+4037. [bug] also-notify was ignoring the tsig key when checking
+ for duplicates resulting in some expected notify
+ messages not being sent. [RT #38369]
+
4035. [bug] Close temporary and NZF FILE pointers before moving
the former into the latter's place, as required on
Windows. [RT #38332]
#
rm -f */named.memstats
+rm -f dig.out.?.ns5.test*
rm -f dig.out.ns2.test*
rm -f dig.out.ns3.test*
rm -f dig.out.ns4.test*
rm -f ns2/x21.db*
rm -f ns3/example.bk
rm -f ns4/x21.bk*
+rm -f ns5/x21.bk-b
+rm -f ns5/x21.bk-b.jnl
+rm -f ns5/x21.bk-c
+rm -f ns5/x21.bk-c.jnl
+rm -f ns5/x21.db.jnl
--- /dev/null
+/*
+ * Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: named.conf,v 1.24 2007/06/18 23:47:29 tbox Exp $ */
+
+controls { /* empty */ };
+
+key "a" {
+ algorithm "hmac-md5";
+ secret "aaaaaaaaaaaaaaaaaaaa";
+};
+
+key "b" {
+ algorithm "hmac-md5";
+ secret "bbbbbbbbbbbbbbbbbbbb";
+};
+
+key "c" {
+ algorithm "hmac-md5";
+ secret "cccccccccccccccccccc";
+};
+
+options {
+ query-source address 10.53.0.5;
+ notify-source 10.53.0.5;
+ transfer-source 10.53.0.5;
+ port 5300;
+ pid-file "named.pid";
+ listen-on { 10.53.0.5; };
+ listen-on-v6 { none; };
+ recursion yes;
+ acache-enable yes;
+ notify yes;
+};
+
+view "a" {
+ match-clients { key "a"; };
+ zone "x21" {
+ type master;
+ also-notify { 10.53.0.5 key "b"; 10.53.0.5 key "c"; };
+ file "x21.db";
+ allow-update { any; };
+ };
+};
+
+view "b" {
+ match-clients { key "b"; };
+ zone "x21" {
+ type slave;
+ masters { 10.53.0.5 key "a"; };
+ file "x21.bk-b";
+ };
+};
+
+view "c" {
+ match-clients { key "c"; };
+ zone "x21" {
+ type slave;
+ masters { 10.53.0.5 key "a"; };
+ file "x21.bk-c";
+ };
+};
--- /dev/null
+; Copyright (C) 2015 Internet Systems Consortium, Inc. ("ISC")
+;
+; Permission to use, copy, modify, and/or distribute this software for any
+; purpose with or without fee is hereby granted, provided that the above
+; copyright notice and this permission notice appear in all copies.
+;
+; THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+; REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+; AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+; INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+; LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+; OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+; PERFORMANCE OF THIS SOFTWARE.
+
+$TTL 300 ; 5 minutes
+@ IN SOA mname1. . (
+ 1 ; serial
+ 300 ; refresh (300 seconds)
+ 300 ; retry (300 seconds)
+ 1814400 ; expire (3 weeks)
+ 3600 ; minimum (1 hour)
+ )
+ NS ns5
+ns5 A 10.53.0.5
+a A 10.0.0.1
[ $ret = 0 ] || echo "I:failed"
status=`expr $ret + $status`
+n=`expr $n + 1`
+echo "I:checking notify to multiple views using tsig"
+ret=0
+$NSUPDATE << EOF
+server 10.53.0.5 5300
+zone x21
+key a aaaaaaaaaaaaaaaaaaaa
+update add added.x21 0 in txt "test string"
+send
+EOF
+
+for i in 1 2 3 4 5 6 7 8 9
+do
+ $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd added.x21.\
+ -y b:bbbbbbbbbbbbbbbbbbbb @10.53.0.5 \
+ txt -p 5300 > dig.out.b.ns5.test$n || ret=1
+ $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd added.x21.\
+ -y c:cccccccccccccccccccc @10.53.0.5 \
+ txt -p 5300 > dig.out.c.ns5.test$n || ret=1
+ grep "test string" dig.out.b.ns5.test$n > /dev/null &&
+ grep "test string" dig.out.c.ns5.test$n > /dev/null &&
+ break
+ sleep 1
+done
+grep "test string" dig.out.b.ns5.test$n > /dev/null || ret=1
+grep "test string" dig.out.c.ns5.test$n > /dev/null || ret=1
+
+[ $ret = 0 ] || echo "I:failed"
+status=`expr $ret + $status`
+
echo "I:exit status: $status"
exit $status
static isc_boolean_t
notify_isqueued(dns_zone_t *zone, unsigned int flags, dns_name_t *name,
- isc_sockaddr_t *addr)
+ isc_sockaddr_t *addr, dns_tsigkey_t *key)
{
dns_notify_t *notify;
dns_zonemgr_t *zmgr;
if (name != NULL && dns_name_dynamic(¬ify->ns) &&
dns_name_equal(name, ¬ify->ns))
goto requeue;
- if (addr != NULL && isc_sockaddr_equal(addr, ¬ify->dst))
+ if (addr != NULL && isc_sockaddr_equal(addr, ¬ify->dst) &&
+ notify->key == key)
goto requeue;
}
return (ISC_FALSE);
ai != NULL;
ai = ISC_LIST_NEXT(ai, publink)) {
dst = ai->sockaddr;
- if (notify_isqueued(notify->zone, notify->flags, NULL, &dst))
+ if (notify_isqueued(notify->zone, notify->flags, NULL, &dst,
+ NULL))
continue;
if (notify_isself(notify->zone, &dst))
continue;
dns_rdataset_t nsrdset;
dns_rdataset_t soardset;
isc_result_t result;
- dns_notify_t *notify = NULL;
unsigned int i;
isc_sockaddr_t dst;
isc_boolean_t isqueued;
LOCK_ZONE(zone);
for (i = 0; i < zone->notifycnt; i++) {
dns_tsigkey_t *key = NULL;
+ dns_notify_t *notify = NULL;
+
+ if ((zone->notifykeynames != NULL) &&
+ (zone->notifykeynames[i] != NULL)) {
+ dns_view_t *view = dns_zone_getview(zone);
+ dns_name_t *keyname = zone->notifykeynames[i];
+ (void)dns_view_gettsig(view, keyname, &key);
+ }
dst = zone->notify[i];
- if (notify_isqueued(zone, flags, NULL, &dst))
+ if (notify_isqueued(zone, flags, NULL, &dst, key)) {
+ if (key != NULL)
+ dns_tsigkey_detach(&key);
continue;
+ }
- result = notify_create(zone->mctx, flags, ¬ify);
- if (result != ISC_R_SUCCESS)
+ result = notify_create(zone->mctx, flags, ¬ify);
+ if (result != ISC_R_SUCCESS) {
+ if (key != NULL)
+ dns_tsigkey_detach(&key);
continue;
+ }
zone_iattach(zone, ¬ify->zone);
notify->dst = dst;
- if ((zone->notifykeynames != NULL) &&
- (zone->notifykeynames[i] != NULL)) {
- dns_view_t *view = dns_zone_getview(zone);
- dns_name_t *keyname = zone->notifykeynames[i];
- result = dns_view_gettsig(view, keyname, &key);
- if (result == ISC_R_SUCCESS) {
- notify->key = key;
- key = NULL;
- }
+ INSIST(notify->key == NULL);
+
+ if (key != NULL) {
+ notify->key = key;
+ key = NULL;
}
ISC_LIST_APPEND(zone->notifies, notify, link);
serial);
loggednotify = ISC_TRUE;
}
- notify = NULL;
}
UNLOCK_ZONE(zone);
result = dns_rdataset_first(&nsrdset);
while (result == ISC_R_SUCCESS) {
+ dns_notify_t *notify = NULL;
+
dns_rdataset_current(&nsrdset, &rdata);
result = dns_rdata_tostruct(&rdata, &ns, NULL);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
}
LOCK_ZONE(zone);
- isqueued = notify_isqueued(zone, flags, &ns.name, NULL);
+ isqueued = notify_isqueued(zone, flags, &ns.name, NULL, NULL);
UNLOCK_ZONE(zone);
if (isqueued) {
result = dns_rdataset_next(&nsrdset);
ISC_LIST_APPEND(zone->notifies, notify, link);
UNLOCK_ZONE(zone);
notify_find_address(notify);
- notify = NULL;
result = dns_rdataset_next(&nsrdset);
}
dns_rdataset_disassociate(&nsrdset);
projects / thirdparty / bind9.git / commitdiff
