auth_srv_unittest.cc 24.7 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
// Copyright (C) 2010  Internet Systems Consortium, Inc. ("ISC")
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
// AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
// PERFORMANCE OF THIS SOFTWARE.

// $Id$

17 18
#include <config.h>

19 20 21 22 23 24 25 26 27
#include <gtest/gtest.h>

#include <dns/buffer.h>
#include <dns/name.h>
#include <dns/message.h>
#include <dns/messagerenderer.h>
#include <dns/rrclass.h>
#include <dns/rrtype.h>

28
#include <cc/data.h>
29
#include <cc/session.h>
30

31
#include <xfr/xfrout_client.h>
32

33
#include <auth/auth_srv.h>
34
#include <asiolink/asiolink.h>
35 36

#include <dns/tests/unittest_util.h>
Evan Hunt's avatar
Evan Hunt committed
37
#include <auth/tests/mockups.h>
38 39

using namespace std;
40
using namespace isc::cc;
41
using namespace isc::dns;
42
using namespace isc::data;
43
using namespace isc::xfr;
44
using namespace asiolink;
Evan Hunt's avatar
Evan Hunt committed
45
using isc::UnitTestUtil;
46 47

namespace {
48
const char* const CONFIG_TESTDB =
49
    "{\"database_file\": \"" TEST_DATA_DIR "/example.sqlite3\"}";
50 51
// The following file must be non existent and must be non"creatable" (see
// the sqlite3 test).
52
const char* const BADCONFIG_TESTDB =
53
    "{ \"database_file\": \"" TEST_DATA_DIR "/nodir/notexist\"}";
54
const char* const DEFAULT_REMOTE_ADDRESS = "192.0.2.1";
55

56 57 58 59 60 61 62 63 64 65 66 67
class DummySocket : public IOSocket {
private:
    DummySocket(const DummySocket& source);
    DummySocket& operator=(const DummySocket& source);
public:
    DummySocket(const int protocol) : protocol_(protocol) {}
    virtual int getNative() const { return (-1); }
    virtual int getProtocol() const { return (protocol_); }
private:
    const int protocol_;
};

68 69
class AuthSrvTest : public ::testing::Test {
protected:
70
    AuthSrvTest() : server(true, xfrout),
71
                    request_message(Message::RENDER),
72 73 74 75 76 77
                    parse_message(new Message(Message::PARSE)),
                    default_qid(0x1035), opcode(Opcode(Opcode::QUERY())),
                    qname("www.example.com"), qclass(RRClass::IN()),
                    qtype(RRType::A()), io_message(NULL), endpoint(NULL),
                    request_obuffer(0), request_renderer(request_obuffer),
                    response_obuffer(new OutputBuffer(0))
78
    {
79
        server.setXfrinSession(&notify_session);
80
    }
81 82
    ~AuthSrvTest() {
        delete io_message;
83
        delete endpoint;
84
    }
85
    MockSession notify_session;
86
    MockXfroutClient xfrout;
Evan Hunt's avatar
Evan Hunt committed
87
    MockServer dnsserv;
88 89
    AuthSrv server;
    Message request_message;
90
    MessagePtr parse_message;
91 92 93 94 95
    const qid_t default_qid;
    const Opcode opcode;
    const Name qname;
    const RRClass qclass;
    const RRType qtype;
96
    IOSocket* io_sock;
97 98
    IOMessage* io_message;
    const IOEndpoint* endpoint;
99 100
    OutputBuffer request_obuffer;
    MessageRenderer request_renderer;
101
    OutputBufferPtr response_obuffer;
102
    vector<uint8_t> data;
103

JINMEI Tatuya's avatar
JINMEI Tatuya committed
104
    void createDataFromFile(const char* const datafile, int protocol);
Evan Hunt's avatar
Evan Hunt committed
105
    void createRequestPacket(Message& message, int protocol);
106 107
};

108

109 110 111 112 113 114 115 116 117 118 119 120
// These are flags to indicate whether the corresponding flag bit of the
// DNS header is to be set in the test cases.  (Note that the flag values
// is irrelevant to their wire-format values)
const unsigned int QR_FLAG = 0x1;
const unsigned int AA_FLAG = 0x2;
const unsigned int TC_FLAG = 0x4;
const unsigned int RD_FLAG = 0x8;
const unsigned int RA_FLAG = 0x10;
const unsigned int AD_FLAG = 0x20;
const unsigned int CD_FLAG = 0x40;

void
JINMEI Tatuya's avatar
JINMEI Tatuya committed
121 122 123
AuthSrvTest::createDataFromFile(const char* const datafile,
                                const int protocol = IPPROTO_UDP)
{
124
    delete io_message;
125 126
    data.clear();

127
    delete endpoint;
128

129 130
    endpoint = IOEndpoint::create(protocol,
                                  IOAddress(DEFAULT_REMOTE_ADDRESS), 5300);
131
    UnitTestUtil::readWireData(datafile, data);
132 133
    io_sock = new DummySocket(protocol);
    io_message = new IOMessage(&data[0], data.size(), *io_sock, *endpoint);
134 135
}

136
void
Evan Hunt's avatar
Evan Hunt committed
137
AuthSrvTest::createRequestPacket(Message& message,
138 139
                                 const int protocol = IPPROTO_UDP)
{
Evan Hunt's avatar
Evan Hunt committed
140
    message.toWire(request_renderer);
141 142

    delete io_message;
143 144
    delete io_sock;

145 146
    endpoint = IOEndpoint::create(protocol,
                                  IOAddress(DEFAULT_REMOTE_ADDRESS), 5300);
147
    io_sock = new DummySocket(protocol);
148 149
    io_message = new IOMessage(request_renderer.getData(),
                               request_renderer.getLength(),
150
                               *io_sock, *endpoint);
151 152
}

153 154 155 156 157 158 159 160 161 162
void
headerCheck(const Message& message, const qid_t qid, const Rcode& rcode,
            const uint16_t opcodeval, const unsigned int flags,
            const unsigned int qdcount,
            const unsigned int ancount, const unsigned int nscount,
            const unsigned int arcount)
{
    EXPECT_EQ(qid, message.getQid());
    EXPECT_EQ(rcode, message.getRcode());
    EXPECT_EQ(opcodeval, message.getOpcode().getCode());
163 164 165 166 167 168 169
    EXPECT_EQ((flags & QR_FLAG) != 0, message.getHeaderFlag(MessageFlag::QR()));
    EXPECT_EQ((flags & AA_FLAG) != 0, message.getHeaderFlag(MessageFlag::AA()));
    EXPECT_EQ((flags & TC_FLAG) != 0, message.getHeaderFlag(MessageFlag::TC()));
    EXPECT_EQ((flags & RA_FLAG) != 0, message.getHeaderFlag(MessageFlag::RA()));
    EXPECT_EQ((flags & RD_FLAG) != 0, message.getHeaderFlag(MessageFlag::RD()));
    EXPECT_EQ((flags & AD_FLAG) != 0, message.getHeaderFlag(MessageFlag::AD()));
    EXPECT_EQ((flags & CD_FLAG) != 0, message.getHeaderFlag(MessageFlag::CD()));
170 171 172 173 174 175 176 177 178

    EXPECT_EQ(qdcount, message.getRRCount(Section::QUESTION()));
    EXPECT_EQ(ancount, message.getRRCount(Section::ANSWER()));
    EXPECT_EQ(nscount, message.getRRCount(Section::AUTHORITY()));
    EXPECT_EQ(arcount, message.getRRCount(Section::ADDITIONAL()));
}

// Unsupported requests.  Should result in NOTIMP.
TEST_F(AuthSrvTest, unsupportedRequest) {
179
    for (unsigned int i = 0; i < 16; ++i) {
180
        // set Opcode to 'i', which iterators over all possible codes except
181 182 183
        // the standard query and notify
        if (i == Opcode::QUERY().getCode() ||
            i == Opcode::NOTIFY().getCode()) {
Han Feng's avatar
Han Feng committed
184
            continue;
185
        }
186
        createDataFromFile("simplequery_fromWire");
187 188
        data[2] = ((i << 3) & 0xff);

189 190
        parse_message->clear(Message::PARSE);
        server.processMessage(*io_message, parse_message, response_obuffer,
Evan Hunt's avatar
Evan Hunt committed
191 192
                              &dnsserv);
        EXPECT_TRUE(dnsserv.hasAnswer());
193
        headerCheck(*parse_message, default_qid, Rcode::NOTIMP(), i, QR_FLAG,
194 195
                    0, 0, 0, 0);
    }
196
}
197

198 199 200 201 202 203 204 205 206
// Simple API check
TEST_F(AuthSrvTest, verbose) {
    EXPECT_FALSE(server.getVerbose());
    server.setVerbose(true);
    EXPECT_TRUE(server.getVerbose());
    server.setVerbose(false);
    EXPECT_FALSE(server.getVerbose());
}

207 208
// Multiple questions.  Should result in FORMERR.
TEST_F(AuthSrvTest, multiQuestion) {
209
    createDataFromFile("multiquestion_fromWire");
Evan Hunt's avatar
Evan Hunt committed
210 211
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_TRUE(dnsserv.hasAnswer());
212
    headerCheck(*parse_message, default_qid, Rcode::FORMERR(), opcode.getCode(),
213 214
                QR_FLAG, 2, 0, 0, 0);

215
    QuestionIterator qit = parse_message->beginQuestion();
216 217 218 219 220 221 222 223
    EXPECT_EQ(Name("example.com"), (*qit)->getName());
    EXPECT_EQ(RRClass::IN(), (*qit)->getClass());
    EXPECT_EQ(RRType::A(), (*qit)->getType());
    ++qit;
    EXPECT_EQ(Name("example.com"), (*qit)->getName());
    EXPECT_EQ(RRClass::IN(), (*qit)->getClass());
    EXPECT_EQ(RRType::AAAA(), (*qit)->getType());
    ++qit;
224
    EXPECT_TRUE(qit == parse_message->endQuestion());
225 226
}

227 228 229
// Incoming data doesn't even contain the complete header.  Must be silently
// dropped.
TEST_F(AuthSrvTest, shortMessage) {
230
    createDataFromFile("shortmessage_fromWire");
Evan Hunt's avatar
Evan Hunt committed
231 232
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_FALSE(dnsserv.hasAnswer());
233 234 235 236 237 238
}

// Response messages.  Must be silently dropped, whether it's a valid response
// or malformed or could otherwise cause a protocol error.
TEST_F(AuthSrvTest, response) {
    // A valid (although unusual) response
239
    createDataFromFile("simpleresponse_fromWire");
Evan Hunt's avatar
Evan Hunt committed
240 241
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_FALSE(dnsserv.hasAnswer());
242 243 244

    // A response with a broken question section.  must be dropped rather than
    // returning FORMERR.
245
    createDataFromFile("shortresponse_fromWire");
Evan Hunt's avatar
Evan Hunt committed
246 247
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_FALSE(dnsserv.hasAnswer());
248 249

    // A response to iquery.  must be dropped rather than returning NOTIMP.
250
    createDataFromFile("iqueryresponse_fromWire");
Evan Hunt's avatar
Evan Hunt committed
251 252
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_FALSE(dnsserv.hasAnswer());
253 254 255 256
}

// Query with a broken question
TEST_F(AuthSrvTest, shortQuestion) {
257
    createDataFromFile("shortquestion_fromWire");
Evan Hunt's avatar
Evan Hunt committed
258 259
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_TRUE(dnsserv.hasAnswer());
260 261
    // Since the query's question is broken, the question section of the
    // response should be empty.
262
    headerCheck(*parse_message, default_qid, Rcode::FORMERR(), opcode.getCode(),
263 264
                QR_FLAG, 0, 0, 0, 0);
}
265

266 267
// Query with a broken answer section
TEST_F(AuthSrvTest, shortAnswer) {
268
    createDataFromFile("shortanswer_fromWire");
Evan Hunt's avatar
Evan Hunt committed
269 270
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_TRUE(dnsserv.hasAnswer());
271 272 273

    // This is a bogus query, but question section is valid.  So the response
    // should copy the question section.
274
    headerCheck(*parse_message, default_qid, Rcode::FORMERR(), opcode.getCode(),
275 276
                QR_FLAG, 1, 0, 0, 0);

277
    QuestionIterator qit = parse_message->beginQuestion();
278 279 280 281
    EXPECT_EQ(Name("example.com"), (*qit)->getName());
    EXPECT_EQ(RRClass::IN(), (*qit)->getClass());
    EXPECT_EQ(RRType::A(), (*qit)->getType());
    ++qit;
282
    EXPECT_TRUE(qit == parse_message->endQuestion());
283 284
}

285 286
// Query with unsupported version of EDNS.
TEST_F(AuthSrvTest, ednsBadVers) {
287
    createDataFromFile("queryBadEDNS_fromWire");
Evan Hunt's avatar
Evan Hunt committed
288 289
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_TRUE(dnsserv.hasAnswer());
290 291 292 293

    // The response must have an EDNS OPT RR in the additional section.
    // Note that the DNSSEC DO bit is cleared even if this bit in the query
    // is set.  This is a limitation of the current implementation.
294
    headerCheck(*parse_message, default_qid, Rcode::BADVERS(), opcode.getCode(),
295
                QR_FLAG, 1, 0, 0, 1);
296 297
    EXPECT_EQ(4096, parse_message->getUDPSize());
    EXPECT_FALSE(parse_message->isDNSSECSupported());
298 299
}

JINMEI Tatuya's avatar
JINMEI Tatuya committed
300 301
TEST_F(AuthSrvTest, AXFROverUDP) {
    // AXFR over UDP is invalid and should result in FORMERR.
Evan Hunt's avatar
Evan Hunt committed
302 303 304 305 306 307
    UnitTestUtil::createRequestMessage(request_message, opcode, default_qid,
                         Name("example.com"), RRClass::IN(),
                         RRType::AXFR());
    createRequestPacket(request_message, IPPROTO_UDP);
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_TRUE(dnsserv.hasAnswer());
308
    headerCheck(*parse_message, default_qid, Rcode::FORMERR(), opcode.getCode(),
JINMEI Tatuya's avatar
JINMEI Tatuya committed
309 310 311
                QR_FLAG, 1, 0, 0, 0);
}

312 313
TEST_F(AuthSrvTest, AXFRSuccess) {
    EXPECT_FALSE(xfrout.isConnected());
Evan Hunt's avatar
Evan Hunt committed
314 315 316
    UnitTestUtil::createRequestMessage(request_message, opcode, default_qid,
                         Name("example.com"), RRClass::IN(), RRType::AXFR());
    createRequestPacket(request_message, IPPROTO_TCP);
317 318
    // On success, the AXFR query has been passed to a separate process,
    // so we shouldn't have to respond.
Evan Hunt's avatar
Evan Hunt committed
319 320
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_FALSE(dnsserv.hasAnswer());
321
    EXPECT_FALSE(xfrout.isConnected());
322 323 324 325 326
}

TEST_F(AuthSrvTest, AXFRConnectFail) {
    EXPECT_FALSE(xfrout.isConnected()); // check prerequisite
    xfrout.disableConnect();
Evan Hunt's avatar
Evan Hunt committed
327 328 329 330 331
    UnitTestUtil::createRequestMessage(request_message, opcode, default_qid,
                         Name("example.com"), RRClass::IN(), RRType::AXFR());
    createRequestPacket(request_message, IPPROTO_TCP);
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_TRUE(dnsserv.hasAnswer());
332
    headerCheck(*parse_message, default_qid, Rcode::SERVFAIL(),
333
                opcode.getCode(), QR_FLAG, 1, 0, 0, 0);
334 335
    // For a shot term workaround with xfrout we currently close the connection
    // for each AXFR attempt
336 337 338 339 340 341
    EXPECT_FALSE(xfrout.isConnected());
}

TEST_F(AuthSrvTest, AXFRSendFail) {
    // first send a valid query, making the connection with the xfr process
    // open.
Evan Hunt's avatar
Evan Hunt committed
342 343 344 345
    UnitTestUtil::createRequestMessage(request_message, opcode, default_qid,
                         Name("example.com"), RRClass::IN(), RRType::AXFR());
    createRequestPacket(request_message, IPPROTO_TCP);
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
346
    EXPECT_FALSE(xfrout.isConnected()); // see above
347 348

    xfrout.disableSend();
349 350
    parse_message->clear(Message::PARSE);
    response_obuffer->clear();
Evan Hunt's avatar
Evan Hunt committed
351 352 353 354 355
    UnitTestUtil::createRequestMessage(request_message, opcode, default_qid,
                         Name("example.com"), RRClass::IN(), RRType::AXFR());
    createRequestPacket(request_message, IPPROTO_TCP);
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_TRUE(dnsserv.hasAnswer());
356
    headerCheck(*parse_message, default_qid, Rcode::SERVFAIL(),
357 358 359 360 361 362 363 364 365 366 367
                opcode.getCode(), QR_FLAG, 1, 0, 0, 0);

    // The connection should have been closed due to the send failure.
    EXPECT_FALSE(xfrout.isConnected());
}

TEST_F(AuthSrvTest, AXFRDisconnectFail) {
    // In our usage disconnect() shouldn't fail.  So we'll see the exception
    // should it be thrown.
    xfrout.disableSend();
    xfrout.disableDisconnect();
Evan Hunt's avatar
Evan Hunt committed
368 369 370
    UnitTestUtil::createRequestMessage(request_message, opcode, default_qid,
                         Name("example.com"), RRClass::IN(), RRType::AXFR());
    createRequestPacket(request_message, IPPROTO_TCP);
371
    EXPECT_THROW(server.processMessage(*io_message, parse_message,
Evan Hunt's avatar
Evan Hunt committed
372
                                       response_obuffer, &dnsserv),
373 374 375 376 377 378 379
                 XfroutError);
    EXPECT_TRUE(xfrout.isConnected());
    // XXX: we need to re-enable disconnect.  otherwise an exception would be
    // thrown via the destructor of the server.
    xfrout.enableDisconnect();
}

380
TEST_F(AuthSrvTest, notify) {
Evan Hunt's avatar
Evan Hunt committed
381 382
    UnitTestUtil::createRequestMessage(request_message, Opcode::NOTIFY(), default_qid,
                         Name("example.com"), RRClass::IN(), RRType::SOA());
383
    request_message.setHeaderFlag(MessageFlag::AA());
Evan Hunt's avatar
Evan Hunt committed
384 385 386
    createRequestPacket(request_message, IPPROTO_UDP);
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_TRUE(dnsserv.hasAnswer());
387 388 389

    // An internal command message should have been created and sent to an
    // external module.  Check them.
390
    EXPECT_EQ("Zonemgr", notify_session.msg_destination);
391 392
    EXPECT_EQ("notify",
              notify_session.sent_msg->get("command")->get(0)->stringValue());
393 394
    ConstElementPtr notify_args =
        notify_session.sent_msg->get("command")->get(1);
395 396 397
    EXPECT_EQ("example.com.", notify_args->get("zone_name")->stringValue());
    EXPECT_EQ(DEFAULT_REMOTE_ADDRESS,
              notify_args->get("master")->stringValue());
398
    EXPECT_EQ("IN", notify_args->get("zone_class")->stringValue());
399 400

    // On success, the server should return a response to the notify.
401
    headerCheck(*parse_message, default_qid, Rcode::NOERROR(),
402 403
                Opcode::NOTIFY().getCode(), QR_FLAG | AA_FLAG, 1, 0, 0, 0);

404
    // The question must be identical to that of the received notify
405
    ConstQuestionPtr question = *parse_message->beginQuestion();
406 407 408 409 410
    EXPECT_EQ(Name("example.com"), question->getName());
    EXPECT_EQ(RRClass::IN(), question->getClass());
    EXPECT_EQ(RRType::SOA(), question->getType());
}

411 412
TEST_F(AuthSrvTest, notifyForCHClass) {
    // Same as the previous test, but for the CH RRClass.
Evan Hunt's avatar
Evan Hunt committed
413 414
    UnitTestUtil::createRequestMessage(request_message, Opcode::NOTIFY(), default_qid,
                         Name("example.com"), RRClass::CH(), RRType::SOA());
415
    request_message.setHeaderFlag(MessageFlag::AA());
Evan Hunt's avatar
Evan Hunt committed
416 417 418
    createRequestPacket(request_message, IPPROTO_UDP);
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_TRUE(dnsserv.hasAnswer());
419 420 421

    // Other conditions should be the same, so simply confirm the RR class is
    // set correctly.
422 423
    ConstElementPtr notify_args =
        notify_session.sent_msg->get("command")->get(1);
424
    EXPECT_EQ("CH", notify_args->get("zone_class")->stringValue());
425 426
}

427 428 429 430 431 432
TEST_F(AuthSrvTest, notifyEmptyQuestion) {
    request_message.clear(Message::RENDER);
    request_message.setOpcode(Opcode::NOTIFY());
    request_message.setHeaderFlag(MessageFlag::AA());
    request_message.setQid(default_qid);
    request_message.toWire(request_renderer);
Evan Hunt's avatar
Evan Hunt committed
433 434 435
    createRequestPacket(request_message, IPPROTO_UDP);
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_TRUE(dnsserv.hasAnswer());
436
    headerCheck(*parse_message, default_qid, Rcode::FORMERR(),
437 438 439 440
                Opcode::NOTIFY().getCode(), QR_FLAG, 0, 0, 0, 0);
}

TEST_F(AuthSrvTest, notifyMultiQuestions) {
Evan Hunt's avatar
Evan Hunt committed
441 442
    UnitTestUtil::createRequestMessage(request_message, Opcode::NOTIFY(), default_qid,
                         Name("example.com"), RRClass::IN(), RRType::SOA());
443 444 445 446
    // add one more SOA question
    request_message.addQuestion(Question(Name("example.com"), RRClass::IN(),
                                         RRType::SOA()));
    request_message.setHeaderFlag(MessageFlag::AA());
Evan Hunt's avatar
Evan Hunt committed
447 448 449
    createRequestPacket(request_message, IPPROTO_UDP);
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_TRUE(dnsserv.hasAnswer());
450
    headerCheck(*parse_message, default_qid, Rcode::FORMERR(),
451 452 453 454
                Opcode::NOTIFY().getCode(), QR_FLAG, 2, 0, 0, 0);
}

TEST_F(AuthSrvTest, notifyNonSOAQuestion) {
Evan Hunt's avatar
Evan Hunt committed
455 456
    UnitTestUtil::createRequestMessage(request_message, Opcode::NOTIFY(), default_qid,
                         Name("example.com"), RRClass::IN(), RRType::NS());
457
    request_message.setHeaderFlag(MessageFlag::AA());
Evan Hunt's avatar
Evan Hunt committed
458 459 460
    createRequestPacket(request_message, IPPROTO_UDP);
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_TRUE(dnsserv.hasAnswer());
461
    headerCheck(*parse_message, default_qid, Rcode::FORMERR(),
462 463 464 465 466
                Opcode::NOTIFY().getCode(), QR_FLAG, 1, 0, 0, 0);
}

TEST_F(AuthSrvTest, notifyWithoutAA) {
    // implicitly leave the AA bit off.  our implementation will accept it.
Evan Hunt's avatar
Evan Hunt committed
467 468 469 470 471
    UnitTestUtil::createRequestMessage(request_message, Opcode::NOTIFY(), default_qid,
                         Name("example.com"), RRClass::IN(), RRType::SOA());
    createRequestPacket(request_message, IPPROTO_UDP);
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_TRUE(dnsserv.hasAnswer());
472
    headerCheck(*parse_message, default_qid, Rcode::NOERROR(),
473 474 475 476
                Opcode::NOTIFY().getCode(), QR_FLAG | AA_FLAG, 1, 0, 0, 0);
}

TEST_F(AuthSrvTest, notifyWithErrorRcode) {
Evan Hunt's avatar
Evan Hunt committed
477 478
    UnitTestUtil::createRequestMessage(request_message, Opcode::NOTIFY(), default_qid,
                         Name("example.com"), RRClass::IN(), RRType::SOA());
479 480
    request_message.setHeaderFlag(MessageFlag::AA());
    request_message.setRcode(Rcode::SERVFAIL());
Evan Hunt's avatar
Evan Hunt committed
481 482 483
    createRequestPacket(request_message, IPPROTO_UDP);
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_TRUE(dnsserv.hasAnswer());
484
    headerCheck(*parse_message, default_qid, Rcode::NOERROR(),
485
                Opcode::NOTIFY().getCode(), QR_FLAG | AA_FLAG, 1, 0, 0, 0);
Han Feng's avatar
Han Feng committed
486 487
}

488
TEST_F(AuthSrvTest, notifyWithoutSession) {
489
    server.setXfrinSession(NULL);
490

Evan Hunt's avatar
Evan Hunt committed
491 492
    UnitTestUtil::createRequestMessage(request_message, Opcode::NOTIFY(), default_qid,
                         Name("example.com"), RRClass::IN(), RRType::SOA());
493
    request_message.setHeaderFlag(MessageFlag::AA());
Evan Hunt's avatar
Evan Hunt committed
494
    createRequestPacket(request_message, IPPROTO_UDP);
495 496 497

    // we simply ignore the notify and let it be resent if an internal error
    // happens.
Evan Hunt's avatar
Evan Hunt committed
498 499
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_FALSE(dnsserv.hasAnswer());
500 501 502 503 504
}

TEST_F(AuthSrvTest, notifySendFail) {
    notify_session.disableSend();

Evan Hunt's avatar
Evan Hunt committed
505 506
    UnitTestUtil::createRequestMessage(request_message, Opcode::NOTIFY(), default_qid,
                         Name("example.com"), RRClass::IN(), RRType::SOA());
507
    request_message.setHeaderFlag(MessageFlag::AA());
Evan Hunt's avatar
Evan Hunt committed
508
    createRequestPacket(request_message, IPPROTO_UDP);
509

Evan Hunt's avatar
Evan Hunt committed
510 511
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_FALSE(dnsserv.hasAnswer());
512 513 514 515 516
}

TEST_F(AuthSrvTest, notifyReceiveFail) {
    notify_session.disableReceive();

Evan Hunt's avatar
Evan Hunt committed
517 518
    UnitTestUtil::createRequestMessage(request_message, Opcode::NOTIFY(), default_qid,
                         Name("example.com"), RRClass::IN(), RRType::SOA());
519
    request_message.setHeaderFlag(MessageFlag::AA());
Evan Hunt's avatar
Evan Hunt committed
520 521 522
    createRequestPacket(request_message, IPPROTO_UDP);
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_FALSE(dnsserv.hasAnswer());
523 524 525
}

TEST_F(AuthSrvTest, notifyWithBogusSessionMessage) {
526
    notify_session.setMessage(Element::fromJSON("{\"foo\": 1}"));
527

Evan Hunt's avatar
Evan Hunt committed
528 529
    UnitTestUtil::createRequestMessage(request_message, Opcode::NOTIFY(), default_qid,
                         Name("example.com"), RRClass::IN(), RRType::SOA());
530
    request_message.setHeaderFlag(MessageFlag::AA());
Evan Hunt's avatar
Evan Hunt committed
531 532 533
    createRequestPacket(request_message, IPPROTO_UDP);
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_FALSE(dnsserv.hasAnswer());
534 535 536 537
}

TEST_F(AuthSrvTest, notifyWithSessionMessageError) {
    notify_session.setMessage(
538
        Element::fromJSON("{\"result\": [1, \"FAIL\"]}"));
539

Evan Hunt's avatar
Evan Hunt committed
540 541
    UnitTestUtil::createRequestMessage(request_message, Opcode::NOTIFY(), default_qid,
                         Name("example.com"), RRClass::IN(), RRType::SOA());
542
    request_message.setHeaderFlag(MessageFlag::AA());
Evan Hunt's avatar
Evan Hunt committed
543 544 545
    createRequestPacket(request_message, IPPROTO_UDP);
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_FALSE(dnsserv.hasAnswer());
546 547
}

548
void
549 550 551
updateConfig(AuthSrv* server, const char* const dbfile,
             const bool expect_success)
{
552
    ConstElementPtr config_answer =
553
        server->updateConfig(Element::fromJSON(dbfile));
554 555 556
    EXPECT_EQ(Element::map, config_answer->getType());
    EXPECT_TRUE(config_answer->contains("result"));

557
    ConstElementPtr result = config_answer->get("result");
558
    EXPECT_EQ(Element::list, result->getType());
559
    EXPECT_EQ(expect_success ? 0 : 1, result->get(0)->intValue());
560 561 562 563
}

// Install a Sqlite3 data source with testing data.
TEST_F(AuthSrvTest, updateConfig) {
564
    updateConfig(&server, CONFIG_TESTDB, true);
565 566 567 568

    // query for existent data in the installed data source.  The resulting
    // response should have the AA flag on, and have an RR in each answer
    // and authority section.
569
    createDataFromFile("examplequery_fromWire");
Evan Hunt's avatar
Evan Hunt committed
570 571
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_TRUE(dnsserv.hasAnswer());
572
    headerCheck(*parse_message, default_qid, Rcode::NOERROR(), opcode.getCode(),
573 574 575 576
                QR_FLAG | AA_FLAG, 1, 1, 1, 0);
}

TEST_F(AuthSrvTest, datasourceFail) {
577
    updateConfig(&server, CONFIG_TESTDB, true);
578 579 580 581 582

    // This query will hit a corrupted entry of the data source (the zoneload
    // tool and the data source itself naively accept it).  This will result
    // in a SERVFAIL response, and the answer and authority sections should
    // be empty.
583
    createDataFromFile("badExampleQuery_fromWire");
Evan Hunt's avatar
Evan Hunt committed
584 585
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_TRUE(dnsserv.hasAnswer());
586
    headerCheck(*parse_message, default_qid, Rcode::SERVFAIL(),
587
                opcode.getCode(), QR_FLAG, 1, 0, 0, 0);
588
}
589 590 591 592 593 594 595 596 597

TEST_F(AuthSrvTest, updateConfigFail) {
    // First, load a valid data source.
    updateConfig(&server, CONFIG_TESTDB, true);

    // Next, try to update it with a non-existent one.  This should fail.
    updateConfig(&server, BADCONFIG_TESTDB, false);

    // The original data source should still exist.
598
    createDataFromFile("examplequery_fromWire");
Evan Hunt's avatar
Evan Hunt committed
599 600
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_TRUE(dnsserv.hasAnswer());
601
    headerCheck(*parse_message, default_qid, Rcode::NOERROR(), opcode.getCode(),
602 603
                QR_FLAG | AA_FLAG, 1, 1, 1, 0);
}
604
}