Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Kea
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
445
Issues
445
List
Boards
Labels
Service Desk
Milestones
Merge Requests
71
Merge Requests
71
Operations
Operations
Incidents
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
ISC Open Source Projects
Kea
Commits
834fa9e8
Commit
834fa9e8
authored
Nov 16, 2012
by
Stephen Morris
Browse files
Options
Browse Files
Download
Plain Diff
[2475] Merge branch 'master' into trac2475
parents
3ba0299a
3ef8b316
Changes
6
Hide whitespace changes
Inline
Side-by-side
Showing
6 changed files
with
256 additions
and
3 deletions
+256
-3
ChangeLog
ChangeLog
+8
-1
src/bin/auth/query.cc
src/bin/auth/query.cc
+2
-2
src/bin/auth/tests/Makefile.am
src/bin/auth/tests/Makefile.am
+1
-0
src/bin/auth/tests/query_inmemory_unittest.cc
src/bin/auth/tests/query_inmemory_unittest.cc
+123
-0
src/bin/auth/tests/testdata/Makefile.am
src/bin/auth/tests/testdata/Makefile.am
+1
-0
src/bin/auth/tests/testdata/example.zone
src/bin/auth/tests/testdata/example.zone
+121
-0
No files found.
ChangeLog
View file @
834fa9e8
bind10-devel-20121115 released on November 15, 2012
50
6
. [doc] jelte
50
7
. [doc] jelte
Added a chapter about the use of the bindctl command tool to
to the BIND 10 guide.
(Trac #2305, git c4b0294b5bf4a9d32fb18ab62ca572f492788d72)
506. [security] jinmei
Fixed a use-after-free case in handling DNAME record with the
in-memory data source. This could lead to a crash of b10-auth
if it serves a zone containing a DNAME RR from the in-memory
data source. This bug was introduced at bind10-devel-20120927.
(Trac #2471, git 2b1793ac78f972ddb1ae2fd092a7f539902223ff)
505. [bug] jelte
Fixed a bug in b10-xfrin where a wrong call was made during the
final check of a TSIG-signed transfer, incorrectly rejecting the
...
...
src/bin/auth/query.cc
View file @
834fa9e8
...
...
@@ -410,9 +410,9 @@ Query::process(datasrc::ClientList& client_list,
*/
assert
(
db_context
->
rrset
->
getRdataCount
()
>
0
);
// Get the data of DNAME
RdataIteratorPtr
rit
=
db_context
->
rrset
->
getRdataIterator
();
const
rdata
::
generic
::
DNAME
&
dname
(
dynamic_cast
<
const
rdata
::
generic
::
DNAME
&>
(
db_context
->
rrset
->
getRdataIterator
()
->
getCurrent
()));
dynamic_cast
<
const
rdata
::
generic
::
DNAME
&>
(
rit
->
getCurrent
()));
// The yet unmatched prefix dname
const
Name
prefix
(
qname_
->
split
(
0
,
qname_
->
getLabelCount
()
-
db_context
->
rrset
->
getName
().
getLabelCount
()));
...
...
src/bin/auth/tests/Makefile.am
View file @
834fa9e8
...
...
@@ -50,6 +50,7 @@ run_unittests_SOURCES += config_syntax_unittest.cc
run_unittests_SOURCES
+=
command_unittest.cc
run_unittests_SOURCES
+=
common_unittest.cc
run_unittests_SOURCES
+=
query_unittest.cc
run_unittests_SOURCES
+=
query_inmemory_unittest.cc
run_unittests_SOURCES
+=
statistics_unittest.cc
run_unittests_SOURCES
+=
test_datasrc_clients_mgr.h test_datasrc_clients_mgr.cc
run_unittests_SOURCES
+=
datasrc_clients_builder_unittest.cc
...
...
src/bin/auth/tests/query_inmemory_unittest.cc
0 → 100644
View file @
834fa9e8
// Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
// AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
// PERFORMANCE OF THIS SOFTWARE.
#include <dns/name.h>
#include <dns/message.h>
#include <dns/rcode.h>
#include <dns/opcode.h>
#include <cc/data.h>
#include <datasrc/client_list.h>
#include <auth/query.h>
#include <testutils/dnsmessage_test.h>
#include <gtest/gtest.h>
#include <string>
using
namespace
isc
::
dns
;
using
namespace
isc
::
auth
;
using
namespace
isc
::
testutils
;
using
isc
::
datasrc
::
ConfigurableClientList
;
using
std
::
string
;
namespace
{
// The DNAME to do tests against
const
char
*
const
dname_txt
=
"dname.example.com. 3600 IN DNAME "
"somethinglong.dnametarget.example.com.
\n
"
;
// This is not inside the zone, this is created at runtime
const
char
*
const
synthetized_cname_txt
=
"www.dname.example.com. 3600 IN CNAME "
"www.somethinglong.dnametarget.example.com.
\n
"
;
// This is a subset of QueryTest using (subset of) the same test data, but
// with the production in-memory data source. Both tests should be eventually
// unified to avoid duplicates.
class
InMemoryQueryTest
:
public
::
testing
::
Test
{
protected:
InMemoryQueryTest
()
:
list
(
RRClass
::
IN
()),
response
(
Message
::
RENDER
)
{
response
.
setRcode
(
Rcode
::
NOERROR
());
response
.
setOpcode
(
Opcode
::
QUERY
());
list
.
configure
(
isc
::
data
::
Element
::
fromJSON
(
"[{
\"
type
\"
:
\"
MasterFiles
\"
,"
"
\"
cache-enable
\"
: true, "
"
\"
params
\"
: {
\"
example.com
\"
:
\"
"
+
string
(
TEST_OWN_DATA_DIR
"/example.zone"
)
+
"
\"
}}]"
),
true
);
}
ConfigurableClientList
list
;
Message
response
;
Query
query
;
};
// A wrapper to check resulting response message commonly used in
// tests below.
// check_origin needs to be specified only when the authority section has
// an SOA RR. The interface is not generic enough but should be okay
// for our test cases in practice.
void
responseCheck
(
Message
&
response
,
const
isc
::
dns
::
Rcode
&
rcode
,
unsigned
int
flags
,
const
unsigned
int
ancount
,
const
unsigned
int
nscount
,
const
unsigned
int
arcount
,
const
char
*
const
expected_answer
,
const
char
*
const
expected_authority
,
const
char
*
const
expected_additional
,
const
Name
&
check_origin
=
Name
::
ROOT_NAME
())
{
// In our test cases QID, Opcode, and QDCOUNT should be constant, so
// we don't bother the test cases specifying these values.
headerCheck
(
response
,
response
.
getQid
(),
rcode
,
Opcode
::
QUERY
().
getCode
(),
flags
,
0
,
ancount
,
nscount
,
arcount
);
if
(
expected_answer
!=
NULL
)
{
rrsetsCheck
(
expected_answer
,
response
.
beginSection
(
Message
::
SECTION_ANSWER
),
response
.
endSection
(
Message
::
SECTION_ANSWER
),
check_origin
);
}
if
(
expected_authority
!=
NULL
)
{
rrsetsCheck
(
expected_authority
,
response
.
beginSection
(
Message
::
SECTION_AUTHORITY
),
response
.
endSection
(
Message
::
SECTION_AUTHORITY
),
check_origin
);
}
if
(
expected_additional
!=
NULL
)
{
rrsetsCheck
(
expected_additional
,
response
.
beginSection
(
Message
::
SECTION_ADDITIONAL
),
response
.
endSection
(
Message
::
SECTION_ADDITIONAL
));
}
}
/*
* Test a query under a domain with DNAME. We should get a synthetized CNAME
* as well as the DNAME.
*
* TODO: Once we have CNAME chaining, check it works with synthetized CNAMEs
* as well. This includes tests pointing inside the zone, outside the zone,
* pointing to NXRRSET and NXDOMAIN cases (similarly as with CNAME).
*/
TEST_F
(
InMemoryQueryTest
,
DNAME
)
{
query
.
process
(
list
,
Name
(
"www.dname.example.com"
),
RRType
::
A
(),
response
);
responseCheck
(
response
,
Rcode
::
NOERROR
(),
AA_FLAG
,
2
,
0
,
0
,
(
string
(
dname_txt
)
+
synthetized_cname_txt
).
c_str
(),
NULL
,
NULL
);
}
}
src/bin/auth/tests/testdata/Makefile.am
View file @
834fa9e8
...
...
@@ -21,6 +21,7 @@ EXTRA_DIST += simpleresponse_fromWire.spec
EXTRA_DIST
+=
spec.spec
EXTRA_DIST
+=
example.com
EXTRA_DIST
+=
example.zone
EXTRA_DIST
+=
example.sqlite3
.spec.wire
:
...
...
src/bin/auth/tests/testdata/example.zone
0 → 100644
View file @
834fa9e8
;;
;; This is a complete (but crafted and somewhat broken) zone file used
;; in query tests.
;;
example.com. 3600 IN SOA . . 0 0 0 0 0
example.com. 3600 IN NS glue.delegation.example.com.
example.com. 3600 IN NS noglue.example.com.
example.com. 3600 IN NS example.net.
example.com. 3600 IN DS 57855 5 1 B6DCD485719ADCA18E5F3D48A2331627FDD3 636B
glue.delegation.example.com. 3600 IN A 192.0.2.153
glue.delegation.example.com. 3600 IN AAAA 2001:db8::53
noglue.example.com. 3600 IN A 192.0.2.53
delegation.example.com. 3600 IN NS glue.delegation.example.com.
delegation.example.com. 3600 IN NS noglue.example.com.
delegation.example.com. 3600 IN NS cname.example.com.
delegation.example.com. 3600 IN NS example.org.
;; Borrowed from the RFC4035
delegation.example.com. 3600 IN DS 57855 5 1 B6DCD485719ADCA18E5F3D48A2331627FDD3 636B
mx.example.com. 3600 IN MX 10 www.example.com.
mx.example.com. 3600 IN MX 20 mailer.example.org.
mx.example.com. 3600 IN MX 30 mx.delegation.example.com.
www.example.com. 3600 IN A 192.0.2.80
cname.example.com. 3600 IN CNAME www.example.com.
cnamenxdom.example.com. 3600 IN CNAME nxdomain.example.com.
;; CNAME Leading out of zone
cnameout.example.com. 3600 IN CNAME www.example.org.
;; The DNAME to do tests against
dname.example.com. 3600 IN DNAME somethinglong.dnametarget.example.com.
;; Some data at the dname node (allowed by RFC 2672)
dname.example.com. 3600 IN A 192.0.2.5
;; The rest of data won't be referenced from the test cases.
cnamemailer.example.com. 3600 IN CNAME www.example.com.
cnamemx.example.com. 3600 IN MX 10 cnamemailer.example.com.
mx.delegation.example.com. 3600 IN A 192.0.2.100
;; Wildcards
*.wild.example.com. 3600 IN A 192.0.2.7
*.wild.example.com. 3600 IN NSEC www.example.com. A NSEC RRSIG
*.cnamewild.example.com. 3600 IN CNAME www.example.org.
*.cnamewild.example.com. 3600 IN NSEC delegation.example.com. CNAME NSEC RRSIG
;; Wildcard_nxrrset
*.uwild.example.com. 3600 IN A 192.0.2.9
*.uwild.example.com. 3600 IN NSEC www.uwild.example.com. A NSEC RRSIG
www.uwild.example.com. 3600 IN A 192.0.2.11
www.uwild.example.com. 3600 IN NSEC *.wild.example.com. A NSEC RRSIG
;; Wildcard empty
b.*.t.example.com. 3600 IN A 192.0.2.13
b.*.t.example.com. 3600 IN NSEC *.uwild.example.com. A NSEC RRSIG
t.example.com. 3600 IN A 192.0.2.15
t.example.com. 3600 IN NSEC b.*.t.example.com. A NSEC RRSIG
;; Used in NXDOMAIN proof test. We are going to test some unusual case where
;; the best possible wildcard is below the "next domain" of the NSEC RR that
;; proves the NXDOMAIN, i.e.,
;; mx.example.com. (exist)
;; (.no.example.com. (qname, NXDOMAIN)
;; ).no.example.com. (exist)
;; *.no.example.com. (best possible wildcard, not exist)
).no.example.com. 3600 IN AAAA 2001:db8::53
;; NSEC records.
example.com. 3600 IN NSEC cname.example.com. NS SOA NSEC RRSIG
mx.example.com. 3600 IN NSEC ).no.example.com. MX NSEC RRSIG
).no.example.com. 3600 IN NSEC nz.no.example.com. AAAA NSEC RRSIG
;; We'll also test the case where a single NSEC proves both NXDOMAIN and the
;; non existence of wildcard. The following records will be used for that
;; test.
;; ).no.example.com. (exist, whose NSEC proves everything)
;; *.no.example.com. (best possible wildcard, not exist)
;; nx.no.example.com. (NXDOMAIN)
;; nz.no.example.com. (exist)
nz.no.example.com. 3600 IN AAAA 2001:db8::5300
nz.no.example.com. 3600 IN NSEC noglue.example.com. AAAA NSEC RRSIG
noglue.example.com. 3600 IN NSEC nonsec.example.com. A
;; NSEC for the normal NXRRSET case
www.example.com. 3600 IN NSEC example.com. A NSEC RRSIG
;; Authoritative data without NSEC
nonsec.example.com. 3600 IN A 192.0.2.0
;; NSEC3 RRs. You may also need to add mapping to MockZoneFinder::hash_map_.
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example.com. 3600 IN NSEC3 1 1 12 aabbccdd 2t7b4g4vsa5smi47k61mv5bv1a22bojr NS SOA NSEC3PARAM RRSIG
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example.com. 3600 IN RRSIG NSEC3 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE
q04jkcevqvmu85r014c7dkba38o0ji5r.example.com. 3600 IN NSEC3 1 1 12 aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG
q04jkcevqvmu85r014c7dkba38o0ji5r.example.com. 3600 IN RRSIG NSEC3 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE
;; NSEC3 for wild.example.com (used in wildcard tests, will be added on
;; demand not to confuse other tests)
ji6neoaepv8b5o6k4ev33abha8ht9fgc.example.com. 3600 IN NSEC3 1 1 12 aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en
;; NSEC3 for cnamewild.example.com (used in wildcard tests, will be added on
;; demand not to confuse other tests)
k8udemvp1j2f7eg6jebps17vp3n8i58h.example.com. 3600 IN NSEC3 1 1 12 aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en
;; NSEC3 for *.uwild.example.com (will be added on demand not to confuse
;; other tests)
b4um86eghhds6nea196smvmlo4ors995.example.com. 3600 IN NSEC3 1 1 12 aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG
;; NSEC3 for uwild.example.com. (will be added on demand)
t644ebqk9bibcna874givr6joj62mlhv.example.com. 3600 IN NSEC3 1 1 12 aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG
;; (Secure) delegation data; Delegation with DS record
signed-delegation.example.com. 3600 IN NS ns.example.net.
signed-delegation.example.com. 3600 IN DS 12345 8 2 764501411DE58E8618945054A3F620B36202E115D015A7773F4B78E0F952CECA
;; (Secure) delegation data; Delegation without DS record (and both NSEC
;; and NSEC3 denying its existence)
unsigned-delegation.example.com. 3600 IN NS ns.example.net.
unsigned-delegation.example.com. 3600 IN NSEC unsigned-delegation-optout.example.com. NS RRSIG NSEC
;; This one will be added on demand
q81r598950igr1eqvc60aedlq66425b5.example.com. 3600 IN NSEC3 1 1 12 aabbccdd 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom NS RRSIG
;; Delegation without DS record, and no direct matching NSEC3 record
unsigned-delegation-optout.example.com. 3600 IN NS ns.example.net.
unsigned-delegation-optout.example.com. 3600 IN NSEC *.uwild.example.com. NS RRSIG NSEC
;; (Secure) delegation data; Delegation where the DS lookup will raise an
;; exception.
bad-delegation.example.com. 3600 IN NS ns.example.net.
;; Delegation from an unsigned parent. There's no DS, and there's no NSEC
;; or NSEC3 that proves it.
nosec-delegation.example.com. 3600 IN NS ns.nosec.example.net.
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment