Skip to content
GitLab
Commit 93f4485d authored by JINMEI Tatuya's avatar JINMEI Tatuya
Browse files

[1431] updated auth test MockZoneFinder to confirm to the new result format. 

the tentative attempt of returning NSEC3 RRsets in negative cases were
canceled, and updated the doxygen doc accordingly.
parent 2528257c
Hide whitespace changes
Inline Side-by-side
src/bin/auth/query.cc
View file @ 93f4485d
......@@ -35,7 +35,19 @@ namespace {
// one, until we update all supported data source implementations.
ZoneFinder::FindResult
findWrapper(const ZoneFinder::FindResult& orig_result) {
// Retrieve the original flags
ZoneFinder::FindResultFlags flags = ZoneFinder::RESULT_DEFAULT;
if (orig_result.isWildcard()) {
flags = flags | ZoneFinder::RESULT_WILDCARD;
}
if (orig_result.isNSECSigned()) {
flags = flags | ZoneFinder::RESULT_NSEC_SIGNED;
}
if (orig_result.isNSEC3Signed()) {
flags = flags | ZoneFinder::RESULT_NSEC3_SIGNED;
}
// Convert older code to new one, adjusting flags if necessary
ZoneFinder::Result code = orig_result.code;
if (code == ZoneFinder::WILDCARD) {
code = ZoneFinder::SUCCESS;
......@@ -399,7 +411,7 @@ Query::process() {
case ZoneFinder::NXRRSET:
addSOA(*result.zone_finder);
if (dnssec_) {
if (db_result.isNSECSigned()) {
if (db_result.isNSECSigned() && db_result.rrset) {
response_.addRRset(Message::SECTION_AUTHORITY,
boost::const_pointer_cast<RRset>(
db_result.rrset),
......
src/bin/auth/tests/query_unittest.cc
View file @ 93f4485d
......@@ -481,18 +481,15 @@ MockZoneFinder::find(const Name& name, const RRType& type,
// Otherwise it's NXRRSET case.
if ((options & FIND_DNSSEC) != 0) {
if (use_nsec3_) {
return (FindResult(NXRRSET,
RRsetPtr(new RRset(found_domain->first,
RRClass::IN(),
RRType::NSEC3(),
RRTTL(0)))));
return (FindResult(NXRRSET, RRsetPtr(), RESULT_NSEC3_SIGNED));
}
found_rrset = found_domain->second.find(RRType::NSEC());
if (found_rrset != found_domain->second.end()) {
return (FindResult(NXRRSET, found_rrset->second));
return (FindResult(NXRRSET, found_rrset->second,
RESULT_NSEC_SIGNED));
}
}
return (FindResult(NXRRSET, RRsetPtr()));
return (FindResult(NXRRSET, RRsetPtr(), RESULT_NSEC_SIGNED));
}
// query name isn't found in our domains.
......@@ -512,15 +509,13 @@ MockZoneFinder::find(const Name& name, const RRType& type,
--domain; // reset domain to the "previous name"
if ((options & FIND_DNSSEC) != 0) {
if (use_nsec3_) {
return (FindResult(NXRRSET,
RRsetPtr(new RRset(name, RRClass::IN(),
RRType::NSEC3(),
RRTTL(0)))));
return (FindResult(NXRRSET, RRsetPtr(), RESULT_NSEC3_SIGNED));
}
RRsetStore::const_iterator found_rrset =
(*domain).second.find(RRType::NSEC());
if (found_rrset != (*domain).second.end()) {
return (FindResult(NXRRSET, found_rrset->second));
return (FindResult(NXRRSET, found_rrset->second,
RESULT_NSEC_SIGNED));
}
}
return (FindResult(NXRRSET, RRsetPtr()));
......@@ -544,38 +539,38 @@ MockZoneFinder::find(const Name& name, const RRType& type,
domain->second.find(type);
// Matched the QTYPE
if(found_rrset != domain->second.end()) {
return (FindResult(WILDCARD,
return (FindResult(SUCCESS,
substituteWild(
*found_rrset->second, name)));
*found_rrset->second, name),
RESULT_WILDCARD |
(use_nsec3_ ?
RESULT_NSEC3_SIGNED :
RESULT_NSEC_SIGNED)));
} else {
// No matched QTYPE, this case is for WILDCARD_NXRRSET
const Name new_name =
Name("*").concatenate(wild_suffix);
if (use_nsec3_) {
return (FindResult(WILDCARD_NXRRSET,
RRsetPtr(new RRset(
new_name,
RRClass::IN(),
RRType::NSEC3(),
RRTTL(0)))));
return (FindResult(NXRRSET, RRsetPtr(),
RESULT_WILDCARD |
RESULT_NSEC3_SIGNED));
}
const Name new_name =
Name("*").concatenate(wild_suffix);
found_rrset = domain->second.find(RRType::NSEC());
assert(found_rrset != domain->second.end());
return (FindResult(WILDCARD_NXRRSET,
return (FindResult(NXRRSET,
substituteWild(
*found_rrset->second,
new_name)));
new_name),
RESULT_WILDCARD |
RESULT_NSEC_SIGNED));
}
} else {
// This is empty non terminal name case on wildcard.
const Name empty_name = Name("*").concatenate(wild_suffix);
if (use_nsec3_) {
return (FindResult(WILDCARD_NXRRSET,
RRsetPtr(new RRset(
empty_name,
RRClass::IN(),
RRType::NSEC3(),
RRTTL(0)))));
return (FindResult(NXRRSET, RRsetPtr(),
RESULT_WILDCARD |
RESULT_NSEC3_SIGNED));
}
for (Domains::reverse_iterator it = domains_.rbegin();
it != domains_.rend();
......@@ -584,12 +579,13 @@ MockZoneFinder::find(const Name& name, const RRType& type,
if ((*it).first < empty_name &&
(nsec_it = (*it).second.find(RRType::NSEC()))
!= (*it).second.end()) {
return (FindResult(WILDCARD_NXRRSET,
(*nsec_it).second));
return (FindResult(NXRRSET, (*nsec_it).second,
RESULT_WILDCARD |
RESULT_NSEC_SIGNED));
}
}
}
return (FindResult(WILDCARD_NXRRSET,RRsetPtr()));
return (FindResult(NXRRSET, RRsetPtr(), RESULT_WILDCARD));
}
}
const Name cnamewild_suffix("cnamewild.example.com");
......@@ -600,8 +596,11 @@ MockZoneFinder::find(const Name& name, const RRType& type,
RRsetStore::const_iterator found_rrset =
domain->second.find(RRType::CNAME());
assert(found_rrset != domain->second.end());
return (FindResult(WILDCARD_CNAME,
substituteWild(*found_rrset->second, name)));
return (FindResult(CNAME,
substituteWild(*found_rrset->second, name),
RESULT_WILDCARD |
(use_nsec3_ ? RESULT_NSEC3_SIGNED :
RESULT_NSEC_SIGNED)));
}
}
......@@ -614,13 +613,7 @@ MockZoneFinder::find(const Name& name, const RRType& type,
// than the origin)
if ((options & FIND_DNSSEC) != 0) {
if (use_nsec3_) {
// In many cases the closest encloser should be the apex name.
// So for now we always return it.
return (FindResult(NXDOMAIN,
RRsetPtr(new RRset(Name("example.com"),
RRClass::IN(),
RRType::NSEC3(),
RRTTL(0)))));
return (FindResult(NXDOMAIN, RRsetPtr(), RESULT_NSEC3_SIGNED));
}
// Emulate a broken DataSourceClient for some special names.
......@@ -638,7 +631,8 @@ MockZoneFinder::find(const Name& name, const RRType& type,
if ((*it).first < name &&
(nsec_it = (*it).second.find(RRType::NSEC()))
!= (*it).second.end()) {
return (FindResult(NXDOMAIN, (*nsec_it).second));
return (FindResult(NXDOMAIN, (*nsec_it).second,
RESULT_NSEC_SIGNED));
}
}
}
......@@ -1507,9 +1501,9 @@ TEST_F(QueryTest, nxdomainWithNSEC3) {
ZoneFinder::FindResult result = mock_finder->find(
Name("nxdomain.example.com"), RRType::A(), ZoneFinder::FIND_DNSSEC);
EXPECT_EQ(ZoneFinder::NXDOMAIN, result.code);
ASSERT_TRUE(result.rrset);
EXPECT_EQ(RRType::NSEC3(), result.rrset->getType());
EXPECT_EQ(Name("example.com"), result.rrset->getName());
EXPECT_FALSE(result.rrset);
EXPECT_TRUE(result.isNSEC3Signed());
EXPECT_FALSE(result.isWildcard());
}
TEST_F(QueryTest, nxrrsetWithNSEC3) {
......@@ -1517,9 +1511,9 @@ TEST_F(QueryTest, nxrrsetWithNSEC3) {
ZoneFinder::FindResult result = mock_finder->find(
Name("www.example.com"), RRType::TXT(), ZoneFinder::FIND_DNSSEC);
EXPECT_EQ(ZoneFinder::NXRRSET, result.code);
ASSERT_TRUE(result.rrset);
EXPECT_EQ(RRType::NSEC3(), result.rrset->getType());
EXPECT_EQ(Name("www.example.com"), result.rrset->getName());
EXPECT_FALSE(result.rrset);
EXPECT_TRUE(result.isNSEC3Signed());
EXPECT_FALSE(result.isWildcard());
}
TEST_F(QueryTest, emptyNameWithNSEC3) {
......@@ -1527,9 +1521,9 @@ TEST_F(QueryTest, emptyNameWithNSEC3) {
ZoneFinder::FindResult result = mock_finder->find(
Name("no.example.com"), RRType::A(), ZoneFinder::FIND_DNSSEC);
EXPECT_EQ(ZoneFinder::NXRRSET, result.code);
ASSERT_TRUE(result.rrset);
EXPECT_EQ(RRType::NSEC3(), result.rrset->getType());
EXPECT_EQ(Name("no.example.com"), result.rrset->getName());
EXPECT_FALSE(result.rrset);
EXPECT_TRUE(result.isNSEC3Signed());
EXPECT_FALSE(result.isWildcard());
}
TEST_F(QueryTest, wildcardNxrrsetWithNSEC3) {
......@@ -1537,19 +1531,18 @@ TEST_F(QueryTest, wildcardNxrrsetWithNSEC3) {
ZoneFinder::FindResult result = mock_finder->find(
Name("www1.uwild.example.com"), RRType::TXT(),
ZoneFinder::FIND_DNSSEC);
EXPECT_EQ(ZoneFinder::WILDCARD_NXRRSET, result.code);
ASSERT_TRUE(result.rrset);
EXPECT_EQ(RRType::NSEC3(), result.rrset->getType());
EXPECT_EQ(Name("*.uwild.example.com"), result.rrset->getName());
EXPECT_EQ(ZoneFinder::NXRRSET, result.code);
EXPECT_FALSE(result.rrset);
EXPECT_TRUE(result.isNSEC3Signed());
EXPECT_TRUE(result.isWildcard());
}
TEST_F(QueryTest, wildcardEmptyWithNSEC3) {
mock_finder->setNSEC3Flag(true);
ZoneFinder::FindResult result = mock_finder->find(
Name("a.t.example.com"), RRType::A(), ZoneFinder::FIND_DNSSEC);
EXPECT_EQ(ZoneFinder::WILDCARD_NXRRSET, result.code);
ASSERT_TRUE(result.rrset);
EXPECT_EQ(RRType::NSEC3(), result.rrset->getType());
EXPECT_EQ(Name("*.t.example.com"), result.rrset->getName());
EXPECT_EQ(ZoneFinder::NXRRSET, result.code);
EXPECT_TRUE(result.isNSEC3Signed());
EXPECT_TRUE(result.isWildcard());
}
}
src/lib/datasrc/zone.h
View file @ 93f4485d
......@@ -279,20 +279,15 @@ public:
/// of \c DELEGATION and the NS RRset at the zone cut.
/// - If there is no matching name, it returns the code of \c NXDOMAIN,
/// and, if DNSSEC is requested, the NSEC RRset that proves the
/// non-existence if the zone is signed with NSEC; if it's signed with
/// NSEC3, an empty NSEC3 RRset (an RRset that doesn't have RDATA)
/// whose name is the closest encloser of the given name.
/// non-existence if the zone is signed with NSEC.
/// - If there is a matching name but no RRset of the search type, it
/// returns the code of \c NXRRSET, and, if DNSSEC is required,
/// the NSEC RRset for that name if the zone is signed with NSEC;
/// if it's signed with NSEC3, an empty NSEC3 RRset whose name is the
/// given name.
/// the NSEC RRset for that name if the zone is signed with NSEC.
/// - If there is no matching name but there is a matching wild card name,
/// but it doesn't have a requested type of RR, and if DNSSEC is
/// required, then it returns the code of \c WILDCARD_NXRRSET.
/// If the zone is signed with NSEC, it returns corresponding NSEC
/// (see the description of \c Result); if it's signed with NSEC3,
/// it returns an empty NSEC3 RRset whose name is the matching wildcard.
/// (see the description of \c Result).
/// - If there is a CNAME RR of the searched name but there is no
/// RR of the searched type of the name (so this type is different from
/// CNAME), it returns the code of \c CNAME and that CNAME RR.
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment