Home Explore Help
Sign In
zorun
/
kea
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

Merge #1802

Michal 'vorner' Vaner 13 years ago
parent
5fb1859628 37227b85bf
commit
d6d2673701
2 changed files with 56 additions and 4 deletions
Split View Show Diff Stats
  1. 17 4
      src/lib/datasrc/memory_datasrc.cc
  2. 39 0
      src/lib/datasrc/tests/memory_datasrc_unittest.cc

+ 17 - 4
src/lib/datasrc/memory_datasrc.cc
View File 

@@ -120,7 +120,11 @@ typedef NSEC3Map::value_type NSEC3Pair;
 
 // Actual zone data: Essentially a set of zone's RRs.  This is defined as
 
 // a separate structure so that it'll be replaceable on reload.
 
 struct ZoneData {
 
-    ZoneData(const Name& origin) : domains_(true), origin_data_(NULL) {
 
+    ZoneData(const Name& origin) :
 
+        domains_(true),
 
+        origin_data_(NULL),
 
+        nsec_signed_(false)
 
+    {
 
         // We create the node for origin (it needs to exist anyway in future)
 
         domains_.insert(origin, &origin_data_);
 
         DomainPtr origin_domain(new Domain);
 
@@ -170,6 +174,7 @@ public:
 
         const scoped_ptr<NSEC3Hash> hash_; // hash parameter/calculator
 
     };
 
     scoped_ptr<NSEC3Data> nsec3_data_; // non NULL only when it's NSEC3 signed
 
+    bool nsec_signed_; // True if there's at least one NSEC record
 
 
     // This templated structure encapsulates the find result of findNode()
 
     // method (also templated) below.
 
@@ -1162,6 +1167,10 @@ struct InMemoryZoneFinder::InMemoryZoneFinderImpl {
 
                     isc_throw(AddError, "NSEC3PARAM with inconsistent "
 
                               "parameters: " << rrset->toText());
 
                 }
 
+            } else if (rrset->getType() == RRType::NSEC()) {
 
+                // If it is NSEC signed zone, so we put a flag there
 
+                // (flag is enough)
 
+                zone_data.nsec_signed_ = true;
 
             }
 
             return (result::SUCCESS);
 
         } else {
 
@@ -1206,9 +1215,13 @@ struct InMemoryZoneFinder::InMemoryZoneFinderImpl {
 
         if (wild) {
 
             flags = flags | RESULT_WILDCARD;
 
         }
 
-        if ((code == NXRRSET || code == NXDOMAIN || wild) &&
 
-            zone_data_->nsec3_data_) {
 
-            flags = flags | RESULT_NSEC3_SIGNED;
 
+        if (code == NXRRSET || code == NXDOMAIN || wild) {
 
+            if (zone_data_->nsec3_data_) {
 
+                flags = flags | RESULT_NSEC3_SIGNED;
 
+            }
 
+            if (zone_data_->nsec_signed_) {
 
+                flags = flags | RESULT_NSEC_SIGNED;
 
+            }
 
         }
 
         return (RBNodeResultContext(code, rrset, flags, node));
 
     }

+ 39 - 0
src/lib/datasrc/tests/memory_datasrc_unittest.cc
View File 

@@ -441,6 +441,8 @@ public:
 
             {"0P9MHAVEQVM6T7VBL5LOP2U3T2RP3TOM.example.org. 300 IN "
 
              "NSEC3 1 1 12 aabbccdd 2T7B4G4VSA5SMI47K61MV5BV1A22BOJR A RRSIG",
 
              &rr_nsec3_},
 
+            {"example.org. 300 IN NSEC cname.example.org. A NS NSEC",
 
+             &rr_nsec_},
 
             {NULL, NULL}
 
         };
 
 
@@ -505,6 +507,7 @@ public:
 
     RRsetPtr rr_not_wild_;
 
     RRsetPtr rr_not_wild_another_;
 
     RRsetPtr rr_nsec3_;
 
+    RRsetPtr rr_nsec_;
 
 
     // A faked NSEC3 hash calculator for convenience.
 
     // Tests that need to use the faked hashed values should call
 
@@ -984,6 +987,9 @@ InMemoryZoneFinderTest::findCheck(ZoneFinder::FindResultFlags expected_flags) {
 
     if ((expected_flags & ZoneFinder::RESULT_NSEC3_SIGNED) != 0) {
 
         EXPECT_EQ(SUCCESS, zone_finder_.add(rr_nsec3_));
 
     }
 
+    if ((expected_flags & ZoneFinder::RESULT_NSEC_SIGNED) != 0) {
 
+        EXPECT_EQ(SUCCESS, zone_finder_.add(rr_nsec_));
 
+    }
 
 
     // These two should be successful
 
     findTest(origin_, RRType::NS(), ZoneFinder::SUCCESS, true, rr_ns_);
 
@@ -1011,6 +1017,10 @@ TEST_F(InMemoryZoneFinderTest, findNSEC3Signed) {
 
     findCheck(ZoneFinder::RESULT_NSEC3_SIGNED);
 
 }
 
 
+TEST_F(InMemoryZoneFinderTest, findNSECSigned) {
 
+    findCheck(ZoneFinder::RESULT_NSEC_SIGNED);
 
+}
 
+
 
 void
 
 InMemoryZoneFinderTest::emptyNodeCheck(
 
     ZoneFinder::FindResultFlags expected_flags)
 
@@ -1039,6 +1049,9 @@ InMemoryZoneFinderTest::emptyNodeCheck(
 
     if ((expected_flags & ZoneFinder::RESULT_NSEC3_SIGNED) != 0) {
 
         EXPECT_EQ(SUCCESS, zone_finder_.add(rr_nsec3_));
 
     }
 
+    if ((expected_flags & ZoneFinder::RESULT_NSEC_SIGNED) != 0) {
 
+        EXPECT_EQ(SUCCESS, zone_finder_.add(rr_nsec_));
 
+    }
 
 
     // empty node matching, easy case: the node for 'baz' exists with
 
     // no data.
 
@@ -1066,6 +1079,10 @@ TEST_F(InMemoryZoneFinderTest, emptyNodeNSEC3) {
 
     emptyNodeCheck(ZoneFinder::RESULT_NSEC3_SIGNED);
 
 }
 
 
+TEST_F(InMemoryZoneFinderTest, emptyNodeNSEC) {
 
+    emptyNodeCheck(ZoneFinder::RESULT_NSEC_SIGNED);
 
+}
 
+
 
 TEST_F(InMemoryZoneFinderTest, load) {
 
     // Put some data inside the zone
 
     EXPECT_NO_THROW(EXPECT_EQ(result::SUCCESS, zone_finder_.add(rr_ns_)));
 
@@ -1200,6 +1217,9 @@ InMemoryZoneFinderTest::wildcardCheck(
 
     if ((expected_flags & ZoneFinder::RESULT_NSEC3_SIGNED) != 0) {
 
         EXPECT_EQ(SUCCESS, zone_finder_.add(rr_nsec3_));
 
     }
 
+    if ((expected_flags & ZoneFinder::RESULT_NSEC_SIGNED) != 0) {
 
+        EXPECT_EQ(SUCCESS, zone_finder_.add(rr_nsec_));
 
+    }
 
 
     // Search at the parent. The parent will not have the A, but it will
 
     // be in the wildcard (so check the wildcard isn't matched at the parent)
 
@@ -1267,6 +1287,11 @@ TEST_F(InMemoryZoneFinderTest, wildcardNSEC3) {
 
     wildcardCheck(ZoneFinder::RESULT_NSEC3_SIGNED);
 
 }
 
 
+TEST_F(InMemoryZoneFinderTest, wildcardNSEC) {
 
+    // Similar to the previous one, but the zone signed with NSEC
 
+    wildcardCheck(ZoneFinder::RESULT_NSEC_SIGNED);
 
+}
 
+
 
 /*
 
  * Test that we don't match a wildcard if we get under delegation.
 
  * By 4.3.3 of RFC1034:
 
@@ -1301,6 +1326,9 @@ InMemoryZoneFinderTest::anyWildcardCheck(
 
     if ((expected_flags & ZoneFinder::RESULT_NSEC3_SIGNED) != 0) {
 
         EXPECT_EQ(SUCCESS, zone_finder_.add(rr_nsec3_));
 
     }
 
+    if ((expected_flags & ZoneFinder::RESULT_NSEC_SIGNED) != 0) {
 
+        EXPECT_EQ(SUCCESS, zone_finder_.add(rr_nsec_));
 
+    }
 
 
     vector<ConstRRsetPtr> expected_sets;
 
 
@@ -1335,6 +1363,10 @@ TEST_F(InMemoryZoneFinderTest, anyWildcardNSEC3) {
 
     anyWildcardCheck(ZoneFinder::RESULT_NSEC3_SIGNED);
 
 }
 
 
+TEST_F(InMemoryZoneFinderTest, anyWildcardNSEC) {
 
+    anyWildcardCheck(ZoneFinder::RESULT_NSEC_SIGNED);
 
+}
 
+
 
 // Test there's nothing in the wildcard in the middle if we load
 
 // wild.*.foo.example.org.
 
 void
 
@@ -1351,6 +1383,9 @@ InMemoryZoneFinderTest::emptyWildcardCheck(
 
     if ((expected_flags & ZoneFinder::RESULT_NSEC3_SIGNED) != 0) {
 
         EXPECT_EQ(SUCCESS, zone_finder_.add(rr_nsec3_));
 
     }
 
+    if ((expected_flags & ZoneFinder::RESULT_NSEC_SIGNED) != 0) {
 
+        EXPECT_EQ(SUCCESS, zone_finder_.add(rr_nsec_));
 
+    }
 
 
     {
 
         SCOPED_TRACE("Asking for the original record under wildcard");
 
@@ -1395,6 +1430,10 @@ TEST_F(InMemoryZoneFinderTest, emptyWildcardNSEC3) {
 
     emptyWildcardCheck(ZoneFinder::RESULT_NSEC3_SIGNED);
 
 }
 
 
+TEST_F(InMemoryZoneFinderTest, emptyWildcardNSEC) {
 
+    emptyWildcardCheck(ZoneFinder::RESULT_NSEC_SIGNED);
 
+}
 
+
 
 // Same as emptyWildcard, but with multiple * in the path.
 
 TEST_F(InMemoryZoneFinderTest, nestedEmptyWildcard) {
 
     EXPECT_EQ(SUCCESS, zone_finder_.add(rr_nested_emptywild_));