From: Aki Tuomi <cmouse@desteem.org>
Date: Sat, 15 Jun 2013 15:36:03 +0000 (+0300)
Subject: Support for TSIG key management
X-Git-Tag: rec-3.6.0-rc1~468^2~14
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=85f1a3569d002820bdd93cc68545c2c1ce3b07eb;p=thirdparty%2Fpdns.git

Support for TSIG key management
---

diff --git a/modules/remotebackend/httpconnector.cc b/modules/remotebackend/httpconnector.cc
index e21718f47c..c1b17d0cd3 100644
--- a/modules/remotebackend/httpconnector.cc
+++ b/modules/remotebackend/httpconnector.cc
@@ -140,6 +140,18 @@ void HTTPConnector::restful_requestbuilder(const std::string &method, const rapi
         // create an empty post
         curl_easy_setopt(d_c, CURLOPT_POST, 1);
         curl_easy_setopt(d_c, CURLOPT_POSTFIELDSIZE, 0);
+    } else if (method == "setTSIGKey") {
+        std::stringstream ss2;
+        tmpstr = curl_easy_escape(d_c, parameters["algorithm"].GetString(), 0);
+        ss2 << "algorithm=" << tmpstr << "&content=";
+        tmpstr = curl_easy_escape(d_c, parameters["content"].GetString(), 0);
+        ss2 << tmpstr;
+        std::string out = ss2.str();
+        curl_easy_setopt(d_c, CURLOPT_POSTFIELDSIZE, out.size());
+        curl_easy_setopt(d_c, CURLOPT_COPYPOSTFIELDS, out.c_str());
+        curl_free(tmpstr);
+    } else if (method == "deleteTSIGKey") {
+        curl_easy_setopt(d_c, CURLOPT_CUSTOMREQUEST, "DELETE");
     } else if (method == "addDomainKey") {
         // create post with keydata
         char *postfields;
diff --git a/modules/remotebackend/remotebackend.cc b/modules/remotebackend/remotebackend.cc
index 1039d12a15..1fcebd3248 100644
--- a/modules/remotebackend/remotebackend.cc
+++ b/modules/remotebackend/remotebackend.cc
@@ -479,6 +479,70 @@ bool RemoteBackend::getTSIGKey(const std::string& name, std::string* algorithm,
    return true;
 }
 
+bool RemoteBackend::setTSIGKey(const std::string& name, const std::string& algorithm, const std::string& content) {
+   rapidjson::Document query,answer;
+   rapidjson::Value parameters;
+
+   // no point doing dnssec if it's not supported
+   if (d_dnssec == false) return false;
+   query.SetObject();
+   JSON_ADD_MEMBER(query, "method", "setTSIGKey", query.GetAllocator());
+   parameters.SetObject();
+   JSON_ADD_MEMBER(parameters, "name", name.c_str(), query.GetAllocator());
+   JSON_ADD_MEMBER(parameters, "algorithm", algorithm.c_str(), query.GetAllocator());
+   JSON_ADD_MEMBER(parameters, "content", content.c_str(), query.GetAllocator());
+   query.AddMember("parameters", parameters, query.GetAllocator());
+   if (connector->send(query) == false || connector->recv(answer) == false)
+     return false;
+
+   return true;
+}
+
+bool RemoteBackend::deleteTSIGKey(const std::string& name) {
+   rapidjson::Document query,answer;
+   rapidjson::Value parameters;
+
+   // no point doing dnssec if it's not supported
+   if (d_dnssec == false) return false;
+   query.SetObject();
+   JSON_ADD_MEMBER(query, "method", "deleteTSIGKey", query.GetAllocator());
+   parameters.SetObject();
+   JSON_ADD_MEMBER(parameters, "name", name.c_str(), query.GetAllocator());
+   query.AddMember("parameters", parameters, query.GetAllocator());
+   if (connector->send(query) == false || connector->recv(answer) == false)
+     return false;
+
+   return true;
+}
+
+bool RemoteBackend::getTSIGKeys(std::vector<struct TSIGKey>& keys) {
+   rapidjson::Document query,answer;
+   rapidjson::Value parameters;
+
+   // no point doing dnssec if it's not supported
+   if (d_dnssec == false) return false;
+   query.SetObject();
+   JSON_ADD_MEMBER(query, "method", "getTSIGKeys", query.GetAllocator());
+   parameters.SetObject();
+   query.AddMember("parameters", parameters, query.GetAllocator());
+
+   if (connector->send(query) == false || connector->recv(answer) == false)
+     return false;
+
+   // expect array
+   if (answer["result"].IsArray()) {
+      for(rapidjson::Value::ValueIterator iter = answer["result"].Begin(); iter != answer["result"].End(); iter++) {
+         struct TSIGKey key;
+         key.name = (*iter)["name"].GetString();
+         key.algorithm = (*iter)["algorithm"].GetString();
+         key.key = (*iter)["content"].GetString();
+         keys.push_back(key);
+      }
+   }
+
+   return true;
+}
+
 bool RemoteBackend::getDomainInfo(const string &domain, DomainInfo &di) {
    rapidjson::Document query,answer;
    rapidjson::Value parameters;
diff --git a/modules/remotebackend/remotebackend.hh b/modules/remotebackend/remotebackend.hh
index e69c7decc9..b7bcb624de 100644
--- a/modules/remotebackend/remotebackend.hh
+++ b/modules/remotebackend/remotebackend.hh
@@ -134,6 +134,9 @@ class RemoteBackend : public DNSBackend
   virtual bool commitTransaction();
   virtual bool abortTransaction();
   virtual bool calculateSOASerial(const string& domain, const SOAData& sd, time_t& serial);
+  virtual bool setTSIGKey(const string& name, const string& algorithm, const string& content);
+  virtual bool deleteTSIGKey(const string& name);
+  virtual bool getTSIGKeys(std::vector< struct TSIGKey > &keys);
 
   static DNSBackend *maker();