OpenDNSSEC-enforcer 2.1.13
key_purge_cmd.c
Go to the documentation of this file.
1/*
2 * Copyright (c) 2017 NLNet Labs. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
15 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
17 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
19 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
20 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
21 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
22 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
23 * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24 *
25 */
26#include "daemon/engine.h"
27#include "cmdhandler.h"
29#include "log.h"
30#include "str.h"
31#include "clientpipe.h"
32#include "longgetopt.h"
34#include "db/key_data.h"
35#include "keystate/key_purge.h"
36
38
39#include <getopt.h>
40
41static const char *module_str = "key_purge_cmd";
42
43static void
44usage(int sockfd)
45{
46 client_printf(sockfd,
47 "key purge\n"
48 " --policy <policy> | --zone <zone> aka -p | -z\n"
49 " --delete or -d\n");
50}
51
52static void
53help(int sockfd)
54{
55 client_printf(sockfd,
56 "This command will remove keys from the database (and HSM) that "
57 "are dead. Use with caution.\n"
58 "\nOptions:\n"
59 "policy limit the purge to the given policy\n"
60 "zone limit the purge to the given zone\n"
61 "the -d flag will cause the keys to be deleted from the HSM\n\n"
62 );
63}
64
65
73static int
74run(cmdhandler_ctx_type* context, int argc, char* argv[])
75{
76 int sockfd = context->sockfd;
77 struct longgetopt optctx;
78 zone_db_t *zone;
80 const char *zone_name = NULL;
81 const char *policy_name = NULL;
82 int long_index = 0, opt = 0;
83 int error = 0;
84 int hsmPurge = 0;
85 db_connection_t* dbconn = getconnectioncontext(context);
86
87 static struct option long_options[] = {
88 {"zone", required_argument, 0, 'z'},
89 {"policy", required_argument, 0, 'p'},
90 {"delete", no_argument, 0, 'd'},
91 {0, 0, 0, 0}
92 };
93
94 if (!dbconn) return 1;
95
96 for(opt = longgetopt(argc, argv, "z:p:d", long_options, &long_index, &optctx); opt != -1;
97 opt = longgetopt(argc, argv, NULL, long_options, &long_index, &optctx)) {
98 switch (opt) {
99 case 'z':
100 zone_name = optctx.optarg;
101 break;
102 case 'p':
103 policy_name = optctx.optarg;
104 break;
105 case 'd':
106 hsmPurge = 1;
107 break;
108 default:
109 client_printf_err(sockfd, "unknown arguments\n");
110 ods_log_error("[%s] unknown arguments for key purge command", module_str);
111 return -1;
112 }
113 }
114
115 if ((!zone_name && !policy_name) || (zone_name && policy_name)) {
116 ods_log_error("[%s] expected either --zone or --policy", module_str);
117 client_printf_err(sockfd, "expected either --zone or --policy \n");
118 return -1;
119 }
120
121 if (zone_name) {
122 zone = zone_db_new(dbconn);
123 if (zone_db_get_by_name(zone, zone_name)) {
124 client_printf_err(sockfd, "unknown zone %s\n", zone_name);
125 zone_db_free(zone);
126 zone = NULL;
127 return -1;
128 }
129 error = removeDeadKeysNow(sockfd, dbconn, NULL, zone, hsmPurge);
130 zone_db_free(zone);
131 zone = NULL;
132 return error;
133 }
134
135 /* have policy_name since it is mutualy exlusive with zone_name */
136 policy = policy_new(dbconn);
139 policy = NULL;
140 client_printf_err(sockfd, "unknown policy %s\n", policy_name);
141 return -1;
142 }
143 error = removeDeadKeysNow(sockfd, dbconn, policy, NULL, hsmPurge);
145 policy = NULL;
146 return error;
147}
148
149struct cmd_func_block key_purge_funcblock = {
150 "key purge", &usage, &help, NULL, NULL, &run, NULL};
db_connection_t * getconnectioncontext(cmdhandler_ctx_type *context)
int removeDeadKeysNow(int sockfd, db_connection_t *dbconn, policy_t *policy, zone_db_t *rzone, int purge)
Definition: key_purge.c:65
struct cmd_func_block key_purge_funcblock
policy_t * policy_new(const db_connection_t *connection)
Definition: policy.c:479
int policy_get_by_name(policy_t *policy, const char *name)
Definition: policy.c:2040
const char * policy_name(const policy_t *policy)
Definition: policy.c:813
void policy_free(policy_t *policy)
Definition: policy.c:518
Definition: policy.h:60
void zone_db_free(zone_db_t *zone)
Definition: zone_db.c:325
zone_db_t * zone_db_new(const db_connection_t *connection)
Definition: zone_db.c:287
int zone_db_get_by_name(zone_db_t *zone, const char *name)
Definition: zone_db.c:1519