2641. [bug] Fixed an error in parsing update-policy syntax,

			added a regression test to check it. [RT #20007]

diff --git a/CHANGES b/CHANGES
index 244739a42355cc4f0e9200f93b995da056a1f197..d9852e1dd278a3b62071e0a3ace1aa7b8fd1128e 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,8 @@
        --- 9.7.0a2 released ---
 
+2641.  [bug]           Fixed an error in parsing update-policy syntax,
+                       added a regression test to check it. [RT #20007]
+
 2640.  [security]      A specially crafted update packet will cause named
                        to exit. [RT #20000]
 

diff --git a/bin/confgen/ddns-confgen.c b/bin/confgen/ddns-confgen.c
index f25a15a1ad11127f589d216a5be15ddcc9036136..c2ec61e1dcf32fe76a8ef2b92ddd511fe883364a 100644 (file)
--- a/bin/confgen/ddns-confgen.c
+++ b/bin/confgen/ddns-confgen.c
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: ddns-confgen.c,v 1.7 2009/07/02 22:50:24 jinmei Exp $ */
+/* $Id: ddns-confgen.c,v 1.8 2009/07/29 17:52:00 each Exp $ */
 
 /*! \file */
 
@@ -234,13 +234,14 @@ update-policy {\n\
 };\n",
                               keyname);
                }
-       }
 
-       printf("\n\
+               printf("\n\
 # After the keyfile has been placed, the following command will\n\
 # execute nsupdate using this key:\n\
 nsupdate -k <keyfile>\n");
 
+       }
+
        if (keybuf != NULL)
                isc_mem_put(mctx, keybuf, len);
 

diff --git a/bin/tests/system/conf.sh.in b/bin/tests/system/conf.sh.in
index 23b31f10ce64a6e78a1ffb57c448b5b11cc889a5..633d962b9c181258e340b893b003a12989e4147f 100644 (file)
--- a/bin/tests/system/conf.sh.in
+++ b/bin/tests/system/conf.sh.in
@@ -15,7 +15,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: conf.sh.in,v 1.39 2008/01/10 23:47:01 tbox Exp $
+# $Id: conf.sh.in,v 1.40 2009/07/29 17:52:00 each Exp $
 
 #
 # Common configuration data for system tests, to be sourced into
@@ -35,6 +35,7 @@ LWRESD="$TOP/bin/named/named -l"
 DIG=$TOP/bin/dig/dig
 RNDC=$TOP/bin/rndc/rndc
 NSUPDATE=$TOP/bin/nsupdate/nsupdate
+DDNSCONFGEN=$TOP/bin/confgen/ddns-confgen
 KEYGEN=$TOP/bin/dnssec/dnssec-keygen
 SIGNER=$TOP/bin/dnssec/dnssec-signzone
 CHECKZONE=$TOP/bin/check/named-checkzone

diff --git a/bin/tests/system/nsupdate/clean.sh b/bin/tests/system/nsupdate/clean.sh
index 565c97ba7fccd992c3c5d529d60266f3826ad1f1..43185dfb58e455bc6b325aa2b51d421517fe2d72 100644 (file)
--- a/bin/tests/system/nsupdate/clean.sh
+++ b/bin/tests/system/nsupdate/clean.sh
@@ -15,14 +15,14 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: clean.sh,v 1.12 2007/09/26 03:22:44 marka Exp $
+# $Id: clean.sh,v 1.13 2009/07/29 17:52:00 each Exp $
 
 #
 # Clean up after zone transfer tests.
 #
 
 rm -f dig.out.ns1 dig.out.ns2 dig.out.ns1.after ns1/*.jnl ns2/*.jnl \
-    ns1/example.db ns1/update.db
+    ns1/example.db ns1/update.db ns1/other.db
 rm -f ns2/example.bk
 rm -f ns2/update.bk
 rm -f */named.memstats

diff --git a/bin/tests/system/nsupdate/ns1/named.conf b/bin/tests/system/nsupdate/ns1/named.conf
index 0c0e8ff46089d04e162bc19b23c12b8d88ca4d51..0bc4ac5857c457b8b39f34691f1745da39a64142 100644 (file)
--- a/bin/tests/system/nsupdate/ns1/named.conf
+++ b/bin/tests/system/nsupdate/ns1/named.conf
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named.conf,v 1.17 2007/06/19 23:47:04 tbox Exp $ */
+/* $Id: named.conf,v 1.18 2009/07/29 17:52:00 each Exp $ */
 
 controls { /* empty */ };
 
@@ -25,7 +25,8 @@ options {
        transfer-source 10.53.0.1;
        port 5300;
        pid-file "named.pid";
-       listen-on { 10.53.0.1; };
+       session-keyfile "session.key";
+       listen-on { 10.53.0.1; 127.0.0.1; };
        listen-on-v6 { none; };
        recursion no;
        notify yes;
@@ -40,11 +41,24 @@ controls {
        inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; };
 };
 
+include "ddns.key";
+
 zone "example.nil" {
        type master;
        file "example.db";
        check-integrity no;
-       allow-update { any; };
+       update-policy {
+               grant ddns-key.example.nil subdomain example.nil ANY;
+       };
+       allow-transfer { any; };
+};
+
+zone "other.nil" {
+       type master;
+       file "other.db";
+       check-integrity no;
+       update-policy local;
+       allow-query-on { 127.0.0.1; };
        allow-transfer { any; };
 };
 

diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh
index 2d9d51b8a18eaaa31e0c5d8e07ea87b690036621..aac7eecf52f7ea502069fbbe5b175c01a3d5ba86 100644 (file)
--- a/bin/tests/system/nsupdate/setup.sh
+++ b/bin/tests/system/nsupdate/setup.sh
@@ -15,7 +15,10 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: setup.sh,v 1.10 2007/06/19 23:47:04 tbox Exp $
+# $Id: setup.sh,v 1.11 2009/07/29 17:52:00 each Exp $
+
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
 
 #
 # jnl and database files MUST be removed before we start
@@ -24,6 +27,7 @@
 rm -f ns1/*.jnl ns1/example.db ns2/*.jnl ns2/example.bk
 
 cp -f ns1/example1.db ns1/example.db
+sed 's/example.nil/other.nil/g' ns1/example1.db > ns1/other.db
 
 # update_test.pl has its own zone file because it
 # requires a specific NS record set.
@@ -40,3 +44,5 @@ update.nil              IN SOA  ns1.example.nil. hostmaster.example.nil. (
 update.nil.             NS      ns1.update.nil.
 ns1.update.nil.         A       10.53.0.2
 EOF
+
+$DDNSCONFGEN -q -z example.nil > ns1/ddns.key

diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
index c6a26bbc6078ca030dd87c0baebd84c70c7cee36..b6aa4adafa40b542489839132a8788b9674dc1c0 100644 (file)
--- a/bin/tests/system/nsupdate/tests.sh
+++ b/bin/tests/system/nsupdate/tests.sh
@@ -15,7 +15,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: tests.sh,v 1.25 2007/06/19 23:47:04 tbox Exp $
+# $Id: tests.sh,v 1.26 2009/07/29 17:52:00 each Exp $
 
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
@@ -28,7 +28,7 @@ $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
 
 echo "I:fetching second copy of zone before update"
 $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.nil.\
-       @10.53.0.1 axfr -p 5300 > dig.out.ns2 || status=1
+       @10.53.0.2 axfr -p 5300 > dig.out.ns2 || status=1
 
 echo "I:comparing pre-update copies to known good data"
 $PERL ../digcomp.pl knowngood.ns1.before dig.out.ns1 || status=1
@@ -36,7 +36,7 @@ $PERL ../digcomp.pl knowngood.ns1.before dig.out.ns2 || status=1
 
 echo "I:updating zone"
 # nsupdate will print a ">" prompt to stdout as it gets each input line.
-$NSUPDATE <<END > /dev/null || status=1
+$NSUPDATE -k ns1/ddns.key <<END > /dev/null || status=1
 server 10.53.0.1 5300
 update add updated.example.nil. 600 A 10.10.10.1
 update add updated.example.nil. 600 TXT Foo
@@ -58,6 +58,28 @@ echo "I:comparing post-update copies to known good data"
 $PERL ../digcomp.pl knowngood.ns1.after dig.out.ns1 || status=1
 $PERL ../digcomp.pl knowngood.ns1.after dig.out.ns2 || status=1
 
+echo "I:testing local update policy"
+pre=`$DIG +short new.other.nil. @10.53.0.1 a -p 5300` || status=1
+[ -z "$pre" ] || status=1
+
+echo "I:updating zone"
+# nsupdate will print a ">" prompt to stdout as it gets each input line.
+$NSUPDATE -l -p 5300 -k ns1/session.key > /dev/null <<END || status=1
+zone other.nil.
+update add new.other.nil. 600 IN A 10.10.10.1
+send
+END
+
+echo "I:sleeping 5 seconds for server to incorporate changes"
+sleep 5
+
+echo "I:checking result of update"
+post=`$DIG +short new.other.nil. @10.53.0.1 a -p 5300` || status=1
+[ "$post" = "10.10.10.1" ] || status=1
+
+echo "I:comparing post-update copy to known good data"
+$PERL ../digcomp.pl knowngood.ns1.after dig.out.ns1 || status=1
+
 if $PERL -e 'use Net::DNS;' 2>/dev/null
 then
     echo "I:running update.pl test"
@@ -103,7 +125,7 @@ $PERL ../digcomp.pl dig.out.ns1 dig.out.ns1.after || status=1
 echo "I:begin RT #482 regression test"
 
 echo "I:update master"
-$NSUPDATE <<END > /dev/null || status=1
+$NSUPDATE -k ns1/ddns.key <<END > /dev/null || status=1
 server 10.53.0.1 5300
 update add updated2.example.nil. 600 A 10.10.10.2
 update add updated2.example.nil. 600 TXT Bar
@@ -119,7 +141,7 @@ kill -HUP `cat ns2/named.pid`
 sleep 5
 
 echo "I:update master again"
-$NSUPDATE <<END > /dev/null || status=1
+$NSUPDATE -k ns1/ddns.key <<END > /dev/null || status=1
 server 10.53.0.1 5300
 update add updated3.example.nil. 600 A 10.10.10.3
 update add updated3.example.nil. 600 TXT Zap
@@ -142,7 +164,7 @@ fi
 echo "I:end RT #482 regression test"
 
 echo "I:testing that rndc stop updates the master file"
-$NSUPDATE <<END > /dev/null || status=1
+$NSUPDATE -k ns1/ddns.key <<END > /dev/null || status=1
 server 10.53.0.1 5300
 update add updated4.example.nil. 600 A 10.10.10.3
 send

diff --git a/lib/isccfg/namedconf.c b/lib/isccfg/namedconf.c
index 519e62a30add91664706f019f8de9339255949bf..c8b433099eac5b7b3e519b991ff0c4dcb1fa6bc3 100644 (file)
--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: namedconf.c,v 1.102 2009/07/14 22:54:57 each Exp $ */
+/* $Id: namedconf.c,v 1.103 2009/07/29 17:52:00 each Exp $ */
 
 /*! \file */
 
@@ -350,6 +350,7 @@ parse_updatepolicy(cfg_parser_t *pctx, const cfg_type_t *type,
        CHECK(cfg_gettoken(pctx, 0));
        if (pctx->token.type == isc_tokentype_special &&
            pctx->token.value.as_char == '{') {
+               cfg_ungettoken(pctx);
                return (cfg_parse_bracketed_list(pctx, type, ret));
        }