Add test for rpz zone load fail

CHANGES

@@ -33,6 +33,10 @@
 
 5170.	[test]		Added --with-dlz-filesystem to feature-test. [GL !1587]
 
+5168.	[test]		Do not crash on shutdown when RPZ fails to load.  Also,
+			keep previous version of the database if RPZ fails to
+			load. [GL #813]
+
 5167.	[bug]		nxdomain-redirect could sometimes lookup the wrong
 			redirect name. [GL #892]
 

bin/tests/system/rpz/README

@@ -5,7 +5,6 @@ See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
 The test setup for the RPZ tests prepares a query perf tool and sets up
 policy zones.
 
-
 Name servers
 ------------
 
@@ -19,7 +18,6 @@ ns5 and ns7 are additional rewriting resolvers.
 
 ns6 is a forwarding server.
 
-
 Updating the response policy zones
 ----------------------------------
 

bin/tests/system/rpz/clean.sh

@@ -9,13 +9,43 @@
 
 # Clean up after rpz tests.
 
-rm -f proto.* dsset-* trusted.conf dig.out* nsupdate.tmp ns*/*tmp
-rm -f ns*/*.key ns*/*.private ns2/tld2s.db ns2/bl.tld2.db
-rm -f ns3/bl*.db ns*/*switch ns*/empty.db ns*/empty.db.jnl
-rm -f ns5/requests ns5/example.db ns5/bl.db ns5/*.perf
-rm -f */named.memstats */named.run */named.stats */session.key
-rm -f */*.jnl */*.core */*.pid
+USAGE="$0: [-Px]"
+DEBUG=
+while getopts "Px" c; do
+    case $c in
+	x) set -x ;;
+	P) PARTIAL=set ;;
+	*) echo "$USAGE" 1>&2; exit 1;;
+    esac
+done
+shift `expr $OPTIND - 1 || true`
+if test "$#" -ne 0; then
+    echo "$USAGE" 1>&2
+    exit 1
+fi
+
+# this might be called from setup.sh to partially clean up the files
+# from the first test pass so the second pass can be set up correctly.
+# remove those files first, then decide whether to remove the others.
+rm -f ns*/*.key ns*/*.private
+rm -f ns2/tld2s.db ns2/bl.tld2.db
+rm -f ns3/bl*.db ns*/empty.db
+rm -f ns3/manual-update-rpz.db
+rm -f ns5/example.db ns5/bl.db
 rm -f */policy2.db
-rm -f ns*/named.lock
-rm -f ns*/named.conf
-rm -f tmp
+rm -f */*.jnl
+
+if [ ${PARTIAL:-unset} = unset ]; then
+    rm -f proto.* dsset-* trusted.conf dig.out* nsupdate.tmp ns*/*tmp
+    rm -f ns5/requests ns5/*.perf
+    rm -f */named.memstats */*.run */*.run.prev */named.stats */session.key
+    rm -f */*.log */*core */*.pid
+    rm -f ns*/named.lock
+    rm -f ns*/named.conf
+    rm -f ns*/*switch ns*/empty.db.jnl
+    rm -f dnsrps*.conf
+    rm -f dnsrpzd.conf
+    rm -f dnsrpzd-license-cur.conf dnsrpzd.rpzf dnsrpzd.sock dnsrpzd.pid
+    rm -f ns*/managed-keys.bind*
+    rm -f tmp
+fi

bin/tests/system/rpz/ns3/broken.db.in

@@ -0,0 +1,16 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+; RPZ test
+;   This basic file is copied to several zone files before being used.
+;   Its contents are also changed with nsupdate
+
+
+; broken zone
+foobar

bin/tests/system/rpz/ns3/manual-update-rpz-2.db.in

@@ -0,0 +1,20 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+; RPZ test
+;   This basic file is copied to several zone files before being used.
+;   Its contents are also changed with nsupdate
+
+
+$TTL 300
+@				SOA	bl-reload.  hostmaster.ns.bl-reload. ( 2 3600 1200 604800 60 )
+				NS	ns.tld3.
+
+walled.tld2.bl-reload.	 300	A	10.0.0.2
+

bin/tests/system/rpz/ns3/manual-update-rpz.db.in

@@ -0,0 +1,20 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+; RPZ test
+;   This basic file is copied to several zone files before being used.
+;   Its contents are also changed with nsupdate
+
+
+$TTL 300
+@					SOA	manual-update-rpz.  hostmaster.ns.manual-rpz-update. ( 1 3600 1200 604800 60 )
+					NS	ns.tld3.
+
+walled.tld2.manual-update-rpz.	 300	A	10.0.0.1
+

bin/tests/system/rpz/ns3/named.conf.in

@@ -40,6 +40,7 @@ options {
 	    zone "bl-drop"	policy drop;
 	    zone "bl-tcp-only"	policy tcp-only;
 	    zone "bl.tld2";
+	    zone "manual-update-rpz";
 	}
 	min-ns-dots 0
 	qname-wait-recurse yes
@@ -87,5 +88,11 @@ zone "bl-tcp-only."	{type master; file "bl-tcp-only.db";
 zone "bl.tld2."		{type slave; file "bl.tld2.db"; masters {10.53.0.2;};
 				request-ixfr no; masterfile-format text;};
 
-zone "crash1.tld2"	{type master; file "crash1";};
-zone "crash2.tld3."	{type master; file "crash2";};
+zone "crash1.tld2"	{type master; file "crash1"; notify no;};
+zone "crash2.tld3."	{type master; file "crash2"; notify no;};
+
+zone "manual-update-rpz." {
+	type master;
+	file "manual-update-rpz.db";
+	notify no;
+};

bin/tests/system/rpz/setup.sh

@@ -35,6 +35,8 @@ copy_setports ns7/named.conf.in ns7/named.conf
 for NM in '' -2 -given -disabled -passthru -no-op -nodata -nxdomain -cname -wildcname -garden -drop -tcp-only; do
     sed -e "/SOA/s/blx/bl$NM/g" ns3/base.db >ns3/bl$NM.db
 done
+#  bl zones are dynamically updated.  Add one zone that is updated manually.
+cp ns3/manual-update-rpz.db.in ns3/manual-update-rpz.db
 
 # $1=directory
 # $2=domain name

bin/tests/system/rpz/tests.sh

@@ -169,6 +169,9 @@ load_db () {
     fi
 }
 
+# restart name server
+# $1 ns number
+# $2 rebuild bl rpz zones if "rebuild-bl-rpz"
 restart () {
     # try to ensure that the server really has stopped
     # and won't mess with ns$1/name.pid
@@ -184,10 +187,12 @@ restart () {
 	fi
     fi
     rm -f ns$1/*.jnl
-    if test -f ns$1/base.db; then
-	for NM in ns$1/bl*.db; do
-	    cp -f ns$1/base.db $NM
-	done
+    if [ "$2" == "rebuild-bl-rpz" ]; then
+        if test -f ns$1/base.db; then
+	    for NM in ns$1/bl*.db; do
+	        cp -f ns$1/base.db $NM
+            done
+        fi
     fi
     $PERL $SYSTEMTESTTOP/start.pl --noclean --restart --port ${PORT} rpz ns$1
     load_db
@@ -205,7 +210,7 @@ ckalive () {
     HAVE_CORE=yes
     setret "$2"
     # restart the server to avoid stalling waiting for it to stop
-    restart $CKALIVE_NS
+    restart $CKALIVE_NS "rebuild-bl-rpz"
     return 1
 }
 
@@ -712,7 +717,7 @@ EOF
   # restart the main test RPZ server to see if that creates a core file
   if test -z "$HAVE_CORE"; then
     $PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} rpz ns3
-    restart 3
+    restart 3 "rebuild-bl-rpz"
     HAVE_CORE=`find ns* -name '*core*' -print`
     test -z "$HAVE_CORE" || setret "found $HAVE_CORE; memory leak?"
   fi
@@ -724,12 +729,36 @@ EOF
     egrep 'invalid rpz|rpz.*failed' ns*/named.run | sed -e '10,$d' | cat_i
   fi
 
-  echo_i "checking that ttl values are not zeroed when qtype is '*'"
-  $DIG +noall +answer -p ${PORT} @$ns3 any a3-2.tld2 > dig.out.any
-  ttl=`awk '/a3-2 tld2 text/ {print $2}' dig.out.any`
+  # restart the main test RPZ server with a bad zone.
+  t=`expr $t + 1`
+  echo_i "checking that ns3 with broken rpz does not crash (${t})"
+  $PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} rpz ns3
+  cp ns3/broken.db.in ns3/bl.db
+  restart 3 # do not rebuild rpz zones
+  nocrash a3-1.tld2 -tA
+  $PERL $SYSTEMTESTTOP/stop.pl --use-rndc --port ${CONTROLPORT} rpz ns3
+  restart 3 "rebuild-bl-rpz"
+
+  # reload a RPZ zone that is now deliberately broken.
+  t=`expr $t + 1`
+  echo_i "checking rpz failed update will keep previous rpz rules (${t})"
+  $DIG -p ${PORT} @$ns3 walled.tld2 > dig.out.$t.before
+  grep "walled\.tld2\..*IN.*A.*10\.0\.0\.1" dig.out.$t.before > /dev/null || setret "failed"
+  cp ns3/broken.db.in ns3/manual-update-rpz.db
+  rndc_reload ns3 $ns3 manual-update-rpz
+  sleep 1
+  # ensure previous RPZ rules still apply.
+  $DIG -p ${PORT} @$ns3 walled.tld2 > dig.out.$t.after
+  grep "walled\.tld2\..*IN.*A.*10\.0\.0\.1" dig.out.$t.after > /dev/null || setret "failed"
+
+  t=`expr $t + 1`
+  echo_i "checking that ttl values are not zeroed when qtype is '*' (${t})"
+  $DIG +noall +answer -p ${PORT} @$ns3 any a3-2.tld2 > dig.out.$t
+  ttl=`awk '/a3-2 tld2 text/ {print $2}' dig.out.$t`
   if test ${ttl:=0} -eq 0; then setret "failed"; fi
 
-  echo_i "checking rpz updates/transfers with parent nodes added after children"
+  t=`expr $t + 1`
+  echo_i "checking rpz updates/transfers with parent nodes added after children (${t})"
   # regression test for RT #36272: the success condition
   # is the slave server not crashing.
   for i in 1 2 3 4 5; do

util/copyrights

@@ -1939,6 +1939,7 @@
 ./bin/tests/system/rootkeysentinel/prereq.sh	SH	2018,2019
 ./bin/tests/system/rootkeysentinel/setup.sh	SH	2018,2019
 ./bin/tests/system/rootkeysentinel/tests.sh	SH	2018,2019
+./bin/tests/system/rpz/README			TXT.BRIEF	2019
 ./bin/tests/system/rpz/clean.sh			SH	2011,2012,2013,2014,2016,2018,2019
 ./bin/tests/system/rpz/ns1/named.conf.in	CONF-C	2018,2019
 ./bin/tests/system/rpz/ns1/root.db		ZONE	2011,2012,2013,2016,2018,2019
@@ -1950,9 +1951,12 @@
 ./bin/tests/system/rpz/ns2/named.conf.in	CONF-C	2018,2019
 ./bin/tests/system/rpz/ns2/tld2.db		ZONE	2011,2012,2013,2016,2018,2019
 ./bin/tests/system/rpz/ns3/base.db		ZONE	2011,2012,2013,2016,2018,2019
+./bin/tests/system/rpz/ns3/broken.db.in		ZONE	2019
 ./bin/tests/system/rpz/ns3/crash1		X	2011,2013,2018,2019
 ./bin/tests/system/rpz/ns3/crash2		X	2011,2012,2013,2018,2019
 ./bin/tests/system/rpz/ns3/hints		ZONE	2011,2013,2016,2018,2019
+./bin/tests/system/rpz/ns3/manual-update-rpz-2.db.in	ZONE	2019
+./bin/tests/system/rpz/ns3/manual-update-rpz.db.in	ZONE	2019
 ./bin/tests/system/rpz/ns3/named.conf.in	CONF-C	2018,2019
 ./bin/tests/system/rpz/ns4/hints		ZONE	2011,2013,2016,2018,2019
 ./bin/tests/system/rpz/ns4/named.conf.in	CONF-C	2018,2019