mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-09-01 15:05:23 +00:00
Code Issues Releases Wiki Activity

Added dns_tsigkey_attach & _detach, to simplify reference counting.

Browse Source 
Added dns_message_get/settsigkey to deuglify tsig key handling in message code.
This commit is contained in:
Brian Wellington
2000-05-26 00:16:46 +00:00
parent 82a30bf0a0
commit af60263664
10 changed files with 176 additions and 80 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGES
View File

@@ -1,3 +1,6 @@
212. [cleanup] Added dns_message_get/settsigkey, to make TSIG
key management reasonable.
211. [func] The 'key' and 'server' statements can now occur 211. [func] The 'key' and 'server' statements can now occur
inside 'view' statements. inside 'view' statements.

6
bin/named/xfrout.c
View File

@@ -15,7 +15,7 @@
* SOFTWARE. * SOFTWARE.
*/ */
/* $Id: xfrout.c,v 1.62 2000/05/15 21:14:01 tale Exp $ */ /* $Id: xfrout.c,v 1.63 2000/05/26 00:16:35 bwelling Exp $ */
#include <config.h> #include <config.h>
@@ -1028,7 +1028,7 @@ ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
*/ */
CHECK(xfrout_ctx_create(mctx, client, request->id, question_name, CHECK(xfrout_ctx_create(mctx, client, request->id, question_name,
reqtype, db, ver, quota, stream, reqtype, db, ver, quota, stream,
request->tsigkey, request->tsig, dns_message_gettsigkey(request), request->tsig,
dns_zone_getmaxxfrout(zone), dns_zone_getmaxxfrout(zone),
dns_zone_getidleout(zone), dns_zone_getidleout(zone),
(format == dns_many_answers) ? (format == dns_many_answers) ?
@@ -1214,7 +1214,7 @@ sendstream(xfrout_ctx_t *xfr) {
msg->flags = DNS_MESSAGEFLAG_QR | DNS_MESSAGEFLAG_AA; msg->flags = DNS_MESSAGEFLAG_QR | DNS_MESSAGEFLAG_AA;
if ((xfr->client->attributes & NS_CLIENTATTR_RA) != 0) if ((xfr->client->attributes & NS_CLIENTATTR_RA) != 0)
msg->flags |= DNS_MESSAGEFLAG_RA; msg->flags |= DNS_MESSAGEFLAG_RA;
msg->tsigkey = xfr->tsigkey; dns_message_settsigkey(msg, xfr->tsigkey);
msg->querytsig = xfr->lasttsig; msg->querytsig = xfr->lasttsig;
/* /*

23
lib/dns/include/dns/message.h
View File

@@ -952,6 +952,29 @@ dns_message_gettsig(dns_message_t *msg, dns_name_t **owner);
* The TSIG rdataset of 'msg', or NULL if there isn't one. * The TSIG rdataset of 'msg', or NULL if there isn't one.
*/ */
void
dns_message_settsigkey(dns_message_t *msg, dns_tsigkey_t *key);
/*
* Set the tsig key for 'msg'. This is only necessary for when rendering a
* query or parsing a response. The key (if non-NULL) is attached to, and
* will be detached when the message is destroyed.
*
* Requires:
*
* 'msg' is a valid message
* 'key' is a valid tsig key or NULL.
*/
dns_tsigkey_t *
dns_message_gettsigkey(dns_message_t *msg);
/*
* Gets the tsig key for 'msg'.
*
* Requires:
*
* 'msg' is a valid message
*/
dns_rdataset_t * dns_rdataset_t *
dns_message_getsig0(dns_message_t *msg, dns_name_t **owner); dns_message_getsig0(dns_message_t *msg, dns_name_t **owner);
/* /*

20
lib/dns/include/dns/tsig.h
View File

@@ -102,13 +102,27 @@ dns_tsigkey_create(dns_name_t *name, dns_name_t *algorithm,
*/ */
void void
dns_tsigkey_free(dns_tsigkey_t **key); dns_tsigkey_attach(dns_tsigkey_t *source, dns_tsigkey_t **targetp);
/* /*
* Frees the tsig key structure pointed to by 'key'. * Attach '*targetp' to 'source'.
* *
* Requires: * Requires:
* 'key' is a valid TSIG key * 'key' is a valid TSIG key
* 'ring' is a valid TSIG keyring containing the key *
* Ensures:
* *targetp is attached to source.
*/
void
dns_tsigkey_detach(dns_tsigkey_t **key);
/*
* Detaches from the tsig key structure pointed to by '*key'.
*
* Requires:
* 'key' not NULL and '*key' is a valid TSIG key
*
* Ensures:
* 'key' points to NULL
*/ */
void void

28
lib/dns/message.c
View File

@@ -522,7 +522,7 @@ msgreset(dns_message_t *msg, isc_boolean_t everything) {
} }
if (msg->tsigkey != NULL) { if (msg->tsigkey != NULL) {
dns_tsigkey_free(&msg->tsigkey); dns_tsigkey_detach(&msg->tsigkey);
msg->tsigkey = NULL; msg->tsigkey = NULL;
} }
@@ -2220,6 +2220,32 @@ dns_message_gettsig(dns_message_t *msg, dns_name_t **owner) {
return (msg->tsigset); return (msg->tsigset);
} }
void
dns_message_settsigkey(dns_message_t *msg, dns_tsigkey_t *key) {
/*
* Set the TSIG key for 'msg'
*/
REQUIRE(DNS_MESSAGE_VALID(msg));
REQUIRE(msg->tsigkey == NULL);
if (key != NULL)
dns_tsigkey_attach(key, &msg->tsigkey);
}
dns_tsigkey_t *
dns_message_gettsigkey(dns_message_t *msg) {
/*
* Get the TSIG key for 'msg'
*/
REQUIRE(DNS_MESSAGE_VALID(msg));
return (msg->tsigkey);
}
dns_rdataset_t * dns_rdataset_t *
dns_message_getsig0(dns_message_t *msg, dns_name_t **owner) { dns_message_getsig0(dns_message_t *msg, dns_name_t **owner) {

5
lib/dns/request.c
View File

@@ -537,11 +537,10 @@ dns_request_create(dns_requestmgr_t *requestmgr, dns_message_t *message,
goto cleanup; goto cleanup;
message->id = id; message->id = id;
message->tsigkey = request->tsigkey; dns_message_settsigkey(message, request->tsigkey);
result = req_render(message, &request->query, mctx); result = req_render(message, &request->query, mctx);
request->tsig = message->tsig; request->tsig = message->tsig;
message->tsig = NULL; message->tsig = NULL;
message->tsigkey = NULL;
if (result == DNS_R_USETCP && if (result == DNS_R_USETCP &&
(options & DNS_REQUESTOPT_TCP) == 0) { (options & DNS_REQUESTOPT_TCP) == 0) {
/* /*
@@ -725,7 +724,7 @@ dns_request_getresponse(dns_request_t *request, dns_message_t *message,
message->querytsig = request->tsig; message->querytsig = request->tsig;
request->tsig = NULL; request->tsig = NULL;
message->tsigkey = request->tsigkey; dns_message_settsigkey(message, request->tsigkey);
return (dns_message_parse(message, request->answer, preserve_order)); return (dns_message_parse(message, request->answer, preserve_order));
} }

21
lib/dns/resolver.c
View File

@@ -899,15 +899,20 @@ resquery_send(resquery_t *query) {
if (result == ISC_R_SUCCESS && if (result == ISC_R_SUCCESS &&
dns_peer_getkey(peer, &keyname) == ISC_R_SUCCESS) dns_peer_getkey(peer, &keyname) == ISC_R_SUCCESS)
{ {
result = dns_tsigkey_find(&fctx->qmessage->tsigkey, dns_tsigkey_t *tsigkey = NULL;
keyname, NULL,
result = dns_tsigkey_find(&tsigkey, keyname, NULL,
fctx->res->view->statickeys); fctx->res->view->statickeys);
if (result == ISC_R_NOTFOUND) if (result == ISC_R_NOTFOUND)
result = dns_tsigkey_find(&fctx->qmessage->tsigkey, result = dns_tsigkey_find(&tsigkey, keyname, NULL,
keyname, NULL,
fctx->res->view->dynamickeys); fctx->res->view->dynamickeys);
if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND) if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND)
goto cleanup_message; goto cleanup_message;
if (tsigkey != NULL) {
dns_message_settsigkey(fctx->qmessage, tsigkey);
dns_tsigkey_detach(&tsigkey);
}
} }
result = dns_message_rendersection(fctx->qmessage, result = dns_message_rendersection(fctx->qmessage,
@@ -919,11 +924,11 @@ resquery_send(resquery_t *query) {
if (result != ISC_R_SUCCESS) if (result != ISC_R_SUCCESS)
goto cleanup_message; goto cleanup_message;
if (fctx->qmessage->tsigkey != NULL) { if (dns_message_gettsigkey(fctx->qmessage) != NULL) {
query->tsigkey = fctx->qmessage->tsigkey; dns_tsigkey_attach(dns_message_gettsigkey(fctx->qmessage),
&query->tsigkey);
query->tsig = fctx->qmessage->tsig; query->tsig = fctx->qmessage->tsig;
fctx->qmessage->tsig = NULL; fctx->qmessage->tsig = NULL;
fctx->qmessage->tsigkey = NULL;
} }
/* /*
@@ -3484,7 +3489,7 @@ resquery_response(isc_task_t *task, isc_event_t *event) {
/* BEW - clean this up at some point */ /* BEW - clean this up at some point */
message->querytsig = query->tsig; message->querytsig = query->tsig;
message->tsigkey = query->tsigkey; dns_message_settsigkey(message, query->tsigkey);
query->tsig = NULL; query->tsig = NULL;
result = dns_message_parse(message, &devent->buffer, ISC_FALSE); result = dns_message_parse(message, &devent->buffer, ISC_FALSE);

29
lib/dns/tkey.c
View File

@@ -16,7 +16,7 @@
*/ */
/* /*
* $Id: tkey.c,v 1.39 2000/05/24 23:13:23 bwelling Exp $ * $Id: tkey.c,v 1.40 2000/05/26 00:16:40 bwelling Exp $
* Principal Author: Brian Wellington * Principal Author: Brian Wellington
*/ */
@@ -413,7 +413,7 @@ process_deletetkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name,
*/ */
dns_tsigkey_setdeleted(tsigkey); dns_tsigkey_setdeleted(tsigkey);
/* Release the reference */ /* Release the reference */
dns_tsigkey_free(&tsigkey); dns_tsigkey_detach(&tsigkey);
return (ISC_R_SUCCESS); return (ISC_R_SUCCESS);
} }
@@ -564,7 +564,7 @@ dns_tkey_processquery(dns_message_t *msg, dns_tkey_ctx_t *tctx,
result = dns_tsigkey_find(&tsigkey, keyname, NULL, ring); result = dns_tsigkey_find(&tsigkey, keyname, NULL, ring);
if (result == ISC_R_SUCCESS) { if (result == ISC_R_SUCCESS) {
tkeyout.error = dns_tsigerror_badname; tkeyout.error = dns_tsigerror_badname;
dns_tsigkey_free(&tsigkey); dns_tsigkey_detach(&tsigkey);
goto failure_with_tkey; goto failure_with_tkey;
} }
else if (result != ISC_R_NOTFOUND) else if (result != ISC_R_NOTFOUND)
@@ -849,6 +849,7 @@ dns_tkey_processdhresponse(dns_message_t *qmsg, dns_message_t *rmsg,
isc_buffer_t *shared = NULL, secret; isc_buffer_t *shared = NULL, secret;
isc_region_t r, r2; isc_region_t r, r2;
isc_result_t result; isc_result_t result;
isc_boolean_t freertkey = ISC_FALSE;
REQUIRE(qmsg != NULL); REQUIRE(qmsg != NULL);
REQUIRE(rmsg != NULL); REQUIRE(rmsg != NULL);
@@ -860,9 +861,10 @@ dns_tkey_processdhresponse(dns_message_t *qmsg, dns_message_t *rmsg,
REQUIRE(ring != NULL); REQUIRE(ring != NULL);
if (rmsg->rcode != dns_rcode_noerror) if (rmsg->rcode != dns_rcode_noerror)
return(ISC_RESULTCLASS_DNSRCODE + rmsg->rcode); return (ISC_RESULTCLASS_DNSRCODE + rmsg->rcode);
RETERR(find_tkey(rmsg, &tkeyname, &rtkeyrdata, DNS_SECTION_ANSWER)); RETERR(find_tkey(rmsg, &tkeyname, &rtkeyrdata, DNS_SECTION_ANSWER));
RETERR(dns_rdata_tostruct(&rtkeyrdata, &rtkey, rmsg->mctx)); RETERR(dns_rdata_tostruct(&rtkeyrdata, &rtkey, rmsg->mctx));
freertkey = ISC_TRUE;
RETERR(find_tkey(qmsg, &tempname, &qtkeyrdata, RETERR(find_tkey(qmsg, &tempname, &qtkeyrdata,
DNS_SECTION_ADDITIONAL)); DNS_SECTION_ADDITIONAL));
@@ -875,10 +877,12 @@ dns_tkey_processdhresponse(dns_message_t *qmsg, dns_message_t *rmsg,
rmsg->rcode != dns_rcode_noerror) rmsg->rcode != dns_rcode_noerror)
{ {
result = DNS_R_INVALIDTKEY; result = DNS_R_INVALIDTKEY;
dns_rdata_freestruct(&rtkey); dns_rdata_freestruct(&qtkey);
goto failure; goto failure;
} }
dns_rdata_freestruct(&qtkey);
dns_name_init(&keyname, NULL); dns_name_init(&keyname, NULL);
dns_name_clone(dst_key_name(key), &keyname); dns_name_clone(dst_key_name(key), &keyname);
@@ -941,12 +945,20 @@ dns_tkey_processdhresponse(dns_message_t *qmsg, dns_message_t *rmsg,
NULL, rtkey.inception, rtkey.expire, NULL, rtkey.inception, rtkey.expire,
rmsg->mctx, ring, outkey); rmsg->mctx, ring, outkey);
isc_buffer_free(&shared); isc_buffer_free(&shared);
dns_rdata_freestruct(&rtkey);
dst_key_free(&theirkey);
return (result); return (result);
failure: failure:
if (shared != NULL) if (shared != NULL)
isc_buffer_free(&shared); isc_buffer_free(&shared);
if (theirkey != NULL)
dst_key_free(&theirkey);
if (freertkey)
dns_rdata_freestruct(&rtkey);
return (result); return (result);
} }
@@ -980,12 +992,17 @@ dns_tkey_processdeleteresponse(dns_message_t *qmsg, dns_message_t *rmsg,
rmsg->rcode != dns_rcode_noerror) rmsg->rcode != dns_rcode_noerror)
{ {
result = DNS_R_INVALIDTKEY; result = DNS_R_INVALIDTKEY;
dns_rdata_freestruct(&qtkey);
dns_rdata_freestruct(&rtkey); dns_rdata_freestruct(&rtkey);
goto failure; goto failure;
} }
dns_rdata_freestruct(&qtkey);
RETERR(dns_tsigkey_find(&tsigkey, tkeyname, &rtkey.algorithm, ring)); RETERR(dns_tsigkey_find(&tsigkey, tkeyname, &rtkey.algorithm, ring));
dns_rdata_freestruct(&rtkey);
/* /*
* Mark the key as deleted. * Mark the key as deleted.
*/ */
@@ -993,7 +1010,7 @@ dns_tkey_processdeleteresponse(dns_message_t *qmsg, dns_message_t *rmsg,
/* /*
* Release the reference. * Release the reference.
*/ */
dns_tsigkey_free(&tsigkey); dns_tsigkey_detach(&tsigkey);
failure: failure:
return (result); return (result);

113
lib/dns/tsig.c
View File

@@ -16,7 +16,7 @@
*/ */
/* /*
* $Id: tsig.c,v 1.63 2000/05/24 23:13:25 bwelling Exp $ * $Id: tsig.c,v 1.64 2000/05/26 00:16:41 bwelling Exp $
* Principal Author: Brian Wellington * Principal Author: Brian Wellington
*/ */
@@ -173,51 +173,58 @@ cleanup_key:
return (ret); return (ret);
} }
void
dns_tsigkey_attach(dns_tsigkey_t *source, dns_tsigkey_t **targetp) {
REQUIRE(VALID_TSIG_KEY(source));
REQUIRE(targetp != NULL && *targetp == NULL);
isc_mutex_lock(&source->lock);
source->refs++;
isc_mutex_unlock(&source->lock);
*targetp = source;
}
static void static void
tsigkey_free(dns_tsigkey_t **key) { tsigkey_free(dns_tsigkey_t *key) {
dns_tsigkey_t *tkey;
dns_tsig_keyring_t *ring; dns_tsig_keyring_t *ring;
REQUIRE(VALID_TSIG_KEY(key));
ring = key->ring;
key->magic = 0;
if (key->key != NULL) {
isc_rwlock_lock(&ring->lock, isc_rwlocktype_write);
ISC_LIST_UNLINK(ring->keys, key, link);
isc_rwlock_unlock(&ring->lock, isc_rwlocktype_write);
}
dns_name_free(&key->name, key->mctx);
dns_name_free(&key->algorithm, key->mctx);
if (key->key != NULL)
dst_key_free(&key->key);
if (key->creator != NULL) {
dns_name_free(key->creator, key->mctx);
isc_mem_put(key->mctx, key->creator, sizeof(dns_name_t));
}
isc_mem_put(key->mctx, key, sizeof(dns_tsigkey_t));
}
void
dns_tsigkey_detach(dns_tsigkey_t **key) {
dns_tsigkey_t *tkey;
REQUIRE(key != NULL); REQUIRE(key != NULL);
REQUIRE(VALID_TSIG_KEY(*key)); REQUIRE(VALID_TSIG_KEY(*key));
tkey = *key; tkey = *key;
*key = NULL; *key = NULL;
ring = tkey->ring;
tkey->magic = 0;
if (tkey->key != NULL) {
isc_rwlock_lock(&ring->lock, isc_rwlocktype_write);
ISC_LIST_UNLINK(ring->keys, tkey, link);
isc_rwlock_unlock(&ring->lock, isc_rwlocktype_write);
}
dns_name_free(&tkey->name, tkey->mctx);
dns_name_free(&tkey->algorithm, tkey->mctx);
if (tkey->key != NULL)
dst_key_free(&tkey->key);
if (tkey->creator != NULL) {
dns_name_free(tkey->creator, tkey->mctx);
isc_mem_put(tkey->mctx, tkey->creator, sizeof(dns_name_t));
}
isc_mem_put(tkey->mctx, tkey, sizeof(dns_tsigkey_t));
}
void
dns_tsigkey_free(dns_tsigkey_t **key) {
dns_tsigkey_t *tkey;
REQUIRE(key != NULL);
REQUIRE(VALID_TSIG_KEY(*key));
tkey = *key;
isc_mutex_lock(&tkey->lock); isc_mutex_lock(&tkey->lock);
tkey->refs--; tkey->refs--;
if (tkey->refs > 0 || (!tkey->deleted && tkey->key != NULL)) { if (tkey->refs > 0 || (!tkey->deleted && tkey->key != NULL)) {
isc_mutex_unlock(&tkey->lock); isc_mutex_unlock(&tkey->lock);
*key = NULL;
return; return;
} }
isc_mutex_unlock(&tkey->lock); isc_mutex_unlock(&tkey->lock);
tsigkey_free(key); tsigkey_free(tkey);
} }
void void
@@ -247,7 +254,7 @@ dns_tsig_sign(dns_message_t *msg) {
isc_boolean_t algfreed = ISC_FALSE; isc_boolean_t algfreed = ISC_FALSE;
REQUIRE(msg != NULL); REQUIRE(msg != NULL);
REQUIRE(VALID_TSIG_KEY(msg->tsigkey)); REQUIRE(VALID_TSIG_KEY(dns_message_gettsigkey(msg)));
REQUIRE(msg->tsig == NULL); REQUIRE(msg->tsig == NULL);
/* /*
@@ -259,7 +266,7 @@ dns_tsig_sign(dns_message_t *msg) {
dynbuf = NULL; dynbuf = NULL;
mctx = msg->mctx; mctx = msg->mctx;
key = msg->tsigkey; key = dns_message_gettsigkey(msg);
tsig.mctx = mctx; tsig.mctx = mctx;
tsig.common.rdclass = dns_rdataclass_any; tsig.common.rdclass = dns_rdataclass_any;
@@ -556,7 +563,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
dns_rdata_t rdata; dns_rdata_t rdata;
isc_stdtime_t now; isc_stdtime_t now;
isc_result_t ret; isc_result_t ret;
dns_tsigkey_t *tsigkey = NULL; dns_tsigkey_t *tsigkey;
dst_key_t *key = NULL; dst_key_t *key = NULL;
unsigned char header[DNS_MESSAGE_HEADERLEN]; unsigned char header[DNS_MESSAGE_HEADERLEN];
dst_context_t ctx; dst_context_t ctx;
@@ -566,8 +573,8 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
REQUIRE(source != NULL); REQUIRE(source != NULL);
REQUIRE(DNS_MESSAGE_VALID(msg)); REQUIRE(DNS_MESSAGE_VALID(msg));
REQUIRE(msg->tsig == NULL); REQUIRE(msg->tsig == NULL);
if (msg->tsigkey != NULL) tsigkey = dns_message_gettsigkey(msg);
REQUIRE(VALID_TSIG_KEY(msg->tsigkey)); REQUIRE(tsigkey == NULL || VALID_TSIG_KEY(tsigkey));
msg->verify_attempted = 1; msg->verify_attempted = 1;
@@ -585,7 +592,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
* shouldn't be one on the response. * shouldn't be one on the response.
*/ */
if (is_response(msg) && if (is_response(msg) &&
(msg->tsigkey == NULL || msg->querytsig == NULL)) (tsigkey == NULL || msg->querytsig == NULL))
return (DNS_R_UNEXPECTEDTSIG); return (DNS_R_UNEXPECTEDTSIG);
mctx = msg->mctx; mctx = msg->mctx;
@@ -613,7 +620,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
* Do the key name and algorithm match that of the query? * Do the key name and algorithm match that of the query?
*/ */
if (is_response(msg) && if (is_response(msg) &&
(!dns_name_equal(keyname, &msg->tsigkey->name) || (!dns_name_equal(keyname, &tsigkey->name) ||
!dns_name_equal(&tsig->algorithm, &msg->querytsig->algorithm))) !dns_name_equal(&tsig->algorithm, &msg->querytsig->algorithm)))
{ {
msg->tsigstatus = dns_tsigerror_badkey; msg->tsigstatus = dns_tsigerror_badkey;
@@ -628,7 +635,7 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
/* /*
* Find dns_tsigkey_t based on keyname. * Find dns_tsigkey_t based on keyname.
*/ */
if (msg->tsigkey == NULL) { if (tsigkey == NULL) {
ret = ISC_R_NOTFOUND; ret = ISC_R_NOTFOUND;
if (sring != NULL) if (sring != NULL)
ret = dns_tsigkey_find(&tsigkey, keyname, ret = dns_tsigkey_find(&tsigkey, keyname,
@@ -642,19 +649,20 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
goto cleanup_struct; goto cleanup_struct;
} }
msg->tsigstatus = dns_tsigerror_badkey; msg->tsigstatus = dns_tsigerror_badkey;
msg->tsigkey = NULL;
ret = dns_tsigkey_create(keyname, &tsig->algorithm, ret = dns_tsigkey_create(keyname, &tsig->algorithm,
NULL, 0, ISC_FALSE, NULL, NULL, 0, ISC_FALSE, NULL,
now, now, now, now,
mctx, dring, &msg->tsigkey); mctx, dring, &tsigkey);
if (ret != ISC_R_SUCCESS) if (ret != ISC_R_SUCCESS)
goto cleanup_struct; goto cleanup_struct;
dns_message_settsigkey(msg, tsigkey);
dns_tsigkey_detach(&tsigkey);
return (DNS_R_TSIGVERIFYFAILURE); return (DNS_R_TSIGVERIFYFAILURE);
} }
msg->tsigkey = tsigkey; dns_message_settsigkey(msg, tsigkey);
dns_tsigkey_detach(&tsigkey);
tsigkey = dns_message_gettsigkey(msg);
} }
else
tsigkey = msg->tsigkey;
key = tsigkey->key; key = tsigkey->key;
@@ -814,10 +822,8 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
return (ISC_R_SUCCESS); return (ISC_R_SUCCESS);
cleanup_key: cleanup_key:
if (dns_tsigkey_empty(msg->tsigkey)) { if (dns_tsigkey_empty(tsigkey))
dns_tsigkey_free(&msg->tsigkey); dns_tsigkey_detach(&tsigkey);
msg->tsigkey = NULL;
}
cleanup_struct: cleanup_struct:
dns_rdata_freestruct(tsig); dns_rdata_freestruct(tsig);
cleanup_emptystruct: cleanup_emptystruct:
@@ -836,6 +842,7 @@ dns_tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
dns_rdata_t rdata; dns_rdata_t rdata;
isc_stdtime_t now; isc_stdtime_t now;
isc_result_t ret; isc_result_t ret;
dns_tsigkey_t *tsigkey;
dst_key_t *key = NULL; dst_key_t *key = NULL;
unsigned char header[DNS_MESSAGE_HEADERLEN]; unsigned char header[DNS_MESSAGE_HEADERLEN];
isc_mem_t *mctx; isc_mem_t *mctx;
@@ -845,13 +852,15 @@ dns_tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
REQUIRE(source != NULL); REQUIRE(source != NULL);
REQUIRE(msg != NULL); REQUIRE(msg != NULL);
REQUIRE(msg->tsig == NULL); REQUIRE(msg->tsig == NULL);
REQUIRE(msg->tsigkey != NULL); REQUIRE(dns_message_gettsigkey(msg) != NULL);
REQUIRE(msg->tcp_continuation == 1); REQUIRE(msg->tcp_continuation == 1);
REQUIRE(is_response(msg)); REQUIRE(is_response(msg));
REQUIRE(msg->querytsig != NULL); REQUIRE(msg->querytsig != NULL);
mctx = msg->mctx; mctx = msg->mctx;
tsigkey = dns_message_gettsigkey(msg);
if (msg->tsigset != NULL) { if (msg->tsigset != NULL) {
has_tsig = ISC_TRUE; has_tsig = ISC_TRUE;
@@ -872,7 +881,7 @@ dns_tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
/* /*
* Do the key name and algorithm match that of the query? * Do the key name and algorithm match that of the query?
*/ */
if (!dns_name_equal(keyname, &msg->tsigkey->name) || if (!dns_name_equal(keyname, &tsigkey->name) ||
!dns_name_equal(&tsig->algorithm, !dns_name_equal(&tsig->algorithm,
&msg->querytsig->algorithm)) &msg->querytsig->algorithm))
{ {
@@ -890,7 +899,7 @@ dns_tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
} }
} }
key = msg->tsigkey->key; key = tsigkey->key;
if (msg->tsigctx == NULL) { if (msg->tsigctx == NULL) {
ret = dst_key_verify(DST_SIGMODE_INIT, key, &msg->tsigctx, ret = dst_key_verify(DST_SIGMODE_INIT, key, &msg->tsigctx,
@@ -1105,7 +1114,7 @@ dns_tsigkeyring_destroy(dns_tsig_keyring_t **ring) {
dns_tsigkey_t *key = ISC_LIST_HEAD((*ring)->keys); dns_tsigkey_t *key = ISC_LIST_HEAD((*ring)->keys);
key->refs = 0; key->refs = 0;
key->deleted = ISC_TRUE; key->deleted = ISC_TRUE;
tsigkey_free(&key); tsigkey_free(key);
} }
isc_rwlock_destroy(&(*ring)->lock); isc_rwlock_destroy(&(*ring)->lock);
mctx = (*ring)->mctx; mctx = (*ring)->mctx;

8
lib/dns/xfrin.c
View File

@@ -15,7 +15,7 @@
* SOFTWARE. * SOFTWARE.
*/ */
/* $Id: xfrin.c,v 1.71 2000/05/18 16:47:14 gson Exp $ */ /* $Id: xfrin.c,v 1.72 2000/05/26 00:16:43 bwelling Exp $ */
#include <config.h> #include <config.h>
@@ -816,7 +816,7 @@ xfrin_send_request(dns_xfrin_ctx_t *xfr) {
/* Create the request message */ /* Create the request message */
CHECK(dns_message_create(xfr->mctx, DNS_MESSAGE_INTENTRENDER, &msg)); CHECK(dns_message_create(xfr->mctx, DNS_MESSAGE_INTENTRENDER, &msg));
msg->tsigkey = xfr->tsigkey; dns_message_settsigkey(msg, xfr->tsigkey);
/* Create a name for the question section. */ /* Create a name for the question section. */
dns_message_gettempname(msg, &qname); dns_message_gettempname(msg, &qname);
@@ -970,7 +970,7 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) {
CHECK(dns_message_create(xfr->mctx, DNS_MESSAGE_INTENTPARSE, &msg)); CHECK(dns_message_create(xfr->mctx, DNS_MESSAGE_INTENTPARSE, &msg));
msg->tsigkey = xfr->tsigkey; dns_message_settsigkey(msg, xfr->tsigkey);
msg->querytsig = xfr->lasttsig; msg->querytsig = xfr->lasttsig;
msg->tsigctx = xfr->tsigctx; msg->tsigctx = xfr->tsigctx;
if (xfr->nmsg > 0) if (xfr->nmsg > 0)
@@ -1054,7 +1054,7 @@ xfrin_recv_done(isc_task_t *task, isc_event_t *ev) {
* Reset msg->tsig so it doesn't get freed. * Reset msg->tsig so it doesn't get freed.
*/ */
msg->tsig = NULL; msg->tsig = NULL;
} else if (msg->tsigkey != NULL) { } else if (dns_message_gettsigkey(msg) != NULL) {
xfr->sincetsig++; xfr->sincetsig++;
if (xfr->sincetsig > 100 || if (xfr->sincetsig > 100 ||
xfr->nmsg == 0 || xfr->state == XFRST_END) xfr->nmsg == 0 || xfr->state == XFRST_END)