From bf98702c1941f368e54c499dd1ff59ee684cf125 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Fri, 14 Sep 2007 06:43:12 +0000 Subject: [PATCH] 2241. [func] nsupdate: add a interative 'help' command. [RT #17099] 2240. [bug] Cleanup nsupdates GSS-TSIG support. Convert a number of INSIST()s into plain fatal() errors which report the triggering result code. The 'key' command wasn't disabling GSS-TSIG. [RT #17099] --- CHANGES | 8 +++++ bin/nsupdate/nsupdate.c | 78 ++++++++++++++++++++++++++++++++--------- 2 files changed, 70 insertions(+), 16 deletions(-) diff --git a/CHANGES b/CHANGES index 71a25eb845..1965a2cd79 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,11 @@ +2241. [func] nsupdate: add a interative 'help' command. [RT #17099] + +2240. [bug] Cleanup nsupdates GSS-TSIG support. Convert + a number of INSIST()s into plain fatal() errors + which report the triggering result code. + The 'key' command wasn't disabling GSS-TSIG. + [RT #17099] + 2239. [func] Ship a prebuilt bin/named/bind9.xsl.h. [RT #17114] 2238. [bug] It was possible to trigger a REQUIRE when a diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c index 2175abd5ac..abcfb20682 100644 --- a/bin/nsupdate/nsupdate.c +++ b/bin/nsupdate/nsupdate.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nsupdate.c,v 1.151 2007/06/18 23:47:21 tbox Exp $ */ +/* $Id: nsupdate.c,v 1.152 2007/09/14 06:43:12 marka Exp $ */ /*! \file */ @@ -1654,8 +1654,10 @@ get_next_command(void) { show_message(stdout, answer, "Answer:"); return (STATUS_MORE); } - if (strcasecmp(word, "key") == 0) + if (strcasecmp(word, "key") == 0) { + usegsstsig = ISC_FALSE; return (evaluate_key(cmdline)); + } if (strcasecmp(word, "gsstsig") == 0) { #ifdef GSSAPI usegsstsig = ISC_TRUE; @@ -1674,6 +1676,28 @@ get_next_command(void) { #endif return (STATUS_MORE); } + if (strcasecmp(word, "help") == 0) { + fprintf(stdout, +"local address [port] (set local resolver)\n" +"server address [port] (set master server for zone)\n" +"send (send the update request)\n" +"show (show the update request)\n" +"answer (show the answer to the last request)\n" +"quit (quit, any pending update is not sent\n" +"help (display this message_\n" +"key [hmac:]keyname secret (use TSIG to sign the request)\n" +"gsstsig (use GSS_TSIG to sign the request)\n" +"oldgsstsig (use Microsoft's GSS_TSIG to sign the request)\n" +"zone name (set the zone to be updated)\n" +"class CLASS (set the zone's DNS class, e.g. IN (default), CH)\n" +"prereq nxdomain name (does this name not exist)\n" +"prereq yxdomain name (does this name exist)\n" +"prereq nxrrset .... (does this RRset exist)\n" +"prereq yxrrset .... (does this RRset not exist)\n" +"update add .... (add the given record to the zone)\n" +"update delete .... (remove the given record(s) from the zone)\n"); + return (STATUS_MORE); + } fprintf(stderr, "incorrect section name: %s\n", word); return (STATUS_SYNTAX); } @@ -2142,6 +2166,10 @@ start_gssrequest(dns_name_t *master) dns_tsigkeyring_destroy(&gssring); gssring = NULL; result = dns_tsigkeyring_create(mctx, &gssring); + + if (result != ISC_R_SUCCESS) + fatal("dns_tsigkeyring_create failed: %s", + isc_result_totext(result)); dns_name_format(master, namestr, sizeof(namestr)); if (kserver == NULL) { @@ -2157,30 +2185,45 @@ start_gssrequest(dns_name_t *master) dns_fixedname_init(&fname); servname = dns_fixedname_name(&fname); - sprintf(servicename,"DNS/%s", namestr); + result = isc_string_printf(servicename, sizeof(servicename), + "DNS/%s", namestr); + if (result != ISC_R_SUCCESS) + fatal("isc_string_printf(servicename) failed: %s", + isc_result_totext(result)); isc_buffer_init(&buf, servicename, strlen(servicename)); isc_buffer_add(&buf, strlen(servicename)); result = dns_name_fromtext(servname, &buf, dns_rootname, ISC_FALSE, NULL); + if (result != ISC_R_SUCCESS) + fatal("dns_name_fromtext(servname) failed: %s", + isc_result_totext(result)); dns_fixedname_init(&fkname); keyname = dns_fixedname_name(&fkname); isc_random_get(&val); - sprintf(keystr, "%u.sig-%s", val, namestr); + result = isc_string_printf(keystr, sizeof(keystr), "%u.sig-%s", + val, namestr); + if (result != ISC_R_SUCCESS) + fatal("isc_string_printf(keystr) failed: %s", + isc_result_totext(result)); isc_buffer_init(&buf, keystr, strlen(keystr)); isc_buffer_add(&buf, strlen(keystr)); result = dns_name_fromtext(keyname, &buf, dns_rootname, ISC_FALSE, NULL); - INSIST(result == ISC_R_SUCCESS); + if (result != ISC_R_SUCCESS) + fatal("dns_name_fromtext(keyname) failed: %s", + isc_result_totext(result)); /* Windows doesn't recognize name compression in the key name. */ keyname->attributes |= DNS_NAMEATTR_NOCOMPRESS; rmsg = NULL; result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &rmsg); - INSIST(result == ISC_R_SUCCESS); + if (result != ISC_R_SUCCESS) + fatal("dns_message_create failed: %s", + isc_result_totext(result)); /* Build first request. */ @@ -2189,7 +2232,9 @@ start_gssrequest(dns_name_t *master) &context, use_win2k_gsstsig); if (result == ISC_R_FAILURE) fatal("Check your Kerberos ticket, it may have expired."); - INSIST(result == ISC_R_SUCCESS); + if (result != ISC_R_SUCCESS) + fatal("dns_tkey_buildgssquery failed: %s", + isc_result_totext(result)); send_gssrequest(localaddr, kserver, rmsg, &request, context); } @@ -2458,17 +2503,18 @@ cleanup(void) { dns_message_destroy(&answer); #ifdef GSSAPI - if (usegsstsig) { - if (tsigkey != NULL) { - ddebug("detach tsigkey x%p", tsigkey); - dns_tsigkey_detach(&tsigkey); - } - ddebug("Destroying GSS-TSIG keyring"); - if (gssring != NULL) - dns_tsigkeyring_destroy(&gssring); + if (tsigkey != NULL) { + ddebug("detach tsigkey x%p", tsigkey); + dns_tsigkey_detach(&tsigkey); } - if (kserver != NULL) + if (gssring != NULL) { + ddebug("Destroying GSS-TSIG keyring"); + dns_tsigkeyring_destroy(&gssring); + } + if (kserver != NULL) { isc_mem_put(mctx, kserver, sizeof(isc_sockaddr_t)); + kserver = NULL; + } #endif ddebug("Shutting down task manager");