Commit 10e6498d authored by David Lawrence's avatar David Lawrence
Browse files

* Removed max-names (as well as DNS_R_ZONETOOLARGE, which was

        never returned by any function and was presumably cruft
        related to max-names).
  * Made allow-notify part of the public source and documented it.
  * Made master server TSIG keys part of the public source and documented it.
  * Removed a define of DNS_OPT_NEWCODES supposedly used by GNS, with
        the approval of Mike.
  * Made DNS_ZONE_FORCELOAD flag, used by rndc reload, work in the
        public source.  After the NOMINUM_PUBLIC cleanup, I'll
        fix the rndc reload issues we've been discussing here at IETF.

I left in NOMIMUM_PUBLIC around the forward-notify stuff, with the
expectation that Michael will give the go-ahead next week to remove it.
parent 58082ab8
611. [func] allow-notify can be used to permit processing of
notify messages from hosts other than a slave's
masters.
610. [func] rndc dumpdb is now supported.
609. [bug] getrrsetbyname() would crash lwresd if the server
......@@ -870,6 +874,14 @@
dns_name_dup() when generating a TSIG
key using TKEY.
341. [func] Support 'key' clause in named.conf zone masters
statement to allow authentication via TSIG keys:
masters {
10.0.0.1 port 5353 key "foo";
10.0.0.2 ;
};
340. [bug] The top-level COPYRIGHT file was missing from
the distribution.
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: lwresd.c,v 1.26 2000/11/15 23:56:21 bwelling Exp $ */
/* $Id: lwresd.c,v 1.27 2000/12/13 00:15:02 tale Exp $ */
/*
* Main program for the Lightweight Resolver Daemon.
......@@ -214,11 +214,7 @@ ns_lwresd_parseresolvconf(isc_mem_t *mctx, dns_c_ctx_t **ctxp) {
port));
if (result != ISC_R_SUCCESS)
continue;
#ifndef NOMINUM_PUBLIC
CHECK(dns_c_iplist_append(forwarders, sa, NULL));
#else /* NOMINUM_PUBLIC */
CHECK(dns_c_iplist_append(forwarders, sa));
#endif /* NOMINUM_PUBLIC */
}
if (forwarders->nextidx != 0) {
......@@ -266,11 +262,7 @@ ns_lwresd_parseresolvconf(isc_mem_t *mctx, dns_c_ctx_t **ctxp) {
}
CHECK(dns_c_iplist_new(mctx, 1, &locallist));
#ifndef NOMINUM_PUBLIC
CHECK(dns_c_iplist_append(locallist, sa, NULL));
#else /* NOMINUM_PUBLIC */
CHECK(dns_c_iplist_append(locallist, sa));
#endif /* NOMINUM_PUBLIC */
CHECK(dns_c_lwres_setlistenon(lwres, locallist));
dns_c_iplist_detach(&locallist);
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: zoneconf.c,v 1.77 2000/12/11 19:19:15 bwelling Exp $ */
/* $Id: zoneconf.c,v 1.78 2000/12/13 00:15:03 tale Exp $ */
#include <config.h>
......@@ -223,7 +223,6 @@ ns_zone_configure(dns_c_ctx_t *cctx, dns_c_view_t *cview,
dns_zone_setchecknames(zone, dns_c_severity_warn);
#endif
#ifndef NOMINUM_PUBLIC
if (czone->ztype == dns_c_zone_slave)
RETERR(configure_zone_acl(czone, cctx, cview, ac, zone,
dns_c_zone_getallownotify,
......@@ -231,7 +230,6 @@ ns_zone_configure(dns_c_ctx_t *cctx, dns_c_view_t *cview,
dns_c_ctx_getallownotify,
dns_zone_setnotifyacl,
dns_zone_clearnotifyacl));
#endif /* NOMINUM_PUBLIC */
/*
* XXXAG This probably does not make sense for stubs.
*/
......@@ -261,17 +259,6 @@ ns_zone_configure(dns_c_ctx_t *cctx, dns_c_view_t *cview,
dns_zone_setstatistics(zone, statistics);
#ifndef NOMINUM_PUBLIC
if (czone->ztype != dns_c_zone_stub) {
result = dns_c_zone_getmaxnames(czone, &uintval);
if (result != ISC_R_SUCCESS && cview != NULL)
result = dns_c_view_getmaxnames(cview, &uintval);
if (result != ISC_R_SUCCESS)
result = dns_c_ctx_getmaxnames(cctx, &uintval);
if (result != ISC_R_SUCCESS)
uintval = 0;
dns_zone_setmaxnames(zone, uintval);
}
if (czone->ztype == dns_c_zone_slave) {
isc_boolean_t boolean;
......
......@@ -2,7 +2,7 @@
<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
"http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd">
<!-- File: $Id: Bv9ARM-book.xml,v 1.66 2000/12/12 21:43:11 bwelling Exp $ -->
<!-- File: $Id: Bv9ARM-book.xml,v 1.67 2000/12/13 00:15:05 tale Exp $ -->
<book>
......@@ -1800,7 +1800,9 @@ for access control, defining listen-on ports, or as a topology,
and whether the element was negated.</para>
<para>When used as an access control list, a non-negated match allows
access and a negated match denies access. If there is no match,
access is denied. The clauses <command>allow-query</command>, <command>allow-transfer</command>, <command>allow-update</command> and <command>blackhole</command> all
access is denied. The clauses <command>allow-notify<command>,
<command>allow-query</command>, <command>allow-transfer</command>,
<command>allow-update</command> and <command>blackhole</command> all
use address match lists this. Similarly, the listen-on option will cause
the server to not accept queries on any of the machine's addresses
which do not match the list.</para>
......@@ -2455,6 +2457,7 @@ lookups performed on behalf of clients by a caching name server.</para></entry>
<optional> forward ( <replaceable>only</replaceable> | <replaceable>first</replaceable> ); </optional>
<optional> forwarders { <optional> <replaceable>in_addr</replaceable> ; <optional> <replaceable>in_addr</replaceable> ; ... </optional> </optional> }; </optional>
<optional> check-names ( <replaceable>master</replaceable> | <replaceable>slave</replaceable> | <replaceable> response</replaceable> )( <replaceable>warn</replaceable> | <replaceable>fail</replaceable> | <replaceable>ignore</replaceable> ); </optional>
<optional> allow-notify { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-query { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-transfer { <replaceable>address_match_list</replaceable> }; </optional>
<optional> allow-recursion { <replaceable>address_match_list</replaceable> }; </optional>
......@@ -2879,6 +2882,16 @@ details on how to specify IP address lists.</para>
<colspec colname = "2" colnum = "2" colsep = "0" colwidth = "3.125in"/>
<tbody>
<row rowsep = "0">
<entry colname = "1"><para><command>allow-notify</command></para></entry>
<entry colname = "2"><para>Specifies which hosts are allowed to
notify slaves of a zone change in addition to the zone masters.
<command>allow-notify</command> may also be specified in the
<command>zone</command> statement, in which case it overrides the
<command>options allow-notify</command> statement. It is only meaningful
for a slave zone. If not specified, the default is to process notify messages
only from a zone's master.</para></entry>
</row>
<row rowsep = "0">
<entry colname = "1"><para><command>allow-query</command></para></entry>
<entry colname = "2"><para>Specifies which hosts are allowed to
ask ordinary questions. <command>allow-query</command> may also
......@@ -3093,7 +3106,7 @@ except zone transfers are performed using IPv6.</para></entry>
which local source address, and optionally UDP port, will be used to
send NOTIFY messages.
This address must appear in the slave server's <command>masters</command>
zone clause.
zone clause or in an <command>allow-notify</command> clause.
This statement sets the <command>notify-source</command> for all zones,
but can be overridden on a per-zone / per-view basis by including a
<command>notify-source</command> statement within the <command>zone</command>
......@@ -3645,6 +3658,7 @@ view "external" {
Statement Grammar</title>
<programlisting>zone <replaceable>zone_name</replaceable> <optional><replaceable>class</replaceable></optional> <optional>{
type ( master | slave | hint | stub | forward ) ;
<optional> allow-notify { <replaceable>address_match_list</replaceable> } ; </optional>
<optional> allow-query { <replaceable>address_match_list</replaceable> } ; </optional>
<optional> allow-transfer { <replaceable>address_match_list</replaceable> } ; </optional>
<optional> allow-update { <replaceable>address_match_list</replaceable> } ; </optional>
......@@ -3659,7 +3673,7 @@ Statement Grammar</title>
<optional> ixfr-base <replaceable>string</replaceable> ; </optional>
<optional> ixfr-tmp-file <replaceable>string</replaceable> ; </optional>
<optional> maintain-ixfr-base <replaceable>yes_or_no</replaceable> ; </optional>
<optional> masters <optional>port <replaceable>ip_port</replaceable></optional> { <replaceable>ip_addr</replaceable> ; <optional><replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> ; <optional>...</optional></optional> } ; </optional>
<optional> masters <optional>port <replaceable>ip_port</replaceable></optional> { <replaceable>ip_addr</replaceable> <optional>port <replaceable>ip_port</replaceable></optional> <optional>key <replaceable>key</replaceable></optional>; <optional>...</optional> } ; </optional>
<optional> max-ixfr-log-size <replaceable>number</replaceable> ; </optional>
<optional> max-transfer-idle-in <replaceable>number</replaceable> ; </optional>
<optional> max-transfer-idle-out <replaceable>number</replaceable> ; </optional>
......@@ -3699,6 +3713,7 @@ of master servers that the slave contacts to update its copy of the zone.
By default, transfers are made from port 53 on the servers; this can
be changed for all servers by specifying a port number before the
list of IP addresses, or on a per-server basis after the IP address.
Authentication to the master can also be done with per-server TSIG keys.
If a file is specified, then the
replica will be written to this file whenever the zone is changed,
and reloaded from this file on a server restart. Use of a file is
......@@ -3777,6 +3792,11 @@ in the mid-1970s. Zone data for it can be specified with the <literal>CHAOS</lit
<colspec colname = "1" colnum = "1" colsep = "0" colwidth = "1.653in"/>
<colspec colname = "2" colnum = "2" colsep = "0" colwidth = "2.847in"/>
<tbody>
<row rowsep = "0">
<entry colname = "1"><para><command>allow-notify</command></para></entry>
<entry colname = "2"><para>See the description of
<command>allow-notify</command> in <xref linkend="access_control"/></para></entry>
</row>
<row rowsep = "0">
<entry colname = "1"><para><command>allow-query</command></para></entry>
<entry colname = "2"><para>See the description of
......@@ -4606,7 +4626,9 @@ and not part of the standard zone file format.</para>
<chapter id="ch07"><title><acronym>BIND</acronym> 9 Security Considerations</title>
<sect1 id="Access_Control_Lists"><title>Access Control Lists</title>
<para>Access Control Lists (ACLs), are address match lists that
you can set up and nickname for future use in <command>allow-query</command>, <command>allow-recursion</command>, <command>blackhole</command>, <command>allow-transfer</command>,
you can set up and nickname for future use in <command>allow-notify</command>,
<command>allow-query</command>, <command>allow-recursion</command>,
<command>blackhole</command>, <command>allow-transfer</command>,
etc.</para>
<para>Using ACLs allows you to have finer control over who can access
your nameserver, without cluttering up your config files with huge
......
Copyright (C) 2000 Internet Software Consortium.
See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
$Id: options,v 1.52 2000/12/02 00:25:40 gson Exp $
$Id: options,v 1.53 2000/12/13 00:15:07 tale Exp $
This is a summary of the implementation status of the various named.conf
options in BIND 9.
......@@ -61,6 +61,7 @@ options {
[ forward ( only | first ); ] Yes
[ forwarders { [ in_addr ; [ in_addr ; ... ] ] }; ] Yes
[ check-names ... ] Obsolete
[ allow-notify { address_match_list }; ] Yes*
[ allow-query { address_match_list }; ] Yes@
[ allow-transfer { address_match_list }; ] Yes@
[ allow-recursion { address_match_list }; ] Yes@
......@@ -172,6 +173,7 @@ zone "domain_name" [ ( in | hs | hesiod | chaos ) ] {
[ forward ( only | first ); ] Yes
[ forwarders { [ ip_addr ; [ ip_addr ; ... ] ] }; ] Yes
[ check-names ( warn | fail | ignore ); ] Obsolete
[ allow-notify { address_match_list };] Yes*
[ allow-update { address_match_list }; ] Obsolete
[ allow-update-forwarding { address_match_list }; ] No*
[ allow-query { address_match_list }; ] Yes@
......@@ -242,6 +244,7 @@ view "view_name" [ ( in | hs | hesiod | chaos ) ] { Yes*
[ forward ( only | first ); ] Yes
[ forwarders { [ in_addr ; [ in_addr ; ... ] ] }; ] Yes
[ check-names ... ] Obsolete
[ allow-notify { address_match_list }; ] Yes
[ allow-query { address_match_list }; ] Yes
[ allow-transfer { address_match_list }; ] Yes
[ allow-recursion { address_match_list }; ] Yes
......
341. [func] Support 'key' clause in named.conf zone masters
statement:
masters {
10.0.0.1 port 666 key "foo";
10.0.0.2 ;
};
Copyright (C) 2000 Internet Software Consortium.
See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
$Id: options,v 1.3 2000/11/18 03:01:02 bwelling Exp $
$Id: options,v 1.4 2000/12/13 00:15:10 tale Exp $
options {
...
[ allow-notify { address_match_list }; ]
[ notify-forward yes_or_no; ]
};
view "view_name" [ ( in | hs | hesiod | chaos ) ] {
...
[ allow-notify { address_match_list }; ]
[ notify-forward yes_or_no; ]
};
zone "zone_name" {
type slave;
...
[ allow-notify { address_match_list };]
[ notify-forward yes_or_no; ]
[ max-names integer; ]
};
allow-notify:
Accept notify messages which match this acl in addition to
the zone masters. Zone masters implicitly do not match.
notify-forward:
If 'yes' forward notifies which match 'allow-notify' to zone
masters. If 'no' accept the notify which match 'allow-notify'
as if it came from a master. Default 'no'.
max-names:
The maximum number of names allowed in a slave zone.
If an incoming zone transfer contains more than this
many names, the zone will be unloaded.
Also, the "masters" list for slave zones can contain per-master TSIG keys
using a syntax like "masters { 1.2.3.4 port 5555 key "foo." };".
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: confctx.c,v 1.112 2000/12/12 21:33:15 bwelling Exp $ */
/* $Id: confctx.c,v 1.113 2000/12/13 00:15:18 tale Exp $ */
#include <config.h>
......@@ -1015,10 +1015,6 @@ dns_c_ctx_optionsprint(FILE *fp, int indent, dns_c_options_t *options)
PRINT_INTEGER(min_refresh_time, "min-refresh-time");
PRINT_INTEGER(max_refresh_time, "max-refresh-time");
#ifndef NOMINUM_PUBLIC
PRINT_INTEGER(max_names, "max-names");
#endif /* NOMINUM_PUBLIC */
PRINT_AS_SIZE_CLAUSE(max_cache_size, "max-cache-size");
PRINT_AS_SIZE_CLAUSE(data_size, "datasize");
......@@ -1091,9 +1087,7 @@ dns_c_ctx_optionsprint(FILE *fp, int indent, dns_c_options_t *options)
fprintf(fp, "\n");
#ifndef NOMINUM_PUBLIC
PRINT_IPMLIST(queryacl, "allow-notify");
#endif /* NOMINUM_PUBLIC */
PRINT_IPMLIST(queryacl, "allow-query");
PRINT_IPMLIST(transferacl, "allow-transfer");
PRINT_IPMLIST(recursionacl, "allow-recursion");
......@@ -1571,10 +1565,6 @@ dns_c_ctx_optionsnew(isc_mem_t *mem, dns_c_options_t **options)
opts->min_refresh_time = NULL;
opts->max_refresh_time = NULL;
#ifndef NOMINUM_PUBLIC
opts->max_names = NULL;
#endif /* NOMINUM_PUBLIC */
opts->expert_mode = NULL;
opts->fake_iquery = NULL;
opts->recursion = NULL;
......@@ -1623,9 +1613,7 @@ dns_c_ctx_optionsnew(isc_mem_t *mem, dns_c_options_t **options)
opts->transfer_format = NULL;
#ifndef NOMINUM_PUBLIC
opts->notifyacl = NULL;
#endif /* NOMINUM_PUBLIC */
opts->queryacl = NULL;
opts->transferacl = NULL;
opts->recursionacl = NULL;
......@@ -1752,7 +1740,6 @@ dns_c_ctx_optionsdelete(dns_c_options_t **opts)
FREEFIELD(max_refresh_time);
#ifndef NOMINUM_PUBLIC
FREEFIELD(max_names);
FREEFIELD(notify_forward);
#endif /* NOMINUM_PUBLIC */
......@@ -1780,9 +1767,7 @@ dns_c_ctx_optionsdelete(dns_c_options_t **opts)
FREEFIELD(transfer_format);
#ifndef NOMINUM_PUBLIC
FREEIPMLIST(notifyacl);
#endif /* NOMINUM_PUBLIC */
FREEIPMLIST(queryacl);
FREEIPMLIST(transferacl);
FREEIPMLIST(recursionacl);
......@@ -1874,10 +1859,6 @@ UINT32_FUNCS(maxretrytime, max_retry_time)
UINT32_FUNCS(minrefreshtime, min_refresh_time)
UINT32_FUNCS(maxrefreshtime, max_refresh_time)
#ifndef NOMINUM_PUBLIC
UINT32_FUNCS(maxnames, max_names)
#endif /* NOMINUM_PUBLIC */
BOOL_FUNCS(expertmode, expert_mode)
BOOL_FUNCS(fakeiquery, fake_iquery)
BOOL_FUNCS(recursion, recursion)
......@@ -2105,9 +2086,7 @@ dns_c_ctx_unsetchecknames(dns_c_ctx_t *cfg,
return (ISC_R_SUCCESS);
}
#ifndef NOMINUM_PUBLIC
IPMLIST_FUNCS(allownotify, notifyacl)
#endif /* NOMINUM_PUBLIC */
IPMLIST_FUNCS(allowquery, queryacl)
IPMLIST_FUNCS(allowtransfer, transferacl)
IPMLIST_FUNCS(allowrecursion, recursionacl)
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: confip.c,v 1.37 2000/09/27 20:10:39 gson Exp $ */
/* $Id: confip.c,v 1.38 2000/12/13 00:15:21 tale Exp $ */
#include <config.h>
......@@ -778,9 +778,7 @@ isc_result_t
dns_c_iplist_new(isc_mem_t *mem, int length, dns_c_iplist_t **newlist) {
dns_c_iplist_t *list;
size_t bytes;
#ifndef NOMINUM_PUBLIC
int i;
#endif /* NOMINUM_PUBLIC */
REQUIRE(mem != NULL);
REQUIRE(length > 0);
REQUIRE(newlist != NULL);
......@@ -798,8 +796,6 @@ dns_c_iplist_new(isc_mem_t *mem, int length, dns_c_iplist_t **newlist) {
}
memset(list->ips, 0x0, bytes);
#ifndef NOMINUM_PUBLIC
bytes = sizeof(dns_name_t *) * length;
list->keys = isc_mem_get(mem, bytes);
if (list->keys == NULL) {
......@@ -809,7 +805,6 @@ dns_c_iplist_new(isc_mem_t *mem, int length, dns_c_iplist_t **newlist) {
}
for (i = 0 ; i < length ; i++)
list->keys[i] = NULL;
#endif /* NOMINUM_PUBLIC */
list->magic = DNS_C_IPLIST_MAGIC;
list->size = length;
......@@ -825,9 +820,7 @@ dns_c_iplist_new(isc_mem_t *mem, int length, dns_c_iplist_t **newlist) {
isc_result_t
dns_c_iplist_detach(dns_c_iplist_t **list) {
dns_c_iplist_t *l ;
#ifndef NOMINUM_PUBLIC
unsigned int i;
#endif /* NOMINUM_PUBLIC */
REQUIRE(list != NULL);
......@@ -841,7 +834,6 @@ dns_c_iplist_detach(dns_c_iplist_t **list) {
l->refcount--;
if (l->refcount == 0) {
#ifndef NOMINUM_PUBLIC
for (i = 0 ; i < l->size ; i++) {
if (l->keys[i] != NULL) {
dns_name_free(l->keys[i], l->mem);
......@@ -851,7 +843,6 @@ dns_c_iplist_detach(dns_c_iplist_t **list) {
}
}
isc_mem_put(l->mem, l->keys, sizeof(dns_name_t *) * l->size);
#endif /* NOMINUM_PUBLIC */
isc_mem_put(l->mem, l->ips, sizeof(isc_sockaddr_t) * l->size);
isc_mem_put(l->mem, l, sizeof(*l));
}
......@@ -861,7 +852,6 @@ dns_c_iplist_detach(dns_c_iplist_t **list) {
return (ISC_R_SUCCESS);
}
#ifndef NOMINUM_PUBLIC
isc_boolean_t
dns_c_iplist_haskeys(dns_c_iplist_t *list)
{
......@@ -877,7 +867,6 @@ dns_c_iplist_haskeys(dns_c_iplist_t *list)
return (ISC_FALSE);
}
#endif /* NOMINUM_PUBLIC */
void
dns_c_iplist_attach(dns_c_iplist_t *source, dns_c_iplist_t **target) {
......@@ -903,7 +892,6 @@ dns_c_iplist_copy(isc_mem_t *mem, dns_c_iplist_t **dest, dns_c_iplist_t *src) {
for (i = 0 ; i < src->nextidx ; i++) {
newl->ips[i] = src->ips[i];
#ifndef NOMINUM_PUBLIC
newl->keys[i] = NULL;
if (src->keys[i] != NULL) {
newl->keys[i] = isc_mem_get(mem, sizeof(dns_name_t));
......@@ -919,7 +907,6 @@ dns_c_iplist_copy(isc_mem_t *mem, dns_c_iplist_t **dest, dns_c_iplist_t *src) {
}
}
}
#endif /* NOMINUM_PUBLIC */
}
newl->nextidx = src->nextidx;
......@@ -943,7 +930,6 @@ dns_c_iplist_equal(dns_c_iplist_t *list1, dns_c_iplist_t *list2) {
if (!isc_sockaddr_equal(&list1->ips[i], &list2->ips[i]))
return (ISC_FALSE);
#ifndef NOMINUM_PUBLIC
if ((list1->keys[i] == NULL && list2->keys[i] != NULL) ||
(list1->keys[i] != NULL && list2->keys[i] == NULL))
return (ISC_FALSE);
......@@ -951,7 +937,6 @@ dns_c_iplist_equal(dns_c_iplist_t *list1, dns_c_iplist_t *list2) {
if (list1->keys[i] != NULL &&
!dns_name_equal(list1->keys[i], list2->keys[i]))
return (ISC_FALSE);
#endif /* NOMINUM_PUBLIC */
}
return (ISC_TRUE);
......@@ -1001,13 +986,11 @@ dns_c_iplist_printfully(FILE *fp, int indent, isc_boolean_t porttoo,
fprintf(fp, " port %d",
isc_sockaddr_getport(&list->ips[i]));
}
#ifndef NOMINUM_PUBLIC
if (list->keys[i] != NULL) {
fprintf(fp, " key \"");
dns_name_print(list->keys[i], fp);
fprintf(fp, "\" ");
}
#endif /* NOMINUM_PUBLIC */
fprintf(fp, ";\n");
}
dns_c_printtabs(fp, indent - 1);
......@@ -1022,15 +1005,10 @@ dns_c_iplist_print(FILE *fp, int indent, dns_c_iplist_t *list) {
dns_c_iplist_printfully(fp, indent, ISC_FALSE, list);
}
#ifndef NOMINUM_PUBLIC
isc_result_t
dns_c_iplist_append(dns_c_iplist_t *list, isc_sockaddr_t newaddr,
const char *key)
{
#else /* NOMINUM_PUBLIC */
isc_result_t
dns_c_iplist_append(dns_c_iplist_t *list, isc_sockaddr_t newaddr) {
#endif /* NOMINUM_PUBLIC */
isc_uint32_t i;
isc_result_t res;
......@@ -1047,9 +1025,7 @@ dns_c_iplist_append(dns_c_iplist_t *list, isc_sockaddr_t newaddr) {
if (list->nextidx == list->size) {
isc_sockaddr_t *newlist;
#ifndef NOMINUM_PUBLIC
dns_name_t **newkeys;
#endif /* NOMINUM_PUBLIC */
size_t newbytes;
size_t oldbytes = list->size * sizeof(list->ips[0]);
size_t newsize = list->size + 10;
......@@ -1065,7 +1041,6 @@ dns_c_iplist_append(dns_c_iplist_t *list, isc_sockaddr_t newaddr) {
isc_mem_put(list->mem, list->ips, oldbytes);
list->ips = newlist;
#ifndef NOMINUM_PUBLIC
oldbytes = sizeof(dns_name_t *) * list->size;
newbytes = sizeof(dns_name_t *) * newsize;
newkeys = isc_mem_get(list->mem, newbytes);
......@@ -1081,7 +1056,6 @@ dns_c_iplist_append(dns_c_iplist_t *list, isc_sockaddr_t newaddr) {
isc_mem_put(list->mem, list->keys, oldbytes);
list->keys = newkeys;
#endif /* NOMINUM_PUBLIC */
i = list->size;
list->size = newsize;
......@@ -1092,7 +1066,6 @@ dns_c_iplist_append(dns_c_iplist_t *list, isc_sockaddr_t newaddr) {
res = ISC_R_SUCCESS;
#ifndef NOMINUM_PUBLIC
if (key != NULL) {
if (list->keys[i] != NULL) {
dns_name_free(list->keys[i], list->mem);
......@@ -1103,7 +1076,6 @@ dns_c_iplist_append(dns_c_iplist_t *list, isc_sockaddr_t newaddr) {
res = dns_c_charptoname(list->mem, key, &list->keys[i]);
}
#endif /* NOMINUM_PUBLIC */
return (res);
}
......@@ -1128,18 +1100,14 @@ dns_c_iplist_remove(dns_c_iplist_t *list, isc_sockaddr_t newaddr) {
list->nextidx--;
#ifndef NOMINUM_PUBLIC
if (list->keys[i] != NULL) {
dns_name_reset(list->keys[i]);
isc_mem_put(list->mem, list->keys[i], sizeof(dns_name_t));
}
#endif /* NOMINUM_PUBLIC */
for ( /* nothing */ ; i < list->nextidx ; i++) {
list->ips[i] = list->ips[i + 1];
#ifndef NOMINUM_PUBLIC
list->keys[i] = list->keys[i + 1];
#endif /* NOMINUM_PUBLIC */
}
return (ISC_R_SUCCESS);
......
......@@ -33,7 +33,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: confparser.y.dirty,v 1.42 2000/12/12 21:33:16 bwelling Exp $ */
/* $Id: confparser.y.dirty,v 1.43 2000/12/13 00:15:23 tale Exp $ */
#include <config.h>
......@@ -263,9 +263,7 @@ static isc_boolean_t int_too_big(isc_uint32_t base, isc_uint32_t mult);
%token L_ADDRESS
%token L_ALGID
%token L_ALLOW
#ifndef NOMINUM_PUBLIC
%token L_ALLOW_NOTIFY
#endif /* NOMINUM_PUBLIC */
%token L_ALLOW_QUERY
%token L_ALLOW_RECURSION
%token L_ALLOW_TRANSFER
......@@ -342,9 +340,6 @@ static isc_boolean_t int_too_big(isc_uint32_t base, isc_uint32_t mult);
%token L_MAX_CACHE_SIZE
%token L_MAX_CACHE_TTL
%token L_MAX_LOG_SIZE_IXFR
#ifndef NOMINUM_PUBLIC
%token L_MAX_NAMES
#endif /* NOMINUM_PUBLIC */
%token L_MAX_NCACHE_TTL
%token L_MAX_REFRESH_TIME
%token L_MAX_RETRY_TIME
......@@ -497,9 +492,7 @@ static isc_boolean_t int_too_big(isc_uint32_t base, isc_uint32_t mult);
%type <text> channel_name
%type <text> domain_name
%type <text> key_value
#ifndef NOMINUM_PUBLIC
%type <text> maybe_key
#endif /* NOMINUM_PUBLIC */
%type <kidlist> control_keys
%type <kidlist> keyid_list
%type <searchlist> searchlist
......@@ -1200,7 +1193,6 @@ option: /* Empty */
YYABORT;
}
}
#ifndef NOMINUM_PUBLIC
| L_ALLOW_NOTIFY L_LBRACE address_match_list L_RBRACE
{
if ($3 == NULL)
......@@ -1218,7 +1210,6 @@ option: /* Empty */
YYABORT;
}
}
#endif /* NOMINUM_PUBLIC */
| L_ALLOW_QUERY L_LBRACE address_match_list L_RBRACE
{
if ($3 == NULL)
......@@ -1654,21 +1645,6 @@ option: /* Empty */
YYABORT;
}
}
#ifndef NOMINUM_PUBLIC
| L_MAX_NAMES L_INTEGER
{
tmpres = dns_c_ctx_setmaxnames(currcfg, $2);
if (tmpres == ISC_R_EXISTS) {
parser_error(ISC_FALSE,
"cannot redefine max-names");
YYABORT;
} else if (tmpres != ISC_R_SUCCESS) {
parser_error(ISC_FALSE,
"failed to set max-names");
YYABORT;
}
}
#endif /* NOMINUM_PUBLIC */
| L_HEARTBEAT L_INTEGER
{
if (int_too_big($2, 60)) {
......@@ -1948,8 +1924,6 @@ transfer_format: L_ONE_ANSWER
}
;