Adding upstream version 1:9.16.48.upstream/1%9.16.48 upstream

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
author: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-27 23:51:28 +0000
committer: Daniel Baumann <daniel.baumann@progress-linux.org> 2024-04-27 23:51:28 +0000
commit: 3a8f8bef7340cf47837e9bb89b7a24d3844005ec (patch)
tree: be267b16d2782cfdbd4781cbde4cc712308faf6f /bin/tests/system/tsig
parent: Adding upstream version 1:9.16.44. (diff)
download: bind9-3a8f8bef7340cf47837e9bb89b7a24d3844005ec.tar.xz
bind9-3a8f8bef7340cf47837e9bb89b7a24d3844005ec.zip
6 files changed, 231 insertions, 212 deletions
diff --git a/bin/tests/system/tsig/prereq.sh b/bin/tests/system/tsig/prereq.sh
index a663cfe..477f0b3 100644
--- a/bin/tests/system/tsig/prereq.sh
+++ b/bin/tests/system/tsig/prereq.sh
@@ -17,8 +17,8 @@
 set -e
 
 if test -z "$PERL"; then
-    echo_i "This test requires Perl." >&2
-    exit 1
+  echo_i "This test requires Perl." >&2
+  exit 1
 fi
 
 exit 0
diff --git a/bin/tests/system/tsig/setup.sh b/bin/tests/system/tsig/setup.sh
index 420e513..af45d5b 100644
--- a/bin/tests/system/tsig/setup.sh
+++ b/bin/tests/system/tsig/setup.sh
@@ -18,9 +18,8 @@ $SHELL clean.sh
 
 copy_setports ns1/named.conf.in ns1/named.conf
 
-if $FEATURETEST --md5
-then
-	cat >> ns1/named.conf << EOF
+if $FEATURETEST --md5; then
+  cat >>ns1/named.conf <<EOF
 # Conditionally included when support for MD5 is available
 key "md5" {
         secret "97rnFx24Tfna4mHPfgnerA==";
diff --git a/bin/tests/system/tsig/tests.sh b/bin/tests/system/tsig/tests.sh
index affc6d0..428f170 100644
--- a/bin/tests/system/tsig/tests.sh
+++ b/bin/tests/system/tsig/tests.sh
@@ -28,65 +28,71 @@ sha512="jI/Pa4qRu96t76Pns5Z/Ndxbn3QCkwcxLOgt9vgvnJw5wqTRvNyk3FtD6yIMd1dWVlqZ+Y4f
 
 status=0
 
-if $FEATURETEST --md5
-then
-	echo_i "fetching using hmac-md5 (old form)"
-	ret=0
-	$DIG $DIGOPTS example.nil. -y "md5:$md5" @10.53.0.1 soa > dig.out.md5.old || ret=1
-	grep -i "md5.*TSIG.*NOERROR" dig.out.md5.old > /dev/null || ret=1
-	if [ $ret -eq 1 ] ; then
-		echo_i "failed"; status=1
-	fi
+if $FEATURETEST --md5; then
+  echo_i "fetching using hmac-md5 (old form)"
+  ret=0
+  $DIG $DIGOPTS example.nil. -y "md5:$md5" @10.53.0.1 soa >dig.out.md5.old || ret=1
+  grep -i "md5.*TSIG.*NOERROR" dig.out.md5.old >/dev/null || ret=1
+  if [ $ret -eq 1 ]; then
+    echo_i "failed"
+    status=1
+  fi
 
-	echo_i "fetching using hmac-md5 (new form)"
-	ret=0
-	$DIG $DIGOPTS example.nil. -y "hmac-md5:md5:$md5" @10.53.0.1 soa > dig.out.md5.new || ret=1
-	grep -i "md5.*TSIG.*NOERROR" dig.out.md5.new > /dev/null || ret=1
-	if [ $ret -eq 1 ] ; then
-		echo_i "failed"; status=1
-	fi
+  echo_i "fetching using hmac-md5 (new form)"
+  ret=0
+  $DIG $DIGOPTS example.nil. -y "hmac-md5:md5:$md5" @10.53.0.1 soa >dig.out.md5.new || ret=1
+  grep -i "md5.*TSIG.*NOERROR" dig.out.md5.new >/dev/null || ret=1
+  if [ $ret -eq 1 ]; then
+    echo_i "failed"
+    status=1
+  fi
 else
-	echo_i "skipping using hmac-md5"
+  echo_i "skipping using hmac-md5"
 fi
 
 echo_i "fetching using hmac-sha1"
 ret=0
-$DIG $DIGOPTS example.nil. -y "hmac-sha1:sha1:$sha1" @10.53.0.1 soa > dig.out.sha1 || ret=1
-grep -i "sha1.*TSIG.*NOERROR" dig.out.sha1 > /dev/null || ret=1
-if [ $ret -eq 1 ] ; then
-	echo_i "failed"; status=1
+$DIG $DIGOPTS example.nil. -y "hmac-sha1:sha1:$sha1" @10.53.0.1 soa >dig.out.sha1 || ret=1
+grep -i "sha1.*TSIG.*NOERROR" dig.out.sha1 >/dev/null || ret=1
+if [ $ret -eq 1 ]; then
+  echo_i "failed"
+  status=1
 fi
 
 echo_i "fetching using hmac-sha224"
 ret=0
-$DIG $DIGOPTS example.nil. -y "hmac-sha224:sha224:$sha224" @10.53.0.1 soa > dig.out.sha224 || ret=1
-grep -i "sha224.*TSIG.*NOERROR" dig.out.sha224 > /dev/null || ret=1
-if [ $ret -eq 1 ] ; then
-	echo_i "failed"; status=1
+$DIG $DIGOPTS example.nil. -y "hmac-sha224:sha224:$sha224" @10.53.0.1 soa >dig.out.sha224 || ret=1
+grep -i "sha224.*TSIG.*NOERROR" dig.out.sha224 >/dev/null || ret=1
+if [ $ret -eq 1 ]; then
+  echo_i "failed"
+  status=1
 fi
 
 echo_i "fetching using hmac-sha256"
 ret=0
-$DIG $DIGOPTS example.nil. -y "hmac-sha256:sha256:$sha256" @10.53.0.1 soa > dig.out.sha256 || ret=1
-grep -i "sha256.*TSIG.*NOERROR" dig.out.sha256 > /dev/null || ret=1
-if [ $ret -eq 1 ] ; then
-	echo_i "failed"; status=1
+$DIG $DIGOPTS example.nil. -y "hmac-sha256:sha256:$sha256" @10.53.0.1 soa >dig.out.sha256 || ret=1
+grep -i "sha256.*TSIG.*NOERROR" dig.out.sha256 >/dev/null || ret=1
+if [ $ret -eq 1 ]; then
+  echo_i "failed"
+  status=1
 fi
 
 echo_i "fetching using hmac-sha384"
 ret=0
-$DIG $DIGOPTS example.nil. -y "hmac-sha384:sha384:$sha384" @10.53.0.1 soa > dig.out.sha384 || ret=1
-grep -i "sha384.*TSIG.*NOERROR" dig.out.sha384 > /dev/null || ret=1
-if [ $ret -eq 1 ] ; then
-	echo_i "failed"; status=1
+$DIG $DIGOPTS example.nil. -y "hmac-sha384:sha384:$sha384" @10.53.0.1 soa >dig.out.sha384 || ret=1
+grep -i "sha384.*TSIG.*NOERROR" dig.out.sha384 >/dev/null || ret=1
+if [ $ret -eq 1 ]; then
+  echo_i "failed"
+  status=1
 fi
 
 echo_i "fetching using hmac-sha512"
 ret=0
-$DIG $DIGOPTS example.nil. -y "hmac-sha512:sha512:$sha512" @10.53.0.1 soa > dig.out.sha512 || ret=1
-grep -i "sha512.*TSIG.*NOERROR" dig.out.sha512 > /dev/null || ret=1
-if [ $ret -eq 1 ] ; then
-	echo_i "failed"; status=1
+$DIG $DIGOPTS example.nil. -y "hmac-sha512:sha512:$sha512" @10.53.0.1 soa >dig.out.sha512 || ret=1
+grep -i "sha512.*TSIG.*NOERROR" dig.out.sha512 >/dev/null || ret=1
+if [ $ret -eq 1 ]; then
+  echo_i "failed"
+  status=1
 fi
 
 #
@@ -94,168 +100,181 @@ fi
 #	Truncated TSIG
 #
 #
-if $FEATURETEST --md5
-then
-	echo_i "fetching using hmac-md5 (trunc)"
-	ret=0
-	$DIG $DIGOPTS example.nil. -y "hmac-md5-80:md5-trunc:$md5" @10.53.0.1 soa > dig.out.md5.trunc || ret=1
-	grep -i "md5-trunc.*TSIG.*NOERROR" dig.out.md5.trunc > /dev/null || ret=1
-	if [ $ret -eq 1 ] ; then
-		echo_i "failed"; status=1
-	fi
+if $FEATURETEST --md5; then
+  echo_i "fetching using hmac-md5 (trunc)"
+  ret=0
+  $DIG $DIGOPTS example.nil. -y "hmac-md5-80:md5-trunc:$md5" @10.53.0.1 soa >dig.out.md5.trunc || ret=1
+  grep -i "md5-trunc.*TSIG.*NOERROR" dig.out.md5.trunc >/dev/null || ret=1
+  if [ $ret -eq 1 ]; then
+    echo_i "failed"
+    status=1
+  fi
 else
-	echo_i "skipping using hmac-md5 (trunc)"
+  echo_i "skipping using hmac-md5 (trunc)"
 fi
 
 echo_i "fetching using hmac-sha1 (trunc)"
 ret=0
-$DIG $DIGOPTS example.nil. -y "hmac-sha1-80:sha1-trunc:$sha1" @10.53.0.1 soa > dig.out.sha1.trunc || ret=1
-grep -i "sha1.*TSIG.*NOERROR" dig.out.sha1.trunc > /dev/null || ret=1
-if [ $ret -eq 1 ] ; then
-	echo_i "failed"; status=1
+$DIG $DIGOPTS example.nil. -y "hmac-sha1-80:sha1-trunc:$sha1" @10.53.0.1 soa >dig.out.sha1.trunc || ret=1
+grep -i "sha1.*TSIG.*NOERROR" dig.out.sha1.trunc >/dev/null || ret=1
+if [ $ret -eq 1 ]; then
+  echo_i "failed"
+  status=1
 fi
 
 echo_i "fetching using hmac-sha224 (trunc)"
 ret=0
-$DIG $DIGOPTS example.nil. -y "hmac-sha224-112:sha224-trunc:$sha224" @10.53.0.1 soa > dig.out.sha224.trunc || ret=1
-grep -i "sha224-trunc.*TSIG.*NOERROR" dig.out.sha224.trunc > /dev/null || ret=1
-if [ $ret -eq 1 ] ; then
-	echo_i "failed"; status=1
+$DIG $DIGOPTS example.nil. -y "hmac-sha224-112:sha224-trunc:$sha224" @10.53.0.1 soa >dig.out.sha224.trunc || ret=1
+grep -i "sha224-trunc.*TSIG.*NOERROR" dig.out.sha224.trunc >/dev/null || ret=1
+if [ $ret -eq 1 ]; then
+  echo_i "failed"
+  status=1
 fi
 
 echo_i "fetching using hmac-sha256 (trunc)"
 ret=0
-$DIG $DIGOPTS example.nil. -y "hmac-sha256-128:sha256-trunc:$sha256" @10.53.0.1 soa > dig.out.sha256.trunc || ret=1
-grep -i "sha256-trunc.*TSIG.*NOERROR" dig.out.sha256.trunc > /dev/null || ret=1
-if [ $ret -eq 1 ] ; then
-	echo_i "failed"; status=1
+$DIG $DIGOPTS example.nil. -y "hmac-sha256-128:sha256-trunc:$sha256" @10.53.0.1 soa >dig.out.sha256.trunc || ret=1
+grep -i "sha256-trunc.*TSIG.*NOERROR" dig.out.sha256.trunc >/dev/null || ret=1
+if [ $ret -eq 1 ]; then
+  echo_i "failed"
+  status=1
 fi
 
 echo_i "fetching using hmac-sha384 (trunc)"
 ret=0
-$DIG $DIGOPTS example.nil. -y "hmac-sha384-192:sha384-trunc:$sha384" @10.53.0.1 soa > dig.out.sha384.trunc || ret=1
-grep -i "sha384-trunc.*TSIG.*NOERROR" dig.out.sha384.trunc > /dev/null || ret=1
-if [ $ret -eq 1 ] ; then
-	echo_i "failed"; status=1
+$DIG $DIGOPTS example.nil. -y "hmac-sha384-192:sha384-trunc:$sha384" @10.53.0.1 soa >dig.out.sha384.trunc || ret=1
+grep -i "sha384-trunc.*TSIG.*NOERROR" dig.out.sha384.trunc >/dev/null || ret=1
+if [ $ret -eq 1 ]; then
+  echo_i "failed"
+  status=1
 fi
 
 echo_i "fetching using hmac-sha512-256 (trunc)"
 ret=0
-$DIG $DIGOPTS example.nil. -y "hmac-sha512-256:sha512-trunc:$sha512" @10.53.0.1 soa > dig.out.sha512.trunc || ret=1
-grep -i "sha512-trunc.*TSIG.*NOERROR" dig.out.sha512.trunc > /dev/null || ret=1
-if [ $ret -eq 1 ] ; then
-	echo_i "failed"; status=1
+$DIG $DIGOPTS example.nil. -y "hmac-sha512-256:sha512-trunc:$sha512" @10.53.0.1 soa >dig.out.sha512.trunc || ret=1
+grep -i "sha512-trunc.*TSIG.*NOERROR" dig.out.sha512.trunc >/dev/null || ret=1
+if [ $ret -eq 1 ]; then
+  echo_i "failed"
+  status=1
 fi
 
-
 #
 #
 #	Check for bad truncation.
 #
 #
-if $FEATURETEST --md5
-then
-	echo_i "fetching using hmac-md5-80 (BADTRUNC)"
-	ret=0
-	$DIG $DIGOPTS example.nil. -y "hmac-md5-80:md5:$md5" @10.53.0.1 soa > dig.out.md5-80 || ret=1
-	grep -i "md5.*TSIG.*BADTRUNC" dig.out.md5-80 > /dev/null || ret=1
-	if [ $ret -eq 1 ] ; then
-		echo_i "failed"; status=1
-	fi
+if $FEATURETEST --md5; then
+  echo_i "fetching using hmac-md5-80 (BADTRUNC)"
+  ret=0
+  $DIG $DIGOPTS example.nil. -y "hmac-md5-80:md5:$md5" @10.53.0.1 soa >dig.out.md5-80 || ret=1
+  grep -i "md5.*TSIG.*BADTRUNC" dig.out.md5-80 >/dev/null || ret=1
+  if [ $ret -eq 1 ]; then
+    echo_i "failed"
+    status=1
+  fi
 else
-	echo_i "skipping using hmac-md5-80 (BADTRUNC)"
+  echo_i "skipping using hmac-md5-80 (BADTRUNC)"
 fi
 
 echo_i "fetching using hmac-sha1-80 (BADTRUNC)"
 ret=0
-$DIG $DIGOPTS example.nil. -y "hmac-sha1-80:sha1:$sha1" @10.53.0.1 soa > dig.out.sha1-80 || ret=1
-grep -i "sha1.*TSIG.*BADTRUNC" dig.out.sha1-80 > /dev/null || ret=1
-if [ $ret -eq 1 ] ; then
-	echo_i "failed"; status=1
+$DIG $DIGOPTS example.nil. -y "hmac-sha1-80:sha1:$sha1" @10.53.0.1 soa >dig.out.sha1-80 || ret=1
+grep -i "sha1.*TSIG.*BADTRUNC" dig.out.sha1-80 >/dev/null || ret=1
+if [ $ret -eq 1 ]; then
+  echo_i "failed"
+  status=1
 fi
 
 echo_i "fetching using hmac-sha224-112 (BADTRUNC)"
 ret=0
-$DIG $DIGOPTS example.nil. -y "hmac-sha224-112:sha224:$sha224" @10.53.0.1 soa > dig.out.sha224-112 || ret=1
-grep -i "sha224.*TSIG.*BADTRUNC" dig.out.sha224-112 > /dev/null || ret=1
-if [ $ret -eq 1 ] ; then
-	echo_i "failed"; status=1
+$DIG $DIGOPTS example.nil. -y "hmac-sha224-112:sha224:$sha224" @10.53.0.1 soa >dig.out.sha224-112 || ret=1
+grep -i "sha224.*TSIG.*BADTRUNC" dig.out.sha224-112 >/dev/null || ret=1
+if [ $ret -eq 1 ]; then
+  echo_i "failed"
+  status=1
 fi
 
 echo_i "fetching using hmac-sha256-128 (BADTRUNC)"
 ret=0
-$DIG $DIGOPTS example.nil. -y "hmac-sha256-128:sha256:$sha256" @10.53.0.1 soa > dig.out.sha256-128 || ret=1
-grep -i "sha256.*TSIG.*BADTRUNC" dig.out.sha256-128 > /dev/null || ret=1
-if [ $ret -eq 1 ] ; then
-	echo_i "failed"; status=1
+$DIG $DIGOPTS example.nil. -y "hmac-sha256-128:sha256:$sha256" @10.53.0.1 soa >dig.out.sha256-128 || ret=1
+grep -i "sha256.*TSIG.*BADTRUNC" dig.out.sha256-128 >/dev/null || ret=1
+if [ $ret -eq 1 ]; then
+  echo_i "failed"
+  status=1
 fi
 
 echo_i "fetching using hmac-sha384-192 (BADTRUNC)"
 ret=0
-$DIG $DIGOPTS example.nil. -y "hmac-sha384-192:sha384:$sha384" @10.53.0.1 soa > dig.out.sha384-192 || ret=1
-grep -i "sha384.*TSIG.*BADTRUNC" dig.out.sha384-192 > /dev/null || ret=1
-if [ $ret -eq 1 ] ; then
-	echo_i "failed"; status=1
+$DIG $DIGOPTS example.nil. -y "hmac-sha384-192:sha384:$sha384" @10.53.0.1 soa >dig.out.sha384-192 || ret=1
+grep -i "sha384.*TSIG.*BADTRUNC" dig.out.sha384-192 >/dev/null || ret=1
+if [ $ret -eq 1 ]; then
+  echo_i "failed"
+  status=1
 fi
 
 echo_i "fetching using hmac-sha512-256 (BADTRUNC)"
 ret=0
-$DIG $DIGOPTS example.nil. -y "hmac-sha512-256:sha512:$sha512" @10.53.0.1 soa > dig.out.sha512-256 || ret=1
-grep -i "sha512.*TSIG.*BADTRUNC" dig.out.sha512-256 > /dev/null || ret=1
-if [ $ret -eq 1 ] ; then
-	echo_i "failed"; status=1
+$DIG $DIGOPTS example.nil. -y "hmac-sha512-256:sha512:$sha512" @10.53.0.1 soa >dig.out.sha512-256 || ret=1
+grep -i "sha512.*TSIG.*BADTRUNC" dig.out.sha512-256 >/dev/null || ret=1
+if [ $ret -eq 1 ]; then
+  echo_i "failed"
+  status=1
 fi
 
 echo_i "attempting fetch with bad tsig algorithm"
 ret=0
-$DIG $DIGOPTS example.nil. -y "badalgo:invalid:$sha512" @10.53.0.1 soa > dig.out.badalgo 2>&1 || ret=1
-grep -i "Couldn't create key invalid: algorithm is unsupported" dig.out.badalgo > /dev/null || ret=1
-if [ $ret -eq 1 ] ; then
-	echo_i "failed"; status=1
+$DIG $DIGOPTS example.nil. -y "badalgo:invalid:$sha512" @10.53.0.1 soa >dig.out.badalgo 2>&1 || ret=1
+grep -i "Couldn't create key invalid: algorithm is unsupported" dig.out.badalgo >/dev/null || ret=1
+if [ $ret -eq 1 ]; then
+  echo_i "failed"
+  status=1
 fi
 
 echo_i "checking both OPT and TSIG records are returned when TC=1"
 ret=0
-$DIG -p ${PORT} +ignore +bufsize=512 large.example.nil -y "hmac-sha1:sha1:$sha1" @10.53.0.1 txt > dig.out.large 2>&1 || ret=1
-grep "flags:.* tc[ ;]" dig.out.large > /dev/null || ret=1
-grep "status: NOERROR" dig.out.large > /dev/null || ret=1
-grep "EDNS:" dig.out.large > /dev/null || ret=1
-grep -i "sha1.*TSIG.*NOERROR" dig.out.sha1 > /dev/null || ret=1
-if [ $ret -eq 1 ] ; then
-	echo_i "failed"; status=1
+$DIG -p ${PORT} +ignore +bufsize=512 large.example.nil -y "hmac-sha1:sha1:$sha1" @10.53.0.1 txt >dig.out.large 2>&1 || ret=1
+grep "flags:.* tc[ ;]" dig.out.large >/dev/null || ret=1
+grep "status: NOERROR" dig.out.large >/dev/null || ret=1
+grep "EDNS:" dig.out.large >/dev/null || ret=1
+grep -i "sha1.*TSIG.*NOERROR" dig.out.sha1 >/dev/null || ret=1
+if [ $ret -eq 1 ]; then
+  echo_i "failed"
+  status=1
 fi
 
 echo_i "check that dnssec-keygen won't generate TSIG keys"
 ret=0
-$KEYGEN -a hmac-sha256 -b 128 -n host example.net > keygen.out3 2>&1 && ret=1
-grep "unknown algorithm" keygen.out3 > /dev/null || ret=1
+$KEYGEN -a hmac-sha256 -b 128 -n host example.net >keygen.out3 2>&1 && ret=1
+grep "unknown algorithm" keygen.out3 >/dev/null || ret=1
 
 echo_i "check that a 'BADTIME' response with 'QR=0' is handled as a request"
 ret=0
-$PERL ../packet.pl -a 10.53.0.1 -p ${PORT} -t tcp < badtime > /dev/null || ret=1
-$DIG -p ${PORT} @10.53.0.1 version.bind txt ch > dig.out.verify || ret=1
-grep "status: NOERROR" dig.out.verify > /dev/null || ret=1
-if [ $ret -eq 1 ] ; then
-    echo_i "failed"; status=1
+$PERL ../packet.pl -a 10.53.0.1 -p ${PORT} -t tcp <badtime >/dev/null || ret=1
+$DIG -p ${PORT} @10.53.0.1 version.bind txt ch >dig.out.verify || ret=1
+grep "status: NOERROR" dig.out.verify >/dev/null || ret=1
+if [ $ret -eq 1 ]; then
+  echo_i "failed"
+  status=1
 fi
 
-if "$PERL" -e 'use Net::DNS; use Net::DNS::Packet;' > /dev/null 2>&1
-then
+if "$PERL" -e 'use Net::DNS; use Net::DNS::Packet;' >/dev/null 2>&1; then
   echo_i "check that TSIG in the wrong place returns FORMERR"
   ret=0
-  $PERL ../packet.pl -a 10.53.0.1 -p ${PORT} -t udp -d < badlocation > packet.out
-  grep "rcode  = FORMERR" packet.out > /dev/null || ret=1
-  if [ $ret -eq 1 ] ; then
-    echo_i "failed"; status=1
+  $PERL ../packet.pl -a 10.53.0.1 -p ${PORT} -t udp -d <badlocation >packet.out
+  grep "rcode  = FORMERR" packet.out >/dev/null || ret=1
+  if [ $ret -eq 1 ]; then
+    echo_i "failed"
+    status=1
   fi
 fi
 
 echo_i "check that a malformed truncated response to a TSIG query is handled"
 ret=0
-$DIG -p $PORT @10.53.0.1 bad-tsig > dig.out.bad-tsig || ret=1
-grep "status: SERVFAIL" dig.out.bad-tsig > /dev/null || ret=1
-if [ $ret -eq 1 ] ; then
-    echo_i "failed"; status=1
+$DIG -p $PORT @10.53.0.1 bad-tsig >dig.out.bad-tsig || ret=1
+grep "status: SERVFAIL" dig.out.bad-tsig >/dev/null || ret=1
+if [ $ret -eq 1 ]; then
+  echo_i "failed"
+  status=1
 fi
 
 echo_i "exit status: $status"
diff --git a/bin/tests/system/tsiggss/prereq.sh b/bin/tests/system/tsiggss/prereq.sh
index 20ae6b6..a55685e 100644
--- a/bin/tests/system/tsiggss/prereq.sh
+++ b/bin/tests/system/tsiggss/prereq.sh
@@ -15,9 +15,9 @@ SYSTEMTESTTOP=..
 . $SYSTEMTESTTOP/conf.sh
 
 # enable the tsiggss test only if gssapi was enabled
-$FEATURETEST --gssapi ||  {
-        echo_i "gssapi and krb5 not supported - skipping tsiggss test"
-        exit 255
+$FEATURETEST --gssapi || {
+  echo_i "gssapi and krb5 not supported - skipping tsiggss test"
+  exit 255
 }
 
 exit 0
diff --git a/bin/tests/system/tsiggss/setup.sh b/bin/tests/system/tsiggss/setup.sh
index 3b07647..972696b 100644
--- a/bin/tests/system/tsiggss/setup.sh
+++ b/bin/tests/system/tsiggss/setup.sh
@@ -18,5 +18,5 @@ $SHELL clean.sh
 
 copy_setports ns1/named.conf.in ns1/named.conf
 
-key=`$KEYGEN -Cq -K ns1 -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n HOST -T KEY key.example.nil.`
-cat ns1/example.nil.db.in ns1/${key}.key > ns1/example.nil.db
+key=$($KEYGEN -Cq -K ns1 -a $DEFAULT_ALGORITHM -b $DEFAULT_BITS -n HOST -T KEY key.example.nil.)
+cat ns1/example.nil.db.in ns1/${key}.key >ns1/example.nil.db
diff --git a/bin/tests/system/tsiggss/tests.sh b/bin/tests/system/tsiggss/tests.sh
index 2d5dc8e..a665703 100644
--- a/bin/tests/system/tsiggss/tests.sh
+++ b/bin/tests/system/tsiggss/tests.sh
@@ -21,157 +21,158 @@ n=1
 
 DIGOPTS="@10.53.0.1 -p ${PORT}"
 
-test_update () {
-    num="$1"
-    host="$2"
-    type="$3"
-    cmd="$4"
-    digout="$5"
-
-    cat <<EOF > ns1/update.txt
+test_update() {
+  num="$1"
+  host="$2"
+  type="$3"
+  cmd="$4"
+  digout="$5"
+
+  cat <<EOF >ns1/update.txt
 server 10.53.0.1 ${PORT}
 update add $host $cmd
 send
 answer
 EOF
-    echo_i "testing update for $host $type $cmd"
-    $NSUPDATE -g -d ns1/update.txt > nsupdate.out${num} 2>&1 || {
-	echo_i "update failed for $host $type $cmd"
-	sed "s/^/I:/" nsupdate.out${num}
-	return 1
-    }
-
-    # Verify that TKEY response is signed.
-    tkeyout=`awk '/recvmsg reply from GSS-TSIG query/,/Sending update to/' nsupdate.out${num}`
-    pattern="recvmsg reply from GSS-TSIG query .* opcode: QUERY, status: NOERROR, id: .* flags: qr; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;.* ANY TKEY ;; ANSWER SECTION: .* 0 ANY TKEY gss-tsig\. .* ;; TSIG PSEUDOSECTION: .* 0 ANY TSIG gss-tsig\. .* NOERROR 0"
-    echo $tkeyout | grep "$pattern" > /dev/null || {
-	echo_i "bad tkey response (not tsig signed)"
-	return 1
-    }
-
-    # Weak verification that TKEY response is signed.
-    grep -q "flags: qr; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1" nsupdate.out${num} || {
-	echo_i "bad tkey response (not tsig signed)"
-	return 1
-    }
-
-    out=`$DIG $DIGOPTS -t $type -q $host | grep -E "^${host}"`
-    lines=`echo "$out" | grep "$digout" | wc -l`
-    [ $lines -eq 1 ] || {
-	echo_i "dig output incorrect for $host $type $cmd: $out"
-	return 1
-    }
-    return 0
+  echo_i "testing update for $host $type $cmd"
+  $NSUPDATE -g -d ns1/update.txt >nsupdate.out${num} 2>&1 || {
+    echo_i "update failed for $host $type $cmd"
+    sed "s/^/I:/" nsupdate.out${num}
+    return 1
+  }
+
+  # Verify that TKEY response is signed.
+  tkeyout=$(awk '/recvmsg reply from GSS-TSIG query/,/Sending update to/' nsupdate.out${num})
+  pattern="recvmsg reply from GSS-TSIG query .* opcode: QUERY, status: NOERROR, id: .* flags: qr; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1 ;; QUESTION SECTION: ;.* ANY TKEY ;; ANSWER SECTION: .* 0 ANY TKEY gss-tsig\. .* ;; TSIG PSEUDOSECTION: .* 0 ANY TSIG gss-tsig\. .* NOERROR 0"
+  echo $tkeyout | grep "$pattern" >/dev/null || {
+    echo_i "bad tkey response (not tsig signed)"
+    return 1
+  }
+
+  # Weak verification that TKEY response is signed.
+  grep -q "flags: qr; QUESTION: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1" nsupdate.out${num} || {
+    echo_i "bad tkey response (not tsig signed)"
+    return 1
+  }
+
+  out=$($DIG $DIGOPTS -t $type -q $host | grep -E "^${host}")
+  lines=$(echo "$out" | grep "$digout" | wc -l)
+  [ $lines -eq 1 ] || {
+    echo_i "dig output incorrect for $host $type $cmd: $out"
+    return 1
+  }
+  return 0
 }
 
-
 # Testing updates with good credentials.
-KRB5CCNAME="FILE:"`pwd`/ns1/administrator.ccache
+KRB5CCNAME="FILE:"$(pwd)/ns1/administrator.ccache
 export KRB5CCNAME
 
 echo_i "testing updates to testdc1 as administrator ($n)"
 ret=0
 test_update $n testdc1.example.nil. A "86400 A 10.53.0.10" "10.53.0.10" || ret=1
-n=$((n+1))
+n=$((n + 1))
 if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
 
 echo_i "testing updates to testdc2 as administrator ($n)"
 ret=0
 test_update $n testdc2.example.nil. A "86400 A 10.53.0.11" "10.53.0.11" || ret=1
-n=$((n+1))
+n=$((n + 1))
 if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
 
 echo_i "testing updates to denied as administrator ($n)"
 ret=0
-test_update $n denied.example.nil. TXT "86400 TXT helloworld" "helloworld" > /dev/null && ret=1
-n=$((n+1))
+test_update $n denied.example.nil. TXT "86400 TXT helloworld" "helloworld" >/dev/null && ret=1
+n=$((n + 1))
 if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
-
+status=$((status + ret))
 
 # Testing denied updates.
-KRB5CCNAME="FILE:"`pwd`/ns1/testdenied.ccache
+KRB5CCNAME="FILE:"$(pwd)/ns1/testdenied.ccache
 export KRB5CCNAME
 
 echo_i "testing updates to denied (A) as a user ($n)"
 ret=0
-test_update $n testdenied.example.nil. A "86400 A 10.53.0.12" "10.53.0.12" > /dev/null && ret=1
-n=$((n+1))
+test_update $n testdenied.example.nil. A "86400 A 10.53.0.12" "10.53.0.12" >/dev/null && ret=1
+n=$((n + 1))
 if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
 
 echo_i "testing updates to denied (TXT) as a user ($n)"
 ret=0
 test_update $n testdenied.example.nil. TXT "86400 TXT helloworld" "helloworld" || ret=1
-n=$((n+1))
+n=$((n + 1))
 if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
 
 echo_i "testing external update policy (CNAME) ($n)"
 ret=0
-test_update $n testcname.example.nil. CNAME "86400 CNAME testdenied.example.nil" "testdenied" > /dev/null && ret=1
-n=$((n+1))
+test_update $n testcname.example.nil. CNAME "86400 CNAME testdenied.example.nil" "testdenied" >/dev/null && ret=1
+n=$((n + 1))
 if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
 
 echo_i "testing external update policy (CNAME) with auth sock ($n)"
 ret=0
-$PERL ./authsock.pl --type=CNAME --path=ns1/auth.sock --pidfile=authsock.pid --timeout=120 > /dev/null 2>&1 &
+$PERL ./authsock.pl --type=CNAME --path=ns1/auth.sock --pidfile=authsock.pid --timeout=120 >/dev/null 2>&1 &
 sleep 1
 test_update $n testcname.example.nil. CNAME "86400 CNAME testdenied.example.nil" "testdenied" || ret=1
-n=$((n+1))
+n=$((n + 1))
 if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
 
 echo_i "testing external update policy (A) ($n)"
 ret=0
-test_update $n testcname.example.nil. A "86400 A 10.53.0.13" "10.53.0.13" > /dev/null && ret=1
-n=$((n+1))
+test_update $n testcname.example.nil. A "86400 A 10.53.0.13" "10.53.0.13" >/dev/null && ret=1
+n=$((n + 1))
 if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
 
 echo_i "testing external policy with SIG(0) key ($n)"
 ret=0
-$NSUPDATE -k ns1/Kkey.example.nil.*.private <<END > /dev/null 2>&1 || ret=1
+$NSUPDATE -k ns1/Kkey.example.nil.*.private <<END >/dev/null 2>&1 || ret=1
 server 10.53.0.1 ${PORT}
 zone example.nil
 update add fred.example.nil 120 cname foo.bar.
 send
 END
-output=`$DIG $DIGOPTS +short cname fred.example.nil.`
+output=$($DIG $DIGOPTS +short cname fred.example.nil.)
 [ -n "$output" ] || ret=1
 [ $ret -eq 0 ] || echo_i "failed"
-n=$((n+1))
+n=$((n + 1))
 if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
 
 echo_i "ensure too long realm name is fatal in non-interactive mode ($n)"
 ret=0
-$NSUPDATE <<END > nsupdate.out${n} 2>&1 && ret=1
+$NSUPDATE <<END >nsupdate.out${n} 2>&1 && ret=1
     realm namenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamename
 END
-grep "realm is too long" nsupdate.out${n} > /dev/null || ret=1
-grep "syntax error" nsupdate.out${n} > /dev/null || ret=1
-n=$((n+1))
+grep "realm is too long" nsupdate.out${n} >/dev/null || ret=1
+grep "syntax error" nsupdate.out${n} >/dev/null || ret=1
+n=$((n + 1))
 if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
 
 echo_i "ensure too long realm name is not fatal in interactive mode ($n)"
 ret=0
-$NSUPDATE -i <<END > nsupdate.out${n} 2>&1 || ret=1
+$NSUPDATE -i <<END >nsupdate.out${n} 2>&1 || ret=1
     realm namenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamenamename
 END
-grep "realm is too long" nsupdate.out${n} > /dev/null || ret=1
-[ $ret = 0 ] || { echo_i "failed"; status=1; }
-n=$((n+1))
+grep "realm is too long" nsupdate.out${n} >/dev/null || ret=1
+[ $ret = 0 ] || {
+  echo_i "failed"
+  status=1
+}
+n=$((n + 1))
 if [ "$ret" -ne 0 ]; then echo_i "failed"; fi
-status=$((status+ret))
+status=$((status + ret))
 
 [ $status -eq 0 ] && echo_i "tsiggss tests all OK"
 
-kill `cat authsock.pid`
+kill $(cat authsock.pid)
 
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1
author	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-27 23:51:28 +0000
committer	Daniel Baumann <daniel.baumann@progress-linux.org>	2024-04-27 23:51:28 +0000
commit	3a8f8bef7340cf47837e9bb89b7a24d3844005ec (patch)
tree	be267b16d2782cfdbd4781cbde4cc712308faf6f /bin/tests/system/tsig
parent	Adding upstream version 1:9.16.44. (diff)
download	bind9-3a8f8bef7340cf47837e9bb89b7a24d3844005ec.tar.xz bind9-3a8f8bef7340cf47837e9bb89b7a24d3844005ec.zip