Commit b329876b authored by Mark Andrews's avatar Mark Andrews
Browse files

4885. [security] update-policy rules that otherwise ignore the name

                        field now require that it be set to "." to ensure
                        that any type list present is properly interpreted.
                        [RT #47126]

(cherry picked from commit ec771bbd)
parent 4c0adf3d
4885. [security] update-policy rules that otherwise ignore the name
field now require that it be set to "." to ensure
that any type list present is properly interpreted.
[RT #47126]
4884. [bug] named could crash on shutdown due to a race between
shutdown_server() and ns__client_request(). [RT #47120]
 
......
......@@ -233,37 +233,10 @@ configure_zone_ssutable(const cfg_obj_t *zconfig, dns_zone_t *zone,
INSIST(0);
str = cfg_obj_asstring(matchtype);
if (strcasecmp(str, "name") == 0)
mtype = dns_ssumatchtype_name;
else if (strcasecmp(str, "subdomain") == 0)
mtype = dns_ssumatchtype_subdomain;
else if (strcasecmp(str, "wildcard") == 0)
mtype = dns_ssumatchtype_wildcard;
else if (strcasecmp(str, "self") == 0)
mtype = dns_ssumatchtype_self;
else if (strcasecmp(str, "selfsub") == 0)
mtype = dns_ssumatchtype_selfsub;
else if (strcasecmp(str, "selfwild") == 0)
mtype = dns_ssumatchtype_selfwild;
else if (strcasecmp(str, "ms-self") == 0)
mtype = dns_ssumatchtype_selfms;
else if (strcasecmp(str, "krb5-self") == 0)
mtype = dns_ssumatchtype_selfkrb5;
else if (strcasecmp(str, "ms-subdomain") == 0)
mtype = dns_ssumatchtype_subdomainms;
else if (strcasecmp(str, "krb5-subdomain") == 0)
mtype = dns_ssumatchtype_subdomainkrb5;
else if (strcasecmp(str, "tcp-self") == 0)
mtype = dns_ssumatchtype_tcpself;
else if (strcasecmp(str, "6to4-self") == 0)
mtype = dns_ssumatchtype_6to4self;
else if (strcasecmp(str, "zonesub") == 0) {
mtype = dns_ssumatchtype_subdomain;
CHECK(dns_ssu_mtypefromstring(str, &mtype));
if (mtype == dns_ssumatchtype_subdomain) {
usezone = ISC_TRUE;
} else if (strcasecmp(str, "external") == 0)
mtype = dns_ssumatchtype_external;
else
INSIST(0);
}
dns_fixedname_init(&fident);
str = cfg_obj_asstring(identity);
......
zone "example.com" {
type master;
file "example.com.db";
update-policy {
grant * self TXT;
};
};
zone "example.com" {
type master;
file "example.com.db";
update-policy {
grant * selfsub TXT;
};
};
zone "example.com" {
type master;
file "example.com.db";
update-policy {
grant * selfwild TXT;
};
};
zone "example.com" {
type master;
file "example.com.db";
update-policy {
grant * ms-self TXT;
};
};
zone "example.com" {
type master;
file "example.com.db";
update-policy {
grant * krb5-self TXT;
};
};
zone "example.com" {
type master;
file "example.com.db";
update-policy {
grant * ms-subdomain TXT;
};
};
zone "example.com" {
type master;
file "example.com.db";
update-policy {
grant * krb5-subdomain TXT;
};
};
zone "example.com" {
type master;
file "example.com.db";
update-policy {
grant * tcp-self TXT;
};
};
zone "example.com" {
type master;
file "example.com.db";
update-policy {
grant * 6to4-self TXT;
};
};
zone "example.com" {
type master;
file "example.com.db";
update-policy {
grant * self * TXT;
};
};
zone "example.com" {
type master;
file "example.com.db";
update-policy {
grant * krb5-subdomain . TXT;
};
};
zone "example.com" {
type master;
file "example.com.db";
update-policy {
grant * tcp-self . TXT;
};
};
zone "example.com" {
type master;
file "example.com.db";
update-policy {
grant * 6to4-self . TXT;
};
};
zone "example.com" {
type master;
file "example.com.db";
update-policy {
grant * self . TXT;
};
};
zone "example.com" {
type master;
file "example.com.db";
update-policy {
grant * selfsub . TXT;
};
};
zone "example.com" {
type master;
file "example.com.db";
update-policy {
grant * selfsub * TXT;
};
};
zone "example.com" {
type master;
file "example.com.db";
update-policy {
grant * selfwild * TXT;
};
};
zone "example.com" {
type master;
file "example.com.db";
update-policy {
grant * selfwild . TXT;
};
};
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment