4 #include "packethandler.hh"
6 void PacketHandler::tkeyHandler(DNSPacket
*p
, DNSPacket
*r
) {
7 TKEYRecordContent tkey_in
;
8 std::shared_ptr
<TKEYRecordContent
> tkey_out(new TKEYRecordContent());
12 if (!p
->getTKEYRecord(&tkey_in
, &name
)) {
13 g_log
<<Logger::Error
<<"TKEY request but no TKEY RR found"<<endl
;
14 r
->setRcode(RCode::FormErr
);
18 // retain original name for response
19 tkey_out
->d_error
= 0;
20 tkey_out
->d_mode
= tkey_in
.d_mode
;
21 tkey_out
->d_algo
= tkey_in
.d_algo
;
22 tkey_out
->d_inception
= time((time_t*)NULL
);
23 tkey_out
->d_expiration
= tkey_out
->d_inception
+15;
27 if (tkey_in
.d_mode
== 3) { // establish context
28 if (tkey_in
.d_algo
== DNSName("gss-tsig.")) {
29 std::vector
<std::string
> meta
;
30 DNSName
tmpName(name
);
32 if (B
.getDomainMetadata(tmpName
, "GSS-ACCEPTOR-PRINCIPAL", meta
) && meta
.size()>0) {
35 } while(tmpName
.chopOff());
38 ctx
.setLocalPrincipal(meta
[0]);
40 // try to get a context
41 if (!ctx
.accept(tkey_in
.d_key
, tkey_out
->d_key
))
42 tkey_out
->d_error
= 19;
46 tkey_out
->d_error
= 21; // BADALGO
48 } else if (tkey_in
.d_mode
== 5) { // destroy context
49 if (p
->d_havetsig
== false) { // unauthenticated
50 if (p
->d
.opcode
== Opcode::Update
)
51 r
->setRcode(RCode::Refused
);
53 r
->setRcode(RCode::NotAuth
);
59 tkey_out
->d_error
= 20; // BADNAME (because we have no support for anything here)
61 if (p
->d_havetsig
== false && tkey_in
.d_mode
!= 2) { // unauthenticated
62 if (p
->d
.opcode
== Opcode::Update
)
63 r
->setRcode(RCode::Refused
);
65 r
->setRcode(RCode::NotAuth
);
68 tkey_out
->d_error
= 19; // BADMODE
71 tkey_out
->d_keysize
= tkey_out
->d_key
.size();
72 tkey_out
->d_othersize
= tkey_out
->d_other
.size();
78 zrr
.dr
.d_type
= QType::TKEY
;
79 zrr
.dr
.d_class
= QClass::ANY
;
80 zrr
.dr
.d_content
= tkey_out
;
81 zrr
.dr
.d_place
= DNSResourceRecord::ANSWER
;
86 TSIGRecordContent trc
;
87 trc
.d_algoName
= DNSName("gss-tsig");
88 trc
.d_time
= tkey_out
->d_inception
;
91 trc
.d_origID
= p
->d
.id
;
94 // this should cause it to lookup name context
95 r
->setTSIGDetails(trc
, name
, name
.toStringNoDot(), "", false);