| |
@@ -1,4 +1,4 @@
|
| |
- From 9575852be2344244ac182d7d019869406d3bd963 Mon Sep 17 00:00:00 2001
|
| |
+ From 8bbfacc1a90301a71a487e776db071fa2ef6c8dd Mon Sep 17 00:00:00 2001
|
| |
From: =?UTF-8?q?Petr=20Men=C5=A1=C3=ADk?= <pemensik@redhat.com>
|
| |
Date: Thu, 2 Aug 2018 23:46:45 +0200
|
| |
Subject: [PATCH] FIPS tests changes
|
| |
@@ -73,8 +73,6 @@
|
| |
.../system/allow-query/ns2/named40.conf.in | 4 +-
|
| |
bin/tests/system/allow-query/tests.sh | 18 ++---
|
| |
bin/tests/system/catz/ns1/named.conf.in | 2 +-
|
| |
- bin/tests/system/catz/ns2/named1.conf.in | 2 +-
|
| |
- bin/tests/system/catz/ns2/named2.conf.in | 2 +-
|
| |
bin/tests/system/checkconf/bad-tsig.conf | 2 +-
|
| |
bin/tests/system/checkconf/good.conf | 2 +-
|
| |
bin/tests/system/feature-test.c | 14 ++++
|
| |
@@ -83,23 +81,21 @@
|
| |
bin/tests/system/nsupdate/ns1/named.conf.in | 2 +-
|
| |
bin/tests/system/nsupdate/ns2/named.conf.in | 2 +-
|
| |
bin/tests/system/nsupdate/setup.sh | 6 +-
|
| |
- bin/tests/system/nsupdate/tests.sh | 15 +++--
|
| |
+ bin/tests/system/nsupdate/tests.sh | 11 ++-
|
| |
bin/tests/system/rndc/setup.sh | 2 +-
|
| |
- bin/tests/system/rndc/tests.sh | 23 ++++---
|
| |
+ bin/tests/system/rndc/tests.sh | 22 +++---
|
| |
bin/tests/system/tsig/ns1/named.conf.in | 10 +--
|
| |
- bin/tests/system/tsig/ns1/rndc5.conf.in | 10 +++
|
| |
bin/tests/system/tsig/setup.sh | 5 ++
|
| |
- bin/tests/system/tsig/tests.sh | 65 ++++++++++++-------
|
| |
+ bin/tests/system/tsig/tests.sh | 67 ++++++++++++-------
|
| |
bin/tests/system/upforwd/ns1/named.conf.in | 2 +-
|
| |
bin/tests/system/upforwd/tests.sh | 2 +-
|
| |
- 34 files changed, 163 insertions(+), 109 deletions(-)
|
| |
- create mode 100644 bin/tests/system/tsig/ns1/rndc5.conf.in
|
| |
+ 31 files changed, 149 insertions(+), 106 deletions(-)
|
| |
|
| |
diff --git a/bin/tests/system/acl/ns2/named1.conf.in b/bin/tests/system/acl/ns2/named1.conf.in
|
| |
- index 60f22e1..249f672 100644
|
| |
+ index 745048a..93cb411 100644
|
| |
--- a/bin/tests/system/acl/ns2/named1.conf.in
|
| |
+++ b/bin/tests/system/acl/ns2/named1.conf.in
|
| |
- @@ -33,12 +33,12 @@ options {
|
| |
+ @@ -35,12 +35,12 @@ options {
|
| |
};
|
| |
|
| |
key one {
|
| |
@@ -115,10 +111,10 @@
|
| |
};
|
| |
|
| |
diff --git a/bin/tests/system/acl/ns2/named2.conf.in b/bin/tests/system/acl/ns2/named2.conf.in
|
| |
- index ada97bc..f82d858 100644
|
| |
+ index 21aa991..78e71cc 100644
|
| |
--- a/bin/tests/system/acl/ns2/named2.conf.in
|
| |
+++ b/bin/tests/system/acl/ns2/named2.conf.in
|
| |
- @@ -33,12 +33,12 @@ options {
|
| |
+ @@ -35,12 +35,12 @@ options {
|
| |
};
|
| |
|
| |
key one {
|
| |
@@ -134,10 +130,10 @@
|
| |
};
|
| |
|
| |
diff --git a/bin/tests/system/acl/ns2/named3.conf.in b/bin/tests/system/acl/ns2/named3.conf.in
|
| |
- index 97684e4..de6a2e9 100644
|
| |
+ index 3208c92..bed6325 100644
|
| |
--- a/bin/tests/system/acl/ns2/named3.conf.in
|
| |
+++ b/bin/tests/system/acl/ns2/named3.conf.in
|
| |
- @@ -33,17 +33,17 @@ options {
|
| |
+ @@ -35,17 +35,17 @@ options {
|
| |
};
|
| |
|
| |
key one {
|
| |
@@ -159,10 +155,10 @@
|
| |
};
|
| |
|
| |
diff --git a/bin/tests/system/acl/ns2/named4.conf.in b/bin/tests/system/acl/ns2/named4.conf.in
|
| |
- index 462b3fa..994b35c 100644
|
| |
+ index 14e82ed..a22cafe 100644
|
| |
--- a/bin/tests/system/acl/ns2/named4.conf.in
|
| |
+++ b/bin/tests/system/acl/ns2/named4.conf.in
|
| |
- @@ -33,12 +33,12 @@ options {
|
| |
+ @@ -35,12 +35,12 @@ options {
|
| |
};
|
| |
|
| |
key one {
|
| |
@@ -178,10 +174,10 @@
|
| |
};
|
| |
|
| |
diff --git a/bin/tests/system/acl/ns2/named5.conf.in b/bin/tests/system/acl/ns2/named5.conf.in
|
| |
- index 728da58..8f00d09 100644
|
| |
+ index f43f33c..f4a865a 100644
|
| |
--- a/bin/tests/system/acl/ns2/named5.conf.in
|
| |
+++ b/bin/tests/system/acl/ns2/named5.conf.in
|
| |
- @@ -35,12 +35,12 @@ options {
|
| |
+ @@ -37,12 +37,12 @@ options {
|
| |
};
|
| |
|
| |
key one {
|
| |
@@ -197,10 +193,10 @@
|
| |
};
|
| |
|
| |
diff --git a/bin/tests/system/acl/tests.sh b/bin/tests/system/acl/tests.sh
|
| |
- index be59d64..13d5bdc 100644
|
| |
+ index 9ee3984..f7d4388 100644
|
| |
--- a/bin/tests/system/acl/tests.sh
|
| |
+++ b/bin/tests/system/acl/tests.sh
|
| |
- @@ -22,14 +22,14 @@ echo_i "testing basic ACL processing"
|
| |
+ @@ -23,14 +23,14 @@ echo_i "testing basic ACL processing"
|
| |
# key "one" should fail
|
| |
t=`expr $t + 1`
|
| |
$DIG $DIGOPTS tsigzone. \
|
| |
@@ -217,7 +213,7 @@
|
| |
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
|
| |
|
| |
copy_setports ns2/named2.conf.in ns2/named.conf
|
| |
- @@ -39,18 +39,18 @@ sleep 5
|
| |
+ @@ -40,18 +40,18 @@ sleep 5
|
| |
# prefix 10/8 should fail
|
| |
t=`expr $t + 1`
|
| |
$DIG $DIGOPTS tsigzone. \
|
| |
@@ -239,7 +235,7 @@
|
| |
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
|
| |
|
| |
echo_i "testing nested ACL processing"
|
| |
- @@ -62,31 +62,31 @@ sleep 5
|
| |
+ @@ -63,31 +63,31 @@ sleep 5
|
| |
# should succeed
|
| |
t=`expr $t + 1`
|
| |
$DIG $DIGOPTS tsigzone. \
|
| |
@@ -276,7 +272,7 @@
|
| |
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
|
| |
|
| |
t=`expr $t + 1`
|
| |
- @@ -97,7 +97,7 @@ grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $tt failed" ; status=1
|
| |
+ @@ -98,7 +98,7 @@ grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $tt failed" ; status=1
|
| |
# and other values? right out
|
| |
t=`expr $t + 1`
|
| |
$DIG $DIGOPTS tsigzone. \
|
| |
@@ -285,7 +281,7 @@
|
| |
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
|
| |
|
| |
# now we only allow 10.53.0.1 *and* key one, or 10.53.0.2 *and* key two
|
| |
- @@ -108,31 +108,31 @@ sleep 5
|
| |
+ @@ -109,31 +109,31 @@ sleep 5
|
| |
# should succeed
|
| |
t=`expr $t + 1`
|
| |
$DIG $DIGOPTS tsigzone. \
|
| |
@@ -323,10 +319,10 @@
|
| |
|
| |
echo_i "testing allow-query-on ACL processing"
|
| |
diff --git a/bin/tests/system/allow-query/ns2/named10.conf.in b/bin/tests/system/allow-query/ns2/named10.conf.in
|
| |
- index 7d43e36..f7b25f9 100644
|
| |
+ index b91d19a..7d777c2 100644
|
| |
--- a/bin/tests/system/allow-query/ns2/named10.conf.in
|
| |
+++ b/bin/tests/system/allow-query/ns2/named10.conf.in
|
| |
- @@ -10,7 +10,7 @@
|
| |
+ @@ -12,7 +12,7 @@
|
| |
*/
|
| |
|
| |
key one {
|
| |
@@ -336,10 +332,10 @@
|
| |
};
|
| |
|
| |
diff --git a/bin/tests/system/allow-query/ns2/named11.conf.in b/bin/tests/system/allow-query/ns2/named11.conf.in
|
| |
- index 2952518..121557e 100644
|
| |
+ index 308c4ca..00f6f40 100644
|
| |
--- a/bin/tests/system/allow-query/ns2/named11.conf.in
|
| |
+++ b/bin/tests/system/allow-query/ns2/named11.conf.in
|
| |
- @@ -10,12 +10,12 @@
|
| |
+ @@ -12,12 +12,12 @@
|
| |
*/
|
| |
|
| |
key one {
|
| |
@@ -355,10 +351,10 @@
|
| |
};
|
| |
|
| |
diff --git a/bin/tests/system/allow-query/ns2/named12.conf.in b/bin/tests/system/allow-query/ns2/named12.conf.in
|
| |
- index 0c01071..ceabbb5 100644
|
| |
+ index 6b0fe55..491e514 100644
|
| |
--- a/bin/tests/system/allow-query/ns2/named12.conf.in
|
| |
+++ b/bin/tests/system/allow-query/ns2/named12.conf.in
|
| |
- @@ -10,7 +10,7 @@
|
| |
+ @@ -12,7 +12,7 @@
|
| |
*/
|
| |
|
| |
key one {
|
| |
@@ -368,10 +364,10 @@
|
| |
};
|
| |
|
| |
diff --git a/bin/tests/system/allow-query/ns2/named30.conf.in b/bin/tests/system/allow-query/ns2/named30.conf.in
|
| |
- index 4c17292..9cd9d1f 100644
|
| |
+ index aefc474..7c06596 100644
|
| |
--- a/bin/tests/system/allow-query/ns2/named30.conf.in
|
| |
+++ b/bin/tests/system/allow-query/ns2/named30.conf.in
|
| |
- @@ -10,7 +10,7 @@
|
| |
+ @@ -12,7 +12,7 @@
|
| |
*/
|
| |
|
| |
key one {
|
| |
@@ -381,10 +377,10 @@
|
| |
};
|
| |
|
| |
diff --git a/bin/tests/system/allow-query/ns2/named31.conf.in b/bin/tests/system/allow-query/ns2/named31.conf.in
|
| |
- index a2690a4..f488730 100644
|
| |
+ index 27eccc2..eecb990 100644
|
| |
--- a/bin/tests/system/allow-query/ns2/named31.conf.in
|
| |
+++ b/bin/tests/system/allow-query/ns2/named31.conf.in
|
| |
- @@ -10,12 +10,12 @@
|
| |
+ @@ -12,12 +12,12 @@
|
| |
*/
|
| |
|
| |
key one {
|
| |
@@ -400,10 +396,10 @@
|
| |
};
|
| |
|
| |
diff --git a/bin/tests/system/allow-query/ns2/named32.conf.in b/bin/tests/system/allow-query/ns2/named32.conf.in
|
| |
- index a0708c8..51fa457 100644
|
| |
+ index adbb203..744d122 100644
|
| |
--- a/bin/tests/system/allow-query/ns2/named32.conf.in
|
| |
+++ b/bin/tests/system/allow-query/ns2/named32.conf.in
|
| |
- @@ -10,7 +10,7 @@
|
| |
+ @@ -12,7 +12,7 @@
|
| |
*/
|
| |
|
| |
key one {
|
| |
@@ -413,10 +409,10 @@
|
| |
};
|
| |
|
| |
diff --git a/bin/tests/system/allow-query/ns2/named40.conf.in b/bin/tests/system/allow-query/ns2/named40.conf.in
|
| |
- index 687768e..d24d6d2 100644
|
| |
+ index 364f94b..9518f82 100644
|
| |
--- a/bin/tests/system/allow-query/ns2/named40.conf.in
|
| |
+++ b/bin/tests/system/allow-query/ns2/named40.conf.in
|
| |
- @@ -14,12 +14,12 @@ acl accept { 10.53.0.2; };
|
| |
+ @@ -16,12 +16,12 @@ acl accept { 10.53.0.2; };
|
| |
acl badaccept { 10.53.0.1; };
|
| |
|
| |
key one {
|
| |
@@ -432,10 +428,10 @@
|
| |
};
|
| |
|
| |
diff --git a/bin/tests/system/allow-query/tests.sh b/bin/tests/system/allow-query/tests.sh
|
| |
- index fe40635..543c663 100644
|
| |
+ index bbffe07..80da0fe 100644
|
| |
--- a/bin/tests/system/allow-query/tests.sh
|
| |
+++ b/bin/tests/system/allow-query/tests.sh
|
| |
- @@ -182,7 +182,7 @@ rndc_reload ns2 10.53.0.2
|
| |
+ @@ -200,7 +200,7 @@ rndc_reload ns2 10.53.0.2
|
| |
|
| |
echo_i "test $n: key allowed - query allowed"
|
| |
ret=0
|
| |
@@ -444,25 +440,25 @@
|
| |
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
| |
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
|
| |
if [ $ret != 0 ]; then echo_i "failed"; fi
|
| |
- @@ -195,7 +195,7 @@ rndc_reload ns2 10.53.0.2
|
| |
+ @@ -213,7 +213,7 @@ rndc_reload ns2 10.53.0.2
|
| |
|
| |
echo_i "test $n: key not allowed - query refused"
|
| |
ret=0
|
| |
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
| |
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
| |
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
| |
+ grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
| |
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
| |
- if [ $ret != 0 ]; then echo_i "failed"; fi
|
| |
- @@ -208,7 +208,7 @@ rndc_reload ns2 10.53.0.2
|
| |
+ @@ -227,7 +227,7 @@ rndc_reload ns2 10.53.0.2
|
| |
|
| |
echo_i "test $n: key disallowed - query refused"
|
| |
ret=0
|
| |
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
| |
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
| |
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
| |
+ grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
| |
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
| |
- if [ $ret != 0 ]; then echo_i "failed"; fi
|
| |
- @@ -341,7 +341,7 @@ rndc_reload ns2 10.53.0.2
|
| |
+ @@ -366,7 +366,7 @@ rndc_reload ns2 10.53.0.2
|
| |
|
| |
echo_i "test $n: views key allowed - query allowed"
|
| |
ret=0
|
| |
@@ -471,25 +467,25 @@
|
| |
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
| |
grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
|
| |
if [ $ret != 0 ]; then echo_i "failed"; fi
|
| |
- @@ -354,7 +354,7 @@ rndc_reload ns2 10.53.0.2
|
| |
+ @@ -379,7 +379,7 @@ rndc_reload ns2 10.53.0.2
|
| |
|
| |
echo_i "test $n: views key not allowed - query refused"
|
| |
ret=0
|
| |
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
| |
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:two:1234efgh8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
| |
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
| |
+ grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
| |
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
| |
- if [ $ret != 0 ]; then echo_i "failed"; fi
|
| |
- @@ -367,7 +367,7 @@ rndc_reload ns2 10.53.0.2
|
| |
+ @@ -393,7 +393,7 @@ rndc_reload ns2 10.53.0.2
|
| |
|
| |
echo_i "test $n: views key disallowed - query refused"
|
| |
ret=0
|
| |
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
| |
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.normal.example a > dig.out.ns2.$n || ret=1
|
| |
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
| |
+ grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
| |
grep '^a.normal.example' dig.out.ns2.$n > /dev/null && ret=1
|
| |
- if [ $ret != 0 ]; then echo_i "failed"; fi
|
| |
- @@ -500,7 +500,7 @@ status=`expr $status + $ret`
|
| |
+ @@ -533,7 +533,7 @@ status=`expr $status + $ret`
|
| |
n=`expr $n + 1`
|
| |
echo_i "test $n: zone key allowed - query allowed"
|
| |
ret=0
|
| |
@@ -498,51 +494,29 @@
|
| |
grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
|
| |
grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null || ret=1
|
| |
if [ $ret != 0 ]; then echo_i "failed"; fi
|
| |
- @@ -510,7 +510,7 @@ status=`expr $status + $ret`
|
| |
+ @@ -543,7 +543,7 @@ status=`expr $status + $ret`
|
| |
n=`expr $n + 1`
|
| |
echo_i "test $n: zone key not allowed - query refused"
|
| |
ret=0
|
| |
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y two:1234efgh8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
|
| |
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:two:1234efgh8765 a.keyallow.example a > dig.out.ns2.$n || ret=1
|
| |
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
| |
+ grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
| |
grep '^a.keyallow.example' dig.out.ns2.$n > /dev/null && ret=1
|
| |
- if [ $ret != 0 ]; then echo_i "failed"; fi
|
| |
- @@ -520,7 +520,7 @@ status=`expr $status + $ret`
|
| |
+ @@ -554,7 +554,7 @@ status=`expr $status + $ret`
|
| |
n=`expr $n + 1`
|
| |
echo_i "test $n: zone key disallowed - query refused"
|
| |
ret=0
|
| |
-$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y one:1234abcd8765 a.keydisallow.example a > dig.out.ns2.$n || ret=1
|
| |
+$DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 -y hmac-sha256:one:1234abcd8765 a.keydisallow.example a > dig.out.ns2.$n || ret=1
|
| |
grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
|
| |
+ grep 'EDE: 18 (Prohibited)' dig.out.ns2.$n > /dev/null || ret=1
|
| |
grep '^a.keydisallow.example' dig.out.ns2.$n > /dev/null && ret=1
|
| |
- if [ $ret != 0 ]; then echo_i "failed"; fi
|
| |
diff --git a/bin/tests/system/catz/ns1/named.conf.in b/bin/tests/system/catz/ns1/named.conf.in
|
| |
- index 1218669..e62715e 100644
|
| |
+ index 5a46d39..fc1bd07 100644
|
| |
--- a/bin/tests/system/catz/ns1/named.conf.in
|
| |
+++ b/bin/tests/system/catz/ns1/named.conf.in
|
| |
- @@ -61,5 +61,5 @@ zone "catalog4.example" {
|
| |
-
|
| |
- key tsig_key. {
|
| |
- secret "LSAnCU+Z";
|
| |
- - algorithm hmac-md5;
|
| |
- + algorithm hmac-sha256;
|
| |
- };
|
| |
- diff --git a/bin/tests/system/catz/ns2/named1.conf.in b/bin/tests/system/catz/ns2/named1.conf.in
|
| |
- index 30333e6..4005152 100644
|
| |
- --- a/bin/tests/system/catz/ns2/named1.conf.in
|
| |
- +++ b/bin/tests/system/catz/ns2/named1.conf.in
|
| |
- @@ -70,5 +70,5 @@ zone "catalog4.example" {
|
| |
-
|
| |
- key tsig_key. {
|
| |
- secret "LSAnCU+Z";
|
| |
- - algorithm hmac-md5;
|
| |
- + algorithm hmac-sha256;
|
| |
- };
|
| |
- diff --git a/bin/tests/system/catz/ns2/named2.conf.in b/bin/tests/system/catz/ns2/named2.conf.in
|
| |
- index fcd99ca..84c97ca 100644
|
| |
- --- a/bin/tests/system/catz/ns2/named2.conf.in
|
| |
- +++ b/bin/tests/system/catz/ns2/named2.conf.in
|
| |
- @@ -56,5 +56,5 @@ zone "catalog4.example" {
|
| |
+ @@ -63,5 +63,5 @@ zone "catalog4.example" {
|
| |
|
| |
key tsig_key. {
|
| |
secret "LSAnCU+Z";
|
| |
@@ -550,10 +524,10 @@
|
| |
+ algorithm hmac-sha256;
|
| |
};
|
| |
diff --git a/bin/tests/system/checkconf/bad-tsig.conf b/bin/tests/system/checkconf/bad-tsig.conf
|
| |
- index 21be03e..e57c308 100644
|
| |
+ index 4af25b0..9f202d5 100644
|
| |
--- a/bin/tests/system/checkconf/bad-tsig.conf
|
| |
+++ b/bin/tests/system/checkconf/bad-tsig.conf
|
| |
- @@ -11,7 +11,7 @@
|
| |
+ @@ -13,7 +13,7 @@
|
| |
|
| |
/* Bad secret */
|
| |
key "badtsig" {
|
| |
@@ -563,10 +537,10 @@
|
| |
};
|
| |
|
| |
diff --git a/bin/tests/system/checkconf/good.conf b/bin/tests/system/checkconf/good.conf
|
| |
- index 616a544..e3a59a5 100644
|
| |
+ index 897dc86..e4b6dc1 100644
|
| |
--- a/bin/tests/system/checkconf/good.conf
|
| |
+++ b/bin/tests/system/checkconf/good.conf
|
| |
- @@ -268,6 +268,6 @@ dyndb "name" "library.so" {
|
| |
+ @@ -270,6 +270,6 @@ dyndb "name" "library.so" {
|
| |
system;
|
| |
};
|
| |
key "mykey" {
|
| |
@@ -575,10 +549,10 @@
|
| |
secret "qwertyuiopasdfgh";
|
| |
};
|
| |
diff --git a/bin/tests/system/feature-test.c b/bin/tests/system/feature-test.c
|
| |
- index 877504f..577660a 100644
|
| |
+ index 30e6e14..ba7f98e 100644
|
| |
--- a/bin/tests/system/feature-test.c
|
| |
+++ b/bin/tests/system/feature-test.c
|
| |
- @@ -14,6 +14,7 @@
|
| |
+ @@ -16,6 +16,7 @@
|
| |
#include <string.h>
|
| |
#include <unistd.h>
|
| |
|
| |
@@ -586,8 +560,8 @@
|
| |
#include <isc/net.h>
|
| |
#include <isc/print.h>
|
| |
#include <isc/util.h>
|
| |
- @@ -186,6 +187,19 @@ main(int argc, char **argv) {
|
| |
- #endif /* ifdef DLZ_FILESYSTEM */
|
| |
+ @@ -140,6 +141,19 @@ main(int argc, char **argv) {
|
| |
+ #endif
|
| |
}
|
| |
|
| |
+ if (strcmp(argv[1], "--md5") == 0) {
|
| |
@@ -603,14 +577,14 @@
|
| |
+ }
|
| |
+ }
|
| |
+
|
| |
- if (strcmp(argv[1], "--with-idn") == 0) {
|
| |
- #ifdef HAVE_LIBIDN2
|
| |
- return (0);
|
| |
+ if (strcmp(argv[1], "--ipv6only=no") == 0) {
|
| |
+ #if defined(IPPROTO_IPV6) && defined(IPV6_V6ONLY)
|
| |
+ int s;
|
| |
diff --git a/bin/tests/system/notify/ns5/named.conf.in b/bin/tests/system/notify/ns5/named.conf.in
|
| |
- index 1ee8df4..2b75d9a 100644
|
| |
+ index 5cab276..d4a7bf3 100644
|
| |
--- a/bin/tests/system/notify/ns5/named.conf.in
|
| |
+++ b/bin/tests/system/notify/ns5/named.conf.in
|
| |
- @@ -10,17 +10,17 @@
|
| |
+ @@ -12,17 +12,17 @@
|
| |
*/
|
| |
|
| |
key "a" {
|
| |
@@ -632,10 +606,10 @@
|
| |
};
|
| |
|
| |
diff --git a/bin/tests/system/notify/tests.sh b/bin/tests/system/notify/tests.sh
|
| |
- index 3d7e0b7..ec4d9a7 100644
|
| |
+ index 52d2f81..1fd02d4 100644
|
| |
--- a/bin/tests/system/notify/tests.sh
|
| |
+++ b/bin/tests/system/notify/tests.sh
|
| |
- @@ -212,16 +212,16 @@ ret=0
|
| |
+ @@ -187,7 +187,7 @@ test_start "checking notify to multiple views using tsig"
|
| |
$NSUPDATE << EOF
|
| |
server 10.53.0.5 ${PORT}
|
| |
zone x21
|
| |
@@ -644,22 +618,23 @@
|
| |
update add added.x21 0 in txt "test string"
|
| |
send
|
| |
EOF
|
| |
-
|
| |
+ @@ -195,9 +195,9 @@ fnb="dig.out.b.ns5.test$n"
|
| |
+ fnc="dig.out.c.ns5.test$n"
|
| |
for i in 1 2 3 4 5 6 7 8 9
|
| |
do
|
| |
- - $DIG $DIGOPTS added.x21. -y b:bbbbbbbbbbbbbbbbbbbb @10.53.0.5 \
|
| |
- + $DIG $DIGOPTS added.x21. -y hmac-sha256:b:bbbbbbbbbbbbbbbbbbbb @10.53.0.5 \
|
| |
- txt > dig.out.b.ns5.test$n || ret=1
|
| |
- - $DIG $DIGOPTS added.x21. -y c:cccccccccccccccccccc @10.53.0.5 \
|
| |
- + $DIG $DIGOPTS added.x21. -y hmac-sha256:c:cccccccccccccccccccc @10.53.0.5 \
|
| |
- txt > dig.out.c.ns5.test$n || ret=1
|
| |
- grep "test string" dig.out.b.ns5.test$n > /dev/null &&
|
| |
- grep "test string" dig.out.c.ns5.test$n > /dev/null &&
|
| |
+ - dig_plus_opts added.x21. -y b:bbbbbbbbbbbbbbbbbbbb @10.53.0.5 \
|
| |
+ + dig_plus_opts added.x21. -y hmac-sha256:b:bbbbbbbbbbbbbbbbbbbb @10.53.0.5 \
|
| |
+ txt > "$fnb" || ret=1
|
| |
+ - dig_plus_opts added.x21. -y c:cccccccccccccccccccc @10.53.0.5 \
|
| |
+ + dig_plus_opts added.x21. -y hmac-sha256:c:cccccccccccccccccccc @10.53.0.5 \
|
| |
+ txt > "$fnc" || ret=1
|
| |
+ grep "test string" "$fnb" > /dev/null &&
|
| |
+ grep "test string" "$fnc" > /dev/null &&
|
| |
diff --git a/bin/tests/system/nsupdate/ns1/named.conf.in b/bin/tests/system/nsupdate/ns1/named.conf.in
|
| |
- index b51e700..436c97d 100644
|
| |
+ index 81d0c99..effbe2e 100644
|
| |
--- a/bin/tests/system/nsupdate/ns1/named.conf.in
|
| |
+++ b/bin/tests/system/nsupdate/ns1/named.conf.in
|
| |
- @@ -37,7 +37,7 @@ controls {
|
| |
+ @@ -39,7 +39,7 @@ controls {
|
| |
};
|
| |
|
| |
key altkey {
|
| |
@@ -669,10 +644,10 @@
|
| |
};
|
| |
|
| |
diff --git a/bin/tests/system/nsupdate/ns2/named.conf.in b/bin/tests/system/nsupdate/ns2/named.conf.in
|
| |
- index da6b3b4..c547e47 100644
|
| |
+ index f1a1735..da2b3d1 100644
|
| |
--- a/bin/tests/system/nsupdate/ns2/named.conf.in
|
| |
+++ b/bin/tests/system/nsupdate/ns2/named.conf.in
|
| |
- @@ -32,7 +32,7 @@ controls {
|
| |
+ @@ -34,7 +34,7 @@ controls {
|
| |
};
|
| |
|
| |
key altkey {
|
| |
@@ -682,27 +657,27 @@
|
| |
};
|
| |
|
| |
diff --git a/bin/tests/system/nsupdate/setup.sh b/bin/tests/system/nsupdate/setup.sh
|
| |
- index 5593a2e..7cd1a74 100644
|
| |
+ index 50056dc..a4a1a3f 100644
|
| |
--- a/bin/tests/system/nsupdate/setup.sh
|
| |
+++ b/bin/tests/system/nsupdate/setup.sh
|
| |
- @@ -71,7 +71,11 @@ EOF
|
| |
+ @@ -72,7 +72,11 @@ EOF
|
| |
|
| |
- $DDNSCONFGEN -q -z example.nil > ns1/ddns.key
|
| |
+ $TSIGKEYGEN ddns-key.example.nil > ns1/ddns.key
|
| |
|
| |
- -$DDNSCONFGEN -q -a hmac-md5 -k md5-key -z keytests.nil > ns1/md5.key
|
| |
+ -$TSIGKEYGEN -a hmac-md5 md5-key > ns1/md5.key
|
| |
+if $FEATURETEST --md5; then
|
| |
- + $DDNSCONFGEN -q -a hmac-md5 -k md5-key -z keytests.nil > ns1/md5.key
|
| |
+ + $TSIGKEYGEN -a hmac-md5 md5-key > ns1/md5.key
|
| |
+else
|
| |
+ echo -n > ns1/md5.key
|
| |
+fi
|
| |
- $DDNSCONFGEN -q -a hmac-sha1 -k sha1-key -z keytests.nil > ns1/sha1.key
|
| |
- $DDNSCONFGEN -q -a hmac-sha224 -k sha224-key -z keytests.nil > ns1/sha224.key
|
| |
- $DDNSCONFGEN -q -a hmac-sha256 -k sha256-key -z keytests.nil > ns1/sha256.key
|
| |
+ $TSIGKEYGEN -a hmac-sha1 sha1-key > ns1/sha1.key
|
| |
+ $TSIGKEYGEN -a hmac-sha224 sha224-key > ns1/sha224.key
|
| |
+ $TSIGKEYGEN -a hmac-sha256 sha256-key > ns1/sha256.key
|
| |
diff --git a/bin/tests/system/nsupdate/tests.sh b/bin/tests/system/nsupdate/tests.sh
|
| |
- index 8839131..fde6135 100755
|
| |
+ index 0863d0a..559def7 100755
|
| |
--- a/bin/tests/system/nsupdate/tests.sh
|
| |
+++ b/bin/tests/system/nsupdate/tests.sh
|
| |
- @@ -824,7 +824,14 @@ fi
|
| |
+ @@ -841,7 +841,14 @@ fi
|
| |
n=`expr $n + 1`
|
| |
ret=0
|
| |
echo_i "check TSIG key algorithms (nsupdate -k) ($n)"
|
| |
@@ -718,7 +693,7 @@
|
| |
$NSUPDATE -k ns1/${alg}.key <<END > /dev/null || ret=1
|
| |
server 10.53.0.1 ${PORT}
|
| |
update add ${alg}.keytests.nil. 600 A 10.10.10.3
|
| |
- @@ -832,7 +839,7 @@ send
|
| |
+ @@ -849,7 +856,7 @@ send
|
| |
END
|
| |
done
|
| |
sleep 2
|
| |
@@ -727,29 +702,11 @@
|
| |
$DIG $DIGOPTS +short @10.53.0.1 ${alg}.keytests.nil | grep 10.10.10.3 > /dev/null 2>&1 || ret=1
|
| |
done
|
| |
if [ $ret -ne 0 ]; then
|
| |
- @@ -843,7 +850,7 @@ fi
|
| |
- n=`expr $n + 1`
|
| |
- ret=0
|
| |
- echo_i "check TSIG key algorithms (nsupdate -y) ($n)"
|
| |
- -for alg in md5 sha1 sha224 sha256 sha384 sha512; do
|
| |
- +for alg in $ALGS; do
|
| |
- secret=$(sed -n 's/.*secret "\(.*\)";.*/\1/p' ns1/${alg}.key)
|
| |
- $NSUPDATE -y "hmac-${alg}:${alg}-key:$secret" <<END > /dev/null || ret=1
|
| |
- server 10.53.0.1 ${PORT}
|
| |
- @@ -852,7 +859,7 @@ send
|
| |
- END
|
| |
- done
|
| |
- sleep 2
|
| |
- -for alg in md5 sha1 sha224 sha256 sha384 sha512; do
|
| |
- +for alg in $ALGS; do
|
| |
- $DIG $DIGOPTS +short @10.53.0.1 ${alg}.keytests.nil | grep 10.10.10.50 > /dev/null 2>&1 || ret=1
|
| |
- done
|
| |
- if [ $ret -ne 0 ]; then
|
| |
diff --git a/bin/tests/system/rndc/setup.sh b/bin/tests/system/rndc/setup.sh
|
| |
- index 225722f..63ac938 100644
|
| |
+ index 4dd6fa7..1b79263 100644
|
| |
--- a/bin/tests/system/rndc/setup.sh
|
| |
+++ b/bin/tests/system/rndc/setup.sh
|
| |
- @@ -38,7 +38,7 @@ make_key () {
|
| |
+ @@ -47,7 +47,7 @@ make_key () {
|
| |
sed 's/allow { 10.53.0.4/allow { any/' >> ns4/named.conf
|
| |
}
|
| |
|
| |
@@ -759,13 +716,13 @@
|
| |
make_key 3 ${EXTRAPORT3} hmac-sha224
|
| |
make_key 4 ${EXTRAPORT4} hmac-sha256
|
| |
diff --git a/bin/tests/system/rndc/tests.sh b/bin/tests/system/rndc/tests.sh
|
| |
- index 9bf86c6..b8a7a1f 100644
|
| |
+ index 85c271b..ac69f32 100644
|
| |
--- a/bin/tests/system/rndc/tests.sh
|
| |
+++ b/bin/tests/system/rndc/tests.sh
|
| |
- @@ -349,15 +349,20 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
|
| |
- status=`expr $status + $ret`
|
| |
+ @@ -350,15 +350,19 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
|
| |
+ status=$((status+ret))
|
| |
|
| |
- n=`expr $n + 1`
|
| |
+ n=$((n+1))
|
| |
-echo_i "testing rndc with hmac-md5 ($n)"
|
| |
-ret=0
|
| |
-$RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key1.conf status > /dev/null 2>&1 || ret=1
|
| |
@@ -774,29 +731,28 @@
|
| |
- $RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key${i}.conf status > /dev/null 2>&1 && ret=1
|
| |
-done
|
| |
-if [ $ret != 0 ]; then echo_i "failed"; fi
|
| |
- -status=`expr $status + $ret`
|
| |
+ -status=$((status+ret))
|
| |
+if $FEATURETEST --md5
|
| |
- +then
|
| |
+ echo_i "testing rndc with hmac-md5 ($n)"
|
| |
+ ret=0
|
| |
+ $RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key1.conf status > /dev/null 2>&1 || ret=1
|
| |
+ for i in 2 3 4 5 6
|
| |
+ do
|
| |
- + $RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key${i}.conf status > /dev/null 2>&1 && ret=1
|
| |
+ + $RNDC -s 10.53.0.4 -p ${EXTRAPORT1} -c ns4/key${i}.conf status > /dev/null 2>&1 && ret=1
|
| |
+ done
|
| |
+ if [ $ret != 0 ]; then echo_i "failed"; fi
|
| |
- + status=`expr $status + $ret`
|
| |
+ + status=$((status+ret))
|
| |
+else
|
| |
+ echo_i "skipping rndc with hmac-md5 ($n)"
|
| |
+fi
|
| |
|
| |
- n=`expr $n + 1`
|
| |
+ n=$((n+1))
|
| |
echo_i "testing rndc with hmac-sha1 ($n)"
|
| |
diff --git a/bin/tests/system/tsig/ns1/named.conf.in b/bin/tests/system/tsig/ns1/named.conf.in
|
| |
- index 3470c4f..cf539cd 100644
|
| |
+ index 76cf970..22637af 100644
|
| |
--- a/bin/tests/system/tsig/ns1/named.conf.in
|
| |
+++ b/bin/tests/system/tsig/ns1/named.conf.in
|
| |
- @@ -21,10 +21,7 @@ options {
|
| |
+ @@ -23,10 +23,7 @@ options {
|
| |
notify no;
|
| |
};
|
| |
|
| |
@@ -808,7 +764,7 @@
|
| |
|
| |
key "sha1" {
|
| |
secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
|
| |
- @@ -51,10 +48,7 @@ key "sha512" {
|
| |
+ @@ -53,10 +50,7 @@ key "sha512" {
|
| |
algorithm hmac-sha512;
|
| |
};
|
| |
|
| |
@@ -820,27 +776,11 @@
|
| |
|
| |
key "sha1-trunc" {
|
| |
secret "FrSt77yPTFx6hTs4i2tKLB9LmE0=";
|
| |
- diff --git a/bin/tests/system/tsig/ns1/rndc5.conf.in b/bin/tests/system/tsig/ns1/rndc5.conf.in
|
| |
- new file mode 100644
|
| |
- index 0000000..0682194
|
| |
- --- /dev/null
|
| |
- +++ b/bin/tests/system/tsig/ns1/rndc5.conf.in
|
| |
- @@ -0,0 +1,10 @@
|
| |
- +# Conditionally included when support for MD5 is available
|
| |
- +key "md5" {
|
| |
- + secret "97rnFx24Tfna4mHPfgnerA==";
|
| |
- + algorithm hmac-md5;
|
| |
- +};
|
| |
- +
|
| |
- +key "md5-trunc" {
|
| |
- + secret "97rnFx24Tfna4mHPfgnerA==";
|
| |
- + algorithm hmac-md5-80;
|
| |
- +};
|
| |
diff --git a/bin/tests/system/tsig/setup.sh b/bin/tests/system/tsig/setup.sh
|
| |
- index e3b4a45..ae21d04 100644
|
| |
+ index 34cc73b..d51ff21 100644
|
| |
--- a/bin/tests/system/tsig/setup.sh
|
| |
+++ b/bin/tests/system/tsig/setup.sh
|
| |
- @@ -15,3 +15,8 @@ SYSTEMTESTTOP=..
|
| |
+ @@ -16,3 +16,8 @@
|
| |
$SHELL clean.sh
|
| |
|
| |
copy_setports ns1/named.conf.in ns1/named.conf
|
| |
@@ -850,10 +790,10 @@
|
| |
+ cat ns1/rndc5.conf.in >> ns1/named.conf
|
| |
+fi
|
| |
diff --git a/bin/tests/system/tsig/tests.sh b/bin/tests/system/tsig/tests.sh
|
| |
- index 38d842a..668aa6f 100644
|
| |
+ index 1067227..ee05e83 100644
|
| |
--- a/bin/tests/system/tsig/tests.sh
|
| |
+++ b/bin/tests/system/tsig/tests.sh
|
| |
- @@ -26,20 +26,25 @@ sha512="jI/Pa4qRu96t76Pns5Z/Ndxbn3QCkwcxLOgt9vgvnJw5wqTRvNyk3FtD6yIMd1dWVlqZ+Y4f
|
| |
+ @@ -27,20 +27,25 @@ sha512="jI/Pa4qRu96t76Pns5Z/Ndxbn3QCkwcxLOgt9vgvnJw5wqTRvNyk3FtD6yIMd1dWVlqZ+Y4f
|
| |
|
| |
status=0
|
| |
|
| |
@@ -864,6 +804,13 @@
|
| |
-if [ $ret -eq 1 ] ; then
|
| |
- echo_i "failed"; status=1
|
| |
-fi
|
| |
+ -
|
| |
+ -echo_i "fetching using hmac-md5 (new form)"
|
| |
+ -ret=0
|
| |
+ -$DIG $DIGOPTS example.nil. -y "hmac-md5:md5:$md5" @10.53.0.1 soa > dig.out.md5.new || ret=1
|
| |
+ -grep -i "md5.*TSIG.*NOERROR" dig.out.md5.new > /dev/null || ret=1
|
| |
+ -if [ $ret -eq 1 ] ; then
|
| |
+ - echo_i "failed"; status=1
|
| |
+if $FEATURETEST --md5
|
| |
+then
|
| |
+ echo_i "fetching using hmac-md5 (old form)"
|
| |
@@ -873,13 +820,7 @@
|
| |
+ if [ $ret -eq 1 ] ; then
|
| |
+ echo_i "failed"; status=1
|
| |
+ fi
|
| |
-
|
| |
- -echo_i "fetching using hmac-md5 (new form)"
|
| |
- -ret=0
|
| |
- -$DIG $DIGOPTS example.nil. -y "hmac-md5:md5:$md5" @10.53.0.1 soa > dig.out.md5.new || ret=1
|
| |
- -grep -i "md5.*TSIG.*NOERROR" dig.out.md5.new > /dev/null || ret=1
|
| |
- -if [ $ret -eq 1 ] ; then
|
| |
- - echo_i "failed"; status=1
|
| |
+ +
|
| |
+ echo_i "fetching using hmac-md5 (new form)"
|
| |
+ ret=0
|
| |
+ $DIG $DIGOPTS example.nil. -y "hmac-md5:md5:$md5" @10.53.0.1 soa > dig.out.md5.new || ret=1
|
| |
@@ -892,7 +833,7 @@
|
| |
fi
|
| |
|
| |
echo_i "fetching using hmac-sha1"
|
| |
- @@ -87,12 +92,17 @@ fi
|
| |
+ @@ -88,12 +93,17 @@ fi
|
| |
# Truncated TSIG
|
| |
#
|
| |
#
|
| |
@@ -916,7 +857,7 @@
|
| |
fi
|
| |
|
| |
echo_i "fetching using hmac-sha1 (trunc)"
|
| |
- @@ -141,12 +151,17 @@ fi
|
| |
+ @@ -142,12 +152,17 @@ fi
|
| |
# Check for bad truncation.
|
| |
#
|
| |
#
|
| |
@@ -941,10 +882,10 @@
|
| |
|
| |
echo_i "fetching using hmac-sha1-80 (BADTRUNC)"
|
| |
diff --git a/bin/tests/system/upforwd/ns1/named.conf.in b/bin/tests/system/upforwd/ns1/named.conf.in
|
| |
- index 3873c7c..b359a5a 100644
|
| |
+ index c2b57dd..cb13aa1 100644
|
| |
--- a/bin/tests/system/upforwd/ns1/named.conf.in
|
| |
+++ b/bin/tests/system/upforwd/ns1/named.conf.in
|
| |
- @@ -10,7 +10,7 @@
|
| |
+ @@ -12,7 +12,7 @@
|
| |
*/
|
| |
|
| |
key "update.example." {
|
| |
@@ -954,10 +895,10 @@
|
| |
};
|
| |
|
| |
diff --git a/bin/tests/system/upforwd/tests.sh b/bin/tests/system/upforwd/tests.sh
|
| |
- index a50c896..8062d68 100644
|
| |
+ index a6de312..ebcadb1 100644
|
| |
--- a/bin/tests/system/upforwd/tests.sh
|
| |
+++ b/bin/tests/system/upforwd/tests.sh
|
| |
- @@ -79,7 +79,7 @@ if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
|
| |
+ @@ -80,7 +80,7 @@ if [ $ret != 0 ] ; then echo_i "failed"; status=`expr $status + $ret`; fi
|
| |
|
| |
echo_i "updating zone (signed) ($n)"
|
| |
ret=0
|
| |
@@ -967,5 +908,5 @@
|
| |
update add updated.example. 600 A 10.10.10.1
|
| |
update add updated.example. 600 TXT Foo
|
| |
--
|
| |
- 2.31.1
|
| |
+ 2.34.1
|
| |
|
| |
Related bug: https://bugzilla.redhat.com/show_bug.cgi?id=2057493
Prepare a PR for a change https://fedoraproject.org/wiki/Changes/BIND_9.18