mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 06:25:31 +00:00
Code Issues Releases Wiki Activity

separated BIND specific configuration code from rest

Browse Source 
of TSIG/TKEY code; renamed TSIG/TKEY context create and destroy functions for
consistency with rest of library
This commit is contained in:
Andreas Gustafsson
2000-01-24 19:14:26 +00:00
parent c9939598c6
commit f93d33e24f
17 changed files with 705 additions and 186 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
bin/named/include/named/tkeyconf.h Normal file
View File

@@ -0,0 +1,48 @@
/*
* Copyright (C) 1999, 2000 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
*/
#ifndef DNS_TKEYCONF_H
#define DNS_TKEYCONF_H 1
#include <isc/types.h>
#include <isc/lang.h>
#include <dns/tkey.h>
#include <dns/confctx.h>
ISC_LANG_BEGINDECLS
isc_result_t
dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx, dns_tkey_ctx_t **tctxp);
/*
* Create a TKEY context and configure it, including the default DH key
* and default domain, according to 'cfg'.
*
* Requires:
* 'cfg' is a valid configuration context.
* 'mctx' is not NULL
* 'tctx' is not NULL
* '*tctx' is NULL
*
* Returns:
* ISC_R_SUCCESS
* ISC_R_NOMEMORY
*/
ISC_LANG_ENDDECLS
#endif /* DNS_TKEYCONF_H */

47
bin/named/include/named/tsigconf.h Normal file
View File

@@ -0,0 +1,47 @@
/*
* Copyright (C) 1999, 2000 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
*/
#ifndef DNS_TSIGCONF_H
#define DNS_TSIGCONF_H 1
#include <isc/types.h>
#include <isc/lang.h>
#include <dns/tsig.h>
#include <dns/confctx.h>
ISC_LANG_BEGINDECLS
isc_result_t
dns_tsigkeyring_fromconfig(dns_c_ctx_t *confctx, isc_mem_t *mctx,
dns_tsig_keyring_t **ring);
/*
* Create a TSIG key ring and configure it according to 'confctx'.
*
* Requires:
* 'confctx' is a valid configuration context.
* 'mctx' is not NULL
* 'ring' is not NULL, and '*ring' is NULL
*
* Returns:
* ISC_R_SUCCESS
* ISC_R_NOMEMORY
*/
ISC_LANG_ENDDECLS
#endif /* DNS_TSIGCONF_H */

12
bin/named/server.c
View File

@@ -47,8 +47,8 @@
#include <dns/rdata.h>
#include <dns/result.h>
#include <dns/rootns.h>
#include <dns/tkey.h>
#include <dns/tsig.h>
#include <dns/tkeyconf.h>
#include <dns/tsigconf.h>
#include <dns/types.h>
#include <dns/view.h>
#include <dns/zone.h>
@@ -156,7 +156,7 @@ configure_view(dns_view_t *view, dns_c_ctx_t *cctx, isc_mem_t *mctx)
* Configure the view's TSIG keys.
*/
ring = NULL;
CHECK(dns_tsig_init(cctx, view->mctx, &ring));
CHECK(dns_tsigkeyring_fromconfig(cctx, view->mctx, &ring));
dns_view_setkeyring(view, ring);
cleanup:
@@ -564,8 +564,8 @@ load_configuration(const char *filename, ns_server_t *server) {
* Load the TKEY information from the configuration
*/
if (ns_g_tkeyctx != NULL)
dns_tkey_destroy(&ns_g_tkeyctx);
CHECKM(dns_tkey_init(configctx, ns_g_mctx, &ns_g_tkeyctx),
dns_tkeyctx_destroy(&ns_g_tkeyctx);
CHECKM(dns_tkeyctx_fromconfig(configctx, ns_g_mctx, &ns_g_tkeyctx),
"setting up TKEY");
/*
* Rescan the interface list to pick up changes in the
@@ -667,7 +667,7 @@ shutdown_server(isc_task_t *task, isc_event_t *event) {
RWUNLOCK(&server->viewlock, isc_rwlocktype_write);
dns_tkey_destroy(&ns_g_tkeyctx);
dns_tkeyctx_destroy(&ns_g_tkeyctx);
ns_clientmgr_destroy(&server->clientmgr);
ns_interfacemgr_shutdown(server->interfacemgr);

89
bin/named/tkeyconf.c Normal file
View File

@@ -0,0 +1,89 @@
/*
* Copyright (C) 1999, 2000 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
*/
#include <config.h>
#include <isc/base64.h>
#include <isc/lex.h>
#include <dns/confctx.h>
#include <dns/confkeys.h>
#include <dns/keyvalues.h>
#include <dns/name.h>
#include <dns/tkeyconf.h>
#define RETERR(x) do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
isc_result_t
dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx,
dns_tkey_ctx_t **tctxp)
{
isc_result_t result;
dns_tkey_ctx_t *tctx = NULL;
char *s;
int n;
isc_buffer_t b, namebuf;
unsigned char data[1024];
dns_name_t domain;
result = dns_tkeyctx_create(mctx, &tctx);
if (result != ISC_R_SUCCESS)
return (result);
s = NULL;
result = dns_c_ctx_gettkeydhkey(cfg, &s, &n);
if (result == ISC_R_NOTFOUND)
return (ISC_R_SUCCESS);
RETERR(dst_key_fromfile(s, n, DNS_KEYALG_DH,
DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
mctx, &tctx->dhkey));
s = NULL;
RETERR(dns_c_ctx_gettkeydomain(cfg, &s));
dns_name_init(&domain, NULL);
tctx->domain = (dns_name_t *) isc_mem_get(mctx, sizeof(dns_name_t));
if (tctx->domain == NULL)
return (ISC_R_NOMEMORY);
dns_name_init(tctx->domain, NULL);
isc_buffer_init(&b, s, strlen(s), ISC_BUFFERTYPE_TEXT);
isc_buffer_add(&b, strlen(s));
isc_buffer_init(&namebuf, data, sizeof(data), ISC_BUFFERTYPE_BINARY);
RETERR(dns_name_fromtext(&domain, &b, dns_rootname, ISC_FALSE,
&namebuf));
RETERR(dns_name_dup(&domain, mctx, tctx->domain));
*tctxp = tctx;
return (ISC_R_SUCCESS);
failure:
if (tctx->dhkey != NULL) {
dst_key_free(tctx->dhkey);
tctx->dhkey = NULL;
}
if (tctx->domain != NULL) {
dns_name_free(tctx->domain, mctx);
isc_mem_put(mctx, tctx->domain, sizeof(dns_name_t));
tctx->domain = NULL;
}
dns_tkeyctx_destroy(&tctx);
return (result);
}

150
bin/named/tsigconf.c Normal file
View File

@@ -0,0 +1,150 @@
/*
* Copyright (C) 1999, 2000 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
*/
#include <config.h>
#include <isc/base64.h>
#include <isc/lex.h>
#include <dns/confctx.h>
#include <dns/confkeys.h>
#include <dns/name.h>
#include <dns/tsigconf.h>
static isc_result_t
add_initial_keys(dns_c_kdeflist_t *list, dns_tsig_keyring_t *ring,
isc_mem_t *mctx)
{
isc_lex_t *lex = NULL;
dns_c_kdef_t *key;
unsigned char *secret = NULL;
int secretalloc = 0;
int secretlen = 0;
isc_result_t ret;
key = ISC_LIST_HEAD(list->keydefs);
while (key != NULL) {
dns_name_t keyname;
dns_name_t alg;
char keynamedata[1024], algdata[1024];
isc_buffer_t keynamesrc, keynamebuf, algsrc, algbuf;
isc_buffer_t secretsrc, secretbuf;
dns_name_init(&keyname, NULL);
dns_name_init(&alg, NULL);
/* Create the key name */
isc_buffer_init(&keynamesrc, key->keyid, strlen(key->keyid),
ISC_BUFFERTYPE_TEXT);
isc_buffer_add(&keynamesrc, strlen(key->keyid));
isc_buffer_init(&keynamebuf, keynamedata, sizeof(keynamedata),
ISC_BUFFERTYPE_BINARY);
ret = dns_name_fromtext(&keyname, &keynamesrc, dns_rootname,
ISC_TRUE, &keynamebuf);
if (ret != ISC_R_SUCCESS)
goto failure;
/* Create the algorithm */
if (strcasecmp(key->algorithm, "hmac-md5") == 0)
alg = *dns_tsig_hmacmd5_name;
else {
isc_buffer_init(&algsrc, key->algorithm,
strlen(key->algorithm),
ISC_BUFFERTYPE_TEXT);
isc_buffer_add(&algsrc, strlen(key->algorithm));
isc_buffer_init(&algbuf, algdata, sizeof(algdata),
ISC_BUFFERTYPE_BINARY);
ret = dns_name_fromtext(&alg, &algsrc, dns_rootname,
ISC_TRUE, &algbuf);
if (ret != ISC_R_SUCCESS)
goto failure;
}
if (strlen(key->secret) % 4 != 0) {
ret = ISC_R_BADBASE64;
goto failure;
}
secretalloc = secretlen = strlen(key->secret) * 3 / 4;
secret = isc_mem_get(mctx, secretlen);
if (secret == NULL) {
ret = ISC_R_NOMEMORY;
goto failure;
}
isc_buffer_init(&secretsrc, key->secret, strlen(key->secret),
ISC_BUFFERTYPE_TEXT);
isc_buffer_add(&secretsrc, strlen(key->secret));
isc_buffer_init(&secretbuf, secret, secretlen,
ISC_BUFFERTYPE_BINARY);
ret = isc_lex_create(mctx, strlen(key->secret), &lex);
if (ret != ISC_R_SUCCESS)
goto failure;
ret = isc_lex_openbuffer(lex, &secretsrc);
if (ret != ISC_R_SUCCESS)
goto failure;
ret = isc_base64_tobuffer(lex, &secretbuf, -1);
if (ret != ISC_R_SUCCESS)
goto failure;
secretlen = ISC_BUFFER_USEDCOUNT(&secretbuf);
isc_lex_close(lex);
isc_lex_destroy(&lex);
ret = dns_tsigkey_create(&keyname, &alg, secret, secretlen,
ISC_FALSE, NULL, mctx, ring, NULL);
isc_mem_put(mctx, secret, secretalloc);
secret = NULL;
if (ret != ISC_R_SUCCESS)
goto failure;
key = ISC_LIST_NEXT(key, next);
}
return (ISC_R_SUCCESS);
failure:
if (lex != NULL)
isc_lex_destroy(&lex);
if (secret != NULL)
isc_mem_put(mctx, secret, secretlen);
return (ret);
}
isc_result_t
dns_tsigkeyring_fromconfig(dns_c_ctx_t *confctx, isc_mem_t *mctx,
dns_tsig_keyring_t **ringp)
{
dns_c_kdeflist_t *keylist = NULL;
dns_tsig_keyring_t *ring = NULL;
isc_result_t result;
result = dns_tsigkeyring_create(mctx, &ring);
if (result != ISC_R_SUCCESS)
return (result);
result = dns_c_ctx_getkdeflist(confctx, &keylist);
if (result == ISC_R_SUCCESS)
result = add_initial_keys(keylist, ring, mctx);
else if (result == ISC_R_NOTFOUND)
result = ISC_R_SUCCESS;
if (result != ISC_R_SUCCESS)
goto failure;
*ringp = ring;
return (ISC_R_SUCCESS);
failure:
dns_tsigkeyring_destroy(&ring);
return (result);
}

8
bin/tests/tkey_test.c
View File

@@ -320,8 +320,8 @@ main(int argc, char *argv[]) {
RUNTIME_CHECK(isc_log_create(mctx, &log) == ISC_R_SUCCESS);
ring = NULL;
RUNTIME_CHECK(dns_tsig_init(NULL, mctx, &ring) == ISC_R_SUCCESS);
RUNTIME_CHECK(dns_tkey_init(NULL, mctx, &tctx) == ISC_R_SUCCESS);
RUNTIME_CHECK(dns_tsigkeyring_create(mctx, &ring) == ISC_R_SUCCESS);
RUNTIME_CHECK(dns_tkeyctx_create(mctx, &tctx) == ISC_R_SUCCESS);
argc -= isc_commandline_index;
argv += isc_commandline_index;
@@ -362,8 +362,8 @@ main(int argc, char *argv[]) {
isc_socketmgr_destroy(&socketmgr);
isc_timermgr_destroy(&timermgr);
dns_tsig_destroy(&ring);
dns_tkey_destroy(&tctx);
dns_tsigkeyring_destroy(&ring);
dns_tkeyctx_destroy(&tctx);
if (verbose)
isc_mem_stats(mctx, stdout);
isc_mem_destroy(&mctx);

6
lib/dns/Makefile.in
View File

@@ -123,7 +123,8 @@ OBJS = a6.@O@ acl.@O@ aclconf.@O@ adb.@O@ byaddr.@O@ \
rbt.@O@ rbtdb.@O@ rbtdb64.@O@ rdata.@O@ rdatalist.@O@ \
rdataset.@O@ rdatasetiter.@O@ rdataslab.@O@ resolver.@O@ \
result.@O@ rootns.@O@ \
tcpmsg.@O@ time.@O@ tkey.@O@ tsig.@O@ ttl.@O@ \
tcpmsg.@O@ time.@O@ tkey.@O@ tkeyconf.@O@ \
tsig.@O@ tsigconf.@O@ ttl.@O@ \
version.@O@ view.@O@ xfrin.@O@ zone.@O@ zoneconf.@O@ zt.@O@ \
${DSTOBJS} ${OPENSSLOBJS} ${DNSSAFEOBJS} ${CONFOBJS}
@@ -137,7 +138,8 @@ SRCS = a6.c acl.c aclconf.c adb.c byaddr.c \
rbt.c rbtdb.c rbtdb64.c rdata.c rdatalist.c \
rdataset.c rdatasetiter.c rdataslab.c resolver.c \
result.c rootns.c \
tcpmsg.c time.c tkey.c tsig.c ttl.c \
tcpmsg.c time.c tkey.c tkeyconf.c \
tsig.c tsigconf.c ttl.c \
version.c view.c xfrin.c zone.c zoneconf.c zt.c
SUBDIRS = include sec config

10
lib/dns/include/dns/tkey.h
View File

@@ -18,12 +18,11 @@
#ifndef DNS_TKEY_H
#define DNS_TKEY_H 1
#include <isc/mem.h>
#include <isc/types.h>
#include <isc/lang.h>
#include <dns/types.h>
#include <dns/name.h>
#include <dns/confctx.h>
#include <dst/dst.h>
@@ -43,10 +42,9 @@ struct dns_tkey_ctx {
};
isc_result_t
dns_tkey_init(dns_c_ctx_t *cfg, isc_mem_t *mctx, dns_tkey_ctx_t **tctx);
dns_tkeyctx_create(isc_mem_t *mctx, dns_tkey_ctx_t **tctx);
/*
* Obtains TKEY configuration information, including default DH key
* and default domain from the configuration, if it's not NULL.
* Create an empty TKEY context.
*
* Requires:
* 'mctx' is not NULL
@@ -60,7 +58,7 @@ dns_tkey_init(dns_c_ctx_t *cfg, isc_mem_t *mctx, dns_tkey_ctx_t **tctx);
*/
void
dns_tkey_destroy(dns_tkey_ctx_t **tctx);
dns_tkeyctx_destroy(dns_tkey_ctx_t **tctx);
/*
* Frees all data associated with the TKEY context
*

48
lib/dns/include/dns/tkeyconf.h Normal file
View File

@@ -0,0 +1,48 @@
/*
* Copyright (C) 1999, 2000 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
*/
#ifndef DNS_TKEYCONF_H
#define DNS_TKEYCONF_H 1
#include <isc/types.h>
#include <isc/lang.h>
#include <dns/tkey.h>
#include <dns/confctx.h>
ISC_LANG_BEGINDECLS
isc_result_t
dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx, dns_tkey_ctx_t **tctxp);
/*
* Create a TKEY context and configure it, including the default DH key
* and default domain, according to 'cfg'.
*
* Requires:
* 'cfg' is a valid configuration context.
* 'mctx' is not NULL
* 'tctx' is not NULL
* '*tctx' is NULL
*
* Returns:
* ISC_R_SUCCESS
* ISC_R_NOMEMORY
*/
ISC_LANG_ENDDECLS
#endif /* DNS_TKEYCONF_H */

10
lib/dns/include/dns/tsig.h
View File

@@ -24,7 +24,6 @@
#include <dns/types.h>
#include <dns/name.h>
#include <dns/confctx.h>
#include <dst/dst.h>
@@ -174,10 +173,9 @@ dns_tsigkey_find(dns_tsigkey_t **tsigkey, dns_name_t *name,
isc_result_t
dns_tsig_init(dns_c_ctx_t *confctx, isc_mem_t *mctx, dns_tsig_keyring_t **ring);
dns_tsigkeyring_create(isc_mem_t *mctx, dns_tsig_keyring_t **ring);
/*
* Initializes the TSIG subsystem. If confctx is not NULL, any
* specified keys are loaded.
* Create an empty TSIG key ring.
*
* Requires:
* 'mctx' is not NULL
@@ -190,9 +188,9 @@ dns_tsig_init(dns_c_ctx_t *confctx, isc_mem_t *mctx, dns_tsig_keyring_t **ring);
void
dns_tsig_destroy(dns_tsig_keyring_t **ring);
dns_tsigkeyring_destroy(dns_tsig_keyring_t **ring);
/*
* Frees all data associated with the TSIG subsystem
* Destroy a TSIG key ring.
*
* Requires:
* 'ring' is not NULL

47
lib/dns/include/dns/tsigconf.h Normal file
View File

@@ -0,0 +1,47 @@
/*
* Copyright (C) 1999, 2000 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
*/
#ifndef DNS_TSIGCONF_H
#define DNS_TSIGCONF_H 1
#include <isc/types.h>
#include <isc/lang.h>
#include <dns/tsig.h>
#include <dns/confctx.h>
ISC_LANG_BEGINDECLS
isc_result_t
dns_tsigkeyring_fromconfig(dns_c_ctx_t *confctx, isc_mem_t *mctx,
dns_tsig_keyring_t **ring);
/*
* Create a TSIG key ring and configure it according to 'confctx'.
*
* Requires:
* 'confctx' is a valid configuration context.
* 'mctx' is not NULL
* 'ring' is not NULL, and '*ring' is NULL
*
* Returns:
* ISC_R_SUCCESS
* ISC_R_NOMEMORY
*/
ISC_LANG_ENDDECLS
#endif /* DNS_TSIGCONF_H */

49
lib/dns/tkey.c
View File

@@ -16,7 +16,7 @@
*/
/*
* $Id: tkey.c,v 1.18 2000/01/22 04:45:13 bwelling Exp $
* $Id: tkey.c,v 1.19 2000/01/24 19:14:21 gson Exp $
* Principal Author: Brian Wellington
*/
@@ -65,14 +65,7 @@
isc_result_t
dns_tkey_init(dns_c_ctx_t *cfg, isc_mem_t *mctx, dns_tkey_ctx_t **tctx) {
isc_result_t result;
char *s;
int n;
isc_buffer_t b, namebuf;
unsigned char data[1024];
dns_name_t domain;
dns_tkeyctx_create(isc_mem_t *mctx, dns_tkey_ctx_t **tctx) {
REQUIRE(mctx != NULL);
REQUIRE(tctx != NULL);
REQUIRE(*tctx == NULL);
@@ -84,47 +77,11 @@ dns_tkey_init(dns_c_ctx_t *cfg, isc_mem_t *mctx, dns_tkey_ctx_t **tctx) {
(*tctx)->dhkey = NULL;
(*tctx)->domain = NULL;
if (cfg == NULL)
return (ISC_R_SUCCESS);
s = NULL;
result = dns_c_ctx_gettkeydhkey(cfg, &s, &n);
if (result == ISC_R_NOTFOUND)
return (ISC_R_SUCCESS);
RETERR(dst_key_fromfile(s, n, DNS_KEYALG_DH,
DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
mctx, &(*tctx)->dhkey));
s = NULL;
RETERR(dns_c_ctx_gettkeydomain(cfg, &s));
dns_name_init(&domain, NULL);
(*tctx)->domain = (dns_name_t *) isc_mem_get(mctx, sizeof(dns_name_t));
if ((*tctx)->domain == NULL)
return (ISC_R_NOMEMORY);
dns_name_init((*tctx)->domain, NULL);
isc_buffer_init(&b, s, strlen(s), ISC_BUFFERTYPE_TEXT);
isc_buffer_add(&b, strlen(s));
isc_buffer_init(&namebuf, data, sizeof(data), ISC_BUFFERTYPE_BINARY);
RETERR(dns_name_fromtext(&domain, &b, dns_rootname, ISC_FALSE,
&namebuf));
RETERR(dns_name_dup(&domain, mctx, (*tctx)->domain));
return (ISC_R_SUCCESS);
failure:
if ((*tctx)->dhkey != NULL) {
dst_key_free((*tctx)->dhkey);
(*tctx)->dhkey = NULL;
}
if ((*tctx)->domain != NULL) {
dns_name_free((*tctx)->domain, mctx);
isc_mem_put(mctx, (*tctx)->domain, sizeof(dns_name_t));
(*tctx)->domain = NULL;
}
return (result);
}
void
dns_tkey_destroy(dns_tkey_ctx_t **tctx) {
dns_tkeyctx_destroy(dns_tkey_ctx_t **tctx) {
isc_mem_t *mctx;
REQUIRE(tctx != NULL);

89
lib/dns/tkeyconf.c Normal file
View File

@@ -0,0 +1,89 @@
/*
* Copyright (C) 1999, 2000 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
*/
#include <config.h>
#include <isc/base64.h>
#include <isc/lex.h>
#include <dns/confctx.h>
#include <dns/confkeys.h>
#include <dns/keyvalues.h>
#include <dns/name.h>
#include <dns/tkeyconf.h>
#define RETERR(x) do { \
result = (x); \
if (result != ISC_R_SUCCESS) \
goto failure; \
} while (0)
isc_result_t
dns_tkeyctx_fromconfig(dns_c_ctx_t *cfg, isc_mem_t *mctx,
dns_tkey_ctx_t **tctxp)
{
isc_result_t result;
dns_tkey_ctx_t *tctx = NULL;
char *s;
int n;
isc_buffer_t b, namebuf;
unsigned char data[1024];
dns_name_t domain;
result = dns_tkeyctx_create(mctx, &tctx);
if (result != ISC_R_SUCCESS)
return (result);
s = NULL;
result = dns_c_ctx_gettkeydhkey(cfg, &s, &n);
if (result == ISC_R_NOTFOUND)
return (ISC_R_SUCCESS);
RETERR(dst_key_fromfile(s, n, DNS_KEYALG_DH,
DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
mctx, &tctx->dhkey));
s = NULL;
RETERR(dns_c_ctx_gettkeydomain(cfg, &s));
dns_name_init(&domain, NULL);
tctx->domain = (dns_name_t *) isc_mem_get(mctx, sizeof(dns_name_t));
if (tctx->domain == NULL)
return (ISC_R_NOMEMORY);
dns_name_init(tctx->domain, NULL);
isc_buffer_init(&b, s, strlen(s), ISC_BUFFERTYPE_TEXT);
isc_buffer_add(&b, strlen(s));
isc_buffer_init(&namebuf, data, sizeof(data), ISC_BUFFERTYPE_BINARY);
RETERR(dns_name_fromtext(&domain, &b, dns_rootname, ISC_FALSE,
&namebuf));
RETERR(dns_name_dup(&domain, mctx, tctx->domain));
*tctxp = tctx;
return (ISC_R_SUCCESS);
failure:
if (tctx->dhkey != NULL) {
dst_key_free(tctx->dhkey);
tctx->dhkey = NULL;
}
if (tctx->domain != NULL) {
dns_name_free(tctx->domain, mctx);
isc_mem_put(mctx, tctx->domain, sizeof(dns_name_t));
tctx->domain = NULL;
}
dns_tkeyctx_destroy(&tctx);
return (result);
}

116
lib/dns/tsig.c
View File

@@ -16,7 +16,7 @@
*/
/*
* $Id: tsig.c,v 1.40 2000/01/22 04:45:14 bwelling Exp $
* $Id: tsig.c,v 1.41 2000/01/24 19:14:22 gson Exp $
* Principal Author: Brian Wellington
*/
@@ -27,7 +27,6 @@
#include <string.h>
#include <isc/assertions.h>
#include <isc/base64.h>
#include <isc/buffer.h>
#include <isc/error.h>
#include <isc/list.h>
@@ -46,8 +45,6 @@
#include <dns/rdataset.h>
#include <dns/rdatastruct.h>
#include <dns/tsig.h>
#include <dns/confctx.h>
#include <dns/confkeys.h>
#include <dst/dst.h>
#include <dst/result.h>
@@ -985,102 +982,6 @@ dns_tsigkey_find(dns_tsigkey_t **tsigkey, dns_name_t *name,
return (ISC_R_NOTFOUND);
}
static isc_result_t
add_initial_keys(dns_c_kdeflist_t *list, dns_tsig_keyring_t *ring,
isc_mem_t *mctx)
{
isc_lex_t *lex = NULL;
dns_c_kdef_t *key;
unsigned char *secret = NULL;
int secretalloc = 0;
int secretlen = 0;
isc_result_t ret;
key = ISC_LIST_HEAD(list->keydefs);
while (key != NULL) {
dns_name_t keyname;
dns_name_t alg;
char keynamedata[1024], algdata[1024];
isc_buffer_t keynamesrc, keynamebuf, algsrc, algbuf;
isc_buffer_t secretsrc, secretbuf;
dns_name_init(&keyname, NULL);
dns_name_init(&alg, NULL);
/* Create the key name */
isc_buffer_init(&keynamesrc, key->keyid, strlen(key->keyid),
ISC_BUFFERTYPE_TEXT);
isc_buffer_add(&keynamesrc, strlen(key->keyid));
isc_buffer_init(&keynamebuf, keynamedata, sizeof(keynamedata),
ISC_BUFFERTYPE_BINARY);
ret = dns_name_fromtext(&keyname, &keynamesrc, dns_rootname,
ISC_TRUE, &keynamebuf);
if (ret != ISC_R_SUCCESS)
goto failure;
/* Create the algorithm */
if (strcasecmp(key->algorithm, "hmac-md5") == 0)
alg = *dns_tsig_hmacmd5_name;
else {
isc_buffer_init(&algsrc, key->algorithm,
strlen(key->algorithm),
ISC_BUFFERTYPE_TEXT);
isc_buffer_add(&algsrc, strlen(key->algorithm));
isc_buffer_init(&algbuf, algdata, sizeof(algdata),
ISC_BUFFERTYPE_BINARY);
ret = dns_name_fromtext(&alg, &algsrc, dns_rootname,
ISC_TRUE, &algbuf);
if (ret != ISC_R_SUCCESS)
goto failure;
}
if (strlen(key->secret) % 4 != 0) {
ret = ISC_R_BADBASE64;
goto failure;
}
secretalloc = secretlen = strlen(key->secret) * 3 / 4;
secret = isc_mem_get(mctx, secretlen);
if (secret == NULL) {
ret = ISC_R_NOMEMORY;
goto failure;
}
isc_buffer_init(&secretsrc, key->secret, strlen(key->secret),
ISC_BUFFERTYPE_TEXT);
isc_buffer_add(&secretsrc, strlen(key->secret));
isc_buffer_init(&secretbuf, secret, secretlen,
ISC_BUFFERTYPE_BINARY);
ret = isc_lex_create(mctx, strlen(key->secret), &lex);
if (ret != ISC_R_SUCCESS)
goto failure;
ret = isc_lex_openbuffer(lex, &secretsrc);
if (ret != ISC_R_SUCCESS)
goto failure;
ret = isc_base64_tobuffer(lex, &secretbuf, -1);
if (ret != ISC_R_SUCCESS)
goto failure;
secretlen = ISC_BUFFER_USEDCOUNT(&secretbuf);
isc_lex_close(lex);
isc_lex_destroy(&lex);
ret = dns_tsigkey_create(&keyname, &alg, secret, secretlen,
ISC_FALSE, NULL, mctx, ring, NULL);
isc_mem_put(mctx, secret, secretalloc);
secret = NULL;
if (ret != ISC_R_SUCCESS)
goto failure;
key = ISC_LIST_NEXT(key, next);
}
return (ISC_R_SUCCESS);
failure:
if (lex != NULL)
isc_lex_destroy(&lex);
if (secret != NULL)
isc_mem_put(mctx, secret, secretlen);
return (ret);
}
static void
dns_tsig_inithmac() {
isc_region_t r;
@@ -1093,11 +994,10 @@ dns_tsig_inithmac() {
}
isc_result_t
dns_tsig_init(dns_c_ctx_t *confctx, isc_mem_t *mctx, dns_tsig_keyring_t **ring)
dns_tsigkeyring_create(isc_mem_t *mctx, dns_tsig_keyring_t **ring)
{
isc_result_t ret;
dns_c_kdeflist_t *keylist = NULL;
REQUIRE(mctx != NULL);
REQUIRE(ring != NULL);
REQUIRE(*ring == NULL);
@@ -1117,21 +1017,13 @@ dns_tsig_init(dns_c_ctx_t *confctx, isc_mem_t *mctx, dns_tsig_keyring_t **ring)
ISC_LIST_INIT((*ring)->keys);
if (confctx != NULL) {
ret = dns_c_ctx_getkdeflist(confctx, &keylist);
if (ret == ISC_R_SUCCESS)
ret = add_initial_keys(keylist, *ring, mctx);
else if (ret != ISC_R_NOTFOUND)
return (ret);
}
(*ring)->mctx = mctx;
return (ISC_R_SUCCESS);
}
void
dns_tsig_destroy(dns_tsig_keyring_t **ring) {
dns_tsigkeyring_destroy(dns_tsig_keyring_t **ring) {
isc_mem_t *mctx;
REQUIRE(ring != NULL);

150
lib/dns/tsigconf.c Normal file
View File

@@ -0,0 +1,150 @@
/*
* Copyright (C) 1999, 2000 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
*/
#include <config.h>
#include <isc/base64.h>
#include <isc/lex.h>
#include <dns/confctx.h>
#include <dns/confkeys.h>
#include <dns/name.h>
#include <dns/tsigconf.h>
static isc_result_t
add_initial_keys(dns_c_kdeflist_t *list, dns_tsig_keyring_t *ring,
isc_mem_t *mctx)
{
isc_lex_t *lex = NULL;
dns_c_kdef_t *key;
unsigned char *secret = NULL;
int secretalloc = 0;
int secretlen = 0;
isc_result_t ret;
key = ISC_LIST_HEAD(list->keydefs);
while (key != NULL) {
dns_name_t keyname;
dns_name_t alg;
char keynamedata[1024], algdata[1024];
isc_buffer_t keynamesrc, keynamebuf, algsrc, algbuf;
isc_buffer_t secretsrc, secretbuf;
dns_name_init(&keyname, NULL);
dns_name_init(&alg, NULL);
/* Create the key name */
isc_buffer_init(&keynamesrc, key->keyid, strlen(key->keyid),
ISC_BUFFERTYPE_TEXT);
isc_buffer_add(&keynamesrc, strlen(key->keyid));
isc_buffer_init(&keynamebuf, keynamedata, sizeof(keynamedata),
ISC_BUFFERTYPE_BINARY);
ret = dns_name_fromtext(&keyname, &keynamesrc, dns_rootname,
ISC_TRUE, &keynamebuf);
if (ret != ISC_R_SUCCESS)
goto failure;
/* Create the algorithm */
if (strcasecmp(key->algorithm, "hmac-md5") == 0)
alg = *dns_tsig_hmacmd5_name;
else {
isc_buffer_init(&algsrc, key->algorithm,
strlen(key->algorithm),
ISC_BUFFERTYPE_TEXT);
isc_buffer_add(&algsrc, strlen(key->algorithm));
isc_buffer_init(&algbuf, algdata, sizeof(algdata),
ISC_BUFFERTYPE_BINARY);
ret = dns_name_fromtext(&alg, &algsrc, dns_rootname,
ISC_TRUE, &algbuf);
if (ret != ISC_R_SUCCESS)
goto failure;
}
if (strlen(key->secret) % 4 != 0) {
ret = ISC_R_BADBASE64;
goto failure;
}
secretalloc = secretlen = strlen(key->secret) * 3 / 4;
secret = isc_mem_get(mctx, secretlen);
if (secret == NULL) {
ret = ISC_R_NOMEMORY;
goto failure;
}
isc_buffer_init(&secretsrc, key->secret, strlen(key->secret),
ISC_BUFFERTYPE_TEXT);
isc_buffer_add(&secretsrc, strlen(key->secret));
isc_buffer_init(&secretbuf, secret, secretlen,
ISC_BUFFERTYPE_BINARY);
ret = isc_lex_create(mctx, strlen(key->secret), &lex);
if (ret != ISC_R_SUCCESS)
goto failure;
ret = isc_lex_openbuffer(lex, &secretsrc);
if (ret != ISC_R_SUCCESS)
goto failure;
ret = isc_base64_tobuffer(lex, &secretbuf, -1);
if (ret != ISC_R_SUCCESS)
goto failure;
secretlen = ISC_BUFFER_USEDCOUNT(&secretbuf);
isc_lex_close(lex);
isc_lex_destroy(&lex);
ret = dns_tsigkey_create(&keyname, &alg, secret, secretlen,
ISC_FALSE, NULL, mctx, ring, NULL);
isc_mem_put(mctx, secret, secretalloc);
secret = NULL;
if (ret != ISC_R_SUCCESS)
goto failure;
key = ISC_LIST_NEXT(key, next);
}
return (ISC_R_SUCCESS);
failure:
if (lex != NULL)
isc_lex_destroy(&lex);
if (secret != NULL)
isc_mem_put(mctx, secret, secretlen);
return (ret);
}
isc_result_t
dns_tsigkeyring_fromconfig(dns_c_ctx_t *confctx, isc_mem_t *mctx,
dns_tsig_keyring_t **ringp)
{
dns_c_kdeflist_t *keylist = NULL;
dns_tsig_keyring_t *ring = NULL;
isc_result_t result;
result = dns_tsigkeyring_create(mctx, &ring);
if (result != ISC_R_SUCCESS)
return (result);
result = dns_c_ctx_getkdeflist(confctx, &keylist);
if (result == ISC_R_SUCCESS)
result = add_initial_keys(keylist, ring, mctx);
else if (result == ISC_R_NOTFOUND)
result = ISC_R_SUCCESS;
if (result != ISC_R_SUCCESS)
goto failure;
*ringp = ring;
return (ISC_R_SUCCESS);
failure:
dns_tsigkeyring_destroy(&ring);
return (result);
}

8
lib/dns/view.c
View File

@@ -109,7 +109,7 @@ dns_view_create(isc_mem_t *mctx, dns_rdataclass_t rdclass,
view->attributes = (DNS_VIEWATTR_RESSHUTDOWN|DNS_VIEWATTR_ADBSHUTDOWN);
view->statickeys = NULL;
view->dynamickeys = NULL;
result = dns_tsig_init(NULL, view->mctx, &view->dynamickeys);
result = dns_tsigkeyring_create(view->mctx, &view->dynamickeys);
if (result != DNS_R_SUCCESS)
goto cleanup_zt;
ISC_LINK_INIT(view, link);
@@ -169,9 +169,9 @@ destroy(dns_view_t *view) {
REQUIRE(ADBSHUTDOWN(view));
if (view->dynamickeys != NULL)
dns_tsig_destroy(&view->dynamickeys);
dns_tsigkeyring_destroy(&view->dynamickeys);
if (view->statickeys != NULL)
dns_tsig_destroy(&view->statickeys);
dns_tsigkeyring_destroy(&view->statickeys);
if (view->adb != NULL)
dns_adb_detach(&view->adb);
if (view->resolver != NULL)
@@ -366,7 +366,7 @@ dns_view_setkeyring(dns_view_t *view, dns_tsig_keyring_t *ring) {
REQUIRE(DNS_VIEW_VALID(view));
REQUIRE(ring != NULL);
if (view->statickeys != NULL)
dns_tsig_destroy(&view->statickeys);
dns_tsigkeyring_destroy(&view->statickeys);
view->statickeys = ring;
}

4
util/copyrights
View File

@@ -390,7 +390,9 @@
./lib/dns/include/dns/tcpmsg.h C 1999,2000
./lib/dns/include/dns/time.h C 1999,2000
./lib/dns/include/dns/tkey.h C 1999,2000
./lib/dns/include/dns/tkeyconf.h C 1999,2000
./lib/dns/include/dns/tsig.h C 1999,2000
./lib/dns/include/dns/tsigconf.h C 1999,2000
./lib/dns/include/dns/ttl.h C 1999,2000
./lib/dns/include/dns/types.h C 1998,1999,2000
./lib/dns/include/dns/view.h C 1999,2000
@@ -522,7 +524,9 @@
./lib/dns/tcpmsg.c C 1999,2000
./lib/dns/time.c C 1998,1999,2000
./lib/dns/tkey.c C 1999,2000
./lib/dns/tkeyconf.c C 1999,2000
./lib/dns/tsig.c C 1999,2000
./lib/dns/tsigconf.c C 1999,2000
./lib/dns/ttl.c C 1999,2000
./lib/dns/version.c C 1998,1999,2000
./lib/dns/view.c C 1999,2000