60 #include <libhsmdns.h> 61 #include <ldns/ldns.h> 63 #include <libxml/tree.h> 64 #include <libxml/parser.h> 65 #include <libxml/xpointer.h> 66 #include <libxml/xpath.h> 67 #include <libxml/xpathInternals.h> 68 #include <libxml/relaxng.h> 69 #include <libxml/xmlreader.h> 70 #include <libxml/xmlsave.h> 72 #define MAX(a, b) ((a) > (b) ? (a) : (b)) 76 #define DURATION_TYPE 1 80 #define ROLLOVER_TYPE 5 81 #define INT_TYPE_NO_FREE 6 84 # define MAXPATHLEN 4096 89 #define DEFAULT_LOG_FACILITY LOG_DAEMON 91 #define DEFAULT_LOG_FACILITY LOG_USER 97 char *
config = (
char *) OPENDNSSEC_CONFIG_FILE;
118 static int all_flag = 0;
119 static int auto_accept_flag = 0;
120 static int ds_flag = 0;
121 static int retire_flag = 1;
122 static int notify_flag = 1;
123 static int verbose_flag = 0;
124 static int xml_flag = 1;
125 static int td_flag = 0;
126 static int force_flag = 0;
127 static int hsm_flag = 1;
128 static int check_repository_flag = 0;
129 static int rfc5011_flag = 0;
131 static int restart_enforcerd(
void);
138 #if defined(HAVE_SYSLOG_R) && defined(HAVE_OPENLOG_R) && defined(HAVE_CLOSELOG_R) 139 struct syslog_data sdata = SYSLOG_DATA_INIT;
142 #undef HAVE_OPENLOG_R 143 #undef HAVE_CLOSELOG_R 151 " --version aka -V\n");
159 "\tImport config into a database (deletes current contents)\n");
166 " start|stop|notify\n" 167 "\tStart, stop or SIGHUP the ods-enforcerd\n");
178 "\tUpdate database from config\n");
186 "\t--zone <zone> aka -z\n" 187 "\t[--policy <policy>] aka -p\n" 188 "\t[--signerconf <signerconf.xml>] aka -s\n" 189 "\t[--input <input>] aka -i\n" 190 "\t[--in-type <input type>] aka -j\n" 191 "\t[--output <output>] aka -o\n" 192 "\t[--out-type <output type>] aka -q\n" 193 "\t[--no-xml] aka -m\n");
201 "\t--zone <zone> | --all aka -z / -a\n" 202 "\t[--no-xml] aka -m\n");
216 "usage: %s [-c <config> | --config <config>] zone \n\n",
227 " repository list\n");
235 "\t--policy [policy_name] | --all aka -p / -a\n");
263 "usage: %s [-c <config> | --config <config>] \n\n",
276 "\t[--verbose] aka -v\n" 277 "\t[--zone <zone>] aka -z\n" 278 "\t[--keystate <state>| --all] aka -e / -a\n" 279 "\t[--keytype <type>] aka -t\n" 288 "\t--zone <zone> | --all aka -z / -a\n" 289 "\t[--keystate <state>] aka -e\n" 290 "\t[--keytype <type>] aka -t\n" 291 "\t[--ds] aka -d\n");
299 "\t--cka_id <CKA_ID> aka -k\n" 300 "\t--repository <repository> aka -r\n" 301 "\t--zone <zone> aka -z\n" 302 "\t--bits <size> aka -b\n" 303 "\t--algorithm <algorithm> aka -g\n" 304 "\t--keystate <state> aka -e\n" 305 "\t--keytype <type> aka -t\n" 306 "\t--time <time> aka -w\n" 307 "\t[--check-repository] aka -C\n" 308 "\t[--retire <retire>] aka -y\n");
316 "\t--zone zone aka -z\n" 317 "\t--keytype <type> | --all aka -t / -a\n" 319 "\t--policy policy aka -p\n" 320 "\t--keytype <type> | --all aka -t / -a\n");
328 "\t--zone <zone> aka -z\n" 330 "\t--policy <policy> aka -p\n");
338 "\t--policy <policy> aka -p\n" 339 "\t--interval <interval> aka -n\n" 340 "\t[--zonetotal <total no. of zones>] aka -Z\n" 341 "\t--auto-accept aka -A\n");
349 "\t--zone <zone> aka -z\n" 350 "\t--keytag <keytag> | --cka_id <CKA_ID> aka -x / -k\n" 351 "\t[--tdead <Tdead>] aka -Y\n");
358 "\t--zone <zone> aka -z\n" 359 "\t--keytag <keytag> | --cka_id <CKA_ID> aka -x / -k\n");
368 "\t--zone <zone> aka -z\n" 369 "\t--keytag <keytag> | --cka_id <CKA_ID> aka -x / -k\n" 370 "\t[--no-notify|-l] aka -l\n" 371 "\t[--no-retire|-f] aka -f\n");
379 "\t--cka_id <CKA_ID> aka -k\n" 387 "usage: %s [-c <config> | --config <config>] \n\n",
406 "\t--repository <repository> aka -r\n" 408 "\t--repository <repository> aka -r\n" 410 "\t--repository <repository> aka -r\n" 412 "\t--repository <repository> aka -r\n" 414 "\t--repository <repository> aka -r\n" 416 "\t[NOTE: backup done is deprecated]\n");
424 "\t[--zone <zone>]\n");
432 "\t[--output <output>] aka -o\n");
440 " zonelist import\n");
447 "usage: %s [-c <config> | --config <config>] command [options]\n\n",
483 "\n\tAllowed date/time strings are of the form:\n" 485 "\tYYYYMMDD[HH[MM[SS]]] (all numeric)\n" 487 "\tor D-MMM-YYYY[:| ]HH[:MM[:SS]] (alphabetic month)\n" 488 "\tor DD-MMM-YYYY[:| ]HH[:MM[:SS]] (alphabetic month)\n" 489 "\tor YYYY-MMM-DD[:| ]HH[:MM[:SS]] (alphabetic month)\n" 491 "\tD-MM-YYYY[:| ]HH[:MM[:SS]] (numeric month)\n" 492 "\tDD-MM-YYYY[:| ]HH[:MM[:SS]] (numeric month)\n" 493 "\tor YYYY-MM-DD[:| ]HH[:MM[:SS]] (numeric month)\n" 495 "\t... and the distinction between them is given by the location of the\n" 503 "key states: GENERATE|PUBLISH|READY|ACTIVE|RETIRE|DEAD\n");
510 "key types: KSK|ZSK\n");
520 exist_file(
const char* filename) {
522 FILE *file = fopen(filename,
"r");
537 FILE* lock_fd = NULL;
538 char* zone_list_filename;
543 char *dbschema = NULL;
547 char *password = NULL;
552 char* setup_command = NULL;
553 char* lock_filename = NULL;
556 printf(
"*WARNING* This will erase all data in the database; are you sure? [y/N] ");
558 user_certain = getchar();
559 if (user_certain !=
'y' && user_certain !=
'Y') {
560 printf(
"Okay, quitting...\n");
567 status =
get_db_details(&dbschema, &host, &port, &user, &password);
586 lock_fd = fopen(lock_filename,
"w");
589 printf(
"Error getting db lock\n");
590 if (lock_fd != NULL) {
611 if (system(setup_command) != 0)
613 printf(
"Could not call db setup command:\n\t%s\n", setup_command);
629 printf(
"Couldn't fix permissions on file %s\n", dbschema);
630 printf(
"Will coninue with setup, but you may need to manually change ownership\n");
639 printf(
"Failed to connect to database, username too long.\n");
650 if (password != NULL) {
653 printf(
"Failed to connect to database, password too long.\n");
676 if (password != NULL) {
678 StrAppend(&setup_command, quoted_password);
686 if (system(setup_command) != 0)
688 printf(
"Could not call db setup command:\n\t%s\n", setup_command);
701 status =
DbConnect(&dbhandle, dbschema, host, password, user, port);
703 printf(
"Failed to connect to database\n");
728 printf(
"Failed to read conf.xml\n");
739 printf(
"Failed to update repositories\n");
752 printf(
"Failed to update policies\n");
753 printf(
"SETUP FAILED\n");
769 printf(
"Failed to update zones\n");
792 FILE* lock_fd = NULL;
793 char* zone_list_filename = NULL;
794 char* kasp_filename = NULL;
796 int done_something = 0;
801 printf(
"Failed to connect to database\n");
810 if (strncmp(qualifier,
"ZONELIST", 8) == 0 ||
811 strncmp(qualifier,
"KASP", 4) == 0 ||
812 strncmp(qualifier,
"ALL", 3) == 0) {
816 printf(
"Failed to read conf.xml\n");
826 if (strncmp(qualifier,
"CONF", 4) == 0 ||
827 strncmp(qualifier,
"ALL", 3) == 0) {
830 printf(
"Failed to update repositories\n");
832 if (strncmp(qualifier,
"ALL", 3) == 0) {
845 if (strncmp(qualifier,
"KASP", 4) == 0 ||
846 strncmp(qualifier,
"ALL", 3) == 0) {
849 printf(
"Failed to update policies\n");
862 if (strncmp(qualifier,
"ZONELIST", 8) == 0 ||
863 strncmp(qualifier,
"ALL", 3) == 0) {
866 printf(
"Failed to update zones\n");
878 if (done_something == 0) {
879 printf(
"Unrecognised command update %s. Please specify one of:\n", qualifier);
883 if (restart_enforcerd() != 0)
885 fprintf(stderr,
"Could not HUP ods-enforcerd\n");
894 if (kasp_filename != NULL) {
897 if (zone_list_filename != NULL) {
916 FILE* lock_fd = NULL;
917 char* zonelist_filename = NULL;
918 char* backup_filename = NULL;
920 char* sig_conf_name = NULL;
921 char* input_name = NULL;
922 char* output_name = NULL;
923 char* input_type = NULL;
924 char* output_type = NULL;
931 xmlDocPtr doc = NULL;
937 printf(
"Couldn't malloc path: %s\n", strerror(errno));
943 printf(
"Please specify a zone with the --zone option\n");
956 StrAppend(&sig_conf_name, OPENDNSSEC_STATE_DIR);
975 printf(
"Error: Unrecognised in-type %s; should be one of DNS or File\n",
o_in_type);
981 if(strcmp(input_type,
"DNS")==0){
982 StrAppend(&input_name, OPENDNSSEC_CONFIG_DIR);
985 StrAppend(&input_name, OPENDNSSEC_STATE_DIR);
1003 printf(
"Error: Unrecognised out-type %s; should be one of DNS or File\n",
o_out_type);
1011 if(strcmp(output_type,
"DNS") == 0){
1012 StrAppend(&output_name, OPENDNSSEC_CONFIG_DIR);
1015 StrAppend(&output_name, OPENDNSSEC_STATE_DIR);
1031 if(!exist_file(input_name)){
1032 fprintf(stdout,
"WARNING: The input file %s for zone %s does not currently exist. The zone will been added to the database anyway. \n",input_name,
o_zone);
1035 if(strcmp(output_type,
"DNS") == 0 && !exist_file(output_name)){
1036 fprintf(stdout,
"WARNING: The output file %s for zone %s does not currently exist. \n",output_name,
o_zone);
1044 printf(
"couldn't read zonelist\n");
1055 StrAppend(&backup_filename, zonelist_filename);
1057 if (xml_flag == 1) {
1058 if (access(backup_filename, F_OK) == 0){
1059 if (access(backup_filename, W_OK)){
1060 printf(
"ERROR: The backup file %s can not be written.\n",backup_filename);
1071 if (access(OPENDNSSEC_CONFIG_DIR, W_OK)){
1072 printf(
"ERROR: The backup file %s can not be written.\n",backup_filename);
1091 printf(
"Failed to connect to database\n");
1106 printf(
"Error, can't find policy : %s\n",
o_policy);
1107 printf(
"Failed to update zones\n");
1118 status =
KsmImportZone(
o_zone, policy_id, 1, &new_zone, sig_conf_name, input_name, output_name, input_type, output_type);
1121 printf(
"Failed to Import zone %s; it already exists\n",
o_zone);
1122 }
else if (status == -3) {
1123 printf(
"Failed to Import zone %s; it already exists both with and without a trailing dot\n",
o_zone);
1125 printf(
"Failed to Import zone\n");
1142 printf(
"Can't retrieve shared-keys parameter for policy\n");
1155 printf(
"Can't retrieve shared-keys parameter for policy\n");
1169 if (data.
value == 1) {
1172 printf(
"Failed to Link Keys to zone\n");
1193 if (xml_flag == 1) {
1196 xmlKeepBlanksDefault(0);
1197 xmlTreeIndentString =
"\t";
1207 printf(
"Error: Couldn't add our new node in memory\n");
1214 status =
backup_file(zonelist_filename, backup_filename);
1216 printf(
"Error: Backup %s FAILED, please backup %s manually and run \"ods-ksmutil zonelist export\" to update zonelist.xml\n", backup_filename, backup_filename);
1223 status = xmlSaveFormatFile(zonelist_filename, doc, 1);
1228 printf(
"Error: couldn't save zonelist, please run \"ods-ksmutil zonelist export\" to update zonelist.xml\n");
1245 if (xml_flag == 0) {
1246 printf(
"Imported zone: %s into database only, please run \"ods-ksmutil zonelist export\" to update zonelist.xml\n",
o_zone);
1248 printf(
"Imported zone: %s\n",
o_zone);
1263 char* zonelist_filename = NULL;
1264 char* backup_filename = NULL;
1269 xmlDocPtr doc = NULL;
1276 FILE* lock_fd = NULL;
1279 if (all_flag &&
o_zone != NULL) {
1280 printf(
"can not use --all with --zone\n");
1283 else if (!all_flag &&
o_zone == NULL) {
1284 printf(
"please specify either --zone <zone> or --all\n");
1289 if (all_flag == 1) {
1290 printf(
"*WARNING* This will remove all zones from OpenDNSSEC; are you sure? [y/N] ");
1292 user_certain = getchar();
1293 if (user_certain !=
'y' && user_certain !=
'Y') {
1294 printf(
"Okay, quitting...\n");
1302 printf(
"Failed to connect to database\n");
1315 if (xml_flag == 1) {
1319 printf(
"couldn't read zonelist\n");
1344 StrAppend(&backup_filename, zonelist_filename);
1346 status =
backup_file(zonelist_filename, backup_filename);
1355 status = xmlSaveFormatFile(zonelist_filename, doc, 1);
1359 printf(
"Could not save %s\n", zonelist_filename);
1370 if (all_flag == 0) {
1373 printf(
"Couldn't find zone %s\n",
o_zone);
1382 printf(
"Error: failed to mark keys as dead in database\n");
1391 printf(
"Error: failed to remove zone%s from database\n", (all_flag == 1) ?
"s" :
"");
1397 if (all_flag == 0) {
1398 if (system(SIGNER_CLI_UPDATE) != 0)
1400 printf(
"Could not call signer engine\n");
1407 if (xml_flag == 0) {
1408 printf(
"Deleted zone: %s from database only, please run \"ods-ksmutil zonelist export\" to update zonelist.xml\n",
o_zone);
1422 FILE* lock_fd = NULL;
1424 char* zonelist_filename = NULL;
1427 xmlTextReaderPtr reader = NULL;
1429 char* tag_name = NULL;
1431 int file_zone_count = 0;
1437 char* temp_name = NULL;
1444 printf(
"couldn't read zonelist\n");
1445 if (zonelist_filename != NULL) {
1454 printf(
"Failed to connect to database\n");
1460 reader = xmlNewTextReaderFilename(zonelist_filename);
1461 if (reader != NULL) {
1462 ret = xmlTextReaderRead(reader);
1464 tag_name = (
char*) xmlTextReaderLocalName(reader);
1466 if (strncmp(tag_name,
"Zone", 4) == 0
1467 && strncmp(tag_name,
"ZoneList", 8) != 0
1468 && xmlTextReaderNodeType(reader) == 1) {
1472 ret = xmlTextReaderRead(reader);
1475 xmlFreeTextReader(reader);
1477 printf(
"%s : failed to parse\n", zonelist_filename);
1480 printf(
"Unable to open %s\n", zonelist_filename);
1484 zone_ids =
MemMalloc(file_zone_count *
sizeof(
int));
1490 if (file_zone_count != 0) {
1491 StrAppend(&sql,
"select name from zones where id not in (");
1492 for (j = 0; j < file_zone_count; ++j) {
1496 snprintf(buffer,
sizeof(buffer),
"%d", zone_ids[j]);
1501 StrAppend(&sql,
"select name from zones");
1507 while (status == 0) {
1511 printf(
"Found zone %s in DB but not zonelist.\n", temp_name);
1528 if (file_zone_count == 0) {
1529 printf(
"No zones in DB or zonelist.\n");
1557 int prev_zone_id = -1;
1559 char *case_keytype = NULL;
1560 char *case_keystate = NULL;
1561 char *zone_name = NULL;
1564 hsm_key_t *key = NULL;
1565 ldns_rr *dnskey_rr = NULL;
1566 ldns_rr *ds_sha1_rr = NULL;
1567 ldns_rr *ds_sha256_rr = NULL;
1568 hsm_sign_params_t *sign_params = NULL;
1581 int done_something = 0;
1588 if (strncmp(case_keystate,
"KEYPUBLISH", 10) == 0 || strncmp(
o_keystate,
"10", 2) == 0) {
1591 else if (strncmp(case_keystate,
"GENERATE", 8) == 0 || strncmp(
o_keystate,
"1", 1) == 0) {
1594 else if (strncmp(case_keystate,
"PUBLISH", 7) == 0 || strncmp(
o_keystate,
"2", 1) == 0) {
1597 else if (strncmp(case_keystate,
"READY", 5) == 0 || strncmp(
o_keystate,
"3", 1) == 0) {
1600 else if (strncmp(case_keystate,
"ACTIVE", 6) == 0 || strncmp(
o_keystate,
"4", 1) == 0) {
1603 else if (strncmp(case_keystate,
"RETIRE", 6) == 0 || strncmp(
o_keystate,
"5", 1) == 0) {
1606 else if (strncmp(case_keystate,
"DEAD", 4) == 0 || strncmp(
o_keystate,
"6", 1) == 0) {
1609 else if (strncmp(case_keystate,
"DSSUB", 5) == 0 || strncmp(
o_keystate,
"7", 1) == 0) {
1612 else if (strncmp(case_keystate,
"DSPUBLISH", 9) == 0 || strncmp(
o_keystate,
"8", 1) == 0) {
1615 else if (strncmp(case_keystate,
"DSREADY", 7) == 0 || strncmp(
o_keystate,
"9", 1) == 0) {
1619 printf(
"Error: Unrecognised state %s; should be one of GENERATE, PUBLISH, READY, ACTIVE, RETIRE, DEAD, DSSUB, DSPUBLISH, DSREADY or KEYPUBLISH\n",
o_keystate);
1631 if (strncmp(case_keytype,
"KSK", 3) == 0 || strncmp(
o_keytype,
"257", 3) == 0) {
1634 else if (strncmp(case_keytype,
"ZSK", 3) == 0 || strncmp(
o_keytype,
"256", 3) == 0) {
1638 printf(
"Error: Unrecognised keytype %s; should be one of KSK or ZSK\n",
o_keytype);
1649 printf(
"Failed to connect to database\n");
1661 printf(
"Error: unable to find a zone named \"%s\" in database\n",
o_zone);
1667 status = hsm_open(
config, hsm_prompt_pin);
1669 hsm_print_error(NULL);
1674 if (state_id != -1) {
1677 nchar = snprintf(buffer,
sizeof(buffer),
"(%d, %d, %d, %d, %d, %d)",
1680 if (nchar >=
sizeof(buffer)) {
1689 if (zone_id != -1) {
1697 status =
KsmKey(result, &data);
1698 while (status == 0) {
1700 if (ds_flag == 1 && data.
zone_id != prev_zone_id) {
1702 if (red_seen == 0 && act_seen == 0) {
1703 printf(
"\nWARNING: No active or ready keys seen for this zone. Do not load any DS records to the parent unless you understand the possible consequences.\n");
1704 }
else if (red_seen == 1 && act_seen == 1) {
1705 printf(
"\nWARNING: BOTH ready and active keys seen for this zone. Probably a key rollover is happening and you may only want the ready key to be submitted.\n");
1719 key = hsm_find_key_by_id(NULL, data.
location);
1722 printf(
"Key %s in DB but not repository\n", data.
location);
1727 sign_params = hsm_sign_params_new();
1729 if (zone_id == -1) {
1732 printf(
"Error: unable to find zone name for id %d\n", zone_id);
1733 hsm_sign_params_free(sign_params);
1737 sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, zone_name);
1741 sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME,
o_zone);
1744 sign_params->algorithm = data.
algorithm;
1745 sign_params->flags = LDNS_KEY_ZONE_KEY;
1747 sign_params->flags += LDNS_KEY_SEP_KEY;
1749 dnskey_rr = hsm_get_dnskey(NULL, key, sign_params);
1750 sign_params->keytag = ldns_calc_keytag(dnskey_rr);
1766 ldns_rr_set_ttl(dnskey_rr, rrttl);
1771 ldns_rr_print(stdout, dnskey_rr);
1783 ldns_rr_set_ttl(dnskey_rr, rrttl);
1788 ds_sha1_rr = ldns_key_rr2ds(dnskey_rr, LDNS_SHA1);
1789 ldns_rr_print(stdout, ds_sha1_rr);
1792 ds_sha256_rr = ldns_key_rr2ds(dnskey_rr, LDNS_SHA256);
1793 ldns_rr_print(stdout, ds_sha256_rr);
1798 hsm_sign_params_free(sign_params);
1800 status =
KsmKey(result, &data);
1810 if (ds_flag == 1 && red_seen == 0 && act_seen == 0) {
1811 printf(
"\nWARNING: No active or ready keys seen for this zone. Do not load any DS records to the parent unless you understand the possible consequences.\n");
1812 }
else if (ds_flag == 1 && red_seen == 1 && act_seen == 1) {
1813 printf(
"\nWARNING: BOTH ready and active keys seen for this zone. Probably a key rollover is happening and you may only want the ready key to be submitted.\n");
1817 if (!done_something) {
1818 if (state_id != -1) {
1821 printf(
"No keys in READY state or higher to export.\n");
1827 if (dnskey_rr != NULL) {
1828 ldns_rr_free(dnskey_rr);
1830 if (ds_sha1_rr != NULL) {
1831 ldns_rr_free(ds_sha1_rr);
1833 if (ds_sha256_rr != NULL) {
1834 ldns_rr_free(ds_sha256_rr);
1854 xmlDocPtr doc = xmlNewDoc((
const xmlChar *)
"1.0");
1861 if (all_flag &&
o_policy != NULL) {
1862 printf(
"can not use --all with --policy\n");
1865 else if (!all_flag &&
o_policy == NULL) {
1866 printf(
"please specify either --policy <policy> or --all\n");
1873 printf(
"Failed to connect to database\n");
1879 if (policy == NULL) {
1880 fprintf(stderr,
"Malloc for policy struct failed\n");
1895 policy->
zone == NULL || policy->
parent == NULL ||
1896 policy->
keys == NULL ||
1897 policy->
ksk == NULL || policy->
zsk == NULL ||
1899 fprintf(stderr,
"Malloc for policy struct failed\n");
1904 xmlKeepBlanksDefault(0);
1905 xmlTreeIndentString =
" ";
1906 root = xmlNewDocNode(doc, NULL, (
const xmlChar *)
"KASP", NULL);
1907 (void) xmlDocSetRootElement(doc, root);
1916 while (status == 0) {
1926 xmlSaveFormatFile(
"-", doc, 1);
1947 xmlDocPtr doc = xmlNewDoc((
const xmlChar *)
"1.0");
1950 int prev_policy_id = -1;
1957 printf(
"Failed to connect to database\n");
1964 fprintf(stderr,
"Malloc for zone struct failed\n");
1969 xmlKeepBlanksDefault(0);
1970 xmlTreeIndentString =
" ";
1971 root = xmlNewDocNode(doc, NULL, (
const xmlChar *)
"ZoneList", NULL);
1972 (void) xmlDocSetRootElement(doc, root);
1978 status =
KsmZone(result, zone);
1980 while (status == 0) {
1981 if (zone->
policy_id != prev_policy_id) {
1985 fprintf(stderr,
"Couldn't get name for policy with ID: %d, exiting...\n", zone->
policy_id);
1992 status =
KsmZone(result, zone);
1997 xmlSaveFormatFile(
"-", doc, 1);
2015 FILE* lock_fd = NULL;
2037 printf(
"Failed to connect to database\n");
2048 printf(
"Error, can't find zone : %s\n",
o_zone);
2068 if (data.
value == 1) {
2069 printf(
"*WARNING* This zone shares keys with others, all instances of the active key on this zone will be retired; are you sure? [y/N] ");
2071 user_certain = getchar();
2072 if (user_certain !=
'y' && user_certain !=
'Y') {
2073 printf(
"Okay, quitting...\n");
2079 status =
keyRoll(zone_id, -1, key_type);
2086 snprintf(logmsg, 256,
"Manual key rollover for key type %s on zone %s initiated" , (
o_keytype == NULL) ?
"all" :
o_keytype,
o_zone);
2087 printf(
"\n%s\n", logmsg);
2090 #ifdef HAVE_OPENLOG_R 2095 #ifdef HAVE_SYSLOG_R 2096 syslog_r(LOG_INFO, &sdata,
"%s", logmsg);
2098 syslog(LOG_INFO,
"%s", logmsg);
2100 #ifdef HAVE_CLOSELOG_R 2110 if (restart_enforcerd() != 0)
2112 fprintf(stderr,
"Could not HUP ods-enforcerd\n");
2128 FILE* lock_fd = NULL;
2132 int zone_count = -1;
2151 printf(
"Failed to connect to database\n");
2158 printf(
"Error, can't find policy : %s\n",
o_policy);
2164 printf(
"*WARNING* This will roll all keys on the policy; are you sure? [y/N] ");
2166 user_certain = getchar();
2167 if (user_certain !=
'y' && user_certain !=
'Y') {
2168 printf(
"Okay, quitting...\n");
2183 if (zone_count == 0) {
2184 printf(
"No zones on policy; nothing to roll\n");
2189 printf(
"Couldn't count zones on policy; quitting...\n");
2194 status =
keyRoll(-1, policy_id, key_type);
2201 snprintf(logmsg, 256,
"Manual key rollover for key type %s on policy %s initiated" , (
o_keytype == NULL) ?
"all" :
o_keytype,
o_policy);
2202 printf(
"%s\n", logmsg);
2205 #ifdef HAVE_OPENLOG_R 2210 #ifdef HAVE_SYSLOG_R 2211 syslog_r(LOG_INFO, &sdata,
"%s", logmsg);
2213 syslog(LOG_INFO,
"%s", logmsg);
2215 #ifdef HAVE_CLOSELOG_R 2225 if (restart_enforcerd() != 0)
2227 fprintf(stderr,
"Could not HUP ods-enforcerd\n");
2248 FILE* lock_fd = NULL;
2253 printf(
"Failed to connect to database\n");
2262 printf(
"Error: unable to find a policy named \"%s\" in database\n",
o_policy);
2276 printf(
"Error: unable to find a zone named \"%s\" in database\n",
o_zone);
2286 printf(
"Error: failed to purge dead keys\n");
2312 FILE* lock_fd = NULL;
2317 if (datetime == NULL) {
2318 printf(
"Couldn't turn \"now\" into a date, quitting...\n");
2323 if ( strncmp(qualifier,
"DONE", 4) == 0 ) {
2324 printf(
"*WARNING* One-step backups are deprecated in favour of a two-step process; see the documentation on key management for the explanation.\n");
2327 if (force_flag == 0) {
2328 printf(
"Do you wish to continue? [y/N] ");
2330 user_certain = getchar();
2331 if (user_certain !=
'y' && user_certain !=
'Y') {
2332 printf(
"Okay, quitting...\n");
2341 printf(
"Failed to connect to database\n");
2351 printf(
"Error: unable to find a repository named \"%s\" in database\n",
o_repository);
2359 if (strncmp(qualifier,
"PREPARE", 7) == 0 ||
2360 strncmp(qualifier,
"DONE", 4) == 0 ) {
2363 printf(
"There were no keys to mark\n");
2365 else if (status != 0) {
2366 printf(
"Error: failed to mark pre_backup as done\n");
2371 if (strncmp(qualifier,
"PREPARE", 7) == 0) {
2373 printf(
"Marked repository %s as pre-backed up at %s\n",
o_repository, datetime);
2375 printf(
"Marked all repositories as pre-backed up at %s\n", datetime);
2382 if (strncmp(qualifier,
"COMMIT", 6) == 0 ||
2383 strncmp(qualifier,
"DONE", 4) == 0 ) {
2386 printf(
"There were no keys to mark\n");
2388 else if (status != 0) {
2389 printf(
"Error: failed to mark backup as done\n");
2395 printf(
"Marked repository %s as backed up at %s\n",
o_repository, datetime);
2397 printf(
"Marked all repositories as backed up at %s\n", datetime);
2403 if (strncmp(qualifier,
"ROLLBACK", 6) == 0 ) {
2406 printf(
"There were no keys to rollback\n");
2408 else if (status != 0) {
2409 printf(
"Error: failed to mark backup as done\n");
2415 printf(
"Rolled back pre-backup of repository %s\n",
o_repository);
2417 printf(
"Rolled back pre-backup of all repositories\n");
2439 int qualifier_id = -1;
2443 FILE* lock_fd = NULL;
2448 printf(
"Failed to connect to database\n");
2461 printf(
"Error: unable to find a zone named \"%s\" in database\n",
o_zone);
2468 printf(
"Rollovers:\n");
2473 printf(
"Error: failed to list rollovers\n");
2482 if (verbose_flag && ds_count > 0) {
2484 status =
ListDS(qualifier_id);
2487 printf(
"Error: failed to list DS records\n");
2508 int qualifier_id = -1;
2512 FILE* lock_fd = NULL;
2517 printf(
"Failed to connect to database\n");
2526 printf(
"Error: unable to find a repository named \"%s\" in database\n",
o_repository);
2532 printf(
"Backups:\n");
2536 printf(
"Error: failed to list backups\n");
2559 FILE* lock_fd = NULL;
2564 printf(
"Failed to connect to database\n");
2569 printf(
"Repositories:\n");
2574 printf(
"Error: failed to list repositories\n");
2575 if (lock_fd != NULL) {
2600 FILE* lock_fd = NULL;
2605 printf(
"Failed to connect to database\n");
2610 printf(
"Policies:\n");
2615 printf(
"Error: failed to list policies\n");
2636 int qualifier_id = -1;
2640 FILE* lock_fd = NULL;
2645 printf(
"Failed to connect to database\n");
2658 printf(
"Error: unable to find a zone named \"%s\" in database\n",
o_zone);
2670 printf(
"Error: failed to list keys\n");
2697 int keytag_int = -1;
2698 int temp_key_state = -1;
2699 int temp_keypair_id = -1;
2700 char* temp_cka_id = NULL;
2705 FILE* lock_fd = NULL;
2710 if (datetime == NULL) {
2711 printf(
"Couldn't turn \"now\" into a date, quitting...\n");
2717 printf(
"*WARNING* This will retire the currently active KSK; are you sure? [y/N] ");
2719 user_certain = getchar();
2720 if (user_certain !=
'y' && user_certain !=
'Y') {
2721 printf(
"Okay, quitting...\n");
2728 printf(
"Failed to connect to database\n");
2742 printf(
"Error: unable to find a zone named \"%s\" in database\n",
o_zone);
2755 printf(
"Error: Unable to convert keytag \"%s\"; to an integer\n",
o_keytag);
2761 printf(
"Error: keytag \"%s\"; should be numeric only\n",
o_keytag);
2771 printf(
"Please provide a zone or details of the key to roll\n");
2780 printf(
"Error: failed to count active keys\n");
2787 if (key_count < 2) {
2788 printf(
"Error: completing this action would leave no active keys on zone, quitting...\n");
2797 printf(
"Error: failed to find policy for zone\n");
2806 printf(
"Old key retired\n");
2808 printf(
"Old key NOT retired\n");
2816 status =
CountKeys(&zone_id, keytag_int,
o_cka_id, &key_count, &temp_cka_id, &temp_key_state, &temp_keypair_id);
2818 printf(
"Error: failed to count keys\n");
2825 if (key_count > 1) {
2826 printf(
"More than one key matched your parameters, please include more information from the above keys\n");
2834 printf(
"No keys in the ACTIVE state matched your parameters, please check the parameters\n");
2842 printf(
"Error: failed to count active keys\n");
2849 if (key_count < 2) {
2850 printf(
"Error: completing this action would leave no active keys on zone, quitting...\n");
2859 printf(
"Error: failed to find policy for zone\n");
2870 printf(
"Key %s retired\n", temp_cka_id);
2897 int keytag_int = -1;
2898 int temp_key_state = -1;
2899 int temp_keypair_id = -1;
2900 char* temp_cka_id = NULL;
2906 FILE* lock_fd = NULL;
2911 printf(
"Failed to connect to database\n");
2924 printf(
"Error: unable to find a zone named \"%s\" in database\n",
o_zone);
2936 printf(
"Error: Unable to convert keytag \"%s\"; to an integer\n",
o_keytag);
2941 printf(
"Error: keytag \"%s\"; should be numeric only\n",
o_keytag);
2950 status =
DtNow(&datetime);
2953 printf(
"Error parsing time, quitting...\n");
2959 datetime.tm_mday += 30;
2960 (void)mktime(&datetime);
2963 "%4.4d-%2.2d-%2.2d %2.2d:%2.2d:%2.2d",
2964 datetime.tm_year + 1900, datetime.tm_mon + 1,
2965 datetime.tm_mday, datetime.tm_hour, datetime.tm_min,
2971 printf(
"Please provide a zone or details of the key to roll\n");
2979 printf(
"Error: failed to count retired keys\n");
2985 if (key_count < 1) {
2986 printf(
"Error: Could not find a key to retire, quitting...\n");
2994 printf(
"Error: failed to find policy for zone\n");
2999 status =
RevokeOldKey(zone_id, policy_id, time_buffer);
3002 printf(
"Old key revoked\n");
3004 printf(
"Old key NOT revoked\n");
3013 status =
CountKeys(&zone_id, keytag_int,
o_cka_id, &key_count, &temp_cka_id, &temp_key_state, &temp_keypair_id);
3015 printf(
"Error: failed to count keys\n");
3021 if (key_count > 1) {
3022 printf(
"More than one key matched your parameters, please include more information from the above keys\n");
3029 printf(
"No keys in the RETIRE state matched your parameters, please check the parameters\n");
3036 printf(
"Error: failed to count revoked keys\n");
3042 if (key_count < 1) {
3043 printf(
"Error: Could not find a key to revoke, quitting...\n");
3051 printf(
"Error: failed to find policy for zone\n");
3093 printf(
"Key %s revoked\n", temp_cka_id);
3102 if (restart_enforcerd() != 0) {
3103 fprintf(stderr,
"Could not HUP ods-enforcerd\n");
3105 fprintf(stdout,
"Performed a HUP ods-enforcerd\n");
3123 int retired_count = -1;
3124 int keytag_int = -1;
3125 int temp_key_state = -1;
3126 int temp_keypair_id = -1;
3127 char* temp_cka_id = NULL;
3132 FILE* lock_fd = NULL;
3139 if (datetime == NULL) {
3140 printf(
"Couldn't turn \"now\" into a date, quitting...\n");
3147 printf(
"Please provide a keytag or a CKA_ID for the key (CKA_ID will be used if both are provided\n");
3155 printf(
"*WARNING* This will retire the currently active KSK; are you sure? [y/N] ");
3157 user_certain = getchar();
3158 if (user_certain !=
'y' && user_certain !=
'Y') {
3159 printf(
"Okay, quitting...\n");
3166 printf(
"Failed to connect to database\n");
3177 printf(
"Please specify a zone using the --zone flag\n");
3183 else if (
o_zone != NULL) {
3190 printf(
"Error: unable to find a zone named \"%s\" in database\n",
o_zone);
3197 else if (all_flag) {
3198 printf(
"*WARNING* This will act on every zone where this key is in use; are you sure? [y/N] ");
3200 user_certain = getchar();
3201 if (user_certain !=
'y' && user_certain !=
'Y') {
3202 printf(
"Okay, quitting...\n");
3214 printf(
"Error: Unable to convert keytag \"%s\"; to an integer\n",
o_keytag);
3220 printf(
"Error: keytag \"%s\"; should be numeric only\n",
o_keytag);
3231 status =
CountKeys(&zone_id, keytag_int,
o_cka_id, &key_count, &temp_cka_id, &temp_key_state, &temp_keypair_id);
3233 printf(
"Error: failed to count keys\n");
3240 if (key_count > 1) {
3241 printf(
"More than one key matched your parameters, please include more information from the above keys\n");
3249 printf(
"Key is already active\n");
3256 if (key_count == 0) {
3257 printf(
"No keys in the READY state matched your parameters, please check the parameters\n");
3266 printf(
"Error: failed to find policy for zone\n");
3273 status =
MarkDSSeen(temp_keypair_id, zone_id, policy_id, datetime, temp_key_state);
3277 snprintf(logmsg, 256,
"Key %s made %s", temp_cka_id, (temp_key_state ==
KSM_STATE_READY) ?
"active" :
"into standby");
3278 printf(
"%s\n", logmsg);
3281 #ifdef HAVE_OPENLOG_R 3286 #ifdef HAVE_SYSLOG_R 3287 syslog_r(LOG_INFO, &sdata,
"%s", logmsg);
3289 syslog(LOG_INFO,
"%s", logmsg);
3291 #ifdef HAVE_CLOSELOG_R 3301 if (retire_flag == 1) {
3306 printf(
"Error: failed to count active keys\n");
3313 if (key_count < 2) {
3317 printf(
"Error: failed to count retired keys\n");
3326 if (retired_count != 0) {
3327 printf(
"Error: retiring a key would leave no active keys on zone, skipping...\n");
3332 if (notify_flag == 1) {
3333 if (restart_enforcerd() != 0) {
3334 fprintf(stderr,
"Could not HUP ods-enforcerd\n");
3336 fprintf(stdout,
"Performed a HUP ods-enforcerd\n");
3339 fprintf(stdout,
"No HUP ods-enforcerd was performed as the '--no-notify' flag was specified.\n");
3340 fprintf(stdout,
"Warning: The enforcer must be manually notified or the changes will not take full effect until the next scheduled enforcer run.\n");
3350 printf(
"Old key retired\n");
3352 printf(
"Old key NOT retired\n");
3355 printf(
"Old key NOT retired\n");
3359 if (notify_flag == 1) {
3360 if (restart_enforcerd() != 0) {
3361 fprintf(stderr,
"Could not HUP ods-enforcerd\n");
3363 fprintf(stdout,
"Performed a HUP ods-enforcerd\n");
3366 fprintf(stdout,
"No HUP ods-enforcerd was performed as the '--no-notify' flag was specified.\n");
3367 fprintf(stdout,
"Warning: The enforcer must be manually notified or the changes will not take full effect until the next scheduled enforcer run.\n");
3389 char* case_keytype = NULL;
3390 char* case_algorithm = NULL;
3391 char* case_state = NULL;
3396 int cka_id_exists = -1;
3397 int keytype_id = -1;
3404 DB_ID keypair_id = 0;
3413 FILE* lock_fd = NULL;
3420 hsm_key_t *key = NULL;
3425 printf(
"Error: please specify a CKA_ID with the --cka_id <CKA_ID>\n");
3429 printf(
"Error: please specify a repository with the --repository <repository>\n");
3433 printf(
"Error: please specify a zone with the --zone <zone>\n");
3437 printf(
"Error: please specify the number of bits with the --bits <size>\n");
3441 printf(
"Error: please specify the algorithm with the --algorithm <algorithm>\n");
3445 printf(
"Error: please specify the state with the --keystate <state>\n");
3449 printf(
"Error: please specify a keytype, KSK or ZSK, with the --keytype <type>\n");
3453 printf(
"Error: please specify the time of when the key entered the given state with the --time <time>\n");
3458 status = hsm_open(
config, hsm_prompt_pin);
3460 hsm_print_error(NULL);
3463 key = hsm_find_key_by_id(NULL,
o_cka_id);
3466 if(check_repository_flag){
3467 fprintf(stderr,
"Error: No key with the CKA_ID %-33s exists in the repository %s. When the option [--check-repository] is used the key MUST exist in the repository for the key to be imported. \n",
o_cka_id,
o_repository);
3470 fprintf(stdout,
"Warning: No key with the CKA_ID %-33s exists in the repository %s. The key will be imported into the database anyway. \n",
o_cka_id,
o_repository);
3479 printf(
"Failed to connect to database\n");
3487 printf(
"Error: unable to find a repository named \"%s\" in database\n",
o_repository);
3499 printf(
"Error: unable to find a zone named \"%s\" in database\n",
o_zone);
3511 if (cka_id_exists == 1) {
3512 printf(
"Error: key with CKA_ID \"%s\" already exists in database\n",
o_cka_id);
3520 if (strncmp(case_keytype,
"KSK", 3) == 0 || strncmp(
o_keytype,
"257", 3) == 0) {
3523 else if (strncmp(case_keytype,
"ZSK", 3) == 0 || strncmp(
o_keytype,
"256", 3) == 0) {
3527 printf(
"Error: Unrecognised keytype %s; should be one of KSK or ZSK\n",
o_keytype);
3539 printf(
"Error: Unable to convert bits \"%s\"; to an integer\n",
o_size);
3544 printf(
"Error: Bits \"%s\"; should be numeric only\n",
o_size);
3562 if (status != 0 || algo_id == 0 || hsm_supported_algorithm(algo_id) != 0) {
3563 printf(
"Error: Key algorithm %s not supported; try one of RSASHA1, RSASHA1-NSEC3-SHA1 or RSASHA256\n",
o_algo);
3571 if (strncmp(case_state,
"GENERATE", 8) == 0 || strncmp(
o_keystate,
"1", 1) == 0) {
3574 else if (strncmp(case_state,
"PUBLISH", 7) == 0 || strncmp(
o_keystate,
"2", 1) == 0) {
3577 else if (strncmp(case_state,
"READY", 5) == 0 || strncmp(
o_keystate,
"3", 1) == 0) {
3580 else if (strncmp(case_state,
"ACTIVE", 6) == 0 || strncmp(
o_keystate,
"4", 1) == 0) {
3583 else if (strncmp(case_state,
"RETIRE", 6) == 0 || strncmp(
o_keystate,
"5", 1) == 0) {
3587 printf(
"Error: Unrecognised state %s; should be one of GENERATE, PUBLISH, READY, ACTIVE or RETIRE\n",
o_keystate);
3598 printf(
"Error: unable to convert \"%s\" into a date\n",
o_time);
3605 snprintf(form_time,
KSM_TIME_LENGTH,
"%4.4d-%2.2d-%2.2d %2.2d:%2.2d:%2.2d",
3606 datetime.tm_year + 1900, datetime.tm_mon + 1, datetime.tm_mday,
3607 datetime.tm_hour, datetime.tm_min, datetime.tm_sec);
3608 printf(
"Converted time is %s\n", form_time);
3614 printf(
"Error: unable to specify retire time for a key in state \"%s\"\n",
o_keystate);
3621 printf(
"Error: unable to convert retire time \"%s\" into a date\n",
o_retire);
3628 snprintf(form_opt_time,
KSM_TIME_LENGTH,
"%4.4d-%2.2d-%2.2d %2.2d:%2.2d:%2.2d",
3629 datetime.tm_year + 1900, datetime.tm_mon + 1, datetime.tm_mday,
3630 datetime.tm_hour, datetime.tm_min, datetime.tm_sec);
3634 form_opt_time[0] =
'\0';
3651 if (data.
value == 1) {
3652 printf(
"*WARNING* This zone shares keys with others, the key will be added to all; are you sure? [y/N] ");
3654 user_certain = getchar();
3655 if (user_certain !=
'y' && user_certain !=
'Y') {
3656 printf(
"Okay, quitting...\n");
3663 status =
KsmImportKeyPair(policy_id,
o_cka_id, repo_id, size_int, algo_id, state_id, form_time, fix_time, &keypair_id);
3665 printf(
"Error: couldn't import key\n");
3675 status =
KsmDnssecKeyCreate(zone_id, (
int) keypair_id, keytype_id, state_id, rfc5011_flag, form_time, form_opt_time, &ignore);
3678 printf(
"Error: couldn't allocate key to zone(s)\n");
3683 printf(
"Key imported into zone(s)\n");
3699 FILE* lock_fd = NULL;
3702 char *dbschema = NULL;
3706 char *password = NULL;
3710 char* backup_filename = NULL;
3711 char* lock_filename;
3713 char *path = getenv(
"PWD");
3716 printf(
"Sorry, currently this utility can only backup a sqlite database file\n");
3721 status =
get_db_details(&dbschema, &host, &port, &user, &password);
3732 lock_filename = NULL;
3736 lock_fd = fopen(lock_filename,
"w");
3739 printf(
"Error getting db lock\n");
3740 if (lock_fd != NULL) {
3790 char* kasp_filename = NULL;
3791 char* zonelist_filename = NULL;
3792 char* backup_filename = NULL;
3795 FILE* lock_fd = NULL;
3804 int zone_count = -1;
3806 xmlDocPtr doc = NULL;
3809 printf(
"*WARNING* This feature is experimental and has not been fully tested; are you sure? [y/N] ");
3811 user_certain = getchar();
3812 if (user_certain !=
'y' && user_certain !=
'Y') {
3813 printf(
"Okay, quitting...\n");
3820 printf(
"Failed to read conf.xml\n");
3826 StrAppend(&backup_filename, kasp_filename);
3828 status =
backup_file(kasp_filename, backup_filename);
3838 if ((test = fopen(kasp_filename,
"ab"))==NULL) {
3839 printf(
"Cannot open kasp.xml for writing: %s\n", strerror(errno));
3850 printf(
"Failed to connect to database\n");
3871 if (policy == NULL) {
3872 printf(
"Malloc for policy struct failed\n");
3881 while (status == 0) {
3891 if (zone_count == 0) {
3892 printf(
"No zones on policy %s; purging...\n", policy->
name);
3894 size = snprintf(sql,
KSM_SQL_SIZE,
"update dnsseckeys set state = %d where keypair_id in (select id from keypairs where policy_id = %d)",
KSM_STATE_DEAD, policy->
id);
3898 printf(
"Couldn't construct SQL to kill orphaned keys\n");
3921 printf(
"Key purge failed for policy %s\n", policy->
name);
3930 sql2 =
DdsInit(
"parameters_policies");
3974 status = xmlSaveFormatFile(kasp_filename, doc, 1);
3977 printf(
"Could not save %s\n", kasp_filename);
3987 printf(
"Couldn't count zones on policy; quitting...\n");
4025 char* ods_control_cmd = NULL;
4026 char* ptr = command;
4031 *ptr = tolower((
int) *ptr);
4037 StrAppend(&ods_control_cmd, ODS_EN_CONTROL);
4040 status = system(ods_control_cmd);
4043 fprintf(stderr,
"Couldn't run %s\n", ods_control_cmd);
4059 char* case_command = NULL;
4060 char* case_verb = NULL;
4062 int option_index = 0;
4063 static struct option long_options[] =
4065 {
"all", no_argument, 0,
'a'},
4066 {
"auto-accept", no_argument, 0,
'A'},
4067 {
"bits", required_argument, 0,
'b'},
4068 {
"rfc5011", no_argument, 0,
'5'},
4069 {
"config", required_argument, 0,
'c'},
4070 {
"check-repository", no_argument, 0,
'C'},
4071 {
"ds", no_argument, 0,
'd'},
4072 {
"keystate", required_argument, 0,
'e'},
4073 {
"no-retire", no_argument, 0,
'f'},
4074 {
"force", no_argument, 0,
'F'},
4075 {
"algorithm", required_argument, 0,
'g'},
4076 {
"help", no_argument, 0,
'h'},
4077 {
"input", required_argument, 0,
'i'},
4078 {
"in-type", required_argument, 0,
'j'},
4079 {
"cka_id", required_argument, 0,
'k'},
4080 {
"no-notify", no_argument, 0,
'l'},
4081 {
"no-xml", no_argument, 0,
'm'},
4082 {
"no-hsm", no_argument, 0,
'M'},
4083 {
"interval", required_argument, 0,
'n'},
4084 {
"output", required_argument, 0,
'o'},
4085 {
"policy", required_argument, 0,
'p'},
4086 {
"out-type", required_argument, 0,
'q'},
4087 {
"repository", required_argument, 0,
'r'},
4088 {
"signerconf", required_argument, 0,
's'},
4089 {
"keytype", required_argument, 0,
't'},
4090 {
"time", required_argument, 0,
'w'},
4091 {
"verbose", no_argument, 0,
'v'},
4092 {
"version", no_argument, 0,
'V'},
4093 {
"keytag", required_argument, 0,
'x'},
4094 {
"retire", required_argument, 0,
'y'},
4095 {
"tdead", required_argument, 0,
'Y'},
4096 {
"zone", required_argument, 0,
'z'},
4097 {
"zonetotal", required_argument, 0,
'Z'},
4103 while ((ch = getopt_long(argc, argv,
"aAb:Cc:de:fFg:hi:j:k:mMln:o:p:q:r:s:t:vVw:x:y:Y:z:Z:5", long_options, &option_index)) != -1) {
4109 auto_accept_flag = 1;
4121 check_repository_flag = 1;
4185 printf(
"%s version %s\n", PACKAGE_NAME, PACKAGE_VERSION);
4246 if (!strncmp(case_command,
"SETUP", 5)) {
4250 }
else if (!strncmp(case_command,
"UPDATE", 6)) {
4254 }
else if (!strncmp(case_command,
"START", 5) ||
4255 !strncmp(case_command,
"STOP", 4) ||
4256 !strncmp(case_command,
"NOTIFY", 6)) {
4260 }
else if (!strncmp(case_command,
"ZONE", 4) && strlen(case_command) == 4) {
4265 if (!strncmp(case_verb,
"ADD", 3)) {
4267 }
else if (!strncmp(case_verb,
"DELETE", 6)) {
4269 }
else if (!strncmp(case_verb,
"LIST", 4)) {
4272 printf(
"Unknown command: zone %s\n", case_verb);
4276 }
else if (!strncmp(case_command,
"REPOSITORY", 10)) {
4280 if (!strncmp(case_verb,
"LIST", 4)) {
4283 printf(
"Unknown command: repository %s\n", case_verb);
4287 }
else if (!strncmp(case_command,
"POLICY", 6)) {
4291 if (!strncmp(case_verb,
"EXPORT", 6)) {
4293 }
else if (!strncmp(case_verb,
"IMPORT", 6)) {
4295 }
else if (!strncmp(case_verb,
"LIST", 4)) {
4297 }
else if (!strncmp(case_verb,
"PURGE", 5)) {
4300 printf(
"Unknown command: policy %s\n", case_verb);
4304 }
else if (!strncmp(case_command,
"KEY", 3)) {
4308 if (!strncmp(case_verb,
"LIST", 4)) {
4311 else if (!strncmp(case_verb,
"EXPORT", 6)) {
4314 else if (!strncmp(case_verb,
"IMPORT", 6)) {
4317 else if (!strncmp(case_verb,
"ROLLOVER", 8)) {
4319 if (all_flag == 0 &&
o_keytype == NULL) {
4320 printf(
"Please specify either a keytype, KSK or ZSK, with the --keytype <type> option or use the --all option\n");
4333 printf(
"Please provide either a zone OR a policy to rollover\n");
4339 else if (!strncmp(case_verb,
"PURGE", 5)) {
4345 printf(
"Please provide either a zone OR a policy to key purge\n");
4350 else if (!strncmp(case_verb,
"GENERATE", 8)) {
4353 else if (!strncmp(case_verb,
"KSK-RETIRE", 10)) {
4356 else if (!strncmp(case_verb,
"KSK-REVOKE", 10)) {
4359 else if (!strncmp(case_verb,
"DS-SEEN", 7)) {
4361 }
else if (!strncmp(case_verb,
"DELETE", 6)) {
4364 printf(
"Unknown command: key %s\n", case_verb);
4368 }
else if (!strncmp(case_command,
"BACKUP", 6)) {
4372 if (!strncmp(case_verb,
"DONE", 4) ||
4373 !strncmp(case_verb,
"PREPARE", 7) ||
4374 !strncmp(case_verb,
"COMMIT", 6) ||
4375 !strncmp(case_verb,
"ROLLBACK", 8)) {
4378 else if (!strncmp(case_verb,
"LIST", 4)) {
4381 printf(
"Unknown command: backup %s\n", case_verb);
4385 }
else if (!strncmp(case_command,
"ROLLOVER", 8)) {
4388 if (!strncmp(case_verb,
"LIST", 4)) {
4391 printf(
"Unknown command: rollover %s\n", case_verb);
4395 }
else if (!strncmp(case_command,
"DATABASE", 8)) {
4399 if (!strncmp(case_verb,
"BACKUP", 6)) {
4402 printf(
"Unknown command: database %s\n", case_verb);
4406 }
else if (!strncmp(case_command,
"ZONELIST", 8)) {
4410 if (!strncmp(case_verb,
"EXPORT", 6)) {
4413 else if (!strncmp(case_verb,
"IMPORT", 6)) {
4416 printf(
"Unknown command: zonelist %s\n", case_verb);
4421 printf(
"Unknown command: %s\n", argv[0]);
4433 xmlCleanupGlobals();
4434 xmlCleanupThreads();
4456 char *dbschema = NULL;
4460 char *password = NULL;
4464 char* backup_filename = NULL;
4465 char* lock_filename;
4468 status =
get_db_details(&dbschema, &host, &port, &user, &password);
4484 if (lock_fd != NULL) {
4485 lock_filename = NULL;
4489 *lock_fd = fopen(lock_filename,
"w");
4492 printf(
"Error getting db lock\n");
4493 if (*lock_fd != NULL) {
4517 if (lock_fd != NULL) {
4532 status =
DbConnect(dbhandle, dbschema, host, password, user, port);
4554 if (lock_fd != NULL) {
4557 printf(
"Error releasing db lock");
4579 if (lock_fd == NULL) {
4580 printf(
"%s could not be opened\n", lock_filename);
4584 memset(&fl, 0,
sizeof(
struct flock));
4585 fl.l_type = F_WRLCK;
4586 fl.l_whence = SEEK_SET;
4587 fl.l_pid = getpid();
4589 while (fcntl(fileno(lock_fd), F_SETLK, &fl) == -1) {
4591 printf(
"couldn't get lock on %s; %s\n", lock_filename, strerror(errno));
4594 if (errno == EACCES || errno == EAGAIN) {
4595 printf(
"%s already locked, sleep\n", lock_filename);
4600 select(0, NULL, NULL, NULL, &tv);
4605 printf(
"couldn't get lock on %s; %s\n", lock_filename, strerror(errno));
4618 if (lock_fd == NULL) {
4622 memset(&fl, 0,
sizeof(
struct flock));
4623 fl.l_type = F_UNLCK;
4624 fl.l_whence = SEEK_SET;
4626 if (fcntl(fileno(lock_fd), F_SETLK, &fl) == -1) {
4639 xmlTextReaderPtr reader = NULL;
4640 xmlDocPtr doc = NULL;
4641 xmlXPathContextPtr xpathCtx = NULL;
4642 xmlXPathObjectPtr xpathObj = NULL;
4644 char* tag_name = NULL;
4645 char* temp_char = NULL;
4647 xmlChar *zonelist_expr = (
unsigned char*)
"//Common/ZoneListFile";
4648 xmlChar *kaspfile_expr = (
unsigned char*)
"//Common/PolicyFile";
4651 reader = xmlNewTextReaderFilename(
config);
4652 if (reader != NULL) {
4653 ret = xmlTextReaderRead(reader);
4655 tag_name = (
char*) xmlTextReaderLocalName(reader);
4657 if (strncmp(tag_name,
"Common", 6) == 0
4658 && xmlTextReaderNodeType(reader) == 1) {
4661 xmlTextReaderExpand(reader);
4662 doc = xmlTextReaderCurrentDoc(reader);
4664 printf(
"Error: can not read Common section\n");
4666 ret = xmlTextReaderRead(reader);
4670 xpathCtx = xmlXPathNewContext(doc);
4671 if(xpathCtx == NULL) {
4672 printf(
"Error: can not create XPath context for Common section\n");
4674 ret = xmlTextReaderRead(reader);
4679 xpathObj = xmlXPathEvalExpression(zonelist_expr, xpathCtx);
4680 if(xpathObj == NULL) {
4681 printf(
"Error: unable to evaluate xpath expression: %s\n", zonelist_expr);
4683 ret = xmlTextReaderRead(reader);
4686 *zone_list_filename = NULL;
4687 temp_char = (
char*) xmlXPathCastToString(xpathObj);
4688 StrAppend(zone_list_filename, temp_char);
4690 xmlXPathFreeObject(xpathObj);
4691 printf(
"zonelist filename set to %s.\n", *zone_list_filename);
4694 xpathObj = xmlXPathEvalExpression(kaspfile_expr, xpathCtx);
4695 xmlXPathFreeContext(xpathCtx);
4696 if(xpathObj == NULL) {
4697 printf(
"Error: unable to evaluate xpath expression: %s\n", kaspfile_expr);
4699 ret = xmlTextReaderRead(reader);
4702 *kasp_filename = NULL;
4703 if (xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
4707 temp_char = (
char*) xmlXPathCastToString(xpathObj);
4715 StrAppend(kasp_filename, OPENDNSSEC_CONFIG_DIR);
4718 printf(
"kasp filename set to %s.\n", *kasp_filename);
4720 xmlXPathFreeObject(xpathObj);
4723 ret = xmlTextReaderRead(reader);
4727 xmlFreeTextReader(reader);
4729 printf(
"%s : failed to parse\n",
config);
4733 printf(
"Unable to open %s\n",
config);
4750 xmlDocPtr doc = NULL;
4751 xmlXPathContextPtr xpathCtx = NULL;
4752 xmlXPathObjectPtr xpathObj = NULL;
4754 char* repo_name = NULL;
4755 char* repo_capacity = NULL;
4756 int require_backup = 0;
4759 xmlChar *node_expr = (
unsigned char*)
"//Configuration/RepositoryList/Repository";
4763 doc = xmlParseFile(
config);
4765 printf(
"Unable to open %s\n",
config);
4770 xpathCtx = xmlXPathNewContext(doc);
4771 if(xpathCtx == NULL) {
4777 xpathObj = xmlXPathEvalExpression(node_expr, xpathCtx);
4778 if(xpathObj == NULL) {
4779 xmlXPathFreeContext(xpathCtx);
4784 if (xpathObj->nodesetval) {
4785 for (i = 0; i < xpathObj->nodesetval->nodeNr; i++) {
4790 curNode = xpathObj->nodesetval->nodeTab[i]->xmlChildrenNode;
4791 repo_name = (
char *) xmlGetProp(xpathObj->nodesetval->nodeTab[i],
4792 (
const xmlChar *)
"name");
4794 if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Capacity")) {
4795 repo_capacity = (
char *) xmlNodeGetContent(curNode);
4797 if (xmlStrEqual(curNode->name, (
const xmlChar *)
"RequireBackup")) {
4801 curNode = curNode->next;
4804 if (strlen(repo_name) != 0) {
4806 printf(
"Repository %s found\n", repo_name);
4807 if (strlen(repo_capacity) == 0) {
4808 printf(
"No Maximum Capacity set.\n");
4814 printf(
"Capacity set to %s.\n", repo_capacity);
4820 if (require_backup == 0) {
4821 printf(
"RequireBackup NOT set; please make sure that you know the potential problems of using keys which are not recoverable\n");
4823 printf(
"RequireBackup set.\n");
4827 printf(
"Error Importing Repository %s", repo_name);
4831 printf(
"WARNING: Repository found with NULL name, skipping...\n");
4839 xmlXPathFreeObject(xpathObj);
4842 xmlXPathFreeContext(xpathCtx);
4857 char *policy_name = NULL;
4858 char *policy_description = NULL;
4861 xmlDocPtr doc = NULL;
4862 xmlDocPtr pol_doc = NULL;
4863 xmlDocPtr rngdoc = NULL;
4866 xmlNode *childNode2;
4867 xmlNode *childNode3;
4868 xmlChar *opt_out_flag = (xmlChar *)
"N";
4869 xmlChar *nsec3param_ttl = NULL ;
4870 xmlChar *share_keys_flag = (xmlChar *)
"N";
4871 xmlChar *man_roll_flag = (xmlChar *)
"N";
4872 xmlChar *rfc5011_flag = (xmlChar *)
"N";
4873 int standby_keys_flag = 0;
4874 xmlXPathContextPtr xpathCtx = NULL;
4875 xmlXPathObjectPtr xpathObj = NULL;
4876 xmlRelaxNGParserCtxtPtr rngpctx = NULL;
4877 xmlRelaxNGValidCtxtPtr rngctx = NULL;
4878 xmlRelaxNGPtr schema = NULL;
4881 xmlChar *node_expr = (
unsigned char*)
"//Policy";
4887 int algo_change = 0;
4889 char* changes_made = NULL;
4894 const char* rngfilename = OPENDNSSEC_SCHEMA_DIR
"/kasp.rng";
4895 char* kaspcheck_cmd = NULL;
4896 char* kaspcheck_cmd_version = NULL;
4898 StrAppend(&kaspcheck_cmd, ODS_EN_KASPCHECK);
4902 StrAppend(&kaspcheck_cmd_version, ODS_EN_KASPCHECK);
4903 StrAppend(&kaspcheck_cmd_version,
" --version > /dev/null");
4906 status = system(kaspcheck_cmd_version);
4909 status = system(kaspcheck_cmd);
4912 fprintf(stderr,
"ods-kaspcheck returned an error, please check your policy\n");
4914 StrFree(kaspcheck_cmd_version);
4920 fprintf(stderr,
"Couldn't run ods-kaspcheck, will carry on\n");
4924 StrFree(kaspcheck_cmd_version);
4927 doc = xmlParseFile(kasp_filename);
4929 printf(
"Error: unable to parse file \"%s\"\n", kasp_filename);
4934 rngdoc = xmlParseFile(rngfilename);
4935 if (rngdoc == NULL) {
4936 printf(
"Error: unable to parse file \"%s\"\n", rngfilename);
4941 rngpctx = xmlRelaxNGNewDocParserCtxt(rngdoc);
4942 if (rngpctx == NULL) {
4943 printf(
"Error: unable to create XML RelaxNGs parser context\n");
4948 schema = xmlRelaxNGParse(rngpctx);
4949 if (schema == NULL) {
4950 printf(
"Error: unable to parse a schema definition resource\n");
4955 rngctx = xmlRelaxNGNewValidCtxt(schema);
4956 if (rngctx == NULL) {
4957 printf(
"Error: unable to create RelaxNGs validation context based on the schema\n");
4962 status = xmlRelaxNGValidateDoc(rngctx,doc);
4964 printf(
"Error validating file \"%s\"\n", kasp_filename);
4970 if (policy == NULL) {
4971 printf(
"Malloc for policy struct failed");
4976 xpathCtx = xmlXPathNewContext(doc);
4977 if(xpathCtx == NULL) {
4984 xpathObj = xmlXPathEvalExpression(node_expr, xpathCtx);
4985 if(xpathObj == NULL) {
4986 xmlXPathFreeContext(xpathCtx);
4992 if (xpathObj->nodesetval) {
4998 for (i = 0; i < xpathObj->nodesetval->nodeNr; i++) {
5000 curNode = xpathObj->nodesetval->nodeTab[i]->xmlChildrenNode;
5001 policy_name = (
char *) xmlGetProp(xpathObj->nodesetval->nodeTab[i], (
const xmlChar *)
"name");
5002 if (strlen(policy_name) == 0) {
5004 printf(
"Error extracting policy name from %s\n", kasp_filename);
5017 printf(
"Error: unable to read policy %s; skipping\n", policy_name);
5022 if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Keys")) {
5023 childNode = curNode->children;
5025 if (xmlStrEqual(childNode->name, (
const xmlChar *)
"KSK")) {
5026 childNode2 = childNode->children;
5028 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Algorithm")) {
5031 status =
StrStrtoi((
char *)xmlNodeGetContent(childNode2), &value);
5033 printf(
"Error extracting KSK algorithm for policy %s, exiting...", policy_name);
5039 printf(
"\n\nAlgorithm change attempted... details:\n");
5040 StrAppend(&changes_made,
"Algorithm changes made, details:");
5043 size = snprintf(tmp_change,
KSM_MSG_LENGTH,
"Policy: %s, KSK algorithm changed from %d to %d.", policy_name, policy->
ksk->
algorithm, value);
5046 printf(
"Error constructing log message for policy %s, exiting...", policy_name);
5049 printf(
"%s\n", tmp_change);
5055 childNode2 = childNode2->next;
5060 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"ZSK")) {
5061 childNode2 = childNode->children;
5063 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Algorithm")) {
5066 status =
StrStrtoi((
char *)xmlNodeGetContent(childNode2), &value);
5068 printf(
"Error extracting ZSK algorithm for policy %s, exiting...", policy_name);
5074 printf(
"\n\nAlgorithm change attempted... details:\n");
5075 StrAppend(&changes_made,
"Algorithm changes made, details:");
5078 size = snprintf(tmp_change,
KSM_MSG_LENGTH,
"Policy: %s, ZSK algorithm changed from %d to %d.", policy_name, policy->
zsk->
algorithm, value);
5081 printf(
"Error constructing log message for policy %s, exiting...", policy_name);
5084 printf(
"%s\n", tmp_change);
5090 childNode2 = childNode2->next;
5095 childNode = childNode->next;
5098 curNode = curNode->next;
5110 if (algo_change == 1 && force_flag == 0) {
5111 printf(
"*WARNING* This will change the algorithms used as noted above. Algorithm rollover is _not_ supported by OpenDNSSEC and zones may break. Are you sure? [y/N] ");
5113 user_certain = getchar();
5114 if (user_certain !=
'y' && user_certain !=
'Y') {
5115 printf(
"\nOkay, quitting...\n");
5116 xmlXPathFreeContext(xpathCtx);
5129 #ifdef HAVE_OPENLOG_R 5134 #ifdef HAVE_SYSLOG_R 5135 syslog_r(LOG_INFO, &sdata,
"%s", changes_made);
5137 syslog(LOG_INFO,
"%s", changes_made);
5139 #ifdef HAVE_CLOSELOG_R 5150 for (i = 0; i < xpathObj->nodesetval->nodeNr; i++) {
5152 curNode = xpathObj->nodesetval->nodeTab[i]->xmlChildrenNode;
5153 policy_name = (
char *) xmlGetProp(xpathObj->nodesetval->nodeTab[i], (
const xmlChar *)
"name");
5154 if (strlen(policy_name) == 0) {
5156 printf(
"Error extracting policy name from %s\n", kasp_filename);
5160 printf(
"Policy %s found\n", policy_name);
5162 if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Description")) {
5163 policy_description = (
char *) xmlNodeGetContent(curNode);
5173 printf(
"Error: unable to read policy %s; skipping\n", policy_name);
5174 curNode = curNode->next;
5182 printf(
"Error: unable to update policy description for %s; skipping\n", policy_name);
5184 curNode = curNode->next;
5193 printf(
"Error: unable to insert policy %s; skipping\n", policy_name);
5195 curNode = curNode->next;
5201 printf(
"Error: unable to get policy id for %s; skipping\n", policy_name);
5202 curNode = curNode->next;
5208 else if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Signatures")) {
5209 childNode = curNode->children;
5211 if (xmlStrEqual(childNode->name, (
const xmlChar *)
"Resign")) {
5214 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"Refresh")) {
5217 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"Validity")) {
5218 childNode2 = childNode->children;
5220 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Default")) {
5223 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Denial")) {
5226 childNode2 = childNode2->next;
5229 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"Jitter")) {
5232 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"InceptionOffset")) {
5235 childNode = childNode->next;
5238 else if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Denial")) {
5239 opt_out_flag = (xmlChar *)
"N";
5240 childNode = curNode->children;
5242 if (xmlStrEqual(childNode->name, (
const xmlChar *)
"NSEC3")) {
5246 printf(
"Error: unable to insert/update %s for policy\n",
"Denial version");
5248 childNode2 = childNode->children;
5250 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"OptOut")) {
5251 opt_out_flag = (xmlChar *)
"Y";
5253 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Resalt")) {
5256 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"TTL")) {
5257 nsec3param_ttl = xmlNodeGetContent(childNode2);
5259 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Hash")) {
5260 childNode3 = childNode2->children;
5262 if (xmlStrEqual(childNode3->name, (
const xmlChar *)
"Algorithm")) {
5265 else if (xmlStrEqual(childNode3->name, (
const xmlChar *)
"Iterations")) {
5268 else if (xmlStrEqual(childNode3->name, (
const xmlChar *)
"Salt")) {
5271 childNode3 = childNode3->next;
5275 childNode2 = childNode2->next;
5279 if (nsec3param_ttl == NULL)
5280 nsec3param_ttl = (xmlChar *)
StrStrdup(
"PT0S");
5282 nsec3param_ttl = NULL;
5284 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"NSEC")) {
5287 printf(
"Error: unable to insert/update %s for policy\n",
"Denial version");
5290 childNode = childNode->next;
5293 else if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Keys")) {
5294 share_keys_flag = (xmlChar *)
"N";
5295 childNode = curNode->children;
5297 if (xmlStrEqual(childNode->name, (
const xmlChar *)
"TTL")) {
5300 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"RetireSafety")) {
5303 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"PublishSafety")) {
5306 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"ShareKeys")) {
5307 share_keys_flag = (xmlChar *)
"Y";
5309 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"Purge")) {
5313 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"KSK")) {
5314 man_roll_flag = (xmlChar *)
"N";
5315 rfc5011_flag = (xmlChar *)
"N";
5316 childNode2 = childNode->children;
5318 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Algorithm")) {
5323 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Lifetime")) {
5326 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Repository")) {
5328 printf(
"Please either add the repository to conf.xml or remove the reference to it from kasp.xml\n");
5330 xmlFreeDoc(pol_doc);
5331 xmlXPathFreeContext(xpathCtx);
5332 xmlRelaxNGFree(schema);
5333 xmlRelaxNGFreeValidCtxt(rngctx);
5334 xmlRelaxNGFreeParserCtxt(rngpctx);
5342 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Standby")) {
5344 standby_keys_flag = 1;
5346 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"ManualRollover")) {
5347 man_roll_flag = (xmlChar *)
"Y";
5349 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"RFC5011")) {
5350 rfc5011_flag = (xmlChar *)
"Y";
5355 childNode2 = childNode2->next;
5360 if (standby_keys_flag == 0) {
5363 standby_keys_flag = 0;
5367 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"ZSK")) {
5368 man_roll_flag = (xmlChar *)
"N";
5369 childNode2 = childNode->children;
5371 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Algorithm")) {
5376 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Lifetime")) {
5379 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Repository")) {
5381 printf(
"Please either add the repository to conf.xml or remove the reference to it from kasp.xml\n");
5383 xmlFreeDoc(pol_doc);
5384 xmlXPathFreeContext(xpathCtx);
5385 xmlRelaxNGFree(schema);
5386 xmlRelaxNGFreeValidCtxt(rngctx);
5387 xmlRelaxNGFreeParserCtxt(rngpctx);
5395 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Standby")) {
5397 standby_keys_flag = 1;
5399 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"ManualRollover")) {
5400 man_roll_flag = (xmlChar *)
"Y";
5402 childNode2 = childNode2->next;
5408 childNode = childNode->next;
5412 if (standby_keys_flag == 0) {
5415 standby_keys_flag = 0;
5420 else if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Zone")) {
5421 childNode = curNode->children;
5423 if (xmlStrEqual(childNode->name, (
const xmlChar *)
"PropagationDelay")) {
5426 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"SOA")) {
5427 childNode2 = childNode->children;
5429 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"TTL")) {
5432 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Minimum")) {
5435 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Serial")) {
5438 childNode2 = childNode2->next;
5441 childNode = childNode->next;
5445 else if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Parent")) {
5446 childNode = curNode->children;
5448 if (xmlStrEqual(childNode->name, (
const xmlChar *)
"PropagationDelay")) {
5451 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"DS")) {
5452 childNode2 = childNode->children;
5454 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"TTL")) {
5457 childNode2 = childNode2->next;
5460 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"SOA")) {
5461 childNode2 = childNode->children;
5463 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"TTL")) {
5466 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Minimum")) {
5469 childNode2 = childNode2->next;
5472 childNode = childNode->next;
5476 curNode = curNode->next;
5487 xmlXPathFreeContext(xpathCtx);
5488 xmlRelaxNGFree(schema);
5489 xmlRelaxNGFreeValidCtxt(rngctx);
5490 xmlRelaxNGFreeParserCtxt(rngpctx);
5504 xmlDocPtr doc = NULL;
5505 xmlDocPtr rngdoc = NULL;
5508 xmlNode *childNode2;
5509 xmlXPathContextPtr xpathCtx = NULL;
5510 xmlXPathObjectPtr xpathObj = NULL;
5511 xmlRelaxNGParserCtxtPtr rngpctx = NULL;
5512 xmlRelaxNGValidCtxtPtr rngctx = NULL;
5513 xmlRelaxNGPtr schema = NULL;
5515 char* zone_name = NULL;
5516 char* policy_name = NULL;
5517 char* current_policy = NULL;
5518 char* current_signconf = NULL;
5519 char* current_input = NULL;
5520 char* current_output = NULL;
5521 char* current_in_type = NULL;
5522 char* current_out_type = NULL;
5525 int file_zone_count = 0;
5526 int db_zone_count = 0;
5540 xmlChar *node_expr = (
unsigned char*)
"//Zone";
5541 const char* rngfilename = OPENDNSSEC_SCHEMA_DIR
"/zonelist.rng";
5544 doc = xmlParseFile(zone_list_filename);
5546 printf(
"Error: unable to parse file \"%s\"\n", zone_list_filename);
5551 rngdoc = xmlParseFile(rngfilename);
5552 if (rngdoc == NULL) {
5553 printf(
"Error: unable to parse file \"%s\"\n", rngfilename);
5558 rngpctx = xmlRelaxNGNewDocParserCtxt(rngdoc);
5559 if (rngpctx == NULL) {
5560 printf(
"Error: unable to create XML RelaxNGs parser context\n");
5565 schema = xmlRelaxNGParse(rngpctx);
5566 if (schema == NULL) {
5567 printf(
"Error: unable to parse a schema definition resource\n");
5572 rngctx = xmlRelaxNGNewValidCtxt(schema);
5573 if (rngctx == NULL) {
5574 printf(
"Error: unable to create RelaxNGs validation context based on the schema\n");
5579 status = xmlRelaxNGValidateDoc(rngctx,doc);
5581 printf(
"Error validating file \"%s\"\n", zone_list_filename);
5586 xpathCtx = xmlXPathNewContext(doc);
5587 if(xpathCtx == NULL) {
5593 xpathObj = xmlXPathEvalExpression(node_expr, xpathCtx);
5594 if(xpathObj == NULL) {
5595 xmlXPathFreeContext(xpathCtx);
5600 if (xpathObj->nodesetval) {
5601 file_zone_count = xpathObj->nodesetval->nodeNr;
5603 printf(
"Error extracting zone count from %s\n", zone_list_filename);
5604 xmlXPathFreeContext(xpathCtx);
5610 zone_ids =
MemMalloc(file_zone_count *
sizeof(
int));
5612 if (xpathObj->nodesetval) {
5613 for (i = 0; i < file_zone_count; i++) {
5615 curNode = xpathObj->nodesetval->nodeTab[i]->xmlChildrenNode;
5616 zone_name = (
char *) xmlGetProp(xpathObj->nodesetval->nodeTab[i], (
const xmlChar *)
"name");
5617 if (strlen(zone_name) == 0) {
5619 printf(
"Error extracting zone name from %s\n", zone_list_filename);
5632 printf(
"Zone %s found; ", zone_name);
5635 if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Policy")) {
5636 current_policy = (
char *) xmlNodeGetContent(curNode);
5638 printf(
"policy set to %s\n", current_policy);
5641 if (policy_name == NULL || strcmp(current_policy, policy_name) != 0) {
5643 StrAppend(&policy_name, current_policy);
5647 printf(
"ERROR, can't find policy %s.\n", policy_name);
5654 else if (xmlStrEqual(curNode->name, (
const xmlChar *)
"SignerConfiguration")) {
5655 current_signconf = (
char *) xmlNodeGetContent(curNode);
5658 else if (xmlStrEqual(curNode->name, (
const xmlChar *)
"Adapters")) {
5659 childNode = curNode->children;
5662 if (xmlStrEqual(childNode->name, (
const xmlChar *)
"Input")) {
5663 childNode2 = childNode->children;
5665 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Adapter")) {
5666 current_input = (
char *) xmlNodeGetContent(childNode2);
5667 current_in_type = (
char *) xmlGetProp(childNode2, (
const xmlChar *)
"type");
5669 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"File")) {
5670 current_input = (
char *) xmlNodeGetContent(childNode2);
5671 current_in_type = (
char *) childNode2->name;
5673 childNode2 = childNode2->next;
5677 else if (xmlStrEqual(childNode->name, (
const xmlChar *)
"Output")) {
5678 childNode2 = childNode->children;
5680 if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"Adapter")) {
5681 current_output = (
char *) xmlNodeGetContent(childNode2);
5682 current_out_type = (
char *) xmlGetProp(childNode2, (
const xmlChar *)
"type");
5684 else if (xmlStrEqual(childNode2->name, (
const xmlChar *)
"File")) {
5685 current_output = (
char *) xmlNodeGetContent(childNode2);
5686 current_out_type = (
char *) childNode2->name;
5688 childNode2 = childNode2->next;
5691 childNode = childNode->next;
5694 curNode = curNode->next;
5700 status =
KsmImportZone(zone_name, policy_id, 0, &new_zone, current_signconf, current_input, current_output, current_in_type, current_out_type);
5703 printf(
"Error Importing zone %s; it already exists both with and without a trailing dot\n", zone_name);
5705 printf(
"Error Importing Zone %s\n", zone_name);
5711 if (new_zone == 1) {
5712 printf(
"Added zone %s to database\n", zone_name);
5718 printf(
"Error: unable to find a zone named \"%s\" in database\n", zone_name);
5719 printf(
"Error: Possibly two domains differ only by having a trailing dot or not?\n");
5725 zone_ids[i] = temp_id;
5733 xmlXPathFreeContext(xpathCtx);
5734 xmlRelaxNGFree(schema);
5735 xmlRelaxNGFreeValidCtxt(rngctx);
5736 xmlRelaxNGFreeParserCtxt(rngpctx);
5749 if (file_zone_count == db_zone_count) {
5754 else if (file_zone_count > db_zone_count) {
5755 printf(
"Failed to add all zones from zonelist\n");
5771 while (status == 0) {
5772 DbInt(row, 0, &temp_id);
5774 DbInt(row, 2, &policy_id);
5777 for (i = 0; i < db_zone_count; ++i) {
5778 if (temp_id == zone_ids[i]) {
5784 if (seen_zone == 0) {
5787 printf(
"Removing zone %s from database\n", zone_name);
5789 status =
KsmParameterInit(&result2,
"zones_share_keys",
"keys", policy_id);
5815 if ((shared.
value == 1 && temp_count == 1) || shared.
value == 0) {
5818 printf(
"Error: failed to mark keys as dead in database\n");
5853 int SetParamOnPolicy(
const xmlChar* new_value,
const char* name,
const char* category,
int current_value,
int policy_id,
int value_type)
5857 char* temp_char = (
char *)new_value;
5861 if (strlen(temp_char) != 0) {
5864 printf(
"Error: unable to convert interval %s to seconds, error: %i\n", temp_char, status);
5868 else if (status == -1) {
5869 printf(
"Info: converting %s to seconds; M interpreted as 31 days, Y interpreted as 365 days\n", temp_char);
5878 if (strncmp(temp_char,
"Y", 1) == 0) {
5888 printf(
"Error: unable to find repository %s\n", temp_char);
5898 printf(
"Error: unable to find serial type %s\n", temp_char);
5908 printf(
"Error: unable to find rollover scheme %s\n", temp_char);
5917 printf(
"Error: unable to convert %s to int\n", temp_char);
5927 if (value != current_value || current_value == 0) {
5930 printf(
"Error: unable to insert/update %s for policy\n", name);
5931 printf(
"Error: Is your database schema up to date?\n");
5937 if (strncmp(name,
"saltlength", 10) == 0) {
5940 printf(
"Error: unable to insert/update %s for policy\n", name);
5941 printf(
"Error: Is your database schema up to date?\n");
5952 if (policy == NULL) {
5953 printf(
"Error, no policy provided");
5990 policy->
ksk->
sm = 0;
6002 policy->
zsk->
sm = 0;
6039 if((from = fopen( orig_file,
"rb"))==NULL) {
6040 if (errno == ENOENT) {
6041 printf(
"File %s does not exist, nothing to backup\n", orig_file);
6045 printf(
"Cannot open source file.\n");
6051 if((to = fopen(backup_file,
"wb"))==NULL) {
6052 printf(
"Cannot open destination file, will not make backup.\n");
6058 while(!feof(from)) {
6061 printf(
"Error reading source file.\n");
6066 if(!feof(from)) fputc(ch, to);
6068 printf(
"Error writing destination file.\n");
6075 if(fclose(from)==EOF) {
6076 printf(
"Error closing source file.\n");
6081 if(fclose(to)==EOF) {
6082 printf(
"Error closing destination file.\n");
6100 get_db_details(
char** dbschema,
char** host,
char** port,
char** user,
char** password)
6105 xmlXPathContextPtr xpathCtx;
6106 xmlXPathObjectPtr xpathObj;
6107 xmlRelaxNGParserCtxtPtr rngpctx;
6108 xmlRelaxNGValidCtxtPtr rngctx;
6109 xmlRelaxNGPtr schema;
6110 xmlChar *litexpr = (
unsigned char*)
"//Configuration/Enforcer/Datastore/SQLite";
6111 xmlChar *mysql_host = (
unsigned char*)
"//Configuration/Enforcer/Datastore/MySQL/Host";
6112 xmlChar *mysql_port = (
unsigned char*)
"//Configuration/Enforcer/Datastore/MySQL/Host/@port";
6113 xmlChar *mysql_db = (
unsigned char*)
"//Configuration/Enforcer/Datastore/MySQL/Database";
6114 xmlChar *mysql_user = (
unsigned char*)
"//Configuration/Enforcer/Datastore/MySQL/Username";
6115 xmlChar *mysql_pass = (
unsigned char*)
"//Configuration/Enforcer/Datastore/MySQL/Password";
6119 char* temp_char = NULL;
6122 const char* rngfilename = OPENDNSSEC_SCHEMA_DIR
"/conf.rng";
6125 doc = xmlParseFile(
config);
6127 printf(
"Error: unable to parse file \"%s\"\n",
config);
6132 rngdoc = xmlParseFile(rngfilename);
6133 if (rngdoc == NULL) {
6134 printf(
"Error: unable to parse file \"%s\"\n", rngfilename);
6140 rngpctx = xmlRelaxNGNewDocParserCtxt(rngdoc);
6142 if (rngpctx == NULL) {
6143 printf(
"Error: unable to create XML RelaxNGs parser context\n");
6149 schema = xmlRelaxNGParse(rngpctx);
6150 xmlRelaxNGFreeParserCtxt(rngpctx);
6151 if (schema == NULL) {
6152 printf(
"Error: unable to parse a schema definition resource\n");
6158 rngctx = xmlRelaxNGNewValidCtxt(schema);
6159 if (rngctx == NULL) {
6160 printf(
"Error: unable to create RelaxNGs validation context based on the schema\n");
6161 xmlRelaxNGFree(schema);
6167 status = xmlRelaxNGValidateDoc(rngctx,doc);
6168 xmlRelaxNGFreeValidCtxt(rngctx);
6169 xmlRelaxNGFree(schema);
6171 printf(
"Error validating file \"%s\"\n",
config);
6178 xpathCtx = xmlXPathNewContext(doc);
6179 if(xpathCtx == NULL) {
6180 printf(
"Error: unable to create new XPath context\n");
6186 xpathObj = xmlXPathEvalExpression(litexpr, xpathCtx);
6187 if(xpathObj == NULL) {
6188 printf(
"Error: unable to evaluate xpath expression: %s\n", litexpr);
6189 xmlXPathFreeContext(xpathCtx);
6193 if(xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
6195 temp_char = (
char *)xmlXPathCastToString(xpathObj);
6199 fprintf(stderr,
"SQLite database set to: %s\n", *dbschema);
6202 xmlXPathFreeObject(xpathObj);
6204 if (db_found == 0) {
6209 xpathObj = xmlXPathEvalExpression(mysql_host, xpathCtx);
6210 if(xpathObj == NULL) {
6211 printf(
"Error: unable to evaluate xpath expression: %s\n", mysql_host);
6212 xmlXPathFreeContext(xpathCtx);
6216 if(xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
6217 temp_char = (
char *)xmlXPathCastToString(xpathObj);
6221 fprintf(stderr,
"MySQL database host set to: %s\n", *host);
6224 xmlXPathFreeObject(xpathObj);
6227 xpathObj = xmlXPathEvalExpression(mysql_port, xpathCtx);
6228 if(xpathObj == NULL) {
6229 printf(
"Error: unable to evaluate xpath expression: %s\n", mysql_port);
6230 xmlXPathFreeContext(xpathCtx);
6234 if(xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
6235 temp_char = (
char *)xmlXPathCastToString(xpathObj);
6239 fprintf(stderr,
"MySQL database port set to: %s\n", *port);
6242 xmlXPathFreeObject(xpathObj);
6245 xpathObj = xmlXPathEvalExpression(mysql_db, xpathCtx);
6246 if(xpathObj == NULL) {
6247 printf(
"Error: unable to evaluate xpath expression: %s\n", mysql_db);
6248 xmlXPathFreeContext(xpathCtx);
6252 if(xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
6253 temp_char = (
char *)xmlXPathCastToString(xpathObj);
6257 fprintf(stderr,
"MySQL database schema set to: %s\n", *dbschema);
6262 xmlXPathFreeObject(xpathObj);
6265 xpathObj = xmlXPathEvalExpression(mysql_user, xpathCtx);
6266 if(xpathObj == NULL) {
6267 printf(
"Error: unable to evaluate xpath expression: %s\n", mysql_user);
6268 xmlXPathFreeContext(xpathCtx);
6272 if(xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
6273 temp_char = (
char *)xmlXPathCastToString(xpathObj);
6277 fprintf(stderr,
"MySQL database user set to: %s\n", *user);
6282 xmlXPathFreeObject(xpathObj);
6285 xpathObj = xmlXPathEvalExpression(mysql_pass, xpathCtx);
6286 if(xpathObj == NULL) {
6287 printf(
"Error: unable to evaluate xpath expression: %s\n", mysql_pass);
6288 xmlXPathFreeContext(xpathCtx);
6293 temp_char = (
char *)xmlXPathCastToString(xpathObj);
6296 xmlXPathFreeObject(xpathObj);
6299 fprintf(stderr,
"MySQL database password set\n");
6304 xmlXPathFreeContext(xpathCtx);
6309 printf(
"Error: unable to find complete database connection expression\n");
6315 printf(
"Error: Config file %s specifies database type %s but system is compiled to use %s\n",
config, (db_found==1) ?
"MySQL" :
"sqlite3", (db_found==2) ?
"MySQL" :
"sqlite3");
6329 xmlTextReaderPtr reader = NULL;
6330 xmlDocPtr doc = NULL;
6331 xmlXPathContextPtr xpathCtx = NULL;
6332 xmlXPathObjectPtr xpathObj = NULL;
6334 char* temp_char = NULL;
6335 char* tag_name = NULL;
6337 xmlChar *zonelist_expr = (
unsigned char*)
"//Common/ZoneListFile";
6340 reader = xmlNewTextReaderFilename(
config);
6341 if (reader != NULL) {
6342 ret = xmlTextReaderRead(reader);
6344 tag_name = (
char*) xmlTextReaderLocalName(reader);
6346 if (strncmp(tag_name,
"Common", 6) == 0
6347 && xmlTextReaderNodeType(reader) == 1) {
6350 xmlTextReaderExpand(reader);
6351 doc = xmlTextReaderCurrentDoc(reader);
6353 printf(
"Error: can not read Common section\n");
6355 ret = xmlTextReaderRead(reader);
6359 xpathCtx = xmlXPathNewContext(doc);
6360 if(xpathCtx == NULL) {
6361 printf(
"Error: can not create XPath context for Common section\n");
6363 ret = xmlTextReaderRead(reader);
6368 xpathObj = xmlXPathEvalExpression(zonelist_expr, xpathCtx);
6369 if(xpathObj == NULL) {
6370 printf(
"Error: unable to evaluate xpath expression: %s\n", zonelist_expr);
6372 ret = xmlTextReaderRead(reader);
6375 *zone_list_filename = NULL;
6376 temp_char = (
char *)xmlXPathCastToString(xpathObj);
6377 xmlXPathFreeObject(xpathObj);
6378 StrAppend(zone_list_filename, temp_char);
6380 printf(
"zonelist filename set to %s.\n", *zone_list_filename);
6383 ret = xmlTextReaderRead(reader);
6386 xmlFreeTextReader(reader);
6388 printf(
"%s : failed to parse\n",
config);
6392 printf(
"Unable to open %s\n",
config);
6396 xmlXPathFreeContext(xpathCtx);
6406 const char *zone_name,
6407 const char *policy_name,
6408 const char *sig_conf_name,
6409 const char *input_name,
6410 const char *output_name,
6411 const char *input_type,
6412 const char *output_type)
6416 xmlNodePtr newzonenode;
6417 xmlNodePtr newadaptnode;
6418 xmlNodePtr newinputnode;
6419 xmlNodePtr newinadnode;
6420 xmlNodePtr newoutputnode;
6421 xmlNodePtr newoutadnode;
6422 doc = xmlParseFile(docname);
6424 fprintf(stderr,
"Document not parsed successfully. \n");
6427 cur = xmlDocGetRootElement(doc);
6429 fprintf(stderr,
"empty document\n");
6433 if (xmlStrcmp(cur->name, (
const xmlChar *)
"ZoneList")) {
6434 fprintf(stderr,
"document of the wrong type, root node != %s",
"ZoneList");
6438 newzonenode = xmlNewTextChild(cur, NULL, (
const xmlChar *)
"Zone", NULL);
6439 (void) xmlNewProp(newzonenode, (
const xmlChar *)
"name", (
const xmlChar *)zone_name);
6441 (void) xmlNewTextChild (newzonenode, NULL, (
const xmlChar *)
"Policy", (
const xmlChar *)policy_name);
6443 (void) xmlNewTextChild (newzonenode, NULL, (
const xmlChar *)
"SignerConfiguration", (
const xmlChar *)sig_conf_name);
6445 newadaptnode = xmlNewChild (newzonenode, NULL, (
const xmlChar *)
"Adapters", NULL);
6447 newinputnode = xmlNewChild (newadaptnode, NULL, (
const xmlChar *)
"Input", NULL);
6449 newinadnode = xmlNewTextChild (newinputnode, NULL, (
const xmlChar *)
"Adapter", (
const xmlChar *)input_name);
6450 (void) xmlNewProp(newinadnode, (
const xmlChar *)
"type", (
const xmlChar *)input_type);
6452 newoutputnode = xmlNewChild (newadaptnode, NULL, (
const xmlChar *)
"Output", NULL);
6454 newoutadnode = xmlNewTextChild (newoutputnode, NULL, (
const xmlChar *)
"Adapter", (
const xmlChar *)output_name);
6455 (void) xmlNewProp(newoutadnode, (
const xmlChar *)
"type", (
const xmlChar *)output_type);
6461 const char *zone_name)
6467 doc = xmlParseFile(docname);
6469 fprintf(stderr,
"Document not parsed successfully. \n");
6472 root = xmlDocGetRootElement(doc);
6474 fprintf(stderr,
"empty document\n");
6478 if (xmlStrcmp(root->name, (
const xmlChar *)
"ZoneList")) {
6479 fprintf(stderr,
"document of the wrong type, root node != %s",
"ZoneList");
6485 if (all_flag == 1) {
6486 cur = root->children;
6492 cur = root->children;
6498 for(cur = root->children; cur != NULL; cur = cur->next)
6501 if (xmlStrcmp( xmlGetProp(cur, (xmlChar *)
"name"), (
const xmlChar *) zone_name) == 0)
6505 cur = root->children;
6520 xmlChar *polChar = NULL;
6521 xmlChar *propChar = NULL;
6527 doc = xmlParseFile(docname);
6529 fprintf(stderr,
"Document not parsed successfully. \n");
6532 root = xmlDocGetRootElement(doc);
6534 fprintf(stderr,
"empty document\n");
6538 if (xmlStrcmp(root->name, (
const xmlChar *)
"ZoneList")) {
6539 fprintf(stderr,
"document of the wrong type, root node != %s",
"ZoneList");
6545 for(cur = root->children; cur != NULL; cur = cur->next)
6547 if (xmlStrcmp( cur->name, (
const xmlChar *)
"Zone") == 0) {
6548 propChar = xmlGetProp(cur, (xmlChar *)
"name");
6549 printf(
"Found Zone: %s", propChar);
6555 printf(
" (zone not in database)");
6558 zone_ids[i] = temp_id;
6563 for(pol = cur->children; pol != NULL; pol = pol->next)
6565 if (xmlStrcmp( pol->name, (
const xmlChar *)
"Policy") == 0)
6567 polChar = xmlNodeGetContent(pol);
6568 printf(
"; on policy %s\n", polChar);
6587 xmlNodePtr policy_node;
6588 xmlNodePtr signatures_node;
6589 xmlNodePtr validity_node;
6590 xmlNodePtr denial_node;
6591 xmlNodePtr nsec_node;
6592 xmlNodePtr hash_node;
6593 xmlNodePtr salt_node;
6594 xmlNodePtr keys_node;
6595 xmlNodePtr ksk_node;
6596 xmlNodePtr ksk_alg_node;
6597 xmlNodePtr zsk_node;
6598 xmlNodePtr zsk_alg_node;
6599 xmlNodePtr zone_node;
6600 xmlNodePtr zone_soa_node;
6601 xmlNodePtr parent_node;
6602 xmlNodePtr parent_ds_node;
6603 xmlNodePtr parent_soa_node;
6607 root = xmlDocGetRootElement(doc);
6609 fprintf(stderr,
"empty document\n");
6612 if (xmlStrcmp(root->name, (
const xmlChar *)
"KASP")) {
6613 fprintf(stderr,
"document of the wrong type, root node != %s",
"KASP");
6617 policy_node = xmlNewTextChild(root, NULL, (
const xmlChar *)
"Policy", NULL);
6618 (void) xmlNewProp(policy_node, (
const xmlChar *)
"name", (
const xmlChar *)policy->
name);
6619 (void) xmlNewTextChild(policy_node, NULL, (
const xmlChar *)
"Description", (
const xmlChar *)policy->
description);
6622 signatures_node = xmlNewTextChild(policy_node, NULL, (
const xmlChar *)
"Signatures", NULL);
6624 (void) xmlNewTextChild(signatures_node, NULL, (
const xmlChar *)
"Resign", (
const xmlChar *)temp_time);
6626 (void) xmlNewTextChild(signatures_node, NULL, (
const xmlChar *)
"Refresh", (
const xmlChar *)temp_time);
6627 validity_node = xmlNewTextChild(signatures_node, NULL, (
const xmlChar *)
"Validity", NULL);
6629 (void) xmlNewTextChild(validity_node, NULL, (
const xmlChar *)
"Default", (
const xmlChar *)temp_time);
6631 (void) xmlNewTextChild(validity_node, NULL, (
const xmlChar *)
"Denial", (
const xmlChar *)temp_time);
6632 snprintf(temp_time, 32,
"PT%dS", policy->
signer->
jitter);
6633 (void) xmlNewTextChild(signatures_node, NULL, (
const xmlChar *)
"Jitter", (
const xmlChar *)temp_time);
6635 (void) xmlNewTextChild(signatures_node, NULL, (
const xmlChar *)
"InceptionOffset", (
const xmlChar *)temp_time);
6638 denial_node = xmlNewTextChild(policy_node, NULL, (
const xmlChar *)
"Denial", NULL);
6641 (void) xmlNewTextChild(denial_node, NULL, (
const xmlChar *)
"NSEC", NULL);
6645 nsec_node = xmlNewTextChild(denial_node, NULL, (
const xmlChar *)
"NSEC3", NULL);
6647 snprintf(temp_time, 32,
"PT%dS", policy->
denial->
ttl);
6648 (void) xmlNewTextChild(nsec_node, NULL, (
const xmlChar *)
"TTL", (
const xmlChar *)temp_time);
6652 (void) xmlNewTextChild(nsec_node, NULL, (
const xmlChar *)
"OptOut", NULL);
6654 snprintf(temp_time, 32,
"PT%dS", policy->
denial->
resalt);
6655 (void) xmlNewTextChild(nsec_node, NULL, (
const xmlChar *)
"Resalt", (
const xmlChar *)temp_time);
6656 hash_node = xmlNewTextChild(nsec_node, NULL, (
const xmlChar *)
"Hash", NULL);
6658 (void) xmlNewTextChild(hash_node, NULL, (
const xmlChar *)
"Algorithm", (
const xmlChar *)temp_time);
6660 (void) xmlNewTextChild(hash_node, NULL, (
const xmlChar *)
"Iterations", (
const xmlChar *)temp_time);
6662 salt_node = xmlNewTextChild(hash_node, NULL, (
const xmlChar *)
"Salt", NULL);
6663 (void) xmlNewProp(salt_node, (
const xmlChar *)
"length", (
const xmlChar *)temp_time);
6667 keys_node = xmlNewTextChild(policy_node, NULL, (
const xmlChar *)
"Keys", NULL);
6668 snprintf(temp_time, 32,
"PT%dS", policy->
keys->
ttl);
6669 (void) xmlNewTextChild(keys_node, NULL, (
const xmlChar *)
"TTL", (
const xmlChar *)temp_time);
6671 (void) xmlNewTextChild(keys_node, NULL, (
const xmlChar *)
"RetireSafety", (
const xmlChar *)temp_time);
6673 (void) xmlNewTextChild(keys_node, NULL, (
const xmlChar *)
"PublishSafety", (
const xmlChar *)temp_time);
6676 (void) xmlNewTextChild(keys_node, NULL, (
const xmlChar *)
"ShareKeys", NULL);
6679 snprintf(temp_time, 32,
"PT%dS", policy->
keys->
purge);
6680 (void) xmlNewTextChild(keys_node, NULL, (
const xmlChar *)
"Purge", (
const xmlChar *)temp_time);
6684 ksk_node = xmlNewTextChild(keys_node, NULL, (
const xmlChar *)
"KSK", NULL);
6686 ksk_alg_node = xmlNewTextChild(ksk_node, NULL, (
const xmlChar *)
"Algorithm", (
const xmlChar *)temp_time);
6687 snprintf(temp_time, 32,
"%d", policy->
ksk->
bits);
6688 (void) xmlNewProp(ksk_alg_node, (
const xmlChar *)
"length", (
const xmlChar *)temp_time);
6689 snprintf(temp_time, 32,
"PT%dS", policy->
ksk->
lifetime);
6690 (void) xmlNewTextChild(ksk_node, NULL, (
const xmlChar *)
"Lifetime", (
const xmlChar *)temp_time);
6691 (void) xmlNewTextChild(ksk_node, NULL, (
const xmlChar *)
"Repository", (
const xmlChar *)policy->
ksk->
sm_name);
6693 (void) xmlNewTextChild(ksk_node, NULL, (
const xmlChar *)
"Standby", (
const xmlChar *)temp_time);
6696 (void) xmlNewTextChild(ksk_node, NULL, (
const xmlChar *)
"ManualRollover", NULL);
6700 (void) xmlNewTextChild(ksk_node, NULL, (
const xmlChar *)
"RFC5011", NULL);
6708 zsk_node = xmlNewTextChild(keys_node, NULL, (
const xmlChar *)
"ZSK", NULL);
6710 zsk_alg_node = xmlNewTextChild(zsk_node, NULL, (
const xmlChar *)
"Algorithm", (
const xmlChar *)temp_time);
6711 snprintf(temp_time, 32,
"%d", policy->
zsk->
bits);
6712 (void) xmlNewProp(zsk_alg_node, (
const xmlChar *)
"length", (
const xmlChar *)temp_time);
6713 snprintf(temp_time, 32,
"PT%dS", policy->
zsk->
lifetime);
6714 (void) xmlNewTextChild(zsk_node, NULL, (
const xmlChar *)
"Lifetime", (
const xmlChar *)temp_time);
6715 (void) xmlNewTextChild(zsk_node, NULL, (
const xmlChar *)
"Repository", (
const xmlChar *)policy->
zsk->
sm_name);
6717 (void) xmlNewTextChild(zsk_node, NULL, (
const xmlChar *)
"Standby", (
const xmlChar *)temp_time);
6720 (void) xmlNewTextChild(zsk_node, NULL, (
const xmlChar *)
"ManualRollover", NULL);
6724 zone_node = xmlNewTextChild(policy_node, NULL, (
const xmlChar *)
"Zone", NULL);
6726 (void) xmlNewTextChild(zone_node, NULL, (
const xmlChar *)
"PropagationDelay", (
const xmlChar *)temp_time);
6727 zone_soa_node = xmlNewTextChild(zone_node, NULL, (
const xmlChar *)
"SOA", NULL);
6728 snprintf(temp_time, 32,
"PT%dS", policy->
zone->
soa_ttl);
6729 (void) xmlNewTextChild(zone_soa_node, NULL, (
const xmlChar *)
"TTL", (
const xmlChar *)temp_time);
6730 snprintf(temp_time, 32,
"PT%dS", policy->
zone->
soa_min);
6731 (void) xmlNewTextChild(zone_soa_node, NULL, (
const xmlChar *)
"Minimum", (
const xmlChar *)temp_time);
6735 parent_node = xmlNewTextChild(policy_node, NULL, (
const xmlChar *)
"Parent", NULL);
6737 (void) xmlNewTextChild(parent_node, NULL, (
const xmlChar *)
"PropagationDelay", (
const xmlChar *)temp_time);
6738 parent_ds_node = xmlNewTextChild(parent_node, NULL, (
const xmlChar *)
"DS", NULL);
6739 snprintf(temp_time, 32,
"PT%dS", policy->
parent->
ds_ttl);
6740 (void) xmlNewTextChild(parent_ds_node, NULL, (
const xmlChar *)
"TTL", (
const xmlChar *)temp_time);
6741 parent_soa_node = xmlNewTextChild(parent_node, NULL, (
const xmlChar *)
"SOA", NULL);
6743 (void) xmlNewTextChild(parent_soa_node, NULL, (
const xmlChar *)
"TTL", (
const xmlChar *)temp_time);
6745 (void) xmlNewTextChild(parent_soa_node, NULL, (
const xmlChar *)
"Minimum", (
const xmlChar *)temp_time);
6754 const char *policy_name)
6760 doc = xmlParseFile(docname);
6762 fprintf(stderr,
"Document not parsed successfully. \n");
6765 root = xmlDocGetRootElement(doc);
6767 fprintf(stderr,
"empty document\n");
6771 if (xmlStrcmp(root->name, (
const xmlChar *)
"KASP")) {
6772 fprintf(stderr,
"document of the wrong type, root node != %s",
"KASP");
6779 for(cur = root->children; cur != NULL; cur = cur->next)
6782 if (xmlStrcmp( xmlGetProp(cur, (xmlChar *)
"name"), (
const xmlChar *) policy_name) == 0)
6786 cur = root->children;
6802 fprintf(stdout,
"KSK:");
6806 fprintf(stdout,
"ZSK:");
6808 fprintf(stdout,
" %s Retired\n", key_data->
location);
6820 fprintf(stderr,
"%s\n", format);
6847 char* temp_zone = NULL;
6850 char* temp_publish = NULL;
6851 char* temp_ready = NULL;
6852 char* temp_active = NULL;
6853 char* temp_retire = NULL;
6854 char* temp_dead = NULL;
6855 char* temp_loc = NULL;
6856 char* temp_hsm = NULL;
6859 int temp_rfc5011 = 0;
6860 int temp_revoked = 0;
6862 bool bool_temp_zone =
false;
6865 char *case_keystate = NULL;
6866 char *case_keytype = NULL;
6869 hsm_key_t *key = NULL;
6870 ldns_rr *dnskey_rr = NULL;
6871 hsm_sign_params_t *sign_params = NULL;
6875 status = hsm_open(
config, hsm_prompt_pin);
6877 hsm_print_error(NULL);
6884 printf(
"Error: --keystate and --all option cannot be given together\n");
6889 StrAppend(&sql,
"select z.name, k.keytype, k.state, k.ready, k.active, k.retire, k.dead, k.location, s.name, k.algorithm, k.size, k.publish, k.rfc5011, k.revoked from securitymodules s, KEYDATA_VIEW k left join zones z on k.zone_id = z.id where s.id = k.securitymodule_id ");
6890 if (zone_id != -1) {
6900 if (strncmp(case_keystate,
"GENERATE", 8) == 0 || strncmp(
o_keystate,
"1", 1) == 0) {
6903 else if (strncmp(case_keystate,
"KEYPUBLISH", 10) == 0 || strncmp(
o_keystate,
"10", 2) == 0) {
6906 else if (strncmp(case_keystate,
"PUBLISH", 7) == 0 || strncmp(
o_keystate,
"2", 1) == 0) {
6909 else if (strncmp(case_keystate,
"READY", 5) == 0 || strncmp(
o_keystate,
"3", 1) == 0) {
6912 else if (strncmp(case_keystate,
"ACTIVE", 6) == 0 || strncmp(
o_keystate,
"4", 1) == 0) {
6915 else if (strncmp(case_keystate,
"RETIRE", 6) == 0 || strncmp(
o_keystate,
"5", 1) == 0) {
6918 else if (strncmp(case_keystate,
"DEAD", 4) == 0 || strncmp(
o_keystate,
"6", 1) == 0) {
6921 else if (strncmp(case_keystate,
"DSSUB", 5) == 0 || strncmp(
o_keystate,
"7", 1) == 0) {
6924 else if (strncmp(case_keystate,
"DSPUBLISH", 9) == 0 || strncmp(
o_keystate,
"8", 1) == 0) {
6927 else if (strncmp(case_keystate,
"DSREADY", 7) == 0 || strncmp(
o_keystate,
"9", 1) == 0) {
6931 printf(
"Error: Unrecognised state %s; should be one of GENERATE, PUBLISH, READY, ACTIVE, RETIRE, DEAD, DSSUB, DSPUBLISH, DSREADY or KEYPUBLISH\n",
o_keystate);
6937 if (state_id != -1){
6956 if (strncmp(case_keytype,
"KSK", 3) == 0 || strncmp(
o_keytype,
"257", 3) == 0) {
6959 else if (strncmp(case_keytype,
"ZSK", 3) == 0 || strncmp(
o_keytype,
"256", 3) == 0) {
6963 printf(
"Error: Unrecognised keytype %s; should be one of KSK or ZSK\n",
o_keytype);
6978 if (verbose_flag == 1) {
6979 printf(
"Zone: Keytype: State: Date of next transition (to): Size: Algorithm: CKA_ID: Repository: Keytag:\n");
6982 printf(
"Zone: Keytype: State: Date of next transition:\n");
6984 while (status == 0) {
6987 DbInt(row, 1, &temp_type);
6988 DbInt(row, 2, &temp_state);
6995 DbInt(row, 9, &temp_alg);
6996 DbInt(row, 10, &temp_size);
6998 DbInt(row, 12, &temp_rfc5011);
6999 DbInt(row, 13, &temp_revoked);
7000 if (temp_zone == NULL){
7001 bool_temp_zone =
true;
7002 temp_zone =
"NOT ALLOCATED";
7004 bool_temp_zone =
false;
7010 printf(
"%-31s %-13s %-9s %-20s", temp_zone,
"",
"generate",
"(not scheduled)");
7012 printf(
"(publish) ");
7019 printf(
"%-31s %-13s %-9s %-20s", temp_zone, (temp_type ==
KSM_TYPE_KSK) ?
"KSK" :
"ZSK",
KsmKeywordStateValueToName(temp_state), (temp_publish== NULL) ?
"(not scheduled)" : temp_publish);
7021 printf(
"(publish) ");
7029 if (!temp_rfc5011) {
7032 printf(
"(active) ");
7040 printf(
"(active) ");
7045 printf(
"%-31s %-13s %-9s %-20s", temp_zone, (temp_type ==
KSM_TYPE_KSK) ?
"KSK" :
"ZSK",
KsmKeywordStateValueToName(temp_state), (temp_retire == NULL) ?
"(not scheduled)" : temp_retire);
7047 printf(
"(retire) ");
7053 printf(
"%-31s %-13s %-9s %-20s", temp_zone, (temp_type ==
KSM_TYPE_KSK) ?
"KSK" :
"ZSK", state, (temp_dead == NULL) ?
"(not scheduled)" : temp_dead);
7063 printf(
"(deleted) ");
7076 printf(
"%-31s %-13s %-9s %-20s", temp_zone,
"KSK",
KsmKeywordStateValueToName(temp_state), (temp_ready == NULL) ?
"(not scheduled)" : temp_ready);
7078 printf(
"(dsready) ");
7085 printf(
"(keypub) ");
7090 printf(
"%-31s %-13s %-9s %-20s", temp_zone,
"KSK",
KsmKeywordStateValueToName(temp_state), (temp_active == NULL) ?
"(not scheduled)" : temp_active);
7092 printf(
"(active) ");
7097 if (done_row == 1 && verbose_flag == 1) {
7098 printf(
"%-7d %-12d", temp_size, temp_alg);
7099 key = hsm_find_key_by_id(NULL, temp_loc);
7101 printf(
"%-33s %s NOT IN repository\n", temp_loc, temp_hsm);
7102 }
else if (bool_temp_zone ==
true){
7103 printf(
"%-33s %s\n",temp_loc,temp_hsm);
7105 sign_params = hsm_sign_params_new();
7106 sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, temp_zone);
7107 sign_params->algorithm = temp_alg;
7108 sign_params->flags = LDNS_KEY_ZONE_KEY;
7110 sign_params->flags += LDNS_KEY_SEP_KEY;
7111 if (temp_revoked) sign_params->flags |= 1<<7;
7113 dnskey_rr = hsm_get_dnskey(NULL, key, sign_params);
7114 sign_params->keytag = ldns_calc_keytag(dnskey_rr);
7116 printf(
"%-33s %-33s %d\n", temp_loc, temp_hsm, sign_params->keytag);
7118 hsm_sign_params_free(sign_params);
7122 else if (done_row == 1) {
7140 if (bool_temp_zone ==
false){
7150 if (dnskey_rr != NULL) {
7151 ldns_rr_free(dnskey_rr);
7193 char* temp_loc = NULL;
7196 int done_something = 0;
7199 hsm_key_t *key = NULL;
7201 if ((zone_id == -1 && policy_id == -1) ||
7202 (zone_id != -1 && policy_id != -1)){
7203 printf(
"Please provide either a zone OR a policy to key purge\n");
7209 status = hsm_open(
config, hsm_prompt_pin);
7211 hsm_print_error(NULL);
7216 StrAppend(&sql,
"select distinct id, location from KEYDATA_VIEW where state = 6 ");
7217 if (zone_id != -1) {
7222 if (policy_id != -1) {
7233 while (status == 0) {
7235 DbInt(row, 0, &temp_id);
7295 key = hsm_find_key_by_id(NULL, temp_loc);
7298 printf(
"Key not found: %s\n", temp_loc);
7306 status = hsm_remove_key(NULL, key);
7311 printf(
"Key remove successful: %s\n", temp_loc);
7313 printf(
"Key remove failed: %s\n", temp_loc);
7335 if (done_something == 0) {
7336 printf(
"No keys to purge.\n");
7356 hsm_ctx_t *ctx = NULL;
7361 hsm_key_t *key = NULL;
7362 char *hsm_error_message = NULL;
7364 int ksks_needed = 0;
7365 int zsks_needed = 0;
7366 int ksks_in_queue = 0;
7367 int zsks_in_queue = 0;
7370 unsigned int current_count = 0;
7376 int ksks_created = 0;
7380 FILE* lock_fd = NULL;
7388 printf(
"Failed to connect to database\n");
7394 if (policy == NULL) {
7395 printf(
"Malloc for policy struct failed\n");
7401 printf(
"Please provide a policy name with the --policy option\n");
7407 printf(
"Please provide an interval with the --interval option\n");
7420 printf(
"Error: unable to read policy %s from database\n",
o_policy);
7426 printf(
"Error: policy %s doesn't exist in database\n",
o_policy);
7433 printf(
"Key sharing is On\n");
7435 printf(
"Key sharing is Off\n");
7440 printf(
"Error: unable to convert Interval %s to seconds, error: ",
o_interval);
7443 printf(
"invalid interval-type.\n");
7446 printf(
"unable to translate string.\n");
7449 printf(
"interval too long to be an int. E.g. Maximum is ~68 years on a system with 32-bit integers.\n");
7452 printf(
"invalid pointers or text string NULL.\n");
7455 printf(
"unknown\n");
7461 else if (status == -1) {
7462 printf(
"Info: converting %s to seconds; M interpreted as 31 days, Y interpreted as 365 days\n",
o_interval);
7466 status = hsm_open(
config, hsm_prompt_pin);
7468 hsm_error_message = hsm_get_error(ctx);
7469 if (hsm_error_message) {
7470 printf(
"%s\n", hsm_error_message);
7471 free(hsm_error_message);
7477 printf(
"hsm_open() result: HSM error\n");
7479 case HSM_PIN_INCORRECT:
7480 printf(
"hsm_open() result: incorrect PIN\n");
7482 case HSM_CONFIG_FILE_ERROR:
7483 printf(
"hsm_open() result: config file error\n");
7485 case HSM_REPOSITORY_NOT_FOUND:
7486 printf(
"hsm_open() result: repository not found\n");
7488 case HSM_NO_REPOSITORIES:
7489 printf(
"hsm_open() result: no repositories\n");
7492 printf(
"hsm_open() result: %d", status);
7499 printf(
"HSM opened successfully.\n");
7500 ctx = hsm_create_context();
7505 if (rightnow == NULL) {
7506 printf(
"Couldn't turn \"now\" into a date, quitting...\n");
7527 printf(
"Could not count zones on policy %s\n", policy->
name);
7530 hsm_destroy_context(ctx);
7536 printf(
"Info: %d zone(s) found on policy \"%s\"\n", zone_count, policy->
name);
7545 printf(
"Error: Unable to convert zonetotal \"%s\"; to an integer\n",
o_zonetotal);
7552 printf(
"Error: zonetotal \"%s\"; should be numeric only\n",
o_zonetotal);
7559 if (zone_count < 1) {
7560 printf(
"Error: zonetotal parameter value of %d is invalid - the value must be greater than 0\n", zone_count);
7566 printf(
"Info: Keys will actually be generated for a total of %d zone(s) as specified by zone total parameter\n", zone_count);
7570 if (zone_count == 0) {
7571 printf(
"No zones on policy %s, skipping...\n", policy->
name);
7574 hsm_destroy_context(ctx);
7585 printf(
"Could not predict ksk requirement for next interval for %s\n", policy->
name);
7594 printf(
"Could not count current ksk numbers for policy %s\n", policy->
name);
7602 new_ksks = ksks_needed - ksks_in_queue;
7603 printf(
"%d new KSK(s) (%d bits) need to be created for policy %s: keys_to_generate(%d) = keys_needed(%d) - keys_available(%d).\n", new_ksks, policy->
ksk->
bits, policy->
name, new_ksks, ksks_needed, ksks_in_queue);
7609 printf(
"Could not predict zsk requirement for next interval for %s\n", policy->
name);
7618 printf(
"Could not count current zsk numbers for policy %s\n", policy->
name);
7629 if (new_ksks >= 0) {
7634 zsks_in_queue -= ksks_needed;
7638 new_zsks = zsks_needed - zsks_in_queue;
7639 printf(
"%d new ZSK(s) (%d bits) need to be created for policy %s: keys_to_generate(%d) = keys_needed(%d) - keys_available(%d).\n", new_zsks, policy->
zsk->
bits, policy->
name, new_zsks, zsks_needed, zsks_in_queue);
7645 if (policy->
ksk->
sm_capacity != 0 && (new_ksks + new_zsks) > 0) {
7646 current_count = hsm_count_keys_repository(ctx, policy->
ksk->
sm_name);
7648 printf(
"Repository %s is full, cannot create more keys for policy %s\n", policy->
ksk->
sm_name, policy->
name);
7652 printf(
"Repository %s is nearly full, will create %lu KSKs for policy %s (reduced from %d)\n", policy->
ksk->
sm_name, policy->
ksk->
sm_capacity - current_count, policy->
name, new_ksks);
7655 else if (current_count + new_ksks + new_zsks > policy->
ksk->
sm_capacity) {
7656 printf(
"Repository %s is nearly full, will create %lu ZSKs for policy %s (reduced from %d)\n", policy->
ksk->
sm_name, policy->
ksk->
sm_capacity - current_count, policy->
name, new_ksks);
7665 current_count = hsm_count_keys_repository(ctx, policy->
ksk->
sm_name);
7667 printf(
"Repository %s is full, cannot create more KSKs for policy %s\n", policy->
ksk->
sm_name, policy->
name);
7671 printf(
"Repository %s is nearly full, will create %lu KSKs for policy %s (reduced from %d)\n", policy->
ksk->
sm_name, policy->
ksk->
sm_capacity - current_count, policy->
name, new_ksks);
7678 current_count = hsm_count_keys_repository(ctx, policy->
zsk->
sm_name);
7680 printf(
"Repository %s is full, cannot create more ZSKs for policy %s\n", policy->
zsk->
sm_name, policy->
name);
7684 printf(
"Repository %s is nearly full, will create %lu ZSKs for policy %s (reduced from %d)\n", policy->
zsk->
sm_name, policy->
zsk->
sm_capacity - current_count, policy->
name, new_zsks);
7691 if (new_ksks <= 0 && new_zsks <= 0) {
7692 printf(
"No keys need to be created, quitting...\n");
7695 hsm_destroy_context(ctx);
7697 status = hsm_close();
7698 printf(
"all done! hsm_close result: %d\n", status);
7705 if (!auto_accept_flag) {
7706 printf(
"*WARNING* This will create %d KSKs (%d bits) and %d ZSKs (%d bits)\nAre you sure? [y/N] \n", new_ksks >= 0 ? new_ksks : 0, policy->
ksk->
bits, new_zsks >= 0 ? new_zsks : 0, policy->
zsk->
bits);
7708 user_certain = getchar();
7709 if (user_certain !=
'y' && user_certain !=
'Y') {
7710 printf(
"Okay, quitting...\n");
7713 hsm_destroy_context(ctx);
7715 status = hsm_close();
7716 printf(
"all done! hsm_close result: %d\n", status);
7724 for (i=new_ksks ; i > 0 ; i--){
7725 if (hsm_supported_algorithm(policy->
ksk->
algorithm) == 0) {
7730 printf(
"Created key in repository %s\n", policy->
ksk->
sm_name);
7733 printf(
"Error creating key in repository %s\n", policy->
ksk->
sm_name);
7734 hsm_error_message = hsm_get_error(ctx);
7735 if (hsm_error_message) {
7736 printf(
"%s\n", hsm_error_message);
7737 free(hsm_error_message);
7744 id = hsm_get_key_id(ctx, key);
7748 printf(
"Error creating key in Database\n");
7749 hsm_error_message = hsm_get_error(ctx);
7750 if (hsm_error_message) {
7751 printf(
"%s\n", hsm_error_message);
7752 free(hsm_error_message);
7759 printf(
"Created KSK size: %i, alg: %i with id: %s in repository: %s and database.\n", policy->
ksk->
bits,
7763 printf(
"Key algorithm %d unsupported by libhsm.\n", policy->
ksk->
algorithm);
7770 ksks_created = new_ksks;
7773 for (i = new_zsks ; i > 0 ; i--) {
7774 if (hsm_supported_algorithm(policy->
zsk->
algorithm) == 0) {
7779 printf(
"Created key in repository %s\n", policy->
zsk->
sm_name);
7782 printf(
"Error creating key in repository %s\n", policy->
zsk->
sm_name);
7783 hsm_error_message = hsm_get_error(ctx);
7784 if (hsm_error_message) {
7785 printf(
"%s\n", hsm_error_message);
7786 free(hsm_error_message);
7793 id = hsm_get_key_id(ctx, key);
7797 printf(
"Error creating key in Database\n");
7798 hsm_error_message = hsm_get_error(ctx);
7799 if (hsm_error_message) {
7800 printf(
"%s\n", hsm_error_message);
7801 free(hsm_error_message);
7808 printf(
"Created ZSK size: %i, alg: %i with id: %s in repository: %s and database.\n", policy->
zsk->
bits,
7812 printf(
"Key algorithm %d unsupported by libhsm.\n", policy->
zsk->
algorithm);
7823 printf(
"NOTE: keys generated in repository %s will not become active until they have been backed up\n", policy->
ksk->
sm_name);
7826 printf(
"NOTE: keys generated in repository %s will not become active until they have been backed up\n", policy->
zsk->
sm_name);
7833 hsm_destroy_context(ctx);
7835 status = hsm_close();
7836 printf(
"all done! hsm_close result: %d\n", status);
7851 int keypair_id = -1;
7855 FILE* lock_fd = NULL;
7860 hsm_key_t *key = NULL;
7864 printf(
"Please provide a CKA_ID for the key to delete\n");
7872 printf(
"Failed to connect to database\n");
7880 if (status != 0 || key_state == -1) {
7881 printf(
"Failed to determine the state of the key\n");
7888 if (force_flag == 1) {
7889 printf(
"*WARNING* This will delete a key that the enforcer believes is in use; are you really sure? [y/N] ");
7891 user_certain = getchar();
7892 if (user_certain !=
'y' && user_certain !=
'Y') {
7893 printf(
"Okay, quitting...\n");
7898 printf(
"The enforcer believes that this key is in use, quitting...\n");
7931 if (hsm_flag == 1) {
7933 status = hsm_open(
config, hsm_prompt_pin);
7935 hsm_print_error(NULL);
7940 key = hsm_find_key_by_id(NULL,
o_cka_id);
7943 printf(
"Key not found in HSM: %s\n",
o_cka_id);
7948 status = hsm_remove_key(NULL, key);
7955 printf(
"Key delete successful: %s\n",
o_cka_id);
7957 printf(
"Key delete failed: %s\n",
o_cka_id);
7968 struct stat stat_ret;
7972 xmlDocPtr doc = NULL;
7973 xmlDocPtr rngdoc = NULL;
7974 xmlXPathContextPtr xpathCtx = NULL;
7975 xmlXPathObjectPtr xpathObj = NULL;
7976 xmlRelaxNGParserCtxtPtr rngpctx = NULL;
7977 xmlRelaxNGValidCtxtPtr rngctx = NULL;
7978 xmlRelaxNGPtr schema = NULL;
7979 xmlChar *user_expr = (
unsigned char*)
"//Configuration/Enforcer/Privileges/User";
7980 xmlChar *group_expr = (
unsigned char*)
"//Configuration/Enforcer/Privileges/Group";
7982 char* filename = OPENDNSSEC_CONFIG_FILE;
7983 char* rngfilename = OPENDNSSEC_SCHEMA_DIR
"/conf.rng";
7984 char* temp_char = NULL;
7991 char *username = NULL;
7992 char *groupname = NULL;
7994 printf(
"fixing permissions on file %s\n", dbschema);
7996 if (geteuid() != 0) {
8001 if (stat(dbschema, &stat_ret) != 0) {
8002 printf(
"cannot stat file %s: %s", dbschema, strerror(errno));
8008 doc = xmlParseFile(filename);
8010 printf(
"Error: unable to parse file \"%s\"", filename);
8015 rngdoc = xmlParseFile(rngfilename);
8016 if (rngdoc == NULL) {
8017 printf(
"Error: unable to parse file \"%s\"", rngfilename);
8022 rngpctx = xmlRelaxNGNewDocParserCtxt(rngdoc);
8023 if (rngpctx == NULL) {
8024 printf(
"Error: unable to create XML RelaxNGs parser context");
8029 schema = xmlRelaxNGParse(rngpctx);
8030 if (schema == NULL) {
8031 printf(
"Error: unable to parse a schema definition resource");
8036 rngctx = xmlRelaxNGNewValidCtxt(schema);
8037 if (rngctx == NULL) {
8038 printf(
"Error: unable to create RelaxNGs validation context based on the schema");
8043 status = xmlRelaxNGValidateDoc(rngctx,doc);
8045 printf(
"Error validating file \"%s\"", filename);
8051 xpathCtx = xmlXPathNewContext(doc);
8052 if(xpathCtx == NULL) {
8053 printf(
"Error: unable to create new XPath context");
8059 xpathObj = xmlXPathEvalExpression(group_expr, xpathCtx);
8060 if(xpathObj == NULL) {
8061 printf(
"Error: unable to evaluate xpath expression: %s", group_expr);
8062 xmlXPathFreeContext(xpathCtx);
8066 if (xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
8067 temp_char = (
char*) xmlXPathCastToString(xpathObj);
8070 xmlXPathFreeObject(xpathObj);
8076 xpathObj = xmlXPathEvalExpression(user_expr, xpathCtx);
8077 if(xpathObj == NULL) {
8078 printf(
"Error: unable to evaluate xpath expression: %s", user_expr);
8079 xmlXPathFreeContext(xpathCtx);
8083 if (xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
8084 temp_char = (
char*) xmlXPathCastToString(xpathObj);
8087 xmlXPathFreeObject(xpathObj);
8093 xmlXPathFreeContext(xpathCtx);
8094 xmlRelaxNGFree(schema);
8095 xmlRelaxNGFreeValidCtxt(rngctx);
8096 xmlRelaxNGFreeParserCtxt(rngpctx);
8101 if (username != NULL) {
8103 if ((pwd = getpwnam(username)) == NULL) {
8104 printf(
"user '%s' does not exist. cannot chown %s...\n", username, dbschema);
8113 if ((grp = getgrnam(groupname)) == NULL) {
8114 printf(
"group '%s' does not exist. cannot chown %s...\n", groupname, dbschema);
8123 if (chown(dbschema, uid, gid) == -1) {
8124 printf(
"cannot chown(%u,%u) %s: %s",
8125 (
unsigned) uid, (
unsigned) gid, dbschema, strerror(errno));
8134 if (chown(temp_char, uid, gid) == -1) {
8135 printf(
"cannot chown(%u,%u) %s: %s",
8136 (
unsigned) uid, (
unsigned) gid, temp_char, strerror(errno));
8178 int CountKeys(
int *zone_id,
int keytag,
const char *cka_id,
int *key_count,
char **temp_cka_id,
int *temp_key_state,
int *temp_keypair_id)
8191 int temp_zone_id = 0;
8192 char* temp_loc = NULL;
8195 int temp_keypair = 0;
8200 hsm_key_t *key = NULL;
8201 ldns_rr *dnskey_rr = NULL;
8202 hsm_sign_params_t *sign_params = NULL;
8205 status = hsm_open(
config, hsm_prompt_pin);
8207 hsm_print_error(NULL);
8212 nchar = snprintf(buffer,
sizeof(buffer),
"(%d, %d, %d, %d)",
8214 if (nchar >=
sizeof(buffer)) {
8215 printf(
"Error: Overran buffer in CountKeys\n");
8221 StrAppend(&sql,
"select k.zone_id, k.location, k.algorithm, k.state, k.id from KEYDATA_VIEW k where state in ");
8223 StrAppend(&sql,
" and zone_id is not null and k.keytype = 257");
8225 if (*zone_id != -1) {
8230 if (cka_id != NULL) {
8248 while (status == 0) {
8250 DbInt(row, 0, &temp_zone_id);
8252 DbInt(row, 2, &temp_alg);
8253 DbInt(row, 3, &temp_state);
8254 DbInt(row, 4, &temp_keypair);
8258 if (keytag == -1 && cka_id == NULL)
8260 *temp_key_state = temp_state;
8263 key = hsm_find_key_by_id(NULL, temp_loc);
8265 printf(
"cka_id %-33s in DB but NOT IN repository\n", temp_loc);
8266 }
else if (keytag != -1) {
8267 sign_params = hsm_sign_params_new();
8268 sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME,
"temp_zone");
8269 sign_params->algorithm = temp_alg;
8270 sign_params->flags = LDNS_KEY_ZONE_KEY;
8271 sign_params->flags += LDNS_KEY_SEP_KEY;
8273 dnskey_rr = hsm_get_dnskey(NULL, key, sign_params);
8274 sign_params->keytag = ldns_calc_keytag(dnskey_rr);
8277 if (keytag == sign_params->keytag) {
8280 *temp_cka_id = NULL;
8282 *zone_id = temp_zone_id;
8283 *temp_key_state = temp_state;
8284 *temp_keypair_id = temp_keypair;
8285 printf(
"Found key with CKA_ID %s\n", temp_loc);
8288 hsm_sign_params_free(sign_params);
8290 if (key && cka_id != NULL && strncmp(cka_id, temp_loc, strlen(temp_loc)) == 0) {
8292 if (done_row == 0) {
8294 *temp_cka_id = NULL;
8296 *zone_id = temp_zone_id;
8297 *temp_key_state = temp_state;
8298 *temp_keypair_id = temp_keypair;
8299 printf(
"Found key with CKA_ID %s\n", temp_loc);
8319 *key_count = temp_count;
8326 if (dnskey_rr != NULL) {
8327 ldns_rr_free(dnskey_rr);
8336 int GetKeyState(
const char *cka_id,
int *temp_key_state,
int *temp_keypair_id) {
8344 int temp_keypair = 0;
8346 nchar = snprintf(sql,
sizeof(sql),
"select k.id, k.state from KEYDATA_VIEW k where k.location = '%s'", cka_id);
8347 if (nchar >=
sizeof(sql)) {
8348 printf(
"Error: Overran buffer in CountKeys\n");
8357 while (status == 0) {
8359 DbInt(row, 0, &temp_keypair);
8360 DbInt(row, 1, &temp_state);
8363 if (temp_state == 0) {
8367 *temp_key_state = temp_state;
8368 *temp_keypair_id = temp_keypair;
8410 int MarkDSSeen(
int keypair_id,
int zone_id,
int policy_id,
const char *datetime,
int key_state)
8428 printf(
"Error: failed to read policy\n");
8451 printf(
"DbDateDiff failed\n");
8476 printf(
"DbDateDiff failed\n");
8534 char* where_clause = NULL;
8549 printf(
"Error: failed to read policy\n");
8565 StrAppend(&where_clause,
"select id from KEYDATA_VIEW where state = 4 and keytype = 257 and zone_id = ");
8567 StrAppend(&where_clause,
" order by retire limit 1");
8574 printf(
"Error: failed to find ID of key to retire\n");
8585 printf(
"DbDateDiff failed\n");
8639 char* where_clause = NULL;
8652 printf(
"Error: failed to read policy\n");
8669 StrAppend(&where_clause,
"select id from KEYDATA_VIEW where state = 5 and keytype = 257 and zone_id = ");
8671 StrAppend(&where_clause,
" order by dead limit 1");
8678 printf(
"Error: failed to find ID of key to revoke\n");
8748 if (zone_id != -1) {
8757 printf(
"Error in CountKeysInState\n");
8794 int ChangeKeyState(
int keytype,
const char *cka_id,
int zone_id,
int policy_id,
const char *datetime,
int keystate)
8822 printf(
"Error: failed to read policy\n");
8830 if (zone_id != -1) {
8849 keyids =
MemMalloc(count *
sizeof(
int));
8856 if (zone_id != -1) {
8865 while (status == 0) {
8866 status =
KsmKey(result, &data);
8897 for (j = 0; j < i; ++j) {
8901 snprintf(buffer,
sizeof(buffer),
"%d", keyids[j]);
8926 printf(
"DbDateDiff failed\n");
8938 if (zone_id != -1) {
8958 printf(
"DbDateDiff failed\n");
8970 if (zone_id != -1) {
8983 printf(
"DbDateDiff failed\n");
8995 if (zone_id != -1) {
9026 static int restart_enforcerd()
9030 return system(ODS_EN_NOTIFY);
9042 xmlDocPtr doc = NULL;
9043 xmlXPathContextPtr xpathCtx = NULL;
9044 xmlXPathObjectPtr xpathObj = NULL;
9045 char* temp_char = NULL;
9047 xmlChar *iv_expr = (
unsigned char*)
"//Configuration/Enforcer/Interval";
9048 xmlChar *mk_expr = (
unsigned char*)
"//Configuration/Enforcer/ManualKeyGeneration";
9051 doc = xmlParseFile(
config);
9053 printf(
"Error: unable to parse file \"%s\"\n",
config);
9058 xpathCtx = xmlXPathNewContext(doc);
9059 if(xpathCtx == NULL) {
9060 printf(
"Error: unable to create new XPath context\n");
9066 xpathObj = xmlXPathEvalExpression(iv_expr, xpathCtx);
9067 if(xpathObj == NULL) {
9068 printf(
"Error: unable to evaluate xpath expression: %s", iv_expr);
9069 xmlXPathFreeContext(xpathCtx);
9074 temp_char = (
char *)xmlXPathCastToString(xpathObj);
9077 printf(
"Error: unable to convert Interval %s to seconds, error: %i\n", temp_char, status);
9081 else if (status == -1) {
9082 printf(
"Info: converting %s to seconds; M interpreted as 31 days, Y interpreted as 365 days\n", temp_char);
9086 xmlXPathFreeObject(xpathObj);
9089 xpathObj = xmlXPathEvalExpression(mk_expr, xpathCtx);
9090 if(xpathObj == NULL) {
9091 printf(
"Error: unable to evaluate xpath expression: %s\n", mk_expr);
9092 xmlXPathFreeContext(xpathCtx);
9097 if (xpathObj->nodesetval != NULL && xpathObj->nodesetval->nodeNr > 0) {
9105 xmlXPathFreeObject(xpathObj);
9108 xmlXPathFreeContext(xpathCtx);
9148 int man_key_gen = -1;
9159 printf(
"Failed to Link Keys to zone\n");
9169 if (policy == NULL) {
9170 printf(
"Malloc for policy struct failed\n");
9180 printf(
"Error: unable to read policy %s from database\n",
o_policy);
9185 printf(
"Error: policy %s doesn't exist in database\n",
o_policy);
9193 printf(
"Error allocating zsks to zone %s", zone_name);
9199 printf(
"Error allocating ksks to zone %s", zone_name);
9241 int keys_needed = 0;
9242 int keys_in_queue = 0;
9243 int keys_pending_retirement = 0;
9245 int key_pair_id = 0;
9252 if (datetime == NULL) {
9253 printf(
"Couldn't turn \"now\" into a date, quitting...");
9257 if (policy == NULL) {
9258 printf(
"NULL policy sent to allocateKeysToZone");
9264 printf(
"Unknown keytype: %i in allocateKeysToZone", key_type);
9278 status =
KsmKeyPredict(policy->
id, key_type, 1, interval, &keys_needed, rollover_scheme, 1);
9280 printf(
"Could not predict key requirement for next interval for %s", zone_name);
9288 printf(
"Could not count current key numbers for zone %s", zone_name);
9296 printf(
"Could not count keys which may retire before the next run (for zone %s)", zone_name);
9302 new_keys = keys_needed - (keys_in_queue - keys_pending_retirement);
9308 for (i=0 ; i < new_keys ; i++){
9312 if (status == -1 || key_pair_id == 0) {
9313 if (man_key_gen == 0) {
9314 printf(
"Not enough keys to satisfy ksk policy for zone: %s. keys_to_allocate(%d) = keys_needed(%d) - (keys_available(%d) - keys_pending_retirement(%d))\n", zone_name, new_keys, keys_needed, keys_in_queue, keys_pending_retirement);
9315 printf(
"Tried to allocate %d keys, failed on allocating key number %d", new_keys, i+1);
9316 printf(
"ods-enforcerd will create some more keys on its next run");
9319 printf(
"Not enough keys to satisfy ksk policy for zone: %s. keys_to_allocate(%d) = keys_needed(%d) - (keys_available(%d) - keys_pending_retirement(%d))\n", zone_name, new_keys, keys_needed, keys_in_queue, keys_pending_retirement);
9320 printf(
"Tried to allocate %d keys, failed on allocating key number %d", new_keys, i+1);
9321 printf(
"please use \"ods-ksmutil key generate\" to create some more keys.");
9325 else if (status != 0) {
9326 printf(
"Could not get an unallocated ksk for zone: %s", zone_name);
9331 if (status == -1 || key_pair_id == 0) {
9332 if (man_key_gen == 0) {
9333 printf(
"Not enough keys to satisfy zsk policy for zone: %s. keys_to_allocate(%d) = keys_needed(%d) - (keys_available(%d) - keys_pending_retirement(%d))\n", zone_name, new_keys, keys_needed, keys_in_queue, keys_pending_retirement);
9334 printf(
"Tried to allocate %d keys, failed on allocating key number %d", new_keys, i+1);
9335 printf(
"ods-enforcerd will create some more keys on its next run");
9338 printf(
"Not enough keys to satisfy zsk policy for zone: %s. keys_to_allocate(%d) = keys_needed(%d) - (keys_available(%d) - keys_pending_retirement(%d))\n", zone_name, new_keys, keys_needed, keys_in_queue, keys_pending_retirement);
9339 printf(
"Tried to allocate %d keys, failed on allocating key number %d", new_keys, i+1);
9340 printf(
"please use \"ods-ksmutil key generate\" to create some more keys.");
9344 else if (status != 0) {
9345 printf(
"Could not get an unallocated zsk for zone: %s", zone_name);
9349 if(key_pair_id > 0) {
9356 printf(
"KsmKeyGetUnallocated returned bad key_id %d for zone: %s; exiting...", key_pair_id, zone_name);
9360 printf(
"%s key allocation for zone %s: %d key(s) allocated\n", key_type ==
KSM_TYPE_KSK ?
"KSK" :
"ZSK", zone_name, new_keys);
9384 int keyRoll(
int zone_id,
int policy_id,
int key_type)
9397 int temp_zone_id = -1;
9403 char* insql1 = NULL;
9404 char* insql2 = NULL;
9410 if (datetime == NULL) {
9411 printf(
"Couldn't turn \"now\" into a date, quitting...\n");
9419 if (zone_id != -1) {
9422 if (policy_id != -1) {
9426 if (key_type != -1) {
9435 while (status == 0) {
9437 DbInt(row, 0, &temp_id);
9438 DbInt(row, 1, &temp_type);
9442 DusSetInt(&sql1,
"compromisedflag", 1, 1);
9503 size = snprintf(sql2,
KSM_SQL_SIZE,
"select zone_id from dnsseckeys where retire = \"%s\" and keypair_id = %d", datetime, temp_id);
9507 while (status == 0) {
9509 DbInt(row2, 0, &temp_zone_id);
9514 snprintf(buffer,
sizeof(buffer),
"%d", temp_zone_id);
9537 while (status == 0) {
9539 DbInt(row2, 0, &temp_zone_id);
9544 snprintf(buffer,
sizeof(buffer),
"%d", temp_zone_id);
9566 printf(
"Couldn't construct SQL to promote standby key\n");
9637 else if (status == -1) {}
9652 xmlNodePtr zone_node;
9653 xmlNodePtr adapters_node;
9654 xmlNodePtr input_node;
9655 xmlNodePtr in_ad_node;
9656 xmlNodePtr output_node;
9657 xmlNodePtr out_ad_node;
9659 root = xmlDocGetRootElement(doc);
9661 fprintf(stderr,
"empty document\n");
9664 if (xmlStrcmp(root->name, (
const xmlChar *)
"ZoneList")) {
9665 fprintf(stderr,
"document of the wrong type, root node != %s",
"ZoneList");
9669 zone_node = xmlNewTextChild(root, NULL, (
const xmlChar *)
"Zone", NULL);
9670 (void) xmlNewProp(zone_node, (
const xmlChar *)
"name", (
const xmlChar *)zone->
name);
9673 (void) xmlNewTextChild(zone_node, NULL, (
const xmlChar *)
"Policy", (
const xmlChar *)zone->
policy_name);
9676 (void) xmlNewTextChild(zone_node, NULL, (
const xmlChar *)
"SignerConfiguration", (
const xmlChar *)zone->
signconf);
9679 adapters_node = xmlNewTextChild(zone_node, NULL, (
const xmlChar *)
"Adapters", NULL);
9681 input_node = xmlNewTextChild(adapters_node, NULL, (
const xmlChar *)
"Input", NULL);
9682 in_ad_node = xmlNewTextChild (input_node, NULL, (
const xmlChar *)
"Adapter", (
const xmlChar *)zone->
input);
9684 if (zone->
in_type[0] ==
'\0') {
9685 (void) xmlNewProp(in_ad_node, (
const xmlChar *)
"type", (
const xmlChar *)
"File");
9687 (void) xmlNewProp(in_ad_node, (
const xmlChar *)
"type", (
const xmlChar *)zone->
in_type);
9691 output_node = xmlNewTextChild(adapters_node, NULL, (
const xmlChar *)
"Output", NULL);
9692 out_ad_node = xmlNewTextChild (output_node, NULL, (
const xmlChar *)
"Adapter", (
const xmlChar *)zone->
output);
9695 (void) xmlNewProp(out_ad_node, (
const xmlChar *)
"type", (
const xmlChar *)
"File");
9697 (void) xmlNewProp(out_ad_node, (
const xmlChar *)
"type", (
const xmlChar *)zone->
out_type);
9711 len = strlen(
string);
9713 for (i = 0; i < len; ++i) {
9714 if (
string[i] ==
'\'') {
9719 buffer[j++] =
string[i];
9723 return ( (j <= buflen) ? 0 : 1);
9728 char* signconf = NULL;
9729 char* moved_signconf = NULL;
9730 char* zone_name = NULL;
9734 xmlDocPtr doc = NULL;
9736 xmlXPathContextPtr xpathCtx = NULL;
9737 xmlXPathObjectPtr xpathObj = NULL;
9739 xmlChar *node_expr = (
unsigned char*)
"//Zone";
9741 doc = xmlParseFile(zonelist_filename);
9743 printf(
"Error: unable to parse file \"%s\"\n", zonelist_filename);
9747 xpathCtx = xmlXPathNewContext(doc);
9748 if(xpathCtx == NULL) {
9754 xpathObj = xmlXPathEvalExpression(node_expr, xpathCtx);
9755 if(xpathObj == NULL) {
9756 xmlXPathFreeContext(xpathCtx);
9761 if (xpathObj->nodesetval) {
9762 for (i = 0; i < xpathObj->nodesetval->nodeNr; i++) {
9764 curNode = xpathObj->nodesetval->nodeTab[i]->xmlChildrenNode;
9765 zone_name = (
char *) xmlGetProp(xpathObj->nodesetval->nodeTab[i], (
const xmlChar *)
"name");
9767 if (all_flag || (strlen(zone_name) == strlen(o_zone) &&
9768 strncmp(zone_name, o_zone, strlen(zone_name)) == 0)) {
9772 if (xmlStrEqual(curNode->name, (
const xmlChar *)
"SignerConfiguration")) {
9773 StrAppend(&signconf, (
char *) xmlNodeGetContent(curNode));
9775 StrAppend(&moved_signconf,
".ZONE_DELETED");
9777 status = rename(signconf, moved_signconf);
9778 if (status != 0 && errno != ENOENT)
9781 printf(
"Could not rename: %s -> %s", signconf, moved_signconf);
9791 curNode = curNode->next;
9827 char* temp_zone = NULL;
9828 int temp_policy = 0;
9829 char* temp_location = NULL;
9836 hsm_key_t *key = NULL;
9837 ldns_rr *dnskey_rr = NULL;
9838 hsm_sign_params_t *sign_params = NULL;
9842 char* ds_buffer = NULL;
9845 status = hsm_open(
config, hsm_prompt_pin);
9847 hsm_print_error(NULL);
9852 "select name, kv.policy_id, location, algorithm from KEYDATA_VIEW kv, zones z where keytype = 257 and state in (3,7) and zone_id = z.id ");
9853 if (zone_id != -1) {
9866 while (status == 0) {
9869 DbInt(row, 1, &temp_policy);
9871 DbInt(row, 3, &temp_algo);
9874 key = hsm_find_key_by_id(NULL, temp_location);
9877 printf(
"Key %s in DB but not repository.", temp_location);
9886 printf(
"\n*** Found DNSKEY RECORD involved with rollover:\n");
9888 sign_params = hsm_sign_params_new();
9889 sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, temp_zone);
9890 sign_params->algorithm = temp_algo;
9891 sign_params->flags = LDNS_KEY_ZONE_KEY;
9892 sign_params->flags += LDNS_KEY_SEP_KEY;
9893 dnskey_rr = hsm_get_dnskey(NULL, key, sign_params);
9898 ldns_rr_set_ttl(dnskey_rr, rrttl);
9901 ds_buffer = ldns_rr2str(dnskey_rr);
9902 ldns_rr_free(dnskey_rr);
9905 for (i = 0; ds_buffer[i]; ++i) {
9906 if (ds_buffer[i] ==
'\t') {
9912 printf(
"%s", ds_buffer);
9913 printf(
"\nOnce the DS record for this DNSKEY is seen in DNS you can issue the ds-seen command for zone %s with the cka_id %s\n", temp_zone, temp_location);
9918 temp_location = NULL;
9921 hsm_sign_params_free(sign_params);
void DbFreeResult(DB_RESULT result)
int KsmCheckHSMkeyID(int repo_id, const char *cka_id, int *exists)
int LinkKeys(const char *zone_name, int policy_id)
int KsmPolicyInit(DB_RESULT *handle, const char *name)
char name[KSM_NAME_LENGTH]
unsigned long sm_capacity
int update_policies(char *kasp_filename)
void db_disconnect(FILE *lock_fd)
char name[KSM_ZONE_NAME_LENGTH]
int release_lite_lock(FILE *lock_fd)
int KsmZoneIdAndPolicyFromName(const char *zone_name, int *policy_id, int *zone_id)
int StrIsDigits(const char *string)
void DusConditionKeyword(char **query, const char *field, DQS_COMPARISON compare, const char *value, int clause)
xmlDocPtr add_zone_node(const char *docname, const char *zone_name, const char *policy_name, const char *sig_conf_name, const char *input_name, const char *output_name, const char *input_type, const char *output_type)
char signconf[KSM_PATH_LENGTH]
int DbFetchRow(DB_RESULT result, DB_ROW *row)
void SetPolicyDefaults(KSM_POLICY *policy, char *name)
int KsmPolicy(DB_RESULT handle, KSM_POLICY *data)
char * DqsSpecifyInit(const char *table, const char *fields)
char location[KSM_NAME_LENGTH]
int KsmKeywordTypeNameToValue(const char *name)
void usage_policyimport()
int KsmMarkPreBackup(int repo_id, const char *datetime)
int KsmKeyCountQueue(int keytype, int *count, int zone_id)
KSM_POLICY * KsmPolicyAlloc()
#define KSM_PAR_ZSKTTL_CAT
int KsmParameter(DB_RESULT result, KSM_PARAMETER *data)
KSM_COMMON_KEY_POLICY * keys
int ShellQuoteString(const char *string, char *buffer, size_t buflen)
int KsmZoneInit(DB_RESULT *handle, int policy_id)
int ListKeys(int zone_id)
int KsmParameterCollection(KSM_PARCOLL *data, int policy_id)
int KsmSerialIdFromName(const char *name, int *id)
int RevokeOldKey(int zone_id, int policy_id, const char *datetime)
int main(int argc, char *argv[])
char retire[KSM_TIME_LENGTH]
int KsmPolicySetIdFromName(KSM_POLICY *policy)
int get_db_details(char **dbschema, char **host, char **port, char **user, char **password)
xmlDocPtr del_zone_node(const char *docname, const char *zone_name)
void DqsConditionKeyword(char **query, const char *field, DQS_COMPARISON compare, const char *value, int index)
int get_policy_name_from_id(KSM_ZONE *zone)
int KsmKeyPairCreate(int policy_id, const char *HSMKeyID, int smID, int size, int alg, const char *generate, DB_ID *id)
int KsmImportZone(const char *zone_name, int policy_id, int fail_if_exists, int *new_zone, const char *signconf, const char *input, const char *output, const char *input_type, const char *output_type)
int KsmZone(DB_RESULT handle, KSM_ZONE *data)
int KsmKeywordRollNameToValue(const char *name)
void list_zone_node(const char *docname, int *zone_ids)
void DqsOrderBy(char **query, const char *field)
int KsmZoneCount(DB_RESULT handle, int *count)
char sm_name[KSM_NAME_LENGTH]
int MsgLog(int status,...)
int get_conf_key_info(int *interval, int *man_key_gen)
int KsmRollbackMarkPreBackup(int repo_id)
int KsmPolicyRead(KSM_POLICY *policy)
int cmd_control(char *command)
void usage_policyexport()
void DusSetInt(char **sql, const char *field, int data, int clause)
int append_policy(xmlDocPtr doc, KSM_POLICY *policy)
void DqsFree(char *query)
int keyRoll(int zone_id, int policy_id, int key_type)
#define KSM_STATE_KEYPUBLISH
void DdsFree(char *query)
void DusConditionInt(char **query, const char *field, DQS_COMPARISON compare, int value, int clause)
const char * KsmKeywordStateValueToName(int value)
char * DqsCountInit(const char *table)
int KsmPolicyIdFromName(const char *name, int *id)
int DbString(DB_ROW row, int field_index, char **result)
#define KSM_PAR_DSTTL_CAT
int KsmSmIdFromName(const char *name, int *id)
char * StrStrdup(const char *string)
void DqsConditionInt(char **query, const char *field, DQS_COMPARISON compare, int value, int index)
void DdsConditionInt(char **query, const char *field, DQS_COMPARISON compare, int value, int index)
#define KSM_PAR_ZSKTTL_STRING
int KsmPolicyIdFromZoneId(int zone_id, int *policy_id)
int SetParamOnPolicy(const xmlChar *new_value, const char *name, const char *category, int current_value, int policy_id, int value_type)
char * DdsInit(const char *table)
int DtGeneral(const char *string, struct tm *datetime)
char * DtParseDateTimeString(const char *string)
#define KSM_STATE_DSPUBLISH
KSM_PARENT_POLICY * parent
char output[KSM_PATH_LENGTH]
void ksm_log_msg(const char *format)
KSM_DENIAL_POLICY * denial
int backup_file(const char *orig_file, const char *backup_file)
int printKey(void *context, KSM_KEYDATA *key_data)
int KsmZoneIdFromName(const char *zone_name, int *zone_id)
int KsmListRollovers(int zone_id, int *ds_count)
int KsmParameterValue(const char *name, const char *category, int *value, int policy_id, int *parameter_id)
int KsmKeyInitSql(DB_RESULT *result, const char *sql)
int GetKeyState(const char *cka_id, int *temp_key_state, int *temp_keypair_id)
int KsmCollectionInit(KSM_PARCOLL *data)
int update_repositories()
#define DB_KEYDATA_FIELDS
const char * DbErrmsg(DB_HANDLE handle)
int KsmImportPolicy(const char *policy_name, const char *policy_description)
char policy_name[KSM_NAME_LENGTH]
void KsmPolicyFree(KSM_POLICY *policy)
void DbFreeRow(DB_ROW row)
int KsmKey(DB_RESULT result, KSM_KEYDATA *data)
void MsgRegister(int min, int max, const char **message, MSG_OUTPUT_FUNCTION output)
KSM_SIGNER_POLICY * signer
size_t StrToLower(char *text)
int cmd_update(const char *qualifier)
char input[KSM_PATH_LENGTH]
int DbDisconnect(DB_HANDLE dbhandle)
int KsmPolicyUpdateDesc(int policy_id, const char *policy_description)
int KsmKeyPredict(int policy_id, int keytype, int shared_keys, int interval, int *count, int rollover_scheme, int zone_count)
int KsmMarkKeysAsDead(int zone_id)
int read_zonelist_filename(char **zone_list_filename)
const char * KsmKeywordSerialValueToName(int value)
int KsmPolicyNullSaltStamp(int policy_id)
int DbExecuteSql(DB_HANDLE handle, const char *stmt_str, DB_RESULT *result)
#define KSM_POLICY_DESC_LENGTH
int DbStringBuffer(DB_ROW row, int field_index, char *buffer, size_t buflen)
int PurgeKeys(int zone_id, int policy_id)
void StrAppend(char **str1, const char *str2)
int StrStrtoi(const char *string, int *value)
int ChangeKeyState(int keytype, const char *cka_id, int zone_id, int policy_id, const char *datetime, int keystate)
int DbIntQuery(DB_HANDLE handle, int *value, const char *query)
void usage_keykskretire()
#define KSM_PAR_KSKTTL_CAT
#define KSM_STATE_PUBLISH
int DbDateDiff(const char *start, int delta, int sign, char *buffer, size_t buflen)
#define KSM_PAR_DSTTL_STRING
int KsmDeleteZone(int zone_id)
int allocateKeysToZone(KSM_POLICY *policy, int key_type, int zone_id, uint16_t interval, const char *zone_name, int man_key_gen, int rollover_scheme)
int KsmZoneNameFromId(int zone_id, char **zone_name)
char * DusInit(const char *table)
#define DEFAULT_LOG_FACILITY
int read_filenames(char **zone_list_filename, char **kasp_filename)
int CountKeysInState(int keytype, int keystate, int *count, int zone_id)
void KsmParameterEnd(DB_RESULT result)
int KsmImportKeyPair(int policy_id, const char *HSMKeyID, int smID, int size, int alg, int state, const char *time, int fixDate, DB_ID *id)
int cmd_backup(const char *qualifier)
int RetireOldKey(int zone_id, int policy_id, const char *datetime)
int KsmKeyGetUnallocated(int policy_id, int sm, int bits, int algorithm, int zone_id, int share_keys, int *keypair_id)
int db_connect(DB_HANDLE *dbhandle, FILE **lock_fd, int backup)
int append_zone(xmlDocPtr doc, KSM_ZONE *zone)
int KsmDnssecKeyCreate(int zone_id, int keypair_id, int keytype, int state, int rfc5011, const char *time, const char *retTime, DB_ID *id)
int KsmParameterInit(DB_RESULT *result, const char *name, const char *category, int policy_id)
xmlDocPtr del_policy_node(const char *docname, const char *policy_name)
int KsmPolicyExists(const char *name)
int fix_file_perms(const char *dbschema)
#define KSM_PAR_KSKTTL_STRING
int rename_signconf(const char *zonelist_filename, const char *o_zone)
int KsmRequestPendingRetireCount(int keytype, const char *datetime, KSM_PARCOLL *parameters, int *count, int zone_id, int interval)
int KsmZoneCountInit(DB_RESULT *handle, int id)
void DdsEnd(char **query)
int KsmParameterSet(const char *name, const char *category, int value, int policy_id)
KSM_ENFORCER_POLICY * enforcer
int KsmImportRepository(const char *repo_name, const char *repo_capacity, int require_backup)
int KsmKeywordAlgorithmNameToValue(const char *name)
char in_type[KSM_ADAPTER_NAME_LENGTH]
int DbInt(DB_ROW row, int field_index, int *value)
void * MemMalloc(size_t size)
int DtNow(struct tm *datetime)
char out_type[KSM_ADAPTER_NAME_LENGTH]
int KsmListBackups(int repo_id, int verbose_flag)
#define KSM_STATE_DSREADY
int DtXMLIntervalSeconds(const char *text, int *interval)
size_t StrToUpper(char *text)
void KsmKeyEnd(DB_RESULT result)
int get_lite_lock(char *lock_filename, FILE *lock_fd)
int KsmMarkBackup(int repo_id, const char *datetime)
#define KSM_STATE_GENERATE
void DusSetString(char **sql, const char *field, const char *data, int clause)
int MarkDSSeen(int keypair_id, int zone_id, int policy_id, const char *datetime, int key_state)
void DqsEnd(char **query)
void usage_keykskrevoke()
int DbBeginTransaction(void)
int DbExecuteSqlNoResult(DB_HANDLE handle, const char *stmt_str)
void DqsConditionString(char **query, const char *field, DQS_COMPARISON compare, const char *value, int index)
int KsmKeyCountStillGood(int policy_id, int sm, int bits, int algorithm, int interval, const char *datetime, int *count, int keytype)
int update_zones(char *zone_list_filename)
int CountKeys(int *zone_id, int keytag, const char *cka_id, int *key_count, char **temp_cka_id, int *temp_key_state, int *temp_keypair_id)
KSM_SIGNATURE_POLICY * signature
int DbConnect(DB_HANDLE *dbhandle, const char *database,...)
void DbStringFree(char *string)