1 /*
2 * Copyright (c) 2011 Surfnet
3 * Copyright (c) 2011 .SE (The Internet Infrastructure Foundation).
4 * Copyright (c) 2011 OpenDNSSEC AB (svb)
5 * All rights reserved.
6 *
7 * Redistribution and use in source and binary forms, with or without
8 * modification, are permitted provided that the following conditions
9 * are met:
10 * 1. Redistributions of source code must retain the above copyright
11 * notice, this list of conditions and the following disclaimer.
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in the
14 * documentation and/or other materials provided with the distribution.
15 *
16 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17 * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18 * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
20 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
22 * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
24 * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
25 * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
26 * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27 *
28 */
29
30 #include "config.h"
31
32 #include <pthread.h>
33
34 #include "enforcer/enforcer.h"
35 #include "clientpipe.h"
36 #include "daemon/engine.h"
37 #include "signconf/signconf_task.h"
38 #include "keystate/keystate_ds_submit_task.h"
39 #include "keystate/keystate_ds_retract_task.h"
40 #include "duration.h"
41 #include "file.h"
42 #include "log.h"
43 #include "scheduler/schedule.h"
44 #include "scheduler/task.h"
45 #include "db/zone_db.h"
46 #include "db/db_clause.h"
47
48 #include "enforcer/enforce_task.h"
49
50 static const char *module_str = "enforce_task";
51
52 static time_t
perform_enforce(int sockfd,engine_type * engine,char const * zonename,db_connection_t * dbconn)53 perform_enforce(int sockfd, engine_type *engine, char const *zonename,
54 db_connection_t *dbconn)
55 {
56 zone_db_t *zone;
57 policy_t *policy;
58 time_t t_next;
59 int zone_updated = 0;
60 int bSignerConfNeedsWriting = 0;
61 int bSubmitToParent = 0;
62 int bRetractFromParent = 0;
63 key_data_list_t *keylist;
64 key_data_t const *key;
65
66
67 zone = zone_db_new_get_by_name(dbconn, zonename);
68 if (!zone) {
69 ods_log_error("[%s] Could not find zone %s in database",
70 module_str, zonename);
71 return -1;
72 }
73
74 if (!(policy = zone_db_get_policy(zone))) {
75 ods_log_error("Next update for zone %s NOT scheduled "
76 "because policy is missing !\n", zone_db_name(zone));
77 zone_db_free(zone);
78 return -1;
79 }
80
81 if (policy_passthrough(policy)) {
82 ods_log_info("Passing through zone %s.\n", zone_db_name(zone));
83 bSignerConfNeedsWriting = 1;
84 t_next = schedule_SUCCESS;
85 } else {
86 t_next = update(engine, dbconn, zone, policy, time_now(), &zone_updated);
87 bSignerConfNeedsWriting = zone_db_signconf_needs_writing(zone);
88 }
89
90 policy_free(policy);
91
92 /* Commit zone to database before we schedule signconf */
93 if (zone_updated) {
94 (void)zone_db_set_next_change(zone, t_next);
95 (void)zone_db_update(zone);
96 }
97
98 if (bSignerConfNeedsWriting) {
99 signconf_task_flush_zone(engine, dbconn, zonename);
100 } else {
101 ods_log_info("[%s] No changes to signconf file required for zone %s", module_str, zonename);
102 }
103
104 keylist = zone_db_get_keys(zone);
105 while ((key = key_data_list_next(keylist))) {
106 if (key_data_ds_at_parent(key) == KEY_DATA_DS_AT_PARENT_SUBMIT) {
107 ods_log_warning("[%s] please submit DS "
108 "with keytag %d for zone %s",
109 module_str, key_data_keytag(key)&0xFFFF, zone_db_name(zone));
110 bSubmitToParent = 1;
111 } else if (key_data_ds_at_parent(key) == KEY_DATA_DS_AT_PARENT_RETRACT) {
112 ods_log_warning("[%s] please retract DS "
113 "with keytag %d for zone %s",
114 module_str, key_data_keytag(key)&0xFFFF, zone_db_name(zone));
115 bRetractFromParent = 1;
116 }
117 }
118 key_data_list_free(keylist);
119
120 /* Launch ds-submit task when one of the updated key states has the
121 * DS_SUBMIT flag set. */
122 if (bSubmitToParent) {
123 task_type *submit = keystate_ds_submit_task(engine, zonename);
124 schedule_task(engine->taskq, submit, 1, 0);
125 }
126 /* Launch ds-retract task when one of the updated key states has the
127 * DS_RETRACT flag set. */
128 if (bRetractFromParent) {
129 task_type *retract = keystate_ds_retract_task(engine, zonename);
130 schedule_task(engine->taskq, retract, 1, 0);
131 }
132
133 zone_db_free(zone);
134 return t_next;
135 }
136
137 time_t
enforce_task_perform(task_type * task,char const * owner,void * userdata,void * context)138 enforce_task_perform(task_type* task, char const *owner, void *userdata, void *context)
139 {
140 db_connection_t* dbconn = (db_connection_t*) context;
141 return perform_enforce(-1, (engine_type *)userdata, owner, dbconn);
142 }
143
144 task_type *
enforce_task(engine_type * engine,char const * owner)145 enforce_task(engine_type *engine, char const *owner)
146 {
147 return task_create(strdup(owner), TASK_CLASS_ENFORCER, TASK_TYPE_ENFORCE,
148 enforce_task_perform, engine, NULL, time_now());
149 }
150
151 void
enforce_task_flush_zone(engine_type * engine,char const * zonename)152 enforce_task_flush_zone(engine_type *engine, char const *zonename)
153 {
154 (void)schedule_task(engine->taskq, enforce_task(engine, zonename), 1, 0);
155 }
156
157 void
enforce_task_flush_policy(engine_type * engine,db_connection_t * dbconn,policy_t const * policy)158 enforce_task_flush_policy(engine_type *engine, db_connection_t *dbconn,
159 policy_t const *policy)
160 {
161 zone_db_t const *zone;
162 zone_list_db_t *zonelist;
163
164 ods_log_assert(policy);
165
166 zonelist = zone_list_db_new_get_by_policy_id(dbconn, policy_id(policy));
167 if (!zonelist) {
168 ods_log_error("[%s] Can't fetch zones for policy %s from database",
169 module_str, policy_name(policy));
170 return;
171 }
172 while ((zone = zone_list_db_next(zonelist))) {
173 (void)schedule_task(engine->taskq, enforce_task(engine, zone->name), 1, 0);
174 }
175 zone_list_db_free(zonelist);
176 }
177
178 void
enforce_task_flush_all(engine_type * engine,db_connection_t * dbconn)179 enforce_task_flush_all(engine_type *engine, db_connection_t *dbconn)
180 {
181 zone_list_db_t *zonelist;
182 const zone_db_t *zone;
183
184 zonelist = zone_list_db_new_get(dbconn);
185 if (!zonelist) {
186 db_connection_free(dbconn);
187 ods_fatal_exit("[%s] failed to list zones from DB", module_str);
188 }
189 while ((zone = zone_list_db_next(zonelist))) {
190 (void)schedule_task(engine->taskq, enforce_task(engine, zone->name), 1, 0);
191 }
192 zone_list_db_free(zonelist);
193 }
194