1#!/bin/sh 2# 3# Copyright (C) 2008, 2012-2014 Internet Systems Consortium, Inc. ("ISC") 4# 5# Permission to use, copy, modify, and/or distribute this software for any 6# purpose with or without fee is hereby granted, provided that the above 7# copyright notice and this permission notice appear in all copies. 8# 9# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15# PERFORMANCE OF THIS SOFTWARE. 16 17# Id: tests.sh,v 1.4 2008/07/19 00:02:14 each Exp 18 19SYSTEMTESTTOP=.. 20. $SYSTEMTESTTOP/conf.sh 21 22DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd" 23 24status=0 25t=0 26 27echo "I:testing basic ACL processing" 28# key "one" should fail 29t=`expr $t + 1` 30$DIG $DIGOPTS tsigzone. \ 31 @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out.${t} 32grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } 33 34 35# any other key should be fine 36t=`expr $t + 1` 37$DIG $DIGOPTS tsigzone. \ 38 @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out.${t} 39grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } 40 41cp -f ns2/named2.conf ns2/named.conf 42$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' 43sleep 5 44 45# prefix 10/8 should fail 46t=`expr $t + 1` 47$DIG $DIGOPTS tsigzone. \ 48 @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out.${t} 49grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } 50 51# any other address should work, as long as it sends key "one" 52t=`expr $t + 1` 53$DIG $DIGOPTS tsigzone. \ 54 @10.53.0.2 -b 127.0.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out.${t} 55grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } 56 57t=`expr $t + 1` 58$DIG $DIGOPTS tsigzone. \ 59 @10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out.${t} 60grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } 61 62echo "I:testing nested ACL processing" 63# all combinations of 10.53.0.{1|2} with key {one|two}, should succeed 64cp -f ns2/named3.conf ns2/named.conf 65$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' 66sleep 5 67 68# should succeed 69t=`expr $t + 1` 70$DIG $DIGOPTS tsigzone. \ 71 @10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 -p 5300 > dig.out.${t} 72grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } 73 74# should succeed 75t=`expr $t + 1` 76$DIG $DIGOPTS tsigzone. \ 77 @10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 -p 5300 > dig.out.${t} 78grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } 79 80# should succeed 81t=`expr $t + 1` 82$DIG $DIGOPTS tsigzone. \ 83 @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out.${t} 84grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } 85 86# should succeed 87t=`expr $t + 1` 88$DIG $DIGOPTS tsigzone. \ 89 @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out.${t} 90grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } 91 92# but only one or the other should fail 93t=`expr $t + 1` 94$DIG $DIGOPTS tsigzone. \ 95 @10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out.${t} 96grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } 97 98t=`expr $t + 1` 99$DIG $DIGOPTS tsigzone. \ 100 @10.53.0.2 -b 10.53.0.2 axfr -p 5300 > dig.out.${t} 101grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo "I:test $tt failed" ; status=1; } 102 103# and other values? right out 104t=`expr $t + 1` 105$DIG $DIGOPTS tsigzone. \ 106 @10.53.0.2 -b 127.0.0.1 axfr -y three:1234abcd8765 -p 5300 > dig.out.${t} 107grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } 108 109# now we only allow 10.53.0.1 *and* key one, or 10.53.0.2 *and* key two 110cp -f ns2/named4.conf ns2/named.conf 111$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' 112sleep 5 113 114# should succeed 115t=`expr $t + 1` 116$DIG $DIGOPTS tsigzone. \ 117 @10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 -p 5300 > dig.out.${t} 118grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } 119 120# should succeed 121t=`expr $t + 1` 122$DIG $DIGOPTS tsigzone. \ 123 @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out.${t} 124grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } 125 126# should fail 127t=`expr $t + 1` 128$DIG $DIGOPTS tsigzone. \ 129 @10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 -p 5300 > dig.out.${t} 130grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } 131 132# should fail 133t=`expr $t + 1` 134$DIG $DIGOPTS tsigzone. \ 135 @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out.${t} 136grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } 137 138# should fail 139t=`expr $t + 1` 140$DIG $DIGOPTS tsigzone. \ 141 @10.53.0.2 -b 10.53.0.3 axfr -y one:1234abcd8765 -p 5300 > dig.out.${t} 142grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } 143 144echo "I:testing allow-query-on ACL processing" 145cp -f ns2/named5.conf ns2/named.conf 146$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' 147sleep 5 148t=`expr $t + 1` 149$DIG +tcp soa example. \ 150 @10.53.0.2 -b 10.53.0.3 -p 5300 > dig.out.${t} 151grep "status: NOERROR" dig.out.${t} > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } 152 153echo "I:exit status: $status" 154exit $status 155