61 #include <libhsmdns.h>
62 #include <ldns/ldns.h>
64 #include <libxml/tree.h>
65 #include <libxml/parser.h>
66 #include <libxml/xpointer.h>
67 #include <libxml/xpath.h>
68 #include <libxml/xpathInternals.h>
69 #include <libxml/relaxng.h>
70 #include <libxml/xmlreader.h>
71 #include <libxml/xmlsave.h>
73 #define MAX(a, b) ((a) > (b) ? (a) : (b))
77 #define DURATION_TYPE 1
81 #define ROLLOVER_TYPE 5
82 #define INT_TYPE_NO_FREE 6
85 # define MAXPATHLEN 4096
90 #define DEFAULT_LOG_FACILITY LOG_DAEMON
92 #define DEFAULT_LOG_FACILITY LOG_USER
98 char *
config = (
char *) OPENDNSSEC_CONFIG_FILE;
116 static int all_flag = 0;
117 static int ds_flag = 0;
118 static int retire_flag = 1;
119 static int verbose_flag = 0;
120 static int xml_flag = 1;
121 static int td_flag = 0;
122 static int force_flag = 0;
124 static int restart_enforcerd(
void);
131 #if defined(HAVE_SYSLOG_R) && defined(HAVE_OPENLOG_R) && defined(HAVE_CLOSELOG_R)
132 struct syslog_data sdata = SYSLOG_DATA_INIT;
135 #undef HAVE_OPENLOG_R
136 #undef HAVE_CLOSELOG_R
144 " --version aka -V\n");
152 "\tImport config into a database (deletes current contents)\n");
159 " start|stop|notify\n"
160 "\tStart, stop or SIGHUP the ods-enforcerd\n");
171 "\tUpdate database from config\n");
179 "\t--zone <zone> aka -z\n"
180 "\t[--policy <policy>] aka -p\n"
181 "\t[--signerconf <signerconf.xml>] aka -s\n"
182 "\t[--input <input>] aka -i\n"
183 "\t[--output <output>] aka -o\n"
184 "\t[--no-xml] aka -m\n");
192 "\t--zone <zone> | --all aka -z / -a\n"
193 "\t[--no-xml] aka -m\n");
207 "usage: %s [-c <config> | --config <config>] zone \n\n",
218 " repository list\n");
226 "\t--policy [policy_name] | --all aka -p / -a\n");
254 "usage: %s [-c <config> | --config <config>] \n\n",
268 "\t--zone <zone> | --all aka -z / -a\n"
270 "\t(will appear soon:\n"
271 "\t[--keystate <state>] aka -e\n"
272 "\t[--keytype <type>] aka -t\n"
283 "\t--zone <zone> | --all aka -z / -a\n"
284 "\t[--keystate <state>] aka -e\n"
285 "\t[--keytype <type>] aka -t\n"
286 "\t[--ds] aka -d\n");
294 "\t--cka_id <CKA_ID> aka -k\n"
295 "\t--repository <repository> aka -r\n"
296 "\t--zone <zone> aka -z\n"
297 "\t--bits <size> aka -b\n"
298 "\t--algorithm <algorithm> aka -g\n"
299 "\t--keystate <state> aka -e\n"
300 "\t--keytype <type> aka -t\n"
301 "\t--time <time> aka -w\n"
302 "\t[--retire <retire>] aka -y\n");
310 "\t--zone zone aka -z\n"
311 "\t--keytype <type> | --all aka -t / -a\n"
313 "\t--policy policy aka -p\n"
314 "\t--keytype <type> | --all aka -t / -a\n");
322 "\t--zone <zone> aka -z\n"
324 "\t--policy <policy> aka -p\n");
332 "\t--policy <policy> aka -p\n"
333 "\t--interval <interval> aka -n\n"
334 "\t[--zonetotal <total no. of zones>] aka -Z\n");
342 "\t--zone <zone> aka -z\n"
343 "\t--keytag <keytag> | --cka_id <CKA_ID> aka -x / -k\n");
352 "\t--zone <zone> aka -z\n"
353 "\t--keytag <keytag> | --cka_id <CKA_ID> aka -x / -k\n"
361 "usage: %s [-c <config> | --config <config>] \n\n",
378 "\t--repository <repository> aka -r\n"
380 "\t--repository <repository> aka -r\n"
382 "\t--repository <repository> aka -r\n"
384 "\t--repository <repository> aka -r\n"
386 "\t--repository <repository> aka -r\n");
394 "\t[--zone <zone>]\n");
402 "\t[--output <output>] aka -o\n");
410 " zonelist import\n");
417 "usage: %s [-c <config> | --config <config>] command [options]\n\n",
451 "\n\tAllowed date/time strings are of the form:\n"
453 "\tYYYYMMDD[HH[MM[SS]]] (all numeric)\n"
455 "\tor D-MMM-YYYY[:| ]HH[:MM[:SS]] (alphabetic month)\n"
456 "\tor DD-MMM-YYYY[:| ]HH[:MM[:SS]] (alphabetic month)\n"
457 "\tor YYYY-MMM-DD[:| ]HH[:MM[:SS]] (alphabetic month)\n"
459 "\tD-MM-YYYY[:| ]HH[:MM[:SS]] (numeric month)\n"
460 "\tDD-MM-YYYY[:| ]HH[:MM[:SS]] (numeric month)\n"
461 "\tor YYYY-MM-DD[:| ]HH[:MM[:SS]] (numeric month)\n"
463 "\t... and the distinction between them is given by the location of the\n"
471 "key states: GENERATE|PUBLISH|READY|ACTIVE|RETIRE|DEAD\n");
478 "key types: KSK|ZSK\n");
488 FILE* lock_fd = NULL;
489 char* zone_list_filename;
494 char *dbschema = NULL;
498 char *password = NULL;
503 char* setup_command = NULL;
504 char* lock_filename = NULL;
507 printf(
"*WARNING* This will erase all data in the database; are you sure? [y/N] ");
509 user_certain = getchar();
510 if (user_certain !=
'y' && user_certain !=
'Y') {
511 printf(
"Okay, quitting...\n");
518 status =
get_db_details(&dbschema, &host, &port, &user, &password);
537 lock_fd = fopen(lock_filename,
"w");
540 printf(
"Error getting db lock\n");
541 if (lock_fd != NULL) {
562 if (system(setup_command) != 0)
564 printf(
"Could not call db setup command:\n\t%s\n", setup_command);
580 printf(
"Couldn't fix permissions on file %s\n", dbschema);
581 printf(
"Will coninue with setup, but you may need to manually change ownership\n");
591 printf(
"Failed to connect to database, username too long.\n");
604 printf(
"Failed to connect to database, password too long.\n");
626 if (password != NULL) {
628 StrAppend(&setup_command, quoted_password);
636 if (system(setup_command) != 0)
638 printf(
"Could not call db setup command:\n\t%s\n", setup_command);
651 status =
DbConnect(&dbhandle, dbschema, host, password, user, port);
653 printf(
"Failed to connect to database\n");
676 printf(
"Failed to read conf.xml\n");
687 printf(
"Failed to update repositories\n");
699 printf(
"Failed to update policies\n");
700 printf(
"SETUP FAILED\n");
715 printf(
"Failed to update zones\n");
738 FILE* lock_fd = NULL;
739 char* zone_list_filename = NULL;
740 char* kasp_filename = NULL;
742 int done_something = 0;
747 printf(
"Failed to connect to database\n");
756 if (strncmp(qualifier,
"ZONELIST", 8) == 0 ||
757 strncmp(qualifier,
"KASP", 4) == 0 ||
758 strncmp(qualifier,
"ALL", 3) == 0) {
761 printf(
"Failed to read conf.xml\n");
771 if (strncmp(qualifier,
"CONF", 4) == 0 ||
772 strncmp(qualifier,
"ALL", 3) == 0) {
775 printf(
"Failed to update repositories\n");
777 if (strncmp(qualifier,
"ALL", 3) == 0) {
790 if (strncmp(qualifier,
"KASP", 4) == 0 ||
791 strncmp(qualifier,
"ALL", 3) == 0) {
794 printf(
"Failed to update policies\n");
807 if (strncmp(qualifier,
"ZONELIST", 8) == 0 ||
808 strncmp(qualifier,
"ALL", 3) == 0) {
811 printf(
"Failed to update zones\n");
823 if (done_something == 0) {
824 printf(
"Unrecognised command update %s. Please specify one of:\n", qualifier);
828 if (restart_enforcerd() != 0)
830 fprintf(stderr,
"Could not HUP ods-enforcerd\n");
840 if (kasp_filename != NULL) {
843 if (zone_list_filename != NULL) {
862 FILE* lock_fd = NULL;
863 char* zonelist_filename = NULL;
864 char* backup_filename = NULL;
866 char* sig_conf_name = NULL;
867 char* input_name = NULL;
868 char* output_name = NULL;
875 xmlDocPtr doc = NULL;
881 printf(
"Couldn't malloc path: %s\n", strerror(errno));
887 printf(
"Please specify a zone with the --zone option\n");
900 StrAppend(&sig_conf_name, OPENDNSSEC_STATE_DIR);
914 StrAppend(&input_name, OPENDNSSEC_STATE_DIR);
927 StrAppend(&output_name, OPENDNSSEC_STATE_DIR);
944 printf(
"couldn't read zonelist\n");
959 printf(
"Failed to connect to database\n");
971 printf(
"Error, can't find policy : %s\n",
o_policy);
972 printf(
"Failed to update zones\n");
980 status =
KsmImportZone(
o_zone, policy_id, 1, &new_zone, sig_conf_name, input_name, output_name);
983 printf(
"Failed to Import zone %s; it already exists\n",
o_zone);
984 }
else if (status == -3) {
985 printf(
"Failed to Import zone %s; it already exists both with and without a trailing dot\n",
o_zone);
987 printf(
"Failed to Import zone\n");
1001 printf(
"Can't retrieve shared-keys parameter for policy\n");
1011 printf(
"Can't retrieve shared-keys parameter for policy\n");
1022 if (data.
value == 1) {
1025 printf(
"Failed to Link Keys to zone\n");
1043 if (xml_flag == 1) {
1046 xmlKeepBlanksDefault(0);
1047 xmlTreeIndentString =
"\t";
1060 StrAppend(&backup_filename, zonelist_filename);
1062 status =
backup_file(zonelist_filename, backup_filename);
1070 status = xmlSaveFormatFile(zonelist_filename, doc, 1);
1075 printf(
"couldn't save zonelist\n");
1083 if (xml_flag == 0) {
1084 printf(
"Imported zone: %s into database only, please run \"ods-ksmutil zonelist export\" to update zonelist.xml\n",
o_zone);
1086 printf(
"Imported zone: %s\n",
o_zone);
1100 char* zonelist_filename = NULL;
1101 char* backup_filename = NULL;
1106 xmlDocPtr doc = NULL;
1113 FILE* lock_fd = NULL;
1116 if (all_flag &&
o_zone != NULL) {
1117 printf(
"can not use --all with --zone\n");
1120 else if (!all_flag &&
o_zone == NULL) {
1121 printf(
"please specify either --zone <zone> or --all\n");
1126 if (all_flag == 1) {
1127 printf(
"*WARNING* This will remove all zones from OpenDNSSEC; are you sure? [y/N] ");
1129 user_certain = getchar();
1130 if (user_certain !=
'y' && user_certain !=
'Y') {
1131 printf(
"Okay, quitting...\n");
1139 printf(
"Failed to connect to database\n");
1152 if (xml_flag == 1) {
1156 printf(
"couldn't read zonelist\n");
1181 StrAppend(&backup_filename, zonelist_filename);
1183 status =
backup_file(zonelist_filename, backup_filename);
1192 status = xmlSaveFormatFile(zonelist_filename, doc, 1);
1196 printf(
"Could not save %s\n", zonelist_filename);
1207 if (all_flag == 0) {
1210 printf(
"Couldn't find zone %s\n",
o_zone);
1220 printf(
"Error: failed to mark keys as dead in database\n");
1229 printf(
"Error: failed to remove zone%s from database\n", (all_flag == 1) ?
"s" :
"");
1235 if (all_flag == 0) {
1236 if (system(SIGNER_CLI_UPDATE) != 0)
1238 printf(
"Could not call signer engine\n");
1245 if (xml_flag == 0) {
1246 printf(
"Deleted zone: %s from database only, please run \"ods-ksmutil zonelist export\" to update zonelist.xml\n",
o_zone);
1260 FILE* lock_fd = NULL;
1262 char* zonelist_filename = NULL;
1265 xmlTextReaderPtr reader = NULL;
1267 char* tag_name = NULL;
1269 int file_zone_count = 0;
1275 char* temp_name = NULL;
1282 printf(
"couldn't read zonelist\n");
1283 if (zonelist_filename != NULL) {
1292 printf(
"Failed to connect to database\n");
1298 reader = xmlNewTextReaderFilename(zonelist_filename);
1299 if (reader != NULL) {
1300 ret = xmlTextReaderRead(reader);
1302 tag_name = (
char*) xmlTextReaderLocalName(reader);
1304 if (strncmp(tag_name,
"Zone", 4) == 0
1305 && strncmp(tag_name,
"ZoneList", 8) != 0
1306 && xmlTextReaderNodeType(reader) == 1) {
1310 ret = xmlTextReaderRead(reader);
1313 xmlFreeTextReader(reader);
1315 printf(
"%s : failed to parse\n", zonelist_filename);
1319 printf(
"Unable to open %s\n", zonelist_filename);
1324 zone_ids =
MemMalloc(file_zone_count *
sizeof(
int));
1330 if (file_zone_count != 0) {
1331 StrAppend(&sql,
"select name from zones where id not in (");
1332 for (j = 0; j < file_zone_count; ++j) {
1336 snprintf(buffer,
sizeof(buffer),
"%d", zone_ids[j]);
1341 StrAppend(&sql,
"select name from zones");
1347 while (status == 0) {
1351 printf(
"Found zone %s in DB but not zonelist.\n", temp_name);
1368 if (file_zone_count == 0) {
1369 printf(
"No zones in DB or zonelist.\n");
1395 char *case_keytype = NULL;
1396 char *case_keystate = NULL;
1397 char *zone_name = NULL;
1400 hsm_key_t *key = NULL;
1401 ldns_rr *dnskey_rr = NULL;
1402 ldns_rr *ds_sha1_rr = NULL;
1403 ldns_rr *ds_sha256_rr = NULL;
1404 hsm_sign_params_t *sign_params = NULL;
1417 int done_something = 0;
1424 if (strncmp(case_keystate,
"KEYPUBLISH", 10) == 0 || strncmp(
o_keystate,
"10", 2) == 0) {
1427 else if (strncmp(case_keystate,
"GENERATE", 8) == 0 || strncmp(
o_keystate,
"1", 1) == 0) {
1430 else if (strncmp(case_keystate,
"PUBLISH", 7) == 0 || strncmp(
o_keystate,
"2", 1) == 0) {
1433 else if (strncmp(case_keystate,
"READY", 5) == 0 || strncmp(
o_keystate,
"3", 1) == 0) {
1436 else if (strncmp(case_keystate,
"ACTIVE", 6) == 0 || strncmp(
o_keystate,
"4", 1) == 0) {
1439 else if (strncmp(case_keystate,
"RETIRE", 6) == 0 || strncmp(
o_keystate,
"5", 1) == 0) {
1442 else if (strncmp(case_keystate,
"DEAD", 4) == 0 || strncmp(
o_keystate,
"6", 1) == 0) {
1445 else if (strncmp(case_keystate,
"DSSUB", 5) == 0 || strncmp(
o_keystate,
"7", 1) == 0) {
1448 else if (strncmp(case_keystate,
"DSPUBLISH", 9) == 0 || strncmp(
o_keystate,
"8", 1) == 0) {
1451 else if (strncmp(case_keystate,
"DSREADY", 7) == 0 || strncmp(
o_keystate,
"9", 1) == 0) {
1455 printf(
"Error: Unrecognised state %s; should be one of GENERATE, PUBLISH, READY, ACTIVE, RETIRE, DEAD, DSSUB, DSPUBLISH, DSREADY or KEYPUBLISH\n",
o_keystate);
1467 if (strncmp(case_keytype,
"KSK", 3) == 0 || strncmp(
o_keytype,
"257", 3) == 0) {
1470 else if (strncmp(case_keytype,
"ZSK", 3) == 0 || strncmp(
o_keytype,
"256", 3) == 0) {
1474 printf(
"Error: Unrecognised keytype %s; should be one of KSK or ZSK\n",
o_keytype);
1485 printf(
"Failed to connect to database\n");
1497 printf(
"Error: unable to find a zone named \"%s\" in database\n",
o_zone);
1503 status = hsm_open(
config, hsm_prompt_pin, NULL);
1505 hsm_print_error(NULL);
1510 if (state_id != -1) {
1513 nchar = snprintf(buffer,
sizeof(buffer),
"(%d, %d, %d, %d, %d, %d)",
1516 if (nchar >=
sizeof(buffer)) {
1525 if (zone_id != -1) {
1533 status =
KsmKey(result, &data);
1534 while (status == 0) {
1537 key = hsm_find_key_by_id(NULL, data.
location);
1540 printf(
"Key %s in DB but not repository\n", data.
location);
1545 sign_params = hsm_sign_params_new();
1547 if (zone_id == -1) {
1550 printf(
"Error: unable to find zone name for id %d\n", zone_id);
1551 hsm_sign_params_free(sign_params);
1555 sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, zone_name);
1559 sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME,
o_zone);
1562 sign_params->algorithm = data.
algorithm;
1563 sign_params->flags = LDNS_KEY_ZONE_KEY;
1565 sign_params->flags += LDNS_KEY_SEP_KEY;
1567 dnskey_rr = hsm_get_dnskey(NULL, key, sign_params);
1568 sign_params->keytag = ldns_calc_keytag(dnskey_rr);
1584 ldns_rr_set_ttl(dnskey_rr, rrttl);
1589 ldns_rr_print(stdout, dnskey_rr);
1601 ldns_rr_set_ttl(dnskey_rr, rrttl);
1606 ds_sha1_rr = ldns_key_rr2ds(dnskey_rr, LDNS_SHA1);
1607 ldns_rr_print(stdout, ds_sha1_rr);
1610 ds_sha256_rr = ldns_key_rr2ds(dnskey_rr, LDNS_SHA256);
1611 ldns_rr_print(stdout, ds_sha256_rr);
1616 hsm_sign_params_free(sign_params);
1618 status =
KsmKey(result, &data);
1630 if (!done_something) {
1631 if (state_id != -1) {
1634 printf(
"No keys in READY state or higher to export.\n");
1640 if (dnskey_rr != NULL) {
1641 ldns_rr_free(dnskey_rr);
1643 if (ds_sha1_rr != NULL) {
1644 ldns_rr_free(ds_sha1_rr);
1646 if (ds_sha256_rr != NULL) {
1647 ldns_rr_free(ds_sha256_rr);
1667 xmlDocPtr doc = xmlNewDoc((
const xmlChar *)
"1.0");
1674 if (all_flag &&
o_policy != NULL) {
1675 printf(
"can not use --all with --policy\n");
1678 else if (!all_flag &&
o_policy == NULL) {
1679 printf(
"please specify either --policy <policy> or --all\n");
1686 printf(
"Failed to connect to database\n");
1705 policy->
zone == NULL || policy->
parent == NULL ||
1706 policy->
keys == NULL ||
1707 policy->
ksk == NULL || policy->
zsk == NULL ||
1709 fprintf(stderr,
"Malloc for policy struct failed\n");
1714 xmlKeepBlanksDefault(0);
1715 xmlTreeIndentString =
" ";
1716 root = xmlNewDocNode(doc, NULL, (
const xmlChar *)
"KASP", NULL);
1717 (void) xmlDocSetRootElement(doc, root);
1726 while (status == 0) {
1736 xmlSaveFormatFile(
"-", doc, 1);
1757 xmlDocPtr doc = xmlNewDoc((
const xmlChar *)
"1.0");
1760 int prev_policy_id = -1;
1767 printf(
"Failed to connect to database\n");
1774 fprintf(stderr,
"Malloc for zone struct failed\n");
1779 xmlKeepBlanksDefault(0);
1780 xmlTreeIndentString =
" ";
1781 root = xmlNewDocNode(doc, NULL, (
const xmlChar *)
"ZoneList", NULL);
1782 (void) xmlDocSetRootElement(doc, root);
1788 status =
KsmZone(result, zone);
1790 while (status == 0) {
1791 if (zone->
policy_id != prev_policy_id) {
1795 fprintf(stderr,
"Couldn't get name for policy with ID: %d, exiting...\n", zone->
policy_id);
1802 status =
KsmZone(result, zone);
1807 xmlSaveFormatFile(
"-", doc, 1);
1825 FILE* lock_fd = NULL;
1847 printf(
"Failed to connect to database\n");
1858 printf(
"Error, can't find zone : %s\n",
o_zone);
1878 if (data.
value == 1) {
1879 printf(
"*WARNING* This zone shares keys with others, all instances of the active key on this zone will be retired; are you sure? [y/N] ");
1881 user_certain = getchar();
1882 if (user_certain !=
'y' && user_certain !=
'Y') {
1883 printf(
"Okay, quitting...\n");
1889 status =
keyRoll(zone_id, -1, key_type);
1896 snprintf(logmsg, 256,
"Manual key rollover for key type %s on zone %s initiated" , (
o_keytype == NULL) ?
"all" :
o_keytype,
o_zone);
1897 printf(
"\n%s\n", logmsg);
1900 #ifdef HAVE_OPENLOG_R
1905 #ifdef HAVE_SYSLOG_R
1906 syslog_r(LOG_INFO, &sdata,
"%s", logmsg);
1908 syslog(LOG_INFO,
"%s", logmsg);
1910 #ifdef HAVE_CLOSELOG_R
1920 if (restart_enforcerd() != 0)
1922 fprintf(stderr,
"Could not HUP ods-enforcerd\n");
1938 FILE* lock_fd = NULL;
1942 int zone_count = -1;
1961 printf(
"Failed to connect to database\n");
1968 printf(
"Error, can't find policy : %s\n",
o_policy);
1974 printf(
"*WARNING* This will roll all keys on the policy; are you sure? [y/N] ");
1976 user_certain = getchar();
1977 if (user_certain !=
'y' && user_certain !=
'Y') {
1978 printf(
"Okay, quitting...\n");
1993 if (zone_count == 0) {
1994 printf(
"No zones on policy; nothing to roll\n");
1999 printf(
"Couldn't count zones on policy; quitting...\n");
2004 status =
keyRoll(-1, policy_id, key_type);
2011 snprintf(logmsg, 256,
"Manual key rollover for key type %s on policy %s initiated" , (
o_keytype == NULL) ?
"all" :
o_keytype,
o_policy);
2012 printf(
"%s\n", logmsg);
2015 #ifdef HAVE_OPENLOG_R
2020 #ifdef HAVE_SYSLOG_R
2021 syslog_r(LOG_INFO, &sdata,
"%s", logmsg);
2023 syslog(LOG_INFO,
"%s", logmsg);
2025 #ifdef HAVE_CLOSELOG_R
2035 if (restart_enforcerd() != 0)
2037 fprintf(stderr,
"Could not HUP ods-enforcerd\n");
2058 FILE* lock_fd = NULL;
2063 printf(
"Failed to connect to database\n");
2072 printf(
"Error: unable to find a policy named \"%s\" in database\n",
o_policy);
2086 printf(
"Error: unable to find a zone named \"%s\" in database\n",
o_zone);
2096 printf(
"Error: failed to purge dead keys\n");
2120 FILE* lock_fd = NULL;
2125 if (datetime == NULL) {
2126 printf(
"Couldn't turn \"now\" into a date, quitting...\n");
2133 printf(
"Failed to connect to database\n");
2143 printf(
"Error: unable to find a repository named \"%s\" in database\n",
o_repository);
2151 if (strncmp(qualifier,
"PREPARE", 7) == 0 ||
2152 strncmp(qualifier,
"DONE", 4) == 0 ) {
2155 printf(
"There were no keys to mark\n");
2157 else if (status != 0) {
2158 printf(
"Error: failed to mark pre_backup as done\n");
2163 if (strncmp(qualifier,
"PREPARE", 7) == 0) {
2165 printf(
"Marked repository %s as pre-backed up at %s\n",
o_repository, datetime);
2167 printf(
"Marked all repositories as pre-backed up at %s\n", datetime);
2174 if (strncmp(qualifier,
"COMMIT", 6) == 0 ||
2175 strncmp(qualifier,
"DONE", 4) == 0 ) {
2178 printf(
"There were no keys to mark\n");
2180 else if (status != 0) {
2181 printf(
"Error: failed to mark backup as done\n");
2187 printf(
"Marked repository %s as backed up at %s\n",
o_repository, datetime);
2189 printf(
"Marked all repositories as backed up at %s\n", datetime);
2195 if (strncmp(qualifier,
"ROLLBACK", 6) == 0 ) {
2198 printf(
"There were no keys to rollback\n");
2200 else if (status != 0) {
2201 printf(
"Error: failed to mark backup as done\n");
2207 printf(
"Rolled back pre-backup of repository %s\n",
o_repository);
2209 printf(
"Rolled back pre-backup of all repositories\n");
2230 int qualifier_id = -1;
2234 FILE* lock_fd = NULL;
2239 printf(
"Failed to connect to database\n");
2252 printf(
"Error: unable to find a zone named \"%s\" in database\n",
o_zone);
2259 printf(
"Rollovers:\n");
2264 printf(
"Error: failed to list rollovers\n");
2286 int qualifier_id = -1;
2290 FILE* lock_fd = NULL;
2295 printf(
"Failed to connect to database\n");
2304 printf(
"Error: unable to find a repository named \"%s\" in database\n",
o_repository);
2310 printf(
"Backups:\n");
2314 printf(
"Error: failed to list backups\n");
2337 FILE* lock_fd = NULL;
2342 printf(
"Failed to connect to database\n");
2347 printf(
"Repositories:\n");
2352 printf(
"Error: failed to list repositories\n");
2353 if (lock_fd != NULL) {
2378 FILE* lock_fd = NULL;
2383 printf(
"Failed to connect to database\n");
2388 printf(
"Policies:\n");
2393 printf(
"Error: failed to list policies\n");
2414 int qualifier_id = -1;
2418 FILE* lock_fd = NULL;
2423 printf(
"Failed to connect to database\n");
2436 printf(
"Error: unable to find a zone named \"%s\" in database\n",
o_zone);
2448 printf(
"Error: failed to list keys\n");
2475 int keytag_int = -1;
2476 int temp_key_state = -1;
2477 int temp_keypair_id = -1;
2478 char* temp_cka_id = NULL;
2483 FILE* lock_fd = NULL;
2488 if (datetime == NULL) {
2489 printf(
"Couldn't turn \"now\" into a date, quitting...\n");
2495 printf(
"*WARNING* This will retire the currently active KSK; are you sure? [y/N] ");
2497 user_certain = getchar();
2498 if (user_certain !=
'y' && user_certain !=
'Y') {
2499 printf(
"Okay, quitting...\n");
2506 printf(
"Failed to connect to database\n");
2520 printf(
"Error: unable to find a zone named \"%s\" in database\n",
o_zone);
2533 printf(
"Error: Unable to convert keytag \"%s\"; to an integer\n",
o_keytag);
2539 printf(
"Error: keytag \"%s\"; should be numeric only\n",
o_keytag);
2549 printf(
"Please provide a zone or details of the key to roll\n");
2558 printf(
"Error: failed to count active keys\n");
2565 if (key_count < 2) {
2566 printf(
"Error: completing this action would leave no active keys on zone, quitting...\n");
2575 printf(
"Error: failed to find policy for zone\n");
2584 printf(
"Old key retired\n");
2586 printf(
"Old key NOT retired\n");
2594 status =
CountKeys(&zone_id, keytag_int,
o_cka_id, &key_count, &temp_cka_id, &temp_key_state, &temp_keypair_id);
2596 printf(
"Error: failed to count keys\n");
2603 if (key_count > 1) {
2604 printf(
"More than one key matched your parameters, please include more information from the above keys\n");
2612 printf(
"No keys in the ACTIVE state matched your parameters, please check the parameters\n");
2620 printf(
"Error: failed to count active keys\n");
2627 if (key_count < 2) {
2628 printf(
"Error: completing this action would leave no active keys on zone, quitting...\n");
2637 printf(
"Error: failed to find policy for zone\n");
2648 printf(
"Key %s retired\n", temp_cka_id);
2675 int retired_count = -1;
2676 int keytag_int = -1;
2677 int temp_key_state = -1;
2678 int temp_keypair_id = -1;
2679 char* temp_cka_id = NULL;
2684 FILE* lock_fd = NULL;
2691 if (datetime == NULL) {
2692 printf(
"Couldn't turn \"now\" into a date, quitting...\n");
2699 printf(
"Please provide a keytag or a CKA_ID for the key (CKA_ID will be used if both are provided\n");
2707 printf(
"*WARNING* This will retire the currently active KSK; are you sure? [y/N] ");
2709 user_certain = getchar();
2710 if (user_certain !=
'y' && user_certain !=
'Y') {
2711 printf(
"Okay, quitting...\n");
2718 printf(
"Failed to connect to database\n");
2729 printf(
"Please specify a zone using the --zone flag\n");
2735 else if (
o_zone != NULL) {
2742 printf(
"Error: unable to find a zone named \"%s\" in database\n",
o_zone);
2749 else if (all_flag) {
2750 printf(
"*WARNING* This will act on every zone where this key is in use; are you sure? [y/N] ");
2752 user_certain = getchar();
2753 if (user_certain !=
'y' && user_certain !=
'Y') {
2754 printf(
"Okay, quitting...\n");
2766 printf(
"Error: Unable to convert keytag \"%s\"; to an integer\n",
o_keytag);
2772 printf(
"Error: keytag \"%s\"; should be numeric only\n",
o_keytag);
2783 status =
CountKeys(&zone_id, keytag_int,
o_cka_id, &key_count, &temp_cka_id, &temp_key_state, &temp_keypair_id);
2785 printf(
"Error: failed to count keys\n");
2792 if (key_count > 1) {
2793 printf(
"More than one key matched your parameters, please include more information from the above keys\n");
2801 printf(
"Key is already active\n");
2808 if (key_count == 0) {
2809 printf(
"No keys in the READY state matched your parameters, please check the parameters\n");
2818 printf(
"Error: failed to find policy for zone\n");
2825 status =
MarkDSSeen(temp_keypair_id, zone_id, policy_id, datetime, temp_key_state);
2829 snprintf(logmsg, 256,
"Key %s made %s", temp_cka_id, (temp_key_state ==
KSM_STATE_READY) ?
"active" :
"into standby");
2830 printf(
"%s\n", logmsg);
2833 #ifdef HAVE_OPENLOG_R
2838 #ifdef HAVE_SYSLOG_R
2839 syslog_r(LOG_INFO, &sdata,
"%s", logmsg);
2841 syslog(LOG_INFO,
"%s", logmsg);
2843 #ifdef HAVE_CLOSELOG_R
2853 if (retire_flag == 1) {
2858 printf(
"Error: failed to count active keys\n");
2865 if (key_count < 2) {
2870 printf(
"Error: failed to count retired keys\n");
2879 if (retired_count != 0) {
2880 printf(
"Error: retiring a key would leave no active keys on zone, skipping...\n");
2885 if (restart_enforcerd() != 0)
2887 fprintf(stderr,
"Could not HUP ods-enforcerd\n");
2897 printf(
"Old key retired\n");
2899 printf(
"Old key NOT retired\n");
2902 printf(
"Old key NOT retired\n");
2907 if (restart_enforcerd() != 0)
2909 fprintf(stderr,
"Could not HUP ods-enforcerd\n");
2931 char* case_keytype = NULL;
2932 char* case_algorithm = NULL;
2933 char* case_state = NULL;
2938 int cka_id_exists = -1;
2939 int keytype_id = -1;
2946 DB_ID keypair_id = 0;
2955 FILE* lock_fd = NULL;
2965 printf(
"Error: please specify a CKA_ID with the --cka_id <CKA_ID>\n");
2969 printf(
"Error: please specify a repository with the --repository <repository>\n");
2973 printf(
"Error: please specify a zone with the --zone <zone>\n");
2977 printf(
"Error: please specify the number of bits with the --bits <size>\n");
2981 printf(
"Error: please specify the algorithm with the --algorithm <algorithm>\n");
2985 printf(
"Error: please specify the state with the --keystate <state>\n");
2989 printf(
"Error: please specify a keytype, KSK or ZSK, with the --keytype <type>\n");
2993 printf(
"Error: please specify the time of when the key entered the given state with the --time <time>\n");
3000 printf(
"Failed to connect to database\n");
3008 printf(
"Error: unable to find a repository named \"%s\" in database\n",
o_repository);
3020 printf(
"Error: unable to find a zone named \"%s\" in database\n",
o_zone);
3032 if (cka_id_exists == 1) {
3033 printf(
"Error: key with CKA_ID \"%s\" already exists in database\n",
o_cka_id);
3041 if (strncmp(case_keytype,
"KSK", 3) == 0 || strncmp(
o_keytype,
"257", 3) == 0) {
3044 else if (strncmp(case_keytype,
"ZSK", 3) == 0 || strncmp(
o_keytype,
"256", 3) == 0) {
3048 printf(
"Error: Unrecognised keytype %s; should be one of KSK or ZSK\n",
o_keytype);
3060 printf(
"Error: Unable to convert bits \"%s\"; to an integer\n",
o_size);
3065 printf(
"Error: Bits \"%s\"; should be numeric only\n",
o_size);
3083 if (status != 0 || algo_id == 0 || hsm_supported_algorithm(algo_id) != 0) {
3084 printf(
"Error: Key algorithm %s not supported; try one of RSASHA1, RSASHA1-NSEC3-SHA1 or RSASHA256\n",
o_algo);
3092 if (strncmp(case_state,
"GENERATE", 8) == 0 || strncmp(
o_keystate,
"1", 1) == 0) {
3095 else if (strncmp(case_state,
"PUBLISH", 7) == 0 || strncmp(
o_keystate,
"2", 1) == 0) {
3098 else if (strncmp(case_state,
"READY", 5) == 0 || strncmp(
o_keystate,
"3", 1) == 0) {
3101 else if (strncmp(case_state,
"ACTIVE", 6) == 0 || strncmp(
o_keystate,
"4", 1) == 0) {
3104 else if (strncmp(case_state,
"RETIRE", 6) == 0 || strncmp(
o_keystate,
"5", 1) == 0) {
3108 printf(
"Error: Unrecognised state %s; should be one of GENERATE, PUBLISH, READY, ACTIVE or RETIRE\n",
o_keystate);
3119 printf(
"Error: unable to convert \"%s\" into a date\n",
o_time);
3126 snprintf(form_time,
KSM_TIME_LENGTH,
"%4.4d-%2.2d-%2.2d %2.2d:%2.2d:%2.2d",
3127 datetime.tm_year + 1900, datetime.tm_mon + 1, datetime.tm_mday,
3128 datetime.tm_hour, datetime.tm_min, datetime.tm_sec);
3134 printf(
"Error: unable to specify retire time for a key in state \"%s\"\n",
o_keystate);
3141 printf(
"Error: unable to convert retire time \"%s\" into a date\n",
o_retire);
3148 snprintf(form_opt_time,
KSM_TIME_LENGTH,
"%4.4d-%2.2d-%2.2d %2.2d:%2.2d:%2.2d",
3149 datetime.tm_year + 1900, datetime.tm_mon + 1, datetime.tm_mday,
3150 datetime.tm_hour, datetime.tm_min, datetime.tm_sec);
3154 form_opt_time[0] =
'\0';
3171 if (data.
value == 1) {
3172 printf(
"*WARNING* This zone shares keys with others, the key will be added to all; are you sure? [y/N] ");
3174 user_certain = getchar();
3175 if (user_certain !=
'y' && user_certain !=
'Y') {
3176 printf(
"Okay, quitting...\n");
3183 status =
KsmImportKeyPair(policy_id,
o_cka_id, repo_id, size_int, algo_id, state_id, form_time, fix_time, &keypair_id);
3185 printf(
"Error: couldn't import key\n");
3195 status =
KsmDnssecKeyCreate(zone_id, (
int) keypair_id, keytype_id, state_id, form_time, form_opt_time, &ignore);
3198 printf(
"Error: couldn't allocate key to zone(s)\n");
3203 printf(
"Key imported into zone(s)\n");
3219 FILE* lock_fd = NULL;
3222 char *dbschema = NULL;
3226 char *password = NULL;
3230 char* backup_filename = NULL;
3231 char* lock_filename;
3233 char *path = getenv(
"PWD");
3236 printf(
"Sorry, currently this utility can only backup a sqlite database file\n");
3241 status =
get_db_details(&dbschema, &host, &port, &user, &password);
3252 lock_filename = NULL;
3256 lock_fd = fopen(lock_filename,
"w");
3259 printf(
"Error getting db lock\n");
3260 if (lock_fd != NULL) {
3309 char* kasp_filename = NULL;
3310 char* zonelist_filename = NULL;
3311 char* backup_filename = NULL;
3314 FILE* lock_fd = NULL;
3323 int zone_count = -1;
3325 xmlDocPtr doc = NULL;
3328 printf(
"*WARNING* This feature is experimental and has not been fully tested; are you sure? [y/N] ");
3330 user_certain = getchar();
3331 if (user_certain !=
'y' && user_certain !=
'Y') {
3332 printf(
"Okay, quitting...\n");
3339 printf(
"Failed to read conf.xml\n");
3345 StrAppend(&backup_filename, kasp_filename);
3347 status =
backup_file(kasp_filename, backup_filename);
3356 if ((test = fopen(kasp_filename,
"ab"))==NULL) {
3357 printf(
"Cannot open kasp.xml for writing: %s\n", strerror(errno));
3366 printf(
"Failed to connect to database\n");
3383 if (policy == NULL) {
3384 printf(
"Malloc for policy struct failed\n");
3393 while (status == 0) {
3403 if (zone_count == 0) {
3404 printf(
"No zones on policy %s; purging...\n", policy->
name);
3406 size = snprintf(sql,
KSM_SQL_SIZE,
"update dnsseckeys set state = %d where keypair_id in (select id from keypairs where policy_id = %d)",
KSM_STATE_DEAD, policy->
id);
3410 printf(
"Couldn't construct SQL to kill orphaned keys\n");
3429 printf(
"Key purge failed for policy %s\n", policy->
name);
3436 sql2 =
DdsInit(
"parameters_policies");
3475 status = xmlSaveFormatFile(kasp_filename, doc, 1);
3478 printf(
"Could not save %s\n", kasp_filename);
3487 printf(
"Couldn't count zones on policy; quitting...\n");
3524 char* ods_control_cmd = NULL;
3525 char* ptr = command;
3530 *ptr = tolower((
int) *ptr);
3536 StrAppend(&ods_control_cmd, ODS_EN_CONTROL);
3539 status = system(ods_control_cmd);
3542 fprintf(stderr,
"Couldn't run %s\n", ods_control_cmd);
3558 char* case_command = NULL;
3559 char* case_verb = NULL;
3561 int option_index = 0;
3562 static struct option long_options[] =
3564 {
"all", no_argument, 0,
'a'},
3565 {
"bits", required_argument, 0,
'b'},
3566 {
"config", required_argument, 0,
'c'},
3567 {
"ds", no_argument, 0,
'd'},
3568 {
"keystate", required_argument, 0,
'e'},
3569 {
"no-retire", no_argument, 0,
'f'},
3570 {
"algorithm", required_argument, 0,
'g'},
3571 {
"help", no_argument, 0,
'h'},
3572 {
"input", required_argument, 0,
'i'},
3573 {
"cka_id", required_argument, 0,
'k'},
3574 {
"no-xml", no_argument, 0,
'm'},
3575 {
"interval", required_argument, 0,
'n'},
3576 {
"output", required_argument, 0,
'o'},
3577 {
"policy", required_argument, 0,
'p'},
3578 {
"repository", required_argument, 0,
'r'},
3579 {
"signerconf", required_argument, 0,
's'},
3580 {
"keytype", required_argument, 0,
't'},
3581 {
"time", required_argument, 0,
'w'},
3582 {
"verbose", no_argument, 0,
'v'},
3583 {
"version", no_argument, 0,
'V'},
3584 {
"keytag", required_argument, 0,
'x'},
3585 {
"retire", required_argument, 0,
'y'},
3586 {
"zone", required_argument, 0,
'z'},
3587 {
"zonetotal", required_argument, 0,
'Z'},
3593 while ((ch = getopt_long(argc, argv,
"ab:c:de:fg:hi:k:n:o:p:r:s:t:vVw:x:y:z:Z", long_options, &option_index)) != -1) {
3651 printf(
"%s version %s\n", PACKAGE_NAME, PACKAGE_VERSION);
3709 if (!strncmp(case_command,
"SETUP", 5)) {
3713 }
else if (!strncmp(case_command,
"UPDATE", 6)) {
3717 }
else if (!strncmp(case_command,
"START", 5) ||
3718 !strncmp(case_command,
"STOP", 4) ||
3719 !strncmp(case_command,
"NOTIFY", 6)) {
3723 }
else if (!strncmp(case_command,
"ZONE", 4) && strlen(case_command) == 4) {
3728 if (!strncmp(case_verb,
"ADD", 3)) {
3730 }
else if (!strncmp(case_verb,
"DELETE", 6)) {
3732 }
else if (!strncmp(case_verb,
"LIST", 4)) {
3735 printf(
"Unknown command: zone %s\n", case_verb);
3739 }
else if (!strncmp(case_command,
"REPOSITORY", 10)) {
3743 if (!strncmp(case_verb,
"LIST", 4)) {
3746 printf(
"Unknown command: repository %s\n", case_verb);
3750 }
else if (!strncmp(case_command,
"POLICY", 6)) {
3754 if (!strncmp(case_verb,
"EXPORT", 6)) {
3756 }
else if (!strncmp(case_verb,
"IMPORT", 6)) {
3758 }
else if (!strncmp(case_verb,
"LIST", 4)) {
3760 }
else if (!strncmp(case_verb,
"PURGE", 5)) {
3763 printf(
"Unknown command: policy %s\n", case_verb);
3767 }
else if (!strncmp(case_command,
"KEY", 3)) {
3771 if (!strncmp(case_verb,
"LIST", 4)) {
3774 else if (!strncmp(case_verb,
"EXPORT", 6)) {
3777 else if (!strncmp(case_verb,
"IMPORT", 6)) {
3780 else if (!strncmp(case_verb,
"ROLLOVER", 8)) {
3782 if (all_flag == 0 &&
o_keytype == NULL) {
3783 printf(
"Please specify either a keytype, KSK or ZSK, with the --keytype <type> option or use the --all option\n");
3796 printf(
"Please provide either a zone OR a policy to rollover\n");
3802 else if (!strncmp(case_verb,
"PURGE", 5)) {
3808 printf(
"Please provide either a zone OR a policy to key purge\n");
3813 else if (!strncmp(case_verb,
"GENERATE", 8)) {
3816 else if (!strncmp(case_verb,
"KSK-RETIRE", 10)) {
3819 else if (!strncmp(case_verb,
"DS-SEEN", 7)) {
3822 printf(
"Unknown command: key %s\n", case_verb);
3826 }
else if (!strncmp(case_command,
"BACKUP", 6)) {
3830 if (!strncmp(case_verb,
"DONE", 4) ||
3831 !strncmp(case_verb,
"PREPARE", 7) ||
3832 !strncmp(case_verb,
"COMMIT", 6) ||
3833 !strncmp(case_verb,
"ROLLBACK", 8)) {
3836 else if (!strncmp(case_verb,
"LIST", 4)) {
3839 printf(
"Unknown command: backup %s\n", case_verb);
3843 }
else if (!strncmp(case_command,
"ROLLOVER", 8)) {
3846 if (!strncmp(case_verb,
"LIST", 4)) {
3849 printf(
"Unknown command: rollover %s\n", case_verb);
3853 }
else if (!strncmp(case_command,
"DATABASE", 8)) {
3857 if (!strncmp(case_verb,
"BACKUP", 6)) {
3860 printf(
"Unknown command: database %s\n", case_verb);
3864 }
else if (!strncmp(case_command,
"ZONELIST", 8)) {
3868 if (!strncmp(case_verb,
"EXPORT", 6)) {
3871 else if (!strncmp(case_verb,
"IMPORT", 6)) {
3874 printf(
"Unknown command: zonelist %s\n", case_verb);
3879 printf(
"Unknown command: %s\n", argv[0]);
3891 xmlCleanupGlobals();
3892 xmlCleanupThreads();
3914 char *dbschema = NULL;
3918 char *password = NULL;
3922 char* backup_filename = NULL;
3923 char* lock_filename;
3926 status =
get_db_details(&dbschema, &host, &port, &user, &password);
3942 if (lock_fd != NULL) {
3943 lock_filename = NULL;
3947 *lock_fd = fopen(lock_filename,
"w");
3950 printf(
"Error getting db lock\n");
3951 if (*lock_fd != NULL) {
3974 if (lock_fd != NULL) {
3989 status =
DbConnect(dbhandle, dbschema, host, password, user, port);
4011 if (lock_fd != NULL) {
4014 printf(
"Error releasing db lock");
4035 if (lock_fd == NULL) {
4036 printf(
"%s could not be opened\n", lock_filename);
4040 memset(&fl, 0,
sizeof(
struct flock));
4041 fl.l_type = F_WRLCK;
4042 fl.l_whence = SEEK_SET;
4043 fl.l_pid = getpid();
4045 while (fcntl(fileno(lock_fd), F_SETLK, &fl) == -1) {
4046 if (errno == EACCES || errno == EAGAIN) {
4047 printf(
"%s already locked, sleep\n", lock_filename);
4052 select(0, NULL, NULL, NULL, &tv);
4055 printf(
"couldn't get lock on %s; %s\n", lock_filename, strerror(errno));
4068 if (lock_fd == NULL) {
4072 memset(&fl, 0,
sizeof(
struct flock));
4073 fl.l_type = F_UNLCK;
4074 fl.l_whence = SEEK_SET;
4076 if (fcntl(fileno(lock_fd), F_SETLK, &fl) == -1) {
4089 xmlTextReaderPtr reader = NULL;
4090 xmlDocPtr doc = NULL;
4091 xmlXPathContextPtr xpathCtx = NULL;
4092 xmlXPathObjectPtr xpathObj = NULL;
4094 char* tag_name = NULL;
4095 char* temp_char = NULL;
4097 xmlChar *zonelist_expr = (
unsigned char*)
"//Common/ZoneListFile";
4098 xmlChar *kaspfile_expr = (
unsigned char*)
"//Common/PolicyFile";
4101 reader = xmlNewTextReaderFilename(
config);
4102 if (reader != NULL) {
4103 ret = xmlTextReaderRead(reader);
4105 tag_name = (
char*) xmlTextReaderLocalName(reader);
4107 if (strncmp(tag_name,
"Common", 6) == 0
4108 && xmlTextReaderNodeType(reader) == 1) {
4111 xmlTextReaderExpand(reader);
4112 doc = xmlTextReaderCurrentDoc(reader);
4114 printf(
"Error: can not read Common section\n");
4116 ret = xmlTextReaderRead(reader);
4120 xpathCtx = xmlXPathNewContext(doc);
4121 if(xpathCtx == NULL) {
4122 printf(
"Error: can not create XPath context for Common section\n");
4124 ret = xmlTextReaderRead(reader);
4129 xpathObj = xmlXPathEvalExpression(zonelist_expr, xpathCtx);
4130 if(xpathObj == NULL) {
4131 printf(
"Error: unable to evaluate xpath expression: %s\n", zonelist_expr);
4133 ret = xmlTextReaderRead(reader);
4136 *zone_list_filename = NULL;
4137 temp_char = (
char*) xmlXPathCastToString(xpathObj);
4138 StrAppend(zone_list_filename, temp_char);
4140 xmlXPathFreeObject(xpathObj);
4141 printf(
"zonelist filename set to %s.\n", *zone_list_filename);
4144 xpathObj = xmlXPathEvalExpression(kaspfile_expr, xpathCtx);
4145 xmlXPathFreeContext(xpathCtx);
4146 if(xpathObj == NULL) {
4147 printf(
"Error: unable to evaluate xpath expression: %s\n", kaspfile_expr);
4149 ret = xmlTextReaderRead(reader);
4152 *kasp_filename = NULL;
4153 if (xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
4157 temp_char = (
char*) xmlXPathCastToString(xpathObj);
4165 StrAppend(kasp_filename, OPENDNSSEC_CONFIG_DIR);
4168 printf(
"kasp filename set to %s.\n", *kasp_filename);
4170 xmlXPathFreeObject(xpathObj);
4173 ret = xmlTextReaderRead(reader);
4177 xmlFreeTextReader(reader);
4179 printf(
"%s : failed to parse\n",
config);
4183 printf(
"Unable to open %s\n",
config);
4200 xmlDocPtr doc = NULL;
4201 xmlXPathContextPtr xpathCtx = NULL;
4202 xmlXPathObjectPtr xpathObj = NULL;
4204 char* repo_name = NULL;
4205 char* repo_capacity = NULL;
4206 int require_backup = 0;
4209 xmlChar *node_expr = (
unsigned char*)
"//Configuration/RepositoryList/Repository";
4213 doc = xmlParseFile(
config);
4215 printf(
"Unable to open %s\n",
config);
4220 xpathCtx = xmlXPathNewContext(doc);
4221 if(xpathCtx == NULL) {
4227 xpathObj = xmlXPathEvalExpression(node_expr, xpathCtx);
4228 if(xpathObj == NULL) {
4229 xmlXPathFreeContext(xpathCtx);
4234 if (xpathObj->nodesetval) {
4235 for (i = 0; i < xpathObj->nodesetval->nodeNr; i++) {
4240 curNode = xpathObj->nodesetval->nodeTab[i]->xmlChildrenNode;
4241 repo_name = (
char *) xmlGetProp(xpathObj->nodesetval->nodeTab[i],
4242 (
const xmlChar *)
"name");
4244 if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Capacity")) {
4245 repo_capacity = (
char *) xmlNodeGetContent(curNode);
4247 if (xmlStrEqual(curNode->name, (
const xmlChar *)
"RequireBackup")) {
4251 curNode = curNode->next;
4254 if (strlen(repo_name) != 0) {
4256 printf(
"Repository %s found\n", repo_name);
4257 if (strlen(repo_capacity) == 0) {
4258 printf(
"No Maximum Capacity set.\n");
4264 printf(
"Capacity set to %s.\n", repo_capacity);
4270 if (require_backup == 0) {
4271 printf(
"RequireBackup NOT set; please make sure that you know the potential problems of using keys which are not recoverable\n");
4273 printf(
"RequireBackup set.\n");
4277 printf(
"Error Importing Repository %s", repo_name);
4281 printf(
"WARNING: Repository found with NULL name, skipping...\n");
4289 xmlXPathFreeObject(xpathObj);
4292 xmlXPathFreeContext(xpathCtx);
4307 char *policy_name = NULL;
4308 char *policy_description = NULL;
4311 xmlDocPtr doc = NULL;
4312 xmlDocPtr pol_doc = NULL;
4313 xmlDocPtr rngdoc = NULL;
4316 xmlNode *childNode2;
4317 xmlNode *childNode3;
4318 xmlChar *opt_out_flag = (xmlChar *)
"N";
4319 xmlChar *share_keys_flag = (xmlChar *)
"N";
4320 xmlChar *man_roll_flag = (xmlChar *)
"N";
4321 xmlChar *rfc5011_flag = (xmlChar *)
"N";
4322 int standby_keys_flag = 0;
4323 xmlXPathContextPtr xpathCtx = NULL;
4324 xmlXPathObjectPtr xpathObj = NULL;
4325 xmlRelaxNGParserCtxtPtr rngpctx = NULL;
4326 xmlRelaxNGValidCtxtPtr rngctx = NULL;
4327 xmlRelaxNGPtr schema = NULL;
4330 xmlChar *node_expr = (
unsigned char*)
"//Policy";
4334 int audit_found = 0;
4340 int algo_change = 0;
4342 char* changes_made = NULL;
4347 const char* rngfilename = OPENDNSSEC_SCHEMA_DIR
"/kasp.rng";
4348 char* kaspcheck_cmd = NULL;
4349 char* kaspcheck_cmd_version = NULL;
4351 StrAppend(&kaspcheck_cmd, ODS_AU_KASPCHECK);
4355 StrAppend(&kaspcheck_cmd_version, ODS_AU_KASPCHECK);
4356 StrAppend(&kaspcheck_cmd_version,
" -v > /dev/null");
4359 status = system(kaspcheck_cmd_version);
4362 status = system(kaspcheck_cmd);
4365 fprintf(stderr,
"ods-kaspcheck returned an error, please check your policy\n");
4367 StrFree(kaspcheck_cmd_version);
4373 fprintf(stderr,
"Couldn't run ods-kaspcheck (Auditor is not installed), will carry on\n");
4377 StrFree(kaspcheck_cmd_version);
4380 doc = xmlParseFile(kasp_filename);
4382 printf(
"Error: unable to parse file \"%s\"\n", kasp_filename);
4387 rngdoc = xmlParseFile(rngfilename);
4388 if (rngdoc == NULL) {
4389 printf(
"Error: unable to parse file \"%s\"\n", rngfilename);
4394 rngpctx = xmlRelaxNGNewDocParserCtxt(rngdoc);
4395 if (rngpctx == NULL) {
4396 printf(
"Error: unable to create XML RelaxNGs parser context\n");
4401 schema = xmlRelaxNGParse(rngpctx);
4402 if (schema == NULL) {
4403 printf(
"Error: unable to parse a schema definition resource\n");
4408 rngctx = xmlRelaxNGNewValidCtxt(schema);
4409 if (rngctx == NULL) {
4410 printf(
"Error: unable to create RelaxNGs validation context based on the schema\n");
4415 status = xmlRelaxNGValidateDoc(rngctx,doc);
4417 printf(
"Error validating file \"%s\"\n", kasp_filename);
4423 if (policy == NULL) {
4424 printf(
"Malloc for policy struct failed");
4429 xpathCtx = xmlXPathNewContext(doc);
4430 if(xpathCtx == NULL) {
4437 xpathObj = xmlXPathEvalExpression(node_expr, xpathCtx);
4438 if(xpathObj == NULL) {
4439 xmlXPathFreeContext(xpathCtx);
4445 if (xpathObj->nodesetval) {
4451 for (i = 0; i < xpathObj->nodesetval->nodeNr; i++) {
4453 curNode = xpathObj->nodesetval->nodeTab[i]->xmlChildrenNode;
4454 policy_name = (
char *) xmlGetProp(xpathObj->nodesetval->nodeTab[i], (
const xmlChar *)
"name");
4455 if (strlen(policy_name) == 0) {
4457 printf(
"Error extracting policy name from %s\n", kasp_filename);
4470 printf(
"Error: unable to read policy %s; skipping\n", policy_name);
4475 if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Keys")) {
4476 childNode = curNode->children;
4478 if (xmlStrEqual(childNode->name, (
const xmlChar *)
"KSK")) {
4479 childNode2 = childNode->children;
4481 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Algorithm")) {
4484 status =
StrStrtoi((
char *)xmlNodeGetContent(childNode2), &value);
4486 printf(
"Error extracting KSK algorithm for policy %s, exiting...", policy_name);
4492 printf(
"\n\nAlgorithm change attempted... details:\n");
4493 StrAppend(&changes_made,
"Algorithm changes made, details:");
4496 size = snprintf(tmp_change,
KSM_MSG_LENGTH,
"Policy: %s, KSK algorithm changed from %d to %d.", policy_name, policy->
ksk->
algorithm, value);
4499 printf(
"Error constructing log message for policy %s, exiting...", policy_name);
4502 printf(
"%s\n", tmp_change);
4508 childNode2 = childNode2->next;
4513 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"ZSK")) {
4514 childNode2 = childNode->children;
4516 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Algorithm")) {
4519 status =
StrStrtoi((
char *)xmlNodeGetContent(childNode2), &value);
4521 printf(
"Error extracting ZSK algorithm for policy %s, exiting...", policy_name);
4527 printf(
"\n\nAlgorithm change attempted... details:\n");
4528 StrAppend(&changes_made,
"Algorithm changes made, details:");
4531 size = snprintf(tmp_change,
KSM_MSG_LENGTH,
"Policy: %s, ZSK algorithm changed from %d to %d.", policy_name, policy->
zsk->
algorithm, value);
4534 printf(
"Error constructing log message for policy %s, exiting...", policy_name);
4537 printf(
"%s\n", tmp_change);
4543 childNode2 = childNode2->next;
4548 childNode = childNode->next;
4551 curNode = curNode->next;
4563 if (algo_change == 1 && force_flag == 0) {
4564 printf(
"*WARNING* This will change the algorithms used as noted above. Algorithm rollover is _not_ supported by OpenDNSSEC and zones may break. Are you sure? [y/N] ");
4566 user_certain = getchar();
4567 if (user_certain !=
'y' && user_certain !=
'Y') {
4568 printf(
"\nOkay, quitting...\n");
4569 xmlXPathFreeContext(xpathCtx);
4582 #ifdef HAVE_OPENLOG_R
4587 #ifdef HAVE_SYSLOG_R
4588 syslog_r(LOG_INFO, &sdata,
"%s", changes_made);
4590 syslog(LOG_INFO,
"%s", changes_made);
4592 #ifdef HAVE_CLOSELOG_R
4603 for (i = 0; i < xpathObj->nodesetval->nodeNr; i++) {
4605 curNode = xpathObj->nodesetval->nodeTab[i]->xmlChildrenNode;
4606 policy_name = (
char *) xmlGetProp(xpathObj->nodesetval->nodeTab[i], (
const xmlChar *)
"name");
4607 if (strlen(policy_name) == 0) {
4609 printf(
"Error extracting policy name from %s\n", kasp_filename);
4614 printf(
"Policy %s found\n", policy_name);
4616 if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Description")) {
4617 policy_description = (
char *) xmlNodeGetContent(curNode);
4627 printf(
"Error: unable to read policy %s; skipping\n", policy_name);
4628 curNode = curNode->next;
4637 printf(
"Error: unable to insert policy %s; skipping\n", policy_name);
4644 printf(
"Error: unable to get policy id for %s; skipping\n", policy_name);
4650 else if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Signatures")) {
4651 childNode = curNode->children;
4653 if (xmlStrEqual(childNode->name, (
const xmlChar *)
"Resign")) {
4656 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"Refresh")) {
4659 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"Validity")) {
4660 childNode2 = childNode->children;
4662 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Default")) {
4665 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Denial")) {
4668 childNode2 = childNode2->next;
4671 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"Jitter")) {
4674 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"InceptionOffset")) {
4677 childNode = childNode->next;
4680 else if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Denial")) {
4681 opt_out_flag = (xmlChar *)
"N";
4682 childNode = curNode->children;
4684 if (xmlStrEqual(childNode->name, (
const xmlChar *)
"NSEC3")) {
4688 printf(
"Error: unable to insert/update %s for policy\n",
"Denial version");
4690 childNode2 = childNode->children;
4692 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"OptOut")) {
4693 opt_out_flag = (xmlChar *)
"Y";
4695 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Resalt")) {
4698 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Hash")) {
4699 childNode3 = childNode2->children;
4701 if (xmlStrEqual(childNode3->name, (
const xmlChar *)
"Algorithm")) {
4704 else if (xmlStrEqual(childNode3->name, (
const xmlChar *)
"Iterations")) {
4707 else if (xmlStrEqual(childNode3->name, (
const xmlChar *)
"Salt")) {
4710 childNode3 = childNode3->next;
4714 childNode2 = childNode2->next;
4719 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"NSEC")) {
4722 printf(
"Error: unable to insert/update %s for policy\n",
"Denial version");
4725 childNode = childNode->next;
4728 else if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Keys")) {
4729 share_keys_flag = (xmlChar *)
"N";
4730 childNode = curNode->children;
4732 if (xmlStrEqual(childNode->name, (
const xmlChar *)
"TTL")) {
4735 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"RetireSafety")) {
4738 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"PublishSafety")) {
4741 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"ShareKeys")) {
4742 share_keys_flag = (xmlChar *)
"Y";
4744 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"Purge")) {
4748 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"KSK")) {
4749 man_roll_flag = (xmlChar *)
"N";
4750 rfc5011_flag = (xmlChar *)
"N";
4751 childNode2 = childNode->children;
4753 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Algorithm")) {
4758 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Lifetime")) {
4761 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Repository")) {
4763 printf(
"Please either add the repository to conf.xml or remove the reference to it from kasp.xml\n");
4765 xmlFreeDoc(pol_doc);
4766 xmlXPathFreeContext(xpathCtx);
4767 xmlRelaxNGFree(schema);
4768 xmlRelaxNGFreeValidCtxt(rngctx);
4769 xmlRelaxNGFreeParserCtxt(rngpctx);
4777 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Standby")) {
4779 standby_keys_flag = 1;
4781 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"ManualRollover")) {
4782 man_roll_flag = (xmlChar *)
"Y";
4784 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"RFC5011")) {
4785 rfc5011_flag = (xmlChar *)
"Y";
4790 childNode2 = childNode2->next;
4795 if (standby_keys_flag == 0) {
4798 standby_keys_flag = 0;
4802 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"ZSK")) {
4803 man_roll_flag = (xmlChar *)
"N";
4804 childNode2 = childNode->children;
4806 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Algorithm")) {
4811 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Lifetime")) {
4814 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Repository")) {
4816 printf(
"Please either add the repository to conf.xml or remove the reference to it from kasp.xml\n");
4818 xmlFreeDoc(pol_doc);
4819 xmlXPathFreeContext(xpathCtx);
4820 xmlRelaxNGFree(schema);
4821 xmlRelaxNGFreeValidCtxt(rngctx);
4822 xmlRelaxNGFreeParserCtxt(rngpctx);
4830 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Standby")) {
4832 standby_keys_flag = 1;
4834 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"ManualRollover")) {
4835 man_roll_flag = (xmlChar *)
"Y";
4837 childNode2 = childNode2->next;
4843 childNode = childNode->next;
4847 if (standby_keys_flag == 0) {
4850 standby_keys_flag = 0;
4855 else if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Zone")) {
4856 childNode = curNode->children;
4858 if (xmlStrEqual(childNode->name, (
const xmlChar *)
"PropagationDelay")) {
4861 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"SOA")) {
4862 childNode2 = childNode->children;
4864 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"TTL")) {
4867 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Minimum")) {
4870 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Serial")) {
4873 childNode2 = childNode2->next;
4876 childNode = childNode->next;
4880 else if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Parent")) {
4881 childNode = curNode->children;
4883 if (xmlStrEqual(childNode->name, (
const xmlChar *)
"PropagationDelay")) {
4886 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"DS")) {
4887 childNode2 = childNode->children;
4889 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"TTL")) {
4892 childNode2 = childNode2->next;
4895 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"SOA")) {
4896 childNode2 = childNode->children;
4898 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"TTL")) {
4901 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Minimum")) {
4904 childNode2 = childNode2->next;
4907 childNode = childNode->next;
4911 else if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Audit")) {
4913 childNode = curNode->children;
4915 if (xmlStrEqual(childNode->name, (
const xmlChar *)
"Partial")) {
4918 childNode = childNode->next;
4922 printf(
"Error: unable to insert Audit info for policy %s\n", policy->
name);
4926 curNode = curNode->next;
4929 if (audit_found == 0) {
4941 xmlXPathFreeContext(xpathCtx);
4942 xmlRelaxNGFree(schema);
4943 xmlRelaxNGFreeValidCtxt(rngctx);
4944 xmlRelaxNGFreeParserCtxt(rngpctx);
4956 xmlTextReaderPtr reader = NULL;
4957 xmlDocPtr doc = NULL;
4958 xmlXPathContextPtr xpathCtx = NULL;
4959 xmlXPathObjectPtr xpathObj = NULL;
4961 char* zone_name = NULL;
4962 char* policy_name = NULL;
4963 char* current_policy = NULL;
4964 char* current_signconf = NULL;
4965 char* current_input = NULL;
4966 char* current_output = NULL;
4967 char* temp_char = NULL;
4968 char* tag_name = NULL;
4971 int file_zone_count = 0;
4972 int db_zone_count = 0;
4986 xmlChar *name_expr = (
unsigned char*)
"name";
4987 xmlChar *policy_expr = (
unsigned char*)
"//Zone/Policy";
4988 xmlChar *signconf_expr = (
unsigned char*)
"//Zone/SignerConfiguration";
4989 xmlChar *input_expr = (
unsigned char*)
"//Zone/Adapters/Input/File";
4990 xmlChar *output_expr = (
unsigned char*)
"//Zone/Adapters/Output/File";
4994 reader = xmlNewTextReaderFilename(zone_list_filename);
4995 if (reader != NULL) {
4996 ret = xmlTextReaderRead(reader);
4998 tag_name = (
char*) xmlTextReaderLocalName(reader);
5000 if (strncmp(tag_name,
"Zone", 4) == 0
5001 && strncmp(tag_name,
"ZoneList", 8) != 0
5002 && xmlTextReaderNodeType(reader) == 1) {
5006 ret = xmlTextReaderRead(reader);
5009 xmlFreeTextReader(reader);
5011 printf(
"%s : failed to parse\n", zone_list_filename);
5015 printf(
"Unable to open %s\n", zone_list_filename);
5020 zone_ids =
MemMalloc(file_zone_count *
sizeof(
int));
5023 reader = xmlNewTextReaderFilename(zone_list_filename);
5024 if (reader != NULL) {
5025 ret = xmlTextReaderRead(reader);
5027 tag_name = (
char*) xmlTextReaderLocalName(reader);
5029 if (strncmp(tag_name,
"Zone", 4) == 0
5030 && strncmp(tag_name,
"ZoneList", 8) != 0
5031 && xmlTextReaderNodeType(reader) == 1) {
5034 temp_char = (
char*) xmlTextReaderGetAttribute(reader, name_expr);
5048 if (zone_name == NULL) {
5050 printf(
"Error extracting zone name from %s\n", zone_list_filename);
5052 ret = xmlTextReaderRead(reader);
5056 printf(
"Zone %s found\n", zone_name);
5059 xmlTextReaderExpand(reader);
5060 doc = xmlTextReaderCurrentDoc(reader);
5062 printf(
"Error: can not read zone \"%s\"; skipping\n", zone_name);
5064 ret = xmlTextReaderRead(reader);
5068 xpathCtx = xmlXPathNewContext(doc);
5069 if(xpathCtx == NULL) {
5070 printf(
"Error: can not create XPath context for \"%s\"; skipping zone\n", zone_name);
5072 ret = xmlTextReaderRead(reader);
5078 xpathObj = xmlXPathEvalExpression(policy_expr, xpathCtx);
5079 if(xpathObj == NULL) {
5080 printf(
"Error: unable to evaluate xpath expression: %s; skipping zone\n", policy_expr);
5082 ret = xmlTextReaderRead(reader);
5086 current_policy = NULL;
5087 temp_char = (
char *)xmlXPathCastToString(xpathObj);
5090 printf(
"Policy set to %s.\n", current_policy);
5091 xmlXPathFreeObject(xpathObj);
5094 if (policy_name == NULL || strcmp(current_policy, policy_name) != 0) {
5096 StrAppend(&policy_name, current_policy);
5100 printf(
"Error, can't find policy : %s\n", policy_name);
5102 ret = xmlTextReaderRead(reader);
5109 xpathObj = xmlXPathEvalExpression(signconf_expr, xpathCtx);
5110 if(xpathObj == NULL) {
5111 printf(
"Error: unable to evaluate xpath expression: %s; skipping zone\n", signconf_expr);
5113 ret = xmlTextReaderRead(reader);
5117 current_signconf = NULL;
5118 temp_char = (
char *)xmlXPathCastToString(xpathObj);
5119 StrAppend(¤t_signconf, temp_char);
5121 xmlXPathFreeObject(xpathObj);
5125 xpathObj = xmlXPathEvalExpression(input_expr, xpathCtx);
5126 if(xpathObj == NULL) {
5127 printf(
"Error: unable to evaluate xpath expression: %s; skipping zone\n", input_expr);
5129 ret = xmlTextReaderRead(reader);
5133 current_input = NULL;
5134 temp_char = (
char *)xmlXPathCastToString(xpathObj);
5137 xmlXPathFreeObject(xpathObj);
5141 xpathObj = xmlXPathEvalExpression(output_expr, xpathCtx);
5142 xmlXPathFreeContext(xpathCtx);
5143 if(xpathObj == NULL) {
5144 printf(
"Error: unable to evaluate xpath expression: %s; skipping zone\n", output_expr);
5146 ret = xmlTextReaderRead(reader);
5150 current_output = NULL;
5151 temp_char = (
char *)xmlXPathCastToString(xpathObj);
5154 xmlXPathFreeObject(xpathObj);
5159 status =
KsmImportZone(zone_name, policy_id, 0, &new_zone, current_signconf, current_input, current_output);
5162 printf(
"Error Importing zone %s; it already exists both with and without a trailing dot\n", zone_name);
5164 printf(
"Error Importing Zone %s\n", zone_name);
5167 ret = xmlTextReaderRead(reader);
5172 if (new_zone == 1) {
5173 printf(
"Added zone %s to database\n", zone_name);
5187 printf(
"Error: unable to find a zone named \"%s\" in database\n", zone_name);
5188 printf(
"Error: Possibly two domains differ only by having a trailing dot or not?\n");
5194 zone_ids[i] = temp_id;
5207 ret = xmlTextReaderRead(reader);
5210 xmlFreeTextReader(reader);
5212 printf(
"%s : failed to parse\n", zone_list_filename);
5215 printf(
"Unable to open %s\n", zone_list_filename);
5231 if (file_zone_count == db_zone_count) {
5236 else if (file_zone_count > db_zone_count) {
5237 printf(
"Failed to add all zones from zonelist\n");
5253 while (status == 0) {
5254 DbInt(row, 0, &temp_id);
5256 DbInt(row, 2, &policy_id);
5259 for (i = 0; i < db_zone_count; ++i) {
5260 if (temp_id == zone_ids[i]) {
5266 if (seen_zone == 0) {
5269 printf(
"Removing zone %s from database\n", zone_name);
5271 status =
KsmParameterInit(&result2,
"zones_share_keys",
"keys", policy_id);
5295 if ((shared.
value == 1 && temp_count == 1) || shared.
value == 0) {
5298 printf(
"Error: failed to mark keys as dead in database\n");
5332 int SetParamOnPolicy(
const xmlChar* new_value,
const char* name,
const char* category,
int current_value,
int policy_id,
int value_type)
5336 char* temp_char = (
char *)new_value;
5340 if (strlen(temp_char) != 0) {
5343 printf(
"Error: unable to convert interval %s to seconds, error: %i\n", temp_char, status);
5347 else if (status == -1) {
5348 printf(
"Info: converting %s to seconds; M interpreted as 31 days, Y interpreted as 365 days\n", temp_char);
5357 if (strncmp(temp_char,
"Y", 1) == 0) {
5367 printf(
"Error: unable to find repository %s\n", temp_char);
5377 printf(
"Error: unable to find serial type %s\n", temp_char);
5387 printf(
"Error: unable to find rollover scheme %s\n", temp_char);
5396 printf(
"Error: unable to convert %s to int\n", temp_char);
5406 if (value != current_value || current_value == 0) {
5409 printf(
"Error: unable to insert/update %s for policy\n", name);
5410 printf(
"Error: Is your database schema up to date?\n");
5416 if (strncmp(name,
"saltlength", 10) == 0) {
5419 printf(
"Error: unable to insert/update %s for policy\n", name);
5420 printf(
"Error: Is your database schema up to date?\n");
5431 if (policy == NULL) {
5432 printf(
"Error, no policy provided");
5469 policy->
ksk->
sm = 0;
5481 policy->
zsk->
sm = 0;
5518 if((from = fopen( orig_file,
"rb"))==NULL) {
5519 if (errno == ENOENT) {
5520 printf(
"File %s does not exist, nothing to backup\n", orig_file);
5524 printf(
"Cannot open source file.\n");
5530 if((to = fopen(backup_file,
"wb"))==NULL) {
5531 printf(
"Cannot open destination file, will not make backup.\n");
5537 while(!feof(from)) {
5540 printf(
"Error reading source file.\n");
5545 if(!feof(from)) fputc(ch, to);
5547 printf(
"Error writing destination file.\n");
5554 if(fclose(from)==EOF) {
5555 printf(
"Error closing source file.\n");
5560 if(fclose(to)==EOF) {
5561 printf(
"Error closing destination file.\n");
5579 get_db_details(
char** dbschema,
char** host,
char** port,
char** user,
char** password)
5584 xmlXPathContextPtr xpathCtx;
5585 xmlXPathObjectPtr xpathObj;
5586 xmlRelaxNGParserCtxtPtr rngpctx;
5587 xmlRelaxNGValidCtxtPtr rngctx;
5588 xmlRelaxNGPtr schema;
5589 xmlChar *litexpr = (
unsigned char*)
"//Configuration/Enforcer/Datastore/SQLite";
5590 xmlChar *mysql_host = (
unsigned char*)
"//Configuration/Enforcer/Datastore/MySQL/Host";
5591 xmlChar *mysql_port = (
unsigned char*)
"//Configuration/Enforcer/Datastore/MySQL/Host/@port";
5592 xmlChar *mysql_db = (
unsigned char*)
"//Configuration/Enforcer/Datastore/MySQL/Database";
5593 xmlChar *mysql_user = (
unsigned char*)
"//Configuration/Enforcer/Datastore/MySQL/Username";
5594 xmlChar *mysql_pass = (
unsigned char*)
"//Configuration/Enforcer/Datastore/MySQL/Password";
5598 char* temp_char = NULL;
5601 const char* rngfilename = OPENDNSSEC_SCHEMA_DIR
"/conf.rng";
5604 doc = xmlParseFile(
config);
5606 printf(
"Error: unable to parse file \"%s\"\n",
config);
5611 rngdoc = xmlParseFile(rngfilename);
5612 if (rngdoc == NULL) {
5613 printf(
"Error: unable to parse file \"%s\"\n", rngfilename);
5619 rngpctx = xmlRelaxNGNewDocParserCtxt(rngdoc);
5621 if (rngpctx == NULL) {
5622 printf(
"Error: unable to create XML RelaxNGs parser context\n");
5628 schema = xmlRelaxNGParse(rngpctx);
5629 xmlRelaxNGFreeParserCtxt(rngpctx);
5630 if (schema == NULL) {
5631 printf(
"Error: unable to parse a schema definition resource\n");
5637 rngctx = xmlRelaxNGNewValidCtxt(schema);
5638 if (rngctx == NULL) {
5639 printf(
"Error: unable to create RelaxNGs validation context based on the schema\n");
5640 xmlRelaxNGFree(schema);
5646 status = xmlRelaxNGValidateDoc(rngctx,doc);
5647 xmlRelaxNGFreeValidCtxt(rngctx);
5648 xmlRelaxNGFree(schema);
5650 printf(
"Error validating file \"%s\"\n",
config);
5657 xpathCtx = xmlXPathNewContext(doc);
5658 if(xpathCtx == NULL) {
5659 printf(
"Error: unable to create new XPath context\n");
5665 xpathObj = xmlXPathEvalExpression(litexpr, xpathCtx);
5666 if(xpathObj == NULL) {
5667 printf(
"Error: unable to evaluate xpath expression: %s\n", litexpr);
5668 xmlXPathFreeContext(xpathCtx);
5672 if(xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
5674 temp_char = (
char *)xmlXPathCastToString(xpathObj);
5678 fprintf(stderr,
"SQLite database set to: %s\n", *dbschema);
5681 xmlXPathFreeObject(xpathObj);
5683 if (db_found == 0) {
5688 xpathObj = xmlXPathEvalExpression(mysql_host, xpathCtx);
5689 if(xpathObj == NULL) {
5690 printf(
"Error: unable to evaluate xpath expression: %s\n", mysql_host);
5691 xmlXPathFreeContext(xpathCtx);
5695 if(xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
5696 temp_char = (
char *)xmlXPathCastToString(xpathObj);
5700 fprintf(stderr,
"MySQL database host set to: %s\n", *host);
5703 xmlXPathFreeObject(xpathObj);
5706 xpathObj = xmlXPathEvalExpression(mysql_port, xpathCtx);
5707 if(xpathObj == NULL) {
5708 printf(
"Error: unable to evaluate xpath expression: %s\n", mysql_port);
5709 xmlXPathFreeContext(xpathCtx);
5713 if(xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
5714 temp_char = (
char *)xmlXPathCastToString(xpathObj);
5718 fprintf(stderr,
"MySQL database port set to: %s\n", *port);
5721 xmlXPathFreeObject(xpathObj);
5724 xpathObj = xmlXPathEvalExpression(mysql_db, xpathCtx);
5725 if(xpathObj == NULL) {
5726 printf(
"Error: unable to evaluate xpath expression: %s\n", mysql_db);
5727 xmlXPathFreeContext(xpathCtx);
5731 if(xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
5732 temp_char = (
char *)xmlXPathCastToString(xpathObj);
5736 fprintf(stderr,
"MySQL database schema set to: %s\n", *dbschema);
5741 xmlXPathFreeObject(xpathObj);
5744 xpathObj = xmlXPathEvalExpression(mysql_user, xpathCtx);
5745 if(xpathObj == NULL) {
5746 printf(
"Error: unable to evaluate xpath expression: %s\n", mysql_user);
5747 xmlXPathFreeContext(xpathCtx);
5751 if(xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
5752 temp_char = (
char *)xmlXPathCastToString(xpathObj);
5756 fprintf(stderr,
"MySQL database user set to: %s\n", *user);
5761 xmlXPathFreeObject(xpathObj);
5764 xpathObj = xmlXPathEvalExpression(mysql_pass, xpathCtx);
5765 if(xpathObj == NULL) {
5766 printf(
"Error: unable to evaluate xpath expression: %s\n", mysql_pass);
5767 xmlXPathFreeContext(xpathCtx);
5772 temp_char = (
char *)xmlXPathCastToString(xpathObj);
5775 xmlXPathFreeObject(xpathObj);
5778 fprintf(stderr,
"MySQL database password set\n");
5783 xmlXPathFreeContext(xpathCtx);
5788 printf(
"Error: unable to find complete database connection expression\n");
5794 printf(
"Error: database in config file does not match libksm\n");
5808 xmlTextReaderPtr reader = NULL;
5809 xmlDocPtr doc = NULL;
5810 xmlXPathContextPtr xpathCtx = NULL;
5811 xmlXPathObjectPtr xpathObj = NULL;
5813 char* temp_char = NULL;
5814 char* tag_name = NULL;
5816 xmlChar *zonelist_expr = (
unsigned char*)
"//Common/ZoneListFile";
5819 reader = xmlNewTextReaderFilename(
config);
5820 if (reader != NULL) {
5821 ret = xmlTextReaderRead(reader);
5823 tag_name = (
char*) xmlTextReaderLocalName(reader);
5825 if (strncmp(tag_name,
"Common", 6) == 0
5826 && xmlTextReaderNodeType(reader) == 1) {
5829 xmlTextReaderExpand(reader);
5830 doc = xmlTextReaderCurrentDoc(reader);
5832 printf(
"Error: can not read Common section\n");
5834 ret = xmlTextReaderRead(reader);
5838 xpathCtx = xmlXPathNewContext(doc);
5839 if(xpathCtx == NULL) {
5840 printf(
"Error: can not create XPath context for Common section\n");
5842 ret = xmlTextReaderRead(reader);
5847 xpathObj = xmlXPathEvalExpression(zonelist_expr, xpathCtx);
5848 if(xpathObj == NULL) {
5849 printf(
"Error: unable to evaluate xpath expression: %s\n", zonelist_expr);
5851 ret = xmlTextReaderRead(reader);
5854 *zone_list_filename = NULL;
5855 temp_char = (
char *)xmlXPathCastToString(xpathObj);
5856 xmlXPathFreeObject(xpathObj);
5857 StrAppend(zone_list_filename, temp_char);
5859 printf(
"zonelist filename set to %s.\n", *zone_list_filename);
5862 ret = xmlTextReaderRead(reader);
5865 xmlFreeTextReader(reader);
5867 printf(
"%s : failed to parse\n",
config);
5871 printf(
"Unable to open %s\n",
config);
5875 xmlXPathFreeContext(xpathCtx);
5885 const char *zone_name,
5886 const char *policy_name,
5887 const char *sig_conf_name,
5888 const char *input_name,
5889 const char *output_name)
5893 xmlNodePtr newzonenode;
5894 xmlNodePtr newadaptnode;
5895 xmlNodePtr newinputnode;
5896 xmlNodePtr newoutputnode;
5897 doc = xmlParseFile(docname);
5899 fprintf(stderr,
"Document not parsed successfully. \n");
5902 cur = xmlDocGetRootElement(doc);
5904 fprintf(stderr,
"empty document\n");
5908 if (xmlStrcmp(cur->name, (
const xmlChar *)
"ZoneList")) {
5909 fprintf(stderr,
"document of the wrong type, root node != %s",
"ZoneList");
5913 newzonenode = xmlNewTextChild(cur, NULL, (
const xmlChar *)
"Zone", NULL);
5914 (void) xmlNewProp(newzonenode, (
const xmlChar *)
"name", (
const xmlChar *)zone_name);
5916 (void) xmlNewTextChild (newzonenode, NULL, (
const xmlChar *)
"Policy", (
const xmlChar *)policy_name);
5918 (void) xmlNewTextChild (newzonenode, NULL, (
const xmlChar *)
"SignerConfiguration", (
const xmlChar *)sig_conf_name);
5920 newadaptnode = xmlNewChild (newzonenode, NULL, (
const xmlChar *)
"Adapters", NULL);
5922 newinputnode = xmlNewChild (newadaptnode, NULL, (
const xmlChar *)
"Input", NULL);
5924 (void) xmlNewTextChild (newinputnode, NULL, (
const xmlChar *)
"File", (
const xmlChar *)input_name);
5926 newoutputnode = xmlNewChild (newadaptnode, NULL, (
const xmlChar *)
"Output", NULL);
5928 (void) xmlNewTextChild (newoutputnode, NULL, (
const xmlChar *)
"File", (
const xmlChar *)output_name);
5934 const char *zone_name)
5940 doc = xmlParseFile(docname);
5942 fprintf(stderr,
"Document not parsed successfully. \n");
5945 root = xmlDocGetRootElement(doc);
5947 fprintf(stderr,
"empty document\n");
5951 if (xmlStrcmp(root->name, (
const xmlChar *)
"ZoneList")) {
5952 fprintf(stderr,
"document of the wrong type, root node != %s",
"ZoneList");
5958 if (all_flag == 1) {
5959 cur = root->children;
5965 cur = root->children;
5971 for(cur = root->children; cur != NULL; cur = cur->next)
5974 if (xmlStrcmp( xmlGetProp(cur, (xmlChar *)
"name"), (
const xmlChar *) zone_name) == 0)
5978 cur = root->children;
5993 xmlChar *polChar = NULL;
5994 xmlChar *propChar = NULL;
6000 doc = xmlParseFile(docname);
6002 fprintf(stderr,
"Document not parsed successfully. \n");
6005 root = xmlDocGetRootElement(doc);
6007 fprintf(stderr,
"empty document\n");
6011 if (xmlStrcmp(root->name, (
const xmlChar *)
"ZoneList")) {
6012 fprintf(stderr,
"document of the wrong type, root node != %s",
"ZoneList");
6018 for(cur = root->children; cur != NULL; cur = cur->next)
6020 if (xmlStrcmp( cur->name, (
const xmlChar *)
"Zone") == 0) {
6021 propChar = xmlGetProp(cur, (xmlChar *)
"name");
6022 printf(
"Found Zone: %s", propChar);
6028 printf(
" (zone not in database)");
6031 zone_ids[i] = temp_id;
6036 for(pol = cur->children; pol != NULL; pol = pol->next)
6038 if (xmlStrcmp( pol->name, (
const xmlChar *)
"Policy") == 0)
6040 polChar = xmlNodeGetContent(pol);
6041 printf(
"; on policy %s\n", polChar);
6060 xmlNodePtr policy_node;
6061 xmlNodePtr signatures_node;
6062 xmlNodePtr validity_node;
6063 xmlNodePtr denial_node;
6064 xmlNodePtr nsec_node;
6065 xmlNodePtr hash_node;
6066 xmlNodePtr salt_node;
6067 xmlNodePtr keys_node;
6068 xmlNodePtr ksk_node;
6069 xmlNodePtr ksk_alg_node;
6070 xmlNodePtr zsk_node;
6071 xmlNodePtr zsk_alg_node;
6072 xmlNodePtr zone_node;
6073 xmlNodePtr zone_soa_node;
6074 xmlNodePtr parent_node;
6075 xmlNodePtr parent_ds_node;
6076 xmlNodePtr parent_soa_node;
6080 root = xmlDocGetRootElement(doc);
6082 fprintf(stderr,
"empty document\n");
6085 if (xmlStrcmp(root->name, (
const xmlChar *)
"KASP")) {
6086 fprintf(stderr,
"document of the wrong type, root node != %s",
"KASP");
6090 policy_node = xmlNewTextChild(root, NULL, (
const xmlChar *)
"Policy", NULL);
6091 (void) xmlNewProp(policy_node, (
const xmlChar *)
"name", (
const xmlChar *)policy->
name);
6092 (void) xmlNewTextChild(policy_node, NULL, (
const xmlChar *)
"Description", (
const xmlChar *)policy->
description);
6095 signatures_node = xmlNewTextChild(policy_node, NULL, (
const xmlChar *)
"Signatures", NULL);
6097 (void) xmlNewTextChild(signatures_node, NULL, (
const xmlChar *)
"Resign", (
const xmlChar *)temp_time);
6099 (void) xmlNewTextChild(signatures_node, NULL, (
const xmlChar *)
"Refresh", (
const xmlChar *)temp_time);
6100 validity_node = xmlNewTextChild(signatures_node, NULL, (
const xmlChar *)
"Validity", NULL);
6102 (void) xmlNewTextChild(validity_node, NULL, (
const xmlChar *)
"Default", (
const xmlChar *)temp_time);
6104 (void) xmlNewTextChild(validity_node, NULL, (
const xmlChar *)
"Denial", (
const xmlChar *)temp_time);
6105 snprintf(temp_time, 32,
"PT%dS", policy->
signer->
jitter);
6106 (void) xmlNewTextChild(signatures_node, NULL, (
const xmlChar *)
"Jitter", (
const xmlChar *)temp_time);
6108 (void) xmlNewTextChild(signatures_node, NULL, (
const xmlChar *)
"InceptionOffset", (
const xmlChar *)temp_time);
6111 denial_node = xmlNewTextChild(policy_node, NULL, (
const xmlChar *)
"Denial", NULL);
6114 (void) xmlNewTextChild(denial_node, NULL, (
const xmlChar *)
"NSEC", NULL);
6118 nsec_node = xmlNewTextChild(denial_node, NULL, (
const xmlChar *)
"NSEC3", NULL);
6121 (void) xmlNewTextChild(nsec_node, NULL, (
const xmlChar *)
"OptOut", NULL);
6123 snprintf(temp_time, 32,
"PT%dS", policy->
denial->
resalt);
6124 (void) xmlNewTextChild(nsec_node, NULL, (
const xmlChar *)
"Resalt", (
const xmlChar *)temp_time);
6125 hash_node = xmlNewTextChild(nsec_node, NULL, (
const xmlChar *)
"Hash", NULL);
6127 (void) xmlNewTextChild(hash_node, NULL, (
const xmlChar *)
"Algorithm", (
const xmlChar *)temp_time);
6129 (void) xmlNewTextChild(hash_node, NULL, (
const xmlChar *)
"Iteration", (
const xmlChar *)temp_time);
6131 salt_node = xmlNewTextChild(hash_node, NULL, (
const xmlChar *)
"Salt", NULL);
6132 (void) xmlNewProp(salt_node, (
const xmlChar *)
"length", (
const xmlChar *)temp_time);
6136 keys_node = xmlNewTextChild(policy_node, NULL, (
const xmlChar *)
"Keys", NULL);
6137 snprintf(temp_time, 32,
"PT%dS", policy->
keys->
ttl);
6138 (void) xmlNewTextChild(keys_node, NULL, (
const xmlChar *)
"TTL", (
const xmlChar *)temp_time);
6140 (void) xmlNewTextChild(keys_node, NULL, (
const xmlChar *)
"RetireSafety", (
const xmlChar *)temp_time);
6142 (void) xmlNewTextChild(keys_node, NULL, (
const xmlChar *)
"PublishSafety", (
const xmlChar *)temp_time);
6145 (void) xmlNewTextChild(keys_node, NULL, (
const xmlChar *)
"ShareKeys", NULL);
6148 snprintf(temp_time, 32,
"PT%dS", policy->
keys->
purge);
6149 (void) xmlNewTextChild(keys_node, NULL, (
const xmlChar *)
"Purge", (
const xmlChar *)temp_time);
6153 ksk_node = xmlNewTextChild(keys_node, NULL, (
const xmlChar *)
"KSK", NULL);
6155 ksk_alg_node = xmlNewTextChild(ksk_node, NULL, (
const xmlChar *)
"Algorithm", (
const xmlChar *)temp_time);
6156 snprintf(temp_time, 32,
"%d", policy->
ksk->
bits);
6157 (void) xmlNewProp(ksk_alg_node, (
const xmlChar *)
"length", (
const xmlChar *)temp_time);
6158 snprintf(temp_time, 32,
"PT%dS", policy->
ksk->
lifetime);
6159 (void) xmlNewTextChild(ksk_node, NULL, (
const xmlChar *)
"Lifetime", (
const xmlChar *)temp_time);
6160 (void) xmlNewTextChild(ksk_node, NULL, (
const xmlChar *)
"Repository", (
const xmlChar *)policy->
ksk->
sm_name);
6162 (void) xmlNewTextChild(ksk_node, NULL, (
const xmlChar *)
"Standby", (
const xmlChar *)temp_time);
6165 (void) xmlNewTextChild(ksk_node, NULL, (
const xmlChar *)
"ManualRollover", NULL);
6169 (void) xmlNewTextChild(ksk_node, NULL, (
const xmlChar *)
"RFC5011", NULL);
6177 zsk_node = xmlNewTextChild(keys_node, NULL, (
const xmlChar *)
"ZSK", NULL);
6179 zsk_alg_node = xmlNewTextChild(zsk_node, NULL, (
const xmlChar *)
"Algorithm", (
const xmlChar *)temp_time);
6180 snprintf(temp_time, 32,
"%d", policy->
zsk->
bits);
6181 (void) xmlNewProp(zsk_alg_node, (
const xmlChar *)
"length", (
const xmlChar *)temp_time);
6182 snprintf(temp_time, 32,
"PT%dS", policy->
zsk->
lifetime);
6183 (void) xmlNewTextChild(zsk_node, NULL, (
const xmlChar *)
"Lifetime", (
const xmlChar *)temp_time);
6184 (void) xmlNewTextChild(zsk_node, NULL, (
const xmlChar *)
"Repository", (
const xmlChar *)policy->
zsk->
sm_name);
6186 (void) xmlNewTextChild(zsk_node, NULL, (
const xmlChar *)
"Standby", (
const xmlChar *)temp_time);
6189 (void) xmlNewTextChild(zsk_node, NULL, (
const xmlChar *)
"ManualRollover", NULL);
6193 zone_node = xmlNewTextChild(policy_node, NULL, (
const xmlChar *)
"Zone", NULL);
6195 (void) xmlNewTextChild(zone_node, NULL, (
const xmlChar *)
"PropagationDelay", (
const xmlChar *)temp_time);
6196 zone_soa_node = xmlNewTextChild(zone_node, NULL, (
const xmlChar *)
"SOA", NULL);
6197 snprintf(temp_time, 32,
"PT%dS", policy->
zone->
soa_ttl);
6198 (void) xmlNewTextChild(zone_soa_node, NULL, (
const xmlChar *)
"TTL", (
const xmlChar *)temp_time);
6199 snprintf(temp_time, 32,
"PT%dS", policy->
zone->
soa_min);
6200 (void) xmlNewTextChild(zone_soa_node, NULL, (
const xmlChar *)
"Minimum", (
const xmlChar *)temp_time);
6204 parent_node = xmlNewTextChild(policy_node, NULL, (
const xmlChar *)
"Parent", NULL);
6206 (void) xmlNewTextChild(parent_node, NULL, (
const xmlChar *)
"PropagationDelay", (
const xmlChar *)temp_time);
6207 parent_ds_node = xmlNewTextChild(parent_node, NULL, (
const xmlChar *)
"DS", NULL);
6208 snprintf(temp_time, 32,
"PT%dS", policy->
parent->
ds_ttl);
6209 (void) xmlNewTextChild(parent_ds_node, NULL, (
const xmlChar *)
"TTL", (
const xmlChar *)temp_time);
6210 parent_soa_node = xmlNewTextChild(parent_node, NULL, (
const xmlChar *)
"SOA", NULL);
6212 (void) xmlNewTextChild(parent_soa_node, NULL, (
const xmlChar *)
"TTL", (
const xmlChar *)temp_time);
6214 (void) xmlNewTextChild(parent_soa_node, NULL, (
const xmlChar *)
"Minimum", (
const xmlChar *)temp_time);
6217 if (strncmp(policy->
audit,
"NULL", 4) != 0) {
6218 (void) xmlNewChild(policy_node, NULL, (
const xmlChar *)
"Audit", NULL);
6228 const char *policy_name)
6234 doc = xmlParseFile(docname);
6236 fprintf(stderr,
"Document not parsed successfully. \n");
6239 root = xmlDocGetRootElement(doc);
6241 fprintf(stderr,
"empty document\n");
6245 if (xmlStrcmp(root->name, (
const xmlChar *)
"KASP")) {
6246 fprintf(stderr,
"document of the wrong type, root node != %s",
"KASP");
6253 for(cur = root->children; cur != NULL; cur = cur->next)
6256 if (xmlStrcmp( xmlGetProp(cur, (xmlChar *)
"name"), (
const xmlChar *) policy_name) == 0)
6260 cur = root->children;
6276 fprintf(stdout,
"KSK:");
6280 fprintf(stdout,
"ZSK:");
6282 fprintf(stdout,
" %s Retired\n", key_data->
location);
6294 fprintf(stderr,
"%s\n", format);
6321 char* temp_zone = NULL;
6324 char* temp_ready = NULL;
6325 char* temp_active = NULL;
6326 char* temp_retire = NULL;
6327 char* temp_dead = NULL;
6328 char* temp_loc = NULL;
6329 char* temp_hsm = NULL;
6333 hsm_key_t *key = NULL;
6334 ldns_rr *dnskey_rr = NULL;
6335 hsm_sign_params_t *sign_params = NULL;
6339 status = hsm_open(
config, hsm_prompt_pin, NULL);
6341 hsm_print_error(NULL);
6347 StrAppend(&sql,
"select z.name, k.keytype, k.state, k.ready, k.active, k.retire, k.dead, k.location, s.name, k.algorithm from securitymodules s, zones z, KEYDATA_VIEW k where z.id = k.zone_id and s.id = k.securitymodule_id and state != 6 and zone_id is not null ");
6348 if (zone_id != -1) {
6361 if (verbose_flag == 1) {
6362 printf(
"Zone: Keytype: State: Date of next transition: CKA_ID: Repository: Keytag:\n");
6365 printf(
"Zone: Keytype: State: Date of next transition:\n");
6367 while (status == 0) {
6370 DbInt(row, 1, &temp_type);
6371 DbInt(row, 2, &temp_state);
6378 DbInt(row, 9, &temp_alg);
6390 printf(
"%-31s %-13s %-9s %-26s", temp_zone, (temp_type ==
KSM_TYPE_KSK) ?
"KSK" :
"ZSK",
KsmKeywordStateValueToName(temp_state), (temp_retire == NULL) ?
"(not scheduled)" : temp_retire);
6402 printf(
"%-31s %-13s %-9s %-26s", temp_zone,
"KSK",
KsmKeywordStateValueToName(temp_state), (temp_ready == NULL) ?
"(not scheduled)" : temp_ready);
6410 printf(
"%-31s %-13s %-9s %-26s", temp_zone,
"KSK",
KsmKeywordStateValueToName(temp_state), (temp_active == NULL) ?
"(not scheduled)" : temp_active);
6414 if (done_row == 1 && verbose_flag == 1) {
6415 key = hsm_find_key_by_id(NULL, temp_loc);
6417 printf(
"%-33s %s NOT IN repository\n", temp_loc, temp_hsm);
6419 sign_params = hsm_sign_params_new();
6420 sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, temp_zone);
6421 sign_params->algorithm = temp_alg;
6422 sign_params->flags = LDNS_KEY_ZONE_KEY;
6424 sign_params->flags += LDNS_KEY_SEP_KEY;
6426 dnskey_rr = hsm_get_dnskey(NULL, key, sign_params);
6427 sign_params->keytag = ldns_calc_keytag(dnskey_rr);
6429 printf(
"%-33s %-33s %d\n", temp_loc, temp_hsm, sign_params->keytag);
6431 hsm_sign_params_free(sign_params);
6435 else if (done_row == 1) {
6462 if (dnskey_rr != NULL) {
6463 ldns_rr_free(dnskey_rr);
6505 char* temp_loc = NULL;
6508 int done_something = 0;
6511 hsm_key_t *key = NULL;
6513 if ((zone_id == -1 && policy_id == -1) ||
6514 (zone_id != -1 && policy_id != -1)){
6515 printf(
"Please provide either a zone OR a policy to key purge\n");
6521 status = hsm_open(
config, hsm_prompt_pin, NULL);
6523 hsm_print_error(NULL);
6528 StrAppend(&sql,
"select distinct id, location from KEYDATA_VIEW where state = 6 ");
6529 if (zone_id != -1) {
6534 if (policy_id != -1) {
6545 while (status == 0) {
6547 DbInt(row, 0, &temp_id);
6604 key = hsm_find_key_by_id(NULL, temp_loc);
6607 printf(
"Key not found: %s\n", temp_loc);
6614 status = hsm_remove_key(NULL, key);
6619 printf(
"Key remove successful.\n");
6621 printf(
"Key remove failed.\n");
6642 if (done_something == 0) {
6643 printf(
"No keys to purge.\n");
6663 hsm_ctx_t *ctx = NULL;
6668 hsm_key_t *key = NULL;
6669 char *hsm_error_message = NULL;
6671 int ksks_needed = 0;
6672 int zsks_needed = 0;
6673 int keys_in_queue = 0;
6675 unsigned int current_count = 0;
6681 int ksks_created = 0;
6685 FILE* lock_fd = NULL;
6690 printf(
"Failed to connect to database\n");
6696 if (policy == NULL) {
6697 printf(
"Malloc for policy struct failed\n");
6703 printf(
"Please provide a policy name with the --policy option\n");
6709 printf(
"Please provide an interval with the --interval option\n");
6722 printf(
"Error: unable to read policy %s from database\n",
o_policy);
6728 printf(
"Error: policy %s doesn't exist in database\n",
o_policy);
6735 printf(
"Key sharing is On\n");
6737 printf(
"Key sharing is Off\n");
6742 printf(
"Error: unable to convert Interval %s to seconds, error: ",
o_interval);
6745 printf(
"invalid interval-type.\n");
6748 printf(
"unable to translate string.\n");
6751 printf(
"interval too long to be an int. E.g. Maximum is ~68 years on a system with 32-bit integers.\n");
6754 printf(
"invalid pointers or text string NULL.\n");
6757 printf(
"unknown\n");
6763 else if (status == -1) {
6764 printf(
"Info: converting %s to seconds; M interpreted as 31 days, Y interpreted as 365 days\n",
o_interval);
6768 status = hsm_open(
config, hsm_prompt_pin, NULL);
6770 hsm_error_message = hsm_get_error(ctx);
6771 if (hsm_error_message) {
6772 printf(
"%s\n", hsm_error_message);
6773 free(hsm_error_message);
6779 printf(
"hsm_open() result: HSM error\n");
6781 case HSM_PIN_INCORRECT:
6782 printf(
"hsm_open() result: incorrect PIN\n");
6784 case HSM_CONFIG_FILE_ERROR:
6785 printf(
"hsm_open() result: config file error\n");
6787 case HSM_REPOSITORY_NOT_FOUND:
6788 printf(
"hsm_open() result: repository not found\n");
6790 case HSM_NO_REPOSITORIES:
6791 printf(
"hsm_open() result: no repositories\n");
6794 printf(
"hsm_open() result: %d", status);
6801 printf(
"HSM opened successfully.\n");
6802 ctx = hsm_create_context();
6807 if (rightnow == NULL) {
6808 printf(
"Couldn't turn \"now\" into a date, quitting...\n");
6829 printf(
"Could not count zones on policy %s\n", policy->
name);
6832 hsm_destroy_context(ctx);
6838 printf(
"Info: %d zone(s) found on policy \"%s\"\n", zone_count, policy->
name);
6847 printf(
"Error: Unable to convert zonetotal \"%s\"; to an integer\n",
o_zonetotal);
6854 printf(
"Error: zonetotal \"%s\"; should be numeric only\n",
o_zonetotal);
6861 if (zone_count < 1) {
6862 printf(
"Error: zonetotal parameter value of %d is invalid - the value must be greater than 0\n", zone_count);
6868 printf(
"Info: Keys will actually be generated for a total of %d zone(s) as specified by zone total parameter\n", zone_count);
6872 if (zone_count == 0) {
6873 printf(
"No zones on policy %s, skipping...\n", policy->
name);
6876 hsm_destroy_context(ctx);
6887 printf(
"Could not predict ksk requirement for next interval for %s\n", policy->
name);
6896 printf(
"Could not count current ksk numbers for policy %s\n", policy->
name);
6903 new_keys = ksks_needed - keys_in_queue;
6908 current_count = hsm_count_keys_repository(ctx, policy->
ksk->
sm_name);
6910 printf(
"Repository %s is full, cannot create more KSKs for policy %s\n", policy->
ksk->
sm_name, policy->
name);
6914 printf(
"Repository %s is nearly full, will create %lu KSKs for policy %s (reduced from %d)\n", policy->
ksk->
sm_name, policy->
ksk->
sm_capacity - current_count, policy->
name, new_keys);
6919 if (new_keys <= 0 ) {
6920 printf(
"No new KSKs need to be created.\n");
6923 printf(
"%d new KSK(s) (%d bits) need to be created.\n", new_keys, policy->
ksk->
bits);
6927 for (i=new_keys ; i > 0 ; i--){
6928 if (hsm_supported_algorithm(policy->
ksk->
algorithm) == 0) {
6933 printf(
"Created key in repository %s\n", policy->
ksk->
sm_name);
6936 printf(
"Error creating key in repository %s\n", policy->
ksk->
sm_name);
6937 hsm_error_message = hsm_get_error(ctx);
6938 if (hsm_error_message) {
6939 printf(
"%s\n", hsm_error_message);
6940 free(hsm_error_message);
6947 id = hsm_get_key_id(ctx, key);
6951 printf(
"Error creating key in Database\n");
6952 hsm_error_message = hsm_get_error(ctx);
6953 if (hsm_error_message) {
6954 printf(
"%s\n", hsm_error_message);
6955 free(hsm_error_message);
6962 printf(
"Created KSK size: %i, alg: %i with id: %s in repository: %s and database.\n", policy->
ksk->
bits,
6966 printf(
"Key algorithm %d unsupported by libhsm.\n", policy->
ksk->
algorithm);
6973 ksks_created = new_keys;
6983 printf(
"Could not predict zsk requirement for next interval for %s\n", policy->
name);
6989 printf(
"Could not count current zsk numbers for policy %s\n", policy->
name);
6996 keys_in_queue -= ksks_needed;
6999 new_keys = zsks_needed - keys_in_queue;
7004 current_count = hsm_count_keys_repository(ctx, policy->
zsk->
sm_name);
7006 printf(
"Repository %s is full, cannot create more ZSKs for policy %s\n", policy->
zsk->
sm_name, policy->
name);
7010 printf(
"Repository %s is nearly full, will create %lu ZSKs for policy %s (reduced from %d)\n", policy->
zsk->
sm_name, policy->
zsk->
sm_capacity - current_count, policy->
name, new_keys);
7015 if (new_keys <= 0 ) {
7017 printf(
"No new ZSKs need to be created.\n");
7020 printf(
"%d new ZSK(s) (%d bits) need to be created.\n", new_keys, policy->
zsk->
bits);
7024 for (i = new_keys ; i > 0 ; i--) {
7025 if (hsm_supported_algorithm(policy->
zsk->
algorithm) == 0) {
7030 printf(
"Created key in repository %s\n", policy->
zsk->
sm_name);
7033 printf(
"Error creating key in repository %s\n", policy->
zsk->
sm_name);
7034 hsm_error_message = hsm_get_error(ctx);
7035 if (hsm_error_message) {
7036 printf(
"%s\n", hsm_error_message);
7037 free(hsm_error_message);
7044 id = hsm_get_key_id(ctx, key);
7048 printf(
"Error creating key in Database\n");
7049 hsm_error_message = hsm_get_error(ctx);
7050 if (hsm_error_message) {
7051 printf(
"%s\n", hsm_error_message);
7052 free(hsm_error_message);
7059 printf(
"Created ZSK size: %i, alg: %i with id: %s in repository: %s and database.\n", policy->
zsk->
bits,
7063 printf(
"Key algorithm %d unsupported by libhsm.\n", policy->
zsk->
algorithm);
7074 printf(
"NOTE: keys generated in repository %s will not become active until they have been backed up\n", policy->
ksk->
sm_name);
7077 printf(
"NOTE: keys generated in repository %s will not become active until they have been backed up\n", policy->
zsk->
sm_name);
7084 hsm_destroy_context(ctx);
7086 status = hsm_close();
7087 printf(
"all done! hsm_close result: %d\n", status);
7101 struct stat stat_ret;
7105 xmlDocPtr doc = NULL;
7106 xmlDocPtr rngdoc = NULL;
7107 xmlXPathContextPtr xpathCtx = NULL;
7108 xmlXPathObjectPtr xpathObj = NULL;
7109 xmlRelaxNGParserCtxtPtr rngpctx = NULL;
7110 xmlRelaxNGValidCtxtPtr rngctx = NULL;
7111 xmlRelaxNGPtr schema = NULL;
7112 xmlChar *user_expr = (
unsigned char*)
"//Configuration/Enforcer/Privileges/User";
7113 xmlChar *group_expr = (
unsigned char*)
"//Configuration/Enforcer/Privileges/Group";
7115 char* filename = OPENDNSSEC_CONFIG_FILE;
7116 char* rngfilename = OPENDNSSEC_SCHEMA_DIR
"/conf.rng";
7117 char* temp_char = NULL;
7124 char *username = NULL;
7125 char *groupname = NULL;
7127 printf(
"fixing permissions on file %s\n", dbschema);
7129 if (geteuid() != 0) {
7134 if (stat(dbschema, &stat_ret) != 0) {
7135 printf(
"cannot stat file %s: %s", dbschema, strerror(errno));
7141 doc = xmlParseFile(filename);
7143 printf(
"Error: unable to parse file \"%s\"", filename);
7148 rngdoc = xmlParseFile(rngfilename);
7149 if (rngdoc == NULL) {
7150 printf(
"Error: unable to parse file \"%s\"", rngfilename);
7155 rngpctx = xmlRelaxNGNewDocParserCtxt(rngdoc);
7156 if (rngpctx == NULL) {
7157 printf(
"Error: unable to create XML RelaxNGs parser context");
7162 schema = xmlRelaxNGParse(rngpctx);
7163 if (schema == NULL) {
7164 printf(
"Error: unable to parse a schema definition resource");
7169 rngctx = xmlRelaxNGNewValidCtxt(schema);
7170 if (rngctx == NULL) {
7171 printf(
"Error: unable to create RelaxNGs validation context based on the schema");
7176 status = xmlRelaxNGValidateDoc(rngctx,doc);
7178 printf(
"Error validating file \"%s\"", filename);
7184 xpathCtx = xmlXPathNewContext(doc);
7185 if(xpathCtx == NULL) {
7186 printf(
"Error: unable to create new XPath context");
7192 xpathObj = xmlXPathEvalExpression(group_expr, xpathCtx);
7193 if(xpathObj == NULL) {
7194 printf(
"Error: unable to evaluate xpath expression: %s", group_expr);
7195 xmlXPathFreeContext(xpathCtx);
7199 if (xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
7200 temp_char = (
char*) xmlXPathCastToString(xpathObj);
7203 xmlXPathFreeObject(xpathObj);
7209 xpathObj = xmlXPathEvalExpression(user_expr, xpathCtx);
7210 if(xpathObj == NULL) {
7211 printf(
"Error: unable to evaluate xpath expression: %s", user_expr);
7212 xmlXPathFreeContext(xpathCtx);
7216 if (xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
7217 temp_char = (
char*) xmlXPathCastToString(xpathObj);
7220 xmlXPathFreeObject(xpathObj);
7226 xmlXPathFreeContext(xpathCtx);
7227 xmlRelaxNGFree(schema);
7228 xmlRelaxNGFreeValidCtxt(rngctx);
7229 xmlRelaxNGFreeParserCtxt(rngpctx);
7234 if (username != NULL) {
7236 if ((pwd = getpwnam(username)) == NULL) {
7237 printf(
"user '%s' does not exist. cannot chown %s...\n", username, dbschema);
7246 if ((grp = getgrnam(groupname)) == NULL) {
7247 printf(
"group '%s' does not exist. cannot chown %s...\n", groupname, dbschema);
7256 if (chown(dbschema, uid, gid) == -1) {
7257 printf(
"cannot chown(%u,%u) %s: %s",
7258 (
unsigned) uid, (
unsigned) gid, dbschema, strerror(errno));
7267 if (chown(temp_char, uid, gid) == -1) {
7268 printf(
"cannot chown(%u,%u) %s: %s",
7269 (
unsigned) uid, (
unsigned) gid, temp_char, strerror(errno));
7311 int CountKeys(
int *zone_id,
int keytag,
const char *cka_id,
int *key_count,
char **temp_cka_id,
int *temp_key_state,
int *temp_keypair_id)
7324 int temp_zone_id = 0;
7325 char* temp_loc = NULL;
7328 int temp_keypair = 0;
7333 hsm_key_t *key = NULL;
7334 ldns_rr *dnskey_rr = NULL;
7335 hsm_sign_params_t *sign_params = NULL;
7338 status = hsm_open(
config, hsm_prompt_pin, NULL);
7340 hsm_print_error(NULL);
7345 nchar = snprintf(buffer,
sizeof(buffer),
"(%d, %d, %d)",
7347 if (nchar >=
sizeof(buffer)) {
7348 printf(
"Error: Overran buffer in CountKeys\n");
7354 StrAppend(&sql,
"select k.zone_id, k.location, k.algorithm, k.state, k.id from KEYDATA_VIEW k where state in ");
7356 StrAppend(&sql,
" and zone_id is not null and k.keytype = 257");
7358 if (*zone_id != -1) {
7363 if (cka_id != NULL) {
7381 while (status == 0) {
7383 DbInt(row, 0, &temp_zone_id);
7385 DbInt(row, 2, &temp_alg);
7386 DbInt(row, 3, &temp_state);
7387 DbInt(row, 4, &temp_keypair);
7391 if (keytag == -1 && cka_id == NULL)
7393 *temp_key_state = temp_state;
7396 key = hsm_find_key_by_id(NULL, temp_loc);
7398 printf(
"cka_id %-33s in DB but NOT IN repository\n", temp_loc);
7399 }
else if (keytag != -1) {
7400 sign_params = hsm_sign_params_new();
7401 sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME,
"temp_zone");
7402 sign_params->algorithm = temp_alg;
7403 sign_params->flags = LDNS_KEY_ZONE_KEY;
7404 sign_params->flags += LDNS_KEY_SEP_KEY;
7406 dnskey_rr = hsm_get_dnskey(NULL, key, sign_params);
7407 sign_params->keytag = ldns_calc_keytag(dnskey_rr);
7410 if (keytag == sign_params->keytag) {
7413 *temp_cka_id = NULL;
7415 *zone_id = temp_zone_id;
7416 *temp_key_state = temp_state;
7417 *temp_keypair_id = temp_keypair;
7418 printf(
"Found key with CKA_ID %s\n", temp_loc);
7421 hsm_sign_params_free(sign_params);
7423 if (key && cka_id != NULL && strncmp(cka_id, temp_loc, strlen(temp_loc)) == 0) {
7425 if (done_row == 0) {
7427 *temp_cka_id = NULL;
7429 *zone_id = temp_zone_id;
7430 *temp_key_state = temp_state;
7431 *temp_keypair_id = temp_keypair;
7432 printf(
"Found key with CKA_ID %s\n", temp_loc);
7452 *key_count = temp_count;
7459 if (dnskey_rr != NULL) {
7460 ldns_rr_free(dnskey_rr);
7495 int MarkDSSeen(
int keypair_id,
int zone_id,
int policy_id,
const char *datetime,
int key_state)
7514 printf(
"Error: failed to read policy\n");
7535 nchar = snprintf(buffer,
sizeof(buffer),
7536 "DATE_ADD('%s', INTERVAL %d SECOND) ", datetime, deltat);
7538 nchar = snprintf(buffer,
sizeof(buffer),
7539 "DATETIME('%s', '+%d SECONDS') ", datetime, deltat);
7542 if (nchar >=
sizeof(buffer)) {
7544 printf(
"Error: failed to create SQL statement\n");
7566 nchar = snprintf(buffer,
sizeof(buffer),
7567 "DATE_ADD('%s', INTERVAL %d SECOND) ", datetime, deltat);
7569 nchar = snprintf(buffer,
sizeof(buffer),
7570 "DATETIME('%s', '+%d SECONDS') ", datetime, deltat);
7573 if (nchar >=
sizeof(buffer)) {
7575 printf(
"Error: failed to create SQL statement\n");
7637 char* where_clause = NULL;
7653 printf(
"Error: failed to read policy\n");
7669 StrAppend(&where_clause,
"select id from KEYDATA_VIEW where state = 4 and keytype = 257 and zone_id = ");
7671 StrAppend(&where_clause,
" and retire = (select min(retire) from KEYDATA_VIEW where state = 4 and keytype = 257 and zone_id = ");
7680 printf(
"Error: failed to find ID of key to retire\n");
7689 nchar = snprintf(buffer,
sizeof(buffer),
7690 "DATE_ADD('%s', INTERVAL %d SECOND) ", datetime, deltat);
7692 nchar = snprintf(buffer,
sizeof(buffer),
7693 "DATETIME('%s', '+%d SECONDS') ", datetime, deltat);
7696 if (nchar >=
sizeof(buffer)) {
7698 printf(
"Error: failed to create SQL statement\n");
7766 if (zone_id != -1) {
7775 printf(
"Error in CountKeysInState\n");
7812 int ChangeKeyState(
int keytype,
const char *cka_id,
int zone_id,
int policy_id,
const char *datetime,
int keystate)
7841 printf(
"Error: failed to read policy\n");
7849 if (zone_id != -1) {
7868 keyids =
MemMalloc(count *
sizeof(
int));
7875 if (zone_id != -1) {
7884 while (status == 0) {
7885 status =
KsmKey(result, &data);
7916 for (j = 0; j < i; ++j) {
7920 snprintf(buffer,
sizeof(buffer),
"%d", keyids[j]);
7943 nchar = snprintf(buffer,
sizeof(buffer),
7944 "DATE_ADD('%s', INTERVAL %d SECOND) ", datetime, deltat);
7946 nchar = snprintf(buffer,
sizeof(buffer),
7947 "DATETIME('%s', '+%d SECONDS') ", datetime, deltat);
7950 if (nchar >=
sizeof(buffer)) {
7952 printf(
"Error: failed to create SQL statement\n");
7963 if (zone_id != -1) {
7981 nchar = snprintf(buffer,
sizeof(buffer),
7982 "DATE_ADD('%s', INTERVAL %d SECOND) ", datetime, deltat);
7984 nchar = snprintf(buffer,
sizeof(buffer),
7985 "DATETIME('%s', '+%d SECONDS') ", datetime, deltat);
7988 if (nchar >=
sizeof(buffer)) {
7990 printf(
"Error: failed to create SQL statement\n");
8001 if (zone_id != -1) {
8012 nchar = snprintf(buffer,
sizeof(buffer),
8013 "DATE_ADD('%s', INTERVAL %d SECOND) ", datetime, deltat);
8015 nchar = snprintf(buffer,
sizeof(buffer),
8016 "DATETIME('%s', '+%d SECONDS') ", datetime, deltat);
8019 if (nchar >=
sizeof(buffer)) {
8021 printf(
"Error: failed to create SQL statement\n");
8032 if (zone_id != -1) {
8067 static int restart_enforcerd()
8071 return system(ODS_EN_NOTIFY);
8083 xmlDocPtr doc = NULL;
8084 xmlXPathContextPtr xpathCtx = NULL;
8085 xmlXPathObjectPtr xpathObj = NULL;
8086 char* temp_char = NULL;
8088 xmlChar *iv_expr = (
unsigned char*)
"//Configuration/Enforcer/Interval";
8089 xmlChar *mk_expr = (
unsigned char*)
"//Configuration/Enforcer/ManualKeyGeneration";
8092 doc = xmlParseFile(
config);
8094 printf(
"Error: unable to parse file \"%s\"\n",
config);
8099 xpathCtx = xmlXPathNewContext(doc);
8100 if(xpathCtx == NULL) {
8101 printf(
"Error: unable to create new XPath context\n");
8107 xpathObj = xmlXPathEvalExpression(iv_expr, xpathCtx);
8108 if(xpathObj == NULL) {
8109 printf(
"Error: unable to evaluate xpath expression: %s", iv_expr);
8110 xmlXPathFreeContext(xpathCtx);
8115 temp_char = (
char *)xmlXPathCastToString(xpathObj);
8118 printf(
"Error: unable to convert Interval %s to seconds, error: %i\n", temp_char, status);
8122 else if (status == -1) {
8123 printf(
"Info: converting %s to seconds; M interpreted as 31 days, Y interpreted as 365 days\n", temp_char);
8127 xmlXPathFreeObject(xpathObj);
8130 xpathObj = xmlXPathEvalExpression(mk_expr, xpathCtx);
8131 if(xpathObj == NULL) {
8132 printf(
"Error: unable to evaluate xpath expression: %s\n", mk_expr);
8133 xmlXPathFreeContext(xpathCtx);
8138 if (xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
8146 xmlXPathFreeObject(xpathObj);
8149 xmlXPathFreeContext(xpathCtx);
8189 int man_key_gen = -1;
8200 printf(
"Failed to Link Keys to zone\n");
8210 if (policy == NULL) {
8211 printf(
"Malloc for policy struct failed\n");
8221 printf(
"Error: unable to read policy %s from database\n",
o_policy);
8226 printf(
"Error: policy %s doesn't exist in database\n",
o_policy);
8234 printf(
"Error allocating zsks to zone %s", zone_name);
8240 printf(
"Error allocating ksks to zone %s", zone_name);
8282 int keys_needed = 0;
8283 int keys_in_queue = 0;
8284 int keys_pending_retirement = 0;
8286 int key_pair_id = 0;
8293 if (datetime == NULL) {
8294 printf(
"Couldn't turn \"now\" into a date, quitting...");
8298 if (policy == NULL) {
8299 printf(
"NULL policy sent to allocateKeysToZone");
8305 printf(
"Unknown keytype: %i in allocateKeysToZone", key_type);
8319 status =
KsmKeyPredict(policy->
id, key_type, 1, interval, &keys_needed, rollover_scheme, 1);
8321 printf(
"Could not predict key requirement for next interval for %s", zone_name);
8329 printf(
"Could not count current key numbers for zone %s", zone_name);
8337 printf(
"Could not count keys which may retire before the next run (for zone %s)", zone_name);
8343 new_keys = keys_needed - (keys_in_queue - keys_pending_retirement);
8348 for (i=0 ; i < new_keys ; i++){
8352 if (status == -1 || key_pair_id == 0) {
8353 if (man_key_gen == 0) {
8354 printf(
"Not enough keys to satisfy ksk policy for zone: %s", zone_name);
8355 printf(
"ods-enforcerd will create some more keys on its next run");
8358 printf(
"Not enough keys to satisfy ksk policy for zone: %s", zone_name);
8359 printf(
"please use \"ods-ksmutil key generate\" to create some more keys.");
8363 else if (status != 0) {
8364 printf(
"Could not get an unallocated ksk for zone: %s", zone_name);
8369 if (status == -1 || key_pair_id == 0) {
8370 if (man_key_gen == 0) {
8371 printf(
"Not enough keys to satisfy zsk policy for zone: %s", zone_name);
8372 printf(
"ods-enforcerd will create some more keys on its next run");
8375 printf(
"Not enough keys to satisfy zsk policy for zone: %s", zone_name);
8376 printf(
"please use \"ods-ksmutil key generate\" to create some more keys.");
8380 else if (status != 0) {
8381 printf(
"Could not get an unallocated zsk for zone: %s", zone_name);
8385 if(key_pair_id > 0) {
8390 printf(
"KsmKeyGetUnallocated returned bad key_id %d for zone: %s; exiting...", key_pair_id, zone_name);
8418 int keyRoll(
int zone_id,
int policy_id,
int key_type)
8431 int temp_zone_id = -1;
8437 char* insql1 = NULL;
8438 char* insql2 = NULL;
8444 if (datetime == NULL) {
8445 printf(
"Couldn't turn \"now\" into a date, quitting...\n");
8453 if (zone_id != -1) {
8456 if (policy_id != -1) {
8460 if (key_type != -1) {
8469 while (status == 0) {
8471 DbInt(row, 0, &temp_id);
8472 DbInt(row, 1, &temp_type);
8476 DusSetInt(&sql1,
"compromisedflag", 1, 1);
8537 size = snprintf(sql2,
KSM_SQL_SIZE,
"select zone_id from dnsseckeys where retire = \"%s\" and keypair_id = %d", datetime, temp_id);
8541 while (status == 0) {
8543 DbInt(row2, 0, &temp_zone_id);
8548 snprintf(buffer,
sizeof(buffer),
"%d", temp_zone_id);
8571 while (status == 0) {
8573 DbInt(row2, 0, &temp_zone_id);
8578 snprintf(buffer,
sizeof(buffer),
"%d", temp_zone_id);
8600 printf(
"Couldn't construct SQL to promote standby key\n");
8663 else if (status == -1) {}
8678 xmlNodePtr zone_node;
8679 xmlNodePtr adapters_node;
8680 xmlNodePtr input_node;
8681 xmlNodePtr output_node;
8683 root = xmlDocGetRootElement(doc);
8685 fprintf(stderr,
"empty document\n");
8688 if (xmlStrcmp(root->name, (
const xmlChar *)
"ZoneList")) {
8689 fprintf(stderr,
"document of the wrong type, root node != %s",
"ZoneList");
8693 zone_node = xmlNewTextChild(root, NULL, (
const xmlChar *)
"Zone", NULL);
8694 (void) xmlNewProp(zone_node, (
const xmlChar *)
"name", (
const xmlChar *)zone->
name);
8697 (void) xmlNewTextChild(zone_node, NULL, (
const xmlChar *)
"Policy", (
const xmlChar *)zone->
policy_name);
8700 (void) xmlNewTextChild(zone_node, NULL, (
const xmlChar *)
"SignerConfiguration", (
const xmlChar *)zone->
signconf);
8703 adapters_node = xmlNewTextChild(zone_node, NULL, (
const xmlChar *)
"Adapters", NULL);
8705 input_node = xmlNewTextChild(adapters_node, NULL, (
const xmlChar *)
"Input", NULL);
8706 (void) xmlNewTextChild(input_node, NULL, (
const xmlChar *)
"File", (
const xmlChar *)zone->
input);
8708 output_node = xmlNewTextChild(adapters_node, NULL, (
const xmlChar *)
"Output", NULL);
8709 (void) xmlNewTextChild(output_node, NULL, (
const xmlChar *)
"File", (
const xmlChar *)zone->
output);
8720 size_t len = strlen(
string);
8723 for (i = 0; i < len; ++i) {
8724 if (
string[i] ==
'\'') {
8729 buffer[j++] =
string[i];
8733 return ( (j <= buflen) ? 0 : 1);
8738 char* signconf = NULL;
8739 char* moved_signconf = NULL;
8740 char* zone_name = NULL;
8744 xmlDocPtr doc = NULL;
8746 xmlXPathContextPtr xpathCtx = NULL;
8747 xmlXPathObjectPtr xpathObj = NULL;
8749 xmlChar *node_expr = (
unsigned char*)
"//Zone";
8751 doc = xmlParseFile(zonelist_filename);
8753 printf(
"Error: unable to parse file \"%s\"\n", zonelist_filename);
8757 xpathCtx = xmlXPathNewContext(doc);
8758 if(xpathCtx == NULL) {
8764 xpathObj = xmlXPathEvalExpression(node_expr, xpathCtx);
8765 if(xpathObj == NULL) {
8766 xmlXPathFreeContext(xpathCtx);
8771 if (xpathObj->nodesetval) {
8772 for (i = 0; i < xpathObj->nodesetval->nodeNr; i++) {
8774 curNode = xpathObj->nodesetval->nodeTab[i]->xmlChildrenNode;
8775 zone_name = (
char *) xmlGetProp(xpathObj->nodesetval->nodeTab[i], (
const xmlChar *)
"name");
8777 if (all_flag || (strlen(zone_name) == strlen(o_zone) &&
8778 strncmp(zone_name, o_zone, strlen(zone_name)) == 0)) {
8782 if (xmlStrEqual(curNode->name, (
const xmlChar *)
"SignerConfiguration")) {
8783 StrAppend(&signconf, (
char *) xmlNodeGetContent(curNode));
8785 StrAppend(&moved_signconf,
".ZONE_DELETED");
8787 status = rename(signconf, moved_signconf);
8788 if (status != 0 && errno != ENOENT)
8791 printf(
"Could not rename: %s -> %s", signconf, moved_signconf);
8802 curNode = curNode->next;