Commit 55b62439 authored by Mark Andrews's avatar Mark Andrews
Browse files

776. [func] Improved error reporting in denied messages. [RT #252]

parent 06150c83
776. [func] Improved error reporting in denied messages. [RT #252]
775. [placeholder]
774. [func] max-cache-size is implemented.
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: client.c,v 1.157 2001/03/06 04:18:42 marka Exp $ */
/* $Id: client.c,v 1.158 2001/03/11 06:19:34 marka Exp $ */
#include <config.h>
......@@ -2144,3 +2144,14 @@ ns_client_log(ns_client_t *client, isc_logcategory_t *category,
va_end(ap);
}
void
ns_client_aclmsg(const char *msg, dns_name_t *name, dns_rdataclass_t rdclass,
char *buf, size_t len)
{
char namebuf[DNS_NAME_FORMATSIZE];
char classbuf[DNS_RDATACLASS_FORMATSIZE];
dns_name_format(name, namebuf, sizeof(namebuf));
dns_rdataclass_format(rdclass, classbuf, sizeof(classbuf));
(void)snprintf(buf, len, "%s '%s/%s'", msg, namebuf, classbuf);
}
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: client.h,v 1.55 2001/03/06 01:24:40 bwelling Exp $ */
/* $Id: client.h,v 1.56 2001/03/11 06:19:39 marka Exp $ */
#ifndef NAMED_CLIENT_H
#define NAMED_CLIENT_H 1
......@@ -292,4 +292,8 @@ ns_client_log(ns_client_t *client, isc_logcategory_t *category,
isc_logmodule_t *module, int level,
const char *fmt, ...);
void
ns_client_aclmsg(const char *msg, dns_name_t *name, dns_rdataclass_t rdclass,
char *buf, size_t len);
#endif /* NAMED_CLIENT_H */
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: query.c,v 1.185 2001/03/06 06:57:47 halley Exp $ */
/* $Id: query.c,v 1.186 2001/03/11 06:19:35 marka Exp $ */
#include <config.h>
......@@ -621,7 +621,12 @@ query_getzonedb(ns_client_t *client, dns_name_t *name, unsigned int options,
if (check_acl) {
isc_boolean_t log = ISC_TF((options & DNS_GETDB_NOLOG) == 0);
result = ns_client_checkacl(client, "query", queryacl,
char msg[DNS_NAME_FORMATSIZE + DNS_RDATACLASS_FORMATSIZE
+ sizeof "query '/'"];
ns_client_aclmsg("query", name, client->view->rdclass,
msg, sizeof(msg));
result = ns_client_checkacl(client, msg, queryacl,
ISC_TRUE,
log ? ISC_LOG_INFO : ISC_LOG_DEBUG(3));
......@@ -712,10 +717,12 @@ query_getcachedb(ns_client_t *client, dns_db_t **dbp, unsigned int options)
if (check_acl) {
isc_boolean_t log = ISC_TF((options & DNS_GETDB_NOLOG) == 0);
result = ns_client_checkacl(client, "query",
result = ns_client_checkacl(client, "query (cache)",
client->view->queryacl,
ISC_TRUE,
log ? ISC_LOG_INFO : ISC_LOG_DEBUG(3));
log ? ISC_LOG_INFO :
ISC_LOG_DEBUG(3));
if (result == ISC_R_SUCCESS) {
/*
* We were allowed by the default
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: update.c,v 1.84 2001/02/22 19:15:01 bwelling Exp $ */
/* $Id: update.c,v 1.85 2001/03/11 06:19:37 marka Exp $ */
#include <config.h>
......@@ -175,7 +175,7 @@ update_log(ns_client_t *client, dns_zone_t *zone,
va_end(ap);
ns_client_log(client, NS_LOGCATEGORY_UPDATE, NS_LOGMODULE_UPDATE,
level, "updating zone %s/%s: %s",
level, "updating zone '%s/%s': %s",
namebuf, classbuf, message);
}
......@@ -2118,13 +2118,21 @@ update_action(isc_task_t *task, isc_event_t *event) {
* Check Requestor's Permissions. It seems a bit silly to do this
* only after prerequisite testing, but that is what RFC2136 says.
*/
if (ssutable == NULL)
CHECK(ns_client_checkacl(client, "update",
if (ssutable == NULL) {
char msg[DNS_RDATACLASS_FORMATSIZE + DNS_NAME_FORMATSIZE
+ sizeof("update '/'")];
ns_client_aclmsg("update", zonename, client->view->rdclass,
msg, sizeof(msg));
CHECK(ns_client_checkacl(client, msg,
dns_zone_getupdateacl(zone),
ISC_FALSE, ISC_LOG_ERROR));
else if (client->signer == NULL) {
} else if (client->signer == NULL) {
/* This gets us a free log message. */
CHECK(ns_client_checkacl(client, "update", NULL, ISC_FALSE,
char msg[DNS_RDATACLASS_FORMATSIZE + DNS_NAME_FORMATSIZE
+ sizeof("update '/'")];
ns_client_aclmsg("update", zonename, client->view->rdclass,
msg, sizeof(msg));
CHECK(ns_client_checkacl(client, msg, NULL, ISC_FALSE,
ISC_LOG_ERROR));
}
......@@ -2592,5 +2600,3 @@ send_forward_event(ns_client_t *client, dns_zone_t *zone) {
isc_event_free((isc_event_t **)&event);
return (result);
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment