upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-09 03:02:05 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Test ACL from template

Browse source 
Add an acl system test case where the ACL comes from a template. It
should override the ACL from the options.
This commit is contained in:
Matthijs Mekking 2026-05-28 15:06:50 +02:00
parent 11e204ee00
commit d47aeb96d4
4 changed files with 36 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
bin/tests/system/acl/ns3/named.conf.j2
View file

@ -21,3 +21,8 @@ key rndc_key {
secret "1234abcd8765";
algorithm @DEFAULT_HMAC@;
};
template "allow-xfr" {
type primary;
allow-transfer { any; };
};

0
bin/tests/system/acl/ns3/example.db → bin/tests/system/acl/ns3/template.db
View file

29
bin/tests/system/acl/tests.sh
View file

@ -226,7 +226,8 @@ status=$((status + ret))
echo_i "testing allow-transfer ACLs against ns3 (no existing zones)"
echo_i "calling addzone example.com on ns3"
$RNDCCMD 10.53.0.3 addzone 'example.com {type primary; file "example.db"; }; '
cp ns3/template.db ns3/example.com.db
$RNDCCMD 10.53.0.3 addzone 'example.com {type primary; file "example.com.db"; }; '
sleep 1
t=$((t + 1))
@ -237,6 +238,32 @@ grep "Transfer failed." dig.out.${t} >/dev/null 2>&1 || ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=$((status + ret))
echo_i "calling addzone allow.example on ns3"
cp ns3/template.db ns3/allow.example.db
$RNDCCMD 10.53.0.3 addzone 'allow.example {type primary; file "allow.example.db"; allow-transfer { any; }; }; '
sleep 1
t=$((t + 1))
ret=0
echo_i "checking AXFR of allow.example from ns3 with ACL allow-transfer { any; }; (${t})"
$DIG -p ${PORT} @10.53.0.3 allow.example axfr >dig.out.${t} 2>&1
grep "Transfer failed." dig.out.${t} >/dev/null 2>&1 && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=$((status + ret))
echo_i "calling addzone template.example on ns3"
cp ns3/template.db ns3/template.example.db
$RNDCCMD 10.53.0.3 addzone 'template.example {file "template.example.db"; template "allow-xfr"; }; '
sleep 1
t=$((t + 1))
ret=0
echo_i "checking AXFR of template.example from ns3 with ACL allow-transfer from template (${t})"
$DIG -p ${PORT} @10.53.0.3 template.example axfr >dig.out.${t} 2>&1
grep "Transfer failed." dig.out.${t} >/dev/null 2>&1 && ret=1
[ $ret -eq 0 ] || echo_i "failed"
status=$((status + ret))
echo_i "calling rndc reconfig"
rndc_reconfig ns3 10.53.0.3

3
bin/tests/system/acl/tests_sh_acl.py
View file

@ -18,6 +18,9 @@ pytestmark = pytest.mark.extra_artifacts(
"ns*/_default.nzf*",
"ns2/example.db",
"ns2/tsigzone.db",
"ns3/example.com.db",
"ns3/allow.example.db",
"ns3/template.example.db",
]
)