Commit Diff
Diff:
f4bd73a0b49a79c8b1ab509824fefd22dc2d4bdc
27da9430bbfe2bf18f8449cc712f9ce8b8e4028e
Commit:
27da9430bbfe2bf18f8449cc712f9ce8b8e4028e
Tree:
d5ac5f4f5b083136c9022c1b24ad7040acc6086f
Author:
pjp <pjp@delphinusdns.org>
Committer:
pjp <pjp@delphinusdns.org>
Date:
Thu Jul 16 17:54:03 2020 UTC
Message:
In computer science which I strive after there is some undertones that are not unbiased regarding race, and retain terminology of the abhorent human practice of slavery. I have already started moving away from terms such as Master/Slave, and call it Master/Replicant. I still don't know if I'll change master to main. Here is a patch that changes any mention of whitelist to passlist and any mention of blacklist to blocklist. It was tedious typing. Thanks to slashdot.org and Linux for making me aware of alternative terms.
blob - 009dc73e8980c27a199c11ff1b9bd55fc1997e3c
blob + c41403a0c603aa8cdb741d4d55e4c1c0c9aac4a0
--- Makefile.linux
+++ Makefile.linux
@@ -8,8 +8,8 @@ AR=ar
all: delphinusdnsd dddctl
-delphinusdnsd: imsg-buffer.o imsg.o additional.o parse.o delphinusdnsd.o reply.o region.o log.o axfr.o filter.o ratelimit.o whitelist.o base64.o dnssec.o util.o ent.o db.o tsig.o raxfr.o forward.o cache.o
- $(CC) $(CFLAGS) -o delphinusdnsd/delphinusdnsd additional.o imsg-buffer.o imsg.o delphinusdnsd.o parse.o reply.o region.o log.o axfr.o filter.o ratelimit.o whitelist.o base64.o dnssec.o util.o ent.o db.o tsig.o raxfr.o forward.o cache.o $(LDADD)
+delphinusdnsd: imsg-buffer.o imsg.o additional.o parse.o delphinusdnsd.o reply.o region.o log.o axfr.o filter.o ratelimit.o passlist.o base64.o dnssec.o util.o ent.o db.o tsig.o raxfr.o forward.o cache.o
+ $(CC) $(CFLAGS) -o delphinusdnsd/delphinusdnsd additional.o imsg-buffer.o imsg.o delphinusdnsd.o parse.o reply.o region.o log.o axfr.o filter.o ratelimit.o passlist.o base64.o dnssec.o util.o ent.o db.o tsig.o raxfr.o forward.o cache.o $(LDADD)
dddctl: dddctl.o util.o dnssec.o parse.o base64.o ent.o raxfr.o tsig.o region.o imsg-buffer.o imsg.o sign.o query.o
$(CC) $(CFLAGS) -o dddctl/dddctl dddctl.o util.o dnssec.o base64.o parse.o ent.o db.o raxfr.o tsig.o region.o imsg-buffer.o imsg.o sign.o query.o $(LDADD)
@@ -65,8 +65,8 @@ filter.o: filter.c
ratelimit.o: ratelimit.c
$(CC) $(CFLAGS) -c ratelimit.c
-whitelist.o: whitelist.c
- $(CC) $(CFLAGS) -c whitelist.c
+passlist.o: passlist.c
+ $(CC) $(CFLAGS) -c passlist.c
base64.o: base64.c
$(CC) $(CFLAGS) -c base64.c
blob - 83a9c10a554c0c0f85122a0f0c259656233d75a1
blob + cee4a72e2f34ff02973ea129d66e321dc61cf075
--- dddctl.c
+++ dddctl.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: dddctl.c,v 1.111 2020/07/08 12:29:02 pjp Exp $
+ * $Id: dddctl.c,v 1.112 2020/07/16 17:54:03 pjp Exp $
*/
#include <sys/types.h>
@@ -106,7 +106,7 @@ int count_db(ddDB *);
/* glue */
int insert_axfr(char *, char *);
int insert_filter(char *, char *);
-int insert_whitelist(char *, char *);
+int insert_passlist(char *, char *);
int insert_notifyddd(char *, char *);
int insert_forward(struct sockaddr_storage *, uint16_t, char *);
@@ -115,7 +115,7 @@ int illdestination;
int *ptr = &illdestination;
int notify = 0;
-int whitelist = 0;
+int passlist = 0;
int bcount = 0;
char *bind_list[255];
char *interface_list[255];
@@ -215,7 +215,7 @@ insert_filter(char *address, char *prefixlen)
}
int
-insert_whitelist(char *address, char *prefixlen)
+insert_passlist(char *address, char *prefixlen)
{
return 0;
}
blob - 3b1b600c2eb089cd3e2687edfee2be4d7f611ce5
blob + 0bdb320c4f0156c7cc96f497ee8ca3f7cff5eee7
--- delphinusdnsd/Makefile.freebsd
+++ delphinusdnsd/Makefile.freebsd
@@ -2,7 +2,7 @@
PROG=delphinusdnsd
-SRCS=delphinusdnsd.c parse.y reply.c additional.c region.c log.c axfr.c filter.c ratelimit.c whitelist.c base64.c dnssec.c util.c ent.c db.c imsg-buffer.c imsg.c tsig.c raxfr.c forward.c cache.c
+SRCS=delphinusdnsd.c parse.y reply.c additional.c region.c log.c axfr.c filter.c ratelimit.c passlist.c base64.c dnssec.c util.c ent.c db.c imsg-buffer.c imsg.c tsig.c raxfr.c forward.c cache.c
CFLAGS= -Wall -g -L/usr/local/lib
CFLAGS+= -I${.CURDIR}/..
blob - 779d700d816f7a9794f95f63efa3eb0d7699ebd6
blob + 2d7bba39756d8e7577a6f1ee301ce0a57c5a6405
--- delphinusdnsd/Makefile.netbsd
+++ delphinusdnsd/Makefile.netbsd
@@ -2,7 +2,7 @@
PROG=delphinusdnsd
-SRCS=delphinusdnsd.c parse.y reply.c additional.c region.c log.c axfr.c filter.c ratelimit.c whitelist.c base64.c dnssec.c util.c ent.c db.c imsg-buffer.c imsg.c tsig.c raxfr.c forward.c cache.c
+SRCS=delphinusdnsd.c parse.y reply.c additional.c region.c log.c axfr.c filter.c ratelimit.c passlist.c base64.c dnssec.c util.c ent.c db.c imsg-buffer.c imsg.c tsig.c raxfr.c forward.c cache.c
CFLAGS= -g
CFLAGS+= -I${.CURDIR}/.. -I/usr/pkg/libressl/include
blob - 11d202088fd4ecc4ba7faa0d736a9f794ad57aea
blob + cab0daf5d78ed9b40d47431d6ab4c53deeb7723f
--- delphinusdnsd/Makefile.openbsd
+++ delphinusdnsd/Makefile.openbsd
@@ -2,7 +2,7 @@
PROG=delphinusdnsd
-SRCS=delphinusdnsd.c parse.y reply.c additional.c region.c log.c axfr.c filter.c ratelimit.c whitelist.c base64.c dnssec.c util.c ent.c db.c tsig.c raxfr.c forward.c cache.c
+SRCS=delphinusdnsd.c parse.y reply.c additional.c region.c log.c axfr.c filter.c ratelimit.c passlist.c base64.c dnssec.c util.c ent.c db.c tsig.c raxfr.c forward.c cache.c
#CFLAGS= -DDEBUG -g -Wall
CFLAGS= -Wall -g
blob - 1e6f1eb2531fa0627327d79a41c2faf6a0596a41
blob + bd699e65f3e831971c640b00b71cde98dbb7ebc4
--- delphinusdnsd.c
+++ delphinusdnsd.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: delphinusdnsd.c,v 1.130 2020/07/16 09:03:20 pjp Exp $
+ * $Id: delphinusdnsd.c,v 1.131 2020/07/16 17:54:03 pjp Exp $
*/
@@ -117,14 +117,14 @@ extern void dolog(int, char *, ...);
extern int find_axfr(struct sockaddr_storage *, int);
extern int find_filter(struct sockaddr_storage *, int);
extern u_int8_t find_region(struct sockaddr_storage *, int);
-extern int find_whitelist(struct sockaddr_storage *, int);
+extern int find_passlist(struct sockaddr_storage *, int);
extern int find_tsig(struct sockaddr_storage *, int);
extern char * get_dns_type(int, int);
extern void init_dnssec(void);
extern void init_region(void);
extern int init_entlist(ddDB *);
extern void init_filter(void);
-extern void init_whitelist(void);
+extern void init_passlist(void);
extern void init_tsig(void);
extern void init_notifyddd(void);
extern struct rbtree * lookup_zone(ddDB *, struct question *, int *, int *, char *, int);
@@ -257,7 +257,7 @@ extern char *__progname;
extern int axfrport;
extern int ratelimit;
extern int ratelimit_packets_per_second;
-extern int whitelist;
+extern int passlist;
extern int tsig;
extern int dnssec;
extern int raxfrflag;
@@ -551,7 +551,7 @@ main(int argc, char *argv[], char *environ[])
init_region();
init_filter();
- init_whitelist();
+ init_passlist();
init_dnssec();
init_tsig();
TAILQ_INIT(&tcphead);
@@ -1516,7 +1516,7 @@ mainloop(struct cfg *cfg, struct imsgbuf *ibuf)
int lzerrno;
int filter = 0;
int rcheck = 0;
- int blacklist = 1;
+ int blocklist = 1;
int require_tsig = 0;
int sp;
pid_t idata;
@@ -1801,8 +1801,8 @@ axfrentry:
aregion = find_region((struct sockaddr_storage *)sin6, AF_INET6);
filter = 0;
filter = find_filter((struct sockaddr_storage *)sin6, AF_INET6);
- if (whitelist) {
- blacklist = find_whitelist((struct sockaddr_storage *)sin6, AF_INET6);
+ if (passlist) {
+ blocklist = find_passlist((struct sockaddr_storage *)sin6, AF_INET6);
}
require_tsig = 0;
@@ -1825,8 +1825,8 @@ axfrentry:
aregion = find_region((struct sockaddr_storage *)sin, AF_INET);
filter = 0;
filter = find_filter((struct sockaddr_storage *)sin, AF_INET);
- if (whitelist) {
- blacklist = find_whitelist((struct sockaddr_storage *)sin, AF_INET);
+ if (passlist) {
+ blocklist = find_passlist((struct sockaddr_storage *)sin, AF_INET);
}
require_tsig = 0;
@@ -1854,12 +1854,12 @@ axfrentry:
goto drop;
}
- if (whitelist && blacklist == 0) {
+ if (passlist && blocklist == 0) {
build_reply(&sreply, so, buf, len, NULL, from, fromlen, NULL, NULL, aregion, istcp, 0, replybuf);
slen = reply_refused(&sreply, NULL);
- dolog(LOG_INFO, "UDP connection refused on descriptor %u interface \"%s\" from %s (ttl=%d, region=%d) replying REFUSED, whitelist policy\n", so, cfg->ident[i], address, received_ttl, aregion);
+ dolog(LOG_INFO, "UDP connection refused on descriptor %u interface \"%s\" from %s (ttl=%d, region=%d) replying REFUSED, passlist policy\n", so, cfg->ident[i], address, received_ttl, aregion);
goto drop;
}
@@ -2610,7 +2610,7 @@ tcploop(struct cfg *cfg, struct imsgbuf *ibuf, struct
int type0, type1;
int lzerrno;
int filter = 0;
- int blacklist = 1;
+ int blocklist = 1;
int require_tsig = 0;
int axfr_acl = 0;
int sp;
@@ -2794,8 +2794,8 @@ tcploop(struct cfg *cfg, struct imsgbuf *ibuf, struct
inet_ntop(AF_INET6, (void *)&sin6->sin6_addr, (char *)&address, sizeof(address));
aregion = find_region((struct sockaddr_storage *)sin6, AF_INET6);
filter = find_filter((struct sockaddr_storage *)sin6, AF_INET6);
- if (whitelist) {
- blacklist = find_whitelist((struct sockaddr_storage *)sin6, AF_INET6);
+ if (passlist) {
+ blocklist = find_passlist((struct sockaddr_storage *)sin6, AF_INET6);
}
axfr_acl = find_axfr((struct sockaddr_storage *)sin6, AF_INET6);
@@ -2811,8 +2811,8 @@ tcploop(struct cfg *cfg, struct imsgbuf *ibuf, struct
inet_ntop(AF_INET, (void *)&sin->sin_addr, (char *)&address, sizeof(address));
aregion = find_region((struct sockaddr_storage *)sin, AF_INET);
filter = find_filter((struct sockaddr_storage *)sin, AF_INET);
- if (whitelist) {
- blacklist = find_whitelist((struct sockaddr_storage *)sin, AF_INET);
+ if (passlist) {
+ blocklist = find_passlist((struct sockaddr_storage *)sin, AF_INET);
}
axfr_acl = find_axfr((struct sockaddr_storage *)sin, AF_INET);
@@ -2837,8 +2837,8 @@ tcploop(struct cfg *cfg, struct imsgbuf *ibuf, struct
continue;
}
- if (whitelist && blacklist == 0) {
- dolog(LOG_INFO, "TCP connection refused on descriptor %u interface \"%s\" from %s, whitelist policy\n", so, cfg->ident[i], address);
+ if (passlist && blocklist == 0) {
+ dolog(LOG_INFO, "TCP connection refused on descriptor %u interface \"%s\" from %s, passlist policy\n", so, cfg->ident[i], address);
close(so);
continue;
}
blob - 7d418f3371be1ed665077a9f1cd1521302c76e9b
blob + e6954c564ce06394d9183540507479551e2667f2
--- ent.c
+++ ent.c
@@ -27,11 +27,11 @@
*/
/*
- * $Id: ent.c,v 1.10 2019/06/06 14:56:08 pjp Exp $
+ * $Id: ent.c,v 1.11 2020/07/16 17:54:03 pjp Exp $
*/
/*
- * this file is based on whitelist.c
+ * this file is based on passlist.c
*/
#include <sys/types.h>
blob - 4bc336da75fa4316d3740f4177be18ab15378d15
blob + 06a91472c79f1e02bce7307d0f068ade91efd219
--- parse.y
+++ parse.y
@@ -21,7 +21,7 @@
*/
/*
- * $Id: parse.y,v 1.106 2020/07/15 20:27:15 pjp Exp $
+ * $Id: parse.y,v 1.107 2020/07/16 17:54:03 pjp Exp $
*/
%{
@@ -93,7 +93,7 @@ extern int insert_axfr(char *, char *);
extern int insert_notifyddd(char *, char *);
extern int insert_filter(char *, char *);
extern int insert_forward(int, struct sockaddr_storage *, uint16_t, char *);
-extern int insert_whitelist(char *, char *);
+extern int insert_passlist(char *, char *);
extern int insert_tsig(char *, char *);
extern int insert_tsig_key(char *, int, char *, int);
extern void ddd_shutdown(void);
@@ -106,7 +106,7 @@ extern int display_rr(struct rrset *rrset);
extern void flag_rr(struct rbtree *);
extern int pull_rzone(struct rzone *, time_t);
-extern int whitelist;
+extern int passlist;
extern int tsig;
extern int notify;
extern int errno;
@@ -251,7 +251,7 @@ int drop_privs(char *, struct passwd *);
%token VERSION OBRACE EBRACE REGION RZONE AXFRFOR
%token DOT COLON TEXT WOF INCLUDE ZONE COMMA CRLF
%token ERROR AXFRPORT OPTIONS FILTER MZONE
-%token WHITELIST ZINCLUDE MASTER MASTERPORT TSIGAUTH
+%token PASSLIST ZINCLUDE MASTER MASTERPORT TSIGAUTH
%token TSIG NOTIFYDEST NOTIFYBIND PORT FORWARD
%token INCOMINGTSIG DESTINATION CACHE
@@ -285,7 +285,7 @@ cmd :
| zone
| region CRLF
| axfr CRLF
- | whitelist CRLF
+ | passlist CRLF
| tsig CRLF
| filter CRLF
| forward CRLF
@@ -1346,10 +1346,10 @@ tsigstatement : ipcidr SEMICOLON CRLF
| comment CRLF
;
-/* whitelist "these hosts" { .. } */
+/* passlist "these hosts" { .. } */
-whitelist:
- WHITELIST whitelistlabel whitelistcontent
+passlist:
+ PASSLIST passlistlabel passlistcontent
{
if ((confstatus & CONFIG_VERSION) != CONFIG_VERSION) {
dolog(LOG_INFO, "There must be a version at the top of the first configfile\n");
@@ -1358,21 +1358,21 @@ whitelist:
}
;
-whitelistlabel:
+passlistlabel:
QUOTEDSTRING
;
-whitelistcontent:
- OBRACE whiteliststatements EBRACE
- | OBRACE CRLF whiteliststatements EBRACE
+passlistcontent:
+ OBRACE passliststatements EBRACE
+ | OBRACE CRLF passliststatements EBRACE
;
-whiteliststatements :
- whiteliststatements whiteliststatement
- | whiteliststatement
+passliststatements :
+ passliststatements passliststatement
+ | passliststatement
;
-whiteliststatement : ipcidr SEMICOLON CRLF
+passliststatement : ipcidr SEMICOLON CRLF
{
char prefixlength[INET_ADDRSTRLEN];
char *dst;
@@ -1383,15 +1383,15 @@ whiteliststatement : ipcidr SEMICOLON CRLF
return (-1);
}
- if (insert_whitelist(dst, prefixlength) < 0) {
- dolog(LOG_ERR, "insert_whitelist, line %d\n", file->lineno);
+ if (insert_passlist(dst, prefixlength) < 0) {
+ dolog(LOG_ERR, "insert_passlist, line %d\n", file->lineno);
return (-1);
}
if (debug)
- printf("whitelist inserted %s address\n", $1);
+ printf("passlist inserted %s address\n", $1);
- whitelist = 1;
+ passlist = 1;
free (dst);
}
@@ -1671,12 +1671,12 @@ struct tab cmdtab[] = {
{ "notifybind", NOTIFYBIND, 0},
{ "notifydest", NOTIFYDEST, 0},
{ "options", OPTIONS, 0 },
+ { "passlist", PASSLIST, STATE_IP },
{ "port", PORT, 0},
{ "region", REGION, STATE_IP },
{ "rzone", RZONE, 0 },
{ "tsig", TSIG, 0 },
{ "tsig-auth", TSIGAUTH, 0 },
- { "whitelist", WHITELIST, STATE_IP },
{ "wildcard-only-for", WOF, STATE_IP },
{ "version", VERSION, 0 },
{ "zinclude", ZINCLUDE, 0 },
blob - 58a475bcb5e890a55c1505feffe1f211af7f7e66
blob + 49ee60548f6c8ced1cdb27d5919f2209096b7789
--- query.c
+++ query.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: query.c,v 1.7 2020/07/15 20:27:15 pjp Exp $
+ * $Id: query.c,v 1.8 2020/07/16 17:54:03 pjp Exp $
*/
#include <sys/types.h>
@@ -102,7 +102,7 @@ extern int tsig;
extern int insert_axfr(char *, char *);
extern int insert_filter(char *, char *);
-extern int insert_whitelist(char *, char *);
+extern int insert_passlist(char *, char *);
extern int insert_notifyddd(char *, char *);
extern int usage(int argc, char *argv[]);
extern void dolog(int pri, char *fmt, ...);
blob - /dev/null
blob + ecbfb352e7e7adedd75b4d384b7cb259f3de22ef (mode 644)
--- /dev/null
+++ passlist.c
@@ -0,0 +1,224 @@
+/*
+ * Copyright (c) 2014-2020 Peter J. Philipp
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. The name of the author may not be used to endorse or promote products
+ * derived from this software without specific prior written permission
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
+ * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
+ * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
+ * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
+ * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
+ * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
+ * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+ *
+ */
+
+/*
+ * $Id: passlist.c,v 1.1 2020/07/16 17:54:03 pjp Exp $
+ */
+
+
+/*
+ * this file is based on filter.c
+ */
+
+
+#include <sys/types.h>
+#include <sys/socket.h>
+
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <netdb.h>
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+#ifdef __linux__
+#include <grp.h>
+#define __USE_BSD 1
+#include <endian.h>
+#include <bsd/stdlib.h>
+#include <bsd/string.h>
+#include <bsd/sys/queue.h>
+#define __unused
+#include <bsd/sys/tree.h>
+#include <bsd/sys/endian.h>
+#else /* not linux */
+#include <sys/queue.h>
+#include <sys/tree.h>
+#endif /* __linux__ */
+
+
+#include "ddd-dns.h"
+#include "ddd-db.h"
+
+int find_passlist(struct sockaddr_storage *, int);
+void init_passlist(void);
+int insert_passlist(char *, char *);
+
+extern void dolog(int, char *, ...);
+extern in_addr_t getmask(int);
+extern int getmask6(int, struct sockaddr_in6 *);
+
+extern int debug, verbose;
+
+int passlist = 0; /* passlist is off by default */
+
+SLIST_HEAD(listhead, passlistentry) passlisthead;
+
+static struct passlistentry {
+ char name[INET6_ADDRSTRLEN];
+ int family;
+ struct sockaddr_storage hostmask;
+ struct sockaddr_storage netmask;
+ u_int8_t prefixlen;
+ SLIST_ENTRY(passlistentry) passlist_entry;
+} *wln2, *wlnp;
+
+
+/*
+ * INIT_PASSLIST - initialize the passlist singly linked list
+ */
+
+void
+init_passlist(void)
+{
+ SLIST_INIT(&passlisthead);
+ return;
+}
+
+/*
+ * INSERT_PASSLIST - insert an address and prefixlen into the passlist slist
+ */
+
+int
+insert_passlist(char *address, char *prefixlen)
+{
+ struct sockaddr_in *sin;
+ struct sockaddr_in6 *sin6;
+ int pnum;
+ int ret;
+
+ pnum = atoi(prefixlen);
+ wln2 = malloc(sizeof(struct passlistentry)); /* Insert after. */
+
+ if (strchr(address, ':') != NULL) {
+ wln2->family = AF_INET6;
+ sin6 = (struct sockaddr_in6 *)&wln2->hostmask;
+ if ((ret = inet_pton(AF_INET6, address, &sin6->sin6_addr.s6_addr)) != 1)
+ return (-1);
+ sin6->sin6_family = AF_INET6;
+ sin6 = (struct sockaddr_in6 *)&wln2->netmask;
+ sin6->sin6_family = AF_INET6;
+ if (getmask6(pnum, sin6) < 0)
+ return(-1);
+ wln2->prefixlen = pnum;
+ } else {
+
+ wln2->family = AF_INET;
+ sin = (struct sockaddr_in *)&wln2->hostmask;
+ sin->sin_family = AF_INET;
+ sin->sin_addr.s_addr = inet_addr(address);
+ sin = (struct sockaddr_in *)&wln2->netmask;
+ sin->sin_family = AF_INET;
+ sin->sin_addr.s_addr = getmask(pnum);
+ wln2->prefixlen = pnum;
+
+ }
+
+ SLIST_INSERT_HEAD(&passlisthead, wln2, passlist_entry);
+
+ return (0);
+}
+
+/*
+ * FIND_PASSLIST - walk the passlist list and find the correponding network
+ * if a network matches return 1, if no match is found return
+ * 0.
+ */
+
+int
+find_passlist(struct sockaddr_storage *sst, int family)
+{
+ struct sockaddr_in *sin, *sin0;
+ struct sockaddr_in6 *sin6, *sin60, *sin61;
+ u_int32_t hostmask, netmask;
+ u_int32_t a;
+#ifdef __amd64
+ u_int64_t *hm[2], *nm[2], *a6[2];
+#else
+ u_int32_t *hm[4], *nm[4], *a6[4];
+#endif
+
+ SLIST_FOREACH(wlnp, &passlisthead, passlist_entry) {
+ if (wlnp->family == AF_INET) {
+ if (family != AF_INET)
+ continue;
+ sin = (struct sockaddr_in *)sst;
+ a = sin->sin_addr.s_addr;
+ sin = (struct sockaddr_in *)&wlnp->hostmask;
+ sin0 = (struct sockaddr_in *)&wlnp->netmask;
+ hostmask = sin->sin_addr.s_addr;
+ netmask = sin0->sin_addr.s_addr;
+ if ((hostmask & netmask) == (a & netmask)) {
+ return (1);
+ } /* if hostmask */
+ } else if (wlnp->family == AF_INET6) {
+ if (family != AF_INET6)
+ continue;
+ sin6 = (struct sockaddr_in6 *)sst;
+ sin60 = (struct sockaddr_in6 *)&wlnp->hostmask;
+ sin61 = (struct sockaddr_in6 *)&wlnp->netmask;
+#ifdef __amd64
+ /*
+ * If this is on a 64 bit machine, we'll benefit
+ * by using 64 bit registers, this should make it
+ * a tad faster...
+ */
+ hm[0] = (u_int64_t *)&sin60->sin6_addr.s6_addr;
+ hm[1] = (hm[0] + 1);
+ nm[0] = (u_int64_t *)&sin61->sin6_addr.s6_addr;
+ nm[1] = (nm[0] + 1);
+ a6[0] = (u_int64_t *)&sin6->sin6_addr.s6_addr;
+ a6[1] = (a6[0] + 1);
+ if ( ((*hm[0] & *nm[0]) == (*a6[0] & *nm[0]))&&
+ ((*hm[1] & *nm[1]) == (*a6[1] & *nm[1]))) {
+#else
+ hm[0] = (u_int32_t *)&sin60->sin6_addr.s6_addr;
+ hm[1] = (hm[0] + 1); hm[2] = (hm[1] + 1);
+ hm[3] = (hm[2] + 1);
+ nm[0] = (u_int32_t *)&sin61->sin6_addr.s6_addr;
+ nm[1] = (nm[0] + 1); nm[2] = (nm[1] + 1);
+ nm[3] = (nm[2] + 1);
+ a6[0] = (u_int32_t *)&sin6->sin6_addr.s6_addr;
+ a6[1] = (a6[0] + 1); a6[2] = (a6[1] + 1);
+ a6[3] = (a6[2] + 1);
+
+ if ( ((*hm[0] & *nm[0]) == (*a6[0] & *nm[0]))&&
+ ((*hm[1] & *nm[1]) == (*a6[1] & *nm[1]))&&
+ ((*hm[2] & *nm[2]) == (*a6[2] & *nm[2]))&&
+ ((*hm[3] & *nm[3]) == (*a6[3] & *nm[3]))) {
+#endif
+
+ return (1);
+ } /* if ip6 address */
+
+ } /* if AF_INET6 */
+ } /* SLIST */
+
+ return (0);
+}
blob - b47e870ebded2163d544412ac23a4963c8831127
blob + b0f84d2060a93509a59757052050fcc4540c541f
--- sign.c
+++ sign.c
@@ -27,7 +27,7 @@
*/
/*
- * $Id: sign.c,v 1.7 2020/07/15 20:27:15 pjp Exp $
+ * $Id: sign.c,v 1.8 2020/07/16 17:54:03 pjp Exp $
*/
#include <sys/types.h>
@@ -200,7 +200,7 @@ extern int debug;
extern int verbose;
extern int bytes_received;
extern int notify;
-extern int whitelist;
+extern int passlist;
extern int bcount;
extern char *bind_list[255];
extern char *interface_list[255];
@@ -255,7 +255,7 @@ extern int memcasecmp(u_char *, u
extern int insert_axfr(char *, char *);
extern int insert_filter(char *, char *);
-extern int insert_whitelist(char *, char *);
+extern int insert_passlist(char *, char *);
extern int insert_notifyddd(char *, char *);
extern int dnssec;
blob - 15686c59196ab1822fd3009fbee82eb9aae55085 (mode 644)
blob + /dev/null
--- whitelist.c
+++ /dev/null
@@ -1,224 +0,0 @@
-/*
- * Copyright (c) 2014-2018 Peter J. Philipp
- * All rights reserved.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. The name of the author may not be used to endorse or promote products
- * derived from this software without specific prior written permission
- *
- * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
- * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES
- * OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
- * IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
- * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
- * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
- * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
- * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
- * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
- * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
- *
- */
-
-/*
- * $Id: whitelist.c,v 1.6 2019/06/06 14:56:08 pjp Exp $
- */
-
-
-/*
- * this file is based on filter.c
- */
-
-
-#include <sys/types.h>
-#include <sys/socket.h>
-
-#include <netinet/in.h>
-#include <arpa/inet.h>
-#include <netdb.h>
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#ifdef __linux__
-#include <grp.h>
-#define __USE_BSD 1
-#include <endian.h>
-#include <bsd/stdlib.h>
-#include <bsd/string.h>
-#include <bsd/sys/queue.h>
-#define __unused
-#include <bsd/sys/tree.h>
-#include <bsd/sys/endian.h>
-#else /* not linux */
-#include <sys/queue.h>
-#include <sys/tree.h>
-#endif /* __linux__ */
-
-
-#include "ddd-dns.h"
-#include "ddd-db.h"
-
-int find_whitelist(struct sockaddr_storage *, int);
-void init_whitelist(void);
-int insert_whitelist(char *, char *);
-
-extern void dolog(int, char *, ...);
-extern in_addr_t getmask(int);
-extern int getmask6(int, struct sockaddr_in6 *);
-
-extern int debug, verbose;
-
-int whitelist = 0; /* whitelist is off by default */
-
-SLIST_HEAD(listhead, whitelistentry) whitelisthead;
-
-static struct whitelistentry {
- char name[INET6_ADDRSTRLEN];
- int family;
- struct sockaddr_storage hostmask;
- struct sockaddr_storage netmask;
- u_int8_t prefixlen;
- SLIST_ENTRY(whitelistentry) whitelist_entry;
-} *wln2, *wlnp;
-
-
-/*
- * INIT_FILTER - initialize the whitelist singly linked list
- */
-
-void
-init_whitelist(void)
-{
- SLIST_INIT(&whitelisthead);
- return;
-}
-
-/*
- * INSERT_FILTER - insert an address and prefixlen into the whitelist slist
- */
-
-int
-insert_whitelist(char *address, char *prefixlen)
-{
- struct sockaddr_in *sin;
- struct sockaddr_in6 *sin6;
- int pnum;
- int ret;
-
- pnum = atoi(prefixlen);
- wln2 = malloc(sizeof(struct whitelistentry)); /* Insert after. */
-
- if (strchr(address, ':') != NULL) {
- wln2->family = AF_INET6;
- sin6 = (struct sockaddr_in6 *)&wln2->hostmask;
- if ((ret = inet_pton(AF_INET6, address, &sin6->sin6_addr.s6_addr)) != 1)
- return (-1);
- sin6->sin6_family = AF_INET6;
- sin6 = (struct sockaddr_in6 *)&wln2->netmask;
- sin6->sin6_family = AF_INET6;
- if (getmask6(pnum, sin6) < 0)
- return(-1);
- wln2->prefixlen = pnum;
- } else {
-
- wln2->family = AF_INET;
- sin = (struct sockaddr_in *)&wln2->hostmask;
- sin->sin_family = AF_INET;
- sin->sin_addr.s_addr = inet_addr(address);
- sin = (struct sockaddr_in *)&wln2->netmask;
- sin->sin_family = AF_INET;
- sin->sin_addr.s_addr = getmask(pnum);
- wln2->prefixlen = pnum;
-
- }
-
- SLIST_INSERT_HEAD(&whitelisthead, wln2, whitelist_entry);
-
- return (0);
-}
-
-/*
- * FIND_FILTER - walk the whitelist list and find the correponding network
- * if a network matches return 1, if no match is found return
- * 0.
- */
-
-int
-find_whitelist(struct sockaddr_storage *sst, int family)
-{
- struct sockaddr_in *sin, *sin0;
- struct sockaddr_in6 *sin6, *sin60, *sin61;
- u_int32_t hostmask, netmask;
- u_int32_t a;
-#ifdef __amd64
- u_int64_t *hm[2], *nm[2], *a6[2];
-#else
- u_int32_t *hm[4], *nm[4], *a6[4];
-#endif
-
- SLIST_FOREACH(wlnp, &whitelisthead, whitelist_entry) {
- if (wlnp->family == AF_INET) {
- if (family != AF_INET)
- continue;
- sin = (struct sockaddr_in *)sst;
- a = sin->sin_addr.s_addr;
- sin = (struct sockaddr_in *)&wlnp->hostmask;
- sin0 = (struct sockaddr_in *)&wlnp->netmask;
- hostmask = sin->sin_addr.s_addr;
- netmask = sin0->sin_addr.s_addr;
- if ((hostmask & netmask) == (a & netmask)) {
- return (1);
- } /* if hostmask */
- } else if (wlnp->family == AF_INET6) {
- if (family != AF_INET6)
- continue;
- sin6 = (struct sockaddr_in6 *)sst;
- sin60 = (struct sockaddr_in6 *)&wlnp->hostmask;
- sin61 = (struct sockaddr_in6 *)&wlnp->netmask;
-#ifdef __amd64
- /*
- * If this is on a 64 bit machine, we'll benefit
- * by using 64 bit registers, this should make it
- * a tad faster...
- */
- hm[0] = (u_int64_t *)&sin60->sin6_addr.s6_addr;
- hm[1] = (hm[0] + 1);
- nm[0] = (u_int64_t *)&sin61->sin6_addr.s6_addr;
- nm[1] = (nm[0] + 1);
- a6[0] = (u_int64_t *)&sin6->sin6_addr.s6_addr;
- a6[1] = (a6[0] + 1);
- if ( ((*hm[0] & *nm[0]) == (*a6[0] & *nm[0]))&&
- ((*hm[1] & *nm[1]) == (*a6[1] & *nm[1]))) {
-#else
- hm[0] = (u_int32_t *)&sin60->sin6_addr.s6_addr;
- hm[1] = (hm[0] + 1); hm[2] = (hm[1] + 1);
- hm[3] = (hm[2] + 1);
- nm[0] = (u_int32_t *)&sin61->sin6_addr.s6_addr;
- nm[1] = (nm[0] + 1); nm[2] = (nm[1] + 1);
- nm[3] = (nm[2] + 1);
- a6[0] = (u_int32_t *)&sin6->sin6_addr.s6_addr;
- a6[1] = (a6[0] + 1); a6[2] = (a6[1] + 1);
- a6[3] = (a6[2] + 1);
-
- if ( ((*hm[0] & *nm[0]) == (*a6[0] & *nm[0]))&&
- ((*hm[1] & *nm[1]) == (*a6[1] & *nm[1]))&&
- ((*hm[2] & *nm[2]) == (*a6[2] & *nm[2]))&&
- ((*hm[3] & *nm[3]) == (*a6[3] & *nm[3]))) {
-#endif
-
- return (1);
- } /* if ip6 address */
-
- } /* if AF_INET6 */
- } /* SLIST */
-
- return (0);
-}
repomaster@centroid.eu