More server side TSIG stuff - does not validate (yet)
This commit is contained in:
parent
c53cddf38c
commit
4f61f8621b
|
@ -84,12 +84,13 @@ func (dns *Msg) SetAxfr(z string) {
|
|||
// This is only a skeleton Tsig RR that is added as the last RR in the
|
||||
// additional section. The Tsig is calculated when the message is being
|
||||
// send.
|
||||
func (dns *Msg) SetTsig(z, algo string, fudge uint16, timesigned int64) {
|
||||
func (dns *Msg) SetTsig(z, algo string, fudge, origid uint16, timesigned int64) {
|
||||
t := new(RR_TSIG)
|
||||
t.Hdr = RR_Header{z, TypeTSIG, ClassANY, 0, 0}
|
||||
t.Algorithm = algo
|
||||
t.Fudge = 300
|
||||
t.TimeSigned = uint64(timesigned)
|
||||
t.OrigId = origid
|
||||
dns.Extra = append(dns.Extra, t)
|
||||
}
|
||||
|
||||
|
|
|
@ -18,6 +18,7 @@ func main() {
|
|||
client := dns.NewClient()
|
||||
client.Net = "tcp"
|
||||
m := new(dns.Msg)
|
||||
m.MsgHdr.Id = dns.Id()
|
||||
if *serial > 0 {
|
||||
m.SetIxfr(zone, uint32(*serial))
|
||||
} else {
|
||||
|
@ -27,7 +28,7 @@ func main() {
|
|||
a := strings.SplitN(*tsig, ":", 2)
|
||||
name, secret := a[0], a[1]
|
||||
client.TsigSecret = map[string]string{name: secret}
|
||||
m.SetTsig(name, dns.HmacMD5, 300, time.Now().Unix())
|
||||
m.SetTsig(name, dns.HmacMD5, 300, m.MsgHdr.Id, time.Now().Unix())
|
||||
}
|
||||
|
||||
if err := client.XfrReceive(m, *nameserver); err == nil {
|
||||
|
|
|
@ -13,7 +13,6 @@ import (
|
|||
var dnskey *dns.RR_DNSKEY
|
||||
|
||||
func q(w dns.RequestWriter, m *dns.Msg) {
|
||||
// Access this here, w.TsigStatus (for message m?)
|
||||
if err := w.Send(m); err != nil {
|
||||
fmt.Printf("%s\n", err.Error())
|
||||
w.Write(nil)
|
||||
|
@ -25,6 +24,9 @@ func q(w dns.RequestWriter, m *dns.Msg) {
|
|||
w.Write(nil)
|
||||
return
|
||||
}
|
||||
if w.TsigStatus() != nil {
|
||||
fmt.Printf(";; Couldn't verify TSIG signature: %s\n", w.TsigStatus().Error())
|
||||
}
|
||||
w.Write(r)
|
||||
}
|
||||
|
||||
|
@ -166,10 +168,10 @@ Flags:
|
|||
// Add tsig
|
||||
if *tsig != "" {
|
||||
if algo, name, secret, ok := tsigKeyParse(*tsig); ok {
|
||||
m.SetTsig(name, algo, 300, time.Now().Unix())
|
||||
m.SetTsig(name, algo, 300, m.MsgHdr.Id, time.Now().Unix())
|
||||
c.TsigSecret = map[string]string{name: secret}
|
||||
} else {
|
||||
fmt.Fprintf(os.Stderr, "TSIG key error\n")
|
||||
fmt.Fprintf(os.Stderr, "tsig key data error\n")
|
||||
return
|
||||
}
|
||||
}
|
||||
|
|
|
@ -90,15 +90,13 @@ func handleReflect(w dns.ResponseWriter, r *dns.Msg) {
|
|||
println("Checking TSIG")
|
||||
if w.TsigStatus() == nil {
|
||||
println("TSIG OK")
|
||||
m.SetTsig(r.Extra[len(r.Extra)-1].(*dns.RR_TSIG).Hdr.Name, dns.HmacMD5, 300, time.Now().Unix())
|
||||
m.SetTsig(r.Extra[len(r.Extra)-1].(*dns.RR_TSIG).Hdr.Name, dns.HmacMD5, 300, r.MsgHdr.Id, time.Now().Unix())
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if *printf {
|
||||
fmt.Printf("%v\n", m.String())
|
||||
}
|
||||
w.Write(m) // Discard the error?
|
||||
w.Write(m)
|
||||
}
|
||||
|
||||
func serve(net, name, secret string) {
|
||||
|
|
20
server.go
20
server.go
|
@ -337,11 +337,21 @@ func (c *conn) serve() {
|
|||
}
|
||||
}
|
||||
|
||||
func (w *response) Write(m *Msg) error {
|
||||
//data []byte) (n int, err error) {
|
||||
data, ok := m.Pack()
|
||||
if !ok {
|
||||
return ErrPack
|
||||
func (w *response) Write(m *Msg) (err error) {
|
||||
var (
|
||||
data []byte
|
||||
ok bool
|
||||
)
|
||||
if m.IsTsig() {
|
||||
data, w.tsigRequestMAC, err = TsigGenerate(m, w.conn.tsigSecret[m.Extra[len(m.Extra)-1].(*RR_TSIG).Hdr.Name], w.tsigRequestMAC, w.tsigTimersOnly)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
} else {
|
||||
data, ok = m.Pack()
|
||||
if !ok {
|
||||
return ErrPack
|
||||
}
|
||||
}
|
||||
switch {
|
||||
case w.conn._UDP != nil:
|
||||
|
|
Loading…
Reference in New Issue