From 960c8888f620585d068e63ac9b9d1c59182bffc2 Mon Sep 17 00:00:00 2001 From: Michael Sawyer Date: Wed, 7 Jun 2000 00:13:57 +0000 Subject: [PATCH] TSIG verification of xfr replies working now. --- bin/dig/dig.c | 6 ++---- bin/dig/dighost.c | 21 +++++++++++++-------- bin/dig/include/dig/dig.h | 3 ++- 3 files changed, 17 insertions(+), 13 deletions(-) diff --git a/bin/dig/dig.c b/bin/dig/dig.c index 3599dfd021..b01d1a4427 100644 --- a/bin/dig/dig.c +++ b/bin/dig/dig.c @@ -15,7 +15,7 @@ * SOFTWARE. */ -/* $Id: dig.c,v 1.42 2000/06/06 23:06:21 mws Exp $ */ +/* $Id: dig.c,v 1.43 2000/06/07 00:13:54 mws Exp $ */ #include @@ -197,9 +197,7 @@ received(int bytes, int frmsize, char *frm, dig_query_t *query) { printf(";; WHEN: %s", ctime(&tnow)); printf (";; MSG SIZE rcvd: %d\n", bytes); if (key != NULL) { - if (validated) - puts (";; All TSIG signatures validated"); - else + if (!validated) puts (";; WARNING -- Some TSIG could not " "be validated"); } diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c index e500eca5d1..409797169a 100644 --- a/bin/dig/dighost.c +++ b/bin/dig/dighost.c @@ -15,7 +15,7 @@ * SOFTWARE. */ -/* $Id: dighost.c,v 1.44 2000/06/06 23:06:23 mws Exp $ */ +/* $Id: dighost.c,v 1.45 2000/06/07 00:13:56 mws Exp $ */ /* * Notice to programmers: Do not use this code as an example of how to @@ -1017,6 +1017,7 @@ setup_lookup(dig_lookup_t *lookup) { lookup->sendmsg->id = (unsigned short)(random() & 0xFFFF); lookup->sendmsg->opcode = dns_opcode_query; + lookup->msgcounter = 0; /* * If this is a trace request, completely disallow recursion, since * it's meaningless for traces. @@ -1067,6 +1068,7 @@ setup_lookup(dig_lookup_t *lookup) { insert_soa(lookup); if (key != NULL) { + debug ("Initializing keys"); result = dns_message_settsigkey(lookup->sendmsg, key); check_result(result, "dns_message_settsigkey"); lookup->tsigctx = NULL; @@ -1686,8 +1688,10 @@ recv_done(isc_task_t *task, isc_event_t *event) { &msg); check_result(result, "dns_message_create"); - if ((key != NULL) && !query->lookup->doing_xfr) { + if (key != NULL) { + debug ("querysig 1 is %lx", query->lookup->querysig); if (query->lookup->querysig == NULL) { + debug ("Getting initial querysig"); result = dns_message_getquerytsig( query->lookup->sendmsg, mctx, &query->lookup->querysig); @@ -1700,8 +1704,9 @@ recv_done(isc_task_t *task, isc_event_t *event) { result = dns_message_settsigkey(msg, key); check_result(result, "dns_message_settsigkey"); msg->tsigctx = query->lookup->tsigctx; - if (query->lookup->tsigctx != NULL) + if (query->lookup->msgcounter != 0) msg->tcp_continuation = 1; + query->lookup->msgcounter++; } debug ("Before parse starts"); result = dns_message_parse(msg, b, ISC_TRUE); @@ -1720,7 +1725,8 @@ recv_done(isc_task_t *task, isc_event_t *event) { isc_event_free(&event); return; } - if ((key != NULL) && !query->lookup->doing_xfr) { + if (key != NULL) { + debug ("querysig 2 is %lx", query->lookup->querysig); debug ("Before verify"); result = dns_tsig_verify(&query->recvbuf, msg, NULL, keyring); @@ -1732,15 +1738,14 @@ recv_done(isc_task_t *task, isc_event_t *event) { } query->lookup->tsigctx = msg->tsigctx; if (query->lookup->querysig != NULL) { - debug ("Freeing buffer %lx", + debug ("Freeing querysig buffer %lx", query->lookup->querysig); isc_buffer_free(&query->lookup->querysig); } - result = dns_message_getquerytsig( - query->lookup->sendmsg, - mctx, + result = dns_message_getquerytsig(msg, mctx, &query->lookup->querysig); check_result(result,"dns_message_getquerytsig"); + debug ("querysig 3 is %lx", query->lookup->querysig); } debug ("After parse"); if (query->lookup->xfr_q == NULL) diff --git a/bin/dig/include/dig/dig.h b/bin/dig/include/dig/dig.h index 73efdfd2aa..42ab5b004a 100644 --- a/bin/dig/include/dig/dig.h +++ b/bin/dig/include/dig/dig.h @@ -15,7 +15,7 @@ * SOFTWARE. */ -/* $Id: dig.h,v 1.21 2000/06/06 22:50:44 mws Exp $ */ +/* $Id: dig.h,v 1.22 2000/06/07 00:13:57 mws Exp $ */ #ifndef DIG_H #define DIG_H @@ -107,6 +107,7 @@ struct dig_lookup { char rdatastore[MXNAME]; dst_context_t *tsigctx; isc_buffer_t *querysig; + isc_uint32_t msgcounter; }; struct dig_query {