BIND9 Internals: bin/named/tkeyconf.c Source File

00001 /*
00002  * Copyright (C) 2004-2007, 2009, 2010, 2012, 2014  Internet Systems Consortium, Inc. ("ISC")
00003  * Copyright (C) 1999-2001  Internet Software Consortium.
00004  *
00005  * Permission to use, copy, modify, and/or distribute this software for any
00006  * purpose with or without fee is hereby granted, provided that the above
00007  * copyright notice and this permission notice appear in all copies.
00008  *
00009  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
00010  * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
00011  * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
00012  * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
00013  * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
00014  * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
00015  * PERFORMANCE OF THIS SOFTWARE.
00016  */
00017 
00018 /* $Id: tkeyconf.c,v 1.33 2010/12/20 23:47:20 tbox Exp $ */
00019 
00020 /*! \file */
00021 
00022 #include <config.h>
00023 
00024 #include <isc/buffer.h>
00025 #include <isc/string.h>         /* Required for HP/UX (and others?) */
00026 #include <isc/mem.h>
00027 
00028 #include <isccfg/cfg.h>
00029 
00030 #include <dns/fixedname.h>
00031 #include <dns/keyvalues.h>
00032 #include <dns/name.h>
00033 #include <dns/tkey.h>
00034 
00035 #include <dst/gssapi.h>
00036 
00037 #include <named/tkeyconf.h>
00038 
00039 #define RETERR(x) do { \
00040         result = (x); \
00041         if (result != ISC_R_SUCCESS) \
00042                 goto failure; \
00043         } while (0)
00044 
00045 #include<named/log.h>
00046 #define LOG(msg) \
00047         isc_log_write(ns_g_lctx, \
00048         NS_LOGCATEGORY_GENERAL, \
00049         NS_LOGMODULE_SERVER, \
00050         ISC_LOG_ERROR, \
00051         "%s", msg)
00052 
00053 isc_result_t
00054 ns_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx,
00055                       isc_entropy_t *ectx, dns_tkeyctx_t **tctxp)
00056 {
00057         isc_result_t result;
00058         dns_tkeyctx_t *tctx = NULL;
00059         const char *s;
00060         isc_uint32_t n;
00061         dns_fixedname_t fname;
00062         dns_name_t *name;
00063         isc_buffer_t b;
00064         const cfg_obj_t *obj;
00065         int type;
00066 
00067         result = dns_tkeyctx_create(mctx, ectx, &tctx);
00068         if (result != ISC_R_SUCCESS)
00069                 return (result);
00070 
00071         obj = NULL;
00072         result = cfg_map_get(options, "tkey-dhkey", &obj);
00073         if (result == ISC_R_SUCCESS) {
00074                 s = cfg_obj_asstring(cfg_tuple_get(obj, "name"));
00075                 n = cfg_obj_asuint32(cfg_tuple_get(obj, "keyid"));
00076                 isc_buffer_constinit(&b, s, strlen(s));
00077                 isc_buffer_add(&b, strlen(s));
00078                 dns_fixedname_init(&fname);
00079                 name = dns_fixedname_name(&fname);
00080                 RETERR(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
00081                 type = DST_TYPE_PUBLIC|DST_TYPE_PRIVATE|DST_TYPE_KEY;
00082                 RETERR(dst_key_fromfile(name, (dns_keytag_t) n, DNS_KEYALG_DH,
00083                                         type, NULL, mctx, &tctx->dhkey));
00084         }
00085 
00086         obj = NULL;
00087         result = cfg_map_get(options, "tkey-domain", &obj);
00088         if (result == ISC_R_SUCCESS) {
00089                 s = cfg_obj_asstring(obj);
00090                 isc_buffer_constinit(&b, s, strlen(s));
00091                 isc_buffer_add(&b, strlen(s));
00092                 dns_fixedname_init(&fname);
00093                 name = dns_fixedname_name(&fname);
00094                 RETERR(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
00095                 tctx->domain = isc_mem_get(mctx, sizeof(dns_name_t));
00096                 if (tctx->domain == NULL) {
00097                         result = ISC_R_NOMEMORY;
00098                         goto failure;
00099                 }
00100                 dns_name_init(tctx->domain, NULL);
00101                 RETERR(dns_name_dup(name, mctx, tctx->domain));
00102         }
00103 
00104         obj = NULL;
00105         result = cfg_map_get(options, "tkey-gssapi-credential", &obj);
00106         if (result == ISC_R_SUCCESS) {
00107                 s = cfg_obj_asstring(obj);
00108 
00109                 isc_buffer_constinit(&b, s, strlen(s));
00110                 isc_buffer_add(&b, strlen(s));
00111                 dns_fixedname_init(&fname);
00112                 name = dns_fixedname_name(&fname);
00113                 RETERR(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
00114                 RETERR(dst_gssapi_acquirecred(name, ISC_FALSE, &tctx->gsscred));
00115         }
00116 
00117         obj = NULL;
00118         result = cfg_map_get(options, "tkey-gssapi-keytab", &obj);
00119         if (result == ISC_R_SUCCESS) {
00120                 s = cfg_obj_asstring(obj);
00121                 tctx->gssapi_keytab = isc_mem_strdup(mctx, s);
00122                 if (tctx->gssapi_keytab == NULL) {
00123                         result = ISC_R_NOMEMORY;
00124                         goto failure;
00125                 }
00126         }
00127 
00128         *tctxp = tctx;
00129         return (ISC_R_SUCCESS);
00130 
00131  failure:
00132         dns_tkeyctx_destroy(&tctx);
00133         return (result);
00134 }
00135