1/* $NetBSD: tkeyconf.c,v 1.7 2022/09/23 12:15:21 christos Exp $ */ 2 3/* 4 * Copyright (C) Internet Systems Consortium, Inc. ("ISC") 5 * 6 * SPDX-License-Identifier: MPL-2.0 7 * 8 * This Source Code Form is subject to the terms of the Mozilla Public 9 * License, v. 2.0. If a copy of the MPL was not distributed with this 10 * file, you can obtain one at https://mozilla.org/MPL/2.0/. 11 * 12 * See the COPYRIGHT file distributed with this work for additional 13 * information regarding copyright ownership. 14 */ 15 16/*! \file */ 17 18#include <inttypes.h> 19 20#include <isc/buffer.h> 21#include <isc/mem.h> 22#include <isc/string.h> /* Required for HP/UX (and others?) */ 23 24#include <dns/fixedname.h> 25#include <dns/keyvalues.h> 26#include <dns/name.h> 27#include <dns/tkey.h> 28 29#include <dst/gssapi.h> 30 31#include <isccfg/cfg.h> 32 33#include <named/tkeyconf.h> 34 35#define RETERR(x) \ 36 do { \ 37 result = (x); \ 38 if (result != ISC_R_SUCCESS) \ 39 goto failure; \ 40 } while (0) 41 42#include <named/log.h> 43#define LOG(msg) \ 44 isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, \ 45 NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR, "%s", msg) 46 47isc_result_t 48named_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx, 49 dns_tkeyctx_t **tctxp) { 50 isc_result_t result; 51 dns_tkeyctx_t *tctx = NULL; 52 const char *s; 53 uint32_t n; 54 dns_fixedname_t fname; 55 dns_name_t *name; 56 isc_buffer_t b; 57 const cfg_obj_t *obj; 58 int type; 59 60 result = dns_tkeyctx_create(mctx, &tctx); 61 if (result != ISC_R_SUCCESS) { 62 return (result); 63 } 64 65 obj = NULL; 66 result = cfg_map_get(options, "tkey-dhkey", &obj); 67 if (result == ISC_R_SUCCESS) { 68 s = cfg_obj_asstring(cfg_tuple_get(obj, "name")); 69 n = cfg_obj_asuint32(cfg_tuple_get(obj, "keyid")); 70 isc_buffer_constinit(&b, s, strlen(s)); 71 isc_buffer_add(&b, strlen(s)); 72 name = dns_fixedname_initname(&fname); 73 RETERR(dns_name_fromtext(name, &b, dns_rootname, 0, NULL)); 74 type = DST_TYPE_PUBLIC | DST_TYPE_PRIVATE | DST_TYPE_KEY; 75 RETERR(dst_key_fromfile(name, (dns_keytag_t)n, DNS_KEYALG_DH, 76 type, NULL, mctx, &tctx->dhkey)); 77 } 78 79 obj = NULL; 80 result = cfg_map_get(options, "tkey-domain", &obj); 81 if (result == ISC_R_SUCCESS) { 82 s = cfg_obj_asstring(obj); 83 isc_buffer_constinit(&b, s, strlen(s)); 84 isc_buffer_add(&b, strlen(s)); 85 name = dns_fixedname_initname(&fname); 86 RETERR(dns_name_fromtext(name, &b, dns_rootname, 0, NULL)); 87 tctx->domain = isc_mem_get(mctx, sizeof(dns_name_t)); 88 dns_name_init(tctx->domain, NULL); 89 dns_name_dup(name, mctx, tctx->domain); 90 } 91 92 obj = NULL; 93 result = cfg_map_get(options, "tkey-gssapi-credential", &obj); 94 if (result == ISC_R_SUCCESS) { 95 s = cfg_obj_asstring(obj); 96 97 isc_buffer_constinit(&b, s, strlen(s)); 98 isc_buffer_add(&b, strlen(s)); 99 name = dns_fixedname_initname(&fname); 100 RETERR(dns_name_fromtext(name, &b, dns_rootname, 0, NULL)); 101 RETERR(dst_gssapi_acquirecred(name, false, &tctx->gsscred)); 102 } 103 104 obj = NULL; 105 result = cfg_map_get(options, "tkey-gssapi-keytab", &obj); 106 if (result == ISC_R_SUCCESS) { 107 s = cfg_obj_asstring(obj); 108 tctx->gssapi_keytab = isc_mem_strdup(mctx, s); 109 } 110 111 *tctxp = tctx; 112 return (ISC_R_SUCCESS); 113 114failure: 115 dns_tkeyctx_destroy(&tctx); 116 return (result); 117} 118