+3730. [cleanup] Added "never" as a synonym for "none" when
+ configuring key event dates in the dnssec tools.
+ [RT #35277]
+
+3729. [bug] dnssec-kegeyn could set the publication date
+ incorrectly when only the activation date was
+ specified on the command line. [RT #35278]
+
3728. [doc] Expanded native-PKCS#11 documentation,
specifically pkcs11: URI labels. [RT #35287]
if (setdel)
fatal("-D specified more than once");
- setdel = ISC_TRUE;
- del = strtotime(isc_commandline_argument, now, now);
+ del = strtotime(isc_commandline_argument,
+ now, now, &setdel);
break;
case 'K':
dir = isc_commandline_argument;
fatal("directory must be non-empty string");
break;
case 'L':
- if (strcmp(isc_commandline_argument, "none") == 0)
- ttl = 0;
- else
- ttl = strtottl(isc_commandline_argument);
+ ttl = strtottl(isc_commandline_argument);
setttl = ISC_TRUE;
break;
case 'P':
if (setpub)
fatal("-P specified more than once");
- setpub = ISC_TRUE;
- pub = strtotime(isc_commandline_argument, now, now);
+ pub = strtotime(isc_commandline_argument,
+ now, now, &setpub);
break;
case 'f':
filename = isc_commandline_argument;
then the offset is computed in years (defined as 365 24-hour days,
ignoring leap years), months (defined as 30 24-hour days), weeks,
days, hours, or minutes, respectively. Without a suffix, the offset
- is computed in seconds. To unset a date, use 'none'.
+ is computed in seconds. To explicitly prevent a date from being
+ set, use 'none' or 'never'.
</para>
<variablelist>
options |= DST_TYPE_KEY;
break;
case 'L':
- if (strcmp(isc_commandline_argument, "none") == 0)
- ttl = 0;
- else
- ttl = strtottl(isc_commandline_argument);
+ ttl = strtottl(isc_commandline_argument);
setttl = ISC_TRUE;
break;
case 'l':
if (setpub || unsetpub)
fatal("-P specified more than once");
- if (strcasecmp(isc_commandline_argument, "none")) {
- setpub = ISC_TRUE;
- publish = strtotime(isc_commandline_argument,
- now, now);
- } else {
- unsetpub = ISC_TRUE;
- }
+ publish = strtotime(isc_commandline_argument,
+ now, now, &setpub);
+ unsetpub = !setpub;
break;
case 'A':
if (setact || unsetact)
fatal("-A specified more than once");
- if (strcasecmp(isc_commandline_argument, "none")) {
- setact = ISC_TRUE;
- activate = strtotime(isc_commandline_argument,
- now, now);
- } else {
- unsetact = ISC_TRUE;
- }
+ activate = strtotime(isc_commandline_argument,
+ now, now, &setact);
+ unsetact = !setact;
break;
case 'R':
if (setrev || unsetrev)
fatal("-R specified more than once");
- if (strcasecmp(isc_commandline_argument, "none")) {
- setrev = ISC_TRUE;
- revoke = strtotime(isc_commandline_argument,
- now, now);
- } else {
- unsetrev = ISC_TRUE;
- }
+ revoke = strtotime(isc_commandline_argument,
+ now, now, &setrev);
+ unsetrev = !setrev;
break;
case 'I':
if (setinact || unsetinact)
fatal("-I specified more than once");
- if (strcasecmp(isc_commandline_argument, "none")) {
- setinact = ISC_TRUE;
- inactive = strtotime(isc_commandline_argument,
- now, now);
- } else {
- unsetinact = ISC_TRUE;
- }
+ inactive = strtotime(isc_commandline_argument,
+ now, now, &setinact);
+ unsetinact = !setinact;
break;
case 'D':
if (setdel || unsetdel)
fatal("-D specified more than once");
- if (strcasecmp(isc_commandline_argument, "none")) {
- setdel = ISC_TRUE;
- delete = strtotime(isc_commandline_argument,
- now, now);
- } else {
- unsetdel = ISC_TRUE;
- }
+ delete = strtotime(isc_commandline_argument,
+ now, now, &setdel);
+ unsetdel = !setdel;
break;
case 'F':
/* Reserved for FIPS mode */
then the offset is computed in years (defined as 365 24-hour days,
ignoring leap years), months (defined as 30 24-hour days), weeks,
days, hours, or minutes, respectively. Without a suffix, the offset
- is computed in seconds.
+ is computed in seconds. To explicitly prevent a date from being
+ set, use 'none' or 'never'.
</para>
<variablelist>
"To generate a key with TYPE=KEY, use -T KEY.\n");
break;
case 'L':
- if (strcmp(isc_commandline_argument, "none") == 0)
- ttl = 0;
- else
- ttl = strtottl(isc_commandline_argument);
+ ttl = strtottl(isc_commandline_argument);
setttl = ISC_TRUE;
break;
case 'n':
if (setpub || unsetpub)
fatal("-P specified more than once");
- if (strcasecmp(isc_commandline_argument, "none")) {
- setpub = ISC_TRUE;
- publish = strtotime(isc_commandline_argument,
- now, now);
- } else {
- unsetpub = ISC_TRUE;
- }
+ publish = strtotime(isc_commandline_argument,
+ now, now, &setpub);
+ unsetpub = !setpub;
break;
case 'A':
if (setact || unsetact)
fatal("-A specified more than once");
- if (strcasecmp(isc_commandline_argument, "none")) {
- setact = ISC_TRUE;
- activate = strtotime(isc_commandline_argument,
- now, now);
- } else {
- unsetact = ISC_TRUE;
- }
+ activate = strtotime(isc_commandline_argument,
+ now, now, &setact);
+ unsetact = !setact;
break;
case 'R':
if (setrev || unsetrev)
fatal("-R specified more than once");
- if (strcasecmp(isc_commandline_argument, "none")) {
- setrev = ISC_TRUE;
- revoke = strtotime(isc_commandline_argument,
- now, now);
- } else {
- unsetrev = ISC_TRUE;
- }
+ revoke = strtotime(isc_commandline_argument,
+ now, now, &setrev);
+ unsetrev = !setrev;
break;
case 'I':
if (setinact || unsetinact)
fatal("-I specified more than once");
- if (strcasecmp(isc_commandline_argument, "none")) {
- setinact = ISC_TRUE;
- inactive = strtotime(isc_commandline_argument,
- now, now);
- } else {
- unsetinact = ISC_TRUE;
- }
+ inactive = strtotime(isc_commandline_argument,
+ now, now, &setinact);
+ unsetinact = !setinact;
break;
case 'D':
if (setdel || unsetdel)
fatal("-D specified more than once");
- if (strcasecmp(isc_commandline_argument, "none")) {
- setdel = ISC_TRUE;
- delete = strtotime(isc_commandline_argument,
- now, now);
- } else {
- unsetdel = ISC_TRUE;
- }
+ delete = strtotime(isc_commandline_argument,
+ now, now, &setdel);
+ unsetdel = !setdel;
break;
case 'S':
predecessor = isc_commandline_argument;
if (setpub)
dst_key_settime(key, DST_TIME_PUBLISH, publish);
- else if (setact)
+ else if (setact && !unsetpub)
dst_key_settime(key, DST_TIME_PUBLISH,
- activate);
+ activate - prepub);
else if (!genonly && !unsetpub)
dst_key_settime(key, DST_TIME_PUBLISH, now);
then the offset is computed in years (defined as 365 24-hour days,
ignoring leap years), months (defined as 30 24-hour days), weeks,
days, hours, or minutes, respectively. Without a suffix, the offset
- is computed in seconds.
+ is computed in seconds. To explicitly prevent a date from being
+ set, use 'none' or 'never'.
</para>
<variablelist>
Sets the date on which the key is to be activated. After that
date, the key will be included in the zone and used to sign
it. If not set, and if the -G option has not been used, the
- default is "now".
+ default is "now". If set, if and -P is not set, then
+ the publication date will be set to the activation date
+ minus the prepublication interval.
</para>
</listitem>
</varlistentry>
}
break;
case 'L':
- if (strcmp(isc_commandline_argument, "none") == 0)
- ttl = 0;
- else
- ttl = strtottl(isc_commandline_argument);
+ ttl = strtottl(isc_commandline_argument);
setttl = ISC_TRUE;
break;
case 'v':
fatal("-P specified more than once");
changed = ISC_TRUE;
- if (!strcasecmp(isc_commandline_argument, "none")) {
- unsetpub = ISC_TRUE;
- } else {
- setpub = ISC_TRUE;
- pub = strtotime(isc_commandline_argument,
- now, now);
- }
+ pub = strtotime(isc_commandline_argument,
+ now, now, &setpub);
+ unsetpub = !setpub;
break;
case 'A':
if (setact || unsetact)
fatal("-A specified more than once");
changed = ISC_TRUE;
- if (!strcasecmp(isc_commandline_argument, "none")) {
- unsetact = ISC_TRUE;
- } else {
- setact = ISC_TRUE;
- act = strtotime(isc_commandline_argument,
- now, now);
- }
+ act = strtotime(isc_commandline_argument,
+ now, now, &setact);
+ unsetact = !setact;
break;
case 'R':
if (setrev || unsetrev)
fatal("-R specified more than once");
changed = ISC_TRUE;
- if (!strcasecmp(isc_commandline_argument, "none")) {
- unsetrev = ISC_TRUE;
- } else {
- setrev = ISC_TRUE;
- rev = strtotime(isc_commandline_argument,
- now, now);
- }
+ rev = strtotime(isc_commandline_argument,
+ now, now, &setrev);
+ unsetrev = !setrev;
break;
case 'I':
if (setinact || unsetinact)
fatal("-I specified more than once");
changed = ISC_TRUE;
- if (!strcasecmp(isc_commandline_argument, "none")) {
- unsetinact = ISC_TRUE;
- } else {
- setinact = ISC_TRUE;
- inact = strtotime(isc_commandline_argument,
- now, now);
- }
+ inact = strtotime(isc_commandline_argument,
+ now, now, &setinact);
+ unsetinact = !setinact;
break;
case 'D':
if (setdel || unsetdel)
fatal("-D specified more than once");
changed = ISC_TRUE;
- if (!strcasecmp(isc_commandline_argument, "none")) {
- unsetdel = ISC_TRUE;
- } else {
- setdel = ISC_TRUE;
- del = strtotime(isc_commandline_argument,
- now, now);
- }
+ del = strtotime(isc_commandline_argument,
+ now, now, &setdel);
+ unsetdel = !setdel;
break;
case 'S':
predecessor = isc_commandline_argument;
then the offset is computed in years (defined as 365 24-hour days,
ignoring leap years), months (defined as 30 24-hour days), weeks,
days, hours, or minutes, respectively. Without a suffix, the offset
- is computed in seconds. To unset a date, use 'none'.
+ is computed in seconds. To unset a date, use 'none' or 'never'.
</para>
<variablelist>
isc_stdtime_get(&now);
if (startstr != NULL) {
- starttime = strtotime(startstr, now, now);
+ starttime = strtotime(startstr, now, now, NULL);
} else
starttime = now - 3600; /* Allow for some clock skew. */
if (endstr != NULL)
- endtime = strtotime(endstr, now, starttime);
+ endtime = strtotime(endstr, now, starttime, NULL);
else
endtime = starttime + (30 * 24 * 60 * 60);
if (dnskey_endstr != NULL) {
- dnskey_endtime = strtotime(dnskey_endstr, now, starttime);
+ dnskey_endtime = strtotime(dnskey_endstr, now, starttime,
+ NULL);
if (endstr != NULL && dnskey_endtime == endtime)
fprintf(stderr, "WARNING: -e and -X were both set, "
"but have identical values.\n");
return(0); /* silence compiler warning */
}
+static inline isc_boolean_t
+isnone(const char *str) {
+ return (ISC_TF((strcasecmp(str, "none") == 0) ||
+ (strcasecmp(str, "never") == 0)));
+}
+
dns_ttl_t
strtottl(const char *str) {
const char *orig = str;
dns_ttl_t ttl;
char *endp;
+ if (isnone(str))
+ return ((dns_ttl_t) 0);
+
ttl = strtol(str, &endp, 0);
if (ttl == 0 && endp == str)
fatal("TTL must be numeric");
}
isc_stdtime_t
-strtotime(const char *str, isc_int64_t now, isc_int64_t base) {
+strtotime(const char *str, isc_int64_t now, isc_int64_t base,
+ isc_boolean_t *setp)
+{
isc_int64_t val, offset;
isc_result_t result;
const char *orig = str;
char *endp;
int n;
+ if (isnone(str)) {
+ if (setp != NULL)
+ *setp = ISC_FALSE;
+ return ((isc_stdtime_t) 0);
+ }
+
+ if (setp != NULL)
+ *setp = ISC_TRUE;
+
if ((str[0] == '0' || str[0] == '-') && str[1] == '\0')
return ((isc_stdtime_t) 0);
dns_ttl_t strtottl(const char *str);
isc_stdtime_t
-strtotime(const char *str, isc_int64_t now, isc_int64_t base);
+strtotime(const char *str, isc_int64_t now, isc_int64_t base,
+ isc_boolean_t *setp);
dns_rdataclass_t
strtoclass(const char *str);
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
+echo "I:checking correct behavior setting activation without publication date ($n)"
+ret=0
+key=`$KEYGEN -q -r $RANDFILE -A +1w $czone`
+pub=`$SETTIME -upP $key | awk '{print $2}'`
+act=`$SETTIME -upA $key | awk '{print $2}'`
+[ $pub -eq $act ] || ret=1
+key=`$KEYGEN -q -r $RANDFILE -A +1w -i 1d $czone`
+pub=`$SETTIME -upP $key | awk '{print $2}'`
+act=`$SETTIME -upA $key | awk '{print $2}'`
+[ $pub -lt $act ] || ret=1
+key=`$KEYGEN -q -r $RANDFILE -A +1w -P never $czone`
+pub=`$SETTIME -upP $key | awk '{print $2}'`
+[ $pub = "UNSET" ] || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
echo "I:exit status: $status"
exit $status
projects / thirdparty / bind9.git / commitdiff
