static void
print_zone(int sockfd, const char* fmt, const zone_t* zone)
{
key_data_list_t *keylist;
const key_data_t *key;
keylist = zone_get_keys(zone);
while ((key = key_data_list_next(keylist))) {
char *tchange = map_keytime(zone, key);
client_printf(sockfd, fmt, zone_name(zone),
key_data_role_text(key), tchange);
free(tchange);
}
key_data_list_free(keylist);
}
static int delete_key_data(zone_db_t* zone, db_connection_t *dbconn, int sockfd) {
int successful;
key_data_list_t* key_data_list;
key_data_t* key_data;
key_state_list_t* key_state_list;
key_state_t* key_state;
/*
* Get key data for the zone and for each key data get the key state
* and try to delete all key state then the key data
*/
if (!(key_data_list = key_data_list_new_get_by_zone_id(dbconn, zone_db_id(zone)))) {
client_printf_err(sockfd, "Unable to get key data for zone %s from database!\n", zone_db_name(zone));
return 0;
}
successful = 1;
for (key_data = key_data_list_get_next(key_data_list); key_data; key_data_free(key_data), key_data = key_data_list_get_next(key_data_list)) {
if (!(key_state_list = key_state_list_new_get_by_key_data_id(dbconn, key_data_id(key_data)))) {
client_printf_err(sockfd, "Unable to get key states for key data %s of zone %s from database!\n", key_data_role_text(key_data), zone_db_name(zone));
successful = 0;
continue;
}
for (key_state = key_state_list_get_next(key_state_list); key_state; key_state_free(key_state), key_state = key_state_list_get_next(key_state_list)) {
if (key_state_delete(key_state)) {
client_printf_err(sockfd, "Unable to delete key state %s for key data %s of zone %s from database!\n", key_state_type_text(key_state), key_data_role_text(key_data), zone_db_name(zone));
successful = 0;
continue;
}
}
key_state_list_free(key_state_list);
if (key_data_delete(key_data)) {
client_printf_err(sockfd, "Unable to delete key data %s of zone %s from database!\n", key_data_role_text(key_data), zone_db_name(zone));
successful = 0;
continue;
}
if (hsm_key_factory_release_key_id(key_data_hsm_key_id(key_data), dbconn)) {
client_printf_err(sockfd, "Unable to release HSM key for key data %s of zone %s from database!\n", key_data_role_text(key_data), zone_db_name(zone));
successful = 0;
continue;
}
}
key_data_list_free(key_data_list);
return successful;
}
static time_t
perform_enforce(int sockfd, engine_type *engine, int bForceUpdate,
task_type* task, db_connection_t *dbconn)
{
zone_list_t *zonelist = NULL;
zone_t *zone, *firstzone = NULL;
policy_t *policy;
key_data_list_t *keylist;
const key_data_t *key;
time_t t_next, t_now = time_now(), t_reschedule = -1;
/* Flags that indicate tasks to be scheduled after zones have been
* enforced. */
int bSignerConfNeedsWriting = 0;
int bSubmitToParent = 0;
int bRetractFromParent = 0;
int zone_updated;
if (!(zonelist = zone_list_new(dbconn))
/*|| zone_list_associated_fetch(zonelist)*/
|| zone_list_get(zonelist))
{
zone_list_free(zonelist);
zonelist = NULL;
}
if (!zonelist) {
/* TODO: log error */
ods_log_error("[%s] zonelist NULL", module_str);
/* TODO: backoff? */
return t_reschedule;
}
for (zone = zone_list_get_next(zonelist); zone;
zone_free(zone), zone = zone_list_get_next(zonelist))
{
if (engine->need_to_reload || engine->need_to_exit) break;
if (!bForceUpdate && (zone_next_change(zone) == -1)) {
continue;
} else if (zone_next_change(zone) > t_now && !bForceUpdate) {
/* This zone needs no update, however it might be the first
* for future updates */
if (zone_next_change(zone) < t_reschedule || !firstzone)
{
t_reschedule = zone_next_change(zone);
if (firstzone) {
zone_free(firstzone);
}
firstzone = zone;
zone = NULL; /* keeps firstzone from being freed. */
}
continue;
}
if (!(policy = zone_get_policy(zone))) {
client_printf(sockfd,
"Next update for zone %s NOT scheduled "
"because policy is missing !\n", zone_name(zone));
if (zone_next_change(zone) != -1
&& (zone_set_next_change(zone, -1)
|| zone_update(zone)))
{
/* TODO: Log error */
}
continue;
}
if (policy_passthrough(policy)) {
ods_log_info("Passing through zone %s.\n", zone_name(zone));
zone_set_signconf_needs_writing(zone, 1);
zone_update(zone);
bSignerConfNeedsWriting = 1;
policy_free(policy);
continue;
}
zone_updated = 0;
t_next = update(engine, dbconn, zone, policy, t_now, &zone_updated);
policy_free(policy);
bSignerConfNeedsWriting |= zone_signconf_needs_writing(zone);
keylist = zone_get_keys(zone);
while ((key = key_data_list_next(keylist))) {
if (key_data_ds_at_parent(key) == KEY_DATA_DS_AT_PARENT_SUBMIT) {
ods_log_warning("[%s] please submit DS "
"with keytag %d for zone %s",
module_str, key_data_keytag(key)&0xFFFF, zone_name(zone));
bSubmitToParent = 1;
} else if (key_data_ds_at_parent(key) == KEY_DATA_DS_AT_PARENT_RETRACT) {
ods_log_warning("[%s] please retract DS "
"with keytag %d for zone %s",
module_str, key_data_keytag(key)&0xFFFF, zone_name(zone));
bRetractFromParent = 1;
}
}
key_data_list_free(keylist);
if (t_next == -1) {
client_printf(sockfd,
"Next update for zone %s NOT scheduled "
"by enforcer !\n", zone_name(zone));
ods_log_debug("Next update for zone %s NOT scheduled "
"by enforcer !\n", zone_name(zone));
} else {
/* Invalid schedule time then skip the zone.*/
char tbuf[32] = "date/time invalid\n"; /* at least 26 bytes */
ctime_r(&t_next, tbuf); /* note that ctime_r inserts \n */
client_printf(sockfd,
"Next update for zone %s scheduled at %s",
zone_name(zone), tbuf);
ods_log_debug("Next update for zone %s scheduled at %s",
zone_name(zone), tbuf);
}
if (zone_next_change(zone) != t_next) {
zone_set_next_change(zone, t_next);
zone_updated = 1;
}
/*
* Commit the changes to the zone if there where any.
*/
if (zone_updated) {
if (zone_update(zone)) {
ods_log_debug("[%s] error zone_update(%s)", module_str, zone_name(zone));
}
}
/*
* Find out when to schedule the next change.
*/
if (zone_next_change(zone) != -1
&& (zone_next_change(zone) < t_reschedule
|| !firstzone))
{
t_reschedule = zone_next_change(zone);
if (firstzone) {
zone_free(firstzone);
}
firstzone = zone;
zone = NULL;
}
}
zone_list_free(zonelist);
/*
* Schedule the next change if needed.
*/
if (firstzone) {
reschedule_enforce(task, t_reschedule, zone_name(firstzone));
zone_free(firstzone);
}
/* Launch signer configuration writer task when one of the
* zones indicated that it needs to be written.
* TODO: unschedule it first!
*/
if (bSignerConfNeedsWriting) {
task_type *signconf =
signconf_task(dbconn, "signconf", "signer configurations");
enf_schedule_task(sockfd,engine,signconf,"signconf");
} else {
ods_log_info("[%s] No changes to any signconf file required", module_str);
}
/* Launch ds-submit task when one of the updated key states has the
* DS_SUBMIT flag set. */
if (bSubmitToParent) {
task_type *submit =
keystate_ds_submit_task(engine);
enf_schedule_task(sockfd, engine, submit, "ds-submit");
}
/* Launch ds-retract task when one of the updated key states has the
* DS_RETRACT flag set. */
if (bRetractFromParent) {
task_type *retract =
keystate_ds_retract_task(engine);
enf_schedule_task(sockfd, engine, retract, "ds-retract");
}
return t_reschedule;
}
static int
perform_keystate_list(int sockfd, db_connection_t *dbconn,
const char* filterZone, char** filterKeytype, char** filterKeystate,
void (printheader)(int sockfd),
void (printkey)(int sockfd, zone_t* zone, key_data_t* key, char*tchange, hsm_key_t* hsmKey)) {
key_data_list_t* key_list;
key_data_t* key;
zone_t *zone = NULL;
char* tchange;
hsm_key_t *hsmkey;
int cmp;
int i, skipPrintKey;
if (!(key_list = key_data_list_new_get(dbconn))) {
client_printf_err(sockfd, "Unable to get list of keys, memory "
"allocation or database error!\n");
return 1;
}
if (printheader) {
(*printheader)(sockfd);
}
while ((key = key_data_list_get_next(key_list))) {
/* only refetches zone if different from previous */
if (zone
&& (db_value_cmp(zone_id(zone), key_data_zone_id(key), &cmp)
|| cmp)) {
zone_free(zone);
zone = NULL;
}
if (!zone) {
zone = key_data_get_zone(key);
}
hsmkey = key_data_get_hsm_key(key);
key_data_cache_key_states(key);
tchange = map_keytime(zone, key); /* allocs */
skipPrintKey = 0;
if(printkey == NULL)
skipPrintKey = 1;
if(filterZone != NULL && strcmp(zone_name(zone), filterZone))
skipPrintKey = 1;
for(i=0; filterKeytype && filterKeytype[i]; i++)
if(!strcasecmp(filterKeytype[i],key_data_role_text(key)))
break;
if(filterKeytype && filterKeytype[i] == NULL)
skipPrintKey = 1;
for(i=0; filterKeystate && filterKeystate[i]; i++)
if(!strcasecmp(filterKeystate[i],map_keystate(key)))
break;
if(filterKeystate && filterKeystate[i] == NULL)
skipPrintKey = 1;
if (!skipPrintKey) {
(*printkey)(sockfd, zone, key, tchange, hsmkey);
}
free(tchange);
hsm_key_free(hsmkey);
key_data_free(key);
}
zone_free(zone);
key_data_list_free(key_list);
return 0;
}
