More regression tests for TSIG

diff --git a/pdns/pdnssec.cc b/pdns/pdnssec.cc
index 69eebdef143857689776bb7179ec6025a4de7c1f..f1aa48a7289e152248d58df9355d11992c27e9aa 100644 (file)
--- a/pdns/pdnssec.cc
+++ b/pdns/pdnssec.cc
@@ -1470,7 +1470,7 @@ try
      string key;
      char tmpkey[64];
 
-     size_t klen;
+     size_t klen = 0;
      if (algo == "hmac-md5") {
        klen = 32;
      } else if (algo == "hmac-sha1") {
@@ -1483,6 +1483,9 @@ try
        klen = 64;
      } else if (algo == "hmac-sha512") {
        klen = 64;
+     } else {
+       cerr << "Cannot generate key for " << algo << endl;
+       return 1;
      }
 
      cerr << "Generating new key with " << klen << " bytes (this can take a while)" << endl;

diff --git a/regression-tests/named.conf b/regression-tests/named.conf
index 1b3ff8f413384a597cbbc798285f09c27886bbb1..b207c73e6654de3cb64c2e039cfeef886a05ff03 100644 (file)
--- a/regression-tests/named.conf
+++ b/regression-tests/named.conf
@@ -50,3 +50,8 @@ zone "minimal.com"{
        type master;
        file "./minimal.com";
 };
+
+zone "tsig.com"{
+        type master;
+        file "./tsig.com";
+};

diff --git a/regression-tests/start-test-stop b/regression-tests/start-test-stop
index dd96a2114f6ad923a03f55a4cb8a29313e3057c9..22e5871344a4a62a27351108fd469d8cfb044687 100755 (executable)
--- a/regression-tests/start-test-stop
+++ b/regression-tests/start-test-stop
@@ -207,6 +207,8 @@ case $context in
                                skipreasons="nodyndns"
                        fi
 
+                        ../pdns/pdnssec --config-dir=. enable-tsig-key tsig.com test master
+
                        $RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./ \
                                --no-shuffle --launch=bind --bind-config=./named.conf \
                                --bind-dnssec-db=./dnssec.sqlite3 \
@@ -330,6 +332,9 @@ __EOF__
 
                        done
 
+                        ../pdns/pdnssec --config-dir=. --config-name=gmysql import-tsig-key test hmac-md5 'kp4/24gyYsEzbuTVJRUMoqGFmN3LYgVDzJ/3oRSP7ys='
+                       ../pdns/pdnssec --config-dir=. --config-name=gmysql enable-tsig-key tsig.com test master
+
                        $RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./  \
                                --no-shuffle --launch --launch+=random --launch+=gmysql --launch+=random --gmysql-dnssec \
                                --send-root-referral \
@@ -383,6 +388,9 @@ __EOF__
                                fi
                        done
 
+                        ../pdns/pdnssec --config-dir=. --config-name=gmysql import-tsig-key test hmac-md5 'kp4/24gyYsEzbuTVJRUMoqGFmN3LYgVDzJ/3oRSP7ys='
+                        ../pdns/pdnssec --config-dir=. --config-name=gmysql enable-tsig-key tsig.com test master
+
                        $RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./  \
                                --no-shuffle --launch=gpgsql --gpgsql-dnssec \
                                --send-root-referral \
@@ -500,6 +508,9 @@ __EOF__
                                fi
                        done
 
+                        ../pdns/pdnssec --config-dir=. --config-name=gmysql import-tsig-key test hmac-md5 'kp4/24gyYsEzbuTVJRUMoqGFmN3LYgVDzJ/3oRSP7ys='
+                        ../pdns/pdnssec --config-dir=. --config-name=gmysql enable-tsig-key tsig.com test master
+
                        $RUNWRAPPER $PDNS --daemon=no --local-port=$port --socket-dir=./  \
                                --no-shuffle --launch=gsqlite3 --gsqlite3-dnssec \
                                --send-root-referral \
@@ -649,8 +660,7 @@ export optout
 
 if [ $presigned = yes ]
 then
-       skipreasons="$skipreasons nodyndns"
-
+        skipreasons="$skipreasons presigned nodyndns"
        if [ ${context:0:6} = gmysql ]
        then
                context=${context}-presigned
@@ -674,6 +684,18 @@ then
                        -e "INSERT INTO domains (name, type, master) VALUES('$zone','SLAVE','127.0.0.1:$port')"
                done
 
+                set +e
+                echo $skipreasons | grep -q nodnssec
+                if [ $? -ne 0 ]; then
+                       mysql --user="$GMYSQL2USER" --password="$GMYSQL2PASSWD" --host="$GMYSQL2HOST" \
+                       "$GMYSQL2DB" \
+                       -e "INSERT INTO tsigkeys (name, algorithm,secret) VALUES('test', 'hmac-md5', 'kp4/24gyYsEzbuTVJRUMoqGFmN3LYgVDzJ/3oRSP7ys=')"
+                       mysql --user="$GMYSQL2USER" --password="$GMYSQL2PASSWD" --host="$GMYSQL2HOST" \
+                       "$GMYSQL2DB" \
+                       -e "INSERT INTO domainmetadata (domain_id, kind, content) SELECT id, 'AXFR-MASTER-TSIG', 'test' FROM domains WHERE name = 'tsig.com'"
+               fi
+               set -e
+
                port=$((port+100))
 
                $RUNWRAPPER $PDNS2 --daemon=no --local-port=$port --socket-dir=./  \
@@ -713,15 +735,22 @@ then
                do
                        sqlite3 pdns.sqlite31 "INSERT INTO domains (name, type, master) VALUES('$zone','SLAVE','127.0.0.1:$port');"
                done
+                
+                set +e
+                echo $skipreasons | grep -q nodnssec
+                if [ $? -ne 0 ]; then
+                       sqlite3 pdns.sqlite31 "INSERT INTO tsigkeys (name.algorithm,secret) VALUES('tsig.com','hmac-md5', 'kp4/24gyYsEzbuTVJRUMoqGFmN3LYgVDzJ/3oRSP7ys=')"
+                       sqlite3 pdns.sqlite31 "INSERT INTO domainmetadata (domain_id, kind, content) SELECT id, 'AXFR-MASTER-TSIG', 'test' FROM domains WHERE name = 'tsig.com'"
+               fi
+               set -e
 
                port=$((port+100))
 
                $RUNWRAPPER $PDNS2 --daemon=no --local-port=$port --socket-dir=./  \
                        --no-shuffle --launch=gsqlite3 --gsqlite3-dnssec \
-                       --fancy-records --send-root-referral \
-                       --cache-ttl=0 --query-cache-ttl=0 --no-config --slave --retrieval-threads=4 \
-                       --gsqlite3-database=pdns.sqlite31 --gsqlite3-pragma-synchronous=0 \
-                       --config-name=gsqlite32 |& egrep -v "update records set ordername|insert into records" &
+                       --fancy-records --send-root-referral --config-name=gsqlite2 \
+                       --cache-ttl=0 --query-cache-ttl=0 --no-config --slave --retrieval-threads=1 \
+                       --gsqlite3-database=pdns.sqlite31 --gsqlite3-pragma-synchronous=0 |& egrep -v "update records set ordername|insert into records" &
                echo 'waiting for zones to be slaved'
                set +e
                loopcount=0
@@ -754,7 +783,17 @@ then
                done
                
                rm -f dnssec-slave.sqlite3
+
                ../pdns/pdnssec --config-dir=. create-bind-db dnssec-slave.sqlite3
+
+               set +e
+                echo $skipreasons | grep -q nodnssec
+                if [ $? -ne 0 ]; then
+                   sqlite3 dnssec-slave.sqlite3 "INSERT INTO tsigkeys (name, algorithm,secret) VALUES('test', 'hmac-md5', 'kp4/24gyYsEzbuTVJRUMoqGFmN3LYgVDzJ/3oRSP7ys=')"
+                   sqlite3 dnssec-slave.sqlite3 "INSERT INTO domainmetadata (domain, kind, content) SELECT 'tsig.com', 'AXFR-MASTER-TSIG', 'test'"
+                fi
+               set -e
+
                port=$((port+100))
 
                $RUNWRAPPER $PDNS2 --daemon=no --local-port=$port --socket-dir=./  \

diff --git a/regression-tests/tsig-axfr/command b/regression-tests/tsig-axfr/command
index 6cff30fa87b5802519307975a00645e22ac60183..91bea694a35905768731f9c19f36a594253bdce9 100755 (executable)
--- a/regression-tests/tsig-axfr/command
+++ b/regression-tests/tsig-axfr/command
@@ -1,5 +1,3 @@
 #!/bin/sh 
 
-../pdns/pdnssec --config-dir=. enable-tsig-key minimal.com test master
-dig -t axfr minimal.com @$nameserver -p $port -y 'test:kp4/24gyYsEzbuTVJRUMoqGFmN3LYgVDzJ/3oRSP7ys=' | grep 'IN\s*SOA'
-../pdns/pdnssec --config-dir=. disable-tsig-key minimal.com test master
+dig -t axfr tsig.com @$nameserver -p $port -y 'test:kp4/24gyYsEzbuTVJRUMoqGFmN3LYgVDzJ/3oRSP7ys=' | grep 'IN\s*SOA'

diff --git a/regression-tests/tsig-axfr/expected_result b/regression-tests/tsig-axfr/expected_result
index 154dc894d896e28d4f37491cc3317fa8ffccee33..47760db6c08f9f3b8a0a39b86b8a2bc8746e23d4 100644 (file)
--- a/regression-tests/tsig-axfr/expected_result
+++ b/regression-tests/tsig-axfr/expected_result
@@ -1,4 +1,2 @@
-Enabled TSIG key test for minimal.com
-minimal.com.           120     IN      SOA     ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
-minimal.com.           120     IN      SOA     ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
-Disabled TSIG key test for minimal.com
+tsig.com.              120     IN      SOA     ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400
+tsig.com.              120     IN      SOA     ns1.example.com. ahu.example.com. 2000081501 28800 7200 604800 86400

diff --git a/regression-tests/tsig.com b/regression-tests/tsig.com
new file mode 100644 (file)
index 0000000..4876cca
--- /dev/null
+++ b/regression-tests/tsig.com
@@ -0,0 +1,12 @@
+$TTL 120
+$ORIGIN tsig.com.
+@              IN      SOA     ns1.example.com.        ahu.example.com. (
+                       2000081501
+                       8H ; refresh
+                       2H ; retry
+                       1W ; expire
+                       1D ; default_ttl
+                       )
+
+@                      IN      NS      ns1.example.com.
+@                      IN      NS      ns2.example.com.