Commit 38e8022a authored by Mark Andrews's avatar Mark Andrews

1625. [bug] named failed to load/transfer RFC2535 signed zones

                        which contained CNAMES. [RT# 11237]
parent af6e33e7
......@@ -3,7 +3,8 @@
1626. [bug] --enable-getifaddrs was broken. [RT#11259]
1625. [placeholder] rt11237
1625. [bug] named failed to load/transfer RFC2535 signed zones
which contained CNAMES. [RT# 11237]
1624. [bug] zonemgr_putio() call should be locked. [RT# 11163]
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: update.c,v 1.110 2004/04/15 01:58:23 marka Exp $ */
/* $Id: update.c,v 1.111 2004/05/05 01:32:56 marka Exp $ */
#include <config.h>
......@@ -850,7 +850,8 @@ temp_check(isc_mem_t *mctx, dns_diff_t *temp, dns_db_t *db,
this name and type */
*typep = type = t->rdata.type;
if (type == dns_rdatatype_rrsig)
if (type == dns_rdatatype_rrsig ||
type == dns_rdatatype_sig)
covers = dns_rdata_covers(&t->rdata);
else
covers = 0;
......@@ -2467,8 +2468,9 @@ update_action(isc_task_t *task, isc_event_t *event) {
ctx.ignore_add = ISC_FALSE;
dns_diff_init(mctx, &ctx.del_diff);
dns_diff_init(mctx, &ctx.add_diff);
CHECK(foreach_rr(db, ver, name, rdata.type, covers,
add_rr_prepare_action, &ctx));
CHECK(foreach_rr(db, ver, name, rdata.type,
covers, add_rr_prepare_action,
&ctx));
if (ctx.ignore_add) {
dns_diff_clear(&ctx.del_diff);
......
......@@ -13,7 +13,7 @@
; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
; PERFORMANCE OF THIS SOFTWARE.
; $Id: example.db.in,v 1.14 2004/04/15 23:40:22 marka Exp $
; $Id: example.db.in,v 1.15 2004/05/05 01:32:57 marka Exp $
$TTL 300 ; 5 minutes
@ IN SOA mname1. . (
......@@ -70,6 +70,10 @@ dynamic A 10.53.0.3
mustbesecure NS ns.mustbesecure
ns.mustbesecure A 10.53.0.3
; A rfc2535 signed zone w/ CNAME
rfc2535 NS ns.rfc2535
ns.rfc2535 A 10.53.0.3
z A 10.0.0.26
keyless NS ns.keyless
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named.conf,v 1.23 2004/03/10 02:19:53 marka Exp $ */
/* $Id: named.conf,v 1.24 2004/05/05 01:32:57 marka Exp $ */
// NS2
......@@ -62,4 +62,10 @@ zone "insecure.secure.example" {
allow-update { any; };
};
zone "rfc2335.example" {
type master;
file "rfc2335.example.db";
};
include "trusted.conf";
; File written on Fri Apr 30 12:19:15 2004
; dnssec_signzone version 9.2.4rc3
rfc2335.example. 300 IN SOA mname1. . (
2000042407 ; serial
20 ; refresh (20 seconds)
20 ; retry (20 seconds)
1814400 ; expire (3 weeks)
3600 ; minimum (1 hour)
)
300 SIG SOA 1 2 300 20040530021915 (
20040430021915 47799 rfc2335.example.
nGPJKIzF7X/hMJbZURRz59UeEi/6HRxCn9Er
GqSnpw0Ea9Yx5Axu6sLKnF7jXlkZ6NHMCIpJ
+Lv+FDHXTs/dQg== )
300 NS ns.rfc2335.example.
300 SIG NS 1 2 300 20040530021915 (
20040430021915 47799 rfc2335.example.
Q234AL9dJYMvxdWG33lpww6AJ3GplKp+ace7
MUaj0oqDdkx4DtJF2XaP2xcqq7kTOObdQ8ES
vVxNThqOx7LFzg== )
300 KEY 256 3 1 (
AQPZhzXIabI8y5ihWUw7F0WxN2MabnYWkOcV
Fn11NgaGSdjBSYPRMMwMCasD5N2KYPRUP83W
y8mj+ofcoW1FurcZ
) ; key id = 47799
300 NXT a.rfc2335.example. NS SOA SIG KEY NXT
300 SIG NXT 1 2 300 20040530021915 (
20040430021915 47799 rfc2335.example.
Y587mqNy6pBEfbsU6+weM2XRSqLwLwRT9Sl7
oNuOK9kV3TR4R2M54m2S0MgJCXbRAwU+fF8Q
UbZkSTVe2N8Nyg== )
a.rfc2335.example. 300 IN A 10.0.0.1
300 SIG A 1 3 300 20040530021915 (
20040430021915 47799 rfc2335.example.
FnfWrcw5ire8ut25504zti5l///BdDMUAkJZ
UCLFiTW4lBGMcq1pqz64zltDZXCgJ3xUeQ2i
nRt19/ZxO6Z1KA== )
300 NXT b.rfc2335.example. A SIG NXT
300 SIG NXT 1 3 300 20040530021915 (
20040430021915 47799 rfc2335.example.
R6SpC3ndMVg4u/eZaaUsXSuMHV/hZXeaM/Op
bJLAe3KxMiOHfb6XgLy7wflAiC1xt6A9bWpy
kTc5T5gfic33kA== )
b.rfc2335.example. 300 IN A 10.0.0.2
300 SIG A 1 3 300 20040530021915 (
20040430021915 47799 rfc2335.example.
zjRsYXMGyhDI6ipDtu8YXC9XPN+3hGamzzxL
8uPE/LPo+x19MNdbzEgWzlajAf1/mkSGr2jN
BDMVBA5NMKpwAA== )
300 NXT d.rfc2335.example. A SIG NXT
300 SIG NXT 1 3 300 20040530021915 (
20040430021915 47799 rfc2335.example.
aV87iZCYsC5Tqop827Zzb18TNqopGt0QynkR
gIF/lIHqZasNFRfaS1/nTnXdDKD8JS5IqxKb
oTJr5zswDAtCEw== )
d.rfc2335.example. 300 IN A 10.0.0.4
300 SIG A 1 3 300 20040530021915 (
20040430021915 47799 rfc2335.example.
NsKyvhUYZxTbOTBX4YwxTxevI5iGBpULKwmt
+D4l00ME4XRygOVmiqVDTT9dF1EgjDxOdfMT
hSjtCh5M1b2f6g== )
300 NXT ns.rfc2335.example. A SIG NXT
300 SIG NXT 1 3 300 20040530021915 (
20040430021915 47799 rfc2335.example.
OGqlvSDZIZdHYigh4UAFzXfPze7vcQfgj7sN
+cAeoh4BL1gpa00DqANCxowNCYluDk3ZCDwt
UHZEJa8ZjNvv4g== )
ns.rfc2335.example. 300 IN A 10.53.0.3
300 SIG A 1 3 300 20040530021915 (
20040430021915 47799 rfc2335.example.
T6ZGeUWflLTku8jO23x/TeAPeUl8t0I18FCh
qHUZaHomLQasQ2jlZQn6cLpFd2uFJkBNxZ0G
I39aG7G1bObXdA== )
300 NXT x.rfc2335.example. A SIG NXT
300 SIG NXT 1 3 300 20040530021915 (
20040430021915 47799 rfc2335.example.
l46mrf3/Ii5iRm3AiDjYeMg4ZXBgitHxXA2y
e/NhKpkxRRpCs7UQ94wT/RiSCjjK49E5FBe6
5bRxtWq0GI7zlg== )
x.rfc2335.example. 300 IN CNAME a.rfc2335.example.
300 SIG CNAME 1 3 300 20040530021915 (
20040430021915 47799 rfc2335.example.
L3IOluq+kboBd2gR2Mu54uJKCUzfmyHRiWKl
kfx+vuFr0I8mEHQRmJtouxNDrBzmzGp5vybK
SdabLWw0n6uQEA== )
300 NXT z.rfc2335.example. CNAME SIG NXT
300 SIG NXT 1 3 300 20040530021915 (
20040430021915 47799 rfc2335.example.
CBKoJSkZzdpwiON7JS4yPFY5VVeBjfT19x/O
vx+5UK1JZUNKhTXWWgW1er+JlLzNf4Ot40+l
z9HUTyaeS0eWyw== )
z.rfc2335.example. 300 IN A 10.0.0.26
300 SIG A 1 3 300 20040530021915 (
20040430021915 47799 rfc2335.example.
ccqjVHnehvVwlNNd4+7n/GzGlRjj+ul0gCT3
X3950LTccxHsOFyjNNm8v/Ho/aurSYdqXEjY
jwmjC6elwkzB7A== )
300 NXT rfc2335.example. A SIG NXT
300 SIG NXT 1 3 300 20040530021915 (
20040430021915 47799 rfc2335.example.
W42WoFyd9erysv8HjKo+CpHIH1x6+pAKwCDO
/hHnkEpQI3brewxl7cWOPYeA92Ns80Ody/ui
m2E28A5gnmWqPw== )
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named.conf,v 1.26 2004/04/15 23:40:22 marka Exp $ */
/* $Id: named.conf,v 1.27 2004/05/05 01:32:57 marka Exp $ */
// NS3
......@@ -79,4 +79,10 @@ zone "mustbesecure.example" {
file "mustbesecure.example.db";
};
zone "rfc2335.example" {
type slave;
masters { 10.53.0.2; };
file "rfc2335.example.bk";
};
include "trusted.conf";
......@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.44 2004/03/10 02:19:53 marka Exp $
# $Id: tests.sh,v 1.45 2004/05/05 01:32:56 marka Exp $
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
......@@ -446,6 +446,27 @@ ret=0
$DIG $DIGOPTS private.secure.example. SOA @10.53.0.6 \
> dig.out.ns6.test$n || ret=1
grep "flags:.*ad.*QUERY" dig.out.ns6.test$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:checking that we can load a rfc2535 signed zone ($n)"
ret=0
$DIG $DIGOPTS rfc2535.example. SOA @10.53.0.2 \
> dig.out.ns2.test$n || ret=1
grep "status: NOERROR" dig.out.ns2.test$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:checking that we can transfer a rfc2535 signed zone ($n)"
ret=0
$DIG $DIGOPTS rfc2535.example. SOA @10.53.0.3 \
> dig.out.ns3.test$n || ret=1
grep "status: NOERROR" dig.out.ns3.test$n > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
# Run a minimal update test if possible. This is really just
# a regression test for RT #2399; more tests should be added.
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: master.c,v 1.148 2004/03/05 05:09:21 marka Exp $ */
/* $Id: master.c,v 1.149 2004/05/05 01:32:58 marka Exp $ */
#include <config.h>
......@@ -1645,7 +1645,8 @@ load(dns_loadctx_t *lctx) {
}
if (type == dns_rdatatype_rrsig)
if (type == dns_rdatatype_rrsig ||
type == dns_rdatatype_sig)
covers = dns_rdata_covers(&rdata[rdcount]);
else
covers = 0;
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: message.c,v 1.222 2004/03/10 00:47:40 marka Exp $ */
/* $Id: message.c,v 1.223 2004/05/05 01:32:58 marka Exp $ */
/***
*** Imports
......@@ -1288,18 +1288,16 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
if (result != ISC_R_SUCCESS)
goto cleanup;
rdata->rdclass = rdclass;
issigzero = ISC_FALSE;
if (rdtype == dns_rdatatype_rrsig &&
rdata->flags == 0) {
covers = dns_rdata_covers(rdata);
if (covers == 0)
DO_FORMERR;
} else
covers = 0;
issigzero = ISC_FALSE;
if (rdtype == dns_rdatatype_sig /* SIG(0) */ &&
rdata->flags == 0) {
if (dns_rdata_covers(rdata) == 0) {
} else if (rdtype == dns_rdatatype_sig /* SIG(0) */ &&
rdata->flags == 0) {
covers = dns_rdata_covers(rdata);
if (covers == 0) {
if (sectionid != DNS_SECTION_ADDITIONAL ||
count != msg->counts[sectionid] - 1)
DO_FORMERR;
......@@ -1308,7 +1306,8 @@ getsection(isc_buffer_t *source, dns_message_t *msg, dns_decompress_t *dctx,
skip_type_search = ISC_TRUE;
issigzero = ISC_TRUE;
}
}
} else
covers = 0;
/*
* If we are doing a dynamic update or this is a meta-type,
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: rbtdb.c,v 1.196 2004/03/05 05:09:22 marka Exp $ */
/* $Id: rbtdb.c,v 1.197 2004/05/05 01:32:58 marka Exp $ */
/*
* Principal Author: Bob Halley
......@@ -3669,10 +3669,13 @@ cname_and_other_data(dns_rbtnode_t *node, rbtdb_serial_t serial) {
* or RRSIG CNAME.
*/
rdtype = RBTDB_RDATATYPE_BASE(header->type);
if (rdtype == dns_rdatatype_rrsig)
if (rdtype == dns_rdatatype_rrsig ||
rdtype == dns_rdatatype_sig)
rdtype = RBTDB_RDATATYPE_EXT(header->type);
if (rdtype != dns_rdatatype_nsec &&
rdtype != dns_rdatatype_dnskey &&
rdtype != dns_rdatatype_nxt &&
rdtype != dns_rdatatype_key &&
rdtype != dns_rdatatype_cname) {
/*
* We've found a type that isn't
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment