From a0d411c05f12c36b298d811af3b4f2c9f08e86d4 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Tue, 17 Jun 2014 10:35:46 +1000 Subject: [PATCH] 3880. [test] Update ans.pl to work with new TSIG support in Net::DNS; add additional Net::DNS version prerequisite checks. [RT #36327] --- CHANGES | 4 ++ bin/tests/system/ans.pl | 68 +++++++++++++++++++++-------- bin/tests/system/dnssec/prereq.sh | 14 ++++++ bin/tests/system/nsupdate/prereq.sh | 14 ++++++ bin/tests/system/xfer/prereq.sh | 4 +- 5 files changed, 83 insertions(+), 21 deletions(-) diff --git a/CHANGES b/CHANGES index a051b56167..3188a6c86f 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +3880. [test] Update ans.pl to work with new TSIG support in + Net::DNS; add additional Net::DNS version prerequisite + checks. [RT #36327] + 3879. [func] Add version printing option to various BIND utilities. [RT #10686] diff --git a/bin/tests/system/ans.pl b/bin/tests/system/ans.pl index d840c1d921..766faada0b 100644 --- a/bin/tests/system/ans.pl +++ b/bin/tests/system/ans.pl @@ -94,6 +94,7 @@ my $tcpsock = IO::Socket::INET->new(LocalAddr => "$server_addr", LocalPort => 5300, Proto => "tcp", Listen => 5, Reuse => 1) or die "$!"; print "listening on $server_addr:5300,5301.\n"; +print "Using Net::DNS $Net::DNS::VERSION\n"; my $pidf = new IO::File "ans.pid", "w" or die "cannot open pid file: $!"; print $pidf "$$\n" or die "cannot write pid file: $!"; @@ -132,9 +133,7 @@ sub handleUDP { # get the existing signature if any, and clear the additional section my $prev_tsig; while (my $rr = $request->pop("additional")) { - if ($rr->type eq "TSIG") { - $prev_tsig = $rr; - } + $prev_tsig = $rr if ($rr->type eq "TSIG"); } my $r; @@ -148,11 +147,20 @@ sub handleUDP { $packet->push("answer", $a); } if(defined($key_name) && defined($key_data)) { + my $tsig; # Sign the packet print " Signing the response with " . "$key_name/$key_data\n"; - my $tsig = Net::DNS::RR-> - new("$key_name TSIG $key_data"); + + if ($Net::DNS::VERSION < 0.69) { + $tsig = Net::DNS::RR->new( + "$key_name TSIG $key_data"); + } else { + $tsig = Net::DNS::RR->new( + name => $key_name, + type => 'TSIG', + key => $key_data); + } # These kluges are necessary because Net::DNS # doesn't know how to sign responses. We @@ -167,11 +175,16 @@ sub handleUDP { $packet->{"header"}{"arcount"} += 1 if ($Net::DNS::VERSION < 0.70); if (defined($prev_tsig)) { - my $rmac = pack('n H*', - length($prev_tsig->mac)/2, - $prev_tsig->mac); - $tsig->{"request_mac"} = - unpack("H*", $rmac); + if ($Net::DNS::VERSION < 0.73) { + my $rmac = pack('n H*', + length($prev_tsig->mac)/2, + $prev_tsig->mac); + $tsig->{"request_mac"} = + unpack("H*", $rmac); + } else { + $tsig->request_mac( + $prev_tsig->mac); + } } $packet->sign_tsig($tsig); @@ -344,12 +357,23 @@ sub handleTCP { $packet->push("answer", $a); } if(defined($key_name) && defined($key_data)) { + my $tsig; # sign the packet print " Signing the data with " . "$key_name/$key_data\n"; - my $tsig = Net::DNS::RR-> - new("$key_name TSIG $key_data"); + if ($Net::DNS::VERSION < 0.69) { + $tsig = Net::DNS::RR->new( + "$key_name TSIG $key_data"); + } elsif ($Net::DNS::VERSION >= 0.75 && + $continuation) { + $tsig = $prev_tsig; + } else { + $tsig = Net::DNS::RR->new( + name => $key_name, + type => 'TSIG', + key => $key_data); + } # These kluges are necessary because Net::DNS # doesn't know how to sign responses. We @@ -364,16 +388,22 @@ sub handleTCP { $packet->{"header"}{"arcount"} += 1 if ($Net::DNS::VERSION < 0.70); if (defined($prev_tsig)) { - my $rmac = pack('n H*', - length($prev_tsig->mac)/2, - $prev_tsig->mac); - $tsig->{"request_mac"} = - unpack("H*", $rmac); + if ($Net::DNS::VERSION < 0.73) { + my $rmac = pack('n H*', + length($prev_tsig->mac)/2, + $prev_tsig->mac); + $tsig->{"request_mac"} = + unpack("H*", $rmac); + } else { + $tsig->request_mac( + $prev_tsig->mac); + } } $tsig->sign_func($signer) if defined($signer); - $tsig->continuation($continuation) - if ($Net::DNS::VERSION >= 0.71); + $tsig->continuation($continuation) if + ($Net::DNS::VERSION >= 0.71 && + $Net::DNS::VERSION <= 0.74 ); $packet->sign_tsig($tsig); $signer = \&sign_tcp_continuation if ($Net::DNS::VERSION < 0.70); diff --git a/bin/tests/system/dnssec/prereq.sh b/bin/tests/system/dnssec/prereq.sh index 46578eeca8..9d0fca1ae9 100644 --- a/bin/tests/system/dnssec/prereq.sh +++ b/bin/tests/system/dnssec/prereq.sh @@ -18,4 +18,18 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh +if $PERL -e 'use Net::DNS;' 2>/dev/null +then + if $PERL -e 'use Net::DNS; die if ($Net::DNS::VERSION >= 0.69 && $Net::DNS::VERSION <= 0.70);' 2>/dev/null + then + : + else + echo "I:Net::DNS versions 0.69 to 0.70 have bugs that cause this test to fail: please update." >&2 + exit 1 + fi +else + echo "I:This test requires the Net::DNS library." >&2 + exit 1 +fi + exec $SHELL ../testcrypto.sh diff --git a/bin/tests/system/nsupdate/prereq.sh b/bin/tests/system/nsupdate/prereq.sh index 582c6ba6a7..8888682b69 100644 --- a/bin/tests/system/nsupdate/prereq.sh +++ b/bin/tests/system/nsupdate/prereq.sh @@ -17,4 +17,18 @@ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh +if $PERL -e 'use Net::DNS;' 2>/dev/null +then + if $PERL -e 'use Net::DNS; die if ($Net::DNS::VERSION >= 0.69 && $Net::DNS::VERSION <= 0.70);' 2>/dev/null + then + : + else + echo "I:Net::DNS versions 0.69 to 0.70 have bugs that cause this test to fail: please update." >&2 + exit 1 + fi +else + echo "I:This test requires the Net::DNS library." >&2 + exit 1 +fi + exec $SHELL ../testcrypto.sh diff --git a/bin/tests/system/xfer/prereq.sh b/bin/tests/system/xfer/prereq.sh index f4ccdf7139..e93d31eb05 100644 --- a/bin/tests/system/xfer/prereq.sh +++ b/bin/tests/system/xfer/prereq.sh @@ -16,11 +16,11 @@ if $PERL -e 'use Net::DNS;' 2>/dev/null then - if $PERL -e 'use Net::DNS; die if $Net::DNS::VERSION >= 0.73;' 2>/dev/null + if $PERL -e 'use Net::DNS; die if ($Net::DNS::VERSION >= 0.69 && $Net::DNS::VERSION <= 0.74);' 2>/dev/null then : else - echo "I:Net::DNS version 0.73 has a bug that causes this test to fail: please update." >&2 + echo "I:Net::DNS versions 0.69 to 0.74 have bugs that cause this test to fail: please update." >&2 exit 1 fi else