OpenDNSSEC-signer  1.4.7
signconfparser.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2009 NLNet Labs. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  * notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  * notice, this list of conditions and the following disclaimer in the
11  * documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
15  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
17  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
19  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
20  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
21  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
22  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
23  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  *
25  */
26 
32 #include "parser/confparser.h"
33 #include "parser/signconfparser.h"
34 #include "shared/duration.h"
35 #include "shared/log.h"
36 
37 #include <libxml/parser.h>
38 #include <libxml/xpath.h>
39 #include <libxml/xpathInternals.h>
40 #include <libxml/xmlreader.h>
41 #include <stdlib.h>
42 
43 static const char* parser_str = "parser";
44 
45 
51 parse_sc_keys(void* sc, const char* cfgfile)
52 {
53  xmlDocPtr doc = NULL;
54  xmlXPathContextPtr xpathCtx = NULL;
55  xmlXPathObjectPtr xpathObj = NULL;
56  xmlNode* curNode = NULL;
57  xmlChar* xexpr = NULL;
58  key_type* new_key = NULL;
59  keylist_type* kl = NULL;
60  char* locator = NULL;
61  char* flags = NULL;
62  char* algorithm = NULL;
63  int ksk, zsk, publish, i;
64 
65  if (!cfgfile || !sc) {
66  return NULL;
67  }
68  /* Load XML document */
69  doc = xmlParseFile(cfgfile);
70  if (doc == NULL) {
71  ods_log_error("[%s] unable to parse <Keys>: "
72  "xmlParseFile() failed", parser_str);
73  return NULL;
74  }
75  /* Create xpath evaluation context */
76  xpathCtx = xmlXPathNewContext(doc);
77  if(xpathCtx == NULL) {
78  xmlFreeDoc(doc);
79  ods_log_error("[%s] unable to parse <Keys>: "
80  "xmlXPathNewContext() failed", parser_str);
81  return NULL;
82  }
83  /* Evaluate xpath expression */
84  xexpr = (xmlChar*) "//SignerConfiguration/Zone/Keys/Key";
85  xpathObj = xmlXPathEvalExpression(xexpr, xpathCtx);
86  if(xpathObj == NULL) {
87  xmlXPathFreeContext(xpathCtx);
88  xmlFreeDoc(doc);
89  ods_log_error("[%s] unable to parse <Keys>: "
90  "xmlXPathEvalExpression() failed", parser_str);
91  return NULL;
92  }
93  /* Parse keys */
94  kl = keylist_create(sc);
95  ods_log_assert(kl);
96  if (xpathObj->nodesetval && xpathObj->nodesetval->nodeNr > 0) {
97  for (i = 0; i < xpathObj->nodesetval->nodeNr; i++) {
98  locator = NULL;
99  flags = NULL;
100  algorithm = NULL;
101  ksk = 0;
102  zsk = 0;
103  publish = 0;
104 
105  curNode = xpathObj->nodesetval->nodeTab[i]->xmlChildrenNode;
106  while (curNode) {
107  if (xmlStrEqual(curNode->name, (const xmlChar *)"Locator")) {
108  locator = (char *) xmlNodeGetContent(curNode);
109  } else if (xmlStrEqual(curNode->name, (const xmlChar *)"Algorithm")) {
110  algorithm = (char *) xmlNodeGetContent(curNode);
111  } else if (xmlStrEqual(curNode->name, (const xmlChar *)"Flags")) {
112  flags = (char *) xmlNodeGetContent(curNode);
113  } else if (xmlStrEqual(curNode->name, (const xmlChar *)"KSK")) {
114  ksk = 1;
115  } else if (xmlStrEqual(curNode->name, (const xmlChar *)"ZSK")) {
116  zsk = 1;
117  } else if (xmlStrEqual(curNode->name, (const xmlChar *)"Publish")) {
118  publish = 1;
119  }
120  curNode = curNode->next;
121  }
122  if (locator && algorithm && flags) {
123  /* search for duplicates */
124  new_key = keylist_lookup_by_locator(kl, locator);
125  if (new_key &&
126  new_key->algorithm == (uint8_t) atoi(algorithm) &&
127  new_key->flags == (uint32_t) atoi(flags) &&
128  new_key->publish == publish &&
129  new_key->ksk == ksk &&
130  new_key->zsk == zsk) {
131  /* duplicate */
132  ods_log_warning("[%s] unable to push duplicate key %s "
133  "to keylist, skipping", parser_str, locator);
134  } else {
135  (void) keylist_push(kl, locator,
136  (uint8_t) atoi(algorithm), (uint32_t) atoi(flags),
137  publish, ksk, zsk);
138  }
139  } else {
140  ods_log_error("[%s] unable to push key to keylist: <Key> "
141  "is missing required elements, skipping",
142  parser_str);
143  }
144  /* free((void*)locator); */
145  free((void*)algorithm);
146  free((void*)flags);
147  }
148  }
149  xmlXPathFreeObject(xpathObj);
150  xmlXPathFreeContext(xpathCtx);
151  if (doc) {
152  xmlFreeDoc(doc);
153  }
154  return kl;
155 }
156 
157 
163 parse_sc_sig_resign_interval(const char* cfgfile)
164 {
165  duration_type* duration = NULL;
166  const char* str = parse_conf_string(cfgfile,
167  "//SignerConfiguration/Zone/Signatures/Resign",
168  1);
169  if (!str) {
170  return NULL;
171  }
172  duration = duration_create_from_string(str);
173  free((void*)str);
174  return duration;
175 }
176 
177 
179 parse_sc_sig_refresh_interval(const char* cfgfile)
180 {
181  duration_type* duration = NULL;
182  const char* str = parse_conf_string(cfgfile,
183  "//SignerConfiguration/Zone/Signatures/Refresh",
184  1);
185  if (!str) {
186  return NULL;
187  }
188  duration = duration_create_from_string(str);
189  free((void*)str);
190  return duration;
191 }
192 
193 
195 parse_sc_sig_validity_default(const char* cfgfile)
196 {
197  duration_type* duration = NULL;
198  const char* str = parse_conf_string(cfgfile,
199  "//SignerConfiguration/Zone/Signatures/Validity/Default",
200  1);
201  if (!str) {
202  return NULL;
203  }
204  duration = duration_create_from_string(str);
205  free((void*)str);
206  return duration;
207 }
208 
209 
211 parse_sc_sig_validity_denial(const char* cfgfile)
212 {
213  duration_type* duration = NULL;
214  const char* str = parse_conf_string(cfgfile,
215  "//SignerConfiguration/Zone/Signatures/Validity/Denial",
216  1);
217  if (!str) {
218  return NULL;
219  }
220  duration = duration_create_from_string(str);
221  free((void*)str);
222  return duration;
223 }
224 
225 
227 parse_sc_sig_jitter(const char* cfgfile)
228 {
229  duration_type* duration = NULL;
230  const char* str = parse_conf_string(cfgfile,
231  "//SignerConfiguration/Zone/Signatures/Jitter",
232  1);
233  if (!str) {
234  return NULL;
235  }
236  duration = duration_create_from_string(str);
237  free((void*)str);
238  return duration;
239 }
240 
241 
243 parse_sc_sig_inception_offset(const char* cfgfile)
244 {
245  duration_type* duration = NULL;
246  const char* str = parse_conf_string(cfgfile,
247  "//SignerConfiguration/Zone/Signatures/InceptionOffset",
248  1);
249  if (!str) {
250  return NULL;
251  }
252  duration = duration_create_from_string(str);
253  free((void*)str);
254  return duration;
255 }
256 
257 
259 parse_sc_dnskey_ttl(const char* cfgfile)
260 {
261  duration_type* duration = NULL;
262  const char* str = parse_conf_string(cfgfile,
263  "//SignerConfiguration/Zone/Keys/TTL",
264  1);
265  if (!str) {
266  return NULL;
267  }
268  duration = duration_create_from_string(str);
269  free((void*)str);
270  return duration;
271 }
272 
273 
275 parse_sc_nsec3param_ttl(const char* cfgfile)
276 {
277  duration_type* duration = NULL;
278  const char* str = parse_conf_string(cfgfile,
279  "//SignerConfiguration/Zone/Denial/NSEC3/TTL",
280  0);
281  if (!str) {
282  return NULL;
283  }
284  duration = duration_create_from_string(str);
285  free((void*)str);
286  return duration;
287 }
288 
289 
291 parse_sc_soa_ttl(const char* cfgfile)
292 {
293  duration_type* duration = NULL;
294  const char* str = parse_conf_string(cfgfile,
295  "//SignerConfiguration/Zone/SOA/TTL",
296  1);
297  if (!str) {
298  return NULL;
299  }
300  duration = duration_create_from_string(str);
301  free((void*)str);
302  return duration;
303 }
304 
305 
307 parse_sc_soa_min(const char* cfgfile)
308 {
309  duration_type* duration = NULL;
310  const char* str = parse_conf_string(cfgfile,
311  "//SignerConfiguration/Zone/SOA/Minimum",
312  1);
313  if (!str) {
314  return NULL;
315  }
316  duration = duration_create_from_string(str);
317  free((void*)str);
318  return duration;
319 }
320 
321 
326 ldns_rr_type
327 parse_sc_nsec_type(const char* cfgfile)
328 {
329  const char* str = parse_conf_string(cfgfile,
330  "//SignerConfiguration/Zone/Denial/NSEC3",
331  0);
332  if (str) {
333  free((void*)str);
334  return LDNS_RR_TYPE_NSEC3;
335  }
336  str = parse_conf_string(cfgfile,
337  "//SignerConfiguration/Zone/Denial/NSEC",
338  0);
339  if (str) {
340  free((void*)str);
341  return LDNS_RR_TYPE_NSEC;
342  }
343  return LDNS_RR_TYPE_FIRST;
344 }
345 
346 
351 uint32_t
352 parse_sc_nsec3_algorithm(const char* cfgfile)
353 {
354  int ret = 0;
355  const char* str = parse_conf_string(cfgfile,
356  "//SignerConfiguration/Zone/Denial/NSEC3/Hash/Algorithm",
357  1);
358  if (str) {
359  if (strlen(str) > 0) {
360  ret = atoi(str);
361  }
362  free((void*)str);
363  }
364  return ret;
365 }
366 
367 
368 uint32_t
369 parse_sc_nsec3_iterations(const char* cfgfile)
370 {
371  int ret = 0;
372  const char* str = parse_conf_string(cfgfile,
373  "//SignerConfiguration/Zone/Denial/NSEC3/Hash/Iterations",
374  1);
375  if (str) {
376  if (strlen(str) > 0) {
377  ret = atoi(str);
378  }
379  free((void*)str);
380  }
381  return ret;
382 }
383 
384 
385 int
386 parse_sc_nsec3_optout(const char* cfgfile)
387 {
388  int ret = 0;
389  const char* str = parse_conf_string(cfgfile,
390  "//SignerConfiguration/Zone/Denial/NSEC3/OptOut",
391  0);
392  if (str) {
393  ret = 1;
394  free((void*)str);
395  }
396  return ret;
397 }
398 
399 
404 const char*
405 parse_sc_soa_serial(allocator_type* allocator, const char* cfgfile)
406 {
407  const char* dup = NULL;
408  const char* str = parse_conf_string(
409  cfgfile,
410  "//SignerConfiguration/Zone/SOA/Serial",
411  1);
412 
413  if (str) {
414  dup = allocator_strdup(allocator, str);
415  free((void*)str);
416  }
417  return dup;
418 }
419 
420 
421 const char*
422 parse_sc_nsec3_salt(allocator_type* allocator, const char* cfgfile)
423 {
424  const char* dup = NULL;
425  const char* str = parse_conf_string(
426  cfgfile,
427  "//SignerConfiguration/Zone/Denial/NSEC3/Hash/Salt",
428  1);
429 
430  if (str) {
431  dup = allocator_strdup(allocator, str);
432  free((void*)str);
433  }
434  return dup;
435 }
duration_type * parse_sc_sig_validity_default(const char *cfgfile)
duration_type * parse_sc_sig_validity_denial(const char *cfgfile)
int publish
Definition: keys.h:61
int zsk
Definition: keys.h:63
uint32_t parse_sc_nsec3_algorithm(const char *cfgfile)
key_type * keylist_lookup_by_locator(keylist_type *kl, const char *locator)
Definition: keys.c:74
duration_type * parse_sc_soa_ttl(const char *cfgfile)
const char * parse_sc_soa_serial(allocator_type *allocator, const char *cfgfile)
void ods_log_error(const char *format,...)
Definition: log.c:334
duration_type * parse_sc_sig_inception_offset(const char *cfgfile)
const char * parse_sc_nsec3_salt(allocator_type *allocator, const char *cfgfile)
duration_type * parse_sc_dnskey_ttl(const char *cfgfile)
duration_type * parse_sc_sig_jitter(const char *cfgfile)
duration_type * parse_sc_nsec3param_ttl(const char *cfgfile)
char * allocator_strdup(allocator_type *allocator, const char *string)
Definition: allocator.c:121
duration_type * parse_sc_sig_refresh_interval(const char *cfgfile)
int parse_sc_nsec3_optout(const char *cfgfile)
duration_type * parse_sc_soa_min(const char *cfgfile)
const char * parse_conf_string(const char *cfgfile, const char *expr, int required)
Definition: confparser.c:235
keylist_type * keylist_create(void *sc)
Definition: keys.c:47
keylist_type * parse_sc_keys(void *sc, const char *cfgfile)
int ksk
Definition: keys.h:62
uint8_t algorithm
Definition: keys.h:59
ldns_rr_type parse_sc_nsec_type(const char *cfgfile)
key_type * keylist_push(keylist_type *kl, const char *locator, uint8_t algorithm, uint32_t flags, int publish, int ksk, int zsk)
Definition: keys.c:118
#define ods_log_assert(x)
Definition: log.h:154
duration_type * duration_create_from_string(const char *str)
Definition: duration.c:123
uint32_t flags
Definition: keys.h:60
duration_type * parse_sc_sig_resign_interval(const char *cfgfile)
void ods_log_warning(const char *format,...)
Definition: log.c:318
uint32_t parse_sc_nsec3_iterations(const char *cfgfile)