int check_kasp() { int status = 0; int i = 0; int j = 0; const char* rngfilename = OPENDNSSEC_SCHEMA_DIR "/kasp.rng"; xmlDocPtr doc; xmlXPathContextPtr xpath_ctx; xmlXPathObjectPtr xpath_obj; xmlNode *curNode; xmlChar *xexpr; int policy_count = 0; char **policy_names = NULL; int default_found = 0; if (kasp == NULL) { dual_log("ERROR: No location for kasp.xml set\n"); return 1; } /* Check that the file is well-formed */ status = check_rng(kasp, rngfilename); if (status ==0) { dual_log("INFO: The XML in %s is valid\n", kasp); } else { return 1; } /* Load XML document */ doc = xmlParseFile(kasp); if (doc == NULL) { return 1; } /* Create xpath evaluation context */ xpath_ctx = xmlXPathNewContext(doc); if(xpath_ctx == NULL) { xmlFreeDoc(doc); return 1; } /* First pass through the whole document to test for a policy called "default" and no duplicate names */ xexpr = (xmlChar *)"//KASP/Policy"; xpath_obj = xmlXPathEvalExpression(xexpr, xpath_ctx); if(xpath_obj == NULL) { xmlXPathFreeContext(xpath_ctx); xmlFreeDoc(doc); return 1; } if (xpath_obj->nodesetval) { policy_count = xpath_obj->nodesetval->nodeNr; policy_names = (char**)malloc(sizeof(char*) * policy_count); if (policy_names == NULL) { dual_log("ERROR: Malloc for policy names failed\n"); exit(1); } for (i = 0; i < policy_count; i++) { policy_names[i] = (char *) xmlGetProp(xpath_obj->nodesetval->nodeTab[i], (const xmlChar *)"name"); } } /* Now we have all the information we need do the checks */ for (i = 0; i < policy_count; i++) { if (strcmp(policy_names[i], "default") == 0) { default_found = 1; } for (j = i+1; j < policy_count; j++) { if ( (strcmp(policy_names[i], policy_names[j]) == 0) ) { dual_log("ERROR: Two policies exist with the same name (%s)\n", policy_names[i]); status += 1; } } } if (default_found == 0) { dual_log("WARNING: No policy named 'default' in %s. This means you will need to refer explicitly to the policy for each zone\n", kasp); } /* Go again; this time check each policy */ for (i = 0; i < policy_count; i++) { curNode = xpath_obj->nodesetval->nodeTab[i]->xmlChildrenNode; status += check_policy(curNode, policy_names[i], repo_list, repo_count, kasp); } for (i = 0; i < policy_count; i++) { free(policy_names[i]); } free(policy_names); xmlXPathFreeObject(xpath_obj); xmlXPathFreeContext(xpath_ctx); xmlFreeDoc(doc); return status; }
int main(int argc, char** argv) { int ret; int i; (void)argc; (void)argv; #if defined(MICROCHIP_PIC32) init_serial() ; /* initialize PIC32MZ serial I/O */ SYSTEMConfigPerformance(80000000); DBINIT(); #endif /* align key, iv pointers */ key = (byte*)XMALLOC(32, NULL, DYNAMIC_TYPE_KEY); if (key == NULL) { printf("mcapi key alloc failed\n"); return -1; } iv = (byte*)XMALLOC(16, NULL, DYNAMIC_TYPE_KEY); if (iv == NULL) { printf("mcapi iv alloc failed\n"); return -1; } for (i = 0; i < OUR_DATA_SIZE; i++) ourData[i] = (byte)i; ret = check_md5(); if (ret != 0) { printf("mcapi check_md5 failed\n"); return -1; } ret = check_sha(); if (ret != 0) { printf("mcapi check_sha failed\n"); return -1; } ret = check_sha256(); if (ret != 0) { printf("mcapi check_sha256 failed\n"); return -1; } ret = check_sha384(); if (ret != 0) { printf("mcapi check_sha384 failed\n"); return -1; } ret = check_sha512(); if (ret != 0) { printf("mcapi check_sha512 failed\n"); return -1; } ret = check_hmac(); if (ret != 0) { printf("mcapi check_hmac failed\n"); return -1; } ret = check_compress(); if (ret != 0) { printf("mcapi check_compress failed\n"); return -1; } ret = check_rng(); if (ret != 0) { printf("mcapi check_rng failed\n"); return -1; } ret = check_des3(); if (ret != 0) { printf("mcapi check_des3 failed\n"); return -1; } ret = check_aescbc(); if (ret != 0) { printf("mcapi check_aes cbc failed\n"); return -1; } ret = check_aesctr(); if (ret != 0) { printf("mcapi check_aes ctr failed\n"); return -1; } ret = check_aesdirect(); if (ret != 0) { printf("mcapi check_aes direct failed\n"); return -1; } ret = check_rsa(); if (ret != 0) { printf("mcapi check_rsa failed\n"); return -1; } ret = check_ecc(); if (ret != 0) { printf("mcapi check_ecc failed\n"); return -1; } XFREE(iv, NULL, DYNAMIC_TYPE_KEY); XFREE(key, NULL, DYNAMIC_TYPE_KEY); return 0; }
int check_conf(char** kasp) { int status = 0; int i = 0; int j = 0; int temp_status = 0; xmlDocPtr doc; xmlXPathContextPtr xpath_ctx; xmlXPathObjectPtr xpath_obj; xmlNode *curNode; xmlChar *xexpr; char* temp_char = NULL; KC_REPO* repo = NULL; int* repo_mods = NULL; /* To see if we have looked at this module before */ const char* rngfilename = OPENDNSSEC_SCHEMA_DIR "/conf.rng"; const char* zonerngfilename = OPENDNSSEC_SCHEMA_DIR "/zonelist.rng"; /* Check that the file is well-formed */ status = check_rng(config, rngfilename); if (status == 0) { dual_log("INFO: The XML in %s is valid\n", config); } else { return status; /* Don't try to read the file if it is invalid */ } /* Load XML document */ doc = xmlParseFile(config); if (doc == NULL) { return 1; } /* Create xpath evaluation context */ xpath_ctx = xmlXPathNewContext(doc); if(xpath_ctx == NULL) { xmlFreeDoc(doc); return 1; } /* REPOSITORY section */ xexpr = (xmlChar *)"//Configuration/RepositoryList/Repository"; xpath_obj = xmlXPathEvalExpression(xexpr, xpath_ctx); if(xpath_obj == NULL) { xmlXPathFreeContext(xpath_ctx); xmlFreeDoc(doc); return 1; } if (xpath_obj->nodesetval) { repo_count = xpath_obj->nodesetval->nodeNr; repo = (KC_REPO*)malloc(sizeof(KC_REPO) * repo_count); repo_mods = (int*)malloc(sizeof(int) * repo_count); repo_list = (char**)malloc(sizeof(char*) * repo_count); if (repo == NULL || repo_mods == NULL || repo_list == NULL) { dual_log("ERROR: malloc for repo information failed\n"); exit(1); } for (i = 0; i < repo_count; i++) { repo_mods[i] = 0; curNode = xpath_obj->nodesetval->nodeTab[i]->xmlChildrenNode; /* Default for capacity */ repo[i].name = (char *) xmlGetProp(xpath_obj->nodesetval->nodeTab[i], (const xmlChar *)"name"); repo_list[i] = StrStrdup(repo[i].name); while (curNode) { if (xmlStrEqual(curNode->name, (const xmlChar *)"TokenLabel")) repo[i].TokenLabel = (char *) xmlNodeGetContent(curNode); if (xmlStrEqual(curNode->name, (const xmlChar *)"Module")) repo[i].module = (char *) xmlNodeGetContent(curNode); curNode = curNode->next; } } } xmlXPathFreeObject(xpath_obj); /* Now we have all the information we need do the checks */ for (i = 0; i < repo_count; i++) { if (repo_mods[i] == 0) { /* 1) Check that the module exists */ status += check_file(repo[i].module, "Module"); repo_mods[i] = 1; /* Done this module */ /* 2) Check repos on the same modules have different TokenLabels */ for (j = i+1; j < repo_count; j++) { if ( repo_mods[j] == 0 && (strcmp(repo[i].module, repo[j].module) == 0) ) { repo_mods[j] = 1; /* done */ if (strcmp(repo[i].TokenLabel, repo[j].TokenLabel) == 0) { dual_log("ERROR: Multiple Repositories (%s and %s) in %s have the same Module (%s) and TokenLabel (%s)\n", repo[i].name, repo[j].name, config, repo[i].module, repo[i].TokenLabel); status += 1; } } } } /* 3) Check that the name is unique */ for (j = i+1; j < repo_count; j++) { if (strcmp(repo[i].name, repo[j].name) == 0) { dual_log("ERROR: Two repositories exist with the same name (%s)\n", repo[i].name); status += 1; } } } /* COMMON section */ /* PolicyFile (aka KASP); we will validate it later */ if (*kasp == NULL) { xexpr = (xmlChar *)"//Configuration/Common/PolicyFile"; xpath_obj = xmlXPathEvalExpression(xexpr, xpath_ctx); if(xpath_obj == NULL) { xmlXPathFreeContext(xpath_ctx); xmlFreeDoc(doc); for (i = 0; i < repo_count; i++) { free(repo[i].name); free(repo[i].module); free(repo[i].TokenLabel); } free(repo); free(repo_mods); return -1; } temp_char = (char*) xmlXPathCastToString(xpath_obj); StrAppend(kasp, temp_char); StrFree(temp_char); xmlXPathFreeObject(xpath_obj); } /* Check that the Zonelist file is well-formed */ xexpr = (xmlChar *)"//Configuration/Common/ZoneListFile"; xpath_obj = xmlXPathEvalExpression(xexpr, xpath_ctx); if(xpath_obj == NULL) { xmlXPathFreeContext(xpath_ctx); xmlFreeDoc(doc); for (i = 0; i < repo_count; i++) { free(repo[i].name); free(repo[i].module); free(repo[i].TokenLabel); } free(repo); free(repo_mods); return -1; } temp_char = (char*) xmlXPathCastToString(xpath_obj); if (check_rng(temp_char, zonerngfilename) == 0) { dual_log("INFO: The XML in %s is valid\n", temp_char); } else { status += 1; } xmlXPathFreeObject(xpath_obj); StrFree(temp_char); /* ENFORCER section */ /* Check defined user/group */ status += check_user_group(xpath_ctx, (xmlChar *)"//Configuration/Enforcer/Privileges/User", (xmlChar *)"//Configuration/Enforcer/Privileges/Group"); /* Check datastore exists (if sqlite) */ /* TODO check datastore matches libksm without building against libksm */ temp_status = check_file_from_xpath(xpath_ctx, "SQLite datastore", (xmlChar *)"//Configuration/Enforcer/Datastore/SQLite"); if (temp_status == -1) { /* Configured for Mysql DB */ /*if (DbFlavour() != MYSQL_DB) { dual_log("ERROR: libksm compiled for sqlite3 but conf.xml configured for MySQL\n"); }*/ } else { status += temp_status; /* Configured for sqlite DB */ /*if (DbFlavour() != SQLITE_DB) { dual_log("ERROR: libksm compiled for MySQL but conf.xml configured for sqlite3\n"); }*/ } /* Warn if Interval is M or Y */ status += check_time_def_from_xpath(xpath_ctx, (xmlChar *)"//Configuration/Enforcer/Interval", "Configuration", "Enforcer/Interval", config); /* Warn if RolloverNotification is M or Y */ status += check_time_def_from_xpath(xpath_ctx, (xmlChar *)"//Configuration/Enforcer/RolloverNotification", "Configuration", "Enforcer/RolloverNotification", config); /* Check DelegationSignerSubmitCommand exists (if set) */ temp_status = check_file_from_xpath(xpath_ctx, "DelegationSignerSubmitCommand", (xmlChar *)"//Configuration/Enforcer/DelegationSignerSubmitCommand"); if (temp_status > 0) { status += temp_status; } /* SIGNER section */ /* Check defined user/group */ status += check_user_group(xpath_ctx, (xmlChar *)"//Configuration/Signer/Privileges/User", (xmlChar *)"//Configuration/Signer/Privileges/Group"); /* Check WorkingDirectory exists (or default) */ temp_status = check_path_from_xpath(xpath_ctx, "WorkingDirectory", (xmlChar *)"//Configuration/Signer/WorkingDirectory"); if (temp_status == -1) { /* Check the default location */ check_path(OPENDNSSEC_STATE_DIR "/tmp", "default WorkingDirectory"); } else { status += temp_status; } xmlXPathFreeContext(xpath_ctx); xmlFreeDoc(doc); for (i = 0; i < repo_count; i++) { free(repo[i].name); free(repo[i].module); free(repo[i].TokenLabel); } free(repo); free(repo_mods); return status; }