mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-29 05:28:00 +00:00
- suppress duplicate keys
- allow finding a key by name only (instead of name and algorithm) - add creator field, which is filled in by TKEY
This commit is contained in:
Brian Wellington
parent
3efd14644c
commit
1a2c699f0e
@ -43,7 +43,7 @@ struct dns_tsigkey {
|
||||
dns_name_t name; /* Key name */
|
||||
dns_name_t algorithm; /* Algorithm name */
|
||||
isc_uint32_t refs; /* reference counter */
|
||||
isc_boolean_t transient; /* dynamically created? */
|
||||
dst_key_t *creator; /* key that created secret */
|
||||
isc_boolean_t deleted; /* has this been deleted? */
|
||||
ISC_LINK(dns_tsigkey_t) link;
|
||||
};
|
||||
@ -52,8 +52,8 @@ struct dns_tsigkey {
|
||||
|
||||
isc_result_t
|
||||
dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm,
|
||||
unsigned char *secret, int length, isc_boolean_t transient,
|
||||
isc_mem_t *mctx, dns_tsigkey_t **key);
|
||||
unsigned char *secret, int length, dst_key_t *creator,
|
||||
isc_mem_t *mctx, dns_tsigkey_t **key);
|
||||
/*
|
||||
* Creates a tsig key structure pointed to by 'key'.
|
||||
*
|
||||
@ -68,6 +68,7 @@ dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm,
|
||||
*
|
||||
* Returns:
|
||||
* ISC_R_SUCCESS
|
||||
* ISC_R_EXISTS - a key with this name already exists
|
||||
* DNS_R_NOTIMPLEMENTED - algorithm is not implemented
|
||||
* ISC_R_NOMEMORY
|
||||
*/
|
||||
@ -152,14 +153,14 @@ isc_result_t
|
||||
dns_tsigkey_find(dns_tsigkey_t **tsigkey, dns_name_t *name,
|
||||
dns_name_t *algorithm);
|
||||
/*
|
||||
* Returns the TSIG key corresponding to this name and algorithm and
|
||||
* increments the keys reference counter.
|
||||
* Returns the TSIG key corresponding to this name and (possibly)
|
||||
* algorithm. Also increments the key's reference counter.
|
||||
*
|
||||
* Requires:
|
||||
* 'tsigkey' is not NULL
|
||||
* '*tsigkey' is NULL
|
||||
* 'name' is a valid dns_name_t
|
||||
* 'algorithm' is a valid dns_name_t
|
||||
* 'algorithm' is a valid dns_name_t or NULL
|
||||
*
|
||||
* Returns:
|
||||
* ISC_R_SUCCESS
|
||||
|
||||
@ -16,7 +16,7 @@
|
||||
*/
|
||||
|
||||
/*
|
||||
* $Id: tsig.c,v 1.18 1999/10/09 00:00:54 tale Exp $
|
||||
* $Id: tsig.c,v 1.19 1999/10/14 18:35:25 bwelling Exp $
|
||||
* Principal Author: Brian Wellington
|
||||
*/
|
||||
|
||||
@ -62,7 +62,7 @@ dns_name_t *dns_tsig_hmacmd5_name = NULL;
|
||||
|
||||
isc_result_t
|
||||
dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm,
|
||||
unsigned char *secret, int length, isc_boolean_t transient,
|
||||
unsigned char *secret, int length, dst_key_t *creator,
|
||||
isc_mem_t *mctx, dns_tsigkey_t **key)
|
||||
{
|
||||
isc_buffer_t b, nameb;
|
||||
@ -108,6 +108,8 @@ dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm,
|
||||
goto cleanup_algorithm;
|
||||
|
||||
if (length > 0) {
|
||||
dns_tsigkey_t *tmp;
|
||||
|
||||
isc_buffer_init(&b, secret, length, ISC_BUFFERTYPE_BINARY);
|
||||
isc_buffer_add(&b, length);
|
||||
ret = dst_key_frombuffer(namestr, alg,
|
||||
@ -119,6 +121,16 @@ dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm,
|
||||
|
||||
ISC_LINK_INIT(tkey, link);
|
||||
isc_rwlock_lock(&tsiglock, isc_rwlocktype_write);
|
||||
tmp = ISC_LIST_HEAD(tsigkeys);
|
||||
while (tmp != NULL) {
|
||||
if (dns_name_equal(&tkey->name, &tmp->name)) {
|
||||
ret = ISC_R_EXISTS;
|
||||
isc_rwlock_unlock(&tsiglock,
|
||||
isc_rwlocktype_write);
|
||||
goto cleanup_algorithm;
|
||||
}
|
||||
tmp = ISC_LIST_NEXT(tmp, link);
|
||||
}
|
||||
ISC_LIST_APPEND(tsigkeys, tkey, link);
|
||||
isc_rwlock_unlock(&tsiglock, isc_rwlocktype_write);
|
||||
}
|
||||
@ -126,7 +138,7 @@ dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm,
|
||||
tkey->key = NULL;
|
||||
|
||||
tkey->refs = 0;
|
||||
tkey->transient = transient;
|
||||
tkey->creator = creator;
|
||||
tkey->deleted = ISC_FALSE;
|
||||
tkey->mctx = mctx;
|
||||
tkey->magic = TSIG_MAGIC;
|
||||
@ -164,6 +176,8 @@ dns_tsigkey_free(dns_tsigkey_t **key) {
|
||||
dns_name_free(&tkey->algorithm, tkey->mctx);
|
||||
if (tkey->key != NULL)
|
||||
dst_key_free(tkey->key);
|
||||
if (tkey->creator != NULL)
|
||||
dst_key_free(tkey->creator);
|
||||
isc_mem_put(tkey->mctx, tkey, sizeof(dns_tsigkey_t));
|
||||
}
|
||||
|
||||
@ -540,7 +554,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg) {
|
||||
* by calling dns_tsigkey_empty()
|
||||
*/
|
||||
ret = dns_tsigkey_create(keyname, &tsig->algorithm, NULL, 0,
|
||||
ISC_TRUE, mctx, &msg->tsigkey);
|
||||
NULL, mctx, &msg->tsigkey);
|
||||
if (ret != ISC_R_SUCCESS)
|
||||
goto cleanup_struct;
|
||||
return (DNS_R_TSIGVERIFYFAILURE);
|
||||
@ -870,13 +884,13 @@ dns_tsigkey_find(dns_tsigkey_t **tsigkey, dns_name_t *name,
|
||||
REQUIRE(tsigkey != NULL);
|
||||
REQUIRE(*tsigkey == NULL);
|
||||
REQUIRE(name != NULL);
|
||||
REQUIRE(algorithm != NULL);
|
||||
|
||||
isc_rwlock_lock(&tsiglock, isc_rwlocktype_read);
|
||||
key = ISC_LIST_HEAD(tsigkeys);
|
||||
while (key != NULL) {
|
||||
if (dns_name_equal(&key->name, name) &&
|
||||
dns_name_equal(&key->algorithm, algorithm) &&
|
||||
(algorithm == NULL ||
|
||||
dns_name_equal(&key->algorithm, algorithm)) &&
|
||||
!key->deleted)
|
||||
{
|
||||
key->refs++;
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user