1#!/bin/sh 2# 3# Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC") 4# 5# Permission to use, copy, modify, and/or distribute this software for any 6# purpose with or without fee is hereby granted, provided that the above 7# copyright notice and this permission notice appear in all copies. 8# 9# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15# PERFORMANCE OF THIS SOFTWARE. 16 17# $Id: tests.sh,v 1.4 2008/07/19 00:02:14 each Exp $ 18 19SYSTEMTESTTOP=.. 20. $SYSTEMTESTTOP/conf.sh 21 22DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd" 23 24status=0 25t=0 26 27echo "I:testing basic ACL processing" 28# key "one" should fail 29t=`expr $t + 1` 30$DIG $DIGOPTS tsigzone. \ 31 @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out 32grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } 33 34# any other key should be fine 35t=`expr $t + 1` 36$DIG $DIGOPTS tsigzone. \ 37 @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out 38grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } 39 40cp -f ns2/named2.conf ns2/named.conf 41$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' 42sleep 5 43 44# prefix 10/8 should fail 45t=`expr $t + 1` 46$DIG $DIGOPTS tsigzone. \ 47 @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out 48grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } 49 50# any other address should work, as long as it sends key "one" 51t=`expr $t + 1` 52$DIG $DIGOPTS tsigzone. \ 53 @10.53.0.2 -b 127.0.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out 54grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } 55 56t=`expr $t + 1` 57$DIG $DIGOPTS tsigzone. \ 58 @10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out 59grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } 60 61echo "I:testing nested ACL processing" 62# all combinations of 10.53.0.{1|2} with key {one|two}, should succeed 63cp -f ns2/named3.conf ns2/named.conf 64$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' 65sleep 5 66 67# should succeed 68t=`expr $t + 1` 69$DIG $DIGOPTS tsigzone. \ 70 @10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 -p 5300 > dig.out 71grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } 72 73# should succeed 74t=`expr $t + 1` 75$DIG $DIGOPTS tsigzone. \ 76 @10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 -p 5300 > dig.out 77grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } 78 79# should succeed 80t=`expr $t + 1` 81$DIG $DIGOPTS tsigzone. \ 82 @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out 83grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } 84 85# should succeed 86t=`expr $t + 1` 87$DIG $DIGOPTS tsigzone. \ 88 @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out 89grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } 90 91# but only one or the other should fail 92t=`expr $t + 1` 93$DIG $DIGOPTS tsigzone. \ 94 @10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out 95grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } 96 97t=`expr $t + 1` 98$DIG $DIGOPTS tsigzone. \ 99 @10.53.0.2 -b 10.53.0.2 axfr -p 5300 > dig.out 100grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $tt failed" ; status=1; } 101 102# and other values? right out 103t=`expr $t + 1` 104$DIG $DIGOPTS tsigzone. \ 105 @10.53.0.2 -b 127.0.0.1 axfr -y three:1234abcd8765 -p 5300 > dig.out 106grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } 107 108# now we only allow 10.53.0.1 *and* key one, or 10.53.0.2 *and* key two 109cp -f ns2/named4.conf ns2/named.conf 110$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 reload 2>&1 | sed 's/^/I:ns2 /' 111sleep 5 112 113# should succeed 114t=`expr $t + 1` 115$DIG $DIGOPTS tsigzone. \ 116 @10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 -p 5300 > dig.out 117grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } 118 119# should succeed 120t=`expr $t + 1` 121$DIG $DIGOPTS tsigzone. \ 122 @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 -p 5300 > dig.out 123grep "^;" dig.out > /dev/null 2>&1 && { echo "I:test $t failed" ; status=1; } 124 125# should fail 126t=`expr $t + 1` 127$DIG $DIGOPTS tsigzone. \ 128 @10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 -p 5300 > dig.out 129grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } 130 131# should fail 132t=`expr $t + 1` 133$DIG $DIGOPTS tsigzone. \ 134 @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 -p 5300 > dig.out 135grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } 136 137# should fail 138t=`expr $t + 1` 139$DIG $DIGOPTS tsigzone. \ 140 @10.53.0.2 -b 10.53.0.3 axfr -y one:1234abcd8765 -p 5300 > dig.out 141grep "^;" dig.out > /dev/null 2>&1 || { echo "I:test $t failed" ; status=1; } 142 143echo "I:exit status: $status" 144exit $status 145