tkey.h File Reference

#include <isc/lang.h>
#include <dns/types.h>
#include <dst/dst.h>
#include <dst/gssapi.h>

Go to the source code of this file.

Data Structures

struct  dns_tkeyctx

Defines

#define DNS_TKEY_H   1
#define DNS_TKEYMODE_SERVERASSIGNED   1
#define DNS_TKEYMODE_DIFFIEHELLMAN   2
#define DNS_TKEYMODE_GSSAPI   3
#define DNS_TKEYMODE_RESOLVERASSIGNED   4
#define DNS_TKEYMODE_DELETE   5

Functions

isc_result_t dns_tkeyctx_create (isc_mem_t *mctx, isc_entropy_t *ectx, dns_tkeyctx_t **tctxp)
 Create an empty TKEY context.
void dns_tkeyctx_destroy (dns_tkeyctx_t **tctxp)
 Frees all data associated with the TKEY context.
isc_result_t dns_tkey_processquery (dns_message_t *msg, dns_tkeyctx_t *tctx, dns_tsig_keyring_t *ring)
 Processes a query containing a TKEY record, adding or deleting TSIG keys if necessary, and modifies the message to contain the response.
isc_result_t dns_tkey_builddhquery (dns_message_t *msg, dst_key_t *key, dns_name_t *name, dns_name_t *algorithm, isc_buffer_t *nonce, isc_uint32_t lifetime)
 Builds a query containing a TKEY that will generate a shared secret using a Diffie-Hellman key exchange. The shared key will be of the specified algorithm (only DNS_TSIG_HMACMD5_NAME is supported), and will be named either 'name', 'name' + server chosen domain, or random data + server chosen domain if 'name' == dns_rootname. If nonce is not NULL, it supplies random data used in the shared secret computation. The key is requested to have the specified lifetime (in seconds).
isc_result_t dns_tkey_buildgssquery (dns_message_t *msg, dns_name_t *name, dns_name_t *gname, isc_buffer_t *intoken, isc_uint32_t lifetime, gss_ctx_id_t *context, isc_boolean_t win2k, isc_mem_t *mctx, char **err_message)
 Builds a query containing a TKEY that will generate a GSSAPI context. The key is requested to have the specified lifetime (in seconds).
isc_result_t dns_tkey_builddeletequery (dns_message_t *msg, dns_tsigkey_t *key)
 Builds a query containing a TKEY record that will delete the specified shared secret from the server.
isc_result_t dns_tkey_processdhresponse (dns_message_t *qmsg, dns_message_t *rmsg, dst_key_t *key, isc_buffer_t *nonce, dns_tsigkey_t **outkey, dns_tsig_keyring_t *ring)
 Processes a response to a query containing a TKEY that was designed to generate a shared secret using a Diffie-Hellman key exchange. If the query was successful, a new shared key is created and added to the list of shared keys.
isc_result_t dns_tkey_processgssresponse (dns_message_t *qmsg, dns_message_t *rmsg, dns_name_t *gname, gss_ctx_id_t *context, isc_buffer_t *outtoken, dns_tsigkey_t **outkey, dns_tsig_keyring_t *ring, char **err_message)
 XXX.
isc_result_t dns_tkey_processdeleteresponse (dns_message_t *qmsg, dns_message_t *rmsg, dns_tsig_keyring_t *ring)
 Processes a response to a query containing a TKEY that was designed to delete a shared secret. If the query was successful, the shared key is deleted from the list of shared keys.
isc_result_t dns_tkey_gssnegotiate (dns_message_t *qmsg, dns_message_t *rmsg, dns_name_t *server, gss_ctx_id_t *context, dns_tsigkey_t **outkey, dns_tsig_keyring_t *ring, isc_boolean_t win2k, char **err_message)


Detailed Description

Definition in file tkey.h.


Define Documentation

#define DNS_TKEY_H   1

Definition at line 21 of file tkey.h.

#define DNS_TKEYMODE_SERVERASSIGNED   1

Definition at line 35 of file tkey.h.

Referenced by dns_tkey_processquery().

#define DNS_TKEYMODE_DIFFIEHELLMAN   2

Definition at line 36 of file tkey.h.

Referenced by dns_tkey_builddhquery(), dns_tkey_processdhresponse(), and dns_tkey_processquery().

#define DNS_TKEYMODE_GSSAPI   3

Definition at line 37 of file tkey.h.

Referenced by dns_tkey_buildgssquery(), dns_tkey_gssnegotiate(), dns_tkey_processgssresponse(), and dns_tkey_processquery().

#define DNS_TKEYMODE_RESOLVERASSIGNED   4

Definition at line 38 of file tkey.h.

Referenced by dns_tkey_processquery().

#define DNS_TKEYMODE_DELETE   5

Definition at line 39 of file tkey.h.

Referenced by dns_tkey_builddeletequery(), dns_tkey_processdeleteresponse(), and dns_tkey_processquery().


Function Documentation

isc_result_t dns_tkeyctx_create ( isc_mem_t mctx,
isc_entropy_t ectx,
dns_tkeyctx_t **  tctxp 
)

Create an empty TKEY context.

Requires:

Returns

Definition at line 92 of file tkey.c.

References dns_tkeyctx::dhkey, dns_tkeyctx::domain, dns_tkeyctx::ectx, dns_tkeyctx::gssapi_keytab, dns_tkeyctx::gsscred, isc_entropy_attach(), isc_mem_attach(), isc_mem_get, ISC_R_NOMEMORY, ISC_R_SUCCESS, dns_tkeyctx::mctx, and REQUIRE.

Referenced by ns_server_create(), and ns_tkeyctx_fromconfig().

void dns_tkeyctx_destroy ( dns_tkeyctx_t **  tctxp  ) 

Frees all data associated with the TKEY context.

Requires:

Definition at line 117 of file tkey.c.

References dns_tkeyctx::dhkey, dns_name_dynamic(), dns_name_free(), dns_tkeyctx::domain, dst_gssapi_releasecred(), dst_key_free(), dns_tkeyctx::ectx, dns_tkeyctx::gssapi_keytab, dns_tkeyctx::gsscred, isc_entropy_detach(), isc_mem_detach(), isc_mem_free, isc_mem_put, dns_tkeyctx::mctx, mctx, and REQUIRE.

Referenced by load_configuration(), ns_server_destroy(), and ns_tkeyctx_fromconfig().

isc_result_t dns_tkey_processquery ( dns_message_t msg,
dns_tkeyctx_t tctx,
dns_tsig_keyring_t ring 
)

Processes a query containing a TKEY record, adding or deleting TSIG keys if necessary, and modifies the message to contain the response.

Requires:

Returns

Definition at line 615 of file tkey.c.

References add_rdata_to_list(), dns_fixedname_init, dns_fixedname_name, dns_message_addname(), dns_message_currentname(), dns_message_findname(), dns_message_firstname(), dns_message_reply(), dns_message_signer(), dns_name_clone(), dns_name_concatenate(), dns_name_copy(), dns_name_countlabels(), dns_name_equal(), dns_name_fromtext(), dns_name_getlabelsequence(), dns_name_init(), DNS_R_FORMERR, DNS_R_NOTIMP, DNS_R_REFUSED, dns_rcode_noerror, dns_rdata_freestruct(), dns_rdata_fromstruct(), dns_rdata_init(), dns_rdata_tostruct(), dns_rdataset_current(), dns_rdataset_first(), dns_rootname, DNS_SECTION_ADDITIONAL, DNS_SECTION_ANSWER, DNS_SECTION_QUESTION, DNS_TKEYMODE_DELETE, DNS_TKEYMODE_DIFFIEHELLMAN, DNS_TKEYMODE_GSSAPI, DNS_TKEYMODE_RESOLVERASSIGNED, DNS_TKEYMODE_SERVERASSIGNED, dns_tsigerror_badmode, dns_tsigerror_badname, dns_tsigkey_detach(), dns_tsigkey_find(), dns_tkeyctx::domain, dns_tkeyctx::ectx, free_namelist(), hexdigits, isc_buffer_add, isc_buffer_init, isc_entropy_getdata(), ISC_FALSE, ISC_LINK_INIT, ISC_LIST_EMPTY, ISC_LIST_HEAD, ISC_LIST_INIT, ISC_LIST_NEXT, ISC_LIST_UNLINK, isc_mem_put, ISC_R_NOTFOUND, ISC_R_SUCCESS, ISC_TRUE, dns_message::mctx, name, process_deletetkey(), process_dhtkey(), process_gsstkey(), dns_rdata::rdclass, REQUIRE, RETERR, RUNTIME_CHECK, tkey_log(), and tsigkey.

Referenced by ns_query_start().

isc_result_t dns_tkey_builddhquery ( dns_message_t msg,
dst_key_t key,
dns_name_t name,
dns_name_t algorithm,
isc_buffer_t nonce,
isc_uint32_t  lifetime 
)

Builds a query containing a TKEY that will generate a shared secret using a Diffie-Hellman key exchange. The shared key will be of the specified algorithm (only DNS_TSIG_HMACMD5_NAME is supported), and will be named either 'name', 'name' + server chosen domain, or random data + server chosen domain if 'name' == dns_rootname. If nonce is not NULL, it supplies random data used in the shared secret computation. The key is requested to have the specified lifetime (in seconds).

Requires:

Returns:

Definition at line 943 of file tkey.c.

References add_rdata_to_list(), isc_region::base, buildquery(), DNS_KEYALG_DH, dns_message_addname(), dns_message_gettemprdata(), dns_message_takebuffer(), dns_name_clone(), dns_name_init(), dns_rdata_fromregion(), DNS_SECTION_ADDITIONAL, DNS_TKEYMODE_DIFFIEHELLMAN, dst_key_alg(), dst_key_isprivate(), dst_key_name(), dst_key_todns(), isc_buffer_allocate(), isc_buffer_free(), isc_buffer_usedregion, ISC_FALSE, ISC_LINK_INIT, ISC_LIST_HEAD, ISC_LIST_INIT, ISC_LIST_NEXT, ISC_LIST_UNLINK, isc_mem_get, isc_mem_put, ISC_R_SUCCESS, isc_stdtime_get(), isc_region::length, dns_message::mctx, now, r, REQUIRE, and RETERR.

isc_result_t dns_tkey_buildgssquery ( dns_message_t msg,
dns_name_t name,
dns_name_t gname,
isc_buffer_t intoken,
isc_uint32_t  lifetime,
gss_ctx_id_t context,
isc_boolean_t  win2k,
isc_mem_t mctx,
char **  err_message 
)

Builds a query containing a TKEY that will generate a GSSAPI context. The key is requested to have the specified lifetime (in seconds).

Requires:

Returns:

Definition at line 1021 of file tkey.c.

References buildquery(), dns_name_clone(), dns_name_init(), DNS_R_CONTINUE, DNS_TKEYMODE_GSSAPI, DNS_TSIG_GSSAPI_NAME, DNS_TSIG_GSSAPIMS_NAME, dst_gssapi_initctx(), isc_buffer_base, isc_buffer_init, isc_buffer_usedlength, ISC_LINK_INIT, ISC_R_SUCCESS, isc_stdtime_get(), now, REQUIRE, RETERR, token, and UNUSED.

isc_result_t dns_tkey_builddeletequery ( dns_message_t msg,
dns_tsigkey_t key 
)

Builds a query containing a TKEY record that will delete the specified shared secret from the server.

Requires:

Returns:

Definition at line 1076 of file tkey.c.

References dns_tsigkey::algorithm, buildquery(), dns_name_clone(), dns_name_init(), DNS_TKEYMODE_DELETE, ISC_FALSE, ISC_LINK_INIT, dns_message::mctx, dns_tsigkey::name, and REQUIRE.

isc_result_t dns_tkey_processdhresponse ( dns_message_t qmsg,
dns_message_t rmsg,
dst_key_t key,
isc_buffer_t nonce,
dns_tsigkey_t **  outkey,
dns_tsig_keyring_t ring 
)

Processes a response to a query containing a TKEY that was designed to generate a shared secret using a Diffie-Hellman key exchange. If the query was successful, a new shared key is created and added to the list of shared keys.

Requires:

Returns:

Definition at line 1126 of file tkey.c.

References isc_region::base, compute_secret(), dns_dnssec_keyfromrdata(), DNS_KEYALG_DH, dns_message_currentname(), dns_message_findname(), dns_message_findtype(), dns_message_firstname(), dns_message_nextname(), dns_name_clone(), dns_name_equal(), dns_name_init(), DNS_R_INVALIDTKEY, dns_rcode_noerror, dns_rdata_freestruct(), DNS_RDATA_INIT, dns_rdata_tostruct(), dns_rdataset_current(), dns_rdataset_first(), DNS_SECTION_ADDITIONAL, DNS_SECTION_ANSWER, DNS_TKEYMODE_DIFFIEHELLMAN, dns_tsigkey_create(), dst_key_alg(), dst_key_computesecret(), dst_key_free(), dst_key_isprivate(), dst_key_name(), dst_key_secretsize(), find_tkey(), isc_buffer_allocate(), isc_buffer_free(), isc_buffer_init, isc_buffer_usedregion, ISC_FALSE, isc_mem_get, isc_mem_put, ISC_R_NOTFOUND, ISC_R_SUCCESS, ISC_RESULTCLASS_DNSRCODE, ISC_TRUE, isc_region::length, dns_message::mctx, r, r2, dns_message::rcode, REQUIRE, RETERR, secret, tempname, and tkey_log().

isc_result_t dns_tkey_processgssresponse ( dns_message_t qmsg,
dns_message_t rmsg,
dns_name_t gname,
gss_ctx_id_t context,
isc_buffer_t outtoken,
dns_tsigkey_t **  outkey,
dns_tsig_keyring_t ring,
char **  err_message 
)

XXX.

Definition at line 1256 of file tkey.c.

References _dns_tkey_dumpmessage(), dns_name_equal(), DNS_R_INVALIDTKEY, dns_rcode_noerror, dns_rdata_freestruct(), DNS_RDATA_INIT, dns_rdata_tostruct(), dns_rootname, DNS_SECTION_ADDITIONAL, DNS_SECTION_ANSWER, DNS_TKEYMODE_GSSAPI, DNS_TSIG_GSSAPI_NAME, dns_tsigkey_createfromkey(), dst_gssapi_initctx(), dst_key_free(), dst_key_fromgssapi(), find_tkey(), isc_buffer_init, ISC_FALSE, ISC_R_NOTFOUND, ISC_R_SUCCESS, ISC_RESULTCLASS_DNSRCODE, dns_message::mctx, dns_tsig_keyring::mctx, dns_message::rcode, REQUIRE, RETERR, and tkey_log().

isc_result_t dns_tkey_processdeleteresponse ( dns_message_t qmsg,
dns_message_t rmsg,
dns_tsig_keyring_t ring 
)

Processes a response to a query containing a TKEY that was designed to delete a shared secret. If the query was successful, the shared key is deleted from the list of shared keys.

Requires:

Returns:

Definition at line 1334 of file tkey.c.

References dns_name_equal(), DNS_R_INVALIDTKEY, dns_rcode_noerror, dns_rdata_freestruct(), DNS_RDATA_INIT, dns_rdata_tostruct(), DNS_SECTION_ADDITIONAL, DNS_SECTION_ANSWER, DNS_TKEYMODE_DELETE, dns_tsigkey_detach(), dns_tsigkey_find(), dns_tsigkey_setdeleted(), find_tkey(), ISC_RESULTCLASS_DNSRCODE, dns_message::rcode, REQUIRE, RETERR, tempname, tkey_log(), and tsigkey.

isc_result_t dns_tkey_gssnegotiate ( dns_message_t qmsg,
dns_message_t rmsg,
dns_name_t server,
gss_ctx_id_t context,
dns_tsigkey_t **  outkey,
dns_tsig_keyring_t ring,
isc_boolean_t  win2k,
char **  err_message 
)

Definition at line 1389 of file tkey.c.

References dns_name_equal(), DNS_R_CONTINUE, DNS_R_INVALIDTKEY, dns_rcode_noerror, dns_rdata_freestruct(), DNS_RDATA_INIT, dns_rdata_tostruct(), dns_rootname, DNS_SECTION_ADDITIONAL, DNS_SECTION_ANSWER, DNS_TKEYMODE_GSSAPI, DNS_TSIG_GSSAPI_NAME, DNS_TSIG_GSSAPIMS_NAME, dns_tsigkey_createfromkey(), dst_gssapi_initctx(), dst_key_free(), dst_key_fromgssapi(), find_tkey(), isc_buffer_init, ISC_FALSE, ISC_R_SUCCESS, ISC_RESULTCLASS_DNSRCODE, ISC_TRUE, dns_message::mctx, dns_tsig_keyring::mctx, dns_message::rcode, REQUIRE, RETERR, and tkey_log().


Generated on Tue Apr 28 17:41:10 2015 by Doxygen 1.5.4 for BIND9 Internals 9.11.0pre-alpha