xref: /netbsd/external/mpl/dhcp/dist/omapip/auth.c (revision 13df4856) 
1 /*	$NetBSD: auth.c,v 1.3 2022/04/03 01:10:59 christos Exp $	*/
2 
3 /* auth.c
4 
5    Subroutines having to do with authentication. */
6 
7 /*
8  * Copyright (C) 2004-2022 Internet Systems Consortium, Inc. ("ISC")
9  * Copyright (c) 1998-2003 by Internet Software Consortium
10  *
11  * This Source Code Form is subject to the terms of the Mozilla Public
12  * License, v. 2.0. If a copy of the MPL was not distributed with this
13  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
14  *
15  * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES
16  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
17  * MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR
18  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
19  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
21  * OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22  *
23  *   Internet Systems Consortium, Inc.
24  *   PO Box 360
25  *   Newmarket, NH 03857 USA
26  *   <info@isc.org>
27  *   https://www.isc.org/
28  *
29  */
30 
31 #include <sys/cdefs.h>
32 __RCSID("$NetBSD: auth.c,v 1.3 2022/04/03 01:10:59 christos Exp $");
33 
34 #include "dhcpd.h"
35 
36 #include <omapip/omapip_p.h>
37 
38 OMAPI_OBJECT_ALLOC (omapi_auth_key, omapi_auth_key_t, omapi_type_auth_key)
39 typedef struct hash omapi_auth_hash_t;
40 HASH_FUNCTIONS_DECL (omapi_auth_key, const char *,
41 		     omapi_auth_key_t, omapi_auth_hash_t)
42 omapi_auth_hash_t *auth_key_hash;
HASH_FUNCTIONS(omapi_auth_key,const char *,omapi_auth_key_t,omapi_auth_hash_t,omapi_auth_key_reference,omapi_auth_key_dereference,do_case_hash)43 HASH_FUNCTIONS (omapi_auth_key, const char *, omapi_auth_key_t,
44 		omapi_auth_hash_t,
45 		omapi_auth_key_reference, omapi_auth_key_dereference,
46 		do_case_hash)
47 
48 isc_result_t omapi_auth_key_new (omapi_auth_key_t **o, const char *file,
49 				 int line)
50 {
51 	return omapi_auth_key_allocate (o, file, line);
52 }
53 
omapi_auth_key_destroy(omapi_object_t * h,const char * file,int line)54 isc_result_t omapi_auth_key_destroy (omapi_object_t *h,
55 				     const char *file, int line)
56 {
57 	omapi_auth_key_t *a;
58 
59 	if (h->type != omapi_type_auth_key)
60 		return DHCP_R_INVALIDARG;
61 	a = (omapi_auth_key_t *)h;
62 
63 	if (auth_key_hash != NULL)
64 		omapi_auth_key_hash_delete(auth_key_hash, a->name, 0, MDL);
65 
66 	if (a->name != NULL)
67 		dfree(a->name, MDL);
68 	if (a->algorithm != NULL)
69 		dfree(a->algorithm, MDL);
70 	if (a->key != NULL)
71 		omapi_data_string_dereference(&a->key, MDL);
72 	if (a->tsec_key != NULL)
73 		dns_tsec_destroy(&a->tsec_key);
74 
75 	return ISC_R_SUCCESS;
76 }
77 
omapi_auth_key_enter(omapi_auth_key_t * a)78 isc_result_t omapi_auth_key_enter (omapi_auth_key_t *a)
79 {
80 	omapi_auth_key_t *tk;
81 	isc_result_t      status;
82 	dst_key_t        *dstkey;
83 
84 	if (a -> type != omapi_type_auth_key)
85 		return DHCP_R_INVALIDARG;
86 
87 	tk = (omapi_auth_key_t *)0;
88 	if (auth_key_hash) {
89 		omapi_auth_key_hash_lookup (&tk, auth_key_hash,
90 					    a -> name, 0, MDL);
91 		if (tk == a) {
92 			omapi_auth_key_dereference (&tk, MDL);
93 			return ISC_R_SUCCESS;
94 		}
95 		if (tk) {
96 			omapi_auth_key_hash_delete (auth_key_hash,
97 						    tk -> name, 0, MDL);
98 			omapi_auth_key_dereference (&tk, MDL);
99 		}
100 	} else {
101 		if (!omapi_auth_key_new_hash(&auth_key_hash,
102 					     KEY_HASH_SIZE, MDL))
103 			return ISC_R_NOMEMORY;
104 	}
105 
106 	/*
107 	 * If possible create a tsec structure for this key,
108 	 * if we can't create the structure we put out a warning
109 	 * and continue.
110 	 */
111 	status = isclib_make_dst_key(a->name, a->algorithm,
112 				     a->key->value, a->key->len,
113 				     &dstkey);
114 	if (status == ISC_R_SUCCESS) {
115 		status = dns_tsec_create(dhcp_gbl_ctx.mctx, dns_tsectype_tsig,
116 					 dstkey, &a->tsec_key);
117 		dst_key_free(&dstkey);
118 	}
119 	if (status != ISC_R_SUCCESS)
120 		log_error("Unable to create tsec structure for %s", a->name);
121 
122 	omapi_auth_key_hash_add (auth_key_hash, a -> name, 0, a, MDL);
123 	return ISC_R_SUCCESS;
124 }
125 
omapi_auth_key_lookup_name(omapi_auth_key_t ** a,const char * name)126 isc_result_t omapi_auth_key_lookup_name (omapi_auth_key_t **a,
127 					 const char *name)
128 {
129 	if (!auth_key_hash)
130 		return ISC_R_NOTFOUND;
131 	if (!omapi_auth_key_hash_lookup (a, auth_key_hash, name, 0, MDL))
132 		return ISC_R_NOTFOUND;
133 	return ISC_R_SUCCESS;
134 }
135 
omapi_auth_key_lookup(omapi_object_t ** h,omapi_object_t * id,omapi_object_t * ref)136 isc_result_t omapi_auth_key_lookup (omapi_object_t **h,
137 				    omapi_object_t *id,
138 				    omapi_object_t *ref)
139 {
140 	isc_result_t status;
141 	omapi_value_t *name = (omapi_value_t *)0;
142 	omapi_value_t *algorithm = (omapi_value_t *)0;
143 
144 	if (!auth_key_hash)
145 		return ISC_R_NOTFOUND;
146 
147 	if (!ref)
148 		return DHCP_R_NOKEYS;
149 
150 	status = omapi_get_value_str (ref, id, "name", &name);
151 	if (status != ISC_R_SUCCESS)
152 		return status;
153 
154 	if ((name -> value -> type != omapi_datatype_string) &&
155 	    (name -> value -> type != omapi_datatype_data)) {
156 		omapi_value_dereference (&name, MDL);
157 		return ISC_R_NOTFOUND;
158 	}
159 
160 	status = omapi_get_value_str (ref, id, "algorithm", &algorithm);
161 	if (status != ISC_R_SUCCESS) {
162 		omapi_value_dereference (&name, MDL);
163 		return status;
164 	}
165 
166 	if ((algorithm -> value -> type != omapi_datatype_string) &&
167 	    (algorithm -> value -> type != omapi_datatype_data)) {
168 		omapi_value_dereference (&name, MDL);
169 		omapi_value_dereference (&algorithm, MDL);
170 		return ISC_R_NOTFOUND;
171 	}
172 
173 
174 	if (!omapi_auth_key_hash_lookup ((omapi_auth_key_t **)h, auth_key_hash,
175 					 (const char *)
176 					 name -> value -> u.buffer.value,
177 					 name -> value -> u.buffer.len, MDL)) {
178 		omapi_value_dereference (&name, MDL);
179 		omapi_value_dereference (&algorithm, MDL);
180 		return ISC_R_NOTFOUND;
181 	}
182 
183 	if (omapi_td_strcasecmp (algorithm -> value,
184 				 ((omapi_auth_key_t *)*h) -> algorithm) != 0) {
185 		omapi_value_dereference (&name, MDL);
186 		omapi_value_dereference (&algorithm, MDL);
187 		omapi_object_dereference (h, MDL);
188 		return ISC_R_NOTFOUND;
189 	}
190 
191 	omapi_value_dereference (&name, MDL);
192 	omapi_value_dereference (&algorithm, MDL);
193 
194 	return ISC_R_SUCCESS;
195 }
196 
omapi_auth_key_stuff_values(omapi_object_t * c,omapi_object_t * id,omapi_object_t * h)197 isc_result_t omapi_auth_key_stuff_values (omapi_object_t *c,
198 					  omapi_object_t *id,
199 					  omapi_object_t *h)
200 {
201 	omapi_auth_key_t *a;
202 	isc_result_t status;
203 
204 	if (h -> type != omapi_type_auth_key)
205 		return DHCP_R_INVALIDARG;
206 	a = (omapi_auth_key_t *)h;
207 
208 	/* Write only the name and algorithm -- not the secret! */
209 	if (a -> name) {
210 		status = omapi_connection_put_name (c, "name");
211 		if (status != ISC_R_SUCCESS)
212 			return status;
213 		status = omapi_connection_put_string (c, a -> name);
214 		if (status != ISC_R_SUCCESS)
215 			return status;
216 	}
217 	if (a -> algorithm) {
218 		status = omapi_connection_put_name (c, "algorithm");
219 		if (status != ISC_R_SUCCESS)
220 			return status;
221 		status = omapi_connection_put_string (c, a -> algorithm);
222 		if (status != ISC_R_SUCCESS)
223 			return status;
224 	}
225 
226 	return ISC_R_SUCCESS;
227 }
228 
omapi_auth_key_get_value(omapi_object_t * h,omapi_object_t * id,omapi_data_string_t * name,omapi_value_t ** value)229 isc_result_t omapi_auth_key_get_value (omapi_object_t *h,
230 				       omapi_object_t *id,
231 				       omapi_data_string_t *name,
232 				       omapi_value_t **value)
233 {
234 	omapi_auth_key_t *a;
235 	isc_result_t status;
236 
237 	if (h -> type != omapi_type_auth_key)
238 		return ISC_R_UNEXPECTED;
239 	a = (omapi_auth_key_t *)h;
240 
241 	if (omapi_ds_strcmp (name, "name") == 0) {
242 		if (a -> name)
243 			return omapi_make_string_value
244 				(value, name, a -> name, MDL);
245 		else
246 			return ISC_R_NOTFOUND;
247 	} else if (omapi_ds_strcmp (name, "key") == 0) {
248 		if (a -> key) {
249 			status = omapi_value_new (value, MDL);
250 			if (status != ISC_R_SUCCESS)
251 				return status;
252 
253 			status = omapi_data_string_reference
254 				(&(*value) -> name, name, MDL);
255 			if (status != ISC_R_SUCCESS) {
256 				omapi_value_dereference (value, MDL);
257 				return status;
258 			}
259 
260 			status = omapi_typed_data_new (MDL, &(*value) -> value,
261 						       omapi_datatype_data,
262 						       a -> key -> len);
263 			if (status != ISC_R_SUCCESS) {
264 				omapi_value_dereference (value, MDL);
265 				return status;
266 			}
267 
268 			memcpy ((*value) -> value -> u.buffer.value,
269 				a -> key -> value, a -> key -> len);
270 			return ISC_R_SUCCESS;
271 		} else
272 			return ISC_R_NOTFOUND;
273 	} else if (omapi_ds_strcmp (name, "algorithm") == 0) {
274 		if (a -> algorithm)
275 			return omapi_make_string_value
276 				(value, name, a -> algorithm, MDL);
277 		else
278 			return ISC_R_NOTFOUND;
279 	}
280 
281 	return ISC_R_SUCCESS;
282 }
283