1#!/bin/sh 2 3# Copyright (C) Internet Systems Consortium, Inc. ("ISC") 4# 5# SPDX-License-Identifier: MPL-2.0 6# 7# This Source Code Form is subject to the terms of the Mozilla Public 8# License, v. 2.0. If a copy of the MPL was not distributed with this 9# file, you can obtain one at https://mozilla.org/MPL/2.0/. 10# 11# See the COPYRIGHT file distributed with this work for additional 12# information regarding copyright ownership. 13 14# shellcheck source=conf.sh 15SYSTEMTESTTOP=.. 16. "$SYSTEMTESTTOP/conf.sh" 17 18set -e 19 20RNDCCMD="$RNDC -c $SYSTEMTESTTOP/common/rndc.conf -p ${CONTROLPORT} -s" 21NAMED_DEFAULT_ARGS="-m record,size,mctx -d 99 -g -U 4" 22 23kill_named() { 24 pidfile="${1}" 25 if [ ! -r "${pidfile}" ]; then 26 return 1 27 fi 28 29 pid=$(cat "${pidfile}" 2>/dev/null) 30 if [ "${pid:+set}" = "set" ]; then 31 $KILL -15 "${pid}" >/dev/null 2>&1 32 retries=10 33 while [ "$retries" -gt 0 ]; do 34 if ! $KILL -0 "${pid}" >/dev/null 2>&1; then 35 break 36 fi 37 sleep 1 38 retries=$((retries-1)) 39 done 40 # Timed-out 41 if [ "$retries" -eq 0 ]; then 42 echo_i "failed to kill named ($pidfile)" 43 return 1 44 fi 45 fi 46 rm -f "${pidfile}" 47 return 0 48} 49 50check_named_log() { 51 grep "$@" >/dev/null 2>&1 52} 53 54run_named() ( 55 dir="$1" 56 shift 57 run="$1" 58 shift 59 if cd "$dir" > /dev/null 2>&1 60 then 61 "${NAMED}" "$@" ${NAMED_DEFAULT_ARGS} >> "$run" 2>&1 & 62 echo $! 63 fi 64) 65 66check_pid() ( 67 return $(! $KILL -0 "${1}" >/dev/null 2>&1) 68) 69 70status=0 71n=0 72 73n=$((n+1)) 74echo_i "verifying that named started normally ($n)" 75ret=0 76[ -s ns2/named.pid ] || ret=1 77grep "unable to listen on any configured interface" ns2/named.run > /dev/null && ret=1 78grep "another named process" ns2/named.run > /dev/null && ret=1 79if [ $ret -ne 0 ]; then echo_i "failed"; fi 80status=$((status+ret)) 81 82n=$((n+1)) 83echo_i "verifying that named checks for conflicting named processes ($n)" 84ret=0 85testpid=$(run_named ns2 named$n.run -c named-alt2.conf -D runtime-ns2-extra-2 -X named.lock) 86test -n "$testpid" || ret=1 87retry_quiet 10 check_named_log "another named process" ns2/named$n.run || ret=1 88test -n "$testpid" && retry_quiet 10 check_pid $testpid || ret=1 89test -n "$testpid" && $KILL -15 $testpid > kill$n.out 2>&1 && ret=1 90test -n "$testpid" && retry_quiet 10 check_pid $testpid || ret=1 91if [ $ret -ne 0 ]; then echo_i "failed"; fi 92status=$((status+ret)) 93 94n=$((n+1)) 95echo_i "verifying that 'lock-file none' disables process check ($n)" 96ret=0 97testpid=$(run_named ns2 named$n.run -c named-alt3.conf -D runtime-ns2-extra-3) 98test -n "$testpid" || ret=1 99retry_quiet 60 check_named_log "running$" ns2/named$n.run || ret=1 100grep "another named process" ns2/named$n.run > /dev/null && ret=1 101kill_named ns2/named-alt3.pid || ret=1 102test -n "$testpid" && retry_quiet 10 check_pid $testpid || ret=1 103if [ $ret -ne 0 ]; then echo_i "failed"; fi 104status=$((status+ret)) 105 106n=$((n+1)) 107echo_i "checking that named refuses to reconfigure if working directory is not writable ($n)" 108ret=0 109copy_setports ns2/named-alt4.conf.in ns2/named.conf 110$RNDCCMD 10.53.0.2 reconfig > rndc.out.$n 2>&1 && ret=1 111grep "failed: permission denied" rndc.out.$n > /dev/null 2>&1 || ret=1 112sleep 1 113grep "[^-]directory './nope' is not writable" ns2/named.run > /dev/null 2>&1 || ret=1 114if [ $ret -ne 0 ]; then echo_i "failed"; fi 115status=$((status+ret)) 116 117n=$((n+1)) 118echo_i "checking that named refuses to reconfigure if managed-keys-directory is not writable ($n)" 119ret=0 120copy_setports ns2/named-alt5.conf.in ns2/named.conf 121$RNDCCMD 10.53.0.2 reconfig > rndc.out.$n 2>&1 && ret=1 122grep "failed: permission denied" rndc.out.$n > /dev/null 2>&1 || ret=1 123sleep 1 124grep "managed-keys-directory './nope' is not writable" ns2/named.run > /dev/null 2>&1 || ret=1 125if [ $ret -ne 0 ]; then echo_i "failed"; fi 126status=$((status+ret)) 127 128n=$((n+1)) 129echo_i "checking that named refuses to reconfigure if new-zones-directory is not writable ($n)" 130ret=0 131copy_setports ns2/named-alt6.conf.in ns2/named.conf 132$RNDCCMD 10.53.0.2 reconfig > rndc.out.$n 2>&1 && ret=1 133grep "failed: permission denied" rndc.out.$n > /dev/null 2>&1 || ret=1 134sleep 1 135grep "new-zones-directory './nope' is not writable" ns2/named.run > /dev/null 2>&1 || ret=1 136if [ $ret -ne 0 ]; then echo_i "failed"; fi 137status=$((status+ret)) 138 139n=$((n+1)) 140echo_i "checking that named recovers when configuration file is valid again ($n)" 141ret=0 142copy_setports ns2/named1.conf.in ns2/named.conf 143$RNDCCMD 10.53.0.2 reconfig > rndc.out.$n 2>&1 || ret=1 144[ -s ns2/named.pid ] || ret=1 145kill_named ns2/named.pid || ret=1 146if [ $ret -ne 0 ]; then echo_i "failed"; fi 147status=$((status+ret)) 148 149n=$((n+1)) 150echo_i "checking that named refuses to start if working directory is not writable ($n)" 151ret=0 152testpid=$(run_named ns2 named$n.run -c named-alt4.conf -D runtime-ns2-extra-4) 153test -n "$testpid" || ret=1 154retry_quiet 10 check_named_log "exiting (due to fatal error)" ns2/named$n.run || ret=1 155grep "[^-]directory './nope' is not writable" ns2/named$n.run > /dev/null 2>&1 || ret=1 156kill_named ns2/named.pid && ret=1 157test -n "$testpid" && retry_quiet 10 check_pid $testpid || ret=1 158if [ $ret -ne 0 ]; then echo_i "failed"; fi 159status=$((status+ret)) 160 161n=$((n+1)) 162echo_i "checking that named refuses to start if managed-keys-directory is not writable ($n)" 163ret=0 164testpid=$(run_named ns2 named$n.run -c named-alt5.conf -D runtime-ns2-extra-5) 165test -n "$testpid" || ret=1 166retry_quiet 10 check_named_log "exiting (due to fatal error)" ns2/named$n.run || ret=1 167grep "managed-keys-directory './nope' is not writable" ns2/named$n.run > /dev/null 2>&1 || ret=1 168kill_named named.pid && ret=1 169test -n "$testpid" && retry_quiet 10 check_pid $testpid || ret=1 170if [ $ret -ne 0 ]; then echo_i "failed"; fi 171status=$((status+ret)) 172 173n=$((n+1)) 174echo_i "checking that named refuses to start if new-zones-directory is not writable ($n)" 175ret=0 176testpid=$(run_named ns2 named$n.run -c named-alt6.conf -D runtime-ns2-extra-6) 177test -n "$testpid" || ret=1 178retry_quiet 10 check_named_log "exiting (due to fatal error)" ns2/named$n.run || ret=1 179grep "new-zones-directory './nope' is not writable" ns2/named$n.run > /dev/null 2>&1 || ret=1 180kill_named ns2/named.pid && ret=1 181test -n "$testpid" && retry_quiet 10 check_pid $testpid || ret=1 182if [ $ret -ne 0 ]; then echo_i "failed"; fi 183status=$((status+ret)) 184 185n=$((n+1)) 186echo_i "checking that named logs control characters in octal notation ($n)" 187ret=0 188INSTANCE_NAME="runtime-ns2-extra-7-$(cat ctrl-chars)" 189testpid=$(run_named ns2 named$n.run -c named-alt7.conf -D "${INSTANCE_NAME}") 190test -n "$testpid" || ret=1 191retry_quiet 60 check_named_log "running$" ns2/named$n.run || ret=1 192grep 'running as.*\\177\\033' ns2/named$n.run > /dev/null || ret=1 193kill_named ns2/named.pid || ret=1 194test -n "$testpid" && retry_quiet 10 check_pid $testpid || ret=1 195if [ $ret -ne 0 ]; then echo_i "failed"; fi 196status=$((status+ret)) 197 198n=$((n+1)) 199echo_i "checking that named escapes special characters in the logs ($n)" 200ret=0 201INSTANCE_NAME="runtime-ns2-extra-8-$;" 202testpid=$(run_named ns2 named$n.run -c named-alt7.conf -D "${INSTANCE_NAME}") 203test -n "$testpid" || ret=1 204retry_quiet 60 check_named_log "running$" ns2/named$n.run || ret=1 205grep 'running as.*\\$\\;' ns2/named$n.run > /dev/null || ret=1 206kill_named ns2/named.pid || ret=1 207test -n "$testpid" && retry_quiet 10 check_pid $testpid || ret=1 208if [ $ret -ne 0 ]; then echo_i "failed"; fi 209status=$((status+ret)) 210 211n=$((n+1)) 212echo_i "checking that named logs an ellipsis when the command line is larger than 8k bytes ($n)" 213ret=0 214LONG_CMD_LINE=$(cat long-cmd-line) 215# shellcheck disable=SC2086 216testpid=$(run_named ns2 named$n.run $LONG_CMD_LINE -c "named-alt7.conf") 217test -n "$testpid" || ret=1 218retry_quiet 60 check_named_log "running$" ns2/named$n.run || ret=1 219grep "running as.*\.\.\.$" ns2/named$n.run > /dev/null || ret=1 220kill_named ns2/named.pid || ret=1 221test -n "$testpid" && retry_quiet 10 check_pid $testpid || ret=1 222if [ $ret -ne 0 ]; then echo_i "failed"; fi 223status=$((status+ret)) 224 225n=$((n+1)) 226echo_i "verifying that named switches UID ($n)" 227if [ "$(id -u)" -eq 0 ] && [ -z "$CYGWIN" ]; then 228 ret=0 229 TEMP_NAMED_DIR=$(mktemp -d "$(pwd)/ns2/tmp.XXXXXXXX") 230 if [ "$?" -eq 0 ]; then 231 copy_setports ns2/named-alt9.conf.in "${TEMP_NAMED_DIR}/named-alt9.conf" 232 export SOFTHSM2_CONF="${TEMP_NAMED_DIR}/softhsm2.conf" 233 sh "$TOP/bin/tests/prepare-softhsm2.sh" 234 chown -R nobody: "${TEMP_NAMED_DIR}" 235 chmod 0700 "${TEMP_NAMED_DIR}" 236 testpid=$(run_named "${TEMP_NAMED_DIR}" "${TEMP_NAMED_DIR}/named$n.run" -u nobody -c named-alt9.conf) 237 test -n "$testpid" || ret=1 238 retry_quiet 60 check_named_log "running$" "${TEMP_NAMED_DIR}/named$n.run" || ret=1 239 [ -s "${TEMP_NAMED_DIR}/named9.pid" ] || ret=1 240 grep "loading configuration: permission denied" "${TEMP_NAMED_DIR}/named$n.run" > /dev/null && ret=1 241 kill_named "${TEMP_NAMED_DIR}/named9.pid" || ret=1 242 test -n "$testpid" && retry_quiet 10 check_pid $testpid || ret=1 243 else 244 echo_i "mktemp failed" 245 ret=1 246 fi 247 if [ $ret -ne 0 ]; then echo_i "failed"; fi 248 status=$((status+ret)) 249else 250 echo_i "skipped, not running as root or running on Windows" 251fi 252 253echo_i "exit status: $status" 254[ $status -eq 0 ] || exit 1 255