windows-server-2003/ds/dns/dnslib/dnssec.h

/*++

Copyright (c) 1997-2001 Microsoft Corporation

Module Name:

    dnssec.h

Abstract:

    Domain Name System (DNS) Library

    Private security definitions.
    This header necessary to provide defs to client secure update
    routines which are in dnsapi (update.c).

Author:

    Jim Gilroy (jamesg)     November 1997

Revision History:

--*/


#ifndef _DNS_DNSSEC_INCLUDED_
#define _DNS_DNSSEC_INCLUDED_


#define SECURITY_WIN32
#include "sspi.h"
#include "issperr.h"


//
//  Context "key" for TKEYs
//

typedef struct _DNS_SECCTXT_KEY
{
    DNS_ADDR        RemoteAddr;
    PSTR            pszTkeyName;
    PSTR            pszClientContext;
    PWSTR           pwsCredKey;
}
DNS_SECCTXT_KEY, *PDNS_SECCTXT_KEY;

//
//  Security context
//

typedef struct _DnsSecurityContext
{
    struct _DnsSecurityContext * pNext;

    struct _SecHandle   hSecHandle;

    DNS_SECCTXT_KEY     Key;
    CredHandle          CredHandle;

    //  context info

    DWORD               Version;
    WORD                TkeySize;

    //  context state

    BOOL                fClient;
    BOOL                fHaveCredHandle;
    BOOL                fHaveSecHandle;
    BOOL                fNegoComplete;
    DWORD               UseCount;

    //  timeout

    DWORD               dwCreateTime;
    DWORD               dwCleanupTime;
    DWORD               dwExpireTime;
}
SEC_CNTXT, *PSEC_CNTXT;


//
//  Security session info.
//  Held only during interaction, not cached
//

typedef struct _SecPacketInfo
{
    PSEC_CNTXT          pSecContext;

    SecBuffer           RemoteBuf;
    SecBuffer           LocalBuf;

    PDNS_HEADER         pMsgHead;
    PCHAR               pMsgEnd;

    PDNS_RECORD         pTsigRR;
    PDNS_RECORD         pTkeyRR;
    PCHAR               pszContextName;

    DNS_PARSED_RR       ParsedRR;

    //  client must save signature of query to verify sig on response

    PCHAR               pQuerySig;
    WORD                QuerySigLength;

    WORD                ExtendedRcode;

    //  version on TKEY \ TSIG

    DWORD               TkeyVersion;
}
SECPACK, *PSECPACK;


#endif  // _DNS_DNSSEC_INCLUDED_