linecount=$(grep -c "./${DEFAULT_ALGORITHM}/$keyid ; static" named.secroots.test$n || true)
[ "$linecount" -eq 1 ] || ret=1
linecount=$(< named.secroots.test$n wc -l)
-[ "$linecount" -eq 9 ] || ret=1
+[ "$linecount" -eq 10 ] || ret=1
n=$((n+1))
test "$ret" -eq 0 || echo_i "failed"
status=$((status+ret))
rndccmd 10.53.0.4 reconfig 2>&1 | sed 's/^/ns4 /' | cat_i
rndccmd 10.53.0.4 nta -d > rndc.out.ns4.test$n.1
lines=$(wc -l < rndc.out.ns4.test$n.1)
-[ "$lines" -eq 2 ] || ret=1
+[ "$lines" -eq 3 ] || ret=1
rndccmd 10.53.0.4 nta secure.example 2>&1 | sed 's/^/ns4 /' | cat_i
rndccmd 10.53.0.4 nta fakenode.secure.example 2>&1 | sed 's/^/ns4 /' | cat_i
# reload should maintain NTAs
rndc_reload ns4 10.53.0.4
rndccmd 10.53.0.4 nta -d > rndc.out.ns4.test$n.2
lines=$(wc -l < rndc.out.ns4.test$n.2)
-[ "$lines" -eq 4 ] || ret=1
+[ "$lines" -eq 5 ] || ret=1
# shellcheck disable=SC2016
start=$($PERL -e 'print time()."\n";')
#
rndccmd 10.53.0.4 nta -d > rndc.out.ns4.test$n.3
lines=$(wc -l < rndc.out.ns4.test$n.3)
-[ "$lines" -eq 1 ] || ret=1
+[ "$lines" -eq 2 ] || ret=1
grep "bogus.example/_default: expiry" rndc.out.ns4.test$n.3 > /dev/null || ret=1
dig_with_opts b.bogus.example. a @10.53.0.4 > dig.out.ns4.test$n.4 || ret=1
grep "status: SERVFAIL" dig.out.ns4.test$n.4 > /dev/null && ret=1
echo_i "testing loading regular attribute from NTA file ($n)"
rndccmd 10.53.0.4 nta -d > rndc.out.ns4.test$n.1 2>/dev/null
lines=$(wc -l < rndc.out.ns4.test$n.1)
-[ "$lines" -eq 0 ] || ret=1
+[ "$lines" -eq 1 ] || ret=1
# initially, secure.example. validates with AD=1
dig_with_opts a.secure.example. a @10.53.0.4 > dig.out.ns4.test$n.2 || ret=1
grep "status: SERVFAIL" dig.out.ns4.test$n.2 > /dev/null && ret=1
echo_i "testing loading forced attribute from NTA file ($n)"
rndccmd 10.53.0.4 nta -d > rndc.out.ns4.test$n.1 2>/dev/null
lines=$(wc -l < rndc.out.ns4.test$n.1)
-[ "$lines" -eq 0 ] || ret=1
+[ "$lines" -eq 1 ] || ret=1
# initially, secure.example. validates with AD=1
dig_with_opts a.secure.example. a @10.53.0.4 > dig.out.ns4.test$n.2 || ret=1
grep "status: SERVFAIL" dig.out.ns4.test$n.2 > /dev/null && ret=1
sleep 4
# dump the NTA to a file (omit validate-except entries)
-echo_i "testing 'rndc nta'"
-rndccmd 10.53.0.4 nta -d > rndc.out.ns4.test$n.1 2>/dev/null
+echo_i "testing 'rndc nta -d' with NTA"
+rndccmd 10.53.0.4 nta -d | grep -v ": permanent" > rndc.out.ns4.test$n.1 2>/dev/null
# "corp" is configured as a validate-except domain and thus should be
-# omitted. only "secure.example" should be in the dump at this point.
+# removed by the grep -v above. only "secure.example" should appear in
+# the dump.
lines=$(wc -l < rndc.out.ns4.test$n.1)
[ "$lines" -eq 1 ] || ret=1
grep 'secure.example' rndc.out.ns4.test$n.1 > /dev/null || ret=1
echo_i "skipped ntadiff test; install PERL module Time::Piece"
fi
+echo_i "testing 'rndc nta' lifetime clamping"
+rndccmd 10.53.0.4 nta -d | grep ": permanent" > rndc.out.ns4.test$n.1 2>/dev/null
+# "corp" is configured as a validate-except domain and thus should be
+# the only entry in the dump.
+lines=$(wc -l < rndc.out.ns4.test$n.1)
+[ "$lines" -eq 1 ] || ret=1
+grep 'corp/_default' rndc.out.ns4.test$n.1 > /dev/null || ret=1
+
# cleanup
rndccmd 10.53.0.4 nta -remove secure.example > rndc.out.ns4.test$n.3 2>/dev/null
n=$((n+1))
-if [ "$ret" -ne 0 ]; then echo_i "failed - NTA lifetime clamping failed"; fi
+if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+echo_i "testing 'rndc nta -d' displays validate-except entries"
+rndccmd 10.53.0.4 nta -d | grep ": permanent" > rndc.out.ns4.test$n.1 2>/dev/null
+lines=$(wc -l < rndc.out.ns4.test$n.1)
+[ "$lines" -eq 1 ] || ret=1
+grep 'corp/_default' rndc.out.ns4.test$n.1 > /dev/null || ret=1
+n=$((n+1))
+if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
status=$((status+ret))
echo_i "checking that NTAs work with 'forward only;' to a validating resolver ($n)"
dns_name_t *name;
isc_time_t t;
- /*
- * Skip "validate-except" entries.
- */
+ name = dns_fixedname_initname(&fn);
+ dns_rbt_fullnamefromnode(node, name);
+ dns_name_format(name, nbuf, sizeof(nbuf));
+
if (n->expiry != 0xffffffffU) {
- name = dns_fixedname_initname(&fn);
- dns_rbt_fullnamefromnode(node, name);
- dns_name_format(name, nbuf, sizeof(nbuf));
+ /* Normal NTA entries */
isc_time_set(&t, n->expiry, 0);
isc_time_formattimestamp(&t, tbuf,
sizeof(tbuf));
n->expiry <= now ? "expired"
: "expiry",
tbuf);
- first = false;
- result = putstr(buf, obuf);
- if (result != ISC_R_SUCCESS) {
- goto cleanup;
- }
+ } else {
+ /* "validate-except" entries */
+ snprintf(obuf, sizeof(obuf), "%s%s%s%s: %s",
+ first ? "" : "\n", nbuf,
+ view != NULL ? "/" : "",
+ view != NULL ? view : "", "permanent");
+ }
+
+ first = false;
+ result = putstr(buf, obuf);
+ if (result != ISC_R_SUCCESS) {
+ goto cleanup;
}
}
result = dns_rbtnodechain_next(&chain, NULL, NULL);
return (result);
}
-isc_result_t
-dns_ntatable_dump(dns_ntatable_t *ntatable, FILE *fp) {
- isc_result_t result;
- isc_buffer_t *text = NULL;
- int len = 4096;
-
- isc_buffer_allocate(ntatable->view->mctx, &text, len);
-
- result = dns_ntatable_totext(ntatable, NULL, &text);
-
- if (isc_buffer_usedlength(text) != 0) {
- (void)putstr(&text, "\n");
- } else if (result == ISC_R_SUCCESS) {
- (void)putstr(&text, "none");
- } else {
- (void)putstr(&text, "could not dump NTA table: ");
- (void)putstr(&text, isc_result_totext(result));
- }
-
- fprintf(fp, "%.*s", (int)isc_buffer_usedlength(text),
- (char *)isc_buffer_base(text));
- isc_buffer_free(&text);
- return (result);
-}
-
isc_result_t
dns_ntatable_save(dns_ntatable_t *ntatable, FILE *fp) {
isc_result_t result;
projects / thirdparty / bind9.git / commitdiff
