Commit 87ccb0c6 authored by JINMEI Tatuya's avatar JINMEI Tatuya
Browse files

- tighten validation on incoming requests. return an response rather than

  ignoring requests when an error occurs
- added a framework for auth server unit test with an initial simple test


git-svn-id: svn://bind10.isc.org/svn/bind10/trunk@1306 e5f2f494-b856-4b98-b285-d166d9295462
parent 2ab95a0f
......@@ -223,6 +223,7 @@ AC_CONFIG_FILES([Makefile
src/lib/dns/tests/Makefile
src/lib/exceptions/Makefile
src/lib/auth/Makefile
src/lib/auth/tests/Makefile
])
AC_OUTPUT([src/bin/cfgmgr/b10-cfgmgr.py
src/bin/cmdctl/cmdctl.py
......
SUBDIRS = . tests
AM_CPPFLAGS = -I$(top_builddir)/src/lib -I$(top_srcdir)/ext $(SQLITE_CFLAGS)
pkglibexecdir = $(libexecdir)/@PACKAGE@
......
......@@ -24,6 +24,8 @@
#include <cassert>
#include <iostream>
#include <exceptions/exceptions.h>
#include <dns/buffer.h>
#include <dns/messagerenderer.h>
#include <dns/name.h>
......@@ -49,6 +51,7 @@
using namespace std;
using namespace isc;
using namespace isc::auth;
using namespace isc::dns;
using namespace isc::dns::rdata;
......@@ -89,6 +92,16 @@ AuthSrv::~AuthSrv() {
delete impl_;
}
static void
makeErrorMessage(Message& message, MessageRenderer& renderer,
const Rcode& rcode)
{
message.makeResponse();
message.setRcode(rcode);
message.setUDPSize(4096); // XXX: hardcoding
message.toWire(renderer);
}
int
AuthSrv::processMessage(InputBuffer& request_buffer,
Message& message,
......@@ -97,17 +110,35 @@ AuthSrv::processMessage(InputBuffer& request_buffer,
{
try {
message.fromWire(request_buffer);
} catch (...) {
cerr << "[AuthSrv] parse failed" << endl;
return (-1);
}
} catch (const DNSProtocolError& error) {
cerr << "returning protocol error" << endl;
makeErrorMessage(message, response_renderer, error.getRcode());
return (0);
} catch (const Exception& ex) {
cerr << "returning servfail" << endl;
makeErrorMessage(message, response_renderer, Rcode::SERVFAIL());
return (0);
} // other exceptions will be handled at a higher layer.
if (verbose_mode) {
cerr << "[AuthSrv] received a message:\n" << message.toText() << endl;
}
//
// Incoming Message Validation
//
// In this implementation, we only support normal queries
if (message.getOpcode() != Opcode::QUERY()) {
if (verbose_mode) {
cerr << "unsupported opcode" << endl;
}
makeErrorMessage(message, response_renderer, Rcode::NOTIMP());
return (0);
}
if (message.getRRCount(Section::QUESTION()) != 1) {
return (-1);
makeErrorMessage(message, response_renderer, Rcode::FORMERR());
return (0);
}
const bool dnssec_ok = message.isDNSSECSupported();
......
AM_CPPFLAGS = -I$(top_builddir)/src/lib -I$(top_builddir)/src/bin -I$(top_srcdir)/ext
CLEANFILES = *.gcno *.gcda
TESTS =
if HAVE_GTEST
TESTS += run_unittests
run_unittests_SOURCES = $(top_srcdir)/src/lib/dns/tests/unittest_util.h
run_unittests_SOURCES += $(top_srcdir)/src/lib/dns/tests/unittest_util.cc
run_unittests_SOURCES += ../auth_srv.h ../auth_srv.cc
run_unittests_SOURCES += auth_srv_unittest.cc
run_unittests_SOURCES += run_unittests.cc
run_unittests_CPPFLAGS = $(AM_CPPFLAGS) $(GTEST_INCLUDES)
run_unittests_LDFLAGS = $(AM_LDFLAGS) $(GTEST_LDFLAGS)
run_unittests_LDADD = $(GTEST_LDADD)
run_unittests_LDADD += $(SQLITE_LIBS)
run_unittests_LDADD += $(top_builddir)/src/lib/auth/.libs/libauth.a
run_unittests_LDADD += $(top_builddir)/src/lib/dns/.libs/libdns.a
run_unittests_LDADD += $(top_builddir)/src/lib/config/libcfgclient.a
run_unittests_LDADD += $(top_builddir)/src/lib/cc/libcc.a
run_unittests_LDADD += $(top_builddir)/src/lib/exceptions/.libs/libexceptions.a
if HAVE_BOOSTLIB
run_unittests_LDFLAGS += $(BOOST_LDFLAGS)
run_unittests_LDADD += $(BOOST_SYSTEM_LIB)
endif
endif
noinst_PROGRAMS = $(TESTS)
// Copyright (C) 2010 Internet Systems Consortium, Inc. ("ISC")
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
// AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
// PERFORMANCE OF THIS SOFTWARE.
// $Id$
#include <gtest/gtest.h>
#include <dns/buffer.h>
#include <dns/name.h>
#include <dns/message.h>
#include <dns/messagerenderer.h>
#include <dns/rrclass.h>
#include <dns/rrtype.h>
#include <auth/auth_srv.h>
#include <dns/tests/unittest_util.h>
using isc::UnitTestUtil;
using namespace std;
using namespace isc::dns;
namespace {
class AuthSrvTest : public ::testing::Test {
protected:
AuthSrvTest() : request_message(Message::RENDER),
parse_message(Message::PARSE),
qname("www.example.com"),
qclass(RRClass::IN()), qtype(RRType::A()),
request_obuffer(0), request_renderer(request_obuffer),
response_obuffer(0), response_renderer(response_obuffer)
{}
AuthSrv server;
Message request_message;
Message parse_message;
Name qname;
RRClass qclass;
RRType qtype;
OutputBuffer request_obuffer;
MessageRenderer request_renderer;
OutputBuffer response_obuffer;
MessageRenderer response_renderer;
vector<uint8_t> data;
};
static void
createDataFromFile(const char* const datafile, vector<uint8_t>& data) {
UnitTestUtil::readWireData(datafile, data);
InputBuffer buffer(&data[0], data.size());
}
TEST_F(AuthSrvTest, ManyQuery) {
createDataFromFile("testdata/iquery_fromWire", data);
InputBuffer buffer(&data[0], data.size());
EXPECT_EQ(0, server.processMessage(buffer, parse_message, response_renderer,
true, false));
}
}
// Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
// AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
// PERFORMANCE OF THIS SOFTWARE.
// $Id$
#include <gtest/gtest.h>
int
main(int argc, char* argv[])
{
::testing::InitGoogleTest(&argc, argv);
return (RUN_ALL_TESTS());
}
###
### This data file was auto-generated from iquery_fromWire.spec
###
# Header Section
# ID=4149 QR=Query Opcode=IQUERY(1) Rcode=NOERROR(0)
1035 4000
# QDCNT=1, ANCNT=0, NSCNT=0, ARCNT=0
0001 0000 0000 0000
# Question Section
# QNAME=example.com. QTYPE=A(1) QCLASS=IN(1)
076578616d706c6503636f6d00 0001 0001
#
# IQUERY message.
#
[header]
opcode: iquery
[question]
# use default
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment