GitLab

(cherry picked from commit 4889e06c)

[v9_11] Simplify trailing period handling in system tests

See merge request isc-projects/bind9!1878

Windows systems do not allow a trailing period in file names while Unix
systems do.  When BIND system tests are run, the $TP environment
variable is set to an empty string on Windows systems and to "." on Unix
systems.  This environment variable is then used by system test scripts
for handling this discrepancy properly.

In multiple system test scripts, a variable holding a zone name is set
to a string with a trailing period while the names of the zone's
corresponding dlvset-* and/or dsset-* files are determined using
numerous sed invocations like the following one:

    dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP"

In order to improve code readability, use zone names without trailing
periods and replace sed invocations with variable substitutions.

To retain local consistency, also remove the trailing period from
certain other zone names used in system tests that are not subsequently
processed using sed.

(cherry picked from commit da2c1b74)

Prep release v9 11

See merge request isc-projects/bind9!1865

(cherry picked from commit 40b034f5)

(cherry picked from commit 6195f229)

Replace atomic operations in bin/named/client.c with isc_refcount reference counting

See merge request isc-projects/bind9!1864

Resolve "tcp-clients mostly ineffective"

See merge request isc-projects/bind9!1863

(cherry picked from commit 5e18ad05)

in the "refactor tcpquota and pipeline refs" commit, the counting
of active interfaces was tightened in such a way that named could
fail to listen on an interface if there were more interfaces than
tcp-clients. when checking the quota to start accepting on an
interface, if the number of active clients was above zero, then
it was presumed that some other client was able to handle accepting
new connections. this, however, ignored the fact that the current client
could be included in that count, so if the quota was already exceeded
before all the interfaces were listening, some interfaces would never
listen.

we now check whether the current client has been marked active; if so,
then the number of active clients on the interface must be greater
than 1, not 0.

(cherry picked from commit 0b4e2cd4c3192ba88569dd344f542a8cc43742b5)
(cherry picked from commit d01023aa)

- if the TCP quota has been exceeded but there are no clients listening
  for new connections on the interface, we can now force attachment to the
  quota using isc_quota_force(), instead of carrying on with the quota not
  attached.
- the TCP client quota is now referenced via a reference-counted
  'ns_tcpconn' object, one of which is created whenever a client begins
  listening for new connections, and attached to by members of that
  client's pipeline group. when the last reference to the tcpconn
  object is detached, it is freed and the TCP quota slot is released.
- reduce code duplication by adding mark_tcp_active() function.
- convert counters to atomic.

(cherry picked from commit 7e8222378ca24f1302a0c1c638565050ab04681b)
(cherry picked from commit 4939451275722bfda490ea86ca13e84f6bc71e46)
(cherry picked from commit 13f7c918)

- ensure that tcpactive is cleaned up correctly when accept() fails.
- set 'client->tcpattached' when the client is attached to the tcpquota.
  carry this value on to new clients sharing the same pipeline group.
  don't call isc_quota_detach() on the tcpquota unless tcpattached is
  set.  this way clients that were allowed to accept TCP connections
  despite being over quota (and therefore, were never attached to the
  quota) will not inadvertently detach from it and mess up the
  accounting.
- simplify the code for tcpquota disconnection by using a new function
  tcpquota_disconnect().
- before deciding whether to reject a new connection due to quota
  exhaustion, check to see whether there are at least two active
  clients. previously, this was "at least one", but that could be
  insufficient if there was one other client in READING state (waiting
  for messages on an open connection) but none in READY (listening
  for new connections).
- before deciding whether a TCP client object can to go inactive, we
  must ensure there are enough other clients to maintain service
  afterward -- both accepting new connections and reading/processing new
  queries.  A TCP client can't shut down unless at least one
  client is accepting new connections and (in the case of pipelined
  clients) at least one additional client is waiting to read.

(cherry picked from commit c7394738b2445c16f728a88394864dd61baad900)
(cherry picked from commit e965d5f11d3d0f6d59704e614fceca2093cb1856)
(cherry picked from commit 87d43116)

Track pipeline groups using a shared reference counter
instead of a linked list.

(cherry picked from commit 513afd33)
(cherry picked from commit 9446629b)

the TCP client quota could still be ineffective under some
circumstances.  this change:

- improves quota accounting to ensure that TCP clients are
  properly limited, while still guaranteeing that at least one client
  is always available to serve TCP connections on each interface.
- uses more descriptive names and removes one (ntcptarget) that
  was no longer needed
- adds comments

(cherry picked from commit 924651f1)
(cherry picked from commit 55a7a458)

tcp-clients settings could be exceeded in some cases by
creating more and more active TCP clients that are over
the set quota limit, which in the end could lead to a
DoS attack by e.g. exhaustion of file descriptors.

If TCP client we're closing went over the quota (so it's
not attached to a quota) mark it as mortal - so that it
will be destroyed and not set up to listen for new
connections - unless it's the last client for a specific
interface.

(cherry picked from commit f97131d2)
(cherry picked from commit 9689ffc4)

Fix dnssec test intermittent failure related to kskonly bugfix

See merge request !1858

In 9.11 there are some log messages not existing, but the tests
rely on.  Adjust the grep call that gives confidence the rollover
step has occurred.

Key IDs may accidentally match dig output that is not the key ID (for
example the RRSIG inception or expiration time, the query ID, ...).
Search for key ID + signer name should prevent that, as that is what
only should occur in the RRSIG record, and signer name always follows
the key ID.

(cherry picked from commit 83473b97)

Remove sleep calls from test, rely on wait_for_log().  Make
wait_for_log() and dnssec_loadkeys_on() fail the test if the
appropriate log line is not found.

Slightly adjust the echo_i() lines to print only the key ID (not the
key name).

(cherry picked from commit 67f0635f)

Resolve "dlz_open_driver: fix build failure without dlfcn.h"

See merge request !1855

(cherry picked from commit 19e40981)

(cherry picked from commit eee80847)

[v9_11] Minor "nsupdate" system test tweaks

See merge request !1849

One second may not be enough for an NSEC3 chain change triggered by an
UPDATE message to complete.  Wait up to 10 seconds when checking whether
a given NSEC3 chain change is complete in the "nsupdate" system test.

(cherry picked from commit f8746cdd)

In the "nsupdate" system test, do not sleep before checking results of
changes which are expected to be processed synchronously, i.e. before
nsupdate returns.

(cherry picked from commit 1c8e5ea3)

Merge branch '962-bind-just-disables-gssapi-support-if-no-gssapi-krb5-headers-found-v9_11' into 'v9_11'

Resolve "Bind just disables GSSAPI support if no GSSAPI/KRB5 headers found"

See merge request !1843

(cherry picked from commit e420078c)

using 0 instead of false

See merge request !1840

(cherry picked from commit da7f683a)

[v9_11] Miscellaneous Windows system test fixes

See merge request !1835

Make bin/tests/system/ifconfig.bat also configure addresses ending with
9 and 10, so that the script is in sync with its Unix counterpart.

Update comments listing the interfaces created by ifconfig.{bat,sh} so
that they do not include addresses whose last octet is zero (since an
address like 10.53.1.0/24 is not a valid host address and thus the
aforementioned scripts do not even attempt configuring them).

(cherry picked from commit b6c1cdff)

On Windows, the bin/tests/system/dnssec/signer/example.db.signed file
contains carriage return characters at the end of each line.  Remove
them before passing the aforementioned file to the awk script extracting
key IDs so that the latter can work properly.

(cherry picked from commit e4280ed9)

As signals are currently not handled by named on Windows, instances
terminated using signals are not able to perform a clean shutdown, which
involves e.g. removing the lock file.  Thus, waiting for a given
instance's lock file to be removed beforing assuming it is shut down
is pointless on Windows, so do not even attempt it.

(cherry picked from commit 761ba451)

[v9_11] win32: remove lock file upon shutdown

See merge request !1833

5214.	[bug]		win32: named now removes its lock file upon shutdown.
			[GL #979]

(cherry picked from commit e0484368)

Upon named shutdown, the lock file should not just be unlocked but also
removed.

(cherry picked from commit c506077d)

[v9_11] win32: fix service state reported during shutdown

See merge request !1831

5213.	[bug]		win32: Eliminated a race which allowed named.exe running
			as a service to be killed prematurely during shutdown.
			[GL #978]

(cherry picked from commit e7332343)

When a Windows service receives a request to stop, it should not set its
state to SERVICE_STOPPED until it is completely shut down as doing that
allows the operating system to kill that service prematurely, which in
the case of named may e.g. prevent the PID file and/or the lock file
from being cleaned up.

Set service state to SERVICE_STOP_PENDING when named begins its shutdown
and only report the SERVICE_STOPPED state immediately before exiting.

(cherry picked from commit 964749df)