mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-30 22:15:20 +00:00
Fix the tkey system test to allow parallel run
The tkey test was not adapted to dynamic ports, so we had to run it in sequence. This commit adds support for dynamic ports, and also makes all the scripts shellcheck clean.
This commit is contained in:
Ondřej Surý
@@ -37,7 +37,7 @@ export LANG=C
|
||||
# SEQUENTIAL_UNIX in conf.sh.in; those that only run on windows should
|
||||
# be added to SEQUENTIAL_WINDOWS in conf.sh.win32.
|
||||
#
|
||||
SEQUENTIAL_COMMON="tkey"
|
||||
SEQUENTIAL_COMMON=""
|
||||
|
||||
#
|
||||
# These tests can use ports assigned by the caller (other than 5300
|
||||
@@ -70,7 +70,7 @@ PARALLEL_COMMON="dnssec rpzrecurse serve-stale \
|
||||
rrchecker rrl rrsetorder rsabigexponent runtime \
|
||||
sfcache smartsign sortlist \
|
||||
spf staticstub statistics statschannel stub synthfromdnssec \
|
||||
tcp tools tsig tsiggss ttl \
|
||||
tcp tkey tools tsig tsiggss ttl \
|
||||
unknown upforwd verify views wildcard \
|
||||
xfer xferquota zero zonechecks"
|
||||
|
||||
|
||||
@@ -9,10 +9,15 @@
|
||||
# See the COPYRIGHT file distributed with this work for additional
|
||||
# information regarding copyright ownership.
|
||||
|
||||
rm -f dig.out.* rndc.out.* ns1/named.conf
|
||||
rm -f K* ns1/K*
|
||||
rm -f */named.memstats
|
||||
rm -f */named.run
|
||||
rm -f ns1/_default.tsigkeys
|
||||
rm -f ns*/named.lock
|
||||
set -e
|
||||
|
||||
rm -f ./K*
|
||||
rm -f ./dig.out.*
|
||||
rm -f ./rndc.out.*
|
||||
rm -f ns*/K*
|
||||
rm -f ns*/_default.tsigkeys
|
||||
rm -f ns*/managed-keys.bind*
|
||||
rm -f ns*/named.conf
|
||||
rm -f ns*/named.lock
|
||||
rm -f ns*/named.memstats
|
||||
rm -f ns*/named.run
|
||||
|
||||
@@ -52,9 +52,11 @@
|
||||
|
||||
#define RUNCHECK(x) RUNTIME_CHECK((x) == ISC_R_SUCCESS)
|
||||
|
||||
#define PORT 5300
|
||||
#define TIMEOUT 30
|
||||
|
||||
static char *ip_address = NULL;
|
||||
static int port = 0;
|
||||
|
||||
static dst_key_t *ourkey;
|
||||
static isc_mem_t *mctx;
|
||||
static dns_tsigkey_t *tsigkey, *initialkey;
|
||||
@@ -141,10 +143,10 @@ sendquery(isc_task_t *task, isc_event_t *event) {
|
||||
isc_event_free(&event);
|
||||
|
||||
result = ISC_R_FAILURE;
|
||||
if (inet_pton(AF_INET, "10.53.0.1", &inaddr) != 1) {
|
||||
if (inet_pton(AF_INET, ip_address, &inaddr) != 1) {
|
||||
CHECK("inet_pton", result);
|
||||
}
|
||||
isc_sockaddr_fromin(&address, &inaddr, PORT);
|
||||
isc_sockaddr_fromin(&address, &inaddr, port);
|
||||
|
||||
dns_fixedname_init(&keyname);
|
||||
isc_buffer_constinit(&namestr, "tkeytest.", 9);
|
||||
@@ -210,18 +212,16 @@ main(int argc, char *argv[]) {
|
||||
|
||||
RUNCHECK(isc_app_start());
|
||||
|
||||
if (argc < 2) {
|
||||
if (argc < 4) {
|
||||
fprintf(stderr, "I:no DH key provided\n");
|
||||
exit(-1);
|
||||
}
|
||||
if (strcmp(argv[1], "-r") == 0) {
|
||||
fprintf(stderr, "I:the -r option has been deprecated\n");
|
||||
exit(-1);
|
||||
}
|
||||
ourkeyname = argv[1];
|
||||
ip_address = argv[1];
|
||||
port = atoi(argv[2]);
|
||||
ourkeyname = argv[3];
|
||||
|
||||
if (argc >= 3) {
|
||||
ownername_str = argv[2];
|
||||
if (argc >= 5) {
|
||||
ownername_str = argv[4];
|
||||
}
|
||||
|
||||
dns_result_register();
|
||||
|
||||
@@ -51,9 +51,10 @@
|
||||
|
||||
#define RUNCHECK(x) RUNTIME_CHECK((x) == ISC_R_SUCCESS)
|
||||
|
||||
#define PORT 5300
|
||||
#define TIMEOUT 30
|
||||
|
||||
static char *ip_address;
|
||||
static int port;
|
||||
static isc_mem_t *mctx;
|
||||
static dns_tsigkey_t *tsigkey;
|
||||
static dns_tsig_keyring_t *ring;
|
||||
@@ -114,10 +115,10 @@ sendquery(isc_task_t *task, isc_event_t *event) {
|
||||
isc_event_free(&event);
|
||||
|
||||
result = ISC_R_FAILURE;
|
||||
if (inet_pton(AF_INET, "10.53.0.1", &inaddr) != 1) {
|
||||
if (inet_pton(AF_INET, ip_address, &inaddr) != 1) {
|
||||
CHECK("inet_pton", result);
|
||||
}
|
||||
isc_sockaddr_fromin(&address, &inaddr, PORT);
|
||||
isc_sockaddr_fromin(&address, &inaddr, port);
|
||||
|
||||
query = NULL;
|
||||
result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &query);
|
||||
@@ -155,7 +156,7 @@ main(int argc, char **argv) {
|
||||
|
||||
RUNCHECK(isc_app_start());
|
||||
|
||||
if (argc < 2) {
|
||||
if (argc < 4) {
|
||||
fprintf(stderr, "I:no key to delete\n");
|
||||
exit(-1);
|
||||
}
|
||||
@@ -163,7 +164,9 @@ main(int argc, char **argv) {
|
||||
fprintf(stderr, "I:The -r options has been deprecated\n");
|
||||
exit(-1);
|
||||
}
|
||||
keyname = argv[1];
|
||||
ip_address = argv[1];
|
||||
port = atoi(argv[2]);
|
||||
keyname = argv[3];
|
||||
|
||||
dns_result_register();
|
||||
|
||||
|
||||
@@ -15,7 +15,7 @@ options {
|
||||
query-source address 10.53.0.1;
|
||||
notify-source 10.53.0.1;
|
||||
transfer-source 10.53.0.1;
|
||||
port 5300;
|
||||
port @PORT@;
|
||||
pid-file "named.pid";
|
||||
listen-on { 10.53.0.1; };
|
||||
listen-on-v6 { none; };
|
||||
@@ -32,7 +32,7 @@ key rndc_key {
|
||||
};
|
||||
|
||||
controls {
|
||||
inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; };
|
||||
inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; };
|
||||
};
|
||||
|
||||
key "tkeytest." {
|
||||
|
||||
@@ -9,10 +9,10 @@
|
||||
# See the COPYRIGHT file distributed with this work for additional
|
||||
# information regarding copyright ownership.
|
||||
|
||||
SYSTEMTESTTOP=../..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
set -e
|
||||
|
||||
keyname=`$KEYGEN -T KEY -a DH -b 768 -n host server`
|
||||
keyid=$(keyfile_to_key_id $keyname)
|
||||
rm -f named.conf
|
||||
sed -e "s;KEYID;$keyid;" < named.conf.in > named.conf
|
||||
. "$SYSTEMTESTTOP/conf.sh"
|
||||
|
||||
keyname=$($KEYGEN -T KEY -a DH -b 768 -n host server)
|
||||
keyid=$(keyfile_to_key_id "$keyname")
|
||||
sed -i -e "s;KEYID;$keyid;" named.conf
|
||||
|
||||
@@ -9,7 +9,10 @@
|
||||
# See the COPYRIGHT file distributed with this work for additional
|
||||
# information regarding copyright ownership.
|
||||
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
set -e
|
||||
|
||||
. "$SYSTEMTESTTOP/conf.sh"
|
||||
|
||||
copy_setports ns1/named.conf.in ns1/named.conf
|
||||
|
||||
cd ns1 && $SHELL setup.sh
|
||||
|
||||
@@ -9,137 +9,153 @@
|
||||
# See the COPYRIGHT file distributed with this work for additional
|
||||
# information regarding copyright ownership.
|
||||
|
||||
SYSTEMTESTTOP=..
|
||||
. $SYSTEMTESTTOP/conf.sh
|
||||
set -e
|
||||
|
||||
DIGOPTS="@10.53.0.1 -p 5300"
|
||||
. "$SYSTEMTESTTOP/conf.sh"
|
||||
|
||||
dig_with_opts() {
|
||||
"$DIG" @10.53.0.1 -p "$PORT" "$@"
|
||||
}
|
||||
|
||||
status=0
|
||||
n=1
|
||||
|
||||
echo "I:generating new DH key"
|
||||
echo "I:generating new DH key ($n)"
|
||||
ret=0
|
||||
dhkeyname=`$KEYGEN -T KEY -a DH -b 768 -n host client` || ret=1
|
||||
dhkeyname=$($KEYGEN -T KEY -a DH -b 768 -n host client) || ret=1
|
||||
if [ $ret != 0 ]; then
|
||||
echo "I:failed"
|
||||
status=`expr $status + $ret`
|
||||
status=$((status+ret))
|
||||
echo "I:exit status: $status"
|
||||
exit $status
|
||||
fi
|
||||
status=`expr $status + $ret`
|
||||
status=$((status+ret))
|
||||
n=$((n+1))
|
||||
|
||||
for owner in . foo.example.
|
||||
do
|
||||
echo "I:creating new key using owner name \"$owner\""
|
||||
echo "I:creating new key using owner name \"$owner\" ($n)"
|
||||
ret=0
|
||||
keyname=`$KEYCREATE $dhkeyname $owner` || ret=1
|
||||
keyname=$($KEYCREATE 10.53.0.1 "$PORT" "$dhkeyname" $owner) || ret=1
|
||||
if [ $ret != 0 ]; then
|
||||
echo "I:failed"
|
||||
status=`expr $status + $ret`
|
||||
status=$((status+ret))
|
||||
echo "I:exit status: $status"
|
||||
exit $status
|
||||
fi
|
||||
status=`expr $status + $ret`
|
||||
status=$((status+ret))
|
||||
n=$((n+1))
|
||||
|
||||
echo "I:checking the new key"
|
||||
echo "I:checking the new key ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS txt txt.example -k $keyname > dig.out.1 || ret=1
|
||||
grep "status: NOERROR" dig.out.1 > /dev/null || ret=1
|
||||
grep "TSIG.*hmac-md5.*NOERROR" dig.out.1 > /dev/null || ret=1
|
||||
grep "Some TSIG could not be validated" dig.out.1 > /dev/null && ret=1
|
||||
dig_with_opts txt txt.example -k "$keyname" > dig.out.test$n || ret=1
|
||||
grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
|
||||
grep "TSIG.*hmac-md5.*NOERROR" dig.out.test$n > /dev/null || ret=1
|
||||
grep "Some TSIG could not be validated" dig.out.test$n > /dev/null && ret=1
|
||||
if [ $ret != 0 ]; then
|
||||
echo "I:failed"
|
||||
fi
|
||||
status=`expr $status + $ret`
|
||||
status=$((status+ret))
|
||||
n=$((n+1))
|
||||
|
||||
echo "I:deleting new key"
|
||||
echo "I:deleting new key ($n)"
|
||||
ret=0
|
||||
$KEYDELETE $keyname || ret=1
|
||||
$KEYDELETE 10.53.0.1 "$PORT" "$keyname" || ret=1
|
||||
if [ $ret != 0 ]; then
|
||||
echo "I:failed"
|
||||
fi
|
||||
status=`expr $status + $ret`
|
||||
status=$((status+ret))
|
||||
n=$((n+1))
|
||||
|
||||
echo "I:checking that new key has been deleted"
|
||||
echo "I:checking that new key has been deleted ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS txt txt.example -k $keyname > dig.out.2 || ret=1
|
||||
grep "status: NOERROR" dig.out.2 > /dev/null && ret=1
|
||||
grep "TSIG.*hmac-md5.*NOERROR" dig.out.2 > /dev/null && ret=1
|
||||
grep "Some TSIG could not be validated" dig.out.2 > /dev/null || ret=1
|
||||
dig_with_opts txt txt.example -k "$keyname" > dig.out.test$n || ret=1
|
||||
grep "status: NOERROR" dig.out.test$n > /dev/null && ret=1
|
||||
grep "TSIG.*hmac-md5.*NOERROR" dig.out.test$n > /dev/null && ret=1
|
||||
grep "Some TSIG could not be validated" dig.out.test$n > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then
|
||||
echo "I:failed"
|
||||
fi
|
||||
status=`expr $status + $ret`
|
||||
status=$((status+ret))
|
||||
n=$((n+1))
|
||||
done
|
||||
|
||||
echo "I:creating new key using owner name bar.example."
|
||||
echo "I:creating new key using owner name bar.example. ($n)"
|
||||
ret=0
|
||||
keyname=`$KEYCREATE $dhkeyname bar.example.` || ret=1
|
||||
keyname=$($KEYCREATE 10.53.0.1 "$PORT" "$dhkeyname" bar.example.) || ret=1
|
||||
if [ $ret != 0 ]; then
|
||||
echo "I:failed"
|
||||
status=`expr $status + $ret`
|
||||
status=$((status+ret))
|
||||
echo "I:exit status: $status"
|
||||
exit $status
|
||||
fi
|
||||
status=`expr $status + $ret`
|
||||
status=$((status+ret))
|
||||
n=$((n+1))
|
||||
|
||||
echo "I:checking the key with 'rndc tsig-list'"
|
||||
echo "I:checking the key with 'rndc tsig-list' ($n)"
|
||||
ret=0
|
||||
$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 tsig-list > rndc.out.1
|
||||
grep "key \"bar.example.server" rndc.out.1 > /dev/null || ret=1
|
||||
$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p "$CONTROLPORT" tsig-list > rndc.out.test$n
|
||||
grep "key \"bar.example.server" rndc.out.test$n > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then
|
||||
echo "I:failed"
|
||||
fi
|
||||
status=`expr $status + $ret`
|
||||
status=$((status+ret))
|
||||
n=$((n+1))
|
||||
|
||||
echo "I:using key in a request"
|
||||
echo "I:using key in a request ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS -k $keyname txt.example txt > dig.out.3 || ret=1
|
||||
grep "status: NOERROR" dig.out.3 > /dev/null || ret=1
|
||||
dig_with_opts -k "$keyname" txt.example txt > dig.out.test$n || ret=1
|
||||
grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then
|
||||
echo "I:failed"
|
||||
fi
|
||||
status=`expr $status + $ret`
|
||||
status=$((status+ret))
|
||||
n=$((n+1))
|
||||
|
||||
echo "I:deleting the key with 'rndc tsig-delete'"
|
||||
echo "I:deleting the key with 'rndc tsig-delete' ($n)"
|
||||
ret=0
|
||||
$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 tsig-delete bar.example.server > /dev/null || ret=1
|
||||
$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 tsig-list > rndc.out.2
|
||||
grep "key \"bar.example.server" rndc.out.2 > /dev/null && ret=1
|
||||
$DIG $DIGOPTS -k $keyname txt.example txt > dig.out.4 || ret=1
|
||||
grep "TSIG could not be validated" dig.out.4 > /dev/null || ret=1
|
||||
$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p "$CONTROLPORT" tsig-delete bar.example.server > /dev/null || ret=1
|
||||
$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p "$CONTROLPORT" tsig-list > rndc.out.test$n
|
||||
grep "key \"bar.example.server" rndc.out.test$n > /dev/null && ret=1
|
||||
dig_with_opts -k "$keyname" txt.example txt > dig.out.test$n || ret=1
|
||||
grep "TSIG could not be validated" dig.out.test$n > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then
|
||||
echo "I:failed"
|
||||
fi
|
||||
status=`expr $status + $ret`
|
||||
status=$((status+ret))
|
||||
n=$((n+1))
|
||||
|
||||
echo "I:recreating the bar.example. key"
|
||||
echo "I:recreating the bar.example. key ($n)"
|
||||
ret=0
|
||||
keyname=`$KEYCREATE $dhkeyname bar.example.` || ret=1
|
||||
keyname=$($KEYCREATE 10.53.0.1 "$PORT" "$dhkeyname" bar.example.) || ret=1
|
||||
if [ $ret != 0 ]; then
|
||||
echo "I:failed"
|
||||
status=`expr $status + $ret`
|
||||
status=$((status+ret))
|
||||
echo "I:exit status: $status"
|
||||
exit $status
|
||||
fi
|
||||
status=`expr $status + $ret`
|
||||
status=$((status+ret))
|
||||
n=$((n+1))
|
||||
|
||||
echo "I:checking the new key with 'rndc tsig-list'"
|
||||
echo "I:checking the new key with 'rndc tsig-list' ($n)"
|
||||
ret=0
|
||||
$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 tsig-list > rndc.out.3
|
||||
grep "key \"bar.example.server" rndc.out.3 > /dev/null || ret=1
|
||||
$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p "$CONTROLPORT" tsig-list > rndc.out.test$n
|
||||
grep "key \"bar.example.server" rndc.out.test$n > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then
|
||||
echo "I:failed"
|
||||
fi
|
||||
status=`expr $status + $ret`
|
||||
status=$((status+ret))
|
||||
n=$((n+1))
|
||||
|
||||
echo "I:using the new key in a request"
|
||||
echo "I:using the new key in a request ($n)"
|
||||
ret=0
|
||||
$DIG $DIGOPTS -k $keyname txt.example txt > dig.out.5 || ret=1
|
||||
grep "status: NOERROR" dig.out.5 > /dev/null || ret=1
|
||||
dig_with_opts -k "$keyname" txt.example txt > dig.out.test$n || ret=1
|
||||
grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
|
||||
if [ $ret != 0 ]; then
|
||||
echo "I:failed"
|
||||
fi
|
||||
status=`expr $status + $ret`
|
||||
status=$((status+ret))
|
||||
n=$((n+1))
|
||||
|
||||
echo "I:exit status: $status"
|
||||
[ $status -eq 0 ] || exit 1
|
||||
|
||||
Reference in New Issue
Block a user