Uploaded image for project: 'Support'
  1. Support
  2. SUPPORT-196

DelegationSignerSubmitCommand does not support arguments



    • Type: Bug
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: OpenDNSSEC 1.0.0, OpenDNSSEC 1.1.0, OpenDNSSEC 1.1.1, OpenDNSSEC 1.1.2, OpenDNSSEC 1.1.3, OpenDNSSEC 1.2.0, OpenDNSSEC 1.2.1, OpenDNSSEC 1.2.2, OpenDNSSEC 1.3.0, OpenDNSSEC 1.3.1, OpenDNSSEC 1.3.2, OpenDNSSEC 1.3.3, OpenDNSSEC 1.3.4, OpenDNSSEC 1.3.5, OpenDNSSEC 1.3.6, OpenDNSSEC 1.3.7, OpenDNSSEC 1.3.8, OpenDNSSEC 1.4.0a1, OpenDNSSEC 1.4.0a2, OpenDNSSEC 2.0.0a3, OpenDNSSEC 1.3.9, OpenDNSSEC 1.3.10, OpenDNSSEC 1.4.0a3, OpenDNSSEC 1.3.11, OpenDNSSEC 1.3.12, OpenDNSSEC 1.3.13, OpenDNSSEC 1.3.14, OpenDNSSEC 1.4.0, OpenDNSSEC 1.4.1, OpenDNSSEC 1.4.2, OpenDNSSEC 1.3.15, OpenDNSSEC 1.3.16, OpenDNSSEC 1.4.3, OpenDNSSEC 1.4.4, OpenDNSSEC 1.4.5, OpenDNSSEC 1.3.17, OpenDNSSEC 1.3.18, OpenDNSSEC 1.4.6, OpenDNSSEC 1.4.7, openDNSSEC 1.4.8, OpenDNSSEC 1.4.9, OpenDNSSEC 1.4.10
    • Fix Version/s: None
    • Component/s: Configuration, Enforcer
    • Labels:
    • Environment:

      Debian/Linux, x64


      If in the configuration file a DeligationSignerSubmitCommand is specified with an agumen, for example:

      /usr/local/bin/mycontrolscript publish --cka-id

      this does not work and results into an error.

      In this example, 'mycontrolscript' has different modes (like notify, publish or check-ds), so I want to specifiy what mode of the script should be used when running the command. However, OpenDnsSec, does not accept this, and writes an error in syslog when trying to execute the command:

      dnssec ods-enforcerd: Cannot stat file /usr/local/bin/myconstrolscript publish: No such file or directory

      Reading the sourcecode (version 1.4.9), the following is incorrect:

      • enforcer/common/daemon_util.c, line 920 the -' -cka_id' is stripped, making the configured command into: "/usr/local/bin/myconstrolscript publish"
      • in enforcer/enforcerd/enforcer.c, line 1929, it is verified the file/script does exists, and otherwise exit with "Cannot stat file %s:%s". However, it should check if the file exists, without extra arguments (so strip of the arguments)

      Strangely enough, in kaspcheck, the check is working as expected. The difference is kaspcheck.c is using 'check_file_from_xpath' to validate if the file/script exists. On line 233 of file enforcer/utils/kc_helper.c we see all arguments after the first space are stripped before testing.

      Expected is:

      • 1. kaspcheck checks are in line with checks of enforcer
      • 2. (optional) arguments are supported




            moon Mart
            0 Vote for this issue
            1 Start watching this issue