1#!/bin/sh 2# 3# Copyright (C) 2012 Internet Systems Consortium, Inc. ("ISC") 4# 5# Permission to use, copy, modify, and/or distribute this software for any 6# purpose with or without fee is hereby granted, provided that the above 7# copyright notice and this permission notice appear in all copies. 8# 9# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH 10# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY 11# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT, 12# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM 13# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE 14# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR 15# PERFORMANCE OF THIS SOFTWARE. 16 17# Id 18 19SYSTEMTESTTOP=.. 20. $SYSTEMTESTTOP/conf.sh 21 22status=0 23 24rm -f dig.out.* 25 26DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300" 27 28for f in conf/good*.conf 29do 30 echo "I:checking '$f'" 31 ret=0 32 $CHECKCONF $f > /dev/null || ret=1 33 if [ $ret != 0 ]; then echo "I:failed"; fi 34 status=`expr $status + $ret` 35done 36 37for f in conf/bad*.conf 38do 39 echo "I:checking '$f'" 40 ret=0 41 $CHECKCONF $f > /dev/null && ret=1 42 if [ $ret != 0 ]; then echo "I:failed"; fi 43 status=`expr $status + $ret` 44done 45 46echo "I:checking that RSA big exponent keys can't be loaded" 47ret=0 48grep "out of range" ns2/signer.err > /dev/null || ret=1 49if [ $ret != 0 ]; then echo "I:failed"; fi 50status=`expr $status + $ret` 51 52echo "I:checking that RSA big exponent signature can't validate" 53ret=0 54$DIG $DIGOPTS a.example @10.53.0.2 > dig.out.ns2 || ret=1 55$DIG $DIGOPTS a.example @10.53.0.3 > dig.out.ns3 || ret=1 56grep "status: NOERROR" dig.out.ns2 > /dev/null || ret=1 57grep "status: SERVFAIL" dig.out.ns3 > /dev/null || ret=1 58if [ $ret != 0 ]; then echo "I:failed"; fi 59status=`expr $status + $ret` 60 61echo "I:exit status: $status" 62exit $status 63