O.k., I've cleaned it up a lot, and it's now in a happy enough
state for my own use anyway :) It's attached in tar.gz format,
I've also attached a very small patch for NSD which allows
register_data in plugin.c to register data throughout a zone
recursively.
In order to cope with this change, a lot of new logic has been
added to aclc, but the outward changes are minimal.
Changes:
Added NSD.patch and a README for building/using the plugin
Aclc now gives each specified zonename it's own chain of rules,
which includes and rules from parent zones. Aclc also orders
the db so that recursive adding doesnt erase any rules we need.
The README contains better guide to the semantics.
aclc -p now outputs rule numbers for each rule
acl-plugin.so can now be loaded as follows:
-Xacl-plugin.so=/path/to/acl.db[,loglevel]
loglevel can be 1, or 2;
1: log all queries rejected, including the rule number
2: log all queries matched, including the rule number
aclc_lexer.l and aclc_parser.y have been moved into a lexer/
sub-directory, because gmake was trying to be clever and
invoking lex when it wasnt needed.
--
Colm MacC?rthaigh / HEAnet, Teach Brooklawn, / Innealt?ir Ghr?as?in
+353 1 6609040 / B?thar Shelbourne, B?C, IE / http://www.hea.net/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: nsd_acl_plugin.tar.gz
Type: application/octet-stream
Size: 67597 bytes
Desc: not available
URL:
<http://lists.nlnetlabs.nl/pipermail/nsd-users/attachments/20030721/57e7f731/attachment.obj>
-------------- next part --------------
diff -ru nsd-1.2.1/nsd-plugin.h nsd-1.2.1-patched/nsd-plugin.h
--- nsd-1.2.1/nsd-plugin.h Mon Jul 7 10:02:16 2003
+++ nsd-1.2.1/nsd-plugin.h Mon Jul 21 08:42:22 2003
@@ -148,7 +148,8 @@
const struct nsd_plugin_interface *nsd,
nsd_plugin_id_type plugin_id,
const uint8_t * domain_name,
- void * data);
+ void * data,
+ const uint8_t recurse);
};
typedef struct nsd_plugin_interface nsd_plugin_interface_type;
diff -ru nsd-1.2.1/plugins.c nsd-1.2.1-patched/plugins.c
--- nsd-1.2.1/plugins.c Mon Jul 7 10:02:17 2003
+++ nsd-1.2.1/plugins.c Mon Jul 21 08:44:46 2003
@@ -71,7 +71,8 @@
const nsd_plugin_interface_type *nsd,
nsd_plugin_id_type plugin_id,
const uint8_t * domain_name,
- void * data)
+ void * data,
+ const uint8_t recurse)
{
struct domain *d;
@@ -87,6 +88,25 @@
}
plugin_data = (void **) d->runtime_data;
plugin_data[plugin_id] = data;
+
+ if (recurse) {
+ uint8_t dlen , klen;
+ void *key , *key_data;
+
+ dlen = *domain_name;
+
+ HEAP_WALK(nsd->nsd->db->heap, key, key_data) {
+ klen = * (uint8_t *)key;
+
+ if ( ! bcmp( (uint8_t *) key + 1 + (klen - dlen),
+ (uint8_t *) domain_name + 1, klen - dlen) ) {
+ if (register_data(nsd, plugin_id, key, data, 0) == 0) {
+ return 0;
+ }
+ }
+ }
+ }
+
return 1;
} else {
return 0;