da/d38/gss__tsig__impl_8h_source.html

// Copyright (C) 2021-2025 Internet Systems Consortium, Inc. ("ISC")

//

// This Source Code Form is subject to the terms of the Mozilla Public

// License, v. 2.0. If a copy of the MPL was not distributed with this

// file, You can obtain one at http://mozilla.org/MPL/2.0/.


#ifndef GSS_TSIG_IMPL_H

#define GSS_TSIG_IMPL_H


#include <asiolink/interval_timer.h>

#include <gss_tsig_cfg.h>

#include <hooks/hooks.h>

#include <managed_key.h>


#include <boost/multi_index/composite_key.hpp>

#include <boost/multi_index/ordered_index.hpp>

#include <chrono>

#include <memory>


namespace isc {

namespace gss_tsig {


struct GssTsigKeyNameTag { };


struct GssTsigKeyServerTag { };


typedef boost::multi_index_container<

    // It holds pointers to GSS-TSIG key objects.

    ManagedKeyPtr,

    boost::multi_index::indexed_by<

        // First index is the by DNS name.

        boost::multi_index::hashed_unique<

            boost::multi_index::tag<GssTsigKeyNameTag>,

            boost::multi_index::const_mem_fun<ManagedKey, std::string,

                                              &ManagedKey::getKeyNameStr>

        >,


        // Second index is by DNS server (parent) ID with the inception

        // date to sort search results.

        boost::multi_index::ordered_non_unique<

            boost::multi_index::tag<GssTsigKeyServerTag>,

            boost::multi_index::composite_key<

                ManagedKey,

                // The DNS server (parent) ID.

                boost::multi_index::const_mem_fun<ManagedKey, std::string,

                                                  &ManagedKey::getParentID>,

                // The inception date.

                boost::multi_index::const_mem_fun<GssTsigKey,

                                                  std::chrono::system_clock::time_point,

                                                  &GssTsigKey::getInception>

                >

            >

    >

> ManagedKeyList;


class GssTsigImpl {

public:

    GssTsigImpl();


    virtual ~GssTsigImpl();


    void configure(isc::data::ConstElementPtr config);


    void finishConfigure(isc::d2::D2CfgContextPtr d2_config);


    isc::asiolink::IOServicePtr getIOService() {

        return (io_service_);

    }


    void setIOService(isc::asiolink::IOServicePtr io_service) {

        io_service_ = io_service;

    }


    DnsServerPtr getServer(const std::string& id) const;


    void start();


    void stop();


    void processAllServersKeys(bool rekey = false);


    void processServerKeys(DnsServerPtr server, bool rekey = false);


    void createKey(DnsServerPtr server,

                   std::chrono::time_point<std::chrono::system_clock> now);


    ManagedKeyPtr findKey(const d2::DnsServerInfoPtr& server_info,

                          bool& useGssTsig, bool& fallback);


    ManagedKeyPtr findKey(const std::string& name) const;


    void purgeKeys();


    void getHandler(isc::hooks::CalloutHandle& handle) const;


    void getAllHandler(isc::hooks::CalloutHandle& handle) const;


    void listHandler(isc::hooks::CalloutHandle& handle) const;


    void keyGetHandler(isc::hooks::CalloutHandle& handle) const;


    void keyExpireHandler(isc::hooks::CalloutHandle& handle);


    void keyDelHandler(isc::hooks::CalloutHandle& handle);


    void purgeHandler(isc::hooks::CalloutHandle& handle);


    void purgeAllHandler(isc::hooks::CalloutHandle& handle);


    void rekeyHandler(isc::hooks::CalloutHandle& handle);


    void rekeyAllHandler(isc::hooks::CalloutHandle& handle);


    void commandProcessed(isc::hooks::CalloutHandle& handle);


protected:

    GssTsigCfg cfg_;


    ManagedKeyList keys_;


    isc::asiolink::IOServicePtr io_service_;


    std::unique_ptr<std::string> krb5_client_ktname_prev_;


    std::unique_ptr<std::string> krb5ccname_prev_;


    isc::asiolink::IntervalTimerPtr purge_timer_;

};


typedef std::unique_ptr<GssTsigImpl> GssTsigImplPtr;


} // end of namespace isc::gss_tsig

} // end of namespace isc


#endif // GSS_TSIG_IMPL_H

isc::gss_tsig::GssTsigCfg
GSS-TSIG hook configuration.
Definition gss_tsig_cfg.h:430

isc::gss_tsig::GssTsigImpl::getIOService
isc::asiolink::IOServicePtr getIOService()
Get the hook I/O service.
Definition gss_tsig_impl.h:85

isc::gss_tsig::GssTsigImpl::rekeyAllHandler
void rekeyAllHandler(isc::hooks::CalloutHandle &handle)
The gss-tsig-rekey-all command handler.
Definition gss_tsig_impl.cc:926

isc::gss_tsig::GssTsigImpl::krb5_client_ktname_prev_
std::unique_ptr< std::string > krb5_client_ktname_prev_
The previous value of client key table environment variable.
Definition gss_tsig_impl.h:220

isc::gss_tsig::GssTsigImpl::io_service_
isc::asiolink::IOServicePtr io_service_
The hook I/O service.
Definition gss_tsig_impl.h:217

isc::gss_tsig::GssTsigImpl::GssTsigImpl
GssTsigImpl()
Constructor.
Definition gss_tsig_impl.cc:32

isc::gss_tsig::GssTsigImpl::stop
void stop()
Stop method.
Definition gss_tsig_impl.cc:93

isc::gss_tsig::GssTsigImpl::purgeAllHandler
void purgeAllHandler(isc::hooks::CalloutHandle &handle)
The gss-tsig-purge-all command handler.
Definition gss_tsig_impl.cc:813

isc::gss_tsig::GssTsigImpl::finishConfigure
void finishConfigure(isc::d2::D2CfgContextPtr d2_config)
Finish configure.
Definition gss_tsig_impl.cc:69

isc::gss_tsig::GssTsigImpl::cfg_
GssTsigCfg cfg_
GSS-TSIG hook configuration.
Definition gss_tsig_impl.h:211

isc::gss_tsig::GssTsigImpl::commandProcessed
void commandProcessed(isc::hooks::CalloutHandle &handle)
The command_processed handler.
Definition gss_tsig_impl.cc:933

isc::gss_tsig::GssTsigImpl::start
void start()
Start method.
Definition gss_tsig_impl.cc:74

isc::gss_tsig::GssTsigImpl::keyExpireHandler
void keyExpireHandler(isc::hooks::CalloutHandle &handle)
The gss-tsig-key-expire command handler.
Definition gss_tsig_impl.cc:575

isc::gss_tsig::GssTsigImpl::purgeHandler
void purgeHandler(isc::hooks::CalloutHandle &handle)
The gss-tsig-purge command handler.
Definition gss_tsig_impl.cc:720

isc::gss_tsig::GssTsigImpl::rekeyHandler
void rekeyHandler(isc::hooks::CalloutHandle &handle)
The gss-tsig-rekey command handler.
Definition gss_tsig_impl.cc:861

isc::gss_tsig::GssTsigImpl::getAllHandler
void getAllHandler(isc::hooks::CalloutHandle &handle) const
The gss-tsig-get-all command handler.
Definition gss_tsig_impl.cc:441

isc::gss_tsig::GssTsigImpl::configure
void configure(isc::data::ConstElementPtr config)
Configure.
Definition gss_tsig_impl.cc:42

isc::gss_tsig::GssTsigImpl::keyDelHandler
void keyDelHandler(isc::hooks::CalloutHandle &handle)
The gss-tsig-key-del command handler.
Definition gss_tsig_impl.cc:652

isc::gss_tsig::GssTsigImpl::getServer
DnsServerPtr getServer(const std::string &id) const
Get the DNS server from its ID.
Definition gss_tsig_impl.cc:289

isc::gss_tsig::GssTsigImpl::processAllServersKeys
void processAllServersKeys(bool rekey=false)
Process GSS-TSIG keys for all servers.
Definition gss_tsig_impl.cc:191

isc::gss_tsig::GssTsigImpl::keys_
ManagedKeyList keys_
Map of GSS-TSIG keys by name.
Definition gss_tsig_impl.h:214

isc::gss_tsig::GssTsigImpl::setIOService
void setIOService(isc::asiolink::IOServicePtr io_service)
Set the hook I/O service.
Definition gss_tsig_impl.h:92

isc::gss_tsig::GssTsigImpl::findKey
ManagedKeyPtr findKey(const d2::DnsServerInfoPtr &server_info, bool &useGssTsig, bool &fallback)
Find a GSS-TSIG key by server info.
Definition gss_tsig_impl.cc:294

isc::gss_tsig::GssTsigImpl::purgeKeys
void purgeKeys()
Purge very old GSS-TSIG keys.
Definition gss_tsig_impl.cc:338

isc::gss_tsig::GssTsigImpl::processServerKeys
void processServerKeys(DnsServerPtr server, bool rekey=false)
Process GSS-TSIG keys for a specific server.
Definition gss_tsig_impl.cc:198

isc::gss_tsig::GssTsigImpl::krb5ccname_prev_
std::unique_ptr< std::string > krb5ccname_prev_
The previous value of credential cache environment variable.
Definition gss_tsig_impl.h:223

isc::gss_tsig::GssTsigImpl::keyGetHandler
void keyGetHandler(isc::hooks::CalloutHandle &handle) const
The gss-tsig-key-get command handler.
Definition gss_tsig_impl.cc:511

isc::gss_tsig::GssTsigImpl::purge_timer_
isc::asiolink::IntervalTimerPtr purge_timer_
The purge periodic timer.
Definition gss_tsig_impl.h:226

isc::gss_tsig::GssTsigImpl::~GssTsigImpl
virtual ~GssTsigImpl()
Destructor.
Definition gss_tsig_impl.cc:36

isc::gss_tsig::GssTsigImpl::listHandler
void listHandler(isc::hooks::CalloutHandle &handle) const
The gss-tsig-list command handler.
Definition gss_tsig_impl.cc:477

isc::gss_tsig::GssTsigImpl::getHandler
void getHandler(isc::hooks::CalloutHandle &handle) const
The gss-tsig-get command handler.
Definition gss_tsig_impl.cc:370

isc::gss_tsig::GssTsigImpl::createKey
void createKey(DnsServerPtr server, std::chrono::time_point< std::chrono::system_clock > now)
Create new GSS-TSIG key.
Definition gss_tsig_impl.cc:147

isc::gss_tsig::GssTsigKey
GSS-TSIG extension of the D2 TSIG key class.
Definition gss_tsig_key.h:26

isc::gss_tsig::GssTsigKey::getInception
std::chrono::system_clock::time_point getInception() const
Get the key inception.
Definition gss_tsig_key.h:62

isc::gss_tsig::ManagedKey
Managed GSS-TSIG key.
Definition managed_key.h:24

isc::gss_tsig::ManagedKey::getKeyNameStr
std::string getKeyNameStr() const
Get the key name as a string.
Definition managed_key.h:53

isc::gss_tsig::ManagedKey::getParentID
std::string getParentID() const
Get the DNS server (parent) ID.
Definition managed_key.h:60

isc::hooks::CalloutHandle
Per-packet callout handle.
Definition callout_handle.h:78

rekey
int rekey(CalloutHandle &handle)
The gss-tsig-rekey command.
Definition gss_tsig_callouts.cc:129

gss_tsig_cfg.h

hooks.h

interval_timer.h

managed_key.h

isc::asiolink::IntervalTimerPtr
boost::shared_ptr< isc::asiolink::IntervalTimer > IntervalTimerPtr
Definition interval_timer.h:138

isc::asiolink::IOServicePtr
boost::shared_ptr< IOService > IOServicePtr
Defines a smart pointer to an IOService instance.
Definition io_service.h:28

isc::config
Definition command_interpreter.cc:23

isc::d2::DnsServerInfoPtr
boost::shared_ptr< DnsServerInfo > DnsServerInfoPtr
Defines a pointer for DnsServerInfo instances.
Definition d2_config.h:554

isc::d2::D2CfgContextPtr
boost::shared_ptr< D2CfgContext > D2CfgContextPtr
Pointer to a configuration context.
Definition d2_cfg_mgr.h:26

isc::data::ConstElementPtr
boost::shared_ptr< const Element > ConstElementPtr
Definition data.h:29

isc::dns::name
Definition name.cc:69

isc::gss_tsig
Definition gss_tsig_api.cc:17

isc::gss_tsig::ManagedKeyList
boost::multi_index_container< ManagedKeyPtr, boost::multi_index::indexed_by< boost::multi_index::hashed_unique< boost::multi_index::tag< GssTsigKeyNameTag >, boost::multi_index::const_mem_fun< ManagedKey, std::string, &ManagedKey::getKeyNameStr > >, boost::multi_index::ordered_non_unique< boost::multi_index::tag< GssTsigKeyServerTag >, boost::multi_index::composite_key< ManagedKey, boost::multi_index::const_mem_fun< ManagedKey, std::string, &ManagedKey::getParentID >, boost::multi_index::const_mem_fun< GssTsigKey, std::chrono::system_clock::time_point, &GssTsigKey::getInception > > > > > ManagedKeyList
A multi index container holding GSS-TSIG keys.
Definition gss_tsig_impl.h:57

isc::gss_tsig::GssTsigImplPtr
std::unique_ptr< GssTsigImpl > GssTsigImplPtr
Type of pointer to a GSS-TSIG hook configuration.
Definition gss_tsig_impl.h:230

isc::gss_tsig::DnsServerPtr
boost::shared_ptr< DnsServer > DnsServerPtr
A pointer to a DNS server.
Definition gss_tsig_cfg.h:399

isc::gss_tsig::ManagedKeyPtr
boost::shared_ptr< ManagedKey > ManagedKeyPtr
Type of pointer to a Managed GSS-TSIG key.
Definition managed_key.h:156

isc
Defines the logger used by the top-level component of kea-lfc.
Definition agent_parser.cc:148

isc::gss_tsig::GssTsigKeyNameTag
Tag for the name index for searching GSS-TSIG key.
Definition gss_tsig_impl.h:24

isc::gss_tsig::GssTsigKeyServerTag
Tag for the server ID index for searching GSS-TSIG key.
Definition gss_tsig_impl.h:27