1 /* key-chain for authentication.
2 Copyright (C) 2000 Kunihiro Ishiguro
4 This file is part of GNU Zebra.
6 GNU Zebra is free software; you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published
8 by the Free Software Foundation; either version 2, or (at your
9 option) any later version.
11 GNU Zebra is distributed in the hope that it will be useful, but
12 WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with GNU Zebra; see the file COPYING. If not, write to the
18 Free Software Foundation, Inc., 59 Temple Place - Suite 330,
19 Boston, MA 02111-1307, USA. */
28 /* Master list of key chain. */
29 struct list
*keychain_list
;
35 new = XMALLOC (MTYPE_KEYCHAIN
, sizeof (struct keychain
));
36 memset (new, 0, sizeof (struct keychain
));
41 keychain_free (struct keychain
*keychain
)
43 XFREE (MTYPE_KEYCHAIN
, keychain
);
50 new = XMALLOC (MTYPE_KEY
, sizeof (struct key
));
51 memset (new, 0, sizeof (struct key
));
56 key_free (struct key
*key
)
58 XFREE (MTYPE_KEY
, key
);
62 keychain_lookup (char *name
)
65 struct keychain
*keychain
;
70 LIST_LOOP (keychain_list
, keychain
, nn
)
72 if (strcmp (keychain
->name
, name
) == 0)
79 key_cmp_func (struct key
*k1
, struct key
*k2
)
81 if (k1
->index
> k2
->index
)
83 if (k1
->index
< k2
->index
)
89 key_delete_func (struct key
*key
)
97 keychain_get (char *name
)
99 struct keychain
*keychain
;
101 keychain
= keychain_lookup (name
);
106 keychain
= keychain_new ();
107 keychain
->name
= strdup (name
);
108 keychain
->key
= list_new ();
109 keychain
->key
->cmp
= (int (*)(void *, void *)) key_cmp_func
;
110 keychain
->key
->del
= (void (*)(void *)) key_delete_func
;
111 listnode_add (keychain_list
, keychain
);
117 keychain_delete (struct keychain
*keychain
)
120 free (keychain
->name
);
122 list_delete (keychain
->key
);
123 listnode_delete (keychain_list
, keychain
);
124 keychain_free (keychain
);
128 key_lookup (struct keychain
*keychain
, u_int32_t index
)
133 LIST_LOOP (keychain
->key
, key
, nn
)
135 if (key
->index
== index
)
142 key_lookup_for_accept (struct keychain
*keychain
, u_int32_t index
)
150 LIST_LOOP (keychain
->key
, key
, nn
)
152 if (key
->index
>= index
)
154 if (key
->accept
.start
== 0)
157 if (key
->accept
.start
<= now
)
158 if (key
->accept
.end
>= now
|| key
->accept
.end
== -1)
166 key_match_for_accept (struct keychain
*keychain
, char *auth_str
)
174 LIST_LOOP (keychain
->key
, key
, nn
)
176 if (key
->accept
.start
== 0 ||
177 (key
->accept
.start
<= now
&&
178 (key
->accept
.end
>= now
|| key
->accept
.end
== -1)))
179 if (strncmp (key
->string
, auth_str
, 16) == 0)
186 key_lookup_for_send (struct keychain
*keychain
)
194 LIST_LOOP (keychain
->key
, key
, nn
)
196 if (key
->send
.start
== 0)
199 if (key
->send
.start
<= now
)
200 if (key
->send
.end
>= now
|| key
->send
.end
== -1)
207 key_get (struct keychain
*keychain
, u_int32_t index
)
211 key
= key_lookup (keychain
, index
);
218 listnode_add_sort (keychain
->key
, key
);
224 key_delete (struct keychain
*keychain
, struct key
*key
)
226 listnode_delete (keychain
->key
, key
);
236 "Authentication key management\n"
237 "Key-chain management\n"
240 struct keychain
*keychain
;
242 keychain
= keychain_get (argv
[0]);
243 vty
->index
= keychain
;
244 vty
->node
= KEYCHAIN_NODE
;
253 "Authentication key management\n"
254 "Key-chain management\n"
257 struct keychain
*keychain
;
259 keychain
= keychain_lookup (argv
[0]);
263 vty_out (vty
, "Can't find keychain %s%s", argv
[0], VTY_NEWLINE
);
267 keychain_delete (keychain
);
274 "key <0-2147483647>",
276 "Key identifier number\n")
278 struct keychain
*keychain
;
283 keychain
= vty
->index
;
285 index
= strtoul (argv
[0], &endptr
, 10);
286 if (index
== ULONG_MAX
|| *endptr
!= '\0')
288 vty_out (vty
, "Key identifier number error%s", VTY_NEWLINE
);
291 key
= key_get (keychain
, index
);
292 vty
->index_sub
= key
;
293 vty
->node
= KEYCHAIN_KEY_NODE
;
300 "no key <0-2147483647>",
303 "Key identifier number\n")
305 struct keychain
*keychain
;
310 keychain
= vty
->index
;
312 index
= strtoul (argv
[0], &endptr
, 10);
313 if (index
== ULONG_MAX
|| *endptr
!= '\0')
315 vty_out (vty
, "Key identifier number error%s", VTY_NEWLINE
);
319 key
= key_lookup (keychain
, index
);
322 vty_out (vty
, "Can't find key %d%s", index
, VTY_NEWLINE
);
326 key_delete (keychain
, key
);
328 vty
->node
= KEYCHAIN_NODE
;
341 key
= vty
->index_sub
;
345 key
->string
= strdup (argv
[0]);
350 DEFUN (no_key_string
,
352 "no key-string [LINE]",
359 key
= vty
->index_sub
;
370 /* Convert HH:MM:SS MON DAY YEAR to time_t value. -1 is returned when
371 given string is malformed. */
373 key_str2time(char *time_str
, char *day_str
, char *month_str
, char *year_str
)
380 int day
, month
, year
;
400 /* Check hour field of time_str. */
401 colon
= strchr (time_str
, ':');
406 /* Hour must be between 0 and 23. */
407 hour
= strtoul (time_str
, &endptr
, 10);
408 if (hour
== ULONG_MAX
|| *endptr
!= '\0' || hour
< 0 || hour
> 23)
411 /* Check min field of time_str. */
412 time_str
= colon
+ 1;
413 colon
= strchr (time_str
, ':');
414 if (*time_str
== '\0' || colon
== NULL
)
418 /* Min must be between 0 and 59. */
419 min
= strtoul (time_str
, &endptr
, 10);
420 if (min
== ULONG_MAX
|| *endptr
!= '\0' || min
< 0 || min
> 59)
423 /* Check sec field of time_str. */
424 time_str
= colon
+ 1;
425 if (*time_str
== '\0')
428 /* Sec must be between 0 and 59. */
429 sec
= strtoul (time_str
, &endptr
, 10);
430 if (sec
== ULONG_MAX
|| *endptr
!= '\0' || sec
< 0 || sec
> 59)
433 /* Check day_str. Day must be <1-31>. */
434 day
= strtoul (day_str
, &endptr
, 10);
435 if (day
== ULONG_MAX
|| *endptr
!= '\0' || day
< 0 || day
> 31)
438 /* Check month_str. Month must match month_name. */
440 if (strlen (month_str
) >= 3)
441 for (i
= 0; month_name
[i
]; i
++)
442 if (strncmp (month_str
, month_name
[i
], strlen (month_str
)) == 0)
450 /* Check year_str. Year must be <1993-2035>. */
451 year
= strtoul (year_str
, &endptr
, 10);
452 if (year
== ULONG_MAX
|| *endptr
!= '\0' || year
< 1993 || year
> 2035)
455 memset (&tm
, 0, sizeof (struct tm
));
461 tm
.tm_year
= year
- 1900;
469 key_lifetime_set (struct vty
*vty
, struct key_range
*krange
, char *stime_str
,
470 char *sday_str
, char *smonth_str
, char *syear_str
,
471 char *etime_str
, char *eday_str
, char *emonth_str
,
477 time_start
= key_str2time (stime_str
, sday_str
, smonth_str
, syear_str
);
480 vty_out (vty
, "Malformed time value%s", VTY_NEWLINE
);
483 time_end
= key_str2time (etime_str
, eday_str
, emonth_str
, eyear_str
);
487 vty_out (vty
, "Malformed time value%s", VTY_NEWLINE
);
491 if (time_end
<= time_start
)
493 vty_out (vty
, "Expire time is not later than start time%s", VTY_NEWLINE
);
497 krange
->start
= time_start
;
498 krange
->end
= time_end
;
504 key_lifetime_duration_set (struct vty
*vty
, struct key_range
*krange
,
505 char *stime_str
, char *sday_str
, char *smonth_str
,
506 char *syear_str
, char *duration_str
)
512 time_start
= key_str2time (stime_str
, sday_str
, smonth_str
, syear_str
);
515 vty_out (vty
, "Malformed time value%s", VTY_NEWLINE
);
518 krange
->start
= time_start
;
520 duration
= strtoul (duration_str
, &endptr
, 10);
521 if (duration
== ULONG_MAX
|| *endptr
!= '\0')
523 vty_out (vty
, "Malformed duration%s", VTY_NEWLINE
);
526 krange
->duration
= 1;
527 krange
->end
= time_start
+ duration
;
533 key_lifetime_infinite_set (struct vty
*vty
, struct key_range
*krange
,
534 char *stime_str
, char *sday_str
, char *smonth_str
,
539 time_start
= key_str2time (stime_str
, sday_str
, smonth_str
, syear_str
);
542 vty_out (vty
, "Malformed time value%s", VTY_NEWLINE
);
545 krange
->start
= time_start
;
552 DEFUN (accept_lifetime_day_month_day_month
,
553 accept_lifetime_day_month_day_month_cmd
,
554 "accept-lifetime HH:MM:SS <1-31> MONTH <1993-2035> HH:MM:SS <1-31> MONTH <1993-2035>",
555 "Set accept lifetime of the key\n"
557 "Day of th month to start\n"
558 "Month of the year to start\n"
561 "Day of th month to expire\n"
562 "Month of the year to expire\n"
567 key
= vty
->index_sub
;
569 return key_lifetime_set (vty
, &key
->accept
, argv
[0], argv
[1], argv
[2],
570 argv
[3], argv
[4], argv
[5], argv
[6], argv
[7]);
573 DEFUN (accept_lifetime_day_month_month_day
,
574 accept_lifetime_day_month_month_day_cmd
,
575 "accept-lifetime HH:MM:SS <1-31> MONTH <1993-2035> HH:MM:SS MONTH <1-31> <1993-2035>",
576 "Set accept lifetime of the key\n"
578 "Day of th month to start\n"
579 "Month of the year to start\n"
582 "Month of the year to expire\n"
583 "Day of th month to expire\n"
588 key
= vty
->index_sub
;
590 return key_lifetime_set (vty
, &key
->accept
, argv
[0], argv
[1], argv
[2],
591 argv
[3], argv
[4], argv
[6], argv
[5], argv
[7]);
594 DEFUN (accept_lifetime_month_day_day_month
,
595 accept_lifetime_month_day_day_month_cmd
,
596 "accept-lifetime HH:MM:SS MONTH <1-31> <1993-2035> HH:MM:SS <1-31> MONTH <1993-2035>",
597 "Set accept lifetime of the key\n"
599 "Month of the year to start\n"
600 "Day of th month to start\n"
603 "Day of th month to expire\n"
604 "Month of the year to expire\n"
609 key
= vty
->index_sub
;
611 return key_lifetime_set (vty
, &key
->accept
, argv
[0], argv
[2], argv
[1],
612 argv
[3], argv
[4], argv
[5], argv
[6], argv
[7]);
615 DEFUN (accept_lifetime_month_day_month_day
,
616 accept_lifetime_month_day_month_day_cmd
,
617 "accept-lifetime HH:MM:SS MONTH <1-31> <1993-2035> HH:MM:SS MONTH <1-31> <1993-2035>",
618 "Set accept lifetime of the key\n"
620 "Month of the year to start\n"
621 "Day of th month to start\n"
624 "Month of the year to expire\n"
625 "Day of th month to expire\n"
630 key
= vty
->index_sub
;
632 return key_lifetime_set (vty
, &key
->accept
, argv
[0], argv
[2], argv
[1],
633 argv
[3], argv
[4], argv
[6], argv
[5], argv
[7]);
636 DEFUN (accept_lifetime_infinite_day_month
,
637 accept_lifetime_infinite_day_month_cmd
,
638 "accept-lifetime HH:MM:SS <1-31> MONTH <1993-2035> infinite",
639 "Set accept lifetime of the key\n"
641 "Day of th month to start\n"
642 "Month of the year to start\n"
648 key
= vty
->index_sub
;
650 return key_lifetime_infinite_set (vty
, &key
->accept
, argv
[0], argv
[1],
654 DEFUN (accept_lifetime_infinite_month_day
,
655 accept_lifetime_infinite_month_day_cmd
,
656 "accept-lifetime HH:MM:SS MONTH <1-31> <1993-2035> infinite",
657 "Set accept lifetime of the key\n"
659 "Month of the year to start\n"
660 "Day of th month to start\n"
666 key
= vty
->index_sub
;
668 return key_lifetime_infinite_set (vty
, &key
->accept
, argv
[0], argv
[2],
672 DEFUN (accept_lifetime_duration_day_month
,
673 accept_lifetime_duration_day_month_cmd
,
674 "accept-lifetime HH:MM:SS <1-31> MONTH <1993-2035> duration <1-2147483646>",
675 "Set accept lifetime of the key\n"
677 "Day of th month to start\n"
678 "Month of the year to start\n"
680 "Duration of the key\n"
681 "Duration seconds\n")
685 key
= vty
->index_sub
;
687 return key_lifetime_duration_set (vty
, &key
->accept
, argv
[0], argv
[1],
688 argv
[2], argv
[3], argv
[4]);
691 DEFUN (accept_lifetime_duration_month_day
,
692 accept_lifetime_duration_month_day_cmd
,
693 "accept-lifetime HH:MM:SS MONTH <1-31> <1993-2035> duration <1-2147483646>",
694 "Set accept lifetime of the key\n"
696 "Month of the year to start\n"
697 "Day of th month to start\n"
699 "Duration of the key\n"
700 "Duration seconds\n")
704 key
= vty
->index_sub
;
706 return key_lifetime_duration_set (vty
, &key
->accept
, argv
[0], argv
[2],
707 argv
[1], argv
[3], argv
[4]);
710 DEFUN (send_lifetime_day_month_day_month
,
711 send_lifetime_day_month_day_month_cmd
,
712 "send-lifetime HH:MM:SS <1-31> MONTH <1993-2035> HH:MM:SS <1-31> MONTH <1993-2035>",
713 "Set send lifetime of the key\n"
715 "Day of th month to start\n"
716 "Month of the year to start\n"
719 "Day of th month to expire\n"
720 "Month of the year to expire\n"
725 key
= vty
->index_sub
;
727 return key_lifetime_set (vty
, &key
->send
, argv
[0], argv
[1], argv
[2], argv
[3],
728 argv
[4], argv
[5], argv
[6], argv
[7]);
731 DEFUN (send_lifetime_day_month_month_day
,
732 send_lifetime_day_month_month_day_cmd
,
733 "send-lifetime HH:MM:SS <1-31> MONTH <1993-2035> HH:MM:SS MONTH <1-31> <1993-2035>",
734 "Set send lifetime of the key\n"
736 "Day of th month to start\n"
737 "Month of the year to start\n"
740 "Month of the year to expire\n"
741 "Day of th month to expire\n"
746 key
= vty
->index_sub
;
748 return key_lifetime_set (vty
, &key
->send
, argv
[0], argv
[1], argv
[2], argv
[3],
749 argv
[4], argv
[6], argv
[5], argv
[7]);
752 DEFUN (send_lifetime_month_day_day_month
,
753 send_lifetime_month_day_day_month_cmd
,
754 "send-lifetime HH:MM:SS MONTH <1-31> <1993-2035> HH:MM:SS <1-31> MONTH <1993-2035>",
755 "Set send lifetime of the key\n"
757 "Month of the year to start\n"
758 "Day of th month to start\n"
761 "Day of th month to expire\n"
762 "Month of the year to expire\n"
767 key
= vty
->index_sub
;
769 return key_lifetime_set (vty
, &key
->send
, argv
[0], argv
[2], argv
[1], argv
[3],
770 argv
[4], argv
[5], argv
[6], argv
[7]);
773 DEFUN (send_lifetime_month_day_month_day
,
774 send_lifetime_month_day_month_day_cmd
,
775 "send-lifetime HH:MM:SS MONTH <1-31> <1993-2035> HH:MM:SS MONTH <1-31> <1993-2035>",
776 "Set send lifetime of the key\n"
778 "Month of the year to start\n"
779 "Day of th month to start\n"
782 "Month of the year to expire\n"
783 "Day of th month to expire\n"
788 key
= vty
->index_sub
;
790 return key_lifetime_set (vty
, &key
->send
, argv
[0], argv
[2], argv
[1], argv
[3],
791 argv
[4], argv
[6], argv
[5], argv
[7]);
794 DEFUN (send_lifetime_infinite_day_month
,
795 send_lifetime_infinite_day_month_cmd
,
796 "send-lifetime HH:MM:SS <1-31> MONTH <1993-2035> infinite",
797 "Set send lifetime of the key\n"
799 "Day of th month to start\n"
800 "Month of the year to start\n"
806 key
= vty
->index_sub
;
808 return key_lifetime_infinite_set (vty
, &key
->send
, argv
[0], argv
[1], argv
[2],
812 DEFUN (send_lifetime_infinite_month_day
,
813 send_lifetime_infinite_month_day_cmd
,
814 "send-lifetime HH:MM:SS MONTH <1-31> <1993-2035> infinite",
815 "Set send lifetime of the key\n"
817 "Month of the year to start\n"
818 "Day of th month to start\n"
824 key
= vty
->index_sub
;
826 return key_lifetime_infinite_set (vty
, &key
->send
, argv
[0], argv
[2], argv
[1],
830 DEFUN (send_lifetime_duration_day_month
,
831 send_lifetime_duration_day_month_cmd
,
832 "send-lifetime HH:MM:SS <1-31> MONTH <1993-2035> duration <1-2147483646>",
833 "Set send lifetime of the key\n"
835 "Day of th month to start\n"
836 "Month of the year to start\n"
838 "Duration of the key\n"
839 "Duration seconds\n")
843 key
= vty
->index_sub
;
845 return key_lifetime_duration_set (vty
, &key
->send
, argv
[0], argv
[1], argv
[2],
849 DEFUN (send_lifetime_duration_month_day
,
850 send_lifetime_duration_month_day_cmd
,
851 "send-lifetime HH:MM:SS MONTH <1-31> <1993-2035> duration <1-2147483646>",
852 "Set send lifetime of the key\n"
854 "Month of the year to start\n"
855 "Day of th month to start\n"
857 "Duration of the key\n"
858 "Duration seconds\n")
862 key
= vty
->index_sub
;
864 return key_lifetime_duration_set (vty
, &key
->send
, argv
[0], argv
[2], argv
[1],
868 struct cmd_node keychain_node
=
871 "%s(config-keychain)# ",
875 struct cmd_node keychain_key_node
=
878 "%s(config-keychain-key)# ",
883 keychain_strftime (char *buf
, int bufsiz
, time_t *time
)
888 tm
= localtime (time
);
890 len
= strftime (buf
, bufsiz
, "%T %b %d %Y", tm
);
896 keychain_config_write (struct vty
*vty
)
898 struct keychain
*keychain
;
904 LIST_LOOP (keychain_list
, keychain
, nn
)
906 vty_out (vty
, "key chain %s%s", keychain
->name
, VTY_NEWLINE
);
908 LIST_LOOP (keychain
->key
, key
, nm
)
910 vty_out (vty
, " key %d%s", key
->index
, VTY_NEWLINE
);
913 vty_out (vty
, " key-string %s%s", key
->string
, VTY_NEWLINE
);
915 if (key
->accept
.start
)
917 keychain_strftime (buf
, BUFSIZ
, &key
->accept
.start
);
918 vty_out (vty
, " accept-lifetime %s", buf
);
920 if (key
->accept
.end
== -1)
921 vty_out (vty
, " infinite");
922 else if (key
->accept
.duration
)
923 vty_out (vty
, " duration %ld",
924 key
->accept
.end
- key
->accept
.start
);
927 keychain_strftime (buf
, BUFSIZ
, &key
->accept
.end
);
928 vty_out (vty
, " %s", buf
);
930 vty_out (vty
, "%s", VTY_NEWLINE
);
935 keychain_strftime (buf
, BUFSIZ
, &key
->send
.start
);
936 vty_out (vty
, " send-lifetime %s", buf
);
938 if (key
->send
.end
== -1)
939 vty_out (vty
, " infinite");
940 else if (key
->send
.duration
)
941 vty_out (vty
, " duration %ld", key
->send
.end
- key
->send
.start
);
944 keychain_strftime (buf
, BUFSIZ
, &key
->send
.end
);
945 vty_out (vty
, " %s", buf
);
947 vty_out (vty
, "%s", VTY_NEWLINE
);
950 vty_out (vty
, "!%s", VTY_NEWLINE
);
959 keychain_list
= list_new ();
961 install_node (&keychain_node
, keychain_config_write
);
962 install_node (&keychain_key_node
, NULL
);
964 install_default (KEYCHAIN_NODE
);
965 install_default (KEYCHAIN_KEY_NODE
);
967 install_element (CONFIG_NODE
, &key_chain_cmd
);
968 install_element (CONFIG_NODE
, &no_key_chain_cmd
);
969 install_element (KEYCHAIN_NODE
, &key_cmd
);
970 install_element (KEYCHAIN_NODE
, &no_key_cmd
);
972 install_element (KEYCHAIN_NODE
, &key_chain_cmd
);
973 install_element (KEYCHAIN_NODE
, &no_key_chain_cmd
);
975 install_element (KEYCHAIN_KEY_NODE
, &key_string_cmd
);
976 install_element (KEYCHAIN_KEY_NODE
, &no_key_string_cmd
);
978 install_element (KEYCHAIN_KEY_NODE
, &key_chain_cmd
);
979 install_element (KEYCHAIN_KEY_NODE
, &no_key_chain_cmd
);
981 install_element (KEYCHAIN_KEY_NODE
, &key_cmd
);
982 install_element (KEYCHAIN_KEY_NODE
, &no_key_cmd
);
984 install_element (KEYCHAIN_KEY_NODE
, &accept_lifetime_day_month_day_month_cmd
);
985 install_element (KEYCHAIN_KEY_NODE
, &accept_lifetime_day_month_month_day_cmd
);
986 install_element (KEYCHAIN_KEY_NODE
, &accept_lifetime_month_day_day_month_cmd
);
987 install_element (KEYCHAIN_KEY_NODE
, &accept_lifetime_month_day_month_day_cmd
);
988 install_element (KEYCHAIN_KEY_NODE
, &accept_lifetime_infinite_day_month_cmd
);
989 install_element (KEYCHAIN_KEY_NODE
, &accept_lifetime_infinite_month_day_cmd
);
990 install_element (KEYCHAIN_KEY_NODE
, &accept_lifetime_duration_day_month_cmd
);
991 install_element (KEYCHAIN_KEY_NODE
, &accept_lifetime_duration_month_day_cmd
);
993 install_element (KEYCHAIN_KEY_NODE
, &send_lifetime_day_month_day_month_cmd
);
994 install_element (KEYCHAIN_KEY_NODE
, &send_lifetime_day_month_month_day_cmd
);
995 install_element (KEYCHAIN_KEY_NODE
, &send_lifetime_month_day_day_month_cmd
);
996 install_element (KEYCHAIN_KEY_NODE
, &send_lifetime_month_day_month_day_cmd
);
997 install_element (KEYCHAIN_KEY_NODE
, &send_lifetime_infinite_day_month_cmd
);
998 install_element (KEYCHAIN_KEY_NODE
, &send_lifetime_infinite_month_day_cmd
);
999 install_element (KEYCHAIN_KEY_NODE
, &send_lifetime_duration_day_month_cmd
);
1000 install_element (KEYCHAIN_KEY_NODE
, &send_lifetime_duration_month_day_cmd
);