CVS commit: src/external/mpl/bind

Mon, 09 Sep 2019 07:41:13 -0700 

Module Name:    src
Committed By:   christos
Date:           Mon Sep  9 14:40:40 UTC 2019

Modified Files:
        src/external/mpl/bind: Makefile.inc
        src/external/mpl/bind/bin/named: Makefile
        src/external/mpl/bind/dist/bin/named: main.c
        src/external/mpl/bind/dist/lib/ns: Makefile.in query.c update.c
            xfrout.c
        src/external/mpl/bind/lib/libns: Makefile
Added Files:
        src/external/mpl/bind/dist/lib/ns: pfilter.c
        src/external/mpl/bind/dist/lib/ns/include/ns: pfilter.h
Removed Files:
        src/external/mpl/bind/dist/bin/named: pfilter.c pfilter.h

Log Message:
put back the blacklistd integration that got lost in the bsd -> mpl move.


To generate a diff of this commit:
cvs rdiff -u -r1.4 -r1.5 src/external/mpl/bind/Makefile.inc
cvs rdiff -u -r1.2 -r1.3 src/external/mpl/bind/bin/named/Makefile
cvs rdiff -u -r1.4 -r1.5 src/external/mpl/bind/dist/bin/named/main.c
cvs rdiff -u -r1.1 -r0 src/external/mpl/bind/dist/bin/named/pfilter.c \
    src/external/mpl/bind/dist/bin/named/pfilter.h
cvs rdiff -u -r1.1.1.4 -r1.2 src/external/mpl/bind/dist/lib/ns/Makefile.in
cvs rdiff -u -r0 -r1.1 src/external/mpl/bind/dist/lib/ns/pfilter.c
cvs rdiff -u -r1.6 -r1.7 src/external/mpl/bind/dist/lib/ns/query.c
cvs rdiff -u -r1.4 -r1.5 src/external/mpl/bind/dist/lib/ns/update.c
cvs rdiff -u -r1.5 -r1.6 src/external/mpl/bind/dist/lib/ns/xfrout.c
cvs rdiff -u -r0 -r1.1 src/external/mpl/bind/dist/lib/ns/include/ns/pfilter.h
cvs rdiff -u -r1.3 -r1.4 src/external/mpl/bind/lib/libns/Makefile

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


Modified files:

Index: src/external/mpl/bind/Makefile.inc
diff -u src/external/mpl/bind/Makefile.inc:1.4 src/external/mpl/bind/Makefile.inc:1.5
--- src/external/mpl/bind/Makefile.inc:1.4	Thu Feb 28 17:18:21 2019
+++ src/external/mpl/bind/Makefile.inc	Mon Sep  9 10:40:39 2019
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile.inc,v 1.4 2019/02/28 22:18:21 joerg Exp $
+#	$NetBSD: Makefile.inc,v 1.5 2019/09/09 14:40:39 christos Exp $
 
 .if !defined(BIND9_MAKEFILE_INC)
 BIND9_MAKEFILE_INC=yes
@@ -77,6 +77,9 @@ CPPFLAGS+= -DLIBINTERFACE=${LIBINTERFACE
 #CPPFLAGS+= -DUSE_MEMIMPREGISTER -DUSE_APPIMPREGISTER -DUSE_SOCKETIMPREGISTER \
 #    -DUSE_TIMERIMPREGISTER
 
+LDADD+=-lblacklist
+DPADD+=${LIBBLACKLIST}
+
 .if ${NAMED_USE_PTHREADS} == "yes"
 # XXX: Not ready yet
 # CPPFLAGS+=	-DISC_PLATFORM_USE_NATIVE_RWLOCKS

Index: src/external/mpl/bind/bin/named/Makefile
diff -u src/external/mpl/bind/bin/named/Makefile:1.2 src/external/mpl/bind/bin/named/Makefile:1.3
--- src/external/mpl/bind/bin/named/Makefile:1.2	Tue Aug 14 07:52:56 2018
+++ src/external/mpl/bind/bin/named/Makefile	Mon Sep  9 10:40:39 2019
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.2 2018/08/14 11:52:56 christos Exp $
+#	$NetBSD: Makefile,v 1.3 2019/09/09 14:40:39 christos Exp $
 
 LDADD+=-lns
 DPADD+=${LIBNS}
@@ -35,11 +35,9 @@ SRCS_UNIX=	os.c dlz_dlopen_driver.c
 SRCS=	builtin.c config.c control.c controlconf.c \
 	log.c logconf.c \
 	main.c server.c statschannel.c \
-	pfilter.c tkeyconf.c tsigconf.c \
+	tkeyconf.c tsigconf.c \
 	zoneconf.c ${SRCS_UNIX}
 
 main.o: ${VERSIONFILE}
 
-LDADD+=-lblacklist
-DPADD+=${LIBBLACKLIST}
 .include <bsd.prog.mk>

Index: src/external/mpl/bind/dist/bin/named/main.c
diff -u src/external/mpl/bind/dist/bin/named/main.c:1.4 src/external/mpl/bind/dist/bin/named/main.c:1.5
--- src/external/mpl/bind/dist/bin/named/main.c:1.4	Sun Feb 24 15:01:27 2019
+++ src/external/mpl/bind/dist/bin/named/main.c	Mon Sep  9 10:40:39 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: main.c,v 1.4 2019/02/24 20:01:27 christos Exp $	*/
+/*	$NetBSD: main.c,v 1.5 2019/09/09 14:40:39 christos Exp $	*/
 
 /*
  * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
@@ -89,7 +89,7 @@
 #include <zlib.h>
 #endif
 
-#include "pfilter.h"
+#include <ns/pfilter.h>
 /*
  * Include header files for database drivers here.
  */
@@ -1404,7 +1404,7 @@ main(int argc, char *argv[]) {
 
 	parse_command_line(argc, argv);
 
-	pfilter_open();
+	pfilter_enable();
 
 #ifdef ENABLE_AFL
 	if (named_g_fuzz_type != isc_fuzz_none) {

Index: src/external/mpl/bind/dist/lib/ns/Makefile.in
diff -u src/external/mpl/bind/dist/lib/ns/Makefile.in:1.1.1.4 src/external/mpl/bind/dist/lib/ns/Makefile.in:1.2
--- src/external/mpl/bind/dist/lib/ns/Makefile.in:1.1.1.4	Thu Sep  5 15:27:41 2019
+++ src/external/mpl/bind/dist/lib/ns/Makefile.in	Mon Sep  9 10:40:40 2019
@@ -42,11 +42,11 @@ LIBS =		@LIBS@
 OBJS =		client.@O@ hooks.@O@ interfacemgr.@O@ lib.@O@ \
 		listenlist.@O@ log.@O@ notify.@O@ query.@O@ \
 		server.@O@ sortlist.@O@ stats.@O@ update.@O@ \
-		version.@O@ xfrout.@O@
+		version.@O@ xfrout.@O@ pfilter.@O@
 
 SRCS =		client.c hooks.c interfacemgr.c lib.c listenlist.c \
 		log.c notify.c query.c server.c sortlist.c stats.c \
-		update.c version.c xfrout.c
+		update.c version.c xfrout.c pfilter.c
 
 SUBDIRS =	include
 TESTDIRS =	@UNITTESTS@

Index: src/external/mpl/bind/dist/lib/ns/query.c
diff -u src/external/mpl/bind/dist/lib/ns/query.c:1.6 src/external/mpl/bind/dist/lib/ns/query.c:1.7
--- src/external/mpl/bind/dist/lib/ns/query.c:1.6	Thu Sep  5 15:33:00 2019
+++ src/external/mpl/bind/dist/lib/ns/query.c	Mon Sep  9 10:40:40 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: query.c,v 1.6 2019/09/05 19:33:00 christos Exp $	*/
+/*	$NetBSD: query.c,v 1.7 2019/09/09 14:40:40 christos Exp $	*/
 
 /*
  * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
@@ -71,6 +71,8 @@
 #include <ns/stats.h>
 #include <ns/xfrout.h>
 
+#include <ns/pfilter.h>
+
 #if 0
 /*
  * It has been recommended that DNS64 be changed to return excluded
@@ -868,6 +870,8 @@ query_checkcacheaccess(ns_client_t *clie
 					      msg);
 			}
 		} else if (log) {
+			pfilter_notify(result, client, "checkcacheaccess");
+
 			/*
 			 * We were denied by the "allow-query-cache" ACL.
 			 * There is no need to clear NS_QUERYATTR_CACHEACLOK
@@ -999,6 +1003,7 @@ query_validatezonedb(ns_client_t *client
 					      "%s approved", msg);
 			}
 		} else {
+			pfilter_notify(result, client, "validatezonedb");
 			ns_client_aclmsg("query", name, qtype,
 					 client->view->rdclass,
 					 msg, sizeof(msg));
@@ -1032,6 +1037,8 @@ query_validatezonedb(ns_client_t *client
 
 		result = ns_client_checkaclsilent(client, &client->destaddr,
 						  queryonacl, true);
+		if (result != ISC_R_SUCCESS)
+			pfilter_notify(result, client, "validatezonedb");
 		if ((options & DNS_GETDB_NOLOG) == 0 &&
 		    result != ISC_R_SUCCESS)
 			ns_client_log(client, DNS_LOGCATEGORY_SECURITY,

Index: src/external/mpl/bind/dist/lib/ns/update.c
diff -u src/external/mpl/bind/dist/lib/ns/update.c:1.4 src/external/mpl/bind/dist/lib/ns/update.c:1.5
--- src/external/mpl/bind/dist/lib/ns/update.c:1.4	Sun Feb 24 15:01:32 2019
+++ src/external/mpl/bind/dist/lib/ns/update.c	Mon Sep  9 10:40:40 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: update.c,v 1.4 2019/02/24 20:01:32 christos Exp $	*/
+/*	$NetBSD: update.c,v 1.5 2019/09/09 14:40:40 christos Exp $	*/
 
 /*
  * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
@@ -56,6 +56,8 @@
 #include <ns/stats.h>
 #include <ns/update.h>
 
+#include <ns/pfilter.h>
+
 /*! \file
  * \brief
  * This module implements dynamic update as in RFC2136.
@@ -337,6 +339,7 @@ checkqueryacl(ns_client_t *client, dns_a
 
 	result = ns_client_checkaclsilent(client, NULL, queryacl, true);
 	if (result != ISC_R_SUCCESS) {
+		pfilter_notify(result, client, "queryacl");
 		dns_name_format(zonename, namebuf, sizeof(namebuf));
 		dns_rdataclass_format(client->view->rdclass, classbuf,
 				      sizeof(classbuf));
@@ -349,6 +352,7 @@ checkqueryacl(ns_client_t *client, dns_a
 			      "update '%s/%s' denied due to allow-query",
 			      namebuf, classbuf);
 	} else if (updateacl == NULL && ssutable == NULL) {
+		pfilter_notify(result, client, "updateacl");
 		dns_name_format(zonename, namebuf, sizeof(namebuf));
 		dns_rdataclass_format(client->view->rdclass, classbuf,
 				      sizeof(classbuf));
@@ -392,6 +396,7 @@ checkupdateacl(ns_client_t *client, dns_
 		msg = "disabled";
 	} else {
 		result = ns_client_checkaclsilent(client, NULL, acl, false);
+		pfilter_notify(result, client, "updateacl");
 		if (result == ISC_R_SUCCESS) {
 			level = ISC_LOG_DEBUG(3);
 			msg = "approved";

Index: src/external/mpl/bind/dist/lib/ns/xfrout.c
diff -u src/external/mpl/bind/dist/lib/ns/xfrout.c:1.5 src/external/mpl/bind/dist/lib/ns/xfrout.c:1.6
--- src/external/mpl/bind/dist/lib/ns/xfrout.c:1.5	Thu Sep  5 15:33:00 2019
+++ src/external/mpl/bind/dist/lib/ns/xfrout.c	Mon Sep  9 10:40:40 2019
@@ -1,4 +1,4 @@
-/*	$NetBSD: xfrout.c,v 1.5 2019/09/05 19:33:00 christos Exp $	*/
+/*	$NetBSD: xfrout.c,v 1.6 2019/09/09 14:40:40 christos Exp $	*/
 
 /*
  * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
@@ -50,6 +50,8 @@
 #include <ns/stats.h>
 #include <ns/xfrout.h>
 
+#include <ns/pfilter.h>
+
 /*! \file
  * \brief
  * Outgoing AXFR and IXFR.
@@ -833,6 +835,7 @@ ns_xfr_start(ns_client_t *client, dns_rd
 						     &client->peeraddr,
 						     &db);
 
+			pfilter_notify(result, client, "zonexfr");
 			if (result == ISC_R_NOPERM) {
 				char _buf1[DNS_NAME_FORMATSIZE];
 				char _buf2[DNS_RDATACLASS_FORMATSIZE];

Index: src/external/mpl/bind/lib/libns/Makefile
diff -u src/external/mpl/bind/lib/libns/Makefile:1.3 src/external/mpl/bind/lib/libns/Makefile:1.4
--- src/external/mpl/bind/lib/libns/Makefile:1.3	Sat Apr 27 20:01:16 2019
+++ src/external/mpl/bind/lib/libns/Makefile	Mon Sep  9 10:40:40 2019
@@ -1,4 +1,4 @@
-#	$NetBSD: Makefile,v 1.3 2019/04/28 00:01:16 christos Exp $
+#	$NetBSD: Makefile,v 1.4 2019/09/09 14:40:40 christos Exp $
 
 LIB=ns
 #USE_SHLIBDIR=   yes
@@ -22,6 +22,6 @@ CWARNFLAGS.clang+=	-Wno-tautological-con
 
 SRCS=	client.c hooks.c interfacemgr.c lib.c listenlist.c \
 	log.c notify.c query.c server.c sortlist.c stats.c \
-	update.c version.c xfrout.c
+	update.c version.c xfrout.c pfilter.c
 
 .include <bsd.lib.mk>

Added files:

Index: src/external/mpl/bind/dist/lib/ns/pfilter.c
diff -u /dev/null src/external/mpl/bind/dist/lib/ns/pfilter.c:1.1
--- /dev/null	Mon Sep  9 10:40:40 2019
+++ src/external/mpl/bind/dist/lib/ns/pfilter.c	Mon Sep  9 10:40:40 2019
@@ -0,0 +1,50 @@
+#include <config.h>
+
+#include <isc/platform.h>
+#include <isc/util.h>
+#include <ns/types.h>
+#include <ns/client.h>
+
+#include <blacklist.h>
+
+#include <ns/pfilter.h>
+
+static struct blacklist *blstate;
+static int blenable;
+
+void
+pfilter_enable(void) {
+	blenable = 1;
+}
+
+#define TCP_CLIENT(c)  (((c)->attributes & NS_CLIENTATTR_TCP) != 0)
+
+void
+pfilter_notify(isc_result_t res, ns_client_t *client, const char *msg)
+{
+	isc_socket_t *socket;
+
+	if (!blenable)
+		return;
+
+	if (blstate == NULL)
+		blstate = blacklist_open();
+
+	if (blstate == NULL)
+		return;
+
+	if (TCP_CLIENT(client))
+		socket = client->tcpsocket;
+	else {
+		socket = client->udpsocket;
+		if (!client->peeraddr_valid)
+			return;
+	}
+
+	if (socket == NULL)
+		return;
+
+	blacklist_sa_r(blstate, 
+	    res != ISC_R_SUCCESS, isc_socket_getfd(socket),
+	    &client->peeraddr.type.sa, client->peeraddr.length, msg);
+}

Index: src/external/mpl/bind/dist/lib/ns/include/ns/pfilter.h
diff -u /dev/null src/external/mpl/bind/dist/lib/ns/include/ns/pfilter.h:1.1
--- /dev/null	Mon Sep  9 10:40:40 2019
+++ src/external/mpl/bind/dist/lib/ns/include/ns/pfilter.h	Mon Sep  9 10:40:40 2019
@@ -0,0 +1,2 @@
+void pfilter_enable(void);
+void pfilter_notify(isc_result_t, ns_client_t *, const char *);

Reply via email to