Merge branch '2756-rndc-multiple-algorithm' into 'main'

allow multiple key algorithms in the same control listener

Closes #2756

See merge request isc-projects/bind9!5153

CHANGES

@@ -1,3 +1,7 @@
+5672.	[bug]		Authentication of rndc messages could fail if a
+			"controls" statement was configured with multiple
+			key algorithms in the same listener. [GL #2756]
+
 5671.	[bug]		Fix a race condition where two threads are competing for
 			the same set of key file locks, that could lead to a
 			deadlock. This has been fixed. [GL #2786]

bin/named/controlconf.c

@@ -445,10 +445,6 @@ control_recvmessage(isc_nmhandle_t *handle, isc_result_t result, void *arg) {
 		}
 		isc_mem_put(listener->mctx, conn->secret.rstart,
 			    REGION_SIZE(conn->secret));
-		if (result != ISCCC_R_BADAUTH) {
-			log_invalid(&conn->ccmsg, result);
-			goto cleanup;
-		}
 	}
 
 	if (key == NULL) {

bin/tests/system/rndc/setup.sh

@@ -45,3 +45,12 @@ make_key 3 ${EXTRAPORT3} hmac-sha224
 make_key 4 ${EXTRAPORT4} hmac-sha256
 make_key 5 ${EXTRAPORT5} hmac-sha384
 make_key 6 ${EXTRAPORT6} hmac-sha512
+
+cat >> ns4/named.conf <<- EOF
+
+controls {
+	inet 10.53.0.4 port ${EXTRAPORT7}
+		allow { any; } keys { "key1"; "key2"; "key3";
+                                      "key4"; "key5"; "key6"; };
+};
+EOF

bin/tests/system/rndc/tests.sh

@@ -412,6 +412,16 @@ done
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))
 
+n=$((n+1))
+echo_i "testing single control channel with multiple algorithms ($n)"
+ret=0
+for i in 1 2 3 4 5 6
+do
+        $RNDC -s 10.53.0.4 -p ${EXTRAPORT7} -c ns4/key${i}.conf status > /dev/null 2>&1 || ret=1
+done
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
 n=$((n+1))
 echo_i "testing automatic zones are reported ($n)"
 ret=0