search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Sync usage with man page.
[netbsd-mini2440.git] / external / bsd / bind / dist / bin / dnssec / dnssec-settime.c
blobd37b2ee5ec80f560e5d824af609e5bc568835013
1 /* $NetBSD$ */
2
3 /*
4 * Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
5 *
6 * Permission to use, copy, modify, and/or distribute this software for any
7 * purpose with or without fee is hereby granted, provided that the above
8 * copyright notice and this permission notice appear in all copies.
9 *
10 * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
11 * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
12 * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
13 * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
14 * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
15 * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
16 * PERFORMANCE OF THIS SOFTWARE.
17 */
18
19 /* Id: dnssec-settime.c,v 1.19 2009/10/27 18:56:49 each Exp */
20
21 /*! \file */
22
23 #include <config.h>
24
25 #include <libgen.h>
26 #include <stdlib.h>
27 #include <unistd.h>
28 #include <errno.h>
29 #include <time.h>
30
31 #include <isc/buffer.h>
32 #include <isc/commandline.h>
33 #include <isc/entropy.h>
34 #include <isc/file.h>
35 #include <isc/hash.h>
36 #include <isc/mem.h>
37 #include <isc/print.h>
38 #include <isc/string.h>
39 #include <isc/util.h>
40
41 #include <dns/keyvalues.h>
42 #include <dns/result.h>
43
44 #include <dst/dst.h>
45
46 #include "dnssectool.h"
47
48 const char *program = "dnssec-settime";
49 int verbose;
50
51 static isc_mem_t *mctx = NULL;
52
53 ISC_PLATFORM_NORETURN_PRE static void
54 usage(void) ISC_PLATFORM_NORETURN_POST;
55
56 static void
57 usage(void) {
58 fprintf(stderr, "Usage:\n");
59 fprintf(stderr, " %s [options] keyfile\n\n", program);
60 fprintf(stderr, "Version: %s\n", VERSION);
61 fprintf(stderr, "General options:\n");
62 #ifdef USE_PKCS11
63 fprintf(stderr, "\t\tname of an OpenSSL engine to use "
64 "(default is \"pkcs11\")\n");
65 #else
66 fprintf(stderr, "\t\tname of an OpenSSL engine to use\n");
67 #endif
68 fprintf(stderr, " -f: force update of old-style "
69 "keys\n");
70 fprintf(stderr, " -K directory: set key file location\n");
71 fprintf(stderr, " -v level: set level of verbosity\n");
72 fprintf(stderr, " -h: help\n");
73 fprintf(stderr, "Timing options:\n");
74 fprintf(stderr, " -P date/[+-]offset/none: set/unset key "
75 "publication date\n");
76 fprintf(stderr, " -A date/[+-]offset/none: set key "
77 "activation date\n");
78 fprintf(stderr, " -R date/[+-]offset/none: set key "
79 "revocation date\n");
80 fprintf(stderr, " -I date/[+-]offset/none: set key "
81 "inactivation date\n");
82 fprintf(stderr, " -D date/[+-]offset/none: set key "
83 "deletion date\n");
84 fprintf(stderr, "Printing options:\n");
85 fprintf(stderr, " -p C/P/A/R/U/D/all: print a particular time "
86 "value or values "
87 "[default: all]\n");
88 fprintf(stderr, " -u: print times in unix epoch "
89 "format\n");
90 fprintf(stderr, "Output:\n");
91 fprintf(stderr, " K<name>+<alg>+<new id>.key, "
92 "K<name>+<alg>+<new id>.private\n");
93
94 exit (-1);
95 }
96
97 static void
98 printtime(dst_key_t *key, int type, const char *tag, isc_boolean_t epoch,
99 FILE *stream)
100 {
101 isc_result_t result;
102 const char *output = NULL;
103 isc_stdtime_t when;
104
105 if (tag != NULL)
106 fprintf(stream, "%s: ", tag);
107
108 result = dst_key_gettime(key, type, &when);
109 if (result == ISC_R_NOTFOUND) {
110 fprintf(stream, "UNSET\n");
111 } else if (epoch) {
112 fprintf(stream, "%d\n", (int) when);
113 } else {
114 time_t time = when;
115 output = ctime(&time);
116 fprintf(stream, "%s", output);
117 }
118 }
119
120 int
121 main(int argc, char **argv) {
122 isc_result_t result;
123 #ifdef USE_PKCS11
124 const char *engine = "pkcs11";
125 #else
126 const char *engine = NULL;
127 #endif
128 char *filename = NULL, *directory = NULL;
129 char newname[1024];
130 char keystr[DST_KEY_FORMATSIZE];
131 char *endp, *p;
132 int ch;
133 isc_entropy_t *ectx = NULL;
134 dst_key_t *key = NULL;
135 isc_buffer_t buf;
136 isc_stdtime_t now;
137 isc_stdtime_t pub = 0, act = 0, rev = 0, inact = 0, del = 0;
138 isc_boolean_t setpub = ISC_FALSE, setact = ISC_FALSE;
139 isc_boolean_t setrev = ISC_FALSE, setinact = ISC_FALSE;
140 isc_boolean_t setdel = ISC_FALSE;
141 isc_boolean_t unsetpub = ISC_FALSE, unsetact = ISC_FALSE;
142 isc_boolean_t unsetrev = ISC_FALSE, unsetinact = ISC_FALSE;
143 isc_boolean_t unsetdel = ISC_FALSE;
144 isc_boolean_t printcreate = ISC_FALSE, printpub = ISC_FALSE;
145 isc_boolean_t printact = ISC_FALSE, printrev = ISC_FALSE;
146 isc_boolean_t printinact = ISC_FALSE, printdel = ISC_FALSE;
147 isc_boolean_t force = ISC_FALSE;
148 isc_boolean_t epoch = ISC_FALSE;
149 isc_boolean_t changed = ISC_FALSE;
150
151 if (argc == 1)
152 usage();
153
154 result = isc_mem_create(0, 0, &mctx);
155 if (result != ISC_R_SUCCESS)
156 fatal("Out of memory");
157
158 dns_result_register();
159
160 isc_commandline_errprint = ISC_FALSE;
161
162 isc_stdtime_get(&now);
163
164 while ((ch = isc_commandline_parse(argc, argv,
165 "E:fK:uhp:v:P:A:R:I:D:")) != -1) {
166 switch (ch) {
167 case 'E':
168 engine = isc_commandline_argument;
169 break;
170 case 'f':
171 force = ISC_TRUE;
172 break;
173 case 'p':
174 p = isc_commandline_argument;
175 if (!strcasecmp(p, "all")) {
176 printcreate = ISC_TRUE;
177 printpub = ISC_TRUE;
178 printact = ISC_TRUE;
179 printrev = ISC_TRUE;
180 printinact = ISC_TRUE;
181 printdel = ISC_TRUE;
182 break;
183 }
184
185 do {
186 switch (*p++) {
187 case 'C':
188 printcreate = ISC_TRUE;
189 break;
190 case 'P':
191 printpub = ISC_TRUE;
192 break;
193 case 'A':
194 printact = ISC_TRUE;
195 break;
196 case 'R':
197 printrev = ISC_TRUE;
198 break;
199 case 'I':
200 printinact = ISC_TRUE;
201 break;
202 case 'D':
203 printdel = ISC_TRUE;
204 break;
205 case ' ':
206 break;
207 default:
208 usage();
209 break;
210 }
211 } while (*p != '\0');
212 break;
213 case 'u':
214 epoch = ISC_TRUE;
215 break;
216 case 'K':
217 /*
218 * We don't have to copy it here, but do it to
219 * simplify cleanup later
220 */
221 directory = isc_mem_strdup(mctx,
222 isc_commandline_argument);
223 if (directory == NULL) {
224 fatal("Failed to allocate memory for "
225 "directory");
226 }
227 break;
228 case 'v':
229 verbose = strtol(isc_commandline_argument, &endp, 0);
230 if (*endp != '\0')
231 fatal("-v must be followed by a number");
232 break;
233 case 'P':
234 if (setpub || unsetpub)
235 fatal("-P specified more than once");
236
237 changed = ISC_TRUE;
238 if (!strcasecmp(isc_commandline_argument, "none")) {
239 unsetpub = ISC_TRUE;
240 } else {
241 setpub = ISC_TRUE;
242 pub = strtotime(isc_commandline_argument,
243 now, now);
244 }
245 break;
246 case 'A':
247 if (setact || unsetact)
248 fatal("-A specified more than once");
249
250 changed = ISC_TRUE;
251 if (!strcasecmp(isc_commandline_argument, "none")) {
252 unsetact = ISC_TRUE;
253 } else {
254 setact = ISC_TRUE;
255 act = strtotime(isc_commandline_argument,
256 now, now);
257 }
258 break;
259 case 'R':
260 if (setrev || unsetrev)
261 fatal("-R specified more than once");
262
263 changed = ISC_TRUE;
264 if (!strcasecmp(isc_commandline_argument, "none")) {
265 unsetrev = ISC_TRUE;
266 } else {
267 setrev = ISC_TRUE;
268 rev = strtotime(isc_commandline_argument,
269 now, now);
270 }
271 break;
272 case 'I':
273 if (setinact || unsetinact)
274 fatal("-I specified more than once");
275
276 changed = ISC_TRUE;
277 if (!strcasecmp(isc_commandline_argument, "none")) {
278 unsetinact = ISC_TRUE;
279 } else {
280 setinact = ISC_TRUE;
281 inact = strtotime(isc_commandline_argument,
282 now, now);
283 }
284 break;
285 case 'D':
286 if (setdel || unsetdel)
287 fatal("-D specified more than once");
288
289 changed = ISC_TRUE;
290 if (!strcasecmp(isc_commandline_argument, "none")) {
291 unsetdel = ISC_TRUE;
292 } else {
293 setdel = ISC_TRUE;
294 del = strtotime(isc_commandline_argument,
295 now, now);
296 }
297 break;
298 case '?':
299 if (isc_commandline_option != '?')
300 fprintf(stderr, "%s: invalid argument -%c\n",
301 program, isc_commandline_option);
302 /* Falls into */
303 case 'h':
304 usage();
305
306 default:
307 fprintf(stderr, "%s: unhandled option -%c\n",
308 program, isc_commandline_option);
309 exit(1);
310 }
311 }
312
313 if (argc < isc_commandline_index + 1 ||
314 argv[isc_commandline_index] == NULL)
315 fatal("The key file name was not specified");
316 if (argc > isc_commandline_index + 1)
317 fatal("Extraneous arguments");
318
319 if (directory != NULL) {
320 filename = argv[isc_commandline_index];
321 } else {
322 result = isc_file_splitpath(mctx, argv[isc_commandline_index],
323 &directory, &filename);
324 if (result != ISC_R_SUCCESS)
325 fatal("cannot process filename %s: %s",
326 argv[isc_commandline_index],
327 isc_result_totext(result));
328 }
329
330 if (ectx == NULL)
331 setup_entropy(mctx, NULL, &ectx);
332 result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
333 if (result != ISC_R_SUCCESS)
334 fatal("Could not initialize hash");
335 result = dst_lib_init2(mctx, ectx, engine,
336 ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
337 if (result != ISC_R_SUCCESS)
338 fatal("Could not initialize dst: %s",
339 isc_result_totext(result));
340 isc_entropy_stopcallbacksources(ectx);
341
342 result = dst_key_fromnamedfile(filename, directory,
343 DST_TYPE_PUBLIC | DST_TYPE_PRIVATE,
344 mctx, &key);
345 if (result != ISC_R_SUCCESS)
346 fatal("Invalid keyfile %s: %s",
347 filename, isc_result_totext(result));
348
349 if (!dst_key_isprivate(key))
350 fatal("%s is not a private key", filename);
351
352 dst_key_format(key, keystr, sizeof(keystr));
353
354 if (force)
355 set_keyversion(key);
356 else
357 check_keyversion(key, keystr);
358
359 if (verbose > 2)
360 fprintf(stderr, "%s: %s\n", program, keystr);
361
362 /*
363 * Set time values.
364 */
365 if (setpub)
366 dst_key_settime(key, DST_TIME_PUBLISH, pub);
367 else if (unsetpub)
368 dst_key_unsettime(key, DST_TIME_PUBLISH);
369
370 if (setact)
371 dst_key_settime(key, DST_TIME_ACTIVATE, act);
372 else if (unsetact)
373 dst_key_unsettime(key, DST_TIME_ACTIVATE);
374
375 if (setrev) {
376 if ((dst_key_flags(key) & DNS_KEYFLAG_REVOKE) != 0)
377 fprintf(stderr, "%s: warning: Key %s is already "
378 "revoked; changing the revocation date "
379 "will not affect this.\n",
380 program, keystr);
381 if ((dst_key_flags(key) & DNS_KEYFLAG_KSK) == 0)
382 fprintf(stderr, "%s: warning: Key %s is not flagged as "
383 "a KSK, but -R was used. Revoking a "
384 "ZSK is legal, but undefined.\n",
385 program, keystr);
386 dst_key_settime(key, DST_TIME_REVOKE, rev);
387 } else if (unsetrev) {
388 if ((dst_key_flags(key) & DNS_KEYFLAG_REVOKE) != 0)
389 fprintf(stderr, "%s: warning: Key %s is already "
390 "revoked; removing the revocation date "
391 "will not affect this.\n",
392 program, keystr);
393 dst_key_unsettime(key, DST_TIME_REVOKE);
394 }
395
396 if (setinact)
397 dst_key_settime(key, DST_TIME_INACTIVE, inact);
398 else if (unsetinact)
399 dst_key_unsettime(key, DST_TIME_INACTIVE);
400
401 if (setdel)
402 dst_key_settime(key, DST_TIME_DELETE, del);
403 else if (unsetdel)
404 dst_key_unsettime(key, DST_TIME_DELETE);
405
406 /*
407 * Print out time values, if -p was used.
408 */
409 if (printcreate)
410 printtime(key, DST_TIME_CREATED, "Created", epoch, stdout);
411
412 if (printpub)
413 printtime(key, DST_TIME_PUBLISH, "Publish", epoch, stdout);
414
415 if (printact)
416 printtime(key, DST_TIME_ACTIVATE, "Activate", epoch, stdout);
417
418 if (printrev)
419 printtime(key, DST_TIME_REVOKE, "Revoke", epoch, stdout);
420
421 if (printinact)
422 printtime(key, DST_TIME_INACTIVE, "Inactive", epoch, stdout);
423
424 if (printdel)
425 printtime(key, DST_TIME_DELETE, "Delete", epoch, stdout);
426
427 if (changed) {
428 isc_buffer_init(&buf, newname, sizeof(newname));
429 result = dst_key_buildfilename(key, DST_TYPE_PUBLIC, directory,
430 &buf);
431 if (result != ISC_R_SUCCESS) {
432 fatal("Failed to build public key filename: %s",
433 isc_result_totext(result));
434 }
435
436 result = dst_key_tofile(key, DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
437 directory);
438 if (result != ISC_R_SUCCESS) {
439 dst_key_format(key, keystr, sizeof(keystr));
440 fatal("Failed to write key %s: %s", keystr,
441 isc_result_totext(result));
442 }
443
444 printf("%s\n", newname);
445
446 isc_buffer_clear(&buf);
447 result = dst_key_buildfilename(key, DST_TYPE_PRIVATE, directory,
448 &buf);
449 if (result != ISC_R_SUCCESS) {
450 fatal("Failed to build private key filename: %s",
451 isc_result_totext(result));
452 }
453 printf("%s\n", newname);
454 }
455
456 dst_key_free(&key);
457 dst_lib_destroy();
458 isc_hash_destroy();
459 cleanup_entropy(&ectx);
460 if (verbose > 10)
461 isc_mem_stats(mctx, stdout);
462 isc_mem_free(mctx, directory);
463 isc_mem_destroy(&mctx);
464
465 return (0);
466 }
NetBSD on the FriendlyARM MINI2440