From 19d1b1667d073850d4366352aaf8319efc5debee Mon Sep 17 00:00:00 2001
From: Brian Wellington <source@isc.org>
Date: Wed, 24 May 2000 17:30:41 +0000
Subject: [PATCH] notify and zone soa queries are now tsig signed when
 appropriate.

---
 CHANGES                       |  3 +++
 lib/dns/include/dns/request.h |  1 +
 lib/dns/request.c             | 22 ++++++++++++++++++
 lib/dns/zone.c                | 43 ++++++++++++++++++++++++++++++++---
 4 files changed, 66 insertions(+), 3 deletions(-)

diff --git a/CHANGES b/CHANGES
index a362a82e2f..065e1c605a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+ 203.   [func]		notify and zone soa queries are now tsig signed when
+			appropriate.
+
  202.   [func]          isc_lex_getsourceline() changed from returning int
                         to returning unsigned long, the type of its underlying
                         counter.
diff --git a/lib/dns/include/dns/request.h b/lib/dns/include/dns/request.h
index d4540084d1..f65dca7ffc 100644
--- a/lib/dns/include/dns/request.h
+++ b/lib/dns/include/dns/request.h
@@ -161,6 +161,7 @@ dns_requestmgr_detach(dns_requestmgr_t **requestmgrp);
 isc_result_t
 dns_request_create(dns_requestmgr_t *requestmgr, dns_message_t *message,
 		   isc_sockaddr_t *address, unsigned int options,
+		   dns_tsigkey_t *key,
 		   unsigned int timeout, isc_task_t *task,
 		   isc_taskaction_t action, void *arg,
 		   dns_request_t **requestp);
diff --git a/lib/dns/request.c b/lib/dns/request.c
index c35600cb24..597af4c472 100644
--- a/lib/dns/request.c
+++ b/lib/dns/request.c
@@ -26,8 +26,11 @@
 #include <dns/events.h>
 #include <dns/log.h>
 #include <dns/message.h>
+#include <dns/rdata.h>
+#include <dns/rdatastruct.h>
 #include <dns/request.h>
 #include <dns/result.h>
+#include <dns/tsig.h>
 
 #define REQUESTMGR_MAGIC 0x5271754dU		/* RquM */
 #define VALID_REQUESTMGR(mgr) ((mgr) != NULL && \
@@ -75,6 +78,9 @@ struct dns_request {
 	dns_dispentry_t		       *dispentry;
 	isc_timer_t		       *timer;
 	dns_requestmgr_t	       *requestmgr;
+	dns_rdata_any_tsig_t	       *tsig;
+	dns_tsigkey_t		       *tsigkey;
+
 };
 
 #define DNS_REQUEST_F_CONNECTING 0x0001
@@ -415,6 +421,7 @@ req_send(dns_request_t *request, isc_task_t *task, isc_sockaddr_t *address) {
 isc_result_t
 dns_request_create(dns_requestmgr_t *requestmgr, dns_message_t *message,
 		   isc_sockaddr_t *address, unsigned int options,
+		   dns_tsigkey_t *key,
 		   unsigned int timeout, isc_task_t *task,
 		   isc_taskaction_t action, void *arg,
 		   dns_request_t **requestp)
@@ -459,6 +466,8 @@ dns_request_create(dns_requestmgr_t *requestmgr, dns_message_t *message,
 	request->dispentry = NULL;
 	request->timer = NULL;
 	request->requestmgr = NULL;
+	request->tsig = NULL;
+	request->tsigkey = NULL;
 
 	/*
 	 * Create timer now.  We will set it below once.
@@ -480,6 +489,7 @@ dns_request_create(dns_requestmgr_t *requestmgr, dns_message_t *message,
 	request->event->ev_sender = task;
 	request->event->request = request;
 	request->event->result = ISC_R_FAILURE;
+	request->tsigkey = key;
 	
  use_tcp:
 	if ((options & DNS_REQUESTOPT_TCP) != 0) {
@@ -527,7 +537,11 @@ dns_request_create(dns_requestmgr_t *requestmgr, dns_message_t *message,
 		goto cleanup;
 
 	message->id = id;
+	message->tsigkey = request->tsigkey;
 	result = req_render(message, &request->query, mctx);
+	request->tsig = message->tsig;
+	message->tsig = NULL;
+	message->tsigkey = NULL;
 	if (result == DNS_R_USETCP &&
 	    (options & DNS_REQUESTOPT_TCP) == 0) {
 		/*
@@ -709,6 +723,9 @@ dns_request_getresponse(dns_request_t *request, dns_message_t *message,
 	req_log(ISC_LOG_DEBUG(3), "dns_request_getresponse: request %p",
 		request);
 
+	message->querytsig = request->tsig;
+	request->tsig = NULL;
+	message->tsigkey = request->tsigkey;
 	return (dns_message_parse(message, request->answer, preserve_order));
 }
 
@@ -884,6 +901,11 @@ req_destroy(dns_request_t *request) {
 		dns_dispatch_detach(&request->dispatch);
 	if (request->timer != NULL)
 		isc_timer_detach(&request->timer);
+	if (request->tsig != NULL) {
+		dns_rdata_freestruct(request->tsig);
+		isc_mem_put(request->mctx, request->tsig,
+			    sizeof(*request->tsig));
+	}
 	requestmgr_detach(&request->requestmgr);
 	mctx = request->mctx;
 	isc_mem_put(mctx, request, sizeof(*request));
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index f84fca51e7..6e3e180bf9 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: zone.c,v 1.124 2000/05/24 05:09:19 tale Exp $ */
+/* $Id: zone.c,v 1.125 2000/05/24 17:30:38 bwelling Exp $ */
 
 #include <config.h>
 
@@ -1753,6 +1753,10 @@ notify_send_toaddr(isc_task_t *task, isc_event_t *event) {
 	isc_result_t result;
 	dns_message_t *message = NULL;
 	dns_zone_t *zone = NULL;
+	isc_netaddr_t dstip;
+	dns_peer_t *peer = NULL;
+	dns_name_t *keyname = NULL;
+	dns_tsigkey_t *key = NULL;
 
 	notify = event->ev_arg;
 	REQUIRE(DNS_NOTIFY_VALID(notify));
@@ -1770,8 +1774,23 @@ notify_send_toaddr(isc_task_t *task, isc_event_t *event) {
 	result = notify_createmessage(notify->zone, &message);
 	if (result != ISC_R_SUCCESS)
 		goto cleanup;
+
+	isc_netaddr_fromsockaddr(&dstip, &notify->dst);
+	result = dns_peerlist_peerbyaddr(zone->view->peers,
+					 &dstip, &peer);
+	if (result == ISC_R_SUCCESS &&
+	    dns_peer_getkey(peer, &keyname) == ISC_R_SUCCESS)
+	{
+		result = dns_tsigkey_find(&key, keyname, NULL,
+					  zone->view->statickeys);
+		if (result == ISC_R_NOTFOUND)
+			(void) dns_tsigkey_find(&key, keyname, NULL,
+						zone->view->dynamickeys);
+	}
+
 	result = dns_request_create(notify->zone->view->requestmgr, message,
-				    &notify->dst, 0, 15, notify->zone->task,
+				    &notify->dst, 0, key, 15,
+				    notify->zone->task,
 				    notify_done, notify,
 				    &notify->request);
 	dns_message_destroy(&message);
@@ -2223,6 +2242,10 @@ soa_query(isc_task_t *task, isc_event_t *event) {
 	dns_name_t *qname = NULL;
 	dns_rdataset_t *qrdataset = NULL;
 	dns_zone_t *zone = event->ev_arg;
+	isc_netaddr_t masterip;
+	dns_peer_t *peer = NULL;
+	dns_name_t *keyname = NULL;
+	dns_tsigkey_t *key = NULL;
 
 	REQUIRE(DNS_ZONE_VALID(zone));
 
@@ -2278,8 +2301,22 @@ soa_query(isc_task_t *task, isc_event_t *event) {
 
 	if (isc_sockaddr_getport(&zone->masteraddr) == 0)
 		isc_sockaddr_setport(&zone->masteraddr, 53); /* XXX */
+
+	isc_netaddr_fromsockaddr(&masterip, &zone->masteraddr);
+	result = dns_peerlist_peerbyaddr(zone->view->peers,
+					 &masterip, &peer);
+	if (result == ISC_R_SUCCESS &&
+	    dns_peer_getkey(peer, &keyname) == ISC_R_SUCCESS)
+	{
+		result = dns_tsigkey_find(&key, keyname, NULL,
+					  zone->view->statickeys);
+		if (result == ISC_R_NOTFOUND)
+			(void) dns_tsigkey_find(&key, keyname, NULL,
+						zone->view->dynamickeys);
+	}
+
 	result = dns_request_create(zone->view->requestmgr, message,
-				    &zone->masteraddr, 0,
+				    &zone->masteraddr, 0, key,
 				    15 /* XXX */, zone->task,
 				    refresh_callback, zone, &zone->request);
 	if (result != ISC_R_SUCCESS) {