mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-22 10:10:06 +00:00
Code Issues Releases Wiki Activity
bind/bin/named/tsigconf.c

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

179 lines
4.1 KiB
C
Raw Normal View History

separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library
2000-01-24 19:14:26 +00:00
/*
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library
2000-01-24 19:14:26 +00:00
*
* SPDX-License-Identifier: MPL-2.0
Update the copyright information in all files in the repository This commit converts the license handling to adhere to the REUSE specification. It specifically: 1. Adds used licnses to LICENSES/ directory 2. Add "isc" template for adding the copyright boilerplate 3. Changes all source files to include copyright and SPDX license header, this includes all the C sources, documentation, zone files, configuration files. There are notes in the doc/dev/copyrights file on how to add correct headers to the new files. 4. Handle the rest that can't be modified via .reuse/dep5 file. The binary (or otherwise unmodifiable) files could have license places next to them in <foo>.license file, but this would lead to cluttered repository and most of the files handled in the .reuse/dep5 file are system test files.
2021-06-03 08:37:05 +02:00
*
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library
2000-01-24 19:14:26 +00:00
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
Update license headers to not include years in copyright in all applicable files
2018-02-23 09:53:12 +01:00
*
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library
2000-01-24 19:14:26 +00:00
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
1851. [doc] Doxygen comment markup. [RT #11398]
2005-04-27 04:57:32 +00:00
/*! \file */
add RCS id string
2000-06-22 22:00:42 +00:00
Replace custom isc_u?intNN_t types with C99 u?intNN_t types
2018-03-28 14:19:37 +02:00
#include <inttypes.h>
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library
2000-01-24 19:14:26 +00:00
#include <isc/base64.h>
Megacommit of dozens of files. Cleanup of redundant/useless header file inclusion. ISC style lint, primarily for function declarations and standalone comments -- ie, those that appear on a line without any code, which should be written as follows: /* * This is a comment. */
2000-05-08 14:38:29 +00:00
#include <isc/buffer.h>
#include <isc/mem.h>
Make isc_result a static enum Remove the dynamic registration of result codes. Convert isc_result_t from unsigned + #defines into 32-bit enum type in grand unified <isc/result.h> header. Keep the existing values of the result codes even at the expense of the description and identifier tables being unnecessary large. Additionally, add couple of: switch (result) { [...] default: break; } statements where compiler now complains about missing enum values in the switch statement.
2021-10-04 17:14:53 +02:00
#include <isc/result.h>
Megacommit of dozens of files. Cleanup of redundant/useless header file inclusion. ISC style lint, primarily for function declarations and standalone comments -- ie, those that appear on a line without any code, which should be written as follows: /* * This is a comment. */
2000-05-08 14:38:29 +00:00
#include <isc/string.h>
4774. [bug] <isc/util.h> was incorrectly included in several header files. [RT #46311]
2017-10-19 12:26:32 +11:00
#include <isc/util.h>
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library
2000-01-24 19:14:26 +00:00
Megacommit of dozens of files. Cleanup of redundant/useless header file inclusion. ISC style lint, primarily for function declarations and standalone comments -- ie, those that appear on a line without any code, which should be written as follows: /* * This is a comment. */
2000-05-08 14:38:29 +00:00
#include <dns/tsig.h>
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library
2000-01-24 19:14:26 +00:00
provide a more detailed error message when configuring a TSIG key fails [RT #461]
2000-11-15 00:42:50 +00:00
#include <isccfg/cfg.h>
fix warning
2001-08-03 18:39:50 +00:00
#include <named/config.h>
#include <named/log.h>
Continue move of lib/dns/*conf.c stuff to bin/named
2000-11-27 19:42:38 +00:00
#include <named/tsigconf.h>
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library
2000-01-24 19:14:26 +00:00
static isc_result_t
use ISC_REFCOUNT_IMPL for dns_tsigkey and dns_tsigkeyring use the ISC_REFCOUNT attach/detach implementation in dns/tsig.c so that detailed tracing can be used during refactoring. dns_tsig_keyring_t has been renamed dns_tsigkeyring_t so the type and the attach/detach function names will match.
2023-04-11 11:35:01 -07:00
add_initial_keys(const cfg_obj_t *list, dns_tsigkeyring_t *ring,
1991. [cleanup] The configuration data, once read, should be treated as readonly. Expand the use of const to enforce this at compile time. [RT #15813]
2006-02-28 02:39:52 +00:00
isc_mem_t *mctx) {
1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and HMACSHA512 support. [RT #13606]
2006-01-27 02:35:15 +00:00
dns_tsigkey_t *tsigkey = NULL;
1991. [cleanup] The configuration data, once read, should be treated as readonly. Expand the use of const to enforce this at compile time. [RT #15813]
2006-02-28 02:39:52 +00:00
const cfg_listelt_t *element;
const cfg_obj_t *key = NULL;
1914. [bug] Strings returned from cfg_obj_asstring() should be treated as read-only. The prototype for cfg_obj_asstring() has been updated to reflect this. [RT #15256]
2005-08-23 02:36:11 +00:00
const char *keyid = NULL;
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library
2000-01-24 19:14:26 +00:00
unsigned char *secret = NULL;
int secretalloc = 0;
isc_result_t ret;
Use clang-format to reformat the source files
2020-02-12 13:59:18 +01:00
762. [feature] named now uses the new configuration parser.
2001-03-04 21:21:39 +00:00
for (element = cfg_list_first(list); element != NULL;
element = cfg_list_next(element))
{
1991. [cleanup] The configuration data, once read, should be treated as readonly. Expand the use of const to enforce this at compile time. [RT #15813]
2006-02-28 02:39:52 +00:00
const cfg_obj_t *algobj = NULL;
const cfg_obj_t *secretobj = NULL;
avoid the 'target' buffer in dns_name_fromtext() dns_name_fromtext() stores the converted name in the 'name' passed to it, and optionally also copies it in wire format to a buffer 'target'. this makes the interface unnecessarily complex, and could be simplified by having a different function for each purpose. as a first step, remove uses of the target buffer in calls to dns_name_fromtext() where it wasn't actually needed.
2025-02-21 13:36:57 -08:00
dns_fixedname_t fkey;
dns_name_t *keyname = dns_fixedname_initname(&fkey);
use algorithm number instead of name to create TSIG keys the prior practice of passing a dns_name containing the expanded name of an algorithm to dns_tsigkey_create() and dns_tsigkey_createfromkey() is unnecessarily cumbersome; we can now pass the algorithm number instead.
2023-04-11 19:01:31 -07:00
dst_algorithm_t alg = DST_ALG_UNKNOWN;
minor tsig.c cleanups - style cleanups. - simplify the function parameters to dns_tsigkey_create(): + remove 'restored' and 'generated', they're only ever set to false. + remove 'creator' because it's only ever set to NULL. + remove 'inception' and 'expiry' because they're only ever set to (0, 0) or (now, now), and either way, this means "never expire". + remove 'ring' because we can just use dns_tsigkeyring_add() instead. - rename dns_keyring_restore() to dns_tsigkeyring_restore() to match the rest of the functions operating on dns_tsigkeyring objects.
2023-04-10 23:46:10 -07:00
const char *algstr = NULL;
avoid the 'target' buffer in dns_name_fromtext() dns_name_fromtext() stores the converted name in the 'name' passed to it, and optionally also copies it in wire format to a buffer 'target'. this makes the interface unnecessarily complex, and could be simplified by having a different function for each purpose. as a first step, remove uses of the target buffer in calls to dns_name_fromtext() where it wasn't actually needed.
2025-02-21 13:36:57 -08:00
isc_buffer_t keynamesrc;
minor tsig.c cleanups - style cleanups. - simplify the function parameters to dns_tsigkey_create(): + remove 'restored' and 'generated', they're only ever set to false. + remove 'creator' because it's only ever set to NULL. + remove 'inception' and 'expiry' because they're only ever set to (0, 0) or (now, now), and either way, this means "never expire". + remove 'ring' because we can just use dns_tsigkeyring_add() instead. - rename dns_keyring_restore() to dns_tsigkeyring_restore() to match the rest of the functions operating on dns_tsigkeyring objects.
2023-04-10 23:46:10 -07:00
const char *secretstr = NULL;
Use isc_base64_decodestring() instead of an explicit lexer.
2000-07-18 01:14:17 +00:00
isc_buffer_t secretbuf;
minor tsig.c cleanups - style cleanups. - simplify the function parameters to dns_tsigkey_create(): + remove 'restored' and 'generated', they're only ever set to false. + remove 'creator' because it's only ever set to NULL. + remove 'inception' and 'expiry' because they're only ever set to (0, 0) or (now, now), and either way, this means "never expire". + remove 'ring' because we can just use dns_tsigkeyring_add() instead. - rename dns_keyring_restore() to dns_tsigkeyring_restore() to match the rest of the functions operating on dns_tsigkeyring objects.
2023-04-10 23:46:10 -07:00
int secretlen = 0;
uint16_t bits;
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library
2000-01-24 19:14:26 +00:00
762. [feature] named now uses the new configuration parser.
2001-03-04 21:21:39 +00:00
key = cfg_listelt_value(element);
keyid = cfg_obj_asstring(cfg_map_getname(key));
algobj = NULL;
secretobj = NULL;
(void)cfg_map_get(key, "algorithm", &algobj);
(void)cfg_map_get(key, "secret", &secretobj);
INSIST(algobj != NULL && secretobj != NULL);
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library
2000-01-24 19:14:26 +00:00
Megacommit of dozens of files. Cleanup of redundant/useless header file inclusion. ISC style lint, primarily for function declarations and standalone comments -- ie, those that appear on a line without any code, which should be written as follows: /* * This is a comment. */
2000-05-08 14:38:29 +00:00
/*
* Create the key name.
*/
3437. [bug] isc_buffer_init -> isc_buffer_constinit to initialise buffers with constant data. [RT #32064] Squashed commit of the following: commit 3433b96bf11f8c90ccbe412f01d02a6d8bbc2d33 Author: Mark Andrews <marka@isc.org> Date: Sat Dec 8 12:41:16 2012 +1100 isc_buffer_init -> isc_buffer_constinit commit c22dbcc1122a0a44f7b46068e0ccbc25353a57d5 Author: Mark Andrews <marka@isc.org> Date: Sat Dec 8 12:38:39 2012 +1100 isc_buffer_init -> isc_buffer_constinit commit 900820416c45c1887d0d22d7a010df60a903bd56 Author: Mark Andrews <marka@isc.org> Date: Sat Dec 8 12:24:19 2012 +1100 remove isc_buffer_reconstinit commit f815711c17b05f9961786a90b9bae902d3c01494 Author: Mark Andrews <marka@isc.org> Date: Wed Dec 5 15:42:57 2012 +1100 add isc_buffer_constinit
2012-12-08 12:48:57 +11:00
isc_buffer_constinit(&keynamesrc, keyid, strlen(keyid));
762. [feature] named now uses the new configuration parser.
2001-03-04 21:21:39 +00:00
isc_buffer_add(&keynamesrc, strlen(keyid));
avoid the 'target' buffer in dns_name_fromtext() dns_name_fromtext() stores the converted name in the 'name' passed to it, and optionally also copies it in wire format to a buffer 'target'. this makes the interface unnecessarily complex, and could be simplified by having a different function for each purpose. as a first step, remove uses of the target buffer in calls to dns_name_fromtext() where it wasn't actually needed.
2025-02-21 13:36:57 -08:00
ret = dns_name_fromtext(keyname, &keynamesrc, dns_rootname,
simplify dns_name_fromtext() interface previously, dns_name_fromtext() took both a target name and an optional target buffer parameter, which could override the name's dedicated buffer. this interface is unnecessarily complex. we now have two functions, dns_name_fromtext() to convert text into a dns_name that has a dedicated buffer, and dns_name_wirefromtext() to convert text into uncompressed DNS wire format and append it to a target buffer. in cases where it really is necessary to have both, we can use dns_name_fromtext() to load the dns_name, then dns_name_towire() to append the wire format to the target buffer.
2025-02-22 00:11:38 -08:00
DNS_NAME_DOWNCASE);
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library
2000-01-24 19:14:26 +00:00
if (ret != ISC_R_SUCCESS) {
goto failure;
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library
2000-01-24 19:14:26 +00:00
Megacommit of dozens of files. Cleanup of redundant/useless header file inclusion. ISC style lint, primarily for function declarations and standalone comments -- ie, those that appear on a line without any code, which should be written as follows: /* * This is a comment. */
2000-05-08 14:38:29 +00:00
/*
* Create the algorithm.
*/
check for hmac-md5.sig-alg.reg.int as well as just hmac-md5 in key statements.
2001-06-10 02:37:08 +00:00
algstr = cfg_obj_asstring(algobj);
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
if (named_config_getkeyalgorithm(algstr, &alg, &bits) !=
Update sources to Clang 15 formatting
2022-11-02 19:33:14 +01:00
ISC_R_SUCCESS)
{
Remove logging context (isc_log_t) from the public namespace Now that the logging uses single global context, remove the isc_log_t from the public namespace.
2024-08-13 18:20:26 +02:00
cfg_obj_log(algobj, ISC_LOG_ERROR,
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
"key '%s': has a "
"unsupported algorithm '%s'",
1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and HMACSHA512 support. [RT #13606]
2006-01-27 02:35:15 +00:00
keyid, algstr);
762. [feature] named now uses the new configuration parser.
2001-03-04 21:21:39 +00:00
ret = DNS_R_BADALG;
goto failure;
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library
2000-01-24 19:14:26 +00:00
}
762. [feature] named now uses the new configuration parser.
2001-03-04 21:21:39 +00:00
secretstr = cfg_obj_asstring(secretobj);
secretalloc = secretlen = strlen(secretstr) * 3 / 4;
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library
2000-01-24 19:14:26 +00:00
secret = isc_mem_get(mctx, secretlen);
103. [func] libisc buffer API changes for <isc/buffer.h>: Added: isc_buffer_base(b) (pointer) isc_buffer_current(b) (pointer) isc_buffer_active(b) (pointer) isc_buffer_used(b) (pointer) isc_buffer_length(b) (int) isc_buffer_usedlength(b) (int) isc_buffer_consumedlength(b) (int) isc_buffer_remaininglength(b) (int) isc_buffer_activelength(b) (int) isc_buffer_availablelength(b) (int) Removed: ISC_BUFFER_USEDCOUNT(b) ISC_BUFFER_AVAILABLECOUNT(b) isc_buffer_type(b) Changed names: isc_buffer_used(b, r) -> isc_buffer_usedregion(b, r) isc_buffer_available(b, r) -> isc_buffer_available_region(b, r) isc_buffer_consumed(b, r) -> isc_buffer_consumedregion(b, r) isc_buffer_active(b, r) -> isc_buffer_activeregion(b, r) isc_buffer_remaining(b, r) -> isc_buffer_remainingregion(b, r) Buffer types were removed, so the ISC_BUFFERTYPE_* macros are no more, and the type argument to isc_buffer_init and isc_buffer_allocate were removed. isc_buffer_putstr is now void (instead of isc_result_t) and requires that the caller ensure that there is enough available buffer space for the string.
2000-04-27 00:03:12 +00:00
isc_buffer_init(&secretbuf, secret, secretlen);
isc_{base64|hex}_decodestring took an unused mctx. Remove the mctx.
2001-03-22 00:07:07 +00:00
ret = isc_base64_decodestring(secretstr, &secretbuf);
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library
2000-01-24 19:14:26 +00:00
if (ret != ISC_R_SUCCESS) {
goto failure;
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
103. [func] libisc buffer API changes for <isc/buffer.h>: Added: isc_buffer_base(b) (pointer) isc_buffer_current(b) (pointer) isc_buffer_active(b) (pointer) isc_buffer_used(b) (pointer) isc_buffer_length(b) (int) isc_buffer_usedlength(b) (int) isc_buffer_consumedlength(b) (int) isc_buffer_remaininglength(b) (int) isc_buffer_activelength(b) (int) isc_buffer_availablelength(b) (int) Removed: ISC_BUFFER_USEDCOUNT(b) ISC_BUFFER_AVAILABLECOUNT(b) isc_buffer_type(b) Changed names: isc_buffer_used(b, r) -> isc_buffer_usedregion(b, r) isc_buffer_available(b, r) -> isc_buffer_available_region(b, r) isc_buffer_consumed(b, r) -> isc_buffer_consumedregion(b, r) isc_buffer_active(b, r) -> isc_buffer_activeregion(b, r) isc_buffer_remaining(b, r) -> isc_buffer_remainingregion(b, r) Buffer types were removed, so the ISC_BUFFERTYPE_* macros are no more, and the type argument to isc_buffer_init and isc_buffer_allocate were removed. isc_buffer_putstr is now void (instead of isc_result_t) and requires that the caller ensure that there is enough available buffer space for the string.
2000-04-27 00:03:12 +00:00
secretlen = isc_buffer_usedlength(&secretbuf);
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library
2000-01-24 19:14:26 +00:00
avoid the 'target' buffer in dns_name_fromtext() dns_name_fromtext() stores the converted name in the 'name' passed to it, and optionally also copies it in wire format to a buffer 'target'. this makes the interface unnecessarily complex, and could be simplified by having a different function for each purpose. as a first step, remove uses of the target buffer in calls to dns_name_fromtext() where it wasn't actually needed.
2025-02-21 13:36:57 -08:00
ret = dns_tsigkey_create(keyname, alg, secret, secretlen, mctx,
minor tsig.c cleanups - style cleanups. - simplify the function parameters to dns_tsigkey_create(): + remove 'restored' and 'generated', they're only ever set to false. + remove 'creator' because it's only ever set to NULL. + remove 'inception' and 'expiry' because they're only ever set to (0, 0) or (now, now), and either way, this means "never expire". + remove 'ring' because we can just use dns_tsigkeyring_add() instead. - rename dns_keyring_restore() to dns_tsigkeyring_restore() to match the rest of the functions operating on dns_tsigkeyring objects.
2023-04-10 23:46:10 -07:00
&tsigkey);
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library
2000-01-24 19:14:26 +00:00
isc_mem_put(mctx, secret, secretalloc);
secret = NULL;
minor tsig.c cleanups - style cleanups. - simplify the function parameters to dns_tsigkey_create(): + remove 'restored' and 'generated', they're only ever set to false. + remove 'creator' because it's only ever set to NULL. + remove 'inception' and 'expiry' because they're only ever set to (0, 0) or (now, now), and either way, this means "never expire". + remove 'ring' because we can just use dns_tsigkeyring_add() instead. - rename dns_keyring_restore() to dns_tsigkeyring_restore() to match the rest of the functions operating on dns_tsigkeyring objects.
2023-04-10 23:46:10 -07:00
if (ret == ISC_R_SUCCESS) {
convert TSIG keyring storage from RBT to hash table since it is not necessary to find partial matches when looking up names in a TSIG keyring, we can use a hash table instead of an RBT to store them. the tsigkey object now stores the key name as a dns_fixedname rather than allocating memory for it. the `name` parameter to dns_tsigkeyring_add() has been removed; it was unneeded since the tsigkey object already contains a copy of the name. the opportunistic cleanup_ring() function has been removed; it was only slowing down lookups.
2023-04-12 00:14:04 -07:00
ret = dns_tsigkeyring_add(ring, tsigkey);
minor tsig.c cleanups - style cleanups. - simplify the function parameters to dns_tsigkey_create(): + remove 'restored' and 'generated', they're only ever set to false. + remove 'creator' because it's only ever set to NULL. + remove 'inception' and 'expiry' because they're only ever set to (0, 0) or (now, now), and either way, this means "never expire". + remove 'ring' because we can just use dns_tsigkeyring_add() instead. - rename dns_keyring_restore() to dns_tsigkeyring_restore() to match the rest of the functions operating on dns_tsigkeyring objects.
2023-04-10 23:46:10 -07:00
}
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library
2000-01-24 19:14:26 +00:00
if (ret != ISC_R_SUCCESS) {
minor tsig.c cleanups - style cleanups. - simplify the function parameters to dns_tsigkey_create(): + remove 'restored' and 'generated', they're only ever set to false. + remove 'creator' because it's only ever set to NULL. + remove 'inception' and 'expiry' because they're only ever set to (0, 0) or (now, now), and either way, this means "never expire". + remove 'ring' because we can just use dns_tsigkeyring_add() instead. - rename dns_keyring_restore() to dns_tsigkeyring_restore() to match the rest of the functions operating on dns_tsigkeyring objects.
2023-04-10 23:46:10 -07:00
if (tsigkey != NULL) {
dns_tsigkey_detach(&tsigkey);
}
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library
2000-01-24 19:14:26 +00:00
goto failure;
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and HMACSHA512 support. [RT #13606]
2006-01-27 02:35:15 +00:00
/*
* Set digest bits.
*/
dst_key_setbits(tsigkey->key, bits);
dns_tsigkey_detach(&tsigkey);
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library
2000-01-24 19:14:26 +00:00
}
762. [feature] named now uses the new configuration parser.
2001-03-04 21:21:39 +00:00
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library
2000-01-24 19:14:26 +00:00
return ISC_R_SUCCESS;
762. [feature] named now uses the new configuration parser.
2001-03-04 21:21:39 +00:00
failure:
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library
2000-01-24 19:14:26 +00:00
if (secret != NULL) {
Use isc_base64_decodestring() instead of an explicit lexer.
2000-07-18 01:14:17 +00:00
isc_mem_put(mctx, secret, secretalloc);
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
Remove logging context (isc_log_t) from the public namespace Now that the logging uses single global context, remove the isc_log_t from the public namespace.
2024-08-13 18:20:26 +02:00
cfg_obj_log(key, ISC_LOG_ERROR, "configuring key '%s': %s", keyid,
isc_result_totext(ret));
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library
2000-01-24 19:14:26 +00:00
return ret;
}
isc_result_t
[master] add libns and remove liblwres 4708. [cleanup] Legacy Windows builds (i.e. for XP and earlier) are no longer supported. [RT #45186] 4707. [func] The lightweight resolver daemon and library (lwresd and liblwres) have been removed. [RT #45186] 4706. [func] Code implementing name server query processing has been moved from bin/named to a new library "libns". Functions remaining in bin/named are now prefixed with "named_" rather than "ns_". This will make it easier to write unit tests for name server code, or link name server functionality into new tools. [RT #45186]
2017-09-08 13:39:09 -07:00
named_tsigkeyring_fromconfig(const cfg_obj_t *config, const cfg_obj_t *vconfig,
use ISC_REFCOUNT_IMPL for dns_tsigkey and dns_tsigkeyring use the ISC_REFCOUNT attach/detach implementation in dns/tsig.c so that detailed tracing can be used during refactoring. dns_tsig_keyring_t has been renamed dns_tsigkeyring_t so the type and the attach/detach function names will match.
2023-04-11 11:35:01 -07:00
isc_mem_t *mctx, dns_tsigkeyring_t **ringp) {
1991. [cleanup] The configuration data, once read, should be treated as readonly. Expand the use of const to enforce this at compile time. [RT #15813]
2006-02-28 02:39:52 +00:00
const cfg_obj_t *maps[3];
const cfg_obj_t *keylist;
use ISC_REFCOUNT_IMPL for dns_tsigkey and dns_tsigkeyring use the ISC_REFCOUNT attach/detach implementation in dns/tsig.c so that detailed tracing can be used during refactoring. dns_tsig_keyring_t has been renamed dns_tsigkeyring_t so the type and the attach/detach function names will match.
2023-04-11 11:35:01 -07:00
dns_tsigkeyring_t *ring = NULL;
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library
2000-01-24 19:14:26 +00:00
isc_result_t result;
762. [feature] named now uses the new configuration parser.
2001-03-04 21:21:39 +00:00
int i;
2609. [func] Simplify the configuration of dynamic zones: - add ddns-confgen command to generate configuration text for named.conf - add zone option "ddns-autoconf yes;", which causes named to generate a TSIG session key and allow updates to the zone using that key - add '-l' (localhost) option to nsupdate, which causes nsupdate to connect to a locally-running named process using the session key generated by named [RT #19284]
2009-06-10 00:27:22 +00:00
REQUIRE(ringp != NULL && *ringp == NULL);
762. [feature] named now uses the new configuration parser.
2001-03-04 21:21:39 +00:00
i = 0;
if (config != NULL) {
maps[i++] = config;
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
762. [feature] named now uses the new configuration parser.
2001-03-04 21:21:39 +00:00
if (vconfig != NULL) {
maps[i++] = cfg_tuple_get(vconfig, "options");
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
762. [feature] named now uses the new configuration parser.
2001-03-04 21:21:39 +00:00
maps[i] = NULL;
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library
2000-01-24 19:14:26 +00:00
convert TSIG keyring storage from RBT to hash table since it is not necessary to find partial matches when looking up names in a TSIG keyring, we can use a hash table instead of an RBT to store them. the tsigkey object now stores the key name as a dns_fixedname rather than allocating memory for it. the `name` parameter to dns_tsigkeyring_add() has been removed; it was unneeded since the tsigkey object already contains a copy of the name. the opportunistic cleanup_ring() function has been removed; it was only slowing down lookups.
2023-04-12 00:14:04 -07:00
dns_tsigkeyring_create(mctx, &ring);
Wired up the view-specific 'key' statement.
2000-05-25 22:06:51 +00:00
762. [feature] named now uses the new configuration parser.
2001-03-04 21:21:39 +00:00
for (i = 0;; i++) {
if (maps[i] == NULL) {
break;
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
deal with the default view
2000-05-25 22:10:29 +00:00
keylist = NULL;
762. [feature] named now uses the new configuration parser.
2001-03-04 21:21:39 +00:00
result = cfg_map_get(maps[i], "key", &keylist);
if (result != ISC_R_SUCCESS) {
continue;
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
762. [feature] named now uses the new configuration parser.
2001-03-04 21:21:39 +00:00
result = add_initial_keys(keylist, ring, mctx);
deal with the default view
2000-05-25 22:10:29 +00:00
if (result != ISC_R_SUCCESS) {
goto failure;
Use clang-tidy to add curly braces around one-line statements The command used to reformat the files in this commit was: ./util/run-clang-tidy \ -clang-tidy-binary clang-tidy-11 -clang-apply-replacements-binary clang-apply-replacements-11 \ -checks=-*,readability-braces-around-statements \ -j 9 \ -fix \ -format \ -style=file \ -quiet clang-format -i --style=format $(git ls-files '*.c' '*.h') uncrustify -c .uncrustify.cfg --replace --no-backup $(git ls-files '*.c' '*.h') clang-format -i --style=format $(git ls-files '*.c' '*.h')
2020-02-13 21:48:23 +01:00
}
deal with the default view
2000-05-25 22:10:29 +00:00
}
Wired up the view-specific 'key' statement.
2000-05-25 22:06:51 +00:00
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library
2000-01-24 19:14:26 +00:00
*ringp = ring;
return ISC_R_SUCCESS;
failure:
3006. [func] Allow dynamically generated TSIG keys to be preserved across restarts of named. Initially this is for TSIG keys generated using GSSAPI. [RT #22639]
2011-01-10 05:32:04 +00:00
dns_tsigkeyring_detach(&ring);
separated BIND specific configuration code from rest of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for consistency with rest of library
2000-01-24 19:14:26 +00:00
return result;
}
Reference in New Issue Copy Permalink