4 * Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
6 * Permission to use, copy, modify, and/or distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
10 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
11 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
12 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
13 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
14 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
15 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
16 * PERFORMANCE OF THIS SOFTWARE.
19 /* Id: dnsconf.c,v 1.3 2009/09/02 23:48:02 tbox Exp */
27 #include <isc/base64.h>
28 #include <isc/buffer.h>
33 #include <isccfg/dnsconf.h>
35 #include <dns/fixedname.h>
37 #include <dns/rdata.h>
38 #include <dns/rdatastruct.h>
40 #include <irs/dnsconf.h>
42 #define IRS_DNSCONF_MAGIC ISC_MAGIC('D', 'c', 'f', 'g')
43 #define IRS_DNSCONF_VALID(c) ISC_MAGIC_VALID(c, IRS_DNSCONF_MAGIC)
46 * configuration data structure
52 irs_dnsconf_dnskeylist_t trusted_keylist
;
56 configure_dnsseckeys(irs_dnsconf_t
*conf
, cfg_obj_t
*cfgobj
,
57 dns_rdataclass_t rdclass
)
59 isc_mem_t
*mctx
= conf
->mctx
;
60 const cfg_obj_t
*keys
= NULL
;
61 const cfg_obj_t
*key
, *keylist
;
62 dns_fixedname_t fkeyname
;
63 dns_name_t
*keyname_base
, *keyname
;
64 const cfg_listelt_t
*element
, *element2
;
66 isc_uint32_t flags
, proto
, alg
;
67 const char *keystr
, *keynamestr
;
68 unsigned char keydata
[4096];
69 isc_buffer_t keydatabuf_base
, *keydatabuf
;
70 dns_rdata_dnskey_t keystruct
;
71 unsigned char rrdata
[4096];
72 isc_buffer_t rrdatabuf
;
75 irs_dnsconf_dnskey_t
*keyent
;
77 cfg_map_get(cfgobj
, "trusted-keys", &keys
);
79 return (ISC_R_SUCCESS
);
81 for (element
= cfg_list_first(keys
);
83 element
= cfg_list_next(element
)) {
84 keylist
= cfg_listelt_value(element
);
85 for (element2
= cfg_list_first(keylist
);
87 element2
= cfg_list_next(element2
))
92 key
= cfg_listelt_value(element2
);
94 flags
= cfg_obj_asuint32(cfg_tuple_get(key
, "flags"));
95 proto
= cfg_obj_asuint32(cfg_tuple_get(key
,
97 alg
= cfg_obj_asuint32(cfg_tuple_get(key
,
99 keynamestr
= cfg_obj_asstring(cfg_tuple_get(key
,
102 keystruct
.common
.rdclass
= rdclass
;
103 keystruct
.common
.rdtype
= dns_rdatatype_dnskey
;
104 keystruct
.mctx
= NULL
;
105 ISC_LINK_INIT(&keystruct
.common
, link
);
108 return (ISC_R_RANGE
);
110 return (ISC_R_RANGE
);
112 return (ISC_R_RANGE
);
113 keystruct
.flags
= (isc_uint16_t
)flags
;
114 keystruct
.protocol
= (isc_uint8_t
)proto
;
115 keystruct
.algorithm
= (isc_uint8_t
)alg
;
117 isc_buffer_init(&keydatabuf_base
, keydata
,
119 isc_buffer_init(&rrdatabuf
, rrdata
, sizeof(rrdata
));
121 /* Configure key value */
122 keystr
= cfg_obj_asstring(cfg_tuple_get(key
, "key"));
123 result
= isc_base64_decodestring(keystr
,
125 if (result
!= ISC_R_SUCCESS
)
127 isc_buffer_usedregion(&keydatabuf_base
, &r
);
128 keystruct
.datalen
= r
.length
;
129 keystruct
.data
= r
.base
;
131 result
= dns_rdata_fromstruct(NULL
,
132 keystruct
.common
.rdclass
,
133 keystruct
.common
.rdtype
,
134 &keystruct
, &rrdatabuf
);
135 if (result
!= ISC_R_SUCCESS
)
137 isc_buffer_usedregion(&rrdatabuf
, &r
);
138 result
= isc_buffer_allocate(mctx
, &keydatabuf
,
140 if (result
!= ISC_R_SUCCESS
)
142 result
= isc_buffer_copyregion(keydatabuf
, &r
);
143 if (result
!= ISC_R_SUCCESS
)
146 /* Configure key name */
147 dns_fixedname_init(&fkeyname
);
148 keyname_base
= dns_fixedname_name(&fkeyname
);
149 isc_buffer_init(&namebuf
, keynamestr
,
151 isc_buffer_add(&namebuf
, strlen(keynamestr
));
152 result
= dns_name_fromtext(keyname_base
, &namebuf
,
153 dns_rootname
, 0, NULL
);
154 if (result
!= ISC_R_SUCCESS
)
156 keyname
= isc_mem_get(mctx
, sizeof(*keyname
));
157 if (keyname
== NULL
) {
158 result
= ISC_R_NOMEMORY
;
161 dns_name_init(keyname
, NULL
);
162 result
= dns_name_dup(keyname_base
, mctx
, keyname
);
163 if (result
!= ISC_R_SUCCESS
)
166 /* Add the key data to the list */
167 keyent
= isc_mem_get(mctx
, sizeof(*keyent
));
168 if (keyent
== NULL
) {
169 dns_name_free(keyname
, mctx
);
170 result
= ISC_R_NOMEMORY
;
173 keyent
->keyname
= keyname
;
174 keyent
->keydatabuf
= keydatabuf
;
176 ISC_LIST_APPEND(conf
->trusted_keylist
, keyent
, link
);
180 return (ISC_R_SUCCESS
);
183 if (keydatabuf
!= NULL
)
184 isc_buffer_free(&keydatabuf
);
186 isc_mem_put(mctx
, keyname
, sizeof(*keyname
));
192 irs_dnsconf_load(isc_mem_t
*mctx
, const char *filename
, irs_dnsconf_t
**confp
)
195 cfg_parser_t
*parser
= NULL
;
196 cfg_obj_t
*cfgobj
= NULL
;
197 isc_result_t result
= ISC_R_SUCCESS
;
199 REQUIRE(confp
!= NULL
&& *confp
== NULL
);
201 conf
= isc_mem_get(mctx
, sizeof(*conf
));
203 return (ISC_R_NOMEMORY
);
206 ISC_LIST_INIT(conf
->trusted_keylist
);
209 * If the specified file does not exist, we'll simply with an empty
212 if (!isc_file_exists(filename
))
215 result
= cfg_parser_create(mctx
, NULL
, &parser
);
216 if (result
!= ISC_R_SUCCESS
)
219 result
= cfg_parse_file(parser
, filename
, &cfg_type_dnsconf
,
221 if (result
!= ISC_R_SUCCESS
)
224 result
= configure_dnsseckeys(conf
, cfgobj
, dns_rdataclass_in
);
227 if (parser
!= NULL
) {
229 cfg_obj_destroy(parser
, &cfgobj
);
230 cfg_parser_destroy(&parser
);
233 conf
->magic
= IRS_DNSCONF_MAGIC
;
235 if (result
== ISC_R_SUCCESS
)
238 irs_dnsconf_destroy(&conf
);
244 irs_dnsconf_destroy(irs_dnsconf_t
**confp
) {
246 irs_dnsconf_dnskey_t
*keyent
;
248 REQUIRE(confp
!= NULL
);
250 REQUIRE(IRS_DNSCONF_VALID(conf
));
252 while ((keyent
= ISC_LIST_HEAD(conf
->trusted_keylist
)) != NULL
) {
253 ISC_LIST_UNLINK(conf
->trusted_keylist
, keyent
, link
);
255 isc_buffer_free(&keyent
->keydatabuf
);
256 dns_name_free(keyent
->keyname
, conf
->mctx
);
257 isc_mem_put(conf
->mctx
, keyent
->keyname
, sizeof(dns_name_t
));
258 isc_mem_put(conf
->mctx
, keyent
, sizeof(*keyent
));
261 isc_mem_put(conf
->mctx
, conf
, sizeof(*conf
));
266 irs_dnsconf_dnskeylist_t
*
267 irs_dnsconf_gettrustedkeys(irs_dnsconf_t
*conf
) {
268 REQUIRE(IRS_DNSCONF_VALID(conf
));
270 return (&conf
->trusted_keylist
);