Commit 670f2b67 authored by Jan Kadlec's avatar Jan Kadlec

zone-events: Removed obsolete TSIG API.

parent faf48b83
......@@ -669,7 +669,7 @@ static int xfr_task_resp_process(server_t *server,
}
/* Check SOA SERIAL. */
int ret = xfrin_transfer_needed(zone->contents, packet);
// int ret = xfrin_transfer_needed(zone->contents, packet);
dbg_zones_verb("xfrin_transfer_needed() returned %s\n",
knot_strerror(ret));
if (ret < 0) {
......
......@@ -31,139 +31,6 @@
#include "libknot/util/utils.h"
#include "libknot/rdata/soa.h"
/* ------------------------ legacy, to be removed --------------------------- */
#define KNOT_NS_TSIG_FREQ 100
static int knot_ns_tsig_required(int packet_nr)
{
/*! \bug This can overflow to negative numbers. Proper solution is to
* count exactly at one place for each incoming/outgoing packet
* with packet_nr = (packet_nr + 1) % FREQ and require TSIG on 0.
*/
dbg_ns_verb("ns_tsig_required(%d): %d\n", packet_nr,
(packet_nr % KNOT_NS_TSIG_FREQ == 0));
return (packet_nr % KNOT_NS_TSIG_FREQ == 0);
}
int xfrin_transfer_needed(const zone_contents_t *zone,
knot_pkt_t *soa_response)
{
#warning Reimplement or remove
/*
* Retrieve the local Serial
*/
const knot_rdataset_t *soa_rrs =
node_rdataset(zone->apex, KNOT_RRTYPE_SOA);
if (soa_rrs == NULL) {
char *name = knot_dname_to_str(zone->apex->owner);
dbg_xfrin("SOA RRSet missing in the zone %s!\n", name);
free(name);
return KNOT_ERROR;
}
uint32_t local_serial = knot_soa_serial(soa_rrs);
/*
* Retrieve the remote Serial
*/
// the SOA should be the first (and only) RRSet in the response
const knot_pktsection_t *answer = knot_pkt_section(soa_response, KNOT_ANSWER);
if (answer->count < 1) {
return KNOT_EMALF;
}
knot_rrset_t soa_rr = answer->rr[0];
if (soa_rr.type != KNOT_RRTYPE_SOA) {
return KNOT_EMALF;
}
uint32_t remote_serial = knot_soa_serial(&soa_rr.rrs);
return (knot_serial_compare(local_serial, remote_serial) < 0);
}
static int xfrin_check_tsig(knot_pkt_t *packet, knot_ns_xfr_t *xfr,
int tsig_req)
{
#warning reimplement, but not inside this file
assert(packet != NULL);
assert(xfr != NULL);
dbg_xfrin_verb("xfrin_check_tsig(): packet nr: %d, required: %d\n",
xfr->packet_nr, tsig_req);
/*
* If we are expecting it (i.e. xfr->prev_digest_size > 0)
* a) it should be there (first, last or each 100th packet) and it
* is not
* Then we should discard the changes and close the connection.
* b) it should be there and it is or it may not be there (other
* packets) and it is
* We validate the TSIG and reset packet number counting and
* data aggregation.
*
* If we are not expecting it (i.e. xfr->prev_digest_size <= 0) and
* it is there => it should probably be considered an error
*/
int ret = KNOT_EOK;
if (xfr->tsig_key) {
// just append the wireformat to the TSIG data
uint8_t *wire_buf = xfr->tsig_data + xfr->tsig_data_size;
memcpy(wire_buf, packet->wire, packet->size);
xfr->tsig_data_size += packet->size;
}
if (xfr->tsig_key) {
if (tsig_req && packet->tsig_rr == NULL) {
// TSIG missing!!
return KNOT_ENOTSIG;
} else if (packet->tsig_rr != NULL) {
// TSIG there, either required or not, process
if (xfr->packet_nr == 0) {
ret = knot_tsig_client_check(packet->tsig_rr,
xfr->tsig_data, xfr->tsig_data_size,
xfr->digest, xfr->digest_size,
xfr->tsig_key,
xfr->tsig_prev_time_signed);
} else {
ret = knot_tsig_client_check_next(packet->tsig_rr,
xfr->tsig_data, xfr->tsig_data_size,
xfr->digest, xfr->digest_size,
xfr->tsig_key,
xfr->tsig_prev_time_signed);
}
if (ret != KNOT_EOK) {
/* No need to check TSIG error
* here, propagate and check elsewhere.*/
return ret;
}
// and reset the data storage
//xfr->packet_nr = 1;
xfr->tsig_data_size = 0;
// Extract the digest from the TSIG RDATA and store it.
if (xfr->digest_max_size < tsig_rdata_mac_length(packet->tsig_rr)) {
return KNOT_ESPACE;
}
memcpy(xfr->digest, tsig_rdata_mac(packet->tsig_rr),
tsig_rdata_mac_length(packet->tsig_rr));
xfr->digest_size = tsig_rdata_mac_length(packet->tsig_rr);
// Extract the time signed from the TSIG and store it
// We may rewrite the tsig_req_time_signed field
xfr->tsig_prev_time_signed =
tsig_rdata_time_signed(packet->tsig_rr);
}
} else if (packet->tsig_rr != NULL) {
// TSIG where it should not be
return KNOT_EMALF;
}
return KNOT_EOK;
}
/* --------------------------- Update cleanup ------------------------------- */
/*!
......
......@@ -34,20 +34,6 @@
#include "knot/server/xfr-handler.h"
#include "knot/updates/changesets.h"
/*!
* \brief Checks if a zone transfer is required by comparing the zone's SOA with
* the one received from master server.
*
* \param zone Zone to check.
* \param soa_response Response to SOA query received from master server.
*
* \retval < 0 if an error occured.
* \retval 1 if the transfer is needed.
* \retval 0 if the transfer is not needed.
*/
int xfrin_transfer_needed(const zone_contents_t *zone,
knot_pkt_t *soa_response);
/*!
* \brief Applies changesets *with* zone shallow copy.
*
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment