From eeaa830ecd1c846234055aa16e1068635569f2fa Mon Sep 17 00:00:00 2001
From: Aram Sargsyan <aram@isc.org>
Date: Fri, 17 Feb 2023 12:38:40 +0000
Subject: [PATCH] Add an "rpz" system test check for a failed reconfiguration

The faulty "DLZ" configuration triggers a reconfiguration failure
in such a place where view reverting code is covered.

(cherry picked from commit 95f4bac00236fd430131b8db8009de777d8db444)
---
 bin/tests/system/rpz/ns3/named.conf.in | 10 ++++++++++
 bin/tests/system/rpz/tests.sh          | 10 ++++++++++
 2 files changed, 20 insertions(+)

diff --git a/bin/tests/system/rpz/ns3/named.conf.in b/bin/tests/system/rpz/ns3/named.conf.in
index 30f08c804c..dc069d8164 100644
--- a/bin/tests/system/rpz/ns3/named.conf.in
+++ b/bin/tests/system/rpz/ns3/named.conf.in
@@ -148,3 +148,13 @@ zone "static-stub-nomatch." {
 	type static-stub;
 	server-addresses { 10.53.0.10; };
 };
+
+# A faulty dlz configuration to check if named with response policy zones
+# survives a certain class of failed configuration attempts (see GL #3880).
+# "dlz" is used because the dlz processing code is located in an ideal place in
+# the view configuration function for the test to cover the view reverting code.
+# The "BAD" comments below are necessary, because they will be removed using
+# 'sed' by tests.sh in order to activate the faulty configuration.
+#BAD	dlz "bad-dlz" {
+#BAD		database "dlopen bad-dlz.so example.org";
+#BAD	};
diff --git a/bin/tests/system/rpz/tests.sh b/bin/tests/system/rpz/tests.sh
index 6505082b2c..760ef13fed 100644
--- a/bin/tests/system/rpz/tests.sh
+++ b/bin/tests/system/rpz/tests.sh
@@ -846,6 +846,16 @@ EOF
     stop_server --use-rndc --port ${CONTROLPORT} ns3
     restart 3 "rebuild-bl-rpz"
 
+    t=`expr $t + 1`
+    echo_i "checking if rpz survives a certain class of failed reconfiguration attempts (${t})"
+    sed -e "s/^#BAD//" < ns3/named.conf.in > ns3/named.conf.tmp
+    copy_setports ns3/named.conf.tmp ns3/named.conf
+    rm ns3/named.conf.tmp
+    $RNDCCMD $ns3 reconfig > /dev/null 2>&1 && setret "failed"
+    sleep 1
+    copy_setports ns3/named.conf.in ns3/named.conf
+    $RNDCCMD $ns3 reconfig || setret "failed"
+
     # reload a RPZ zone that is now deliberately broken.
     t=`expr $t + 1`
     echo_i "checking rpz failed update will keep previous rpz rules (${t})"