omapip/auth.c

   1 /* auth.c
   2
   3    Subroutines having to do with authentication. */
   4
   5 /*
   6  * Copyright (c) 2004,2007,2009 by Internet Systems Consortium, Inc. ("ISC")
   7  * Copyright (c) 1998-2003 by Internet Software Consortium
   8  *
   9  * Permission to use, copy, modify, and distribute this software for any
  10  * purpose with or without fee is hereby granted, provided that the above
  11  * copyright notice and this permission notice appear in all copies.
  12  *
  13  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
  14  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
  15  * MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR
  16  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
  17  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
  18  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
  19  * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  20  *
  21  *   Internet Systems Consortium, Inc.
  22  *   950 Charter Street
  23  *   Redwood City, CA 94063
  24  *   <info@isc.org>
  25  *   https://www.isc.org/
  26  *
  27  * This software has been written for Internet Systems Consortium
  28  * by Ted Lemon in cooperation with Vixie Enterprises and Nominum, Inc.
  29  * To learn more about Internet Systems Consortium, see
  30  * ``https://www.isc.org/''.  To learn more about Vixie Enterprises,
  31  * see ``http://www.vix.com''.   To learn more about Nominum, Inc., see
  32  * ``http://www.nominum.com''.
  33  */
  34
  35 #include "dhcpd.h"
  36
  37 #include <omapip/omapip_p.h>
  38
  39 OMAPI_OBJECT_ALLOC (omapi_auth_key, omapi_auth_key_t, omapi_type_auth_key)
  40 typedef struct hash omapi_auth_hash_t;
  41 HASH_FUNCTIONS_DECL (omapi_auth_key, const char *,
  42                      omapi_auth_key_t, omapi_auth_hash_t)
  43 omapi_auth_hash_t *auth_key_hash;
  44 HASH_FUNCTIONS (omapi_auth_key, const char *, omapi_auth_key_t,
  45                 omapi_auth_hash_t,
  46                 omapi_auth_key_reference, omapi_auth_key_dereference,
  47                 do_case_hash)
  48
  49 isc_result_t omapi_auth_key_new (omapi_auth_key_t **o, const char *file,
  50                                  int line)
  51 {
  52         return omapi_auth_key_allocate (o, file, line);
  53 }
  54
  55 isc_result_t omapi_auth_key_destroy (omapi_object_t *h,
  56                                      const char *file, int line)
  57 {
  58         omapi_auth_key_t *a;
  59
  60         if (h->type != omapi_type_auth_key)
  61                 return DHCP_R_INVALIDARG;
  62         a = (omapi_auth_key_t *)h;
  63
  64         if (auth_key_hash != NULL)
  65                 omapi_auth_key_hash_delete(auth_key_hash, a->name, 0, MDL);
  66
  67         if (a->name != NULL)
  68                 dfree(a->name, MDL);
  69         if (a->algorithm != NULL)
  70                 dfree(a->algorithm, MDL);
  71         if (a->key != NULL)
  72                 omapi_data_string_dereference(&a->key, MDL);
  73         if (a->tsec_key != NULL)
  74                 dns_tsec_destroy(&a->tsec_key);
  75
  76         return ISC_R_SUCCESS;
  77 }
  78
  79 isc_result_t omapi_auth_key_enter (omapi_auth_key_t *a)
  80 {
  81         omapi_auth_key_t *tk;
  82         isc_result_t      status;
  83         dst_key_t        *dstkey;
  84
  85         if (a -> type != omapi_type_auth_key)
  86                 return DHCP_R_INVALIDARG;
  87
  88         tk = (omapi_auth_key_t *)0;
  89         if (auth_key_hash) {
  90                 omapi_auth_key_hash_lookup (&tk, auth_key_hash,
  91                                             a -> name, 0, MDL);
  92                 if (tk == a) {
  93                         omapi_auth_key_dereference (&tk, MDL);
  94                         return ISC_R_SUCCESS;
  95                 }
  96                 if (tk) {
  97                         omapi_auth_key_hash_delete (auth_key_hash,
  98                                                     tk -> name, 0, MDL);
  99                         omapi_auth_key_dereference (&tk, MDL);
 100                 }
 101         } else {
 102                 if (!omapi_auth_key_new_hash(&auth_key_hash,
 103                                              KEY_HASH_SIZE, MDL))
 104                         return ISC_R_NOMEMORY;
 105         }
 106
 107         /*
 108          * If possible create a tsec structure for this key,
 109          * if we can't create the structure we put out a warning
 110          * and continue.
 111          */
 112         status = isclib_make_dst_key(a->name, a->algorithm,
 113                                      a->key->value, a->key->len,
 114                                      &dstkey);
 115         if (status == ISC_R_SUCCESS) {
 116                 status = dns_tsec_create(dhcp_gbl_ctx.mctx, dns_tsectype_tsig,
 117                                          dstkey, &a->tsec_key);
 118                 dst_key_free(&dstkey);
 119         }
 120         if (status != ISC_R_SUCCESS)
 121                 log_error("Unable to create tsec structure for %s", a->name);
 122
 123         omapi_auth_key_hash_add (auth_key_hash, a -> name, 0, a, MDL);
 124         return ISC_R_SUCCESS;
 125 }
 126
 127 isc_result_t omapi_auth_key_lookup_name (omapi_auth_key_t **a,
 128                                          const char *name)
 129 {
 130         if (!auth_key_hash)
 131                 return ISC_R_NOTFOUND;
 132         if (!omapi_auth_key_hash_lookup (a, auth_key_hash, name, 0, MDL))
 133                 return ISC_R_NOTFOUND;
 134         return ISC_R_SUCCESS;
 135 }
 136
 137 isc_result_t omapi_auth_key_lookup (omapi_object_t **h,
 138                                     omapi_object_t *id,
 139                                     omapi_object_t *ref)
 140 {
 141         isc_result_t status;
 142         omapi_value_t *name = (omapi_value_t *)0;
 143         omapi_value_t *algorithm = (omapi_value_t *)0;
 144
 145         if (!auth_key_hash)
 146                 return ISC_R_NOTFOUND;
 147
 148         if (!ref)
 149                 return DHCP_R_NOKEYS;
 150
 151         status = omapi_get_value_str (ref, id, "name", &name);
 152         if (status != ISC_R_SUCCESS)
 153                 return status;
 154
 155         if ((name -> value -> type != omapi_datatype_string) &&
 156             (name -> value -> type != omapi_datatype_data)) {
 157                 omapi_value_dereference (&name, MDL);
 158                 return ISC_R_NOTFOUND;
 159         }
 160
 161         status = omapi_get_value_str (ref, id, "algorithm", &algorithm);
 162         if (status != ISC_R_SUCCESS) {
 163                 omapi_value_dereference (&name, MDL);
 164                 return status;
 165         }
 166
 167         if ((algorithm -> value -> type != omapi_datatype_string) &&
 168             (algorithm -> value -> type != omapi_datatype_data)) {
 169                 omapi_value_dereference (&name, MDL);
 170                 omapi_value_dereference (&algorithm, MDL);
 171                 return ISC_R_NOTFOUND;
 172         }
 173
 174
 175         if (!omapi_auth_key_hash_lookup ((omapi_auth_key_t **)h, auth_key_hash,
 176                                          (const char *)
 177                                          name -> value -> u.buffer.value,
 178                                          name -> value -> u.buffer.len, MDL)) {
 179                 omapi_value_dereference (&name, MDL);
 180                 omapi_value_dereference (&algorithm, MDL);
 181                 return ISC_R_NOTFOUND;
 182         }
 183
 184         if (omapi_td_strcasecmp (algorithm -> value,
 185                                  ((omapi_auth_key_t *)*h) -> algorithm) != 0) {
 186                 omapi_value_dereference (&name, MDL);
 187                 omapi_value_dereference (&algorithm, MDL);
 188                 omapi_object_dereference (h, MDL);
 189                 return ISC_R_NOTFOUND;
 190         }
 191
 192         omapi_value_dereference (&name, MDL);
 193         omapi_value_dereference (&algorithm, MDL);
 194
 195         return ISC_R_SUCCESS;
 196 }
 197
 198 isc_result_t omapi_auth_key_stuff_values (omapi_object_t *c,
 199                                           omapi_object_t *id,
 200                                           omapi_object_t *h)
 201 {
 202         omapi_auth_key_t *a;
 203         isc_result_t status;
 204
 205         if (h -> type != omapi_type_auth_key)
 206                 return DHCP_R_INVALIDARG;
 207         a = (omapi_auth_key_t *)h;
 208
 209         /* Write only the name and algorithm -- not the secret! */
 210         if (a -> name) {
 211                 status = omapi_connection_put_name (c, "name");
 212                 if (status != ISC_R_SUCCESS)
 213                         return status;
 214                 status = omapi_connection_put_string (c, a -> name);
 215                 if (status != ISC_R_SUCCESS)
 216                         return status;
 217         }
 218         if (a -> algorithm) {
 219                 status = omapi_connection_put_name (c, "algorithm");
 220                 if (status != ISC_R_SUCCESS)
 221                         return status;
 222                 status = omapi_connection_put_string (c, a -> algorithm);
 223                 if (status != ISC_R_SUCCESS)
 224                         return status;
 225         }
 226
 227         return ISC_R_SUCCESS;
 228 }
 229
 230 isc_result_t omapi_auth_key_get_value (omapi_object_t *h,
 231                                        omapi_object_t *id,
 232                                        omapi_data_string_t *name,
 233                                        omapi_value_t **value)
 234 {
 235         omapi_auth_key_t *a;
 236         isc_result_t status;
 237
 238         if (h -> type != omapi_type_auth_key)
 239                 return ISC_R_UNEXPECTED;
 240         a = (omapi_auth_key_t *)h;
 241
 242         if (omapi_ds_strcmp (name, "name") == 0) {
 243                 if (a -> name)
 244                         return omapi_make_string_value
 245                                 (value, name, a -> name, MDL);
 246                 else
 247                         return ISC_R_NOTFOUND;
 248         } else if (omapi_ds_strcmp (name, "key") == 0) {
 249                 if (a -> key) {
 250                         status = omapi_value_new (value, MDL);
 251                         if (status != ISC_R_SUCCESS)
 252                                 return status;
 253
 254                         status = omapi_data_string_reference
 255                                 (&(*value) -> name, name, MDL);
 256                         if (status != ISC_R_SUCCESS) {
 257                                 omapi_value_dereference (value, MDL);
 258                                 return status;
 259                         }
 260
 261                         status = omapi_typed_data_new (MDL, &(*value) -> value,
 262                                                        omapi_datatype_data,
 263                                                        a -> key -> len);
 264                         if (status != ISC_R_SUCCESS) {
 265                                 omapi_value_dereference (value, MDL);
 266                                 return status;
 267                         }
 268
 269                         memcpy ((*value) -> value -> u.buffer.value,
 270                                 a -> key -> value, a -> key -> len);
 271                         return ISC_R_SUCCESS;
 272                 } else
 273                         return ISC_R_NOTFOUND;
 274         } else if (omapi_ds_strcmp (name, "algorithm") == 0) {
 275                 if (a -> algorithm)
 276                         return omapi_make_string_value
 277                                 (value, name, a -> algorithm, MDL);
 278                 else
 279                         return ISC_R_NOTFOUND;
 280         }
 281
 282         return ISC_R_SUCCESS;
 283 }