|
|
900526 |
From 09f1a6e812c02bd8bf1644e2253e21c26d25613a Mon Sep 17 00:00:00 2001
|
|
|
900526 |
From: Tomas Hozza <thozza@redhat.com>
|
|
|
900526 |
Date: Thu, 20 Feb 2014 11:01:00 +0100
|
|
|
900526 |
Subject: [PATCH] check TSIG key ID when receiving NOTIFY
|
|
|
900526 |
|
|
|
900526 |
Signed-off-by: Tomas Hozza <thozza@redhat.com>
|
|
|
900526 |
---
|
|
|
900526 |
lib/dns/zone.c | 8 ++++++--
|
|
|
900526 |
1 file changed, 6 insertions(+), 2 deletions(-)
|
|
|
900526 |
|
|
|
900526 |
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
|
|
|
900526 |
index 01ff97b..54b7896 100644
|
|
|
900526 |
--- a/lib/dns/zone.c
|
|
|
900526 |
+++ b/lib/dns/zone.c
|
|
|
900526 |
@@ -11846,6 +11846,8 @@ dns_zone_notifyreceive(dns_zone_t *zone, isc_sockaddr_t *from,
|
|
|
900526 |
int match = 0;
|
|
|
900526 |
isc_netaddr_t netaddr;
|
|
|
900526 |
isc_sockaddr_t local, remote;
|
|
|
900526 |
+ dns_tsigkey_t *tsigkey;
|
|
|
900526 |
+ dns_name_t *tsig;
|
|
|
900526 |
|
|
|
900526 |
REQUIRE(DNS_ZONE_VALID(zone));
|
|
|
900526 |
|
|
|
900526 |
@@ -11928,10 +11930,12 @@ dns_zone_notifyreceive(dns_zone_t *zone, isc_sockaddr_t *from,
|
|
|
900526 |
|
|
|
900526 |
/*
|
|
|
900526 |
* Accept notify requests from non masters if they are on
|
|
|
900526 |
- * 'zone->notify_acl'.
|
|
|
900526 |
+ * 'zone->notify_acl' or if used key ID match the ACLs.
|
|
|
900526 |
*/
|
|
|
900526 |
+ tsigkey = dns_message_gettsigkey(msg);
|
|
|
900526 |
+ tsig = dns_tsigkey_identity(tsigkey);
|
|
|
900526 |
if (i >= zone->masterscnt && zone->notify_acl != NULL &&
|
|
|
900526 |
- dns_acl_match(&netaddr, NULL, zone->notify_acl,
|
|
|
900526 |
+ dns_acl_match(&netaddr, tsig, zone->notify_acl,
|
|
|
900526 |
&zone->view->aclenv,
|
|
|
900526 |
&match, NULL) == ISC_R_SUCCESS &&
|
|
|
900526 |
match > 0)
|
|
|
900526 |
--
|
|
|
900526 |
1.8.5.3
|
|
|
900526 |
|