Add system tests for "tcp-self" update-policy

diff --git a/CHANGES b/CHANGES
index 6c985e47c8a3e32431ad77881bb3a477fb098ea2..19a39a494906843b560cbe6363b9fb6fb2d09401 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+4995.  [test]          Add tests for "tcp-self" update policy. [GL !282]
+
 4994.  [bug]           Trust anchor telemetry queries were not being sent
                        upstream for locally served zones. [GL #392]
 

diff --git a/bin/tests/system/nsupdate/clean.sh b/bin/tests/system/nsupdate/clean.sh
index 7975532f8ec0bfefe1890d2f1be79290d6b9491f..b8245df4575d97706763eeae6d2357be07dcce9d 100644 (file)
--- a/bin/tests/system/nsupdate/clean.sh
+++ b/bin/tests/system/nsupdate/clean.sh
@@ -39,6 +39,7 @@ rm -f ns3/many.test.bk
 rm -f ns3/nsec3param.test.db
 rm -f ns3/too-big.test.db
 rm -f ns5/local.db
+rm -f ns6/in-addr.db
 rm -f nsupdate.out*
 rm -f typelist.out.*
 rm -f ns1/sample.db

diff --git a/bin/tests/system/nsupdate/ns5/named.args b/bin/tests/system/nsupdate/ns5/named.args
index 5d520debe17c090ad1eec450ab9a4ff41d0970ad..49cb45ebe6b48dfa8136c3a6807cfc0e1553efa2 100644 (file)
--- a/bin/tests/system/nsupdate/ns5/named.args
+++ b/bin/tests/system/nsupdate/ns5/named.args
@@ -1 +1 @@
--m record,size,mctx -T clienttest -c named.conf -d 99 -X named.lock -g -U 4 -T fixedlocal
+-D nsupdate-ns5 -m record,size,mctx -T clienttest -c named.conf -d 99 -X named.lock -g -U 4 -T fixedlocal

diff --git a/bin/tests/system/nsupdate/ns6/in-addr.db.in b/bin/tests/system/nsupdate/ns6/in-addr.db.in
new file mode 100644 (file)
index 0000000..c719192
--- /dev/null
+++ b/bin/tests/system/nsupdate/ns6/in-addr.db.in
@@ -0,0 +1,19 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 300       ; 5 minutes
+@              IN SOA  ns5.local.nil. hostmaster.local.nil. (
+                               1          ; serial
+                               2000       ; refresh (2000 seconds)
+                               2000       ; retry (2000 seconds)
+                               1814400    ; expire (3 weeks)
+                               3600       ; minimum (1 hour)
+                               )
+                       NS      ns5
+ns5                    A       10.53.0.5

diff --git a/bin/tests/system/nsupdate/ns6/named.args b/bin/tests/system/nsupdate/ns6/named.args
new file mode 100644 (file)
index 0000000..75ca529
--- /dev/null
+++ b/bin/tests/system/nsupdate/ns6/named.args
@@ -0,0 +1 @@
+-D nsupdate-ns6 -m record,size,mctx -T clienttest -c named.conf -d 99 -X named.lock -g -U 4 -T fixedlocal

diff --git a/bin/tests/system/nsupdate/ns6/named.conf.in b/bin/tests/system/nsupdate/ns6/named.conf.in
new file mode 100644 (file)
index 0000000..da64d06
--- /dev/null
+++ b/bin/tests/system/nsupdate/ns6/named.conf.in
@@ -0,0 +1,38 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+       query-source address 10.53.0.6;
+       notify-source 10.53.0.6;
+       transfer-source 10.53.0.6;
+       port @PORT@;
+       pid-file "named.pid";
+       session-keyfile "session.key";
+       listen-on { 10.53.0.6; };
+       recursion no;
+       notify yes;
+       minimal-responses no;
+};
+
+key rndc_key {
+       secret "1234abcd8765";
+       algorithm hmac-sha256;
+};
+
+controls {
+       inet 10.53.0.6 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
+zone "in-addr.arpa" {
+       type master;
+       file "in-addr.db";
+       update-policy { grant * tcp-self . PTR; };
+};

diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh
index 63b6fcd89c39b698c3ab7df6df586e0bd06c50f0..9513fae0d2adad5bf54e9694657817d6b9277cbf 100644 (file)
--- a/bin/tests/system/nsupdate/setup.sh
+++ b/bin/tests/system/nsupdate/setup.sh
@@ -17,6 +17,7 @@ copy_setports ns1/named.conf.in ns1/named.conf
 copy_setports ns2/named.conf.in ns2/named.conf
 copy_setports ns3/named.conf.in ns3/named.conf
 copy_setports ns5/named.conf.in ns5/named.conf
+copy_setports ns6/named.conf.in ns6/named.conf
 
 copy_setports verylarge.in verylarge
 
@@ -75,3 +76,4 @@ cp -f ns1/maxjournal.db.in ns1/maxjournal.db
 rm -f ns1/maxjournal.db.jnl
 
 cp -f ns5/local.db.in ns5/local.db
+cp -f ns6/in-addr.db.in ns6/in-addr.db

diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
index c9f332a52637ed269d845b1ac004673d9a27ef5e..40714030c46a7d732bcf84802219dac1e78d0c64 100755 (executable)
--- a/bin/tests/system/nsupdate/tests.sh
+++ b/bin/tests/system/nsupdate/tests.sh
@@ -546,6 +546,63 @@ then
 echo_i "failed"; status=1
 fi
 
+n=`expr $n + 1`
+ret=0
+echo_i "check that 'update-policy tcp-self' refuses update of records via UDP ($n)"
+$NSUPDATE > nsupdate.out.$n 2>&1 << END
+server 10.53.0.6 ${PORT}
+local 127.0.0.1
+update add 1.0.0.127.in-addr.arpa. 600 PTR localhost.
+send
+END
+grep REFUSED nsupdate.out.$n > /dev/null 2>&1 || ret=1
+$DIG $DIGOPTS @10.53.0.6 \
+        +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd \
+        -x 127.0.0.1 > dig.out.ns6.$n
+grep localhost. dig.out.ns6.$n > /dev/null 2>&1 && ret=1
+if test $ret -ne 0
+then
+echo_i "failed"; status=1
+fi
+
+n=`expr $n + 1`
+ret=0
+echo_i "check that 'update-policy tcp-self' permits update of records for the client's own address via TCP ($n)"
+$NSUPDATE -v > nsupdate.out.$n 2>&1 << END || ret=1
+server 10.53.0.6 ${PORT}
+local 127.0.0.1
+update add 1.0.0.127.in-addr.arpa. 600 PTR localhost.
+send
+END
+grep REFUSED nsupdate.out.$n > /dev/null 2>&1 && ret=1
+$DIG $DIGOPTS @10.53.0.6 \
+        +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd \
+        -x 127.0.0.1 > dig.out.ns6.$n || ret=1
+grep localhost. dig.out.ns6.$n > /dev/null 2>&1 || ret=1
+if test $ret -ne 0
+then
+echo_i "failed"; status=1
+fi
+
+n=`expr $n + 1`
+ret=0
+echo_i "check that 'update-policy tcp-self' refuses update of records for a different address from the client's own address via TCP ($n)"
+$NSUPDATE -v > nsupdate.out.$n 2>&1 << END
+server 10.53.0.6 ${PORT}
+local 127.0.0.1
+update add 1.0.168.192.in-addr.arpa. 600 PTR localhost.
+send
+END
+grep REFUSED nsupdate.out.$n > /dev/null 2>&1 || ret=1
+$DIG $DIGOPTS @10.53.0.6 \
+        +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd \
+        -x 192.168.0.1 > dig.out.ns6.$n
+grep localhost. dig.out.ns6.$n > /dev/null 2>&1 && ret=1
+if test $ret -ne 0
+then
+echo_i "failed"; status=1
+fi
+
 n=`expr $n + 1`
 ret=0
 echo_i "check that changes to the DNSKEY RRset TTL do not have side effects ($n)"

diff --git a/util/copyrights b/util/copyrights
index 29797a94e4e011465255bedb80a117d2bbfa03fd..309ccc39a23d49042786cd9f73be0e23e00835d0 100644 (file)
--- a/util/copyrights
+++ b/util/copyrights
@@ -1645,6 +1645,9 @@
 ./bin/tests/system/nsupdate/ns5/local.db.in    ZONE    2017,2018
 ./bin/tests/system/nsupdate/ns5/named.args     X       2017,2018
 ./bin/tests/system/nsupdate/ns5/named.conf.in  CONF-C  2017,2018
+./bin/tests/system/nsupdate/ns6/in-addr.db.in  ZONE    2018
+./bin/tests/system/nsupdate/ns6/named.args     X       2018
+./bin/tests/system/nsupdate/ns6/named.conf.in  CONF-C  2018
 ./bin/tests/system/nsupdate/prereq.sh          SH      2014,2015,2016,2018
 ./bin/tests/system/nsupdate/setup.sh           SH      2000,2001,2004,2007,2009,2010,2011,2012,2014,2016,2017,2018
 ./bin/tests/system/nsupdate/tests.sh           SH      2000,2001,2004,2007,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018