Commit 19d1b166 authored by Brian Wellington's avatar Brian Wellington
Browse files

notify and zone soa queries are now tsig signed when appropriate.

parent d044d989
203. [func] notify and zone soa queries are now tsig signed when
appropriate.
202. [func] isc_lex_getsourceline() changed from returning int
to returning unsigned long, the type of its underlying
counter.
......
......@@ -161,6 +161,7 @@ dns_requestmgr_detach(dns_requestmgr_t **requestmgrp);
isc_result_t
dns_request_create(dns_requestmgr_t *requestmgr, dns_message_t *message,
isc_sockaddr_t *address, unsigned int options,
dns_tsigkey_t *key,
unsigned int timeout, isc_task_t *task,
isc_taskaction_t action, void *arg,
dns_request_t **requestp);
......
......@@ -26,8 +26,11 @@
#include <dns/events.h>
#include <dns/log.h>
#include <dns/message.h>
#include <dns/rdata.h>
#include <dns/rdatastruct.h>
#include <dns/request.h>
#include <dns/result.h>
#include <dns/tsig.h>
#define REQUESTMGR_MAGIC 0x5271754dU /* RquM */
#define VALID_REQUESTMGR(mgr) ((mgr) != NULL && \
......@@ -75,6 +78,9 @@ struct dns_request {
dns_dispentry_t *dispentry;
isc_timer_t *timer;
dns_requestmgr_t *requestmgr;
dns_rdata_any_tsig_t *tsig;
dns_tsigkey_t *tsigkey;
};
#define DNS_REQUEST_F_CONNECTING 0x0001
......@@ -415,6 +421,7 @@ req_send(dns_request_t *request, isc_task_t *task, isc_sockaddr_t *address) {
isc_result_t
dns_request_create(dns_requestmgr_t *requestmgr, dns_message_t *message,
isc_sockaddr_t *address, unsigned int options,
dns_tsigkey_t *key,
unsigned int timeout, isc_task_t *task,
isc_taskaction_t action, void *arg,
dns_request_t **requestp)
......@@ -459,6 +466,8 @@ dns_request_create(dns_requestmgr_t *requestmgr, dns_message_t *message,
request->dispentry = NULL;
request->timer = NULL;
request->requestmgr = NULL;
request->tsig = NULL;
request->tsigkey = NULL;
/*
* Create timer now. We will set it below once.
......@@ -480,6 +489,7 @@ dns_request_create(dns_requestmgr_t *requestmgr, dns_message_t *message,
request->event->ev_sender = task;
request->event->request = request;
request->event->result = ISC_R_FAILURE;
request->tsigkey = key;
use_tcp:
if ((options & DNS_REQUESTOPT_TCP) != 0) {
......@@ -527,7 +537,11 @@ dns_request_create(dns_requestmgr_t *requestmgr, dns_message_t *message,
goto cleanup;
message->id = id;
message->tsigkey = request->tsigkey;
result = req_render(message, &request->query, mctx);
request->tsig = message->tsig;
message->tsig = NULL;
message->tsigkey = NULL;
if (result == DNS_R_USETCP &&
(options & DNS_REQUESTOPT_TCP) == 0) {
/*
......@@ -709,6 +723,9 @@ dns_request_getresponse(dns_request_t *request, dns_message_t *message,
req_log(ISC_LOG_DEBUG(3), "dns_request_getresponse: request %p",
request);
message->querytsig = request->tsig;
request->tsig = NULL;
message->tsigkey = request->tsigkey;
return (dns_message_parse(message, request->answer, preserve_order));
}
......@@ -884,6 +901,11 @@ req_destroy(dns_request_t *request) {
dns_dispatch_detach(&request->dispatch);
if (request->timer != NULL)
isc_timer_detach(&request->timer);
if (request->tsig != NULL) {
dns_rdata_freestruct(request->tsig);
isc_mem_put(request->mctx, request->tsig,
sizeof(*request->tsig));
}
requestmgr_detach(&request->requestmgr);
mctx = request->mctx;
isc_mem_put(mctx, request, sizeof(*request));
......
......@@ -15,7 +15,7 @@
* SOFTWARE.
*/
/* $Id: zone.c,v 1.124 2000/05/24 05:09:19 tale Exp $ */
/* $Id: zone.c,v 1.125 2000/05/24 17:30:38 bwelling Exp $ */
#include <config.h>
......@@ -1753,6 +1753,10 @@ notify_send_toaddr(isc_task_t *task, isc_event_t *event) {
isc_result_t result;
dns_message_t *message = NULL;
dns_zone_t *zone = NULL;
isc_netaddr_t dstip;
dns_peer_t *peer = NULL;
dns_name_t *keyname = NULL;
dns_tsigkey_t *key = NULL;
notify = event->ev_arg;
REQUIRE(DNS_NOTIFY_VALID(notify));
......@@ -1770,8 +1774,23 @@ notify_send_toaddr(isc_task_t *task, isc_event_t *event) {
result = notify_createmessage(notify->zone, &message);
if (result != ISC_R_SUCCESS)
goto cleanup;
isc_netaddr_fromsockaddr(&dstip, &notify->dst);
result = dns_peerlist_peerbyaddr(zone->view->peers,
&dstip, &peer);
if (result == ISC_R_SUCCESS &&
dns_peer_getkey(peer, &keyname) == ISC_R_SUCCESS)
{
result = dns_tsigkey_find(&key, keyname, NULL,
zone->view->statickeys);
if (result == ISC_R_NOTFOUND)
(void) dns_tsigkey_find(&key, keyname, NULL,
zone->view->dynamickeys);
}
result = dns_request_create(notify->zone->view->requestmgr, message,
&notify->dst, 0, 15, notify->zone->task,
&notify->dst, 0, key, 15,
notify->zone->task,
notify_done, notify,
&notify->request);
dns_message_destroy(&message);
......@@ -2223,6 +2242,10 @@ soa_query(isc_task_t *task, isc_event_t *event) {
dns_name_t *qname = NULL;
dns_rdataset_t *qrdataset = NULL;
dns_zone_t *zone = event->ev_arg;
isc_netaddr_t masterip;
dns_peer_t *peer = NULL;
dns_name_t *keyname = NULL;
dns_tsigkey_t *key = NULL;
REQUIRE(DNS_ZONE_VALID(zone));
......@@ -2278,8 +2301,22 @@ soa_query(isc_task_t *task, isc_event_t *event) {
if (isc_sockaddr_getport(&zone->masteraddr) == 0)
isc_sockaddr_setport(&zone->masteraddr, 53); /* XXX */
isc_netaddr_fromsockaddr(&masterip, &zone->masteraddr);
result = dns_peerlist_peerbyaddr(zone->view->peers,
&masterip, &peer);
if (result == ISC_R_SUCCESS &&
dns_peer_getkey(peer, &keyname) == ISC_R_SUCCESS)
{
result = dns_tsigkey_find(&key, keyname, NULL,
zone->view->statickeys);
if (result == ISC_R_NOTFOUND)
(void) dns_tsigkey_find(&key, keyname, NULL,
zone->view->dynamickeys);
}
result = dns_request_create(zone->view->requestmgr, message,
&zone->masteraddr, 0,
&zone->masteraddr, 0, key,
15 /* XXX */, zone->task,
refresh_callback, zone, &zone->request);
if (result != ISC_R_SUCCESS) {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment