Context Navigation

← Previous Changeset
Next Changeset →

Changeset 1360

Timestamp:

05/30/09 22:18:11 (10 months ago)

Author:

ahu

Message:

add first stab at 'per-zone-axfr-acls'. Set that flag in the configuration table, and see http://mailman.powerdns.com/pipermail/pdns-users/2006-March/003115.html
Also allows netmasks

Location:

trunk/pdns

Files:

: 10 modified

modules/gmysqlbackend/gmysqlbackend.cc (modified) (1 diff)
modules/goraclebackend/goraclebackend.cc (modified) (1 diff)
modules/gpgsqlbackend/gpgsqlbackend.cc (modified) (1 diff)
modules/gsqlite3backend/gsqlite3backend.cc (modified) (1 diff)
modules/gsqlitebackend/gsqlitebackend.cc (modified) (1 diff)
pdns/backends/gsql/gsqlbackend.cc (modified) (4 diffs)
pdns/backends/gsql/gsqlbackend.hh (modified) (2 diffs)
pdns/common_startup.cc (modified) (1 diff)
pdns/dnsbackend.hh (modified) (1 diff)
pdns/tcpreceiver.cc (modified) (1 diff)

Legend:

: Unmodified
: Added
: Removed

trunk/pdns/modules/gmysqlbackend/gmysqlbackend.cc

r477	r1360
75	75	declare(suffix,"info-all-master-query","", "select id,name,master,last_check,notified_serial,type from domains where type='MASTER'");
76	76	declare(suffix,"delete-zone-query","", "delete from records where domain_id=%d");
77
78
	77	declare(suffix,"check-acl-query","", "select value from acls where acl_type='%s' and acl_key='%s'");
79	78	}
80	79

trunk/pdns/modules/goraclebackend/goraclebackend.cc

r342	r1360
69	69	declare(suffix,"info-all-master-query","", "select id,name,master,last_check,notified_serial,type from domains where type='MASTER'");
70	70	declare(suffix,"delete-zone-query","", "delete from records where domain_id=%d");
71
72
	71	declare(suffix,"check-acl-query","", "select value from acls where acl_type='%s' and acl_key='%s'");
73	72	}
74	73

trunk/pdns/modules/gpgsqlbackend/gpgsqlbackend.cc

r340	r1360
75	75	declare(suffix,"info-all-master-query","", "select id,name,master,last_check,notified_serial,type from domains where type='MASTER'");
76	76	declare(suffix,"delete-zone-query","", "delete from records where domain_id=%d");
	77	declare(suffix,"check-acl-query","", "select value from acls where acl_type='%s' and acl_key='%s'");
77	78
78	79

trunk/pdns/modules/gsqlite3backend/gsqlite3backend.cc

r1342	r1360
76	76	declare( suffix, "info-all-master-query", "", "select id,name,master,last_check,notified_serial,type from domains where type='MASTER'");
77	77	declare( suffix, "delete-zone-query", "", "delete from records where domain_id=%d");
	78	declare(suffix,"check-acl-query","", "select value from acls where acl_type='%s' and acl_key='%s'");
78	79	}
79	80

trunk/pdns/modules/gsqlitebackend/gsqlitebackend.cc

r1342	r1360
76	76	declare( suffix, "info-all-master-query", "", "select id,name,master,last_check,notified_serial,type from domains where type='MASTER'");
77	77	declare( suffix, "delete-zone-query", "", "delete from records where domain_id=%d");
	78	declare(suffix,"check-acl-query","", "select value from acls where acl_type='%s' and acl_key='%s'");
78	79	}
79	80

trunk/pdns/pdns/backends/gsql/gsqlbackend.cc

r1271	r1360
122	122	/* list all domains that need refreshing for which we are slave, and insert into SlaveDomain:
123	123	id,name,master IP,serial */
124		char output[1024];
125		snprintf(output,sizeof(output)-1,d_InfoOfAllSlaveDomainsQuery.c_str());
126
127		try {
128		d_db->doQuery(output,d_result);
	124
	125	try {
	126	d_db->doQuery(d_InfoOfAllSlaveDomainsQuery,d_result);
129	127	}
130	128	catch (SSqlException &e) {
…	…
161	159	/* list all domains that need notifications for which we are master, and insert into updatedDomains
162	160	id,name,master IP,serial */
163		char output[1024];
164		snprintf(output, sizeof(output)-1, d_InfoOfAllMasterDomainsQuery.c_str());
165
166		try {
167		d_db->doQuery(output,d_result);
	161	try {
	162	d_db->doQuery(d_InfoOfAllMasterDomainsQuery,d_result);
168	163	}
169	164	catch(SSqlException &e) {
…	…
240	235	d_InfoOfAllMasterDomainsQuery=getArg("info-all-master-query");
241	236	d_DeleteZoneQuery=getArg("delete-zone-query");
	237	d_CheckACLQuery=getArg("check-acl-query");
242	238	}
243	239
…	…
343	339	}
344	340	return false;
	341	}
	342
	343
	344	bool GSQLBackend::checkACL(const string &acl_type, const string &key, const string &value)
	345	{
	346	string format;
	347	char output[1024];
	348	format = d_CheckACLQuery;
	349	snprintf(output, sizeof(output)-1, format.c_str(), sqlEscape(acl_type).c_str(), sqlEscape(key).c_str());
	350	try {
	351	d_db->doQuery(output, d_result);
	352	}
	353	catch(SSqlException &e) {
	354	throw AhuException("Database error trying to check ACL:"+acl_type+" with error: "+e.txtReason());
	355	}
	356	if(!d_result.empty()) {
	357	for (unsigned int i = 0; i < d_result.size(); i++) {
	358	Netmask nm(d_result[i][0]);
	359	if (nm.match(value)) {
	360	return true;
	361	}
	362	}
	363	}
	364	return false; // default to false
345	365	}
346	366

trunk/pdns/pdns/backends/gsql/gsqlbackend.hh

r1342	r1360
35	35	bool superMasterBackend(const string &ip, const string &domain, const vector<DNSResourceRecord>&nsset, string account, DNSBackend *db);
36	36	void setFresh(uint32_t domain_id);
	37	bool checkACL(const string &acl_type, const string &key, const string &value);
37	38	void getUnfreshSlaveInfos(vector<DomainInfo> *domains);
38	39	void getUpdatedMasters(vector<DomainInfo> *updatedDomains);
…	…
67	68	string d_InfoOfAllMasterDomainsQuery;
68	69	string d_DeleteZoneQuery;
69
	70	string d_CheckACLQuery;
70	71	};

trunk/pdns/pdns/common_startup.cc

r1346	r1360
120	120	::arg().set("max-tcp-connections","Maximum number of TCP connections")="10";
121	121	::arg().setSwitch("no-shuffle","Set this to prevent random shuffling of answers - for regression testing")="off";
	122	::arg().setSwitch("per-zone-axfr-acls","When set, backends that implement it perform per-zone AXFL ACL checks")="off";
122	123
123	124	::arg().setSwitch( "use-logfile", "Use a log file (Windows only)" )= "no";

trunk/pdns/pdns/dnsbackend.hh

r1018	r1360
167	167	}
168	168
	169	virtual bool checkACL(const string &acl_type, const string &key, const string &value)
	170	{
	171	return false;
	172	}
	173
169	174	protected:
170	175	bool mustDo(const string &key);

trunk/pdns/pdns/tcpreceiver.cc

r1346	r1360
350	350	return false;
351	351
352		if( ~~::arg()["allow-axfr-ips"].empty() \|\| d_ng.match( (ComboAddress *) &q->remote )~~ )
	352	if(!::arg().mustDo("per-zone-axfr-acls") && (::arg()["allow-axfr-ips"].empty() \|\| d_ng.match( (ComboAddress *) &q->remote )))
353	353	return true;
	354
	355	if(::arg().mustDo("per-zone-axfr-acls")) {
	356	SOAData sd;
	357	sd.db=(DNSBackend *)-1;
	358	if(s_P->getBackend()->getSOA(q->qdomain,sd)) {
	359	DNSBackend *B=sd.db;
	360	if (B->checkACL(string("allow-axfr"), q->qdomain, q->getRemote())) {
	361	return true;
	362	}
	363	}
	364	}
354	365
355	366	extern CommunicatorClass Communicator;

Context Navigation

Changeset 1360

Legend:

Download in other formats: