Created
January 26, 2015 19:10
-
-
Save cmouse/9f9998562343d6c231b3 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#include "config.h" | |
#include "namespaces.hh" | |
#include "dns.hh" | |
#include "dnsparser.hh" | |
#include "dnspacket.hh" | |
#include "dnsrecords.hh" | |
#include "tkey.hh" | |
#include <boost/foreach.hpp> | |
#include <boost/shared_ptr.hpp> | |
using namespace std; | |
void pdns_tkey_handler(DNSPacket *p, DNSPacket *r) { | |
DNSResourceRecord* tkey_rr = NULL; | |
boost::shared_ptr<TKEYRecordContent> tkey_in,tkey_out; | |
BOOST_FOREACH(DNSResourceRecord& drc, p->getRRS()) { | |
if (drc.qtype == QType::TKEY) { | |
if (tkey_rr != NULL) | |
throw PDNSException("Found more than 1 TKEY RR's in question"); | |
tkey_rr = &drc; | |
} | |
} | |
if (tkey_rr == NULL) | |
throw PDNSException("TKEY request but no TKEY RR found"); | |
tkey_in = boost::shared_ptr<TKEYRecordContent>(dynamic_cast<TKEYRecordContent*>(DNSRecordContent::mastermake(tkey_rr->qtype.getCode(), tkey_rr->qclass, tkey_rr->content))); | |
tkey_out->d_error = 0; | |
tkey_out->d_mode = tkey_in->d_mode; | |
tkey_out->d_name = tkey_in->d_name; | |
if (tkey_in->d_mode == 3) { | |
#ifdef ENABLE_GSS_TSIG | |
tkey_out->d_error = 19; // BADMODE | |
#else | |
tkey_out->d_error = 19; // BADMODE | |
#endif | |
} else if (tkey_in->d_mode == 5) { | |
if (p->d_havetsig == false) { // unauthenticated | |
if (p->d.opcode == Opcode::Update) | |
r->setRcode(RCode::Refused); | |
else | |
r->setRcode(RCode::NotAuth); | |
return; | |
} | |
// remove context | |
#ifdef ENABLE_GSS_TSIG | |
// pdns_gss_delete_ctx(tkey->d_key); | |
tkey_out->d_error = 0; | |
#else | |
// sorry, return failure | |
tkey_out->d_error = 20; // BADNAME (because we have no support for anything here) | |
#endif | |
} else { | |
if (p->d_havetsig == false && tkey_in->d_mode != 2) { // unauthenticated | |
if (p->d.opcode == Opcode::Update) | |
r->setRcode(RCode::Refused); | |
else | |
r->setRcode(RCode::NotAuth); | |
return; | |
} | |
tkey_out->d_error = 19; // BADMODE | |
} | |
DNSRecord rec; | |
rec.d_label = tkey_rr->qname; | |
rec.d_ttl = 0; | |
rec.d_type = QType::TKEY; | |
rec.d_class = QClass::IN; | |
rec.d_content = tkey_out; | |
DNSResourceRecord rr(rec); | |
r->addRecord(rr); | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment