mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-01 23:25:38 +00:00
Code Issues Releases Wiki Activity

3224. [bug] 'rndc signing' argument parsing was broken. [RT #26684]

Browse Source
This commit is contained in:
Mark Andrews
2011-11-29 00:49:26 +00:00
parent 03e2b1d18d
commit 9bd876a683
4 changed files with 111 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGES
View File

@@ -1,3 +1,5 @@
3224. [bug] 'rndc signing' argument parsing was broken. [RT #26684]
3223. [bug] 'task_test privilege_drop' generated false positives. 3223. [bug] 'task_test privilege_drop' generated false positives.
[RT #26766] [RT #26766]

25
bin/named/server.c
View File

@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: server.c,v 1.630 2011/11/09 18:44:03 each Exp $ */ /* $Id: server.c,v 1.631 2011/11/29 00:49:25 marka Exp $ */
/*! \file */ /*! \file */
@@ -6148,6 +6148,7 @@ ns_server_togglequerylog(ns_server_t *server, char *args) {
ptr = next_token(&args, " \t"); ptr = next_token(&args, " \t");
if (ptr == NULL) if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND); return (ISC_R_UNEXPECTEDEND);
ptr = next_token(&args, " \t"); ptr = next_token(&args, " \t");
if (ptr == NULL) if (ptr == NULL)
value = server->log_queries ? ISC_FALSE : ISC_TRUE; value = server->log_queries ? ISC_FALSE : ISC_TRUE;
@@ -6568,6 +6569,7 @@ ns_server_dumpsecroots(ns_server_t *server, char *args) {
ptr = next_token(&args, " \t"); ptr = next_token(&args, " \t");
if (ptr == NULL) if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND); return (ISC_R_UNEXPECTEDEND);
ptr = next_token(&args, " \t"); ptr = next_token(&args, " \t");
CHECKMF(isc_stdio_open(server->secrootsfile, "w", &fp), CHECKMF(isc_stdio_open(server->secrootsfile, "w", &fp),
@@ -7908,13 +7910,23 @@ ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text) {
dns_rdataset_init(&privset); dns_rdataset_init(&privset);
(void) next_token(&args, " \t"); /* Skip the command name. */
ptr = next_token(&args, " \t"); ptr = next_token(&args, " \t");
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
/* Find out what we are to do. */
ptr = next_token(&args, " \t");
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
if (strcasecmp(ptr, "-list") == 0) if (strcasecmp(ptr, "-list") == 0)
list = ISC_TRUE; list = ISC_TRUE;
else if (strcasecmp(ptr, "-clear") == 0) { else if (strcasecmp(ptr, "-clear") == 0) {
clear = ISC_TRUE; clear = ISC_TRUE;
ptr = next_token(&args, " \t"); ptr = next_token(&args, " \t");
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
memcpy(keystr, ptr, sizeof(keystr)); memcpy(keystr, ptr, sizeof(keystr));
} else if(strcasecmp(ptr, "-nsec3param") == 0) { } else if(strcasecmp(ptr, "-nsec3param") == 0) {
const char *hashstr, *flagstr, *iterstr; const char *hashstr, *flagstr, *iterstr;
@@ -7923,12 +7935,17 @@ ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text) {
chain = ISC_TRUE; chain = ISC_TRUE;
hashstr = next_token(&args, " \t"); hashstr = next_token(&args, " \t");
if (hashstr == NULL)
return (ISC_R_UNEXPECTEDEND);
if (strcasecmp(hashstr, "none") == 0) if (strcasecmp(hashstr, "none") == 0)
hash = 0; hash = 0;
else { else {
flagstr = next_token(&args, " \t"); flagstr = next_token(&args, " \t");
iterstr = next_token(&args, " \t"); iterstr = next_token(&args, " \t");
if (flagstr == NULL || iterstr == NULL)
return (ISC_R_UNEXPECTEDEND);
n = snprintf(nbuf, sizeof(nbuf), "%s %s %s", n = snprintf(nbuf, sizeof(nbuf), "%s %s %s",
hashstr, flagstr, iterstr); hashstr, flagstr, iterstr);
if (n == sizeof(nbuf)) if (n == sizeof(nbuf))
@@ -7939,12 +7956,14 @@ ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text) {
return (ISC_R_BADNUMBER); return (ISC_R_BADNUMBER);
ptr = next_token(&args, " \t"); ptr = next_token(&args, " \t");
if (ptr == NULL)
return (ISC_R_UNEXPECTEDEND);
isc_buffer_init(&buf, salt, sizeof(salt)); isc_buffer_init(&buf, salt, sizeof(salt));
CHECK(isc_hex_decodestring(ptr, &buf)); CHECK(isc_hex_decodestring(ptr, &buf));
saltlen = isc_buffer_usedlength(&buf); saltlen = isc_buffer_usedlength(&buf);
} }
} else } else
CHECK(ISC_R_NOTFOUND); CHECK(DNS_R_SYNTAX);
CHECK(zone_from_args(server, args, &zone, NULL, ISC_FALSE)); CHECK(zone_from_args(server, args, &zone, NULL, ISC_FALSE));
if (zone == NULL) if (zone == NULL)

7
bin/rndc/rndc.c
View File

@@ -15,7 +15,7 @@
* PERFORMANCE OF THIS SOFTWARE. * PERFORMANCE OF THIS SOFTWARE.
*/ */
/* $Id: rndc.c,v 1.138 2011/11/03 23:05:30 each Exp $ */ /* $Id: rndc.c,v 1.139 2011/11/29 00:49:26 marka Exp $ */
/*! \file */ /*! \file */
@@ -169,6 +169,11 @@ command is one of the following:\n\
signing -clear all zone [class [view]]\n\ signing -clear all zone [class [view]]\n\
Remove the private records for all keys that have\n\ Remove the private records for all keys that have\n\
finished signing the given zone.\n\ finished signing the given zone.\n\
signing -nsec3param none zone [class [view]]\n\
Remove NSEC3 chains from zone.\n\
signing -nsec3param hash flags iterations salt zone [class [view]]\n\
Add NSEC3 chain to zone if already signed.\n\
Prime zone with NSEC3 chain if not yet signed.\n\
*restart Restart the server.\n\ *restart Restart the server.\n\
\n\ \n\
* == not yet implemented\n\ * == not yet implemented\n\

82
bin/tests/system/dnssec/tests.sh
View File

@@ -15,7 +15,7 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE. # PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.104 2011/11/07 23:16:31 each Exp $ # $Id: tests.sh,v 1.105 2011/11/29 00:49:26 marka Exp $
SYSTEMTESTTOP=.. SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh . $SYSTEMTESTTOP/conf.sh
@@ -1363,6 +1363,86 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret` status=`expr $status + $ret`
echo "I:check that 'rndc signing' without arguments is handled ($n)"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing > /dev/null 2>&1 && ret=1
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:check that 'rndc signing -list' without zone is handled ($n)"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -list > /dev/null 2>&1 && ret=1
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:check that 'rndc signing -clear' without additional arguments is handled ($n)"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -clear > /dev/null 2>&1 && ret=1
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:check that 'rndc signing -clear all' without zone is handled ($n)"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -clear all > /dev/null 2>&1 && ret=1
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:check that 'rndc signing -nsec3param' without additional arguments is handled ($n)"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -nsec3param > /dev/null 2>&1 && ret=1
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:check that 'rndc signing -nsec3param none' without zone is handled ($n)"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -nsec3param none > /dev/null 2>&1 && ret=1
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:check that 'rndc signing -nsec3param 1' without additional arguments is handled ($n)"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -nsec3param 1 > /dev/null 2>&1 && ret=1
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:check that 'rndc signing -nsec3param 1 0' without additional arguments is handled ($n)"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -nsec3param 1 0 > /dev/null 2>&1 && ret=1
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:check that 'rndc signing -nsec3param 1 0 0' without additional arguments is handled ($n)"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -nsec3param 1 0 0 > /dev/null 2>&1 && ret=1
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:check that 'rndc signing -nsec3param 1 0 0 -' without zone is handled ($n)"
ret=0
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -nsec3param 1 0 0 - > /dev/null 2>&1 && ret=1
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
echo "I:check rndc signing -list output ($n)" echo "I:check rndc signing -list output ($n)"
$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -list dynamic.example 2>&1 > signing.out $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -list dynamic.example 2>&1 > signing.out
grep "No signing records found" signing.out > /dev/null 2>&1 || { grep "No signing records found" signing.out > /dev/null 2>&1 || {