dnssectool.c 7.6 KB
Newer Older
1
/*
Automatic Updater's avatar
Automatic Updater committed
2
 * Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
Mark Andrews's avatar
Mark Andrews committed
3
 * Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
4
 *
Automatic Updater's avatar
Automatic Updater committed
5
 * Permission to use, copy, modify, and/or distribute this software for any
6 7
 * purpose with or without fee is hereby granted, provided that the above
 * copyright notice and this permission notice appear in all copies.
8
 *
Mark Andrews's avatar
Mark Andrews committed
9 10 11 12 13 14 15
 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
 * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 * PERFORMANCE OF THIS SOFTWARE.
16 17
 */

Automatic Updater's avatar
Automatic Updater committed
18
/* $Id: dnssectool.c,v 1.45 2007/06/19 23:46:59 tbox Exp $ */
19 20 21 22 23 24

/*! \file */

/*%
 * DNSSEC Support Routines.
 */
David Lawrence's avatar
David Lawrence committed
25

26 27 28 29 30
#include <config.h>

#include <stdlib.h>

#include <isc/buffer.h>
Brian Wellington's avatar
Brian Wellington committed
31
#include <isc/entropy.h>
32 33
#include <isc/list.h>
#include <isc/mem.h>
34
#include <isc/string.h>
35
#include <isc/time.h>
36
#include <isc/util.h>
37
#include <isc/print.h>
38 39 40

#include <dns/log.h>
#include <dns/name.h>
41
#include <dns/rdatastruct.h>
42
#include <dns/rdataclass.h>
43 44 45
#include <dns/rdatatype.h>
#include <dns/result.h>
#include <dns/secalg.h>
46
#include <dns/time.h>
47 48 49 50

#include "dnssectool.h"

extern int verbose;
David Lawrence's avatar
David Lawrence committed
51
extern const char *program;
52

53 54 55 56 57 58 59 60 61
typedef struct entropysource entropysource_t;

struct entropysource {
	isc_entropysource_t *source;
	isc_mem_t *mctx;
	ISC_LINK(entropysource_t) link;
};

static ISC_LIST(entropysource_t) sources;
62
static fatalcallback_t *fatalcallback = NULL;
63

64
void
David Lawrence's avatar
David Lawrence committed
65
fatal(const char *format, ...) {
66 67 68 69 70 71 72
	va_list args;

	fprintf(stderr, "%s: ", program);
	va_start(args, format);
	vfprintf(stderr, format, args);
	va_end(args);
	fprintf(stderr, "\n");
73 74
	if (fatalcallback != NULL)
		(*fatalcallback)();
75 76 77
	exit(1);
}

78 79 80 81 82
void
setfatalcallback(fatalcallback_t *callback) {
	fatalcallback = callback;
}

83
void
David Lawrence's avatar
David Lawrence committed
84
check_result(isc_result_t result, const char *message) {
85 86
	if (result != ISC_R_SUCCESS)
		fatal("%s: %s", message, isc_result_totext(result));
87 88 89 90 91 92 93 94 95 96 97 98 99
}

void
vbprintf(int level, const char *fmt, ...) {
	va_list ap;
	if (level > verbose)
		return;
	va_start(ap, fmt);
	fprintf(stderr, "%s: ", program);
	vfprintf(stderr, fmt, ap);
	va_end(ap);
}

100 101
void
type_format(const dns_rdatatype_t type, char *cp, unsigned int size) {
102 103 104 105
	isc_buffer_t b;
	isc_region_t r;
	isc_result_t result;

106
	isc_buffer_init(&b, cp, size - 1);
107 108 109 110 111 112
	result = dns_rdatatype_totext(type, &b);
	check_result(result, "dns_rdatatype_totext()");
	isc_buffer_usedregion(&b, &r);
	r.base[r.length] = 0;
}

113 114
void
alg_format(const dns_secalg_t alg, char *cp, unsigned int size) {
115 116 117 118
	isc_buffer_t b;
	isc_region_t r;
	isc_result_t result;

119
	isc_buffer_init(&b, cp, size - 1);
120 121 122 123 124 125
	result = dns_secalg_totext(alg, &b);
	check_result(result, "dns_secalg_totext()");
	isc_buffer_usedregion(&b, &r);
	r.base[r.length] = 0;
}

126
void
127
sig_format(dns_rdata_rrsig_t *sig, char *cp, unsigned int size) {
128 129
	char namestr[DNS_NAME_FORMATSIZE];
	char algstr[DNS_NAME_FORMATSIZE];
130

Andreas Gustafsson's avatar
Andreas Gustafsson committed
131 132
	dns_name_format(&sig->signer, namestr, sizeof(namestr));
	alg_format(sig->algorithm, algstr, sizeof(algstr));
133 134
	snprintf(cp, size, "%s/%s/%d", namestr, algstr, sig->keyid);
}
135

136 137 138 139
void
key_format(const dst_key_t *key, char *cp, unsigned int size) {
	char namestr[DNS_NAME_FORMATSIZE];
	char algstr[DNS_NAME_FORMATSIZE];
140

Andreas Gustafsson's avatar
Andreas Gustafsson committed
141 142
	dns_name_format(dst_key_name(key), namestr, sizeof(namestr));
	alg_format((dns_secalg_t) dst_key_alg(key), algstr, sizeof(algstr));
143
	snprintf(cp, size, "%s/%s/%d", namestr, algstr, dst_key_id(key));
144 145
}

146 147 148 149
void
setup_logging(int verbose, isc_mem_t *mctx, isc_log_t **logp) {
	isc_result_t result;
	isc_logdestination_t destination;
Andreas Gustafsson's avatar
Andreas Gustafsson committed
150 151
	isc_logconfig_t *logconfig = NULL;
	isc_log_t *log = NULL;
152 153
	int level;

154 155
	if (verbose < 0)
		verbose = 0;
156
	switch (verbose) {
Brian Wellington's avatar
Brian Wellington committed
157 158
	case 0:
		/*
159 160 161 162 163 164 165 166 167 168 169 170
		 * We want to see warnings about things like out-of-zone
		 * data in the master file even when not verbose.
		 */
		level = ISC_LOG_WARNING;
		break;
	case 1:
		level = ISC_LOG_INFO;
		break;
	default:
		level = ISC_LOG_DEBUG(verbose - 2 + 1);
		break;
	}
171

172 173 174 175 176
	RUNTIME_CHECK(isc_log_create(mctx, &log, &logconfig) == ISC_R_SUCCESS);
	isc_log_setcontext(log);
	dns_log_init(log);
	dns_log_setcontext(log);

David Lawrence's avatar
David Lawrence committed
177 178
	RUNTIME_CHECK(isc_log_settag(logconfig, program) == ISC_R_SUCCESS);

179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194
	/*
	 * Set up a channel similar to default_stderr except:
	 *  - the logging level is passed in
	 *  - the program name and logging level are printed
	 *  - no time stamp is printed
	 */
	destination.file.stream = stderr;
	destination.file.name = NULL;
	destination.file.versions = ISC_LOG_ROLLNEVER;
	destination.file.maximum_size = 0;
	result = isc_log_createchannel(logconfig, "stderr",
				       ISC_LOG_TOFILEDESC,
				       level,
				       &destination,
				       ISC_LOG_PRINTTAG|ISC_LOG_PRINTLEVEL);
	check_result(result, "isc_log_createchannel()");
195

196 197 198 199 200 201
	RUNTIME_CHECK(isc_log_usechannel(logconfig, "stderr",
					 NULL, NULL) == ISC_R_SUCCESS);

	*logp = log;
}

Brian Wellington's avatar
Brian Wellington committed
202 203 204 205 206 207 208 209 210 211 212 213 214 215 216
void
cleanup_logging(isc_log_t **logp) {
	isc_log_t *log;

	REQUIRE(logp != NULL);

	log = *logp;
	if (log == NULL)
		return;
	isc_log_destroy(&log);
	isc_log_setcontext(NULL);
	dns_log_setcontext(NULL);
	logp = NULL;
}

Brian Wellington's avatar
Brian Wellington committed
217
void
218
setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
Brian Wellington's avatar
Brian Wellington committed
219
	isc_result_t result;
220 221
	isc_entropysource_t *source = NULL;
	entropysource_t *elt;
Brian Wellington's avatar
Brian Wellington committed
222 223 224 225 226 227 228 229
	int usekeyboard = ISC_ENTROPY_KEYBOARDMAYBE;

	REQUIRE(ectx != NULL);
	
	if (*ectx == NULL) {
		result = isc_entropy_create(mctx, ectx);
		if (result != ISC_R_SUCCESS)
			fatal("could not create entropy object");
230
		ISC_LIST_INIT(sources);
Brian Wellington's avatar
Brian Wellington committed
231
	}
232

Brian Wellington's avatar
Brian Wellington committed
233 234 235 236
	if (randomfile != NULL && strcmp(randomfile, "keyboard") == 0) {
		usekeyboard = ISC_ENTROPY_KEYBOARDYES;
		randomfile = NULL;
	}
237

238
	result = isc_entropy_usebestsource(*ectx, &source, randomfile,
Brian Wellington's avatar
Brian Wellington committed
239
					   usekeyboard);
240

241 242 243
	if (result != ISC_R_SUCCESS)
		fatal("could not initialize entropy source: %s",
		      isc_result_totext(result));
244 245

	if (source != NULL) {
Andreas Gustafsson's avatar
Andreas Gustafsson committed
246
		elt = isc_mem_get(mctx, sizeof(*elt));
247 248 249 250 251 252 253
		if (elt == NULL)
			fatal("out of memory");
		elt->source = source;
		elt->mctx = mctx;
		ISC_LINK_INIT(elt, link);
		ISC_LIST_APPEND(sources, elt, link);
	}
Brian Wellington's avatar
Brian Wellington committed
254 255 256 257
}

void
cleanup_entropy(isc_entropy_t **ectx) {
258 259 260 261 262
	entropysource_t *source;
	while (!ISC_LIST_EMPTY(sources)) {
		source = ISC_LIST_HEAD(sources);
		ISC_LIST_UNLINK(sources, source, link);
		isc_entropy_destroysource(&source->source);
Andreas Gustafsson's avatar
Andreas Gustafsson committed
263
		isc_mem_put(source->mctx, source, sizeof(*source));
264
	}
Brian Wellington's avatar
Brian Wellington committed
265 266
	isc_entropy_detach(ectx);
}
267 268

isc_stdtime_t
269
strtotime(const char *str, isc_int64_t now, isc_int64_t base) {
270 271 272 273 274 275 276 277 278 279 280 281 282 283
	isc_int64_t val, offset;
	isc_result_t result;
	char *endp;

	if (str[0] == '+') {
		offset = strtol(str + 1, &endp, 0);
		if (*endp != '\0')
			fatal("time value %s is invalid", str);
		val = base + offset;
	} else if (strncmp(str, "now+", 4) == 0) {
		offset = strtol(str + 4, &endp, 0);
		if (*endp != '\0')
			fatal("time value %s is invalid", str);
		val = now + offset;
284
	} else if (strlen(str) == 8U) {
285 286 287 288 289
		char timestr[15];
		sprintf(timestr, "%s000000", str);
		result = dns_time64_fromtext(timestr, &val);
		if (result != ISC_R_SUCCESS)
			fatal("time value %s is invalid", str);
290 291 292
	} else {
		result = dns_time64_fromtext(str, &val);
		if (result != ISC_R_SUCCESS)
293
			fatal("time value %s is invalid", str);
294 295 296 297
	}

	return ((isc_stdtime_t) val);
}
298 299 300

dns_rdataclass_t
strtoclass(const char *str) {
Mark Andrews's avatar
Mark Andrews committed
301
	isc_textregion_t r;
302 303 304 305 306
	dns_rdataclass_t rdclass;
	isc_result_t ret;

	if (str == NULL)
		return dns_rdataclass_in;
Mark Andrews's avatar
Mark Andrews committed
307
	DE_CONST(str, r.base);
308
	r.length = strlen(str);
Mark Andrews's avatar
Mark Andrews committed
309
	ret = dns_rdataclass_fromtext(&rdclass, &r);
310 311 312 313
	if (ret != ISC_R_SUCCESS)
		fatal("unknown class %s", str);
	return (rdclass);
}