OpenDNSSEC-enforcer  2.1.4
enforce_task.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2011 Surfnet
3  * Copyright (c) 2011 .SE (The Internet Infrastructure Foundation).
4  * Copyright (c) 2011 OpenDNSSEC AB (svb)
5  * All rights reserved.
6  *
7  * Redistribution and use in source and binary forms, with or without
8  * modification, are permitted provided that the following conditions
9  * are met:
10  * 1. Redistributions of source code must retain the above copyright
11  * notice, this list of conditions and the following disclaimer.
12  * 2. Redistributions in binary form must reproduce the above copyright
13  * notice, this list of conditions and the following disclaimer in the
14  * documentation and/or other materials provided with the distribution.
15  *
16  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
17  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
18  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
19  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
20  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
21  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
22  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
24  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
25  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
26  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
27  *
28  */
29 
30 #include "config.h"
31 
32 #include <pthread.h>
33 
34 #include "enforcer/enforcer.h"
35 #include "clientpipe.h"
36 #include "daemon/engine.h"
37 #include "signconf/signconf_task.h"
40 #include "duration.h"
41 #include "file.h"
42 #include "log.h"
43 #include "scheduler/schedule.h"
44 #include "scheduler/task.h"
45 #include "db/zone_db.h"
46 #include "db/db_clause.h"
47 
48 #include "enforcer/enforce_task.h"
49 
50 static const char *module_str = "enforce_task";
51 
52 static time_t
53 perform_enforce(int sockfd, engine_type *engine, char const *zonename,
54  db_connection_t *dbconn)
55 {
56  zone_db_t *zone;
58  time_t t_next;
59  int zone_updated = 0;
60  int bSignerConfNeedsWriting = 0;
61  int bSubmitToParent = 0;
62  int bRetractFromParent = 0;
63  key_data_list_t *keylist;
64  key_data_t const *key;
65 
66 
67  zone = zone_db_new_get_by_name(dbconn, zonename);
68  if (!zone) {
69  ods_log_error("[%s] Could not find zone %s in database",
70  module_str, zonename);
71  return -1;
72  }
73 
74  if (!(policy = zone_db_get_policy(zone))) {
75  ods_log_error("Next update for zone %s NOT scheduled "
76  "because policy is missing !\n", zone_db_name(zone));
77  zone_db_free(zone);
78  return -1;
79  }
80 
81  if (policy_passthrough(policy)) {
82  ods_log_info("Passing through zone %s.\n", zone_db_name(zone));
83  bSignerConfNeedsWriting = 1;
84  t_next = schedule_SUCCESS;
85  } else {
86  t_next = update(engine, dbconn, zone, policy, time_now(), &zone_updated);
87  bSignerConfNeedsWriting = zone_db_signconf_needs_writing(zone);
88  }
89 
90  policy_free(policy);
91 
92  /* Commit zone to database before we schedule signconf */
93  if (zone_updated) {
94  (void)zone_db_set_next_change(zone, t_next);
95  (void)zone_db_update(zone);
96  }
97 
98  if (bSignerConfNeedsWriting) {
99  signconf_task_flush_zone(engine, dbconn, zonename);
100  } else {
101  ods_log_info("[%s] No changes to signconf file required for zone %s", module_str, zonename);
102  }
103 
104  keylist = zone_db_get_keys(zone);
105  while ((key = key_data_list_next(keylist))) {
107  ods_log_warning("[%s] please submit DS "
108  "with keytag %d for zone %s",
109  module_str, key_data_keytag(key)&0xFFFF, zone_db_name(zone));
110  bSubmitToParent = 1;
112  ods_log_warning("[%s] please retract DS "
113  "with keytag %d for zone %s",
114  module_str, key_data_keytag(key)&0xFFFF, zone_db_name(zone));
115  bRetractFromParent = 1;
116  }
117  }
118  key_data_list_free(keylist);
119 
120  /* Launch ds-submit task when one of the updated key states has the
121  * DS_SUBMIT flag set. */
122  if (bSubmitToParent) {
123  task_type *submit = keystate_ds_submit_task(engine, zonename);
124  schedule_task(engine->taskq, submit, 1, 0);
125  }
126  /* Launch ds-retract task when one of the updated key states has the
127  * DS_RETRACT flag set. */
128  if (bRetractFromParent) {
129  task_type *retract = keystate_ds_retract_task(engine, zonename);
130  schedule_task(engine->taskq, retract, 1, 0);
131  }
132 
133  zone_db_free(zone);
134  return t_next;
135 }
136 
137 time_t
138 enforce_task_perform(task_type* task, char const *owner, void *userdata, void *context)
139 {
140  db_connection_t* dbconn = (db_connection_t*) context;
141  return perform_enforce(-1, (engine_type *)userdata, owner, dbconn);
142 }
143 
144 task_type *
145 enforce_task(engine_type *engine, char const *owner)
146 {
147  return task_create(strdup(owner), TASK_CLASS_ENFORCER, TASK_TYPE_ENFORCE,
148  enforce_task_perform, engine, NULL, time_now());
149 }
150 
151 void
152 enforce_task_flush_zone(engine_type *engine, char const *zonename)
153 {
154  (void)schedule_task(engine->taskq, enforce_task(engine, zonename), 1, 0);
155 }
156 
157 void
159  policy_t const *policy)
160 {
161  zone_db_t const *zone;
162  zone_list_db_t *zonelist;
163 
164  ods_log_assert(policy);
165 
166  zonelist = zone_list_db_new_get_by_policy_id(dbconn, policy_id(policy));
167  if (!zonelist) {
168  ods_log_error("[%s] Can't fetch zones for policy %s from database",
169  module_str, policy_name(policy));
170  return;
171  }
172  while ((zone = zone_list_db_next(zonelist))) {
173  (void)schedule_task(engine->taskq, enforce_task(engine, zone->name), 1, 0);
174  }
175  zone_list_db_free(zonelist);
176 }
177 
178 void
180 {
181  zone_list_db_t *zonelist;
182  const zone_db_t *zone;
183 
184  zonelist = zone_list_db_new_get(dbconn);
185  if (!zonelist) {
186  db_connection_free(dbconn);
187  ods_fatal_exit("[%s] failed to list zones from DB", module_str);
188  }
189  while ((zone = zone_list_db_next(zonelist))) {
190  (void)schedule_task(engine->taskq, enforce_task(engine, zone->name), 1, 0);
191  }
192  zone_list_db_free(zonelist);
193 }
zone_db_t * zone_db_new_get_by_name(const db_connection_t *connection, const char *name)
Definition: zone_db.c:1569
void zone_db_free(zone_db_t *zone)
Definition: zone_db.c:325
task_type * enforce_task(engine_type *engine, char const *owner)
Definition: enforce_task.c:145
key_data_list_t * zone_db_get_keys(const zone_db_t *zone)
Definition: zone_db_ext.c:56
time_t enforce_task_perform(task_type *task, char const *owner, void *userdata, void *context)
Definition: enforce_task.c:138
char * name
Definition: zone_db.h:53
const char * policy_name(const policy_t *policy)
Definition: policy.c:813
void enforce_task_flush_all(engine_type *engine, db_connection_t *dbconn)
Definition: enforce_task.c:179
unsigned int key_data_keytag(const key_data_t *key_data)
Definition: key_data.c:767
unsigned int policy_passthrough(const policy_t *policy)
Definition: policy.c:1085
void zone_list_db_free(zone_list_db_t *zone_list)
Definition: zone_db.c:1989
const zone_db_t * zone_list_db_next(zone_list_db_t *zone_list)
Definition: zone_db.c:2603
void policy_free(policy_t *policy)
Definition: policy.c:518
key_data_ds_at_parent
Definition: key_data.h:48
const key_data_t * key_data_list_next(key_data_list_t *key_data_list)
Definition: key_data.c:2359
const char * zone_db_name(const zone_db_t *zone)
Definition: zone_db.c:782
void enforce_task_flush_policy(engine_type *engine, db_connection_t *dbconn, policy_t const *policy)
Definition: enforce_task.c:158
void enforce_task_flush_zone(engine_type *engine, char const *zonename)
Definition: enforce_task.c:152
unsigned int zone_db_signconf_needs_writing(const zone_db_t *zone)
Definition: zone_db.c:790
zone_list_db_t * zone_list_db_new_get(const db_connection_t *connection)
Definition: zone_db.c:2402
void key_data_list_free(key_data_list_t *key_data_list)
Definition: key_data.c:1694
schedule_type * taskq
Definition: engine.h:60
void db_connection_free(db_connection_t *connection)
Definition: db_connection.c:45
policy_t * zone_db_get_policy(const zone_db_t *zone)
Definition: zone_db.c:744
Definition: policy.h:60
task_type * keystate_ds_retract_task(engine_type *engine, char const *owner)
int zone_db_set_next_change(zone_db_t *zone, int next_change)
Definition: zone_db.c:991
int zone_db_update(zone_db_t *zone)
Definition: zone_db.c:1589
task_type * keystate_ds_submit_task(engine_type *engine, char const *owner)
const db_value_t * policy_id(const policy_t *policy)
Definition: policy.c:805
time_t update(engine_type *engine, db_connection_t *dbconn, zone_db_t *zone, policy_t const *policy, time_t now, int *zone_updated)
Definition: enforcer.c:2672
zone_list_db_t * zone_list_db_new_get_by_policy_id(const db_connection_t *connection, const db_value_t *policy_id)
Definition: zone_db.c:2524
void signconf_task_flush_zone(engine_type *engine, db_connection_t *dbconn, const char *zonename)
Definition: signconf_task.c:76