diff options
| author | Thomas Markwalder <tmark@isc.org> | 2018-12-18 11:20:10 -0500 |
|---|---|---|
| committer | Thomas Markwalder <tmark@isc.org> | 2018-12-18 11:20:10 -0500 |
| commit | 2203600f7a7afe0f3b781d7498c47fb0a8e7236f (patch) | |
| tree | a80f985a60414d4e4df994d3e9422257771d2b6d | |
| parent | 0a649fa83a836e1935b576fafcb92c190820c9f5 (diff) | |
| download | isc-dhcp-rt47168.tar.gz | |
[47168] Validate omshell key-algorithm valuesrt47168
dhcpctl/omshell.c
int valid_algorithm(const char* name, int len) - new function
that validates values for key algorithm name
main() - now validates values for key algorithm, emits helpful
message when invalid
| -rw-r--r-- | dhcpctl/omshell.c | 93 | ||||
| -rw-r--r-- | omapip/connection.c | 3 |
2 files changed, 59 insertions, 37 deletions
diff --git a/dhcpctl/omshell.c b/dhcpctl/omshell.c index d7a05cc4..0666448e 100644 --- a/dhcpctl/omshell.c +++ b/dhcpctl/omshell.c @@ -81,7 +81,20 @@ static void check (isc_result_t status, const char *func) { } } -int +/// @brief Checks a string against the set of valid algorithm names +/// @param name alogirthm name to validate +/// @param len length of the name to validate +/// @return non-zero if the name is valid, zero otherwise +static int valid_algorithm(const char* name, int len) { + return ((strncasecmp(name, "HMAC-MD5", len) == 0) || + (strncasecmp(name, "HMAC-SHA1", len) == 0) || + (strncasecmp(name, "HMAC-SHA224", len) == 0) || + (strncasecmp(name, "HMAC-SHA256", len) == 0) || + (strncasecmp(name, "HMAC-SHA384", len) == 0) || + (strncasecmp(name, "HMAC-SHA512", len) == 0)); +} + +int main(int argc, char **argv) { isc_result_t status, waitstatus; dhcpctl_handle connection; @@ -132,7 +145,7 @@ main(int argc, char **argv) { dhcpctl_remote_object_t *r = (dhcpctl_remote_object_t *)oh; omapi_generic_object_t *g = (omapi_generic_object_t *)(r -> inner); - + printf ("obj: "); if (r -> rtype -> type != omapi_datatype_string) { @@ -142,16 +155,16 @@ main(int argc, char **argv) { (int)(r -> rtype -> u . buffer . len), r -> rtype -> u . buffer . value); } - + for (i = 0; i < g -> nvalues; i++) { omapi_value_t *v = g -> values [i]; - + if (!g -> values [i]) continue; printf ("%.*s = ", (int)v -> name -> len, v -> name -> value); - + if (!v -> value) { printf ("<null>\n"); continue; @@ -161,20 +174,20 @@ main(int argc, char **argv) { printf ("%d\n", v -> value -> u . integer); break; - + case omapi_datatype_string: printf ("\"%.*s\"\n", (int) v -> value -> u.buffer.len, v -> value -> u.buffer.value); break; - + case omapi_datatype_data: print_hex_or_string(v->value->u.buffer.len, v->value->u.buffer.value, sizeof(hex_buf), hex_buf); printf("%s\n", hex_buf); break; - + case omapi_datatype_object: printf ("<obj>\n"); break; @@ -189,18 +202,18 @@ main(int argc, char **argv) { status = new_parse (&cfile, -1, buf, strlen(buf), "<STDIN>", 1); check(status, "new_parse()"); - + token = next_token (&val, (unsigned *)0, cfile); switch (token) { default: parse_warn (cfile, "unknown token: %s", val); skip_to_semi (cfile); break; - + case END_OF_FILE: case ENDOFLINE: /* EOL: */ break; - + case TOKEN_HELP: case QUESTIONMARK: /* '?': */ printf ("Commands:\n"); @@ -218,7 +231,7 @@ main(int argc, char **argv) { printf (" remove\n"); skip_to_semi (cfile); break; - + case PORT: token = next_token (&val, (unsigned *)0, cfile); if (is_identifier (token)) { @@ -349,6 +362,16 @@ main(int argc, char **argv) { break; } + if (!valid_algorithm(s, strlen(s))) { + printf ("unknown algorithm: '%s', " + "valid values are:\n" + " HMAC-MD5, HMAC-SHA1, HMAC-SHA224," + " HMAC-SHA256, HMAC-SHA384," + " or HMAC-SHA512\n", s); + skip_to_semi (cfile); + break; + } + break; case KEY: @@ -433,13 +456,13 @@ main(int argc, char **argv) { printf ("usage: new <object-type>\n"); break; } - + if (oh) { printf ("an object is already open.\n"); skip_to_semi (cfile); break; } - + if (!connected) { printf ("not connected.\n"); skip_to_semi (cfile); @@ -452,7 +475,7 @@ main(int argc, char **argv) { isc_result_totext (status)); break; } - + token = next_token (&val, (unsigned *)0, cfile); if (token != END_OF_FILE && token != EOL) { printf ("usage: new <object-type>\n"); @@ -481,7 +504,7 @@ main(int argc, char **argv) { break; } omapi_object_dereference (&oh, MDL); - + break; case TOKEN_SET: @@ -493,13 +516,13 @@ main(int argc, char **argv) { skip_to_semi (cfile); break; } - + if (oh == NULL) { printf ("no open object.\n"); skip_to_semi (cfile); break; } - + if (!connected) { printf ("not connected.\n"); skip_to_semi (cfile); @@ -512,7 +535,7 @@ main(int argc, char **argv) { s1[0] = 0; strncat (s1, val, sizeof(s1)-strlen(s1)-1); #endif - + token = next_token (&val, (unsigned *)0, cfile); if (token != EQUAL) goto set_usage; @@ -523,7 +546,7 @@ main(int argc, char **argv) { dhcpctl_set_string_value (oh, val, s1); token = next_token (&val, (unsigned *)0, cfile); break; - + case NUMBER: strcpy (buf, val); token = peek_token (&val, (unsigned *)0, cfile); @@ -561,7 +584,7 @@ main(int argc, char **argv) { token = next_token (&val, (unsigned *)0, cfile); badnum: break; - + case NUMBER_OR_NAME: strcpy (buf, val); cshl: @@ -587,11 +610,11 @@ main(int argc, char **argv) { printf ("invalid value.\n"); skip_to_semi (cfile); } - + if (token != END_OF_FILE && token != EOL) goto set_usage; break; - + case UNSET: token = next_token (&val, (unsigned *)0, cfile); @@ -601,13 +624,13 @@ main(int argc, char **argv) { skip_to_semi (cfile); break; } - + if (!oh) { printf ("no open object.\n"); skip_to_semi (cfile); break; } - + if (!connected) { printf ("not connected.\n"); skip_to_semi (cfile); @@ -620,7 +643,7 @@ main(int argc, char **argv) { s1[0] = 0; strncat (s1, val, sizeof(s1)-strlen(s1)-1); #endif - + token = next_token (&val, (unsigned *)0, cfile); if (token != END_OF_FILE && token != EOL) goto unset_usage; @@ -628,7 +651,7 @@ main(int argc, char **argv) { dhcpctl_set_null_value (oh, s1); break; - + case TOKEN_CREATE: case TOKEN_OPEN: i = token; @@ -638,7 +661,7 @@ main(int argc, char **argv) { skip_to_semi (cfile); break; } - + if (!connected) { printf ("not connected.\n"); skip_to_semi (cfile); @@ -655,7 +678,7 @@ main(int argc, char **argv) { i = DHCPCTL_CREATE | DHCPCTL_EXCL; else i = 0; - + status = dhcpctl_open_object (oh, connection, i); if (status == ISC_R_SUCCESS) status = dhcpctl_wait_for_completion @@ -667,7 +690,7 @@ main(int argc, char **argv) { isc_result_totext (status)); break; } - + break; case UPDATE: @@ -677,7 +700,7 @@ main(int argc, char **argv) { skip_to_semi (cfile); break; } - + if (!connected) { printf ("not connected.\n"); skip_to_semi (cfile); @@ -701,7 +724,7 @@ main(int argc, char **argv) { isc_result_totext (status)); break; } - + break; case REMOVE: @@ -711,7 +734,7 @@ main(int argc, char **argv) { skip_to_semi (cfile); break; } - + if (!connected) { printf ("not connected.\n"); break; @@ -743,7 +766,7 @@ main(int argc, char **argv) { skip_to_semi (cfile); break; } - + if (!connected) { printf ("not connected.\n"); break; @@ -765,7 +788,7 @@ main(int argc, char **argv) { isc_result_totext (status)); break; } - + break; } end_parse (&cfile); diff --git a/omapip/connection.c b/omapip/connection.c index f2eb730b..6f76b6f4 100644 --- a/omapip/connection.c +++ b/omapip/connection.c @@ -783,8 +783,7 @@ static isc_result_t make_dst_key (dst_key_t **dst_key, omapi_object_t *a) { (a, (omapi_object_t *)0, "key", &key); if (status == ISC_R_SUCCESS) { - if (algorithm->value->type != omapi_datatype_data && - algorithm->value->type != omapi_datatype_string) { + if (algorithm->value->type != omapi_datatype_string) { status = DHCP_R_INVALIDARG; } } |