OpenDNSSEC-enforcer  2.0.2
signconfparser.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2009 NLNet Labs. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  * notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  * notice, this list of conditions and the following disclaimer in the
11  * documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
15  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
17  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
19  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
20  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
21  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
22  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
23  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  *
25  */
26 
32 #include "parser/confparser.h"
33 #include "parser/signconfparser.h"
34 #include "status.h"
35 #include "duration.h"
36 #include "log.h"
37 #include "signer/keys.h"
38 
39 #include <libxml/parser.h>
40 #include <libxml/xpath.h>
41 #include <libxml/xpathInternals.h>
42 #include <libxml/xmlreader.h>
43 #include <stdlib.h>
44 
45 static const char* parser_str = "parser";
46 
47 
52 keylist_type*
53 parse_sc_keys(allocator_type* allocator, const char* cfgfile)
54 {
55  xmlDocPtr doc = NULL;
56  xmlXPathContextPtr xpathCtx = NULL;
57  xmlXPathObjectPtr xpathObj = NULL;
58  xmlNode* curNode = NULL;
59  xmlChar* xexpr = NULL;
60  key_type* new_key = NULL;
61  keylist_type* kl = NULL;
62  char* locator = NULL;
63  char* flags = NULL;
64  char* algorithm = NULL;
65  int ksk, zsk, publish, i;
66 
67  if (!cfgfile) {
68  ods_log_error("[%s] could not parse <Keys>, no cfgfile given",
69  parser_str);
70  return NULL;
71  }
72  ods_log_assert(cfgfile);
73 
74  /* Load XML document */
75  doc = xmlParseFile(cfgfile);
76  if (doc == NULL) {
77  ods_log_error("[%s] could not parse <Keys>, xmlParseFile failed",
78  parser_str);
79  return NULL;
80  }
81  /* Create xpath evaluation context */
82  xpathCtx = xmlXPathNewContext(doc);
83  if(xpathCtx == NULL) {
84  xmlFreeDoc(doc);
85  ods_log_error("[%s] could not parse <Keys>, xmlXPathNewContext failed",
86  parser_str);
87  return NULL;
88  }
89  /* Evaluate xpath expression */
90  xexpr = (xmlChar*) "//SignerConfiguration/Zone/Keys/Key";
91  xpathObj = xmlXPathEvalExpression(xexpr, xpathCtx);
92  if(xpathObj == NULL) {
93  xmlXPathFreeContext(xpathCtx);
94  xmlFreeDoc(doc);
95  ods_log_error("[%s] could not parse <Keys>, xmlXPathEvalExpression "
96  "failed", parser_str);
97  return NULL;
98  }
99 
100  kl = keylist_create(allocator);
101  if (xpathObj->nodesetval && xpathObj->nodesetval->nodeNr > 0) {
102  for (i = 0; i < xpathObj->nodesetval->nodeNr; i++) {
103  locator = NULL;
104  flags = NULL;
105  algorithm = NULL;
106  ksk = 0;
107  zsk = 0;
108  publish = 0;
109 
110  curNode = xpathObj->nodesetval->nodeTab[i]->xmlChildrenNode;
111  while (curNode) {
112  if (xmlStrEqual(curNode->name, (const xmlChar *)"Locator")) {
113  locator = (char *) xmlNodeGetContent(curNode);
114  } else if (xmlStrEqual(curNode->name, (const xmlChar *)"Algorithm")) {
115  algorithm = (char *) xmlNodeGetContent(curNode);
116  } else if (xmlStrEqual(curNode->name, (const xmlChar *)"Flags")) {
117  flags = (char *) xmlNodeGetContent(curNode);
118  } else if (xmlStrEqual(curNode->name, (const xmlChar *)"KSK")) {
119  ksk = 1;
120  } else if (xmlStrEqual(curNode->name, (const xmlChar *)"ZSK")) {
121  zsk = 1;
122  } else if (xmlStrEqual(curNode->name, (const xmlChar *)"Publish")) {
123  publish = 1;
124  }
125  curNode = curNode->next;
126  }
127  if (locator && algorithm && flags) {
128  new_key = key_create(allocator, locator,
129  (uint8_t) atoi(algorithm), (uint32_t) atoi(flags),
130  publish, ksk, zsk);
131  if (keylist_push(kl, new_key) != ODS_STATUS_OK) {
132  ods_log_error("[%s] failed to push key %s to key list",
133  parser_str, locator);
134  }
135  } else {
136  ods_log_error("[%s] Key missing required elements, skipping",
137  parser_str);
138  }
139  free((void*)locator);
140  free((void*)algorithm);
141  free((void*)flags);
142  }
143  }
144 
145  xmlXPathFreeObject(xpathObj);
146  xmlXPathFreeContext(xpathCtx);
147  if (doc) {
148  xmlFreeDoc(doc);
149  }
150  return kl;
151 }
152 
153 
158 duration_type*
159 parse_sc_sig_resign_interval(const char* cfgfile)
160 {
161  duration_type* duration = NULL;
162  const char* str = parse_conf_string(cfgfile,
163  "//SignerConfiguration/Zone/Signatures/Resign",
164  1);
165  if (!str) {
166  return NULL;
167  }
168  duration = duration_create_from_string(str);
169  free((void*)str);
170  return duration;
171 }
172 
173 
174 duration_type*
175 parse_sc_sig_refresh_interval(const char* cfgfile)
176 {
177  duration_type* duration = NULL;
178  const char* str = parse_conf_string(cfgfile,
179  "//SignerConfiguration/Zone/Signatures/Refresh",
180  1);
181  if (!str) {
182  return NULL;
183  }
184  duration = duration_create_from_string(str);
185  free((void*)str);
186  return duration;
187 }
188 
189 
190 duration_type*
191 parse_sc_sig_validity_default(const char* cfgfile)
192 {
193  duration_type* duration = NULL;
194  const char* str = parse_conf_string(cfgfile,
195  "//SignerConfiguration/Zone/Signatures/Validity/Default",
196  1);
197  if (!str) {
198  return NULL;
199  }
200  duration = duration_create_from_string(str);
201  free((void*)str);
202  return duration;
203 }
204 
205 
206 duration_type*
207 parse_sc_sig_validity_denial(const char* cfgfile)
208 {
209  duration_type* duration = NULL;
210  const char* str = parse_conf_string(cfgfile,
211  "//SignerConfiguration/Zone/Signatures/Validity/Denial",
212  1);
213  if (!str) {
214  return NULL;
215  }
216  duration = duration_create_from_string(str);
217  free((void*)str);
218  return duration;
219 }
220 
221 
222 duration_type*
223 parse_sc_sig_jitter(const char* cfgfile)
224 {
225  duration_type* duration = NULL;
226  const char* str = parse_conf_string(cfgfile,
227  "//SignerConfiguration/Zone/Signatures/Jitter",
228  1);
229  if (!str) {
230  return NULL;
231  }
232  duration = duration_create_from_string(str);
233  free((void*)str);
234  return duration;
235 }
236 
237 
238 duration_type*
239 parse_sc_sig_inception_offset(const char* cfgfile)
240 {
241  duration_type* duration = NULL;
242  const char* str = parse_conf_string(cfgfile,
243  "//SignerConfiguration/Zone/Signatures/InceptionOffset",
244  1);
245  if (!str) {
246  return NULL;
247  }
248  duration = duration_create_from_string(str);
249  free((void*)str);
250  return duration;
251 }
252 
253 
254 duration_type*
255 parse_sc_dnskey_ttl(const char* cfgfile)
256 {
257  duration_type* duration = NULL;
258  const char* str = parse_conf_string(cfgfile,
259  "//SignerConfiguration/Zone/Keys/TTL",
260  1);
261  if (!str) {
262  return NULL;
263  }
264  duration = duration_create_from_string(str);
265  free((void*)str);
266  return duration;
267 }
268 
269 
270 duration_type*
271 parse_sc_soa_ttl(const char* cfgfile)
272 {
273  duration_type* duration = NULL;
274  const char* str = parse_conf_string(cfgfile,
275  "//SignerConfiguration/Zone/SOA/TTL",
276  1);
277  if (!str) {
278  return NULL;
279  }
280  duration = duration_create_from_string(str);
281  free((void*)str);
282  return duration;
283 }
284 
285 
286 duration_type*
287 parse_sc_soa_min(const char* cfgfile)
288 {
289  duration_type* duration = NULL;
290  const char* str = parse_conf_string(cfgfile,
291  "//SignerConfiguration/Zone/SOA/Minimum",
292  1);
293  if (!str) {
294  return NULL;
295  }
296  duration = duration_create_from_string(str);
297  free((void*)str);
298  return duration;
299 }
300 
301 
306 ldns_rr_type
307 parse_sc_nsec_type(const char* cfgfile)
308 {
309  const char* str = parse_conf_string(cfgfile,
310  "//SignerConfiguration/Zone/Denial/NSEC3",
311  0);
312  if (str) {
313  free((void*)str);
314  return LDNS_RR_TYPE_NSEC3;
315  }
316 
317  str = parse_conf_string(cfgfile,
318  "//SignerConfiguration/Zone/Denial/NSEC",
319  0);
320  if (str) {
321  free((void*)str);
322  return LDNS_RR_TYPE_NSEC;
323  }
324 
325  return LDNS_RR_TYPE_FIRST;
326 }
327 
328 
333 uint32_t
334 parse_sc_nsec3_algorithm(const char* cfgfile)
335 {
336  int ret = 0;
337  const char* str = parse_conf_string(cfgfile,
338  "//SignerConfiguration/Zone/Denial/NSEC3/Hash/Algorithm",
339  1);
340  if (str) {
341  if (strlen(str) > 0) {
342  ret = atoi(str);
343  }
344  free((void*)str);
345  }
346  return ret;
347 }
348 
349 
350 uint32_t
351 parse_sc_nsec3_iterations(const char* cfgfile)
352 {
353  int ret = 0;
354  const char* str = parse_conf_string(cfgfile,
355  "//SignerConfiguration/Zone/Denial/NSEC3/Hash/Iterations",
356  1);
357  if (str) {
358  if (strlen(str) > 0) {
359  ret = atoi(str);
360  }
361  free((void*)str);
362  }
363  return ret;
364 }
365 
366 
371 int
372 parse_sc_dnskey_ttl_use(const char* cfgfile)
373 {
374  int ret = 0;
375  const char* str = parse_conf_string(cfgfile,
376  "//SignerConfiguration/Zone/Keys/TTL",
377  0);
378  if (str) {
379  if (strlen(str) > 0) {
380  ret = 1;
381  }
382  free((void*)str);
383  }
384  return ret;
385 }
386 
387 
388 int
389 parse_sc_soa_ttl_use(const char* cfgfile)
390 {
391  int ret = 0;
392  const char* str = parse_conf_string(cfgfile,
393  "//SignerConfiguration/Zone/SOA/TTL",
394  0);
395  if (str) {
396  if (strlen(str) > 0) {
397  ret = 1;
398  }
399  free((void*)str);
400  }
401  return ret;
402 }
403 
404 
405 int
406 parse_sc_soa_min_use(const char* cfgfile)
407 {
408  int ret = 0;
409  const char* str = parse_conf_string(cfgfile,
410  "//SignerConfiguration/Zone/SOA/Minimum",
411  0);
412  if (str) {
413  if (strlen(str) > 0) {
414  ret = 1;
415  }
416  free((void*)str);
417  }
418  return ret;
419 }
420 
421 
422 int
423 parse_sc_nsec3_optout(const char* cfgfile)
424 {
425  int ret = 0;
426  const char* str = parse_conf_string(cfgfile,
427  "//SignerConfiguration/Zone/Denial/NSEC3/OptOut",
428  0);
429  if (str) {
430  ret = 1;
431  free((void*)str);
432  }
433  return ret;
434 }
435 
436 
437 int
438 parse_sc_audit(const char* cfgfile)
439 {
440  int ret = 0;
441  const char* str = parse_conf_string(cfgfile,
442  "//SignerConfiguration/Zone/Audit",
443  0);
444  if (str) {
445  ret = 1;
446  free((void*)str);
447  }
448  return ret;
449 }
450 
451 
456 const char*
457 parse_sc_soa_serial(allocator_type* allocator, const char* cfgfile)
458 {
459  const char* dup = NULL;
460  const char* str = parse_conf_string(
461  cfgfile,
462  "//SignerConfiguration/Zone/SOA/Serial",
463  1);
464 
465  if (str) {
466  dup = allocator_strdup(allocator, str);
467  free((void*)str);
468  }
469  return dup;
470 }
471 
472 
473 const char*
474 parse_sc_nsec3_salt(allocator_type* allocator, const char* cfgfile)
475 {
476  const char* dup = NULL;
477  const char* str = parse_conf_string(
478  cfgfile,
479  "//SignerConfiguration/Zone/Denial/NSEC3/Hash/Salt",
480  1);
481 
482  if (str) {
483  dup = allocator_strdup(allocator, str);
484  free((void*)str);
485  }
486  return dup;
487 }
duration_type * parse_sc_sig_validity_default(const char *cfgfile)
duration_type * parse_sc_sig_validity_denial(const char *cfgfile)
uint32_t parse_sc_nsec3_algorithm(const char *cfgfile)
duration_type * parse_sc_soa_ttl(const char *cfgfile)
const char * parse_sc_soa_serial(allocator_type *allocator, const char *cfgfile)
void ods_log_error(const char *format,...)
Definition: log.c:69
duration_type * parse_sc_sig_inception_offset(const char *cfgfile)
keylist_type * parse_sc_keys(allocator_type *allocator, const char *cfgfile)
const char * parse_sc_nsec3_salt(allocator_type *allocator, const char *cfgfile)
duration_type * parse_sc_dnskey_ttl(const char *cfgfile)
duration_type * parse_sc_sig_jitter(const char *cfgfile)
duration_type * parse_sc_sig_refresh_interval(const char *cfgfile)
int parse_sc_soa_ttl_use(const char *cfgfile)
int parse_sc_nsec3_optout(const char *cfgfile)
duration_type * parse_sc_soa_min(const char *cfgfile)
const char * parse_conf_string(const char *cfgfile, const char *expr, int required)
Definition: confparser.c:146
int parse_sc_soa_min_use(const char *cfgfile)
int parse_sc_dnskey_ttl_use(const char *cfgfile)
ldns_rr_type parse_sc_nsec_type(const char *cfgfile)
int parse_sc_audit(const char *cfgfile)
duration_type * parse_sc_sig_resign_interval(const char *cfgfile)
uint32_t parse_sc_nsec3_iterations(const char *cfgfile)