61 #include <libhsmdns.h>
62 #include <ldns/ldns.h>
64 #include <libxml/tree.h>
65 #include <libxml/parser.h>
66 #include <libxml/xpointer.h>
67 #include <libxml/xpath.h>
68 #include <libxml/xpathInternals.h>
69 #include <libxml/relaxng.h>
70 #include <libxml/xmlreader.h>
71 #include <libxml/xmlsave.h>
73 #define MAX(a, b) ((a) > (b) ? (a) : (b))
77 #define DURATION_TYPE 1
81 #define ROLLOVER_TYPE 5
82 #define INT_TYPE_NO_FREE 6
85 # define MAXPATHLEN 4096
90 #define DEFAULT_LOG_FACILITY LOG_DAEMON
92 #define DEFAULT_LOG_FACILITY LOG_USER
98 char *
config = (
char *) OPENDNSSEC_CONFIG_FILE;
115 static int all_flag = 0;
116 static int ds_flag = 0;
117 static int retire_flag = 1;
118 static int verbose_flag = 0;
119 static int xml_flag = 1;
120 static int td_flag = 0;
121 static int force_flag = 0;
123 static int restart_enforcerd(
void);
130 #if defined(HAVE_SYSLOG_R) && defined(HAVE_OPENLOG_R) && defined(HAVE_CLOSELOG_R)
131 struct syslog_data sdata = SYSLOG_DATA_INIT;
134 #undef HAVE_OPENLOG_R
135 #undef HAVE_CLOSELOG_R
143 " --version aka -V\n");
151 "\tImport config into a database (deletes current contents)\n");
158 " start|stop|notify\n"
159 "\tStart, stop or SIGHUP the ods-enforcerd\n");
170 "\tUpdate database from config\n");
178 "\t--zone <zone> aka -z\n"
179 "\t[--policy <policy>] aka -p\n"
180 "\t[--signerconf <signerconf.xml>] aka -s\n"
181 "\t[--input <input>] aka -i\n"
182 "\t[--output <output>] aka -o\n"
183 "\t[--no-xml] aka -m\n");
191 "\t--zone <zone> | --all aka -z / -a\n"
192 "\t[--no-xml] aka -m\n");
206 "usage: %s [-c <config> | --config <config>] zone \n\n",
217 " repository list\n");
225 "\t--policy [policy_name] | --all aka -p / -a\n");
253 "usage: %s [-c <config> | --config <config>] \n\n",
267 "\t--zone <zone> | --all aka -z / -a\n"
269 "\t(will appear soon:\n"
270 "\t[--keystate <state>] aka -e\n"
271 "\t[--keytype <type>] aka -t\n"
282 "\t--zone <zone> | --all aka -z / -a\n"
283 "\t[--keystate <state>] aka -e\n"
284 "\t[--keytype <type>] aka -t\n"
285 "\t[--ds] aka -d\n");
293 "\t--cka_id <CKA_ID> aka -k\n"
294 "\t--repository <repository> aka -r\n"
295 "\t--zone <zone> aka -z\n"
296 "\t--bits <size> aka -b\n"
297 "\t--algorithm <algorithm> aka -g\n"
298 "\t--keystate <state> aka -e\n"
299 "\t--keytype <type> aka -t\n"
300 "\t--time <time> aka -w\n"
301 "\t[--retire <retire>] aka -y\n");
309 "\t--zone zone aka -z\n"
310 "\t--keytype <type> | --all aka -t / -a\n"
312 "\t--policy policy aka -p\n"
313 "\t--keytype <type> | --all aka -t / -a\n");
321 "\t--zone <zone> aka -z\n"
323 "\t--policy <policy> aka -p\n");
331 "\t--policy <policy>\n"
332 "\t--interval <interval>\n");
340 "\t--zone <zone> aka -z\n"
341 "\t--keytag <keytag> | --cka_id <CKA_ID> aka -x / -k\n");
350 "\t--zone <zone> aka -z\n"
351 "\t--keytag <keytag> | --cka_id <CKA_ID> aka -x / -k\n"
359 "usage: %s [-c <config> | --config <config>] \n\n",
376 "\t--repository <repository> aka -r\n"
378 "\t--repository <repository> aka -r\n"
380 "\t--repository <repository> aka -r\n"
382 "\t--repository <repository> aka -r\n"
384 "\t--repository <repository> aka -r\n");
392 "\t[--zone <zone>]\n");
400 "\t[--output <output>] aka -o\n");
408 " zonelist import\n");
415 "usage: %s [-c <config> | --config <config>] command [options]\n\n",
449 "\n\tAllowed date/time strings are of the form:\n"
451 "\tYYYYMMDD[HH[MM[SS]]] (all numeric)\n"
453 "\tor D-MMM-YYYY[:| ]HH[:MM[:SS]] (alphabetic month)\n"
454 "\tor DD-MMM-YYYY[:| ]HH[:MM[:SS]] (alphabetic month)\n"
455 "\tor YYYY-MMM-DD[:| ]HH[:MM[:SS]] (alphabetic month)\n"
457 "\tD-MM-YYYY[:| ]HH[:MM[:SS]] (numeric month)\n"
458 "\tDD-MM-YYYY[:| ]HH[:MM[:SS]] (numeric month)\n"
459 "\tor YYYY-MM-DD[:| ]HH[:MM[:SS]] (numeric month)\n"
461 "\t... and the distinction between them is given by the location of the\n"
469 "key states: GENERATE|PUBLISH|READY|ACTIVE|RETIRE|DEAD\n");
476 "key types: KSK|ZSK\n");
486 FILE* lock_fd = NULL;
487 char* zone_list_filename;
492 char *dbschema = NULL;
496 char *password = NULL;
501 char* setup_command = NULL;
502 char* lock_filename = NULL;
505 printf(
"*WARNING* This will erase all data in the database; are you sure? [y/N] ");
507 user_certain = getchar();
508 if (user_certain !=
'y' && user_certain !=
'Y') {
509 printf(
"Okay, quitting...\n");
516 status =
get_db_details(&dbschema, &host, &port, &user, &password);
535 lock_fd = fopen(lock_filename,
"w");
538 printf(
"Error getting db lock\n");
539 if (lock_fd != NULL) {
560 if (system(setup_command) != 0)
562 printf(
"Could not call db setup command:\n\t%s\n", setup_command);
578 printf(
"Couldn't fix permissions on file %s\n", dbschema);
579 printf(
"Will coninue with setup, but you may need to manually change ownership\n");
589 printf(
"Failed to connect to database, username too long.\n");
602 printf(
"Failed to connect to database, password too long.\n");
624 if (password != NULL) {
626 StrAppend(&setup_command, quoted_password);
634 if (system(setup_command) != 0)
636 printf(
"Could not call db setup command:\n\t%s\n", setup_command);
649 status =
DbConnect(&dbhandle, dbschema, host, password, user, port);
651 printf(
"Failed to connect to database\n");
674 printf(
"Failed to read conf.xml\n");
685 printf(
"Failed to update repositories\n");
697 printf(
"Failed to update policies\n");
698 printf(
"SETUP FAILED\n");
713 printf(
"Failed to update zones\n");
736 FILE* lock_fd = NULL;
737 char* zone_list_filename = NULL;
738 char* kasp_filename = NULL;
740 int done_something = 0;
745 printf(
"Failed to connect to database\n");
754 if (strncmp(qualifier,
"ZONELIST", 8) == 0 ||
755 strncmp(qualifier,
"KASP", 4) == 0 ||
756 strncmp(qualifier,
"ALL", 3) == 0) {
759 printf(
"Failed to read conf.xml\n");
769 if (strncmp(qualifier,
"CONF", 4) == 0 ||
770 strncmp(qualifier,
"ALL", 3) == 0) {
773 printf(
"Failed to update repositories\n");
775 if (strncmp(qualifier,
"ALL", 3) == 0) {
788 if (strncmp(qualifier,
"KASP", 4) == 0 ||
789 strncmp(qualifier,
"ALL", 3) == 0) {
792 printf(
"Failed to update policies\n");
805 if (strncmp(qualifier,
"ZONELIST", 8) == 0 ||
806 strncmp(qualifier,
"ALL", 3) == 0) {
809 printf(
"Failed to update zones\n");
821 if (done_something == 0) {
822 printf(
"Unrecognised command update %s. Please specify one of:\n", qualifier);
826 if (restart_enforcerd() != 0)
828 fprintf(stderr,
"Could not HUP ods-enforcerd\n");
838 if (kasp_filename != NULL) {
841 if (zone_list_filename != NULL) {
860 FILE* lock_fd = NULL;
861 char* zonelist_filename = NULL;
862 char* backup_filename = NULL;
864 char* sig_conf_name = NULL;
865 char* input_name = NULL;
866 char* output_name = NULL;
873 xmlDocPtr doc = NULL;
879 printf(
"Couldn't malloc path: %s\n", strerror(errno));
885 printf(
"Please specify a zone with the --zone option\n");
898 StrAppend(&sig_conf_name, OPENDNSSEC_STATE_DIR);
912 StrAppend(&input_name, OPENDNSSEC_STATE_DIR);
925 StrAppend(&output_name, OPENDNSSEC_STATE_DIR);
942 printf(
"couldn't read zonelist\n");
957 printf(
"Failed to connect to database\n");
969 printf(
"Error, can't find policy : %s\n",
o_policy);
970 printf(
"Failed to update zones\n");
978 status =
KsmImportZone(
o_zone, policy_id, 1, &new_zone, sig_conf_name, input_name, output_name);
981 printf(
"Failed to Import zone %s; it already exists\n",
o_zone);
982 }
else if (status == -3) {
983 printf(
"Failed to Import zone %s; it already exists both with and without a trailing dot\n",
o_zone);
985 printf(
"Failed to Import zone\n");
999 printf(
"Can't retrieve shared-keys parameter for policy\n");
1009 printf(
"Can't retrieve shared-keys parameter for policy\n");
1020 if (data.
value == 1) {
1023 printf(
"Failed to Link Keys to zone\n");
1041 if (xml_flag == 1) {
1044 xmlKeepBlanksDefault(0);
1045 xmlTreeIndentString =
"\t";
1058 StrAppend(&backup_filename, zonelist_filename);
1060 status =
backup_file(zonelist_filename, backup_filename);
1068 status = xmlSaveFormatFile(zonelist_filename, doc, 1);
1073 printf(
"couldn't save zonelist\n");
1081 if (xml_flag == 0) {
1082 printf(
"Imported zone: %s into database only, please run \"ods-ksmutil zonelist export\" to update zonelist.xml\n",
o_zone);
1084 printf(
"Imported zone: %s\n",
o_zone);
1098 char* zonelist_filename = NULL;
1099 char* backup_filename = NULL;
1104 xmlDocPtr doc = NULL;
1111 FILE* lock_fd = NULL;
1114 if (all_flag &&
o_zone != NULL) {
1115 printf(
"can not use --all with --zone\n");
1118 else if (!all_flag &&
o_zone == NULL) {
1119 printf(
"please specify either --zone <zone> or --all\n");
1124 if (all_flag == 1) {
1125 printf(
"*WARNING* This will remove all zones from OpenDNSSEC; are you sure? [y/N] ");
1127 user_certain = getchar();
1128 if (user_certain !=
'y' && user_certain !=
'Y') {
1129 printf(
"Okay, quitting...\n");
1137 printf(
"Failed to connect to database\n");
1150 if (xml_flag == 1) {
1154 printf(
"couldn't read zonelist\n");
1179 StrAppend(&backup_filename, zonelist_filename);
1181 status =
backup_file(zonelist_filename, backup_filename);
1190 status = xmlSaveFormatFile(zonelist_filename, doc, 1);
1194 printf(
"Could not save %s\n", zonelist_filename);
1205 if (all_flag == 0) {
1208 printf(
"Couldn't find zone %s\n",
o_zone);
1218 printf(
"Error: failed to mark keys as dead in database\n");
1227 printf(
"Error: failed to remove zone%s from database\n", (all_flag == 1) ?
"s" :
"");
1233 if (all_flag == 0) {
1234 if (system(SIGNER_CLI_UPDATE) != 0)
1236 printf(
"Could not call signer engine\n");
1243 if (xml_flag == 0) {
1244 printf(
"Deleted zone: %s from database only, please run \"ods-ksmutil zonelist export\" to update zonelist.xml\n",
o_zone);
1258 FILE* lock_fd = NULL;
1260 char* zonelist_filename = NULL;
1263 xmlTextReaderPtr reader = NULL;
1265 char* tag_name = NULL;
1267 int file_zone_count = 0;
1273 char* temp_name = NULL;
1280 printf(
"couldn't read zonelist\n");
1281 if (zonelist_filename != NULL) {
1290 printf(
"Failed to connect to database\n");
1296 reader = xmlNewTextReaderFilename(zonelist_filename);
1297 if (reader != NULL) {
1298 ret = xmlTextReaderRead(reader);
1300 tag_name = (
char*) xmlTextReaderLocalName(reader);
1302 if (strncmp(tag_name,
"Zone", 4) == 0
1303 && strncmp(tag_name,
"ZoneList", 8) != 0
1304 && xmlTextReaderNodeType(reader) == 1) {
1308 ret = xmlTextReaderRead(reader);
1311 xmlFreeTextReader(reader);
1313 printf(
"%s : failed to parse\n", zonelist_filename);
1317 printf(
"Unable to open %s\n", zonelist_filename);
1322 zone_ids =
MemMalloc(file_zone_count *
sizeof(
int));
1328 if (file_zone_count != 0) {
1329 StrAppend(&sql,
"select name from zones where id not in (");
1330 for (j = 0; j < file_zone_count; ++j) {
1334 snprintf(buffer,
sizeof(buffer),
"%d", zone_ids[j]);
1339 StrAppend(&sql,
"select name from zones");
1345 while (status == 0) {
1349 printf(
"Found zone %s in DB but not zonelist.\n", temp_name);
1366 if (file_zone_count == 0) {
1367 printf(
"No zones in DB or zonelist.\n");
1393 char *case_keytype = NULL;
1394 char *case_keystate = NULL;
1395 char *zone_name = NULL;
1398 hsm_key_t *key = NULL;
1399 ldns_rr *dnskey_rr = NULL;
1400 ldns_rr *ds_sha1_rr = NULL;
1401 ldns_rr *ds_sha256_rr = NULL;
1402 hsm_sign_params_t *sign_params = NULL;
1415 int done_something = 0;
1422 if (strncmp(case_keystate,
"KEYPUBLISH", 10) == 0 || strncmp(
o_keystate,
"10", 2) == 0) {
1425 else if (strncmp(case_keystate,
"GENERATE", 8) == 0 || strncmp(
o_keystate,
"1", 1) == 0) {
1428 else if (strncmp(case_keystate,
"PUBLISH", 7) == 0 || strncmp(
o_keystate,
"2", 1) == 0) {
1431 else if (strncmp(case_keystate,
"READY", 5) == 0 || strncmp(
o_keystate,
"3", 1) == 0) {
1434 else if (strncmp(case_keystate,
"ACTIVE", 6) == 0 || strncmp(
o_keystate,
"4", 1) == 0) {
1437 else if (strncmp(case_keystate,
"RETIRE", 6) == 0 || strncmp(
o_keystate,
"5", 1) == 0) {
1440 else if (strncmp(case_keystate,
"DEAD", 4) == 0 || strncmp(
o_keystate,
"6", 1) == 0) {
1443 else if (strncmp(case_keystate,
"DSSUB", 5) == 0 || strncmp(
o_keystate,
"7", 1) == 0) {
1446 else if (strncmp(case_keystate,
"DSPUBLISH", 9) == 0 || strncmp(
o_keystate,
"8", 1) == 0) {
1449 else if (strncmp(case_keystate,
"DSREADY", 7) == 0 || strncmp(
o_keystate,
"9", 1) == 0) {
1453 printf(
"Error: Unrecognised state %s; should be one of GENERATE, PUBLISH, READY, ACTIVE, RETIRE, DEAD, DSSUB, DSPUBLISH, DSREADY or KEYPUBLISH\n",
o_keystate);
1465 if (strncmp(case_keytype,
"KSK", 3) == 0 || strncmp(
o_keytype,
"257", 3) == 0) {
1468 else if (strncmp(case_keytype,
"ZSK", 3) == 0 || strncmp(
o_keytype,
"256", 3) == 0) {
1472 printf(
"Error: Unrecognised keytype %s; should be one of KSK or ZSK\n",
o_keytype);
1483 printf(
"Failed to connect to database\n");
1495 printf(
"Error: unable to find a zone named \"%s\" in database\n",
o_zone);
1501 status = hsm_open(
config, hsm_prompt_pin, NULL);
1503 hsm_print_error(NULL);
1508 if (state_id != -1) {
1511 nchar = snprintf(buffer,
sizeof(buffer),
"(%d, %d, %d, %d, %d, %d)",
1514 if (nchar >=
sizeof(buffer)) {
1522 if (zone_id != -1) {
1530 status =
KsmKey(result, &data);
1531 while (status == 0) {
1534 key = hsm_find_key_by_id(NULL, data.
location);
1537 printf(
"Key %s in DB but not repository\n", data.
location);
1541 sign_params = hsm_sign_params_new();
1543 if (zone_id == -1) {
1546 printf(
"Error: unable to find zone name for id %d\n", zone_id);
1547 hsm_sign_params_free(sign_params);
1550 sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, zone_name);
1554 sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME,
o_zone);
1557 sign_params->algorithm = data.
algorithm;
1558 sign_params->flags = LDNS_KEY_ZONE_KEY;
1560 sign_params->flags += LDNS_KEY_SEP_KEY;
1562 dnskey_rr = hsm_get_dnskey(NULL, key, sign_params);
1563 sign_params->keytag = ldns_calc_keytag(dnskey_rr);
1579 ldns_rr_set_ttl(dnskey_rr, rrttl);
1584 ldns_rr_print(stdout, dnskey_rr);
1596 ldns_rr_set_ttl(dnskey_rr, rrttl);
1601 ds_sha1_rr = ldns_key_rr2ds(dnskey_rr, LDNS_SHA1);
1602 ldns_rr_print(stdout, ds_sha1_rr);
1605 ds_sha256_rr = ldns_key_rr2ds(dnskey_rr, LDNS_SHA256);
1606 ldns_rr_print(stdout, ds_sha256_rr);
1611 hsm_sign_params_free(sign_params);
1613 status =
KsmKey(result, &data);
1625 if (!done_something) {
1626 if (state_id != -1) {
1629 printf(
"No keys in READY state or higher to export.\n");
1635 if (dnskey_rr != NULL) {
1636 ldns_rr_free(dnskey_rr);
1638 if (ds_sha1_rr != NULL) {
1639 ldns_rr_free(ds_sha1_rr);
1641 if (ds_sha256_rr != NULL) {
1642 ldns_rr_free(ds_sha256_rr);
1661 xmlDocPtr doc = xmlNewDoc((
const xmlChar *)
"1.0");
1668 if (all_flag &&
o_policy != NULL) {
1669 printf(
"can not use --all with --policy\n");
1672 else if (!all_flag &&
o_policy == NULL) {
1673 printf(
"please specify either --policy <policy> or --all\n");
1680 printf(
"Failed to connect to database\n");
1699 policy->
zone == NULL || policy->
parent == NULL ||
1700 policy->
keys == NULL ||
1701 policy->
ksk == NULL || policy->
zsk == NULL ||
1703 fprintf(stderr,
"Malloc for policy struct failed\n");
1708 xmlKeepBlanksDefault(0);
1709 xmlTreeIndentString =
" ";
1710 root = xmlNewDocNode(doc, NULL, (
const xmlChar *)
"KASP", NULL);
1711 (void) xmlDocSetRootElement(doc, root);
1720 while (status == 0) {
1730 xmlSaveFormatFile(
"-", doc, 1);
1751 xmlDocPtr doc = xmlNewDoc((
const xmlChar *)
"1.0");
1754 int prev_policy_id = -1;
1761 printf(
"Failed to connect to database\n");
1768 fprintf(stderr,
"Malloc for zone struct failed\n");
1773 xmlKeepBlanksDefault(0);
1774 xmlTreeIndentString =
" ";
1775 root = xmlNewDocNode(doc, NULL, (
const xmlChar *)
"ZoneList", NULL);
1776 (void) xmlDocSetRootElement(doc, root);
1782 status =
KsmZone(result, zone);
1784 while (status == 0) {
1785 if (zone->
policy_id != prev_policy_id) {
1789 fprintf(stderr,
"Couldn't get name for policy with ID: %d, exiting...\n", zone->
policy_id);
1796 status =
KsmZone(result, zone);
1801 xmlSaveFormatFile(
"-", doc, 1);
1819 FILE* lock_fd = NULL;
1841 printf(
"Failed to connect to database\n");
1852 printf(
"Error, can't find zone : %s\n",
o_zone);
1872 if (data.
value == 1) {
1873 printf(
"*WARNING* This zone shares keys with others, all instances of the active key on this zone will be retired; are you sure? [y/N] ");
1875 user_certain = getchar();
1876 if (user_certain !=
'y' && user_certain !=
'Y') {
1877 printf(
"Okay, quitting...\n");
1883 status =
keyRoll(zone_id, -1, key_type);
1890 snprintf(logmsg, 256,
"Manual key rollover for key type %s on zone %s initiated" , (
o_keytype == NULL) ?
"all" :
o_keytype,
o_zone);
1891 printf(
"\n%s\n", logmsg);
1894 #ifdef HAVE_OPENLOG_R
1899 #ifdef HAVE_SYSLOG_R
1900 syslog_r(LOG_INFO, &sdata,
"%s", logmsg);
1902 syslog(LOG_INFO,
"%s", logmsg);
1904 #ifdef HAVE_CLOSELOG_R
1914 if (restart_enforcerd() != 0)
1916 fprintf(stderr,
"Could not HUP ods-enforcerd\n");
1932 FILE* lock_fd = NULL;
1936 int zone_count = -1;
1955 printf(
"Failed to connect to database\n");
1962 printf(
"Error, can't find policy : %s\n",
o_policy);
1968 printf(
"*WARNING* This will roll all keys on the policy; are you sure? [y/N] ");
1970 user_certain = getchar();
1971 if (user_certain !=
'y' && user_certain !=
'Y') {
1972 printf(
"Okay, quitting...\n");
1987 if (zone_count == 0) {
1988 printf(
"No zones on policy; nothing to roll\n");
1993 printf(
"Couldn't count zones on policy; quitting...\n");
1998 status =
keyRoll(-1, policy_id, key_type);
2005 snprintf(logmsg, 256,
"Manual key rollover for key type %s on policy %s initiated" , (
o_keytype == NULL) ?
"all" :
o_keytype,
o_policy);
2006 printf(
"%s\n", logmsg);
2009 #ifdef HAVE_OPENLOG_R
2014 #ifdef HAVE_SYSLOG_R
2015 syslog_r(LOG_INFO, &sdata,
"%s", logmsg);
2017 syslog(LOG_INFO,
"%s", logmsg);
2019 #ifdef HAVE_CLOSELOG_R
2029 if (restart_enforcerd() != 0)
2031 fprintf(stderr,
"Could not HUP ods-enforcerd\n");
2052 FILE* lock_fd = NULL;
2057 printf(
"Failed to connect to database\n");
2066 printf(
"Error: unable to find a policy named \"%s\" in database\n",
o_policy);
2080 printf(
"Error: unable to find a zone named \"%s\" in database\n",
o_zone);
2090 printf(
"Error: failed to purge dead keys\n");
2114 FILE* lock_fd = NULL;
2119 if (datetime == NULL) {
2120 printf(
"Couldn't turn \"now\" into a date, quitting...\n");
2127 printf(
"Failed to connect to database\n");
2137 printf(
"Error: unable to find a repository named \"%s\" in database\n",
o_repository);
2145 if (strncmp(qualifier,
"PREPARE", 7) == 0 ||
2146 strncmp(qualifier,
"DONE", 4) == 0 ) {
2149 printf(
"There were no keys to mark\n");
2151 else if (status != 0) {
2152 printf(
"Error: failed to mark pre_backup as done\n");
2157 if (strncmp(qualifier,
"PREPARE", 7) == 0) {
2159 printf(
"Marked repository %s as pre-backed up at %s\n",
o_repository, datetime);
2161 printf(
"Marked all repositories as pre-backed up at %s\n", datetime);
2168 if (strncmp(qualifier,
"COMMIT", 6) == 0 ||
2169 strncmp(qualifier,
"DONE", 4) == 0 ) {
2172 printf(
"There were no keys to mark\n");
2174 else if (status != 0) {
2175 printf(
"Error: failed to mark backup as done\n");
2181 printf(
"Marked repository %s as backed up at %s\n",
o_repository, datetime);
2183 printf(
"Marked all repositories as backed up at %s\n", datetime);
2189 if (strncmp(qualifier,
"ROLLBACK", 6) == 0 ) {
2192 printf(
"There were no keys to rollback\n");
2194 else if (status != 0) {
2195 printf(
"Error: failed to mark backup as done\n");
2201 printf(
"Rolled back pre-backup of repository %s\n",
o_repository);
2203 printf(
"Rolled back pre-backup of all repositories\n");
2224 int qualifier_id = -1;
2228 FILE* lock_fd = NULL;
2233 printf(
"Failed to connect to database\n");
2246 printf(
"Error: unable to find a zone named \"%s\" in database\n",
o_zone);
2253 printf(
"Rollovers:\n");
2258 printf(
"Error: failed to list rollovers\n");
2280 int qualifier_id = -1;
2284 FILE* lock_fd = NULL;
2289 printf(
"Failed to connect to database\n");
2298 printf(
"Error: unable to find a repository named \"%s\" in database\n",
o_repository);
2304 printf(
"Backups:\n");
2308 printf(
"Error: failed to list backups\n");
2331 FILE* lock_fd = NULL;
2336 printf(
"Failed to connect to database\n");
2341 printf(
"Repositories:\n");
2346 printf(
"Error: failed to list repositories\n");
2347 if (lock_fd != NULL) {
2372 FILE* lock_fd = NULL;
2377 printf(
"Failed to connect to database\n");
2382 printf(
"Policies:\n");
2387 printf(
"Error: failed to list policies\n");
2408 int qualifier_id = -1;
2412 FILE* lock_fd = NULL;
2417 printf(
"Failed to connect to database\n");
2430 printf(
"Error: unable to find a zone named \"%s\" in database\n",
o_zone);
2442 printf(
"Error: failed to list keys\n");
2469 int keytag_int = -1;
2470 int temp_key_state = -1;
2471 int temp_keypair_id = -1;
2472 char* temp_cka_id = NULL;
2477 FILE* lock_fd = NULL;
2482 if (datetime == NULL) {
2483 printf(
"Couldn't turn \"now\" into a date, quitting...\n");
2489 printf(
"*WARNING* This will retire the currently active KSK; are you sure? [y/N] ");
2491 user_certain = getchar();
2492 if (user_certain !=
'y' && user_certain !=
'Y') {
2493 printf(
"Okay, quitting...\n");
2500 printf(
"Failed to connect to database\n");
2514 printf(
"Error: unable to find a zone named \"%s\" in database\n",
o_zone);
2527 printf(
"Error: Unable to convert keytag \"%s\"; to an integer\n",
o_keytag);
2533 printf(
"Error: keytag \"%s\"; should be numeric only\n",
o_keytag);
2543 printf(
"Please provide a zone or details of the key to roll\n");
2552 printf(
"Error: failed to count active keys\n");
2559 if (key_count < 2) {
2560 printf(
"Error: completing this action would leave no active keys on zone, quitting...\n");
2569 printf(
"Error: failed to find policy for zone\n");
2578 printf(
"Old key retired\n");
2580 printf(
"Old key NOT retired\n");
2588 status =
CountKeys(&zone_id, keytag_int,
o_cka_id, &key_count, &temp_cka_id, &temp_key_state, &temp_keypair_id);
2590 printf(
"Error: failed to count keys\n");
2597 if (key_count > 1) {
2598 printf(
"More than one key matched your parameters, please include more information from the above keys\n");
2606 printf(
"No keys in the ACTIVE state matched your parameters, please check the parameters\n");
2614 printf(
"Error: failed to count active keys\n");
2621 if (key_count < 2) {
2622 printf(
"Error: completing this action would leave no active keys on zone, quitting...\n");
2631 printf(
"Error: failed to find policy for zone\n");
2642 printf(
"Key %s retired\n", temp_cka_id);
2669 int retired_count = -1;
2670 int keytag_int = -1;
2671 int temp_key_state = -1;
2672 int temp_keypair_id = -1;
2673 char* temp_cka_id = NULL;
2678 FILE* lock_fd = NULL;
2685 if (datetime == NULL) {
2686 printf(
"Couldn't turn \"now\" into a date, quitting...\n");
2693 printf(
"Please provide a keytag or a CKA_ID for the key (CKA_ID will be used if both are provided\n");
2701 printf(
"*WARNING* This will retire the currently active KSK; are you sure? [y/N] ");
2703 user_certain = getchar();
2704 if (user_certain !=
'y' && user_certain !=
'Y') {
2705 printf(
"Okay, quitting...\n");
2712 printf(
"Failed to connect to database\n");
2723 printf(
"Please specify a zone using the --zone flag\n");
2729 else if (
o_zone != NULL) {
2736 printf(
"Error: unable to find a zone named \"%s\" in database\n",
o_zone);
2743 else if (all_flag) {
2744 printf(
"*WARNING* This will act on every zone where this key is in use; are you sure? [y/N] ");
2746 user_certain = getchar();
2747 if (user_certain !=
'y' && user_certain !=
'Y') {
2748 printf(
"Okay, quitting...\n");
2760 printf(
"Error: Unable to convert keytag \"%s\"; to an integer\n",
o_keytag);
2766 printf(
"Error: keytag \"%s\"; should be numeric only\n",
o_keytag);
2777 status =
CountKeys(&zone_id, keytag_int,
o_cka_id, &key_count, &temp_cka_id, &temp_key_state, &temp_keypair_id);
2779 printf(
"Error: failed to count keys\n");
2786 if (key_count > 1) {
2787 printf(
"More than one key matched your parameters, please include more information from the above keys\n");
2795 printf(
"Key is already active\n");
2802 if (key_count == 0) {
2803 printf(
"No keys in the READY state matched your parameters, please check the parameters\n");
2812 printf(
"Error: failed to find policy for zone\n");
2819 status =
MarkDSSeen(temp_keypair_id, zone_id, policy_id, datetime, temp_key_state);
2823 snprintf(logmsg, 256,
"Key %s made %s", temp_cka_id, (temp_key_state ==
KSM_STATE_READY) ?
"active" :
"into standby");
2824 printf(
"%s\n", logmsg);
2827 #ifdef HAVE_OPENLOG_R
2832 #ifdef HAVE_SYSLOG_R
2833 syslog_r(LOG_INFO, &sdata,
"%s", logmsg);
2835 syslog(LOG_INFO,
"%s", logmsg);
2837 #ifdef HAVE_CLOSELOG_R
2847 if (retire_flag == 1) {
2852 printf(
"Error: failed to count active keys\n");
2859 if (key_count < 2) {
2864 printf(
"Error: failed to count retired keys\n");
2873 if (retired_count != 0) {
2874 printf(
"Error: retiring a key would leave no active keys on zone, skipping...\n");
2879 if (restart_enforcerd() != 0)
2881 fprintf(stderr,
"Could not HUP ods-enforcerd\n");
2891 printf(
"Old key retired\n");
2893 printf(
"Old key NOT retired\n");
2896 printf(
"Old key NOT retired\n");
2901 if (restart_enforcerd() != 0)
2903 fprintf(stderr,
"Could not HUP ods-enforcerd\n");
2925 char* case_keytype = NULL;
2926 char* case_algorithm = NULL;
2927 char* case_state = NULL;
2932 int cka_id_exists = -1;
2933 int keytype_id = -1;
2940 DB_ID keypair_id = 0;
2949 FILE* lock_fd = NULL;
2959 printf(
"Error: please specify a CKA_ID with the --cka_id <CKA_ID>\n");
2963 printf(
"Error: please specify a repository with the --repository <repository>\n");
2967 printf(
"Error: please specify a zone with the --zone <zone>\n");
2971 printf(
"Error: please specify the number of bits with the --bits <size>\n");
2975 printf(
"Error: please specify the algorithm with the --algorithm <algorithm>\n");
2979 printf(
"Error: please specify the state with the --keystate <state>\n");
2983 printf(
"Error: please specify a keytype, KSK or ZSK, with the --keytype <type>\n");
2987 printf(
"Error: please specify the time of when the key entered the given state with the --time <time>\n");
2994 printf(
"Failed to connect to database\n");
3002 printf(
"Error: unable to find a repository named \"%s\" in database\n",
o_repository);
3014 printf(
"Error: unable to find a zone named \"%s\" in database\n",
o_zone);
3026 if (cka_id_exists == 1) {
3027 printf(
"Error: key with CKA_ID \"%s\" already exists in database\n",
o_cka_id);
3035 if (strncmp(case_keytype,
"KSK", 3) == 0 || strncmp(
o_keytype,
"257", 3) == 0) {
3038 else if (strncmp(case_keytype,
"ZSK", 3) == 0 || strncmp(
o_keytype,
"256", 3) == 0) {
3042 printf(
"Error: Unrecognised keytype %s; should be one of KSK or ZSK\n",
o_keytype);
3054 printf(
"Error: Unable to convert bits \"%s\"; to an integer\n",
o_size);
3059 printf(
"Error: Bits \"%s\"; should be numeric only\n",
o_size);
3077 if (status != 0 || algo_id == 0 || hsm_supported_algorithm(algo_id) != 0) {
3078 printf(
"Error: Key algorithm %s not supported; try one of RSASHA1, RSASHA1-NSEC3-SHA1 or RSASHA256\n",
o_algo);
3086 if (strncmp(case_state,
"GENERATE", 8) == 0 || strncmp(
o_keystate,
"1", 1) == 0) {
3089 else if (strncmp(case_state,
"PUBLISH", 7) == 0 || strncmp(
o_keystate,
"2", 1) == 0) {
3092 else if (strncmp(case_state,
"READY", 5) == 0 || strncmp(
o_keystate,
"3", 1) == 0) {
3095 else if (strncmp(case_state,
"ACTIVE", 6) == 0 || strncmp(
o_keystate,
"4", 1) == 0) {
3098 else if (strncmp(case_state,
"RETIRE", 6) == 0 || strncmp(
o_keystate,
"5", 1) == 0) {
3102 printf(
"Error: Unrecognised state %s; should be one of GENERATE, PUBLISH, READY, ACTIVE or RETIRE\n",
o_keystate);
3113 printf(
"Error: unable to convert \"%s\" into a date\n",
o_time);
3120 snprintf(form_time,
KSM_TIME_LENGTH,
"%4.4d-%2.2d-%2.2d %2.2d:%2.2d:%2.2d",
3121 datetime.tm_year + 1900, datetime.tm_mon + 1, datetime.tm_mday,
3122 datetime.tm_hour, datetime.tm_min, datetime.tm_sec);
3128 printf(
"Error: unable to specify retire time for a key in state \"%s\"\n",
o_keystate);
3135 printf(
"Error: unable to convert retire time \"%s\" into a date\n",
o_retire);
3142 snprintf(form_opt_time,
KSM_TIME_LENGTH,
"%4.4d-%2.2d-%2.2d %2.2d:%2.2d:%2.2d",
3143 datetime.tm_year + 1900, datetime.tm_mon + 1, datetime.tm_mday,
3144 datetime.tm_hour, datetime.tm_min, datetime.tm_sec);
3148 form_opt_time[0] =
'\0';
3165 if (data.
value == 1) {
3166 printf(
"*WARNING* This zone shares keys with others, the key will be added to all; are you sure? [y/N] ");
3168 user_certain = getchar();
3169 if (user_certain !=
'y' && user_certain !=
'Y') {
3170 printf(
"Okay, quitting...\n");
3177 status =
KsmImportKeyPair(policy_id,
o_cka_id, repo_id, size_int, algo_id, state_id, form_time, fix_time, &keypair_id);
3179 printf(
"Error: couldn't import key\n");
3189 status =
KsmDnssecKeyCreate(zone_id, (
int) keypair_id, keytype_id, state_id, form_time, form_opt_time, &ignore);
3192 printf(
"Error: couldn't allocate key to zone(s)\n");
3197 printf(
"Key imported into zone(s)\n");
3213 FILE* lock_fd = NULL;
3216 char *dbschema = NULL;
3220 char *password = NULL;
3224 char* backup_filename = NULL;
3225 char* lock_filename;
3227 char *path = getenv(
"PWD");
3230 printf(
"Sorry, currently this utility can only backup a sqlite database file\n");
3235 status =
get_db_details(&dbschema, &host, &port, &user, &password);
3246 lock_filename = NULL;
3250 lock_fd = fopen(lock_filename,
"w");
3253 printf(
"Error getting db lock\n");
3254 if (lock_fd != NULL) {
3303 char* kasp_filename = NULL;
3304 char* zonelist_filename = NULL;
3305 char* backup_filename = NULL;
3308 FILE* lock_fd = NULL;
3317 int zone_count = -1;
3319 xmlDocPtr doc = NULL;
3322 printf(
"*WARNING* This feature is experimental and has not been fully tested; are you sure? [y/N] ");
3324 user_certain = getchar();
3325 if (user_certain !=
'y' && user_certain !=
'Y') {
3326 printf(
"Okay, quitting...\n");
3333 printf(
"Failed to read conf.xml\n");
3339 StrAppend(&backup_filename, kasp_filename);
3341 status =
backup_file(kasp_filename, backup_filename);
3350 if ((test = fopen(kasp_filename,
"ab"))==NULL) {
3351 printf(
"Cannot open kasp.xml for writing: %s\n", strerror(errno));
3360 printf(
"Failed to connect to database\n");
3377 if (policy == NULL) {
3378 printf(
"Malloc for policy struct failed\n");
3387 while (status == 0) {
3397 if (zone_count == 0) {
3398 printf(
"No zones on policy %s; purging...\n", policy->
name);
3400 size = snprintf(sql,
KSM_SQL_SIZE,
"update dnsseckeys set state = %d where keypair_id in (select id from keypairs where policy_id = %d)",
KSM_STATE_DEAD, policy->
id);
3404 printf(
"Couldn't construct SQL to kill orphaned keys\n");
3423 printf(
"Key purge failed for policy %s\n", policy->
name);
3430 sql2 =
DdsInit(
"parameters_policies");
3469 status = xmlSaveFormatFile(kasp_filename, doc, 1);
3472 printf(
"Could not save %s\n", kasp_filename);
3481 printf(
"Couldn't count zones on policy; quitting...\n");
3518 char* ods_control_cmd = NULL;
3519 char* ptr = command;
3524 *ptr = tolower((
int) *ptr);
3530 StrAppend(&ods_control_cmd, ODS_EN_CONTROL);
3533 status = system(ods_control_cmd);
3536 fprintf(stderr,
"Couldn't run %s\n", ods_control_cmd);
3552 char* case_command = NULL;
3553 char* case_verb = NULL;
3555 int option_index = 0;
3556 static struct option long_options[] =
3558 {
"all", no_argument, 0,
'a'},
3559 {
"bits", required_argument, 0,
'b'},
3560 {
"config", required_argument, 0,
'c'},
3561 {
"ds", no_argument, 0,
'd'},
3562 {
"keystate", required_argument, 0,
'e'},
3563 {
"no-retire", no_argument, 0,
'f'},
3564 {
"algorithm", required_argument, 0,
'g'},
3565 {
"help", no_argument, 0,
'h'},
3566 {
"input", required_argument, 0,
'i'},
3567 {
"cka_id", required_argument, 0,
'k'},
3568 {
"no-xml", no_argument, 0,
'm'},
3569 {
"interval", required_argument, 0,
'n'},
3570 {
"output", required_argument, 0,
'o'},
3571 {
"policy", required_argument, 0,
'p'},
3572 {
"repository", required_argument, 0,
'r'},
3573 {
"signerconf", required_argument, 0,
's'},
3574 {
"keytype", required_argument, 0,
't'},
3575 {
"time", required_argument, 0,
'w'},
3576 {
"verbose", no_argument, 0,
'v'},
3577 {
"version", no_argument, 0,
'V'},
3578 {
"keytag", required_argument, 0,
'x'},
3579 {
"retire", required_argument, 0,
'y'},
3580 {
"zone", required_argument, 0,
'z'},
3586 while ((ch = getopt_long(argc, argv,
"ab:c:de:fg:hi:k:n:o:p:r:s:t:vVw:x:y:z:", long_options, &option_index)) != -1) {
3644 printf(
"%s version %s\n", PACKAGE_NAME, PACKAGE_VERSION);
3699 if (!strncmp(case_command,
"SETUP", 5)) {
3703 }
else if (!strncmp(case_command,
"UPDATE", 6)) {
3707 }
else if (!strncmp(case_command,
"START", 5) ||
3708 !strncmp(case_command,
"STOP", 4) ||
3709 !strncmp(case_command,
"NOTIFY", 6)) {
3713 }
else if (!strncmp(case_command,
"ZONE", 4) && strlen(case_command) == 4) {
3718 if (!strncmp(case_verb,
"ADD", 3)) {
3720 }
else if (!strncmp(case_verb,
"DELETE", 6)) {
3722 }
else if (!strncmp(case_verb,
"LIST", 4)) {
3725 printf(
"Unknown command: zone %s\n", case_verb);
3729 }
else if (!strncmp(case_command,
"REPOSITORY", 10)) {
3733 if (!strncmp(case_verb,
"LIST", 4)) {
3736 printf(
"Unknown command: repository %s\n", case_verb);
3740 }
else if (!strncmp(case_command,
"POLICY", 6)) {
3744 if (!strncmp(case_verb,
"EXPORT", 6)) {
3746 }
else if (!strncmp(case_verb,
"IMPORT", 6)) {
3748 }
else if (!strncmp(case_verb,
"LIST", 4)) {
3750 }
else if (!strncmp(case_verb,
"PURGE", 5)) {
3753 printf(
"Unknown command: policy %s\n", case_verb);
3757 }
else if (!strncmp(case_command,
"KEY", 3)) {
3761 if (!strncmp(case_verb,
"LIST", 4)) {
3764 else if (!strncmp(case_verb,
"EXPORT", 6)) {
3767 else if (!strncmp(case_verb,
"IMPORT", 6)) {
3770 else if (!strncmp(case_verb,
"ROLLOVER", 8)) {
3772 if (all_flag == 0 &&
o_keytype == NULL) {
3773 printf(
"Please specify either a keytype, KSK or ZSK, with the --keytype <type> option or use the --all option\n");
3786 printf(
"Please provide either a zone OR a policy to rollover\n");
3792 else if (!strncmp(case_verb,
"PURGE", 5)) {
3798 printf(
"Please provide either a zone OR a policy to key purge\n");
3803 else if (!strncmp(case_verb,
"GENERATE", 8)) {
3806 else if (!strncmp(case_verb,
"KSK-RETIRE", 10)) {
3809 else if (!strncmp(case_verb,
"DS-SEEN", 7)) {
3812 printf(
"Unknown command: key %s\n", case_verb);
3816 }
else if (!strncmp(case_command,
"BACKUP", 6)) {
3820 if (!strncmp(case_verb,
"DONE", 4) ||
3821 !strncmp(case_verb,
"PREPARE", 7) ||
3822 !strncmp(case_verb,
"COMMIT", 6) ||
3823 !strncmp(case_verb,
"ROLLBACK", 8)) {
3826 else if (!strncmp(case_verb,
"LIST", 4)) {
3829 printf(
"Unknown command: backup %s\n", case_verb);
3833 }
else if (!strncmp(case_command,
"ROLLOVER", 8)) {
3836 if (!strncmp(case_verb,
"LIST", 4)) {
3839 printf(
"Unknown command: rollover %s\n", case_verb);
3843 }
else if (!strncmp(case_command,
"DATABASE", 8)) {
3847 if (!strncmp(case_verb,
"BACKUP", 6)) {
3850 printf(
"Unknown command: database %s\n", case_verb);
3854 }
else if (!strncmp(case_command,
"ZONELIST", 8)) {
3858 if (!strncmp(case_verb,
"EXPORT", 6)) {
3861 else if (!strncmp(case_verb,
"IMPORT", 6)) {
3864 printf(
"Unknown command: zonelist %s\n", case_verb);
3869 printf(
"Unknown command: %s\n", argv[0]);
3881 xmlCleanupGlobals();
3882 xmlCleanupThreads();
3904 char *dbschema = NULL;
3908 char *password = NULL;
3912 char* backup_filename = NULL;
3913 char* lock_filename;
3916 status =
get_db_details(&dbschema, &host, &port, &user, &password);
3932 if (lock_fd != NULL) {
3933 lock_filename = NULL;
3937 *lock_fd = fopen(lock_filename,
"w");
3940 printf(
"Error getting db lock\n");
3941 if (*lock_fd != NULL) {
3964 if (lock_fd != NULL) {
3979 status =
DbConnect(dbhandle, dbschema, host, password, user, port);
4001 if (lock_fd != NULL) {
4004 printf(
"Error releasing db lock");
4025 if (lock_fd == NULL) {
4026 printf(
"%s could not be opened\n", lock_filename);
4030 memset(&fl, 0,
sizeof(
struct flock));
4031 fl.l_type = F_WRLCK;
4032 fl.l_whence = SEEK_SET;
4033 fl.l_pid = getpid();
4035 while (fcntl(fileno(lock_fd), F_SETLK, &fl) == -1) {
4036 if (errno == EACCES || errno == EAGAIN) {
4037 printf(
"%s already locked, sleep\n", lock_filename);
4042 select(0, NULL, NULL, NULL, &tv);
4045 printf(
"couldn't get lock on %s; %s\n", lock_filename, strerror(errno));
4058 if (lock_fd == NULL) {
4062 memset(&fl, 0,
sizeof(
struct flock));
4063 fl.l_type = F_UNLCK;
4064 fl.l_whence = SEEK_SET;
4066 if (fcntl(fileno(lock_fd), F_SETLK, &fl) == -1) {
4079 xmlTextReaderPtr reader = NULL;
4080 xmlDocPtr doc = NULL;
4081 xmlXPathContextPtr xpathCtx = NULL;
4082 xmlXPathObjectPtr xpathObj = NULL;
4084 char* tag_name = NULL;
4085 char* temp_char = NULL;
4087 xmlChar *zonelist_expr = (
unsigned char*)
"//Common/ZoneListFile";
4088 xmlChar *kaspfile_expr = (
unsigned char*)
"//Common/PolicyFile";
4091 reader = xmlNewTextReaderFilename(
config);
4092 if (reader != NULL) {
4093 ret = xmlTextReaderRead(reader);
4095 tag_name = (
char*) xmlTextReaderLocalName(reader);
4097 if (strncmp(tag_name,
"Common", 6) == 0
4098 && xmlTextReaderNodeType(reader) == 1) {
4101 xmlTextReaderExpand(reader);
4102 doc = xmlTextReaderCurrentDoc(reader);
4104 printf(
"Error: can not read Common section\n");
4106 ret = xmlTextReaderRead(reader);
4110 xpathCtx = xmlXPathNewContext(doc);
4111 if(xpathCtx == NULL) {
4112 printf(
"Error: can not create XPath context for Common section\n");
4114 ret = xmlTextReaderRead(reader);
4119 xpathObj = xmlXPathEvalExpression(zonelist_expr, xpathCtx);
4120 if(xpathObj == NULL) {
4121 printf(
"Error: unable to evaluate xpath expression: %s\n", zonelist_expr);
4123 ret = xmlTextReaderRead(reader);
4126 *zone_list_filename = NULL;
4127 temp_char = (
char*) xmlXPathCastToString(xpathObj);
4128 StrAppend(zone_list_filename, temp_char);
4130 xmlXPathFreeObject(xpathObj);
4131 printf(
"zonelist filename set to %s.\n", *zone_list_filename);
4134 xpathObj = xmlXPathEvalExpression(kaspfile_expr, xpathCtx);
4135 xmlXPathFreeContext(xpathCtx);
4136 if(xpathObj == NULL) {
4137 printf(
"Error: unable to evaluate xpath expression: %s\n", kaspfile_expr);
4139 ret = xmlTextReaderRead(reader);
4142 *kasp_filename = NULL;
4143 if (xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
4147 temp_char = (
char*) xmlXPathCastToString(xpathObj);
4155 StrAppend(kasp_filename, OPENDNSSEC_CONFIG_DIR);
4158 printf(
"kasp filename set to %s.\n", *kasp_filename);
4160 xmlXPathFreeObject(xpathObj);
4163 ret = xmlTextReaderRead(reader);
4167 xmlFreeTextReader(reader);
4169 printf(
"%s : failed to parse\n",
config);
4173 printf(
"Unable to open %s\n",
config);
4190 xmlDocPtr doc = NULL;
4191 xmlXPathContextPtr xpathCtx = NULL;
4192 xmlXPathObjectPtr xpathObj = NULL;
4194 char* repo_name = NULL;
4195 char* repo_capacity = NULL;
4196 int require_backup = 0;
4199 xmlChar *node_expr = (
unsigned char*)
"//Configuration/RepositoryList/Repository";
4203 doc = xmlParseFile(
config);
4205 printf(
"Unable to open %s\n",
config);
4210 xpathCtx = xmlXPathNewContext(doc);
4211 if(xpathCtx == NULL) {
4217 xpathObj = xmlXPathEvalExpression(node_expr, xpathCtx);
4218 if(xpathObj == NULL) {
4219 xmlXPathFreeContext(xpathCtx);
4224 if (xpathObj->nodesetval) {
4225 for (i = 0; i < xpathObj->nodesetval->nodeNr; i++) {
4230 curNode = xpathObj->nodesetval->nodeTab[i]->xmlChildrenNode;
4231 repo_name = (
char *) xmlGetProp(xpathObj->nodesetval->nodeTab[i],
4232 (
const xmlChar *)
"name");
4234 if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Capacity")) {
4235 repo_capacity = (
char *) xmlNodeGetContent(curNode);
4237 if (xmlStrEqual(curNode->name, (
const xmlChar *)
"RequireBackup")) {
4241 curNode = curNode->next;
4244 if (strlen(repo_name) != 0) {
4246 printf(
"Repository %s found\n", repo_name);
4247 if (strlen(repo_capacity) == 0) {
4248 printf(
"No Maximum Capacity set.\n");
4254 printf(
"Capacity set to %s.\n", repo_capacity);
4260 if (require_backup == 0) {
4261 printf(
"RequireBackup NOT set; please make sure that you know the potential problems of using keys which are not recoverable\n");
4263 printf(
"RequireBackup set.\n");
4267 printf(
"Error Importing Repository %s", repo_name);
4271 printf(
"WARNING: Repository found with NULL name, skipping...\n");
4279 xmlXPathFreeObject(xpathObj);
4282 xmlXPathFreeContext(xpathCtx);
4297 char *policy_name = NULL;
4298 char *policy_description = NULL;
4301 xmlDocPtr doc = NULL;
4302 xmlDocPtr pol_doc = NULL;
4303 xmlDocPtr rngdoc = NULL;
4306 xmlNode *childNode2;
4307 xmlNode *childNode3;
4308 xmlChar *opt_out_flag = (xmlChar *)
"N";
4309 xmlChar *share_keys_flag = (xmlChar *)
"N";
4310 xmlChar *man_roll_flag = (xmlChar *)
"N";
4311 xmlChar *rfc5011_flag = (xmlChar *)
"N";
4312 int standby_keys_flag = 0;
4313 xmlXPathContextPtr xpathCtx = NULL;
4314 xmlXPathObjectPtr xpathObj = NULL;
4315 xmlRelaxNGParserCtxtPtr rngpctx = NULL;
4316 xmlRelaxNGValidCtxtPtr rngctx = NULL;
4317 xmlRelaxNGPtr schema = NULL;
4320 xmlChar *node_expr = (
unsigned char*)
"//Policy";
4324 int audit_found = 0;
4330 int algo_change = 0;
4332 char* changes_made = NULL;
4337 const char* rngfilename = OPENDNSSEC_SCHEMA_DIR
"/kasp.rng";
4338 char* kaspcheck_cmd = NULL;
4339 char* kaspcheck_cmd_version = NULL;
4341 StrAppend(&kaspcheck_cmd, ODS_AU_KASPCHECK);
4345 StrAppend(&kaspcheck_cmd_version, ODS_AU_KASPCHECK);
4346 StrAppend(&kaspcheck_cmd_version,
" -v > /dev/null");
4349 status = system(kaspcheck_cmd_version);
4352 status = system(kaspcheck_cmd);
4355 fprintf(stderr,
"ods-kaspcheck returned an error, please check your policy\n");
4357 StrFree(kaspcheck_cmd_version);
4363 fprintf(stderr,
"Couldn't run ods-kaspcheck (Auditor is not installed), will carry on\n");
4367 StrFree(kaspcheck_cmd_version);
4370 doc = xmlParseFile(kasp_filename);
4372 printf(
"Error: unable to parse file \"%s\"\n", kasp_filename);
4377 rngdoc = xmlParseFile(rngfilename);
4378 if (rngdoc == NULL) {
4379 printf(
"Error: unable to parse file \"%s\"\n", rngfilename);
4384 rngpctx = xmlRelaxNGNewDocParserCtxt(rngdoc);
4385 if (rngpctx == NULL) {
4386 printf(
"Error: unable to create XML RelaxNGs parser context\n");
4391 schema = xmlRelaxNGParse(rngpctx);
4392 if (schema == NULL) {
4393 printf(
"Error: unable to parse a schema definition resource\n");
4398 rngctx = xmlRelaxNGNewValidCtxt(schema);
4399 if (rngctx == NULL) {
4400 printf(
"Error: unable to create RelaxNGs validation context based on the schema\n");
4405 status = xmlRelaxNGValidateDoc(rngctx,doc);
4407 printf(
"Error validating file \"%s\"\n", kasp_filename);
4413 if (policy == NULL) {
4414 printf(
"Malloc for policy struct failed");
4419 xpathCtx = xmlXPathNewContext(doc);
4420 if(xpathCtx == NULL) {
4427 xpathObj = xmlXPathEvalExpression(node_expr, xpathCtx);
4428 if(xpathObj == NULL) {
4429 xmlXPathFreeContext(xpathCtx);
4435 if (xpathObj->nodesetval) {
4441 for (i = 0; i < xpathObj->nodesetval->nodeNr; i++) {
4443 curNode = xpathObj->nodesetval->nodeTab[i]->xmlChildrenNode;
4444 policy_name = (
char *) xmlGetProp(xpathObj->nodesetval->nodeTab[i], (
const xmlChar *)
"name");
4445 if (strlen(policy_name) == 0) {
4447 printf(
"Error extracting policy name from %s\n", kasp_filename);
4460 printf(
"Error: unable to read policy %s; skipping\n", policy_name);
4465 if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Keys")) {
4466 childNode = curNode->children;
4468 if (xmlStrEqual(childNode->name, (
const xmlChar *)
"KSK")) {
4469 childNode2 = childNode->children;
4471 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Algorithm")) {
4474 status =
StrStrtoi((
char *)xmlNodeGetContent(childNode2), &value);
4476 printf(
"Error extracting KSK algorithm for policy %s, exiting...", policy_name);
4482 printf(
"\n\nAlgorithm change attempted... details:\n");
4483 StrAppend(&changes_made,
"Algorithm changes made, details:");
4486 size = snprintf(tmp_change,
KSM_MSG_LENGTH,
"Policy: %s, KSK algorithm changed from %d to %d.", policy_name, policy->
ksk->
algorithm, value);
4489 printf(
"Error constructing log message for policy %s, exiting...", policy_name);
4492 printf(
"%s\n", tmp_change);
4498 childNode2 = childNode2->next;
4503 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"ZSK")) {
4504 childNode2 = childNode->children;
4506 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Algorithm")) {
4509 status =
StrStrtoi((
char *)xmlNodeGetContent(childNode2), &value);
4511 printf(
"Error extracting ZSK algorithm for policy %s, exiting...", policy_name);
4517 printf(
"\n\nAlgorithm change attempted... details:\n");
4518 StrAppend(&changes_made,
"Algorithm changes made, details:");
4521 size = snprintf(tmp_change,
KSM_MSG_LENGTH,
"Policy: %s, ZSK algorithm changed from %d to %d.", policy_name, policy->
zsk->
algorithm, value);
4524 printf(
"Error constructing log message for policy %s, exiting...", policy_name);
4527 printf(
"%s\n", tmp_change);
4533 childNode2 = childNode2->next;
4538 childNode = childNode->next;
4541 curNode = curNode->next;
4553 if (algo_change == 1 && force_flag == 0) {
4554 printf(
"*WARNING* This will change the algorithms used as noted above. Algorithm rollover is _not_ supported by OpenDNSSEC and zones may break. Are you sure? [y/N] ");
4556 user_certain = getchar();
4557 if (user_certain !=
'y' && user_certain !=
'Y') {
4558 printf(
"\nOkay, quitting...\n");
4559 xmlXPathFreeContext(xpathCtx);
4572 #ifdef HAVE_OPENLOG_R
4577 #ifdef HAVE_SYSLOG_R
4578 syslog_r(LOG_INFO, &sdata,
"%s", changes_made);
4580 syslog(LOG_INFO,
"%s", changes_made);
4582 #ifdef HAVE_CLOSELOG_R
4593 for (i = 0; i < xpathObj->nodesetval->nodeNr; i++) {
4595 curNode = xpathObj->nodesetval->nodeTab[i]->xmlChildrenNode;
4596 policy_name = (
char *) xmlGetProp(xpathObj->nodesetval->nodeTab[i], (
const xmlChar *)
"name");
4597 if (strlen(policy_name) == 0) {
4599 printf(
"Error extracting policy name from %s\n", kasp_filename);
4604 printf(
"Policy %s found\n", policy_name);
4606 if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Description")) {
4607 policy_description = (
char *) xmlNodeGetContent(curNode);
4617 printf(
"Error: unable to read policy %s; skipping\n", policy_name);
4618 curNode = curNode->next;
4627 printf(
"Error: unable to insert policy %s; skipping\n", policy_name);
4634 printf(
"Error: unable to get policy id for %s; skipping\n", policy_name);
4640 else if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Signatures")) {
4641 childNode = curNode->children;
4643 if (xmlStrEqual(childNode->name, (
const xmlChar *)
"Resign")) {
4646 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"Refresh")) {
4649 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"Validity")) {
4650 childNode2 = childNode->children;
4652 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Default")) {
4655 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Denial")) {
4658 childNode2 = childNode2->next;
4661 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"Jitter")) {
4664 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"InceptionOffset")) {
4667 childNode = childNode->next;
4670 else if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Denial")) {
4671 opt_out_flag = (xmlChar *)
"N";
4672 childNode = curNode->children;
4674 if (xmlStrEqual(childNode->name, (
const xmlChar *)
"NSEC3")) {
4678 printf(
"Error: unable to insert/update %s for policy\n",
"Denial version");
4680 childNode2 = childNode->children;
4682 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"OptOut")) {
4683 opt_out_flag = (xmlChar *)
"Y";
4685 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Resalt")) {
4688 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Hash")) {
4689 childNode3 = childNode2->children;
4691 if (xmlStrEqual(childNode3->name, (
const xmlChar *)
"Algorithm")) {
4694 else if (xmlStrEqual(childNode3->name, (
const xmlChar *)
"Iterations")) {
4697 else if (xmlStrEqual(childNode3->name, (
const xmlChar *)
"Salt")) {
4700 childNode3 = childNode3->next;
4704 childNode2 = childNode2->next;
4709 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"NSEC")) {
4712 printf(
"Error: unable to insert/update %s for policy\n",
"Denial version");
4715 childNode = childNode->next;
4718 else if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Keys")) {
4719 share_keys_flag = (xmlChar *)
"N";
4720 childNode = curNode->children;
4722 if (xmlStrEqual(childNode->name, (
const xmlChar *)
"TTL")) {
4725 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"RetireSafety")) {
4728 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"PublishSafety")) {
4731 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"ShareKeys")) {
4732 share_keys_flag = (xmlChar *)
"Y";
4734 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"Purge")) {
4738 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"KSK")) {
4739 man_roll_flag = (xmlChar *)
"N";
4740 rfc5011_flag = (xmlChar *)
"N";
4741 childNode2 = childNode->children;
4743 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Algorithm")) {
4748 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Lifetime")) {
4751 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Repository")) {
4753 printf(
"Please either add the repository to conf.xml or remove the reference to it from kasp.xml\n");
4755 xmlFreeDoc(pol_doc);
4756 xmlXPathFreeContext(xpathCtx);
4757 xmlRelaxNGFree(schema);
4758 xmlRelaxNGFreeValidCtxt(rngctx);
4759 xmlRelaxNGFreeParserCtxt(rngpctx);
4767 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Standby")) {
4769 standby_keys_flag = 1;
4771 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"ManualRollover")) {
4772 man_roll_flag = (xmlChar *)
"Y";
4774 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"RFC5011")) {
4775 rfc5011_flag = (xmlChar *)
"Y";
4780 childNode2 = childNode2->next;
4785 if (standby_keys_flag == 0) {
4788 standby_keys_flag = 0;
4792 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"ZSK")) {
4793 man_roll_flag = (xmlChar *)
"N";
4794 childNode2 = childNode->children;
4796 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Algorithm")) {
4801 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Lifetime")) {
4804 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Repository")) {
4806 printf(
"Please either add the repository to conf.xml or remove the reference to it from kasp.xml\n");
4808 xmlFreeDoc(pol_doc);
4809 xmlXPathFreeContext(xpathCtx);
4810 xmlRelaxNGFree(schema);
4811 xmlRelaxNGFreeValidCtxt(rngctx);
4812 xmlRelaxNGFreeParserCtxt(rngpctx);
4820 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Standby")) {
4822 standby_keys_flag = 1;
4824 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"ManualRollover")) {
4825 man_roll_flag = (xmlChar *)
"Y";
4827 childNode2 = childNode2->next;
4833 childNode = childNode->next;
4837 if (standby_keys_flag == 0) {
4840 standby_keys_flag = 0;
4845 else if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Zone")) {
4846 childNode = curNode->children;
4848 if (xmlStrEqual(childNode->name, (
const xmlChar *)
"PropagationDelay")) {
4851 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"SOA")) {
4852 childNode2 = childNode->children;
4854 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"TTL")) {
4857 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Minimum")) {
4860 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Serial")) {
4863 childNode2 = childNode2->next;
4866 childNode = childNode->next;
4870 else if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Parent")) {
4871 childNode = curNode->children;
4873 if (xmlStrEqual(childNode->name, (
const xmlChar *)
"PropagationDelay")) {
4876 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"DS")) {
4877 childNode2 = childNode->children;
4879 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"TTL")) {
4882 childNode2 = childNode2->next;
4885 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"SOA")) {
4886 childNode2 = childNode->children;
4888 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"TTL")) {
4891 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Minimum")) {
4894 childNode2 = childNode2->next;
4897 childNode = childNode->next;
4901 else if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Audit")) {
4903 childNode = curNode->children;
4905 if (xmlStrEqual(childNode->name, (
const xmlChar *)
"Partial")) {
4908 childNode = childNode->next;
4912 printf(
"Error: unable to insert Audit info for policy %s\n", policy->
name);
4916 curNode = curNode->next;
4919 if (audit_found == 0) {
4931 xmlXPathFreeContext(xpathCtx);
4932 xmlRelaxNGFree(schema);
4933 xmlRelaxNGFreeValidCtxt(rngctx);
4934 xmlRelaxNGFreeParserCtxt(rngpctx);
4946 xmlTextReaderPtr reader = NULL;
4947 xmlDocPtr doc = NULL;
4948 xmlXPathContextPtr xpathCtx = NULL;
4949 xmlXPathObjectPtr xpathObj = NULL;
4951 char* zone_name = NULL;
4952 char* policy_name = NULL;
4953 char* current_policy = NULL;
4954 char* current_signconf = NULL;
4955 char* current_input = NULL;
4956 char* current_output = NULL;
4957 char* temp_char = NULL;
4958 char* tag_name = NULL;
4961 int file_zone_count = 0;
4962 int db_zone_count = 0;
4976 xmlChar *name_expr = (
unsigned char*)
"name";
4977 xmlChar *policy_expr = (
unsigned char*)
"//Zone/Policy";
4978 xmlChar *signconf_expr = (
unsigned char*)
"//Zone/SignerConfiguration";
4979 xmlChar *input_expr = (
unsigned char*)
"//Zone/Adapters/Input/File";
4980 xmlChar *output_expr = (
unsigned char*)
"//Zone/Adapters/Output/File";
4984 reader = xmlNewTextReaderFilename(zone_list_filename);
4985 if (reader != NULL) {
4986 ret = xmlTextReaderRead(reader);
4988 tag_name = (
char*) xmlTextReaderLocalName(reader);
4990 if (strncmp(tag_name,
"Zone", 4) == 0
4991 && strncmp(tag_name,
"ZoneList", 8) != 0
4992 && xmlTextReaderNodeType(reader) == 1) {
4996 ret = xmlTextReaderRead(reader);
4999 xmlFreeTextReader(reader);
5001 printf(
"%s : failed to parse\n", zone_list_filename);
5005 printf(
"Unable to open %s\n", zone_list_filename);
5010 zone_ids =
MemMalloc(file_zone_count *
sizeof(
int));
5013 reader = xmlNewTextReaderFilename(zone_list_filename);
5014 if (reader != NULL) {
5015 ret = xmlTextReaderRead(reader);
5017 tag_name = (
char*) xmlTextReaderLocalName(reader);
5019 if (strncmp(tag_name,
"Zone", 4) == 0
5020 && strncmp(tag_name,
"ZoneList", 8) != 0
5021 && xmlTextReaderNodeType(reader) == 1) {
5024 temp_char = (
char*) xmlTextReaderGetAttribute(reader, name_expr);
5038 if (zone_name == NULL) {
5040 printf(
"Error extracting zone name from %s\n", zone_list_filename);
5042 ret = xmlTextReaderRead(reader);
5046 printf(
"Zone %s found\n", zone_name);
5049 xmlTextReaderExpand(reader);
5050 doc = xmlTextReaderCurrentDoc(reader);
5052 printf(
"Error: can not read zone \"%s\"; skipping\n", zone_name);
5054 ret = xmlTextReaderRead(reader);
5058 xpathCtx = xmlXPathNewContext(doc);
5059 if(xpathCtx == NULL) {
5060 printf(
"Error: can not create XPath context for \"%s\"; skipping zone\n", zone_name);
5062 ret = xmlTextReaderRead(reader);
5068 xpathObj = xmlXPathEvalExpression(policy_expr, xpathCtx);
5069 if(xpathObj == NULL) {
5070 printf(
"Error: unable to evaluate xpath expression: %s; skipping zone\n", policy_expr);
5072 ret = xmlTextReaderRead(reader);
5076 current_policy = NULL;
5077 temp_char = (
char *)xmlXPathCastToString(xpathObj);
5080 printf(
"Policy set to %s.\n", current_policy);
5081 xmlXPathFreeObject(xpathObj);
5084 if (policy_name == NULL || strcmp(current_policy, policy_name) != 0) {
5086 StrAppend(&policy_name, current_policy);
5090 printf(
"Error, can't find policy : %s\n", policy_name);
5092 ret = xmlTextReaderRead(reader);
5099 xpathObj = xmlXPathEvalExpression(signconf_expr, xpathCtx);
5100 if(xpathObj == NULL) {
5101 printf(
"Error: unable to evaluate xpath expression: %s; skipping zone\n", signconf_expr);
5103 ret = xmlTextReaderRead(reader);
5107 current_signconf = NULL;
5108 temp_char = (
char *)xmlXPathCastToString(xpathObj);
5109 StrAppend(¤t_signconf, temp_char);
5111 xmlXPathFreeObject(xpathObj);
5115 xpathObj = xmlXPathEvalExpression(input_expr, xpathCtx);
5116 if(xpathObj == NULL) {
5117 printf(
"Error: unable to evaluate xpath expression: %s; skipping zone\n", input_expr);
5119 ret = xmlTextReaderRead(reader);
5123 current_input = NULL;
5124 temp_char = (
char *)xmlXPathCastToString(xpathObj);
5127 xmlXPathFreeObject(xpathObj);
5131 xpathObj = xmlXPathEvalExpression(output_expr, xpathCtx);
5132 xmlXPathFreeContext(xpathCtx);
5133 if(xpathObj == NULL) {
5134 printf(
"Error: unable to evaluate xpath expression: %s; skipping zone\n", output_expr);
5136 ret = xmlTextReaderRead(reader);
5140 current_output = NULL;
5141 temp_char = (
char *)xmlXPathCastToString(xpathObj);
5144 xmlXPathFreeObject(xpathObj);
5149 status =
KsmImportZone(zone_name, policy_id, 0, &new_zone, current_signconf, current_input, current_output);
5152 printf(
"Error Importing zone %s; it already exists both with and without a trailing dot\n", zone_name);
5154 printf(
"Error Importing Zone %s\n", zone_name);
5157 ret = xmlTextReaderRead(reader);
5162 if (new_zone == 1) {
5163 printf(
"Added zone %s to database\n", zone_name);
5177 printf(
"Error: unable to find a zone named \"%s\" in database\n", zone_name);
5178 printf(
"Error: Possibly two domains differ only by having a trailing dot or not?\n");
5184 zone_ids[i] = temp_id;
5197 ret = xmlTextReaderRead(reader);
5200 xmlFreeTextReader(reader);
5202 printf(
"%s : failed to parse\n", zone_list_filename);
5205 printf(
"Unable to open %s\n", zone_list_filename);
5221 if (file_zone_count == db_zone_count) {
5226 else if (file_zone_count > db_zone_count) {
5227 printf(
"Failed to add all zones from zonelist\n");
5243 while (status == 0) {
5244 DbInt(row, 0, &temp_id);
5246 DbInt(row, 2, &policy_id);
5249 for (i = 0; i < db_zone_count; ++i) {
5250 if (temp_id == zone_ids[i]) {
5256 if (seen_zone == 0) {
5259 printf(
"Removing zone %s from database\n", zone_name);
5261 status =
KsmParameterInit(&result2,
"zones_share_keys",
"keys", policy_id);
5285 if ((shared.
value == 1 && temp_count == 1) || shared.
value == 0) {
5288 printf(
"Error: failed to mark keys as dead in database\n");
5322 int SetParamOnPolicy(
const xmlChar* new_value,
const char* name,
const char* category,
int current_value,
int policy_id,
int value_type)
5326 char* temp_char = (
char *)new_value;
5330 if (strlen(temp_char) != 0) {
5333 printf(
"Error: unable to convert interval %s to seconds, error: %i\n", temp_char, status);
5337 else if (status == -1) {
5338 printf(
"Info: converting %s to seconds; M interpreted as 31 days, Y interpreted as 365 days\n", temp_char);
5347 if (strncmp(temp_char,
"Y", 1) == 0) {
5357 printf(
"Error: unable to find repository %s\n", temp_char);
5367 printf(
"Error: unable to find serial type %s\n", temp_char);
5377 printf(
"Error: unable to find rollover scheme %s\n", temp_char);
5386 printf(
"Error: unable to convert %s to int\n", temp_char);
5396 if (value != current_value || current_value == 0) {
5399 printf(
"Error: unable to insert/update %s for policy\n", name);
5400 printf(
"Error: Is your database schema up to date?\n");
5406 if (strncmp(name,
"saltlength", 10) == 0) {
5409 printf(
"Error: unable to insert/update %s for policy\n", name);
5410 printf(
"Error: Is your database schema up to date?\n");
5421 if (policy == NULL) {
5422 printf(
"Error, no policy provided");
5459 policy->
ksk->
sm = 0;
5471 policy->
zsk->
sm = 0;
5508 if((from = fopen( orig_file,
"rb"))==NULL) {
5509 if (errno == ENOENT) {
5510 printf(
"File %s does not exist, nothing to backup\n", orig_file);
5514 printf(
"Cannot open source file.\n");
5520 if((to = fopen(backup_file,
"wb"))==NULL) {
5521 printf(
"Cannot open destination file, will not make backup.\n");
5527 while(!feof(from)) {
5530 printf(
"Error reading source file.\n");
5535 if(!feof(from)) fputc(ch, to);
5537 printf(
"Error writing destination file.\n");
5544 if(fclose(from)==EOF) {
5545 printf(
"Error closing source file.\n");
5550 if(fclose(to)==EOF) {
5551 printf(
"Error closing destination file.\n");
5569 get_db_details(
char** dbschema,
char** host,
char** port,
char** user,
char** password)
5574 xmlXPathContextPtr xpathCtx;
5575 xmlXPathObjectPtr xpathObj;
5576 xmlRelaxNGParserCtxtPtr rngpctx;
5577 xmlRelaxNGValidCtxtPtr rngctx;
5578 xmlRelaxNGPtr schema;
5579 xmlChar *litexpr = (
unsigned char*)
"//Configuration/Enforcer/Datastore/SQLite";
5580 xmlChar *mysql_host = (
unsigned char*)
"//Configuration/Enforcer/Datastore/MySQL/Host";
5581 xmlChar *mysql_port = (
unsigned char*)
"//Configuration/Enforcer/Datastore/MySQL/Host/@port";
5582 xmlChar *mysql_db = (
unsigned char*)
"//Configuration/Enforcer/Datastore/MySQL/Database";
5583 xmlChar *mysql_user = (
unsigned char*)
"//Configuration/Enforcer/Datastore/MySQL/Username";
5584 xmlChar *mysql_pass = (
unsigned char*)
"//Configuration/Enforcer/Datastore/MySQL/Password";
5588 char* temp_char = NULL;
5591 const char* rngfilename = OPENDNSSEC_SCHEMA_DIR
"/conf.rng";
5594 doc = xmlParseFile(
config);
5596 printf(
"Error: unable to parse file \"%s\"\n",
config);
5601 rngdoc = xmlParseFile(rngfilename);
5602 if (rngdoc == NULL) {
5603 printf(
"Error: unable to parse file \"%s\"\n", rngfilename);
5609 rngpctx = xmlRelaxNGNewDocParserCtxt(rngdoc);
5611 if (rngpctx == NULL) {
5612 printf(
"Error: unable to create XML RelaxNGs parser context\n");
5618 schema = xmlRelaxNGParse(rngpctx);
5619 xmlRelaxNGFreeParserCtxt(rngpctx);
5620 if (schema == NULL) {
5621 printf(
"Error: unable to parse a schema definition resource\n");
5627 rngctx = xmlRelaxNGNewValidCtxt(schema);
5628 if (rngctx == NULL) {
5629 printf(
"Error: unable to create RelaxNGs validation context based on the schema\n");
5630 xmlRelaxNGFree(schema);
5636 status = xmlRelaxNGValidateDoc(rngctx,doc);
5637 xmlRelaxNGFreeValidCtxt(rngctx);
5638 xmlRelaxNGFree(schema);
5640 printf(
"Error validating file \"%s\"\n",
config);
5647 xpathCtx = xmlXPathNewContext(doc);
5648 if(xpathCtx == NULL) {
5649 printf(
"Error: unable to create new XPath context\n");
5655 xpathObj = xmlXPathEvalExpression(litexpr, xpathCtx);
5656 if(xpathObj == NULL) {
5657 printf(
"Error: unable to evaluate xpath expression: %s\n", litexpr);
5658 xmlXPathFreeContext(xpathCtx);
5662 if(xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
5664 temp_char = (
char *)xmlXPathCastToString(xpathObj);
5668 fprintf(stderr,
"SQLite database set to: %s\n", *dbschema);
5671 xmlXPathFreeObject(xpathObj);
5673 if (db_found == 0) {
5678 xpathObj = xmlXPathEvalExpression(mysql_host, xpathCtx);
5679 if(xpathObj == NULL) {
5680 printf(
"Error: unable to evaluate xpath expression: %s\n", mysql_host);
5681 xmlXPathFreeContext(xpathCtx);
5685 if(xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
5686 temp_char = (
char *)xmlXPathCastToString(xpathObj);
5690 fprintf(stderr,
"MySQL database host set to: %s\n", *host);
5693 xmlXPathFreeObject(xpathObj);
5696 xpathObj = xmlXPathEvalExpression(mysql_port, xpathCtx);
5697 if(xpathObj == NULL) {
5698 printf(
"Error: unable to evaluate xpath expression: %s\n", mysql_port);
5699 xmlXPathFreeContext(xpathCtx);
5703 if(xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
5704 temp_char = (
char *)xmlXPathCastToString(xpathObj);
5708 fprintf(stderr,
"MySQL database port set to: %s\n", *port);
5711 xmlXPathFreeObject(xpathObj);
5714 xpathObj = xmlXPathEvalExpression(mysql_db, xpathCtx);
5715 if(xpathObj == NULL) {
5716 printf(
"Error: unable to evaluate xpath expression: %s\n", mysql_db);
5717 xmlXPathFreeContext(xpathCtx);
5721 if(xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
5722 temp_char = (
char *)xmlXPathCastToString(xpathObj);
5726 fprintf(stderr,
"MySQL database schema set to: %s\n", *dbschema);
5731 xmlXPathFreeObject(xpathObj);
5734 xpathObj = xmlXPathEvalExpression(mysql_user, xpathCtx);
5735 if(xpathObj == NULL) {
5736 printf(
"Error: unable to evaluate xpath expression: %s\n", mysql_user);
5737 xmlXPathFreeContext(xpathCtx);
5741 if(xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
5742 temp_char = (
char *)xmlXPathCastToString(xpathObj);
5746 fprintf(stderr,
"MySQL database user set to: %s\n", *user);
5751 xmlXPathFreeObject(xpathObj);
5754 xpathObj = xmlXPathEvalExpression(mysql_pass, xpathCtx);
5755 if(xpathObj == NULL) {
5756 printf(
"Error: unable to evaluate xpath expression: %s\n", mysql_pass);
5757 xmlXPathFreeContext(xpathCtx);
5762 temp_char = (
char *)xmlXPathCastToString(xpathObj);
5765 xmlXPathFreeObject(xpathObj);
5768 fprintf(stderr,
"MySQL database password set\n");
5773 xmlXPathFreeContext(xpathCtx);
5778 printf(
"Error: unable to find complete database connection expression\n");
5784 printf(
"Error: database in config file does not match libksm\n");
5798 xmlTextReaderPtr reader = NULL;
5799 xmlDocPtr doc = NULL;
5800 xmlXPathContextPtr xpathCtx = NULL;
5801 xmlXPathObjectPtr xpathObj = NULL;
5803 char* temp_char = NULL;
5804 char* tag_name = NULL;
5806 xmlChar *zonelist_expr = (
unsigned char*)
"//Common/ZoneListFile";
5809 reader = xmlNewTextReaderFilename(
config);
5810 if (reader != NULL) {
5811 ret = xmlTextReaderRead(reader);
5813 tag_name = (
char*) xmlTextReaderLocalName(reader);
5815 if (strncmp(tag_name,
"Common", 6) == 0
5816 && xmlTextReaderNodeType(reader) == 1) {
5819 xmlTextReaderExpand(reader);
5820 doc = xmlTextReaderCurrentDoc(reader);
5822 printf(
"Error: can not read Common section\n");
5824 ret = xmlTextReaderRead(reader);
5828 xpathCtx = xmlXPathNewContext(doc);
5829 if(xpathCtx == NULL) {
5830 printf(
"Error: can not create XPath context for Common section\n");
5832 ret = xmlTextReaderRead(reader);
5837 xpathObj = xmlXPathEvalExpression(zonelist_expr, xpathCtx);
5838 if(xpathObj == NULL) {
5839 printf(
"Error: unable to evaluate xpath expression: %s\n", zonelist_expr);
5841 ret = xmlTextReaderRead(reader);
5844 *zone_list_filename = NULL;
5845 temp_char = (
char *)xmlXPathCastToString(xpathObj);
5846 xmlXPathFreeObject(xpathObj);
5847 StrAppend(zone_list_filename, temp_char);
5849 printf(
"zonelist filename set to %s.\n", *zone_list_filename);
5852 ret = xmlTextReaderRead(reader);
5855 xmlFreeTextReader(reader);
5857 printf(
"%s : failed to parse\n",
config);
5861 printf(
"Unable to open %s\n",
config);
5865 xmlXPathFreeContext(xpathCtx);
5875 const char *zone_name,
5876 const char *policy_name,
5877 const char *sig_conf_name,
5878 const char *input_name,
5879 const char *output_name)
5883 xmlNodePtr newzonenode;
5884 xmlNodePtr newadaptnode;
5885 xmlNodePtr newinputnode;
5886 xmlNodePtr newoutputnode;
5887 doc = xmlParseFile(docname);
5889 fprintf(stderr,
"Document not parsed successfully. \n");
5892 cur = xmlDocGetRootElement(doc);
5894 fprintf(stderr,
"empty document\n");
5898 if (xmlStrcmp(cur->name, (
const xmlChar *)
"ZoneList")) {
5899 fprintf(stderr,
"document of the wrong type, root node != %s",
"ZoneList");
5903 newzonenode = xmlNewTextChild(cur, NULL, (
const xmlChar *)
"Zone", NULL);
5904 (void) xmlNewProp(newzonenode, (
const xmlChar *)
"name", (
const xmlChar *)zone_name);
5906 (void) xmlNewTextChild (newzonenode, NULL, (
const xmlChar *)
"Policy", (
const xmlChar *)policy_name);
5908 (void) xmlNewTextChild (newzonenode, NULL, (
const xmlChar *)
"SignerConfiguration", (
const xmlChar *)sig_conf_name);
5910 newadaptnode = xmlNewChild (newzonenode, NULL, (
const xmlChar *)
"Adapters", NULL);
5912 newinputnode = xmlNewChild (newadaptnode, NULL, (
const xmlChar *)
"Input", NULL);
5914 (void) xmlNewTextChild (newinputnode, NULL, (
const xmlChar *)
"File", (
const xmlChar *)input_name);
5916 newoutputnode = xmlNewChild (newadaptnode, NULL, (
const xmlChar *)
"Output", NULL);
5918 (void) xmlNewTextChild (newoutputnode, NULL, (
const xmlChar *)
"File", (
const xmlChar *)output_name);
5924 const char *zone_name)
5930 doc = xmlParseFile(docname);
5932 fprintf(stderr,
"Document not parsed successfully. \n");
5935 root = xmlDocGetRootElement(doc);
5937 fprintf(stderr,
"empty document\n");
5941 if (xmlStrcmp(root->name, (
const xmlChar *)
"ZoneList")) {
5942 fprintf(stderr,
"document of the wrong type, root node != %s",
"ZoneList");
5948 if (all_flag == 1) {
5949 cur = root->children;
5955 cur = root->children;
5961 for(cur = root->children; cur != NULL; cur = cur->next)
5964 if (xmlStrcmp( xmlGetProp(cur, (xmlChar *)
"name"), (
const xmlChar *) zone_name) == 0)
5968 cur = root->children;
5983 xmlChar *polChar = NULL;
5984 xmlChar *propChar = NULL;
5990 doc = xmlParseFile(docname);
5992 fprintf(stderr,
"Document not parsed successfully. \n");
5995 root = xmlDocGetRootElement(doc);
5997 fprintf(stderr,
"empty document\n");
6001 if (xmlStrcmp(root->name, (
const xmlChar *)
"ZoneList")) {
6002 fprintf(stderr,
"document of the wrong type, root node != %s",
"ZoneList");
6008 for(cur = root->children; cur != NULL; cur = cur->next)
6010 if (xmlStrcmp( cur->name, (
const xmlChar *)
"Zone") == 0) {
6011 propChar = xmlGetProp(cur, (xmlChar *)
"name");
6012 printf(
"Found Zone: %s", propChar);
6018 printf(
" (zone not in database)");
6021 zone_ids[i] = temp_id;
6026 for(pol = cur->children; pol != NULL; pol = pol->next)
6028 if (xmlStrcmp( pol->name, (
const xmlChar *)
"Policy") == 0)
6030 polChar = xmlNodeGetContent(pol);
6031 printf(
"; on policy %s\n", polChar);
6050 xmlNodePtr policy_node;
6051 xmlNodePtr signatures_node;
6052 xmlNodePtr validity_node;
6053 xmlNodePtr denial_node;
6054 xmlNodePtr nsec_node;
6055 xmlNodePtr hash_node;
6056 xmlNodePtr salt_node;
6057 xmlNodePtr keys_node;
6058 xmlNodePtr ksk_node;
6059 xmlNodePtr ksk_alg_node;
6060 xmlNodePtr zsk_node;
6061 xmlNodePtr zsk_alg_node;
6062 xmlNodePtr zone_node;
6063 xmlNodePtr zone_soa_node;
6064 xmlNodePtr parent_node;
6065 xmlNodePtr parent_ds_node;
6066 xmlNodePtr parent_soa_node;
6070 root = xmlDocGetRootElement(doc);
6072 fprintf(stderr,
"empty document\n");
6075 if (xmlStrcmp(root->name, (
const xmlChar *)
"KASP")) {
6076 fprintf(stderr,
"document of the wrong type, root node != %s",
"KASP");
6080 policy_node = xmlNewTextChild(root, NULL, (
const xmlChar *)
"Policy", NULL);
6081 (void) xmlNewProp(policy_node, (
const xmlChar *)
"name", (
const xmlChar *)policy->
name);
6082 (void) xmlNewTextChild(policy_node, NULL, (
const xmlChar *)
"Description", (
const xmlChar *)policy->
description);
6085 signatures_node = xmlNewTextChild(policy_node, NULL, (
const xmlChar *)
"Signatures", NULL);
6087 (void) xmlNewTextChild(signatures_node, NULL, (
const xmlChar *)
"Resign", (
const xmlChar *)temp_time);
6089 (void) xmlNewTextChild(signatures_node, NULL, (
const xmlChar *)
"Refresh", (
const xmlChar *)temp_time);
6090 validity_node = xmlNewTextChild(signatures_node, NULL, (
const xmlChar *)
"Validity", NULL);
6092 (void) xmlNewTextChild(validity_node, NULL, (
const xmlChar *)
"Default", (
const xmlChar *)temp_time);
6094 (void) xmlNewTextChild(validity_node, NULL, (
const xmlChar *)
"Denial", (
const xmlChar *)temp_time);
6095 snprintf(temp_time, 32,
"PT%dS", policy->
signer->
jitter);
6096 (void) xmlNewTextChild(signatures_node, NULL, (
const xmlChar *)
"Jitter", (
const xmlChar *)temp_time);
6098 (void) xmlNewTextChild(signatures_node, NULL, (
const xmlChar *)
"InceptionOffset", (
const xmlChar *)temp_time);
6101 denial_node = xmlNewTextChild(policy_node, NULL, (
const xmlChar *)
"Denial", NULL);
6104 (void) xmlNewTextChild(denial_node, NULL, (
const xmlChar *)
"NSEC", NULL);
6108 nsec_node = xmlNewTextChild(denial_node, NULL, (
const xmlChar *)
"NSEC3", NULL);
6111 (void) xmlNewTextChild(nsec_node, NULL, (
const xmlChar *)
"OptOut", NULL);
6113 snprintf(temp_time, 32,
"PT%dS", policy->
denial->
resalt);
6114 (void) xmlNewTextChild(nsec_node, NULL, (
const xmlChar *)
"Resalt", (
const xmlChar *)temp_time);
6115 hash_node = xmlNewTextChild(nsec_node, NULL, (
const xmlChar *)
"Hash", NULL);
6117 (void) xmlNewTextChild(hash_node, NULL, (
const xmlChar *)
"Algorithm", (
const xmlChar *)temp_time);
6119 (void) xmlNewTextChild(hash_node, NULL, (
const xmlChar *)
"Iteration", (
const xmlChar *)temp_time);
6121 salt_node = xmlNewTextChild(hash_node, NULL, (
const xmlChar *)
"Salt", NULL);
6122 (void) xmlNewProp(salt_node, (
const xmlChar *)
"length", (
const xmlChar *)temp_time);
6126 keys_node = xmlNewTextChild(policy_node, NULL, (
const xmlChar *)
"Keys", NULL);
6127 snprintf(temp_time, 32,
"PT%dS", policy->
keys->
ttl);
6128 (void) xmlNewTextChild(keys_node, NULL, (
const xmlChar *)
"TTL", (
const xmlChar *)temp_time);
6130 (void) xmlNewTextChild(keys_node, NULL, (
const xmlChar *)
"RetireSafety", (
const xmlChar *)temp_time);
6132 (void) xmlNewTextChild(keys_node, NULL, (
const xmlChar *)
"PublishSafety", (
const xmlChar *)temp_time);
6135 (void) xmlNewTextChild(keys_node, NULL, (
const xmlChar *)
"ShareKeys", NULL);
6138 snprintf(temp_time, 32,
"PT%dS", policy->
keys->
purge);
6139 (void) xmlNewTextChild(keys_node, NULL, (
const xmlChar *)
"Purge", (
const xmlChar *)temp_time);
6143 ksk_node = xmlNewTextChild(keys_node, NULL, (
const xmlChar *)
"KSK", NULL);
6145 ksk_alg_node = xmlNewTextChild(ksk_node, NULL, (
const xmlChar *)
"Algorithm", (
const xmlChar *)temp_time);
6146 snprintf(temp_time, 32,
"%d", policy->
ksk->
bits);
6147 (void) xmlNewProp(ksk_alg_node, (
const xmlChar *)
"length", (
const xmlChar *)temp_time);
6148 snprintf(temp_time, 32,
"PT%dS", policy->
ksk->
lifetime);
6149 (void) xmlNewTextChild(ksk_node, NULL, (
const xmlChar *)
"Lifetime", (
const xmlChar *)temp_time);
6150 (void) xmlNewTextChild(ksk_node, NULL, (
const xmlChar *)
"Repository", (
const xmlChar *)policy->
ksk->
sm_name);
6152 (void) xmlNewTextChild(ksk_node, NULL, (
const xmlChar *)
"Standby", (
const xmlChar *)temp_time);
6155 (void) xmlNewTextChild(ksk_node, NULL, (
const xmlChar *)
"ManualRollover", NULL);
6159 (void) xmlNewTextChild(ksk_node, NULL, (
const xmlChar *)
"RFC5011", NULL);
6167 zsk_node = xmlNewTextChild(keys_node, NULL, (
const xmlChar *)
"ZSK", NULL);
6169 zsk_alg_node = xmlNewTextChild(zsk_node, NULL, (
const xmlChar *)
"Algorithm", (
const xmlChar *)temp_time);
6170 snprintf(temp_time, 32,
"%d", policy->
zsk->
bits);
6171 (void) xmlNewProp(zsk_alg_node, (
const xmlChar *)
"length", (
const xmlChar *)temp_time);
6172 snprintf(temp_time, 32,
"PT%dS", policy->
zsk->
lifetime);
6173 (void) xmlNewTextChild(zsk_node, NULL, (
const xmlChar *)
"Lifetime", (
const xmlChar *)temp_time);
6174 (void) xmlNewTextChild(zsk_node, NULL, (
const xmlChar *)
"Repository", (
const xmlChar *)policy->
zsk->
sm_name);
6176 (void) xmlNewTextChild(zsk_node, NULL, (
const xmlChar *)
"Standby", (
const xmlChar *)temp_time);
6179 (void) xmlNewTextChild(zsk_node, NULL, (
const xmlChar *)
"ManualRollover", NULL);
6183 zone_node = xmlNewTextChild(policy_node, NULL, (
const xmlChar *)
"Zone", NULL);
6185 (void) xmlNewTextChild(zone_node, NULL, (
const xmlChar *)
"PropagationDelay", (
const xmlChar *)temp_time);
6186 zone_soa_node = xmlNewTextChild(zone_node, NULL, (
const xmlChar *)
"SOA", NULL);
6187 snprintf(temp_time, 32,
"PT%dS", policy->
zone->
soa_ttl);
6188 (void) xmlNewTextChild(zone_soa_node, NULL, (
const xmlChar *)
"TTL", (
const xmlChar *)temp_time);
6189 snprintf(temp_time, 32,
"PT%dS", policy->
zone->
soa_min);
6190 (void) xmlNewTextChild(zone_soa_node, NULL, (
const xmlChar *)
"Minimum", (
const xmlChar *)temp_time);
6194 parent_node = xmlNewTextChild(policy_node, NULL, (
const xmlChar *)
"Parent", NULL);
6196 (void) xmlNewTextChild(parent_node, NULL, (
const xmlChar *)
"PropagationDelay", (
const xmlChar *)temp_time);
6197 parent_ds_node = xmlNewTextChild(parent_node, NULL, (
const xmlChar *)
"DS", NULL);
6198 snprintf(temp_time, 32,
"PT%dS", policy->
parent->
ds_ttl);
6199 (void) xmlNewTextChild(parent_ds_node, NULL, (
const xmlChar *)
"TTL", (
const xmlChar *)temp_time);
6200 parent_soa_node = xmlNewTextChild(parent_node, NULL, (
const xmlChar *)
"SOA", NULL);
6202 (void) xmlNewTextChild(parent_soa_node, NULL, (
const xmlChar *)
"TTL", (
const xmlChar *)temp_time);
6204 (void) xmlNewTextChild(parent_soa_node, NULL, (
const xmlChar *)
"Minimum", (
const xmlChar *)temp_time);
6207 if (strncmp(policy->
audit,
"NULL", 4) != 0) {
6208 (void) xmlNewChild(policy_node, NULL, (
const xmlChar *)
"Audit", NULL);
6218 const char *policy_name)
6224 doc = xmlParseFile(docname);
6226 fprintf(stderr,
"Document not parsed successfully. \n");
6229 root = xmlDocGetRootElement(doc);
6231 fprintf(stderr,
"empty document\n");
6235 if (xmlStrcmp(root->name, (
const xmlChar *)
"KASP")) {
6236 fprintf(stderr,
"document of the wrong type, root node != %s",
"KASP");
6243 for(cur = root->children; cur != NULL; cur = cur->next)
6246 if (xmlStrcmp( xmlGetProp(cur, (xmlChar *)
"name"), (
const xmlChar *) policy_name) == 0)
6250 cur = root->children;
6266 fprintf(stdout,
"KSK:");
6270 fprintf(stdout,
"ZSK:");
6272 fprintf(stdout,
" %s Retired\n", key_data->
location);
6284 fprintf(stderr,
"%s\n", format);
6311 char* temp_zone = NULL;
6314 char* temp_ready = NULL;
6315 char* temp_active = NULL;
6316 char* temp_retire = NULL;
6317 char* temp_dead = NULL;
6318 char* temp_loc = NULL;
6319 char* temp_hsm = NULL;
6323 hsm_key_t *key = NULL;
6324 ldns_rr *dnskey_rr = NULL;
6325 hsm_sign_params_t *sign_params = NULL;
6329 status = hsm_open(
config, hsm_prompt_pin, NULL);
6331 hsm_print_error(NULL);
6337 StrAppend(&sql,
"select z.name, k.keytype, k.state, k.ready, k.active, k.retire, k.dead, k.location, s.name, k.algorithm from securitymodules s, zones z, KEYDATA_VIEW k where z.id = k.zone_id and s.id = k.securitymodule_id and state != 6 and zone_id is not null ");
6338 if (zone_id != -1) {
6351 if (verbose_flag == 1) {
6352 printf(
"Zone: Keytype: State: Date of next transition: CKA_ID: Repository: Keytag:\n");
6355 printf(
"Zone: Keytype: State: Date of next transition:\n");
6357 while (status == 0) {
6360 DbInt(row, 1, &temp_type);
6361 DbInt(row, 2, &temp_state);
6368 DbInt(row, 9, &temp_alg);
6380 printf(
"%-31s %-13s %-9s %-26s", temp_zone, (temp_type ==
KSM_TYPE_KSK) ?
"KSK" :
"ZSK",
KsmKeywordStateValueToName(temp_state), (temp_retire == NULL) ?
"(not scheduled)" : temp_retire);
6392 printf(
"%-31s %-13s %-9s %-26s", temp_zone,
"KSK",
KsmKeywordStateValueToName(temp_state), (temp_ready == NULL) ?
"(not scheduled)" : temp_ready);
6400 printf(
"%-31s %-13s %-9s %-26s", temp_zone,
"KSK",
KsmKeywordStateValueToName(temp_state), (temp_active == NULL) ?
"(not scheduled)" : temp_active);
6404 if (done_row == 1 && verbose_flag == 1) {
6405 key = hsm_find_key_by_id(NULL, temp_loc);
6407 printf(
"%-33s %s NOT IN repository\n", temp_loc, temp_hsm);
6409 sign_params = hsm_sign_params_new();
6410 sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, temp_zone);
6411 sign_params->algorithm = temp_alg;
6412 sign_params->flags = LDNS_KEY_ZONE_KEY;
6414 sign_params->flags += LDNS_KEY_SEP_KEY;
6416 dnskey_rr = hsm_get_dnskey(NULL, key, sign_params);
6417 sign_params->keytag = ldns_calc_keytag(dnskey_rr);
6419 printf(
"%-33s %-33s %d\n", temp_loc, temp_hsm, sign_params->keytag);
6421 hsm_sign_params_free(sign_params);
6425 else if (done_row == 1) {
6452 if (dnskey_rr != NULL) {
6453 ldns_rr_free(dnskey_rr);
6491 char* temp_loc = NULL;
6494 int done_something = 0;
6497 hsm_key_t *key = NULL;
6499 if ((zone_id == -1 && policy_id == -1) ||
6500 (zone_id != -1 && policy_id != -1)){
6501 printf(
"Please provide either a zone OR a policy to key purge\n");
6507 status = hsm_open(
config, hsm_prompt_pin, NULL);
6509 hsm_print_error(NULL);
6514 StrAppend(&sql,
"select distinct id, location from KEYDATA_VIEW where state = 6 ");
6515 if (zone_id != -1) {
6520 if (policy_id != -1) {
6531 while (status == 0) {
6533 DbInt(row, 0, &temp_id);
6587 key = hsm_find_key_by_id(NULL, temp_loc);
6590 printf(
"Key not found: %s\n", temp_loc);
6596 status = hsm_remove_key(NULL, key);
6601 printf(
"Key remove successful.\n");
6603 printf(
"Key remove failed.\n");
6623 if (done_something == 0) {
6624 printf(
"No keys to purge.\n");
6642 hsm_ctx_t *ctx = NULL;
6647 hsm_key_t *key = NULL;
6648 char *hsm_error_message = NULL;
6650 int ksks_needed = 0;
6651 int zsks_needed = 0;
6652 int keys_in_queue = 0;
6654 unsigned int current_count = 0;
6660 int ksks_created = 0;
6664 FILE* lock_fd = NULL;
6669 printf(
"Failed to connect to database\n");
6675 if (policy == NULL) {
6676 printf(
"Malloc for policy struct failed\n");
6682 printf(
"Please provide a policy name with the --policy option\n");
6688 printf(
"Please provide an interval with the --interval option\n");
6701 printf(
"Error: unable to read policy %s from database\n",
o_policy);
6707 printf(
"Error: policy %s doesn't exist in database\n",
o_policy);
6714 printf(
"Key sharing is On\n");
6716 printf(
"Key sharing is Off\n");
6721 printf(
"Error: unable to convert Interval %s to seconds, error: ",
o_interval);
6724 printf(
"invalid interval-type.\n");
6727 printf(
"unable to translate string.\n");
6730 printf(
"interval too long to be an int. E.g. Maximum is ~68 years on a system with 32-bit integers.\n");
6733 printf(
"invalid pointers or text string NULL.\n");
6736 printf(
"unknown\n");
6742 else if (status == -1) {
6743 printf(
"Info: converting %s to seconds; M interpreted as 31 days, Y interpreted as 365 days\n",
o_interval);
6747 status = hsm_open(
config, hsm_prompt_pin, NULL);
6749 hsm_error_message = hsm_get_error(ctx);
6750 if (hsm_error_message) {
6751 printf(
"%s\n", hsm_error_message);
6752 free(hsm_error_message);
6758 printf(
"hsm_open() result: HSM error\n");
6760 case HSM_PIN_INCORRECT:
6761 printf(
"hsm_open() result: incorrect PIN\n");
6763 case HSM_CONFIG_FILE_ERROR:
6764 printf(
"hsm_open() result: config file error\n");
6766 case HSM_REPOSITORY_NOT_FOUND:
6767 printf(
"hsm_open() result: repository not found\n");
6769 case HSM_NO_REPOSITORIES:
6770 printf(
"hsm_open() result: no repositories\n");
6773 printf(
"hsm_open() result: %d", status);
6780 printf(
"HSM opened successfully.\n");
6781 ctx = hsm_create_context();
6786 if (rightnow == NULL) {
6787 printf(
"Couldn't turn \"now\" into a date, quitting...\n");
6808 if (zone_count == 0) {
6809 printf(
"No zones on policy %s, skipping...", policy->
name);
6812 hsm_destroy_context(ctx);
6819 printf(
"Could not count zones on policy %s", policy->
name);
6822 hsm_destroy_context(ctx);
6832 printf(
"Could not predict ksk requirement for next interval for %s\n", policy->
name);
6838 printf(
"Could not count current ksk numbers for policy %s\n", policy->
name);
6843 keys_in_queue /= zone_count;
6846 new_keys = ksks_needed - keys_in_queue;
6851 current_count = hsm_count_keys_repository(ctx, policy->
ksk->
sm_name);
6853 printf(
"Repository %s is full, cannot create more KSKs for policy %s\n", policy->
ksk->
sm_name, policy->
name);
6857 printf(
"Repository %s is nearly full, will create %lu KSKs for policy %s (reduced from %d)\n", policy->
ksk->
sm_name, policy->
ksk->
sm_capacity - current_count, policy->
name, new_keys);
6863 for (i=new_keys ; i > 0 ; i--){
6864 if (hsm_supported_algorithm(policy->
ksk->
algorithm) == 0) {
6869 printf(
"Created key in repository %s\n", policy->
ksk->
sm_name);
6872 printf(
"Error creating key in repository %s\n", policy->
ksk->
sm_name);
6873 hsm_error_message = hsm_get_error(ctx);
6874 if (hsm_error_message) {
6875 printf(
"%s\n", hsm_error_message);
6876 free(hsm_error_message);
6882 id = hsm_get_key_id(ctx, key);
6886 printf(
"Error creating key in Database\n");
6887 hsm_error_message = hsm_get_error(ctx);
6888 if (hsm_error_message) {
6889 printf(
"%s\n", hsm_error_message);
6890 free(hsm_error_message);
6896 printf(
"Created KSK size: %i, alg: %i with id: %s in repository: %s and database.\n", policy->
ksk->
bits,
6900 printf(
"Key algorithm %d unsupported by libhsm.\n", policy->
ksk->
algorithm);
6906 ksks_created = new_keys;
6916 printf(
"Could not predict zsk requirement for next interval for %s\n", policy->
name);
6922 printf(
"Could not count current zsk numbers for policy %s\n", policy->
name);
6927 keys_in_queue /= zone_count;
6931 keys_in_queue -= ksks_needed;
6934 new_keys = zsks_needed - keys_in_queue;
6939 current_count = hsm_count_keys_repository(ctx, policy->
zsk->
sm_name);
6941 printf(
"Repository %s is full, cannot create more ZSKs for policy %s\n", policy->
zsk->
sm_name, policy->
name);
6945 printf(
"Repository %s is nearly full, will create %lu ZSKs for policy %s (reduced from %d)\n", policy->
zsk->
sm_name, policy->
zsk->
sm_capacity - current_count, policy->
name, new_keys);
6951 for (i = new_keys ; i > 0 ; i--) {
6952 if (hsm_supported_algorithm(policy->
zsk->
algorithm) == 0) {
6957 printf(
"Created key in repository %s\n", policy->
zsk->
sm_name);
6960 printf(
"Error creating key in repository %s\n", policy->
zsk->
sm_name);
6961 hsm_error_message = hsm_get_error(ctx);
6962 if (hsm_error_message) {
6963 printf(
"%s\n", hsm_error_message);
6964 free(hsm_error_message);
6970 id = hsm_get_key_id(ctx, key);
6974 printf(
"Error creating key in Database\n");
6975 hsm_error_message = hsm_get_error(ctx);
6976 if (hsm_error_message) {
6977 printf(
"%s\n", hsm_error_message);
6978 free(hsm_error_message);
6984 printf(
"Created ZSK size: %i, alg: %i with id: %s in repository: %s and database.\n", policy->
zsk->
bits,
6988 printf(
"Key algorithm %d unsupported by libhsm.\n", policy->
zsk->
algorithm);
6998 printf(
"NOTE: keys generated in repository %s will not become active until they have been backed up\n", policy->
ksk->
sm_name);
7001 printf(
"NOTE: keys generated in repository %s will not become active until they have been backed up\n", policy->
zsk->
sm_name);
7008 hsm_destroy_context(ctx);
7010 status = hsm_close();
7011 printf(
"all done! hsm_close result: %d\n", status);
7025 struct stat stat_ret;
7029 xmlDocPtr doc = NULL;
7030 xmlDocPtr rngdoc = NULL;
7031 xmlXPathContextPtr xpathCtx = NULL;
7032 xmlXPathObjectPtr xpathObj = NULL;
7033 xmlRelaxNGParserCtxtPtr rngpctx = NULL;
7034 xmlRelaxNGValidCtxtPtr rngctx = NULL;
7035 xmlRelaxNGPtr schema = NULL;
7036 xmlChar *user_expr = (
unsigned char*)
"//Configuration/Enforcer/Privileges/User";
7037 xmlChar *group_expr = (
unsigned char*)
"//Configuration/Enforcer/Privileges/Group";
7039 char* filename = OPENDNSSEC_CONFIG_FILE;
7040 char* rngfilename = OPENDNSSEC_SCHEMA_DIR
"/conf.rng";
7041 char* temp_char = NULL;
7048 char *username = NULL;
7049 char *groupname = NULL;
7051 printf(
"fixing permissions on file %s\n", dbschema);
7053 if (geteuid() != 0) {
7058 if (stat(dbschema, &stat_ret) != 0) {
7059 printf(
"cannot stat file %s: %s", dbschema, strerror(errno));
7065 doc = xmlParseFile(filename);
7067 printf(
"Error: unable to parse file \"%s\"", filename);
7072 rngdoc = xmlParseFile(rngfilename);
7073 if (rngdoc == NULL) {
7074 printf(
"Error: unable to parse file \"%s\"", rngfilename);
7079 rngpctx = xmlRelaxNGNewDocParserCtxt(rngdoc);
7080 if (rngpctx == NULL) {
7081 printf(
"Error: unable to create XML RelaxNGs parser context");
7086 schema = xmlRelaxNGParse(rngpctx);
7087 if (schema == NULL) {
7088 printf(
"Error: unable to parse a schema definition resource");
7093 rngctx = xmlRelaxNGNewValidCtxt(schema);
7094 if (rngctx == NULL) {
7095 printf(
"Error: unable to create RelaxNGs validation context based on the schema");
7100 status = xmlRelaxNGValidateDoc(rngctx,doc);
7102 printf(
"Error validating file \"%s\"", filename);
7108 xpathCtx = xmlXPathNewContext(doc);
7109 if(xpathCtx == NULL) {
7110 printf(
"Error: unable to create new XPath context");
7116 xpathObj = xmlXPathEvalExpression(group_expr, xpathCtx);
7117 if(xpathObj == NULL) {
7118 printf(
"Error: unable to evaluate xpath expression: %s", group_expr);
7119 xmlXPathFreeContext(xpathCtx);
7123 if (xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
7124 temp_char = (
char*) xmlXPathCastToString(xpathObj);
7127 xmlXPathFreeObject(xpathObj);
7133 xpathObj = xmlXPathEvalExpression(user_expr, xpathCtx);
7134 if(xpathObj == NULL) {
7135 printf(
"Error: unable to evaluate xpath expression: %s", user_expr);
7136 xmlXPathFreeContext(xpathCtx);
7140 if (xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
7141 temp_char = (
char*) xmlXPathCastToString(xpathObj);
7144 xmlXPathFreeObject(xpathObj);
7150 xmlXPathFreeContext(xpathCtx);
7151 xmlRelaxNGFree(schema);
7152 xmlRelaxNGFreeValidCtxt(rngctx);
7153 xmlRelaxNGFreeParserCtxt(rngpctx);
7158 if (username != NULL) {
7160 if ((pwd = getpwnam(username)) == NULL) {
7161 printf(
"user '%s' does not exist. cannot chown %s...\n", username, dbschema);
7170 if ((grp = getgrnam(groupname)) == NULL) {
7171 printf(
"group '%s' does not exist. cannot chown %s...\n", groupname, dbschema);
7180 if (chown(dbschema, uid, gid) == -1) {
7181 printf(
"cannot chown(%u,%u) %s: %s",
7182 (
unsigned) uid, (
unsigned) gid, dbschema, strerror(errno));
7191 if (chown(temp_char, uid, gid) == -1) {
7192 printf(
"cannot chown(%u,%u) %s: %s",
7193 (
unsigned) uid, (
unsigned) gid, temp_char, strerror(errno));
7235 int CountKeys(
int *zone_id,
int keytag,
const char *cka_id,
int *key_count,
char **temp_cka_id,
int *temp_key_state,
int *temp_keypair_id)
7248 int temp_zone_id = 0;
7249 char* temp_loc = NULL;
7252 int temp_keypair = 0;
7257 hsm_key_t *key = NULL;
7258 ldns_rr *dnskey_rr = NULL;
7259 hsm_sign_params_t *sign_params = NULL;
7262 status = hsm_open(
config, hsm_prompt_pin, NULL);
7264 hsm_print_error(NULL);
7269 nchar = snprintf(buffer,
sizeof(buffer),
"(%d, %d, %d)",
7271 if (nchar >=
sizeof(buffer)) {
7272 printf(
"Error: Overran buffer in CountKeys\n");
7277 StrAppend(&sql,
"select k.zone_id, k.location, k.algorithm, k.state, k.id from KEYDATA_VIEW k where state in ");
7279 StrAppend(&sql,
" and zone_id is not null and k.keytype = 257");
7281 if (*zone_id != -1) {
7286 if (cka_id != NULL) {
7304 while (status == 0) {
7306 DbInt(row, 0, &temp_zone_id);
7308 DbInt(row, 2, &temp_alg);
7309 DbInt(row, 3, &temp_state);
7310 DbInt(row, 4, &temp_keypair);
7314 if (keytag == -1 && cka_id == NULL)
7316 *temp_key_state = temp_state;
7319 key = hsm_find_key_by_id(NULL, temp_loc);
7321 printf(
"cka_id %-33s in DB but NOT IN repository\n", temp_loc);
7322 }
else if (keytag != -1) {
7323 sign_params = hsm_sign_params_new();
7324 sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME,
"temp_zone");
7325 sign_params->algorithm = temp_alg;
7326 sign_params->flags = LDNS_KEY_ZONE_KEY;
7327 sign_params->flags += LDNS_KEY_SEP_KEY;
7329 dnskey_rr = hsm_get_dnskey(NULL, key, sign_params);
7330 sign_params->keytag = ldns_calc_keytag(dnskey_rr);
7333 if (keytag == sign_params->keytag) {
7336 *temp_cka_id = NULL;
7338 *zone_id = temp_zone_id;
7339 *temp_key_state = temp_state;
7340 *temp_keypair_id = temp_keypair;
7341 printf(
"Found key with CKA_ID %s\n", temp_loc);
7344 hsm_sign_params_free(sign_params);
7346 if (key && cka_id != NULL && strncmp(cka_id, temp_loc, strlen(temp_loc)) == 0) {
7348 if (done_row == 0) {
7350 *temp_cka_id = NULL;
7352 *zone_id = temp_zone_id;
7353 *temp_key_state = temp_state;
7354 *temp_keypair_id = temp_keypair;
7355 printf(
"Found key with CKA_ID %s\n", temp_loc);
7375 *key_count = temp_count;
7382 if (dnskey_rr != NULL) {
7383 ldns_rr_free(dnskey_rr);
7416 int MarkDSSeen(
int keypair_id,
int zone_id,
int policy_id,
const char *datetime,
int key_state)
7435 printf(
"Error: failed to read policy\n");
7456 nchar = snprintf(buffer,
sizeof(buffer),
7457 "DATE_ADD('%s', INTERVAL %d SECOND) ", datetime, deltat);
7459 nchar = snprintf(buffer,
sizeof(buffer),
7460 "DATETIME('%s', '+%d SECONDS') ", datetime, deltat);
7463 if (nchar >=
sizeof(buffer)) {
7465 printf(
"Error: failed to create SQL statement\n");
7487 nchar = snprintf(buffer,
sizeof(buffer),
7488 "DATE_ADD('%s', INTERVAL %d SECOND) ", datetime, deltat);
7490 nchar = snprintf(buffer,
sizeof(buffer),
7491 "DATETIME('%s', '+%d SECONDS') ", datetime, deltat);
7494 if (nchar >=
sizeof(buffer)) {
7496 printf(
"Error: failed to create SQL statement\n");
7558 char* where_clause = NULL;
7574 printf(
"Error: failed to read policy\n");
7590 StrAppend(&where_clause,
"select id from KEYDATA_VIEW where state = 4 and keytype = 257 and zone_id = ");
7592 StrAppend(&where_clause,
" and retire = (select min(retire) from KEYDATA_VIEW where state = 4 and keytype = 257 and zone_id = ");
7601 printf(
"Error: failed to find ID of key to retire\n");
7610 nchar = snprintf(buffer,
sizeof(buffer),
7611 "DATE_ADD('%s', INTERVAL %d SECOND) ", datetime, deltat);
7613 nchar = snprintf(buffer,
sizeof(buffer),
7614 "DATETIME('%s', '+%d SECONDS') ", datetime, deltat);
7617 if (nchar >=
sizeof(buffer)) {
7619 printf(
"Error: failed to create SQL statement\n");
7687 if (zone_id != -1) {
7696 printf(
"Error in CountKeysInState\n");
7733 int ChangeKeyState(
int keytype,
const char *cka_id,
int zone_id,
int policy_id,
const char *datetime,
int keystate)
7762 printf(
"Error: failed to read policy\n");
7770 if (zone_id != -1) {
7789 keyids =
MemMalloc(count *
sizeof(
int));
7796 if (zone_id != -1) {
7805 while (status == 0) {
7806 status =
KsmKey(result, &data);
7837 for (j = 0; j < i; ++j) {
7841 snprintf(buffer,
sizeof(buffer),
"%d", keyids[j]);
7864 nchar = snprintf(buffer,
sizeof(buffer),
7865 "DATE_ADD('%s', INTERVAL %d SECOND) ", datetime, deltat);
7867 nchar = snprintf(buffer,
sizeof(buffer),
7868 "DATETIME('%s', '+%d SECONDS') ", datetime, deltat);
7871 if (nchar >=
sizeof(buffer)) {
7873 printf(
"Error: failed to create SQL statement\n");
7884 if (zone_id != -1) {
7902 nchar = snprintf(buffer,
sizeof(buffer),
7903 "DATE_ADD('%s', INTERVAL %d SECOND) ", datetime, deltat);
7905 nchar = snprintf(buffer,
sizeof(buffer),
7906 "DATETIME('%s', '+%d SECONDS') ", datetime, deltat);
7909 if (nchar >=
sizeof(buffer)) {
7911 printf(
"Error: failed to create SQL statement\n");
7922 if (zone_id != -1) {
7933 nchar = snprintf(buffer,
sizeof(buffer),
7934 "DATE_ADD('%s', INTERVAL %d SECOND) ", datetime, deltat);
7936 nchar = snprintf(buffer,
sizeof(buffer),
7937 "DATETIME('%s', '+%d SECONDS') ", datetime, deltat);
7940 if (nchar >=
sizeof(buffer)) {
7942 printf(
"Error: failed to create SQL statement\n");
7953 if (zone_id != -1) {
7988 static int restart_enforcerd()
7992 return system(ODS_EN_NOTIFY);
8004 xmlDocPtr doc = NULL;
8005 xmlXPathContextPtr xpathCtx = NULL;
8006 xmlXPathObjectPtr xpathObj = NULL;
8007 char* temp_char = NULL;
8009 xmlChar *iv_expr = (
unsigned char*)
"//Configuration/Enforcer/Interval";
8010 xmlChar *mk_expr = (
unsigned char*)
"//Configuration/Enforcer/ManualKeyGeneration";
8013 doc = xmlParseFile(
config);
8015 printf(
"Error: unable to parse file \"%s\"\n",
config);
8020 xpathCtx = xmlXPathNewContext(doc);
8021 if(xpathCtx == NULL) {
8022 printf(
"Error: unable to create new XPath context\n");
8028 xpathObj = xmlXPathEvalExpression(iv_expr, xpathCtx);
8029 if(xpathObj == NULL) {
8030 printf(
"Error: unable to evaluate xpath expression: %s", iv_expr);
8031 xmlXPathFreeContext(xpathCtx);
8036 temp_char = (
char *)xmlXPathCastToString(xpathObj);
8039 printf(
"Error: unable to convert Interval %s to seconds, error: %i\n", temp_char, status);
8043 else if (status == -1) {
8044 printf(
"Info: converting %s to seconds; M interpreted as 31 days, Y interpreted as 365 days\n", temp_char);
8048 xmlXPathFreeObject(xpathObj);
8051 xpathObj = xmlXPathEvalExpression(mk_expr, xpathCtx);
8052 if(xpathObj == NULL) {
8053 printf(
"Error: unable to evaluate xpath expression: %s\n", mk_expr);
8054 xmlXPathFreeContext(xpathCtx);
8059 if (xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
8067 xmlXPathFreeObject(xpathObj);
8070 xmlXPathFreeContext(xpathCtx);
8110 int man_key_gen = -1;
8121 printf(
"Failed to Link Keys to zone\n");
8131 if (policy == NULL) {
8132 printf(
"Malloc for policy struct failed\n");
8142 printf(
"Error: unable to read policy %s from database\n",
o_policy);
8147 printf(
"Error: policy %s doesn't exist in database\n",
o_policy);
8155 printf(
"Error allocating zsks to zone %s", zone_name);
8161 printf(
"Error allocating ksks to zone %s", zone_name);
8203 int keys_needed = 0;
8204 int keys_in_queue = 0;
8205 int keys_pending_retirement = 0;
8207 int key_pair_id = 0;
8214 if (datetime == NULL) {
8215 printf(
"Couldn't turn \"now\" into a date, quitting...");
8219 if (policy == NULL) {
8220 printf(
"NULL policy sent to allocateKeysToZone");
8226 printf(
"Unknown keytype: %i in allocateKeysToZone", key_type);
8240 status =
KsmKeyPredict(policy->
id, key_type, 1, interval, &keys_needed, rollover_scheme, 1);
8242 printf(
"Could not predict key requirement for next interval for %s", zone_name);
8250 printf(
"Could not count current key numbers for zone %s", zone_name);
8258 printf(
"Could not count keys which may retire before the next run (for zone %s)", zone_name);
8264 new_keys = keys_needed - (keys_in_queue - keys_pending_retirement);
8269 for (i=0 ; i < new_keys ; i++){
8273 if (status == -1 || key_pair_id == 0) {
8274 if (man_key_gen == 0) {
8275 printf(
"Not enough keys to satisfy ksk policy for zone: %s", zone_name);
8276 printf(
"ods-enforcerd will create some more keys on its next run");
8279 printf(
"Not enough keys to satisfy ksk policy for zone: %s", zone_name);
8280 printf(
"please use \"ods-ksmutil key generate\" to create some more keys.");
8284 else if (status != 0) {
8285 printf(
"Could not get an unallocated ksk for zone: %s", zone_name);
8290 if (status == -1 || key_pair_id == 0) {
8291 if (man_key_gen == 0) {
8292 printf(
"Not enough keys to satisfy zsk policy for zone: %s", zone_name);
8293 printf(
"ods-enforcerd will create some more keys on its next run");
8296 printf(
"Not enough keys to satisfy zsk policy for zone: %s", zone_name);
8297 printf(
"please use \"ods-ksmutil key generate\" to create some more keys.");
8301 else if (status != 0) {
8302 printf(
"Could not get an unallocated zsk for zone: %s", zone_name);
8306 if(key_pair_id > 0) {
8311 printf(
"KsmKeyGetUnallocated returned bad key_id %d for zone: %s; exiting...", key_pair_id, zone_name);
8339 int keyRoll(
int zone_id,
int policy_id,
int key_type)
8352 int temp_zone_id = -1;
8358 char* insql1 = NULL;
8359 char* insql2 = NULL;
8365 if (datetime == NULL) {
8366 printf(
"Couldn't turn \"now\" into a date, quitting...\n");
8374 if (zone_id != -1) {
8377 if (policy_id != -1) {
8381 if (key_type != -1) {
8390 while (status == 0) {
8392 DbInt(row, 0, &temp_id);
8393 DbInt(row, 1, &temp_type);
8397 DusSetInt(&sql1,
"compromisedflag", 1, 1);
8458 size = snprintf(sql2,
KSM_SQL_SIZE,
"select zone_id from dnsseckeys where retire = \"%s\" and keypair_id = %d", datetime, temp_id);
8462 while (status == 0) {
8464 DbInt(row2, 0, &temp_zone_id);
8469 snprintf(buffer,
sizeof(buffer),
"%d", temp_zone_id);
8492 while (status == 0) {
8494 DbInt(row2, 0, &temp_zone_id);
8499 snprintf(buffer,
sizeof(buffer),
"%d", temp_zone_id);
8521 printf(
"Couldn't construct SQL to promote standby key\n");
8584 else if (status == -1) {}
8599 xmlNodePtr zone_node;
8600 xmlNodePtr adapters_node;
8601 xmlNodePtr input_node;
8602 xmlNodePtr output_node;
8604 root = xmlDocGetRootElement(doc);
8606 fprintf(stderr,
"empty document\n");
8609 if (xmlStrcmp(root->name, (
const xmlChar *)
"ZoneList")) {
8610 fprintf(stderr,
"document of the wrong type, root node != %s",
"ZoneList");
8614 zone_node = xmlNewTextChild(root, NULL, (
const xmlChar *)
"Zone", NULL);
8615 (void) xmlNewProp(zone_node, (
const xmlChar *)
"name", (
const xmlChar *)zone->
name);
8618 (void) xmlNewTextChild(zone_node, NULL, (
const xmlChar *)
"Policy", (
const xmlChar *)zone->
policy_name);
8621 (void) xmlNewTextChild(zone_node, NULL, (
const xmlChar *)
"SignerConfiguration", (
const xmlChar *)zone->
signconf);
8624 adapters_node = xmlNewTextChild(zone_node, NULL, (
const xmlChar *)
"Adapters", NULL);
8626 input_node = xmlNewTextChild(adapters_node, NULL, (
const xmlChar *)
"Input", NULL);
8627 (void) xmlNewTextChild(input_node, NULL, (
const xmlChar *)
"File", (
const xmlChar *)zone->
input);
8629 output_node = xmlNewTextChild(adapters_node, NULL, (
const xmlChar *)
"Output", NULL);
8630 (void) xmlNewTextChild(output_node, NULL, (
const xmlChar *)
"File", (
const xmlChar *)zone->
output);
8641 size_t len = strlen(
string);
8644 for (i = 0; i < len; ++i) {
8645 if (
string[i] ==
'\'') {
8650 buffer[j++] =
string[i];
8654 return ( (j <= buflen) ? 0 : 1);
8659 char* signconf = NULL;
8660 char* moved_signconf = NULL;
8661 char* zone_name = NULL;
8665 xmlDocPtr doc = NULL;
8667 xmlXPathContextPtr xpathCtx = NULL;
8668 xmlXPathObjectPtr xpathObj = NULL;
8670 xmlChar *node_expr = (
unsigned char*)
"//Zone";
8672 doc = xmlParseFile(zonelist_filename);
8674 printf(
"Error: unable to parse file \"%s\"\n", zonelist_filename);
8678 xpathCtx = xmlXPathNewContext(doc);
8679 if(xpathCtx == NULL) {
8685 xpathObj = xmlXPathEvalExpression(node_expr, xpathCtx);
8686 if(xpathObj == NULL) {
8687 xmlXPathFreeContext(xpathCtx);
8692 if (xpathObj->nodesetval) {
8693 for (i = 0; i < xpathObj->nodesetval->nodeNr; i++) {
8695 curNode = xpathObj->nodesetval->nodeTab[i]->xmlChildrenNode;
8696 zone_name = (
char *) xmlGetProp(xpathObj->nodesetval->nodeTab[i], (
const xmlChar *)
"name");
8698 if (all_flag || (strlen(zone_name) == strlen(o_zone) &&
8699 strncmp(zone_name, o_zone, strlen(zone_name)) == 0)) {
8703 if (xmlStrEqual(curNode->name, (
const xmlChar *)
"SignerConfiguration")) {
8704 StrAppend(&signconf, (
char *) xmlNodeGetContent(curNode));
8706 StrAppend(&moved_signconf,
".ZONE_DELETED");
8708 status = rename(signconf, moved_signconf);
8709 if (status != 0 && errno != ENOENT)
8712 printf(
"Could not rename: %s -> %s", signconf, moved_signconf);
8723 curNode = curNode->next;