-
Type:
Bug
-
Status: Open
-
Priority:
Minor
-
Resolution: Unresolved
-
Affects Version/s: 2.1.4, 2.1.5
-
Fix Version/s: None
-
Component/s: Enforcer
-
Labels:None
-
Environment:
Linux Debian Buster,
OpenDNSSEC 2.1.4 from source repo (Debian sid) or self-compiled.
Bug independent on environment.
OpenDNSSEC conf.xml contains:
<Enforcer>
...
<DelegationSignerSubmitCommand>/path/to/ds_submit _script --cka_id</DelegationSignerSubmitCommand>
<DelegationSignerRetractCommand>/path/to/ds_retract_script --cka_id</DelegationSignerRetractCommand>
...
</Enforcer>Linux Debian Buster, OpenDNSSEC 2.1.4 from source repo (Debian sid) or self-compiled. Bug independent on environment. OpenDNSSEC conf.xml contains: <Enforcer> ... <DelegationSignerSubmitCommand>/path/to/ds_submit _script --cka_id</DelegationSignerSubmitCommand> <DelegationSignerRetractCommand>/path/to/ds_retract_script --cka_id</DelegationSignerRetractCommand> ... </Enforcer>
With suffix " --ckaid" on the DelegationSigner{Submit,Retract}Command
strings in conf.xml, DNSKEY data with CKAID (as a comment) is expected on STDIN.
It works on the first invocation of each command, but subsequent invocations does not include the CKAID.
Problem is in enforcer/src/keystate/keystate_ds.c:
Local var cka in exec_dnskey_by_id() and change of a global variable (config string).
Also, the trailing \n in rrstr isn't stripped properly (if ckaid forced on), except on first invocation.
The attached patch moves the ds command string parse (strip of " --ckaid" suffix) to
enforcer/src/daemon/cfg.c and introduces two new entries in struct engineconfig_struct to remember the result.
Also, the output of engine_config_print has been corrected.
Note: The problem is probably present in earlier versions as well (haven't checked).
- relates to
-
OPENDNSSEC-497 CLONE - CKA_ID in DelegationSignerSubmitCommand
-
- Resolved
-