#include <config.h>#include <stdlib.h>#include <isc/buffer.h>#include <isc/mem.h>#include <isc/print.h>#include <isc/refcount.h>#include <isc/serial.h>#include <isc/string.h>#include <isc/util.h>#include <isc/time.h>#include <dns/keyvalues.h>#include <dns/log.h>#include <dns/message.h>#include <dns/fixedname.h>#include <dns/rbt.h>#include <dns/rdata.h>#include <dns/rdatalist.h>#include <dns/rdataset.h>#include <dns/rdatastruct.h>#include <dns/result.h>#include <dns/tsig.h>#include <dst/result.h>Go to the source code of this file.
Defines | |
| #define | TSIG_MAGIC ISC_MAGIC('T', 'S', 'I', 'G') |
| #define | VALID_TSIG_KEY(x) ISC_MAGIC_VALID(x, TSIG_MAGIC) |
| #define | DNS_TSIG_MAXGENERATEDKEYS 4096 |
| #define | is_response(msg) (msg->flags & DNS_MESSAGEFLAG_QR) |
| #define | algname_is_allocated(algname) |
| #define | BADTIMELEN 6 |
Functions | |
| static isc_result_t | tsig_verify_tcp (isc_buffer_t *source, dns_message_t *msg) |
| static void | tsig_log (dns_tsigkey_t *key, int level, const char *fmt,...) ISC_FORMAT_PRINTF(3 |
| static void static void | cleanup_ring (dns_tsig_keyring_t *ring) |
| static void | tsigkey_free (dns_tsigkey_t *key) |
| static void | remove_fromring (dns_tsigkey_t *tkey) |
| static void | adjust_lru (dns_tsigkey_t *tkey) |
| static isc_result_t | keyring_add (dns_tsig_keyring_t *ring, dns_name_t *name, dns_tsigkey_t *tkey) |
| isc_result_t | dns_tsigkey_createfromkey (dns_name_t *name, dns_name_t *algorithm, dst_key_t *dstkey, isc_boolean_t generated, dns_name_t *creator, isc_stdtime_t inception, isc_stdtime_t expire, isc_mem_t *mctx, dns_tsig_keyring_t *ring, dns_tsigkey_t **key) |
| Creates a tsig key structure and saves it in the keyring. If key is not NULL, *key will contain a copy of the key. The keys validity period is specified by (inception, expire), and will not expire if inception == expire. If the key was generated, the creating identity, if there is one, should be in the creator parameter. Specifying an unimplemented algorithm will cause failure only if dstkey != NULL; this allows a transient key with an invalid algorithm to exist long enough to generate a BADKEY response. | |
| static void | destroyring (dns_tsig_keyring_t *ring) |
| static unsigned int | dst_alg_fromname (dns_name_t *algorithm) |
| static isc_result_t | restore_key (dns_tsig_keyring_t *ring, isc_stdtime_t now, FILE *fp) |
| static void | dump_key (dns_tsigkey_t *tkey, FILE *fp) |
| isc_result_t | dns_tsigkeyring_dumpanddetach (dns_tsig_keyring_t **ringp, FILE *fp) |
| Destroy a TSIG key ring. | |
| isc_result_t | dns_tsigkey_create (dns_name_t *name, dns_name_t *algorithm, unsigned char *secret, int length, isc_boolean_t generated, dns_name_t *creator, isc_stdtime_t inception, isc_stdtime_t expire, isc_mem_t *mctx, dns_tsig_keyring_t *ring, dns_tsigkey_t **key) |
| void | dns_tsigkey_attach (dns_tsigkey_t *source, dns_tsigkey_t **targetp) |
| Attach '*targetp' to 'source'. | |
| void | dns_tsigkey_detach (dns_tsigkey_t **keyp) |
| Detaches from the tsig key structure pointed to by '*key'. | |
| void | dns_tsigkey_setdeleted (dns_tsigkey_t *key) |
| Prevents this key from being used again. It will be deleted when no references exist. | |
| isc_result_t | dns_tsig_sign (dns_message_t *msg) |
| Generates a TSIG record for this message. | |
| isc_result_t | dns_tsig_verify (isc_buffer_t *source, dns_message_t *msg, dns_tsig_keyring_t *ring1, dns_tsig_keyring_t *ring2) |
| Verifies the TSIG record in this message. | |
| isc_result_t | dns_tsigkey_find (dns_tsigkey_t **tsigkey, dns_name_t *name, dns_name_t *algorithm, dns_tsig_keyring_t *ring) |
| Returns the TSIG key corresponding to this name and (possibly) algorithm. Also increments the key's reference counter. | |
| static void | free_tsignode (void *node, void *_unused) |
| isc_result_t | dns_tsigkeyring_create (isc_mem_t *mctx, dns_tsig_keyring_t **ringp) |
| Create an empty TSIG key ring. | |
| isc_result_t | dns_tsigkeyring_add (dns_tsig_keyring_t *ring, dns_name_t *name, dns_tsigkey_t *tkey) |
| Place a TSIG key onto a key ring. | |
| void | dns_tsigkeyring_attach (dns_tsig_keyring_t *source, dns_tsig_keyring_t **target) |
| void | dns_tsigkeyring_detach (dns_tsig_keyring_t **ringp) |
| void | dns_keyring_restore (dns_tsig_keyring_t *ring, FILE *fp) |
Variables | |
| static unsigned char | hmacmd5_ndata [] = "\010hmac-md5\007sig-alg\003reg\003int" |
| static unsigned char | hmacmd5_offsets [] = { 0, 9, 17, 21, 25 } |
| static dns_name_t | hmacmd5 |
| dns_name_t * | dns_tsig_hmacmd5_name = &hmacmd5 |
| static unsigned char | gsstsig_ndata [] = "\010gss-tsig" |
| static unsigned char | gsstsig_offsets [] = { 0, 9 } |
| static dns_name_t | gsstsig |
| LIBDNS_EXTERNAL_DATA dns_name_t * | dns_tsig_gssapi_name = &gsstsig |
| static unsigned char | gsstsigms_ndata [] = "\003gss\011microsoft\003com" |
| static unsigned char | gsstsigms_offsets [] = { 0, 4, 14, 18 } |
| static dns_name_t | gsstsigms |
| LIBDNS_EXTERNAL_DATA dns_name_t * | dns_tsig_gssapims_name = &gsstsigms |
| static unsigned char | hmacsha1_ndata [] = "\011hmac-sha1" |
| static unsigned char | hmacsha1_offsets [] = { 0, 10 } |
| static dns_name_t | hmacsha1 |
| LIBDNS_EXTERNAL_DATA dns_name_t * | dns_tsig_hmacsha1_name = &hmacsha1 |
| static unsigned char | hmacsha224_ndata [] = "\013hmac-sha224" |
| static unsigned char | hmacsha224_offsets [] = { 0, 12 } |
| static dns_name_t | hmacsha224 |
| LIBDNS_EXTERNAL_DATA dns_name_t * | dns_tsig_hmacsha224_name = &hmacsha224 |
| static unsigned char | hmacsha256_ndata [] = "\013hmac-sha256" |
| static unsigned char | hmacsha256_offsets [] = { 0, 12 } |
| static dns_name_t | hmacsha256 |
| LIBDNS_EXTERNAL_DATA dns_name_t * | dns_tsig_hmacsha256_name = &hmacsha256 |
| static unsigned char | hmacsha384_ndata [] = "\013hmac-sha384" |
| static unsigned char | hmacsha384_offsets [] = { 0, 12 } |
| static dns_name_t | hmacsha384 |
| LIBDNS_EXTERNAL_DATA dns_name_t * | dns_tsig_hmacsha384_name = &hmacsha384 |
| static unsigned char | hmacsha512_ndata [] = "\013hmac-sha512" |
| static unsigned char | hmacsha512_offsets [] = { 0, 12 } |
| static dns_name_t | hmacsha512 |
| LIBDNS_EXTERNAL_DATA dns_name_t * | dns_tsig_hmacsha512_name = &hmacsha512 |
Definition in file tsig.c.
| #define TSIG_MAGIC ISC_MAGIC('T', 'S', 'I', 'G') |
| #define VALID_TSIG_KEY | ( | x | ) | ISC_MAGIC_VALID(x, TSIG_MAGIC) |
Definition at line 49 of file tsig.c.
Referenced by dns_tsig_sign(), dns_tsig_verify(), dns_tsigkey_attach(), dns_tsigkey_detach(), dns_tsigkey_setdeleted(), and tsigkey_free().
| #define DNS_TSIG_MAXGENERATEDKEYS 4096 |
| #define algname_is_allocated | ( | algname | ) |
Value:
((algname) != dns_tsig_hmacmd5_name && \ (algname) != dns_tsig_hmacsha1_name && \ (algname) != dns_tsig_hmacsha224_name && \ (algname) != dns_tsig_hmacsha256_name && \ (algname) != dns_tsig_hmacsha384_name && \ (algname) != dns_tsig_hmacsha512_name && \ (algname) != dns_tsig_gssapi_name && \ (algname) != dns_tsig_gssapims_name)
Definition at line 56 of file tsig.c.
Referenced by dns_tsigkey_createfromkey(), and tsigkey_free().
| #define BADTIMELEN 6 |
| static isc_result_t tsig_verify_tcp | ( | isc_buffer_t * | source, | |
| dns_message_t * | msg | |||
| ) | [static] |
Definition at line 1492 of file tsig.c.
References isc_region::base, databuf, DNS_LOGCATEGORY_DNSSEC, dns_message_gettsigkey(), DNS_MESSAGE_HEADERLEN, dns_name_equal(), DNS_R_CLOCKSKEW, DNS_R_EXPECTEDRESPONSE, DNS_R_TSIGERRORSET, DNS_R_TSIGVERIFYFAILURE, dns_rcode_noerror, dns_rdata_freestruct(), DNS_RDATA_INIT, dns_rdata_reset(), dns_rdata_tostruct(), dns_rdataset_current(), dns_rdataset_first(), dns_tsigerror_badkey, dns_tsigerror_badsig, dns_tsigerror_badtime, dst_context_adddata(), dst_context_create3(), dst_context_destroy(), dst_context_verify(), DST_R_VERIFYFAILURE, header, is_response, isc_buffer_init, isc_buffer_putuint16, isc_buffer_putuint48, isc_buffer_usedregion, ISC_FALSE, ISC_R_SUCCESS, isc_region_consume, isc_stdtime_get(), ISC_TRUE, dns_tsigkey::key, key, isc_region::length, dns_message::mctx, mctx, dns_tsigkey::name, now, dns_message::querytsig, r, REQUIRE, dns_message::sigstart, dns_message::tcp_continuation, dns_message::timeadjust, dns_message::tsig, tsig_log(), dns_message::tsigctx, dns_message::tsigkey, tsigkey, dns_message::tsigname, and dns_message::tsigstatus.
Referenced by dns_tsig_verify().
| static void tsig_log | ( | dns_tsigkey_t * | key, | |
| int | level, | |||
| const char * | fmt, | |||
| ... | ||||
| ) | [static] |
Definition at line 193 of file tsig.c.
References dns_lctx, DNS_LOGCATEGORY_DNSSEC, DNS_LOGMODULE_TSIG, dns_name_format(), DNS_NAME_FORMATSIZE, ISC_FALSE, isc_log_wouldlog(), and isc_log_write().
Referenced by cleanup_ring(), dns_tsig_verify(), and tsig_verify_tcp().
| static void cleanup_ring | ( | dns_tsig_keyring_t * | ring | ) | [static] |
Definition at line 481 of file tsig.c.
References dns_rbtnode::data, dns_fixedname_init, dns_fixedname_name, dns_name_init(), DNS_R_NEWORIGIN, dns_rbtnodechain_current(), dns_rbtnodechain_first(), dns_rbtnodechain_init(), dns_rbtnodechain_invalidate(), dns_rbtnodechain_next(), dns_tsigkey::expire, dns_tsigkey::generated, dns_tsigkey::inception, ISC_R_SUCCESS, isc_refcount_current, isc_stdtime_get(), dns_tsig_keyring::keys, dns_tsig_keyring::mctx, now, origin, dns_tsigkey::refs, remove_fromring(), and tsig_log().
Referenced by dns_tsigkey_find(), and keyring_add().
| static void tsigkey_free | ( | dns_tsigkey_t * | key | ) | [static] |
Definition at line 833 of file tsig.c.
References algname_is_allocated, dns_tsigkey::algorithm, dns_tsigkey::creator, dns_name_free(), dst_key_free(), isc_mem_put, isc_mem_putanddetach, isc_refcount_destroy, dns_tsigkey::key, dns_tsigkey::magic, dns_tsigkey::mctx, dns_tsigkey::name, dns_tsigkey::refs, REQUIRE, and VALID_TSIG_KEY.
Referenced by dns_tsigkey_detach().
| static void remove_fromring | ( | dns_tsigkey_t * | tkey | ) | [static] |
Definition at line 226 of file tsig.c.
References dns_rbt_deletename(), dns_tsig_keyring::generated, dns_tsigkey::generated, ISC_FALSE, ISC_LIST_UNLINK, dns_tsig_keyring::keys, dns_tsigkey::name, and dns_tsigkey::ring.
Referenced by cleanup_ring(), dns_tsigkey_find(), dns_tsigkey_setdeleted(), and keyring_add().
| static void adjust_lru | ( | dns_tsigkey_t * | tkey | ) | [static] |
Definition at line 235 of file tsig.c.
References dns_tsigkey::generated, ISC_LINK_LINKED, ISC_LIST_APPEND, ISC_LIST_UNLINK, isc_rwlocktype_write, dns_tsig_keyring::lock, dns_tsigkey::ring, RWLOCK, and RWUNLOCK.
Referenced by dns_tsigkey_find().
| static isc_result_t keyring_add | ( | dns_tsig_keyring_t * | ring, | |
| dns_name_t * | name, | |||
| dns_tsigkey_t * | tkey | |||
| ) | [static] |
Definition at line 260 of file tsig.c.
References cleanup_ring(), dns_rbt_addname(), dns_tsig_keyring::generated, dns_tsigkey::generated, ISC_LIST_APPEND, ISC_LIST_HEAD, ISC_R_SUCCESS, isc_rwlocktype_write, dns_tsig_keyring::keys, dns_tsig_keyring::lock, dns_tsig_keyring::maxgenerated, remove_fromring(), RWLOCK, RWUNLOCK, and dns_tsig_keyring::writecount.
Referenced by dns_tsigkey_createfromkey(), and dns_tsigkeyring_add().
| isc_result_t dns_tsigkey_createfromkey | ( | dns_name_t * | name, | |
| dns_name_t * | algorithm, | |||
| dst_key_t * | dstkey, | |||
| isc_boolean_t | generated, | |||
| dns_name_t * | creator, | |||
| isc_stdtime_t | inception, | |||
| isc_stdtime_t | expire, | |||
| isc_mem_t * | mctx, | |||
| dns_tsig_keyring_t * | ring, | |||
| dns_tsigkey_t ** | key | |||
| ) |
Creates a tsig key structure and saves it in the keyring. If key is not NULL, *key will contain a copy of the key. The keys validity period is specified by (inception, expire), and will not expire if inception == expire. If the key was generated, the creating identity, if there is one, should be in the creator parameter. Specifying an unimplemented algorithm will cause failure only if dstkey != NULL; this allows a transient key with an invalid algorithm to exist long enough to generate a BADKEY response.
If dns_tsigkey_createfromkey is successful a new reference to 'dstkey' will have been made.
Requires:
Definition at line 293 of file tsig.c.
References algname_is_allocated, dns_tsigkey::algorithm, dns_tsigkey::creator, dns_lctx, DNS_LOGCATEGORY_DNSSEC, DNS_LOGMODULE_TSIG, dns_name_downcase(), dns_name_dup(), dns_name_dynamic(), dns_name_equal(), dns_name_format(), DNS_NAME_FORMATSIZE, dns_name_free(), dns_name_init(), DNS_R_BADALG, DNS_TSIG_GSSAPI_NAME, DNS_TSIG_GSSAPIMS_NAME, DNS_TSIG_HMACMD5_NAME, DNS_TSIG_HMACSHA1_NAME, DNS_TSIG_HMACSHA224_NAME, DNS_TSIG_HMACSHA256_NAME, DNS_TSIG_HMACSHA384_NAME, DNS_TSIG_HMACSHA512_NAME, DST_ALG_GSSAPI, DST_ALG_HMACMD5, DST_ALG_HMACSHA1, DST_ALG_HMACSHA224, DST_ALG_HMACSHA256, DST_ALG_HMACSHA384, DST_ALG_HMACSHA512, dst_key_alg(), dst_key_attach(), dst_key_free(), dst_key_size(), dns_tsigkey::expire, dns_tsigkey::generated, dns_tsigkey::inception, ISC_LINK_INIT, ISC_LOG_INFO, isc_log_write(), isc_mem_attach(), isc_mem_get, isc_mem_put, ISC_R_NOMEMORY, ISC_R_SUCCESS, isc_refcount_decrement, isc_refcount_destroy, isc_refcount_init(), dns_tsigkey::key, keyring_add(), dns_tsigkey::magic, dns_tsigkey::mctx, dns_tsigkey::name, dns_tsigkey::refs, REQUIRE, dns_tsigkey::ring, and TSIG_MAGIC.
Referenced by dns_tkey_gssnegotiate(), dns_tkey_processgssresponse(), dns_tsec_create(), dns_tsigkey_create(), generate_session_key(), process_gsstkey(), restore_key(), setup_file_key(), and setup_keyfile().
| static void destroyring | ( | dns_tsig_keyring_t * | ring | ) | [static] |
Definition at line 535 of file tsig.c.
References dns_rbt_destroy(), isc_mem_putanddetach, isc_rwlock_destroy(), dns_tsig_keyring::keys, dns_tsig_keyring::lock, and dns_tsig_keyring::mctx.
Referenced by dns_tsigkeyring_detach(), and dns_tsigkeyring_dumpanddetach().
| static unsigned int dst_alg_fromname | ( | dns_name_t * | algorithm | ) | [static] |
Definition at line 542 of file tsig.c.
References dns_name_equal(), DNS_TSIG_GSSAPI_NAME, DNS_TSIG_GSSAPIMS_NAME, DNS_TSIG_HMACMD5_NAME, DNS_TSIG_HMACSHA1_NAME, DNS_TSIG_HMACSHA224_NAME, DNS_TSIG_HMACSHA256_NAME, DNS_TSIG_HMACSHA384_NAME, DNS_TSIG_HMACSHA512_NAME, DST_ALG_GSSAPI, DST_ALG_HMACMD5, DST_ALG_HMACSHA1, DST_ALG_HMACSHA224, DST_ALG_HMACSHA256, DST_ALG_HMACSHA384, and DST_ALG_HMACSHA512.
Referenced by restore_key().
| static isc_result_t restore_key | ( | dns_tsig_keyring_t * | ring, | |
| isc_stdtime_t | now, | |||
| FILE * | fp | |||
| ) | [static] |
Definition at line 564 of file tsig.c.
References algorithm, dns_fixedname_init, dns_fixedname_name, DNS_KEYOWNER_ENTITY, DNS_KEYPROTO_DNSSEC, dns_name_fromtext(), DNS_R_BADALG, DNS_R_EXPIRED, dns_rootname, dns_tsigkey_createfromkey(), dst_alg_fromname(), dst_key_free(), dst_key_restore(), isc_buffer_add, isc_buffer_init, ISC_R_FAILURE, ISC_R_NOMORE, ISC_R_SUCCESS, isc_serial_lt(), ISC_TRUE, keystr, dns_tsig_keyring::mctx, and name.
Referenced by dns_keyring_restore().
| static void dump_key | ( | dns_tsigkey_t * | tkey, | |
| FILE * | fp | |||
| ) | [static] |
Definition at line 631 of file tsig.c.
References dns_tsigkey::algorithm, buffer, dns_tsigkey::creator, dns_name_format(), DNS_NAME_FORMATSIZE, dst_key_dump(), dns_tsigkey::expire, dns_tsigkey::inception, isc_mem_put, ISC_R_SUCCESS, dns_tsigkey::key, dns_tsigkey::mctx, dns_tsigkey::name, and REQUIRE.
Referenced by dns_tsigkeyring_dumpanddetach().
| isc_result_t dns_tsigkeyring_dumpanddetach | ( | dns_tsig_keyring_t ** | ringp, | |
| FILE * | fp | |||
| ) |
Destroy a TSIG key ring.
Requires:
Definition at line 655 of file tsig.c.
References dns_rbtnode::data, destroy(), destroyring(), dns_fixedname_init, dns_fixedname_name, dns_name_init(), DNS_R_CONTINUE, DNS_R_NEWORIGIN, dns_rbtnodechain_current(), dns_rbtnodechain_first(), dns_rbtnodechain_init(), dns_rbtnodechain_invalidate(), dns_rbtnodechain_next(), dump_key(), dns_tsigkey::expire, dns_tsigkey::generated, INSIST, ISC_R_NOMORE, ISC_R_SUCCESS, isc_rwlocktype_write, isc_stdtime_get(), dns_tsig_keyring::keys, dns_tsig_keyring::lock, dns_tsig_keyring::mctx, now, origin, dns_tsig_keyring::references, references, REQUIRE, RWLOCK, and RWUNLOCK.
Referenced by destroy().
| isc_result_t dns_tsigkey_create | ( | dns_name_t * | name, | |
| dns_name_t * | algorithm, | |||
| unsigned char * | secret, | |||
| int | length, | |||
| isc_boolean_t | generated, | |||
| dns_name_t * | creator, | |||
| isc_stdtime_t | inception, | |||
| isc_stdtime_t | expire, | |||
| isc_mem_t * | mctx, | |||
| dns_tsig_keyring_t * | ring, | |||
| dns_tsigkey_t ** | key | |||
| ) |
Definition at line 715 of file tsig.c.
References DNS_KEYOWNER_ENTITY, DNS_KEYPROTO_DNSSEC, dns_name_equal(), DNS_R_BADALG, DNS_TSIG_HMACMD5_NAME, DNS_TSIG_HMACSHA1_NAME, DNS_TSIG_HMACSHA224_NAME, DNS_TSIG_HMACSHA256_NAME, DNS_TSIG_HMACSHA384_NAME, DNS_TSIG_HMACSHA512_NAME, dns_tsigkey_createfromkey(), DST_ALG_HMACMD5, DST_ALG_HMACSHA1, DST_ALG_HMACSHA224, DST_ALG_HMACSHA256, DST_ALG_HMACSHA384, DST_ALG_HMACSHA512, dst_key_free(), dst_key_frombuffer(), isc_buffer_add, isc_buffer_init, ISC_R_SUCCESS, and REQUIRE.
Referenced by add_initial_keys(), dns_tkey_processdhresponse(), dns_tsig_verify(), evaluate_key(), process_dhtkey(), setup_keystr(), and setup_text_key().
| void dns_tsigkey_attach | ( | dns_tsigkey_t * | source, | |
| dns_tsigkey_t ** | targetp | |||
| ) |
Attach '*targetp' to 'source'.
Requires:
Definition at line 824 of file tsig.c.
References isc_refcount_increment, dns_tsigkey::refs, REQUIRE, and VALID_TSIG_KEY.
Referenced by dns_message_settsigkey(), dns_request_createvia4(), dns_tsec_getkey(), resquery_send(), and xfrin_create().
| void dns_tsigkey_detach | ( | dns_tsigkey_t ** | keyp | ) |
Detaches from the tsig key structure pointed to by '*key'.
Requires:
Definition at line 853 of file tsig.c.
References isc_refcount_decrement, key, dns_tsigkey::refs, REQUIRE, tsigkey_free(), and VALID_TSIG_KEY.
Referenced by add_initial_keys(), cleanup(), cleanup_session_key(), destroy_libs(), dns_client_startupdate(), dns_message_resetsig(), dns_message_settsigkey(), dns_tkey_processdeleteresponse(), dns_tkey_processquery(), dns_tsec_destroy(), doshutdown(), evaluate_key(), fctx_cancelquery(), free_tsignode(), generate_session_key(), maybe_free(), msgreset(), notify_destroy(), notify_isself(), notify_send_toaddr(), ns_client_isself(), ns_query(), process_deletetkey(), process_gsstkey(), req_destroy(), request_done(), reset_system(), resquery_send(), shutdown_server(), soa_query(), update_sendevent(), xfrin_create(), zone_notify(), and zone_xfrdone().
| void dns_tsigkey_setdeleted | ( | dns_tsigkey_t * | key | ) |
Prevents this key from being used again. It will be deleted when no references exist.
Requires:
Definition at line 870 of file tsig.c.
References isc_rwlocktype_write, dns_tsig_keyring::lock, remove_fromring(), REQUIRE, dns_tsigkey::ring, RWLOCK, RWUNLOCK, and VALID_TSIG_KEY.
Referenced by dns_tkey_processdeleteresponse(), and process_deletetkey().
| isc_result_t dns_tsig_sign | ( | dns_message_t * | msg | ) |
Generates a TSIG record for this message.
Requires:
Definition at line 880 of file tsig.c.
References dns_tsigkey::algorithm, dns_name::attributes, BADTIMELEN, isc_region::base, dns_message::buffer, databuf, digestbits, DNS_LOGCATEGORY_DNSSEC, dns_message_gettempname(), dns_message_gettemprdata(), dns_message_gettemprdatalist(), dns_message_gettemprdataset(), dns_message_gettsigkey(), DNS_MESSAGE_HEADERLEN, dns_message_puttempname(), dns_message_puttemprdata(), dns_message_puttemprdatalist(), dns_message_renderheader(), dns_message_takebuffer(), dns_name_clone(), dns_name_dup(), dns_name_init(), dns_name_toregion(), DNS_NAMEATTR_NOCOMPRESS, DNS_R_EXPECTEDTSIG, dns_rcode_noerror, dns_rdata_fromstruct(), DNS_RDATA_INIT, dns_rdata_tostruct(), dns_rdatalist_tordataset(), dns_rdataset_current(), dns_rdataset_first(), dns_rdataset_init(), DNS_TSIG_FUDGE, dns_tsigerror_badsig, dns_tsigerror_badtime, dst_context_adddata(), dst_context_create3(), dst_context_destroy(), dst_context_sign(), dst_key_getbits(), dst_key_sigsize(), header, dns_message::id, INSIST, is_response, isc_buffer_allocate(), isc_buffer_availablelength, isc_buffer_clear, isc_buffer_free(), isc_buffer_init, isc_buffer_putmem, isc_buffer_putuint16, isc_buffer_putuint32, isc_buffer_putuint48, isc_buffer_usedlength, isc_buffer_usedregion, ISC_LINK_INIT, ISC_LIST_APPEND, isc_mem_get, isc_mem_put, ISC_R_NOMEMORY, ISC_R_NOSPACE, ISC_R_SUCCESS, isc_region_consume, isc_stdtime_get(), ISC_TRUE, dns_tsigkey::key, key, isc_region::length, dns_message::mctx, mctx, dns_tsigkey::name, now, dns_message::querytsig, dns_message::querytsigstatus, r, dns_rdatalist::rdclass, REQUIRE, RUNTIME_CHECK, dns_message::tcp_continuation, dns_message::timeadjust, dns_message::tsig, dns_message::tsigname, dns_rdatalist::type, and VALID_TSIG_KEY.
Referenced by dns_message_renderend().
| isc_result_t dns_tsig_verify | ( | isc_buffer_t * | source, | |
| dns_message_t * | msg, | |||
| dns_tsig_keyring_t * | ring1, | |||
| dns_tsig_keyring_t * | ring2 | |||
| ) |
Verifies the TSIG record in this message.
Requires:
Definition at line 1168 of file tsig.c.
References dns_tsigkey::algorithm, isc_region::base, databuf, digestbits, DNS_LOGCATEGORY_DNSSEC, dns_message_gettsigkey(), DNS_MESSAGE_HEADERLEN, DNS_MESSAGE_VALID, dns_name_equal(), dns_name_toregion(), DNS_R_CLOCKSKEW, DNS_R_EXPECTEDTSIG, DNS_R_FORMERR, DNS_R_TSIGERRORSET, DNS_R_TSIGVERIFYFAILURE, DNS_R_UNEXPECTEDTSIG, dns_rcode_noerror, DNS_RDATA_INIT, dns_rdata_reset(), dns_rdata_tostruct(), dns_rdataset_current(), dns_rdataset_first(), dns_tsigerror_badkey, dns_tsigerror_badsig, dns_tsigerror_badtime, dns_tsigerror_badtrunc, dns_tsigkey_create(), dns_tsigkey_find(), DST_ALG_HMACMD5, DST_ALG_HMACSHA1, DST_ALG_HMACSHA224, DST_ALG_HMACSHA256, DST_ALG_HMACSHA384, DST_ALG_HMACSHA512, dst_context_adddata(), dst_context_create3(), dst_context_destroy(), dst_context_verify(), dst_key_alg(), dst_key_getbits(), dst_key_sigsize(), DST_R_VERIFYFAILURE, header, is_response, isc_buffer_clear, isc_buffer_init, isc_buffer_putuint16, isc_buffer_putuint32, isc_buffer_putuint48, isc_buffer_usedregion, ISC_FALSE, ISC_R_NOTFOUND, ISC_R_SUCCESS, isc_region_consume, isc_stdtime_get(), dns_tsigkey::key, key, isc_region::length, dns_message::mctx, mctx, dns_tsigkey::name, now, dns_message::querytsig, r, REQUIRE, dns_message::sigstart, dns_message::tcp_continuation, dns_message::timeadjust, dns_message::tsig, tsig_log(), tsig_verify_tcp(), dns_message::tsigkey, tsigkey, dns_message::tsigname, dns_message::tsigstatus, dns_rdataset::ttl, VALID_TSIG_KEY, dns_message::verified_sig, and dns_message::verify_attempted.
Referenced by client_request(), dns_message_checksig(), dns_request_getresponse(), dns_view_checksig(), and recv_done().
| isc_result_t dns_tsigkey_find | ( | dns_tsigkey_t ** | tsigkey, | |
| dns_name_t * | name, | |||
| dns_name_t * | algorithm, | |||
| dns_tsig_keyring_t * | ring | |||
| ) |
Returns the TSIG key corresponding to this name and (possibly) algorithm. Also increments the key's reference counter.
Requires:
Definition at line 1717 of file tsig.c.
References adjust_lru(), cleanup_ring(), dns_name_equal(), DNS_R_PARTIALMATCH, dns_rbt_findname(), ISC_R_NOTFOUND, ISC_R_SUCCESS, isc_refcount_increment, isc_rwlocktype_read, isc_rwlocktype_write, isc_serial_lt(), isc_stdtime_get(), key, dns_tsig_keyring::keys, dns_tsig_keyring::lock, now, remove_fromring(), REQUIRE, RWLOCK, and RWUNLOCK.
Referenced by dns_tkey_processdeleteresponse(), dns_tkey_processquery(), dns_tsig_verify(), dns_view_gettsig(), process_deletetkey(), and process_gsstkey().
| static void free_tsignode | ( | void * | node, | |
| void * | _unused | |||
| ) | [static] |
Definition at line 1774 of file tsig.c.
References dns_tsigkey_detach(), dns_tsigkey::generated, ISC_LINK_LINKED, ISC_LIST_UNLINK, key, REQUIRE, dns_tsigkey::ring, and UNUSED.
Referenced by dns_tsigkeyring_create().
| isc_result_t dns_tsigkeyring_create | ( | isc_mem_t * | mctx, | |
| dns_tsig_keyring_t ** | ringp | |||
| ) |
Create an empty TSIG key ring.
Requires:
Definition at line 1790 of file tsig.c.
References dns_rbt_create(), DNS_TSIG_MAXGENERATEDKEYS, free_tsignode(), dns_tsig_keyring::generated, ISC_LIST_INIT, isc_mem_attach(), isc_mem_get, isc_mem_put, ISC_R_NOMEMORY, ISC_R_SUCCESS, isc_rwlock_destroy(), isc_rwlock_init(), dns_tsig_keyring::keys, dns_tsig_keyring::lock, dns_tsig_keyring::maxgenerated, dns_tsig_keyring::mctx, dns_tsig_keyring::references, REQUIRE, and dns_tsig_keyring::writecount.
Referenced by dns_view_create(), and ns_tsigkeyring_fromconfig().
| isc_result_t dns_tsigkeyring_add | ( | dns_tsig_keyring_t * | ring, | |
| dns_name_t * | name, | |||
| dns_tsigkey_t * | tkey | |||
| ) |
Place a TSIG key onto a key ring.
Requires:
Definition at line 1829 of file tsig.c.
References ISC_R_SUCCESS, isc_refcount_increment, keyring_add(), and dns_tsigkey::refs.
Referenced by configure_view().
| void dns_tsigkeyring_attach | ( | dns_tsig_keyring_t * | source, | |
| dns_tsig_keyring_t ** | target | |||
| ) |
Definition at line 1842 of file tsig.c.
References INSIST, isc_rwlocktype_write, dns_tsig_keyring::lock, dns_tsig_keyring::references, REQUIRE, RWLOCK, and RWUNLOCK.
Referenced by dns_view_getdynamickeyring(), dns_view_setdynamickeyring(), and dns_view_setkeyring().
| void dns_tsigkeyring_detach | ( | dns_tsig_keyring_t ** | ringp | ) |
Definition at line 1856 of file tsig.c.
References destroyring(), INSIST, isc_rwlocktype_write, dns_tsig_keyring::lock, dns_tsig_keyring::references, references, REQUIRE, RWLOCK, and RWUNLOCK.
Referenced by cleanup(), configure_view(), destroy(), dns_view_create(), dns_view_setdynamickeyring(), dns_view_setkeyring(), ns_tsigkeyring_fromconfig(), and reset_system().
| void dns_keyring_restore | ( | dns_tsig_keyring_t * | ring, | |
| FILE * | fp | |||
| ) |
Definition at line 1877 of file tsig.c.
References DNS_R_BADALG, DNS_R_EXPIRED, ISC_R_NOMORE, ISC_R_SUCCESS, isc_stdtime_get(), now, and restore_key().
Referenced by dns_view_restorekeyring().
unsigned char hmacmd5_ndata[] = "\010hmac-md5\007sig-alg\003reg\003int" [static] |
unsigned char hmacmd5_offsets[] = { 0, 9, 17, 21, 25 } [static] |
dns_name_t hmacmd5 [static] |
Initial value:
{
DNS_NAME_MAGIC,
hmacmd5_ndata, 26, 5,
DNS_NAMEATTR_READONLY | DNS_NAMEATTR_ABSOLUTE,
hmacmd5_offsets, NULL,
{(void *)-1, (void *)-1},
{NULL, NULL}
}
Definition at line 71 of file tsig.c.
Referenced by ATF_TC_BODY(), and ns_config_getkeyalgorithm2().
Definition at line 80 of file tsig.c.
Referenced by dns_tsec_create(), and ns_config_getkeyalgorithm2().
unsigned char gsstsig_ndata[] = "\010gss-tsig" [static] |
unsigned char gsstsig_offsets[] = { 0, 9 } [static] |
dns_name_t gsstsig [static] |
Initial value:
{
DNS_NAME_MAGIC,
gsstsig_ndata, 10, 2,
DNS_NAMEATTR_READONLY | DNS_NAMEATTR_ABSOLUTE,
gsstsig_offsets, NULL,
{(void *)-1, (void *)-1},
{NULL, NULL}
}
| LIBDNS_EXTERNAL_DATA dns_name_t* dns_tsig_gssapi_name = &gsstsig |
unsigned char gsstsigms_ndata[] = "\003gss\011microsoft\003com" [static] |
unsigned char gsstsigms_offsets[] = { 0, 4, 14, 18 } [static] |
dns_name_t gsstsigms [static] |
Initial value:
{
DNS_NAME_MAGIC,
gsstsigms_ndata, 19, 4,
DNS_NAMEATTR_READONLY | DNS_NAMEATTR_ABSOLUTE,
gsstsigms_offsets, NULL,
{(void *)-1, (void *)-1},
{NULL, NULL}
}
| LIBDNS_EXTERNAL_DATA dns_name_t* dns_tsig_gssapims_name = &gsstsigms |
unsigned char hmacsha1_ndata[] = "\011hmac-sha1" [static] |
unsigned char hmacsha1_offsets[] = { 0, 10 } [static] |
dns_name_t hmacsha1 [static] |
Initial value:
{
DNS_NAME_MAGIC,
hmacsha1_ndata, 11, 2,
DNS_NAMEATTR_READONLY | DNS_NAMEATTR_ABSOLUTE,
hmacsha1_offsets, NULL,
{(void *)-1, (void *)-1},
{NULL, NULL}
}
Definition at line 113 of file tsig.c.
Referenced by ATF_TC_BODY(), and ns_config_getkeyalgorithm2().
| LIBDNS_EXTERNAL_DATA dns_name_t* dns_tsig_hmacsha1_name = &hmacsha1 |
Definition at line 122 of file tsig.c.
Referenced by dns_tsec_create(), and ns_config_getkeyalgorithm2().
unsigned char hmacsha224_ndata[] = "\013hmac-sha224" [static] |
unsigned char hmacsha224_offsets[] = { 0, 12 } [static] |
dns_name_t hmacsha224 [static] |
Initial value:
{
DNS_NAME_MAGIC,
hmacsha224_ndata, 13, 2,
DNS_NAMEATTR_READONLY | DNS_NAMEATTR_ABSOLUTE,
hmacsha224_offsets, NULL,
{(void *)-1, (void *)-1},
{NULL, NULL}
}
Definition at line 127 of file tsig.c.
Referenced by ATF_TC_BODY(), and ns_config_getkeyalgorithm2().
| LIBDNS_EXTERNAL_DATA dns_name_t* dns_tsig_hmacsha224_name = &hmacsha224 |
Definition at line 136 of file tsig.c.
Referenced by dns_tsec_create(), and ns_config_getkeyalgorithm2().
unsigned char hmacsha256_ndata[] = "\013hmac-sha256" [static] |
unsigned char hmacsha256_offsets[] = { 0, 12 } [static] |
dns_name_t hmacsha256 [static] |
Initial value:
{
DNS_NAME_MAGIC,
hmacsha256_ndata, 13, 2,
DNS_NAMEATTR_READONLY | DNS_NAMEATTR_ABSOLUTE,
hmacsha256_offsets, NULL,
{(void *)-1, (void *)-1},
{NULL, NULL}
}
Definition at line 141 of file tsig.c.
Referenced by ATF_TC_BODY(), and ns_config_getkeyalgorithm2().
| LIBDNS_EXTERNAL_DATA dns_name_t* dns_tsig_hmacsha256_name = &hmacsha256 |
Definition at line 150 of file tsig.c.
Referenced by dns_tsec_create(), and ns_config_getkeyalgorithm2().
unsigned char hmacsha384_ndata[] = "\013hmac-sha384" [static] |
unsigned char hmacsha384_offsets[] = { 0, 12 } [static] |
dns_name_t hmacsha384 [static] |
Initial value:
{
DNS_NAME_MAGIC,
hmacsha384_ndata, 13, 2,
DNS_NAMEATTR_READONLY | DNS_NAMEATTR_ABSOLUTE,
hmacsha384_offsets, NULL,
{(void *)-1, (void *)-1},
{NULL, NULL}
}
Definition at line 155 of file tsig.c.
Referenced by ATF_TC_BODY(), and ns_config_getkeyalgorithm2().
| LIBDNS_EXTERNAL_DATA dns_name_t* dns_tsig_hmacsha384_name = &hmacsha384 |
Definition at line 164 of file tsig.c.
Referenced by dns_tsec_create(), and ns_config_getkeyalgorithm2().
unsigned char hmacsha512_ndata[] = "\013hmac-sha512" [static] |
unsigned char hmacsha512_offsets[] = { 0, 12 } [static] |
dns_name_t hmacsha512 [static] |
Initial value:
{
DNS_NAME_MAGIC,
hmacsha512_ndata, 13, 2,
DNS_NAMEATTR_READONLY | DNS_NAMEATTR_ABSOLUTE,
hmacsha512_offsets, NULL,
{(void *)-1, (void *)-1},
{NULL, NULL}
}
Definition at line 169 of file tsig.c.
Referenced by ATF_TC_BODY(), and ns_config_getkeyalgorithm2().
| LIBDNS_EXTERNAL_DATA dns_name_t* dns_tsig_hmacsha512_name = &hmacsha512 |
Definition at line 178 of file tsig.c.
Referenced by dns_tsec_create(), and ns_config_getkeyalgorithm2().