Lines Matching defs:acl
1 /* $NetBSD: acl.c,v 1.10 2025/01/26 16:25:21 christos Exp $ */
27 #include <dns/acl.h>
42 dns_acl_t *acl = isc_mem_get(mctx, sizeof(*acl));
43 *acl = (dns_acl_t){
46 .elements = isc_mem_cget(mctx, n, sizeof(acl->elements[0])),
52 isc_mem_attach(mctx, &acl->mctx);
53 dns_iptable_create(acl->mctx, &acl->iptable);
55 *target = acl;
67 dns_acl_t *acl = NULL;
69 dns_acl_create(mctx, 0, &acl);
71 result = dns_iptable_addprefix(acl->iptable, NULL, 0, !neg);
73 dns_acl_detach(&acl);
77 *target = acl;
98 * If pos is true, test whether acl is set to "{ any; }"
99 * If pos is false, test whether acl is set to "{ none; }"
102 dns_acl_isanyornone(dns_acl_t *acl, bool pos) {
104 if (acl == NULL || acl->iptable == NULL ||
105 acl->iptable->radix == NULL || acl->iptable->radix->head == NULL ||
106 acl->iptable->radix->head->prefix == NULL)
111 if (acl->length != 0 || dns_acl_node_count(acl) != 1) {
115 if (acl->iptable->radix->head->prefix->bitlen == 0 &&
116 acl->iptable->radix->head->data[0] != NULL &&
117 acl->iptable->radix->head->data[0] ==
118 acl->iptable->radix->head->data[1] &&
119 *(bool *)(acl->iptable->radix->head->data[0]) == pos)
128 * Test whether acl is set to "{ any; }"
131 dns_acl_isany(dns_acl_t *acl) {
132 return dns_acl_isanyornone(acl, true);
136 * Test whether acl is set to "{ none; }"
139 dns_acl_isnone(dns_acl_t *acl) {
140 return dns_acl_isanyornone(acl, false);
152 const dns_acl_t *acl, dns_aclenv_t *env, int *match,
181 result = isc_radix_search(acl->iptable->radix, &node, &pfx);
197 for (i = 0; i < acl->length; i++) {
198 dns_aclelement_t *e = &acl->elements[i];
226 const dns_acl_t *acl, dns_aclenv_t *env,
232 REQUIRE(DNS_ACL_VALID(acl));
234 if (!ISC_LIST_EMPTY(acl->ports_and_transports)) {
236 for (next = ISC_LIST_HEAD(acl->ports_and_transports);
266 return dns_acl_match(reqaddr, reqsigner, acl, env, match, matchelt);
317 /* Duplicate nested acl. */
340 /* reverse sense of positives if this is a negative acl */
464 dns__acl_destroy_port_transports(dns_acl_t *acl) {
467 ISC_LIST_FOREACH_SAFE (acl->ports_and_transports, port_proto, link,
470 ISC_LIST_DEQUEUE(acl->ports_and_transports, port_proto, link);
471 isc_mem_put(acl->mctx, port_proto, sizeof(*port_proto));
559 * Return true iff the acl 'a' is considered insecure, that is,
622 * Check whether an address/signer is allowed by a given acl/aclenv.
625 dns_acl_allowed(isc_netaddr_t *addr, const dns_name_t *signer, dns_acl_t *acl,
630 if (acl == NULL) {
633 result = dns_acl_match(addr, signer, acl, aclenv, &match, NULL);
678 * possibly destroy the acl objects.
750 dns_acl_add_port_transports(dns_acl_t *acl, const in_port_t port,
754 REQUIRE(DNS_ACL_VALID(acl));
757 port_proto = isc_mem_get(acl->mctx, sizeof(*port_proto));
765 ISC_LIST_APPEND(acl->ports_and_transports, port_proto, link);
766 acl->port_proto_entries++;
788 * Reverse sense of positives if this is a negative acl. The