auth.c revision 09f22ac5b09e70bc526015f37168ba33e21ea91f
/*
* Copyright (C) 2000 Internet Software Consortium.
*
* Permission to use, copy, modify, and distribute this software for any
* purpose with or without fee is hereby granted, provided that the above
* copyright notice and this permission notice appear in all copies.
*
* THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
* ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
* OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
* CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
* DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
* PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
* ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
* SOFTWARE.
*/
/* $Id: auth.c,v 1.5 2000/05/02 03:54:17 tale Exp $ */
/* Principal Author: DCL */
/*
* XXXDCL Todo:
* How do keys get specified by named.conf for the control channel?
* Could use the keys in the address_match_list (acl) specified in the
* "controls" statement. All of the keys would need to be at the beginning,
* so the match does not stop at an IP address. The server would register
* all of the keys. Currently, however, there is no way to limit a key
* to a particular listening interface on the server, as the configuration
* file would allow.
*/
/*
* Subroutines for dealing with authorization.
*/
#include <config.h>
#include <errno.h>
#include <stddef.h> /* NULL */
#include <string.h> /* memset */
#include <isc/assertions.h>
/*
* XXXDCL For reloading, Make refcounted, and use attach and detach?
*/
struct auth {
unsigned int magic;
char *name;
char *secret;
unsigned int algorithms;
};
static void
initialize_mutex(void) {
}
static isc_result_t
auth_t *a;
a = ISC_LIST_NEXT(a, link))
break;
if (a == NULL)
else {
ENSURE(VALID_AUTH(a));
*ap = a;
}
return (result);
}
unsigned int dst_algorithm;
unsigned int secret_len;
if (result == ISC_R_SUCCESS) {
switch (algorithm) {
case OMAPI_AUTH_HMACMD5:
break;
default:
"unknown auth algorithm %d",
return (ISC_R_UNEXPECTED);
}
}
return (result);
}
static void
auth_delete(auth_t *a) {
REQUIRE(VALID_AUTH(a));
a->magic = 0;
isc_mem_put(omapi_mctx, a, sizeof(*a));
}
unsigned int algorithms)
{
REQUIRE(algorithms != 0);
if (result == ISC_R_SUCCESS) {
else
}
if (result == ISC_R_SUCCESS) {
}
if (result != ISC_R_SUCCESS) {
}
return (result);
}
/*
* Currently the way to effect a reload is to use omapi_auth_deregister(NULL)
* to remove all of the existing auth structs before building a new
* omapi_authlist via omapi_auth_register calls. This clearly leaves a
* window, however small, where there is no authentication possible.
*/
void
omapi_auth_deregister(const char *name) {
auth_delete(a);
else
auth_delete(a);
}
/*
* Send a message from the client to the server that says the key with the
* given name should be used to authenticate messages.
*/
unsigned int algorithm) {
else
if (result == ISC_R_SUCCESS)
if (result == ISC_R_SUCCESS)
if (result == ISC_R_SUCCESS)
if (result == ISC_R_SUCCESS)
if (result == ISC_R_SUCCESS)
if (result == ISC_R_SUCCESS)
if (result == ISC_R_SUCCESS)
if (result == ISC_R_SUCCESS)
if (result == ISC_R_SUCCESS)
}
if (result == ISC_R_SUCCESS)
/*
* If the name was not found on the server, ISC_R_NOTFOUND
* where it is undesirable to disclose whether it was the
* username or password that was at fault, only one item
* can be discerned here -- the name, since the secret is
* not exchanged. Therefore there is no point in having
* the server obfuscate the ISC_R_NOTFOUND error into some
* other error.
*/
if (result == ISC_R_SUCCESS)
/*
* This sets up the key in the protocol structure
* on this side of the connection.
*/
return (result);
}
void
auth_destroy(void) {
}