Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
Menu
Open sidebar
ISC Open Source Projects
BIND
Commits
19c7cce8
Commit
19c7cce8
authored
Jan 09, 2001
by
Mark Andrews
Browse files
674. [func] Allow messages to be TSIG signed / verified using
a offset from the current time.
parent
d6230d41
Changes
4
Hide whitespace changes
Inline
Side-by-side
CHANGES
View file @
19c7cce8
674. [func] Allow messages to be TSIG signed / verified using
a offset from the current time.
673. [func] The server can now convert RFC1886-style recursive
lookup requests into RFC2874-style lookups, when
...
...
lib/dns/include/dns/message.h
View file @
19c7cce8
...
...
@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: message.h,v 1.8
7
2001/01/09 2
1:53:03 bwelling
Exp $ */
/* $Id: message.h,v 1.8
8
2001/01/09 2
3:35:33 marka
Exp $ */
#ifndef DNS_MESSAGE_H
#define DNS_MESSAGE_H 1
...
...
@@ -217,6 +217,7 @@ struct dns_message {
dns_tsigkey_t
*
tsigkey
;
dst_context_t
*
tsigctx
;
int
sigstart
;
int
timeadjust
;
dns_name_t
*
sig0name
;
dst_key_t
*
sig0key
;
...
...
@@ -1194,9 +1195,29 @@ dns_message_setsortorder(dns_message_t *msg, dns_rdatasetorderfunc_t order,
* 'order_arg' are NULL, a default order is used.
*
* Requires:
* msg be a valid message.
* order_arg is NULL if and only if order is NULL.
*/
void
dns_message_settimeadjust
(
dns_message_t
*
msg
,
int
timeadjust
);
/*
* Adjust the time used to sign/verify a message by timeadjust.
* Currently only TSIG.
*
* Requires:
* msg be a valid message.
*/
int
dns_message_gettimeadjust
(
dns_message_t
*
msg
);
/*
* Return the current time adjustment.
*
* Requires:
* msg be a valid message.
*/
ISC_LANG_ENDDECLS
#endif
/* DNS_MESSAGE_H */
lib/dns/message.c
View file @
19c7cce8
...
...
@@ -15,7 +15,7 @@
* WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: message.c,v 1.17
1
2001/01/09 2
1:51:05 bwelling
Exp $ */
/* $Id: message.c,v 1.17
2
2001/01/09 2
3:35:27 marka
Exp $ */
/***
*** Imports
...
...
@@ -355,6 +355,7 @@ msginittsig(dns_message_t *m) {
m
->
sigstart
=
-
1
;
m
->
sig0key
=
NULL
;
m
->
sig0status
=
dns_rcode_noerror
;
m
->
timeadjust
=
0
;
}
/*
...
...
@@ -2978,7 +2979,19 @@ void
dns_message_setsortorder
(
dns_message_t
*
msg
,
dns_rdatasetorderfunc_t
order
,
void
*
order_arg
)
{
REQUIRE
(
DNS_MESSAGE_VALID
(
msg
));
msg
->
order
=
order
;
msg
->
order_arg
=
order_arg
;
}
void
dns_message_settimeadjust
(
dns_message_t
*
msg
,
int
timeadjust
)
{
REQUIRE
(
DNS_MESSAGE_VALID
(
msg
));
msg
->
timeadjust
=
timeadjust
;
}
int
dns_message_gettimeadjust
(
dns_message_t
*
msg
)
{
REQUIRE
(
DNS_MESSAGE_VALID
(
msg
));
return
(
msg
->
timeadjust
);
}
lib/dns/tsig.c
View file @
19c7cce8
...
...
@@ -16,7 +16,7 @@
*/
/*
* $Id: tsig.c,v 1.10
0
2001/01/09 2
1:51:39 bwelling
Exp $
* $Id: tsig.c,v 1.10
1
2001/01/09 2
3:35:29 marka
Exp $
* Principal Author: Brian Wellington
*/
...
...
@@ -399,7 +399,7 @@ dns_tsig_sign(dns_message_t *msg) {
dns_name_clone
(
key
->
algorithm
,
&
tsig
.
algorithm
);
isc_stdtime_get
(
&
now
);
tsig
.
timesigned
=
now
;
tsig
.
timesigned
=
now
+
msg
->
timeadjust
;
tsig
.
fudge
=
DNS_TSIG_FUDGE
;
tsig
.
originalid
=
msg
->
id
;
...
...
@@ -739,9 +739,9 @@ dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
/*
* Is the time ok?
*/
if
(
abs
(
now
-
tsig
.
timesigned
)
>
tsig
.
fudge
)
{
if
(
abs
(
now
+
msg
->
timeadjust
-
tsig
.
timesigned
)
>
tsig
.
fudge
)
{
msg
->
tsigstatus
=
dns_tsigerror_badtime
;
if
(
now
>
tsig
.
timesigned
+
tsig
.
fudge
)
if
(
now
+
msg
->
timeadjust
>
tsig
.
timesigned
+
tsig
.
fudge
)
tsig_log
(
msg
->
tsigkey
,
2
,
"signature has expired"
);
else
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment