Attachment #179323 for bug #231242

Lines 21-32 Link Here

(-)bind-9.4.3-P1.orig/lib/dns/acl.c (+46 lines)
21		21
22	#include <config.h>	22	#include <config.h>
23		23
		24	#include <GeoIP.h>
		25	#include <GeoIPCity.h>
24	#include <isc/mem.h>	26	#include <isc/mem.h>
25	#include <isc/string.h>	27	#include <isc/string.h>
26	#include <isc/util.h>	28	#include <isc/util.h>
27		29
28	#include <dns/acl.h>	30	#include <dns/acl.h>
29		31
		32	static GeoIP *geoip = NULL;
		33
30	isc_result_t	34	isc_result_t
31	dns_acl_create(isc_mem_t mctx, int n, dns_acl_t *target) {	35	dns_acl_create(isc_mem_t mctx, int n, dns_acl_t *target) {
32	isc_result_t result;	36	isc_result_t result;
Lines 209-214 Link Here
209	goto matched;	213	goto matched;
210	break;	214	break;
211		215
		216	case dns_aclelementtype_ipregion:
		217	/* We only match V4 addresses */
		218	if (reqaddr->family == AF_INET) {
		219	/* Region match */
		220
		221	if (NULL == geoip) {
		222	geoip = GeoIP_new(GEOIP_MEMORY_CACHE);
		223	}
		224	if (NULL != geoip) {
		225	GeoIPRecord * value;
		226
		227	value = GeoIP_record_by_addr(geoip,inet_ntoa(reqaddr->type.in));
		228	if ((NULL != value) && (NULL != value->region) && (2 == strlen(value->region))) {
		229	if ((e->u.region[0] == value->region[0]) && (e->u.region[1] == value->region[1])) {
		230	goto matched;
		231	}
		232	}
		233	}
		234	}
		235	break;
		236
		237	case dns_aclelementtype_ipcountry:
		238	/* We only match V4 addresses */
		239	if (reqaddr->family == AF_INET) {
		240	/* Country match */
		241
		242	if (NULL == geoip) {
		243	geoip = GeoIP_new(GEOIP_MEMORY_CACHE);
		244	}
		245	if (NULL != geoip) {
		246	const char *value;
		247
		248	value = GeoIP_country_code_by_addr(geoip,inet_ntoa(reqaddr->type.in));
		249	if ((NULL != value) && (2 == strlen(value))) {
		250	if ((e->u.country[0] == value[0]) && (e->u.country[1] == value[1])) {
		251	goto matched;
		252	}
		253	}
		254	}
		255	}
		256	break;
		257
212	case dns_aclelementtype_keyname:	258	case dns_aclelementtype_keyname:
213	if (reqsigner != NULL &&	259	if (reqsigner != NULL &&
214	dns_name_equal(reqsigner, &e->u.keyname))	260	dns_name_equal(reqsigner, &e->u.keyname))

Lines 47-52 Link Here

(-)bind-9.4.3-P1.orig/lib/dns/include/dns/acl.h (+6 lines)
47		47
48	typedef enum {	48	typedef enum {
49	dns_aclelementtype_ipprefix,	49	dns_aclelementtype_ipprefix,
		50	dns_aclelementtype_ipregion,
		51	dns_aclelementtype_ipcountry,
50	dns_aclelementtype_keyname,	52	dns_aclelementtype_keyname,
51	dns_aclelementtype_nestedacl,	53	dns_aclelementtype_nestedacl,
52	dns_aclelementtype_localhost,	54	dns_aclelementtype_localhost,
Lines 55-60 Link Here
55	} dns_aclelemettype_t;	57	} dns_aclelemettype_t;
56		58
57	typedef struct dns_aclipprefix dns_aclipprefix_t;	59	typedef struct dns_aclipprefix dns_aclipprefix_t;
		60	typedef char dns_aclipregion[3];
		61	typedef char dns_aclipcountry[3];
58		62
59	struct dns_aclipprefix {	63	struct dns_aclipprefix {
60	isc_netaddr_t address; /* IP4/IP6 */	64	isc_netaddr_t address; /* IP4/IP6 */
Lines 66-71 Link Here
66	isc_boolean_t negative;	70	isc_boolean_t negative;
67	union {	71	union {
68	dns_aclipprefix_t ip_prefix;	72	dns_aclipprefix_t ip_prefix;
		73	dns_aclipregion region;
		74	dns_aclipcountry country;
69	dns_name_t keyname;	75	dns_name_t keyname;
70	dns_acl_t *nestedacl;	76	dns_acl_t *nestedacl;
71	} u;	77	} u;




			}  else if (strcasecmp(name, "none") == 0) {
				de->type = dns_aclelementtype_any;
				de->negative = ISC_TF(! de->negative);
			} else if ((0 == (strncmp("region_", name, 7))) && (9 == strlen(name))) {
				/* It is a region code */
				de->type = dns_aclelementtype_ipregion;
				de->u.region[0] = name[7];
				de->u.region[1] = name[8];
				de->u.region[2] = '\0';
			} else if ((0 == (strncmp("country_", name, 8))) && (10 == strlen(name))) {
				/* It is a country code */
				de->type = dns_aclelementtype_ipcountry;
				de->u.country[0] = name[8];
				de->u.country[1] = name[9];
				de->u.country[2] = '\0';
			} else {
				de->type = dns_aclelementtype_nestedacl;
				result = convert_named_acl(ce, cctx, lctx,

Return to bug 231242

Lines 228-233 Link Here

(-)bind-9.4.3-P1.orig/lib/isccfg/aclconf.c (+12 lines)
228	} else if (strcasecmp(name, "none") == 0) {	228	} else if (strcasecmp(name, "none") == 0) {
229	de->type = dns_aclelementtype_any;	229	de->type = dns_aclelementtype_any;
230	de->negative = ISC_TF(! de->negative);	230	de->negative = ISC_TF(! de->negative);
		231	} else if ((0 == (strncmp("region_", name, 7))) && (9 == strlen(name))) {
		232	/* It is a region code */
		233	de->type = dns_aclelementtype_ipregion;
		234	de->u.region[0] = name[7];
		235	de->u.region[1] = name[8];
		236	de->u.region[2] = '\0';
		237	} else if ((0 == (strncmp("country_", name, 8))) && (10 == strlen(name))) {
		238	/* It is a country code */
		239	de->type = dns_aclelementtype_ipcountry;
		240	de->u.country[0] = name[8];
		241	de->u.country[1] = name[9];
		242	de->u.country[2] = '\0';
231	} else {	243	} else {
232	de->type = dns_aclelementtype_nestedacl;	244	de->type = dns_aclelementtype_nestedacl;
233	result = convert_named_acl(ce, cctx, lctx,	245	result = convert_named_acl(ce, cctx, lctx,