[3432] Changed algorithm strings to match dnsssec-keygen labels
Changed the string values used to configure a TSIG key's algorithm to
match those used by Bind9's dnssec-keygen.
Added tests for all supported algorithms.
[3432] Fixed d2::TSIGKeyInfo::remake to use correct dns::TSIGKey constructor
The dns::TSIGKey constructor that was being by d2:TSIGKeyINfo expects an
ordinary string value for secret and then encodes it to base64. Since
TSIGKeyInfo configuration value for secret is already expected to be base64
encoded this was causing it to be encoded again resulting in verification
errors when tested against Bind9.
Changed TSIGKeyInfo::remake to use the appropriate TSIGKey constructor.
[3432] Replaced sting key_name with TSIGKeyInfo in d2::DdnsDomain
Rather than each DdnsDomain storing only the string name of its TSIG key,
it now contains an pointer to the TSIGKeyInfo which corresponds to the
key name given in its configuration.
[3432] Added basic TSIG support to NameChangeTransaction
Added TSIGKeyPtr instance member to NameChangeTransaction.
Modified NameChangeTransaction::sendUpdate() to do a TSIG updates if its
TSIGKeyPtr is not null.
Extended FauxServer test class to support TSIG if given a key.
Added round trip TSIG tests to NameChangeTransaction base class tests.
This does not address how the transaction's key is determined. That
requires changes to configuration classes in D2Config.
Tomek Mrugalski [Tue, 13 May 2014 12:34:49 +0000 (14:34 +0200)]
[trac3449] make sure -R has argument (directory) in m4 macro that tests availability.
Bundy issue 6:
(should also be trivial enough, so I'm pushing it directly at my discretion)
without this it's possible that it only results in warning on a system
that doesn't actually support this flag (such as MacOS X) and subsequently
causes build failure.
Tomek Mrugalski [Tue, 13 May 2014 12:34:49 +0000 (14:34 +0200)]
[trac3449] make sure -R has argument (directory) in m4 macro that tests availability.
Bundy issue 6:
(should also be trivial enough, so I'm pushing it directly at my discretion)
without this it's possible that it only results in warning on a system
that doesn't actually support this flag (such as MacOS X) and subsequently
causes build failure.
[3432] Added support for TSIG to D2UpdateMessage and DNSClient
Change D2UpdateMessage to support TSIG signing and verification via its
toWire and fromWire methods. Both now accept a pointer to a TSIGContext,
which they should use, if its not NULL.
Implemented DNSCLient::doUpdate variant that accepts a TSIGKey. It will
use the key to create a TSIGContext that will then be used to sign the
outbound request and to verify the response in the operator() method.
[3268] Modified NameChangeTransaction to use configurable DNS server timeout
Update manager now passes the D2 config manager reference into transactions
when it creates them. This makes D2 configuration services available at
the transaction level.
Changed NameChangeTransaction::sendUpdate() to get the timeout value from
configuration rather than use hard-coded constant.
[3268] Added container class for D2 global parameters
Added d2::D2Params to act as container class for D2 global parameters.
This permits them to be converted from their context parameter form during
configuration parsing.
[3268] Treat top-level scalars as a group of globals parameters
Restructured DCfgMgrBase to group the top level elements in a configuration
into scalars (strings, bools, ints, etc...) and objects (maps, lists, etc),
and parse the scalars first, then objects. This permits the top level
scalars to be treated as a group of global parameters that are parsed first.
Ordered parsing is now relegated to only object elements. Scalars are parsed
first before any objects.
Also added the ability to reset config manager's context and rather than
than starting configuration parsing with a copy of the current context, it
starts with an empty context.
Tomek Mrugalski [Tue, 6 May 2014 19:07:14 +0000 (21:07 +0200)]
[3400] Changes after review:
- config-reload command added
- config and command handlers cleaned up
- files renamed
- Majority of the backend code is now common
- Added unit-test for config-reload command
I removed todos on regarding use of binary of text. I could not demonstrate
any appreciable difference between the two forms and binary results require
more manual conversion. Performance should be examined as a separte effort.
[3382] Replaced hard coded column types with constants
Replaced hard coded numbers for column types in tagged_statements[]
initialization.
Replaced test of error message text for duplicate key violations with
test of the SQL state code. This is the recommended mechanism as
error text can be affected by localization and is subject to content
change.
Unlike, MySQL, PostgreSQL does not return anything to the caller when
preparing an SQL statement, rather one uses its text name to execute it.
PgSqlStatementBind was an unecessary duplication of data already available
in tagged_statements. This also resolved the unused member complaint from
cppcheck regarding TaggedStatement::index.
[master] Fix for 3387, asiodns::IOFetch unit test failing
The unit test, IOFetchTest.TcpSendReceive65535, was failing
routinely on a NetBSD VM. The VM was running so slowly that
this test was timing out. Typically it takes less than
500ms. On this VM it was taking over 4.5s and then hitting
a safety valve timeout. That timeout value was increased.
Fixed typos and replaced used of DHCPv<n> with b10-dhcp<n> in
D2 relevant sections of the admin guide.
Added sender_ip and max_queue_size value to dhcp4 and dhcp6 unit
tests.
Added used of DFT constants in D2ClientCfg default constructor.
- file read can now ignore # comments in file
- there are JSON specific unit-tests now in src/bin/dhcp6
- BIND10 backend specific tests moved to separate file
[3400] Initial JSON file read support added in b10-dhcp6
- added --with-kea-config=JSON,BIND10 added to configure.ac
- JSON-file config backend added for b10-dhcp6
- Config file can now be read from a JSON file
Added checks in D2ClientCfg to make user server and
sender ip values are the same family, and that
the server ip/port is not exactly the same as the
sender ip/port.