Commit f385bac3 authored by Evan Hunt's avatar Evan Hunt
Browse files

3057. [bug] "rndc secroots" would abort after the first error

			and so could miss some views. [RT #23488]
parent 5a742faf
3057. [bug] "rndc secroots" would abort after the first error
and so could miss some views. [RT #23488]
3056. [func] Added support for URI resource record. [RT #23386]
3054. [bug] Added elliptic curve support check in
......
......@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: server.c,v 1.605 2011/03/03 04:42:25 each Exp $ */
/* $Id: server.c,v 1.606 2011/03/03 16:16:43 each Exp $ */
/*! \file */
......@@ -6305,28 +6305,29 @@ ns_server_dumpsecroots(ns_server_t *server, char *args) {
isc_time_formattimestamp(&now, tbuf, sizeof(tbuf));
fprintf(fp, "%s\n", tbuf);
nextview:
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = ISC_LIST_NEXT(view, link))
{
if (ptr != NULL && strcmp(view->name, ptr) != 0)
continue;
if (secroots != NULL)
dns_keytable_detach(&secroots);
result = dns_view_getsecroots(view, &secroots);
if (result == ISC_R_NOTFOUND) {
result = ISC_R_SUCCESS;
continue;
do {
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = ISC_LIST_NEXT(view, link))
{
if (ptr != NULL && strcmp(view->name, ptr) != 0)
continue;
if (secroots != NULL)
dns_keytable_detach(&secroots);
result = dns_view_getsecroots(view, &secroots);
if (result == ISC_R_NOTFOUND) {
result = ISC_R_SUCCESS;
continue;
}
fprintf(fp, "\n Start view %s\n\n", view->name);
result = dns_keytable_dump(secroots, fp);
if (result != ISC_R_SUCCESS)
fprintf(fp, " dumpsecroots failed: %s\n",
isc_result_totext(result));
}
fprintf(fp, "\n Start view %s\n\n", view->name);
CHECK(dns_keytable_dump(secroots, fp));
}
if (ptr != NULL) {
ptr = next_token(&args, " \t");
if (ptr != NULL)
goto nextview;
}
ptr = next_token(&args, " \t");
} while (ptr != NULL);
cleanup:
if (secroots != NULL)
......
......@@ -12,13 +12,13 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: clean.sh,v 1.2 2011/03/01 22:44:04 marka Exp $
# $Id: clean.sh,v 1.3 2011/03/03 16:16:43 each Exp $
rm -f random.data
rm -f ns1/K*
rm -f ns1/*.signed
rm -f ns1/*.db
rm -f ns1/dlv.conf
rm -f ns1/bind.keys
rm -f ns1/*.mkeys.jnl
rm -f ns1/*.mkeys
rm -f */named.run
......@@ -27,3 +27,4 @@ rm -f ns1/dsset-*.
rm -f ns2/*.mkeys
rm -f ns2/*.mkeys.jnl
rm -f dig.out.ns?.test*
rm -f ns2/named.secroots
......@@ -14,7 +14,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: sign.sh,v 1.2 2011/03/01 22:44:04 marka Exp $
# $Id: sign.sh,v 1.3 2011/03/03 16:16:46 each Exp $
SYSTEMTESTTOP=../..
. $SYSTEMTESTTOP/conf.sh
......@@ -25,20 +25,32 @@ zone=dlv.isc.org
infile=dlv.isc.org.db.in
zonefile=dlv.isc.org.db
keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
cat $infile $keyname.key > $zonefile
dlvkey=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
cat $infile $dlvkey.key > $zonefile
$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
cp root.db.in root.db
zone=.
infile=root.db.in
zonefile=root.db
# Configure the resolving server with a trusted key.
rootkey=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
cat $infile $rootkey.key > $zonefile
$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
cat $keyname.key | grep -v '^; ' | $PERL -n -e '
# Create bind.keys file for the use of the resolving server
echo "managed-keys {" > bind.keys
cat $dlvkey.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
"$dn" initial-key $flags $proto $alg "$key";
EOF
' >> bind.keys
cat $rootkey.key | grep -v '^; ' | $PERL -n -e '
local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
local $key = join("", @rest);
print <<EOF
managed-keys {
"$dn" initial-key $flags $proto $alg "$key";
};
EOF
' > dlv.conf
' >> bind.keys
echo "};" >> bind.keys
......@@ -14,7 +14,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: named.conf,v 1.2 2011/03/01 22:44:04 marka Exp $ */
/* $Id: named.conf,v 1.3 2011/03/03 16:16:47 each Exp $ */
// NS2
......@@ -31,10 +31,19 @@ options {
notify no;
dnssec-enable yes;
dnssec-validation yes;
bindkeys-file "../ns1/dlv.conf";
bindkeys-file "../ns1/bind.keys";
dnssec-lookaside "auto";
};
key rndc_key {
secret "1234abcd8765";
algorithm hmac-md5;
};
controls {
inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; };
};
view "in" {
recursion yes;
zone "." {
......@@ -46,3 +55,7 @@ view "in" {
view "ch" ch {
match-clients { 127.0.0.1; };
};
view "unused" {
match-clients { none; };
};
......@@ -12,7 +12,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.2 2011/03/01 22:44:04 marka Exp $
# $Id: tests.sh,v 1.3 2011/03/03 16:16:46 each Exp $
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
......@@ -42,4 +42,18 @@ else
status=1
fi
n=`expr $n + 1`
echo "I:checking that only the DLV key was imported from bind.keys ($n)"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 secroots 2>&1 | sed 's/^/I:ns2 /'
linecount=`grep "\./RSAMD5/.* ; managed" ns2/named.secroots | wc -l`
[ "$linecount" -eq 0 ] || ret=1
linecount=`grep "dlv.isc.org/RSAMD5/.* ; managed" ns2/named.secroots | wc -l`
[ "$linecount" -eq 2 ] || ret=1
linecount=`cat ns2/named.secroots | wc -l`
[ "$linecount" -eq 13 ] || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
exit $status
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment