From: Mark Andrews Date: Mon, 14 Mar 2022 06:42:08 +0000 (+1100) Subject: Add the ability to dig to specify the signing time X-Git-Tag: v9.19.6~37^2~2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=805e2ba31d2816772e3643545baef5ff5a42c102;p=thirdparty%2Fbind9.git Add the ability to dig to specify the signing time --- diff --git a/bin/dig/dig.c b/bin/dig/dig.c index fd3e2d4013d..1fcb242558e 100644 --- a/bin/dig/dig.c +++ b/bin/dig/dig.c @@ -1522,8 +1522,31 @@ plus_option(char *option, bool is_batchfile, bool *need_clone, } break; case 'f': /* fail */ - FULLCHECK("fail"); - lookup->servfail_stops = state; + switch (cmd[1]) { + case 'a': + FULLCHECK("fail"); + lookup->servfail_stops = state; + break; + case 'u': + FULLCHECK("fuzztime"); + lookup->fuzzing = state; + if (lookup->fuzzing) { + if (value == NULL) { + lookup->fuzztime = 0x622acce1; + break; + } + result = parse_uint(&num, value, 0xffffffff, + "fuzztime"); + if (result != ISC_R_SUCCESS) { + warn("Couldn't parse fuzztime"); + goto exit_or_usage; + } + lookup->fuzztime = num; + } + break; + default: + goto invalid_option; + } break; case 'h': switch (cmd[1]) { diff --git a/bin/dig/dig.rst b/bin/dig/dig.rst index 49dd29aca6b..c3b7e90b9d1 100644 --- a/bin/dig/dig.rst +++ b/bin/dig/dig.rst @@ -388,6 +388,14 @@ abbreviation is unambiguous; for example, :option:`+cd` is equivalent to to not try the next server, which is the reverse of normal stub resolver behavior. +.. option:: +fuzztime[=value], +nofuzztime + + This option allows the signing time to be specified when generating + signed messages. If a value is specified it is the seconds since + 00:00:00 January 1, 1970 UTC ignoring leap seconds. If no value + is specified 1646972129 (Fri 11 Mar 2022 04:15:29 UTC) is used. + The default is ``+nofuzztime`` and the current time is used. + .. option:: +header-only, +noheader-only This option sends a query with a DNS header without a question section. The diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c index f5b4f9e63e0..519c7ef0b13 100644 --- a/bin/dig/dighost.c +++ b/bin/dig/dighost.c @@ -795,6 +795,8 @@ clone_lookup(dig_lookup_t *lookold, bool servers) { looknew->done_as_is = lookold->done_as_is; looknew->dscp = lookold->dscp; looknew->rrcomments = lookold->rrcomments; + looknew->fuzzing = lookold->fuzzing; + looknew->fuzztime = lookold->fuzztime; if (lookold->ecs_addr != NULL) { size_t len = sizeof(isc_sockaddr_t); @@ -2438,6 +2440,11 @@ setup_lookup(dig_lookup_t *lookup) { check_result(result, "dns_message_setsig0key"); } + if (lookup->fuzzing) { + lookup->sendmsg->fuzzing = true; + lookup->sendmsg->fuzztime = lookup->fuzztime; + } + lookup->sendspace = isc_mem_get(mctx, COMMSIZE); result = dns_compress_init(&cctx, mctx); diff --git a/bin/dig/dighost.h b/bin/dig/dighost.h index ecc20832a0e..966e7a1a2cb 100644 --- a/bin/dig/dighost.h +++ b/bin/dig/dighost.h @@ -108,10 +108,11 @@ struct dig_lookup { isc_refcount_t references; bool aaonly, adflag, badcookie, besteffort, cdflag, cleared, comments, dns64prefix, dnssec, doing_xfr, done_as_is, ednsneg, expandaaaa, - expire, header_only, identify, /*%< Append an "on server " - message */ - identify_previous_line, /*% Prepend a "Nameserver :" - message, with newline and tab */ + expire, fuzzing, header_only, identify, /*%< Append an "on + server " message + */ + identify_previous_line, /*% Prepend a "Nameserver :" + message, with newline and tab */ idnin, idnout, ignore, multiline, need_search, new_search, noclass, nocrypto, nottl, ns_search_only, /*%< dig +nssearch, host -C */ @@ -188,6 +189,7 @@ struct dig_lookup { char *tls_key_file; isc_tlsctx_cache_t *tls_ctx_cache; }; + isc_stdtime_t fuzztime; }; /*% The dig_query structure */ diff --git a/doc/man/dig.1in b/doc/man/dig.1in index 3ba9962b195..0b0b87c1bb5 100644 --- a/doc/man/dig.1in +++ b/doc/man/dig.1in @@ -450,6 +450,15 @@ resolver behavior. .UNINDENT .INDENT 0.0 .TP +.B +fuzztime[=value], +nofuzztime +This option allows the signing time to be specified when generating +signed messages. If a value is specified it is the seconds since +00:00:00 January 1, 1970 UTC ignoring leap seconds. If no value +is specified 1646972129 (Fri 11 Mar 2022 04:15:29 UTC) is used. +The default is \fB+nofuzztime\fP and the current time is used. +.UNINDENT +.INDENT 0.0 +.TP .B +header\-only, +noheader\-only This option sends a query with a DNS header without a question section. The default is to add a question section. The query type and query name