Skip to content

GitLab

Commit 696f576c authored by JINMEI Tatuya's avatar JINMEI Tatuya
Browse files

[1244] Merge remote-tracking branch 'origin/trac1308' into trac1244

parents e580e44a 11885ff9
Hide whitespace changes
Inline Side-by-side
src/bin/auth/tests/query_unittest.cc
View file @ 696f576c
......@@ -109,6 +109,13 @@ const char* const wild_txt_next =
"www.uwild.example.com. 3600 IN A 192.0.2.11\n";
const char* const nsec_wild_txt_next =
"www.uwild.example.com. 3600 IN NSEC *.wild.example.com. A NSEC RRSIG\n";
// Wildcard empty
const char* const empty_txt = "b.*.t.example.com. 3600 IN A 192.0.2.13\n";
const char* const nsec_empty_txt =
"b.*.t.example.com. 3600 IN NSEC *.uwild.example.com. A NSEC RRSIG\n";
const char* const empty_prev_txt = "t.example.com. 3600 IN A 192.0.2.15\n";
const char* const nsec_empty_prev_txt =
"t.example.com. 3600 IN NSEC b.*.t.example.com. A NSEC RRSIG\n";
// Used in NXDOMAIN proof test. We are going to test some unusual case where
// the best possible wildcard is below the "next domain" of the NSEC RR that
// proves the NXDOMAIN, i.e.,
......@@ -188,8 +195,9 @@ public:
nsec_apex_txt << nsec_mx_txt << nsec_no_txt << nsec_nz_txt <<
nsec_nxdomain_txt << nsec_www_txt << nonsec_a_txt <<
wild_txt << nsec_wild_txt << cnamewild_txt << nsec_cnamewild_txt <<
wild_txt_nxrrset<<nsec_wild_txt_nxrrset<<wild_txt_next<<
nsec_wild_txt_next;
wild_txt_nxrrset << nsec_wild_txt_nxrrset << wild_txt_next <<
nsec_wild_txt_next << empty_txt << nsec_empty_txt <<
empty_prev_txt << nsec_empty_prev_txt;
masterLoad(zone_stream, origin_, rrclass_,
boost::bind(&MockZoneFinder::loadRRset, this, _1));
......@@ -407,24 +415,45 @@ MockZoneFinder::find(const Name& name, const RRType& type,
// due to the existence of closer name.
if ((options & NO_WILDCARD) == 0) {
const Name wild_suffix(name.split(1));
// Unit Tests use those domains for Wildcard test.
if (name.equals(Name("www.wild.example.com"))||
name.equals(Name("www1.uwild.example.com"))) {
name.equals(Name("www1.uwild.example.com"))||
name.equals(Name("a.t.example.com"))) {
if (name.compare(wild_suffix).getRelation() ==
NameComparisonResult::SUBDOMAIN) {
domain = domains_.find(Name("*").concatenate(wild_suffix));
assert(domain != domains_.end());
RRsetStore::const_iterator found_rrset = domain->second.find(type);
if (found_rrset != domain->second.end()) {
// Matched the QNAME
if (domain != domains_.end()) {
RRsetStore::const_iterator found_rrset =
domain->second.find(type);
// Matched the QTYPE
if(found_rrset != domain->second.end()) {
return (FindResult(WILDCARD,
substituteWild(*found_rrset->second, name)));
} else {
found_rrset = domain->second.find(RRType::NSEC());
assert(found_rrset != domain->second.end());
Name newName = Name("*").concatenate(wild_suffix);
return (FindResult(WILDCARD_NXRRSET,
} else {
// No matched QTYPE, this case is for WILDCARD_NXRRSET
found_rrset = domain->second.find(RRType::NSEC());
assert(found_rrset != domain->second.end());
Name newName = Name("*").concatenate(wild_suffix);
return (FindResult(WILDCARD_NXRRSET,
substituteWild(*found_rrset->second,newName)));
}
} else {
// This is empty non terminal name case on wildcard.
Name emptyName = Name("*").concatenate(wild_suffix);
for (Domains::reverse_iterator it = domains_.rbegin();
it != domains_.rend();
++it) {
RRsetStore::const_iterator nsec_it;
if ((*it).first < emptyName &&
(nsec_it = (*it).second.find(RRType::NSEC()))
!= (*it).second.end()) {
return (FindResult(WILDCARD_NXRRSET,
(*nsec_it).second));
}
}
}
return (FindResult(WILDCARD_NXRRSET,RRsetPtr()));
}
}
const Name cnamewild_suffix("cnamewild.example.com");
......@@ -955,7 +984,7 @@ TEST_F(QueryTest, wildcardNxrrsetWithDuplicateNSEC) {
responseCheck(response, Rcode::NOERROR(), AA_FLAG, 0, 4, 0, NULL,
(string(soa_txt) + string("example.com. 3600 IN RRSIG ") +
getCommonRRSIGText("SOA") + "\n" +
string(nsec_wild_txt) +
string(nsec_wild_txt) +
string("*.wild.example.com. 3600 IN RRSIG ") +
getCommonRRSIGText("NSEC")+"\n").c_str(),
NULL, mock_finder->getOrigin());
......@@ -967,11 +996,11 @@ TEST_F(QueryTest, wildcardNxrrsetWithNSEC) {
// one proves NXDOMAIN and the other proves non existence RRSETs of wildcard.
Query(memory_client, Name("www1.uwild.example.com"), RRType::TXT(), response,
true).process();
responseCheck(response, Rcode::NOERROR(), AA_FLAG, 0, 6, 0, NULL,
(string(soa_txt) + string("example.com. 3600 IN RRSIG ") +
getCommonRRSIGText("SOA") + "\n" +
string(nsec_wild_txt_nxrrset) +
string(nsec_wild_txt_nxrrset) +
string("*.uwild.example.com. 3600 IN RRSIG ") +
getCommonRRSIGText("NSEC")+"\n" +
string(nsec_wild_txt_next) +
......@@ -979,6 +1008,26 @@ TEST_F(QueryTest, wildcardNxrrsetWithNSEC) {
getCommonRRSIGText("NSEC") + "\n").c_str(),
NULL, mock_finder->getOrigin());
}
TEST_F(QueryTest, wildcardEmptyWithNSEC) {
// WILDCARD_EMPTY with DNSSEC proof. We should have SOA, NSEC that proves the
// NXDOMAIN and their RRSIGs. In this case we need two NSEC RRs,
// one proves NXDOMAIN and the other proves non existence wildcard.
Query(memory_client, Name("a.t.example.com"), RRType::A(), response,
true).process();
responseCheck(response, Rcode::NOERROR(), AA_FLAG, 0, 6, 0, NULL,
(string(soa_txt) + string("example.com. 3600 IN RRSIG ") +
getCommonRRSIGText("SOA") + "\n" +
string(nsec_empty_prev_txt) +
string("t.example.com. 3600 IN RRSIG ") +
getCommonRRSIGText("NSEC")+"\n" +
string(nsec_empty_txt) +
string("b.*.t.example.com. 3600 IN RRSIG ") +
getCommonRRSIGText("NSEC")+"\n").c_str(),
NULL, mock_finder->getOrigin());
}
/*
* This tests that when there's no SOA and we need a negative answer. It should
* throw in that case.
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment