33 #include "cmdhandler.h" 38 #include "clientpipe.h" 45 static const char *module_str =
"keystate_rollover_cmd";
48 perform_keystate_rollover(
int sockfd,
db_connection_t *dbconn,
const char * policyname,
49 const char *zonename,
int nkeyrole)
63 client_printf_err(sockfd,
"unknown policy %s\n", policyname);
67 ods_log_error(
"[%s] Error fetching zones", module_str);
68 client_printf_err(sockfd,
"[%s] Error fetching zones", module_str);
76 client_printf (sockfd,
"No zones on policy %s\n",
policy_name(policy));
77 client_printf (sockfd,
"No keys to be rolled\n");
86 client_printf(sockfd,
"zone %s not found\n", zonename);
91 while (listsize > 0) {
98 client_printf(sockfd,
"rolling all keys for zone %s\n",
zone_db_name(zone));
99 ods_log_info(
"[%s] Manual rollover initiated for all keys on Zone: %s",
104 client_printf(sockfd,
"rolling KSK for zone %s\n",
zone_db_name(zone));
105 ods_log_info(
"[%s] Manual rollover initiated for KSK on Zone: %s", module_str,
zone_db_name(zone));
109 client_printf(sockfd,
"rolling ZSK for zone %s\n",
zone_db_name(zone));
110 ods_log_info(
"[%s] Manual rollover initiated for ZSK on Zone: %s", module_str,
zone_db_name(zone));
114 client_printf(sockfd,
"rolling CSK for zone %s\n",
zone_db_name(zone));
115 ods_log_info(
"[%s] Manual rollover initiated for CSK on Zone: %s", module_str,
zone_db_name(zone));
118 ods_log_assert(
false &&
"nkeyrole out of range");
119 ods_log_error_and_printf(sockfd, module_str,
120 "nkeyrole out of range");
125 ods_log_error_and_printf(sockfd, module_str,
126 "updating zone %s in the database failed",
zone_db_name(zone));
128 reterror = error || reterror;
141 client_printf(sockfd,
143 " --zone <zone> | --policy <policy> aka -z | -p \n" 144 " [--keytype <keytype>] aka -t\n" 152 client_printf(sockfd,
153 "Start a key rollover of the desired type *now*. The process is the same\n" 154 "as for the scheduled automated rollovers however it does not wait for\n" 155 "the keys lifetime to expire before rolling. The next rollover is due\n" 156 "after the newest key aged passed its lifetime.\n" 158 "zone limit the output to the given the zone\n" 159 "policy limit the output to the given the policy\n" 160 "keytype limit the output to the given type, can be KSK, ZSK or CSK (default is all)\n\n" 165 run(
int sockfd, cmdhandler_ctx_type* context,
const char *cmd)
167 char buf[ODS_SE_MAXLINE];
169 const char *argv[
NARGV];
170 int argc = 0, error, nkeytype = 0;
171 int long_index = 0, opt = 0;
172 const char *zone = NULL, *keytype = NULL, *policy = NULL;
176 static struct option long_options[] = {
177 {
"zone", required_argument, 0,
'z'},
178 {
"policy", required_argument, 0,
'p'},
179 {
"keytype", required_argument, 0,
't'},
186 strncpy(buf, cmd,
sizeof(buf));
187 buf[
sizeof(buf)-1] =
'\0';
190 argc = ods_str_explode(buf,
NARGV, argv);
192 client_printf_err(sockfd,
"too many arguments\n");
193 ods_log_error(
"[%s] too many arguments for %s command",
199 while ((opt = getopt_long(argc, (
char*
const*)argv,
"p:z:t:", long_options, &long_index)) != -1) {
211 client_printf_err(sockfd,
"unknown arguments\n");
212 ods_log_error(
"[%s] unknown arguments for %s command",
218 if (!zone && !policy) {
219 ods_log_warning(
"[%s] expected either --zone <zone> or --policy <policy> for %s command",
221 client_printf(sockfd,
"expected either --zone <zone> or --policy <policy> option\n");
224 else if (zone && policy) {
225 ods_log_warning(
"[%s] expected either --zone <zone> or --policy <policy> for %s command",
227 client_printf(sockfd,
"expected either --zone <zone> or --policy <policy> option\n");
232 if (!strncasecmp(keytype,
"KSK", 3)) {
234 }
else if (!strncasecmp(keytype,
"ZSK", 3)) {
236 }
else if (!strncasecmp(keytype,
"CSK", 3)) {
239 ods_log_warning(
"[%s] given keytype \"%s\" invalid",
241 client_printf(sockfd,
"given keytype \"%s\" invalid\n",
247 error = perform_keystate_rollover(sockfd, dbconn, policy, zone, nkeytype);
255 "key rollover", &usage, &help, NULL, &run
zone_db_t * zone_db_new_get_by_name(const db_connection_t *connection, const char *name)
void zone_db_free(zone_db_t *zone)
zone_db_t * zone_list_db_get_next(zone_list_db_t *zone_list)
const char * policy_name(const policy_t *policy)
int zone_db_set_roll_ksk_now(zone_db_t *zone, unsigned int roll_ksk_now)
int zone_db_set_roll_zsk_now(zone_db_t *zone, unsigned int roll_zsk_now)
void enforce_task_flush_all(engine_type *engine, db_connection_t *dbconn)
engine_type * getglobalcontext(cmdhandler_ctx_type *context)
db_connection_t * getconnectioncontext(cmdhandler_ctx_type *context)
void policy_free(policy_t *policy)
const char * zone_db_name(const zone_db_t *zone)
policy_t * policy_new(const db_connection_t *connection)
int policy_retrieve_zone_list(policy_t *policy)
struct cmd_func_block key_rollover_funcblock
zone_list_db_t * policy_zone_list(policy_t *policy)
int policy_get_by_name(policy_t *policy, const char *name)
int zone_db_set_next_change(zone_db_t *zone, int next_change)
int zone_db_update(zone_db_t *zone)
size_t zone_list_db_size(zone_list_db_t *zone_list)
int zone_db_set_roll_csk_now(zone_db_t *zone, unsigned int roll_csk_now)