Attachment #159917 for bug #231242

Lines 21-32 Link Here

(-)bind-9.4.2.orig/lib/dns/acl.c (-1 / +26 lines)
21	#include <config.h>	21	#include <config.h>
		22	#include <GeoIP.h>
		23	#include <GeoIPCity.h>
22	#include <isc/mem.h>	24	#include <isc/mem.h>
23	#include <isc/string.h>	25	#include <isc/string.h>
24	#include <isc/util.h>	26	#include <isc/util.h>
25	#include <dns/acl.h>	27	#include <dns/acl.h>
		28	static GeoIP *geoip = NULL;
		29
26	isc_result_t	30	isc_result_t
27	dns_acl_create(isc_mem_t mctx, int n, dns_acl_t *target) {	31	dns_acl_create(isc_mem_t mctx, int n, dns_acl_t *target) {
28	isc_result_t result;	32	isc_result_t result;
Lines 208-214 Link Here
208	e->u.ip_prefix.prefixlen))	212	e->u.ip_prefix.prefixlen))
209	goto matched;	213	goto matched;
210	break;	214	break;
211		215
		216	case dns_aclelementtype_ipregion:
		217	/* We only match V4 addresses */
		218	if (reqaddr->family == AF_INET) {
		219	/* Region match */
		220
		221	if (NULL == geoip) {
		222	geoip = GeoIP_new(GEOIP_MEMORY_CACHE);
		223	}
		224	if (NULL != geoip) {
		225	GeoIPRecord * value;
		226
		227	value = GeoIP_record_by_addr(geoip,inet_ntoa(reqaddr->type.in));
		228	if ((NULL != value) && (NULL != value->region) && (2 == strlen(value->region))) {
		229	if ((e->u.region[0] == value->region[0]) && (e->u.region[1] == value->region[1])) {
		230	goto matched;
		231	}
		232	}
		233	}
		234	}
		235	break;
		236
212	case dns_aclelementtype_keyname:	237	case dns_aclelementtype_keyname:
213	if (reqsigner != NULL &&	238	if (reqsigner != NULL &&
214	dns_name_equal(reqsigner, &e->u.keyname))	239	dns_name_equal(reqsigner, &e->u.keyname))

Lines 47-52 Link Here

(-)bind-9.4.2.orig/lib/dns/include/dns/acl.h (+3 lines)
47	typedef enum {	47	typedef enum {
48	dns_aclelementtype_ipprefix,	48	dns_aclelementtype_ipprefix,
		49	dns_aclelementtype_ipregion,
49	dns_aclelementtype_keyname,	50	dns_aclelementtype_keyname,
50	dns_aclelementtype_nestedacl,	51	dns_aclelementtype_nestedacl,
51	dns_aclelementtype_localhost,	52	dns_aclelementtype_localhost,
Lines 55-60 Link Here
55	} dns_aclelemettype_t;	56	} dns_aclelemettype_t;
56	typedef struct dns_aclipprefix dns_aclipprefix_t;	57	typedef struct dns_aclipprefix dns_aclipprefix_t;
		58	typedef char dns_aclipregion[3];
57	struct dns_aclipprefix {	59	struct dns_aclipprefix {
58	isc_netaddr_t address; /* IP4/IP6 */	60	isc_netaddr_t address; /* IP4/IP6 */
Lines 66-71 Link Here
66	isc_boolean_t negative;	68	isc_boolean_t negative;
67	union {	69	union {
68	dns_aclipprefix_t ip_prefix;	70	dns_aclipprefix_t ip_prefix;
		71	dns_aclipregion region;
69	dns_name_t keyname;	72	dns_name_t keyname;
70	dns_acl_t *nestedacl;	73	dns_acl_t *nestedacl;
71	} u;	74	} u;

Lines 228-233 Link Here

(-)bind-9.4.2.orig/lib/isccfg/aclconf.c (+6 lines)
228	} else if (strcasecmp(name, "none") == 0) {	228	} else if (strcasecmp(name, "none") == 0) {
229	de->type = dns_aclelementtype_any;	229	de->type = dns_aclelementtype_any;
230	de->negative = ISC_TF(! de->negative);	230	de->negative = ISC_TF(! de->negative);
		231	} else if ((0 == (strncmp("region_", name, 7))) && (9 == strlen(name))) {
		232	/* It is a region code */
		233	de->type = dns_aclelementtype_ipregion;
		234	de->u.region[0] = name[7];
		235	de->u.region[1] = name[8];
		236	de->u.region[2] = '\0';
231	} else {	237	} else {
232	de->type = dns_aclelementtype_nestedacl;	238	de->type = dns_aclelementtype_nestedacl;
233	result = convert_named_acl(ce, cctx, lctx,	239	result = convert_named_acl(ce, cctx, lctx,

Return to bug 231242