OpenDNSSEC-enforcer  2.0.4
backup_hsmkeys_cmd.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2011 Surfnet
3  * Copyright (c) 2011 .SE (The Internet Infrastructure Foundation).
4  * Copyright (c) 2011 OpenDNSSEC AB (svb)
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  * notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  * notice, this list of conditions and the following disclaimer in the
14  * documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
20  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
22  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
24  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
25  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
26  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27  *
28  */
29 
30 #include "config.h"
31 
32 #include "daemon/cmdhandler.h"
33 #include "daemon/engine.h"
34 #include "file.h"
35 #include "log.h"
36 #include "str.h"
37 #include "duration.h"
38 #include "clientpipe.h"
39 #include "libhsm.h"
40 #include "db/hsm_key.h"
41 
43 
44 static const char *module_str = "backup_hsmkeys_cmd";
45 
46 enum {
51 };
52 
53 static int
54 hsmkeys_from_to_state(db_connection_t *dbconn, db_clause_list_t* clause_list,
55  hsm_key_backup_t from_state, hsm_key_backup_t to_state)
56 {
57  hsm_key_list_t* hsmkey_list;
58  hsm_key_t *hsmkey;
59  int keys_marked = 0;
60 
61  if (!hsm_key_backup_clause(clause_list, from_state)
62  || !(hsmkey_list = hsm_key_list_new_get_by_clauses(dbconn, clause_list)))
63  {
64  ods_log_error("[%s] database error", module_str);
65  return -1;
66  }
67 
68  while ((hsmkey = hsm_key_list_get_next(hsmkey_list))) {
69  if (hsm_key_set_backup(hsmkey, to_state) ||
70  hsm_key_update(hsmkey))
71  {
72  ods_log_error("[%s] database error", module_str);
73  hsm_key_free(hsmkey);
74  hsm_key_list_free(hsmkey_list);
75  return -1;
76  }
77  keys_marked++;
78  hsm_key_free(hsmkey);
79  }
80  hsm_key_list_free(hsmkey_list);
81 
82  return keys_marked;
83 }
84 
85 static int
86 prepare(int sockfd, db_connection_t *dbconn, db_clause_list_t* clause_list)
87 {
88  int keys_marked = hsmkeys_from_to_state(dbconn, clause_list,
90  if (keys_marked < 0) {
91  return 1;
92  }
93  client_printf(sockfd,"info: keys flagged for backup: %d\n", keys_marked);
94  return 0;
95 }
96 
97 static int
98 commit(int sockfd, db_connection_t *dbconn, db_clause_list_t* clause_list)
99 {
100  int keys_marked = hsmkeys_from_to_state(dbconn, clause_list,
102  if (keys_marked < 0) {
103  return 1;
104  }
105  client_printf(sockfd,"info: keys marked backup done: %d\n", keys_marked);
106  return 0;
107 }
108 
109 static int
110 rollback(int sockfd, db_connection_t *dbconn, db_clause_list_t* clause_list)
111 {
112  int keys_marked = hsmkeys_from_to_state(dbconn, clause_list,
114  if (keys_marked < 0) {
115  return 1;
116  }
117  client_printf(sockfd,"info: keys unflagged for backup: %d\n", keys_marked);
118  return 0;
119 }
120 
121 static int
122 list(int sockfd, db_connection_t *dbconn, db_clause_list_t* clause_list)
123 {
124  hsm_key_list_t* hsmkey_list;
125  const hsm_key_t *hsmkey;
126 
127  if (!(hsmkey_list = hsm_key_list_new_get_by_clauses(dbconn, clause_list))) {
128  ods_log_error("[%s] database error", module_str);
129  return -1;
130  }
131 
132  /* TODO: Header */
133  for (hsmkey = hsm_key_list_next(hsmkey_list); hsmkey;
134  hsmkey = hsm_key_list_next(hsmkey_list))
135  {
136  /* TODO: propper output */
137  client_printf(sockfd, "%s\n", hsm_key_locator(hsmkey));
138  }
139  hsm_key_list_free(hsmkey_list);
140  return 0;
141 }
142 
143 static void
144 usage(int sockfd)
145 {
146  client_printf(sockfd,
147  "backup list\n"
148  " --repository <repository> aka -r\n");
149  client_printf(sockfd,
150  "backup prepare \n"
151  " --repository <repository> aka -r\n");
152  client_printf(sockfd,
153  "backup commit\n"
154  " --repository <repository> aka -r \n");
155  client_printf(sockfd,
156  "backup rollback\n"
157  " --repository <repository> aka -r \n");
158 }
159 
160 static void
161 help(int sockfd)
162 {
163  client_printf(sockfd,
164  "backup list Enumerate backup status of keys.\n"
165  "backup prepare Flag the keys found in all configured HSMs as to be backed up.\n"
166  "backup commit Mark flagged keys found in all configured HSMs as backed up.\n"
167  "backup rollback Cancel a 'backup prepare' action.\n"
168  "\nOptions:\n"
169  "repository Limit to this repository\n\n");
170 }
171 
172 static int
173 handles(const char *cmd, ssize_t n)
174 {
175  if (ods_check_command(cmd, n, "backup prepare")) return 1;
176  if (ods_check_command(cmd, n, "backup commit")) return 1;
177  if (ods_check_command(cmd, n, "backup rollback")) return 1;
178  if (ods_check_command(cmd, n, "backup list")) return 1;
179  return 0;
180 }
181 
182 static const char *
183 get_repo_param(const char *cmd, ssize_t n, char *buf, size_t buflen)
184 {
185  #define NARGV 8
186  const char *argv[NARGV];
187  int argc;
188  const char *repository = NULL;
189  (void)n;
190 
191  strncpy(buf, cmd, buflen);
192  argc = ods_str_explode(buf, NARGV, argv);
193  buf[sizeof(buf)-1] = '\0';
194  if (argc > NARGV) {
195  ods_log_warning("[%s] too many arguments for %s command",
196  module_str,cmd);
197  return NULL;
198  }
199  (void)ods_find_arg_and_param(&argc, argv, "repository", "r",
200  &repository);
201  return repository; /* ptr in buf */
202 }
203 
204 static int
205 run(int sockfd, engine_type* engine, const char *cmd, ssize_t n,
206  db_connection_t *dbconn)
207 {
208  char buf[ODS_SE_MAXLINE];
209  int status;
210  const char *repository;
211  db_clause_list_t* clause_list;
212  (void)engine;
213 
214  if (!handles(cmd, n)) return -1;
215  repository = get_repo_param(cmd, n, buf, ODS_SE_MAXLINE);
216 
217  /* iterate the keys */
218  if (!(clause_list = db_clause_list_new())) {
219  ods_log_error("[%s] database error", module_str);
220  return 1;
221  }
222  if (repository && !hsm_key_repository_clause(clause_list, repository)) {
223  db_clause_list_free(clause_list);
224  ods_log_error("[%s] Could not get key list", module_str);
225  return 1;
226  }
227 
228  /* Find out what we need to do */
229  if (ods_check_command(cmd,n,"backup prepare"))
230  status = prepare(sockfd, dbconn, clause_list);
231  else if (ods_check_command(cmd,n,"backup commit"))
232  status = commit(sockfd, dbconn, clause_list);
233  else if (ods_check_command(cmd,n,"backup rollback"))
234  status = rollback(sockfd, dbconn, clause_list);
235  else if (ods_check_command(cmd,n,"backup list"))
236  status = list(sockfd, dbconn, clause_list);
237  else
238  status = -1;
239 
240  db_clause_list_free(clause_list);
241  return status;
242 }
243 
244 static struct cmd_func_block funcblock = {
245  "backup", &usage, &help, &handles, &run
246 };
247 
248 struct cmd_func_block*
250 {
251  return &funcblock;
252 }
#define NARGV
void(* help)(int sockfd)
Definition: cmdhandler.h:64
db_clause_list_t * db_clause_list_new(void)
Definition: db_clause.c:202
int(* run)(int sockfd, struct engine_struct *engine, const char *cmd, ssize_t n, db_connection_t *dbconn)
Definition: cmdhandler.h:79
const hsm_key_t * hsm_key_list_next(hsm_key_list_t *hsm_key_list)
Definition: hsm_key.c:1924
void ods_log_error(const char *format,...)
Definition: log.c:69
int hsm_key_set_backup(hsm_key_t *hsm_key, hsm_key_backup_t backup)
Definition: hsm_key.c:716
void db_clause_list_free(db_clause_list_t *clause_list)
Definition: db_clause.c:209
db_clause_t * hsm_key_backup_clause(db_clause_list_t *clause_list, hsm_key_backup_t backup)
Definition: hsm_key.c:906
int hsm_key_update(hsm_key_t *hsm_key)
Definition: hsm_key.c:1225
void(* usage)(int sockfd)
Definition: cmdhandler.h:61
const char * hsm_key_locator(const hsm_key_t *hsm_key)
Definition: hsm_key.c:520
db_clause_t * hsm_key_repository_clause(db_clause_list_t *clause_list, const char *repository_text)
Definition: hsm_key.c:882
hsm_key_t * hsm_key_list_get_next(hsm_key_list_t *hsm_key_list)
Definition: hsm_key.c:1990
void hsm_key_free(hsm_key_t *hsm_key)
Definition: hsm_key.c:286
struct cmd_func_block * backup_funcblock(void)
hsm_key_list_t * hsm_key_list_new_get_by_clauses(const db_connection_t *connection, const db_clause_list_t *clause_list)
Definition: hsm_key.c:1726
int(* handles)(const char *cmd, ssize_t n)
Definition: cmdhandler.h:67
void hsm_key_list_free(hsm_key_list_t *hsm_key_list)
Definition: hsm_key.c:1496
enum hsm_key_backup hsm_key_backup_t
void ods_log_warning(const char *format,...)
Definition: log.c:62