Commit ce2be9b7 authored by David Lawrence's avatar David Lawrence
Browse files

329. [func] omapi_auth_register() now takes a size_t argument for

			the length of a key's secret data.  Previously
			OMAPI only stored secrets up to the first NUL byte.

This change was made to cope with decoded base64 secrets, so in this
revision omapiconf.c and rndc.c also decode the secret.
parent 9bf765ab
329. [func] omapi_auth_register() now takes a size_t argument for
the length of a key's secret data. Previously
OMAPI only stored secrets up to the first NUL byte.
328. [func] Added isc_base64_decodestring().
327. [bug] rndc.conf parser wasn't correctly recognising an IP
......
......@@ -15,7 +15,7 @@
* SOFTWARE.
*/
/* $Id: omapiconf.c,v 1.4 2000/07/10 22:04:08 tale Exp $ */
/* $Id: omapiconf.c,v 1.5 2000/07/11 22:03:09 tale Exp $ */
/*
* Principal Author: DCL
......@@ -23,12 +23,16 @@
#include <config.h>
#include <isc/base64.h>
#include <isc/buffer.h>
#include <isc/event.h>
#include <isc/mem.h>
#include <isc/once.h>
#include <isc/string.h>
#include <isc/util.h>
#include <dst/result.h>
#include <named/log.h>
#include <named/omapi.h>
#include <named/server.h>
......@@ -195,6 +199,8 @@ register_keys(dns_c_ctrl_t *control, dns_c_kdeflist_t *keydeflist,
{
dns_c_kid_t *keyid;
dns_c_kdef_t *keydef;
const char secret[1024];
isc_buffer_t b;
isc_result_t result;
/*
......@@ -221,9 +227,9 @@ register_keys(dns_c_ctrl_t *control, dns_c_kdeflist_t *keydeflist,
* the keys statement.
*/
keydef = NULL;
(void)dns_c_kdeflist_find(keydeflist, keyid->keyid,
&keydef);
if (keydef == NULL)
result = dns_c_kdeflist_find(keydeflist, keyid->keyid,
&keydef);
if (result != ISC_R_SUCCESS)
isc_log_write(ns_g_lctx, ISC_LOGCATEGORY_GENERAL,
NS_LOGMODULE_OMAPI, ISC_LOG_WARNING,
"couldn't find key %s for"
......@@ -237,13 +243,31 @@ register_keys(dns_c_ctrl_t *control, dns_c_kdeflist_t *keydeflist,
"command channel %s",
keydef->algorithm, keydef->keyid,
socktext);
keydef = NULL;
result = DST_R_UNSUPPORTEDALG;
keydef = NULL; /* Prevent more error messages. */
}
if (result == ISC_R_SUCCESS) {
isc_buffer_init(&b, secret, sizeof(secret));
result = isc_base64_decodestring(ns_g_mctx,
keydef->secret,
&b);
}
if (keydef != NULL)
if (keydef != NULL && result != ISC_R_SUCCESS) {
isc_log_write(ns_g_lctx, ISC_LOGCATEGORY_GENERAL,
NS_LOGMODULE_OMAPI, ISC_LOG_WARNING,
"can't use secret for key %s on "
"command channel %s: %s",
keydef->keyid, socktext,
isc_result_totext(result));
keydef = NULL; /* Prevent more error messages. */
} else if (result == ISC_R_SUCCESS)
result = omapi_auth_register(keydef->keyid,
keydef->secret,
OMAPI_AUTH_HMACMD5);
OMAPI_AUTH_HMACMD5,
isc_buffer_base(&b),
isc_buffer_usedlength(&b));
if (keydef != NULL && result != ISC_R_SUCCESS)
isc_log_write(ns_g_lctx, ISC_LOGCATEGORY_GENERAL,
......
......@@ -15,7 +15,7 @@
* SOFTWARE.
*/
/* $Id: rndc.c,v 1.17 2000/07/11 01:30:56 tale Exp $ */
/* $Id: rndc.c,v 1.18 2000/07/11 22:03:08 tale Exp $ */
/*
* Principal Author: DCL
......@@ -25,6 +25,8 @@
#include <stdlib.h>
#include <isc/base64.h>
#include <isc/buffer.h>
#include <isc/commandline.h>
#include <isc/entropy.h>
#include <isc/mem.h>
......@@ -273,7 +275,8 @@ main(int argc, char **argv) {
dns_c_kdeflist_t *keys = NULL;
dns_c_kdef_t *key = NULL;
const char *keyname = NULL;
const char *secret = NULL;
char secret[1024];
isc_buffer_t secretbuf;
char *command;
const char *servername = NULL;
const char *host = NULL;
......@@ -396,7 +399,6 @@ main(int argc, char **argv) {
INSIST(key->secret != NULL);
INSIST(key->algorithm != NULL);
secret = key->secret;
if (strcasecmp(key->algorithm, "hmac-md5") == 0)
algorithm = OMAPI_AUTH_HMACMD5;
else {
......@@ -405,6 +407,10 @@ main(int argc, char **argv) {
exit(1);
}
isc_buffer_init(&secretbuf, secret, sizeof(secret));
DO("decode base64 secret",
isc_base64_decodestring(mctx, key->secret, &secretbuf));
if (server != NULL)
(void)dns_c_ndcserver_gethost(server, &host);
......@@ -432,7 +438,8 @@ main(int argc, char **argv) {
ndc_g_ndc.type = ndc_type;
DO("register local authenticator",
omapi_auth_register(keyname, secret, algorithm));
omapi_auth_register(keyname, algorithm, isc_buffer_base(&secretbuf),
isc_buffer_usedlength(&secretbuf)));
DO("create protocol manager", omapi_object_create(&omapimgr, NULL, 0));
......
......@@ -15,7 +15,7 @@
* SOFTWARE.
*/
/* $Id: auth.c,v 1.9 2000/06/28 03:09:44 tale Exp $ */
/* $Id: auth.c,v 1.10 2000/07/11 22:03:10 tale Exp $ */
/* Principal Author: DCL */
......@@ -58,6 +58,7 @@ struct auth {
unsigned int magic;
char *name;
char *secret;
size_t secretlen;
unsigned int algorithms;
ISC_LINK(auth_t) link;
......@@ -133,10 +134,8 @@ auth_makekey(const char *name, unsigned int algorithm, dst_key_t **key) {
return (ISC_R_UNEXPECTED);
}
length = strlen(auth->secret);
isc_buffer_init(&secret, auth->secret, length);
isc_buffer_add(&secret, length);
isc_buffer_init(&secret, auth->secret, auth->secretlen);
isc_buffer_add(&secret, auth->secretlen);
length = strlen(auth->name);
isc_buffer_init(&srcb, auth->name, length);
......@@ -171,8 +170,8 @@ auth_delete(auth_t *a) {
}
isc_result_t
omapi_auth_register(const char *name, const char *secret,
unsigned int algorithms)
omapi_auth_register(const char *name, unsigned int algorithms,
const unsigned char *secret, size_t secretlen)
{
auth_t *new = NULL;
isc_result_t result = ISC_R_SUCCESS;
......@@ -199,9 +198,13 @@ omapi_auth_register(const char *name, const char *secret,
if (new->name == NULL)
result = ISC_R_NOMEMORY;
new->secret = isc_mem_strdup(omapi_mctx, secret);
new->secret = isc_mem_allocate(omapi_mctx, secretlen);
if (new->secret == NULL)
result = ISC_R_NOMEMORY;
else {
memcpy(new->secret, secret, secretlen);
new->secretlen = secretlen;
}
new->algorithms = algorithms;
......
......@@ -15,7 +15,7 @@
* SOFTWARE.
*/
/* $Id: omapi.h,v 1.14 2000/07/10 11:22:59 tale Exp $ */
/* $Id: omapi.h,v 1.15 2000/07/11 22:03:12 tale Exp $ */
/*
* Definitions for the object management API and protocol.
......@@ -94,8 +94,8 @@ struct omapi_object {
* Public functions defined in auth.c.
*/
isc_result_t
omapi_auth_register(const char *name, const char *secret,
unsigned int algorithms);
omapi_auth_register(const char *name, unsigned int algorithms,
const unsigned char *secret, size_t secretlen);
void
omapi_auth_deregister(const char *name);
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment