upstream/unbound
1
0
Fork 0
mirror of https://github.com/NLnetLabs/unbound.git synced 2025-12-28 18:39:35 -05:00
Code Issues Projects Releases Packages Wiki Activity Actions

autotrust test routines.

Browse source 
git-svn-id: file:///svn/unbound/trunk@1771 be551aaa-1e26-0410-a405-d3ace91eadb9
This commit is contained in:
Wouter Wijngaards 2009-08-24 14:40:25 +00:00
parent 28be658942
commit 6f1f6dafb5
16 changed files with 527 additions and 113 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
acx_nlnetlabs.m4
View file

@ -2,9 +2,8 @@
# Copyright 2009, Wouter Wijngaards, NLnet Labs.
# BSD licensed.
#
# Version 5
# Version 4
# Changelog
# 2009-08-07 Added openssl/conf.h header detection.
# 2009-07-14 U_CHAR detection improved for windows crosscompile.
# added ACX_FUNC_MALLOC
# fixup some #if to #ifdef
@ -652,7 +651,6 @@ AC_DEFUN([ACX_SSL_CHECKS], [
AC_CHECK_HEADERS([openssl/ssl.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_HEADERS([openssl/err.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_HEADERS([openssl/rand.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_HEADERS([openssl/conf.h],,, [AC_INCLUDES_DEFAULT])
])dnl End of ACX_SSL_CHECKS
dnl Check for SSL, where SSL is mandatory

27
config.guess vendored
View file

@ -4,7 +4,7 @@
# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008
# Free Software Foundation, Inc.
timestamp='2008-11-15'
timestamp='2009-04-27'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
@ -324,6 +324,9 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
case `/usr/bin/uname -p` in
sparc) echo sparc-icl-nx7; exit ;;
esac ;;
s390x:SunOS:*:*)
echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit ;;
sun4H:SunOS:5.*:*)
echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit ;;
@ -337,7 +340,7 @@ case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
# Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
# This test works for both compilers.
if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
if echo '\n#ifdef __amd64\nIS_64BIT_ARCH\n#endif' | \
if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
grep IS_64BIT_ARCH >/dev/null
then
@ -1115,8 +1118,11 @@ EOF
pc:*:*:*)
# Left here for compatibility:
# uname -m prints for DJGPP always 'pc', but it prints nothing about
# the processor, so we play safe by assuming i386.
echo i386-pc-msdosdjgpp
# the processor, so we play safe by assuming i586.
# Note: whatever this is, it MUST be the same as what config.sub
# prints for the "djgpp" host, or else GDB configury will decide that
# this is a cross-build.
echo i586-pc-msdosdjgpp
exit ;;
Intel:Mach:3*:*)
echo i386-pc-mach3
@ -1154,6 +1160,16 @@ EOF
3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
&& { echo i486-ncr-sysv4; exit; } ;;
NCR*:*:4.2:* | MPRAS*:*:4.2:*)
OS_REL='.3'
test -r /etc/.relid \
&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
&& { echo i486-ncr-sysv4.3${OS_REL}; exit; }
/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
&& { echo i586-ncr-sysv4.3${OS_REL}; exit; }
/bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \
&& { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
echo m68k-unknown-lynxos${UNAME_RELEASE}
exit ;;
@ -1340,6 +1356,9 @@ EOF
i*86:rdos:*:*)
echo ${UNAME_MACHINE}-pc-rdos
exit ;;
i*86:AROS:*:*)
echo ${UNAME_MACHINE}-pc-aros
exit ;;
esac
#echo '(No uname command or uname output not recognized.)' 1>&2

7
config.h.in
View file

@ -152,6 +152,9 @@
/* Define to 1 if you have the <openssl/conf.h> header file. */
#undef HAVE_OPENSSL_CONF_H
/* Define to 1 if you have the <openssl/engine.h> header file. */
#undef HAVE_OPENSSL_ENGINE_H
/* Define to 1 if you have the <openssl/err.h> header file. */
#undef HAVE_OPENSSL_ERR_H
@ -641,6 +644,10 @@
#include <openssl/conf.h>
#endif
#ifdef HAVE_OPENSSL_ENGINE_H
#include <openssl/engine.h>
#endif
#ifdef HAVE_ATTR_FORMAT

19
config.sub vendored
View file

@ -4,7 +4,7 @@
# 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008
# Free Software Foundation, Inc.
timestamp='2008-09-08'
timestamp='2009-04-17'
# This file is (in principle) common to ALL GNU software.
# The presence of a machine in this file suggests that SOME GNU software
@ -122,6 +122,7 @@ maybe_os=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\2/'`
case $maybe_os in
nto-qnx* | linux-gnu* | linux-dietlibc | linux-newlib* | linux-uclibc* | \
uclinux-uclibc* | uclinux-gnu* | kfreebsd*-gnu* | knetbsd*-gnu* | netbsd*-gnu* | \
kopensolaris*-gnu* | \
storm-chaos* | os2-emx* | rtmk-nova*)
os=-$maybe_os
basic_machine=`echo $1 | sed 's/^\(.*\)-\([^-]*-[^-]*\)$/\1/'`
@ -249,6 +250,7 @@ case $basic_machine in
| h8300 | h8500 | hppa | hppa1.[01] | hppa2.0 | hppa2.0[nw] | hppa64 \
| i370 | i860 | i960 | ia64 \
| ip2k | iq2000 \
| lm32 \
| m32c | m32r | m32rle | m68000 | m68k | m88k \
| maxq | mb | microblaze | mcore | mep | metag \
| mips | mipsbe | mipseb | mipsel | mipsle \
@ -270,6 +272,7 @@ case $basic_machine in
| mipsisa64sr71k | mipsisa64sr71kel \
| mipstx39 | mipstx39el \
| mn10200 | mn10300 \
| moxie \
| mt \
| msp430 \
| nios | nios2 \
@ -279,7 +282,7 @@ case $basic_machine in
| powerpc | powerpc64 | powerpc64le | powerpcle | ppcbe \
| pyramid \
| score \
| sh | sh[1234] | sh[24]a | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
| sh | sh[1234] | sh[24]a | sh[24]aeb | sh[23]e | sh[34]eb | sheb | shbe | shle | sh[1234]le | sh3ele \
| sh64 | sh64le \
| sparc | sparc64 | sparc64b | sparc64v | sparc86x | sparclet | sparclite \
| sparcv8 | sparcv9 | sparcv9b | sparcv9v \
@ -331,6 +334,7 @@ case $basic_machine in
| hppa-* | hppa1.[01]-* | hppa2.0-* | hppa2.0[nw]-* | hppa64-* \
| i*86-* | i860-* | i960-* | ia64-* \
| ip2k-* | iq2000-* \
| lm32-* \
| m32c-* | m32r-* | m32rle-* \
| m68000-* | m680[012346]0-* | m68360-* | m683?2-* | m68k-* \
| m88110-* | m88k-* | maxq-* | mcore-* | metag-* \
@ -362,7 +366,7 @@ case $basic_machine in
| powerpc-* | powerpc64-* | powerpc64le-* | powerpcle-* | ppcbe-* \
| pyramid-* \
| romp-* | rs6000-* \
| sh-* | sh[1234]-* | sh[24]a-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
| sh-* | sh[1234]-* | sh[24]a-* | sh[24]aeb-* | sh[23]e-* | sh[34]eb-* | sheb-* | shbe-* \
| shle-* | sh[1234]le-* | sh3ele-* | sh64-* | sh64le-* \
| sparc-* | sparc64-* | sparc64b-* | sparc64v-* | sparc86x-* | sparclet-* \
| sparclite-* \
@ -443,6 +447,10 @@ case $basic_machine in
basic_machine=m68k-apollo
os=-bsd
;;
aros)
basic_machine=i386-pc
os=-aros
;;
aux)
basic_machine=m68k-apple
os=-aux
@ -1182,7 +1190,7 @@ case $basic_machine in
we32k)
basic_machine=we32k-att
;;
sh[1234] | sh[24]a | sh[34]eb | sh[1234]le | sh[23]ele)
sh[1234] | sh[24]a | sh[24]aeb | sh[34]eb | sh[1234]le | sh[23]ele)
basic_machine=sh-unknown
;;
sparc | sparcv8 | sparcv9 | sparcv9b | sparcv9v)
@ -1254,8 +1262,9 @@ case $os in
-gnu* | -bsd* | -mach* | -minix* | -genix* | -ultrix* | -irix* \
| -*vms* | -sco* | -esix* | -isc* | -aix* | -sunos | -sunos[34]*\
| -hpux* | -unos* | -osf* | -luna* | -dgux* | -solaris* | -sym* \
| -kopensolaris* \
| -amigaos* | -amigados* | -msdos* | -newsos* | -unicos* | -aof* \
| -aos* \
| -aos* | -aros* \
| -nindy* | -vxsim* | -vxworks* | -ebmon* | -hms* | -mvs* \
| -clix* | -riscos* | -uniplus* | -iris* | -rtu* | -xenix* \
| -hiux* | -386bsd* | -knetbsd* | -mirbsd* | -netbsd* \

186
configure vendored
View file

@ -17412,68 +17412,6 @@ fi
done
for ac_header in openssl/conf.h
do
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
{ $as_echo "$as_me:$LINENO: checking for $ac_header" >&5
$as_echo_n "checking for $ac_header... " >&6; }
if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
$as_echo_n "(cached) " >&6
else
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
$ac_includes_default
#include <$ac_header>
_ACEOF
rm -f conftest.$ac_objext
if { (ac_try="$ac_compile"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
$as_echo "$ac_try_echo") >&5
(eval "$ac_compile") 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
$as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } && {
test -z "$ac_c_werror_flag" ||
test ! -s conftest.err
} && test -s conftest.$ac_objext; then
eval "$as_ac_Header=yes"
else
$as_echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
eval "$as_ac_Header=no"
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
ac_res=`eval 'as_val=${'$as_ac_Header'}
$as_echo "$as_val"'`
{ $as_echo "$as_me:$LINENO: result: $ac_res" >&5
$as_echo "$ac_res" >&6; }
as_val=`eval 'as_val=${'$as_ac_Header'}
$as_echo "$as_val"'`
if test "x$as_val" = x""yes; then
cat >>confdefs.h <<_ACEOF
#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
_ACEOF
fi
done
# check if libssl needs libdl
@ -17631,6 +17569,130 @@ rm -rf conftest.dSYM
rm -f core conftest.err conftest.$ac_objext conftest_ipa8_conftest.oo \
conftest$ac_exeext conftest.$ac_ext
for ac_header in openssl/conf.h
do
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
{ $as_echo "$as_me:$LINENO: checking for $ac_header" >&5
$as_echo_n "checking for $ac_header... " >&6; }
if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
$as_echo_n "(cached) " >&6
else
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
$ac_includes_default
#include <$ac_header>
_ACEOF
rm -f conftest.$ac_objext
if { (ac_try="$ac_compile"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
$as_echo "$ac_try_echo") >&5
(eval "$ac_compile") 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
$as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } && {
test -z "$ac_c_werror_flag" ||
test ! -s conftest.err
} && test -s conftest.$ac_objext; then
eval "$as_ac_Header=yes"
else
$as_echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
eval "$as_ac_Header=no"
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
ac_res=`eval 'as_val=${'$as_ac_Header'}
$as_echo "$as_val"'`
{ $as_echo "$as_me:$LINENO: result: $ac_res" >&5
$as_echo "$ac_res" >&6; }
as_val=`eval 'as_val=${'$as_ac_Header'}
$as_echo "$as_val"'`
if test "x$as_val" = x""yes; then
cat >>confdefs.h <<_ACEOF
#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
_ACEOF
fi
done
for ac_header in openssl/engine.h
do
as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh`
{ $as_echo "$as_me:$LINENO: checking for $ac_header" >&5
$as_echo_n "checking for $ac_header... " >&6; }
if { as_var=$as_ac_Header; eval "test \"\${$as_var+set}\" = set"; }; then
$as_echo_n "(cached) " >&6
else
cat >conftest.$ac_ext <<_ACEOF
/* confdefs.h. */
_ACEOF
cat confdefs.h >>conftest.$ac_ext
cat >>conftest.$ac_ext <<_ACEOF
/* end confdefs.h. */
$ac_includes_default
#include <$ac_header>
_ACEOF
rm -f conftest.$ac_objext
if { (ac_try="$ac_compile"
case "(($ac_try" in
*\"* | *\`* | *\\*) ac_try_echo=\$ac_try;;
*) ac_try_echo=$ac_try;;
esac
eval ac_try_echo="\"\$as_me:$LINENO: $ac_try_echo\""
$as_echo "$ac_try_echo") >&5
(eval "$ac_compile") 2>conftest.er1
ac_status=$?
grep -v '^ *+' conftest.er1 >conftest.err
rm -f conftest.er1
cat conftest.err >&5
$as_echo "$as_me:$LINENO: \$? = $ac_status" >&5
(exit $ac_status); } && {
test -z "$ac_c_werror_flag" ||
test ! -s conftest.err
} && test -s conftest.$ac_objext; then
eval "$as_ac_Header=yes"
else
$as_echo "$as_me: failed program was:" >&5
sed 's/^/| /' conftest.$ac_ext >&5
eval "$as_ac_Header=no"
fi
rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext
fi
ac_res=`eval 'as_val=${'$as_ac_Header'}
$as_echo "$as_val"'`
{ $as_echo "$as_me:$LINENO: result: $ac_res" >&5
$as_echo "$ac_res" >&6; }
as_val=`eval 'as_val=${'$as_ac_Header'}
$as_echo "$as_val"'`
if test "x$as_val" = x""yes; then
cat >>confdefs.h <<_ACEOF
#define `$as_echo "HAVE_$ac_header" | $as_tr_cpp` 1
_ACEOF
fi
done

6
configure.ac
View file

@ -351,6 +351,8 @@ fi
# Checks for libraries.
ACX_WITH_SSL
ACX_LIB_SSL
AC_CHECK_HEADERS([openssl/conf.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_HEADERS([openssl/engine.h],,, [AC_INCLUDES_DEFAULT])
AC_CHECK_FUNCS([OPENSSL_config EVP_sha1 EVP_sha256 EVP_sha512])
AC_ARG_ENABLE(sha2, AC_HELP_STRING([--enable-sha2], [Enable SHA256 and SHA512 RRSIG support, experimental]))
@ -654,6 +656,10 @@ dnl includes
#ifdef HAVE_OPENSSL_CONF_H
#include <openssl/conf.h>
#endif
#ifdef HAVE_OPENSSL_ENGINE_H
#include <openssl/engine.h>
#endif
]
AHX_CONFIG_FORMAT_ATTRIBUTE

2
daemon/daemon.c
View file

@ -501,7 +501,7 @@ daemon_delete(struct daemon* daemon)
/* libcrypto cleanup */
#ifdef HAVE_OPENSSL_CONFIG
EVP_cleanup();
/*ENGINE_cleanup();*/
ENGINE_cleanup();
CONF_modules_free();
#endif
CRYPTO_cleanup_all_ex_data(); /* safe, no more threads right now */

3
doc/Changelog
View file

@ -1,3 +1,6 @@
24 August 2009: Wouter
- cleaner memory allocation on exit. autotrust test routines.
21 August 2009: Wouter
- autotrust: debug routines. Read,write and conversions work.

63
testcode/fake_event.c
View file

@ -51,6 +51,7 @@
#include "util/data/msgparse.h"
#include "util/data/msgreply.h"
#include "util/data/msgencode.h"
#include "util/config_file.h"
#include "services/listen_dnsport.h"
#include "services/outside_network.h"
#include "testcode/replay.h"
@ -76,6 +77,18 @@ timeval_add(struct timeval* d, const struct timeval* add)
#endif
}
void
fake_temp_file(const char* adj, const char* id, char* buf, size_t len)
{
#ifdef USE_WINSOCK
snprintf(buf, len, "testbound_%u%s%s.tmp",
(unsigned)getpid(), adj, id);
#else
snprintf(buf, len, "/tmp/testbound_%u%s%s.tmp",
(unsigned)getpid(), adj, id);
#endif
}
void
fake_event_init(struct replay_scenario* scen)
{
@ -116,6 +129,7 @@ repevt_string(enum replay_event_type t)
case repevt_time_passes: return "TIME_PASSES";
case repevt_back_reply: return "REPLY";
case repevt_back_query: return "CHECK_OUT_QUERY";
case repevt_autotrust_check: return "CHECK_AUTOTRUST";
case repevt_error: return "ERROR";
default: return "UNKNOWN";
}
@ -437,6 +451,51 @@ time_passes(struct replay_runtime* runtime, struct replay_moment* mom)
#endif
}
/** check autotrust file contents */
static void
autotrust_check(struct replay_moment* mom)
{
char name[1024], line[1024];
FILE *in;
int lineno = 0, oke=1;
struct config_strlist* p;
line[sizeof(line)-1] = 0;
log_assert(mom->autotrust_id);
fake_temp_file("_auto_", mom->autotrust_id, name, sizeof(name));
in = fopen(name, "r");
if(!in) fatal_exit("could not open %s: %s", name, strerror(errno));
for(p=mom->file_content; p; p=p->next) {
lineno++;
if(!fgets(line, (int)sizeof(line)-1, in)) {
log_err("autotrust check failed, could not read line");
log_err("file %s, line %d", name, lineno);
log_err("should be: %s", p->str);
fatal_exit("autotrust_check failed");
}
if(line[0]) line[strlen(line)-1] = 0; /* remove newline */
if(strcmp(p->str, line) != 0) {
log_err("mismatch in file %s, line %d", name, lineno);
log_err("file has : %s", line);
log_err("should be: %s", p->str);
oke = 0;
continue;
}
fprintf(stderr, "%s:%2d ok : %s\n", name, lineno, line);
}
if(fgets(line, (int)sizeof(line)-1, in)) {
log_err("autotrust check failed, extra lines in %s after %d",
name, lineno);
do {
fprintf(stderr, "file has: %s", line);
} while(fgets(line, (int)sizeof(line)-1, in));
oke = 0;
}
fclose(in);
if(!oke)
fatal_exit("autotrust_check STEP %d failed", mom->time_step);
log_info("autotrust %s is OK", mom->autotrust_id);
}
/**
* Advance to the next moment.
*/
@ -504,6 +563,10 @@ do_moment_and_advance(struct replay_runtime* runtime)
time_passes(runtime, runtime->now);
advance_moment(runtime);
break;
case repevt_autotrust_check:
autotrust_check(runtime->now);
advance_moment(runtime);
break;
default:
fatal_exit("testbound: unknown event type %d",
runtime->now->evt_type);

9
testcode/fake_event.h
View file

@ -63,4 +63,13 @@ void fake_event_init(struct replay_scenario* scen);
*/
void fake_event_cleanup();
/**
* Get filename to store temporary config stuff. The pid is added. in /tmp.
* @param adj: adjective, like "_cfg_", "_auto_"
* @param id: identifier, like "example.com".
* @param buf: where to store.
* @param len: length of buf.
*/
void fake_temp_file(const char* adj, const char* id, char* buf, size_t len);
#endif /* TESTCODE_FAKE_EVENT_H */

36
testcode/replay.c
View file

@ -42,6 +42,7 @@
#include "config.h"
#include "util/log.h"
#include "util/net_help.h"
#include "util/config_file.h"
#include "testcode/replay.h"
#include "testcode/ldns-testpkts.h"
@ -73,6 +74,8 @@ replay_moment_delete(struct replay_moment* mom)
if(mom->match) {
delete_entry(mom->match);
}
free(mom->autotrust_id);
config_delstrlist(mom->file_content);
free(mom);
}
@ -173,6 +176,31 @@ replay_range_read(char* remain, FILE* in, const char* name, int* lineno,
return NULL;
}
/** Read FILE match content */
static void
read_file_content(FILE* in, int* lineno, struct replay_moment* mom)
{
char line[MAX_LINE_LEN];
char* remain = line;
struct config_strlist** last = &mom->file_content;
line[MAX_LINE_LEN-1]=0;
if(!fgets(line, MAX_LINE_LEN-1, in))
fatal_exit("FILE_BEGIN expected at line %d", *lineno);
if(!parse_keyword(&remain, "FILE_BEGIN"))
fatal_exit("FILE_BEGIN expected at line %d", *lineno);
while(fgets(line, MAX_LINE_LEN-1, in)) {
(*lineno)++;
if(strncmp(line, "FILE_END", 8) == 0) {
return;
}
if(line[0]) line[strlen(line)-1] = 0; /* remove newline */
if(!cfg_strlist_insert(last, strdup(line)))
fatal_exit("malloc failure");
last = &( (*last)->next );
}
fatal_exit("no FILE_END in input file");
}
/**
* Read a replay moment 'STEP' from file.
* @param remain: Rest of line (after STEP keyword).
@ -223,6 +251,14 @@ replay_moment_read(char* remain, FILE* in, const char* name, int* lineno,
mom->evt_type = repevt_timeout;
} else if(parse_keyword(&remain, "TIME_PASSES")) {
mom->evt_type = repevt_time_passes;
} else if(parse_keyword(&remain, "CHECK_AUTOTRUST")) {
mom->evt_type = repevt_autotrust_check;
while(isspace((int)*remain))
remain++;
if(strlen(remain)>0 && remain[strlen(remain)-1]=='\n')
remain[strlen(remain)-1] = 0;
mom->autotrust_id = strdup(remain);
read_file_content(in, lineno, mom);
} else if(parse_keyword(&remain, "ERROR")) {
mom->evt_type = repevt_error;
} else {

17
testcode/replay.h
View file

@ -41,6 +41,15 @@
* <pre>
* File format for replay files.
*
* ; unbound.conf options.
* ; ...
* ; additional commandline options to pass to unbound
* COMMANDLINE cmdline_option
* ; autotrust key file contents, also adds auto-trust-anchor-file: "x" to cfg
* AUTOTRUST_FILE id
* ; contents of that file
* AUTOTRUST_END
* CONFIG_END
* ; comment line.
* SCENARIO_BEGIN name_of_scenario
* RANGE_BEGIN start_time end_time
@ -60,6 +69,7 @@
* o TIMEOUT
* o TIME_PASSES ELAPSE [seconds] - increase 'now' time counter, can be
* a floating point number.
* o CHECK_AUTOTRUST [id] - followed by FILE_BEGIN [to match] FILE_END.
* o ERROR
* ; following entry starts on the next line, ENTRY_BEGIN.
* ; more STEP items
@ -156,6 +166,8 @@ struct replay_moment {
repevt_back_reply,
/** test fails if query to the network does not match */
repevt_back_query,
/** check autotrust key file */
repevt_autotrust_check,
/** an error happens to outbound query */
repevt_error
}
@ -178,6 +190,11 @@ struct replay_moment {
* Unused at this time.
*/
ldns_rr* qname;
/** the autotrust file id to check */
char* autotrust_id;
/** file contents to match, one string per line */
struct config_strlist* file_content;
};
/**

80
testcode/testbound.c
View file

@ -43,6 +43,7 @@
#include "testcode/replay.h"
#include "testcode/fake_event.h"
#include "daemon/remote.h"
#include "util/config_file.h"
/**
* include the main program from the unbound daemon.
@ -54,8 +55,8 @@
/** maximum line length for lines in the replay file. */
#define MAX_LINE_LEN 1024
/** the config file (removed at exit) */
static char cfgfile[MAX_LINE_LEN];
/** config files (removed at exit) */
static struct config_strlist* cfgfiles = NULL;
/** give commandline usage for testbound. */
static void
@ -122,27 +123,60 @@ echo_cmdline(int argc, char* argv[])
fprintf(stderr, "\n");
}
/** process config elements */
/** spool autotrust file */
static void
setup_config(FILE* in, char* configfile, int* lineno,
int* pass_argc, char* pass_argv[])
spool_auto_file(FILE* in, int* lineno, FILE* cfg, char* id)
{
char line[MAX_LINE_LEN];
char* parse;
FILE* spool;
/* find filename for new file */
while(isspace((int)*id))
id++;
if(strlen(id)==0)
fatal_exit("AUTROTRUST_FILE must have id, line %d", *lineno);
id[strlen(id)-1]=0; /* remove newline */
fake_temp_file("_auto_", id, line, sizeof(line));
/* add option for the file */
fprintf(cfg, "server: auto-trust-anchor-file: \"%s\"\n", line);
/* open file and spool to it */
spool = fopen(line, "w");
if(!spool) fatal_exit("could not open %s: %s", line, strerror(errno));
fprintf(stderr, "testbound is spooling key file: %s\n", line);
if(!cfg_strlist_insert(&cfgfiles, strdup(line)))
fatal_exit("out of memory");
line[sizeof(line)-1] = 0;
while(fgets(line, MAX_LINE_LEN-1, in)) {
parse = line;
(*lineno)++;
while(isspace((int)*parse))
parse++;
if(strncmp(parse, "AUTOTRUST_END", 13) == 0) {
fclose(spool);
return;
}
fputs(line, spool);
}
fatal_exit("no AUTOTRUST_END in input file");
}
/** process config elements */
static void
setup_config(FILE* in, int* lineno, int* pass_argc, char* pass_argv[])
{
char configfile[MAX_LINE_LEN];
char line[MAX_LINE_LEN];
char* parse;
FILE* cfg;
#ifdef USE_WINSOCK
snprintf(configfile, MAX_LINE_LEN, "testbound_cfg_%u.tmp",
(unsigned)getpid());
#else
snprintf(configfile, MAX_LINE_LEN, "/tmp/testbound_cfg_%u.tmp",
(unsigned)getpid());
#endif
fake_temp_file("_cfg", "", configfile, sizeof(configfile));
add_opts("-c", pass_argc, pass_argv);
add_opts(configfile, pass_argc, pass_argv);
cfg = fopen(configfile, "w");
if(!cfg) fatal_exit("could not open %s: %s",
configfile, strerror(errno));
line[MAX_LINE_LEN-1] = 0;
if(!cfg_strlist_insert(&cfgfiles, strdup(configfile)))
fatal_exit("out of memory");
line[sizeof(line)-1] = 0;
/* some basic settings to not pollute the host system */
fprintf(cfg, "server: use-syslog: no\n");
fprintf(cfg, " directory: \"\"\n");
@ -161,6 +195,10 @@ setup_config(FILE* in, char* configfile, int* lineno,
add_opts(parse+11, pass_argc, pass_argv);
continue;
}
if(strncmp(parse, "AUTOTRUST_FILE", 14) == 0) {
spool_auto_file(in, lineno, cfg, parse+14);
continue;
}
if(strncmp(parse, "CONFIG_END", 10) == 0) {
fclose(cfg);
return;
@ -173,8 +211,7 @@ setup_config(FILE* in, char* configfile, int* lineno,
/** read playback file */
static struct replay_scenario*
setup_playback(const char* filename, char* configfile,
int* pass_argc, char* pass_argv[])
setup_playback(const char* filename, int* pass_argc, char* pass_argv[])
{
struct replay_scenario* scen = NULL;
int lineno = 0;
@ -185,7 +222,7 @@ setup_playback(const char* filename, char* configfile,
perror(filename);
exit(1);
}
setup_config(in, configfile, &lineno, pass_argc, pass_argv);
setup_config(in, &lineno, pass_argc, pass_argv);
scen = replay_scenario_read(in, filename, &lineno);
fclose(in);
if(!scen)
@ -199,9 +236,13 @@ setup_playback(const char* filename, char* configfile,
/** remove config file at exit */
void remove_configfile(void)
{
unlink(cfgfile);
struct config_strlist* p;
for(p=cfgfiles; p; p=p->next)
unlink(p->str);
config_delstrlist(cfgfiles);
cfgfiles = NULL;
}
/**
* Main fake event test program. Setup, teardown and report errors.
* @param argc: arg count.
@ -221,7 +262,6 @@ main(int argc, char* argv[])
log_init(NULL, 0, NULL);
log_info("Start of %s testbound program.", PACKAGE_STRING);
/* determine commandline options for the daemon */
cfgfile[0] = 0;
pass_argc = 1;
pass_argv[0] = "unbound";
add_opts("-d", &pass_argc, pass_argv);
@ -273,7 +313,7 @@ main(int argc, char* argv[])
fatal_exit("atexit() failed: %s", strerror(errno));
/* setup test environment */
scen = setup_playback(playback_file, cfgfile, &pass_argc, pass_argv);
scen = setup_playback(playback_file, &pass_argc, pass_argv);
/* init fake event backend */
fake_event_init(scen);

141
testdata/autotrust_init.rpl vendored Normal file
View file

@ -0,0 +1,141 @@
; config options
server:
target-fetch-policy: "0 0 0 0 0"
log-time-ascii: yes
stub-zone:
name: "."
stub-addr: 193.0.14.129 # K.ROOT-SERVERS.NET.
; initial content (say from dig example.com DNSKEY > example.com.key)
AUTOTRUST_FILE example.com
example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (zsk), size = 512b}
AUTOTRUST_END
CONFIG_END
SCENARIO_BEGIN Test autotrust with initial trust anchor
; K-ROOT
RANGE_BEGIN 0 100
ADDRESS 193.0.14.129
ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id copy_query
REPLY QR AA
SECTION QUESTION
. IN NS
SECTION ANSWER
. IN NS k.root-servers.net.
SECTION ADDITIONAL
k.root-servers.net IN A 193.0.14.129
ENTRY_END
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR
SECTION QUESTION
com. IN NS
SECTION AUTHORITY
com. IN NS a.gtld-servers.net.
SECTION ADDITIONAL
a.gtld-servers.net. IN A 192.5.6.30
ENTRY_END
RANGE_END
; a.gtld-servers.net.
RANGE_BEGIN 0 100
ADDRESS 192.5.6.30
ENTRY_BEGIN
MATCH opcode subdomain
ADJUST copy_id copy_query
REPLY QR
SECTION QUESTION
example.com. IN NS
SECTION AUTHORITY
example.com. IN NS ns.example.com.
SECTION ADDITIONAL
ns.example.com. IN A 1.2.3.4
ENTRY_END
RANGE_END
; ns.example.com.
RANGE_BEGIN 0 100
ADDRESS 1.2.3.4
ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id
REPLY QR AA
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 3600 IN A 10.20.30.40
www.example.com. 3600 IN RRSIG A 5 3 3600 20090924111500 20090821111500 30899 example.com. pYGxVLsWUvOp1wSf0iwPap+JnECfC5GAm1lRqy3YEqecNGld7U7x/5Imo3CerbdZrVptUQs2oH0lcjwYJXMnsw== ;{id = 30899}
SECTION AUTHORITY
example.com. 3600 IN NS ns.example.com.
example.com. 3600 IN RRSIG NS 5 2 3600 20090924111500 20090821111500 30899 example.com. J5wxRq0jgwQL6yy530kvo9cHqNAUHV8IF4dvaYZL0bNraO2Oe6dVXqlJl4+cxNHI2TMsstwFPr2Zz8tv6Az2mQ== ;{id = 30899}
SECTION ADDITIONAL
ns.example.com. 3600 IN A 1.2.3.4
ns.example.com. 3600 IN RRSIG A 5 3 3600 20090924111500 20090821111500 30899 example.com. JsXbS18oyc0zkVaOWGSFdIQuOsZKflT0GraT9afDPoWLCgH4ApF7jNgfJV7Pqy1sTBRajME5IUAhpANwGBuW4A== ;{id = 30899}
ENTRY_END
ENTRY_BEGIN
MATCH opcode qname qtype
ADJUST copy_id
REPLY QR AA
SECTION QUESTION
example.com. IN DNSKEY
SECTION ANSWER
; KSK 1
example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b}
; ZSK 1
example.com. 10800 IN DNSKEY 256 3 5 AQPQ41chR9DEHt/aIzIFAqanbDlRflJoRs5yz1jFsoRIT7dWf0r+PeDuewdxkszNH6wnU4QL8pfKFRh5PIYVBLK3 ;{id = 30899 (ksk), size = 512b}
; signatures
example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20090924111500 20090821111500 30899 example.com. b/HK231jIQLX8IhlZfup3r0yhpXaasbPE6LzxoEVVvWaTZWcLmeV8jDIcn0qO7Yvs7bIJN20lwVAV0GcHH3hWQ== ;{id = 30899}
example.com. 10800 IN RRSIG DNSKEY 5 2 10800 20090924111500 20090821111500 55582 example.com. PCHme1QLoULxqjhg5tMlpR0qJlBfstEUVq18TtNoKQe9le1YhJ9caheXcTWoK+boLhXxg9u6Yyvq8FboQh0OjA== ;{id = 55582}
ENTRY_END
RANGE_END
; set date/time to Aug 24 09:46:40 (2009).
STEP 5 TIME_PASSES ELAPSE 1251100000
STEP 10 QUERY
ENTRY_BEGIN
REPLY RD DO
SECTION QUESTION
www.example.com. IN A
ENTRY_END
STEP 20 CHECK_ANSWER
ENTRY_BEGIN
MATCH all
REPLY QR RD RA AD NOERROR
SECTION QUESTION
www.example.com. IN A
SECTION ANSWER
www.example.com. 3600 IN A 10.20.30.40
www.example.com. 3600 IN RRSIG A 5 3 3600 20090924111500 20090821111500 30899 example.com. pYGxVLsWUvOp1wSf0iwPap+JnECfC5GAm1lRqy3YEqecNGld7U7x/5Imo3CerbdZrVptUQs2oH0lcjwYJXMnsw== ;{id = 30899}
SECTION AUTHORITY
example.com. 3600 IN NS ns.example.com.
example.com. 3600 IN RRSIG NS 5 2 3600 20090924111500 20090821111500 30899 example.com. J5wxRq0jgwQL6yy530kvo9cHqNAUHV8IF4dvaYZL0bNraO2Oe6dVXqlJl4+cxNHI2TMsstwFPr2Zz8tv6Az2mQ== ;{id = 30899}
SECTION ADDITIONAL
ns.example.com. 3600 IN A 1.2.3.4
ns.example.com. 3600 IN RRSIG A 5 3 3600 20090924111500 20090821111500 30899 example.com. JsXbS18oyc0zkVaOWGSFdIQuOsZKflT0GraT9afDPoWLCgH4ApF7jNgfJV7Pqy1sTBRajME5IUAhpANwGBuW4A== ;{id = 30899}
ENTRY_END
; The autotrust anchor was probed due to the query.
STEP 30 CHECK_AUTOTRUST example.com
FILE_BEGIN
; autotrust trust anchor file
;;id: example.com. 1
;;last_queried: 1251100000 ;;Mon Aug 24 09:46:40 2009
;;last_success: 1251100000 ;;Mon Aug 24 09:46:40 2009
;;next_probe_time: 0 ;;Thu Jan 1 01:00:00 1970
;;query_failed: 0
;;query_interval: 5400
;;retry_time: 3600
example.com. 10800 IN DNSKEY 257 3 5 AwEAAc3Z5DQDJpH4oPdNtC4BUQHk50XMD+dHr4r8psHmivIa83hxR5CRgCtd9sENCW9Ae8OIO19xw9t/RPaEAqQa+OE= ;{id = 55582 (ksk), size = 512b} ;;state=2 [ VALID ] ;;count=0 ;;lastchange=1251100000 ;;Mon Aug 24 09:46:40 2009
FILE_END
SCENARIO_END

38
validator/autotrust.c
View file

@ -70,6 +70,7 @@ void autr_global_delete(struct autr_global_data* global)
return;
/* elements deleted by parent, nothing to do */
memset(global, 0, sizeof(*global));
free(global);
}
int probetree_cmp(const void* x, const void* y)
@ -235,14 +236,7 @@ parse_comments(char* str, struct autr_ta* ta)
timestamp = atoi(comments);
}
if (pos < 0 || !timestamp)
{
/* Should we warn about this? It happens for key priming.
verbose_key(ta, VERB_OPS, "has no timestamp, "
"considered NOW");
*/
/* cannot use event base timeptr, because not inited yet */
ta->last_change = (uint32_t)time(NULL);
}
ta->last_change = 0;
else
ta->last_change = (uint32_t)timestamp;
@ -354,7 +348,6 @@ autr_rrset_delete(struct ub_packed_rrset_key* r)
void autr_point_delete(struct trust_anchor* tp)
{
struct autr_ta* p, *np;
if(!tp)
return;
lock_unprotect(&tp->lock, tp);
@ -362,14 +355,17 @@ void autr_point_delete(struct trust_anchor* tp)
lock_basic_destroy(&tp->lock);
autr_rrset_delete(tp->ds_rrset);
autr_rrset_delete(tp->dnskey_rrset);
p = tp->autr->keys;
while(p) {
np = p->next;
ldns_rr_free(p->rr);
free(p);
p = np;
if(tp->autr) {
struct autr_ta* p = tp->autr->keys, *np;
while(p) {
np = p->next;
ldns_rr_free(p->rr);
free(p);
p = np;
}
free(tp->autr->file);
free(tp->autr);
}
free(tp->autr);
free(tp->name);
free(tp);
}
@ -1290,6 +1286,10 @@ anchor_state_update(struct module_env* env, struct autr_ta* anchor, int* c)
/* KeyRem: MISSING */
else if (!anchor->fetched)
do_keyrem(env, anchor, c);
else if(!anchor->last_change) {
verbose_key(anchor, VERB_ALGO, "first prime");
reset_holddown(env, anchor, c);
}
break;
/* MISSING */
case AUTR_STATE_MISSING:
@ -1380,7 +1380,8 @@ autr_cleanup_keys(struct trust_anchor* tp)
prevp = &tp->autr->keys;
while(p) {
/* do we want to remove this key? */
if(p->s == AUTR_STATE_START || p->s == AUTR_STATE_REMOVED) {
if(p->s == AUTR_STATE_START || p->s == AUTR_STATE_REMOVED ||
!rr_is_dnskey_sep(p->rr)) {
struct autr_ta* np = p->next;
/* remove */
ldns_rr_free(p->rr);
@ -1390,6 +1391,9 @@ autr_cleanup_keys(struct trust_anchor* tp)
p = np;
continue;
}
/* remove pending counts if no longer pending */
if(p->s != AUTR_STATE_ADDPEND)
p->pending_count = 0;
prevp = &p->next;
p = p->next;
}

2
validator/autotrust.h
View file

@ -83,7 +83,7 @@ struct autr_ta {
*/
struct autr_point_data {
/** file to store the trust point in. chrootdir already applied. */
const char* file;
char* file;
/** rbtree node for probe sort, key is struct trust_anchor */
rbnode_t pnode;