From: Kees Monshouwer <mind04@monshouwer.org>
Date: Tue, 3 Dec 2013 23:34:39 +0000 (+0100)
Subject: fix hmac-md5 TSIG key lookup
X-Git-Tag: auth-3.3.1~4^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=29bf169687f83856fc6551e6d8a33c398fab40c0;p=thirdparty%2Fpdns.git

fix hmac-md5 TSIG key lookup

Conflicts:
	pdns/dnspacket.cc
---

diff --git a/pdns/dnspacket.cc b/pdns/dnspacket.cc
index 327ff15ddf..96bfde51a9 100644
--- a/pdns/dnspacket.cc
+++ b/pdns/dnspacket.cc
@@ -597,11 +597,14 @@ bool checkForCorrectTSIG(const DNSPacket* q, DNSBackend* B, string* keyname, str
     L<<Logger::Error<<"Packet for '"<<q->qdomain<<"' denied: TSIG (key '"<<*keyname<<"') time delta "<< abs(trc->d_time - now)<<" > 'fudge' "<<trc->d_fudge<<endl;
     return false;
   }
-  
+
+  string algoName = trc->d_algoName;
+  if (stripDot(algoName) == "hmac-md5.sig-alg.reg.int")
+    algoName = "hmac-md5";
+
   string secret64;
-    
-  if(!B->getTSIGKey(*keyname, &trc->d_algoName, &secret64)) {
-    L<<Logger::Error<<"Packet for domain '"<<q->qdomain<<"' denied: can't find TSIG key with name '"<<*keyname<<"' and algorithm '"<<trc->d_algoName<<"'"<<endl;
+  if(!B->getTSIGKey(*keyname, &algoName, &secret64)) {
+    L<<Logger::Error<<"Packet for domain '"<<q->qdomain<<"' denied: can't find TSIG key with name '"<<*keyname<<"' and algorithm '"<<algoName<<"'"<<endl;
     return false;
   }