Merge pull request #128 from yschaeff/key_rollover

Key rollover
opendnssec · Jan 21, 2015 · 8e1ad5c · 8e1ad5c
2 parents f7978ec + 7902de3
commit 8e1ad5c
Show file tree

Hide file tree

Showing 10 changed files with 111 additions and 122 deletions.
diff --git a/enforcer-ng/src/Makefile.am b/enforcer-ng/src/Makefile.am
@@ -140,7 +140,7 @@ ods_enforcerd_SOURCES = \
 	signconf/signconf.c signconf/signconf.h \
 	enforcer/enforcerdata.h \
 	enforcer/autostart_cmd.c enforcer/autostart_cmd.h \
-	enforcer/enforce_cmd.cpp enforcer/enforce_cmd.h \
+	enforcer/enforce_cmd.c enforcer/enforce_cmd.h \
 	enforcer/enforce_task.c enforcer/enforce_task.h \
 	enforcer/enforcer.cpp enforcer/enforcer.h \
 	enforcer/update_repositorylist_cmd.c enforcer/update_repositorylist_cmd.h \

diff --git a/enforcer-ng/src/daemon/cmdhandler.c b/enforcer-ng/src/daemon/cmdhandler.c
@@ -138,14 +138,14 @@ cmd_funcs_avail(void)
 /*        &key_ds_retract_funcblock,
 */        &key_ds_gone_funcblock,
         &key_generate_funcblock,
-/*
+
         &key_rollover_funcblock,
-*/        &rollover_list_funcblock,
+        &rollover_list_funcblock,
 
         &backup_funcblock,
-/*
+
         &enforce_funcblock,
-*/        &signconf_funcblock,
+        &signconf_funcblock,
 
 
         &queue_funcblock,

diff --git a/enforcer-ng/src/enforcer/enforce_cmd.cpp → enforcer-ng/src/enforcer/enforce_cmd.c b/enforcer-ng/src/enforcer/enforce_cmd.cpp → enforcer-ng/src/enforcer/enforce_cmd.c
@@ -59,6 +59,17 @@ handles(const char *cmd, ssize_t n)
 	return ods_check_command(cmd, n, enforce_funcblock()->cmdname)?1:0;
 }
 
+static void
+reschedule_enforce(task_type *task, time_t t_when, const char *z_when)
+{
+	ods_log_assert(task->allocator);
+	ods_log_assert(task->who);
+	allocator_deallocate(task->allocator,(void*)task->who);
+	task->who = allocator_strdup(task->allocator, z_when);
+	task->when = t_when;
+	task->backoff = 0;
+}
+
 /**
  * Handle the 'enforce' command.
  *
@@ -67,9 +78,16 @@ static int
 run(int sockfd, engine_type* engine, const char *cmd, ssize_t n,
 	db_connection_t *dbconn)
 {
+	time_t t_next;
+	task_type *task;
 	(void)cmd; (void)n;
 	ods_log_debug("[%s] %s command", module_str, enforce_funcblock()->cmdname);
-	perform_enforce_lock(sockfd, engine, 1, NULL, dbconn);
+
+	task = enforce_task(engine, 1);
+
+	t_next = perform_enforce_lock(sockfd, engine, 1, task, dbconn);
+	reschedule_enforce(task, t_next, "next zone");
+	schedule_task(engine->taskq, task);
 	return 0;
 }
 

diff --git a/enforcer-ng/src/enforcer/enforce_cmd.h b/enforcer-ng/src/enforcer/enforce_cmd.h
@@ -30,14 +30,6 @@
 #ifndef _ENFORCER_ENFORCE_CMD_H_
 #define _ENFORCER_ENFORCE_CMD_H_
 
-#ifdef __cplusplus
-extern "C" {
-#endif
-
 struct cmd_func_block* enforce_funcblock(void);
 
-#ifdef __cplusplus
-}
-#endif
-
 #endif /* _ENFORCER_ENFORCE_CMD_H_ */
diff --git a/enforcer-ng/src/enforcer/enforce_task.c b/enforcer-ng/src/enforcer/enforce_task.c
@@ -59,18 +59,18 @@ bool enforce_all = 1;
 static void 
 enf_schedule_task(int sockfd, engine_type* engine, task_type *task, const char *what)
 {
-    /* schedule task */
-    if (!task) {
-        ods_log_crit("[%s] failed to create %s task", module_str, what);
-    } else {
-        ods_status status = schedule_task(engine->taskq, task);
-        if (status != ODS_STATUS_OK) {
-            ods_log_crit("[%s] failed to create %s task", module_str, what);
-            client_printf(sockfd, "Unable to schedule %s task.\n", what);
-        } else {
-            client_printf(sockfd, "Scheduled %s task.\n", what);
-        }
-    }
+	/* schedule task */
+	if (!task) {
+		ods_log_crit("[%s] failed to create %s task", module_str, what);
+	} else {
+		ods_status status = schedule_task(engine->taskq, task);
+		if (status != ODS_STATUS_OK) {
+			ods_log_crit("[%s] failed to create %s task", module_str, what);
+			client_printf(sockfd, "Unable to schedule %s task.\n", what);
+		} else {
+			client_printf(sockfd, "Scheduled %s task.\n", what);
+		}
+	}
 }
 
 static void
@@ -104,36 +104,36 @@ perform_enforce(int sockfd, engine_type *engine, int bForceUpdate,
 	int zone_updated;
 
 	if (!bForceUpdate) {
-	    if (!(clauselist = db_clause_list_new())
-	        || !(clause = zone_next_change_clause(clauselist, t_now))
-	        || db_clause_set_type(clause, DB_CLAUSE_LESS_OR_EQUAL)
-	        || !(zonelist = zone_list_new(dbconn))
-	        /*|| zone_list_associated_fetch(zonelist)*/
-	        || zone_list_get_by_clauses(zonelist, clauselist))
+		if (!(clauselist = db_clause_list_new())
+			|| !(clause = zone_next_change_clause(clauselist, t_now))
+			|| db_clause_set_type(clause, DB_CLAUSE_LESS_OR_EQUAL)
+			|| !(zonelist = zone_list_new(dbconn))
+			/*|| zone_list_associated_fetch(zonelist)*/
+			|| zone_list_get_by_clauses(zonelist, clauselist))
 		{
-	        zone_list_free(zonelist);
-	        zonelist = NULL;
+			zone_list_free(zonelist);
+			zonelist = NULL;
 		}
-        db_clause_list_free(clauselist);
+		db_clause_list_free(clauselist);
 	} else { /* all zones */
-	    if (!(zonelist = zone_list_new(dbconn))
-	        /*|| zone_list_associated_fetch(zonelist)*/
-	        || zone_list_get(zonelist))
-	    {
-            zone_list_free(zonelist);
-            zonelist = NULL;
-	    }
+		if (!(zonelist = zone_list_new(dbconn))
+			/*|| zone_list_associated_fetch(zonelist)*/
+			|| zone_list_get(zonelist))
+		{
+			zone_list_free(zonelist);
+			zonelist = NULL;
+		}
 	}
 	if (!zonelist) {
-	    /* TODO: log error */
-	    ods_log_error("[%s] zonelist NULL", module_str);
-	    /* TODO: backoff? */
-	    return t_reschedule;
+		/* TODO: log error */
+		ods_log_error("[%s] zonelist NULL", module_str);
+		/* TODO: backoff? */
+		return t_reschedule;
 	}
 
 	for (zone = zone_list_get_next(zonelist);
-	    zone && !engine->need_to_reload && !engine->need_to_exit;
-	    zone_free(zone), zone = zone_list_get_next(zonelist))
+		zone && !engine->need_to_reload && !engine->need_to_exit;
+		zone_free(zone), zone = zone_list_get_next(zonelist))
 	{
 		if (!bForceUpdate && (zone_next_change(zone) == -1)) {
 			continue;
@@ -143,15 +143,15 @@ perform_enforce(int sockfd, engine_type *engine, int bForceUpdate,
 				"Next update for zone %s NOT scheduled "
 				"because policy is missing !\n", zone_name(zone));
 			if (zone_next_change(zone) != -1
-			    && (zone_set_next_change(zone, -1)
-			        || zone_update(zone)))
+				&& (zone_set_next_change(zone, -1)
+					|| zone_update(zone)))
 			{
-	            /* TODO: Log error */
+				/* TODO: Log error */
 			}
-            continue;
+			continue;
 		}
 
-        zone_updated = 0;
+		zone_updated = 0;
 		t_next = update(engine, dbconn, zone, policy, t_now, &zone_updated);
 		policy_free(policy);
 		bSignerConfNeedsWriting |= zone_signconf_needs_writing(zone);
@@ -177,45 +177,45 @@ perform_enforce(int sockfd, engine_type *engine, int bForceUpdate,
 				"Next update for zone %s NOT scheduled "
 				"by enforcer !\n", zone_name(zone));
 			ods_log_debug("Next update for zone %s NOT scheduled "
-                "by enforcer !\n", zone_name(zone));
+				"by enforcer !\n", zone_name(zone));
 		} else {
 			/* Invalid schedule time then skip the zone.*/
 			char tbuf[32] = "date/time invalid\n"; /* at least 26 bytes */
 			ctime_r(&t_next, tbuf); /* note that ctime_r inserts \n */
 			client_printf(sockfd,
 				"Next update for zone %s scheduled at %s",
 				zone_name(zone), tbuf);
-            ods_log_debug("Next update for zone %s scheduled at %s",
-                zone_name(zone), tbuf);
+			ods_log_debug("Next update for zone %s scheduled at %s",
+				zone_name(zone), tbuf);
 		}
 		if (zone_next_change(zone) != t_next) {
-		    zone_set_next_change(zone, t_next);
-		    zone_updated = 1;
+			zone_set_next_change(zone, t_next);
+			zone_updated = 1;
 		}
 
 		/*
-	     * Commit the changes to the zone if there where any.
-	     */
-	    if (zone_updated) {
-	        if (zone_update(zone)) {
-	            ods_log_debug("[%s] error zone_update(%s)", module_str, zone_name(zone));
-	        }
-	    }
+		 * Commit the changes to the zone if there where any.
+		 */
+		if (zone_updated) {
+			if (zone_update(zone)) {
+				ods_log_debug("[%s] error zone_update(%s)", module_str, zone_name(zone));
+			}
+		}
 
-	    /*
-	     * Find out when to schedule the next change.
-	     */
-	    if (zone_next_change(zone) != -1
-	        && (zone_next_change(zone) < t_reschedule
-	            || !firstzone))
-	    {
-	        t_reschedule = zone_next_change(zone);
-	        if (firstzone) {
-	            zone_free(firstzone);
-	        }
-	        firstzone = zone;
-	        zone = NULL;
-	    }
+		/*
+		 * Find out when to schedule the next change.
+		 */
+		if (zone_next_change(zone) != -1
+			&& (zone_next_change(zone) < t_reschedule
+				|| !firstzone))
+		{
+			t_reschedule = zone_next_change(zone);
+			if (firstzone) {
+				zone_free(firstzone);
+			}
+			firstzone = zone;
+			zone = NULL;
+		}
 	}
 	zone_list_free(zonelist);
 
@@ -252,7 +252,7 @@ perform_enforce(int sockfd, engine_type *engine, int bForceUpdate,
 
 	/* Launch ds-retract task when one of the updated key states has the
 	 * DS_RETRACT flag set. */
-    /* TODO: convert to new database layer
+	/* TODO: convert to new database layer
 	if (bRetractFromParent) {
 		task_type *retract =
 			keystate_ds_retract_task(engine->config,
@@ -261,7 +261,7 @@ perform_enforce(int sockfd, engine_type *engine, int bForceUpdate,
 	}
 	*/
 
-    return t_reschedule;
+	return t_reschedule;
 }
 
 time_t perform_enforce_lock(int sockfd, engine_type *engine,

diff --git a/enforcer-ng/src/enforcer/enforce_task.h b/enforcer-ng/src/enforcer/enforce_task.h
@@ -30,10 +30,6 @@
 #ifndef _ENFORCER_ENFORCE_TASK_H_
 #define _ENFORCER_ENFORCE_TASK_H_
 
-#ifdef __cplusplus
-extern "C" {
-#endif
-
 #include "daemon/cfg.h"
 #include "scheduler/task.h"
 
@@ -44,8 +40,4 @@ task_type *enforce_task(engine_type *engine, bool all);
 
 int flush_enforce_task(engine_type *engine, bool enforce_all);
 
-#ifdef __cplusplus
-}
-#endif
-
 #endif
diff --git a/enforcer-ng/src/keystate/keystate_rollover_cmd.c b/enforcer-ng/src/keystate/keystate_rollover_cmd.c
@@ -59,24 +59,24 @@ perform_keystate_rollover(int sockfd, db_connection_t *dbconn,
 			if (zone_set_roll_ksk_now(zone, 1) ||
 				zone_set_roll_zsk_now(zone, 1) ||
 				zone_set_roll_csk_now(zone, 1)) {error = 1; break;}
-			client_printf(sockfd, "rolling all keys for zone %s\n", zone);
+			client_printf(sockfd, "rolling all keys for zone %s\n", zonename);
 			ods_log_info("[%s] Manual rollover initiated for all keys on Zone: %s",
-				module_str, zone);
+				module_str, zonename);
 			break;
 		case KEY_DATA_ROLE_KSK:
 			if (zone_set_roll_ksk_now(zone, 1)) {error = 1; break;};
-			client_printf(sockfd,"rolling KSK for zone %s\n",zone);
-			ods_log_info("[%s] Manual rollover initiated for KSK on Zone: %s", module_str, zone);
+			client_printf(sockfd, "rolling KSK for zone %s\n", zonename);
+			ods_log_info("[%s] Manual rollover initiated for KSK on Zone: %s", module_str, zonename);
 			break;
 		case KEY_DATA_ROLE_ZSK:
 			if (zone_set_roll_zsk_now(zone, 1)) {error = 1; break;}
-			client_printf(sockfd,"rolling ZSK for zone %s\n",zone);
-			ods_log_info("[%s] Manual rollover initiated for ZSK on Zone: %s", module_str, zone);
+			client_printf(sockfd, "rolling ZSK for zone %s\n", zonename);
+			ods_log_info("[%s] Manual rollover initiated for ZSK on Zone: %s", module_str, zonename);
 			break;
 		case KEY_DATA_ROLE_CSK:
 			if (zone_set_roll_csk_now(zone, 1)) {error = 1; break;}
-			client_printf(sockfd,"rolling CSK for zone %s\n",zone);
-			ods_log_info("[%s] Manual rollover initiated for CSK on Zone: %s", module_str, zone);
+			client_printf(sockfd, "rolling CSK for zone %s\n", zonename);
+			ods_log_info("[%s] Manual rollover initiated for CSK on Zone: %s", module_str, zonename);
 			break;
 		default:
 			ods_log_assert(false && "nkeyrole out of range");
@@ -103,6 +103,17 @@ usage(int sockfd)
 	);
 }
 
+static void
+help(int sockfd)
+{
+	client_printf(sockfd,
+		"Start a key rollover of the desired type *now*. The process is the same\n"
+		"as for the scheduled automated rollovers however it does not wait for\n"
+		"the keys lifetime to expire before rolling. The next rollover is due\n"
+		"after the newest key aged passed its lifetime.\n"
+	);
+}
+
 static int
 handles(const char *cmd, ssize_t n)
 {
@@ -173,7 +184,7 @@ run(int sockfd, engine_type* engine, const char *cmd, ssize_t n,
 }
 
 static struct cmd_func_block funcblock = {
-	"key rollover", &usage, NULL, &handles, &run
+	"key rollover", &usage, &help, &handles, &run
 };
 
 struct cmd_func_block*

diff --git a/enforcer-ng/src/keystate/keystate_rollover_cmd.h b/enforcer-ng/src/keystate/keystate_rollover_cmd.h
@@ -30,14 +30,6 @@
 #ifndef _KEYSTATE_ROLLOVER_CMD_H_
 #define _KEYSTATE_ROLLOVER_CMD_H_
 
-#ifdef __cplusplus
-extern "C" {
-#endif
-
 struct cmd_func_block* key_rollover_funcblock(void);
 
-#ifdef __cplusplus
-}
-#endif
-
 #endif /* _KEYSTATE_ROLLOVER_CMD_H_ */
diff --git a/enforcer-ng/src/policy/policy_import.h b/enforcer-ng/src/policy/policy_import.h
@@ -53,10 +53,6 @@
  */
 #define POLICY_IMPORT_ERR_MEMORY 4
 
-#ifdef __cplusplus
-extern "C" {
-#endif
-
 /*
  * Import policies from the configured KASP XML and sync it with the database.
  * \param[in] sockfd a client socket which progress is written to if non-zero.
@@ -69,8 +65,4 @@ extern "C" {
 int policy_import(int sockfd, engine_type* engine, db_connection_t *dbconn,
     int do_delete);
 
-#ifdef __cplusplus
-}
-#endif
-
 #endif /* _POLICY_POLICY_IMPORT_H_ */