upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-06-19 01:18:52 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions
bind9/bin/confgen/tsig-keygen.c
Ondřej Surý f7e5c1db38
Change the 'isc_g_mctx' to be always available 
This required couple of internal changes to the isc_mem_debugging.

The isc_mem_debugging is now internal to isc_mem unit and there are
three new functions:

1. isc_mem_setdebugging() can change the debugging setting for an
   individual memory context.  This is need for the memory contexts used
   for OpenSSL, libxml and libuv accounting as recording and tracing
   memory is broken there.

2. isc_mem_debugon() / isc_mem_debugoff() can be used to change default
   memory debugging flags as well as debugging flags for isc_g_mctx.

Additionally, the memory debugging is inconsistent across the code-base.
For now, we are keeping the existing flags, but three new environment
variables have been added 'ISC_MEM_DEBUGRECORD', 'ISC_MEM_DEBUGTRACE'
and 'ISC_MEM_DEBUGUSAGE' to set the global debugging flags at any
program using the memory contexts.
2025-08-04 11:29:50 +02:00

280 lines
6.6 KiB
C
Raw Blame History

/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
/*! \file */
/**
* tsig-keygen generates TSIG keys that can be used in named configuration
* files for dynamic DNS.
*/
#include <stdarg.h>
#include <stdbool.h>
#include <stdlib.h>
#include <isc/assertions.h>
#include <isc/attributes.h>
#include <isc/base64.h>
#include <isc/buffer.h>
#include <isc/commandline.h>
#include <isc/lib.h>
#include <isc/mem.h>
#include <isc/net.h>
#include <isc/result.h>
#include <isc/string.h>
#include <isc/time.h>
#include <isc/util.h>
#include <dns/keyvalues.h>
#include <dns/lib.h>
#include <dns/name.h>
#include <dst/dst.h>
#include <confgen/os.h>
#include "keygen.h"
#include "util.h"
#define KEYGEN_DEFAULT "tsig-key"
#define CONFGEN_DEFAULT "ddns-key"
static enum { progmode_keygen, progmode_confgen } progmode;
bool verbose = false; /* needed by util.c but not used here */
ISC_NORETURN static void
usage(int status);
static void
usage(int status) {
if (progmode == progmode_confgen) {
fprintf(stderr, "\
Usage:\n\
%s [-a alg] [-k keyname] [-q] [-s name | -z zone]\n\
-a alg: algorithm (default hmac-sha256)\n\
-k keyname: name of the key as it will be used in named.conf\n\
-s name: domain name to be updated using the created key\n\
-z zone: name of the zone as it will be used in named.conf\n\
-q: quiet mode: print the key, with no explanatory text\n",
isc_commandline_progname);
} else {
fprintf(stderr, "\
Usage:\n\
%s [-a alg] [keyname]\n\
-a alg: algorithm (default hmac-sha256)\n\n",
isc_commandline_progname);
}
exit(status);
}
int
main(int argc, char **argv) {
bool show_final_mem = false;
bool quiet = false;
isc_buffer_t key_txtbuffer;
char key_txtsecret[256];
const char *keyname = NULL;
const char *zone = NULL;
const char *self_domain = NULL;
char *keybuf = NULL;
dns_secalg_t alg = DST_ALG_HMACSHA256;
const char *algname;
int keysize = 256;
int len = 0;
int ch;
isc_commandline_init(argc, argv);
if (strcasecmp(isc_commandline_progname, "tsig-keygen") == 0) {
progmode = progmode_keygen;
quiet = true;
} else if (strcasecmp(isc_commandline_progname, "ddns-confgen") == 0) {
progmode = progmode_confgen;
} else {
UNREACHABLE();
}
isc_commandline_errprint = false;
while ((ch = isc_commandline_parse(argc, argv, "a:hk:Mmr:qs:y:z:")) !=
-1)
{
switch (ch) {
case 'a':
algname = isc_commandline_argument;
alg = alg_fromtext(algname);
if (alg == DST_ALG_UNKNOWN) {
fatal("Unsupported algorithm '%s'", algname);
}
keysize = alg_bits(alg);
break;
case 'h':
usage(EXIT_SUCCESS);
case 'k':
case 'y':
if (progmode == progmode_confgen) {
keyname = isc_commandline_argument;
} else {
usage(EXIT_FAILURE);
}
break;
case 'M':
isc_mem_debugon(ISC_MEM_DEBUGTRACE);
break;
case 'm':
show_final_mem = true;
break;
case 'q':
if (progmode == progmode_confgen) {
quiet = true;
} else {
usage(EXIT_FAILURE);
}
break;
case 'r':
fatal("The -r option has been deprecated.");
break;
case 's':
if (progmode == progmode_confgen) {
self_domain = isc_commandline_argument;
} else {
usage(EXIT_FAILURE);
}
break;
case 'z':
if (progmode == progmode_confgen) {
zone = isc_commandline_argument;
} else {
usage(EXIT_FAILURE);
}
break;
case '?':
if (isc_commandline_option != '?') {
fprintf(stderr, "%s: invalid argument -%c\n",
isc_commandline_progname,
isc_commandline_option);
usage(EXIT_FAILURE);
} else {
usage(EXIT_SUCCESS);
}
break;
default:
fprintf(stderr, "%s: unhandled option -%c\n",
isc_commandline_progname,
isc_commandline_option);
exit(EXIT_FAILURE);
}
}
if (progmode == progmode_keygen) {
keyname = argv[isc_commandline_index++];
}
POST(argv);
if (self_domain != NULL && zone != NULL) {
usage(EXIT_FAILURE); /* -s and -z cannot coexist */
}
if (argc > isc_commandline_index) {
usage(EXIT_FAILURE);
}
/* Use canonical algorithm name */
algname = dst_hmac_algorithm_totext(alg);
if (keyname == NULL) {
const char *suffix = NULL;
keyname = ((progmode == progmode_keygen) ? KEYGEN_DEFAULT
: CONFGEN_DEFAULT);
if (self_domain != NULL) {
suffix = self_domain;
} else if (zone != NULL) {
suffix = zone;
}
if (suffix != NULL) {
len = strlen(keyname) + strlen(suffix) + 2;
keybuf = isc_mem_get(isc_g_mctx, len);
snprintf(keybuf, len, "%s.%s", keyname, suffix);
keyname = (const char *)keybuf;
}
}
isc_buffer_init(&key_txtbuffer, &key_txtsecret, sizeof(key_txtsecret));
generate_key(isc_g_mctx, alg, keysize, &key_txtbuffer);
if (!quiet) {
printf("\
# To activate this key, place the following in named.conf, and\n\
# in a separate keyfile on the system or systems from which nsupdate\n\
# will be run:\n");
}
printf("\
key \"%s\" {\n\
algorithm %s;\n\
secret \"%.*s\";\n\
};\n",
keyname, algname, (int)isc_buffer_usedlength(&key_txtbuffer),
(char *)isc_buffer_base(&key_txtbuffer));
if (!quiet) {
if (self_domain != NULL) {
printf("\n\
# Then, in the \"zone\" statement for the zone containing the\n\
# name \"%s\", place an \"update-policy\" statement\n\
# like this one, adjusted as needed for your preferred permissions:\n\
update-policy {\n\
grant %s name %s ANY;\n\
};\n",
self_domain, keyname, self_domain);
} else if (zone != NULL) {
printf("\n\
# Then, in the \"zone\" definition statement for \"%s\",\n\
# place an \"update-policy\" statement like this one, adjusted as \n\
# needed for your preferred permissions:\n\
update-policy {\n\
grant %s zonesub ANY;\n\
};\n",
zone, keyname);
} else {
printf("\n\
# Then, in the \"zone\" statement for each zone you wish to dynamically\n\
# update, place an \"update-policy\" statement granting update permission\n\
# to this key. For example, the following statement grants this key\n\
# permission to update any name within the zone:\n\
update-policy {\n\
grant %s zonesub ANY;\n\
};\n",
keyname);
}
printf("\n\
# After the keyfile has been placed, the following command will\n\
# execute nsupdate using this key:\n\
nsupdate -k <keyfile>\n");
}
if (keybuf != NULL) {
isc_mem_put(isc_g_mctx, keybuf, len);
}
if (show_final_mem) {
isc_mem_stats(isc_g_mctx, stderr);
}
return 0;
}
Reference in a new issue View git blame Copy permalink