| @@ -1,14 +1,14 @@ | | | @@ -1,14 +1,14 @@ |
1 | /* $NetBSD: query.c,v 1.20 2024/02/21 22:52:46 christos Exp $ */ | | 1 | /* $NetBSD: query.c,v 1.21 2024/04/19 12:35:28 christos Exp $ */ |
2 | | | 2 | |
3 | /* | | 3 | /* |
4 | * Copyright (C) Internet Systems Consortium, Inc. ("ISC") | | 4 | * Copyright (C) Internet Systems Consortium, Inc. ("ISC") |
5 | * | | 5 | * |
6 | * SPDX-License-Identifier: MPL-2.0 | | 6 | * SPDX-License-Identifier: MPL-2.0 |
7 | * | | 7 | * |
8 | * This Source Code Form is subject to the terms of the Mozilla Public | | 8 | * This Source Code Form is subject to the terms of the Mozilla Public |
9 | * License, v. 2.0. If a copy of the MPL was not distributed with this | | 9 | * License, v. 2.0. If a copy of the MPL was not distributed with this |
10 | * file, you can obtain one at https://mozilla.org/MPL/2.0/. | | 10 | * file, you can obtain one at https://mozilla.org/MPL/2.0/. |
11 | * | | 11 | * |
12 | * See the COPYRIGHT file distributed with this work for additional | | 12 | * See the COPYRIGHT file distributed with this work for additional |
13 | * information regarding copyright ownership. | | 13 | * information regarding copyright ownership. |
14 | */ | | 14 | */ |
| @@ -899,27 +899,26 @@ query_checkcacheaccess(ns_client_t *clie | | | @@ -899,27 +899,26 @@ query_checkcacheaccess(ns_client_t *clie |
899 | */ | | 899 | */ |
900 | client->query.attributes |= NS_QUERYATTR_CACHEACLOK; | | 900 | client->query.attributes |= NS_QUERYATTR_CACHEACLOK; |
901 | if (log && isc_log_wouldlog(ns_lctx, ISC_LOG_DEBUG(3))) | | 901 | if (log && isc_log_wouldlog(ns_lctx, ISC_LOG_DEBUG(3))) |
902 | { | | 902 | { |
903 | ns_client_aclmsg("query (cache)", name, qtype, | | 903 | ns_client_aclmsg("query (cache)", name, qtype, |
904 | client->view->rdclass, msg, | | 904 | client->view->rdclass, msg, |
905 | sizeof(msg)); | | 905 | sizeof(msg)); |
906 | ns_client_log(client, DNS_LOGCATEGORY_SECURITY, | | 906 | ns_client_log(client, DNS_LOGCATEGORY_SECURITY, |
907 | NS_LOGMODULE_QUERY, | | 907 | NS_LOGMODULE_QUERY, |
908 | ISC_LOG_DEBUG(3), "%s approved", | | 908 | ISC_LOG_DEBUG(3), "%s approved", |
909 | msg); | | 909 | msg); |
910 | } | | 910 | } |
911 | } else { | | 911 | } else { |
912 | pfilter_notify(result, client, "checkcacheaccess"); | | | |
913 | /* | | 912 | /* |
914 | * We were denied by the "allow-query-cache" ACL. | | 913 | * We were denied by the "allow-query-cache" ACL. |
915 | * There is no need to clear NS_QUERYATTR_CACHEACLOK | | 914 | * There is no need to clear NS_QUERYATTR_CACHEACLOK |
916 | * since it is cleared by query_reset(), before query | | 915 | * since it is cleared by query_reset(), before query |
917 | * processing starts. | | 916 | * processing starts. |
918 | */ | | 917 | */ |
919 | ns_client_extendederror(client, DNS_EDE_PROHIBITED, | | 918 | ns_client_extendederror(client, DNS_EDE_PROHIBITED, |
920 | NULL); | | 919 | NULL); |
921 | | | 920 | |
922 | if (log) { | | 921 | if (log) { |
923 | ns_client_aclmsg("query (cache)", name, qtype, | | 922 | ns_client_aclmsg("query (cache)", name, qtype, |
924 | client->view->rdclass, msg, | | 923 | client->view->rdclass, msg, |
925 | sizeof(msg)); | | 924 | sizeof(msg)); |