OpenDNSSEC-enforcer 2.1.12
key_purge.c
Go to the documentation of this file.
1#include "key_purge.h"
2#include "clientpipe.h"
3#include "log.h"
5
6static void free_all(key_data_list_t *key_list, key_data_t** keylist,
7 key_dependency_list_t *deplist, key_dependency_t **deplist2,
8 zone_db_t *zone)
9{
10 int i;
11
13 deplist = NULL;
14
15 key_data_list_free(key_list);
16 key_list = NULL;
17
18 if (keylist) {
19 int keylist_size = key_data_list_size(key_list);
20 for (i = 0; i < keylist_size; i++) {
21 key_data_free(keylist[i]);
22 }
23 free(keylist);
24 keylist = NULL;
25 }
26
27 if (deplist2) {
28 int deplist2_size = key_dependency_list_size(deplist);
29 for (i = 0; i < deplist2_size; i++){
30 key_dependency_free(deplist2[i]);
31 }
32 free(deplist2);
33 deplist2 = NULL;
34 }
35
36 zone_db_free(zone);
37}
38
39
40int removeDeadKeysNow(int sockfd, db_connection_t *dbconn,
41 policy_t *policy, zone_db_t *rzone, int purge)
42{
43 static const char *scmd = "removeDeadKeysNow";
44 size_t i, deplist2_size = 0;
45 int key_purgable, cmp;
46 int zone_key_purgable;
47 unsigned int j;
48 const key_state_t* state = NULL;
49 key_data_list_t *key_list = NULL;
50 key_data_t** keylist = NULL;
51 key_dependency_list_t *deplist = NULL;
52 key_dependency_t **deplist2 = NULL;
53 size_t keylist_size;
54 zone_list_db_t *zonelist = NULL;
55 zone_db_t *zone = NULL;
56 int listsize = 0;
57
58
59 if (!dbconn) {
60 ods_log_error("[%s] no dbconn", scmd);
61 client_printf_err(sockfd, "[%s] no dbconn", scmd);
62 return 1;
63 }
64
65 if (policy) {
67 ods_log_error("[%s] Error fetching zones", scmd);
68 client_printf_err(sockfd, "[%s] Error fetching zones", scmd);
69 return 1;
70 }
71 zonelist = policy_zone_list(policy);
72 listsize = zone_list_db_size(zonelist);
73 if (listsize == 0) {
74 client_printf (sockfd, "No zones on policy %s\n", policy_name(policy));
75 client_printf (sockfd, "No keys to purge\n");
76 return 0;
77 }
78 zone = zone_list_db_get_next(zonelist);
79 } else if (rzone) {
80 listsize = 1;
81 zone = zone_db_new_copy(rzone);
82 }
83
84
85 while (listsize > 0 ) {
86 zone_key_purgable = 0;
87 if (!(deplist = zone_db_get_key_dependencies(zone))) {
88 /* TODO: better log error */
89 ods_log_error("[%s] error zone_db_get_key_dependencies()", scmd);
90 client_printf_err(sockfd, "%s: error zone_db_get_key_dependencies()", scmd);
91 free_all(key_list, keylist, deplist, deplist2, zone);
92 return 1;
93 }
94
95 if (!(key_list = zone_db_get_keys(zone))) {
96 /* TODO: better log error */
97 ods_log_error("[%s] error zone_db_get_keys()", scmd);
98 client_printf_err(sockfd, "%s: error zone_db_get_keys()", scmd);
99 free_all(key_list, keylist, deplist, deplist2, zone);
100 return 1;
101 }
102 keylist_size = key_data_list_size(key_list);
103
104 if (keylist_size) {
105 if (!(keylist = (key_data_t**)calloc(keylist_size, sizeof(key_data_t*)))) {
106 /* TODO: better log error */
107 ods_log_error("[%s] error calloc(keylist_size)", scmd);
108 client_printf_err(sockfd, "[%s] error calloc(keylist_size)", scmd);
109 free_all(key_list, keylist, deplist, deplist2, zone);
110 return 1;
111 }
112 for (i = 0; i < keylist_size; i++) {
113 if (!i)
114 keylist[i] = key_data_list_get_begin(key_list);
115 else
116 keylist[i] = key_data_list_get_next(key_list);
117 if (!keylist[i]
118 || key_data_cache_hsm_key(keylist[i])
119 || key_data_cache_key_states(keylist[i])) {
120 ods_log_error("[%s] error key_data_list cache", scmd);
121 client_printf_err(sockfd, "[%s] error key_data_list cache", scmd);
122 free_all(key_list, keylist, deplist, deplist2, zone);
123 return 1;
124 }
125 }
126 }
127 key_data_list_free(key_list);
128 key_list = NULL;
129
130 deplist2_size = key_dependency_list_size(deplist);
131 deplist2 = (key_dependency_t**)calloc(deplist2_size, sizeof(key_dependency_t*));
132 /* deplist might be NULL but is always freeable */
133 if (deplist2_size > 0)
134 deplist2[0] = key_dependency_list_get_begin(deplist);
135 for (i = 1; i < deplist2_size; i++)
136 deplist2[i] = key_dependency_list_get_next(deplist);
138 deplist = NULL;
139
140 for (i = 0; i < keylist_size; i++) {
141 if (key_data_introducing(keylist[i])) continue;
142 key_purgable = 1;
143 for (j = 0; j<4; j++) {
144 switch(j){
145 case 0: state = key_data_cached_ds(keylist[i]); break;
146 case 1: state = key_data_cached_dnskey(keylist[i]); break;
147 case 2: state = key_data_cached_rrsigdnskey(keylist[i]); break;
148 case 3: state = key_data_cached_rrsig(keylist[i]); break;
149 default: state = NULL;
150 }
151 if (key_state_state(state) == KEY_STATE_STATE_NA) continue;
153 key_purgable = 0;
154 break;
155 }
156 }
157 if (key_purgable) {
158 zone_key_purgable = 1;
159 /* key is purgable */
160 ods_log_info("[%s] deleting key: %s", scmd,
162 client_printf (sockfd, "deleting key: %s\n",
164
165 /* FIXME: key_data_cached_ds spits out const
166 * key_state_delete discards that. */
167 if (key_state_delete(key_data_cached_ds(keylist[i]))
171 || key_data_delete(keylist[i])
173 /* TODO: better log error */
174 ods_log_error("[%s] key_state_delete() || key_data_delete() || hsm_key_factory_release_key() failed", scmd);
175 client_printf_err(sockfd, "[%s] key_state_delete() || key_data_delete() || hsm_key_factory_release_key() failed", scmd);
176 free_all(key_list, keylist, deplist, deplist2, zone);
177 return 1;
178 }
179 /* we can clean up dependency because key is purgable */
180
181 for (j = 0; j < deplist2_size; j++) {
182 if (!deplist2[j]) continue;
183 if (db_value_cmp(key_data_id(keylist[i]), key_dependency_from_key_data_id(deplist2[j]), &cmp)) {
184 /* TODO: better log error */
185 ods_log_error("[%s] cmp deplist from failed", scmd);
186 client_printf_err(sockfd, "[%s] cmp deplist from failed", scmd);
187 break;
188 }
189 if(cmp) continue;
190
191 if (key_dependency_delete(deplist2[j])) {
192 /* TODO: better log error */
193 ods_log_error("[%s] key_dependency_delete() failed", scmd);
194 client_printf_err(sockfd, "[%s] key_dependency_delete() failed", scmd);
195 break;
196 }
197 }
198 }
199
200 }
201 if (zone_key_purgable == 0)
202 client_printf (sockfd, "No keys to purge for %s \n", zone_db_name(zone));
203
204 free_all(key_list, keylist, deplist, deplist2, zone);
205
206 listsize--;
207 if (listsize > 0) {
208 zone = zone_list_db_get_next(zonelist);
209 }
210 }
211
212 if(purge) {
213 int deleteCount = hsm_key_factory_delete_key(dbconn);
214 if(deleteCount > 0)
215 client_printf (sockfd, "Number of keys deleted from HSM is %d\n", deleteCount);
216 else
217 client_printf (sockfd, "Found no keys to delete from HSM\n");
218 } else
219 client_printf (sockfd, "Refrained from deleting keys from HSM\n");
220
221 return 0;
222}
int db_value_cmp(const db_value_t *value_a, const db_value_t *value_b, int *result)
Definition: db_value.c:102
const char * hsm_key_locator(const hsm_key_t *hsm_key)
Definition: hsm_key.c:520
const db_value_t * hsm_key_id(const hsm_key_t *hsm_key)
Definition: hsm_key.c:504
int hsm_key_factory_delete_key(const db_connection_t *connection)
int hsm_key_factory_release_key_id(const db_value_t *hsm_key_id, const db_connection_t *connection)
const db_value_t * key_data_id(const key_data_t *key_data)
Definition: key_data.c:553
size_t key_data_list_size(key_data_list_t *key_data_list)
Definition: key_data.c:2461
int key_data_delete(key_data_t *key_data)
Definition: key_data.c:1587
void key_data_free(key_data_t *key_data)
Definition: key_data.c:304
void key_data_list_free(key_data_list_t *key_data_list)
Definition: key_data.c:1694
unsigned int key_data_introducing(const key_data_t *key_data)
Definition: key_data.c:727
key_data_t * key_data_list_get_next(key_data_list_t *key_data_list)
Definition: key_data.c:2425
int key_data_cache_hsm_key(key_data_t *key_data)
Definition: key_data.c:615
key_data_t * key_data_list_get_begin(key_data_list_t *key_data_list)
Definition: key_data.c:2323
const key_state_t * key_data_cached_rrsig(key_data_t *key_data)
Definition: key_data_ext.c:64
int key_data_cache_key_states(key_data_t *key_data)
Definition: key_data_ext.c:33
const key_state_t * key_data_cached_dnskey(key_data_t *key_data)
Definition: key_data_ext.c:68
const hsm_key_t * key_data_cached_hsm_key(const key_data_t *key_data)
Definition: key_data_ext.c:108
const key_state_t * key_data_cached_ds(key_data_t *key_data)
Definition: key_data_ext.c:60
const key_state_t * key_data_cached_rrsigdnskey(key_data_t *key_data)
Definition: key_data_ext.c:72
void key_dependency_free(key_dependency_t *key_dependency)
key_dependency_t * key_dependency_list_get_next(key_dependency_list_t *key_dependency_list)
void key_dependency_list_free(key_dependency_list_t *key_dependency_list)
const db_value_t * key_dependency_from_key_data_id(const key_dependency_t *key_dependency)
size_t key_dependency_list_size(key_dependency_list_t *key_dependency_list)
int key_dependency_delete(key_dependency_t *key_dependency)
key_dependency_t * key_dependency_list_get_begin(key_dependency_list_t *key_dependency_list)
int removeDeadKeysNow(int sockfd, db_connection_t *dbconn, policy_t *policy, zone_db_t *rzone, int purge)
Definition: key_purge.c:40
int key_state_delete(const key_state_t *key_state)
Definition: key_state.c:831
key_state_state
Definition: key_state.h:49
@ KEY_STATE_STATE_NA
Definition: key_state.h:55
@ KEY_STATE_STATE_HIDDEN
Definition: key_state.h:51
zone_list_db_t * policy_zone_list(policy_t *policy)
Definition: policy.c:1093
const char * policy_name(const policy_t *policy)
Definition: policy.c:813
int policy_retrieve_zone_list(policy_t *policy)
Definition: policy.c:1111
Definition: policy.h:60
void zone_db_free(zone_db_t *zone)
Definition: zone_db.c:325
const char * zone_db_name(const zone_db_t *zone)
Definition: zone_db.c:782
zone_db_t * zone_list_db_get_next(zone_list_db_t *zone_list)
Definition: zone_db.c:2669
size_t zone_list_db_size(zone_list_db_t *zone_list)
Definition: zone_db.c:2705
zone_db_t * zone_db_new_copy(const zone_db_t *zone)
Definition: zone_db.c:306
key_dependency_list_t * zone_db_get_key_dependencies(const zone_db_t *zone)
Definition: zone_db_ext.c:76
key_data_list_t * zone_db_get_keys(const zone_db_t *zone)
Definition: zone_db_ext.c:56