From: Evan Hunt Date: Wed, 15 Aug 2018 19:29:17 +0000 (-0700) Subject: report when NTAs added to multiple views X-Git-Tag: v9.13.4~151^2~2 X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=83dc5a704a13f4b73cde99caa7b01f9702e84f5b;p=thirdparty%2Fbind9.git report when NTAs added to multiple views - the text returned by "rndc nta" when adding NTAs to multiple views was incorrectly terminated after the first line, so users only saw on NTA added unless they checked the logs. --- diff --git a/bin/named/server.c b/bin/named/server.c index 602023c914a..926dcf03d0e 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -938,7 +938,8 @@ configure_view_dnsseckeys(dns_view_t *view, const cfg_obj_t *vconfig, /* We don't need trust anchors for the _bind view */ if (strcmp(view->name, "_bind") == 0 && - view->rdclass == dns_rdataclass_chaos) { + view->rdclass == dns_rdataclass_chaos) + { return (ISC_R_SUCCESS); } @@ -14344,18 +14345,23 @@ named_server_nta(named_server_t *server, isc_lex_t *lex, view != NULL; view = ISC_LIST_NEXT(view, link)) { - if (viewname != NULL && - strcmp(view->name, viewname) != 0) + static bool first = true; + + if (viewname != NULL && strcmp(view->name, viewname) != 0) { continue; + } - if (view->nta_lifetime == 0) + if (view->nta_lifetime == 0) { continue; + } - if (!ttlset) + if (!ttlset) { ntattl = view->nta_lifetime; + } - if (ntatable != NULL) + if (ntatable != NULL) { dns_ntatable_detach(&ntatable); + } result = dns_view_getntatable(view, &ntatable); if (result == ISC_R_NOTFOUND) { @@ -14378,6 +14384,11 @@ named_server_nta(named_server_t *server, isc_lex_t *lex, isc_time_set(&t, when, 0); isc_time_formattimestamp(&t, tbuf, sizeof(tbuf)); + if (!first) { + CHECK(putstr(text, "\n")); + } + first = false; + CHECK(putstr(text, "Negative trust anchor added: ")); CHECK(putstr(text, namebuf)); CHECK(putstr(text, "/")); @@ -14392,6 +14403,11 @@ named_server_nta(named_server_t *server, isc_lex_t *lex, } else { CHECK(dns_ntatable_delete(ntatable, ntaname)); + if (!first) { + CHECK(putstr(text, "\n")); + } + first = false; + CHECK(putstr(text, "Negative trust anchor removed: ")); CHECK(putstr(text, namebuf)); CHECK(putstr(text, "/")); @@ -14411,11 +14427,10 @@ named_server_nta(named_server_t *server, isc_lex_t *lex, "for view '%s': %s", view->name, isc_result_totext(result)); } - - CHECK(putnull(text)); - } + CHECK(putnull(text)); + cleanup: if (msg != NULL) { (void) putstr(text, msg); diff --git a/bin/tests/system/rndc/clean.sh b/bin/tests/system/rndc/clean.sh index 65393720bdb..8609ce42116 100644 --- a/bin/tests/system/rndc/clean.sh +++ b/bin/tests/system/rndc/clean.sh @@ -25,3 +25,4 @@ rm -f nsupdate.out.*.test* rm -f python.out.*.test* rm -f rndc.out.*.test* rm -f ns*/managed-keys.bind* ns*/*.mkeys* +rm -f ns*/*.nta diff --git a/bin/tests/system/rndc/ns3/named.conf.in b/bin/tests/system/rndc/ns3/named.conf.in index e8dbfc4aeb9..dd3529559e0 100644 --- a/bin/tests/system/rndc/ns3/named.conf.in +++ b/bin/tests/system/rndc/ns3/named.conf.in @@ -14,7 +14,6 @@ options { pid-file "named.pid"; listen-on { 10.53.0.3; }; listen-on-v6 { none; }; - recursion no; }; key rndc_key { @@ -31,8 +30,17 @@ controls { inet 10.53.0.3 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; +view all { + match-clients { any; }; + + recursion no; + + zone "." { + type hint; + file "../../common/root.hint"; + }; +}; -zone "." { - type hint; - file "../../common/root.hint"; +view none { + match-clients { none; }; }; diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh index 488ee841a62..ae27ef1abf9 100644 --- a/bin/tests/system/rndc/tests.sh +++ b/bin/tests/system/rndc/tests.sh @@ -656,5 +656,14 @@ grep "address family not supported" rndc.out.1.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` +n=`expr $n + 1` +echo_i "check rndc nta reports adding to multiple views ($n)" +ret=0 +$RNDCCMD 10.53.0.3 nta test.com > rndc.out.test$n 2>&1 || ret=1 +lines=`cat rndc.out.test$n | wc -l` +[ ${lines:-0} -eq 2 ] || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + echo_i "exit status: $status" [ $status -eq 0 ] || exit 1