auth_srv_unittest.cc 17.1 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
// Copyright (C) 2010  Internet Systems Consortium, Inc. ("ISC")
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
// AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
// PERFORMANCE OF THIS SOFTWARE.

// $Id$

17
#include <config.h>
JINMEI Tatuya's avatar
JINMEI Tatuya committed
18
#include <datasrc/memory_datasrc.h>
19
#include <auth/auth_srv.h>
20
#include <testutils/srv_unittest.h>
21

22
using namespace isc::cc;
23
using namespace isc::dns;
24
using namespace isc::data;
25
using namespace isc::xfr;
26
using namespace asiolink;
Evan Hunt's avatar
Evan Hunt committed
27
using isc::UnitTestUtil;
28 29

namespace {
30
const char* const CONFIG_TESTDB =
31
    "{\"database_file\": \"" TEST_DATA_DIR "/example.sqlite3\"}";
32 33
// The following file must be non existent and must be non"creatable" (see
// the sqlite3 test).
34
const char* const BADCONFIG_TESTDB =
35
    "{ \"database_file\": \"" TEST_DATA_DIR "/nodir/notexist\"}";
36

37
class AuthSrvTest : public SrvTestBase {
38
protected:
JINMEI Tatuya's avatar
JINMEI Tatuya committed
39
    AuthSrvTest() : server(true, xfrout), rrclass(RRClass::IN()) {
40
        server.setXfrinSession(&notify_session);
41
    }
42
    MockXfroutClient xfrout;
43
    AuthSrv server;
JINMEI Tatuya's avatar
JINMEI Tatuya committed
44
    const RRClass rrclass;
45 46
};

47 48
// Unsupported requests.  Should result in NOTIMP.
TEST_F(AuthSrvTest, unsupportedRequest) {
49
    UNSUPPORTED_REQUEST_TEST;
50
}
51

52 53
// Simple API check
TEST_F(AuthSrvTest, verbose) {
54
    VERBOSE_TEST;
55 56
}

57 58
// Multiple questions.  Should result in FORMERR.
TEST_F(AuthSrvTest, multiQuestion) {
59
    MULTI_QUESTION_TEST;
60 61
}

62 63 64
// Incoming data doesn't even contain the complete header.  Must be silently
// dropped.
TEST_F(AuthSrvTest, shortMessage) {
65
    SHORT_MESSAGE_TEST;
66 67 68 69 70
}

// Response messages.  Must be silently dropped, whether it's a valid response
// or malformed or could otherwise cause a protocol error.
TEST_F(AuthSrvTest, response) {
71
    RESPONSE_TEST;
72 73 74 75
}

// Query with a broken question
TEST_F(AuthSrvTest, shortQuestion) {
76
    SHORT_QUESTION_TEST;
77
}
78

79 80
// Query with a broken answer section
TEST_F(AuthSrvTest, shortAnswer) {
81
    SHORT_ANSWER_TEST;
82 83
}

84 85
// Query with unsupported version of EDNS.
TEST_F(AuthSrvTest, ednsBadVers) {
86
    EDNS_BADVERS_TEST;
87 88
}

JINMEI Tatuya's avatar
JINMEI Tatuya committed
89
TEST_F(AuthSrvTest, AXFROverUDP) {
90
    AXFR_OVER_UDP_TEST;
JINMEI Tatuya's avatar
JINMEI Tatuya committed
91 92
}

93 94
TEST_F(AuthSrvTest, AXFRSuccess) {
    EXPECT_FALSE(xfrout.isConnected());
Evan Hunt's avatar
Evan Hunt committed
95 96 97
    UnitTestUtil::createRequestMessage(request_message, opcode, default_qid,
                         Name("example.com"), RRClass::IN(), RRType::AXFR());
    createRequestPacket(request_message, IPPROTO_TCP);
98 99
    // On success, the AXFR query has been passed to a separate process,
    // so we shouldn't have to respond.
Evan Hunt's avatar
Evan Hunt committed
100 101
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_FALSE(dnsserv.hasAnswer());
102
    EXPECT_TRUE(xfrout.isConnected());
103 104 105 106 107
}

TEST_F(AuthSrvTest, AXFRConnectFail) {
    EXPECT_FALSE(xfrout.isConnected()); // check prerequisite
    xfrout.disableConnect();
Evan Hunt's avatar
Evan Hunt committed
108 109 110 111 112
    UnitTestUtil::createRequestMessage(request_message, opcode, default_qid,
                         Name("example.com"), RRClass::IN(), RRType::AXFR());
    createRequestPacket(request_message, IPPROTO_TCP);
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_TRUE(dnsserv.hasAnswer());
113
    headerCheck(*parse_message, default_qid, Rcode::SERVFAIL(),
114 115 116 117 118 119 120
                opcode.getCode(), QR_FLAG, 1, 0, 0, 0);
    EXPECT_FALSE(xfrout.isConnected());
}

TEST_F(AuthSrvTest, AXFRSendFail) {
    // first send a valid query, making the connection with the xfr process
    // open.
Evan Hunt's avatar
Evan Hunt committed
121 122 123 124
    UnitTestUtil::createRequestMessage(request_message, opcode, default_qid,
                         Name("example.com"), RRClass::IN(), RRType::AXFR());
    createRequestPacket(request_message, IPPROTO_TCP);
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
125
    EXPECT_TRUE(xfrout.isConnected());
126 127

    xfrout.disableSend();
128 129
    parse_message->clear(Message::PARSE);
    response_obuffer->clear();
Evan Hunt's avatar
Evan Hunt committed
130 131 132 133 134
    UnitTestUtil::createRequestMessage(request_message, opcode, default_qid,
                         Name("example.com"), RRClass::IN(), RRType::AXFR());
    createRequestPacket(request_message, IPPROTO_TCP);
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_TRUE(dnsserv.hasAnswer());
135
    headerCheck(*parse_message, default_qid, Rcode::SERVFAIL(),
136 137 138 139 140 141 142 143 144 145 146
                opcode.getCode(), QR_FLAG, 1, 0, 0, 0);

    // The connection should have been closed due to the send failure.
    EXPECT_FALSE(xfrout.isConnected());
}

TEST_F(AuthSrvTest, AXFRDisconnectFail) {
    // In our usage disconnect() shouldn't fail.  So we'll see the exception
    // should it be thrown.
    xfrout.disableSend();
    xfrout.disableDisconnect();
Evan Hunt's avatar
Evan Hunt committed
147 148 149
    UnitTestUtil::createRequestMessage(request_message, opcode, default_qid,
                         Name("example.com"), RRClass::IN(), RRType::AXFR());
    createRequestPacket(request_message, IPPROTO_TCP);
150
    EXPECT_THROW(server.processMessage(*io_message, parse_message,
Evan Hunt's avatar
Evan Hunt committed
151
                                       response_obuffer, &dnsserv),
152 153 154 155 156 157 158
                 XfroutError);
    EXPECT_TRUE(xfrout.isConnected());
    // XXX: we need to re-enable disconnect.  otherwise an exception would be
    // thrown via the destructor of the server.
    xfrout.enableDisconnect();
}

159
TEST_F(AuthSrvTest, notify) {
Evan Hunt's avatar
Evan Hunt committed
160 161
    UnitTestUtil::createRequestMessage(request_message, Opcode::NOTIFY(), default_qid,
                         Name("example.com"), RRClass::IN(), RRType::SOA());
162
    request_message.setHeaderFlag(Message::HEADERFLAG_AA);
Evan Hunt's avatar
Evan Hunt committed
163 164 165
    createRequestPacket(request_message, IPPROTO_UDP);
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_TRUE(dnsserv.hasAnswer());
166 167 168

    // An internal command message should have been created and sent to an
    // external module.  Check them.
Evan Hunt's avatar
Evan Hunt committed
169
    EXPECT_EQ("Zonemgr", notify_session.getMessageDest());
170
    EXPECT_EQ("notify",
Evan Hunt's avatar
Evan Hunt committed
171
              notify_session.getSentMessage()->get("command")->get(0)->stringValue());
172
    ConstElementPtr notify_args =
Evan Hunt's avatar
Evan Hunt committed
173
        notify_session.getSentMessage()->get("command")->get(1);
174 175 176
    EXPECT_EQ("example.com.", notify_args->get("zone_name")->stringValue());
    EXPECT_EQ(DEFAULT_REMOTE_ADDRESS,
              notify_args->get("master")->stringValue());
177
    EXPECT_EQ("IN", notify_args->get("zone_class")->stringValue());
178 179

    // On success, the server should return a response to the notify.
180
    headerCheck(*parse_message, default_qid, Rcode::NOERROR(),
181 182
                Opcode::NOTIFY().getCode(), QR_FLAG | AA_FLAG, 1, 0, 0, 0);

183
    // The question must be identical to that of the received notify
184
    ConstQuestionPtr question = *parse_message->beginQuestion();
185 186 187 188 189
    EXPECT_EQ(Name("example.com"), question->getName());
    EXPECT_EQ(RRClass::IN(), question->getClass());
    EXPECT_EQ(RRType::SOA(), question->getType());
}

190 191
TEST_F(AuthSrvTest, notifyForCHClass) {
    // Same as the previous test, but for the CH RRClass.
Evan Hunt's avatar
Evan Hunt committed
192 193
    UnitTestUtil::createRequestMessage(request_message, Opcode::NOTIFY(), default_qid,
                         Name("example.com"), RRClass::CH(), RRType::SOA());
194
    request_message.setHeaderFlag(Message::HEADERFLAG_AA);
Evan Hunt's avatar
Evan Hunt committed
195 196 197
    createRequestPacket(request_message, IPPROTO_UDP);
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_TRUE(dnsserv.hasAnswer());
198 199 200

    // Other conditions should be the same, so simply confirm the RR class is
    // set correctly.
201
    ConstElementPtr notify_args =
Evan Hunt's avatar
Evan Hunt committed
202
        notify_session.getSentMessage()->get("command")->get(1);
203
    EXPECT_EQ("CH", notify_args->get("zone_class")->stringValue());
204 205
}

206 207 208
TEST_F(AuthSrvTest, notifyEmptyQuestion) {
    request_message.clear(Message::RENDER);
    request_message.setOpcode(Opcode::NOTIFY());
209
    request_message.setRcode(Rcode::NOERROR());
210
    request_message.setHeaderFlag(Message::HEADERFLAG_AA);
211 212
    request_message.setQid(default_qid);
    request_message.toWire(request_renderer);
Evan Hunt's avatar
Evan Hunt committed
213 214 215
    createRequestPacket(request_message, IPPROTO_UDP);
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_TRUE(dnsserv.hasAnswer());
216
    headerCheck(*parse_message, default_qid, Rcode::FORMERR(),
217 218 219 220
                Opcode::NOTIFY().getCode(), QR_FLAG, 0, 0, 0, 0);
}

TEST_F(AuthSrvTest, notifyMultiQuestions) {
Evan Hunt's avatar
Evan Hunt committed
221 222
    UnitTestUtil::createRequestMessage(request_message, Opcode::NOTIFY(), default_qid,
                         Name("example.com"), RRClass::IN(), RRType::SOA());
223 224 225
    // add one more SOA question
    request_message.addQuestion(Question(Name("example.com"), RRClass::IN(),
                                         RRType::SOA()));
226
    request_message.setHeaderFlag(Message::HEADERFLAG_AA);
Evan Hunt's avatar
Evan Hunt committed
227 228 229
    createRequestPacket(request_message, IPPROTO_UDP);
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_TRUE(dnsserv.hasAnswer());
230
    headerCheck(*parse_message, default_qid, Rcode::FORMERR(),
231 232 233 234
                Opcode::NOTIFY().getCode(), QR_FLAG, 2, 0, 0, 0);
}

TEST_F(AuthSrvTest, notifyNonSOAQuestion) {
Evan Hunt's avatar
Evan Hunt committed
235 236
    UnitTestUtil::createRequestMessage(request_message, Opcode::NOTIFY(), default_qid,
                         Name("example.com"), RRClass::IN(), RRType::NS());
237
    request_message.setHeaderFlag(Message::HEADERFLAG_AA);
Evan Hunt's avatar
Evan Hunt committed
238 239 240
    createRequestPacket(request_message, IPPROTO_UDP);
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_TRUE(dnsserv.hasAnswer());
241
    headerCheck(*parse_message, default_qid, Rcode::FORMERR(),
242 243 244 245 246
                Opcode::NOTIFY().getCode(), QR_FLAG, 1, 0, 0, 0);
}

TEST_F(AuthSrvTest, notifyWithoutAA) {
    // implicitly leave the AA bit off.  our implementation will accept it.
Evan Hunt's avatar
Evan Hunt committed
247 248 249 250 251
    UnitTestUtil::createRequestMessage(request_message, Opcode::NOTIFY(), default_qid,
                         Name("example.com"), RRClass::IN(), RRType::SOA());
    createRequestPacket(request_message, IPPROTO_UDP);
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_TRUE(dnsserv.hasAnswer());
252
    headerCheck(*parse_message, default_qid, Rcode::NOERROR(),
253 254 255 256
                Opcode::NOTIFY().getCode(), QR_FLAG | AA_FLAG, 1, 0, 0, 0);
}

TEST_F(AuthSrvTest, notifyWithErrorRcode) {
Evan Hunt's avatar
Evan Hunt committed
257 258
    UnitTestUtil::createRequestMessage(request_message, Opcode::NOTIFY(), default_qid,
                         Name("example.com"), RRClass::IN(), RRType::SOA());
259
    request_message.setHeaderFlag(Message::HEADERFLAG_AA);
260
    request_message.setRcode(Rcode::SERVFAIL());
Evan Hunt's avatar
Evan Hunt committed
261 262 263
    createRequestPacket(request_message, IPPROTO_UDP);
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_TRUE(dnsserv.hasAnswer());
264
    headerCheck(*parse_message, default_qid, Rcode::NOERROR(),
265
                Opcode::NOTIFY().getCode(), QR_FLAG | AA_FLAG, 1, 0, 0, 0);
Han Feng's avatar
Han Feng committed
266 267
}

268
TEST_F(AuthSrvTest, notifyWithoutSession) {
269
    server.setXfrinSession(NULL);
270

Evan Hunt's avatar
Evan Hunt committed
271 272
    UnitTestUtil::createRequestMessage(request_message, Opcode::NOTIFY(), default_qid,
                         Name("example.com"), RRClass::IN(), RRType::SOA());
273
    request_message.setHeaderFlag(Message::HEADERFLAG_AA);
Evan Hunt's avatar
Evan Hunt committed
274
    createRequestPacket(request_message, IPPROTO_UDP);
275 276 277

    // we simply ignore the notify and let it be resent if an internal error
    // happens.
Evan Hunt's avatar
Evan Hunt committed
278 279
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_FALSE(dnsserv.hasAnswer());
280 281 282 283 284
}

TEST_F(AuthSrvTest, notifySendFail) {
    notify_session.disableSend();

Evan Hunt's avatar
Evan Hunt committed
285 286
    UnitTestUtil::createRequestMessage(request_message, Opcode::NOTIFY(), default_qid,
                         Name("example.com"), RRClass::IN(), RRType::SOA());
287
    request_message.setHeaderFlag(Message::HEADERFLAG_AA);
Evan Hunt's avatar
Evan Hunt committed
288
    createRequestPacket(request_message, IPPROTO_UDP);
289

Evan Hunt's avatar
Evan Hunt committed
290 291
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_FALSE(dnsserv.hasAnswer());
292 293 294 295 296
}

TEST_F(AuthSrvTest, notifyReceiveFail) {
    notify_session.disableReceive();

Evan Hunt's avatar
Evan Hunt committed
297 298
    UnitTestUtil::createRequestMessage(request_message, Opcode::NOTIFY(), default_qid,
                         Name("example.com"), RRClass::IN(), RRType::SOA());
299
    request_message.setHeaderFlag(Message::HEADERFLAG_AA);
Evan Hunt's avatar
Evan Hunt committed
300 301 302
    createRequestPacket(request_message, IPPROTO_UDP);
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_FALSE(dnsserv.hasAnswer());
303 304 305
}

TEST_F(AuthSrvTest, notifyWithBogusSessionMessage) {
306
    notify_session.setMessage(Element::fromJSON("{\"foo\": 1}"));
307

Evan Hunt's avatar
Evan Hunt committed
308 309
    UnitTestUtil::createRequestMessage(request_message, Opcode::NOTIFY(), default_qid,
                         Name("example.com"), RRClass::IN(), RRType::SOA());
310
    request_message.setHeaderFlag(Message::HEADERFLAG_AA);
Evan Hunt's avatar
Evan Hunt committed
311 312 313
    createRequestPacket(request_message, IPPROTO_UDP);
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_FALSE(dnsserv.hasAnswer());
314 315 316 317
}

TEST_F(AuthSrvTest, notifyWithSessionMessageError) {
    notify_session.setMessage(
318
        Element::fromJSON("{\"result\": [1, \"FAIL\"]}"));
319

Evan Hunt's avatar
Evan Hunt committed
320 321
    UnitTestUtil::createRequestMessage(request_message, Opcode::NOTIFY(), default_qid,
                         Name("example.com"), RRClass::IN(), RRType::SOA());
322
    request_message.setHeaderFlag(Message::HEADERFLAG_AA);
Evan Hunt's avatar
Evan Hunt committed
323 324 325
    createRequestPacket(request_message, IPPROTO_UDP);
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_FALSE(dnsserv.hasAnswer());
326 327
}

328
void
JINMEI Tatuya's avatar
JINMEI Tatuya committed
329
updateConfig(AuthSrv* server, const char* const config_data,
330 331
             const bool expect_success)
{
332
    ConstElementPtr config_answer =
JINMEI Tatuya's avatar
JINMEI Tatuya committed
333
        server->updateConfig(Element::fromJSON(config_data));
334 335 336
    EXPECT_EQ(Element::map, config_answer->getType());
    EXPECT_TRUE(config_answer->contains("result"));

337
    ConstElementPtr result = config_answer->get("result");
338
    EXPECT_EQ(Element::list, result->getType());
339
    EXPECT_EQ(expect_success ? 0 : 1, result->get(0)->intValue());
340 341 342 343
}

// Install a Sqlite3 data source with testing data.
TEST_F(AuthSrvTest, updateConfig) {
344
    updateConfig(&server, CONFIG_TESTDB, true);
345 346 347 348

    // query for existent data in the installed data source.  The resulting
    // response should have the AA flag on, and have an RR in each answer
    // and authority section.
349
    createDataFromFile("examplequery_fromWire.wire");
Evan Hunt's avatar
Evan Hunt committed
350 351
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_TRUE(dnsserv.hasAnswer());
352
    headerCheck(*parse_message, default_qid, Rcode::NOERROR(), opcode.getCode(),
353 354 355 356
                QR_FLAG | AA_FLAG, 1, 1, 1, 0);
}

TEST_F(AuthSrvTest, datasourceFail) {
357
    updateConfig(&server, CONFIG_TESTDB, true);
358 359 360 361 362

    // This query will hit a corrupted entry of the data source (the zoneload
    // tool and the data source itself naively accept it).  This will result
    // in a SERVFAIL response, and the answer and authority sections should
    // be empty.
363
    createDataFromFile("badExampleQuery_fromWire.wire");
Evan Hunt's avatar
Evan Hunt committed
364 365
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_TRUE(dnsserv.hasAnswer());
366
    headerCheck(*parse_message, default_qid, Rcode::SERVFAIL(),
367
                opcode.getCode(), QR_FLAG, 1, 0, 0, 0);
368
}
369 370 371 372 373 374 375 376 377

TEST_F(AuthSrvTest, updateConfigFail) {
    // First, load a valid data source.
    updateConfig(&server, CONFIG_TESTDB, true);

    // Next, try to update it with a non-existent one.  This should fail.
    updateConfig(&server, BADCONFIG_TESTDB, false);

    // The original data source should still exist.
378
    createDataFromFile("examplequery_fromWire.wire");
Evan Hunt's avatar
Evan Hunt committed
379 380
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_TRUE(dnsserv.hasAnswer());
381
    headerCheck(*parse_message, default_qid, Rcode::NOERROR(), opcode.getCode(),
382 383
                QR_FLAG | AA_FLAG, 1, 1, 1, 0);
}
JINMEI Tatuya's avatar
JINMEI Tatuya committed
384

JINMEI Tatuya's avatar
JINMEI Tatuya committed
385 386 387 388 389 390 391 392 393 394 395
TEST_F(AuthSrvTest, updateWithMemoryDataSrc) {
    // Test configuring memory data source.  Detailed test cases are covered
    // in the configuration tests.  We only check the AuthSrv interface here.

    // By default memory data source isn't enabled
    EXPECT_EQ(AuthSrv::MemoryDataSrcPtr(), server.getMemoryDataSrc(rrclass));
    updateConfig(&server,
                 "{\"datasources\": [{\"type\": \"memory\"}]}", true);
    // after successful configuration, we should have one (with empty zoneset).
    ASSERT_NE(AuthSrv::MemoryDataSrcPtr(), server.getMemoryDataSrc(rrclass));
    EXPECT_EQ(0, server.getMemoryDataSrc(rrclass)->getZoneCount());
Jerry's avatar
Jerry committed
396 397 398

    // The memory data source is empty, should return SERVFAIL rcode.
    createDataFromFile("examplequery_fromWire.wire");
399 400 401
    server.processMessage(*io_message, parse_message, response_obuffer, &dnsserv);
    EXPECT_TRUE(dnsserv.hasAnswer());
    headerCheck(*parse_message, default_qid, Rcode::SERVFAIL(), opcode.getCode(),
Jerry's avatar
Jerry committed
402
                QR_FLAG, 1, 0, 0, 0);
JINMEI Tatuya's avatar
JINMEI Tatuya committed
403 404
}

JINMEI Tatuya's avatar
JINMEI Tatuya committed
405 406 407 408 409 410 411 412 413
TEST_F(AuthSrvTest, cacheSlots) {
    // simple check for the get/set operations
    server.setCacheSlots(10);    // 10 = arbitrary choice
    EXPECT_EQ(10, server.getCacheSlots());

    // 0 is a valid size
    server.setCacheSlots(0);
    EXPECT_EQ(00, server.getCacheSlots());
}
414
}