ns_sign_tcp man page on BSDi

Man page or keyword search:  
man Server   6284 pages
apropos Keyword Search (all sections)
Output format
BSDi logo
[printable version]

TSIG(2)			    BSD Programmer's Manual		       TSIG(2)

NAME
     ns_sign, ns_sign_tcp, ns_sign_tcp_init, ns_verify, ns_verify_tcp,
     ns_verify_tcp_init, ns_find_tsig - TSIG system

SYNOPSIS
     int
     ns_sign(u_char *msg, int *msglen, int msgsize, int error, void *k,
	     const u_char *querysig, int querysiglen, u_char *sig,
	     int *siglen, time_t in_timesigned);

     int
     ns_sign_tcp(u_char *msg, int *msglen, int msgsize, int error,
	     ns_tcp_tsig_state *state, int done);

     int
     ns_sign_tcp_init(void *k, const u_char *querysig, int querysiglen,
	     ns_tcp_tsig_state *state);

     int
     ns_verify(u_char *msg, int *msglen, void *k, const u_char *querysig,
	     int querysiglen, u_char *sig, int *siglen, time_t in_timesigned,
	     int nostrip);

     int
     ns_verify_tcp(u_char *msg, int *msglen, ns_tcp_tsig_state *state,
	     int required);

     int
     ns_verify_tcp_init(void *k, const u_char *querysig, int querysiglen,
	     ns_tcp_tsig_state *state);

     u_char *
     ns_find_tsig(u_char *msg, u_char *eom);

DESCRIPTION
     The TSIG routines are used to implement transaction/request security of
     DNS messages.

     ns_sign() and ns_verify() are the basic routines.	ns_sign_tcp() and
     ns_verify_tcp() are used to sign/verify TCP messages that may be split
     into multiple packets, such as zone transfers, and ns_sign_tcp_init,()
     ns_verify_tcp_init() initialize the state structure necessary for TCP op-
     erations.	ns_find_tsig() locates the TSIG record in a message, if one is
     present.

     ns_sign()
	   msg		  the incoming DNS message, which will be modified
	   msglen	  the length of the DNS message, on input and output
	   msgsize	  the size of the buffer containing the DNS message on
			  input
	   error	  the value to be placed in the TSIG error field
	   key		  the (DST_KEY *) to sign the data
	   querysig	  for a response, the signature contained in the query
	   querysiglen	  the length of the query signature
	   sig		  a buffer to be filled with the generated signature
	   siglen	  the length of the signature buffer on input, the
			  signature length on output

     ns_sign_tcp()
	   msg		  the incoming DNS message, which will be modified
	   msglen	  the length of the DNS message, on input and output
	   msgsize	  the size of the buffer containing the DNS message on

			  input
	   error	  the value to be placed in the TSIG error field
	   state	  the state of the operation
	   done		  non-zero value signifies that this is the last pack-
			  et

     ns_sign_tcp_init()
	   k		  the (DST_KEY *) to sign the data
	   querysig	  for a response, the signature contained in the query
	   querysiglen	  the length of the query signature
	   state	  the state of the operation, which this initializes

     ns_verify()
	   msg		  the incoming DNS message, which will be modified
	   msglen	  the length of the DNS message, on input and output
	   key		  the (DST_KEY *) to sign the data
	   querysig	  for a response, the signature contained in the query
	   querysiglen	  the length of the query signature
	   sig		  a buffer to be filled with the signature contained
	   siglen	  the length of the signature buffer on input, the
			  signature length on output
	   nostrip	  non-zero value means that the TSIG is left intact

     ns_verify_tcp()
	   msg		  the incoming DNS message, which will be modified
	   msglen	  the length of the DNS message, on input and output
	   state	  the state of the operation
	   required	  non-zero value signifies that a TSIG record must be
			  present at this step

     ns_verify_tcp_init()
	   k		  the (DST_KEY *) to verify the data
	   querysig	  for a response, the signature contained in the query
	   querysiglen	  the length of the query signature
	   state	  the state of the operation, which this initializes

     ns_find_tsig()
	   msg		  the incoming DNS message
	   msglen	  the length of the DNS message

RETURN VALUES
     ns_find_tsig() returns a pointer to the TSIG record if one is found, and
     NULL otherwise.

     All other routines return 0 on success, modifying arguments when neces-
     sary.

     ns_sign() and ns_sign_tcp() return the following errors:
	   (-1)			   bad input data
	   (-ns_r_badkey)	   The key was invalid, or the signing failed
	   NS_TSIG_ERROR_NO_SPACE  the message buffer is too small.

     ns_verify() and ns_verify_tcp() return the following errors:
	   (-1)			   bad input data
	   NS_TSIG_ERROR_FORMERR   The message is malformed
	   NS_TSIG_ERROR_NO_TSIG   The message does not contain a TSIG record
	   NS_TSIG_ERROR_ID_MISMATCH
				   The TSIG original ID field does not match
				   the message ID
	   (-ns_r_badkey)	   Verification failed due to an invalid key
	   (-ns_r_badsig)	   Verification failed due to an invalid sig-
				   nature
	   (-ns_r_badtime)	   Verification failed due to an invalid
				   timestamp
	   ns_r_badkey		   Verification succeeded but the message had

				   an error of BADKEY
	   ns_r_badsig		   Verification succeeded but the message had
				   an error of BADSIG
	   ns_r_badtime		   Verification succeeded but the message had
				   an error of BADTIME

SEE ALSO
     resolver(3).

AUTHORS
     Brian Wellington, TISLabs at Network Associates

4th Berkeley Distribution	January 1, 1996				     3
[top]

List of man pages available for BSDi

Copyright (c) for man pages and the logo by the respective OS vendor.

For those who want to learn more, the polarhome community provides shell access and support.

[legal] [privacy] [GNU] [policy] [cookies] [netiquette] [sponsors] [FAQ]
Tweet
Polarhome, production since 1999.
Member of Polarhome portal.
Based on Fawad Halim's script.
....................................................................
Vote for polarhome
Free Shell Accounts :: the biggest list on the net