Commit 3dfc806d authored by Brian Wellington's avatar Brian Wellington

fix key algorithm checks

parent f8c304e5
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: config.c,v 1.9 2001/06/04 21:51:23 bwelling Exp $ */
/* $Id: config.c,v 1.10 2001/08/03 18:12:04 bwelling Exp $ */
#include <config.h>
......@@ -35,6 +35,7 @@
#include <dns/fixedname.h>
#include <dns/name.h>
#include <dns/rdataclass.h>
#include <dns/tsig.h>
#include <dns/zone.h>
#include <named/config.h>
......@@ -435,3 +436,17 @@ ns_config_getport(cfg_obj_t *config, in_port_t *portp) {
*portp = (in_port_t)cfg_obj_asuint32(portobj);
return (ISC_R_SUCCESS);
}
isc_result_t
ns_config_getkeyalgorithm(const char *str, dns_name_t **name)
{
if (strcasecmp(str, "hmac-md5") == 0 ||
strcasecmp(str, "hmac-md5.sig-alg.reg.int") == 0 ||
strcasecmp(str, "hmac-md5.sig-alg.reg.int.") == 0)
{
if (name != NULL)
*name = dns_tsig_hmacmd5_name;
return (ISC_R_SUCCESS);
}
return (ISC_R_NOTFOUND);
}
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: controlconf.c,v 1.20 2001/08/03 18:03:02 gson Exp $ */
/* $Id: controlconf.c,v 1.21 2001/08/03 18:12:05 bwelling Exp $ */
#include <config.h>
......@@ -51,6 +51,7 @@
#include <dst/dst.h>
#include <named/config.h>
#include <named/control.h>
#include <named/log.h>
#include <named/server.h>
......@@ -672,7 +673,9 @@ register_keys(cfg_obj_t *control, cfg_obj_t *keylist,
algstr = cfg_obj_asstring(algobj);
secretstr = cfg_obj_asstring(secretobj);
if (strcasecmp(algstr, "hmac-md5") != 0) {
if (ns_config_getkeyalgorithm(algstr, NULL) !=
ISC_R_SUCCESS)
{
cfg_obj_log(control, ns_g_lctx,
ISC_LOG_WARNING,
"unsupported algorithm '%s' in "
......@@ -760,7 +763,7 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
algstr = cfg_obj_asstring(algobj);
secretstr = cfg_obj_asstring(secretobj);
if (strcasecmp(algstr, "hmac-md5") != 0) {
if (ns_config_getkeyalgorithm(algstr, NULL) != ISC_R_SUCCESS) {
cfg_obj_log(key, ns_g_lctx,
ISC_LOG_WARNING,
"unsupported algorithm '%s' in "
......
......@@ -15,9 +15,9 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: config.h,v 1.1 2001/03/04 21:21:32 bwelling Exp $ */
/* $Id: config.h,v 1.2 2001/08/03 18:12:08 bwelling Exp $ */
/* $Id: config.h,v 1.1 2001/03/04 21:21:32 bwelling Exp $ */
/* $Id: config.h,v 1.2 2001/08/03 18:12:08 bwelling Exp $ */
#ifndef NAMED_CONFIG_H
#define NAMED_CONFIG_H 1
......@@ -63,4 +63,7 @@ ns_config_putipandkeylist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
isc_result_t
ns_config_getport(cfg_obj_t *config, in_port_t *portp);
isc_result_t
ns_config_getkeyalgorithm(const char *str, dns_name_t **name);
#endif /* NAMED_CONFIG_H */
......@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: tsigconf.c,v 1.19 2001/07/26 20:54:34 bwelling Exp $ */
/* $Id: tsigconf.c,v 1.20 2001/08/03 18:12:06 bwelling Exp $ */
#include <config.h>
......@@ -83,11 +83,7 @@ add_initial_keys(cfg_obj_t *list, dns_tsig_keyring_t *ring, isc_mem_t *mctx) {
* Create the algorithm.
*/
algstr = cfg_obj_asstring(algobj);
if (strcasecmp(algstr, "hmac-md5") == 0 ||
strcasecmp(algstr, "hmac-md5.sig-alg.reg.int") ||
strcasecmp(algstr, "hmac-md5.sig-alg.reg.int."))
alg = dns_tsig_hmacmd5_name;
else {
if (ns_config_getkeyalgorithm(algstr, &alg) != ISC_R_SUCCESS) {
cfg_obj_log(algobj, ns_g_lctx, ISC_LOG_ERROR,
"key '%s': the only supported algorithm "
"is hmac-md5", keyid);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment