mirror of
https://gitlab.isc.org/isc-projects/dhcp
synced 2025-08-31 14:25:41 +00:00
Added authentication support. The tsig_key structure has been renamed
to auth_key and moved into libomapi. libomapi now depends on libres, which contains the data signing routines.
This commit is contained in:
Damien Neil
@@ -406,13 +406,188 @@ isc_result_t omapi_connection_reaper (omapi_object_t *h)
|
||||
return ISC_R_SUCCESS;
|
||||
}
|
||||
|
||||
static isc_result_t make_dst_key (DST_KEY **dst_key, omapi_object_t *a) {
|
||||
omapi_value_t *name = (omapi_value_t *)0;
|
||||
omapi_value_t *algorithm = (omapi_value_t *)0;
|
||||
omapi_value_t *key = (omapi_value_t *)0;
|
||||
int algorithm_id;
|
||||
char *name_str;
|
||||
isc_result_t status = ISC_R_SUCCESS;
|
||||
|
||||
if (status == ISC_R_SUCCESS)
|
||||
status = omapi_get_value_str
|
||||
(a, (omapi_object_t *)0, "name", &name);
|
||||
|
||||
if (status == ISC_R_SUCCESS)
|
||||
status = omapi_get_value_str
|
||||
(a, (omapi_object_t *)0, "algorithm", &algorithm);
|
||||
|
||||
if (status == ISC_R_SUCCESS)
|
||||
status = omapi_get_value_str
|
||||
(a, (omapi_object_t *)0, "key", &key);
|
||||
|
||||
if (status == ISC_R_SUCCESS) {
|
||||
if (omapi_td_strcmp (algorithm -> value, "hmac-md5") == 0) {
|
||||
algorithm_id = KEY_HMAC_MD5;
|
||||
} else {
|
||||
status = ISC_R_INVALIDARG;
|
||||
}
|
||||
}
|
||||
|
||||
if (status == ISC_R_SUCCESS) {
|
||||
name_str = dmalloc (name -> value -> u.buffer.len + 1, MDL);
|
||||
if (!name_str)
|
||||
status = ISC_R_NOMEMORY;
|
||||
}
|
||||
|
||||
if (status == ISC_R_SUCCESS) {
|
||||
memcpy (name_str,
|
||||
name -> value -> u.buffer.value,
|
||||
name -> value -> u.buffer.len);
|
||||
name_str [name -> value -> u.buffer.len] = 0;
|
||||
|
||||
*dst_key = dst_buffer_to_key (name_str, algorithm_id, 0, 0,
|
||||
key -> value -> u.buffer.value,
|
||||
key -> value -> u.buffer.len);
|
||||
if (!*dst_key)
|
||||
status = ISC_R_NOMEMORY;
|
||||
}
|
||||
|
||||
if (name_str)
|
||||
dfree (name_str, MDL);
|
||||
if (key)
|
||||
omapi_value_dereference (&key, MDL);
|
||||
if (algorithm)
|
||||
omapi_value_dereference (&algorithm, MDL);
|
||||
if (name)
|
||||
omapi_value_dereference (&name, MDL);
|
||||
|
||||
return status;
|
||||
}
|
||||
|
||||
isc_result_t omapi_connection_sign_data (int mode,
|
||||
DST_KEY *key,
|
||||
void **context,
|
||||
const u_char *data,
|
||||
const unsigned len,
|
||||
omapi_typed_data_t **result)
|
||||
{
|
||||
omapi_typed_data_t *td = (omapi_typed_data_t *)0;
|
||||
isc_result_t status;
|
||||
int r;
|
||||
|
||||
if (mode & SIG_MODE_FINAL) {
|
||||
status = omapi_typed_data_new (MDL, &td,
|
||||
omapi_datatype_data,
|
||||
dst_sig_size (key));
|
||||
if (status != ISC_R_SUCCESS)
|
||||
return status;
|
||||
}
|
||||
|
||||
r = dst_sign_data (mode, key, context, data, len,
|
||||
td ? td -> u.buffer.value : (u_char *)0,
|
||||
td ? td -> u.buffer.len : 0);
|
||||
|
||||
/* dst_sign_data() really should do this for us, shouldn't it? */
|
||||
if (mode & SIG_MODE_FINAL)
|
||||
*context = (void *)0;
|
||||
|
||||
if (r < 0) {
|
||||
if (td)
|
||||
omapi_typed_data_dereference (&td, MDL);
|
||||
return ISC_R_INVALIDKEY;
|
||||
}
|
||||
|
||||
if (result && td) {
|
||||
omapi_typed_data_reference (result, td, MDL);
|
||||
}
|
||||
|
||||
if (td)
|
||||
omapi_typed_data_dereference (&td, MDL);
|
||||
|
||||
return ISC_R_SUCCESS;
|
||||
}
|
||||
|
||||
isc_result_t omapi_connection_output_auth_length (omapi_object_t *h,
|
||||
unsigned *l)
|
||||
{
|
||||
omapi_connection_object_t *c;
|
||||
|
||||
if (h -> type != omapi_type_connection)
|
||||
return ISC_R_INVALIDARG;
|
||||
c = (omapi_connection_object_t *)h;
|
||||
|
||||
if (!c -> out_key)
|
||||
return ISC_R_NOTFOUND;
|
||||
|
||||
*l = dst_sig_size (c -> out_key);
|
||||
return ISC_R_SUCCESS;
|
||||
}
|
||||
|
||||
isc_result_t omapi_connection_set_value (omapi_object_t *h,
|
||||
omapi_object_t *id,
|
||||
omapi_data_string_t *name,
|
||||
omapi_typed_data_t *value)
|
||||
{
|
||||
omapi_connection_object_t *c;
|
||||
isc_result_t status;
|
||||
|
||||
if (h -> type != omapi_type_connection)
|
||||
return ISC_R_INVALIDARG;
|
||||
c = (omapi_connection_object_t *)h;
|
||||
|
||||
if (omapi_ds_strcmp (name, "input-authenticator") == 0) {
|
||||
if (value && value -> type != omapi_datatype_object)
|
||||
return ISC_R_INVALIDARG;
|
||||
|
||||
if (c -> in_context) {
|
||||
omapi_connection_sign_data (SIG_MODE_FINAL,
|
||||
c -> in_key,
|
||||
&c -> in_context,
|
||||
0, 0,
|
||||
(omapi_typed_data_t **) 0);
|
||||
}
|
||||
|
||||
if (c -> in_key) {
|
||||
dst_free_key (c -> in_key);
|
||||
c -> in_key = (DST_KEY *)0;
|
||||
}
|
||||
|
||||
if (value) {
|
||||
status = make_dst_key (&c -> in_key,
|
||||
value -> u.object);
|
||||
if (status != ISC_R_SUCCESS)
|
||||
return status;
|
||||
}
|
||||
|
||||
return ISC_R_SUCCESS;
|
||||
}
|
||||
else if (omapi_ds_strcmp (name, "output-authenticator") == 0) {
|
||||
if (value && value -> type != omapi_datatype_object)
|
||||
return ISC_R_INVALIDARG;
|
||||
|
||||
if (c -> out_context) {
|
||||
omapi_connection_sign_data (SIG_MODE_FINAL,
|
||||
c -> out_key,
|
||||
&c -> out_context,
|
||||
0, 0,
|
||||
(omapi_typed_data_t **) 0);
|
||||
}
|
||||
|
||||
if (c -> out_key) {
|
||||
dst_free_key (c -> out_key);
|
||||
c -> out_key = (DST_KEY *)0;
|
||||
}
|
||||
|
||||
if (value) {
|
||||
status = make_dst_key (&c -> out_key,
|
||||
value -> u.object);
|
||||
if (status != ISC_R_SUCCESS)
|
||||
return status;
|
||||
}
|
||||
|
||||
return ISC_R_SUCCESS;
|
||||
}
|
||||
|
||||
if (h -> inner && h -> inner -> type -> set_value)
|
||||
return (*(h -> inner -> type -> set_value))
|
||||
@@ -425,8 +600,58 @@ isc_result_t omapi_connection_get_value (omapi_object_t *h,
|
||||
omapi_data_string_t *name,
|
||||
omapi_value_t **value)
|
||||
{
|
||||
omapi_connection_object_t *c;
|
||||
omapi_typed_data_t *td = (omapi_typed_data_t *)0;
|
||||
isc_result_t status;
|
||||
|
||||
if (h -> type != omapi_type_connection)
|
||||
return ISC_R_INVALIDARG;
|
||||
c = (omapi_connection_object_t *)h;
|
||||
|
||||
if (omapi_ds_strcmp (name, "input-signature") == 0) {
|
||||
if (!c -> in_key || !c -> in_context)
|
||||
return ISC_R_NOTFOUND;
|
||||
|
||||
status = omapi_connection_sign_data (SIG_MODE_FINAL,
|
||||
c -> in_key,
|
||||
&c -> in_context,
|
||||
0, 0, &td);
|
||||
if (status != ISC_R_SUCCESS)
|
||||
return status;
|
||||
|
||||
status = omapi_make_value (value, name, td, MDL);
|
||||
omapi_typed_data_dereference (&td, MDL);
|
||||
return status;
|
||||
|
||||
} else if (omapi_ds_strcmp (name, "input-signature-size") == 0) {
|
||||
if (!c -> in_key)
|
||||
return ISC_R_NOTFOUND;
|
||||
|
||||
return omapi_make_int_value (value, name,
|
||||
dst_sig_size (c -> in_key), MDL);
|
||||
|
||||
} else if (omapi_ds_strcmp (name, "output-signature") == 0) {
|
||||
if (!c -> out_key || !c -> out_context)
|
||||
return ISC_R_NOTFOUND;
|
||||
|
||||
status = omapi_connection_sign_data (SIG_MODE_FINAL,
|
||||
c -> out_key,
|
||||
&c -> out_context,
|
||||
0, 0, &td);
|
||||
if (status != ISC_R_SUCCESS)
|
||||
return status;
|
||||
|
||||
status = omapi_make_value (value, name, td, MDL);
|
||||
omapi_typed_data_dereference (&td, MDL);
|
||||
return status;
|
||||
|
||||
} else if (omapi_ds_strcmp (name, "output-signature-size") == 0) {
|
||||
if (!c -> out_key)
|
||||
return ISC_R_NOTFOUND;
|
||||
|
||||
return omapi_make_int_value (value, name,
|
||||
dst_sig_size (c -> out_key), MDL);
|
||||
}
|
||||
|
||||
if (h -> inner && h -> inner -> type -> get_value)
|
||||
return (*(h -> inner -> type -> get_value))
|
||||
|
||||
Reference in New Issue
Block a user