14 years ago · f39c8aea4a
--- a/src/bin/auth/auth_srv.cc
+++ b/src/bin/auth/auth_srv.cc
@@ -60,8 +60,6 @@
 
				 #include <auth/query.h>
			
 
				 #include <auth/statistics.h>
			
 
				 
			
 
				-#include <server_common/keyring.h>
			
 
				-
			
 
				 using namespace std;
			
 
				 
			
 
				 using namespace isc;
			
@@ -77,6 +75,7 @@ using namespace isc::xfr;
 
				 using namespace isc::asiolink;
			
 
				 using namespace isc::asiodns;
			
 
				 using namespace isc::server_common::portconfig;
			
 
				+using boost::shared_ptr;
			
 
				 
			
 
				 class AuthSrvImpl {
			
 
				 private:
			
@@ -123,6 +122,9 @@ public:
 
				 
			
 
				     /// Addresses we listen on
			
 
				     AddressList listen_addresses_;
			
 
				+
			
 
				+    /// The TSIG keyring
			
 
				+    const shared_ptr<TSIGKeyRing>* keyring_;
			
 
				 private:
			
 
				     std::string db_file_;
			
 
				 
			
@@ -146,6 +148,7 @@ AuthSrvImpl::AuthSrvImpl(const bool use_cache,
 
				     memory_datasrc_class_(RRClass::IN()),
			
 
				     statistics_timer_(io_service_),
			
 
				     counters_(verbose_mode_),
			
 
				+    keyring_(NULL),
			
 
				     xfrout_connected_(false),
			
 
				     xfrout_client_(xfrout_client)
			
 
				 {
			
@@ -467,11 +470,11 @@ AuthSrv::processMessage(const IOMessage& io_message, MessagePtr message,
 
				 
			
 
				     // Do we do TSIG?
			
 
				     // The keyring can be null if we're in test
			
 
				-    if (server_common::keyring != NULL && tsig_record != NULL) {
			
 
				+    if (impl_->keyring_ != NULL && tsig_record != NULL) {
			
 
				         tsig_context.reset(new TSIGContext(tsig_record->getName(),
			
 
				                                            tsig_record->getRdata().
			
 
				                                                 getAlgorithm(),
			
 
				-                                           *server_common::keyring));
			
 
				+                                           **impl_->keyring_));
			
 
				         tsig_error = tsig_context->verify(tsig_record, io_message.getData(),
			
 
				                                           io_message.getDataSize());
			
 
				     }
			
@@ -822,3 +825,8 @@ void
 
				 AuthSrv::setDNSService(isc::asiodns::DNSService& dnss) {
			
 
				     dnss_ = &dnss;
			
 
				 }
			
 
				+
			
 
				+void
			
 
				+AuthSrv::setTSIGKeyRing(const shared_ptr<TSIGKeyRing>* keyring) {
			
 
				+    impl_->keyring_ = keyring;
			
 
				+}
			
--- a/src/bin/auth/auth_srv.h
+++ b/src/bin/auth/auth_srv.h
@@ -44,6 +44,9 @@ class MemoryDataSrc;
 
				 namespace xfr {
			
 
				 class AbstractXfroutClient;
			
 
				 }
			
 
				+namespace dns {
			
 
				+class TSIGKeyRing;
			
 
				+}
			
 
				 }
			
 
				 
			
 
				 
			
@@ -374,6 +377,14 @@ public:
 
				     /// \brief Assign an ASIO DNS Service queue to this Auth object
			
 
				     void setDNSService(isc::asiodns::DNSService& dnss);
			
 
				 
			
 
				+    /// \brief Sets the keyring used for verifying and signing
			
 
				+    ///
			
 
				+    /// The parameter is pointer to shared pointer, because the automatic
			
 
				+    /// reloading routines of tsig keys replace the actual keyring object.
			
 
				+    /// It is expected the pointer will point to some statically-allocated
			
 
				+    /// object, it doesn't take ownership of it.
			
 
				+    void setTSIGKeyRing(const boost::shared_ptr<isc::dns::TSIGKeyRing>*
			
 
				+                        keyring);
			
 
				 
			
 
				 private:
			
 
				     AuthSrvImpl* impl_;
			
--- a/src/bin/auth/main.cc
+++ b/src/bin/auth/main.cc
@@ -198,6 +198,7 @@ main(int argc, char* argv[]) {
 
				 
			
 
				         cout << "[b10-auth] Loading TSIG keys" << endl;
			
 
				         isc::server_common::initKeyring(*config_session);
			
 
				+        auth_server->setTSIGKeyRing(&isc::server_common::keyring);
			
 
				 
			
 
				         // Now start asynchronous read.
			
 
				         config_session->start();
			
--- a/src/bin/auth/tests/auth_srv_unittest.cc
+++ b/src/bin/auth/tests/auth_srv_unittest.cc
@@ -16,6 +16,8 @@
 
				 
			
 
				 #include <vector>
			
 
				 
			
 
				+#include <boost/shared_ptr.hpp>
			
 
				+
			
 
				 #include <gtest/gtest.h>
			
 
				 
			
 
				 #include <dns/message.h>
			
@@ -52,6 +54,7 @@ using namespace isc::asiolink;
 
				 using namespace isc::testutils;
			
 
				 using namespace isc::server_common::portconfig;
			
 
				 using isc::UnitTestUtil;
			
 
				+using boost::shared_ptr;
			
 
				 
			
 
				 namespace {
			
 
				 const char* const CONFIG_TESTDB =
			
@@ -255,11 +258,11 @@ TEST_F(AuthSrvTest, TSIGSigned) {
 
				     createRequestPacket(request_message, IPPROTO_UDP, &context);
			
 
				 
			
 
				     // Run the message through the server
			
 
				-    isc::server_common::keyring.reset(new TSIGKeyRing);
			
 
				-    isc::server_common::keyring->add(key);
			
 
				+    shared_ptr<TSIGKeyRing> keyring(new TSIGKeyRing);
			
 
				+    keyring->add(key);
			
 
				+    server.setTSIGKeyRing(&keyring);
			
 
				     server.processMessage(*io_message, parse_message, response_obuffer,
			
 
				                           &dnsserv);
			
 
				-    isc::server_common::keyring.reset();
			
 
				 
			
 
				     // What did we get?
			
 
				     EXPECT_TRUE(dnsserv.hasAnswer());
			
@@ -288,10 +291,10 @@ TEST_F(AuthSrvTest, TSIGSignedBadKey) {
 
				     createRequestPacket(request_message, IPPROTO_UDP, &context);
			
 
				 
			
 
				     // Process the message, but use a different key there
			
 
				-    isc::server_common::keyring.reset(new TSIGKeyRing);
			
 
				+    shared_ptr<TSIGKeyRing> keyring(new TSIGKeyRing);
			
 
				+    server.setTSIGKeyRing(&keyring);
			
 
				     server.processMessage(*io_message, parse_message, response_obuffer,
			
 
				                           &dnsserv);
			
 
				-    isc::server_common::keyring.reset();
			
 
				 
			
 
				     EXPECT_TRUE(dnsserv.hasAnswer());
			
 
				     headerCheck(*parse_message, default_qid, TSIGError::BAD_KEY().toRcode(),
			
@@ -318,11 +321,12 @@ TEST_F(AuthSrvTest, TSIGBadSig) {
 
				                          Name("version.bind"), RRClass::CH(), RRType::TXT());
			
 
				     createRequestPacket(request_message, IPPROTO_UDP, &context);
			
 
				 
			
 
				-    isc::server_common::keyring.reset(new TSIGKeyRing);
			
 
				-    isc::server_common::keyring->add(TSIGKey("key:QkFECg==:hmac-sha1"));
			
 
				+    // Process the message, but use a different key there
			
 
				+    shared_ptr<TSIGKeyRing> keyring(new TSIGKeyRing);
			
 
				+    keyring->add(TSIGKey("key:QkFECg==:hmac-sha1"));
			
 
				+    server.setTSIGKeyRing(&keyring);
			
 
				     server.processMessage(*io_message, parse_message, response_obuffer,
			
 
				                           &dnsserv);
			
 
				-    isc::server_common::keyring.reset();
			
 
				 
			
 
				     EXPECT_TRUE(dnsserv.hasAnswer());
			
 
				     headerCheck(*parse_message, default_qid, TSIGError::BAD_SIG().toRcode(),
			
@@ -353,11 +357,12 @@ TEST_F(AuthSrvTest, TSIGCheckFirst) {
 
				                                        RRClass::CH(), RRType::TXT());
			
 
				     createRequestPacket(request_message, IPPROTO_UDP, &context);
			
 
				 
			
 
				-    isc::server_common::keyring.reset(new TSIGKeyRing);
			
 
				-    isc::server_common::keyring->add(TSIGKey("key:QkFECg==:hmac-sha1"));
			
 
				+    // Process the message, but use a different key there
			
 
				+    shared_ptr<TSIGKeyRing> keyring(new TSIGKeyRing);
			
 
				+    keyring->add(TSIGKey("key:QkFECg==:hmac-sha1"));
			
 
				+    server.setTSIGKeyRing(&keyring);
			
 
				     server.processMessage(*io_message, parse_message, response_obuffer,
			
 
				                           &dnsserv);
			
 
				-    isc::server_common::keyring.reset();
			
 
				 
			
 
				     EXPECT_TRUE(dnsserv.hasAnswer());
			
 
				     headerCheck(*parse_message, default_qid, TSIGError::BAD_SIG().toRcode(),