os/x86_64/kea-docs-1%3A3.2.0-1-x86_64.pkg.tar.zst

// Copyright (C) 2021-2026 Internet Systems Consortium, Inc. ("ISC")

//

// This Source Code Form is subject to the terms of the Mozilla Public

// License, v. 2.0. If a copy of the MPL was not distributed with this

// file, You can obtain one at http://mozilla.org/MPL/2.0/.


#ifndef GSS_TSIG_UTIL_H

#define GSS_TSIG_UTIL_H


#include <exceptions/exceptions.h>

#include <boost/noncopyable.hpp>

#include <boost/shared_ptr.hpp>

#include <gssapi/gssapi_krb5.h>

#include <iostream>

#include <string>

#include <vector>


namespace isc {

namespace gss_tsig {


class GssApiError : public Exception {

public:


    GssApiError(const char* file, size_t line, const char* what) :

        isc::Exception(file, line, what) {

    }


};


class GssCredExpired : public Exception {

public:


    GssCredExpired(const char* file, size_t line, const char* what) :

        isc::Exception(file, line, what) {

    }


};


class GssApiLastError {

public:

    GssApiLastError();


    virtual ~GssApiLastError();


    int getLastError() const {

        return (last_error_);

    }


    void setLastError(int error) {

        last_error_ = error;

    }


private:

    int last_error_;

};


std::string gssApiErrMsg(OM_uint32 major, OM_uint32 minor);


class GssApiBuffer : public boost::noncopyable {

public:

    GssApiBuffer();


    GssApiBuffer(size_t length, const void* value);


    explicit GssApiBuffer(const std::vector<uint8_t>& content);


    explicit GssApiBuffer(const std::string& content);


    ~GssApiBuffer();


    bool empty() const {

        return (buffer_.value == 0);

    }


    gss_buffer_t getPtr() {

        return (&buffer_);

    }


    size_t getLength() const {

        return (buffer_.length);

    }


    void* getValue() {

        return (buffer_.value);

    }


    std::vector<uint8_t> getContent() const;


    std::string getString(bool trim = false) const;


private:

    gss_buffer_desc buffer_;

};


typedef boost::shared_ptr<GssApiBuffer> GssApiBufferPtr;


class GssApiName : public boost::noncopyable, public GssApiLastError {

public:

    GssApiName();


    explicit GssApiName(const std::string& gname);


    ~GssApiName();


    gss_name_t get() {

        return (name_);

    }


    gss_name_t* getPtr() {

        return (&name_);

    }


    bool compare(GssApiName& other);


    std::string toString();


private:

    gss_name_t name_;

};


typedef boost::shared_ptr<GssApiName> GssApiNamePtr;


class GssApiCred : public boost::noncopyable, public GssApiLastError {

public:

    GssApiCred();


    GssApiCred(GssApiName& gname, gss_cred_usage_t cred_usage,

               OM_uint32& lifetime);


    ~GssApiCred();


    gss_cred_id_t get() {

        return (cred_);

    }


    void inquire(GssApiName& name, gss_cred_usage_t& cred_usage,

                 OM_uint32& lifetime);


private:

    gss_cred_id_t cred_;

};


typedef boost::shared_ptr<GssApiCred> GssApiCredPtr;


class GssApiSecCtx : public boost::noncopyable, public GssApiLastError {

public:

    static bool ignore_bad_direction_;


    explicit GssApiSecCtx(gss_ctx_id_t sec_ctx);


    explicit GssApiSecCtx(const std::vector<uint8_t>& import);


    ~GssApiSecCtx();


    gss_ctx_id_t get() {

        return (sec_ctx_);

    }


    gss_ctx_id_t* getPtr() {

        return (&sec_ctx_);

    }


    std::vector<uint8_t> serialize();


    OM_uint32 getLifetime();


    void inquire(GssApiName& source, GssApiName& target, OM_uint32& lifetime,

                 OM_uint32& flags, bool& local, bool& established);


    void sign(GssApiBuffer& gmessage, GssApiBuffer& gsig);


    void verify(GssApiBuffer& gmessage, GssApiBuffer& gsig);


    bool init(GssApiCredPtr credp, GssApiName& target, OM_uint32 flags,

              GssApiBuffer& intoken, GssApiBuffer& outtoken,

              OM_uint32& lifetime);


    bool accept(GssApiCred& cred, GssApiBuffer& intoken, GssApiName& source,

                GssApiBuffer& outtoken);


private:

    gss_ctx_id_t sec_ctx_;

};


class GssApiOid : public boost::noncopyable {

public:

    GssApiOid();


    explicit GssApiOid(const std::vector<uint8_t>& elements);


    explicit GssApiOid(const std::string& str);


    ~GssApiOid();


    gss_OID get() {

        return (oid_);

    }


    std::string toString();


private:

    gss_OID oid_;

};


extern GssApiOid ISC_GSS_KRB5_MECHANISM;


extern GssApiOid ISC_GSS_SPNEGO_MECHANISM;


typedef boost::shared_ptr<GssApiOid> GssApiOidPtr;


class GssApiOidSet : public boost::noncopyable {

public:

    explicit GssApiOidSet(bool fill = true);


    ~GssApiOidSet();


    gss_OID_set get() {

        return (oid_set_);

    }


private:

    gss_OID_set oid_set_;

};


typedef boost::shared_ptr<GssApiOidSet> GssApiOidSetPtr;


} // end of namespace isc::gss_tsig

} // end of namespace isc


#endif // GSS_TSIG_UTIL_H

isc::Exception::what
virtual const char * what() const
Returns a C-style character string of the cause of the exception.
Definition exceptions/exceptions.cc:32

isc::dns::Exception::Exception
Exception(const char *file, size_t line, const char *what)
Definition dns/exceptions.h:27

isc::gss_tsig::GssApiBuffer
GSS-API buffer.
Definition gss_tsig_api.h:100

isc::gss_tsig::GssApiBuffer::getContent
std::vector< uint8_t > getContent() const
Get the content as a vector.
Definition gss_tsig_api.cc:152

isc::gss_tsig::GssApiBuffer::empty
bool empty() const
Empty predicate.
Definition gss_tsig_api.h:129

isc::gss_tsig::GssApiBuffer::getPtr
gss_buffer_t getPtr()
Get pointer.
Definition gss_tsig_api.h:136

isc::gss_tsig::GssApiBuffer::getValue
void * getValue()
Get the value.
Definition gss_tsig_api.h:153

isc::gss_tsig::GssApiBuffer::getLength
size_t getLength() const
Get the length.
Definition gss_tsig_api.h:143

isc::gss_tsig::GssApiBuffer::getString
std::string getString(bool trim=false) const
Get the content as a string.
Definition gss_tsig_api.cc:162

isc::gss_tsig::GssApiBuffer::~GssApiBuffer
~GssApiBuffer()
Destructor.
Definition gss_tsig_api.cc:141

isc::gss_tsig::GssApiBuffer::GssApiBuffer
GssApiBuffer()
Constructor.
Definition gss_tsig_api.cc:74

isc::gss_tsig::GssApiCred
GSS-API credential.
Definition gss_tsig_api.h:242

isc::gss_tsig::GssApiCred::inquire
void inquire(GssApiName &name, gss_cred_usage_t &cred_usage, OM_uint32 &lifetime)
Inquire.
Definition gss_tsig_api.cc:257

isc::gss_tsig::GssApiCred::GssApiCred
GssApiCred()
Constructor.
Definition gss_tsig_api.cc:227

isc::gss_tsig::GssApiCred::~GssApiCred
~GssApiCred()
Destructor.
Definition gss_tsig_api.cc:246

isc::gss_tsig::GssApiCred::get
gss_cred_id_t get()
Get the value.
Definition gss_tsig_api.h:263

isc::gss_tsig::GssApiError::GssApiError
GssApiError(const char *file, size_t line, const char *what)
Definition gss_tsig_api.h:43

isc::gss_tsig::GssApiLastError::setLastError
void setLastError(int error)
Set the last error.
Definition gss_tsig_api.h:76

isc::gss_tsig::GssApiLastError::getLastError
int getLastError() const
Get the last error.
Definition gss_tsig_api.h:69

isc::gss_tsig::GssApiLastError::GssApiLastError
GssApiLastError()
Constructor.
Definition gss_tsig_api.cc:21

isc::gss_tsig::GssApiLastError::~GssApiLastError
virtual ~GssApiLastError()
Destructor.
Definition gss_tsig_api.cc:24

isc::gss_tsig::GssApiName
GSS-API name.
Definition gss_tsig_api.h:187

isc::gss_tsig::GssApiName::getPtr
gss_name_t * getPtr()
Get pointer.
Definition gss_tsig_api.h:210

isc::gss_tsig::GssApiName::toString
std::string toString()
textual representation.
Definition gss_tsig_api.cc:215

isc::gss_tsig::GssApiName::get
gss_name_t get()
Get the value.
Definition gss_tsig_api.h:203

isc::gss_tsig::GssApiName::GssApiName
GssApiName()
Constructor.
Definition gss_tsig_api.cc:172

isc::gss_tsig::GssApiName::~GssApiName
~GssApiName()
Destructor.
Definition gss_tsig_api.cc:191

isc::gss_tsig::GssApiName::compare
bool compare(GssApiName &other)
Compare.
Definition gss_tsig_api.cc:202

isc::gss_tsig::GssApiOidSet::get
gss_OID_set get()
Get the value.
Definition gss_tsig_api.h:490

isc::gss_tsig::GssApiOidSet::~GssApiOidSet
~GssApiOidSet()
Destructor.
Definition gss_tsig_api.cc:566

isc::gss_tsig::GssApiOidSet::GssApiOidSet
GssApiOidSet(bool fill=true)
Constructor.
Definition gss_tsig_api.cc:539

isc::gss_tsig::GssApiOid
GSS-API OID.
Definition gss_tsig_api.h:421

isc::gss_tsig::GssApiOid::GssApiOid
GssApiOid()
Constructor.
Definition gss_tsig_api.cc:449

isc::gss_tsig::GssApiOid::~GssApiOid
~GssApiOid()
Destructor.
Definition gss_tsig_api.cc:501

isc::gss_tsig::GssApiOid::get
gss_OID get()
Get the value.
Definition gss_tsig_api.h:446

isc::gss_tsig::GssApiOid::toString
std::string toString()
Get textual representation.
Definition gss_tsig_api.cc:512

isc::gss_tsig::GssApiSecCtx::get
gss_ctx_id_t get()
Get the value.
Definition gss_tsig_api.h:317

isc::gss_tsig::GssApiSecCtx::sign
void sign(GssApiBuffer &gmessage, GssApiBuffer &gsig)
Sign.
Definition gss_tsig_api.cc:347

isc::gss_tsig::GssApiSecCtx::ignore_bad_direction_
static bool ignore_bad_direction_
Ignore bad direction flag.
Definition gss_tsig_api.h:297

isc::gss_tsig::GssApiSecCtx::init
bool init(GssApiCredPtr credp, GssApiName &target, OM_uint32 flags, GssApiBuffer &intoken, GssApiBuffer &outtoken, OM_uint32 &lifetime)
Init.
Definition gss_tsig_api.cc:383

isc::gss_tsig::GssApiSecCtx::verify
void verify(GssApiBuffer &gmessage, GssApiBuffer &gsig)
Verify.
Definition gss_tsig_api.cc:359

isc::gss_tsig::GssApiSecCtx::~GssApiSecCtx
~GssApiSecCtx()
Destructor.
Definition gss_tsig_api.cc:288

isc::gss_tsig::GssApiSecCtx::serialize
std::vector< uint8_t > serialize()
Export.
Definition gss_tsig_api.cc:299

isc::gss_tsig::GssApiSecCtx::getLifetime
OM_uint32 getLifetime()
Get the lifetime (validity in seconds).
Definition gss_tsig_api.cc:312

isc::gss_tsig::GssApiSecCtx::getPtr
gss_ctx_id_t * getPtr()
Get a pointer to the security context.
Definition gss_tsig_api.h:324

isc::gss_tsig::GssApiSecCtx::GssApiSecCtx
GssApiSecCtx(gss_ctx_id_t sec_ctx)
Constructor.
Definition gss_tsig_api.cc:273

isc::gss_tsig::GssApiSecCtx::inquire
void inquire(GssApiName &source, GssApiName &target, OM_uint32 &lifetime, OM_uint32 &flags, bool &local, bool &established)
Inquire.
Definition gss_tsig_api.cc:325

isc::gss_tsig::GssApiSecCtx::accept
bool accept(GssApiCred &cred, GssApiBuffer &intoken, GssApiName &source, GssApiBuffer &outtoken)
Accept.
Definition gss_tsig_api.cc:429

isc::gss_tsig::GssCredExpired::GssCredExpired
GssCredExpired(const char *file, size_t line, const char *what)
Definition gss_tsig_api.h:50

exceptions.h

isc::dns::name
Definition name.cc:69

isc::gss_tsig
Definition gss_tsig_api.cc:19

isc::gss_tsig::ISC_GSS_SPNEGO_MECHANISM
GssApiOid ISC_GSS_SPNEGO_MECHANISM(ISC_GSS_SPNEGO_MECHANISM_vect)
The SPNEGO OID.
Definition gss_tsig_api.h:466

isc::gss_tsig::GssApiNamePtr
boost::shared_ptr< GssApiName > GssApiNamePtr
Shared pointer to GSS-API name.
Definition gss_tsig_api.h:235

isc::gss_tsig::GssApiOidPtr
boost::shared_ptr< GssApiOid > GssApiOidPtr
Shared pointer to GSS-API OID.
Definition gss_tsig_api.h:469

isc::gss_tsig::gssApiErrMsg
string gssApiErrMsg(OM_uint32 major, OM_uint32 minor)
An the error message.
Definition gss_tsig_api.cc:28

isc::gss_tsig::GssApiBufferPtr
boost::shared_ptr< GssApiBuffer > GssApiBufferPtr
Shared pointer to GSS-API buffer.
Definition gss_tsig_api.h:180

isc::gss_tsig::GssApiOidSetPtr
boost::shared_ptr< GssApiOidSet > GssApiOidSetPtr
Shared pointer to GSS-API OID set.
Definition gss_tsig_api.h:500

isc::gss_tsig::ISC_GSS_KRB5_MECHANISM
GssApiOid ISC_GSS_KRB5_MECHANISM(ISC_GSS_KRB5_MECHANISM_vect)
The Kerberos 5 OID.
Definition gss_tsig_api.h:463

isc::gss_tsig::GssApiCredPtr
boost::shared_ptr< GssApiCred > GssApiCredPtr
Shared pointer to GSS-API credential.
Definition gss_tsig_api.h:283

isc::util::file
Definition filesystem.cc:29

isc::util::str
Definition str.cc:29

isc
Defines the logger used by the top-level component of kea-lfc.
Definition check_exists_add.cc:18