Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
Sebastian Schrader
Kea
Commits
53e4c255
Commit
53e4c255
authored
Nov 15, 2012
by
Jeremy C. Reed
Browse files
[master]Merge remote-tracking branch 'remotes/bind10-private/sec-trac2471'
parents
718e97a5
ca8a13dd
Changes
5
Hide whitespace changes
Inline
Side-by-side
src/bin/auth/query.cc
View file @
53e4c255
...
...
@@ -410,9 +410,9 @@ Query::process(datasrc::ClientList& client_list,
*/
assert
(
db_context
->
rrset
->
getRdataCount
()
>
0
);
// Get the data of DNAME
RdataIteratorPtr
rit
=
db_context
->
rrset
->
getRdataIterator
();
const
rdata
::
generic
::
DNAME
&
dname
(
dynamic_cast
<
const
rdata
::
generic
::
DNAME
&>
(
db_context
->
rrset
->
getRdataIterator
()
->
getCurrent
()));
dynamic_cast
<
const
rdata
::
generic
::
DNAME
&>
(
rit
->
getCurrent
()));
// The yet unmatched prefix dname
const
Name
prefix
(
qname_
->
split
(
0
,
qname_
->
getLabelCount
()
-
db_context
->
rrset
->
getName
().
getLabelCount
()));
...
...
src/bin/auth/tests/Makefile.am
View file @
53e4c255
...
...
@@ -50,6 +50,7 @@ run_unittests_SOURCES += config_syntax_unittest.cc
run_unittests_SOURCES
+=
command_unittest.cc
run_unittests_SOURCES
+=
common_unittest.cc
run_unittests_SOURCES
+=
query_unittest.cc
run_unittests_SOURCES
+=
query_inmemory_unittest.cc
run_unittests_SOURCES
+=
statistics_unittest.cc
run_unittests_SOURCES
+=
test_datasrc_clients_mgr.h test_datasrc_clients_mgr.cc
run_unittests_SOURCES
+=
datasrc_clients_builder_unittest.cc
...
...
src/bin/auth/tests/query_inmemory_unittest.cc
0 → 100644
View file @
53e4c255
// Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC")
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
// AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
// PERFORMANCE OF THIS SOFTWARE.
#include
<dns/name.h>
#include
<dns/message.h>
#include
<dns/rcode.h>
#include
<dns/opcode.h>
#include
<cc/data.h>
#include
<datasrc/client_list.h>
#include
<auth/query.h>
#include
<testutils/dnsmessage_test.h>
#include
<gtest/gtest.h>
#include
<string>
using
namespace
isc
::
dns
;
using
namespace
isc
::
auth
;
using
namespace
isc
::
testutils
;
using
isc
::
datasrc
::
ConfigurableClientList
;
using
std
::
string
;
namespace
{
// The DNAME to do tests against
const
char
*
const
dname_txt
=
"dname.example.com. 3600 IN DNAME "
"somethinglong.dnametarget.example.com.
\n
"
;
// This is not inside the zone, this is created at runtime
const
char
*
const
synthetized_cname_txt
=
"www.dname.example.com. 3600 IN CNAME "
"www.somethinglong.dnametarget.example.com.
\n
"
;
// This is a subset of QueryTest using (subset of) the same test data, but
// with the production in-memory data source. Both tests should be eventually
// unified to avoid duplicates.
class
InMemoryQueryTest
:
public
::
testing
::
Test
{
protected:
InMemoryQueryTest
()
:
list
(
RRClass
::
IN
()),
response
(
Message
::
RENDER
)
{
response
.
setRcode
(
Rcode
::
NOERROR
());
response
.
setOpcode
(
Opcode
::
QUERY
());
list
.
configure
(
isc
::
data
::
Element
::
fromJSON
(
"[{
\"
type
\"
:
\"
MasterFiles
\"
,"
"
\"
cache-enable
\"
: true, "
"
\"
params
\"
: {
\"
example.com
\"
:
\"
"
+
string
(
TEST_OWN_DATA_DIR
"/example.zone"
)
+
"
\"
}}]"
),
true
);
}
ConfigurableClientList
list
;
Message
response
;
Query
query
;
};
// A wrapper to check resulting response message commonly used in
// tests below.
// check_origin needs to be specified only when the authority section has
// an SOA RR. The interface is not generic enough but should be okay
// for our test cases in practice.
void
responseCheck
(
Message
&
response
,
const
isc
::
dns
::
Rcode
&
rcode
,
unsigned
int
flags
,
const
unsigned
int
ancount
,
const
unsigned
int
nscount
,
const
unsigned
int
arcount
,
const
char
*
const
expected_answer
,
const
char
*
const
expected_authority
,
const
char
*
const
expected_additional
,
const
Name
&
check_origin
=
Name
::
ROOT_NAME
())
{
// In our test cases QID, Opcode, and QDCOUNT should be constant, so
// we don't bother the test cases specifying these values.
headerCheck
(
response
,
response
.
getQid
(),
rcode
,
Opcode
::
QUERY
().
getCode
(),
flags
,
0
,
ancount
,
nscount
,
arcount
);
if
(
expected_answer
!=
NULL
)
{
rrsetsCheck
(
expected_answer
,
response
.
beginSection
(
Message
::
SECTION_ANSWER
),
response
.
endSection
(
Message
::
SECTION_ANSWER
),
check_origin
);
}
if
(
expected_authority
!=
NULL
)
{
rrsetsCheck
(
expected_authority
,
response
.
beginSection
(
Message
::
SECTION_AUTHORITY
),
response
.
endSection
(
Message
::
SECTION_AUTHORITY
),
check_origin
);
}
if
(
expected_additional
!=
NULL
)
{
rrsetsCheck
(
expected_additional
,
response
.
beginSection
(
Message
::
SECTION_ADDITIONAL
),
response
.
endSection
(
Message
::
SECTION_ADDITIONAL
));
}
}
/*
* Test a query under a domain with DNAME. We should get a synthetized CNAME
* as well as the DNAME.
*
* TODO: Once we have CNAME chaining, check it works with synthetized CNAMEs
* as well. This includes tests pointing inside the zone, outside the zone,
* pointing to NXRRSET and NXDOMAIN cases (similarly as with CNAME).
*/
TEST_F
(
InMemoryQueryTest
,
DNAME
)
{
query
.
process
(
list
,
Name
(
"www.dname.example.com"
),
RRType
::
A
(),
response
);
responseCheck
(
response
,
Rcode
::
NOERROR
(),
AA_FLAG
,
2
,
0
,
0
,
(
string
(
dname_txt
)
+
synthetized_cname_txt
).
c_str
(),
NULL
,
NULL
);
}
}
src/bin/auth/tests/testdata/Makefile.am
View file @
53e4c255
...
...
@@ -21,6 +21,7 @@ EXTRA_DIST += simpleresponse_fromWire.spec
EXTRA_DIST
+=
spec.spec
EXTRA_DIST
+=
example.com
EXTRA_DIST
+=
example.zone
EXTRA_DIST
+=
example.sqlite3
.spec.wire
:
...
...
src/bin/auth/tests/testdata/example.zone
0 → 100644
View file @
53e4c255
;;
;; This is a complete (but crafted and somewhat broken) zone file used
;; in query tests.
;;
example.com. 3600 IN SOA . . 0 0 0 0 0
example.com. 3600 IN NS glue.delegation.example.com.
example.com. 3600 IN NS noglue.example.com.
example.com. 3600 IN NS example.net.
example.com. 3600 IN DS 57855 5 1 B6DCD485719ADCA18E5F3D48A2331627FDD3 636B
glue.delegation.example.com. 3600 IN A 192.0.2.153
glue.delegation.example.com. 3600 IN AAAA 2001:db8::53
noglue.example.com. 3600 IN A 192.0.2.53
delegation.example.com. 3600 IN NS glue.delegation.example.com.
delegation.example.com. 3600 IN NS noglue.example.com.
delegation.example.com. 3600 IN NS cname.example.com.
delegation.example.com. 3600 IN NS example.org.
;; Borrowed from the RFC4035
delegation.example.com. 3600 IN DS 57855 5 1 B6DCD485719ADCA18E5F3D48A2331627FDD3 636B
mx.example.com. 3600 IN MX 10 www.example.com.
mx.example.com. 3600 IN MX 20 mailer.example.org.
mx.example.com. 3600 IN MX 30 mx.delegation.example.com.
www.example.com. 3600 IN A 192.0.2.80
cname.example.com. 3600 IN CNAME www.example.com.
cnamenxdom.example.com. 3600 IN CNAME nxdomain.example.com.
;; CNAME Leading out of zone
cnameout.example.com. 3600 IN CNAME www.example.org.
;; The DNAME to do tests against
dname.example.com. 3600 IN DNAME somethinglong.dnametarget.example.com.
;; Some data at the dname node (allowed by RFC 2672)
dname.example.com. 3600 IN A 192.0.2.5
;; The rest of data won't be referenced from the test cases.
cnamemailer.example.com. 3600 IN CNAME www.example.com.
cnamemx.example.com. 3600 IN MX 10 cnamemailer.example.com.
mx.delegation.example.com. 3600 IN A 192.0.2.100
;; Wildcards
*.wild.example.com. 3600 IN A 192.0.2.7
*.wild.example.com. 3600 IN NSEC www.example.com. A NSEC RRSIG
*.cnamewild.example.com. 3600 IN CNAME www.example.org.
*.cnamewild.example.com. 3600 IN NSEC delegation.example.com. CNAME NSEC RRSIG
;; Wildcard_nxrrset
*.uwild.example.com. 3600 IN A 192.0.2.9
*.uwild.example.com. 3600 IN NSEC www.uwild.example.com. A NSEC RRSIG
www.uwild.example.com. 3600 IN A 192.0.2.11
www.uwild.example.com. 3600 IN NSEC *.wild.example.com. A NSEC RRSIG
;; Wildcard empty
b.*.t.example.com. 3600 IN A 192.0.2.13
b.*.t.example.com. 3600 IN NSEC *.uwild.example.com. A NSEC RRSIG
t.example.com. 3600 IN A 192.0.2.15
t.example.com. 3600 IN NSEC b.*.t.example.com. A NSEC RRSIG
;; Used in NXDOMAIN proof test. We are going to test some unusual case where
;; the best possible wildcard is below the "next domain" of the NSEC RR that
;; proves the NXDOMAIN, i.e.,
;; mx.example.com. (exist)
;; (.no.example.com. (qname, NXDOMAIN)
;; ).no.example.com. (exist)
;; *.no.example.com. (best possible wildcard, not exist)
).no.example.com. 3600 IN AAAA 2001:db8::53
;; NSEC records.
example.com. 3600 IN NSEC cname.example.com. NS SOA NSEC RRSIG
mx.example.com. 3600 IN NSEC ).no.example.com. MX NSEC RRSIG
).no.example.com. 3600 IN NSEC nz.no.example.com. AAAA NSEC RRSIG
;; We'll also test the case where a single NSEC proves both NXDOMAIN and the
;; non existence of wildcard. The following records will be used for that
;; test.
;; ).no.example.com. (exist, whose NSEC proves everything)
;; *.no.example.com. (best possible wildcard, not exist)
;; nx.no.example.com. (NXDOMAIN)
;; nz.no.example.com. (exist)
nz.no.example.com. 3600 IN AAAA 2001:db8::5300
nz.no.example.com. 3600 IN NSEC noglue.example.com. AAAA NSEC RRSIG
noglue.example.com. 3600 IN NSEC nonsec.example.com. A
;; NSEC for the normal NXRRSET case
www.example.com. 3600 IN NSEC example.com. A NSEC RRSIG
;; Authoritative data without NSEC
nonsec.example.com. 3600 IN A 192.0.2.0
;; NSEC3 RRs. You may also need to add mapping to MockZoneFinder::hash_map_.
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example.com. 3600 IN NSEC3 1 1 12 aabbccdd 2t7b4g4vsa5smi47k61mv5bv1a22bojr NS SOA NSEC3PARAM RRSIG
0p9mhaveqvm6t7vbl5lop2u3t2rp3tom.example.com. 3600 IN RRSIG NSEC3 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE
q04jkcevqvmu85r014c7dkba38o0ji5r.example.com. 3600 IN NSEC3 1 1 12 aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG
q04jkcevqvmu85r014c7dkba38o0ji5r.example.com. 3600 IN RRSIG NSEC3 5 3 3600 20000101000000 20000201000000 12345 example.com. FAKEFAKEFAKE
;; NSEC3 for wild.example.com (used in wildcard tests, will be added on
;; demand not to confuse other tests)
ji6neoaepv8b5o6k4ev33abha8ht9fgc.example.com. 3600 IN NSEC3 1 1 12 aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en
;; NSEC3 for cnamewild.example.com (used in wildcard tests, will be added on
;; demand not to confuse other tests)
k8udemvp1j2f7eg6jebps17vp3n8i58h.example.com. 3600 IN NSEC3 1 1 12 aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en
;; NSEC3 for *.uwild.example.com (will be added on demand not to confuse
;; other tests)
b4um86eghhds6nea196smvmlo4ors995.example.com. 3600 IN NSEC3 1 1 12 aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG
;; NSEC3 for uwild.example.com. (will be added on demand)
t644ebqk9bibcna874givr6joj62mlhv.example.com. 3600 IN NSEC3 1 1 12 aabbccdd r53bq7cc2uvmubfu5ocmm6pers9tk9en A RRSIG
;; (Secure) delegation data; Delegation with DS record
signed-delegation.example.com. 3600 IN NS ns.example.net.
signed-delegation.example.com. 3600 IN DS 12345 8 2 764501411DE58E8618945054A3F620B36202E115D015A7773F4B78E0F952CECA
;; (Secure) delegation data; Delegation without DS record (and both NSEC
;; and NSEC3 denying its existence)
unsigned-delegation.example.com. 3600 IN NS ns.example.net.
unsigned-delegation.example.com. 3600 IN NSEC unsigned-delegation-optout.example.com. NS RRSIG NSEC
;; This one will be added on demand
q81r598950igr1eqvc60aedlq66425b5.example.com. 3600 IN NSEC3 1 1 12 aabbccdd 0p9mhaveqvm6t7vbl5lop2u3t2rp3tom NS RRSIG
;; Delegation without DS record, and no direct matching NSEC3 record
unsigned-delegation-optout.example.com. 3600 IN NS ns.example.net.
unsigned-delegation-optout.example.com. 3600 IN NSEC *.uwild.example.com. NS RRSIG NSEC
;; (Secure) delegation data; Delegation where the DS lookup will raise an
;; exception.
bad-delegation.example.com. 3600 IN NS ns.example.net.
;; Delegation from an unsigned parent. There's no DS, and there's no NSEC
;; or NSEC3 that proves it.
nosec-delegation.example.com. 3600 IN NS ns.nosec.example.net.
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment