From 796c3970c16dab7ef6fc896d31ac28911b9675df Mon Sep 17 00:00:00 2001 From: Yuri Schaeffer Date: Tue, 13 Jan 2015 14:37:34 +0100 Subject: [PATCH 1/5] not called from cpp code --- enforcer-ng/src/policy/policy_import.h | 8 -------- enforcer-ng/src/policy/policy_import_cmd.h | 8 -------- 2 files changed, 16 deletions(-) diff --git a/enforcer-ng/src/policy/policy_import.h b/enforcer-ng/src/policy/policy_import.h index 84f68464cb..0685aa82ca 100644 --- a/enforcer-ng/src/policy/policy_import.h +++ b/enforcer-ng/src/policy/policy_import.h @@ -53,10 +53,6 @@ */ #define POLICY_IMPORT_ERR_MEMORY 4 -#ifdef __cplusplus -extern "C" { -#endif - /* * Import policies from the configured KASP XML and sync it with the database. * \param[in] sockfd a client socket which progress is written to if non-zero. @@ -69,8 +65,4 @@ extern "C" { int policy_import(int sockfd, engine_type* engine, db_connection_t *dbconn, int do_delete); -#ifdef __cplusplus -} -#endif - #endif /* _POLICY_POLICY_IMPORT_H_ */ diff --git a/enforcer-ng/src/policy/policy_import_cmd.h b/enforcer-ng/src/policy/policy_import_cmd.h index d9d31999a9..ed86178691 100644 --- a/enforcer-ng/src/policy/policy_import_cmd.h +++ b/enforcer-ng/src/policy/policy_import_cmd.h @@ -30,14 +30,6 @@ #ifndef _POLICY_POLICY_IMPORT_CMD_H_ #define _POLICY_POLICY_IMPORT_CMD_H_ -#ifdef __cplusplus -extern "C" { -#endif - struct cmd_func_block* policy_import_funcblock(void); -#ifdef __cplusplus -} -#endif - #endif /* _POLICY_POLICY_IMPORT_CMD_H_ */ From 1659d61399cf356500b449091e400c164c3813d5 Mon Sep 17 00:00:00 2001 From: Yuri Schaeffer Date: Fri, 16 Jan 2015 14:50:57 +0100 Subject: [PATCH 2/5] Enabling rollover command --- enforcer-ng/src/daemon/cmdhandler.c | 4 ++-- enforcer-ng/src/keystate/keystate_rollover_cmd.h | 8 -------- 2 files changed, 2 insertions(+), 10 deletions(-) diff --git a/enforcer-ng/src/daemon/cmdhandler.c b/enforcer-ng/src/daemon/cmdhandler.c index 53649bb400..8ac7c5c28f 100644 --- a/enforcer-ng/src/daemon/cmdhandler.c +++ b/enforcer-ng/src/daemon/cmdhandler.c @@ -138,9 +138,9 @@ cmd_funcs_avail(void) /* &key_ds_retract_funcblock, */ &key_ds_gone_funcblock, &key_generate_funcblock, -/* + &key_rollover_funcblock, -*/ &rollover_list_funcblock, + &rollover_list_funcblock, &backup_funcblock, /* diff --git a/enforcer-ng/src/keystate/keystate_rollover_cmd.h b/enforcer-ng/src/keystate/keystate_rollover_cmd.h index 62271f9a32..d4e117f219 100644 --- a/enforcer-ng/src/keystate/keystate_rollover_cmd.h +++ b/enforcer-ng/src/keystate/keystate_rollover_cmd.h @@ -30,14 +30,6 @@ #ifndef _KEYSTATE_ROLLOVER_CMD_H_ #define _KEYSTATE_ROLLOVER_CMD_H_ -#ifdef __cplusplus -extern "C" { -#endif - struct cmd_func_block* key_rollover_funcblock(void); -#ifdef __cplusplus -} -#endif - #endif /* _KEYSTATE_ROLLOVER_CMD_H_ */ From 2568f56d8501dab9e99b6116248752239b5bb0c4 Mon Sep 17 00:00:00 2001 From: Yuri Schaeffer Date: Fri, 16 Jan 2015 14:55:17 +0100 Subject: [PATCH 3/5] print zone name rather than zone object --- enforcer-ng/src/keystate/keystate_rollover_cmd.c | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/enforcer-ng/src/keystate/keystate_rollover_cmd.c b/enforcer-ng/src/keystate/keystate_rollover_cmd.c index b57affeb66..af39d5cc51 100644 --- a/enforcer-ng/src/keystate/keystate_rollover_cmd.c +++ b/enforcer-ng/src/keystate/keystate_rollover_cmd.c @@ -59,24 +59,24 @@ perform_keystate_rollover(int sockfd, db_connection_t *dbconn, if (zone_set_roll_ksk_now(zone, 1) || zone_set_roll_zsk_now(zone, 1) || zone_set_roll_csk_now(zone, 1)) {error = 1; break;} - client_printf(sockfd, "rolling all keys for zone %s\n", zone); + client_printf(sockfd, "rolling all keys for zone %s\n", zonename); ods_log_info("[%s] Manual rollover initiated for all keys on Zone: %s", - module_str, zone); + module_str, zonename); break; case KEY_DATA_ROLE_KSK: if (zone_set_roll_ksk_now(zone, 1)) {error = 1; break;}; - client_printf(sockfd,"rolling KSK for zone %s\n",zone); - ods_log_info("[%s] Manual rollover initiated for KSK on Zone: %s", module_str, zone); + client_printf(sockfd,"rolling KSK for zone %s\n",zonename); + ods_log_info("[%s] Manual rollover initiated for KSK on Zone: %s", module_str, zonename); break; case KEY_DATA_ROLE_ZSK: if (zone_set_roll_zsk_now(zone, 1)) {error = 1; break;} - client_printf(sockfd,"rolling ZSK for zone %s\n",zone); - ods_log_info("[%s] Manual rollover initiated for ZSK on Zone: %s", module_str, zone); + client_printf(sockfd,"rolling ZSK for zone %s\n",zonename); + ods_log_info("[%s] Manual rollover initiated for ZSK on Zone: %s", module_str, zonename); break; case KEY_DATA_ROLE_CSK: if (zone_set_roll_csk_now(zone, 1)) {error = 1; break;} - client_printf(sockfd,"rolling CSK for zone %s\n",zone); - ods_log_info("[%s] Manual rollover initiated for CSK on Zone: %s", module_str, zone); + client_printf(sockfd,"rolling CSK for zone %s\n",zonename); + ods_log_info("[%s] Manual rollover initiated for CSK on Zone: %s", module_str, zonename); break; default: ods_log_assert(false && "nkeyrole out of range"); From acbf02ec0efee695511d834ada68c8d9564a87fa Mon Sep 17 00:00:00 2001 From: Yuri Schaeffer Date: Fri, 16 Jan 2015 15:15:29 +0100 Subject: [PATCH 4/5] spaces are free also, include basic help for key rollover command --- .../src/keystate/keystate_rollover_cmd.c | 19 +++++++++++++++---- 1 file changed, 15 insertions(+), 4 deletions(-) diff --git a/enforcer-ng/src/keystate/keystate_rollover_cmd.c b/enforcer-ng/src/keystate/keystate_rollover_cmd.c index af39d5cc51..cce14ee86e 100644 --- a/enforcer-ng/src/keystate/keystate_rollover_cmd.c +++ b/enforcer-ng/src/keystate/keystate_rollover_cmd.c @@ -65,17 +65,17 @@ perform_keystate_rollover(int sockfd, db_connection_t *dbconn, break; case KEY_DATA_ROLE_KSK: if (zone_set_roll_ksk_now(zone, 1)) {error = 1; break;}; - client_printf(sockfd,"rolling KSK for zone %s\n",zonename); + client_printf(sockfd, "rolling KSK for zone %s\n", zonename); ods_log_info("[%s] Manual rollover initiated for KSK on Zone: %s", module_str, zonename); break; case KEY_DATA_ROLE_ZSK: if (zone_set_roll_zsk_now(zone, 1)) {error = 1; break;} - client_printf(sockfd,"rolling ZSK for zone %s\n",zonename); + client_printf(sockfd, "rolling ZSK for zone %s\n", zonename); ods_log_info("[%s] Manual rollover initiated for ZSK on Zone: %s", module_str, zonename); break; case KEY_DATA_ROLE_CSK: if (zone_set_roll_csk_now(zone, 1)) {error = 1; break;} - client_printf(sockfd,"rolling CSK for zone %s\n",zonename); + client_printf(sockfd, "rolling CSK for zone %s\n", zonename); ods_log_info("[%s] Manual rollover initiated for CSK on Zone: %s", module_str, zonename); break; default: @@ -103,6 +103,17 @@ usage(int sockfd) ); } +static void +help(int sockfd) +{ + client_printf(sockfd, + "Start a key rollover of the desired type *now*. The process is the same\n" + "as for the scheduled automated rollovers however it does not wait for\n" + "the keys lifetime to expire before rolling. The next rollover is due\n" + "after the newest key aged passed its lifetime.\n" + ); +} + static int handles(const char *cmd, ssize_t n) { @@ -173,7 +184,7 @@ run(int sockfd, engine_type* engine, const char *cmd, ssize_t n, } static struct cmd_func_block funcblock = { - "key rollover", &usage, NULL, &handles, &run + "key rollover", &usage, &help, &handles, &run }; struct cmd_func_block* From 7902de3e8ad2af209eee41e21f424b2a392b5c38 Mon Sep 17 00:00:00 2001 From: Yuri Schaeffer Date: Fri, 16 Jan 2015 16:45:57 +0100 Subject: [PATCH 5/5] Enforce command reinstated --- enforcer-ng/src/Makefile.am | 2 +- enforcer-ng/src/daemon/cmdhandler.c | 4 +- .../{enforce_cmd.cpp => enforce_cmd.c} | 20 ++- enforcer-ng/src/enforcer/enforce_cmd.h | 8 -- enforcer-ng/src/enforcer/enforce_task.c | 134 +++++++++--------- enforcer-ng/src/enforcer/enforce_task.h | 8 -- 6 files changed, 89 insertions(+), 87 deletions(-) rename enforcer-ng/src/enforcer/{enforce_cmd.cpp => enforce_cmd.c} (82%) diff --git a/enforcer-ng/src/Makefile.am b/enforcer-ng/src/Makefile.am index 8f57c6f276..58521aafa4 100644 --- a/enforcer-ng/src/Makefile.am +++ b/enforcer-ng/src/Makefile.am @@ -140,7 +140,7 @@ ods_enforcerd_SOURCES = \ signconf/signconf.c signconf/signconf.h \ enforcer/enforcerdata.h \ enforcer/autostart_cmd.c enforcer/autostart_cmd.h \ - enforcer/enforce_cmd.cpp enforcer/enforce_cmd.h \ + enforcer/enforce_cmd.c enforcer/enforce_cmd.h \ enforcer/enforce_task.c enforcer/enforce_task.h \ enforcer/enforcer.cpp enforcer/enforcer.h \ enforcer/update_repositorylist_cmd.c enforcer/update_repositorylist_cmd.h \ diff --git a/enforcer-ng/src/daemon/cmdhandler.c b/enforcer-ng/src/daemon/cmdhandler.c index 8ac7c5c28f..13b8dbedfb 100644 --- a/enforcer-ng/src/daemon/cmdhandler.c +++ b/enforcer-ng/src/daemon/cmdhandler.c @@ -143,9 +143,9 @@ cmd_funcs_avail(void) &rollover_list_funcblock, &backup_funcblock, -/* + &enforce_funcblock, -*/ &signconf_funcblock, + &signconf_funcblock, &queue_funcblock, diff --git a/enforcer-ng/src/enforcer/enforce_cmd.cpp b/enforcer-ng/src/enforcer/enforce_cmd.c similarity index 82% rename from enforcer-ng/src/enforcer/enforce_cmd.cpp rename to enforcer-ng/src/enforcer/enforce_cmd.c index a14160fa8a..005cbb9362 100644 --- a/enforcer-ng/src/enforcer/enforce_cmd.cpp +++ b/enforcer-ng/src/enforcer/enforce_cmd.c @@ -59,6 +59,17 @@ handles(const char *cmd, ssize_t n) return ods_check_command(cmd, n, enforce_funcblock()->cmdname)?1:0; } +static void +reschedule_enforce(task_type *task, time_t t_when, const char *z_when) +{ + ods_log_assert(task->allocator); + ods_log_assert(task->who); + allocator_deallocate(task->allocator,(void*)task->who); + task->who = allocator_strdup(task->allocator, z_when); + task->when = t_when; + task->backoff = 0; +} + /** * Handle the 'enforce' command. * @@ -67,9 +78,16 @@ static int run(int sockfd, engine_type* engine, const char *cmd, ssize_t n, db_connection_t *dbconn) { + time_t t_next; + task_type *task; (void)cmd; (void)n; ods_log_debug("[%s] %s command", module_str, enforce_funcblock()->cmdname); - perform_enforce_lock(sockfd, engine, 1, NULL, dbconn); + + task = enforce_task(engine, 1); + + t_next = perform_enforce_lock(sockfd, engine, 1, task, dbconn); + reschedule_enforce(task, t_next, "next zone"); + schedule_task(engine->taskq, task); return 0; } diff --git a/enforcer-ng/src/enforcer/enforce_cmd.h b/enforcer-ng/src/enforcer/enforce_cmd.h index 411f007a30..97531f7d53 100644 --- a/enforcer-ng/src/enforcer/enforce_cmd.h +++ b/enforcer-ng/src/enforcer/enforce_cmd.h @@ -30,14 +30,6 @@ #ifndef _ENFORCER_ENFORCE_CMD_H_ #define _ENFORCER_ENFORCE_CMD_H_ -#ifdef __cplusplus -extern "C" { -#endif - struct cmd_func_block* enforce_funcblock(void); -#ifdef __cplusplus -} -#endif - #endif /* _ENFORCER_ENFORCE_CMD_H_ */ diff --git a/enforcer-ng/src/enforcer/enforce_task.c b/enforcer-ng/src/enforcer/enforce_task.c index 7863db2035..dd3e06f1d9 100644 --- a/enforcer-ng/src/enforcer/enforce_task.c +++ b/enforcer-ng/src/enforcer/enforce_task.c @@ -59,18 +59,18 @@ bool enforce_all = 1; static void enf_schedule_task(int sockfd, engine_type* engine, task_type *task, const char *what) { - /* schedule task */ - if (!task) { - ods_log_crit("[%s] failed to create %s task", module_str, what); - } else { - ods_status status = schedule_task(engine->taskq, task); - if (status != ODS_STATUS_OK) { - ods_log_crit("[%s] failed to create %s task", module_str, what); - client_printf(sockfd, "Unable to schedule %s task.\n", what); - } else { - client_printf(sockfd, "Scheduled %s task.\n", what); - } - } + /* schedule task */ + if (!task) { + ods_log_crit("[%s] failed to create %s task", module_str, what); + } else { + ods_status status = schedule_task(engine->taskq, task); + if (status != ODS_STATUS_OK) { + ods_log_crit("[%s] failed to create %s task", module_str, what); + client_printf(sockfd, "Unable to schedule %s task.\n", what); + } else { + client_printf(sockfd, "Scheduled %s task.\n", what); + } + } } static void @@ -104,36 +104,36 @@ perform_enforce(int sockfd, engine_type *engine, int bForceUpdate, int zone_updated; if (!bForceUpdate) { - if (!(clauselist = db_clause_list_new()) - || !(clause = zone_next_change_clause(clauselist, t_now)) - || db_clause_set_type(clause, DB_CLAUSE_LESS_OR_EQUAL) - || !(zonelist = zone_list_new(dbconn)) - /*|| zone_list_associated_fetch(zonelist)*/ - || zone_list_get_by_clauses(zonelist, clauselist)) + if (!(clauselist = db_clause_list_new()) + || !(clause = zone_next_change_clause(clauselist, t_now)) + || db_clause_set_type(clause, DB_CLAUSE_LESS_OR_EQUAL) + || !(zonelist = zone_list_new(dbconn)) + /*|| zone_list_associated_fetch(zonelist)*/ + || zone_list_get_by_clauses(zonelist, clauselist)) { - zone_list_free(zonelist); - zonelist = NULL; + zone_list_free(zonelist); + zonelist = NULL; } - db_clause_list_free(clauselist); + db_clause_list_free(clauselist); } else { /* all zones */ - if (!(zonelist = zone_list_new(dbconn)) - /*|| zone_list_associated_fetch(zonelist)*/ - || zone_list_get(zonelist)) - { - zone_list_free(zonelist); - zonelist = NULL; - } + if (!(zonelist = zone_list_new(dbconn)) + /*|| zone_list_associated_fetch(zonelist)*/ + || zone_list_get(zonelist)) + { + zone_list_free(zonelist); + zonelist = NULL; + } } if (!zonelist) { - /* TODO: log error */ - ods_log_error("[%s] zonelist NULL", module_str); - /* TODO: backoff? */ - return t_reschedule; + /* TODO: log error */ + ods_log_error("[%s] zonelist NULL", module_str); + /* TODO: backoff? */ + return t_reschedule; } for (zone = zone_list_get_next(zonelist); - zone && !engine->need_to_reload && !engine->need_to_exit; - zone_free(zone), zone = zone_list_get_next(zonelist)) + zone && !engine->need_to_reload && !engine->need_to_exit; + zone_free(zone), zone = zone_list_get_next(zonelist)) { if (!bForceUpdate && (zone_next_change(zone) == -1)) { continue; @@ -143,15 +143,15 @@ perform_enforce(int sockfd, engine_type *engine, int bForceUpdate, "Next update for zone %s NOT scheduled " "because policy is missing !\n", zone_name(zone)); if (zone_next_change(zone) != -1 - && (zone_set_next_change(zone, -1) - || zone_update(zone))) + && (zone_set_next_change(zone, -1) + || zone_update(zone))) { - /* TODO: Log error */ + /* TODO: Log error */ } - continue; + continue; } - zone_updated = 0; + zone_updated = 0; t_next = update(engine, dbconn, zone, policy, t_now, &zone_updated); policy_free(policy); bSignerConfNeedsWriting |= zone_signconf_needs_writing(zone); @@ -177,7 +177,7 @@ perform_enforce(int sockfd, engine_type *engine, int bForceUpdate, "Next update for zone %s NOT scheduled " "by enforcer !\n", zone_name(zone)); ods_log_debug("Next update for zone %s NOT scheduled " - "by enforcer !\n", zone_name(zone)); + "by enforcer !\n", zone_name(zone)); } else { /* Invalid schedule time then skip the zone.*/ char tbuf[32] = "date/time invalid\n"; /* at least 26 bytes */ @@ -185,37 +185,37 @@ perform_enforce(int sockfd, engine_type *engine, int bForceUpdate, client_printf(sockfd, "Next update for zone %s scheduled at %s", zone_name(zone), tbuf); - ods_log_debug("Next update for zone %s scheduled at %s", - zone_name(zone), tbuf); + ods_log_debug("Next update for zone %s scheduled at %s", + zone_name(zone), tbuf); } if (zone_next_change(zone) != t_next) { - zone_set_next_change(zone, t_next); - zone_updated = 1; + zone_set_next_change(zone, t_next); + zone_updated = 1; } /* - * Commit the changes to the zone if there where any. - */ - if (zone_updated) { - if (zone_update(zone)) { - ods_log_debug("[%s] error zone_update(%s)", module_str, zone_name(zone)); - } - } + * Commit the changes to the zone if there where any. + */ + if (zone_updated) { + if (zone_update(zone)) { + ods_log_debug("[%s] error zone_update(%s)", module_str, zone_name(zone)); + } + } - /* - * Find out when to schedule the next change. - */ - if (zone_next_change(zone) != -1 - && (zone_next_change(zone) < t_reschedule - || !firstzone)) - { - t_reschedule = zone_next_change(zone); - if (firstzone) { - zone_free(firstzone); - } - firstzone = zone; - zone = NULL; - } + /* + * Find out when to schedule the next change. + */ + if (zone_next_change(zone) != -1 + && (zone_next_change(zone) < t_reschedule + || !firstzone)) + { + t_reschedule = zone_next_change(zone); + if (firstzone) { + zone_free(firstzone); + } + firstzone = zone; + zone = NULL; + } } zone_list_free(zonelist); @@ -252,7 +252,7 @@ perform_enforce(int sockfd, engine_type *engine, int bForceUpdate, /* Launch ds-retract task when one of the updated key states has the * DS_RETRACT flag set. */ - /* TODO: convert to new database layer + /* TODO: convert to new database layer if (bRetractFromParent) { task_type *retract = keystate_ds_retract_task(engine->config, @@ -261,7 +261,7 @@ perform_enforce(int sockfd, engine_type *engine, int bForceUpdate, } */ - return t_reschedule; + return t_reschedule; } time_t perform_enforce_lock(int sockfd, engine_type *engine, diff --git a/enforcer-ng/src/enforcer/enforce_task.h b/enforcer-ng/src/enforcer/enforce_task.h index fac99d02af..47f4df53e5 100644 --- a/enforcer-ng/src/enforcer/enforce_task.h +++ b/enforcer-ng/src/enforcer/enforce_task.h @@ -30,10 +30,6 @@ #ifndef _ENFORCER_ENFORCE_TASK_H_ #define _ENFORCER_ENFORCE_TASK_H_ -#ifdef __cplusplus -extern "C" { -#endif - #include "daemon/cfg.h" #include "scheduler/task.h" @@ -44,8 +40,4 @@ task_type *enforce_task(engine_type *engine, bool all); int flush_enforce_task(engine_type *engine, bool enforce_all); -#ifdef __cplusplus -} -#endif - #endif