Commit graph

11588 commits

Author SHA1 Message Date
Mark Andrews
701ad350f8 Check dig's exist status 2023-09-06 01:03:11 +00:00
Michal Nowak
f0c37d861c
Disable command tracing in statschannel system test
Command tracing was added recently via
26e10e8fb5 and makes the system test too
verbose.
2023-09-05 19:01:27 +02:00
Aram Sargsyan
2084986462
Synchronize used library versions reporting functions
There are libraries which are reported in printversion(), but not
reported in setup(). Synchronize the functions, so that the log
file could have the same information as reported by the 'named -V'
command execution.
2023-09-05 18:47:29 +02:00
Ondřej Surý
2e99dcefa8
Print the used jemalloc version in autoconf and named -V output
The autoconf and named -V now prints used version of jemalloc.  This
doesn't work with system supplied jemalloc, so in it prints `system`
instead in the autoconf and nothing in named -V output.
2023-09-05 18:47:21 +02:00
Ondřej Surý
9e0b348a2b
Deprecate 'dnssec-must-be-secure' option
The dnssec-must-be-secure feature was added in the early days of BIND 9
and DNSSEC and it makes sense only as a debugging feature.

Remove the feature to simplify the code.
2023-09-04 13:38:14 +02:00
Evan Hunt
1019c0c0b1
unconditionally create view and resolver nametrees
instead of allowing a NULL nametree in dns_nametree_covered(),
require nametree to exist, and ensure that the nametrees defined
for view and resolver objects are always created.
2023-09-04 10:19:48 +02:00
Evan Hunt
9ed1dba976
add semantics to dns_nametree to support bitfields
name trees can now hold either boolean values or bit fields. the
type is selected when the name tree is created.

the behavior of dns_nametree_add() differs slightly beteween the types:
in a boolean tree adding an existing name will return ISC_R_EXISTS,
but in a bitfield tree it simply sets the specified bit in the bitfield
and returns ISC_R_SUCCESS.
2023-09-04 10:19:48 +02:00
Evan Hunt
e83ac0ce65 use dns_nametree in place of RBTs
replace the use of RBTs for deny-answer-aliases, the exclude
lists for deny-answer-aliases and deny-answer-addresses, and
dnssec-must-be-secure, with name trees.
2023-09-01 10:46:53 -07:00
Mark Andrews
eaedba6621 Clear OpenSSL error stack when exiting 2023-09-01 12:01:20 +10:00
Mark Andrews
279973363e Clear OpenSSL errors on OSSL_PROVIDER_load failures 2023-09-01 12:01:20 +10:00
Mark Andrews
6df53cdb87 Clear OpenSSL errors on EVP_PKEY_new failures 2023-09-01 12:01:19 +10:00
Ondřej Surý
d9048b3db1
Remove ISC_MEM_ZERO and isc_mem_*x() API
Use the new isc_mem_c*() calloc-like API for allocations that are
zeroed.

In turn, this also fixes couple of incorrect usage of the ISC_MEM_ZERO
for structures that need to be zeroed explicitly.

There are few places where isc_mem_cput() is used on structures with a
flexible member (or similar).
2023-08-31 22:08:35 +02:00
Ondřej Surý
55c29b8d83
Do extra manual isc_mem_cget() conversions
Some of the cases weren't caught by the coccinelle and there were some
places where cget+memmove() could get converted to simple creget().
2023-08-31 22:08:35 +02:00
Ondřej Surý
89fcb6f897
Apply the isc_mem_cget semantic patch 2023-08-31 22:08:35 +02:00
Evan Hunt
8bda38e7d4 remove dns_name_totext2() and dns_name_toprincipal()
we can pass option flags to dns_name_totext() to get the same
results, and eliminate the extra function names.
2023-08-31 12:53:32 -07:00
Evan Hunt
a290ed5bd0 remove dns_name_fromstring2()
we don't need two versions of dns_name_fromstring() any longer; we
can just specify an origin value of dns_rootname for absolute names.
2023-08-31 10:29:16 -07:00
Evan Hunt
6909897adf remove cfg_acl_fromconfig2()
the extra option to limit ACL configuration to only one address family
was no longer in use, and has been removed.
2023-08-31 10:29:16 -07:00
Matthijs Mekking
0f593fd70a Add serve-stale test settings after flush
Add a test case to ensure that after 'rndc flush', the serve-stale
settings are not reset.
2023-08-31 11:07:35 +02:00
Mark Andrews
cf03b1ed95 Check EDNS EXPIRE is returned with AXFR 2023-08-31 11:34:14 +10:00
Mark Andrews
690fd050a0 Allow EDNS to be used when making requests in xfrin
This allow for the EDNS options EXPIRE and NSID to be sent when
when making requests.  The existing controls controlling whether
EDNS is used and whether EXPIRE or NSID are sent are honoured.

Adjust the expected byte counts in the xfer system test to reflect
the EDNS overhead.  Adjust the dig call to match named's behavior
(don't set +expire as we are talking to a secondary).
2023-08-31 11:32:29 +10:00
Mark Andrews
60630fe3aa Silence CID 464884 (REVERSE_INULL)
*** CID 464884:  Null pointer dereferences  (REVERSE_INULL)
    /bin/tests/system/dyndb/driver/db.c: 644 in create_db()
    638
    639     	*dbp = (dns_db_t *)sampledb;
    640
    641     	return (ISC_R_SUCCESS);
    642
    643     cleanup:
       CID 464884:  Null pointer dereferences  (REVERSE_INULL)
       Null-checking "sampledb" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
    644     	if (sampledb != NULL) {
    645     		if (dns_name_dynamic(&sampledb->common.origin)) {
    646     			dns_name_free(&sampledb->common.origin, mctx);
    647     		}
    648
    649     		isc_mem_putanddetach(&sampledb->common.mctx, sampledb,
2023-08-29 23:45:12 +00:00
Mark Andrews
2b7192c5be Check that removal of nonexistent PTR and SRV records work
There was a bug in rr_exists that caused it to fail when the
name didn't exist in the zone.
2023-08-30 00:48:50 +10:00
Timo Teräs
7fbcf38a3f Enable keyfromlabel and enginepkcs11 systemtests with pkcs11-provider
- Simplify configuration management by deducing SoftHSM module path
  from openssl config

- Determine the engine flag (-E) value from openssl config

- Drop unused/unneeded environment variables

- Run pkcs11-provider tests on Debian "sid" ossl3 flavor
2023-08-25 14:59:16 +03:00
Aram Sargsyan
4d723c76b1 Add a a tcp system test case
The new test sends a 64 KiB message over TCP to named, and expects
it to handle it correctly.
2023-08-24 11:59:57 +00:00
Tony Finch
6271f3c054
Fix the style of an array de-allocation in dnssec-cds
Mention the element size explicitly, so that `matching_sigs()`,
`signed_loose()`, and `signed_strict()` use the same calculation.
2023-08-23 14:49:15 +02:00
Tony Finch
1d341096c1
Get rid of unnecessary macros in the system test dyndb driver
CHECKED_MEM_GET and ZERO_PTR are built-in features of isc_mem.
2023-08-23 14:49:15 +02:00
Tom Krizek
40289d5440
Allow re-runs of rrl system test
The rrl system test has been unstable and producing false positive
results for years (GL #172). Allow the test to be re-run (once) to
reduce the noise it causes.
2023-08-23 14:06:20 +02:00
Tom Krizek
8c5833fe39
Allow re-runs of reclimit system test
The reclimit system test has been unstable and producing false positive
results for years (GL #1587). Allow the test to be re-run (once) to
reduce the noise it causes.
2023-08-23 14:06:20 +02:00
Tom Krizek
be2123a8e9
Allow re-runs of qmin system test
The qmin test is inherently unstable. It fails quite often with failure
modes described in GL #904. Allow the pytest runner to re-run the test
up to 3 times to only detect a more persistent and reproducible failures
rather than random noise caused by the nature of the test.
2023-08-23 14:06:20 +02:00
Tom Krizek
7522583b57
Disable loadtime check in statschannel test
It is better to disable the specific check that causes the test to fail
rather than mark the entire test as xfail, which can mask other issues
which the test is capable of detecting.
2023-08-23 14:06:20 +02:00
Tom Krizek
1b3db25adf
Clean up pytest .gitignore file
The _last_test_run entry was accidentally added in !8194. It came from a
work-in-progress version of the MR and was left there during a rebase.
2023-08-23 14:06:20 +02:00
Tom Krizek
0361233b3d
Skip checkds test on Python<3.7
checkds test requires the capture_output argument for subprocess.run()
which was added in Python 3.7.
2023-08-23 14:06:18 +02:00
Matthijs Mekking
6502240442 Don't do DoT SOA requests for default servers
Default servers usually don't have DoT set up. Only do SOA queries if
the server is specified.
2023-08-23 09:56:38 +02:00
Tom Krizek
145bec51a0
Resolve scan-build issue in dummylib.c
Value stored to 'rdatap' is never read. Remove the line which has no
effect.
2023-08-21 20:04:50 +02:00
Tom Krizek
21980b43b8
Compile system test binaries during make
Using check_PROGRAMS would postpone compiling the binaries needed by
system tests until `make check` would be called. Since it's preferable
to invoke pytest directly to run the system test suite, compile these
binaries without installing them during `make all` instead by using
noinst_PROGRAMS.

This removes the need to use TESTS= make -e check hack invoked from
pytest to work around this issue.
2023-08-21 20:04:48 +02:00
Ondřej Surý
784d055809
Add support for User Statically Defined Tracing (USDT) probes
This adds support for User Statically Defined Tracing (USDT).  On
Linux, this uses the header from SystemTap and dtrace utility, but the
support is universal as long as dtrace is available.

Also add the required infrastructure to add probes to libisc, libdns and
libns libraries, where most of the probes will be.
2023-08-21 18:39:53 +02:00
Tom Krizek
355dc73391
.gitignore temporary directories and symlinks in system test dir 2023-08-21 15:54:40 +02:00
Tom Krizek
d66ff81543
Add clean-local target to clean pytest runner artifacts
The command finds all directories in bin/tests/system which contain an
underscore. Underscore indicates either a temporary directory (_tmp_), a
symlink to test artifacts (TESTNAME_MODULENAME), or a python-related
cache. Using underscore for a system test name is invalid and a hyphen
must be used instead.
2023-08-21 15:54:40 +02:00
Tom Krizek
83ddca7690
Silence pylint's refactoring suggestions for system_test_dir()
While it'd be fairly easy to split the function up into smaller ones,
the readability wouldn't be improved in this case. Silence the
suggestions instead.
2023-08-21 15:54:40 +02:00
Tom Krizek
f91d0b13e8
Improve tempdir logging for pytest runner
At the end of the test, display the symlink path to the artifact
directory in case it's preserved. Log the full tempdir name in debug
log.
2023-08-21 15:54:40 +02:00
Tom Krizek
e1ca5c8071
Create symlinks to test artifacts for pytest runner
While temporary directories are useful for test execution to keep
everything clean, they are difficult to work with manually. Create a
symlink for each test artifact directory with a stable and predictable
path. The symlink always either points to the latest artifacts, or is
missing in case the last run succeeded.

Ensure these symlinked directories aren't detected as test suites by the
pytest runner.
2023-08-21 15:54:38 +02:00
Tom Krizek
b1a9d1fe25
Improve pytest message when sanitizer report is found 2023-08-21 15:12:53 +02:00
Tony Finch
26e10e8fb5
Parse statschannel Content-Length: more carefully
A negative or excessively large Content-Length could cause a crash
by making `INSIST(httpd->consume != 0)` fail.
2023-08-21 14:14:18 +02:00
Michal Nowak
681b23c398
Mark test_send_timeout as flaky
In some cases, BIND is not fast enough to fill the send buffer and
manages to answer all queries, contrary to what the test expects.
Repeat the check up to 3 times to limit this test instability.
2023-08-17 14:13:59 +02:00
Tom Krizek
5b703de733
Add custom flaky decorator to handle unstable tests
If the flaky plugin for pytest is available, use its decorator to
support re-running unstable tests. In case the package is missing,
execute the test as usual without attempts to re-run it in case of
failure.

This is mostly intended to increase the test stability in CI. Using a
custom decorator enables us to keep the flaky package as an optional
dependency.
2023-08-17 14:13:59 +02:00
Michal Nowak
8a0da13479
Clean leftover files in autosign and masterformat
The following files were reported in CI by the legacy system test runner
and prevented job to pass. They should be removed.

    $ if git rev-parse > /dev/null 2>&1; then ( ! grep "^I:.*:file.*not removed$" *.log ); fi
    autosign.log:I:autosign:file autosign/ns3/kskonly.example.db.jbk not removed
    autosign.log:I:autosign:file autosign/ns3/optout.example.db.jbk not removed
    autosign.log:I:autosign:file autosign/ns3/reconf.example.db.jbk not removed
    masterformat.log:I:masterformat:file masterformat/ns1/signed.db.raw.jbk not removed
    masterformat.log:I:masterformat:file masterformat/ns1/signed.db.raw.signed not removed
    masterformat.log:I:masterformat:file masterformat/ns1/signed.db.raw.signed.jnl not removed

Don't print an error when the ns*/inactive directory is not
present:

    rmdir: ns*/inactive: No such file or directory

Remove nsupdate.out.test file instead of nsupdate.out, as the latter
does not exist.
2023-08-16 12:01:11 +02:00
Ondřej Surý
d76ab69772 Attach to the dns_dispatchmgr in the dns_view object
The dns_dispatchmgr object was only set in the dns_view object making it
prone to use-after-free in the dns_xfrin unit when shutting down named.

Remove dns_view_setdispatchmgr() and optionally pass the dispatchmgr
directly to dns_view_create() when it is attached and not just assigned,
so the dns_dispatchmgr doesn't cease to exist too early.

The dns_view_getdnsdispatchmgr() is now protected by the RCU lock, the
dispatchmgr reference is incremented, so the caller needs to detach from
it, and the function can return NULL in case the dns_view has been
already shut down.
2023-08-15 10:25:37 -07:00
Evan Hunt
b466439437
use a qp-trie for the keytable
Instead of an RBT for the trust anchor tables, use a QP-trie.
2023-08-15 14:25:24 +02:00
Evan Hunt
dea79e7053
use a qp-trie for the forwarders table
Instead of an RBT for the forwarders table, use a QP trie.

We now use reference counting for dns_forwarders_t. When a forwarders
object is retrieved by dns_fwdtable_find(), it must now be explicitly
detached by the caller afterward.

QP tries require stored objects to include their names, so the
the forwarders object now has that. This obviates the need to
pass back a separate 'foundname' value from dns_fwdtable_find().
2023-08-15 14:25:24 +02:00
Evan Hunt
aff01bda54
use a qp-trie for the NTA table
replace the red-black tree used by the negative trust anchor table
with a QP trie.

because of this change, dns_ntatable_init() can no longer fail, and
neither can dns_view_initntatable(). these functions have both been
changed to type void.
2023-08-15 14:24:46 +02:00