3961. [bug] Forwarding of SIG(0) signed UPDATE messages failed with

BADSIG.  [RT #37216]

bin/tests/system/upforwd/ns1/named.conf

@@ -42,3 +42,9 @@ zone "example" {
 	file "example.db";
 	allow-update { key update.example.; 10.53.0.3; };
 };
+
+zone "example2" {
+	type master;
+	file "example2.db";
+	allow-update { key sig0.example2.; };
+};

bin/tests/system/upforwd/ns2/named.conf

@@ -37,3 +37,9 @@ zone "example" {
 	file "example.bk";
 	masters { 10.53.0.1; };
 };
+
+zone "example2" {
+	type slave;
+	file "example2.bk";
+	masters { 10.53.0.1; };
+};

bin/tests/system/upforwd/ns3/named.conf

@@ -39,6 +39,13 @@ zone "example" {
 	masters { 10.53.0.1; };
 };
 
+zone "example2" {
+	type slave;
+	file "example2.bk";
+	allow-update-forwarding { any; };
+	masters { 10.53.0.1; };
+};
+
 zone "nomaster" {
 	type slave;
 	file "nomaster1.db";

bin/tests/system/upforwd/setup.sh

@@ -15,8 +15,16 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: setup.sh,v 1.10 2011/09/02 23:46:32 tbox Exp $
+SYSTEMTESTTOP=..
+. $SYSTEMTESTTOP/conf.sh
 
 cp -f ns1/example1.db ns1/example.db
 rm -f ns1/example.db.jnl ns2/example.bk ns2/example.bk.jnl
+rm -f ns1/example2.db.jnl ns2/example2.bk ns2/example2.bk.jnl
 cp -f ns3/nomaster.db ns3/nomaster1.db
+rm -f Ksig0.example2.*
+
+test -r $RANDFILE || $GENRANDOM 400 $RANDFILE 
+keyname=`$KEYGEN  -q -r $RANDFILE -n HOST -a RSASHA1 -b 1024 -T KEY sig0.example2`
+cat ns1/example1.db $keyname.key > ns1/example2.db
+echo $keyname > keyname

bin/tests/system/upforwd/tests.sh

@@ -25,9 +25,11 @@ SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
 status=0
+n=1
 
+sleep 5
 
-echo "I:waiting for servers to be ready for testing"
+echo "I:waiting for servers to be ready for testing ($n)"
 for i in 1 2 3 4 5 6 7 8 9 10
 do
 	ret=0
@@ -41,32 +43,36 @@ do
 	sleep 1
 done
 if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
+n=`expr $n + 1`
 
-echo "I:fetching master copy of zone before update"
+echo "I:fetching master copy of zone before update ($n)"
 ret=0
 $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.\
 	@10.53.0.1 axfr -p 5300 > dig.out.ns1 || ret=1
 if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
+n=`expr $n + 1`
 
-echo "I:fetching slave 1 copy of zone before update"
+echo "I:fetching slave 1 copy of zone before update ($n)"
 $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.\
 	@10.53.0.2 axfr -p 5300 > dig.out.ns2 || ret=1
 if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
+n=`expr $n + 1`
 
-echo "I:fetching slave 2 copy of zone before update"
+echo "I:fetching slave 2 copy of zone before update ($n)"
 ret=0
 $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.\
 	@10.53.0.3 axfr -p 5300 > dig.out.ns3 || ret=1
 if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
+n=`expr $n + 1`
 
-echo "I:comparing pre-update copies to known good data"
+echo "I:comparing pre-update copies to known good data ($n)"
 ret=0
 $PERL ../digcomp.pl knowngood.before dig.out.ns1 || ret=1
 $PERL ../digcomp.pl knowngood.before dig.out.ns2 || ret=1
 $PERL ../digcomp.pl knowngood.before dig.out.ns3 || ret=1
 if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
 
-echo "I:updating zone (signed)"
+echo "I:updating zone (signed) ($n)"
 ret=0
 $NSUPDATE -y update.example:c3Ryb25nIGVub3VnaCBmb3IgYSBtYW4gYnV0IG1hZGUgZm9yIGEgd29tYW4K -- - <<EOF || ret=1
 server 10.53.0.3 5300
@@ -75,41 +81,45 @@ update add updated.example. 600 TXT Foo
 send
 EOF
 if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
+n=`expr $n + 1`
 
 echo "I:sleeping 15 seconds for server to incorporate changes"
 sleep 15
 
-echo "I:fetching master copy of zone after update"
+echo "I:fetching master copy of zone after update ($n)"
 ret=0
 $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.\
 	@10.53.0.1 axfr -p 5300 > dig.out.ns1 || ret=1
 if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
+n=`expr $n + 1`
 
-echo "I:fetching slave 1 copy of zone after update"
+echo "I:fetching slave 1 copy of zone after update ($n)"
 ret=0
 $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.\
 	@10.53.0.2 axfr -p 5300 > dig.out.ns2 || ret=1
 if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
 
-echo "I:fetching slave 2 copy of zone after update"
+echo "I:fetching slave 2 copy of zone after update ($n)"
 ret=0
 $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.\
 	@10.53.0.3 axfr -p 5300 > dig.out.ns3 || ret=1
 if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
+n=`expr $n + 1`
 
-echo "I:comparing post-update copies to known good data"
+echo "I:comparing post-update copies to known good data ($n)"
 ret=0
 $PERL ../digcomp.pl knowngood.after1 dig.out.ns1 || ret=1
 $PERL ../digcomp.pl knowngood.after1 dig.out.ns2 || ret=1
 $PERL ../digcomp.pl knowngood.after1 dig.out.ns3 || ret=1
 if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
 
-echo "I:checking 'forwarding update for zone' is logged"
+echo "I:checking 'forwarding update for zone' is logged ($n)"
 ret=0
 grep "forwarding update for zone 'example/IN'" ns3/named.run > /dev/null || ret=1
 if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
+n=`expr $n + 1`
 
-echo "I:updating zone (unsigned)"
+echo "I:updating zone (unsigned) ($n)"
 ret=0
 $NSUPDATE -- - <<EOF || ret=1
 server 10.53.0.3 5300
@@ -118,36 +128,39 @@ update add unsigned.example. 600 TXT Foo
 send
 EOF
 if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
+n=`expr $n + 1`
 
 echo "I:sleeping 15 seconds for server to incorporate changes"
 sleep 15
 
-echo "I:fetching master copy of zone after update"
+echo "I:fetching master copy of zone after update ($n)"
 ret=0
 $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.\
 	@10.53.0.1 axfr -p 5300 > dig.out.ns1 || ret=1
 if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
 
-echo "I:fetching slave 1 copy of zone after update"
+echo "I:fetching slave 1 copy of zone after update ($n)"
 ret=0
 $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.\
 	@10.53.0.2 axfr -p 5300 > dig.out.ns2 || ret=1
 if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
+n=`expr $n + 1`
 
-echo "I:fetching slave 2 copy of zone after update"
+echo "I:fetching slave 2 copy of zone after update ($n)"
 ret=0
 $DIG +tcp +noadd +nosea +nostat +noquest +nocomm +nocmd example.\
 	@10.53.0.3 axfr -p 5300 > dig.out.ns3 || ret=1
 if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
 
-echo "I:comparing post-update copies to known good data"
+echo "I:comparing post-update copies to known good data ($n)"
 ret=0
 $PERL ../digcomp.pl knowngood.after2 dig.out.ns1 || ret=1
 $PERL ../digcomp.pl knowngood.after2 dig.out.ns2 || ret=1
 $PERL ../digcomp.pl knowngood.after2 dig.out.ns3 || ret=1
 if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
+n=`expr $n + 1`
 
-echo "I:checking update forwarding to dead master"
+echo "I:checking update forwarding to dead master ($n)"
 count=0
 ret=0
 while [ $count -lt 5 -a $ret -eq 0 ]
@@ -167,6 +180,21 @@ EOF
 	count=`expr $count + 1`
 done
 if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
+n=`expr $n + 1`
+
+echo "I:checking update forwarding to with sig0 ($n)"
+keyname=`cat keyname`
+$NSUPDATE -k $keyname.private -- - <<EOF
+server 10.53.0.3 5300
+zone example2
+update add unsigned.example2. 600 A 10.10.10.1
+update add unsigned.example2. 600 TXT Foo
+send
+EOF
+$DIG unsigned.example2 A @10.53.0.1 -p 5300 > dig.out.ns1.test$n
+grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
+if [ $ret != 0 ] ; then echo "I:failed"; status=`expr $status + $ret`; fi
+n=`expr $n + 1`
 
 echo "I:exit status: $status"
 exit $status