Commit 1093c366 authored by Mark Andrews's avatar Mark Andrews

Merge branch...

Merge branch '1860-delv-crashes-processing-deprecated-trusted-keys-clause-in-anchor-file' into 'master'

Resolve "delv crashes processing deprecated "trusted-keys" clause in anchor file"

Closes #1860

See merge request !3568
parents 8422b23c 7854b652
Pipeline #42606 passed with stages
in 5 minutes and 16 seconds
5418. [bug] delv failed to parse deprecated trusted-keys style
trust anchors. [GL #1860]
5417. [cleanup] The code determining the advertised UDP buffer size in
outgoing EDNS queries has been refactored to improve its
clarity. [GL #1868]
......
......@@ -615,6 +615,7 @@ key_fromconfig(const cfg_obj_t *key, dns_client_t *client) {
INITIAL_DS,
STATIC_DS,
TRUSTED } anchortype;
const cfg_obj_t *obj;
keynamestr = cfg_obj_asstring(cfg_tuple_get(key, "name"));
CHECK(convert_name(&fkeyname, &keyname, keynamestr));
......@@ -647,21 +648,30 @@ key_fromconfig(const cfg_obj_t *key, dns_client_t *client) {
rdata3 = cfg_obj_asuint32(cfg_tuple_get(key, "rdata3"));
/* What type of trust anchor is this? */
atstr = cfg_obj_asstring(cfg_tuple_get(key, "anchortype"));
if (strcasecmp(atstr, "static-key") == 0) {
obj = cfg_tuple_get(key, "anchortype");
if (cfg_obj_isvoid(obj)) {
/*
* "anchortype" is not defined, this must be a static-key
* configured with trusted-keys.
*/
anchortype = STATIC_KEY;
} else if (strcasecmp(atstr, "static-ds") == 0) {
anchortype = STATIC_DS;
} else if (strcasecmp(atstr, "initial-key") == 0) {
anchortype = INITIAL_KEY;
} else if (strcasecmp(atstr, "initial-ds") == 0) {
anchortype = INITIAL_DS;
} else {
delv_log(ISC_LOG_ERROR,
"key '%s': invalid initialization method '%s'",
keynamestr, atstr);
result = ISC_R_FAILURE;
goto cleanup;
atstr = cfg_obj_asstring(obj);
if (strcasecmp(atstr, "static-key") == 0) {
anchortype = STATIC_KEY;
} else if (strcasecmp(atstr, "static-ds") == 0) {
anchortype = STATIC_DS;
} else if (strcasecmp(atstr, "initial-key") == 0) {
anchortype = INITIAL_KEY;
} else if (strcasecmp(atstr, "initial-ds") == 0) {
anchortype = INITIAL_DS;
} else {
delv_log(ISC_LOG_ERROR,
"key '%s': invalid initialization method '%s'",
keynamestr, atstr);
result = ISC_R_FAILURE;
goto cleanup;
}
}
isc_buffer_init(&databuf, data, sizeof(data));
......
......@@ -292,6 +292,13 @@ keyfile_to_dskeys() {
echo "};"
}
# keyfile_to_trusted_keys: convert key data contained in the keyfile(s)
# provided to a "trust-keys" section suitable for including in a
# resolver's configuration file
keyfile_to_trusted_keys() {
keyfile_to_keys "trusted-keys" "" $*
}
# keyfile_to_static_keys: convert key data contained in the keyfile(s)
# provided to a *static-key* "trust-anchors" section suitable for including in
# a resolver's configuration file
......
......@@ -46,6 +46,8 @@ cp trusted.conf ../ns6/trusted.conf
cp trusted.conf ../ns7/trusted.conf
cp trusted.conf ../ns9/trusted.conf
keyfile_to_trusted_keys "$ksk" > trusted.keys
# ...or with an initializing key.
keyfile_to_initial_ds "$ksk" > managed.conf
cp managed.conf ../ns4/managed.conf
......
......@@ -205,6 +205,15 @@ if [ -x ${DELV} ] ; then
n=$((n+1))
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
ret=0
echo_i "checking positive validation NSEC using dns_client (trusted-keys) ($n)"
"$DELV" -a ns1/trusted.keys -p "$PORT" @10.53.0.4 a a.example > delv.out$n || ret=1
grep "a.example..*10.0.0.1" delv.out$n > /dev/null || ret=1
grep "a.example..*.RRSIG.A [0-9][0-9]* 2 300 .*" delv.out$n > /dev/null || ret=1
n=$((n+1))
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
fi
echo_i "checking positive validation NSEC3 ($n)"
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment