static void
sendquery(isc_task_t *task, isc_event_t *event) {
struct in_addr inaddr;
isc_sockaddr_t address;
isc_result_t result;
dns_message_t *query;
dns_request_t *request;
isc_event_free(&event);
result = ISC_R_FAILURE;
if (inet_pton(AF_INET, "10.53.0.1", &inaddr) != 1)
CHECK("inet_pton", result);
isc_sockaddr_fromin(&address, &inaddr, PORT);
query = NULL;
result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &query);
CHECK("dns_message_create", result);
result = dns_tkey_builddeletequery(query, tsigkey);
CHECK("dns_tkey_builddeletequery", result);
request = NULL;
result = dns_request_create(requestmgr, query, &address,
0, tsigkey, TIMEOUT, task,
recvquery, query, &request);
CHECK("dns_request_create", result);
}
static isc_result_t
sendquery(isc_task_t *task) {
dns_request_t *request;
dns_message_t *message;
dns_name_t *qname;
dns_rdataset_t *qrdataset;
isc_result_t result;
dns_fixedname_t queryname;
isc_buffer_t buf;
static char host[256];
int c;
c = scanf("%255s", host);
if (c == EOF)
return ISC_R_NOMORE;
onfly++;
dns_fixedname_init(&queryname);
isc_buffer_init(&buf, host, strlen(host));
isc_buffer_add(&buf, strlen(host));
result = dns_name_fromtext(dns_fixedname_name(&queryname), &buf,
dns_rootname, 0, NULL);
CHECK("dns_name_fromtext", result);
message = NULL;
result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &message);
CHECK("dns_message_create", result);
message->opcode = dns_opcode_query;
message->flags |= DNS_MESSAGEFLAG_RD;
message->rdclass = dns_rdataclass_in;
message->id = (unsigned short)(random() & 0xFFFF);
qname = NULL;
result = dns_message_gettempname(message, &qname);
CHECK("dns_message_gettempname", result);
qrdataset = NULL;
result = dns_message_gettemprdataset(message, &qrdataset);
CHECK("dns_message_gettemprdataset", result);
dns_name_init(qname, NULL);
dns_name_clone(dns_fixedname_name(&queryname), qname);
dns_rdataset_init(qrdataset);
dns_rdataset_makequestion(qrdataset, dns_rdataclass_in,
dns_rdatatype_a);
ISC_LIST_APPEND(qname->list, qrdataset, link);
dns_message_addname(message, qname, DNS_SECTION_QUESTION);
request = NULL;
result = dns_request_createvia(requestmgr, message,
have_src ? &srcaddr : NULL, &dstaddr,
DNS_REQUESTOPT_TCP|DNS_REQUESTOPT_SHARE,
NULL, TIMEOUT, task, recvresponse,
message, &request);
CHECK("dns_request_create", result);
return ISC_R_SUCCESS;
}
static void
recvquery(isc_task_t *task, isc_event_t *event) {
dns_requestevent_t *reqev = (dns_requestevent_t *)event;
isc_result_t result;
dns_message_t *query, *response;
char keyname[256];
isc_buffer_t keynamebuf;
int type;
UNUSED(task);
REQUIRE(reqev != NULL);
if (reqev->result != ISC_R_SUCCESS) {
fprintf(stderr, "I:request event result: %s\n",
isc_result_totext(reqev->result));
exit(-1);
}
query = reqev->ev_arg;
response = NULL;
result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &response);
CHECK("dns_message_create", result);
result = dns_request_getresponse(reqev->request, response,
DNS_MESSAGEPARSE_PRESERVEORDER);
CHECK("dns_request_getresponse", result);
if (response->rcode != dns_rcode_noerror) {
result = ISC_RESULTCLASS_DNSRCODE + response->rcode;
fprintf(stderr, "I:response rcode: %s\n",
isc_result_totext(result));
exit(-1);
}
result = dns_tkey_processdhresponse(query, response, ourkey, &nonce,
&tsigkey, ring);
CHECK("dns_tkey_processdhresponse", result);
/*
* Yes, this is a hack.
*/
isc_buffer_init(&keynamebuf, keyname, sizeof(keyname));
result = dst_key_buildfilename(tsigkey->key, 0, "", &keynamebuf);
CHECK("dst_key_buildfilename", result);
printf("%.*s\n", (int)isc_buffer_usedlength(&keynamebuf),
(char *)isc_buffer_base(&keynamebuf));
type = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC | DST_TYPE_KEY;
result = dst_key_tofile(tsigkey->key, type, "");
CHECK("dst_key_tofile", result);
dns_message_destroy(&query);
dns_message_destroy(&response);
dns_request_destroy(&reqev->request);
isc_event_free(&event);
isc_app_shutdown();
return;
}
static void
recvresponse(isc_task_t *task, isc_event_t *event) {
dns_requestevent_t *reqev = (dns_requestevent_t *)event;
isc_result_t result;
dns_message_t *query, *response;
isc_buffer_t outbuf;
char output[1024];
UNUSED(task);
REQUIRE(reqev != NULL);
if (reqev->result != ISC_R_SUCCESS) {
fprintf(stderr, "I:request event result: %s\n",
isc_result_totext(reqev->result));
exit(-1);
}
query = reqev->ev_arg;
response = NULL;
result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &response);
CHECK("dns_message_create", result);
result = dns_request_getresponse(reqev->request, response,
DNS_MESSAGEPARSE_PRESERVEORDER);
CHECK("dns_request_getresponse", result);
if (response->rcode != dns_rcode_noerror) {
result = ISC_RESULTCLASS_DNSRCODE + response->rcode;
fprintf(stderr, "I:response rcode: %s\n",
isc_result_totext(result));
exit(-1);
}
if (response->counts[DNS_SECTION_ANSWER] != 1U) {
fprintf(stderr, "I:response answer count (%u!=1)\n",
response->counts[DNS_SECTION_ANSWER]);
}
isc_buffer_init(&outbuf, output, sizeof(output));
result = dns_message_sectiontotext(response, DNS_SECTION_ANSWER,
&dns_master_style_simple,
DNS_MESSAGETEXTFLAG_NOCOMMENTS,
&outbuf);
CHECK("dns_message_sectiontotext", result);
printf("%.*s", (int)isc_buffer_usedlength(&outbuf),
(char *)isc_buffer_base(&outbuf));
fflush(stdout);
dns_message_destroy(&query);
dns_message_destroy(&response);
dns_request_destroy(&reqev->request);
isc_event_free(&event);
if (--onfly == 0)
isc_app_shutdown();
return;
}
static void
recvresponse(isc_task_t *task, isc_event_t *event) {
dns_requestevent_t *reqev = (dns_requestevent_t *)event;
isc_result_t result, result2;
dns_message_t *query = NULL, *response = NULL;
isc_buffer_t outtoken;
isc_buffer_t outbuf;
char output[10 * 1024];
unsigned char array[DNS_NAME_MAXTEXT + 1];
isc_buffer_init(&outtoken, array, sizeof(array));
UNUSED(task);
REQUIRE(reqev != NULL);
query = reqev->ev_arg;
if (reqev->result != ISC_R_SUCCESS) {
fprintf(stderr, "I:request event result: %s\n",
isc_result_totext(reqev->result));
goto end;
}
response = NULL;
result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &response);
CHECK("dns_message_create", result);
printf("\nReceived Response:\n");
result2 = dns_request_getresponse(reqev->request, response,
DNS_MESSAGEPARSE_PRESERVEORDER);
isc_buffer_init(&outbuf, output, sizeof(output));
result = dns_message_totext(response, &dns_master_style_debug, 0,
&outbuf);
CHECK("dns_message_totext", result);
printf("%.*s\n", (int)isc_buffer_usedlength(&outbuf),
(char *)isc_buffer_base(&outbuf));
CHECK("dns_request_getresponse", result2);
if (response != NULL)
dns_message_destroy(&response);
end:
if (query != NULL)
dns_message_destroy(&query);
if (reqev->request != NULL)
dns_request_destroy(&reqev->request);
isc_event_free(&event);
event = isc_event_allocate(mctx, (void *)1, 1, console, NULL,
sizeof(*event));
isc_task_send(task, &event);
return;
}
static void
recvquery(isc_task_t *task, isc_event_t *event) {
dns_requestevent_t *reqev = (dns_requestevent_t *)event;
isc_result_t result;
dns_message_t *query, *response;
UNUSED(task);
REQUIRE(reqev != NULL);
if (reqev->result != ISC_R_SUCCESS) {
fprintf(stderr, "I:request event result: %s\n",
isc_result_totext(reqev->result));
exit(-1);
}
query = reqev->ev_arg;
response = NULL;
result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &response);
CHECK("dns_message_create", result);
result = dns_request_getresponse(reqev->request, response,
DNS_MESSAGEPARSE_PRESERVEORDER);
CHECK("dns_request_getresponse", result);
if (response->rcode != dns_rcode_noerror) {
result = ISC_RESULTCLASS_DNSRCODE + response->rcode;
fprintf(stderr, "I:response rcode: %s\n",
isc_result_totext(result));
exit(-1);
}
result = dns_tkey_processdeleteresponse(query, response, ring);
CHECK("dns_tkey_processdhresponse", result);
dns_message_destroy(&query);
dns_message_destroy(&response);
dns_request_destroy(&reqev->request);
isc_event_free(&event);
isc_app_shutdown();
return;
}
static void
recvdone(isc_task_t *task, isc_event_t *event) {
isc_socketevent_t *sevent = (isc_socketevent_t *)event;
isc_buffer_t source;
isc_result_t result;
dns_message_t *response;
REQUIRE(sevent != NULL);
REQUIRE(sevent->ev_type == ISC_SOCKEVENT_RECVDONE);
REQUIRE(task == task1);
printf("recvdone\n");
if (sevent->result != ISC_R_SUCCESS) {
printf("failed\n");
exit(-1);
}
isc_buffer_init(&source, sevent->region.base, sevent->region.length);
isc_buffer_add(&source, sevent->n);
response = NULL;
result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &response);
CHECK("dns_message_create", result);
result = dns_message_parse(response, &source, 0);
CHECK("dns_message_parse", result);
isc_buffer_init(&outbuf, output, sizeof(output));
result = dns_message_totext(response, style, 0, &outbuf);
CHECK("dns_message_totext", result);
printf("%.*s\n", (int)isc_buffer_usedlength(&outbuf),
(char *)isc_buffer_base(&outbuf));
dns_message_destroy(&response);
isc_event_free(&event);
isc_app_shutdown();
}
int
main(int argc, char *argv[]) {
int ch, i, gai_error;
struct addrinfo hints, *res;
isc_textregion_t tr;
dns_client_t *client = NULL;
isc_result_t result;
isc_sockaddr_t sa;
dns_message_t *qmessage, *rmessage;
dns_rdatatype_t type = dns_rdatatype_a;
isc_buffer_t *outputbuf;
while ((ch = getopt(argc, argv, "t:")) != -1) {
switch (ch) {
case 't':
tr.base = optarg;
tr.length = strlen(optarg);
result = dns_rdatatype_fromtext(&type, &tr);
if (result != ISC_R_SUCCESS) {
fprintf(stderr,
"invalid RRtype: %s\n", optarg);
exit(1);
}
break;
default:
usage();
}
}
argc -= optind;
argv += optind;
if (argc < 2)
usage();
isc_lib_register();
result = dns_lib_init();
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "dns_lib_init failed: %d\n", result);
exit(1);
}
result = dns_client_create(&client, 0);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "dns_client_create failed: %d\n", result);
exit(1);
}
/* Prepare message structures */
mctx = NULL;
qmessage = NULL;
rmessage = NULL;
result = isc_mem_create(0, 0, &mctx);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "failed to create a memory context\n");
exit(1);
}
result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &qmessage);
if (result == ISC_R_SUCCESS) {
result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE,
&rmessage);
}
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "failed to create messages\n");
exit(1);
}
/* Initialize the nameserver address */
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_DGRAM;
hints.ai_protocol = IPPROTO_UDP;
hints.ai_flags = AI_NUMERICHOST;
gai_error = getaddrinfo(argv[0], "53", &hints, &res);
if (gai_error != 0) {
fprintf(stderr, "getaddrinfo failed: %s\n",
gai_strerror(gai_error));
exit(1);
}
INSIST(res->ai_addrlen <= sizeof(sa.type));
memcpy(&sa.type, res->ai_addr, res->ai_addrlen);
freeaddrinfo(res);
sa.length = res->ai_addrlen;
ISC_LINK_INIT(&sa, link);
/* Construct qname */
result = make_querymessage(qmessage, argv[1], type);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "failed to create a query\n");
exit(1);
}
/* Send request and wait for a response */
result = dns_client_request(client, qmessage, rmessage, &sa, 0, 0,
NULL, 60, 0, 3);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "failed to get a response: %s\n",
dns_result_totext(result));
}
/* Dump the response */
outputbuf = NULL;
result = isc_buffer_allocate(mctx, &outputbuf, 65535);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "failed to allocate a result buffer\n");
exit(1);
}
for (i = 0; i < DNS_SECTION_MAX; i++) {
print_section(rmessage, i, outputbuf);
isc_buffer_clear(outputbuf);
}
isc_buffer_free(&outputbuf);
/* Cleanup */
dns_message_destroy(&qmessage);
dns_message_destroy(&rmessage);
isc_mem_destroy(&mctx);
dns_client_destroy(&client);
dns_lib_shutdown();
exit(0);
}
static void
buildquery(void) {
isc_result_t result;
dns_rdataset_t *question = NULL;
dns_name_t *qname = NULL;
isc_region_t r, inr;
dns_message_t *query;
char nametext[] = "host.example";
isc_buffer_t namesrc, namedst;
unsigned char namedata[256];
isc_sockaddr_t sa;
dns_compress_t cctx;
query = NULL;
result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &query);
CHECK("dns_message_create", result);
result = dns_message_setsig0key(query, key);
CHECK("dns_message_setsig0key", result);
result = dns_message_gettemprdataset(query, &question);
CHECK("dns_message_gettemprdataset", result);
dns_rdataset_init(question);
dns_rdataset_makequestion(question, dns_rdataclass_in,
dns_rdatatype_a);
result = dns_message_gettempname(query, &qname);
CHECK("dns_message_gettempname", result);
isc_buffer_init(&namesrc, nametext, strlen(nametext));
isc_buffer_add(&namesrc, strlen(nametext));
isc_buffer_init(&namedst, namedata, sizeof(namedata));
dns_name_init(qname, NULL);
result = dns_name_fromtext(qname, &namesrc, dns_rootname, ISC_FALSE,
&namedst);
CHECK("dns_name_fromtext", result);
ISC_LIST_APPEND(qname->list, question, link);
dns_message_addname(query, qname, DNS_SECTION_QUESTION);
isc_buffer_init(&qbuffer, qdata, sizeof(qdata));
result = dns_compress_init(&cctx, -1, mctx);
CHECK("dns_compress_init", result);
result = dns_message_renderbegin(query, &cctx, &qbuffer);
CHECK("dns_message_renderbegin", result);
result = dns_message_rendersection(query, DNS_SECTION_QUESTION, 0);
CHECK("dns_message_rendersection(question)", result);
result = dns_message_rendersection(query, DNS_SECTION_ANSWER, 0);
CHECK("dns_message_rendersection(answer)", result);
result = dns_message_rendersection(query, DNS_SECTION_AUTHORITY, 0);
CHECK("dns_message_rendersection(auth)", result);
result = dns_message_rendersection(query, DNS_SECTION_ADDITIONAL, 0);
CHECK("dns_message_rendersection(add)", result);
result = dns_message_renderend(query);
CHECK("dns_message_renderend", result);
dns_compress_invalidate(&cctx);
isc_buffer_init(&outbuf, output, sizeof(output));
result = dns_message_totext(query, style, 0, &outbuf);
CHECK("dns_message_totext", result);
printf("%.*s\n", (int)isc_buffer_usedlength(&outbuf),
(char *)isc_buffer_base(&outbuf));
isc_buffer_usedregion(&qbuffer, &r);
isc_sockaddr_any(&sa);
result = isc_socket_bind(s, &sa);
CHECK("isc_socket_bind", result);
result = isc_socket_sendto(s, &r, task1, senddone, NULL, &address,
NULL);
CHECK("isc_socket_sendto", result);
inr.base = rdata;
inr.length = sizeof(rdata);
result = isc_socket_recv(s, &inr, 1, task1, recvdone, NULL);
CHECK("isc_socket_recv", result);
dns_message_destroy(&query);
}
static void
sendquery(isc_task_t *task, isc_event_t *event) {
struct in_addr inaddr;
isc_sockaddr_t address;
isc_region_t r;
isc_result_t result;
dns_fixedname_t keyname;
dns_fixedname_t ownername;
isc_buffer_t namestr, keybuf;
unsigned char keydata[9];
dns_message_t *query;
dns_request_t *request;
static char keystr[] = "0123456789ab";
isc_event_free(&event);
result = ISC_R_FAILURE;
if (inet_pton(AF_INET, "10.53.0.1", &inaddr) != 1)
CHECK("inet_pton", result);
isc_sockaddr_fromin(&address, &inaddr, PORT);
dns_fixedname_init(&keyname);
isc_buffer_init(&namestr, "tkeytest.", 9);
isc_buffer_add(&namestr, 9);
result = dns_name_fromtext(dns_fixedname_name(&keyname), &namestr,
NULL, 0, NULL);
CHECK("dns_name_fromtext", result);
dns_fixedname_init(&ownername);
isc_buffer_init(&namestr, ownername_str, strlen(ownername_str));
isc_buffer_add(&namestr, strlen(ownername_str));
result = dns_name_fromtext(dns_fixedname_name(&ownername), &namestr,
NULL, 0, NULL);
CHECK("dns_name_fromtext", result);
isc_buffer_init(&keybuf, keydata, 9);
result = isc_base64_decodestring(keystr, &keybuf);
CHECK("isc_base64_decodestring", result);
isc_buffer_usedregion(&keybuf, &r);
initialkey = NULL;
result = dns_tsigkey_create(dns_fixedname_name(&keyname),
DNS_TSIG_HMACMD5_NAME,
isc_buffer_base(&keybuf),
isc_buffer_usedlength(&keybuf),
ISC_FALSE, NULL, 0, 0, mctx, ring,
&initialkey);
CHECK("dns_tsigkey_create", result);
query = NULL;
result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &query);
CHECK("dns_message_create", result);
result = dns_tkey_builddhquery(query, ourkey,
dns_fixedname_name(&ownername),
DNS_TSIG_HMACMD5_NAME, &nonce, 3600);
CHECK("dns_tkey_builddhquery", result);
request = NULL;
result = dns_request_create(requestmgr, query, &address,
0, initialkey, TIMEOUT, task,
recvquery, query, &request);
CHECK("dns_request_create", result);
}
static void
process_message(isc_buffer_t *source) {
dns_message_t *message;
isc_result_t result;
int i;
message = NULL;
result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &message);
CHECKRESULT(result, "dns_message_create failed");
result = dns_message_parse(message, source, parseflags);
if (result == DNS_R_RECOVERABLE)
result = ISC_R_SUCCESS;
CHECKRESULT(result, "dns_message_parse failed");
result = printmessage(message);
CHECKRESULT(result, "printmessage() failed");
if (printmemstats)
isc_mem_stats(mctx, stdout);
if (dorender) {
unsigned char b2[64 * 1024];
isc_buffer_t buffer;
dns_compress_t cctx;
isc_buffer_init(&buffer, b2, sizeof(b2));
/*
* XXXMLG
* Changing this here is a hack, and should not be done in
* reasonable application code, ever.
*/
message->from_to_wire = DNS_MESSAGE_INTENTRENDER;
for (i = 0; i < DNS_SECTION_MAX; i++)
message->counts[i] = 0; /* Another hack XXX */
result = dns_compress_init(&cctx, -1, mctx);
CHECKRESULT(result, "dns_compress_init() failed");
result = dns_message_renderbegin(message, &cctx, &buffer);
CHECKRESULT(result, "dns_message_renderbegin() failed");
result = dns_message_rendersection(message,
DNS_SECTION_QUESTION, 0);
CHECKRESULT(result,
"dns_message_rendersection(QUESTION) failed");
result = dns_message_rendersection(message,
DNS_SECTION_ANSWER, 0);
CHECKRESULT(result,
"dns_message_rendersection(ANSWER) failed");
result = dns_message_rendersection(message,
DNS_SECTION_AUTHORITY, 0);
CHECKRESULT(result,
"dns_message_rendersection(AUTHORITY) failed");
result = dns_message_rendersection(message,
DNS_SECTION_ADDITIONAL, 0);
CHECKRESULT(result,
"dns_message_rendersection(ADDITIONAL) failed");
dns_message_renderend(message);
dns_compress_invalidate(&cctx);
message->from_to_wire = DNS_MESSAGE_INTENTPARSE;
dns_message_destroy(&message);
printf("Message rendered.\n");
if (printmemstats)
isc_mem_stats(mctx, stdout);
result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE,
&message);
CHECKRESULT(result, "dns_message_create failed");
result = dns_message_parse(message, &buffer, parseflags);
CHECKRESULT(result, "dns_message_parse failed");
result = printmessage(message);
CHECKRESULT(result, "printmessage() failed");
}
dns_message_destroy(&message);
}
static void
render(isc_buffer_t *buf, unsigned flags, dns_tsigkey_t *key,
isc_buffer_t **tsigin, isc_buffer_t **tsigout,
dst_context_t *tsigctx)
{
dns_message_t *msg = NULL;
dns_compress_t cctx;
isc_result_t result;
result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &msg);
ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS,
"dns_message_create: %s",
dns_result_totext(result));
msg->id = 50;
msg->rcode = dns_rcode_noerror;
msg->flags = flags;
if (tsigin == tsigout)
msg->tcp_continuation = 1;
if (tsigctx == NULL) {
result = dns_message_settsigkey(msg, key);
ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS,
"dns_message_settsigkey: %s",
dns_result_totext(result));
result = dns_message_setquerytsig(msg, *tsigin);
ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS,
"dns_message_setquerytsig: %s",
dns_result_totext(result));
}
result = dns_compress_init(&cctx, -1, mctx);
ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS,
"dns_compress_init: %s",
dns_result_totext(result));
result = dns_message_renderbegin(msg, &cctx, buf);
ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS,
"dns_message_renderbegin: %s",
dns_result_totext(result));
result = dns_message_renderend(msg);
ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS,
"dns_message_renderend: %s",
dns_result_totext(result));
if (tsigctx != NULL) {
isc_region_t r;
isc_buffer_usedregion(buf, &r);
result = dst_context_adddata(tsigctx, &r);
} else {
if (tsigin == tsigout && *tsigin != NULL)
isc_buffer_free(tsigin);
result = dns_message_getquerytsig(msg, mctx, tsigout);
ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS,
"dns_message_getquerytsig: %s",
dns_result_totext(result));
}
dns_compress_invalidate(&cctx);
dns_message_destroy(&msg);
}
static void
initctx1(isc_task_t *task, isc_event_t *event) {
char gssid[512];
char contextname[512];
isc_result_t result;
isc_buffer_t buf;
dns_message_t *query;
dns_request_t *request;
int c;
isc_event_free(&event);
printf("Initctx - GSS name => ");
c = scanf("%511s", gssid);
if (c == EOF)
return;
snprintf(contextname, sizeof(contextname),
"gsstest.context.%d.", (int)time(NULL));
printf("Initctx - context name we're using: %s\n", contextname);
printf("Negotiating GSSAPI context: ");
printf("%s", gssid);
printf("\n");
/*
* Setup a GSSAPI context with the server
*/
dns_fixedname_init(&servername);
isc_buffer_init(&buf, contextname, strlen(contextname));
isc_buffer_add(&buf, strlen(contextname));
result = dns_name_fromtext(dns_fixedname_name(&servername), &buf,
dns_rootname, 0, NULL);
CHECK("dns_name_fromtext", result);
/* Make name happen */
dns_fixedname_init(&gssname);
isc_buffer_init(&buf, gssid, strlen(gssid));
isc_buffer_add(&buf, strlen(gssid));
result = dns_name_fromtext(dns_fixedname_name(&gssname), &buf,
dns_rootname, 0, NULL);
CHECK("dns_name_fromtext", result);
query = NULL;
result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &query);
CHECK("dns_message_create", result);
printf("Calling gss_init_sec_context()\n");
gssctx = GSS_C_NO_CONTEXT;
result = dns_tkey_buildgssquery(query, dns_fixedname_name(&servername),
dns_fixedname_name(&gssname),
NULL, 36000, &gssctx, ISC_TRUE,
mctx, NULL);
CHECK("dns_tkey_buildgssquery", result);
printf("Sending context token to server\n");
request = NULL;
result = dns_request_create(requestmgr, query, &address, 0, NULL,
TIMEOUT, task, initctx2, query, &request);
CHECK("dns_request_create", result);
return;
end:
event = isc_event_allocate(mctx, (void *)1, 1, console, NULL,
sizeof(*event));
isc_task_send(task, &event);return;
}
static void
initctx2(isc_task_t *task, isc_event_t *event) {
dns_requestevent_t *reqev = (dns_requestevent_t *)event;
isc_result_t result;
dns_message_t *query = NULL, *response = NULL;
isc_buffer_t outtoken;
unsigned char array[DNS_NAME_MAXTEXT + 1];
dns_rdataset_t *rdataset;
dns_rdatatype_t qtype;
dns_name_t *question_name;
UNUSED(task);
REQUIRE(reqev != NULL);
query = reqev->ev_arg;
if (reqev->result != ISC_R_SUCCESS) {
fprintf(stderr, "I:request event result: %s\n",
isc_result_totext(reqev->result));
goto end;
}
response = NULL;
result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &response);
CHECK("dns_message_create", result);
result = dns_request_getresponse(reqev->request, response,
DNS_MESSAGEPARSE_PRESERVEORDER);
CHECK("dns_request_getresponse", result);
if (response->rcode != dns_rcode_noerror) {
result = ISC_RESULTCLASS_DNSRCODE + response->rcode;
fprintf(stderr, "I:response rcode: %s\n",
isc_result_totext(result));
goto end;
}
printf("Received token from server, calling gss_init_sec_context()\n");
isc_buffer_init(&outtoken, array, DNS_NAME_MAXTEXT + 1);
result = dns_tkey_processgssresponse(query, response,
dns_fixedname_name(&gssname),
&gssctx, &outtoken,
&tsigkey, ring, NULL);
gssctx = *gssctxp;
CHECK("dns_tkey_processgssresponse", result);
printf("Context accepted\n");
question_name = NULL;
dns_message_currentname(response, DNS_SECTION_ANSWER, &question_name);
rdataset = ISC_LIST_HEAD(question_name->list);
INSIST(rdataset != NULL);
qtype = rdataset->type;
if (qtype == dns_rdatatype_tkey) {
printf("Received TKEY response from server\n");
printf("Context completed\n");
} else {
printf("Did not receive TKEY response from server\n");
printf("Context not completed\n");
dns_tsigkey_detach(&tsigkey);
tsigkey = NULL;
}
dns_message_destroy(&response);
end:
if (query != NULL)
dns_message_destroy(&query);
if (reqev->request != NULL)
dns_request_destroy(&reqev->request);
isc_event_free(&event);
event = isc_event_allocate(mctx, (void *)1, 1, console, NULL,
sizeof(*event));
isc_task_send(task, &event);
return;
}
static void
sendquery(isc_task_t *task, isc_event_t *event)
{
dns_request_t *request = NULL;
dns_message_t *message = NULL;
dns_name_t *qname = NULL;
dns_rdataset_t *qrdataset = NULL;
isc_result_t result;
dns_fixedname_t queryname;
isc_buffer_t buf;
isc_buffer_t outbuf;
char output[10 * 1024];
static char host[256];
int c;
isc_event_free(&event);
printf("Query => ");
c = scanf("%255s", host);
if (c == EOF)
return;
dns_fixedname_init(&queryname);
isc_buffer_init(&buf, host, strlen(host));
isc_buffer_add(&buf, strlen(host));
result = dns_name_fromtext(dns_fixedname_name(&queryname), &buf,
dns_rootname, 0, NULL);
CHECK("dns_name_fromtext", result);
result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER, &message);
if (result != ISC_R_SUCCESS)
goto end;
message->opcode = dns_opcode_query;
message->rdclass = dns_rdataclass_in;
message->id = (unsigned short)(random() & 0xFFFF);
result = dns_message_gettempname(message, &qname);
if (result != ISC_R_SUCCESS)
goto end;
result = dns_message_gettemprdataset(message, &qrdataset);
if (result != ISC_R_SUCCESS)
goto end;
dns_name_init(qname, NULL);
dns_name_clone(dns_fixedname_name(&queryname), qname);
dns_rdataset_init(qrdataset);
dns_rdataset_makequestion(qrdataset, dns_rdataclass_in,
dns_rdatatype_a);
ISC_LIST_APPEND(qname->list, qrdataset, link);
dns_message_addname(message, qname, DNS_SECTION_QUESTION);
result = dns_request_create(requestmgr, message, &address, 0, tsigkey,
TIMEOUT, task, recvresponse,
message, &request);
CHECK("dns_request_create", result);
printf("Submitting query:\n");
isc_buffer_init(&outbuf, output, sizeof(output));
result = dns_message_totext(message, &dns_master_style_debug, 0,
&outbuf);
CHECK("dns_message_totext", result);
printf("%.*s\n", (int)isc_buffer_usedlength(&outbuf),
(char *)isc_buffer_base(&outbuf));
return;
end:
if (qname != NULL)
dns_message_puttempname(message, &qname);
if (qrdataset != NULL)
dns_message_puttemprdataset(message, &qrdataset);
if (message != NULL)
dns_message_destroy(&message);
}
/*
* Arrange to send as much as we can of "stream" without blocking.
*
* Requires:
* The stream iterator is initialized and points at an RR,
* or possibly at the end of the stream (that is, the
* _first method of the iterator has been called).
*/
static void
sendstream(xfrout_ctx_t *xfr) {
dns_message_t *tcpmsg = NULL;
dns_message_t *msg = NULL; /* Client message if UDP, tcpmsg if TCP */
isc_result_t result;
isc_region_t used;
isc_region_t region;
dns_rdataset_t *qrdataset;
dns_name_t *msgname = NULL;
dns_rdata_t *msgrdata = NULL;
dns_rdatalist_t *msgrdl = NULL;
dns_rdataset_t *msgrds = NULL;
dns_compress_t cctx;
isc_boolean_t cleanup_cctx = ISC_FALSE;
isc_boolean_t is_tcp;
int n_rrs;
isc_buffer_clear(&xfr->buf);
isc_buffer_clear(&xfr->txlenbuf);
isc_buffer_clear(&xfr->txbuf);
is_tcp = ISC_TF((xfr->client->attributes & NS_CLIENTATTR_TCP) != 0);
if (!is_tcp) {
/*
* In the UDP case, we put the response data directly into
* the client message.
*/
msg = xfr->client->message;
CHECK(dns_message_reply(msg, ISC_TRUE));
} else {
/*
* TCP. Build a response dns_message_t, temporarily storing
* the raw, uncompressed owner names and RR data contiguously
* in xfr->buf. We know that if the uncompressed data fits
* in xfr->buf, the compressed data will surely fit in a TCP
* message.
*/
CHECK(dns_message_create(xfr->mctx,
DNS_MESSAGE_INTENTRENDER, &tcpmsg));
msg = tcpmsg;
msg->id = xfr->id;
msg->rcode = dns_rcode_noerror;
msg->flags = DNS_MESSAGEFLAG_QR | DNS_MESSAGEFLAG_AA;
if ((xfr->client->attributes & NS_CLIENTATTR_RA) != 0)
msg->flags |= DNS_MESSAGEFLAG_RA;
CHECK(dns_message_settsigkey(msg, xfr->tsigkey));
CHECK(dns_message_setquerytsig(msg, xfr->lasttsig));
if (xfr->lasttsig != NULL)
isc_buffer_free(&xfr->lasttsig);
/*
* Add a EDNS option to the message?
*/
if ((xfr->client->attributes & NS_CLIENTATTR_WANTOPT) != 0) {
dns_rdataset_t *opt = NULL;
CHECK(ns_client_addopt(xfr->client, msg, &opt));
CHECK(dns_message_setopt(msg, opt));
/*
* Add to first message only.
*/
xfr->client->attributes &= ~NS_CLIENTATTR_WANTNSID;
xfr->client->attributes &= ~NS_CLIENTATTR_HAVEEXPIRE;
}
/*
* Account for reserved space.
*/
if (xfr->tsigkey != NULL)
INSIST(msg->reserved != 0U);
isc_buffer_add(&xfr->buf, msg->reserved);
/*
* Include a question section in the first message only.
* BIND 8.2.1 will not recognize an IXFR if it does not
* have a question section.
*/
if (xfr->nmsg == 0) {
dns_name_t *qname = NULL;
isc_region_t r;
/*
* Reserve space for the 12-byte message header
* and 4 bytes of question.
*/
isc_buffer_add(&xfr->buf, 12 + 4);
qrdataset = NULL;
result = dns_message_gettemprdataset(msg, &qrdataset);
if (result != ISC_R_SUCCESS)
goto failure;
dns_rdataset_makequestion(qrdataset,
xfr->client->message->rdclass,
xfr->qtype);
result = dns_message_gettempname(msg, &qname);
if (result != ISC_R_SUCCESS)
goto failure;
dns_name_init(qname, NULL);
isc_buffer_availableregion(&xfr->buf, &r);
INSIST(r.length >= xfr->qname->length);
r.length = xfr->qname->length;
isc_buffer_putmem(&xfr->buf, xfr->qname->ndata,
xfr->qname->length);
dns_name_fromregion(qname, &r);
ISC_LIST_INIT(qname->list);
ISC_LIST_APPEND(qname->list, qrdataset, link);
dns_message_addname(msg, qname, DNS_SECTION_QUESTION);
} else {
/*
* Reserve space for the 12-byte message header
*/
isc_buffer_add(&xfr->buf, 12);
msg->tcp_continuation = 1;
}
}
/*
* Try to fit in as many RRs as possible, unless "one-answer"
* format has been requested.
*/
for (n_rrs = 0; ; n_rrs++) {
dns_name_t *name = NULL;
isc_uint32_t ttl;
dns_rdata_t *rdata = NULL;
unsigned int size;
isc_region_t r;
msgname = NULL;
msgrdata = NULL;
msgrdl = NULL;
msgrds = NULL;
xfr->stream->methods->current(xfr->stream,
&name, &ttl, &rdata);
size = name->length + 10 + rdata->length;
isc_buffer_availableregion(&xfr->buf, &r);
if (size >= r.length) {
/*
* RR would not fit. If there are other RRs in the
* buffer, send them now and leave this RR to the
* next message. If this RR overflows the buffer
* all by itself, fail.
*
* In theory some RRs might fit in a TCP message
* when compressed even if they do not fit when
* uncompressed, but surely we don't want
* to send such monstrosities to an unsuspecting
* slave.
*/
if (n_rrs == 0) {
xfrout_log(xfr, ISC_LOG_WARNING,
"RR too large for zone transfer "
"(%d bytes)", size);
/* XXX DNS_R_RRTOOLARGE? */
result = ISC_R_NOSPACE;
goto failure;
}
break;
}
if (isc_log_wouldlog(ns_g_lctx, XFROUT_RR_LOGLEVEL))
log_rr(name, rdata, ttl); /* XXX */
result = dns_message_gettempname(msg, &msgname);
if (result != ISC_R_SUCCESS)
goto failure;
dns_name_init(msgname, NULL);
isc_buffer_availableregion(&xfr->buf, &r);
INSIST(r.length >= name->length);
r.length = name->length;
isc_buffer_putmem(&xfr->buf, name->ndata, name->length);
dns_name_fromregion(msgname, &r);
/* Reserve space for RR header. */
isc_buffer_add(&xfr->buf, 10);
result = dns_message_gettemprdata(msg, &msgrdata);
if (result != ISC_R_SUCCESS)
goto failure;
isc_buffer_availableregion(&xfr->buf, &r);
r.length = rdata->length;
isc_buffer_putmem(&xfr->buf, rdata->data, rdata->length);
dns_rdata_init(msgrdata);
dns_rdata_fromregion(msgrdata,
rdata->rdclass, rdata->type, &r);
result = dns_message_gettemprdatalist(msg, &msgrdl);
if (result != ISC_R_SUCCESS)
goto failure;
msgrdl->type = rdata->type;
msgrdl->rdclass = rdata->rdclass;
msgrdl->ttl = ttl;
if (rdata->type == dns_rdatatype_sig ||
rdata->type == dns_rdatatype_rrsig)
msgrdl->covers = dns_rdata_covers(rdata);
else
msgrdl->covers = dns_rdatatype_none;
ISC_LIST_APPEND(msgrdl->rdata, msgrdata, link);
result = dns_message_gettemprdataset(msg, &msgrds);
if (result != ISC_R_SUCCESS)
goto failure;
result = dns_rdatalist_tordataset(msgrdl, msgrds);
INSIST(result == ISC_R_SUCCESS);
ISC_LIST_APPEND(msgname->list, msgrds, link);
dns_message_addname(msg, msgname, DNS_SECTION_ANSWER);
msgname = NULL;
result = xfr->stream->methods->next(xfr->stream);
if (result == ISC_R_NOMORE) {
xfr->end_of_stream = ISC_TRUE;
break;
}
CHECK(result);
if (! xfr->many_answers)
break;
/*
* At this stage, at least 1 RR has been rendered into
* the message. Check if we want to clamp this message
* here (TCP only). 20480 was set as an upper limit to
* improve message compression.
*/
if ((isc_buffer_usedlength(&xfr->buf) >= 20480) && is_tcp)
break;
}
if (is_tcp) {
CHECK(dns_compress_init(&cctx, -1, xfr->mctx));
dns_compress_setsensitive(&cctx, ISC_TRUE);
cleanup_cctx = ISC_TRUE;
CHECK(dns_message_renderbegin(msg, &cctx, &xfr->txbuf));
CHECK(dns_message_rendersection(msg, DNS_SECTION_QUESTION, 0));
CHECK(dns_message_rendersection(msg, DNS_SECTION_ANSWER, 0));
CHECK(dns_message_renderend(msg));
dns_compress_invalidate(&cctx);
cleanup_cctx = ISC_FALSE;
isc_buffer_usedregion(&xfr->txbuf, &used);
isc_buffer_putuint16(&xfr->txlenbuf,
(isc_uint16_t)used.length);
region.base = xfr->txlenbuf.base;
region.length = 2 + used.length;
xfrout_log(xfr, ISC_LOG_DEBUG(8),
"sending TCP message of %d bytes",
used.length);
CHECK(isc_socket_send(xfr->client->tcpsocket, /* XXX */
®ion, xfr->client->task,
xfrout_senddone,
xfr));
xfr->sends++;
} else {
xfrout_log(xfr, ISC_LOG_DEBUG(8), "sending IXFR UDP response");
ns_client_send(xfr->client);
xfr->stream->methods->pause(xfr->stream);
xfrout_ctx_destroy(&xfr);
return;
}
/* Advance lasttsig to be the last TSIG generated */
CHECK(dns_message_getquerytsig(msg, xfr->mctx, &xfr->lasttsig));
xfr->nmsg++;
failure:
if (msgname != NULL) {
if (msgrds != NULL) {
if (dns_rdataset_isassociated(msgrds))
dns_rdataset_disassociate(msgrds);
dns_message_puttemprdataset(msg, &msgrds);
}
if (msgrdl != NULL) {
ISC_LIST_UNLINK(msgrdl->rdata, msgrdata, link);
dns_message_puttemprdatalist(msg, &msgrdl);
}
if (msgrdata != NULL)
dns_message_puttemprdata(msg, &msgrdata);
dns_message_puttempname(msg, &msgname);
}
if (tcpmsg != NULL)
dns_message_destroy(&tcpmsg);
if (cleanup_cctx)
dns_compress_invalidate(&cctx);
/*
* Make sure to release any locks held by database
* iterators before returning from the event handler.
*/
xfr->stream->methods->pause(xfr->stream);
if (result == ISC_R_SUCCESS)
return;
xfrout_fail(xfr, result, "sending zone data");
}
int
main(int argc, char *argv[]) {
int i, ch, error;
struct addrinfo hints, *res;
isc_result_t result;
isc_sockaddr_t sa;
isc_sockaddrlist_t servers;
isc_taskmgr_t *taskmgr = NULL;
isc_socketmgr_t *socketmgr = NULL;
isc_timermgr_t *timermgr = NULL;
while ((ch = getopt(argc, argv, "c:dhv")) != -1) {
switch (ch) {
case 'c':
cacheserver = optarg;
break;
case 'd':
debug_mode = ISC_TRUE;
break;
case 'h':
usage();
break;
case 'v':
verbose_level++;
break;
default:
usage();
break;
}
}
argc -= optind;
argv += optind;
/* Common set up */
isc_lib_register();
result = dns_lib_init();
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "dns_lib_init failed: %d\n", result);
exit(1);
}
result = ctxs_init(&mctx, &actx, &taskmgr, &socketmgr,
&timermgr);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "ctx create failed: %d\n", result);
exit(1);
}
isc_app_ctxstart(actx);
result = dns_client_createx(mctx, actx, taskmgr, socketmgr,
timermgr, 0, &client);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "dns_client_createx failed: %d\n", result);
exit(1);
}
/* Set local cache server */
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_DGRAM;
error = getaddrinfo(cacheserver, "53", &hints, &res);
if (error != 0) {
fprintf(stderr, "failed to convert server name (%s): %s\n",
cacheserver, gai_strerror(error));
exit(1);
}
if (res->ai_addrlen > sizeof(sa.type)) {
fprintf(stderr,
"assumption failure: addrlen is too long: %ld\n",
(long)res->ai_addrlen);
exit(1);
}
memcpy(&sa.type.sa, res->ai_addr, res->ai_addrlen);
sa.length = res->ai_addrlen;
freeaddrinfo(res);
ISC_LINK_INIT(&sa, link);
ISC_LIST_INIT(servers);
ISC_LIST_APPEND(servers, &sa, link);
result = dns_client_setservers(client, dns_rdataclass_in, NULL,
&servers);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "failed to set server: %d\n", result);
exit(1);
}
/* Create the main task */
probe_task = NULL;
result = isc_task_create(taskmgr, 0, &probe_task);
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "failed to create task: %d\n", result);
exit(1);
}
/* Open input file */
if (argc == 0)
fp = stdin;
else {
fp = fopen(argv[0], "r");
if (fp == NULL) {
fprintf(stderr, "failed to open input file: %s\n",
argv[0]);
exit(1);
}
}
/* Set up and start probe */
for (i = 0; i < MAX_PROBES; i++) {
probes[i].inuse = ISC_FALSE;
probes[i].domain = NULL;
dns_fixedname_init(&probes[i].fixedname);
probes[i].qname = NULL;
probes[i].qlabel = qlabels;
probes[i].qname_found = ISC_FALSE;
probes[i].resid = NULL;
ISC_LIST_INIT(probes[i].nslist);
probes[i].reqid = NULL;
probes[i].qmessage = NULL;
result = dns_message_create(mctx, DNS_MESSAGE_INTENTRENDER,
&probes[i].qmessage);
if (result == ISC_R_SUCCESS) {
result = dns_message_create(mctx,
DNS_MESSAGE_INTENTPARSE,
&probes[i].rmessage);
}
if (result != ISC_R_SUCCESS) {
fprintf(stderr, "initialization failure\n");
exit(1);
}
}
for (i = 0; i < MAX_PROBES; i++) {
result = probe_domain(&probes[i]);
if (result == ISC_R_NOMORE)
break;
else if (result != ISC_R_SUCCESS) {
fprintf(stderr, "failed to issue an initial probe\n");
exit(1);
}
}
/* Start event loop */
isc_app_ctxrun(actx);
/* Dump results */
printf("Per domain results (out of %lu domains):\n",
number_of_domains);
printf(" valid: %lu\n"
" ignore: %lu\n"
" nxdomain: %lu\n"
" othererr: %lu\n"
" multiplesoa: %lu\n"
" multiplecname: %lu\n"
" brokenanswer: %lu\n"
" lame: %lu\n"
" unknown: %lu\n"
" multiple errors: %lu\n",
domain_stat.valid, domain_stat.ignore, domain_stat.nxdomain,
domain_stat.othererr, domain_stat.multiplesoa,
domain_stat.multiplecname, domain_stat.brokenanswer,
domain_stat.lame, domain_stat.unknown, multiple_error_domains);
printf("Per server results (out of %lu servers):\n",
number_of_servers);
printf(" valid: %lu\n"
" ignore: %lu\n"
" nxdomain: %lu\n"
" othererr: %lu\n"
" multiplesoa: %lu\n"
" multiplecname: %lu\n"
" brokenanswer: %lu\n"
" lame: %lu\n"
" unknown: %lu\n",
server_stat.valid, server_stat.ignore, server_stat.nxdomain,
server_stat.othererr, server_stat.multiplesoa,
server_stat.multiplecname, server_stat.brokenanswer,
server_stat.lame, server_stat.unknown);
/* Cleanup */
for (i = 0; i < MAX_PROBES; i++) {
dns_message_destroy(&probes[i].qmessage);
dns_message_destroy(&probes[i].rmessage);
}
isc_task_detach(&probe_task);
dns_client_destroy(&client);
dns_lib_shutdown();
isc_app_ctxfinish(actx);
ctxs_destroy(&mctx, &actx, &taskmgr, &socketmgr, &timermgr);
exit(0);
}
ATF_TC_BODY(tsig_tcp, tc) {
const dns_name_t *tsigowner = NULL;
dns_fixedname_t fkeyname;
dns_message_t *msg = NULL;
dns_name_t *keyname;
dns_tsig_keyring_t *ring = NULL;
dns_tsigkey_t *key = NULL;
isc_buffer_t *buf = NULL;
isc_buffer_t *querytsig = NULL;
isc_buffer_t *tsigin = NULL;
isc_buffer_t *tsigout = NULL;
isc_result_t result;
unsigned char secret[16] = { 0 };
dst_context_t *tsigctx = NULL;
dst_context_t *outctx = NULL;
UNUSED(tc);
result = dns_test_begin(stderr, ISC_TRUE);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
/* isc_log_setdebuglevel(lctx, 99); */
dns_fixedname_init(&fkeyname);
keyname = dns_fixedname_name(&fkeyname);
result = dns_name_fromstring(keyname, "test", 0, NULL);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
result = dns_tsigkeyring_create(mctx, &ring);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
result = dns_tsigkey_create(keyname, dns_tsig_hmacsha256_name,
secret, sizeof(secret), ISC_FALSE,
NULL, 0, 0, mctx, ring, &key);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
/*
* Create request.
*/
result = isc_buffer_allocate(mctx, &buf, 65535);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
render(buf, 0, key, &tsigout, &querytsig, NULL);
isc_buffer_free(&buf);
/*
* Create response message 1.
*/
result = isc_buffer_allocate(mctx, &buf, 65535);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
render(buf, DNS_MESSAGEFLAG_QR, key, &querytsig, &tsigout, NULL);
/*
* Process response message 1.
*/
result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &msg);
ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS,
"dns_message_create: %s",
dns_result_totext(result));
result = dns_message_settsigkey(msg, key);
ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS,
"dns_message_settsigkey: %s",
dns_result_totext(result));
result = dns_message_parse(msg, buf, 0);
ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS,
"dns_message_parse: %s",
dns_result_totext(result));
printmessage(msg);
result = dns_message_setquerytsig(msg, querytsig);
ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS,
"dns_message_setquerytsig: %s",
dns_result_totext(result));
result = dns_tsig_verify(buf, msg, NULL, NULL);
ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS,
"dns_tsig_verify: %s",
dns_result_totext(result));
ATF_CHECK_EQ(msg->verified_sig, 1);
ATF_CHECK_EQ(msg->tsigstatus, dns_rcode_noerror);
/*
* Check that we have a TSIG in the first message.
*/
ATF_REQUIRE(dns_message_gettsig(msg, &tsigowner) != NULL);
result = dns_message_getquerytsig(msg, mctx, &tsigin);
ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS,
"dns_message_getquerytsig: %s",
dns_result_totext(result));
tsigctx = msg->tsigctx;
msg->tsigctx = NULL;
isc_buffer_free(&buf);
dns_message_destroy(&msg);
result = dst_context_create3(key->key, mctx, DNS_LOGCATEGORY_DNSSEC,
ISC_FALSE, &outctx);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
/*
* Start digesting.
*/
result = add_mac(outctx, tsigout);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
/*
* Create response message 2.
*/
result = isc_buffer_allocate(mctx, &buf, 65535);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
render(buf, DNS_MESSAGEFLAG_QR, key, &tsigout, &tsigout, outctx);
/*
* Process response message 2.
*/
result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &msg);
ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS,
"dns_message_create: %s",
dns_result_totext(result));
msg->tcp_continuation = 1;
msg->tsigctx = tsigctx;
tsigctx = NULL;
result = dns_message_settsigkey(msg, key);
ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS,
"dns_message_settsigkey: %s",
dns_result_totext(result));
result = dns_message_parse(msg, buf, 0);
ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS,
"dns_message_parse: %s",
dns_result_totext(result));
printmessage(msg);
result = dns_message_setquerytsig(msg, tsigin);
ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS,
"dns_message_setquerytsig: %s",
dns_result_totext(result));
result = dns_tsig_verify(buf, msg, NULL, NULL);
ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS,
"dns_tsig_verify: %s",
dns_result_totext(result));
ATF_CHECK_EQ(msg->verified_sig, 1);
ATF_CHECK_EQ(msg->tsigstatus, dns_rcode_noerror);
/*
* Check that we don't have a TSIG in the second message.
*/
tsigowner = NULL;
ATF_REQUIRE(dns_message_gettsig(msg, &tsigowner) == NULL);
tsigctx = msg->tsigctx;
msg->tsigctx = NULL;
isc_buffer_free(&buf);
dns_message_destroy(&msg);
/*
* Create response message 3.
*/
result = isc_buffer_allocate(mctx, &buf, 65535);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
render(buf, DNS_MESSAGEFLAG_QR, key, &tsigout, &tsigout, outctx);
result = add_tsig(outctx, key, buf);
ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS,
"add_tsig: %s",
dns_result_totext(result));
/*
* Process response message 3.
*/
result = dns_message_create(mctx, DNS_MESSAGE_INTENTPARSE, &msg);
ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS,
"dns_message_create: %s",
dns_result_totext(result));
msg->tcp_continuation = 1;
msg->tsigctx = tsigctx;
tsigctx = NULL;
result = dns_message_settsigkey(msg, key);
ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS,
"dns_message_settsigkey: %s",
dns_result_totext(result));
result = dns_message_parse(msg, buf, 0);
ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS,
"dns_message_parse: %s",
dns_result_totext(result));
printmessage(msg);
/*
* Check that we had a TSIG in the third message.
*/
ATF_REQUIRE(dns_message_gettsig(msg, &tsigowner) != NULL);
result = dns_message_setquerytsig(msg, tsigin);
ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS,
"dns_message_setquerytsig: %s",
dns_result_totext(result));
result = dns_tsig_verify(buf, msg, NULL, NULL);
ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS,
"dns_tsig_verify: %s",
dns_result_totext(result));
ATF_CHECK_EQ(msg->verified_sig, 1);
ATF_CHECK_EQ(msg->tsigstatus, dns_rcode_noerror);
if (tsigin != NULL)
isc_buffer_free(&tsigin);
result = dns_message_getquerytsig(msg, mctx, &tsigin);
ATF_CHECK_EQ_MSG(result, ISC_R_SUCCESS,
"dns_message_getquerytsig: %s",
dns_result_totext(result));
isc_buffer_free(&buf);
dns_message_destroy(&msg);
if (outctx != NULL)
dst_context_destroy(&outctx);
if (querytsig != NULL)
isc_buffer_free(&querytsig);
if (tsigin != NULL)
isc_buffer_free(&tsigin);
if (tsigout != NULL)
isc_buffer_free(&tsigout);
if (buf != NULL)
isc_buffer_free(&buf);
if (msg != NULL)
dns_message_destroy(&msg);
if (key != NULL)
dns_tsigkey_detach(&key);
if (ring != NULL)
dns_tsigkeyring_detach(&ring);
dns_test_end();
}
