Commit c87f15da authored by Mark Andrews's avatar Mark Andrews
Browse files

2976. [bug] named die on exit after negotiating a GSS-TSIG key. ...

2976.   [bug]           named die on exit after negotiating a GSS-TSIG key.                         [RT #3415]
parent 7fb31920
2976. [bug] named die on exit after negotiating a GSS-TSIG key.
[RT #3415]
2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() aquired the
wrong lock which could lead to server deadlock.
[RT #22614]
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dighost.c,v 1.334 2010/11/16 05:38:30 marka Exp $ */
/* $Id: dighost.c,v 1.335 2010/12/02 23:22:41 marka Exp $ */
/*! \file
* \note
......@@ -252,7 +252,7 @@ isc_result_t opentmpkey(isc_mem_t *mctx, const char *file,
char **tempp, FILE **fp);
isc_result_t removetmpkey(isc_mem_t *mctx, const char *file);
void clean_trustedkey(void);
void insert_trustedkey(dst_key_t * key);
void insert_trustedkey(dst_key_t **key);
#if DIG_SIGCHASE_BU
isc_result_t getneededrr(dns_message_t *msg);
void sigchase_bottom_up(dns_message_t *msg);
......@@ -1135,14 +1135,13 @@ setup_file_key(void) {
goto failure;
}
result = dns_tsigkey_createfromkey(dst_key_name(dstkey), hmacname,
dstkey, ISC_FALSE, NULL, 0, 0,
&dstkey, ISC_FALSE, NULL, 0, 0,
mctx, NULL, &key);
if (result != ISC_R_SUCCESS) {
printf(";; Couldn't create key %s: %s\n",
keynametext, isc_result_totext(result));
goto failure;
}
dstkey = NULL;
failure:
if (dstkey != NULL)
dst_key_free(&dstkey);
......@@ -4053,14 +4052,15 @@ sigchase_scanname(dns_rdatatype_t type, dns_rdatatype_t covers,
}
void
insert_trustedkey(dst_key_t * key)
insert_trustedkey(dst_key_t **keyp)
{
if (key == NULL)
if (*keyp == NULL)
return;
if (tk_list.nb_tk >= MAX_TRUSTED_KEY)
return;
tk_list.key[tk_list.nb_tk++] = key;
tk_list.key[tk_list.nb_tk++] = *keyp;
*keyp = NULL;
return;
}
......@@ -4234,11 +4234,12 @@ get_trusted_key(isc_mem_t *mctx)
fclose(fp);
return (ISC_R_FAILURE);
}
insert_trustedkey(key);
#if 0
dst_key_tofile(key, DST_TYPE_PUBLIC,"/tmp");
#endif
key = NULL;
insert_trustedkey(&key);
if (key != NULL)
dst_key_free(&key);
}
return (ISC_R_SUCCESS);
}
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: server.c,v 1.586 2010/11/16 01:37:36 sar Exp $ */
/* $Id: server.c,v 1.587 2010/12/02 23:22:41 marka Exp $ */
/*! \file */
......@@ -634,6 +634,8 @@ load_view_keys(const cfg_obj_t *keys, const cfg_obj_t *vconfig,
}
cleanup:
if (dstkey != NULL)
dst_key_free(&dstkey);
if (secroots != NULL)
dns_keytable_detach(&secroots);
if (result == DST_R_NOCRYPTO)
......@@ -3565,10 +3567,9 @@ generate_session_key(const char *filename, const char *keynamestr,
/* Store the key in tsigkey. */
isc_stdtime_get(&now);
CHECK(dns_tsigkey_createfromkey(dst_key_name(key), algname, key,
CHECK(dns_tsigkey_createfromkey(dst_key_name(key), algname, &key,
ISC_FALSE, NULL, now, now, mctx, NULL,
&tsigkey));
key = NULL; /* ownership of key has been transferred */
/* Dump the key to the key file. */
fp = ns_os_openfile(filename, S_IRUSR|S_IWUSR, ISC_TRUE);
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: nsupdate.c,v 1.182 2010/08/10 23:48:19 tbox Exp $ */
/* $Id: nsupdate.c,v 1.183 2010/12/02 23:22:41 marka Exp $ */
/*! \file */
......@@ -682,7 +682,7 @@ setup_keyfile(isc_mem_t *mctx, isc_log_t *lctx) {
}
if (hmacname != NULL) {
result = dns_tsigkey_createfromkey(dst_key_name(dstkey),
hmacname, dstkey, ISC_FALSE,
hmacname, &dstkey, ISC_FALSE,
NULL, 0, 0, mctx, NULL,
&tsigkey);
if (result != ISC_R_SUCCESS) {
......
......@@ -14,7 +14,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.2 2010/11/16 01:37:37 sar Exp $
# $Id: tests.sh,v 1.3 2010/12/02 23:22:41 marka Exp $
# Test of allow-query statement.
# allow-query takes an address match list and can be included in either the
......@@ -68,7 +68,7 @@ n=0
n=`expr $n + 1`
echo "I:test $n: default - query allowed"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -82,7 +82,7 @@ sleep 5
echo "I:test $n: explicit any - query allowed"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -96,7 +96,7 @@ sleep 5
echo "I:test $n: none - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -110,7 +110,7 @@ sleep 5
echo "I:test $n: address allowed - query allowed"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -124,7 +124,7 @@ sleep 5
echo "I:test $n: address not allowed - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -138,7 +138,7 @@ sleep 5
echo "I:test $n: address disallowed - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -152,7 +152,7 @@ sleep 5
echo "I:test $n: acl allowed - query allowed"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -166,7 +166,7 @@ sleep 5
echo "I:test $n: acl not allowed - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -181,7 +181,7 @@ sleep 5
echo "I:test $n: acl disallowed - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -195,7 +195,7 @@ sleep 5
echo "I:test $n: key allowed - query allowed"
ret=0
$DIG $DIGOPTS @10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -209,7 +209,7 @@ sleep 5
echo "I:test $n: key not allowed - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 -y two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -223,7 +223,7 @@ sleep 5
echo "I:test $n: key disallowed - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -240,7 +240,7 @@ sleep 5
echo "I:test $n: views default - query allowed"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -254,7 +254,7 @@ sleep 5
echo "I:test $n: views explicit any - query allowed"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -268,7 +268,7 @@ sleep 5
echo "I:test $n: views none - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -282,7 +282,7 @@ sleep 5
echo "I:test $n: views address allowed - query allowed"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -296,7 +296,7 @@ sleep 5
echo "I:test $n: views address not allowed - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -310,7 +310,7 @@ sleep 5
echo "I:test $n: views address disallowed - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -324,7 +324,7 @@ sleep 5
echo "I:test $n: views acl allowed - query allowed"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -338,7 +338,7 @@ sleep 5
echo "I:test $n: views acl not allowed - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -352,7 +352,7 @@ sleep 5
echo "I:test $n: views acl disallowed - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -366,7 +366,7 @@ sleep 5
echo "I:test $n: views key allowed - query allowed"
ret=0
$DIG $DIGOPTS @10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -380,7 +380,7 @@ sleep 5
echo "I:test $n: views key not allowed - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 -y two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -394,7 +394,7 @@ sleep 5
echo "I:test $n: views key disallowed - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -408,7 +408,7 @@ sleep 5
echo "I:test $n: views over options, views allow - query allowed"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -422,7 +422,7 @@ sleep 5
echo "I:test $n: views over options, views disallow - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -440,7 +440,7 @@ sleep 5
echo "I:test $n: zone default - query allowed"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -450,7 +450,7 @@ status=`expr $status + $ret`
n=`expr $n + 1`
echo "I:test $n: zone explicit any - query allowed"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.any.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.any.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.any.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -460,7 +460,7 @@ status=`expr $status + $ret`
n=`expr $n + 1`
echo "I:test $n: zone none - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.none.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.none.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.none.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -470,7 +470,7 @@ status=`expr $status + $ret`
n=`expr $n + 1`
echo "I:test $n: zone address allowed - query allowed"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.addrallow.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrallow.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.addrallow.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -480,7 +480,7 @@ status=`expr $status + $ret`
n=`expr $n + 1`
echo "I:test $n: zone address not allowed - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.addrnotallow.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrnotallow.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.addrnotallow.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -490,7 +490,7 @@ status=`expr $status + $ret`
n=`expr $n + 1`
echo "I:test $n: zone address disallowed - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.addrdisallow.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrdisallow.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.addrdisallow.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -500,7 +500,7 @@ status=`expr $status + $ret`
n=`expr $n + 1`
echo "I:test $n: zone acl allowed - query allowed"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.aclallow.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.aclallow.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.aclallow.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -510,7 +510,7 @@ status=`expr $status + $ret`
n=`expr $n + 1`
echo "I:test $n: zone acl not allowed - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.aclnotallow.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.aclnotallow.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.aclnotallow.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -520,7 +520,7 @@ status=`expr $status + $ret`
n=`expr $n + 1`
echo "I:test $n: zone acl disallowed - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.acldisallow.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.acldisallow.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.acldisallow.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -530,7 +530,7 @@ status=`expr $status + $ret`
n=`expr $n + 1`
echo "I:test $n: zone key allowed - query allowed"
ret=0
$DIG $DIGOPTS @10.53.0.2 -y one:1234abcd8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -540,7 +540,7 @@ status=`expr $status + $ret`
n=`expr $n + 1`
echo "I:test $n: zone key not allowed - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 -y two:1234efgh8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -550,7 +550,7 @@ status=`expr $status + $ret`
n=`expr $n + 1`
echo "I:test $n: zone key disallowed - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 -y one:1234abcd8765 a.keydisallow.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.keydisallow.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.keydisallow.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -564,7 +564,7 @@ sleep 5
echo "I:test $n: views over options, views allow - query allowed"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -578,7 +578,7 @@ sleep 5
echo "I:test $n: views over options, views disallow - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -592,7 +592,7 @@ sleep 5
echo "I:test $n: zones over views, views allow - query allowed"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......@@ -606,7 +606,7 @@ sleep 5
echo "I:test $n: zones over views, views disallow - query refused"
ret=0
$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: keydelete.c,v 1.13 2009/07/19 23:47:55 tbox Exp $ */
/* $Id: keydelete.c,v 1.14 2010/12/02 23:22:41 marka Exp $ */
#include <config.h>
......@@ -230,7 +230,7 @@ main(int argc, char **argv) {
CHECK("dst_key_fromnamedfile", result);
result = dns_tsigkey_createfromkey(dst_key_name(dstkey),
DNS_TSIG_HMACMD5_NAME,
dstkey, ISC_TRUE, NULL, 0, 0,
&dstkey, ISC_TRUE, NULL, 0, 0,
mctx, ring, &tsigkey);
CHECK("dns_tsigkey_createfromkey", result);
......
......@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: client.c,v 1.10 2010/05/19 07:09:25 marka Exp $ */
/* $Id: client.c,v 1.11 2010/12/02 23:22:41 marka Exp $ */
#include <config.h>
......@@ -1424,6 +1424,8 @@ dns_client_addtrustedkey(dns_client_t *client, dns_rdataclass_t rdclass,
result = dns_keytable_add(secroots, ISC_FALSE, &dstkey);
cleanup:
if (dstkey != NULL)
dns_key_free(&dstkey);
if (view != NULL)
dns_view_detach(&view);
if (secroots != NULL)
......
......@@ -31,7 +31,7 @@
/*
* Principal Author: Brian Wellington
* $Id: dst_api.c,v 1.51 2010/05/13 03:08:30 marka Exp $
* $Id: dst_api.c,v 1.52 2010/12/02 23:22:42 marka Exp $
*/
/*! \file */
......@@ -544,6 +544,7 @@ dst_key_fromnamedfile(const char *filename, const char *dirname,
*keyp = key;
return (ISC_R_SUCCESS);
out:
if (pubkey != NULL)
dst_key_free(&pubkey);
......
......@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: tsec.h,v 1.3 2009/09/02 23:48:02 tbox Exp $ */
/* $Id: tsec.h,v 1.4 2010/12/02 23:22:42 marka Exp $ */
#ifndef DNS_TSEC_H
#define DNS_TSEC_H 1
......@@ -65,7 +65,7 @@ typedef enum {
} dns_tsectype_t;
isc_result_t
dns_tsec_create(isc_mem_t *mctx, dns_tsectype_t type, dst_key_t *key,
dns_tsec_create(isc_mem_t *mctx, dns_tsectype_t type, dst_key_t **keyp,
dns_tsec_t **tsecp);
/*%<
* Create a TSEC structure and stores a type-dependent key structure in it.
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: tsig.h,v 1.55 2010/07/09 23:46:51 tbox Exp $ */
/* $Id: tsig.h,v 1.56 2010/12/02 23:22:42 marka Exp $ */
#ifndef DNS_TSIG_H
#define DNS_TSIG_H 1
......@@ -103,7 +103,7 @@ dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm,
isc_result_t
dns_tsigkey_createfromkey(dns_name_t *name, dns_name_t *algorithm,
dst_key_t *dstkey, isc_boolean_t generated,
dst_key_t **dstkeyp, isc_boolean_t generated,
dns_name_t *creator, isc_stdtime_t inception,
isc_stdtime_t expire, isc_mem_t *mctx,
dns_tsig_keyring_t *ring, dns_tsigkey_t **key);
......
......@@ -16,7 +16,7 @@
*/
/*
* $Id: tkey.c,v 1.94 2010/07/09 23:46:51 tbox Exp $
* $Id: tkey.c,v 1.95 2010/12/02 23:22:42 marka Exp $
*/
/*! \file */
#include <config.h>
......@@ -417,10 +417,9 @@ process_dhtkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name,
}
static isc_result_t
process_gsstkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name,
dns_rdata_tkey_t *tkeyin, dns_tkeyctx_t *tctx,
dns_rdata_tkey_t *tkeyout,
dns_tsig_keyring_t *ring, dns_namelist_t *namelist)
process_gsstkey(dns_name_t *name, dns_rdata_tkey_t *tkeyin,
dns_tkeyctx_t *tctx, dns_rdata_tkey_t *tkeyout,
dns_tsig_keyring_t *ring)
{
isc_result_t result = ISC_R_SUCCESS;
dst_key_t *dstkey = NULL;
......@@ -431,9 +430,6 @@ process_gsstkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name,
isc_buffer_t *outtoken = NULL;
gss_ctx_id_t gss_ctx = NULL;
UNUSED(namelist);
UNUSED(signer);
if (tctx->gsscred == NULL)
return (ISC_R_NOPERM);
......@@ -483,7 +479,7 @@ process_gsstkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name,
#endif
isc_uint32_t expire;
RETERR(dst_key_fromgssapi(name, gss_ctx, msg->mctx, &dstkey));
RETERR(dst_key_fromgssapi(name, gss_ctx,