60 #include <libhsmdns.h>
61 #include <ldns/ldns.h>
63 #include <libxml/tree.h>
64 #include <libxml/parser.h>
65 #include <libxml/xpointer.h>
66 #include <libxml/xpath.h>
67 #include <libxml/xpathInternals.h>
68 #include <libxml/relaxng.h>
69 #include <libxml/xmlreader.h>
70 #include <libxml/xmlsave.h>
72 #define MAX(a, b) ((a) > (b) ? (a) : (b))
76 #define DURATION_TYPE 1
80 #define ROLLOVER_TYPE 5
81 #define INT_TYPE_NO_FREE 6
84 # define MAXPATHLEN 4096
89 #define DEFAULT_LOG_FACILITY LOG_DAEMON
91 #define DEFAULT_LOG_FACILITY LOG_USER
97 char *
config = (
char *) OPENDNSSEC_CONFIG_FILE;
117 static int all_flag = 0;
118 static int auto_accept_flag = 0;
119 static int ds_flag = 0;
120 static int retire_flag = 1;
121 static int notify_flag = 1;
122 static int verbose_flag = 0;
123 static int xml_flag = 1;
124 static int td_flag = 0;
125 static int force_flag = 0;
126 static int hsm_flag = 1;
127 static int check_repository_flag = 0;
129 static int restart_enforcerd(
void);
136 #if defined(HAVE_SYSLOG_R) && defined(HAVE_OPENLOG_R) && defined(HAVE_CLOSELOG_R)
137 struct syslog_data sdata = SYSLOG_DATA_INIT;
140 #undef HAVE_OPENLOG_R
141 #undef HAVE_CLOSELOG_R
149 " --version aka -V\n");
157 "\tImport config into a database (deletes current contents)\n");
164 " start|stop|notify\n"
165 "\tStart, stop or SIGHUP the ods-enforcerd\n");
176 "\tUpdate database from config\n");
184 "\t--zone <zone> aka -z\n"
185 "\t[--policy <policy>] aka -p\n"
186 "\t[--signerconf <signerconf.xml>] aka -s\n"
187 "\t[--input <input>] aka -i\n"
188 "\t[--in-type <input type>] aka -j\n"
189 "\t[--output <output>] aka -o\n"
190 "\t[--out-type <output type>] aka -q\n"
191 "\t[--no-xml] aka -m\n");
199 "\t--zone <zone> | --all aka -z / -a\n"
200 "\t[--no-xml] aka -m\n");
214 "usage: %s [-c <config> | --config <config>] zone \n\n",
225 " repository list\n");
233 "\t--policy [policy_name] | --all aka -p / -a\n");
261 "usage: %s [-c <config> | --config <config>] \n\n",
274 "\t[--verbose] aka -v\n"
275 "\t[--zone <zone>] aka -z\n"
276 "\t[--keystate <state>| --all] aka -e / -a\n"
277 "\t[--keytype <type>] aka -t\n"
286 "\t--zone <zone> | --all aka -z / -a\n"
287 "\t[--keystate <state>] aka -e\n"
288 "\t[--keytype <type>] aka -t\n"
289 "\t[--ds] aka -d\n");
297 "\t--cka_id <CKA_ID> aka -k\n"
298 "\t--repository <repository> aka -r\n"
299 "\t--zone <zone> aka -z\n"
300 "\t--bits <size> aka -b\n"
301 "\t--algorithm <algorithm> aka -g\n"
302 "\t--keystate <state> aka -e\n"
303 "\t--keytype <type> aka -t\n"
304 "\t--time <time> aka -w\n"
305 "\t[--check-repository] aka -C\n"
306 "\t[--retire <retire>] aka -y\n");
314 "\t--zone zone aka -z\n"
315 "\t--keytype <type> | --all aka -t / -a\n"
317 "\t--policy policy aka -p\n"
318 "\t--keytype <type> | --all aka -t / -a\n");
326 "\t--zone <zone> aka -z\n"
328 "\t--policy <policy> aka -p\n");
336 "\t--policy <policy> aka -p\n"
337 "\t--interval <interval> aka -n\n"
338 "\t[--zonetotal <total no. of zones>] aka -Z\n"
339 "\t--auto-accept aka -A\n");
347 "\t--zone <zone> aka -z\n"
348 "\t--keytag <keytag> | --cka_id <CKA_ID> aka -x / -k\n");
357 "\t--zone <zone> aka -z\n"
358 "\t--keytag <keytag> | --cka_id <CKA_ID> aka -x / -k\n"
359 "\t[--no-notify|-l] aka -l\n"
360 "\t[--no-retire|-f] aka -f\n");
368 "\t--cka_id <CKA_ID> aka -k\n"
376 "usage: %s [-c <config> | --config <config>] \n\n",
394 "\t--repository <repository> aka -r\n"
396 "\t--repository <repository> aka -r\n"
398 "\t--repository <repository> aka -r\n"
400 "\t--repository <repository> aka -r\n"
402 "\t--repository <repository> aka -r\n"
404 "\t[NOTE: backup done is deprecated]\n");
412 "\t[--zone <zone>]\n");
420 "\t[--output <output>] aka -o\n");
428 " zonelist import\n");
435 "usage: %s [-c <config> | --config <config>] command [options]\n\n",
470 "\n\tAllowed date/time strings are of the form:\n"
472 "\tYYYYMMDD[HH[MM[SS]]] (all numeric)\n"
474 "\tor D-MMM-YYYY[:| ]HH[:MM[:SS]] (alphabetic month)\n"
475 "\tor DD-MMM-YYYY[:| ]HH[:MM[:SS]] (alphabetic month)\n"
476 "\tor YYYY-MMM-DD[:| ]HH[:MM[:SS]] (alphabetic month)\n"
478 "\tD-MM-YYYY[:| ]HH[:MM[:SS]] (numeric month)\n"
479 "\tDD-MM-YYYY[:| ]HH[:MM[:SS]] (numeric month)\n"
480 "\tor YYYY-MM-DD[:| ]HH[:MM[:SS]] (numeric month)\n"
482 "\t... and the distinction between them is given by the location of the\n"
490 "key states: GENERATE|PUBLISH|READY|ACTIVE|RETIRE|DEAD\n");
497 "key types: KSK|ZSK\n");
507 exist_file(
const char* filename) {
509 FILE *file = fopen(filename,
"r");
524 FILE* lock_fd = NULL;
525 char* zone_list_filename;
530 char *dbschema = NULL;
534 char *password = NULL;
539 char* setup_command = NULL;
540 char* lock_filename = NULL;
543 printf(
"*WARNING* This will erase all data in the database; are you sure? [y/N] ");
545 user_certain = getchar();
546 if (user_certain !=
'y' && user_certain !=
'Y') {
547 printf(
"Okay, quitting...\n");
554 status =
get_db_details(&dbschema, &host, &port, &user, &password);
573 lock_fd = fopen(lock_filename,
"w");
576 printf(
"Error getting db lock\n");
577 if (lock_fd != NULL) {
598 if (system(setup_command) != 0)
600 printf(
"Could not call db setup command:\n\t%s\n", setup_command);
616 printf(
"Couldn't fix permissions on file %s\n", dbschema);
617 printf(
"Will coninue with setup, but you may need to manually change ownership\n");
626 printf(
"Failed to connect to database, username too long.\n");
637 if (password != NULL) {
640 printf(
"Failed to connect to database, password too long.\n");
663 if (password != NULL) {
665 StrAppend(&setup_command, quoted_password);
673 if (system(setup_command) != 0)
675 printf(
"Could not call db setup command:\n\t%s\n", setup_command);
688 status =
DbConnect(&dbhandle, dbschema, host, password, user, port);
690 printf(
"Failed to connect to database\n");
713 printf(
"Failed to read conf.xml\n");
724 printf(
"Failed to update repositories\n");
737 printf(
"Failed to update policies\n");
738 printf(
"SETUP FAILED\n");
754 printf(
"Failed to update zones\n");
777 FILE* lock_fd = NULL;
778 char* zone_list_filename = NULL;
779 char* kasp_filename = NULL;
781 int done_something = 0;
786 printf(
"Failed to connect to database\n");
795 if (strncmp(qualifier,
"ZONELIST", 8) == 0 ||
796 strncmp(qualifier,
"KASP", 4) == 0 ||
797 strncmp(qualifier,
"ALL", 3) == 0) {
800 printf(
"Failed to read conf.xml\n");
810 if (strncmp(qualifier,
"CONF", 4) == 0 ||
811 strncmp(qualifier,
"ALL", 3) == 0) {
814 printf(
"Failed to update repositories\n");
816 if (strncmp(qualifier,
"ALL", 3) == 0) {
829 if (strncmp(qualifier,
"KASP", 4) == 0 ||
830 strncmp(qualifier,
"ALL", 3) == 0) {
833 printf(
"Failed to update policies\n");
846 if (strncmp(qualifier,
"ZONELIST", 8) == 0 ||
847 strncmp(qualifier,
"ALL", 3) == 0) {
850 printf(
"Failed to update zones\n");
862 if (done_something == 0) {
863 printf(
"Unrecognised command update %s. Please specify one of:\n", qualifier);
867 if (restart_enforcerd() != 0)
869 fprintf(stderr,
"Could not HUP ods-enforcerd\n");
878 if (kasp_filename != NULL) {
881 if (zone_list_filename != NULL) {
900 FILE* lock_fd = NULL;
901 char* zonelist_filename = NULL;
902 char* backup_filename = NULL;
904 char* sig_conf_name = NULL;
905 char* input_name = NULL;
906 char* output_name = NULL;
907 char* input_type = NULL;
908 char* output_type = NULL;
915 xmlDocPtr doc = NULL;
921 printf(
"Couldn't malloc path: %s\n", strerror(errno));
927 printf(
"Please specify a zone with the --zone option\n");
940 StrAppend(&sig_conf_name, OPENDNSSEC_STATE_DIR);
959 printf(
"Error: Unrecognised in-type %s; should be one of DNS or File\n",
o_in_type);
965 if(strcmp(input_type,
"DNS")==0){
966 StrAppend(&input_name, OPENDNSSEC_CONFIG_DIR);
969 StrAppend(&input_name, OPENDNSSEC_STATE_DIR);
987 printf(
"Error: Unrecognised out-type %s; should be one of DNS or File\n",
o_out_type);
995 if(strcmp(output_type,
"DNS") == 0){
996 StrAppend(&output_name, OPENDNSSEC_CONFIG_DIR);
999 StrAppend(&output_name, OPENDNSSEC_STATE_DIR);
1015 if(!exist_file(input_name)){
1016 fprintf(stdout,
"WARNING: The input file %s for zone %s does not currently exist. The zone will been added to the database anyway. \n",input_name,
o_zone);
1019 if(strcmp(output_type,
"DNS") == 0 && !exist_file(output_name)){
1020 fprintf(stdout,
"WARNING: The output file %s for zone %s does not currently exist. \n",output_name,
o_zone);
1028 printf(
"couldn't read zonelist\n");
1039 StrAppend(&backup_filename, zonelist_filename);
1041 if (xml_flag == 1) {
1042 if (access(backup_filename, F_OK) == 0){
1043 if (access(backup_filename, W_OK)){
1044 printf(
"ERROR: The backup file %s can not be written.\n",backup_filename);
1055 if (access(OPENDNSSEC_CONFIG_DIR, W_OK)){
1056 printf(
"ERROR: The backup file %s can not be written.\n",backup_filename);
1075 printf(
"Failed to connect to database\n");
1090 printf(
"Error, can't find policy : %s\n",
o_policy);
1091 printf(
"Failed to update zones\n");
1102 status =
KsmImportZone(
o_zone, policy_id, 1, &new_zone, sig_conf_name, input_name, output_name, input_type, output_type);
1105 printf(
"Failed to Import zone %s; it already exists\n",
o_zone);
1106 }
else if (status == -3) {
1107 printf(
"Failed to Import zone %s; it already exists both with and without a trailing dot\n",
o_zone);
1109 printf(
"Failed to Import zone\n");
1126 printf(
"Can't retrieve shared-keys parameter for policy\n");
1139 printf(
"Can't retrieve shared-keys parameter for policy\n");
1153 if (data.
value == 1) {
1156 printf(
"Failed to Link Keys to zone\n");
1177 if (xml_flag == 1) {
1180 xmlKeepBlanksDefault(0);
1181 xmlTreeIndentString =
"\t";
1191 printf(
"Error: Couldn't add our new node in memory\n");
1198 status =
backup_file(zonelist_filename, backup_filename);
1200 printf(
"Error: Backup %s FAILED, please backup %s manually and run \"ods-ksmutil zonelist export\" to update zonelist.xml\n", backup_filename, backup_filename);
1207 status = xmlSaveFormatFile(zonelist_filename, doc, 1);
1212 printf(
"Error: couldn't save zonelist, please run \"ods-ksmutil zonelist export\" to update zonelist.xml\n");
1229 if (xml_flag == 0) {
1230 printf(
"Imported zone: %s into database only, please run \"ods-ksmutil zonelist export\" to update zonelist.xml\n",
o_zone);
1232 printf(
"Imported zone: %s\n",
o_zone);
1247 char* zonelist_filename = NULL;
1248 char* backup_filename = NULL;
1253 xmlDocPtr doc = NULL;
1260 FILE* lock_fd = NULL;
1263 if (all_flag &&
o_zone != NULL) {
1264 printf(
"can not use --all with --zone\n");
1267 else if (!all_flag &&
o_zone == NULL) {
1268 printf(
"please specify either --zone <zone> or --all\n");
1273 if (all_flag == 1) {
1274 printf(
"*WARNING* This will remove all zones from OpenDNSSEC; are you sure? [y/N] ");
1276 user_certain = getchar();
1277 if (user_certain !=
'y' && user_certain !=
'Y') {
1278 printf(
"Okay, quitting...\n");
1286 printf(
"Failed to connect to database\n");
1299 if (xml_flag == 1) {
1303 printf(
"couldn't read zonelist\n");
1328 StrAppend(&backup_filename, zonelist_filename);
1330 status =
backup_file(zonelist_filename, backup_filename);
1339 status = xmlSaveFormatFile(zonelist_filename, doc, 1);
1343 printf(
"Could not save %s\n", zonelist_filename);
1354 if (all_flag == 0) {
1357 printf(
"Couldn't find zone %s\n",
o_zone);
1366 printf(
"Error: failed to mark keys as dead in database\n");
1375 printf(
"Error: failed to remove zone%s from database\n", (all_flag == 1) ?
"s" :
"");
1381 if (all_flag == 0) {
1382 if (system(SIGNER_CLI_UPDATE) != 0)
1384 printf(
"Could not call signer engine\n");
1391 if (xml_flag == 0) {
1392 printf(
"Deleted zone: %s from database only, please run \"ods-ksmutil zonelist export\" to update zonelist.xml\n",
o_zone);
1406 FILE* lock_fd = NULL;
1408 char* zonelist_filename = NULL;
1411 xmlTextReaderPtr reader = NULL;
1413 char* tag_name = NULL;
1415 int file_zone_count = 0;
1421 char* temp_name = NULL;
1428 printf(
"couldn't read zonelist\n");
1429 if (zonelist_filename != NULL) {
1438 printf(
"Failed to connect to database\n");
1444 reader = xmlNewTextReaderFilename(zonelist_filename);
1445 if (reader != NULL) {
1446 ret = xmlTextReaderRead(reader);
1448 tag_name = (
char*) xmlTextReaderLocalName(reader);
1450 if (strncmp(tag_name,
"Zone", 4) == 0
1451 && strncmp(tag_name,
"ZoneList", 8) != 0
1452 && xmlTextReaderNodeType(reader) == 1) {
1456 ret = xmlTextReaderRead(reader);
1459 xmlFreeTextReader(reader);
1461 printf(
"%s : failed to parse\n", zonelist_filename);
1464 printf(
"Unable to open %s\n", zonelist_filename);
1468 zone_ids =
MemMalloc(file_zone_count *
sizeof(
int));
1474 if (file_zone_count != 0) {
1475 StrAppend(&sql,
"select name from zones where id not in (");
1476 for (j = 0; j < file_zone_count; ++j) {
1480 snprintf(buffer,
sizeof(buffer),
"%d", zone_ids[j]);
1485 StrAppend(&sql,
"select name from zones");
1491 while (status == 0) {
1495 printf(
"Found zone %s in DB but not zonelist.\n", temp_name);
1512 if (file_zone_count == 0) {
1513 printf(
"No zones in DB or zonelist.\n");
1541 int prev_zone_id = -1;
1543 char *case_keytype = NULL;
1544 char *case_keystate = NULL;
1545 char *zone_name = NULL;
1548 hsm_key_t *key = NULL;
1549 ldns_rr *dnskey_rr = NULL;
1550 ldns_rr *ds_sha1_rr = NULL;
1551 ldns_rr *ds_sha256_rr = NULL;
1552 hsm_sign_params_t *sign_params = NULL;
1565 int done_something = 0;
1572 if (strncmp(case_keystate,
"KEYPUBLISH", 10) == 0 || strncmp(
o_keystate,
"10", 2) == 0) {
1575 else if (strncmp(case_keystate,
"GENERATE", 8) == 0 || strncmp(
o_keystate,
"1", 1) == 0) {
1578 else if (strncmp(case_keystate,
"PUBLISH", 7) == 0 || strncmp(
o_keystate,
"2", 1) == 0) {
1581 else if (strncmp(case_keystate,
"READY", 5) == 0 || strncmp(
o_keystate,
"3", 1) == 0) {
1584 else if (strncmp(case_keystate,
"ACTIVE", 6) == 0 || strncmp(
o_keystate,
"4", 1) == 0) {
1587 else if (strncmp(case_keystate,
"RETIRE", 6) == 0 || strncmp(
o_keystate,
"5", 1) == 0) {
1590 else if (strncmp(case_keystate,
"DEAD", 4) == 0 || strncmp(
o_keystate,
"6", 1) == 0) {
1593 else if (strncmp(case_keystate,
"DSSUB", 5) == 0 || strncmp(
o_keystate,
"7", 1) == 0) {
1596 else if (strncmp(case_keystate,
"DSPUBLISH", 9) == 0 || strncmp(
o_keystate,
"8", 1) == 0) {
1599 else if (strncmp(case_keystate,
"DSREADY", 7) == 0 || strncmp(
o_keystate,
"9", 1) == 0) {
1603 printf(
"Error: Unrecognised state %s; should be one of GENERATE, PUBLISH, READY, ACTIVE, RETIRE, DEAD, DSSUB, DSPUBLISH, DSREADY or KEYPUBLISH\n",
o_keystate);
1615 if (strncmp(case_keytype,
"KSK", 3) == 0 || strncmp(
o_keytype,
"257", 3) == 0) {
1618 else if (strncmp(case_keytype,
"ZSK", 3) == 0 || strncmp(
o_keytype,
"256", 3) == 0) {
1622 printf(
"Error: Unrecognised keytype %s; should be one of KSK or ZSK\n",
o_keytype);
1633 printf(
"Failed to connect to database\n");
1645 printf(
"Error: unable to find a zone named \"%s\" in database\n",
o_zone);
1651 status = hsm_open(
config, hsm_prompt_pin);
1653 hsm_print_error(NULL);
1658 if (state_id != -1) {
1661 nchar = snprintf(buffer,
sizeof(buffer),
"(%d, %d, %d, %d, %d, %d)",
1664 if (nchar >=
sizeof(buffer)) {
1673 if (zone_id != -1) {
1681 status =
KsmKey(result, &data);
1682 while (status == 0) {
1684 if (ds_flag == 1 && data.
zone_id != prev_zone_id) {
1686 if (red_seen == 0 && act_seen == 0) {
1687 printf(
"\nWARNING: No active or ready keys seen for this zone. Do not load any DS records to the parent unless you understand the possible consequences.\n");
1688 }
else if (red_seen == 1 && act_seen == 1) {
1689 printf(
"\nWARNING: BOTH ready and active keys seen for this zone. Probably a key rollover is happening and you may only want the ready key to be submitted.\n");
1703 key = hsm_find_key_by_id(NULL, data.
location);
1706 printf(
"Key %s in DB but not repository\n", data.
location);
1711 sign_params = hsm_sign_params_new();
1713 if (zone_id == -1) {
1716 printf(
"Error: unable to find zone name for id %d\n", zone_id);
1717 hsm_sign_params_free(sign_params);
1721 sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, zone_name);
1725 sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME,
o_zone);
1728 sign_params->algorithm = data.
algorithm;
1729 sign_params->flags = LDNS_KEY_ZONE_KEY;
1731 sign_params->flags += LDNS_KEY_SEP_KEY;
1733 dnskey_rr = hsm_get_dnskey(NULL, key, sign_params);
1734 sign_params->keytag = ldns_calc_keytag(dnskey_rr);
1750 ldns_rr_set_ttl(dnskey_rr, rrttl);
1755 ldns_rr_print(stdout, dnskey_rr);
1767 ldns_rr_set_ttl(dnskey_rr, rrttl);
1772 ds_sha1_rr = ldns_key_rr2ds(dnskey_rr, LDNS_SHA1);
1773 ldns_rr_print(stdout, ds_sha1_rr);
1776 ds_sha256_rr = ldns_key_rr2ds(dnskey_rr, LDNS_SHA256);
1777 ldns_rr_print(stdout, ds_sha256_rr);
1782 hsm_sign_params_free(sign_params);
1784 status =
KsmKey(result, &data);
1794 if (ds_flag == 1 && red_seen == 0 && act_seen == 0) {
1795 printf(
"\nWARNING: No active or ready keys seen for this zone. Do not load any DS records to the parent unless you understand the possible consequences.\n");
1796 }
else if (ds_flag == 1 && red_seen == 1 && act_seen == 1) {
1797 printf(
"\nWARNING: BOTH ready and active keys seen for this zone. Probably a key rollover is happening and you may only want the ready key to be submitted.\n");
1801 if (!done_something) {
1802 if (state_id != -1) {
1805 printf(
"No keys in READY state or higher to export.\n");
1811 if (dnskey_rr != NULL) {
1812 ldns_rr_free(dnskey_rr);
1814 if (ds_sha1_rr != NULL) {
1815 ldns_rr_free(ds_sha1_rr);
1817 if (ds_sha256_rr != NULL) {
1818 ldns_rr_free(ds_sha256_rr);
1838 xmlDocPtr doc = xmlNewDoc((
const xmlChar *)
"1.0");
1845 if (all_flag &&
o_policy != NULL) {
1846 printf(
"can not use --all with --policy\n");
1849 else if (!all_flag &&
o_policy == NULL) {
1850 printf(
"please specify either --policy <policy> or --all\n");
1857 printf(
"Failed to connect to database\n");
1863 if (policy == NULL) {
1864 fprintf(stderr,
"Malloc for policy struct failed\n");
1879 policy->
zone == NULL || policy->
parent == NULL ||
1880 policy->
keys == NULL ||
1881 policy->
ksk == NULL || policy->
zsk == NULL ||
1883 fprintf(stderr,
"Malloc for policy struct failed\n");
1888 xmlKeepBlanksDefault(0);
1889 xmlTreeIndentString =
" ";
1890 root = xmlNewDocNode(doc, NULL, (
const xmlChar *)
"KASP", NULL);
1891 (void) xmlDocSetRootElement(doc, root);
1900 while (status == 0) {
1910 xmlSaveFormatFile(
"-", doc, 1);
1931 xmlDocPtr doc = xmlNewDoc((
const xmlChar *)
"1.0");
1934 int prev_policy_id = -1;
1941 printf(
"Failed to connect to database\n");
1948 fprintf(stderr,
"Malloc for zone struct failed\n");
1953 xmlKeepBlanksDefault(0);
1954 xmlTreeIndentString =
" ";
1955 root = xmlNewDocNode(doc, NULL, (
const xmlChar *)
"ZoneList", NULL);
1956 (void) xmlDocSetRootElement(doc, root);
1962 status =
KsmZone(result, zone);
1964 while (status == 0) {
1965 if (zone->
policy_id != prev_policy_id) {
1969 fprintf(stderr,
"Couldn't get name for policy with ID: %d, exiting...\n", zone->
policy_id);
1976 status =
KsmZone(result, zone);
1981 xmlSaveFormatFile(
"-", doc, 1);
1999 FILE* lock_fd = NULL;
2021 printf(
"Failed to connect to database\n");
2032 printf(
"Error, can't find zone : %s\n",
o_zone);
2052 if (data.
value == 1) {
2053 printf(
"*WARNING* This zone shares keys with others, all instances of the active key on this zone will be retired; are you sure? [y/N] ");
2055 user_certain = getchar();
2056 if (user_certain !=
'y' && user_certain !=
'Y') {
2057 printf(
"Okay, quitting...\n");
2063 status =
keyRoll(zone_id, -1, key_type);
2070 snprintf(logmsg, 256,
"Manual key rollover for key type %s on zone %s initiated" , (
o_keytype == NULL) ?
"all" :
o_keytype,
o_zone);
2071 printf(
"\n%s\n", logmsg);
2074 #ifdef HAVE_OPENLOG_R
2079 #ifdef HAVE_SYSLOG_R
2080 syslog_r(LOG_INFO, &sdata,
"%s", logmsg);
2082 syslog(LOG_INFO,
"%s", logmsg);
2084 #ifdef HAVE_CLOSELOG_R
2094 if (restart_enforcerd() != 0)
2096 fprintf(stderr,
"Could not HUP ods-enforcerd\n");
2112 FILE* lock_fd = NULL;
2116 int zone_count = -1;
2135 printf(
"Failed to connect to database\n");
2142 printf(
"Error, can't find policy : %s\n",
o_policy);
2148 printf(
"*WARNING* This will roll all keys on the policy; are you sure? [y/N] ");
2150 user_certain = getchar();
2151 if (user_certain !=
'y' && user_certain !=
'Y') {
2152 printf(
"Okay, quitting...\n");
2167 if (zone_count == 0) {
2168 printf(
"No zones on policy; nothing to roll\n");
2173 printf(
"Couldn't count zones on policy; quitting...\n");
2178 status =
keyRoll(-1, policy_id, key_type);
2185 snprintf(logmsg, 256,
"Manual key rollover for key type %s on policy %s initiated" , (
o_keytype == NULL) ?
"all" :
o_keytype,
o_policy);
2186 printf(
"%s\n", logmsg);
2189 #ifdef HAVE_OPENLOG_R
2194 #ifdef HAVE_SYSLOG_R
2195 syslog_r(LOG_INFO, &sdata,
"%s", logmsg);
2197 syslog(LOG_INFO,
"%s", logmsg);
2199 #ifdef HAVE_CLOSELOG_R
2209 if (restart_enforcerd() != 0)
2211 fprintf(stderr,
"Could not HUP ods-enforcerd\n");
2232 FILE* lock_fd = NULL;
2237 printf(
"Failed to connect to database\n");
2246 printf(
"Error: unable to find a policy named \"%s\" in database\n",
o_policy);
2260 printf(
"Error: unable to find a zone named \"%s\" in database\n",
o_zone);
2270 printf(
"Error: failed to purge dead keys\n");
2296 FILE* lock_fd = NULL;
2301 if (datetime == NULL) {
2302 printf(
"Couldn't turn \"now\" into a date, quitting...\n");
2307 if ( strncmp(qualifier,
"DONE", 4) == 0 ) {
2308 printf(
"*WARNING* One-step backups are deprecated in favour of a two-step process; see the documentation on key management for the explanation.\n");
2311 if (force_flag == 0) {
2312 printf(
"Do you wish to continue? [y/N] ");
2314 user_certain = getchar();
2315 if (user_certain !=
'y' && user_certain !=
'Y') {
2316 printf(
"Okay, quitting...\n");
2325 printf(
"Failed to connect to database\n");
2335 printf(
"Error: unable to find a repository named \"%s\" in database\n",
o_repository);
2343 if (strncmp(qualifier,
"PREPARE", 7) == 0 ||
2344 strncmp(qualifier,
"DONE", 4) == 0 ) {
2347 printf(
"There were no keys to mark\n");
2349 else if (status != 0) {
2350 printf(
"Error: failed to mark pre_backup as done\n");
2355 if (strncmp(qualifier,
"PREPARE", 7) == 0) {
2357 printf(
"Marked repository %s as pre-backed up at %s\n",
o_repository, datetime);
2359 printf(
"Marked all repositories as pre-backed up at %s\n", datetime);
2366 if (strncmp(qualifier,
"COMMIT", 6) == 0 ||
2367 strncmp(qualifier,
"DONE", 4) == 0 ) {
2370 printf(
"There were no keys to mark\n");
2372 else if (status != 0) {
2373 printf(
"Error: failed to mark backup as done\n");
2379 printf(
"Marked repository %s as backed up at %s\n",
o_repository, datetime);
2381 printf(
"Marked all repositories as backed up at %s\n", datetime);
2387 if (strncmp(qualifier,
"ROLLBACK", 6) == 0 ) {
2390 printf(
"There were no keys to rollback\n");
2392 else if (status != 0) {
2393 printf(
"Error: failed to mark backup as done\n");
2399 printf(
"Rolled back pre-backup of repository %s\n",
o_repository);
2401 printf(
"Rolled back pre-backup of all repositories\n");
2423 int qualifier_id = -1;
2427 FILE* lock_fd = NULL;
2432 printf(
"Failed to connect to database\n");
2445 printf(
"Error: unable to find a zone named \"%s\" in database\n",
o_zone);
2452 printf(
"Rollovers:\n");
2457 printf(
"Error: failed to list rollovers\n");
2466 if (verbose_flag && ds_count > 0) {
2468 status =
ListDS(qualifier_id);
2471 printf(
"Error: failed to list DS records\n");
2492 int qualifier_id = -1;
2496 FILE* lock_fd = NULL;
2501 printf(
"Failed to connect to database\n");
2510 printf(
"Error: unable to find a repository named \"%s\" in database\n",
o_repository);
2516 printf(
"Backups:\n");
2520 printf(
"Error: failed to list backups\n");
2543 FILE* lock_fd = NULL;
2548 printf(
"Failed to connect to database\n");
2553 printf(
"Repositories:\n");
2558 printf(
"Error: failed to list repositories\n");
2559 if (lock_fd != NULL) {
2584 FILE* lock_fd = NULL;
2589 printf(
"Failed to connect to database\n");
2594 printf(
"Policies:\n");
2599 printf(
"Error: failed to list policies\n");
2620 int qualifier_id = -1;
2624 FILE* lock_fd = NULL;
2629 printf(
"Failed to connect to database\n");
2642 printf(
"Error: unable to find a zone named \"%s\" in database\n",
o_zone);
2654 printf(
"Error: failed to list keys\n");
2681 int keytag_int = -1;
2682 int temp_key_state = -1;
2683 int temp_keypair_id = -1;
2684 char* temp_cka_id = NULL;
2689 FILE* lock_fd = NULL;
2694 if (datetime == NULL) {
2695 printf(
"Couldn't turn \"now\" into a date, quitting...\n");
2701 printf(
"*WARNING* This will retire the currently active KSK; are you sure? [y/N] ");
2703 user_certain = getchar();
2704 if (user_certain !=
'y' && user_certain !=
'Y') {
2705 printf(
"Okay, quitting...\n");
2712 printf(
"Failed to connect to database\n");
2726 printf(
"Error: unable to find a zone named \"%s\" in database\n",
o_zone);
2739 printf(
"Error: Unable to convert keytag \"%s\"; to an integer\n",
o_keytag);
2745 printf(
"Error: keytag \"%s\"; should be numeric only\n",
o_keytag);
2755 printf(
"Please provide a zone or details of the key to roll\n");
2764 printf(
"Error: failed to count active keys\n");
2771 if (key_count < 2) {
2772 printf(
"Error: completing this action would leave no active keys on zone, quitting...\n");
2781 printf(
"Error: failed to find policy for zone\n");
2790 printf(
"Old key retired\n");
2792 printf(
"Old key NOT retired\n");
2800 status =
CountKeys(&zone_id, keytag_int,
o_cka_id, &key_count, &temp_cka_id, &temp_key_state, &temp_keypair_id);
2802 printf(
"Error: failed to count keys\n");
2809 if (key_count > 1) {
2810 printf(
"More than one key matched your parameters, please include more information from the above keys\n");
2818 printf(
"No keys in the ACTIVE state matched your parameters, please check the parameters\n");
2826 printf(
"Error: failed to count active keys\n");
2833 if (key_count < 2) {
2834 printf(
"Error: completing this action would leave no active keys on zone, quitting...\n");
2843 printf(
"Error: failed to find policy for zone\n");
2854 printf(
"Key %s retired\n", temp_cka_id);
2881 int retired_count = -1;
2882 int keytag_int = -1;
2883 int temp_key_state = -1;
2884 int temp_keypair_id = -1;
2885 char* temp_cka_id = NULL;
2890 FILE* lock_fd = NULL;
2897 if (datetime == NULL) {
2898 printf(
"Couldn't turn \"now\" into a date, quitting...\n");
2905 printf(
"Please provide a keytag or a CKA_ID for the key (CKA_ID will be used if both are provided\n");
2913 printf(
"*WARNING* This will retire the currently active KSK; are you sure? [y/N] ");
2915 user_certain = getchar();
2916 if (user_certain !=
'y' && user_certain !=
'Y') {
2917 printf(
"Okay, quitting...\n");
2924 printf(
"Failed to connect to database\n");
2935 printf(
"Please specify a zone using the --zone flag\n");
2941 else if (
o_zone != NULL) {
2948 printf(
"Error: unable to find a zone named \"%s\" in database\n",
o_zone);
2955 else if (all_flag) {
2956 printf(
"*WARNING* This will act on every zone where this key is in use; are you sure? [y/N] ");
2958 user_certain = getchar();
2959 if (user_certain !=
'y' && user_certain !=
'Y') {
2960 printf(
"Okay, quitting...\n");
2972 printf(
"Error: Unable to convert keytag \"%s\"; to an integer\n",
o_keytag);
2978 printf(
"Error: keytag \"%s\"; should be numeric only\n",
o_keytag);
2989 status =
CountKeys(&zone_id, keytag_int,
o_cka_id, &key_count, &temp_cka_id, &temp_key_state, &temp_keypair_id);
2991 printf(
"Error: failed to count keys\n");
2998 if (key_count > 1) {
2999 printf(
"More than one key matched your parameters, please include more information from the above keys\n");
3007 printf(
"Key is already active\n");
3014 if (key_count == 0) {
3015 printf(
"No keys in the READY state matched your parameters, please check the parameters\n");
3024 printf(
"Error: failed to find policy for zone\n");
3031 status =
MarkDSSeen(temp_keypair_id, zone_id, policy_id, datetime, temp_key_state);
3035 snprintf(logmsg, 256,
"Key %s made %s", temp_cka_id, (temp_key_state ==
KSM_STATE_READY) ?
"active" :
"into standby");
3036 printf(
"%s\n", logmsg);
3039 #ifdef HAVE_OPENLOG_R
3044 #ifdef HAVE_SYSLOG_R
3045 syslog_r(LOG_INFO, &sdata,
"%s", logmsg);
3047 syslog(LOG_INFO,
"%s", logmsg);
3049 #ifdef HAVE_CLOSELOG_R
3059 if (retire_flag == 1) {
3064 printf(
"Error: failed to count active keys\n");
3071 if (key_count < 2) {
3075 printf(
"Error: failed to count retired keys\n");
3084 if (retired_count != 0) {
3085 printf(
"Error: retiring a key would leave no active keys on zone, skipping...\n");
3090 if (notify_flag == 1) {
3091 if (restart_enforcerd() != 0) {
3092 fprintf(stderr,
"Could not HUP ods-enforcerd\n");
3094 fprintf(stdout,
"Performed a HUP ods-enforcerd\n");
3097 fprintf(stdout,
"No HUP ods-enforcerd was performed as the '--no-notify' flag was specified.\n");
3098 fprintf(stdout,
"Warning: The enforcer must be manually notified or the changes will not take full effect until the next scheduled enforcer run.\n");
3108 printf(
"Old key retired\n");
3110 printf(
"Old key NOT retired\n");
3113 printf(
"Old key NOT retired\n");
3117 if (notify_flag == 1) {
3118 if (restart_enforcerd() != 0) {
3119 fprintf(stderr,
"Could not HUP ods-enforcerd\n");
3121 fprintf(stdout,
"Performed a HUP ods-enforcerd\n");
3124 fprintf(stdout,
"No HUP ods-enforcerd was performed as the '--no-notify' flag was specified.\n");
3125 fprintf(stdout,
"Warning: The enforcer must be manually notified or the changes will not take full effect until the next scheduled enforcer run.\n");
3147 char* case_keytype = NULL;
3148 char* case_algorithm = NULL;
3149 char* case_state = NULL;
3154 int cka_id_exists = -1;
3155 int keytype_id = -1;
3162 DB_ID keypair_id = 0;
3171 FILE* lock_fd = NULL;
3178 hsm_key_t *key = NULL;
3183 printf(
"Error: please specify a CKA_ID with the --cka_id <CKA_ID>\n");
3187 printf(
"Error: please specify a repository with the --repository <repository>\n");
3191 printf(
"Error: please specify a zone with the --zone <zone>\n");
3195 printf(
"Error: please specify the number of bits with the --bits <size>\n");
3199 printf(
"Error: please specify the algorithm with the --algorithm <algorithm>\n");
3203 printf(
"Error: please specify the state with the --keystate <state>\n");
3207 printf(
"Error: please specify a keytype, KSK or ZSK, with the --keytype <type>\n");
3211 printf(
"Error: please specify the time of when the key entered the given state with the --time <time>\n");
3216 status = hsm_open(
config, hsm_prompt_pin);
3218 hsm_print_error(NULL);
3221 key = hsm_find_key_by_id(NULL,
o_cka_id);
3224 if(check_repository_flag){
3225 fprintf(stderr,
"Error: No key with the CKA_ID %-33s exists in the repository %s. When the option [--check-repository] is used the key MUST exist in the repository for the key to be imported. \n",
o_cka_id,
o_repository);
3228 fprintf(stdout,
"Warning: No key with the CKA_ID %-33s exists in the repository %s. The key will be imported into the database anyway. \n",
o_cka_id,
o_repository);
3237 printf(
"Failed to connect to database\n");
3245 printf(
"Error: unable to find a repository named \"%s\" in database\n",
o_repository);
3257 printf(
"Error: unable to find a zone named \"%s\" in database\n",
o_zone);
3269 if (cka_id_exists == 1) {
3270 printf(
"Error: key with CKA_ID \"%s\" already exists in database\n",
o_cka_id);
3278 if (strncmp(case_keytype,
"KSK", 3) == 0 || strncmp(
o_keytype,
"257", 3) == 0) {
3281 else if (strncmp(case_keytype,
"ZSK", 3) == 0 || strncmp(
o_keytype,
"256", 3) == 0) {
3285 printf(
"Error: Unrecognised keytype %s; should be one of KSK or ZSK\n",
o_keytype);
3297 printf(
"Error: Unable to convert bits \"%s\"; to an integer\n",
o_size);
3302 printf(
"Error: Bits \"%s\"; should be numeric only\n",
o_size);
3320 if (status != 0 || algo_id == 0 || hsm_supported_algorithm(algo_id) != 0) {
3321 printf(
"Error: Key algorithm %s not supported; try one of RSASHA1, RSASHA1-NSEC3-SHA1 or RSASHA256\n",
o_algo);
3329 if (strncmp(case_state,
"GENERATE", 8) == 0 || strncmp(
o_keystate,
"1", 1) == 0) {
3332 else if (strncmp(case_state,
"PUBLISH", 7) == 0 || strncmp(
o_keystate,
"2", 1) == 0) {
3335 else if (strncmp(case_state,
"READY", 5) == 0 || strncmp(
o_keystate,
"3", 1) == 0) {
3338 else if (strncmp(case_state,
"ACTIVE", 6) == 0 || strncmp(
o_keystate,
"4", 1) == 0) {
3341 else if (strncmp(case_state,
"RETIRE", 6) == 0 || strncmp(
o_keystate,
"5", 1) == 0) {
3345 printf(
"Error: Unrecognised state %s; should be one of GENERATE, PUBLISH, READY, ACTIVE or RETIRE\n",
o_keystate);
3356 printf(
"Error: unable to convert \"%s\" into a date\n",
o_time);
3363 snprintf(form_time,
KSM_TIME_LENGTH,
"%4.4d-%2.2d-%2.2d %2.2d:%2.2d:%2.2d",
3364 datetime.tm_year + 1900, datetime.tm_mon + 1, datetime.tm_mday,
3365 datetime.tm_hour, datetime.tm_min, datetime.tm_sec);
3366 printf(
"Converted time is %s\n", form_time);
3372 printf(
"Error: unable to specify retire time for a key in state \"%s\"\n",
o_keystate);
3379 printf(
"Error: unable to convert retire time \"%s\" into a date\n",
o_retire);
3386 snprintf(form_opt_time,
KSM_TIME_LENGTH,
"%4.4d-%2.2d-%2.2d %2.2d:%2.2d:%2.2d",
3387 datetime.tm_year + 1900, datetime.tm_mon + 1, datetime.tm_mday,
3388 datetime.tm_hour, datetime.tm_min, datetime.tm_sec);
3392 form_opt_time[0] =
'\0';
3409 if (data.
value == 1) {
3410 printf(
"*WARNING* This zone shares keys with others, the key will be added to all; are you sure? [y/N] ");
3412 user_certain = getchar();
3413 if (user_certain !=
'y' && user_certain !=
'Y') {
3414 printf(
"Okay, quitting...\n");
3421 status =
KsmImportKeyPair(policy_id,
o_cka_id, repo_id, size_int, algo_id, state_id, form_time, fix_time, &keypair_id);
3423 printf(
"Error: couldn't import key\n");
3433 status =
KsmDnssecKeyCreate(zone_id, (
int) keypair_id, keytype_id, state_id, form_time, form_opt_time, &ignore);
3436 printf(
"Error: couldn't allocate key to zone(s)\n");
3441 printf(
"Key imported into zone(s)\n");
3457 FILE* lock_fd = NULL;
3460 char *dbschema = NULL;
3464 char *password = NULL;
3468 char* backup_filename = NULL;
3469 char* lock_filename;
3471 char *path = getenv(
"PWD");
3474 printf(
"Sorry, currently this utility can only backup a sqlite database file\n");
3479 status =
get_db_details(&dbschema, &host, &port, &user, &password);
3490 lock_filename = NULL;
3494 lock_fd = fopen(lock_filename,
"w");
3497 printf(
"Error getting db lock\n");
3498 if (lock_fd != NULL) {
3548 char* kasp_filename = NULL;
3549 char* zonelist_filename = NULL;
3550 char* backup_filename = NULL;
3553 FILE* lock_fd = NULL;
3562 int zone_count = -1;
3564 xmlDocPtr doc = NULL;
3567 printf(
"*WARNING* This feature is experimental and has not been fully tested; are you sure? [y/N] ");
3569 user_certain = getchar();
3570 if (user_certain !=
'y' && user_certain !=
'Y') {
3571 printf(
"Okay, quitting...\n");
3578 printf(
"Failed to read conf.xml\n");
3584 StrAppend(&backup_filename, kasp_filename);
3586 status =
backup_file(kasp_filename, backup_filename);
3596 if ((test = fopen(kasp_filename,
"ab"))==NULL) {
3597 printf(
"Cannot open kasp.xml for writing: %s\n", strerror(errno));
3608 printf(
"Failed to connect to database\n");
3629 if (policy == NULL) {
3630 printf(
"Malloc for policy struct failed\n");
3639 while (status == 0) {
3649 if (zone_count == 0) {
3650 printf(
"No zones on policy %s; purging...\n", policy->
name);
3652 size = snprintf(sql,
KSM_SQL_SIZE,
"update dnsseckeys set state = %d where keypair_id in (select id from keypairs where policy_id = %d)",
KSM_STATE_DEAD, policy->
id);
3656 printf(
"Couldn't construct SQL to kill orphaned keys\n");
3679 printf(
"Key purge failed for policy %s\n", policy->
name);
3688 sql2 =
DdsInit(
"parameters_policies");
3732 status = xmlSaveFormatFile(kasp_filename, doc, 1);
3735 printf(
"Could not save %s\n", kasp_filename);
3745 printf(
"Couldn't count zones on policy; quitting...\n");
3783 char* ods_control_cmd = NULL;
3784 char* ptr = command;
3789 *ptr = tolower((
int) *ptr);
3795 StrAppend(&ods_control_cmd, ODS_EN_CONTROL);
3798 status = system(ods_control_cmd);
3801 fprintf(stderr,
"Couldn't run %s\n", ods_control_cmd);
3817 char* case_command = NULL;
3818 char* case_verb = NULL;
3820 int option_index = 0;
3821 static struct option long_options[] =
3823 {
"all", no_argument, 0,
'a'},
3824 {
"auto-accept", no_argument, 0,
'A'},
3825 {
"bits", required_argument, 0,
'b'},
3826 {
"config", required_argument, 0,
'c'},
3827 {
"check-repository", no_argument, 0,
'C'},
3828 {
"ds", no_argument, 0,
'd'},
3829 {
"keystate", required_argument, 0,
'e'},
3830 {
"no-retire", no_argument, 0,
'f'},
3831 {
"force", no_argument, 0,
'F'},
3832 {
"algorithm", required_argument, 0,
'g'},
3833 {
"help", no_argument, 0,
'h'},
3834 {
"input", required_argument, 0,
'i'},
3835 {
"in-type", required_argument, 0,
'j'},
3836 {
"cka_id", required_argument, 0,
'k'},
3837 {
"no-notify", no_argument, 0,
'l'},
3838 {
"no-xml", no_argument, 0,
'm'},
3839 {
"no-hsm", no_argument, 0,
'M'},
3840 {
"interval", required_argument, 0,
'n'},
3841 {
"output", required_argument, 0,
'o'},
3842 {
"policy", required_argument, 0,
'p'},
3843 {
"out-type", required_argument, 0,
'q'},
3844 {
"repository", required_argument, 0,
'r'},
3845 {
"signerconf", required_argument, 0,
's'},
3846 {
"keytype", required_argument, 0,
't'},
3847 {
"time", required_argument, 0,
'w'},
3848 {
"verbose", no_argument, 0,
'v'},
3849 {
"version", no_argument, 0,
'V'},
3850 {
"keytag", required_argument, 0,
'x'},
3851 {
"retire", required_argument, 0,
'y'},
3852 {
"zone", required_argument, 0,
'z'},
3853 {
"zonetotal", required_argument, 0,
'Z'},
3859 while ((ch = getopt_long(argc, argv,
"aAb:Cc:de:fFg:hi:j:k:mMln:o:p:q:r:s:t:vVw:x:y:z:Z:", long_options, &option_index)) != -1) {
3865 auto_accept_flag = 1;
3874 check_repository_flag = 1;
3938 printf(
"%s version %s\n", PACKAGE_NAME, PACKAGE_VERSION);
3996 if (!strncmp(case_command,
"SETUP", 5)) {
4000 }
else if (!strncmp(case_command,
"UPDATE", 6)) {
4004 }
else if (!strncmp(case_command,
"START", 5) ||
4005 !strncmp(case_command,
"STOP", 4) ||
4006 !strncmp(case_command,
"NOTIFY", 6)) {
4010 }
else if (!strncmp(case_command,
"ZONE", 4) && strlen(case_command) == 4) {
4015 if (!strncmp(case_verb,
"ADD", 3)) {
4017 }
else if (!strncmp(case_verb,
"DELETE", 6)) {
4019 }
else if (!strncmp(case_verb,
"LIST", 4)) {
4022 printf(
"Unknown command: zone %s\n", case_verb);
4026 }
else if (!strncmp(case_command,
"REPOSITORY", 10)) {
4030 if (!strncmp(case_verb,
"LIST", 4)) {
4033 printf(
"Unknown command: repository %s\n", case_verb);
4037 }
else if (!strncmp(case_command,
"POLICY", 6)) {
4041 if (!strncmp(case_verb,
"EXPORT", 6)) {
4043 }
else if (!strncmp(case_verb,
"IMPORT", 6)) {
4045 }
else if (!strncmp(case_verb,
"LIST", 4)) {
4047 }
else if (!strncmp(case_verb,
"PURGE", 5)) {
4050 printf(
"Unknown command: policy %s\n", case_verb);
4054 }
else if (!strncmp(case_command,
"KEY", 3)) {
4058 if (!strncmp(case_verb,
"LIST", 4)) {
4061 else if (!strncmp(case_verb,
"EXPORT", 6)) {
4064 else if (!strncmp(case_verb,
"IMPORT", 6)) {
4067 else if (!strncmp(case_verb,
"ROLLOVER", 8)) {
4069 if (all_flag == 0 &&
o_keytype == NULL) {
4070 printf(
"Please specify either a keytype, KSK or ZSK, with the --keytype <type> option or use the --all option\n");
4083 printf(
"Please provide either a zone OR a policy to rollover\n");
4089 else if (!strncmp(case_verb,
"PURGE", 5)) {
4095 printf(
"Please provide either a zone OR a policy to key purge\n");
4100 else if (!strncmp(case_verb,
"GENERATE", 8)) {
4103 else if (!strncmp(case_verb,
"KSK-RETIRE", 10)) {
4106 else if (!strncmp(case_verb,
"DS-SEEN", 7)) {
4108 }
else if (!strncmp(case_verb,
"DELETE", 6)) {
4111 printf(
"Unknown command: key %s\n", case_verb);
4115 }
else if (!strncmp(case_command,
"BACKUP", 6)) {
4119 if (!strncmp(case_verb,
"DONE", 4) ||
4120 !strncmp(case_verb,
"PREPARE", 7) ||
4121 !strncmp(case_verb,
"COMMIT", 6) ||
4122 !strncmp(case_verb,
"ROLLBACK", 8)) {
4125 else if (!strncmp(case_verb,
"LIST", 4)) {
4128 printf(
"Unknown command: backup %s\n", case_verb);
4132 }
else if (!strncmp(case_command,
"ROLLOVER", 8)) {
4135 if (!strncmp(case_verb,
"LIST", 4)) {
4138 printf(
"Unknown command: rollover %s\n", case_verb);
4142 }
else if (!strncmp(case_command,
"DATABASE", 8)) {
4146 if (!strncmp(case_verb,
"BACKUP", 6)) {
4149 printf(
"Unknown command: database %s\n", case_verb);
4153 }
else if (!strncmp(case_command,
"ZONELIST", 8)) {
4157 if (!strncmp(case_verb,
"EXPORT", 6)) {
4160 else if (!strncmp(case_verb,
"IMPORT", 6)) {
4163 printf(
"Unknown command: zonelist %s\n", case_verb);
4168 printf(
"Unknown command: %s\n", argv[0]);
4180 xmlCleanupGlobals();
4181 xmlCleanupThreads();
4203 char *dbschema = NULL;
4207 char *password = NULL;
4211 char* backup_filename = NULL;
4212 char* lock_filename;
4215 status =
get_db_details(&dbschema, &host, &port, &user, &password);
4231 if (lock_fd != NULL) {
4232 lock_filename = NULL;
4236 *lock_fd = fopen(lock_filename,
"w");
4239 printf(
"Error getting db lock\n");
4240 if (*lock_fd != NULL) {
4264 if (lock_fd != NULL) {
4279 status =
DbConnect(dbhandle, dbschema, host, password, user, port);
4301 if (lock_fd != NULL) {
4304 printf(
"Error releasing db lock");
4326 if (lock_fd == NULL) {
4327 printf(
"%s could not be opened\n", lock_filename);
4331 memset(&fl, 0,
sizeof(
struct flock));
4332 fl.l_type = F_WRLCK;
4333 fl.l_whence = SEEK_SET;
4334 fl.l_pid = getpid();
4336 while (fcntl(fileno(lock_fd), F_SETLK, &fl) == -1) {
4338 printf(
"couldn't get lock on %s; %s\n", lock_filename, strerror(errno));
4341 if (errno == EACCES || errno == EAGAIN) {
4342 printf(
"%s already locked, sleep\n", lock_filename);
4347 select(0, NULL, NULL, NULL, &tv);
4352 printf(
"couldn't get lock on %s; %s\n", lock_filename, strerror(errno));
4365 if (lock_fd == NULL) {
4369 memset(&fl, 0,
sizeof(
struct flock));
4370 fl.l_type = F_UNLCK;
4371 fl.l_whence = SEEK_SET;
4373 if (fcntl(fileno(lock_fd), F_SETLK, &fl) == -1) {
4386 xmlTextReaderPtr reader = NULL;
4387 xmlDocPtr doc = NULL;
4388 xmlXPathContextPtr xpathCtx = NULL;
4389 xmlXPathObjectPtr xpathObj = NULL;
4391 char* tag_name = NULL;
4392 char* temp_char = NULL;
4394 xmlChar *zonelist_expr = (
unsigned char*)
"//Common/ZoneListFile";
4395 xmlChar *kaspfile_expr = (
unsigned char*)
"//Common/PolicyFile";
4398 reader = xmlNewTextReaderFilename(
config);
4399 if (reader != NULL) {
4400 ret = xmlTextReaderRead(reader);
4402 tag_name = (
char*) xmlTextReaderLocalName(reader);
4404 if (strncmp(tag_name,
"Common", 6) == 0
4405 && xmlTextReaderNodeType(reader) == 1) {
4408 xmlTextReaderExpand(reader);
4409 doc = xmlTextReaderCurrentDoc(reader);
4411 printf(
"Error: can not read Common section\n");
4413 ret = xmlTextReaderRead(reader);
4417 xpathCtx = xmlXPathNewContext(doc);
4418 if(xpathCtx == NULL) {
4419 printf(
"Error: can not create XPath context for Common section\n");
4421 ret = xmlTextReaderRead(reader);
4426 xpathObj = xmlXPathEvalExpression(zonelist_expr, xpathCtx);
4427 if(xpathObj == NULL) {
4428 printf(
"Error: unable to evaluate xpath expression: %s\n", zonelist_expr);
4430 ret = xmlTextReaderRead(reader);
4433 *zone_list_filename = NULL;
4434 temp_char = (
char*) xmlXPathCastToString(xpathObj);
4435 StrAppend(zone_list_filename, temp_char);
4437 xmlXPathFreeObject(xpathObj);
4438 printf(
"zonelist filename set to %s.\n", *zone_list_filename);
4441 xpathObj = xmlXPathEvalExpression(kaspfile_expr, xpathCtx);
4442 xmlXPathFreeContext(xpathCtx);
4443 if(xpathObj == NULL) {
4444 printf(
"Error: unable to evaluate xpath expression: %s\n", kaspfile_expr);
4446 ret = xmlTextReaderRead(reader);
4449 *kasp_filename = NULL;
4450 if (xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
4454 temp_char = (
char*) xmlXPathCastToString(xpathObj);
4462 StrAppend(kasp_filename, OPENDNSSEC_CONFIG_DIR);
4465 printf(
"kasp filename set to %s.\n", *kasp_filename);
4467 xmlXPathFreeObject(xpathObj);
4470 ret = xmlTextReaderRead(reader);
4474 xmlFreeTextReader(reader);
4476 printf(
"%s : failed to parse\n",
config);
4480 printf(
"Unable to open %s\n",
config);
4497 xmlDocPtr doc = NULL;
4498 xmlXPathContextPtr xpathCtx = NULL;
4499 xmlXPathObjectPtr xpathObj = NULL;
4501 char* repo_name = NULL;
4502 char* repo_capacity = NULL;
4503 int require_backup = 0;
4506 xmlChar *node_expr = (
unsigned char*)
"//Configuration/RepositoryList/Repository";
4510 doc = xmlParseFile(
config);
4512 printf(
"Unable to open %s\n",
config);
4517 xpathCtx = xmlXPathNewContext(doc);
4518 if(xpathCtx == NULL) {
4524 xpathObj = xmlXPathEvalExpression(node_expr, xpathCtx);
4525 if(xpathObj == NULL) {
4526 xmlXPathFreeContext(xpathCtx);
4531 if (xpathObj->nodesetval) {
4532 for (i = 0; i < xpathObj->nodesetval->nodeNr; i++) {
4537 curNode = xpathObj->nodesetval->nodeTab[i]->xmlChildrenNode;
4538 repo_name = (
char *) xmlGetProp(xpathObj->nodesetval->nodeTab[i],
4539 (
const xmlChar *)
"name");
4541 if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Capacity")) {
4542 repo_capacity = (
char *) xmlNodeGetContent(curNode);
4544 if (xmlStrEqual(curNode->name, (
const xmlChar *)
"RequireBackup")) {
4548 curNode = curNode->next;
4551 if (strlen(repo_name) != 0) {
4553 printf(
"Repository %s found\n", repo_name);
4554 if (strlen(repo_capacity) == 0) {
4555 printf(
"No Maximum Capacity set.\n");
4561 printf(
"Capacity set to %s.\n", repo_capacity);
4567 if (require_backup == 0) {
4568 printf(
"RequireBackup NOT set; please make sure that you know the potential problems of using keys which are not recoverable\n");
4570 printf(
"RequireBackup set.\n");
4574 printf(
"Error Importing Repository %s", repo_name);
4578 printf(
"WARNING: Repository found with NULL name, skipping...\n");
4586 xmlXPathFreeObject(xpathObj);
4589 xmlXPathFreeContext(xpathCtx);
4604 char *policy_name = NULL;
4605 char *policy_description = NULL;
4608 xmlDocPtr doc = NULL;
4609 xmlDocPtr pol_doc = NULL;
4610 xmlDocPtr rngdoc = NULL;
4613 xmlNode *childNode2;
4614 xmlNode *childNode3;
4615 xmlChar *opt_out_flag = (xmlChar *)
"N";
4616 xmlChar *nsec3param_ttl = NULL ;
4617 xmlChar *share_keys_flag = (xmlChar *)
"N";
4618 xmlChar *man_roll_flag = (xmlChar *)
"N";
4619 xmlChar *rfc5011_flag = (xmlChar *)
"N";
4620 int standby_keys_flag = 0;
4621 xmlXPathContextPtr xpathCtx = NULL;
4622 xmlXPathObjectPtr xpathObj = NULL;
4623 xmlRelaxNGParserCtxtPtr rngpctx = NULL;
4624 xmlRelaxNGValidCtxtPtr rngctx = NULL;
4625 xmlRelaxNGPtr schema = NULL;
4628 xmlChar *node_expr = (
unsigned char*)
"//Policy";
4634 int algo_change = 0;
4636 char* changes_made = NULL;
4641 const char* rngfilename = OPENDNSSEC_SCHEMA_DIR
"/kasp.rng";
4642 char* kaspcheck_cmd = NULL;
4643 char* kaspcheck_cmd_version = NULL;
4645 StrAppend(&kaspcheck_cmd, ODS_EN_KASPCHECK);
4649 StrAppend(&kaspcheck_cmd_version, ODS_EN_KASPCHECK);
4650 StrAppend(&kaspcheck_cmd_version,
" --version > /dev/null");
4653 status = system(kaspcheck_cmd_version);
4656 status = system(kaspcheck_cmd);
4659 fprintf(stderr,
"ods-kaspcheck returned an error, please check your policy\n");
4661 StrFree(kaspcheck_cmd_version);
4667 fprintf(stderr,
"Couldn't run ods-kaspcheck, will carry on\n");
4671 StrFree(kaspcheck_cmd_version);
4674 doc = xmlParseFile(kasp_filename);
4676 printf(
"Error: unable to parse file \"%s\"\n", kasp_filename);
4681 rngdoc = xmlParseFile(rngfilename);
4682 if (rngdoc == NULL) {
4683 printf(
"Error: unable to parse file \"%s\"\n", rngfilename);
4688 rngpctx = xmlRelaxNGNewDocParserCtxt(rngdoc);
4689 if (rngpctx == NULL) {
4690 printf(
"Error: unable to create XML RelaxNGs parser context\n");
4695 schema = xmlRelaxNGParse(rngpctx);
4696 if (schema == NULL) {
4697 printf(
"Error: unable to parse a schema definition resource\n");
4702 rngctx = xmlRelaxNGNewValidCtxt(schema);
4703 if (rngctx == NULL) {
4704 printf(
"Error: unable to create RelaxNGs validation context based on the schema\n");
4709 status = xmlRelaxNGValidateDoc(rngctx,doc);
4711 printf(
"Error validating file \"%s\"\n", kasp_filename);
4717 if (policy == NULL) {
4718 printf(
"Malloc for policy struct failed");
4723 xpathCtx = xmlXPathNewContext(doc);
4724 if(xpathCtx == NULL) {
4731 xpathObj = xmlXPathEvalExpression(node_expr, xpathCtx);
4732 if(xpathObj == NULL) {
4733 xmlXPathFreeContext(xpathCtx);
4739 if (xpathObj->nodesetval) {
4745 for (i = 0; i < xpathObj->nodesetval->nodeNr; i++) {
4747 curNode = xpathObj->nodesetval->nodeTab[i]->xmlChildrenNode;
4748 policy_name = (
char *) xmlGetProp(xpathObj->nodesetval->nodeTab[i], (
const xmlChar *)
"name");
4749 if (strlen(policy_name) == 0) {
4751 printf(
"Error extracting policy name from %s\n", kasp_filename);
4764 printf(
"Error: unable to read policy %s; skipping\n", policy_name);
4769 if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Keys")) {
4770 childNode = curNode->children;
4772 if (xmlStrEqual(childNode->name, (
const xmlChar *)
"KSK")) {
4773 childNode2 = childNode->children;
4775 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Algorithm")) {
4778 status =
StrStrtoi((
char *)xmlNodeGetContent(childNode2), &value);
4780 printf(
"Error extracting KSK algorithm for policy %s, exiting...", policy_name);
4786 printf(
"\n\nAlgorithm change attempted... details:\n");
4787 StrAppend(&changes_made,
"Algorithm changes made, details:");
4790 size = snprintf(tmp_change,
KSM_MSG_LENGTH,
"Policy: %s, KSK algorithm changed from %d to %d.", policy_name, policy->
ksk->
algorithm, value);
4793 printf(
"Error constructing log message for policy %s, exiting...", policy_name);
4796 printf(
"%s\n", tmp_change);
4802 childNode2 = childNode2->next;
4807 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"ZSK")) {
4808 childNode2 = childNode->children;
4810 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Algorithm")) {
4813 status =
StrStrtoi((
char *)xmlNodeGetContent(childNode2), &value);
4815 printf(
"Error extracting ZSK algorithm for policy %s, exiting...", policy_name);
4821 printf(
"\n\nAlgorithm change attempted... details:\n");
4822 StrAppend(&changes_made,
"Algorithm changes made, details:");
4825 size = snprintf(tmp_change,
KSM_MSG_LENGTH,
"Policy: %s, ZSK algorithm changed from %d to %d.", policy_name, policy->
zsk->
algorithm, value);
4828 printf(
"Error constructing log message for policy %s, exiting...", policy_name);
4831 printf(
"%s\n", tmp_change);
4837 childNode2 = childNode2->next;
4842 childNode = childNode->next;
4845 curNode = curNode->next;
4857 if (algo_change == 1 && force_flag == 0) {
4858 printf(
"*WARNING* This will change the algorithms used as noted above. Algorithm rollover is _not_ supported by OpenDNSSEC and zones may break. Are you sure? [y/N] ");
4860 user_certain = getchar();
4861 if (user_certain !=
'y' && user_certain !=
'Y') {
4862 printf(
"\nOkay, quitting...\n");
4863 xmlXPathFreeContext(xpathCtx);
4876 #ifdef HAVE_OPENLOG_R
4881 #ifdef HAVE_SYSLOG_R
4882 syslog_r(LOG_INFO, &sdata,
"%s", changes_made);
4884 syslog(LOG_INFO,
"%s", changes_made);
4886 #ifdef HAVE_CLOSELOG_R
4897 for (i = 0; i < xpathObj->nodesetval->nodeNr; i++) {
4899 curNode = xpathObj->nodesetval->nodeTab[i]->xmlChildrenNode;
4900 policy_name = (
char *) xmlGetProp(xpathObj->nodesetval->nodeTab[i], (
const xmlChar *)
"name");
4901 if (strlen(policy_name) == 0) {
4903 printf(
"Error extracting policy name from %s\n", kasp_filename);
4907 printf(
"Policy %s found\n", policy_name);
4909 if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Description")) {
4910 policy_description = (
char *) xmlNodeGetContent(curNode);
4920 printf(
"Error: unable to read policy %s; skipping\n", policy_name);
4921 curNode = curNode->next;
4929 printf(
"Error: unable to update policy description for %s; skipping\n", policy_name);
4931 curNode = curNode->next;
4940 printf(
"Error: unable to insert policy %s; skipping\n", policy_name);
4942 curNode = curNode->next;
4948 printf(
"Error: unable to get policy id for %s; skipping\n", policy_name);
4949 curNode = curNode->next;
4955 else if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Signatures")) {
4956 childNode = curNode->children;
4958 if (xmlStrEqual(childNode->name, (
const xmlChar *)
"Resign")) {
4961 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"Refresh")) {
4964 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"Validity")) {
4965 childNode2 = childNode->children;
4967 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Default")) {
4970 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Denial")) {
4973 childNode2 = childNode2->next;
4976 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"Jitter")) {
4979 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"InceptionOffset")) {
4982 childNode = childNode->next;
4985 else if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Denial")) {
4986 opt_out_flag = (xmlChar *)
"N";
4987 childNode = curNode->children;
4989 if (xmlStrEqual(childNode->name, (
const xmlChar *)
"NSEC3")) {
4993 printf(
"Error: unable to insert/update %s for policy\n",
"Denial version");
4995 childNode2 = childNode->children;
4997 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"OptOut")) {
4998 opt_out_flag = (xmlChar *)
"Y";
5000 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Resalt")) {
5003 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"TTL")) {
5004 nsec3param_ttl = xmlNodeGetContent(childNode2);
5006 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Hash")) {
5007 childNode3 = childNode2->children;
5009 if (xmlStrEqual(childNode3->name, (
const xmlChar *)
"Algorithm")) {
5012 else if (xmlStrEqual(childNode3->name, (
const xmlChar *)
"Iterations")) {
5015 else if (xmlStrEqual(childNode3->name, (
const xmlChar *)
"Salt")) {
5018 childNode3 = childNode3->next;
5022 childNode2 = childNode2->next;
5026 if (nsec3param_ttl == NULL)
5027 nsec3param_ttl = (xmlChar *)
StrStrdup(
"PT0S");
5029 nsec3param_ttl = NULL;
5031 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"NSEC")) {
5034 printf(
"Error: unable to insert/update %s for policy\n",
"Denial version");
5037 childNode = childNode->next;
5040 else if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Keys")) {
5041 share_keys_flag = (xmlChar *)
"N";
5042 childNode = curNode->children;
5044 if (xmlStrEqual(childNode->name, (
const xmlChar *)
"TTL")) {
5047 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"RetireSafety")) {
5050 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"PublishSafety")) {
5053 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"ShareKeys")) {
5054 share_keys_flag = (xmlChar *)
"Y";
5056 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"Purge")) {
5060 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"KSK")) {
5061 man_roll_flag = (xmlChar *)
"N";
5062 rfc5011_flag = (xmlChar *)
"N";
5063 childNode2 = childNode->children;
5065 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Algorithm")) {
5070 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Lifetime")) {
5073 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Repository")) {
5075 printf(
"Please either add the repository to conf.xml or remove the reference to it from kasp.xml\n");
5077 xmlFreeDoc(pol_doc);
5078 xmlXPathFreeContext(xpathCtx);
5079 xmlRelaxNGFree(schema);
5080 xmlRelaxNGFreeValidCtxt(rngctx);
5081 xmlRelaxNGFreeParserCtxt(rngpctx);
5089 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Standby")) {
5091 standby_keys_flag = 1;
5093 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"ManualRollover")) {
5094 man_roll_flag = (xmlChar *)
"Y";
5096 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"RFC5011")) {
5097 rfc5011_flag = (xmlChar *)
"Y";
5102 childNode2 = childNode2->next;
5107 if (standby_keys_flag == 0) {
5110 standby_keys_flag = 0;
5114 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"ZSK")) {
5115 man_roll_flag = (xmlChar *)
"N";
5116 childNode2 = childNode->children;
5118 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Algorithm")) {
5123 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Lifetime")) {
5126 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Repository")) {
5128 printf(
"Please either add the repository to conf.xml or remove the reference to it from kasp.xml\n");
5130 xmlFreeDoc(pol_doc);
5131 xmlXPathFreeContext(xpathCtx);
5132 xmlRelaxNGFree(schema);
5133 xmlRelaxNGFreeValidCtxt(rngctx);
5134 xmlRelaxNGFreeParserCtxt(rngpctx);
5142 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Standby")) {
5144 standby_keys_flag = 1;
5146 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"ManualRollover")) {
5147 man_roll_flag = (xmlChar *)
"Y";
5149 childNode2 = childNode2->next;
5155 childNode = childNode->next;
5159 if (standby_keys_flag == 0) {
5162 standby_keys_flag = 0;
5167 else if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Zone")) {
5168 childNode = curNode->children;
5170 if (xmlStrEqual(childNode->name, (
const xmlChar *)
"PropagationDelay")) {
5173 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"SOA")) {
5174 childNode2 = childNode->children;
5176 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"TTL")) {
5179 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Minimum")) {
5182 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Serial")) {
5185 childNode2 = childNode2->next;
5188 childNode = childNode->next;
5192 else if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Parent")) {
5193 childNode = curNode->children;
5195 if (xmlStrEqual(childNode->name, (
const xmlChar *)
"PropagationDelay")) {
5198 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"DS")) {
5199 childNode2 = childNode->children;
5201 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"TTL")) {
5204 childNode2 = childNode2->next;
5207 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"SOA")) {
5208 childNode2 = childNode->children;
5210 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"TTL")) {
5213 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Minimum")) {
5216 childNode2 = childNode2->next;
5219 childNode = childNode->next;
5223 curNode = curNode->next;
5234 xmlXPathFreeContext(xpathCtx);
5235 xmlRelaxNGFree(schema);
5236 xmlRelaxNGFreeValidCtxt(rngctx);
5237 xmlRelaxNGFreeParserCtxt(rngpctx);
5251 xmlDocPtr doc = NULL;
5252 xmlDocPtr rngdoc = NULL;
5255 xmlNode *childNode2;
5256 xmlXPathContextPtr xpathCtx = NULL;
5257 xmlXPathObjectPtr xpathObj = NULL;
5258 xmlRelaxNGParserCtxtPtr rngpctx = NULL;
5259 xmlRelaxNGValidCtxtPtr rngctx = NULL;
5260 xmlRelaxNGPtr schema = NULL;
5262 char* zone_name = NULL;
5263 char* policy_name = NULL;
5264 char* current_policy = NULL;
5265 char* current_signconf = NULL;
5266 char* current_input = NULL;
5267 char* current_output = NULL;
5268 char* current_in_type = NULL;
5269 char* current_out_type = NULL;
5272 int file_zone_count = 0;
5273 int db_zone_count = 0;
5287 xmlChar *node_expr = (
unsigned char*)
"//Zone";
5288 const char* rngfilename = OPENDNSSEC_SCHEMA_DIR
"/zonelist.rng";
5291 doc = xmlParseFile(zone_list_filename);
5293 printf(
"Error: unable to parse file \"%s\"\n", zone_list_filename);
5298 rngdoc = xmlParseFile(rngfilename);
5299 if (rngdoc == NULL) {
5300 printf(
"Error: unable to parse file \"%s\"\n", rngfilename);
5305 rngpctx = xmlRelaxNGNewDocParserCtxt(rngdoc);
5306 if (rngpctx == NULL) {
5307 printf(
"Error: unable to create XML RelaxNGs parser context\n");
5312 schema = xmlRelaxNGParse(rngpctx);
5313 if (schema == NULL) {
5314 printf(
"Error: unable to parse a schema definition resource\n");
5319 rngctx = xmlRelaxNGNewValidCtxt(schema);
5320 if (rngctx == NULL) {
5321 printf(
"Error: unable to create RelaxNGs validation context based on the schema\n");
5326 status = xmlRelaxNGValidateDoc(rngctx,doc);
5328 printf(
"Error validating file \"%s\"\n", zone_list_filename);
5333 xpathCtx = xmlXPathNewContext(doc);
5334 if(xpathCtx == NULL) {
5340 xpathObj = xmlXPathEvalExpression(node_expr, xpathCtx);
5341 if(xpathObj == NULL) {
5342 xmlXPathFreeContext(xpathCtx);
5347 if (xpathObj->nodesetval) {
5348 file_zone_count = xpathObj->nodesetval->nodeNr;
5350 printf(
"Error extracting zone count from %s\n", zone_list_filename);
5351 xmlXPathFreeContext(xpathCtx);
5357 zone_ids =
MemMalloc(file_zone_count *
sizeof(
int));
5359 if (xpathObj->nodesetval) {
5360 for (i = 0; i < file_zone_count; i++) {
5362 curNode = xpathObj->nodesetval->nodeTab[i]->xmlChildrenNode;
5363 zone_name = (
char *) xmlGetProp(xpathObj->nodesetval->nodeTab[i], (
const xmlChar *)
"name");
5364 if (strlen(zone_name) == 0) {
5366 printf(
"Error extracting zone name from %s\n", zone_list_filename);
5379 printf(
"Zone %s found; ", zone_name);
5382 if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Policy")) {
5383 current_policy = (
char *) xmlNodeGetContent(curNode);
5385 printf(
"policy set to %s\n", current_policy);
5388 if (policy_name == NULL || strcmp(current_policy, policy_name) != 0) {
5390 StrAppend(&policy_name, current_policy);
5394 printf(
"ERROR, can't find policy %s.\n", policy_name);
5401 else if (xmlStrEqual(curNode->name, (
const xmlChar *)
"SignerConfiguration")) {
5402 current_signconf = (
char *) xmlNodeGetContent(curNode);
5405 else if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Adapters")) {
5406 childNode = curNode->children;
5409 if (xmlStrEqual(childNode->name, (
const xmlChar *)
"Input")) {
5410 childNode2 = childNode->children;
5412 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Adapter")) {
5413 current_input = (
char *) xmlNodeGetContent(childNode2);
5414 current_in_type = (
char *) xmlGetProp(childNode2, (
const xmlChar *)
"type");
5416 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"File")) {
5417 current_input = (
char *) xmlNodeGetContent(childNode2);
5418 current_in_type = (
char *) childNode2->name;
5420 childNode2 = childNode2->next;
5424 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"Output")) {
5425 childNode2 = childNode->children;
5427 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Adapter")) {
5428 current_output = (
char *) xmlNodeGetContent(childNode2);
5429 current_out_type = (
char *) xmlGetProp(childNode2, (
const xmlChar *)
"type");
5431 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"File")) {
5432 current_output = (
char *) xmlNodeGetContent(childNode2);
5433 current_out_type = (
char *) childNode2->name;
5435 childNode2 = childNode2->next;
5438 childNode = childNode->next;
5441 curNode = curNode->next;
5447 status =
KsmImportZone(zone_name, policy_id, 0, &new_zone, current_signconf, current_input, current_output, current_in_type, current_out_type);
5450 printf(
"Error Importing zone %s; it already exists both with and without a trailing dot\n", zone_name);
5452 printf(
"Error Importing Zone %s\n", zone_name);
5458 if (new_zone == 1) {
5459 printf(
"Added zone %s to database\n", zone_name);
5465 printf(
"Error: unable to find a zone named \"%s\" in database\n", zone_name);
5466 printf(
"Error: Possibly two domains differ only by having a trailing dot or not?\n");
5472 zone_ids[i] = temp_id;
5480 xmlXPathFreeContext(xpathCtx);
5481 xmlRelaxNGFree(schema);
5482 xmlRelaxNGFreeValidCtxt(rngctx);
5483 xmlRelaxNGFreeParserCtxt(rngpctx);
5496 if (file_zone_count == db_zone_count) {
5501 else if (file_zone_count > db_zone_count) {
5502 printf(
"Failed to add all zones from zonelist\n");
5518 while (status == 0) {
5519 DbInt(row, 0, &temp_id);
5521 DbInt(row, 2, &policy_id);
5524 for (i = 0; i < db_zone_count; ++i) {
5525 if (temp_id == zone_ids[i]) {
5531 if (seen_zone == 0) {
5534 printf(
"Removing zone %s from database\n", zone_name);
5536 status =
KsmParameterInit(&result2,
"zones_share_keys",
"keys", policy_id);
5562 if ((shared.
value == 1 && temp_count == 1) || shared.
value == 0) {
5565 printf(
"Error: failed to mark keys as dead in database\n");
5600 int SetParamOnPolicy(
const xmlChar* new_value,
const char* name,
const char* category,
int current_value,
int policy_id,
int value_type)
5604 char* temp_char = (
char *)new_value;
5608 if (strlen(temp_char) != 0) {
5611 printf(
"Error: unable to convert interval %s to seconds, error: %i\n", temp_char, status);
5615 else if (status == -1) {
5616 printf(
"Info: converting %s to seconds; M interpreted as 31 days, Y interpreted as 365 days\n", temp_char);
5625 if (strncmp(temp_char,
"Y", 1) == 0) {
5635 printf(
"Error: unable to find repository %s\n", temp_char);
5645 printf(
"Error: unable to find serial type %s\n", temp_char);
5655 printf(
"Error: unable to find rollover scheme %s\n", temp_char);
5664 printf(
"Error: unable to convert %s to int\n", temp_char);
5674 if (value != current_value || current_value == 0) {
5677 printf(
"Error: unable to insert/update %s for policy\n", name);
5678 printf(
"Error: Is your database schema up to date?\n");
5684 if (strncmp(name,
"saltlength", 10) == 0) {
5687 printf(
"Error: unable to insert/update %s for policy\n", name);
5688 printf(
"Error: Is your database schema up to date?\n");
5699 if (policy == NULL) {
5700 printf(
"Error, no policy provided");
5737 policy->
ksk->
sm = 0;
5749 policy->
zsk->
sm = 0;
5786 if((from = fopen( orig_file,
"rb"))==NULL) {
5787 if (errno == ENOENT) {
5788 printf(
"File %s does not exist, nothing to backup\n", orig_file);
5792 printf(
"Cannot open source file.\n");
5798 if((to = fopen(backup_file,
"wb"))==NULL) {
5799 printf(
"Cannot open destination file, will not make backup.\n");
5805 while(!feof(from)) {
5808 printf(
"Error reading source file.\n");
5813 if(!feof(from)) fputc(ch, to);
5815 printf(
"Error writing destination file.\n");
5822 if(fclose(from)==EOF) {
5823 printf(
"Error closing source file.\n");
5828 if(fclose(to)==EOF) {
5829 printf(
"Error closing destination file.\n");
5847 get_db_details(
char** dbschema,
char** host,
char** port,
char** user,
char** password)
5852 xmlXPathContextPtr xpathCtx;
5853 xmlXPathObjectPtr xpathObj;
5854 xmlRelaxNGParserCtxtPtr rngpctx;
5855 xmlRelaxNGValidCtxtPtr rngctx;
5856 xmlRelaxNGPtr schema;
5857 xmlChar *litexpr = (
unsigned char*)
"//Configuration/Enforcer/Datastore/SQLite";
5858 xmlChar *mysql_host = (
unsigned char*)
"//Configuration/Enforcer/Datastore/MySQL/Host";
5859 xmlChar *mysql_port = (
unsigned char*)
"//Configuration/Enforcer/Datastore/MySQL/Host/@port";
5860 xmlChar *mysql_db = (
unsigned char*)
"//Configuration/Enforcer/Datastore/MySQL/Database";
5861 xmlChar *mysql_user = (
unsigned char*)
"//Configuration/Enforcer/Datastore/MySQL/Username";
5862 xmlChar *mysql_pass = (
unsigned char*)
"//Configuration/Enforcer/Datastore/MySQL/Password";
5866 char* temp_char = NULL;
5869 const char* rngfilename = OPENDNSSEC_SCHEMA_DIR
"/conf.rng";
5872 doc = xmlParseFile(
config);
5874 printf(
"Error: unable to parse file \"%s\"\n",
config);
5879 rngdoc = xmlParseFile(rngfilename);
5880 if (rngdoc == NULL) {
5881 printf(
"Error: unable to parse file \"%s\"\n", rngfilename);
5887 rngpctx = xmlRelaxNGNewDocParserCtxt(rngdoc);
5889 if (rngpctx == NULL) {
5890 printf(
"Error: unable to create XML RelaxNGs parser context\n");
5896 schema = xmlRelaxNGParse(rngpctx);
5897 xmlRelaxNGFreeParserCtxt(rngpctx);
5898 if (schema == NULL) {
5899 printf(
"Error: unable to parse a schema definition resource\n");
5905 rngctx = xmlRelaxNGNewValidCtxt(schema);
5906 if (rngctx == NULL) {
5907 printf(
"Error: unable to create RelaxNGs validation context based on the schema\n");
5908 xmlRelaxNGFree(schema);
5914 status = xmlRelaxNGValidateDoc(rngctx,doc);
5915 xmlRelaxNGFreeValidCtxt(rngctx);
5916 xmlRelaxNGFree(schema);
5918 printf(
"Error validating file \"%s\"\n",
config);
5925 xpathCtx = xmlXPathNewContext(doc);
5926 if(xpathCtx == NULL) {
5927 printf(
"Error: unable to create new XPath context\n");
5933 xpathObj = xmlXPathEvalExpression(litexpr, xpathCtx);
5934 if(xpathObj == NULL) {
5935 printf(
"Error: unable to evaluate xpath expression: %s\n", litexpr);
5936 xmlXPathFreeContext(xpathCtx);
5940 if(xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
5942 temp_char = (
char *)xmlXPathCastToString(xpathObj);
5946 fprintf(stderr,
"SQLite database set to: %s\n", *dbschema);
5949 xmlXPathFreeObject(xpathObj);
5951 if (db_found == 0) {
5956 xpathObj = xmlXPathEvalExpression(mysql_host, xpathCtx);
5957 if(xpathObj == NULL) {
5958 printf(
"Error: unable to evaluate xpath expression: %s\n", mysql_host);
5959 xmlXPathFreeContext(xpathCtx);
5963 if(xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
5964 temp_char = (
char *)xmlXPathCastToString(xpathObj);
5968 fprintf(stderr,
"MySQL database host set to: %s\n", *host);
5971 xmlXPathFreeObject(xpathObj);
5974 xpathObj = xmlXPathEvalExpression(mysql_port, xpathCtx);
5975 if(xpathObj == NULL) {
5976 printf(
"Error: unable to evaluate xpath expression: %s\n", mysql_port);
5977 xmlXPathFreeContext(xpathCtx);
5981 if(xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
5982 temp_char = (
char *)xmlXPathCastToString(xpathObj);
5986 fprintf(stderr,
"MySQL database port set to: %s\n", *port);
5989 xmlXPathFreeObject(xpathObj);
5992 xpathObj = xmlXPathEvalExpression(mysql_db, xpathCtx);
5993 if(xpathObj == NULL) {
5994 printf(
"Error: unable to evaluate xpath expression: %s\n", mysql_db);
5995 xmlXPathFreeContext(xpathCtx);
5999 if(xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
6000 temp_char = (
char *)xmlXPathCastToString(xpathObj);
6004 fprintf(stderr,
"MySQL database schema set to: %s\n", *dbschema);
6009 xmlXPathFreeObject(xpathObj);
6012 xpathObj = xmlXPathEvalExpression(mysql_user, xpathCtx);
6013 if(xpathObj == NULL) {
6014 printf(
"Error: unable to evaluate xpath expression: %s\n", mysql_user);
6015 xmlXPathFreeContext(xpathCtx);
6019 if(xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
6020 temp_char = (
char *)xmlXPathCastToString(xpathObj);
6024 fprintf(stderr,
"MySQL database user set to: %s\n", *user);
6029 xmlXPathFreeObject(xpathObj);
6032 xpathObj = xmlXPathEvalExpression(mysql_pass, xpathCtx);
6033 if(xpathObj == NULL) {
6034 printf(
"Error: unable to evaluate xpath expression: %s\n", mysql_pass);
6035 xmlXPathFreeContext(xpathCtx);
6040 temp_char = (
char *)xmlXPathCastToString(xpathObj);
6043 xmlXPathFreeObject(xpathObj);
6046 fprintf(stderr,
"MySQL database password set\n");
6051 xmlXPathFreeContext(xpathCtx);
6056 printf(
"Error: unable to find complete database connection expression\n");
6062 printf(
"Error: Config file %s specifies database type %s but system is compiled to use %s\n",
config, (db_found==1) ?
"MySQL" :
"sqlite3", (db_found==2) ?
"MySQL" :
"sqlite3");
6076 xmlTextReaderPtr reader = NULL;
6077 xmlDocPtr doc = NULL;
6078 xmlXPathContextPtr xpathCtx = NULL;
6079 xmlXPathObjectPtr xpathObj = NULL;
6081 char* temp_char = NULL;
6082 char* tag_name = NULL;
6084 xmlChar *zonelist_expr = (
unsigned char*)
"//Common/ZoneListFile";
6087 reader = xmlNewTextReaderFilename(
config);
6088 if (reader != NULL) {
6089 ret = xmlTextReaderRead(reader);
6091 tag_name = (
char*) xmlTextReaderLocalName(reader);
6093 if (strncmp(tag_name,
"Common", 6) == 0
6094 && xmlTextReaderNodeType(reader) == 1) {
6097 xmlTextReaderExpand(reader);
6098 doc = xmlTextReaderCurrentDoc(reader);
6100 printf(
"Error: can not read Common section\n");
6102 ret = xmlTextReaderRead(reader);
6106 xpathCtx = xmlXPathNewContext(doc);
6107 if(xpathCtx == NULL) {
6108 printf(
"Error: can not create XPath context for Common section\n");
6110 ret = xmlTextReaderRead(reader);
6115 xpathObj = xmlXPathEvalExpression(zonelist_expr, xpathCtx);
6116 if(xpathObj == NULL) {
6117 printf(
"Error: unable to evaluate xpath expression: %s\n", zonelist_expr);
6119 ret = xmlTextReaderRead(reader);
6122 *zone_list_filename = NULL;
6123 temp_char = (
char *)xmlXPathCastToString(xpathObj);
6124 xmlXPathFreeObject(xpathObj);
6125 StrAppend(zone_list_filename, temp_char);
6127 printf(
"zonelist filename set to %s.\n", *zone_list_filename);
6130 ret = xmlTextReaderRead(reader);
6133 xmlFreeTextReader(reader);
6135 printf(
"%s : failed to parse\n",
config);
6139 printf(
"Unable to open %s\n",
config);
6143 xmlXPathFreeContext(xpathCtx);
6153 const char *zone_name,
6154 const char *policy_name,
6155 const char *sig_conf_name,
6156 const char *input_name,
6157 const char *output_name,
6158 const char *input_type,
6159 const char *output_type)
6163 xmlNodePtr newzonenode;
6164 xmlNodePtr newadaptnode;
6165 xmlNodePtr newinputnode;
6166 xmlNodePtr newinadnode;
6167 xmlNodePtr newoutputnode;
6168 xmlNodePtr newoutadnode;
6169 doc = xmlParseFile(docname);
6171 fprintf(stderr,
"Document not parsed successfully. \n");
6174 cur = xmlDocGetRootElement(doc);
6176 fprintf(stderr,
"empty document\n");
6180 if (xmlStrcmp(cur->name, (
const xmlChar *)
"ZoneList")) {
6181 fprintf(stderr,
"document of the wrong type, root node != %s",
"ZoneList");
6185 newzonenode = xmlNewTextChild(cur, NULL, (
const xmlChar *)
"Zone", NULL);
6186 (void) xmlNewProp(newzonenode, (
const xmlChar *)
"name", (
const xmlChar *)zone_name);
6188 (void) xmlNewTextChild (newzonenode, NULL, (
const xmlChar *)
"Policy", (
const xmlChar *)policy_name);
6190 (void) xmlNewTextChild (newzonenode, NULL, (
const xmlChar *)
"SignerConfiguration", (
const xmlChar *)sig_conf_name);
6192 newadaptnode = xmlNewChild (newzonenode, NULL, (
const xmlChar *)
"Adapters", NULL);
6194 newinputnode = xmlNewChild (newadaptnode, NULL, (
const xmlChar *)
"Input", NULL);
6196 newinadnode = xmlNewTextChild (newinputnode, NULL, (
const xmlChar *)
"Adapter", (
const xmlChar *)input_name);
6197 (void) xmlNewProp(newinadnode, (
const xmlChar *)
"type", (
const xmlChar *)input_type);
6199 newoutputnode = xmlNewChild (newadaptnode, NULL, (
const xmlChar *)
"Output", NULL);
6201 newoutadnode = xmlNewTextChild (newoutputnode, NULL, (
const xmlChar *)
"Adapter", (
const xmlChar *)output_name);
6202 (void) xmlNewProp(newoutadnode, (
const xmlChar *)
"type", (
const xmlChar *)output_type);
6208 const char *zone_name)
6214 doc = xmlParseFile(docname);
6216 fprintf(stderr,
"Document not parsed successfully. \n");
6219 root = xmlDocGetRootElement(doc);
6221 fprintf(stderr,
"empty document\n");
6225 if (xmlStrcmp(root->name, (
const xmlChar *)
"ZoneList")) {
6226 fprintf(stderr,
"document of the wrong type, root node != %s",
"ZoneList");
6232 if (all_flag == 1) {
6233 cur = root->children;
6239 cur = root->children;
6245 for(cur = root->children; cur != NULL; cur = cur->next)
6248 if (xmlStrcmp( xmlGetProp(cur, (xmlChar *)
"name"), (
const xmlChar *) zone_name) == 0)
6252 cur = root->children;
6267 xmlChar *polChar = NULL;
6268 xmlChar *propChar = NULL;
6274 doc = xmlParseFile(docname);
6276 fprintf(stderr,
"Document not parsed successfully. \n");
6279 root = xmlDocGetRootElement(doc);
6281 fprintf(stderr,
"empty document\n");
6285 if (xmlStrcmp(root->name, (
const xmlChar *)
"ZoneList")) {
6286 fprintf(stderr,
"document of the wrong type, root node != %s",
"ZoneList");
6292 for(cur = root->children; cur != NULL; cur = cur->next)
6294 if (xmlStrcmp( cur->name, (
const xmlChar *)
"Zone") == 0) {
6295 propChar = xmlGetProp(cur, (xmlChar *)
"name");
6296 printf(
"Found Zone: %s", propChar);
6302 printf(
" (zone not in database)");
6305 zone_ids[i] = temp_id;
6310 for(pol = cur->children; pol != NULL; pol = pol->next)
6312 if (xmlStrcmp( pol->name, (
const xmlChar *)
"Policy") == 0)
6314 polChar = xmlNodeGetContent(pol);
6315 printf(
"; on policy %s\n", polChar);
6334 xmlNodePtr policy_node;
6335 xmlNodePtr signatures_node;
6336 xmlNodePtr validity_node;
6337 xmlNodePtr denial_node;
6338 xmlNodePtr nsec_node;
6339 xmlNodePtr hash_node;
6340 xmlNodePtr salt_node;
6341 xmlNodePtr keys_node;
6342 xmlNodePtr ksk_node;
6343 xmlNodePtr ksk_alg_node;
6344 xmlNodePtr zsk_node;
6345 xmlNodePtr zsk_alg_node;
6346 xmlNodePtr zone_node;
6347 xmlNodePtr zone_soa_node;
6348 xmlNodePtr parent_node;
6349 xmlNodePtr parent_ds_node;
6350 xmlNodePtr parent_soa_node;
6354 root = xmlDocGetRootElement(doc);
6356 fprintf(stderr,
"empty document\n");
6359 if (xmlStrcmp(root->name, (
const xmlChar *)
"KASP")) {
6360 fprintf(stderr,
"document of the wrong type, root node != %s",
"KASP");
6364 policy_node = xmlNewTextChild(root, NULL, (
const xmlChar *)
"Policy", NULL);
6365 (void) xmlNewProp(policy_node, (
const xmlChar *)
"name", (
const xmlChar *)policy->
name);
6366 (void) xmlNewTextChild(policy_node, NULL, (
const xmlChar *)
"Description", (
const xmlChar *)policy->
description);
6369 signatures_node = xmlNewTextChild(policy_node, NULL, (
const xmlChar *)
"Signatures", NULL);
6371 (void) xmlNewTextChild(signatures_node, NULL, (
const xmlChar *)
"Resign", (
const xmlChar *)temp_time);
6373 (void) xmlNewTextChild(signatures_node, NULL, (
const xmlChar *)
"Refresh", (
const xmlChar *)temp_time);
6374 validity_node = xmlNewTextChild(signatures_node, NULL, (
const xmlChar *)
"Validity", NULL);
6376 (void) xmlNewTextChild(validity_node, NULL, (
const xmlChar *)
"Default", (
const xmlChar *)temp_time);
6378 (void) xmlNewTextChild(validity_node, NULL, (
const xmlChar *)
"Denial", (
const xmlChar *)temp_time);
6379 snprintf(temp_time, 32,
"PT%dS", policy->
signer->
jitter);
6380 (void) xmlNewTextChild(signatures_node, NULL, (
const xmlChar *)
"Jitter", (
const xmlChar *)temp_time);
6382 (void) xmlNewTextChild(signatures_node, NULL, (
const xmlChar *)
"InceptionOffset", (
const xmlChar *)temp_time);
6385 denial_node = xmlNewTextChild(policy_node, NULL, (
const xmlChar *)
"Denial", NULL);
6388 (void) xmlNewTextChild(denial_node, NULL, (
const xmlChar *)
"NSEC", NULL);
6392 nsec_node = xmlNewTextChild(denial_node, NULL, (
const xmlChar *)
"NSEC3", NULL);
6394 snprintf(temp_time, 32,
"PT%dS", policy->
denial->
ttl);
6395 (void) xmlNewTextChild(nsec_node, NULL, (
const xmlChar *)
"TTL", (
const xmlChar *)temp_time);
6399 (void) xmlNewTextChild(nsec_node, NULL, (
const xmlChar *)
"OptOut", NULL);
6401 snprintf(temp_time, 32,
"PT%dS", policy->
denial->
resalt);
6402 (void) xmlNewTextChild(nsec_node, NULL, (
const xmlChar *)
"Resalt", (
const xmlChar *)temp_time);
6403 hash_node = xmlNewTextChild(nsec_node, NULL, (
const xmlChar *)
"Hash", NULL);
6405 (void) xmlNewTextChild(hash_node, NULL, (
const xmlChar *)
"Algorithm", (
const xmlChar *)temp_time);
6407 (void) xmlNewTextChild(hash_node, NULL, (
const xmlChar *)
"Iterations", (
const xmlChar *)temp_time);
6409 salt_node = xmlNewTextChild(hash_node, NULL, (
const xmlChar *)
"Salt", NULL);
6410 (void) xmlNewProp(salt_node, (
const xmlChar *)
"length", (
const xmlChar *)temp_time);
6414 keys_node = xmlNewTextChild(policy_node, NULL, (
const xmlChar *)
"Keys", NULL);
6415 snprintf(temp_time, 32,
"PT%dS", policy->
keys->
ttl);
6416 (void) xmlNewTextChild(keys_node, NULL, (
const xmlChar *)
"TTL", (
const xmlChar *)temp_time);
6418 (void) xmlNewTextChild(keys_node, NULL, (
const xmlChar *)
"RetireSafety", (
const xmlChar *)temp_time);
6420 (void) xmlNewTextChild(keys_node, NULL, (
const xmlChar *)
"PublishSafety", (
const xmlChar *)temp_time);
6423 (void) xmlNewTextChild(keys_node, NULL, (
const xmlChar *)
"ShareKeys", NULL);
6426 snprintf(temp_time, 32,
"PT%dS", policy->
keys->
purge);
6427 (void) xmlNewTextChild(keys_node, NULL, (
const xmlChar *)
"Purge", (
const xmlChar *)temp_time);
6431 ksk_node = xmlNewTextChild(keys_node, NULL, (
const xmlChar *)
"KSK", NULL);
6433 ksk_alg_node = xmlNewTextChild(ksk_node, NULL, (
const xmlChar *)
"Algorithm", (
const xmlChar *)temp_time);
6434 snprintf(temp_time, 32,
"%d", policy->
ksk->
bits);
6435 (void) xmlNewProp(ksk_alg_node, (
const xmlChar *)
"length", (
const xmlChar *)temp_time);
6436 snprintf(temp_time, 32,
"PT%dS", policy->
ksk->
lifetime);
6437 (void) xmlNewTextChild(ksk_node, NULL, (
const xmlChar *)
"Lifetime", (
const xmlChar *)temp_time);
6438 (void) xmlNewTextChild(ksk_node, NULL, (
const xmlChar *)
"Repository", (
const xmlChar *)policy->
ksk->
sm_name);
6440 (void) xmlNewTextChild(ksk_node, NULL, (
const xmlChar *)
"Standby", (
const xmlChar *)temp_time);
6443 (void) xmlNewTextChild(ksk_node, NULL, (
const xmlChar *)
"ManualRollover", NULL);
6447 (void) xmlNewTextChild(ksk_node, NULL, (
const xmlChar *)
"RFC5011", NULL);
6455 zsk_node = xmlNewTextChild(keys_node, NULL, (
const xmlChar *)
"ZSK", NULL);
6457 zsk_alg_node = xmlNewTextChild(zsk_node, NULL, (
const xmlChar *)
"Algorithm", (
const xmlChar *)temp_time);
6458 snprintf(temp_time, 32,
"%d", policy->
zsk->
bits);
6459 (void) xmlNewProp(zsk_alg_node, (
const xmlChar *)
"length", (
const xmlChar *)temp_time);
6460 snprintf(temp_time, 32,
"PT%dS", policy->
zsk->
lifetime);
6461 (void) xmlNewTextChild(zsk_node, NULL, (
const xmlChar *)
"Lifetime", (
const xmlChar *)temp_time);
6462 (void) xmlNewTextChild(zsk_node, NULL, (
const xmlChar *)
"Repository", (
const xmlChar *)policy->
zsk->
sm_name);
6464 (void) xmlNewTextChild(zsk_node, NULL, (
const xmlChar *)
"Standby", (
const xmlChar *)temp_time);
6467 (void) xmlNewTextChild(zsk_node, NULL, (
const xmlChar *)
"ManualRollover", NULL);
6471 zone_node = xmlNewTextChild(policy_node, NULL, (
const xmlChar *)
"Zone", NULL);
6473 (void) xmlNewTextChild(zone_node, NULL, (
const xmlChar *)
"PropagationDelay", (
const xmlChar *)temp_time);
6474 zone_soa_node = xmlNewTextChild(zone_node, NULL, (
const xmlChar *)
"SOA", NULL);
6475 snprintf(temp_time, 32,
"PT%dS", policy->
zone->
soa_ttl);
6476 (void) xmlNewTextChild(zone_soa_node, NULL, (
const xmlChar *)
"TTL", (
const xmlChar *)temp_time);
6477 snprintf(temp_time, 32,
"PT%dS", policy->
zone->
soa_min);
6478 (void) xmlNewTextChild(zone_soa_node, NULL, (
const xmlChar *)
"Minimum", (
const xmlChar *)temp_time);
6482 parent_node = xmlNewTextChild(policy_node, NULL, (
const xmlChar *)
"Parent", NULL);
6484 (void) xmlNewTextChild(parent_node, NULL, (
const xmlChar *)
"PropagationDelay", (
const xmlChar *)temp_time);
6485 parent_ds_node = xmlNewTextChild(parent_node, NULL, (
const xmlChar *)
"DS", NULL);
6486 snprintf(temp_time, 32,
"PT%dS", policy->
parent->
ds_ttl);
6487 (void) xmlNewTextChild(parent_ds_node, NULL, (
const xmlChar *)
"TTL", (
const xmlChar *)temp_time);
6488 parent_soa_node = xmlNewTextChild(parent_node, NULL, (
const xmlChar *)
"SOA", NULL);
6490 (void) xmlNewTextChild(parent_soa_node, NULL, (
const xmlChar *)
"TTL", (
const xmlChar *)temp_time);
6492 (void) xmlNewTextChild(parent_soa_node, NULL, (
const xmlChar *)
"Minimum", (
const xmlChar *)temp_time);
6501 const char *policy_name)
6507 doc = xmlParseFile(docname);
6509 fprintf(stderr,
"Document not parsed successfully. \n");
6512 root = xmlDocGetRootElement(doc);
6514 fprintf(stderr,
"empty document\n");
6518 if (xmlStrcmp(root->name, (
const xmlChar *)
"KASP")) {
6519 fprintf(stderr,
"document of the wrong type, root node != %s",
"KASP");
6526 for(cur = root->children; cur != NULL; cur = cur->next)
6529 if (xmlStrcmp( xmlGetProp(cur, (xmlChar *)
"name"), (
const xmlChar *) policy_name) == 0)
6533 cur = root->children;
6549 fprintf(stdout,
"KSK:");
6553 fprintf(stdout,
"ZSK:");
6555 fprintf(stdout,
" %s Retired\n", key_data->
location);
6567 fprintf(stderr,
"%s\n", format);
6594 char* temp_zone = NULL;
6597 char* temp_publish = NULL;
6598 char* temp_ready = NULL;
6599 char* temp_active = NULL;
6600 char* temp_retire = NULL;
6601 char* temp_dead = NULL;
6602 char* temp_loc = NULL;
6603 char* temp_hsm = NULL;
6607 bool bool_temp_zone =
false;
6610 char *case_keystate = NULL;
6611 char *case_keytype = NULL;
6614 hsm_key_t *key = NULL;
6615 ldns_rr *dnskey_rr = NULL;
6616 hsm_sign_params_t *sign_params = NULL;
6620 status = hsm_open(
config, hsm_prompt_pin);
6622 hsm_print_error(NULL);
6629 printf(
"Error: --keystate and --all option cannot be given together\n");
6634 StrAppend(&sql,
"select z.name, k.keytype, k.state, k.ready, k.active, k.retire, k.dead, k.location, s.name, k.algorithm, k.size, k.publish from securitymodules s, KEYDATA_VIEW k left join zones z on k.zone_id = z.id where s.id = k.securitymodule_id ");
6635 if (zone_id != -1) {
6645 if (strncmp(case_keystate,
"GENERATE", 8) == 0 || strncmp(
o_keystate,
"1", 1) == 0) {
6648 else if (strncmp(case_keystate,
"KEYPUBLISH", 10) == 0 || strncmp(
o_keystate,
"10", 2) == 0) {
6651 else if (strncmp(case_keystate,
"PUBLISH", 7) == 0 || strncmp(
o_keystate,
"2", 1) == 0) {
6654 else if (strncmp(case_keystate,
"READY", 5) == 0 || strncmp(
o_keystate,
"3", 1) == 0) {
6657 else if (strncmp(case_keystate,
"ACTIVE", 6) == 0 || strncmp(
o_keystate,
"4", 1) == 0) {
6660 else if (strncmp(case_keystate,
"RETIRE", 6) == 0 || strncmp(
o_keystate,
"5", 1) == 0) {
6663 else if (strncmp(case_keystate,
"DEAD", 4) == 0 || strncmp(
o_keystate,
"6", 1) == 0) {
6666 else if (strncmp(case_keystate,
"DSSUB", 5) == 0 || strncmp(
o_keystate,
"7", 1) == 0) {
6669 else if (strncmp(case_keystate,
"DSPUBLISH", 9) == 0 || strncmp(
o_keystate,
"8", 1) == 0) {
6672 else if (strncmp(case_keystate,
"DSREADY", 7) == 0 || strncmp(
o_keystate,
"9", 1) == 0) {
6676 printf(
"Error: Unrecognised state %s; should be one of GENERATE, PUBLISH, READY, ACTIVE, RETIRE, DEAD, DSSUB, DSPUBLISH, DSREADY or KEYPUBLISH\n",
o_keystate);
6682 if (state_id != -1){
6701 if (strncmp(case_keytype,
"KSK", 3) == 0 || strncmp(
o_keytype,
"257", 3) == 0) {
6704 else if (strncmp(case_keytype,
"ZSK", 3) == 0 || strncmp(
o_keytype,
"256", 3) == 0) {
6708 printf(
"Error: Unrecognised keytype %s; should be one of KSK or ZSK\n",
o_keytype);
6723 if (verbose_flag == 1) {
6724 printf(
"Zone: Keytype: State: Date of next transition (to): Size: Algorithm: CKA_ID: Repository: Keytag:\n");
6727 printf(
"Zone: Keytype: State: Date of next transition:\n");
6729 while (status == 0) {
6732 DbInt(row, 1, &temp_type);
6733 DbInt(row, 2, &temp_state);
6740 DbInt(row, 9, &temp_alg);
6741 DbInt(row, 10, &temp_size);
6743 if (temp_zone == NULL){
6744 bool_temp_zone =
true;
6745 temp_zone =
"NOT ALLOCATED";
6747 bool_temp_zone =
false;
6753 printf(
"%-31s %-13s %-9s %-20s", temp_zone,
"",
"generate",
"(not scheduled)");
6755 printf(
"(publish) ");
6762 printf(
"%-31s %-13s %-9s %-20s", temp_zone, (temp_type ==
KSM_TYPE_KSK) ?
"KSK" :
"ZSK",
KsmKeywordStateValueToName(temp_state), (temp_publish== NULL) ?
"(not scheduled)" : temp_publish);
6764 printf(
"(publish) ");
6779 printf(
"(active) ");
6784 printf(
"%-31s %-13s %-9s %-20s", temp_zone, (temp_type ==
KSM_TYPE_KSK) ?
"KSK" :
"ZSK",
KsmKeywordStateValueToName(temp_state), (temp_retire == NULL) ?
"(not scheduled)" : temp_retire);
6786 printf(
"(retire) ");
6801 printf(
"(deleted) ");
6814 printf(
"%-31s %-13s %-9s %-20s", temp_zone,
"KSK",
KsmKeywordStateValueToName(temp_state), (temp_ready == NULL) ?
"(not scheduled)" : temp_ready);
6816 printf(
"(dsready) ");
6823 printf(
"(keypub) ");
6828 printf(
"%-31s %-13s %-9s %-20s", temp_zone,
"KSK",
KsmKeywordStateValueToName(temp_state), (temp_active == NULL) ?
"(not scheduled)" : temp_active);
6830 printf(
"(active) ");
6835 if (done_row == 1 && verbose_flag == 1) {
6836 printf(
"%-7d %-12d", temp_size, temp_alg);
6837 key = hsm_find_key_by_id(NULL, temp_loc);
6839 printf(
"%-33s %s NOT IN repository\n", temp_loc, temp_hsm);
6840 }
else if (bool_temp_zone ==
true){
6841 printf(
"%-33s %s\n",temp_loc,temp_hsm);
6843 sign_params = hsm_sign_params_new();
6844 sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, temp_zone);
6845 sign_params->algorithm = temp_alg;
6846 sign_params->flags = LDNS_KEY_ZONE_KEY;
6848 sign_params->flags += LDNS_KEY_SEP_KEY;
6850 dnskey_rr = hsm_get_dnskey(NULL, key, sign_params);
6851 sign_params->keytag = ldns_calc_keytag(dnskey_rr);
6853 printf(
"%-33s %-33s %d\n", temp_loc, temp_hsm, sign_params->keytag);
6855 hsm_sign_params_free(sign_params);
6859 else if (done_row == 1) {
6877 if (bool_temp_zone ==
false){
6887 if (dnskey_rr != NULL) {
6888 ldns_rr_free(dnskey_rr);
6930 char* temp_loc = NULL;
6933 int done_something = 0;
6936 hsm_key_t *key = NULL;
6938 if ((zone_id == -1 && policy_id == -1) ||
6939 (zone_id != -1 && policy_id != -1)){
6940 printf(
"Please provide either a zone OR a policy to key purge\n");
6946 status = hsm_open(
config, hsm_prompt_pin);
6948 hsm_print_error(NULL);
6953 StrAppend(&sql,
"select distinct id, location from KEYDATA_VIEW where state = 6 ");
6954 if (zone_id != -1) {
6959 if (policy_id != -1) {
6970 while (status == 0) {
6972 DbInt(row, 0, &temp_id);
7032 key = hsm_find_key_by_id(NULL, temp_loc);
7035 printf(
"Key not found: %s\n", temp_loc);
7043 status = hsm_remove_key(NULL, key);
7048 printf(
"Key remove successful: %s\n", temp_loc);
7050 printf(
"Key remove failed: %s\n", temp_loc);
7072 if (done_something == 0) {
7073 printf(
"No keys to purge.\n");
7093 hsm_ctx_t *ctx = NULL;
7098 hsm_key_t *key = NULL;
7099 char *hsm_error_message = NULL;
7101 int ksks_needed = 0;
7102 int zsks_needed = 0;
7103 int ksks_in_queue = 0;
7104 int zsks_in_queue = 0;
7107 unsigned int current_count = 0;
7113 int ksks_created = 0;
7117 FILE* lock_fd = NULL;
7125 printf(
"Failed to connect to database\n");
7131 if (policy == NULL) {
7132 printf(
"Malloc for policy struct failed\n");
7138 printf(
"Please provide a policy name with the --policy option\n");
7144 printf(
"Please provide an interval with the --interval option\n");
7157 printf(
"Error: unable to read policy %s from database\n",
o_policy);
7163 printf(
"Error: policy %s doesn't exist in database\n",
o_policy);
7170 printf(
"Key sharing is On\n");
7172 printf(
"Key sharing is Off\n");
7177 printf(
"Error: unable to convert Interval %s to seconds, error: ",
o_interval);
7180 printf(
"invalid interval-type.\n");
7183 printf(
"unable to translate string.\n");
7186 printf(
"interval too long to be an int. E.g. Maximum is ~68 years on a system with 32-bit integers.\n");
7189 printf(
"invalid pointers or text string NULL.\n");
7192 printf(
"unknown\n");
7198 else if (status == -1) {
7199 printf(
"Info: converting %s to seconds; M interpreted as 31 days, Y interpreted as 365 days\n",
o_interval);
7203 status = hsm_open(
config, hsm_prompt_pin);
7205 hsm_error_message = hsm_get_error(ctx);
7206 if (hsm_error_message) {
7207 printf(
"%s\n", hsm_error_message);
7208 free(hsm_error_message);
7214 printf(
"hsm_open() result: HSM error\n");
7216 case HSM_PIN_INCORRECT:
7217 printf(
"hsm_open() result: incorrect PIN\n");
7219 case HSM_CONFIG_FILE_ERROR:
7220 printf(
"hsm_open() result: config file error\n");
7222 case HSM_REPOSITORY_NOT_FOUND:
7223 printf(
"hsm_open() result: repository not found\n");
7225 case HSM_NO_REPOSITORIES:
7226 printf(
"hsm_open() result: no repositories\n");
7229 printf(
"hsm_open() result: %d", status);
7236 printf(
"HSM opened successfully.\n");
7237 ctx = hsm_create_context();
7242 if (rightnow == NULL) {
7243 printf(
"Couldn't turn \"now\" into a date, quitting...\n");
7264 printf(
"Could not count zones on policy %s\n", policy->
name);
7267 hsm_destroy_context(ctx);
7273 printf(
"Info: %d zone(s) found on policy \"%s\"\n", zone_count, policy->
name);
7282 printf(
"Error: Unable to convert zonetotal \"%s\"; to an integer\n",
o_zonetotal);
7289 printf(
"Error: zonetotal \"%s\"; should be numeric only\n",
o_zonetotal);
7296 if (zone_count < 1) {
7297 printf(
"Error: zonetotal parameter value of %d is invalid - the value must be greater than 0\n", zone_count);
7303 printf(
"Info: Keys will actually be generated for a total of %d zone(s) as specified by zone total parameter\n", zone_count);
7307 if (zone_count == 0) {
7308 printf(
"No zones on policy %s, skipping...\n", policy->
name);
7311 hsm_destroy_context(ctx);
7322 printf(
"Could not predict ksk requirement for next interval for %s\n", policy->
name);
7331 printf(
"Could not count current ksk numbers for policy %s\n", policy->
name);
7339 new_ksks = ksks_needed - ksks_in_queue;
7340 printf(
"%d new KSK(s) (%d bits) need to be created for policy %s: keys_to_generate(%d) = keys_needed(%d) - keys_available(%d).\n", new_ksks, policy->
ksk->
bits, policy->
name, new_ksks, ksks_needed, ksks_in_queue);
7346 printf(
"Could not predict zsk requirement for next interval for %s\n", policy->
name);
7355 printf(
"Could not count current zsk numbers for policy %s\n", policy->
name);
7366 if (new_ksks >= 0) {
7371 zsks_in_queue -= ksks_needed;
7375 new_zsks = zsks_needed - zsks_in_queue;
7376 printf(
"%d new ZSK(s) (%d bits) need to be created for policy %s: keys_to_generate(%d) = keys_needed(%d) - keys_available(%d).\n", new_zsks, policy->
zsk->
bits, policy->
name, new_zsks, zsks_needed, zsks_in_queue);
7382 if (policy->
ksk->
sm_capacity != 0 && (new_ksks + new_zsks) > 0) {
7383 current_count = hsm_count_keys_repository(ctx, policy->
ksk->
sm_name);
7385 printf(
"Repository %s is full, cannot create more keys for policy %s\n", policy->
ksk->
sm_name, policy->
name);
7389 printf(
"Repository %s is nearly full, will create %lu KSKs for policy %s (reduced from %d)\n", policy->
ksk->
sm_name, policy->
ksk->
sm_capacity - current_count, policy->
name, new_ksks);
7392 else if (current_count + new_ksks + new_zsks > policy->
ksk->
sm_capacity) {
7393 printf(
"Repository %s is nearly full, will create %lu ZSKs for policy %s (reduced from %d)\n", policy->
ksk->
sm_name, policy->
ksk->
sm_capacity - current_count, policy->
name, new_ksks);
7402 current_count = hsm_count_keys_repository(ctx, policy->
ksk->
sm_name);
7404 printf(
"Repository %s is full, cannot create more KSKs for policy %s\n", policy->
ksk->
sm_name, policy->
name);
7408 printf(
"Repository %s is nearly full, will create %lu KSKs for policy %s (reduced from %d)\n", policy->
ksk->
sm_name, policy->
ksk->
sm_capacity - current_count, policy->
name, new_ksks);
7415 current_count = hsm_count_keys_repository(ctx, policy->
zsk->
sm_name);
7417 printf(
"Repository %s is full, cannot create more ZSKs for policy %s\n", policy->
zsk->
sm_name, policy->
name);
7421 printf(
"Repository %s is nearly full, will create %lu ZSKs for policy %s (reduced from %d)\n", policy->
zsk->
sm_name, policy->
zsk->
sm_capacity - current_count, policy->
name, new_zsks);
7428 if (new_ksks <= 0 && new_zsks <= 0) {
7429 printf(
"No keys need to be created, quitting...\n");
7432 hsm_destroy_context(ctx);
7434 status = hsm_close();
7435 printf(
"all done! hsm_close result: %d\n", status);
7442 if (!auto_accept_flag) {
7443 printf(
"*WARNING* This will create %d KSKs (%d bits) and %d ZSKs (%d bits)\nAre you sure? [y/N] \n", new_ksks >= 0 ? new_ksks : 0, policy->
ksk->
bits, new_zsks >= 0 ? new_zsks : 0, policy->
zsk->
bits);
7445 user_certain = getchar();
7446 if (user_certain !=
'y' && user_certain !=
'Y') {
7447 printf(
"Okay, quitting...\n");
7450 hsm_destroy_context(ctx);
7452 status = hsm_close();
7453 printf(
"all done! hsm_close result: %d\n", status);
7461 for (i=new_ksks ; i > 0 ; i--){
7462 if (hsm_supported_algorithm(policy->
ksk->
algorithm) == 0) {
7467 printf(
"Created key in repository %s\n", policy->
ksk->
sm_name);
7470 printf(
"Error creating key in repository %s\n", policy->
ksk->
sm_name);
7471 hsm_error_message = hsm_get_error(ctx);
7472 if (hsm_error_message) {
7473 printf(
"%s\n", hsm_error_message);
7474 free(hsm_error_message);
7481 id = hsm_get_key_id(ctx, key);
7485 printf(
"Error creating key in Database\n");
7486 hsm_error_message = hsm_get_error(ctx);
7487 if (hsm_error_message) {
7488 printf(
"%s\n", hsm_error_message);
7489 free(hsm_error_message);
7496 printf(
"Created KSK size: %i, alg: %i with id: %s in repository: %s and database.\n", policy->
ksk->
bits,
7500 printf(
"Key algorithm %d unsupported by libhsm.\n", policy->
ksk->
algorithm);
7507 ksks_created = new_ksks;
7510 for (i = new_zsks ; i > 0 ; i--) {
7511 if (hsm_supported_algorithm(policy->
zsk->
algorithm) == 0) {
7516 printf(
"Created key in repository %s\n", policy->
zsk->
sm_name);
7519 printf(
"Error creating key in repository %s\n", policy->
zsk->
sm_name);
7520 hsm_error_message = hsm_get_error(ctx);
7521 if (hsm_error_message) {
7522 printf(
"%s\n", hsm_error_message);
7523 free(hsm_error_message);
7530 id = hsm_get_key_id(ctx, key);
7534 printf(
"Error creating key in Database\n");
7535 hsm_error_message = hsm_get_error(ctx);
7536 if (hsm_error_message) {
7537 printf(
"%s\n", hsm_error_message);
7538 free(hsm_error_message);
7545 printf(
"Created ZSK size: %i, alg: %i with id: %s in repository: %s and database.\n", policy->
zsk->
bits,
7549 printf(
"Key algorithm %d unsupported by libhsm.\n", policy->
zsk->
algorithm);
7560 printf(
"NOTE: keys generated in repository %s will not become active until they have been backed up\n", policy->
ksk->
sm_name);
7563 printf(
"NOTE: keys generated in repository %s will not become active until they have been backed up\n", policy->
zsk->
sm_name);
7570 hsm_destroy_context(ctx);
7572 status = hsm_close();
7573 printf(
"all done! hsm_close result: %d\n", status);
7588 int keypair_id = -1;
7592 FILE* lock_fd = NULL;
7597 hsm_key_t *key = NULL;
7601 printf(
"Please provide a CKA_ID for the key to delete\n");
7609 printf(
"Failed to connect to database\n");
7617 if (status != 0 || key_state == -1) {
7618 printf(
"Failed to determine the state of the key\n");
7625 if (force_flag == 1) {
7626 printf(
"*WARNING* This will delete a key that the enforcer believes is in use; are you really sure? [y/N] ");
7628 user_certain = getchar();
7629 if (user_certain !=
'y' && user_certain !=
'Y') {
7630 printf(
"Okay, quitting...\n");
7635 printf(
"The enforcer believes that this key is in use, quitting...\n");
7668 if (hsm_flag == 1) {
7670 status = hsm_open(
config, hsm_prompt_pin);
7672 hsm_print_error(NULL);
7677 key = hsm_find_key_by_id(NULL,
o_cka_id);
7680 printf(
"Key not found in HSM: %s\n",
o_cka_id);
7685 status = hsm_remove_key(NULL, key);
7692 printf(
"Key delete successful: %s\n",
o_cka_id);
7694 printf(
"Key delete failed: %s\n",
o_cka_id);
7705 struct stat stat_ret;
7709 xmlDocPtr doc = NULL;
7710 xmlDocPtr rngdoc = NULL;
7711 xmlXPathContextPtr xpathCtx = NULL;
7712 xmlXPathObjectPtr xpathObj = NULL;
7713 xmlRelaxNGParserCtxtPtr rngpctx = NULL;
7714 xmlRelaxNGValidCtxtPtr rngctx = NULL;
7715 xmlRelaxNGPtr schema = NULL;
7716 xmlChar *user_expr = (
unsigned char*)
"//Configuration/Enforcer/Privileges/User";
7717 xmlChar *group_expr = (
unsigned char*)
"//Configuration/Enforcer/Privileges/Group";
7719 char* filename = OPENDNSSEC_CONFIG_FILE;
7720 char* rngfilename = OPENDNSSEC_SCHEMA_DIR
"/conf.rng";
7721 char* temp_char = NULL;
7728 char *username = NULL;
7729 char *groupname = NULL;
7731 printf(
"fixing permissions on file %s\n", dbschema);
7733 if (geteuid() != 0) {
7738 if (stat(dbschema, &stat_ret) != 0) {
7739 printf(
"cannot stat file %s: %s", dbschema, strerror(errno));
7745 doc = xmlParseFile(filename);
7747 printf(
"Error: unable to parse file \"%s\"", filename);
7752 rngdoc = xmlParseFile(rngfilename);
7753 if (rngdoc == NULL) {
7754 printf(
"Error: unable to parse file \"%s\"", rngfilename);
7759 rngpctx = xmlRelaxNGNewDocParserCtxt(rngdoc);
7760 if (rngpctx == NULL) {
7761 printf(
"Error: unable to create XML RelaxNGs parser context");
7766 schema = xmlRelaxNGParse(rngpctx);
7767 if (schema == NULL) {
7768 printf(
"Error: unable to parse a schema definition resource");
7773 rngctx = xmlRelaxNGNewValidCtxt(schema);
7774 if (rngctx == NULL) {
7775 printf(
"Error: unable to create RelaxNGs validation context based on the schema");
7780 status = xmlRelaxNGValidateDoc(rngctx,doc);
7782 printf(
"Error validating file \"%s\"", filename);
7788 xpathCtx = xmlXPathNewContext(doc);
7789 if(xpathCtx == NULL) {
7790 printf(
"Error: unable to create new XPath context");
7796 xpathObj = xmlXPathEvalExpression(group_expr, xpathCtx);
7797 if(xpathObj == NULL) {
7798 printf(
"Error: unable to evaluate xpath expression: %s", group_expr);
7799 xmlXPathFreeContext(xpathCtx);
7803 if (xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
7804 temp_char = (
char*) xmlXPathCastToString(xpathObj);
7807 xmlXPathFreeObject(xpathObj);
7813 xpathObj = xmlXPathEvalExpression(user_expr, xpathCtx);
7814 if(xpathObj == NULL) {
7815 printf(
"Error: unable to evaluate xpath expression: %s", user_expr);
7816 xmlXPathFreeContext(xpathCtx);
7820 if (xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
7821 temp_char = (
char*) xmlXPathCastToString(xpathObj);
7824 xmlXPathFreeObject(xpathObj);
7830 xmlXPathFreeContext(xpathCtx);
7831 xmlRelaxNGFree(schema);
7832 xmlRelaxNGFreeValidCtxt(rngctx);
7833 xmlRelaxNGFreeParserCtxt(rngpctx);
7838 if (username != NULL) {
7840 if ((pwd = getpwnam(username)) == NULL) {
7841 printf(
"user '%s' does not exist. cannot chown %s...\n", username, dbschema);
7850 if ((grp = getgrnam(groupname)) == NULL) {
7851 printf(
"group '%s' does not exist. cannot chown %s...\n", groupname, dbschema);
7860 if (chown(dbschema, uid, gid) == -1) {
7861 printf(
"cannot chown(%u,%u) %s: %s",
7862 (
unsigned) uid, (
unsigned) gid, dbschema, strerror(errno));
7871 if (chown(temp_char, uid, gid) == -1) {
7872 printf(
"cannot chown(%u,%u) %s: %s",
7873 (
unsigned) uid, (
unsigned) gid, temp_char, strerror(errno));
7915 int CountKeys(
int *zone_id,
int keytag,
const char *cka_id,
int *key_count,
char **temp_cka_id,
int *temp_key_state,
int *temp_keypair_id)
7928 int temp_zone_id = 0;
7929 char* temp_loc = NULL;
7932 int temp_keypair = 0;
7937 hsm_key_t *key = NULL;
7938 ldns_rr *dnskey_rr = NULL;
7939 hsm_sign_params_t *sign_params = NULL;
7942 status = hsm_open(
config, hsm_prompt_pin);
7944 hsm_print_error(NULL);
7949 nchar = snprintf(buffer,
sizeof(buffer),
"(%d, %d, %d)",
7951 if (nchar >=
sizeof(buffer)) {
7952 printf(
"Error: Overran buffer in CountKeys\n");
7958 StrAppend(&sql,
"select k.zone_id, k.location, k.algorithm, k.state, k.id from KEYDATA_VIEW k where state in ");
7960 StrAppend(&sql,
" and zone_id is not null and k.keytype = 257");
7962 if (*zone_id != -1) {
7967 if (cka_id != NULL) {
7985 while (status == 0) {
7987 DbInt(row, 0, &temp_zone_id);
7989 DbInt(row, 2, &temp_alg);
7990 DbInt(row, 3, &temp_state);
7991 DbInt(row, 4, &temp_keypair);
7995 if (keytag == -1 && cka_id == NULL)
7997 *temp_key_state = temp_state;
8000 key = hsm_find_key_by_id(NULL, temp_loc);
8002 printf(
"cka_id %-33s in DB but NOT IN repository\n", temp_loc);
8003 }
else if (keytag != -1) {
8004 sign_params = hsm_sign_params_new();
8005 sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME,
"temp_zone");
8006 sign_params->algorithm = temp_alg;
8007 sign_params->flags = LDNS_KEY_ZONE_KEY;
8008 sign_params->flags += LDNS_KEY_SEP_KEY;
8010 dnskey_rr = hsm_get_dnskey(NULL, key, sign_params);
8011 sign_params->keytag = ldns_calc_keytag(dnskey_rr);
8014 if (keytag == sign_params->keytag) {
8017 *temp_cka_id = NULL;
8019 *zone_id = temp_zone_id;
8020 *temp_key_state = temp_state;
8021 *temp_keypair_id = temp_keypair;
8022 printf(
"Found key with CKA_ID %s\n", temp_loc);
8025 hsm_sign_params_free(sign_params);
8027 if (key && cka_id != NULL && strncmp(cka_id, temp_loc, strlen(temp_loc)) == 0) {
8029 if (done_row == 0) {
8031 *temp_cka_id = NULL;
8033 *zone_id = temp_zone_id;
8034 *temp_key_state = temp_state;
8035 *temp_keypair_id = temp_keypair;
8036 printf(
"Found key with CKA_ID %s\n", temp_loc);
8056 *key_count = temp_count;
8063 if (dnskey_rr != NULL) {
8064 ldns_rr_free(dnskey_rr);
8073 int GetKeyState(
const char *cka_id,
int *temp_key_state,
int *temp_keypair_id) {
8081 int temp_keypair = 0;
8083 nchar = snprintf(sql,
sizeof(sql),
"select k.id, k.state from KEYDATA_VIEW k where k.location = '%s'", cka_id);
8084 if (nchar >=
sizeof(sql)) {
8085 printf(
"Error: Overran buffer in CountKeys\n");
8094 while (status == 0) {
8096 DbInt(row, 0, &temp_keypair);
8097 DbInt(row, 1, &temp_state);
8100 if (temp_state == 0) {
8104 *temp_key_state = temp_state;
8105 *temp_keypair_id = temp_keypair;
8147 int MarkDSSeen(
int keypair_id,
int zone_id,
int policy_id,
const char *datetime,
int key_state)
8165 printf(
"Error: failed to read policy\n");
8188 printf(
"DbDateDiff failed\n");
8213 printf(
"DbDateDiff failed\n");
8276 char* where_clause = NULL;
8291 printf(
"Error: failed to read policy\n");
8307 StrAppend(&where_clause,
"select id from KEYDATA_VIEW where state = 4 and keytype = 257 and zone_id = ");
8309 StrAppend(&where_clause,
" and retire = (select min(retire) from KEYDATA_VIEW where state = 4 and keytype = 257 and zone_id = ");
8318 printf(
"Error: failed to find ID of key to retire\n");
8329 printf(
"DbDateDiff failed\n");
8398 if (zone_id != -1) {
8407 printf(
"Error in CountKeysInState\n");
8444 int ChangeKeyState(
int keytype,
const char *cka_id,
int zone_id,
int policy_id,
const char *datetime,
int keystate)
8472 printf(
"Error: failed to read policy\n");
8480 if (zone_id != -1) {
8499 keyids =
MemMalloc(count *
sizeof(
int));
8506 if (zone_id != -1) {
8515 while (status == 0) {
8516 status =
KsmKey(result, &data);
8547 for (j = 0; j < i; ++j) {
8551 snprintf(buffer,
sizeof(buffer),
"%d", keyids[j]);
8576 printf(
"DbDateDiff failed\n");
8588 if (zone_id != -1) {
8608 printf(
"DbDateDiff failed\n");
8620 if (zone_id != -1) {
8633 printf(
"DbDateDiff failed\n");
8645 if (zone_id != -1) {
8681 static int restart_enforcerd()
8685 return system(ODS_EN_NOTIFY);
8697 xmlDocPtr doc = NULL;
8698 xmlXPathContextPtr xpathCtx = NULL;
8699 xmlXPathObjectPtr xpathObj = NULL;
8700 char* temp_char = NULL;
8702 xmlChar *iv_expr = (
unsigned char*)
"//Configuration/Enforcer/Interval";
8703 xmlChar *mk_expr = (
unsigned char*)
"//Configuration/Enforcer/ManualKeyGeneration";
8706 doc = xmlParseFile(
config);
8708 printf(
"Error: unable to parse file \"%s\"\n",
config);
8713 xpathCtx = xmlXPathNewContext(doc);
8714 if(xpathCtx == NULL) {
8715 printf(
"Error: unable to create new XPath context\n");
8721 xpathObj = xmlXPathEvalExpression(iv_expr, xpathCtx);
8722 if(xpathObj == NULL) {
8723 printf(
"Error: unable to evaluate xpath expression: %s", iv_expr);
8724 xmlXPathFreeContext(xpathCtx);
8729 temp_char = (
char *)xmlXPathCastToString(xpathObj);
8732 printf(
"Error: unable to convert Interval %s to seconds, error: %i\n", temp_char, status);
8736 else if (status == -1) {
8737 printf(
"Info: converting %s to seconds; M interpreted as 31 days, Y interpreted as 365 days\n", temp_char);
8741 xmlXPathFreeObject(xpathObj);
8744 xpathObj = xmlXPathEvalExpression(mk_expr, xpathCtx);
8745 if(xpathObj == NULL) {
8746 printf(
"Error: unable to evaluate xpath expression: %s\n", mk_expr);
8747 xmlXPathFreeContext(xpathCtx);
8752 if (xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
8760 xmlXPathFreeObject(xpathObj);
8763 xmlXPathFreeContext(xpathCtx);
8803 int man_key_gen = -1;
8814 printf(
"Failed to Link Keys to zone\n");
8824 if (policy == NULL) {
8825 printf(
"Malloc for policy struct failed\n");
8835 printf(
"Error: unable to read policy %s from database\n",
o_policy);
8840 printf(
"Error: policy %s doesn't exist in database\n",
o_policy);
8848 printf(
"Error allocating zsks to zone %s", zone_name);
8854 printf(
"Error allocating ksks to zone %s", zone_name);
8896 int keys_needed = 0;
8897 int keys_in_queue = 0;
8898 int keys_pending_retirement = 0;
8900 int key_pair_id = 0;
8907 if (datetime == NULL) {
8908 printf(
"Couldn't turn \"now\" into a date, quitting...");
8912 if (policy == NULL) {
8913 printf(
"NULL policy sent to allocateKeysToZone");
8919 printf(
"Unknown keytype: %i in allocateKeysToZone", key_type);
8933 status =
KsmKeyPredict(policy->
id, key_type, 1, interval, &keys_needed, rollover_scheme, 1);
8935 printf(
"Could not predict key requirement for next interval for %s", zone_name);
8943 printf(
"Could not count current key numbers for zone %s", zone_name);
8951 printf(
"Could not count keys which may retire before the next run (for zone %s)", zone_name);
8957 new_keys = keys_needed - (keys_in_queue - keys_pending_retirement);
8963 for (i=0 ; i < new_keys ; i++){
8967 if (status == -1 || key_pair_id == 0) {
8968 if (man_key_gen == 0) {
8969 printf(
"Not enough keys to satisfy ksk policy for zone: %s. keys_to_allocate(%d) = keys_needed(%d) - (keys_available(%d) - keys_pending_retirement(%d))\n", zone_name, new_keys, keys_needed, keys_in_queue, keys_pending_retirement);
8970 printf(
"Tried to allocate %d keys, failed on allocating key number %d", new_keys, i+1);
8971 printf(
"ods-enforcerd will create some more keys on its next run");
8974 printf(
"Not enough keys to satisfy ksk policy for zone: %s. keys_to_allocate(%d) = keys_needed(%d) - (keys_available(%d) - keys_pending_retirement(%d))\n", zone_name, new_keys, keys_needed, keys_in_queue, keys_pending_retirement);
8975 printf(
"Tried to allocate %d keys, failed on allocating key number %d", new_keys, i+1);
8976 printf(
"please use \"ods-ksmutil key generate\" to create some more keys.");
8980 else if (status != 0) {
8981 printf(
"Could not get an unallocated ksk for zone: %s", zone_name);
8986 if (status == -1 || key_pair_id == 0) {
8987 if (man_key_gen == 0) {
8988 printf(
"Not enough keys to satisfy zsk policy for zone: %s. keys_to_allocate(%d) = keys_needed(%d) - (keys_available(%d) - keys_pending_retirement(%d))\n", zone_name, new_keys, keys_needed, keys_in_queue, keys_pending_retirement);
8989 printf(
"Tried to allocate %d keys, failed on allocating key number %d", new_keys, i+1);
8990 printf(
"ods-enforcerd will create some more keys on its next run");
8993 printf(
"Not enough keys to satisfy zsk policy for zone: %s. keys_to_allocate(%d) = keys_needed(%d) - (keys_available(%d) - keys_pending_retirement(%d))\n", zone_name, new_keys, keys_needed, keys_in_queue, keys_pending_retirement);
8994 printf(
"Tried to allocate %d keys, failed on allocating key number %d", new_keys, i+1);
8995 printf(
"please use \"ods-ksmutil key generate\" to create some more keys.");
8999 else if (status != 0) {
9000 printf(
"Could not get an unallocated zsk for zone: %s", zone_name);
9004 if(key_pair_id > 0) {
9009 printf(
"KsmKeyGetUnallocated returned bad key_id %d for zone: %s; exiting...", key_pair_id, zone_name);
9013 printf(
"%s key allocation for zone %s: %d key(s) allocated\n", key_type ==
KSM_TYPE_KSK ?
"KSK" :
"ZSK", zone_name, new_keys);
9037 int keyRoll(
int zone_id,
int policy_id,
int key_type)
9050 int temp_zone_id = -1;
9056 char* insql1 = NULL;
9057 char* insql2 = NULL;
9063 if (datetime == NULL) {
9064 printf(
"Couldn't turn \"now\" into a date, quitting...\n");
9072 if (zone_id != -1) {
9075 if (policy_id != -1) {
9079 if (key_type != -1) {
9088 while (status == 0) {
9090 DbInt(row, 0, &temp_id);
9091 DbInt(row, 1, &temp_type);
9095 DusSetInt(&sql1,
"compromisedflag", 1, 1);
9156 size = snprintf(sql2,
KSM_SQL_SIZE,
"select zone_id from dnsseckeys where retire = \"%s\" and keypair_id = %d", datetime, temp_id);
9160 while (status == 0) {
9162 DbInt(row2, 0, &temp_zone_id);
9167 snprintf(buffer,
sizeof(buffer),
"%d", temp_zone_id);
9190 while (status == 0) {
9192 DbInt(row2, 0, &temp_zone_id);
9197 snprintf(buffer,
sizeof(buffer),
"%d", temp_zone_id);
9219 printf(
"Couldn't construct SQL to promote standby key\n");
9290 else if (status == -1) {}
9305 xmlNodePtr zone_node;
9306 xmlNodePtr adapters_node;
9307 xmlNodePtr input_node;
9308 xmlNodePtr in_ad_node;
9309 xmlNodePtr output_node;
9310 xmlNodePtr out_ad_node;
9312 root = xmlDocGetRootElement(doc);
9314 fprintf(stderr,
"empty document\n");
9317 if (xmlStrcmp(root->name, (
const xmlChar *)
"ZoneList")) {
9318 fprintf(stderr,
"document of the wrong type, root node != %s",
"ZoneList");
9322 zone_node = xmlNewTextChild(root, NULL, (
const xmlChar *)
"Zone", NULL);
9323 (void) xmlNewProp(zone_node, (
const xmlChar *)
"name", (
const xmlChar *)zone->
name);
9326 (void) xmlNewTextChild(zone_node, NULL, (
const xmlChar *)
"Policy", (
const xmlChar *)zone->
policy_name);
9329 (void) xmlNewTextChild(zone_node, NULL, (
const xmlChar *)
"SignerConfiguration", (
const xmlChar *)zone->
signconf);
9332 adapters_node = xmlNewTextChild(zone_node, NULL, (
const xmlChar *)
"Adapters", NULL);
9334 input_node = xmlNewTextChild(adapters_node, NULL, (
const xmlChar *)
"Input", NULL);
9335 in_ad_node = xmlNewTextChild (input_node, NULL, (
const xmlChar *)
"Adapter", (
const xmlChar *)zone->
input);
9337 if (zone->
in_type[0] ==
'\0') {
9338 (void) xmlNewProp(in_ad_node, (
const xmlChar *)
"type", (
const xmlChar *)
"File");
9340 (void) xmlNewProp(in_ad_node, (
const xmlChar *)
"type", (
const xmlChar *)zone->
in_type);
9344 output_node = xmlNewTextChild(adapters_node, NULL, (
const xmlChar *)
"Output", NULL);
9345 out_ad_node = xmlNewTextChild (output_node, NULL, (
const xmlChar *)
"Adapter", (
const xmlChar *)zone->
output);
9348 (void) xmlNewProp(out_ad_node, (
const xmlChar *)
"type", (
const xmlChar *)
"File");
9350 (void) xmlNewProp(out_ad_node, (
const xmlChar *)
"type", (
const xmlChar *)zone->
out_type);
9364 len = strlen(
string);
9366 for (i = 0; i < len; ++i) {
9367 if (
string[i] ==
'\'') {
9372 buffer[j++] =
string[i];
9376 return ( (j <= buflen) ? 0 : 1);
9381 char* signconf = NULL;
9382 char* moved_signconf = NULL;
9383 char* zone_name = NULL;
9387 xmlDocPtr doc = NULL;
9389 xmlXPathContextPtr xpathCtx = NULL;
9390 xmlXPathObjectPtr xpathObj = NULL;
9392 xmlChar *node_expr = (
unsigned char*)
"//Zone";
9394 doc = xmlParseFile(zonelist_filename);
9396 printf(
"Error: unable to parse file \"%s\"\n", zonelist_filename);
9400 xpathCtx = xmlXPathNewContext(doc);
9401 if(xpathCtx == NULL) {
9407 xpathObj = xmlXPathEvalExpression(node_expr, xpathCtx);
9408 if(xpathObj == NULL) {
9409 xmlXPathFreeContext(xpathCtx);
9414 if (xpathObj->nodesetval) {
9415 for (i = 0; i < xpathObj->nodesetval->nodeNr; i++) {
9417 curNode = xpathObj->nodesetval->nodeTab[i]->xmlChildrenNode;
9418 zone_name = (
char *) xmlGetProp(xpathObj->nodesetval->nodeTab[i], (
const xmlChar *)
"name");
9420 if (all_flag || (strlen(zone_name) == strlen(o_zone) &&
9421 strncmp(zone_name, o_zone, strlen(zone_name)) == 0)) {
9425 if (xmlStrEqual(curNode->name, (
const xmlChar *)
"SignerConfiguration")) {
9426 StrAppend(&signconf, (
char *) xmlNodeGetContent(curNode));
9428 StrAppend(&moved_signconf,
".ZONE_DELETED");
9430 status = rename(signconf, moved_signconf);
9431 if (status != 0 && errno != ENOENT)
9434 printf(
"Could not rename: %s -> %s", signconf, moved_signconf);
9444 curNode = curNode->next;
9480 char* temp_zone = NULL;
9481 int temp_policy = 0;
9482 char* temp_location = NULL;
9489 hsm_key_t *key = NULL;
9490 ldns_rr *dnskey_rr = NULL;
9491 hsm_sign_params_t *sign_params = NULL;
9495 char* ds_buffer = NULL;
9498 status = hsm_open(
config, hsm_prompt_pin);
9500 hsm_print_error(NULL);
9505 "select name, kv.policy_id, location, algorithm from KEYDATA_VIEW kv, zones z where keytype = 257 and state in (3,7) and zone_id = z.id ");
9506 if (zone_id != -1) {
9519 while (status == 0) {
9522 DbInt(row, 1, &temp_policy);
9524 DbInt(row, 3, &temp_algo);
9527 key = hsm_find_key_by_id(NULL, temp_location);
9530 printf(
"Key %s in DB but not repository.", temp_location);
9539 printf(
"\n*** Found DNSKEY RECORD involved with rollover:\n");
9541 sign_params = hsm_sign_params_new();
9542 sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, temp_zone);
9543 sign_params->algorithm = temp_algo;
9544 sign_params->flags = LDNS_KEY_ZONE_KEY;
9545 sign_params->flags += LDNS_KEY_SEP_KEY;
9546 dnskey_rr = hsm_get_dnskey(NULL, key, sign_params);
9551 ldns_rr_set_ttl(dnskey_rr, rrttl);
9554 ds_buffer = ldns_rr2str(dnskey_rr);
9555 ldns_rr_free(dnskey_rr);
9558 for (i = 0; ds_buffer[i]; ++i) {
9559 if (ds_buffer[i] ==
'\t') {
9565 printf(
"%s", ds_buffer);
9566 printf(
"\nOnce the DS record for this DNSKEY is seen in DNS you can issue the ds-seen command for zone %s with the cka_id %s\n", temp_zone, temp_location);
9572 hsm_sign_params_free(sign_params);
void DbFreeResult(DB_RESULT result)
int KsmCheckHSMkeyID(int repo_id, const char *cka_id, int *exists)
int LinkKeys(const char *zone_name, int policy_id)
int KsmPolicyInit(DB_RESULT *handle, const char *name)
char name[KSM_NAME_LENGTH]
unsigned long sm_capacity
int update_policies(char *kasp_filename)
void db_disconnect(FILE *lock_fd)
char name[KSM_ZONE_NAME_LENGTH]
int release_lite_lock(FILE *lock_fd)
int KsmZoneIdAndPolicyFromName(const char *zone_name, int *policy_id, int *zone_id)
int StrIsDigits(const char *string)
void DusConditionKeyword(char **query, const char *field, DQS_COMPARISON compare, const char *value, int clause)
xmlDocPtr add_zone_node(const char *docname, const char *zone_name, const char *policy_name, const char *sig_conf_name, const char *input_name, const char *output_name, const char *input_type, const char *output_type)
char signconf[KSM_PATH_LENGTH]
int DbFetchRow(DB_RESULT result, DB_ROW *row)
void SetPolicyDefaults(KSM_POLICY *policy, char *name)
int KsmPolicy(DB_RESULT handle, KSM_POLICY *data)
char * DqsSpecifyInit(const char *table, const char *fields)
char location[KSM_NAME_LENGTH]
int KsmKeywordTypeNameToValue(const char *name)
void usage_policyimport()
int KsmMarkPreBackup(int repo_id, const char *datetime)
int KsmKeyCountQueue(int keytype, int *count, int zone_id)
KSM_POLICY * KsmPolicyAlloc()
#define KSM_PAR_ZSKTTL_CAT
int KsmParameter(DB_RESULT result, KSM_PARAMETER *data)
KSM_COMMON_KEY_POLICY * keys
int ShellQuoteString(const char *string, char *buffer, size_t buflen)
int KsmZoneInit(DB_RESULT *handle, int policy_id)
int ListKeys(int zone_id)
int KsmParameterCollection(KSM_PARCOLL *data, int policy_id)
int KsmSerialIdFromName(const char *name, int *id)
int main(int argc, char *argv[])
char retire[KSM_TIME_LENGTH]
int KsmPolicySetIdFromName(KSM_POLICY *policy)
int get_db_details(char **dbschema, char **host, char **port, char **user, char **password)
xmlDocPtr del_zone_node(const char *docname, const char *zone_name)
void DqsConditionKeyword(char **query, const char *field, DQS_COMPARISON compare, const char *value, int index)
int get_policy_name_from_id(KSM_ZONE *zone)
int KsmKeyPairCreate(int policy_id, const char *HSMKeyID, int smID, int size, int alg, const char *generate, DB_ID *id)
int KsmImportZone(const char *zone_name, int policy_id, int fail_if_exists, int *new_zone, const char *signconf, const char *input, const char *output, const char *input_type, const char *output_type)
int KsmZone(DB_RESULT handle, KSM_ZONE *data)
int KsmKeywordRollNameToValue(const char *name)
void list_zone_node(const char *docname, int *zone_ids)
void DqsOrderBy(char **query, const char *field)
int KsmZoneCount(DB_RESULT handle, int *count)
char sm_name[KSM_NAME_LENGTH]
int MsgLog(int status,...)
int get_conf_key_info(int *interval, int *man_key_gen)
int KsmRollbackMarkPreBackup(int repo_id)
int KsmPolicyRead(KSM_POLICY *policy)
int cmd_control(char *command)
void usage_policyexport()
void DusSetInt(char **sql, const char *field, int data, int clause)
int append_policy(xmlDocPtr doc, KSM_POLICY *policy)
void DqsFree(char *query)
int keyRoll(int zone_id, int policy_id, int key_type)
#define KSM_STATE_KEYPUBLISH
void DdsFree(char *query)
void DusConditionInt(char **query, const char *field, DQS_COMPARISON compare, int value, int clause)
const char * KsmKeywordStateValueToName(int value)
char * DqsCountInit(const char *table)
int KsmPolicyIdFromName(const char *name, int *id)
int DbString(DB_ROW row, int field_index, char **result)
#define KSM_PAR_DSTTL_CAT
int KsmSmIdFromName(const char *name, int *id)
char * StrStrdup(const char *string)
void DqsConditionInt(char **query, const char *field, DQS_COMPARISON compare, int value, int index)
void DdsConditionInt(char **query, const char *field, DQS_COMPARISON compare, int value, int index)
#define KSM_PAR_ZSKTTL_STRING
int KsmPolicyIdFromZoneId(int zone_id, int *policy_id)
int SetParamOnPolicy(const xmlChar *new_value, const char *name, const char *category, int current_value, int policy_id, int value_type)
char * DdsInit(const char *table)
int DtGeneral(const char *string, struct tm *datetime)
char * DtParseDateTimeString(const char *string)
#define KSM_STATE_DSPUBLISH
KSM_PARENT_POLICY * parent
char output[KSM_PATH_LENGTH]
void ksm_log_msg(const char *format)
KSM_DENIAL_POLICY * denial
int backup_file(const char *orig_file, const char *backup_file)
int printKey(void *context, KSM_KEYDATA *key_data)
int KsmZoneIdFromName(const char *zone_name, int *zone_id)
int KsmListRollovers(int zone_id, int *ds_count)
int KsmParameterValue(const char *name, const char *category, int *value, int policy_id, int *parameter_id)
int KsmKeyInitSql(DB_RESULT *result, const char *sql)
int GetKeyState(const char *cka_id, int *temp_key_state, int *temp_keypair_id)
int KsmCollectionInit(KSM_PARCOLL *data)
int update_repositories()
#define DB_KEYDATA_FIELDS
const char * DbErrmsg(DB_HANDLE handle)
int KsmImportPolicy(const char *policy_name, const char *policy_description)
char policy_name[KSM_NAME_LENGTH]
void KsmPolicyFree(KSM_POLICY *policy)
void DbFreeRow(DB_ROW row)
int KsmKey(DB_RESULT result, KSM_KEYDATA *data)
void MsgRegister(int min, int max, const char **message, MSG_OUTPUT_FUNCTION output)
KSM_SIGNER_POLICY * signer
size_t StrToLower(char *text)
int cmd_update(const char *qualifier)
char input[KSM_PATH_LENGTH]
int DbDisconnect(DB_HANDLE dbhandle)
int KsmPolicyUpdateDesc(int policy_id, const char *policy_description)
int KsmKeyPredict(int policy_id, int keytype, int shared_keys, int interval, int *count, int rollover_scheme, int zone_count)
int KsmMarkKeysAsDead(int zone_id)
int read_zonelist_filename(char **zone_list_filename)
const char * KsmKeywordSerialValueToName(int value)
int KsmDnssecKeyCreate(int zone_id, int keypair_id, int keytype, int state, const char *time, const char *retTime, DB_ID *id)
int KsmPolicyNullSaltStamp(int policy_id)
int DbExecuteSql(DB_HANDLE handle, const char *stmt_str, DB_RESULT *result)
#define KSM_POLICY_DESC_LENGTH
int DbStringBuffer(DB_ROW row, int field_index, char *buffer, size_t buflen)
int PurgeKeys(int zone_id, int policy_id)
void StrAppend(char **str1, const char *str2)
int StrStrtoi(const char *string, int *value)
int ChangeKeyState(int keytype, const char *cka_id, int zone_id, int policy_id, const char *datetime, int keystate)
int DbIntQuery(DB_HANDLE handle, int *value, const char *query)
void usage_keykskretire()
#define KSM_PAR_KSKTTL_CAT
#define KSM_STATE_PUBLISH
int DbDateDiff(const char *start, int delta, int sign, char *buffer, size_t buflen)
#define KSM_PAR_DSTTL_STRING
int KsmDeleteZone(int zone_id)
int allocateKeysToZone(KSM_POLICY *policy, int key_type, int zone_id, uint16_t interval, const char *zone_name, int man_key_gen, int rollover_scheme)
int KsmZoneNameFromId(int zone_id, char **zone_name)
char * DusInit(const char *table)
#define DEFAULT_LOG_FACILITY
int read_filenames(char **zone_list_filename, char **kasp_filename)
int CountKeysInState(int keytype, int keystate, int *count, int zone_id)
void KsmParameterEnd(DB_RESULT result)
int KsmImportKeyPair(int policy_id, const char *HSMKeyID, int smID, int size, int alg, int state, const char *time, int fixDate, DB_ID *id)
int cmd_backup(const char *qualifier)
int RetireOldKey(int zone_id, int policy_id, const char *datetime)
int KsmKeyGetUnallocated(int policy_id, int sm, int bits, int algorithm, int zone_id, int share_keys, int *keypair_id)
int db_connect(DB_HANDLE *dbhandle, FILE **lock_fd, int backup)
int append_zone(xmlDocPtr doc, KSM_ZONE *zone)
int KsmParameterInit(DB_RESULT *result, const char *name, const char *category, int policy_id)
xmlDocPtr del_policy_node(const char *docname, const char *policy_name)
int KsmPolicyExists(const char *name)
int fix_file_perms(const char *dbschema)
#define KSM_PAR_KSKTTL_STRING
int rename_signconf(const char *zonelist_filename, const char *o_zone)
int KsmRequestPendingRetireCount(int keytype, const char *datetime, KSM_PARCOLL *parameters, int *count, int zone_id, int interval)
int KsmZoneCountInit(DB_RESULT *handle, int id)
void DdsEnd(char **query)
int KsmParameterSet(const char *name, const char *category, int value, int policy_id)
KSM_ENFORCER_POLICY * enforcer
int KsmImportRepository(const char *repo_name, const char *repo_capacity, int require_backup)
int KsmKeywordAlgorithmNameToValue(const char *name)
char in_type[KSM_ADAPTER_NAME_LENGTH]
int DbInt(DB_ROW row, int field_index, int *value)
void * MemMalloc(size_t size)
char out_type[KSM_ADAPTER_NAME_LENGTH]
int KsmListBackups(int repo_id, int verbose_flag)
#define KSM_STATE_DSREADY
int DtXMLIntervalSeconds(const char *text, int *interval)
size_t StrToUpper(char *text)
void KsmKeyEnd(DB_RESULT result)
int get_lite_lock(char *lock_filename, FILE *lock_fd)
int KsmMarkBackup(int repo_id, const char *datetime)
#define KSM_STATE_GENERATE
void DusSetString(char **sql, const char *field, const char *data, int clause)
int MarkDSSeen(int keypair_id, int zone_id, int policy_id, const char *datetime, int key_state)
void DqsEnd(char **query)
int DbBeginTransaction(void)
int DbExecuteSqlNoResult(DB_HANDLE handle, const char *stmt_str)
void DqsConditionString(char **query, const char *field, DQS_COMPARISON compare, const char *value, int index)
int KsmKeyCountStillGood(int policy_id, int sm, int bits, int algorithm, int interval, const char *datetime, int *count, int keytype)
int update_zones(char *zone_list_filename)
int CountKeys(int *zone_id, int keytag, const char *cka_id, int *key_count, char **temp_cka_id, int *temp_key_state, int *temp_keypair_id)
KSM_SIGNATURE_POLICY * signature
int DbConnect(DB_HANDLE *dbhandle, const char *database,...)
void DbStringFree(char *string)