+2976. [bug] named die on exit after negotiating a GSS-TSIG key.
+ [RT #3415]
+
2975. [bug] rbtdb.c:cleanup_dead_nodes_callback() aquired the
wrong lock which could lead to server deadlock.
[RT #22614]
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: dighost.c,v 1.328.22.4 2010/08/10 08:43:40 marka Exp $ */
+/* $Id: dighost.c,v 1.328.22.5 2010/12/02 23:26:56 marka Exp $ */
/*! \file
* \note
char **tempp, FILE **fp);
isc_result_t removetmpkey(isc_mem_t *mctx, const char *file);
void clean_trustedkey(void);
-void insert_trustedkey(dst_key_t * key);
+void insert_trustedkey(dst_key_t **key);
#if DIG_SIGCHASE_BU
isc_result_t getneededrr(dns_message_t *msg);
void sigchase_bottom_up(dns_message_t *msg);
goto failure;
}
result = dns_tsigkey_createfromkey(dst_key_name(dstkey), hmacname,
- dstkey, ISC_FALSE, NULL, 0, 0,
+ &dstkey, ISC_FALSE, NULL, 0, 0,
mctx, NULL, &key);
if (result != ISC_R_SUCCESS) {
printf(";; Couldn't create key %s: %s\n",
keynametext, isc_result_totext(result));
goto failure;
}
- dstkey = NULL;
failure:
if (dstkey != NULL)
dst_key_free(&dstkey);
}
void
-insert_trustedkey(dst_key_t * key)
+insert_trustedkey(dst_key_t **keyp)
{
- if (key == NULL)
+ if (*keyp == NULL)
return;
if (tk_list.nb_tk >= MAX_TRUSTED_KEY)
return;
- tk_list.key[tk_list.nb_tk++] = key;
+ tk_list.key[tk_list.nb_tk++] = *keyp;
+ *keyp = NULL;
return;
}
fclose(fp);
return (ISC_R_FAILURE);
}
- insert_trustedkey(key);
#if 0
dst_key_tofile(key, DST_TYPE_PUBLIC,"/tmp");
#endif
- key = NULL;
+ insert_trustedkey(&key);
+ if (key != NULL)
+ dst_key_free(&key);
}
return (ISC_R_SUCCESS);
}
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: server.c,v 1.556.8.30 2010/11/16 02:11:46 sar Exp $ */
+/* $Id: server.c,v 1.556.8.31 2010/12/02 23:26:56 marka Exp $ */
/*! \file */
}
cleanup:
+ if (dstkey != NULL)
+ dst_key_free(&dstkey);
if (secroots != NULL)
dns_keytable_detach(&secroots);
if (result == DST_R_NOCRYPTO)
/* Store the key in tsigkey. */
isc_stdtime_get(&now);
- CHECK(dns_tsigkey_createfromkey(dst_key_name(key), algname, key,
+ CHECK(dns_tsigkey_createfromkey(dst_key_name(key), algname, &key,
ISC_FALSE, NULL, now, now, mctx, NULL,
&tsigkey));
- key = NULL; /* ownership of key has been transferred */
/* Dump the key to the key file. */
fp = ns_os_openfile(filename, S_IRUSR|S_IWUSR, ISC_TRUE);
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: nsupdate.c,v 1.173.66.8 2010/08/10 23:47:45 tbox Exp $ */
+/* $Id: nsupdate.c,v 1.173.66.9 2010/12/02 23:26:56 marka Exp $ */
/*! \file */
}
if (hmacname != NULL) {
result = dns_tsigkey_createfromkey(dst_key_name(dstkey),
- hmacname, dstkey, ISC_FALSE,
+ hmacname, &dstkey, ISC_FALSE,
NULL, 0, 0, mctx, NULL,
&tsigkey);
if (result != ISC_R_SUCCESS) {
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
-# $Id: tests.sh,v 1.2.2.2 2010/11/16 02:11:47 sar Exp $
+# $Id: tests.sh,v 1.2.2.3 2010/12/02 23:26:56 marka Exp $
# Test of allow-query statement.
# allow-query takes an address match list and can be included in either the
n=`expr $n + 1`
echo "I:test $n: default - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
echo "I:test $n: explicit any - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
echo "I:test $n: none - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
echo "I:test $n: address allowed - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
echo "I:test $n: address not allowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
echo "I:test $n: address disallowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
echo "I:test $n: acl allowed - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
echo "I:test $n: acl not allowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
echo "I:test $n: acl disallowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
echo "I:test $n: key allowed - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
echo "I:test $n: key not allowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -y two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
echo "I:test $n: key disallowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
echo "I:test $n: views default - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
echo "I:test $n: views explicit any - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
echo "I:test $n: views none - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
echo "I:test $n: views address allowed - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
echo "I:test $n: views address not allowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
echo "I:test $n: views address disallowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
echo "I:test $n: views acl allowed - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
echo "I:test $n: views acl not allowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
echo "I:test $n: views acl disallowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
echo "I:test $n: views key allowed - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
echo "I:test $n: views key not allowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -y two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
echo "I:test $n: views key disallowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
echo "I:test $n: views over options, views allow - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
echo "I:test $n: views over options, views disallow - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
echo "I:test $n: zone default - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
n=`expr $n + 1`
echo "I:test $n: zone explicit any - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.any.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.any.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.any.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
n=`expr $n + 1`
echo "I:test $n: zone none - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.none.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.none.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.none.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
n=`expr $n + 1`
echo "I:test $n: zone address allowed - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.addrallow.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrallow.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.addrallow.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
n=`expr $n + 1`
echo "I:test $n: zone address not allowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.addrnotallow.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrnotallow.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.addrnotallow.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
n=`expr $n + 1`
echo "I:test $n: zone address disallowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.addrdisallow.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.addrdisallow.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.addrdisallow.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
n=`expr $n + 1`
echo "I:test $n: zone acl allowed - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.aclallow.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.aclallow.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.aclallow.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
n=`expr $n + 1`
echo "I:test $n: zone acl not allowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.aclnotallow.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.aclnotallow.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.aclnotallow.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
n=`expr $n + 1`
echo "I:test $n: zone acl disallowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.acldisallow.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.acldisallow.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.acldisallow.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
n=`expr $n + 1`
echo "I:test $n: zone key allowed - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -y one:1234abcd8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
n=`expr $n + 1`
echo "I:test $n: zone key not allowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -y two:1234efgh8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
n=`expr $n + 1`
echo "I:test $n: zone key disallowed - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 -y one:1234abcd8765 a.keydisallow.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.keydisallow.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.keydisallow.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
echo "I:test $n: views over options, views allow - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
echo "I:test $n: views over options, views disallow - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
echo "I:test $n: zones over views, views allow - query allowed"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
echo "I:test $n: zones over views, views disallow - query refused"
ret=0
-$DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: keydelete.c,v 1.13 2009/07/19 23:47:55 tbox Exp $ */
+/* $Id: keydelete.c,v 1.13.126.1 2010/12/02 23:26:57 marka Exp $ */
#include <config.h>
CHECK("dst_key_fromnamedfile", result);
result = dns_tsigkey_createfromkey(dst_key_name(dstkey),
DNS_TSIG_HMACMD5_NAME,
- dstkey, ISC_TRUE, NULL, 0, 0,
+ &dstkey, ISC_TRUE, NULL, 0, 0,
mctx, ring, &tsigkey);
CHECK("dns_tsigkey_createfromkey", result);
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: client.c,v 1.6.32.4 2010/05/19 07:11:19 marka Exp $ */
+/* $Id: client.c,v 1.6.32.5 2010/12/02 23:26:57 marka Exp $ */
#include <config.h>
result = dns_keytable_add(secroots, ISC_FALSE, &dstkey);
cleanup:
+ if (dstkey != NULL)
+ dns_key_free(&dstkey);
if (view != NULL)
dns_view_detach(&view);
if (secroots != NULL)
/*
* Principal Author: Brian Wellington
- * $Id: dst_api.c,v 1.47.22.3 2010/05/13 03:09:56 marka Exp $
+ * $Id: dst_api.c,v 1.47.22.4 2010/12/02 23:26:57 marka Exp $
*/
/*! \file */
*keyp = key;
return (ISC_R_SUCCESS);
+
out:
if (pubkey != NULL)
dst_key_free(&pubkey);
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: tsec.h,v 1.3 2009/09/02 23:48:02 tbox Exp $ */
+/* $Id: tsec.h,v 1.3.104.1 2010/12/02 23:26:58 marka Exp $ */
#ifndef DNS_TSEC_H
#define DNS_TSEC_H 1
} dns_tsectype_t;
isc_result_t
-dns_tsec_create(isc_mem_t *mctx, dns_tsectype_t type, dst_key_t *key,
+dns_tsec_create(isc_mem_t *mctx, dns_tsectype_t type, dst_key_t **keyp,
dns_tsec_t **tsecp);
/*%<
* Create a TSEC structure and stores a type-dependent key structure in it.
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: tsig.h,v 1.53.136.2 2010/07/09 23:46:27 tbox Exp $ */
+/* $Id: tsig.h,v 1.53.136.3 2010/12/02 23:26:58 marka Exp $ */
#ifndef DNS_TSIG_H
#define DNS_TSIG_H 1
isc_result_t
dns_tsigkey_createfromkey(dns_name_t *name, dns_name_t *algorithm,
- dst_key_t *dstkey, isc_boolean_t generated,
+ dst_key_t **dstkeyp, isc_boolean_t generated,
dns_name_t *creator, isc_stdtime_t inception,
isc_stdtime_t expire, isc_mem_t *mctx,
dns_tsig_keyring_t *ring, dns_tsigkey_t **key);
*/
/*
- * $Id: tkey.c,v 1.92.104.2 2010/07/09 23:46:27 tbox Exp $
+ * $Id: tkey.c,v 1.92.104.3 2010/12/02 23:26:57 marka Exp $
*/
/*! \file */
#include <config.h>
}
static isc_result_t
-process_gsstkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name,
- dns_rdata_tkey_t *tkeyin, dns_tkeyctx_t *tctx,
- dns_rdata_tkey_t *tkeyout,
- dns_tsig_keyring_t *ring, dns_namelist_t *namelist)
+process_gsstkey(dns_name_t *name, dns_rdata_tkey_t *tkeyin,
+ dns_tkeyctx_t *tctx, dns_rdata_tkey_t *tkeyout,
+ dns_tsig_keyring_t *ring)
{
isc_result_t result = ISC_R_SUCCESS;
dst_key_t *dstkey = NULL;
isc_buffer_t *outtoken = NULL;
gss_ctx_id_t gss_ctx = NULL;
- UNUSED(namelist);
- UNUSED(signer);
-
if (tctx->gsscred == NULL)
return (ISC_R_NOPERM);
#endif
isc_uint32_t expire;
- RETERR(dst_key_fromgssapi(name, gss_ctx, msg->mctx, &dstkey));
+ RETERR(dst_key_fromgssapi(name, gss_ctx, ring->mctx, &dstkey));
/*
* Limit keys to 1 hour or the context's lifetime whichever
* is smaller.
expire = now + lifetime;
#endif
RETERR(dns_tsigkey_createfromkey(name, &tkeyin->algorithm,
- dstkey, ISC_TRUE,
+ &dstkey, ISC_TRUE,
dns_fixedname_name(&principal),
now, expire, ring->mctx, ring,
NULL));
}
static isc_result_t
-process_deletetkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name,
- dns_rdata_tkey_t *tkeyin,
- dns_rdata_tkey_t *tkeyout,
- dns_tsig_keyring_t *ring,
- dns_namelist_t *namelist)
+process_deletetkey(dns_name_t *signer, dns_name_t *name,
+ dns_rdata_tkey_t *tkeyin, dns_rdata_tkey_t *tkeyout,
+ dns_tsig_keyring_t *ring)
{
isc_result_t result;
dns_tsigkey_t *tsigkey = NULL;
dns_name_t *identity;
- UNUSED(msg);
- UNUSED(namelist);
-
result = dns_tsigkey_find(&tsigkey, name, &tkeyin->algorithm, ring);
if (result != ISC_R_SUCCESS) {
tkeyout->error = dns_tsigerror_badname;
break;
case DNS_TKEYMODE_GSSAPI:
tkeyout.error = dns_rcode_noerror;
- RETERR(process_gsstkey(msg, signer, keyname, &tkeyin,
- tctx, &tkeyout, ring,
- &namelist));
-
+ RETERR(process_gsstkey(keyname, &tkeyin, tctx,
+ &tkeyout, ring));
break;
case DNS_TKEYMODE_DELETE:
tkeyout.error = dns_rcode_noerror;
- RETERR(process_deletetkey(msg, signer, keyname,
- &tkeyin, &tkeyout,
- ring, &namelist));
+ RETERR(process_deletetkey(signer, keyname, &tkeyin,
+ &tkeyout, ring));
break;
case DNS_TKEYMODE_SERVERASSIGNED:
case DNS_TKEYMODE_RESOLVERASSIGNED:
isc_buffer_init(&intoken, rtkey.key, rtkey.keylen);
RETERR(dst_gssapi_initctx(gname, &intoken, outtoken, context));
- dstkey = NULL;
RETERR(dst_key_fromgssapi(dns_rootname, *context, rmsg->mctx,
&dstkey));
RETERR(dns_tsigkey_createfromkey(tkeyname, DNS_TSIG_GSSAPI_NAME,
- dstkey, ISC_FALSE, NULL,
+ &dstkey, ISC_FALSE, NULL,
rtkey.inception, rtkey.expire,
ring->mctx, ring, outkey));
-
dns_rdata_freestruct(&rtkey);
return (result);
/*
* XXXSRA This probably leaks memory from rtkey and qtkey.
*/
+ if (dstkey != NULL)
+ dst_key_free(&dstkey);
return (result);
}
if (result != DNS_R_CONTINUE && result != ISC_R_SUCCESS)
return (result);
- dstkey = NULL;
RETERR(dst_key_fromgssapi(dns_rootname, *context, rmsg->mctx,
&dstkey));
(win2k
? DNS_TSIG_GSSAPIMS_NAME
: DNS_TSIG_GSSAPI_NAME),
- dstkey, ISC_TRUE, NULL,
+ &dstkey, ISC_TRUE, NULL,
rtkey.inception, rtkey.expire,
ring->mctx, ring, outkey));
-
dns_rdata_freestruct(&rtkey);
return (result);
* XXXSRA This probably leaks memory from qtkey.
*/
dns_rdata_freestruct(&rtkey);
+ if (dstkey != NULL)
+ dst_key_free(&dstkey);
return (result);
}
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: tsec.c,v 1.4 2009/09/02 23:48:02 tbox Exp $ */
+/* $Id: tsec.c,v 1.4.104.1 2010/12/02 23:26:57 marka Exp $ */
#include <config.h>
};
isc_result_t
-dns_tsec_create(isc_mem_t *mctx, dns_tsectype_t type, dst_key_t *key,
+dns_tsec_create(isc_mem_t *mctx, dns_tsectype_t type, dst_key_t **keyp,
dns_tsec_t **tsecp)
{
isc_result_t result;
dns_tsec_t *tsec;
dns_tsigkey_t *tsigkey = NULL;
dns_name_t *algname;
+ dst_key_t *key;
+ REQUIRE(keyp != NULL && *keyp != NULL);
REQUIRE(mctx != NULL);
REQUIRE(tsecp != NULL && *tsecp == NULL);
if (tsec == NULL)
return (ISC_R_NOMEMORY);
+ key = *keyp;
+
tsec->type = type;
tsec->mctx = mctx;
return (DNS_R_BADALG);
}
result = dns_tsigkey_createfromkey(dst_key_name(key),
- algname, key, ISC_FALSE,
+ algname, keyp, ISC_FALSE,
NULL, 0, 0, mctx, NULL,
&tsigkey);
if (result != ISC_R_SUCCESS) {
break;
case dns_tsectype_sig0:
tsec->ukey.key = key;
+ *keyp = NULL;
break;
default:
INSIST(0);
tsec->magic = DNS_TSEC_MAGIC;
*tsecp = tsec;
-
+ ENSURE(*keyp == NULL);
return (ISC_R_SUCCESS);
}
*/
/*
- * $Id: tsig.c,v 1.138.136.3 2010/07/09 05:14:08 each Exp $
+ * $Id: tsig.c,v 1.138.136.4 2010/12/02 23:26:57 marka Exp $
*/
/*! \file */
#include <config.h>
isc_result_t
dns_tsigkey_createfromkey(dns_name_t *name, dns_name_t *algorithm,
- dst_key_t *dstkey, isc_boolean_t generated,
+ dst_key_t **dstkeyp, isc_boolean_t generated,
dns_name_t *creator, isc_stdtime_t inception,
isc_stdtime_t expire, isc_mem_t *mctx,
dns_tsig_keyring_t *ring, dns_tsigkey_t **key)
dns_tsigkey_t *tkey;
isc_result_t ret;
unsigned int refs = 0;
+ dst_key_t *dstkey;
REQUIRE(key == NULL || *key == NULL);
REQUIRE(name != NULL);
REQUIRE(mctx != NULL);
REQUIRE(key != NULL || ring != NULL);
+ if (dstkeyp != NULL)
+ dstkey = *dstkeyp;
+ else
+ dstkey = NULL;
tkey = (dns_tsigkey_t *) isc_mem_get(mctx, sizeof(dns_tsigkey_t));
if (tkey == NULL)
return (ISC_R_NOMEMORY);
namestr);
}
+ if (dstkeyp != NULL)
+ *dstkeyp = NULL;
if (key != NULL)
*key = tkey;
} else if (length > 0)
return (DNS_R_BADALG);
- result = dns_tsigkey_createfromkey(name, algorithm, dstkey,
+ result = dns_tsigkey_createfromkey(name, algorithm, &dstkey,
generated, creator,
inception, expire, mctx, ring, key);
if (result != ISC_R_SUCCESS && dstkey != NULL)
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: zone.c,v 1.540.2.32 2010/11/30 23:46:15 tbox Exp $ */
+/* $Id: zone.c,v 1.540.2.33 2010/12/02 23:26:57 marka Exp $ */
/*! \file */
isc_buffer_t buffer;
dns_view_t *view;
dns_keytable_t *sr = NULL;
+ dst_key_t *dstkey = NULL;
/* Convert dnskey to DST key. */
isc_buffer_init(&buffer, data, sizeof(data));
for (view = ISC_LIST_HEAD(*viewlist); view != NULL;
view = ISC_LIST_NEXT(view, link)) {
- dst_key_t *key = NULL;
result = dns_view_getsecroots(view, &sr);
if (result != ISC_R_SUCCESS)
continue;
- CHECK(dns_dnssec_keyfromrdata(keyname, &rdata, mctx, &key));
- CHECK(dns_keytable_add(sr, ISC_TRUE, &key));
+ CHECK(dns_dnssec_keyfromrdata(keyname, &rdata, mctx, &dstkey));
+ CHECK(dns_keytable_add(sr, ISC_TRUE, &dstkey));
dns_keytable_detach(&sr);
}
failure:
+ if (dstkey != NULL)
+ dst_key_free(&dstkey);
if (sr != NULL)
dns_keytable_detach(&sr);
return;
dns_fixedname_t fname;
dns_name_t *keyname;
dst_key_t *key;
+
key = dns_keynode_key(keynode);
dns_fixedname_init(&fname);
isc_result_t result;
dns_dbnode_t *node = NULL;
const char *directory = dns_zone_getkeydirectory(zone);
+
CHECK(dns_db_findnode(db, dns_db_origin(db), ISC_FALSE, &node));
result = dns_dnssec_findzonekeys2(db, ver, node, dns_db_origin(db),
directory, mctx, maxkeys, keys,
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: sample-update.c,v 1.5 2009/09/29 15:06:07 fdupont Exp $ */
+/* $Id: sample-update.c,v 1.5.66.1 2010/12/02 23:26:58 marka Exp $ */
#include <config.h>
result = dns_tsec_create(mctx, tsectype, dstkey, &tsec);
if (result != ISC_R_SUCCESS) {
+ dns_key_free(&dstkey);
fprintf(stderr, "could not create tsec: %s\n",
isc_result_totext(result));
exit(1);
projects / thirdparty / bind9.git / commitdiff
