From: Aki Tuomi Date: Sat, 15 Jun 2013 19:09:18 +0000 (+0300) Subject: More regression tests for TSIG X-Git-Tag: rec-3.6.0-rc1~468^2~8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d885cea70c3d1e8207f5da53c5cc234ac57b3275;p=thirdparty%2Fpdns.git More regression tests for TSIG --- diff --git a/pdns/pdnssec.cc b/pdns/pdnssec.cc index 69eebdef14..f1aa48a728 100644 --- a/pdns/pdnssec.cc +++ b/pdns/pdnssec.cc @@ -1470,7 +1470,7 @@ try string key; char tmpkey[64]; - size_t klen; + size_t klen = 0; if (algo == "hmac-md5") { klen = 32; } else if (algo == "hmac-sha1") { @@ -1483,6 +1483,9 @@ try klen = 64; } else if (algo == "hmac-sha512") { klen = 64; + } else { + cerr << "Cannot generate key for " << algo << endl; + return 1; } cerr << "Generating new key with " << klen << " bytes (this can take a while)" << endl; diff --git a/regression-tests/named.conf b/regression-tests/named.conf index 1b3ff8f413..b207c73e66 100644 --- a/regression-tests/named.conf +++ b/regression-tests/named.conf @@ -50,3 +50,8 @@ zone "minimal.com"{ type master; file "./minimal.com"; }; + +zone "tsig.com"{ + type master; + file "./tsig.com"; +}; diff --git a/regression-tests/start-test-stop b/regression-tests/start-test-stop index dd96a2114f..22e5871344 100755 --- a/regression-tests/start-test-stop +++ b/regression-tests/start-test-stop @@ -207,6 +207,8 @@ case $context in skipreasons="nodyndns" fi + ../pdns/pdnssec --config-dir=. enable-tsig-key tsig.com test master + $RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./ \ --no-shuffle --launch=bind --bind-config=./named.conf \ --bind-dnssec-db=./dnssec.sqlite3 \ @@ -330,6 +332,9 @@ __EOF__ done + ../pdns/pdnssec --config-dir=. --config-name=gmysql import-tsig-key test hmac-md5 'kp4/24gyYsEzbuTVJRUMoqGFmN3LYgVDzJ/3oRSP7ys=' + ../pdns/pdnssec --config-dir=. --config-name=gmysql enable-tsig-key tsig.com test master + $RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./ \ --no-shuffle --launch --launch+=random --launch+=gmysql --launch+=random --gmysql-dnssec \ --send-root-referral \ @@ -383,6 +388,9 @@ __EOF__ fi done + ../pdns/pdnssec --config-dir=. --config-name=gmysql import-tsig-key test hmac-md5 'kp4/24gyYsEzbuTVJRUMoqGFmN3LYgVDzJ/3oRSP7ys=' + ../pdns/pdnssec --config-dir=. --config-name=gmysql enable-tsig-key tsig.com test master + $RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./ \ --no-shuffle --launch=gpgsql --gpgsql-dnssec \ --send-root-referral \ @@ -500,6 +508,9 @@ __EOF__ fi done + ../pdns/pdnssec --config-dir=. --config-name=gmysql import-tsig-key test hmac-md5 'kp4/24gyYsEzbuTVJRUMoqGFmN3LYgVDzJ/3oRSP7ys=' + ../pdns/pdnssec --config-dir=. --config-name=gmysql enable-tsig-key tsig.com test master + $RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./ \ --no-shuffle --launch=gsqlite3 --gsqlite3-dnssec \ --send-root-referral \ @@ -649,8 +660,7 @@ export optout if [ $presigned = yes ] then - skipreasons="$skipreasons nodyndns" - + skipreasons="$skipreasons presigned nodyndns" if [ ${context:0:6} = gmysql ] then context=${context}-presigned @@ -674,6 +684,18 @@ then -e "INSERT INTO domains (name, type, master) VALUES('$zone','SLAVE','127.0.0.1:$port')" done + set +e + echo $skipreasons | grep -q nodnssec + if [ $? -ne 0 ]; then + mysql --user="$GMYSQL2USER" --password="$GMYSQL2PASSWD" --host="$GMYSQL2HOST" \ + "$GMYSQL2DB" \ + -e "INSERT INTO tsigkeys (name, algorithm,secret) VALUES('test', 'hmac-md5', 'kp4/24gyYsEzbuTVJRUMoqGFmN3LYgVDzJ/3oRSP7ys=')" + mysql --user="$GMYSQL2USER" --password="$GMYSQL2PASSWD" --host="$GMYSQL2HOST" \ + "$GMYSQL2DB" \ + -e "INSERT INTO domainmetadata (domain_id, kind, content) SELECT id, 'AXFR-MASTER-TSIG', 'test' FROM domains WHERE name = 'tsig.com'" + fi + set -e + port=$((port+100)) $RUNWRAPPER $PDNS2 --daemon=no --local-port=$port --socket-dir=./ \ @@ -713,15 +735,22 @@ then do sqlite3 pdns.sqlite31 "INSERT INTO domains (name, type, master) VALUES('$zone','SLAVE','127.0.0.1:$port');" done + + set +e + echo $skipreasons | grep -q nodnssec + if [ $? -ne 0 ]; then + sqlite3 pdns.sqlite31 "INSERT INTO tsigkeys (name.algorithm,secret) VALUES('tsig.com','hmac-md5', 'kp4/24gyYsEzbuTVJRUMoqGFmN3LYgVDzJ/3oRSP7ys=')" + sqlite3 pdns.sqlite31 "INSERT INTO domainmetadata (domain_id, kind, content) SELECT id, 'AXFR-MASTER-TSIG', 'test' FROM domains WHERE name = 'tsig.com'" + fi + set -e port=$((port+100)) $RUNWRAPPER $PDNS2 --daemon=no --local-port=$port --socket-dir=./ \ --no-shuffle --launch=gsqlite3 --gsqlite3-dnssec \ - --fancy-records --send-root-referral \ - --cache-ttl=0 --query-cache-ttl=0 --no-config --slave --retrieval-threads=4 \ - --gsqlite3-database=pdns.sqlite31 --gsqlite3-pragma-synchronous=0 \ - --config-name=gsqlite32 |& egrep -v "update records set ordername|insert into records" & + --fancy-records --send-root-referral --config-name=gsqlite2 \ + --cache-ttl=0 --query-cache-ttl=0 --no-config --slave --retrieval-threads=1 \ + --gsqlite3-database=pdns.sqlite31 --gsqlite3-pragma-synchronous=0 |& egrep -v "update records set ordername|insert into records" & echo 'waiting for zones to be slaved' set +e loopcount=0 @@ -754,7 +783,17 @@ then done rm -f dnssec-slave.sqlite3 + ../pdns/pdnssec --config-dir=. create-bind-db dnssec-slave.sqlite3 + + set +e + echo $skipreasons | grep -q nodnssec + if [ $? -ne 0 ]; then + sqlite3 dnssec-slave.sqlite3 "INSERT INTO tsigkeys (name, algorithm,secret) VALUES('test', 'hmac-md5', 'kp4/24gyYsEzbuTVJRUMoqGFmN3LYgVDzJ/3oRSP7ys=')" + sqlite3 dnssec-slave.sqlite3 "INSERT INTO domainmetadata (domain, kind, content) SELECT 'tsig.com', 'AXFR-MASTER-TSIG', 'test'" + fi + set -e + port=$((port+100)) $RUNWRAPPER $PDNS2 --daemon=no --local-port=$port --socket-dir=./ \ diff --git a/regression-tests/tsig-axfr/command b/regression-tests/tsig-axfr/command index 6cff30fa87..91bea694a3 100755 --- a/regression-tests/tsig-axfr/command +++ b/regression-tests/tsig-axfr/command @@ -1,5 +1,3 @@ #!/bin/sh -../pdns/pdnssec --config-dir=. enable-tsig-key minimal.com test master -dig -t axfr minimal.com @$nameserver -p $port -y 'test:kp4/24gyYsEzbuTVJRUMoqGFmN3LYgVDzJ/3oRSP7ys=' | grep 'IN\s*SOA' -../pdns/pdnssec --config-dir=. disable-tsig-key minimal.com test master +dig -t axfr tsig.com @$nameserver -p $port -y 'test:kp4/24gyYsEzbuTVJRUMoqGFmN3LYgVDzJ/3oRSP7ys=' | grep 'IN\s*SOA' diff --git a/regression-tests/tsig-axfr/expected_result b/regression-tests/tsig-axfr/expected_result index 154dc894d8..47760db6c0 100644 --- a/regression-tests/tsig-axfr/expected_result +++ b/regression-tests/tsig-axfr/expected_result @@ -1,4 +1,2 @@ -Enabled TSIG key test for minimal.com -minimal.com. 120 IN SOA ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400 -minimal.com. 120 IN SOA ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400 -Disabled TSIG key test for minimal.com +tsig.com. 120 IN SOA ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400 +tsig.com. 120 IN SOA ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400 diff --git a/regression-tests/tsig.com b/regression-tests/tsig.com new file mode 100644 index 0000000000..4876ccae70 --- /dev/null +++ b/regression-tests/tsig.com @@ -0,0 +1,12 @@ +$TTL 120 +$ORIGIN tsig.com. +@ IN SOA ns1.example.com. ahu.example.com. ( + 2000081501 + 8H ; refresh + 2H ; retry + 1W ; expire + 1D ; default_ttl + ) + +@ IN NS ns1.example.com. +@ IN NS ns2.example.com.