f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson/*
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * Copyright (C) 1999-2001, 2004-2007, 2009, 2010, 2012, 2014, 2016 Internet Systems Consortium, Inc. ("ISC")
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence *
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * This Source Code Form is subject to the terms of the Mozilla Public
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * License, v. 2.0. If a copy of the MPL was not distributed with this
0c27b3fe77ac1d5094ba3521e8142d9e7973133fMark Andrews * file, You can obtain one at http://mozilla.org/MPL/2.0/.
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson */
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson
ca103999e64da0b16bb8b30589408f1556264dceAutomatic Updater/* $Id: tkeyconf.c,v 1.33 2010/12/20 23:47:20 tbox Exp $ */
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein
ab023a65562e62b85a824509d829b6fad87e00b1Rob Austein/*! \file */
9c3531d72aeaad6c5f01efe6a1c82023e1379e4dDavid Lawrence
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson#include <config.h>
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence#include <isc/buffer.h>
6028d1ce0380d0ba7f6c6ecd1ad20b31ddd1becbDavid Lawrence#include <isc/string.h> /* Required for HP/UX (and others?) */
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence#include <isc/mem.h>
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington#include <isccfg/cfg.h>
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington
909e3c228813f05bcdebf403a69ed18406f86ec4Brian Wellington#include <dns/fixedname.h>
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson#include <dns/keyvalues.h>
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson#include <dns/name.h>
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence#include <dns/tkey.h>
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson
3b2f0d1d660486abf9d6c450b39e015836d97373Brian Wellington#include <dst/gssapi.h>
3b2f0d1d660486abf9d6c450b39e015836d97373Brian Wellington
9259fed3d8ac5d1efa9b5a647969e40c9c934484Andreas Gustafsson#include <named/tkeyconf.h>
9259fed3d8ac5d1efa9b5a647969e40c9c934484Andreas Gustafsson
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson#define RETERR(x) do { \
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson result = (x); \
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson if (result != ISC_R_SUCCESS) \
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson goto failure; \
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson } while (0)
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews#include<named/log.h>
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews#define LOG(msg) \
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews isc_log_write(ns_g_lctx, \
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews NS_LOGCATEGORY_GENERAL, \
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews NS_LOGMODULE_SERVER, \
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews ISC_LOG_ERROR, \
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews "%s", msg)
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafssonisc_result_t
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrewsns_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx,
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrews isc_entropy_t *ectx, dns_tkeyctx_t **tctxp)
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson{
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson isc_result_t result;
14c5931d3d52baf17a786153c35c05fa62f916dcBrian Wellington dns_tkeyctx_t *tctx = NULL;
4e1d3e67cdc76609bad5f0310ac48de10b442b9fMark Andrews const char *s;
029f5aa86138aa9c32b3dc3c8a00626eea961d35James Brister isc_uint32_t n;
909e3c228813f05bcdebf403a69ed18406f86ec4Brian Wellington dns_fixedname_t fname;
909e3c228813f05bcdebf403a69ed18406f86ec4Brian Wellington dns_name_t *name;
909e3c228813f05bcdebf403a69ed18406f86ec4Brian Wellington isc_buffer_t b;
45e1bd63587102c3bb361eaca42ee7b714fb3542Mark Andrews const cfg_obj_t *obj;
23fdb6a5a3d3d0e427682b68eea9553d2d326ad4Mark Andrews int type;
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson
14c5931d3d52baf17a786153c35c05fa62f916dcBrian Wellington result = dns_tkeyctx_create(mctx, ectx, &tctx);
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson if (result != ISC_R_SUCCESS)
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson return (result);
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington obj = NULL;
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington result = cfg_map_get(options, "tkey-dhkey", &obj);
909e3c228813f05bcdebf403a69ed18406f86ec4Brian Wellington if (result == ISC_R_SUCCESS) {
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington s = cfg_obj_asstring(cfg_tuple_get(obj, "name"));
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington n = cfg_obj_asuint32(cfg_tuple_get(obj, "keyid"));
6f7abb89ec22aef5eda40ed60fcf605a42b78d4dMark Andrews isc_buffer_constinit(&b, s, strlen(s));
909e3c228813f05bcdebf403a69ed18406f86ec4Brian Wellington isc_buffer_add(&b, strlen(s));
909e3c228813f05bcdebf403a69ed18406f86ec4Brian Wellington dns_fixedname_init(&fname);
909e3c228813f05bcdebf403a69ed18406f86ec4Brian Wellington name = dns_fixedname_name(&fname);
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉 RETERR(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
23fdb6a5a3d3d0e427682b68eea9553d2d326ad4Mark Andrews type = DST_TYPE_PUBLIC|DST_TYPE_PRIVATE|DST_TYPE_KEY;
a14762f207c36eb0171328802a570ceeddef581dDanny Mayer RETERR(dst_key_fromfile(name, (dns_keytag_t) n, DNS_KEYALG_DH,
23fdb6a5a3d3d0e427682b68eea9553d2d326ad4Mark Andrews type, NULL, mctx, &tctx->dhkey));
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington }
909e3c228813f05bcdebf403a69ed18406f86ec4Brian Wellington
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington obj = NULL;
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington result = cfg_map_get(options, "tkey-domain", &obj);
909e3c228813f05bcdebf403a69ed18406f86ec4Brian Wellington if (result == ISC_R_SUCCESS) {
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington s = cfg_obj_asstring(obj);
6f7abb89ec22aef5eda40ed60fcf605a42b78d4dMark Andrews isc_buffer_constinit(&b, s, strlen(s));
909e3c228813f05bcdebf403a69ed18406f86ec4Brian Wellington isc_buffer_add(&b, strlen(s));
909e3c228813f05bcdebf403a69ed18406f86ec4Brian Wellington dns_fixedname_init(&fname);
909e3c228813f05bcdebf403a69ed18406f86ec4Brian Wellington name = dns_fixedname_name(&fname);
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉 RETERR(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
909e3c228813f05bcdebf403a69ed18406f86ec4Brian Wellington tctx->domain = isc_mem_get(mctx, sizeof(dns_name_t));
909e3c228813f05bcdebf403a69ed18406f86ec4Brian Wellington if (tctx->domain == NULL) {
909e3c228813f05bcdebf403a69ed18406f86ec4Brian Wellington result = ISC_R_NOMEMORY;
909e3c228813f05bcdebf403a69ed18406f86ec4Brian Wellington goto failure;
909e3c228813f05bcdebf403a69ed18406f86ec4Brian Wellington }
909e3c228813f05bcdebf403a69ed18406f86ec4Brian Wellington dns_name_init(tctx->domain, NULL);
909e3c228813f05bcdebf403a69ed18406f86ec4Brian Wellington RETERR(dns_name_dup(name, mctx, tctx->domain));
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington }
909e3c228813f05bcdebf403a69ed18406f86ec4Brian Wellington
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington obj = NULL;
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington result = cfg_map_get(options, "tkey-gssapi-credential", &obj);
909e3c228813f05bcdebf403a69ed18406f86ec4Brian Wellington if (result == ISC_R_SUCCESS) {
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington s = cfg_obj_asstring(obj);
289ae548d52bc8f982d9823af64cafda7bd92232Mark Andrews
6f7abb89ec22aef5eda40ed60fcf605a42b78d4dMark Andrews isc_buffer_constinit(&b, s, strlen(s));
909e3c228813f05bcdebf403a69ed18406f86ec4Brian Wellington isc_buffer_add(&b, strlen(s));
909e3c228813f05bcdebf403a69ed18406f86ec4Brian Wellington dns_fixedname_init(&fname);
909e3c228813f05bcdebf403a69ed18406f86ec4Brian Wellington name = dns_fixedname_name(&fname);
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉 RETERR(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
307d2084502eddc7ce921e5ce439aec3531d90e0Tatuya JINMEI 神明達哉 RETERR(dst_gssapi_acquirecred(name, ISC_FALSE, &tctx->gsscred));
90c099e88e9f16bfee9edee3ac1a51fc98843772Brian Wellington }
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson
71bd858d8ed62672e7c23999dc7c02fd16a55089Evan Hunt obj = NULL;
71bd858d8ed62672e7c23999dc7c02fd16a55089Evan Hunt result = cfg_map_get(options, "tkey-gssapi-keytab", &obj);
71bd858d8ed62672e7c23999dc7c02fd16a55089Evan Hunt if (result == ISC_R_SUCCESS) {
71bd858d8ed62672e7c23999dc7c02fd16a55089Evan Hunt s = cfg_obj_asstring(obj);
71bd858d8ed62672e7c23999dc7c02fd16a55089Evan Hunt tctx->gssapi_keytab = isc_mem_strdup(mctx, s);
71bd858d8ed62672e7c23999dc7c02fd16a55089Evan Hunt if (tctx->gssapi_keytab == NULL) {
71bd858d8ed62672e7c23999dc7c02fd16a55089Evan Hunt result = ISC_R_NOMEMORY;
71bd858d8ed62672e7c23999dc7c02fd16a55089Evan Hunt goto failure;
71bd858d8ed62672e7c23999dc7c02fd16a55089Evan Hunt }
71bd858d8ed62672e7c23999dc7c02fd16a55089Evan Hunt }
71bd858d8ed62672e7c23999dc7c02fd16a55089Evan Hunt
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson *tctxp = tctx;
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson return (ISC_R_SUCCESS);
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson failure:
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson dns_tkeyctx_destroy(&tctx);
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson return (result);
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson}
f93d33e24fdf76eb2558168f018b8992bcfc5681Andreas Gustafsson