int
handled_policy_import_cmd(int sockfd, engine_type* engine, const char *cmd,
ssize_t n)
{
const char *scmd = "policy import";
cmd = ods_check_command(cmd,n,scmd);
if (!cmd)
return 0; // not handled
ods_log_debug("[%s] %s command", module_str, scmd);
time_t tstart = time(NULL);
/* perform_policy_import(sockfd, engine->config); */
perform_update_kasp(sockfd, engine->config);
//TODO: Need error checking so we only do this if the update succeeds
perform_hsmkey_gen(sockfd, engine->config, 0 /* automatic */,
engine->config->automatic_keygen_duration);
flush_all_tasks(sockfd, engine);
ods_printf(sockfd,"%s completed in %ld seconds.\n",scmd,time(NULL)-tstart);
return 1;
}
int handled_zone_del_cmd(int sockfd, engine_type* engine, const char *cmd,
ssize_t n)
{
const char *scmd = "zone delete";
cmd = ods_check_command(cmd,n,scmd);
if (!cmd)
return 0; // not handled
ods_log_debug("[%s] %s command", module_str, scmd);
std::string zone;
int need_write_xml = 0;
if (!get_arguments(sockfd,cmd,zone, need_write_xml)) {
help_zone_del_cmd(sockfd);
return 1;
}
time_t tstart = time(NULL);
perform_zone_del(sockfd,engine->config, zone.c_str(), need_write_xml, false);
ods_printf(sockfd,"%s completed in %ld seconds.\n",scmd,time(NULL)-tstart);
return 1;
}
int
handled_update_all_cmd(int sockfd, engine_type* engine, const char *cmd,
ssize_t n)
{
const char *scmd = "update all";
cmd = ods_check_command(cmd,n,scmd);
if (!cmd) return 0; // not handled
ods_log_debug("[%s] %s command", module_str, scmd);
// check that we are using a compatible protobuf version.
GOOGLE_PROTOBUF_VERIFY_VERSION;
time_t tstart = time(NULL);
autostart(engine);
/* Check all files for errors. The perform_update_*()
* functions check as well but this gives us all or nothing.
* Plus we get a complete check of the files mentioned in the
* conf which need not be the same as the files in use by the
* running enforcer!*/
char *kasp = NULL;
char *zonelist = NULL;
char **replist = NULL;
int repcount, i;
int error = 1;
if (check_conf(engine->config->cfg_filename, &kasp,
&zonelist, &replist, &repcount, 0))
ods_log_error_and_printf(sockfd, module_str,
"Unable to validate '%s' consistency.",
engine->config->cfg_filename);
else if (check_kasp(kasp, replist, repcount, 0))
ods_log_error_and_printf(sockfd, module_str,
"Unable to validate '%s' consistency.", kasp);
else if (check_zonelist(zonelist, 0))
ods_log_error_and_printf(sockfd, module_str,
"Unable to validate '%s' consistency.", zonelist);
else error = 0;
free(kasp);
free(zonelist);
if (replist) {
for (i = 0; i < repcount; i++) free(replist[i]);
}
if (!error)
error |= perform_update_repositorylist(sockfd, engine);
if (!error)
error |= perform_update_kasp(sockfd, engine->config);
if (!error)
error |= perform_update_keyzones(sockfd, engine->config);
if (!error) {
perform_update_hsmkeys(sockfd, engine->config, 0 /* automatic */);
perform_hsmkey_gen(sockfd, engine->config, 0 /* automatic */,
engine->config->automatic_keygen_duration);
flush_all_tasks(sockfd, engine);
}
ods_printf(sockfd, "%s completed in %ld seconds.\n",scmd,time(NULL)-tstart);
return 1;
}
int handled_keystate_list_cmd(int sockfd, engine_type* engine, const char *cmd,
ssize_t n)
{
char buf[ODS_SE_MAXLINE];
const char *argv[8];
const int NARGV = sizeof(argv)/sizeof(char*);
int argc;
const char *scmd = "key list";
cmd = ods_check_command(cmd,n,scmd);
if (!cmd)
return 0; // not handled
ods_log_debug("[%s] %s command", module_str, scmd);
// Use buf as an intermediate buffer for the command.
strncpy(buf,cmd,sizeof(buf));
buf[sizeof(buf)-1] = '\0';
// separate the arguments
argc = ods_str_explode(buf,NARGV,argv);
if (argc > NARGV) {
ods_log_warning("[%s] too many arguments for %s command",
module_str,scmd);
ods_printf(sockfd,"too many arguments\n");
help_keystate_list_cmd(sockfd);
return 1; // errors, but handled
}
bool bVerbose = ods_find_arg(&argc,argv,"verbose","v") != -1;
bool bDebug = ods_find_arg(&argc,argv,"debug","d") != -1;
if (argc) {
ods_log_warning("[%s] unknown arguments for %s command",
module_str,scmd);
ods_printf(sockfd,"unknown arguments\n");
help_keystate_list_cmd(sockfd);
return 1; // errors, but handled
}
time_t tstart = time(NULL);
perform_keystate_list(sockfd, engine->config, bVerbose, bDebug);
ods_printf(sockfd,"%s completed in %ld seconds.\n",scmd,time(NULL)-tstart);
return 1;
}
int handled_zone_list_cmd(int sockfd, engine_type* engine, const char *cmd,
ssize_t n)
{
const char *scmd = "zone list";
cmd = ods_check_command(cmd,n,scmd);
if (!cmd)
return 0; // not handled
ods_log_debug("[%s] %s command", module_str, scmd);
time_t tstart = time(NULL);
perform_zone_list(sockfd,engine->config);
ods_printf(sockfd,"%s completed in %ld seconds.\n",scmd,time(NULL)-tstart);
return 1;
}
/* Delete any policies with no zones */
int
handled_policy_purge_cmd(int sockfd, engine_type* engine, const char *cmd,
ssize_t n){
const char *scmd = "policy purge";
cmd = ods_check_command(cmd,n,scmd);
if (!cmd)
return 0; // not handled
// TODO: Should we require a confirmation here?
ods_log_debug("[%s] %s command", module_str, scmd);
time_t tstart = time(NULL);
perform_policy_purge(sockfd, engine->config);
ods_printf(sockfd, "%s completed in %ld seconds.\n",scmd,time(NULL)-tstart);
return 1;
}
static int
run(int sockfd, engine_type* engine, const char *cmd, ssize_t n,
db_connection_t *dbconn)
{
#define NARGV 8
char buf[ODS_SE_MAXLINE];
const char *argv[NARGV];
int argc;
const char *zone = NULL;
(void)engine;
ods_log_debug("[%s] %s command", module_str, rollover_list_funcblock()->cmdname);
cmd = ods_check_command(cmd, n, rollover_list_funcblock()->cmdname);
/* Use buf as an intermediate buffer for the command.*/
strncpy(buf, cmd,sizeof(buf));
buf[sizeof(buf)-1] = '\0';
/* separate the arguments*/
argc = ods_str_explode(buf, NARGV, argv);
if (argc > NARGV) {
ods_log_warning("[%s] too many arguments for %s command",
module_str, rollover_list_funcblock()->cmdname);
client_printf(sockfd,"too many arguments\n");
return -1;
}
(void)ods_find_arg_and_param(&argc,argv,"zone","z",&zone);
if (argc) {
ods_log_warning("[%s] unknown arguments for %s command",
module_str, rollover_list_funcblock()->cmdname);
client_printf(sockfd,"unknown arguments\n");
return -1;
}
return perform_rollover_list(sockfd, zone, dbconn);
}
static int
handles(const char *cmd, ssize_t n)
{
return ods_check_command(cmd, n, rollover_list_funcblock()->cmdname)?1:0;
}
int handled_keystate_ds_seen_cmd(int sockfd, engine_type* engine,
const char *cmd, ssize_t n)
{
char buf[ODS_SE_MAXLINE];
const char *argv[8];
const int NARGV = sizeof(argv)/sizeof(char*);
int argc;
const char *scmd = "key ds-seen";
cmd = ods_check_command(cmd,n,scmd);
if (!cmd)
return 0; // not handled
ods_log_debug("[%s] %s command", module_str, scmd);
// Use buf as an intermediate buffer for the command.
strncpy(buf,cmd,sizeof(buf));
buf[sizeof(buf)-1] = '\0';
// separate the arguments
argc = ods_str_explode(buf,NARGV,argv);
if (argc > NARGV) {
ods_log_warning("[%s] too many arguments for %s command",
module_str,scmd);
ods_printf(sockfd,"too many arguments\n");
return 1; // errors, but handled
}
const char *zone = NULL;
const char *cka_id = NULL;
const char *keytag = NULL;
(void)ods_find_arg_and_param(&argc,argv,"zone","z",&zone);
(void)ods_find_arg_and_param(&argc,argv,"cka_id","k",&cka_id);
(void)ods_find_arg_and_param(&argc,argv,"keytag","x",&keytag);
// Check for unknown parameters on the command line
if (argc) {
ods_log_warning("[%s] unknown arguments for %s command",
module_str,scmd);
ods_printf(sockfd,"unknown arguments\n");
help_keystate_ds_seen_cmd(sockfd);
return 1; // errors, but handled
}
// Check for too many parameters on the command line
if (argc > NARGV) {
ods_log_warning("[%s] too many arguments for %s command",
module_str,scmd);
ods_printf(sockfd,"too many arguments\n");
help_keystate_ds_seen_cmd(sockfd);
return 1; // errors, but handled
}
// Either no option or combi of zone & cka_id or zone & keytag needs to be
// present. But not both cka_id and keytag
uint16_t nkeytag = 0;
if (zone || cka_id || keytag) {
if (!zone) {
ods_log_warning("[%s] expected option --zone <zone> for %s command",
module_str,scmd);
ods_printf(sockfd,"expected --zone <zone> option\n");
help_keystate_ds_seen_cmd(sockfd);
return 1; // errors, but handled
}
if (!cka_id && !keytag) {
ods_log_warning("[%s] expected option --cka_id <cka_id> or "
"--keytag <keytag> for %s command",
module_str,scmd);
ods_printf(sockfd,"expected --cka_id <cka_id> or "
"--keytag <keytag> option\n");
help_keystate_ds_seen_cmd(sockfd);
return 1; // errors, but handled
} else {
if (cka_id && keytag) {
ods_log_warning("[%s] both --cka_id <cka_id> and --keytag <keytag> given, "
"please only specify one for %s command",
module_str,scmd);
ods_printf(sockfd,
"both --cka_id <cka_id> and --keytag <keytag> given, "
"please only specify one\n");
help_keystate_ds_seen_cmd(sockfd);
return 1; // errors, but handled
}
}
if (keytag) {
int kt = atoi(keytag);
if (kt<=0 || kt>=65536) {
ods_log_warning("[%s] value \"%s\" for --keytag is invalid",
module_str,keytag);
ods_printf(sockfd,
"value \"%s\" for --keytag is invalid\n",
keytag);
return 1; // errors, but handled
}
nkeytag = (uint16_t )kt;
}
}
time_t tstart = time(NULL);
perform_keystate_ds_seen(sockfd,engine->config,zone,cka_id,nkeytag);
ods_printf(sockfd,"%s completed in %ld seconds.\n",scmd,time(NULL)-tstart);
flush_enforce_task(engine);
return 1;
}
static int
run(int sockfd, engine_type* engine, const char *cmd, ssize_t n,
db_connection_t *dbconn) {
char buf[ODS_SE_MAXLINE];
#define NARGV 12
const char *argv[NARGV];
int success, argIndex;
int argc, bVerbose, bDebug, bParsable, bAll;
char* keytypeParam;
char* keystateParam;
const char* filterZone; /* NULL if no filtering on zone, otherwise zone to match */
char** filterKeytype; /* NULL if no filtering on key type, NULL terminated list of key types to filter */
char** filterKeystate; /* NULL if no filtering on key state, NULL terminated list of key states to filter */
(void) engine;
ods_log_debug("[%s] %s command", module_str, key_list_funcblock()->cmdname);
cmd = ods_check_command(cmd, n, key_list_funcblock()->cmdname);
/* Use buf as an intermediate buffer for the command. */
strncpy(buf, cmd, sizeof (buf));
buf[sizeof (buf) - 1] = '\0';
/* separate the arguments */
argc = ods_str_explode(buf, NARGV, argv);
if (argc > NARGV) {
ods_log_warning("[%s] too many arguments for %s command",
module_str, key_list_funcblock()->cmdname);
client_printf(sockfd, "too many arguments\n");
return -1;
}
bVerbose = ods_find_arg(&argc, argv, "verbose", "v") != -1;
bDebug = ods_find_arg(&argc, argv, "debug", "d") != -1;
bParsable = ods_find_arg(&argc, argv, "parsable", "p") != -1;
if ((argIndex = ods_find_arg_and_param(&argc, argv, "zone", "z", &filterZone)) == -1) {
filterZone = NULL;
}
if (ods_find_arg_and_param(&argc, argv, "keytype", "k", (const char **)&keytypeParam) == -1) {
keytypeParam = NULL;
}
if (ods_find_arg_and_param(&argc, argv, "keystate", "e", (const char **)&keystateParam) == -1) {
keystateParam = NULL;
}
bAll = (ods_find_arg(&argc, argv, "all", "a") != -1);
if (keystateParam != NULL && bAll) {
client_printf(sockfd, "Error: --keystate and --all option cannot be given together\n");
return -1;
}
if (argc) {
ods_log_warning("[%s] unknown arguments for %s command", module_str, key_list_funcblock()->cmdname);
client_printf(sockfd, "unknown arguments\n");
return -1;
}
if (keytypeParam)
filterKeytype = tokenizeparam(keytypeParam);
else
filterKeytype = NULL;
if (keystateParam) {
filterKeystate = tokenizeparam(keystateParam);
} else
filterKeystate = NULL;
if (bAll) {
if (filterKeystate != NULL) {
free(filterKeystate);
}
filterKeystate = NULL;
} else if(filterKeystate == NULL) {
if ((filterKeystate = malloc(sizeof (char*) * 6))) {
filterKeystate[0] = (char *)"publish";
filterKeystate[1] = (char *)"ready";
filterKeystate[2] = (char *)"active";
filterKeystate[3] = (char *)"retire";
filterKeystate[4] = (char *)"mixed";
filterKeystate[5] = NULL;
} /* else emit error */
}
if (bDebug) {
if (bParsable) {
success = perform_keystate_list(sockfd, dbconn, filterZone, filterKeytype, filterKeystate, NULL, &printdebugparsablekey);
} else {
success = perform_keystate_list(sockfd, dbconn, filterZone, filterKeytype, filterKeystate, &printdebugheader, &printdebugkey);
}
} else if (bVerbose) {
if (bParsable) {
success = perform_keystate_list(sockfd, dbconn, filterZone, filterKeytype, filterKeystate, NULL, &printverboseparsablekey);
} else {
success = perform_keystate_list(sockfd, dbconn, filterZone, filterKeytype, filterKeystate, &printverboseheader, &printverbosekey);
}
} else {
success = perform_keystate_list(sockfd, dbconn, filterZone, filterKeytype, filterKeystate, &printcompatheader, &printcompatkey);
}
if (filterKeytype)
free(filterKeytype);
if (filterKeystate)
free(filterKeystate);
return success;
}
static int
handles(const char *cmd, ssize_t n)
{
return ods_check_command(cmd, n, signconf_funcblock()->cmdname) ? 1 : 0;
}
