Commit 9069215e authored by Evan Hunt's avatar Evan Hunt
Browse files

2641. [bug] Fixed an error in parsing update-policy syntax,

			added a regression test to check it. [RT #20007]
parent 95f36ad2
--- 9.7.0a2 released ---
2641. [bug] Fixed an error in parsing update-policy syntax,
added a regression test to check it. [RT #20007]
2640. [security] A specially crafted update packet will cause named
to exit. [RT #20000]
......
......@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: ddns-confgen.c,v 1.7 2009/07/02 22:50:24 jinmei Exp $ */
/* $Id: ddns-confgen.c,v 1.8 2009/07/29 17:52:00 each Exp $ */
/*! \file */
......@@ -234,13 +234,14 @@ update-policy {\n\
};\n",
keyname);
}
}
printf("\n\
printf("\n\
# After the keyfile has been placed, the following command will\n\
# execute nsupdate using this key:\n\
nsupdate -k <keyfile>\n");
}
if (keybuf != NULL)
isc_mem_put(mctx, keybuf, len);
......
......@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: conf.sh.in,v 1.39 2008/01/10 23:47:01 tbox Exp $
# $Id: conf.sh.in,v 1.40 2009/07/29 17:52:00 each Exp $
#
# Common configuration data for system tests, to be sourced into
......@@ -35,6 +35,7 @@ LWRESD="$TOP/bin/named/named -l"
DIG=$TOP/bin/dig/dig
RNDC=$TOP/bin/rndc/rndc
NSUPDATE=$TOP/bin/nsupdate/nsupdate
DDNSCONFGEN=$TOP/bin/confgen/ddns-confgen
KEYGEN=$TOP/bin/dnssec/dnssec-keygen
SIGNER=$TOP/bin/dnssec/dnssec-signzone
CHECKZONE=$TOP/bin/check/named-checkzone
......
......@@ -15,14 +15,14 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: clean.sh,v 1.12 2007/09/26 03:22:44 marka Exp $
# $Id: clean.sh,v 1.13 2009/07/29 17:52:00 each Exp $
#
# Clean up after zone transfer tests.
#
rm -f dig.out.ns1 dig.out.ns2 dig.out.ns1.after ns1/*.jnl ns2/*.jnl \
ns1/example.db ns1/update.db
ns1/example.db ns1/update.db ns1/other.db
rm -f ns2/example.bk
rm -f ns2/update.bk
rm -f */named.memstats
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named.conf,v 1.17 2007/06/19 23:47:04 tbox Exp $ */
/* $Id: named.conf,v 1.18 2009/07/29 17:52:00 each Exp $ */
controls { /* empty */ };
......@@ -25,7 +25,8 @@ options {
transfer-source 10.53.0.1;
port 5300;
pid-file "named.pid";
listen-on { 10.53.0.1; };
session-keyfile "session.key";
listen-on { 10.53.0.1; 127.0.0.1; };
listen-on-v6 { none; };
recursion no;
notify yes;
......@@ -40,11 +41,24 @@ controls {
inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; };
};
include "ddns.key";
zone "example.nil" {
type master;
file "example.db";
check-integrity no;
allow-update { any; };
update-policy {
grant ddns-key.example.nil subdomain example.nil ANY;
};
allow-transfer { any; };
};
zone "other.nil" {
type master;
file "other.db";
check-integrity no;
update-policy local;
allow-query-on { 127.0.0.1; };
allow-transfer { any; };
};
......
......@@ -15,7 +15,10 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: setup.sh,v 1.10 2007/06/19 23:47:04 tbox Exp $
# $Id: setup.sh,v 1.11 2009/07/29 17:52:00 each Exp $
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
#
# jnl and database files MUST be removed before we start
......@@ -24,6 +27,7 @@
rm -f ns1/*.jnl ns1/example.db ns2/*.jnl ns2/example.bk
cp -f ns1/example1.db ns1/example.db
sed 's/example.nil/other.nil/g' ns1/example1.db > ns1/other.db
# update_test.pl has its own zone file because it
# requires a specific NS record set.
......@@ -40,3 +44,5 @@ update.nil IN SOA ns1.example.nil. hostmaster.example.nil. (
update.nil. NS ns1.update.nil.
ns1.update.nil. A 10.53.0.2
EOF
$DDNSCONFGEN -q -z example.nil > ns1/ddns.key
......@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.25 2007/06/19 23:47:04 tbox Exp $
# $Id: tests.sh,v 1.26 2009/07/29 17:52:00 each Exp $
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
......@@ -28,7 +28,7 @@ $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
echo "I:fetching second copy of zone before update"
$DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
@10.53.0.1 axfr -p 5300 > dig.out.ns2 || status=1
@10.53.0.2 axfr -p 5300 > dig.out.ns2 || status=1
echo "I:comparing pre-update copies to known good data"
$PERL ../digcomp.pl knowngood.ns1.before dig.out.ns1 || status=1
......@@ -36,7 +36,7 @@ $PERL ../digcomp.pl knowngood.ns1.before dig.out.ns2 || status=1
echo "I:updating zone"
# nsupdate will print a ">" prompt to stdout as it gets each input line.
$NSUPDATE <<END > /dev/null || status=1
$NSUPDATE -k ns1/ddns.key <<END > /dev/null || status=1
server 10.53.0.1 5300
update add updated.example.nil. 600 A 10.10.10.1
update add updated.example.nil. 600 TXT Foo
......@@ -58,6 +58,28 @@ echo "I:comparing post-update copies to known good data"
$PERL ../digcomp.pl knowngood.ns1.after dig.out.ns1 || status=1
$PERL ../digcomp.pl knowngood.ns1.after dig.out.ns2 || status=1
echo "I:testing local update policy"
pre=`$DIG +short new.other.nil. @10.53.0.1 a -p 5300` || status=1
[ -z "$pre" ] || status=1
echo "I:updating zone"
# nsupdate will print a ">" prompt to stdout as it gets each input line.
$NSUPDATE -l -p 5300 -k ns1/session.key > /dev/null <<END || status=1
zone other.nil.
update add new.other.nil. 600 IN A 10.10.10.1
send
END
echo "I:sleeping 5 seconds for server to incorporate changes"
sleep 5
echo "I:checking result of update"
post=`$DIG +short new.other.nil. @10.53.0.1 a -p 5300` || status=1
[ "$post" = "10.10.10.1" ] || status=1
echo "I:comparing post-update copy to known good data"
$PERL ../digcomp.pl knowngood.ns1.after dig.out.ns1 || status=1
if $PERL -e 'use Net::DNS;' 2>/dev/null
then
echo "I:running update.pl test"
......@@ -103,7 +125,7 @@ $PERL ../digcomp.pl dig.out.ns1 dig.out.ns1.after || status=1
echo "I:begin RT #482 regression test"
echo "I:update master"
$NSUPDATE <<END > /dev/null || status=1
$NSUPDATE -k ns1/ddns.key <<END > /dev/null || status=1
server 10.53.0.1 5300
update add updated2.example.nil. 600 A 10.10.10.2
update add updated2.example.nil. 600 TXT Bar
......@@ -119,7 +141,7 @@ kill -HUP `cat ns2/named.pid`
sleep 5
echo "I:update master again"
$NSUPDATE <<END > /dev/null || status=1
$NSUPDATE -k ns1/ddns.key <<END > /dev/null || status=1
server 10.53.0.1 5300
update add updated3.example.nil. 600 A 10.10.10.3
update add updated3.example.nil. 600 TXT Zap
......@@ -142,7 +164,7 @@ fi
echo "I:end RT #482 regression test"
echo "I:testing that rndc stop updates the master file"
$NSUPDATE <<END > /dev/null || status=1
$NSUPDATE -k ns1/ddns.key <<END > /dev/null || status=1
server 10.53.0.1 5300
update add updated4.example.nil. 600 A 10.10.10.3
send
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: namedconf.c,v 1.102 2009/07/14 22:54:57 each Exp $ */
/* $Id: namedconf.c,v 1.103 2009/07/29 17:52:00 each Exp $ */
/*! \file */
......@@ -350,6 +350,7 @@ parse_updatepolicy(cfg_parser_t *pctx, const cfg_type_t *type,
CHECK(cfg_gettoken(pctx, 0));
if (pctx->token.type == isc_tokentype_special &&
pctx->token.value.as_char == '{') {
cfg_ungettoken(pctx);
return (cfg_parse_bracketed_list(pctx, type, ret));
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment