/** apply acl_list string */ static int acl_list_str_cfg(struct acl_list* acl, const char* str, const char* s2, int complain_duplicates) { struct sockaddr_storage addr; int net; socklen_t addrlen; enum acl_access control; if(strcmp(s2, "allow") == 0) control = acl_allow; else if(strcmp(s2, "deny") == 0) control = acl_deny; else if(strcmp(s2, "refuse") == 0) control = acl_refuse; else if(strcmp(s2, "allow_snoop") == 0) control = acl_allow_snoop; else { log_err("access control type %s unknown", str); return 0; } if(!netblockstrtoaddr(str, UNBOUND_DNS_PORT, &addr, &addrlen, &net)) { log_err("cannot parse access control: %s %s", str, s2); return 0; } if(!acl_list_insert(acl, &addr, addrlen, net, control, complain_duplicates)) { log_err("out of memory"); return 0; } return 1; }
/** returns the node in the address tree for the specified netblock string; * non-existent node will be created if 'create' is true */ static struct resp_addr* respip_find_or_create(struct respip_set* set, const char* ipstr, int create) { struct resp_addr* node; struct sockaddr_storage addr; int net; socklen_t addrlen; if(!netblockstrtoaddr(ipstr, 0, &addr, &addrlen, &net)) { log_err("cannot parse netblock: '%s'", ipstr); return NULL; } node = (struct resp_addr*)addr_tree_find(&set->ip_tree, &addr, addrlen, net); if(!node && create) { node = regional_alloc_zero(set->region, sizeof(*node)); if(!node) { log_err("out of memory"); return NULL; } node->action = respip_none; if(!addr_tree_insert(&set->ip_tree, &node->node, &addr, addrlen, net)) { /* We know we didn't find it, so this should be * impossible. */ log_warn("unexpected: duplicate address: %s", ipstr); } } return node; }
/** check acl ips */ static void aclchecks(struct config_file* cfg) { int d; struct sockaddr_storage a; socklen_t alen; struct config_str2list* acl; for(acl=cfg->acls; acl; acl = acl->next) { if(!netblockstrtoaddr(acl->str, UNBOUND_DNS_PORT, &a, &alen, &d)) { fatal_exit("cannot parse access control address %s %s", acl->str, acl->str2); } } }
/** enter override into zone */ static int lz_enter_override(struct local_zones* zones, char* zname, char* netblock, char* type, uint16_t rr_class) { uint8_t dname[LDNS_MAX_DOMAINLEN+1]; size_t dname_len = sizeof(dname); int dname_labs; struct sockaddr_storage addr; int net; socklen_t addrlen; struct local_zone* z; enum localzone_type t; /* parse zone name */ if(sldns_str2wire_dname_buf(zname, dname, &dname_len) != 0) { log_err("cannot parse zone name in local-zone-override: %s %s", zname, netblock); return 0; } dname_labs = dname_count_labels(dname); /* parse netblock */ if(!netblockstrtoaddr(netblock, UNBOUND_DNS_PORT, &addr, &addrlen, &net)) { log_err("cannot parse netblock in local-zone-override: %s %s", zname, netblock); return 0; } /* parse zone type */ if(!local_zone_str2type(type, &t)) { log_err("cannot parse type in local-zone-override: %s %s %s", zname, netblock, type); return 0; } /* find localzone entry */ lock_rw_rdlock(&zones->lock); z = local_zones_find(zones, dname, dname_len, dname_labs, rr_class); if(!z) { lock_rw_unlock(&zones->lock); log_err("no local-zone for local-zone-override %s", zname); return 0; } lock_rw_wrlock(&z->lock); lock_rw_unlock(&zones->lock); /* create netblock addr_tree if not present yet */ if(!z->override_tree) { z->override_tree = (struct rbtree_t*)regional_alloc_zero( z->region, sizeof(*z->override_tree)); if(!z->override_tree) { lock_rw_unlock(&z->lock); log_err("out of memory"); return 0; } addr_tree_init(z->override_tree); } /* add new elem to tree */ if(z->override_tree) { struct local_zone_override* n; n = (struct local_zone_override*)regional_alloc_zero( z->region, sizeof(*n)); if(!n) { lock_rw_unlock(&z->lock); log_err("out of memory"); return 0; } n->type = t; if(!addr_tree_insert(z->override_tree, (struct addr_tree_node*)n, &addr, addrlen, net)) { lock_rw_unlock(&z->lock); log_err("duplicate local-zone-override %s %s", zname, netblock); return 1; } } lock_rw_unlock(&z->lock); return 1; }