[svn] commit: r1306 - in /trunk: ./ src/bin/auth/ src/bin/auth/tests/ src/bin/auth/tests/testdata/
BIND 10 source code commits
bind10-changes at lists.isc.org
Thu Mar 11 00:14:33 UTC 2010
Author: jinmei
Date: Thu Mar 11 00:14:33 2010
New Revision: 1306
Log:
- tighten validation on incoming requests. return an response rather than
ignoring requests when an error occurs
- added a framework for auth server unit test with an initial simple test
Added:
trunk/src/bin/auth/tests/
trunk/src/bin/auth/tests/Makefile.am
trunk/src/bin/auth/tests/auth_srv_unittest.cc (with props)
trunk/src/bin/auth/tests/run_unittests.cc (with props)
trunk/src/bin/auth/tests/testdata/
trunk/src/bin/auth/tests/testdata/iquery_fromWire
trunk/src/bin/auth/tests/testdata/iquery_fromWire.spec
Modified:
trunk/configure.ac
trunk/src/bin/auth/Makefile.am
trunk/src/bin/auth/auth_srv.cc
Modified: trunk/configure.ac
==============================================================================
--- trunk/configure.ac (original)
+++ trunk/configure.ac Thu Mar 11 00:14:33 2010
@@ -223,6 +223,7 @@
src/lib/dns/tests/Makefile
src/lib/exceptions/Makefile
src/lib/auth/Makefile
+ src/lib/auth/tests/Makefile
])
AC_OUTPUT([src/bin/cfgmgr/b10-cfgmgr.py
src/bin/cmdctl/cmdctl.py
Modified: trunk/src/bin/auth/Makefile.am
==============================================================================
--- trunk/src/bin/auth/Makefile.am (original)
+++ trunk/src/bin/auth/Makefile.am Thu Mar 11 00:14:33 2010
@@ -1,3 +1,5 @@
+SUBDIRS = . tests
+
AM_CPPFLAGS = -I$(top_builddir)/src/lib -I$(top_srcdir)/ext $(SQLITE_CFLAGS)
pkglibexecdir = $(libexecdir)/@PACKAGE@
Modified: trunk/src/bin/auth/auth_srv.cc
==============================================================================
--- trunk/src/bin/auth/auth_srv.cc (original)
+++ trunk/src/bin/auth/auth_srv.cc Thu Mar 11 00:14:33 2010
@@ -24,6 +24,8 @@
#include <cassert>
#include <iostream>
+#include <exceptions/exceptions.h>
+
#include <dns/buffer.h>
#include <dns/messagerenderer.h>
#include <dns/name.h>
@@ -49,6 +51,7 @@
using namespace std;
+using namespace isc;
using namespace isc::auth;
using namespace isc::dns;
using namespace isc::dns::rdata;
@@ -87,6 +90,16 @@
AuthSrv::~AuthSrv() {
delete impl_;
+}
+
+static void
+makeErrorMessage(Message& message, MessageRenderer& renderer,
+ const Rcode& rcode)
+{
+ message.makeResponse();
+ message.setRcode(rcode);
+ message.setUDPSize(4096); // XXX: hardcoding
+ message.toWire(renderer);
}
int
@@ -97,17 +110,35 @@
{
try {
message.fromWire(request_buffer);
- } catch (...) {
- cerr << "[AuthSrv] parse failed" << endl;
- return (-1);
- }
+ } catch (const DNSProtocolError& error) {
+ cerr << "returning protocol error" << endl;
+ makeErrorMessage(message, response_renderer, error.getRcode());
+ return (0);
+ } catch (const Exception& ex) {
+ cerr << "returning servfail" << endl;
+ makeErrorMessage(message, response_renderer, Rcode::SERVFAIL());
+ return (0);
+ } // other exceptions will be handled at a higher layer.
if (verbose_mode) {
cerr << "[AuthSrv] received a message:\n" << message.toText() << endl;
}
+ //
+ // Incoming Message Validation
+ //
+ // In this implementation, we only support normal queries
+ if (message.getOpcode() != Opcode::QUERY()) {
+ if (verbose_mode) {
+ cerr << "unsupported opcode" << endl;
+ }
+ makeErrorMessage(message, response_renderer, Rcode::NOTIMP());
+ return (0);
+ }
+
if (message.getRRCount(Section::QUESTION()) != 1) {
- return (-1);
+ makeErrorMessage(message, response_renderer, Rcode::FORMERR());
+ return (0);
}
const bool dnssec_ok = message.isDNSSECSupported();
More information about the bind10-changes
mailing list