BIND 10 trac997, updated. 463a593e465643f157fe806b3fe826b6ed593750 [trac997] Some interface of ACL

BIND 10 source code commits bind10-changes at lists.isc.org
Fri Jun 10 14:37:14 UTC 2011


The branch, trac997 has been updated
       via  463a593e465643f157fe806b3fe826b6ed593750 (commit)
       via  6c92dafaffbb0c1ff83ffc8a1004cc40cd500310 (commit)
      from  9c2b48c4baccba83732e2586eff2b7ee64c63ac9 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 463a593e465643f157fe806b3fe826b6ed593750
Author: Michal 'vorner' Vaner <michal.vaner at nic.cz>
Date:   Fri Jun 10 16:36:58 2011 +0200

    [trac997] Some interface of ACL

-----------------------------------------------------------------------

Summary of changes:
 src/lib/acl/Makefile.am                            |    2 +
 src/lib/acl/acl.h                                  |  121 ++++++++++++++++++++
 src/lib/acl/tests/Makefile.am                      |    2 +-
 .../{datasrc/logger.cc => acl/tests/acl_test.cc}   |   11 +--
 4 files changed, 127 insertions(+), 9 deletions(-)
 create mode 100644 src/lib/acl/acl.h
 copy src/lib/{datasrc/logger.cc => acl/tests/acl_test.cc} (88%)

-----------------------------------------------------------------------
diff --git a/src/lib/acl/Makefile.am b/src/lib/acl/Makefile.am
index c3ea9fc..b063289 100644
--- a/src/lib/acl/Makefile.am
+++ b/src/lib/acl/Makefile.am
@@ -1,4 +1,6 @@
 SUBDIRS = tests
 
+EXTRA_DIST = check.h acl.h
+
 # TODO: Once we have some cc file we are able to compile, create the library.
 # For now, we have only header files, not creating empty library.
diff --git a/src/lib/acl/acl.h b/src/lib/acl/acl.h
new file mode 100644
index 0000000..3e2a561
--- /dev/null
+++ b/src/lib/acl/acl.h
@@ -0,0 +1,121 @@
+// Copyright (C) 2011  Internet Systems Consortium, Inc. ("ISC")
+//
+// Permission to use, copy, modify, and/or distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+// AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+// PERFORMANCE OF THIS SOFTWARE.
+
+#ifndef ACL_ACL_H
+#define ACL_ACL_H
+
+#include "check.h"
+#include <vector>
+#include <memory>
+
+namespace isc {
+namespace acl {
+
+/**
+ * \brief Default actions an ACL could perform.
+ *
+ * This is the default for the ACL class. It is possible to specify any other
+ * data type, as the ACL class does nothing about them, but these look
+ * reasonable, so they are provided for convenience.
+ */
+enum Action {
+    ACCEPT,
+    REJECT,
+    DROP
+};
+
+/**
+ * \brief The ACL itself.
+ *
+ * It holds bunch of ordered entries, each one consisting of a check (
+ * of any kind, it might be even compound) and an action that is returned
+ * whenever the action matches. They are tested in the order and first
+ * match counts.
+ */
+template<typename Context, typename Action = isc::acl::Action> class Acl {
+private:
+    /**
+     * \brief Copy constructor.
+     *
+     * It is private on purpose, this class is non-copyable, it holds raw
+     * pointers of objects we don't know how to copy and there does not seem
+     * to be any need to copy ACLs.
+     */
+    Acl(const Acl<Context, Action>& other);
+    /**
+     * \brief Assignment operator.
+     *
+     * It is private on purpose, this class is non-copyable, it holds raw
+     * pointers of objects we don't know how to copy and there does not seem
+     * to be any need to copy ACLs.
+     */
+    Acl& operator =(const Acl<Context, Action>& other);
+public:
+    /**
+     * \brief Constructor.
+     *
+     * \param policy It is the action that is returned when the checked things
+     *     "falls off" the end of the list (when no rule matched).
+     */
+    Acl(Action policy) : policy_(policy)
+    { }
+    /**
+     * \brief Pointer to the check.
+     *
+     * We use auto_ptr here, as it provides protection against memory leaks
+     * in case of exceptions, while being a lot more lightweight than
+     * boost::shared_ptr (which seems unneeded here, at last for now).
+     */
+    typedef std::auto_ptr<Check<Context> > CheckPtr;
+    /**
+     * \brief The actual main function that decides.
+     *
+     * This is the function that takes the entries one by one, checks
+     * the context against conditions and if it matches, returns the
+     * action that belongs to the first matched entry or policy action
+     * if nothing matches.
+     * \param context The thing that should be checked. It is directly
+     *     passed to the checks.
+     */
+    Action execute(const Context& context) const {
+        // TODO a for cycle
+    }
+    /**
+     * \brief Add new entry at the end of the list.
+     *
+     * \note We currently allow only adding at the end. This is enough for now,
+     * but we may need more when we start implementing some kind optimisations,
+     * including replacements, reorderings and removals.
+     *
+     * \param check The check to test if the thing matches. The ACL steals
+     *      ownership of the pointer (which is implicit from the auto_ptr).
+     * \param action The action to return when the thing matches this check.
+     */
+    void append(CheckPtr check, const Action& action) {
+
+    }
+private:
+    // Just type abbreviations.
+    typedef std::pair<CheckPtr, Action> Entry;
+    typedef std::vector<Entry> Entries;
+    /// \brief The policy.
+    Action policy_;
+    /// \brief The entries we have.
+    Entries entries_;
+};
+
+}
+}
+
+#endif
diff --git a/src/lib/acl/tests/Makefile.am b/src/lib/acl/tests/Makefile.am
index 1ca17f3..5c0cdfc 100644
--- a/src/lib/acl/tests/Makefile.am
+++ b/src/lib/acl/tests/Makefile.am
@@ -4,7 +4,7 @@ TESTS =
 if HAVE_GTEST
 TESTS += run_unittests
 run_unittests_SOURCES = run_unittests.cc
-run_unittests_SOURCES += check_test.cc
+run_unittests_SOURCES += check_test.cc acl_test.cc
 run_unittests_CPPFLAGS = $(AM_CPPFLAGS) $(GTEST_INCLUDES)
 run_unittests_LDFLAGS = $(AM_LDFLAGS) $(GTEST_LDFLAGS)
 
diff --git a/src/lib/acl/tests/acl_test.cc b/src/lib/acl/tests/acl_test.cc
new file mode 100644
index 0000000..21c2e10
--- /dev/null
+++ b/src/lib/acl/tests/acl_test.cc
@@ -0,0 +1,18 @@
+// Copyright (C) 2011  Internet Systems Consortium, Inc. ("ISC")
+//
+// Permission to use, copy, modify, and/or distribute this software for any
+// purpose with or without fee is hereby granted, provided that the above
+// copyright notice and this permission notice appear in all copies.
+//
+// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+// AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+// PERFORMANCE OF THIS SOFTWARE.
+
+#include <gtest/gtest.h>
+#include <acl/acl.h>
+
+isc::acl::Acl<bool> acl(isc::acl::DROP);




More information about the bind10-changes mailing list