Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
BIND
Commits
ff6de396
Commit
ff6de396
authored
Jan 10, 2014
by
Mark Andrews
Browse files
3701. [func] named-checkconf can now suppress the printing of
shared secrets by specifying '-x'. [RT #34465]
parent
57a46f4b
Changes
10
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
ff6de396
3701. [func] named-checkconf can now suppress the printing of
shared secrets by specifying '-x'. [RT #34465]
3700. [func] Allow access to subgroups of XML statistics via
special URLs http://<server>:<port>/xml/v3/server,
/zones, /net, /tasks, /mem, and /status. [RT #35115]
...
...
bin/check/named-checkconf.c
View file @
ff6de396
...
...
@@ -482,10 +482,11 @@ main(int argc, char **argv) {
isc_entropy_t
*
ectx
=
NULL
;
isc_boolean_t
load_zones
=
ISC_FALSE
;
isc_boolean_t
print
=
ISC_FALSE
;
unsigned
int
flags
=
0
;
isc_commandline_errprint
=
ISC_FALSE
;
while
((
c
=
isc_commandline_parse
(
argc
,
argv
,
"dhjt:pvz"
))
!=
EOF
)
{
while
((
c
=
isc_commandline_parse
(
argc
,
argv
,
"dhjt:pv
x
z"
))
!=
EOF
)
{
switch
(
c
)
{
case
'd'
:
debug
++
;
...
...
@@ -512,6 +513,10 @@ main(int argc, char **argv) {
printf
(
VERSION
"
\n
"
);
exit
(
0
);
case
'x'
:
flags
|=
CFG_PRINTER_XKEY
;
break
;
case
'z'
:
load_zones
=
ISC_TRUE
;
docheckmx
=
ISC_FALSE
;
...
...
@@ -534,6 +539,11 @@ main(int argc, char **argv) {
}
}
if
(((
flags
&
CFG_PRINTER_XKEY
)
!=
0
)
&&
!
print
)
{
fprintf
(
stderr
,
"%s: -x cannot be used without -p
\n
"
,
program
);
exit
(
1
);
}
if
(
isc_commandline_index
+
1
<
argc
)
usage
();
if
(
argv
[
isc_commandline_index
]
!=
NULL
)
...
...
@@ -574,7 +584,7 @@ main(int argc, char **argv) {
}
if
(
print
&&
exit_status
==
0
)
cfg_print
(
config
,
output
,
NULL
);
cfg_print
x
(
config
,
flags
,
output
,
NULL
);
cfg_obj_destroy
(
parser
,
&
config
);
cfg_parser_destroy
(
&
parser
);
...
...
bin/check/named-checkconf.docbook
View file @
ff6de396
...
...
@@ -60,6 +60,7 @@
<arg><option>
-t
<replaceable
class=
"parameter"
>
directory
</replaceable></option></arg>
<arg
choice=
"req"
>
filename
</arg>
<arg><option>
-p
</option></arg>
<arg><option>
-x
</option></arg>
<arg><option>
-z
</option></arg>
</cmdsynopsis>
</refsynopsisdiv>
...
...
@@ -129,6 +130,21 @@
</listitem>
</varlistentry>
<varlistentry>
<term>
-x
</term>
<listitem>
<para>
When printing the configuration files in canonical
form, obscure shared secrets by replacing them with
strings of question marks ('?'). This allows the
contents of
<filename>
named.conf
</filename>
and related
files to be shared
—
for example, when submitting
bug reports
—
without compromising private data.
This option cannot be used without
<option>
-p
</option>
.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>
-z
</term>
<listitem>
...
...
bin/tests/system/checkconf/good.conf
View file @
ff6de396
...
...
@@ -126,3 +126,7 @@ view "third" {
};
};
};
key
"mykey"
{
algorithm
"hmac-md5"
;
secret
"qwertyuiopasdfgh"
;
};
bin/tests/system/checkconf/tests.sh
View file @
ff6de396
...
...
@@ -34,6 +34,16 @@ cmp good.conf.in good.conf.out || ret=1
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
echo
"I: checking that named-checkconf -x removes secrets"
ret
=
0
# ensure there is a secret and that it is not the check string.
grep
'secret "'
good.conf.in
>
/dev/null
||
ret
=
1
grep
'secret "????????????????"'
good.conf.in
>
/dev/null 2>&1
&&
ret
=
1
$CHECKCONF
-p
-x
good.conf.in |
grep
-v
'^good.conf.in:'
>
good.conf.out 2>&1
||
ret
=
1
grep
'secret "????????????????"'
good.conf.out
>
/dev/null 2>&1
||
ret
=
1
if
[
$ret
!=
0
]
;
then
echo
"I:failed"
;
fi
status
=
`
expr
$status
+
$ret
`
for
bad
in
bad
*
.conf
do
ret
=
0
...
...
lib/isccfg/include/isccfg/cfg.h
View file @
ff6de396
...
...
@@ -406,10 +406,20 @@ void
cfg_print
(
const
cfg_obj_t
*
obj
,
void
(
*
f
)(
void
*
closure
,
const
char
*
text
,
int
textlen
),
void
*
closure
);
void
cfg_printx
(
const
cfg_obj_t
*
obj
,
unsigned
int
flags
,
void
(
*
f
)(
void
*
closure
,
const
char
*
text
,
int
textlen
),
void
*
closure
);
#define CFG_PRINTER_XKEY 0x1
/* '?' out shared keys. */
/*%<
* Print the configuration object 'obj' by repeatedly calling the
* function 'f', passing 'closure' and a region of text starting
* at 'text' and comprising 'textlen' characters.
*
* If CFG_PRINTER_XKEY the contents of shared keys will be obscured
* by replacing them with question marks ('?')
*/
void
...
...
lib/isccfg/include/isccfg/grammar.h
View file @
ff6de396
...
...
@@ -86,6 +86,7 @@ struct cfg_printer {
void
(
*
f
)(
void
*
closure
,
const
char
*
text
,
int
textlen
);
void
*
closure
;
int
indent
;
int
flags
;
};
/*% A clause definition. */
...
...
@@ -271,6 +272,7 @@ LIBISCCFG_EXTERNAL_DATA extern cfg_type_t cfg_type_uint64;
LIBISCCFG_EXTERNAL_DATA
extern
cfg_type_t
cfg_type_qstring
;
LIBISCCFG_EXTERNAL_DATA
extern
cfg_type_t
cfg_type_astring
;
LIBISCCFG_EXTERNAL_DATA
extern
cfg_type_t
cfg_type_ustring
;
LIBISCCFG_EXTERNAL_DATA
extern
cfg_type_t
cfg_type_sstring
;
LIBISCCFG_EXTERNAL_DATA
extern
cfg_type_t
cfg_type_sockaddr
;
LIBISCCFG_EXTERNAL_DATA
extern
cfg_type_t
cfg_type_sockaddrdscp
;
LIBISCCFG_EXTERNAL_DATA
extern
cfg_type_t
cfg_type_netaddr
;
...
...
@@ -319,6 +321,9 @@ cfg_print_ustring(cfg_printer_t *pctx, const cfg_obj_t *obj);
isc_result_t
cfg_parse_astring
(
cfg_parser_t
*
pctx
,
const
cfg_type_t
*
type
,
cfg_obj_t
**
ret
);
isc_result_t
cfg_parse_sstring
(
cfg_parser_t
*
pctx
,
const
cfg_type_t
*
type
,
cfg_obj_t
**
ret
);
isc_result_t
cfg_parse_rawaddr
(
cfg_parser_t
*
pctx
,
unsigned
int
flags
,
isc_netaddr_t
*
na
);
...
...
lib/isccfg/namedconf.c
View file @
ff6de396
...
...
@@ -1773,7 +1773,7 @@ static cfg_type_t cfg_type_dynamically_loadable_zones_opts = {
static
cfg_clausedef_t
key_clauses
[]
=
{
{
"algorithm"
,
&
cfg_type_astring
,
0
},
{
"secret"
,
&
cfg_type_
a
string
,
0
},
{
"secret"
,
&
cfg_type_
s
string
,
0
},
{
NULL
,
NULL
,
0
}
};
...
...
lib/isccfg/parser.c
View file @
ff6de396
...
...
@@ -182,15 +182,23 @@ void
cfg_print
(
const
cfg_obj_t
*
obj
,
void
(
*
f
)(
void
*
closure
,
const
char
*
text
,
int
textlen
),
void
*
closure
)
{
cfg_printx
(
obj
,
0
,
f
,
closure
);
}
void
cfg_printx
(
const
cfg_obj_t
*
obj
,
unsigned
int
flags
,
void
(
*
f
)(
void
*
closure
,
const
char
*
text
,
int
textlen
),
void
*
closure
)
{
cfg_printer_t
pctx
;
pctx
.
f
=
f
;
pctx
.
closure
=
closure
;
pctx
.
indent
=
0
;
pctx
.
flags
=
flags
;
obj
->
type
->
print
(
&
pctx
,
obj
);
}
/* Tuples. */
isc_result_t
...
...
@@ -762,6 +770,22 @@ cfg_parse_astring(cfg_parser_t *pctx, const cfg_type_t *type,
return
(
result
);
}
isc_result_t
cfg_parse_sstring
(
cfg_parser_t
*
pctx
,
const
cfg_type_t
*
type
,
cfg_obj_t
**
ret
)
{
isc_result_t
result
;
UNUSED
(
type
);
CHECK
(
cfg_getstringtoken
(
pctx
));
return
(
create_string
(
pctx
,
TOKEN_STRING
(
pctx
),
&
cfg_type_sstring
,
ret
));
cleanup:
return
(
result
);
}
isc_boolean_t
cfg_is_enum
(
const
char
*
s
,
const
char
*
const
*
enums
)
{
const
char
*
const
*
p
;
...
...
@@ -818,6 +842,18 @@ print_qstring(cfg_printer_t *pctx, const cfg_obj_t *obj) {
cfg_print_chars
(
pctx
,
"
\"
"
,
1
);
}
static
void
print_sstring
(
cfg_printer_t
*
pctx
,
const
cfg_obj_t
*
obj
)
{
cfg_print_chars
(
pctx
,
"
\"
"
,
1
);
if
((
pctx
->
flags
&
CFG_PRINTER_XKEY
)
!=
0
)
{
unsigned
int
len
=
obj
->
value
.
string
.
length
;
while
(
len
--
>
0
)
cfg_print_chars
(
pctx
,
"?"
,
1
);
}
else
cfg_print_ustring
(
pctx
,
obj
);
cfg_print_chars
(
pctx
,
"
\"
"
,
1
);
}
static
void
free_string
(
cfg_parser_t
*
pctx
,
cfg_obj_t
*
obj
)
{
isc_mem_put
(
pctx
->
mctx
,
obj
->
value
.
string
.
base
,
...
...
@@ -854,6 +890,15 @@ cfg_type_t cfg_type_astring = {
&
cfg_rep_string
,
NULL
};
/*
* Any string (quoted or unquoted); printed with quotes.
* If CFG_PRINTER_XKEY is set when printing the string will be '?' out.
*/
cfg_type_t
cfg_type_sstring
=
{
"string"
,
cfg_parse_sstring
,
print_sstring
,
cfg_doc_terminal
,
&
cfg_rep_string
,
NULL
};
/*
* Booleans
*/
...
...
@@ -2555,5 +2600,6 @@ cfg_print_grammar(const cfg_type_t *type,
pctx
.
f
=
f
;
pctx
.
closure
=
closure
;
pctx
.
indent
=
0
;
pctx
.
flags
=
0
;
cfg_doc_obj
(
&
pctx
,
type
);
}
lib/isccfg/win32/libisccfg.def
View file @
ff6de396
...
...
@@ -44,6 +44,7 @@ cfg_parser_create
cfg_parser_destroy
cfg_parser_setcallback
cfg_print
cfg_printx
cfg_tuple_get
; Exported Data
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment