OpenDNSSEC-signer  1.4.8.2
signconfparser.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2009 NLNet Labs. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  * notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  * notice, this list of conditions and the following disclaimer in the
11  * documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
15  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
17  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
19  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
20  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
21  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
22  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
23  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  *
25  */
26 
32 #include "parser/confparser.h"
33 #include "parser/signconfparser.h"
34 #include "shared/duration.h"
35 #include "shared/log.h"
36 
37 #include <libxml/parser.h>
38 #include <libxml/xpath.h>
39 #include <libxml/xpathInternals.h>
40 #include <libxml/xmlreader.h>
41 #include <stdlib.h>
42 
43 static const char* parser_str = "parser";
44 
45 
51 parse_sc_keys(void* sc, const char* cfgfile)
52 {
53  xmlDocPtr doc = NULL;
54  xmlXPathContextPtr xpathCtx = NULL;
55  xmlXPathObjectPtr xpathObj = NULL;
56  xmlNode* curNode = NULL;
57  xmlChar* xexpr = NULL;
58  key_type* new_key = NULL;
59  keylist_type* kl = NULL;
60  char* locator = NULL;
61  char* flags = NULL;
62  char* algorithm = NULL;
63  int ksk, zsk, publish, i, rfc5011;
64 
65  if (!cfgfile || !sc) {
66  return NULL;
67  }
68  /* Load XML document */
69  doc = xmlParseFile(cfgfile);
70  if (doc == NULL) {
71  ods_log_error("[%s] unable to parse <Keys>: "
72  "xmlParseFile() failed", parser_str);
73  return NULL;
74  }
75  /* Create xpath evaluation context */
76  xpathCtx = xmlXPathNewContext(doc);
77  if(xpathCtx == NULL) {
78  xmlFreeDoc(doc);
79  ods_log_error("[%s] unable to parse <Keys>: "
80  "xmlXPathNewContext() failed", parser_str);
81  return NULL;
82  }
83  /* Evaluate xpath expression */
84  xexpr = (xmlChar*) "//SignerConfiguration/Zone/Keys/Key";
85  xpathObj = xmlXPathEvalExpression(xexpr, xpathCtx);
86  if(xpathObj == NULL) {
87  xmlXPathFreeContext(xpathCtx);
88  xmlFreeDoc(doc);
89  ods_log_error("[%s] unable to parse <Keys>: "
90  "xmlXPathEvalExpression() failed", parser_str);
91  return NULL;
92  }
93  /* Parse keys */
94  kl = keylist_create(sc);
95  ods_log_assert(kl);
96  if (xpathObj->nodesetval && xpathObj->nodesetval->nodeNr > 0) {
97  for (i = 0; i < xpathObj->nodesetval->nodeNr; i++) {
98  locator = NULL;
99  flags = NULL;
100  algorithm = NULL;
101  ksk = 0;
102  zsk = 0;
103  publish = 0;
104  rfc5011 = 0;
105 
106  curNode = xpathObj->nodesetval->nodeTab[i]->xmlChildrenNode;
107  while (curNode) {
108  if (xmlStrEqual(curNode->name, (const xmlChar *)"Locator")) {
109  locator = (char *) xmlNodeGetContent(curNode);
110  } else if (xmlStrEqual(curNode->name, (const xmlChar *)"Algorithm")) {
111  algorithm = (char *) xmlNodeGetContent(curNode);
112  } else if (xmlStrEqual(curNode->name, (const xmlChar *)"Flags")) {
113  flags = (char *) xmlNodeGetContent(curNode);
114  } else if (xmlStrEqual(curNode->name, (const xmlChar *)"KSK")) {
115  ksk = 1;
116  } else if (xmlStrEqual(curNode->name, (const xmlChar *)"ZSK")) {
117  zsk = 1;
118  } else if (xmlStrEqual(curNode->name, (const xmlChar *)"Publish")) {
119  publish = 1;
120  } else if (xmlStrEqual(curNode->name, (const xmlChar *)"RFC5011")) {
121  rfc5011 = 1;
122  }
123  curNode = curNode->next;
124  }
125  if (locator && algorithm && flags) {
126  /* search for duplicates */
127  new_key = keylist_lookup_by_locator(kl, locator);
128  if (new_key &&
129  new_key->algorithm == (uint8_t) atoi(algorithm) &&
130  new_key->flags == (uint32_t) atoi(flags) &&
131  new_key->publish == publish &&
132  new_key->ksk == ksk &&
133  new_key->zsk == zsk) {
134  /* duplicate */
135  ods_log_warning("[%s] unable to push duplicate key %s "
136  "to keylist, skipping", parser_str, locator);
137  } else {
138  (void) keylist_push(kl, locator,
139  (uint8_t) atoi(algorithm), (uint32_t) atoi(flags),
140  publish, ksk, zsk, rfc5011);
141  }
142  } else {
143  ods_log_error("[%s] unable to push key to keylist: <Key> "
144  "is missing required elements, skipping",
145  parser_str);
146  }
147  /* free((void*)locator); */
148  free((void*)algorithm);
149  free((void*)flags);
150  }
151  }
152  xmlXPathFreeObject(xpathObj);
153  xmlXPathFreeContext(xpathCtx);
154  if (doc) {
155  xmlFreeDoc(doc);
156  }
157  return kl;
158 }
159 
160 
166 parse_sc_sig_resign_interval(const char* cfgfile)
167 {
168  duration_type* duration = NULL;
169  const char* str = parse_conf_string(cfgfile,
170  "//SignerConfiguration/Zone/Signatures/Resign",
171  1);
172  if (!str) {
173  return NULL;
174  }
175  duration = duration_create_from_string(str);
176  free((void*)str);
177  return duration;
178 }
179 
180 
182 parse_sc_sig_refresh_interval(const char* cfgfile)
183 {
184  duration_type* duration = NULL;
185  const char* str = parse_conf_string(cfgfile,
186  "//SignerConfiguration/Zone/Signatures/Refresh",
187  1);
188  if (!str) {
189  return NULL;
190  }
191  duration = duration_create_from_string(str);
192  free((void*)str);
193  return duration;
194 }
195 
196 
198 parse_sc_sig_validity_default(const char* cfgfile)
199 {
200  duration_type* duration = NULL;
201  const char* str = parse_conf_string(cfgfile,
202  "//SignerConfiguration/Zone/Signatures/Validity/Default",
203  1);
204  if (!str) {
205  return NULL;
206  }
207  duration = duration_create_from_string(str);
208  free((void*)str);
209  return duration;
210 }
211 
212 
214 parse_sc_sig_validity_denial(const char* cfgfile)
215 {
216  duration_type* duration = NULL;
217  const char* str = parse_conf_string(cfgfile,
218  "//SignerConfiguration/Zone/Signatures/Validity/Denial",
219  1);
220  if (!str) {
221  return NULL;
222  }
223  duration = duration_create_from_string(str);
224  free((void*)str);
225  return duration;
226 }
227 
228 
230 parse_sc_sig_jitter(const char* cfgfile)
231 {
232  duration_type* duration = NULL;
233  const char* str = parse_conf_string(cfgfile,
234  "//SignerConfiguration/Zone/Signatures/Jitter",
235  1);
236  if (!str) {
237  return NULL;
238  }
239  duration = duration_create_from_string(str);
240  free((void*)str);
241  return duration;
242 }
243 
244 
246 parse_sc_sig_inception_offset(const char* cfgfile)
247 {
248  duration_type* duration = NULL;
249  const char* str = parse_conf_string(cfgfile,
250  "//SignerConfiguration/Zone/Signatures/InceptionOffset",
251  1);
252  if (!str) {
253  return NULL;
254  }
255  duration = duration_create_from_string(str);
256  free((void*)str);
257  return duration;
258 }
259 
260 
262 parse_sc_dnskey_ttl(const char* cfgfile)
263 {
264  duration_type* duration = NULL;
265  const char* str = parse_conf_string(cfgfile,
266  "//SignerConfiguration/Zone/Keys/TTL",
267  1);
268  if (!str) {
269  return NULL;
270  }
271  duration = duration_create_from_string(str);
272  free((void*)str);
273  return duration;
274 }
275 
276 
278 parse_sc_nsec3param_ttl(const char* cfgfile)
279 {
280  duration_type* duration = NULL;
281  const char* str = parse_conf_string(cfgfile,
282  "//SignerConfiguration/Zone/Denial/NSEC3/TTL",
283  0);
284  if (!str) {
285  return NULL;
286  }
287  duration = duration_create_from_string(str);
288  free((void*)str);
289  return duration;
290 }
291 
292 
294 parse_sc_soa_ttl(const char* cfgfile)
295 {
296  duration_type* duration = NULL;
297  const char* str = parse_conf_string(cfgfile,
298  "//SignerConfiguration/Zone/SOA/TTL",
299  1);
300  if (!str) {
301  return NULL;
302  }
303  duration = duration_create_from_string(str);
304  free((void*)str);
305  return duration;
306 }
307 
308 
310 parse_sc_soa_min(const char* cfgfile)
311 {
312  duration_type* duration = NULL;
313  const char* str = parse_conf_string(cfgfile,
314  "//SignerConfiguration/Zone/SOA/Minimum",
315  1);
316  if (!str) {
317  return NULL;
318  }
319  duration = duration_create_from_string(str);
320  free((void*)str);
321  return duration;
322 }
323 
324 
329 ldns_rr_type
330 parse_sc_nsec_type(const char* cfgfile)
331 {
332  const char* str = parse_conf_string(cfgfile,
333  "//SignerConfiguration/Zone/Denial/NSEC3",
334  0);
335  if (str) {
336  free((void*)str);
337  return LDNS_RR_TYPE_NSEC3;
338  }
339  str = parse_conf_string(cfgfile,
340  "//SignerConfiguration/Zone/Denial/NSEC",
341  0);
342  if (str) {
343  free((void*)str);
344  return LDNS_RR_TYPE_NSEC;
345  }
346  return LDNS_RR_TYPE_FIRST;
347 }
348 
349 
354 uint32_t
355 parse_sc_nsec3_algorithm(const char* cfgfile)
356 {
357  int ret = 0;
358  const char* str = parse_conf_string(cfgfile,
359  "//SignerConfiguration/Zone/Denial/NSEC3/Hash/Algorithm",
360  1);
361  if (str) {
362  if (strlen(str) > 0) {
363  ret = atoi(str);
364  }
365  free((void*)str);
366  }
367  return ret;
368 }
369 
370 
371 uint32_t
372 parse_sc_nsec3_iterations(const char* cfgfile)
373 {
374  int ret = 0;
375  const char* str = parse_conf_string(cfgfile,
376  "//SignerConfiguration/Zone/Denial/NSEC3/Hash/Iterations",
377  1);
378  if (str) {
379  if (strlen(str) > 0) {
380  ret = atoi(str);
381  }
382  free((void*)str);
383  }
384  return ret;
385 }
386 
387 
388 int
389 parse_sc_nsec3_optout(const char* cfgfile)
390 {
391  int ret = 0;
392  const char* str = parse_conf_string(cfgfile,
393  "//SignerConfiguration/Zone/Denial/NSEC3/OptOut",
394  0);
395  if (str) {
396  ret = 1;
397  free((void*)str);
398  }
399  return ret;
400 }
401 
402 
407 const char*
408 parse_sc_soa_serial(allocator_type* allocator, const char* cfgfile)
409 {
410  const char* dup = NULL;
411  const char* str = parse_conf_string(
412  cfgfile,
413  "//SignerConfiguration/Zone/SOA/Serial",
414  1);
415 
416  if (str) {
417  dup = allocator_strdup(allocator, str);
418  free((void*)str);
419  }
420  return dup;
421 }
422 
423 
424 const char*
425 parse_sc_nsec3_salt(allocator_type* allocator, const char* cfgfile)
426 {
427  const char* dup = NULL;
428  const char* str = parse_conf_string(
429  cfgfile,
430  "//SignerConfiguration/Zone/Denial/NSEC3/Hash/Salt",
431  1);
432 
433  if (str) {
434  dup = allocator_strdup(allocator, str);
435  free((void*)str);
436  }
437  return dup;
438 }
duration_type * parse_sc_sig_validity_default(const char *cfgfile)
duration_type * parse_sc_sig_validity_denial(const char *cfgfile)
key_type * keylist_push(keylist_type *kl, const char *locator, uint8_t algorithm, uint32_t flags, int publish, int ksk, int zsk, int rfc5011)
Definition: keys.c:118
int publish
Definition: keys.h:61
int zsk
Definition: keys.h:63
uint32_t parse_sc_nsec3_algorithm(const char *cfgfile)
key_type * keylist_lookup_by_locator(keylist_type *kl, const char *locator)
Definition: keys.c:74
duration_type * parse_sc_soa_ttl(const char *cfgfile)
const char * parse_sc_soa_serial(allocator_type *allocator, const char *cfgfile)
void ods_log_error(const char *format,...)
Definition: log.c:334
duration_type * parse_sc_sig_inception_offset(const char *cfgfile)
const char * parse_sc_nsec3_salt(allocator_type *allocator, const char *cfgfile)
duration_type * parse_sc_dnskey_ttl(const char *cfgfile)
duration_type * parse_sc_sig_jitter(const char *cfgfile)
duration_type * parse_sc_nsec3param_ttl(const char *cfgfile)
char * allocator_strdup(allocator_type *allocator, const char *string)
Definition: allocator.c:121
duration_type * parse_sc_sig_refresh_interval(const char *cfgfile)
int parse_sc_nsec3_optout(const char *cfgfile)
duration_type * parse_sc_soa_min(const char *cfgfile)
const char * parse_conf_string(const char *cfgfile, const char *expr, int required)
Definition: confparser.c:235
keylist_type * keylist_create(void *sc)
Definition: keys.c:47
keylist_type * parse_sc_keys(void *sc, const char *cfgfile)
int ksk
Definition: keys.h:62
uint8_t algorithm
Definition: keys.h:59
ldns_rr_type parse_sc_nsec_type(const char *cfgfile)
#define ods_log_assert(x)
Definition: log.h:154
duration_type * duration_create_from_string(const char *str)
Definition: duration.c:123
uint32_t flags
Definition: keys.h:60
duration_type * parse_sc_sig_resign_interval(const char *cfgfile)
void ods_log_warning(const char *format,...)
Definition: log.c:318
uint32_t parse_sc_nsec3_iterations(const char *cfgfile)