OpenDNSSEC-enforcer 2.1.13
enforce_task.c
Go to the documentation of this file.
1/*
2 * Copyright (c) 2011 Surfnet
3 * Copyright (c) 2011 .SE (The Internet Infrastructure Foundation).
4 * Copyright (c) 2011 OpenDNSSEC AB (svb)
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
20 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
22 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
24 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
25 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
26 * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 *
28 */
29
30#include "config.h"
31
32#include <pthread.h>
33
34#include "enforcer/enforcer.h"
35#include "clientpipe.h"
36#include "daemon/engine.h"
40#include "duration.h"
41#include "file.h"
42#include "log.h"
43#include "scheduler/schedule.h"
44#include "scheduler/task.h"
45#include "db/zone_db.h"
46#include "db/db_clause.h"
47
49
50static const char *module_str = "enforce_task";
51
52static time_t
53perform_enforce(int sockfd, engine_type *engine, char const *zonename,
54 db_connection_t *dbconn)
55{
56 zone_db_t *zone;
58 time_t t_next;
59 int zone_updated = 0;
60 int bSignerConfNeedsWriting = 0;
61 int bSubmitToParent = 0;
62 int bRetractFromParent = 0;
63 key_data_list_t *keylist;
64 key_data_t const *key;
65
66
67 zone = zone_db_new_get_by_name(dbconn, zonename);
68 if (!zone) {
69 ods_log_error("[%s] Could not find zone %s in database",
70 module_str, zonename);
71 return -1;
72 }
73
74 if (!(policy = zone_db_get_policy(zone))) {
75 ods_log_error("Next update for zone %s NOT scheduled "
76 "because policy is missing !\n", zone_db_name(zone));
77 zone_db_free(zone);
78 return -1;
79 }
80
82 ods_log_info("Passing through zone %s.\n", zone_db_name(zone));
83 bSignerConfNeedsWriting = 1;
84 t_next = schedule_SUCCESS;
85 } else {
86 t_next = update(engine, dbconn, zone, policy, time_now(), &zone_updated);
87 bSignerConfNeedsWriting = zone_db_signconf_needs_writing(zone);
88 }
89
91
92 /* Commit zone to database before we schedule signconf */
93 if (zone_updated) {
94 (void)zone_db_set_next_change(zone, t_next);
95 (void)zone_db_update(zone);
96 }
97
98 if (bSignerConfNeedsWriting) {
99 signconf_task_flush_zone(engine, dbconn, zonename);
100 } else {
101 ods_log_info("[%s] No changes to signconf file required for zone %s", module_str, zonename);
102 }
103
104 keylist = zone_db_get_keys(zone);
105 while ((key = key_data_list_next(keylist))) {
107 ods_log_warning("[%s] please submit DS "
108 "with keytag %d for zone %s",
109 module_str, key_data_keytag(key)&0xFFFF, zone_db_name(zone));
110 bSubmitToParent = 1;
112 ods_log_warning("[%s] please retract DS "
113 "with keytag %d for zone %s",
114 module_str, key_data_keytag(key)&0xFFFF, zone_db_name(zone));
115 bRetractFromParent = 1;
116 }
117 }
118 key_data_list_free(keylist);
119
120 /* Launch ds-submit task when one of the updated key states has the
121 * DS_SUBMIT flag set. */
122 if (bSubmitToParent) {
123 task_type *submit = keystate_ds_submit_task(engine, zonename);
124 schedule_task(engine->taskq, submit, 1, 0);
125 }
126 /* Launch ds-retract task when one of the updated key states has the
127 * DS_RETRACT flag set. */
128 if (bRetractFromParent) {
129 task_type *retract = keystate_ds_retract_task(engine, zonename);
130 schedule_task(engine->taskq, retract, 1, 0);
131 }
132
133 zone_db_free(zone);
134 return t_next;
135}
136
137time_t
138enforce_task_perform(task_type* task, char const *owner, void *userdata, void *context)
139{
140 db_connection_t* dbconn = (db_connection_t*) context;
141 return perform_enforce(-1, (engine_type *)userdata, owner, dbconn);
142}
143
144task_type *
145enforce_task(engine_type *engine, char const *owner)
146{
147 return task_create(strdup(owner), TASK_CLASS_ENFORCER, TASK_TYPE_ENFORCE,
148 enforce_task_perform, engine, NULL, time_now());
149}
150
151void
152enforce_task_flush_zone(engine_type *engine, char const *zonename)
153{
154 (void)schedule_task(engine->taskq, enforce_task(engine, zonename), 1, 0);
155}
156
157void
159 policy_t const *policy)
160{
161 zone_db_t const *zone;
162 zone_list_db_t *zonelist;
163
164 ods_log_assert(policy);
165
167 if (!zonelist) {
168 ods_log_error("[%s] Can't fetch zones for policy %s from database",
169 module_str, policy_name(policy));
170 return;
171 }
172 while ((zone = zone_list_db_next(zonelist))) {
173 (void)schedule_task(engine->taskq, enforce_task(engine, zone->name), 1, 0);
174 }
175 zone_list_db_free(zonelist);
176}
177
178void
180{
181 zone_list_db_t *zonelist;
182 const zone_db_t *zone;
183
184 zonelist = zone_list_db_new_get(dbconn);
185 if (!zonelist) {
186 db_connection_free(dbconn);
187 ods_fatal_exit("[%s] failed to list zones from DB", module_str);
188 }
189 while ((zone = zone_list_db_next(zonelist))) {
190 (void)schedule_task(engine->taskq, enforce_task(engine, zone->name), 1, 0);
191 }
192 zone_list_db_free(zonelist);
193}
void db_connection_free(db_connection_t *connection)
Definition: db_connection.c:45
task_type * enforce_task(engine_type *engine, char const *owner)
Definition: enforce_task.c:145
void enforce_task_flush_all(engine_type *engine, db_connection_t *dbconn)
Definition: enforce_task.c:179
time_t enforce_task_perform(task_type *task, char const *owner, void *userdata, void *context)
Definition: enforce_task.c:138
void enforce_task_flush_zone(engine_type *engine, char const *zonename)
Definition: enforce_task.c:152
void enforce_task_flush_policy(engine_type *engine, db_connection_t *dbconn, policy_t const *policy)
Definition: enforce_task.c:158
time_t update(engine_type *engine, db_connection_t *dbconn, zone_db_t *zone, policy_t const *policy, time_t now, int *zone_updated)
Definition: enforcer.c:2678
unsigned int key_data_keytag(const key_data_t *key_data)
Definition: key_data.c:767
void key_data_list_free(key_data_list_t *key_data_list)
Definition: key_data.c:1694
const key_data_t * key_data_list_next(key_data_list_t *key_data_list)
Definition: key_data.c:2359
key_data_ds_at_parent
Definition: key_data.h:50
@ KEY_DATA_DS_AT_PARENT_RETRACT
Definition: key_data.h:56
@ KEY_DATA_DS_AT_PARENT_SUBMIT
Definition: key_data.h:53
task_type * keystate_ds_retract_task(engine_type *engine, char const *owner)
task_type * keystate_ds_submit_task(engine_type *engine, char const *owner)
unsigned int policy_passthrough(const policy_t *policy)
Definition: policy.c:1085
const char * policy_name(const policy_t *policy)
Definition: policy.c:813
const db_value_t * policy_id(const policy_t *policy)
Definition: policy.c:805
void policy_free(policy_t *policy)
Definition: policy.c:518
void signconf_task_flush_zone(engine_type *engine, db_connection_t *dbconn, const char *zonename)
Definition: signconf_task.c:76
schedule_type * taskq
Definition: engine.h:60
Definition: policy.h:60
char * name
Definition: zone_db.h:53
zone_list_db_t * zone_list_db_new_get(const db_connection_t *connection)
Definition: zone_db.c:2402
void zone_db_free(zone_db_t *zone)
Definition: zone_db.c:325
policy_t * zone_db_get_policy(const zone_db_t *zone)
Definition: zone_db.c:744
const char * zone_db_name(const zone_db_t *zone)
Definition: zone_db.c:782
zone_list_db_t * zone_list_db_new_get_by_policy_id(const db_connection_t *connection, const db_value_t *policy_id)
Definition: zone_db.c:2524
int zone_db_update(zone_db_t *zone)
Definition: zone_db.c:1589
unsigned int zone_db_signconf_needs_writing(const zone_db_t *zone)
Definition: zone_db.c:790
zone_db_t * zone_db_new_get_by_name(const db_connection_t *connection, const char *name)
Definition: zone_db.c:1569
const zone_db_t * zone_list_db_next(zone_list_db_t *zone_list)
Definition: zone_db.c:2603
int zone_db_set_next_change(zone_db_t *zone, int next_change)
Definition: zone_db.c:991
void zone_list_db_free(zone_list_db_t *zone_list)
Definition: zone_db.c:1989
key_data_list_t * zone_db_get_keys(const zone_db_t *zone)
Definition: zone_db_ext.c:56