From 5323660f65ce87d7d18cbb6a4a8f5f11d2536c41 Mon Sep 17 00:00:00 2001
From: Kees Monshouwer <mind04@monshouwer.org>
Date: Sun, 7 Jun 2015 20:19:29 +0200
Subject: [PATCH] TSIG key lookup

---
 pdns/backends/gsql/gsqlbackend.cc | 2 +-
 pdns/dnspacket.cc                 | 8 ++++----
 pdns/resolver.cc                  | 4 ++--
 pdns/tsig-tests.cc                | 2 +-
 4 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/pdns/backends/gsql/gsqlbackend.cc b/pdns/backends/gsql/gsqlbackend.cc
index b1fea82d11..f330f0a512 100644
--- a/pdns/backends/gsql/gsqlbackend.cc
+++ b/pdns/backends/gsql/gsqlbackend.cc
@@ -702,7 +702,7 @@ bool GSQLBackend::getTSIGKey(const DNSName& name, DNSName* algorithm, string* co
     content->clear();
     while(d_getTSIGKeyQuery_stmt->hasNextRow()) {
       d_getTSIGKeyQuery_stmt->nextRow(row);
-      if(row.size() >= 2 && (!algorithm->countLabels() || *algorithm==row[0])) {
+      if(row.size() >= 2 && (algorithm->empty() || *algorithm==row[0])) {
         *algorithm = row[0];
         *content = row[1];
       }
diff --git a/pdns/dnspacket.cc b/pdns/dnspacket.cc
index 6ba951c8ea..b9f61e257e 100644
--- a/pdns/dnspacket.cc
+++ b/pdns/dnspacket.cc
@@ -634,8 +634,8 @@ bool checkForCorrectTSIG(const DNSPacket* q, UeberBackend* B, DNSName* keyname,
   }
 
   DNSName algoName = trc->d_algoName; // FIXME
-  if (algoName == DNSName("hmac-md5.sig-alg.reg.int"))
-    algoName = DNSName("hmac-md5");
+  if (algoName == "hmac-md5.sig-alg.reg.int")
+    algoName = "hmac-md5";
 
   if (algoName == "gss-tsig") {
     if (!gss_verify_signature(*keyname, message, trc->d_mac)) {
@@ -650,8 +650,8 @@ bool checkForCorrectTSIG(const DNSPacket* q, UeberBackend* B, DNSName* keyname,
     L<<Logger::Error<<"Packet for domain '"<<q->qdomain.toString()<<"' denied: can't find TSIG key with name '"<<keyname->toString()<<"' and algorithm '"<<algoName.toString()<<"'"<<endl;
     return false;
   }
-  if (trc->d_algoName == DNSName("hmac-md5"))
-    trc->d_algoName += DNSName("sig-alg.reg.int.");
+  if (trc->d_algoName == "hmac-md5")
+    trc->d_algoName += "sig-alg.reg.int";
 
   TSIGHashEnum algo;
   if(!getTSIGHashEnum(trc->d_algoName, algo)) {
diff --git a/pdns/resolver.cc b/pdns/resolver.cc
index a41220eb18..1e236df109 100644
--- a/pdns/resolver.cc
+++ b/pdns/resolver.cc
@@ -130,7 +130,7 @@ uint16_t Resolver::sendResolve(const ComboAddress& remote, const ComboAddress& l
     // cerr<<"Adding TSIG to notification, key name: '"<<tsigkeyname<<"', algo: '"<<tsigalgorithm<<"', secret: "<<Base64Encode(tsigsecret)<<endl;
     TSIGRecordContent trc;
     if (tsigalgorithm == "hmac-md5")
-      trc.d_algoName = tsigalgorithm + ".sig-alg.reg.int.";
+      trc.d_algoName = tsigalgorithm + "sig-alg.reg.int";
     else
       trc.d_algoName = tsigalgorithm;
     trc.d_time = time(0);
@@ -393,7 +393,7 @@ AXFRRetriever::AXFRRetriever(const ComboAddress& remote,
   
     if(!tsigkeyname.empty()) {
       if (tsigalgorithm == "hmac-md5")
-        d_trc.d_algoName = tsigalgorithm + ".sig-alg.reg.int.";
+        d_trc.d_algoName = tsigalgorithm + "sig-alg.reg.int";
       else
         d_trc.d_algoName = tsigalgorithm;
       d_trc.d_time = time(0);
diff --git a/pdns/tsig-tests.cc b/pdns/tsig-tests.cc
index 3b7d53c086..02a0b69c3f 100644
--- a/pdns/tsig-tests.cc
+++ b/pdns/tsig-tests.cc
@@ -49,7 +49,7 @@ try
   string keyname("pdns-b-aa");
 
   TSIGRecordContent trc;
-  trc.d_algoName="hmac-md5.sig-alg.reg.int.";
+  trc.d_algoName="hmac-md5.sig-alg.reg.int";
   trc.d_time=time(0);
   trc.d_fudge=300;
   trc.d_origID=ntohs(pw.getHeader()->id);
-- 
2.47.2