31 #include "clientpipe.h" 38 #include <libxml/parser.h> 39 #include <libxml/tree.h> 46 #define POLICY_EXPORT_MAX_LENGHT 1000 48 static int __free(
char **p) {
57 static int __policy_export(
int sockfd,
const policy_t*
policy, xmlNodePtr root) {
65 duration_type* duration;
66 char* duration_text = NULL;
71 if (!(duration = duration_create())) {
72 client_printf_err(sockfd,
"Unable to export KASP XML, memory allocation error!\n");
77 if (!(node = xmlNewChild(root, NULL, (xmlChar*)
"Policy", NULL))
79 || !xmlNewProp(node, (xmlChar*)
"name", (xmlChar*)
policy_name(policy))
81 || !xmlNewChild(node, NULL, (xmlChar*)
"Description", (xmlChar*)
policy_description(policy))
84 || !(node2 = xmlNewChild(node, NULL, (xmlChar*)
"Signatures", NULL))
87 || !(duration_text = duration2string(duration))
88 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Resign", (xmlChar*)duration_text))
89 || __free(&duration_text)
92 || !(duration_text = duration2string(duration))
93 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Refresh", (xmlChar*)duration_text))
94 || __free(&duration_text)
96 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Validity", NULL))
99 || !(duration_text = duration2string(duration))
100 || !(node4 = xmlNewChild(node3, NULL, (xmlChar*)
"Default", (xmlChar*)duration_text))
101 || __free(&duration_text)
104 || !(duration_text = duration2string(duration))
105 || !(node4 = xmlNewChild(node3, NULL, (xmlChar*)
"Denial", (xmlChar*)duration_text))
106 || __free(&duration_text)
110 || !(duration_text = duration2string(duration))
111 || !(node4 = xmlNewChild(node3, NULL, (xmlChar*)
"Keyset", (xmlChar*)duration_text))
112 || __free(&duration_text)
115 || !(duration_text = duration2string(duration))
116 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Jitter", (xmlChar*)duration_text))
117 || __free(&duration_text)
120 || !(duration_text = duration2string(duration))
121 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"InceptionOffset", (xmlChar*)duration_text))
122 || __free(&duration_text)
125 || !(duration_text = duration2string(duration))
126 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"MaxZoneTTL", (xmlChar*)duration_text))
127 || __free(&duration_text))
130 || !(node2 = xmlNewChild(node, NULL, (xmlChar*)
"Denial", NULL))
133 && !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"NSEC", NULL)))
136 && (!(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"NSEC3", NULL))
140 || !(duration_text = duration2string(duration))
141 || !(node4 = xmlNewChild(node3, NULL, (xmlChar*)
"TTL", (xmlChar*)duration_text))
142 || __free(&duration_text)))
145 && !(node4 = xmlNewChild(node3, NULL, (xmlChar*)
"OptOut", NULL)))
149 || !(duration_text = duration2string(duration))
150 || !(node4 = xmlNewChild(node3, NULL, (xmlChar*)
"Resalt", (xmlChar*)duration_text))
151 || __free(&duration_text)))
153 || !(node4 = xmlNewChild(node3, NULL, (xmlChar*)
"Hash", NULL))
156 || !(node5 = xmlNewChild(node4, NULL, (xmlChar*)
"Algorithm", (xmlChar*)text))
159 || !(node5 = xmlNewChild(node4, NULL, (xmlChar*)
"Iterations", (xmlChar*)text))
161 || !(node5 = xmlNewChild(node4, NULL, (xmlChar*)
"Salt", NULL))
164 || !xmlNewProp(node5, (xmlChar*)
"length", (xmlChar*)text)))
167 || !(keys = xmlNewChild(node, NULL, (xmlChar*)
"Keys", NULL))
170 || !(duration_text = duration2string(duration))
171 || !(node3 = xmlNewChild(keys, NULL, (xmlChar*)
"TTL", (xmlChar*)duration_text))
172 || __free(&duration_text)
175 || !(duration_text = duration2string(duration))
176 || !(node3 = xmlNewChild(keys, NULL, (xmlChar*)
"RetireSafety", (xmlChar*)duration_text))
177 || __free(&duration_text)
180 || !(duration_text = duration2string(duration))
181 || !(node3 = xmlNewChild(keys, NULL, (xmlChar*)
"PublishSafety", (xmlChar*)duration_text))
182 || __free(&duration_text)
185 && !(node3 = xmlNewChild(keys, NULL, (xmlChar*)
"ShareKeys", NULL)))
189 || !(duration_text = duration2string(duration))
190 || !(node3 = xmlNewChild(keys, NULL, (xmlChar*)
"Purge", (xmlChar*)duration_text))
191 || __free(&duration_text)))
194 || !(node2 = xmlNewChild(node, NULL, (xmlChar*)
"Zone", NULL))
197 || !(duration_text = duration2string(duration))
198 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"PropagationDelay", (xmlChar*)duration_text))
199 || __free(&duration_text)
201 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"SOA", NULL))
204 || !(duration_text = duration2string(duration))
205 || !(node4 = xmlNewChild(node3, NULL, (xmlChar*)
"TTL", (xmlChar*)duration_text))
206 || __free(&duration_text)
209 || !(duration_text = duration2string(duration))
210 || !(node4 = xmlNewChild(node3, NULL, (xmlChar*)
"Minimum", (xmlChar*)duration_text))
211 || __free(&duration_text)
216 || !(node2 = xmlNewChild(node, NULL, (xmlChar*)
"Parent", NULL))
220 || !(duration_text = duration2string(duration))
221 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"RegistrationDelay", (xmlChar*)duration_text))
222 || __free(&duration_text)))
225 || !(duration_text = duration2string(duration))
226 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"PropagationDelay", (xmlChar*)duration_text))
227 || __free(&duration_text)
229 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"DS", NULL))
232 || !(duration_text = duration2string(duration))
233 || !(node4 = xmlNewChild(node3, NULL, (xmlChar*)
"TTL", (xmlChar*)duration_text))
234 || __free(&duration_text)
236 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"SOA", NULL))
239 || !(duration_text = duration2string(duration))
240 || !(node4 = xmlNewChild(node3, NULL, (xmlChar*)
"TTL", (xmlChar*)duration_text))
241 || __free(&duration_text)
244 || !(duration_text = duration2string(duration))
245 || !(node4 = xmlNewChild(node3, NULL, (xmlChar*)
"Minimum", (xmlChar*)duration_text))
246 || __free(&duration_text)
249 client_printf_err(sockfd,
"Unable to create XML elements, error code %d!\n", error);
250 __free(&duration_text);
251 duration_cleanup(duration);
254 __free(&duration_text);
257 duration_cleanup(duration);
265 if (!(node2 = xmlNewChild(keys, NULL, (xmlChar*)
"ZSK", NULL))
268 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Algorithm", (xmlChar*)text))
270 || snprintf(text,
sizeof(text),
"%u",
policy_key_bits(policy_key)) >= (int)
sizeof(text)
271 || !xmlNewProp(node3, (xmlChar*)
"length", (xmlChar*)text)
274 || !(duration_text = duration2string(duration))
275 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Lifetime", (xmlChar*)duration_text))
276 || __free(&duration_text)
278 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Repository", (xmlChar*)
policy_key_repository(policy_key)))
281 && (snprintf(text,
sizeof(text),
"%u",
policy_key_standby(policy_key)) >= (int)
sizeof(text)
282 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Standby", (xmlChar*)text))))
285 && !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"ManualRollover", NULL)))
288 && !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"ZskRollType", (xmlChar*)
"ZskDoubleSignature")))
291 && !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"ZskRollType", (xmlChar*)
"ZskPrePublication")))
294 && !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"ZskRollType", (xmlChar*)
"ZskDoubleRRsig")))
297 client_printf_err(sockfd,
"Unable to create XML elements, error code %d!\n", error);
298 __free(&duration_text);
299 duration_cleanup(duration);
302 __free(&duration_text);
307 if (!(node2 = xmlNewChild(keys, NULL, (xmlChar*)
"KSK", NULL))
310 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Algorithm", (xmlChar*)text))
312 || snprintf(text,
sizeof(text),
"%u",
policy_key_bits(policy_key)) >= (
int)
sizeof(text)
313 || !xmlNewProp(node3, (xmlChar*)
"length", (xmlChar*)text)
316 || !(duration_text = duration2string(duration))
317 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Lifetime", (xmlChar*)duration_text))
318 || __free(&duration_text)
320 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Repository", (xmlChar*)
policy_key_repository(policy_key)))
323 && (snprintf(text,
sizeof(text),
"%u",
policy_key_standby(policy_key)) >= (
int)
sizeof(text)
324 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Standby", (xmlChar*)text))))
327 && !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"ManualRollover", NULL)))
330 && !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"KskRollType", (xmlChar*)
"KskDoubleRRset")))
333 && !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"KskRollType", (xmlChar*)
"KskDoubleDS")))
336 && !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"KskRollType", (xmlChar*)
"KskDoubleSignature")))
339 && !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"RFC5011", NULL)))
342 client_printf_err(sockfd,
"Unable to create XML elements, error code %d!\n", error);
343 __free(&duration_text);
344 duration_cleanup(duration);
347 __free(&duration_text);
352 if (!(node2 = xmlNewChild(keys, NULL, (xmlChar*)
"CSK", NULL))
355 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Algorithm", (xmlChar*)text))
357 || snprintf(text,
sizeof(text),
"%u",
policy_key_bits(policy_key)) >= (
int)
sizeof(text)
358 || !xmlNewProp(node3, (xmlChar*)
"length", (xmlChar*)text)
361 || !(duration_text = duration2string(duration))
362 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Lifetime", (xmlChar*)duration_text))
363 || __free(&duration_text)
365 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Repository", (xmlChar*)
policy_key_repository(policy_key)))
368 && (snprintf(text,
sizeof(text),
"%u",
policy_key_standby(policy_key)) >= (
int)
sizeof(text)
369 || !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"Standby", (xmlChar*)text))))
372 && !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"ManualRollover", NULL)))
375 && !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"CskRollType", (xmlChar*)
"CskDoubleRRset")))
378 && !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"CskRollType", (xmlChar*)
"CskSingleSignature")))
381 && !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"CskRollType", (xmlChar*)
"CskDoubleDS")))
384 && !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"CskRollType", (xmlChar*)
"CskDoubleSignature")))
387 && !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"CskRollType", (xmlChar*)
"CskPrePublication")))
390 && !(node3 = xmlNewChild(node2, NULL, (xmlChar*)
"RFC5011", NULL)))
393 client_printf_err(sockfd,
"Unable to create XML elements, error code %d!\n", error);
394 __free(&duration_text);
395 duration_cleanup(duration);
398 __free(&duration_text);
403 duration_cleanup(duration);
409 duration_cleanup(duration);
417 xmlNodePtr root = NULL;
424 char* dirname, *dirlast;
431 if (access(filename, W_OK)) {
432 if (errno == ENOENT) {
433 if ((dirname = strdup(filename))) {
434 if ((dirlast = strrchr(dirname,
'/'))) {
436 if (access(dirname, W_OK)) {
437 client_printf_err(sockfd,
"Write access to directory denied: %s\n", strerror(errno));
446 client_printf_err(sockfd,
"Write access to file denied!\n");
451 if (snprintf(path,
sizeof(path),
"%s.new", filename) >= (
int)
sizeof(path)) {
452 client_printf_err(sockfd,
"Unable to write XML to %s, path to long!\n", filename);
457 if (!(doc = xmlNewDoc((xmlChar*)
"1.0"))
458 || !(root = xmlNewNode(NULL, (xmlChar*)
"KASP")))
460 client_printf_err(sockfd,
"Unable to create XML elements, memory allocation error!\n");
467 xmlDocSetRootElement(doc, root);
481 ret = __policy_export(sockfd, policy, root);
492 if (xmlSaveFormatFileEnc(path, doc,
"UTF-8", 1) == -1) {
493 client_printf_err(sockfd,
"Unable to write policy, LibXML error!\n");
499 if (
check_kasp(path, NULL, 0, 0, NULL, NULL)) {
500 client_printf_err(sockfd,
"Unable to validate the exported policy XML!\n");
505 if (rename(path, filename)) {
506 client_printf_err(sockfd,
"Unable to write policy, rename failed!\n");
512 xmlDocDumpFormatMemoryEnc(doc, &xml, &xml_length,
"UTF-8", 1);
514 if (xml && xml_length) {
516 client_printf(sockfd,
"%.*s", POLICY_EXPORT_MAX_LENGHT, xml_out);
519 client_printf(sockfd,
"%.*s", xml_write, xml_out);
524 client_printf_err(sockfd,
"Unable to create policy XML, LibXML error!\n");
534 xmlNodePtr root = NULL;
541 char* dirname, *dirlast;
548 if (access(filename, W_OK)) {
549 if (errno == ENOENT) {
550 if ((dirname = strdup(filename))) {
551 if ((dirlast = strrchr(dirname,
'/'))) {
553 if (access(dirname, W_OK)) {
554 client_printf_err(sockfd,
"Write access to directory denied: %s\n", strerror(errno));
563 client_printf_err(sockfd,
"Write access to file denied!\n");
568 if (snprintf(path,
sizeof(path),
"%s.new", filename) >= (
int)
sizeof(path)) {
569 client_printf_err(sockfd,
"Unable to write XML to %s, path to long!\n", filename);
574 if (!(doc = xmlNewDoc((xmlChar*)
"1.0"))
575 || !(root = xmlNewNode(NULL, (xmlChar*)
"KASP")))
577 client_printf_err(sockfd,
"Unable to create XML elements, memory allocation error!\n");
584 xmlDocSetRootElement(doc, root);
586 ret = __policy_export(sockfd, policy, root);
594 if (xmlSaveFormatFileEnc(path, doc,
"UTF-8", 1) == -1) {
595 client_printf_err(sockfd,
"Unable to write policy, LibXML error!\n");
601 if (
check_kasp(path, NULL, 0, 0, NULL, NULL)) {
602 client_printf_err(sockfd,
"Unable to validate the exported policy XML!\n");
607 if (rename(path, filename)) {
608 client_printf_err(sockfd,
"Unable to write policy, rename failed!\n");
614 xmlDocDumpFormatMemoryEnc(doc, &xml, &xml_length,
"UTF-8", 1);
616 if (xml && xml_length) {
618 client_printf(sockfd,
"%.*s", POLICY_EXPORT_MAX_LENGHT, xml_out);
621 client_printf(sockfd,
"%.*s", xml_write, xml_out);
626 client_printf_err(sockfd,
"Unable to create policy XML, LibXML error!\n");
int policy_list_get(policy_list_t *policy_list)
const policy_key_t * policy_key_list_next(policy_key_list_t *policy_key_list)
void policy_list_free(policy_list_t *policy_list)
unsigned int policy_denial_resalt(const policy_t *policy)
unsigned int policy_parent_registration_delay(const policy_t *policy)
const char * policy_name(const policy_t *policy)
int check_kasp(const char *kasp, char **repo_list, int repo_count, int verbose, char ***policy_names_out, int *policy_count_out)
unsigned int policy_signatures_max_zone_ttl(const policy_t *policy)
unsigned int policy_denial_algorithm(const policy_t *policy)
unsigned int policy_signatures_refresh(const policy_t *policy)
#define POLICY_KEY_MINIMIZE_RRSIG
unsigned int policy_signatures_validity_default(const policy_t *policy)
#define POLICY_EXPORT_MAX_LENGHT
unsigned int policy_parent_propagation_delay(const policy_t *policy)
unsigned int policy_signatures_validity_denial(const policy_t *policy)
unsigned int policy_signatures_jitter(const policy_t *policy)
unsigned int policy_key_rfc5011(const policy_key_t *policy_key)
unsigned int policy_signatures_inception_offset(const policy_t *policy)
unsigned int policy_zone_propagation_delay(const policy_t *policy)
unsigned int policy_denial_iterations(const policy_t *policy)
const char * policy_key_repository(const policy_key_t *policy_key)
unsigned int policy_zone_soa_ttl(const policy_t *policy)
unsigned int policy_key_lifetime(const policy_key_t *policy_key)
#define POLICY_EXPORT_ERR_ARGS
unsigned int policy_keys_publish_safety(const policy_t *policy)
int policy_export_all(int sockfd, const db_connection_t *connection, const char *filename)
policy_key_list_t * policy_get_policy_keys(const policy_t *policy)
unsigned int policy_parent_ds_ttl(const policy_t *policy)
unsigned int policy_key_minimize(const policy_key_t *policy_key)
const char * policy_zone_soa_serial_text(const policy_t *policy)
unsigned int policy_denial_ttl(const policy_t *policy)
#define POLICY_EXPORT_ERR_MEMORY
int policy_key_standby(const policy_key_t *policy_key)
unsigned int policy_parent_soa_minimum(const policy_t *policy)
unsigned int policy_denial_optout(const policy_t *policy)
unsigned int policy_keys_retire_safety(const policy_t *policy)
policy_list_t * policy_list_new(const db_connection_t *connection)
unsigned int policy_key_manual_rollover(const policy_key_t *policy_key)
#define POLICY_EXPORT_ERR_DATABASE
#define POLICY_EXPORT_ERR_FILE
const char * policy_description(const policy_t *policy)
const policy_t * policy_list_next(policy_list_t *policy_list)
#define POLICY_KEY_MINIMIZE_DS
#define POLICY_EXPORT_ERR_XML
int policy_export(int sockfd, const policy_t *policy, const char *filename)
unsigned int policy_denial_salt_length(const policy_t *policy)
unsigned int policy_key_algorithm(const policy_key_t *policy_key)
unsigned int policy_parent_soa_ttl(const policy_t *policy)
#define POLICY_KEY_MINIMIZE_DS_AND_RRSIG
unsigned int policy_signatures_validity_keyset(const policy_t *policy)
unsigned int policy_keys_shared(const policy_t *policy)
unsigned int policy_key_bits(const policy_key_t *policy_key)
void policy_key_list_free(policy_key_list_t *policy_key_list)
unsigned int policy_zone_soa_minimum(const policy_t *policy)
unsigned int policy_keys_purge_after(const policy_t *policy)
#define POLICY_KEY_MINIMIZE_NONE
#define POLICY_KEY_MINIMIZE_DNSKEY
unsigned int policy_keys_ttl(const policy_t *policy)
unsigned int policy_signatures_resign(const policy_t *policy)