filter-aaaa can be used as zone or view plugin

Update the filter-aaaa system test so the two authoritative zones
in ns4 both configure filter-aaaa as a zone plugin.

In order to work in both contexts, the plugin must register both
the `NS_QUERY_QCTX_INITIALIZED` and `NS_QUERY_AUTHZONE_ATTACHED`
hooks.

When the plugin is configured at the zone level in an authoritative
server, `NS_QUERY_QCTX_INITIALIZED` is skipped, because no zone will
have been looked up by the time it is called.  When the zone is
found, calling `NS_QUERY_AUTHZONE_ATTACHED` will allow the same
initialization to occur.

diff --git a/bin/plugins/filter-a.c b/bin/plugins/filter-a.c
index 23421b31dece9e2ec23c9e1812c38d70965b29a0..2f684a2a45edcf26c948cd53f69240d9183b9318 100644 (file)
--- a/bin/plugins/filter-a.c
+++ b/bin/plugins/filter-a.c
@@ -105,7 +105,7 @@ typedef struct filter_instance {
  * Forward declarations of functions referenced in install_hooks().
  */
 static ns_hookresult_t
-filter_qctx_initialize(void *arg, void *cbdata, isc_result_t *resp);
+filter_initialize(void *arg, void *cbdata, isc_result_t *resp);
 static ns_hookresult_t
 filter_respond_begin(void *arg, void *cbdata, isc_result_t *resp);
 static ns_hookresult_t
@@ -127,7 +127,7 @@ static void
 install_hooks(ns_hooktable_t *hooktable, isc_mem_t *mctx,
              filter_instance_t *inst) {
        const ns_hook_t filter_init = {
-               .action = filter_qctx_initialize,
+               .action = filter_initialize,
                .action_data = inst,
        };
 
@@ -157,6 +157,7 @@ install_hooks(ns_hooktable_t *hooktable, isc_mem_t *mctx,
        };
 
        ns_hook_add(hooktable, mctx, NS_QUERY_QCTX_INITIALIZED, &filter_init);
+       ns_hook_add(hooktable, mctx, NS_QUERY_AUTHZONE_ATTACHED, &filter_init);
        ns_hook_add(hooktable, mctx, NS_QUERY_RESPOND_BEGIN, &filter_respbegin);
        ns_hook_add(hooktable, mctx, NS_QUERY_RESPOND_ANY_FOUND,
                    &filter_respanyfound);
@@ -620,9 +621,15 @@ process_section(const section_filter_t *filter) {
  * in a hash table keyed according to the client object; this enables us to
  * retrieve persistent data related to a client query for as long as the
  * object persists.
+ *
+ * Whether the plugin is registered at view level and the server makes authority
+ * on zones, this can be called twice (once when the query context is
+ * initialized, once when the authoritative zone is found). This is all fine:
+ * the state will be initialized on the first call, and the function bails off
+ * early on the second call (the state is already initialized).
  */
 static ns_hookresult_t
-filter_qctx_initialize(void *arg, void *cbdata, isc_result_t *resp) {
+filter_initialize(void *arg, void *cbdata, isc_result_t *resp) {
        query_ctx_t *qctx = (query_ctx_t *)arg;
        filter_instance_t *inst = (filter_instance_t *)cbdata;
        filter_data_t *client_state;

diff --git a/bin/plugins/filter-aaaa.c b/bin/plugins/filter-aaaa.c
index 62281208ec6d86a3e657380a44bf06fa85b17e8f..d24a6ca80bca0abbefcc4b71178e0498054a9b48 100644 (file)
--- a/bin/plugins/filter-aaaa.c
+++ b/bin/plugins/filter-aaaa.c
@@ -105,7 +105,7 @@ typedef struct filter_instance {
  * Forward declarations of functions referenced in install_hooks().
  */
 static ns_hookresult_t
-filter_qctx_initialize(void *arg, void *cbdata, isc_result_t *resp);
+filter_initialize(void *arg, void *cbdata, isc_result_t *resp);
 static ns_hookresult_t
 filter_respond_begin(void *arg, void *cbdata, isc_result_t *resp);
 static ns_hookresult_t
@@ -127,7 +127,7 @@ static void
 install_hooks(ns_hooktable_t *hooktable, isc_mem_t *mctx,
              filter_instance_t *inst) {
        const ns_hook_t filter_init = {
-               .action = filter_qctx_initialize,
+               .action = filter_initialize,
                .action_data = inst,
        };
 
@@ -157,6 +157,7 @@ install_hooks(ns_hooktable_t *hooktable, isc_mem_t *mctx,
        };
 
        ns_hook_add(hooktable, mctx, NS_QUERY_QCTX_INITIALIZED, &filter_init);
+       ns_hook_add(hooktable, mctx, NS_QUERY_AUTHZONE_ATTACHED, &filter_init);
        ns_hook_add(hooktable, mctx, NS_QUERY_RESPOND_BEGIN, &filter_respbegin);
        ns_hook_add(hooktable, mctx, NS_QUERY_RESPOND_ANY_FOUND,
                    &filter_respanyfound);
@@ -624,9 +625,15 @@ process_section(const section_filter_t *filter) {
  * in a hash table keyed according to the client object; this enables us to
  * retrieve persistent data related to a client query for as long as the
  * object persists.
+ *
+ * Whether the plugin is registered at view level and the server makes authority
+ * on zones, this can be called twice (once when the query context is
+ * initialized, once when the authoritative zone is found). This is all fine:
+ * the state will be initialized on the first call, and the function bails off
+ * early on the second call (the state is already initialized).
  */
 static ns_hookresult_t
-filter_qctx_initialize(void *arg, void *cbdata, isc_result_t *resp) {
+filter_initialize(void *arg, void *cbdata, isc_result_t *resp) {
        query_ctx_t *qctx = (query_ctx_t *)arg;
        filter_instance_t *inst = (filter_instance_t *)cbdata;
        filter_data_t *client_state;

diff --git a/bin/tests/system/filters/ns4/named.conf.j2 b/bin/tests/system/filters/ns4/named.conf.j2
index 4246092923cf19678eabb8a17a9fd875fb603e95..94faf5894ebc1910fb3792584bc76d44d647b9f7 100644 (file)
--- a/bin/tests/system/filters/ns4/named.conf.j2
+++ b/bin/tests/system/filters/ns4/named.conf.j2
@@ -29,15 +29,15 @@ options {
 };
 
 {% if family == "v6" %}
-        plugin query "@TOP_BUILDDIR@/filter-@filtertype@.@DYLIB@" {
-                filter-@filtertype@-on-v6 break-dnssec;
-                filter-@filtertype@ { fd92:7065:b8e:ffff::4; };
-        };
+       plugin query "@TOP_BUILDDIR@/filter-@filtertype@.@DYLIB@" {
+               filter-@filtertype@-on-v6 break-dnssec;
+               filter-@filtertype@ { fd92:7065:b8e:ffff::4; };
+       };
 {% else %}
-        plugin query "@TOP_BUILDDIR@/filter-@filtertype@.@DYLIB@" {
-                filter-@filtertype@-on-v4 break-dnssec;
-                filter-@filtertype@ { 10.53.0.4; };
-        };
+       plugin query "@TOP_BUILDDIR@/filter-@filtertype@.@DYLIB@" {
+               filter-@filtertype@-on-v4 break-dnssec;
+               filter-@filtertype@ { 10.53.0.4; };
+       };
 {% endif %}
 
 key rndc_key {
@@ -50,5 +50,35 @@ controls {
 };
 
 zone "." { type primary; file "root.db"; };
-zone "signed" { type primary; file "signed.db.signed"; };
-zone "unsigned" { type primary; file "unsigned.db"; };
+
+zone "signed" {
+       type primary;
+       file "signed.db.signed";
+       {% if family == "v6" %}
+               plugin query "@TOP_BUILDDIR@/filter-@filtertype@.@DYLIB@" {
+                       filter-@filtertype@-on-v6 break-dnssec;
+                       filter-@filtertype@ { fd92:7065:b8e:ffff::4; };
+               };
+       {% else %}
+               plugin query "@TOP_BUILDDIR@/filter-@filtertype@.@DYLIB@" {
+                       filter-@filtertype@-on-v4 break-dnssec;
+                       filter-@filtertype@ { 10.53.0.4; };
+               };
+       {% endif %}
+};
+
+zone "unsigned" {
+       type primary;
+       file "unsigned.db";
+       {% if family == "v6" %}
+               plugin query "@TOP_BUILDDIR@/filter-@filtertype@.@DYLIB@" {
+                       filter-@filtertype@-on-v6 break-dnssec;
+                       filter-@filtertype@ { fd92:7065:b8e:ffff::4; };
+               };
+       {% else %}
+               plugin query "@TOP_BUILDDIR@/filter-@filtertype@.@DYLIB@" {
+                       filter-@filtertype@-on-v4 break-dnssec;
+                       filter-@filtertype@ { 10.53.0.4; };
+               };
+       {% endif %}
+};