+ 329. [func] omapi_auth_register() now takes a size_t argument for
+ the length of a key's secret data. Previously
+ OMAPI only stored secrets up to the first NUL byte.
+
328. [func] Added isc_base64_decodestring().
325. [bug] isc_lex_gettoken was processing octal strings when
* SOFTWARE.
*/
-/* $Id: omapiconf.c,v 1.4 2000/07/10 22:04:08 tale Exp $ */
+/* $Id: omapiconf.c,v 1.4.2.1 2000/07/12 00:02:09 gson Exp $ */
/*
* Principal Author: DCL
#include <config.h>
+#include <isc/base64.h>
+#include <isc/buffer.h>
#include <isc/event.h>
#include <isc/mem.h>
#include <isc/once.h>
#include <isc/string.h>
#include <isc/util.h>
+#include <dst/result.h>
+
#include <named/log.h>
#include <named/omapi.h>
#include <named/server.h>
{
dns_c_kid_t *keyid;
dns_c_kdef_t *keydef;
+ const char secret[1024];
+ isc_buffer_t b;
isc_result_t result;
/*
* the keys statement.
*/
keydef = NULL;
- (void)dns_c_kdeflist_find(keydeflist, keyid->keyid,
- &keydef);
- if (keydef == NULL)
+ result = dns_c_kdeflist_find(keydeflist, keyid->keyid,
+ &keydef);
+ if (result != ISC_R_SUCCESS)
isc_log_write(ns_g_lctx, ISC_LOGCATEGORY_GENERAL,
NS_LOGMODULE_OMAPI, ISC_LOG_WARNING,
"couldn't find key %s for"
"command channel %s",
keydef->algorithm, keydef->keyid,
socktext);
- keydef = NULL;
+ result = DST_R_UNSUPPORTEDALG;
+ keydef = NULL; /* Prevent more error messages. */
+ }
+
+ if (result == ISC_R_SUCCESS) {
+ isc_buffer_init(&b, secret, sizeof(secret));
+ result = isc_base64_decodestring(ns_g_mctx,
+ keydef->secret,
+ &b);
}
- if (keydef != NULL)
+ if (keydef != NULL && result != ISC_R_SUCCESS) {
+ isc_log_write(ns_g_lctx, ISC_LOGCATEGORY_GENERAL,
+ NS_LOGMODULE_OMAPI, ISC_LOG_WARNING,
+ "can't use secret for key %s on "
+ "command channel %s: %s",
+ keydef->keyid, socktext,
+ isc_result_totext(result));
+ keydef = NULL; /* Prevent more error messages. */
+
+ } else if (result == ISC_R_SUCCESS)
result = omapi_auth_register(keydef->keyid,
- keydef->secret,
- OMAPI_AUTH_HMACMD5);
+ OMAPI_AUTH_HMACMD5,
+ isc_buffer_base(&b),
+ isc_buffer_usedlength(&b));
if (keydef != NULL && result != ISC_R_SUCCESS)
isc_log_write(ns_g_lctx, ISC_LOGCATEGORY_GENERAL,
* SOFTWARE.
*/
-/* $Id: rndc.c,v 1.12.2.3 2000/07/11 17:23:10 gson Exp $ */
+/* $Id: rndc.c,v 1.12.2.4 2000/07/12 00:02:11 gson Exp $ */
/*
* Principal Author: DCL
#include <stdlib.h>
+#include <isc/base64.h>
+#include <isc/buffer.h>
#include <isc/commandline.h>
#include <isc/entropy.h>
#include <isc/mem.h>
dns_c_kdeflist_t *keys = NULL;
dns_c_kdef_t *key = NULL;
const char *keyname = NULL;
- const char *secret = NULL;
+ char secret[1024];
+ isc_buffer_t secretbuf;
char *command;
const char *servername = NULL;
const char *host = NULL;
INSIST(key->secret != NULL);
INSIST(key->algorithm != NULL);
- secret = key->secret;
if (strcasecmp(key->algorithm, "hmac-md5") == 0)
algorithm = OMAPI_AUTH_HMACMD5;
else {
exit(1);
}
+ isc_buffer_init(&secretbuf, secret, sizeof(secret));
+ DO("decode base64 secret",
+ isc_base64_decodestring(mctx, key->secret, &secretbuf));
+
if (server != NULL)
(void)dns_c_ndcserver_gethost(server, &host);
ndc_g_ndc.type = ndc_type;
DO("register local authenticator",
- omapi_auth_register(keyname, secret, algorithm));
+ omapi_auth_register(keyname, algorithm, isc_buffer_base(&secretbuf),
+ isc_buffer_usedlength(&secretbuf)));
DO("create protocol manager", omapi_object_create(&omapimgr, NULL, 0));
* SOFTWARE.
*/
-/* $Id: auth.c,v 1.8.2.1 2000/06/28 03:18:11 tale Exp $ */
+/* $Id: auth.c,v 1.8.2.2 2000/07/12 00:02:12 gson Exp $ */
/* Principal Author: DCL */
unsigned int magic;
char *name;
char *secret;
+ size_t secretlen;
unsigned int algorithms;
ISC_LINK(auth_t) link;
return (ISC_R_UNEXPECTED);
}
- length = strlen(auth->secret);
- isc_buffer_init(&secret, auth->secret, length);
- isc_buffer_add(&secret, length);
-
+ isc_buffer_init(&secret, auth->secret, auth->secretlen);
+ isc_buffer_add(&secret, auth->secretlen);
length = strlen(auth->name);
isc_buffer_init(&srcb, auth->name, length);
}
isc_result_t
-omapi_auth_register(const char *name, const char *secret,
- unsigned int algorithms)
+omapi_auth_register(const char *name, unsigned int algorithms,
+ const unsigned char *secret, size_t secretlen)
{
auth_t *new = NULL;
isc_result_t result = ISC_R_SUCCESS;
if (new->name == NULL)
result = ISC_R_NOMEMORY;
- new->secret = isc_mem_strdup(omapi_mctx, secret);
+ new->secret = isc_mem_allocate(omapi_mctx, secretlen);
if (new->secret == NULL)
result = ISC_R_NOMEMORY;
+ else {
+ memcpy(new->secret, secret, secretlen);
+ new->secretlen = secretlen;
+ }
new->algorithms = algorithms;
* SOFTWARE.
*/
-/* $Id: omapi.h,v 1.13.2.1 2000/07/11 17:23:23 gson Exp $ */
+/* $Id: omapi.h,v 1.13.2.2 2000/07/12 00:02:14 gson Exp $ */
/*
* Definitions for the object management API and protocol.
* Public functions defined in auth.c.
*/
isc_result_t
-omapi_auth_register(const char *name, const char *secret,
- unsigned int algorithms);
+omapi_auth_register(const char *name, unsigned int algorithms,
+ const unsigned char *secret, size_t secretlen);
void
omapi_auth_deregister(const char *name);
projects / thirdparty / bind9.git / commitdiff
