check algorithm in getTSIGKey()

diff --git a/modules/bindbackend/binddnssec.cc b/modules/bindbackend/binddnssec.cc
index ecbd59d32d79c08f5486c7c2f69de8805eb679d9..f1806025849f50700e1e5ba18114534932c07ef9 100644 (file)
--- a/modules/bindbackend/binddnssec.cc
+++ b/modules/bindbackend/binddnssec.cc
@@ -296,8 +296,10 @@ bool Bind2Backend::getTSIGKey(const string& name, string* algorithm, string* con
   
   content->clear();
   while(d_dnssecdb->getRow(row)) {
-    *algorithm = row[0];
-    *content=row[1];
+    if(row.size() >= 2 && (algorithm->empty() || pdns_iequals(*algorithm, row[0]))) {
+      *algorithm = row[0];
+      *content = row[1];
+    }
   }
 
   return !content->empty();

diff --git a/modules/oraclebackend/oraclebackend.cc b/modules/oraclebackend/oraclebackend.cc
index 4e2be62fca996b68894631827eb0103a14fa6864..5020cf9dc6cf9a8cda480c53cf211372eed58935 100644 (file)
--- a/modules/oraclebackend/oraclebackend.cc
+++ b/modules/oraclebackend/oraclebackend.cc
@@ -1406,22 +1406,26 @@ OracleBackend::getTSIGKey (const string& name, string* algorithm, string* conten
 
   rc = OCIStmtExecute(pooledSvcCtx, stmt, oraerr, 1, 0, NULL, NULL, OCI_DEFAULT);
 
-  if (rc == OCI_NO_DATA) {
-    return false;
-  }
+  content->clear();
+  while (rc != OCI_NO_DATA) {
 
-  if (rc == OCI_ERROR) {
-    throw OracleException("Oracle getTSIGKey", oraerr);
-  }
+    if (rc == OCI_ERROR) {
+      throw OracleException("Oracle getTSIGKey", oraerr);
+    }
 
-  check_indicator(mResultTypeInd, false);
-  check_indicator(mResultContentInd, false);
+    check_indicator(mResultTypeInd, false);
+    check_indicator(mResultContentInd, false);
+
+    if(algorithm->empty() || pdns_iequals(*algorithm, mResultType)) {
+      *algorithm = mResultType;
+      *content = mResultContent;
+    }
 
-  *algorithm = mResultType;
-  *content = mResultContent;
+    rc = OCIStmtFetch2(stmt, oraerr, 1, OCI_FETCH_NEXT, 0, OCI_DEFAULT);
+  }
 
   release_query(stmt, getTSIGKeyQueryKey);
-  return true;
+  return !content->empty();
 }
 
 bool

diff --git a/pdns/backends/gsql/gsqlbackend.cc b/pdns/backends/gsql/gsqlbackend.cc
index 094e7324311361bc7afe4326e161258f8ff6505b..c42ec3abd2e53ba6089adad4a6055ae5615a790a 100644 (file)
--- a/pdns/backends/gsql/gsqlbackend.cc
+++ b/pdns/backends/gsql/gsqlbackend.cc
@@ -620,11 +620,13 @@ bool GSQLBackend::getTSIGKey(const string& name, string* algorithm, string* cont
   }
   
   SSql::row_t row;
-  
+
   content->clear();
   while(d_db->getRow(row)) {
-    *algorithm = row[0];
-    *content=row[1];
+    if(row.size() >= 2 && (algorithm->empty() || pdns_iequals(*algorithm, row[0]))) {
+      *algorithm = row[0];
+      *content = row[1];
+    }
   }
 
   return !content->empty();

diff --git a/pdns/dnspacket.cc b/pdns/dnspacket.cc
index 52f1298005d1d398f99cb55e10fe21c93c87f478..f6f5d51b103e9235d4668ab83d4170edd5996829 100644 (file)
--- a/pdns/dnspacket.cc
+++ b/pdns/dnspacket.cc
@@ -607,8 +607,8 @@ bool checkForCorrectTSIG(const DNSPacket* q, DNSBackend* B, string* keyname, str
     return false;
   }
 
-  string algoName = trc->d_algoName;
-  if (stripDot(algoName) == "hmac-md5.sig-alg.reg.int")
+  string algoName = toLowerCanonic(trc->d_algoName);
+  if (algoName == "hmac-md5.sig-alg.reg.int")
     algoName = "hmac-md5";
 
   string secret64;