[bind10-dev] How to load ACLs from database

[Tony Xue]

Hello,

I'll look at the source code see if I can implement it myself or whatever...

I don't know whether there're a lot of people also need this kind of function or just me.

But will this kind of changes in the source code cause some bugs or unreliable? If it may does, I think the script will back to become the primary choice.


Thank you.
-----Original Message-----
From: Michal 'vorner' Vaner <michal.vaner at nic.cz>
Date: Thu, 20 Sep 2012 15:26:46 
To: Tony Xue<xuezxbb at gmail.com>
Cc: Michal 'vorner' Vaner<michal.vaner at nic.cz>; Bind 10<bind10-dev at lists.isc.org>
Subject: Re: 答复： Re: 答复： Re:
 [bind10-dev] How to load ACLs from database

Hello

On Wed, Sep 19, 2012 at 11:22:44PM +0000, Tony Xue wrote:
> So if it's not so simple to do it in the source code, I will think about find a better way to implement this.

Actually, I remembered yet another way how it could be done. I don't think we'll
have time for it soon either, but it would be relatively easy to do in a proper
way.

Our ACL system is really flexible one. It allows adding new types of checks with
very small amount of code changes, just by writing a new class and registering
it somewhere. So there could be a check that'd examine the packet, did a lookup
in the database and said if it matches the database or not. You could have a
look into the existing checks in src/lib/acl.

While we don't support loading these classes dynamically (which means the main
code of bind10 needs to be changed and recompiled), it no deep changes of
design.

With regards

-- 
Anything is possible, unless it's not.

Michal 'vorner' Vaner