Make tsigGenerateProvider/TsigVerifyProvider public (#1382)
Make it public as TsigGenerateWithProvider and update the docs a little. And TsigVerifyWithProvider also - tweak those docs also a little. Signed-off-by: Miek Gieben <miek@miek.nl>
This commit is contained in:
parent
ff611cdc4b
commit
69924a02cf
|
@ -280,7 +280,7 @@ func (co *Conn) ReadMsg() (*Msg, error) {
|
||||||
}
|
}
|
||||||
if t := m.IsTsig(); t != nil {
|
if t := m.IsTsig(); t != nil {
|
||||||
// Need to work on the original message p, as that was used to calculate the tsig.
|
// Need to work on the original message p, as that was used to calculate the tsig.
|
||||||
err = tsigVerifyProvider(p, co.tsigProvider(), co.tsigRequestMAC, false)
|
err = TsigVerifyWithProvider(p, co.tsigProvider(), co.tsigRequestMAC, false)
|
||||||
}
|
}
|
||||||
return m, err
|
return m, err
|
||||||
}
|
}
|
||||||
|
@ -358,7 +358,7 @@ func (co *Conn) WriteMsg(m *Msg) (err error) {
|
||||||
var out []byte
|
var out []byte
|
||||||
if t := m.IsTsig(); t != nil {
|
if t := m.IsTsig(); t != nil {
|
||||||
// Set tsigRequestMAC for the next read, although only used in zone transfers.
|
// Set tsigRequestMAC for the next read, although only used in zone transfers.
|
||||||
out, co.tsigRequestMAC, err = tsigGenerateProvider(m, co.tsigProvider(), co.tsigRequestMAC, false)
|
out, co.tsigRequestMAC, err = TsigGenerateWithProvider(m, co.tsigProvider(), co.tsigRequestMAC, false)
|
||||||
} else {
|
} else {
|
||||||
out, err = m.Pack()
|
out, err = m.Pack()
|
||||||
}
|
}
|
||||||
|
|
|
@ -646,7 +646,7 @@ func (srv *Server) serveDNS(m []byte, w *response) {
|
||||||
w.tsigStatus = nil
|
w.tsigStatus = nil
|
||||||
if w.tsigProvider != nil {
|
if w.tsigProvider != nil {
|
||||||
if t := req.IsTsig(); t != nil {
|
if t := req.IsTsig(); t != nil {
|
||||||
w.tsigStatus = tsigVerifyProvider(m, w.tsigProvider, "", false)
|
w.tsigStatus = TsigVerifyWithProvider(m, w.tsigProvider, "", false)
|
||||||
w.tsigTimersOnly = false
|
w.tsigTimersOnly = false
|
||||||
w.tsigRequestMAC = t.MAC
|
w.tsigRequestMAC = t.MAC
|
||||||
}
|
}
|
||||||
|
@ -728,7 +728,7 @@ func (w *response) WriteMsg(m *Msg) (err error) {
|
||||||
var data []byte
|
var data []byte
|
||||||
if w.tsigProvider != nil { // if no provider, dont check for the tsig (which is a longer check)
|
if w.tsigProvider != nil { // if no provider, dont check for the tsig (which is a longer check)
|
||||||
if t := m.IsTsig(); t != nil {
|
if t := m.IsTsig(); t != nil {
|
||||||
data, w.tsigRequestMAC, err = tsigGenerateProvider(m, w.tsigProvider, w.tsigRequestMAC, w.tsigTimersOnly)
|
data, w.tsigRequestMAC, err = TsigGenerateWithProvider(m, w.tsigProvider, w.tsigRequestMAC, w.tsigTimersOnly)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
return err
|
return err
|
||||||
}
|
}
|
||||||
|
|
26
tsig.go
26
tsig.go
|
@ -158,18 +158,17 @@ type timerWireFmt struct {
|
||||||
}
|
}
|
||||||
|
|
||||||
// TsigGenerate fills out the TSIG record attached to the message.
|
// TsigGenerate fills out the TSIG record attached to the message.
|
||||||
// The message should contain
|
// The message should contain a "stub" TSIG RR with the algorithm, key name
|
||||||
// a "stub" TSIG RR with the algorithm, key name (owner name of the RR),
|
// (owner name of the RR), time fudge (defaults to 300 seconds) and the current
|
||||||
// time fudge (defaults to 300 seconds) and the current time
|
// time The TSIG MAC is saved in that Tsig RR. When TsigGenerate is called for
|
||||||
// The TSIG MAC is saved in that Tsig RR.
|
// the first time requestMAC should be set to the empty string and timersOnly to
|
||||||
// When TsigGenerate is called for the first time requestMAC is set to the empty string and
|
// false.
|
||||||
// timersOnly is false.
|
|
||||||
// If something goes wrong an error is returned, otherwise it is nil.
|
|
||||||
func TsigGenerate(m *Msg, secret, requestMAC string, timersOnly bool) ([]byte, string, error) {
|
func TsigGenerate(m *Msg, secret, requestMAC string, timersOnly bool) ([]byte, string, error) {
|
||||||
return tsigGenerateProvider(m, tsigHMACProvider(secret), requestMAC, timersOnly)
|
return TsigGenerateWithProvider(m, tsigHMACProvider(secret), requestMAC, timersOnly)
|
||||||
}
|
}
|
||||||
|
|
||||||
func tsigGenerateProvider(m *Msg, provider TsigProvider, requestMAC string, timersOnly bool) ([]byte, string, error) {
|
// TsigGenerateWithProvider is similar to TsigGenerate, but allows for a custom TsigProvider.
|
||||||
|
func TsigGenerateWithProvider(m *Msg, provider TsigProvider, requestMAC string, timersOnly bool) ([]byte, string, error) {
|
||||||
if m.IsTsig() == nil {
|
if m.IsTsig() == nil {
|
||||||
panic("dns: TSIG not last RR in additional")
|
panic("dns: TSIG not last RR in additional")
|
||||||
}
|
}
|
||||||
|
@ -216,14 +215,15 @@ func tsigGenerateProvider(m *Msg, provider TsigProvider, requestMAC string, time
|
||||||
return mbuf, t.MAC, nil
|
return mbuf, t.MAC, nil
|
||||||
}
|
}
|
||||||
|
|
||||||
// TsigVerify verifies the TSIG on a message.
|
// TsigVerify verifies the TSIG on a message. If the signature does not
|
||||||
// If the signature does not validate err contains the
|
// validate the returned error contains the cause. If the signature is OK, the
|
||||||
// error, otherwise it is nil.
|
// error is nil.
|
||||||
func TsigVerify(msg []byte, secret, requestMAC string, timersOnly bool) error {
|
func TsigVerify(msg []byte, secret, requestMAC string, timersOnly bool) error {
|
||||||
return tsigVerify(msg, tsigHMACProvider(secret), requestMAC, timersOnly, uint64(time.Now().Unix()))
|
return tsigVerify(msg, tsigHMACProvider(secret), requestMAC, timersOnly, uint64(time.Now().Unix()))
|
||||||
}
|
}
|
||||||
|
|
||||||
func tsigVerifyProvider(msg []byte, provider TsigProvider, requestMAC string, timersOnly bool) error {
|
// TsigVerifyWithProvider is similar to TsigVerify, but allows for a custom TsigProvider.
|
||||||
|
func TsigVerifyWithProvider(msg []byte, provider TsigProvider, requestMAC string, timersOnly bool) error {
|
||||||
return tsigVerify(msg, provider, requestMAC, timersOnly, uint64(time.Now().Unix()))
|
return tsigVerify(msg, provider, requestMAC, timersOnly, uint64(time.Now().Unix()))
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -354,7 +354,7 @@ func TestTsigGenerateProvider(t *testing.T) {
|
||||||
Extra: []RR{&tsig},
|
Extra: []RR{&tsig},
|
||||||
}
|
}
|
||||||
|
|
||||||
_, mac, err := tsigGenerateProvider(req, new(testProvider), "", false)
|
_, mac, err := TsigGenerateWithProvider(req, new(testProvider), "", false)
|
||||||
if err != table.err {
|
if err != table.err {
|
||||||
t.Fatalf("error doesn't match: expected '%s' but got '%s'", table.err, err)
|
t.Fatalf("error doesn't match: expected '%s' but got '%s'", table.err, err)
|
||||||
}
|
}
|
||||||
|
@ -397,7 +397,7 @@ func TestTsigVerifyProvider(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
provider := &testProvider{true}
|
provider := &testProvider{true}
|
||||||
msgData, _, err := tsigGenerateProvider(req, provider, "", false)
|
msgData, _, err := TsigGenerateWithProvider(req, provider, "", false)
|
||||||
if err != nil {
|
if err != nil {
|
||||||
t.Error(err)
|
t.Error(err)
|
||||||
}
|
}
|
||||||
|
|
4
xfr.go
4
xfr.go
|
@ -237,7 +237,7 @@ func (t *Transfer) ReadMsg() (*Msg, error) {
|
||||||
}
|
}
|
||||||
if ts, tp := m.IsTsig(), t.tsigProvider(); ts != nil && tp != nil {
|
if ts, tp := m.IsTsig(), t.tsigProvider(); ts != nil && tp != nil {
|
||||||
// Need to work on the original message p, as that was used to calculate the tsig.
|
// Need to work on the original message p, as that was used to calculate the tsig.
|
||||||
err = tsigVerifyProvider(p, tp, t.tsigRequestMAC, t.tsigTimersOnly)
|
err = TsigVerifyWithProvider(p, tp, t.tsigRequestMAC, t.tsigTimersOnly)
|
||||||
t.tsigRequestMAC = ts.MAC
|
t.tsigRequestMAC = ts.MAC
|
||||||
}
|
}
|
||||||
return m, err
|
return m, err
|
||||||
|
@ -247,7 +247,7 @@ func (t *Transfer) ReadMsg() (*Msg, error) {
|
||||||
func (t *Transfer) WriteMsg(m *Msg) (err error) {
|
func (t *Transfer) WriteMsg(m *Msg) (err error) {
|
||||||
var out []byte
|
var out []byte
|
||||||
if ts, tp := m.IsTsig(), t.tsigProvider(); ts != nil && tp != nil {
|
if ts, tp := m.IsTsig(), t.tsigProvider(); ts != nil && tp != nil {
|
||||||
out, t.tsigRequestMAC, err = tsigGenerateProvider(m, tp, t.tsigRequestMAC, t.tsigTimersOnly)
|
out, t.tsigRequestMAC, err = TsigGenerateWithProvider(m, tp, t.tsigRequestMAC, t.tsigTimersOnly)
|
||||||
} else {
|
} else {
|
||||||
out, err = m.Pack()
|
out, err = m.Pack()
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue