xref: /netbsd-src/external/mpl/bind/dist/bin/named/tkeyconf.c (revision bcda20f65a8566e103791ec395f7f499ef322704) 
1 /*	$NetBSD: tkeyconf.c,v 1.8 2025/01/26 16:24:33 christos Exp $	*/
2 
3 /*
4  * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
5  *
6  * SPDX-License-Identifier: MPL-2.0
7  *
8  * This Source Code Form is subject to the terms of the Mozilla Public
9  * License, v. 2.0. If a copy of the MPL was not distributed with this
10  * file, you can obtain one at https://mozilla.org/MPL/2.0/.
11  *
12  * See the COPYRIGHT file distributed with this work for additional
13  * information regarding copyright ownership.
14  */
15 
16 /*! \file */
17 
18 #include <inttypes.h>
19 
20 #include <isc/buffer.h>
21 #include <isc/mem.h>
22 #include <isc/string.h>
23 
24 #include <dns/fixedname.h>
25 #include <dns/keyvalues.h>
26 #include <dns/name.h>
27 #include <dns/tkey.h>
28 
29 #include <dst/gssapi.h>
30 
31 #include <isccfg/cfg.h>
32 
33 #include <named/tkeyconf.h>
34 
35 #define RETERR(x)                            \
36 	do {                                 \
37 		result = (x);                \
38 		if (result != ISC_R_SUCCESS) \
39 			goto failure;        \
40 	} while (0)
41 
42 #include <named/log.h>
43 #define LOG(msg)                                               \
44 	isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL, \
45 		      NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR, "%s", msg)
46 
47 isc_result_t
48 named_tkeyctx_fromconfig(const cfg_obj_t *options, isc_mem_t *mctx,
49 			 dns_tkeyctx_t **tctxp) {
50 	isc_result_t result;
51 	dns_tkeyctx_t *tctx = NULL;
52 	const char *s;
53 	dns_fixedname_t fname;
54 	dns_name_t *name;
55 	isc_buffer_t b;
56 	const cfg_obj_t *obj;
57 
58 	result = dns_tkeyctx_create(mctx, &tctx);
59 	if (result != ISC_R_SUCCESS) {
60 		return result;
61 	}
62 
63 	obj = NULL;
64 	result = cfg_map_get(options, "tkey-domain", &obj);
65 	if (result == ISC_R_SUCCESS) {
66 		s = cfg_obj_asstring(obj);
67 		isc_buffer_constinit(&b, s, strlen(s));
68 		isc_buffer_add(&b, strlen(s));
69 		name = dns_fixedname_initname(&fname);
70 		RETERR(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
71 		tctx->domain = isc_mem_get(mctx, sizeof(dns_name_t));
72 		dns_name_init(tctx->domain, NULL);
73 		dns_name_dup(name, mctx, tctx->domain);
74 	}
75 
76 	obj = NULL;
77 	result = cfg_map_get(options, "tkey-gssapi-credential", &obj);
78 	if (result == ISC_R_SUCCESS) {
79 		s = cfg_obj_asstring(obj);
80 
81 		isc_buffer_constinit(&b, s, strlen(s));
82 		isc_buffer_add(&b, strlen(s));
83 		name = dns_fixedname_initname(&fname);
84 		RETERR(dns_name_fromtext(name, &b, dns_rootname, 0, NULL));
85 		RETERR(dst_gssapi_acquirecred(name, false, &tctx->gsscred));
86 	}
87 
88 	obj = NULL;
89 	result = cfg_map_get(options, "tkey-gssapi-keytab", &obj);
90 	if (result == ISC_R_SUCCESS) {
91 		s = cfg_obj_asstring(obj);
92 		tctx->gssapi_keytab = isc_mem_strdup(mctx, s);
93 	}
94 
95 	*tctxp = tctx;
96 	return ISC_R_SUCCESS;
97 
98 failure:
99 	dns_tkeyctx_destroy(&tctx);
100 	return result;
101 }
102