38 #include "clientpipe.h" 45 #include "libhsmdns.h" 49 static const char *module_str =
"keystate_ds_x_cmd";
58 get_dnskey(
const char *
id,
const char *
zone,
int alg, uint32_t ttl)
61 hsm_sign_params_t *sign_params;
64 hsm_ctx_t *hsm_ctx = hsm_create_context();
69 if (!(key = hsm_find_key_by_id(hsm_ctx,
id))) {
70 hsm_destroy_context(hsm_ctx);
76 sign_params = hsm_sign_params_new();
77 sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, zone);
78 sign_params->algorithm = (ldns_algorithm) alg;
79 sign_params->flags = LDNS_KEY_ZONE_KEY | LDNS_KEY_SEP_KEY;
82 dnskey_rr = hsm_get_dnskey(hsm_ctx, key, sign_params);
85 hsm_sign_params_free(sign_params);
86 hsm_destroy_context(hsm_ctx);
89 if (ttl) ldns_rr_set_ttl(dnskey_rr, ttl);
96 exec_dnskey_by_id(
int sockfd,
key_data_t *key,
const char* ds_command,
100 int ttl = 0, status, i;
102 char *rrstr, *chrptr;
104 struct stat stat_ret;
112 ods_log_error_and_printf(sockfd, module_str,
113 "Error fetching from database");
133 if (!dnskey_rr)
return 2;
135 rrstr = ldns_rr2str(dnskey_rr);
138 for (i = 0; rrstr[i]; ++i) {
139 if (rrstr[i] ==
'\t') rrstr[i] =
' ';
144 if ((chrptr = strchr(rrstr,
';'))) {
149 if (!ds_command || ds_command[0] ==
'\0') {
150 ods_log_error_and_printf(sockfd, module_str,
151 "No \"DelegationSigner%sCommand\" " 152 "configured.", action);
155 pos = strstr(ds_command,
" --cka_id");
159 rrstr[strlen(rrstr)-1] =
'\0';
163 if (stat(ds_command, &stat_ret) != 0) {
164 ods_log_error_and_printf(sockfd, module_str,
165 "Cannot stat file %s: %s", ds_command,
168 }
else if (S_ISREG(stat_ret.st_mode) &&
169 !(stat_ret.st_mode & S_IXUSR ||
170 stat_ret.st_mode & S_IXGRP ||
171 stat_ret.st_mode & S_IXOTH)) {
175 ods_log_error_and_printf(sockfd, module_str,
176 "File %s is not executable", ds_command);
179 FILE *fp = popen(ds_command,
"w");
182 ods_log_error_and_printf(sockfd, module_str,
183 "failed to run command: %s: %s",ds_command,
188 bytes_written = fprintf(fp,
"%s; {cka_id = %s}\n", rrstr, locator);
190 bytes_written = fprintf(fp,
"%s", rrstr);
191 if (bytes_written < 0) {
193 ods_log_error_and_printf(sockfd, module_str,
194 "[%s] Failed to write to %s: %s", ds_command,
196 }
else if (pclose(fp) == -1) {
198 ods_log_error_and_printf(sockfd, module_str,
199 "failed to close %s: %s", ds_command,
202 client_printf(sockfd,
"key %sed to %s\n",
210 ldns_rr_free(dnskey_rr);
217 const char* ds_submit_command;
219 return exec_dnskey_by_id(sockfd, key, ds_submit_command,
"submit");
225 const char* ds_retract_command;
227 return exec_dnskey_by_id(sockfd, key, ds_retract_command,
"retract");
234 const char *fmth =
"%-31s %-13s %-13s %-40s\n";
235 const char *fmtl =
"%-31s %-13s %-13u %-40s\n";
266 client_printf(sockfd, fmth,
"Zone:",
"Key role:",
"Keytag:",
"Id:");
273 client_printf(sockfd, fmtl,
319 if (!keystate)
return 1;
334 keystate = keystate_next;
343 const char *zonename,
const hsm_key_t* hsmkey,
int keytag,
350 int status = 0, key_match = 0, key_mod = 0;
358 push_clauses(clause_list, zone, state_from, hsmkey, keytag) ||
364 client_printf_err(sockfd,
"Could not find ksk for zone %s, " 365 "does zone exist?\n", zonename);
366 ods_log_error(
"[%s] Error fetching from database", module_str);
380 ods_log_error(
"[%s] Error fetching from database", module_str);
391 (void)submit_dnskey_by_id(sockfd, key, engine);
395 (void)retract_dnskey_by_id(sockfd, key, engine);
403 client_printf(sockfd,
"[%s] Error writing to database", module_str);
412 client_printf(sockfd,
"%d KSK matches found.\n", key_match);
413 if (!key_match) status = 11;
414 client_printf(sockfd,
"%d KSKs changed.\n", key_mod);
424 get_args(
int sockfd,
const char *cmd, ssize_t n,
const char **zone,
425 const char **cka_id,
int *keytag,
int *all,
char *buf)
429 const char *argv[
NARGV], *tag;
438 strncpy(buf, cmd, ODS_SE_MAXLINE);
439 argc = ods_str_explode(buf,
NARGV, argv);
440 buf[
sizeof(buf)-1] =
'\0';
444 client_printf_err(sockfd,
"too many arguments for %s command\n",
446 client_printf_err(sockfd,
"expected --zone and either --cka_id or " 447 "--keytag option.\n");
451 (void)ods_find_arg_and_param(&argc, argv,
"zone",
"z", zone);
452 (void)ods_find_arg_and_param(&argc, argv,
"cka_id",
"k", cka_id);
453 (void)ods_find_arg_and_param(&argc, argv,
"keytag",
"x", &tag);
454 *all = ods_find_arg(&argc, argv,
"all",
"a") > -1 ? 1 : 0;
457 client_printf_err(sockfd,
"Unknown arguments\n");
463 if (*keytag < 0 || *keytag >= 65536) {
465 module_str, *keytag);
466 client_printf(sockfd,
"value \"%d\" for --keytag is invalid\n",
480 const char *zonename, *cka_id;
484 char buf[ODS_SE_MAXLINE];
488 if (get_args(sockfd, cmd, n, &zonename, &cka_id, &keytag, &all, buf)) {
492 if (!all && !zonename && !cka_id && keytag == -1) {
493 return ds_list_keys(dbconn, sockfd, state_from);
496 if (all && zonename) {
497 ods_log_warning (
"[%s] Error: Unable to use --zone and --all together", module_str);
498 client_printf_err(sockfd,
"Error: Unable to use --zone and --all together\n");
503 ods_log_warning (
"[%s] Error: Unable to find a zone named \"%s\" in database\n", module_str, zonename);
504 client_printf_err(sockfd,
"Error: Unable to find a zone named \"%s\" in database\n", zonename);
511 if (!zonename && (keytag != -1 || cka_id)) {
513 client_printf_err(sockfd,
"Error: expected --zone <zone>\n");
517 if (!(zonename && ((cka_id && keytag == -1) || (!cka_id && keytag != -1))) && !all)
520 "--keytag option or expected --all", module_str);
521 client_printf_err(sockfd,
"expected --zone and either --cka_id or " 522 "--keytag option or expected --all.\n");
528 client_printf_err(sockfd,
"CKA_ID %s can not be found!\n", cka_id);
532 state_from, state_to, engine);
const char * key_data_role_text(const key_data_t *key_data)
const char * delegation_signer_submit_command
hsm_key_t * key_data_get_hsm_key(const key_data_t *key_data)
db_clause_list_t * db_clause_list_new(void)
db_clause_t * key_data_keytag_clause(db_clause_list_t *clause_list, unsigned int keytag)
int key_data_list_get_by_clauses(key_data_list_t *key_data_list, const db_clause_list_t *clause_list)
int zone_update(zone_t *zone)
key_state_t * key_state_list_get_next(key_state_list_t *key_state_list)
key_state_list_t * key_data_key_state_list(key_data_t *key_data)
int db_clause_set_type(db_clause_t *clause, db_clause_type_t type)
enum key_data_ds_at_parent key_data_ds_at_parent_t
int zone_get_by_name(zone_t *zone, const char *name)
void ods_log_error(const char *format,...)
unsigned int key_data_keytag(const key_data_t *key_data)
key_data_t * key_data_list_get_next(key_data_list_t *key_data_list)
const char * delegation_signer_retract_command
db_clause_t * key_data_hsm_key_id_clause(db_clause_list_t *clause_list, const db_value_t *hsm_key_id)
void zone_free(zone_t *zone)
void db_clause_list_free(db_clause_list_t *clause_list)
int key_state_update(key_state_t *key_state)
engineconfig_type * config
db_clause_t * key_data_zone_id_clause(db_clause_list_t *clause_list, const db_value_t *zone_id)
void key_state_free(key_state_t *key_state)
zone_t * zone_new(const db_connection_t *connection)
const key_data_t * key_data_list_next(key_data_list_t *key_data_list)
int key_data_cache_key_states(key_data_t *key_data)
const char * hsm_key_locator(const hsm_key_t *hsm_key)
zone_t * zone_new_get_by_name(const db_connection_t *connection, const char *name)
key_data_list_t * key_data_list_new(const db_connection_t *connection)
zone_t * key_data_get_zone(const key_data_t *key_data)
key_data_list_t * key_data_list_new_get_by_clauses(const db_connection_t *connection, const db_clause_list_t *clause_list)
unsigned int key_state_ttl(const key_state_t *key_state)
const char * zone_name(const zone_t *zone)
db_clause_t * key_data_role_clause(db_clause_list_t *clause_list, key_data_role_t role)
int run_ds_cmd(int sockfd, const char *cmd, ssize_t n, db_connection_t *dbconn, key_data_ds_at_parent_t state_from, key_data_ds_at_parent_t state_to, engine_type *engine)
int key_data_cache_hsm_key(key_data_t *key_data)
void key_data_list_free(key_data_list_t *key_data_list)
db_clause_t * key_data_ds_at_parent_clause(db_clause_list_t *clause_list, key_data_ds_at_parent_t ds_at_parent)
const key_state_t * key_data_cached_dnskey(key_data_t *key_data)
key_state_t * key_state_list_get_begin(key_state_list_t *key_state_list)
void key_data_free(key_data_t *key_data)
const db_value_t * zone_id(const zone_t *zone)
int key_data_set_ds_at_parent(key_data_t *key_data, key_data_ds_at_parent_t ds_at_parent)
void hsm_key_free(hsm_key_t *hsm_key)
int key_data_retrieve_key_state_list(key_data_t *key_data)
const hsm_key_t * key_data_hsm_key(const key_data_t *key_data)
unsigned int key_data_algorithm(const key_data_t *key_data)
int key_data_update(key_data_t *key_data)
const db_value_t * hsm_key_id(const hsm_key_t *hsm_key)
void ods_log_warning(const char *format,...)
hsm_key_t * hsm_key_new_get_by_locator(const db_connection_t *connection, const char *locator)
int change_keys_from_to(db_connection_t *dbconn, int sockfd, const char *zonename, const hsm_key_t *hsmkey, int keytag, key_data_ds_at_parent_t state_from, key_data_ds_at_parent_t state_to, engine_type *engine)