Michał Kępień [Thu, 10 May 2018 07:43:38 +0000 (09:43 +0200)]
Use a while loop instead of a for loop in dns__zone_updatesigs()
Replace the outer for loop with a while loop to emphasize it keeps
processing the first element of diff->tuples, which changes on each
iteration due to tuples being removed from diff->tuples by
move_matching_tuples().
Michał Kępień [Thu, 10 May 2018 07:43:38 +0000 (09:43 +0200)]
Remove redundant assertions
The ENSURE assertion at the end of dns_diff_appendminimal() is not
needed because it is placed right after code which resets *tuplep to
NULL if it is not NULL already.
The INSIST assertion in move_matching_tuples() checks the same pointer
again.
Michał Kępień [Thu, 10 May 2018 07:43:38 +0000 (09:43 +0200)]
Look for the next matching tuple in a separate function
Extract the portion of the do-while loop responsible for finding the
next tuple with the same name and type into a separate function to
improve code clarity.
Michał Kępień [Thu, 10 May 2018 07:43:38 +0000 (09:43 +0200)]
Extract the do-while loop in dns__zone_updatesigs() into a separate function
The do-while loop in dns__zone_updatesigs() is hard to follow due to
heavy nesting and the 'tuple' variable also being used in the outer for
loop. Add a comment to explain the purpose of the do-while loop.
Extract it into a separate function to decrease indentation and prevent
using 'tuple' in two different loops.
Michał Kępień [Tue, 13 Mar 2018 13:06:11 +0000 (14:06 +0100)]
Add a framework for dns__zone_updatesigs() unit tests
Add a new ATF test, sigs_test, containing everything required to start
defining test cases for dns__zone_updatesigs(). The framework is
written in a way which ensures that changes to zone database applied by
any dns__zone_updatesigs() invocation are preserved between subsequent
checks.
Michał Kępień [Tue, 13 Mar 2018 13:06:10 +0000 (14:06 +0100)]
Move find_zone_keys() to lib/dns/zone_p.h
Rename find_zone_keys() to dns__zone_findkeys() and move it to
lib/dns/zone_p.h, so that it can be used in unit tests. Add a comment
describing the purpose of this function.
Michał Kępień [Tue, 13 Mar 2018 13:06:09 +0000 (14:06 +0100)]
Move update_sigs() to lib/dns/zone_p.h
Rename update_sigs() to dns__zone_updatesigs() and move it to
lib/dns/zone_p.h, so that it can be unit tested. Add a comment
describing the purpose of this function.
Michał Kępień [Tue, 13 Mar 2018 13:06:08 +0000 (14:06 +0100)]
Move zonediff_t to lib/dns/zone_p.h
Rename zonediff_t to dns__zonediff_t and move it to lib/dns/zone_p.h, so
that unit tests can be written for functions taking pointers to
structures of this type as arguments.
Michał Kępień [Tue, 13 Mar 2018 13:06:07 +0000 (14:06 +0100)]
Add lib/dns/zone_p.h
Add a new private header file, lib/dns/zone_p.h, which will hold type
definitions and function prototypes not meant to be exported by libdns,
but required by zone-related unit tests.
Michał Kępień [Tue, 13 Mar 2018 13:06:06 +0000 (14:06 +0100)]
Add a helper function to facilitate preparing dns_diff_t structures
Implement dns_test_difffromchanges(), a function which enables preparing
a dns_diff_t structure from a mostly-textual representation of zone
database changes to be applied. This will improve readability of test
case definitions by allowing contents of a dns_diff_t structure, passed
e.g. to update_sigs(), to be represented in a human-friendly manner.
Michał Kępień [Tue, 13 Mar 2018 13:06:04 +0000 (14:06 +0100)]
Rework dns_test_makezone()
The dns_test_makezone() helper function always assigns the created zone
to some view, which is not always necessary and complicates cleanup of
non-managed zones as they are required not to be assigned to any view.
Rework dns_test_makezone() in order to make it easier to use in unit
tests operating on non-managed zones. Use dns_name_fromstring() instead
of dns_name_fromtext() to simplify code. Do not use the CHECK() macro
and add comments to make code flow simpler to follow. Use
dns_test_makeview() instead of dns_view_create().
Adjust existing unit tests using this function so that they still pass.
Michał Kępień [Fri, 16 Mar 2018 23:12:24 +0000 (00:12 +0100)]
Add CHANGES entries
4916. [bug] Not creating signing keys for an inline signed zone
prevented changes applied to the raw zone from being
reflected in the secure zone until signing keys were
made available. [GL #159]
4915. [bug] Bumped signed serial of an inline signed zone was
logged even when an error occurred while updating
signatures. [GL #159]
Michał Kępień [Fri, 16 Mar 2018 23:12:23 +0000 (00:12 +0100)]
Apply raw zone deltas to yet unsigned secure zones
When inline signing is enabled for a zone without creating signing keys
for it, changes subsequently applied to the raw zone will not be
reflected in the secure zone due to the dns_update_signaturesinc() call
inside receive_secure_serial() failing. Given that an inline zone will
be served (without any signatures) even with no associated signing keys
being present, keep applying raw zone deltas to the secure zone until
keys become available in an attempt to follow the principle of least
astonishment.
Michał Kępień [Fri, 16 Mar 2018 23:12:21 +0000 (00:12 +0100)]
Only log bumped signed serial after a successful secure zone update
If a raw zone is modified, but the dns_update_signaturesinc() call in
receive_secure_serial() fails, the corresponding secure zone's database
will not be modified, even though by that time a message containing the
bumped signed serial will already have been logged. This creates
confusion, because a different secure zone version will be served than
the one announced in the logs. Move the relevant dns_zone_log() call so
that it is only performed if the secure zone's database is modified.
projects / thirdparty / bind9.git / log
