From 598bf1c29b60dde22c7a3385ff979f38dffe5659 Mon Sep 17 00:00:00 2001
From: Matthijs Mekking <matthijs@isc.org>
Date: Fri, 6 Aug 2021 14:28:01 +0200
Subject: [PATCH] Add test for in-view zone edits

Add a test case for GL #2845 where a zone is in two views, one base
view and one "in-view" and that zone is using an $INCLUDE. Make sure
that there is a jnl file (have ixfr-from-differences enabled and do a
dynamic update). Then freeze and make updates in the included file
(this requires the test.db file also to be updated because 'rndc freeze'
causes the zone file to be overwritten). Finally reload and ensure that
the edit in the included file has been loaded.
---
 bin/tests/system/rndc/clean.sh           |  2 +
 bin/tests/system/rndc/ns7/include.db.in  | 14 ++++
 bin/tests/system/rndc/ns7/include2.db.in | 14 ++++
 bin/tests/system/rndc/ns7/named.conf.in  | 55 +++++++++++++++
 bin/tests/system/rndc/ns7/test.db.in     | 11 +++
 bin/tests/system/rndc/setup.sh           |  4 ++
 bin/tests/system/rndc/tests.sh           | 87 ++++++++++++++++++++----
 7 files changed, 174 insertions(+), 13 deletions(-)
 create mode 100644 bin/tests/system/rndc/ns7/include.db.in
 create mode 100644 bin/tests/system/rndc/ns7/include2.db.in
 create mode 100644 bin/tests/system/rndc/ns7/named.conf.in
 create mode 100644 bin/tests/system/rndc/ns7/test.db.in

diff --git a/bin/tests/system/rndc/clean.sh b/bin/tests/system/rndc/clean.sh
index 9faf948262..151aa015cb 100644
--- a/bin/tests/system/rndc/clean.sh
+++ b/bin/tests/system/rndc/clean.sh
@@ -21,6 +21,8 @@ rm -f ns4/*.nta
 rm -f ns4/example.db ns4/example.db.jnl
 rm -f ns4/key?.conf
 rm -f ns6/huge.zone.db
+rm -f ns7/include.db ns7/test.db ns7/*.jnl
+rm -f ns7/named_dump.db*
 rm -f ns*/named.conf
 rm -f nsupdate.out.*.test*
 rm -f python.out.*.test*
diff --git a/bin/tests/system/rndc/ns7/include.db.in b/bin/tests/system/rndc/ns7/include.db.in
new file mode 100644
index 0000000000..ff722735d8
--- /dev/null
+++ b/bin/tests/system/rndc/ns7/include.db.in
@@ -0,0 +1,14 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+@		86400	IN SOA	ns7 hostmaster 1 5 5 1814400 3600
+@			NS	ns7
+ns7			A	10.53.0.7
+
+text1			TXT	"include 1"
diff --git a/bin/tests/system/rndc/ns7/include2.db.in b/bin/tests/system/rndc/ns7/include2.db.in
new file mode 100644
index 0000000000..dbdd0ea20f
--- /dev/null
+++ b/bin/tests/system/rndc/ns7/include2.db.in
@@ -0,0 +1,14 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+@		86400	IN SOA	ns7 hostmaster 4 5 5 1814400 3600
+@			NS	ns7
+ns7			A	10.53.0.7
+
+text1			TXT	"include 2"
diff --git a/bin/tests/system/rndc/ns7/named.conf.in b/bin/tests/system/rndc/ns7/named.conf.in
new file mode 100644
index 0000000000..db1fb8ca13
--- /dev/null
+++ b/bin/tests/system/rndc/ns7/named.conf.in
@@ -0,0 +1,55 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+options {
+	port @PORT@;
+	pid-file "named.pid";
+	listen-on { 10.53.0.7; };
+	listen-on-v6 { none; };
+};
+
+key rndc_key {
+	secret "1234abcd8765";
+	algorithm hmac-sha256;
+};
+
+key int {
+	algorithm "hmac-sha1";
+	secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
+};
+
+key ext {
+	algorithm "hmac-sha1";
+	secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
+};
+
+controls {
+	inet 10.53.0.7 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
+};
+
+view internal {
+	match-clients { key "int"; };
+
+	zone "test" {
+		type primary;
+		update-policy { grant int zonesub any; };
+		file "test.db";
+		ixfr-from-differences yes;
+	};
+};
+
+view external {
+	match-clients { key "ext"; };
+
+	zone "test" {
+		in-view internal;
+	};
+};
diff --git a/bin/tests/system/rndc/ns7/test.db.in b/bin/tests/system/rndc/ns7/test.db.in
new file mode 100644
index 0000000000..cd776045ab
--- /dev/null
+++ b/bin/tests/system/rndc/ns7/test.db.in
@@ -0,0 +1,11 @@
+; Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+;
+; This Source Code Form is subject to the terms of the Mozilla Public
+; License, v. 2.0. If a copy of the MPL was not distributed with this
+; file, You can obtain one at http://mozilla.org/MPL/2.0/.
+;
+; See the COPYRIGHT file distributed with this work for additional
+; information regarding copyright ownership.
+
+$TTL 3600
+$INCLUDE "include.db"
diff --git a/bin/tests/system/rndc/setup.sh b/bin/tests/system/rndc/setup.sh
index fb56de80a4..b7721a38d4 100644
--- a/bin/tests/system/rndc/setup.sh
+++ b/bin/tests/system/rndc/setup.sh
@@ -19,6 +19,9 @@ $SHELL ${TOP_SRCDIR}/bin/tests/system/genzone.sh 2 >ns4/example.db
 
 $SHELL ${TOP_SRCDIR}/bin/tests/system/genzone.sh 2 >ns6/huge.zone.db
 
+cp ns7/test.db.in ns7/test.db
+cp ns7/include.db.in ns7/include.db
+
 # we make the huge zone less huge if we're running under
 # TSAN, to give the test a fighting chance not to time out.
 size=1000000
@@ -33,6 +36,7 @@ copy_setports ns3/named.conf.in ns3/named.conf
 copy_setports ns4/named.conf.in ns4/named.conf
 copy_setports ns5/named.conf.in ns5/named.conf
 copy_setports ns6/named.conf.in ns6/named.conf
+copy_setports ns7/named.conf.in ns7/named.conf
 
 make_key () {
     $RNDCCONFGEN -k key$1 -A $3 -s 10.53.0.4 -p $2 \
diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh
index c3dda378f8..d25aec63a3 100644
--- a/bin/tests/system/rndc/tests.sh
+++ b/bin/tests/system/rndc/tests.sh
@@ -12,7 +12,8 @@
 . ../conf.sh
 
 DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd"
-DIGCMD="$DIG $DIGOPTS @10.53.0.2 -p ${PORT}"
+DIGOPTS=""
+DIGCMD="$DIG $DIGOPTS -p ${PORT}"
 RNDCCMD="$RNDC -p ${CONTROLPORT} -c ../common/rndc.conf -s"
 
 status=0
@@ -73,7 +74,7 @@ update add text2.nil. 600 IN TXT "addition 2"
 send
 END
 
-$DIGCMD text2.nil. TXT > dig.out.1.test$n
+$DIGCMD @10.53.0.2 text2.nil. TXT > dig.out.1.test$n
 grep 'addition 2' dig.out.1.test$n >/dev/null && ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
@@ -90,7 +91,7 @@ zone nil.
 update add text3.nil. 600 IN TXT "addition 3"
 send
 END
-$DIGCMD text3.nil. TXT > dig.out.1.test$n
+$DIGCMD @10.53.0.2 text3.nil. TXT > dig.out.1.test$n
 grep 'addition 3' dig.out.1.test$n >/dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
@@ -130,7 +131,7 @@ update add text4.nil. 600 IN TXT "addition 4"
 send
 END
 
-$DIGCMD text4.nil. TXT > dig.out.1.test$n
+$DIGCMD @10.53.0.2 text4.nil. TXT > dig.out.1.test$n
 grep 'addition 4' dig.out.1.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
@@ -170,7 +171,7 @@ update add text5.nil. 600 IN TXT "addition 5"
 send
 END
 
-$DIGCMD text4.nil. TXT > dig.out.1.test$n
+$DIGCMD @10.53.0.2 text4.nil. TXT > dig.out.1.test$n
 grep 'addition 4' dig.out.1.test$n >/dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
@@ -242,11 +243,11 @@ zone other.
 update add text7.other. 600 IN TXT "addition 7"
 send
 END
-$DIGCMD text6.other. TXT > dig.out.1.test$n
+$DIGCMD @10.53.0.2 text6.other. TXT > dig.out.1.test$n
 grep 'addition 6' dig.out.1.test$n >/dev/null || ret=1
-$DIGCMD text7.other. TXT > dig.out.2.test$n
+$DIGCMD @10.53.0.2 text7.other. TXT > dig.out.2.test$n
 grep 'addition 7' dig.out.2.test$n >/dev/null || ret=1
-$DIGCMD frozen.other. TXT > dig.out.3.test$n
+$DIGCMD @10.53.0.2 frozen.other. TXT > dig.out.3.test$n
 grep 'frozen addition' dig.out.3.test$n >/dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
@@ -285,11 +286,11 @@ zone nil.
 update add text7.nil. 600 IN TXT "addition 7"
 send
 END
-$DIGCMD text6.nil. TXT > dig.out.1.test$n
+$DIGCMD @10.53.0.2 text6.nil. TXT > dig.out.1.test$n
 grep 'addition 6' dig.out.1.test$n > /dev/null || ret=1
-$DIGCMD text7.nil. TXT > dig.out.2.test$n
+$DIGCMD @10.53.0.2 text7.nil. TXT > dig.out.2.test$n
 grep 'addition 7' dig.out.2.test$n > /dev/null || ret=1
-$DIGCMD frozen.nil. TXT > dig.out.3.test$n
+$DIGCMD @10.53.0.2 frozen.nil. TXT > dig.out.3.test$n
 grep 'frozen addition' dig.out.3.test$n >/dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
@@ -706,7 +707,7 @@ zone example.
 update add text2.example. 600 IN TXT "addition 3"
 send
 END
-$DIG $DIGOPTS @10.53.0.4 -p ${PORT} text2.example. TXT > dig.out.1.test$n
+$DIGCMD @10.53.0.4 -p ${PORT} text2.example. TXT > dig.out.1.test$n
 grep 'addition 3' dig.out.1.test$n >/dev/null && ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
@@ -728,10 +729,70 @@ zone example.
 update add text2.example. 600 IN TXT "addition 3"
 send
 END
-$DIG $DIGOPTS @10.53.0.4 -p ${PORT} text2.example. TXT > dig.out.1.test$n
+$DIGCMD @10.53.0.4 -p ${PORT} text2.example. TXT > dig.out.1.test$n
 grep 'addition 3' dig.out.1.test$n >/dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
 
+n=$((n+1))
+echo_i "checking initial in-view zone file is loaded ($n)"
+ret=0
+TSIG="hmac-sha1:int:FrSt77yPTFx6hTs4i2tKLB9LmE0="
+$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.1.test$n
+grep 'include 1' dig.out.1.test$n >/dev/null || ret=1
+TSIG="hmac-sha1:ext:FrSt77yPTFx6hTs4i2tKLB9LmE0="
+$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.2.test$n
+grep 'include 1' dig.out.2.test$n >/dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+echo_i "update in-view zone ($n)"
+ret=0
+TSIG="hmac-sha1:int:FrSt77yPTFx6hTs4i2tKLB9LmE0="
+$NSUPDATE -p ${PORT} -y "$TSIG" > /dev/null 2>&1 <<END || ret=1
+server 10.53.0.7
+zone test.
+update add text2.test. 600 IN TXT "addition 1"
+send
+END
+[ -s ns7/test.db.jnl ] || {
+	echo_i "'test -s ns7/test.db.jnl' failed when it shouldn't have"; ret=1;
+}
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+echo_i "checking update ($n)"
+ret=0
+TSIG="hmac-sha1:int:FrSt77yPTFx6hTs4i2tKLB9LmE0="
+$DIGCMD @10.53.0.7 -y "$TSIG" text2.test. TXT > dig.out.1.test$n
+grep 'addition 1' dig.out.1.test$n >/dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+echo_i "rndc freeze"
+$RNDCCMD 10.53.0.7 freeze | sed 's/^/ns7 /' | cat_i | cat_i
+
+echo_i "edit zone files"
+cp ns7/test.db.in ns7/test.db
+cp ns7/include2.db.in ns7/include.db
+
+echo_i "rndc thaw"
+$RNDCCMD 10.53.0.7 thaw | sed 's/^/ns7 /' | cat_i
+
+echo_i "rndc reload"
+$RNDCCMD 10.53.0.7 reload | sed 's/^/ns7 /' | cat_i
+
+n=$((n+1))
+echo_i "checking zone file edits are loaded ($n)"
+ret=0
+TSIG="hmac-sha1:int:FrSt77yPTFx6hTs4i2tKLB9LmE0="
+$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.1.test$n
+grep 'include 2' dig.out.1.test$n >/dev/null || ret=1
+TSIG="hmac-sha1:ext:FrSt77yPTFx6hTs4i2tKLB9LmE0="
+$DIGCMD @10.53.0.7 -y "$TSIG" text1.test. TXT > dig.out.2.test$n
+grep 'include 2' dig.out.2.test$n >/dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1