From 1f1ecdecc9752a727b372ceda91859e1190304d1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Wed, 18 Mar 2020 15:24:15 +0100 Subject: [PATCH 1/3] Fix the ecdsa system test to allow parallel run The ecdsa test was not adapted to dynamic ports, so we had to run it in sequence. This commit adds support for dynamic ports, and also makes all the scripts shellcheck clean. --- bin/tests/system/conf.sh.common | 4 ++-- bin/tests/system/ecdsa/.gitignore | 2 ++ bin/tests/system/ecdsa/clean.sh | 20 ++++++++++++------- .../ecdsa/ns1/{named.conf => named.conf.in} | 2 +- bin/tests/system/ecdsa/ns1/sign.sh | 17 ++++++++-------- .../ecdsa/ns2/{named.conf => named.conf.in} | 2 +- bin/tests/system/ecdsa/setup.sh | 8 ++++++-- bin/tests/system/ecdsa/tests.sh | 20 ++++++++++--------- 8 files changed, 45 insertions(+), 30 deletions(-) create mode 100644 bin/tests/system/ecdsa/.gitignore rename bin/tests/system/ecdsa/ns1/{named.conf => named.conf.in} (98%) rename bin/tests/system/ecdsa/ns2/{named.conf => named.conf.in} (98%) diff --git a/bin/tests/system/conf.sh.common b/bin/tests/system/conf.sh.common index 5d541dddaa..4805ce71e0 100644 --- a/bin/tests/system/conf.sh.common +++ b/bin/tests/system/conf.sh.common @@ -37,7 +37,7 @@ export LANG=C # SEQUENTIAL_UNIX in conf.sh.in; those that only run on windows should # be added to SEQUENTIAL_WINDOWS in conf.sh.win32. # -SEQUENTIAL_COMMON="ecdsa eddsa tkey" +SEQUENTIAL_COMMON="eddsa tkey" # # These tests can use ports assigned by the caller (other than 5300 @@ -58,7 +58,7 @@ PARALLEL_COMMON="dnssec rpzrecurse serve-stale \ checkconf checknames checkzone \ cookie database digdelv dlz dlzexternal \ dns64 dscp dsdigest dyndb \ - ednscompliance emptyzones \ + ecdsa ednscompliance emptyzones \ fetchlimit filter-aaaa formerr forward \ geoip2 glue idna include-multiplecfg \ inline integrity ixfr \ diff --git a/bin/tests/system/ecdsa/.gitignore b/bin/tests/system/ecdsa/.gitignore new file mode 100644 index 0000000000..e096e33d39 --- /dev/null +++ b/bin/tests/system/ecdsa/.gitignore @@ -0,0 +1,2 @@ +/ns1/named.conf +/ns2/named.conf diff --git a/bin/tests/system/ecdsa/clean.sh b/bin/tests/system/ecdsa/clean.sh index 6cfeec2466..f230cb01bf 100644 --- a/bin/tests/system/ecdsa/clean.sh +++ b/bin/tests/system/ecdsa/clean.sh @@ -9,11 +9,17 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -rm -f */K* */dsset-* */*.signed */trusted.conf -rm -f ns1/root.db -rm -f ns1/signer.err -rm -f dig.out* -rm -f */named.run -rm -f */named.memstats -rm -f ns*/named.lock +set -e + +rm -f ./dig.out* +rm -f ns*/*.signed +rm -f ns*/K* +rm -f ns*/dsset-* rm -f ns*/managed-keys.bind* +rm -f ns*/named.conf +rm -f ns*/named.lock +rm -f ns*/named.memstats +rm -f ns*/named.run +rm -f ns*/root.db +rm -f ns*/signer.err +rm -f ns*/trusted.conf diff --git a/bin/tests/system/ecdsa/ns1/named.conf b/bin/tests/system/ecdsa/ns1/named.conf.in similarity index 98% rename from bin/tests/system/ecdsa/ns1/named.conf rename to bin/tests/system/ecdsa/ns1/named.conf.in index 50eb048408..88a2547935 100644 --- a/bin/tests/system/ecdsa/ns1/named.conf +++ b/bin/tests/system/ecdsa/ns1/named.conf.in @@ -17,7 +17,7 @@ options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/ecdsa/ns1/sign.sh b/bin/tests/system/ecdsa/ns1/sign.sh index 673aac8ac0..9fc7ddb93f 100644 --- a/bin/tests/system/ecdsa/ns1/sign.sh +++ b/bin/tests/system/ecdsa/ns1/sign.sh @@ -9,21 +9,22 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -SYSTEMTESTTOP=../.. -. $SYSTEMTESTTOP/conf.sh +set -e + +. "$SYSTEMTESTTOP/conf.sh" zone=. infile=root.db.in zonefile=root.db -key1=`$KEYGEN -q -a ECDSAP256SHA256 -n zone $zone` -key2=`$KEYGEN -q -a ECDSAP384SHA384 -n zone -f KSK $zone` -$DSFROMKEY -a sha-384 $key2.key > dsset-384 +key1=$($KEYGEN -q -a ECDSAP256SHA256 -n zone "$zone") +key2=$($KEYGEN -q -a ECDSAP384SHA384 -n zone -f KSK "$zone") +$DSFROMKEY -a sha-384 "$key2.key" > dsset-384 -cat $infile $key1.key $key2.key > $zonefile +cat "$infile" "$key1.key" "$key2.key" > $zonefile -$SIGNER -P -g -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err +$SIGNER -P -g -o "$zone" "$zonefile" > /dev/null 2> signer.err || cat signer.err # Configure the resolving server with a static key. -keyfile_to_static_ds $key1 > trusted.conf +keyfile_to_static_ds "$key1" > trusted.conf cp trusted.conf ../ns2/trusted.conf diff --git a/bin/tests/system/ecdsa/ns2/named.conf b/bin/tests/system/ecdsa/ns2/named.conf.in similarity index 98% rename from bin/tests/system/ecdsa/ns2/named.conf rename to bin/tests/system/ecdsa/ns2/named.conf.in index 420073fc05..198cdbbcec 100644 --- a/bin/tests/system/ecdsa/ns2/named.conf +++ b/bin/tests/system/ecdsa/ns2/named.conf.in @@ -17,7 +17,7 @@ options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/ecdsa/setup.sh b/bin/tests/system/ecdsa/setup.sh index f5482e6c38..69c4995f41 100644 --- a/bin/tests/system/ecdsa/setup.sh +++ b/bin/tests/system/ecdsa/setup.sh @@ -9,7 +9,11 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -SYSTEMTESTTOP=.. -. $SYSTEMTESTTOP/conf.sh +set -e + +. "$SYSTEMTESTTOP/conf.sh" + +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named.conf.in ns2/named.conf cd ns1 && $SHELL sign.sh diff --git a/bin/tests/system/ecdsa/tests.sh b/bin/tests/system/ecdsa/tests.sh index 7cddfd6ce5..8fc2b21b19 100644 --- a/bin/tests/system/ecdsa/tests.sh +++ b/bin/tests/system/ecdsa/tests.sh @@ -9,26 +9,28 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -SYSTEMTESTTOP=.. -. $SYSTEMTESTTOP/conf.sh +set -e + +. "$SYSTEMTESTTOP/conf.sh" status=0 -n=0 +n=1 -rm -f dig.out.* +dig_with_opts() { + "$DIG" +tcp +noau +noadd +nosea +nostat +nocmd +dnssec -p "$PORT" "$@" +} -DIGOPTS="+tcp +noau +noadd +nosea +nostat +nocmd +dnssec -p 5300" # Check the example. domain echo "I:checking that positive validation works ($n)" ret=0 -$DIG $DIGOPTS . @10.53.0.1 soa > dig.out.ns1.test$n || ret=1 -$DIG $DIGOPTS . @10.53.0.2 soa > dig.out.ns2.test$n || ret=1 +dig_with_opts . @10.53.0.1 soa > dig.out.ns1.test$n || ret=1 +dig_with_opts . @10.53.0.2 soa > dig.out.ns2.test$n || ret=1 $PERL ../digcomp.pl dig.out.ns1.test$n dig.out.ns2.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n+1)) if [ $ret != 0 ]; then echo "I:failed"; fi -status=`expr $status + $ret` +status=$((status+ret)) echo "I:exit status: $status" [ $status -eq 0 ] || exit 1 From 4124a899728baee3c1f9d5d8a2b79e6782f588ef Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Wed, 18 Mar 2020 15:30:56 +0100 Subject: [PATCH 2/3] Fix the eddsa system test to allow parallel run The eddsa test was not adapted to dynamic ports, so we had to run it in sequence. This commit adds support for dynamic ports, and also makes all the scripts shellcheck clean. --- bin/tests/system/conf.sh.common | 4 +-- bin/tests/system/eddsa/clean.sh | 20 +++++++++----- .../eddsa/ns1/{named.conf => named.conf.in} | 2 +- bin/tests/system/eddsa/ns1/sign.sh | 19 ++++++------- .../eddsa/ns2/{named.conf => named.conf.in} | 2 +- bin/tests/system/eddsa/ns2/sign.sh | 9 ++++--- bin/tests/system/eddsa/prereq.sh | 9 ++++--- bin/tests/system/eddsa/setup.sh | 8 ++++-- bin/tests/system/eddsa/tests.sh | 27 ++++++++++--------- 9 files changed, 58 insertions(+), 42 deletions(-) rename bin/tests/system/eddsa/ns1/{named.conf => named.conf.in} (98%) rename bin/tests/system/eddsa/ns2/{named.conf => named.conf.in} (98%) diff --git a/bin/tests/system/conf.sh.common b/bin/tests/system/conf.sh.common index 4805ce71e0..407f1b9800 100644 --- a/bin/tests/system/conf.sh.common +++ b/bin/tests/system/conf.sh.common @@ -37,7 +37,7 @@ export LANG=C # SEQUENTIAL_UNIX in conf.sh.in; those that only run on windows should # be added to SEQUENTIAL_WINDOWS in conf.sh.win32. # -SEQUENTIAL_COMMON="eddsa tkey" +SEQUENTIAL_COMMON="tkey" # # These tests can use ports assigned by the caller (other than 5300 @@ -58,7 +58,7 @@ PARALLEL_COMMON="dnssec rpzrecurse serve-stale \ checkconf checknames checkzone \ cookie database digdelv dlz dlzexternal \ dns64 dscp dsdigest dyndb \ - ecdsa ednscompliance emptyzones \ + ecdsa eddsa ednscompliance emptyzones \ fetchlimit filter-aaaa formerr forward \ geoip2 glue idna include-multiplecfg \ inline integrity ixfr \ diff --git a/bin/tests/system/eddsa/clean.sh b/bin/tests/system/eddsa/clean.sh index 8e2e225e19..f230cb01bf 100644 --- a/bin/tests/system/eddsa/clean.sh +++ b/bin/tests/system/eddsa/clean.sh @@ -9,11 +9,17 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -rm -f */K* */dsset-* */*.signed */trusted.conf -rm -f ns1/root.db -rm -f ns*/signer.err -rm -f dig.out* -rm -f */named.run -rm -f */named.memstats -rm -f ns*/named.lock +set -e + +rm -f ./dig.out* +rm -f ns*/*.signed +rm -f ns*/K* +rm -f ns*/dsset-* rm -f ns*/managed-keys.bind* +rm -f ns*/named.conf +rm -f ns*/named.lock +rm -f ns*/named.memstats +rm -f ns*/named.run +rm -f ns*/root.db +rm -f ns*/signer.err +rm -f ns*/trusted.conf diff --git a/bin/tests/system/eddsa/ns1/named.conf b/bin/tests/system/eddsa/ns1/named.conf.in similarity index 98% rename from bin/tests/system/eddsa/ns1/named.conf rename to bin/tests/system/eddsa/ns1/named.conf.in index 50eb048408..88a2547935 100644 --- a/bin/tests/system/eddsa/ns1/named.conf +++ b/bin/tests/system/eddsa/ns1/named.conf.in @@ -17,7 +17,7 @@ options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/eddsa/ns1/sign.sh b/bin/tests/system/eddsa/ns1/sign.sh index 761ee13428..f1a462a263 100644 --- a/bin/tests/system/eddsa/ns1/sign.sh +++ b/bin/tests/system/eddsa/ns1/sign.sh @@ -9,24 +9,25 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -SYSTEMTESTTOP=../.. -. $SYSTEMTESTTOP/conf.sh +set -e + +. "$SYSTEMTESTTOP/conf.sh" zone=. infile=root.db.in zonefile=root.db -key1=`$KEYGEN -q -a ED25519 -n zone $zone` -key2=`$KEYGEN -q -a ED25519 -n zone -f KSK $zone` -#key2=`$KEYGEN -q -a ED448 -n zone -f KSK $zone` -$DSFROMKEY -a sha-256 $key2.key > dsset-256 +key1=$($KEYGEN -q -a ED25519 -n zone "$zone") +key2=$($KEYGEN -q -a ED25519 -n zone -f KSK "$zone") +#key2=$($KEYGEN -q -a ED448 -n zone -f KSK "$zone") +$DSFROMKEY -a sha-256 "$key2.key" > dsset-256 -cat $infile $key1.key $key2.key > $zonefile +cat "$infile" "$key1.key" "$key2.key" > "$zonefile" -$SIGNER -P -g -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err +$SIGNER -P -g -o "$zone" "$zonefile" > /dev/null 2> signer.err || cat signer.err # Configure the resolving server with a static key. -keyfile_to_static_ds $key1 > trusted.conf +keyfile_to_static_ds "$key1" > trusted.conf cp trusted.conf ../ns2/trusted.conf cd ../ns2 && $SHELL sign.sh diff --git a/bin/tests/system/eddsa/ns2/named.conf b/bin/tests/system/eddsa/ns2/named.conf.in similarity index 98% rename from bin/tests/system/eddsa/ns2/named.conf rename to bin/tests/system/eddsa/ns2/named.conf.in index 420073fc05..198cdbbcec 100644 --- a/bin/tests/system/eddsa/ns2/named.conf +++ b/bin/tests/system/eddsa/ns2/named.conf.in @@ -17,7 +17,7 @@ options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/eddsa/ns2/sign.sh b/bin/tests/system/eddsa/ns2/sign.sh index 7aeceecd2a..ddd7a92746 100644 --- a/bin/tests/system/eddsa/ns2/sign.sh +++ b/bin/tests/system/eddsa/ns2/sign.sh @@ -9,8 +9,9 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -SYSTEMTESTTOP=../.. -. $SYSTEMTESTTOP/conf.sh +set -e + +. "$SYSTEMTESTTOP/conf.sh" zone=example.com. zonefile=example.com.db @@ -22,7 +23,7 @@ for i in Xexample.com.+015+03613.key Xexample.com.+015+03613.private \ Xexample.com.+016+09713.key Xexample.com.+016+09713.private \ Xexample.com.+016+38353.key Xexample.com.+016+38353.private do - cp $i `echo $i | sed s/X/K/` + cp "$i" "$(echo $i | sed s/X/K/)" done -$SIGNER -P -z -s $starttime -e $endtime -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err +$SIGNER -P -z -s "$starttime" -e "$endtime" -o "$zone" "$zonefile" > /dev/null 2> signer.err || cat signer.err diff --git a/bin/tests/system/eddsa/prereq.sh b/bin/tests/system/eddsa/prereq.sh index 648f97dcf9..e86ce7eb39 100644 --- a/bin/tests/system/eddsa/prereq.sh +++ b/bin/tests/system/eddsa/prereq.sh @@ -9,7 +9,10 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -SYSTEMTESTTOP=.. -. $SYSTEMTESTTOP/conf.sh +set -e -exec $SHELL ../testcrypto.sh eddsa +. "$SYSTEMTESTTOP/conf.sh" + +if ! $SHELL ../testcrypto.sh eddsa; then + exit 1 +fi diff --git a/bin/tests/system/eddsa/setup.sh b/bin/tests/system/eddsa/setup.sh index f5482e6c38..69c4995f41 100644 --- a/bin/tests/system/eddsa/setup.sh +++ b/bin/tests/system/eddsa/setup.sh @@ -9,7 +9,11 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -SYSTEMTESTTOP=.. -. $SYSTEMTESTTOP/conf.sh +set -e + +. "$SYSTEMTESTTOP/conf.sh" + +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named.conf.in ns2/named.conf cd ns1 && $SHELL sign.sh diff --git a/bin/tests/system/eddsa/tests.sh b/bin/tests/system/eddsa/tests.sh index 4f6269e34b..2dcc138c2f 100644 --- a/bin/tests/system/eddsa/tests.sh +++ b/bin/tests/system/eddsa/tests.sh @@ -9,27 +9,28 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -SYSTEMTESTTOP=.. -. $SYSTEMTESTTOP/conf.sh +set -e + +. "$SYSTEMTESTTOP/conf.sh" status=0 n=1 -rm -f dig.out.* - -DIGOPTS="+tcp +noau +noadd +nosea +nostat +nocmd +dnssec -p 5300" +dig_with_opts() { + "$DIG" +tcp +noau +noadd +nosea +nostat +nocmd +dnssec -p "$PORT" "$@" +} # Check the example. domain echo "I:checking that positive validation works ($n)" ret=0 -$DIG $DIGOPTS . @10.53.0.1 soa > dig.out.ns1.test$n || ret=1 -$DIG $DIGOPTS . @10.53.0.2 soa > dig.out.ns2.test$n || ret=1 +dig_with_opts . @10.53.0.1 soa > dig.out.ns1.test$n || ret=1 +dig_with_opts . @10.53.0.2 soa > dig.out.ns2.test$n || ret=1 $PERL ../digcomp.pl dig.out.ns1.test$n dig.out.ns2.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n+1)) if [ $ret != 0 ]; then echo "I:failed"; fi -status=`expr $status + $ret` +status=$((status+ret)) # Check test vectors (RFC 8080 + errata) @@ -39,9 +40,9 @@ grep 'oL9krJun7xfBOIWcGHi7mag5/hdZrKWw15jP' ns2/example.com.db.signed > /dev/nul grep 'VrbpMngwcrqNAg==' ns2/example.com.db.signed > /dev/null || ret=1 grep 'zXQ0bkYgQTEFyfLyi9QoiY6D8ZdYo4wyUhVi' ns2/example.com.db.signed > /dev/null || ret=1 grep 'R0O7KuI5k2pcBg==' ns2/example.com.db.signed > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n+1)) if [ $ret != 0 ]; then echo "I:failed"; fi -status=`expr $status + $ret` +status=$((status+ret)) echo "I:checking that Ed448 test vectors match ($n)" ret=0 @@ -57,9 +58,9 @@ grep '4m0AsQ4f7qI1gVnML8vWWiyW2KXhT9kuAICU' ns2/example.com.db.signed > /dev/nul grep 'Sxv5OWbf81Rq7Yu60npabODB0QFPb/rkW3kU' ns2/example.com.db.signed > /dev/null || ret=1 grep 'ZmQ0YQUA' ns2/example.com.db.signed > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n+1)) if [ $ret != 0 ]; then echo "I:failed"; fi -status=`expr $status + $ret` +status=$((status+ret)) echo "I:exit status: $status" [ $status -eq 0 ] || exit 1 From cfbb46201f55dfe6787c75dcc17b99bf33f1f907 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Wed, 18 Mar 2020 15:33:52 +0100 Subject: [PATCH 3/3] Fix the tkey system test to allow parallel run The tkey test was not adapted to dynamic ports, so we had to run it in sequence. This commit adds support for dynamic ports, and also makes all the scripts shellcheck clean. --- bin/tests/system/conf.sh.common | 4 +- bin/tests/system/tkey/clean.sh | 17 ++-- bin/tests/system/tkey/keycreate.c | 22 ++-- bin/tests/system/tkey/keydelete.c | 13 ++- bin/tests/system/tkey/ns1/named.conf.in | 4 +- bin/tests/system/tkey/ns1/setup.sh | 12 +-- bin/tests/system/tkey/setup.sh | 7 +- bin/tests/system/tkey/tests.sh | 130 +++++++++++++----------- 8 files changed, 118 insertions(+), 91 deletions(-) diff --git a/bin/tests/system/conf.sh.common b/bin/tests/system/conf.sh.common index 407f1b9800..f34f86e728 100644 --- a/bin/tests/system/conf.sh.common +++ b/bin/tests/system/conf.sh.common @@ -37,7 +37,7 @@ export LANG=C # SEQUENTIAL_UNIX in conf.sh.in; those that only run on windows should # be added to SEQUENTIAL_WINDOWS in conf.sh.win32. # -SEQUENTIAL_COMMON="tkey" +SEQUENTIAL_COMMON="" # # These tests can use ports assigned by the caller (other than 5300 @@ -70,7 +70,7 @@ PARALLEL_COMMON="dnssec rpzrecurse serve-stale \ rrchecker rrl rrsetorder rsabigexponent runtime \ sfcache smartsign sortlist \ spf staticstub statistics statschannel stub synthfromdnssec \ - tcp tools tsig tsiggss ttl \ + tcp tkey tools tsig tsiggss ttl \ unknown upforwd verify views wildcard \ xfer xferquota zero zonechecks" diff --git a/bin/tests/system/tkey/clean.sh b/bin/tests/system/tkey/clean.sh index cf1557927e..56a8846a43 100644 --- a/bin/tests/system/tkey/clean.sh +++ b/bin/tests/system/tkey/clean.sh @@ -9,10 +9,15 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -rm -f dig.out.* rndc.out.* ns1/named.conf -rm -f K* ns1/K* -rm -f */named.memstats -rm -f */named.run -rm -f ns1/_default.tsigkeys -rm -f ns*/named.lock +set -e + +rm -f ./K* +rm -f ./dig.out.* +rm -f ./rndc.out.* +rm -f ns*/K* +rm -f ns*/_default.tsigkeys rm -f ns*/managed-keys.bind* +rm -f ns*/named.conf +rm -f ns*/named.lock +rm -f ns*/named.memstats +rm -f ns*/named.run diff --git a/bin/tests/system/tkey/keycreate.c b/bin/tests/system/tkey/keycreate.c index cf15fd3544..cdd0f7a7a5 100644 --- a/bin/tests/system/tkey/keycreate.c +++ b/bin/tests/system/tkey/keycreate.c @@ -52,9 +52,11 @@ #define RUNCHECK(x) RUNTIME_CHECK((x) == ISC_R_SUCCESS) -#define PORT 5300 #define TIMEOUT 30 +static char *ip_address = NULL; +static int port = 0; + static dst_key_t *ourkey; static isc_mem_t *mctx; static dns_tsigkey_t *tsigkey, *initialkey; @@ -141,10 +143,10 @@ sendquery(isc_task_t *task, isc_event_t *event) { isc_event_free(&event); result = ISC_R_FAILURE; - if (inet_pton(AF_INET, "10.53.0.1", &inaddr) != 1) { + if (inet_pton(AF_INET, ip_address, &inaddr) != 1) { CHECK("inet_pton", result); } - isc_sockaddr_fromin(&address, &inaddr, PORT); + isc_sockaddr_fromin(&address, &inaddr, port); dns_fixedname_init(&keyname); isc_buffer_constinit(&namestr, "tkeytest.", 9); @@ -210,18 +212,16 @@ main(int argc, char *argv[]) { RUNCHECK(isc_app_start()); - if (argc < 2) { + if (argc < 4) { fprintf(stderr, "I:no DH key provided\n"); exit(-1); } - if (strcmp(argv[1], "-r") == 0) { - fprintf(stderr, "I:the -r option has been deprecated\n"); - exit(-1); - } - ourkeyname = argv[1]; + ip_address = argv[1]; + port = atoi(argv[2]); + ourkeyname = argv[3]; - if (argc >= 3) { - ownername_str = argv[2]; + if (argc >= 5) { + ownername_str = argv[4]; } dns_result_register(); diff --git a/bin/tests/system/tkey/keydelete.c b/bin/tests/system/tkey/keydelete.c index 52f9c31ec8..d2b850d64c 100644 --- a/bin/tests/system/tkey/keydelete.c +++ b/bin/tests/system/tkey/keydelete.c @@ -51,9 +51,10 @@ #define RUNCHECK(x) RUNTIME_CHECK((x) == ISC_R_SUCCESS) -#define PORT 5300 #define TIMEOUT 30 +static char *ip_address; +static int port; static isc_mem_t *mctx; static dns_tsigkey_t *tsigkey; static dns_tsig_keyring_t *ring; @@ -114,10 +115,10 @@ sendquery(isc_task_t *task, isc_event_t *event) { isc_event_free(&event); result = ISC_R_FAILURE; - if (inet_pton(AF_INET, "10.53.0.1", &inaddr) != 1) { + if (inet_pton(AF_INET, ip_address, &inaddr) != 1) { CHECK("inet_pton", result); } - isc_sockaddr_fromin(&address, &inaddr, PORT); + isc_sockaddr_fromin(&address, &inaddr, port); query = NULL; result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &query); @@ -155,7 +156,7 @@ main(int argc, char **argv) { RUNCHECK(isc_app_start()); - if (argc < 2) { + if (argc < 4) { fprintf(stderr, "I:no key to delete\n"); exit(-1); } @@ -163,7 +164,9 @@ main(int argc, char **argv) { fprintf(stderr, "I:The -r options has been deprecated\n"); exit(-1); } - keyname = argv[1]; + ip_address = argv[1]; + port = atoi(argv[2]); + keyname = argv[3]; dns_result_register(); diff --git a/bin/tests/system/tkey/ns1/named.conf.in b/bin/tests/system/tkey/ns1/named.conf.in index 01331beafc..4496d32372 100644 --- a/bin/tests/system/tkey/ns1/named.conf.in +++ b/bin/tests/system/tkey/ns1/named.conf.in @@ -15,7 +15,7 @@ options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; @@ -32,7 +32,7 @@ key rndc_key { }; controls { - inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; key "tkeytest." { diff --git a/bin/tests/system/tkey/ns1/setup.sh b/bin/tests/system/tkey/ns1/setup.sh index a5343396b9..a8f43ca300 100644 --- a/bin/tests/system/tkey/ns1/setup.sh +++ b/bin/tests/system/tkey/ns1/setup.sh @@ -9,10 +9,10 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -SYSTEMTESTTOP=../.. -. $SYSTEMTESTTOP/conf.sh +set -e -keyname=`$KEYGEN -T KEY -a DH -b 768 -n host server` -keyid=$(keyfile_to_key_id $keyname) -rm -f named.conf -sed -e "s;KEYID;$keyid;" < named.conf.in > named.conf +. "$SYSTEMTESTTOP/conf.sh" + +keyname=$($KEYGEN -T KEY -a DH -b 768 -n host server) +keyid=$(keyfile_to_key_id "$keyname") +sed -i -e "s;KEYID;$keyid;" named.conf diff --git a/bin/tests/system/tkey/setup.sh b/bin/tests/system/tkey/setup.sh index 6e143976a2..014c1eb18f 100644 --- a/bin/tests/system/tkey/setup.sh +++ b/bin/tests/system/tkey/setup.sh @@ -9,7 +9,10 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -SYSTEMTESTTOP=.. -. $SYSTEMTESTTOP/conf.sh +set -e + +. "$SYSTEMTESTTOP/conf.sh" + +copy_setports ns1/named.conf.in ns1/named.conf cd ns1 && $SHELL setup.sh diff --git a/bin/tests/system/tkey/tests.sh b/bin/tests/system/tkey/tests.sh index a293d32b2b..f7d816e372 100644 --- a/bin/tests/system/tkey/tests.sh +++ b/bin/tests/system/tkey/tests.sh @@ -9,137 +9,153 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -SYSTEMTESTTOP=.. -. $SYSTEMTESTTOP/conf.sh +set -e -DIGOPTS="@10.53.0.1 -p 5300" +. "$SYSTEMTESTTOP/conf.sh" + +dig_with_opts() { + "$DIG" @10.53.0.1 -p "$PORT" "$@" +} status=0 +n=1 -echo "I:generating new DH key" +echo "I:generating new DH key ($n)" ret=0 -dhkeyname=`$KEYGEN -T KEY -a DH -b 768 -n host client` || ret=1 +dhkeyname=$($KEYGEN -T KEY -a DH -b 768 -n host client) || ret=1 if [ $ret != 0 ]; then echo "I:failed" - status=`expr $status + $ret` + status=$((status+ret)) echo "I:exit status: $status" exit $status fi -status=`expr $status + $ret` +status=$((status+ret)) +n=$((n+1)) for owner in . foo.example. do - echo "I:creating new key using owner name \"$owner\"" + echo "I:creating new key using owner name \"$owner\" ($n)" ret=0 - keyname=`$KEYCREATE $dhkeyname $owner` || ret=1 + keyname=$($KEYCREATE 10.53.0.1 "$PORT" "$dhkeyname" $owner) || ret=1 if [ $ret != 0 ]; then echo "I:failed" - status=`expr $status + $ret` + status=$((status+ret)) echo "I:exit status: $status" exit $status fi - status=`expr $status + $ret` + status=$((status+ret)) + n=$((n+1)) - echo "I:checking the new key" + echo "I:checking the new key ($n)" ret=0 - $DIG $DIGOPTS txt txt.example -k $keyname > dig.out.1 || ret=1 - grep "status: NOERROR" dig.out.1 > /dev/null || ret=1 - grep "TSIG.*hmac-md5.*NOERROR" dig.out.1 > /dev/null || ret=1 - grep "Some TSIG could not be validated" dig.out.1 > /dev/null && ret=1 + dig_with_opts txt txt.example -k "$keyname" > dig.out.test$n || ret=1 + grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 + grep "TSIG.*hmac-md5.*NOERROR" dig.out.test$n > /dev/null || ret=1 + grep "Some TSIG could not be validated" dig.out.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo "I:failed" fi - status=`expr $status + $ret` + status=$((status+ret)) + n=$((n+1)) - echo "I:deleting new key" + echo "I:deleting new key ($n)" ret=0 - $KEYDELETE $keyname || ret=1 + $KEYDELETE 10.53.0.1 "$PORT" "$keyname" || ret=1 if [ $ret != 0 ]; then echo "I:failed" fi - status=`expr $status + $ret` + status=$((status+ret)) + n=$((n+1)) - echo "I:checking that new key has been deleted" + echo "I:checking that new key has been deleted ($n)" ret=0 - $DIG $DIGOPTS txt txt.example -k $keyname > dig.out.2 || ret=1 - grep "status: NOERROR" dig.out.2 > /dev/null && ret=1 - grep "TSIG.*hmac-md5.*NOERROR" dig.out.2 > /dev/null && ret=1 - grep "Some TSIG could not be validated" dig.out.2 > /dev/null || ret=1 + dig_with_opts txt txt.example -k "$keyname" > dig.out.test$n || ret=1 + grep "status: NOERROR" dig.out.test$n > /dev/null && ret=1 + grep "TSIG.*hmac-md5.*NOERROR" dig.out.test$n > /dev/null && ret=1 + grep "Some TSIG could not be validated" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo "I:failed" fi - status=`expr $status + $ret` + status=$((status+ret)) + n=$((n+1)) done -echo "I:creating new key using owner name bar.example." +echo "I:creating new key using owner name bar.example. ($n)" ret=0 -keyname=`$KEYCREATE $dhkeyname bar.example.` || ret=1 +keyname=$($KEYCREATE 10.53.0.1 "$PORT" "$dhkeyname" bar.example.) || ret=1 if [ $ret != 0 ]; then echo "I:failed" - status=`expr $status + $ret` + status=$((status+ret)) echo "I:exit status: $status" exit $status fi -status=`expr $status + $ret` +status=$((status+ret)) +n=$((n+1)) -echo "I:checking the key with 'rndc tsig-list'" +echo "I:checking the key with 'rndc tsig-list' ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 tsig-list > rndc.out.1 -grep "key \"bar.example.server" rndc.out.1 > /dev/null || ret=1 +$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p "$CONTROLPORT" tsig-list > rndc.out.test$n +grep "key \"bar.example.server" rndc.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo "I:failed" fi -status=`expr $status + $ret` +status=$((status+ret)) +n=$((n+1)) -echo "I:using key in a request" +echo "I:using key in a request ($n)" ret=0 -$DIG $DIGOPTS -k $keyname txt.example txt > dig.out.3 || ret=1 -grep "status: NOERROR" dig.out.3 > /dev/null || ret=1 +dig_with_opts -k "$keyname" txt.example txt > dig.out.test$n || ret=1 +grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo "I:failed" fi -status=`expr $status + $ret` +status=$((status+ret)) +n=$((n+1)) -echo "I:deleting the key with 'rndc tsig-delete'" +echo "I:deleting the key with 'rndc tsig-delete' ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 tsig-delete bar.example.server > /dev/null || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 tsig-list > rndc.out.2 -grep "key \"bar.example.server" rndc.out.2 > /dev/null && ret=1 -$DIG $DIGOPTS -k $keyname txt.example txt > dig.out.4 || ret=1 -grep "TSIG could not be validated" dig.out.4 > /dev/null || ret=1 +$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p "$CONTROLPORT" tsig-delete bar.example.server > /dev/null || ret=1 +$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p "$CONTROLPORT" tsig-list > rndc.out.test$n +grep "key \"bar.example.server" rndc.out.test$n > /dev/null && ret=1 +dig_with_opts -k "$keyname" txt.example txt > dig.out.test$n || ret=1 +grep "TSIG could not be validated" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo "I:failed" fi -status=`expr $status + $ret` +status=$((status+ret)) +n=$((n+1)) -echo "I:recreating the bar.example. key" +echo "I:recreating the bar.example. key ($n)" ret=0 -keyname=`$KEYCREATE $dhkeyname bar.example.` || ret=1 +keyname=$($KEYCREATE 10.53.0.1 "$PORT" "$dhkeyname" bar.example.) || ret=1 if [ $ret != 0 ]; then echo "I:failed" - status=`expr $status + $ret` + status=$((status+ret)) echo "I:exit status: $status" exit $status fi -status=`expr $status + $ret` +status=$((status+ret)) +n=$((n+1)) -echo "I:checking the new key with 'rndc tsig-list'" +echo "I:checking the new key with 'rndc tsig-list' ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 tsig-list > rndc.out.3 -grep "key \"bar.example.server" rndc.out.3 > /dev/null || ret=1 +$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p "$CONTROLPORT" tsig-list > rndc.out.test$n +grep "key \"bar.example.server" rndc.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo "I:failed" fi -status=`expr $status + $ret` +status=$((status+ret)) +n=$((n+1)) -echo "I:using the new key in a request" +echo "I:using the new key in a request ($n)" ret=0 -$DIG $DIGOPTS -k $keyname txt.example txt > dig.out.5 || ret=1 -grep "status: NOERROR" dig.out.5 > /dev/null || ret=1 +dig_with_opts -k "$keyname" txt.example txt > dig.out.test$n || ret=1 +grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo "I:failed" fi -status=`expr $status + $ret` +status=$((status+ret)) +n=$((n+1)) echo "I:exit status: $status" [ $status -eq 0 ] || exit 1