2011-09-12 04:47:25 +10:00
|
|
|
// TRANSACTION SIGNATURE (TSIG)
|
|
|
|
//
|
2012-03-03 08:59:07 +11:00
|
|
|
// An TSIG or transaction signature adds a HMAC TSIG record to each message sent.
|
2012-08-20 17:39:10 +10:00
|
|
|
// The supported algorithms include: HmacMD5, HmacSHA1 and HmacSHA256.
|
2012-03-07 05:10:49 +11:00
|
|
|
//
|
2012-08-08 17:26:29 +10:00
|
|
|
// Basic use pattern when querying with a TSIG name "axfr." (note that these key names
|
2012-10-13 00:32:41 +11:00
|
|
|
// must be fully qualified - as they are domain names) and the base64 secret
|
|
|
|
// "so6ZGir4GPAqINNh9U5c3A==":
|
2011-09-11 09:37:06 +10:00
|
|
|
//
|
2012-05-26 18:28:32 +10:00
|
|
|
// c := new(dns.Client)
|
2012-03-07 05:10:49 +11:00
|
|
|
// c.TsigSecret = map[string]string{"axfr.": "so6ZGir4GPAqINNh9U5c3A=="}
|
2012-08-08 17:26:29 +10:00
|
|
|
// m := new(dns.Msg)
|
2012-05-08 22:17:17 +10:00
|
|
|
// m.SetQuestion("miek.nl.", dns.TypeMX)
|
|
|
|
// m.SetTsig("axfr.", dns.HmacMD5, 300, time.Now().Unix())
|
2012-03-03 06:18:18 +11:00
|
|
|
// ...
|
2012-03-03 08:47:58 +11:00
|
|
|
// // When sending the TSIG RR is calculated and filled in before sending
|
2011-09-11 09:37:06 +10:00
|
|
|
//
|
2012-03-03 08:59:07 +11:00
|
|
|
// When requesting an AXFR (almost all TSIG usage is when requesting zone transfers), with
|
2012-03-07 05:10:49 +11:00
|
|
|
// TSIG, this is the basic use pattern. In this example we request an AXFR for
|
|
|
|
// miek.nl. with TSIG key named "axfr." and secret "so6ZGir4GPAqINNh9U5c3A=="
|
|
|
|
// and using the server 85.223.71.124
|
2011-09-11 09:37:06 +10:00
|
|
|
//
|
2012-05-26 18:28:32 +10:00
|
|
|
// c := new(dns.Client)
|
2012-03-07 05:10:49 +11:00
|
|
|
// c.TsigSecret = map[string]string{"axfr.": "so6ZGir4GPAqINNh9U5c3A=="}
|
2012-05-08 22:17:17 +10:00
|
|
|
// m := new(dns.Msg)
|
2012-03-03 08:59:07 +11:00
|
|
|
// m.SetAxfr("miek.nl.")
|
2012-05-08 22:17:17 +10:00
|
|
|
// m.SetTsig("axfr.", dns.HmacMD5, 300, time.Now().Unix())
|
2012-05-19 03:59:07 +10:00
|
|
|
// t, err := c.XfrReceive(m, "85.223.71.124:53")
|
|
|
|
// for r := range t { /* ... */ }
|
2011-09-11 09:37:06 +10:00
|
|
|
//
|
2012-01-17 07:44:49 +11:00
|
|
|
// You can now read the records from the AXFR as they come in. Each envelope is checked with TSIG.
|
2011-09-11 09:42:46 +10:00
|
|
|
// If something is not correct an error is returned.
|
2011-09-11 09:37:06 +10:00
|
|
|
//
|
2012-03-03 08:47:58 +11:00
|
|
|
// Basic use pattern validating and replying to a message that has TSIG set.
|
2012-03-07 05:10:49 +11:00
|
|
|
//
|
2012-08-08 17:50:07 +10:00
|
|
|
// server := &dns.Server{Addr: ":53", Net: "udp"}
|
2012-08-08 17:26:29 +10:00
|
|
|
// server.TsigSecret = map[string]string{"axfr.": "so6ZGir4GPAqINNh9U5c3A=="}
|
|
|
|
// go server.ListenAndServe()
|
|
|
|
// dns.HandleFunc(".", handleRequest)
|
2012-03-07 05:10:49 +11:00
|
|
|
//
|
2012-08-08 17:26:29 +10:00
|
|
|
// func handleRequest(w dns.ResponseWriter, r *dns.Msg) {
|
2012-03-07 05:10:49 +11:00
|
|
|
// m := new(Msg)
|
|
|
|
// m.SetReply(r)
|
|
|
|
// if r.IsTsig() {
|
|
|
|
// if w.TsigStatus() == nil {
|
|
|
|
// // *Msg r has an TSIG record and it was validated
|
2012-05-19 03:59:07 +10:00
|
|
|
// m.SetTsig("axfr.", dns.HmacMD5, 300, time.Now().Unix())
|
2012-03-07 05:10:49 +11:00
|
|
|
// } else {
|
|
|
|
// // *Msg r has an TSIG records and it was not valided
|
|
|
|
// }
|
|
|
|
// }
|
|
|
|
// w.Write(m)
|
|
|
|
// }
|
2011-01-09 07:51:20 +11:00
|
|
|
package dns
|
|
|
|
|
2011-01-09 08:39:15 +11:00
|
|
|
import (
|
2011-01-18 07:10:48 +11:00
|
|
|
"crypto/hmac"
|
2012-01-20 22:24:20 +11:00
|
|
|
"crypto/md5"
|
2012-01-28 10:35:37 +11:00
|
|
|
"crypto/sha1"
|
|
|
|
"crypto/sha256"
|
2011-01-10 01:54:23 +11:00
|
|
|
"encoding/hex"
|
2012-01-28 10:35:37 +11:00
|
|
|
"hash"
|
2011-12-09 21:16:49 +11:00
|
|
|
"io"
|
2012-03-03 09:07:25 +11:00
|
|
|
"strconv"
|
2011-12-09 21:16:49 +11:00
|
|
|
"strings"
|
|
|
|
"time"
|
2011-01-09 08:39:15 +11:00
|
|
|
)
|
|
|
|
|
2011-01-27 19:29:11 +11:00
|
|
|
// HMAC hashing codes. These are transmitted as domain names.
|
2011-01-09 08:39:15 +11:00
|
|
|
const (
|
2011-03-14 22:28:04 +11:00
|
|
|
HmacMD5 = "hmac-md5.sig-alg.reg.int."
|
|
|
|
HmacSHA1 = "hmac-sha1."
|
|
|
|
HmacSHA256 = "hmac-sha256."
|
2011-01-09 08:39:15 +11:00
|
|
|
)
|
|
|
|
|
2012-03-03 09:07:25 +11:00
|
|
|
type RR_TSIG struct {
|
|
|
|
Hdr RR_Header
|
2012-04-30 05:55:29 +10:00
|
|
|
Algorithm string `dns:"domain-name"`
|
2012-03-03 09:07:25 +11:00
|
|
|
TimeSigned uint64
|
|
|
|
Fudge uint16
|
|
|
|
MACSize uint16
|
2012-04-30 05:55:29 +10:00
|
|
|
MAC string `dns:"size-hex"`
|
2012-03-03 09:07:25 +11:00
|
|
|
OrigId uint16
|
|
|
|
Error uint16
|
|
|
|
OtherLen uint16
|
2012-04-30 05:55:29 +10:00
|
|
|
OtherData string `dns:"size-hex"`
|
2012-03-03 09:07:25 +11:00
|
|
|
}
|
|
|
|
|
|
|
|
func (rr *RR_TSIG) Header() *RR_Header {
|
|
|
|
return &rr.Hdr
|
|
|
|
}
|
|
|
|
|
|
|
|
// TSIG has no official presentation format, but this will suffice.
|
2012-05-08 22:17:17 +10:00
|
|
|
|
2012-03-03 09:07:25 +11:00
|
|
|
func (rr *RR_TSIG) String() string {
|
|
|
|
s := "\n;; TSIG PSEUDOSECTION:\n"
|
|
|
|
s += rr.Hdr.String() +
|
|
|
|
" " + rr.Algorithm +
|
2012-09-12 05:45:21 +10:00
|
|
|
" " + tsigTimeToString(rr.TimeSigned) +
|
2012-03-03 09:07:25 +11:00
|
|
|
" " + strconv.Itoa(int(rr.Fudge)) +
|
|
|
|
" " + strconv.Itoa(int(rr.MACSize)) +
|
|
|
|
" " + strings.ToUpper(rr.MAC) +
|
|
|
|
" " + strconv.Itoa(int(rr.OrigId)) +
|
|
|
|
" " + strconv.Itoa(int(rr.Error)) + // BIND prints NOERROR
|
|
|
|
" " + strconv.Itoa(int(rr.OtherLen)) +
|
|
|
|
" " + rr.OtherData
|
|
|
|
return s
|
|
|
|
}
|
|
|
|
|
|
|
|
func (rr *RR_TSIG) Len() int {
|
|
|
|
return rr.Hdr.Len() + len(rr.Algorithm) + 1 + 6 +
|
|
|
|
4 + len(rr.MAC)/2 + 1 + 6 + len(rr.OtherData)/2 + 1
|
|
|
|
}
|
|
|
|
|
2012-06-21 03:16:54 +10:00
|
|
|
func (rr *RR_TSIG) Copy() RR {
|
2012-06-21 04:16:36 +10:00
|
|
|
return &RR_TSIG{*rr.Hdr.CopyHeader(), rr.Algorithm, rr.TimeSigned, rr.Fudge, rr.MACSize, rr.MAC, rr.OrigId, rr.Error, rr.OtherLen, rr.OtherData}
|
2012-06-21 01:44:18 +10:00
|
|
|
}
|
|
|
|
|
2011-01-18 07:10:48 +11:00
|
|
|
// The following values must be put in wireformat, so that the MAC can be calculated.
|
|
|
|
// RFC 2845, section 3.4.2. TSIG Variables.
|
2011-01-14 21:57:28 +11:00
|
|
|
type tsigWireFmt struct {
|
2012-03-01 08:00:39 +11:00
|
|
|
// From RR_Header
|
2012-04-30 05:55:29 +10:00
|
|
|
Name string `dns:"domain-name"`
|
2011-01-09 07:51:20 +11:00
|
|
|
Class uint16
|
|
|
|
Ttl uint32
|
|
|
|
// Rdata of the TSIG
|
2012-04-30 05:55:29 +10:00
|
|
|
Algorithm string `dns:"domain-name"`
|
2011-01-10 01:30:45 +11:00
|
|
|
TimeSigned uint64
|
2011-01-09 07:51:20 +11:00
|
|
|
Fudge uint16
|
|
|
|
// MACSize, MAC and OrigId excluded
|
|
|
|
Error uint16
|
|
|
|
OtherLen uint16
|
2012-04-30 05:55:29 +10:00
|
|
|
OtherData string `dns:"size-hex"`
|
2011-01-09 07:51:20 +11:00
|
|
|
}
|
|
|
|
|
2011-03-16 05:36:03 +11:00
|
|
|
// If we have the MAC use this type to convert it to wiredata.
|
|
|
|
// Section 3.4.3. Request MAC
|
2011-03-14 22:28:04 +11:00
|
|
|
type macWireFmt struct {
|
2011-03-15 07:16:45 +11:00
|
|
|
MACSize uint16
|
2012-04-30 05:55:29 +10:00
|
|
|
MAC string `dns:"size-hex"`
|
2011-03-14 22:28:04 +11:00
|
|
|
}
|
|
|
|
|
2011-03-16 05:36:03 +11:00
|
|
|
// 3.3. Time values used in TSIG calculations
|
|
|
|
type timerWireFmt struct {
|
|
|
|
TimeSigned uint64
|
|
|
|
Fudge uint16
|
|
|
|
}
|
|
|
|
|
2012-03-02 08:40:34 +11:00
|
|
|
// TsigGenerate fills out the TSIG record attached to the message.
|
|
|
|
// The message should contain
|
|
|
|
// a "stub" TSIG RR with the algorithm, key name (owner name of the RR),
|
|
|
|
// time fudge (defaults to 300 seconds) and the current time
|
|
|
|
// The TSIG MAC is saved in that Tsig RR.
|
|
|
|
// When TsigGenerate is called for the first time requestMAC is set to the empty string and
|
|
|
|
// timersOnly is false.
|
|
|
|
// If something goes wrong an error is returned, otherwise it is nil.
|
|
|
|
func TsigGenerate(m *Msg, secret, requestMAC string, timersOnly bool) ([]byte, string, error) {
|
2012-08-25 19:24:01 +10:00
|
|
|
if m.IsTsig() == nil {
|
2012-08-29 02:21:23 +10:00
|
|
|
panic("dns: TSIG not last RR in additional")
|
2011-04-23 00:37:26 +10:00
|
|
|
}
|
2011-11-03 09:06:54 +11:00
|
|
|
// If we barf here, the caller is to blame
|
2011-04-19 06:08:12 +10:00
|
|
|
rawsecret, err := packBase64([]byte(secret))
|
2011-11-03 09:06:54 +11:00
|
|
|
if err != nil {
|
2012-03-02 08:40:34 +11:00
|
|
|
return nil, "", err
|
2011-11-03 09:06:54 +11:00
|
|
|
}
|
2011-03-21 06:55:27 +11:00
|
|
|
|
2011-04-23 00:37:26 +10:00
|
|
|
rr := m.Extra[len(m.Extra)-1].(*RR_TSIG)
|
|
|
|
m.Extra = m.Extra[0 : len(m.Extra)-1] // kill the TSIG from the msg
|
2012-10-10 06:17:54 +11:00
|
|
|
mbuf, err := m.Pack()
|
|
|
|
if err != nil {
|
|
|
|
return nil, "", err
|
2012-03-02 08:40:34 +11:00
|
|
|
}
|
2011-09-11 09:10:47 +10:00
|
|
|
buf := tsigBuffer(mbuf, rr, requestMAC, timersOnly)
|
2011-04-19 06:08:12 +10:00
|
|
|
|
|
|
|
t := new(RR_TSIG)
|
2012-01-28 10:35:37 +11:00
|
|
|
var h hash.Hash
|
|
|
|
switch rr.Algorithm {
|
|
|
|
case HmacMD5:
|
|
|
|
h = hmac.New(md5.New, []byte(rawsecret))
|
|
|
|
case HmacSHA1:
|
|
|
|
h = hmac.New(sha1.New, []byte(rawsecret))
|
|
|
|
case HmacSHA256:
|
|
|
|
h = hmac.New(sha256.New, []byte(rawsecret))
|
|
|
|
default:
|
2012-03-02 08:40:34 +11:00
|
|
|
return nil, "", ErrKeyAlg
|
2012-01-28 10:35:37 +11:00
|
|
|
}
|
2012-03-02 08:40:34 +11:00
|
|
|
io.WriteString(h, string(buf))
|
|
|
|
t.MAC = hex.EncodeToString(h.Sum(nil))
|
2011-09-11 00:50:27 +10:00
|
|
|
t.MACSize = uint16(len(t.MAC) / 2) // Size is half!
|
2011-03-21 07:40:10 +11:00
|
|
|
|
2011-04-19 06:08:12 +10:00
|
|
|
t.Hdr = RR_Header{Name: rr.Hdr.Name, Rrtype: TypeTSIG, Class: ClassANY, Ttl: 0}
|
2011-04-19 06:18:00 +10:00
|
|
|
t.Fudge = rr.Fudge
|
|
|
|
t.TimeSigned = rr.TimeSigned
|
|
|
|
t.Algorithm = rr.Algorithm
|
2012-09-06 00:31:48 +10:00
|
|
|
t.OrigId = m.Id
|
2012-03-03 01:28:22 +11:00
|
|
|
|
2012-03-02 08:40:34 +11:00
|
|
|
tbuf := make([]byte, t.Len())
|
2012-10-10 07:45:19 +11:00
|
|
|
if off, err := PackRR(t, tbuf, 0, nil, false); err == nil {
|
2012-03-03 01:28:22 +11:00
|
|
|
tbuf = tbuf[:off] // reset to actual size used
|
2012-03-02 08:40:34 +11:00
|
|
|
} else {
|
2012-10-10 06:17:54 +11:00
|
|
|
return nil, "", err
|
2012-03-02 08:40:34 +11:00
|
|
|
}
|
|
|
|
mbuf = append(mbuf, tbuf...)
|
2012-08-24 20:42:41 +10:00
|
|
|
rawSetExtraLen(mbuf, uint16(len(m.Extra)+1))
|
2012-03-02 08:40:34 +11:00
|
|
|
return mbuf, t.MAC, nil
|
2011-03-21 06:55:27 +11:00
|
|
|
}
|
|
|
|
|
2011-09-11 00:50:27 +10:00
|
|
|
// TsigVerify verifies the TSIG on a message.
|
2011-03-24 05:07:06 +11:00
|
|
|
// If the signature does not validate err contains the
|
2011-09-11 00:50:27 +10:00
|
|
|
// error, otherwise it is nil.
|
2011-11-03 09:06:54 +11:00
|
|
|
func TsigVerify(msg []byte, secret, requestMAC string, timersOnly bool) error {
|
2011-04-19 19:31:47 +10:00
|
|
|
rawsecret, err := packBase64([]byte(secret))
|
2011-03-21 06:55:27 +11:00
|
|
|
if err != nil {
|
2011-09-11 00:50:27 +10:00
|
|
|
return err
|
2011-03-21 06:55:27 +11:00
|
|
|
}
|
2011-04-23 00:37:26 +10:00
|
|
|
// Srtip the TSIG from the incoming msg
|
2011-04-19 19:31:47 +10:00
|
|
|
stripped, tsig, err := stripTsig(msg)
|
2011-03-26 00:46:30 +11:00
|
|
|
if err != nil {
|
2011-09-11 00:50:27 +10:00
|
|
|
return err
|
2011-03-21 06:55:27 +11:00
|
|
|
}
|
|
|
|
|
2011-09-11 09:10:47 +10:00
|
|
|
buf := tsigBuffer(stripped, tsig, requestMAC, timersOnly)
|
2011-09-11 20:41:54 +10:00
|
|
|
|
2011-12-09 21:16:49 +11:00
|
|
|
ti := uint64(time.Now().Unix()) - tsig.TimeSigned
|
2011-11-03 09:06:54 +11:00
|
|
|
if uint64(tsig.Fudge) < ti {
|
|
|
|
return ErrTime
|
|
|
|
}
|
2011-03-22 03:43:03 +11:00
|
|
|
|
2012-01-28 10:35:37 +11:00
|
|
|
var h hash.Hash
|
|
|
|
switch tsig.Algorithm {
|
|
|
|
case HmacMD5:
|
|
|
|
h = hmac.New(md5.New, []byte(rawsecret))
|
|
|
|
case HmacSHA1:
|
|
|
|
h = hmac.New(sha1.New, []byte(rawsecret))
|
|
|
|
case HmacSHA256:
|
|
|
|
h = hmac.New(sha256.New, []byte(rawsecret))
|
|
|
|
default:
|
|
|
|
return ErrKeyAlg
|
|
|
|
}
|
2011-03-21 06:55:27 +11:00
|
|
|
io.WriteString(h, string(buf))
|
2011-12-09 21:16:49 +11:00
|
|
|
if strings.ToUpper(hex.EncodeToString(h.Sum(nil))) != strings.ToUpper(tsig.MAC) {
|
2011-11-03 09:06:54 +11:00
|
|
|
return ErrSig
|
|
|
|
}
|
|
|
|
return nil
|
2011-01-26 08:29:48 +11:00
|
|
|
}
|
|
|
|
|
2011-03-24 05:07:06 +11:00
|
|
|
// Create a wiredata buffer for the MAC calculation.
|
2011-09-11 09:10:47 +10:00
|
|
|
func tsigBuffer(msgbuf []byte, rr *RR_TSIG, requestMAC string, timersOnly bool) []byte {
|
2012-03-06 08:03:18 +11:00
|
|
|
var buf []byte
|
2011-04-23 00:37:26 +10:00
|
|
|
if rr.TimeSigned == 0 {
|
2011-12-09 21:16:49 +11:00
|
|
|
rr.TimeSigned = uint64(time.Now().Unix())
|
2011-04-23 00:37:26 +10:00
|
|
|
}
|
|
|
|
if rr.Fudge == 0 {
|
2011-11-03 09:06:54 +11:00
|
|
|
rr.Fudge = 300 // Standard (RFC) default.
|
2011-04-23 00:37:26 +10:00
|
|
|
}
|
2011-03-21 06:55:27 +11:00
|
|
|
|
2011-04-23 00:37:26 +10:00
|
|
|
if requestMAC != "" {
|
2011-03-21 06:55:27 +11:00
|
|
|
m := new(macWireFmt)
|
2011-04-23 00:37:26 +10:00
|
|
|
m.MACSize = uint16(len(requestMAC) / 2)
|
|
|
|
m.MAC = requestMAC
|
2012-05-06 01:37:48 +10:00
|
|
|
buf = make([]byte, len(requestMAC)) // long enough
|
2012-08-21 02:03:15 +10:00
|
|
|
n, _ := PackStruct(m, buf, 0)
|
2012-03-06 08:03:18 +11:00
|
|
|
buf = buf[:n]
|
2011-03-21 06:55:27 +11:00
|
|
|
}
|
|
|
|
|
|
|
|
tsigvar := make([]byte, DefaultMsgSize)
|
2011-04-19 06:08:12 +10:00
|
|
|
if timersOnly {
|
2011-03-21 21:39:04 +11:00
|
|
|
tsig := new(timerWireFmt)
|
2011-04-19 06:08:12 +10:00
|
|
|
tsig.TimeSigned = rr.TimeSigned
|
|
|
|
tsig.Fudge = rr.Fudge
|
2012-08-21 02:03:15 +10:00
|
|
|
n, _ := PackStruct(tsig, tsigvar, 0)
|
2011-03-21 06:55:27 +11:00
|
|
|
tsigvar = tsigvar[:n]
|
|
|
|
} else {
|
2011-03-21 21:39:04 +11:00
|
|
|
tsig := new(tsigWireFmt)
|
2011-04-19 06:08:12 +10:00
|
|
|
tsig.Name = strings.ToLower(rr.Hdr.Name)
|
2011-03-21 21:39:04 +11:00
|
|
|
tsig.Class = ClassANY
|
2011-04-23 00:37:26 +10:00
|
|
|
tsig.Ttl = rr.Hdr.Ttl
|
2011-04-19 06:08:12 +10:00
|
|
|
tsig.Algorithm = strings.ToLower(rr.Algorithm)
|
|
|
|
tsig.TimeSigned = rr.TimeSigned
|
|
|
|
tsig.Fudge = rr.Fudge
|
2011-04-23 00:37:26 +10:00
|
|
|
tsig.Error = rr.Error
|
|
|
|
tsig.OtherLen = rr.OtherLen
|
|
|
|
tsig.OtherData = rr.OtherData
|
2012-08-21 02:03:15 +10:00
|
|
|
n, _ := PackStruct(tsig, tsigvar, 0)
|
2011-03-21 06:55:27 +11:00
|
|
|
tsigvar = tsigvar[:n]
|
|
|
|
}
|
2012-03-06 08:03:18 +11:00
|
|
|
|
|
|
|
if requestMAC != "" {
|
|
|
|
x := append(buf, msgbuf...)
|
2011-03-21 06:55:27 +11:00
|
|
|
buf = append(x, tsigvar...)
|
|
|
|
} else {
|
2011-04-19 06:08:12 +10:00
|
|
|
buf = append(msgbuf, tsigvar...)
|
2011-03-21 06:55:27 +11:00
|
|
|
}
|
2011-09-11 09:10:47 +10:00
|
|
|
return buf
|
2011-03-21 06:55:27 +11:00
|
|
|
}
|
2011-04-19 19:31:47 +10:00
|
|
|
|
|
|
|
// Strip the TSIG from the raw message
|
2011-11-03 09:06:54 +11:00
|
|
|
func stripTsig(msg []byte) ([]byte, *RR_TSIG, error) {
|
2011-03-16 04:43:05 +11:00
|
|
|
// Copied from msg.go's Unpack()
|
|
|
|
// Header.
|
|
|
|
var dh Header
|
2012-10-10 06:17:54 +11:00
|
|
|
var err error
|
2011-03-16 04:43:05 +11:00
|
|
|
dns := new(Msg)
|
2011-04-23 00:37:26 +10:00
|
|
|
rr := new(RR_TSIG)
|
2011-03-16 04:43:05 +11:00
|
|
|
off := 0
|
|
|
|
tsigoff := 0
|
2012-10-11 07:17:50 +11:00
|
|
|
if off, err = UnpackStruct(&dh, msg, off); err != nil {
|
2012-10-10 06:17:54 +11:00
|
|
|
return nil, nil, err
|
2011-03-16 04:43:05 +11:00
|
|
|
}
|
|
|
|
if dh.Arcount == 0 {
|
2011-04-19 19:31:47 +10:00
|
|
|
return nil, nil, ErrNoSig
|
2011-03-16 04:43:05 +11:00
|
|
|
}
|
2011-04-23 00:37:26 +10:00
|
|
|
// Rcode, see msg.go Unpack()
|
|
|
|
if int(dh.Bits&0xF) == RcodeNotAuth {
|
|
|
|
return nil, nil, ErrAuth
|
|
|
|
}
|
2011-03-16 04:43:05 +11:00
|
|
|
|
|
|
|
// Arrays.
|
|
|
|
dns.Question = make([]Question, dh.Qdcount)
|
|
|
|
dns.Answer = make([]RR, dh.Ancount)
|
|
|
|
dns.Ns = make([]RR, dh.Nscount)
|
|
|
|
dns.Extra = make([]RR, dh.Arcount)
|
|
|
|
|
|
|
|
for i := 0; i < len(dns.Question); i++ {
|
2012-10-10 06:17:54 +11:00
|
|
|
off, err = UnpackStruct(&dns.Question[i], msg, off)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
2011-03-16 04:43:05 +11:00
|
|
|
}
|
|
|
|
for i := 0; i < len(dns.Answer); i++ {
|
2012-10-10 06:17:54 +11:00
|
|
|
dns.Answer[i], off, err = UnpackRR(msg, off)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
2011-03-16 04:43:05 +11:00
|
|
|
}
|
|
|
|
for i := 0; i < len(dns.Ns); i++ {
|
2012-10-10 06:17:54 +11:00
|
|
|
dns.Ns[i], off, err = UnpackRR(msg, off)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
2011-03-16 04:43:05 +11:00
|
|
|
}
|
|
|
|
for i := 0; i < len(dns.Extra); i++ {
|
|
|
|
tsigoff = off
|
2012-10-10 06:17:54 +11:00
|
|
|
dns.Extra[i], off, err = UnpackRR(msg, off)
|
|
|
|
if err != nil {
|
|
|
|
return nil, nil, err
|
|
|
|
}
|
2011-03-16 04:43:05 +11:00
|
|
|
if dns.Extra[i].Header().Rrtype == TypeTSIG {
|
2011-04-23 00:37:26 +10:00
|
|
|
rr = dns.Extra[i].(*RR_TSIG)
|
2011-03-16 04:43:05 +11:00
|
|
|
// Adjust Arcount.
|
|
|
|
arcount, _ := unpackUint16(msg, 10)
|
|
|
|
msg[10], msg[11] = packUint16(arcount - 1)
|
|
|
|
break
|
|
|
|
}
|
|
|
|
}
|
2011-04-23 00:37:26 +10:00
|
|
|
if rr == nil {
|
2011-04-19 19:31:47 +10:00
|
|
|
return nil, nil, ErrNoSig
|
2011-04-23 00:37:26 +10:00
|
|
|
}
|
2011-04-19 19:31:47 +10:00
|
|
|
return msg[:tsigoff], rr, nil
|
2011-03-16 02:18:13 +11:00
|
|
|
}
|
2012-03-03 09:12:23 +11:00
|
|
|
|
|
|
|
// Translate the TSIG time signed into a date. There is no
|
|
|
|
// need for RFC1982 calculations as this date is 48 bits.
|
2012-09-12 05:45:21 +10:00
|
|
|
func tsigTimeToString(t uint64) string {
|
2012-03-06 08:03:18 +11:00
|
|
|
ti := time.Unix(int64(t), 0).UTC()
|
|
|
|
return ti.Format("20060102150405")
|
2012-03-03 09:12:23 +11:00
|
|
|
}
|