Home Explore Help
Sign In
zorun
/
kea
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

[trac772] Loading of ACL from configuration

Michal 'vorner' Vaner 13 years ago
parent
93145c0972
commit
b0e38303e7
2 changed files with 26 additions and 1 deletions
Split View Show Diff Stats
  1. 20 0
      src/bin/xfrout/tests/xfrout_test.py.in
  2. 6 1
      src/bin/xfrout/xfrout.py.in

+ 20 - 0
src/bin/xfrout/tests/xfrout_test.py.in
View File 

@@ -541,6 +541,16 @@ class TestUnixSockServer(unittest.TestCase):
 
                                              socket.AI_NUMERICHOST)[0][4])
 
         self.assertEqual(isc.acl.acl.REJECT, self.unix._acl.execute(context))
 
 
+    def check_loaded_ACL(self):
 
+        context = isc.acl.dns.RequestContext(socket.getaddrinfo("127.0.0.1",
 
+                                             1234, 0, 0, 0,
 
+                                             socket.AI_NUMERICHOST)[0][4])
 
+        self.assertEqual(isc.acl.acl.ACCEPT, self.unix._acl.execute(context))
 
+        context = isc.acl.dns.RequestContext(socket.getaddrinfo("192.0.2.1",
 
+                                             1234, 0, 0, 0,
 
+                                             socket.AI_NUMERICHOST)[0][4])
 
+        self.assertEqual(isc.acl.acl.REJECT, self.unix._acl.execute(context))
 
+
 
     def test_updata_config_data(self):
 
         self.check_default_ACL()
 
         tsig_key_str = 'example.com:SFuWd/q99SzF8Yzd1QbB9g=='
 
@@ -563,6 +573,16 @@ class TestUnixSockServer(unittest.TestCase):
 
         self.assertRaises(None, self.unix.update_config_data(config_data))
 
         self.assertEqual(self.unix.tsig_key_ring.size(), 0)
 
 
+        # Load the ACL
 
+        self.unix.update_config_data({'ACL': [{'from': '127.0.0.1',
 
+                                               'action': 'ACCEPT'}]})
 
+        self.check_loaded_ACL()
 
+        # Pass a wrong data there and check it does not replace the old one
 
+        self.assertRaises(isc.acl.acl.LoaderError,
 
+                          self.unix.update_config_data,
 
+                          {'ACL': ['Something bad']})
 
+        self.check_loaded_ACL()
 
+
 
     def test_get_db_file(self):
 
         self.assertEqual(self.unix.get_db_file(), "initdb.file")

+ 6 - 1
src/bin/xfrout/xfrout.py.in
View File 

@@ -517,6 +517,8 @@ class UnixSockServer(socketserver_mixin.NoPollMixIn, ThreadingUnixStreamServer):
 
 
     def update_config_data(self, new_config):
 
         '''Apply the new config setting of xfrout module. '''
 
+        if 'ACL' in new_config:
 
+            self._acl = REQUEST_LOADER.load(new_config['ACL'])
 
         logger.info(XFROUT_NEW_CONFIG)
 
         self._lock.acquire()
 
         self._max_transfers_out = new_config.get('transfers_out')
 
@@ -607,7 +609,10 @@ class XfroutServer:
 
             self._config_data[key] = new_config[key]
 
 
         if self._unix_socket_server:
 
-            self._unix_socket_server.update_config_data(self._config_data)
 
+            try:
 
+                self._unix_socket_server.update_config_data(self._config_data)
 
+            except Exception as e:
 
+                answer = create_answer(1, "Bad configuration: " + str(e))
 
 
         return answer