/*****************************************************************
** checkconfig (config)
*****************************************************************/
int checkconfig (const zconf_t *z)
{
if ( z == NULL )
return 1;
if ( z->saltbits < 4 )
fprintf (stderr, "Saltlength must be at least 4 bits\n");
if ( z->saltbits > 128 )
{
fprintf (stderr, "While the maximum is 520 bits of salt, it's not recommended to use more than 128 bits.\n");
fprintf (stderr, "The current value is %d bits\n", z->saltbits);
}
if ( z->sigvalidity < (1 * DAYSEC) || z->sigvalidity > (12 * WEEKSEC) )
{
fprintf (stderr, "Signature should be valid for at least 1 day and no longer than 3 month (12 weeks)\n");
fprintf (stderr, "The current value is %s\n", timeint2str (z->sigvalidity));
}
if ( z->resign > (z->sigvalidity*5/6) - (z->max_ttl + z->proptime) )
{
fprintf (stderr, "Re-signing interval (%s) should be less than ", timeint2str (z->resign));
fprintf (stderr, "5/6 of sigvalidity\n");
}
if ( z->resign < (z->max_ttl + z->proptime) )
{
fprintf (stderr, "Re-signing interval (%s) should be ", timeint2str (z->resign));
fprintf (stderr, "greater than max_ttl (%ld) plus ", z->max_ttl);
fprintf (stderr, "propagation time (%ld)\n", z->proptime);
}
if ( z->max_ttl >= z->sigvalidity )
fprintf (stderr, "Max TTL (%ld) should be less than signature validity (%ld)\n",
z->max_ttl, z->sigvalidity);
if ( z->z_life > (12 * WEEKSEC) * (z->z_bits / 512.) )
{
fprintf (stderr, "Lifetime of zone signing key (%s) ", timeint2str (z->z_life));
fprintf (stderr, "seems a little bit high ");
fprintf (stderr, "(In respect of key size (%d))\n", z->z_bits);
}
if ( z->k_life > 0 && z->k_life <= z->z_life )
{
fprintf (stderr, "Lifetime of key signing key (%s) ", timeint2str (z->k_life));
fprintf (stderr, "should be greater than lifetime of zsk\n");
}
if ( z->k_life > 0 && z->k_life > (26 * WEEKSEC) * (z->k_bits / 512.) )
{
fprintf (stderr, "Lifetime of key signing key (%s) ", timeint2str (z->k_life));
fprintf (stderr, "seems a little bit high ");
fprintf (stderr, "(In respect of key size (%d))\n", z->k_bits);
}
return 1;
}
int main (int argc, char *argv[])
{
int c;
int opt_index;
int action;
int major;
int minor;
const char *file;
const char *defconfname = NULL;
const char *confname = NULL;
char *p;
char str[254+1];
zconf_t *refconfig = NULL;
zconf_t *config;
progname = *argv;
if ( (p = strrchr (progname, '/')) )
progname = ++p;
view = getnameappendix (progname, "zkt-conf");
defconfname = getdefconfname (view);
dbg_val0 ("Load built in config \"%s\"\n");
config = loadconfig ("", (zconf_t *)NULL); /* load built in config */
if ( fileexist (defconfname) ) /* load default config file */
{
dbg_val ("Load site wide config file \"%s\"\n", defconfname);
config = loadconfig (defconfname, config);
}
if ( config == NULL )
fatal ("Out of memory\n");
confname = defconfname;
opterr = 0;
opt_index = 0;
action = 0;
setconfigversion (100);
#if defined(HAVE_GETOPT_LONG) && HAVE_GETOPT_LONG
while ( (c = getopt_long (argc, argv, short_options, long_options, &opt_index)) != -1 )
#else
while ( (c = getopt (argc, argv, short_options)) != -1 )
#endif
{
switch ( c )
{
case 'V': /* view name */
view = optarg;
defconfname = getdefconfname (view);
if ( fileexist (defconfname) ) /* load default config file */
config = loadconfig (defconfname, config);
if ( config == NULL )
fatal ("Out of memory\n");
confname = defconfname;
break;
case 'O': /* read option from commandline */
config = loadconfig_fromstr (optarg, config);
break;
case 'C':
switch ( sscanf (optarg, "%d.%d", &major, &minor) )
{
case 2: major = major * 100 + minor;
case 1: break;
default:
usage ("illegal release number");
}
setconfigversion (major);
break;
case 'c':
if ( *optarg == '\0' )
usage ("empty config file name");
config = loadconfig (optarg, config);
if ( *optarg == '-' || strcmp (optarg, "stdin") == 0 )
confname = "stdout";
else
confname = optarg;
break;
case 'd': /* built-in default config */
config = loadconfig ("", config); /* load built-in config */
confname = defconfname;
break;
case 's': /* side wide config */
/* this is the default **/
break;
case 'a': /* set all flag */
allflag = 1;
break;
case 'l': /* local config file */
refconfig = dupconfig (config); /* duplicate current config */
confname = LOCALCONF_FILE;
if ( fileexist (LOCALCONF_FILE) ) /* try to load local config file */
{
dbg_val ("Load local config file \"%s\"\n", LOCALCONF_FILE);
config = loadconfig (LOCALCONF_FILE, config);
}
else if ( !writeflag )
usage ("error: no local config file found");
break;
case 't': /* test config */
testflag = 1;
break;
case 'v': /* version */
fprintf (stderr, "%s version %s compiled for BIND version %d\n",
progname, ZKT_VERSION, BIND_VERSION);
fprintf (stderr, "ZKT %s\n", ZKT_COPYRIGHT);
return 0;
break;
case 'w': /* write back conf file */
writeflag = 1;
break;
case 'h': /* print help */
usage ("");
break;
case ':':
snprintf (str, sizeof(str), "option \"-%c\" requires an argument.",
optopt);
usage (str);
break;
case '?':
if ( isprint (optopt) )
snprintf (str, sizeof(str), "Unknown option \"-%c\".",
optopt);
else
snprintf (str, sizeof (str), "Unknown option char \\x%x.",
optopt);
usage (str);
break;
default:
abort();
}
}
c = optind;
if ( c >= argc ) /* no arguments given on commandline */
{
if ( testflag )
{
if ( checkconfig (config) )
fprintf (stderr, "All config file parameter seems to be ok\n");
}
else
{
if ( !writeflag ) /* print to stdout */
confname = "stdout";
if ( refconfig ) /* have we seen a local config file ? */
if ( allflag )
printconfig (confname, config);
else
printconfigdiff (confname, refconfig, config);
else
printconfig (confname, config);
}
}
else /* command line argument found: use it as name of zone file */
{
long minttl;
long maxttl;
int keydbfound;
char *dnskeydb;
file = argv[c++];
dnskeydb = config->keyfile;
minttl = 0x7FFFFFFF;
maxttl = 0;
keydbfound = parsezonefile (file, &minttl, &maxttl, dnskeydb);
if ( keydbfound < 0 )
error ("can't parse zone file %s\n", file);
if ( dnskeydb && !keydbfound )
{
if ( writeflag )
{
addkeydb (file, dnskeydb);
printf ("\"$INCLUDE %s\" directive added to \"%s\"\n", dnskeydb, file);
}
else
printf ("\"$INCLUDE %s\" should be added to \"%s\" (run with option -w)\n",
dnskeydb, file);
}
if ( minttl < (10 * MINSEC) )
fprintf (stderr, "Min_TTL of %s (%ld seconds) is too low to use it in a signed zone (see RFC4641)\n",
timeint2str (minttl), minttl);
else
fprintf (stderr, "Min_TTL:\t%s\t# (%ld seconds)\n", timeint2str (minttl), minttl);
fprintf (stdout, "Max_TTL:\t%s\t# (%ld seconds)\n", timeint2str (maxttl), maxttl);
if ( writeflag )
{
refconfig = dupconfig (config); /* duplicate current config */
confname = LOCALCONF_FILE;
if ( fileexist (LOCALCONF_FILE) ) /* try to load local config file */
{
dbg_val ("Load local config file \"%s\"\n", LOCALCONF_FILE);
config = loadconfig (LOCALCONF_FILE, config);
}
setconfigpar (config, "Max_TTL", &maxttl);
printconfigdiff (confname, refconfig, config);
}
}
return 0;
}
static void printconfigline (FILE *fp, zconf_para_t *cp)
{
int i;
long lval;
assert (fp != NULL);
assert (cp != NULL);
switch ( cp->type )
{
case CONF_COMMENT:
if ( cp->var )
fprintf (fp, "# %s\n", (char *)cp->var);
else
fprintf (fp, "\n");
break;
case CONF_LEVEL:
case CONF_FACILITY:
if ( *(char **)cp->var != NULL )
{
if ( **(char **)cp->var != '\0' )
{
char *p;
fprintf (fp, "%s:\t", cp->label);
for ( p = *(char **)cp->var; *p; p++ )
putc (toupper (*p), fp);
fprintf (fp, "\n");
}
else
fprintf (fp, "%s:\tNONE", cp->label);
}
break;
case CONF_STRING:
if ( *(char **)cp->var )
fprintf (fp, "%s:\t\"%s\"\n", cp->label, *(char **)cp->var);
break;
case CONF_BOOL:
fprintf (fp, "%s:\t%s\n", cp->label, bool2str ( *(int*)cp->var ));
break;
case CONF_TIMEINT:
lval = *(ulong*)cp->var; /* in that case it should be of type ulong */
fprintf (fp, "%s:\t%s", cp->label, timeint2str (lval));
if ( lval )
fprintf (fp, "\t# (%ld seconds)", lval);
putc ('\n', fp);
break;
case CONF_ALGO:
i = *(int*)cp->var;
if ( i )
{
fprintf (fp, "%s:\t%s", cp->label, dki_algo2str (i));
fprintf (fp, "\t# (Algorithm ID %d)\n", i);
}
break;
case CONF_SERIAL:
fprintf (fp, "%s:\t", cp->label);
if ( *(serial_form_t*)cp->var == Unixtime )
fprintf (fp, "unixtime\n");
else
fprintf (fp, "incremental\n");
break;
case CONF_INT:
fprintf (fp, "%s:\t%d\n", cp->label, *(int *)cp->var);
break;
case CONF_END:
/* NOTREACHED */
break;
}
}
