1*00b67f09SDavid van Moolenbroek#!/bin/sh 2*00b67f09SDavid van Moolenbroek# 3*00b67f09SDavid van Moolenbroek# Copyright (C) 2012-2014 Internet Systems Consortium, Inc. ("ISC") 4*00b67f09SDavid van Moolenbroek# 5*00b67f09SDavid van Moolenbroek# Permission to use, copy, modify, and/or distribute this software for any 6*00b67f09SDavid van Moolenbroek# purpose with or without fee is hereby granted, provided that the above 7*00b67f09SDavid van Moolenbroek# copyright notice and this permission notice appear in all copies. 8*00b67f09SDavid van Moolenbroek# 9*00b67f09SDavid van Moolenbroek# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10*00b67f09SDavid van Moolenbroek# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11*00b67f09SDavid van Moolenbroek# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12*00b67f09SDavid van Moolenbroek# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13*00b67f09SDavid van Moolenbroek# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14*00b67f09SDavid van Moolenbroek# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15*00b67f09SDavid van Moolenbroek# PERFORMANCE OF THIS SOFTWARE. 16*00b67f09SDavid van Moolenbroek 17*00b67f09SDavid van MoolenbroekSYSTEMTESTTOP=.. 18*00b67f09SDavid van Moolenbroek. $SYSTEMTESTTOP/conf.sh 19*00b67f09SDavid van Moolenbroek 20*00b67f09SDavid van MoolenbroekDIG="./dig.sh" 21*00b67f09SDavid van Moolenbroekchmod +x $DIG 22*00b67f09SDavid van Moolenbroek 23*00b67f09SDavid van MoolenbroekCHECKDS="$CHECKDS -d $DIG -D $DSFROMKEY" 24*00b67f09SDavid van Moolenbroek 25*00b67f09SDavid van Moolenbroekstatus=0 26*00b67f09SDavid van Moolenbroekn=1 27*00b67f09SDavid van Moolenbroek 28*00b67f09SDavid van Moolenbroekecho "I:checking for correct DS, looking up key via 'dig' ($n)" 29*00b67f09SDavid van Moolenbroekret=0 30*00b67f09SDavid van Moolenbroek$CHECKDS ok.example > checkds.out.$n 2>&1 || ret=1 31*00b67f09SDavid van Moolenbroekgrep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1 32*00b67f09SDavid van Moolenbroekgrep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1 33*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 34*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 35*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 36*00b67f09SDavid van Moolenbroek 37*00b67f09SDavid van Moolenbroekecho "I:checking for correct DS, obtaining key from file ($n)" 38*00b67f09SDavid van Moolenbroekret=0 39*00b67f09SDavid van Moolenbroek$CHECKDS -f ok.example.dnskey.db ok.example > checkds.out.$n || ret=1 40*00b67f09SDavid van Moolenbroekgrep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1 41*00b67f09SDavid van Moolenbroekgrep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1 42*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 43*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 44*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 45*00b67f09SDavid van Moolenbroek 46*00b67f09SDavid van Moolenbroekecho "I:checking for correct DLV, looking up key via 'dig' ($n)" 47*00b67f09SDavid van Moolenbroekret=0 48*00b67f09SDavid van Moolenbroek$CHECKDS -l dlv.example ok.example > checkds.out.$n || ret=1 49*00b67f09SDavid van Moolenbroekgrep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1 50*00b67f09SDavid van Moolenbroekgrep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1 51*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 52*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 53*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 54*00b67f09SDavid van Moolenbroek 55*00b67f09SDavid van Moolenbroekecho "I:checking for correct DLV, obtaining key from file ($n)" 56*00b67f09SDavid van Moolenbroekret=0 57*00b67f09SDavid van Moolenbroek$CHECKDS -l dlv.example -f ok.example.dnskey.db ok.example > checkds.out.$n || ret=1 58*00b67f09SDavid van Moolenbroekgrep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1 59*00b67f09SDavid van Moolenbroekgrep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1 60*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 61*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 62*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 63*00b67f09SDavid van Moolenbroek 64*00b67f09SDavid van Moolenbroekecho "I:checking for incorrect DS, lowronging up key via 'dig' ($n)" 65*00b67f09SDavid van Moolenbroekret=0 66*00b67f09SDavid van Moolenbroek$CHECKDS wrong.example > checkds.out.$n || ret=1 67*00b67f09SDavid van Moolenbroekgrep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1 68*00b67f09SDavid van Moolenbroekgrep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1 69*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 70*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 71*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 72*00b67f09SDavid van Moolenbroek 73*00b67f09SDavid van Moolenbroekecho "I:checking for incorrect DS, obtaining key from file ($n)" 74*00b67f09SDavid van Moolenbroekret=0 75*00b67f09SDavid van Moolenbroek$CHECKDS -f wrong.example.dnskey.db wrong.example > checkds.out.$n || ret=1 76*00b67f09SDavid van Moolenbroekgrep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1 77*00b67f09SDavid van Moolenbroekgrep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1 78*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 79*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 80*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 81*00b67f09SDavid van Moolenbroek 82*00b67f09SDavid van Moolenbroekecho "I:checking for incorrect DLV, lowronging up key via 'dig' ($n)" 83*00b67f09SDavid van Moolenbroekret=0 84*00b67f09SDavid van Moolenbroek$CHECKDS -l dlv.example wrong.example > checkds.out.$n || ret=1 85*00b67f09SDavid van Moolenbroekgrep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1 86*00b67f09SDavid van Moolenbroekgrep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1 87*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 88*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 89*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 90*00b67f09SDavid van Moolenbroek 91*00b67f09SDavid van Moolenbroekecho "I:checking for incorrect DLV, obtaining key from file ($n)" 92*00b67f09SDavid van Moolenbroekret=0 93*00b67f09SDavid van Moolenbroek$CHECKDS -l dlv.example -f wrong.example.dnskey.db wrong.example > checkds.out.$n || ret=1 94*00b67f09SDavid van Moolenbroekgrep 'SHA-1' checkds.out.$n > /dev/null 2>&1 || ret=1 95*00b67f09SDavid van Moolenbroekgrep 'SHA-256' checkds.out.$n > /dev/null 2>&1 || ret=1 96*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 97*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 98*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 99*00b67f09SDavid van Moolenbroek 100*00b67f09SDavid van Moolenbroek 101*00b67f09SDavid van Moolenbroekecho "I:checking for partially missing DS, looking up key via 'dig' ($n)" 102*00b67f09SDavid van Moolenbroekret=0 103*00b67f09SDavid van Moolenbroek$CHECKDS missing.example > checkds.out.$n || ret=1 104*00b67f09SDavid van Moolenbroekgrep 'SHA-1.*found' checkds.out.$n > /dev/null 2>&1 || ret=1 105*00b67f09SDavid van Moolenbroekgrep 'SHA-256.*found' checkds.out.$n > /dev/null 2>&1 || ret=1 106*00b67f09SDavid van Moolenbroekgrep 'SHA-1.*missing' checkds.out.$n > /dev/null 2>&1 || ret=1 107*00b67f09SDavid van Moolenbroekgrep 'SHA-256.*missing' checkds.out.$n > /dev/null 2>&1 || ret=1 108*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 109*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 110*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 111*00b67f09SDavid van Moolenbroek 112*00b67f09SDavid van Moolenbroekecho "I:checking for partially missing DS, obtaining key from file ($n)" 113*00b67f09SDavid van Moolenbroekret=0 114*00b67f09SDavid van Moolenbroek$CHECKDS -f missing.example.dnskey.db missing.example > checkds.out.$n || ret=1 115*00b67f09SDavid van Moolenbroekgrep 'SHA-1.*found' checkds.out.$n > /dev/null 2>&1 || ret=1 116*00b67f09SDavid van Moolenbroekgrep 'SHA-256.*found' checkds.out.$n > /dev/null 2>&1 || ret=1 117*00b67f09SDavid van Moolenbroekgrep 'SHA-1.*missing' checkds.out.$n > /dev/null 2>&1 || ret=1 118*00b67f09SDavid van Moolenbroekgrep 'SHA-256.*missing' checkds.out.$n > /dev/null 2>&1 || ret=1 119*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 120*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 121*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 122*00b67f09SDavid van Moolenbroek 123*00b67f09SDavid van Moolenbroekecho "I:checking for partially missing DLV, looking up key via 'dig' ($n)" 124*00b67f09SDavid van Moolenbroekret=0 125*00b67f09SDavid van Moolenbroek$CHECKDS -l dlv.example missing.example > checkds.out.$n || ret=1 126*00b67f09SDavid van Moolenbroekgrep 'SHA-1.*found' checkds.out.$n > /dev/null 2>&1 || ret=1 127*00b67f09SDavid van Moolenbroekgrep 'SHA-256.*found' checkds.out.$n > /dev/null 2>&1 || ret=1 128*00b67f09SDavid van Moolenbroekgrep 'SHA-1.*missing' checkds.out.$n > /dev/null 2>&1 || ret=1 129*00b67f09SDavid van Moolenbroekgrep 'SHA-256.*missing' checkds.out.$n > /dev/null 2>&1 || ret=1 130*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 131*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 132*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 133*00b67f09SDavid van Moolenbroek 134*00b67f09SDavid van Moolenbroekecho "I:checking for partially missing DLV, obtaining key from file ($n)" 135*00b67f09SDavid van Moolenbroekret=0 136*00b67f09SDavid van Moolenbroek$CHECKDS -l dlv.example -f missing.example.dnskey.db missing.example > checkds.out.$n || ret=1 137*00b67f09SDavid van Moolenbroekgrep 'SHA-1.*found' checkds.out.$n > /dev/null 2>&1 || ret=1 138*00b67f09SDavid van Moolenbroekgrep 'SHA-256.*found' checkds.out.$n > /dev/null 2>&1 || ret=1 139*00b67f09SDavid van Moolenbroekgrep 'SHA-1.*missing' checkds.out.$n > /dev/null 2>&1 || ret=1 140*00b67f09SDavid van Moolenbroekgrep 'SHA-256.*missing' checkds.out.$n > /dev/null 2>&1 || ret=1 141*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 142*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 143*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 144*00b67f09SDavid van Moolenbroek 145*00b67f09SDavid van Moolenbroekecho "I:checking for entirely missing DS, looking up key via 'dig' ($n)" 146*00b67f09SDavid van Moolenbroekret=0 147*00b67f09SDavid van Moolenbroek$CHECKDS none.example > checkds.out.$n && ret=1 148*00b67f09SDavid van Moolenbroekgrep 'No DS' checkds.out.$n > /dev/null 2>&1 || ret=1 149*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 150*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 151*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 152*00b67f09SDavid van Moolenbroek 153*00b67f09SDavid van Moolenbroekecho "I:checking for entirely missing DS, obtaining key from file ($n)" 154*00b67f09SDavid van Moolenbroekret=0 155*00b67f09SDavid van Moolenbroek$CHECKDS -f none.example.dnskey.db none.example > checkds.out.$n && ret=1 156*00b67f09SDavid van Moolenbroekgrep 'No DS' checkds.out.$n > /dev/null 2>&1 || ret=1 157*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 158*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 159*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 160*00b67f09SDavid van Moolenbroek 161*00b67f09SDavid van Moolenbroekecho "I:checking for entirely missing DLV, looking up key via 'dig' ($n)" 162*00b67f09SDavid van Moolenbroekret=0 163*00b67f09SDavid van Moolenbroek$CHECKDS -l dlv.example none.example > checkds.out.$n && ret=1 164*00b67f09SDavid van Moolenbroekgrep 'No DLV' checkds.out.$n > /dev/null 2>&1 || ret=1 165*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 166*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 167*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 168*00b67f09SDavid van Moolenbroek 169*00b67f09SDavid van Moolenbroekecho "I:checking for entirely missing DLV, obtaining key from file ($n)" 170*00b67f09SDavid van Moolenbroekret=0 171*00b67f09SDavid van Moolenbroek$CHECKDS -l dlv.example -f none.example.dnskey.db none.example > checkds.out.$n && ret=1 172*00b67f09SDavid van Moolenbroekgrep 'No DLV' checkds.out.$n > /dev/null 2>&1 || ret=1 173*00b67f09SDavid van Moolenbroekn=`expr $n + 1` 174*00b67f09SDavid van Moolenbroekif [ $ret != 0 ]; then echo "I:failed"; fi 175*00b67f09SDavid van Moolenbroekstatus=`expr $status + $ret` 176*00b67f09SDavid van Moolenbroek 177*00b67f09SDavid van Moolenbroekif [ $status = 0 ]; then $SHELL clean.sh; fi 178*00b67f09SDavid van Moolenbroekecho "I:exit status: $status" 179*00b67f09SDavid van Moolenbroekexit $status 180