try:
keyring = dns.tsigkeyring.from_text(
{
- "foo": {"hmac-sha256", "aaaaaaaaaaaa"},
- "fake": {"hmac-sha256", "aaaaaaaaaaaa"},
+ "foo": {os.getenv("DEFAULT_HMAC", "hmac-sha256"), "aaaaaaaaaaaa"},
+ "fake": {os.getenv("DEFAULT_HMAC", "hmac-sha256"), "aaaaaaaaaaaa"},
}
)
except:
key foo {
secret "aaaaaaaaaaaa";
- algorithm hmac-sha256;
+ algorithm @DEFAULT_HMAC@;
};
server 10.53.0.10 {
echo_i "check that TSIG test server is correctly configured ($n)"
ret=0
pat="; COOKIE: ................................ (good)"
- key=hmac-sha256:foo:aaaaaaaaaaaa
+ key="${DEFAULT_HMAC}:foo:aaaaaaaaaaaa"
#UDP
$DIG $DIGOPTS @10.53.0.10 -y $key +notcp tsig. > dig.out.test$n.1
grep "status: NOERROR" dig.out.test$n.1 > /dev/null || ret=1
key auth {
secret "1234abcd8765";
- algorithm hmac-sha256;
+ algorithm @DEFAULT_HMAC@;
};
key subkey {
secret "1234abcd8765";
- algorithm hmac-sha256;
+ algorithm @DEFAULT_HMAC@;
};
controls {
ret=0
echo_i "check 'grant' in deny name + grant subdomain ($n)"
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 || ret=1
-key hmac-sha256:subkey 1234abcd8765
+key $DEFAULT_HMAC:subkey 1234abcd8765
server 10.53.0.9 ${PORT}
zone denyname.example
update add foo.denyname.example 3600 IN TXT added
ret=0
echo_i "check 'deny' in deny name + grant subdomain ($n)"
$NSUPDATE << EOF > nsupdate.out-$n 2>&1 && ret=1
-key hmac-sha256:subkey 1234abcd8765
+key $DEFAULT_HMAC:subkey 1234abcd8765
server 10.53.0.9 ${PORT}
zone denyname.example
update add denyname.example 3600 IN TXT added
# information regarding copyright ownership.
rm -f dig.out.*.test*
+rm -f ns*/*.nta
+rm -f ns*/managed-keys.bind* ns*/*.mkeys*
+rm -f ns*/named.conf
rm -f ns*/named.lock
rm -f ns*/named.memstats
rm -f ns*/named.run ns*/named.run.prev
rm -f ns2/named.stats
rm -f ns2/nil.db ns2/other.db ns2/static.db ns2/*.jnl
+rm -f ns2/secondkey.conf
rm -f ns2/session.key
rm -f ns3/named_dump.db*
rm -f ns4/*.nta
rm -f ns6/huge.zone.db
rm -f ns7/include.db ns7/test.db ns7/*.jnl
rm -f ns7/named_dump.db*
-rm -f ns*/named.conf
rm -f nsupdate.out.*.test*
rm -f python.out.*.test*
rm -f rndc.out.*.test*
-rm -f ns*/managed-keys.bind* ns*/*.mkeys*
-rm -f ns*/*.nta
key secondkey {
secret "abcd1234abcd8765";
- algorithm hmac-sha256;
+ algorithm @DEFAULT_HMAC@;
};
controls {
key secondkey {
secret "abcd1234abcd8765";
- algorithm hmac-sha256;
+ algorithm @DEFAULT_HMAC@;
};
key secondkey {
secret "abcd1234abcd8765";
- algorithm hmac-sha256;
+ algorithm @DEFAULT_HMAC@;
};
controls {
printf "host%d IN A 10.53.0.6\n", i; }' < /dev/null >> ns6/huge.zone.db
copy_setports ns2/named.conf.in ns2/named.conf
+copy_setports ns2/secondkey.conf.in ns2/secondkey.conf
copy_setports ns3/named.conf.in ns3/named.conf
copy_setports ns4/named.conf.in ns4/named.conf
copy_setports ns5/named.conf.in ns5/named.conf
key rndc_key {
secret "1234abcd8765";
- algorithm hmac-sha256;
+ algorithm @DEFAULT_HMAC@;
};
+
controls {
inet 10.53.0.5 port 9953 allow { any; } keys { rndc_key; };
};
-
# Clean up after rrl tests.
-rm -f dig.out* *mdig.out*
rm -f */named.memstats */named.run */named.stats */log-* */session.key
-rm -f ns3/bl*.db */*.jnl */*.core */*.pid
-rm -f ns*/named.lock
-rm -f ns*/named.conf
+rm -f broken.conf
rm -f broken.out
+rm -f dig.out* *mdig.out*
rm -f ns*/managed-keys.bind*
+rm -f ns*/named.conf
+rm -f ns*/named.lock
+rm -f ns3/bl*.db */*.jnl */*.core */*.pid
$SHELL clean.sh
+copy_setports broken.conf.in broken.conf
copy_setports ns1/named.conf.in ns1/named.conf
copy_setports ns2/named.conf.in ns2/named.conf
copy_setports ns3/named.conf.in ns3/named.conf
projects / thirdparty / bind9.git / commitdiff
