Commit 523dd6a9 authored by Brian Wellington's avatar Brian Wellington
Browse files

669. [func] dnssec-keygen now makes the public key file

                        non-world-readable for symmetric keys. [RT #403]
parent bff300be
669. [func] dnssec-keygen now makes the public key file
non-world-readable for symmetric keys. [RT #403]
668. [func] named-checkzone now reports multiple errors in master
files.
......
......@@ -19,7 +19,7 @@
/*
* Principal Author: Brian Wellington
* $Id: dst_api.c,v 1.67 2000/12/18 21:09:42 gson Exp $
* $Id: dst_api.c,v 1.68 2001/01/09 00:52:59 bwelling Exp $
*/
#include <config.h>
......@@ -29,6 +29,7 @@
#include <isc/buffer.h>
#include <isc/dir.h>
#include <isc/entropy.h>
#include <isc/fsaccess.h>
#include <isc/lex.h>
#include <isc/mem.h>
#include <isc/once.h>
......@@ -964,6 +965,7 @@ write_public_key(const dst_key_t *key, const char *directory) {
char class_array[10];
isc_result_t ret;
dns_rdata_t rdata = DNS_RDATA_INIT;
isc_fsaccess_t access;
REQUIRE(VALID_KEY(key));
......@@ -1016,6 +1018,15 @@ write_public_key(const dst_key_t *key, const char *directory) {
fputc('\n', fp);
fclose(fp);
if (key->func->issymmetric()) {
access = 0;
isc_fsaccess_add(ISC_FSACCESS_OWNER,
ISC_FSACCESS_READ | ISC_FSACCESS_WRITE,
&access);
(void)isc_fsaccess_set(filename, access);
}
return (ISC_R_SUCCESS);
}
......
......@@ -17,7 +17,7 @@
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: dst_internal.h,v 1.30 2000/09/16 01:12:20 bwelling Exp $ */
/* $Id: dst_internal.h,v 1.31 2001/01/09 00:53:01 bwelling Exp $ */
#ifndef DST_DST_INTERNAL_H
#define DST_DST_INTERNAL_H 1
......@@ -81,6 +81,7 @@ struct dst_func {
const dst_key_t *key2);
isc_result_t (*generate)(dst_key_t *key, int parms);
isc_boolean_t (*isprivate)(const dst_key_t *key);
isc_boolean_t (*issymmetric)(void);
void (*destroy)(dst_key_t *key);
/* conversion functions */
......
......@@ -16,7 +16,7 @@
*/
/*
* $Id: gssapi_link.c,v 1.4 2000/11/28 04:46:00 marka Exp $
* $Id: gssapi_link.c,v 1.5 2001/01/09 00:53:02 bwelling Exp $
*/
#ifdef GSSAPI
......@@ -182,6 +182,12 @@ gssapi_isprivate(const dst_key_t *key) {
return (ISC_TRUE);
}
static isc_boolean_t
gssapi_issymmetric(const dst_key_t *key) {
UNUSED(key);
return (ISC_TRUE);
}
static void
gssapi_destroy(dst_key_t *key) {
UNUSED(key);
......@@ -199,6 +205,7 @@ static dst_func_t gssapi_functions = {
NULL, /* paramcompare */
gssapi_generate,
gssapi_isprivate,
gssapi_issymetric,
gssapi_destroy,
NULL, /* todns */
NULL, /* fromdns */
......
......@@ -19,7 +19,7 @@
/*
* Principal Author: Brian Wellington
* $Id: hmac_link.c,v 1.45 2000/09/08 14:23:47 bwelling Exp $
* $Id: hmac_link.c,v 1.46 2001/01/09 00:53:03 bwelling Exp $
*/
#include <config.h>
......@@ -157,6 +157,11 @@ hmacmd5_isprivate(const dst_key_t *key) {
return (ISC_TRUE);
}
static isc_boolean_t
hmacmd5_issymmetric(void) {
return (ISC_TRUE);
}
static void
hmacmd5_destroy(dst_key_t *key) {
HMAC_Key *hkey = key->opaque;
......@@ -270,6 +275,7 @@ static dst_func_t hmacmd5_functions = {
NULL, /* paramcompare */
hmacmd5_generate,
hmacmd5_isprivate,
hmacmd5_issymmetric,
hmacmd5_destroy,
hmacmd5_todns,
hmacmd5_fromdns,
......
......@@ -19,7 +19,7 @@
/*
* Principal Author: Brian Wellington
* $Id: openssl_link.c,v 1.39 2000/12/04 23:39:05 bwelling Exp $
* $Id: openssl_link.c,v 1.40 2001/01/09 00:53:04 bwelling Exp $
*/
#if defined(OPENSSL)
......@@ -226,6 +226,11 @@ openssldsa_isprivate(const dst_key_t *key) {
return (ISC_TF(dsa != NULL && dsa->priv_key != NULL));
}
static isc_boolean_t
openssldsa_issymmetric(void) {
return (ISC_FALSE);
}
static void
openssldsa_destroy(dst_key_t *key) {
DSA *dsa = key->opaque;
......@@ -454,6 +459,7 @@ static dst_func_t openssldsa_functions = {
NULL, /* paramcompare */
openssldsa_generate,
openssldsa_isprivate,
openssldsa_issymmetric,
openssldsa_destroy,
openssldsa_todns,
openssldsa_fromdns,
......
......@@ -19,7 +19,7 @@
/*
* Principal Author: Brian Wellington
* $Id: openssldh_link.c,v 1.32 2000/12/04 23:06:36 bwelling Exp $
* $Id: openssldh_link.c,v 1.33 2001/01/09 00:53:05 bwelling Exp $
*/
#if defined(OPENSSL)
......@@ -183,6 +183,11 @@ openssldh_isprivate(const dst_key_t *key) {
return (ISC_TF(dh != NULL && dh->priv_key != NULL));
}
static isc_boolean_t
openssldh_issymmetric(void) {
return (ISC_FALSE);
}
static void
openssldh_destroy(dst_key_t *key) {
DH *dh = key->opaque;
......@@ -547,6 +552,7 @@ static dst_func_t openssldh_functions = {
openssldh_paramcompare,
openssldh_generate,
openssldh_isprivate,
openssldh_issymmetric,
openssldh_destroy,
openssldh_todns,
openssldh_fromdns,
......
......@@ -17,7 +17,7 @@
/*
* Principal Author: Brian Wellington
* $Id: opensslrsa_link.c,v 1.6 2000/12/05 21:11:18 ogud Exp $
* $Id: opensslrsa_link.c,v 1.7 2001/01/09 00:53:06 bwelling Exp $
*/
#if defined(OPENSSL)
......@@ -242,6 +242,11 @@ opensslrsa_isprivate(const dst_key_t *key) {
return (ISC_TF(rsa != NULL && rsa->d != NULL));
}
static isc_boolean_t
opensslrsa_issymmetric(void) {
return (ISC_FALSE);
}
static void
opensslrsa_destroy(dst_key_t *key) {
RSA *rsa = key->opaque;
......@@ -510,6 +515,7 @@ static dst_func_t opensslrsa_functions = {
NULL, /* paramcompare */
opensslrsa_generate,
opensslrsa_isprivate,
opensslrsa_issymmetric,
opensslrsa_destroy,
opensslrsa_todns,
opensslrsa_fromdns,
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment