+3087. [bug] DDNS updates using SIG(0) with update-policy match
+ type "external" could cause a crash. [RT #23735]
+
3086. [bug] Running dnssec-settime -f on an old-style key will
now force an update to the new key format even if no
other change has been specified, using "-P now -A now"
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: nsupdate.c,v 1.194 2011/03/11 06:11:22 marka Exp $ */
+/* $Id: nsupdate.c,v 1.195 2011/03/21 19:54:02 each Exp $ */
/*! \file */
static dns_name_t restart_master;
static dns_tsig_keyring_t *gssring = NULL;
static dns_tsigkey_t *tsigkey = NULL;
-static dst_key_t *sig0key;
+static dst_key_t *sig0key = NULL;
static lwres_context_t *lwctx = NULL;
static lwres_conf_t *lwconf;
static isc_sockaddr_t *servers;
}
#endif
+ if (sig0key != NULL)
+ dst_key_free(&sig0key);
+
ddebug("Shutting down task manager");
isc_taskmgr_destroy(&taskmgr);
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: named.conf,v 1.5 2011/03/11 17:19:05 each Exp $ */
+/* $Id: named.conf,v 1.6 2011/03/21 19:54:02 each Exp $ */
options {
query-source address 10.53.0.1;
#
rm -f ns1/*.jnl ns1/update.txt ns1/auth.sock
+rm -f ns1/*.db ns1/K*.key ns1/K*.private
+rm -f ns1/_default.tsigkeys
rm -f */named.memstats
rm -f authsock.pid
+rm -f ns1/core
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: setup.sh,v 1.3 2010/12/20 23:47:20 tbox Exp $
+# $Id: setup.sh,v 1.4 2011/03/21 19:54:02 each Exp $
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
-rm -f ns1/*.jnl
+RANDFILE="random.data"
+
+
+rm -f ns1/*.jnl ns1/K*.key ns1/K*.private ns1/_default.tsigkeys
+
+../../../tools/genrandom 400 $RANDFILE
+
+key=`$KEYGEN -Cq -K ns1 -a DSA -b 512 -r $RANDFILE -n HOST -T KEY key.example.nil.`
+cat ns1/example.nil.db.in ns1/${key}.key > ns1/example.nil.db
send
EOF
echo "I:testing update for $host $type $cmd"
- $NSUPDATE -g ns1/update.txt || {
+ $NSUPDATE -g ns1/update.txt > /dev/null 2>&1 || {
echo "I:update failed for $host $type $cmd"
return 1
}
echo "I:testing external update policy"
test_update testcname.example.nil. TXT "86400 CNAME testdenied.example.nil" "testdenied" && status=1
-perl ./authsock.pl --type=CNAME --path=ns1/auth.sock --pidfile=authsock.pid --timeout=120 &
+perl ./authsock.pl --type=CNAME --path=ns1/auth.sock --pidfile=authsock.pid --timeout=120 > /dev/null 2>&1 &
sleep 1
test_update testcname.example.nil. TXT "86400 CNAME testdenied.example.nil" "testdenied" || status=1
test_update testcname.example.nil. TXT "86400 A 10.53.0.13" "10.53.0.13" && status=1
+echo "I:testing external policy with SIG(0) key"
+ret=0
+$NSUPDATE -R random.data -k ns1/Kkey.example.nil.*.private <<END > /dev/null 2>&1 || ret=1
+server 10.53.0.1 5300
+zone example.nil
+update add fred.example.nil 120 cname foo.bar.
+send
+END
+output=`$DIG $DIGOPTS +short cname fred.example.nil.`
+[ -n "$output" ] || ret=1
+[ $ret -eq 0 ] || echo "I:failed"
+status=`expr $status + $ret`
+
[ $status -eq 0 ] && echo "I:tsiggss tests all OK"
kill `cat authsock.pid`
-
exit $status
/*
* Principal Author: Brian Wellington
- * $Id: dst_api.c,v 1.58 2011/03/17 01:40:39 each Exp $
+ * $Id: dst_api.c,v 1.59 2011/03/21 19:54:03 each Exp $
*/
/*! \file */
isc_buffer_t *
dst_key_tkeytoken(const dst_key_t *key) {
+ REQUIRE(VALID_KEY(key));
return (key->key_tkeytoken);
}
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dst.h,v 1.32 2011/03/17 01:40:39 each Exp $ */
+/* $Id: dst.h,v 1.33 2011/03/21 19:54:03 each Exp $ */
#ifndef DST_DST_H
#define DST_DST_H 1
/*%<
* Return the token from the TKEY request, if any. If this key was
* not negotiated via TKEY, return NULL.
+ *
+ * Requires:
+ * "key" is a valid key.
*/
* USE OR PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: sdlz.c,v 1.32 2011/03/11 06:11:24 marka Exp $ */
+/* $Id: sdlz.c,v 1.33 2011/03/21 19:54:03 each Exp $ */
/*! \file */
char b_addr[ISC_NETADDR_FORMATSIZE];
char b_type[DNS_RDATATYPE_FORMATSIZE];
char b_key[DST_KEY_FORMATSIZE];
- isc_buffer_t *tkey_token;
+ isc_buffer_t *tkey_token = NULL;
isc_region_t token_region;
isc_uint32_t token_len = 0;
isc_boolean_t ret;
* Format the request elements. sdlz operates on strings, not
* structures
*/
- if (signer)
+ if (signer != NULL)
dns_name_format(signer, b_signer, sizeof(b_signer));
else
b_signer[0] = 0;
dns_name_format(name, b_name, sizeof(b_name));
- if (tcpaddr)
+ if (tcpaddr != NULL)
isc_netaddr_format(tcpaddr, b_addr, sizeof(b_addr));
else
b_addr[0] = 0;
dns_rdatatype_format(type, b_type, sizeof(b_type));
- if (key)
+ if (key != NULL) {
dst_key_format(key, b_key, sizeof(b_key));
- else
+ tkey_token = dst_key_tkeytoken(key);
+ } else
b_key[0] = 0;
- tkey_token = dst_key_tkeytoken(key);
-
- if (tkey_token) {
+ if (tkey_token != NULL) {
isc_buffer_region(tkey_token, &token_region);
token_len = token_region.length;
}
MAYBE_LOCK(imp);
ret = imp->methods->ssumatch(b_signer, b_name, b_addr, b_type, b_key,
token_len,
- token_len ? token_region.base : NULL,
+ token_len != 0 ? token_region.base : NULL,
imp->driverarg, dbdata);
MAYBE_UNLOCK(imp);
return (ret);
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: ssu_external.c,v 1.7 2011/01/13 07:05:57 marka Exp $ */
+/* $Id: ssu_external.c,v 1.8 2011/03/21 19:54:03 each Exp $ */
/*
* This implements external update-policy rules. This allows permission
char b_addr[ISC_NETADDR_FORMATSIZE];
char b_type[DNS_RDATATYPE_FORMATSIZE];
char b_key[DST_KEY_FORMATSIZE];
- isc_buffer_t *tkey_token;
+ isc_buffer_t *tkey_token = NULL;
int fd;
const char *sock_path;
size_t req_len;
if (fd == -1)
return (ISC_FALSE);
- tkey_token = dst_key_tkeytoken(key);
+ if (key != NULL) {
+ dst_key_format(key, b_key, sizeof(b_key));
+ tkey_token = dst_key_tkeytoken(key);
+ } else
+ b_key[0] = 0;
+
+ if (tkey_token != NULL) {
+ isc_buffer_region(tkey_token, &token_region);
+ token_len = token_region.length;
+ }
/* Format the request elements */
- if (signer)
+ if (signer != NULL)
dns_name_format(signer, b_signer, sizeof(b_signer));
else
b_signer[0] = 0;
dns_name_format(name, b_name, sizeof(b_name));
- if (tcpaddr)
+ if (tcpaddr != NULL)
isc_netaddr_format(tcpaddr, b_addr, sizeof(b_addr));
else
b_addr[0] = 0;
dns_rdatatype_format(type, b_type, sizeof(b_type));
- if (key)
- dst_key_format(key, b_key, sizeof(b_key));
- else
- b_key[0] = 0;
-
- if (tkey_token) {
- isc_buffer_region(tkey_token, &token_region);
- token_len = token_region.length;
- }
-
/* Work out how big the request will be */
req_len = sizeof(isc_uint32_t) + /* Format version */
sizeof(isc_uint32_t) + /* Length */
*/
/*
- * $Id: tsig.c,v 1.147 2011/01/11 23:47:13 tbox Exp $
+ * $Id: tsig.c,v 1.148 2011/03/21 19:54:03 each Exp $
*/
/*! \file */
#include <config.h>
result = dns_tsigkey_createfromkey(name, algorithm, dstkey,
ISC_TRUE, creator, inception,
expire, ring->mctx, ring, NULL);
- if (result != ISC_R_SUCCESS && dstkey != NULL)
+ if (dstkey != NULL)
dst_key_free(&dstkey);
return (result);
}
projects / thirdparty / bind9.git / commitdiff
