3057. [bug] "rndc secroots" would abort after the first error

and so could miss some views. [RT #23488]

CHANGES

@@ -1,3 +1,6 @@
+3057.	[bug]		"rndc secroots" would abort after the first error
+			and so could miss some views. [RT #23488]
+
 3056.	[func]		Added support for URI resource record. [RT #23386]
 
 3054.	[bug]		Added elliptic curve support check in

bin/named/server.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: server.c,v 1.605 2011/03/03 04:42:25 each Exp $ */
+/* $Id: server.c,v 1.606 2011/03/03 16:16:43 each Exp $ */
 
 /*! \file */
 
@@ -6305,28 +6305,29 @@ ns_server_dumpsecroots(ns_server_t *server, char *args) {
 	isc_time_formattimestamp(&now, tbuf, sizeof(tbuf));
 	fprintf(fp, "%s\n", tbuf);
 
- nextview:
-	for (view = ISC_LIST_HEAD(server->viewlist);
-	     view != NULL;
-	     view = ISC_LIST_NEXT(view, link))
-	{
-		if (ptr != NULL && strcmp(view->name, ptr) != 0)
-			continue;
-		if (secroots != NULL)
-			dns_keytable_detach(&secroots);
-		result = dns_view_getsecroots(view, &secroots);
-		if (result == ISC_R_NOTFOUND) {
-			result = ISC_R_SUCCESS;
-			continue;
+	do {
+		for (view = ISC_LIST_HEAD(server->viewlist);
+		     view != NULL;
+		     view = ISC_LIST_NEXT(view, link))
+		{
+			if (ptr != NULL && strcmp(view->name, ptr) != 0)
+				continue;
+			if (secroots != NULL)
+				dns_keytable_detach(&secroots);
+			result = dns_view_getsecroots(view, &secroots);
+			if (result == ISC_R_NOTFOUND) {
+				result = ISC_R_SUCCESS;
+				continue;
+			}
+			fprintf(fp, "\n Start view %s\n\n", view->name);
+			result = dns_keytable_dump(secroots, fp);
+			if (result != ISC_R_SUCCESS)
+				fprintf(fp, " dumpsecroots failed: %s\n",
+					isc_result_totext(result));
 		}
-		fprintf(fp, "\n Start view %s\n\n", view->name);
-		CHECK(dns_keytable_dump(secroots, fp));
-	}
-	if (ptr != NULL) {
-		ptr = next_token(&args, " \t");
 		if (ptr != NULL)
-			goto nextview;
-	}
+			ptr = next_token(&args, " \t");
+	} while (ptr != NULL);
 
  cleanup:
 	if (secroots != NULL)

bin/tests/system/dlvauto/clean.sh

@@ -12,13 +12,13 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: clean.sh,v 1.2 2011/03/01 22:44:04 marka Exp $
+# $Id: clean.sh,v 1.3 2011/03/03 16:16:43 each Exp $
 
 rm -f random.data
 rm -f ns1/K*
 rm -f ns1/*.signed
 rm -f ns1/*.db
-rm -f ns1/dlv.conf
+rm -f ns1/bind.keys
 rm -f ns1/*.mkeys.jnl
 rm -f ns1/*.mkeys
 rm -f */named.run
@@ -27,3 +27,4 @@ rm -f ns1/dsset-*.
 rm -f ns2/*.mkeys
 rm -f ns2/*.mkeys.jnl
 rm -f dig.out.ns?.test*
+rm -f ns2/named.secroots

bin/tests/system/dlvauto/ns1/sign.sh

@@ -14,7 +14,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: sign.sh,v 1.2 2011/03/01 22:44:04 marka Exp $
+# $Id: sign.sh,v 1.3 2011/03/03 16:16:46 each Exp $
 
 SYSTEMTESTTOP=../..
 . $SYSTEMTESTTOP/conf.sh
@@ -25,20 +25,32 @@ zone=dlv.isc.org
 infile=dlv.isc.org.db.in
 zonefile=dlv.isc.org.db
 
-keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
-cat $infile $keyname.key > $zonefile
+dlvkey=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
+cat $infile $dlvkey.key > $zonefile
 $SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
 
-cp root.db.in root.db
+zone=.
+infile=root.db.in
+zonefile=root.db
 
-# Configure the resolving server with a trusted key.
+rootkey=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
+cat $infile $rootkey.key > $zonefile
+$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null
 
-cat $keyname.key | grep -v '^; ' | $PERL -n -e '
+# Create bind.keys file for the use of the resolving server
+echo "managed-keys {" > bind.keys
+cat $dlvkey.key | grep -v '^; ' | $PERL -n -e '
 local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
 local $key = join("", @rest);
 print <<EOF
-managed-keys {
     "$dn" initial-key $flags $proto $alg "$key";
-};
 EOF
-' >  dlv.conf
+' >>  bind.keys
+cat $rootkey.key | grep -v '^; ' | $PERL -n -e '
+local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split;
+local $key = join("", @rest);
+print <<EOF
+    "$dn" initial-key $flags $proto $alg "$key";
+EOF
+' >>  bind.keys
+echo "};" >> bind.keys

bin/tests/system/dlvauto/ns2/named.conf

@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named.conf,v 1.2 2011/03/01 22:44:04 marka Exp $ */
+/* $Id: named.conf,v 1.3 2011/03/03 16:16:47 each Exp $ */
 
 // NS2
 
@@ -31,10 +31,19 @@ options {
 	notify no;
 	dnssec-enable yes;
 	dnssec-validation yes;
-	bindkeys-file "../ns1/dlv.conf";
+	bindkeys-file "../ns1/bind.keys";
 	dnssec-lookaside "auto";
 };
 
+key rndc_key {
+        secret "1234abcd8765";
+        algorithm hmac-md5;
+};
+
+controls {
+        inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; };
+};
+
 view "in" {
 	recursion yes;
 	zone "." {
@@ -46,3 +55,7 @@ view "in" {
 view "ch" ch {
 	match-clients { 127.0.0.1; };
 };
+
+view "unused" {
+        match-clients { none; };
+};

bin/tests/system/dlvauto/tests.sh

@@ -12,7 +12,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: tests.sh,v 1.2 2011/03/01 22:44:04 marka Exp $
+# $Id: tests.sh,v 1.3 2011/03/03 16:16:46 each Exp $
 
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
@@ -42,4 +42,18 @@ else
 	status=1
 fi
 
+n=`expr $n + 1`
+echo "I:checking that only the DLV key was imported from bind.keys ($n)"
+ret=0
+$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 secroots 2>&1 | sed 's/^/I:ns2 /'
+linecount=`grep "\./RSAMD5/.* ; managed" ns2/named.secroots | wc -l`
+[ "$linecount" -eq 0 ] || ret=1
+linecount=`grep "dlv.isc.org/RSAMD5/.* ; managed" ns2/named.secroots | wc -l`
+[ "$linecount" -eq 2 ] || ret=1
+linecount=`cat ns2/named.secroots | wc -l`
+[ "$linecount" -eq 13 ] || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 exit $status