OpenDNSSEC-signer  1.4.3
signconfparser.c
Go to the documentation of this file.
1 /*
2  * $Id: signconfparser.c 7354 2013-10-09 12:36:03Z matthijs $
3  *
4  * Copyright (c) 2009 NLNet Labs. All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  * notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  * notice, this list of conditions and the following disclaimer in the
13  * documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
19  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
21  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
23  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
25  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26  *
27  */
28 
34 #include "parser/confparser.h"
35 #include "parser/signconfparser.h"
36 #include "shared/duration.h"
37 #include "shared/log.h"
38 
39 #include <libxml/parser.h>
40 #include <libxml/xpath.h>
41 #include <libxml/xpathInternals.h>
42 #include <libxml/xmlreader.h>
43 #include <stdlib.h>
44 
45 static const char* parser_str = "parser";
46 
47 
53 parse_sc_keys(void* sc, const char* cfgfile)
54 {
55  xmlDocPtr doc = NULL;
56  xmlXPathContextPtr xpathCtx = NULL;
57  xmlXPathObjectPtr xpathObj = NULL;
58  xmlNode* curNode = NULL;
59  xmlChar* xexpr = NULL;
60  key_type* new_key = NULL;
61  keylist_type* kl = NULL;
62  char* locator = NULL;
63  char* flags = NULL;
64  char* algorithm = NULL;
65  int ksk, zsk, publish, i;
66 
67  if (!cfgfile || !sc) {
68  return NULL;
69  }
70  /* Load XML document */
71  doc = xmlParseFile(cfgfile);
72  if (doc == NULL) {
73  ods_log_error("[%s] unable to parse <Keys>: "
74  "xmlParseFile() failed", parser_str);
75  return NULL;
76  }
77  /* Create xpath evaluation context */
78  xpathCtx = xmlXPathNewContext(doc);
79  if(xpathCtx == NULL) {
80  xmlFreeDoc(doc);
81  ods_log_error("[%s] unable to parse <Keys>: "
82  "xmlXPathNewContext() failed", parser_str);
83  return NULL;
84  }
85  /* Evaluate xpath expression */
86  xexpr = (xmlChar*) "//SignerConfiguration/Zone/Keys/Key";
87  xpathObj = xmlXPathEvalExpression(xexpr, xpathCtx);
88  if(xpathObj == NULL) {
89  xmlXPathFreeContext(xpathCtx);
90  xmlFreeDoc(doc);
91  ods_log_error("[%s] unable to parse <Keys>: "
92  "xmlXPathEvalExpression() failed", parser_str);
93  return NULL;
94  }
95  /* Parse keys */
96  kl = keylist_create(sc);
97  ods_log_assert(kl);
98  if (xpathObj->nodesetval && xpathObj->nodesetval->nodeNr > 0) {
99  for (i = 0; i < xpathObj->nodesetval->nodeNr; i++) {
100  locator = NULL;
101  flags = NULL;
102  algorithm = NULL;
103  ksk = 0;
104  zsk = 0;
105  publish = 0;
106 
107  curNode = xpathObj->nodesetval->nodeTab[i]->xmlChildrenNode;
108  while (curNode) {
109  if (xmlStrEqual(curNode->name, (const xmlChar *)"Locator")) {
110  locator = (char *) xmlNodeGetContent(curNode);
111  } else if (xmlStrEqual(curNode->name, (const xmlChar *)"Algorithm")) {
112  algorithm = (char *) xmlNodeGetContent(curNode);
113  } else if (xmlStrEqual(curNode->name, (const xmlChar *)"Flags")) {
114  flags = (char *) xmlNodeGetContent(curNode);
115  } else if (xmlStrEqual(curNode->name, (const xmlChar *)"KSK")) {
116  ksk = 1;
117  } else if (xmlStrEqual(curNode->name, (const xmlChar *)"ZSK")) {
118  zsk = 1;
119  } else if (xmlStrEqual(curNode->name, (const xmlChar *)"Publish")) {
120  publish = 1;
121  }
122  curNode = curNode->next;
123  }
124  if (locator && algorithm && flags) {
125  /* search for duplicates */
126  new_key = keylist_lookup_by_locator(kl, locator);
127  if (new_key &&
128  new_key->algorithm == (uint8_t) atoi(algorithm) &&
129  new_key->flags == (uint32_t) atoi(flags) &&
130  new_key->publish == publish &&
131  new_key->ksk == ksk &&
132  new_key->zsk == zsk) {
133  /* duplicate */
134  ods_log_warning("[%s] unable to push duplicate key %s "
135  "to keylist, skipping", parser_str, locator);
136  } else {
137  (void) keylist_push(kl, locator,
138  (uint8_t) atoi(algorithm), (uint32_t) atoi(flags),
139  publish, ksk, zsk);
140  }
141  } else {
142  ods_log_error("[%s] unable to push key to keylist: <Key> "
143  "is missing required elements, skipping",
144  parser_str);
145  }
146  /* free((void*)locator); */
147  free((void*)algorithm);
148  free((void*)flags);
149  }
150  }
151  xmlXPathFreeObject(xpathObj);
152  xmlXPathFreeContext(xpathCtx);
153  if (doc) {
154  xmlFreeDoc(doc);
155  }
156  return kl;
157 }
158 
159 
165 parse_sc_sig_resign_interval(const char* cfgfile)
166 {
167  duration_type* duration = NULL;
168  const char* str = parse_conf_string(cfgfile,
169  "//SignerConfiguration/Zone/Signatures/Resign",
170  1);
171  if (!str) {
172  return NULL;
173  }
174  duration = duration_create_from_string(str);
175  free((void*)str);
176  return duration;
177 }
178 
179 
181 parse_sc_sig_refresh_interval(const char* cfgfile)
182 {
183  duration_type* duration = NULL;
184  const char* str = parse_conf_string(cfgfile,
185  "//SignerConfiguration/Zone/Signatures/Refresh",
186  1);
187  if (!str) {
188  return NULL;
189  }
190  duration = duration_create_from_string(str);
191  free((void*)str);
192  return duration;
193 }
194 
195 
197 parse_sc_sig_validity_default(const char* cfgfile)
198 {
199  duration_type* duration = NULL;
200  const char* str = parse_conf_string(cfgfile,
201  "//SignerConfiguration/Zone/Signatures/Validity/Default",
202  1);
203  if (!str) {
204  return NULL;
205  }
206  duration = duration_create_from_string(str);
207  free((void*)str);
208  return duration;
209 }
210 
211 
213 parse_sc_sig_validity_denial(const char* cfgfile)
214 {
215  duration_type* duration = NULL;
216  const char* str = parse_conf_string(cfgfile,
217  "//SignerConfiguration/Zone/Signatures/Validity/Denial",
218  1);
219  if (!str) {
220  return NULL;
221  }
222  duration = duration_create_from_string(str);
223  free((void*)str);
224  return duration;
225 }
226 
227 
229 parse_sc_sig_jitter(const char* cfgfile)
230 {
231  duration_type* duration = NULL;
232  const char* str = parse_conf_string(cfgfile,
233  "//SignerConfiguration/Zone/Signatures/Jitter",
234  1);
235  if (!str) {
236  return NULL;
237  }
238  duration = duration_create_from_string(str);
239  free((void*)str);
240  return duration;
241 }
242 
243 
245 parse_sc_sig_inception_offset(const char* cfgfile)
246 {
247  duration_type* duration = NULL;
248  const char* str = parse_conf_string(cfgfile,
249  "//SignerConfiguration/Zone/Signatures/InceptionOffset",
250  1);
251  if (!str) {
252  return NULL;
253  }
254  duration = duration_create_from_string(str);
255  free((void*)str);
256  return duration;
257 }
258 
259 
261 parse_sc_dnskey_ttl(const char* cfgfile)
262 {
263  duration_type* duration = NULL;
264  const char* str = parse_conf_string(cfgfile,
265  "//SignerConfiguration/Zone/Keys/TTL",
266  1);
267  if (!str) {
268  return NULL;
269  }
270  duration = duration_create_from_string(str);
271  free((void*)str);
272  return duration;
273 }
274 
275 
277 parse_sc_nsec3param_ttl(const char* cfgfile)
278 {
279  duration_type* duration = NULL;
280  const char* str = parse_conf_string(cfgfile,
281  "//SignerConfiguration/Zone/Denial/NSEC3/TTL",
282  0);
283  if (!str) {
284  return NULL;
285  }
286  duration = duration_create_from_string(str);
287  free((void*)str);
288  return duration;
289 }
290 
291 
293 parse_sc_soa_ttl(const char* cfgfile)
294 {
295  duration_type* duration = NULL;
296  const char* str = parse_conf_string(cfgfile,
297  "//SignerConfiguration/Zone/SOA/TTL",
298  1);
299  if (!str) {
300  return NULL;
301  }
302  duration = duration_create_from_string(str);
303  free((void*)str);
304  return duration;
305 }
306 
307 
309 parse_sc_soa_min(const char* cfgfile)
310 {
311  duration_type* duration = NULL;
312  const char* str = parse_conf_string(cfgfile,
313  "//SignerConfiguration/Zone/SOA/Minimum",
314  1);
315  if (!str) {
316  return NULL;
317  }
318  duration = duration_create_from_string(str);
319  free((void*)str);
320  return duration;
321 }
322 
323 
328 ldns_rr_type
329 parse_sc_nsec_type(const char* cfgfile)
330 {
331  const char* str = parse_conf_string(cfgfile,
332  "//SignerConfiguration/Zone/Denial/NSEC3",
333  0);
334  if (str) {
335  free((void*)str);
336  return LDNS_RR_TYPE_NSEC3;
337  }
338  str = parse_conf_string(cfgfile,
339  "//SignerConfiguration/Zone/Denial/NSEC",
340  0);
341  if (str) {
342  free((void*)str);
343  return LDNS_RR_TYPE_NSEC;
344  }
345  return LDNS_RR_TYPE_FIRST;
346 }
347 
348 
353 uint32_t
354 parse_sc_nsec3_algorithm(const char* cfgfile)
355 {
356  int ret = 0;
357  const char* str = parse_conf_string(cfgfile,
358  "//SignerConfiguration/Zone/Denial/NSEC3/Hash/Algorithm",
359  1);
360  if (str) {
361  if (strlen(str) > 0) {
362  ret = atoi(str);
363  }
364  free((void*)str);
365  }
366  return ret;
367 }
368 
369 
370 uint32_t
371 parse_sc_nsec3_iterations(const char* cfgfile)
372 {
373  int ret = 0;
374  const char* str = parse_conf_string(cfgfile,
375  "//SignerConfiguration/Zone/Denial/NSEC3/Hash/Iterations",
376  1);
377  if (str) {
378  if (strlen(str) > 0) {
379  ret = atoi(str);
380  }
381  free((void*)str);
382  }
383  return ret;
384 }
385 
386 
387 int
388 parse_sc_nsec3_optout(const char* cfgfile)
389 {
390  int ret = 0;
391  const char* str = parse_conf_string(cfgfile,
392  "//SignerConfiguration/Zone/Denial/NSEC3/OptOut",
393  0);
394  if (str) {
395  ret = 1;
396  free((void*)str);
397  }
398  return ret;
399 }
400 
401 
406 const char*
407 parse_sc_soa_serial(allocator_type* allocator, const char* cfgfile)
408 {
409  const char* dup = NULL;
410  const char* str = parse_conf_string(
411  cfgfile,
412  "//SignerConfiguration/Zone/SOA/Serial",
413  1);
414 
415  if (str) {
416  dup = allocator_strdup(allocator, str);
417  free((void*)str);
418  }
419  return dup;
420 }
421 
422 
423 const char*
424 parse_sc_nsec3_salt(allocator_type* allocator, const char* cfgfile)
425 {
426  const char* dup = NULL;
427  const char* str = parse_conf_string(
428  cfgfile,
429  "//SignerConfiguration/Zone/Denial/NSEC3/Hash/Salt",
430  1);
431 
432  if (str) {
433  dup = allocator_strdup(allocator, str);
434  free((void*)str);
435  }
436  return dup;
437 }
duration_type * parse_sc_sig_validity_default(const char *cfgfile)
duration_type * parse_sc_sig_validity_denial(const char *cfgfile)
int publish
Definition: keys.h:63
int zsk
Definition: keys.h:65
uint32_t parse_sc_nsec3_algorithm(const char *cfgfile)
key_type * keylist_lookup_by_locator(keylist_type *kl, const char *locator)
Definition: keys.c:76
duration_type * parse_sc_soa_ttl(const char *cfgfile)
const char * parse_sc_soa_serial(allocator_type *allocator, const char *cfgfile)
void ods_log_error(const char *format,...)
Definition: log.c:336
duration_type * parse_sc_sig_inception_offset(const char *cfgfile)
const char * parse_sc_nsec3_salt(allocator_type *allocator, const char *cfgfile)
duration_type * parse_sc_dnskey_ttl(const char *cfgfile)
duration_type * parse_sc_sig_jitter(const char *cfgfile)
duration_type * parse_sc_nsec3param_ttl(const char *cfgfile)
char * allocator_strdup(allocator_type *allocator, const char *string)
Definition: allocator.c:123
duration_type * parse_sc_sig_refresh_interval(const char *cfgfile)
int parse_sc_nsec3_optout(const char *cfgfile)
duration_type * parse_sc_soa_min(const char *cfgfile)
const char * parse_conf_string(const char *cfgfile, const char *expr, int required)
Definition: confparser.c:237
keylist_type * keylist_create(void *sc)
Definition: keys.c:49
keylist_type * parse_sc_keys(void *sc, const char *cfgfile)
int ksk
Definition: keys.h:64
uint8_t algorithm
Definition: keys.h:61
ldns_rr_type parse_sc_nsec_type(const char *cfgfile)
key_type * keylist_push(keylist_type *kl, const char *locator, uint8_t algorithm, uint32_t flags, int publish, int ksk, int zsk)
Definition: keys.c:120
#define ods_log_assert(x)
Definition: log.h:156
duration_type * duration_create_from_string(const char *str)
Definition: duration.c:125
uint32_t flags
Definition: keys.h:62
duration_type * parse_sc_sig_resign_interval(const char *cfgfile)
void ods_log_warning(const char *format,...)
Definition: log.c:320
uint32_t parse_sc_nsec3_iterations(const char *cfgfile)