fatal_exit("expected int argument for %s", expected_other_str);
if(vtest)
- printf("tsig-sign-query with %s %d %d\n", keyname,
+ printf("tsig-verify-query with %s %d %d\n", keyname,
(int)timepoint, expected_rcode);
/* Put position before TSIG */
+ if(!tsig_find_rr(pkt)) {
+ if(vtest)
+ printf("tsig-verify-query found no TSIG RR\n");
+ unit_assert(0);
+ return;
+ }
ret = tsig_parse_verify_query(key_table, pkt, &tsig, NULL, timepoint);
if(vtest) {
lock_rw_unlock(&key_table->lock);
return ret;
}
+
+int
+tsig_find_rr(struct sldns_buffer* pkt)
+{
+ size_t end_pos, n_rrs;
+ if(sldns_buffer_limit(pkt) < LDNS_HEADER_SIZE) {
+ verbose(VERB_ALGO, "No TSIG, packet too short");
+ return 0;
+ }
+ if(LDNS_ARCOUNT(sldns_buffer_begin(pkt)) < 1) {
+ verbose(VERB_ALGO, "No TSIG found, ARCOUNT == 0");
+ return 0;
+ }
+ n_rrs = LDNS_ANCOUNT(sldns_buffer_begin(pkt))
+ + LDNS_NSCOUNT(sldns_buffer_begin(pkt))
+ + LDNS_ARCOUNT(sldns_buffer_begin(pkt))
+ - 1;
+
+ sldns_buffer_rewind(pkt);
+ sldns_buffer_skip(pkt, LDNS_HEADER_SIZE);
+
+ /* Skip qnames. */
+ if(!skip_pkt_query_rrs(pkt, LDNS_QDCOUNT(sldns_buffer_begin(pkt)))) {
+ verbose(VERB_ALGO, "No TSIG, query section RRs malformed");
+ return 0;
+ }
+ /* Skip all rrs. */
+ if(!skip_pkt_rrs(pkt, n_rrs)) {
+ verbose(VERB_ALGO, "No TSIG, packet RRs are malformed");
+ return 0;
+ }
+ end_pos = sldns_buffer_position(pkt);
+
+ /* The tsig owner name, the key name */
+ if(sldns_buffer_remaining(pkt) < 1) {
+ verbose(VERB_ALGO, "No TSIG, packet too short");
+ return 0;
+ }
+ if(!pkt_dname_len(pkt)) {
+ verbose(VERB_ALGO, "No TSIG, dname malformed");
+ return 0;
+ }
+ if(sldns_buffer_remaining(pkt) < 2+2+4+2) {
+ verbose(VERB_ALGO, "No TSIG, packet too short");
+ return 0;
+ }
+ if(sldns_buffer_read_u16(pkt) != LDNS_RR_TYPE_TSIG) {
+ verbose(VERB_ALGO, "No TSIG, last RR not type TSIG");
+ return 0;
+ }
+
+ sldns_buffer_set_position(pkt, end_pos);
+ return 1;
+}
*/
size_t tsig_reserved_space(struct tsig_data* tsig);
+/**
+ * See if the packet has a TSIG record, or not.
+ * @param pkt: the packet.
+ * @return false if malformed or no tsig. If found, the position is
+ * just before the TSIG record. So it can be parsed.
+ */
+int tsig_find_rr(struct sldns_buffer* pkt);
+
#endif /* UTIL_TSIG_H */
projects / thirdparty / unbound.git / commitdiff
