FILE *fp = NULL;
isc_time_t now;
char tbuf[64];
+ unsigned int used = isc_buffer_usedlength(*text);
+ bool first = true;
/* Skip the command name. */
ptr = next_token(lex, text);
- if (ptr == NULL)
+ if (ptr == NULL) {
return (ISC_R_UNEXPECTEDEND);
+ }
/* "-" here means print the output instead of dumping to file */
ptr = next_token(lex, text);
- if (ptr != NULL && strcmp(ptr, "-") == 0)
+ if (ptr != NULL && strcmp(ptr, "-") == 0) {
ptr = next_token(lex, text);
- else {
+ } else {
result = isc_stdio_open(server->secrootsfile, "w", &fp);
if (result != ISC_R_SUCCESS) {
(void) putstr(text, "could not open ");
CHECK(putstr(text, "secure roots as of "));
CHECK(putstr(text, tbuf));
CHECK(putstr(text, ":\n"));
+ used = isc_buffer_usedlength(*text);
do {
for (view = ISC_LIST_HEAD(server->viewlist);
view != NULL;
view = ISC_LIST_NEXT(view, link))
{
- if (ptr != NULL && strcmp(view->name, ptr) != 0)
+ if (ptr != NULL && strcmp(view->name, ptr) != 0) {
continue;
- if (secroots != NULL)
+ }
+ if (secroots != NULL) {
dns_keytable_detach(&secroots);
+ }
result = dns_view_getsecroots(view, &secroots);
if (result == ISC_R_NOTFOUND) {
result = ISC_R_SUCCESS;
continue;
}
- CHECK(putstr(text, "\n Start view "));
+ if (first || used != isc_buffer_usedlength(*text)) {
+ CHECK(putstr(text, "\n"));
+ first = false;
+ }
+ CHECK(putstr(text, " Start view "));
CHECK(putstr(text, view->name));
CHECK(putstr(text, "\n Secure roots:\n\n"));
+ used = isc_buffer_usedlength(*text);
CHECK(dns_keytable_totext(secroots, text));
- if (ntatable != NULL)
+ if (ntatable != NULL) {
dns_ntatable_detach(&ntatable);
+ }
result = dns_view_getntatable(view, &ntatable);
if (result == ISC_R_NOTFOUND) {
result = ISC_R_SUCCESS;
continue;
}
- CHECK(putstr(text, "\n Negative trust anchors:\n\n"));
+ if (used != isc_buffer_usedlength(*text)) {
+ CHECK(putstr(text, "\n"));
+ }
+ CHECK(putstr(text, " Negative trust anchors:\n\n"));
+ used = isc_buffer_usedlength(*text);
CHECK(dns_ntatable_totext(ntatable, NULL, text));
}
- if (ptr != NULL)
+
+ if (ptr != NULL) {
ptr = next_token(lex, text);
+ }
} while (ptr != NULL);
cleanup:
- if (isc_buffer_usedlength(*text) > 0) {
- if (fp != NULL)
- (void)putstr(text, "\n");
- else
- (void)putnull(text);
- }
- if (secroots != NULL)
+ if (secroots != NULL) {
dns_keytable_detach(&secroots);
- if (ntatable != NULL)
+ }
+ if (ntatable != NULL) {
dns_ntatable_detach(&ntatable);
+ }
+
if (fp != NULL) {
+ if (used != isc_buffer_usedlength(*text)) {
+ (void)putstr(text, "\n");
+ }
fprintf(fp, "%.*s", (int) isc_buffer_usedlength(*text),
(char *) isc_buffer_base(*text));
isc_buffer_clear(*text);
(void)isc_stdio_close(fp);
+ } else if (isc_buffer_usedlength(*text) > 0) {
+ (void)putnull(text);
}
- if (result == ISC_R_SUCCESS)
+
+ if (result == ISC_R_SUCCESS) {
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_SERVER, ISC_LOG_INFO,
"dumpsecroots complete");
- else
+ } else {
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR,
"dumpsecroots failed: %s",
dns_result_totext(result));
+ }
return (result);
}
awk '($4 == "NS") || ($4 == "RRSIG" && $5 == "NS") { next} { print }' "$1"
}
+#
+# Ensure there is not multiple consecutive blank lines.
+# Ensure there is a blank line before "Start view" and
+# "Negative trust anchors:".
+# Ensure there is not a blank line before "Secure roots:".
+#
+check_secroots_layout () {
+ awk '$0 == "" { if (empty) exit(1); empty=1; next }
+ /Start view/ { if (!empty) exit(1) }
+ /Secure roots:/ { if (empty) exit(1) }
+ /Negative trust anchors:/ { if (!empty) exit(1) }
+ { empty=0 }' $1
+ return $?
+}
+
# Check that for a query against a validating resolver where the
# authoritative zone is unsigned (insecure delegation), glue is returned
# in the additional section
# Test that "rndc secroots" is able to dump trusted keys
echo_i "checking rndc secroots ($n)"
ret=0
-rndccmd 10.53.0.4 secroots 2>&1 | sed 's/^/ns4 /' | cat_i
keyid=$(cat ns1/managed.key.id)
+rndccmd 10.53.0.4 secroots 2>&1 | sed 's/^/ns4 /' | cat_i
cp ns4/named.secroots named.secroots.test$n
+check_secroots_layout named.secroots.test$n || ret=1
linecount=$(grep -c "./${DEFAULT_ALGORITHM}/$keyid ; static" named.secroots.test$n || true)
[ "$linecount" -eq 1 ] || ret=1
linecount=$(< named.secroots.test$n wc -l)
-[ "$linecount" -eq 10 ] || ret=1
+[ "$linecount" -eq 9 ] || ret=1
n=$((n+1))
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
grep "flags:[^;]* ad[^;]*;" dig.out.ns4.test$n.7 > /dev/null && ret=1
echo_i "dumping secroots"
rndccmd 10.53.0.4 secroots | sed 's/^/ns4 /' | cat_i
-grep "bogus.example: expiry" ns4/named.secroots > /dev/null || ret=1
-grep "badds.example: expiry" ns4/named.secroots > /dev/null || ret=1
-grep "secure.example: expiry" ns4/named.secroots > /dev/null || ret=1
-grep "fakenode.secure.example: expiry" ns4/named.secroots > /dev/null || ret=1
+cp ns4/named.secroots named.secroots.test$n
+check_secroots_layout named.secroots.test$n || ret=1
+grep "bogus.example: expiry" named.secroots.test$n > /dev/null || ret=1
+grep "badds.example: expiry" named.secroots.test$n > /dev/null || ret=1
+grep "secure.example: expiry" named.secroots.test$n > /dev/null || ret=1
+grep "fakenode.secure.example: expiry" named.secroots.test$n > /dev/null || ret=1
if [ "$ret" -ne 0 ]; then echo_i "failed - with NTA's in place failed"; fi
status=$((status+ret))
status=$((status+ret))
done
+echo_i "checking secroots output with multiple views ($n)"
+rndccmd 10.53.0.4 secroots 2>&1 | sed 's/^/ns4 /' | cat_i
+cp ns4/named.secroots named.secroots.test$n
+check_secroots_layout named.secroots.test$n || ret=1
+n=$((n+1))
+test "$ret" -eq 0 || echo_i "failed"
+status=$((status+ret))
+
echo_i "exit status: $status"
[ $status -eq 0 ] || exit 1
projects / thirdparty / bind9.git / commitdiff
