 |
Kea 3.1.1
|
|
Kea 3.1.1
|
GSS-TSIG hook implementation. More...
#include <gss_tsig_impl.h>
Public Member Functions | |
| GssTsigImpl () | |
| Constructor. | |
| virtual | ~GssTsigImpl () |
| Destructor. | |
| void | commandProcessed (isc::hooks::CalloutHandle &handle) |
| The command_processed handler. | |
| void | configure (isc::data::ConstElementPtr config) |
| Configure. | |
| void | createKey (DnsServerPtr server, std::chrono::time_point< std::chrono::system_clock > now) |
| Create new GSS-TSIG key. | |
| ManagedKeyPtr | findKey (const d2::DnsServerInfoPtr &server_info, bool &useGssTsig, bool &fallback) |
| Find a GSS-TSIG key by server info. | |
| ManagedKeyPtr | findKey (const std::string &name) const |
| Find a GSS-TSIG key by name. | |
| void | finishConfigure (isc::d2::D2CfgContextPtr d2_config) |
| Finish configure. | |
| void | getAllHandler (isc::hooks::CalloutHandle &handle) const |
| The gss-tsig-get-all command handler. | |
| void | getHandler (isc::hooks::CalloutHandle &handle) const |
| The gss-tsig-get command handler. | |
| isc::asiolink::IOServicePtr | getIOService () |
| Get the hook I/O service. | |
| DnsServerPtr | getServer (const std::string &id) const |
| Get the DNS server from its ID. | |
| void | keyDelHandler (isc::hooks::CalloutHandle &handle) |
| The gss-tsig-key-del command handler. | |
| void | keyExpireHandler (isc::hooks::CalloutHandle &handle) |
| The gss-tsig-key-expire command handler. | |
| void | keyGetHandler (isc::hooks::CalloutHandle &handle) const |
| The gss-tsig-key-get command handler. | |
| void | listHandler (isc::hooks::CalloutHandle &handle) const |
| The gss-tsig-list command handler. | |
| void | processAllServersKeys (bool rekey=false) |
| Process GSS-TSIG keys for all servers. | |
| void | processServerKeys (DnsServerPtr server, bool rekey=false) |
| Process GSS-TSIG keys for a specific server. | |
| void | purgeAllHandler (isc::hooks::CalloutHandle &handle) |
| The gss-tsig-purge-all command handler. | |
| void | purgeHandler (isc::hooks::CalloutHandle &handle) |
| The gss-tsig-purge command handler. | |
| void | purgeKeys () |
| Purge very old GSS-TSIG keys. | |
| void | rekeyAllHandler (isc::hooks::CalloutHandle &handle) |
| The gss-tsig-rekey-all command handler. | |
| void | rekeyHandler (isc::hooks::CalloutHandle &handle) |
| The gss-tsig-rekey command handler. | |
| void | setIOService (isc::asiolink::IOServicePtr io_service) |
| Set the hook I/O service. | |
| void | start () |
| Start method. | |
| void | stop () |
| Stop method. | |
Protected Attributes | |
| GssTsigCfg | cfg_ |
| GSS-TSIG hook configuration. | |
| isc::asiolink::IOServicePtr | io_service_ |
| The hook I/O service. | |
| ManagedKeyList | keys_ |
| Map of GSS-TSIG keys by name. | |
| std::unique_ptr< std::string > | krb5_client_ktname_prev_ |
| The previous value of client key table environment variable. | |
| std::unique_ptr< std::string > | krb5ccname_prev_ |
| The previous value of credential cache environment variable. | |
| isc::asiolink::IntervalTimerPtr | purge_timer_ |
| The purge periodic timer. | |
GSS-TSIG hook implementation.
Definition at line 63 of file gss_tsig_impl.h.
| isc::gss_tsig::GssTsigImpl::GssTsigImpl | ( | ) |
Constructor.
Definition at line 32 of file gss_tsig_impl.cc.
References cfg_, io_service_, keys_, krb5_client_ktname_prev_, krb5ccname_prev_, and purge_timer_.
|
virtual |
Destructor.
Definition at line 36 of file gss_tsig_impl.cc.
References io_service_, and stop().
Here is the call graph for this function:| void isc::gss_tsig::GssTsigImpl::commandProcessed | ( | isc::hooks::CalloutHandle & | handle | ) |
The command_processed handler.
| handle | CalloutHandle. |
Definition at line 933 of file gss_tsig_impl.cc.
References Element::create(), isc::hooks::CalloutHandle::getArgument(), and Element::map.
Here is the call graph for this function:| void isc::gss_tsig::GssTsigImpl::configure | ( | isc::data::ConstElementPtr | config | ) |
Configure.
| config | A map element with parameters. |
| BadValue | and similar exceptions on error. |
Definition at line 42 of file gss_tsig_impl.cc.
References cfg_, isc::stats::StatsMgr::instance(), krb5_client_ktname_prev_, krb5ccname_prev_, isc::stats::StatsMgr::setValue(), and isc::gss_tsig::DnsServer::STAT_NAMES.
Here is the call graph for this function:| void isc::gss_tsig::GssTsigImpl::createKey | ( | DnsServerPtr | server, |
| std::chrono::time_point< std::chrono::system_clock > | now ) |
Create new GSS-TSIG key.
| server | The server for which the new key is added. |
| now | The current timestamp. |
Definition at line 147 of file gss_tsig_impl.cc.
References isc::stats::StatsMgr::addValue(), isc::stats::StatsMgr::generateName(), isc::gss_tsig::ManagedKey::genName(), isc::gss_tsig::gss_tsig_logger, isc::gss_tsig::GSS_TSIG_NEW_KEY, isc::stats::StatsMgr::instance(), io_service_, keys_, LOG_INFO, and isc::gss_tsig::TKeyExchange::TKEY_EXCHANGE_FLAGS.
Referenced by processServerKeys(), and rekeyHandler().
Here is the call graph for this function:| ManagedKeyPtr isc::gss_tsig::GssTsigImpl::findKey | ( | const d2::DnsServerInfoPtr & | server_info, |
| bool & | useGssTsig, | ||
| bool & | fallback ) |
Find a GSS-TSIG key by server info.
| server_info | Pointer to a DNS server. | |
| [out] | useGssTsig | Set to true when GSS-TSIG is used. |
| [out] | fallback | Set to true when GSS-TSIG should be used and no key is available fallbacks to the no GSS-TSIG behavior (vs. skips this DNS server). |
Definition at line 294 of file gss_tsig_impl.cc.
References cfg_, isc::log::DBGLVL_TRACE_BASIC, isc::gss_tsig::ManagedKey::EXPIRED, isc::gss_tsig::gss_tsig_logger, isc::gss_tsig::KEY_LOOKUP_DISABLED, isc::gss_tsig::KEY_LOOKUP_FOUND, isc::gss_tsig::KEY_LOOKUP_NONE, keys_, LOG_DEBUG, and isc::gss_tsig::ManagedKey::USABLE.
Referenced by keyDelHandler(), keyExpireHandler(), and keyGetHandler().
| ManagedKeyPtr isc::gss_tsig::GssTsigImpl::findKey | ( | const std::string & | name | ) | const |
Find a GSS-TSIG key by name.
| name | Name of the key. |
Definition at line 329 of file gss_tsig_impl.cc.
References keys_.
| void isc::gss_tsig::GssTsigImpl::finishConfigure | ( | isc::d2::D2CfgContextPtr | d2_config | ) |
Finish configure.
| d2_config | D2 server running configuration. |
Definition at line 69 of file gss_tsig_impl.cc.
References cfg_.
| void isc::gss_tsig::GssTsigImpl::getAllHandler | ( | isc::hooks::CalloutHandle & | handle | ) | const |
The gss-tsig-get-all command handler.
| handle | CalloutHandle. |
Definition at line 441 of file gss_tsig_impl.cc.
References cfg_, isc::config::CONTROL_RESULT_EMPTY, isc::config::CONTROL_RESULT_SUCCESS, isc::config::createAnswer(), Element::createList(), Element::createMap(), keys_, and isc::hooks::CalloutHandle::setArgument().
Here is the call graph for this function:| void isc::gss_tsig::GssTsigImpl::getHandler | ( | isc::hooks::CalloutHandle & | handle | ) | const |
The gss-tsig-get command handler.
| handle | CalloutHandle. |
Definition at line 370 of file gss_tsig_impl.cc.
References cfg_, isc::config::CONTROL_RESULT_EMPTY, isc::config::CONTROL_RESULT_ERROR, isc::config::CONTROL_RESULT_SUCCESS, isc::config::createAnswer(), Element::createList(), isc::hooks::CalloutHandle::getArgument(), isc_throw, keys_, Element::map, isc::config::parseCommand(), isc::hooks::CalloutHandle::setArgument(), and Element::string.
Here is the call graph for this function:
|
inline |
Get the hook I/O service.
Definition at line 85 of file gss_tsig_impl.h.
References io_service_.
| DnsServerPtr isc::gss_tsig::GssTsigImpl::getServer | ( | const std::string & | id | ) | const |
Get the DNS server from its ID.
| id | The server ID. |
Definition at line 289 of file gss_tsig_impl.cc.
References cfg_.
| void isc::gss_tsig::GssTsigImpl::keyDelHandler | ( | isc::hooks::CalloutHandle & | handle | ) |
The gss-tsig-key-del command handler.
| handle | CalloutHandle. |
Definition at line 652 of file gss_tsig_impl.cc.
References isc::config::CONTROL_RESULT_EMPTY, isc::config::CONTROL_RESULT_ERROR, isc::config::CONTROL_RESULT_SUCCESS, isc::config::createAnswer(), findKey(), isc::hooks::CalloutHandle::getArgument(), isc_throw, keys_, Element::map, isc::config::parseCommand(), isc::hooks::CalloutHandle::setArgument(), and Element::string.
Here is the call graph for this function:| void isc::gss_tsig::GssTsigImpl::keyExpireHandler | ( | isc::hooks::CalloutHandle & | handle | ) |
The gss-tsig-key-expire command handler.
| handle | CalloutHandle. |
Definition at line 575 of file gss_tsig_impl.cc.
References isc::config::CONTROL_RESULT_EMPTY, isc::config::CONTROL_RESULT_ERROR, isc::config::CONTROL_RESULT_SUCCESS, isc::config::createAnswer(), isc::gss_tsig::ManagedKey::EXPIRED, findKey(), isc::hooks::CalloutHandle::getArgument(), isc_throw, Element::map, isc::config::parseCommand(), isc::hooks::CalloutHandle::setArgument(), and Element::string.
Here is the call graph for this function:| void isc::gss_tsig::GssTsigImpl::keyGetHandler | ( | isc::hooks::CalloutHandle & | handle | ) | const |
The gss-tsig-key-get command handler.
| handle | CalloutHandle. |
Definition at line 511 of file gss_tsig_impl.cc.
References isc::config::CONTROL_RESULT_EMPTY, isc::config::CONTROL_RESULT_ERROR, isc::config::CONTROL_RESULT_SUCCESS, isc::config::createAnswer(), findKey(), isc::hooks::CalloutHandle::getArgument(), isc_throw, Element::map, isc::config::parseCommand(), isc::hooks::CalloutHandle::setArgument(), and Element::string.
Here is the call graph for this function:| void isc::gss_tsig::GssTsigImpl::listHandler | ( | isc::hooks::CalloutHandle & | handle | ) | const |
The gss-tsig-list command handler.
| handle | CalloutHandle. |
Definition at line 477 of file gss_tsig_impl.cc.
References cfg_, isc::config::CONTROL_RESULT_EMPTY, isc::config::CONTROL_RESULT_SUCCESS, Element::create(), isc::config::createAnswer(), Element::createList(), Element::createMap(), keys_, and isc::hooks::CalloutHandle::setArgument().
Here is the call graph for this function:| void isc::gss_tsig::GssTsigImpl::processAllServersKeys | ( | bool | rekey = false | ) |
Process GSS-TSIG keys for all servers.
| rekey | The flag which indicates if unconditionally rekey all servers. |
Definition at line 191 of file gss_tsig_impl.cc.
References cfg_, processServerKeys(), and rekey().
Referenced by rekeyAllHandler(), and start().
Here is the call graph for this function:| void isc::gss_tsig::GssTsigImpl::processServerKeys | ( | DnsServerPtr | server, |
| bool | rekey = false ) |
Process GSS-TSIG keys for a specific server.
| server | The server with keys to be processed. |
| rekey | The flag which indicates if unconditionally rekey server. |
Definition at line 198 of file gss_tsig_impl.cc.
References createKey(), isc::log::DBGLVL_TRACE_BASIC, isc::gss_tsig::ManagedKey::EXPIRED, isc::gss_tsig::gss_tsig_logger, isc::gss_tsig::KEY_PROCESSING_FAILED, isc::gss_tsig::KEY_PROCESSING_FAILED_UNSPECIFIED_ERROR, keys_, LOG_DEBUG, LOG_ERROR, isc::gss_tsig::ManagedKey::NOT_READY, isc::asiolink::IntervalTimer::ONE_SHOT, processServerKeys(), rekey(), isc::gss_tsig::START_REKEY_TIMER, isc::gss_tsig::START_RETRY_TIMER, and isc::gss_tsig::ManagedKey::USABLE.
Referenced by processAllServersKeys(), and processServerKeys().
Here is the call graph for this function:| void isc::gss_tsig::GssTsigImpl::purgeAllHandler | ( | isc::hooks::CalloutHandle & | handle | ) |
The gss-tsig-purge-all command handler.
| handle | CalloutHandle. |
Definition at line 813 of file gss_tsig_impl.cc.
References isc::config::CONTROL_RESULT_EMPTY, isc::config::CONTROL_RESULT_SUCCESS, isc::config::createAnswer(), isc::gss_tsig::ManagedKey::EXPIRED, keys_, isc::gss_tsig::ManagedKey::NOT_READY, isc::hooks::CalloutHandle::setArgument(), and isc::gss_tsig::ManagedKey::USABLE.
Here is the call graph for this function:| void isc::gss_tsig::GssTsigImpl::purgeHandler | ( | isc::hooks::CalloutHandle & | handle | ) |
The gss-tsig-purge command handler.
| handle | CalloutHandle. |
Definition at line 720 of file gss_tsig_impl.cc.
References isc::config::CONTROL_RESULT_EMPTY, isc::config::CONTROL_RESULT_ERROR, isc::config::CONTROL_RESULT_SUCCESS, isc::config::createAnswer(), isc::gss_tsig::ManagedKey::EXPIRED, isc::hooks::CalloutHandle::getArgument(), isc_throw, keys_, Element::map, isc::gss_tsig::ManagedKey::NOT_READY, isc::config::parseCommand(), isc::hooks::CalloutHandle::setArgument(), Element::string, and isc::gss_tsig::ManagedKey::USABLE.
Here is the call graph for this function:| void isc::gss_tsig::GssTsigImpl::purgeKeys | ( | ) |
Purge very old GSS-TSIG keys.
Handler of the purge periodic timer.
log a message with the count.
Definition at line 338 of file gss_tsig_impl.cc.
References cfg_, isc::log::DBGLVL_TRACE_BASIC, isc::gss_tsig::gss_tsig_logger, isc::gss_tsig::GSS_TSIG_OLD_KEY_REMOVED, keys_, and LOG_DEBUG.
Referenced by start().
| void isc::gss_tsig::GssTsigImpl::rekeyAllHandler | ( | isc::hooks::CalloutHandle & | handle | ) |
The gss-tsig-rekey-all command handler.
| handle | CalloutHandle. |
Definition at line 926 of file gss_tsig_impl.cc.
References isc::config::CONTROL_RESULT_SUCCESS, isc::config::createAnswer(), io_service_, processAllServersKeys(), and isc::hooks::CalloutHandle::setArgument().
Here is the call graph for this function:| void isc::gss_tsig::GssTsigImpl::rekeyHandler | ( | isc::hooks::CalloutHandle & | handle | ) |
The gss-tsig-rekey command handler.
| handle | CalloutHandle. |
Definition at line 861 of file gss_tsig_impl.cc.
References cfg_, isc::config::CONTROL_RESULT_EMPTY, isc::config::CONTROL_RESULT_ERROR, isc::config::CONTROL_RESULT_SUCCESS, isc::config::createAnswer(), createKey(), isc::hooks::CalloutHandle::getArgument(), isc_throw, Element::map, isc::config::parseCommand(), isc::hooks::CalloutHandle::setArgument(), and Element::string.
Here is the call graph for this function:
|
inline |
Set the hook I/O service.
| io_service | the hook I/O service. |
Definition at line 92 of file gss_tsig_impl.h.
References io_service_.
| void isc::gss_tsig::GssTsigImpl::start | ( | ) |
Start method.
Definition at line 74 of file gss_tsig_impl.cc.
References cfg_, isc::log::DBGLVL_TRACE_BASIC, isc::gss_tsig::gss_tsig_logger, isc::gss_tsig::GSS_TSIG_MANAGER_STARTED, io_service_, LOG_DEBUG, processAllServersKeys(), purge_timer_, purgeKeys(), and isc::asiolink::IntervalTimer::REPEATING.
Here is the call graph for this function:| void isc::gss_tsig::GssTsigImpl::stop | ( | ) |
Stop method.
Definition at line 93 of file gss_tsig_impl.cc.
References cfg_, isc::log::DBGLVL_TRACE_BASIC, isc::stats::StatsMgr::del(), isc::gss_tsig::gss_tsig_logger, isc::gss_tsig::GSS_TSIG_MANAGER_STOP_ERROR, isc::gss_tsig::GSS_TSIG_MANAGER_STOP_GENERAL_ERROR, isc::gss_tsig::GSS_TSIG_MANAGER_STOPPED, isc::stats::StatsMgr::instance(), io_service_, keys_, krb5_client_ktname_prev_, krb5ccname_prev_, LOG_DEBUG, LOG_ERROR, purge_timer_, and isc::gss_tsig::DnsServer::STAT_NAMES.
Referenced by ~GssTsigImpl().
Here is the call graph for this function:
|
protected |
GSS-TSIG hook configuration.
Definition at line 211 of file gss_tsig_impl.h.
Referenced by GssTsigImpl(), configure(), findKey(), finishConfigure(), getAllHandler(), getHandler(), getServer(), listHandler(), processAllServersKeys(), purgeKeys(), rekeyHandler(), start(), and stop().
|
protected |
The hook I/O service.
Definition at line 217 of file gss_tsig_impl.h.
Referenced by GssTsigImpl(), ~GssTsigImpl(), createKey(), getIOService(), rekeyAllHandler(), setIOService(), start(), and stop().
|
protected |
Map of GSS-TSIG keys by name.
Definition at line 214 of file gss_tsig_impl.h.
Referenced by GssTsigImpl(), createKey(), findKey(), findKey(), getAllHandler(), getHandler(), keyDelHandler(), listHandler(), processServerKeys(), purgeAllHandler(), purgeHandler(), purgeKeys(), and stop().
|
protected |
The previous value of client key table environment variable.
Definition at line 220 of file gss_tsig_impl.h.
Referenced by GssTsigImpl(), configure(), and stop().
|
protected |
The previous value of credential cache environment variable.
Definition at line 223 of file gss_tsig_impl.h.
Referenced by GssTsigImpl(), configure(), and stop().
|
protected |
The purge periodic timer.
Definition at line 226 of file gss_tsig_impl.h.
Referenced by GssTsigImpl(), start(), and stop().
1.13.2