fix key algorithm checks

3dfc806d · Brian Wellington · f8c304e5 · 3dfc806d · 3dfc806d · 3dfc806d
Commit 3dfc806d authored Aug 03, 2001 by Brian Wellington
--- a/bin/named/config.c
+++ b/bin/named/config.c
@@ -15,7 +15,7 @@
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: config.c,v 1.9 2001/06/04 21:51:23 bwelling Exp $ */
+/* $Id: config.c,v 1.10 2001/08/03 18:12:04 bwelling Exp $ */

 #include <config.h>

@@ -35,6 +35,7 @@
 #include <dns/fixedname.h>
 #include <dns/name.h>
 #include <dns/rdataclass.h>
+#include <dns/tsig.h>
 #include <dns/zone.h>

 #include <named/config.h>
@@ -435,3 +436,17 @@ ns_config_getport(cfg_obj_t *config, in_port_t *portp) {
 	*portp = (in_port_t)cfg_obj_asuint32(portobj);
 	return (ISC_R_SUCCESS);
 }
+
+isc_result_t
+ns_config_getkeyalgorithm(const char *str, dns_name_t **name)
+{
+	if (strcasecmp(str, "hmac-md5") == 0 ||
+	    strcasecmp(str, "hmac-md5.sig-alg.reg.int") == 0 ||
+	    strcasecmp(str, "hmac-md5.sig-alg.reg.int.") == 0)
+	{
+		if (name != NULL)
+			*name = dns_tsig_hmacmd5_name;
+		return (ISC_R_SUCCESS);
+	}
+	return (ISC_R_NOTFOUND);
+}
--- a/bin/named/controlconf.c
+++ b/bin/named/controlconf.c
@@ -15,7 +15,7 @@
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: controlconf.c,v 1.20 2001/08/03 18:03:02 gson Exp $ */
+/* $Id: controlconf.c,v 1.21 2001/08/03 18:12:05 bwelling Exp $ */

 #include <config.h>

@@ -51,6 +51,7 @@

 #include <dst/dst.h>

+#include <named/config.h>
 #include <named/control.h>
 #include <named/log.h>
 #include <named/server.h>
@@ -672,7 +673,9 @@ register_keys(cfg_obj_t *control, cfg_obj_t *keylist,
 			algstr = cfg_obj_asstring(algobj);
 			secretstr = cfg_obj_asstring(secretobj);

-			if (strcasecmp(algstr, "hmac-md5") != 0) {
+			if (ns_config_getkeyalgorithm(algstr, NULL) !=
+			    ISC_R_SUCCESS)
+			{
 				cfg_obj_log(control, ns_g_lctx,
 					    ISC_LOG_WARNING,
 					    "unsupported algorithm '%s' in "
@@ -760,7 +763,7 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
 	algstr = cfg_obj_asstring(algobj);
 	secretstr = cfg_obj_asstring(secretobj);

-	if (strcasecmp(algstr, "hmac-md5") != 0) {
+	if (ns_config_getkeyalgorithm(algstr, NULL) != ISC_R_SUCCESS) {
 		cfg_obj_log(key, ns_g_lctx,
 			    ISC_LOG_WARNING,
 			    "unsupported algorithm '%s' in "

--- a/bin/named/include/named/config.h
+++ b/bin/named/include/named/config.h
@@ -15,9 +15,9 @@
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: config.h,v 1.1 2001/03/04 21:21:32 bwelling Exp $ */
+/* $Id: config.h,v 1.2 2001/08/03 18:12:08 bwelling Exp $ */

-/* $Id: config.h,v 1.1 2001/03/04 21:21:32 bwelling Exp $ */
+/* $Id: config.h,v 1.2 2001/08/03 18:12:08 bwelling Exp $ */

 #ifndef NAMED_CONFIG_H
 #define NAMED_CONFIG_H 1
@@ -63,4 +63,7 @@ ns_config_putipandkeylist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
 isc_result_t
 ns_config_getport(cfg_obj_t *config, in_port_t *portp);

+isc_result_t
+ns_config_getkeyalgorithm(const char *str, dns_name_t **name);
+
 #endif /* NAMED_CONFIG_H */
--- a/bin/named/tsigconf.c
+++ b/bin/named/tsigconf.c
@@ -15,7 +15,7 @@
 * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 */

-/* $Id: tsigconf.c,v 1.19 2001/07/26 20:54:34 bwelling Exp $ */
+/* $Id: tsigconf.c,v 1.20 2001/08/03 18:12:06 bwelling Exp $ */

 #include <config.h>

@@ -83,11 +83,7 @@ add_initial_keys(cfg_obj_t *list, dns_tsig_keyring_t *ring, isc_mem_t *mctx) {
 		 * Create the algorithm.
 		 */
 		algstr = cfg_obj_asstring(algobj);
-		if (strcasecmp(algstr, "hmac-md5") == 0 ||
-		    strcasecmp(algstr, "hmac-md5.sig-alg.reg.int") ||
-		    strcasecmp(algstr, "hmac-md5.sig-alg.reg.int."))
-			alg = dns_tsig_hmacmd5_name;
-		else {
+		if (ns_config_getkeyalgorithm(algstr, &alg) != ISC_R_SUCCESS) {
 			cfg_obj_log(algobj, ns_g_lctx, ISC_LOG_ERROR,
 				    "key '%s': the only supported algorithm "
 				    "is hmac-md5", keyid);