diff options
Diffstat (limited to 'usr.sbin/bind/lib')
-rw-r--r-- | usr.sbin/bind/lib/dns/Makefile.in | 9 | ||||
-rw-r--r-- | usr.sbin/bind/lib/dns/acl.c | 19 | ||||
-rw-r--r-- | usr.sbin/bind/lib/dns/geoip.c | 829 | ||||
-rw-r--r-- | usr.sbin/bind/lib/dns/include/dns/Makefile.in | 4 | ||||
-rw-r--r-- | usr.sbin/bind/lib/dns/include/dns/acl.h | 18 | ||||
-rw-r--r-- | usr.sbin/bind/lib/dns/include/dns/geoip.h | 119 | ||||
-rw-r--r-- | usr.sbin/bind/lib/isccfg/aclconf.c | 342 | ||||
-rw-r--r-- | usr.sbin/bind/lib/isccfg/include/isccfg/aclconf.h | 8 | ||||
-rw-r--r-- | usr.sbin/bind/lib/isccfg/namedconf.c | 116 |
9 files changed, 7 insertions, 1457 deletions
diff --git a/usr.sbin/bind/lib/dns/Makefile.in b/usr.sbin/bind/lib/dns/Makefile.in index 9ddc38567c3..53bbb7241fc 100644 --- a/usr.sbin/bind/lib/dns/Makefile.in +++ b/usr.sbin/bind/lib/dns/Makefile.in @@ -61,8 +61,6 @@ DSTOBJS = @DST_EXTRA_OBJS@ @OPENSSLLINKOBJS@ @PKCS11LINKOBJS@ \ dst_api.@O@ dst_lib.@O@ dst_parse.@O@ dst_result.@O@ \ gssapi_link.@O@ gssapictx.@O@ hmac_link.@O@ key.@O@ -GEOIPLINKOBJS = geoip.@O@ - # Alphabetically DNSOBJS = acache.@O@ acl.@O@ adb.@O@ byaddr.@O@ \ cache.@O@ callbacks.@O@ clientinfo.@O@ compress.@O@ \ @@ -83,8 +81,7 @@ DNSOBJS = acache.@O@ acl.@O@ adb.@O@ byaddr.@O@ \ version.@O@ view.@O@ xfrin.@O@ zone.@O@ zonekey.@O@ zt.@O@ PORTDNSOBJS = client.@O@ ecdb.@O@ -OBJS= ${DNSOBJS} ${OTHEROBJS} ${DSTOBJS} ${PORTDNSOBJS} \ - @GEOIPLINKOBJS@ +OBJS= ${DNSOBJS} ${OTHEROBJS} ${DSTOBJS} ${PORTDNSOBJS} # Alphabetically @@ -104,8 +101,6 @@ DSTSRCS = @DST_EXTRA_SRCS@ @OPENSSLLINKSRCS@ @PKCS11LINKSRCS@ \ dst_result.c gssapi_link.c gssapictx.c \ hmac_link.c key.c -GEOIOLINKSRCS = geoip.c - DNSSRCS = acache.c acl.c adb.c byaddr.c \ cache.c callbacks.c clientinfo.c compress.c \ db.c dbiterator.c dbtable.c diff.c dispatch.c \ @@ -122,7 +117,7 @@ DNSSRCS = acache.c acl.c adb.c byaddr.c \ version.c view.c xfrin.c zone.c zonekey.c zt.c ${OTHERSRCS} PORTDNSSRCS = client.c ecdb.c -SRCS = ${DSTSRCS} ${DNSSRCS} ${PORTDNSSRCS} @GEOIPLINKSRCS@ +SRCS = ${DSTSRCS} ${DNSSRCS} ${PORTDNSSRCS} SUBDIRS = include TARGETS = timestamp diff --git a/usr.sbin/bind/lib/dns/acl.c b/usr.sbin/bind/lib/dns/acl.c index 40549e667d3..54e2ebcc422 100644 --- a/usr.sbin/bind/lib/dns/acl.c +++ b/usr.sbin/bind/lib/dns/acl.c @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: acl.c,v 1.3 2019/12/17 01:46:31 sthen Exp $ */ +/* $Id: acl.c,v 1.4 2020/01/07 19:06:07 florian Exp $ */ /*! \file */ @@ -339,14 +339,6 @@ dns_acl_merge(dns_acl_t *dest, dns_acl_t *source, isc_boolean_t pos) return result; } -#ifdef HAVE_GEOIP - /* Duplicate GeoIP data */ - if (source->elements[i].type == dns_aclelementtype_geoip) { - dest->elements[nelem + i].geoip_elem = - source->elements[i].geoip_elem; - } -#endif - /* reverse sense of positives if this is a negative acl */ if (!pos && source->elements[i].negative == ISC_FALSE) { dest->elements[nelem + i].negative = ISC_TRUE; @@ -416,12 +408,6 @@ dns_aclelement_match(const isc_netaddr_t *reqaddr, inner = env->localnets; break; -#ifdef HAVE_GEOIP - case dns_aclelementtype_geoip: - if (env == NULL || env->geoip == NULL) - return (ISC_FALSE); - return (dns_geoip_match(reqaddr, env->geoip, &e->geoip_elem)); -#endif default: /* Should be impossible. */ INSIST(0); @@ -619,9 +605,6 @@ dns_aclenv_init(isc_mem_t *mctx, dns_aclenv_t *env) { if (result != ISC_R_SUCCESS) goto cleanup_localhost; env->match_mapped = ISC_FALSE; -#ifdef HAVE_GEOIP - env->geoip = NULL; -#endif return (ISC_R_SUCCESS); cleanup_localhost: diff --git a/usr.sbin/bind/lib/dns/geoip.c b/usr.sbin/bind/lib/dns/geoip.c deleted file mode 100644 index 2c462b2cb3a..00000000000 --- a/usr.sbin/bind/lib/dns/geoip.c +++ /dev/null @@ -1,829 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -/*! \file */ - -#include <config.h> - -#include <isc/util.h> - -#include <isc/mem.h> -#include <isc/once.h> -#include <isc/string.h> - -#include <dns/acl.h> -#include <dns/geoip.h> - -#include <isc/thread.h> -#include <math.h> -#ifndef WIN32 -#include <netinet/in.h> -#else -#ifndef _WINSOCKAPI_ -#define _WINSOCKAPI_ /* Prevent inclusion of winsock.h in windows.h */ -#endif -#include <winsock2.h> -#endif /* WIN32 */ -#include <dns/log.h> - -#ifdef HAVE_GEOIP -#include <GeoIP.h> -#include <GeoIPCity.h> - -/* - * This structure preserves state from the previous GeoIP lookup, - * so that successive lookups for the same data from the same IP - * address will not require repeated calls into the GeoIP library - * to look up data in the database. This should improve performance - * somewhat. - * - * For lookups in the City and Region databases, we preserve pointers - * to the GeoIPRecord and GeoIPregion structures; these will need to be - * freed by GeoIPRecord_delete() and GeoIPRegion_delete(). - * - * for lookups in ISP, AS, Org and Domain we prserve a pointer to - * the returned name; these must be freed by free(). - * - * For lookups in Country we preserve a pointer to the text of - * the country code, name, etc (we use a different pointer for this - * than for the names returned by Org, ISP, etc, because those need - * to be freed but country lookups do not). - * - * For lookups in Netspeed we preserve the returned ID. - * - * XXX: Currently this mechanism is only used for IPv4 lookups; the - * family and addr6 fields are to be used IPv6 is added. - */ -typedef struct geoip_state { - isc_uint16_t subtype; - unsigned int family; - isc_uint32_t ipnum; - geoipv6_t ipnum6; - GeoIPRecord *record; - GeoIPRegion *region; - const char *text; - char *name; - int id; - isc_mem_t *mctx; -} geoip_state_t; - -#ifdef ISC_PLATFORM_USETHREADS -static isc_mutex_t key_mutex; -static isc_boolean_t state_key_initialized = ISC_FALSE; -static isc_thread_key_t state_key; -static isc_once_t mutex_once = ISC_ONCE_INIT; -static isc_mem_t *state_mctx = NULL; - -static void -key_mutex_init(void) { - RUNTIME_CHECK(isc_mutex_init(&key_mutex) == ISC_R_SUCCESS); -} - -static void -free_state(void *arg) { - geoip_state_t *state = arg; - if (state != NULL && state->record != NULL) - GeoIPRecord_delete(state->record); - if (state != NULL) - isc_mem_putanddetach(&state->mctx, - state, sizeof(geoip_state_t)); - isc_thread_key_setspecific(state_key, NULL); -} - -static isc_result_t -state_key_init(void) { - isc_result_t result; - - result = isc_once_do(&mutex_once, key_mutex_init); - if (result != ISC_R_SUCCESS) - return (result); - - if (!state_key_initialized) { - LOCK(&key_mutex); - if (!state_key_initialized) { - int ret; - - if (state_mctx == NULL) - result = isc_mem_create2(0, 0, &state_mctx, 0); - if (result != ISC_R_SUCCESS) - goto unlock; - isc_mem_setname(state_mctx, "geoip_state", NULL); - isc_mem_setdestroycheck(state_mctx, ISC_FALSE); - - ret = isc_thread_key_create(&state_key, free_state); - if (ret == 0) - state_key_initialized = ISC_TRUE; - else - result = ISC_R_FAILURE; - } - unlock: - UNLOCK(&key_mutex); - } - - return (result); -} -#else -static geoip_state_t saved_state; -#endif - -static void -clean_state(geoip_state_t *state) { - if (state == NULL) - return; - - if (state->record != NULL) { - GeoIPRecord_delete(state->record); - state->record = NULL; - } - if (state->region != NULL) { - GeoIPRegion_delete(state->region); - state->region = NULL; - } - if (state->name != NULL) { - free (state->name); - state->name = NULL; - } - state->ipnum = 0; - state->text = NULL; - state->id = 0; -} - -static isc_result_t -set_state(unsigned int family, isc_uint32_t ipnum, const geoipv6_t *ipnum6, - dns_geoip_subtype_t subtype, GeoIPRecord *record, - GeoIPRegion *region, char *name, const char *text, int id) -{ - geoip_state_t *state = NULL; -#ifdef ISC_PLATFORM_USETHREADS - isc_result_t result; - - result = state_key_init(); - if (result != ISC_R_SUCCESS) - return (result); - - state = (geoip_state_t *) isc_thread_key_getspecific(state_key); - if (state == NULL) { - state = (geoip_state_t *) isc_mem_get(state_mctx, - sizeof(geoip_state_t)); - if (state == NULL) - return (ISC_R_NOMEMORY); - memset(state, 0, sizeof(*state)); - - result = isc_thread_key_setspecific(state_key, state); - if (result != ISC_R_SUCCESS) { - isc_mem_put(state_mctx, state, sizeof(geoip_state_t)); - return (result); - } - - isc_mem_attach(state_mctx, &state->mctx); - } else - clean_state(state); -#else - state = &saved_state; - clean_state(state); -#endif - - if (family == AF_INET) { - state->ipnum = ipnum; - } else { - INSIST(ipnum6 != NULL); - state->ipnum6 = *ipnum6; - } - - state->family = family; - state->subtype = subtype; - state->record = record; - state->region = region; - state->name = name; - state->text = text; - state->id = id; - - return (ISC_R_SUCCESS); -} - -static geoip_state_t * -get_state_for(unsigned int family, isc_uint32_t ipnum, - const geoipv6_t *ipnum6) -{ - geoip_state_t *state; - -#ifdef ISC_PLATFORM_USETHREADS - isc_result_t result; - - result = state_key_init(); - if (result != ISC_R_SUCCESS) - return (NULL); - - state = (geoip_state_t *) isc_thread_key_getspecific(state_key); - if (state == NULL) - return (NULL); -#else - state = &saved_state; -#endif - - if (state->family == family && - ((state->family == AF_INET && state->ipnum == ipnum) || - (state->family == AF_INET6 && ipnum6 != NULL && - memcmp(state->ipnum6.s6_addr, ipnum6->s6_addr, 16) == 0))) - return (state); - - return (NULL); -} - -/* - * Country lookups are performed if the previous lookup was from a - * different IP address than the current, or was for a search of a - * different subtype. - */ -static const char * -country_lookup(GeoIP *db, dns_geoip_subtype_t subtype, - unsigned int family, - isc_uint32_t ipnum, const geoipv6_t *ipnum6) -{ - geoip_state_t *prev_state = NULL; - const char *text = NULL; - - REQUIRE(db != NULL); - -#ifndef HAVE_GEOIP_V6 - /* no IPv6 support? give up now */ - if (family == AF_INET6) - return (NULL); -#endif - - prev_state = get_state_for(family, ipnum, ipnum6); - if (prev_state != NULL && prev_state->subtype == subtype) - text = prev_state->text; - - if (text == NULL) { - switch (subtype) { - case dns_geoip_country_code: - if (family == AF_INET) - text = GeoIP_country_code_by_ipnum(db, ipnum); -#ifdef HAVE_GEOIP_V6 - else - text = GeoIP_country_code_by_ipnum_v6(db, - *ipnum6); -#endif - break; - case dns_geoip_country_code3: - if (family == AF_INET) - text = GeoIP_country_code3_by_ipnum(db, ipnum); -#ifdef HAVE_GEOIP_V6 - else - text = GeoIP_country_code3_by_ipnum_v6(db, - *ipnum6); -#endif - break; - case dns_geoip_country_name: - if (family == AF_INET) - text = GeoIP_country_name_by_ipnum(db, ipnum); -#ifdef HAVE_GEOIP_V6 - else - text = GeoIP_country_name_by_ipnum_v6(db, - *ipnum6); -#endif - break; - default: - INSIST(0); - } - - set_state(family, ipnum, ipnum6, subtype, - NULL, NULL, NULL, text, 0); - } - - return (text); -} - -static char * -city_string(GeoIPRecord *record, dns_geoip_subtype_t subtype, int *maxlen) { - const char *s; - char *deconst; - - REQUIRE(record != NULL); - REQUIRE(maxlen != NULL); - - /* Set '*maxlen' to the maximum length of this subtype, if any */ - switch (subtype) { - case dns_geoip_city_countrycode: - case dns_geoip_city_region: - case dns_geoip_city_continentcode: - *maxlen = 2; - break; - - case dns_geoip_city_countrycode3: - *maxlen = 3; - break; - - default: - /* No fixed length; just use strcasecmp() for comparison */ - *maxlen = 255; - } - - switch (subtype) { - case dns_geoip_city_countrycode: - return (record->country_code); - case dns_geoip_city_countrycode3: - return (record->country_code3); - case dns_geoip_city_countryname: - return (record->country_name); - case dns_geoip_city_region: - return (record->region); - case dns_geoip_city_regionname: - s = GeoIP_region_name_by_code(record->country_code, - record->region); - DE_CONST(s, deconst); - return (deconst); - case dns_geoip_city_name: - return (record->city); - case dns_geoip_city_postalcode: - return (record->postal_code); - case dns_geoip_city_continentcode: - return (record->continent_code); - case dns_geoip_city_timezonecode: - s = GeoIP_time_zone_by_country_and_region(record->country_code, - record->region); - DE_CONST(s, deconst); - return (deconst); - default: - INSIST(0); - } -} - -static isc_boolean_t -is_city(dns_geoip_subtype_t subtype) { - switch (subtype) { - case dns_geoip_city_countrycode: - case dns_geoip_city_countrycode3: - case dns_geoip_city_countryname: - case dns_geoip_city_region: - case dns_geoip_city_regionname: - case dns_geoip_city_name: - case dns_geoip_city_postalcode: - case dns_geoip_city_continentcode: - case dns_geoip_city_timezonecode: - case dns_geoip_city_metrocode: - case dns_geoip_city_areacode: - return (ISC_TRUE); - default: - return (ISC_FALSE); - } -} - -/* - * GeoIPRecord lookups are performed if the previous lookup was - * from a different IP address than the current, or was for a search - * outside the City database. - */ -static GeoIPRecord * -city_lookup(GeoIP *db, dns_geoip_subtype_t subtype, - unsigned int family, isc_uint32_t ipnum, const geoipv6_t *ipnum6) -{ - GeoIPRecord *record = NULL; - geoip_state_t *prev_state = NULL; - - REQUIRE(db != NULL); - -#ifndef HAVE_GEOIP_V6 - /* no IPv6 support? give up now */ - if (family == AF_INET6) - return (NULL); -#endif - - prev_state = get_state_for(family, ipnum, ipnum6); - if (prev_state != NULL && is_city(prev_state->subtype)) - record = prev_state->record; - - if (record == NULL) { - if (family == AF_INET) - record = GeoIP_record_by_ipnum(db, ipnum); -#ifdef HAVE_GEOIP_V6 - else - record = GeoIP_record_by_ipnum_v6(db, *ipnum6); -#endif - if (record == NULL) - return (NULL); - - set_state(family, ipnum, ipnum6, subtype, - record, NULL, NULL, NULL, 0); - } - - return (record); -} - -static char * -region_string(GeoIPRegion *region, dns_geoip_subtype_t subtype, int *maxlen) { - const char *s; - char *deconst; - - REQUIRE(region != NULL); - REQUIRE(maxlen != NULL); - - switch (subtype) { - case dns_geoip_region_countrycode: - *maxlen = 2; - return (region->country_code); - case dns_geoip_region_code: - *maxlen = 2; - return (region->region); - case dns_geoip_region_name: - *maxlen = 255; - s = GeoIP_region_name_by_code(region->country_code, - region->region); - DE_CONST(s, deconst); - return (deconst); - default: - INSIST(0); - } -} - -static isc_boolean_t -is_region(dns_geoip_subtype_t subtype) { - switch (subtype) { - case dns_geoip_region_countrycode: - case dns_geoip_region_code: - return (ISC_TRUE); - default: - return (ISC_FALSE); - } -} - -/* - * GeoIPRegion lookups are performed if the previous lookup was - * from a different IP address than the current, or was for a search - * outside the Region database. - */ -static GeoIPRegion * -region_lookup(GeoIP *db, dns_geoip_subtype_t subtype, isc_uint32_t ipnum) { - GeoIPRegion *region = NULL; - geoip_state_t *prev_state = NULL; - - REQUIRE(db != NULL); - - prev_state = get_state_for(AF_INET, ipnum, NULL); - if (prev_state != NULL && is_region(prev_state->subtype)) - region = prev_state->region; - - if (region == NULL) { - region = GeoIP_region_by_ipnum(db, ipnum); - if (region == NULL) - return (NULL); - - set_state(AF_INET, ipnum, NULL, - subtype, NULL, region, NULL, NULL, 0); - } - - return (region); -} - -/* - * ISP, Organization, AS Number and Domain lookups are performed if - * the previous lookup was from a different IP address than the current, - * or was for a search of a different subtype. - */ -static char * -name_lookup(GeoIP *db, dns_geoip_subtype_t subtype, isc_uint32_t ipnum) { - char *name = NULL; - geoip_state_t *prev_state = NULL; - - REQUIRE(db != NULL); - - prev_state = get_state_for(AF_INET, ipnum, NULL); - if (prev_state != NULL && prev_state->subtype == subtype) - name = prev_state->name; - - if (name == NULL) { - name = GeoIP_name_by_ipnum(db, ipnum); - if (name == NULL) - return (NULL); - - set_state(AF_INET, ipnum, NULL, - subtype, NULL, NULL, name, NULL, 0); - } - - return (name); -} - -/* - * Netspeed lookups are performed if the previous lookup was from a - * different IP address than the current, or was for a search of a - * different subtype. - */ -static int -netspeed_lookup(GeoIP *db, dns_geoip_subtype_t subtype, isc_uint32_t ipnum) { - geoip_state_t *prev_state = NULL; - isc_boolean_t found = ISC_FALSE; - int id = -1; - - REQUIRE(db != NULL); - - prev_state = get_state_for(AF_INET, ipnum, NULL); - if (prev_state != NULL && prev_state->subtype == subtype) { - id = prev_state->id; - found = ISC_TRUE; - } - - if (!found) { - id = GeoIP_id_by_ipnum(db, ipnum); - set_state(AF_INET, ipnum, NULL, - subtype, NULL, NULL, NULL, NULL, id); - } - - return (id); -} -#endif /* HAVE_GEOIP */ - -#define DB46(addr, geoip, name) \ - ((addr->family == AF_INET) ? (geoip->name##_v4) : (geoip->name##_v6)) - -#ifdef HAVE_GEOIP -/* - * Find the best database to answer a generic subtype - */ -static dns_geoip_subtype_t -fix_subtype(const isc_netaddr_t *reqaddr, const dns_geoip_databases_t *geoip, - dns_geoip_subtype_t subtype) -{ - dns_geoip_subtype_t ret = subtype; - - switch (subtype) { - case dns_geoip_countrycode: - if (DB46(reqaddr, geoip, city) != NULL) - ret = dns_geoip_city_countrycode; - else if (reqaddr->family == AF_INET && geoip->region != NULL) - ret = dns_geoip_region_countrycode; - else if (DB46(reqaddr, geoip, country) != NULL) - ret = dns_geoip_country_code; - break; - case dns_geoip_countrycode3: - if (DB46(reqaddr, geoip, city) != NULL) - ret = dns_geoip_city_countrycode3; - else if (DB46(reqaddr, geoip, country) != NULL) - ret = dns_geoip_country_code3; - break; - case dns_geoip_countryname: - if (DB46(reqaddr, geoip, city) != NULL) - ret = dns_geoip_city_countryname; - else if (DB46(reqaddr, geoip, country) != NULL) - ret = dns_geoip_country_name; - break; - case dns_geoip_region: - if (DB46(reqaddr, geoip, city) != NULL) - ret = dns_geoip_city_region; - else if (reqaddr->family == AF_INET && geoip->region != NULL) - ret = dns_geoip_region_code; - break; - case dns_geoip_regionname: - if (DB46(reqaddr, geoip, city) != NULL) - ret = dns_geoip_city_regionname; - else if (reqaddr->family == AF_INET && geoip->region != NULL) - ret = dns_geoip_region_name; - break; - default: - break; - } - - return (ret); -} -#endif /* HAVE_GEOIP */ - -isc_boolean_t -dns_geoip_match(const isc_netaddr_t *reqaddr, - const dns_geoip_databases_t *geoip, - const dns_geoip_elem_t *elt) -{ -#ifndef HAVE_GEOIP - UNUSED(reqaddr); - UNUSED(geoip); - UNUSED(elt); - - return (ISC_FALSE); -#else - GeoIP *db; - GeoIPRecord *record; - GeoIPRegion *region; - dns_geoip_subtype_t subtype; - isc_uint32_t ipnum = 0; - int maxlen = 0, id, family; - const char *cs; - char *s; -#ifdef HAVE_GEOIP_V6 - const geoipv6_t *ipnum6 = NULL; -#else - const void *ipnum6 = NULL; -#endif - - INSIST(geoip != NULL); - - family = reqaddr->family; - switch (family) { - case AF_INET: - ipnum = ntohl(reqaddr->type.in.s_addr); - break; - case AF_INET6: -#ifdef HAVE_GEOIP_V6 - ipnum6 = &reqaddr->type.in6; - break; -#else - return (ISC_FALSE); -#endif - default: - return (ISC_FALSE); - } - - subtype = fix_subtype(reqaddr, geoip, elt->subtype); - - switch (subtype) { - case dns_geoip_country_code: - maxlen = 2; - goto getcountry; - - case dns_geoip_country_code3: - maxlen = 3; - goto getcountry; - - case dns_geoip_country_name: - maxlen = 255; - getcountry: - db = DB46(reqaddr, geoip, country); - if (db == NULL) - return (ISC_FALSE); - - INSIST(elt->as_string != NULL); - - cs = country_lookup(db, subtype, family, ipnum, ipnum6); - if (cs != NULL && strncasecmp(elt->as_string, cs, maxlen) == 0) - return (ISC_TRUE); - break; - - case dns_geoip_city_countrycode: - case dns_geoip_city_countrycode3: - case dns_geoip_city_countryname: - case dns_geoip_city_region: - case dns_geoip_city_regionname: - case dns_geoip_city_name: - case dns_geoip_city_postalcode: - case dns_geoip_city_continentcode: - case dns_geoip_city_timezonecode: - INSIST(elt->as_string != NULL); - - db = DB46(reqaddr, geoip, city); - if (db == NULL) - return (ISC_FALSE); - - record = city_lookup(db, subtype, family, ipnum, ipnum6); - if (record == NULL) - break; - - s = city_string(record, subtype, &maxlen); - INSIST(maxlen != 0); - if (s != NULL && strncasecmp(elt->as_string, s, maxlen) == 0) - return (ISC_TRUE); - break; - - case dns_geoip_city_metrocode: - db = DB46(reqaddr, geoip, city); - if (db == NULL) - return (ISC_FALSE); - - record = city_lookup(db, subtype, family, ipnum, ipnum6); - if (record == NULL) - break; - - if (elt->as_int == record->metro_code) - return (ISC_TRUE); - break; - - case dns_geoip_city_areacode: - db = DB46(reqaddr, geoip, city); - if (db == NULL) - return (ISC_FALSE); - - record = city_lookup(db, subtype, family, ipnum, ipnum6); - if (record == NULL) - break; - - if (elt->as_int == record->area_code) - return (ISC_TRUE); - break; - - case dns_geoip_region_countrycode: - case dns_geoip_region_code: - case dns_geoip_region_name: - case dns_geoip_region: - if (geoip->region == NULL) - return (ISC_FALSE); - - INSIST(elt->as_string != NULL); - - /* Region DB is not supported for IPv6 */ - if (family == AF_INET6) - return (ISC_FALSE); - - region = region_lookup(geoip->region, subtype, ipnum); - if (region == NULL) - break; - - s = region_string(region, subtype, &maxlen); - INSIST(maxlen != 0); - if (s != NULL && strncasecmp(elt->as_string, s, maxlen) == 0) - return (ISC_TRUE); - break; - - case dns_geoip_isp_name: - db = geoip->isp; - goto getname; - - case dns_geoip_org_name: - db = geoip->org; - goto getname; - - case dns_geoip_as_asnum: - db = geoip->as; - goto getname; - - case dns_geoip_domain_name: - db = geoip->domain; - - getname: - if (db == NULL) - return (ISC_FALSE); - - INSIST(elt->as_string != NULL); - /* ISP, Org, AS, and Domain are not supported for IPv6 */ - if (family == AF_INET6) - return (ISC_FALSE); - - s = name_lookup(db, subtype, ipnum); - if (s != NULL) { - size_t l; - if (strcasecmp(elt->as_string, s) == 0) - return (ISC_TRUE); - if (subtype != dns_geoip_as_asnum) - break; - /* - * Just check if the ASNNNN value matches. - */ - l = strlen(elt->as_string); - if (l > 0U && strchr(elt->as_string, ' ') == NULL && - strncasecmp(elt->as_string, s, l) == 0 && - s[l] == ' ') - return (ISC_TRUE); - } - break; - - case dns_geoip_netspeed_id: - INSIST(geoip->netspeed != NULL); - - /* Netspeed DB is not supported for IPv6 */ - if (family == AF_INET6) - return (ISC_FALSE); - - id = netspeed_lookup(geoip->netspeed, subtype, ipnum); - if (id == elt->as_int) - return (ISC_TRUE); - break; - - case dns_geoip_countrycode: - case dns_geoip_countrycode3: - case dns_geoip_countryname: - case dns_geoip_regionname: - /* - * If these were not remapped by fix_subtype(), - * the database was unavailable. Always return false. - */ - break; - - default: - INSIST(0); - } - - return (ISC_FALSE); -#endif -} - -void -dns_geoip_shutdown(void) { -#ifdef HAVE_GEOIP - GeoIP_cleanup(); -#ifdef ISC_PLATFORM_USETHREADS - if (state_mctx != NULL) - isc_mem_detach(&state_mctx); -#endif -#else - return; -#endif -} diff --git a/usr.sbin/bind/lib/dns/include/dns/Makefile.in b/usr.sbin/bind/lib/dns/include/dns/Makefile.in index 9dbb6319391..ee07ab1faff 100644 --- a/usr.sbin/bind/lib/dns/include/dns/Makefile.in +++ b/usr.sbin/bind/lib/dns/include/dns/Makefile.in @@ -12,7 +12,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: Makefile.in,v 1.3 2019/12/17 01:46:32 sthen Exp $ +# $Id: Makefile.in,v 1.4 2020/01/07 19:06:07 florian Exp $ srcdir = @srcdir@ VPATH = @srcdir@ @@ -24,7 +24,7 @@ HEADERS = acache.h acl.h adb.h bit.h byaddr.h cache.h callbacks.h cert.h \ client.h clientinfo.h compress.h \ db.h dbiterator.h dbtable.h diff.h dispatch.h \ dlz.h dlz_dlopen.h dns64.h dnssec.h ds.h dsdigest.h \ - ecdb.h events.h fixedname.h forward.h geoip.h iptable.h \ + ecdb.h events.h fixedname.h forward.h iptable.h \ journal.h keydata.h keyflags.h keytable.h keyvalues.h \ lib.h lookup.h log.h master.h masterdump.h message.h \ name.h ncache.h nsec.h nsec3.h opcode.h order.h \ diff --git a/usr.sbin/bind/lib/dns/include/dns/acl.h b/usr.sbin/bind/lib/dns/include/dns/acl.h index b8ab58302ee..4f9a306af9d 100644 --- a/usr.sbin/bind/lib/dns/include/dns/acl.h +++ b/usr.sbin/bind/lib/dns/include/dns/acl.h @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: acl.h,v 1.3 2019/12/17 01:46:32 sthen Exp $ */ +/* $Id: acl.h,v 1.4 2020/01/07 19:06:07 florian Exp $ */ #ifndef DNS_ACL_H #define DNS_ACL_H 1 @@ -37,17 +37,10 @@ #include <isc/netaddr.h> #include <isc/refcount.h> -#ifdef HAVE_GEOIP -#include <dns/geoip.h> -#endif #include <dns/name.h> #include <dns/types.h> #include <dns/iptable.h> -#ifdef HAVE_GEOIP -#include <GeoIP.h> -#endif - /*** *** Types ***/ @@ -58,9 +51,6 @@ typedef enum { dns_aclelementtype_nestedacl, dns_aclelementtype_localhost, dns_aclelementtype_localnets, -#ifdef HAVE_GEOIP - dns_aclelementtype_geoip, -#endif /* HAVE_GEOIP */ dns_aclelementtype_any } dns_aclelementtype_t; @@ -75,9 +65,6 @@ struct dns_aclelement { dns_aclelementtype_t type; isc_boolean_t negative; dns_name_t keyname; -#ifdef HAVE_GEOIP - dns_geoip_elem_t geoip_elem; -#endif /* HAVE_GEOIP */ dns_acl_t *nestedacl; int node_num; }; @@ -100,9 +87,6 @@ struct dns_aclenv { dns_acl_t *localhost; dns_acl_t *localnets; isc_boolean_t match_mapped; -#ifdef HAVE_GEOIP - dns_geoip_databases_t *geoip; -#endif }; #define DNS_ACL_MAGIC ISC_MAGIC('D','a','c','l') diff --git a/usr.sbin/bind/lib/dns/include/dns/geoip.h b/usr.sbin/bind/lib/dns/include/dns/geoip.h deleted file mode 100644 index f6769371ebe..00000000000 --- a/usr.sbin/bind/lib/dns/include/dns/geoip.h +++ /dev/null @@ -1,119 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * Permission to use, copy, modify, and/or distribute this software for any - * purpose with or without fee is hereby granted, provided that the above - * copyright notice and this permission notice appear in all copies. - * - * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH - * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY - * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, - * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM - * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE - * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR - * PERFORMANCE OF THIS SOFTWARE. - */ - -#ifndef DNS_GEOIP_H -#define DNS_GEOIP_H 1 - -/***** - ***** Module Info - *****/ - -/*! \file dns/acl.h - * \brief - * Address match list handling. - */ - -/*** - *** Imports - ***/ - -#include <isc/lang.h> -#include <isc/magic.h> -#include <isc/netaddr.h> -#include <isc/refcount.h> - -#include <dns/name.h> -#include <dns/types.h> -#include <dns/iptable.h> - -#ifdef HAVE_GEOIP -#include <GeoIP.h> -#else -typedef void GeoIP; -#endif - -/*** - *** Types - ***/ - -typedef enum { - dns_geoip_countrycode, - dns_geoip_countrycode3, - dns_geoip_countryname, - dns_geoip_region, - dns_geoip_regionname, - dns_geoip_country_code, - dns_geoip_country_code3, - dns_geoip_country_name, - dns_geoip_region_countrycode, - dns_geoip_region_code, - dns_geoip_region_name, - dns_geoip_city_countrycode, - dns_geoip_city_countrycode3, - dns_geoip_city_countryname, - dns_geoip_city_region, - dns_geoip_city_regionname, - dns_geoip_city_name, - dns_geoip_city_postalcode, - dns_geoip_city_metrocode, - dns_geoip_city_areacode, - dns_geoip_city_continentcode, - dns_geoip_city_timezonecode, - dns_geoip_isp_name, - dns_geoip_org_name, - dns_geoip_as_asnum, - dns_geoip_domain_name, - dns_geoip_netspeed_id -} dns_geoip_subtype_t; - -typedef struct dns_geoip_elem { - dns_geoip_subtype_t subtype; - GeoIP *db; - union { - char as_string[256]; - int as_int; - }; -} dns_geoip_elem_t; - -typedef struct dns_geoip_databases { - GeoIP *country_v4; /* DB 1 */ - GeoIP *city_v4; /* DB 2 or 6 */ - GeoIP *region; /* DB 3 or 7 */ - GeoIP *isp; /* DB 4 */ - GeoIP *org; /* DB 5 */ - GeoIP *as; /* DB 9 */ - GeoIP *netspeed; /* DB 10 */ - GeoIP *domain; /* DB 11 */ - GeoIP *country_v6; /* DB 12 */ - GeoIP *city_v6; /* DB 30 or 31 */ -} dns_geoip_databases_t; - -/*** - *** Functions - ***/ - -ISC_LANG_BEGINDECLS - -isc_boolean_t -dns_geoip_match(const isc_netaddr_t *reqaddr, - const dns_geoip_databases_t *geoip, - const dns_geoip_elem_t *elt); - -void -dns_geoip_shutdown(void); - -ISC_LANG_ENDDECLS -#endif /* DNS_GEOIP_H */ diff --git a/usr.sbin/bind/lib/isccfg/aclconf.c b/usr.sbin/bind/lib/isccfg/aclconf.c index d90e5398148..aa01b30bbec 100644 --- a/usr.sbin/bind/lib/isccfg/aclconf.c +++ b/usr.sbin/bind/lib/isccfg/aclconf.c @@ -29,11 +29,6 @@ #include <dns/fixedname.h> #include <dns/log.h> -#ifdef HAVE_GEOIP -#include <stdlib.h> -#include <math.h> -#endif /* HAVE_GEOIP */ - #define LOOP_MAGIC ISC_MAGIC('L','O','O','P') isc_result_t @@ -56,10 +51,6 @@ cfg_aclconfctx_create(isc_mem_t *mctx, cfg_aclconfctx_t **ret) { isc_mem_attach(mctx, &actx->mctx); ISC_LIST_INIT(actx->named_acl_cache); -#ifdef HAVE_GEOIP - actx->geoip = NULL; -#endif - *ret = actx; return (ISC_R_SUCCESS); @@ -262,12 +253,6 @@ count_acl_elements(const cfg_obj_t *caml, const cfg_obj_t *cctx, n += sub; if (negative) n++; -#ifdef HAVE_GEOIP - } else if (cfg_obj_istuple(ce) && - cfg_obj_isvoid(cfg_tuple_get(ce, "negated"))) - { - n++; -#endif /* HAVE_GEOIP */ } else if (cfg_obj_isstring(ce)) { const char *name = cfg_obj_asstring(ce); if (strcasecmp(name, "localhost") == 0 || @@ -299,322 +284,6 @@ count_acl_elements(const cfg_obj_t *caml, const cfg_obj_t *cctx, return (ISC_R_SUCCESS); } -#ifdef HAVE_GEOIP -static dns_geoip_subtype_t -get_subtype(const cfg_obj_t *obj, isc_log_t *lctx, - dns_geoip_subtype_t subtype, const char *dbname) -{ - if (dbname == NULL) - return (subtype); - - switch (subtype) { - case dns_geoip_countrycode: - if (strcasecmp(dbname, "city") == 0) - return (dns_geoip_city_countrycode); - else if (strcasecmp(dbname, "region") == 0) - return (dns_geoip_region_countrycode); - else if (strcasecmp(dbname, "country") == 0) - return (dns_geoip_country_code); - cfg_obj_log(obj, lctx, ISC_LOG_ERROR, - "invalid GeoIP DB specified for " - "country search: ignored"); - return (subtype); - case dns_geoip_countrycode3: - if (strcasecmp(dbname, "city") == 0) - return (dns_geoip_city_countrycode3); - else if (strcasecmp(dbname, "country") == 0) - return (dns_geoip_country_code3); - cfg_obj_log(obj, lctx, ISC_LOG_ERROR, - "invalid GeoIP DB specified for " - "country search: ignored"); - return (subtype); - case dns_geoip_countryname: - if (strcasecmp(dbname, "city") == 0) - return (dns_geoip_city_countryname); - else if (strcasecmp(dbname, "country") == 0) - return (dns_geoip_country_name); - cfg_obj_log(obj, lctx, ISC_LOG_ERROR, - "invalid GeoIP DB specified for " - "country search: ignored"); - return (subtype); - case dns_geoip_region: - if (strcasecmp(dbname, "city") == 0) - return (dns_geoip_city_region); - else if (strcasecmp(dbname, "region") == 0) - return (dns_geoip_region_code); - cfg_obj_log(obj, lctx, ISC_LOG_ERROR, - "invalid GeoIP DB specified for " - "region search: ignored"); - return (subtype); - case dns_geoip_regionname: - if (strcasecmp(dbname, "city") == 0) - return (dns_geoip_city_region); - else if (strcasecmp(dbname, "region") == 0) - return (dns_geoip_region_name); - cfg_obj_log(obj, lctx, ISC_LOG_ERROR, - "invalid GeoIP DB specified for " - "region search: ignored"); - return (subtype); - - /* - * Log a warning if the wrong database was specified - * on an unambiguous query - */ - case dns_geoip_city_name: - case dns_geoip_city_postalcode: - case dns_geoip_city_metrocode: - case dns_geoip_city_areacode: - case dns_geoip_city_continentcode: - case dns_geoip_city_timezonecode: - if (strcasecmp(dbname, "city") != 0) - cfg_obj_log(obj, lctx, ISC_LOG_WARNING, - "invalid GeoIP DB specified for " - "a 'city'-only search type: ignoring"); - return (subtype); - case dns_geoip_isp_name: - if (strcasecmp(dbname, "isp") != 0) - cfg_obj_log(obj, lctx, ISC_LOG_WARNING, - "invalid GeoIP DB specified for " - "an 'isp' search: ignoring"); - return (subtype); - case dns_geoip_org_name: - if (strcasecmp(dbname, "org") != 0) - cfg_obj_log(obj, lctx, ISC_LOG_WARNING, - "invalid GeoIP DB specified for " - "an 'org' search: ignoring"); - return (subtype); - case dns_geoip_as_asnum: - if (strcasecmp(dbname, "asnum") != 0) - cfg_obj_log(obj, lctx, ISC_LOG_WARNING, - "invalid GeoIP DB specified for " - "an 'asnum' search: ignoring"); - return (subtype); - case dns_geoip_domain_name: - if (strcasecmp(dbname, "domain") != 0) - cfg_obj_log(obj, lctx, ISC_LOG_WARNING, - "invalid GeoIP DB specified for " - "a 'domain' search: ignoring"); - return (subtype); - case dns_geoip_netspeed_id: - if (strcasecmp(dbname, "netspeed") != 0) - cfg_obj_log(obj, lctx, ISC_LOG_WARNING, - "invalid GeoIP DB specified for " - "a 'netspeed' search: ignoring"); - return (subtype); - default: - INSIST(0); - } -} - -static isc_boolean_t -geoip_can_answer(dns_aclelement_t *elt, cfg_aclconfctx_t *ctx) { - if (ctx->geoip == NULL) - return (ISC_TRUE); - - switch (elt->geoip_elem.subtype) { - case dns_geoip_countrycode: - case dns_geoip_countrycode3: - case dns_geoip_countryname: - if (ctx->geoip->city_v4 != NULL || - ctx->geoip->city_v6 != NULL || - ctx->geoip->country_v4 != NULL || - ctx->geoip->country_v6 != NULL || - ctx->geoip->region != NULL) - return (ISC_TRUE); - /* FALLTHROUGH */ - case dns_geoip_region: - case dns_geoip_regionname: - if (ctx->geoip->city_v4 != NULL || - ctx->geoip->city_v6 != NULL || - ctx->geoip->region != NULL) - return (ISC_TRUE); - /* FALLTHROUGH */ - case dns_geoip_country_code: - case dns_geoip_country_code3: - case dns_geoip_country_name: - if (ctx->geoip->country_v4 != NULL || - ctx->geoip->country_v6 != NULL) - return (ISC_TRUE); - /* FALLTHROUGH */ - case dns_geoip_region_countrycode: - case dns_geoip_region_code: - case dns_geoip_region_name: - if (ctx->geoip->region != NULL) - return (ISC_TRUE); - /* FALLTHROUGH */ - case dns_geoip_city_countrycode: - case dns_geoip_city_countrycode3: - case dns_geoip_city_countryname: - case dns_geoip_city_region: - case dns_geoip_city_regionname: - case dns_geoip_city_name: - case dns_geoip_city_postalcode: - case dns_geoip_city_metrocode: - case dns_geoip_city_areacode: - case dns_geoip_city_continentcode: - case dns_geoip_city_timezonecode: - if (ctx->geoip->city_v4 != NULL || - ctx->geoip->city_v6 != NULL) - return (ISC_TRUE); - /* FALLTHROUGH */ - case dns_geoip_isp_name: - if (ctx->geoip->isp != NULL) - return (ISC_TRUE); - /* FALLTHROUGH */ - case dns_geoip_org_name: - if (ctx->geoip->org != NULL) - return (ISC_TRUE); - /* FALLTHROUGH */ - case dns_geoip_as_asnum: - if (ctx->geoip->as != NULL) - return (ISC_TRUE); - /* FALLTHROUGH */ - case dns_geoip_domain_name: - if (ctx->geoip->domain != NULL) - return (ISC_TRUE); - /* FALLTHROUGH */ - case dns_geoip_netspeed_id: - if (ctx->geoip->netspeed != NULL) - return (ISC_TRUE); - } - - return (ISC_FALSE); -} - -static isc_result_t -parse_geoip_element(const cfg_obj_t *obj, isc_log_t *lctx, - cfg_aclconfctx_t *ctx, dns_aclelement_t *dep) -{ - const cfg_obj_t *ge; - const char *dbname = NULL; - const char *stype, *search; - dns_geoip_subtype_t subtype; - dns_aclelement_t de; - size_t len; - - REQUIRE(dep != NULL); - - de = *dep; - - ge = cfg_tuple_get(obj, "db"); - if (!cfg_obj_isvoid(ge)) - dbname = cfg_obj_asstring(ge); - - stype = cfg_obj_asstring(cfg_tuple_get(obj, "subtype")); - search = cfg_obj_asstring(cfg_tuple_get(obj, "search")); - len = strlen(search); - - if (len == 0) { - cfg_obj_log(obj, lctx, ISC_LOG_ERROR, - "zero-length geoip search field"); - return (ISC_R_FAILURE); - } - - if (strcasecmp(stype, "country") == 0 && len == 2) { - /* Two-letter country code */ - subtype = dns_geoip_countrycode; - strlcpy(de.geoip_elem.as_string, search, - sizeof(de.geoip_elem.as_string)); - } else if (strcasecmp(stype, "country") == 0 && len == 3) { - /* Three-letter country code */ - subtype = dns_geoip_countrycode3; - strlcpy(de.geoip_elem.as_string, search, - sizeof(de.geoip_elem.as_string)); - } else if (strcasecmp(stype, "country") == 0) { - /* Country name */ - subtype = dns_geoip_countryname; - strlcpy(de.geoip_elem.as_string, search, - sizeof(de.geoip_elem.as_string)); - } else if (strcasecmp(stype, "region") == 0 && len == 2) { - /* Two-letter region code */ - subtype = dns_geoip_region; - strlcpy(de.geoip_elem.as_string, search, - sizeof(de.geoip_elem.as_string)); - } else if (strcasecmp(stype, "region") == 0) { - /* Region name */ - subtype = dns_geoip_regionname; - strlcpy(de.geoip_elem.as_string, search, - sizeof(de.geoip_elem.as_string)); - } else if (strcasecmp(stype, "city") == 0) { - /* City name */ - subtype = dns_geoip_city_name; - strlcpy(de.geoip_elem.as_string, search, - sizeof(de.geoip_elem.as_string)); - } else if (strcasecmp(stype, "postal") == 0 || - strcasecmp(stype, "postalcode") == 0) - { - if (len < 7) { - subtype = dns_geoip_city_postalcode; - strlcpy(de.geoip_elem.as_string, search, - sizeof(de.geoip_elem.as_string)); - } else { - cfg_obj_log(obj, lctx, ISC_LOG_ERROR, - "geoiop postal code (%s) too long", - search); - return (ISC_R_FAILURE); - } - } else if (strcasecmp(stype, "metro") == 0 || - strcasecmp(stype, "metrocode") == 0) - { - subtype = dns_geoip_city_metrocode; - de.geoip_elem.as_int = atoi(search); - } else if (strcasecmp(stype, "area") == 0 || - strcasecmp(stype, "areacode") == 0) - { - subtype = dns_geoip_city_areacode; - de.geoip_elem.as_int = atoi(search); - } else if (strcasecmp(stype, "tz") == 0 || - strcasecmp(stype, "timezone") == 0) - { - subtype = dns_geoip_city_timezonecode; - strlcpy(de.geoip_elem.as_string, search, - sizeof(de.geoip_elem.as_string)); - } else if (strcasecmp(stype, "continent") == 0 && len == 2) { - /* Two-letter continent code */ - subtype = dns_geoip_city_continentcode; - strlcpy(de.geoip_elem.as_string, search, - sizeof(de.geoip_elem.as_string)); - } else if (strcasecmp(stype, "continent") == 0) { - cfg_obj_log(obj, lctx, ISC_LOG_ERROR, - "geoiop continent code (%s) too long", search); - return (ISC_R_FAILURE); - } else if (strcasecmp(stype, "isp") == 0) { - subtype = dns_geoip_isp_name; - strlcpy(de.geoip_elem.as_string, search, - sizeof(de.geoip_elem.as_string)); - } else if (strcasecmp(stype, "asnum") == 0) { - subtype = dns_geoip_as_asnum; - strlcpy(de.geoip_elem.as_string, search, - sizeof(de.geoip_elem.as_string)); - } else if (strcasecmp(stype, "org") == 0) { - subtype = dns_geoip_org_name; - strlcpy(de.geoip_elem.as_string, search, - sizeof(de.geoip_elem.as_string)); - } else if (strcasecmp(stype, "domain") == 0) { - subtype = dns_geoip_domain_name; - strlcpy(de.geoip_elem.as_string, search, - sizeof(de.geoip_elem.as_string)); - } else if (strcasecmp(stype, "netspeed") == 0) { - subtype = dns_geoip_netspeed_id; - de.geoip_elem.as_int = atoi(search); - } else - INSIST(0); - - de.geoip_elem.subtype = get_subtype(obj, lctx, subtype, dbname); - - if (! geoip_can_answer(&de, ctx)) { - cfg_obj_log(obj, lctx, ISC_LOG_ERROR, - "no GeoIP database installed which can answer " - "queries of type '%s'", stype); - return (ISC_R_FAILURE); - } - - *dep = de; - - return (ISC_R_SUCCESS); -} -#endif - isc_result_t cfg_acl_fromconfig(const cfg_obj_t *caml, const cfg_obj_t *cctx, isc_log_t *lctx, cfg_aclconfctx_t *ctx, @@ -797,17 +466,6 @@ nested_acl: &de->keyname); if (result != ISC_R_SUCCESS) goto cleanup; -#ifdef HAVE_GEOIP - } else if (cfg_obj_istuple(ce) && - cfg_obj_isvoid(cfg_tuple_get(ce, "negated"))) - { - INSIST(dacl->length < dacl->alloc); - result = parse_geoip_element(ce, lctx, ctx, de); - if (result != ISC_R_SUCCESS) - goto cleanup; - de->type = dns_aclelementtype_geoip; - de->negative = neg; -#endif /* HAVE_GEOIP */ } else if (cfg_obj_isstring(ce)) { /* ACL name. */ const char *name = cfg_obj_asstring(ce); diff --git a/usr.sbin/bind/lib/isccfg/include/isccfg/aclconf.h b/usr.sbin/bind/lib/isccfg/include/isccfg/aclconf.h index a733653c9cb..6952063c72e 100644 --- a/usr.sbin/bind/lib/isccfg/include/isccfg/aclconf.h +++ b/usr.sbin/bind/lib/isccfg/include/isccfg/aclconf.h @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: aclconf.h,v 1.3 2019/12/17 01:46:38 sthen Exp $ */ +/* $Id: aclconf.h,v 1.4 2020/01/07 19:06:07 florian Exp $ */ #ifndef ISCCFG_ACLCONF_H #define ISCCFG_ACLCONF_H 1 @@ -23,17 +23,11 @@ #include <isccfg/cfg.h> -#ifdef HAVE_GEOIP -#include <dns/geoip.h> -#endif #include <dns/types.h> typedef struct cfg_aclconfctx { ISC_LIST(dns_acl_t) named_acl_cache; isc_mem_t *mctx; -#ifdef HAVE_GEOIP - dns_geoip_databases_t *geoip; -#endif isc_refcount_t references; } cfg_aclconfctx_t; diff --git a/usr.sbin/bind/lib/isccfg/namedconf.c b/usr.sbin/bind/lib/isccfg/namedconf.c index ece40659cb7..a12a161c48b 100644 --- a/usr.sbin/bind/lib/isccfg/namedconf.c +++ b/usr.sbin/bind/lib/isccfg/namedconf.c @@ -83,17 +83,6 @@ doc_keyvalue(cfg_printer_t *pctx, const cfg_type_t *type); static void doc_optional_keyvalue(cfg_printer_t *pctx, const cfg_type_t *type); -#ifdef HAVE_GEOIP -static isc_result_t -parse_geoip(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret); - -static void -print_geoip(cfg_printer_t *pctx, const cfg_obj_t *obj); - -static void -doc_geoip(cfg_printer_t *pctx, const cfg_type_t *type); -#endif /* HAVE_GEOIP */ - static cfg_type_t cfg_type_acl; static cfg_type_t cfg_type_addrmatchelt; static cfg_type_t cfg_type_bracketed_aml; @@ -1015,12 +1004,8 @@ options_clauses[] = { { "fake-iquery", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, { "files", &cfg_type_size, 0 }, { "flush-zones-on-shutdown", &cfg_type_boolean, 0 }, -#ifdef HAVE_GEOIP - { "geoip-directory", &cfg_type_qstringornone, 0 }, -#else { "geoip-directory", &cfg_type_qstringornone, CFG_CLAUSEFLAG_NOTCONFIGURED }, -#endif /* HAVE_GEOIP */ { "has-old-clients", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE }, { "heartbeat-interval", &cfg_type_uint32, 0 }, { "host-statistics", &cfg_type_boolean, CFG_CLAUSEFLAG_NOTIMP }, @@ -2324,102 +2309,6 @@ static cfg_type_t cfg_type_optional_keyref = { doc_optional_keyvalue, &cfg_rep_string, &key_kw }; -#ifdef HAVE_GEOIP -/* - * "geoip" ACL element: - * geoip [ db <database> ] search-type <string> - */ -static const char *geoiptype_enums[] = { - "area", "areacode", "asnum", "city", "continent", "country", - "country3", "countryname", "domain", "isp", "metro", "metrocode", - "netspeed", "org", "postal", "postalcode", "region", "regionname", - "timezone", "tz", NULL -}; -static cfg_type_t cfg_type_geoiptype = { - "geoiptype", cfg_parse_enum, cfg_print_ustring, - cfg_doc_enum, &cfg_rep_string, &geoiptype_enums -}; - -static const char *geoipdb_enums[] = { - "asnum", "city", "country", "domain", "isp", "netspeed", - "org", "region", NULL -}; -static cfg_type_t cfg_type_geoipdb = { - "geoipdb", cfg_parse_enum, cfg_print_ustring, - cfg_doc_enum, &cfg_rep_string, &geoipdb_enums -}; - -static cfg_tuplefielddef_t geoip_fields[] = { - { "negated", &cfg_type_void, 0 }, - { "db", &cfg_type_geoipdb, 0 }, - { "subtype", &cfg_type_geoiptype, 0 }, - { "search", &cfg_type_astring, 0 }, - { NULL, NULL, 0 } -}; - -static cfg_type_t cfg_type_geoip = { - "geoip", parse_geoip, print_geoip, doc_geoip, - &cfg_rep_tuple, geoip_fields -}; - -static isc_result_t -parse_geoip(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) { - isc_result_t result; - cfg_obj_t *obj = NULL; - const cfg_tuplefielddef_t *fields = type->of; - - CHECK(cfg_create_tuple(pctx, type, &obj)); - CHECK(cfg_parse_void(pctx, NULL, &obj->value.tuple[0])); - - /* Parse the optional "db" field. */ - CHECK(cfg_peektoken(pctx, 0)); - if (pctx->token.type == isc_tokentype_string) { - CHECK(cfg_gettoken(pctx, 0)); - if (strcasecmp(TOKEN_STRING(pctx), "db") == 0 && - obj->value.tuple[1] == NULL) { - CHECK(cfg_parse_obj(pctx, fields[1].type, - &obj->value.tuple[1])); - } else { - CHECK(cfg_parse_void(pctx, NULL, - &obj->value.tuple[1])); - cfg_ungettoken(pctx); - } - } - - CHECK(cfg_parse_obj(pctx, fields[2].type, &obj->value.tuple[2])); - CHECK(cfg_parse_obj(pctx, fields[3].type, &obj->value.tuple[3])); - - *ret = obj; - return (ISC_R_SUCCESS); - - cleanup: - CLEANUP_OBJ(obj); - return (result); -} - -static void -print_geoip(cfg_printer_t *pctx, const cfg_obj_t *obj) { - if (obj->value.tuple[1]->type->print != cfg_print_void) { - cfg_print_cstr(pctx, " db "); - cfg_print_obj(pctx, obj->value.tuple[1]); - } - cfg_print_obj(pctx, obj->value.tuple[2]); - cfg_print_obj(pctx, obj->value.tuple[3]); -} - -static void -doc_geoip(cfg_printer_t *pctx, const cfg_type_t *type) { - UNUSED(type); - cfg_print_cstr(pctx, "[ db "); - cfg_doc_enum(pctx, &cfg_type_geoipdb); - cfg_print_cstr(pctx, " ]"); - cfg_print_chars(pctx, " ", 1); - cfg_doc_enum(pctx, &cfg_type_geoiptype); - cfg_print_chars(pctx, " ", 1); - cfg_print_cstr(pctx, "<quoted_string>"); -} -#endif /* HAVE_GEOIP */ - /*% * A "controls" statement is represented as a map with the multivalued * "inet" and "unix" clauses. @@ -2749,14 +2638,9 @@ parse_addrmatchelt(cfg_parser_t *pctx, const cfg_type_t *type, CHECK(cfg_parse_obj(pctx, &cfg_type_keyref, ret)); } else if (pctx->token.type == isc_tokentype_string && (strcasecmp(TOKEN_STRING(pctx), "geoip") == 0)) { -#ifdef HAVE_GEOIP - CHECK(cfg_gettoken(pctx, 0)); - CHECK(cfg_parse_obj(pctx, &cfg_type_geoip, ret)); -#else cfg_parser_error(pctx, CFG_LOG_NEAR, "'geoip' " "not supported in this build"); return (ISC_R_UNEXPECTEDTOKEN); -#endif } else { if (cfg_lookingat_netaddr(pctx, CFG_ADDR_V4OK | CFG_ADDR_V4PREFIXOK | |