Kea 3.1.1
Public Member Functions | Static Public Attributes | List of all members
isc::gss_tsig::DnsServer Class Reference

GSS-TSIG hook configuration for a server. More...

#include <gss_tsig_cfg.h>

+ Inheritance diagram for isc::gss_tsig::DnsServer:

Public Member Functions

 DnsServer (const std::string &id, const std::set< std::string > &domains, const isc::asiolink::IOAddress &ip_address, uint16_t port=isc::d2::DnsServerInfo::STANDARD_DNS_PORT)
 Constructor.
 
virtual ~DnsServer ()
 Destructor.
 
void addServerInfo (isc::d2::DnsServerInfoPtr server_info)
 Add a server info to the list.
 
void buildKeyNameSuffix ()
 Build the GSS-TSIG key name suffix.
 
void buildServerInfo (isc::d2::D2CfgContextPtr d2_config)
 Convert the list of DNS domains to the server info list.
 
void checkKeyNameSuffix ()
 Check and fix the GSS-TSIG key name suffix.
 
void clearServerInfos ()
 Clear the server info list.
 
const std::string & getClientPrincipal () const
 Get the client/credentials principal.
 
uint32_t getExchangeTimeout () const
 Get the TKEY exchange timeout.
 
bool getFallback () const
 Get the fallback flag.
 
bool getGssReplayFlag () const
 Get the GSS (anti) replay flag.
 
bool getGssSequenceFlag () const
 Get the GSS sequence flag.
 
std::string getID () const
 Get the ID.
 
const isc::asiolink::IOAddressgetIpAddress () const
 Get the server IP address.
 
uint32_t getKeyLifetime () const
 Get the TKEY lifetime.
 
const std::string & getKeyNameSuffix () const
 Get the GSS-TSIG key name suffix.
 
isc::asiodns::IOFetch::Protocol getKeyProto () const
 Get the TKEY protocol.
 
uint16_t getPort () const
 Get the server port.
 
uint32_t getRekeyInterval () const
 Get the rekey interval.
 
uint32_t getRetryInterval () const
 Get the retry interval.
 
const isc::d2::DnsServerInfoStoragegetServerInfos () const
 Get the server info list.
 
const std::string & getServerPrincipal () const
 Get the DNS server principal.
 
isc::asiolink::IntervalTimerPtrgetTimer ()
 Get timer used to rekey or to retry on error.
 
virtual void resetStats ()
 Reset statistics.
 
void setClientPrincipal (const std::string &cred_principal)
 Set the client/credentials principal.
 
void setExchangeTimeout (uint32_t exchange_timeout)
 Set the TKEY exchange timeout.
 
void setFallback (bool fallback)
 Set the fallback flag.
 
void setGssReplayFlag (bool flag)
 Set the GSS (anti) replay flag.
 
void setGssSequenceFlag (bool flag)
 Set the GSS sequence flag.
 
void setID (const std::string &id)
 Set the ID.
 
void setKeyLifetime (uint32_t tkey_lifetime)
 Set the TKEY lifetime.
 
void setKeyNameSuffix (const std::string &key_name_suffix)
 Set the GSS-TSIG key name suffix.
 
void setKeyProto (isc::asiodns::IOFetch::Protocol tkey_proto)
 Set the TKEY protocol.
 
void setRekeyInterval (uint32_t rekey_interval)
 Set the rekey interval.
 
void setRetryInterval (uint32_t retry_interval)
 Set the retry interval.
 
void setServerPrincipal (const std::string &server_principal)
 Set the DNS server principal.
 
isc::data::ElementPtr toElement () const
 Unparse a DNS server object.
 
- Public Member Functions inherited from isc::data::CfgToElement
virtual ~CfgToElement ()
 Destructor.
 
- Public Member Functions inherited from isc::data::UserContext
void contextToElement (data::ElementPtr map) const
 Merge unparse a user_context object.
 
data::ConstElementPtr getContext () const
 Returns const pointer to the user context.
 
void setContext (const data::ConstElementPtr &ctx)
 Sets user context.
 

Static Public Attributes

static constexpr size_t DEFAULT_EXCHANGE_TIMEOUT = 3000
 The default TKEY exchange timeout (expressed in milliseconds).
 
static constexpr size_t DEFAULT_KEY_LIFETIME = 3600
 The default TKEY lifetime (expressed in seconds).
 
static constexpr size_t DEFAULT_REKEY_INTERVAL = 2700
 The rekey timer interval (expressed in seconds).
 
static constexpr size_t DEFAULT_RETRY_INTERVAL = 120
 The retry timer interval (expressed in seconds).
 
static const isc::data::SimpleKeywords SERVER_PARAMETERS
 This table defines all server parameters.
 
static const std::list< std::string > STAT_NAMES
 Server TKEY exchange statistics names.
 

Additional Inherited Members

- Static Public Member Functions inherited from isc::data::UserContext
static data::ElementPtr toElement (data::ConstElementPtr map)
 Copy an Element map.
 
- Protected Attributes inherited from isc::data::UserContext
data::ConstElementPtr user_context_
 Pointer to the user context (may be NULL)
 

Detailed Description

GSS-TSIG hook configuration for a server.

Definition at line 33 of file gss_tsig_cfg.h.

Constructor & Destructor Documentation

◆ DnsServer()

isc::gss_tsig::DnsServer::DnsServer ( const std::string & id,
const std::set< std::string > & domains,
const isc::asiolink::IOAddress & ip_address,
uint16_t port = isc::d2::DnsServerInfo::STANDARD_DNS_PORT )

Constructor.

A server is mainly recognized using its address and port.

Parameters
idAn identifier.
domainsA list of DNS domains.
ip_addressThe server IP address.
portThe server port (default 53).

Definition at line 53 of file gss_tsig_cfg.cc.

References DEFAULT_EXCHANGE_TIMEOUT, DEFAULT_KEY_LIFETIME, DEFAULT_REKEY_INTERVAL, and DEFAULT_RETRY_INTERVAL.

◆ ~DnsServer()

isc::gss_tsig::DnsServer::~DnsServer ( )
virtual

Destructor.

Remove the server statistics.

Definition at line 67 of file gss_tsig_cfg.cc.

Member Function Documentation

◆ addServerInfo()

void isc::gss_tsig::DnsServer::addServerInfo ( isc::d2::DnsServerInfoPtr server_info)
inline

Add a server info to the list.

Parameters
server_infoThe new server info to add to the list.

Definition at line 113 of file gss_tsig_cfg.h.

◆ buildKeyNameSuffix()

void isc::gss_tsig::DnsServer::buildKeyNameSuffix ( )

Build the GSS-TSIG key name suffix.

The GSS-TSIG key name suffix is the DNS part of the DNS server principal i.e. the sub-string between '/' and '@'.

Exceptions
BadValuewhen the DNS server principal has not the expected format (this allows an error at argument parse time).

Definition at line 99 of file gss_tsig_cfg.cc.

References checkKeyNameSuffix(), and isc_throw.

+ Here is the call graph for this function:

◆ buildServerInfo()

void isc::gss_tsig::DnsServer::buildServerInfo ( isc::d2::D2CfgContextPtr d2_config)

Convert the list of DNS domains to the server info list.

For each domain in the list adds the corresponding server. An empty list means to add all servers.

Parameters
d2_configD2 configuration.
Exceptions
isc::NotFoundif a domain of the list is not served.

Definition at line 138 of file gss_tsig_cfg.cc.

References buildServerInfo(), getServerInfos(), and isc_throw.

Referenced by buildServerInfo().

+ Here is the call graph for this function:

◆ checkKeyNameSuffix()

void isc::gss_tsig::DnsServer::checkKeyNameSuffix ( )

Check and fix the GSS-TSIG key name suffix.

As a side effect a trailing dot can be added, e.g. when the suffix was built from a Kerberos principal where usually the domain part does not have one.

Note
: if we want to canonize GSS-TSIG key name suffix this is the right place to do this.

Definition at line 119 of file gss_tsig_cfg.cc.

References isc_throw, and isc::dns::Name::toText().

Referenced by buildKeyNameSuffix(), and setKeyNameSuffix().

+ Here is the call graph for this function:

◆ clearServerInfos()

void isc::gss_tsig::DnsServer::clearServerInfos ( )
inline

Clear the server info list.

Definition at line 118 of file gss_tsig_cfg.h.

◆ getClientPrincipal()

const std::string & isc::gss_tsig::DnsServer::getClientPrincipal ( ) const
inline

Get the client/credentials principal.

Returns
the client/credentials principal.

Definition at line 181 of file gss_tsig_cfg.h.

◆ getExchangeTimeout()

uint32_t isc::gss_tsig::DnsServer::getExchangeTimeout ( ) const
inline

Get the TKEY exchange timeout.

Returns
the TKEY exchange timeout (expressed in milliseconds).

Definition at line 293 of file gss_tsig_cfg.h.

◆ getFallback()

bool isc::gss_tsig::DnsServer::getFallback ( ) const
inline

Get the fallback flag.

Returns
the fallback flag.

Definition at line 279 of file gss_tsig_cfg.h.

◆ getGssReplayFlag()

bool isc::gss_tsig::DnsServer::getGssReplayFlag ( ) const
inline

Get the GSS (anti) replay flag.

Returns
the GSS (anti) replay flag.

Definition at line 202 of file gss_tsig_cfg.h.

◆ getGssSequenceFlag()

bool isc::gss_tsig::DnsServer::getGssSequenceFlag ( ) const
inline

Get the GSS sequence flag.

Returns
the GSS sequence flag.

Definition at line 216 of file gss_tsig_cfg.h.

◆ getID()

std::string isc::gss_tsig::DnsServer::getID ( ) const
inline

Get the ID.

Returns
the ID.

Definition at line 71 of file gss_tsig_cfg.h.

Referenced by toElement().

◆ getIpAddress()

const isc::asiolink::IOAddress & isc::gss_tsig::DnsServer::getIpAddress ( ) const
inline

Get the server IP address.

Returns
the server IP address.

Definition at line 85 of file gss_tsig_cfg.h.

◆ getKeyLifetime()

uint32_t isc::gss_tsig::DnsServer::getKeyLifetime ( ) const
inline

Get the TKEY lifetime.

Returns
the TKEY lifetime (expressed in seconds).

Definition at line 195 of file gss_tsig_cfg.h.

◆ getKeyNameSuffix()

const std::string & isc::gss_tsig::DnsServer::getKeyNameSuffix ( ) const
inline

Get the GSS-TSIG key name suffix.

Returns
the GSS-TSIG key name suffix.

Definition at line 148 of file gss_tsig_cfg.h.

◆ getKeyProto()

isc::asiodns::IOFetch::Protocol isc::gss_tsig::DnsServer::getKeyProto ( ) const
inline

Get the TKEY protocol.

Returns
the TKEY protocol.

Definition at line 265 of file gss_tsig_cfg.h.

◆ getPort()

uint16_t isc::gss_tsig::DnsServer::getPort ( ) const
inline

Get the server port.

Returns
the server port.

Definition at line 99 of file gss_tsig_cfg.h.

◆ getRekeyInterval()

uint32_t isc::gss_tsig::DnsServer::getRekeyInterval ( ) const
inline

Get the rekey interval.

Returns
the rekey interval (expressed in seconds).

Definition at line 237 of file gss_tsig_cfg.h.

◆ getRetryInterval()

uint32_t isc::gss_tsig::DnsServer::getRetryInterval ( ) const
inline

Get the retry interval.

Returns
the retry interval (expressed in seconds).

Definition at line 251 of file gss_tsig_cfg.h.

◆ getServerInfos()

const isc::d2::DnsServerInfoStorage & isc::gss_tsig::DnsServer::getServerInfos ( ) const
inline

Get the server info list.

Returns
the server info list.

Definition at line 106 of file gss_tsig_cfg.h.

Referenced by buildServerInfo().

◆ getServerPrincipal()

const std::string & isc::gss_tsig::DnsServer::getServerPrincipal ( ) const
inline

Get the DNS server principal.

Returns
the DNS server principal.

Definition at line 134 of file gss_tsig_cfg.h.

◆ getTimer()

isc::asiolink::IntervalTimerPtr & isc::gss_tsig::DnsServer::getTimer ( )
inline

Get timer used to rekey or to retry on error.

Returns
The timer used to rekey or to retry on error.

Definition at line 92 of file gss_tsig_cfg.h.

◆ resetStats()

void isc::gss_tsig::DnsServer::resetStats ( )
virtual

Reset statistics.

Definition at line 90 of file gss_tsig_cfg.cc.

References isc::stats::StatsMgr::generateName(), isc::stats::StatsMgr::instance(), isc::stats::StatsMgr::reset(), and STAT_NAMES.

+ Here is the call graph for this function:

◆ setClientPrincipal()

void isc::gss_tsig::DnsServer::setClientPrincipal ( const std::string & cred_principal)
inline

Set the client/credentials principal.

Parameters
cred_principalA new client/credentials principal.

Definition at line 188 of file gss_tsig_cfg.h.

◆ setExchangeTimeout()

void isc::gss_tsig::DnsServer::setExchangeTimeout ( uint32_t exchange_timeout)
inline

Set the TKEY exchange timeout.

Parameters
exchange_timeoutA new TKEY exchange timeout (expressed in milliseconds).

Definition at line 301 of file gss_tsig_cfg.h.

◆ setFallback()

void isc::gss_tsig::DnsServer::setFallback ( bool fallback)
inline

Set the fallback flag.

Parameters
fallbackA new fallback flag.

Definition at line 286 of file gss_tsig_cfg.h.

◆ setGssReplayFlag()

void isc::gss_tsig::DnsServer::setGssReplayFlag ( bool flag)
inline

Set the GSS (anti) replay flag.

Parameters
flagA new (anti) replay flag value.

Definition at line 209 of file gss_tsig_cfg.h.

◆ setGssSequenceFlag()

void isc::gss_tsig::DnsServer::setGssSequenceFlag ( bool flag)
inline

Set the GSS sequence flag.

Parameters
flagA new sequence flag value.

Definition at line 223 of file gss_tsig_cfg.h.

◆ setID()

void isc::gss_tsig::DnsServer::setID ( const std::string & id)
inline

Set the ID.

Parameters
idA new ID.

Definition at line 78 of file gss_tsig_cfg.h.

◆ setKeyLifetime()

void isc::gss_tsig::DnsServer::setKeyLifetime ( uint32_t tkey_lifetime)
inline

Set the TKEY lifetime.

Parameters
tkey_lifetimeA new TKEY lifetime (expressed in seconds).

Definition at line 230 of file gss_tsig_cfg.h.

◆ setKeyNameSuffix()

void isc::gss_tsig::DnsServer::setKeyNameSuffix ( const std::string & key_name_suffix)
inline

Set the GSS-TSIG key name suffix.

Parameters
key_name_suffixA new GSS-TSIG key name suffix.

Definition at line 155 of file gss_tsig_cfg.h.

References checkKeyNameSuffix().

+ Here is the call graph for this function:

◆ setKeyProto()

void isc::gss_tsig::DnsServer::setKeyProto ( isc::asiodns::IOFetch::Protocol tkey_proto)
inline

Set the TKEY protocol.

Parameters
tkey_protoA new TKEY protocol.

Definition at line 272 of file gss_tsig_cfg.h.

◆ setRekeyInterval()

void isc::gss_tsig::DnsServer::setRekeyInterval ( uint32_t rekey_interval)
inline

Set the rekey interval.

Parameters
rekey_intervalA new rekey interval (expressed in seconds).

Definition at line 244 of file gss_tsig_cfg.h.

◆ setRetryInterval()

void isc::gss_tsig::DnsServer::setRetryInterval ( uint32_t retry_interval)
inline

Set the retry interval.

Parameters
retry_intervalA new retry interval (expressed in seconds).

Definition at line 258 of file gss_tsig_cfg.h.

◆ setServerPrincipal()

void isc::gss_tsig::DnsServer::setServerPrincipal ( const std::string & server_principal)
inline

Set the DNS server principal.

Parameters
server_principalA new DNS server principal.

Definition at line 141 of file gss_tsig_cfg.h.

◆ toElement()

ElementPtr isc::gss_tsig::DnsServer::toElement ( ) const
virtual

Unparse a DNS server object.

Used to get the full state of a DNS server.

Note
: the GSS-TSIG key list is added by command handlers.
Returns
a pointer to unparsed DNS server object.

Implements isc::data::CfgToElement.

Definition at line 218 of file gss_tsig_cfg.cc.

References isc::data::UserContext::contextToElement(), Element::create(), Element::createList(), Element::createMap(), getID(), and isc::asiodns::IOFetch::TCP.

+ Here is the call graph for this function:

Member Data Documentation

◆ DEFAULT_EXCHANGE_TIMEOUT

size_t isc::gss_tsig::DnsServer::DEFAULT_EXCHANGE_TIMEOUT = 3000
staticconstexpr

The default TKEY exchange timeout (expressed in milliseconds).

Default value for TKEY exchange timeout: 3000 milliseconds (3 seconds).

Definition at line 331 of file gss_tsig_cfg.h.

Referenced by DnsServer().

◆ DEFAULT_KEY_LIFETIME

size_t isc::gss_tsig::DnsServer::DEFAULT_KEY_LIFETIME = 3600
staticconstexpr

The default TKEY lifetime (expressed in seconds).

Default value for TKEY lifetime: 3600 seconds (1 hour).

Definition at line 316 of file gss_tsig_cfg.h.

Referenced by DnsServer(), and isc::gss_tsig::GssTsigCfg::configure().

◆ DEFAULT_REKEY_INTERVAL

size_t isc::gss_tsig::DnsServer::DEFAULT_REKEY_INTERVAL = 2700
staticconstexpr

The rekey timer interval (expressed in seconds).

Default value for rekey timer: 2700 seconds (45 minutes).

Definition at line 321 of file gss_tsig_cfg.h.

Referenced by DnsServer(), and isc::gss_tsig::GssTsigCfg::configure().

◆ DEFAULT_RETRY_INTERVAL

size_t isc::gss_tsig::DnsServer::DEFAULT_RETRY_INTERVAL = 120
staticconstexpr

The retry timer interval (expressed in seconds).

Default value for retry timer: 120 seconds (2 minutes).

Definition at line 326 of file gss_tsig_cfg.h.

Referenced by DnsServer(), and isc::gss_tsig::GssTsigCfg::configure().

◆ SERVER_PARAMETERS

const SimpleKeywords isc::gss_tsig::DnsServer::SERVER_PARAMETERS
static
Initial value:
= {
{ "id", Element::string },
{ "domain-names", Element::list },
{ "ip-address", Element::string },
{ "port", Element::integer },
{ "server-principal", Element::string },
{ "client-principal", Element::string },
{ "gss-replay-flag", Element::boolean },
{ "gss-sequence-flag", Element::boolean },
{ "tkey-lifetime", Element::integer },
{ "rekey-interval", Element::integer },
{ "retry-interval", Element::integer },
{ "tkey-protocol", Element::string },
{ "fallback", Element::boolean },
{ "exchange-timeout", Element::integer },
{ "user-context", Element::map },
{ "comment", Element::string }
}
Element::map
@ map
Definition data.h:147
Element::integer
@ integer
Definition data.h:140
Element::boolean
@ boolean
Definition data.h:142
Element::list
@ list
Definition data.h:146
Element::string
@ string
Definition data.h:144

This table defines all server parameters.

Definition at line 36 of file gss_tsig_cfg.h.

Referenced by isc::gss_tsig::GssTsigCfg::configure().

◆ STAT_NAMES

const list< string > isc::gss_tsig::DnsServer::STAT_NAMES
static
Initial value:
= {
"gss-tsig-key-created",
"tkey-sent",
"tkey-success",
"tkey-timeout",
"tkey-error"
}

Server TKEY exchange statistics names.

  • gss-tsig-key-created
  • tkey-sent
  • tkey-success
  • tkey-timeout
  • tkey-error

Definition at line 45 of file gss_tsig_cfg.h.

Referenced by isc::gss_tsig::GssTsigImpl::configure(), resetStats(), and isc::gss_tsig::GssTsigImpl::stop().

The documentation for this class was generated from the following files: