mirror of
https://github.com/isc-projects/bind9.git
synced 2026-06-11 05:09:59 -04:00
27ee27d4e3
Add a new helper function, isctest.transfer.transfer_message(), to
bin/tests/system/isctest/transfer.py that generates the log message
produced by xfrin_log() in lib/dns/xfrin.c for an incoming zone
transfer:
transfer of '<zone>/IN' from <source_ns>#<port>: <msg>
The helper always returns a compiled re.Pattern. source_ns and port
each accept None to match any source address / port. msg accepts
either a plain str (regex-escaped automatically) or a compiled
re.Pattern (spliced into the regex as-is), so callers that need regex
syntax in the message part can pass Re(r"...") without having to
wrap the whole result.
source_ns is passed through re.escape() when provided, so dots in
IPv4 addresses (e.g. "10.53.0.1") match a literal dot rather than
any character.
Convert the existing call sites across the system tests to use the
new helper.
Co-Authored-By: Nicki Křížek <nicki@isc.org>
Assisted-by: Claude:claude-sonnet-4-6
Assisted-by: Claude:claude-opus-4-7
87 lines
2.7 KiB
Python
87 lines
2.7 KiB
Python
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
|
#
|
|
# SPDX-License-Identifier: MPL-2.0
|
|
#
|
|
# This Source Code Form is subject to the terms of the Mozilla Public
|
|
# License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
# file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
|
#
|
|
# See the COPYRIGHT file distributed with this work for additional
|
|
# information regarding copyright ownership.
|
|
|
|
import dns.rcode
|
|
import pytest
|
|
|
|
import isctest
|
|
import isctest.mark
|
|
|
|
pytestmark = pytest.mark.extra_artifacts(
|
|
[
|
|
"ns*/example*.db",
|
|
]
|
|
)
|
|
|
|
|
|
@pytest.fixture(scope="module")
|
|
def transfers_complete(servers):
|
|
for zone in ["example", "example-aes-128", "example-aes-256", "example-chacha-20"]:
|
|
pattern = isctest.transfer.transfer_message(
|
|
zone, "10.53.0.1", "Transfer completed"
|
|
)
|
|
for ns in ["ns2", "ns3", "ns4", "ns5"]:
|
|
with servers[ns].watch_log_from_start() as watcher:
|
|
watcher.wait_for_line(pattern)
|
|
|
|
|
|
@pytest.mark.requires_zones_loaded("ns1", "ns2", "ns3", "ns4", "ns5")
|
|
@pytest.mark.parametrize(
|
|
"qname,ns,rcode",
|
|
[
|
|
("example.", 2, dns.rcode.NOERROR),
|
|
("example.", 3, dns.rcode.NOERROR),
|
|
("example.", 4, dns.rcode.NOERROR),
|
|
("example-aes-128.", 2, dns.rcode.NOERROR),
|
|
("example-aes-256.", 3, dns.rcode.NOERROR),
|
|
pytest.param(
|
|
"example-chacha-20.",
|
|
4,
|
|
dns.rcode.NOERROR,
|
|
marks=isctest.mark.without_fips,
|
|
),
|
|
("example-aes-256", 2, dns.rcode.SERVFAIL),
|
|
pytest.param(
|
|
"example-chacha-20",
|
|
2,
|
|
dns.rcode.SERVFAIL,
|
|
marks=isctest.mark.without_fips,
|
|
),
|
|
("example-aes-128", 3, dns.rcode.SERVFAIL),
|
|
pytest.param(
|
|
"example-chacha-20",
|
|
3,
|
|
dns.rcode.SERVFAIL,
|
|
marks=isctest.mark.without_fips,
|
|
),
|
|
("example-aes-128", 4, dns.rcode.SERVFAIL),
|
|
("example-aes-256", 4, dns.rcode.SERVFAIL),
|
|
# NS5 tries to download the zone over TLSv1.2
|
|
("example", 5, dns.rcode.SERVFAIL),
|
|
("example-aes-128", 5, dns.rcode.SERVFAIL),
|
|
("example-aes-256", 5, dns.rcode.SERVFAIL),
|
|
pytest.param(
|
|
"example-chacha-20",
|
|
5,
|
|
dns.rcode.SERVFAIL,
|
|
marks=isctest.mark.without_fips,
|
|
),
|
|
],
|
|
)
|
|
# pylint: disable=redefined-outer-name,unused-argument
|
|
def test_cipher_suites_tls_xfer(qname, ns, rcode, transfers_complete):
|
|
msg = isctest.query.create(qname, "AXFR")
|
|
ans = isctest.query.tls(msg, f"10.53.0.{ns}")
|
|
assert ans.rcode() == rcode
|
|
if rcode == dns.rcode.NOERROR:
|
|
assert ans.answer != []
|
|
elif rcode == dns.rcode.SERVFAIL:
|
|
assert ans.answer == []
|