- Possibility to lookup local_zone regardless the taglist.

- Added local_zone/taglist/acl unit test. git-svn-id: file:///svn/unbound/trunk@3767 be551aaa-1e26-0410-a405-d3ace91eadb9
2026-02-01 19:29:27 -05:00 · 2016-06-07 14:31:30 +00:00 · 2016-06-07 14:31:30 +00:00 · 2d69c5d879
commit 2d69c5d879
parent 230ef2110b
4 changed files with 142 additions and 9 deletions
--- a/doc/Changelog
+++ b/doc/Changelog
@ -1,5 +1,7 @@
 7 June 2016: Ralph
 	- Lookup localzones by taglist from acl.
+	- Possibility to lookup local_zone, regardless the taglist.
+	- Added local_zone/taglist/acl unit test.

 7 June 2016: Wouter
 	- Fix #773: Non-standard Python location build failure with pyunbound.
--- a/services/localzone.c
+++ b/services/localzone.c
@ -1015,13 +1015,13 @@ local_zones_lookup(struct local_zones* zones,
        uint8_t* name, size_t len, int labs, uint16_t dclass)
 {
 	return local_zones_tags_lookup(zones, name, len, labs,
-		dclass, NULL, 0);
+		dclass, NULL, 0, 1);
 }

 struct local_zone* 
 local_zones_tags_lookup(struct local_zones* zones,
        uint8_t* name, size_t len, int labs, uint16_t dclass,
-	uint8_t* taglist, size_t taglen)
+	uint8_t* taglist, size_t taglen, int ignoretags)
 {
 	rbnode_t* res = NULL;
 	struct local_zone *result;
@ -1041,13 +1041,11 @@ local_zones_tags_lookup(struct local_zones* zones,
 	(void)dname_lab_cmp(result->name, result->namelabs, key.name,
 		key.namelabs, &m);
 	while(result) { /* go up until qname is zone or subdomain of zone */
-		if(result->namelabs <= m) {
-			if(!result->taglist)
-				break;
-			if(taglist_intersect(result->taglist, 
+		if(result->namelabs <= m)
+			if(ignoretags || !result->taglist ||
+				taglist_intersect(result->taglist, 
 				result->taglen, taglist, taglen))
 				break;
-		}
 		result = result->parent;
 	}
 	return result;
@ -1299,7 +1297,7 @@ local_zones_answer(struct local_zones* zones, struct query_info* qinfo,
 	int r;
 	lock_rw_rdlock(&zones->lock);
 	z = local_zones_tags_lookup(zones, qinfo->qname,
-		qinfo->qname_len, labs, qinfo->qclass, taglist, taglen);
+		qinfo->qname_len, labs, qinfo->qclass, taglist, taglen, 0);
 	if(!z) {
 		lock_rw_unlock(&zones->lock);
 		return 0;
--- a/services/localzone.h
+++ b/services/localzone.h
@ -225,11 +225,13 @@ void local_zone_delete(struct local_zone* z);
 * @param dclass: class to lookup.
 * @param taglist: taglist to lookup.
 * @param taglen: lenth of taglist.
+ * @param ignoretags: lookup zone by name and class, regardless the
+ * local-zone's tags.
 * @return closest local_zone or NULL if no covering zone is found.
 */
 struct local_zone* local_zones_tags_lookup(struct local_zones* zones, 
 	uint8_t* name, size_t len, int labs, uint16_t dclass, 
-	uint8_t* taglist, size_t taglen);
+	uint8_t* taglist, size_t taglen, int ignoretags);

 /**
 * Lookup zone that contains the given name, class.
--- a/testdata/local_acl_taglist.rpl
+++ b/testdata/local_acl_taglist.rpl
@ -0,0 +1,131 @@
+; config options
+server:
+	define-tag: "tag1 tag2 tag3"
+	local-zone: "example." redirect
+	local-data: 'example. IN TXT "data 0"'
+	local-zone: "d.example." static
+	local-data: 'd.example. IN TXT "data 1"'
+	local-zone: "c.d.example." redirect
+	local-data: 'c.d.example. IN TXT "data 2"'
+	local-zone: "b.c.d.example." redirect
+	local-data: 'b.c.d.example. IN TXT "data 3"'
+
+	; no tags for local-zones example. and c.d.example.
+	local-zone-tag: "d.example." "tag1 tag2"
+	local-zone-tag: "b.c.d.example." "tag3"
+
+	access-control: 10.10.10.0/24 allow
+	access-control-tag: 10.10.10.20/32 "tag1"
+	access-control-tag: 10.10.10.30/32 "tag2 tag3"
+	access-control-tag: 10.10.10.40/32 "tag3"
+	
+
+CONFIG_END
+SCENARIO_BEGIN Test local data queries
+
+STEP 1 QUERY ADDRESS 10.10.10.10
+ENTRY_BEGIN
+SECTION QUESTION
+d.example. IN TXT
+ENTRY_END
+STEP 2 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RA AA
+SECTION QUESTION
+d.example. IN TXT
+SECTION ANSWER
+d.example. IN TXT "data 0"
+ENTRY_END
+
+STEP 3 QUERY ADDRESS 10.10.10.20
+ENTRY_BEGIN
+SECTION QUESTION
+d.example. IN TXT
+ENTRY_END
+STEP 4 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RA AA
+SECTION QUESTION
+d.example. IN TXT
+SECTION ANSWER
+d.example. IN TXT "data 1"
+ENTRY_END
+
+STEP 5 QUERY ADDRESS 10.10.10.30
+ENTRY_BEGIN
+SECTION QUESTION
+d.example. IN TXT
+ENTRY_END
+STEP 6 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RA AA
+SECTION QUESTION
+d.example. IN TXT
+SECTION ANSWER
+d.example. IN TXT "data 1"
+ENTRY_END
+
+STEP 7 QUERY ADDRESS 10.10.10.40
+ENTRY_BEGIN
+SECTION QUESTION
+d.example. IN TXT
+ENTRY_END
+STEP 8 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RA AA
+SECTION QUESTION
+d.example. IN TXT
+SECTION ANSWER
+d.example. IN TXT "data 0"
+ENTRY_END
+
+STEP 9 QUERY ADDRESS 10.10.10.20
+ENTRY_BEGIN
+SECTION QUESTION
+c.d.example. IN TXT
+ENTRY_END
+STEP 10 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RA AA
+SECTION QUESTION
+c.d.example. IN TXT
+SECTION ANSWER
+c.d.example. IN TXT "data 2"
+ENTRY_END
+
+STEP 11 QUERY ADDRESS 10.10.10.20
+ENTRY_BEGIN
+SECTION QUESTION
+a.b.c.d.example. IN TXT
+ENTRY_END
+STEP 12 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RA AA
+SECTION QUESTION
+a.b.c.d.example. IN TXT
+SECTION ANSWER
+a.b.c.d.example. IN TXT "data 2"
+ENTRY_END
+
+STEP 13 QUERY ADDRESS 10.10.10.30
+ENTRY_BEGIN
+SECTION QUESTION
+a.b.c.d.example. IN TXT
+ENTRY_END
+STEP 14 CHECK_ANSWER
+ENTRY_BEGIN
+MATCH all
+REPLY QR RA AA
+SECTION QUESTION
+a.b.c.d.example. IN TXT
+SECTION ANSWER
+a.b.c.d.example. IN TXT "data 3"
+ENTRY_END
+
+SCENARIO_END