Commit 9a13449f authored by Mukund Sivaraman's avatar Mukund Sivaraman
Browse files

[2165] Remove RRSIG filtering code from getAdditionalAddrs()

Do it in the database data source itself. We also adjust doFindTest()
so that we only check for returned RRSIGs if FIND_DNSSEC option is
specified.  Otherwise we assert that no RRSIGs are returned by find().
parent 2a22df22
......@@ -601,7 +601,8 @@ DatabaseClient::Finder::findWildcardMatch(
DATASRC_DATABASE_WILDCARD_CANCEL_NS).
arg(accessor_->getDBName()).arg(wildcard).
arg(dresult.first_ns->getName());
return (ResultContext(DELEGATION, dresult.first_ns));
return (ResultContext(DELEGATION,
stripRRsigs(dresult.first_ns, options)));
} else if (!hasSubdomains(name.split(i - 1).toText())) {
// The wildcard match is the best one, find the final result
// at it. Note that wildcard should never be the zone origin.
......@@ -637,7 +638,7 @@ DatabaseClient::Finder::findWildcardMatch(
ZoneFinder::ResultContext
DatabaseClient::Finder::logAndCreateResult(
const Name& name, const string* wildname, const RRType& type,
ZoneFinder::Result code, ConstRRsetPtr rrset,
ZoneFinder::Result code, ConstRRsetPtr rrset, const FindOptions options,
const isc::log::MessageID& log_id, FindResultFlags flags) const
{
if (rrset) {
......@@ -661,7 +662,7 @@ DatabaseClient::Finder::logAndCreateResult(
arg(getClass()).arg(*wildname);
}
}
return (ResultContext(code, rrset, flags));
return (ResultContext(code, stripRRsigs(rrset, options), flags));
}
DatabaseClient::Finder::FindDNSSECContext::FindDNSSECContext(
......@@ -809,7 +810,7 @@ DatabaseClient::Finder::findOnNameResult(const Name& name,
// - when we are looking for glue records (FIND_GLUE_OK), or
// - when the query type is DS (which cancels the delegation)
return (logAndCreateResult(name, wildname, type, DELEGATION,
nsi->second,
nsi->second, options,
wild ? DATASRC_DATABASE_WILDCARD_NS :
DATASRC_DATABASE_FOUND_DELEGATION_EXACT,
flags));
......@@ -825,7 +826,8 @@ DatabaseClient::Finder::findOnNameResult(const Name& name,
cni->second->getRdataCount() << " rdata at " << name <<
", expected 1");
}
return (logAndCreateResult(name, wildname, type, CNAME, cni->second,
return (logAndCreateResult(name, wildname, type, CNAME,
cni->second, options,
wild ? DATASRC_DATABASE_WILDCARD_CNAME :
DATASRC_DATABASE_FOUND_CNAME,
flags));
......@@ -838,7 +840,7 @@ DatabaseClient::Finder::findOnNameResult(const Name& name,
it != found.second.end(); ++it) {
if (it->second) {
// Skip over the empty ANY
target->push_back(it->second);
target->push_back(stripRRsigs(it->second, options));
}
}
if (wild) {
......@@ -866,7 +868,8 @@ DatabaseClient::Finder::findOnNameResult(const Name& name,
// includes the case where we were explicitly querying for a CNAME and
// found it. It also includes the case where we were querying for an
// NS RRset and found it at the apex of the zone.)
return (ResultContext(SUCCESS, wti->second, flags));
return (ResultContext(SUCCESS, stripRRsigs(wti->second, options),
flags));
}
// If we get here, we have found something at the requested name but not
......@@ -881,11 +884,13 @@ DatabaseClient::Finder::findOnNameResult(const Name& name,
if (dnssec_rrset) {
// This log message covers both normal and wildcard cases, so we pass
// NULL for 'wildname'.
return (logAndCreateResult(name, NULL, type, NXRRSET, dnssec_rrset,
return (logAndCreateResult(name, NULL, type, NXRRSET,
dnssec_rrset, options,
DATASRC_DATABASE_FOUND_NXRRSET_NSEC,
flags | RESULT_NSEC_SIGNED));
}
return (logAndCreateResult(name, wildname, type, NXRRSET, dnssec_rrset,
return (logAndCreateResult(name, wildname, type, NXRRSET,
dnssec_rrset, options,
wild ? DATASRC_DATABASE_WILDCARD_NXRRSET :
DATASRC_DATABASE_FOUND_NXRRSET,
flags | dnssec_ctx.getResultFlags()));
......@@ -964,7 +969,8 @@ DatabaseClient::Finder::findInternal(const Name& name, const RRType& type,
const DelegationSearchResult dresult = findDelegationPoint(name, options);
if (dresult.rrset) {
// In this case no special flags are needed.
return (ResultContext(dresult.code, dresult.rrset));
return (ResultContext(dresult.code,
stripRRsigs(dresult.rrset, options)));
}
// If there is no delegation, look for the exact match to the request
......
......@@ -1336,6 +1336,7 @@ public:
const isc::dns::RRType& type,
ZoneFinder::Result code,
isc::dns::ConstRRsetPtr rrset,
const FindOptions options,
const isc::log::MessageID& log_id,
FindResultFlags flags) const;
......
......@@ -1711,17 +1711,22 @@ doFindTest(ZoneFinder& finder,
checkRRset(result->rrset, expected_name != Name(".") ? expected_name :
name, finder.getClass(), expected_type, expected_ttl,
expected_rdatas);
if (!expected_sig_rdatas.empty() && result->rrset->getRRsig()) {
checkRRset(result->rrset->getRRsig(), expected_name != Name(".") ?
expected_name : name, finder.getClass(),
isc::dns::RRType::RRSIG(), expected_ttl,
expected_sig_rdatas);
} else if (expected_sig_rdatas.empty()) {
if ((options & ZoneFinder::FIND_DNSSEC) == ZoneFinder::FIND_DNSSEC) {
if (!expected_sig_rdatas.empty() && result->rrset->getRRsig()) {
checkRRset(result->rrset->getRRsig(),
expected_name != Name(".") ? expected_name : name,
finder.getClass(),
isc::dns::RRType::RRSIG(), expected_ttl,
expected_sig_rdatas);
} else if (expected_sig_rdatas.empty()) {
EXPECT_EQ(isc::dns::RRsetPtr(), result->rrset->getRRsig()) <<
"Unexpected RRSIG: " << result->rrset->getRRsig()->toText();
} else {
ADD_FAILURE() << "Missing RRSIG";
}
} else if (result->rrset->getRRsig()) {
EXPECT_EQ(isc::dns::RRsetPtr(), result->rrset->getRRsig()) <<
"Unexpected RRSIG: " << result->rrset->getRRsig()->toText();
} else {
ADD_FAILURE() << "Missing RRSIG";
}
} else if (expected_rdatas.empty()) {
EXPECT_EQ(isc::dns::RRsetPtr(), result->rrset) <<
......
......@@ -47,8 +47,7 @@ getAdditionalAddrs(ZoneFinder& finder, const Name& name,
BOOST_FOREACH(RRType rrtype, requested_types) {
ConstZoneFinderContextPtr ctx = finder.find(name, rrtype, options);
if (ctx->code == ZoneFinder::SUCCESS) {
result_rrsets.push_back(ZoneFinder::stripRRsigs(ctx->rrset,
options));
result_rrsets.push_back(ctx->rrset);
}
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment