static void print_zone(int sockfd, const char* fmt, const zone_t* zone) { key_data_list_t *keylist; const key_data_t *key; keylist = zone_get_keys(zone); while ((key = key_data_list_next(keylist))) { char *tchange = map_keytime(zone, key); client_printf(sockfd, fmt, zone_name(zone), key_data_role_text(key), tchange); free(tchange); } key_data_list_free(keylist); }
static int delete_key_data(zone_db_t* zone, db_connection_t *dbconn, int sockfd) { int successful; key_data_list_t* key_data_list; key_data_t* key_data; key_state_list_t* key_state_list; key_state_t* key_state; /* * Get key data for the zone and for each key data get the key state * and try to delete all key state then the key data */ if (!(key_data_list = key_data_list_new_get_by_zone_id(dbconn, zone_db_id(zone)))) { client_printf_err(sockfd, "Unable to get key data for zone %s from database!\n", zone_db_name(zone)); return 0; } successful = 1; for (key_data = key_data_list_get_next(key_data_list); key_data; key_data_free(key_data), key_data = key_data_list_get_next(key_data_list)) { if (!(key_state_list = key_state_list_new_get_by_key_data_id(dbconn, key_data_id(key_data)))) { client_printf_err(sockfd, "Unable to get key states for key data %s of zone %s from database!\n", key_data_role_text(key_data), zone_db_name(zone)); successful = 0; continue; } for (key_state = key_state_list_get_next(key_state_list); key_state; key_state_free(key_state), key_state = key_state_list_get_next(key_state_list)) { if (key_state_delete(key_state)) { client_printf_err(sockfd, "Unable to delete key state %s for key data %s of zone %s from database!\n", key_state_type_text(key_state), key_data_role_text(key_data), zone_db_name(zone)); successful = 0; continue; } } key_state_list_free(key_state_list); if (key_data_delete(key_data)) { client_printf_err(sockfd, "Unable to delete key data %s of zone %s from database!\n", key_data_role_text(key_data), zone_db_name(zone)); successful = 0; continue; } if (hsm_key_factory_release_key_id(key_data_hsm_key_id(key_data), dbconn)) { client_printf_err(sockfd, "Unable to release HSM key for key data %s of zone %s from database!\n", key_data_role_text(key_data), zone_db_name(zone)); successful = 0; continue; } } key_data_list_free(key_data_list); return successful; }
static time_t perform_enforce(int sockfd, engine_type *engine, int bForceUpdate, task_type* task, db_connection_t *dbconn) { zone_list_t *zonelist = NULL; zone_t *zone, *firstzone = NULL; policy_t *policy; key_data_list_t *keylist; const key_data_t *key; time_t t_next, t_now = time_now(), t_reschedule = -1; /* Flags that indicate tasks to be scheduled after zones have been * enforced. */ int bSignerConfNeedsWriting = 0; int bSubmitToParent = 0; int bRetractFromParent = 0; int zone_updated; if (!(zonelist = zone_list_new(dbconn)) /*|| zone_list_associated_fetch(zonelist)*/ || zone_list_get(zonelist)) { zone_list_free(zonelist); zonelist = NULL; } if (!zonelist) { /* TODO: log error */ ods_log_error("[%s] zonelist NULL", module_str); /* TODO: backoff? */ return t_reschedule; } for (zone = zone_list_get_next(zonelist); zone; zone_free(zone), zone = zone_list_get_next(zonelist)) { if (engine->need_to_reload || engine->need_to_exit) break; if (!bForceUpdate && (zone_next_change(zone) == -1)) { continue; } else if (zone_next_change(zone) > t_now && !bForceUpdate) { /* This zone needs no update, however it might be the first * for future updates */ if (zone_next_change(zone) < t_reschedule || !firstzone) { t_reschedule = zone_next_change(zone); if (firstzone) { zone_free(firstzone); } firstzone = zone; zone = NULL; /* keeps firstzone from being freed. */ } continue; } if (!(policy = zone_get_policy(zone))) { client_printf(sockfd, "Next update for zone %s NOT scheduled " "because policy is missing !\n", zone_name(zone)); if (zone_next_change(zone) != -1 && (zone_set_next_change(zone, -1) || zone_update(zone))) { /* TODO: Log error */ } continue; } if (policy_passthrough(policy)) { ods_log_info("Passing through zone %s.\n", zone_name(zone)); zone_set_signconf_needs_writing(zone, 1); zone_update(zone); bSignerConfNeedsWriting = 1; policy_free(policy); continue; } zone_updated = 0; t_next = update(engine, dbconn, zone, policy, t_now, &zone_updated); policy_free(policy); bSignerConfNeedsWriting |= zone_signconf_needs_writing(zone); keylist = zone_get_keys(zone); while ((key = key_data_list_next(keylist))) { if (key_data_ds_at_parent(key) == KEY_DATA_DS_AT_PARENT_SUBMIT) { ods_log_warning("[%s] please submit DS " "with keytag %d for zone %s", module_str, key_data_keytag(key)&0xFFFF, zone_name(zone)); bSubmitToParent = 1; } else if (key_data_ds_at_parent(key) == KEY_DATA_DS_AT_PARENT_RETRACT) { ods_log_warning("[%s] please retract DS " "with keytag %d for zone %s", module_str, key_data_keytag(key)&0xFFFF, zone_name(zone)); bRetractFromParent = 1; } } key_data_list_free(keylist); if (t_next == -1) { client_printf(sockfd, "Next update for zone %s NOT scheduled " "by enforcer !\n", zone_name(zone)); ods_log_debug("Next update for zone %s NOT scheduled " "by enforcer !\n", zone_name(zone)); } else { /* Invalid schedule time then skip the zone.*/ char tbuf[32] = "date/time invalid\n"; /* at least 26 bytes */ ctime_r(&t_next, tbuf); /* note that ctime_r inserts \n */ client_printf(sockfd, "Next update for zone %s scheduled at %s", zone_name(zone), tbuf); ods_log_debug("Next update for zone %s scheduled at %s", zone_name(zone), tbuf); } if (zone_next_change(zone) != t_next) { zone_set_next_change(zone, t_next); zone_updated = 1; } /* * Commit the changes to the zone if there where any. */ if (zone_updated) { if (zone_update(zone)) { ods_log_debug("[%s] error zone_update(%s)", module_str, zone_name(zone)); } } /* * Find out when to schedule the next change. */ if (zone_next_change(zone) != -1 && (zone_next_change(zone) < t_reschedule || !firstzone)) { t_reschedule = zone_next_change(zone); if (firstzone) { zone_free(firstzone); } firstzone = zone; zone = NULL; } } zone_list_free(zonelist); /* * Schedule the next change if needed. */ if (firstzone) { reschedule_enforce(task, t_reschedule, zone_name(firstzone)); zone_free(firstzone); } /* Launch signer configuration writer task when one of the * zones indicated that it needs to be written. * TODO: unschedule it first! */ if (bSignerConfNeedsWriting) { task_type *signconf = signconf_task(dbconn, "signconf", "signer configurations"); enf_schedule_task(sockfd,engine,signconf,"signconf"); } else { ods_log_info("[%s] No changes to any signconf file required", module_str); } /* Launch ds-submit task when one of the updated key states has the * DS_SUBMIT flag set. */ if (bSubmitToParent) { task_type *submit = keystate_ds_submit_task(engine); enf_schedule_task(sockfd, engine, submit, "ds-submit"); } /* Launch ds-retract task when one of the updated key states has the * DS_RETRACT flag set. */ if (bRetractFromParent) { task_type *retract = keystate_ds_retract_task(engine); enf_schedule_task(sockfd, engine, retract, "ds-retract"); } return t_reschedule; }
static int perform_keystate_list(int sockfd, db_connection_t *dbconn, const char* filterZone, char** filterKeytype, char** filterKeystate, void (printheader)(int sockfd), void (printkey)(int sockfd, zone_t* zone, key_data_t* key, char*tchange, hsm_key_t* hsmKey)) { key_data_list_t* key_list; key_data_t* key; zone_t *zone = NULL; char* tchange; hsm_key_t *hsmkey; int cmp; int i, skipPrintKey; if (!(key_list = key_data_list_new_get(dbconn))) { client_printf_err(sockfd, "Unable to get list of keys, memory " "allocation or database error!\n"); return 1; } if (printheader) { (*printheader)(sockfd); } while ((key = key_data_list_get_next(key_list))) { /* only refetches zone if different from previous */ if (zone && (db_value_cmp(zone_id(zone), key_data_zone_id(key), &cmp) || cmp)) { zone_free(zone); zone = NULL; } if (!zone) { zone = key_data_get_zone(key); } hsmkey = key_data_get_hsm_key(key); key_data_cache_key_states(key); tchange = map_keytime(zone, key); /* allocs */ skipPrintKey = 0; if(printkey == NULL) skipPrintKey = 1; if(filterZone != NULL && strcmp(zone_name(zone), filterZone)) skipPrintKey = 1; for(i=0; filterKeytype && filterKeytype[i]; i++) if(!strcasecmp(filterKeytype[i],key_data_role_text(key))) break; if(filterKeytype && filterKeytype[i] == NULL) skipPrintKey = 1; for(i=0; filterKeystate && filterKeystate[i]; i++) if(!strcasecmp(filterKeystate[i],map_keystate(key))) break; if(filterKeystate && filterKeystate[i] == NULL) skipPrintKey = 1; if (!skipPrintKey) { (*printkey)(sockfd, zone, key, tchange, hsmkey); } free(tchange); hsm_key_free(hsmkey); key_data_free(key); } zone_free(zone); key_data_list_free(key_list); return 0; }