diff --git a/CHANGES b/CHANGES index 981521c262..ed10a05d81 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,5 @@ +1179. [func] Add SIG(0) support to nsupdate. + 1178. [func] Follow and cache (if appropriate) A6 and other data chains to completion in the additional section. diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c index 980f6fde00..4887a5f163 100644 --- a/bin/nsupdate/nsupdate.c +++ b/bin/nsupdate/nsupdate.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nsupdate.c,v 1.115 2001/11/30 01:02:08 gson Exp $ */ +/* $Id: nsupdate.c,v 1.116 2002/01/21 07:59:15 bwelling Exp $ */ #include @@ -46,6 +46,7 @@ #include #include +#include #include #include #include @@ -85,8 +86,6 @@ extern int h_errno; #define MAXCMD (4 * 1024) #define INITDATA (32 * 1024) #define MAXDATA (64 * 1024) -#define NAMEBUF 512 -#define WORDLEN 512 #define PACKETSIZE ((64 * 1024) - 1) #define INITTEXT (2 * 1024) #define MAXTEXT (128 * 1024) @@ -120,7 +119,8 @@ static dns_fixedname_t resolvdomain; /* from resolv.conf's domain line */ static dns_name_t *origin; /* Points to one of above, or dns_rootname */ static dns_fixedname_t fuserzone; static dns_name_t *userzone = NULL; -static dns_tsigkey_t *key = NULL; +static dns_tsigkey_t *tsigkey = NULL; +static dst_key_t *sig0key; static lwres_context_t *lwctx = NULL; static lwres_conf_t *lwconf; static isc_sockaddr_t *servers; @@ -322,7 +322,7 @@ setup_keystr(void) { debug("keycreate"); result = dns_tsigkey_create(keyname, dns_tsig_hmacmd5_name, secret, secretlen, ISC_TRUE, NULL, - 0, 0, mctx, NULL, &key); + 0, 0, mctx, NULL, &tsigkey); if (result != ISC_R_SUCCESS) fprintf(stderr, "could not create key from %s: %s\n", keystr, dns_result_totext(result)); @@ -345,16 +345,19 @@ setup_keyfile(void) { keyfile, isc_result_totext(result)); return; } - result = dns_tsigkey_createfromkey(dst_key_name(dstkey), - dns_tsig_hmacmd5_name, - dstkey, ISC_FALSE, NULL, - 0, 0, mctx, NULL, &key); - if (result != ISC_R_SUCCESS) { - fprintf(stderr, "could not create key from %s: %s\n", - keyfile, isc_result_totext(result)); - dst_key_free(&dstkey); - return; - } + if (dst_key_alg(dstkey) == DST_ALG_HMACMD5) { + result = dns_tsigkey_createfromkey(dst_key_name(dstkey), + dns_tsig_hmacmd5_name, + dstkey, ISC_FALSE, NULL, + 0, 0, mctx, NULL, &tsigkey); + if (result != ISC_R_SUCCESS) { + fprintf(stderr, "could not create key from %s: %s\n", + keyfile, isc_result_totext(result)); + dst_key_free(&dstkey); + return; + } + } else + sig0key = dstkey; } static void @@ -367,9 +370,14 @@ doshutdown(void) { if (localaddr != NULL) isc_mem_put(mctx, localaddr, sizeof(isc_sockaddr_t)); - if (key != NULL) { - ddebug("Freeing key"); - dns_tsigkey_detach(&key); + if (tsigkey != NULL) { + ddebug("Freeing TSIG key"); + dns_tsigkey_detach(&tsigkey); + } + + if (sig0key != NULL) { + ddebug("Freeing SIG(0) key"); + dst_key_free(&sig0key); } if (updatemsg != NULL) @@ -662,7 +670,7 @@ parse_name(char **cmdlinep, dns_message_t *msg, dns_name_t **namep) { result = dns_message_gettempname(msg, namep); check_result(result, "dns_message_gettempname"); - result = isc_buffer_allocate(mctx, &namebuf, NAMEBUF); + result = isc_buffer_allocate(mctx, &namebuf, DNS_NAME_MAXWIRE); check_result(result, "isc_buffer_allocate"); dns_name_init(*namep, NULL); dns_name_setbuffer(*namep, namebuf); @@ -1014,11 +1022,11 @@ evaluate_key(char *cmdline) { } secretlen = isc_buffer_usedlength(&secretbuf); - if (key != NULL) - dns_tsigkey_detach(&key); + if (tsigkey != NULL) + dns_tsigkey_detach(&tsigkey); result = dns_tsigkey_create(keyname, dns_tsig_hmacmd5_name, secret, secretlen, ISC_TRUE, NULL, 0, 0, - mctx, NULL, &key); + mctx, NULL, &tsigkey); isc_mem_free(mctx, secret); if (result != ISC_R_SUCCESS) { fprintf(stderr, "could not create key from %s %s: %s\n", @@ -1453,8 +1461,12 @@ send_update(dns_name_t *zonename, isc_sockaddr_t *master, if (usevc) options |= DNS_REQUESTOPT_TCP; + if (tsigkey == NULL && sig0key != NULL) { + result = dns_message_setsig0key(updatemsg, sig0key); + check_result(result, "dns_message_setsig0key"); + } result = dns_request_createvia(requestmgr, updatemsg, srcaddr, - master, options, key, + master, options, tsigkey, FIND_TIMEOUT, global_task, update_completed, NULL, &request); check_result(result, "dns_request_createvia"); diff --git a/lib/dns/message.c b/lib/dns/message.c index d308545995..c4ad00f260 100644 --- a/lib/dns/message.c +++ b/lib/dns/message.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: message.c,v 1.201 2001/12/19 12:16:47 marka Exp $ */ +/* $Id: message.c,v 1.202 2002/01/21 07:59:14 bwelling Exp $ */ /*** *** Imports @@ -2434,15 +2434,16 @@ dns_message_settsigkey(dns_message_t *msg, dns_tsigkey_t *key) { REQUIRE(DNS_MESSAGE_VALID(msg)); REQUIRE(msg->state == DNS_SECTION_ANY); - REQUIRE(msg->tsigkey == NULL && msg->sig0key == NULL); if (key != NULL) { + REQUIRE(msg->tsigkey == NULL && msg->sig0key == NULL); dns_tsigkey_attach(key, &msg->tsigkey); if (msg->from_to_wire == DNS_MESSAGE_INTENTRENDER) { msg->sig_reserved = spacefortsig(msg->tsigkey, 0); result = dns_message_renderreserve(msg, msg->sig_reserved); if (result != ISC_R_SUCCESS) { + dns_tsigkey_detach(&msg->tsigkey); msg->sig_reserved = 0; return (result); } @@ -2600,10 +2601,9 @@ dns_message_setsig0key(dns_message_t *msg, dst_key_t *key) { REQUIRE(DNS_MESSAGE_VALID(msg)); REQUIRE(msg->from_to_wire == DNS_MESSAGE_INTENTRENDER); REQUIRE(msg->state == DNS_SECTION_ANY); - REQUIRE(msg->sig0key == NULL && msg->tsigkey == NULL); - msg->sig0key = key; if (key != NULL) { + REQUIRE(msg->sig0key == NULL && msg->tsigkey == NULL); dns_name_toregion(dst_key_name(key), &r); result = dst_key_sigsize(key, &x); if (result != ISC_R_SUCCESS) { @@ -2616,6 +2616,7 @@ dns_message_setsig0key(dns_message_t *msg, dst_key_t *key) { msg->sig_reserved = 0; return (result); } + msg->sig0key = key; } return (ISC_R_SUCCESS); }