OpenDNSSEC-enforcer 2.1.12
policy_import.c
Go to the documentation of this file.
1/*
2 * Copyright (c) 2014 .SE (The Internet Infrastructure Foundation).
3 * Copyright (c) 2014 OpenDNSSEC AB (svb)
4 * All rights reserved.
5 *
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
8 * are met:
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 * 2. Redistributions in binary form must reproduce the above copyright
12 * notice, this list of conditions and the following disclaimer in the
13 * documentation and/or other materials provided with the distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
19 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
21 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
23 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
25 * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26 *
27 */
28
29#include "log.h"
30#include "clientpipe.h"
31#include "db/policy.h"
32#include "db/policy_key.h"
33#include "utils/kc_helper.h"
34#include "db/zone_db.h"
35#include "db/hsm_key.h"
38
40
41#include <libxml/parser.h>
42#include <libxml/tree.h>
43
49};
50
54 char* name;
56};
57
58static void __policy_import_cleanup(struct __policy_import_policy_key** policy_keys_db, struct __policy_import_policy_key** policy_keys_xml, struct __policy_import_policy** policies) {
59 struct __policy_import_policy_key* policy_key_db;
60 struct __policy_import_policy_key* policy_key_xml;
61 struct __policy_import_policy* policy2;
62
63 for (policy_key_db = *policy_keys_db; policy_key_db; policy_key_db = *policy_keys_db) {
64 *policy_keys_db = policy_key_db->next;
65 if (policy_key_db->policy_key) {
66 policy_key_free(policy_key_db->policy_key);
67 }
68 free(policy_key_db);
69 }
70 for (policy_key_xml = *policy_keys_xml; policy_key_xml; policy_key_xml = *policy_keys_xml) {
71 *policy_keys_xml = policy_key_xml->next;
72 if (policy_key_xml->policy_key) {
73 policy_key_free(policy_key_xml->policy_key);
74 }
75 free(policy_key_xml);
76 policy_key_xml = *policy_keys_xml;
77 }
78 for (policy2 = *policies; policy2; policy2 = *policies) {
79 *policies = policy2->next;
80 free(policy2->name);
81 free(policy2);
82 }
83}
84
85static int check_duplicated_policy_keys(db_connection_t *dbconn, xmlNodePtr node) {
86 xmlNodePtr node2;
87 xmlNodePtr node3;
88 xmlNodePtr* keys;
89 size_t count = 0, i, j, found;
90 policy_key_t *A, *B = NULL;
91
92 /*
93 * Count the keys in the XML
94 */
95 for (node2 = node->children; node2; node2 = node2->next) {
96 if (node2->type != XML_ELEMENT_NODE) {
97 continue;
98 }
99 if (strcmp((char*)node2->name, "Keys")) {
100 continue;
101 }
102
103 for (node3 = node2->children; node3; node3 = node3->next) {
104 if (node3->type != XML_ELEMENT_NODE) {
105 continue;
106 }
107 if (strcmp((char*)node3->name, "KSK")
108 && strcmp((char*)node3->name, "ZSK")
109 && strcmp((char*)node3->name, "CSK"))
110 {
111 continue;
112 }
113 count++;
114 }
115 break; /* Look no further, there is only one 'Keys' section */
116 }
117
118 if (!count) {
119 return 0;
120 }
121
122 /*
123 * Allocate an array of nodes and put all keys in it
124 */
125 if (!(keys = (xmlNodePtr*)calloc(count, sizeof(xmlNodePtr)))) {
126 return -1;
127 }
128 for (i = 0, node2 = node->children; node2; node2 = node2->next) {
129 if (node2->type != XML_ELEMENT_NODE) {
130 continue;
131 }
132 if (strcmp((char*)node2->name, "Keys")) {
133 continue;
134 }
135
136 for (node3 = node2->children; node3; node3 = node3->next) {
137 if (node3->type != XML_ELEMENT_NODE) {
138 continue;
139 }
140 if (strcmp((char*)node3->name, "KSK")
141 && strcmp((char*)node3->name, "ZSK")
142 && strcmp((char*)node3->name, "CSK"))
143 {
144 continue;
145 }
146
147 if (i >= count) {
148 free(keys);
149 return -1;
150 }
151
152 keys[i] = node3;
153 i++;
154 }
155 }
156
157 /*
158 * Walk the array and check for duplicated keys
159 *
160 * TODO: this could be optimized by creating all the policy_key objects
161 * before checking them.
162 */
163 if (!(A = policy_key_new(dbconn))
164 || !(B = policy_key_new(dbconn)))
165 {
168 free(keys);
169 return -1;
170 }
171 for (found = 0, i = 0; i < count && !found; i++) {
173 if (policy_key_create_from_xml(A, keys[i])) {
174 found = -1;
175 break;
176 }
177 for (j = i + 1; j < count && !found; j++) {
179 if (policy_key_create_from_xml(B, keys[j])) {
180 found = -1;
181 break;
182 }
183 if (!policy_key_cmp(A, B)) {
184 found = 1;
185 break;
186 }
187 }
188 }
189
192 free(keys);
193 return found;
194}
195
196int policy_import(int sockfd, engine_type* engine, db_connection_t *dbconn,
197 int do_delete)
198{
199 xmlDocPtr doc;
200 xmlNodePtr real_root;
201 xmlNodePtr root;
202 xmlNodePtr node;
203 xmlNodePtr node2;
204 xmlNodePtr node3;
205 xmlChar* name;
208 const policy_key_t* policy_key2;
209 int updated;
210 int successful;
211 struct __policy_import_policy_key* policy_keys_db = NULL;
212 struct __policy_import_policy_key* policy_key_db;
213 struct __policy_import_policy_key* policy_keys_xml = NULL;
214 struct __policy_import_policy_key* policy_key_xml;
216 int keys_updated;
217 int database_error = 0;
218 int xml_error = 0;
219 char **repositories = NULL;
220 int repository_count = 0;
221 hsm_repository_t* hsm;
222 int i;
223 struct __policy_import_policy* policies = NULL;
224 struct __policy_import_policy* policy2;
226 const policy_t* policy_walk;
227 zone_list_db_t* zone_list;
229 int any_update = 0;
230
231 if (!engine) {
233 }
234 if (!engine->config) {
236 }
237 if (!engine->config->policy_filename) {
239 }
240 if (!dbconn) {
242 }
243
244 /*
245 * Retrieve all the current policies so they can be marked processed later
246 * and then the unprocessed can be deleted
247 */
248 if (!(policy_list = policy_list_new_get(dbconn))) {
249 client_printf_err(sockfd, "Unable to fetch all the current policies in the database!\n");
251 }
252 for (policy_walk = policy_list_next(policy_list); policy_walk; policy_walk = policy_list_next(policy_list)) {
253 if (!(policy2 = calloc(1, sizeof(struct __policy_import_policy)))
254 || !(policy2->name = strdup(policy_name(policy_walk))))
255 {
256 client_printf_err(sockfd, "Memory allocation error!\n");
258 if (policy2) {
259 free(policy2);
260 }
261 for (policy2 = policies; policy2; policy2 = policies) {
262 free(policy2->name);
263 policies = policy2->next;
264 free(policy2);
265 }
267 }
268
269 policy2->next = policies;
270 policies = policy2;
271 }
273
274 /*
275 * Get HSM Repositories
276 */
277 if (engine->config->repositories) {
278 for (hsm = engine->config->repositories; hsm; hsm = hsm->next, repository_count++)
279 ;
280 if (!(repositories = calloc(repository_count, sizeof(char*)))) {
281 __policy_import_cleanup(&policy_keys_db, &policy_keys_xml, &policies);
283 }
284 for (i = 0, hsm = engine->config->repositories; hsm && i<repository_count; hsm = hsm->next, i++)
285 repositories[i] = hsm->name;
286 }
287
288 /*
289 * Validate KASP
290 */
291 if (check_kasp(engine->config->policy_filename, repositories, repository_count, 0, NULL, NULL)) {
292 client_printf_err(sockfd, "Unable to validate the KASP XML, please run ods-kaspcheck for more details!\n");
293 if (repositories) {
294 free(repositories);
295 }
296 __policy_import_cleanup(&policy_keys_db, &policy_keys_xml, &policies);
298 }
299
300 if (repositories) {
301 free(repositories);
302 }
303
304 if (!(doc = xmlParseFile(engine->config->policy_filename))) {
305 client_printf_err(sockfd, "Unable to read/parse KASP XML file %s!\n",
306 engine->config->policy_filename);
307 __policy_import_cleanup(&policy_keys_db, &policy_keys_xml, &policies);
309 }
310
311 if (!(real_root = xmlDocGetRootElement(doc))) {
312 client_printf_err(sockfd, "Unable to get the root element in the KASP XML!\n");
313 xmlFreeDoc(doc);
314 __policy_import_cleanup(&policy_keys_db, &policy_keys_xml, &policies);
316 }
317
318 /*
319 * Check for duplicated policy keys
320 */
321 for (root = real_root; root; root = root->next) {
322 if (root->type != XML_ELEMENT_NODE) {
323 continue;
324 }
325
326 if (!strcmp((char*)root->name, "KASP")) {
327 for (node = root->children; node; node = node->next) {
328 if (node->type != XML_ELEMENT_NODE) {
329 continue;
330 }
331 if (strcmp((char*)node->name, "Policy")) {
332 continue;
333 }
334
335 if (!(name = xmlGetProp(node, (const xmlChar*)"name"))) {
336 client_printf_err(sockfd, "Invalid Policy element in KASP XML!\n");
337 xmlFreeDoc(doc);
338 __policy_import_cleanup(&policy_keys_db, &policy_keys_xml, &policies);
340 }
341
342 if (check_duplicated_policy_keys(dbconn, node)) {
343 client_printf_err(sockfd, "Duplicated Policy Key elements in KASP XML is not allowed!\n");
344 xmlFree(name);
345 xmlFreeDoc(doc);
346 __policy_import_cleanup(&policy_keys_db, &policy_keys_xml, &policies);
348 }
349 xmlFree(name);
350 }
351 }
352 }
353
354 /*
355 * Process XML
356 */
357 for (root = real_root; root; root = root->next) {
358 if (root->type != XML_ELEMENT_NODE) {
359 continue;
360 }
361
362 if (!strcmp((char*)root->name, "KASP")) {
363 for (node = root->children; node; node = node->next) {
364 if (node->type != XML_ELEMENT_NODE) {
365 continue;
366 }
367 if (strcmp((char*)node->name, "Policy")) {
368 continue;
369 }
370
371 if (!(name = xmlGetProp(node, (const xmlChar*)"name"))) {
372 client_printf_err(sockfd, "Invalid Policy element in KASP XML!\n");
373 xmlFreeDoc(doc);
374 __policy_import_cleanup(&policy_keys_db, &policy_keys_xml, &policies);
376 }
377
378 if (!(policy = policy_new(dbconn))) {
379 client_printf_err(sockfd, "Memory allocation error!\n");
380 xmlFree(name);
381 xmlFreeDoc(doc);
382 __policy_import_cleanup(&policy_keys_db, &policy_keys_xml, &policies);
384 }
385
386 /*
387 * Fetch the policy by name, if we can't find it create a new
388 * one otherwise update the existing one
389 */
390 if (policy_get_by_name(policy, (char*)name)) {
391 if (policy_create_from_xml(policy, node)) {
392 client_printf_err(sockfd,
393 "Unable to create policy %s from XML, XML content may be invalid!\n",
394 (char*)name);
396 xmlFree(name);
397 xml_error = 1;
398 continue;
399 }
400
401 if (policy_create(policy)) {
402 client_printf_err(sockfd,
403 "Unable to create policy %s in the database!\n",
404 (char*)name);
406 xmlFree(name);
407 database_error = 1;
408 continue;
409 }
410
411 if (policy_get_by_name(policy, (char*)name)) {
412 client_printf_err(sockfd,
413 "Unable to get policy %s from the database after creation, the policy may be corrupt in the database now!\n",
414 (char*)name);
416 xmlFree(name);
417 database_error = 1;
418 continue;
419 }
420
421 /*
422 * Walk deeper into the XML and create all the keys we find
423 */
424 successful = 1;
425 for (node2 = node->children; node2; node2 = node2->next) {
426 if (node2->type != XML_ELEMENT_NODE) {
427 continue;
428 }
429 if (strcmp((char*)node2->name, "Keys")) {
430 continue;
431 }
432
433 for (node3 = node2->children; node3; node3 = node3->next) {
434 if (node3->type != XML_ELEMENT_NODE) {
435 continue;
436 }
437 if (strcmp((char*)node3->name, "KSK")
438 && strcmp((char*)node3->name, "ZSK")
439 && strcmp((char*)node3->name, "CSK"))
440 {
441 continue;
442 }
443
444 /*
445 * Create the policy key
446 */
447 if (!(policy_key = policy_key_new(dbconn))) {
448 client_printf_err(sockfd, "Memory allocation error!\n");
451 xmlFree(name);
452 xmlFreeDoc(doc);
453 __policy_import_cleanup(&policy_keys_db, &policy_keys_xml, &policies);
455 }
457 client_printf_err(sockfd,
458 "Unable to create %s key for policy %s from XML!\n",
459 (char*)node3->name, (char*)name);
461 successful = 0;
462 xml_error = 1;
463 continue;
464 }
467 {
468 client_printf_err(sockfd,
469 "Unable to create %s key for policy %s in the database, the policy is not complete in the database now!\n",
470 (char*)node3->name, (char*)name);
472 successful = 0;
473 database_error = 1;
474 continue;
475 }
477 }
478 }
479
480 if (successful) {
481 ods_log_info("[policy_import] policy %s created", (char*)name);
482 client_printf(sockfd, "Created policy %s successfully\n", (char*)name);
483 any_update = 1;
484 }
485 }
486 else {
487 /*
488 * Mark it processed even if update fails so its not deleted
489 */
490 for (policy2 = policies; policy2; policy2 = policy2->next) {
491 if (policy2->processed) {
492 continue;
493 }
494 if (!strcmp(policy2->name, (char*)name)) {
495 policy2->processed = 1;
496 break;
497 }
498 }
499
500 /*
501 * Fetch all current keys, put them in a list for later
502 * processing
503 */
504 if (!(policy_key_list = policy_key_list_new(dbconn))
506 {
507 client_printf_err(sockfd,
508 "Unable to retrieve policy keys for policy %s, unknown database error!\n",
509 (char*)name);
512 xmlFree(name);
513 database_error = 1;
514 continue;
515 }
516
517 /*
518 * Clear the list if its been used before
519 */
520 for (policy_key_db = policy_keys_db; policy_key_db; policy_key_db = policy_keys_db) {
521 policy_keys_db = policy_key_db->next;
522 if (policy_key_db->policy_key) {
523 policy_key_free(policy_key_db->policy_key);
524 }
525 free(policy_key_db);
526 }
527
529 while (policy_key2) {
530 if (!(policy_key_db = calloc(1, sizeof(struct __policy_import_policy_key)))
531 || !(policy_key_db->policy_key = policy_key_new(dbconn))
532 || policy_key_copy(policy_key_db->policy_key, policy_key2))
533 {
534 client_printf_err(sockfd, "Memory allocation or internal error!\n");
535 if (policy_key_db->policy_key) {
536 policy_key_free(policy_key_db->policy_key);
537 }
538 free(policy_key_db);
541 xmlFree(name);
542 xmlFreeDoc(doc);
543 __policy_import_cleanup(&policy_keys_db, &policy_keys_xml, &policies);
545 }
546
547 policy_key_db->next = policy_keys_db;
548 policy_keys_db = policy_key_db;
549
551 }
553
554 /*
555 * Update the policy, if any data has changed then updated
556 * will be set to non-zero and if so we update the database
557 */
558 if (policy_update_from_xml(policy, node, &updated)) {
559 client_printf_err(sockfd,
560 "Unable to update policy %s from XML, XML content may be invalid!\n",
561 (char*)name);
563 xmlFree(name);
564 xml_error = 1;
565 continue;
566 }
567
568 /*
569 * Walk deeper into the XML and create objects for all the
570 * keys we find but do not update the database yet
571 */
572
573 /*
574 * Clear the list if its been used before
575 */
576 for (policy_key_xml = policy_keys_xml; policy_key_xml; policy_key_xml = policy_keys_xml) {
577 policy_keys_xml = policy_key_xml->next;
578 if (policy_key_xml->policy_key) {
579 policy_key_free(policy_key_xml->policy_key);
580 }
581 free(policy_key_xml);
582 policy_key_xml = policy_keys_xml;
583 }
584
585 successful = 1;
586 for (node2 = node->children; node2; node2 = node2->next) {
587 if (node2->type != XML_ELEMENT_NODE) {
588 continue;
589 }
590 if (strcmp((char*)node2->name, "Keys")) {
591 continue;
592 }
593
594 for (node3 = node2->children; node3; node3 = node3->next) {
595 if (node3->type != XML_ELEMENT_NODE) {
596 continue;
597 }
598 if (strcmp((char*)node3->name, "KSK")
599 && strcmp((char*)node3->name, "ZSK")
600 && strcmp((char*)node3->name, "CSK"))
601 {
602 continue;
603 }
604
605 if (!(policy_key_xml = calloc(1, sizeof(struct __policy_import_policy_key)))
606 || !(policy_key_xml->policy_key = policy_key_new(dbconn)))
607 {
608 client_printf_err(sockfd, "Memory allocation or internal error!\n");
609 if (policy_key_xml->policy_key) {
610 policy_key_free(policy_key_xml->policy_key);
611 }
612 free(policy_key_xml);
614 xmlFree(name);
615 xmlFreeDoc(doc);
616 __policy_import_cleanup(&policy_keys_db, &policy_keys_xml, &policies);
618 }
619
621 || policy_key_create_from_xml(policy_key_xml->policy_key, node3))
622 {
623 client_printf_err(sockfd,
624 "Unable to create %s key for policy %s from XML, XML content may be invalid!\n",
625 (char*)node3->name, (char*)name);
626 successful = 0;
627 if (policy_key_xml->policy_key) {
628 policy_key_free(policy_key_xml->policy_key);
629 }
630 free(policy_key_xml);
631 xml_error = 1;
632 continue;
633 }
634
635 policy_key_xml->next = policy_keys_xml;
636 policy_keys_xml = policy_key_xml;
637 }
638 }
639
640 if (!successful) {
641 client_printf_err(sockfd,
642 "Unable to update policy %s from XML because of previous policy key error!\n",
643 (char*)name);
645 xmlFree(name);
646 xml_error = 1;
647 continue;
648 }
649
650 /*
651 * Compare the two lists, one from the database and the
652 * other from the XML. If the policy key objects match then
653 * mark them processed in both lists.
654 */
655 policy_key_xml = policy_keys_xml;
656 while (policy_key_xml) {
657 if (policy_key_xml->processed) {
658 policy_key_xml = policy_key_xml->next;
659 continue;
660 }
661
662 policy_key_db = policy_keys_db;
663 while (policy_key_db) {
664 if (policy_key_db->processed) {
665 policy_key_db = policy_key_db->next;
666 continue;
667 }
668
669 if (!policy_key_cmp(policy_key_xml->policy_key, policy_key_db->policy_key)) {
670 policy_key_xml->processed = 1;
671 policy_key_db->processed = 1;
672 break;
673 }
674
675 policy_key_db = policy_key_db->next;
676 }
677
678 policy_key_xml = policy_key_xml->next;
679 }
680
681 keys_updated = 0;
682
683 /*
684 * For each object in XML list that has not been processed,
685 * create it in the database
686 */
687 successful = 1;
688 policy_key_xml = policy_keys_xml;
689 while (policy_key_xml) {
690 if (policy_key_xml->processed) {
691 policy_key_xml = policy_key_xml->next;
692 continue;
693 }
694
695 keys_updated = 1;
696
697 if (policy_key_create(policy_key_xml->policy_key)) {
698 client_printf_err(sockfd,
699 "Unable to create %s key for policy %s in database!\n",
700 policy_key_role_text(policy_key_xml->policy_key),
701 (char*)name);
702 successful = 0;
703 database_error = 1;
704 continue;
705 }
706
707 policy_key_xml = policy_key_xml->next;
708 }
709
710 if (!successful) {
711 client_printf_err(sockfd,
712 "Unable to update policy %s in the database because of previous policy key creation error, policy is not complete in the database now!\n",
713 (char*)name);
715 xmlFree(name);
716 database_error = 1;
717 continue;
718 }
719
720 /*
721 * For each object in the database list that has not been
722 * processed, delete it from the database
723 */
724 policy_key_db = policy_keys_db;
725 while (policy_key_db) {
726 if (policy_key_db->processed) {
727 policy_key_db = policy_key_db->next;
728 continue;
729 }
730
731 keys_updated = 1;
732
733 if (policy_key_delete(policy_key_db->policy_key)) {
734 client_printf_err(sockfd,
735 "Unable to delete %s key for policy %s from database!\n",
736 policy_key_role_text(policy_key_db->policy_key),
737 (char*)name);
738 successful = 0;
739 database_error = 1;
740 continue;
741 }
742
743 policy_key_db = policy_key_db->next;
744 }
745
746 if (!successful) {
747 client_printf_err(sockfd,
748 "Unable to update policy %s in the database because of previous policy key deletion error, policy is invalid in the database now!\n",
749 (char*)name);
751 xmlFree(name);
752 database_error = 1;
753 continue;
754 }
755
756 /*
757 * Update the policy in the database
758 */
759 if (updated) {
760 if (policy_update(policy)) {
761 client_printf_err(sockfd, "Unable to update policy %s in database!\n",
762 (char*)name);
764 xmlFree(name);
765 database_error = 1;
766 continue;
767 }
768
769 ods_log_info("[policy_import] policy %s updated", (char*)name);
770 client_printf(sockfd, "Updated policy %s successfully\n",
771 (char*)name);
772 any_update = 1;
773 }
774 else if (keys_updated) {
775 ods_log_info("[policy_import] policy %s updated", (char*)name);
776 client_printf(sockfd, "Updated policy %s successfully\n",
777 (char*)name);
778 any_update = 1;
779 }
780 else {
781 client_printf(sockfd, "Policy %s already up-to-date\n",
782 (char*)name);
783 }
784 }
786 xmlFree(name);
787 }
788 }
789 }
790 signconf_task_flush_all(engine, dbconn);
791
792 if (do_delete) {
793 /*
794 * Delete policies that has not been processed
795 */
796 for (policy2 = policies; policy2; policy2 = policy2->next) {
797 if (policy2->processed) {
798 continue;
799 }
800
801 if (!(policy = policy_new(dbconn))) {
802 client_printf_err(sockfd, "Memory allocation error!\n");
803 xmlFreeDoc(doc);
804 for (policy2 = policies; policy2; policy2 = policies) {
805 free(policy2->name);
806 policies = policy2->next;
807 free(policy2);
808 }
809 __policy_import_cleanup(&policy_keys_db, &policy_keys_xml, &policies);
811 }
812
813 if (!policy_get_by_name(policy, policy2->name)) {
814 /*
815 * Check if there are still zones or hsm keys using this policy and
816 * abort if there is
817 */
818 if (!(zone_list = zone_list_db_new_get_by_policy_id(dbconn, policy_id(policy)))) {
819 client_printf_err(sockfd, "Unable to check for zones using policy %s from database!\n", policy2->name);
821 database_error = 1;
822 continue;
823 }
824 if (zone_list_db_next(zone_list)) {
825 zone_list_db_free(zone_list);
826 client_printf_err(sockfd, "Unable to delete policy %s, there are still zones using this policy!\n", policy2->name);
828 database_error = 1;
829 continue;
830 }
831 zone_list_db_free(zone_list);
833 client_printf_err(sockfd, "Unable to check for hsm keys using policy %s from database!\n", policy2->name);
835 database_error = 1;
836 continue;
837 }
840 client_printf_err(sockfd, "Unable to delete policy %s, there are still hsm keys using this policy!\n", policy2->name);
842 database_error = 1;
843 continue;
844 }
846
847 /*
848 * Try and delete all the policy keys for this policy
849 */
851 client_printf_err(sockfd, "Unable to get policy keys for policy %s from database!\n", policy2->name);
853 database_error = 1;
854 continue;
855 }
856 successful = 1;
859 client_printf_err(sockfd, "Unable to delete policy key %s in policy %s from database!\n", policy_key_role_text(policy_key), policy2->name);
860 database_error = 1;
861 successful = 0;
862 continue;
863 }
864 }
866
867 if (!successful) {
869 continue;
870 }
871 if (policy_delete(policy)) {
872 client_printf_err(sockfd, "Unable to delete policy %s from database!\n", policy2->name);
874 database_error = 1;
875 continue;
876 }
877
878 ods_log_info("[policy_import] policy %s deleted", policy2->name);
879 client_printf(sockfd, "Deleted policy %s successfully\n", policy2->name);
880 }
881 else {
882 client_printf_err(sockfd, "Unable to delete policy %s from database!\n", policy2->name);
883 database_error = 1;
884 }
886 }
887 }
888
889 if (any_update && !engine->config->manual_keygen) {
891 }
892
893 __policy_import_cleanup(&policy_keys_db, &policy_keys_xml, &policies);
894 xmlFreeDoc(doc);
895 if (database_error) {
897 }
898 if (xml_error) {
900 }
901 return POLICY_IMPORT_OK;
902}
const hsm_key_t * hsm_key_list_next(hsm_key_list_t *hsm_key_list)
Definition: hsm_key.c:1924
void hsm_key_list_free(hsm_key_list_t *hsm_key_list)
Definition: hsm_key.c:1496
hsm_key_list_t * hsm_key_list_new_get_by_policy_id(const db_connection_t *connection, const db_value_t *policy_id)
Definition: hsm_key.c:1809
int hsm_key_factory_schedule_generate_all(engine_type *engine, time_t duration)
int check_kasp(const char *kasp, char **repo_list, int repo_count, int verbose, char ***policy_names_out, int *policy_count_out)
Definition: kc_helper.c:1749
policy_t * policy_new(const db_connection_t *connection)
Definition: policy.c:479
void policy_list_free(policy_list_t *policy_list)
Definition: policy.c:2664
const policy_t * policy_list_next(policy_list_t *policy_list)
Definition: policy.c:3214
policy_list_t * policy_list_new_get(const db_connection_t *connection)
Definition: policy.c:3079
int policy_get_by_name(policy_t *policy, const char *name)
Definition: policy.c:2040
const char * policy_name(const policy_t *policy)
Definition: policy.c:813
int policy_create(policy_t *policy)
Definition: policy.c:1561
const db_value_t * policy_id(const policy_t *policy)
Definition: policy.c:805
int policy_delete(policy_t *policy)
Definition: policy.c:2571
void policy_free(policy_t *policy)
Definition: policy.c:518
int policy_update(policy_t *policy)
Definition: policy.c:2110
int policy_update_from_xml(policy_t *policy, xmlNodePtr policy_node, int *updated)
Definition: policy_ext.c:1227
int policy_create_from_xml(policy_t *policy, xmlNodePtr policy_node)
Definition: policy_ext.c:1216
int policy_import(int sockfd, engine_type *engine, db_connection_t *dbconn, int do_delete)
#define POLICY_IMPORT_ERR_ARGS
Definition: policy_import.h:42
#define POLICY_IMPORT_ERR_DATABASE
Definition: policy_import.h:50
#define POLICY_IMPORT_ERR_MEMORY
Definition: policy_import.h:54
#define POLICY_IMPORT_ERR_XML
Definition: policy_import.h:46
#define POLICY_IMPORT_OK
Definition: policy_import.h:38
void policy_key_reset(policy_key_t *policy_key)
Definition: policy_key.c:264
policy_key_t * policy_key_new(const db_connection_t *connection)
Definition: policy_key.c:209
int policy_key_copy(policy_key_t *policy_key, const policy_key_t *policy_key_copy)
Definition: policy_key.c:289
int policy_key_cmp(const policy_key_t *policy_key_a, const policy_key_t *policy_key_b)
Definition: policy_key.c:359
int policy_key_delete(policy_key_t *policy_key)
Definition: policy_key.c:913
policy_key_list_t * policy_key_list_new_get_by_policy_id(const db_connection_t *connection, const db_value_t *policy_id)
Definition: policy_key.c:1299
policy_key_list_t * policy_key_list_new(const db_connection_t *connection)
Definition: policy_key.c:963
const policy_key_t * policy_key_list_next(policy_key_list_t *policy_key_list)
Definition: policy_key.c:1378
void policy_key_list_free(policy_key_list_t *policy_key_list)
Definition: policy_key.c:1006
const char * policy_key_role_text(const policy_key_t *policy_key)
Definition: policy_key.c:494
void policy_key_free(policy_key_t *policy_key)
Definition: policy_key.c:246
int policy_key_set_policy_id(policy_key_t *policy_key, const db_value_t *policy_id)
Definition: policy_key.c:574
policy_key_t * policy_key_list_get_next(policy_key_list_t *policy_key_list)
Definition: policy_key.c:1444
int policy_key_create(policy_key_t *policy_key)
Definition: policy_key.c:702
int policy_key_list_get_by_policy_id(policy_key_list_t *policy_key_list, const db_value_t *policy_id)
Definition: policy_key.c:1236
int policy_key_create_from_xml(policy_key_t *policy_key, xmlNodePtr key_node)
void signconf_task_flush_all(engine_type *engine, db_connection_t *dbconn)
struct __policy_import_policy_key * next
Definition: policy_import.c:46
struct __policy_import_policy * next
Definition: policy_import.c:53
engineconfig_type * config
Definition: engine.h:48
const char * policy_filename
Definition: cfg.h:56
hsm_repository_t * repositories
Definition: cfg.h:79
int manual_keygen
Definition: cfg.h:74
Definition: policy.h:60
zone_list_db_t * zone_list_db_new_get_by_policy_id(const db_connection_t *connection, const db_value_t *policy_id)
Definition: zone_db.c:2524
const zone_db_t * zone_list_db_next(zone_list_db_t *zone_list)
Definition: zone_db.c:2603
void zone_list_db_free(zone_list_db_t *zone_list)
Definition: zone_db.c:1989