From 1a2c699f0eb89fbd776a2dfabb6e197fe36a8c20 Mon Sep 17 00:00:00 2001
From: Brian Wellington <source@isc.org>
Date: Thu, 14 Oct 1999 18:35:25 +0000
Subject: [PATCH] - suppress duplicate keys - allow finding a key by name only
 (instead of name and algorithm) - add creator field, which is filled in by
 TKEY

---
 lib/dns/include/dns/tsig.h | 13 +++++++------
 lib/dns/tsig.c             | 26 ++++++++++++++++++++------
 2 files changed, 27 insertions(+), 12 deletions(-)

diff --git a/lib/dns/include/dns/tsig.h b/lib/dns/include/dns/tsig.h
index 144240e76f..bcc3ae5f56 100644
--- a/lib/dns/include/dns/tsig.h
+++ b/lib/dns/include/dns/tsig.h
@@ -43,7 +43,7 @@ struct dns_tsigkey {
 	dns_name_t		name;		/* Key name */
 	dns_name_t		algorithm;	/* Algorithm name */
 	isc_uint32_t		refs;		/* reference counter */
-	isc_boolean_t		transient;	/* dynamically created? */
+	dst_key_t		*creator;	/* key that created secret */
 	isc_boolean_t		deleted;	/* has this been deleted? */
 	ISC_LINK(dns_tsigkey_t)	link;
 };
@@ -52,8 +52,8 @@ struct dns_tsigkey {
 
 isc_result_t
 dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm,
-		    unsigned char *secret, int length, isc_boolean_t transient,
-		    isc_mem_t *mctx, dns_tsigkey_t **key);
+		   unsigned char *secret, int length, dst_key_t *creator,
+		   isc_mem_t *mctx, dns_tsigkey_t **key);
 /*
  *	Creates a tsig key structure pointed to by 'key'.
  *
@@ -68,6 +68,7 @@ dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm,
  *
  *	Returns:
  *		ISC_R_SUCCESS
+ *		ISC_R_EXISTS - a key with this name already exists
  *		DNS_R_NOTIMPLEMENTED - algorithm is not implemented
  *		ISC_R_NOMEMORY
  */
@@ -152,14 +153,14 @@ isc_result_t
 dns_tsigkey_find(dns_tsigkey_t **tsigkey, dns_name_t *name,
 		 dns_name_t *algorithm);
 /*
- *	Returns the TSIG key corresponding to this name and algorithm and
- *	increments the keys reference counter.
+ *	Returns the TSIG key corresponding to this name and (possibly)
+ *	algorithm.  Also increments the key's reference counter.
  *
  *	Requires:
  *		'tsigkey' is not NULL
  *		'*tsigkey' is NULL
  *		'name' is a valid dns_name_t
- *		'algorithm' is a valid dns_name_t
+ *		'algorithm' is a valid dns_name_t or NULL
  *
  *	Returns:
  *		ISC_R_SUCCESS
diff --git a/lib/dns/tsig.c b/lib/dns/tsig.c
index 2517305e78..d669e56da7 100644
--- a/lib/dns/tsig.c
+++ b/lib/dns/tsig.c
@@ -16,7 +16,7 @@
  */
 
 /*
- * $Id: tsig.c,v 1.18 1999/10/09 00:00:54 tale Exp $
+ * $Id: tsig.c,v 1.19 1999/10/14 18:35:25 bwelling Exp $
  * Principal Author: Brian Wellington
  */
 
@@ -62,7 +62,7 @@ dns_name_t *dns_tsig_hmacmd5_name = NULL;
 
 isc_result_t
 dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm,
-		   unsigned char *secret, int length, isc_boolean_t transient,
+		   unsigned char *secret, int length, dst_key_t *creator,
 		   isc_mem_t *mctx, dns_tsigkey_t **key)
 {
 	isc_buffer_t b, nameb;
@@ -108,6 +108,8 @@ dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm,
 		goto cleanup_algorithm;
 
 	if (length > 0) {
+		dns_tsigkey_t *tmp;
+
 		isc_buffer_init(&b, secret, length, ISC_BUFFERTYPE_BINARY);
 		isc_buffer_add(&b, length);
 		ret = dst_key_frombuffer(namestr, alg,
@@ -119,6 +121,16 @@ dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm,
 
 		ISC_LINK_INIT(tkey, link);
 		isc_rwlock_lock(&tsiglock, isc_rwlocktype_write);
+		tmp = ISC_LIST_HEAD(tsigkeys);
+		while (tmp != NULL) {
+			if (dns_name_equal(&tkey->name, &tmp->name)) {
+				ret = ISC_R_EXISTS;
+				isc_rwlock_unlock(&tsiglock,
+						  isc_rwlocktype_write);
+				goto cleanup_algorithm;
+			}
+			tmp = ISC_LIST_NEXT(tmp, link);
+		}
 		ISC_LIST_APPEND(tsigkeys, tkey, link);
 		isc_rwlock_unlock(&tsiglock, isc_rwlocktype_write);
 	}
@@ -126,7 +138,7 @@ dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm,
 		tkey->key = NULL;
 
 	tkey->refs = 0;
-	tkey->transient = transient;
+	tkey->creator = creator;
 	tkey->deleted = ISC_FALSE;
 	tkey->mctx = mctx;
 	tkey->magic = TSIG_MAGIC;
@@ -164,6 +176,8 @@ dns_tsigkey_free(dns_tsigkey_t **key) {
 	dns_name_free(&tkey->algorithm, tkey->mctx);
 	if (tkey->key != NULL)
 		dst_key_free(tkey->key);
+	if (tkey->creator != NULL)
+		dst_key_free(tkey->creator);
 	isc_mem_put(tkey->mctx, tkey, sizeof(dns_tsigkey_t));
 }
 
@@ -540,7 +554,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg) {
 		 * by calling dns_tsigkey_empty()
 		 */
 		ret = dns_tsigkey_create(keyname, &tsig->algorithm, NULL, 0,
-					 ISC_TRUE, mctx, &msg->tsigkey);
+					 NULL, mctx, &msg->tsigkey);
 		if (ret != ISC_R_SUCCESS)
 			goto cleanup_struct;
 		return (DNS_R_TSIGVERIFYFAILURE);
@@ -870,13 +884,13 @@ dns_tsigkey_find(dns_tsigkey_t **tsigkey, dns_name_t *name,
 	REQUIRE(tsigkey != NULL);
 	REQUIRE(*tsigkey == NULL);
 	REQUIRE(name != NULL);
-	REQUIRE(algorithm != NULL);
 
 	isc_rwlock_lock(&tsiglock, isc_rwlocktype_read);
 	key = ISC_LIST_HEAD(tsigkeys);
 	while (key != NULL) {
 		if (dns_name_equal(&key->name, name) &&
-		    dns_name_equal(&key->algorithm, algorithm) &&
+		    (algorithm == NULL ||
+		     dns_name_equal(&key->algorithm, algorithm)) &&
 		    !key->deleted)
 		{
 			key->refs++;