BIND 10 trac2191, updated. 825d75f5c66467173d0c0f7333bed1ba47857823 [2191] Allow abbreviated form of ACLs

BIND 10 source code commits bind10-changes at lists.isc.org
Tue Sep 25 08:58:45 UTC 2012 

The branch, trac2191 has been updated
       via  825d75f5c66467173d0c0f7333bed1ba47857823 (commit)
      from  21f612a9f5ec269d4ec4b1103b17857924cb2055 (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit 825d75f5c66467173d0c0f7333bed1ba47857823
Author: Michal 'vorner' Vaner <michal.vaner at nic.cz>
Date:   Tue Sep 25 10:57:05 2012 +0200

    [2191] Allow abbreviated form of ACLs

-----------------------------------------------------------------------

Summary of changes:
 src/lib/acl/dns.h             |    5 ++---
 src/lib/acl/tests/dns_test.cc |   14 +++++++++++++-
 2 files changed, 15 insertions(+), 4 deletions(-)

-----------------------------------------------------------------------
diff --git a/src/lib/acl/dns.h b/src/lib/acl/dns.h
index d08fcf3..9c64c4b 100644
--- a/src/lib/acl/dns.h
+++ b/src/lib/acl/dns.h
@@ -137,9 +137,8 @@ public:
     create(const std::string& name, isc::data::ConstElementPtr definition,
            const acl::Loader<RequestContext>& loader);
 
-    /// Until we are sure how the various rules work for this case, we won't
-    /// allow unexpected special interpretation for list definitions.
-    virtual bool allowListAbbreviation() const { return (false); }
+    // Allow things like "from": ["127.0.0.1", "::1"]
+    virtual bool allowListAbbreviation() const { return (true); }
 };
 } // end of namespace "internal"
 
diff --git a/src/lib/acl/tests/dns_test.cc b/src/lib/acl/tests/dns_test.cc
index b3ddbf4..8d6ee70 100644
--- a/src/lib/acl/tests/dns_test.cc
+++ b/src/lib/acl/tests/dns_test.cc
@@ -62,6 +62,18 @@ TEST(DNSACL, getRequestLoader) {
                                               "  \"from\": \"192.0.2.1\"}]")));
 }
 
+// Check we can abbreviate the IP address lists and TSIG keys
+TEST(DNSACL, abbreviated) {
+    dns::RequestLoader* l(&getRequestLoader());
+
+    EXPECT_NO_THROW(l->load(Element::fromJSON("[{\"action\": \"DROP\","
+                                              "  \"from\": [\"127.0.0.1\","
+                                              "             \"::1\"]}]")));
+    EXPECT_NO_THROW(l->load(Element::fromJSON("[{\"action\": \"DROP\","
+                                              "  \"key\": [\"key.example.\","
+                                              "            \"other.\"]}]")));
+}
+
 class RequestCheckCreatorTest : public ::testing::Test {
 protected:
     dns::internal::RequestCheckCreator creator_;
@@ -78,7 +90,7 @@ TEST_F(RequestCheckCreatorTest, names) {
 }
 
 TEST_F(RequestCheckCreatorTest, allowListAbbreviation) {
-    EXPECT_FALSE(creator_.allowListAbbreviation());
+    EXPECT_TRUE(creator_.allowListAbbreviation());
 }
 
 // The following two tests check the creator for the form of

More information about the bind10-changes mailing list