3262. [bug] Signed responses were handled incorrectly by RPZ.

[RT #27316]

bin/tests/system/rpz/clean.sh

@@ -12,7 +12,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: clean.sh,v 1.4 2011/10/13 01:32:32 vjs Exp $
+# $Id: clean.sh,v 1.5 2012/01/07 00:19:59 each Exp $
 
 
 # Clean up after rpz tests.
@@ -20,3 +20,5 @@
 rm -f proto.* dig.out* nsupdate.tmp
 rm -f  */named.memstats */named.run */named.rpz */session.key
 rm -f ns3/bl*.db */*.jnl */*.core */*.pid
+rm -f ns2/signed-tld2.db
+rm -f ns2/K*.private ns2/K*.key dsset-*

bin/tests/system/rpz/ns1/root.db

@@ -12,7 +12,7 @@
 ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 ; PERFORMANCE OF THIS SOFTWARE.
 
-; $Id: root.db,v 1.4 2011/10/13 01:32:33 vjs Exp $
+; $Id: root.db,v 1.5 2012/01/07 00:19:59 each Exp $
 
 $TTL	120
 @		SOA	ns. hostmaster.ns. ( 1 3600 1200 604800 60 )
@@ -25,6 +25,11 @@ tld2.		NS	ns.tld2.
 ns.tld2.	A	10.53.0.2
 ns2.tld2.	A	10.53.0.2
 
+; rewrite responses from this zone unless dnssec requested
+signed-tld2.		NS	ns.signed-tld2.
+ns.signed-tld2.		A	10.53.0.2
+ns2.signed-tld2.	A	10.53.0.2
+
 ; requests come from here
 tld3.		NS	ns.tld3.
 ns.tld3.	A	10.53.0.3

bin/tests/system/rpz/ns2/named.conf

@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named.conf,v 1.4 2011/10/13 01:32:33 vjs Exp $ */
+/* $Id: named.conf,v 1.5 2012/01/07 00:19:59 each Exp $ */
 
 
 controls { /* empty */ };
@@ -40,3 +40,4 @@ zone "sub2.tld2."	    {type master; file "tld2.db";};
 zone "subsub.sub2.tld2."    {type master; file "tld2.db";};
 zone "sub3.tld2."	    {type master; file "tld2.db";};
 zone "subsub.sub3.tld2."    {type master; file "tld2.db";};
+zone "signed-tld2."	    {type master; file "signed-tld2.db";};

bin/tests/system/rpz/setup.sh

@@ -14,11 +14,18 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: setup.sh,v 1.4 2011/10/13 01:32:32 vjs Exp $
+# $Id: setup.sh,v 1.5 2012/01/07 00:19:59 each Exp $
 
-sh clean.sh
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
+. ./clean.sh
 
 #  NO-OP is an obsolete synonym for PASSHTRU
 for NM in '' -2 -given -disabled -passthru -no-op -nodata -nxdomain -cname -wildcname -garden; do
     sed -e "/SOA/s/blx/bl$NM/g" ns3/base.db >ns3/bl$NM.db
 done
+
+../../../tools/genrandom 400 random.data
+$KEYGEN -Kns2 -q -r random.data -3 signed-tld2. > /dev/null 2>&1
+$KEYGEN -Kns2 -q -r random.data -3fk signed-tld2. > /dev/null 2>&1
+$SIGNER -S -Kns2 -o signed-tld2. -f ns2/signed-tld2.db ns2/tld2.db > /dev/null 2>&1

bin/tests/system/rpz/test1

@@ -12,7 +12,7 @@
 ; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 ; PERFORMANCE OF THIS SOFTWARE.
 
-; $Id: test1,v 1.7 2011/10/28 11:46:49 marka Exp $
+; $Id: test1,v 1.8 2012/01/07 00:19:59 each Exp $
 
 
 ; Use comment lines instead of blank lines to combine update requests into
@@ -26,6 +26,7 @@ server 10.53.0.3 5300
 
 ; NXDOMAIN
 update add  a0-1.tld2.bl.	300 CNAME .
+update add  a0-1.signed-tld2.bl.	300 CNAME .
 ;
 ; NODATA
 update add  a3-1.tld2.bl.	300 CNAME *.

bin/tests/system/rpz/tests.sh

@@ -12,7 +12,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: tests.sh,v 1.10 2011/11/18 19:32:13 each Exp $
+# $Id: tests.sh,v 1.11 2012/01/07 00:19:59 each Exp $
 
 # test response policy zones (RPZ)
 
@@ -215,6 +215,10 @@ addr 57.57.57.57  a3-7.sub1.tld2	# 15 wildcard CNAME
 addr 127.0.0.16	  a4-5-cname3.tld2	# 16 CNAME chain
 addr 127.0.0.17	  a4-6-cname3.tld2	# 17 stop short in CNAME chain
 nxdomain c1.crash2.tld3			# 18 assert in rbtdb.c
+nochange a0-1.tld2      +norecurse
+nxdomain a0-1.tld2      +dnssec
+nxdomain a0-1.signed-tld2
+nochange a0-1.signed-tld2       +dnssec
 end_group
 
 start_group "IP rewrites" test2