Commit 662e99ef authored by chenzhengzhang's avatar chenzhengzhang
Browse files

[trac588] Merge branch 'master' into trac588

Conflicts:
	src/bin/bindctl/tests/bindctl_test.py
parents 3b05e142 df2502bc
200. [bug] Jelte
Fixed a bug where incoming TCP connections were not closed.
(Trac #589, git 1d88daaa24e8b1ab27f28be876f40a144241e93b)
199. [func] ocean
Cache negative responses (NXDOMAIN/NODATA) from authoritative
server for recursive resolver.
(Trac #493, git f8fb852bc6aef292555063590c361f01cf29e5ca)
198. [bug] jinmei
b10-auth, src/lib/datasrc: fixed a bug where hot spot cache failed
to reuse cached SOA for negative responses. Due to this bug
b10-auth returned SERVFAIL when it was expected to return a
negative response immediately after a specific SOA query for
the zone.
(Trac #626, git 721a53160c15e8218f6798309befe940b9597ba0)
197. [bug] zhang likun
Remove expired message and rrset entries when looking up them
in cache, touch or remove the rrset entry in cache properly
when doing lookup or update.
(Trac #661, git 9efbe64fe3ff22bb5fba46de409ae058f199c8a7)
196. [bug] jinmei
b10-auth, src/lib/datasrc: the backend of the in-memory data
source could not handle the root name. As a result b10-auth could
not work as a root server when using the in-memory data source.
(Trac #683, git 420ec42bd913fb83da37b26b75faae49c7957c46)
195. [func] stephen
Resolver will now re-try a query over TCP if a response to a UDP
query has the TC bit set.
(Trac #499, git 4c05048ba059b79efeab53498737abe94d37ee07)
194. [bug] vorner
Solved a 100% CPU usage problem after switching addresses in b10-auth
(and possibly, but unconfirmed, in b10-resolver). It was caused by
repeated reads/accepts on closed socket (the bug was in the code for a
long time, recent changes made it show).
(Trac #657, git e0863720a874d75923ea66adcfbf5b2948efb10a)
193. [func]* jreed
Listen on the IPv6 (::) and IPv4 (0.0.0.0) wildcard addresses
for b10-auth. This returns to previous behavior prior to
......
......@@ -723,7 +723,7 @@ AC_OUTPUT([doc/version.ent
src/bin/bind10/tests/bind10_test.py
src/bin/bind10/run_bind10.sh
src/bin/bindctl/run_bindctl.sh
src/bin/bindctl/bindctl-source.py
src/bin/bindctl/bindctl_main.py
src/bin/bindctl/tests/bindctl_test
src/bin/loadzone/run_loadzone.sh
src/bin/loadzone/tests/correct/correct_test.sh
......@@ -751,6 +751,7 @@ AC_OUTPUT([doc/version.ent
tests/system/conf.sh
tests/system/glue/setup.sh
tests/system/glue/nsx1/b10-config.db
tests/system/bindctl/nsx1/b10-config.db.template
], [
chmod +x src/bin/cmdctl/run_b10-cmdctl.sh
chmod +x src/bin/xfrin/run_b10-xfrin.sh
......
......@@ -1199,10 +1199,9 @@ TODO
<title>Incoming Zone Transfers</title>
<para>
The <command>b10-xfrin</command> process is started by
<command>bind10</command>.
It can be manually triggered to request an AXFR zone
transfer. When received, it is stored in the BIND 10
Incoming zones are transferred using the <command>b10-xfrin</command>
process which is started by <command>bind10</command>.
When received, the zone is stored in the BIND 10
data store, and its records can be served by
<command>b10-auth</command>.
In combination with <command>b10-zonemgr</command> (for
......@@ -1213,8 +1212,22 @@ TODO
<note><simpara>
The current development release of BIND 10 only supports
AXFR. (IXFR is not supported.)
<!-- TODO: sqlite3 data source only? -->
</simpara></note>
<!-- TODO:
how to tell bind10 you are a secondary?
when will it first attempt to check for new zone? (using REFRESH?)
what if zonemgr is not running?
what if a NOTIFY is sent?
-->
<para>
To manually trigger a zone transfer to retrieve a remote zone,
you may use the <command>bindctl</command> utility.
......@@ -1223,6 +1236,9 @@ TODO
<screen>&gt; <userinput>Xfrin retransfer zone_name="<option>foo.example.org</option>" master=<option>192.0.2.99</option></userinput></screen>
</para>
<!-- TODO: can that retransfer be used to identify a new zone? -->
<!-- TODO: what if doesn't exist at that master IP? -->
</chapter>
<chapter id="xfrout">
......@@ -1329,28 +1345,34 @@ what is XfroutClient xfr_client??
<!-- TODO: later the above will have some defaults -->
<para>
To enable forwarding, the upstream address and port must be
configured to forward queries to, such as:
<section>
<title>Forwarding</title>
<screen>
<para>
To enable forwarding, the upstream address and port must be
configured to forward queries to, such as:
<screen>
&gt; <userinput>config set Resolver/forward_addresses [{ "address": "<replaceable>192.168.1.1</replaceable>", "port": 53 }]</userinput>
&gt; <userinput>config commit</userinput>
</screen>
(Replace <replaceable>192.168.1.1</replaceable> to point to your
full resolver.)
</para>
(Replace <replaceable>192.168.1.1</replaceable> to point to your
full resolver.)
</para>
<para>
Normal iterative name service can be re-enabled by clearing the
forwarding address(es); for example:
<para>
Normal iterative name service can be re-enabled by clearing the
forwarding address(es); for example:
<screen>
<screen>
&gt; <userinput>config set Resolver/forward_addresses []</userinput>
&gt; <userinput>config commit</userinput>
</screen>
</para>
</para>
</section>
<!-- TODO: later try this
......
......@@ -207,7 +207,7 @@ public:
// Cancel all operations associated with the given descriptor. The
// handlers associated with the descriptor will be invoked with the
// operation_aborted error.
void cancel_ops(socket_type descriptor, per_descriptor_data& descriptor_data)
void cancel_ops(socket_type, per_descriptor_data& descriptor_data)
{
mutex::scoped_lock descriptor_lock(descriptor_data->mutex_);
......
......@@ -205,7 +205,7 @@ public:
// Cancel all operations associated with the given descriptor. The
// handlers associated with the descriptor will be invoked with the
// operation_aborted error.
void cancel_ops(socket_type descriptor, per_descriptor_data& descriptor_data)
void cancel_ops(socket_type , per_descriptor_data& descriptor_data)
{
mutex::scoped_lock descriptor_lock(descriptor_data->mutex_);
......
......@@ -40,7 +40,7 @@ class null_thread
public:
// Constructor.
template <typename Function>
null_thread(Function f)
null_thread(Function )
{
asio::system_error e(
asio::error::operation_not_supported, "thread");
......
......@@ -144,6 +144,9 @@ The default is the basename of ARG 0.
</variablelist>
</refsect1>
<!--
TODO: configuration section
-->
<!--
<refsect1>
<title>FILES</title>
......
......@@ -5,12 +5,13 @@ man_MANS = bindctl.1
EXTRA_DIST = $(man_MANS) bindctl.xml
python_PYTHON = __init__.py bindcmd.py cmdparse.py exception.py moduleinfo.py mycollections.py
python_PYTHON = __init__.py bindcmd.py cmdparse.py exception.py moduleinfo.py \
mycollections.py
pythondir = $(pyexecdir)/bindctl
bindctldir = $(pkgdatadir)
CLEANFILES = bindctl
CLEANFILES = bindctl bindctl_main.pyc
if ENABLE_MAN
......@@ -19,8 +20,8 @@ bindctl.1: bindctl.xml
endif
bindctl: bindctl-source.py
bindctl: bindctl_main.py
$(SED) -e "s|@@PYTHONPATH@@|@pyexecdir@|" \
-e "s|@@SYSCONFDIR@@|@sysconfdir@|" \
-e "s|@@LIBEXECDIR@@|$(pkglibexecdir)|" bindctl-source.py >$@
-e "s|@@LIBEXECDIR@@|$(pkglibexecdir)|" bindctl_main.py >$@
chmod a+x $@
......@@ -87,7 +87,8 @@ class ValidatedHTTPSConnection(http.client.HTTPSConnection):
class BindCmdInterpreter(Cmd):
"""simple bindctl example."""
def __init__(self, server_port = 'localhost:8080', pem_file = None):
def __init__(self, server_port='localhost:8080', pem_file=None,
csv_file_dir=None):
Cmd.__init__(self)
self.location = ""
self.prompt_end = '> '
......@@ -103,7 +104,12 @@ class BindCmdInterpreter(Cmd):
ca_certs=pem_file)
self.session_id = self._get_session_id()
self.config_data = None
if csv_file_dir is not None:
self.csv_file_dir = csv_file_dir
else:
self.csv_file_dir = pwd.getpwnam(getpass.getuser()).pw_dir + \
os.sep + '.bind10' + os.sep
def _get_session_id(self):
'''Generate one session id for the connection. '''
rand = os.urandom(16)
......@@ -180,9 +186,7 @@ class BindCmdInterpreter(Cmd):
time, username and password saved in 'default_user.csv' will be
used first.
'''
csv_file_dir = pwd.getpwnam(getpass.getuser()).pw_dir
csv_file_dir += os.sep + '.bind10' + os.sep
users = self._get_saved_user_info(csv_file_dir, CSV_FILE_NAME)
users = self._get_saved_user_info(self.csv_file_dir, CSV_FILE_NAME)
for row in users:
param = {'username': row[0], 'password' : row[1]}
try:
......@@ -218,7 +222,8 @@ class BindCmdInterpreter(Cmd):
raise FailToLogin()
if response.status == http.client.OK:
self._save_user_info(username, passwd, csv_file_dir, CSV_FILE_NAME)
self._save_user_info(username, passwd, self.csv_file_dir,
CSV_FILE_NAME)
return True
def _update_commands(self):
......
......@@ -22,7 +22,7 @@
bindctl \- control and configure BIND 10
.SH "SYNOPSIS"
.HP \w'\fBbindctl\fR\ 'u
\fBbindctl\fR [\fB\-a\ \fR\fB\fIaddress\fR\fR] [\fB\-h\fR] [\fB\-c\ \fR\fB\fIfile\fR\fR] [\fB\-p\ \fR\fB\fInumber\fR\fR] [\fB\-\-address\ \fR\fB\fIaddress\fR\fR] [\fB\-\-help\fR] [\fB\-\-certificate\-chain\ \fR\fB\fIfile\fR\fR] [\fB\-\-port\ \fR\fB\fInumber\fR\fR] [\fB\-\-version\fR]
\fBbindctl\fR [\fB\-a\ \fR\fB\fIaddress\fR\fR] [\fB\-h\fR] [\fB\-c\ \fR\fB\fIfile\fR\fR] [\fB\-p\ \fR\fB\fInumber\fR\fR] [\fB\-\-address\ \fR\fB\fIaddress\fR\fR] [\fB\-\-help\fR] [\fB\-\-certificate\-chain\ \fR\fB\fIfile\fR\fR] [\fB\-\-csv\-file\-dir\fR\fB\fIfile\fR\fR] [\fB\-\-port\ \fR\fB\fInumber\fR\fR] [\fB\-\-version\fR]
.SH "DESCRIPTION"
.PP
The
......@@ -52,6 +52,11 @@ daemon\&. The default is 127\&.0\&.0\&.1\&.
The PEM formatted server certificate validation chain file\&.
.RE
.PP
\fB\-\-csv\-file\-dir\fR\fIfile\fR
.RS 4
The directory name in which the user/password CSV file is stored (see AUTHENTICATION)\&. By default this option doesn\'t have any value, in which case the "\&.bind10" directory under the user\'s home directory will be used\&.
.RE
.PP
\fB\-h\fR, \fB\-\-help\fR
.RS 4
Display command usage\&.
......@@ -85,10 +90,10 @@ Display the version number and exit\&.
.RE
.SH "AUTHENTICATION"
.PP
The tool will authenticate using a username and password\&. On the first successful login, it will save the details to
~/\&.bind10/default_user\&.csv
which will be used for later uses of
\fBbindctl\fR\&.
The tool will authenticate using a username and password\&. On the first successful login, it will save the details to a comma\-separated\-value (CSV) file which will be used for later uses of
\fBbindctl\fR\&. The file name is
default_user\&.csv
located under the directory specified by the \-\-csv\-file\-dir option\&.
.SH "USAGE"
.PP
The
......
......@@ -51,6 +51,7 @@
<arg><option>--address <replaceable>address</replaceable></option></arg>
<arg><option>--help</option></arg>
<arg><option>--certificate-chain <replaceable>file</replaceable></option></arg>
<arg><option>--csv-file-dir<replaceable>file</replaceable></option></arg>
<arg><option>--port <replaceable>number</replaceable></option></arg>
<arg><option>--version</option></arg>
</cmdsynopsis>
......@@ -109,6 +110,22 @@
</listitem>
</varlistentry>
<varlistentry>
<term>
<option>--csv-file-dir</option><replaceable>file</replaceable>
</term>
<listitem>
<para>
The directory name in which the user/password CSV file
is stored (see AUTHENTICATION).
By default this option doesn't have any value,
in which case the ".bind10" directory under the user's
home directory will be used.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-h</option>,
<option>--help</option></term>
......@@ -148,8 +165,10 @@
<para>
The tool will authenticate using a username and password.
On the first successful login, it will save the details to
<filename>~/.bind10/default_user.csv</filename>
a comma-separated-value (CSV) file
which will be used for later uses of <command>bindctl</command>.
The file name is <filename>default_user.csv</filename>
located under the directory specified by the --csv-file-dir option.
</para>
<!-- TODO: mention HTTPS? -->
......
......@@ -111,25 +111,28 @@ def check_addr(option, opt_str, value, parser):
parser.values.addr = value
def set_bindctl_options(parser):
parser.add_option('-p', '--port', dest = 'port', type = 'int',
action = 'callback', callback=check_port,
default = '8080', help = 'port for cmdctl of bind10')
parser.add_option('-p', '--port', dest='port', type='int',
action='callback', callback=check_port,
default='8080', help='port for cmdctl of bind10')
parser.add_option('-a', '--address', dest = 'addr', type = 'string',
action = 'callback', callback=check_addr,
default = '127.0.0.1', help = 'IP address for cmdctl of bind10')
parser.add_option('-a', '--address', dest='addr', type='string',
action='callback', callback=check_addr,
default='127.0.0.1', help='IP address for cmdctl of bind10')
parser.add_option('-c', '--certificate-chain', dest = 'cert_chain',
type = 'string', action = 'store',
help = 'PEM formatted server certificate validation chain file')
parser.add_option('-c', '--certificate-chain', dest='cert_chain',
type='string', action='store',
help='PEM formatted server certificate validation chain file')
parser.add_option('--csv-file-dir', dest='csv_file_dir', type='string',
default=None, action='store',
help='Directory to store the password CSV file')
if __name__ == '__main__':
parser = OptionParser(version = VERSION)
set_bindctl_options(parser)
(options, args) = parser.parse_args()
server_addr = options.addr + ':' + str(options.port)
tool = BindCmdInterpreter(server_addr, pem_file=options.cert_chain)
tool = BindCmdInterpreter(server_addr, pem_file=options.cert_chain,
csv_file_dir=options.csv_file_dir)
prepare_config_commands(tool)
tool.run()
......@@ -11,6 +11,6 @@ if ENABLE_PYTHON_COVERAGE
endif
for pytest in $(PYTESTS) ; do \
echo Running test: $$pytest ; \
env PYTHONPATH=$(abs_top_srcdir)/src/lib/python:$(abs_top_builddir)/src/lib/python:$(abs_top_srcdir)/src/bin \
env PYTHONPATH=$(abs_top_srcdir)/src/lib/python:$(abs_top_builddir)/src/lib/python:$(abs_top_builddir)/src/bin/bindctl:$(abs_top_srcdir)/src/bin \
$(PYCOVERAGE_RUN) $(abs_srcdir)/$$pytest || exit ; \
done
......@@ -21,8 +21,12 @@ import io
import sys
import socket
import http.client
import pwd
import getpass
from optparse import OptionParser
from isc.config.config_data import ConfigData, MultiConfigData
from isc.config.module_spec import ModuleSpec
from bindctl_main import set_bindctl_options
from bindctl import cmdparse
from bindctl import bindcmd
from bindctl.moduleinfo import *
......@@ -405,7 +409,6 @@ class TestConfigCommands(unittest.TestCase):
def tearDown(self):
sys.stdout = self.stdout_backup
class FakeBindCmdInterpreter(bindcmd.BindCmdInterpreter):
def __init__(self):
pass
......@@ -420,11 +423,24 @@ class TestBindCmdInterpreter(unittest.TestCase):
writer.writerow(['name2'])
csvfile.close()
def test_csv_file_dir(self):
# Checking default value
if "HOME" in os.environ:
home_dir = os.environ["HOME"]
else:
home_dir = pwd.getpwnam(getpass.getuser()).pw_dir
self.assertEqual(home_dir + os.sep + '.bind10' + os.sep,
bindcmd.BindCmdInterpreter().csv_file_dir)
new_csv_dir = '/something/different/'
custom_cmd = bindcmd.BindCmdInterpreter(csv_file_dir=new_csv_dir)
self.assertEqual(new_csv_dir, custom_cmd.csv_file_dir)
def test_get_saved_user_info(self):
old_stdout = sys.stdout
sys.stdout = open(os.devnull, 'w')
cmd = FakeBindCmdInterpreter()
users = cmd._get_saved_user_info('/notexist', 'cvs_file.cvs')
cmd = bindcmd.BindCmdInterpreter()
users = cmd._get_saved_user_info('/notexist', 'csv_file.csv')
self.assertEqual([], users)
csvfilename = 'csv_file.csv'
......@@ -434,6 +450,40 @@ class TestBindCmdInterpreter(unittest.TestCase):
os.remove(csvfilename)
sys.stdout = old_stdout
class TestCommandLineOptions(unittest.TestCase):
class FakeParserError(Exception):
"""An exception thrown from FakeOptionParser on parser error.
"""
pass
class FakeOptionParser(OptionParser):
"""This fake class emulates the OptionParser class with customized
error handling for the convenient of tests.
"""
def __init__(self):
OptionParser.__init__(self)
def error(self, msg):
raise TestCommandLineOptions.FakeParserError
def setUp(self):
self.parser = self.FakeOptionParser()
set_bindctl_options(self.parser)
def test_csv_file_dir(self):
# by default the option is "undefined"
(options, _) = self.parser.parse_args([])
self.assertEqual(None, options.csv_file_dir)
# specify the option, valid case.
(options, _) = self.parser.parse_args(['--csv-file-dir', 'some_dir'])
self.assertEqual('some_dir', options.csv_file_dir)
# missing option arg; should trigger parser error.
self.assertRaises(self.FakeParserError, self.parser.parse_args,
['--csv-file-dir'])
if __name__== "__main__":
unittest.main()
......@@ -51,6 +51,7 @@ b10_resolver_LDADD += $(top_builddir)/src/lib/log/liblog.la
b10_resolver_LDADD += $(top_builddir)/src/lib/server_common/libserver_common.la
b10_resolver_LDADD += $(top_builddir)/src/lib/cache/libcache.la
b10_resolver_LDADD += $(top_builddir)/src/lib/nsas/libnsas.la
b10_resolver_LDADD += $(top_builddir)/src/lib/resolve/libresolve.la
b10_resolver_LDADD += $(top_builddir)/src/bin/auth/change_user.o
b10_resolver_LDFLAGS = -pthread
......
......@@ -45,6 +45,9 @@
#include <resolver/spec_config.h>
#include <resolver/resolver.h>
#include <cache/resolver_cache.h>
#include <nsas/nameserver_address_store.h>
#include <log/dummylog.h>
using namespace std;
......@@ -59,7 +62,7 @@ namespace {
static const string PROGRAM = "Resolver";
IOService io_service;
static Resolver *resolver;
static boost::shared_ptr<Resolver> resolver;
ConstElementPtr
my_config_handler(ConstElementPtr new_config) {
......@@ -135,15 +138,58 @@ main(int argc, char* argv[]) {
specfile = string(RESOLVER_SPECFILE_LOCATION);
}
resolver = new Resolver();
resolver = boost::shared_ptr<Resolver>(new Resolver());
dlog("Server created.");
SimpleCallback* checkin = resolver->getCheckinProvider();
DNSLookup* lookup = resolver->getDNSLookupProvider();
DNSAnswer* answer = resolver->getDNSAnswerProvider();
isc::nsas::NameserverAddressStore nsas(resolver);
resolver->setNameserverAddressStore(nsas);
isc::cache::ResolverCache cache;
resolver->setCache(cache);
// TODO priming query, remove root from direct
// Fake a priming query result here (TODO2 how to flag non-expiry?)
// propagation to runningquery. And check for forwarder mode?
isc::dns::QuestionPtr root_question(new isc::dns::Question(
isc::dns::Name("."),
isc::dns::RRClass::IN(),
isc::dns::RRType::NS()));
isc::dns::RRsetPtr root_ns_rrset(new isc::dns::RRset(isc::dns::Name("."),
isc::dns::RRClass::IN(),
isc::dns::RRType::NS(),
isc::dns::RRTTL(8888)));
root_ns_rrset->addRdata(isc::dns::rdata::createRdata(isc::dns::RRType::NS(),
isc::dns::RRClass::IN(),
"l.root-servers.net."));
isc::dns::RRsetPtr root_a_rrset(new isc::dns::RRset(isc::dns::Name("l.root-servers.net"),
isc::dns::RRClass::IN(),
isc::dns::RRType::A(),
isc::dns::RRTTL(8888)));
root_a_rrset->addRdata(isc::dns::rdata::createRdata(isc::dns::RRType::A(),
isc::dns::RRClass::IN(),
"199.7.83.42"));
isc::dns::RRsetPtr root_aaaa_rrset(new isc::dns::RRset(isc::dns::Name("l.root-servers.net"),
isc::dns::RRClass::IN(),
isc::dns::RRType::AAAA(),
isc::dns::RRTTL(8888)));
root_aaaa_rrset->addRdata(isc::dns::rdata::createRdata(isc::dns::RRType::AAAA(),
isc::dns::RRClass::IN(),
"2001:500:3::42"));
isc::dns::MessagePtr priming_result(new isc::dns::Message(isc::dns::Message::RENDER));
priming_result->addQuestion(root_question);
priming_result->addRRset(isc::dns::Message::SECTION_ANSWER, root_ns_rrset);
priming_result->addRRset(isc::dns::Message::SECTION_ADDITIONAL, root_a_rrset);
priming_result->addRRset(isc::dns::Message::SECTION_ADDITIONAL, root_aaaa_rrset);
cache.update(*priming_result);
cache.update(root_ns_rrset);
cache.update(root_a_rrset);
cache.update(root_aaaa_rrset);
DNSService dns_service(io_service, checkin, lookup, answer);
resolver->setDNSService(dns_service);
dlog("IOService created.");
......@@ -172,7 +218,6 @@ main(int argc, char* argv[]) {
delete config_session;
delete cc_session;
delete resolver;
return (ret);
}
......@@ -41,6 +41,8 @@
#include <dns/messagerenderer.h>
#include <server_common/portconfig.h>
#include <resolve/recursive_query.h>
#include <log/dummylog.h>
#include <resolver/resolver.h>
......@@ -74,10 +76,15 @@ public:
queryShutdown();
}
void querySetup(DNSService& dnss) {
void querySetup(DNSService& dnss,
isc::nsas::NameserverAddressStore& nsas,
isc::cache::ResolverCache& cache)
{
assert(!rec_query_); // queryShutdown must be called first
dlog("Query setup");
rec_query_ = new RecursiveQuery(dnss, upstream_,
rec_query_ = new RecursiveQuery(dnss,
nsas, cache,
upstream_,
upstream_root_,
query_timeout_,
client_timeout_,
......@@ -129,7 +136,7 @@ public:
}
}
}
void resolve(const isc::dns::QuestionPtr& question,
const isc::resolve::ResolverInterface::CallbackPtr& callback);
......@@ -341,6 +348,19 @@ Resolver::setDNSService(asiolink::DNSService& dnss) {
dnss_ = &dnss;
}
void
Resolver::setNameserverAddressStore(isc::nsas::NameserverAddressStore& nsas)
{
nsas_ = &nsas;
}