[trac772] Loading of ACL from configuration

b0e38303 · Michal 'vorner' Vaner · 93145c09 · b0e38303 · b0e38303
Commit b0e38303 authored Jul 11, 2011 by Michal 'vorner' Vaner
--- a/src/bin/xfrout/tests/xfrout_test.py.in
+++ b/src/bin/xfrout/tests/xfrout_test.py.in
@@ -541,6 +541,16 @@ class TestUnixSockServer(unittest.TestCase):
                                             socket.AI_NUMERICHOST)[0][4])
        self.assertEqual(isc.acl.acl.REJECT, self.unix._acl.execute(context))

+    def check_loaded_ACL(self):
+        context = isc.acl.dns.RequestContext(socket.getaddrinfo("127.0.0.1",
+                                             1234, 0, 0, 0,
+                                             socket.AI_NUMERICHOST)[0][4])
+        self.assertEqual(isc.acl.acl.ACCEPT, self.unix._acl.execute(context))
+        context = isc.acl.dns.RequestContext(socket.getaddrinfo("192.0.2.1",
+                                             1234, 0, 0, 0,
+                                             socket.AI_NUMERICHOST)[0][4])
+        self.assertEqual(isc.acl.acl.REJECT, self.unix._acl.execute(context))
+
    def test_updata_config_data(self):
        self.check_default_ACL()
        tsig_key_str = 'example.com:SFuWd/q99SzF8Yzd1QbB9g=='
@@ -563,6 +573,16 @@ class TestUnixSockServer(unittest.TestCase):
        self.assertRaises(None, self.unix.update_config_data(config_data))
        self.assertEqual(self.unix.tsig_key_ring.size(), 0)

+        # Load the ACL
+        self.unix.update_config_data({'ACL': [{'from': '127.0.0.1',
+                                               'action': 'ACCEPT'}]})
+        self.check_loaded_ACL()
+        # Pass a wrong data there and check it does not replace the old one
+        self.assertRaises(isc.acl.acl.LoaderError,
+                          self.unix.update_config_data,
+                          {'ACL': ['Something bad']})
+        self.check_loaded_ACL()
+
    def test_get_db_file(self):
        self.assertEqual(self.unix.get_db_file(), "initdb.file")


--- a/src/bin/xfrout/xfrout.py.in
+++ b/src/bin/xfrout/xfrout.py.in
@@ -517,6 +517,8 @@ class UnixSockServer(socketserver_mixin.NoPollMixIn, ThreadingUnixStreamServer):

    def update_config_data(self, new_config):
        '''Apply the new config setting of xfrout module. '''
+        if 'ACL' in new_config:
+            self._acl = REQUEST_LOADER.load(new_config['ACL'])
        logger.info(XFROUT_NEW_CONFIG)
        self._lock.acquire()
        self._max_transfers_out = new_config.get('transfers_out')
@@ -607,7 +609,10 @@ class XfroutServer:
            self._config_data[key] = new_config[key]

        if self._unix_socket_server:
-            self._unix_socket_server.update_config_data(self._config_data)
+            try:
+                self._unix_socket_server.update_config_data(self._config_data)
+            except Exception as e:
+                answer = create_answer(1, "Bad configuration: " + str(e))

        return answer