mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-30 14:07:59 +00:00
[master] support all algorithms in ddns-confgen
3431. [bug] ddns-confgen: Some valid key algorithms were not accepted. [RT #31927]
This commit is contained in:
Evan Hunt
3
CHANGES
3
CHANGES
@@ -1,3 +1,6 @@
|
|||||||
|
3431. [bug] ddns-confgen: Some valid key algorithms were
|
||||||
|
not accepted. [RT #31927]
|
||||||
|
|
||||||
3430. [bug] win32: isc_time_formatISO8601 was missing the
|
3430. [bug] win32: isc_time_formatISO8601 was missing the
|
||||||
'T' between the date and time. [RT #32044]
|
'T' between the date and time. [RT #32044]
|
||||||
|
|
||||||
|
|||||||
@@ -126,6 +126,7 @@ generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg,
|
|||||||
|
|
||||||
switch (alg) {
|
switch (alg) {
|
||||||
case DST_ALG_HMACMD5:
|
case DST_ALG_HMACMD5:
|
||||||
|
case DST_ALG_HMACSHA512:
|
||||||
if (keysize < 1 || keysize > 512)
|
if (keysize < 1 || keysize > 512)
|
||||||
fatal("keysize %d out of range (must be 1-512)\n",
|
fatal("keysize %d out of range (must be 1-512)\n",
|
||||||
keysize);
|
keysize);
|
||||||
@@ -135,6 +136,21 @@ generate_key(isc_mem_t *mctx, const char *randomfile, dns_secalg_t alg,
|
|||||||
fatal("keysize %d out of range (must be 1-256)\n",
|
fatal("keysize %d out of range (must be 1-256)\n",
|
||||||
keysize);
|
keysize);
|
||||||
break;
|
break;
|
||||||
|
case DST_ALG_HMACSHA1:
|
||||||
|
if (keysize < 1 || keysize > 160)
|
||||||
|
fatal("keysize %d out of range (must be 1-160)\n",
|
||||||
|
keysize);
|
||||||
|
break;
|
||||||
|
case DST_ALG_HMACSHA224:
|
||||||
|
if (keysize < 1 || keysize > 224)
|
||||||
|
fatal("keysize %d out of range (must be 1-224)\n",
|
||||||
|
keysize);
|
||||||
|
break;
|
||||||
|
case DST_ALG_HMACSHA384:
|
||||||
|
if (keysize < 1 || keysize > 384)
|
||||||
|
fatal("keysize %d out of range (must be 1-384)\n",
|
||||||
|
keysize);
|
||||||
|
break;
|
||||||
default:
|
default:
|
||||||
fatal("unsupported algorithm %d\n", alg);
|
fatal("unsupported algorithm %d\n", alg);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -22,7 +22,9 @@
|
|||||||
#
|
#
|
||||||
|
|
||||||
rm -f ns1/*.jnl ns2/*.jnl
|
rm -f ns1/*.jnl ns2/*.jnl
|
||||||
rm -f ns1/example.db ns1/unixtime.db ns1/update.db ns1/other.db ns1/ddns.key
|
rm -f ns1/example.db ns1/unixtime.db ns1/update.db ns1/other.db ns1/keytests.db
|
||||||
|
rm -f ns1/md5.key ns1/sha1.key ns1/sha224.key ns1/sha256.key ns1/sha384.key
|
||||||
|
rm -f ns1/sha512.key ns1/ddns.key
|
||||||
rm -f nsupdate.out
|
rm -f nsupdate.out
|
||||||
rm -f random.data
|
rm -f random.data
|
||||||
rm -f ns2/example.bk
|
rm -f ns2/example.bk
|
||||||
|
|||||||
@@ -90,3 +90,22 @@ zone "unixtime.nil" {
|
|||||||
serial-update-method unixtime;
|
serial-update-method unixtime;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
include "md5.key";
|
||||||
|
include "sha1.key";
|
||||||
|
include "sha224.key";
|
||||||
|
include "sha256.key";
|
||||||
|
include "sha384.key";
|
||||||
|
include "sha512.key";
|
||||||
|
|
||||||
|
zone "keytests.nil" {
|
||||||
|
type master;
|
||||||
|
file "keytests.db";
|
||||||
|
update-policy {
|
||||||
|
grant md5-key name md5.keytests.nil. ANY;
|
||||||
|
grant sha1-key name sha1.keytests.nil. ANY;
|
||||||
|
grant sha224-key name sha224.keytests.nil. ANY;
|
||||||
|
grant sha256-key name sha256.keytests.nil. ANY;
|
||||||
|
grant sha384-key name sha384.keytests.nil. ANY;
|
||||||
|
grant sha512-key name sha512.keytests.nil. ANY;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|||||||
@@ -31,6 +31,7 @@ rm -f ns3/example.db.jnl
|
|||||||
cp -f ns1/example1.db ns1/example.db
|
cp -f ns1/example1.db ns1/example.db
|
||||||
sed 's/example.nil/other.nil/g' ns1/example1.db > ns1/other.db
|
sed 's/example.nil/other.nil/g' ns1/example1.db > ns1/other.db
|
||||||
sed 's/example.nil/unixtime.nil/g' ns1/example1.db > ns1/unixtime.db
|
sed 's/example.nil/unixtime.nil/g' ns1/example1.db > ns1/unixtime.db
|
||||||
|
sed 's/example.nil/keytests.nil/g' ns1/example1.db > ns1/keytests.db
|
||||||
cp -f ns3/example.db.in ns3/example.db
|
cp -f ns3/example.db.in ns3/example.db
|
||||||
|
|
||||||
# update_test.pl has its own zone file because it
|
# update_test.pl has its own zone file because it
|
||||||
@@ -53,4 +54,11 @@ EOF
|
|||||||
../../../tools/genrandom 400 random.data
|
../../../tools/genrandom 400 random.data
|
||||||
$DDNSCONFGEN -q -r random.data -z example.nil > ns1/ddns.key
|
$DDNSCONFGEN -q -r random.data -z example.nil > ns1/ddns.key
|
||||||
|
|
||||||
|
$DDNSCONFGEN -q -r random.data -a hmac-md5 -k md5-key -z keytests.nil > ns1/md5.key
|
||||||
|
$DDNSCONFGEN -q -r random.data -a hmac-sha1 -k sha1-key -z keytests.nil > ns1/sha1.key
|
||||||
|
$DDNSCONFGEN -q -r random.data -a hmac-sha224 -k sha224-key -z keytests.nil > ns1/sha224.key
|
||||||
|
$DDNSCONFGEN -q -r random.data -a hmac-sha256 -k sha256-key -z keytests.nil > ns1/sha256.key
|
||||||
|
$DDNSCONFGEN -q -r random.data -a hmac-sha384 -k sha384-key -z keytests.nil > ns1/sha384.key
|
||||||
|
$DDNSCONFGEN -q -r random.data -a hmac-sha512 -k sha512-key -z keytests.nil > ns1/sha512.key
|
||||||
|
|
||||||
(cd ns3; sh -e sign.sh)
|
(cd ns3; sh -e sign.sh)
|
||||||
|
|||||||
@@ -504,5 +504,24 @@ if [ $ret -ne 0 ]; then
|
|||||||
status=1
|
status=1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
n=`expr $n + 1`
|
||||||
|
ret=0
|
||||||
|
echo "I:check TSIG key algorithms ($n)"
|
||||||
|
for alg in md5 sha1 sha224 sha256 sha384 sha512; do
|
||||||
|
$NSUPDATE -k ns1/${alg}.key <<END > /dev/null || ret=1
|
||||||
|
server 10.53.0.1 5300
|
||||||
|
update add ${alg}.keytests.nil. 600 A 10.10.10.3
|
||||||
|
send
|
||||||
|
END
|
||||||
|
done
|
||||||
|
sleep 2
|
||||||
|
for alg in md5 sha1 sha224 sha256 sha384 sha512; do
|
||||||
|
$DIG +short @10.53.0.1 -p 5300 ${alg}.keytests.nil | grep 10.10.10.3 > /dev/null 2>&1 || ret=1
|
||||||
|
done
|
||||||
|
if [ $ret -ne 0 ]; then
|
||||||
|
echo "I:failed"
|
||||||
|
status=1
|
||||||
|
fi
|
||||||
|
|
||||||
echo "I:exit status: $status"
|
echo "I:exit status: $status"
|
||||||
exit $status
|
exit $status
|
||||||
|
|||||||
Reference in New Issue
Block a user