In order to decrease code duplication, express the logic contained in
all zone logging functions using dns_zone_logv() calls.
(cherry picked from commit 5c03cd339e)
Add a new libdns function, dns_zone_logv(), which takes a single va_list
argument rather than a variable number of arguments and can be used as a
base for implementing more specific zone logging functions.
(cherry picked from commit bb2dfb3f49)
check_stale_header() fails to update the pointer to the previous header
while processing rdataset headers eligible for serve-stale, thus
enabling rdataset headers to be leaked (i.e. disassociated from a node
and left on the relevant TTL heap) while iterating through a node. This
can lead to several different assertion failures. Add the missing
pointer update.
(cherry picked from commit cf9cb7cd0013610c8978808aab9d6bae9fe57a4b)
compare_rdata() was meant to be used as a qsort() callback. Meanwhile,
dns_rdataslab_merge() calls compare_rdata() for a pair of dns_rdata_t
structures rather than a pair of struct xrdata structures, which is
harmless, but triggers an ubsan warning:
rdataslab.c:84:33: runtime error: member access within address <address> with insufficient space for an object of type 'const struct xrdata'
Use dns_rdata_compare() instead of compare_rdata() to prevent the
warning from being triggered.
(cherry picked from commit 9bc6ba0be9)
Add a new ATF test, sigs_test, containing everything required to start
defining test cases for dns__zone_updatesigs(). The framework is
written in a way which ensures that changes to zone database applied by
any dns__zone_updatesigs() invocation are preserved between subsequent
checks.
(cherry picked from commit 1f10186476)
Rename find_zone_keys() to dns__zone_findkeys() and move it to
lib/dns/zone_p.h, so that it can be used in unit tests. Add a comment
describing the purpose of this function.
(cherry picked from commit d7143986b1)
Rename update_sigs() to dns__zone_updatesigs() and move it to
lib/dns/zone_p.h, so that it can be unit tested. Add a comment
describing the purpose of this function.
(cherry picked from commit b1947cee82)
Rename zonediff_t to dns__zonediff_t and move it to lib/dns/zone_p.h, so
that unit tests can be written for functions taking pointers to
structures of this type as arguments.
(cherry picked from commit ace465a9f9)
Add a new private header file, lib/dns/zone_p.h, which will hold type
definitions and function prototypes not meant to be exported by libdns,
but required by zone-related unit tests.
(cherry picked from commit c1bc3be806)
Implement dns_test_difffromchanges(), a function which enables preparing
a dns_diff_t structure from a mostly-textual representation of zone
database changes to be applied. This will improve readability of test
case definitions by allowing contents of a dns_diff_t structure, passed
e.g. to update_sigs(), to be represented in a human-friendly manner.
(cherry picked from commit 3c22af0d35)
Remove the underscore from "rdata_fromstring" so that all helper
functions for libdns tests use a common naming covention.
(cherry picked from commit 2980cbd55f)
The dns_test_makezone() helper function always assigns the created zone
to some view, which is not always necessary and complicates cleanup of
non-managed zones as they are required not to be assigned to any view.
Rework dns_test_makezone() in order to make it easier to use in unit
tests operating on non-managed zones. Use dns_name_fromstring() instead
of dns_name_fromtext() to simplify code. Do not use the CHECK() macro
and add comments to make code flow simpler to follow. Use
dns_test_makeview() instead of dns_view_create().
Adjust existing unit tests using this function so that they still pass.
(cherry picked from commit bfbeef3609)
When inline signing is enabled for a zone without creating signing keys
for it, changes subsequently applied to the raw zone will not be
reflected in the secure zone due to the dns_update_signaturesinc() call
inside receive_secure_serial() failing. Given that an inline zone will
be served (without any signatures) even with no associated signing keys
being present, keep applying raw zone deltas to the secure zone until
keys become available in an attempt to follow the principle of least
astonishment.
(cherry picked from commit 6acf326969)
If a raw zone is modified, but the dns_update_signaturesinc() call in
receive_secure_serial() fails, the corresponding secure zone's database
will not be modified, even though by that time a message containing the
bumped signed serial will already have been logged. This creates
confusion, because a different secure zone version will be served than
the one announced in the logs. Move the relevant dns_zone_log() call so
that it is only performed if the secure zone's database is modified.
(cherry picked from commit cfbc8e264d)
