diff options
author | Martin Nagy <mnagy@redhat.com> | 2009-02-11 20:37:59 +0100 |
---|---|---|
committer | Martin Nagy <mnagy@redhat.com> | 2009-02-11 20:37:59 +0100 |
commit | f50ae72ec3417cae55dd4e085991c01af9fdc5f1 (patch) | |
tree | 0e36c9a3320f6d068df93d3ff6d84b821d23db40 /contrib/zkt/zconf.c | |
download | bind_dynamic-start.tar.gz bind_dynamic-start.tar.xz bind_dynamic-start.zip |
Initial commitstart
Diffstat (limited to 'contrib/zkt/zconf.c')
-rw-r--r-- | contrib/zkt/zconf.c | 775 |
1 files changed, 775 insertions, 0 deletions
diff --git a/contrib/zkt/zconf.c b/contrib/zkt/zconf.c new file mode 100644 index 0000000..1dee484 --- /dev/null +++ b/contrib/zkt/zconf.c @@ -0,0 +1,775 @@ +/**************************************************************** +** +** @(#) zconf.c -- configuration file parser for dnssec.conf +** +** Most of the code is from the SixXS Heartbeat Client +** written by Jeroen Massar <jeroen@sixxs.net> +** +** New config types and some slightly code changes +** by Holger Zuleger +** +** Copyright (c) Aug 2005, Jeroen Massar, Holger Zuleger. +** All rights reserved. +** +** This software is open source. +** +** Redistribution and use in source and binary forms, with or without +** modification, are permitted provided that the following conditions +** are met: +** +** Redistributions of source code must retain the above copyright notice, +** this list of conditions and the following disclaimer. +** +** Redistributions in binary form must reproduce the above copyright notice, +** this list of conditions and the following disclaimer in the documentation +** and/or other materials provided with the distribution. +** +** Neither the name of Jeroen Masar or Holger Zuleger nor the +** names of its contributors may be used to endorse or promote products +** derived from this software without specific prior written permission. +** +** THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS +** "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +** TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +** PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE +** LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +** CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +** SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +** INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +** CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +** ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +** POSSIBILITY OF SUCH DAMAGE. +** +****************************************************************/ +# include <sys/types.h> +# include <stdio.h> +# include <errno.h> +# include <unistd.h> +# include <stdlib.h> +# include <stdarg.h> +# include <string.h> +# include <strings.h> +# include <assert.h> +# include <ctype.h> + +#ifdef HAVE_CONFIG_H +# include "config.h" +#endif +# include "config_zkt.h" +# include "debug.h" +# include "misc.h" +#define extern +# include "zconf.h" +#undef extern +# include "dki.h" + +# define ISTRUE(val) (strcasecmp (val, "yes") == 0 || \ + strcasecmp (val, "true") == 0 ) +# define ISCOMMENT(cp) (*(cp) == '#' || *(cp) == ';' || \ + (*(cp) == '/' && *((cp)+1) == '/') ) +# define ISDELIM(c) ( isspace (c) || (c) == ':' || (c) == '=' ) + + +typedef enum { + CONF_END = 0, + CONF_STRING, + CONF_INT, + CONF_TIMEINT, + CONF_BOOL, + CONF_ALGO, + CONF_SERIAL, + CONF_FACILITY, + CONF_LEVEL, + CONF_COMMENT, +} ctype_t; + +/***************************************************************** +** private (static) variables +*****************************************************************/ +static zconf_t def = { + ZONEDIR, RECURSIVE, + PRINTTIME, PRINTAGE, LJUST, + SIG_VALIDITY, MAX_TTL, KEY_TTL, PROPTIME, Incremental, + RESIGN_INT, + KSK_LIFETIME, KSK_ALGO, KSK_BITS, KSK_RANDOM, + ZSK_LIFETIME, ZSK_ALGO, ZSK_BITS, ZSK_RANDOM, + NULL, /* viewname cmdline paramter */ + LOGFILE, LOGLEVEL, SYSLOGFACILITY, SYSLOGLEVEL, VERBOSELOG, 0, + DNSKEYFILE, ZONEFILE, KEYSETDIR, + LOOKASIDEDOMAIN, + SIG_RANDOM, SIG_PSEUDO, SIG_GENDS, SIG_PARAM, + DIST_CMD /* deafults to NULL which means to run "rndc reload" */ +}; + +typedef struct { + char *label; /* the name of the paramter */ + int cmdline; /* is this a command line parameter ? */ + ctype_t type; /* the parameter type */ + void *var; /* pointer to the parameter variable */ +} zconf_para_t; + +static zconf_para_t confpara[] = { + { "", 0, CONF_COMMENT, ""}, + { "", 0, CONF_COMMENT, "\t@(#) dnssec.conf " ZKT_VERSION }, + { "", 0, CONF_COMMENT, ""}, + { "", 0, CONF_COMMENT, NULL }, + + { "", 0, CONF_COMMENT, "dnssec-zkt options" }, + { "Zonedir", 0, CONF_STRING, &def.zonedir }, + { "Recursive", 0, CONF_BOOL, &def.recursive }, + { "PrintTime", 0, CONF_BOOL, &def.printtime }, + { "PrintAge", 0, CONF_BOOL, &def.printage }, + { "LeftJustify", 0, CONF_BOOL, &def.ljust }, + + { "", 0, CONF_COMMENT, NULL }, + { "", 0, CONF_COMMENT, "zone specific values" }, + { "ResignInterval", 0, CONF_TIMEINT, &def.resign }, + { "Sigvalidity", 0, CONF_TIMEINT, &def.sigvalidity }, + { "Max_TTL", 0, CONF_TIMEINT, &def.max_ttl }, + { "Propagation", 0, CONF_TIMEINT, &def.proptime }, + { "KEY_TTL", 0, CONF_TIMEINT, &def.key_ttl }, +#if defined (DEF_TTL) + { "def_ttl", 0, CONF_TIMEINT, &def.def_ttl }, +#endif + { "Serialformat", 0, CONF_SERIAL, &def.serialform }, + + { "", 0, CONF_COMMENT, NULL }, + { "", 0, CONF_COMMENT, "signing key parameters"}, + { "KSK_lifetime", 0, CONF_TIMEINT, &def.k_life }, + { "KSK_algo", 0, CONF_ALGO, &def.k_algo }, + { "KSK_bits", 0, CONF_INT, &def.k_bits }, + { "KSK_randfile", 0, CONF_STRING, &def.k_random }, + { "ZSK_lifetime", 0, CONF_TIMEINT, &def.z_life }, + { "ZSK_algo", 0, CONF_ALGO, &def.z_algo }, + { "ZSK_bits", 0, CONF_INT, &def.z_bits }, + { "ZSK_randfile", 0, CONF_STRING, &def.z_random }, + + { "", 0, CONF_COMMENT, NULL }, + { "", 0, CONF_COMMENT, "dnssec-signer options"}, + { "--view", 1, CONF_STRING, &def.view }, + { "LogFile", 0, CONF_STRING, &def.logfile }, + { "LogLevel", 0, CONF_LEVEL, &def.loglevel }, + { "SyslogFacility", 0, CONF_FACILITY, &def.syslogfacility }, + { "SyslogLevel", 0, CONF_LEVEL, &def.sysloglevel }, + { "VerboseLog", 0, CONF_INT, &def.verboselog }, + { "-v", 1, CONF_INT, &def.verbosity }, + { "Keyfile", 0, CONF_STRING, &def.keyfile }, + { "Zonefile", 0, CONF_STRING, &def.zonefile }, + { "KeySetDir", 0, CONF_STRING, &def.keysetdir }, + { "DLV_Domain", 0, CONF_STRING, &def.lookaside }, + { "Sig_Randfile", 0, CONF_STRING, &def.sig_random }, + { "Sig_Pseudorand", 0, CONF_BOOL, &def.sig_pseudo }, + { "Sig_GenerateDS", 1, CONF_BOOL, &def.sig_gends }, + { "Sig_Parameter", 0, CONF_STRING, &def.sig_param }, + { "Distribute_Cmd", 0, CONF_STRING, &def.dist_cmd }, + + { NULL, 0, CONF_END, NULL}, +}; + +/***************************************************************** +** private (static) function deklaration and definition +*****************************************************************/ +static const char *bool2str (int val) +{ + return val ? "True" : "False"; +} + +static const char *timeint2str (ulong val) +{ + static char str[20+1]; + + if ( val == 0 ) + snprintf (str, sizeof (str), "%lu", val / YEARSEC); + else if ( val % YEARSEC == 0 ) + snprintf (str, sizeof (str), "%luy", val / YEARSEC); + else if ( val % WEEKSEC == 0 ) + snprintf (str, sizeof (str), "%luw", val / WEEKSEC); + else if ( val % DAYSEC == 0 ) + snprintf (str, sizeof (str), "%lud", val / DAYSEC); + else if ( val % HOURSEC == 0 ) + snprintf (str, sizeof (str), "%luh", val / HOURSEC); + else if ( val % MINSEC == 0 ) + snprintf (str, sizeof (str), "%lum", val / MINSEC); + else + snprintf (str, sizeof (str), "%lus", val); + + return str; +} + +static int set_varptr (char *entry, void *ptr) +{ + zconf_para_t *c; + + for ( c = confpara; c->label; c++ ) + if ( strcasecmp (entry, c->label) == 0 ) + { + c->var = ptr; + return 1; + } + return 0; +} + +static void set_all_varptr (zconf_t *cp) +{ + set_varptr ("zonedir", &cp->zonedir); + set_varptr ("recursive", &cp->recursive); + set_varptr ("printage", &cp->printage); + set_varptr ("printtime", &cp->printtime); + set_varptr ("leftjustify", &cp->ljust); + + set_varptr ("resigninterval", &cp->resign); + set_varptr ("sigvalidity", &cp->sigvalidity); + set_varptr ("max_ttl", &cp->max_ttl); + set_varptr ("key_ttl", &cp->key_ttl); + set_varptr ("propagation", &cp->proptime); +#if defined (DEF_TTL) + set_varptr ("def_ttl", &cp->def_ttl); +#endif + set_varptr ("serialformat", &cp->serialform); + + set_varptr ("ksk_lifetime", &cp->k_life); + set_varptr ("ksk_algo", &cp->k_algo); + set_varptr ("ksk_bits", &cp->k_bits); + set_varptr ("ksk_randfile", &cp->k_random); + + set_varptr ("zsk_lifetime", &cp->z_life); + set_varptr ("zsk_algo", &cp->z_algo); + set_varptr ("zsk_bits", &cp->z_bits); + set_varptr ("zsk_randfile", &cp->z_random); + + set_varptr ("--view", &cp->view); + set_varptr ("logfile", &cp->logfile); + set_varptr ("loglevel", &cp->loglevel); + set_varptr ("syslogfacility", &cp->syslogfacility); + set_varptr ("sysloglevel", &cp->sysloglevel); + set_varptr ("verboselog", &cp->verboselog); + set_varptr ("-v", &cp->verbosity); + set_varptr ("keyfile", &cp->keyfile); + set_varptr ("zonefile", &cp->zonefile); + set_varptr ("keysetdir", &cp->keysetdir); + set_varptr ("dlv_domain", &cp->lookaside); + set_varptr ("sig_randfile", &cp->sig_random); + set_varptr ("sig_pseudorand", &cp->sig_pseudo); + set_varptr ("sig_generateds", &cp->sig_gends); + set_varptr ("sig_parameter", &cp->sig_param); + set_varptr ("distribute_cmd", &cp->dist_cmd); +} + +static void parseconfigline (char *buf, unsigned int line, zconf_t *z) +{ + char *end, *val, *p; + char *tag; + unsigned int len, found; + zconf_para_t *c; + + p = &buf[strlen(buf)-1]; /* Chop off white space at eol */ + while ( p >= buf && isspace (*p) ) + *p-- = '\0'; + + for (p = buf; isspace (*p); p++ ) /* Ignore leading white space */ + ; + + /* Ignore comments and emtpy lines */ + if ( *p == '\0' || ISCOMMENT (p) ) + return; + + tag = p; + /* Get the end of the first argument */ + end = &buf[strlen(buf)-1]; + while ( p < end && !ISDELIM (*p) ) /* Skip until delim */ + p++; + *p++ = '\0'; /* Terminate this argument */ + dbg_val1 ("Parsing \"%s\"\n", tag); + + + while ( p < end && ISDELIM (*p) ) /* Skip delim chars */ + p++; + + val = p; /* Start of the value */ + dbg_val1 ("\tgot value \"%s\"\n", val); + + /* If starting with quote, skip until next quote */ + if ( *p == '"' || *p == '\'' ) + { + p++; /* Find next quote */ + while ( p <= end && *p && *p != *val ) + p++; + *p = '\0'; + val++; /* Skip the first quote */ + } + else /* Otherwise check if there is any comment char at the end */ + { + while ( p < end && *p && !ISCOMMENT(p) ) + p++; + if ( ISCOMMENT (p) ) + { + do /* Chop off white space before comment */ + *p-- = '\0'; + while ( p >= val && isspace (*p) ); + } + } + + /* Otherwise it is already terminated above */ + + found = 0; + c = confpara; + while ( !found && c->type != CONF_END ) + { + len = strlen (c->label); + if ( strcasecmp (tag, c->label) == 0 ) + { + char **str; + char quantity; + int ival; + + found = 1; + switch ( c->type ) + { + case CONF_LEVEL: + case CONF_FACILITY: + case CONF_STRING: + str = (char **)c->var; + *str = strdup (val); + str_untaint (*str); /* remove "bad" characters */ + break; + case CONF_INT: + sscanf (val, "%d", (int *)c->var); + break; + case CONF_TIMEINT: + quantity = 'd'; + sscanf (val, "%d%c", &ival, &quantity); + if ( quantity == 'm' ) + ival *= MINSEC; + else if ( quantity == 'h' ) + ival *= HOURSEC; + else if ( quantity == 'd' ) + ival *= DAYSEC; + else if ( quantity == 'w' ) + ival *= WEEKSEC; + else if ( quantity == 'y' ) + ival *= YEARSEC; + (*(int *)c->var) = ival; + break; + case CONF_ALGO: + if ( strcasecmp (val, "rsa") == 0 || strcasecmp (val, "rsamd5") == 0 ) + *((int *)c->var) = DK_ALGO_RSA; + else if ( strcasecmp (val, "dsa") == 0 ) + *((int *)c->var) = DK_ALGO_DSA; + else if ( strcasecmp (val, "rsasha1") == 0 ) + *((int *)c->var) = DK_ALGO_RSASHA1; + else + error ("Illegal algorithm \"%s\" " + "in line %d.\n" , val, line); + break; + case CONF_SERIAL: + if ( strcasecmp (val, "unixtime") == 0 ) + *((serial_form_t *)c->var) = Unixtime; + else if ( strcasecmp (val, "incremental") == 0 ) + *((serial_form_t *)c->var) = Incremental; + else + error ("Illegal serial no format \"%s\" " + "in line %d.\n" , val, line); + break; + case CONF_BOOL: + *((int *)c->var) = ISTRUE (val); + break; + default: + fatal ("Illegal configuration type in line %d.\n", line); + } + } + c++; + } + if ( !found ) + error ("Unknown configuration statement: %s \"%s\"\n", tag, val); + return; +} + +static void printconfigline (FILE *fp, zconf_para_t *cp) +{ + int i; + + assert (fp != NULL); + assert (cp != NULL); + + switch ( cp->type ) + { + case CONF_COMMENT: + if ( cp->var ) + fprintf (fp, "# %s\n", (char *)cp->var); + else + fprintf (fp, "\n"); + break; + case CONF_LEVEL: + case CONF_FACILITY: + if ( *(char **)cp->var != NULL ) + { + if ( **(char **)cp->var != '\0' ) + { + char *p; + + fprintf (fp, "%s:\t", cp->label); + for ( p = *(char **)cp->var; *p; p++ ) + putc (toupper (*p), fp); + fprintf (fp, "\n"); + } + else + fprintf (fp, "%s:\tNONE", cp->label); + } + break; + case CONF_STRING: + if ( *(char **)cp->var ) + fprintf (fp, "%s:\t\"%s\"\n", cp->label, *(char **)cp->var); + break; + case CONF_BOOL: + fprintf (fp, "%s:\t%s\n", cp->label, bool2str ( *(int*)cp->var )); + break; + case CONF_TIMEINT: + i = *(ulong*)cp->var; + fprintf (fp, "%s:\t%s", cp->label, timeint2str (i)); + if ( i ) + fprintf (fp, "\t# (%d seconds)", i); + putc ('\n', fp); + break; + case CONF_ALGO: + i = *(int*)cp->var; + fprintf (fp, "%s:\t%s", cp->label, dki_algo2str (i)); + fprintf (fp, "\t# (Algorithm ID %d)\n", i); + break; + case CONF_SERIAL: + fprintf (fp, "%s:\t", cp->label); + if ( *(serial_form_t*)cp->var == Unixtime ) + fprintf (fp, "unixtime\n"); + else + fprintf (fp, "incremental\n"); + break; + case CONF_INT: + fprintf (fp, "%s:\t%d\n", cp->label, *(int *)cp->var); + break; + case CONF_END: + /* NOTREACHED */ + break; + } +} + +/***************************************************************** +** public function definition +*****************************************************************/ + +/***************************************************************** +** loadconfig (file, conf) +** Loads a config file into the "conf" structure pointed to by "z". +** If "z" is NULL then a new conf struct will be dynamically +** allocated. +** If no filename is given the conf struct will be initialized +** by the builtin default config +*****************************************************************/ +zconf_t *loadconfig (const char *filename, zconf_t *z) +{ + FILE *fp; + char buf[1023+1]; + unsigned int line; + + if ( z == NULL ) /* allocate new memory for zconf_t */ + { + if ( (z = calloc (1, sizeof (zconf_t))) == NULL ) + return NULL; + + if ( filename && *filename ) + memcpy (z, &def, sizeof (*z)); /* init new struct with defaults */ + } + + if ( filename == NULL || *filename == '\0' ) /* no file name given... */ + { + dbg_val0("loadconfig (NULL)\n"); + memcpy (z, &def, sizeof (*z)); /* ..then init with defaults */ + return z; + } + + dbg_val1 ("loadconfig (%s)\n", filename); + set_all_varptr (z); + + if ( (fp = fopen(filename, "r")) == NULL ) + fatal ("Could not open config file \"%s\"\n", filename); + + line = 0; + while (fgets(buf, sizeof(buf), fp)) + { + line++; + + parseconfigline (buf, line, z); + } + fclose(fp); + return z; +} + +# define STRCONFIG_DELIMITER ";\r\n" +zconf_t *loadconfig_fromstr (const char *str, zconf_t *z) +{ + char *buf; + char *tok, *toksave; + unsigned int line; + + if ( z == NULL ) + { + if ( (z = calloc (1, sizeof (zconf_t))) == NULL ) + return NULL; + memcpy (z, &def, sizeof (*z)); /* init with defaults */ + } + + if ( str == NULL || *str == '\0' ) + { + dbg_val0("loadconfig_fromstr (NULL)\n"); + memcpy (z, &def, sizeof (*z)); /* init with defaults */ + return z; + } + + dbg_val1 ("loadconfig_fromstr (\"%s\")\n", str); + set_all_varptr (z); + + /* str is const, so we have to copy it into a new buffer */ + if ( (buf = strdup (str)) == NULL ) + fatal ("loadconfig_fromstr: Out of memory"); + + line = 0; + tok = strtok_r (buf, STRCONFIG_DELIMITER, &toksave); + while ( tok ) + { + line++; + parseconfigline (tok, line, z); + tok = strtok_r (NULL, STRCONFIG_DELIMITER, &toksave); + } + free (buf); + return z; +} + +/***************************************************************** +** dupconfig (config) +** duplicate config struct and return a ptr to the new struct +*****************************************************************/ +zconf_t *dupconfig (const zconf_t *conf) +{ + zconf_t *z; + + assert (conf != NULL); + + if ( (z = calloc (1, sizeof (zconf_t))) == NULL ) + return NULL; + + memcpy (z, conf, sizeof (*conf)); + + return z; +} + +/***************************************************************** +** setconfigpar (entry, pval) +*****************************************************************/ +int setconfigpar (zconf_t *config, char *entry, const void *pval) +{ + char *str; + zconf_para_t *c; + + set_all_varptr (config); + + for ( c = confpara; c->type != CONF_END; c++ ) + if ( strcasecmp (entry, c->label) == 0 ) + { + switch ( c->type ) + { + case CONF_LEVEL: + case CONF_FACILITY: + case CONF_STRING: + if ( pval ) + { + str = strdup ((char *)pval); + str_untaint (str); /* remove "bad" characters */ + } + else + str = NULL; + *((char **)c->var) = str; + break; + case CONF_BOOL: + /* fall through */ + case CONF_ALGO: + /* fall through */ + case CONF_TIMEINT: + /* fall through */ + case CONF_INT: + *((int *)c->var) = *((int *)pval); + break; + case CONF_SERIAL: + *((serial_form_t *)c->var) = *((serial_form_t *)pval); + break; + case CONF_COMMENT: + case CONF_END: + /* NOTREACHED */ + break; + } + return 1; + } + return 0; +} + +/***************************************************************** +** printconfig (fname, config) +*****************************************************************/ +int printconfig (const char *fname, const zconf_t *z) +{ + zconf_para_t *cp; + FILE *fp; + + if ( z == NULL ) + return 0; + + fp = stdout; + if ( fname && *fname ) + { + if ( strcmp (fname, "stdout") == 0 ) + fp = stdout; + else if ( strcmp (fname, "stderr") == 0 ) + fp = stderr; + else if ( (fp = fopen(fname, "w")) == NULL ) + { + error ("Could not open config file \"%s\" for writing\n", fname); + return -1; + } + } + + set_all_varptr ((zconf_t *)z); + + for ( cp = confpara; cp->type != CONF_END; cp++ ) /* loop through all parameter */ + if ( !cp->cmdline ) /* if this is not a command line parameter ? */ + printconfigline (fp, cp); /* print it out */ + + if ( fp && fp != stdout && fp != stderr ) + fclose (fp); + + return 1; +} + +#if 0 +/***************************************************************** +** printconfigdiff (fname, conf_a, conf_b) +*****************************************************************/ +int printconfigdiff (const char *fname, const zconf_t *ref, const zconf_t *z) +{ + zconf_para_t *cp; + FILE *fp; + + if ( ref == NULL || z == NULL ) + return 0; + + fp = NULL; + if ( fname && *fname ) + { + if ( strcmp (fname, "stdout") == 0 ) + fp = stdout; + else if ( strcmp (fname, "stderr") == 0 ) + fp = stderr; + else if ( (fp = fopen(fname, "w")) == NULL ) + { + error ("Could not open config file \"%s\" for writing\n", fname); + return -1; + } + } + + set_all_varptr ((zconf_t *)z); + + for ( cp = confpara; cp->type != CONF_END; cp++ ) /* loop through all parameter */ + { + if ( cp->cmdline ) + continue; + + + printconfigline (fp, cp); /* print it out */ + } + + if ( fp && fp != stdout && fp != stderr ) + fclose (fp); + + return 1; +} +#endif + +/***************************************************************** +** checkconfig (config) +*****************************************************************/ +int checkconfig (const zconf_t *z) +{ + if ( z == NULL ) + return 1; + + if ( z->sigvalidity < (1 * DAYSEC) || z->sigvalidity > (12 * WEEKSEC) ) + { + fprintf (stderr, "Signature should be valid for at least 1 day and no longer than 3 month (12 weeks)\n"); + fprintf (stderr, "The current value is %s\n", timeint2str (z->sigvalidity)); + } + + if ( z->resign > (z->sigvalidity*5/6) - (z->max_ttl + z->proptime) ) + { + fprintf (stderr, "Re-signing interval (%s) should be less than ", timeint2str (z->resign)); + fprintf (stderr, "5/6 of sigvalidity\n"); + } + if ( z->resign < (z->max_ttl + z->proptime) ) + { + fprintf (stderr, "Re-signing interval (%s) should be ", timeint2str (z->resign)); + fprintf (stderr, "greater than max_ttl (%d) plus ", z->max_ttl); + fprintf (stderr, "propagation time (%d)\n", z->proptime); + } + + if ( z->max_ttl >= z->sigvalidity ) + fprintf (stderr, "Max TTL (%d) should be less than signatur validity (%d)\n", + z->max_ttl, z->sigvalidity); + + if ( z->z_life > (12 * WEEKSEC) * (z->z_bits / 512.) ) + { + fprintf (stderr, "Lifetime of zone signing key (%s) ", timeint2str (z->z_life)); + fprintf (stderr, "seems a little bit high "); + fprintf (stderr, "(In respect of key size (%d))\n", z->z_bits); + } + + if ( z->k_life > 0 && z->k_life <= z->z_life ) + { + fprintf (stderr, "Lifetime of key signing key (%s) ", timeint2str (z->k_life)); + fprintf (stderr, "should be greater than lifetime of zsk\n"); + } + if ( z->k_life > 0 && z->k_life > (26 * WEEKSEC) * (z->k_bits / 512.) ) + { + fprintf (stderr, "Lifetime of key signing key (%s) ", timeint2str (z->k_life)); + fprintf (stderr, "seems a little bit high "); + fprintf (stderr, "(In respect of key size (%d))\n", z->k_bits); + } + + return 1; +} + +#ifdef CONF_TEST +const char *progname; +static zconf_t *config; + +main (int argc, char *argv[]) +{ + char *optstr; + int val; + + progname = *argv; + + config = loadconfig ("", (zconf_t *) NULL); /* load built in defaults */ + + while ( --argc >= 1 ) + { + optstr = *++argv; + config = loadconfig_fromstr (optstr, config); + } + + val = 1; + setconfigpar (config, "-v", &val); + val = 2; + setconfigpar (config, "verboselog", &val); + val = 1; + setconfigpar (config, "recursive", &val); + val = 1200; + setconfigpar (config, "propagation", &val); + + printconfig ("stdout", config); +} +#endif |