/* NetmaskGroup */
luaCtx.writeFunction("newNMG", []() { return NetmaskGroup(); });
- luaCtx.registerFunction<void(NetmaskGroup::*)(const std::string&mask)>("addMask", [](NetmaskGroup&nmg, const std::string& mask)
+ luaCtx.registerFunction<void(NetmaskGroup::*)(const std::string& mask)>("addMask", [](NetmaskGroup&nmg, const std::string& mask)
{
nmg.addMask(mask);
});
+ luaCtx.registerFunction<void(NetmaskGroup::*)(const NetmaskGroup& otherNMG)>("addNMG", [](NetmaskGroup& nmg, const NetmaskGroup& otherNMG) {
+ /* this is not going to be very efficient, sorry */
+ auto entries = otherNMG.toStringVector();
+ for (const auto& entry : entries) {
+ nmg.addMask(entry);
+ }
+ });
luaCtx.registerFunction<void(NetmaskGroup::*)(const std::map<ComboAddress,int>& map)>("addMasks", [](NetmaskGroup&nmg, const std::map<ComboAddress,int>& map)
{
for (const auto& entry : map) {
luaCtx.writeFunction("showACL", []() {
setLuaNoSideEffect();
- vector<string> vec;
+ auto aclEntries = g_ACL.getLocal()->toStringVector();
- g_ACL.getLocal()->toStringVector(&vec);
-
- for (const auto& s : vec)
- g_outputBuffer += s + "\n";
+ for (const auto& entry : aclEntries) {
+ g_outputBuffer += entry + "\n";
+ }
});
luaCtx.writeFunction("shutdown", []() {
warnlog("Allowing remote access to the console while libsodium support has not been enabled is not secure, and will result in cleartext communications");
#endif
- vector<string> vec;
- g_consoleACL.getLocal()->toStringVector(&vec);
+ auto aclEntries = g_consoleACL.getLocal()->toStringVector();
- for (const auto& s : vec) {
- g_outputBuffer += s + "\n";
+ for (const auto& entry : aclEntries) {
+ g_outputBuffer += entry + "\n";
}
});
static void apiSaveACL(const NetmaskGroup& nmg)
{
- vector<string> vec;
- nmg.toStringVector(&vec);
+ auto aclEntries = nmg.toStringVector();
string acl;
- for(const auto& s : vec) {
+ for (const auto& entry : aclEntries) {
if (!acl.empty()) {
acl += ", ";
}
- acl += "\"" + s + "\"";
+ acl += "\"" + entry + "\"";
}
string content = "setACL({" + acl + "})";
string acl;
{
- vector<string> vec;
- g_ACL.getLocal()->toStringVector(&vec);
+ auto aclEntries = g_ACL.getLocal()->toStringVector();
- for (const auto& s : vec) {
+ for (const auto& entry : aclEntries) {
if (!acl.empty()) {
acl += ", ";
}
- acl += s;
+ acl += entry;
}
}
}
}
if (resp.status == 200) {
- Json::array acl;
- vector<string> vec;
- g_ACL.getLocal()->toStringVector(&vec);
-
- for(const auto& s : vec) {
- acl.push_back(s);
- }
+ auto aclEntries = g_ACL.getLocal()->toStringVector();
Json::object obj{
{ "type", "ConfigSetting" },
{ "name", "allow-from" },
- { "value", acl }
+ { "value", aclEntries }
};
Json my_json = obj;
resp.body = my_json.dump();
}
}
- vector<string> vec;
- std::string acls;
- g_ACL.getLocal()->toStringVector(&vec);
- for (const auto& aclEntry : vec) {
- if (!acls.empty()) {
- acls += ", ";
- }
- acls += aclEntry;
- }
- infolog("ACL allowing queries from: %s", acls);
- vec.clear();
- acls.clear();
- g_consoleACL.getLocal()->toStringVector(&vec);
- for (const auto& entry : vec) {
- if (!acls.empty()) {
- acls += ", ";
- }
- acls += entry;
- }
- infolog("Console ACL allowing connections from: %s", acls.c_str());
+ {
+ std::string acls;
+ auto aclEntries = g_ACL.getLocal()->toStringVector();
+ for (const auto& aclEntry : aclEntries) {
+ if (!acls.empty()) {
+ acls += ", ";
+ }
+ acls += aclEntry;
+ }
+ infolog("ACL allowing queries from: %s", acls);
+ }
+ {
+ std::string acls;
+ auto aclEntries = g_consoleACL.getLocal()->toStringVector();
+ for (const auto& entry : aclEntries) {
+ if (!acls.empty()) {
+ acls += ", ";
+ }
+ acls += entry;
+ }
+ infolog("Console ACL allowing connections from: %s", acls.c_str());
+ }
#ifdef HAVE_LIBSODIUM
if (g_consoleEnabled && g_consoleKey.empty()) {
:param string mask: Add this mask, prefix with `!` to exclude this mask from matching.
:param table masks: Adds the keys of the table to the :class:`NetmaskGroup`. It should be a table whose keys are :class:`ComboAddress` objects and whose values are integers. The integer values of the table entries are ignored. The table is of the same type as the table returned by the `exceed*` functions.
+ .. method:: NetmaskGroup:addNMG(otherNMG)
+
+ .. versionadded:: 1.9.0
+
+ Add one or more masks from an existing to this NMG.
+
+ :param NetmaskGroup otherNMG: Add the masks from a :class:`NetmaskGroup` to this one.
+
.. method:: NetmaskGroup:match(address) -> bool
Checks if ``address`` is matched by this NetmaskGroup.
return str.str();
}
- void toStringVector(vector<string>* vec) const
+ std::vector<std::string> toStringVector() const
{
- for(auto iter = tree.begin(); iter != tree.end(); ++iter) {
- vec->push_back((iter->second ? "" : "!") + iter->first.toString());
+ std::vector<std::string> out;
+ out.reserve(tree.size());
+ for (const auto& entry : tree) {
+ out.push_back((entry.second ? "" : "!") + entry.first.toString());
}
+ return out;
}
void toMasks(const string &ips)
// Return currently configured ACLs
vector<string> entries;
if (t_allowFrom && aclType == "allow-from") {
- t_allowFrom->toStringVector(&entries);
+ entries = t_allowFrom->toStringVector();
}
else if (t_allowNotifyFrom && aclType == "allow-notify-from") {
- t_allowNotifyFrom->toStringVector(&entries);
+ entries = t_allowNotifyFrom->toStringVector();
}
resp->setJsonBody(Json::object{
(_, receivedResponse) = sender(query, response=None, useQueue=False)
self.assertEqual(receivedResponse, expectedResponse)
+class TestAdvancedNMGAddNMG(DNSDistTest):
+ _config_template = """
+ oneNMG = newNMG()
+ anotherNMG = newNMG()
+ anotherNMG:addMask('127.0.0.1/32')
+ oneNMG:addNMG(anotherNMG)
+ addAction(NotRule(NetmaskGroupRule(oneNMG)), DropAction())
+ addAction(AllRule(), SpoofAction('192.0.2.1'))
+ newServer{address="127.0.0.1:%s"}
+ """
+
+ def testAdvancedNMGRuleAddNMG(self):
+ """
+ Advanced: NMGRule:addNMG()
+ """
+ name = 'nmgrule-addnmg.advanced.tests.powerdns.com.'
+ query = dns.message.make_query(name, 'A', 'IN')
+ query.flags &= ~dns.flags.RD
+ expectedResponse = dns.message.make_response(query)
+ rrset = dns.rrset.from_text(name,
+ 60,
+ dns.rdataclass.IN,
+ dns.rdatatype.A,
+ '192.0.2.1')
+ expectedResponse.answer.append(rrset)
+
+ for method in ("sendUDPQuery", "sendTCPQuery"):
+ sender = getattr(self, method)
+ (_,receivedResponse) = sender(query, response=expectedResponse, useQueue=False)
+ self.assertEqual(receivedResponse, expectedResponse)
+
class TestDSTPortRule(DNSDistTest):
_config_params = ['_dnsDistPort', '_testServerPort']
projects / thirdparty / pdns.git / commitdiff
