4ed08488d314ab5bc8e99ed839542cf411David Lawrence
dc97fe4ed08488d314ab5bc8e99ed839542cf411David Lawrencestruct dns_ssurule {
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    isc_uint32_t magic;
8d4257cff01b3821abcb9a21f46c6c6a43bb1e72Bob Halley    isc_boolean_t grant;    /* is this a grant or a deny? */
8d4257cff01b3821abcb9a21f46c6c6a43bb1e72Bob Halley    unsigned int matchtype; /* which type of pattern match? */
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    dns_name_t *identity;   /* the identity to match */
50453ad879d0d93854de5a3385776bd799e8f35cBob Halley    dns_name_t *name;   /* the name being updated */
50453ad879d0d93854de5a3385776bd799e8f35cBob Halley    unsigned int ntypes;    /* number of data types covered */
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    dns_rdatatype_t *types; /* the data types.  Can include ANY, */
7005cfed8cd3296d356883dcb414979f22e06b13Brian Wellington                /* defaults to all but SIG,SOA,NS if NULL*/
7005cfed8cd3296d356883dcb414979f22e06b13Brian Wellington    ISC_LINK(dns_ssurule_t) link;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein};
6f7660093e70d3a7c80738b681ac0f5c1b661c00Mark Andrews
6f7660093e70d3a7c80738b681ac0f5c1b661c00Mark Andrewsstruct dns_ssutable {
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    isc_uint32_t magic;
d8dcd6ad4617cc8d7df979bd62101fa9c4bac1bcBob Halley    isc_mem_t *mctx;
d8dcd6ad4617cc8d7df979bd62101fa9c4bac1bcBob Halley    unsigned int references;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    isc_mutex_t lock;
baf7c7e589f313f10b29d9119811fc4d36c2e4bcMark Andrews    ISC_LIST(dns_ssurule_t) rules;
baf7c7e589f313f10b29d9119811fc4d36c2e4bcMark Andrews};
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
a30e7fc23415fd238d067a8a871607bca36068baMichael Graffisc_result_t
a30e7fc23415fd238d067a8a871607bca36068baMichael Graffdns_ssutable_create(isc_mem_t *mctx, dns_ssutable_t **tablep) {
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    isc_result_t result;
6286983c506433d642b23e64845c50be30f2a7f6Mark Andrews    dns_ssutable_t *table;
6286983c506433d642b23e64845c50be30f2a7f6Mark Andrews
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    REQUIRE(tablep != NULL && *tablep == NULL);
8313838954d67250d0ed7edf67fba5da0790d1a7Michael Graff    REQUIRE(mctx != NULL);
8313838954d67250d0ed7edf67fba5da0790d1a7Michael Graff
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    table = isc_mem_get(mctx, sizeof(dns_ssutable_t));
8313838954d67250d0ed7edf67fba5da0790d1a7Michael Graff    if (table == NULL)
8313838954d67250d0ed7edf67fba5da0790d1a7Michael Graff        return (ISC_R_NOMEMORY);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    result = isc_mutex_init(&table->lock);
703e1c0bb66f3cd3d300358ca0c1fdf3cb5fb1c5Brian Wellington    if (result != ISC_R_SUCCESS) {
703e1c0bb66f3cd3d300358ca0c1fdf3cb5fb1c5Brian Wellington        isc_mem_put(mctx, table, sizeof(dns_ssutable_t));
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        return (result);
b15c543f7957fbb4284f0fc20b3278f2a411d272Mark Andrews    }
b15c543f7957fbb4284f0fc20b3278f2a411d272Mark Andrews    table->references = 1;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    table->mctx = mctx;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    ISC_LIST_INIT(table->rules);
0eb2572d79822d02ea05448ce4e5f1759c73d171Michael Graff    table->magic = SSUTABLEMAGIC;
0eb2572d79822d02ea05448ce4e5f1759c73d171Michael Graff    *tablep = table;
0eb2572d79822d02ea05448ce4e5f1759c73d171Michael Graff    return (ISC_R_SUCCESS);
0eb2572d79822d02ea05448ce4e5f1759c73d171Michael Graff}
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
4108eed5092156cf0407a97a9bd8ab7775164694Brian Wellingtonstatic inline void
4108eed5092156cf0407a97a9bd8ab7775164694Brian Wellingtondestroy(dns_ssutable_t *table) {
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    isc_mem_t *mctx;
3f123dcc2fe5d2cd08ca91b732741d86a4036906Brian Wellington
3f123dcc2fe5d2cd08ca91b732741d86a4036906Brian Wellington    REQUIRE(VALID_SSUTABLE(table));
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
64b92523f9333ba053f4b2860335583be455b0b3Brian Wellington    mctx = table->mctx;
64b92523f9333ba053f4b2860335583be455b0b3Brian Wellington    while (!ISC_LIST_EMPTY(table->rules)) {
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        dns_ssurule_t *rule = ISC_LIST_HEAD(table->rules);
876753d5ce1be48f3218fb4875fac501f8adfd6cDavid Lawrence        if (rule->identity != NULL) {
876753d5ce1be48f3218fb4875fac501f8adfd6cDavid Lawrence            dns_name_free(rule->identity, mctx);
876753d5ce1be48f3218fb4875fac501f8adfd6cDavid Lawrence            isc_mem_put(mctx, rule->identity, sizeof(dns_name_t));
876753d5ce1be48f3218fb4875fac501f8adfd6cDavid Lawrence        }
876753d5ce1be48f3218fb4875fac501f8adfd6cDavid Lawrence        if (rule->name != NULL) {
876753d5ce1be48f3218fb4875fac501f8adfd6cDavid Lawrence            dns_name_free(rule->name, mctx);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein            isc_mem_put(mctx, rule->name, sizeof(dns_name_t));
ed71ea51c6ecb5d7d659b6e6a20f6b3f5c2678c6David Lawrence        }
ed71ea51c6ecb5d7d659b6e6a20f6b3f5c2678c6David Lawrence        if (rule->types != NULL)
ed71ea51c6ecb5d7d659b6e6a20f6b3f5c2678c6David Lawrence            isc_mem_put(mctx, rule->types,
ed71ea51c6ecb5d7d659b6e6a20f6b3f5c2678c6David Lawrence                    rule->ntypes * sizeof(dns_rdatatype_t));
ed71ea51c6ecb5d7d659b6e6a20f6b3f5c2678c6David Lawrence        ISC_LIST_UNLINK(table->rules, rule, link);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein        rule->magic = 0;
49a2cf8f211213712d452287ae8e121cf59e3178David Lawrence        isc_mem_put(mctx, rule, sizeof(dns_ssurule_t));
49a2cf8f211213712d452287ae8e121cf59e3178David Lawrence    }
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    DESTROYLOCK(&table->lock);
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    table->magic = 0;
49a2cf8f211213712d452287ae8e121cf59e3178David Lawrence    isc_mem_put(mctx, table, sizeof(dns_ssutable_t));
49a2cf8f211213712d452287ae8e121cf59e3178David Lawrence}
49a2cf8f211213712d452287ae8e121cf59e3178David Lawrence
2e61d171bc1fa47ea4d551b87546ebcf78f61e4aMark Andrewsvoid
49a2cf8f211213712d452287ae8e121cf59e3178David Lawrencedns_ssutable_attach(dns_ssutable_t *source, dns_ssutable_t **targetp) {
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    REQUIRE(VALID_SSUTABLE(source));
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    REQUIRE(targetp != NULL && *targetp == NULL);
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    LOCK(&source->lock);
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    INSIST(source->references > 0);
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    source->references++;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    INSIST(source->references != 0);
49a2cf8f211213712d452287ae8e121cf59e3178David Lawrence
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    UNLOCK(&source->lock);
529ff4b4959fb157194f985394951108ff5286e4Brian Wellington
a14613fce99dee3cad5bf842fd6be78f8e463582Brian Wellington    *targetp = source;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein}
489b76292622f5bc18bf1a18845f8166a73bd797Brian Wellington
489b76292622f5bc18bf1a18845f8166a73bd797Brian Wellingtonvoid
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austeindns_ssutable_detach(dns_ssutable_t **tablep) {
bff8ac12a8c099257bdbf7d0c55d2d5b77591926Mark Andrews    dns_ssutable_t *table;
bff8ac12a8c099257bdbf7d0c55d2d5b77591926Mark Andrews    isc_boolean_t done = ISC_FALSE;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein
fd837244be31850a764863688bce11df9ce972f4Andreas Gustafsson    REQUIRE(tablep != NULL);
fd837244be31850a764863688bce11df9ce972f4Andreas Gustafsson    table = *tablep;
60e5e10f8d2e2b0c41e8abad38cacd867caa6ab2Rob Austein    REQUIRE(VALID_SSUTABLE(table));
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    LOCK(&table->lock);
cffc2e06f906dd048af4cc27d487deb157f5a082Mark Andrews
cffc2e06f906dd048af4cc27d487deb157f5a082Mark Andrews    INSIST(table->references > 0);
cffc2e06f906dd048af4cc27d487deb157f5a082Mark Andrews    if (--table->references == 0)
43fe2897fc80bbec2115310ca79d432a252f3ea4Mark Andrews        done = ISC_TRUE;
43fe2897fc80bbec2115310ca79d432a252f3ea4Mark Andrews    UNLOCK(&table->lock);
43fe2897fc80bbec2115310ca79d432a252f3ea4Mark Andrews
70e854766f5304f43e94212dc38ebaefe214148cMark Andrews    *tablep = NULL;
70e854766f5304f43e94212dc38ebaefe214148cMark Andrews
70e854766f5304f43e94212dc38ebaefe214148cMark Andrews    if (done)
43501e6570e9081d459fb5c1a81b73c2c53c5df0Mark Andrews        destroy(table);
43501e6570e9081d459fb5c1a81b73c2c53c5df0Mark Andrews}
43501e6570e9081d459fb5c1a81b73c2c53c5df0Mark Andrews
43501e6570e9081d459fb5c1a81b73c2c53c5df0Mark Andrewsisc_result_t
2b66a51a7d72e9cc07917fb583ad528b0539d2a3Mark Andrewsdns_ssutable_addrule(dns_ssutable_t *table, isc_boolean_t grant,
2b66a51a7d72e9cc07917fb583ad528b0539d2a3Mark Andrews             dns_name_t *identity, unsigned int matchtype,
2b66a51a7d72e9cc07917fb583ad528b0539d2a3Mark Andrews             dns_name_t *name, unsigned int ntypes,
8b56b8956fc1e6c70efacb4f71db28d0d1f0c577Mark Andrews             dns_rdatatype_t *types)
8b56b8956fc1e6c70efacb4f71db28d0d1f0c577Mark Andrews{
8b56b8956fc1e6c70efacb4f71db28d0d1f0c577Mark Andrews    dns_ssurule_t *rule;
4e9775118dbf128dd296f01638733ba221f76c34Mark Andrews    isc_mem_t *mctx;
4e9775118dbf128dd296f01638733ba221f76c34Mark Andrews    isc_result_t result;
4e9775118dbf128dd296f01638733ba221f76c34Mark Andrews
9935447b51456f598b45246d0114b8006049244dMark Andrews    REQUIRE(VALID_SSUTABLE(table));
9935447b51456f598b45246d0114b8006049244dMark Andrews    REQUIRE(dns_name_isabsolute(identity));
9935447b51456f598b45246d0114b8006049244dMark Andrews    REQUIRE(dns_name_isabsolute(name));
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    REQUIRE(matchtype <= DNS_SSUMATCHTYPE_SELF);
64b92523f9333ba053f4b2860335583be455b0b3Brian Wellington    if (matchtype == DNS_SSUMATCHTYPE_WILDCARD)
64b92523f9333ba053f4b2860335583be455b0b3Brian Wellington        REQUIRE(dns_name_iswildcard(name));
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    if (ntypes > 0)
a5d43b72413db3edd6b36a58f9bdf2cf6ff692f2Bob Halley        REQUIRE(types != NULL);
a5d43b72413db3edd6b36a58f9bdf2cf6ff692f2Bob Halley
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews    mctx = table->mctx;
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews    rule = isc_mem_get(mctx, sizeof(dns_ssurule_t));
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews    if (rule == NULL)
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews        return (ISC_R_NOMEMORY);
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews    rule->identity = NULL;
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    rule->name = NULL;
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    rule->types = NULL;
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    rule->grant = grant;
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    rule->identity = isc_mem_get(mctx, sizeof(dns_name_t));
0415ca35ada2cac6a86127eaca64f3a997aea121Evan Hunt    if (rule->identity == NULL) {
0415ca35ada2cac6a86127eaca64f3a997aea121Evan Hunt        result = ISC_R_NOMEMORY;
0415ca35ada2cac6a86127eaca64f3a997aea121Evan Hunt        goto failure;
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    }
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    dns_name_init(rule->identity, NULL);
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    result = dns_name_dup(identity, mctx, rule->identity);
d5518bf5bc1830f89f411288f39c5c9e6eb7511cMark Andrews    if (result != ISC_R_SUCCESS)
d5518bf5bc1830f89f411288f39c5c9e6eb7511cMark Andrews        goto failure;
d5518bf5bc1830f89f411288f39c5c9e6eb7511cMark Andrews
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    rule->name = isc_mem_get(mctx, sizeof(dns_name_t));
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    if (rule->name == NULL) {
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews        result = ISC_R_NOMEMORY;
23ac30603a7639bea1d331537634b079b046b122Mark Andrews        goto failure;
23ac30603a7639bea1d331537634b079b046b122Mark Andrews    }
23ac30603a7639bea1d331537634b079b046b122Mark Andrews    dns_name_init(rule->name, NULL);
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    result = dns_name_dup(name, mctx, rule->name);
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    if (result != ISC_R_SUCCESS)
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews        goto failure;
c870001ae1bff0e38f622c4ed56872c7f1d2d336Mark Andrews
c870001ae1bff0e38f622c4ed56872c7f1d2d336Mark Andrews    rule->matchtype = matchtype;
c870001ae1bff0e38f622c4ed56872c7f1d2d336Mark Andrews
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews    rule->ntypes = ntypes;
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews    if (ntypes > 0) {
186e7f37c9fc985a7a7264cc8170e48a25bed434Mark Andrews        rule->types = isc_mem_get(mctx,
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews                      ntypes * sizeof(dns_rdatatype_t));
5c00d1c90030a311d2700970fa7cffc8f828a48cBob Halley        if (rule->types == NULL) {
5c00d1c90030a311d2700970fa7cffc8f828a48cBob Halley            result = ISC_R_NOMEMORY;
cae2cb086244dfb883739edbe79e34756079f70eMark Andrews            goto failure;
cae2cb086244dfb883739edbe79e34756079f70eMark Andrews        }
cae2cb086244dfb883739edbe79e34756079f70eMark Andrews        memcpy(rule->types, types, ntypes * sizeof(dns_rdatatype_t));
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    }
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    else
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews        rule->types = NULL;
9935447b51456f598b45246d0114b8006049244dMark Andrews
9935447b51456f598b45246d0114b8006049244dMark Andrews    rule->magic = SSURULEMAGIC;
9935447b51456f598b45246d0114b8006049244dMark Andrews    ISC_LIST_INITANDAPPEND(table->rules, rule, link);
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews
fd837244be31850a764863688bce11df9ce972f4Andreas Gustafsson    return (ISC_R_SUCCESS);
fd837244be31850a764863688bce11df9ce972f4Andreas Gustafsson
31b7a2fed64e388db772a74742a4adc95d1a21e6Mark Andrews failure:
31b7a2fed64e388db772a74742a4adc95d1a21e6Mark Andrews    if (rule->identity != NULL) {
31b7a2fed64e388db772a74742a4adc95d1a21e6Mark Andrews        if (dns_name_dynamic(rule->identity))
38cd4d14cc341c2663e574035074788bb6f0fce2Evan Hunt            dns_name_free(rule->identity, mctx);
38cd4d14cc341c2663e574035074788bb6f0fce2Evan Hunt        isc_mem_put(mctx, rule->identity, sizeof(dns_name_t));
38cd4d14cc341c2663e574035074788bb6f0fce2Evan Hunt    }
38cd4d14cc341c2663e574035074788bb6f0fce2Evan Hunt    if (rule->name != NULL) {
38cd4d14cc341c2663e574035074788bb6f0fce2Evan Hunt        if (dns_name_dynamic(rule->name))
38cd4d14cc341c2663e574035074788bb6f0fce2Evan Hunt            dns_name_free(rule->name, mctx);
cae2cb086244dfb883739edbe79e34756079f70eMark Andrews        isc_mem_put(mctx, rule->name, sizeof(dns_name_t));
cae2cb086244dfb883739edbe79e34756079f70eMark Andrews    }
cae2cb086244dfb883739edbe79e34756079f70eMark Andrews    if (rule->types != NULL)
38cd4d14cc341c2663e574035074788bb6f0fce2Evan Hunt        isc_mem_put(mctx, rule->types,
38cd4d14cc341c2663e574035074788bb6f0fce2Evan Hunt                ntypes * sizeof(dns_rdatatype_t));
38cd4d14cc341c2663e574035074788bb6f0fce2Evan Hunt    isc_mem_put(mctx, rule, sizeof(dns_ssurule_t));
38cd4d14cc341c2663e574035074788bb6f0fce2Evan Hunt
38cd4d14cc341c2663e574035074788bb6f0fce2Evan Hunt    return (result);
38cd4d14cc341c2663e574035074788bb6f0fce2Evan Hunt}
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrewsstatic inline isc_boolean_t
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrewsisusertype(dns_rdatatype_t type) {
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    return (ISC_TF(type != dns_rdatatype_ns &&
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews               type != dns_rdatatype_soa &&
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews               type != dns_rdatatype_sig));
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews}
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrewsisc_boolean_t
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrewsdns_ssutable_checkrules(dns_ssutable_t *table, dns_name_t *signer,
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews            dns_name_t *name, dns_rdatatype_t type)
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews{
dc2a0aa7aaa8b85398ae183c7274c0eeec5009afMark Andrews    dns_ssurule_t *rule;
dc2a0aa7aaa8b85398ae183c7274c0eeec5009afMark Andrews    unsigned int i;
dc2a0aa7aaa8b85398ae183c7274c0eeec5009afMark Andrews
101a7960b7989a18d873f3302b3b2415aeafb108Mark Andrews    REQUIRE(VALID_SSUTABLE(table));
101a7960b7989a18d873f3302b3b2415aeafb108Mark Andrews    REQUIRE(signer == NULL || dns_name_isabsolute(signer));
101a7960b7989a18d873f3302b3b2415aeafb108Mark Andrews    REQUIRE(dns_name_isabsolute(name));
146484aced3e6c1b9cc88db5e75b8cbfd166f701Mark Andrews
146484aced3e6c1b9cc88db5e75b8cbfd166f701Mark Andrews    if (signer == NULL)
146484aced3e6c1b9cc88db5e75b8cbfd166f701Mark Andrews        return (ISC_FALSE);
2b50e0d877db0d668f363d50914232f82ad8c454Mark Andrews    rule = ISC_LIST_HEAD(table->rules);
2b50e0d877db0d668f363d50914232f82ad8c454Mark Andrews        rule = ISC_LIST_NEXT(rule, link);
2b50e0d877db0d668f363d50914232f82ad8c454Mark Andrews    for (rule = ISC_LIST_HEAD(table->rules);
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews         rule != NULL;
f8727bd90366af835f551da1b5e1fdfcd2d3d01fBrian Wellington         rule = ISC_LIST_NEXT(rule, link))
f8727bd90366af835f551da1b5e1fdfcd2d3d01fBrian Wellington    {
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews        if (dns_name_iswildcard(rule->identity)) {
f8727bd90366af835f551da1b5e1fdfcd2d3d01fBrian Wellington            if (!dns_name_matcheswildcard(signer, rule->identity))
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley                continue;
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews        }
203596d27c225ea195e4faad4f19388c6e96ac80Bob Halley        else {
203596d27c225ea195e4faad4f19388c6e96ac80Bob Halley            if (!dns_name_equal(signer, rule->identity))
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews                continue;
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews        }
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews        if (rule->matchtype == DNS_SSUMATCHTYPE_NAME) {
fd837244be31850a764863688bce11df9ce972f4Andreas Gustafsson            if (!dns_name_equal(name, rule->name))
fd837244be31850a764863688bce11df9ce972f4Andreas Gustafsson                continue;
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews        }
a5d43b72413db3edd6b36a58f9bdf2cf6ff692f2Bob Halley        else if (rule->matchtype == DNS_SSUMATCHTYPE_SUBDOMAIN) {
a5d43b72413db3edd6b36a58f9bdf2cf6ff692f2Bob Halley            if (!dns_name_issubdomain(name, rule->name))
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews                continue;
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews        }
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews        else if (rule->matchtype == DNS_SSUMATCHTYPE_WILDCARD) {
4423c99613db1399dbb5c51e86ef0d351a1418c2Mark Andrews            if (!dns_name_matcheswildcard(name, rule->name))
4423c99613db1399dbb5c51e86ef0d351a1418c2Mark Andrews                continue;
4423c99613db1399dbb5c51e86ef0d351a1418c2Mark Andrews
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews        }
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews        else if (rule->matchtype == DNS_SSUMATCHTYPE_SELF) {
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews            if (!dns_name_equal(signer, name))
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews                continue;
a5d43b72413db3edd6b36a58f9bdf2cf6ff692f2Bob Halley        }
15bfd48fc5552ff1aae766021f42a250c001a098Michael Graff
e7fb847ed570dd8c1bcdacabb3d69bd81feb79aeMark Andrews        if (rule->ntypes == 0) {
e7fb847ed570dd8c1bcdacabb3d69bd81feb79aeMark Andrews            if (!isusertype(type))
e7fb847ed570dd8c1bcdacabb3d69bd81feb79aeMark Andrews                continue;
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉        }
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉        else {
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉            for (i = 0; i < rule->ntypes; i++) {
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉                if (rule->types[i] == dns_rdatatype_any ||
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉                    rule->types[i] == type)
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉                    break;
588f79e557cd66ef77c90378a997b0d377af9db7Tatuya JINMEI 神明達哉            }
588f79e557cd66ef77c90378a997b0d377af9db7Tatuya JINMEI 神明達哉            if (i == rule->ntypes)
588f79e557cd66ef77c90378a997b0d377af9db7Tatuya JINMEI 神明達哉                continue;
4423c99613db1399dbb5c51e86ef0d351a1418c2Mark Andrews        }
4423c99613db1399dbb5c51e86ef0d351a1418c2Mark Andrews        return (rule->grant);
4423c99613db1399dbb5c51e86ef0d351a1418c2Mark Andrews    }
4423c99613db1399dbb5c51e86ef0d351a1418c2Mark Andrews
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    return (ISC_FALSE);
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews}
882350d11c90de9de6fc1cead25690c8114b0b95Michael Graff
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrewsisc_boolean_t
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrewsdns_ssurule_isgrant(const dns_ssurule_t *rule) {
15bfd48fc5552ff1aae766021f42a250c001a098Michael Graff    REQUIRE(VALID_SSURULE(rule));
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    return (rule->grant);
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews}
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrewsdns_name_t *
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrewsdns_ssurule_identity(const dns_ssurule_t *rule) {
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    REQUIRE(VALID_SSURULE(rule));
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    return (rule->identity);
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews}
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews
577ca1471960830304d1d2b9bd543fa469af51c1Mark Andrewsunsigned int
577ca1471960830304d1d2b9bd543fa469af51c1Mark Andrewsdns_ssurule_matchtype(const dns_ssurule_t *rule) {
577ca1471960830304d1d2b9bd543fa469af51c1Mark Andrews    REQUIRE(VALID_SSURULE(rule));
577ca1471960830304d1d2b9bd543fa469af51c1Mark Andrews    return (rule->matchtype);
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews}
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrewsdns_name_t *
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrewsdns_ssurule_name(const dns_ssurule_t *rule) {
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    REQUIRE(VALID_SSURULE(rule));
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    return (rule->name);
577ca1471960830304d1d2b9bd543fa469af51c1Mark Andrews}
577ca1471960830304d1d2b9bd543fa469af51c1Mark Andrews
577ca1471960830304d1d2b9bd543fa469af51c1Mark Andrewsunsigned int
577ca1471960830304d1d2b9bd543fa469af51c1Mark Andrewsdns_ssurule_types(const dns_ssurule_t *rule, dns_rdatatype_t **types) {
cae2cb086244dfb883739edbe79e34756079f70eMark Andrews    REQUIRE(VALID_SSURULE(rule));
cae2cb086244dfb883739edbe79e34756079f70eMark Andrews    REQUIRE(types != NULL && *types != NULL);
cae2cb086244dfb883739edbe79e34756079f70eMark Andrews    *types = rule->types;
f4ea363e3acc321b24ffe95a64a583e8041d6fd5Mark Andrews    return (rule->ntypes);
f4ea363e3acc321b24ffe95a64a583e8041d6fd5Mark Andrews}
f4ea363e3acc321b24ffe95a64a583e8041d6fd5Mark Andrews
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrewsisc_result_t
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrewsdns_ssutable_firstrule(const dns_ssutable_t *table, dns_ssurule_t **rule) {
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    REQUIRE(VALID_SSUTABLE(table));
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    REQUIRE(rule != NULL && *rule == NULL);
281bfa2a98f1d1721538086e1b550185559f1d8bMark Andrews    *rule = ISC_LIST_HEAD(table->rules);
281bfa2a98f1d1721538086e1b550185559f1d8bMark Andrews    return (*rule != NULL ? ISC_R_SUCCESS : ISC_R_NOMORE);
281bfa2a98f1d1721538086e1b550185559f1d8bMark Andrews}
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews
281bfa2a98f1d1721538086e1b550185559f1d8bMark Andrewsisc_result_t
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrewsdns_ssutable_nextrule(dns_ssurule_t *rule, dns_ssurule_t **nextrule) {
7de2c6e6d51f38daeb2d346f3f21dc01ccece6daEvan Hunt    REQUIRE(VALID_SSURULE(rule));
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    REQUIRE(nextrule != NULL && *nextrule == NULL);
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    *nextrule = ISC_LIST_NEXT(rule, link);
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews    return (*nextrule != NULL ? ISC_R_SUCCESS : ISC_R_NOMORE);
f54d0c9c6e65de367d4ef08f51d22a2fb4c56208Mark Andrews}
6e9efadbea9febb0494e713e54dfea6f7ef70383Mark Andrews