From: Matthijs Mekking Date: Fri, 6 Aug 2021 12:28:01 +0000 (+0200) Subject: Add test for in-view zone edits X-Git-Tag: v9.17.18~36^2 X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=598bf1c29b60dde22c7a3385ff979f38dffe5659;p=thirdparty%2Fbind9.git Add test for in-view zone edits Add a test case for GL #2845 where a zone is in two views, one base view and one "in-view" and that zone is using an $INCLUDE. Make sure that there is a jnl file (have ixfr-from-differences enabled and do a dynamic update). Then freeze and make updates in the included file (this requires the test.db file also to be updated because 'rndc freeze' causes the zone file to be overwritten). Finally reload and ensure that the edit in the included file has been loaded. --- diff --git a/bin/tests/system/rndc/clean.sh b/bin/tests/system/rndc/clean.sh index 9faf948262a..151aa015cbb 100644 --- a/bin/tests/system/rndc/clean.sh +++ b/bin/tests/system/rndc/clean.sh @@ -21,6 +21,8 @@ rm -f ns4/*.nta rm -f ns4/example.db ns4/example.db.jnl rm -f ns4/key?.conf rm -f ns6/huge.zone.db +rm -f ns7/include.db ns7/test.db ns7/*.jnl +rm -f ns7/named_dump.db* rm -f ns*/named.conf rm -f nsupdate.out.*.test* rm -f python.out.*.test* diff --git a/bin/tests/system/rndc/ns7/include.db.in b/bin/tests/system/rndc/ns7/include.db.in new file mode 100644 index 00000000000..ff722735d87 --- /dev/null +++ b/bin/tests/system/rndc/ns7/include.db.in @@ -0,0 +1,14 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +@ 86400 IN SOA ns7 hostmaster 1 5 5 1814400 3600 +@ NS ns7 +ns7 A 10.53.0.7 + +text1 TXT "include 1" diff --git a/bin/tests/system/rndc/ns7/include2.db.in b/bin/tests/system/rndc/ns7/include2.db.in new file mode 100644 index 00000000000..dbdd0ea20ff --- /dev/null +++ b/bin/tests/system/rndc/ns7/include2.db.in @@ -0,0 +1,14 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +@ 86400 IN SOA ns7 hostmaster 4 5 5 1814400 3600 +@ NS ns7 +ns7 A 10.53.0.7 + +text1 TXT "include 2" diff --git a/bin/tests/system/rndc/ns7/named.conf.in b/bin/tests/system/rndc/ns7/named.conf.in new file mode 100644 index 00000000000..db1fb8ca131 --- /dev/null +++ b/bin/tests/system/rndc/ns7/named.conf.in @@ -0,0 +1,55 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +options { + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.7; }; + listen-on-v6 { none; }; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; + +key int { + algorithm "hmac-sha1"; + secret "FrSt77yPTFx6hTs4i2tKLB9LmE0="; +}; + +key ext { + algorithm "hmac-sha1"; + secret "FrSt77yPTFx6hTs4i2tKLB9LmE0="; +}; + +controls { + inet 10.53.0.7 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +view internal { + match-clients { key "int"; }; + + zone "test" { + type primary; + update-policy { grant int zonesub any; }; + file "test.db"; + ixfr-from-differences yes; + }; +}; + +view external { + match-clients { key "ext"; }; + + zone "test" { + in-view internal; + }; +}; diff --git a/bin/tests/system/rndc/ns7/test.db.in b/bin/tests/system/rndc/ns7/test.db.in new file mode 100644 index 00000000000..cd776045ab8 --- /dev/null +++ b/bin/tests/system/rndc/ns7/test.db.in @@ -0,0 +1,11 @@ +; Copyright (C) Internet Systems Consortium, Inc. ("ISC") +; +; This Source Code Form is subject to the terms of the Mozilla Public +; License, v. 2.0. If a copy of the MPL was not distributed with this +; file, You can obtain one at http://mozilla.org/MPL/2.0/. +; +; See the COPYRIGHT file distributed with this work for additional +; information regarding copyright ownership. + +$TTL 3600 +$INCLUDE "include.db" diff --git a/bin/tests/system/rndc/setup.sh b/bin/tests/system/rndc/setup.sh index fb56de80a4e..b7721a38d47 100644 --- a/bin/tests/system/rndc/setup.sh +++ b/bin/tests/system/rndc/setup.sh @@ -19,6 +19,9 @@ $SHELL ${TOP_SRCDIR}/bin/tests/system/genzone.sh 2 >ns4/example.db $SHELL ${TOP_SRCDIR}/bin/tests/system/genzone.sh 2 >ns6/huge.zone.db +cp ns7/test.db.in ns7/test.db +cp ns7/include.db.in ns7/include.db + # we make the huge zone less huge if we're running under # TSAN, to give the test a fighting chance not to time out. size=1000000 @@ -33,6 +36,7 @@ copy_setports ns3/named.conf.in ns3/named.conf copy_setports ns4/named.conf.in ns4/named.conf copy_setports ns5/named.conf.in ns5/named.conf copy_setports ns6/named.conf.in ns6/named.conf +copy_setports ns7/named.conf.in ns7/named.conf make_key () { $RNDCCONFGEN -k key$1 -A $3 -s 10.53.0.4 -p $2 \ diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh index c3dda378f88..d25aec63a31 100644 --- a/bin/tests/system/rndc/tests.sh +++ b/bin/tests/system/rndc/tests.sh @@ -12,7 +12,8 @@ . ../conf.sh DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd" -DIGCMD="$DIG $DIGOPTS @10.53.0.2 -p ${PORT}" +DIGOPTS="" +DIGCMD="$DIG $DIGOPTS -p ${PORT}" RNDCCMD="$RNDC -p ${CONTROLPORT} -c ../common/rndc.conf -s" status=0 @@ -73,7 +74,7 @@ update add text2.nil. 600 IN TXT "addition 2" send END -$DIGCMD text2.nil. TXT > dig.out.1.test$n +$DIGCMD @10.53.0.2 text2.nil. TXT > dig.out.1.test$n grep 'addition 2' dig.out.1.test$n >/dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -90,7 +91,7 @@ zone nil. update add text3.nil. 600 IN TXT "addition 3" send END -$DIGCMD text3.nil. TXT > dig.out.1.test$n +$DIGCMD @10.53.0.2 text3.nil. TXT > dig.out.1.test$n grep 'addition 3' dig.out.1.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -130,7 +131,7 @@ update add text4.nil. 600 IN TXT "addition 4" send END -$DIGCMD text4.nil. TXT > dig.out.1.test$n +$DIGCMD @10.53.0.2 text4.nil. TXT > dig.out.1.test$n grep 'addition 4' dig.out.1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -170,7 +171,7 @@ update add text5.nil. 600 IN TXT "addition 5" send END -$DIGCMD text4.nil. TXT > dig.out.1.test$n +$DIGCMD @10.53.0.2 text4.nil. TXT > dig.out.1.test$n grep 'addition 4' dig.out.1.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -242,11 +243,11 @@ zone other. update add text7.other. 600 IN TXT "addition 7" send END -$DIGCMD text6.other. TXT > dig.out.1.test$n +$DIGCMD @10.53.0.2 text6.other. TXT > dig.out.1.test$n grep 'addition 6' dig.out.1.test$n >/dev/null || ret=1 -$DIGCMD text7.other. TXT > dig.out.2.test$n +$DIGCMD @10.53.0.2 text7.other. TXT > dig.out.2.test$n grep 'addition 7' dig.out.2.test$n >/dev/null || ret=1 -$DIGCMD frozen.other. TXT > dig.out.3.test$n +$DIGCMD @10.53.0.2 frozen.other. TXT > dig.out.3.test$n grep 'frozen addition' dig.out.3.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -285,11 +286,11 @@ zone nil. update add text7.nil. 600 IN TXT "addition 7" send END -$DIGCMD text6.nil. TXT > dig.out.1.test$n +$DIGCMD @10.53.0.2 text6.nil. TXT > dig.out.1.test$n grep 'addition 6' dig.out.1.test$n > /dev/null || ret=1 -$DIGCMD text7.nil. TXT > dig.out.2.test$n +$DIGCMD @10.53.0.2 text7.nil. TXT > dig.out.2.test$n grep 'addition 7' dig.out.2.test$n > /dev/null || ret=1 -$DIGCMD frozen.nil. TXT > dig.out.3.test$n +$DIGCMD @10.53.0.2 frozen.nil. TXT > dig.out.3.test$n grep 'frozen addition' dig.out.3.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -706,7 +707,7 @@ zone example. update add text2.example. 600 IN TXT "addition 3" send END -$DIG $DIGOPTS @10.53.0.4 -p ${PORT} text2.example. TXT > dig.out.1.test$n +$DIGCMD @10.53.0.4 -p ${PORT} text2.example. TXT > dig.out.1.test$n grep 'addition 3' dig.out.1.test$n >/dev/null && ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) @@ -728,10 +729,70 @@ zone example. update add text2.example. 600 IN TXT "addition 3" send END -$DIG $DIGOPTS @10.53.0.4 -p ${PORT} text2.example. TXT > dig.out.1.test$n +$DIGCMD @10.53.0.4 -p ${PORT} text2.example. TXT > dig.out.1.test$n grep 'addition 3' dig.out.1.test$n >/dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=$((status+ret)) +n=$((n+1)) +echo_i "checking initial in-view zone file is loaded ($n)" +ret=0 +TSIG="hmac-sha1:int:FrSt77yPTFx6hTs4i2tKLB9LmE0=" +$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.1.test$n +grep 'include 1' dig.out.1.test$n >/dev/null || ret=1 +TSIG="hmac-sha1:ext:FrSt77yPTFx6hTs4i2tKLB9LmE0=" +$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.2.test$n +grep 'include 1' dig.out.2.test$n >/dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +echo_i "update in-view zone ($n)" +ret=0 +TSIG="hmac-sha1:int:FrSt77yPTFx6hTs4i2tKLB9LmE0=" +$NSUPDATE -p ${PORT} -y "$TSIG" > /dev/null 2>&1 < dig.out.1.test$n +grep 'addition 1' dig.out.1.test$n >/dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + +echo_i "rndc freeze" +$RNDCCMD 10.53.0.7 freeze | sed 's/^/ns7 /' | cat_i | cat_i + +echo_i "edit zone files" +cp ns7/test.db.in ns7/test.db +cp ns7/include2.db.in ns7/include.db + +echo_i "rndc thaw" +$RNDCCMD 10.53.0.7 thaw | sed 's/^/ns7 /' | cat_i + +echo_i "rndc reload" +$RNDCCMD 10.53.0.7 reload | sed 's/^/ns7 /' | cat_i + +n=$((n+1)) +echo_i "checking zone file edits are loaded ($n)" +ret=0 +TSIG="hmac-sha1:int:FrSt77yPTFx6hTs4i2tKLB9LmE0=" +$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.1.test$n +grep 'include 2' dig.out.1.test$n >/dev/null || ret=1 +TSIG="hmac-sha1:ext:FrSt77yPTFx6hTs4i2tKLB9LmE0=" +$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.2.test$n +grep 'include 2' dig.out.2.test$n >/dev/null || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=$((status+ret)) + echo_i "exit status: $status" [ $status -eq 0 ] || exit 1