diff --git a/bin/named/server.c b/bin/named/server.c index f46202633a..d553683fa3 100644 --- a/bin/named/server.c +++ b/bin/named/server.c @@ -101,10 +101,8 @@ #include #include -#include #include #include -#include #include #include @@ -400,23 +398,18 @@ static void named_server_reload(isc_task_t *task, isc_event_t *event); static isc_result_t -ns_listenelt_from_http(isc_cfg_http_obj_t *http, isc_cfg_tls_obj_t *tls, - in_port_t port, isc_mem_t *mctx, - ns_listenelt_t **target); +listenelt_http(const cfg_obj_t *http, const char *key, const char *cert, + in_port_t port, isc_mem_t *mctx, ns_listenelt_t **target); static isc_result_t -ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, - cfg_aclconfctx_t *actx, isc_mem_t *mctx, - uint16_t family, isc_cfg_http_storage_t *http_servers, - isc_cfg_tls_data_storage_t *tls_storage, - ns_listenelt_t **target); +listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, + cfg_aclconfctx_t *actx, isc_mem_t *mctx, uint16_t family, + ns_listenelt_t **target); static isc_result_t -ns_listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config, - cfg_aclconfctx_t *actx, isc_mem_t *mctx, - uint16_t family, isc_cfg_http_storage_t *http_servers, - isc_cfg_tls_data_storage_t *tls_storage, - ns_listenlist_t **target); +listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config, + cfg_aclconfctx_t *actx, isc_mem_t *mctx, uint16_t family, + ns_listenlist_t **target); static isc_result_t configure_forward(const cfg_obj_t *config, dns_view_t *view, @@ -8517,8 +8510,6 @@ load_configuration(const char *filename, named_server_t *server, unsigned int initial, idle, keepalive, advertised; dns_aclenv_t *env = ns_interfacemgr_getaclenv(named_g_server->interfacemgr); - isc_cfg_tls_data_storage_t tls_storage; - isc_cfg_http_storage_t http_storage; ISC_LIST_INIT(kasplist); ISC_LIST_INIT(viewlist); @@ -8526,9 +8517,6 @@ load_configuration(const char *filename, named_server_t *server, ISC_LIST_INIT(cachelist); ISC_LIST_INIT(altsecrets); - cfg_tls_storage_init(named_g_mctx, &tls_storage); - cfg_http_storage_init(named_g_mctx, &http_storage); - /* Create the ACL configuration context */ if (named_g_aclconfctx != NULL) { cfg_aclconfctx_detach(&named_g_aclconfctx); @@ -8600,9 +8588,6 @@ load_configuration(const char *filename, named_server_t *server, INSIST(result == ISC_R_SUCCESS); named_g_httpsport = (in_port_t)cfg_obj_asuint32(obj); - CHECK(cfg_tls_storage_load(config, &tls_storage)); - CHECK(cfg_http_storage_load(config, &http_storage)); - /* * If bind.keys exists, load it. If "dnssec-validation auto" * is turned on, the root key found there will be used as a @@ -9019,10 +9004,9 @@ load_configuration(const char *filename, named_server_t *server, } if (clistenon != NULL) { /* check return code? */ - (void)ns_listenlist_fromconfig( + (void)listenlist_fromconfig( clistenon, config, named_g_aclconfctx, - named_g_mctx, AF_INET, &http_storage, - &tls_storage, &listenon); + named_g_mctx, AF_INET, &listenon); } else { /* * Not specified, use default. @@ -9048,10 +9032,9 @@ load_configuration(const char *filename, named_server_t *server, } if (clistenon != NULL) { /* check return code? */ - (void)ns_listenlist_fromconfig( + (void)listenlist_fromconfig( clistenon, config, named_g_aclconfctx, - named_g_mctx, AF_INET6, &http_storage, - &tls_storage, &listenon); + named_g_mctx, AF_INET6, &listenon); } else { /* * Not specified, use default. @@ -9812,9 +9795,6 @@ cleanup: isc_task_endexclusive(server->task); } - cfg_http_storage_uninit(&http_storage); - cfg_tls_storage_uninit(&tls_storage); - isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, NAMED_LOGMODULE_SERVER, ISC_LOG_DEBUG(1), "load_configuration: %s", isc_result_totext(result)); @@ -11020,11 +11000,9 @@ named_server_togglequerylog(named_server_t *server, isc_lex_t *lex) { } static isc_result_t -ns_listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config, - cfg_aclconfctx_t *actx, isc_mem_t *mctx, - uint16_t family, isc_cfg_http_storage_t *http_servers, - isc_cfg_tls_data_storage_t *tls_storage, - ns_listenlist_t **target) { +listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config, + cfg_aclconfctx_t *actx, isc_mem_t *mctx, uint16_t family, + ns_listenlist_t **target) { isc_result_t result; const cfg_listelt_t *element; ns_listenlist_t *dlist = NULL; @@ -11041,9 +11019,8 @@ ns_listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config, { ns_listenelt_t *delt = NULL; const cfg_obj_t *listener = cfg_listelt_value(element); - result = ns_listenelt_fromconfig(listener, config, actx, mctx, - family, http_servers, - tls_storage, &delt); + result = listenelt_fromconfig(listener, config, actx, mctx, + family, &delt); if (result != ISC_R_SUCCESS) { goto cleanup; } @@ -11057,67 +11034,98 @@ cleanup: return (result); } +static const cfg_obj_t * +find_maplist(const cfg_obj_t *config, const char *listname, const char *name) { + isc_result_t result; + const cfg_obj_t *maplist = NULL; + const cfg_listelt_t *elt = NULL; + + REQUIRE(config != NULL); + REQUIRE(name != NULL); + + result = cfg_map_get(config, listname, &maplist); + if (result != ISC_R_SUCCESS) { + return (NULL); + } + + for (elt = cfg_list_first(maplist); elt != NULL; + elt = cfg_list_next(elt)) { + const cfg_obj_t *map = cfg_listelt_value(elt); + if (strcasecmp(cfg_obj_asstring(cfg_map_getname(map)), name) == + 0) { + return (map); + } + } + + return (NULL); +} + /* * Create a listen list from the corresponding configuration * data structure. */ static isc_result_t -ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, - cfg_aclconfctx_t *actx, isc_mem_t *mctx, - uint16_t family, isc_cfg_http_storage_t *http_servers, - isc_cfg_tls_data_storage_t *tls_storage, - ns_listenelt_t **target) { +listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, + cfg_aclconfctx_t *actx, isc_mem_t *mctx, uint16_t family, + ns_listenelt_t **target) { isc_result_t result; - const cfg_obj_t *tlsobj, *portobj, *dscpobj, *httpobj; + const cfg_obj_t *tlsobj = NULL, *httpobj = NULL; + const cfg_obj_t *portobj = NULL, *dscpobj = NULL; + const cfg_obj_t *http_server = NULL; in_port_t port = 0; isc_dscp_t dscp = -1; const char *key = NULL, *cert = NULL; - bool tls = false, http = false; + bool do_tls = false, http = false; ns_listenelt_t *delt = NULL; - isc_cfg_http_obj_t *http_server = NULL; - isc_cfg_tls_obj_t *tls_cert = NULL; + REQUIRE(target != NULL && *target == NULL); /* XXXWPK TODO be more verbose on failures. */ tlsobj = cfg_tuple_get(listener, "tls"); if (tlsobj != NULL && cfg_obj_isstring(tlsobj)) { - if (!strcmp(cfg_obj_asstring(tlsobj), "ephemeral")) { - tls = true; - } else { - tls_cert = cfg_tls_storage_find( - cfg_obj_asstring(tlsobj), tls_storage); - if (tls_cert != NULL) { - tls = true; - key = tls_cert->key_file; - cert = tls_cert->cert_file; - INSIST(key != NULL); - INSIST(cert != NULL); + const char *tlsname = cfg_obj_asstring(tlsobj); + + if (strcmp(tlsname, "ephemeral") != 0) { + const cfg_obj_t *keyobj = NULL, *certobj = NULL; + const cfg_obj_t *tlsmap = NULL; + + tlsmap = find_maplist(config, "tls", tlsname); + if (tlsmap == NULL) { + return (ISC_R_FAILURE); } + + CHECK(cfg_map_get(tlsmap, "key-file", &keyobj)); + key = cfg_obj_asstring(keyobj); + + CHECK(cfg_map_get(tlsmap, "cert-file", &certobj)); + cert = cfg_obj_asstring(certobj); } - if (!tls) { - return (ISC_R_FAILURE); - } + + do_tls = true; } + httpobj = cfg_tuple_get(listener, "http"); if (httpobj != NULL && cfg_obj_isstring(httpobj)) { - if (tls && tls_cert == NULL) { + const char *httpname = cfg_obj_asstring(httpobj); + + if (do_tls && key == NULL) { return (ISC_R_FAILURE); } - http = true; - http_server = cfg_http_find(cfg_obj_asstring(httpobj), - http_servers); + + http_server = find_maplist(config, "http", httpname); if (http_server == NULL) { - isc_log_write( - named_g_lctx, NAMED_LOGCATEGORY_GENERAL, - NAMED_LOGMODULE_SERVER, ISC_LOG_WARNING, - "HTTP(S) server \"%s\" is nowhere to be found", - cfg_obj_asstring(httpobj)); + cfg_obj_log(httpobj, named_g_lctx, ISC_LOG_ERROR, + "http '%s' is not defined", + cfg_obj_asstring(httpobj)); return (ISC_R_FAILURE); } + + http = true; } + portobj = cfg_tuple_get(listener, "port"); if (!cfg_obj_isuint32(portobj)) { - if (http && tls) { + if (http && do_tls) { if (named_g_httpsport != 0) { port = named_g_httpsport; } else { @@ -11127,7 +11135,7 @@ ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, return (result); } } - } else if (http && !tls) { + } else if (http && !do_tls) { if (named_g_httpport != 0) { port = named_g_port; } else { @@ -11137,7 +11145,7 @@ ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, return (result); } } - } else if (tls) { + } else if (do_tls) { if (named_g_tlsport != 0) { port = named_g_tlsport; } else { @@ -11162,6 +11170,7 @@ ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, if (cfg_obj_asuint32(portobj) >= UINT16_MAX) { cfg_obj_log(portobj, named_g_lctx, ISC_LOG_ERROR, "port value '%u' is out of range", + cfg_obj_asuint32(portobj)); return (ISC_R_RANGE); } @@ -11183,14 +11192,11 @@ ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, if (http) { INSIST(http_server != NULL); - result = ns_listenelt_from_http(http_server, tls_cert, port, - mctx, &delt); + CHECK(listenelt_http(http_server, key, cert, port, mctx, + &delt)); } else { - result = ns_listenelt_create(mctx, port, dscp, NULL, tls, key, - cert, &delt); - } - if (result != ISC_R_SUCCESS) { - return (result); + CHECK(ns_listenelt_create(mctx, port, dscp, NULL, do_tls, key, + cert, &delt)); } result = cfg_acl_fromconfig2(cfg_tuple_get(listener, "acl"), config, @@ -11201,65 +11207,56 @@ ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config, return (result); } *target = delt; - return (ISC_R_SUCCESS); + +cleanup: + return (result); } /* * Create a listen list for HTTP/HTTPS */ static isc_result_t -ns_listenelt_from_http(isc_cfg_http_obj_t *http, isc_cfg_tls_obj_t *tls, - in_port_t port, isc_mem_t *mctx, - ns_listenelt_t **target) { +listenelt_http(const cfg_obj_t *http, const char *key, const char *cert, + in_port_t port, isc_mem_t *mctx, ns_listenelt_t **target) { isc_result_t result = ISC_R_SUCCESS; ns_listenelt_t *delt = NULL; - const char *key = NULL, *cert = NULL; - char **http_endpoints = NULL; - size_t http_endpoints_number; - isc_cfg_http_endpoint_t *ep; - size_t i = 0; - REQUIRE(target != NULL && *target == NULL); + char **endpoints = NULL; + const cfg_obj_t *eplist = NULL; + const cfg_listelt_t *elt = NULL; + size_t len, i = 0; - if (tls) { - INSIST(tls->key_file != NULL); - INSIST(tls->cert_file != NULL); - key = tls->key_file; - cert = tls->cert_file; - } + REQUIRE(target != NULL && *target == NULL); + REQUIRE((key == NULL) == (cert == NULL)); if (port == 0) { - port = tls != NULL ? named_g_httpsport : named_g_httpport; + port = (key != NULL) ? named_g_httpsport : named_g_httpport; } - for (ep = ISC_LIST_HEAD(http->endpoints), i = 0; ep != NULL; - ep = ISC_LIST_NEXT(ep, link), i++) - ; + CHECK(cfg_map_get(http, "endpoints", &eplist)); + len = cfg_list_length(eplist, false); + endpoints = isc_mem_allocate(mctx, sizeof(endpoints[0]) * len); - INSIST(i > 0); - - http_endpoints_number = i; - http_endpoints = isc_mem_allocate(mctx, sizeof(http_endpoints[0]) * - http_endpoints_number); - for (ep = ISC_LIST_HEAD(http->endpoints), i = 0; ep != NULL; - ep = ISC_LIST_NEXT(ep, link), i++) - { - http_endpoints[i] = isc_mem_strdup(mctx, ep->path); + for (elt = cfg_list_first(eplist); elt != NULL; + elt = cfg_list_next(elt)) { + const cfg_obj_t *ep = cfg_listelt_value(elt); + const char *path = cfg_obj_asstring(ep); + endpoints[i++] = isc_mem_strdup(mctx, path); } - INSIST(i == http_endpoints_number); + INSIST(i == len); result = ns_listenelt_create_http(mctx, port, named_g_dscp, NULL, key, - cert, http_endpoints, - http_endpoints_number, &delt); - + cert, endpoints, len, &delt); if (result != ISC_R_SUCCESS) { if (delt != NULL) { ns_listenelt_destroy(delt); } - return result; + return (result); } *target = delt; + +cleanup: return (result); } diff --git a/lib/isccfg/Makefile.am b/lib/isccfg/Makefile.am index e13294281b..3205e3b93b 100644 --- a/lib/isccfg/Makefile.am +++ b/lib/isccfg/Makefile.am @@ -7,21 +7,17 @@ libisccfg_la_HEADERS = \ include/isccfg/aclconf.h \ include/isccfg/cfg.h \ include/isccfg/grammar.h \ - include/isccfg/httpconf.h \ include/isccfg/kaspconf.h \ include/isccfg/log.h \ - include/isccfg/namedconf.h \ - include/isccfg/tlsconf.h + include/isccfg/namedconf.h libisccfg_la_SOURCES = \ $(libisccfg_la_HEADERS) \ aclconf.c \ - httpconf.c \ dnsconf.c \ kaspconf.c \ log.c \ namedconf.c \ - tlsconf.c \ parser.c libisccfg_la_CPPFLAGS = \ diff --git a/lib/isccfg/httpconf.c b/lib/isccfg/httpconf.c deleted file mode 100644 index cd210b53a0..0000000000 --- a/lib/isccfg/httpconf.c +++ /dev/null @@ -1,180 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, you can obtain one at https://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -#include -#include -#include - -#include - -#include -#include - -void -cfg_http_storage_init(isc_mem_t *mctx, isc_cfg_http_storage_t *storage) { - REQUIRE(mctx != NULL); - REQUIRE(storage != NULL); - - memset(storage, 0, sizeof(*storage)); - isc_mem_attach(mctx, &storage->mctx); - ISC_LIST_INIT(storage->list); -} - -void -cfg_http_storage_uninit(isc_cfg_http_storage_t *storage) { - REQUIRE(storage != NULL); - - cfg_http_storage_clear(storage); - isc_mem_detach(&storage->mctx); -} - -void -cfg_http_storage_clear(isc_cfg_http_storage_t *storage) { - isc_mem_t *mctx = NULL; - - REQUIRE(storage != NULL); - - mctx = storage->mctx; - - if (!ISC_LIST_EMPTY(storage->list)) { - isc_cfg_http_obj_t *http = ISC_LIST_HEAD(storage->list); - while (http != NULL) { - isc_cfg_http_obj_t *next = ISC_LIST_NEXT(http, link); - ISC_LIST_DEQUEUE(storage->list, http, link); - storage->count--; - - isc_mem_free(mctx, http->name); - - if (!ISC_LIST_EMPTY(http->endpoints)) { - isc_cfg_http_endpoint_t *ep = - ISC_LIST_HEAD(http->endpoints); - while (ep != NULL) { - isc_cfg_http_endpoint_t *epnext = - ISC_LIST_NEXT(ep, link); - isc_mem_free(mctx, ep->path); - isc_mem_put(mctx, ep, sizeof(*ep)); - ep = epnext; - http->count--; - } - } - - isc_mem_put(mctx, http, sizeof(*http)); - http = next; - } - } - - INSIST(storage->count == 0); -} - -isc_cfg_http_obj_t * -cfg_http_find(const char *name, isc_cfg_http_storage_t *storage) { - isc_cfg_http_obj_t *http = NULL; - REQUIRE(name != NULL && *name != '\0'); - REQUIRE(storage != NULL); - - for (http = ISC_LIST_HEAD(storage->list); http != NULL; - http = ISC_LIST_NEXT(http, link)) - { - if (strcasecmp(name, http->name) == 0) { - break; - } - } - - return (http); -} - -static isc_result_t -push_http_obj(const cfg_obj_t *map, isc_cfg_http_storage_t *storage) { - isc_mem_t *mctx = storage->mctx; - isc_cfg_http_obj_t *new; - const cfg_obj_t *endpoints = NULL; - const cfg_listelt_t *elt; - - if (!cfg_obj_ismap(map) || map->value.map.id == NULL || - !cfg_obj_isstring(map->value.map.id)) - { - return (ISC_R_FAILURE); - } - - if (cfg_http_find(cfg_obj_asstring(map->value.map.id), storage) != NULL) - { - return (ISC_R_FAILURE); - } - - if (cfg_map_get(map, "endpoints", &endpoints) != ISC_R_SUCCESS || - !cfg_obj_islist(endpoints)) - { - return (ISC_R_FAILURE); - } - - INSIST(endpoints != NULL); - - new = isc_mem_get(mctx, sizeof(*new)); - memset(new, 0, sizeof(*new)); - ISC_LIST_INIT(new->endpoints); - new->name = isc_mem_strdup(mctx, cfg_obj_asstring(map->value.map.id)); - - for (elt = cfg_list_first(endpoints); elt != NULL; - elt = cfg_list_next(elt)) { - isc_cfg_http_endpoint_t *newep = NULL; - const cfg_obj_t *endp = cfg_listelt_value(elt); - newep = isc_mem_get(mctx, sizeof(*newep)); - ISC_LINK_INIT(newep, link); - newep->path = isc_mem_strdup(mctx, cfg_obj_asstring(endp)); - - ISC_LIST_PREPEND(new->endpoints, newep, link); - new->count++; - } - - ISC_LINK_INIT(new, link); - ISC_LIST_PREPEND(storage->list, new, link); - storage->count++; - return (ISC_R_SUCCESS); -} - -isc_result_t -cfg_http_storage_load(const cfg_obj_t *cfg_ctx, - isc_cfg_http_storage_t *storage) { - bool found = false; - isc_result_t result = ISC_R_SUCCESS; - const cfg_obj_t *http = NULL; - const cfg_listelt_t *elt; - const cfg_obj_t *map = NULL; - - REQUIRE(cfg_ctx != NULL); - REQUIRE(storage != NULL); - - cfg_http_storage_clear(storage); - result = cfg_map_get(cfg_ctx, "http", &http); - if (result != ISC_R_SUCCESS) { - /* No statements found, but it is fine. */ - return (ISC_R_SUCCESS); - } - - INSIST(http != NULL); - - for (elt = cfg_list_first(http); elt != NULL; elt = cfg_list_next(elt)) - { - map = cfg_listelt_value(elt); - INSIST(map != NULL); - found = true; - result = push_http_obj(map, storage); - if (result != ISC_R_SUCCESS) { - return (result); - } - } - - if (found == true && storage->count == 0) { - return (ISC_R_FAILURE); - } - - return (ISC_R_SUCCESS); -} diff --git a/lib/isccfg/include/isccfg/httpconf.h b/lib/isccfg/include/isccfg/httpconf.h deleted file mode 100644 index bf049b9e6d..0000000000 --- a/lib/isccfg/include/isccfg/httpconf.h +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, you can obtain one at https://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -#ifndef ISCCFG_HTTPCONF_H -#define ISCCFG_HTTPCONF_H 1 - -#include - -#include -#include -#include -#include - -#include - -#include -#include - -typedef struct isc_cfg_http_endpoint { - char *path; - LINK(struct isc_cfg_http_endpoint) link; -} isc_cfg_http_endpoint_t; - -typedef struct isc_cfg_http_obj { - char *name; - LINK(struct isc_cfg_http_obj) link; - ISC_LIST(isc_cfg_http_endpoint_t) endpoints; - size_t count; -} isc_cfg_http_obj_t; - -typedef struct isc_cfg_http_storage { - isc_mem_t *mctx; - ISC_LIST(isc_cfg_http_obj_t) list; - size_t count; -} isc_cfg_http_storage_t; - -/*** - *** Functions - ***/ - -ISC_LANG_BEGINDECLS - -void -cfg_http_storage_init(isc_mem_t *mctx, isc_cfg_http_storage_t *storage); - -void -cfg_http_storage_uninit(isc_cfg_http_storage_t *storage); - -isc_result_t -cfg_http_storage_load(const cfg_obj_t * cfg_ctx, - isc_cfg_http_storage_t *storage); - -isc_cfg_http_obj_t * -cfg_http_find(const char *name, isc_cfg_http_storage_t *storage); - -void -cfg_http_storage_clear(isc_cfg_http_storage_t *storage); - -ISC_LANG_ENDDECLS - -#endif /* ISCCFG_HTTPCONF_H */ diff --git a/lib/isccfg/include/isccfg/tlsconf.h b/lib/isccfg/include/isccfg/tlsconf.h deleted file mode 100644 index 534236ae65..0000000000 --- a/lib/isccfg/include/isccfg/tlsconf.h +++ /dev/null @@ -1,69 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, you can obtain one at https://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -#ifndef ISCCFG_TLSCONF_H -#define ISCCFG_TLSCONF_H 1 - -#include - -#include -#include -#include -#include - -#include - -#include - -typedef struct isc_cfg_tls_obj { - char *name; - char *key_file; - char *cert_file; - char *dh_param; - char *protocols; - char *ciphers; - LINK(struct isc_cfg_tls_obj) link; -} isc_cfg_tls_obj_t; - -typedef struct isc_cfg_tls_data_storage { - isc_mem_t *mctx; - size_t count; - ISC_LIST(isc_cfg_tls_obj_t) list; -} isc_cfg_tls_data_storage_t; - -/*** - *** Functions - ***/ - -ISC_LANG_BEGINDECLS - -void -cfg_tls_storage_init(isc_mem_t *mctx, isc_cfg_tls_data_storage_t *storage); - -void -cfg_tls_storage_uninit(isc_cfg_tls_data_storage_t *storage); - -isc_result_t -cfg_tls_storage_load(const cfg_obj_t * cfg_ctx, - isc_cfg_tls_data_storage_t *storage); - -isc_cfg_tls_obj_t * -cfg_tls_storage_find(const char *name, isc_cfg_tls_data_storage_t *storage); -/* - * Looks for TLS key/certificate pair. - */ - -void -cfg_tls_storage_clear(isc_cfg_tls_data_storage_t *storage); - -ISC_LANG_ENDDECLS - -#endif /* ISCCFG_TLSCONF_H */ diff --git a/lib/isccfg/tlsconf.c b/lib/isccfg/tlsconf.c deleted file mode 100644 index 6320fc5626..0000000000 --- a/lib/isccfg/tlsconf.c +++ /dev/null @@ -1,194 +0,0 @@ -/* - * Copyright (C) Internet Systems Consortium, Inc. ("ISC") - * - * This Source Code Form is subject to the terms of the Mozilla Public - * License, v. 2.0. If a copy of the MPL was not distributed with this - * file, you can obtain one at https://mozilla.org/MPL/2.0/. - * - * See the COPYRIGHT file distributed with this work for additional - * information regarding copyright ownership. - */ - -#include - -#include - -#include -#include - -void -cfg_tls_storage_init(isc_mem_t *mctx, isc_cfg_tls_data_storage_t *storage) { - REQUIRE(mctx != NULL); - REQUIRE(storage != NULL); - - memset(storage, 0, sizeof(*storage)); - isc_mem_attach(mctx, &storage->mctx); - ISC_LIST_INIT(storage->list); -} - -void -cfg_tls_storage_uninit(isc_cfg_tls_data_storage_t *storage) { - REQUIRE(storage != NULL); - - cfg_tls_storage_clear(storage); - isc_mem_detach(&storage->mctx); -} - -void -cfg_tls_storage_clear(isc_cfg_tls_data_storage_t *storage) { - isc_mem_t *mctx = NULL; - - REQUIRE(storage != NULL); - - mctx = storage->mctx; - - if (!ISC_LIST_EMPTY(storage->list)) { - isc_cfg_tls_obj_t *tls_obj = ISC_LIST_HEAD(storage->list); - while (tls_obj != NULL) { - isc_cfg_tls_obj_t *next = ISC_LIST_NEXT(tls_obj, link); - ISC_LIST_DEQUEUE(storage->list, tls_obj, link); - storage->count--; - - isc_mem_free(mctx, tls_obj->name); - isc_mem_free(mctx, tls_obj->key_file); - isc_mem_free(mctx, tls_obj->cert_file); - - if (tls_obj->dh_param != NULL) { - isc_mem_free(mctx, tls_obj->dh_param); - } - - if (tls_obj->protocols != NULL) { - isc_mem_free(mctx, tls_obj->protocols); - } - - if (tls_obj->ciphers != NULL) { - isc_mem_free(mctx, tls_obj->ciphers); - } - - isc_mem_put(mctx, tls_obj, sizeof(*tls_obj)); - tls_obj = next; - } - } - - INSIST(storage->count == 0); -} - -static isc_result_t -push_tls_obj(const cfg_obj_t *map, isc_cfg_tls_data_storage_t *storage) { - isc_mem_t *mctx = storage->mctx; - isc_cfg_tls_obj_t *new = NULL; - const cfg_obj_t *key_file = NULL, *cert_file = NULL, *dh_param = NULL, - *protocols = NULL, *ciphers = NULL; - - if (!cfg_obj_ismap(map) || map->value.map.id == NULL || - !cfg_obj_isstring(map->value.map.id)) - { - return (ISC_R_FAILURE); - } - - if (cfg_tls_storage_find(cfg_obj_asstring(map->value.map.id), - storage) != NULL) { - return (ISC_R_FAILURE); - } - - if (cfg_map_get(map, "key-file", &key_file) != ISC_R_SUCCESS || - !cfg_obj_isstring(key_file)) - { - return (ISC_R_FAILURE); - } - INSIST(key_file != NULL); - - if (cfg_map_get(map, "cert-file", &cert_file) != ISC_R_SUCCESS) { - return (ISC_R_FAILURE); - } - INSIST(cert_file != NULL); - - (void)cfg_map_get(map, "dh-param", &dh_param); - (void)cfg_map_get(map, "protocols", &protocols); - (void)cfg_map_get(map, "ciphers", &ciphers); - - new = isc_mem_get(mctx, sizeof(*new)); - *new = (isc_cfg_tls_obj_t){ - .name = isc_mem_strdup(mctx, - cfg_obj_asstring(map->value.map.id)), - .key_file = isc_mem_strdup(mctx, cfg_obj_asstring(key_file)), - .cert_file = isc_mem_strdup(mctx, cfg_obj_asstring(cert_file)), - }; - - if (dh_param != NULL && cfg_obj_isstring(dh_param)) { - new->dh_param = isc_mem_strdup(mctx, - cfg_obj_asstring(dh_param)); - } - - if (protocols != NULL && cfg_obj_isstring(protocols)) { - new->protocols = isc_mem_strdup(mctx, - cfg_obj_asstring(protocols)); - } - - if (ciphers != NULL && cfg_obj_isstring(ciphers)) { - new->ciphers = isc_mem_strdup(mctx, cfg_obj_asstring(ciphers)); - } - - ISC_LINK_INIT(new, link); - ISC_LIST_PREPEND(storage->list, new, link); - storage->count++; - return (ISC_R_SUCCESS); -} - -isc_result_t -cfg_tls_storage_load(const cfg_obj_t *cfg_ctx, - isc_cfg_tls_data_storage_t *storage) { - isc_result_t result = ISC_R_SUCCESS; - bool found = false; - const cfg_obj_t *tls = NULL; - const cfg_listelt_t *elt; - const cfg_obj_t *map = NULL; - - REQUIRE(cfg_ctx != NULL); - REQUIRE(storage != NULL); - - result = cfg_map_get(cfg_ctx, "tls", &tls); - if (result != ISC_R_SUCCESS) { - /* No tls statements found, but it is fine. */ - return (ISC_R_SUCCESS); - } - INSIST(tls != NULL); - - cfg_tls_storage_clear(storage); - - for (elt = cfg_list_first(tls); elt != NULL; elt = cfg_list_next(elt)) { - map = cfg_listelt_value(elt); - INSIST(map != NULL); - found = true; - result = push_tls_obj(map, storage); - if (result != ISC_R_SUCCESS) { - return (result); - } - } - - if (found == true && storage->count == 0) { - return (ISC_R_FAILURE); - } - - return (ISC_R_SUCCESS); -} - -isc_cfg_tls_obj_t * -cfg_tls_storage_find(const char *name, isc_cfg_tls_data_storage_t *storage) { - isc_cfg_tls_obj_t *tls_obj = NULL; - REQUIRE(storage != NULL); - - if (name == NULL) { - return (NULL); - } - - for (tls_obj = ISC_LIST_HEAD(storage->list); tls_obj != NULL; - tls_obj = ISC_LIST_NEXT(tls_obj, link)) - { - if (strcasecmp(name, tls_obj->name) == 0) { - break; - } - } - - return (tls_obj); -} diff --git a/util/copyrights b/util/copyrights index 81bccb1745..137caa0fba 100644 --- a/util/copyrights +++ b/util/copyrights @@ -2105,22 +2105,18 @@ ./lib/isccc/win32/libisccc.vcxproj.user X 2013,2018,2019,2020,2021 ./lib/isccfg/aclconf.c C 1999,2000,2001,2002,2004,2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018,2019,2020,2021 ./lib/isccfg/dnsconf.c C 2009,2016,2018,2019,2020,2021 -./lib/isccfg/httpconf.c C 2021 ./lib/isccfg/include/isccfg/aclconf.h C 1999,2000,2001,2004,2005,2006,2007,2010,2011,2012,2013,2014,2016,2018,2019,2020,2021 ./lib/isccfg/include/isccfg/cfg.h C 2000,2001,2002,2004,2005,2006,2007,2010,2013,2014,2015,2016,2018,2019,2020,2021 ./lib/isccfg/include/isccfg/grammar.h C 2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2013,2014,2015,2016,2017,2018,2019,2020,2021 -./lib/isccfg/include/isccfg/httpconf.h C 2021 ./lib/isccfg/include/isccfg/kaspconf.h C 2019,2020,2021 ./lib/isccfg/include/isccfg/log.h C 2001,2004,2005,2006,2007,2009,2016,2018,2019,2020,2021 ./lib/isccfg/include/isccfg/namedconf.h C 2002,2004,2005,2006,2007,2009,2010,2014,2016,2018,2019,2020,2021 -./lib/isccfg/include/isccfg/tlsconf.h C 2021 ./lib/isccfg/kaspconf.c C 2019,2020,2021 ./lib/isccfg/log.c C 2001,2004,2005,2006,2007,2016,2018,2019,2020,2021 ./lib/isccfg/namedconf.c C 2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018,2019,2020,2021 ./lib/isccfg/parser.c C 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018,2019,2020,2021 ./lib/isccfg/tests/duration_test.c C 2019,2020,2021 ./lib/isccfg/tests/parser_test.c C 2016,2018,2019,2020,2021 -./lib/isccfg/tlsconf.c C 2021 ./lib/isccfg/win32/DLLMain.c C 2001,2004,2007,2016,2018,2019,2020,2021 ./lib/isccfg/win32/libisccfg.def X 2001,2002,2005,2009,2010,2011,2013,2014,2015,2016,2018,2019,2020,2021 ./lib/isccfg/win32/libisccfg.vcxproj.filters.in X 2013,2014,2015,2016,2018,2019,2020