4885. [security] update-policy rules that otherwise ignore the name

field now require that it be set to "." to ensure that any type list present is properly interpreted. [RT #47126]
2018-02-07 13:34:02 +11:00
parent b3fc795f4d
commit ec771bbdc8
29 changed files with 306 additions and 62 deletions
--- a/bin/tests/system/checkconf/tests.sh
+++ b/bin/tests/system/checkconf/tests.sh
@@ -40,14 +40,24 @@ status=`expr $status + $ret`

 for bad in bad-*.conf
 do
-	n=`expr $n + 1`
-	echo "I: checking that named-checkconf detects error in $bad ($n)"
-	ret=0
-	$CHECKCONF $bad > checkconf.out 2>&1
-	if [ $? != 1 ]; then ret=1; fi
-	grep "^$bad:[0-9]*: " checkconf.out > /dev/null || ret=1
-	if [ $ret != 0 ]; then echo "I:failed"; fi
-	status=`expr $status + $ret`
+    n=`expr $n + 1`
+    echo "I: checking that named-checkconf detects error in $bad ($n)"
+    ret=0
+    $CHECKCONF $bad > checkconf.out 2>&1
+    if [ $? != 1 ]; then ret=1; fi
+    grep "^$bad:[0-9]*: " checkconf.out > /dev/null || ret=1
+    case $bad in
+    bad-update-policy[123].conf)
+	pat="identity and name fields are not the same"
+	grep "$pat" checkconf.out > /dev/null || ret=1
+	;;
+    bad-update-policy*.conf)
+	pat="name field not set to placeholder value"
+	grep "$pat" checkconf.out > /dev/null || ret=1
+	;;
+    esac
+    if [ $ret != 0 ]; then echo "I:failed"; fi
+    status=`expr $status + $ret`
 done

 for good in good-*.conf