From: Wouter Wijngaards Date: Tue, 23 May 2017 12:47:54 +0000 (+0000) Subject: Fix wildcard, DS lookup, CNAME from DNAME, and returnvalue check in unit test. X-Git-Tag: release-1.6.4rc1~49 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=6c899d8947a28791f8d5ca28110f10a8a12248af;p=thirdparty%2Funbound.git Fix wildcard, DS lookup, CNAME from DNAME, and returnvalue check in unit test. git-svn-id: file:///svn/unbound/trunk@4185 be551aaa-1e26-0410-a405-d3ace91eadb9 --- diff --git a/services/authzone.c b/services/authzone.c index e9c3e5076..d33dfe60b 100644 --- a/services/authzone.c +++ b/services/authzone.c @@ -1268,26 +1268,40 @@ domain_has_only_nsec3(struct auth_data* n) return nsec3_seen; } -/** see if the domain has a wildcard childe '*.domain' */ +/** see if the domain has a wildcard child '*.domain' */ static struct auth_data* -az_find_wildcard(struct auth_zone* z, struct auth_data* ce) +az_find_wildcard_domain(struct auth_zone* z, uint8_t* nm, size_t nmlen) { uint8_t wc[LDNS_MAX_DOMAINLEN]; - uint8_t* ce_nm; - size_t ce_nmlen; - if(ce) { - ce_nm = ce->name; - ce_nmlen = ce->namelen; - } else { - ce_nm = z->name; - ce_nmlen = z->namelen; - } - if(ce_nmlen+2 > sizeof(wc)) + if(nmlen+2 > sizeof(wc)) return NULL; /* result would be too long */ wc[0] = 1; /* length of wildcard label */ wc[1] = (uint8_t)'*'; /* wildcard label */ - memmove(wc+2, ce_nm, ce_nmlen); - return az_find_name(z, wc, ce_nmlen+2); + memmove(wc+2, nm, nmlen); + return az_find_name(z, wc, nmlen+2); +} + +/** find wildcard between qname and cename */ +static struct auth_data* +az_find_wildcard(struct auth_zone* z, struct query_info* qinfo, + struct auth_data* ce) +{ + uint8_t* nm = qinfo->qname; + size_t nmlen = qinfo->qname_len; + struct auth_data* node; + if(!dname_subdomain_c(nm, z->name)) + return NULL; /* out of zone */ + while((node=az_find_wildcard_domain(z, nm, nmlen))==NULL) { + /* see if we can go up to find the wildcard */ + if(nmlen == z->namelen) + return NULL; /* top of zone reached */ + if(ce && nmlen == ce->namelen) + return NULL; /* ce reached */ + if(dname_is_root(nm)) + return NULL; /* cannot go up */ + dname_remove_label(&nm, &nmlen); + } + return node; } /** domain is not exact, find first candidate ce (name that matches @@ -1369,7 +1383,10 @@ az_find_ce(struct auth_zone* z, struct query_info* qinfo, /* see if the current candidate has issues */ /* not zone apex and has type NS */ if(n->namelen != z->namelen && - (*rrset=az_domain_rrset(n, LDNS_RR_TYPE_NS))) { + (*rrset=az_domain_rrset(n, LDNS_RR_TYPE_NS)) && + /* delegate here, but DS at exact the dp has notype */ + (qinfo->qtype != LDNS_RR_TYPE_DS || + n->namelen != qinfo->qname_len)) { /* referral */ /* this is ce and the lowernode is nonexisting */ *ce = n; @@ -1551,7 +1568,7 @@ create_synth_cname(struct query_info* qinfo, struct regional* region, (*cname)->rk.flags = 0; (*cname)->rk.dname = regional_alloc_init(region, qinfo->qname, qinfo->qname_len); - if((*cname)->rk.dname) + if(!(*cname)->rk.dname) return 0; /* out of memory */ (*cname)->rk.dname_len = qinfo->qname_len; (*cname)->entry.hash = rrset_key_hash(&(*cname)->rk); @@ -2041,6 +2058,12 @@ az_generate_wildcard_answer(struct auth_zone* z, struct query_info* qinfo, struct auth_data* wildcard, struct auth_data* node) { struct auth_rrset* rrset, *nsec; + if(verbosity>=VERB_ALGO) { + char wcname[256]; + sldns_wire2str_dname_buf(wildcard->name, wildcard->namelen, + wcname, sizeof(wcname)); + log_info("wildcard %s", wcname); + } if((rrset=az_domain_rrset(wildcard, qinfo->qtype)) != NULL) { /* wildcard has type, add it */ if(!msg_add_rrset_an(region, msg, rrset)) return 0; @@ -2141,7 +2164,7 @@ az_generate_answer_nonexistnode(struct auth_zone* z, struct query_info* qinfo, return az_generate_notype_answer(z, region, msg, node); } /* see if we have a wildcard under the ce */ - if((wildcard=az_find_wildcard(z, ce)) != NULL) { + if((wildcard=az_find_wildcard(z, qinfo, ce)) != NULL) { return az_generate_wildcard_answer(z, qinfo, region, msg, ce, wildcard, node); } diff --git a/testcode/unitauth.c b/testcode/unitauth.c index 5d154576d..f0cfa1546 100644 --- a/testcode/unitauth.c +++ b/testcode/unitauth.c @@ -49,7 +49,7 @@ #include "sldns/sbuffer.h" /** verbosity for this test */ -static int vbmp = 1; +static int vbmp = 0; /** struct for query and answer checks */ struct q_ans { @@ -133,12 +133,270 @@ static const char* zone_example_com = /** queries for example.com: zone, query, flags, answer. end with NULL */ static struct q_ans example_com_queries[] = { - {"example.com", "www.example.com. A", "", + { "example.com", "www.example.com. A", "", ";flags QR AA rcode NOERROR\n" ";answer section\n" "www.example.com. 3600 IN A 10.0.0.2\n" "www.example.com. 3600 IN A 10.0.0.3\n" }, + + { "example.com", "example.com. SOA", "", +";flags QR AA rcode NOERROR\n" +";answer section\n" +"example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n" + }, + + { "example.com", "example.com. A", "", +";flags QR AA rcode NOERROR\n" +";answer section\n" +"example.com. 3600 IN A 10.0.0.1\n" + }, + + { "example.com", "example.com. AAAA", "", +";flags QR AA rcode NOERROR\n" +";authority section\n" +"example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n" + }, + + { "example.com", "example.com. NS", "", +";flags QR AA rcode NOERROR\n" +";answer section\n" +"example.com. 3600 IN NS ns.example.com.\n" +";additional section\n" +"ns.example.com. 3600 IN A 10.0.0.5\n" + }, + + { "example.com", "example.com. MX", "", +";flags QR AA rcode NOERROR\n" +";answer section\n" +"example.com. 3600 IN MX 50 mail.example.com.\n" +";additional section\n" +"mail.example.com. 3600 IN A 10.0.0.4\n" + }, + + { "example.com", "example.com. IN ANY", "", +";flags QR AA rcode NOERROR\n" +";answer section\n" +"example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n" +"example.com. 3600 IN MX 50 mail.example.com.\n" +"example.com. 3600 IN A 10.0.0.1\n" + }, + + { "example.com", "nonexist.example.com. A", "", +";flags QR AA rcode NXDOMAIN\n" +";authority section\n" +"example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n" + }, + + { "example.com", "deep.ent.example.com. A", "", +";flags QR AA rcode NOERROR\n" +";answer section\n" +"deep.ent.example.com. 3600 IN A 10.0.0.9\n" + }, + + { "example.com", "ent.example.com. A", "", +";flags QR AA rcode NOERROR\n" +";authority section\n" +"example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n" + }, + + { "example.com", "below.deep.ent.example.com. A", "", +";flags QR AA rcode NXDOMAIN\n" +";authority section\n" +"example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n" + }, + + { "example.com", "mail.example.com. A", "", +";flags QR AA rcode NOERROR\n" +";answer section\n" +"mail.example.com. 3600 IN A 10.0.0.4\n" + }, + + { "example.com", "ns.example.com. A", "", +";flags QR AA rcode NOERROR\n" +";answer section\n" +"ns.example.com. 3600 IN A 10.0.0.5\n" + }, + + { "example.com", "out.example.com. A", "", +";flags QR AA rcode NOERROR\n" +";answer section\n" +"out.example.com. 3600 IN CNAME www.example.com.\n" + }, + + { "example.com", "out.example.com. CNAME", "", +";flags QR AA rcode NOERROR\n" +";answer section\n" +"out.example.com. 3600 IN CNAME www.example.com.\n" + }, + + { "example.com", "plan.example.com. A", "", +";flags QR AA rcode NOERROR\n" +";answer section\n" +"plan.example.com. 3600 IN CNAME nonexist.example.com.\n" + }, + + { "example.com", "plan.example.com. CNAME", "", +";flags QR AA rcode NOERROR\n" +";answer section\n" +"plan.example.com. 3600 IN CNAME nonexist.example.com.\n" + }, + + { "example.com", "redir.example.com. A", "", +";flags QR AA rcode NOERROR\n" +";authority section\n" +"example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n" + }, + + { "example.com", "redir.example.com. DNAME", "", +";flags QR AA rcode NOERROR\n" +";answer section\n" +"redir.example.com. 3600 IN DNAME redir.example.org.\n" + }, + + { "example.com", "abc.redir.example.com. A", "", +";flags QR AA rcode NOERROR\n" +";answer section\n" +"redir.example.com. 3600 IN DNAME redir.example.org.\n" +"abc.redir.example.com. 0 IN CNAME abc.redir.example.org.\n" + }, + + { "example.com", "foo.abc.redir.example.com. A", "", +";flags QR AA rcode NOERROR\n" +";answer section\n" +"redir.example.com. 3600 IN DNAME redir.example.org.\n" +"foo.abc.redir.example.com. 0 IN CNAME foo.abc.redir.example.org.\n" + }, + + { "example.com", "sub.example.com. NS", "", +";flags QR rcode NOERROR\n" +";authority section\n" +"sub.example.com. 3600 IN NS ns1.sub.example.com.\n" +"sub.example.com. 3600 IN NS ns2.sub.example.com.\n" +";additional section\n" +"ns1.sub.example.com. 3600 IN A 10.0.0.6\n" +"ns2.sub.example.com. 3600 IN AAAA 2001::7\n" + }, + + { "example.com", "sub.example.com. DS", "", +";flags QR AA rcode NOERROR\n" +";authority section\n" +"example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n" + }, + + { "example.com", "www.sub.example.com. NS", "", +";flags QR rcode NOERROR\n" +";authority section\n" +"sub.example.com. 3600 IN NS ns1.sub.example.com.\n" +"sub.example.com. 3600 IN NS ns2.sub.example.com.\n" +";additional section\n" +"ns1.sub.example.com. 3600 IN A 10.0.0.6\n" +"ns2.sub.example.com. 3600 IN AAAA 2001::7\n" + }, + + { "example.com", "foo.abc.sub.example.com. NS", "", +";flags QR rcode NOERROR\n" +";authority section\n" +"sub.example.com. 3600 IN NS ns1.sub.example.com.\n" +"sub.example.com. 3600 IN NS ns2.sub.example.com.\n" +";additional section\n" +"ns1.sub.example.com. 3600 IN A 10.0.0.6\n" +"ns2.sub.example.com. 3600 IN AAAA 2001::7\n" + }, + + { "example.com", "ns1.sub.example.com. A", "", +";flags QR rcode NOERROR\n" +";authority section\n" +"sub.example.com. 3600 IN NS ns1.sub.example.com.\n" +"sub.example.com. 3600 IN NS ns2.sub.example.com.\n" +";additional section\n" +"ns1.sub.example.com. 3600 IN A 10.0.0.6\n" +"ns2.sub.example.com. 3600 IN AAAA 2001::7\n" + }, + + { "example.com", "ns1.sub.example.com. AAAA", "", +";flags QR rcode NOERROR\n" +";authority section\n" +"sub.example.com. 3600 IN NS ns1.sub.example.com.\n" +"sub.example.com. 3600 IN NS ns2.sub.example.com.\n" +";additional section\n" +"ns1.sub.example.com. 3600 IN A 10.0.0.6\n" +"ns2.sub.example.com. 3600 IN AAAA 2001::7\n" + }, + + { "example.com", "ns2.sub.example.com. A", "", +";flags QR rcode NOERROR\n" +";authority section\n" +"sub.example.com. 3600 IN NS ns1.sub.example.com.\n" +"sub.example.com. 3600 IN NS ns2.sub.example.com.\n" +";additional section\n" +"ns1.sub.example.com. 3600 IN A 10.0.0.6\n" +"ns2.sub.example.com. 3600 IN AAAA 2001::7\n" + }, + + { "example.com", "ns2.sub.example.com. AAAA", "", +";flags QR rcode NOERROR\n" +";authority section\n" +"sub.example.com. 3600 IN NS ns1.sub.example.com.\n" +"sub.example.com. 3600 IN NS ns2.sub.example.com.\n" +";additional section\n" +"ns1.sub.example.com. 3600 IN A 10.0.0.6\n" +"ns2.sub.example.com. 3600 IN AAAA 2001::7\n" + }, + + { "example.com", "wild.example.com. A", "", +";flags QR AA rcode NOERROR\n" +";authority section\n" +"example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n" + }, + + { "example.com", "*.wild.example.com. A", "", +";flags QR AA rcode NOERROR\n" +";answer section\n" +"*.wild.example.com. 3600 IN A 10.0.0.8\n" + }, + + { "example.com", "*.wild.example.com. AAAA", "", +";flags QR AA rcode NOERROR\n" +";authority section\n" +"example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n" + }, + + { "example.com", "abc.wild.example.com. A", "", +";flags QR AA rcode NOERROR\n" +";answer section\n" +"abc.wild.example.com. 3600 IN A 10.0.0.8\n" + }, + + { "example.com", "abc.wild.example.com. AAAA", "", +";flags QR AA rcode NOERROR\n" +";authority section\n" +"example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n" + }, + + { "example.com", "foo.abc.wild.example.com. A", "", +";flags QR AA rcode NOERROR\n" +";answer section\n" +"foo.abc.wild.example.com. 3600 IN A 10.0.0.8\n" + }, + + { "example.com", "foo.abc.wild.example.com. AAAA", "", +";flags QR AA rcode NOERROR\n" +";authority section\n" +"example.com. 3600 IN SOA ns.example.org. noc.example.org. 2017042710 7200 3600 1209600 3600\n" + }, + + { "example.com", "yy.example.com. TXT", "", +";flags QR AA rcode NOERROR\n" +";answer section\n" +"yy.example.com. 3600 IN TXT \"a\"\n" +"yy.example.com. 3600 IN TXT \"b\"\n" +"yy.example.com. 3600 IN TXT \"c\"\n" +"yy.example.com. 3600 IN TXT \"d\"\n" +"yy.example.com. 3600 IN TXT \"e\"\n" +"yy.example.com. 3600 IN TXT \"f\"\n" + }, + {NULL, NULL, NULL, NULL} }; @@ -450,11 +708,16 @@ q_ans_query(struct q_ans* q, struct auth_zones* az, struct query_info* qinfo, if(vbmp) printf("got (ret=%s%s):\n%s", (ret?"ok":"fail"), (fallback?" fallback":""), ans_str); /* check expected value for ret */ - if(ret == 0) { + if(expected_fallback && ret != 0) { /* ret is zero on fallback */ + if(vbmp) printf("fallback expected, but " + "return value is not false\n"); + unit_assert(expected_fallback && ret == 0); + } + if(ret == 0) { if(!expected_fallback) { - if(vbmp) printf("fallback expected, but " - "ret is not false\n"); + if(vbmp) printf("return value is false, " + "(unexpected)\n"); } unit_assert(expected_fallback); } @@ -541,5 +804,4 @@ authzone_test(void) atexit(tmpfilecleanup); authzone_read_test(); authzone_query_test(); - /*exit(0);*/ /* DEBUG */ }