new version of nsd_acl_plugin

Colm MacCarthaigh colm.maccarthaigh at heanet.ie
Mon Jul 21 16:45:49 CEST 2003


O.k., I've cleaned it up a lot, and it's now in a happy enough
state for my own use anyway :) It's attached in tar.gz format,
I've also attached a very small patch for NSD which allows
register_data in plugin.c to register data throughout a zone
recursively.

In order to cope with this change, a lot of new logic has been
added to aclc, but the outward changes are minimal.

Changes:

 Added NSD.patch and a README for building/using the plugin

 Aclc now gives each specified zonename it's own chain of rules,
 which includes and rules from parent zones. Aclc also orders
 the db so that recursive adding doesnt erase any rules we need.
 The README contains better guide to the semantics.

 aclc -p now outputs rule numbers for each rule

 acl-plugin.so can now be loaded as follows:

	-Xacl-plugin.so=/path/to/acl.db[,loglevel]

  loglevel can be 1, or 2;

  1: log all queries rejected, including the rule number
  2: log all queries matched, including the rule number

  aclc_lexer.l and aclc_parser.y have been moved into a lexer/
  sub-directory, because gmake was trying to be clever and
  invoking lex when it wasnt needed.

-- 
Colm MacCárthaigh  /  HEAnet, Teach Brooklawn,  / Innealtóir Ghréasáin
+353 1 6609040    / Bóthar Shelbourne, BÁC, IE /   http://www.hea.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nsd_acl_plugin.tar.gz
Type: application/octet-stream
Size: 67597 bytes
Desc: not available
Url : http://open.nlnetlabs.nl/pipermail/nsd-users/attachments/20030721/57e7f731/nsd_acl_plugin.tar-0001.obj
-------------- next part --------------
diff -ru nsd-1.2.1/nsd-plugin.h nsd-1.2.1-patched/nsd-plugin.h
--- nsd-1.2.1/nsd-plugin.h	Mon Jul  7 10:02:16 2003
+++ nsd-1.2.1/nsd-plugin.h	Mon Jul 21 08:42:22 2003
@@ -148,7 +148,8 @@
 		const struct nsd_plugin_interface *nsd,
 		nsd_plugin_id_type                 plugin_id,
 		const uint8_t *                    domain_name,
-		void *                             data);
+		void *                             data,
+		const uint8_t 			   recurse);
 };
 typedef struct nsd_plugin_interface nsd_plugin_interface_type;
 
diff -ru nsd-1.2.1/plugins.c nsd-1.2.1-patched/plugins.c
--- nsd-1.2.1/plugins.c	Mon Jul  7 10:02:17 2003
+++ nsd-1.2.1/plugins.c	Mon Jul 21 08:44:46 2003
@@ -71,7 +71,8 @@
 	const nsd_plugin_interface_type *nsd,
 	nsd_plugin_id_type               plugin_id,
 	const uint8_t *                  domain_name,
-	void *                           data)
+	void *                           data,
+	const uint8_t			 recurse)
 {
 	struct domain *d;
 
@@ -87,6 +88,25 @@
 		}
 		plugin_data = (void **) d->runtime_data;
 		plugin_data[plugin_id] = data;
+
+		if (recurse) {
+			uint8_t dlen , klen;
+			void *key , *key_data;
+
+			dlen = *domain_name;
+		
+			HEAP_WALK(nsd->nsd->db->heap, key, key_data) {
+				klen = * (uint8_t *)key;
+
+				if ( ! bcmp( (uint8_t *) key + 1 + (klen - dlen), 
+					     (uint8_t *) domain_name + 1, klen - dlen) ) {
+					if (register_data(nsd, plugin_id, key, data, 0) == 0) {
+						return 0;
+					}
+				}
+			}	
+		}
+
 		return 1;
 	} else {
 		return 0;


More information about the nsd-users mailing list