OpenDNSSEC-enforcer  2.1.12
policy_import.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2014 .SE (The Internet Infrastructure Foundation).
3  * Copyright (c) 2014 OpenDNSSEC AB (svb)
4  * All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  * notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  * notice, this list of conditions and the following disclaimer in the
13  * documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
19  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
21  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
23  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
25  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26  *
27  */
28 
29 #include "log.h"
30 #include "clientpipe.h"
31 #include "db/policy.h"
32 #include "db/policy_key.h"
33 #include "utils/kc_helper.h"
34 #include "db/zone_db.h"
35 #include "db/hsm_key.h"
36 #include "hsmkey/hsm_key_factory.h"
37 #include "signconf/signconf_task.h"
38 
39 #include "policy/policy_import.h"
40 
41 #include <libxml/parser.h>
42 #include <libxml/tree.h>
43 
48  int processed;
49 };
50 
54  char* name;
55  int processed;
56 };
57 
58 static void __policy_import_cleanup(struct __policy_import_policy_key** policy_keys_db, struct __policy_import_policy_key** policy_keys_xml, struct __policy_import_policy** policies) {
59  struct __policy_import_policy_key* policy_key_db;
60  struct __policy_import_policy_key* policy_key_xml;
61  struct __policy_import_policy* policy2;
62 
63  for (policy_key_db = *policy_keys_db; policy_key_db; policy_key_db = *policy_keys_db) {
64  *policy_keys_db = policy_key_db->next;
65  if (policy_key_db->policy_key) {
66  policy_key_free(policy_key_db->policy_key);
67  }
68  free(policy_key_db);
69  }
70  for (policy_key_xml = *policy_keys_xml; policy_key_xml; policy_key_xml = *policy_keys_xml) {
71  *policy_keys_xml = policy_key_xml->next;
72  if (policy_key_xml->policy_key) {
73  policy_key_free(policy_key_xml->policy_key);
74  }
75  free(policy_key_xml);
76  policy_key_xml = *policy_keys_xml;
77  }
78  for (policy2 = *policies; policy2; policy2 = *policies) {
79  *policies = policy2->next;
80  free(policy2->name);
81  free(policy2);
82  }
83 }
84 
85 static int check_duplicated_policy_keys(db_connection_t *dbconn, xmlNodePtr node) {
86  xmlNodePtr node2;
87  xmlNodePtr node3;
88  xmlNodePtr* keys;
89  size_t count = 0, i, j, found;
90  policy_key_t *A, *B = NULL;
91 
92  /*
93  * Count the keys in the XML
94  */
95  for (node2 = node->children; node2; node2 = node2->next) {
96  if (node2->type != XML_ELEMENT_NODE) {
97  continue;
98  }
99  if (strcmp((char*)node2->name, "Keys")) {
100  continue;
101  }
102 
103  for (node3 = node2->children; node3; node3 = node3->next) {
104  if (node3->type != XML_ELEMENT_NODE) {
105  continue;
106  }
107  if (strcmp((char*)node3->name, "KSK")
108  && strcmp((char*)node3->name, "ZSK")
109  && strcmp((char*)node3->name, "CSK"))
110  {
111  continue;
112  }
113  count++;
114  }
115  break; /* Look no further, there is only one 'Keys' section */
116  }
117 
118  if (!count) {
119  return 0;
120  }
121 
122  /*
123  * Allocate an array of nodes and put all keys in it
124  */
125  if (!(keys = (xmlNodePtr*)calloc(count, sizeof(xmlNodePtr)))) {
126  return -1;
127  }
128  for (i = 0, node2 = node->children; node2; node2 = node2->next) {
129  if (node2->type != XML_ELEMENT_NODE) {
130  continue;
131  }
132  if (strcmp((char*)node2->name, "Keys")) {
133  continue;
134  }
135 
136  for (node3 = node2->children; node3; node3 = node3->next) {
137  if (node3->type != XML_ELEMENT_NODE) {
138  continue;
139  }
140  if (strcmp((char*)node3->name, "KSK")
141  && strcmp((char*)node3->name, "ZSK")
142  && strcmp((char*)node3->name, "CSK"))
143  {
144  continue;
145  }
146 
147  if (i >= count) {
148  free(keys);
149  return -1;
150  }
151 
152  keys[i] = node3;
153  i++;
154  }
155  }
156 
157  /*
158  * Walk the array and check for duplicated keys
159  *
160  * TODO: this could be optimized by creating all the policy_key objects
161  * before checking them.
162  */
163  if (!(A = policy_key_new(dbconn))
164  || !(B = policy_key_new(dbconn)))
165  {
166  policy_key_free(A);
167  policy_key_free(B);
168  free(keys);
169  return -1;
170  }
171  for (found = 0, i = 0; i < count && !found; i++) {
172  policy_key_reset(A);
173  if (policy_key_create_from_xml(A, keys[i])) {
174  found = -1;
175  break;
176  }
177  for (j = i + 1; j < count && !found; j++) {
178  policy_key_reset(B);
179  if (policy_key_create_from_xml(B, keys[j])) {
180  found = -1;
181  break;
182  }
183  if (!policy_key_cmp(A, B)) {
184  found = 1;
185  break;
186  }
187  }
188  }
189 
190  policy_key_free(A);
191  policy_key_free(B);
192  free(keys);
193  return found;
194 }
195 
196 int policy_import(int sockfd, engine_type* engine, db_connection_t *dbconn,
197  int do_delete)
198 {
199  xmlDocPtr doc;
200  xmlNodePtr real_root;
201  xmlNodePtr root;
202  xmlNodePtr node;
203  xmlNodePtr node2;
204  xmlNodePtr node3;
205  xmlChar* name;
206  policy_t* policy;
208  const policy_key_t* policy_key2;
209  int updated;
210  int successful;
211  struct __policy_import_policy_key* policy_keys_db = NULL;
212  struct __policy_import_policy_key* policy_key_db;
213  struct __policy_import_policy_key* policy_keys_xml = NULL;
214  struct __policy_import_policy_key* policy_key_xml;
216  int keys_updated;
217  int database_error = 0;
218  int xml_error = 0;
219  char **repositories = NULL;
220  int repository_count = 0;
221  hsm_repository_t* hsm;
222  int i;
223  struct __policy_import_policy* policies = NULL;
224  struct __policy_import_policy* policy2;
226  const policy_t* policy_walk;
227  zone_list_db_t* zone_list;
229  int any_update = 0;
230 
231  if (!engine) {
232  return POLICY_IMPORT_ERR_ARGS;
233  }
234  if (!engine->config) {
235  return POLICY_IMPORT_ERR_ARGS;
236  }
237  if (!engine->config->policy_filename) {
238  return POLICY_IMPORT_ERR_ARGS;
239  }
240  if (!dbconn) {
241  return POLICY_IMPORT_ERR_ARGS;
242  }
243 
244  /*
245  * Retrieve all the current policies so they can be marked processed later
246  * and then the unprocessed can be deleted
247  */
248  if (!(policy_list = policy_list_new_get(dbconn))) {
249  client_printf_err(sockfd, "Unable to fetch all the current policies in the database!\n");
251  }
252  for (policy_walk = policy_list_next(policy_list); policy_walk; policy_walk = policy_list_next(policy_list)) {
253  if (!(policy2 = calloc(1, sizeof(struct __policy_import_policy)))
254  || !(policy2->name = strdup(policy_name(policy_walk))))
255  {
256  client_printf_err(sockfd, "Memory allocation error!\n");
258  if (policy2) {
259  free(policy2);
260  }
261  for (policy2 = policies; policy2; policy2 = policies) {
262  free(policy2->name);
263  policies = policy2->next;
264  free(policy2);
265  }
267  }
268 
269  policy2->next = policies;
270  policies = policy2;
271  }
273 
274  /*
275  * Get HSM Repositories
276  */
277  if (engine->config->repositories) {
278  for (hsm = engine->config->repositories; hsm; hsm = hsm->next, repository_count++)
279  ;
280  if (!(repositories = calloc(repository_count, sizeof(char*)))) {
281  __policy_import_cleanup(&policy_keys_db, &policy_keys_xml, &policies);
283  }
284  for (i = 0, hsm = engine->config->repositories; hsm && i<repository_count; hsm = hsm->next, i++)
285  repositories[i] = hsm->name;
286  }
287 
288  /*
289  * Validate KASP
290  */
291  if (check_kasp(engine->config->policy_filename, repositories, repository_count, 0, NULL, NULL)) {
292  client_printf_err(sockfd, "Unable to validate the KASP XML, please run ods-kaspcheck for more details!\n");
293  if (repositories) {
294  free(repositories);
295  }
296  __policy_import_cleanup(&policy_keys_db, &policy_keys_xml, &policies);
297  return POLICY_IMPORT_ERR_XML;
298  }
299 
300  if (repositories) {
301  free(repositories);
302  }
303 
304  if (!(doc = xmlParseFile(engine->config->policy_filename))) {
305  client_printf_err(sockfd, "Unable to read/parse KASP XML file %s!\n",
306  engine->config->policy_filename);
307  __policy_import_cleanup(&policy_keys_db, &policy_keys_xml, &policies);
308  return POLICY_IMPORT_ERR_XML;
309  }
310 
311  if (!(real_root = xmlDocGetRootElement(doc))) {
312  client_printf_err(sockfd, "Unable to get the root element in the KASP XML!\n");
313  xmlFreeDoc(doc);
314  __policy_import_cleanup(&policy_keys_db, &policy_keys_xml, &policies);
315  return POLICY_IMPORT_ERR_XML;
316  }
317 
318  /*
319  * Check for duplicated policy keys
320  */
321  for (root = real_root; root; root = root->next) {
322  if (root->type != XML_ELEMENT_NODE) {
323  continue;
324  }
325 
326  if (!strcmp((char*)root->name, "KASP")) {
327  for (node = root->children; node; node = node->next) {
328  if (node->type != XML_ELEMENT_NODE) {
329  continue;
330  }
331  if (strcmp((char*)node->name, "Policy")) {
332  continue;
333  }
334 
335  if (!(name = xmlGetProp(node, (const xmlChar*)"name"))) {
336  client_printf_err(sockfd, "Invalid Policy element in KASP XML!\n");
337  xmlFreeDoc(doc);
338  __policy_import_cleanup(&policy_keys_db, &policy_keys_xml, &policies);
339  return POLICY_IMPORT_ERR_XML;
340  }
341 
342  if (check_duplicated_policy_keys(dbconn, node)) {
343  client_printf_err(sockfd, "Duplicated Policy Key elements in KASP XML is not allowed!\n");
344  xmlFree(name);
345  xmlFreeDoc(doc);
346  __policy_import_cleanup(&policy_keys_db, &policy_keys_xml, &policies);
347  return POLICY_IMPORT_ERR_XML;
348  }
349  xmlFree(name);
350  }
351  }
352  }
353 
354  /*
355  * Process XML
356  */
357  for (root = real_root; root; root = root->next) {
358  if (root->type != XML_ELEMENT_NODE) {
359  continue;
360  }
361 
362  if (!strcmp((char*)root->name, "KASP")) {
363  for (node = root->children; node; node = node->next) {
364  if (node->type != XML_ELEMENT_NODE) {
365  continue;
366  }
367  if (strcmp((char*)node->name, "Policy")) {
368  continue;
369  }
370 
371  if (!(name = xmlGetProp(node, (const xmlChar*)"name"))) {
372  client_printf_err(sockfd, "Invalid Policy element in KASP XML!\n");
373  xmlFreeDoc(doc);
374  __policy_import_cleanup(&policy_keys_db, &policy_keys_xml, &policies);
375  return POLICY_IMPORT_ERR_XML;
376  }
377 
378  if (!(policy = policy_new(dbconn))) {
379  client_printf_err(sockfd, "Memory allocation error!\n");
380  xmlFree(name);
381  xmlFreeDoc(doc);
382  __policy_import_cleanup(&policy_keys_db, &policy_keys_xml, &policies);
384  }
385 
386  /*
387  * Fetch the policy by name, if we can't find it create a new
388  * one otherwise update the existing one
389  */
390  if (policy_get_by_name(policy, (char*)name)) {
391  if (policy_create_from_xml(policy, node)) {
392  client_printf_err(sockfd,
393  "Unable to create policy %s from XML, XML content may be invalid!\n",
394  (char*)name);
396  xmlFree(name);
397  xml_error = 1;
398  continue;
399  }
400 
401  if (policy_create(policy)) {
402  client_printf_err(sockfd,
403  "Unable to create policy %s in the database!\n",
404  (char*)name);
406  xmlFree(name);
407  database_error = 1;
408  continue;
409  }
410 
411  if (policy_get_by_name(policy, (char*)name)) {
412  client_printf_err(sockfd,
413  "Unable to get policy %s from the database after creation, the policy may be corrupt in the database now!\n",
414  (char*)name);
416  xmlFree(name);
417  database_error = 1;
418  continue;
419  }
420 
421  /*
422  * Walk deeper into the XML and create all the keys we find
423  */
424  successful = 1;
425  for (node2 = node->children; node2; node2 = node2->next) {
426  if (node2->type != XML_ELEMENT_NODE) {
427  continue;
428  }
429  if (strcmp((char*)node2->name, "Keys")) {
430  continue;
431  }
432 
433  for (node3 = node2->children; node3; node3 = node3->next) {
434  if (node3->type != XML_ELEMENT_NODE) {
435  continue;
436  }
437  if (strcmp((char*)node3->name, "KSK")
438  && strcmp((char*)node3->name, "ZSK")
439  && strcmp((char*)node3->name, "CSK"))
440  {
441  continue;
442  }
443 
444  /*
445  * Create the policy key
446  */
447  if (!(policy_key = policy_key_new(dbconn))) {
448  client_printf_err(sockfd, "Memory allocation error!\n");
451  xmlFree(name);
452  xmlFreeDoc(doc);
453  __policy_import_cleanup(&policy_keys_db, &policy_keys_xml, &policies);
455  }
457  client_printf_err(sockfd,
458  "Unable to create %s key for policy %s from XML!\n",
459  (char*)node3->name, (char*)name);
461  successful = 0;
462  xml_error = 1;
463  continue;
464  }
467  {
468  client_printf_err(sockfd,
469  "Unable to create %s key for policy %s in the database, the policy is not complete in the database now!\n",
470  (char*)node3->name, (char*)name);
472  successful = 0;
473  database_error = 1;
474  continue;
475  }
477  }
478  }
479 
480  if (successful) {
481  ods_log_info("[policy_import] policy %s created", (char*)name);
482  client_printf(sockfd, "Created policy %s successfully\n", (char*)name);
483  any_update = 1;
484  }
485  }
486  else {
487  /*
488  * Mark it processed even if update fails so its not deleted
489  */
490  for (policy2 = policies; policy2; policy2 = policy2->next) {
491  if (policy2->processed) {
492  continue;
493  }
494  if (!strcmp(policy2->name, (char*)name)) {
495  policy2->processed = 1;
496  break;
497  }
498  }
499 
500  /*
501  * Fetch all current keys, put them in a list for later
502  * processing
503  */
504  if (!(policy_key_list = policy_key_list_new(dbconn))
506  {
507  client_printf_err(sockfd,
508  "Unable to retrieve policy keys for policy %s, unknown database error!\n",
509  (char*)name);
512  xmlFree(name);
513  database_error = 1;
514  continue;
515  }
516 
517  /*
518  * Clear the list if its been used before
519  */
520  for (policy_key_db = policy_keys_db; policy_key_db; policy_key_db = policy_keys_db) {
521  policy_keys_db = policy_key_db->next;
522  if (policy_key_db->policy_key) {
523  policy_key_free(policy_key_db->policy_key);
524  }
525  free(policy_key_db);
526  }
527 
528  policy_key2 = policy_key_list_next(policy_key_list);
529  while (policy_key2) {
530  if (!(policy_key_db = calloc(1, sizeof(struct __policy_import_policy_key)))
531  || !(policy_key_db->policy_key = policy_key_new(dbconn))
532  || policy_key_copy(policy_key_db->policy_key, policy_key2))
533  {
534  client_printf_err(sockfd, "Memory allocation or internal error!\n");
535  if (policy_key_db->policy_key) {
536  policy_key_free(policy_key_db->policy_key);
537  }
538  free(policy_key_db);
541  xmlFree(name);
542  xmlFreeDoc(doc);
543  __policy_import_cleanup(&policy_keys_db, &policy_keys_xml, &policies);
545  }
546 
547  policy_key_db->next = policy_keys_db;
548  policy_keys_db = policy_key_db;
549 
550  policy_key2 = policy_key_list_next(policy_key_list);
551  }
553 
554  /*
555  * Update the policy, if any data has changed then updated
556  * will be set to non-zero and if so we update the database
557  */
558  if (policy_update_from_xml(policy, node, &updated)) {
559  client_printf_err(sockfd,
560  "Unable to update policy %s from XML, XML content may be invalid!\n",
561  (char*)name);
563  xmlFree(name);
564  xml_error = 1;
565  continue;
566  }
567 
568  /*
569  * Walk deeper into the XML and create objects for all the
570  * keys we find but do not update the database yet
571  */
572 
573  /*
574  * Clear the list if its been used before
575  */
576  for (policy_key_xml = policy_keys_xml; policy_key_xml; policy_key_xml = policy_keys_xml) {
577  policy_keys_xml = policy_key_xml->next;
578  if (policy_key_xml->policy_key) {
579  policy_key_free(policy_key_xml->policy_key);
580  }
581  free(policy_key_xml);
582  policy_key_xml = policy_keys_xml;
583  }
584 
585  successful = 1;
586  for (node2 = node->children; node2; node2 = node2->next) {
587  if (node2->type != XML_ELEMENT_NODE) {
588  continue;
589  }
590  if (strcmp((char*)node2->name, "Keys")) {
591  continue;
592  }
593 
594  for (node3 = node2->children; node3; node3 = node3->next) {
595  if (node3->type != XML_ELEMENT_NODE) {
596  continue;
597  }
598  if (strcmp((char*)node3->name, "KSK")
599  && strcmp((char*)node3->name, "ZSK")
600  && strcmp((char*)node3->name, "CSK"))
601  {
602  continue;
603  }
604 
605  if (!(policy_key_xml = calloc(1, sizeof(struct __policy_import_policy_key)))
606  || !(policy_key_xml->policy_key = policy_key_new(dbconn)))
607  {
608  client_printf_err(sockfd, "Memory allocation or internal error!\n");
609  if (policy_key_xml->policy_key) {
610  policy_key_free(policy_key_xml->policy_key);
611  }
612  free(policy_key_xml);
614  xmlFree(name);
615  xmlFreeDoc(doc);
616  __policy_import_cleanup(&policy_keys_db, &policy_keys_xml, &policies);
618  }
619 
620  if (policy_key_set_policy_id(policy_key_xml->policy_key, policy_id(policy))
621  || policy_key_create_from_xml(policy_key_xml->policy_key, node3))
622  {
623  client_printf_err(sockfd,
624  "Unable to create %s key for policy %s from XML, XML content may be invalid!\n",
625  (char*)node3->name, (char*)name);
626  successful = 0;
627  if (policy_key_xml->policy_key) {
628  policy_key_free(policy_key_xml->policy_key);
629  }
630  free(policy_key_xml);
631  xml_error = 1;
632  continue;
633  }
634 
635  policy_key_xml->next = policy_keys_xml;
636  policy_keys_xml = policy_key_xml;
637  }
638  }
639 
640  if (!successful) {
641  client_printf_err(sockfd,
642  "Unable to update policy %s from XML because of previous policy key error!\n",
643  (char*)name);
645  xmlFree(name);
646  xml_error = 1;
647  continue;
648  }
649 
650  /*
651  * Compare the two lists, one from the database and the
652  * other from the XML. If the policy key objects match then
653  * mark them processed in both lists.
654  */
655  policy_key_xml = policy_keys_xml;
656  while (policy_key_xml) {
657  if (policy_key_xml->processed) {
658  policy_key_xml = policy_key_xml->next;
659  continue;
660  }
661 
662  policy_key_db = policy_keys_db;
663  while (policy_key_db) {
664  if (policy_key_db->processed) {
665  policy_key_db = policy_key_db->next;
666  continue;
667  }
668 
669  if (!policy_key_cmp(policy_key_xml->policy_key, policy_key_db->policy_key)) {
670  policy_key_xml->processed = 1;
671  policy_key_db->processed = 1;
672  break;
673  }
674 
675  policy_key_db = policy_key_db->next;
676  }
677 
678  policy_key_xml = policy_key_xml->next;
679  }
680 
681  keys_updated = 0;
682 
683  /*
684  * For each object in XML list that has not been processed,
685  * create it in the database
686  */
687  successful = 1;
688  policy_key_xml = policy_keys_xml;
689  while (policy_key_xml) {
690  if (policy_key_xml->processed) {
691  policy_key_xml = policy_key_xml->next;
692  continue;
693  }
694 
695  keys_updated = 1;
696 
697  if (policy_key_create(policy_key_xml->policy_key)) {
698  client_printf_err(sockfd,
699  "Unable to create %s key for policy %s in database!\n",
700  policy_key_role_text(policy_key_xml->policy_key),
701  (char*)name);
702  successful = 0;
703  database_error = 1;
704  continue;
705  }
706 
707  policy_key_xml = policy_key_xml->next;
708  }
709 
710  if (!successful) {
711  client_printf_err(sockfd,
712  "Unable to update policy %s in the database because of previous policy key creation error, policy is not complete in the database now!\n",
713  (char*)name);
715  xmlFree(name);
716  database_error = 1;
717  continue;
718  }
719 
720  /*
721  * For each object in the database list that has not been
722  * processed, delete it from the database
723  */
724  policy_key_db = policy_keys_db;
725  while (policy_key_db) {
726  if (policy_key_db->processed) {
727  policy_key_db = policy_key_db->next;
728  continue;
729  }
730 
731  keys_updated = 1;
732 
733  if (policy_key_delete(policy_key_db->policy_key)) {
734  client_printf_err(sockfd,
735  "Unable to delete %s key for policy %s from database!\n",
736  policy_key_role_text(policy_key_db->policy_key),
737  (char*)name);
738  successful = 0;
739  database_error = 1;
740  continue;
741  }
742 
743  policy_key_db = policy_key_db->next;
744  }
745 
746  if (!successful) {
747  client_printf_err(sockfd,
748  "Unable to update policy %s in the database because of previous policy key deletion error, policy is invalid in the database now!\n",
749  (char*)name);
751  xmlFree(name);
752  database_error = 1;
753  continue;
754  }
755 
756  /*
757  * Update the policy in the database
758  */
759  if (updated) {
760  if (policy_update(policy)) {
761  client_printf_err(sockfd, "Unable to update policy %s in database!\n",
762  (char*)name);
764  xmlFree(name);
765  database_error = 1;
766  continue;
767  }
768 
769  ods_log_info("[policy_import] policy %s updated", (char*)name);
770  client_printf(sockfd, "Updated policy %s successfully\n",
771  (char*)name);
772  any_update = 1;
773  }
774  else if (keys_updated) {
775  ods_log_info("[policy_import] policy %s updated", (char*)name);
776  client_printf(sockfd, "Updated policy %s successfully\n",
777  (char*)name);
778  any_update = 1;
779  }
780  else {
781  client_printf(sockfd, "Policy %s already up-to-date\n",
782  (char*)name);
783  }
784  }
786  xmlFree(name);
787  }
788  }
789  }
790  signconf_task_flush_all(engine, dbconn);
791 
792  if (do_delete) {
793  /*
794  * Delete policies that has not been processed
795  */
796  for (policy2 = policies; policy2; policy2 = policy2->next) {
797  if (policy2->processed) {
798  continue;
799  }
800 
801  if (!(policy = policy_new(dbconn))) {
802  client_printf_err(sockfd, "Memory allocation error!\n");
803  xmlFreeDoc(doc);
804  for (policy2 = policies; policy2; policy2 = policies) {
805  free(policy2->name);
806  policies = policy2->next;
807  free(policy2);
808  }
809  __policy_import_cleanup(&policy_keys_db, &policy_keys_xml, &policies);
811  }
812 
813  if (!policy_get_by_name(policy, policy2->name)) {
814  /*
815  * Check if there are still zones or hsm keys using this policy and
816  * abort if there is
817  */
818  if (!(zone_list = zone_list_db_new_get_by_policy_id(dbconn, policy_id(policy)))) {
819  client_printf_err(sockfd, "Unable to check for zones using policy %s from database!\n", policy2->name);
821  database_error = 1;
822  continue;
823  }
824  if (zone_list_db_next(zone_list)) {
825  zone_list_db_free(zone_list);
826  client_printf_err(sockfd, "Unable to delete policy %s, there are still zones using this policy!\n", policy2->name);
828  database_error = 1;
829  continue;
830  }
831  zone_list_db_free(zone_list);
833  client_printf_err(sockfd, "Unable to check for hsm keys using policy %s from database!\n", policy2->name);
835  database_error = 1;
836  continue;
837  }
840  client_printf_err(sockfd, "Unable to delete policy %s, there are still hsm keys using this policy!\n", policy2->name);
842  database_error = 1;
843  continue;
844  }
846 
847  /*
848  * Try and delete all the policy keys for this policy
849  */
851  client_printf_err(sockfd, "Unable to get policy keys for policy %s from database!\n", policy2->name);
853  database_error = 1;
854  continue;
855  }
856  successful = 1;
859  client_printf_err(sockfd, "Unable to delete policy key %s in policy %s from database!\n", policy_key_role_text(policy_key), policy2->name);
860  database_error = 1;
861  successful = 0;
862  continue;
863  }
864  }
866 
867  if (!successful) {
869  continue;
870  }
871  if (policy_delete(policy)) {
872  client_printf_err(sockfd, "Unable to delete policy %s from database!\n", policy2->name);
874  database_error = 1;
875  continue;
876  }
877 
878  ods_log_info("[policy_import] policy %s deleted", policy2->name);
879  client_printf(sockfd, "Deleted policy %s successfully\n", policy2->name);
880  }
881  else {
882  client_printf_err(sockfd, "Unable to delete policy %s from database!\n", policy2->name);
883  database_error = 1;
884  }
886  }
887  }
888 
889  if (any_update && !engine->config->manual_keygen) {
891  }
892 
893  __policy_import_cleanup(&policy_keys_db, &policy_keys_xml, &policies);
894  xmlFreeDoc(doc);
895  if (database_error) {
897  }
898  if (xml_error) {
899  return POLICY_IMPORT_ERR_XML;
900  }
901  return POLICY_IMPORT_OK;
902 }
const hsm_key_t * hsm_key_list_next(hsm_key_list_t *hsm_key_list)
Definition: hsm_key.c:1924
hsm_key_list_t * hsm_key_list_new_get_by_policy_id(const db_connection_t *connection, const db_value_t *policy_id)
Definition: hsm_key.c:1809
void hsm_key_list_free(hsm_key_list_t *hsm_key_list)
Definition: hsm_key.c:1496
int hsm_key_factory_schedule_generate_all(engine_type *engine, time_t duration)
int check_kasp(const char *kasp, char **repo_list, int repo_count, int verbose, char ***policy_names_out, int *policy_count_out)
Definition: kc_helper.c:1749
const char * policy_name(const policy_t *policy)
Definition: policy.c:813
const policy_t * policy_list_next(policy_list_t *policy_list)
Definition: policy.c:3214
void policy_list_free(policy_list_t *policy_list)
Definition: policy.c:2664
policy_list_t * policy_list_new_get(const db_connection_t *connection)
Definition: policy.c:3079
const db_value_t * policy_id(const policy_t *policy)
Definition: policy.c:805
int policy_get_by_name(policy_t *policy, const char *name)
Definition: policy.c:2040
int policy_create(policy_t *policy)
Definition: policy.c:1561
int policy_delete(policy_t *policy)
Definition: policy.c:2571
void policy_free(policy_t *policy)
Definition: policy.c:518
int policy_update(policy_t *policy)
Definition: policy.c:2110
policy_t * policy_new(const db_connection_t *connection)
Definition: policy.c:479
int policy_update_from_xml(policy_t *policy, xmlNodePtr policy_node, int *updated)
Definition: policy_ext.c:1227
int policy_create_from_xml(policy_t *policy, xmlNodePtr policy_node)
Definition: policy_ext.c:1216
int policy_import(int sockfd, engine_type *engine, db_connection_t *dbconn, int do_delete)
#define POLICY_IMPORT_ERR_ARGS
Definition: policy_import.h:42
#define POLICY_IMPORT_ERR_DATABASE
Definition: policy_import.h:50
#define POLICY_IMPORT_ERR_MEMORY
Definition: policy_import.h:54
#define POLICY_IMPORT_ERR_XML
Definition: policy_import.h:46
#define POLICY_IMPORT_OK
Definition: policy_import.h:38
void policy_key_reset(policy_key_t *policy_key)
Definition: policy_key.c:264
policy_key_list_t * policy_key_list_new(const db_connection_t *connection)
Definition: policy_key.c:963
policy_key_t * policy_key_list_get_next(policy_key_list_t *policy_key_list)
Definition: policy_key.c:1444
int policy_key_copy(policy_key_t *policy_key, const policy_key_t *policy_key_copy)
Definition: policy_key.c:289
int policy_key_cmp(const policy_key_t *policy_key_a, const policy_key_t *policy_key_b)
Definition: policy_key.c:359
int policy_key_delete(policy_key_t *policy_key)
Definition: policy_key.c:913
const policy_key_t * policy_key_list_next(policy_key_list_t *policy_key_list)
Definition: policy_key.c:1378
void policy_key_list_free(policy_key_list_t *policy_key_list)
Definition: policy_key.c:1006
void policy_key_free(policy_key_t *policy_key)
Definition: policy_key.c:246
const char * policy_key_role_text(const policy_key_t *policy_key)
Definition: policy_key.c:494
int policy_key_set_policy_id(policy_key_t *policy_key, const db_value_t *policy_id)
Definition: policy_key.c:574
policy_key_t * policy_key_new(const db_connection_t *connection)
Definition: policy_key.c:209
int policy_key_create(policy_key_t *policy_key)
Definition: policy_key.c:702
policy_key_list_t * policy_key_list_new_get_by_policy_id(const db_connection_t *connection, const db_value_t *policy_id)
Definition: policy_key.c:1299
int policy_key_list_get_by_policy_id(policy_key_list_t *policy_key_list, const db_value_t *policy_id)
Definition: policy_key.c:1236
int policy_key_create_from_xml(policy_key_t *policy_key, xmlNodePtr key_node)
void signconf_task_flush_all(engine_type *engine, db_connection_t *dbconn)
struct __policy_import_policy_key * next
Definition: policy_import.c:46
struct __policy_import_policy * next
Definition: policy_import.c:53
engineconfig_type * config
Definition: engine.h:48
const char * policy_filename
Definition: cfg.h:56
hsm_repository_t * repositories
Definition: cfg.h:79
int manual_keygen
Definition: cfg.h:74
Definition: policy.h:60
zone_list_db_t * zone_list_db_new_get_by_policy_id(const db_connection_t *connection, const db_value_t *policy_id)
Definition: zone_db.c:2524
const zone_db_t * zone_list_db_next(zone_list_db_t *zone_list)
Definition: zone_db.c:2603
void zone_list_db_free(zone_list_db_t *zone_list)
Definition: zone_db.c:1989