Resolver Library Functions ns_sign(3RESOLV)
NAME
ns_sign, ns_sign_tcp, ns_sign_tcp_init, ns_verify,
ns_verify_tcp, ns_verify_tcp_init, ns_find_tsig - TSIG sys-
temSYNOPSIS
cc [ flag... ] file... -lresolv -lsocket -lnsl [ library...]
#include
#include
#include
#include
int ns_sign(u_char *msg, int *msglen, int msgsize, int error, void *k,
const u_char *querysig, int querysiglen, u_char *sig, int *siglen,
time_t in_timesigned);
int ns_sign_tcp(u_char *msg, int *msglen, int msgsize, int error,
ns_tcp_tsig_state *state, int done);
int ns_sign_tcp_init(void *k, const u_char *querysig, int querysiglen,
ns_tcp_tsig_state *state);
int ns_verify(u_char *msg, int *msglen, void *k, const u_char *querysig,
int querysiglen, u_char *sig, int *siglen, time_t in_timesigned,
int nostrip);int ns_verify_tcp(u_char *msg, int *msglen, ns_tcp_tsig_state *state,
int required);int ns_verify_tcp_init(void *k, const u_char *querysig, int querysiglen,
ns_tcp_tsig_state *state);
u_char *ns_find_tsig(u_char *msg, u_char *eom);
PARAMETERS
ns_sign()
msg the incoming DNS message, which will be modi-
fied msglen the length of the DNS message, on input and outputSunOS 5.11 Last change: 11 Nov 2009 1
Resolver Library Functions ns_sign(3RESOLV)
msgsize the size of the buffer containing the DNS message on input error the value to be placed in the TSIG error fieldk the (DST_KEY *) to sign the data
querysig for a response, the signature contained in the query querysiglen the length of the query signaturesig a buffer to be filled with the generated sig-
nature siglen the length of the signature buffer on input, the signature length on outputns_sign_tcp()
msg the incoming DNS message, which will be modifiedmsglen the length of the DNS message, on input and out-
put msgsize the size of the buffer containing the DNS message on input error the value to be placed in the TSIG error field state the state of the operationdone non-zero value signifies that this is the last
packetns_sign_tcp_init()
k the (DST_KEY *) to sign the data
SunOS 5.11 Last change: 11 Nov 2009 2
Resolver Library Functions ns_sign(3RESOLV)
querysig for a response, the signature contained in the query querysiglen the length of the query signaturestate the state of the operation, which this ini-
tializesns_verify()
msg the incoming DNS message, which will be modi-
fied msglen the length of the DNS message, on input and outputk the (DST_KEY *) to sign the data
querysig for a response, the signature contained in the query querysiglen the length of the query signaturesig a buffer to be filled with the signature con-
tained siglen the length of the signature buffer on input, the signature length on outputnostrip non-zero value means that the TSIG is left
intactns_verify_tcp()
msg the incoming DNS message, which will be modifiedmsglen the length of the DNS message, on input and out-
put state the state of the operationSunOS 5.11 Last change: 11 Nov 2009 3
Resolver Library Functions ns_sign(3RESOLV)
required non-zero value signifies that a TSIG record must
be present at this stepns_verify_tcp_init()
k the (DST_KEY *) to verify the dat
querysig for a response, the signature contained in the quer querysiglen the length of the query signaturestate the state of the operation, which this ini-
tializesns_find_tsig()
msg the incoming DNS messag eom the length of the DNS messageDESCRIPTION
The TSIG functions are used to implement transaction/request security of DNS messages.The ns_sign() and ns_verify() functions are the basic rou-
tines. The ns_sign_tcp() and ns_verify_tcp() functions are
used to sign/verify TCP messages that may be split into mul-
tiple packets, such as zone transfers. Thens_sign_tcp_init() and ns_verify_tcp_init() functions ini-
tialize the state structure necessary for TCP operations.The ns_find_tsig() function locates the TSIG record in a
message if one is present.RETURN VALUES
The ns_find_tsig() function returns a pointer to the TSIG
record if one is found, and NULL otherwise. All other functions return 0 on success, modifying arguments when necessary.The ns_sign() and ns_sign_tcp() functions return the follow-
ing values:SunOS 5.11 Last change: 11 Nov 2009 4
Resolver Library Functions ns_sign(3RESOLV)
-1 bad input data
-ns_r_badkey The key was invalid or the signing
failed.NS_TSIG_ERROR_NO_SPACE The message buffer is too small.
The ns_verify() and ns_verify_tcp() functions return the
following values:-1 bad input data
NS_TSIG_ERROR_FORMERR The message is malformed.
NS_TSIG_ERROR_NO_TSIG The message does not contain a
TSIG record.NS_TSIG_ERROR_ID_MISMATCH The TSIG original ID field does
not match the message ID.-ns_r_badkey Verification failed due to an
invalid key.-ns_r_badsig Verification failed due to an
invalid signature.-ns_r_badtime Verification failed due to an
invalid timestamp.ns_r_badkey Verification succeeded but the
message had an error of BADKEY.ns_r_badsig Verification succeeded but the
message had an error of BADSIG.ns_r_badtime Verification succeeded but the
message had an error of BAD-
TIME.SunOS 5.11 Last change: 11 Nov 2009 5
Resolver Library Functions ns_sign(3RESOLV)
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Interface Stability | Committed ||_____________________________|_____________________________|
| MT-Level | MT-Safe |
|_____________________________|_____________________________|
SEE ALSO
resolver(3RESOLV), attributes(5)SunOS 5.11 Last change: 11 Nov 2009 6