37 #define _DARWIN_C_SOURCE 1
41 #define __BSD_VISIBLE 1
48 #include "scheduler/task.h"
57 static const char *module_str =
"policy_resalt_task";
66 generate_salt(
char *buf,
int len)
68 #ifdef HAVE_ARC4RANDOM
69 arc4random_buf(buf, len);
74 for (i = 0; i < len; i++)
75 buf[i] = rand() & 0xFF;
86 to_hex(
const char *buf,
int len,
char *out)
88 const char *h =
"0123456789abcdef";
91 for (i = 0; i < len; i++) {
92 out[2*i] = h[(buf[i]>>4) & 0x0F];
93 out[2*i+1] = h[buf[i] & 0x0F];
103 performresalt(task_type* task,
char const *policyname,
void *userdata,
104 void *context,
int do_now)
108 time_t resalt_time, now = time_now();
109 char salt[255], salthex[511];
115 ods_log_error(
"[%s] could not fetch policy %s from database,"
116 " rescheduling", module_str, policyname);
119 return schedule_DEFER;
126 return schedule_SUCCESS;
131 if (now >= resalt_time || do_now) {
133 if (saltlength < 0 || saltlength > 255) {
134 ods_log_error(
"[%s] policy %s has an invalid salt length. "
137 return schedule_SUCCESS;
140 #ifndef HAVE_ARC4RANDOM
145 generate_salt(salt, saltlength);
146 to_hex(salt, saltlength, salthex);
152 ods_log_error(
"[%s] db error", module_str);
154 return schedule_DEFER;
157 ods_log_debug(
"[%s] policy %s resalted successfully", module_str,
policy_name(
policy));
166 perform_policy_resalt(task_type* task,
char const *policyname,
void *userdata,
void *context)
168 return performresalt(task, policyname, userdata, context, 0);
172 perform_policy_forceresalt(task_type* task,
char const *policyname,
void *userdata,
void *context)
174 return performresalt(task, policyname, userdata, context, 1);
187 int status = ODS_STATUS_OK;
191 ods_log_error(
"[%s] Unable to get list of policies from database",
194 return ODS_STATUS_ERR;
198 task = task_create(strdup(
policy_name(
policy)), TASK_CLASS_ENFORCER, TASK_TYPE_RESALT, perform_policy_resalt, engine, NULL, time_now());
199 status |= schedule_task(engine->
taskq, task, 1, 0);
212 int status = ODS_STATUS_OK;
216 ods_log_error(
"[%s] Unable to get list of policies from database",
219 return ODS_STATUS_ERR;
223 task = task_create(strdup(
policy_name(
policy)), TASK_CLASS_ENFORCER, TASK_TYPE_RESALT, perform_policy_forceresalt, engine, NULL, time_now());
224 status |= schedule_task(engine->
taskq, task, 1, 0);
const char * policy_name(const policy_t *policy)
unsigned int policy_denial_salt_length(const policy_t *policy)
const policy_t * policy_list_next(policy_list_t *policy_list)
void policy_list_free(policy_list_t *policy_list)
unsigned int policy_denial_salt_last_change(const policy_t *policy)
unsigned int policy_passthrough(const policy_t *policy)
int policy_set_denial_salt_last_change(policy_t *policy, unsigned int denial_salt_last_change)
int policy_set_denial_salt(policy_t *policy, const char *denial_salt_text)
policy_list_t * policy_list_new(const db_connection_t *connection)
int policy_list_get(policy_list_t *policy_list)
void policy_free(policy_t *policy)
unsigned int policy_denial_resalt(const policy_t *policy)
policy_t * policy_new_get_by_name(const db_connection_t *connection, const char *name)
int policy_update(policy_t *policy)
@ POLICY_DENIAL_TYPE_NSEC3
int flush_resalt_task_all(engine_type *engine, db_connection_t *dbconn)
int flush_resalt_task_now(engine_type *engine, db_connection_t *dbconn)
void signconf_task_flush_policy(engine_type *engine, db_connection_t *dbconn, policy_t const *policy)