ssu_external.c revision 93235c1cba839a88013063ff8c440849d95dd222
/*
* Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC")
*
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
* REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
* AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
* INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
* LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
* OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
* PERFORMANCE OF THIS SOFTWARE.
*/
/* $Id: ssu_external.c,v 1.4 2011/01/07 23:47:07 tbox Exp $ */
/*
* This implements external update-policy rules. This allows permission
* to update a zone to be checked by consulting an external daemon (e.g.,
* kerberos).
*/
#include <config.h>
#include <errno.h>
#include <unistd.h>
#ifdef ISC_PLATFORM_HAVESYSUNH
#endif
#include <isc/strerror.h>
#include <dns/fixedname.h>
#include <dns/rdatatype.h>
static void
}
/*
* Connect to a UNIX domain socket.
*/
static int
ux_socket_connect(const char *path) {
int fd = -1;
#ifdef ISC_PLATFORM_HAVESYSUNH
struct sockaddr_un addr;
"longer than system maximum %u",
return (-1);
}
if (fd == -1) {
char strbuf[ISC_STRERRORSIZE];
strbuf);
return (-1);
}
char strbuf[ISC_STRERRORSIZE];
"socket '%s' - %s",
return (-1);
}
#endif
return (fd);
}
/* Change this version if you update the format of the request */
#define SSU_EXTERNAL_VERSION 1
/*
* Perform an update-policy rule check against an external application
* over a socket.
*
* This currently only supports local: for unix domain datagram sockets.
*
* Note that by using a datagram socket and creating a new socket each
* time we avoid the need for locking and allow for parallel access to
* the authorization server.
*/
{
char b_identity[DNS_NAME_FORMATSIZE];
char b_signer[DNS_NAME_FORMATSIZE];
char b_name[DNS_NAME_FORMATSIZE];
char b_addr[ISC_NETADDR_FORMATSIZE];
char b_type[DNS_RDATATYPE_FORMATSIZE];
char b_key[DST_KEY_FORMATSIZE];
int fd;
const char *sock_path;
/* For now only local: is supported */
return (ISC_FALSE);
}
if (fd == -1)
return (ISC_FALSE);
/* Format the request elements */
if (signer)
else
b_signer[0] = 0;
if (tcpaddr)
else
b_addr[0] = 0;
if (key)
else
b_key[0] = 0;
if (tkey_token) {
}
/* Work out how big the request will be */
sizeof(uint32_t) + /* Length */
sizeof(uint32_t) + /* tkey_token length */
token_len; /* tkey_token */
/* format the buffer */
return (ISC_FALSE);
}
/* Strings must be null-terminated */
isc_buffer_putuint8(&buf, 0);
isc_buffer_putuint8(&buf, 0);
isc_buffer_putuint8(&buf, 0);
isc_buffer_putuint8(&buf, 0);
isc_buffer_putuint8(&buf, 0);
if (tkey_token && token_len != 0)
/* Send the request */
char strbuf[ISC_STRERRORSIZE];
strbuf);
return (ISC_FALSE);
}
/* Receive the reply */
char strbuf[ISC_STRERRORSIZE];
strbuf);
return (ISC_FALSE);
}
if (reply == 0) {
b_name);
return (ISC_FALSE);
} else if (reply == 1) {
b_name);
return (ISC_TRUE);
}
return (ISC_FALSE);
}