Commit f361e6b2 authored by Daniel Salzman's avatar Daniel Salzman

nameserver: add explicit conf parameter to process_query_acl_check

parent 41d6352f
...@@ -116,7 +116,7 @@ int ns_put_rr(knot_pkt_t *pkt, const knot_rrset_t *rr, ...@@ -116,7 +116,7 @@ int ns_put_rr(knot_pkt_t *pkt, const knot_rrset_t *rr,
/*! \brief Require authentication. */ /*! \brief Require authentication. */
#define NS_NEED_AUTH(qdata, zone_name, action) \ #define NS_NEED_AUTH(qdata, zone_name, action) \
if (!process_query_acl_check((zone_name), (action), (qdata))) { \ if (!process_query_acl_check(conf(), (zone_name), (action), (qdata))) { \
return KNOT_STATE_FAIL; \ return KNOT_STATE_FAIL; \
} else { \ } else { \
if (process_query_verify(qdata) != KNOT_EOK) { \ if (process_query_verify(qdata) != KNOT_EOK) { \
......
...@@ -18,7 +18,6 @@ ...@@ -18,7 +18,6 @@
#include "dnssec/tsig.h" #include "dnssec/tsig.h"
#include "knot/common/log.h" #include "knot/common/log.h"
#include "knot/conf/conf.h"
#include "knot/nameserver/process_query.h" #include "knot/nameserver/process_query.h"
#include "knot/nameserver/query_module.h" #include "knot/nameserver/query_module.h"
#include "knot/nameserver/chaos.h" #include "knot/nameserver/chaos.h"
...@@ -558,8 +557,8 @@ finish: ...@@ -558,8 +557,8 @@ finish:
return next_state; return next_state;
} }
bool process_query_acl_check(const knot_dname_t *zone_name, acl_action_t action, bool process_query_acl_check(conf_t *conf, const knot_dname_t *zone_name,
struct query_data *qdata) acl_action_t action, struct query_data *qdata)
{ {
knot_pkt_t *query = qdata->query; knot_pkt_t *query = qdata->query;
const struct sockaddr_storage *query_source = qdata->param->remote; const struct sockaddr_storage *query_source = qdata->param->remote;
...@@ -577,8 +576,8 @@ bool process_query_acl_check(const knot_dname_t *zone_name, acl_action_t action, ...@@ -577,8 +576,8 @@ bool process_query_acl_check(const knot_dname_t *zone_name, acl_action_t action,
} }
/* Check if authenticated. */ /* Check if authenticated. */
conf_val_t acl = conf_zone_get(conf(), C_ACL, zone_name); conf_val_t acl = conf_zone_get(conf, C_ACL, zone_name);
if (!acl_allowed(&acl, action, query_source, &tsig)) { if (!acl_allowed(conf, &acl, action, query_source, &tsig)) {
char addr_str[SOCKADDR_STRLEN] = { 0 }; char addr_str[SOCKADDR_STRLEN] = { 0 };
sockaddr_tostr(addr_str, sizeof(addr_str), query_source); sockaddr_tostr(addr_str, sizeof(addr_str), query_source);
const knot_lookup_t *act = knot_lookup_by_id((knot_lookup_t *)acl_actions, const knot_lookup_t *act = knot_lookup_by_id((knot_lookup_t *)acl_actions,
......
...@@ -112,13 +112,14 @@ struct rrsig_info { ...@@ -112,13 +112,14 @@ struct rrsig_info {
/*! /*!
* \brief Check current query against ACL. * \brief Check current query against ACL.
* *
* \param conf Configuration.
* \param zone_name Current zone name. * \param zone_name Current zone name.
* \param action ACL action. * \param action ACL action.
* \param qdata Query data. * \param qdata Query data.
* \return true if accepted, false if denied. * \return true if accepted, false if denied.
*/ */
bool process_query_acl_check(const knot_dname_t *zone_name, acl_action_t action, bool process_query_acl_check(conf_t *conf, const knot_dname_t *zone_name,
struct query_data *qdata); acl_action_t action, struct query_data *qdata);
/*! /*!
* \brief Verify current query transaction security and update query data. * \brief Verify current query transaction security and update query data.
......
...@@ -326,10 +326,10 @@ static void forward_requests(conf_t *conf, zone_t *zone, list_t *requests) ...@@ -326,10 +326,10 @@ static void forward_requests(conf_t *conf, zone_t *zone, list_t *requests)
} }
} }
static bool update_tsig_check(struct query_data *qdata, struct knot_request *req) static bool update_tsig_check(conf_t *conf, struct query_data *qdata, struct knot_request *req)
{ {
// Check that ACL is still valid. // Check that ACL is still valid.
if (!process_query_acl_check(qdata->zone->name, ACL_ACTION_UPDATE, qdata)) { if (!process_query_acl_check(conf, qdata->zone->name, ACL_ACTION_UPDATE, qdata)) {
UPDATE_LOG(LOG_WARNING, "ACL check failed"); UPDATE_LOG(LOG_WARNING, "ACL check failed");
knot_wire_set_rcode(req->resp->wire, qdata->rcode); knot_wire_set_rcode(req->resp->wire, qdata->rcode);
return false; return false;
...@@ -419,7 +419,7 @@ static int init_update_responses(conf_t *conf, const zone_t *zone, list_t *updat ...@@ -419,7 +419,7 @@ static int init_update_responses(conf_t *conf, const zone_t *zone, list_t *updat
struct query_data qdata; struct query_data qdata;
init_qdata_from_request(&qdata, zone, req, &param); init_qdata_from_request(&qdata, zone, req, &param);
if (!update_tsig_check(&qdata, req)) { if (!update_tsig_check(conf, &qdata, req)) {
// ACL/TSIG check failed, send response. // ACL/TSIG check failed, send response.
send_update_response(conf, zone, req); send_update_response(conf, zone, req);
// Remove this request from processing list. // Remove this request from processing list.
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment