41 static const char* sc_str =
"signconf";
54 ods_log_error(
"[%s] unable to create signconf: allocator_create() "
60 ods_log_error(
"[%s] unable to create signconf: allocator_alloc() "
101 const char* rngfile = ODS_SE_RNGDIR
"/signconf.rng";
105 if (!scfile || !signconf) {
111 ods_log_error(
"[%s] unable to read signconf: parse error in "
125 if (signconf->
nsec_type == LDNS_RR_TYPE_NSEC3) {
136 "nsec3params_create() failed", sc_str, scfile);
150 ods_log_error(
"[%s] unable to read signconf: failed to open file %s",
162 time_t last_modified)
168 if (!scfile || !signconf) {
173 if (st_mtime <= last_modified) {
179 ods_log_error(
"[%s] unable to update signconf: signconf_create() "
183 status = signconf_read(new_sc, scfile);
187 ods_log_error(
"[%s] unable to update signconf: signconf %s has "
188 "errors", sc_str, scfile);
194 ods_log_error(
"[%s] unable to update signconf: failed to read file "
207 signconf_backup_duration(FILE* fd,
const char* opt,
duration_type* duration)
210 fprintf(fd,
"%s %s ", opt, str);
227 fprintf(fd,
";;Signconf: lastmod %u ", (
unsigned) sc->
last_modified);
228 if (strcmp(version, ODS_SE_FILE_MAGIC_V2) &&
229 strcmp(version, ODS_SE_FILE_MAGIC_V1)) {
231 fprintf(fd,
"maxzonettl 0 ");
237 signconf_backup_duration(fd,
"jitter", sc->
sig_jitter);
239 fprintf(fd,
"nsec %u ", (
unsigned) sc->
nsec_type);
240 signconf_backup_duration(fd,
"dnskeyttl", sc->
dnskey_ttl);
241 signconf_backup_duration(fd,
"soattl", sc->
soa_ttl);
242 signconf_backup_duration(fd,
"soamin", sc->
soa_min);
244 if (strcmp(version, ODS_SE_FILE_MAGIC_V2) == 0) {
245 fprintf(fd,
"audit 0");
257 signconf_soa_serial_check(
const char* serial) {
262 if (strlen(serial) == 4 && strncmp(serial,
"keep", 4) == 0) {
265 if (strlen(serial) == 7 && strncmp(serial,
"counter", 7) == 0) {
268 if (strlen(serial) == 8 && strncmp(serial,
"unixtime", 8) == 0) {
271 if (strlen(serial) == 11 && strncmp(serial,
"datecounter", 11) == 0) {
288 ods_log_error(
"[%s] check failed: no signature resign interval found",
293 ods_log_error(
"[%s] check failed: no signature resign interval found",
298 ods_log_error(
"[%s] check failed: no signature default validity found",
303 ods_log_error(
"[%s] check failed: no signature denial validity found",
308 ods_log_error(
"[%s] check failed: no signature jitter found", sc_str);
312 ods_log_error(
"[%s] check failed: no signature inception offset found",
316 if (sc->
nsec_type == LDNS_RR_TYPE_NSEC3) {
325 }
else if (sc->
nsec_type != LDNS_RR_TYPE_NSEC) {
326 ods_log_error(
"[%s] check failed: wrong nsec type %i", sc_str,
335 ods_log_error(
"[%s] check failed: no dnskey ttl found", sc_str);
339 ods_log_error(
"[%s] check failed: no soa ttl found", sc_str);
343 ods_log_error(
"[%s] check failed: no soa minimum found", sc_str);
347 ods_log_error(
"[%s] check failed: no soa serial type found", sc_str);
349 }
else if (signconf_soa_serial_check(sc->
soa_serial) != 0) {
350 ods_log_error(
"[%s] check failed: wrong soa serial type %s", sc_str,
376 }
else if (a->
nsec_type == LDNS_RR_TYPE_NSEC3) {
398 fprintf(out,
"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n");
400 fprintf(out,
"<SignerConfiguration>\n");
401 fprintf(out,
"\t<Zone name=\"%s\">\n", name?name:
"(null)");
403 fprintf(out,
"\t\t<Signatures>\n");
405 fprintf(out,
"\t\t\t<Resign>%s</Resign>\n", s?s:
"(null)");
408 fprintf(out,
"\t\t\t<Refresh>%s</Refresh>\n", s?s:
"(null)");
410 fprintf(out,
"\t\t\t<Validity>\n");
412 fprintf(out,
"\t\t\t\t<Default>%s</Default>\n", s?s:
"(null)");
415 fprintf(out,
"\t\t\t\t<Denial>%s</Denial>\n", s?s:
"(null)");
417 fprintf(out,
"\t\t\t</Validity>\n");
419 fprintf(out,
"\t\t\t<Jitter>%s</Jitter>\n", s?s:
"(null)");
422 fprintf(out,
"\t\t\t<InceptionOffset>%s</InceptionOffset>\n",
425 fprintf(out,
"\t\t</Signatures>\n");
428 fprintf(out,
"\t\t<Denial>\n");
429 if (sc->
nsec_type == LDNS_RR_TYPE_NSEC) {
430 fprintf(out,
"\t\t\t<NSEC />\n");
431 }
else if (sc->
nsec_type == LDNS_RR_TYPE_NSEC3) {
432 fprintf(out,
"\t\t\t<NSEC3>\n");
434 fprintf(out,
"\t\t\t\t<OptOut />\n");
436 fprintf(out,
"\t\t\t\t<Hash>\n");
437 fprintf(out,
"\t\t\t\t\t<Algorithm>%i</Algorithm>\n",
439 fprintf(out,
"\t\t\t\t\t<Iterations>%i</Iterations>\n",
441 fprintf(out,
"\t\t\t\t\t<Salt>%s</Salt>\n",
443 fprintf(out,
"\t\t\t\t</Hash>\n");
444 fprintf(out,
"\t\t\t</NSEC3>\n");
446 fprintf(out,
"\t\t</Denial>\n");
449 fprintf(out,
"\t\t<Keys>\n");
451 fprintf(out,
"\t\t\t<TTL>%s</TTL>\n", s?s:
"(null)");
455 fprintf(out,
"\t\t</Keys>\n");
458 fprintf(out,
"\t\t<SOA>\n");
460 fprintf(out,
"\t\t\t<TTL>%s</TTL>\n", s?s:
"(null)");
463 fprintf(out,
"\t\t\t<Minimum>%s</Minimum>\n", s?s:
"(null)");
465 fprintf(out,
"\t\t\t<Serial>%s</Serial>\n",
467 fprintf(out,
"\t\t</SOA>\n");
469 fprintf(out,
"\t</Zone>\n");
470 fprintf(out,
"</SignerConfiguration>\n");
484 char* refresh = NULL;
485 char* validity = NULL;
489 char* dnskeyttl = NULL;
504 ods_log_info(
"[%s] zone %s signconf: RESIGN[%s] REFRESH[%s] "
505 "VALIDITY[%s] DENIAL[%s] JITTER[%s] OFFSET[%s] NSEC[%i] "
506 "DNSKEYTTL[%s] SOATTL[%s] MINIMUM[%s] SERIAL[%s]",
507 sc_str, name?name:
"(null)", resign?resign:
"(null)",
508 refresh?refresh:
"(null)", validity?validity:
"(null)",
509 denial?denial:
"(null)", jitter?jitter:
"(null)",
510 offset?offset:
"(null)", (
int) sc->
nsec_type,
511 dnskeyttl?dnskeyttl:
"(null)", soattl?soattl:
"(null)",
514 if (sc->
nsec_type == LDNS_RR_TYPE_NSEC3) {
515 ods_log_debug(
"[%s] zone %s nsec3: OPTOUT[%i] ALGORITHM[%u] "
516 "ITERATIONS[%u] SALT[%s]", sc_str, name, sc->
nsec3_optout,
524 free((
void*)refresh);
525 free((
void*)validity);
529 free((
void*)dnskeyttl);
signconf_type * signconf_create(void)
void keylist_cleanup(keylist_type *kl)
duration_type * parse_sc_sig_validity_default(const char *cfgfile)
uint32_t nsec3_iterations
duration_type * parse_sc_sig_validity_denial(const char *cfgfile)
duration_type * sig_inception_offset
task_id signconf_compare_denial(signconf_type *a, signconf_type *b)
uint32_t parse_sc_nsec3_algorithm(const char *cfgfile)
void signconf_backup(FILE *fd, signconf_type *sc, const char *version)
void keylist_log(keylist_type *kl, const char *name)
void ods_log_debug(const char *format,...)
duration_type * parse_sc_soa_ttl(const char *cfgfile)
ods_status signconf_check(signconf_type *sc)
void * allocator_alloc(allocator_type *allocator, size_t size)
duration_type * sig_validity_default
void signconf_cleanup(signconf_type *sc)
duration_type * sig_validity_denial
void ods_log_info(const char *format,...)
enum ods_enum_status ods_status
const char * parse_sc_soa_serial(allocator_type *allocator, const char *cfgfile)
ods_status parse_file_check(const char *cfgfile, const char *rngfile)
time_t ods_file_lastmodified(const char *file)
void ods_log_error(const char *format,...)
duration_type * parse_sc_sig_inception_offset(const char *cfgfile)
const char * ods_status2str(ods_status status)
void keylist_print(FILE *fd, keylist_type *kl)
int ods_strcmp(const char *s1, const char *s2)
void duration_cleanup(duration_type *duration)
void signconf_print(FILE *out, signconf_type *sc, const char *name)
enum task_id_enum task_id
FILE * ods_fopen(const char *file, const char *dir, const char *mode)
const char * parse_sc_nsec3_salt(allocator_type *allocator, const char *cfgfile)
duration_type * parse_sc_dnskey_ttl(const char *cfgfile)
duration_type * parse_sc_sig_jitter(const char *cfgfile)
nsec3params_type * nsec3params_create(void *sc, uint8_t algo, uint8_t flags, uint16_t iter, const char *salt)
duration_type * sig_refresh_interval
allocator_type * allocator_create(void *(*allocator)(size_t size), void(*deallocator)(void *))
char * allocator_strdup(allocator_type *allocator, const char *string)
char * duration2string(duration_type *duration)
duration_type * parse_sc_sig_refresh_interval(const char *cfgfile)
int parse_sc_nsec3_optout(const char *cfgfile)
duration_type * parse_sc_soa_min(const char *cfgfile)
int duration_compare(duration_type *d1, duration_type *d2)
nsec3params_type * nsec3params
void ods_fclose(FILE *fd)
allocator_type * allocator
keylist_type * parse_sc_keys(void *sc, const char *cfgfile)
void allocator_cleanup(allocator_type *allocator)
duration_type * dnskey_ttl
void signconf_log(signconf_type *sc, const char *name)
duration_type * sig_jitter
duration_type * sig_resign_interval
ldns_rr_type parse_sc_nsec_type(const char *cfgfile)
void allocator_deallocate(allocator_type *allocator, void *data)
void nsec3params_cleanup(nsec3params_type *nsec3params)
#define ods_log_assert(x)
duration_type * parse_sc_sig_resign_interval(const char *cfgfile)
uint32_t parse_sc_nsec3_iterations(const char *cfgfile)
ods_status signconf_update(signconf_type **signconf, const char *scfile, time_t last_modified)