-
-
Notifications
You must be signed in to change notification settings - Fork 105
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Updated cookie secrets management #378
Conversation
Partly addressing issue #196
from the old to the new default location
even when they came from the old default location +some small code cleanup and reduced code repetition
It's ready for review (and merge if accepted). One thing to consider/discuss is that it has one thing that is not backwards compatible, which is that cookie secrets from config file now are preferred over cookies from the cookie secrets file. Before this was the other way around. But, this feels more logical to me as zones in the configuration file are also preferred over zones in the zone list file. I believe there will be a negligible number of people that have cookie secrets in both the config file and in the cookie secrets file and would depend on the earlier preference to pick the secrets file. |
Looks reasonable to me. I agree that despite the backwards-incompatible change, it is unlikely to affect anyone, because no-one would define cookies in both places. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The code looks all right. I saw some places where the cookie secrets could possibly be wiped after temporary variables are done being used, maybe that is nice to have.
Thanks @wcawijngaards ! Yes, cleanup secrets on the stack after use is definitely more secure. I think you even found some occurrences that weren't covered before. Co-authored-by: Wouter Wijngaards <wcawijngaards@users.noreply.github.com>
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I agree with the changes in general, just some small remarks regarding use of enums
and one related to falling back to the previous value.
default: | ||
ssl_printf(ssl, "source : unknown\n"); | ||
break; |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
All possibilities are covered, so this is a panic situation(?)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I guess yes. Would you prefer a assert here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Would you prefer an assert?
I was reviewing the changes to the man pages and documentation, and it needs spelling and syntax fixes. Let me comment on the changes so you can fix them before merging this branch. |
Thanks! I'm also still addressing the last comment from @k0ekk0ek, which will simplify the code somewhat and also only does the fallback to the old default location for secrets (if there is nothing configured and nothing in the new default location), when nsd just started. |
@anandb-ripencc I am done with review feedback and will merge once you're finished your spelling corrections. |
Actually, just merge it. I will then submit a PR to update the documentation. Please don't make a new release before I've submitted documentation fixes. |
Looks good te me @wtoorop 👍 |
I accidentally committed along changes in simdzone. I'll force push the commit without the simdzone changes, and then merge. |
Right after config is read, so no wrapper is needed anymore to determine the value.
97fec31
to
c743742
Compare
This PR is in response to issue #196 (and thus also of interest to @anandb-ripencc )
--with-cookiesecretsfile=path
withconfigure
{dbdir}/cookiesecrets.txt
cookie-secret-file
option in the config file, and the new default location does not exist, cookie secrets will be read from the previous default location{configdir}/nsd_cookiesecrets.txt
cookie-staging-secret
option.cookie-secret
andcookie-staging-secret
option) take precedence over the ones from the cookie secret fileanswer-cookie
,cookie-secret
,cookie-staging-secret
andcookie-secret-file
) will be reevaluated and effectuated afternsd-control reconfig