Commit 6325e8fa authored by Daniel Salzman's avatar Daniel Salzman
Browse files

knsupdate: allow algorithm specification in key command

parent 25d15d25
......@@ -105,10 +105,10 @@ class is IN.
Sets \fIvalue\fP as the default TTL (in seconds). If not used, the default value
is 0.
.TP
\fBkey\fP \fIname\fP \fIkey\fP
Specifies TSIG \fIkey\fP named \fIname\fP to authenticate the request. This command
has the same effect as the program option \fB\-y\fP, except that the MAC
algorithm cannot be set.
\fBkey\fP [\fIalg\fP:]\fIname\fP \fIkey\fP
Specifies TSIG \fIkey\fP named \fIname\fP to authenticate the request. An optional
\fIalg\fP algorithm can be specified. This command has the same effect as
the program option \fB\-y\fP\&.
.TP
[\fBprereq\fP] \fBnxdomain\fP \fIname\fP
Adds a prerequisite for a non\-existing record owned by \fIname\fP\&.
......
......@@ -82,10 +82,10 @@ Commands
Sets *value* as the default TTL (in seconds). If not used, the default value
is 0.
**key** *name* *key*
Specifies TSIG *key* named *name* to authenticate the request. This command
has the same effect as the program option **-y**, except that the MAC
algorithm cannot be set.
**key** [*alg*:]\ *name* *key*
Specifies TSIG *key* named *name* to authenticate the request. An optional
*alg* algorithm can be specified. This command has the same effect as
the program option **-y**.
[**prereq**] **nxdomain** *name*
Adds a prerequisite for a non-existing record owned by *name*.
......
......@@ -74,7 +74,7 @@ const char* cmd_array[] = {
"\x3" "del",
"\x6" "delete",
"\x7" "gsstsig",
"\x3" "key", /* {name} {secret} */
"\x3" "key", /* {[alg:]name} {secret} */
"\x5" "local", /* {address} [port] */
"\x8" "nxdomain",
"\x7" "nxrrset",
......@@ -980,19 +980,24 @@ int cmd_key(const char* lp, knsupdate_params_t *params)
}
int ret = KNOT_EOK;
size_t len = strcspn(lp, SEP_CHARS);
if(kstr[len] == '\0') {
ERR("command 'key' without {secret} specified\n");
ret = KNOT_EINVAL;
} else {
/* Override existing key. */
knot_tsig_key_deinit(&params->tsig_key);
kstr[len] = ':'; /* Replace ' ' with ':' sep */
ret = knot_tsig_key_init_str(&params->tsig_key, kstr);
/* Search for the name secret separation. Allow also alg:name:key form. */
char *sep = strchr(kstr, ' ');
if (sep != NULL) {
/* Replace ' ' with ':'. More spaces are ignored in base64. */
*sep = ':';
}
/* Override existing key. */
knot_tsig_key_deinit(&params->tsig_key);
ret = knot_tsig_key_init_str(&params->tsig_key, kstr);
if (ret != KNOT_EOK) {
ERR("invalid key specification\n");
}
free(kstr);
return ret;
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment