BIND 10 trac772, updated. bb0f6cff9d043993fe537a9ba2a3c874781f4a1b [trac772] Loading of ACL from configuration
BIND 10 source code commits
bind10-changes at lists.isc.org
Mon Jul 11 12:55:43 UTC 2011
The branch, trac772 has been updated
via bb0f6cff9d043993fe537a9ba2a3c874781f4a1b (commit)
from 3b780b61f6f586c0a6bbe5586f3d0c3e72a57e13 (commit)
Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.
- Log -----------------------------------------------------------------
commit bb0f6cff9d043993fe537a9ba2a3c874781f4a1b
Author: Michal 'vorner' Vaner <michal.vaner at nic.cz>
Date: Mon Jul 11 14:55:26 2011 +0200
[trac772] Loading of ACL from configuration
-----------------------------------------------------------------------
Summary of changes:
src/bin/xfrout/tests/xfrout_test.py.in | 20 ++++++++++++++++++++
src/bin/xfrout/xfrout.py.in | 7 ++++++-
2 files changed, 26 insertions(+), 1 deletions(-)
-----------------------------------------------------------------------
diff --git a/src/bin/xfrout/tests/xfrout_test.py.in b/src/bin/xfrout/tests/xfrout_test.py.in
index d959a96..bb2136c 100644
--- a/src/bin/xfrout/tests/xfrout_test.py.in
+++ b/src/bin/xfrout/tests/xfrout_test.py.in
@@ -541,6 +541,16 @@ class TestUnixSockServer(unittest.TestCase):
socket.AI_NUMERICHOST)[0][4])
self.assertEqual(isc.acl.acl.REJECT, self.unix._acl.execute(context))
+ def check_loaded_ACL(self):
+ context = isc.acl.dns.RequestContext(socket.getaddrinfo("127.0.0.1",
+ 1234, 0, 0, 0,
+ socket.AI_NUMERICHOST)[0][4])
+ self.assertEqual(isc.acl.acl.ACCEPT, self.unix._acl.execute(context))
+ context = isc.acl.dns.RequestContext(socket.getaddrinfo("192.0.2.1",
+ 1234, 0, 0, 0,
+ socket.AI_NUMERICHOST)[0][4])
+ self.assertEqual(isc.acl.acl.REJECT, self.unix._acl.execute(context))
+
def test_updata_config_data(self):
self.check_default_ACL()
tsig_key_str = 'example.com:SFuWd/q99SzF8Yzd1QbB9g=='
@@ -563,6 +573,16 @@ class TestUnixSockServer(unittest.TestCase):
self.assertRaises(None, self.unix.update_config_data(config_data))
self.assertEqual(self.unix.tsig_key_ring.size(), 0)
+ # Load the ACL
+ self.unix.update_config_data({'ACL': [{'from': '127.0.0.1',
+ 'action': 'ACCEPT'}]})
+ self.check_loaded_ACL()
+ # Pass a wrong data there and check it does not replace the old one
+ self.assertRaises(isc.acl.acl.LoaderError,
+ self.unix.update_config_data,
+ {'ACL': ['Something bad']})
+ self.check_loaded_ACL()
+
def test_get_db_file(self):
self.assertEqual(self.unix.get_db_file(), "initdb.file")
diff --git a/src/bin/xfrout/xfrout.py.in b/src/bin/xfrout/xfrout.py.in
index 371c53f..776bfb2 100755
--- a/src/bin/xfrout/xfrout.py.in
+++ b/src/bin/xfrout/xfrout.py.in
@@ -517,6 +517,8 @@ class UnixSockServer(socketserver_mixin.NoPollMixIn, ThreadingUnixStreamServer):
def update_config_data(self, new_config):
'''Apply the new config setting of xfrout module. '''
+ if 'ACL' in new_config:
+ self._acl = load_request_acl(json.dumps(new_config['ACL']))
logger.info(XFROUT_NEW_CONFIG)
self._lock.acquire()
self._max_transfers_out = new_config.get('transfers_out')
@@ -607,7 +609,10 @@ class XfroutServer:
self._config_data[key] = new_config[key]
if self._unix_socket_server:
- self._unix_socket_server.update_config_data(self._config_data)
+ try:
+ self._unix_socket_server.update_config_data(self._config_data)
+ except Exception as e:
+ answer = create_answer(1, "Bad configuration: " + str(e))
return answer
More information about the bind10-changes
mailing list