Commit 4681ab1f authored by Witold Krecicki's avatar Witold Krecicki

4387. [test] Rewritten test suite for catalog zones. [RT #42676]

4386.	[func]		Support for master entries with TSIG keys in catalog
			zones. [RT #42577]
parent b56bd9b5
4389. [test] Rewritten test suite for catalog zones. [RT #42676]
4388. [func] Support for master entries with TSIG keys in catalog
zones. [RT #42577]
4387. [bug] Change 4336 was not complete leading to SERVFAIL
being return as NS records expired. [RT #42683]
......
......@@ -600,9 +600,12 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
} *stack = NULL;
REQUIRE(ipkl != NULL);
REQUIRE(ipkl->count == 0);
REQUIRE(ipkl->addrs == NULL);
REQUIRE(ipkl->keys == NULL);
REQUIRE(ipkl->dscps == NULL);
REQUIRE(ipkl->labels == NULL);
REQUIRE(ipkl->allocated == 0);
/*
* Get system defaults.
......@@ -859,6 +862,7 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
ipkl->dscps = dscps;
ipkl->keys = keys;
ipkl->count = addrcount;
ipkl->allocated = addrcount;
return (ISC_R_SUCCESS);
......
......@@ -2046,12 +2046,31 @@ catz_addmodzone_taskaction(isc_task_t *task, isc_event_t *event0) {
if (result != ISC_R_SUCCESS) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
"catz: error \"%s\" while trying to"
"catz: error \"%s\" while trying to "
"modify zone \"%s\"",
isc_result_totext(result),
nameb);
goto cleanup;
} else {
if (!dns_zone_getadded(zone)) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER,
ISC_LOG_WARNING,
"catz: catz_addmodzone_taskaction: "
"zone '%s' is not a dynamically "
"added zone",
nameb);
goto cleanup;
}
if (dns_zone_get_parentcatz(zone) != ev->origin) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
"catz: catz_delzone_taskaction: "
"zone '%s' exists in multiple "
"catalog zones",
nameb);
goto cleanup;
}
dns_zone_detach(&zone);
}
......@@ -2059,7 +2078,7 @@ catz_addmodzone_taskaction(isc_task_t *task, isc_event_t *event0) {
if (result != ISC_R_NOTFOUND && result != DNS_R_PARTIALMATCH) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
"catz: error \"%s\" while trying to"
"catz: error \"%s\" while trying to "
"add zone \"%s\"",
isc_result_totext(result),
nameb);
......@@ -2141,6 +2160,7 @@ catz_addmodzone_taskaction(isc_task_t *task, isc_event_t *event0) {
/* Flag the zone as having been added at runtime */
dns_zone_setadded(zone, ISC_TRUE);
dns_zone_set_parentcatz(zone, ev->origin);
cleanup:
if (zone != NULL)
......@@ -2177,8 +2197,6 @@ catz_delzone_taskaction(isc_task_t *task, isc_event_t *event0) {
goto cleanup;
}
/* TODO make other flag for CZ zones */
/* TODO2 make sure that we delete only 'own' zones */
if (!dns_zone_getadded(zone)) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
......@@ -2188,6 +2206,15 @@ catz_delzone_taskaction(isc_task_t *task, isc_event_t *event0) {
goto cleanup;
}
if (dns_zone_get_parentcatz(zone) != ev->origin) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
"catz: catz_delzone_taskaction: zone "
"'%s' exists in multiple catalog zones",
cname);
goto cleanup;
}
/* Stop answering for this zone */
if (dns_zone_getdb(zone, &dbp) == ISC_R_SUCCESS) {
dns_db_detach(&dbp);
......@@ -2196,7 +2223,8 @@ catz_delzone_taskaction(isc_task_t *task, isc_event_t *event0) {
CHECK(dns_zt_unmount(ev->view->zonetable, zone));
file = dns_zone_getfile(zone);
isc_file_remove(file);
if (file != NULL)
isc_file_remove(file);
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_WARNING,
......@@ -5408,8 +5436,11 @@ configure_zone(const cfg_obj_t *config, const cfg_obj_t *zconfig,
dns_db_t *db = NULL;
tresult = dns_zone_getdb(zone, &db);
if (tresult == ISC_R_SUCCESS)
if (tresult == ISC_R_SUCCESS) {
dns_catz_dbupdate_callback(db, view->catzs);
dns_db_detach(&db);
}
}
/*
......
......@@ -1148,10 +1148,8 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
ztype == dns_zone_master)))
{
dns_ipkeylist_t ipkl;
ipkl.count = 0;
ipkl.addrs = NULL;
ipkl.dscps = NULL;
ipkl.keys = NULL;
dns_ipkeylist_init(&ipkl);
RETERR(ns_config_getipandkeylist(config, obj, mctx,
&ipkl));
result = dns_zone_setalsonotifydscpkeys(zone,
......@@ -1623,10 +1621,8 @@ ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
(void)cfg_map_get(zoptions, "masters", &obj);
if (obj != NULL) {
dns_ipkeylist_t ipkl;
ipkl.count = 0;
ipkl.addrs = NULL;
ipkl.dscps = NULL;
ipkl.keys = NULL;
dns_ipkeylist_init(&ipkl);
RETERR(ns_config_getipandkeylist(config, obj, mctx,
&ipkl));
result = dns_zone_setmasterswithkeys(mayberaw,
......
......@@ -13,13 +13,15 @@
# PERFORMANCE OF THIS SOFTWARE.
rm -f dig.out.*
rm -f nsupdate.out.*
rm -f ns*/*.jnl
rm -f ns*/*.nzf
rm -f ns*/named.lock
rm -f ns*/named.memstats
rm -f ns*/named.run
rm -f ns*/named.lock
rm -f ns1/*dom*example.db
rm -f ns{1,2}/catalog{1,2,3}.example.db
rm -f ns2/__catz__*db
rm -f ns2/named.conf
rm -f ns3/dom{13,14}.example.db
rm -f nsupdate.out.*
rm -f ns{1,2,3}/catalog{1,2,3,4}.example.db
rm -rf ns2/zonedir
rm -f ns*/*.jnl
rm -f ns*/*.nzf
......@@ -31,6 +31,7 @@ options {
listen-on-v6 { none; };
notify no;
recursion no;
allow-transfer { any; };
};
zone "catalog1.example" {
......@@ -42,20 +43,27 @@ zone "catalog1.example" {
notify explicit;
};
zone "catalog2.example" {
zone "catalog3.example" {
type master;
file "catalog2.example.db";
file "catalog3.example.db";
allow-transfer { any; };
allow-update { any; };
also-notify { 10.53.0.2; };
notify explicit;
};
zone "catalog3.example" {
zone "catalog4.example" {
type master;
file "catalog3.example.db";
file "catalog4.example.db";
allow-transfer { any; };
allow-update { any; };
also-notify { 10.53.0.2; };
notify explicit;
};
/* catalog5 is missing on purpose */
key tsig_key. {
secret "LSAnCU+Z";
algorithm hmac-md5;
};
......@@ -27,7 +27,7 @@ options {
port 5300;
pid-file "named.pid";
listen-on { 10.53.0.2; };
listen-on-v6 { none; };
listen-on-v6 { fd92:7065:b8e:ffff::2; };
notify no;
recursion no;
serial-query-rate 100;
......@@ -42,6 +42,10 @@ options {
zone "catalog3.example"
default-masters { 10.53.0.1; }
zone-directory "nonexistent";
#T1 zone "catalog4.example"
#T1 default-masters { 10.53.0.1; };
#T2 zone "catalog5.example"
#T2 default-masters { 10.53.0.1; };
};
};
......@@ -54,7 +58,7 @@ zone "catalog1.example" {
zone "catalog2.example" {
type slave;
file "catalog2.example.db";
masters { 10.53.0.1; };
masters { 10.53.0.3; };
};
zone "catalog3.example" {
......@@ -62,3 +66,14 @@ zone "catalog3.example" {
file "catalog3.example.db";
masters { 10.53.0.1; };
};
zone "catalog4.example" {
type slave;
file "catalog4.example.db";
masters { 10.53.0.1; };
};
key tsig_key. {
secret "LSAnCU+Z";
algorithm hmac-md5;
};
; Copyright (C) 2016 Internet Systems Consortium, Inc. ("ISC")
;
; Permission to use, copy, modify, and/or distribute this software for any
; purpose with or without fee is hereby granted, provided that the above
; copyright notice and this permission notice appear in all copies.
;
; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
@ 3600 IN SOA . . 1 3600 3600 3600 3600
@ IN NS invalid.
......@@ -25,16 +25,35 @@ options {
notify-source 10.53.0.3;
transfer-source 10.53.0.3;
port 5300;
allow-new-zones yes;
pid-file "named.pid";
provide-ixfr no;
listen-on { 10.53.0.3; };
listen-on-v6 { none; };
listen-on-v6 { fd92:7065:b8e:ffff::3; };
notify no;
recursion no;
};
zone "dom4.example" {
zone "catalog2.example" {
type master;
file "dom4.example.db";
file "catalog2.example.db";
allow-transfer { any; };
allow-update { any; };
also-notify { 10.53.0.2; };
notify explicit;
};
zone "dom5.example" {
type master;
file "dom5.example.db";
allow-transfer { any; };
allow-update { any; };
notify explicit;
};
zone "dom6.example" {
type master;
file "dom6.example.db";
allow-transfer { any; };
allow-update { any; };
notify explicit;
......
......@@ -20,6 +20,8 @@ SYSTEMTESTTOP=..
$SHELL clean.sh
cat ns1/catalog.example.db.in > ns1/catalog1.example.db
cat ns1/catalog.example.db.in > ns1/catalog2.example.db
cat ns1/catalog.example.db.in > ns3/catalog2.example.db
cat ns1/catalog.example.db.in > ns1/catalog3.example.db
cat ns1/catalog.example.db.in > ns1/catalog4.example.db
cat ns2/named.conf.in > ns2/named.conf
mkdir ns2/zonedir
This diff is collapsed.
This diff is collapsed.
......@@ -28,9 +28,20 @@ struct dns_ipkeylist {
isc_sockaddr_t *addrs;
isc_dscp_t *dscps;
dns_name_t **keys;
dns_name_t **labels;
isc_uint32_t count;
isc_uint32_t allocated;
};
void
dns_ipkeylist_init(dns_ipkeylist_t *ipkl);
/*%<
* Reset ipkl to empty state
*
* Requires:
*\li 'ipkl' to be non NULL.
*/
void
dns_ipkeylist_clear(isc_mem_t *mctx, dns_ipkeylist_t *ipkl);
/*%<
......@@ -41,8 +52,7 @@ dns_ipkeylist_clear(isc_mem_t *mctx, dns_ipkeylist_t *ipkl);
*
* Requires:
*\li 'mctx' to be a valid memory context.
*\li 'ipkl' to be non NULL and have its members `addrs` and `keys`
* allocated. 'dscps' might be NULL.
*\li 'ipkl' to be non NULL.
*/
isc_result_t
......@@ -61,5 +71,20 @@ dns_ipkeylist_copy(isc_mem_t *mctx, const dns_ipkeylist_t *src,
*\li #ISC_R_SUCCESS -- success
*\li any other value -- failure
*/
isc_result_t
dns_ipkeylist_resize(isc_mem_t *mctx, dns_ipkeylist_t *ipkl, unsigned int n);
/*%<
* Resize ipkl to contain n elements. Size (count) is not changed, and the
* added space is zeroed.
*
* Requires:
* \li 'mctx' to be a valid memory context.
* \li 'ipk' to be non NULL
* \li 'n' >= ipkl->count
*
* Returns:
* \li #ISC_R_SUCCESS if successs
* \li #ISC_R_NOMEMORY if there's no memory, ipkeylist is left untoched
*/
#endif
......@@ -2415,6 +2415,27 @@ dns_zone_catz_enable_db(dns_zone_t *zone, dns_db_t *db);
* \li 'zone' is a valid zone object
* \li 'db' is not NULL
*/
void
dns_zone_set_parentcatz(dns_zone_t *zone, dns_catz_zone_t *catz);
/*%<
* Set parent catalog zone for this zone
*
* Requires:
*
* \li 'zone' is a valid zone object
* \li 'catz' is not NULL
*/
dns_catz_zone_t *
dns_zone_get_parentcatz(const dns_zone_t *zone);
/*%<
* Get parent catalog zone for this zone
*
* Requires:
*
* \li 'zone' is a valid zone object
*/
void
dns_zone_setstatlevel(dns_zone_t *zone, dns_zonestat_level_t level);
......
......@@ -25,38 +25,58 @@
#include <dns/ipkeylist.h>
#include <dns/name.h>
void
dns_ipkeylist_init(dns_ipkeylist_t *ipkl) {
ipkl->count = 0;
ipkl->allocated = 0;
ipkl->addrs = NULL;
ipkl->dscps = NULL;
ipkl->keys = NULL;
ipkl->labels = NULL;
}
void
dns_ipkeylist_clear(isc_mem_t *mctx, dns_ipkeylist_t *ipkl) {
isc_uint32_t i;
REQUIRE(ipkl != NULL);
REQUIRE(ipkl->count == 0 || ipkl->keys != NULL);
if (ipkl->count == 0)
if (ipkl->allocated == 0)
return;
if (ipkl->addrs != NULL)
isc_mem_put(mctx, ipkl->addrs,
ipkl->count * sizeof(isc_sockaddr_t));
ipkl->allocated * sizeof(isc_sockaddr_t));
if (ipkl->dscps != NULL)
isc_mem_put(mctx, ipkl->dscps,
ipkl->count * sizeof(isc_dscp_t));
for (i = 0; i < ipkl->count; i++) {
if (ipkl->keys[i] == NULL)
continue;
if (dns_name_dynamic(ipkl->keys[i]))
dns_name_free(ipkl->keys[i], mctx);
isc_mem_put(mctx, ipkl->keys[i], sizeof(dns_name_t));
ipkl->allocated * sizeof(isc_dscp_t));
if (ipkl->keys != NULL) {
for (i = 0; i < ipkl->allocated; i++) {
if (ipkl->keys[i] == NULL)
continue;
if (dns_name_dynamic(ipkl->keys[i]))
dns_name_free(ipkl->keys[i], mctx);
isc_mem_put(mctx, ipkl->keys[i], sizeof(dns_name_t));
}
isc_mem_put(mctx, ipkl->keys,
ipkl->allocated * sizeof(dns_name_t *));
}
isc_mem_put(mctx, ipkl->keys, ipkl->count * sizeof(dns_name_t *));
if (ipkl->labels != NULL) {
for (i = 0; i < ipkl->allocated; i++) {
if (ipkl->labels[i] == NULL)
continue;
if (dns_name_dynamic(ipkl->labels[i]))
dns_name_free(ipkl->labels[i], mctx);
isc_mem_put(mctx, ipkl->labels[i], sizeof(dns_name_t));
}
isc_mem_put(mctx, ipkl->labels,
ipkl->allocated * sizeof(dns_name_t *));
}
ipkl->count = 0;
ipkl->addrs = NULL;
ipkl->dscps = NULL;
ipkl->keys = NULL;
dns_ipkeylist_init(ipkl);
}
isc_result_t
......@@ -67,40 +87,24 @@ dns_ipkeylist_copy(isc_mem_t *mctx, const dns_ipkeylist_t *src,
isc_uint32_t i;
REQUIRE(dst != NULL);
REQUIRE(dst->count == 0 &&
dst->addrs == NULL && dst->keys == NULL && dst->dscps == NULL);
/* dst might be preallocated, we don't care, but it must be empty */
REQUIRE(dst->count == 0);
if (src->count == 0)
return (ISC_R_SUCCESS);
dst->count = src->count;
dst->addrs = isc_mem_get(mctx,
src->count * sizeof(isc_sockaddr_t));
if (dst->addrs == NULL)
return (ISC_R_NOMEMORY);
result = dns_ipkeylist_resize(mctx, dst, src->count);
if (result != ISC_R_SUCCESS)
return (result);
memmove(dst->addrs, src->addrs, src->count * sizeof(isc_sockaddr_t));
if (src->dscps != NULL) {
dst->dscps = isc_mem_get(mctx,
src->count * sizeof(isc_dscp_t));
if (dst->dscps == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup_addrs;
}
memmove(dst->dscps, src->dscps,
src->count * sizeof(isc_dscp_t));
}
if (src->keys != NULL) {
dst->keys = isc_mem_get(mctx,
src->count * sizeof(dns_name_t *));
if (dst->keys == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup_dscps;
}
for (i = 0; i < src->count; i++) {
if (src->keys[i] != NULL) {
dst->keys[i] = isc_mem_get(mctx,
......@@ -120,20 +124,121 @@ dns_ipkeylist_copy(isc_mem_t *mctx, const dns_ipkeylist_t *src,
}
}
if (src->labels != NULL) {
for (i = 0; i < src->count; i++) {
if (src->labels[i] != NULL) {
dst->labels[i] = isc_mem_get(mctx,
sizeof(dns_name_t));
if (dst->labels[i] == NULL) {
result = ISC_R_NOMEMORY;
goto cleanup_labels;
}
dns_name_init(dst->labels[i], NULL);
result = dns_name_dup(src->labels[i], mctx,
dst->labels[i]);
if (result != ISC_R_SUCCESS)
goto cleanup_labels;
} else {
dst->labels[i] = NULL;
}
}
}
dst->count = src->count;
return (ISC_R_SUCCESS);
cleanup_labels:
do {
if (dst->labels[i] != NULL) {
if (dns_name_dynamic(dst->labels[i]))
dns_name_free(dst->labels[i], mctx);
isc_mem_put(mctx, dst->labels[i], sizeof(dns_name_t));
dst->labels[i] = NULL;
}
} while (i-- > 0);
cleanup_keys:
do {
if (dst->keys[i] != NULL) {
if (dns_name_dynamic(dst->keys[i]))
dns_name_free(dst->keys[i], mctx);
isc_mem_put(mctx, dst->keys[i], sizeof(dns_name_t));
dst->keys[i] = NULL;
}
} while (i-- > 0);
isc_mem_put(mctx, dst->keys, src->count * sizeof(dns_name_t *));
cleanup_dscps:
isc_mem_put(mctx, dst->dscps, src->count * sizeof(isc_dscp_t));
cleanup_addrs:
isc_mem_put(mctx, dst->addrs, src->count * sizeof(isc_sockaddr_t));
return (result);
}
isc_result_t
dns_ipkeylist_resize(isc_mem_t *mctx, dns_ipkeylist_t *ipkl, unsigned int n) {
isc_sockaddr_t *addrs = NULL;
isc_dscp_t *dscps = NULL;
dns_name_t **keys = NULL;
dns_name_t **labels = NULL;
REQUIRE(ipkl != NULL);
REQUIRE(n > ipkl->count);
if (n <= ipkl->allocated)
return (ISC_R_SUCCESS);
addrs = isc_mem_get(mctx, n * sizeof(isc_sockaddr_t));
if (addrs == NULL)
goto nomemory;
dscps = isc_mem_get(mctx, n * sizeof(isc_dscp_t));
if (dscps == NULL)
goto nomemory;
keys = isc_mem_get(mctx, n * sizeof(dns_name_t *));
if (keys == NULL)
goto nomemory;
labels = isc_mem_get(mctx, n * sizeof(dns_name_t *));
if (labels == NULL)
goto nomemory;
memmove(addrs, ipkl->addrs, ipkl->allocated * sizeof(isc_sockaddr_t));
if (ipkl->addrs != NULL)
isc_mem_put(mctx, ipkl->addrs,
ipkl->allocated * sizeof(isc_sockaddr_t));
ipkl->addrs = addrs;
memset(&ipkl->addrs[ipkl->allocated], 0,
(n - ipkl->allocated) * sizeof(isc_sockaddr_t));
memmove(dscps, ipkl->dscps, ipkl->allocated * sizeof(isc_dscp_t));
if (ipkl->dscps != NULL)
isc_mem_put(mctx, ipkl->dscps,
ipkl->allocated * sizeof(isc_dscp_t));
ipkl->dscps = dscps;
memset(&ipkl->dscps[ipkl->allocated], 0,
(n - ipkl->allocated) * sizeof(isc_dscp_t));
memmove(keys, ipkl->keys, ipkl->allocated * sizeof(dns_name_t *));
if (ipkl->keys)
isc_mem_put(mctx, ipkl->keys,
ipkl->allocated * sizeof(dns_name_t *));
ipkl->keys = keys;
memset(&ipkl->keys[ipkl->allocated], 0,
(n - ipkl->allocated) * sizeof(dns_name_t *));
memmove(labels, ipkl->labels, ipkl->allocated * sizeof(dns_name_t *));
if (ipkl->labels)
isc_mem_put(mctx, ipkl->labels,
ipkl->allocated * sizeof(dns_name_t *));
ipkl->labels = labels;
memset(&ipkl->labels[ipkl->allocated], 0,
(n - ipkl->allocated) * sizeof(dns_name_t *));
ipkl->allocated = n;
return (ISC_R_SUCCESS);
nomemory:
if (addrs != NULL)
isc_mem_put(mctx, addrs, n * sizeof(isc_sockaddr_t));
if (dscps != NULL)
isc_mem_put(mctx, dscps, n * sizeof(isc_dscp_t));
if (keys != NULL)
isc_mem_put(mctx, keys, n * sizeof(dns_name_t *));