Received: from mx.pao1.isc.org (mx.pao1.isc.org [149.20.64.53]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mx.pao1.isc.org", Issuer "COMODO RSA Organization Validation Secure Server CA" (not verified)) by bugs.isc.org (Postfix) with ESMTPS id 69D75D78B0A for <bind9-confidential@bugs.isc.org>; Fri, 22 Sep 2017 15:06:29 +0000 (UTC)
Received: from ppsw-32.csi.cam.ac.uk (ppsw-32.csi.cam.ac.uk [131.111.8.132]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mx.pao1.isc.org (Postfix) with ESMTPS id 4B77E34AA36 for <bind9-bugs@isc.org>; Fri, 22 Sep 2017 15:02:27 +0000 (UTC)
Received: from grey.csi.cam.ac.uk ([131.111.57.57]:40391) by ppsw-32.csi.cam.ac.uk (ppsw.cam.ac.uk [131.111.8.136]:25) with esmtps (TLSv1:ECDHE-RSA-AES256-SHA:256) id 1dvPTE-0005j9-11 (Exim 4.89) for bind9-bugs@isc.org (return-path <dot@dotat.at>); Fri, 22 Sep 2017 16:02:24 +0100
To: bind9-bugs@isc.org
User-Agent: Alpine 2.11 (DEB 23 2013-08-11)
From dot@dotat.at  Fri Sep 22 15:06:29 2017
Subject: Re: [ISC-Bugs #45183] [PATCH] Alternative NSEC3 mode for nsec3hash
Return-Path: <dot@dotat.at>
Delivered-To: bind9-confidential@bugs.isc.org
content-type: TEXT/PLAIN; charset="utf-8"
X-RT-Original-Encoding: utf-8
MIME-Version: 1.0
X-Cam-Scannerinfo: http://help.uis.cam.ac.uk/email-scanner-virus
In-Reply-To: <rt-4.2.8-30832-1496946455-16.45183-5-0@isc.org>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on mx.pao1.isc.org
Message-ID: <alpine.DEB.2.11.1709221600440.2486@grey.csi.cam.ac.uk>
X-Original-To: bind9-confidential@bugs.isc.org
X-Spam-Status: No, score=-4.2 required=5.0 tests=BAYES_00,RCVD_IN_DNSWL_MED autolearn=ham autolearn_force=no version=3.4.0
Date: Fri, 22 Sep 2017 16:02:24 +0100
References: <RT-Ticket-45183@isc.org> <alpine.DEB.2.11.1705041653310.26620@grey.csi.cam.ac.uk> <rt-4.2.8-41266-1496885405-1898.45183-5-0@isc.org> <alpine.DEB.2.11.1706081709520.10867@grey.csi.cam.ac.uk> <rt-4.2.8-30832-1496938540-312.45183-4-0@isc.org> <20170608182734.GA73603@isc.org> <rt-4.2.8-30832-1496946455-16.45183-5-0@isc.org>
X-Cam-Antivirus: no malware found
X-RT-Incoming-Encryption: Not encrypted
X-RT-Interface: Email
From: "Tony Finch" <dot@dotat.at>
RT-Message-ID: <rt-4.4.1-75489-1506092790-285.45183-0-0@isc.org>
Content-Length: 3278

Evan Hunt via RT <bind9-review@isc.org> wrote:
>
> Incidentally, for a point-zero release in the future, I wonder if we should
> make the -r the default for nsec3hash and add a different option for
> backward compatibility. The existing argument ordering makes no sense
> at all.

I wondered if it might be simpler to key the off the number of arguments
(five vs four) rather than requiring a -r flag....



diff --git a/bin/tests/system/tools/tests.sh b/bin/tests/system/tools/tests.sh
index 7e8fe14..82b778d 100644
--- a/bin/tests/system/tools/tests.sh
+++ b/bin/tests/system/tools/tests.sh
@@ -78,6 +78,9 @@ checkempty
 echo "I:checking $NSEC3HASH -r - $name"
 out=`$NSEC3HASH -r $algo $flags $iters - $name`
 checkempty
+echo "I:checking $NSEC3HASH optional -r"
+out=`$NSEC3HASH $algo $flags $iters - $name`
+checkempty

 checkfail() {
 	case $? in
diff --git a/bin/tools/nsec3hash.c b/bin/tools/nsec3hash.c
index 4fc4339..90ffd6d 100644
--- a/bin/tools/nsec3hash.c
+++ b/bin/tools/nsec3hash.c
@@ -55,7 +55,7 @@ static void
 usage() {
 	fprintf(stderr, "Usage: %s salt algorithm iterations domain\n",
 		program);
-	fprintf(stderr, "       %s -r algorithm flags iterations salt domain\n",
+	fprintf(stderr, "       %s algorithm flags iterations salt domain\n",
 		program);
 	exit(1);
 }
@@ -152,6 +152,7 @@ main(int argc, char *argv[]) {
 	isc_boolean_t rdata_format = ISC_FALSE;
 	int ch;

+	/* -r retained for backwards compatibility */
 	while ((ch = isc_commandline_parse(argc, argv, "-r")) != -1) {
 		switch (ch) {
 		case 'r':
@@ -161,6 +162,7 @@ main(int argc, char *argv[]) {
 			isc_commandline_index -= 1;
 			goto skip;
 		default:
+			usage();
 			break;
 		}
 	}
@@ -169,18 +171,14 @@ main(int argc, char *argv[]) {
 	argc -= isc_commandline_index;
 	argv += isc_commandline_index;

-	if (rdata_format) {
-		if (argc != 5) {
-			usage();
-		}
+	if (argc == 5) {
 		nsec3hash(nsec3hash_rdata_print,
 			  argv[0], argv[1], argv[2], argv[3], argv[4]);
-	} else {
-		if (argc != 4) {
-			usage();
-		}
+	} else if (argc == 4 && !rdata_format) {
 		nsec3hash(nsec3hash_print,
 			  argv[1], NULL, argv[2], argv[0], argv[3]);
+	} else {
+		usage();
 	}
 	return(0);
 }
diff --git a/bin/tools/nsec3hash.docbook b/bin/tools/nsec3hash.docbook
index d28a13c..ce47feb 100644
--- a/bin/tools/nsec3hash.docbook
+++ b/bin/tools/nsec3hash.docbook
@@ -47,7 +47,7 @@
       <arg choice="req" rep="norepeat"><replaceable class="parameter">domain</replaceable></arg>
     </cmdsynopsis>
     <cmdsynopsis sepchar=" ">
-      <command>nsec3hash -r</command>
+      <command>nsec3hash</command>
       <arg choice="req" rep="norepeat"><replaceable class="parameter">algorithm</replaceable></arg>
       <arg choice="req" rep="norepeat"><replaceable class="parameter">flags</replaceable></arg>
       <arg choice="req" rep="norepeat"><replaceable class="parameter">iterations</replaceable></arg>
@@ -65,7 +65,7 @@
     </para>

     <para>
-      If this command is invoked as <command>nsec3hash -r</command>,
+      If this command is invoked with five arguments,
       it takes arguments in an order matching the first four fields
       of an NSEC3 record, followed by the domain name: algorithm, flags,
       iterations, salt, domain.  This makes it convenient to copy and