41 static const char* sc_str =
"signconf";
54 ods_log_error(
"[%s] unable to create signconf: allocator_create() "
60 ods_log_error(
"[%s] unable to create signconf: allocator_alloc() "
102 const char* rngfile = ODS_SE_RNGDIR
"/signconf.rng";
106 if (!scfile || !signconf) {
112 ods_log_error(
"[%s] unable to read signconf: parse error in "
126 if (signconf->
nsec_type == LDNS_RR_TYPE_NSEC3) {
138 "nsec3params_create() failed", sc_str, scfile);
152 ods_log_error(
"[%s] unable to read signconf: failed to open file %s",
164 time_t last_modified)
170 if (!scfile || !signconf) {
175 if (st_mtime <= last_modified) {
181 ods_log_error(
"[%s] unable to update signconf: signconf_create() "
185 status = signconf_read(new_sc, scfile);
189 ods_log_error(
"[%s] unable to update signconf: signconf %s has "
190 "errors", sc_str, scfile);
196 ods_log_error(
"[%s] unable to update signconf: failed to read file "
209 signconf_backup_duration(FILE* fd,
const char* opt,
duration_type* duration)
212 fprintf(fd,
"%s %s ", opt, str);
213 free((
void*) str?str:
"(null)");
229 fprintf(fd,
";;Signconf: lastmod %u ", (
unsigned) sc->
last_modified);
230 if (strcmp(version, ODS_SE_FILE_MAGIC_V2) &&
231 strcmp(version, ODS_SE_FILE_MAGIC_V1)) {
233 fprintf(fd,
"maxzonettl 0 ");
239 signconf_backup_duration(fd,
"jitter", sc->
sig_jitter);
241 fprintf(fd,
"nsec %u ", (
unsigned) sc->
nsec_type);
242 signconf_backup_duration(fd,
"dnskeyttl", sc->
dnskey_ttl);
243 signconf_backup_duration(fd,
"soattl", sc->
soa_ttl);
244 signconf_backup_duration(fd,
"soamin", sc->
soa_min);
246 if (strcmp(version, ODS_SE_FILE_MAGIC_V2) == 0) {
247 fprintf(fd,
"audit 0");
259 signconf_soa_serial_check(
const char* serial) {
264 if (strlen(serial) == 4 && strncmp(serial,
"keep", 4) == 0) {
267 if (strlen(serial) == 7 && strncmp(serial,
"counter", 7) == 0) {
270 if (strlen(serial) == 8 && strncmp(serial,
"unixtime", 8) == 0) {
273 if (strlen(serial) == 11 && strncmp(serial,
"datecounter", 11) == 0) {
290 ods_log_error(
"[%s] check failed: no signature resign interval found",
295 ods_log_error(
"[%s] check failed: no signature resign interval found",
300 ods_log_error(
"[%s] check failed: no signature default validity found",
305 ods_log_error(
"[%s] check failed: no signature denial validity found",
310 ods_log_error(
"[%s] check failed: no signature jitter found", sc_str);
314 ods_log_error(
"[%s] check failed: no signature inception offset found",
318 if (sc->
nsec_type == LDNS_RR_TYPE_NSEC3) {
327 }
else if (sc->
nsec_type != LDNS_RR_TYPE_NSEC) {
328 ods_log_error(
"[%s] check failed: wrong nsec type %i", sc_str,
337 ods_log_error(
"[%s] check failed: no dnskey ttl found", sc_str);
341 ods_log_error(
"[%s] check failed: no soa ttl found", sc_str);
345 ods_log_error(
"[%s] check failed: no soa minimum found", sc_str);
349 ods_log_error(
"[%s] check failed: no soa serial type found", sc_str);
351 }
else if (signconf_soa_serial_check(sc->
soa_serial) != 0) {
352 ods_log_error(
"[%s] check failed: wrong soa serial type %s", sc_str,
378 }
else if (a->
nsec_type == LDNS_RR_TYPE_NSEC3) {
402 fprintf(out,
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n");
404 fprintf(out,
"<SignerConfiguration>\n");
405 fprintf(out,
"\t<Zone name=\"%s\">\n", name?name:
"(null)");
407 fprintf(out,
"\t\t<Signatures>\n");
409 fprintf(out,
"\t\t\t<Resign>%s</Resign>\n", s?s:
"(null)");
412 fprintf(out,
"\t\t\t<Refresh>%s</Refresh>\n", s?s:
"(null)");
414 fprintf(out,
"\t\t\t<Validity>\n");
416 fprintf(out,
"\t\t\t\t<Default>%s</Default>\n", s?s:
"(null)");
419 fprintf(out,
"\t\t\t\t<Denial>%s</Denial>\n", s?s:
"(null)");
421 fprintf(out,
"\t\t\t</Validity>\n");
423 fprintf(out,
"\t\t\t<Jitter>%s</Jitter>\n", s?s:
"(null)");
426 fprintf(out,
"\t\t\t<InceptionOffset>%s</InceptionOffset>\n",
429 fprintf(out,
"\t\t</Signatures>\n");
432 fprintf(out,
"\t\t<Denial>\n");
433 if (sc->
nsec_type == LDNS_RR_TYPE_NSEC) {
434 fprintf(out,
"\t\t\t<NSEC />\n");
435 }
else if (sc->
nsec_type == LDNS_RR_TYPE_NSEC3) {
436 fprintf(out,
"\t\t\t<NSEC3>\n");
439 fprintf(out,
"\t\t\t\t<TTL>%s</TTL>\n", s?s:
"(null)");
443 fprintf(out,
"\t\t\t\t<OptOut />\n");
445 fprintf(out,
"\t\t\t\t<Hash>\n");
446 fprintf(out,
"\t\t\t\t\t<Algorithm>%i</Algorithm>\n",
448 fprintf(out,
"\t\t\t\t\t<Iterations>%i</Iterations>\n",
450 fprintf(out,
"\t\t\t\t\t<Salt>%s</Salt>\n",
452 fprintf(out,
"\t\t\t\t</Hash>\n");
453 fprintf(out,
"\t\t\t</NSEC3>\n");
455 fprintf(out,
"\t\t</Denial>\n");
458 fprintf(out,
"\t\t<Keys>\n");
460 fprintf(out,
"\t\t\t<TTL>%s</TTL>\n", s?s:
"(null)");
464 fprintf(out,
"\t\t</Keys>\n");
467 fprintf(out,
"\t\t<SOA>\n");
469 fprintf(out,
"\t\t\t<TTL>%s</TTL>\n", s?s:
"(null)");
472 fprintf(out,
"\t\t\t<Minimum>%s</Minimum>\n", s?s:
"(null)");
474 fprintf(out,
"\t\t\t<Serial>%s</Serial>\n",
476 fprintf(out,
"\t\t</SOA>\n");
478 fprintf(out,
"\t</Zone>\n");
479 fprintf(out,
"</SignerConfiguration>\n");
493 char* refresh = NULL;
494 char* validity = NULL;
498 char* dnskeyttl = NULL;
501 char* paramttl = NULL;
515 ods_log_info(
"[%s] zone %s signconf: RESIGN[%s] REFRESH[%s] "
516 "VALIDITY[%s] DENIAL[%s] JITTER[%s] OFFSET[%s] NSEC[%i] "
517 "DNSKEYTTL[%s] SOATTL[%s] MINIMUM[%s] SERIAL[%s]",
520 resign?resign:
"(null)",
521 refresh?refresh:
"(null)",
522 validity?validity:
"(null)",
523 denial?denial:
"(null)",
524 jitter?jitter:
"(null)",
525 offset?offset:
"(null)",
527 dnskeyttl?dnskeyttl:
"(null)",
528 soattl?soattl:
"(null)",
529 soamin?soamin:
"(null)",
532 if (sc->
nsec_type == LDNS_RR_TYPE_NSEC3) {
534 "ALGORITHM[%u] ITERATIONS[%u] SALT[%s]",
537 paramttl?paramttl:
"PT0S",
547 free((
void*)refresh);
548 free((
void*)validity);
552 free((
void*)dnskeyttl);
553 free((
void*)paramttl);
signconf_type * signconf_create(void)
void keylist_cleanup(keylist_type *kl)
duration_type * parse_sc_sig_validity_default(const char *cfgfile)
uint32_t nsec3_iterations
duration_type * parse_sc_sig_validity_denial(const char *cfgfile)
duration_type * sig_inception_offset
task_id signconf_compare_denial(signconf_type *a, signconf_type *b)
uint32_t parse_sc_nsec3_algorithm(const char *cfgfile)
void signconf_backup(FILE *fd, signconf_type *sc, const char *version)
void keylist_log(keylist_type *kl, const char *name)
void ods_log_debug(const char *format,...)
duration_type * parse_sc_soa_ttl(const char *cfgfile)
ods_status signconf_check(signconf_type *sc)
void * allocator_alloc(allocator_type *allocator, size_t size)
duration_type * sig_validity_default
void signconf_cleanup(signconf_type *sc)
duration_type * sig_validity_denial
duration_type * nsec3param_ttl
void ods_log_info(const char *format,...)
enum ods_enum_status ods_status
const char * parse_sc_soa_serial(allocator_type *allocator, const char *cfgfile)
ods_status parse_file_check(const char *cfgfile, const char *rngfile)
time_t ods_file_lastmodified(const char *file)
void ods_log_error(const char *format,...)
duration_type * parse_sc_sig_inception_offset(const char *cfgfile)
const char * ods_status2str(ods_status status)
void keylist_print(FILE *fd, keylist_type *kl)
int ods_strcmp(const char *s1, const char *s2)
void duration_cleanup(duration_type *duration)
void signconf_print(FILE *out, signconf_type *sc, const char *name)
enum task_id_enum task_id
FILE * ods_fopen(const char *file, const char *dir, const char *mode)
const char * parse_sc_nsec3_salt(allocator_type *allocator, const char *cfgfile)
duration_type * parse_sc_dnskey_ttl(const char *cfgfile)
duration_type * parse_sc_sig_jitter(const char *cfgfile)
nsec3params_type * nsec3params_create(void *sc, uint8_t algo, uint8_t flags, uint16_t iter, const char *salt)
duration_type * sig_refresh_interval
allocator_type * allocator_create(void *(*allocator)(size_t size), void(*deallocator)(void *))
duration_type * parse_sc_nsec3param_ttl(const char *cfgfile)
char * allocator_strdup(allocator_type *allocator, const char *string)
char * duration2string(duration_type *duration)
duration_type * parse_sc_sig_refresh_interval(const char *cfgfile)
int parse_sc_nsec3_optout(const char *cfgfile)
duration_type * parse_sc_soa_min(const char *cfgfile)
int duration_compare(duration_type *d1, duration_type *d2)
nsec3params_type * nsec3params
void ods_fclose(FILE *fd)
allocator_type * allocator
keylist_type * parse_sc_keys(void *sc, const char *cfgfile)
void allocator_cleanup(allocator_type *allocator)
duration_type * dnskey_ttl
void signconf_log(signconf_type *sc, const char *name)
duration_type * sig_jitter
duration_type * sig_resign_interval
ldns_rr_type parse_sc_nsec_type(const char *cfgfile)
void allocator_deallocate(allocator_type *allocator, void *data)
void nsec3params_cleanup(nsec3params_type *nsec3params)
#define ods_log_assert(x)
duration_type * parse_sc_sig_resign_interval(const char *cfgfile)
uint32_t parse_sc_nsec3_iterations(const char *cfgfile)
ods_status signconf_update(signconf_type **signconf, const char *scfile, time_t last_modified)