Attachment #178552 for bug #231242

Lines 21-32 Link Here

(-)bind-9.4.3-P1/lib/dns/acl.c (+25 lines)
21		21
22	#include <config.h>	22	#include <config.h>
23		23
		24	#include <GeoIP.h>
		25	#include <GeoIPCity.h>
24	#include <isc/mem.h>	26	#include <isc/mem.h>
25	#include <isc/string.h>	27	#include <isc/string.h>
26	#include <isc/util.h>	28	#include <isc/util.h>
27		29
28	#include <dns/acl.h>	30	#include <dns/acl.h>
29		31
		32	static GeoIP *geoip = NULL;
		33
30	isc_result_t	34	isc_result_t
31	dns_acl_create(isc_mem_t mctx, int n, dns_acl_t *target) {	35	dns_acl_create(isc_mem_t mctx, int n, dns_acl_t *target) {
32	isc_result_t result;	36	isc_result_t result;
Lines 208-213 dns_aclelement_match(const isc_netaddr_t Link Here
208	e->u.ip_prefix.prefixlen))	212	e->u.ip_prefix.prefixlen))
209	goto matched;	213	goto matched;
210	break;	214	break;
		215
		216	case dns_aclelementtype_ipregion:
		217	/* We only match V4 addresses */
		218	if (reqaddr->family == AF_INET) {
		219	/* Region match */
		220
		221	if (NULL == geoip) {
		222	geoip = GeoIP_new(GEOIP_MEMORY_CACHE);
		223	}
		224	if (NULL != geoip) {
		225	GeoIPRecord * value;
		226
		227	value = GeoIP_record_by_addr(geoip,inet_ntoa(reqaddr->type.in));
		228	if ((NULL != value) && (NULL != value->region) && (2 == strlen(value->region))) {
		229	if ((e->u.region[0] == value->region[0]) && (e->u.region[1] == value->region[1])) {
		230	goto matched;
		231	}
		232	}
		233	}
		234	}
		235	break;
211		236
212	case dns_aclelementtype_keyname:	237	case dns_aclelementtype_keyname:
213	if (reqsigner != NULL &&	238	if (reqsigner != NULL &&





typedef enum {
	dns_aclelementtype_ipprefix,
        dns_aclelementtype_ipregion,
	dns_aclelementtype_keyname,
	dns_aclelementtype_nestedacl,
	dns_aclelementtype_localhost,

} dns_aclelemettype_t;

typedef struct dns_aclipprefix dns_aclipprefix_t;
typedef char dns_aclipregion[3];

struct dns_aclipprefix {
	isc_netaddr_t address; /* IP4/IP6 */

	isc_boolean_t negative;
	union {
		dns_aclipprefix_t ip_prefix;
                dns_aclipregion region;
		dns_name_t 	  keyname;
		dns_acl_t 	  *nestedacl;
	} u;

Lines 228-233 cfg_acl_fromconfig(const cfg_obj_t *caml Link Here

(-)bind-9.4.3-P1/lib/isccfg/aclconf.c (+6 lines)
228	} else if (strcasecmp(name, "none") == 0) {	228	} else if (strcasecmp(name, "none") == 0) {
229	de->type = dns_aclelementtype_any;	229	de->type = dns_aclelementtype_any;
230	de->negative = ISC_TF(! de->negative);	230	de->negative = ISC_TF(! de->negative);
		231	} else if ((0 == (strncmp("region_", name, 7))) && (9 == strlen(name))) {
		232	/* It is a region code */
		233	de->type = dns_aclelementtype_ipregion;
		234	de->u.region[0] = name[7];
		235	de->u.region[1] = name[8];
		236	de->u.region[2] = '\0';
231	} else {	237	} else {
232	de->type = dns_aclelementtype_nestedacl;	238	de->type = dns_aclelementtype_nestedacl;
233	result = convert_named_acl(ce, cctx, lctx,	239	result = convert_named_acl(ce, cctx, lctx,

Return to bug 231242

Lines 47-52 Link Here

(-)bind-9.4.3-P1/lib/dns/include/dns/acl.h (+3 lines)
47		47
48	typedef enum {	48	typedef enum {
49	dns_aclelementtype_ipprefix,	49	dns_aclelementtype_ipprefix,
		50	dns_aclelementtype_ipregion,
50	dns_aclelementtype_keyname,	51	dns_aclelementtype_keyname,
51	dns_aclelementtype_nestedacl,	52	dns_aclelementtype_nestedacl,
52	dns_aclelementtype_localhost,	53	dns_aclelementtype_localhost,
Lines 55-60 typedef enum { Link Here
55	} dns_aclelemettype_t;	56	} dns_aclelemettype_t;
56		57
57	typedef struct dns_aclipprefix dns_aclipprefix_t;	58	typedef struct dns_aclipprefix dns_aclipprefix_t;
		59	typedef char dns_aclipregion[3];
58		60
59	struct dns_aclipprefix {	61	struct dns_aclipprefix {
60	isc_netaddr_t address; /* IP4/IP6 */	62	isc_netaddr_t address; /* IP4/IP6 */
Lines 66-71 struct dns_aclelement { Link Here
66	isc_boolean_t negative;	68	isc_boolean_t negative;
67	union {	69	union {
68	dns_aclipprefix_t ip_prefix;	70	dns_aclipprefix_t ip_prefix;
		71	dns_aclipregion region;
69	dns_name_t keyname;	72	dns_name_t keyname;
70	dns_acl_t *nestedacl;	73	dns_acl_t *nestedacl;
71	} u;	74	} u;