Lines Matching refs:msg
55 #define is_response(msg) (msg->flags & DNS_MESSAGEFLAG_QR)
206 tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg);
681 dns_tsig_sign(dns_message_t *msg) {
698 isc_boolean_t response = is_response(msg);
700 REQUIRE(msg != NULL);
701 REQUIRE(VALID_TSIG_KEY(dns_message_gettsigkey(msg)));
706 if (response && msg->querytsig == NULL)
711 mctx = msg->mctx;
712 key = dns_message_gettsigkey(msg);
722 tsig.timesigned = now + msg->timeadjust;
725 tsig.originalid = msg->id;
730 tsig.error = msg->querytsigstatus;
762 ret = dns_rdataset_first(msg->querytsig);
765 dns_rdataset_current(msg->querytsig, &querytsigrdata);
795 dns_message_renderheader(msg, &headerbuf);
804 isc_buffer_usedregion(msg->buffer, &r);
810 if (msg->tcp_continuation == 0) {
846 if (msg->tcp_continuation == 0) {
900 ret = dns_message_gettemprdata(msg, &rdata);
903 ret = isc_buffer_allocate(msg->mctx, &dynbuf, 512);
911 dns_message_takebuffer(msg, &dynbuf);
919 ret = dns_message_gettempname(msg, &owner);
923 ret = dns_name_dup(&key->name, msg->mctx, owner);
928 ret = dns_message_gettemprdatalist(msg, &datalist);
932 ret = dns_message_gettemprdataset(msg, &dataset);
944 msg->tsig = dataset;
945 msg->tsigname = owner;
948 msg->tsigname->attributes |= DNS_NAMEATTR_NOCOMPRESS;
953 dns_message_puttemprdatalist(msg, &datalist);
955 dns_message_puttempname(msg, &owner);
960 dns_message_puttemprdata(msg, &rdata);
971 dns_tsig_verify(isc_buffer_t *source, dns_message_t *msg,
993 REQUIRE(DNS_MESSAGE_VALID(msg));
994 tsigkey = dns_message_gettsigkey(msg);
995 response = is_response(msg);
999 msg->verify_attempted = 1;
1001 if (msg->tcp_continuation) {
1002 if (tsigkey == NULL || msg->querytsig == NULL)
1004 return (tsig_verify_tcp(source, msg));
1010 if (msg->tsig == NULL)
1017 if (response && (tsigkey == NULL || msg->querytsig == NULL))
1020 mctx = msg->mctx;
1027 keyname = msg->tsigname;
1028 ret = dns_rdataset_first(msg->tsig);
1031 dns_rdataset_current(msg->tsig, &rdata);
1037 ret = dns_rdataset_first(msg->querytsig);
1040 dns_rdataset_current(msg->querytsig, &rdata);
1059 msg->tsigstatus = dns_tsigerror_badkey;
1060 tsig_log(msg->tsigkey, 2,
1082 msg->tsigstatus = dns_tsigerror_badkey;
1086 mctx, NULL, &msg->tsigkey);
1089 tsig_log(msg->tsigkey, 2, "unknown key");
1092 msg->tsigkey = tsigkey;
1100 if (now + msg->timeadjust > tsig.timesigned + tsig.fudge) {
1101 msg->tsigstatus = dns_tsigerror_badtime;
1102 tsig_log(msg->tsigkey, 2, "signature has expired");
1104 } else if (now + msg->timeadjust < tsig.timesigned - tsig.fudge) {
1105 msg->tsigstatus = dns_tsigerror_badtime;
1106 tsig_log(msg->tsigkey, 2, "signature is in the future");
1122 tsig_log(msg->tsigkey, 2, "signature length to big");
1127 tsig_log(msg->tsigkey, 2,
1133 msg->tsigstatus = dns_tsigerror_badtrunc;
1134 tsig_log(msg->tsigkey, 2,
1140 msg->tsigstatus = dns_tsigerror_badtrunc;
1141 tsig_log(msg->tsigkey, 2, "signature length too small");
1205 r.length = msg->sigstart - DNS_MESSAGE_HEADERLEN;
1220 isc_buffer_putuint32(&databuf, msg->tsig->ttl);
1254 msg->tsigstatus = dns_tsigerror_badsig;
1256 tsig_log(msg->tsigkey, 2,
1265 msg->tsigstatus = dns_tsigerror_badsig;
1266 tsig_log(msg->tsigkey, 2, "signature was empty");
1270 msg->tsigstatus = dns_rcode_noerror;
1279 msg->verified_sig = 1;
1291 tsig_verify_tcp(isc_buffer_t *source, dns_message_t *msg) {
1308 REQUIRE(msg != NULL);
1309 REQUIRE(dns_message_gettsigkey(msg) != NULL);
1310 REQUIRE(msg->tcp_continuation == 1);
1311 REQUIRE(msg->querytsig != NULL);
1313 if (!is_response(msg))
1316 mctx = msg->mctx;
1318 tsigkey = dns_message_gettsigkey(msg);
1323 ret = dns_rdataset_first(msg->querytsig);
1326 dns_rdataset_current(msg->querytsig, &rdata);
1335 if (msg->tsig != NULL) {
1338 keyname = msg->tsigname;
1339 ret = dns_rdataset_first(msg->tsig);
1342 dns_rdataset_current(msg->tsig, &rdata);
1352 msg->tsigstatus = dns_tsigerror_badkey;
1354 tsig_log(msg->tsigkey, 2,
1364 if (now + msg->timeadjust > tsig.timesigned + tsig.fudge) {
1365 msg->tsigstatus = dns_tsigerror_badtime;
1366 tsig_log(msg->tsigkey, 2, "signature has expired");
1369 } else if (now + msg->timeadjust <
1371 msg->tsigstatus = dns_tsigerror_badtime;
1372 tsig_log(msg->tsigkey, 2,
1381 if (msg->tsigctx == NULL) {
1384 &msg->tsigctx);
1394 ret = dst_context_adddata(msg->tsigctx, &r);
1404 ret = dst_context_adddata(msg->tsigctx, &r);
1440 ret = dst_context_adddata(msg->tsigctx, &header_r);
1450 r.length = msg->sigstart - DNS_MESSAGE_HEADERLEN;
1453 ret = dst_context_adddata(msg->tsigctx, &r);
1465 ret = dst_context_adddata(msg->tsigctx, &r);
1478 tsig_log(msg->tsigkey, 2,
1485 ret = dst_context_verify(msg->tsigctx, &sig_r);
1487 msg->tsigstatus = dns_tsigerror_badsig;
1488 tsig_log(msg->tsigkey, 2,
1496 dst_context_destroy(&msg->tsigctx);
1499 msg->tsigstatus = dns_rcode_noerror;
1503 dst_context_destroy(&msg->tsigctx);