2000-01-24 19:14:26 +00:00
|
|
|
/*
|
2018-02-23 09:53:12 +01:00
|
|
|
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
|
2000-08-01 01:33:37 +00:00
|
|
|
*
|
2016-06-27 14:56:38 +10:00
|
|
|
* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
2020-09-14 16:20:40 -07:00
|
|
|
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
|
2018-02-23 09:53:12 +01:00
|
|
|
*
|
|
|
|
|
* See the COPYRIGHT file distributed with this work for additional
|
|
|
|
|
* information regarding copyright ownership.
|
2000-01-24 19:14:26 +00:00
|
|
|
*/
|
|
|
|
|
|
2005-04-27 04:57:32 +00:00
|
|
|
/*! \file */
|
2000-06-22 22:00:42 +00:00
|
|
|
|
2018-03-28 14:19:37 +02:00
|
|
|
#include <inttypes.h>
|
|
|
|
|
|
2000-01-24 19:14:26 +00:00
|
|
|
#include <isc/base64.h>
|
2000-05-08 14:38:29 +00:00
|
|
|
#include <isc/buffer.h>
|
|
|
|
|
#include <isc/mem.h>
|
2021-10-04 17:14:53 +02:00
|
|
|
#include <isc/result.h>
|
2000-05-08 14:38:29 +00:00
|
|
|
#include <isc/string.h>
|
2017-10-19 12:26:32 +11:00
|
|
|
#include <isc/util.h>
|
2000-01-24 19:14:26 +00:00
|
|
|
|
2020-02-12 13:59:18 +01:00
|
|
|
#include <dns/tsig.h>
|
2000-01-24 19:14:26 +00:00
|
|
|
|
2020-02-12 13:59:18 +01:00
|
|
|
#include <isccfg/cfg.h>
|
2000-11-15 00:42:50 +00:00
|
|
|
|
2001-08-03 18:39:50 +00:00
|
|
|
#include <named/config.h>
|
2020-02-12 13:59:18 +01:00
|
|
|
#include <named/log.h>
|
2000-11-27 19:42:38 +00:00
|
|
|
#include <named/tsigconf.h>
|
|
|
|
|
|
2000-01-24 19:14:26 +00:00
|
|
|
static isc_result_t
|
2006-02-28 02:39:52 +00:00
|
|
|
add_initial_keys(const cfg_obj_t *list, dns_tsig_keyring_t *ring,
|
2020-02-13 14:44:37 -08:00
|
|
|
isc_mem_t *mctx) {
|
|
|
|
|
dns_tsigkey_t *tsigkey = NULL;
|
2006-02-28 02:39:52 +00:00
|
|
|
const cfg_listelt_t *element;
|
2020-02-13 14:44:37 -08:00
|
|
|
const cfg_obj_t *key = NULL;
|
|
|
|
|
const char *keyid = NULL;
|
|
|
|
|
unsigned char *secret = NULL;
|
|
|
|
|
int secretalloc = 0;
|
|
|
|
|
int secretlen = 0;
|
|
|
|
|
isc_result_t ret;
|
|
|
|
|
isc_stdtime_t now;
|
|
|
|
|
uint16_t bits;
|
2020-02-12 13:59:18 +01:00
|
|
|
|
|
|
|
|
for (element = cfg_list_first(list); element != NULL;
|
2020-02-13 14:44:37 -08:00
|
|
|
element = cfg_list_next(element))
|
|
|
|
|
{
|
|
|
|
|
const cfg_obj_t *algobj = NULL;
|
|
|
|
|
const cfg_obj_t *secretobj = NULL;
|
|
|
|
|
dns_name_t keyname;
|
2016-12-30 15:45:08 +11:00
|
|
|
const dns_name_t *alg;
|
2020-02-13 14:44:37 -08:00
|
|
|
const char *algstr;
|
|
|
|
|
char keynamedata[1024];
|
|
|
|
|
isc_buffer_t keynamesrc, keynamebuf;
|
|
|
|
|
const char *secretstr;
|
|
|
|
|
isc_buffer_t secretbuf;
|
2000-01-24 19:14:26 +00:00
|
|
|
|
2001-03-04 21:21:39 +00:00
|
|
|
key = cfg_listelt_value(element);
|
|
|
|
|
keyid = cfg_obj_asstring(cfg_map_getname(key));
|
|
|
|
|
|
|
|
|
|
algobj = NULL;
|
|
|
|
|
secretobj = NULL;
|
|
|
|
|
(void)cfg_map_get(key, "algorithm", &algobj);
|
|
|
|
|
(void)cfg_map_get(key, "secret", &secretobj);
|
|
|
|
|
INSIST(algobj != NULL && secretobj != NULL);
|
2000-01-24 19:14:26 +00:00
|
|
|
|
2000-05-08 14:38:29 +00:00
|
|
|
/*
|
|
|
|
|
* Create the key name.
|
|
|
|
|
*/
|
2001-03-04 21:21:39 +00:00
|
|
|
dns_name_init(&keyname, NULL);
|
2012-12-08 12:48:57 +11:00
|
|
|
isc_buffer_constinit(&keynamesrc, keyid, strlen(keyid));
|
2001-03-04 21:21:39 +00:00
|
|
|
isc_buffer_add(&keynamesrc, strlen(keyid));
|
103. [func] libisc buffer API changes for <isc/buffer.h>:
Added:
isc_buffer_base(b) (pointer)
isc_buffer_current(b) (pointer)
isc_buffer_active(b) (pointer)
isc_buffer_used(b) (pointer)
isc_buffer_length(b) (int)
isc_buffer_usedlength(b) (int)
isc_buffer_consumedlength(b) (int)
isc_buffer_remaininglength(b) (int)
isc_buffer_activelength(b) (int)
isc_buffer_availablelength(b) (int)
Removed:
ISC_BUFFER_USEDCOUNT(b)
ISC_BUFFER_AVAILABLECOUNT(b)
isc_buffer_type(b)
Changed names:
isc_buffer_used(b, r) ->
isc_buffer_usedregion(b, r)
isc_buffer_available(b, r) ->
isc_buffer_available_region(b, r)
isc_buffer_consumed(b, r) ->
isc_buffer_consumedregion(b, r)
isc_buffer_active(b, r) ->
isc_buffer_activeregion(b, r)
isc_buffer_remaining(b, r) ->
isc_buffer_remainingregion(b, r)
Buffer types were removed, so the ISC_BUFFERTYPE_*
macros are no more, and the type argument to
isc_buffer_init and isc_buffer_allocate were removed.
isc_buffer_putstr is now void (instead of isc_result_t)
and requires that the caller ensure that there
is enough available buffer space for the string.
2000-04-27 00:03:12 +00:00
|
|
|
isc_buffer_init(&keynamebuf, keynamedata, sizeof(keynamedata));
|
2000-01-24 19:14:26 +00:00
|
|
|
ret = dns_name_fromtext(&keyname, &keynamesrc, dns_rootname,
|
2009-09-01 00:22:28 +00:00
|
|
|
DNS_NAME_DOWNCASE, &keynamebuf);
|
2020-02-13 21:48:23 +01:00
|
|
|
if (ret != ISC_R_SUCCESS) {
|
2000-01-24 19:14:26 +00:00
|
|
|
goto failure;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2000-01-24 19:14:26 +00:00
|
|
|
|
2000-05-08 14:38:29 +00:00
|
|
|
/*
|
|
|
|
|
* Create the algorithm.
|
|
|
|
|
*/
|
2001-06-10 02:37:08 +00:00
|
|
|
algstr = cfg_obj_asstring(algobj);
|
2020-02-12 13:59:18 +01:00
|
|
|
if (named_config_getkeyalgorithm(algstr, &alg, &bits) !=
|
|
|
|
|
ISC_R_SUCCESS) {
|
2017-09-08 13:39:09 -07:00
|
|
|
cfg_obj_log(algobj, named_g_lctx, ISC_LOG_ERROR,
|
|
|
|
|
"key '%s': has a "
|
|
|
|
|
"unsupported algorithm '%s'",
|
2006-01-27 02:35:15 +00:00
|
|
|
keyid, algstr);
|
2001-03-04 21:21:39 +00:00
|
|
|
ret = DNS_R_BADALG;
|
|
|
|
|
goto failure;
|
2000-01-24 19:14:26 +00:00
|
|
|
}
|
|
|
|
|
|
2001-03-04 21:21:39 +00:00
|
|
|
secretstr = cfg_obj_asstring(secretobj);
|
|
|
|
|
secretalloc = secretlen = strlen(secretstr) * 3 / 4;
|
2000-01-24 19:14:26 +00:00
|
|
|
secret = isc_mem_get(mctx, secretlen);
|
103. [func] libisc buffer API changes for <isc/buffer.h>:
Added:
isc_buffer_base(b) (pointer)
isc_buffer_current(b) (pointer)
isc_buffer_active(b) (pointer)
isc_buffer_used(b) (pointer)
isc_buffer_length(b) (int)
isc_buffer_usedlength(b) (int)
isc_buffer_consumedlength(b) (int)
isc_buffer_remaininglength(b) (int)
isc_buffer_activelength(b) (int)
isc_buffer_availablelength(b) (int)
Removed:
ISC_BUFFER_USEDCOUNT(b)
ISC_BUFFER_AVAILABLECOUNT(b)
isc_buffer_type(b)
Changed names:
isc_buffer_used(b, r) ->
isc_buffer_usedregion(b, r)
isc_buffer_available(b, r) ->
isc_buffer_available_region(b, r)
isc_buffer_consumed(b, r) ->
isc_buffer_consumedregion(b, r)
isc_buffer_active(b, r) ->
isc_buffer_activeregion(b, r)
isc_buffer_remaining(b, r) ->
isc_buffer_remainingregion(b, r)
Buffer types were removed, so the ISC_BUFFERTYPE_*
macros are no more, and the type argument to
isc_buffer_init and isc_buffer_allocate were removed.
isc_buffer_putstr is now void (instead of isc_result_t)
and requires that the caller ensure that there
is enough available buffer space for the string.
2000-04-27 00:03:12 +00:00
|
|
|
isc_buffer_init(&secretbuf, secret, secretlen);
|
2001-03-22 00:07:07 +00:00
|
|
|
ret = isc_base64_decodestring(secretstr, &secretbuf);
|
2020-02-13 21:48:23 +01:00
|
|
|
if (ret != ISC_R_SUCCESS) {
|
2000-01-24 19:14:26 +00:00
|
|
|
goto failure;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
103. [func] libisc buffer API changes for <isc/buffer.h>:
Added:
isc_buffer_base(b) (pointer)
isc_buffer_current(b) (pointer)
isc_buffer_active(b) (pointer)
isc_buffer_used(b) (pointer)
isc_buffer_length(b) (int)
isc_buffer_usedlength(b) (int)
isc_buffer_consumedlength(b) (int)
isc_buffer_remaininglength(b) (int)
isc_buffer_activelength(b) (int)
isc_buffer_availablelength(b) (int)
Removed:
ISC_BUFFER_USEDCOUNT(b)
ISC_BUFFER_AVAILABLECOUNT(b)
isc_buffer_type(b)
Changed names:
isc_buffer_used(b, r) ->
isc_buffer_usedregion(b, r)
isc_buffer_available(b, r) ->
isc_buffer_available_region(b, r)
isc_buffer_consumed(b, r) ->
isc_buffer_consumedregion(b, r)
isc_buffer_active(b, r) ->
isc_buffer_activeregion(b, r)
isc_buffer_remaining(b, r) ->
isc_buffer_remainingregion(b, r)
Buffer types were removed, so the ISC_BUFFERTYPE_*
macros are no more, and the type argument to
isc_buffer_init and isc_buffer_allocate were removed.
isc_buffer_putstr is now void (instead of isc_result_t)
and requires that the caller ensure that there
is enough available buffer space for the string.
2000-04-27 00:03:12 +00:00
|
|
|
secretlen = isc_buffer_usedlength(&secretbuf);
|
2000-01-24 19:14:26 +00:00
|
|
|
|
2000-01-24 22:22:51 +00:00
|
|
|
isc_stdtime_get(&now);
|
2000-07-18 00:44:52 +00:00
|
|
|
ret = dns_tsigkey_create(&keyname, alg, secret, secretlen,
|
2020-02-12 13:59:18 +01:00
|
|
|
false, NULL, now, now, mctx, ring,
|
|
|
|
|
&tsigkey);
|
2000-01-24 19:14:26 +00:00
|
|
|
isc_mem_put(mctx, secret, secretalloc);
|
|
|
|
|
secret = NULL;
|
2020-02-13 21:48:23 +01:00
|
|
|
if (ret != ISC_R_SUCCESS) {
|
2000-01-24 19:14:26 +00:00
|
|
|
goto failure;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2006-01-27 02:35:15 +00:00
|
|
|
/*
|
|
|
|
|
* Set digest bits.
|
|
|
|
|
*/
|
|
|
|
|
dst_key_setbits(tsigkey->key, bits);
|
|
|
|
|
dns_tsigkey_detach(&tsigkey);
|
2000-01-24 19:14:26 +00:00
|
|
|
}
|
2001-03-04 21:21:39 +00:00
|
|
|
|
2000-01-24 19:14:26 +00:00
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
|
2020-02-12 13:59:18 +01:00
|
|
|
failure:
|
2017-09-08 13:39:09 -07:00
|
|
|
cfg_obj_log(key, named_g_lctx, ISC_LOG_ERROR,
|
2020-02-12 13:59:18 +01:00
|
|
|
"configuring key '%s': %s", keyid, isc_result_totext(ret));
|
2001-03-04 21:21:39 +00:00
|
|
|
|
2020-02-13 21:48:23 +01:00
|
|
|
if (secret != NULL) {
|
2000-07-18 01:14:17 +00:00
|
|
|
isc_mem_put(mctx, secret, secretalloc);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2000-01-24 19:14:26 +00:00
|
|
|
return (ret);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
isc_result_t
|
2017-09-08 13:39:09 -07:00
|
|
|
named_tsigkeyring_fromconfig(const cfg_obj_t *config, const cfg_obj_t *vconfig,
|
2020-02-13 14:44:37 -08:00
|
|
|
isc_mem_t *mctx, dns_tsig_keyring_t **ringp) {
|
|
|
|
|
const cfg_obj_t *maps[3];
|
|
|
|
|
const cfg_obj_t *keylist;
|
2000-01-24 19:14:26 +00:00
|
|
|
dns_tsig_keyring_t *ring = NULL;
|
2020-02-13 14:44:37 -08:00
|
|
|
isc_result_t result;
|
|
|
|
|
int i;
|
2001-03-04 21:21:39 +00:00
|
|
|
|
2009-06-10 00:27:22 +00:00
|
|
|
REQUIRE(ringp != NULL && *ringp == NULL);
|
|
|
|
|
|
2001-03-04 21:21:39 +00:00
|
|
|
i = 0;
|
2020-02-13 21:48:23 +01:00
|
|
|
if (config != NULL) {
|
2001-03-04 21:21:39 +00:00
|
|
|
maps[i++] = config;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
|
|
|
|
if (vconfig != NULL) {
|
2001-03-04 21:21:39 +00:00
|
|
|
maps[i++] = cfg_tuple_get(vconfig, "options");
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2001-03-04 21:21:39 +00:00
|
|
|
maps[i] = NULL;
|
2000-01-24 19:14:26 +00:00
|
|
|
|
|
|
|
|
result = dns_tsigkeyring_create(mctx, &ring);
|
2020-02-13 21:48:23 +01:00
|
|
|
if (result != ISC_R_SUCCESS) {
|
2000-01-24 19:14:26 +00:00
|
|
|
return (result);
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2000-05-25 22:06:51 +00:00
|
|
|
|
2020-02-12 13:59:18 +01:00
|
|
|
for (i = 0;; i++) {
|
2020-02-13 21:48:23 +01:00
|
|
|
if (maps[i] == NULL) {
|
2001-03-04 21:21:39 +00:00
|
|
|
break;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2000-08-01 01:33:37 +00:00
|
|
|
keylist = NULL;
|
2001-03-04 21:21:39 +00:00
|
|
|
result = cfg_map_get(maps[i], "key", &keylist);
|
2020-02-13 21:48:23 +01:00
|
|
|
if (result != ISC_R_SUCCESS) {
|
2001-03-04 21:21:39 +00:00
|
|
|
continue;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2001-03-04 21:21:39 +00:00
|
|
|
result = add_initial_keys(keylist, ring, mctx);
|
2020-02-13 21:48:23 +01:00
|
|
|
if (result != ISC_R_SUCCESS) {
|
2000-05-25 22:10:29 +00:00
|
|
|
goto failure;
|
2020-02-13 21:48:23 +01:00
|
|
|
}
|
2000-05-25 22:10:29 +00:00
|
|
|
}
|
2000-05-25 22:06:51 +00:00
|
|
|
|
2000-01-24 19:14:26 +00:00
|
|
|
*ringp = ring;
|
|
|
|
|
return (ISC_R_SUCCESS);
|
|
|
|
|
|
2020-02-12 13:59:18 +01:00
|
|
|
failure:
|
2011-01-10 05:32:04 +00:00
|
|
|
dns_tsigkeyring_detach(&ring);
|
2000-01-24 19:14:26 +00:00
|
|
|
return (result);
|
|
|
|
|
}
|
