OpenDNSSEC-enforcer 2.1.13
zone_add_cmd.c
Go to the documentation of this file.
1/*
2 * Copyright (c) 2014 .SE (The Internet Infrastructure Foundation).
3 * Copyright (c) 2014 OpenDNSSEC AB (svb)
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
19 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
21 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
23 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
25 * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 *
27 */
28
29#include "config.h"
30
31#include "daemon/engine.h"
32#include "cmdhandler.h"
34#include "file.h"
35#include "str.h"
36#include "log.h"
37#include "clientpipe.h"
38#include "longgetopt.h"
39#include "db/policy.h"
40#include "db/zone_db.h"
44
46
47#include <limits.h>
48#include <getopt.h>
49
50static const char *module_str = "zone_add_cmd";
51
52static void
53usage(int sockfd)
54{
55 client_printf(sockfd,
56 "zone add\n"
57 " --zone <zone> aka -z\n"
58 " [--policy <policy>] aka -p\n"
59 " [--signerconf <path>] aka -s\n"
60 " [--in-type <type>] aka -j\n"
61 );
62 client_printf(sockfd,
63 " [--input <path>] aka -i\n"
64 " [--out-type <type>] aka -q\n"
65 " [--output <path>] aka -o\n"
66 " [--xml] aka -u\n"
67 );
68}
69
70static void
71help(int sockfd)
72{
73 client_printf(sockfd,
74 "Add a new zone to the enforcer database.\n"
75 "\nOptions:\n"
76 "zone name of the zone\n"
77 "policy name of the policy, if not set the default policy is used\n"
78 "signerconf specify a location for signer configuration file, default is /var/lib/opendnssec/signconf/\n"
79 "in-type specify the type of input, should be DNS or File, default is File \n"
80 "input specify a location for the unsigned zone, this location is set in conf.xml, default for File Adapter is /var/lib/opendnssec/unsigned/ and for DNS Adapter is /etc/opendnssec/addns.xml \n"
81 "out-type specify the type of output, should be DNS or File, default is File\n"
82 "output specify a location for the signed zone, this location is set in conf.xml, default path for File Adapter is /var/lib/opendnssec/signed/ and for DNS Adapter is /etc/opendnssec/addns.xml \n"
83 "xml update the zonelist.xml file\n\n"
84 );
85}
86
87static int
88run(cmdhandler_ctx_type* context, int argc, char* argv[])
89{
90 int sockfd = context->sockfd;
91 struct longgetopt optctx;
92 const char *zone_name = NULL;
93 const char *policy_name = NULL;
94 const char *signconf = NULL;
95 const char *input = NULL;
96 const char *output = NULL;
97 const char *input_type = NULL;
98 const char *output_type = NULL;
99 char path[PATH_MAX];
100 int write_xml = 0;
102 zone_db_t* zone;
103 int ret = 0;
104 int suspend = 0;
105 int long_index = 0, opt = 0;
106 db_connection_t* dbconn = getconnectioncontext(context);
107 engine_type* engine = getglobalcontext(context);
108
109 static struct option long_options[] = {
110 {"zone", required_argument, 0, 'z'},
111 {"policy", required_argument, 0, 'p'},
112 {"signerconf", required_argument, 0, 's'},
113 {"input", required_argument, 0, 'i'},
114 {"output", required_argument, 0, 'o'},
115 {"in-type", required_argument, 0, 'j'},
116 {"out-type", required_argument, 0, 'q'},
117 {"xml", no_argument, 0, 'u'},
118 {"suspend", no_argument, 0, 'n'},
119 {0, 0, 0, 0}
120 };
121
122 for(opt = longgetopt(argc, argv, "z:p:s:i:o:j:q:un", long_options, &long_index, &optctx); opt != -1;
123 opt = longgetopt(argc, argv, NULL, long_options, &long_index, &optctx)) {
124 switch (opt) {
125 case 'z':
126 zone_name = optctx.optarg;
127 break;
128 case 'p':
129 policy_name = optctx.optarg;
130 break;
131 case 's':
132 signconf = optctx.optarg;
133 break;
134 case 'i':
135 input = optctx.optarg;
136 break;
137 case 'o':
138 output = optctx.optarg;
139 break;
140 case 'j':
141 input_type = optctx.optarg;
142 break;
143 case 'q':
144 output_type = optctx.optarg;
145 break;
146 case 'u':
147 write_xml = 1;
148 break;
149 case 'n':
150 suspend = 1;
151 break;
152 default:
153 client_printf_err(sockfd, "unknown arguments\n");
154 ods_log_error("[%s] unknown arguments for zone add command", module_str);
155 return -1;
156 }
157 }
158
159 if (!zone_name) {
160 client_printf_err(sockfd, "expected option --zone <zone>\n");
161 return -1;
162 }
163
164 if ((zone = zone_db_new_get_by_name(dbconn, zone_name))) {
165 client_printf_err(sockfd, "Unable to add zone, zone already exists!\n");
166 zone_db_free(zone);
167 return 1;
168 }
169
170 if (!(policy = policy_new_get_by_name(dbconn, (policy_name ? policy_name : "default")))) {
171 client_printf_err(sockfd, "Unable to find policy %s needed for adding the zone!\n", (policy_name ? policy_name : "default"));
172 return 1;
173 }
174
175 if (!(zone = zone_db_new(dbconn))) {
176 client_printf_err(sockfd, "Unable to add zone, memory allocation problem!\n");
177 }
178 if (zone_db_set_name(zone, zone_name)) {
179 client_printf_err(sockfd, "Unable to add zone, failed to set zone name!\n");
180 }
182 client_printf_err(sockfd, "Unable to add zone, failed to set policy!\n");
183 }
184 if (input_type) {
185 if (!strcasecmp(input_type, "DNS"))
186 input_type = "DNS";
187 else if (!strcasecmp(input_type, "File"))
188 input_type = "File";
189 else {
190 client_printf_err(sockfd, "Unable to add zone, %s is not a valid input type! in_type must be File or DNS.\n", input_type);
191 return 1;
192 }
193 if (zone_db_set_input_adapter_type(zone, input_type)) {
194 client_printf_err(sockfd, "Unable to add zone, failed to set input type!\n");
195 }
196 }
197 if (input) {
198 if (input[0] == '/') {
199 if (zone_db_set_input_adapter_uri(zone, input)) {
200 client_printf_err(sockfd, "Unable to add zone, failed to set input!\n");
201 }
202 }
203 else {
204 if (input_type && !strcasecmp(input_type, "DNS")) {
205 if (snprintf(path, sizeof(path), "%s/%s", OPENDNSSEC_CONFIG_DIR, input) >= (int)sizeof(path)
206 || zone_db_set_input_adapter_uri(zone, path))
207 {
208 client_printf_err(sockfd, "Unable to add zone, failed to set input!\n");
209 }
210 }
211 else {
212 if (snprintf(path, sizeof(path), "%s/unsigned/%s", OPENDNSSEC_STATE_DIR, input) >= (int)sizeof(path)
213 || zone_db_set_input_adapter_uri(zone, path))
214 {
215 client_printf_err(sockfd, "Unable to add zone, failed to set input!\n");
216 }
217 }
218 }
219 }
220 else {
221 if (input_type && !strcasecmp(input_type, "DNS")) {
222 if (snprintf(path, sizeof(path), "%s/addns.xml", OPENDNSSEC_CONFIG_DIR) >= (int)sizeof(path)
223 || zone_db_set_input_adapter_uri(zone, path))
224 {
225 client_printf_err(sockfd, "Unable to add zone, failed to set input!\n");
226 }
227 }
228 else {
229 if (snprintf(path, sizeof(path), "%s/unsigned/%s", OPENDNSSEC_STATE_DIR, zone_name) >= (int)sizeof(path)
230 || zone_db_set_input_adapter_uri(zone, path))
231 {
232 client_printf_err(sockfd, "Unable to add zone, failed to set input!\n");
233 }
234 }
235 }
236 client_printf(sockfd, "input is set to %s. \n", zone_db_input_adapter_uri(zone));
237 if (access(zone_db_input_adapter_uri(zone), F_OK) == -1) {
238 client_printf_err(sockfd, "WARNING: The input file %s for zone %s does not currently exist. The zone will be added to the database anyway. \n", zone_db_input_adapter_uri(zone), zone_name);
239 ods_log_warning("[%s] WARNING: The input file %s for zone %s does not currently exist. The zone will be added to the database anyway.", module_str, zone_db_input_adapter_uri(zone), zone_name);
240 }
241 else if (access(zone_db_input_adapter_uri(zone), R_OK)) {
242 client_printf_err(sockfd, "WARNING: Read access to input file %s for zone %s denied! \n ", zone_db_input_adapter_uri(zone), zone_name);
243 ods_log_warning("[%s] WARNING: Read access to input file %s for zone %s denied! ", module_str, zone_db_input_adapter_uri(zone), zone_name);
244 }
245
246 if (output_type) {
247 if (!strcasecmp(output_type, "DNS"))
248 output_type = "DNS";
249 else if (!strcasecmp(output_type, "File"))
250 output_type = "File";
251 else {
252 client_printf_err(sockfd, "Unable to add zone, %s is not a valid output type! out_type must be File or DNS.\n", output_type);
253 return 1;
254 }
255 if (zone_db_set_output_adapter_type(zone, output_type)) {
256 client_printf_err(sockfd, "Unable to add zone, failed to set output type!\n");
257 }
258 }
259 if (output) {
260 if (output[0] == '/') {
261 if (zone_db_set_output_adapter_uri(zone, output)) {
262 client_printf_err(sockfd, "Unable to add zone, failed to set output!\n");
263 }
264 }
265 else {
266 if (output_type && !strcasecmp(output_type, "DNS")) {
267 if (snprintf(path, sizeof(path), "%s/%s", OPENDNSSEC_CONFIG_DIR, output) >= (int)sizeof(path)
268 || zone_db_set_output_adapter_uri(zone, path))
269 {
270 client_printf_err(sockfd, "Unable to add zone, failed to set output!\n");
271 }
272 }
273 else {
274 if (snprintf(path, sizeof(path), "%s/signed/%s", OPENDNSSEC_STATE_DIR, output) >= (int)sizeof(path)
275 || zone_db_set_output_adapter_uri(zone, path))
276 {
277 client_printf_err(sockfd, "Unable to add zone, failed to set output!\n");
278 }
279 }
280 }
281 }
282 else {
283 if(output_type && !strcasecmp(output_type, "DNS")) {
284 if (snprintf(path, sizeof(path), "%s/addns.xml", OPENDNSSEC_CONFIG_DIR) >= (int)sizeof(path)
285 || zone_db_set_output_adapter_uri(zone, path))
286 {
287 client_printf_err(sockfd, "Unable to add zone, failed to set output!\n");
288 }
289 }
290 else {
291 if (snprintf(path, sizeof(path), "%s/signed/%s", OPENDNSSEC_STATE_DIR, zone_name) >= (int)sizeof(path)
292 || zone_db_set_output_adapter_uri(zone, path))
293 {
294 client_printf_err(sockfd, "Unable to add zone, failed to set output!\n");
295 }
296 }
297 }
298
299 client_printf(sockfd, "output is set to %s. \n", zone_db_output_adapter_uri(zone));
300 if (output_type && !strcasecmp(output_type, "DNS")) {
301 if (access(zone_db_output_adapter_uri(zone), F_OK) == -1) {
302 client_printf_err(sockfd, "WARNING: The output file %s for zone %s does not currently exist. The zone will be added to the database anyway. \n", zone_db_output_adapter_uri(zone), zone_name);
303 ods_log_warning("[%s] WARNING: The output file %s for zone %s does not currently exist. The zone will be added to the database anyway.", module_str, zone_db_output_adapter_uri(zone), zone_name);
304 }
305 else if (access(zone_db_output_adapter_uri(zone), R_OK)) {
306 client_printf_err(sockfd, "WARNING: Read access to output file %s for zone %s denied! \n ", zone_db_output_adapter_uri(zone), zone_name);
307 ods_log_warning("[%s] WARNING: Read access to output file %s for zone %s denied! ", module_str, zone_db_output_adapter_uri(zone), zone_name);
308 }
309 }
310
311 if (signconf) {
312 if (signconf[0] == '/') {
313 if (zone_db_set_signconf_path(zone, signconf)) {
314 client_printf_err(sockfd, "Unable to add zone, failed to set signconf!\n");
315 }
316 }
317 else {
318 if (snprintf(path, sizeof(path), "%s/signconf/%s", OPENDNSSEC_STATE_DIR, signconf) >= (int)sizeof(path)
319 || zone_db_set_signconf_path(zone, path))
320 {
321 client_printf_err(sockfd, "Unable to add zone, failed to set signconf!\n");
322 }
323 }
324 }
325 else {
326 if (snprintf(path, sizeof(path), "%s/signconf/%s.xml", OPENDNSSEC_STATE_DIR, zone_name) >= (int)sizeof(path)
327 || zone_db_set_signconf_path(zone, path))
328 {
329 client_printf_err(sockfd, "Unable to add zone, failed to set signconf!\n");
330 }
331 }
332 if (suspend) {
333 if (zone_db_set_next_change(zone, -1)) {
334 ods_log_error("[%s] Cannot suspend zone %s, database error!", module_str, zone_name);
335 client_printf_err(sockfd, "Cannot suspend zone %s, database error!\n", zone_name);
336 }
337 }
338
339 if (zone_db_create(zone)) {
340 client_printf_err(sockfd, "Unable to add zone, database error!\n");
341 zone_db_free(zone);
343 return 1;
344 }
345 ods_log_info("[%s] zone %s added [policy: %s]", module_str, zone_name, (policy_name ? policy_name : "default"));
346 client_printf(sockfd, "Zone %s added successfully\n", zone_name);
347
348 if (write_xml) {
349 if (zonelist_update_add(sockfd, engine->config->zonelist_filename, zone, 1) != ZONELIST_UPDATE_OK) {
350 ods_log_error("[%s] zonelist %s updated failed", module_str, engine->config->zonelist_filename);
351 client_printf_err(sockfd, "Zonelist %s update failed!\n", engine->config->zonelist_filename);
352 ret = 1;
353 }
354 else {
355 ods_log_info("[%s] zonelist %s updated successfully", module_str, engine->config->zonelist_filename);
356 client_printf(sockfd, "Zonelist %s updated successfully\n", engine->config->zonelist_filename);
357 }
358 }
359
360 if (snprintf(path, sizeof(path), "%s/%s", engine->config->working_dir, OPENDNSSEC_ENFORCER_ZONELIST) >= (int)sizeof(path)
361 || zonelist_update_add(sockfd, path, zone, 0) != ZONELIST_UPDATE_OK)
362 {
363 ods_log_error("[%s] internal zonelist update failed", module_str);
364 client_printf_err(sockfd, "Unable to update the internal zonelist %s, updates will not reach the Signer!\n", path);
365 ret = 1;
366 }
367 else {
368 ods_log_info("[%s] internal zonelist updated successfully", module_str);
369 }
370
371 /*
372 * On successful generate HSM keys and add/flush enforce task.
373 */
374 if (!suspend) {
375 if (!engine->config->manual_keygen)
376 (void)hsm_key_factory_generate_policy(engine, dbconn, policy, 0);
377 ods_log_debug("[%s] Flushing enforce task", module_str);
378 (void)schedule_task(engine->taskq, enforce_task(engine, zone->name), 1, 0);
379 }
380
382
383 zone_db_free(zone);
384
385 return ret;
386}
387
388struct cmd_func_block zone_add_funcblock = {
389 "zone add", &usage, &help, NULL, NULL, &run, NULL
390};
task_type * enforce_task(engine_type *engine, char const *owner)
db_connection_t * getconnectioncontext(cmdhandler_ctx_type *context)
engine_type * getglobalcontext(cmdhandler_ctx_type *context)
int hsm_key_factory_generate_policy(engine_type *engine, const db_connection_t *connection, const policy_t *policy, time_t duration)
policy_t * policy_new_get_by_name(const db_connection_t *connection, const char *name)
Definition policy.c:2090
const char * policy_name(const policy_t *policy)
Definition policy.c:813
const db_value_t * policy_id(const policy_t *policy)
Definition policy.c:805
void policy_free(policy_t *policy)
Definition policy.c:518
schedule_type * taskq
Definition engine.h:60
engineconfig_type * config
Definition engine.h:48
const char * working_dir
Definition cfg.h:64
const char * zonelist_filename
Definition cfg.h:57
int manual_keygen
Definition cfg.h:74
char * name
Definition zone_db.h:53
struct cmd_func_block zone_add_funcblock
int zone_db_set_input_adapter_type(zone_db_t *zone, const char *input_adapter_type_text)
Definition zone_db.c:1061
void zone_db_free(zone_db_t *zone)
Definition zone_db.c:325
int zone_db_set_output_adapter_type(zone_db_t *zone, const char *output_adapter_type_text)
Definition zone_db.c:1105
int zone_db_set_policy_id(zone_db_t *zone, const db_value_t *policy_id)
Definition zone_db.c:918
int zone_db_create(zone_db_t *zone)
Definition zone_db.c:1206
const char * zone_db_input_adapter_uri(const zone_db_t *zone)
Definition zone_db.c:870
int zone_db_set_signconf_path(zone_db_t *zone, const char *signconf_path_text)
Definition zone_db.c:969
zone_db_t * zone_db_new(const db_connection_t *connection)
Definition zone_db.c:287
int zone_db_set_output_adapter_uri(zone_db_t *zone, const char *output_adapter_uri_text)
Definition zone_db.c:1127
int zone_db_set_name(zone_db_t *zone, const char *name_text)
Definition zone_db.c:937
const char * zone_db_output_adapter_uri(const zone_db_t *zone)
Definition zone_db.c:886
zone_db_t * zone_db_new_get_by_name(const db_connection_t *connection, const char *name)
Definition zone_db.c:1569
int zone_db_set_next_change(zone_db_t *zone, int next_change)
Definition zone_db.c:991
int zone_db_set_input_adapter_uri(zone_db_t *zone, const char *input_adapter_uri_text)
Definition zone_db.c:1083
int zonelist_update_add(int sockfd, const char *filename, const zone_db_t *zone, int comment)
#define ZONELIST_UPDATE_OK