Commit e77575c3 authored by Michal 'vorner' Vaner's avatar Michal 'vorner' Vaner
Browse files

[trac772] Perform the ACL check

parent 49f1d2d2
...@@ -141,6 +141,29 @@ class TestXfroutSession(unittest.TestCase): ...@@ -141,6 +141,29 @@ class TestXfroutSession(unittest.TestCase):
self.assertEqual(rcode.to_text(), "NOERROR") self.assertEqual(rcode.to_text(), "NOERROR")
self.assertTrue(self.xfrsess._tsig_ctx is not None) self.assertTrue(self.xfrsess._tsig_ctx is not None)
# ACL checks, put some ACL inside
self.xfrsess._acl = isc.acl.dns.REQUEST_LOADER.load([
{
"from": "127.0.0.1",
"action": "ACCEPT"
},
{
"from": "192.0.2.1",
"action": "DROP"
}
])
# Localhost (the default in this test) is accepted
rcode, msg = self.xfrsess._parse_query_message(self.mdata)
self.assertEqual(rcode.to_text(), "NOERROR")
# This should be dropped completely, therefore returning None
self.xfrsess._remote = ('192.0.2.1', 12345)
rcode, msg = self.xfrsess._parse_query_message(self.mdata)
self.assertTrue(rcode is None)
# This should be rejected, therefore NOTAUTH
self.xfrsess._remote = ('192.0.2.2', 12345)
rcode, msg = self.xfrsess._parse_query_message(self.mdata)
self.assertEqual(rcode.to_text(), "REFUSED")
def test_get_query_zone_name(self): def test_get_query_zone_name(self):
msg = self.getmsg() msg = self.getmsg()
self.assertEqual(self.xfrsess._get_query_zone_name(msg), "example.com.") self.assertEqual(self.xfrsess._get_query_zone_name(msg), "example.com.")
......
...@@ -144,7 +144,13 @@ class XfroutSession(): ...@@ -144,7 +144,13 @@ class XfroutSession():
# TSIG related checks # TSIG related checks
rcode = self._check_request_tsig(msg, mdata) rcode = self._check_request_tsig(msg, mdata)
# TODO The ACL check comes here # ACL checks
acl_result = self._acl.execute(
isc.acl.dns.RequestContext(self._remote))
if acl_result == isc.acl.acl.DROP:
return None, None
elif acl_result == isc.acl.acl.REJECT:
return Rcode.REFUSED(), msg
except Exception as err: except Exception as err:
logger.error(XFROUT_PARSE_QUERY_ERROR, str(err)) logger.error(XFROUT_PARSE_QUERY_ERROR, str(err))
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment