diff --git a/bin/tests/system/conf.sh.common b/bin/tests/system/conf.sh.common index 5d541dddaa..f34f86e728 100644 --- a/bin/tests/system/conf.sh.common +++ b/bin/tests/system/conf.sh.common @@ -37,7 +37,7 @@ export LANG=C # SEQUENTIAL_UNIX in conf.sh.in; those that only run on windows should # be added to SEQUENTIAL_WINDOWS in conf.sh.win32. # -SEQUENTIAL_COMMON="ecdsa eddsa tkey" +SEQUENTIAL_COMMON="" # # These tests can use ports assigned by the caller (other than 5300 @@ -58,7 +58,7 @@ PARALLEL_COMMON="dnssec rpzrecurse serve-stale \ checkconf checknames checkzone \ cookie database digdelv dlz dlzexternal \ dns64 dscp dsdigest dyndb \ - ednscompliance emptyzones \ + ecdsa eddsa ednscompliance emptyzones \ fetchlimit filter-aaaa formerr forward \ geoip2 glue idna include-multiplecfg \ inline integrity ixfr \ @@ -70,7 +70,7 @@ PARALLEL_COMMON="dnssec rpzrecurse serve-stale \ rrchecker rrl rrsetorder rsabigexponent runtime \ sfcache smartsign sortlist \ spf staticstub statistics statschannel stub synthfromdnssec \ - tcp tools tsig tsiggss ttl \ + tcp tkey tools tsig tsiggss ttl \ unknown upforwd verify views wildcard \ xfer xferquota zero zonechecks" diff --git a/bin/tests/system/ecdsa/.gitignore b/bin/tests/system/ecdsa/.gitignore new file mode 100644 index 0000000000..e096e33d39 --- /dev/null +++ b/bin/tests/system/ecdsa/.gitignore @@ -0,0 +1,2 @@ +/ns1/named.conf +/ns2/named.conf diff --git a/bin/tests/system/ecdsa/clean.sh b/bin/tests/system/ecdsa/clean.sh index 6cfeec2466..f230cb01bf 100644 --- a/bin/tests/system/ecdsa/clean.sh +++ b/bin/tests/system/ecdsa/clean.sh @@ -9,11 +9,17 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -rm -f */K* */dsset-* */*.signed */trusted.conf -rm -f ns1/root.db -rm -f ns1/signer.err -rm -f dig.out* -rm -f */named.run -rm -f */named.memstats -rm -f ns*/named.lock +set -e + +rm -f ./dig.out* +rm -f ns*/*.signed +rm -f ns*/K* +rm -f ns*/dsset-* rm -f ns*/managed-keys.bind* +rm -f ns*/named.conf +rm -f ns*/named.lock +rm -f ns*/named.memstats +rm -f ns*/named.run +rm -f ns*/root.db +rm -f ns*/signer.err +rm -f ns*/trusted.conf diff --git a/bin/tests/system/ecdsa/ns1/named.conf b/bin/tests/system/ecdsa/ns1/named.conf.in similarity index 98% rename from bin/tests/system/ecdsa/ns1/named.conf rename to bin/tests/system/ecdsa/ns1/named.conf.in index 50eb048408..88a2547935 100644 --- a/bin/tests/system/ecdsa/ns1/named.conf +++ b/bin/tests/system/ecdsa/ns1/named.conf.in @@ -17,7 +17,7 @@ options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/ecdsa/ns1/sign.sh b/bin/tests/system/ecdsa/ns1/sign.sh index 673aac8ac0..9fc7ddb93f 100644 --- a/bin/tests/system/ecdsa/ns1/sign.sh +++ b/bin/tests/system/ecdsa/ns1/sign.sh @@ -9,21 +9,22 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -SYSTEMTESTTOP=../.. -. $SYSTEMTESTTOP/conf.sh +set -e + +. "$SYSTEMTESTTOP/conf.sh" zone=. infile=root.db.in zonefile=root.db -key1=`$KEYGEN -q -a ECDSAP256SHA256 -n zone $zone` -key2=`$KEYGEN -q -a ECDSAP384SHA384 -n zone -f KSK $zone` -$DSFROMKEY -a sha-384 $key2.key > dsset-384 +key1=$($KEYGEN -q -a ECDSAP256SHA256 -n zone "$zone") +key2=$($KEYGEN -q -a ECDSAP384SHA384 -n zone -f KSK "$zone") +$DSFROMKEY -a sha-384 "$key2.key" > dsset-384 -cat $infile $key1.key $key2.key > $zonefile +cat "$infile" "$key1.key" "$key2.key" > $zonefile -$SIGNER -P -g -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err +$SIGNER -P -g -o "$zone" "$zonefile" > /dev/null 2> signer.err || cat signer.err # Configure the resolving server with a static key. -keyfile_to_static_ds $key1 > trusted.conf +keyfile_to_static_ds "$key1" > trusted.conf cp trusted.conf ../ns2/trusted.conf diff --git a/bin/tests/system/ecdsa/ns2/named.conf b/bin/tests/system/ecdsa/ns2/named.conf.in similarity index 98% rename from bin/tests/system/ecdsa/ns2/named.conf rename to bin/tests/system/ecdsa/ns2/named.conf.in index 420073fc05..198cdbbcec 100644 --- a/bin/tests/system/ecdsa/ns2/named.conf +++ b/bin/tests/system/ecdsa/ns2/named.conf.in @@ -17,7 +17,7 @@ options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/ecdsa/setup.sh b/bin/tests/system/ecdsa/setup.sh index f5482e6c38..69c4995f41 100644 --- a/bin/tests/system/ecdsa/setup.sh +++ b/bin/tests/system/ecdsa/setup.sh @@ -9,7 +9,11 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -SYSTEMTESTTOP=.. -. $SYSTEMTESTTOP/conf.sh +set -e + +. "$SYSTEMTESTTOP/conf.sh" + +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named.conf.in ns2/named.conf cd ns1 && $SHELL sign.sh diff --git a/bin/tests/system/ecdsa/tests.sh b/bin/tests/system/ecdsa/tests.sh index 7cddfd6ce5..8fc2b21b19 100644 --- a/bin/tests/system/ecdsa/tests.sh +++ b/bin/tests/system/ecdsa/tests.sh @@ -9,26 +9,28 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -SYSTEMTESTTOP=.. -. $SYSTEMTESTTOP/conf.sh +set -e + +. "$SYSTEMTESTTOP/conf.sh" status=0 -n=0 +n=1 -rm -f dig.out.* +dig_with_opts() { + "$DIG" +tcp +noau +noadd +nosea +nostat +nocmd +dnssec -p "$PORT" "$@" +} -DIGOPTS="+tcp +noau +noadd +nosea +nostat +nocmd +dnssec -p 5300" # Check the example. domain echo "I:checking that positive validation works ($n)" ret=0 -$DIG $DIGOPTS . @10.53.0.1 soa > dig.out.ns1.test$n || ret=1 -$DIG $DIGOPTS . @10.53.0.2 soa > dig.out.ns2.test$n || ret=1 +dig_with_opts . @10.53.0.1 soa > dig.out.ns1.test$n || ret=1 +dig_with_opts . @10.53.0.2 soa > dig.out.ns2.test$n || ret=1 $PERL ../digcomp.pl dig.out.ns1.test$n dig.out.ns2.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n+1)) if [ $ret != 0 ]; then echo "I:failed"; fi -status=`expr $status + $ret` +status=$((status+ret)) echo "I:exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/eddsa/clean.sh b/bin/tests/system/eddsa/clean.sh index 8e2e225e19..f230cb01bf 100644 --- a/bin/tests/system/eddsa/clean.sh +++ b/bin/tests/system/eddsa/clean.sh @@ -9,11 +9,17 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -rm -f */K* */dsset-* */*.signed */trusted.conf -rm -f ns1/root.db -rm -f ns*/signer.err -rm -f dig.out* -rm -f */named.run -rm -f */named.memstats -rm -f ns*/named.lock +set -e + +rm -f ./dig.out* +rm -f ns*/*.signed +rm -f ns*/K* +rm -f ns*/dsset-* rm -f ns*/managed-keys.bind* +rm -f ns*/named.conf +rm -f ns*/named.lock +rm -f ns*/named.memstats +rm -f ns*/named.run +rm -f ns*/root.db +rm -f ns*/signer.err +rm -f ns*/trusted.conf diff --git a/bin/tests/system/eddsa/ns1/named.conf b/bin/tests/system/eddsa/ns1/named.conf.in similarity index 98% rename from bin/tests/system/eddsa/ns1/named.conf rename to bin/tests/system/eddsa/ns1/named.conf.in index 50eb048408..88a2547935 100644 --- a/bin/tests/system/eddsa/ns1/named.conf +++ b/bin/tests/system/eddsa/ns1/named.conf.in @@ -17,7 +17,7 @@ options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/eddsa/ns1/sign.sh b/bin/tests/system/eddsa/ns1/sign.sh index 761ee13428..f1a462a263 100644 --- a/bin/tests/system/eddsa/ns1/sign.sh +++ b/bin/tests/system/eddsa/ns1/sign.sh @@ -9,24 +9,25 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -SYSTEMTESTTOP=../.. -. $SYSTEMTESTTOP/conf.sh +set -e + +. "$SYSTEMTESTTOP/conf.sh" zone=. infile=root.db.in zonefile=root.db -key1=`$KEYGEN -q -a ED25519 -n zone $zone` -key2=`$KEYGEN -q -a ED25519 -n zone -f KSK $zone` -#key2=`$KEYGEN -q -a ED448 -n zone -f KSK $zone` -$DSFROMKEY -a sha-256 $key2.key > dsset-256 +key1=$($KEYGEN -q -a ED25519 -n zone "$zone") +key2=$($KEYGEN -q -a ED25519 -n zone -f KSK "$zone") +#key2=$($KEYGEN -q -a ED448 -n zone -f KSK "$zone") +$DSFROMKEY -a sha-256 "$key2.key" > dsset-256 -cat $infile $key1.key $key2.key > $zonefile +cat "$infile" "$key1.key" "$key2.key" > "$zonefile" -$SIGNER -P -g -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err +$SIGNER -P -g -o "$zone" "$zonefile" > /dev/null 2> signer.err || cat signer.err # Configure the resolving server with a static key. -keyfile_to_static_ds $key1 > trusted.conf +keyfile_to_static_ds "$key1" > trusted.conf cp trusted.conf ../ns2/trusted.conf cd ../ns2 && $SHELL sign.sh diff --git a/bin/tests/system/eddsa/ns2/named.conf b/bin/tests/system/eddsa/ns2/named.conf.in similarity index 98% rename from bin/tests/system/eddsa/ns2/named.conf rename to bin/tests/system/eddsa/ns2/named.conf.in index 420073fc05..198cdbbcec 100644 --- a/bin/tests/system/eddsa/ns2/named.conf +++ b/bin/tests/system/eddsa/ns2/named.conf.in @@ -17,7 +17,7 @@ options { query-source address 10.53.0.2; notify-source 10.53.0.2; transfer-source 10.53.0.2; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.2; }; listen-on-v6 { none; }; diff --git a/bin/tests/system/eddsa/ns2/sign.sh b/bin/tests/system/eddsa/ns2/sign.sh index 7aeceecd2a..ddd7a92746 100644 --- a/bin/tests/system/eddsa/ns2/sign.sh +++ b/bin/tests/system/eddsa/ns2/sign.sh @@ -9,8 +9,9 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -SYSTEMTESTTOP=../.. -. $SYSTEMTESTTOP/conf.sh +set -e + +. "$SYSTEMTESTTOP/conf.sh" zone=example.com. zonefile=example.com.db @@ -22,7 +23,7 @@ for i in Xexample.com.+015+03613.key Xexample.com.+015+03613.private \ Xexample.com.+016+09713.key Xexample.com.+016+09713.private \ Xexample.com.+016+38353.key Xexample.com.+016+38353.private do - cp $i `echo $i | sed s/X/K/` + cp "$i" "$(echo $i | sed s/X/K/)" done -$SIGNER -P -z -s $starttime -e $endtime -o $zone $zonefile > /dev/null 2> signer.err || cat signer.err +$SIGNER -P -z -s "$starttime" -e "$endtime" -o "$zone" "$zonefile" > /dev/null 2> signer.err || cat signer.err diff --git a/bin/tests/system/eddsa/prereq.sh b/bin/tests/system/eddsa/prereq.sh index 648f97dcf9..e86ce7eb39 100644 --- a/bin/tests/system/eddsa/prereq.sh +++ b/bin/tests/system/eddsa/prereq.sh @@ -9,7 +9,10 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -SYSTEMTESTTOP=.. -. $SYSTEMTESTTOP/conf.sh +set -e -exec $SHELL ../testcrypto.sh eddsa +. "$SYSTEMTESTTOP/conf.sh" + +if ! $SHELL ../testcrypto.sh eddsa; then + exit 1 +fi diff --git a/bin/tests/system/eddsa/setup.sh b/bin/tests/system/eddsa/setup.sh index f5482e6c38..69c4995f41 100644 --- a/bin/tests/system/eddsa/setup.sh +++ b/bin/tests/system/eddsa/setup.sh @@ -9,7 +9,11 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -SYSTEMTESTTOP=.. -. $SYSTEMTESTTOP/conf.sh +set -e + +. "$SYSTEMTESTTOP/conf.sh" + +copy_setports ns1/named.conf.in ns1/named.conf +copy_setports ns2/named.conf.in ns2/named.conf cd ns1 && $SHELL sign.sh diff --git a/bin/tests/system/eddsa/tests.sh b/bin/tests/system/eddsa/tests.sh index 4f6269e34b..2dcc138c2f 100644 --- a/bin/tests/system/eddsa/tests.sh +++ b/bin/tests/system/eddsa/tests.sh @@ -9,27 +9,28 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -SYSTEMTESTTOP=.. -. $SYSTEMTESTTOP/conf.sh +set -e + +. "$SYSTEMTESTTOP/conf.sh" status=0 n=1 -rm -f dig.out.* - -DIGOPTS="+tcp +noau +noadd +nosea +nostat +nocmd +dnssec -p 5300" +dig_with_opts() { + "$DIG" +tcp +noau +noadd +nosea +nostat +nocmd +dnssec -p "$PORT" "$@" +} # Check the example. domain echo "I:checking that positive validation works ($n)" ret=0 -$DIG $DIGOPTS . @10.53.0.1 soa > dig.out.ns1.test$n || ret=1 -$DIG $DIGOPTS . @10.53.0.2 soa > dig.out.ns2.test$n || ret=1 +dig_with_opts . @10.53.0.1 soa > dig.out.ns1.test$n || ret=1 +dig_with_opts . @10.53.0.2 soa > dig.out.ns2.test$n || ret=1 $PERL ../digcomp.pl dig.out.ns1.test$n dig.out.ns2.test$n || ret=1 grep "flags:.*ad.*QUERY" dig.out.ns2.test$n > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n+1)) if [ $ret != 0 ]; then echo "I:failed"; fi -status=`expr $status + $ret` +status=$((status+ret)) # Check test vectors (RFC 8080 + errata) @@ -39,9 +40,9 @@ grep 'oL9krJun7xfBOIWcGHi7mag5/hdZrKWw15jP' ns2/example.com.db.signed > /dev/nul grep 'VrbpMngwcrqNAg==' ns2/example.com.db.signed > /dev/null || ret=1 grep 'zXQ0bkYgQTEFyfLyi9QoiY6D8ZdYo4wyUhVi' ns2/example.com.db.signed > /dev/null || ret=1 grep 'R0O7KuI5k2pcBg==' ns2/example.com.db.signed > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n+1)) if [ $ret != 0 ]; then echo "I:failed"; fi -status=`expr $status + $ret` +status=$((status+ret)) echo "I:checking that Ed448 test vectors match ($n)" ret=0 @@ -57,9 +58,9 @@ grep '4m0AsQ4f7qI1gVnML8vWWiyW2KXhT9kuAICU' ns2/example.com.db.signed > /dev/nul grep 'Sxv5OWbf81Rq7Yu60npabODB0QFPb/rkW3kU' ns2/example.com.db.signed > /dev/null || ret=1 grep 'ZmQ0YQUA' ns2/example.com.db.signed > /dev/null || ret=1 -n=`expr $n + 1` +n=$((n+1)) if [ $ret != 0 ]; then echo "I:failed"; fi -status=`expr $status + $ret` +status=$((status+ret)) echo "I:exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/tkey/clean.sh b/bin/tests/system/tkey/clean.sh index cf1557927e..56a8846a43 100644 --- a/bin/tests/system/tkey/clean.sh +++ b/bin/tests/system/tkey/clean.sh @@ -9,10 +9,15 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -rm -f dig.out.* rndc.out.* ns1/named.conf -rm -f K* ns1/K* -rm -f */named.memstats -rm -f */named.run -rm -f ns1/_default.tsigkeys -rm -f ns*/named.lock +set -e + +rm -f ./K* +rm -f ./dig.out.* +rm -f ./rndc.out.* +rm -f ns*/K* +rm -f ns*/_default.tsigkeys rm -f ns*/managed-keys.bind* +rm -f ns*/named.conf +rm -f ns*/named.lock +rm -f ns*/named.memstats +rm -f ns*/named.run diff --git a/bin/tests/system/tkey/keycreate.c b/bin/tests/system/tkey/keycreate.c index cf15fd3544..cdd0f7a7a5 100644 --- a/bin/tests/system/tkey/keycreate.c +++ b/bin/tests/system/tkey/keycreate.c @@ -52,9 +52,11 @@ #define RUNCHECK(x) RUNTIME_CHECK((x) == ISC_R_SUCCESS) -#define PORT 5300 #define TIMEOUT 30 +static char *ip_address = NULL; +static int port = 0; + static dst_key_t *ourkey; static isc_mem_t *mctx; static dns_tsigkey_t *tsigkey, *initialkey; @@ -141,10 +143,10 @@ sendquery(isc_task_t *task, isc_event_t *event) { isc_event_free(&event); result = ISC_R_FAILURE; - if (inet_pton(AF_INET, "10.53.0.1", &inaddr) != 1) { + if (inet_pton(AF_INET, ip_address, &inaddr) != 1) { CHECK("inet_pton", result); } - isc_sockaddr_fromin(&address, &inaddr, PORT); + isc_sockaddr_fromin(&address, &inaddr, port); dns_fixedname_init(&keyname); isc_buffer_constinit(&namestr, "tkeytest.", 9); @@ -210,18 +212,16 @@ main(int argc, char *argv[]) { RUNCHECK(isc_app_start()); - if (argc < 2) { + if (argc < 4) { fprintf(stderr, "I:no DH key provided\n"); exit(-1); } - if (strcmp(argv[1], "-r") == 0) { - fprintf(stderr, "I:the -r option has been deprecated\n"); - exit(-1); - } - ourkeyname = argv[1]; + ip_address = argv[1]; + port = atoi(argv[2]); + ourkeyname = argv[3]; - if (argc >= 3) { - ownername_str = argv[2]; + if (argc >= 5) { + ownername_str = argv[4]; } dns_result_register(); diff --git a/bin/tests/system/tkey/keydelete.c b/bin/tests/system/tkey/keydelete.c index 52f9c31ec8..d2b850d64c 100644 --- a/bin/tests/system/tkey/keydelete.c +++ b/bin/tests/system/tkey/keydelete.c @@ -51,9 +51,10 @@ #define RUNCHECK(x) RUNTIME_CHECK((x) == ISC_R_SUCCESS) -#define PORT 5300 #define TIMEOUT 30 +static char *ip_address; +static int port; static isc_mem_t *mctx; static dns_tsigkey_t *tsigkey; static dns_tsig_keyring_t *ring; @@ -114,10 +115,10 @@ sendquery(isc_task_t *task, isc_event_t *event) { isc_event_free(&event); result = ISC_R_FAILURE; - if (inet_pton(AF_INET, "10.53.0.1", &inaddr) != 1) { + if (inet_pton(AF_INET, ip_address, &inaddr) != 1) { CHECK("inet_pton", result); } - isc_sockaddr_fromin(&address, &inaddr, PORT); + isc_sockaddr_fromin(&address, &inaddr, port); query = NULL; result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &query); @@ -155,7 +156,7 @@ main(int argc, char **argv) { RUNCHECK(isc_app_start()); - if (argc < 2) { + if (argc < 4) { fprintf(stderr, "I:no key to delete\n"); exit(-1); } @@ -163,7 +164,9 @@ main(int argc, char **argv) { fprintf(stderr, "I:The -r options has been deprecated\n"); exit(-1); } - keyname = argv[1]; + ip_address = argv[1]; + port = atoi(argv[2]); + keyname = argv[3]; dns_result_register(); diff --git a/bin/tests/system/tkey/ns1/named.conf.in b/bin/tests/system/tkey/ns1/named.conf.in index 01331beafc..4496d32372 100644 --- a/bin/tests/system/tkey/ns1/named.conf.in +++ b/bin/tests/system/tkey/ns1/named.conf.in @@ -15,7 +15,7 @@ options { query-source address 10.53.0.1; notify-source 10.53.0.1; transfer-source 10.53.0.1; - port 5300; + port @PORT@; pid-file "named.pid"; listen-on { 10.53.0.1; }; listen-on-v6 { none; }; @@ -32,7 +32,7 @@ key rndc_key { }; controls { - inet 10.53.0.1 port 9953 allow { any; } keys { rndc_key; }; + inet 10.53.0.1 port @CONTROLPORT@ allow { any; } keys { rndc_key; }; }; key "tkeytest." { diff --git a/bin/tests/system/tkey/ns1/setup.sh b/bin/tests/system/tkey/ns1/setup.sh index a5343396b9..a8f43ca300 100644 --- a/bin/tests/system/tkey/ns1/setup.sh +++ b/bin/tests/system/tkey/ns1/setup.sh @@ -9,10 +9,10 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -SYSTEMTESTTOP=../.. -. $SYSTEMTESTTOP/conf.sh +set -e -keyname=`$KEYGEN -T KEY -a DH -b 768 -n host server` -keyid=$(keyfile_to_key_id $keyname) -rm -f named.conf -sed -e "s;KEYID;$keyid;" < named.conf.in > named.conf +. "$SYSTEMTESTTOP/conf.sh" + +keyname=$($KEYGEN -T KEY -a DH -b 768 -n host server) +keyid=$(keyfile_to_key_id "$keyname") +sed -i -e "s;KEYID;$keyid;" named.conf diff --git a/bin/tests/system/tkey/setup.sh b/bin/tests/system/tkey/setup.sh index 6e143976a2..014c1eb18f 100644 --- a/bin/tests/system/tkey/setup.sh +++ b/bin/tests/system/tkey/setup.sh @@ -9,7 +9,10 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -SYSTEMTESTTOP=.. -. $SYSTEMTESTTOP/conf.sh +set -e + +. "$SYSTEMTESTTOP/conf.sh" + +copy_setports ns1/named.conf.in ns1/named.conf cd ns1 && $SHELL setup.sh diff --git a/bin/tests/system/tkey/tests.sh b/bin/tests/system/tkey/tests.sh index a293d32b2b..f7d816e372 100644 --- a/bin/tests/system/tkey/tests.sh +++ b/bin/tests/system/tkey/tests.sh @@ -9,137 +9,153 @@ # See the COPYRIGHT file distributed with this work for additional # information regarding copyright ownership. -SYSTEMTESTTOP=.. -. $SYSTEMTESTTOP/conf.sh +set -e -DIGOPTS="@10.53.0.1 -p 5300" +. "$SYSTEMTESTTOP/conf.sh" + +dig_with_opts() { + "$DIG" @10.53.0.1 -p "$PORT" "$@" +} status=0 +n=1 -echo "I:generating new DH key" +echo "I:generating new DH key ($n)" ret=0 -dhkeyname=`$KEYGEN -T KEY -a DH -b 768 -n host client` || ret=1 +dhkeyname=$($KEYGEN -T KEY -a DH -b 768 -n host client) || ret=1 if [ $ret != 0 ]; then echo "I:failed" - status=`expr $status + $ret` + status=$((status+ret)) echo "I:exit status: $status" exit $status fi -status=`expr $status + $ret` +status=$((status+ret)) +n=$((n+1)) for owner in . foo.example. do - echo "I:creating new key using owner name \"$owner\"" + echo "I:creating new key using owner name \"$owner\" ($n)" ret=0 - keyname=`$KEYCREATE $dhkeyname $owner` || ret=1 + keyname=$($KEYCREATE 10.53.0.1 "$PORT" "$dhkeyname" $owner) || ret=1 if [ $ret != 0 ]; then echo "I:failed" - status=`expr $status + $ret` + status=$((status+ret)) echo "I:exit status: $status" exit $status fi - status=`expr $status + $ret` + status=$((status+ret)) + n=$((n+1)) - echo "I:checking the new key" + echo "I:checking the new key ($n)" ret=0 - $DIG $DIGOPTS txt txt.example -k $keyname > dig.out.1 || ret=1 - grep "status: NOERROR" dig.out.1 > /dev/null || ret=1 - grep "TSIG.*hmac-md5.*NOERROR" dig.out.1 > /dev/null || ret=1 - grep "Some TSIG could not be validated" dig.out.1 > /dev/null && ret=1 + dig_with_opts txt txt.example -k "$keyname" > dig.out.test$n || ret=1 + grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 + grep "TSIG.*hmac-md5.*NOERROR" dig.out.test$n > /dev/null || ret=1 + grep "Some TSIG could not be validated" dig.out.test$n > /dev/null && ret=1 if [ $ret != 0 ]; then echo "I:failed" fi - status=`expr $status + $ret` + status=$((status+ret)) + n=$((n+1)) - echo "I:deleting new key" + echo "I:deleting new key ($n)" ret=0 - $KEYDELETE $keyname || ret=1 + $KEYDELETE 10.53.0.1 "$PORT" "$keyname" || ret=1 if [ $ret != 0 ]; then echo "I:failed" fi - status=`expr $status + $ret` + status=$((status+ret)) + n=$((n+1)) - echo "I:checking that new key has been deleted" + echo "I:checking that new key has been deleted ($n)" ret=0 - $DIG $DIGOPTS txt txt.example -k $keyname > dig.out.2 || ret=1 - grep "status: NOERROR" dig.out.2 > /dev/null && ret=1 - grep "TSIG.*hmac-md5.*NOERROR" dig.out.2 > /dev/null && ret=1 - grep "Some TSIG could not be validated" dig.out.2 > /dev/null || ret=1 + dig_with_opts txt txt.example -k "$keyname" > dig.out.test$n || ret=1 + grep "status: NOERROR" dig.out.test$n > /dev/null && ret=1 + grep "TSIG.*hmac-md5.*NOERROR" dig.out.test$n > /dev/null && ret=1 + grep "Some TSIG could not be validated" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo "I:failed" fi - status=`expr $status + $ret` + status=$((status+ret)) + n=$((n+1)) done -echo "I:creating new key using owner name bar.example." +echo "I:creating new key using owner name bar.example. ($n)" ret=0 -keyname=`$KEYCREATE $dhkeyname bar.example.` || ret=1 +keyname=$($KEYCREATE 10.53.0.1 "$PORT" "$dhkeyname" bar.example.) || ret=1 if [ $ret != 0 ]; then echo "I:failed" - status=`expr $status + $ret` + status=$((status+ret)) echo "I:exit status: $status" exit $status fi -status=`expr $status + $ret` +status=$((status+ret)) +n=$((n+1)) -echo "I:checking the key with 'rndc tsig-list'" +echo "I:checking the key with 'rndc tsig-list' ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 tsig-list > rndc.out.1 -grep "key \"bar.example.server" rndc.out.1 > /dev/null || ret=1 +$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p "$CONTROLPORT" tsig-list > rndc.out.test$n +grep "key \"bar.example.server" rndc.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo "I:failed" fi -status=`expr $status + $ret` +status=$((status+ret)) +n=$((n+1)) -echo "I:using key in a request" +echo "I:using key in a request ($n)" ret=0 -$DIG $DIGOPTS -k $keyname txt.example txt > dig.out.3 || ret=1 -grep "status: NOERROR" dig.out.3 > /dev/null || ret=1 +dig_with_opts -k "$keyname" txt.example txt > dig.out.test$n || ret=1 +grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo "I:failed" fi -status=`expr $status + $ret` +status=$((status+ret)) +n=$((n+1)) -echo "I:deleting the key with 'rndc tsig-delete'" +echo "I:deleting the key with 'rndc tsig-delete' ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 tsig-delete bar.example.server > /dev/null || ret=1 -$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 tsig-list > rndc.out.2 -grep "key \"bar.example.server" rndc.out.2 > /dev/null && ret=1 -$DIG $DIGOPTS -k $keyname txt.example txt > dig.out.4 || ret=1 -grep "TSIG could not be validated" dig.out.4 > /dev/null || ret=1 +$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p "$CONTROLPORT" tsig-delete bar.example.server > /dev/null || ret=1 +$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p "$CONTROLPORT" tsig-list > rndc.out.test$n +grep "key \"bar.example.server" rndc.out.test$n > /dev/null && ret=1 +dig_with_opts -k "$keyname" txt.example txt > dig.out.test$n || ret=1 +grep "TSIG could not be validated" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo "I:failed" fi -status=`expr $status + $ret` +status=$((status+ret)) +n=$((n+1)) -echo "I:recreating the bar.example. key" +echo "I:recreating the bar.example. key ($n)" ret=0 -keyname=`$KEYCREATE $dhkeyname bar.example.` || ret=1 +keyname=$($KEYCREATE 10.53.0.1 "$PORT" "$dhkeyname" bar.example.) || ret=1 if [ $ret != 0 ]; then echo "I:failed" - status=`expr $status + $ret` + status=$((status+ret)) echo "I:exit status: $status" exit $status fi -status=`expr $status + $ret` +status=$((status+ret)) +n=$((n+1)) -echo "I:checking the new key with 'rndc tsig-list'" +echo "I:checking the new key with 'rndc tsig-list' ($n)" ret=0 -$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p 9953 tsig-list > rndc.out.3 -grep "key \"bar.example.server" rndc.out.3 > /dev/null || ret=1 +$RNDC -c ../common/rndc.conf -s 10.53.0.1 -p "$CONTROLPORT" tsig-list > rndc.out.test$n +grep "key \"bar.example.server" rndc.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo "I:failed" fi -status=`expr $status + $ret` +status=$((status+ret)) +n=$((n+1)) -echo "I:using the new key in a request" +echo "I:using the new key in a request ($n)" ret=0 -$DIG $DIGOPTS -k $keyname txt.example txt > dig.out.5 || ret=1 -grep "status: NOERROR" dig.out.5 > /dev/null || ret=1 +dig_with_opts -k "$keyname" txt.example txt > dig.out.test$n || ret=1 +grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1 if [ $ret != 0 ]; then echo "I:failed" fi -status=`expr $status + $ret` +status=$((status+ret)) +n=$((n+1)) echo "I:exit status: $status" [ $status -eq 0 ] || exit 1