From 1744a808501848e82dd7c446e7ed78a0eb9b58a6 Mon Sep 17 00:00:00 2001
From: Miek Gieben <miek@miek.nl>
Date: Sun, 4 Mar 2012 14:47:20 +0100
Subject: [PATCH] add a TsigStatus to the client as well

Bring server and client side more inline
with each other. For a client we also
use TsigStatus() to retrieve the tsig info.
---
 client.go | 17 ++++++++++-------
 dnssec.go |  3 ++-
 ex/q/q.go |  1 +
 server.go |  3 ++-
 4 files changed, 15 insertions(+), 9 deletions(-)

diff --git a/client.go b/client.go
index d941682b..dca190bb 100644
--- a/client.go
+++ b/client.go
@@ -24,11 +24,12 @@ type QueryHandler interface {
 // The RequestWriter interface is used by a DNS query handler to
 // construct a DNS request.
 type RequestWriter interface {
-	Write(*Msg)
+	// Write ??
 	Send(*Msg) error
 	Receive() (*Msg, error)
 	Close() error
 	Dial() error
+	TsigStatus() error
 }
 
 // hijacked connections...?
@@ -39,7 +40,7 @@ type reply struct {
 	conn           net.Conn
 	tsigRequestMAC string
 	tsigTimersOnly bool
-	tsigStatus     int
+	tsigStatus     error
 }
 
 // A Request is a incoming message from a Client.
@@ -281,6 +282,10 @@ func (w *reply) Request() *Msg {
 	return w.req
 }
 
+func (w *reply) TsigStatus() error {
+	return w.tsigStatus
+}
+
 func (w *reply) Receive() (*Msg, error) {
 	var p []byte
 	m := new(Msg)
@@ -301,13 +306,11 @@ func (w *reply) Receive() (*Msg, error) {
 	if m.IsTsig() {
 		secret := m.Extra[len(m.Extra)-1].(*RR_TSIG).Hdr.Name
 		if _, ok := w.Client().TsigSecret[secret]; !ok {
-			return m, ErrSecret
+			w.tsigStatus = ErrSecret
+			return m, nil
 		}
 		// Need to work on the original message p, as that was used to calculate the tsig.
-		err := TsigVerify(p, w.Client().TsigSecret[secret], w.tsigRequestMAC, w.tsigTimersOnly)
-		if err != nil {
-			return m, err
-		}
+		w.tsigStatus = TsigVerify(p, w.Client().TsigSecret[secret], w.tsigRequestMAC, w.tsigTimersOnly)
 	}
 	return m, nil
 }
diff --git a/dnssec.go b/dnssec.go
index 2e140948..f94b22c3 100644
--- a/dnssec.go
+++ b/dnssec.go
@@ -424,7 +424,8 @@ func (k *RR_DNSKEY) pubKeyRSA() *rsa.PublicKey {
 	// Remainder
 	expo += uint64(keybuf[keyoff])
 	if expo > 2<<31 {
-		// Larger expo than supported
+		// Larger expo than supported.
+		// println("dns: F5 primes (or larger) are not supported")
 		return nil
 	}
 	pubkey.E = int(expo)
diff --git a/ex/q/q.go b/ex/q/q.go
index ccd1366e..b1117c28 100644
--- a/ex/q/q.go
+++ b/ex/q/q.go
@@ -13,6 +13,7 @@ import (
 var dnskey *dns.RR_DNSKEY
 
 func q(w dns.RequestWriter, m *dns.Msg) {
+	// Access this here, w.TsigStatus (for message m?)
 	if err := w.Send(m); err != nil {
 		fmt.Printf("%s\n", err.Error())
 		w.Write(nil)
diff --git a/server.go b/server.go
index 782ea6c2..297baa82 100644
--- a/server.go
+++ b/server.go
@@ -90,7 +90,7 @@ func ListenAndServe(addr string, network string, handler Handler) error {
 }
 
 // Start a server on addresss and network speficied. Use the tsig
-// secrets for Tsig validation.
+// secrets for Tsig validation. 
 // Invoke handler for any incoming queries.
 func ListenAndServeTsig(addr string, network string, handler Handler, tsig map[string]string) error {
 	server := &Server{Addr: addr, Net: network, Handler: handler, TsigSecret: tsig}
@@ -321,6 +321,7 @@ func (c *conn) serve() {
 			if _, ok := w.conn.tsigSecret[secret]; !ok {
 				w.tsigStatus = ErrKeyAlg
 			}
+			// Do I *ever* need Tsig.Mac here? Or timersOnly? TODO(mg)
 			w.tsigStatus = TsigVerify(c.request, w.conn.tsigSecret[secret], "", false)
 		}
 		w.req = req