Skip to content
GitLab
Commit ac91cd88 authored by Michal 'vorner' Vaner's avatar Michal 'vorner' Vaner
Browse files

[1643] Port xfrout to use global TSIG config

parent 73506bcb
Hide whitespace changes
Inline Side-by-side
src/bin/xfrout/tests/xfrout_test.py.in
View file @ ac91cd88
......@@ -1214,25 +1214,12 @@ class TestUnixSockServer(unittest.TestCase):
def test_update_config_data(self):
self.check_default_ACL()
tsig_key_str = 'example.com:SFuWd/q99SzF8Yzd1QbB9g=='
tsig_key_list = [tsig_key_str]
bad_key_list = ['bad..example.com:SFuWd/q99SzF8Yzd1QbB9g==']
self.unix.update_config_data({'transfers_out':10 })
self.assertEqual(self.unix._max_transfers_out, 10)
self.assertTrue(self.unix.tsig_key_ring is not None)
self.check_default_ACL()
self.unix.update_config_data({'transfers_out':9,
'tsig_key_ring':tsig_key_list})
self.unix.update_config_data({'transfers_out':9})
self.assertEqual(self.unix._max_transfers_out, 9)
self.assertEqual(self.unix.tsig_key_ring.size(), 1)
self.unix.tsig_key_ring.remove(Name("example.com."))
self.assertEqual(self.unix.tsig_key_ring.size(), 0)
# bad tsig key
config_data = {'transfers_out':9, 'tsig_key_ring': bad_key_list}
self.assertRaises(None, self.unix.update_config_data(config_data))
self.assertEqual(self.unix.tsig_key_ring.size(), 0)
# Load the ACL
self.unix.update_config_data({'transfer_acl': [{'from': '127.0.0.1',
......
src/bin/xfrout/xfrout.py.in
View file @ ac91cd88
......@@ -34,6 +34,7 @@ import select
import errno
from optparse import OptionParser, OptionValueError
from isc.util import socketserver_mixin
import isc.server_common.tsig_keyring
from isc.log_messages.xfrout_messages import *
......@@ -769,7 +770,7 @@ class UnixSockServer(socketserver_mixin.NoPollMixIn,
zone_config = self._zone_config
self._lock.release()
self.RequestHandlerClass(sock_fd, request_data, self,
self.tsig_key_ring,
isc.server_common.tsig_keyring.keyring(),
self._guess_remote(sock_fd), acl, zone_config)
def _remove_unused_sock_file(self, sock_file):
......@@ -833,7 +834,6 @@ class UnixSockServer(socketserver_mixin.NoPollMixIn,
self._acl = new_acl
self._zone_config = new_zone_config
self._max_transfers_out = new_config.get('transfers_out')
self.set_tsig_key_ring(new_config.get('tsig_key_ring'))
except Exception as e:
self._lock.release()
raise e
......@@ -870,21 +870,6 @@ class UnixSockServer(socketserver_mixin.NoPollMixIn,
zclass_str + ': ' + str(e))
return new_config
def set_tsig_key_ring(self, key_list):
"""Set the tsig_key_ring , given a TSIG key string list representation. """
# XXX add values to configure zones/tsig options
self.tsig_key_ring = TSIGKeyRing()
# If key string list is empty, create a empty tsig_key_ring
if not key_list:
return
for key_item in key_list:
try:
self.tsig_key_ring.add(TSIGKey(key_item))
except InvalidParameter as ipe:
logger.error(XFROUT_BAD_TSIG_KEY_STRING, str(key_item))
def get_db_file(self):
file, is_default = self._cc.get_remote_config_value("Auth", "database_file")
# this too should be unnecessary, but currently the
......@@ -920,7 +905,8 @@ class XfroutServer:
self._cc = isc.config.ModuleCCSession(SPECFILE_LOCATION, self.config_handler, self.command_handler)
self._config_data = self._cc.get_full_config()
self._cc.start()
self._cc.add_remote_config(AUTH_SPECFILE_LOCATION);
self._cc.add_remote_config(AUTH_SPECFILE_LOCATION)
isc.server_common.tsig_keyring.init_keyring(self._cc)
self._start_xfr_query_listener()
self._start_notifier()
......
src/bin/xfrout/xfrout.spec.pre.in
View file @ ac91cd88
......@@ -38,18 +38,6 @@
"item_optional": false,
"item_default": 1048576
},
{
"item_name": "tsig_key_ring",
"item_type": "list",
"item_optional": true,
"item_default": [],
"list_item_spec" :
{
"item_name": "tsig_key",
"item_type": "string",
"item_optional": true
}
},
{
"item_name": "transfer_acl",
"item_type": "list",
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment