BIND 10 trac772, updated. 3b780b61f6f586c0a6bbe5586f3d0c3e72a57e13 [trac772] Default ACL
BIND 10 source code commits
bind10-changes at lists.isc.org
Mon Jul 11 12:40:04 UTC 2011
The branch, trac772 has been updated
via 3b780b61f6f586c0a6bbe5586f3d0c3e72a57e13 (commit)
from 1188ca7fd05a8c241e4905d168144ffa5dd29db1 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit 3b780b61f6f586c0a6bbe5586f3d0c3e72a57e13
Author: Michal 'vorner' Vaner <michal.vaner at nic.cz>
Date: Mon Jul 11 14:39:50 2011 +0200
[trac772] Default ACL
-----------------------------------------------------------------------
Summary of changes:
src/bin/xfrout/tests/xfrout_test.py.in | 15 ++++++++++++---
src/bin/xfrout/xfrout.py.in | 11 +++++++++--
2 files changed, 21 insertions(+), 5 deletions(-)
-----------------------------------------------------------------------
diff --git a/src/bin/xfrout/tests/xfrout_test.py.in b/src/bin/xfrout/tests/xfrout_test.py.in
index adabf48..d959a96 100644
--- a/src/bin/xfrout/tests/xfrout_test.py.in
+++ b/src/bin/xfrout/tests/xfrout_test.py.in
@@ -23,6 +23,7 @@ from isc.cc.session import *
from pydnspp import *
from xfrout import *
import xfrout
+import isc.acl.dns
TSIG_KEY = TSIGKey("example.com:SFuWd/q99SzF8Yzd1QbB9g==")
@@ -515,11 +516,10 @@ class MyCCSession():
class MyUnixSockServer(UnixSockServer):
def __init__(self):
- self._lock = threading.Lock()
- self._transfers_counter = 0
self._shutdown_event = threading.Event()
self._max_transfers_out = 10
self._cc = MyCCSession()
+ self._common_init()
#self._log = isc.log.NSLogger('xfrout', '', severity = 'critical', log_to_console = False )
class TestUnixSockServer(unittest.TestCase):
@@ -535,15 +535,24 @@ class TestUnixSockServer(unittest.TestCase):
recv_msg = self.unix._receive_query_message(self.read_sock)
self.assertEqual(recv_msg, send_msg)
+ def check_default_ACL(self):
+ context = isc.acl.dns.RequestContext(socket.getaddrinfo("127.0.0.1",
+ 1234, 0, 0, 0,
+ socket.AI_NUMERICHOST)[0][4])
+ self.assertEqual(isc.acl.acl.REJECT, self.unix._acl.execute(context))
+
def test_updata_config_data(self):
+ self.check_default_ACL()
tsig_key_str = 'example.com:SFuWd/q99SzF8Yzd1QbB9g=='
tsig_key_list = [tsig_key_str]
bad_key_list = ['bad..example.com:SFuWd/q99SzF8Yzd1QbB9g==']
self.unix.update_config_data({'transfers_out':10 })
self.assertEqual(self.unix._max_transfers_out, 10)
self.assertTrue(self.unix.tsig_key_ring is not None)
+ self.check_default_ACL()
- self.unix.update_config_data({'transfers_out':9, 'tsig_key_ring':tsig_key_list})
+ self.unix.update_config_data({'transfers_out':9,
+ 'tsig_key_ring':tsig_key_list})
self.assertEqual(self.unix._max_transfers_out, 9)
self.assertEqual(self.unix.tsig_key_ring.size(), 1)
self.unix.tsig_key_ring.remove(Name("example.com."))
diff --git a/src/bin/xfrout/xfrout.py.in b/src/bin/xfrout/xfrout.py.in
index d949986..371c53f 100755
--- a/src/bin/xfrout/xfrout.py.in
+++ b/src/bin/xfrout/xfrout.py.in
@@ -48,6 +48,9 @@ except ImportError as e:
# must keep running, so we warn about it and move forward.
log.error(XFROUT_IMPORT, str(e))
+from isc.acl.acl import ACCEPT, REJECT, DROP
+from isc.acl.dns import load_request_acl
+
isc.util.process.rename()
def init_paths():
@@ -374,14 +377,18 @@ class UnixSockServer(socketserver_mixin.NoPollMixIn, ThreadingUnixStreamServer):
self._sock_file = sock_file
socketserver_mixin.NoPollMixIn.__init__(self)
ThreadingUnixStreamServer.__init__(self, sock_file, handle_class)
- self._lock = threading.Lock()
- self._transfers_counter = 0
self._shutdown_event = shutdown_event
self._write_sock, self._read_sock = socket.socketpair()
+ self._common_init()
#self._log = log
self.update_config_data(config_data)
self._cc = cc
+ def _common_init(self):
+ self._lock = threading.Lock()
+ self._transfers_counter = 0
+ self._acl = load_request_acl("[]")
+
def _receive_query_message(self, sock):
''' receive request message from sock'''
# receive data length
More information about the bind10-changes
mailing list