From 6a3b851f72929802fc10a51f17b170db54988021 Mon Sep 17 00:00:00 2001 From: Tony Finch Date: Fri, 11 Jan 2019 15:17:04 +0000 Subject: [PATCH 1/3] Fix a few cosmetic issues with `rndc managed-keys` The handling of class and view arguments was broken, because the code didn't realise that next_token() would overwrite the class name when it parsed the view name. The code was trying to implement a syntax like `refresh [[class] view]`, but it was documented to have a syntax like `refresh [class [view]]`. The latter is consistent with other rndc commands, so that is how I have fixed it. Before: $ rndc managed-keys refresh in rec rndc: 'managed-keys' failed: unknown class/type unknown class 'rec' After: $ rndc managed-keys refresh in rec refreshing managed keys for 'rec' There were missing newlines in the output from `rndc managed-keys refresh` and `rndc managed-keys destroy`. Before: $ rndc managed-keys refresh refreshing managed keys for 'rec'refreshing managed keys for 'auth' After: $ rndc managed-keys refresh refreshing managed keys for 'rec' refreshing managed keys for 'auth' --- bin/named/server.c | 30 ++++++++++++------------------ 1 file changed, 12 insertions(+), 18 deletions(-) diff --git a/bin/named/server.c b/bin/named/server.c index f04a836ef2..7b766e37c3 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -15049,29 +15049,17 @@ named_server_mkeys(named_server_t *server, isc_lex_t *lex, /* Look for the optional class name. */ classtxt = next_token(lex, text); if (classtxt != NULL) { - /* Look for the optional view name. */ - viewtxt = next_token(lex, text); - } - - if (classtxt == NULL) { - rdclass = dns_rdataclass_in; - } else { isc_textregion_t r; r.base = classtxt; r.length = strlen(classtxt); result = dns_rdataclass_fromtext(&rdclass, &r); if (result != ISC_R_SUCCESS) { - if (viewtxt == NULL) { - rdclass = dns_rdataclass_in; - viewtxt = classtxt; - result = ISC_R_SUCCESS; - } else { - snprintf(msg, sizeof(msg), - "unknown class '%s'", classtxt); - (void) putstr(text, msg); - goto cleanup; - } + snprintf(msg, sizeof(msg), + "unknown class '%s'", classtxt); + (void) putstr(text, msg); + goto cleanup; } + viewtxt = next_token(lex, text); } for (view = ISC_LIST_HEAD(server->viewlist); @@ -15100,6 +15088,9 @@ named_server_mkeys(named_server_t *server, isc_lex_t *lex, switch (opt) { case REFRESH: + if (!first) { + CHECK(putstr(text, "\n")); + } CHECK(mkey_refresh(view, text)); break; case STATUS: @@ -15107,12 +15098,14 @@ named_server_mkeys(named_server_t *server, isc_lex_t *lex, CHECK(putstr(text, "\n\n")); } CHECK(mkey_status(view, text)); - first = false; break; case SYNC: CHECK(dns_zone_flush(view->managed_keys)); break; case DESTROY: + if (!first) { + CHECK(putstr(text, "\n")); + } CHECK(mkey_destroy(server, view, text)); break; default: @@ -15123,6 +15116,7 @@ named_server_mkeys(named_server_t *server, isc_lex_t *lex, if (viewtxt != NULL) { break; } + first = false; } if (!found) { From 3175ea9a87840ffbba97d6a72bd3f62851e48e5a Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Mon, 14 Jan 2019 16:09:36 +1100 Subject: [PATCH 2/3] add CHANGES note --- CHANGES | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/CHANGES b/CHANGES index 8cd510bad5..ab90db4f50 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,7 @@ +5133. [bug] 'rndc managed-keys' didn't handle class and view + correctly and failed to add new lines between each + view. [GL !1327] + 5132. [bug] Fix race condition in cleanup part of dns_dt_create(). [GL !1323] From 7122b5786db12b0811f868977740e12e540488a0 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Mon, 14 Jan 2019 16:40:00 +1100 Subject: [PATCH 3/3] add multi-view server and tests --- bin/tests/system/mkeys/clean.sh | 15 +++---- bin/tests/system/mkeys/ns6/named.conf.in | 50 ++++++++++++++++++++++++ bin/tests/system/mkeys/setup.sh | 1 + bin/tests/system/mkeys/tests.sh | 15 +++++++ 4 files changed, 74 insertions(+), 7 deletions(-) create mode 100644 bin/tests/system/mkeys/ns6/named.conf.in diff --git a/bin/tests/system/mkeys/clean.sh b/bin/tests/system/mkeys/clean.sh index 503f79a5d2..f79c2ce114 100644 --- a/bin/tests/system/mkeys/clean.sh +++ b/bin/tests/system/mkeys/clean.sh @@ -10,14 +10,15 @@ # information regarding copyright ownership. rm -f */K* */*.signed */trusted.conf */*.jnl */*.bk -rm -f dsset-. ns1/dsset-. -rm -f ns*/named.lock -rm -f */managed-keys.bind* */named.secroots rm -f */managed*.conf ns1/managed.key ns1/managed.key.id +rm -f */managed-keys.bind* */named.secroots +rm -f */named.conf rm -f */named.memstats */named.run */named.run.prev rm -f dig.out* delv.out* rndc.out* signer.out* -rm -f ns1/named.secroots ns1/root.db.signed* ns1/root.db.tmp -rm -f */named.conf -rm -rf ns4/nope -rm -f ns5/named.args +rm -f dsset-. ns1/dsset-. rm -f ns*/managed-keys.bind* +rm -f ns*/named.lock +rm -f ns1/named.secroots ns1/root.db.signed* ns1/root.db.tmp +rm -f ns5/named.args +rm -f ns6/view1.mkeys ns6/view2.mkeys +rm -rf ns4/nope diff --git a/bin/tests/system/mkeys/ns6/named.conf.in b/bin/tests/system/mkeys/ns6/named.conf.in new file mode 100644 index 0000000000..37ddaa16ec --- /dev/null +++ b/bin/tests/system/mkeys/ns6/named.conf.in @@ -0,0 +1,50 @@ +/* + * Copyright (C) Internet Systems Consortium, Inc. ("ISC") + * + * This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. + * + * See the COPYRIGHT file distributed with this work for additional + * information regarding copyright ownership. + */ + +// NS6 + +options { + query-source address 10.53.0.6; + notify-source 10.53.0.6; + transfer-source 10.53.0.6; + port @PORT@; + pid-file "named.pid"; + listen-on { 10.53.0.6; }; + listen-on-v6 { none; }; + recursion yes; + notify no; + dnssec-enable yes; + dnssec-validation auto; + bindkeys-file "managed.conf"; +}; + +key rndc_key { + secret "1234abcd8765"; + algorithm hmac-sha256; +}; + +controls { + inet 10.53.0.6 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; +}; + +view view1 { + zone "." { + type hint; + file "../../common/root.hint"; + }; +}; + +view view2 { + zone "." { + type hint; + file "../../common/root.hint"; + }; +}; diff --git a/bin/tests/system/mkeys/setup.sh b/bin/tests/system/mkeys/setup.sh index acfa5538c9..cfc5e560fc 100644 --- a/bin/tests/system/mkeys/setup.sh +++ b/bin/tests/system/mkeys/setup.sh @@ -19,6 +19,7 @@ copy_setports ns2/named.conf.in ns2/named.conf copy_setports ns3/named.conf.in ns3/named.conf copy_setports ns4/named.conf.in ns4/named.conf copy_setports ns5/named.conf.in ns5/named.conf +copy_setports ns6/named.conf.in ns6/named.conf cp ns5/named1.args ns5/named.args diff --git a/bin/tests/system/mkeys/tests.sh b/bin/tests/system/mkeys/tests.sh index 4b502ab82f..ea4ba381f5 100644 --- a/bin/tests/system/mkeys/tests.sh +++ b/bin/tests/system/mkeys/tests.sh @@ -755,5 +755,20 @@ grep "status: NOERROR" dig.out.ns5.b.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo_i "failed"; fi status=`expr $status + $ret` +n=`expr $n + 1` +echo_i "check 'rndc managed-keys' and views ($n)" +ret=0 +$RNDCCMD 10.53.0.6 managed-keys refresh in view1 > rndc.out.ns6.view1.test$n || ret=1 +grep "refreshing managed keys for 'view1'" rndc.out.ns6.view1.test$n > /dev/null || ret=1 +lines=`wc -l < rndc.out.ns6.view1.test$n` +[ $lines -eq 1 ] || ret=1 +$RNDCCMD 10.53.0.6 managed-keys refresh > rndc.out.ns6.view2.test$n || ret=1 +lines=`wc -l < rndc.out.ns6.view2.test$n` +grep "refreshing managed keys for 'view1'" rndc.out.ns6.view2.test$n > /dev/null || ret=1 +grep "refreshing managed keys for 'view2'" rndc.out.ns6.view2.test$n > /dev/null || ret=1 +[ $lines -eq 2 ] || ret=1 +if [ $ret != 0 ]; then echo_i "failed"; fi +status=`expr $status + $ret` + echo_i "exit status: $status" [ $status -eq 0 ] || exit 1