Initial commitstart

1 files changed, 775 insertions, 0 deletions

diff --git a/contrib/zkt/zconf.c b/contrib/zkt/zconf.c
new file mode 100644
index 0000000..1dee484
--- /dev/null
+++ b/contrib/zkt/zconf.c
@@ -0,0 +1,775 @@
+/****************************************************************
+**
+**	@(#) zconf.c -- configuration file parser for dnssec.conf
+**
+**	Most of the code is from the SixXS Heartbeat Client
+**	written by Jeroen Massar <jeroen@sixxs.net>
+**
+**	New config types and some slightly code changes
+**	by Holger Zuleger
+**
+**	Copyright (c) Aug 2005, Jeroen Massar, Holger Zuleger.
+**	All rights reserved.
+**	
+**	This software is open source.
+**	
+**	Redistribution and use in source and binary forms, with or without
+**	modification, are permitted provided that the following conditions
+**	are met:
+**	
+**	Redistributions of source code must retain the above copyright notice,
+**	this list of conditions and the following disclaimer.
+**	
+**	Redistributions in binary form must reproduce the above copyright notice,
+**	this list of conditions and the following disclaimer in the documentation
+**	and/or other materials provided with the distribution.
+**	
+**	Neither the name of Jeroen Masar or Holger Zuleger nor the
+**	names of its contributors may be used to endorse or promote products
+**	derived from this software without specific prior written permission.
+**	
+**	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+**	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+**	TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+**	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
+**	LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+**	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+**	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+**	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+**	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+**	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+**	POSSIBILITY OF SUCH DAMAGE.
+**
+****************************************************************/
+# include <sys/types.h>
+# include <stdio.h>
+# include <errno.h>
+# include <unistd.h>
+# include <stdlib.h>
+# include <stdarg.h>
+# include <string.h>
+# include <strings.h>
+# include <assert.h>
+# include <ctype.h>
+
+#ifdef HAVE_CONFIG_H
+# include "config.h"
+#endif
+# include "config_zkt.h"
+# include "debug.h"
+# include "misc.h"
+#define extern
+# include "zconf.h"
+#undef extern
+# include "dki.h"
+
+# define	ISTRUE(val)	(strcasecmp (val, "yes") == 0 || \
+				strcasecmp (val, "true") == 0    )
+# define	ISCOMMENT(cp)	(*(cp) == '#' || *(cp) == ';' || \
+				(*(cp) == '/' && *((cp)+1) == '/') )
+# define	ISDELIM(c)	( isspace (c) || (c) == ':' || (c) == '=' )
+
+
+typedef enum {
+	CONF_END = 0,
+	CONF_STRING,
+	CONF_INT,
+	CONF_TIMEINT,
+	CONF_BOOL,
+	CONF_ALGO,
+	CONF_SERIAL,
+	CONF_FACILITY,
+	CONF_LEVEL,
+	CONF_COMMENT,
+} ctype_t;
+
+/*****************************************************************
+**	private (static) variables
+*****************************************************************/
+static	zconf_t	def = {
+	ZONEDIR, RECURSIVE, 
+	PRINTTIME, PRINTAGE, LJUST,
+	SIG_VALIDITY, MAX_TTL, KEY_TTL, PROPTIME, Incremental,
+	RESIGN_INT,
+	KSK_LIFETIME, KSK_ALGO, KSK_BITS, KSK_RANDOM,
+	ZSK_LIFETIME, ZSK_ALGO, ZSK_BITS, ZSK_RANDOM,
+	NULL, /* viewname cmdline paramter */
+	LOGFILE, LOGLEVEL, SYSLOGFACILITY, SYSLOGLEVEL, VERBOSELOG, 0,
+	DNSKEYFILE, ZONEFILE, KEYSETDIR,
+	LOOKASIDEDOMAIN,
+	SIG_RANDOM, SIG_PSEUDO, SIG_GENDS, SIG_PARAM,
+	DIST_CMD	/* deafults to NULL which means to run "rndc reload" */
+};
+
+typedef	struct {
+	char	*label;		/* the name of the paramter */
+	int	cmdline;	/* is this a command line parameter ? */
+	ctype_t	type;		/* the parameter type */
+	void	*var;		/* pointer to the parameter variable */
+} zconf_para_t;
+
+static	zconf_para_t	confpara[] = {
+	{ "",			0,	CONF_COMMENT,	""},
+	{ "",			0,	CONF_COMMENT,	"\t@(#) dnssec.conf " ZKT_VERSION },
+	{ "",			0,	CONF_COMMENT,	""},
+	{ "",			0,	CONF_COMMENT,	NULL },
+
+	{ "",			0,	CONF_COMMENT,	"dnssec-zkt options" },
+	{ "Zonedir",		0,	CONF_STRING,	&def.zonedir },
+	{ "Recursive",		0,	CONF_BOOL,	&def.recursive },
+	{ "PrintTime",		0,	CONF_BOOL,	&def.printtime },
+	{ "PrintAge",		0,	CONF_BOOL,	&def.printage },
+	{ "LeftJustify",	0,	CONF_BOOL,	&def.ljust },
+
+	{ "",			0,	CONF_COMMENT,	NULL },
+	{ "",			0,	CONF_COMMENT,	"zone specific values" },
+	{ "ResignInterval",	0,	CONF_TIMEINT,	&def.resign },
+	{ "Sigvalidity",	0,	CONF_TIMEINT,	&def.sigvalidity },
+	{ "Max_TTL",		0,	CONF_TIMEINT,	&def.max_ttl },
+	{ "Propagation",	0,	CONF_TIMEINT,	&def.proptime },
+	{ "KEY_TTL",		0,	CONF_TIMEINT,	&def.key_ttl },
+#if defined (DEF_TTL)
+	{ "def_ttl",		0,	CONF_TIMEINT,	&def.def_ttl },
+#endif
+	{ "Serialformat",	0,	CONF_SERIAL,	&def.serialform },
+
+	{ "",			0,	CONF_COMMENT,	NULL },
+	{ "",			0,	CONF_COMMENT,	"signing key parameters"},
+	{ "KSK_lifetime",	0,	CONF_TIMEINT,	&def.k_life },
+	{ "KSK_algo",		0,	CONF_ALGO,	&def.k_algo },
+	{ "KSK_bits",		0,	CONF_INT,	&def.k_bits },
+	{ "KSK_randfile",	0,	CONF_STRING,	&def.k_random },
+	{ "ZSK_lifetime",	0,	CONF_TIMEINT,	&def.z_life },
+	{ "ZSK_algo",		0,	CONF_ALGO,	&def.z_algo },
+	{ "ZSK_bits",		0,	CONF_INT,	&def.z_bits },
+	{ "ZSK_randfile",	0,	CONF_STRING,	&def.z_random },
+
+	{ "",			0,	CONF_COMMENT,	NULL },
+	{ "",			0,	CONF_COMMENT,	"dnssec-signer options"},
+	{ "--view",		1,	CONF_STRING,	&def.view },
+	{ "LogFile",		0,	CONF_STRING,	&def.logfile },
+	{ "LogLevel",		0,	CONF_LEVEL,	&def.loglevel },
+	{ "SyslogFacility",	0,	CONF_FACILITY,	&def.syslogfacility },
+	{ "SyslogLevel",	0,	CONF_LEVEL,	&def.sysloglevel },
+	{ "VerboseLog",		0,	CONF_INT,	&def.verboselog },
+	{ "-v",			1,	CONF_INT,	&def.verbosity },
+	{ "Keyfile",		0,	CONF_STRING,	&def.keyfile },
+	{ "Zonefile",		0,	CONF_STRING,	&def.zonefile },
+	{ "KeySetDir",		0,	CONF_STRING,	&def.keysetdir },
+	{ "DLV_Domain",		0,	CONF_STRING,	&def.lookaside },
+	{ "Sig_Randfile",	0,	CONF_STRING,	&def.sig_random },
+	{ "Sig_Pseudorand",	0,	CONF_BOOL,	&def.sig_pseudo },
+	{ "Sig_GenerateDS",	1,	CONF_BOOL,	&def.sig_gends },
+	{ "Sig_Parameter",	0,	CONF_STRING,	&def.sig_param },
+	{ "Distribute_Cmd",	0,	CONF_STRING,	&def.dist_cmd },
+
+	{ NULL,			0,	CONF_END,	NULL},
+};
+
+/*****************************************************************
+**	private (static) function deklaration and definition
+*****************************************************************/
+static	const char	*bool2str (int val)
+{
+	return val ? "True" : "False";
+}
+
+static	const char	*timeint2str (ulong val)
+{
+	static	char	str[20+1];
+
+	if ( val == 0 )
+		snprintf (str, sizeof (str), "%lu", val / YEARSEC);
+	else if ( val % YEARSEC == 0 )
+		snprintf (str, sizeof (str), "%luy", val / YEARSEC);
+	else if ( val % WEEKSEC == 0 )
+		snprintf (str, sizeof (str), "%luw", val / WEEKSEC);
+	else if ( val % DAYSEC == 0 )
+		snprintf (str, sizeof (str), "%lud", val / DAYSEC);
+	else if ( val % HOURSEC == 0 )
+		snprintf (str, sizeof (str), "%luh", val / HOURSEC);
+	else if ( val % MINSEC == 0 )
+		snprintf (str, sizeof (str), "%lum", val / MINSEC);
+	else
+		snprintf (str, sizeof (str), "%lus", val);
+
+	return str;
+}
+
+static	int set_varptr (char *entry, void *ptr)
+{
+	zconf_para_t	*c;
+
+	for ( c = confpara; c->label; c++ )
+		if ( strcasecmp (entry, c->label) == 0 )
+		{
+			c->var = ptr;
+			return 1;
+		}
+	return 0;
+}
+
+static	void set_all_varptr (zconf_t *cp)
+{
+	set_varptr ("zonedir", &cp->zonedir);
+	set_varptr ("recursive", &cp->recursive);
+	set_varptr ("printage", &cp->printage);
+	set_varptr ("printtime", &cp->printtime);
+	set_varptr ("leftjustify", &cp->ljust);
+
+	set_varptr ("resigninterval", &cp->resign);
+	set_varptr ("sigvalidity", &cp->sigvalidity);
+	set_varptr ("max_ttl", &cp->max_ttl);
+	set_varptr ("key_ttl", &cp->key_ttl);
+	set_varptr ("propagation", &cp->proptime);
+#if defined (DEF_TTL)
+	set_varptr ("def_ttl", &cp->def_ttl);
+#endif
+	set_varptr ("serialformat", &cp->serialform);
+
+	set_varptr ("ksk_lifetime", &cp->k_life);
+	set_varptr ("ksk_algo", &cp->k_algo);
+	set_varptr ("ksk_bits", &cp->k_bits);
+	set_varptr ("ksk_randfile", &cp->k_random);
+
+	set_varptr ("zsk_lifetime", &cp->z_life);
+	set_varptr ("zsk_algo", &cp->z_algo);
+	set_varptr ("zsk_bits", &cp->z_bits);
+	set_varptr ("zsk_randfile", &cp->z_random);
+
+	set_varptr ("--view", &cp->view);
+	set_varptr ("logfile", &cp->logfile);
+	set_varptr ("loglevel", &cp->loglevel);
+	set_varptr ("syslogfacility", &cp->syslogfacility);
+	set_varptr ("sysloglevel", &cp->sysloglevel);
+	set_varptr ("verboselog", &cp->verboselog);
+	set_varptr ("-v", &cp->verbosity);
+	set_varptr ("keyfile", &cp->keyfile);
+	set_varptr ("zonefile", &cp->zonefile);
+	set_varptr ("keysetdir", &cp->keysetdir);
+	set_varptr ("dlv_domain", &cp->lookaside);
+	set_varptr ("sig_randfile", &cp->sig_random);
+	set_varptr ("sig_pseudorand", &cp->sig_pseudo);
+	set_varptr ("sig_generateds", &cp->sig_gends);
+	set_varptr ("sig_parameter", &cp->sig_param);
+	set_varptr ("distribute_cmd", &cp->dist_cmd);
+}
+
+static	void	parseconfigline (char *buf, unsigned int line, zconf_t *z)
+{
+	char		*end, *val, *p;
+	char		*tag;
+	unsigned int	len, found;
+	zconf_para_t	*c;
+
+	p = &buf[strlen(buf)-1];        /* Chop off white space at eol */
+	while ( p >= buf && isspace (*p) )
+		*p-- = '\0';
+
+	for (p = buf; isspace (*p); p++ )	/* Ignore leading white space */
+		;
+	
+	/* Ignore comments and emtpy lines */
+	if ( *p == '\0' || ISCOMMENT (p) )
+		return;
+
+	tag = p;
+	/* Get the end of the first argument */
+	end = &buf[strlen(buf)-1];
+	while ( p < end && !ISDELIM (*p) )      /* Skip until delim */
+		p++;
+	*p++ = '\0';    /* Terminate this argument */
+	dbg_val1 ("Parsing \"%s\"\n", tag);
+
+
+	while ( p < end && ISDELIM (*p) )	/* Skip delim chars */
+		p++;
+
+	val = p;	/* Start of the value */
+	dbg_val1 ("\tgot value \"%s\"\n", val);
+
+	/* If starting with quote, skip until next quote */
+	if ( *p == '"' || *p == '\'' )
+	{
+		p++;    /* Find next quote */
+		while ( p <= end && *p && *p != *val )
+			p++;
+		*p = '\0';
+		val++;          /* Skip the first quote */
+	}
+	else    /* Otherwise check if there is any comment char at the end */
+	{
+		while ( p < end && *p && !ISCOMMENT(p) )
+			p++;
+		if ( ISCOMMENT (p) )
+		{
+			do      /* Chop off white space before comment */
+				*p-- = '\0';
+			while ( p >= val && isspace (*p) );
+		}
+	}
+
+	/* Otherwise it is already terminated above */
+
+	found = 0;
+	c = confpara;
+	while ( !found && c->type != CONF_END )
+	{
+		len = strlen (c->label);
+		if ( strcasecmp (tag, c->label) == 0 )
+		{
+			char	**str;
+			char	quantity;
+			int	ival;
+
+			found = 1;
+			switch ( c->type )
+			{
+			case CONF_LEVEL:
+			case CONF_FACILITY:
+			case CONF_STRING:
+				str = (char **)c->var;
+				*str = strdup (val);
+				str_untaint (*str);	/* remove "bad" characters */
+				break;
+			case CONF_INT:
+				sscanf (val, "%d", (int *)c->var);
+				break;
+			case CONF_TIMEINT:
+				quantity = 'd';
+				sscanf (val, "%d%c", &ival, &quantity);
+				if  ( quantity == 'm' )
+					ival *= MINSEC;
+				else if  ( quantity == 'h' )
+					ival *= HOURSEC;
+				else if  ( quantity == 'd' )
+					ival *= DAYSEC;
+				else if  ( quantity == 'w' )
+					ival *= WEEKSEC;
+				else if  ( quantity == 'y' )
+					ival *= YEARSEC;
+				(*(int *)c->var) = ival;
+				break;
+			case CONF_ALGO:
+				if ( strcasecmp (val, "rsa") == 0 || strcasecmp (val, "rsamd5") == 0 )
+					*((int *)c->var) = DK_ALGO_RSA;
+				else if ( strcasecmp (val, "dsa") == 0 )
+					*((int *)c->var) = DK_ALGO_DSA;
+				else if ( strcasecmp (val, "rsasha1") == 0 )
+					*((int *)c->var) = DK_ALGO_RSASHA1;
+				else
+					error ("Illegal algorithm \"%s\" "
+						"in line %d.\n" , val, line);
+				break;
+			case CONF_SERIAL:
+				if ( strcasecmp (val, "unixtime") == 0 )
+					*((serial_form_t *)c->var) = Unixtime;
+				else if ( strcasecmp (val, "incremental") == 0 )
+					*((serial_form_t *)c->var) = Incremental;
+				else
+					error ("Illegal serial no format \"%s\" "
+						"in line %d.\n" , val, line);
+				break;
+			case CONF_BOOL:
+				*((int *)c->var) = ISTRUE (val);
+				break;
+			default:
+				fatal ("Illegal configuration type in line %d.\n", line);
+			}
+		}
+		c++;
+	}
+	if ( !found )
+		error ("Unknown configuration statement: %s \"%s\"\n", tag, val);
+	return;
+}
+
+static	void	printconfigline (FILE *fp, zconf_para_t *cp)
+{
+	int	i;
+
+	assert (fp != NULL);
+	assert (cp != NULL);
+
+	switch ( cp->type )
+	{
+	case CONF_COMMENT:
+		if ( cp->var )
+			fprintf (fp, "#   %s\n", (char *)cp->var);
+		else
+			fprintf (fp, "\n");
+		break;
+	case CONF_LEVEL:
+	case CONF_FACILITY:
+		if ( *(char **)cp->var != NULL )
+		{
+			if ( **(char **)cp->var != '\0' )
+			{
+				char	*p;
+
+				fprintf (fp, "%s:\t", cp->label);
+				for ( p = *(char **)cp->var; *p; p++ )
+					putc (toupper (*p), fp);
+				fprintf (fp, "\n");
+			}
+			else
+				fprintf (fp, "%s:\tNONE", cp->label);
+		}
+		break;
+	case CONF_STRING:
+		if ( *(char **)cp->var )
+			fprintf (fp, "%s:\t\"%s\"\n", cp->label, *(char **)cp->var);
+		break;
+	case CONF_BOOL:
+		fprintf (fp, "%s:\t%s\n", cp->label, bool2str ( *(int*)cp->var ));
+		break;
+	case CONF_TIMEINT:
+		i = *(ulong*)cp->var;
+		fprintf (fp, "%s:\t%s", cp->label, timeint2str (i));
+		if ( i )
+			fprintf (fp, "\t# (%d seconds)", i);
+		putc ('\n', fp);
+		break;
+	case CONF_ALGO:
+		i = *(int*)cp->var;
+		fprintf (fp, "%s:\t%s", cp->label, dki_algo2str (i));
+		fprintf (fp, "\t# (Algorithm ID %d)\n", i);
+		break;
+	case CONF_SERIAL:
+		fprintf (fp, "%s:\t", cp->label);
+		if ( *(serial_form_t*)cp->var == Unixtime )
+			fprintf (fp, "unixtime\n");
+		else
+			fprintf (fp, "incremental\n");
+		break;
+	case CONF_INT:
+		fprintf (fp, "%s:\t%d\n", cp->label, *(int *)cp->var);
+		break;
+	case CONF_END:
+		/* NOTREACHED */
+		break;
+	}
+}
+
+/*****************************************************************
+**	public function definition
+*****************************************************************/
+
+/*****************************************************************
+**	loadconfig (file, conf)
+**	Loads a config file into the "conf" structure pointed to by "z".
+**	If "z" is NULL then a new conf struct will be dynamically
+**	allocated.
+**	If no filename is given the conf struct will be initialized
+**	by the builtin default config
+*****************************************************************/
+zconf_t	*loadconfig (const char *filename, zconf_t *z)
+{
+	FILE		*fp;
+	char		buf[1023+1];
+	unsigned int	line;
+
+	if ( z == NULL )	/* allocate new memory for zconf_t */
+	{
+		if ( (z = calloc (1, sizeof (zconf_t))) == NULL )
+			return NULL;
+
+		if ( filename && *filename )
+			memcpy (z, &def, sizeof (*z));	/* init new struct with defaults */
+	}
+
+	if ( filename == NULL || *filename == '\0' )	/* no file name given... */
+	{
+		dbg_val0("loadconfig (NULL)\n");
+		memcpy (z, &def, sizeof (*z));		/* ..then init with defaults */
+		return z;
+	}
+
+	dbg_val1 ("loadconfig (%s)\n", filename);
+	set_all_varptr (z);
+
+	if ( (fp = fopen(filename, "r")) == NULL )
+		fatal ("Could not open config file \"%s\"\n", filename);
+
+	line = 0;
+	while (fgets(buf, sizeof(buf), fp))
+	{
+		line++;
+
+		parseconfigline (buf, line, z);
+	}
+	fclose(fp);
+	return z;
+}
+
+# define	STRCONFIG_DELIMITER	";\r\n"
+zconf_t	*loadconfig_fromstr (const char *str, zconf_t *z)
+{
+	char		*buf;
+	char		*tok,	*toksave;
+	unsigned int	line;
+
+	if ( z == NULL )
+	{
+		if ( (z = calloc (1, sizeof (zconf_t))) == NULL )
+			return NULL;
+		memcpy (z, &def, sizeof (*z));		/* init with defaults */
+	}
+
+	if ( str == NULL || *str == '\0' )
+	{
+		dbg_val0("loadconfig_fromstr (NULL)\n");
+		memcpy (z, &def, sizeof (*z));		/* init with defaults */
+		return z;
+	}
+
+	dbg_val1 ("loadconfig_fromstr (\"%s\")\n", str);
+	set_all_varptr (z);
+
+	/* str is const, so we have to copy it into a new buffer */
+	if ( (buf = strdup (str)) == NULL )
+		fatal ("loadconfig_fromstr: Out of memory");
+
+	line = 0;
+	tok = strtok_r (buf, STRCONFIG_DELIMITER, &toksave);
+	while ( tok )
+	{
+		line++;
+		parseconfigline (tok, line, z);
+		tok = strtok_r (NULL, STRCONFIG_DELIMITER, &toksave);
+	}
+	free (buf);
+	return z;
+}
+
+/*****************************************************************
+**	dupconfig (config)
+**	duplicate config struct and return a ptr to the new struct
+*****************************************************************/
+zconf_t	*dupconfig (const zconf_t *conf)
+{
+	zconf_t	*z;
+
+	assert (conf != NULL);
+
+	if ( (z = calloc (1, sizeof (zconf_t))) == NULL )
+		return NULL;
+
+	memcpy (z, conf, sizeof (*conf));
+
+	return z;
+}
+
+/*****************************************************************
+**	setconfigpar (entry, pval)
+*****************************************************************/
+int	setconfigpar (zconf_t *config, char *entry, const void *pval)
+{
+	char	*str;
+	zconf_para_t	*c;
+
+	set_all_varptr (config);
+
+	for ( c = confpara; c->type != CONF_END; c++ )
+		if ( strcasecmp (entry, c->label) == 0 )
+		{
+			switch ( c->type )
+			{
+			case CONF_LEVEL:
+			case CONF_FACILITY:
+			case CONF_STRING:
+				if ( pval )
+				{
+					str = strdup ((char *)pval);
+					str_untaint (str);	/* remove "bad" characters */
+				}
+				else
+					str = NULL;
+				*((char **)c->var) = str;
+				break;
+			case CONF_BOOL:
+				/* fall through */
+			case CONF_ALGO:
+				/* fall through */
+			case CONF_TIMEINT:
+				/* fall through */
+			case CONF_INT:
+				*((int *)c->var) = *((int *)pval);
+				break;
+			case CONF_SERIAL:
+				*((serial_form_t *)c->var) = *((serial_form_t *)pval);
+				break;
+			case CONF_COMMENT:
+			case CONF_END:
+				/* NOTREACHED */
+				break;
+			}
+			return 1;
+		}
+	return 0;
+}
+
+/*****************************************************************
+**	printconfig (fname, config)
+*****************************************************************/
+int	printconfig (const char *fname, const zconf_t *z)
+{
+	zconf_para_t	*cp;
+	FILE	*fp;
+
+	if ( z == NULL )
+		return 0;
+
+	fp = stdout;
+	if ( fname && *fname )
+	{
+		if ( strcmp (fname, "stdout") == 0 )
+			fp = stdout;
+		else if ( strcmp (fname, "stderr") == 0 )
+			fp = stderr;
+		else if ( (fp = fopen(fname, "w")) == NULL )
+		{
+			error ("Could not open config file \"%s\" for writing\n", fname);
+			return -1;
+		}
+	}
+		
+	set_all_varptr ((zconf_t *)z);
+
+	for ( cp = confpara; cp->type != CONF_END; cp++ )	/* loop through all parameter */
+		if ( !cp->cmdline )		/* if this is not a command line parameter ? */
+			printconfigline (fp, cp);	/* print it out */
+
+	if ( fp && fp != stdout && fp != stderr )
+		fclose (fp);
+
+	return 1;
+}
+
+#if 0
+/*****************************************************************
+**	printconfigdiff (fname, conf_a, conf_b)
+*****************************************************************/
+int	printconfigdiff (const char *fname, const zconf_t *ref, const zconf_t *z)
+{
+	zconf_para_t	*cp;
+	FILE	*fp;
+
+	if ( ref == NULL || z == NULL )
+		return 0;
+
+	fp = NULL;
+	if ( fname && *fname )
+	{
+		if ( strcmp (fname, "stdout") == 0 )
+			fp = stdout;
+		else if ( strcmp (fname, "stderr") == 0 )
+			fp = stderr;
+		else if ( (fp = fopen(fname, "w")) == NULL )
+		{
+			error ("Could not open config file \"%s\" for writing\n", fname);
+			return -1;
+		}
+	}
+		
+	set_all_varptr ((zconf_t *)z);
+
+	for ( cp = confpara; cp->type != CONF_END; cp++ )	/* loop through all parameter */
+	{
+		if ( cp->cmdline )
+			continue;
+
+		
+			printconfigline (fp, cp);	/* print it out */
+	}
+
+	if ( fp && fp != stdout && fp != stderr )
+		fclose (fp);
+
+	return 1;
+}
+#endif
+
+/*****************************************************************
+**	checkconfig (config)
+*****************************************************************/
+int	checkconfig (const zconf_t *z)
+{
+	if ( z == NULL )
+		return 1;
+
+	if ( z->sigvalidity < (1 * DAYSEC) || z->sigvalidity > (12 * WEEKSEC) )
+	{
+		fprintf (stderr, "Signature should be valid for at least 1 day and no longer than 3 month (12 weeks)\n");
+		fprintf (stderr, "The current value is %s\n", timeint2str (z->sigvalidity));
+	}
+
+	if ( z->resign > (z->sigvalidity*5/6) - (z->max_ttl + z->proptime) )
+	{
+		fprintf (stderr, "Re-signing interval (%s) should be less than ", timeint2str (z->resign));
+		fprintf (stderr, "5/6 of sigvalidity\n");
+	}
+	if ( z->resign < (z->max_ttl + z->proptime) )
+	{
+		fprintf (stderr, "Re-signing interval (%s) should be ", timeint2str (z->resign));
+		fprintf (stderr, "greater than max_ttl (%d) plus ", z->max_ttl);
+		fprintf (stderr, "propagation time (%d)\n", z->proptime);
+	}
+
+	if ( z->max_ttl >= z->sigvalidity )
+		fprintf (stderr, "Max TTL (%d) should be less than signatur validity (%d)\n",
+								z->max_ttl, z->sigvalidity);
+
+	if ( z->z_life > (12 * WEEKSEC) * (z->z_bits / 512.) )
+	{
+		fprintf (stderr, "Lifetime of zone signing key (%s) ", timeint2str (z->z_life));
+		fprintf (stderr, "seems a little bit high ");
+		fprintf (stderr, "(In respect of key size (%d))\n", z->z_bits);
+	}
+
+	if ( z->k_life > 0 && z->k_life <= z->z_life )
+	{
+		fprintf (stderr, "Lifetime of key signing key (%s) ", timeint2str (z->k_life));
+		fprintf (stderr, "should be greater than lifetime of zsk\n");
+	}
+	if ( z->k_life > 0 && z->k_life > (26 * WEEKSEC) * (z->k_bits / 512.) )
+	{
+		fprintf (stderr, "Lifetime of key signing key (%s) ", timeint2str (z->k_life));
+		fprintf (stderr, "seems a little bit high ");
+		fprintf (stderr, "(In respect of key size (%d))\n", z->k_bits);
+	}
+
+	return 1;
+}
+
+#ifdef CONF_TEST
+const char *progname;
+static	zconf_t	*config;
+
+main (int argc, char *argv[])
+{
+	char	*optstr;
+	int	val;
+
+	progname = *argv;
+
+	config = loadconfig ("", (zconf_t *) NULL);	/* load built in defaults */
+
+	while ( --argc >= 1 )
+	{
+		optstr = *++argv;
+		config = loadconfig_fromstr (optstr, config);
+	}
+
+	val = 1;
+	setconfigpar (config, "-v", &val);
+	val = 2;
+	setconfigpar (config, "verboselog", &val);
+	val = 1;
+	setconfigpar (config, "recursive", &val);
+	val = 1200;
+	setconfigpar (config, "propagation", &val);
+	
+	printconfig ("stdout", config);
+}
+#endif