#include <isc/lang.h>#include <dns/types.h>#include <dst/dst.h>#include <dst/gssapi.h>Go to the source code of this file.
Data Structures | |
| struct | dns_tkeyctx |
Defines | |
| #define | DNS_TKEY_H 1 |
| #define | DNS_TKEYMODE_SERVERASSIGNED 1 |
| #define | DNS_TKEYMODE_DIFFIEHELLMAN 2 |
| #define | DNS_TKEYMODE_GSSAPI 3 |
| #define | DNS_TKEYMODE_RESOLVERASSIGNED 4 |
| #define | DNS_TKEYMODE_DELETE 5 |
Functions | |
| isc_result_t | dns_tkeyctx_create (isc_mem_t *mctx, isc_entropy_t *ectx, dns_tkeyctx_t **tctxp) |
| Create an empty TKEY context. | |
| void | dns_tkeyctx_destroy (dns_tkeyctx_t **tctxp) |
| Frees all data associated with the TKEY context. | |
| isc_result_t | dns_tkey_processquery (dns_message_t *msg, dns_tkeyctx_t *tctx, dns_tsig_keyring_t *ring) |
| Processes a query containing a TKEY record, adding or deleting TSIG keys if necessary, and modifies the message to contain the response. | |
| isc_result_t | dns_tkey_builddhquery (dns_message_t *msg, dst_key_t *key, dns_name_t *name, dns_name_t *algorithm, isc_buffer_t *nonce, isc_uint32_t lifetime) |
| Builds a query containing a TKEY that will generate a shared secret using a Diffie-Hellman key exchange. The shared key will be of the specified algorithm (only DNS_TSIG_HMACMD5_NAME is supported), and will be named either 'name', 'name' + server chosen domain, or random data + server chosen domain if 'name' == dns_rootname. If nonce is not NULL, it supplies random data used in the shared secret computation. The key is requested to have the specified lifetime (in seconds). | |
| isc_result_t | dns_tkey_buildgssquery (dns_message_t *msg, dns_name_t *name, dns_name_t *gname, isc_buffer_t *intoken, isc_uint32_t lifetime, gss_ctx_id_t *context, isc_boolean_t win2k, isc_mem_t *mctx, char **err_message) |
| Builds a query containing a TKEY that will generate a GSSAPI context. The key is requested to have the specified lifetime (in seconds). | |
| isc_result_t | dns_tkey_builddeletequery (dns_message_t *msg, dns_tsigkey_t *key) |
| Builds a query containing a TKEY record that will delete the specified shared secret from the server. | |
| isc_result_t | dns_tkey_processdhresponse (dns_message_t *qmsg, dns_message_t *rmsg, dst_key_t *key, isc_buffer_t *nonce, dns_tsigkey_t **outkey, dns_tsig_keyring_t *ring) |
| Processes a response to a query containing a TKEY that was designed to generate a shared secret using a Diffie-Hellman key exchange. If the query was successful, a new shared key is created and added to the list of shared keys. | |
| isc_result_t | dns_tkey_processgssresponse (dns_message_t *qmsg, dns_message_t *rmsg, dns_name_t *gname, gss_ctx_id_t *context, isc_buffer_t *outtoken, dns_tsigkey_t **outkey, dns_tsig_keyring_t *ring, char **err_message) |
| XXX. | |
| isc_result_t | dns_tkey_processdeleteresponse (dns_message_t *qmsg, dns_message_t *rmsg, dns_tsig_keyring_t *ring) |
| Processes a response to a query containing a TKEY that was designed to delete a shared secret. If the query was successful, the shared key is deleted from the list of shared keys. | |
| isc_result_t | dns_tkey_gssnegotiate (dns_message_t *qmsg, dns_message_t *rmsg, dns_name_t *server, gss_ctx_id_t *context, dns_tsigkey_t **outkey, dns_tsig_keyring_t *ring, isc_boolean_t win2k, char **err_message) |
Definition in file tkey.h.
| #define DNS_TKEYMODE_SERVERASSIGNED 1 |
| #define DNS_TKEYMODE_DIFFIEHELLMAN 2 |
Definition at line 36 of file tkey.h.
Referenced by dns_tkey_builddhquery(), dns_tkey_processdhresponse(), and dns_tkey_processquery().
| #define DNS_TKEYMODE_GSSAPI 3 |
Definition at line 37 of file tkey.h.
Referenced by dns_tkey_buildgssquery(), dns_tkey_gssnegotiate(), dns_tkey_processgssresponse(), and dns_tkey_processquery().
| #define DNS_TKEYMODE_RESOLVERASSIGNED 4 |
| #define DNS_TKEYMODE_DELETE 5 |
Definition at line 39 of file tkey.h.
Referenced by dns_tkey_builddeletequery(), dns_tkey_processdeleteresponse(), and dns_tkey_processquery().
| isc_result_t dns_tkeyctx_create | ( | isc_mem_t * | mctx, | |
| isc_entropy_t * | ectx, | |||
| dns_tkeyctx_t ** | tctxp | |||
| ) |
Create an empty TKEY context.
Requires:
Definition at line 92 of file tkey.c.
References dns_tkeyctx::dhkey, dns_tkeyctx::domain, dns_tkeyctx::ectx, dns_tkeyctx::gssapi_keytab, dns_tkeyctx::gsscred, isc_entropy_attach(), isc_mem_attach(), isc_mem_get, ISC_R_NOMEMORY, ISC_R_SUCCESS, dns_tkeyctx::mctx, and REQUIRE.
Referenced by ns_server_create(), and ns_tkeyctx_fromconfig().
| void dns_tkeyctx_destroy | ( | dns_tkeyctx_t ** | tctxp | ) |
Frees all data associated with the TKEY context.
Requires:
Definition at line 117 of file tkey.c.
References dns_tkeyctx::dhkey, dns_name_dynamic(), dns_name_free(), dns_tkeyctx::domain, dst_gssapi_releasecred(), dst_key_free(), dns_tkeyctx::ectx, dns_tkeyctx::gssapi_keytab, dns_tkeyctx::gsscred, isc_entropy_detach(), isc_mem_detach(), isc_mem_free, isc_mem_put, dns_tkeyctx::mctx, mctx, and REQUIRE.
Referenced by load_configuration(), ns_server_destroy(), and ns_tkeyctx_fromconfig().
| isc_result_t dns_tkey_processquery | ( | dns_message_t * | msg, | |
| dns_tkeyctx_t * | tctx, | |||
| dns_tsig_keyring_t * | ring | |||
| ) |
Processes a query containing a TKEY record, adding or deleting TSIG keys if necessary, and modifies the message to contain the response.
Requires:
Definition at line 615 of file tkey.c.
References add_rdata_to_list(), dns_fixedname_init, dns_fixedname_name, dns_message_addname(), dns_message_currentname(), dns_message_findname(), dns_message_firstname(), dns_message_reply(), dns_message_signer(), dns_name_clone(), dns_name_concatenate(), dns_name_copy(), dns_name_countlabels(), dns_name_equal(), dns_name_fromtext(), dns_name_getlabelsequence(), dns_name_init(), DNS_R_FORMERR, DNS_R_NOTIMP, DNS_R_REFUSED, dns_rcode_noerror, dns_rdata_freestruct(), dns_rdata_fromstruct(), dns_rdata_init(), dns_rdata_tostruct(), dns_rdataset_current(), dns_rdataset_first(), dns_rootname, DNS_SECTION_ADDITIONAL, DNS_SECTION_ANSWER, DNS_SECTION_QUESTION, DNS_TKEYMODE_DELETE, DNS_TKEYMODE_DIFFIEHELLMAN, DNS_TKEYMODE_GSSAPI, DNS_TKEYMODE_RESOLVERASSIGNED, DNS_TKEYMODE_SERVERASSIGNED, dns_tsigerror_badmode, dns_tsigerror_badname, dns_tsigkey_detach(), dns_tsigkey_find(), dns_tkeyctx::domain, dns_tkeyctx::ectx, free_namelist(), hexdigits, isc_buffer_add, isc_buffer_init, isc_entropy_getdata(), ISC_FALSE, ISC_LINK_INIT, ISC_LIST_EMPTY, ISC_LIST_HEAD, ISC_LIST_INIT, ISC_LIST_NEXT, ISC_LIST_UNLINK, isc_mem_put, ISC_R_NOTFOUND, ISC_R_SUCCESS, ISC_TRUE, dns_message::mctx, name, process_deletetkey(), process_dhtkey(), process_gsstkey(), dns_rdata::rdclass, REQUIRE, RETERR, RUNTIME_CHECK, tkey_log(), and tsigkey.
Referenced by ns_query_start().
| isc_result_t dns_tkey_builddhquery | ( | dns_message_t * | msg, | |
| dst_key_t * | key, | |||
| dns_name_t * | name, | |||
| dns_name_t * | algorithm, | |||
| isc_buffer_t * | nonce, | |||
| isc_uint32_t | lifetime | |||
| ) |
Builds a query containing a TKEY that will generate a shared secret using a Diffie-Hellman key exchange. The shared key will be of the specified algorithm (only DNS_TSIG_HMACMD5_NAME is supported), and will be named either 'name', 'name' + server chosen domain, or random data + server chosen domain if 'name' == dns_rootname. If nonce is not NULL, it supplies random data used in the shared secret computation. The key is requested to have the specified lifetime (in seconds).
Requires:
Definition at line 943 of file tkey.c.
References add_rdata_to_list(), isc_region::base, buildquery(), DNS_KEYALG_DH, dns_message_addname(), dns_message_gettemprdata(), dns_message_takebuffer(), dns_name_clone(), dns_name_init(), dns_rdata_fromregion(), DNS_SECTION_ADDITIONAL, DNS_TKEYMODE_DIFFIEHELLMAN, dst_key_alg(), dst_key_isprivate(), dst_key_name(), dst_key_todns(), isc_buffer_allocate(), isc_buffer_free(), isc_buffer_usedregion, ISC_FALSE, ISC_LINK_INIT, ISC_LIST_HEAD, ISC_LIST_INIT, ISC_LIST_NEXT, ISC_LIST_UNLINK, isc_mem_get, isc_mem_put, ISC_R_SUCCESS, isc_stdtime_get(), isc_region::length, dns_message::mctx, now, r, REQUIRE, and RETERR.
| isc_result_t dns_tkey_buildgssquery | ( | dns_message_t * | msg, | |
| dns_name_t * | name, | |||
| dns_name_t * | gname, | |||
| isc_buffer_t * | intoken, | |||
| isc_uint32_t | lifetime, | |||
| gss_ctx_id_t * | context, | |||
| isc_boolean_t | win2k, | |||
| isc_mem_t * | mctx, | |||
| char ** | err_message | |||
| ) |
Builds a query containing a TKEY that will generate a GSSAPI context. The key is requested to have the specified lifetime (in seconds).
Requires:
Definition at line 1021 of file tkey.c.
References buildquery(), dns_name_clone(), dns_name_init(), DNS_R_CONTINUE, DNS_TKEYMODE_GSSAPI, DNS_TSIG_GSSAPI_NAME, DNS_TSIG_GSSAPIMS_NAME, dst_gssapi_initctx(), isc_buffer_base, isc_buffer_init, isc_buffer_usedlength, ISC_LINK_INIT, ISC_R_SUCCESS, isc_stdtime_get(), now, REQUIRE, RETERR, token, and UNUSED.
| isc_result_t dns_tkey_builddeletequery | ( | dns_message_t * | msg, | |
| dns_tsigkey_t * | key | |||
| ) |
Builds a query containing a TKEY record that will delete the specified shared secret from the server.
Requires:
Definition at line 1076 of file tkey.c.
References dns_tsigkey::algorithm, buildquery(), dns_name_clone(), dns_name_init(), DNS_TKEYMODE_DELETE, ISC_FALSE, ISC_LINK_INIT, dns_message::mctx, dns_tsigkey::name, and REQUIRE.
| isc_result_t dns_tkey_processdhresponse | ( | dns_message_t * | qmsg, | |
| dns_message_t * | rmsg, | |||
| dst_key_t * | key, | |||
| isc_buffer_t * | nonce, | |||
| dns_tsigkey_t ** | outkey, | |||
| dns_tsig_keyring_t * | ring | |||
| ) |
Processes a response to a query containing a TKEY that was designed to generate a shared secret using a Diffie-Hellman key exchange. If the query was successful, a new shared key is created and added to the list of shared keys.
Requires:
Definition at line 1126 of file tkey.c.
References isc_region::base, compute_secret(), dns_dnssec_keyfromrdata(), DNS_KEYALG_DH, dns_message_currentname(), dns_message_findname(), dns_message_findtype(), dns_message_firstname(), dns_message_nextname(), dns_name_clone(), dns_name_equal(), dns_name_init(), DNS_R_INVALIDTKEY, dns_rcode_noerror, dns_rdata_freestruct(), DNS_RDATA_INIT, dns_rdata_tostruct(), dns_rdataset_current(), dns_rdataset_first(), DNS_SECTION_ADDITIONAL, DNS_SECTION_ANSWER, DNS_TKEYMODE_DIFFIEHELLMAN, dns_tsigkey_create(), dst_key_alg(), dst_key_computesecret(), dst_key_free(), dst_key_isprivate(), dst_key_name(), dst_key_secretsize(), find_tkey(), isc_buffer_allocate(), isc_buffer_free(), isc_buffer_init, isc_buffer_usedregion, ISC_FALSE, isc_mem_get, isc_mem_put, ISC_R_NOTFOUND, ISC_R_SUCCESS, ISC_RESULTCLASS_DNSRCODE, ISC_TRUE, isc_region::length, dns_message::mctx, r, r2, dns_message::rcode, REQUIRE, RETERR, secret, tempname, and tkey_log().
| isc_result_t dns_tkey_processgssresponse | ( | dns_message_t * | qmsg, | |
| dns_message_t * | rmsg, | |||
| dns_name_t * | gname, | |||
| gss_ctx_id_t * | context, | |||
| isc_buffer_t * | outtoken, | |||
| dns_tsigkey_t ** | outkey, | |||
| dns_tsig_keyring_t * | ring, | |||
| char ** | err_message | |||
| ) |
XXX.
Definition at line 1256 of file tkey.c.
References _dns_tkey_dumpmessage(), dns_name_equal(), DNS_R_INVALIDTKEY, dns_rcode_noerror, dns_rdata_freestruct(), DNS_RDATA_INIT, dns_rdata_tostruct(), dns_rootname, DNS_SECTION_ADDITIONAL, DNS_SECTION_ANSWER, DNS_TKEYMODE_GSSAPI, DNS_TSIG_GSSAPI_NAME, dns_tsigkey_createfromkey(), dst_gssapi_initctx(), dst_key_free(), dst_key_fromgssapi(), find_tkey(), isc_buffer_init, ISC_FALSE, ISC_R_NOTFOUND, ISC_R_SUCCESS, ISC_RESULTCLASS_DNSRCODE, dns_message::mctx, dns_tsig_keyring::mctx, dns_message::rcode, REQUIRE, RETERR, and tkey_log().
| isc_result_t dns_tkey_processdeleteresponse | ( | dns_message_t * | qmsg, | |
| dns_message_t * | rmsg, | |||
| dns_tsig_keyring_t * | ring | |||
| ) |
Processes a response to a query containing a TKEY that was designed to delete a shared secret. If the query was successful, the shared key is deleted from the list of shared keys.
Requires:
Definition at line 1334 of file tkey.c.
References dns_name_equal(), DNS_R_INVALIDTKEY, dns_rcode_noerror, dns_rdata_freestruct(), DNS_RDATA_INIT, dns_rdata_tostruct(), DNS_SECTION_ADDITIONAL, DNS_SECTION_ANSWER, DNS_TKEYMODE_DELETE, dns_tsigkey_detach(), dns_tsigkey_find(), dns_tsigkey_setdeleted(), find_tkey(), ISC_RESULTCLASS_DNSRCODE, dns_message::rcode, REQUIRE, RETERR, tempname, tkey_log(), and tsigkey.
| isc_result_t dns_tkey_gssnegotiate | ( | dns_message_t * | qmsg, | |
| dns_message_t * | rmsg, | |||
| dns_name_t * | server, | |||
| gss_ctx_id_t * | context, | |||
| dns_tsigkey_t ** | outkey, | |||
| dns_tsig_keyring_t * | ring, | |||
| isc_boolean_t | win2k, | |||
| char ** | err_message | |||
| ) |
Definition at line 1389 of file tkey.c.
References dns_name_equal(), DNS_R_CONTINUE, DNS_R_INVALIDTKEY, dns_rcode_noerror, dns_rdata_freestruct(), DNS_RDATA_INIT, dns_rdata_tostruct(), dns_rootname, DNS_SECTION_ADDITIONAL, DNS_SECTION_ANSWER, DNS_TKEYMODE_GSSAPI, DNS_TSIG_GSSAPI_NAME, DNS_TSIG_GSSAPIMS_NAME, dns_tsigkey_createfromkey(), dst_gssapi_initctx(), dst_key_free(), dst_key_fromgssapi(), find_tkey(), isc_buffer_init, ISC_FALSE, ISC_R_SUCCESS, ISC_RESULTCLASS_DNSRCODE, ISC_TRUE, dns_message::mctx, dns_tsig_keyring::mctx, dns_message::rcode, REQUIRE, RETERR, and tkey_log().