=================================================================== RCS file: /src/master/bind/Makefile,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 Makefile --- 1.1.1.1 1995/05/19 00:38:53 +++ Makefile 1995/05/26 23:58:45 @@ -1,7 +1,7 @@ # Makefile for BIND>=4.9 top level # vixie@decwrl December, 1992 [original] # -# $Id: Makefile,v 1.1.1.1 1995/05/19 00:38:53 seth Exp $ +# $Id: Makefile,v 1.3 1995/05/26 23:58:45 seth Exp $ ## ++Copyright++ 1989 ## - @@ -156,22 +156,48 @@ #(bsdinstall.sh is in conf/) #(sunos4.x) -#CC = /usr/bin/cc $(CPPFLAGS) -#CPPFLAGS = -DSUNOS4 +CC = gcc $(CPPFLAGS) +## SUNOS +CPPFLAGS = -DSUNOS4 +## SOLARIS +#CPPFLAGS = -DSVR4 -D_SYS_STREAM_H +## IRIX +#CPPFLAGS = -D__STDC__ -D_BSD_SIGNALS -DSIG_FN=void -D__BIT_TYPES_DEFINED__ +## END #INDOT = in. #XFER_INDOT = in. -#LEX = lex +LEX = flex +## SUNOS +STATIC=-static +LIBS = -ll +## SOLARIS +#LIBS = -ll -lsocket -lnsl +#LDS = : +#RANLIB = : +##IRIX #LIBS = -ll +#LDS = : +#RANLIB = : +## END #(add "-ldl" to LIBS if your links fail with "dlopen" problems. this indicates # that your libc.so file is screwed up, but it's easier to fix this than that.) -#PIDDIR = /etc -#DESTSBIN = /usr/etc -#DESTEXEC = /usr/etc -#DESTHELP = /usr/lib -#COMPINCL = compat/include +PIDDIR = /etc +DESTSBIN = /var/private/bin +DESTEXEC = /var/private/bin +DESTBIN = /usr/local/bin +DESTMAN = /usr/local/man +DESTHELP = /usr/local/lib +## SUNOS +DESTINC = /usr/include +DESTLIB = /usr/lib +## SOLARIS/IRIX +#DESTINC = /usr/local/include +#DESTLIB = /usr/local/lib +## END +COMPINCL = compat/include #CATEXT = $$$$N -#INSTALL_COMPAT = install-compat -#INSTALL = install +INSTALL_COMPAT = install-compat +INSTALL = install # for details on shared library building, see shres/INSTALL #uncomment next line to build a shared library version of libresolv #SHRES = shres @@ -466,7 +492,7 @@ "DESTDIR=${DESTDIR}" "DESTMAN=${DESTMAN}" "INSTALL=${INSTALL}" \ CATEXT='${CATEXT}' MANDIR='${MANDIR}' MANROFF='${MANROFF}' -MARGS = "VER=${VER}" "CC=${CC}" "CDEBUG=${CDEBUG}" "LIBS=${LIBS}" \ +MARGS = "VER=${VER}" "CC=${CC}" "CDEBUG=${CDEBUG}" "LIBS=${LIBS}" "STATIC=${STATIC}" \ "INCL=../${INCL}" "RES=../${RES}" "LEX=${LEX}" "LDFLAGS=${LDFLAGS}" \ "PIDDIR=${PIDDIR}" "DESTBIN=${DESTBIN}" "DESTSBIN=${DESTSBIN}" \ "DESTEXEC=${DESTEXEC}" "COMPINCL=../${COMPINCL}" \ =================================================================== RCS file: /src/master/bind/conf/options.h,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 options.h --- 1.1.1.1 1995/05/19 00:39:56 +++ options.h 1995/05/19 02:30:59 @@ -1,7 +1,7 @@ /* options.h - specify the conditionally-compiled features * vix 28mar92 [moved out of the Makefile because they were getting too big] * - * $Id: options.h,v 1.1.1.1 1995/05/19 00:39:56 seth Exp $ + * $Id: options.h,v 1.2 1995/05/19 02:30:59 seth Exp $ */ /* @@ -77,7 +77,7 @@ #define DEBUG /* enable -d flag and SIGUSR[12] support (ucb) */ /*#define ALLOW_T_UNSPEC /* enable the "unspec" RR type for old athena (ucb) */ -/*#define INVQ /* enable inverse queries (nslookup) (ucb/vix) */ +#define INVQ /* enable inverse queries (nslookup) (ucb/vix) */ /*#define DSTORAGE /* debug malloc overruns using storage.o (ucb/vix) */ /*#define DMALLOC /* trace malloc orphans using dmalloc.o (vix) */ #define XFRNETS /* enable "xfrnets" command in named.boot (vix) */ @@ -92,7 +92,7 @@ #define FORCED_RELOAD /* refresh secondary zones on SIGHUP (pma) */ #define SLAVE_FORWARD /* use sensible timeouts on slave forwarders (pma) */ #define WANT_PIDFILE /* if you want the named.pid file (ucb/arc) */ -#define DOTTED_SERIAL /* if you want to be able to specify dotted serial#s */ +/*#define DOTTED_SERIAL /* if you want to be able to specify dotted serial#s */ /*#define SENSIBLE_DOTS /* if you want dotted serial#s to make numeric sense */ #define NCACHE /* negative caching (anant@isi.edu) */ /*#define VALIDATE /* validation procedure (anant@isi.edu) (DO NOT USE!)*/ @@ -117,6 +117,9 @@ #define XSTATS /* extended statistics, syslogged periodically (bg) */ /*#define BIND_NOTIFY /* experimental - do not enable in customer products */ /*#define LOC_RR /* support for (draft) LOC record parsing (ckd) */ +#define NS_PORT /* Allow selection of NS port via config file */ +#define SECURENETS /* Only allow queries from secure networks */ +#define SUNSECURITY /* Perform forward/reverse lookup matches */ /*--------------------------------------------* * no user-servicable parts beyond this point * =================================================================== RCS file: /src/master/bind/conf/portability.h,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 portability.h --- 1.1.1.1 1995/05/19 00:39:56 +++ portability.h 1995/05/19 02:31:00 @@ -1,7 +1,7 @@ /* portability.h - include or define things that aren't present on all systems * vixie@decwrl 26dec92 [new] * - * $Id: portability.h,v 1.1.1.1 1995/05/19 00:39:56 seth Exp $ + * $Id: portability.h,v 1.2 1995/05/19 02:31:00 seth Exp $ */ /* @@ -153,8 +153,8 @@ # define HAVE_DAEMON #endif -#if !defined(BSD) || (BSD <= 199006) -# if !defined(NeXT) +#if ( !defined(BSD) || (BSD <= 199006) ) +# if !defined(NeXT) && ! (defined(__sun__) && defined(__svr4__)) # define NEED_INETADDR # endif # define NEED_INETATON =================================================================== RCS file: /src/master/bind/named/Makefile,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 Makefile --- 1.1.1.1 1995/05/19 00:39:39 +++ Makefile 1995/05/26 23:59:23 @@ -1,6 +1,6 @@ # # @(#)Makefile.dist 5.4 (Berkeley) 8/15/90 -# $Id: Makefile,v 1.1.1.1 1995/05/19 00:39:39 seth Exp $ +# $Id: Makefile,v 1.3 1995/05/26 23:59:23 seth Exp $ # ## ++Copyright++ 1987, 1988, 1990 @@ -99,11 +99,13 @@ SRCS= db_dump.c db_load.c db_lookup.c db_reload.c db_save.c db_update.c \ db_secure.c db_glue.c \ ns_forw.c ns_init.c ns_main.c ns_maint.c ns_req.c ns_resp.c \ + ns_securenets.c \ ns_sort.c ns_stats.c ns_validate.c ns_ncache.c \ storage.c dmalloc.c tree.c OBJS= db_dump.o db_load.o db_lookup.o db_reload.o db_save.o db_update.o \ db_secure.o db_glue.o \ ns_forw.o ns_init.o ns_main.o ns_maint.o ns_req.o ns_resp.o \ + ns_securenets.o \ ns_sort.o ns_stats.o ns_validate.o ns_ncache.o \ storage.o dmalloc.o tree.o XFERSRCS= named-xfer.c db_glue.c @@ -112,7 +114,7 @@ all: named named-xfer named.reload named.restart ndc named: ${OBJS} ${RES} ${COMPLIB} version.o - ${CC} ${CDEBUG} ${LDFLAGS} -o $@ version.o ${OBJS} \ + ${CC} $(STATIC) ${CDEBUG} ${LDFLAGS} -o $@ version.o ${OBJS} \ ${RES} ${COMPLIB} ${LIBS} version.o: version.c @@ -146,7 +148,7 @@ chmod +x ndc named-xfer: ${XFEROBJ} ${RES} ${COMPLIB} - ${CC} ${CDEBUG} ${LDFLAGS} -o $@ ${XFEROBJ} \ + ${CC} $(STATIC) ${CDEBUG} ${LDFLAGS} -o $@ ${XFEROBJ} \ ${RES} ${COMPLIB} ${LIBS} centerline_named: =================================================================== RCS file: /src/master/bind/named/ns_forw.c,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 ns_forw.c --- 1.1.1.1 1995/05/19 00:39:43 +++ ns_forw.c 1995/05/19 02:31:06 @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static char sccsid[] = "@(#)ns_forw.c 4.32 (Berkeley) 3/3/91"; -static char rcsid[] = "$Id: ns_forw.c,v 1.1.1.1 1995/05/19 00:39:43 seth Exp $"; +static char rcsid[] = "$Id: ns_forw.c,v 1.2 1995/05/19 02:31:06 seth Exp $"; #endif /* not lint */ /* @@ -71,6 +71,8 @@ #include "named.h" +extern u_int16_t local_ns_port; /* out service port */ + /* * Forward the query to get the answer since its not in the database. * Returns FW_OK if a request struct is allocated and the query sent. @@ -190,8 +192,10 @@ } /* struct qdatagram * - * aIsUs(addr) + * aIsUs(addr,checkport) * scan the datagramq (our list of interface addresses) for "addr" + * If checkport, check to see what port we are bound to and only + * worry about scanning if the source and dest port is the same * returns: * pointer to qdatagram entry or NULL if no match is found * notes: @@ -200,11 +204,15 @@ * Paul Vixie (DECWRL) April 1991 */ struct qdatagram * -aIsUs(addr) +aIsUs(addr, checkport) struct in_addr addr; + int checkport; { struct qdatagram *dqp; + if (checkport && ns_port != local_ns_port) + return NULL; + for (dqp = datagramq; dqp != QDATAGRAM_NULL; dqp = dqp->dq_next) { if (addr.s_addr == dqp->dq_addr.s_addr) { return dqp; @@ -427,7 +435,7 @@ * (originally done in nsContainsUs by vix@dec mar92; * moved into nslookup by apb@und jan1993) */ - if (aIsUs(nsa)) { + if (aIsUs(nsa,1)) { static char *complaint = "contains our address"; nslookupComplain(sysloginfo, syslogdname, complaint, dname, dp); =================================================================== RCS file: /src/master/bind/named/ns_func.h,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 ns_func.h --- 1.1.1.1 1995/05/19 00:39:44 +++ ns_func.h 1995/05/19 02:31:08 @@ -1,6 +1,6 @@ /* ns_func.h - declarations for ns_*.c's externally visible functions * - * $Id: ns_func.h,v 1.1.1.1 1995/05/19 00:39:44 seth Exp $ + * $Id: ns_func.h,v 1.2 1995/05/19 02:31:08 seth Exp $ */ /* ++from ns_resp.c++ */ @@ -60,7 +60,7 @@ const char *syslogdname, const char *sysloginfo)), qcomp __P((struct qserv *, struct qserv *)); -extern struct qdatagram *aIsUs __P((struct in_addr)); +extern struct qdatagram *aIsUs __P((struct in_addr, int checkport)); extern void nslookupComplain __P((const char *, const char *, const char *, const char *, const struct databuf *)), @@ -152,3 +152,10 @@ extern void store_name_addr __P((char *, struct in_addr *, char *, char *)); /* --from ns_validate.c-- */ +#ifdef SECURENETS +/* -- from ns_securenets.c -- Michael */ +#include "ns_securenets.h" +int host_is_valid __P((char *, VMaskNetPNTR)); +VMaskNetPNTR init_securenets __P((char *)); +/* ++ from ns_securenets.c ++ Michael*/ +#endif /*SECURENETS*/ =================================================================== RCS file: /src/master/bind/named/ns_init.c,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 ns_init.c --- 1.1.1.1 1995/05/19 00:39:43 +++ ns_init.c 1995/05/19 02:31:09 @@ -765,7 +765,7 @@ continue; } #ifdef FWD_LOOP - if (aIsUs(ftp->fwdaddr.sin_addr)) { + if (aIsUs(ftp->fwdaddr.sin_addr,1)) { syslog(LOG_ERR, "Forwarder '%s' ignored, my address", buf); =================================================================== RCS file: /src/master/bind/named/ns_main.c,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 ns_main.c --- 1.1.1.1 1995/05/19 00:39:43 +++ ns_main.c 1995/05/19 02:31:11 @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static char sccsid[] = "@(#)ns_main.c 4.55 (Berkeley) 7/1/91"; -static char rcsid[] = "$Id: ns_main.c,v 1.1.1.1 1995/05/19 00:39:43 seth Exp $"; +static char rcsid[] = "$Id: ns_main.c,v 1.2 1995/05/19 02:31:11 seth Exp $"; #endif /* not lint */ /* @@ -116,7 +116,7 @@ static const int rbufsize = 8 * 1024; static struct sockaddr_in nsaddr; -static u_int16_t local_ns_port; /* our service port */ +u_int16_t local_ns_port; /* our service port */ static fd_set mask; /* open descriptors */ static char **Argv = NULL; static char *LastArg = NULL; /* end of argv */ @@ -148,8 +148,13 @@ static void usage() { +#ifdef SECURENETS + fprintf(stderr, +"Usage: named [-d #] [-q] [-r] [-p port[/localport]] [[-b] bootfile] [-s securenets]\n"); +#else /*SECURENETS*/ fprintf(stderr, "Usage: named [-d #] [-q] [-r] [-p port[/localport]] [[-b] bootfile]\n"); +#endif /*SECURENETS*/ exit(1); } @@ -170,6 +175,10 @@ int rfd, size; time_t lasttime, maxctime; u_char buf[BUFSIZ]; +#ifdef SECURENETS + char *snets_file = NULL; + VMaskNetPNTR SNet_PTR = NULL; +#endif /*SECURENETS*/ #ifndef SYSV struct sigvec vec; #endif @@ -270,6 +279,14 @@ NoRecurse = 1; break; +#ifdef SECURENETS + case 's': + if (--argc <= 0) { + usage(); + } + snets_file = savestr(*++argv); + break; +#endif /*SECURENETS*/ default: usage(); } @@ -405,6 +422,19 @@ buildservicelist(); buildprotolist(); ns_init(bootfile); +#ifdef SECURENETS + /* + * If DEFINED get the a pointer to the + * linked-list of secure networks. + */ + SNet_PTR = init_securenets(snets_file); + if (SNet_PTR == NULL) { + syslog(LOG_ERR, "missing securenets file: %m"); + fprintf(stderr, "missing securenets file\n"); + exit(1); + } +#endif /*SECURENETS*/ + #ifdef DEBUG if (debug) { fprintf(ddt, "Network and sort list:\n"); @@ -657,6 +687,21 @@ if (n == 0) break; gettime(&tt); + +#ifdef SECURENETS + /* + * Test to see if this datagram came + * from a secure network. + */ + if (!host_is_valid(inet_ntoa(from_addr.sin_addr), + SNet_PTR)) { + syslog(LOG_INFO, "invalid query host: %s", + inet_ntoa(from_addr.sin_addr)); + udpcnt = 25; + break; + } +#endif /*SECURENETS*/ + dprintf(1, (ddt, "\ndatagram from [%s].%d, fd %d, len %d; now %s", inet_ntoa(from_addr.sin_addr), @@ -761,6 +806,20 @@ (void) my_close(rfd); continue; } + +#ifdef SECURENETS + /* + * Test to see if this TCP/IP connection + * from a secure network. + */ + if (!host_is_valid(inet_ntoa(from_addr.sin_addr), + SNet_PTR)) { + syslog(LOG_INFO, "invalid query host: %s", + inet_ntoa(from_addr.sin_addr)); + continue; + } +#endif /*SECURENETS*/ + sp->s_rfd = rfd; /* stream file descriptor */ sp->s_size = -1; /* amount of data to receive */ gettime(&tt); @@ -952,7 +1011,7 @@ * the local address may appear more than once. */ if (dqp = aIsUs(((struct sockaddr_in *)&ifreq.ifr_addr) - ->sin_addr)) { + ->sin_addr,0)) { dprintf(1, (ddt, "dup interface address %s on %s\n", inet_ntoa(((struct sockaddr_in *) =================================================================== RCS file: /src/master/bind/named/ns_maint.c,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 ns_maint.c --- 1.1.1.1 1995/05/19 00:39:45 +++ ns_maint.c 1995/05/19 02:31:13 @@ -1,6 +1,6 @@ #if !defined(lint) && !defined(SABER) static char sccsid[] = "@(#)ns_maint.c 4.39 (Berkeley) 3/2/91"; -static char rcsid[] = "$Id: ns_maint.c,v 1.1.1.1 1995/05/19 00:39:45 seth Exp $"; +static char rcsid[] = "$Id: ns_maint.c,v 1.2 1995/05/19 02:31:13 seth Exp $"; #endif /* not lint */ /* @@ -414,7 +414,7 @@ struct in_addr a; a = zp->z_addr[cnt]; - if (aIsUs(a) + if (aIsUs(a,1) && !haveComplained(zp->z_origin, (char*)startxfer)) { syslog(LOG_ERR, =================================================================== RCS file: /src/master/bind/res/res_init.c,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 res_init.c --- 1.1.1.1 1995/05/19 00:39:50 +++ res_init.c 1995/05/19 02:31:16 @@ -55,7 +55,7 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)res_init.c 8.1 (Berkeley) 6/7/93"; -static char rcsid[] = "$Id: res_init.c,v 1.1.1.1 1995/05/19 00:39:50 seth Exp $"; +static char rcsid[] = "$Id: res_init.c,v 1.2 1995/05/19 02:31:16 seth Exp $"; #endif /* LIBC_SCCS and not lint */ #include @@ -293,15 +293,54 @@ /* read nameservers to query */ if (MATCH(buf, "nameserver") && nserv < MAXNS) { struct in_addr a; +#ifdef NS_PORT + char *hack; +#endif /*NS_PORT*/ cp = buf + sizeof("nameserver") - 1; +#ifdef NS_PORT + /* + * XXX - VERY BAD IDEA COMING UP! + * + * We want to encode the port number into the + * nameserver line--however this is non-trivial + * because of inet_aton(). + * + * We could use a feature(?) of a particular + * version of inet_aton(), but it seems slightly + * better to encode the data in a manner which + * will be more portable, but also more ugly. + * Specifically, we will convert all tabs to + * spaces in this line, then we will convert '/' + * (the NS/port seperator) to tabs. Then we can + * simply look for tabs after each NS and assume + * that a port number follows. + * + * Told you it was a bad idea :-( + */ + for(hack=cp;*hack;hack++) + { + if (*hack == '\t') *hack = ' '; + if (*hack == '/') *hack = '\t'; + } +#endif /*NS_PORT*/ + while (*cp == ' ' || *cp == '\t') cp++; if ((*cp != '\0') && (*cp != '\n') && inet_aton(cp, &a)) { _res.nsaddr_list[nserv].sin_addr = a; _res.nsaddr_list[nserv].sin_family = AF_INET; - _res.nsaddr_list[nserv].sin_port = - htons(NAMESERVER_PORT); +#ifdef NS_PORT + if ((hack = strchr(cp,'\t')) != NULL) { + _res.nsaddr_list[nserv].sin_port = + htons(atoi(hack+1)); + } else { +#endif /*NS_PORT*/ + _res.nsaddr_list[nserv].sin_port = + htons(NAMESERVER_PORT); +#ifdef NS_PORT + } +#endif /*NS_PORT*/ nserv++; } continue; =================================================================== RCS file: /src/master/bind/res/res_send.c,v retrieving revision 1.1.1.1 diff -u -r1.1.1.1 res_send.c --- 1.1.1.1 1995/05/19 00:39:51 +++ res_send.c 1995/05/19 02:31:19 @@ -55,7 +55,7 @@ #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)res_send.c 8.1 (Berkeley) 6/4/93"; -static char rcsid[] = "$Id: res_send.c,v 1.1.1.1 1995/05/19 00:39:51 seth Exp $"; +static char rcsid[] = "$Id: res_send.c,v 1.2 1995/05/19 02:31:19 seth Exp $"; #endif /* LIBC_SCCS and not lint */ /* change this to "0" @@ -342,9 +342,15 @@ } while (!done); } +#ifdef NS_PORT + Dprint(_res.options & RES_DEBUG, + (stdout, ";; Querying server (# %d) address = %s/%d\n", + ns+1, inet_ntoa(nsap->sin_addr),nsap->sin_port)); +#else /*NS_PORT*/ Dprint(_res.options & RES_DEBUG, (stdout, ";; Querying server (# %d) address = %s\n", ns + 1, inet_ntoa(nsap->sin_addr))); +#endif /*NS_PORT*/ if (v_circuit) { int truncated; --- /dev/null Fri May 26 19:59:27 1995 +++ named/ns_securenets.c Fri May 26 19:59:25 1995 @@ -0,0 +1,182 @@ +#include +#include +#include +#include +#include +#include +#include + +#include "named.h" + +#ifdef SECURENETS + +#ifndef TRUE +#define TRUE 1 +#endif + +#ifndef FALSE +#define FALSE 0 +#endif + +VMaskNetPNTR init_securenets(filename) +char *filename; +{ + char line[SZ_1K]; + char network[SZ_32B], netmask[SZ_32B]; + char *snet_filename; + VMaskNetPNTR tmp_ptr, Anchor_ptr = NULL, vmn_ptr = NULL; + FILE *securenet_file = NULL; + + bzero(line, SZ_1K); + + if (filename == NULL) { + snet_filename = DEFAULT_SECURENET_FILE; + } else { + snet_filename = filename; + } + + if ((securenet_file = fopen(snet_filename, "r")) == NULL) { + syslog(LOG_ALERT, "named: Cannot open %s (%m)\n", filename); + exit(2); + } + + while (fgets(line, SZ_1K, securenet_file) > 0) { + if (line[0] == COMMENT_CH || strlen(line) == 0) { + continue; + } + bzero(network, SZ_32B); + bzero(netmask, SZ_32B); + if (!split(line, netmask, network)) { + syslog(LOG_ALERT, + "named: Cannot understand this line, %s, in %s (%m)\n", + line, filename); + exit(2); + } + if (validFormat(netmask) && validFormat(network)) { + /* + * Allocate a node for the unary linked list. + */ + if((tmp_ptr = (VMaskNetPNTR)malloc(sizeof(VMaskNetNODE))) == NULL) { + fprintf(stderr, "named: malloc failed"); + exit(2); + } + if (vmn_ptr == NULL) { + /* + * Assign the netmask and the network addr. to + * the first node. + */ + Anchor_ptr = vmn_ptr = tmp_ptr; + Anchor_ptr->netmask = strdup(netmask); + Anchor_ptr->network = strdup(network); + Anchor_ptr->next = NULL; + } else { + /* + * Populate the current node. + */ + tmp_ptr->netmask = strdup(netmask); + tmp_ptr->network = strdup(network); + tmp_ptr->next = NULL; + /* + * Glue the current node to a previous one. + */ + vmn_ptr->next = tmp_ptr; + vmn_ptr = tmp_ptr; + } +#if SECURENETS_DEBUG + /* + * fix and test DEBUG + */ + vmn_ptr = ptr; + fprintf(ddt, "Securenets: netmask network\n"); + while (vmn_ptr != NULL) { + fprintf(ddt,"Securenets: %s %s\n", + vmn_ptr->netmask, nvm_ptr->network); + } +#endif + bzero(line, SZ_1K); + } + } + return Anchor_ptr; +} + +static int validFormat(addr) +char *addr; +{ + int i_elem, cnt = 0; + char *s_elem; + char *test_addr; + + if (addr == NULL) { + return FALSE; + } + + test_addr = strdup(addr); + while ((s_elem = strtok(test_addr, STRDOT)) != NULL) { + i_elem = atoi(s_elem); + if (i_elem >= 0 && i_elem <= 255) { + cnt++; + } else { + break; + } + if (cnt == 1) { + test_addr = NULL; + } + } + + if (cnt != IP_ELEMS) { + return FALSE; + } else { + return TRUE; + } +} + +static int split(line, elem1, elem2) +char *line, *elem1, *elem2; +{ + char *tmp_elem; + char *tmp_line; + + tmp_line = strdup(line); + + while ((tmp_elem = strtok(tmp_line, WHITESPACE)) != NULL) { + if (elem1[0] == '\0') { + strcpy(elem1, tmp_elem); + tmp_line = NULL; + } else { + strcpy(elem2, tmp_elem); + } + } + + if (elem1 == NULL || elem2 == NULL) { + return FALSE; + } else { + return TRUE; + } +} + +int host_is_valid(from_addr, snet_ptr) +char *from_addr; VMaskNetPNTR snet_ptr; +{ + unsigned long f_addr, network, netmask; + long res; + int ret_value = FALSE; + VMaskNetPNTR cur_ptr = snet_ptr; + + if (!snet_ptr) + return(TRUE); + + f_addr = inet_addr(from_addr); + + while (cur_ptr != NULL) { + netmask = inet_network(cur_ptr->netmask); + network = inet_network(cur_ptr->network); + if (network == (f_addr & netmask)) { + ret_value = TRUE; + break; + } + cur_ptr = cur_ptr->next; + } + return ret_value; +} + +#endif /*SECURENETS*/ --- /dev/null Fri May 26 19:59:27 1995 +++ named/ns_securenets.h Fri May 26 19:59:27 1995 @@ -0,0 +1,19 @@ +#ifdef SECURENETS + +#define SZ_1K 1024 +#define SZ_32B 32 +#define COMMENT_CH '#' +#define WHITESPACE " \t" +#define STRDOT "." +#define IP_ELEMS 4 +#define DEFAULT_SECURENET_FILE "/etc/SecureDNSnets" + +typedef struct valid_msknet_list { + char *netmask; + char *network; + struct valid_msknet_list *next; +} VMaskNetNODE, *VMaskNetPNTR; + +static int split(); +static int validFormat(); +#endif /*SECURENETS*/