1 /* $NetBSD: tkeyconf.c,v 1.6 2014/12/10 04:37:52 christos Exp $ */
4 * Copyright (C) 2004-2007, 2009, 2010, 2012, 2014 Internet Systems Consortium, Inc. ("ISC")
5 * Copyright (C) 1999-2001 Internet Software Consortium.
7 * Permission to use, copy, modify, and/or distribute this software for any
8 * purpose with or without fee is hereby granted, provided that the above
9 * copyright notice and this permission notice appear in all copies.
11 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
12 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
13 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
14 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
15 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
16 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
17 * PERFORMANCE OF THIS SOFTWARE.
20 /* Id: tkeyconf.c,v 1.33 2010/12/20 23:47:20 tbox Exp */
26 #include <isc/buffer.h>
27 #include <isc/string.h> /* Required for HP/UX (and others?) */
30 #include <isccfg/cfg.h>
32 #include <dns/fixedname.h>
33 #include <dns/keyvalues.h>
37 #include <dst/gssapi.h>
39 #include <named/tkeyconf.h>
41 #define RETERR(x) do { \
43 if (result != ISC_R_SUCCESS) \
45 } while (/*CONSTCOND*/0)
49 isc_log_write(ns_g_lctx, \
50 NS_LOGCATEGORY_GENERAL, \
51 NS_LOGMODULE_SERVER, \
56 ns_tkeyctx_fromconfig(const cfg_obj_t
*options
, isc_mem_t
*mctx
,
57 isc_entropy_t
*ectx
, dns_tkeyctx_t
**tctxp
)
60 dns_tkeyctx_t
*tctx
= NULL
;
63 dns_fixedname_t fname
;
69 result
= dns_tkeyctx_create(mctx
, ectx
, &tctx
);
70 if (result
!= ISC_R_SUCCESS
)
74 result
= cfg_map_get(options
, "tkey-dhkey", &obj
);
75 if (result
== ISC_R_SUCCESS
) {
76 s
= cfg_obj_asstring(cfg_tuple_get(obj
, "name"));
77 n
= cfg_obj_asuint32(cfg_tuple_get(obj
, "keyid"));
78 isc_buffer_constinit(&b
, s
, strlen(s
));
79 isc_buffer_add(&b
, strlen(s
));
80 dns_fixedname_init(&fname
);
81 name
= dns_fixedname_name(&fname
);
82 RETERR(dns_name_fromtext(name
, &b
, dns_rootname
, 0, NULL
));
83 type
= DST_TYPE_PUBLIC
|DST_TYPE_PRIVATE
|DST_TYPE_KEY
;
84 RETERR(dst_key_fromfile(name
, (dns_keytag_t
) n
, DNS_KEYALG_DH
,
85 type
, NULL
, mctx
, &tctx
->dhkey
));
89 result
= cfg_map_get(options
, "tkey-domain", &obj
);
90 if (result
== ISC_R_SUCCESS
) {
91 s
= cfg_obj_asstring(obj
);
92 isc_buffer_constinit(&b
, s
, strlen(s
));
93 isc_buffer_add(&b
, strlen(s
));
94 dns_fixedname_init(&fname
);
95 name
= dns_fixedname_name(&fname
);
96 RETERR(dns_name_fromtext(name
, &b
, dns_rootname
, 0, NULL
));
97 tctx
->domain
= isc_mem_get(mctx
, sizeof(dns_name_t
));
98 if (tctx
->domain
== NULL
) {
99 result
= ISC_R_NOMEMORY
;
102 dns_name_init(tctx
->domain
, NULL
);
103 RETERR(dns_name_dup(name
, mctx
, tctx
->domain
));
107 result
= cfg_map_get(options
, "tkey-gssapi-credential", &obj
);
108 if (result
== ISC_R_SUCCESS
) {
109 s
= cfg_obj_asstring(obj
);
111 isc_buffer_constinit(&b
, s
, strlen(s
));
112 isc_buffer_add(&b
, strlen(s
));
113 dns_fixedname_init(&fname
);
114 name
= dns_fixedname_name(&fname
);
115 RETERR(dns_name_fromtext(name
, &b
, dns_rootname
, 0, NULL
));
116 RETERR(dst_gssapi_acquirecred(name
, ISC_FALSE
, &tctx
->gsscred
));
120 result
= cfg_map_get(options
, "tkey-gssapi-keytab", &obj
);
121 if (result
== ISC_R_SUCCESS
) {
122 s
= cfg_obj_asstring(obj
);
123 tctx
->gssapi_keytab
= isc_mem_strdup(mctx
, s
);
124 if (tctx
->gssapi_keytab
== NULL
) {
125 result
= ISC_R_NOMEMORY
;
131 return (ISC_R_SUCCESS
);
134 dns_tkeyctx_destroy(&tctx
);