Commit 6d3496c0 authored by Michael Graff's avatar Michael Graff
Browse files

Implement additional-from-{glue,auth} [ yes | no ] ;
with yes being the default.  These control searching in the cache and
other zones we are authorative for.  This is mostly for gdib, but
may be useful elsewhere.

The config changes are renaming from glue-from-* to additional-from-*,
since this also prevents DNAME, CNAME, NS, MX, etc. additional data
from being followed.
parent 23b251fb
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: query.h,v 1.19 2000/07/27 09:37:23 tale Exp $ */
/* $Id: query.h,v 1.20 2000/07/31 21:06:58 explorer Exp $ */
#ifndef NAMED_QUERY_H
#define NAMED_QUERY_H 1
......@@ -44,6 +44,7 @@ struct ns_query {
unsigned int dboptions;
unsigned int fetchoptions;
dns_db_t * gluedb;
dns_db_t * authdb;
dns_fetch_t * fetch;
dns_a6context_t a6ctx;
isc_bufferlist_t namebufs;
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: query.c,v 1.118 2000/07/27 09:37:06 tale Exp $ */
/* $Id: query.c,v 1.119 2000/07/31 21:06:55 explorer Exp $ */
#include <config.h>
......@@ -131,6 +131,9 @@ query_reset(ns_client_t *client, isc_boolean_t everything) {
}
ISC_LIST_INIT(client->query.activeversions);
if (client->query.authdb != NULL)
dns_db_detach(&client->query.authdb);
/*
* Clean up free versions.
*/
......@@ -171,6 +174,7 @@ query_reset(ns_client_t *client, isc_boolean_t everything) {
client->query.dboptions = 0;
client->query.fetchoptions = 0;
client->query.gluedb = NULL;
client->query.authdb = NULL;
}
static void
......@@ -395,6 +399,7 @@ ns_query_init(ns_client_t *client) {
client->query.restarts = 0;
client->query.qname = NULL;
client->query.fetch = NULL;
client->query.authdb = NULL;
query_reset(client, ISC_FALSE);
result = query_newdbversion(client, 3);
if (result != ISC_R_SUCCESS)
......@@ -420,7 +425,8 @@ query_findversion(ns_client_t *client, dns_db_t *db,
dbversion = ISC_LIST_NEXT(dbversion, link)) {
if (dbversion->db == db)
break;
}
}
if (dbversion == NULL) {
/*
* This is a new zone for this query. Add it to
......@@ -465,6 +471,31 @@ query_getzonedb(ns_client_t *client, dns_name_t *name, unsigned int options,
if (result != ISC_R_SUCCESS)
return (result);
/*
* If this is the first time we are called (that is, looking up
* the actual name in the query section) remember this database.
*
* If authdb is non-NULL, we have been here before, and the
* found database is always returned.
*
* This limits our searching to the zone where the first name
* (the query target) is found. This prevents following CNAMES
* or DNAMES into other zones and prevents returning additional
* data from other zones.
*/
if (!client->view->additionalfromauth) {
if (client->query.authdb != NULL) {
if (*dbp != client->query.authdb) {
dns_zone_detach(zonep);
dns_db_detach(dbp);
return (DNS_R_REFUSED);
}
dns_db_attach(client->query.authdb, dbp);
} else {
dns_db_attach(*dbp, &client->query.authdb);
}
}
/*
* If the zone has an ACL, we'll check it, otherwise
* we use the view's "allow-query" ACL. Each ACL is only checked
......@@ -533,7 +564,7 @@ query_getzonedb(ns_client_t *client, dns_name_t *name, unsigned int options,
* the NS_QUERYATTR_QUERYOK attribute is now valid.
*/
client->query.attributes |= NS_QUERYATTR_QUERYOKVALID;
}
}
} else
result = ISC_R_SUCCESS;
......@@ -543,12 +574,10 @@ query_getzonedb(ns_client_t *client, dns_name_t *name, unsigned int options,
*/
if (result == ISC_R_SUCCESS)
dbversion->queryok = ISC_TRUE;
return (result);
}
static inline isc_result_t
query_getcachedb(ns_client_t *client, dns_db_t **dbp, unsigned int options)
{
......@@ -2859,7 +2888,8 @@ ns_query_start(ns_client_t *client) {
*/
client->next = query_next;
if (client->view->cachedb == NULL) {
if ((client->view->cachedb == NULL)
|| (!client->view->additionalfromcache)) {
/*
* We don't have a cache. Turn off cache support and
* recursion.
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: server.c,v 1.205 2000/07/27 09:37:07 tale Exp $ */
/* $Id: server.c,v 1.206 2000/07/31 21:06:56 explorer Exp $ */
#include <config.h>
......@@ -616,6 +616,29 @@ configure_view(dns_view_t *view, dns_c_ctx_t *cctx, dns_c_view_t *cview,
if (result != ISC_R_SUCCESS)
view->transfer_format = dns_many_answers;
/*
* Set sources where additional data, CNAMEs, and DNAMEs may be found.
*/
result = ISC_R_NOTFOUND;
if (cview != NULL)
result = dns_c_view_getadditionalfromauth(cview,
&view->additionalfromauth);
if (result != ISC_R_SUCCESS)
result = dns_c_ctx_getadditionalfromauth(cctx,
&view->additionalfromauth);
if (result != ISC_R_SUCCESS)
view->additionalfromauth = ISC_TRUE;
result = ISC_R_NOTFOUND;
if (cview != NULL)
result = dns_c_view_getadditionalfromcache(cview,
&view->additionalfromcache);
if (result != ISC_R_SUCCESS)
result = dns_c_ctx_getadditionalfromcache(cctx,
&view->additionalfromcache);
if (result != ISC_R_SUCCESS)
view->additionalfromcache = ISC_TRUE;
CHECK(configure_view_acl(cview, cctx, actx, ns_g_mctx,
dns_c_view_getallowquery,
dns_c_ctx_getallowquery,
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: confctx.c,v 1.77 2000/07/27 09:47:01 tale Exp $ */
/* $Id: confctx.c,v 1.78 2000/07/31 21:07:00 explorer Exp $ */
#include <config.h>
......@@ -982,8 +982,8 @@ dns_c_ctx_optionsprint(FILE *fp, int indent, dns_c_options_t *options)
PRINT_AS_BOOLEAN(request_ixfr, "request-ixfr");
PRINT_AS_BOOLEAN(provide_ixfr, "provide-ixfr");
PRINT_AS_BOOLEAN(treat_cr_as_space, "treat-cr-as-space");
PRINT_AS_BOOLEAN(glue_from_auth, "glue-from-auth");
PRINT_AS_BOOLEAN(glue_from_cache, "glue-from-cache");
PRINT_AS_BOOLEAN(additional_from_auth, "additional-from-auth");
PRINT_AS_BOOLEAN(additional_from_cache, "additional-from-cache");
if (options->transfer_format != NULL) {
dns_c_printtabs(fp, indent + 1);
......@@ -1499,8 +1499,8 @@ dns_c_ctx_optionsnew(isc_mem_t *mem, dns_c_options_t **options)
opts->request_ixfr = NULL;
opts->provide_ixfr = NULL;
opts->treat_cr_as_space = NULL;
opts->glue_from_auth = NULL;
opts->glue_from_cache = NULL;
opts->additional_from_auth = NULL;
opts->additional_from_cache = NULL;
opts->transfer_source = NULL;
opts->transfer_source_v6 = NULL;
......@@ -1607,8 +1607,8 @@ dns_c_ctx_optionsdelete(dns_c_options_t **opts)
FREEFIELD(request_ixfr);
FREEFIELD(provide_ixfr);
FREEFIELD(treat_cr_as_space);
FREEFIELD(glue_from_cache);
FREEFIELD(glue_from_auth);
FREEFIELD(additional_from_cache);
FREEFIELD(additional_from_auth);
FREEFIELD(port);
......@@ -1975,14 +1975,14 @@ SETBOOL(treatcrasspace, treat_cr_as_space)
UNSETBOOL(treatcrasspace, treat_cr_as_space)
GETBOOL(gluefromauth, glue_from_auth)
SETBOOL(gluefromauth, glue_from_auth)
UNSETBOOL(gluefromauth, glue_from_auth)
GETBOOL(additionalfromauth, additional_from_auth)
SETBOOL(additionalfromauth, additional_from_auth)
UNSETBOOL(additionalfromauth, additional_from_auth)
GETBOOL(gluefromcache, glue_from_cache)
SETBOOL(gluefromcache, glue_from_cache)
UNSETBOOL(gluefromcache, glue_from_cache)
GETBOOL(additionalfromcache, additional_from_cache)
SETBOOL(additionalfromcache, additional_from_cache)
UNSETBOOL(additionalfromcache, additional_from_cache)
GETSOCKADDR(transfersource, transfer_source)
......
......@@ -16,7 +16,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: confparser.y.dirty,v 1.4 2000/07/31 19:35:31 explorer Exp $ */
/* $Id: confparser.y.dirty,v 1.5 2000/07/31 21:07:02 explorer Exp $ */
#include <config.h>
......@@ -283,8 +283,8 @@ static isc_boolean_t int_too_big(isc_uint32_t base, isc_uint32_t mult);
%token L_FIRST
%token L_FORWARD
%token L_FORWARDERS
%token L_GLUE_FROM_AUTH
%token L_GLUE_FROM_CACHE
%token L_ADDITIONAL_FROM_AUTH
%token L_ADDITIONAL_FROM_CACHE
%token L_GRANT
%token L_GROUP
%token L_HAS_OLD_CLIENTS
......@@ -890,21 +890,21 @@ option: /* Empty */
YYABORT;
}
}
| L_GLUE_FROM_CACHE yea_or_nay
| L_ADDITIONAL_FROM_CACHE yea_or_nay
{
tmpres = dns_c_ctx_setgluefromcache(currcfg, $2);
tmpres = dns_c_ctx_setadditionalfromcache(currcfg, $2);
if (tmpres == ISC_R_EXISTS) {
parser_error(ISC_FALSE,
"cannot redefine glue-from-cache");
"cannot redefine additional-from-cache");
YYABORT;
}
}
| L_GLUE_FROM_AUTH yea_or_nay
| L_ADDITIONAL_FROM_AUTH yea_or_nay
{
tmpres = dns_c_ctx_setgluefromauth(currcfg, $2);
tmpres = dns_c_ctx_setadditionalfromauth(currcfg, $2);
if (tmpres == ISC_R_EXISTS) {
parser_error(ISC_FALSE,
"cannot redefine glue-from-auth");
"cannot redefine additional-from-auth");
YYABORT;
}
}
......@@ -3712,37 +3712,37 @@ view_option: L_FORWARD zone_forward_opt
YYABORT;
}
}
| L_GLUE_FROM_CACHE yea_or_nay
| L_ADDITIONAL_FROM_CACHE yea_or_nay
{
dns_c_view_t *view = dns_c_ctx_getcurrview(currcfg);
INSIST(view != NULL);
tmpres = dns_c_view_setgluefromcache(view, $2);
tmpres = dns_c_view_setadditionalfromcache(view, $2);
if (tmpres == ISC_R_EXISTS) {
parser_error(ISC_FALSE,
"cannot redefine view glue-from-cache");
"cannot redefine view additional-from-cache");
YYABORT;
} else if (tmpres != ISC_R_SUCCESS) {
parser_error(ISC_FALSE,
"failed to set view glue-from-cache");
"failed to set view additional-from-cache");
YYABORT;
}
}
| L_GLUE_FROM_AUTH yea_or_nay
| L_ADDITIONAL_FROM_AUTH yea_or_nay
{
dns_c_view_t *view = dns_c_ctx_getcurrview(currcfg);
INSIST(view != NULL);
tmpres = dns_c_view_setgluefromauth(view, $2);
tmpres = dns_c_view_setadditionalfromauth(view, $2);
if (tmpres == ISC_R_EXISTS) {
parser_error(ISC_FALSE,
"cannot redefine view glue-from-auth");
"cannot redefine view additional-from-auth");
YYABORT;
} else if (tmpres != ISC_R_SUCCESS) {
parser_error(ISC_FALSE,
"failed to set view glue-from-auth");
"failed to set view additional-from-auth");
YYABORT;
}
}
......@@ -5309,8 +5309,8 @@ static struct token keyword_tokens [] = {
{ "first", L_FIRST },
{ "forward", L_FORWARD },
{ "forwarders", L_FORWARDERS },
{ "glue-from-auth", L_GLUE_FROM_AUTH },
{ "glue-from-cache", L_GLUE_FROM_CACHE },
{ "additional-from-auth", L_ADDITIONAL_FROM_AUTH },
{ "additional-from-cache", L_ADDITIONAL_FROM_CACHE },
{ "grant", L_GRANT },
{ "group", L_GROUP },
{ "has-old-clients", L_HAS_OLD_CLIENTS },
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: confview.c,v 1.40 2000/07/27 09:47:13 tale Exp $ */
/* $Id: confview.c,v 1.41 2000/07/31 21:07:03 explorer Exp $ */
#include <config.h>
......@@ -474,8 +474,8 @@ dns_c_view_new(isc_mem_t *mem, const char *name, dns_rdataclass_t viewclass,
view->fetch_glue = NULL;
view->notify = NULL;
view->rfc2308_type1 = NULL;
view->glue_from_cache = NULL;
view->glue_from_auth = NULL;
view->additional_from_cache = NULL;
view->additional_from_auth = NULL;
view->transfer_source = NULL;
view->transfer_source_v6 = NULL;
......@@ -667,8 +667,8 @@ dns_c_view_print(FILE *fp, int indent, dns_c_view_t *view) {
PRINT_AS_BOOLEAN(fetch_glue, "fetch-glue");
PRINT_AS_BOOLEAN(notify, "notify");
PRINT_AS_BOOLEAN(rfc2308_type1, "rfc2308-type1");
PRINT_AS_BOOLEAN(glue_from_auth, "glue-from-auth");
PRINT_AS_BOOLEAN(glue_from_cache, "glue-from-cache");
PRINT_AS_BOOLEAN(additional_from_auth, "additional-from-auth");
PRINT_AS_BOOLEAN(additional_from_cache, "additional-from-cache");
PRINT_IP(transfer_source, "transfer-source");
......@@ -806,8 +806,8 @@ dns_c_view_delete(dns_c_view_t **viewptr) {
FREEFIELD(fetch_glue);
FREEFIELD(notify);
FREEFIELD(rfc2308_type1);
FREEFIELD(glue_from_auth);
FREEFIELD(glue_from_cache);
FREEFIELD(additional_from_auth);
FREEFIELD(additional_from_cache);
FREEFIELD(transfer_source);
FREEFIELD(transfer_source_v6);
......@@ -1477,13 +1477,13 @@ SETBOOL(rfc2308type1, rfc2308_type1)
GETBOOL(rfc2308type1, rfc2308_type1)
UNSETBOOL(rfc2308type1, rfc2308_type1)
SETBOOL(gluefromcache, glue_from_cache)
GETBOOL(gluefromcache, glue_from_cache)
UNSETBOOL(gluefromcache, glue_from_cache)
SETBOOL(additionalfromcache, additional_from_cache)
GETBOOL(additionalfromcache, additional_from_cache)
UNSETBOOL(additionalfromcache, additional_from_cache)
SETBOOL(gluefromauth, glue_from_auth)
GETBOOL(gluefromauth, glue_from_auth)
UNSETBOOL(gluefromauth, glue_from_auth)
SETBOOL(additionalfromauth, additional_from_auth)
GETBOOL(additionalfromauth, additional_from_auth)
UNSETBOOL(additionalfromauth, additional_from_auth)
GETSOCKADDR(transfersource, transfer_source)
SETSOCKADDR(transfersource, transfer_source)
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: confctx.h,v 1.46 2000/07/27 09:47:34 tale Exp $ */
/* $Id: confctx.h,v 1.47 2000/07/31 21:07:04 explorer Exp $ */
#ifndef DNS_CONFCTX_H
#define DNS_CONFCTX_H 1
......@@ -167,8 +167,8 @@ struct dns_c_options {
isc_boolean_t *request_ixfr;
isc_boolean_t *provide_ixfr;
isc_boolean_t *treat_cr_as_space;
isc_boolean_t *glue_from_cache;
isc_boolean_t *glue_from_auth;
isc_boolean_t *additional_from_cache;
isc_boolean_t *additional_from_auth;
isc_sockaddr_t *transfer_source;
isc_sockaddr_t *transfer_source_v6;
......@@ -587,18 +587,18 @@ isc_result_t dns_c_ctx_gettreatcrasspace(dns_c_ctx_t *cfg,
isc_boolean_t *retval);
isc_result_t dns_c_ctx_getgluefromcache(dns_c_ctx_t *cfg,
isc_boolean_t *retval);
isc_result_t dns_c_ctx_setgluefromcache(dns_c_ctx_t *cfg,
isc_boolean_t newval);
isc_result_t dns_c_ctx_unsetgluefromcache(dns_c_ctx_t *ctx);
isc_result_t dns_c_ctx_getadditionalfromcache(dns_c_ctx_t *cfg,
isc_boolean_t *retval);
isc_result_t dns_c_ctx_setadditionalfromcache(dns_c_ctx_t *cfg,
isc_boolean_t newval);
isc_result_t dns_c_ctx_unsetadditionalfromcache(dns_c_ctx_t *ctx);
isc_result_t dns_c_ctx_getgluefromauth(dns_c_ctx_t *cfg,
isc_boolean_t *retval);
isc_result_t dns_c_ctx_setgluefromauth(dns_c_ctx_t *cfg,
isc_boolean_t newval);
isc_result_t dns_c_ctx_unsetgluefromauth(dns_c_ctx_t *ctx);
isc_result_t dns_c_ctx_getadditionalfromauth(dns_c_ctx_t *cfg,
isc_boolean_t *retval);
isc_result_t dns_c_ctx_setadditionalfromauth(dns_c_ctx_t *cfg,
isc_boolean_t newval);
isc_result_t dns_c_ctx_unsetadditionalfromauth(dns_c_ctx_t *ctx);
isc_result_t dns_c_ctx_unsettreatcrasspace(dns_c_ctx_t *cfg);
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: confview.h,v 1.34 2000/07/27 09:47:44 tale Exp $ */
/* $Id: confview.h,v 1.35 2000/07/31 21:07:06 explorer Exp $ */
#ifndef DNS_CONFVIEW_H
#define DNS_CONFVIEW_H 1
......@@ -124,8 +124,8 @@ struct dns_c_view {
isc_boolean_t *fetch_glue;
isc_boolean_t *notify;
isc_boolean_t *rfc2308_type1;
isc_boolean_t *glue_from_auth;
isc_boolean_t *glue_from_cache;
isc_boolean_t *additional_from_auth;
isc_boolean_t *additional_from_cache;
isc_sockaddr_t *query_source;
isc_sockaddr_t *query_source_v6;
......@@ -351,18 +351,18 @@ isc_result_t dns_c_view_setrfc2308type1(dns_c_view_t *view,
isc_result_t dns_c_view_unsetrfc2308type1(dns_c_view_t *view);
isc_result_t dns_c_view_getgluefromauth(dns_c_view_t *view,
isc_boolean_t *retval);
isc_result_t dns_c_view_setgluefromauth(dns_c_view_t *view,
isc_boolean_t newval);
isc_result_t dns_c_view_unsetgluefromauth(dns_c_view_t *view);
isc_result_t dns_c_view_getadditionalfromauth(dns_c_view_t *view,
isc_boolean_t *retval);
isc_result_t dns_c_view_setadditionalfromauth(dns_c_view_t *view,
isc_boolean_t newval);
isc_result_t dns_c_view_unsetadditionalfromauth(dns_c_view_t *view);
isc_result_t dns_c_view_getgluefromcache(dns_c_view_t *view,
isc_boolean_t *retval);
isc_result_t dns_c_view_setgluefromcache(dns_c_view_t *view,
isc_boolean_t newval);
isc_result_t dns_c_view_unsetgluefromcache(dns_c_view_t *view);
isc_result_t dns_c_view_getadditionalfromcache(dns_c_view_t *view,
isc_boolean_t *retval);
isc_result_t dns_c_view_setadditionalfromcache(dns_c_view_t *view,
isc_boolean_t newval);
isc_result_t dns_c_view_unsetadditionalfromcache(dns_c_view_t *view);
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: view.h,v 1.45 2000/07/27 09:48:38 tale Exp $ */
/* $Id: view.h,v 1.46 2000/07/31 21:07:07 explorer Exp $ */
#ifndef DNS_VIEW_H
#define DNS_VIEW_H 1
......@@ -100,6 +100,8 @@ struct dns_view {
dns_peerlist_t * peers;
isc_boolean_t recursion;
isc_boolean_t auth_nxdomain;
isc_boolean_t additionalfromcache;
isc_boolean_t additionalfromauth;
dns_transfer_format_t transfer_format;
dns_acl_t * queryacl;
dns_acl_t * recursionacl;
......
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: view.c,v 1.72 2000/07/27 09:46:49 tale Exp $ */
/* $Id: view.c,v 1.73 2000/07/31 21:06:59 explorer Exp $ */
#include <config.h>
......@@ -139,6 +139,8 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass,
*/
view->recursion = ISC_TRUE;
view->auth_nxdomain = ISC_FALSE; /* Was true in BIND 8 */
view->additionalfromcache = ISC_TRUE;
view->additionalfromauth = ISC_TRUE;
view->transfer_format = dns_one_answer;
view->queryacl = NULL;
view->recursionacl = NULL;
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment