diff --git a/CHANGES b/CHANGES index 625bc06976..91e0d43bdf 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +3057. [bug] "rndc secroots" would abort after the first error + and so could miss some views. [RT #23488] + 3056. [func] Added support for URI resource record. [RT #23386] 3054. [bug] Added elliptic curve support check in diff --git a/bin/named/server.c b/bin/named/server.c index dac5755583..49855fecfd 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: server.c,v 1.605 2011/03/03 04:42:25 each Exp $ */ +/* $Id: server.c,v 1.606 2011/03/03 16:16:43 each Exp $ */ /*! \file */ @@ -6305,28 +6305,29 @@ ns_server_dumpsecroots(ns_server_t *server, char *args) { isc_time_formattimestamp(&now, tbuf, sizeof(tbuf)); fprintf(fp, "%s\n", tbuf); - nextview: - for (view = ISC_LIST_HEAD(server->viewlist); - view != NULL; - view = ISC_LIST_NEXT(view, link)) - { - if (ptr != NULL && strcmp(view->name, ptr) != 0) - continue; - if (secroots != NULL) - dns_keytable_detach(&secroots); - result = dns_view_getsecroots(view, &secroots); - if (result == ISC_R_NOTFOUND) { - result = ISC_R_SUCCESS; - continue; + do { + for (view = ISC_LIST_HEAD(server->viewlist); + view != NULL; + view = ISC_LIST_NEXT(view, link)) + { + if (ptr != NULL && strcmp(view->name, ptr) != 0) + continue; + if (secroots != NULL) + dns_keytable_detach(&secroots); + result = dns_view_getsecroots(view, &secroots); + if (result == ISC_R_NOTFOUND) { + result = ISC_R_SUCCESS; + continue; + } + fprintf(fp, "\n Start view %s\n\n", view->name); + result = dns_keytable_dump(secroots, fp); + if (result != ISC_R_SUCCESS) + fprintf(fp, " dumpsecroots failed: %s\n", + isc_result_totext(result)); } - fprintf(fp, "\n Start view %s\n\n", view->name); - CHECK(dns_keytable_dump(secroots, fp)); - } - if (ptr != NULL) { - ptr = next_token(&args, " \t"); if (ptr != NULL) - goto nextview; - } + ptr = next_token(&args, " \t"); + } while (ptr != NULL); cleanup: if (secroots != NULL) diff --git a/bin/tests/system/dlvauto/clean.sh b/bin/tests/system/dlvauto/clean.sh index 5526683a5c..f04141af71 100644 --- a/bin/tests/system/dlvauto/clean.sh +++ b/bin/tests/system/dlvauto/clean.sh @@ -12,13 +12,13 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: clean.sh,v 1.2 2011/03/01 22:44:04 marka Exp $ +# $Id: clean.sh,v 1.3 2011/03/03 16:16:43 each Exp $ rm -f random.data rm -f ns1/K* rm -f ns1/*.signed rm -f ns1/*.db -rm -f ns1/dlv.conf +rm -f ns1/bind.keys rm -f ns1/*.mkeys.jnl rm -f ns1/*.mkeys rm -f */named.run @@ -27,3 +27,4 @@ rm -f ns1/dsset-*. rm -f ns2/*.mkeys rm -f ns2/*.mkeys.jnl rm -f dig.out.ns?.test* +rm -f ns2/named.secroots diff --git a/bin/tests/system/dlvauto/ns1/sign.sh b/bin/tests/system/dlvauto/ns1/sign.sh index d7ea2471a0..871d5701cb 100644 --- a/bin/tests/system/dlvauto/ns1/sign.sh +++ b/bin/tests/system/dlvauto/ns1/sign.sh @@ -14,7 +14,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: sign.sh,v 1.2 2011/03/01 22:44:04 marka Exp $ +# $Id: sign.sh,v 1.3 2011/03/03 16:16:46 each Exp $ SYSTEMTESTTOP=../.. . $SYSTEMTESTTOP/conf.sh @@ -25,20 +25,32 @@ zone=dlv.isc.org infile=dlv.isc.org.db.in zonefile=dlv.isc.org.db -keyname=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` -cat $infile $keyname.key > $zonefile +dlvkey=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` +cat $infile $dlvkey.key > $zonefile $SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null -cp root.db.in root.db +zone=. +infile=root.db.in +zonefile=root.db -# Configure the resolving server with a trusted key. +rootkey=`$KEYGEN -q -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone` +cat $infile $rootkey.key > $zonefile +$SIGNER -P -g -r $RANDFILE -o $zone $zonefile > /dev/null -cat $keyname.key | grep -v '^; ' | $PERL -n -e ' +# Create bind.keys file for the use of the resolving server +echo "managed-keys {" > bind.keys +cat $dlvkey.key | grep -v '^; ' | $PERL -n -e ' local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; local $key = join("", @rest); print < dlv.conf +' >> bind.keys +cat $rootkey.key | grep -v '^; ' | $PERL -n -e ' +local ($dn, $class, $type, $flags, $proto, $alg, @rest) = split; +local $key = join("", @rest); +print <> bind.keys +echo "};" >> bind.keys diff --git a/bin/tests/system/dlvauto/ns2/named.conf b/bin/tests/system/dlvauto/ns2/named.conf index 543ac2238b..a7b86d0160 100644 --- a/bin/tests/system/dlvauto/ns2/named.conf +++ b/bin/tests/system/dlvauto/ns2/named.conf @@ -14,7 +14,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: named.conf,v 1.2 2011/03/01 22:44:04 marka Exp $ */ +/* $Id: named.conf,v 1.3 2011/03/03 16:16:47 each Exp $ */ // NS2 @@ -31,10 +31,19 @@ options { notify no; dnssec-enable yes; dnssec-validation yes; - bindkeys-file "../ns1/dlv.conf"; + bindkeys-file "../ns1/bind.keys"; dnssec-lookaside "auto"; }; +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-md5; +}; + +controls { + inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; }; +}; + view "in" { recursion yes; zone "." { @@ -46,3 +55,7 @@ view "in" { view "ch" ch { match-clients { 127.0.0.1; }; }; + +view "unused" { + match-clients { none; }; +}; diff --git a/bin/tests/system/dlvauto/tests.sh b/bin/tests/system/dlvauto/tests.sh index 56f764fcd1..908803b760 100644 --- a/bin/tests/system/dlvauto/tests.sh +++ b/bin/tests/system/dlvauto/tests.sh @@ -12,7 +12,7 @@ # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR # PERFORMANCE OF THIS SOFTWARE. -# $Id: tests.sh,v 1.2 2011/03/01 22:44:04 marka Exp $ +# $Id: tests.sh,v 1.3 2011/03/03 16:16:46 each Exp $ SYSTEMTESTTOP=.. . $SYSTEMTESTTOP/conf.sh @@ -42,4 +42,18 @@ else status=1 fi +n=`expr $n + 1` +echo "I:checking that only the DLV key was imported from bind.keys ($n)" +ret=0 +$RNDC -c ../common/rndc.conf -s 10.53.0.2 -p 9953 secroots 2>&1 | sed 's/^/I:ns2 /' +linecount=`grep "\./RSAMD5/.* ; managed" ns2/named.secroots | wc -l` +[ "$linecount" -eq 0 ] || ret=1 +linecount=`grep "dlv.isc.org/RSAMD5/.* ; managed" ns2/named.secroots | wc -l` +[ "$linecount" -eq 2 ] || ret=1 +linecount=`cat ns2/named.secroots | wc -l` +[ "$linecount" -eq 13 ] || ret=1 +n=`expr $n + 1` +if [ $ret != 0 ]; then echo "I:failed"; fi +status=`expr $status + $ret` + exit $status