fprintf(stderr, " Supported options:\n");
fprintf(stderr, "\t-z zone\t\tThe zone\n");
fprintf(stderr, "\t-s version\tSOA version number to include\n");
- fprintf(stderr, "\t-y key:data\tTSIG sign the query\n");
+ fprintf(stderr, "\t-y <name:key[:algo]>\tspecify named base64 tsig key"
+ ", and optional an\n\t\t\t"
+ "algorithm (defaults to hmac-md5.sig-alg.reg.int)\n");
fprintf(stderr, "\t-p port\t\tport to use to send to\n");
fprintf(stderr, "\t-v\t\tPrint version information\n");
fprintf(stderr, "\t-d\t\tPrint verbose debug information\n");
const char *zone_name = NULL;
int include_soa = 0;
uint32_t soa_version = 0;
- ldns_tsig_credentials tsig_cred = {0,0,0};
int do_hexdump = 1;
uint8_t *wire = NULL;
size_t wiresize = 0;
const char *port = "53";
- char *keydata;
+ char *tsig_sep;
+ const char *tsig_name = NULL, *tsig_data = NULL, *tsig_algo = NULL;
srandom(time(NULL) ^ getpid());
soa_version = (uint32_t)atoi(optarg);
break;
case 'y':
- tsig_cred.algorithm = (char*)"hmac-md5.sig-alg.reg.int.";
- tsig_cred.keyname = optarg;
- keydata = strchr(optarg, ':');
- if (keydata == NULL) {
+ if (!(tsig_sep = strchr(optarg, ':'))) {
printf("TSIG argument is not in form "
- "key:data: %s\n", optarg);
+ "<name:key[:algo]> %s\n", optarg);
exit(1);
}
- *keydata++ = '\0';
- tsig_cred.keydata = keydata;
- printf("Sign with %s : %s\n", tsig_cred.keyname,
- tsig_cred.keydata);
+ tsig_name = optarg;
+ *tsig_sep++ = '\0';
+ tsig_data = tsig_sep;
+ if ((tsig_sep = strchr(tsig_sep, ':'))) {
+ *tsig_sep++ = '\0';
+ tsig_algo = tsig_sep;
+ } else {
+ tsig_algo = "hmac-md5.sig-alg.reg.int.";
+ }
+ /* With dig TSIG keys are also specified with -y,
+ * but format with drill is: -y <name:key[:algo]>
+ * and with dig: -y [hmac:]name:key
+ *
+ * When we detect an unknown tsig algorithm in algo,
+ * but a known algorithm in name, we cane assume dig
+ * order was used.
+ *
+ * Following if statement is to anticipate and correct
+ * dig order
+ */
+ if (strcasecmp(tsig_algo, "hmac-md5.sig-alg.reg.int")&&
+ strcasecmp(tsig_algo, "hmac-md5") &&
+ strcasecmp(tsig_algo, "hmac-sha1") &&
+ strcasecmp(tsig_algo, "hmac-sha256") &&
+ strcasecmp(tsig_algo, "hmac-sha384") &&
+ strcasecmp(tsig_algo, "hmac-sha512") &&
+ ! (strcasecmp(tsig_name, "hmac-md5.sig-alg.reg.int")
+ && strcasecmp(tsig_name, "hmac-md5")
+ && strcasecmp(tsig_name, "hmac-sha1")
+ && strcasecmp(tsig_name, "hmac-sha256")
+ && strcasecmp(tsig_name, "hmac-sha384")
+ && strcasecmp(tsig_name, "hmac-sha512"))) {
+
+ /* Roll options */
+ const char *tmp_tsig_algo = tsig_name;
+ tsig_name = tsig_data;
+ tsig_data = tsig_algo;
+ tsig_algo = tmp_tsig_algo;
+ }
+ printf("Sign with name: %s, data: %s, algorithm: %s\n"
+ , tsig_name, tsig_data, tsig_algo);
break;
case 'z':
zone_name = optarg;
ldns_pkt_push_rr(notify, LDNS_SECTION_ANSWER, soa_rr);
}
- if(tsig_cred.keyname) {
+ if(tsig_name && tsig_data) {
#ifdef HAVE_SSL
- status = ldns_pkt_tsig_sign(notify, tsig_cred.keyname,
- tsig_cred.keydata, 300, tsig_cred.algorithm,
- NULL);
+ status = ldns_pkt_tsig_sign(notify, tsig_name,
+ tsig_data, 300, tsig_algo, NULL);
if(status != LDNS_STATUS_OK) {
printf("Error TSIG sign query: %s\n",
ldns_get_errorstr_by_id(status));
projects / thirdparty / ldns.git / commitdiff
