#include <dst/result.h>
#include <isccfg/grammar.h>
-#include <isccfg/httpconf.h>
#include <isccfg/kaspconf.h>
#include <isccfg/namedconf.h>
-#include <isccfg/tlsconf.h>
#include <ns/client.h>
#include <ns/hooks.h>
named_server_reload(isc_task_t *task, isc_event_t *event);
static isc_result_t
-ns_listenelt_from_http(isc_cfg_http_obj_t *http, isc_cfg_tls_obj_t *tls,
- in_port_t port, isc_mem_t *mctx,
- ns_listenelt_t **target);
+listenelt_http(const cfg_obj_t *http, const char *key, const char *cert,
+ in_port_t port, isc_mem_t *mctx, ns_listenelt_t **target);
static isc_result_t
-ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config,
- cfg_aclconfctx_t *actx, isc_mem_t *mctx,
- uint16_t family, isc_cfg_http_storage_t *http_servers,
- isc_cfg_tls_data_storage_t *tls_storage,
- ns_listenelt_t **target);
+listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config,
+ cfg_aclconfctx_t *actx, isc_mem_t *mctx, uint16_t family,
+ ns_listenelt_t **target);
static isc_result_t
-ns_listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config,
- cfg_aclconfctx_t *actx, isc_mem_t *mctx,
- uint16_t family, isc_cfg_http_storage_t *http_servers,
- isc_cfg_tls_data_storage_t *tls_storage,
- ns_listenlist_t **target);
+listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config,
+ cfg_aclconfctx_t *actx, isc_mem_t *mctx, uint16_t family,
+ ns_listenlist_t **target);
static isc_result_t
configure_forward(const cfg_obj_t *config, dns_view_t *view,
unsigned int initial, idle, keepalive, advertised;
dns_aclenv_t *env =
ns_interfacemgr_getaclenv(named_g_server->interfacemgr);
- isc_cfg_tls_data_storage_t tls_storage;
- isc_cfg_http_storage_t http_storage;
ISC_LIST_INIT(kasplist);
ISC_LIST_INIT(viewlist);
ISC_LIST_INIT(cachelist);
ISC_LIST_INIT(altsecrets);
- cfg_tls_storage_init(named_g_mctx, &tls_storage);
- cfg_http_storage_init(named_g_mctx, &http_storage);
-
/* Create the ACL configuration context */
if (named_g_aclconfctx != NULL) {
cfg_aclconfctx_detach(&named_g_aclconfctx);
INSIST(result == ISC_R_SUCCESS);
named_g_httpsport = (in_port_t)cfg_obj_asuint32(obj);
- CHECK(cfg_tls_storage_load(config, &tls_storage));
- CHECK(cfg_http_storage_load(config, &http_storage));
-
/*
* If bind.keys exists, load it. If "dnssec-validation auto"
* is turned on, the root key found there will be used as a
}
if (clistenon != NULL) {
/* check return code? */
- (void)ns_listenlist_fromconfig(
+ (void)listenlist_fromconfig(
clistenon, config, named_g_aclconfctx,
- named_g_mctx, AF_INET, &http_storage,
- &tls_storage, &listenon);
+ named_g_mctx, AF_INET, &listenon);
} else {
/*
* Not specified, use default.
}
if (clistenon != NULL) {
/* check return code? */
- (void)ns_listenlist_fromconfig(
+ (void)listenlist_fromconfig(
clistenon, config, named_g_aclconfctx,
- named_g_mctx, AF_INET6, &http_storage,
- &tls_storage, &listenon);
+ named_g_mctx, AF_INET6, &listenon);
} else {
/*
* Not specified, use default.
isc_task_endexclusive(server->task);
}
- cfg_http_storage_uninit(&http_storage);
- cfg_tls_storage_uninit(&tls_storage);
-
isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
NAMED_LOGMODULE_SERVER, ISC_LOG_DEBUG(1),
"load_configuration: %s", isc_result_totext(result));
}
static isc_result_t
-ns_listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config,
- cfg_aclconfctx_t *actx, isc_mem_t *mctx,
- uint16_t family, isc_cfg_http_storage_t *http_servers,
- isc_cfg_tls_data_storage_t *tls_storage,
- ns_listenlist_t **target) {
+listenlist_fromconfig(const cfg_obj_t *listenlist, const cfg_obj_t *config,
+ cfg_aclconfctx_t *actx, isc_mem_t *mctx, uint16_t family,
+ ns_listenlist_t **target) {
isc_result_t result;
const cfg_listelt_t *element;
ns_listenlist_t *dlist = NULL;
{
ns_listenelt_t *delt = NULL;
const cfg_obj_t *listener = cfg_listelt_value(element);
- result = ns_listenelt_fromconfig(listener, config, actx, mctx,
- family, http_servers,
- tls_storage, &delt);
+ result = listenelt_fromconfig(listener, config, actx, mctx,
+ family, &delt);
if (result != ISC_R_SUCCESS) {
goto cleanup;
}
return (result);
}
+static const cfg_obj_t *
+find_maplist(const cfg_obj_t *config, const char *listname, const char *name) {
+ isc_result_t result;
+ const cfg_obj_t *maplist = NULL;
+ const cfg_listelt_t *elt = NULL;
+
+ REQUIRE(config != NULL);
+ REQUIRE(name != NULL);
+
+ result = cfg_map_get(config, listname, &maplist);
+ if (result != ISC_R_SUCCESS) {
+ return (NULL);
+ }
+
+ for (elt = cfg_list_first(maplist); elt != NULL;
+ elt = cfg_list_next(elt)) {
+ const cfg_obj_t *map = cfg_listelt_value(elt);
+ if (strcasecmp(cfg_obj_asstring(cfg_map_getname(map)), name) ==
+ 0) {
+ return (map);
+ }
+ }
+
+ return (NULL);
+}
+
/*
* Create a listen list from the corresponding configuration
* data structure.
*/
static isc_result_t
-ns_listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config,
- cfg_aclconfctx_t *actx, isc_mem_t *mctx,
- uint16_t family, isc_cfg_http_storage_t *http_servers,
- isc_cfg_tls_data_storage_t *tls_storage,
- ns_listenelt_t **target) {
+listenelt_fromconfig(const cfg_obj_t *listener, const cfg_obj_t *config,
+ cfg_aclconfctx_t *actx, isc_mem_t *mctx, uint16_t family,
+ ns_listenelt_t **target) {
isc_result_t result;
- const cfg_obj_t *tlsobj, *portobj, *dscpobj, *httpobj;
+ const cfg_obj_t *tlsobj = NULL, *httpobj = NULL;
+ const cfg_obj_t *portobj = NULL, *dscpobj = NULL;
+ const cfg_obj_t *http_server = NULL;
in_port_t port = 0;
isc_dscp_t dscp = -1;
const char *key = NULL, *cert = NULL;
- bool tls = false, http = false;
+ bool do_tls = false, http = false;
ns_listenelt_t *delt = NULL;
- isc_cfg_http_obj_t *http_server = NULL;
- isc_cfg_tls_obj_t *tls_cert = NULL;
+
REQUIRE(target != NULL && *target == NULL);
/* XXXWPK TODO be more verbose on failures. */
tlsobj = cfg_tuple_get(listener, "tls");
if (tlsobj != NULL && cfg_obj_isstring(tlsobj)) {
- if (!strcmp(cfg_obj_asstring(tlsobj), "ephemeral")) {
- tls = true;
- } else {
- tls_cert = cfg_tls_storage_find(
- cfg_obj_asstring(tlsobj), tls_storage);
- if (tls_cert != NULL) {
- tls = true;
- key = tls_cert->key_file;
- cert = tls_cert->cert_file;
- INSIST(key != NULL);
- INSIST(cert != NULL);
+ const char *tlsname = cfg_obj_asstring(tlsobj);
+
+ if (strcmp(tlsname, "ephemeral") != 0) {
+ const cfg_obj_t *keyobj = NULL, *certobj = NULL;
+ const cfg_obj_t *tlsmap = NULL;
+
+ tlsmap = find_maplist(config, "tls", tlsname);
+ if (tlsmap == NULL) {
+ return (ISC_R_FAILURE);
}
+
+ CHECK(cfg_map_get(tlsmap, "key-file", &keyobj));
+ key = cfg_obj_asstring(keyobj);
+
+ CHECK(cfg_map_get(tlsmap, "cert-file", &certobj));
+ cert = cfg_obj_asstring(certobj);
}
- if (!tls) {
- return (ISC_R_FAILURE);
- }
+
+ do_tls = true;
}
+
httpobj = cfg_tuple_get(listener, "http");
if (httpobj != NULL && cfg_obj_isstring(httpobj)) {
- if (tls && tls_cert == NULL) {
+ const char *httpname = cfg_obj_asstring(httpobj);
+
+ if (do_tls && key == NULL) {
return (ISC_R_FAILURE);
}
- http = true;
- http_server = cfg_http_find(cfg_obj_asstring(httpobj),
- http_servers);
+
+ http_server = find_maplist(config, "http", httpname);
if (http_server == NULL) {
- isc_log_write(
- named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
- NAMED_LOGMODULE_SERVER, ISC_LOG_WARNING,
- "HTTP(S) server \"%s\" is nowhere to be found",
- cfg_obj_asstring(httpobj));
+ cfg_obj_log(httpobj, named_g_lctx, ISC_LOG_ERROR,
+ "http '%s' is not defined",
+ cfg_obj_asstring(httpobj));
return (ISC_R_FAILURE);
}
+
+ http = true;
}
+
portobj = cfg_tuple_get(listener, "port");
if (!cfg_obj_isuint32(portobj)) {
- if (http && tls) {
+ if (http && do_tls) {
if (named_g_httpsport != 0) {
port = named_g_httpsport;
} else {
return (result);
}
}
- } else if (http && !tls) {
+ } else if (http && !do_tls) {
if (named_g_httpport != 0) {
port = named_g_port;
} else {
return (result);
}
}
- } else if (tls) {
+ } else if (do_tls) {
if (named_g_tlsport != 0) {
port = named_g_tlsport;
} else {
if (cfg_obj_asuint32(portobj) >= UINT16_MAX) {
cfg_obj_log(portobj, named_g_lctx, ISC_LOG_ERROR,
"port value '%u' is out of range",
+
cfg_obj_asuint32(portobj));
return (ISC_R_RANGE);
}
if (http) {
INSIST(http_server != NULL);
- result = ns_listenelt_from_http(http_server, tls_cert, port,
- mctx, &delt);
+ CHECK(listenelt_http(http_server, key, cert, port, mctx,
+ &delt));
} else {
- result = ns_listenelt_create(mctx, port, dscp, NULL, tls, key,
- cert, &delt);
- }
- if (result != ISC_R_SUCCESS) {
- return (result);
+ CHECK(ns_listenelt_create(mctx, port, dscp, NULL, do_tls, key,
+ cert, &delt));
}
result = cfg_acl_fromconfig2(cfg_tuple_get(listener, "acl"), config,
return (result);
}
*target = delt;
- return (ISC_R_SUCCESS);
+
+cleanup:
+ return (result);
}
/*
* Create a listen list for HTTP/HTTPS
*/
static isc_result_t
-ns_listenelt_from_http(isc_cfg_http_obj_t *http, isc_cfg_tls_obj_t *tls,
- in_port_t port, isc_mem_t *mctx,
- ns_listenelt_t **target) {
+listenelt_http(const cfg_obj_t *http, const char *key, const char *cert,
+ in_port_t port, isc_mem_t *mctx, ns_listenelt_t **target) {
isc_result_t result = ISC_R_SUCCESS;
ns_listenelt_t *delt = NULL;
- const char *key = NULL, *cert = NULL;
- char **http_endpoints = NULL;
- size_t http_endpoints_number;
- isc_cfg_http_endpoint_t *ep;
- size_t i = 0;
- REQUIRE(target != NULL && *target == NULL);
+ char **endpoints = NULL;
+ const cfg_obj_t *eplist = NULL;
+ const cfg_listelt_t *elt = NULL;
+ size_t len, i = 0;
- if (tls) {
- INSIST(tls->key_file != NULL);
- INSIST(tls->cert_file != NULL);
- key = tls->key_file;
- cert = tls->cert_file;
- }
+ REQUIRE(target != NULL && *target == NULL);
+ REQUIRE((key == NULL) == (cert == NULL));
if (port == 0) {
- port = tls != NULL ? named_g_httpsport : named_g_httpport;
+ port = (key != NULL) ? named_g_httpsport : named_g_httpport;
}
- for (ep = ISC_LIST_HEAD(http->endpoints), i = 0; ep != NULL;
- ep = ISC_LIST_NEXT(ep, link), i++)
- ;
-
- INSIST(i > 0);
+ CHECK(cfg_map_get(http, "endpoints", &eplist));
+ len = cfg_list_length(eplist, false);
+ endpoints = isc_mem_allocate(mctx, sizeof(endpoints[0]) * len);
- http_endpoints_number = i;
- http_endpoints = isc_mem_allocate(mctx, sizeof(http_endpoints[0]) *
- http_endpoints_number);
- for (ep = ISC_LIST_HEAD(http->endpoints), i = 0; ep != NULL;
- ep = ISC_LIST_NEXT(ep, link), i++)
- {
- http_endpoints[i] = isc_mem_strdup(mctx, ep->path);
+ for (elt = cfg_list_first(eplist); elt != NULL;
+ elt = cfg_list_next(elt)) {
+ const cfg_obj_t *ep = cfg_listelt_value(elt);
+ const char *path = cfg_obj_asstring(ep);
+ endpoints[i++] = isc_mem_strdup(mctx, path);
}
- INSIST(i == http_endpoints_number);
+ INSIST(i == len);
result = ns_listenelt_create_http(mctx, port, named_g_dscp, NULL, key,
- cert, http_endpoints,
- http_endpoints_number, &delt);
-
+ cert, endpoints, len, &delt);
if (result != ISC_R_SUCCESS) {
if (delt != NULL) {
ns_listenelt_destroy(delt);
}
- return result;
+ return (result);
}
*target = delt;
+
+cleanup:
return (result);
}
include/isccfg/aclconf.h \
include/isccfg/cfg.h \
include/isccfg/grammar.h \
- include/isccfg/httpconf.h \
include/isccfg/kaspconf.h \
include/isccfg/log.h \
- include/isccfg/namedconf.h \
- include/isccfg/tlsconf.h
+ include/isccfg/namedconf.h
libisccfg_la_SOURCES = \
$(libisccfg_la_HEADERS) \
aclconf.c \
- httpconf.c \
dnsconf.c \
kaspconf.c \
log.c \
namedconf.c \
- tlsconf.c \
parser.c
libisccfg_la_CPPFLAGS = \
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-
-#include <isc/util.h>
-
-#include <isccfg/grammar.h>
-#include <isccfg/httpconf.h>
-
-void
-cfg_http_storage_init(isc_mem_t *mctx, isc_cfg_http_storage_t *storage) {
- REQUIRE(mctx != NULL);
- REQUIRE(storage != NULL);
-
- memset(storage, 0, sizeof(*storage));
- isc_mem_attach(mctx, &storage->mctx);
- ISC_LIST_INIT(storage->list);
-}
-
-void
-cfg_http_storage_uninit(isc_cfg_http_storage_t *storage) {
- REQUIRE(storage != NULL);
-
- cfg_http_storage_clear(storage);
- isc_mem_detach(&storage->mctx);
-}
-
-void
-cfg_http_storage_clear(isc_cfg_http_storage_t *storage) {
- isc_mem_t *mctx = NULL;
-
- REQUIRE(storage != NULL);
-
- mctx = storage->mctx;
-
- if (!ISC_LIST_EMPTY(storage->list)) {
- isc_cfg_http_obj_t *http = ISC_LIST_HEAD(storage->list);
- while (http != NULL) {
- isc_cfg_http_obj_t *next = ISC_LIST_NEXT(http, link);
- ISC_LIST_DEQUEUE(storage->list, http, link);
- storage->count--;
-
- isc_mem_free(mctx, http->name);
-
- if (!ISC_LIST_EMPTY(http->endpoints)) {
- isc_cfg_http_endpoint_t *ep =
- ISC_LIST_HEAD(http->endpoints);
- while (ep != NULL) {
- isc_cfg_http_endpoint_t *epnext =
- ISC_LIST_NEXT(ep, link);
- isc_mem_free(mctx, ep->path);
- isc_mem_put(mctx, ep, sizeof(*ep));
- ep = epnext;
- http->count--;
- }
- }
-
- isc_mem_put(mctx, http, sizeof(*http));
- http = next;
- }
- }
-
- INSIST(storage->count == 0);
-}
-
-isc_cfg_http_obj_t *
-cfg_http_find(const char *name, isc_cfg_http_storage_t *storage) {
- isc_cfg_http_obj_t *http = NULL;
- REQUIRE(name != NULL && *name != '\0');
- REQUIRE(storage != NULL);
-
- for (http = ISC_LIST_HEAD(storage->list); http != NULL;
- http = ISC_LIST_NEXT(http, link))
- {
- if (strcasecmp(name, http->name) == 0) {
- break;
- }
- }
-
- return (http);
-}
-
-static isc_result_t
-push_http_obj(const cfg_obj_t *map, isc_cfg_http_storage_t *storage) {
- isc_mem_t *mctx = storage->mctx;
- isc_cfg_http_obj_t *new;
- const cfg_obj_t *endpoints = NULL;
- const cfg_listelt_t *elt;
-
- if (!cfg_obj_ismap(map) || map->value.map.id == NULL ||
- !cfg_obj_isstring(map->value.map.id))
- {
- return (ISC_R_FAILURE);
- }
-
- if (cfg_http_find(cfg_obj_asstring(map->value.map.id), storage) != NULL)
- {
- return (ISC_R_FAILURE);
- }
-
- if (cfg_map_get(map, "endpoints", &endpoints) != ISC_R_SUCCESS ||
- !cfg_obj_islist(endpoints))
- {
- return (ISC_R_FAILURE);
- }
-
- INSIST(endpoints != NULL);
-
- new = isc_mem_get(mctx, sizeof(*new));
- memset(new, 0, sizeof(*new));
- ISC_LIST_INIT(new->endpoints);
- new->name = isc_mem_strdup(mctx, cfg_obj_asstring(map->value.map.id));
-
- for (elt = cfg_list_first(endpoints); elt != NULL;
- elt = cfg_list_next(elt)) {
- isc_cfg_http_endpoint_t *newep = NULL;
- const cfg_obj_t *endp = cfg_listelt_value(elt);
- newep = isc_mem_get(mctx, sizeof(*newep));
- ISC_LINK_INIT(newep, link);
- newep->path = isc_mem_strdup(mctx, cfg_obj_asstring(endp));
-
- ISC_LIST_PREPEND(new->endpoints, newep, link);
- new->count++;
- }
-
- ISC_LINK_INIT(new, link);
- ISC_LIST_PREPEND(storage->list, new, link);
- storage->count++;
- return (ISC_R_SUCCESS);
-}
-
-isc_result_t
-cfg_http_storage_load(const cfg_obj_t *cfg_ctx,
- isc_cfg_http_storage_t *storage) {
- bool found = false;
- isc_result_t result = ISC_R_SUCCESS;
- const cfg_obj_t *http = NULL;
- const cfg_listelt_t *elt;
- const cfg_obj_t *map = NULL;
-
- REQUIRE(cfg_ctx != NULL);
- REQUIRE(storage != NULL);
-
- cfg_http_storage_clear(storage);
- result = cfg_map_get(cfg_ctx, "http", &http);
- if (result != ISC_R_SUCCESS) {
- /* No statements found, but it is fine. */
- return (ISC_R_SUCCESS);
- }
-
- INSIST(http != NULL);
-
- for (elt = cfg_list_first(http); elt != NULL; elt = cfg_list_next(elt))
- {
- map = cfg_listelt_value(elt);
- INSIST(map != NULL);
- found = true;
- result = push_http_obj(map, storage);
- if (result != ISC_R_SUCCESS) {
- return (result);
- }
- }
-
- if (found == true && storage->count == 0) {
- return (ISC_R_FAILURE);
- }
-
- return (ISC_R_SUCCESS);
-}
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-#ifndef ISCCFG_HTTPCONF_H
-#define ISCCFG_HTTPCONF_H 1
-
-#include <inttypes.h>
-
-#include <isc/lang.h>
-#include <isc/list.h>
-#include <isc/mem.h>
-#include <isc/util.h>
-
-#include <dns/types.h>
-
-#include <isccfg/cfg.h>
-#include <isccfg/tlsconf.h>
-
-typedef struct isc_cfg_http_endpoint {
- char *path;
- LINK(struct isc_cfg_http_endpoint) link;
-} isc_cfg_http_endpoint_t;
-
-typedef struct isc_cfg_http_obj {
- char *name;
- LINK(struct isc_cfg_http_obj) link;
- ISC_LIST(isc_cfg_http_endpoint_t) endpoints;
- size_t count;
-} isc_cfg_http_obj_t;
-
-typedef struct isc_cfg_http_storage {
- isc_mem_t *mctx;
- ISC_LIST(isc_cfg_http_obj_t) list;
- size_t count;
-} isc_cfg_http_storage_t;
-
-/***
- *** Functions
- ***/
-
-ISC_LANG_BEGINDECLS
-
-void
-cfg_http_storage_init(isc_mem_t *mctx, isc_cfg_http_storage_t *storage);
-
-void
-cfg_http_storage_uninit(isc_cfg_http_storage_t *storage);
-
-isc_result_t
-cfg_http_storage_load(const cfg_obj_t * cfg_ctx,
- isc_cfg_http_storage_t *storage);
-
-isc_cfg_http_obj_t *
-cfg_http_find(const char *name, isc_cfg_http_storage_t *storage);
-
-void
-cfg_http_storage_clear(isc_cfg_http_storage_t *storage);
-
-ISC_LANG_ENDDECLS
-
-#endif /* ISCCFG_HTTPCONF_H */
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-#ifndef ISCCFG_TLSCONF_H
-#define ISCCFG_TLSCONF_H 1
-
-#include <inttypes.h>
-
-#include <isc/lang.h>
-#include <isc/list.h>
-#include <isc/mem.h>
-#include <isc/util.h>
-
-#include <dns/types.h>
-
-#include <isccfg/cfg.h>
-
-typedef struct isc_cfg_tls_obj {
- char *name;
- char *key_file;
- char *cert_file;
- char *dh_param;
- char *protocols;
- char *ciphers;
- LINK(struct isc_cfg_tls_obj) link;
-} isc_cfg_tls_obj_t;
-
-typedef struct isc_cfg_tls_data_storage {
- isc_mem_t *mctx;
- size_t count;
- ISC_LIST(isc_cfg_tls_obj_t) list;
-} isc_cfg_tls_data_storage_t;
-
-/***
- *** Functions
- ***/
-
-ISC_LANG_BEGINDECLS
-
-void
-cfg_tls_storage_init(isc_mem_t *mctx, isc_cfg_tls_data_storage_t *storage);
-
-void
-cfg_tls_storage_uninit(isc_cfg_tls_data_storage_t *storage);
-
-isc_result_t
-cfg_tls_storage_load(const cfg_obj_t * cfg_ctx,
- isc_cfg_tls_data_storage_t *storage);
-
-isc_cfg_tls_obj_t *
-cfg_tls_storage_find(const char *name, isc_cfg_tls_data_storage_t *storage);
-/*
- * Looks for TLS key/certificate pair.
- */
-
-void
-cfg_tls_storage_clear(isc_cfg_tls_data_storage_t *storage);
-
-ISC_LANG_ENDDECLS
-
-#endif /* ISCCFG_TLSCONF_H */
+++ /dev/null
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, you can obtain one at https://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-#include <string.h>
-
-#include <isc/util.h>
-
-#include <isccfg/grammar.h>
-#include <isccfg/tlsconf.h>
-
-void
-cfg_tls_storage_init(isc_mem_t *mctx, isc_cfg_tls_data_storage_t *storage) {
- REQUIRE(mctx != NULL);
- REQUIRE(storage != NULL);
-
- memset(storage, 0, sizeof(*storage));
- isc_mem_attach(mctx, &storage->mctx);
- ISC_LIST_INIT(storage->list);
-}
-
-void
-cfg_tls_storage_uninit(isc_cfg_tls_data_storage_t *storage) {
- REQUIRE(storage != NULL);
-
- cfg_tls_storage_clear(storage);
- isc_mem_detach(&storage->mctx);
-}
-
-void
-cfg_tls_storage_clear(isc_cfg_tls_data_storage_t *storage) {
- isc_mem_t *mctx = NULL;
-
- REQUIRE(storage != NULL);
-
- mctx = storage->mctx;
-
- if (!ISC_LIST_EMPTY(storage->list)) {
- isc_cfg_tls_obj_t *tls_obj = ISC_LIST_HEAD(storage->list);
- while (tls_obj != NULL) {
- isc_cfg_tls_obj_t *next = ISC_LIST_NEXT(tls_obj, link);
- ISC_LIST_DEQUEUE(storage->list, tls_obj, link);
- storage->count--;
-
- isc_mem_free(mctx, tls_obj->name);
- isc_mem_free(mctx, tls_obj->key_file);
- isc_mem_free(mctx, tls_obj->cert_file);
-
- if (tls_obj->dh_param != NULL) {
- isc_mem_free(mctx, tls_obj->dh_param);
- }
-
- if (tls_obj->protocols != NULL) {
- isc_mem_free(mctx, tls_obj->protocols);
- }
-
- if (tls_obj->ciphers != NULL) {
- isc_mem_free(mctx, tls_obj->ciphers);
- }
-
- isc_mem_put(mctx, tls_obj, sizeof(*tls_obj));
- tls_obj = next;
- }
- }
-
- INSIST(storage->count == 0);
-}
-
-static isc_result_t
-push_tls_obj(const cfg_obj_t *map, isc_cfg_tls_data_storage_t *storage) {
- isc_mem_t *mctx = storage->mctx;
- isc_cfg_tls_obj_t *new = NULL;
- const cfg_obj_t *key_file = NULL, *cert_file = NULL, *dh_param = NULL,
- *protocols = NULL, *ciphers = NULL;
-
- if (!cfg_obj_ismap(map) || map->value.map.id == NULL ||
- !cfg_obj_isstring(map->value.map.id))
- {
- return (ISC_R_FAILURE);
- }
-
- if (cfg_tls_storage_find(cfg_obj_asstring(map->value.map.id),
- storage) != NULL) {
- return (ISC_R_FAILURE);
- }
-
- if (cfg_map_get(map, "key-file", &key_file) != ISC_R_SUCCESS ||
- !cfg_obj_isstring(key_file))
- {
- return (ISC_R_FAILURE);
- }
- INSIST(key_file != NULL);
-
- if (cfg_map_get(map, "cert-file", &cert_file) != ISC_R_SUCCESS) {
- return (ISC_R_FAILURE);
- }
- INSIST(cert_file != NULL);
-
- (void)cfg_map_get(map, "dh-param", &dh_param);
- (void)cfg_map_get(map, "protocols", &protocols);
- (void)cfg_map_get(map, "ciphers", &ciphers);
-
- new = isc_mem_get(mctx, sizeof(*new));
- *new = (isc_cfg_tls_obj_t){
- .name = isc_mem_strdup(mctx,
- cfg_obj_asstring(map->value.map.id)),
- .key_file = isc_mem_strdup(mctx, cfg_obj_asstring(key_file)),
- .cert_file = isc_mem_strdup(mctx, cfg_obj_asstring(cert_file)),
- };
-
- if (dh_param != NULL && cfg_obj_isstring(dh_param)) {
- new->dh_param = isc_mem_strdup(mctx,
- cfg_obj_asstring(dh_param));
- }
-
- if (protocols != NULL && cfg_obj_isstring(protocols)) {
- new->protocols = isc_mem_strdup(mctx,
- cfg_obj_asstring(protocols));
- }
-
- if (ciphers != NULL && cfg_obj_isstring(ciphers)) {
- new->ciphers = isc_mem_strdup(mctx, cfg_obj_asstring(ciphers));
- }
-
- ISC_LINK_INIT(new, link);
- ISC_LIST_PREPEND(storage->list, new, link);
- storage->count++;
- return (ISC_R_SUCCESS);
-}
-
-isc_result_t
-cfg_tls_storage_load(const cfg_obj_t *cfg_ctx,
- isc_cfg_tls_data_storage_t *storage) {
- isc_result_t result = ISC_R_SUCCESS;
- bool found = false;
- const cfg_obj_t *tls = NULL;
- const cfg_listelt_t *elt;
- const cfg_obj_t *map = NULL;
-
- REQUIRE(cfg_ctx != NULL);
- REQUIRE(storage != NULL);
-
- result = cfg_map_get(cfg_ctx, "tls", &tls);
- if (result != ISC_R_SUCCESS) {
- /* No tls statements found, but it is fine. */
- return (ISC_R_SUCCESS);
- }
- INSIST(tls != NULL);
-
- cfg_tls_storage_clear(storage);
-
- for (elt = cfg_list_first(tls); elt != NULL; elt = cfg_list_next(elt)) {
- map = cfg_listelt_value(elt);
- INSIST(map != NULL);
- found = true;
- result = push_tls_obj(map, storage);
- if (result != ISC_R_SUCCESS) {
- return (result);
- }
- }
-
- if (found == true && storage->count == 0) {
- return (ISC_R_FAILURE);
- }
-
- return (ISC_R_SUCCESS);
-}
-
-isc_cfg_tls_obj_t *
-cfg_tls_storage_find(const char *name, isc_cfg_tls_data_storage_t *storage) {
- isc_cfg_tls_obj_t *tls_obj = NULL;
- REQUIRE(storage != NULL);
-
- if (name == NULL) {
- return (NULL);
- }
-
- for (tls_obj = ISC_LIST_HEAD(storage->list); tls_obj != NULL;
- tls_obj = ISC_LIST_NEXT(tls_obj, link))
- {
- if (strcasecmp(name, tls_obj->name) == 0) {
- break;
- }
- }
-
- return (tls_obj);
-}
./lib/isccc/win32/libisccc.vcxproj.user X 2013,2018,2019,2020,2021
./lib/isccfg/aclconf.c C 1999,2000,2001,2002,2004,2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018,2019,2020,2021
./lib/isccfg/dnsconf.c C 2009,2016,2018,2019,2020,2021
-./lib/isccfg/httpconf.c C 2021
./lib/isccfg/include/isccfg/aclconf.h C 1999,2000,2001,2004,2005,2006,2007,2010,2011,2012,2013,2014,2016,2018,2019,2020,2021
./lib/isccfg/include/isccfg/cfg.h C 2000,2001,2002,2004,2005,2006,2007,2010,2013,2014,2015,2016,2018,2019,2020,2021
./lib/isccfg/include/isccfg/grammar.h C 2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2013,2014,2015,2016,2017,2018,2019,2020,2021
-./lib/isccfg/include/isccfg/httpconf.h C 2021
./lib/isccfg/include/isccfg/kaspconf.h C 2019,2020,2021
./lib/isccfg/include/isccfg/log.h C 2001,2004,2005,2006,2007,2009,2016,2018,2019,2020,2021
./lib/isccfg/include/isccfg/namedconf.h C 2002,2004,2005,2006,2007,2009,2010,2014,2016,2018,2019,2020,2021
-./lib/isccfg/include/isccfg/tlsconf.h C 2021
./lib/isccfg/kaspconf.c C 2019,2020,2021
./lib/isccfg/log.c C 2001,2004,2005,2006,2007,2016,2018,2019,2020,2021
./lib/isccfg/namedconf.c C 2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018,2019,2020,2021
./lib/isccfg/parser.c C 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009,2010,2011,2012,2013,2014,2015,2016,2017,2018,2019,2020,2021
./lib/isccfg/tests/duration_test.c C 2019,2020,2021
./lib/isccfg/tests/parser_test.c C 2016,2018,2019,2020,2021
-./lib/isccfg/tlsconf.c C 2021
./lib/isccfg/win32/DLLMain.c C 2001,2004,2007,2016,2018,2019,2020,2021
./lib/isccfg/win32/libisccfg.def X 2001,2002,2005,2009,2010,2011,2013,2014,2015,2016,2018,2019,2020,2021
./lib/isccfg/win32/libisccfg.vcxproj.filters.in X 2013,2014,2015,2016,2018,2019,2020
projects / thirdparty / bind9.git / commitdiff
