Commit 42c59bc2 authored by Shane Kerr's avatar Shane Kerr
Browse files
parents b5ee1d01 a9bbc6ee
505. [bug] jelte
Fixed a bug in b10-xfrin where a wrong call was made during the
final check of a TSIG-signed transfer, incorrectly rejecting the
transfer.
(Trac #2464, git eac81c0cbebee72f6478bdb5cda915f5470d08e1)
504. [bug]* naokikambe
Fixed an XML format viewed from b10-stats-httpd. Regarding
per-zone counters as zones of Xfrout, a part of the item values wasn't
......
......@@ -570,7 +570,7 @@ class TestXfrinIXFRAdd(TestXfrinState):
# difference, starting with removing that SOA.
self.conn._diff.add_data(self.ns_rrset) # put some dummy change
self.conn._tsig_ctx = MockTSIGContext(TSIG_KEY)
self.conn._tsig_ctx.last_has_signature = lambda: False
self.conn._tsig_ctx.last_had_signature = lambda: False
# First, push a starting SOA inside. This should be OK, nothing checked
# yet.
self.state.handle_rr(self.conn, self.begin_soa)
......@@ -821,7 +821,7 @@ class TestAXFR(TestXfrinConnection):
mock_ctx = MockTSIGContext(key)
mock_ctx.error = error
if not has_last_signature:
mock_ctx.last_has_signature = lambda: False
mock_ctx.last_had_signature = lambda: False
return mock_ctx
def __match_exception(self, expected_exception, expected_msg, expression):
......
......@@ -797,7 +797,7 @@ class XfrinConnection(asyncore.dispatcher):
Check there's a signature at the last message.
"""
if self._tsig_ctx is not None:
if not self._tsig_ctx.last_has_signature():
if not self._tsig_ctx.last_had_signature():
raise XfrinProtocolError('TSIG verify fail: no TSIG on last '+
'message')
......
......@@ -52,5 +52,5 @@ class MockTSIGContext(TSIGContext):
return self.error(self)
return self.error
def last_has_signature(self):
def last_had_signature(self):
return True
......@@ -61,6 +61,8 @@ copylist = [
"configurations/ddns/noddns.config"],
["configurations/xfrin/retransfer_master.conf.orig",
"configurations/xfrin/retransfer_master.conf"],
["configurations/xfrin/retransfer_slave.conf.orig",
"configurations/xfrin/retransfer_slave.conf"],
["data/inmem-xfrin.sqlite3.orig",
"data/inmem-xfrin.sqlite3"],
["data/xfrin-notify.sqlite3.orig",
......
Feature: Xfrin
Feature: Xfrin
Tests for Xfrin, specific for BIND 10 behaviour.
Scenario: Retransfer command
# Standard check to test (non-)existence of a file.
# This file is actually automatically created.
......@@ -37,3 +37,52 @@ Feature: Xfrin
# We don't have to specify the address/port here; the defaults will work.
When I do an AXFR transfer of example.org
Then transfer result should have 13 rrs
Scenario: Transfer with TSIG
# Similar setup to the test above, but this time, we add TSIG configuration
# In order to check that the tests don't give false positives because config
# happens to be right (like no TSIG on either side), we take an existing
# non-TSIG config, add TSIG on the master side, see it fail, add TSIG
# on the slave side, then check again.
Given I have bind10 running with configuration xfrin/retransfer_master.conf with cmdctl port 47804 as master
And wait for master stderr message AUTH_SERVER_STARTED
And wait for master stderr message XFROUT_STARTED
And I have bind10 running with configuration xfrin/retransfer_slave.conf
And wait for bind10 stderr message CMDCTL_STARTED
And wait for bind10 stderr message XFRIN_STARTED
# Set slave config for 'automatic' xfrin
When I set bind10 configuration Xfrin/zones to [{"master_port": 47806, "name": "example.org", "master_addr": "::1"}]
# Make sure it is fully open
When I send bind10 the command Xfrin retransfer example.org
Then wait for new bind10 stderr message XFRIN_TRANSFER_SUCCESS not XFRIN_XFR_PROCESS_FAILURE
And wait for new bind10 stderr message ZONEMGR_RECEIVE_XFRIN_SUCCESS
# First to master, a transfer should then fail
When I send bind10 the following commands with cmdctl port 47804:
"""
config add tsig_keys/keys "example.key.:c2VjcmV0"
config set Xfrout/zone_config[0]/transfer_acl [{"action": "ACCEPT", "from": "::1", "key": "example.key."}]
config commit
"""
# Transfer should fail
When I send bind10 the command Xfrin retransfer example.org
Then wait for new bind10 stderr message XFRIN_XFR_TRANSFER_PROTOCOL_ERROR not XFRIN_TRANSFER_SUCCESS
# Set client to use TSIG as well
When I send bind10 the following commands:
"""
config add tsig_keys/keys "example.key.:c2VjcmV0"
config set Xfrin/zones[0]/tsig_key "example.key.:c2VjcmV0"
config commit
"""
# Transwer should succeed now
When I send bind10 the command Xfrin retransfer example.org
Then wait for new bind10 stderr message XFRIN_TRANSFER_SUCCESS not XFRIN_XFR_PROCESS_FAILURE
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment