Commit 834fa9e8 authored by Stephen Morris's avatar Stephen Morris
Browse files

[2475] Merge branch 'master' into trac2475

parents 3ba0299a 3ef8b316
bind10-devel-20121115 released on November 15, 2012 bind10-devel-20121115 released on November 15, 2012
506. [doc] jelte 507. [doc] jelte
Added a chapter about the use of the bindctl command tool to Added a chapter about the use of the bindctl command tool to
to the BIND 10 guide. to the BIND 10 guide.
(Trac #2305, git c4b0294b5bf4a9d32fb18ab62ca572f492788d72) (Trac #2305, git c4b0294b5bf4a9d32fb18ab62ca572f492788d72)
506. [security] jinmei
Fixed a use-after-free case in handling DNAME record with the
in-memory data source. This could lead to a crash of b10-auth
if it serves a zone containing a DNAME RR from the in-memory
data source. This bug was introduced at bind10-devel-20120927.
(Trac #2471, git 2b1793ac78f972ddb1ae2fd092a7f539902223ff)
505. [bug] jelte 505. [bug] jelte
Fixed a bug in b10-xfrin where a wrong call was made during the Fixed a bug in b10-xfrin where a wrong call was made during the
final check of a TSIG-signed transfer, incorrectly rejecting the final check of a TSIG-signed transfer, incorrectly rejecting the
......
...@@ -410,9 +410,9 @@ Query::process(datasrc::ClientList& client_list, ...@@ -410,9 +410,9 @@ Query::process(datasrc::ClientList& client_list,
*/ */
assert(db_context->rrset->getRdataCount() > 0); assert(db_context->rrset->getRdataCount() > 0);
// Get the data of DNAME // Get the data of DNAME
RdataIteratorPtr rit = db_context->rrset->getRdataIterator();
const rdata::generic::DNAME& dname( const rdata::generic::DNAME& dname(
dynamic_cast<const rdata::generic::DNAME&>( dynamic_cast<const rdata::generic::DNAME&>(rit->getCurrent()));
db_context->rrset->getRdataIterator()->getCurrent()));
// The yet unmatched prefix dname // The yet unmatched prefix dname
const Name prefix(qname_->split(0, qname_->getLabelCount() - const Name prefix(qname_->split(0, qname_->getLabelCount() -
db_context->rrset->getName().getLabelCount())); db_context->rrset->getName().getLabelCount()));
......
...@@ -50,6 +50,7 @@ run_unittests_SOURCES += config_syntax_unittest.cc ...@@ -50,6 +50,7 @@ run_unittests_SOURCES += config_syntax_unittest.cc
run_unittests_SOURCES += command_unittest.cc run_unittests_SOURCES += command_unittest.cc
run_unittests_SOURCES += common_unittest.cc run_unittests_SOURCES += common_unittest.cc
run_unittests_SOURCES += query_unittest.cc run_unittests_SOURCES += query_unittest.cc
run_unittests_SOURCES += query_inmemory_unittest.cc
run_unittests_SOURCES += statistics_unittest.cc run_unittests_SOURCES += statistics_unittest.cc
run_unittests_SOURCES += test_datasrc_clients_mgr.h test_datasrc_clients_mgr.cc run_unittests_SOURCES += test_datasrc_clients_mgr.h test_datasrc_clients_mgr.cc
run_unittests_SOURCES += datasrc_clients_builder_unittest.cc run_unittests_SOURCES += datasrc_clients_builder_unittest.cc
......
// Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
// AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
// PERFORMANCE OF THIS SOFTWARE.
#include <dns/name.h>
#include <dns/message.h>
#include <dns/rcode.h>
#include <dns/opcode.h>
#include <cc/data.h>
#include <datasrc/client_list.h>
#include <auth/query.h>
#include <testutils/dnsmessage_test.h>
#include <gtest/gtest.h>
#include <string>
using namespace isc::dns;
using namespace isc::auth;
using namespace isc::testutils;
using isc::datasrc::ConfigurableClientList;
using std::string;
namespace {
// The DNAME to do tests against
const char* const dname_txt =
"dname.example.com. 3600 IN DNAME "
"somethinglong.dnametarget.example.com.\n";
// This is not inside the zone, this is created at runtime
const char* const synthetized_cname_txt =
"www.dname.example.com. 3600 IN CNAME "
"www.somethinglong.dnametarget.example.com.\n";
// This is a subset of QueryTest using (subset of) the same test data, but
// with the production in-memory data source. Both tests should be eventually
// unified to avoid duplicates.
class InMemoryQueryTest : public ::testing::Test {
protected:
InMemoryQueryTest() : list(RRClass::IN()), response(Message::RENDER) {
response.setRcode(Rcode::NOERROR());
response.setOpcode(Opcode::QUERY());
list.configure(isc::data::Element::fromJSON(
"[{\"type\": \"MasterFiles\","
" \"cache-enable\": true, "
" \"params\": {\"example.com\": \"" +
string(TEST_OWN_DATA_DIR "/example.zone") +
"\"}}]"), true);
}
ConfigurableClientList list;
Message response;
Query query;
};
// A wrapper to check resulting response message commonly used in
// tests below.
// check_origin needs to be specified only when the authority section has
// an SOA RR. The interface is not generic enough but should be okay
// for our test cases in practice.
void
responseCheck(Message& response, const isc::dns::Rcode& rcode,
unsigned int flags, const unsigned int ancount,
const unsigned int nscount, const unsigned int arcount,
const char* const expected_answer,
const char* const expected_authority,
const char* const expected_additional,
const Name& check_origin = Name::ROOT_NAME())
{
// In our test cases QID, Opcode, and QDCOUNT should be constant, so
// we don't bother the test cases specifying these values.
headerCheck(response, response.getQid(), rcode, Opcode::QUERY().getCode(),
flags, 0, ancount, nscount, arcount);
if (expected_answer != NULL) {
rrsetsCheck(expected_answer,
response.beginSection(Message::SECTION_ANSWER),
response.endSection(Message::SECTION_ANSWER),
check_origin);
}
if (expected_authority != NULL) {
rrsetsCheck(expected_authority,
response.beginSection(Message::SECTION_AUTHORITY),
response.endSection(Message::SECTION_AUTHORITY),
check_origin);
}
if (expected_additional != NULL) {
rrsetsCheck(expected_additional,
response.beginSection(Message::SECTION_ADDITIONAL),
response.endSection(Message::SECTION_ADDITIONAL));
}
}
/*
* Test a query under a domain with DNAME. We should get a synthetized CNAME
* as well as the DNAME.
*
* TODO: Once we have CNAME chaining, check it works with synthetized CNAMEs
* as well. This includes tests pointing inside the zone, outside the zone,
* pointing to NXRRSET and NXDOMAIN cases (similarly as with CNAME).
*/
TEST_F(InMemoryQueryTest, DNAME) {
query.process(list, Name("www.dname.example.com"), RRType::A(),
response);
responseCheck(response, Rcode::NOERROR(), AA_FLAG, 2, 0, 0,
(string(dname_txt) + synthetized_cname_txt).c_str(),
NULL, NULL);
}
}
...@@ -21,6 +21,7 @@ EXTRA_DIST += simpleresponse_fromWire.spec ...@@ -21,6 +21,7 @@ EXTRA_DIST += simpleresponse_fromWire.spec
EXTRA_DIST += spec.spec EXTRA_DIST += spec.spec
EXTRA_DIST += example.com EXTRA_DIST += example.com
EXTRA_DIST += example.zone
EXTRA_DIST += example.sqlite3 EXTRA_DIST += example.sqlite3
.spec.wire: .spec.wire:
......
;;
;; This is a complete (but crafted and somewhat broken) zone file used
;; in query tests.
;;
example.com. 3600 IN SOA . . 0 0 0 0 0
example.com. 3600 IN NS glue.delegation.example.com.
example.com. 3600 IN NS noglue.example.com.
example.com. 3600 IN NS example.net.
example.com. 3600 IN DS 57855 5 1 B6DCD485719ADCA18E5F3D48A2331627FDD3 636B
glue.delegation.example.com. 3600 IN A 192.0.2.153
glue.delegation.example.com. 3600 IN AAAA 2001:db8::53
noglue.example.com. 3600 IN A 192.0.2.53
delegation.example.com. 3600 IN NS glue.delegation.example.com.
delegation.example.com. 3600 IN NS noglue.example.com.
delegation.example.com. 3600 IN NS cname.example.com.
delegation.example.com. 3600 IN NS example.org.
;; Borrowed from the RFC4035
delegation.example.com. 3600 IN DS 57855 5 1 B6DCD485719ADCA18E5F3D48A2331627FDD3 636B
mx.example.com. 3600 IN MX 10 www.example.com.
mx.example.com. 3600 IN MX 20 mailer.example.org.
mx.example.com. 3600 IN MX 30 mx.delegation.example.com.
www.example.com. 3600 IN A 192.0.2.80
cname.example.com. 3600 IN CNAME www.example.com.
cnamenxdom.example.com. 3600 IN CNAME nxdomain.example.com.
;; CNAME Leading out of zone
cnameout.example.com. 3600 IN CNAME www.example.org.
;; The DNAME to do tests against
dname.example.com. 3600 IN DNAME somethinglong.dnametarget.example.com.
;; Some data at the dname node (allowed by RFC 2672)
dname.example.com. 3600 IN A 192.0.2.5
;; The rest of data won't be referenced from the test cases.
cnamemailer.example.com. 3600 IN CNAME www.example.com.
cnamemx.example.com. 3600 IN MX 10 cnamemailer.example.com.
mx.delegation.example.com. 3600 IN A 192.0.2.100
;; Wildcards
*.wild.example.com. 3600 IN A 192.0.2.7
*.wild.example.com. 3600 IN NSEC www.example.com. A NSEC RRSIG
*.cnamewild.example.com. 3600 IN CNAME www.example.org.
*.cnamewild.example.com. 3600 IN NSEC delegation.example.com. CNAME NSEC RRSIG
;; Wildcard_nxrrset
*.uwild.example.com. 3600 IN A 192.0.2.9
*.uwild.example.com. 3600 IN NSEC www.uwild.example.com. A NSEC RRSIG
www.uwild.example.com. 3600 IN A 192.0.2.11
www.uwild.example.com. 3600 IN NSEC *.wild.example.com. A NSEC RRSIG
;; Wildcard empty
b.*.t.example.com. 3600 IN A 192.0.2.13
b.*.t.example.com. 3600 IN NSEC *.uwild.example.com. A NSEC RRSIG
t.example.com. 3600 IN A 192.0.2.15
t.example.com. 3600 IN NSEC b.*.t.example.com. A NSEC RRSIG
;; Used in NXDOMAIN proof test. We are going to test some unusual case where
;; the best possible wildcard is below the "next domain" of the NSEC RR that
;; proves the NXDOMAIN, i.e.,
;; mx.example.com. (exist)
;; (.no.example.com. (qname, NXDOMAIN)
;; ).no.example.com. (exist)
;; *.no.example.com. (best possible wildcard, not exist)
).no.example.com. 3600 IN AAAA 2001:db8::53
;; NSEC records.
example.com. 3600 IN NSEC cname.example.com. NS SOA NSEC RRSIG
mx.example.com. 3600 IN NSEC ).no.example.com. MX NSEC RRSIG
).no.example.com. 3600 IN NSEC nz.no.example.com. AAAA NSEC RRSIG
;; We'll also test the case where a single NSEC proves both NXDOMAIN and the
;; non existence of wildcard. The following records will be used for that
;; test.
;; ).no.example.com. (exist, whose NSEC proves everything)
;; *.no.example.com. (best possible wildcard, not exist)
;; nx.no.example.com. (NXDOMAIN)
;; nz.no.example.com. (exist)
nz.no.example.com. 3600 IN AAAA 2001:db8::5300
nz.no.example.com. 3600 IN NSEC noglue.example.com. AAAA NSEC RRSIG
noglue.example.com. 3600 IN NSEC nonsec.example.com. A
;; NSEC for the normal NXRRSET case
www.example.com. 3600 IN NSEC example.com. A NSEC RRSIG
;; Authoritative data without NSEC
nonsec.example.com. 3600 IN A 192.0.2.0
;; NSEC3 RRs. You may also need to add mapping to MockZoneFinder::hash_map_.
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example.com. 3600 IN NSEC3 1 1 12 aabbccdd 2t7b4g4vsa5smi47k61mv5bv1a22bojr NS SOA NSEC3PARAM RRSIG
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example.com. 3600 IN RRSIG NSEC3 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE
q04jkcevqvmu85r014c7dkba38o0ji5r.example.com. 3600 IN NSEC3 1 1 12 aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG
q04jkcevqvmu85r014c7dkba38o0ji5r.example.com. 3600 IN RRSIG NSEC3 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE
;; NSEC3 for wild.example.com (used in wildcard tests, will be added on
;; demand not to confuse other tests)
ji6neoaepv8b5o6k4ev33abha8ht9fgc.example.com. 3600 IN NSEC3 1 1 12 aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en
;; NSEC3 for cnamewild.example.com (used in wildcard tests, will be added on
;; demand not to confuse other tests)
k8udemvp1j2f7eg6jebps17vp3n8i58h.example.com. 3600 IN NSEC3 1 1 12 aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en
;; NSEC3 for *.uwild.example.com (will be added on demand not to confuse
;; other tests)
b4um86eghhds6nea196smvmlo4ors995.example.com. 3600 IN NSEC3 1 1 12 aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG
;; NSEC3 for uwild.example.com. (will be added on demand)
t644ebqk9bibcna874givr6joj62mlhv.example.com. 3600 IN NSEC3 1 1 12 aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG
;; (Secure) delegation data; Delegation with DS record
signed-delegation.example.com. 3600 IN NS ns.example.net.
signed-delegation.example.com. 3600 IN DS 12345 8 2 764501411DE58E8618945054A3F620B36202E115D015A7773F4B78E0F952CECA
;; (Secure) delegation data; Delegation without DS record (and both NSEC
;; and NSEC3 denying its existence)
unsigned-delegation.example.com. 3600 IN NS ns.example.net.
unsigned-delegation.example.com. 3600 IN NSEC unsigned-delegation-optout.example.com. NS RRSIG NSEC
;; This one will be added on demand
q81r598950igr1eqvc60aedlq66425b5.example.com. 3600 IN NSEC3 1 1 12 aabbccdd 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom NS RRSIG
;; Delegation without DS record, and no direct matching NSEC3 record
unsigned-delegation-optout.example.com. 3600 IN NS ns.example.net.
unsigned-delegation-optout.example.com. 3600 IN NSEC *.uwild.example.com. NS RRSIG NSEC
;; (Secure) delegation data; Delegation where the DS lookup will raise an
;; exception.
bad-delegation.example.com. 3600 IN NS ns.example.net.
;; Delegation from an unsigned parent. There's no DS, and there's no NSEC
;; or NSEC3 that proves it.
nosec-delegation.example.com. 3600 IN NS ns.nosec.example.net.
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment