3224. [bug] 'rndc signing' argument parsing was broken. [RT #26684]

diff --git a/CHANGES b/CHANGES
index 6cf6dafbb6d830b38e436034a13d21ebdc247019..fecd972a24490faa16470a99bc7326cdf77073ab 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,5 @@
+3224.  [bug]           'rndc signing' argument parsing was broken. [RT #26684]
+
 3223.  [bug]           'task_test privilege_drop' generated false positives.
                        [RT #26766]
 

diff --git a/bin/named/server.c b/bin/named/server.c
index 39b940f73c6a5bf6926f32ea7aefea1ea2ca1972..83a0c118cd5e05e1caf1a2c94d33f63025ad846e 100644 (file)
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: server.c,v 1.630 2011/11/09 18:44:03 each Exp $ */
+/* $Id: server.c,v 1.631 2011/11/29 00:49:25 marka Exp $ */
 
 /*! \file */
 
@@ -6148,6 +6148,7 @@ ns_server_togglequerylog(ns_server_t *server, char *args) {
        ptr = next_token(&args, " \t");
        if (ptr == NULL)
                return (ISC_R_UNEXPECTEDEND);
+
        ptr = next_token(&args, " \t");
        if (ptr == NULL)
                value = server->log_queries ? ISC_FALSE : ISC_TRUE;
@@ -6568,6 +6569,7 @@ ns_server_dumpsecroots(ns_server_t *server, char *args) {
        ptr = next_token(&args, " \t");
        if (ptr == NULL)
                return (ISC_R_UNEXPECTEDEND);
+
        ptr = next_token(&args, " \t");
 
        CHECKMF(isc_stdio_open(server->secrootsfile, "w", &fp),
@@ -7908,13 +7910,23 @@ ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text) {
 
        dns_rdataset_init(&privset);
 
-       (void) next_token(&args, " \t");
+       /* Skip the command name. */
+       ptr = next_token(&args, " \t");
+       if (ptr == NULL)
+               return (ISC_R_UNEXPECTEDEND);
+
+       /* Find out what we are to do. */
        ptr = next_token(&args, " \t");
+       if (ptr == NULL)
+               return (ISC_R_UNEXPECTEDEND);
+
        if (strcasecmp(ptr, "-list") == 0)
                list = ISC_TRUE;
        else if (strcasecmp(ptr, "-clear") == 0) {
                clear = ISC_TRUE;
                ptr = next_token(&args, " \t");
+               if (ptr == NULL)
+                       return (ISC_R_UNEXPECTEDEND);
                memcpy(keystr, ptr, sizeof(keystr));
        } else if(strcasecmp(ptr, "-nsec3param") == 0) {
                const char *hashstr, *flagstr, *iterstr;
@@ -7923,12 +7935,17 @@ ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text) {
 
                chain = ISC_TRUE;
                hashstr = next_token(&args, " \t");
+               if (hashstr == NULL)
+                       return (ISC_R_UNEXPECTEDEND);
 
                if (strcasecmp(hashstr, "none") == 0)
                        hash = 0;
                else {
                        flagstr = next_token(&args, " \t");
                        iterstr = next_token(&args, " \t");
+                       if (flagstr == NULL || iterstr == NULL)
+                               return (ISC_R_UNEXPECTEDEND);
+
                        n = snprintf(nbuf, sizeof(nbuf), "%s %s %s",
                                     hashstr, flagstr, iterstr);
                        if (n == sizeof(nbuf))
@@ -7939,12 +7956,14 @@ ns_server_signing(ns_server_t *server, char *args, isc_buffer_t *text) {
                                return (ISC_R_BADNUMBER);
 
                        ptr = next_token(&args, " \t");
+                       if (ptr == NULL)
+                               return (ISC_R_UNEXPECTEDEND);
                        isc_buffer_init(&buf, salt, sizeof(salt));
                        CHECK(isc_hex_decodestring(ptr, &buf));
                        saltlen = isc_buffer_usedlength(&buf);
                }
        } else
-               CHECK(ISC_R_NOTFOUND);
+               CHECK(DNS_R_SYNTAX);
 
        CHECK(zone_from_args(server, args, &zone, NULL, ISC_FALSE));
        if (zone == NULL)

diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c
index ba617f66f2056258c4ee462d5b1e83dcbf2d6e44..20e5db119b38e8f5e9ad591b212893307da96281 100644 (file)
--- a/bin/rndc/rndc.c
+++ b/bin/rndc/rndc.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: rndc.c,v 1.138 2011/11/03 23:05:30 each Exp $ */
+/* $Id: rndc.c,v 1.139 2011/11/29 00:49:26 marka Exp $ */
 
 /*! \file */
 
@@ -169,6 +169,11 @@ command is one of the following:\n\
   signing -clear all zone [class [view]]\n\
                Remove the private records for all keys that have\n\
                finished signing the given zone.\n\
+  signing -nsec3param none zone [class [view]]\n\
+               Remove NSEC3 chains from zone.\n\
+  signing -nsec3param hash flags iterations salt zone [class [view]]\n\
+               Add NSEC3 chain to zone if already signed.\n\
+               Prime zone with NSEC3 chain if not yet signed.\n\
   *restart     Restart the server.\n\
 \n\
 * == not yet implemented\n\

diff --git a/bin/tests/system/dnssec/tests.sh b/bin/tests/system/dnssec/tests.sh
index a7ce2d1d9070bd4e3e07d588795681367405848e..ec656ee309a99b76bff980ad0cff431c8473e0c4 100644 (file)
--- a/bin/tests/system/dnssec/tests.sh
+++ b/bin/tests/system/dnssec/tests.sh
@@ -15,7 +15,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: tests.sh,v 1.104 2011/11/07 23:16:31 each Exp $
+# $Id: tests.sh,v 1.105 2011/11/29 00:49:26 marka Exp $
 
 SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
@@ -1363,6 +1363,86 @@ n=`expr $n + 1`
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`
 
+echo "I:check that 'rndc signing' without arguments is handled ($n)"
+ret=0
+$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing > /dev/null 2>&1 && ret=1
+$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:check that 'rndc signing -list' without zone is handled ($n)"
+ret=0
+$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -list > /dev/null 2>&1 && ret=1
+$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:check that 'rndc signing -clear' without additional arguments is handled ($n)"
+ret=0
+$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -clear > /dev/null 2>&1 && ret=1
+$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:check that 'rndc signing -clear all' without zone is handled ($n)"
+ret=0
+$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -clear all > /dev/null 2>&1 && ret=1
+$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:check that 'rndc signing -nsec3param' without additional arguments is handled ($n)"
+ret=0
+$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -nsec3param > /dev/null 2>&1 && ret=1
+$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:check that 'rndc signing -nsec3param none' without zone is handled ($n)"
+ret=0
+$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -nsec3param none > /dev/null 2>&1 && ret=1
+$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:check that 'rndc signing -nsec3param 1' without additional arguments is handled ($n)"
+ret=0
+$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -nsec3param 1 > /dev/null 2>&1 && ret=1
+$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:check that 'rndc signing -nsec3param 1 0' without additional arguments is handled ($n)"
+ret=0
+$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -nsec3param 1 0 > /dev/null 2>&1 && ret=1
+$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:check that 'rndc signing -nsec3param 1 0 0' without additional arguments is handled ($n)"
+ret=0
+$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -nsec3param 1 0 0 > /dev/null 2>&1 && ret=1
+$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
+echo "I:check that 'rndc signing -nsec3param 1 0 0 -' without zone is handled ($n)"
+ret=0
+$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -nsec3param 1 0 0 - > /dev/null 2>&1 && ret=1
+$RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 status > /dev/null || ret=1
+n=`expr $n + 1`
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:check rndc signing -list output ($n)"
 $RNDC -c ../common/rndc.conf -s 10.53.0.3 -p 9953 signing -list dynamic.example 2>&1 > signing.out
 grep "No signing records found" signing.out > /dev/null 2>&1 || {