libsystemd, despite being useful, adds a huge surface area for just
using the sd_notify API. libsystemd's surface has been exploited in the
past [1].
Implement the systemd notification protocol by hand since it is just
sending newline-delimited datagrams to a UNIX socket. The code shouldn't
need more attention in the future since the notification protocol is
covered under systemd's stability promise [2].
We don't need to support VSOCK-backed service notifications since they
are only intended for virtual machine inits.
[1]: https://www.openwall.com/lists/oss-security/2024/03/29/4
[2]: https://systemd.io/PORTABILITY_AND_STABILITY/
Backport of MR https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/10263
Merge branch 'aydin/standalone-notification-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10454
libsystemd, despite being useful, adds a huge surface area for just
using the sd_notify API. libsystemd's surface has been exploited in the
past [1].
Implement the systemd notification protocol by hand since it is just
sending newline-delimited datagrams to a UNIX socket. The code shouldn't
need more attention in the future since the notification protocol is
covered under systemd's stability promise [2].
We don't need to support VSOCK-backed service notifications since they
are only intended for virtual machine inits.
[1]: https://www.openwall.com/lists/oss-security/2024/03/29/4
[2]: https://systemd.io/PORTABILITY_AND_STABILITY/
(cherry picked from commit 3eb253e81fade5788e4462f651e28fc20358ebee)
The "run.sh" script, used by "make test", changes the working
directory to the system test directory before executing pytest.
If the test drops hypothesis artifacts while running, this
can cause spurious test failures due to an apparent mismatch
between the contents of the system test directory and the
temporary pytest directory. This has been addressed by having
"run.sh" call pytest from the parent directory instead.
(cherry picked from commit c08e78ef73bf2accd81d4bf9b1d149e66f4d27c6)
named-rrchecker now parses the braces which support multi-line input
from the beginning of the input rather than only when reading the
data fields of the record.
Closes#5336
Backport of MR !10521
Merge branch 'backport-5336-extend-named-rrchecker-multiline-support-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10546
named-rrchecker now parses the braces which support multi-line input
from the beginning of the input rather than only when reading the
data fields of the record.
(cherry picked from commit 2e1f933d659561966dc7876356bf3a63b5b797a2)
Coverity flagged a potential divide by zero error in collect in
qpmulti.c when the elapsed time is zero but that is only called
once the elapsed time is greater than or equal to RUNTIME (1/4
second) so INSIST this is the case.
Closes#5329
Backport of MR !10519
Merge branch 'backport-5329-potential-divide-by-zero-in-qpmulti-c-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10545
Coverity flagged a potential divide by zero error in collect in
qpmulti.c when the elapsed time is zero but that is only called
once the elapsed time is greater than or equal to RUNTIME (1/4
second) so INSIST this is the case.
(cherry picked from commit 081dbb110834dc76ae8978a6dd85097382c8e364)
Unexpectedly this broke CI job generator which parses gitlab-ci.yaml
and cannot handle `!reference` YAML tags.
This reverts merge request !10490
Backport of MR !10540
Merge branch 'backport-revert-0a1a599f-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10541
The odd-looking "\ " escape is required to italicize <character-string>
without italicizing the final "s". See reStructuredText Markup
Specification, sections "Inline markup recognition rules" and "Escaping
Mechanism". Most importantly:
Escaped whitespace characters are removed from the output document
together with the escaping backslash. This allows for character-level
inline markup.
(cherry picked from commit 43c5b9aeb4be56ce39c0d34ffde03a57c909d10f)
Limitation: The after_script is not executed if the job did not start at
all, i.e. if the user canceled the job before it got onto a runner.
See https://gitlab.com/groups/gitlab-org/-/epics/10158
(cherry picked from commit 33bc2628b78dd0a91c1ff644184628b184118588)
The tr range did not work on Solaris 11.4. Let's use a class that is
defined in POSIX.
Closes#5326
Backport of MR !10530
Merge branch 'backport-5326-make-rndc_dumpdb-work-on-solaris-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10532
The tr range did not work on Solaris 11.4. Let's use a class that is
defined in POSIX.
(cherry picked from commit baa5ccd795a251d346779ccba3c4de55a497d03c)
Rollover scenarios.
Backport of MR !10292
Merge branch 'backport-matthijs-pytest-rewrite-kasp-system-test-5-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10531
Deduplicate the code for dynamic updates and increase code clarity by
using an actual dns.update.UpdateMessage rather than an undefined
intermediary format passed around as a list of arguments.
(cherry picked from commit c00121b4c23b1b3be5581930abec6e1c2313f45e)
Move the 'csk-roll1' and 'csk-roll2' zones to the rollover test dir and
convert CSK rollover tests to pytest.
The DS swap spans multiple steps. Only the first time we should check
if the "CDS is now published" log is there, and only the first time we
should run 'rndc dnssec -checkds' on the keys. Add a new key to the
step dictionary to disable the DS swap checks.
This made me realize that we need to check for "is not None" in case
the value in the dictionary is False. Update check_rollover_step()
accordingly, and also add a log message which step/zone we are currently
checking.
(cherry picked from commit fd290f391f1dfeac4235e8a431f38e08ebb414fa)
This test shows similarities with the Double KSK rollover method, so
put the test in there.
(cherry picked from commit 46800e407e14617dcd84084f433a47743ac3ebc7)
Move the 'ksk-doubleksk' zones to the rollover test dir and convert KSK
rollover test to pytest.
Since the 'ksk-doubleksk' policy publishes different CDNSKEY/CDS RRsets,
update the 'check_rollover_step' to check which CDNSKEY/CDS RRsets should
be published and which should be prohibited. Update 'isctest.kasp'
accordingly.
We are changing the ZSK lifetime to unlimited in this test case as it
is of no importance (this actually discovered a bug in setting the
next time the keymgr should run).
(cherry picked from commit 9ff7609614d2ae8c2d8358443885bcb857fffde1)
Move the 'zsk-prepub' zones to the rollover test dir and convert ZSK
rollover test to pytest.
We need a way to signal a smooth rollover is going on. Signatures are
being replaced gradually during a ZSK rollover, so the existing
signatures of the predecessor ZSK are still being used. Add a smooth
operator to set the right expectations on what signatures are being
used.
Setting expected key relationships is a bit crude: a list of two
elements where the first element is the index of the expected keys that
is the predecessor, and the second element is the index of the expected
keys that is the successor.
We are changing the KSK lifetime to unlimited in this test case as it
is of no importance.
(cherry picked from commit bd6c70bd67bb150b4c163f64cd02c94fea3d9bc6)
Move the 'enable-dnssec' to the rollover test dir and convert to pytest.
This requires new test functionality to check that "CDS is published"
messages are logged (or prohibited).
The setup part is slightly adapted such that it no longer needs to
set the '-P sync' value in most cases (this is then set by 'named'),
and to adjust for the inappropriate safety intervals fix.
(cherry picked from commit 233fdb8d520bda11fe18efe9c14e36930e6e96b0)
Move the multi-signer test scenarios to the rollover directory and
convert tests to pytest.
- If the KeyProperties set the "legacy" to True, don't set expected
key times, nor check them. Also, when a matching key is found, set
key.external to True.
- External keys don't show up in the 'rndc dnssec -status' output so
skip them in the 'check_dnssecstatus' function. External keys never
sign RRsets, so also skip those keys in the '_check_signatures'
function.
- Key properties strings now can set expected key tag ranges, and if
KeyProperties have tag ranges set, they are checked.
(cherry picked from commit 8ee02190a5f924517b4350e1f985e5df773420fb)
In order to keep the kasp system test somewhat approachable, let's
move all rollover scenarios to its own test directory. Starting with
the manual rollover test cases.
A new test function is added to 'isctest.kasp', to verify that the
relationship metadata (Predecessor, Successor) is set correctly.
The configuration and setup for the zone 'manual-rollover.kasp' are
almost copied verbatim, the only exception is the keytimes. Similar
to the test kasp cases, we no longer set "SyncPublish/PublishCDS" in
the setup script. In addition to that, the offset is changed from one
day ago to one week ago, so that the key states match the timing
metadata (one day is too short to move a key from "hidden" to
"omnipresent").
(cherry picked from commit 4d08ec50d14deccb8d09eba8b56d7b7396144aac)
Vicky and Ondrej have agreed that we should add text to explain that we do not give bug bounties.
Backport of MR !10246
Merge branch 'backport-sgoldlust-main-bug-bounty-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10527
Replace the custom DNS servers used in the "chain" system test with
new code based on the isctest.asyncserver module.
For ans3, replace the sequence of logical conditions present in Perl
code with zone files and a limited amount of custom logic applied on top
of them where necessary.
For ans4, replace the ctl_channel() and create_response() functions with
a custom control command handler coupled with a dynamically instantiated
response handler, making the code more robust and readable.
Migrate sendcmd() and its uses to the new way of sending control queries
to custom servers used in system tests.
Depends on !10409
Backport of MR !10410
Merge branch 'backport-michal/chain-asyncserver-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10526
Replace the custom DNS servers used in the "chain" system test with
new code based on the isctest.asyncserver module.
For ans3, replace the sequence of logical conditions present in Perl
code with zone files and a limited amount of custom logic applied on top
of them where necessary.
For ans4, replace the ctl_channel() and create_response() functions with
a custom control command handler coupled with a dynamically instantiated
response handler, making the code more robust and readable.
Migrate sendcmd() and its uses to the new way of sending control queries
to custom servers used in system tests.
(cherry picked from commit c3d3c9955d61489bc38a5c137d318c7333b2be9e)
To improve readability of sendcmd() calls used for controlling
isctest.asyncserver-based custom DNS servers, pass the command's name
and arguments as separate parameters.
(cherry picked from commit 9a230c16ffadb02b225a3d55d989937b761e58a2)
dnspython does not treat CNAME records in zone files in any special way;
they are just RRsets belonging to zone nodes. Process CNAMEs when
preparing zone-based responses just like a normal authoritative DNS
server would.
Adding proper DNAME support to AsyncDnsServer would add complexity to
its code for little gain: DNAME use in custom system test servers is
limited to crafting responses that attempt to trigger bugs in named.
This fact will not be obvious to AsyncDnsServer users as it
automatically loads all zone files it finds and handles CNAME records
like a normal authoritative DNS server would.
Therefore, to prevent surprises:
- raise an exception whenever DNAME records are found in any of the
zone files loaded by AsyncDnsServer,
- add a new optional argument to the AsyncDnsServer constructor that
enables suppressing this new behavior, enabling zones with DNAME
records to be loaded anyway.
This enables response handlers to use the DNAME records present in zone
files in arbitrary ways without complicating the "base" code.
Backport of MR !10409
Merge branch 'backport-michal/asyncserver-alias-records-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10525
Adding proper DNAME support to AsyncDnsServer would add complexity to
its code for little gain: DNAME use in custom system test servers is
limited to crafting responses that attempt to trigger bugs in named.
This fact will not be obvious to AsyncDnsServer users as it
automatically loads all zone files it finds and handles CNAME records
like a normal authoritative DNS server would.
Therefore, to prevent surprises:
- raise an exception whenever DNAME records are found in any of the
zone files loaded by AsyncDnsServer,
- add a new optional argument to the AsyncDnsServer constructor that
enables suppressing this new behavior, enabling zones with DNAME
records to be loaded anyway.
This enables response handlers to use the DNAME records present in zone
files in arbitrary ways without complicating the "base" code.
(cherry picked from commit 8a562526f6cdaaab37ce31b20e223537281a3d43)
The constructor for the AsyncDnsServer class takes a 'load_zones'
argument that is not used anywhere and is not expected to be useful in
the future: zone files are not required for an AsyncDnsServer instance
to start and, if necessary, zone-based answers can be suppressed or
modified by installing a custom response handler.
(cherry picked from commit 5110278008fdf2689fe37515da214e6faa0f29d7)
dnspython does not treat CNAME records in zone files in any special way;
they are just RRsets belonging to zone nodes. Process CNAMEs when
preparing zone-based responses just like a normal authoritative DNS
server would.
(cherry picked from commit 1b8ceec580aad69b0c869bc01c126d778040caab)
Since AsyncDnsServer logs incoming DNS messages as seen on the wire, do
the same for the responses sent by the server.
(cherry picked from commit 2a9c74546d98b6277165952ed668687f543563e5)
keystore.c failed to compile on Solaris because NAME_MAX was
undefined. Include 'isc/dir.h' which defines NAME_MAX for platforms
that don't define it.
Closes#5327
Backport of MR !10522
Merge branch 'backport-5327-fix-solaris-keystore-build-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10523
keystore.c failed to compile on Solaris because NAME_MAX was
undefined. Include 'isc/dir.h' which defines NAME_MAX for platforms
that don't define it.
(cherry picked from commit 521bf1d50fec0f95e096d31ba671ef8aad4e81f8)
To be consistent with the replacing of Oracle Linux QCOW2 images with
AlmaLinux AWS AMIs, also replace Docker images.
Backport of MR !10434
Merge branch 'backport-mnowak/replace-oracle-linux-with-almalinux-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10512
To be consistent with the replacing of Oracle Linux QCOW2 images with
AlmaLinux AWS AMIs, also replace Docker images.
(cherry picked from commit 63947a20622946af134a1738a10170e1d3770f27)
