"Fossies" - the Fresh Open Source Software Archive

Member "bind-9.16.7/bin/confgen/rndc-confgen.c" (4 Sep 2020, 6810 Bytes) of package /linux/misc/dns/bind9/9.16.7/bind-9.16.7.tar.xz:


As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option. Alternatively you can here view or download the uninterpreted source code file. For more information about "rndc-confgen.c" see the Fossies "Dox" file reference documentation.

    1 /*
    2  * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
    3  *
    4  * This Source Code Form is subject to the terms of the Mozilla Public
    5  * License, v. 2.0. If a copy of the MPL was not distributed with this
    6  * file, You can obtain one at http://mozilla.org/MPL/2.0/.
    7  *
    8  * See the COPYRIGHT file distributed with this work for additional
    9  * information regarding copyright ownership.
   10  */
   11 
   12 /*! \file */
   13 
   14 /**
   15  * rndc-confgen generates configuration files for rndc. It can be used
   16  * as a convenient alternative to writing the rndc.conf file and the
   17  * corresponding controls and key statements in named.conf by hand.
   18  * Alternatively, it can be run with the -a option to set up a
   19  * rndc.key file and avoid the need for a rndc.conf file and a
   20  * controls statement altogether.
   21  */
   22 
   23 #include <stdarg.h>
   24 #include <stdbool.h>
   25 #include <stdlib.h>
   26 
   27 #include <isc/assertions.h>
   28 #include <isc/base64.h>
   29 #include <isc/buffer.h>
   30 #include <isc/commandline.h>
   31 #include <isc/file.h>
   32 #include <isc/mem.h>
   33 #include <isc/net.h>
   34 #include <isc/print.h>
   35 #include <isc/result.h>
   36 #include <isc/string.h>
   37 #include <isc/time.h>
   38 #include <isc/util.h>
   39 
   40 #include <pk11/site.h>
   41 
   42 #include <dns/keyvalues.h>
   43 #include <dns/name.h>
   44 
   45 #include <dst/dst.h>
   46 
   47 #include <confgen/os.h>
   48 
   49 #include "keygen.h"
   50 #include "util.h"
   51 
   52 #define DEFAULT_KEYNAME "rndc-key"
   53 #define DEFAULT_SERVER  "127.0.0.1"
   54 #define DEFAULT_PORT    953
   55 
   56 static char program[256];
   57 const char *progname;
   58 
   59 bool verbose = false;
   60 
   61 const char *keyfile, *keydef;
   62 
   63 ISC_PLATFORM_NORETURN_PRE static void
   64 usage(int status) ISC_PLATFORM_NORETURN_POST;
   65 
   66 static void
   67 usage(int status) {
   68     fprintf(stderr, "\
   69 Usage:\n\
   70  %s [-a] [-b bits] [-c keyfile] [-k keyname] [-p port] \
   71 [-s addr] [-t chrootdir] [-u user]\n\
   72   -a:        generate just the key clause and write it to keyfile (%s)\n\
   73   -A alg:    algorithm (default hmac-sha256)\n\
   74   -b bits:   from 1 through 512, default 256; total length of the secret\n\
   75   -c keyfile:    specify an alternate key file (requires -a)\n\
   76   -k keyname:    the name as it will be used  in named.conf and rndc.conf\n\
   77   -p port:   the port named will listen on and rndc will connect to\n\
   78   -s addr:   the address to which rndc should connect\n\
   79   -t chrootdir:  write a keyfile in chrootdir as well (requires -a)\n\
   80   -u user:   set the keyfile owner to \"user\" (requires -a)\n",
   81         progname, keydef);
   82 
   83     exit(status);
   84 }
   85 
   86 int
   87 main(int argc, char **argv) {
   88     bool show_final_mem = false;
   89     isc_buffer_t key_txtbuffer;
   90     char key_txtsecret[256];
   91     isc_mem_t *mctx = NULL;
   92     isc_result_t result = ISC_R_SUCCESS;
   93     const char *keyname = NULL;
   94     const char *serveraddr = NULL;
   95     dns_secalg_t alg;
   96     const char *algname;
   97     char *p;
   98     int ch;
   99     int port;
  100     int keysize = -1;
  101     struct in_addr addr4_dummy;
  102     struct in6_addr addr6_dummy;
  103     char *chrootdir = NULL;
  104     char *user = NULL;
  105     bool keyonly = false;
  106     int len;
  107 
  108     keydef = keyfile = RNDC_KEYFILE;
  109 
  110     result = isc_file_progname(*argv, program, sizeof(program));
  111     if (result != ISC_R_SUCCESS) {
  112         memmove(program, "rndc-confgen", 13);
  113     }
  114     progname = program;
  115 
  116     keyname = DEFAULT_KEYNAME;
  117     alg = DST_ALG_HMACSHA256;
  118     serveraddr = DEFAULT_SERVER;
  119     port = DEFAULT_PORT;
  120 
  121     isc_commandline_errprint = false;
  122 
  123     while ((ch = isc_commandline_parse(argc, argv,
  124                        "aA:b:c:hk:Mmp:r:s:t:u:Vy")) != -1)
  125     {
  126         switch (ch) {
  127         case 'a':
  128             keyonly = true;
  129             break;
  130         case 'A':
  131             algname = isc_commandline_argument;
  132             alg = alg_fromtext(algname);
  133             if (alg == DST_ALG_UNKNOWN) {
  134                 fatal("Unsupported algorithm '%s'", algname);
  135             }
  136             break;
  137         case 'b':
  138             keysize = strtol(isc_commandline_argument, &p, 10);
  139             if (*p != '\0' || keysize < 0) {
  140                 fatal("-b requires a non-negative number");
  141             }
  142             break;
  143         case 'c':
  144             keyfile = isc_commandline_argument;
  145             break;
  146         case 'h':
  147             usage(0);
  148         case 'k':
  149         case 'y': /* Compatible with rndc -y. */
  150             keyname = isc_commandline_argument;
  151             break;
  152         case 'M':
  153             isc_mem_debugging = ISC_MEM_DEBUGTRACE;
  154             break;
  155 
  156         case 'm':
  157             show_final_mem = true;
  158             break;
  159         case 'p':
  160             port = strtol(isc_commandline_argument, &p, 10);
  161             if (*p != '\0' || port < 0 || port > 65535) {
  162                 fatal("port '%s' out of range",
  163                       isc_commandline_argument);
  164             }
  165             break;
  166         case 'r':
  167             fatal("The -r option has been deprecated.");
  168             break;
  169         case 's':
  170             serveraddr = isc_commandline_argument;
  171             if (inet_pton(AF_INET, serveraddr, &addr4_dummy) != 1 &&
  172                 inet_pton(AF_INET6, serveraddr, &addr6_dummy) != 1)
  173             {
  174                 fatal("-s should be an IPv4 or IPv6 address");
  175             }
  176             break;
  177         case 't':
  178             chrootdir = isc_commandline_argument;
  179             break;
  180         case 'u':
  181             user = isc_commandline_argument;
  182             break;
  183         case 'V':
  184             verbose = true;
  185             break;
  186         case '?':
  187             if (isc_commandline_option != '?') {
  188                 fprintf(stderr, "%s: invalid argument -%c\n",
  189                     program, isc_commandline_option);
  190                 usage(1);
  191             } else {
  192                 usage(0);
  193             }
  194             break;
  195         default:
  196             fprintf(stderr, "%s: unhandled option -%c\n", program,
  197                 isc_commandline_option);
  198             exit(1);
  199         }
  200     }
  201 
  202     argc -= isc_commandline_index;
  203     argv += isc_commandline_index;
  204     POST(argv);
  205 
  206     if (argc > 0) {
  207         usage(1);
  208     }
  209 
  210     if (alg == DST_ALG_HMACMD5) {
  211         fprintf(stderr, "warning: use of hmac-md5 for RNDC keys "
  212                 "is deprecated; hmac-sha256 is now "
  213                 "recommended.\n");
  214     }
  215 
  216     if (keysize < 0) {
  217         keysize = alg_bits(alg);
  218     }
  219     algname = alg_totext(alg);
  220 
  221     isc_mem_create(&mctx);
  222     isc_buffer_init(&key_txtbuffer, &key_txtsecret, sizeof(key_txtsecret));
  223 
  224     generate_key(mctx, alg, keysize, &key_txtbuffer);
  225 
  226     if (keyonly) {
  227         write_key_file(keyfile, chrootdir == NULL ? user : NULL,
  228                    keyname, &key_txtbuffer, alg);
  229 
  230         if (chrootdir != NULL) {
  231             char *buf;
  232             len = strlen(chrootdir) + strlen(keyfile) + 2;
  233             buf = isc_mem_get(mctx, len);
  234             snprintf(buf, len, "%s%s%s", chrootdir,
  235                  (*keyfile != '/') ? "/" : "", keyfile);
  236 
  237             write_key_file(buf, user, keyname, &key_txtbuffer, alg);
  238             isc_mem_put(mctx, buf, len);
  239         }
  240     } else {
  241         printf("\
  242 # Start of rndc.conf\n\
  243 key \"%s\" {\n\
  244     algorithm %s;\n\
  245     secret \"%.*s\";\n\
  246 };\n\
  247 \n\
  248 options {\n\
  249     default-key \"%s\";\n\
  250     default-server %s;\n\
  251     default-port %d;\n\
  252 };\n\
  253 # End of rndc.conf\n\
  254 \n\
  255 # Use with the following in named.conf, adjusting the allow list as needed:\n\
  256 # key \"%s\" {\n\
  257 #   algorithm %s;\n\
  258 #   secret \"%.*s\";\n\
  259 # };\n\
  260 # \n\
  261 # controls {\n\
  262 #   inet %s port %d\n\
  263 #       allow { %s; } keys { \"%s\"; };\n\
  264 # };\n\
  265 # End of named.conf\n",
  266                keyname, algname,
  267                (int)isc_buffer_usedlength(&key_txtbuffer),
  268                (char *)isc_buffer_base(&key_txtbuffer), keyname,
  269                serveraddr, port, keyname, algname,
  270                (int)isc_buffer_usedlength(&key_txtbuffer),
  271                (char *)isc_buffer_base(&key_txtbuffer), serveraddr,
  272                port, serveraddr, keyname);
  273     }
  274 
  275     if (show_final_mem) {
  276         isc_mem_stats(mctx, stderr);
  277     }
  278 
  279     isc_mem_destroy(&mctx);
  280 
  281     return (0);
  282 }