31 #include "clientpipe.h" 39 #include <libxml/parser.h> 40 #include <libxml/tree.h> 100 ret = signconf_export(sockfd, policy, zone, force);
120 static int __free(
char **p) {
139 duration_type* duration;
140 char* duration_text = NULL;
158 if (snprintf(path,
sizeof(path),
"%s.new",
zone_signconf_path(zone)) >= (
int)
sizeof(path)) {
159 ods_log_error(
"[signconf_export] Unable to write updated XML for zone %s, path to long!",
zone_name(zone));
160 if (sockfd > -1) client_printf_err(sockfd,
"Unable to write updated XML for zone %s, path to long!\n",
zone_name(zone));
164 if (!(duration = duration_create())) {
165 ods_log_error(
"[signconf_export] Unable to process signconf for zone %s, memory allocation error!",
zone_name(zone));
166 if (sockfd > -1) client_printf_err(sockfd,
"Unable to process signconf for zone %s, memory allocation error!\n",
zone_name(zone));
170 if (!(doc = xmlNewDoc((xmlChar*)
"1.0"))
171 || !(root = xmlNewNode(NULL, (xmlChar*)
"SignerConfiguration"))
172 || !(node = xmlNewChild(root, NULL, (xmlChar*)
"Zone", NULL)))
174 ods_log_error(
"[signconf_export] Unable to create XML elements for zone %s, memory allocation error!",
zone_name(zone));
175 if (sockfd > -1) client_printf_err(sockfd,
"Unable to create XML elements for zone %s, memory allocation error!\n",
zone_name(zone));
179 duration_cleanup(duration);
183 xmlDocSetRootElement(doc, root);
186 if (!xmlNewProp(node, (xmlChar*)
"name", (xmlChar*)
zone_name(zone))
188 || (
policy_passthrough(policy) && !(node2 = xmlNewChild(node, NULL, (xmlChar*)
"Passthrough", NULL)))
190 || !(node2 = xmlNewChild(node, NULL, (xmlChar*)
"Signatures", NULL))
193 || !(duration_text = duration2string(duration))
194 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Resign", (xmlChar*)duration_text))
195 || __free(&duration_text)
198 || !(duration_text = duration2string(duration))
199 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Refresh", (xmlChar*)duration_text))
200 || __free(&duration_text)
202 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Validity", NULL))
205 || !(duration_text = duration2string(duration))
206 || !(node4 = xmlNewChild(node3, NULL, (xmlChar*)
"Default", (xmlChar*)duration_text))
207 || __free(&duration_text)
210 || !(duration_text = duration2string(duration))
211 || !(node4 = xmlNewChild(node3, NULL, (xmlChar*)
"Denial", (xmlChar*)duration_text))
212 || __free(&duration_text)
216 || !(duration_text = duration2string(duration))
217 || !(node4 = xmlNewChild(node3, NULL, (xmlChar*)
"Keyset", (xmlChar*)duration_text))
218 || __free(&duration_text)
219 || !(error = 100) : 0)
221 || !(duration_text = duration2string(duration))
222 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Jitter", (xmlChar*)duration_text))
223 || __free(&duration_text)
226 || !(duration_text = duration2string(duration))
227 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"InceptionOffset", (xmlChar*)duration_text))
228 || __free(&duration_text)
232 || !(duration_text = duration2string(duration))
233 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"MaxZoneTTL", (xmlChar*)duration_text))
234 || __free(&duration_text)))
237 || !(node2 = xmlNewChild(node, NULL, (xmlChar*)
"Denial", NULL))
240 && !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"NSEC", NULL)))
243 && (!(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"NSEC3", NULL))
247 || !(duration_text = duration2string(duration))
248 || !(node4 = xmlNewChild(node3, NULL, (xmlChar*)
"TTL", (xmlChar*)duration_text))
249 || __free(&duration_text)))
252 && !(node4 = xmlNewChild(node3, NULL, (xmlChar*)
"OptOut", NULL)))
254 || !(node4 = xmlNewChild(node3, NULL, (xmlChar*)
"Hash", NULL))
257 || !(node5 = xmlNewChild(node4, NULL, (xmlChar*)
"Algorithm", (xmlChar*)text))
260 || !(node5 = xmlNewChild(node4, NULL, (xmlChar*)
"Iterations", (xmlChar*)text))
262 || !(node5 = xmlNewChild(node4, NULL, (xmlChar*)
"Salt", (xmlChar*)
policy_denial_salt(policy)))))
265 || !(keys = xmlNewChild(node, NULL, (xmlChar*)
"Keys", NULL))
268 || !(duration_text = duration2string(duration))
269 || !(node3 = xmlNewChild(keys, NULL, (xmlChar*)
"TTL", (xmlChar*)duration_text))
270 || __free(&duration_text)
273 || !(node2 = xmlNewChild(node, NULL, (xmlChar*)
"SOA", NULL))
276 || !(duration_text = duration2string(duration))
277 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"TTL", (xmlChar*)duration_text))
278 || __free(&duration_text)
281 || !(duration_text = duration2string(duration))
282 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Minimum", (xmlChar*)duration_text))
283 || __free(&duration_text)
288 ods_log_error(
"[signconf_export] Unable to create XML elements for zone %s! [%d]",
zone_name(zone), error);
289 if (sockfd > -1) client_printf_err(sockfd,
"Unable to create XML elements for zone %s!\n",
zone_name(zone));
290 __free(&duration_text);
291 duration_cleanup(duration);
295 __free(&duration_text);
296 duration_cleanup(duration);
300 if (sockfd > -1) client_printf_err(sockfd,
"Unable to get keys for zone %s!\n",
zone_name(zone));
308 if (sockfd > -1) client_printf_err(sockfd,
"Unable to get HSM key from database for zone %s!\n",
zone_name(zone));
314 if (!(node2 = xmlNewChild(keys, NULL, (xmlChar*)
"Key", NULL))
317 && !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Flags", (xmlChar*)
"256")))
320 && !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Flags", (xmlChar*)
"257")))
322 || snprintf(text,
sizeof(text),
"%u",
key_data_algorithm(key_data)) >= (
int)
sizeof(text)
324 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Algorithm", (xmlChar*)text))
326 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Locator",(xmlChar*)
hsm_key_locator(hsm_key)))
331 && !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"KSK", NULL)))
336 && !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"ZSK", NULL)))
339 && !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Publish", NULL)))
345 ods_log_error(
"[signconf_export] Unable to create key XML elements for zone %s! [%d]",
zone_name(zone), error);
346 if (sockfd > -1) client_printf_err(sockfd,
"Unable to create key XML elements for zone %s!\n",
zone_name(zone));
357 if (xmlSaveFormatFileEnc(path, doc,
"UTF-8", 1) == -1) {
359 if (sockfd > -1) client_printf_err(sockfd,
"Unable to write signconf for zone %s, LibXML error!\n",
zone_name(zone));
365 if (
check_rng(path, OPENDNSSEC_SCHEMA_DIR
"/signconf.rng", 0)) {
366 ods_log_error(
"[signconf_export] Unable to validate the exported signconf XML for zone %s!",
zone_name(zone));
367 if (sockfd > -1) client_printf_err(sockfd,
"Unable to validate the exported signconf XML for zone %s!\n",
zone_name(zone));
373 if (sockfd > -1) client_printf_err(sockfd,
"Unable to write signconf for zone %s, rename failed!\n",
zone_name(zone));
#define SIGNCONF_EXPORT_ERR_MEMORY
const char * zone_signconf_path(const zone_t *zone)
const db_value_t * zone_policy_id(const zone_t *zone)
hsm_key_t * key_data_get_hsm_key(const key_data_t *key_data)
#define SIGNCONF_EXPORT_ERR_XML
#define SIGNCONF_EXPORT_OK
unsigned int key_data_publish(const key_data_t *key_data)
unsigned int key_data_active_zsk(const key_data_t *key_data)
#define SIGNCONF_EXPORT_ERR_ARGS
int zone_update(zone_t *zone)
policy_t * zone_get_policy(const zone_t *zone)
unsigned int policy_signatures_max_zone_ttl(const policy_t *policy)
void zone_list_free(zone_list_t *zone_list)
unsigned int policy_denial_algorithm(const policy_t *policy)
unsigned int policy_signatures_refresh(const policy_t *policy)
key_data_list_t * zone_get_keys(const zone_t *zone)
unsigned int policy_signatures_validity_default(const policy_t *policy)
int zone_set_signconf_needs_writing(zone_t *zone, unsigned int signconf_needs_writing)
void ods_log_error(const char *format,...)
unsigned int policy_signatures_validity_denial(const policy_t *policy)
unsigned int policy_passthrough(const policy_t *policy)
unsigned int policy_signatures_jitter(const policy_t *policy)
int check_rng(const char *filename, const char *rngfilename, int verbose)
unsigned int policy_signatures_inception_offset(const policy_t *policy)
void zone_free(zone_t *zone)
unsigned int policy_denial_iterations(const policy_t *policy)
int db_value_cmp(const db_value_t *value_a, const db_value_t *value_b, int *result)
zone_list_t * zone_list_new(const db_connection_t *connection)
unsigned int policy_zone_soa_ttl(const policy_t *policy)
void policy_free(policy_t *policy)
unsigned int zone_signconf_needs_writing(const zone_t *zone)
const key_data_t * key_data_list_next(key_data_list_t *key_data_list)
const char * hsm_key_locator(const hsm_key_t *hsm_key)
const char * policy_zone_soa_serial_text(const policy_t *policy)
const char * zone_name(const zone_t *zone)
unsigned int policy_denial_ttl(const policy_t *policy)
#define SIGNCONF_EXPORT_NO_CHANGE
zone_t * zone_list_get_next(zone_list_t *zone_list)
unsigned int policy_denial_optout(const policy_t *policy)
void key_data_list_free(key_data_list_t *key_data_list)
int zone_list_get(zone_list_t *zone_list)
int signconf_export_all(int sockfd, const db_connection_t *connection, int force)
void hsm_key_free(hsm_key_t *hsm_key)
unsigned int key_data_active_ksk(const key_data_t *key_data)
unsigned int key_data_algorithm(const key_data_t *key_data)
const char * policy_denial_salt(const policy_t *policy)
#define SIGNCONF_EXPORT_ERR_FILE
unsigned int policy_signatures_validity_keyset(const policy_t *policy)
const db_value_t * policy_id(const policy_t *policy)
unsigned int policy_zone_soa_minimum(const policy_t *policy)
#define SIGNCONF_EXPORT_ERR_DATABASE
unsigned int policy_keys_ttl(const policy_t *policy)
unsigned int policy_signatures_resign(const policy_t *policy)