1*00b67f09SDavid van Moolenbroek#!/bin/sh 2*00b67f09SDavid van Moolenbroek# 3*00b67f09SDavid van Moolenbroek# Copyright (C) 2008, 2012-2014 Internet Systems Consortium, Inc. ("ISC") 4*00b67f09SDavid van Moolenbroek# 5*00b67f09SDavid van Moolenbroek# Permission to use, copy, modify, and/or distribute this software for any 6*00b67f09SDavid van Moolenbroek# purpose with or without fee is hereby granted, provided that the above 7*00b67f09SDavid van Moolenbroek# copyright notice and this permission notice appear in all copies. 8*00b67f09SDavid van Moolenbroek# 9*00b67f09SDavid van Moolenbroek# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10*00b67f09SDavid van Moolenbroek# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11*00b67f09SDavid van Moolenbroek# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12*00b67f09SDavid van Moolenbroek# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13*00b67f09SDavid van Moolenbroek# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14*00b67f09SDavid van Moolenbroek# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15*00b67f09SDavid van Moolenbroek# PERFORMANCE OF THIS SOFTWARE. 16*00b67f09SDavid van Moolenbroek 17*00b67f09SDavid van Moolenbroek# Id: tests.sh,v 1.4 2008/07/19 00:02:14 each Exp 18*00b67f09SDavid van Moolenbroek 19*00b67f09SDavid van MoolenbroekSYSTEMTESTTOP=.. 20*00b67f09SDavid van Moolenbroek. $SYSTEMTESTTOP/conf.sh 21*00b67f09SDavid van Moolenbroek 22*00b67f09SDavid van MoolenbroekDIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd" 23*00b67f09SDavid van Moolenbroek 24*00b67f09SDavid van Moolenbroekstatus=0 25*00b67f09SDavid van Moolenbroekt=0 26*00b67f09SDavid van Moolenbroek 27*00b67f09SDavid van Moolenbroekecho "I:testing basic ACL processing" 28*00b67f09SDavid van Moolenbroek# key "one" should fail 29*00b67f09SDavid van Moolenbroekt=`expr $t + 1` 30*00b67f09SDavid van Moolenbroek$DIG $DIGOPTS tsigzone. \ 31*00b67f09SDavid van Moolenbroek @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out.${t} 32*00b67f09SDavid van Moolenbroekgrep "^;" dig.out.${t} > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } 33*00b67f09SDavid van Moolenbroek 34*00b67f09SDavid van Moolenbroek 35*00b67f09SDavid van Moolenbroek# any other key should be fine 36*00b67f09SDavid van Moolenbroekt=`expr $t + 1` 37*00b67f09SDavid van Moolenbroek$DIG $DIGOPTS tsigzone. \ 38*00b67f09SDavid van Moolenbroek @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out.${t} 39*00b67f09SDavid van Moolenbroekgrep "^;" dig.out.${t} > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } 40*00b67f09SDavid van Moolenbroek 41*00b67f09SDavid van Moolenbroekcp -f ns2/named2.conf ns2/named.conf 42*00b67f09SDavid van Moolenbroek$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' 43*00b67f09SDavid van Moolenbroeksleep 5 44*00b67f09SDavid van Moolenbroek 45*00b67f09SDavid van Moolenbroek# prefix 10/8 should fail 46*00b67f09SDavid van Moolenbroekt=`expr $t + 1` 47*00b67f09SDavid van Moolenbroek$DIG $DIGOPTS tsigzone. \ 48*00b67f09SDavid van Moolenbroek @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out.${t} 49*00b67f09SDavid van Moolenbroekgrep "^;" dig.out.${t} > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } 50*00b67f09SDavid van Moolenbroek 51*00b67f09SDavid van Moolenbroek# any other address should work, as long as it sends key "one" 52*00b67f09SDavid van Moolenbroekt=`expr $t + 1` 53*00b67f09SDavid van Moolenbroek$DIG $DIGOPTS tsigzone. \ 54*00b67f09SDavid van Moolenbroek @10.53.0.2 -b 127.0.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out.${t} 55*00b67f09SDavid van Moolenbroekgrep "^;" dig.out.${t} > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } 56*00b67f09SDavid van Moolenbroek 57*00b67f09SDavid van Moolenbroekt=`expr $t + 1` 58*00b67f09SDavid van Moolenbroek$DIG $DIGOPTS tsigzone. \ 59*00b67f09SDavid van Moolenbroek @10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out.${t} 60*00b67f09SDavid van Moolenbroekgrep "^;" dig.out.${t} > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } 61*00b67f09SDavid van Moolenbroek 62*00b67f09SDavid van Moolenbroekecho "I:testing nested ACL processing" 63*00b67f09SDavid van Moolenbroek# all combinations of 10.53.0.{1|2} with key {one|two}, should succeed 64*00b67f09SDavid van Moolenbroekcp -f ns2/named3.conf ns2/named.conf 65*00b67f09SDavid van Moolenbroek$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' 66*00b67f09SDavid van Moolenbroeksleep 5 67*00b67f09SDavid van Moolenbroek 68*00b67f09SDavid van Moolenbroek# should succeed 69*00b67f09SDavid van Moolenbroekt=`expr $t + 1` 70*00b67f09SDavid van Moolenbroek$DIG $DIGOPTS tsigzone. \ 71*00b67f09SDavid van Moolenbroek @10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 -p 5300 > dig.out.${t} 72*00b67f09SDavid van Moolenbroekgrep "^;" dig.out.${t} > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } 73*00b67f09SDavid van Moolenbroek 74*00b67f09SDavid van Moolenbroek# should succeed 75*00b67f09SDavid van Moolenbroekt=`expr $t + 1` 76*00b67f09SDavid van Moolenbroek$DIG $DIGOPTS tsigzone. \ 77*00b67f09SDavid van Moolenbroek @10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 -p 5300 > dig.out.${t} 78*00b67f09SDavid van Moolenbroekgrep "^;" dig.out.${t} > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } 79*00b67f09SDavid van Moolenbroek 80*00b67f09SDavid van Moolenbroek# should succeed 81*00b67f09SDavid van Moolenbroekt=`expr $t + 1` 82*00b67f09SDavid van Moolenbroek$DIG $DIGOPTS tsigzone. \ 83*00b67f09SDavid van Moolenbroek @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out.${t} 84*00b67f09SDavid van Moolenbroekgrep "^;" dig.out.${t} > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } 85*00b67f09SDavid van Moolenbroek 86*00b67f09SDavid van Moolenbroek# should succeed 87*00b67f09SDavid van Moolenbroekt=`expr $t + 1` 88*00b67f09SDavid van Moolenbroek$DIG $DIGOPTS tsigzone. \ 89*00b67f09SDavid van Moolenbroek @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out.${t} 90*00b67f09SDavid van Moolenbroekgrep "^;" dig.out.${t} > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } 91*00b67f09SDavid van Moolenbroek 92*00b67f09SDavid van Moolenbroek# but only one or the other should fail 93*00b67f09SDavid van Moolenbroekt=`expr $t + 1` 94*00b67f09SDavid van Moolenbroek$DIG $DIGOPTS tsigzone. \ 95*00b67f09SDavid van Moolenbroek @10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out.${t} 96*00b67f09SDavid van Moolenbroekgrep "^;" dig.out.${t} > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } 97*00b67f09SDavid van Moolenbroek 98*00b67f09SDavid van Moolenbroekt=`expr $t + 1` 99*00b67f09SDavid van Moolenbroek$DIG $DIGOPTS tsigzone. \ 100*00b67f09SDavid van Moolenbroek @10.53.0.2 -b 10.53.0.2 axfr -p 5300 > dig.out.${t} 101*00b67f09SDavid van Moolenbroekgrep "^;" dig.out.${t} > /dev/null 2>&1 || { echo "I:test $tt failed" ; status=1; } 102*00b67f09SDavid van Moolenbroek 103*00b67f09SDavid van Moolenbroek# and other values? right out 104*00b67f09SDavid van Moolenbroekt=`expr $t + 1` 105*00b67f09SDavid van Moolenbroek$DIG $DIGOPTS tsigzone. \ 106*00b67f09SDavid van Moolenbroek @10.53.0.2 -b 127.0.0.1 axfr -y three:1234abcd8765 -p 5300 > dig.out.${t} 107*00b67f09SDavid van Moolenbroekgrep "^;" dig.out.${t} > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } 108*00b67f09SDavid van Moolenbroek 109*00b67f09SDavid van Moolenbroek# now we only allow 10.53.0.1 *and* key one, or 10.53.0.2 *and* key two 110*00b67f09SDavid van Moolenbroekcp -f ns2/named4.conf ns2/named.conf 111*00b67f09SDavid van Moolenbroek$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' 112*00b67f09SDavid van Moolenbroeksleep 5 113*00b67f09SDavid van Moolenbroek 114*00b67f09SDavid van Moolenbroek# should succeed 115*00b67f09SDavid van Moolenbroekt=`expr $t + 1` 116*00b67f09SDavid van Moolenbroek$DIG $DIGOPTS tsigzone. \ 117*00b67f09SDavid van Moolenbroek @10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 -p 5300 > dig.out.${t} 118*00b67f09SDavid van Moolenbroekgrep "^;" dig.out.${t} > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } 119*00b67f09SDavid van Moolenbroek 120*00b67f09SDavid van Moolenbroek# should succeed 121*00b67f09SDavid van Moolenbroekt=`expr $t + 1` 122*00b67f09SDavid van Moolenbroek$DIG $DIGOPTS tsigzone. \ 123*00b67f09SDavid van Moolenbroek @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out.${t} 124*00b67f09SDavid van Moolenbroekgrep "^;" dig.out.${t} > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } 125*00b67f09SDavid van Moolenbroek 126*00b67f09SDavid van Moolenbroek# should fail 127*00b67f09SDavid van Moolenbroekt=`expr $t + 1` 128*00b67f09SDavid van Moolenbroek$DIG $DIGOPTS tsigzone. \ 129*00b67f09SDavid van Moolenbroek @10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 -p 5300 > dig.out.${t} 130*00b67f09SDavid van Moolenbroekgrep "^;" dig.out.${t} > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } 131*00b67f09SDavid van Moolenbroek 132*00b67f09SDavid van Moolenbroek# should fail 133*00b67f09SDavid van Moolenbroekt=`expr $t + 1` 134*00b67f09SDavid van Moolenbroek$DIG $DIGOPTS tsigzone. \ 135*00b67f09SDavid van Moolenbroek @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out.${t} 136*00b67f09SDavid van Moolenbroekgrep "^;" dig.out.${t} > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } 137*00b67f09SDavid van Moolenbroek 138*00b67f09SDavid van Moolenbroek# should fail 139*00b67f09SDavid van Moolenbroekt=`expr $t + 1` 140*00b67f09SDavid van Moolenbroek$DIG $DIGOPTS tsigzone. \ 141*00b67f09SDavid van Moolenbroek @10.53.0.2 -b 10.53.0.3 axfr -y one:1234abcd8765 -p 5300 > dig.out.${t} 142*00b67f09SDavid van Moolenbroekgrep "^;" dig.out.${t} > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } 143*00b67f09SDavid van Moolenbroek 144*00b67f09SDavid van Moolenbroekecho "I:testing allow-query-on ACL processing" 145*00b67f09SDavid van Moolenbroekcp -f ns2/named5.conf ns2/named.conf 146*00b67f09SDavid van Moolenbroek$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' 147*00b67f09SDavid van Moolenbroeksleep 5 148*00b67f09SDavid van Moolenbroekt=`expr $t + 1` 149*00b67f09SDavid van Moolenbroek$DIG +tcp soa example. \ 150*00b67f09SDavid van Moolenbroek @10.53.0.2 -b 10.53.0.3 -p 5300 > dig.out.${t} 151*00b67f09SDavid van Moolenbroekgrep "status: NOERROR" dig.out.${t} > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } 152*00b67f09SDavid van Moolenbroek 153*00b67f09SDavid van Moolenbroekecho "I:exit status: $status" 154*00b67f09SDavid van Moolenbroekexit $status 155