Kea 2.7.6
|
TSIG resource record. More...
#include <tsigrecord.h>
Public Member Functions | |
Constructors | |
We use the default copy constructor, default copy assignment operator, (and default destructor) intentionally. | |
TSIGRecord (const Name &key_name, const rdata::any::TSIG &tsig_rdata) | |
Constructor from TSIG key name and RDATA. | |
TSIGRecord (const Name &name, const RRClass &rrclass, const RRTTL &ttl, const rdata::Rdata &rdata, size_t length) | |
Constructor from resource record (RR) parameters. | |
const Name & | getName () const |
Return the owner name of the TSIG RR, which is the TSIG key name. | |
const rdata::any::TSIG & | getRdata () const |
Return the RDATA of the TSIG RR. | |
Protocol constants and defaults | |
static const uint32_t | TSIG_TTL = 0 |
The TTL value to be used in TSIG RRs. | |
size_t | getLength () const |
Return the length of the TSIG record. | |
uint32_t | toWire (AbstractMessageRenderer &renderer) const |
Render the TSIG RR in the wire format. | |
uint32_t | toWire (isc::util::OutputBuffer &buffer) const |
Render the TSIG RR in the wire format. | |
std::string | toText () const |
Convert the TSIG record to a string. | |
static const RRClass & | getClass () |
Return the RR class of TSIG. | |
static const RRTTL & | getTTL () |
Return the TTL value of TSIG. | |
TSIG resource record.
A TSIGRecord
class object represents a TSIG resource record and is responsible for conversion to and from wire format TSIG record based on the protocol specification (RFC2845). This class is provided so that other classes and applications can handle TSIG without knowing protocol details of TSIG, such as that it uses a fixed constant of TTL.
AbstractRRset
. That way it would be able to be used in a polymorphic way; for example, an application can construct a TSIG RR by itself and insert it to a Message
object as a generic RRset. On the other hand, it would mean this class would have to implement an RdataIterator
(even though it can be done via straightforward forwarding) while the iterator is mostly redundant since there should be one and only one RDATA for a valid TSIG RR. Likewise, some methods such as setTTL()
method wouldn't be well defined due to such special rules for TSIG as using a fixed TTL. Overall, TSIG is a very special RR type that simply uses the compatible resource record format, and it will be unlikely that a user wants to handle it through a generic interface in a polymorphic way. We therefore chose to define it as a separate class. This is also similar to why EDNS
is a separate class. Definition at line 51 of file tsigrecord.h.
isc::dns::TSIGRecord::TSIGRecord | ( | const Name & | key_name, |
const rdata::any::TSIG & | tsig_rdata ) |
Constructor from TSIG key name and RDATA.
std::bad_alloc | Resource allocation for copying the name or RDATA fails |
Definition at line 40 of file tsigrecord.cc.
isc::dns::TSIGRecord::TSIGRecord | ( | const Name & | name, |
const RRClass & | rrclass, | ||
const RRTTL & | ttl, | ||
const rdata::Rdata & | rdata, | ||
size_t | length ) |
Constructor from resource record (RR) parameters.
This constructor is intended to be used in the context of parsing an incoming DNS message that contains a TSIG. The parser would first extract the owner name, RR type (which is TSIG) class, TTL and the TSIG RDATA from the message. This constructor is expected to be given these RR parameters (except the RR type, because it must be TSIG).
According to RFC2845, a TSIG RR uses fixed RR class (ANY) and TTL (0). If the RR class or TTL is different from the expected one, this implementation considers it an invalid record and throws an exception of class DNSMessageFORMERR
.
Likewise, if rdata
is not of type any::TSIG
, an exception of class DNSMessageFORMERR will be thrown. When the caller is a DNS message parser and builds rdata
from incoming wire format data as described above, this case happens when the RR class is different from ANY (in the implementation, the type check takes place before the explicit check against the RR class explained in the previous paragraph).
The length
parameter is intended to be the length of the TSIG RR (from the beginning of the owner name to the end of the RDATA) when the caller is a DNS message parser. Note that it is the actual length for the RR in the format; if the owner name or the algorithm name (in the RDATA) is compressed (although the latter should not be compressed according to RFC3597), the length must be the size of the compressed data. The length is recorded inside the class and will be returned via subsequent calls to getLength()
. It's intended to be used in the context TSIG verification; in the verify process the MAC computation must be performed for the original data without TSIG, so, to avoid parsing the entire data in the verify process again, it's necessary to record information that can identify the length to be digested for the MAC. This parameter serves for that purpose.
length
, and simply accepts any given value. It even accepts obviously invalid values such as 0. It's caller's responsibility to provide a valid value of length, and, the verifier's responsibility to use the length safely.DISCUSSION: this design is fragile in that it introduces a tight coupling between message parsing and TSIG verification via the TSIGRecord
class. In terms of responsibility decoupling, the ideal way to have TSIGRecord
remember the entire wire data along with the length of the TSIG. Then in the TSIG verification we could refer to the necessary potion of data solely from a TSIGRecord
object. However, this approach would require expensive heavy copy of the original data or introduce another kind of coupling between the data holder and this class (if the original data is freed while a TSIGRecord
object referencing the data still exists, the result will be catastrophic). As a "best current compromise", we use the current design. We may reconsider it if it turns out to cause a big problem or we come up with a better idea.
DNSMessageFORMERR | Given RR parameters are invalid for TSIG. |
std::bad_alloc | Internal resource allocation fails. |
name | The owner name of the TSIG RR |
rrclass | The RR class of the RR. Must be RRClass::ANY() (see above) |
ttl | The TTL of the RR. Must be 0 (see above) |
rdata | The RDATA of the RR. Must be of type any::TSIG . |
length | The size of the RR (see above) |
Definition at line 66 of file tsigrecord.cc.
References getClass(), isc_throw, and TSIG_TTL.
|
static |
Return the RR class of TSIG.
TSIG always uses the ANY RR class. This static method returns it, when, though unlikely, an application wants to know which class TSIG is supposed to use.
None |
Definition at line 79 of file tsigrecord.cc.
References isc::dns::RRClass::ANY().
Referenced by TSIGRecord(), isc::dns::TSIGContext::sign(), toText(), and isc::dns::TSIGContext::verify().
|
inline |
Return the length of the TSIG record.
When constructed from the key name and RDATA, it is the length of the record when it is rendered by the toWire()
method.
None |
Definition at line 211 of file tsigrecord.h.
Referenced by isc::dns::TSIGContext::verify().
|
inline |
Return the owner name of the TSIG RR, which is the TSIG key name.
None |
Definition at line 168 of file tsigrecord.h.
Referenced by isc::dns::TSIGContext::verify().
|
inline |
Return the RDATA of the TSIG RR.
None |
Definition at line 175 of file tsigrecord.h.
Referenced by isc::dns::TSIGContext::verify().
|
static |
Return the TTL value of TSIG.
TSIG always uses 0 TTL. This static method returns it, when, though unlikely, an application wants to know the TTL TSIG is supposed to use.
None |
Definition at line 84 of file tsigrecord.cc.
References TSIG_TTL.
std::string isc::dns::TSIGRecord::toText | ( | ) | const |
Convert the TSIG record to a string.
The output format is the same as the result of toText()
for other normal types of RRsets (with always using the same RR class and TTL). It also ends with a newline.
std::bad_alloc | Internal resource allocation fails (this should be rare). |
TSIG
record Definition at line 129 of file tsigrecord.cc.
References getClass(), isc::dns::Name::toText(), isc::dns::rdata::any::TSIG::toText(), toText(), isc::dns::RRType::TSIG(), and TSIG_TTL.
Referenced by isc::dns::operator<<(), and toText().
uint32_t isc::dns::TSIGRecord::toWire | ( | AbstractMessageRenderer & | renderer | ) | const |
Render the TSIG
RR in the wire format.
This method renders the TSIG record as a form of a DNS TSIG RR via renderer
, which encapsulates output buffer and other rendering contexts.
Normally this version of toWire()
method tries to compress the owner name of the RR whenever possible, but this method intentionally skips owner name compression. This is due to a report that some Windows clients refuse a TSIG if its owner name is compressed (See http://marc.info/?l=bind-workers&m=126637138430819&w=2). Reportedly this seemed to be specific to GSS-TSIG, but this implementation skip compression regardless of the algorithm.
If by adding the TSIG RR the message size would exceed the limit maintained in renderer
, this method skips rendering the RR and returns 0 and mark renderer
as "truncated" (so that a subsequent call to isTruncated()
on renderer
will result in true
); otherwise it returns 1, which is the number of RR rendered.
std::bad_alloc | Internal resource allocation fails (this should be rare). |
renderer | DNS message rendering context that encapsulates the output buffer and name compression information. |
Definition at line 108 of file tsigrecord.cc.
References isc::dns::AbstractMessageRenderer::getLength(), isc::dns::AbstractMessageRenderer::getLengthLimit(), isc::dns::AbstractMessageRenderer::setTruncated(), and isc::dns::AbstractMessageRenderer::writeName().
uint32_t isc::dns::TSIGRecord::toWire | ( | isc::util::OutputBuffer & | buffer | ) | const |
Render the TSIG
RR in the wire format.
This method is same as toWire(AbstractMessageRenderer&)const
except it renders the RR in an OutputBuffer
and therefore does not care about message size limit. As a consequence it always returns 1.
Definition at line 122 of file tsigrecord.cc.
References isc::dns::Name::toWire().
|
static |
The TTL value to be used in TSIG RRs.
Definition at line 270 of file tsigrecord.h.
Referenced by TSIGRecord(), getTTL(), isc::dns::TSIGContext::sign(), toText(), and isc::dns::TSIGContext::verify().