// Copyright (C) 2011 Internet Systems Consortium, Inc. ("ISC")
//
// Permission to use, copy, modify, and/or distribute this software for any
// purpose with or without fee is hereby granted, provided that the above
// copyright notice and this permission notice appear in all copies.
//
// THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
// REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
// AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
// INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
// LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
// OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
// PERFORMANCE OF THIS SOFTWARE.
#define PY_SSIZE_T_CLEAN // need for "y#" below
#include <Python.h>
#include <string>
#include <stdexcept>
#include <exceptions/exceptions.h>
#include <util/python/pycppwrapper_util.h>
#include <dns/tsig.h>
#include "pydnspp_common.h"
#include "name_python.h"
#include "tsigkey_python.h"
#include "tsigerror_python.h"
#include "tsigrecord_python.h"
#include "tsig_python.h"
using namespace std;
using namespace isc;
using namespace isc::util::python;
using namespace isc::dns;
using namespace isc::dns::python;
// For each class, we need a struct, a helper functions (init, destroy,
// and static wrappers around the methods we export), a list of methods,
// and a type description
namespace {
// The s_* Class simply covers one instantiation of the object
class s_TSIGContext : public PyObject {
public:
s_TSIGContext() : cppobj(NULL) {};
TSIGContext* cppobj;
};
// Shortcut type which would be convenient for adding class variables safely.
typedef CPPPyObjectContainer<s_TSIGContext, TSIGContext> TSIGContextContainer;
//
// We declare the functions here, the definitions are below
// the type definition of the object, since both can use the other
//
// General creation and destruction
int TSIGContext_init(s_TSIGContext* self, PyObject* args);
void TSIGContext_destroy(s_TSIGContext* self);
// Class specific methods
PyObject* TSIGContext_getState(s_TSIGContext* self);
PyObject* TSIGContext_getError(s_TSIGContext* self);
PyObject* TSIGContext_sign(s_TSIGContext* self, PyObject* args);
PyObject* TSIGContext_verify(s_TSIGContext* self, PyObject* args);
// These are the functions we export
// For a minimal support, we don't need them.
// This list contains the actual set of functions we have in
// python. Each entry has
// 1. Python method name
// 2. Our static function here
// 3. Argument type
// 4. Documentation
PyMethodDef TSIGContext_methods[] = {
{ "get_state", reinterpret_cast<PyCFunction>(TSIGContext_getState),
METH_NOARGS,
"Return the current state of the context (mainly for tests)" },
{ "get_error", reinterpret_cast<PyCFunction>(TSIGContext_getError),
METH_NOARGS,
"Return the TSIG error as a result of the latest verification" },
{ "sign",
reinterpret_cast<PyCFunction>(TSIGContext_sign), METH_VARARGS,
"Sign a DNS message." },
{ "verify",
reinterpret_cast<PyCFunction>(TSIGContext_verify), METH_VARARGS,
"Verify a DNS message." },
{ NULL, NULL, 0, NULL }
};
int
TSIGContext_init(s_TSIGContext* self, PyObject* args) {
try {
// "From key" constructor
const PyObject* tsigkey_obj;
if (PyArg_ParseTuple(args, "O!", &tsigkey_type, &tsigkey_obj)) {
self->cppobj = new TSIGContext(PyTSIGKey_ToTSIGKey(tsigkey_obj));
return (0);
}
// "From key param + keyring" constructor
PyErr_Clear();
const PyObject* keyname_obj;
const PyObject* algname_obj;
const PyObject* keyring_obj;
if (PyArg_ParseTuple(args, "O!O!O!", &name_type, &keyname_obj,
&name_type, &algname_obj, &tsigkeyring_type,
&keyring_obj)) {
self->cppobj = new TSIGContext(PyName_ToName(keyname_obj),
PyName_ToName(algname_obj),
PyTSIGKeyRing_ToTSIGKeyRing(keyring_obj));
return (0);
}
} catch (const exception& ex) {
const string ex_what = "Failed to construct TSIGContext object: " +
string(ex.what());
PyErr_SetString(po_IscException, ex_what.c_str());
return (-1);
} catch (...) {
PyErr_SetString(po_IscException,
"Unexpected exception in constructing TSIGContext");
return (-1);
}
PyErr_SetString(PyExc_TypeError,
"Invalid arguments to TSIGContext constructor");
return (-1);
}
void
TSIGContext_destroy(s_TSIGContext* const self) {
delete self->cppobj;
self->cppobj = NULL;
Py_TYPE(self)->tp_free(self);
}
PyObject*
TSIGContext_getState(s_TSIGContext* self) {
return (Py_BuildValue("I", self->cppobj->getState()));
}
PyObject*
TSIGContext_getError(s_TSIGContext* self) {
try {
PyObjectContainer container(createTSIGErrorObject(
self->cppobj->getError()));
return (Py_BuildValue("O", container.get()));
} catch (const exception& ex) {
const string ex_what =
"Unexpectedly failed to get TSIGContext error: " +
string(ex.what());
PyErr_SetString(po_IscException, ex_what.c_str());
} catch (...) {
PyErr_SetString(po_IscException,
"Unexpected exception in TSIGContext.get_error");
}
return (NULL);
}
PyObject*
TSIGContext_sign(s_TSIGContext* self, PyObject* args) {
long qid = 0;
const char* mac;
Py_ssize_t mac_size;
if (PyArg_ParseTuple(args, "ly#", &qid, &mac, &mac_size)) {
if (qid < 0 || qid > 0xffff) {
PyErr_SetString(PyExc_ValueError,
"TSIGContext.sign: QID out of range");
return (NULL);
}
try {
ConstTSIGRecordPtr record = self->cppobj->sign(qid, mac, mac_size);
return (createTSIGRecordObject(*record));
} catch (const TSIGContextError& ex) {
PyErr_SetString(po_TSIGContextError, ex.what());
} catch (const exception& ex) {
const string ex_what = "Unexpected failure in TSIG sign: " +
string(ex.what());
PyErr_SetString(po_IscException, ex_what.c_str());
} catch (...) {
PyErr_SetString(PyExc_SystemError,
"Unexpected failure in TSIG sign");
}
} else {
PyErr_SetString(PyExc_TypeError,
"Invalid arguments to TSIGContext.sign");
}
return (NULL);
}
PyObject*
TSIGContext_verify(s_TSIGContext* self, PyObject* args) {
const char* data;
Py_ssize_t data_len;
PyObject* py_record;
PyObject* py_maybe_none;
const TSIGRecord* record;
if (PyArg_ParseTuple(args, "O!y#", &tsigrecord_type, &py_record,
&data, &data_len)) {
record = &PyTSIGRecord_ToTSIGRecord(py_record);
} else if (PyArg_ParseTuple(args, "Oy#", &py_maybe_none, &data,
&data_len)) {
record = NULL;
} else {
PyErr_SetString(PyExc_TypeError,
"Invalid arguments to TSIGContext.verify");
return (NULL);
}
PyErr_Clear();
try {
const TSIGError error = self->cppobj->verify(record, data, data_len);
return (createTSIGErrorObject(error));
} catch (const TSIGContextError& ex) {
PyErr_SetString(po_TSIGContextError, ex.what());
} catch (const InvalidParameter& ex) {
PyErr_SetString(po_InvalidParameter, ex.what());
} catch (const exception& ex) {
const string ex_what = "Unexpected failure in TSIG verify: " +
string(ex.what());
PyErr_SetString(po_IscException, ex_what.c_str());
} catch (...) {
PyErr_SetString(PyExc_SystemError, "Unexpected failure in TSIG verify");
}
return (NULL);
}
} // end of unnamed namespace
namespace isc {
namespace dns {
namespace python {
// Definition of class specific exception(s)
PyObject* po_TSIGContextError;
// This defines the complete type for reflection in python and
// parsing of PyObject* to s_TSIGContext
// Most of the functions are not actually implemented and NULL here.
PyTypeObject tsigcontext_type = {
PyVarObject_HEAD_INIT(NULL, 0)
"pydnspp.TSIGContext",
sizeof(s_TSIGContext), // tp_basicsize
0, // tp_itemsize
reinterpret_cast<destructor>(TSIGContext_destroy), // tp_dealloc
NULL, // tp_print
NULL, // tp_getattr
NULL, // tp_setattr
NULL, // tp_reserved
NULL, // tp_repr
NULL, // tp_as_number
NULL, // tp_as_sequence
NULL, // tp_as_mapping
NULL, // tp_hash
NULL, // tp_call
NULL, // tp_str
NULL, // tp_getattro
NULL, // tp_setattro
NULL, // tp_as_buffer
// We allow the python version of TSIGContext to act as a base class.
// From pure design point of view, this is wrong because it's not intended
// to be inherited. However, cryptographic operations are generally
// difficult to test, so it would be very advantageous if we can define
// a mock context class.
Py_TPFLAGS_DEFAULT|Py_TPFLAGS_BASETYPE, // tp_flags
"The TSIGContext class objects is...(COMPLETE THIS)",
NULL, // tp_traverse
NULL, // tp_clear
NULL, // tp_richcompare
0, // tp_weaklistoffset
NULL, // tp_iter
NULL, // tp_iternext
TSIGContext_methods, // tp_methods
NULL, // tp_members
NULL, // tp_getset
NULL, // tp_base
NULL, // tp_dict
NULL, // tp_descr_get
NULL, // tp_descr_set
0, // tp_dictoffset
reinterpret_cast<initproc>(TSIGContext_init), // tp_init
NULL, // tp_alloc
PyType_GenericNew, // tp_new
NULL, // tp_free
NULL, // tp_is_gc
NULL, // tp_bases
NULL, // tp_mro
NULL, // tp_cache
NULL, // tp_subclasses
NULL, // tp_weaklist
NULL, // tp_del
0 // tp_version_tag
};
bool
PyTSIGContext_Check(PyObject* obj) {
if (obj == NULL) {
isc_throw(PyCPPWrapperException, "obj argument NULL in typecheck");
}
return (PyObject_TypeCheck(obj, &tsigcontext_type));
}
TSIGContext&
PyTSIGContext_ToTSIGContext(PyObject* tsigcontext_obj) {
s_TSIGContext* tsigcontext = static_cast<s_TSIGContext*>(tsigcontext_obj);
return (*tsigcontext->cppobj);
}
} // namespace python
} // namespace dns
} // namespace isc