[master] Merge branch 'trac1298' with fixing conflicts.

src/bin/xfrin/tests/xfrin_test.py

@@ -1896,7 +1896,7 @@ class TestXfrin(unittest.TestCase):
         self.assertEqual(self.xfr.command_handler("notify",
                                                   self.args)['result'][0], 1)
 
-    def test_command_handler_notify_known_zone(self):
+    def test_command_handler_notify_known_zone_bad_addr(self):
         # try it with a known zone
         self.args['master'] = TEST_MASTER_IPV6_ADDRESS
 
@@ -1908,18 +1908,39 @@ class TestXfrin(unittest.TestCase):
                   }
                 ]}
         self.xfr.config_handler(zones)
+        # the command should now fail
+        self.assertEqual(self.xfr.command_handler("notify",
+                                                  self.args)['result'][0], 1)
+
+    def test_command_handler_notify_known_zone(self):
+        # try it with a known zone
+        self.args['master'] = TEST_MASTER_IPV6_ADDRESS
+
+        # with a zone configuration that has a matching master address.
+        zones = { 'zones': [
+                  { 'name': TEST_ZONE_NAME_STR,
+                    'master_addr': TEST_MASTER_IPV6_ADDRESS,
+                    'master_port': TEST_MASTER_PORT
+                  }
+                ]}
+        self.xfr.config_handler(zones)
         self.assertEqual(self.xfr.command_handler("notify",
                                                   self.args)['result'][0], 0)
 
+        # Note: The rest of the tests won't pass due to the change in #1298
+        # We should probably simply remove the test cases, but for now we
+        # just comment them out.  (Note also that the comment about 'not
+        # from the config' is now wrong, because we used the matching address.)
+        #
         # and see if we used the address from the command, and not from
         # the config
         # This is actually NOT the address given in the command, which
         # would at this point not make sense, see the TODO in
         # xfrin.py.in Xfrin.command_handler())
-        self.assertEqual(TEST_MASTER_IPV4_ADDRESS,
-                         self.xfr.xfrin_started_master_addr)
-        self.assertEqual(int(TEST_MASTER_PORT),
-                         self.xfr.xfrin_started_master_port)
+#         self.assertEqual(TEST_MASTER_IPV4_ADDRESS,
+#                          self.xfr.xfrin_started_master_addr)
+#         self.assertEqual(int(TEST_MASTER_PORT),
+#                          self.xfr.xfrin_started_master_port)
 
     def test_command_handler_unknown(self):
         self.assertEqual(self.xfr.command_handler("xxx", None)['result'][0], 1)

src/bin/xfrin/xfrin.py.in

@@ -1060,6 +1060,8 @@ class Xfrin:
                 # we should check if it matches one of them, and then use it.)
                 (zone_name, rrclass) = self._parse_zone_name_and_class(args)
                 zone_info = self._get_zone_info(zone_name, rrclass)
+                notify_addr = self._parse_master_and_port(args, zone_name,
+                                                          rrclass)
                 if zone_info is None:
                     # TODO what to do? no info known about zone. defaults?
                     errmsg = "Got notification to retransfer unknown zone " + zone_name.to_text()
@@ -1070,13 +1072,21 @@ class Xfrin:
                     if zone_info.use_ixfr:
                         request_type = RRType.IXFR()
                     master_addr = zone_info.get_master_addr_info()
-                    ret = self.xfrin_start(zone_name,
-                                           rrclass,
-                                           self._get_db_file(),
-                                           master_addr,
-                                           zone_info.tsig_key, request_type,
-                                           True)
-                    answer = create_answer(ret[0], ret[1])
+                    if notify_addr == master_addr:
+                        ret = self.xfrin_start(zone_name,
+                                               rrclass,
+                                               self._get_db_file(),
+                                               master_addr,
+                                               zone_info.tsig_key, request_type,
+                                               True)
+                        answer = create_answer(ret[0], ret[1])
+                    else:
+                        errmsg = "Got notification for " + zone_name.to_text()\
+                               + "from unknown address: " + notify_addr[2][0];
+                        logger.error(XFRIN_NOTIFY_UNKNOWN_MASTER,
+                                     zone_name.to_text(), notify_addr[2][0],
+                                     master_addr[2][0])
+                        answer = create_answer(1, errmsg)
 
             elif command == 'retransfer' or command == 'refresh':
                 # Xfrin receives the retransfer/refresh from cmdctl(sent by bindctl).

src/bin/xfrin/xfrin_messages.mes

@@ -70,6 +70,12 @@ was killed.
 There was a problem sending a message to the zone manager. This most
 likely means that the msgq daemon has quit or was killed.
 
+% XFRIN_NOTIFY_UNKNOWN_MASTER got notification to retransfer zone %1 from %2, expected %3
+The system received a notify for the given zone, but the address it came
+from does not match the master address in the Xfrin configuration. The notify
+is ignored. This may indicate that the configuration for the master is wrong,
+that a wrong machine is sending notifies, or that fake notifies are being sent.
+
 % XFRIN_IMPORT_DNS error importing python DNS module: %1
 There was an error importing the python DNS module pydnspp. The most
 likely cause is a PYTHONPATH problem.