3337. [bug] Change #3294 broke support for the multiple keys

in controls. [RT #29694]
2026-06-13 22:20:00 -04:00 · 2012-06-13 16:30:46 +10:00 · 2012-06-13 16:30:46 +10:00 · c7818fb0be
commit c7818fb0be
parent abd3e2b8d7
6 changed files with 26 additions and 6 deletions
--- a/3
+++ b/3
@ -1,3 +1,6 @@
+3337.	[bug]		Change #3294 broke support for the multiple keys
+			in controls. [RT #29694]
+
 3335.	[func]		nslookup: return a nonzero exit code when unable
 			to get an answer. [RT #29492]

--- a/bin/named/controlconf.c
+++ b/bin/named/controlconf.c
@ -373,8 +373,10 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
 		if (result == ISC_R_SUCCESS)
 			break;
 		isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret));
-		log_invalid(&conn->ccmsg, result);
-		goto cleanup;
+		if (result != ISCCC_R_BADAUTH) {
+			log_invalid(&conn->ccmsg, result);
+			goto cleanup;
+		}
 	}

 	if (key == NULL) {
--- a/bin/tests/system/rndc/ns2/named.conf
+++ b/bin/tests/system/rndc/ns2/named.conf
@ -32,8 +32,13 @@ key rndc_key {
 	algorithm hmac-md5;
 };

+key secondkey {
+	secret "abcd1234abcd8765";
+	algorithm hmac-md5;
+};
+
 controls {
-	inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; };
+	inet 10.53.0.2 port 9953 allow { any; } keys { rndc_key; secondkey; };
 };


--- a/bin/tests/system/rndc/ns2/secondkey.key
+++ b/bin/tests/system/rndc/ns2/secondkey.key
@ -0,0 +1,4 @@
+key secondkey {
+        secret "abcd1234abcd8765";
+        algorithm hmac-md5;
+};
--- a/bin/tests/system/rndc/tests.sh
+++ b/bin/tests/system/rndc/tests.sh
@ -225,5 +225,11 @@ $DIGCMD frozen.nil. TXT | grep 'frozen addition' >/dev/null || ret=1
 if [ $ret != 0 ]; then echo "I:failed"; fi
 status=`expr $status + $ret`

+echo "I:test using second key"
+ret=0
+$RNDC -s 10.53.0.2 -p 9953 -k ns2/secondkey.key status > /dev/null || ret=1
+if [ $ret != 0 ]; then echo "I:failed"; fi
+status=`expr $status + $ret`
+
 echo "I:exit status: $status"
 exit $status
--- a/lib/isccc/cc.c
+++ b/lib/isccc/cc.c
@ -399,8 +399,6 @@ table_fromwire(isccc_region_t *source, isccc_region_t *secret,
 		first_tag = ISC_FALSE;
 	}

-	*alistp = alist;
-
 	if (secret != NULL) {
 		if (checksum_rstart != NULL)
 			result = verify(alist, checksum_rstart,
@ -412,7 +410,9 @@ table_fromwire(isccc_region_t *source, isccc_region_t *secret,
 		result = ISC_R_SUCCESS;

 bad:
-	if (result != ISC_R_SUCCESS)
+	if (result == ISC_R_SUCCESS)
+		*alistp = alist;
+	else
 		isccc_sexpr_free(&alist);

 	return (result);