31 #include "clientpipe.h"
39 #include <libxml/parser.h>
40 #include <libxml/tree.h>
65 ods_log_error(
"[signconf_export] Unable to fetch zone %s from"
66 " database", zonename);
71 ods_log_error(
"[signconf_export] Unable to fetch policy for zone"
72 " %s from database", zonename);
78 ret = signconf_xml_export(-1,
policy, zone, 1);
128 ret = signconf_xml_export(sockfd,
policy, zone, force);
148 static int __free(
char **p) {
167 duration_type* duration;
168 char* duration_text = NULL;
187 ods_log_error(
"[signconf_export] Unable to write updated XML for zone %s, path to long!",
zone_db_name(zone));
188 if (sockfd > -1) client_printf_err(sockfd,
"Unable to write updated XML for zone %s, path to long!\n",
zone_db_name(zone));
192 if (!(duration = duration_create())) {
193 ods_log_error(
"[signconf_export] Unable to process signconf for zone %s, memory allocation error!",
zone_db_name(zone));
194 if (sockfd > -1) client_printf_err(sockfd,
"Unable to process signconf for zone %s, memory allocation error!\n",
zone_db_name(zone));
198 if (!(doc = xmlNewDoc((xmlChar*)
"1.0"))
199 || !(root = xmlNewNode(NULL, (xmlChar*)
"SignerConfiguration"))
200 || !(node = xmlNewChild(root, NULL, (xmlChar*)
"Zone", NULL)))
202 ods_log_error(
"[signconf_export] Unable to create XML elements for zone %s, memory allocation error!",
zone_db_name(zone));
203 if (sockfd > -1) client_printf_err(sockfd,
"Unable to create XML elements for zone %s, memory allocation error!\n",
zone_db_name(zone));
207 duration_cleanup(duration);
211 xmlDocSetRootElement(doc, root);
214 if (!xmlNewProp(node, (xmlChar*)
"name", (xmlChar*)
zone_db_name(zone))
218 || !(node2 = xmlNewChild(node, NULL, (xmlChar*)
"Signatures", NULL))
221 || !(duration_text = duration2string(duration))
222 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Resign", (xmlChar*)duration_text))
223 || __free(&duration_text)
226 || !(duration_text = duration2string(duration))
227 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Refresh", (xmlChar*)duration_text))
228 || __free(&duration_text)
230 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Validity", NULL))
233 || !(duration_text = duration2string(duration))
234 || !(node4 = xmlNewChild(node3, NULL, (xmlChar*)
"Default", (xmlChar*)duration_text))
235 || __free(&duration_text)
238 || !(duration_text = duration2string(duration))
239 || !(node4 = xmlNewChild(node3, NULL, (xmlChar*)
"Denial", (xmlChar*)duration_text))
240 || __free(&duration_text)
244 || !(duration_text = duration2string(duration))
245 || !(node4 = xmlNewChild(node3, NULL, (xmlChar*)
"Keyset", (xmlChar*)duration_text))
246 || __free(&duration_text)
247 || !(error = 100) : 0)
249 || !(duration_text = duration2string(duration))
250 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Jitter", (xmlChar*)duration_text))
251 || __free(&duration_text)
254 || !(duration_text = duration2string(duration))
255 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"InceptionOffset", (xmlChar*)duration_text))
256 || __free(&duration_text)
260 || !(duration_text = duration2string(duration))
261 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"MaxZoneTTL", (xmlChar*)duration_text))
262 || __free(&duration_text)))
265 || !(node2 = xmlNewChild(node, NULL, (xmlChar*)
"Denial", NULL))
268 && !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"NSEC", NULL)))
271 && (!(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"NSEC3", NULL))
275 || !(duration_text = duration2string(duration))
276 || !(node4 = xmlNewChild(node3, NULL, (xmlChar*)
"TTL", (xmlChar*)duration_text))
277 || __free(&duration_text)))
280 && !(node4 = xmlNewChild(node3, NULL, (xmlChar*)
"OptOut", NULL)))
282 || !(node4 = xmlNewChild(node3, NULL, (xmlChar*)
"Hash", NULL))
285 || !(node5 = xmlNewChild(node4, NULL, (xmlChar*)
"Algorithm", (xmlChar*)text))
288 || !(node5 = xmlNewChild(node4, NULL, (xmlChar*)
"Iterations", (xmlChar*)text))
293 || !(keys = xmlNewChild(node, NULL, (xmlChar*)
"Keys", NULL))
296 || !(duration_text = duration2string(duration))
297 || !(node3 = xmlNewChild(keys, NULL, (xmlChar*)
"TTL", (xmlChar*)duration_text))
298 || __free(&duration_text)
301 || !(node2 = xmlNewChild(node, NULL, (xmlChar*)
"SOA", NULL))
304 || !(duration_text = duration2string(duration))
305 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"TTL", (xmlChar*)duration_text))
306 || __free(&duration_text)
309 || !(duration_text = duration2string(duration))
310 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Minimum", (xmlChar*)duration_text))
311 || __free(&duration_text)
316 ods_log_error(
"[signconf_export] Unable to create XML elements for zone %s! [%d]",
zone_db_name(zone), error);
317 if (sockfd > -1) client_printf_err(sockfd,
"Unable to create XML elements for zone %s!\n",
zone_db_name(zone));
318 __free(&duration_text);
319 duration_cleanup(duration);
323 __free(&duration_text);
324 duration_cleanup(duration);
327 ods_log_error(
"[signconf_export] Unable to get keys for zone %s!",
zone_db_name(zone));
328 if (sockfd > -1) client_printf_err(sockfd,
"Unable to get keys for zone %s!\n",
zone_db_name(zone));
335 ods_log_error(
"[signconf_export] Unable to get HSM key from database for zone %s!",
zone_db_name(zone));
336 if (sockfd > -1) client_printf_err(sockfd,
"Unable to get HSM key from database for zone %s!\n",
zone_db_name(zone));
342 if (!(node2 = xmlNewChild(keys, NULL, (xmlChar*)
"Key", NULL))
345 && !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Flags", (xmlChar*)
"256")))
348 && !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Flags", (xmlChar*)
"257")))
352 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Algorithm", (xmlChar*)text))
359 && !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"KSK", NULL)))
364 && !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"ZSK", NULL)))
367 && !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Publish", NULL)))
373 ods_log_error(
"[signconf_export] Unable to create key XML elements for zone %s! [%d]",
zone_db_name(zone), error);
374 if (sockfd > -1) client_printf_err(sockfd,
"Unable to create key XML elements for zone %s!\n",
zone_db_name(zone));
385 if (xmlSaveFormatFileEnc(path, doc,
"UTF-8", 1) == -1) {
386 ods_log_error(
"[signconf_export] Unable to write signconf for zone %s, LibXML error!",
zone_db_name(zone));
387 if (sockfd > -1) client_printf_err(sockfd,
"Unable to write signconf for zone %s, LibXML error!\n",
zone_db_name(zone));
393 if (
check_rng(path, OPENDNSSEC_SCHEMA_DIR
"/signconf.rng", 0)) {
394 ods_log_error(
"[signconf_export] Unable to validate the exported signconf XML for zone %s!",
zone_db_name(zone));
395 if (sockfd > -1) client_printf_err(sockfd,
"Unable to validate the exported signconf XML for zone %s!\n",
zone_db_name(zone));
400 ods_log_error(
"[signconf_export] Unable to write signconf for zone %s, rename failed!",
zone_db_name(zone));
401 if (sockfd > -1) client_printf_err(sockfd,
"Unable to write signconf for zone %s, rename failed!\n",
zone_db_name(zone));
int db_value_cmp(const db_value_t *value_a, const db_value_t *value_b, int *result)
void hsm_key_free(hsm_key_t *hsm_key)
const char * hsm_key_locator(const hsm_key_t *hsm_key)
int check_rng(const char *filename, const char *rngfilename, int verbose)
unsigned int key_data_active_ksk(const key_data_t *key_data)
const key_data_t * key_data_list_next(key_data_list_t *key_data_list)
unsigned int key_data_publish(const key_data_t *key_data)
void key_data_list_free(key_data_list_t *key_data_list)
unsigned int key_data_active_zsk(const key_data_t *key_data)
unsigned int key_data_algorithm(const key_data_t *key_data)
hsm_key_t * key_data_get_hsm_key(const key_data_t *key_data)
unsigned int policy_denial_iterations(const policy_t *policy)
unsigned int policy_denial_optout(const policy_t *policy)
unsigned int policy_signatures_validity_denial(const policy_t *policy)
unsigned int policy_signatures_resign(const policy_t *policy)
unsigned int policy_keys_ttl(const policy_t *policy)
unsigned int policy_zone_soa_ttl(const policy_t *policy)
unsigned int policy_zone_soa_minimum(const policy_t *policy)
unsigned int policy_passthrough(const policy_t *policy)
const db_value_t * policy_id(const policy_t *policy)
unsigned int policy_signatures_refresh(const policy_t *policy)
unsigned int policy_denial_ttl(const policy_t *policy)
unsigned int policy_signatures_max_zone_ttl(const policy_t *policy)
unsigned int policy_signatures_jitter(const policy_t *policy)
unsigned int policy_signatures_inception_offset(const policy_t *policy)
const char * policy_denial_salt(const policy_t *policy)
unsigned int policy_denial_algorithm(const policy_t *policy)
unsigned int policy_signatures_validity_default(const policy_t *policy)
void policy_free(policy_t *policy)
const char * policy_zone_soa_serial_text(const policy_t *policy)
unsigned int policy_signatures_validity_keyset(const policy_t *policy)
@ POLICY_DENIAL_TYPE_NSEC
@ POLICY_DENIAL_TYPE_NSEC3
int signconf_export_zone(char const *zonename, db_connection_t *dbconn)
int signconf_export_all(int sockfd, const db_connection_t *connection, int force)
#define SIGNCONF_EXPORT_ERR_DATABASE
#define SIGNCONF_EXPORT_ERR_MEMORY
#define SIGNCONF_EXPORT_NO_CHANGE
#define SIGNCONF_EXPORT_ERR_ARGS
#define SIGNCONF_EXPORT_ERR_FILE
#define SIGNCONF_EXPORT_OK
#define SIGNCONF_EXPORT_ERR_XML
void zone_db_free(zone_db_t *zone)
int zone_db_set_signconf_needs_writing(zone_db_t *zone, unsigned int signconf_needs_writing)
const char * zone_db_name(const zone_db_t *zone)
const char * zone_db_signconf_path(const zone_db_t *zone)
policy_t * zone_db_get_policy(const zone_db_t *zone)
int zone_db_update(zone_db_t *zone)
int zone_list_db_get(zone_list_db_t *zone_list)
zone_list_db_t * zone_list_db_new(const db_connection_t *connection)
zone_db_t * zone_list_db_get_next(zone_list_db_t *zone_list)
unsigned int zone_db_signconf_needs_writing(const zone_db_t *zone)
void zone_list_db_free(zone_list_db_t *zone_list)
const db_value_t * zone_db_policy_id(const zone_db_t *zone)
zone_db_t * zone_db_new_get_by_name(const db_connection_t *connection, const char *name)
key_data_list_t * zone_db_get_keys(const zone_db_t *zone)