OpenDNSSEC-enforcer  1.4.5
kc_helper.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2012 Nominet UK. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  * notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  * notice, this list of conditions and the following disclaimer in the
11  * documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
15  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
17  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
19  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
20  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
21  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
22  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
23  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  */
25 
26 #define _GNU_SOURCE
27 #include <syslog.h>
28 #include <stdarg.h>
29 #include <stdio.h>
30 #include <string.h>
31 #include <sys/stat.h>
32 #include <errno.h>
33 #include <pwd.h>
34 #include <grp.h>
35 #include <limits.h>
36 #include <ctype.h>
37 
38 #include <libxml/tree.h>
39 #include <libxml/parser.h>
40 #include <libxml/xpath.h>
41 #include <libxml/xpathInternals.h>
42 #include <libxml/relaxng.h>
43 
44 #include "kc_helper.h"
45 
46 extern int verbose;
47 
48 #define StrFree(ptr) {if(ptr != NULL) {free(ptr); (ptr) = NULL;}}
49 
50 void log_init(int facility, const char *program_name)
51 {
52  openlog(program_name, 0, facility);
53 }
54 
55 /* Switch log to new facility */
56 void log_switch(int facility, const char *program_name)
57 {
58  closelog();
59  openlog(program_name, 0, facility);
60 }
61 
62 /* As far as possible we send messages both to syslog and STDOUT */
63 void dual_log(const char *format, ...) {
64 
65  /* If the variable arg list is bad then random errors can occur */
66  va_list args;
67  va_list args2;
68  va_start(args, format);
69  va_copy(args2, args);
70 
71  if (strncmp(format, "ERROR:", 6) == 0) {
72  vsyslog(LOG_ERR, format, args);
73  }
74  else if (strncmp(format, "WARNING:", 8) == 0) {
75  vsyslog(LOG_WARNING, format, args);
76  }
77  else if (strncmp(format, "DEBUG:", 6) == 0) {
78  vsyslog(LOG_DEBUG, format, args);
79  }
80  else {
81  vsyslog(LOG_INFO, format, args);
82  }
83 
84  vprintf(format, args2);
85  printf("\n");
86 
87  va_end(args);
88  va_end(args2);
89 }
90 
91 /* Check an XML file against its rng */
92 int check_rng(const char *filename, const char *rngfilename) {
93 
94  xmlDocPtr doc = NULL;
95  xmlDocPtr rngdoc = NULL;
96  xmlRelaxNGParserCtxtPtr rngpctx = NULL;
97  xmlRelaxNGValidCtxtPtr rngctx = NULL;
98  xmlRelaxNGPtr schema = NULL;
99 
100  if (verbose) {
101  dual_log("DEBUG: About to check XML validity in %s", filename);
102  }
103 
104  /* Load XML document */
105  doc = xmlParseFile(filename);
106  if (doc == NULL) {
107  dual_log("ERROR: unable to parse file \"%s\"", filename);
108  /* Maybe the file doesn't exist? */
109  check_file(filename, "Configuration file");
110 
111  return(1);
112  }
113 
114  /* Load rng document */
115  rngdoc = xmlParseFile(rngfilename);
116  if (rngdoc == NULL) {
117  dual_log("ERROR: unable to parse file \"%s\"", rngfilename);
118  /* Maybe the file doesn't exist? */
119  check_file(rngfilename, "RNG file");
120 
121  xmlFreeDoc(doc);
122 
123  return(1);
124  }
125 
126  /* Create an XML RelaxNGs parser context for the relax-ng document. */
127  rngpctx = xmlRelaxNGNewDocParserCtxt(rngdoc);
128  if (rngpctx == NULL) {
129  dual_log("ERROR: unable to create XML RelaxNGs parser context");
130 
131  xmlFreeDoc(doc);
132  xmlFreeDoc(rngdoc);
133 
134  return(1);
135  }
136 
137  xmlRelaxNGSetParserErrors(rngpctx,
138  (xmlRelaxNGValidityErrorFunc) fprintf,
139  (xmlRelaxNGValidityWarningFunc) fprintf,
140  stderr);
141 
142  /* parse a schema definition resource and build an internal XML Shema struture which can be used to validate instances. */
143  schema = xmlRelaxNGParse(rngpctx);
144  if (schema == NULL) {
145  dual_log("ERROR: unable to parse a schema definition resource");
146 
147  xmlRelaxNGFreeParserCtxt(rngpctx);
148  xmlFreeDoc(doc);
149  xmlFreeDoc(rngdoc);
150 
151  return(1);
152  }
153 
154  /* Create an XML RelaxNGs validation context based on the given schema */
155  rngctx = xmlRelaxNGNewValidCtxt(schema);
156  if (rngctx == NULL) {
157  dual_log("ERROR: unable to create RelaxNGs validation context based on the schema");
158 
159  xmlRelaxNGFree(schema);
160  xmlRelaxNGFreeParserCtxt(rngpctx);
161  xmlFreeDoc(doc);
162  xmlFreeDoc(rngdoc);
163 
164  return(1);
165  }
166 
167  xmlRelaxNGSetValidErrors(rngctx,
168  (xmlRelaxNGValidityErrorFunc) fprintf,
169  (xmlRelaxNGValidityWarningFunc) fprintf,
170  stderr);
171 
172  /* Validate a document tree in memory. */
173  if (xmlRelaxNGValidateDoc(rngctx,doc) != 0) {
174  dual_log("ERROR: %s fails to validate", filename);
175 
176  xmlRelaxNGFreeValidCtxt(rngctx);
177  xmlRelaxNGFree(schema);
178  xmlRelaxNGFreeParserCtxt(rngpctx);
179  xmlFreeDoc(doc);
180  xmlFreeDoc(rngdoc);
181 
182  return(1);
183  }
184 
185  xmlRelaxNGFreeValidCtxt(rngctx);
186  xmlRelaxNGFree(schema);
187  xmlRelaxNGFreeParserCtxt(rngpctx);
188  xmlFreeDoc(doc);
189  xmlFreeDoc(rngdoc);
190 
191  return 0;
192 }
193 
194 int check_file(const char *filename, const char *log_string) {
195  struct stat stat_ret;
196 
197  if (stat(filename, &stat_ret) != 0) {
198 
199  if (errno != ENOENT) {
200  dual_log("ERROR: cannot stat file %s: %s",
201  filename, strerror(errno));
202  return 1;
203  }
204 
205  dual_log("ERROR: %s (%s) does not exist", log_string, filename);
206  return 1;
207  }
208 
209  if (S_ISREG(stat_ret.st_mode)) {
210  /* The file exists */
211  return 0;
212  }
213 
214  dual_log("ERROR: %s (%s) does not exist", log_string, filename);
215  return 1;
216 }
217 
218 int check_file_from_xpath(xmlXPathContextPtr xpath_ctx, const char *log_string, const xmlChar *file_xexpr) {
219  int status = 0;
220  xmlXPathObjectPtr xpath_obj;
221  char* temp_char = NULL;
222  char* str = NULL;
223 
224  xpath_obj = xmlXPathEvalExpression(file_xexpr, xpath_ctx);
225  if(xpath_obj == NULL) {
226  dual_log("ERROR: unable to evaluate xpath expression: %s", file_xexpr);
227  return 1;
228  }
229  if (xpath_obj->nodesetval != NULL && xpath_obj->nodesetval->nodeNr > 0) {
230  temp_char = (char*) xmlXPathCastToString(xpath_obj);
231 
232  /* strip off any trailing characters (needed for DSSub with cks_id) */
233  str = strrchr(temp_char, ' ');
234  if (str) {
235  *str = 0;
236  }
237 
238  status = check_file(temp_char, log_string);
239 
240  StrFree(temp_char);
241  } else {
242  /* Not set; return -1 so that we can test the default path */
243  xmlXPathFreeObject(xpath_obj);
244  return -1;
245  }
246 
247  xmlXPathFreeObject(xpath_obj);
248  return status;
249 }
250 
251 int check_path(const char *pathname, const char *log_string) {
252  struct stat stat_ret;
253 
254  if (stat(pathname, &stat_ret) != 0) {
255  if (errno != ENOENT) {
256  dual_log("ERROR: cannot stat directory %s: %s",
257  pathname, strerror(errno));
258  return 1;
259  }
260 
261  dual_log("ERROR: %s (%s) does not exist", log_string, pathname);
262  return 1;
263  }
264 
265  if (S_ISDIR(stat_ret.st_mode)) {
266  /* The directory exists */
267  return 0;
268  }
269 
270  dual_log("ERROR: %s (%s) is not a directory", log_string, pathname);
271  return 1;
272 }
273 
274 int check_path_from_xpath(xmlXPathContextPtr xpath_ctx, const char *log_string, const xmlChar *path_xexpr) {
275  int status = 0;
276  xmlXPathObjectPtr xpath_obj;
277  char* temp_char = NULL;
278 
279  xpath_obj = xmlXPathEvalExpression(path_xexpr, xpath_ctx);
280  if(xpath_obj == NULL) {
281  dual_log("ERROR: unable to evaluate xpath expression: %s", path_xexpr);
282  return 1;
283  }
284  if (xpath_obj->nodesetval != NULL && xpath_obj->nodesetval->nodeNr > 0) {
285  temp_char = (char*) xmlXPathCastToString(xpath_obj);
286 
287  status = check_path(temp_char, log_string);
288 
289  StrFree(temp_char);
290  } else {
291  /* Not set; return -1 so that we can test the default path */
292  xmlXPathFreeObject(xpath_obj);
293  return -1;
294  }
295 
296  xmlXPathFreeObject(xpath_obj);
297  return status;
298 }
299 
300 int check_user_group(xmlXPathContextPtr xpath_ctx, const xmlChar *user_xexpr, const xmlChar *group_xexpr) {
301  int status = 0;
302  xmlXPathObjectPtr xpath_obj;
303  char* temp_char = NULL;
304 
305  struct passwd *pwd;
306  struct group *grp;
307 
308  /* Group if specified */
309  xpath_obj = xmlXPathEvalExpression(group_xexpr, xpath_ctx);
310  if(xpath_obj == NULL) {
311  dual_log("ERROR: unable to evaluate xpath expression: %s", group_xexpr);
312  return(1);
313  }
314  if (xpath_obj->nodesetval != NULL && xpath_obj->nodesetval->nodeNr > 0) {
315  temp_char = (char*) xmlXPathCastToString(xpath_obj);
316 
317  if ((grp = getgrnam(temp_char)) == NULL) {
318  dual_log("ERROR: Group '%s' does not exist", temp_char);
319  status += 1;
320  }
321  endgrent();
322 
323  StrFree(temp_char);
324  }
325  xmlXPathFreeObject(xpath_obj);
326 
327  /* User if specified */
328  xpath_obj = xmlXPathEvalExpression(user_xexpr, xpath_ctx);
329  if(xpath_obj == NULL) {
330  dual_log("ERROR: unable to evaluate xpath expression: %s", user_xexpr);
331  return(1);
332  }
333  if (xpath_obj->nodesetval != NULL && xpath_obj->nodesetval->nodeNr > 0) {
334  temp_char = (char*) xmlXPathCastToString(xpath_obj);
335 
336  if ((pwd = getpwnam(temp_char)) == NULL) {
337  dual_log("ERROR: User '%s' does not exist", temp_char);
338  status += 1;
339  }
340  endpwent();
341 
342  StrFree(temp_char);
343  }
344 
345  xmlXPathFreeObject(xpath_obj);
346 
347  return status;
348 }
349 
350 int check_time_def(const char *time_expr, const char *location, const char *field, const char *filename, int* interval) {
351 
352  int status = DtXMLIntervalSeconds(time_expr, interval);
353 
354  if (status != 0) {
355  switch (status) {
356  case -1:
357  dual_log("WARNING: In %s M used in duration field for %s (%s) in %s - this will be interpreted as 31 days", location, field, time_expr, filename);
358  break;
359  case -2:
360  dual_log("WARNING: In %s Y used in duration field for %s (%s) in %s - this will be interpreted as 365 days", location, field, time_expr, filename);
361  break;
362  case -3:
363  dual_log("WARNING: In %s M & Y used in duration field for %s (%s) in %s - these will be interpreted as 31 and 365 days respectively", location, field, time_expr, filename);
364  break;
365  case 2:
366  dual_log("ERROR: unable to translate %s (%s) to seconds.", field, time_expr);
367  break;
368  case 3:
369  dual_log("ERROR: %s (%s) too long to be an int. E.g. Maximum is ~68 years on a system with 32-bit integers.", field, time_expr);
370  break;
371  case 4:
372  dual_log("ERROR: invalid pointers or text string NULL in %s (%s).", field, time_expr);
373  break;
374  default:
375  dual_log("ERROR: unknown error converting %s (%s) to seconds", field, time_expr);
376  }
377  }
378 
379  if (status > 0) {
380  *interval = 0;
381  return 1;
382  }
383 
384  return 0;
385 }
386 
387 int check_time_def_from_xpath(xmlXPathContextPtr xpath_ctx, const xmlChar *time_xexpr, const char *location, const char *field, const char *filename) {
388 
389  xmlXPathObjectPtr xpath_obj;
390  char* temp_char = NULL;
391  int status = 0;
392  int ignore = 0;
393 
394  xpath_obj = xmlXPathEvalExpression(time_xexpr, xpath_ctx);
395  if(xpath_obj == NULL) {
396  dual_log("ERROR: unable to evaluate xpath expression: %s", time_xexpr);
397  return 1;
398  }
399  if (xpath_obj->nodesetval != NULL && xpath_obj->nodesetval->nodeNr > 0) {
400  temp_char = (char *)xmlXPathCastToString(xpath_obj);
401  status += check_time_def(temp_char, location, field, filename, &ignore);
402  StrFree(temp_char);
403  }
404 
405  xmlXPathFreeObject(xpath_obj);
406 
407  return status;
408 }
409 
410 int check_policy(xmlNode *curNode, const char *policy_name, char **repo_list, int repo_count, const char *kasp) {
411  int status = 0;
412  int i = 0;
413  char* temp_char = NULL;
414  xmlNode *childNode;
415  xmlNode *childNode2;
416  xmlNode *childNode3;
417  char my_policy[KC_NAME_LENGTH];
418  int resign = 0;
419  int resigns_per_day = 0;
420  int refresh = 0;
421  int defalt = 0; /* default is not a suitable variable name */
422  int denial = 0;
423  int jitter = 0;
424  int inception = 0;
425  int ttl = 0;
426  int retire = 0;
427  int publish = 0;
428  int nsec = 0;
429  int hash_algo = 0;
430  int resalt = 0;
431  int ksk_algo = 0;
432  int ksk_length = 0;
433  int ksk_life = 0;
434  char *ksk_repo = NULL;
435  int zsk_algo = 0;
436  int zsk_length = 0;
437  int zsk_life = 0;
438  char *zsk_repo = NULL;
439  char *serial = NULL;
440 
441  snprintf(my_policy, KC_NAME_LENGTH, "policy %s,", policy_name);
442 
443  while (curNode) {
444  if (xmlStrEqual(curNode->name, (const xmlChar *)"Signatures")) {
445  childNode = curNode->children;
446  while (childNode){
447  if (xmlStrEqual(childNode->name, (const xmlChar *)"Resign")) {
448  temp_char = (char *) xmlNodeGetContent(childNode);
449  status += check_time_def(temp_char, my_policy, "Signatures/Resign", kasp, &resign);
450  StrFree(temp_char);
451  }
452  else if (xmlStrEqual(childNode->name, (const xmlChar *)"Refresh")) {
453  temp_char = (char *) xmlNodeGetContent(childNode);
454  status += check_time_def(temp_char, my_policy, "Signatures/Refresh", kasp, &refresh);
455  StrFree(temp_char);
456  }
457  else if (xmlStrEqual(childNode->name, (const xmlChar *)"Validity")) {
458  childNode2 = childNode->children;
459  while (childNode2){
460  if (xmlStrEqual(childNode2->name, (const xmlChar *)"Default")) {
461  temp_char = (char *) xmlNodeGetContent(childNode2);
462  status += check_time_def(temp_char, my_policy, "Signatures/Validity/Default", kasp, &defalt);
463  StrFree(temp_char);
464  }
465  else if (xmlStrEqual(childNode2->name, (const xmlChar *)"Denial")) {
466  temp_char = (char *) xmlNodeGetContent(childNode2);
467  status += check_time_def(temp_char, my_policy, "Signatures/Validity/Denial", kasp, &denial);
468  StrFree(temp_char);
469  }
470  childNode2 = childNode2->next;
471  }
472  }
473  else if (xmlStrEqual(childNode->name, (const xmlChar *)"Jitter")) {
474  temp_char = (char *) xmlNodeGetContent(childNode);
475  status += check_time_def(temp_char, my_policy, "Signatures/Jitter", kasp, &jitter);
476  StrFree(temp_char);
477  }
478  else if (xmlStrEqual(childNode->name, (const xmlChar *)"InceptionOffset")) {
479  temp_char = (char *) xmlNodeGetContent(childNode);
480  status += check_time_def(temp_char, my_policy, "Signatures/InceptionOffset", kasp, &inception);
481  StrFree(temp_char);
482  }
483 
484  childNode = childNode->next;
485  }
486  }
487  else if (xmlStrEqual(curNode->name, (const xmlChar *)"Denial")) {
488  childNode = curNode->children;
489  while (childNode) {
490 
491  if (xmlStrEqual(childNode->name, (const xmlChar *)"NSEC")) {
492  nsec = 1;
493  }
494  else if (xmlStrEqual(childNode->name, (const xmlChar *)"NSEC3")) {
495  nsec = 3;
496  childNode2 = childNode->children;
497  while (childNode2){
498 
499  if (xmlStrEqual(childNode2->name, (const xmlChar *)"Resalt")) {
500  temp_char = (char *) xmlNodeGetContent(childNode2);
501  status += check_time_def(temp_char, my_policy, "Denial/NSEC3/Resalt", kasp, &resalt);
502  StrFree(temp_char);
503  } else if (xmlStrEqual(childNode2->name, (const xmlChar *)"Hash")) {
504  childNode3 = childNode2->children;
505  while (childNode3) {
506 
507  if (xmlStrEqual(childNode3->name, (const xmlChar *)"Algorithm")) {
508  temp_char = (char *) xmlNodeGetContent(childNode3);
509  /* we know temp_char is a number */
510  hash_algo = atoi(temp_char);
511  if (hash_algo != 1) {
512  dual_log("ERROR: NSEC3 Hash algorithm for %s Policy "
513  "in %s is %d but should be 1", policy_name,
514  kasp, hash_algo);
515  status++;
516  }
517  StrFree(temp_char);
518  }
519  childNode3 = childNode3->next;
520 
521  }
522  }
523 
524  childNode2 = childNode2->next;
525  }
526  }
527 
528  childNode = childNode->next;
529  }
530  }
531  else if (xmlStrEqual(curNode->name, (const xmlChar *)"Keys")) {
532  childNode = curNode->children;
533  while (childNode) {
534 
535  if (xmlStrEqual(childNode->name, (const xmlChar *)"TTL")) {
536  temp_char = (char *) xmlNodeGetContent(childNode);
537  status += check_time_def(temp_char, my_policy, "Keys/TTL", kasp, &ttl);
538  StrFree(temp_char);
539  }
540  else if (xmlStrEqual(childNode->name, (const xmlChar *)"RetireSafety")) {
541  temp_char = (char *) xmlNodeGetContent(childNode);
542  status += check_time_def(temp_char, my_policy, "Keys/RetireSafety", kasp, &retire);
543  StrFree(temp_char);
544  }
545  else if (xmlStrEqual(childNode->name, (const xmlChar *)"PublishSafety")) {
546  temp_char = (char *) xmlNodeGetContent(childNode);
547  status += check_time_def(temp_char, my_policy, "Keys/PublishSafety", kasp, &publish);
548  StrFree(temp_char);
549  }
550  else if (xmlStrEqual(childNode->name, (const xmlChar *)"KSK")) {
551  childNode2 = childNode->children;
552  while (childNode2){
553 
554  if (xmlStrEqual(childNode2->name, (const xmlChar *)"Algorithm")) {
555  temp_char = (char *) xmlNodeGetContent(childNode2);
556  StrStrtoi(temp_char, &ksk_algo);
557  StrFree(temp_char);
558 
559  temp_char = (char *)xmlGetProp(childNode2, (const xmlChar *)"length");
560  StrStrtoi(temp_char, &ksk_length);
561  StrFree(temp_char);
562  }
563  else if (xmlStrEqual(childNode2->name, (const xmlChar *)"Lifetime")) {
564  temp_char = (char *) xmlNodeGetContent(childNode2);
565  status += check_time_def(temp_char, my_policy, "Keys/KSK Lifetime", kasp, &ksk_life);
566  StrFree(temp_char);
567  }
568  else if (xmlStrEqual(childNode2->name, (const xmlChar *)"Repository")) {
569  ksk_repo = (char *) xmlNodeGetContent(childNode2);
570  }
571 
572  childNode2 = childNode2->next;
573  }
574  }
575  else if (xmlStrEqual(childNode->name, (const xmlChar *)"ZSK")) {
576  childNode2 = childNode->children;
577  while (childNode2){
578 
579  if (xmlStrEqual(childNode2->name, (const xmlChar *)"Algorithm")) {
580  temp_char = (char *) xmlNodeGetContent(childNode2);
581  StrStrtoi(temp_char, &zsk_algo);
582  StrFree(temp_char);
583 
584  temp_char = (char *)xmlGetProp(childNode2, (const xmlChar *)"length");
585  StrStrtoi(temp_char, &zsk_length);
586  StrFree(temp_char);
587 
588  }
589  else if (xmlStrEqual(childNode2->name, (const xmlChar *)"Lifetime")) {
590  temp_char = (char *) xmlNodeGetContent(childNode2);
591  status += check_time_def(temp_char, my_policy, "Keys/ZSK Lifetime", kasp, &zsk_life);
592  StrFree(temp_char);
593  }
594  else if (xmlStrEqual(childNode2->name, (const xmlChar *)"Repository")) {
595  zsk_repo = (char *) xmlNodeGetContent(childNode2);
596  }
597 
598  childNode2 = childNode2->next;
599  }
600  }
601 
602  childNode = childNode->next;
603  }
604  }
605  else if (xmlStrEqual(curNode->name, (const xmlChar *)"Zone")) {
606  childNode = curNode->children;
607  while (childNode) {
608 
609  if (xmlStrEqual(childNode->name, (const xmlChar *)"SOA")) {
610  childNode2 = childNode->children;
611  while (childNode2){
612 
613  if (xmlStrEqual(childNode2->name, (const xmlChar *)"Serial")) {
614  serial = (char *) xmlNodeGetContent(childNode2);
615  }
616 
617  childNode2 = childNode2->next;
618  }
619  }
620 
621  childNode = childNode->next;
622  }
623  }
624 
625 
626  curNode = curNode->next;
627  }
628 
629  /* Now for the actual tests, from
630  * https://wiki.opendnssec.org/display/OpenDNSSEC/Configuration+Checker+%28ods-kaspcheck%29 */
631 
632  /* For all policies, check that the "Re-sign" interval is less
633  * than the "Refresh" interval. */
634  if (refresh && refresh <= resign) {
635  dual_log("ERROR: The Refresh interval (%d seconds) for "
636  "%s Policy in %s is less than or equal to the Resign interval "
637  "(%d seconds)", refresh, policy_name, kasp, resign);
638  status++;
639  }
640 
641  /* Ensure that the "Default" and "Denial" validity periods are
642  * greater than the "Refresh" interval. */
643  if (defalt <= refresh) {
644  dual_log("ERROR: Validity/Default (%d seconds) for "
645  "%s policy in %s is less than or equal to the Refresh interval "
646  "(%d seconds)", defalt, policy_name, kasp, refresh);
647  status++;
648  }
649  if (denial <= refresh) {
650  dual_log("ERROR: Validity/Denial (%d seconds) for "
651  "%s policy in %s is less than or equal to the Refresh interval "
652  "(%d seconds)", denial, policy_name, kasp, refresh);
653  status++;
654  }
655 
656  /* Warn if "Jitter" is greater than 50% of the maximum of the "default"
657  * and "Denial" period. (This is a bit arbitrary. The point is to get
658  * the user to realise that there will be a large spread in the signature
659  * lifetimes.) */
660  if (defalt > denial) {
661  if (jitter > (defalt * 0.5)) {
662  dual_log("WARNING: Jitter time (%d seconds) is large "
663  "compared to Validity/Default (%d seconds) "
664  "for %s policy in %s", jitter, defalt, policy_name, kasp);
665  }
666  } else {
667  if (jitter > (denial * 0.5)) {
668  dual_log("WARNING: Jitter time (%d seconds) is large "
669  "compared to Validity/Denial (%d seconds) "
670  "for %s policy in %s", jitter, denial, policy_name, kasp);
671  }
672  }
673 
674 
675  /* Warn if the InceptionOffset is greater than one hour. (Again arbitrary
676  * - but do we really expect the times on two systems to differ by more
677  * than this?) */
678  if (inception > 3600) {
679  dual_log("WARNING: InceptionOffset is higher than expected "
680  "(%d seconds) for %s policy in %s",
681  inception, policy_name, kasp);
682  }
683 
684  /* Warn if the "PublishSafety" and "RetireSafety" margins are less
685  * than 0.1 * TTL or more than 5 * TTL. */
686  if (publish < (ttl * 0.1)) {
687  dual_log("WARNING: Keys/PublishSafety (%d seconds) is less than "
688  "0.1 * TTL (%d seconds) for %s policy in %s",
689  publish, ttl, policy_name, kasp);
690  }
691  else if (publish > (ttl * 5)) {
692  dual_log("WARNING: Keys/PublishSafety (%d seconds) is greater than "
693  "5 * TTL (%d seconds) for %s policy in %s",
694  publish, ttl, policy_name, kasp);
695  }
696 
697  if (retire < (ttl * 0.1)) {
698  dual_log("WARNING: Keys/RetireSafety (%d seconds) is less than "
699  "0.1 * TTL (%d seconds) for %s policy in %s",
700  retire, ttl, policy_name, kasp);
701  }
702  else if (retire > (ttl * 5)) {
703  dual_log("WARNING: Keys/RetireSafety (%d seconds) is greater than "
704  "5 * TTL (%d seconds) for %s policy in %s",
705  retire, ttl, policy_name, kasp);
706  }
707 
708  /* The algorithm should be checked to ensure it is consistent with the
709  * NSEC/NSEC3 choice for the zone. */
710  if (nsec == 1) {
711  }
712  else if (nsec == 3) {
713  if (ksk_algo <= 5) {
714  dual_log("ERROR: In policy %s, incompatible algorithm (%d) used for "
715  "KSK NSEC3 in %s. Policy must have id greater than 5.", policy_name, ksk_algo, kasp);
716  status++;
717  }
718  if (zsk_algo <= 5) {
719  dual_log("ERROR: In policy %s, incompatible algorithm (%d) used for "
720  "ZSK NSEC3 in %s. Policy must have id greater than 5.", policy_name, zsk_algo, kasp);
721  status++;
722  }
723 
724  /* Warn if resalt is less than resign interval. */
725  if (resalt < resign) {
726  dual_log("WARNING: NSEC3 resalt interval (%d secs) is less than "
727  "signature resign interval (%d secs) for %s Policy",
728  resalt, resign, policy_name);
729  }
730 
731  }
732 
733  /* If datecounter is used for serial, then no more than 99 signings
734  * should be done per day (there are only two digits to play with in the
735  * version number). */
736  if (serial != NULL && strncmp(serial, "datecounter", 11) == 0) {
737  if (resign != 0) {
738  resigns_per_day = (60 * 60 * 24) / resign;
739  if (resigns_per_day > 99) {
740  dual_log("ERROR: In %s, policy %s, serial type datecounter used "
741  "but %d re-signs requested. No more than 99 re-signs per "
742  "day should be used with datecounter as only 2 digits are "
743  "allocated for the version number.",
744  kasp, policy_name, resigns_per_day);
745  status++;
746  }
747  }
748  }
749 
750  /* The key strength should be checked for sanity
751  * - warn if less than 1024 or error if more than 4096.
752  * Only do this check for RSA. */
753  if (ksk_algo == 5 || ksk_algo == 7 || ksk_algo == 8 || ksk_algo == 10) {
754  if (ksk_length < 1024) {
755  dual_log("WARNING: Key length of %d used for KSK in %s policy in %s. Should "
756  "probably be 1024 or more", ksk_length, policy_name, kasp);
757  }
758  else if (ksk_length > 4096) {
759  dual_log("ERROR: Key length of %d used for KSK in %s policy in %s. Should "
760  "be 4096 or less", ksk_length, policy_name, kasp);
761  status++;
762  }
763  }
764  if (zsk_algo == 5 || zsk_algo == 7 || zsk_algo == 8 || zsk_algo == 10) {
765  if (zsk_length < 1024) {
766  dual_log("WARNING: Key length of %d used for ZSK in %s policy in %s. Should "
767  "probably be 1024 or more", zsk_length, policy_name, kasp);
768  }
769  else if (zsk_length > 4096) {
770  dual_log("ERROR: Key length of %d used for ZSK in %s policy in %s. Should "
771  "be 4096 or less", zsk_length, policy_name, kasp);
772  status++;
773  }
774  }
775 
776  /* Check that repositories listed in the KSK and ZSK sections are defined
777  * in conf.xml. */
778  if (ksk_repo != NULL) {
779  for (i = 0; i < repo_count; i++) {
780  if (strcmp(ksk_repo, repo_list[i]) == 0) {
781  break;
782  }
783  }
784  if (i >= repo_count) {
785  dual_log("ERROR: Unknown repository (%s) defined for KSK in "
786  "%s policy in %s", ksk_repo, policy_name, kasp);
787  status++;
788  }
789  }
790 
791  if (zsk_repo != NULL) {
792  for (i = 0; i < repo_count; i++) {
793  if (strcmp(zsk_repo, repo_list[i]) == 0) {
794  break;
795  }
796  }
797  if (i >= repo_count) {
798  dual_log("ERROR: Unknown repository (%s) defined for ZSK in "
799  "%s policy", zsk_repo, policy_name);
800  status++;
801  }
802  }
803 
804  /* Warn if for any zone, the KSK lifetime is less than the ZSK lifetime. */
805  if (ksk_life < zsk_life) {
806  dual_log("WARNING: KSK minimum lifetime (%d seconds) is less than "
807  "ZSK minimum lifetime (%d seconds) for %s Policy in %s",
808  ksk_life, zsk_life, policy_name, kasp);
809  }
810 
811  /* Check that the value of the "Serial" tag is valid. (Done by rng) */
812 
813  /* Error if Jitter is greater than either the Default or Denial Validity. */
814  if (jitter > defalt) {
815  dual_log("ERROR: Jitter time (%d seconds) is greater than the "
816  "Default Validity (%d seconds) for %s policy in %s",
817  jitter, defalt, policy_name, kasp);
818  status++;
819  }
820  if (jitter > denial) {
821  dual_log("ERROR: Jitter time (%d seconds) is greater than the "
822  "Denial Validity (%d seconds) for %s policy in %s",
823  jitter, denial, policy_name, kasp);
824  status++;
825  }
826 
827  StrFree(ksk_repo);
828  StrFree(zsk_repo);
829  StrFree(serial);
830 
831  return status;
832 }
833 
834 /* NOTE: The following are taken from various files within libksm */
835 
836 /*+
837  * DtXMLIntervalSeconds - Parse xsd:durations Interval String
838  *
839  * Description:
840  * Parses an interval string which is of the form:
841  *
842  * P<number>
843  * or P<number><interval-type>
844  * or PT<number><interval-type> (if the interval-type is H, M or S)
845  *
846  * Without an interval type, the interval is assumed to be in seconds.
847  * Otherwise, the following interval types recognised are:
848  *
849  * S Seconds
850  * M Minutes - multiply number by 60 (no. seconds in a minute)
851  * H Hours - multiply number by 3600 (no. seconds in an hour)
852  * D Day - multiply number by 86400 (no. seconds in a day)
853  * W Week - multiply number by 604,800 (no. seconds in a week)
854  * M Month - multiply number by 2,678,400 (no. seconds in 31 days)
855  * Y Year - multiply number by 31,536,000 (no. seconds in 365 days)
856  *
857  * Lower-case characters are not recognised.
858  *
859  * Example: The string P2D would translate to 172,800
860  *
861  * Arguments:
862  * const char* text
863  * Interval as a string.
864  *
865  * long* interval
866  * Returned interval.
867  *
868  * Returns:
869  * int
870  * < 0 Success, string translated OK _BUT_ may not be what was expected
871  * (Year or Month used which gives approximate answer).
872  * 0 Success, string translated OK
873  * 2 Error - unable to translate string.
874  * 3 Error - string too long to be a number.
875  * 4 Error - invalid pointers or text string NULL.
876  *
877  * Known issues:
878  *
879  * 1. Years and months are only approximate as it has no concept of "now"
880  * We use 31 days = 1 month and 365 days = 1 year.
881  * 2. The "T" only effects the value of "M" (P1S should be illegal as correctly
882  * it would be PT1S)
883  *
884  * NOTE: This is copied from ksm/datatime.c and modified slightly to separate
885  * "Y" and "M" warnings
886  *
887 -*/
888 
889 int DtXMLIntervalSeconds(const char* text, int* interval)
890 {
891  int length = 0; /* Length of the string */
892  short is_time = 0; /* Do we have a Time section or not */
893  short is_neg = 0; /* Do we have a negative number */
894  short warning = 0; /* Do we need a warning code for duration approximation? */
895  short got_temp = 0; /* Have we seen a number? */
896  long long temp = 0; /* Number from this section */
897  const char *ptr = text; /* allow us to read through */
898 
899  int status = 0;
900 
901  long long temp_interval = 0;
902 
903  if (text && interval && *text) {
904  length = strlen(text);
905  } else {
906  return(4);
907  }
908 
909  if (ptr && length && interval) {
910  const char *end = text + length;
911  if (*ptr == '-') {
912  is_neg = 1;
913  ptr++;
914  }
915  if (*ptr == 'P') {
916  ptr++;
917  }
918  do {
919  switch (*ptr) {
920  case 'S':
921  if (got_temp) {
922  temp_interval += temp;
923  temp = 0;
924  got_temp = 0;
925  } else {
926  return(2);
927  }
928  break;
929 
930  case 'M':
931  if (got_temp) {
932  if (is_time) {
933  temp_interval += 60 * temp;
934  } else {
935  temp_interval += 31 * 24 * 60 * 60 * temp;
936  warning -= 1;
937  }
938  temp = 0;
939  got_temp = 0;
940  } else {
941  return(2);
942  }
943  break;
944 
945  case 'H':
946  if (got_temp) {
947  temp_interval += 60 * 60 * temp;
948  temp = 0;
949  got_temp = 0;
950  } else {
951  return(2);
952  }
953  break;
954 
955  case 'D':
956  if (got_temp) {
957  temp_interval += 24 * 60 * 60 * temp;
958  temp = 0;
959  got_temp = 0;
960  } else {
961  return(2);
962  }
963  break;
964 
965  case 'W':
966  if (got_temp) {
967  temp_interval += 7 * 24 * 60 * 60 * temp;
968  temp = 0;
969  got_temp = 0;
970  } else {
971  return(2);
972  }
973  break;
974 
975  case 'Y':
976  if (got_temp) {
977  temp_interval += 365 * 24 * 60 * 60 * temp;
978  temp = 0;
979  warning -= 2;
980  got_temp = 0;
981  } else {
982  return(2);
983  }
984  break;
985 
986  case 'T':
987  is_time = 1;
988  break;
989 
990  case '0':
991  case '1':
992  case '2':
993  case '3':
994  case '4':
995  case '5':
996  case '6':
997  case '7':
998  case '8':
999  case '9':
1000  if (!temp) {
1001  temp = atoll(ptr);
1002  got_temp = 1;
1003  if ((temp_interval <= INT_MIN) || (temp_interval >= INT_MAX)) {
1004  return(3);
1005  }
1006  }
1007  break;
1008 
1009  default:
1010  if (ptr != end) {
1011  return(2);
1012  }
1013  }
1014  } while (ptr++ < end);
1015  }
1016  else {
1017  status = 2; /* Can't translate string/overflow */
1018  }
1019 
1020  /* If we had no trailing letter then it is an implicit "S" */
1021  if (temp) {
1022  temp_interval += temp;
1023  temp = 0;
1024  }
1025 
1026  if (is_neg == 1) {
1027  temp_interval = 0 - temp_interval;
1028  }
1029 
1030  if (warning < 0) {
1031  status = warning;
1032  }
1033 
1034  if ((temp_interval >= INT_MIN) && (temp_interval <= INT_MAX)) {
1035  *interval = (int) temp_interval;
1036  }
1037  else {
1038  status = 3; /* Integer overflow */
1039  }
1040 
1041  return status;
1042 }
1043 
1044 /*+
1045  * StrStrtoi - Convert String to int
1046  *
1047  * Description:
1048  * Converts a string to a "int".
1049  *
1050  * This version strips out tabs and whitespace characters.
1051  *
1052  * Arguments:
1053  * const char* string (input)
1054  * String to convert.
1055  *
1056  * int* value (returned)
1057  * Return value.
1058  *
1059  * Returns:
1060  * int
1061  * 0 Success
1062  * 1 Conversion failed
1063 -*/
1064 
1065 int StrStrtoi(const char* string, int* value)
1066 {
1067  long longval; /* "long" to be passed to StrStrtol */
1068  int status; /* Status return */
1069 
1070  if (value == NULL) {
1071  dual_log("ERROR: NULL value passed to StrStrtoi");
1072  return 1;
1073  }
1074  status = StrStrtol(string, &longval);
1075  if (status == 0) {
1076  if ((longval >= INT_MIN) && (longval <= INT_MAX)) {
1077  *value = (int) longval;
1078  }
1079  else {
1080  status = 1; /* Integer overflow */
1081  }
1082  }
1083 
1084  return status;
1085 }
1086 
1087 /*+
1088  * StrStrtol - Convert String to long
1089  *
1090  * Description:
1091  * Converts a string to a "long". It uses strtol, but also passes
1092  * back a status code to indicate if the conversion was successful.
1093  *
1094  * This version strips out tabs and whitespace characters.
1095  *
1096  * Arguments:
1097  * const char* string (input)
1098  * String to convert.
1099  *
1100  * long* value (returned)
1101  * Return value.
1102  *
1103  * Returns:
1104  * int
1105  * 0 Success
1106  * 1 Conversion failed
1107 -*/
1108 
1109 int StrStrtol(const char* string, long* value)
1110 {
1111  char* endptr; /* End of string pointer */
1112  int status = 1; /* Assume failure */
1113  char* copy; /* Copy of the string */
1114  char* start; /* Start of the trimmed string */
1115 
1116  if (value == NULL) {
1117  dual_log("ERROR: NULL value passed to StrStrtol");
1118  return 1;
1119  }
1120  if (string) {
1121  copy = StrStrdup(string);
1122  StrTrimR(copy); /* Remove trailing spaces */
1123  start = StrTrimL(copy); /* ... and leading ones */
1124  if (*start) {
1125 
1126  /* String is not NULL, so try a conversion */
1127 
1128  errno = 0;
1129  *value = strtol(start, &endptr, 10);
1130 
1131  /* Only success if all characters converted */
1132 
1133  if (errno == 0) {
1134  status = (*endptr == '\0') ? 0 : 1;
1135  }
1136  else {
1137  status = 1;
1138  }
1139  }
1140  StrFree(copy);
1141  }
1142 
1143  return status;
1144 }
1145 
1146 /*+
1147  * StrStrdup - Duplicate String
1148  *
1149  * Description:
1150  * Wrapper for "strdup" that always returns, or exits the program (after
1151  * outputting a message to stderr) if the string duplication fails.
1152  *
1153  * Arguments:
1154  * const char* string (input)
1155  * String to be duplicated.
1156  *
1157  * Returns:
1158  * char*
1159  * Pointer to duplicated string (guaranteed to be non-null). The
1160  * string should be freed with StrFree() - a macro wrapper for "free".
1161 -*/
1162 
1163 char* StrStrdup(const char* string)
1164 {
1165  char* duplicate = NULL; /* Pointer to the duplicated string */
1166 
1167  if (string) {
1168  duplicate = strdup(string);
1169  if (duplicate == NULL) {
1170  dual_log("ERROR: StrStrdup: Call to malloc() returned null - out of swap space?");
1171  exit(1);
1172  }
1173  }
1174  else {
1175  duplicate = MemCalloc(1, 1); /* Allocate a single zeroed byte */
1176  }
1177 
1178  return duplicate;
1179 }
1180 
1181 /*+
1182  * StrAppend - Append String with Reallocation
1183  *
1184  * Description:
1185  * Appends the given string to a dynamically-allocated string, reallocating
1186  * the former as needed.
1187  *
1188  * The function is a no-op if either of its arguments are NULL.
1189  *
1190  * Arguments:
1191  * char** str1
1192  * On input this holds the current string. It is assumed that the
1193  * string has been dynamically allocated (with malloc or the like).
1194  * On output, this holds the concatenation of the two strings.
1195  *
1196  * If, on input, the string is NULL (i.e. *str is NULL, *not* str1 is
1197  * NULL), a new string is allocated and str2 copied to it.
1198  *
1199  * On exit, the string can be freed via a call to StrFree.
1200  *
1201  * const char* str2
1202  * The string to be appended.
1203 -*/
1204 
1205 void StrAppend(char** str1, const char* str2)
1206 {
1207  int len1; /* Length of string 1 */
1208  int len2; /* Length of string 2 */
1209 
1210  if (str1 && str2) {
1211 
1212  /* Something to append and we can append it */
1213 
1214  len2 = strlen(str2);
1215  if (*str1) {
1216  len1 = strlen(*str1);
1217 
1218  /* Allocate space for combined string and concatenate */
1219 
1220  *str1 = MemRealloc(*str1, (len1 + len2 + 1) * sizeof(char));
1221  strcat(*str1, str2);
1222  }
1223  else {
1224 
1225  /* Nothing in string 1, so just duplicate string 2 */
1226 
1227  *str1 = StrStrdup(str2);
1228  }
1229  }
1230 
1231  return;
1232 }
1233 
1234 /*+
1235  * StrTrimR - Trim Right
1236  *
1237  * Description:
1238  * Modifies a string by trimming white-space characters from the right of
1239  * the string. It does this by modifying the string, inserting a null
1240  * character after the last non white-space character.
1241  *
1242  * Arguments:
1243  * char *text (modified)
1244  * Text to modify. If this is NULL, the routine is a no-op.
1245  *
1246  * Returns:
1247  * void
1248 -*/
1249 
1250 void StrTrimR(char *text)
1251 {
1252  if (text) {
1253 
1254  /* Work backwards through the string */
1255 
1256  int textlen = strlen(text);
1257  while (-- textlen >= 0) {
1258  if (! isspace((int) text[textlen])) {
1259  text[textlen + 1] = '\0';
1260  return;
1261  }
1262  }
1263 
1264  /* Get here if the entire string is white space */
1265 
1266  text[0] = '\0';
1267  }
1268  return;
1269 }
1270 
1271 /*+
1272  * StrTrimL - Trim Left
1273  *
1274  * Description:
1275  * Searches a string and returns a pointer to the first non white-space
1276  * character in it.
1277  *
1278  * Arguments:
1279  * char* text (input)
1280  * Text to search.
1281  *
1282  * Returns:
1283  * char*
1284  * Pointer to first non white-space character in the string. If the
1285  * string is NULL, NULL is returned. If the string is all white space,
1286  * a pointer to the trailing null character is returned.
1287 -*/
1288 
1289 char* StrTrimL(char* text)
1290 {
1291  if (text) {
1292  while (*text && isspace((int) *text)) {
1293  ++text;
1294  }
1295  }
1296 
1297  return text;
1298 }
1299 
1300 void* MemCalloc(size_t nmemb, size_t size)
1301 {
1302  void *ptr = calloc(nmemb, size);
1303  if (ptr == NULL) {
1304  dual_log("ERROR: calloc: Out of swap space");
1305  exit(1);
1306  }
1307  return ptr;
1308 }
1309 
1310 void* MemRealloc(void *ptr, size_t size)
1311 {
1312  void *ptr1 = realloc(ptr, size);
1313  if (ptr1 == NULL) {
1314  dual_log("ERROR: realloc: Out of swap space");
1315  exit(1);
1316  }
1317  return ptr1;
1318 }