TSIG key lookup

pdns/backends/gsql/gsqlbackend.cc

@@ -702,7 +702,7 @@ bool GSQLBackend::getTSIGKey(const DNSName& name, DNSName* algorithm, string* co
     content->clear();
     while(d_getTSIGKeyQuery_stmt->hasNextRow()) {
       d_getTSIGKeyQuery_stmt->nextRow(row);
-      if(row.size() >= 2 && (!algorithm->countLabels() || *algorithm==row[0])) {
+      if(row.size() >= 2 && (algorithm->empty() || *algorithm==row[0])) {
         *algorithm = row[0];
         *content = row[1];
       }

pdns/dnspacket.cc

@@ -633,16 +633,16 @@ bool checkForCorrectTSIG(const DNSPacket* q, UeberBackend* B, DNSName* keyname,
   }
 
   DNSName algoName = trc->d_algoName; // FIXME
-  if (algoName == DNSName("hmac-md5.sig-alg.reg.int"))
-    algoName = DNSName("hmac-md5");
+  if (algoName == "hmac-md5.sig-alg.reg.int")
+    algoName = "hmac-md5";
 
   string secret64;
   if(!B->getTSIGKey(*keyname, &algoName, &secret64)) {
     L<<Logger::Error<<"Packet for domain '"<<q->qdomain.toString()<<"' denied: can't find TSIG key with name '"<<keyname->toString()<<"' and algorithm '"<<algoName.toString()<<"'"<<endl;
     return false;
   }
-  if (trc->d_algoName == DNSName("hmac-md5"))
-    trc->d_algoName += DNSName("sig-alg.reg.int.");
+  if (trc->d_algoName == "hmac-md5")
+    trc->d_algoName += "sig-alg.reg.int";
 
   TSIGHashEnum algo;
   if(!getTSIGHashEnum(trc->d_algoName, algo)) {

pdns/dnssecinfra.cc

@@ -584,19 +584,17 @@ string makeTSIGMessageFromTSIGPacket(const string& opacket, unsigned int tsigOff
 
 bool getTSIGHashEnum(const DNSName &algoName, TSIGHashEnum& algoEnum)
 {
-  string normalizedName = algoName.toString(); // FIXME: check
-
-  if (normalizedName == "hmac-md5.sig-alg.reg.int")
+  if (algoName == "hmac-md5.sig-alg.reg.int")
     algoEnum = TSIG_MD5;
-  else if (normalizedName == "hmac-sha1")
+  else if (algoName == "hmac-sha1")
     algoEnum = TSIG_SHA1;
-  else if (normalizedName == "hmac-sha224")
+  else if (algoName == "hmac-sha224")
     algoEnum = TSIG_SHA224;
-  else if (normalizedName == "hmac-sha256")
+  else if (algoName == "hmac-sha256")
     algoEnum = TSIG_SHA256;
-  else if (normalizedName == "hmac-sha384")
+  else if (algoName == "hmac-sha384")
     algoEnum = TSIG_SHA384;
-  else if (normalizedName == "hmac-sha512")
+  else if (algoName == "hmac-sha512")
     algoEnum = TSIG_SHA512;
   else {
      return false;

pdns/resolver.cc

@@ -130,7 +130,7 @@ uint16_t Resolver::sendResolve(const ComboAddress& remote, const ComboAddress& l
     // cerr<<"Adding TSIG to notification, key name: '"<<tsigkeyname<<"', algo: '"<<tsigalgorithm<<"', secret: "<<Base64Encode(tsigsecret)<<endl;
     TSIGRecordContent trc;
     if (tsigalgorithm == "hmac-md5")
-      trc.d_algoName = tsigalgorithm + ".sig-alg.reg.int.";
+      trc.d_algoName = tsigalgorithm + "sig-alg.reg.int";
     else
       trc.d_algoName = tsigalgorithm;
     trc.d_time = time(0);
@@ -393,7 +393,7 @@ AXFRRetriever::AXFRRetriever(const ComboAddress& remote,
 
     if(!tsigkeyname.empty()) {
       if (tsigalgorithm == "hmac-md5")
-        d_trc.d_algoName = tsigalgorithm + ".sig-alg.reg.int.";
+        d_trc.d_algoName = tsigalgorithm + "sig-alg.reg.int";
       else
         d_trc.d_algoName = tsigalgorithm;
       d_trc.d_time = time(0);

pdns/tsig-tests.cc

@@ -49,7 +49,7 @@ try
   string keyname("pdns-b-aa");
 
   TSIGRecordContent trc;
-  trc.d_algoName="hmac-md5.sig-alg.reg.int.";
+  trc.d_algoName="hmac-md5.sig-alg.reg.int";
   trc.d_time=time(0);
   trc.d_fudge=300;
   trc.d_origID=ntohs(pw.getHeader()->id);