Commit 717d6192 authored by Mukund Sivaraman's avatar Mukund Sivaraman
Browse files

Merge branch 'master' into trac2435_2

Conflicts:
	src/lib/datasrc/zone.h
	src/lib/python/isc/datasrc/updater_inc.cc
parents 10fece1a 4c4e2711
561. [bug] kambe, jelte
b10-stats-httpd no longer dumps request information to the console,
but uses the bind10 logging system. Additionally, the logging
identifiers have been changed from STATHTTPD_* to STATSHTTPD_*
(Trac #1897, git 93716b025a4755a8a2cbf250a9e4187741dbc9bb)
560. [bug] jinmei
b10-auth now sets the TTL of SOA RR for negative responses to
the minimum of the RR TTL and the minimum TTL of the SOA RDATA
as specified in RFC2308; previously the RR TTL was always used.
The ZoneFinder class was extended partly for implementing this
and partly for allowing further optimization.
(Trac #2309 and #2635, git ee17e979fcde48b59d91c74ac368244169065f3b)
559. [bug] jelte
b10-cmdctl no longer aborts on basic file issues with its https
certificate or private key file. It performs additional checks, and
provides better error logs if these fail. Additionally, bindctl
provides a better error report if it is unable to connect over
https connection. This issue could occur if BIND 10 was installed
with root privileges but then started as a normal user.
(Trac #2595, git 09b1a2f927483b407d70e98f5982f424cc872149)
558. [func] marcin
b10-dhcp4: server now adds configured options to its
responses to a client when client requests them.
A few basic options: Routers, Domain Name, Domain
Name Servers and Subnet Mask are added regardless
if client requested them or not.
(Trac #2591, git aeec2dc1b9c511d17971ac63138576c37e7c5164)
557. [doc] stephen
Update DHCP sections of the BIND 10 guide.
(Trac #2642, git e5faeb5fa84b7218fde486347359504cf692510e)
556. [bug] marcin
Fixed DHCP servers configuration whereby the servers did not
receive a configuration stored in the database on their startup.
Also, the configuration handler function now uses full configuration
instead of partial to configure the server. This guarantees that
dependencies between various configuration parameters are
fulfilled.
(Trac #2637, git 91aa998226f1f91a232f2be59a53c9568c4ece77)
555. [func] marcin
The encapsulated option space name can be specified for
a DHCP option. It comprises sub-options being sent within
an option that encapsulates this option space.
(Trac #2314, git 27e6119093723a1e46a239ec245a8b4b10677635)
554. [func] jinmei
b10-loadzone: improved completion log message and intermediate
reports: It now logs the precise number of loaded RRs on
completion, and intermediate reports show additional information
such as the estimated progress in percentage and estimated time
to complete.
(Trac #2574, git 5b8a824054313bdecb8988b46e55cb2e94cb2d6c)
553. [func] stephen
Values of the parameters to access the DHCP server lease database
can now be set through the BIND 10 configuration mechanism.
(Trac #2559, git 6c6f405188cc02d2358e114c33daff58edabd52a)
552. [bug] shane
Build on Raspberry PI.
The main issue was use of char for reading from input streams,
which is incorrect, as EOF is returned as an int -1, which would
then get cast into a char -1.
A number of other minor issues were also fixed.
(Trac #2571, git 525333e187cc4bbbbde288105c9582c1024caa4a)
551. [bug] shane
Kill msgq if we cannot connect to it on startup.
When the boss process was unable to connect to the msgq, it would
exit. However, it would leave the msgq process running. This has
been fixed, and the msgq is now stopped in this case.
(Trac #2608, git 016925ef2437e0396127e135c937d3a55539d224)
550. [func] tomek
b10-dhcp4: The DHCPv4 server now generates a server identifier
the first time it is run. The identifier is preserved in a file
across server restarts.
b10-dhcp6: The server identifier is now preserved in a file across
server restarts.
(Trac #2597, git fa342a994de5dbefe32996be7eebe58f6304cff7)
549. [func] tomek
b10-dhcp6: It is now possible to specify that a configured subnet
is reachable locally over specified interface (see "interface"
parameter in Subnet6 configuration).
(Trac #2596, git a70f6172194a976b514cd7d67ce097bbca3c2798)
548. [func] vorner
The message queue daemon now appears on the bus. This has two
effects, one is it obeys logging configuration and logs to the
correct place like the rest of the modules. The other is it
appears in bindctl as module (but it doesn't have any commands or
configuration yet).
(Trac #2582, git ced31d8c5a0f2ca930b976d3caecfc24fc04634e)
547. [func]* vorner
The b10-loadzone now performs more thorough sanity check on the
loaded data. Some of the checks are now fatal and zone failing
them will be rejected.
(Trac #2436, git 48d999f1cb59f308f9f30ba2639521d2a5a85baa)
546. [func] marcin
DHCP option definitions can be now created using the
......@@ -32,8 +133,8 @@
543. [func]* jelte
When calling getFullConfig() as a module, , the configuration is now
returned as properly-structured JSON. Previously, the structure had
been flattened, with all data being labelled by fully-qualified element
names.
been flattened, with all data being labelled by fully-qualified
element names.
(Trac #2619, git bed3c88c25ea8f7e951317775e99ebce3340ca22)
542. [func] marcin
......@@ -97,7 +198,7 @@
compile-time option --enable-debug.
(Trac #1081, git db55f102b30e76b72b134cbd77bd183cd01f95c0)
534. [func]* vorner
534. [func]* vorner
The b10-msgq now uses the same logging format as the rest
of the system. However, it still doesn't obey the common
configuration, as due to technical issues it is not able
......@@ -2694,7 +2795,7 @@ bind10-devel-20110224 released on February 24, 2011
(Trac #496, git b9296ca023cc9e76cda48a7eeebb0119166592c5)
160. [func] jelte
Updated the resolver to take 3 different timeout values;
Updated the resolver to take 3 different timeout values;
timeout_query for outstanding queries we sent while resolving
timeout_client for sending an answer back to the client
timeout_lookup for stopping the resolving
......@@ -2873,7 +2974,7 @@ bind10-devel-20110120 released on January 20, 2011
(Trac #226, svn r3989)
136. [bug] jelte
bindctl (and the configuration manager in general) now no longer
bindctl (and the configuration manager in general) now no longer
accepts 'unknown' data; i.e. data for modules that it does not know
about, or configuration items that are not specified in the .spec
files.
......@@ -3115,7 +3216,7 @@ bind10-devel-20100917 released on September 17, 2010
(Trac #342, svn r2949)
94. [bug] jelte
bin/xfrout: Fixed a problem in xfrout where only 2 or 3 RRs
bin/xfrout: Fixed a problem in xfrout where only 2 or 3 RRs
were used per DNS message in the xfrout stream.
(Trac #334, r2931)
......@@ -3249,7 +3350,7 @@ bind10-devel-20100812 released on August 12, 2010
module. (Trac #275, r2459)
73. [bug] jelte
Fixed a bug where in bindctl, locally changed settings were
Fixed a bug where in bindctl, locally changed settings were
reset when the list of running modules is updated. (Trac #285,
r2452)
......@@ -3260,11 +3361,11 @@ bind10-devel-20100812 released on August 12, 2010
known such platform. (Trac #148, r2427)
71. [func] each
Add "-a" (address) option to bind10 to specify an address for
Add "-a" (address) option to bind10 to specify an address for
the auth server to listen on.
70. [func] each
Added a hot-spot cache to libdatasrc to speed up access to
Added a hot-spot cache to libdatasrc to speed up access to
repeatedly-queried data and reduce the number of queries to
the underlying database; this should substantially improve
performance. Also added a "-n" ("no cache") option to
......
......@@ -232,7 +232,7 @@ AM_CONDITIONAL(SET_ENV_LIBRARY_PATH, test $SET_ENV_LIBRARY_PATH = yes)
AC_SUBST(SET_ENV_LIBRARY_PATH)
AC_SUBST(ENV_LIBRARY_PATH)
m4_define([_AM_PYTHON_INTERPRETER_LIST], [python python3.2 python3.1 python3])
m4_define([_AM_PYTHON_INTERPRETER_LIST], [python python3.3 python3.2 python3.1 python3])
AC_ARG_WITH([pythonpath],
AC_HELP_STRING([--with-pythonpath=PATH],
[specify an absolute path to python executable when automatic version check (incorrectly) fails]),
......@@ -282,7 +282,10 @@ AC_SUBST(PYTHON_LOGMSGPKG_DIR)
# This is python package paths commonly used in python tests. See
# README of log_messages for why it's included.
COMMON_PYTHON_PATH="\$(abs_top_builddir)/src/lib/python/isc/log_messages:\$(abs_top_srcdir)/src/lib/python:\$(abs_top_builddir)/src/lib/python"
# lib/dns/python/.libs is necessary because __init__.py of isc package
# automatically imports isc.datasrc, which then requires the DNS loadable
# module. #2145 should eliminate the need for it.
COMMON_PYTHON_PATH="\$(abs_top_builddir)/src/lib/python/isc/log_messages:\$(abs_top_srcdir)/src/lib/python:\$(abs_top_builddir)/src/lib/python:\$(abs_top_builddir)/src/lib/dns/python/.libs"
AC_SUBST(COMMON_PYTHON_PATH)
# Check for python development environments
......@@ -1214,6 +1217,8 @@ AC_CONFIG_FILES([Makefile
src/lib/python/isc/server_common/tests/Makefile
src/lib/python/isc/sysinfo/Makefile
src/lib/python/isc/sysinfo/tests/Makefile
src/lib/python/isc/statistics/Makefile
src/lib/python/isc/statistics/tests/Makefile
src/lib/config/Makefile
src/lib/config/tests/Makefile
src/lib/config/tests/testdata/Makefile
......
This diff is collapsed.
......@@ -101,8 +101,11 @@ Query::ResponseCreator::create(Message& response,
void
Query::addSOA(ZoneFinder& finder) {
ZoneFinderContextPtr soa_ctx = finder.find(finder.getOrigin(),
RRType::SOA(), dnssec_opt_);
// This method is always called in finding SOA for a negative response,
// so we specify the use of min(RRTTL, SOA MINTTL) as specified in
// Section 3 of RFC2308.
ZoneFinderContextPtr soa_ctx = finder.findAtOrigin(RRType::SOA(), true,
dnssec_opt_);
if (soa_ctx->code != ZoneFinder::SUCCESS) {
isc_throw(NoSOA, "There's no SOA record in zone " <<
finder.getOrigin().toText());
......@@ -318,11 +321,9 @@ void
Query::addAuthAdditional(ZoneFinder& finder,
vector<ConstRRsetPtr>& additionals)
{
const Name& origin = finder.getOrigin();
// Fill in authority and addtional sections.
ConstZoneFinderContextPtr ns_context = finder.find(origin, RRType::NS(),
dnssec_opt_);
ConstZoneFinderContextPtr ns_context =
finder.findAtOrigin(RRType::NS(), false, dnssec_opt_);
// zone origin name should have NS records
if (ns_context->code != ZoneFinder::SUCCESS) {
......
......@@ -328,7 +328,8 @@ TEST_F(DataSrcClientsBuilderTest,
{
// Prepare the database first
const std::string test_db = TEST_DATA_BUILDDIR "/auth_test.sqlite3.copied";
std::stringstream ss("example.org. 3600 IN SOA . . 0 0 0 0 0\n");
std::stringstream ss("example.org. 3600 IN SOA . . 0 0 0 0 0\n"
"example.org. 3600 IN NS ns1.example.org.\n");
createSQLite3DB(rrclass, Name("example.org"), test_db.c_str(), ss);
// This describes the data source in the configuration
const ConstElementPtr config(Element::fromJSON("{"
......
......@@ -90,6 +90,10 @@ private:
#include <auth/tests/example_base_inc.cc>
#include <auth/tests/example_nsec3_inc.cc>
// This SOA is used in negative responses; its RRTTL is set to SOA's MINTTL
const char* const soa_minttl_txt =
"example.com. 0 IN SOA . . 1 0 0 0 0\n";
// This is used only in one pathological test case.
const char* const zone_ds_txt =
"example.com. 3600 IN DS 57855 5 1 "
......@@ -1207,7 +1211,7 @@ TEST_P(QueryTest, nodomainANY) {
EXPECT_NO_THROW(query.process(*list_, Name("nxdomain.example.com"),
RRType::ANY(), response));
responseCheck(response, Rcode::NXDOMAIN(), AA_FLAG, 0, 1, 0,
NULL, soa_txt, NULL, mock_finder->getOrigin());
NULL, soa_minttl_txt, NULL, mock_finder->getOrigin());
}
// This tests that when we need to look up Zone's apex NS records for
......@@ -1345,7 +1349,7 @@ TEST_P(QueryTest, nxdomain) {
Name("nxdomain.example.com"), qtype,
response));
responseCheck(response, Rcode::NXDOMAIN(), AA_FLAG, 0, 1, 0,
NULL, soa_txt, NULL, mock_finder->getOrigin());
NULL, soa_minttl_txt, NULL, mock_finder->getOrigin());
}
TEST_P(QueryTest, nxdomainWithNSEC) {
......@@ -1356,8 +1360,8 @@ TEST_P(QueryTest, nxdomainWithNSEC) {
Name("nxdomain.example.com"), qtype,
response, true));
responseCheck(response, Rcode::NXDOMAIN(), AA_FLAG, 0, 6, 0,
NULL, (string(soa_txt) +
string("example.com. 3600 IN RRSIG ") +
NULL, (string(soa_minttl_txt) +
string("example.com. 0 IN RRSIG ") +
getCommonRRSIGText("SOA") + "\n" +
string(nsec_nxdomain_txt) + "\n" +
string("noglue.example.com. 3600 IN RRSIG ") +
......@@ -1382,8 +1386,8 @@ TEST_P(QueryTest, nxdomainWithNSEC2) {
query.process(*list_, Name("(.no.example.com"), qtype, response,
true);
responseCheck(response, Rcode::NXDOMAIN(), AA_FLAG, 0, 6, 0,
NULL, (string(soa_txt) +
string("example.com. 3600 IN RRSIG ") +
NULL, (string(soa_minttl_txt) +
string("example.com. 0 IN RRSIG ") +
getCommonRRSIGText("SOA") + "\n" +
string(nsec_mx_txt) + "\n" +
string("mx.example.com. 3600 IN RRSIG ") +
......@@ -1407,8 +1411,8 @@ TEST_P(QueryTest, nxdomainWithNSECDuplicate) {
query.process(*list_, Name("nx.no.example.com"), qtype, response,
true);
responseCheck(response, Rcode::NXDOMAIN(), AA_FLAG, 0, 4, 0,
NULL, (string(soa_txt) +
string("example.com. 3600 IN RRSIG ") +
NULL, (string(soa_minttl_txt) +
string("example.com. 0 IN RRSIG ") +
getCommonRRSIGText("SOA") + "\n" +
string(nsec_no_txt) + "\n" +
string(").no.example.com. 3600 IN RRSIG ") +
......@@ -1474,8 +1478,8 @@ TEST_F(QueryTestForMockOnly, nxdomainBadNSEC5) {
query.process(*list_, Name("nxdomain.example.com"), qtype,
response, true);
responseCheck(response, Rcode::NXDOMAIN(), AA_FLAG, 0, 6, 0,
NULL, (string(soa_txt) +
string("example.com. 3600 IN RRSIG ") +
NULL, (string(soa_minttl_txt) +
string("example.com. 0 IN RRSIG ") +
getCommonRRSIGText("SOA") + "\n" +
string(nsec_nxdomain_txt) + "\n" +
string("noglue.example.com. 3600 IN RRSIG ") +
......@@ -1503,7 +1507,7 @@ TEST_P(QueryTest, nxrrset) {
RRType::TXT(), response));
responseCheck(response, Rcode::NOERROR(), AA_FLAG, 0, 1, 0,
NULL, soa_txt, NULL, mock_finder->getOrigin());
NULL, soa_minttl_txt, NULL, mock_finder->getOrigin());
}
TEST_P(QueryTest, nxrrsetWithNSEC) {
......@@ -1513,7 +1517,8 @@ TEST_P(QueryTest, nxrrsetWithNSEC) {
response, true);
responseCheck(response, Rcode::NOERROR(), AA_FLAG, 0, 4, 0, NULL,
(string(soa_txt) + string("example.com. 3600 IN RRSIG ") +
(string(soa_minttl_txt) +
string("example.com. 0 IN RRSIG ") +
getCommonRRSIGText("SOA") + "\n" +
string(nsec_www_txt) + "\n" +
string("www.example.com. 3600 IN RRSIG ") +
......@@ -1534,7 +1539,8 @@ TEST_P(QueryTest, emptyNameWithNSEC) {
response, true);
responseCheck(response, Rcode::NOERROR(), AA_FLAG, 0, 4, 0, NULL,
(string(soa_txt) + string("example.com. 3600 IN RRSIG ") +
(string(soa_minttl_txt) +
string("example.com. 0 IN RRSIG ") +
getCommonRRSIGText("SOA") + "\n" +
string(nsec_mx_txt) + "\n" +
string("mx.example.com. 3600 IN RRSIG ") +
......@@ -1550,7 +1556,8 @@ TEST_P(QueryTest, nxrrsetWithoutNSEC) {
response, true);
responseCheck(response, Rcode::NOERROR(), AA_FLAG, 0, 2, 0, NULL,
(string(soa_txt) + string("example.com. 3600 IN RRSIG ") +
(string(soa_minttl_txt) +
string("example.com. 0 IN RRSIG ") +
getCommonRRSIGText("SOA") + "\n").c_str(),
NULL, mock_finder->getOrigin());
}
......@@ -1706,7 +1713,8 @@ TEST_P(QueryTest, wildcardNxrrsetWithDuplicateNSEC) {
response, true);
responseCheck(response, Rcode::NOERROR(), AA_FLAG, 0, 4, 0, NULL,
(string(soa_txt) + string("example.com. 3600 IN RRSIG ") +
(string(soa_minttl_txt) +
string("example.com. 0 IN RRSIG ") +
getCommonRRSIGText("SOA") + "\n" +
string(nsec_wild_txt) +
string("*.wild.example.com. 3600 IN RRSIG ") +
......@@ -1729,7 +1737,8 @@ TEST_P(QueryTest, wildcardNxrrsetWithNSEC) {
RRType::TXT(), response, true);
responseCheck(response, Rcode::NOERROR(), AA_FLAG, 0, 6, 0, NULL,
(string(soa_txt) + string("example.com. 3600 IN RRSIG ") +
(string(soa_minttl_txt) +
string("example.com. 0 IN RRSIG ") +
getCommonRRSIGText("SOA") + "\n" +
string(nsec_wild_txt_nxrrset) +
string("*.uwild.example.com. 3600 IN RRSIG ") +
......@@ -1753,7 +1762,8 @@ TEST_P(QueryTest, wildcardNxrrsetWithNSEC3) {
responseCheck(response, Rcode::NOERROR(), AA_FLAG, 0, 8, 0, NULL,
// SOA + its RRSIG
(string(soa_txt) + string("example.com. 3600 IN RRSIG ") +
(string(soa_minttl_txt) +
string("example.com. 0 IN RRSIG ") +
getCommonRRSIGText("SOA") + "\n" +
// NSEC3 for the closest encloser + its RRSIG
string(nsec3_uwild_txt) +
......@@ -1816,7 +1826,8 @@ TEST_P(QueryTest, wildcardEmptyWithNSEC) {
response, true);
responseCheck(response, Rcode::NOERROR(), AA_FLAG, 0, 6, 0, NULL,
(string(soa_txt) + string("example.com. 3600 IN RRSIG ") +
(string(soa_minttl_txt) +
string("example.com. 0 IN RRSIG ") +
getCommonRRSIGText("SOA") + "\n" +
string(nsec_empty_prev_txt) +
string("t.example.com. 3600 IN RRSIG ") +
......@@ -2043,7 +2054,7 @@ TEST_P(QueryTest, DNAME_NX_RRSET) {
RRType::TXT(), response));
responseCheck(response, Rcode::NOERROR(), AA_FLAG, 0, 1, 0,
NULL, soa_txt, NULL, mock_finder->getOrigin());
NULL, soa_minttl_txt, NULL, mock_finder->getOrigin());
}
/*
......@@ -2307,8 +2318,8 @@ TEST_P(QueryTest, dsAboveDelegationNoData) {
RRType::DS(), response, true));
responseCheck(response, Rcode::NOERROR(), AA_FLAG, 0, 4, 0, NULL,
(string(soa_txt) +
string("example.com. 3600 IN RRSIG ") +
(string(soa_minttl_txt) +
string("example.com. 0 IN RRSIG ") +
getCommonRRSIGText("SOA") + "\n" +
string(unsigned_delegation_nsec_txt) +
"unsigned-delegation.example.com. 3600 IN RRSIG " +
......@@ -2324,7 +2335,8 @@ TEST_P(QueryTest, dsBelowDelegation) {
RRType::DS(), response, true));
responseCheck(response, Rcode::NOERROR(), AA_FLAG, 0, 4, 0, NULL,
(string(soa_txt) + string("example.com. 3600 IN RRSIG ") +
(string(soa_minttl_txt) +
string("example.com. 0 IN RRSIG ") +
getCommonRRSIGText("SOA") + "\n" +
string(nsec_apex_txt) + "\n" +
string("example.com. 3600 IN RRSIG ") +
......@@ -2342,7 +2354,8 @@ TEST_P(QueryTest, dsBelowDelegationWithDS) {
RRType::DS(), response, true));
responseCheck(response, Rcode::NOERROR(), AA_FLAG, 0, 2, 0, NULL,
(string(soa_txt) + string("example.com. 3600 IN RRSIG ") +
(string(soa_minttl_txt) +
string("example.com. 0 IN RRSIG ") +
getCommonRRSIGText("SOA")).c_str(), NULL,
mock_finder->getOrigin());
}
......@@ -2382,9 +2395,10 @@ TEST_F(QueryTestForMockOnly, dsAtGrandParentAndChild) {
memory_client.addZone(ZoneFinderPtr(
new AlternateZoneFinder(childname)));
query.process(*list_, childname, RRType::DS(), response, true);
// Note that RR TTL of SOA and its RRSIG are set to SOA MINTTL, 0
responseCheck(response, Rcode::NOERROR(), AA_FLAG, 0, 4, 0, NULL,
(childname.toText() + " 3600 IN SOA . . 0 0 0 0 0\n" +
childname.toText() + " 3600 IN RRSIG " +
(childname.toText() + " 0 IN SOA . . 0 0 0 0 0\n" +
childname.toText() + " 0 IN RRSIG " +
getCommonRRSIGText("SOA") + "\n" +
childname.toText() + " 3600 IN NSEC " +
childname.toText() + " SOA NSEC RRSIG\n" +
......@@ -2404,9 +2418,10 @@ TEST_F(QueryTestForMockOnly, dsAtRoot) {
new AlternateZoneFinder(Name::ROOT_NAME())));
query.process(*list_, Name::ROOT_NAME(), RRType::DS(), response,
true);
// Note that RR TTL of SOA and its RRSIG are set to SOA MINTTL, 0
responseCheck(response, Rcode::NOERROR(), AA_FLAG, 0, 4, 0, NULL,
(string(". 3600 IN SOA . . 0 0 0 0 0\n") +
". 3600 IN RRSIG " + getCommonRRSIGText("SOA") + "\n" +
(string(". 0 IN SOA . . 0 0 0 0 0\n") +
". 0 IN RRSIG " + getCommonRRSIGText("SOA") + "\n" +
". 3600 IN NSEC " + ". SOA NSEC RRSIG\n" +
". 3600 IN RRSIG " +
getCommonRRSIGText("NSEC")).c_str(), NULL);
......@@ -2443,7 +2458,8 @@ TEST_P(QueryTest, nxrrsetWithNSEC3) {
response, true);
responseCheck(response, Rcode::NOERROR(), AA_FLAG, 0, 4, 0, NULL,
(string(soa_txt) + string("example.com. 3600 IN RRSIG ") +
(string(soa_minttl_txt) +
string("example.com. 0 IN RRSIG ") +
getCommonRRSIGText("SOA") + "\n" +
string(nsec3_www_txt) + "\n" +
nsec3_hash_.calculate(Name("www.example.com.")) +
......@@ -2478,7 +2494,8 @@ TEST_P(QueryTest, nxrrsetWithNSEC3_ds_exact) {
query.process(*list_, Name("unsigned-delegation.example.com."),
RRType::DS(), response, true);
responseCheck(response, Rcode::NOERROR(), AA_FLAG, 0, 4, 0, NULL,
(string(soa_txt) + string("example.com. 3600 IN RRSIG ") +
(string(soa_minttl_txt) +
string("example.com. 0 IN RRSIG ") +
getCommonRRSIGText("SOA") + "\n" +
string(unsigned_delegation_nsec3_txt) + "\n" +
nsec3_hash_.calculate(
......@@ -2500,7 +2517,8 @@ TEST_P(QueryTest, nxrrsetWithNSEC3_ds_no_exact) {
query.process(*list_, Name("unsigned-delegation-optout.example.com."),
RRType::DS(), response, true);
responseCheck(response, Rcode::NOERROR(), AA_FLAG, 0, 6, 0, NULL,
(string(soa_txt) + string("example.com. 3600 IN RRSIG ") +
(string(soa_minttl_txt) +
string("example.com. 0 IN RRSIG ") +
getCommonRRSIGText("SOA") + "\n" +
string(nsec3_apex_txt) + "\n" +
nsec3_hash_.calculate(Name("example.com.")) +
......@@ -2528,8 +2546,8 @@ TEST_P(QueryTest, nxdomainWithNSEC3Proof) {
response, true);
responseCheck(response, Rcode::NXDOMAIN(), AA_FLAG, 0, 8, 0, NULL,
// SOA + its RRSIG
(string(soa_txt) +
string("example.com. 3600 IN RRSIG ") +
(string(soa_minttl_txt) +
string("example.com. 0 IN RRSIG ") +
getCommonRRSIGText("SOA") + "\n" +
// NSEC3 for the closest encloser + its RRSIG
string(nsec3_apex_txt) + "\n" +
......
......@@ -491,6 +491,8 @@ class BoB:
# if we have been trying for "a while" give up
if (time.time() - cc_connect_start) > self.msgq_timeout:
if msgq_proc.process:
msgq_proc.process.kill()
logger.error(BIND10_CONNECTING_TO_CC_FAIL)
raise CChannelConnectError("Unable to connect to c-channel after 5 seconds")
......
......@@ -39,6 +39,7 @@ import csv
import pwd
import getpass
import copy
import errno
try:
from collections import OrderedDict
......@@ -123,6 +124,11 @@ class BindCmdInterpreter(Cmd):
self.csv_file_dir = pwd.getpwnam(getpass.getuser()).pw_dir + \
os.sep + '.bind10' + os.sep
def _print(self, *args):
'''Simple wrapper around calls to print that can be overridden in
unit tests.'''
print(*args)
def _get_session_id(self):
'''Generate one session id for the connection. '''
rand = os.urandom(16)
......@@ -150,19 +156,19 @@ WARNING: Python readline module isn't available, so the command line editor
return 1
self.cmdloop()
print('\nExit from bindctl')
self._print('\nExit from bindctl')
return 0
except FailToLogin as err:
# error already printed when this was raised, ignoring
return 1
except KeyboardInterrupt:
print('\nExit from bindctl')
self._print('\nExit from bindctl')
return 0
except socket.error as err:
print('Failed to send request, the connection is closed')
self._print('Failed to send request, the connection is closed')
return 1
except http.client.CannotSendRequest:
print('Can not send request, the connection is busy')
self._print('Can not send request, the connection is busy')
return 1
def _get_saved_user_info(self, dir, file_name):
......@@ -181,7 +187,8 @@ WARNING: Python readline module isn't available, so the command line editor
for row in users_info:
users.append([row[0], row[1]])
except (IOError, IndexError) as err:
print("Error reading saved username and password from %s%s: %s" % (dir, file_name, err))
self._print("Error reading saved username and password "
"from %s%s: %s" % (dir, file_name, err))
finally:
if csvfile:
csvfile.close()
......@@ -201,12 +208,48 @@ WARNING: Python readline module isn't available, so the command line editor
writer.writerow([username, passwd])
csvfile.close()
except IOError as err:
print("Error saving user information:", err)
print("user info file name: %s%s" % (dir, file_name))
self._print("Error saving user information:", err)
self._print("user info file name: %s%s" % (dir, file_name))
return False
return True
def __print_check_ssl_msg(self):
self._print("Please check the logs of b10-cmdctl, there may "
"be a problem accepting SSL connections, such "
"as a permission problem on the server "
"certificate file.")
def _try_login(self, username, password):
'''
Attempts to log in to cmdctl by sending a POST with
the given username and password.
On success of the POST (mind, not the login, only the network
operation), returns a tuple (response, data).
On failure, raises a FailToLogin exception, and prints some
information on the failure.
This call is essentially 'private', but made 'protected' for
easier testing.
'''
param = {'username': username, 'password' : password}
try:
response = self.send_POST('/login', param)
data = response.read().decode()
# return here (will raise error after try block)
return (response, data)
except ssl.SSLError as err:
self._print("SSL error while sending login information: ", err)
if err.errno == ssl.SSL_ERROR_EOF:
self.__print_check_ssl_msg()
except socket.error as err:
self._print("Socket error while sending login information: ", err)
# An SSL setup error can also bubble up as a plain CONNRESET...
# (on some systems it usually does)
if err.errno == errno.ECONNRESET:
self.__print_check_ssl_msg()
pass
raise FailToLogin()
def login_to_cmdctl(self):
'''Login to cmdctl with the username and password given by
the user. After the login is sucessful, the username and
......@@ -217,41 +260,30 @@ WARNING: Python readline module isn't available, so the command line editor
# Look at existing username/password combinations and try to log in
users = self._get_saved_user_info(self.csv_file_dir, CSV_FILE_NAME)
for row in users:
param = {'username': row[0], 'password' : row[1]}
try:
response = self.send_POST('/login', param)
data = response.read().decode()
except socket.error as err:
print("Socket error while sending login information:", err)
raise FailToLogin()
response, data = self._try_login(row[0], row[1])
if response.status == http.client.OK:
# Is interactive?
if sys.stdin.isatty():
print(data + ' login as ' + row[0])
self._print(data + ' login as ' + row[0])
return True
# No valid logins were found, prompt the user for a username/password
count = 0
print('No stored password file found, please see sections '
self._print('No stored password file found, please see sections '
'"Configuration specification for b10-cmdctl" and "bindctl '
'command-line options" of the BIND 10 guide.')
while True:
count = count + 1
if count > 3:
print("Too many authentication failures")
self._print("Too many authentication failures")
return False