Commit 63e1ac1e authored by Mark Andrews's avatar Mark Andrews

3890. [bug] RRSIG sets that were not loaded in a single transaction

                        at start up where not being correctly added to
                        re-signing heaps.  [RT #36302]
parent 769224a8
3890. [bug] RRSIG sets that were not loaded in a single transaction
at start up where not being correctly added to
re-signing heaps. [RT #36302]
3889. [port] hurd: configure fixes as per:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746540
......
......@@ -71,3 +71,5 @@ rm -f canonical?.*
rm -f ns3/siginterval.conf
rm -f ns4/named_dump.db
rm -f ns3/badds.example.db
rm -f delve.out*
rm -f ns7/split-rrsig.db ns7/split-rrsig.db.unsplit
......@@ -24,6 +24,7 @@ zonefile=root.db
(cd ../ns2 && $SHELL sign.sh )
(cd ../ns6 && $SHELL sign.sh )
(cd ../ns7 && $SHELL sign.sh )
cp ../ns2/dsset-example. .
cp ../ns2/dsset-dlv. .
......
......@@ -75,4 +75,10 @@ zone "nosoa.secure.example" {
file "nosoa.secure.example.db";
};
zone "split-rrsig" {
type master;
file "split-rrsig.db.signed";
allow-update { any; };
};
include "trusted.conf";
#!/bin/sh -e
#
# Copyright (C) 2013, 2014 Internet Systems Consortium, Inc. ("ISC")
#
# Permission to use, copy, modify, and/or distribute this software for any
# purpose with or without fee is hereby granted, provided that the above
# copyright notice and this permission notice appear in all copies.
#
# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: sign.sh,v 1.43 2011/11/04 05:36:28 each Exp $
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
zone=split-rrsig
infile=split-rrsig.in
zonefile=split-rrsig.db
k1=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 768 -n zone $zone`
k2=`$KEYGEN -q -r $RANDFILE -a RSASHA256 -b 768 -n zone $zone`
cat $infile $k1.key $k2.key >$zonefile
$SIGNER -P -3 - -A -r $RANDFILE -o $zone -O full -f $zonefile.unsplit -e now-3600 -s now-7200 $zonefile > /dev/null 2>&1
awk 'BEGIN { r = ""; }
$4 == "RRSIG" && $5 == "SOA" && r == "" { r = $0; next; }
{ print }
END { print r }' $zonefile.unsplit > $zonefile.signed
split-rrsig. 3660 IN SOA . . (
1 ; serial
3600 ; refresh (1 hour)
3600 ; retry (1 hour)
3600 ; expire (1 hour)
3600 ; minimum (1 hour)
)
3660 NS ns.example.
a.split-rrsig. 3660 IN A 192.0.2.2
b.split-rrsig. 3660 IN A 192.0.2.2
......@@ -31,4 +31,3 @@ echo "c.bogus.example. A 10.0.0.23" >>../ns3/bogus.example.db.signed
cd ../ns3 && cp -f siginterval1.conf siginterval.conf
cd ../ns4 && cp -f named1.conf named.conf
cd ../ns5 && cp -f trusted.conf.bad trusted.conf
......@@ -2586,5 +2586,13 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:check that split rrsigs are handled ($n)"
ret=0
$DIG $DIGOPTS split-rrsig soa @10.53.0.7 > dig.out.test$n || ret=1
awk 'BEGIN { ok=0; } $4 == "SOA" { if ($7 > 1) ok=1; } END { if (!ok) exit(1); }' dig.out.test$n || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:exit status: $status"
exit $status
......@@ -6367,6 +6367,19 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, rbtdb_version_t *rbtversion,
*/
newheader->down = NULL;
free_rdataset(rbtdb, rbtdb->common.mctx, header);
idx = newheader->node->locknum;
if (IS_CACHE(rbtdb)) {
ISC_LIST_PREPEND(rbtdb->rdatasets[idx],
newheader, link);
INSIST(rbtdb->heaps != NULL);
(void)isc_heap_insert(rbtdb->heaps[idx],
newheader);
} else if (RESIGN(newheader)) {
result = resign_insert(rbtdb, idx, newheader);
if (result != ISC_R_SUCCESS)
return (result);
}
} else {
newheader->down = topheader;
topheader->next = newheader;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment