BIND 10 master, updated. d8991bf8ed720a316f7506c1dd9db7de5c57ad4d Merge branch 'trac2759'

BIND 10 source code commits bind10-changes at lists.isc.org
Sun Jun 30 14:34:23 UTC 2013 

The branch, master has been updated
       via  d8991bf8ed720a316f7506c1dd9db7de5c57ad4d (commit)
       via  d878168fcd942b66b3f88ffd162010dd86ab85a1 (commit)
       via  8354cca4763eceb0dfd3270823012511c14512cc (commit)
       via  213d905ed8661b9d1f5ce214c6f391e702d518d7 (commit)
       via  fac95b174e553ac8eba5805c47541530e9fbb2e1 (commit)
      from  464664e3237b5dcb61deaf9ba4b5224bb11f412e (commit)

Those revisions listed above that are new to this repository have
not appeared on any other notification email; so we list those
revisions in full, below.

- Log -----------------------------------------------------------------
commit d8991bf8ed720a316f7506c1dd9db7de5c57ad4d
Merge: 464664e d878168
Author: Mukund Sivaraman <muks at isc.org>
Date:   Sun Jun 30 19:53:37 2013 +0530

    Merge branch 'trac2759'

-----------------------------------------------------------------------

Summary of changes:
 src/lib/python/isc/ddns/libddns_messages.mes   |   10 +++++++
 src/lib/python/isc/ddns/session.py             |   23 +++++++++++++++
 src/lib/python/isc/ddns/tests/session_tests.py |   10 +++++++
 tests/lettuce/features/ddns_system.feature     |   36 ++++++++++++++++++++++++
 4 files changed, 79 insertions(+)

-----------------------------------------------------------------------
diff --git a/src/lib/python/isc/ddns/libddns_messages.mes b/src/lib/python/isc/ddns/libddns_messages.mes
index ab982ad..86af4c3 100644
--- a/src/lib/python/isc/ddns/libddns_messages.mes
+++ b/src/lib/python/isc/ddns/libddns_messages.mes
@@ -212,3 +212,13 @@ To make sure DDNS service is not interrupted, this problem is caught instead
 of reraised; The update is aborted, and a SERVFAIL is sent back to the client.
 This is most probably a bug in the DDNS code, but *could* be caused by
 the data source.
+
+% LIBDDNS_ZONE_INVALID_ERROR Newly received zone data %1/%2 fails validation: %3
+The zone data was received successfully, but the zone when updated with
+this zone data fails validation.
+
+% LIBDDNS_ZONE_INVALID_WARN Newly received zone data %1/%2 has a problem: %3
+The zone data was received successfully, but when checking the zone when
+updated with this zone data, it was discovered there's some issue with
+it. It might be correct, but it should be checked and possibly
+fixed. The problem does not stop the zone from being used.
diff --git a/src/lib/python/isc/ddns/session.py b/src/lib/python/isc/ddns/session.py
index febdfdc..6f2b7cf 100644
--- a/src/lib/python/isc/ddns/session.py
+++ b/src/lib/python/isc/ddns/session.py
@@ -812,6 +812,20 @@ class UpdateSession:
         self.__diff.delete_data(old_soa)
         self.__diff.add_data(new_soa)
 
+    def __validate_error(self, reason):
+        '''
+        Used as error callback below.
+        '''
+        logger.error(LIBDDNS_ZONE_INVALID_ERROR, self.__zname, self.__zclass,
+                     reason)
+
+    def __validate_warning(self, reason):
+        '''
+        Used as warning callback below.
+        '''
+        logger.warn(LIBDDNS_ZONE_INVALID_WARN, self.__zname, self.__zclass,
+                    reason)
+
     def __do_update(self):
         '''Scan, check, and execute the Update section in the
            DDNS Update message.
@@ -849,8 +863,17 @@ class UpdateSession:
                 elif rrset.get_class() == RRClass.NONE:
                     self.__do_update_delete_rrs_from_rrset(rrset)
 
+            if not check_zone(self.__zname, self.__zclass,
+                              self.__diff.get_rrset_collection(),
+                              (self.__validate_error, self.__validate_warning)):
+                raise UpdateError('Validation of the new zone failed',
+                                  self.__zname, self.__zclass, Rcode.REFUSED)
             self.__diff.commit()
             return Rcode.NOERROR
+        except UpdateError:
+            # Propagate UpdateError exceptions (don't catch them in the
+            # blocks below)
+            raise
         except isc.datasrc.Error as dse:
             logger.info(LIBDDNS_UPDATE_DATASRC_COMMIT_FAILED, dse)
             return Rcode.SERVFAIL
diff --git a/src/lib/python/isc/ddns/tests/session_tests.py b/src/lib/python/isc/ddns/tests/session_tests.py
index 4880d72..49bf672 100644
--- a/src/lib/python/isc/ddns/tests/session_tests.py
+++ b/src/lib/python/isc/ddns/tests/session_tests.py
@@ -1481,6 +1481,16 @@ class SessionTest(SessionTestBase):
         self.assertEqual(Rcode.SERVFAIL.to_text(),
                          self._session._UpdateSession__do_update().to_text())
 
+    def test_check_zone_failure(self):
+        # ns3.example.org. is an NS and should not have a CNAME
+        # record. This would cause check_zone() to fail.
+        self.__initialize_update_rrsets()
+        new_cname = create_rrset("ns3.example.org", TEST_RRCLASS,
+                                 RRType.CNAME, 3600,
+                                 [ "cname.example.org." ])
+
+        self.check_full_handle_result(Rcode.REFUSED, [ new_cname ])
+
 class SessionACLTest(SessionTestBase):
     '''ACL related tests for update session.'''
     def test_update_acl_check(self):
diff --git a/tests/lettuce/features/ddns_system.feature b/tests/lettuce/features/ddns_system.feature
index 184c8ae..6747b53 100644
--- a/tests/lettuce/features/ddns_system.feature
+++ b/tests/lettuce/features/ddns_system.feature
@@ -118,6 +118,42 @@ Feature: DDNS System
         A query for new3.example.org should have rcode NOERROR
         The SOA serial for example.org should be 1236
 
+    Scenario: Zone validation check
+        Given I have bind10 running with configuration ddns/ddns.config
+        And wait for bind10 stderr message BIND10_STARTED_CC
+        And wait for bind10 stderr message AUTH_SERVER_STARTED
+        And wait for bind10 stderr message DDNS_STARTED
+
+        # Sanity check
+        A query for example.org type NS should have rcode NOERROR
+        The answer section of the last query response should be
+        """
+        example.org.                    3600    IN      NS      ns1.example.org.
+        example.org.                    3600    IN      NS      ns2.example.org.
+        example.org.                    3600    IN      NS      ns3.example.org.
+        """
+        The SOA serial for example.org should be 1234
+
+        # Test failed validation. Here, example.org has ns1.example.org
+        # configured as a name server. CNAME records cannot be added for
+        # ns1.example.org.
+        When I use DDNS to add a record ns1.example.org. 3600 IN CNAME ns3.example.org.
+        The DDNS response should be REFUSED
+        A query for ns1.example.org type CNAME should have rcode NXDOMAIN
+        The SOA serial for example.org should be 1234
+
+        # Test passed validation. Here, example.org does not have
+        # ns4.example.org configured as a name server. CNAME records can
+        # be added for ns4.example.org.
+        When I use DDNS to add a record ns4.example.org. 3600 IN CNAME ns3.example.org.
+        The DDNS response should be SUCCESS
+        A query for ns4.example.org type CNAME should have rcode NOERROR
+        The answer section of the last query response should be
+        """
+        ns4.example.org.                3600    IN      CNAME   ns3.example.org.
+        """
+        The SOA serial for example.org should be 1235
+
     #Scenario: DDNS and Xfrout
     ## Unfortunately, Xfrout can only notify to inzone slaves, and hence only
     ## to port 53, which we do not want to use for Lettuce tests (for various

More information about the bind10-changes mailing list