summaryrefslogtreecommitdiff
path: root/usr.sbin/bind/lib
diff options
context:
space:
mode:
Diffstat (limited to 'usr.sbin/bind/lib')
-rw-r--r--usr.sbin/bind/lib/dns/Makefile.in9
-rw-r--r--usr.sbin/bind/lib/dns/acl.c19
-rw-r--r--usr.sbin/bind/lib/dns/geoip.c829
-rw-r--r--usr.sbin/bind/lib/dns/include/dns/Makefile.in4
-rw-r--r--usr.sbin/bind/lib/dns/include/dns/acl.h18
-rw-r--r--usr.sbin/bind/lib/dns/include/dns/geoip.h119
-rw-r--r--usr.sbin/bind/lib/isccfg/aclconf.c342
-rw-r--r--usr.sbin/bind/lib/isccfg/include/isccfg/aclconf.h8
-rw-r--r--usr.sbin/bind/lib/isccfg/namedconf.c116
9 files changed, 7 insertions, 1457 deletions
diff --git a/usr.sbin/bind/lib/dns/Makefile.in b/usr.sbin/bind/lib/dns/Makefile.in
index 9ddc38567c3..53bbb7241fc 100644
--- a/usr.sbin/bind/lib/dns/Makefile.in
+++ b/usr.sbin/bind/lib/dns/Makefile.in
@@ -61,8 +61,6 @@ DSTOBJS = @DST_EXTRA_OBJS@ @OPENSSLLINKOBJS@ @PKCS11LINKOBJS@ \
dst_api.@O@ dst_lib.@O@ dst_parse.@O@ dst_result.@O@ \
gssapi_link.@O@ gssapictx.@O@ hmac_link.@O@ key.@O@
-GEOIPLINKOBJS = geoip.@O@
-
# Alphabetically
DNSOBJS = acache.@O@ acl.@O@ adb.@O@ byaddr.@O@ \
cache.@O@ callbacks.@O@ clientinfo.@O@ compress.@O@ \
@@ -83,8 +81,7 @@ DNSOBJS = acache.@O@ acl.@O@ adb.@O@ byaddr.@O@ \
version.@O@ view.@O@ xfrin.@O@ zone.@O@ zonekey.@O@ zt.@O@
PORTDNSOBJS = client.@O@ ecdb.@O@
-OBJS= ${DNSOBJS} ${OTHEROBJS} ${DSTOBJS} ${PORTDNSOBJS} \
- @GEOIPLINKOBJS@
+OBJS= ${DNSOBJS} ${OTHEROBJS} ${DSTOBJS} ${PORTDNSOBJS}
# Alphabetically
@@ -104,8 +101,6 @@ DSTSRCS = @DST_EXTRA_SRCS@ @OPENSSLLINKSRCS@ @PKCS11LINKSRCS@ \
dst_result.c gssapi_link.c gssapictx.c \
hmac_link.c key.c
-GEOIOLINKSRCS = geoip.c
-
DNSSRCS = acache.c acl.c adb.c byaddr.c \
cache.c callbacks.c clientinfo.c compress.c \
db.c dbiterator.c dbtable.c diff.c dispatch.c \
@@ -122,7 +117,7 @@ DNSSRCS = acache.c acl.c adb.c byaddr.c \
version.c view.c xfrin.c zone.c zonekey.c zt.c ${OTHERSRCS}
PORTDNSSRCS = client.c ecdb.c
-SRCS = ${DSTSRCS} ${DNSSRCS} ${PORTDNSSRCS} @GEOIPLINKSRCS@
+SRCS = ${DSTSRCS} ${DNSSRCS} ${PORTDNSSRCS}
SUBDIRS = include
TARGETS = timestamp
diff --git a/usr.sbin/bind/lib/dns/acl.c b/usr.sbin/bind/lib/dns/acl.c
index 40549e667d3..54e2ebcc422 100644
--- a/usr.sbin/bind/lib/dns/acl.c
+++ b/usr.sbin/bind/lib/dns/acl.c
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: acl.c,v 1.3 2019/12/17 01:46:31 sthen Exp $ */
+/* $Id: acl.c,v 1.4 2020/01/07 19:06:07 florian Exp $ */
/*! \file */
@@ -339,14 +339,6 @@ dns_acl_merge(dns_acl_t *dest, dns_acl_t *source, isc_boolean_t pos)
return result;
}
-#ifdef HAVE_GEOIP
- /* Duplicate GeoIP data */
- if (source->elements[i].type == dns_aclelementtype_geoip) {
- dest->elements[nelem + i].geoip_elem =
- source->elements[i].geoip_elem;
- }
-#endif
-
/* reverse sense of positives if this is a negative acl */
if (!pos && source->elements[i].negative == ISC_FALSE) {
dest->elements[nelem + i].negative = ISC_TRUE;
@@ -416,12 +408,6 @@ dns_aclelement_match(const isc_netaddr_t *reqaddr,
inner = env->localnets;
break;
-#ifdef HAVE_GEOIP
- case dns_aclelementtype_geoip:
- if (env == NULL || env->geoip == NULL)
- return (ISC_FALSE);
- return (dns_geoip_match(reqaddr, env->geoip, &e->geoip_elem));
-#endif
default:
/* Should be impossible. */
INSIST(0);
@@ -619,9 +605,6 @@ dns_aclenv_init(isc_mem_t *mctx, dns_aclenv_t *env) {
if (result != ISC_R_SUCCESS)
goto cleanup_localhost;
env->match_mapped = ISC_FALSE;
-#ifdef HAVE_GEOIP
- env->geoip = NULL;
-#endif
return (ISC_R_SUCCESS);
cleanup_localhost:
diff --git a/usr.sbin/bind/lib/dns/geoip.c b/usr.sbin/bind/lib/dns/geoip.c
deleted file mode 100644
index 2c462b2cb3a..00000000000
--- a/usr.sbin/bind/lib/dns/geoip.c
+++ /dev/null
@@ -1,829 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/*! \file */
-
-#include <config.h>
-
-#include <isc/util.h>
-
-#include <isc/mem.h>
-#include <isc/once.h>
-#include <isc/string.h>
-
-#include <dns/acl.h>
-#include <dns/geoip.h>
-
-#include <isc/thread.h>
-#include <math.h>
-#ifndef WIN32
-#include <netinet/in.h>
-#else
-#ifndef _WINSOCKAPI_
-#define _WINSOCKAPI_ /* Prevent inclusion of winsock.h in windows.h */
-#endif
-#include <winsock2.h>
-#endif /* WIN32 */
-#include <dns/log.h>
-
-#ifdef HAVE_GEOIP
-#include <GeoIP.h>
-#include <GeoIPCity.h>
-
-/*
- * This structure preserves state from the previous GeoIP lookup,
- * so that successive lookups for the same data from the same IP
- * address will not require repeated calls into the GeoIP library
- * to look up data in the database. This should improve performance
- * somewhat.
- *
- * For lookups in the City and Region databases, we preserve pointers
- * to the GeoIPRecord and GeoIPregion structures; these will need to be
- * freed by GeoIPRecord_delete() and GeoIPRegion_delete().
- *
- * for lookups in ISP, AS, Org and Domain we prserve a pointer to
- * the returned name; these must be freed by free().
- *
- * For lookups in Country we preserve a pointer to the text of
- * the country code, name, etc (we use a different pointer for this
- * than for the names returned by Org, ISP, etc, because those need
- * to be freed but country lookups do not).
- *
- * For lookups in Netspeed we preserve the returned ID.
- *
- * XXX: Currently this mechanism is only used for IPv4 lookups; the
- * family and addr6 fields are to be used IPv6 is added.
- */
-typedef struct geoip_state {
- isc_uint16_t subtype;
- unsigned int family;
- isc_uint32_t ipnum;
- geoipv6_t ipnum6;
- GeoIPRecord *record;
- GeoIPRegion *region;
- const char *text;
- char *name;
- int id;
- isc_mem_t *mctx;
-} geoip_state_t;
-
-#ifdef ISC_PLATFORM_USETHREADS
-static isc_mutex_t key_mutex;
-static isc_boolean_t state_key_initialized = ISC_FALSE;
-static isc_thread_key_t state_key;
-static isc_once_t mutex_once = ISC_ONCE_INIT;
-static isc_mem_t *state_mctx = NULL;
-
-static void
-key_mutex_init(void) {
- RUNTIME_CHECK(isc_mutex_init(&key_mutex) == ISC_R_SUCCESS);
-}
-
-static void
-free_state(void *arg) {
- geoip_state_t *state = arg;
- if (state != NULL && state->record != NULL)
- GeoIPRecord_delete(state->record);
- if (state != NULL)
- isc_mem_putanddetach(&state->mctx,
- state, sizeof(geoip_state_t));
- isc_thread_key_setspecific(state_key, NULL);
-}
-
-static isc_result_t
-state_key_init(void) {
- isc_result_t result;
-
- result = isc_once_do(&mutex_once, key_mutex_init);
- if (result != ISC_R_SUCCESS)
- return (result);
-
- if (!state_key_initialized) {
- LOCK(&key_mutex);
- if (!state_key_initialized) {
- int ret;
-
- if (state_mctx == NULL)
- result = isc_mem_create2(0, 0, &state_mctx, 0);
- if (result != ISC_R_SUCCESS)
- goto unlock;
- isc_mem_setname(state_mctx, "geoip_state", NULL);
- isc_mem_setdestroycheck(state_mctx, ISC_FALSE);
-
- ret = isc_thread_key_create(&state_key, free_state);
- if (ret == 0)
- state_key_initialized = ISC_TRUE;
- else
- result = ISC_R_FAILURE;
- }
- unlock:
- UNLOCK(&key_mutex);
- }
-
- return (result);
-}
-#else
-static geoip_state_t saved_state;
-#endif
-
-static void
-clean_state(geoip_state_t *state) {
- if (state == NULL)
- return;
-
- if (state->record != NULL) {
- GeoIPRecord_delete(state->record);
- state->record = NULL;
- }
- if (state->region != NULL) {
- GeoIPRegion_delete(state->region);
- state->region = NULL;
- }
- if (state->name != NULL) {
- free (state->name);
- state->name = NULL;
- }
- state->ipnum = 0;
- state->text = NULL;
- state->id = 0;
-}
-
-static isc_result_t
-set_state(unsigned int family, isc_uint32_t ipnum, const geoipv6_t *ipnum6,
- dns_geoip_subtype_t subtype, GeoIPRecord *record,
- GeoIPRegion *region, char *name, const char *text, int id)
-{
- geoip_state_t *state = NULL;
-#ifdef ISC_PLATFORM_USETHREADS
- isc_result_t result;
-
- result = state_key_init();
- if (result != ISC_R_SUCCESS)
- return (result);
-
- state = (geoip_state_t *) isc_thread_key_getspecific(state_key);
- if (state == NULL) {
- state = (geoip_state_t *) isc_mem_get(state_mctx,
- sizeof(geoip_state_t));
- if (state == NULL)
- return (ISC_R_NOMEMORY);
- memset(state, 0, sizeof(*state));
-
- result = isc_thread_key_setspecific(state_key, state);
- if (result != ISC_R_SUCCESS) {
- isc_mem_put(state_mctx, state, sizeof(geoip_state_t));
- return (result);
- }
-
- isc_mem_attach(state_mctx, &state->mctx);
- } else
- clean_state(state);
-#else
- state = &saved_state;
- clean_state(state);
-#endif
-
- if (family == AF_INET) {
- state->ipnum = ipnum;
- } else {
- INSIST(ipnum6 != NULL);
- state->ipnum6 = *ipnum6;
- }
-
- state->family = family;
- state->subtype = subtype;
- state->record = record;
- state->region = region;
- state->name = name;
- state->text = text;
- state->id = id;
-
- return (ISC_R_SUCCESS);
-}
-
-static geoip_state_t *
-get_state_for(unsigned int family, isc_uint32_t ipnum,
- const geoipv6_t *ipnum6)
-{
- geoip_state_t *state;
-
-#ifdef ISC_PLATFORM_USETHREADS
- isc_result_t result;
-
- result = state_key_init();
- if (result != ISC_R_SUCCESS)
- return (NULL);
-
- state = (geoip_state_t *) isc_thread_key_getspecific(state_key);
- if (state == NULL)
- return (NULL);
-#else
- state = &saved_state;
-#endif
-
- if (state->family == family &&
- ((state->family == AF_INET && state->ipnum == ipnum) ||
- (state->family == AF_INET6 && ipnum6 != NULL &&
- memcmp(state->ipnum6.s6_addr, ipnum6->s6_addr, 16) == 0)))
- return (state);
-
- return (NULL);
-}
-
-/*
- * Country lookups are performed if the previous lookup was from a
- * different IP address than the current, or was for a search of a
- * different subtype.
- */
-static const char *
-country_lookup(GeoIP *db, dns_geoip_subtype_t subtype,
- unsigned int family,
- isc_uint32_t ipnum, const geoipv6_t *ipnum6)
-{
- geoip_state_t *prev_state = NULL;
- const char *text = NULL;
-
- REQUIRE(db != NULL);
-
-#ifndef HAVE_GEOIP_V6
- /* no IPv6 support? give up now */
- if (family == AF_INET6)
- return (NULL);
-#endif
-
- prev_state = get_state_for(family, ipnum, ipnum6);
- if (prev_state != NULL && prev_state->subtype == subtype)
- text = prev_state->text;
-
- if (text == NULL) {
- switch (subtype) {
- case dns_geoip_country_code:
- if (family == AF_INET)
- text = GeoIP_country_code_by_ipnum(db, ipnum);
-#ifdef HAVE_GEOIP_V6
- else
- text = GeoIP_country_code_by_ipnum_v6(db,
- *ipnum6);
-#endif
- break;
- case dns_geoip_country_code3:
- if (family == AF_INET)
- text = GeoIP_country_code3_by_ipnum(db, ipnum);
-#ifdef HAVE_GEOIP_V6
- else
- text = GeoIP_country_code3_by_ipnum_v6(db,
- *ipnum6);
-#endif
- break;
- case dns_geoip_country_name:
- if (family == AF_INET)
- text = GeoIP_country_name_by_ipnum(db, ipnum);
-#ifdef HAVE_GEOIP_V6
- else
- text = GeoIP_country_name_by_ipnum_v6(db,
- *ipnum6);
-#endif
- break;
- default:
- INSIST(0);
- }
-
- set_state(family, ipnum, ipnum6, subtype,
- NULL, NULL, NULL, text, 0);
- }
-
- return (text);
-}
-
-static char *
-city_string(GeoIPRecord *record, dns_geoip_subtype_t subtype, int *maxlen) {
- const char *s;
- char *deconst;
-
- REQUIRE(record != NULL);
- REQUIRE(maxlen != NULL);
-
- /* Set '*maxlen' to the maximum length of this subtype, if any */
- switch (subtype) {
- case dns_geoip_city_countrycode:
- case dns_geoip_city_region:
- case dns_geoip_city_continentcode:
- *maxlen = 2;
- break;
-
- case dns_geoip_city_countrycode3:
- *maxlen = 3;
- break;
-
- default:
- /* No fixed length; just use strcasecmp() for comparison */
- *maxlen = 255;
- }
-
- switch (subtype) {
- case dns_geoip_city_countrycode:
- return (record->country_code);
- case dns_geoip_city_countrycode3:
- return (record->country_code3);
- case dns_geoip_city_countryname:
- return (record->country_name);
- case dns_geoip_city_region:
- return (record->region);
- case dns_geoip_city_regionname:
- s = GeoIP_region_name_by_code(record->country_code,
- record->region);
- DE_CONST(s, deconst);
- return (deconst);
- case dns_geoip_city_name:
- return (record->city);
- case dns_geoip_city_postalcode:
- return (record->postal_code);
- case dns_geoip_city_continentcode:
- return (record->continent_code);
- case dns_geoip_city_timezonecode:
- s = GeoIP_time_zone_by_country_and_region(record->country_code,
- record->region);
- DE_CONST(s, deconst);
- return (deconst);
- default:
- INSIST(0);
- }
-}
-
-static isc_boolean_t
-is_city(dns_geoip_subtype_t subtype) {
- switch (subtype) {
- case dns_geoip_city_countrycode:
- case dns_geoip_city_countrycode3:
- case dns_geoip_city_countryname:
- case dns_geoip_city_region:
- case dns_geoip_city_regionname:
- case dns_geoip_city_name:
- case dns_geoip_city_postalcode:
- case dns_geoip_city_continentcode:
- case dns_geoip_city_timezonecode:
- case dns_geoip_city_metrocode:
- case dns_geoip_city_areacode:
- return (ISC_TRUE);
- default:
- return (ISC_FALSE);
- }
-}
-
-/*
- * GeoIPRecord lookups are performed if the previous lookup was
- * from a different IP address than the current, or was for a search
- * outside the City database.
- */
-static GeoIPRecord *
-city_lookup(GeoIP *db, dns_geoip_subtype_t subtype,
- unsigned int family, isc_uint32_t ipnum, const geoipv6_t *ipnum6)
-{
- GeoIPRecord *record = NULL;
- geoip_state_t *prev_state = NULL;
-
- REQUIRE(db != NULL);
-
-#ifndef HAVE_GEOIP_V6
- /* no IPv6 support? give up now */
- if (family == AF_INET6)
- return (NULL);
-#endif
-
- prev_state = get_state_for(family, ipnum, ipnum6);
- if (prev_state != NULL && is_city(prev_state->subtype))
- record = prev_state->record;
-
- if (record == NULL) {
- if (family == AF_INET)
- record = GeoIP_record_by_ipnum(db, ipnum);
-#ifdef HAVE_GEOIP_V6
- else
- record = GeoIP_record_by_ipnum_v6(db, *ipnum6);
-#endif
- if (record == NULL)
- return (NULL);
-
- set_state(family, ipnum, ipnum6, subtype,
- record, NULL, NULL, NULL, 0);
- }
-
- return (record);
-}
-
-static char *
-region_string(GeoIPRegion *region, dns_geoip_subtype_t subtype, int *maxlen) {
- const char *s;
- char *deconst;
-
- REQUIRE(region != NULL);
- REQUIRE(maxlen != NULL);
-
- switch (subtype) {
- case dns_geoip_region_countrycode:
- *maxlen = 2;
- return (region->country_code);
- case dns_geoip_region_code:
- *maxlen = 2;
- return (region->region);
- case dns_geoip_region_name:
- *maxlen = 255;
- s = GeoIP_region_name_by_code(region->country_code,
- region->region);
- DE_CONST(s, deconst);
- return (deconst);
- default:
- INSIST(0);
- }
-}
-
-static isc_boolean_t
-is_region(dns_geoip_subtype_t subtype) {
- switch (subtype) {
- case dns_geoip_region_countrycode:
- case dns_geoip_region_code:
- return (ISC_TRUE);
- default:
- return (ISC_FALSE);
- }
-}
-
-/*
- * GeoIPRegion lookups are performed if the previous lookup was
- * from a different IP address than the current, or was for a search
- * outside the Region database.
- */
-static GeoIPRegion *
-region_lookup(GeoIP *db, dns_geoip_subtype_t subtype, isc_uint32_t ipnum) {
- GeoIPRegion *region = NULL;
- geoip_state_t *prev_state = NULL;
-
- REQUIRE(db != NULL);
-
- prev_state = get_state_for(AF_INET, ipnum, NULL);
- if (prev_state != NULL && is_region(prev_state->subtype))
- region = prev_state->region;
-
- if (region == NULL) {
- region = GeoIP_region_by_ipnum(db, ipnum);
- if (region == NULL)
- return (NULL);
-
- set_state(AF_INET, ipnum, NULL,
- subtype, NULL, region, NULL, NULL, 0);
- }
-
- return (region);
-}
-
-/*
- * ISP, Organization, AS Number and Domain lookups are performed if
- * the previous lookup was from a different IP address than the current,
- * or was for a search of a different subtype.
- */
-static char *
-name_lookup(GeoIP *db, dns_geoip_subtype_t subtype, isc_uint32_t ipnum) {
- char *name = NULL;
- geoip_state_t *prev_state = NULL;
-
- REQUIRE(db != NULL);
-
- prev_state = get_state_for(AF_INET, ipnum, NULL);
- if (prev_state != NULL && prev_state->subtype == subtype)
- name = prev_state->name;
-
- if (name == NULL) {
- name = GeoIP_name_by_ipnum(db, ipnum);
- if (name == NULL)
- return (NULL);
-
- set_state(AF_INET, ipnum, NULL,
- subtype, NULL, NULL, name, NULL, 0);
- }
-
- return (name);
-}
-
-/*
- * Netspeed lookups are performed if the previous lookup was from a
- * different IP address than the current, or was for a search of a
- * different subtype.
- */
-static int
-netspeed_lookup(GeoIP *db, dns_geoip_subtype_t subtype, isc_uint32_t ipnum) {
- geoip_state_t *prev_state = NULL;
- isc_boolean_t found = ISC_FALSE;
- int id = -1;
-
- REQUIRE(db != NULL);
-
- prev_state = get_state_for(AF_INET, ipnum, NULL);
- if (prev_state != NULL && prev_state->subtype == subtype) {
- id = prev_state->id;
- found = ISC_TRUE;
- }
-
- if (!found) {
- id = GeoIP_id_by_ipnum(db, ipnum);
- set_state(AF_INET, ipnum, NULL,
- subtype, NULL, NULL, NULL, NULL, id);
- }
-
- return (id);
-}
-#endif /* HAVE_GEOIP */
-
-#define DB46(addr, geoip, name) \
- ((addr->family == AF_INET) ? (geoip->name##_v4) : (geoip->name##_v6))
-
-#ifdef HAVE_GEOIP
-/*
- * Find the best database to answer a generic subtype
- */
-static dns_geoip_subtype_t
-fix_subtype(const isc_netaddr_t *reqaddr, const dns_geoip_databases_t *geoip,
- dns_geoip_subtype_t subtype)
-{
- dns_geoip_subtype_t ret = subtype;
-
- switch (subtype) {
- case dns_geoip_countrycode:
- if (DB46(reqaddr, geoip, city) != NULL)
- ret = dns_geoip_city_countrycode;
- else if (reqaddr->family == AF_INET && geoip->region != NULL)
- ret = dns_geoip_region_countrycode;
- else if (DB46(reqaddr, geoip, country) != NULL)
- ret = dns_geoip_country_code;
- break;
- case dns_geoip_countrycode3:
- if (DB46(reqaddr, geoip, city) != NULL)
- ret = dns_geoip_city_countrycode3;
- else if (DB46(reqaddr, geoip, country) != NULL)
- ret = dns_geoip_country_code3;
- break;
- case dns_geoip_countryname:
- if (DB46(reqaddr, geoip, city) != NULL)
- ret = dns_geoip_city_countryname;
- else if (DB46(reqaddr, geoip, country) != NULL)
- ret = dns_geoip_country_name;
- break;
- case dns_geoip_region:
- if (DB46(reqaddr, geoip, city) != NULL)
- ret = dns_geoip_city_region;
- else if (reqaddr->family == AF_INET && geoip->region != NULL)
- ret = dns_geoip_region_code;
- break;
- case dns_geoip_regionname:
- if (DB46(reqaddr, geoip, city) != NULL)
- ret = dns_geoip_city_regionname;
- else if (reqaddr->family == AF_INET && geoip->region != NULL)
- ret = dns_geoip_region_name;
- break;
- default:
- break;
- }
-
- return (ret);
-}
-#endif /* HAVE_GEOIP */
-
-isc_boolean_t
-dns_geoip_match(const isc_netaddr_t *reqaddr,
- const dns_geoip_databases_t *geoip,
- const dns_geoip_elem_t *elt)
-{
-#ifndef HAVE_GEOIP
- UNUSED(reqaddr);
- UNUSED(geoip);
- UNUSED(elt);
-
- return (ISC_FALSE);
-#else
- GeoIP *db;
- GeoIPRecord *record;
- GeoIPRegion *region;
- dns_geoip_subtype_t subtype;
- isc_uint32_t ipnum = 0;
- int maxlen = 0, id, family;
- const char *cs;
- char *s;
-#ifdef HAVE_GEOIP_V6
- const geoipv6_t *ipnum6 = NULL;
-#else
- const void *ipnum6 = NULL;
-#endif
-
- INSIST(geoip != NULL);
-
- family = reqaddr->family;
- switch (family) {
- case AF_INET:
- ipnum = ntohl(reqaddr->type.in.s_addr);
- break;
- case AF_INET6:
-#ifdef HAVE_GEOIP_V6
- ipnum6 = &reqaddr->type.in6;
- break;
-#else
- return (ISC_FALSE);
-#endif
- default:
- return (ISC_FALSE);
- }
-
- subtype = fix_subtype(reqaddr, geoip, elt->subtype);
-
- switch (subtype) {
- case dns_geoip_country_code:
- maxlen = 2;
- goto getcountry;
-
- case dns_geoip_country_code3:
- maxlen = 3;
- goto getcountry;
-
- case dns_geoip_country_name:
- maxlen = 255;
- getcountry:
- db = DB46(reqaddr, geoip, country);
- if (db == NULL)
- return (ISC_FALSE);
-
- INSIST(elt->as_string != NULL);
-
- cs = country_lookup(db, subtype, family, ipnum, ipnum6);
- if (cs != NULL && strncasecmp(elt->as_string, cs, maxlen) == 0)
- return (ISC_TRUE);
- break;
-
- case dns_geoip_city_countrycode:
- case dns_geoip_city_countrycode3:
- case dns_geoip_city_countryname:
- case dns_geoip_city_region:
- case dns_geoip_city_regionname:
- case dns_geoip_city_name:
- case dns_geoip_city_postalcode:
- case dns_geoip_city_continentcode:
- case dns_geoip_city_timezonecode:
- INSIST(elt->as_string != NULL);
-
- db = DB46(reqaddr, geoip, city);
- if (db == NULL)
- return (ISC_FALSE);
-
- record = city_lookup(db, subtype, family, ipnum, ipnum6);
- if (record == NULL)
- break;
-
- s = city_string(record, subtype, &maxlen);
- INSIST(maxlen != 0);
- if (s != NULL && strncasecmp(elt->as_string, s, maxlen) == 0)
- return (ISC_TRUE);
- break;
-
- case dns_geoip_city_metrocode:
- db = DB46(reqaddr, geoip, city);
- if (db == NULL)
- return (ISC_FALSE);
-
- record = city_lookup(db, subtype, family, ipnum, ipnum6);
- if (record == NULL)
- break;
-
- if (elt->as_int == record->metro_code)
- return (ISC_TRUE);
- break;
-
- case dns_geoip_city_areacode:
- db = DB46(reqaddr, geoip, city);
- if (db == NULL)
- return (ISC_FALSE);
-
- record = city_lookup(db, subtype, family, ipnum, ipnum6);
- if (record == NULL)
- break;
-
- if (elt->as_int == record->area_code)
- return (ISC_TRUE);
- break;
-
- case dns_geoip_region_countrycode:
- case dns_geoip_region_code:
- case dns_geoip_region_name:
- case dns_geoip_region:
- if (geoip->region == NULL)
- return (ISC_FALSE);
-
- INSIST(elt->as_string != NULL);
-
- /* Region DB is not supported for IPv6 */
- if (family == AF_INET6)
- return (ISC_FALSE);
-
- region = region_lookup(geoip->region, subtype, ipnum);
- if (region == NULL)
- break;
-
- s = region_string(region, subtype, &maxlen);
- INSIST(maxlen != 0);
- if (s != NULL && strncasecmp(elt->as_string, s, maxlen) == 0)
- return (ISC_TRUE);
- break;
-
- case dns_geoip_isp_name:
- db = geoip->isp;
- goto getname;
-
- case dns_geoip_org_name:
- db = geoip->org;
- goto getname;
-
- case dns_geoip_as_asnum:
- db = geoip->as;
- goto getname;
-
- case dns_geoip_domain_name:
- db = geoip->domain;
-
- getname:
- if (db == NULL)
- return (ISC_FALSE);
-
- INSIST(elt->as_string != NULL);
- /* ISP, Org, AS, and Domain are not supported for IPv6 */
- if (family == AF_INET6)
- return (ISC_FALSE);
-
- s = name_lookup(db, subtype, ipnum);
- if (s != NULL) {
- size_t l;
- if (strcasecmp(elt->as_string, s) == 0)
- return (ISC_TRUE);
- if (subtype != dns_geoip_as_asnum)
- break;
- /*
- * Just check if the ASNNNN value matches.
- */
- l = strlen(elt->as_string);
- if (l > 0U && strchr(elt->as_string, ' ') == NULL &&
- strncasecmp(elt->as_string, s, l) == 0 &&
- s[l] == ' ')
- return (ISC_TRUE);
- }
- break;
-
- case dns_geoip_netspeed_id:
- INSIST(geoip->netspeed != NULL);
-
- /* Netspeed DB is not supported for IPv6 */
- if (family == AF_INET6)
- return (ISC_FALSE);
-
- id = netspeed_lookup(geoip->netspeed, subtype, ipnum);
- if (id == elt->as_int)
- return (ISC_TRUE);
- break;
-
- case dns_geoip_countrycode:
- case dns_geoip_countrycode3:
- case dns_geoip_countryname:
- case dns_geoip_regionname:
- /*
- * If these were not remapped by fix_subtype(),
- * the database was unavailable. Always return false.
- */
- break;
-
- default:
- INSIST(0);
- }
-
- return (ISC_FALSE);
-#endif
-}
-
-void
-dns_geoip_shutdown(void) {
-#ifdef HAVE_GEOIP
- GeoIP_cleanup();
-#ifdef ISC_PLATFORM_USETHREADS
- if (state_mctx != NULL)
- isc_mem_detach(&state_mctx);
-#endif
-#else
- return;
-#endif
-}
diff --git a/usr.sbin/bind/lib/dns/include/dns/Makefile.in b/usr.sbin/bind/lib/dns/include/dns/Makefile.in
index 9dbb6319391..ee07ab1faff 100644
--- a/usr.sbin/bind/lib/dns/include/dns/Makefile.in
+++ b/usr.sbin/bind/lib/dns/include/dns/Makefile.in
@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: Makefile.in,v 1.3 2019/12/17 01:46:32 sthen Exp $
+# $Id: Makefile.in,v 1.4 2020/01/07 19:06:07 florian Exp $
srcdir = @srcdir@
VPATH = @srcdir@
@@ -24,7 +24,7 @@ HEADERS = acache.h acl.h adb.h bit.h byaddr.h cache.h callbacks.h cert.h \
client.h clientinfo.h compress.h \
db.h dbiterator.h dbtable.h diff.h dispatch.h \
dlz.h dlz_dlopen.h dns64.h dnssec.h ds.h dsdigest.h \
- ecdb.h events.h fixedname.h forward.h geoip.h iptable.h \
+ ecdb.h events.h fixedname.h forward.h iptable.h \
journal.h keydata.h keyflags.h keytable.h keyvalues.h \
lib.h lookup.h log.h master.h masterdump.h message.h \
name.h ncache.h nsec.h nsec3.h opcode.h order.h \
diff --git a/usr.sbin/bind/lib/dns/include/dns/acl.h b/usr.sbin/bind/lib/dns/include/dns/acl.h
index b8ab58302ee..4f9a306af9d 100644
--- a/usr.sbin/bind/lib/dns/include/dns/acl.h
+++ b/usr.sbin/bind/lib/dns/include/dns/acl.h
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: acl.h,v 1.3 2019/12/17 01:46:32 sthen Exp $ */
+/* $Id: acl.h,v 1.4 2020/01/07 19:06:07 florian Exp $ */
#ifndef DNS_ACL_H
#define DNS_ACL_H 1
@@ -37,17 +37,10 @@
#include <isc/netaddr.h>
#include <isc/refcount.h>
-#ifdef HAVE_GEOIP
-#include <dns/geoip.h>
-#endif
#include <dns/name.h>
#include <dns/types.h>
#include <dns/iptable.h>
-#ifdef HAVE_GEOIP
-#include <GeoIP.h>
-#endif
-
/***
*** Types
***/
@@ -58,9 +51,6 @@ typedef enum {
dns_aclelementtype_nestedacl,
dns_aclelementtype_localhost,
dns_aclelementtype_localnets,
-#ifdef HAVE_GEOIP
- dns_aclelementtype_geoip,
-#endif /* HAVE_GEOIP */
dns_aclelementtype_any
} dns_aclelementtype_t;
@@ -75,9 +65,6 @@ struct dns_aclelement {
dns_aclelementtype_t type;
isc_boolean_t negative;
dns_name_t keyname;
-#ifdef HAVE_GEOIP
- dns_geoip_elem_t geoip_elem;
-#endif /* HAVE_GEOIP */
dns_acl_t *nestedacl;
int node_num;
};
@@ -100,9 +87,6 @@ struct dns_aclenv {
dns_acl_t *localhost;
dns_acl_t *localnets;
isc_boolean_t match_mapped;
-#ifdef HAVE_GEOIP
- dns_geoip_databases_t *geoip;
-#endif
};
#define DNS_ACL_MAGIC ISC_MAGIC('D','a','c','l')
diff --git a/usr.sbin/bind/lib/dns/include/dns/geoip.h b/usr.sbin/bind/lib/dns/include/dns/geoip.h
deleted file mode 100644
index f6769371ebe..00000000000
--- a/usr.sbin/bind/lib/dns/include/dns/geoip.h
+++ /dev/null
@@ -1,119 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-#ifndef DNS_GEOIP_H
-#define DNS_GEOIP_H 1
-
-/*****
- ***** Module Info
- *****/
-
-/*! \file dns/acl.h
- * \brief
- * Address match list handling.
- */
-
-/***
- *** Imports
- ***/
-
-#include <isc/lang.h>
-#include <isc/magic.h>
-#include <isc/netaddr.h>
-#include <isc/refcount.h>
-
-#include <dns/name.h>
-#include <dns/types.h>
-#include <dns/iptable.h>
-
-#ifdef HAVE_GEOIP
-#include <GeoIP.h>
-#else
-typedef void GeoIP;
-#endif
-
-/***
- *** Types
- ***/
-
-typedef enum {
- dns_geoip_countrycode,
- dns_geoip_countrycode3,
- dns_geoip_countryname,
- dns_geoip_region,
- dns_geoip_regionname,
- dns_geoip_country_code,
- dns_geoip_country_code3,
- dns_geoip_country_name,
- dns_geoip_region_countrycode,
- dns_geoip_region_code,
- dns_geoip_region_name,
- dns_geoip_city_countrycode,
- dns_geoip_city_countrycode3,
- dns_geoip_city_countryname,
- dns_geoip_city_region,
- dns_geoip_city_regionname,
- dns_geoip_city_name,
- dns_geoip_city_postalcode,
- dns_geoip_city_metrocode,
- dns_geoip_city_areacode,
- dns_geoip_city_continentcode,
- dns_geoip_city_timezonecode,
- dns_geoip_isp_name,
- dns_geoip_org_name,
- dns_geoip_as_asnum,
- dns_geoip_domain_name,
- dns_geoip_netspeed_id
-} dns_geoip_subtype_t;
-
-typedef struct dns_geoip_elem {
- dns_geoip_subtype_t subtype;
- GeoIP *db;
- union {
- char as_string[256];
- int as_int;
- };
-} dns_geoip_elem_t;
-
-typedef struct dns_geoip_databases {
- GeoIP *country_v4; /* DB 1 */
- GeoIP *city_v4; /* DB 2 or 6 */
- GeoIP *region; /* DB 3 or 7 */
- GeoIP *isp; /* DB 4 */
- GeoIP *org; /* DB 5 */
- GeoIP *as; /* DB 9 */
- GeoIP *netspeed; /* DB 10 */
- GeoIP *domain; /* DB 11 */
- GeoIP *country_v6; /* DB 12 */
- GeoIP *city_v6; /* DB 30 or 31 */
-} dns_geoip_databases_t;
-
-/***
- *** Functions
- ***/
-
-ISC_LANG_BEGINDECLS
-
-isc_boolean_t
-dns_geoip_match(const isc_netaddr_t *reqaddr,
- const dns_geoip_databases_t *geoip,
- const dns_geoip_elem_t *elt);
-
-void
-dns_geoip_shutdown(void);
-
-ISC_LANG_ENDDECLS
-#endif /* DNS_GEOIP_H */
diff --git a/usr.sbin/bind/lib/isccfg/aclconf.c b/usr.sbin/bind/lib/isccfg/aclconf.c
index d90e5398148..aa01b30bbec 100644
--- a/usr.sbin/bind/lib/isccfg/aclconf.c
+++ b/usr.sbin/bind/lib/isccfg/aclconf.c
@@ -29,11 +29,6 @@
#include <dns/fixedname.h>
#include <dns/log.h>
-#ifdef HAVE_GEOIP
-#include <stdlib.h>
-#include <math.h>
-#endif /* HAVE_GEOIP */
-
#define LOOP_MAGIC ISC_MAGIC('L','O','O','P')
isc_result_t
@@ -56,10 +51,6 @@ cfg_aclconfctx_create(isc_mem_t *mctx, cfg_aclconfctx_t **ret) {
isc_mem_attach(mctx, &actx->mctx);
ISC_LIST_INIT(actx->named_acl_cache);
-#ifdef HAVE_GEOIP
- actx->geoip = NULL;
-#endif
-
*ret = actx;
return (ISC_R_SUCCESS);
@@ -262,12 +253,6 @@ count_acl_elements(const cfg_obj_t *caml, const cfg_obj_t *cctx,
n += sub;
if (negative)
n++;
-#ifdef HAVE_GEOIP
- } else if (cfg_obj_istuple(ce) &&
- cfg_obj_isvoid(cfg_tuple_get(ce, "negated")))
- {
- n++;
-#endif /* HAVE_GEOIP */
} else if (cfg_obj_isstring(ce)) {
const char *name = cfg_obj_asstring(ce);
if (strcasecmp(name, "localhost") == 0 ||
@@ -299,322 +284,6 @@ count_acl_elements(const cfg_obj_t *caml, const cfg_obj_t *cctx,
return (ISC_R_SUCCESS);
}
-#ifdef HAVE_GEOIP
-static dns_geoip_subtype_t
-get_subtype(const cfg_obj_t *obj, isc_log_t *lctx,
- dns_geoip_subtype_t subtype, const char *dbname)
-{
- if (dbname == NULL)
- return (subtype);
-
- switch (subtype) {
- case dns_geoip_countrycode:
- if (strcasecmp(dbname, "city") == 0)
- return (dns_geoip_city_countrycode);
- else if (strcasecmp(dbname, "region") == 0)
- return (dns_geoip_region_countrycode);
- else if (strcasecmp(dbname, "country") == 0)
- return (dns_geoip_country_code);
- cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
- "invalid GeoIP DB specified for "
- "country search: ignored");
- return (subtype);
- case dns_geoip_countrycode3:
- if (strcasecmp(dbname, "city") == 0)
- return (dns_geoip_city_countrycode3);
- else if (strcasecmp(dbname, "country") == 0)
- return (dns_geoip_country_code3);
- cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
- "invalid GeoIP DB specified for "
- "country search: ignored");
- return (subtype);
- case dns_geoip_countryname:
- if (strcasecmp(dbname, "city") == 0)
- return (dns_geoip_city_countryname);
- else if (strcasecmp(dbname, "country") == 0)
- return (dns_geoip_country_name);
- cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
- "invalid GeoIP DB specified for "
- "country search: ignored");
- return (subtype);
- case dns_geoip_region:
- if (strcasecmp(dbname, "city") == 0)
- return (dns_geoip_city_region);
- else if (strcasecmp(dbname, "region") == 0)
- return (dns_geoip_region_code);
- cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
- "invalid GeoIP DB specified for "
- "region search: ignored");
- return (subtype);
- case dns_geoip_regionname:
- if (strcasecmp(dbname, "city") == 0)
- return (dns_geoip_city_region);
- else if (strcasecmp(dbname, "region") == 0)
- return (dns_geoip_region_name);
- cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
- "invalid GeoIP DB specified for "
- "region search: ignored");
- return (subtype);
-
- /*
- * Log a warning if the wrong database was specified
- * on an unambiguous query
- */
- case dns_geoip_city_name:
- case dns_geoip_city_postalcode:
- case dns_geoip_city_metrocode:
- case dns_geoip_city_areacode:
- case dns_geoip_city_continentcode:
- case dns_geoip_city_timezonecode:
- if (strcasecmp(dbname, "city") != 0)
- cfg_obj_log(obj, lctx, ISC_LOG_WARNING,
- "invalid GeoIP DB specified for "
- "a 'city'-only search type: ignoring");
- return (subtype);
- case dns_geoip_isp_name:
- if (strcasecmp(dbname, "isp") != 0)
- cfg_obj_log(obj, lctx, ISC_LOG_WARNING,
- "invalid GeoIP DB specified for "
- "an 'isp' search: ignoring");
- return (subtype);
- case dns_geoip_org_name:
- if (strcasecmp(dbname, "org") != 0)
- cfg_obj_log(obj, lctx, ISC_LOG_WARNING,
- "invalid GeoIP DB specified for "
- "an 'org' search: ignoring");
- return (subtype);
- case dns_geoip_as_asnum:
- if (strcasecmp(dbname, "asnum") != 0)
- cfg_obj_log(obj, lctx, ISC_LOG_WARNING,
- "invalid GeoIP DB specified for "
- "an 'asnum' search: ignoring");
- return (subtype);
- case dns_geoip_domain_name:
- if (strcasecmp(dbname, "domain") != 0)
- cfg_obj_log(obj, lctx, ISC_LOG_WARNING,
- "invalid GeoIP DB specified for "
- "a 'domain' search: ignoring");
- return (subtype);
- case dns_geoip_netspeed_id:
- if (strcasecmp(dbname, "netspeed") != 0)
- cfg_obj_log(obj, lctx, ISC_LOG_WARNING,
- "invalid GeoIP DB specified for "
- "a 'netspeed' search: ignoring");
- return (subtype);
- default:
- INSIST(0);
- }
-}
-
-static isc_boolean_t
-geoip_can_answer(dns_aclelement_t *elt, cfg_aclconfctx_t *ctx) {
- if (ctx->geoip == NULL)
- return (ISC_TRUE);
-
- switch (elt->geoip_elem.subtype) {
- case dns_geoip_countrycode:
- case dns_geoip_countrycode3:
- case dns_geoip_countryname:
- if (ctx->geoip->city_v4 != NULL ||
- ctx->geoip->city_v6 != NULL ||
- ctx->geoip->country_v4 != NULL ||
- ctx->geoip->country_v6 != NULL ||
- ctx->geoip->region != NULL)
- return (ISC_TRUE);
- /* FALLTHROUGH */
- case dns_geoip_region:
- case dns_geoip_regionname:
- if (ctx->geoip->city_v4 != NULL ||
- ctx->geoip->city_v6 != NULL ||
- ctx->geoip->region != NULL)
- return (ISC_TRUE);
- /* FALLTHROUGH */
- case dns_geoip_country_code:
- case dns_geoip_country_code3:
- case dns_geoip_country_name:
- if (ctx->geoip->country_v4 != NULL ||
- ctx->geoip->country_v6 != NULL)
- return (ISC_TRUE);
- /* FALLTHROUGH */
- case dns_geoip_region_countrycode:
- case dns_geoip_region_code:
- case dns_geoip_region_name:
- if (ctx->geoip->region != NULL)
- return (ISC_TRUE);
- /* FALLTHROUGH */
- case dns_geoip_city_countrycode:
- case dns_geoip_city_countrycode3:
- case dns_geoip_city_countryname:
- case dns_geoip_city_region:
- case dns_geoip_city_regionname:
- case dns_geoip_city_name:
- case dns_geoip_city_postalcode:
- case dns_geoip_city_metrocode:
- case dns_geoip_city_areacode:
- case dns_geoip_city_continentcode:
- case dns_geoip_city_timezonecode:
- if (ctx->geoip->city_v4 != NULL ||
- ctx->geoip->city_v6 != NULL)
- return (ISC_TRUE);
- /* FALLTHROUGH */
- case dns_geoip_isp_name:
- if (ctx->geoip->isp != NULL)
- return (ISC_TRUE);
- /* FALLTHROUGH */
- case dns_geoip_org_name:
- if (ctx->geoip->org != NULL)
- return (ISC_TRUE);
- /* FALLTHROUGH */
- case dns_geoip_as_asnum:
- if (ctx->geoip->as != NULL)
- return (ISC_TRUE);
- /* FALLTHROUGH */
- case dns_geoip_domain_name:
- if (ctx->geoip->domain != NULL)
- return (ISC_TRUE);
- /* FALLTHROUGH */
- case dns_geoip_netspeed_id:
- if (ctx->geoip->netspeed != NULL)
- return (ISC_TRUE);
- }
-
- return (ISC_FALSE);
-}
-
-static isc_result_t
-parse_geoip_element(const cfg_obj_t *obj, isc_log_t *lctx,
- cfg_aclconfctx_t *ctx, dns_aclelement_t *dep)
-{
- const cfg_obj_t *ge;
- const char *dbname = NULL;
- const char *stype, *search;
- dns_geoip_subtype_t subtype;
- dns_aclelement_t de;
- size_t len;
-
- REQUIRE(dep != NULL);
-
- de = *dep;
-
- ge = cfg_tuple_get(obj, "db");
- if (!cfg_obj_isvoid(ge))
- dbname = cfg_obj_asstring(ge);
-
- stype = cfg_obj_asstring(cfg_tuple_get(obj, "subtype"));
- search = cfg_obj_asstring(cfg_tuple_get(obj, "search"));
- len = strlen(search);
-
- if (len == 0) {
- cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
- "zero-length geoip search field");
- return (ISC_R_FAILURE);
- }
-
- if (strcasecmp(stype, "country") == 0 && len == 2) {
- /* Two-letter country code */
- subtype = dns_geoip_countrycode;
- strlcpy(de.geoip_elem.as_string, search,
- sizeof(de.geoip_elem.as_string));
- } else if (strcasecmp(stype, "country") == 0 && len == 3) {
- /* Three-letter country code */
- subtype = dns_geoip_countrycode3;
- strlcpy(de.geoip_elem.as_string, search,
- sizeof(de.geoip_elem.as_string));
- } else if (strcasecmp(stype, "country") == 0) {
- /* Country name */
- subtype = dns_geoip_countryname;
- strlcpy(de.geoip_elem.as_string, search,
- sizeof(de.geoip_elem.as_string));
- } else if (strcasecmp(stype, "region") == 0 && len == 2) {
- /* Two-letter region code */
- subtype = dns_geoip_region;
- strlcpy(de.geoip_elem.as_string, search,
- sizeof(de.geoip_elem.as_string));
- } else if (strcasecmp(stype, "region") == 0) {
- /* Region name */
- subtype = dns_geoip_regionname;
- strlcpy(de.geoip_elem.as_string, search,
- sizeof(de.geoip_elem.as_string));
- } else if (strcasecmp(stype, "city") == 0) {
- /* City name */
- subtype = dns_geoip_city_name;
- strlcpy(de.geoip_elem.as_string, search,
- sizeof(de.geoip_elem.as_string));
- } else if (strcasecmp(stype, "postal") == 0 ||
- strcasecmp(stype, "postalcode") == 0)
- {
- if (len < 7) {
- subtype = dns_geoip_city_postalcode;
- strlcpy(de.geoip_elem.as_string, search,
- sizeof(de.geoip_elem.as_string));
- } else {
- cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
- "geoiop postal code (%s) too long",
- search);
- return (ISC_R_FAILURE);
- }
- } else if (strcasecmp(stype, "metro") == 0 ||
- strcasecmp(stype, "metrocode") == 0)
- {
- subtype = dns_geoip_city_metrocode;
- de.geoip_elem.as_int = atoi(search);
- } else if (strcasecmp(stype, "area") == 0 ||
- strcasecmp(stype, "areacode") == 0)
- {
- subtype = dns_geoip_city_areacode;
- de.geoip_elem.as_int = atoi(search);
- } else if (strcasecmp(stype, "tz") == 0 ||
- strcasecmp(stype, "timezone") == 0)
- {
- subtype = dns_geoip_city_timezonecode;
- strlcpy(de.geoip_elem.as_string, search,
- sizeof(de.geoip_elem.as_string));
- } else if (strcasecmp(stype, "continent") == 0 && len == 2) {
- /* Two-letter continent code */
- subtype = dns_geoip_city_continentcode;
- strlcpy(de.geoip_elem.as_string, search,
- sizeof(de.geoip_elem.as_string));
- } else if (strcasecmp(stype, "continent") == 0) {
- cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
- "geoiop continent code (%s) too long", search);
- return (ISC_R_FAILURE);
- } else if (strcasecmp(stype, "isp") == 0) {
- subtype = dns_geoip_isp_name;
- strlcpy(de.geoip_elem.as_string, search,
- sizeof(de.geoip_elem.as_string));
- } else if (strcasecmp(stype, "asnum") == 0) {
- subtype = dns_geoip_as_asnum;
- strlcpy(de.geoip_elem.as_string, search,
- sizeof(de.geoip_elem.as_string));
- } else if (strcasecmp(stype, "org") == 0) {
- subtype = dns_geoip_org_name;
- strlcpy(de.geoip_elem.as_string, search,
- sizeof(de.geoip_elem.as_string));
- } else if (strcasecmp(stype, "domain") == 0) {
- subtype = dns_geoip_domain_name;
- strlcpy(de.geoip_elem.as_string, search,
- sizeof(de.geoip_elem.as_string));
- } else if (strcasecmp(stype, "netspeed") == 0) {
- subtype = dns_geoip_netspeed_id;
- de.geoip_elem.as_int = atoi(search);
- } else
- INSIST(0);
-
- de.geoip_elem.subtype = get_subtype(obj, lctx, subtype, dbname);
-
- if (! geoip_can_answer(&de, ctx)) {
- cfg_obj_log(obj, lctx, ISC_LOG_ERROR,
- "no GeoIP database installed which can answer "
- "queries of type '%s'", stype);
- return (ISC_R_FAILURE);
- }
-
- *dep = de;
-
- return (ISC_R_SUCCESS);
-}
-#endif
-
isc_result_t
cfg_acl_fromconfig(const cfg_obj_t *caml, const cfg_obj_t *cctx,
isc_log_t *lctx, cfg_aclconfctx_t *ctx,
@@ -797,17 +466,6 @@ nested_acl:
&de->keyname);
if (result != ISC_R_SUCCESS)
goto cleanup;
-#ifdef HAVE_GEOIP
- } else if (cfg_obj_istuple(ce) &&
- cfg_obj_isvoid(cfg_tuple_get(ce, "negated")))
- {
- INSIST(dacl->length < dacl->alloc);
- result = parse_geoip_element(ce, lctx, ctx, de);
- if (result != ISC_R_SUCCESS)
- goto cleanup;
- de->type = dns_aclelementtype_geoip;
- de->negative = neg;
-#endif /* HAVE_GEOIP */
} else if (cfg_obj_isstring(ce)) {
/* ACL name. */
const char *name = cfg_obj_asstring(ce);
diff --git a/usr.sbin/bind/lib/isccfg/include/isccfg/aclconf.h b/usr.sbin/bind/lib/isccfg/include/isccfg/aclconf.h
index a733653c9cb..6952063c72e 100644
--- a/usr.sbin/bind/lib/isccfg/include/isccfg/aclconf.h
+++ b/usr.sbin/bind/lib/isccfg/include/isccfg/aclconf.h
@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: aclconf.h,v 1.3 2019/12/17 01:46:38 sthen Exp $ */
+/* $Id: aclconf.h,v 1.4 2020/01/07 19:06:07 florian Exp $ */
#ifndef ISCCFG_ACLCONF_H
#define ISCCFG_ACLCONF_H 1
@@ -23,17 +23,11 @@
#include <isccfg/cfg.h>
-#ifdef HAVE_GEOIP
-#include <dns/geoip.h>
-#endif
#include <dns/types.h>
typedef struct cfg_aclconfctx {
ISC_LIST(dns_acl_t) named_acl_cache;
isc_mem_t *mctx;
-#ifdef HAVE_GEOIP
- dns_geoip_databases_t *geoip;
-#endif
isc_refcount_t references;
} cfg_aclconfctx_t;
diff --git a/usr.sbin/bind/lib/isccfg/namedconf.c b/usr.sbin/bind/lib/isccfg/namedconf.c
index ece40659cb7..a12a161c48b 100644
--- a/usr.sbin/bind/lib/isccfg/namedconf.c
+++ b/usr.sbin/bind/lib/isccfg/namedconf.c
@@ -83,17 +83,6 @@ doc_keyvalue(cfg_printer_t *pctx, const cfg_type_t *type);
static void
doc_optional_keyvalue(cfg_printer_t *pctx, const cfg_type_t *type);
-#ifdef HAVE_GEOIP
-static isc_result_t
-parse_geoip(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret);
-
-static void
-print_geoip(cfg_printer_t *pctx, const cfg_obj_t *obj);
-
-static void
-doc_geoip(cfg_printer_t *pctx, const cfg_type_t *type);
-#endif /* HAVE_GEOIP */
-
static cfg_type_t cfg_type_acl;
static cfg_type_t cfg_type_addrmatchelt;
static cfg_type_t cfg_type_bracketed_aml;
@@ -1015,12 +1004,8 @@ options_clauses[] = {
{ "fake-iquery", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "files", &cfg_type_size, 0 },
{ "flush-zones-on-shutdown", &cfg_type_boolean, 0 },
-#ifdef HAVE_GEOIP
- { "geoip-directory", &cfg_type_qstringornone, 0 },
-#else
{ "geoip-directory", &cfg_type_qstringornone,
CFG_CLAUSEFLAG_NOTCONFIGURED },
-#endif /* HAVE_GEOIP */
{ "has-old-clients", &cfg_type_boolean, CFG_CLAUSEFLAG_OBSOLETE },
{ "heartbeat-interval", &cfg_type_uint32, 0 },
{ "host-statistics", &cfg_type_boolean, CFG_CLAUSEFLAG_NOTIMP },
@@ -2324,102 +2309,6 @@ static cfg_type_t cfg_type_optional_keyref = {
doc_optional_keyvalue, &cfg_rep_string, &key_kw
};
-#ifdef HAVE_GEOIP
-/*
- * "geoip" ACL element:
- * geoip [ db <database> ] search-type <string>
- */
-static const char *geoiptype_enums[] = {
- "area", "areacode", "asnum", "city", "continent", "country",
- "country3", "countryname", "domain", "isp", "metro", "metrocode",
- "netspeed", "org", "postal", "postalcode", "region", "regionname",
- "timezone", "tz", NULL
-};
-static cfg_type_t cfg_type_geoiptype = {
- "geoiptype", cfg_parse_enum, cfg_print_ustring,
- cfg_doc_enum, &cfg_rep_string, &geoiptype_enums
-};
-
-static const char *geoipdb_enums[] = {
- "asnum", "city", "country", "domain", "isp", "netspeed",
- "org", "region", NULL
-};
-static cfg_type_t cfg_type_geoipdb = {
- "geoipdb", cfg_parse_enum, cfg_print_ustring,
- cfg_doc_enum, &cfg_rep_string, &geoipdb_enums
-};
-
-static cfg_tuplefielddef_t geoip_fields[] = {
- { "negated", &cfg_type_void, 0 },
- { "db", &cfg_type_geoipdb, 0 },
- { "subtype", &cfg_type_geoiptype, 0 },
- { "search", &cfg_type_astring, 0 },
- { NULL, NULL, 0 }
-};
-
-static cfg_type_t cfg_type_geoip = {
- "geoip", parse_geoip, print_geoip, doc_geoip,
- &cfg_rep_tuple, geoip_fields
-};
-
-static isc_result_t
-parse_geoip(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
- isc_result_t result;
- cfg_obj_t *obj = NULL;
- const cfg_tuplefielddef_t *fields = type->of;
-
- CHECK(cfg_create_tuple(pctx, type, &obj));
- CHECK(cfg_parse_void(pctx, NULL, &obj->value.tuple[0]));
-
- /* Parse the optional "db" field. */
- CHECK(cfg_peektoken(pctx, 0));
- if (pctx->token.type == isc_tokentype_string) {
- CHECK(cfg_gettoken(pctx, 0));
- if (strcasecmp(TOKEN_STRING(pctx), "db") == 0 &&
- obj->value.tuple[1] == NULL) {
- CHECK(cfg_parse_obj(pctx, fields[1].type,
- &obj->value.tuple[1]));
- } else {
- CHECK(cfg_parse_void(pctx, NULL,
- &obj->value.tuple[1]));
- cfg_ungettoken(pctx);
- }
- }
-
- CHECK(cfg_parse_obj(pctx, fields[2].type, &obj->value.tuple[2]));
- CHECK(cfg_parse_obj(pctx, fields[3].type, &obj->value.tuple[3]));
-
- *ret = obj;
- return (ISC_R_SUCCESS);
-
- cleanup:
- CLEANUP_OBJ(obj);
- return (result);
-}
-
-static void
-print_geoip(cfg_printer_t *pctx, const cfg_obj_t *obj) {
- if (obj->value.tuple[1]->type->print != cfg_print_void) {
- cfg_print_cstr(pctx, " db ");
- cfg_print_obj(pctx, obj->value.tuple[1]);
- }
- cfg_print_obj(pctx, obj->value.tuple[2]);
- cfg_print_obj(pctx, obj->value.tuple[3]);
-}
-
-static void
-doc_geoip(cfg_printer_t *pctx, const cfg_type_t *type) {
- UNUSED(type);
- cfg_print_cstr(pctx, "[ db ");
- cfg_doc_enum(pctx, &cfg_type_geoipdb);
- cfg_print_cstr(pctx, " ]");
- cfg_print_chars(pctx, " ", 1);
- cfg_doc_enum(pctx, &cfg_type_geoiptype);
- cfg_print_chars(pctx, " ", 1);
- cfg_print_cstr(pctx, "<quoted_string>");
-}
-#endif /* HAVE_GEOIP */
-
/*%
* A "controls" statement is represented as a map with the multivalued
* "inet" and "unix" clauses.
@@ -2749,14 +2638,9 @@ parse_addrmatchelt(cfg_parser_t *pctx, const cfg_type_t *type,
CHECK(cfg_parse_obj(pctx, &cfg_type_keyref, ret));
} else if (pctx->token.type == isc_tokentype_string &&
(strcasecmp(TOKEN_STRING(pctx), "geoip") == 0)) {
-#ifdef HAVE_GEOIP
- CHECK(cfg_gettoken(pctx, 0));
- CHECK(cfg_parse_obj(pctx, &cfg_type_geoip, ret));
-#else
cfg_parser_error(pctx, CFG_LOG_NEAR, "'geoip' "
"not supported in this build");
return (ISC_R_UNEXPECTEDTOKEN);
-#endif
} else {
if (cfg_lookingat_netaddr(pctx, CFG_ADDR_V4OK |
CFG_ADDR_V4PREFIXOK |