bind/bin/tests/system/dnssec/tests.sh

#!/bin/sh
#
# Copyright (C) 2000  Internet Software Consortium.
# 
# Permission to use, copy, modify, and distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
# 
# THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
# ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
# OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
# CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
# PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
# SOFTWARE.

# $Id: tests.sh,v 1.20 2000/07/10 23:46:50 bwelling Exp $

#
# Perform tests
#

SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh

status=0
n=0

rm -f dig.out.*

DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocmd -p 5300"

# Check the example. domain
echo "I:checking that zone transfer worked"
ret=0
$DIG $DIGOPTS a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
$DIG $DIGOPTS a.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns3.test$n || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

echo "I:checking positive validation"
ret=0
$DIG $DIGOPTS +noauth a.example. @10.53.0.2 a > dig.out.ns2.test$n || ret=1
$DIG $DIGOPTS +noauth a.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

# Check the insecure.example domain

echo "I:checking 1-server insecurity proof"
ret=0
$DIG $DIGOPTS a.insecure.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
$DIG $DIGOPTS a.insecure.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

# Check the secure.example domain

echo "I:checking multi-stage positive validation"
ret=0
$DIG $DIGOPTS a.secure.example. @10.53.0.3 a > dig.out.ns3.test$n || ret=1
$DIG $DIGOPTS a.secure.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

# Check the bogus domain

echo "I:checking negative validation"
ret=0
$DIG $DIGOPTS a.bogus.example. @10.53.0.4 a > dig.out.ns4.test$n || ret=1
grep "SERVFAIL" dig.out.ns4.test$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

# Try validating a key with a bad trusted key.
# This should fail.

echo "I:checking that validation fails with a misconfigured trusted key"
ret=0
$DIG $DIGOPTS example. key @10.53.0.5 -p 5300 > dig.out.ns5.test$n || ret=1
grep "SERVFAIL" dig.out.ns5.test$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

# Check the insecure.secure.example domain (insecurity proof)

echo "I:checking 2-server insecurity proof"
ret=0
$DIG $DIGOPTS a.insecure.secure.example. @10.53.0.2 a > dig.out.ns2.test$n \
	|| ret=1
$DIG $DIGOPTS a.insecure.secure.example. @10.53.0.4 a > dig.out.ns4.test$n \
	|| ret=1
$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

# Check a negative response in insecure.secure.example

echo "I:checking 2-server insecurity proof with a negative answer"
ret=0
$DIG $DIGOPTS q.insecure.secure.example. @10.53.0.2 a > dig.out.ns2.test$n \
	|| ret=1
$DIG $DIGOPTS q.insecure.secure.example. @10.53.0.4 a > dig.out.ns4.test$n \
	|| ret=1
$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`

echo "I:exit status: $status"
exit $status
Add missing files 2000-05-17 22:38:50 +00:00			`#!/bin/sh`
Add copyright entries 2000-05-19 22:45:47 +00:00			`#`
			`# Copyright (C) 2000 Internet Software Consortium.`
			`#`
			`# Permission to use, copy, modify, and distribute this software for any`
			`# purpose with or without fee is hereby granted, provided that the above`
			`# copyright notice and this permission notice appear in all copies.`
			`#`
			`# THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS`
			`# ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES`
			`# OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE`
			`# CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL`
			`# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR`
			`# PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS`
			`# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS`
			`# SOFTWARE.`

print the test info before executing the test 2000-07-10 23:46:50 +00:00			`# $Id: tests.sh,v 1.20 2000/07/10 23:46:50 bwelling Exp $`
add RCS id string 2000-06-22 22:00:42 +00:00
Add missing files 2000-05-17 22:38:50 +00:00			`#`
			`# Perform tests`
			`#`

make conf.sh usable from subdirectory test scripts; use conf.sh from subdirectory test scripts 2000-06-05 19:36:44 +00:00			`SYSTEMTESTTOP=..`
			`. $SYSTEMTESTTOP/conf.sh`

no need to verify that servers are up as start.sh now takes care of that; no need to remove dig output before test 2000-06-05 19:07:46 +00:00			`status=0`
- test insecurity proofs - use digcomp.pl's ability to check rcode - generate less unneeded output - use separate output files for each test, so that output isn't deleted 2000-07-08 00:39:17 +00:00			`n=0`
Add missing files 2000-05-17 22:38:50 +00:00
Sweeping changes to system test suite 2000-05-18 22:49:29 +00:00			`rm -f dig.out.*`
Add missing files 2000-05-17 22:38:50 +00:00
- test insecurity proofs - use digcomp.pl's ability to check rcode - generate less unneeded output - use separate output files for each test, so that output isn't deleted 2000-07-08 00:39:17 +00:00			`DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocmd -p 5300"`
run test DNS on port 5300 2000-06-06 23:41:55 +00:00
Add missing files 2000-05-17 22:38:50 +00:00			`# Check the example. domain`
print the test info before executing the test 2000-07-10 23:46:50 +00:00			`echo "I:checking that zone transfer worked"`
Describe all the tests that are run and indicate which ones fail. 2000-07-10 21:40:16 +00:00			`ret=0`
			`$DIG $DIGOPTS a.example. @10.53.0.2 a > dig.out.ns2.test$n \|\| ret=1`
			`$DIG $DIGOPTS a.example. @10.53.0.3 a > dig.out.ns3.test$n \|\| ret=1`
			`$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns3.test$n \|\| ret=1`
- test insecurity proofs - use digcomp.pl's ability to check rcode - generate less unneeded output - use separate output files for each test, so that output isn't deleted 2000-07-08 00:39:17 +00:00			n=`expr $n + 1`
Describe all the tests that are run and indicate which ones fail. 2000-07-10 21:40:16 +00:00			`if [ $ret != 0 ]; then echo "I:failed"; fi`
			status=`expr $status + $ret`

print the test info before executing the test 2000-07-10 23:46:50 +00:00			`echo "I:checking positive validation"`
Describe all the tests that are run and indicate which ones fail. 2000-07-10 21:40:16 +00:00			`ret=0`
			`$DIG $DIGOPTS +noauth a.example. @10.53.0.2 a > dig.out.ns2.test$n \|\| ret=1`
			`$DIG $DIGOPTS +noauth a.example. @10.53.0.4 a > dig.out.ns4.test$n \|\| ret=1`
			`$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n \|\| ret=1`
- test insecurity proofs - use digcomp.pl's ability to check rcode - generate less unneeded output - use separate output files for each test, so that output isn't deleted 2000-07-08 00:39:17 +00:00			n=`expr $n + 1`
Describe all the tests that are run and indicate which ones fail. 2000-07-10 21:40:16 +00:00			`if [ $ret != 0 ]; then echo "I:failed"; fi`
			status=`expr $status + $ret`
Sweeping changes to system test suite 2000-05-18 22:49:29 +00:00
			`# Check the insecure.example domain`

print the test info before executing the test 2000-07-10 23:46:50 +00:00			`echo "I:checking 1-server insecurity proof"`
Describe all the tests that are run and indicate which ones fail. 2000-07-10 21:40:16 +00:00			`ret=0`
			`$DIG $DIGOPTS a.insecure.example. @10.53.0.3 a > dig.out.ns3.test$n \|\| ret=1`
			`$DIG $DIGOPTS a.insecure.example. @10.53.0.4 a > dig.out.ns4.test$n \|\| ret=1`
			`$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n \|\| ret=1`
- test insecurity proofs - use digcomp.pl's ability to check rcode - generate less unneeded output - use separate output files for each test, so that output isn't deleted 2000-07-08 00:39:17 +00:00			n=`expr $n + 1`
Describe all the tests that are run and indicate which ones fail. 2000-07-10 21:40:16 +00:00			`if [ $ret != 0 ]; then echo "I:failed"; fi`
			status=`expr $status + $ret`
Sweeping changes to system test suite 2000-05-18 22:49:29 +00:00
			`# Check the secure.example domain`

print the test info before executing the test 2000-07-10 23:46:50 +00:00			`echo "I:checking multi-stage positive validation"`
Describe all the tests that are run and indicate which ones fail. 2000-07-10 21:40:16 +00:00			`ret=0`
			`$DIG $DIGOPTS a.secure.example. @10.53.0.3 a > dig.out.ns3.test$n \|\| ret=1`
			`$DIG $DIGOPTS a.secure.example. @10.53.0.4 a > dig.out.ns4.test$n \|\| ret=1`
			`$PERL ../digcomp.pl dig.out.ns3.test$n dig.out.ns4.test$n \|\| ret=1`
- test insecurity proofs - use digcomp.pl's ability to check rcode - generate less unneeded output - use separate output files for each test, so that output isn't deleted 2000-07-08 00:39:17 +00:00			n=`expr $n + 1`
Describe all the tests that are run and indicate which ones fail. 2000-07-10 21:40:16 +00:00			`if [ $ret != 0 ]; then echo "I:failed"; fi`
			status=`expr $status + $ret`
Sweeping changes to system test suite 2000-05-18 22:49:29 +00:00
			`# Check the bogus domain`

print the test info before executing the test 2000-07-10 23:46:50 +00:00			`echo "I:checking negative validation"`
Describe all the tests that are run and indicate which ones fail. 2000-07-10 21:40:16 +00:00			`ret=0`
			`$DIG $DIGOPTS a.bogus.example. @10.53.0.4 a > dig.out.ns4.test$n \|\| ret=1`
			`grep "SERVFAIL" dig.out.ns4.test$n > /dev/null \|\| ret=1`
- test insecurity proofs - use digcomp.pl's ability to check rcode - generate less unneeded output - use separate output files for each test, so that output isn't deleted 2000-07-08 00:39:17 +00:00			n=`expr $n + 1`
Describe all the tests that are run and indicate which ones fail. 2000-07-10 21:40:16 +00:00			`if [ $ret != 0 ]; then echo "I:failed"; fi`
			status=`expr $status + $ret`
work around NetBSD shell bug bin/10379 2000-06-16 22:39:45 +00:00
added a test 2000-06-21 23:06:20 +00:00			`# Try validating a key with a bad trusted key.`
			`# This should fail.`

print the test info before executing the test 2000-07-10 23:46:50 +00:00			`echo "I:checking that validation fails with a misconfigured trusted key"`
Describe all the tests that are run and indicate which ones fail. 2000-07-10 21:40:16 +00:00			`ret=0`
			`$DIG $DIGOPTS example. key @10.53.0.5 -p 5300 > dig.out.ns5.test$n \|\| ret=1`
			`grep "SERVFAIL" dig.out.ns5.test$n > /dev/null \|\| ret=1`
- test insecurity proofs - use digcomp.pl's ability to check rcode - generate less unneeded output - use separate output files for each test, so that output isn't deleted 2000-07-08 00:39:17 +00:00			n=`expr $n + 1`
Describe all the tests that are run and indicate which ones fail. 2000-07-10 21:40:16 +00:00			`if [ $ret != 0 ]; then echo "I:failed"; fi`
			status=`expr $status + $ret`
- test insecurity proofs - use digcomp.pl's ability to check rcode - generate less unneeded output - use separate output files for each test, so that output isn't deleted 2000-07-08 00:39:17 +00:00
			`# Check the insecure.secure.example domain (insecurity proof)`

print the test info before executing the test 2000-07-10 23:46:50 +00:00			`echo "I:checking 2-server insecurity proof"`
Describe all the tests that are run and indicate which ones fail. 2000-07-10 21:40:16 +00:00			`ret=0`
- test insecurity proofs - use digcomp.pl's ability to check rcode - generate less unneeded output - use separate output files for each test, so that output isn't deleted 2000-07-08 00:39:17 +00:00			`$DIG $DIGOPTS a.insecure.secure.example. @10.53.0.2 a > dig.out.ns2.test$n \`
Describe all the tests that are run and indicate which ones fail. 2000-07-10 21:40:16 +00:00			`\|\| ret=1`
- test insecurity proofs - use digcomp.pl's ability to check rcode - generate less unneeded output - use separate output files for each test, so that output isn't deleted 2000-07-08 00:39:17 +00:00			`$DIG $DIGOPTS a.insecure.secure.example. @10.53.0.4 a > dig.out.ns4.test$n \`
Describe all the tests that are run and indicate which ones fail. 2000-07-10 21:40:16 +00:00			`\|\| ret=1`
			`$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n \|\| ret=1`
- test insecurity proofs - use digcomp.pl's ability to check rcode - generate less unneeded output - use separate output files for each test, so that output isn't deleted 2000-07-08 00:39:17 +00:00			n=`expr $n + 1`
Describe all the tests that are run and indicate which ones fail. 2000-07-10 21:40:16 +00:00			`if [ $ret != 0 ]; then echo "I:failed"; fi`
			status=`expr $status + $ret`
- test insecurity proofs - use digcomp.pl's ability to check rcode - generate less unneeded output - use separate output files for each test, so that output isn't deleted 2000-07-08 00:39:17 +00:00
			`# Check a negative response in insecure.secure.example`

print the test info before executing the test 2000-07-10 23:46:50 +00:00			`echo "I:checking 2-server insecurity proof with a negative answer"`
Describe all the tests that are run and indicate which ones fail. 2000-07-10 21:40:16 +00:00			`ret=0`
- test insecurity proofs - use digcomp.pl's ability to check rcode - generate less unneeded output - use separate output files for each test, so that output isn't deleted 2000-07-08 00:39:17 +00:00			`$DIG $DIGOPTS q.insecure.secure.example. @10.53.0.2 a > dig.out.ns2.test$n \`
Describe all the tests that are run and indicate which ones fail. 2000-07-10 21:40:16 +00:00			`\|\| ret=1`
- test insecurity proofs - use digcomp.pl's ability to check rcode - generate less unneeded output - use separate output files for each test, so that output isn't deleted 2000-07-08 00:39:17 +00:00			`$DIG $DIGOPTS q.insecure.secure.example. @10.53.0.4 a > dig.out.ns4.test$n \`
Describe all the tests that are run and indicate which ones fail. 2000-07-10 21:40:16 +00:00			`\|\| ret=1`
			`$PERL ../digcomp.pl dig.out.ns2.test$n dig.out.ns4.test$n \|\| ret=1`
- test insecurity proofs - use digcomp.pl's ability to check rcode - generate less unneeded output - use separate output files for each test, so that output isn't deleted 2000-07-08 00:39:17 +00:00			n=`expr $n + 1`
Describe all the tests that are run and indicate which ones fail. 2000-07-10 21:40:16 +00:00			`if [ $ret != 0 ]; then echo "I:failed"; fi`
			status=`expr $status + $ret`
added a test 2000-06-21 23:06:20 +00:00
remove extra spaces in I: lines 2000-07-07 18:25:20 +00:00			`echo "I:exit status: $status"`
Modify the tests so that if any server doesn't die with a TERM signal, it's an error. 2000-07-05 18:49:06 +00:00			`exit $status`