329. [func] omapi_auth_register() now takes a size_t argument for

the length of a key's secret data. Previously OMAPI only stored secrets up to the first NUL byte. This change was made to cope with decoded base64 secrets, so in this revision omapiconf.c and rndc.c also decode the secret.

329. [func] omapi_auth_register() now takes a size_t argument for
the length of a key's secret data. Previously OMAPI only stored secrets up to the first NUL byte. This change was made to cope with decoded base64 secrets, so in this revision omapiconf.c and rndc.c also decode the secret.
ce2be9b7 · David Lawrence · 9bf765ab · ce2be9b7 · ce2be9b7 · ce2be9b7
Commit ce2be9b7 authored Jul 11, 2000 by David Lawrence
--- a/CHANGES
+++ b/CHANGES
+ 329.	[func]		omapi_auth_register() now takes a size_t argument for
+			the length of a key's secret data.  Previously
+			OMAPI only stored secrets up to the first NUL byte.
+
 328.	[func]		Added isc_base64_decodestring().

 327.	[bug]		rndc.conf parser wasn't correctly recognising an IP

--- a/bin/named/omapiconf.c
+++ b/bin/named/omapiconf.c
@@ -15,7 +15,7 @@
 * SOFTWARE.
 */

-/* $Id: omapiconf.c,v 1.4 2000/07/10 22:04:08 tale Exp $ */
+/* $Id: omapiconf.c,v 1.5 2000/07/11 22:03:09 tale Exp $ */

 /*
 * Principal Author: DCL
@@ -23,12 +23,16 @@

 #include <config.h>

+#include <isc/base64.h>
+#include <isc/buffer.h>
 #include <isc/event.h>
 #include <isc/mem.h>
 #include <isc/once.h>
 #include <isc/string.h>
 #include <isc/util.h>

+#include <dst/result.h>
+
 #include <named/log.h>
 #include <named/omapi.h>
 #include <named/server.h>
@@ -195,6 +199,8 @@ register_keys(dns_c_ctrl_t *control, dns_c_kdeflist_t *keydeflist,
 {
 	dns_c_kid_t *keyid;
 	dns_c_kdef_t *keydef;
+	const char secret[1024];
+	isc_buffer_t b;
 	isc_result_t result;

 	/*
@@ -221,9 +227,9 @@ register_keys(dns_c_ctrl_t *control, dns_c_kdeflist_t *keydeflist,
 		      * the keys statement.
 		      */
 		     keydef = NULL;
-		     (void)dns_c_kdeflist_find(keydeflist, keyid->keyid,
-					       &keydef);
-		     if (keydef == NULL)
+		     result = dns_c_kdeflist_find(keydeflist, keyid->keyid,
+						  &keydef);
+		     if (result != ISC_R_SUCCESS)
 			     isc_log_write(ns_g_lctx, ISC_LOGCATEGORY_GENERAL,
 					   NS_LOGMODULE_OMAPI, ISC_LOG_WARNING,
 					   "couldn't find key %s for"
@@ -237,13 +243,31 @@ register_keys(dns_c_ctrl_t *control, dns_c_kdeflist_t *keydeflist,
 					   "command channel %s",
 					   keydef->algorithm, keydef->keyid,
 					   socktext);
-			     keydef = NULL;
+			     result = DST_R_UNSUPPORTEDALG;
+			     keydef = NULL; /* Prevent more error messages. */
+		     }
+
+		     if (result == ISC_R_SUCCESS) {
+			     isc_buffer_init(&b, secret, sizeof(secret));
+			     result = isc_base64_decodestring(ns_g_mctx,
+							      keydef->secret,
+							      &b);
 		     }

-		     if (keydef != NULL)
+		     if (keydef != NULL && result != ISC_R_SUCCESS) {
+			     isc_log_write(ns_g_lctx, ISC_LOGCATEGORY_GENERAL,
+					   NS_LOGMODULE_OMAPI, ISC_LOG_WARNING,
+					   "can't use secret for key %s on "
+					   "command channel %s: %s",
+					   keydef->keyid, socktext,
+					   isc_result_totext(result));
+			     keydef = NULL; /* Prevent more error messages. */
+
+		     } else if (result == ISC_R_SUCCESS)
 			     result = omapi_auth_register(keydef->keyid,
-							  keydef->secret,
-							  OMAPI_AUTH_HMACMD5);
+						    OMAPI_AUTH_HMACMD5,
+						    isc_buffer_base(&b),
+						    isc_buffer_usedlength(&b));

 		     if (keydef != NULL && result != ISC_R_SUCCESS)
 			     isc_log_write(ns_g_lctx, ISC_LOGCATEGORY_GENERAL,

--- a/bin/rndc/rndc.c
+++ b/bin/rndc/rndc.c
@@ -15,7 +15,7 @@
 * SOFTWARE.
 */

-/* $Id: rndc.c,v 1.17 2000/07/11 01:30:56 tale Exp $ */
+/* $Id: rndc.c,v 1.18 2000/07/11 22:03:08 tale Exp $ */

 /* 
 * Principal Author: DCL
@@ -25,6 +25,8 @@

 #include <stdlib.h>

+#include <isc/base64.h>
+#include <isc/buffer.h>
 #include <isc/commandline.h>
 #include <isc/entropy.h>
 #include <isc/mem.h>
@@ -273,7 +275,8 @@ main(int argc, char **argv) {
 	dns_c_kdeflist_t *keys = NULL;
 	dns_c_kdef_t *key = NULL;
 	const char *keyname = NULL;
-	const char *secret = NULL;
+	char secret[1024];
+	isc_buffer_t secretbuf;
 	char *command;
 	const char *servername = NULL;
 	const char *host = NULL;
@@ -396,7 +399,6 @@ main(int argc, char **argv) {
 	INSIST(key->secret != NULL);
 	INSIST(key->algorithm != NULL);

-	secret = key->secret;
 	if (strcasecmp(key->algorithm, "hmac-md5") == 0)
 		algorithm = OMAPI_AUTH_HMACMD5;
 	else {
@@ -405,6 +407,10 @@ main(int argc, char **argv) {
 		exit(1);
 	}

+	isc_buffer_init(&secretbuf, secret, sizeof(secret));
+	DO("decode base64 secret",
+	   isc_base64_decodestring(mctx, key->secret, &secretbuf));
+
 	if (server != NULL)
 		(void)dns_c_ndcserver_gethost(server, &host);

@@ -432,7 +438,8 @@ main(int argc, char **argv) {
 	ndc_g_ndc.type = ndc_type;

 	DO("register local authenticator",
-	   omapi_auth_register(keyname, secret, algorithm));
+	   omapi_auth_register(keyname, algorithm, isc_buffer_base(&secretbuf),
+			       isc_buffer_usedlength(&secretbuf)));

 	DO("create protocol manager", omapi_object_create(&omapimgr, NULL, 0));


--- a/lib/omapi/auth.c
+++ b/lib/omapi/auth.c
@@ -15,7 +15,7 @@
 * SOFTWARE.
 */

-/* $Id: auth.c,v 1.9 2000/06/28 03:09:44 tale Exp $ */
+/* $Id: auth.c,v 1.10 2000/07/11 22:03:10 tale Exp $ */

 /* Principal Author: DCL */

@@ -58,6 +58,7 @@ struct auth {
 	unsigned int		magic;
 	char			*name;
 	char			*secret;
+	size_t			secretlen;
 	unsigned int		algorithms;

 	ISC_LINK(auth_t)	link;
@@ -133,10 +134,8 @@ auth_makekey(const char *name, unsigned int algorithm, dst_key_t **key) {
 			return (ISC_R_UNEXPECTED);
 		}

-		length = strlen(auth->secret);
-		isc_buffer_init(&secret, auth->secret, length);
-		isc_buffer_add(&secret, length);
-
+		isc_buffer_init(&secret, auth->secret, auth->secretlen);
+		isc_buffer_add(&secret, auth->secretlen);

 		length = strlen(auth->name);
 		isc_buffer_init(&srcb, auth->name, length);
@@ -171,8 +170,8 @@ auth_delete(auth_t *a) {
 }

 isc_result_t
-omapi_auth_register(const char *name, const char *secret,
-		    unsigned int algorithms)
+omapi_auth_register(const char *name, unsigned int algorithms,
+		    const unsigned char *secret, size_t secretlen)
 {
 	auth_t *new = NULL;
 	isc_result_t result = ISC_R_SUCCESS;
@@ -199,9 +198,13 @@ omapi_auth_register(const char *name, const char *secret,
 		if (new->name == NULL)
 			result = ISC_R_NOMEMORY;
 	
-		new->secret = isc_mem_strdup(omapi_mctx, secret);
+		new->secret = isc_mem_allocate(omapi_mctx, secretlen);
 		if (new->secret == NULL)
 			result = ISC_R_NOMEMORY;
+		else {
+			memcpy(new->secret, secret, secretlen);
+			new->secretlen = secretlen;
+		}

 		new->algorithms = algorithms;


--- a/lib/omapi/include/omapi/omapi.h
+++ b/lib/omapi/include/omapi/omapi.h
@@ -15,7 +15,7 @@
 * SOFTWARE.
 */

-/* $Id: omapi.h,v 1.14 2000/07/10 11:22:59 tale Exp $ */
+/* $Id: omapi.h,v 1.15 2000/07/11 22:03:12 tale Exp $ */

 /*
 * Definitions for the object management API and protocol.
@@ -94,8 +94,8 @@ struct omapi_object {
 * Public functions defined in auth.c.
 */
 isc_result_t
-omapi_auth_register(const char *name, const char *secret,
-		    unsigned int algorithms);
+omapi_auth_register(const char *name, unsigned int algorithms,
+		    const unsigned char *secret, size_t secretlen);

 void
 omapi_auth_deregister(const char *name);