mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 22:15:20 +00:00
Code Issues Releases Wiki Activity

Teach dnssec-settime to read times that it writes

Browse Source 
The dnssec-settime -p and -up options print times in asctime() and
UNIX time_t formats, respectively. The asctime() format can also be
found inside K*.key public key files. Key files also contain times in
the YYYYMMDDHHMMSS format that can be used in timing parameter
options.

The dnssec-settime -p and -up time formats are now acceptable in
timing parameter options to dnssec-settime and dnssec-keygen, so it is
no longer necessary to parse key files to retrieve times that are
acceptable in timing parameter options.
This commit is contained in:
Tony Finch
2019-04-29 13:56:05 +01:00
committed by Ondřej Surý
parent 745d9db746
commit c38a323082
6 changed files with 92 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
bin/dnssec/dnssec-keygen.rst
View File

@@ -221,14 +221,21 @@ Options
Timing Options Timing Options
~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS
argument begins with a ``+`` or ``-``, it is interpreted as an offset from (which is the format used inside key files),
the present time. For convenience, if such an offset is followed by one or 'Day Mon DD HH:MM:SS YYYY' (as printed by ``dnssec-settime -p``),
of the suffixes ``y``, ``mo``, ``w``, ``d``, ``h``, or ``mi``, then the offset is or UNIX epoch time (as printed by ``dnssec-settime -up``),
computed in years (defined as 365 24-hour days, ignoring leap years), or the literal ``now``.
months (defined as 30 24-hour days), weeks, days, hours, or minutes,
respectively. Without a suffix, the offset is computed in seconds. To The argument can be followed by '+' or '-' and an offset from the
explicitly prevent a date from being set, use ``none`` or ``never``. given time. The literal ``now`` can be omitted before an offset. The
offset can be followed by one of the suffixes 'y', 'mo', 'w', 'd',
'h', or 'mi', so that it is computed in years (defined as 365 24-hour
days, ignoring leap years), months (defined as 30 24-hour days),
weeks, days, hours, or minutes, respectively. Without a suffix, the
offset is computed in seconds.
To unset a date, use ``none`` or ``never``.
.. option:: -P date/offset .. option:: -P date/offset

23
bin/dnssec/dnssec-settime.rst
View File

@@ -108,14 +108,21 @@ Options
Timing Options Timing Options
~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS
argument begins with a ``+`` or ``-``, it is interpreted as an offset from (which is the format used inside key files),
the present time. For convenience, if such an offset is followed by one or 'Day Mon DD HH:MM:SS YYYY' (as printed by ``dnssec-settime -p``),
of the suffixes ``y``, ``mo``, ``w``, ``d``, ``h``, or ``mi``, then the offset is or UNIX epoch time (as printed by ``dnssec-settime -up``),
computed in years (defined as 365 24-hour days, ignoring leap years), or the literal ``now``.
months (defined as 30 24-hour days), weeks, days, hours, or minutes,
respectively. Without a suffix, the offset is computed in seconds. To The argument can be followed by '+' or '-' and an offset from the
explicitly prevent a date from being set, use ``none`` or ``never``. given time. The literal ``now`` can be omitted before an offset. The
offset can be followed by one of the suffixes 'y', 'mo', 'w', 'd',
'h', or 'mi', so that it is computed in years (defined as 365 24-hour
days, ignoring leap years), months (defined as 30 24-hour days),
weeks, days, hours, or minutes, respectively. Without a suffix, the
offset is computed in seconds.
To unset a date, use ``none`` or ``never``.
.. option:: -P date/offset .. option:: -P date/offset

16
bin/dnssec/dnssectool.c
View File

@@ -33,6 +33,7 @@
#include <isc/result.h> #include <isc/result.h>
#include <isc/string.h> #include <isc/string.h>
#include <isc/time.h> #include <isc/time.h>
#include <isc/tm.h>
#include <isc/util.h> #include <isc/util.h>
#include <dns/db.h> #include <dns/db.h>
@@ -285,6 +286,7 @@ strtotime(const char *str, int64_t now, int64_t base, bool *setp) {
const char *orig = str; const char *orig = str;
char *endp; char *endp;
size_t n; size_t n;
struct tm tm;
if (isnone(str)) { if (isnone(str)) {
if (setp != NULL) { if (setp != NULL) {
@@ -306,6 +308,8 @@ strtotime(const char *str, int64_t now, int64_t base, bool *setp) {
* now([+-]offset) * now([+-]offset)
* YYYYMMDD([+-]offset) * YYYYMMDD([+-]offset)
* YYYYMMDDhhmmss([+-]offset) * YYYYMMDDhhmmss([+-]offset)
* Day Mon DD HH:MM:SS YYYY([+-]offset)
* 1234567890([+-]offset)
* [+-]offset * [+-]offset
*/ */
n = strspn(str, "0123456789"); n = strspn(str, "0123456789");
@@ -325,9 +329,21 @@ strtotime(const char *str, int64_t now, int64_t base, bool *setp) {
} }
base = val; base = val;
str += n; str += n;
} else if (n == 10u &&
(str[n] == '\0' || str[n] == '-' || str[n] == '+')) {
base = strtoll(str, &endp, 0);
str += 10;
} else if (strncmp(str, "now", 3) == 0) { } else if (strncmp(str, "now", 3) == 0) {
base = now; base = now;
str += 3; str += 3;
} else if (str[0] >= 'A' && str[0] <= 'Z') {
/* parse ctime() format as written by `dnssec-settime -p` */
endp = isc_tm_strptime(str, "%a %b %d %H:%M:%S %Y", &tm);
if (endp != str + 24) {
fatal("time value %s is invalid", orig);
}
base = mktime(&tm);
str += 24;
} }
if (str[0] == '\0') { if (str[0] == '\0') {

16
bin/tests/system/metadata/tests.sh
View File

@@ -208,5 +208,21 @@ n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret` status=`expr $status + $ret`
key=`$KEYGEN -q -a RSASHA1 $czone`
echo_i "checking -p output time is accepted ($n)"
t=`$SETTIME -pA $key | sed 's/.*: //'`
$SETTIME -Psync "$t" $key > /dev/null 2>&1 || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
echo_i "checking -up output time is accepted ($n)"
t=`$SETTIME -upA $key | sed 's/.*: //'`
$SETTIME -Dsync "$t" $key > /dev/null 2>&1 || ret=1
n=`expr $n + 1`
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
echo_i "exit status: $status" echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1 [ $status -eq 0 ] || exit 1

23
doc/man/dnssec-keygen.1in
View File

@@ -250,14 +250,21 @@ This option sets the debugging level.
.UNINDENT .UNINDENT
.SH TIMING OPTIONS .SH TIMING OPTIONS
.sp .sp
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS
argument begins with a \fB+\fP or \fB\-\fP, it is interpreted as an offset from (which is the format used inside key files),
the present time. For convenience, if such an offset is followed by one or \(aqDay Mon DD HH:MM:SS YYYY\(aq (as printed by \fBdnssec\-settime \-p\fP),
of the suffixes \fBy\fP, \fBmo\fP, \fBw\fP, \fBd\fP, \fBh\fP, or \fBmi\fP, then the offset is or UNIX epoch time (as printed by \fBdnssec\-settime \-up\fP),
computed in years (defined as 365 24\-hour days, ignoring leap years), or the literal \fBnow\fP\&.
months (defined as 30 24\-hour days), weeks, days, hours, or minutes, .sp
respectively. Without a suffix, the offset is computed in seconds. To The argument can be followed by \(aq+\(aq or \(aq\-\(aq and an offset from the
explicitly prevent a date from being set, use \fBnone\fP or \fBnever\fP\&. given time. The literal \fBnow\fP can be omitted before an offset. The
offset can be followed by one of the suffixes \(aqy\(aq, \(aqmo\(aq, \(aqw\(aq, \(aqd\(aq,
\(aqh\(aq, or \(aqmi\(aq, so that it is computed in years (defined as 365 24\-hour
days, ignoring leap years), months (defined as 30 24\-hour days),
weeks, days, hours, or minutes, respectively. Without a suffix, the
offset is computed in seconds.
.sp
To unset a date, use \fBnone\fP or \fBnever\fP\&.
.INDENT 0.0 .INDENT 0.0
.TP .TP
.B \-P date/offset .B \-P date/offset

23
doc/man/dnssec-settime.1in
View File

@@ -120,14 +120,21 @@ hardware service module (usually \fBpkcs11\fP).
.UNINDENT .UNINDENT
.SH TIMING OPTIONS .SH TIMING OPTIONS
.sp .sp
Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS. If the Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS
argument begins with a \fB+\fP or \fB\-\fP, it is interpreted as an offset from (which is the format used inside key files),
the present time. For convenience, if such an offset is followed by one or \(aqDay Mon DD HH:MM:SS YYYY\(aq (as printed by \fBdnssec\-settime \-p\fP),
of the suffixes \fBy\fP, \fBmo\fP, \fBw\fP, \fBd\fP, \fBh\fP, or \fBmi\fP, then the offset is or UNIX epoch time (as printed by \fBdnssec\-settime \-up\fP),
computed in years (defined as 365 24\-hour days, ignoring leap years), or the literal \fBnow\fP\&.
months (defined as 30 24\-hour days), weeks, days, hours, or minutes, .sp
respectively. Without a suffix, the offset is computed in seconds. To The argument can be followed by \(aq+\(aq or \(aq\-\(aq and an offset from the
explicitly prevent a date from being set, use \fBnone\fP or \fBnever\fP\&. given time. The literal \fBnow\fP can be omitted before an offset. The
offset can be followed by one of the suffixes \(aqy\(aq, \(aqmo\(aq, \(aqw\(aq, \(aqd\(aq,
\(aqh\(aq, or \(aqmi\(aq, so that it is computed in years (defined as 365 24\-hour
days, ignoring leap years), months (defined as 30 24\-hour days),
weeks, days, hours, or minutes, respectively. Without a suffix, the
offset is computed in seconds.
.sp
To unset a date, use \fBnone\fP or \fBnever\fP\&.
.INDENT 0.0 .INDENT 0.0
.TP .TP
.B \-P date/offset .B \-P date/offset