From ea2a4bbc5db66edbba7966f7f0b535259ee1a6a9 Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Mon, 2 Jul 2001 06:09:28 +0000 Subject: [PATCH] 918. [func] nsupdate: TSIG errors are not immediately fatal. 917. [func] nsupdate: keys can now be specified inline with with all other commands. --- CHANGES | 4 ++ bin/nsupdate/nsupdate.8 | 16 +++++++ bin/nsupdate/nsupdate.c | 84 ++++++++++++++++++++++++++++++++++- bin/nsupdate/nsupdate.docbook | 17 ++++++- 4 files changed, 118 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index ee8e3f7b16..776545dfef 100644 --- a/CHANGES +++ b/CHANGES @@ -1,4 +1,8 @@ + 918. [func] nsupdate: TSIG errors are not immediately fatal. + 917. [func] nsupdate: keys can now be specified inline with + with all other commands. + 916. [bug] Specifying type ixfr to dig without specifying a serial number failed in unexpected ways. diff --git a/bin/nsupdate/nsupdate.8 b/bin/nsupdate/nsupdate.8 index 9748c5224d..3decc8f3a1 100644 --- a/bin/nsupdate/nsupdate.8 +++ b/bin/nsupdate/nsupdate.8 @@ -14,6 +14,22 @@ .\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION .\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. .\" +.\" +.\" Copyright (C) 2000, 2001 Internet Software Consortium. +.\" +.\" Permission to use, copy, modify, and distribute this software for any +.\" purpose with or without fee is hereby granted, provided that the above +.\" copyright notice and this permission notice appear in all copies. +.\" +.\" THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM +.\" DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL +.\" INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, +.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING +.\" FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, +.\" NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION +.\" WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. +.\" .TH "NSUPDATE" "8" "Jun 30, 2000" "BIND9" "" .SH NAME nsupdate \- Dynamic DNS update utility diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c index bb05ddf396..e91eb8fa77 100644 --- a/bin/nsupdate/nsupdate.c +++ b/bin/nsupdate/nsupdate.c @@ -15,7 +15,7 @@ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: nsupdate.c,v 1.94 2001/05/05 01:19:45 bwelling Exp $ */ +/* $Id: nsupdate.c,v 1.95 2001/07/02 06:09:27 marka Exp $ */ #include @@ -1001,6 +1001,69 @@ evaluate_local(char *cmdline) { return (STATUS_MORE); } +static isc_uint16_t +evaluate_key(char *cmdline) { + char *namestr; + char *secretstr; + isc_buffer_t b; + isc_result_t result; + dns_fixedname_t fkeyname; + dns_name_t *keyname; + int secretlen; + unsigned char *secret = NULL; + isc_buffer_t secretbuf; + + namestr = nsu_strsep(&cmdline, " \t\r\n"); + if (*namestr == 0) { + fprintf(stderr, "could not read key name\n"); + return (STATUS_SYNTAX); + } + + dns_fixedname_init(&fkeyname); + keyname = dns_fixedname_name(&fkeyname); + + isc_buffer_init(&b, namestr, strlen(namestr)); + isc_buffer_add(&b, strlen(namestr)); + result = dns_name_fromtext(keyname, &b, dns_rootname, ISC_FALSE, NULL); + if (result != ISC_R_SUCCESS) { + fprintf(stderr, "could not parse key name\n"); + return (STATUS_SYNTAX); + } + + secretstr = nsu_strsep(&cmdline, " \t\r\n"); + if (*secretstr == 0) { + fprintf(stderr, "could not read key secret\n"); + return (STATUS_SYNTAX); + } + secretlen = strlen(secretstr) * 3 / 4; + secret = isc_mem_allocate(mctx, secretlen); + if (secret == NULL) + fatal("out of memory"); + + isc_buffer_init(&secretbuf, secret, secretlen); + result = isc_base64_decodestring(secretstr, &secretbuf); + if (result != ISC_R_SUCCESS) { + fprintf(stderr, "Couldn't create key from %s: %s\n", + secretstr, isc_result_totext(result)); + isc_mem_free(mctx, secret); + return (STATUS_SYNTAX); + } + secretlen = isc_buffer_usedlength(&secretbuf); + + if (key != NULL) + dns_tsigkey_detach(&key); + result = dns_tsigkey_create(keyname, dns_tsig_hmacmd5_name, + secret, secretlen, ISC_TRUE, NULL, 0, 0, + mctx, NULL, &key); + isc_mem_free(mctx, secret); + if (result != ISC_R_SUCCESS) { + fprintf(stderr, "Couldn't create key from %s %s: %s\n", + namestr, secretstr, dns_result_totext(result)); + return (STATUS_SYNTAX); + } + return (STATUS_MORE); +} + static isc_uint16_t evaluate_zone(char *cmdline) { char *word; @@ -1295,6 +1358,8 @@ get_next_command(void) { show_message(updatemsg); return (STATUS_MORE); } + if (strcasecmp(word, "key") == 0) + return (evaluate_key(cmdline)); fprintf(stderr, "incorrect section name: %s\n", word); return (STATUS_SYNTAX); } @@ -1354,7 +1419,22 @@ update_completed(isc_task_t *task, isc_event_t *event) { check_result(result, "dns_message_create"); result = dns_request_getresponse(request, rcvmsg, DNS_MESSAGEPARSE_PRESERVEORDER); - check_result(result, "dns_request_getresponse"); + switch (result) { + case ISC_R_SUCCESS: + break; + case DNS_R_CLOCKSKEW: + case DNS_R_EXPECTEDTSIG: + case DNS_R_TSIGERRORSET: + case DNS_R_TSIGVERIFYFAILURE: + case DNS_R_UNEXPECTEDTSIG: + fprintf(stderr, "; TSIG error with server: %s\n", + isc_result_totext(result)); + seenerror = ISC_TRUE; + break; + default: + check_result(result, "dns_request_getresponse"); + } + if (rcvmsg->rcode != dns_rcode_noerror) seenerror = ISC_TRUE; if (debugging) { diff --git a/bin/nsupdate/nsupdate.docbook b/bin/nsupdate/nsupdate.docbook index cdc3e12dba..f9a2c80f2b 100644 --- a/bin/nsupdate/nsupdate.docbook +++ b/bin/nsupdate/nsupdate.docbook @@ -16,7 +16,7 @@ - WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. --> - + @@ -243,6 +243,21 @@ statement is provided, will attempt determine the correct zone to update based on the rest of the input. + + +key +name +secret + + + + +Specifies that all updates are to be TSIG signed using the +keyname keysecret pair. +Key overrides any key specified on the command line via + or . + + prereq nxdomain