mirror of
https://gitlab.isc.org/isc-projects/bind9
synced 2025-08-31 06:25:31 +00:00
329. [func] omapi_auth_register() now takes a size_t argument for
the length of a key's secret data. Previously OMAPI only stored secrets up to the first NUL byte. This change was made to cope with decoded base64 secrets, so in this revision omapiconf.c and rndc.c also decode the secret.
This commit is contained in:
David Lawrence
4
CHANGES
4
CHANGES
@@ -1,3 +1,7 @@
|
||||
329. [func] omapi_auth_register() now takes a size_t argument for
|
||||
the length of a key's secret data. Previously
|
||||
OMAPI only stored secrets up to the first NUL byte.
|
||||
|
||||
328. [func] Added isc_base64_decodestring().
|
||||
|
||||
327. [bug] rndc.conf parser wasn't correctly recognising an IP
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: omapiconf.c,v 1.4 2000/07/10 22:04:08 tale Exp $ */
|
||||
/* $Id: omapiconf.c,v 1.5 2000/07/11 22:03:09 tale Exp $ */
|
||||
|
||||
/*
|
||||
* Principal Author: DCL
|
||||
@@ -23,12 +23,16 @@
|
||||
|
||||
#include <config.h>
|
||||
|
||||
#include <isc/base64.h>
|
||||
#include <isc/buffer.h>
|
||||
#include <isc/event.h>
|
||||
#include <isc/mem.h>
|
||||
#include <isc/once.h>
|
||||
#include <isc/string.h>
|
||||
#include <isc/util.h>
|
||||
|
||||
#include <dst/result.h>
|
||||
|
||||
#include <named/log.h>
|
||||
#include <named/omapi.h>
|
||||
#include <named/server.h>
|
||||
@@ -195,6 +199,8 @@ register_keys(dns_c_ctrl_t *control, dns_c_kdeflist_t *keydeflist,
|
||||
{
|
||||
dns_c_kid_t *keyid;
|
||||
dns_c_kdef_t *keydef;
|
||||
const char secret[1024];
|
||||
isc_buffer_t b;
|
||||
isc_result_t result;
|
||||
|
||||
/*
|
||||
@@ -221,9 +227,9 @@ register_keys(dns_c_ctrl_t *control, dns_c_kdeflist_t *keydeflist,
|
||||
* the keys statement.
|
||||
*/
|
||||
keydef = NULL;
|
||||
(void)dns_c_kdeflist_find(keydeflist, keyid->keyid,
|
||||
&keydef);
|
||||
if (keydef == NULL)
|
||||
result = dns_c_kdeflist_find(keydeflist, keyid->keyid,
|
||||
&keydef);
|
||||
if (result != ISC_R_SUCCESS)
|
||||
isc_log_write(ns_g_lctx, ISC_LOGCATEGORY_GENERAL,
|
||||
NS_LOGMODULE_OMAPI, ISC_LOG_WARNING,
|
||||
"couldn't find key %s for"
|
||||
@@ -237,13 +243,31 @@ register_keys(dns_c_ctrl_t *control, dns_c_kdeflist_t *keydeflist,
|
||||
"command channel %s",
|
||||
keydef->algorithm, keydef->keyid,
|
||||
socktext);
|
||||
keydef = NULL;
|
||||
result = DST_R_UNSUPPORTEDALG;
|
||||
keydef = NULL; /* Prevent more error messages. */
|
||||
}
|
||||
|
||||
if (keydef != NULL)
|
||||
if (result == ISC_R_SUCCESS) {
|
||||
isc_buffer_init(&b, secret, sizeof(secret));
|
||||
result = isc_base64_decodestring(ns_g_mctx,
|
||||
keydef->secret,
|
||||
&b);
|
||||
}
|
||||
|
||||
if (keydef != NULL && result != ISC_R_SUCCESS) {
|
||||
isc_log_write(ns_g_lctx, ISC_LOGCATEGORY_GENERAL,
|
||||
NS_LOGMODULE_OMAPI, ISC_LOG_WARNING,
|
||||
"can't use secret for key %s on "
|
||||
"command channel %s: %s",
|
||||
keydef->keyid, socktext,
|
||||
isc_result_totext(result));
|
||||
keydef = NULL; /* Prevent more error messages. */
|
||||
|
||||
} else if (result == ISC_R_SUCCESS)
|
||||
result = omapi_auth_register(keydef->keyid,
|
||||
keydef->secret,
|
||||
OMAPI_AUTH_HMACMD5);
|
||||
OMAPI_AUTH_HMACMD5,
|
||||
isc_buffer_base(&b),
|
||||
isc_buffer_usedlength(&b));
|
||||
|
||||
if (keydef != NULL && result != ISC_R_SUCCESS)
|
||||
isc_log_write(ns_g_lctx, ISC_LOGCATEGORY_GENERAL,
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: rndc.c,v 1.17 2000/07/11 01:30:56 tale Exp $ */
|
||||
/* $Id: rndc.c,v 1.18 2000/07/11 22:03:08 tale Exp $ */
|
||||
|
||||
/*
|
||||
* Principal Author: DCL
|
||||
@@ -25,6 +25,8 @@
|
||||
|
||||
#include <stdlib.h>
|
||||
|
||||
#include <isc/base64.h>
|
||||
#include <isc/buffer.h>
|
||||
#include <isc/commandline.h>
|
||||
#include <isc/entropy.h>
|
||||
#include <isc/mem.h>
|
||||
@@ -273,7 +275,8 @@ main(int argc, char **argv) {
|
||||
dns_c_kdeflist_t *keys = NULL;
|
||||
dns_c_kdef_t *key = NULL;
|
||||
const char *keyname = NULL;
|
||||
const char *secret = NULL;
|
||||
char secret[1024];
|
||||
isc_buffer_t secretbuf;
|
||||
char *command;
|
||||
const char *servername = NULL;
|
||||
const char *host = NULL;
|
||||
@@ -396,7 +399,6 @@ main(int argc, char **argv) {
|
||||
INSIST(key->secret != NULL);
|
||||
INSIST(key->algorithm != NULL);
|
||||
|
||||
secret = key->secret;
|
||||
if (strcasecmp(key->algorithm, "hmac-md5") == 0)
|
||||
algorithm = OMAPI_AUTH_HMACMD5;
|
||||
else {
|
||||
@@ -405,6 +407,10 @@ main(int argc, char **argv) {
|
||||
exit(1);
|
||||
}
|
||||
|
||||
isc_buffer_init(&secretbuf, secret, sizeof(secret));
|
||||
DO("decode base64 secret",
|
||||
isc_base64_decodestring(mctx, key->secret, &secretbuf));
|
||||
|
||||
if (server != NULL)
|
||||
(void)dns_c_ndcserver_gethost(server, &host);
|
||||
|
||||
@@ -432,7 +438,8 @@ main(int argc, char **argv) {
|
||||
ndc_g_ndc.type = ndc_type;
|
||||
|
||||
DO("register local authenticator",
|
||||
omapi_auth_register(keyname, secret, algorithm));
|
||||
omapi_auth_register(keyname, algorithm, isc_buffer_base(&secretbuf),
|
||||
isc_buffer_usedlength(&secretbuf)));
|
||||
|
||||
DO("create protocol manager", omapi_object_create(&omapimgr, NULL, 0));
|
||||
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: auth.c,v 1.9 2000/06/28 03:09:44 tale Exp $ */
|
||||
/* $Id: auth.c,v 1.10 2000/07/11 22:03:10 tale Exp $ */
|
||||
|
||||
/* Principal Author: DCL */
|
||||
|
||||
@@ -58,6 +58,7 @@ struct auth {
|
||||
unsigned int magic;
|
||||
char *name;
|
||||
char *secret;
|
||||
size_t secretlen;
|
||||
unsigned int algorithms;
|
||||
|
||||
ISC_LINK(auth_t) link;
|
||||
@@ -133,10 +134,8 @@ auth_makekey(const char *name, unsigned int algorithm, dst_key_t **key) {
|
||||
return (ISC_R_UNEXPECTED);
|
||||
}
|
||||
|
||||
length = strlen(auth->secret);
|
||||
isc_buffer_init(&secret, auth->secret, length);
|
||||
isc_buffer_add(&secret, length);
|
||||
|
||||
isc_buffer_init(&secret, auth->secret, auth->secretlen);
|
||||
isc_buffer_add(&secret, auth->secretlen);
|
||||
|
||||
length = strlen(auth->name);
|
||||
isc_buffer_init(&srcb, auth->name, length);
|
||||
@@ -171,8 +170,8 @@ auth_delete(auth_t *a) {
|
||||
}
|
||||
|
||||
isc_result_t
|
||||
omapi_auth_register(const char *name, const char *secret,
|
||||
unsigned int algorithms)
|
||||
omapi_auth_register(const char *name, unsigned int algorithms,
|
||||
const unsigned char *secret, size_t secretlen)
|
||||
{
|
||||
auth_t *new = NULL;
|
||||
isc_result_t result = ISC_R_SUCCESS;
|
||||
@@ -199,9 +198,13 @@ omapi_auth_register(const char *name, const char *secret,
|
||||
if (new->name == NULL)
|
||||
result = ISC_R_NOMEMORY;
|
||||
|
||||
new->secret = isc_mem_strdup(omapi_mctx, secret);
|
||||
new->secret = isc_mem_allocate(omapi_mctx, secretlen);
|
||||
if (new->secret == NULL)
|
||||
result = ISC_R_NOMEMORY;
|
||||
else {
|
||||
memcpy(new->secret, secret, secretlen);
|
||||
new->secretlen = secretlen;
|
||||
}
|
||||
|
||||
new->algorithms = algorithms;
|
||||
|
||||
|
||||
@@ -15,7 +15,7 @@
|
||||
* SOFTWARE.
|
||||
*/
|
||||
|
||||
/* $Id: omapi.h,v 1.14 2000/07/10 11:22:59 tale Exp $ */
|
||||
/* $Id: omapi.h,v 1.15 2000/07/11 22:03:12 tale Exp $ */
|
||||
|
||||
/*
|
||||
* Definitions for the object management API and protocol.
|
||||
@@ -94,8 +94,8 @@ struct omapi_object {
|
||||
* Public functions defined in auth.c.
|
||||
*/
|
||||
isc_result_t
|
||||
omapi_auth_register(const char *name, const char *secret,
|
||||
unsigned int algorithms);
|
||||
omapi_auth_register(const char *name, unsigned int algorithms,
|
||||
const unsigned char *secret, size_t secretlen);
|
||||
|
||||
void
|
||||
omapi_auth_deregister(const char *name);
|
||||
|
||||
Reference in New Issue
Block a user