Skip to content
GitLab
Projects
Groups
Snippets
Help
Loading...
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
BIND
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
600
Issues
600
List
Boards
Labels
Service Desk
Milestones
Merge Requests
111
Merge Requests
111
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Operations
Operations
Incidents
Environments
Packages & Registries
Packages & Registries
Container Registry
Analytics
Analytics
CI / CD
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
ISC Open Source Projects
BIND
Commits
06f9d648
Commit
06f9d648
authored
Oct 28, 1999
by
Brian Wellington
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
dns_message_signer update
parent
bf04258e
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
19 additions
and
13 deletions
+19
-13
lib/dns/include/dns/message.h
lib/dns/include/dns/message.h
+8
-7
lib/dns/message.c
lib/dns/message.c
+11
-6
No files found.
lib/dns/include/dns/message.h
View file @
06f9d648
...
...
@@ -838,8 +838,9 @@ dns_message_takebuffer(dns_message_t *msg, isc_buffer_t **buffer);
isc_result_t
dns_message_signer
(
dns_message_t
*
msg
,
dns_name_t
**
signer
);
/*
* If this response message was signed and the signature has been validated,
* return the identity of the signer.
* If this response message was signed, return the identity of the signer.
* Unless ISC_R_NOTFOUND is returned, signer will reflect the name of the
* key that signed the message.
*
* Requires:
*
...
...
@@ -854,16 +855,16 @@ dns_message_signer(dns_message_t *msg, dns_name_t **signer);
* ISC_R_NOTFOUND - no TSIG record or key is present in the
* message
*
* DNS_R_KEYUNAUTHORIZED - the message was signed and verified, but
* the key has no identity since it was
* generated by an unsigned TKEY process
* (new error code?)
*
* DNS_R_TSIGVERIFYFAILURE - the message was signed, but the signature
* failed to verify
*
* DNS_R_TSIGERRORSET - the message was signed and verified, but
* the query was rejected by the server
*
* DNS_R_KEYUNAUTHORIZED - the message was signed and verified, but
* the key has no identity since it was
* generated by an unsigned TKEY process
* (new error code?)
*/
ISC_LANG_ENDDECLS
...
...
lib/dns/message.c
View file @
06f9d648
...
...
@@ -1907,6 +1907,8 @@ dns_message_takebuffer(dns_message_t *msg, isc_buffer_t **buffer)
isc_result_t
dns_message_signer
(
dns_message_t
*
msg
,
dns_name_t
**
signer
)
{
isc_result_t
result
;
REQUIRE
(
DNS_MESSAGE_VALID
(
msg
));
REQUIRE
(
signer
!=
NULL
);
REQUIRE
(
*
signer
==
NULL
);
...
...
@@ -1914,12 +1916,15 @@ dns_message_signer(dns_message_t *msg, dns_name_t **signer) {
if
(
msg
->
tsigkey
==
NULL
||
msg
->
tsig
==
NULL
)
return
(
ISC_R_NOTFOUND
);
if
(
msg
->
tsigkey
->
generated
)
return
(
DNS_R_KEYUNAUTHORIZED
);
if
(
msg
->
tsigstatus
!=
dns_rcode_noerror
)
return
(
DNS_R_TSIGVERIFYFAILURE
);
if
(
msg
->
tsig
->
error
!=
dns_rcode_noerror
)
return
(
DNS_R_TSIGERRORSET
);
result
=
DNS_R_TSIGVERIFYFAILURE
;
else
if
(
msg
->
tsig
->
error
!=
dns_rcode_noerror
)
result
=
DNS_R_TSIGERRORSET
;
else
if
(
msg
->
tsigkey
->
generated
)
result
=
DNS_R_KEYUNAUTHORIZED
;
else
result
=
ISC_R_SUCCESS
;
*
signer
=
&
msg
->
tsigkey
->
name
;
return
(
ISC_R_SUCCESS
);
return
(
result
);
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment