TSIG verification of xfr replies working now.

bin/dig/dig.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: dig.c,v 1.42 2000/06/06 23:06:21 mws Exp $ */
+/* $Id: dig.c,v 1.43 2000/06/07 00:13:54 mws Exp $ */
 
 #include <config.h>
 
@@ -197,9 +197,7 @@ received(int bytes, int frmsize, char *frm, dig_query_t *query) {
 		printf(";; WHEN: %s", ctime(&tnow));
 		printf (";; MSG SIZE  rcvd: %d\n", bytes);
 		if (key != NULL) {
-			if (validated)
-				puts (";; All TSIG signatures validated");
-			else
+			if (!validated)
 				puts (";; WARNING -- Some TSIG could not "
 				      "be validated");
 		}

bin/dig/dighost.c

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: dighost.c,v 1.44 2000/06/06 23:06:23 mws Exp $ */
+/* $Id: dighost.c,v 1.45 2000/06/07 00:13:56 mws Exp $ */
 
 /*
  * Notice to programmers:  Do not use this code as an example of how to
@@ -1017,6 +1017,7 @@ setup_lookup(dig_lookup_t *lookup) {
 
 	lookup->sendmsg->id = (unsigned short)(random() & 0xFFFF);
 	lookup->sendmsg->opcode = dns_opcode_query;
+	lookup->msgcounter = 0;
 	/*
 	 * If this is a trace request, completely disallow recursion, since
 	 * it's meaningless for traces.
@@ -1067,6 +1068,7 @@ setup_lookup(dig_lookup_t *lookup) {
 		insert_soa(lookup);
 
 	if (key != NULL) {
+		debug ("Initializing keys");
 		result = dns_message_settsigkey(lookup->sendmsg, key);
 		check_result(result, "dns_message_settsigkey");
 		lookup->tsigctx = NULL;
@@ -1686,8 +1688,10 @@ recv_done(isc_task_t *task, isc_event_t *event) {
 					    &msg);
 		check_result(result, "dns_message_create");
 		
-		if ((key != NULL) && !query->lookup->doing_xfr) {
+		if (key != NULL) {
+			debug ("querysig 1 is %lx", query->lookup->querysig);
 			if (query->lookup->querysig == NULL) {
+				debug ("Getting initial querysig");
 				result = dns_message_getquerytsig(
 					     query->lookup->sendmsg,
 					     mctx, &query->lookup->querysig);
@@ -1700,8 +1704,9 @@ recv_done(isc_task_t *task, isc_event_t *event) {
 			result = dns_message_settsigkey(msg, key);
 			check_result(result, "dns_message_settsigkey");
 			msg->tsigctx = query->lookup->tsigctx;
-			if (query->lookup->tsigctx != NULL) 
+			if (query->lookup->msgcounter != 0) 
 				msg->tcp_continuation = 1;
+			query->lookup->msgcounter++;
 		}
 		debug ("Before parse starts");
 		result = dns_message_parse(msg, b, ISC_TRUE);
@@ -1720,7 +1725,8 @@ recv_done(isc_task_t *task, isc_event_t *event) {
 			isc_event_free(&event);
 			return;
 		}
-		if ((key != NULL) && !query->lookup->doing_xfr) {
+		if (key != NULL) {
+			debug ("querysig 2 is %lx", query->lookup->querysig);
 			debug ("Before verify");
 			result = dns_tsig_verify(&query->recvbuf, msg,
 						 NULL, keyring);
@@ -1732,15 +1738,14 @@ recv_done(isc_task_t *task, isc_event_t *event) {
 			}
 			query->lookup->tsigctx = msg->tsigctx;
 			if (query->lookup->querysig != NULL) {
-				debug ("Freeing buffer %lx",
+				debug ("Freeing querysig buffer %lx",
 				       query->lookup->querysig);
 				isc_buffer_free(&query->lookup->querysig);
 			}
-			result = dns_message_getquerytsig(
-						     query->lookup->sendmsg,
-						     mctx,
+			result = dns_message_getquerytsig(msg, mctx,
 						     &query->lookup->querysig);
 			check_result(result,"dns_message_getquerytsig");
+			debug ("querysig 3 is %lx", query->lookup->querysig);
 		}
 		debug ("After parse");
 		if (query->lookup->xfr_q == NULL)

bin/dig/include/dig/dig.h

@@ -15,7 +15,7 @@
  * SOFTWARE.
  */
 
-/* $Id: dig.h,v 1.21 2000/06/06 22:50:44 mws Exp $ */
+/* $Id: dig.h,v 1.22 2000/06/07 00:13:57 mws Exp $ */
 
 #ifndef DIG_H
 #define DIG_H
@@ -107,6 +107,7 @@ struct dig_lookup {
 	char rdatastore[MXNAME];
 	dst_context_t *tsigctx;
 	isc_buffer_t *querysig;
+	isc_uint32_t msgcounter;
 };
 
 struct dig_query {