mirror of
https://github.com/k3s-io/kubernetes.git
synced 2025-11-23 04:08:59 +00:00
Godeps changes for kube-dns
This commit is contained in:
Abhishek Shah
78
vendor/github.com/miekg/dns/tsig.go
generated
vendored
78
vendor/github.com/miekg/dns/tsig.go
generated
vendored
@@ -1,56 +1,3 @@
|
||||
// TRANSACTION SIGNATURE
|
||||
//
|
||||
// An TSIG or transaction signature adds a HMAC TSIG record to each message sent.
|
||||
// The supported algorithms include: HmacMD5, HmacSHA1 and HmacSHA256.
|
||||
//
|
||||
// Basic use pattern when querying with a TSIG name "axfr." (note that these key names
|
||||
// must be fully qualified - as they are domain names) and the base64 secret
|
||||
// "so6ZGir4GPAqINNh9U5c3A==":
|
||||
//
|
||||
// c := new(dns.Client)
|
||||
// c.TsigSecret = map[string]string{"axfr.": "so6ZGir4GPAqINNh9U5c3A=="}
|
||||
// m := new(dns.Msg)
|
||||
// m.SetQuestion("miek.nl.", dns.TypeMX)
|
||||
// m.SetTsig("axfr.", dns.HmacMD5, 300, time.Now().Unix())
|
||||
// ...
|
||||
// // When sending the TSIG RR is calculated and filled in before sending
|
||||
//
|
||||
// When requesting an zone transfer (almost all TSIG usage is when requesting zone transfers), with
|
||||
// TSIG, this is the basic use pattern. In this example we request an AXFR for
|
||||
// miek.nl. with TSIG key named "axfr." and secret "so6ZGir4GPAqINNh9U5c3A=="
|
||||
// and using the server 176.58.119.54:
|
||||
//
|
||||
// t := new(dns.Transfer)
|
||||
// m := new(dns.Msg)
|
||||
// t.TsigSecret = map[string]string{"axfr.": "so6ZGir4GPAqINNh9U5c3A=="}
|
||||
// m.SetAxfr("miek.nl.")
|
||||
// m.SetTsig("axfr.", dns.HmacMD5, 300, time.Now().Unix())
|
||||
// c, err := t.In(m, "176.58.119.54:53")
|
||||
// for r := range c { /* r.RR */ }
|
||||
//
|
||||
// You can now read the records from the transfer as they come in. Each envelope is checked with TSIG.
|
||||
// If something is not correct an error is returned.
|
||||
//
|
||||
// Basic use pattern validating and replying to a message that has TSIG set.
|
||||
//
|
||||
// server := &dns.Server{Addr: ":53", Net: "udp"}
|
||||
// server.TsigSecret = map[string]string{"axfr.": "so6ZGir4GPAqINNh9U5c3A=="}
|
||||
// go server.ListenAndServe()
|
||||
// dns.HandleFunc(".", handleRequest)
|
||||
//
|
||||
// func handleRequest(w dns.ResponseWriter, r *dns.Msg) {
|
||||
// m := new(Msg)
|
||||
// m.SetReply(r)
|
||||
// if r.IsTsig() {
|
||||
// if w.TsigStatus() == nil {
|
||||
// // *Msg r has an TSIG record and it was validated
|
||||
// m.SetTsig("axfr.", dns.HmacMD5, 300, time.Now().Unix())
|
||||
// } else {
|
||||
// // *Msg r has an TSIG records and it was not valided
|
||||
// }
|
||||
// }
|
||||
// w.WriteMsg(m)
|
||||
// }
|
||||
package dns
|
||||
|
||||
import (
|
||||
@@ -58,6 +5,7 @@ import (
|
||||
"crypto/md5"
|
||||
"crypto/sha1"
|
||||
"crypto/sha256"
|
||||
"crypto/sha512"
|
||||
"encoding/hex"
|
||||
"hash"
|
||||
"io"
|
||||
@@ -71,8 +19,11 @@ const (
|
||||
HmacMD5 = "hmac-md5.sig-alg.reg.int."
|
||||
HmacSHA1 = "hmac-sha1."
|
||||
HmacSHA256 = "hmac-sha256."
|
||||
HmacSHA512 = "hmac-sha512."
|
||||
)
|
||||
|
||||
// TSIG is the RR the holds the transaction signature of a message.
|
||||
// See RFC 2845 and RFC 4635.
|
||||
type TSIG struct {
|
||||
Hdr RR_Header
|
||||
Algorithm string `dns:"domain-name"`
|
||||
@@ -86,10 +37,6 @@ type TSIG struct {
|
||||
OtherData string `dns:"size-hex"`
|
||||
}
|
||||
|
||||
func (rr *TSIG) Header() *RR_Header {
|
||||
return &rr.Hdr
|
||||
}
|
||||
|
||||
// TSIG has no official presentation format, but this will suffice.
|
||||
|
||||
func (rr *TSIG) String() string {
|
||||
@@ -107,15 +54,6 @@ func (rr *TSIG) String() string {
|
||||
return s
|
||||
}
|
||||
|
||||
func (rr *TSIG) len() int {
|
||||
return rr.Hdr.len() + len(rr.Algorithm) + 1 + 6 +
|
||||
4 + len(rr.MAC)/2 + 1 + 6 + len(rr.OtherData)/2 + 1
|
||||
}
|
||||
|
||||
func (rr *TSIG) copy() RR {
|
||||
return &TSIG{*rr.Hdr.copyHeader(), rr.Algorithm, rr.TimeSigned, rr.Fudge, rr.MACSize, rr.MAC, rr.OrigId, rr.Error, rr.OtherLen, rr.OtherData}
|
||||
}
|
||||
|
||||
// The following values must be put in wireformat, so that the MAC can be calculated.
|
||||
// RFC 2845, section 3.4.2. TSIG Variables.
|
||||
type tsigWireFmt struct {
|
||||
@@ -174,13 +112,15 @@ func TsigGenerate(m *Msg, secret, requestMAC string, timersOnly bool) ([]byte, s
|
||||
|
||||
t := new(TSIG)
|
||||
var h hash.Hash
|
||||
switch rr.Algorithm {
|
||||
switch strings.ToLower(rr.Algorithm) {
|
||||
case HmacMD5:
|
||||
h = hmac.New(md5.New, []byte(rawsecret))
|
||||
case HmacSHA1:
|
||||
h = hmac.New(sha1.New, []byte(rawsecret))
|
||||
case HmacSHA256:
|
||||
h = hmac.New(sha256.New, []byte(rawsecret))
|
||||
case HmacSHA512:
|
||||
h = hmac.New(sha512.New, []byte(rawsecret))
|
||||
default:
|
||||
return nil, "", ErrKeyAlg
|
||||
}
|
||||
@@ -238,13 +178,15 @@ func TsigVerify(msg []byte, secret, requestMAC string, timersOnly bool) error {
|
||||
}
|
||||
|
||||
var h hash.Hash
|
||||
switch tsig.Algorithm {
|
||||
switch strings.ToLower(tsig.Algorithm) {
|
||||
case HmacMD5:
|
||||
h = hmac.New(md5.New, rawsecret)
|
||||
case HmacSHA1:
|
||||
h = hmac.New(sha1.New, rawsecret)
|
||||
case HmacSHA256:
|
||||
h = hmac.New(sha256.New, rawsecret)
|
||||
case HmacSHA512:
|
||||
h = hmac.New(sha512.New, rawsecret)
|
||||
default:
|
||||
return ErrKeyAlg
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user