Kea 3.1.0
gss_tsig_callouts.cc
Go to the documentation of this file.
1// Copyright (C) 2021-2025 Internet Systems Consortium, Inc. ("ISC")
2//
3// This Source Code Form is subject to the terms of the Mozilla Public
4// License, v. 2.0. If a copy of the MPL was not distributed with this
5// file, You can obtain one at http://mozilla.org/MPL/2.0/.
6
7#include <config.h>
8
9#include <asiolink/io_service_mgr.h>
10#include <gss_tsig_context.h>
11#include <gss_tsig_impl.h>
12#include <gss_tsig_log.h>
13#include <process/daemon.h>
14#include <exceptions/exceptions.h>
15#include <functional>
16#include <sstream>
17#include <string>
18
19using namespace isc;
20using namespace isc::asiolink;
21using namespace isc::gss_tsig;
22using namespace isc::d2;
23using namespace isc::data;
24using namespace isc::dns;
25using namespace isc::hooks;
26using namespace isc::log;
27using namespace isc::process;
28using namespace std;
29
30namespace isc {
31namespace gss_tsig {
32
34GssTsigImplPtr impl;
35
36} // end of namespace isc::gss_tsig
37} // end of namespace isc
38
39extern "C" {
40
47int get(CalloutHandle& handle) {
48 impl->getHandler(handle);
49 return (0);
50}
51
56int get_all(CalloutHandle& handle) {
57 impl->getAllHandler(handle);
58 return (0);
59}
60
65int lists(CalloutHandle& handle) {
66 impl->listHandler(handle);
67 return (0);
68}
69
76int key_get(CalloutHandle& handle) {
77 impl->keyGetHandler(handle);
78 return (0);
79}
80
87int key_expire(CalloutHandle& handle) {
88 impl->keyExpireHandler(handle);
89 return (0);
90}
91
98int key_del(CalloutHandle& handle) {
99 impl->keyDelHandler(handle);
100 return (0);
101}
102
109int purge(CalloutHandle& handle) {
110 impl->purgeHandler(handle);
111 return (0);
112}
113
118int purge_all(CalloutHandle& handle) {
119 impl->purgeAllHandler(handle);
120 return (0);
121}
122
129int rekey(CalloutHandle& handle) {
130 impl->rekeyHandler(handle);
131 return (0);
132}
133
138int rekey_all(CalloutHandle& handle) {
139 impl->rekeyAllHandler(handle);
140 return (0);
141}
142
146int load(LibraryHandle& handle) {
147 try {
148 // Create the implementation object.
149 impl.reset(new GssTsigImpl());
150
151 // Make the hook library loadable only by d2.
152 const std::string& proc_name = Daemon::getProcName();
153 if (proc_name != "kea-dhcp-ddns") {
154 isc_throw(Unexpected, "Bad process name: " << proc_name
155 << ", expected kea-dhcp-ddns");
156 }
157
158 // Load the configuration (syntax check).
159 ConstElementPtr config = handle.getParameters();
160 impl->configure(config);
161
162 // Register commands.
163 handle.registerCommandCallout("gss-tsig-get", get);
164 handle.registerCommandCallout("gss-tsig-get-all", get_all);
165 handle.registerCommandCallout("gss-tsig-key-del", key_del);
166 handle.registerCommandCallout("gss-tsig-key-expire", key_expire);
167 handle.registerCommandCallout("gss-tsig-key-get", key_get);
168 handle.registerCommandCallout("gss-tsig-list", lists);
169 handle.registerCommandCallout("gss-tsig-purge", purge);
170 handle.registerCommandCallout("gss-tsig-purge-all", purge_all);
171 handle.registerCommandCallout("gss-tsig-rekey", rekey);
172 handle.registerCommandCallout("gss-tsig-rekey-all", rekey_all);
173 } catch (const std::exception& ex) {
174 LOG_ERROR(gss_tsig_logger, GSS_TSIG_LOAD_FAILED)
175 .arg(ex.what());
176 return (1);
177 }
178
179 LOG_INFO(gss_tsig_logger, GSS_TSIG_LOAD_OK);
180 return (0);
181}
182
186int unload() {
187 if (impl) {
188 IOServiceMgr::instance().unregisterIOService(impl->getIOService());
189 impl->stop();
190 impl.reset();
191 }
192 LOG_INFO(gss_tsig_logger, GSS_TSIG_UNLOAD_OK);
193 return (0);
194}
195
199int multi_threading_compatible() {
200 return (1);
201}
202
211int d2_srv_configured(CalloutHandle& handle) {
212 // First check the status.
213 if (handle.getStatus() != CalloutHandle::NEXT_STEP_CONTINUE) {
214 return (0);
215 }
216 IOServiceMgr::instance().registerIOService(impl->getIOService());
217 D2CfgContextPtr d2_config;
218 // Get the parameters.
219 handle.getArgument("server_config", d2_config);
220 if (!d2_config) {
221 const string error("Error: gss_tsig d2_srv_configured: server_config is null");
222 handle.setArgument("error", error);
223 handle.setStatus(isc::hooks::CalloutHandle::NEXT_STEP_DROP);
224 return (1);
225 }
226 try {
227 impl->finishConfigure(d2_config);
228 impl->getIOService()->post([]() { impl->start(); });
229 } catch (const std::exception& ex) {
230 ostringstream os;
231 os << "gss_tsig config mismatch: " << ex.what();
232 string error(os.str());
233 handle.setArgument("error", error);
234 handle.setStatus(CalloutHandle::NEXT_STEP_DROP);
235 return (1);
236 }
237 return (0);
238}
239
252int select_key(CalloutHandle& handle) {
253 // First check the status.
254 if (handle.getStatus() != CalloutHandle::NEXT_STEP_CONTINUE) {
255 return (0);
256 }
257 // Get the parameters.
258 DnsServerInfoPtr server_info;
259 handle.getArgument("current_server", server_info);
260 D2TsigKeyPtr tsig_key;
261 handle.getArgument("tsig_key", tsig_key);
262 // Get the DNS server.
263 D2TsigKeyPtr key;
264 bool useGssTsig = false;
265 bool fallback = false;
266 if (server_info) {
267 key = impl->findKey(server_info, useGssTsig, fallback);
268 }
269 if (useGssTsig) {
270 if (key) {
271 handle.setArgument("tsig_key", key);
272 } else if (!fallback) {
273 handle.setStatus(CalloutHandle::NEXT_STEP_SKIP);
274 }
275 }
276 return (0);
277}
278
285int command_processed(CalloutHandle& handle) {
286 try {
287 impl->commandProcessed(handle);
288 } catch (const std::exception& ex) {
289 LOG_ERROR(gss_tsig_logger, GSS_TSIG_COMMAND_PROCESSED_FAILED)
290 .arg(ex.what());
291 return (1);
292 }
293
294 return (0);
295}
296
297} // end extern "C"
CalloutHandle::NEXT_STEP_CONTINUE
@ NEXT_STEP_CONTINUE
continue normally
Definition callout_handle.h:87
CalloutHandle::NEXT_STEP_DROP
@ NEXT_STEP_DROP
drop the packet
Definition callout_handle.h:89
CalloutHandle::NEXT_STEP_SKIP
@ NEXT_STEP_SKIP
skip the next processing step
Definition callout_handle.h:88
isc::Unexpected
A generic exception that is thrown when an unexpected error condition occurs.
Definition exceptions/exceptions.h:153
isc::gss_tsig::GssTsigImpl
GSS-TSIG hook implementation.
Definition gss_tsig_impl.h:63
isc::hooks::CalloutHandle
Per-packet callout handle.
Definition callout_handle.h:78
isc::hooks::CalloutHandle::NEXT_STEP_DROP
@ NEXT_STEP_DROP
drop the packet
Definition callout_handle.h:89
isc::hooks::CalloutHandle::getStatus
CalloutNextStep getStatus() const
Returns the next processing step.
Definition callout_handle.h:241
isc::hooks::CalloutHandle::setStatus
void setStatus(const CalloutNextStep next)
Sets the next processing step.
Definition callout_handle.h:231
isc::hooks::CalloutHandle::getArgument
void getArgument(const std::string &name, T &value) const
Get argument.
Definition callout_handle.h:164
isc::hooks::CalloutHandle::setArgument
void setArgument(const std::string &name, T value)
Set argument.
Definition callout_handle.h:147
isc::hooks::LibraryHandle::registerCommandCallout
void registerCommandCallout(const std::string &command_name, CalloutPtr callout)
Register control command handler.
Definition library_handle.cc:36
isc::hooks::LibraryHandle::getParameters
isc::data::ConstElementPtr getParameters()
Get configuration parameter common code.
Definition library_handle.cc:74
isc::process::Daemon::getProcName
static std::string getProcName()
returns the process name This value is used as when forming the default PID file name
Definition daemon.cc:151
isc_throw
#define isc_throw(type, stream)
A shortcut macro to insert known values into exception arguments.
Definition exceptions/exceptions.h:210
key_expire
int key_expire(CalloutHandle &handle)
The gss-tsig-key-expire command.
Definition gss_tsig_callouts.cc:87
purge
int purge(CalloutHandle &handle)
The gss-tsig-purge command.
Definition gss_tsig_callouts.cc:109
select_key
int select_key(CalloutHandle &handle)
This function is called when the server selects a DNS server and optionally a TSIG key.
Definition gss_tsig_callouts.cc:252
command_processed
int command_processed(CalloutHandle &handle)
This function is called when a command was processed.
Definition gss_tsig_callouts.cc:285
rekey_all
int rekey_all(CalloutHandle &handle)
The gss-tsig-rekey-all command.
Definition gss_tsig_callouts.cc:138
get
int get(CalloutHandle &handle)
The gss-tsig-get command.
Definition gss_tsig_callouts.cc:47
key_get
int key_get(CalloutHandle &handle)
The gss-tsig-key-get command.
Definition gss_tsig_callouts.cc:76
multi_threading_compatible
int multi_threading_compatible()
This function is called to retrieve the multi-threading compatibility.
Definition gss_tsig_callouts.cc:199
d2_srv_configured
int d2_srv_configured(CalloutHandle &handle)
This function is called when the server finishes (re)configuration.
Definition gss_tsig_callouts.cc:211
unload
int unload()
This function is called when the library is unloaded.
Definition gss_tsig_callouts.cc:186
get_all
int get_all(CalloutHandle &handle)
The gss-tsig-get-all command.
Definition gss_tsig_callouts.cc:56
purge_all
int purge_all(CalloutHandle &handle)
The gss-tsig-purge-all command.
Definition gss_tsig_callouts.cc:118
rekey
int rekey(CalloutHandle &handle)
The gss-tsig-rekey command.
Definition gss_tsig_callouts.cc:129
lists
int lists(CalloutHandle &handle)
The gss-tsig-list command.
Definition gss_tsig_callouts.cc:65
load
int load(LibraryHandle &handle)
This function is called when the library is loaded.
Definition gss_tsig_callouts.cc:146
key_del
int key_del(CalloutHandle &handle)
The gss-tsig-key-del command.
Definition gss_tsig_callouts.cc:98
gss_tsig_context.h
Implements a TSIGContext derived class which can be used as the value of TSIGContext pointers so with...
gss_tsig_impl.h
gss_tsig_log.h
io_service_mgr.h
LOG_ERROR
#define LOG_ERROR(LOGGER, MESSAGE)
Macro to conveniently test error output and log it.
Definition macros.h:32
LOG_INFO
#define LOG_INFO(LOGGER, MESSAGE)
Macro to conveniently test info output and log it.
Definition macros.h:20
isc::d2::DnsServerInfoPtr
boost::shared_ptr< DnsServerInfo > DnsServerInfoPtr
Defines a pointer for DnsServerInfo instances.
Definition d2_config.h:554
isc::d2::D2CfgContextPtr
boost::shared_ptr< D2CfgContext > D2CfgContextPtr
Pointer to a configuration context.
Definition d2_cfg_mgr.h:26
isc::d2::D2TsigKeyPtr
boost::shared_ptr< D2TsigKey > D2TsigKeyPtr
Type of pointer to a D2 TSIG key.
Definition d2_tsig_key.h:71
isc::data::ConstElementPtr
boost::shared_ptr< const Element > ConstElementPtr
Definition data.h:29
isc::gss_tsig
Definition gss_tsig_api.cc:17
isc::gss_tsig::GssTsigImplPtr
std::unique_ptr< GssTsigImpl > GssTsigImplPtr
Type of pointer to a GSS-TSIG hook configuration.
Definition gss_tsig_impl.h:230
isc::gss_tsig::GSS_TSIG_LOAD_FAILED
const isc::log::MessageID GSS_TSIG_LOAD_FAILED
Definition gss_tsig_messages.h:13
isc::gss_tsig::GSS_TSIG_LOAD_OK
const isc::log::MessageID GSS_TSIG_LOAD_OK
Definition gss_tsig_messages.h:14
isc::gss_tsig::GSS_TSIG_COMMAND_PROCESSED_FAILED
const isc::log::MessageID GSS_TSIG_COMMAND_PROCESSED_FAILED
Definition gss_tsig_messages.h:12
isc::gss_tsig::gss_tsig_logger
isc::log::Logger gss_tsig_logger("gss-tsig-hooks")
Definition gss_tsig_log.h:17
isc::gss_tsig::impl
GssTsigImplPtr impl
The GSS-TSIG hook implementation object.
Definition gss_tsig_callouts.cc:34
isc::gss_tsig::GSS_TSIG_UNLOAD_OK
const isc::log::MessageID GSS_TSIG_UNLOAD_OK
Definition gss_tsig_messages.h:23
isc
Defines the logger used by the top-level component of kea-lfc.
Definition agent_parser.cc:148