Kea 3.1.1
gss_tsig_api.h
Go to the documentation of this file.
1// Copyright (C) 2021-2025 Internet Systems Consortium, Inc. ("ISC")
2//
3// This Source Code Form is subject to the terms of the Mozilla Public
4// License, v. 2.0. If a copy of the MPL was not distributed with this
5// file, You can obtain one at http://mozilla.org/MPL/2.0/.
6
25
26#ifndef GSS_TSIG_UTIL_H
27#define GSS_TSIG_UTIL_H
28
29#include <exceptions/exceptions.h>
30#include <boost/noncopyable.hpp>
31#include <boost/shared_ptr.hpp>
32#include <gssapi/gssapi_krb5.h>
33#include <iostream>
34#include <string>
35#include <vector>
36
37namespace isc {
38namespace gss_tsig {
39
41class GssApiError : public Exception {
42public:
43 GssApiError(const char* file, size_t line, const char* what) :
44 isc::Exception(file, line, what) {
45 }
46};
47
48class GssCredExpired : public Exception {
49public:
50 GssCredExpired(const char* file, size_t line, const char* what) :
51 isc::Exception(file, line, what) {
52 }
53};
54
58class GssApiLastError {
59public:
61 GssApiLastError();
62
64 virtual ~GssApiLastError();
65
69 int getLastError() const {
70 return (last_error_);
71 }
72
76 void setLastError(int error) {
77 last_error_ = error;
78 }
79
80private:
82 int last_error_;
83};
84
92std::string gssApiErrMsg(OM_uint32 major, OM_uint32 minor);
93
100class GssApiBuffer : public boost::noncopyable {
101public:
103 GssApiBuffer();
104
109 GssApiBuffer(size_t length, const void* value);
110
114 explicit GssApiBuffer(const std::vector<uint8_t>& content);
115
119 explicit GssApiBuffer(const std::string& content);
120
124 ~GssApiBuffer();
125
129 bool empty() const {
130 return (buffer_.value == 0);
131 }
132
136 gss_buffer_t getPtr() {
137 return (&buffer_);
138 }
139
143 size_t getLength() const {
144 return (buffer_.length);
145 }
146
153 void* getValue() {
154 return (buffer_.value);
155 }
156
160 std::vector<uint8_t> getContent() const;
161
172 std::string getString(bool trim = false) const;
173
174private:
176 gss_buffer_desc buffer_;
177};
178
180typedef boost::shared_ptr<GssApiBuffer> GssApiBufferPtr;
181
185
187class GssApiName : public boost::noncopyable, public GssApiLastError {
188public:
190 GssApiName();
191
195 explicit GssApiName(const std::string& gname);
196
200 ~GssApiName();
201
203 gss_name_t get() {
204 return (name_);
205 }
206
210 gss_name_t* getPtr() {
211 return (&name_);
212 }
213
220 bool compare(GssApiName& other);
221
227 std::string toString();
228
229private:
231 gss_name_t name_;
232};
233
235typedef boost::shared_ptr<GssApiName> GssApiNamePtr;
236
242class GssApiCred : public boost::noncopyable, public GssApiLastError {
243public:
245 GssApiCred();
246
254 GssApiCred(GssApiName& gname, gss_cred_usage_t cred_usage,
255 OM_uint32& lifetime);
256
260 ~GssApiCred();
261
263 gss_cred_id_t get() {
264 return (cred_);
265 }
266
274 void inquire(GssApiName& name, gss_cred_usage_t& cred_usage,
275 OM_uint32& lifetime);
276
277private:
279 gss_cred_id_t cred_;
280};
281
283typedef boost::shared_ptr<GssApiCred> GssApiCredPtr;
284
290class GssApiSecCtx : public boost::noncopyable, public GssApiLastError {
291public:
295 explicit GssApiSecCtx(gss_ctx_id_t sec_ctx);
296
302 explicit GssApiSecCtx(const std::vector<uint8_t>& import);
303
307 ~GssApiSecCtx();
308
310 gss_ctx_id_t get() {
311 return (sec_ctx_);
312 }
313
317 gss_ctx_id_t* getPtr() {
318 return (&sec_ctx_);
319 }
320
326 std::vector<uint8_t> serialize();
327
332 OM_uint32 getLifetime();
333
345 void inquire(GssApiName& source, GssApiName& target, OM_uint32& lifetime,
346 OM_uint32& flags, bool& local, bool& established);
347
354 void sign(GssApiBuffer& gmessage, GssApiBuffer& gsig);
355
362 void verify(GssApiBuffer& gmessage, GssApiBuffer& gsig);
363
380 bool init(GssApiCredPtr credp, GssApiName& target, OM_uint32 flags,
381 GssApiBuffer& intoken, GssApiBuffer& outtoken,
382 OM_uint32& lifetime);
383
398 bool accept(GssApiCred& cred, GssApiBuffer& intoken, GssApiName& source,
399 GssApiBuffer& outtoken);
400
401private:
403 gss_ctx_id_t sec_ctx_;
404};
405
414class GssApiOid : public boost::noncopyable {
415public:
417 GssApiOid();
418
422 explicit GssApiOid(const std::vector<uint8_t>& elements);
423
431 explicit GssApiOid(const std::string& str);
432
436 ~GssApiOid();
437
439 gss_OID get() {
440 return (oid_);
441 }
442
448 std::string toString();
449
450private:
452 gss_OID oid_;
453};
454
456extern GssApiOid ISC_GSS_KRB5_MECHANISM;
457
459extern GssApiOid ISC_GSS_SPNEGO_MECHANISM;
460
462typedef boost::shared_ptr<GssApiOid> GssApiOidPtr;
463
469class GssApiOidSet : public boost::noncopyable {
470public:
475 explicit GssApiOidSet(bool fill = true);
476
480 ~GssApiOidSet();
481
483 gss_OID_set get() {
484 return (oid_set_);
485 }
486
487private:
489 gss_OID_set oid_set_;
490};
491
493typedef boost::shared_ptr<GssApiOidSet> GssApiOidSetPtr;
494
495} // end of namespace isc::gss_tsig
496} // end of namespace isc
497
498#endif // GSS_TSIG_UTIL_H
isc::Exception::what
virtual const char * what() const
Returns a C-style character string of the cause of the exception.
Definition exceptions/exceptions.cc:32
isc::dns::Exception::Exception
Exception(const char *file, size_t line, const char *what)
Definition dns/exceptions.h:27
isc::gss_tsig::GssApiBuffer
GSS-API buffer.
Definition gss_tsig_api.h:100
isc::gss_tsig::GssApiBuffer::getContent
std::vector< uint8_t > getContent() const
Get the content as a vector.
Definition gss_tsig_api.cc:150
isc::gss_tsig::GssApiBuffer::empty
bool empty() const
Empty predicate.
Definition gss_tsig_api.h:129
isc::gss_tsig::GssApiBuffer::getPtr
gss_buffer_t getPtr()
Get pointer.
Definition gss_tsig_api.h:136
isc::gss_tsig::GssApiBuffer::getValue
void * getValue()
Get the value.
Definition gss_tsig_api.h:153
isc::gss_tsig::GssApiBuffer::getLength
size_t getLength() const
Get the length.
Definition gss_tsig_api.h:143
isc::gss_tsig::GssApiBuffer::getString
std::string getString(bool trim=false) const
Get the content as a string.
Definition gss_tsig_api.cc:160
isc::gss_tsig::GssApiBuffer::~GssApiBuffer
~GssApiBuffer()
Destructor.
Definition gss_tsig_api.cc:139
isc::gss_tsig::GssApiBuffer::GssApiBuffer
GssApiBuffer()
Constructor.
Definition gss_tsig_api.cc:72
isc::gss_tsig::GssApiCred
GSS-API credential.
Definition gss_tsig_api.h:242
isc::gss_tsig::GssApiCred::inquire
void inquire(GssApiName &name, gss_cred_usage_t &cred_usage, OM_uint32 &lifetime)
Inquire.
Definition gss_tsig_api.cc:255
isc::gss_tsig::GssApiCred::GssApiCred
GssApiCred()
Constructor.
Definition gss_tsig_api.cc:225
isc::gss_tsig::GssApiCred::~GssApiCred
~GssApiCred()
Destructor.
Definition gss_tsig_api.cc:244
isc::gss_tsig::GssApiCred::get
gss_cred_id_t get()
Get the value.
Definition gss_tsig_api.h:263
isc::gss_tsig::GssApiError::GssApiError
GssApiError(const char *file, size_t line, const char *what)
Definition gss_tsig_api.h:43
isc::gss_tsig::GssApiLastError::setLastError
void setLastError(int error)
Set the last error.
Definition gss_tsig_api.h:76
isc::gss_tsig::GssApiLastError::getLastError
int getLastError() const
Get the last error.
Definition gss_tsig_api.h:69
isc::gss_tsig::GssApiLastError::GssApiLastError
GssApiLastError()
Constructor.
Definition gss_tsig_api.cc:19
isc::gss_tsig::GssApiLastError::~GssApiLastError
virtual ~GssApiLastError()
Destructor.
Definition gss_tsig_api.cc:22
isc::gss_tsig::GssApiName
GSS-API name.
Definition gss_tsig_api.h:187
isc::gss_tsig::GssApiName::getPtr
gss_name_t * getPtr()
Get pointer.
Definition gss_tsig_api.h:210
isc::gss_tsig::GssApiName::toString
std::string toString()
textual representation.
Definition gss_tsig_api.cc:213
isc::gss_tsig::GssApiName::get
gss_name_t get()
Get the value.
Definition gss_tsig_api.h:203
isc::gss_tsig::GssApiName::GssApiName
GssApiName()
Constructor.
Definition gss_tsig_api.cc:170
isc::gss_tsig::GssApiName::~GssApiName
~GssApiName()
Destructor.
Definition gss_tsig_api.cc:189
isc::gss_tsig::GssApiName::compare
bool compare(GssApiName &other)
Compare.
Definition gss_tsig_api.cc:200
isc::gss_tsig::GssApiOidSet::get
gss_OID_set get()
Get the value.
Definition gss_tsig_api.h:483
isc::gss_tsig::GssApiOidSet::~GssApiOidSet
~GssApiOidSet()
Destructor.
Definition gss_tsig_api.cc:550
isc::gss_tsig::GssApiOidSet::GssApiOidSet
GssApiOidSet(bool fill=true)
Constructor.
Definition gss_tsig_api.cc:523
isc::gss_tsig::GssApiOid
GSS-API OID.
Definition gss_tsig_api.h:414
isc::gss_tsig::GssApiOid::GssApiOid
GssApiOid()
Constructor.
Definition gss_tsig_api.cc:433
isc::gss_tsig::GssApiOid::~GssApiOid
~GssApiOid()
Destructor.
Definition gss_tsig_api.cc:485
isc::gss_tsig::GssApiOid::get
gss_OID get()
Get the value.
Definition gss_tsig_api.h:439
isc::gss_tsig::GssApiOid::toString
std::string toString()
Get textual representation.
Definition gss_tsig_api.cc:496
isc::gss_tsig::GssApiSecCtx::get
gss_ctx_id_t get()
Get the value.
Definition gss_tsig_api.h:310
isc::gss_tsig::GssApiSecCtx::sign
void sign(GssApiBuffer &gmessage, GssApiBuffer &gsig)
Sign.
Definition gss_tsig_api.cc:343
isc::gss_tsig::GssApiSecCtx::init
bool init(GssApiCredPtr credp, GssApiName &target, OM_uint32 flags, GssApiBuffer &intoken, GssApiBuffer &outtoken, OM_uint32 &lifetime)
Init.
Definition gss_tsig_api.cc:367
isc::gss_tsig::GssApiSecCtx::verify
void verify(GssApiBuffer &gmessage, GssApiBuffer &gsig)
Verify.
Definition gss_tsig_api.cc:355
isc::gss_tsig::GssApiSecCtx::~GssApiSecCtx
~GssApiSecCtx()
Destructor.
Definition gss_tsig_api.cc:284
isc::gss_tsig::GssApiSecCtx::serialize
std::vector< uint8_t > serialize()
Export.
Definition gss_tsig_api.cc:295
isc::gss_tsig::GssApiSecCtx::getLifetime
OM_uint32 getLifetime()
Get the lifetime (validity in seconds).
Definition gss_tsig_api.cc:308
isc::gss_tsig::GssApiSecCtx::getPtr
gss_ctx_id_t * getPtr()
Get a pointer to the security context.
Definition gss_tsig_api.h:317
isc::gss_tsig::GssApiSecCtx::GssApiSecCtx
GssApiSecCtx(gss_ctx_id_t sec_ctx)
Constructor.
Definition gss_tsig_api.cc:269
isc::gss_tsig::GssApiSecCtx::inquire
void inquire(GssApiName &source, GssApiName &target, OM_uint32 &lifetime, OM_uint32 &flags, bool &local, bool &established)
Inquire.
Definition gss_tsig_api.cc:321
isc::gss_tsig::GssApiSecCtx::accept
bool accept(GssApiCred &cred, GssApiBuffer &intoken, GssApiName &source, GssApiBuffer &outtoken)
Accept.
Definition gss_tsig_api.cc:413
isc::gss_tsig::GssCredExpired::GssCredExpired
GssCredExpired(const char *file, size_t line, const char *what)
Definition gss_tsig_api.h:50
isc::gss_tsig
Definition gss_tsig_api.cc:17
isc::gss_tsig::ISC_GSS_SPNEGO_MECHANISM
GssApiOid ISC_GSS_SPNEGO_MECHANISM(ISC_GSS_SPNEGO_MECHANISM_vect)
The SPNEGO OID.
Definition gss_tsig_api.h:459
isc::gss_tsig::GssApiNamePtr
boost::shared_ptr< GssApiName > GssApiNamePtr
Shared pointer to GSS-API name.
Definition gss_tsig_api.h:235
isc::gss_tsig::GssApiOidPtr
boost::shared_ptr< GssApiOid > GssApiOidPtr
Shared pointer to GSS-API OID.
Definition gss_tsig_api.h:462
isc::gss_tsig::gssApiErrMsg
string gssApiErrMsg(OM_uint32 major, OM_uint32 minor)
An the error message.
Definition gss_tsig_api.cc:26
isc::gss_tsig::GssApiBufferPtr
boost::shared_ptr< GssApiBuffer > GssApiBufferPtr
Shared pointer to GSS-API buffer.
Definition gss_tsig_api.h:180
isc::gss_tsig::GssApiOidSetPtr
boost::shared_ptr< GssApiOidSet > GssApiOidSetPtr
Shared pointer to GSS-API OID set.
Definition gss_tsig_api.h:493
isc::gss_tsig::ISC_GSS_KRB5_MECHANISM
GssApiOid ISC_GSS_KRB5_MECHANISM(ISC_GSS_KRB5_MECHANISM_vect)
The Kerberos 5 OID.
Definition gss_tsig_api.h:456
isc::gss_tsig::GssApiCredPtr
boost::shared_ptr< GssApiCred > GssApiCredPtr
Shared pointer to GSS-API credential.
Definition gss_tsig_api.h:283
isc
Defines the logger used by the top-level component of kea-lfc.
Definition agent_parser.cc:148