[thirdparty/dhcp.git] / omapip / auth.c

/* auth.c

   Subroutines having to do with authentication. */

/*
 * Copyright (c) 2004,2007,2009,2014 by Internet Systems Consortium, Inc. ("ISC")
 * Copyright (c) 1998-2003 by Internet Software Consortium
 *
 * Permission to use, copy, modify, and distribute this software for any
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
 *
 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
 * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 *
 *   Internet Systems Consortium, Inc.
 *   950 Charter Street
 *   Redwood City, CA 94063
 *   <info@isc.org>
 *   https://www.isc.org/
 *
 */

#include "dhcpd.h"

#include <omapip/omapip_p.h>

OMAPI_OBJECT_ALLOC (omapi_auth_key, omapi_auth_key_t, omapi_type_auth_key)
typedef struct hash omapi_auth_hash_t;
HASH_FUNCTIONS_DECL (omapi_auth_key, const char *,
		     omapi_auth_key_t, omapi_auth_hash_t)
omapi_auth_hash_t *auth_key_hash;
HASH_FUNCTIONS (omapi_auth_key, const char *, omapi_auth_key_t,
		omapi_auth_hash_t,
		omapi_auth_key_reference, omapi_auth_key_dereference,
		do_case_hash)

isc_result_t omapi_auth_key_new (omapi_auth_key_t **o, const char *file,
				 int line)
{
	return omapi_auth_key_allocate (o, file, line);
}

isc_result_t omapi_auth_key_destroy (omapi_object_t *h,
				     const char *file, int line)
{
	omapi_auth_key_t *a;

	if (h->type != omapi_type_auth_key)
		return DHCP_R_INVALIDARG;
	a = (omapi_auth_key_t *)h;

	if (auth_key_hash != NULL)
		omapi_auth_key_hash_delete(auth_key_hash, a->name, 0, MDL);

	if (a->name != NULL)
		dfree(a->name, MDL);
	if (a->algorithm != NULL)
		dfree(a->algorithm, MDL);
	if (a->key != NULL)
		omapi_data_string_dereference(&a->key, MDL);
	if (a->tsec_key != NULL)
		dns_tsec_destroy(&a->tsec_key);
	
	return ISC_R_SUCCESS;
}

isc_result_t omapi_auth_key_enter (omapi_auth_key_t *a)
{
	omapi_auth_key_t *tk;
	isc_result_t      status;
	dst_key_t        *dstkey;

	if (a -> type != omapi_type_auth_key)
		return DHCP_R_INVALIDARG;

	tk = (omapi_auth_key_t *)0;
	if (auth_key_hash) {
		omapi_auth_key_hash_lookup (&tk, auth_key_hash,
					    a -> name, 0, MDL);
		if (tk == a) {
			omapi_auth_key_dereference (&tk, MDL);
			return ISC_R_SUCCESS;
		}
		if (tk) {
			omapi_auth_key_hash_delete (auth_key_hash,
						    tk -> name, 0, MDL);
			omapi_auth_key_dereference (&tk, MDL);
		}
	} else {
		if (!omapi_auth_key_new_hash(&auth_key_hash,
					     KEY_HASH_SIZE, MDL))
			return ISC_R_NOMEMORY;
	}

	/*
	 * If possible create a tsec structure for this key,
	 * if we can't create the structure we put out a warning 
	 * and continue.
	 */
	status = isclib_make_dst_key(a->name, a->algorithm,
				     a->key->value, a->key->len,
				     &dstkey);
	if (status == ISC_R_SUCCESS) {
		status = dns_tsec_create(dhcp_gbl_ctx.mctx, dns_tsectype_tsig,
					 dstkey, &a->tsec_key);
		dst_key_free(&dstkey);
	}
	if (status != ISC_R_SUCCESS)
		log_error("Unable to create tsec structure for %s", a->name);

	omapi_auth_key_hash_add (auth_key_hash, a -> name, 0, a, MDL);
	return ISC_R_SUCCESS;
}

isc_result_t omapi_auth_key_lookup_name (omapi_auth_key_t **a,
					 const char *name)
{
	if (!auth_key_hash)
		return ISC_R_NOTFOUND;
	if (!omapi_auth_key_hash_lookup (a, auth_key_hash, name, 0, MDL))
		return ISC_R_NOTFOUND;
	return ISC_R_SUCCESS;
}

isc_result_t omapi_auth_key_lookup (omapi_object_t **h,
				    omapi_object_t *id,
				    omapi_object_t *ref)
{
	isc_result_t status;
	omapi_value_t *name = (omapi_value_t *)0;
	omapi_value_t *algorithm = (omapi_value_t *)0;

	if (!auth_key_hash)
		return ISC_R_NOTFOUND;

	if (!ref)
		return DHCP_R_NOKEYS;

	status = omapi_get_value_str (ref, id, "name", &name);
	if (status != ISC_R_SUCCESS)
		return status;

	if ((name -> value -> type != omapi_datatype_string) &&
	    (name -> value -> type != omapi_datatype_data)) {
		omapi_value_dereference (&name, MDL);
		return ISC_R_NOTFOUND;
	}

	status = omapi_get_value_str (ref, id, "algorithm", &algorithm);
	if (status != ISC_R_SUCCESS) {
		omapi_value_dereference (&name, MDL);
		return status;
	}

	if ((algorithm -> value -> type != omapi_datatype_string) &&
	    (algorithm -> value -> type != omapi_datatype_data)) {
		omapi_value_dereference (&name, MDL);
		omapi_value_dereference (&algorithm, MDL);
		return ISC_R_NOTFOUND;
	}


	if (!omapi_auth_key_hash_lookup ((omapi_auth_key_t **)h, auth_key_hash,
					 (const char *)
					 name -> value -> u.buffer.value,
					 name -> value -> u.buffer.len, MDL)) {
		omapi_value_dereference (&name, MDL);
		omapi_value_dereference (&algorithm, MDL);
		return ISC_R_NOTFOUND;
	}

	if (omapi_td_strcasecmp (algorithm -> value,
				 ((omapi_auth_key_t *)*h) -> algorithm) != 0) {
		omapi_value_dereference (&name, MDL);
		omapi_value_dereference (&algorithm, MDL);
		omapi_object_dereference (h, MDL);
		return ISC_R_NOTFOUND;
	}

	omapi_value_dereference (&name, MDL);
	omapi_value_dereference (&algorithm, MDL);

	return ISC_R_SUCCESS;
}

isc_result_t omapi_auth_key_stuff_values (omapi_object_t *c,
					  omapi_object_t *id,
					  omapi_object_t *h)
{
	omapi_auth_key_t *a;
	isc_result_t status;

	if (h -> type != omapi_type_auth_key)
		return DHCP_R_INVALIDARG;
	a = (omapi_auth_key_t *)h;

	/* Write only the name and algorithm -- not the secret! */
	if (a -> name) {
		status = omapi_connection_put_name (c, "name");
		if (status != ISC_R_SUCCESS)
			return status;
		status = omapi_connection_put_string (c, a -> name);
		if (status != ISC_R_SUCCESS)
			return status;
	}
	if (a -> algorithm) {
		status = omapi_connection_put_name (c, "algorithm");
		if (status != ISC_R_SUCCESS)
			return status;
		status = omapi_connection_put_string (c, a -> algorithm);
		if (status != ISC_R_SUCCESS)
			return status;
	}

	return ISC_R_SUCCESS;
}

isc_result_t omapi_auth_key_get_value (omapi_object_t *h,
				       omapi_object_t *id,
				       omapi_data_string_t *name,
				       omapi_value_t **value)
{
	omapi_auth_key_t *a;
	isc_result_t status;

	if (h -> type != omapi_type_auth_key)
		return ISC_R_UNEXPECTED;
	a = (omapi_auth_key_t *)h;

	if (omapi_ds_strcmp (name, "name") == 0) {
		if (a -> name)
			return omapi_make_string_value
				(value, name, a -> name, MDL);
		else
			return ISC_R_NOTFOUND;
	} else if (omapi_ds_strcmp (name, "key") == 0) {
		if (a -> key) {
			status = omapi_value_new (value, MDL);
			if (status != ISC_R_SUCCESS)
				return status;

			status = omapi_data_string_reference
				(&(*value) -> name, name, MDL);
			if (status != ISC_R_SUCCESS) {
				omapi_value_dereference (value, MDL);
				return status;
			}

			status = omapi_typed_data_new (MDL, &(*value) -> value,
						       omapi_datatype_data,
						       a -> key -> len);
			if (status != ISC_R_SUCCESS) {
				omapi_value_dereference (value, MDL);
				return status;
			}

			memcpy ((*value) -> value -> u.buffer.value,
				a -> key -> value, a -> key -> len);
			return ISC_R_SUCCESS;
		} else
			return ISC_R_NOTFOUND;
	} else if (omapi_ds_strcmp (name, "algorithm") == 0) {
		if (a -> algorithm)
			return omapi_make_string_value
				(value, name, a -> algorithm, MDL);
		else
			return ISC_R_NOTFOUND;
	}

	return ISC_R_SUCCESS;
}
Commit	Line	Data
49146f3c DN	1	/* auth.c
	2
	3	Subroutines having to do with authentication. */
	4
	5	/*
edad9be5	6	* Copyright (c) 2004,2007,2009,2014 by Internet Systems Consortium, Inc. ("ISC")
98311e4b	7	* Copyright (c) 1998-2003 by Internet Software Consortium
49146f3c	8	*
98311e4b DH	9	* Permission to use, copy, modify, and distribute this software for any
	10	* purpose with or without fee is hereby granted, provided that the above
	11	* copyright notice and this permission notice appear in all copies.
49146f3c	12	*
98311e4b DH	13	* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
	14	* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
	15	* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR
	16	* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
	17	* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
	18	* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
	19	* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
49146f3c	20	*
98311e4b DH	21	* Internet Systems Consortium, Inc.
	22	* 950 Charter Street
	23	* Redwood City, CA 94063
	24	* <info@isc.org>
2c85ac9b	25	* https://www.isc.org/
49146f3c	26	*
49146f3c DN	27	*/
49146f3c DN	28
fe5b0fdd DH	29	#include "dhcpd.h"
fe5b0fdd DH	30
49146f3c DN	31	#include <omapip/omapip_p.h>
49146f3c DN	32
a69fc68a	33	OMAPI_OBJECT_ALLOC (omapi_auth_key, omapi_auth_key_t, omapi_type_auth_key)
98311e4b DH	34	typedef struct hash omapi_auth_hash_t;
	35	HASH_FUNCTIONS_DECL (omapi_auth_key, const char *,
	36	omapi_auth_key_t, omapi_auth_hash_t)
	37	omapi_auth_hash_t *auth_key_hash;
	38	HASH_FUNCTIONS (omapi_auth_key, const char *, omapi_auth_key_t,
	39	omapi_auth_hash_t,
f7fdb216 DH	40	omapi_auth_key_reference, omapi_auth_key_dereference,
f7fdb216 DH	41	do_case_hash)
49146f3c DN	42
	43	isc_result_t omapi_auth_key_new (omapi_auth_key_t *o, const char file,
	44	int line)
	45	{
d758ad8c	46	return omapi_auth_key_allocate (o, file, line);
49146f3c DN	47	}
	48
	49	isc_result_t omapi_auth_key_destroy (omapi_object_t *h,
	50	const char *file, int line)
	51	{
	52	omapi_auth_key_t *a;
	53
98bf1607 SR	54	if (h->type != omapi_type_auth_key)
98bf1607 SR	55	return DHCP_R_INVALIDARG;
49146f3c DN	56	a = (omapi_auth_key_t *)h;
49146f3c DN	57
98bf1607 SR	58	if (auth_key_hash != NULL)
	59	omapi_auth_key_hash_delete(auth_key_hash, a->name, 0, MDL);
	60
	61	if (a->name != NULL)
	62	dfree(a->name, MDL);
	63	if (a->algorithm != NULL)
	64	dfree(a->algorithm, MDL);
	65	if (a->key != NULL)
	66	omapi_data_string_dereference(&a->key, MDL);
	67	if (a->tsec_key != NULL)
	68	dns_tsec_destroy(&a->tsec_key);
49146f3c DN	69
	70	return ISC_R_SUCCESS;
	71	}
	72
	73	isc_result_t omapi_auth_key_enter (omapi_auth_key_t *a)
	74	{
	75	omapi_auth_key_t *tk;
98bf1607 SR	76	isc_result_t status;
98bf1607 SR	77	dst_key_t *dstkey;
49146f3c DN	78
49146f3c DN	79	if (a -> type != omapi_type_auth_key)
98bf1607	80	return DHCP_R_INVALIDARG;
49146f3c DN	81
	82	tk = (omapi_auth_key_t *)0;
	83	if (auth_key_hash) {
	84	omapi_auth_key_hash_lookup (&tk, auth_key_hash,
	85	a -> name, 0, MDL);
	86	if (tk == a) {
	87	omapi_auth_key_dereference (&tk, MDL);
	88	return ISC_R_SUCCESS;
	89	}
	90	if (tk) {
	91	omapi_auth_key_hash_delete (auth_key_hash,
	92	tk -> name, 0, MDL);
	93	omapi_auth_key_dereference (&tk, MDL);
	94	}
	95	} else {
f7fdb216 DH	96	if (!omapi_auth_key_new_hash(&auth_key_hash,
f7fdb216 DH	97	KEY_HASH_SIZE, MDL))
49146f3c DN	98	return ISC_R_NOMEMORY;
49146f3c DN	99	}
98bf1607 SR	100
	101	/*
	102	* If possible create a tsec structure for this key,
	103	* if we can't create the structure we put out a warning
	104	* and continue.
	105	*/
	106	status = isclib_make_dst_key(a->name, a->algorithm,
	107	a->key->value, a->key->len,
	108	&dstkey);
	109	if (status == ISC_R_SUCCESS) {
	110	status = dns_tsec_create(dhcp_gbl_ctx.mctx, dns_tsectype_tsig,
72c44667	111	dstkey, &a->tsec_key);
51c8829c	112	dst_key_free(&dstkey);
98bf1607	113	}
51c8829c	114	if (status != ISC_R_SUCCESS)
98bf1607	115	log_error("Unable to create tsec structure for %s", a->name);
98bf1607	116
49146f3c DN	117	omapi_auth_key_hash_add (auth_key_hash, a -> name, 0, a, MDL);
49146f3c DN	118	return ISC_R_SUCCESS;
49146f3c DN	119	}
	120
	121	isc_result_t omapi_auth_key_lookup_name (omapi_auth_key_t **a,
	122	const char *name)
	123	{
	124	if (!auth_key_hash)
	125	return ISC_R_NOTFOUND;
	126	if (!omapi_auth_key_hash_lookup (a, auth_key_hash, name, 0, MDL))
	127	return ISC_R_NOTFOUND;
	128	return ISC_R_SUCCESS;
	129	}
	130
	131	isc_result_t omapi_auth_key_lookup (omapi_object_t **h,
	132	omapi_object_t *id,
	133	omapi_object_t *ref)
	134	{
	135	isc_result_t status;
	136	omapi_value_t name = (omapi_value_t )0;
	137	omapi_value_t algorithm = (omapi_value_t )0;
	138
	139	if (!auth_key_hash)
	140	return ISC_R_NOTFOUND;
	141
d758ad8c	142	if (!ref)
98bf1607	143	return DHCP_R_NOKEYS;
d758ad8c	144
49146f3c DN	145	status = omapi_get_value_str (ref, id, "name", &name);
	146	if (status != ISC_R_SUCCESS)
	147	return status;
	148
	149	if ((name -> value -> type != omapi_datatype_string) &&
	150	(name -> value -> type != omapi_datatype_data)) {
	151	omapi_value_dereference (&name, MDL);
	152	return ISC_R_NOTFOUND;
	153	}
	154
	155	status = omapi_get_value_str (ref, id, "algorithm", &algorithm);
	156	if (status != ISC_R_SUCCESS) {
	157	omapi_value_dereference (&name, MDL);
	158	return status;
	159	}
	160
	161	if ((algorithm -> value -> type != omapi_datatype_string) &&
	162	(algorithm -> value -> type != omapi_datatype_data)) {
	163	omapi_value_dereference (&name, MDL);
	164	omapi_value_dereference (&algorithm, MDL);
	165	return ISC_R_NOTFOUND;
	166	}
	167
	168
	169	if (!omapi_auth_key_hash_lookup ((omapi_auth_key_t **)h, auth_key_hash,
a69fc68a	170	(const char *)
49146f3c DN	171	name -> value -> u.buffer.value,
	172	name -> value -> u.buffer.len, MDL)) {
	173	omapi_value_dereference (&name, MDL);
	174	omapi_value_dereference (&algorithm, MDL);
	175	return ISC_R_NOTFOUND;
	176	}
	177
5a4163c6 TL	178	if (omapi_td_strcasecmp (algorithm -> value,
5a4163c6 TL	179	((omapi_auth_key_t )h) -> algorithm) != 0) {
49146f3c DN	180	omapi_value_dereference (&name, MDL);
	181	omapi_value_dereference (&algorithm, MDL);
	182	omapi_object_dereference (h, MDL);
	183	return ISC_R_NOTFOUND;
	184	}
	185
	186	omapi_value_dereference (&name, MDL);
	187	omapi_value_dereference (&algorithm, MDL);
	188
	189	return ISC_R_SUCCESS;
	190	}
	191
	192	isc_result_t omapi_auth_key_stuff_values (omapi_object_t *c,
	193	omapi_object_t *id,
	194	omapi_object_t *h)
	195	{
	196	omapi_auth_key_t *a;
	197	isc_result_t status;
	198
	199	if (h -> type != omapi_type_auth_key)
98bf1607	200	return DHCP_R_INVALIDARG;
49146f3c DN	201	a = (omapi_auth_key_t *)h;
	202
	203	/* Write only the name and algorithm -- not the secret! */
	204	if (a -> name) {
	205	status = omapi_connection_put_name (c, "name");
	206	if (status != ISC_R_SUCCESS)
	207	return status;
	208	status = omapi_connection_put_string (c, a -> name);
	209	if (status != ISC_R_SUCCESS)
	210	return status;
	211	}
	212	if (a -> algorithm) {
	213	status = omapi_connection_put_name (c, "algorithm");
	214	if (status != ISC_R_SUCCESS)
	215	return status;
	216	status = omapi_connection_put_string (c, a -> algorithm);
	217	if (status != ISC_R_SUCCESS)
	218	return status;
	219	}
	220
	221	return ISC_R_SUCCESS;
	222	}
	223
	224	isc_result_t omapi_auth_key_get_value (omapi_object_t *h,
	225	omapi_object_t *id,
	226	omapi_data_string_t *name,
	227	omapi_value_t **value)
	228	{
	229	omapi_auth_key_t *a;
	230	isc_result_t status;
	231
	232	if (h -> type != omapi_type_auth_key)
	233	return ISC_R_UNEXPECTED;
	234	a = (omapi_auth_key_t *)h;
	235
	236	if (omapi_ds_strcmp (name, "name") == 0) {
	237	if (a -> name)
	238	return omapi_make_string_value
	239	(value, name, a -> name, MDL);
	240	else
	241	return ISC_R_NOTFOUND;
	242	} else if (omapi_ds_strcmp (name, "key") == 0) {
	243	if (a -> key) {
	244	status = omapi_value_new (value, MDL);
	245	if (status != ISC_R_SUCCESS)
	246	return status;
	247
	248	status = omapi_data_string_reference
	249	(&(*value) -> name, name, MDL);
	250	if (status != ISC_R_SUCCESS) {
	251	omapi_value_dereference (value, MDL);
	252	return status;
	253	}
	254
	255	status = omapi_typed_data_new (MDL, &(*value) -> value,
	256	omapi_datatype_data,
	257	a -> key -> len);
	258	if (status != ISC_R_SUCCESS) {
	259	omapi_value_dereference (value, MDL);
	260	return status;
	261	}
	262
	263	memcpy ((*value) -> value -> u.buffer.value,
	264	a -> key -> value, a -> key -> len);
265	return ISC_R_SUCCESS;
266	} else
267	return ISC_R_NOTFOUND;
268	} else if (omapi_ds_strcmp (name, "algorithm") == 0) {
269	if (a -> algorithm)
270	return omapi_make_string_value
271	(value, name, a -> algorithm, MDL);
272	else
273	return ISC_R_NOTFOUND;
274	}
275
276	return ISC_R_SUCCESS;
277	}