1 /* 2 * Copyright (c) 2009 NLNet Labs. All rights reserved. 3 * 4 * Redistribution and use in source and binary forms, with or without 5 * modification, are permitted provided that the following conditions 6 * are met: 7 * 1. Redistributions of source code must retain the above copyright 8 * notice, this list of conditions and the following disclaimer. 9 * 2. Redistributions in binary form must reproduce the above copyright 10 * notice, this list of conditions and the following disclaimer in the 11 * documentation and/or other materials provided with the distribution. 12 * 13 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR 14 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED 15 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 16 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY 17 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 18 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE 19 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 20 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER 21 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR 22 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN 23 * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 24 * 25 */ 26 27 #ifndef SIGNER_SIGNCONF_H 28 #define SIGNER_SIGNCONF_H 29 30 #include <ldns/ldns.h> 31 #include <time.h> 32 33 typedef struct signconf_struct signconf_type; 34 35 #include "scheduler/task.h" 36 #include "status.h" 37 #include "duration.h" 38 #include "signer/keys.h" 39 #include "signer/nsec3params.h" 40 41 struct signconf_struct { 42 /* Zone */ 43 const char* name; 44 int passthrough; 45 /* Signatures */ 46 duration_type* sig_resign_interval; 47 duration_type* sig_refresh_interval; 48 duration_type* sig_validity_default; 49 duration_type* sig_validity_denial; 50 duration_type* sig_validity_keyset; 51 duration_type* sig_jitter; 52 duration_type* sig_inception_offset; 53 /* Denial of existence */ 54 duration_type* nsec3param_ttl; 55 ldns_rr_type nsec_type; 56 int nsec3_optout; 57 uint32_t nsec3_algo; 58 uint32_t nsec3_iterations; 59 const char* nsec3_salt; 60 nsec3params_type* nsec3params; 61 /* Keys */ 62 duration_type* dnskey_ttl; 63 const char** dnskey_signature; /* may be NULL and must be NULL terminated */ 64 keylist_type* keys; 65 /* Source of authority */ 66 duration_type* soa_ttl; 67 duration_type* soa_min; 68 const char* soa_serial; 69 /* Other useful information */ 70 duration_type* max_zone_ttl; 71 const char* filename; 72 time_t last_modified; 73 }; 74 75 /** 76 * Create a new signer configuration with the 'empty' settings. 77 * \return signconf_type* signer configuration 78 * 79 */ 80 extern signconf_type* signconf_create(void); 81 82 /** 83 * Update signer configuration. 84 * \param[out] signconf signer configuration 85 * \param[in] scfile signer configuration file name 86 * \param[in] last_modified last known modification 87 * \return ods_status status 88 * 89 */ 90 extern ods_status signconf_update(signconf_type** signconf, const char* scfile, 91 time_t last_modified); 92 93 /** 94 * Backup signer configuration. 95 * \param[in] fd file descriptor 96 * \param[in] sc signer configuration settings 97 * \param[in] version version string 98 * 99 */ 100 void signconf_backup(FILE* fd, signconf_type* sc, const char* version); 101 102 /** 103 * Check signer configuration. 104 * \param signconf signer configuration 105 * \return ods_status status 106 * 107 */ 108 extern ods_status signconf_check(signconf_type* signconf); 109 110 /** 111 * Compare signer configurations on denial of existence material. 112 * \param[in] a a signer configuration 113 * \param[in] b another signer configuration 114 * \return task_id what task needs to be scheduled 115 * 116 */ 117 extern task_id signconf_compare_denial(signconf_type* a, signconf_type* b); 118 119 /** 120 * Log signer configuration. 121 * \param[in] sc signconf to log 122 * \param[in] name zone name 123 * 124 */ 125 extern void signconf_log(signconf_type* sc, const char* name); 126 127 /** 128 * Clean up signer configuration. 129 * \param[in] sc signconf to cleanup 130 * 131 */ 132 extern void signconf_cleanup(signconf_type* sc); 133 134 #endif /* SIGNER_SIGNCONF_H */ 135