1#!/bin/sh
2#
3# Copyright (C) 2015  Internet Systems Consortium, Inc. ("ISC")
4#
5# Permission to use, copy, modify, and/or distribute this software for any
6# purpose with or without fee is hereby granted, provided that the above
7# copyright notice and this permission notice appear in all copies.
8#
9# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
10# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
11# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
12# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
13# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
14# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
15# PERFORMANCE OF THIS SOFTWARE.
16
17SYSTEMTESTTOP=..
18. $SYSTEMTESTTOP/conf.sh
19
20status=0
21t=0
22
23# $1 = test name (such as 1a, 1b, etc. for which named.$1.conf exists)
24run_server() {
25    TESTNAME=$1
26
27    echo "I:stopping resolver"
28    $PERL $SYSTEMTESTTOP/stop.pl . ns2
29
30    sleep 1
31
32    echo "I:starting resolver using named.$TESTNAME.conf"
33    cp -f ns2/named.$TESTNAME.conf ns2/named.conf
34    $PERL $SYSTEMTESTTOP/start.pl --noclean --restart . ns2
35}
36
37run_query() {
38    TESTNAME=$1
39    LINE=$2
40
41    NAME=`tail -n +"$LINE" ns2/$TESTNAME.queries | head -n 1`
42    $DIG $DIGOPTS $NAME a @10.53.0.2 -p 5300 -b 127.0.0.1 > dig.out.${t}
43    grep "status: SERVFAIL" dig.out.${t} > /dev/null 2>&1 && return 1
44    return 0
45}
46
47# $1 = test name (such as 1a, 1b, etc. for which $1.queries exists)
48# $2 = line number in query file to test (the name to query is taken from this line)
49expect_norecurse() {
50    TESTNAME=$1
51    LINE=$2
52
53    NAME=`tail -n +"$LINE" ns2/$TESTNAME.queries | head -n 1`
54    t=`expr $t + 1`
55    echo "I:testing $NAME doesn't recurse (${t})"
56    run_query $TESTNAME $LINE || {
57        echo "I:test ${t} failed"
58        status=1
59    }
60}
61
62# $1 = test name (such as 1a, 1b, etc. for which $1.queries exists)
63# $2 = line number in query file to test (the name to query is taken from this line)
64expect_recurse() {
65    TESTNAME=$1
66    LINE=$2
67
68    NAME=`tail -n +"$LINE" ns2/$TESTNAME.queries | head -n 1`
69    t=`expr $t + 1`
70    echo "I:testing $NAME recurses (${t})"
71    run_query $TESTNAME $LINE && {
72        echo "I:test ${t} failed"
73        status=1
74    }
75}
76
77t=`expr $t + 1`
78echo "I:testing that l1.l0 exists without RPZ (${t})"
79$DIG $DIGOPTS l1.l0 ns @10.53.0.2 -p 5300 > dig.out.${t}
80grep "status: NOERROR" dig.out.${t} > /dev/null 2>&1 || {
81    echo "I:test ${t} failed"
82    status=1
83}
84
85t=`expr $t + 1`
86echo "I:testing that l2.l1.l0 returns SERVFAIL without RPZ (${t})"
87$DIG $DIGOPTS l2.l1.l0 ns @10.53.0.2 -p 5300 > dig.out.${t}
88grep "status: SERVFAIL" dig.out.${t} > /dev/null 2>&1 || {
89    echo "I:test ${t} failed"
90    status=1
91}
92
93# Group 1
94run_server 1a
95expect_norecurse 1a 1
96run_server 1b
97expect_norecurse 1b 1
98expect_recurse 1b 2
99run_server 1c
100expect_norecurse 1c 1
101
102# Group 2
103run_server 2a
104for n in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32
105do
106    expect_norecurse 2a $n
107done
108expect_recurse 2a 33
109
110# Group 3
111run_server 3a
112expect_recurse 3a 1
113run_server 3b
114expect_recurse 3b 1
115run_server 3c
116expect_recurse 3c 1
117run_server 3d
118expect_norecurse 3d 1
119expect_recurse 3d 2
120run_server 3e
121expect_norecurse 3e 1
122expect_recurse 3e 2
123run_server 3f
124expect_norecurse 3f 1
125expect_recurse 3f 2
126
127# Group 4
128testlist="aa ap bf"
129values="1 16 32"
130# Uncomment the following to test every skip value instead of
131# only a sample of values
132#
133#testlist="aa ab ac ad ae af ag ah ai aj ak al am an ao ap \
134#          aq ar as at au av aw ax ay az ba bb bc bd be bf"
135#values="1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 \
136#        21 22 23 24 25 26 27 28 29 30 31 32"
137set -- $values
138for n in $testlist; do
139    run_server 4$n
140    ni=$1
141    t=`expr $t + 1`
142    echo "I:testing that ${ni} of 33 queries skip recursion (${t})"
143    c=0
144    for i in 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 \
145	     17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33
146    do
147	run_query 4$n $i
148	c=`expr $c + $?`
149    done
150    skipped=`expr 33 - $c`
151    if [ $skipped != $ni ]; then
152	echo "I:test $t failed (actual=$skipped, expected=$ni)"
153	status=1
154    fi
155    shift
156done
157
158# Group 5
159run_server 5a
160expect_norecurse 5a 1
161expect_norecurse 5a 2
162expect_recurse 5a 3
163expect_recurse 5a 4
164expect_recurse 5a 5
165expect_recurse 5a 6
166
167# Group 6
168echo "I:check recursive behavior consistency during policy update races"
169run_server 6a
170sleep 1
171t=`expr $t + 1`
172echo "I:running dig to cache CNAME record (${t})"
173$DIG $DIGOPTS @10.53.0.2 -p 5300 www.test.example.org CNAME > dig.out.${t}
174sleep 1
175echo "I:suspending authority server"
176kill -TSTP `cat ns1/named.pid`
177echo "I:adding an NSDNAME policy"
178cp ns2/db.6a.00.policy.local ns2/saved.policy.local
179cp ns2/db.6b.00.policy.local ns2/db.6a.00.policy.local
180$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 6a.00.policy.local 2>&1 | sed 's/^/I:ns2 /'
181sleep 1
182t=`expr $t + 1`
183echo "I:running dig to follow CNAME (blocks, so runs in the background) (${t})"
184$DIG $DIGOPTS @10.53.0.2 -p 5300 www.test.example.org A > dig.out.${t} &
185sleep 1
186echo "I:removing the NSDNAME policy"
187cp ns2/db.6c.00.policy.local ns2/db.6a.00.policy.local
188$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 6a.00.policy.local 2>&1 | sed 's/^/I:ns2 /'
189sleep 1
190echo "I:resuming authority server"
191kill -CONT `cat ns1/named.pid`
192for n in 1 2 3 4 5 6 7 8 9; do
193    sleep 1
194    [ -s dig.out.${t} ] || continue
195    grep "status: NOERROR" dig.out.${t} > /dev/null 2>&1 || {
196        echo "I:test ${t} failed"
197        status=1
198    }
199done
200
201echo "I:check recursive behavior consistency during policy removal races"
202cp ns2/saved.policy.local ns2/db.6a.00.policy.local
203run_server 6a
204sleep 1
205t=`expr $t + 1`
206echo "I:running dig to cache CNAME record (${t})"
207$DIG $DIGOPTS @10.53.0.2 -p 5300 www.test.example.org CNAME > dig.out.${t}
208sleep 1
209echo "I:suspending authority server"
210kill -TSTP `cat ns1/named.pid`
211echo "I:adding an NSDNAME policy"
212cp ns2/db.6b.00.policy.local ns2/db.6a.00.policy.local
213$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 6a.00.policy.local 2>&1 | sed 's/^/I:ns2 /'
214sleep 1
215t=`expr $t + 1`
216echo "I:running dig to follow CNAME (blocks, so runs in the background) (${t})"
217$DIG $DIGOPTS @10.53.0.2 -p 5300 www.test.example.org A > dig.out.${t} &
218sleep 1
219echo "I:removing the policy zone"
220cp ns2/named.default.conf ns2/db.6a.00.policy.local
221$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 6a.00.policy.local 2>&1 | sed 's/^/I:ns2 /'
222sleep 1
223echo "I:resuming authority server"
224kill -CONT `cat ns1/named.pid`
225for n in 1 2 3 4 5 6 7 8 9; do
226    sleep 1
227    [ -s dig.out.${t} ] || continue
228    grep "status: NOERROR" dig.out.${t} > /dev/null 2>&1 || {
229        echo "I:test ${t} failed"
230        status=1
231    }
232done
233
234# Check CLIENT-IP behavior
235t=`expr $t + 1`
236echo "I:testing CLIENT-IP behavior (${t})"
237run_server clientip
238$DIG $DIGOPTS l2.l1.l0 a @10.53.0.2 -p 5300 -b 10.53.0.4 > dig.out.${t}
239grep "status: NOERROR" dig.out.${t} > /dev/null 2>&1 || {
240    echo "I:test $t failed: query failed"
241    status=1
242}
243grep "^l2.l1.l0.[[:space:]]*[0-9]*[[:space:]]*IN[[:space:]]*A[[:space:]]*10.53.0.2" dig.out.${t} > /dev/null 2>&1 || {
244    echo "I:test $t failed: didn't get expected answer"
245    status=1
246}
247
248exit $status
249