Commit de38f4b6 authored by Libor Peltan's avatar Libor Peltan

deleted keymgr completely

parent b11cd288
......@@ -481,24 +481,6 @@ src/utils/kdig/kdig_exec.h
src/utils/kdig/kdig_main.c
src/utils/kdig/kdig_params.c
src/utils/kdig/kdig_params.h
src/utils/keymgr/cmdparse/command.c
src/utils/keymgr/cmdparse/command.h
src/utils/keymgr/cmdparse/match.h
src/utils/keymgr/cmdparse/parameter.c
src/utils/keymgr/cmdparse/parameter.h
src/utils/keymgr/cmdparse/value.c
src/utils/keymgr/cmdparse/value.h
src/utils/keymgr/keymgr.c
src/utils/keymgr/legacy/context.c
src/utils/keymgr/legacy/context.h
src/utils/keymgr/legacy/key.c
src/utils/keymgr/legacy/key.h
src/utils/keymgr/legacy/privkey.c
src/utils/keymgr/legacy/privkey.h
src/utils/keymgr/legacy/pubkey.c
src/utils/keymgr/legacy/pubkey.h
src/utils/keymgr/options.c
src/utils/keymgr/options.h
src/utils/khost/khost_main.c
src/utils/khost/khost_params.c
src/utils/khost/khost_params.h
......
......@@ -2,7 +2,6 @@
# sphinx-build manpages
/man/kdig.1
/man/keymgr.8
/man/kkeymgr.8
/man/pykeymgr.8
/man/khost.1
......
MANPAGES_IN = man/knot.conf.5in man/knotc.8in man/knotd.8in man/kdig.1in man/khost.1in man/kjournalprint.1in man/knsupdate.1in man/knot1to2.1in man/knsec3hash.1in man/keymgr.8in man/kkeymgr.8in man/pykeymgr.8in man/kzonecheck.1in
MANPAGES_RST = reference.rst man_knotc.rst man_knotd.rst man_kdig.rst man_khost.rst man_kjournalprint.rst man_knsupdate.rst man_knot1to2.rst man_knsec3hash.rst man_keymgr.rst man_kkeymgr.rst man_pykeymgr.rst man_kzonecheck.rst
MANPAGES_IN = man/knot.conf.5in man/knotc.8in man/knotd.8in man/kdig.1in man/khost.1in man/kjournalprint.1in man/knsupdate.1in man/knot1to2.1in man/knsec3hash.1in man/kkeymgr.8in man/pykeymgr.8in man/kzonecheck.1in
MANPAGES_RST = reference.rst man_knotc.rst man_knotd.rst man_kdig.rst man_khost.rst man_kjournalprint.rst man_knsupdate.rst man_knot1to2.rst man_knsec3hash.rst man_kkeymgr.rst man_pykeymgr.rst man_kzonecheck.rst
EXTRA_DIST = \
conf.py \
......@@ -62,7 +62,7 @@ man_MANS += man/knot.conf.5 man/knotc.8 man/knotd.8
endif # HAVE_DAEMON
if HAVE_UTILS
man_MANS += man/kdig.1 man/khost.1 man/kjournalprint.1 man/knsupdate.1 man/knot1to2.1 man/knsec3hash.1 man/keymgr.8 man/kkeymgr.8 man/pykeymgr.8 man/kzonecheck.1
man_MANS += man/kdig.1 man/khost.1 man/kjournalprint.1 man/knsupdate.1 man/knot1to2.1 man/knsec3hash.1 man/kkeymgr.8 man/pykeymgr.8 man/kzonecheck.1
endif # HAVE_UTILS
man/knot.conf.5: man/knot.conf.5in
......@@ -74,7 +74,6 @@ man/kjournalprint.1: man/kjournalprint.1in
man/knsupdate.1: man/knsupdate.1in
man/knot1to2.1: man/knot1to2.1in
man/knsec3hash.1: man/knsec3hash.1in
man/keymgr.8: man/keymgr.8in
man/kkeymgr.8: man/kkeymgr.8in
man/pykeymgr.8: man/pykeymgr.8in
man/kzonecheck.1: man/kzonecheck.1in
......
......@@ -220,7 +220,6 @@ latex_domain_indices = False
man_pages = [
('reference', 'knot.conf', 'Knot DNS configuration file', author, 5),
('man_kdig', 'kdig', 'Advanced DNS lookup utility', author, 1),
('man_keymgr', 'keymgr', ' DNSSEC key management utility', author, 8),
('man_kkeymgr', 'kkeymgr', ' DNSSEC key management utility', author, 8),
('man_pykeymgr', 'pykeymgr', ' DNSSEC key management utility', author, 8),
('man_khost', 'khost', 'Simple DNS lookup utility', author, 1),
......
This diff is collapsed.
This diff is collapsed.
......@@ -11,7 +11,6 @@ the server. This section collects manual pages for all provided binaries:
:titlesonly:
man_kdig
man_keymgr
man_kkeymgr
man_pykeymgr
man_khost
......
......@@ -416,7 +416,7 @@ libknotd_la_LIBADD = libknot.la libknot-yparser.la zscanner/libzscanner.la $(lib
if HAVE_DAEMON
sbin_PROGRAMS = keymgr knotc knotd
sbin_PROGRAMS = knotc knotd
libexec_PROGRAMS = knot1to2
noinst_LTLIBRARIES += libknotd.la libknotus.la
......@@ -424,26 +424,6 @@ EXTRA_DIST += \
utils/knot1to2/cf-lex.l \
utils/knot1to2/cf-parse.y
keymgr_SOURCES = \
utils/keymgr/cmdparse/command.c \
utils/keymgr/cmdparse/command.h \
utils/keymgr/cmdparse/match.h \
utils/keymgr/cmdparse/parameter.c \
utils/keymgr/cmdparse/parameter.h \
utils/keymgr/cmdparse/value.c \
utils/keymgr/cmdparse/value.h \
utils/keymgr/legacy/context.c \
utils/keymgr/legacy/context.h \
utils/keymgr/legacy/key.c \
utils/keymgr/legacy/key.h \
utils/keymgr/legacy/privkey.c \
utils/keymgr/legacy/privkey.h \
utils/keymgr/legacy/pubkey.c \
utils/keymgr/legacy/pubkey.h \
utils/keymgr/options.c \
utils/keymgr/options.h \
utils/keymgr/keymgr.c
knotc_SOURCES = \
utils/knotc/commands.c \
utils/knotc/commands.h \
......@@ -469,9 +449,6 @@ knot1to2_SOURCES = \
utils/knot1to2/main.c \
utils/knot1to2/scheme.h
keymgr_CPPFLAGS = $(AM_CPPFLAGS) -I$(srcdir)/dnssec/lib/dnssec -I$(srcdir)/dnssec $(gnutls_CFLAGS)
keymgr_LDADD = libknotd.la libknotus.la dnssec/libdnssec.la dnssec/libshared.la \
zscanner/libzscanner.la $(gnutls_LIBS)
knotd_CPPFLAGS = $(AM_CPPFLAGS) $(liburcu_CFLAGS)
knotd_LDADD = libknotd.la libcontrib.la $(liburcu_LIBS)
knotc_CPPFLAGS = $(AM_CPPFLAGS) $(libedit_CFLAGS)
......
/* Copyright (C) 2016 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "shared/print.h"
#include "utils/keymgr/cmdparse/command.h"
#include "utils/keymgr/cmdparse/match.h"
#include <assert.h>
#include <string.h>
#define HELP_COMMAND "help"
/*!
* Print list of available commands.
*/
static void command_help(const command_t *commands, bool legacy)
{
fprintf(stderr, "Available commands:\n");
for (const command_t *cmd = commands; cmd->name != NULL; cmd++) {
if (!legacy && (cmd->flags & LEGACY)) {
continue;
}
fprintf(stderr, "- %s\n", cmd->name);
}
}
/*!
* Execute a subcommand.
*/
int subcommand(const command_t *commands, bool legacy, int argc, char *argv[])
{
assert(commands);
assert(argv);
if (argc <= 0 || argv[0][0] == '\0') {
error("No command specified.");
return 1;
}
char *search = argv[0];
const command_t *match = NULL;
if (strcmp(search, HELP_COMMAND) == 0) {
command_help(commands, legacy);
return 0;
}
for (const command_t *cmd = commands; cmd->name != NULL; cmd++) {
if (!legacy && (cmd->flags & LEGACY)) {
continue;
}
cmd_match_t m = cmd_match(cmd->name, search);
if (m == CMD_MATCH_NO) {
continue;
}
if (m == CMD_MATCH_EXACT) {
match = cmd;
break;
}
assert(m == CMD_MATCH_PREFIX);
if (match) {
error("Ambiguous command ('%s' or '%s').",
match->name, cmd->name);
return 1;
}
match = cmd;
}
if (!match) {
error("Unknown command.");
return 1;
}
assert(match->process);
return match->process(argc - 1, argv + 1);
}
/* Copyright (C) 2016 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include <stdbool.h>
typedef int (*command_cb)(int argc, char *argv[]);
enum command_flag {
NONE = 0,
LEGACY
};
struct command {
char *name;
command_cb process;
enum command_flag flags;
};
typedef struct command command_t;
int subcommand(const command_t *commands, bool legacy, int argc, char *argv[]);
/* Copyright (C) 2014 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include <string.h>
enum cmd_match {
CMD_MATCH_NO = 0,
CMD_MATCH_PREFIX,
CMD_MATCH_EXACT,
};
typedef enum cmd_match cmd_match_t;
/*!
* Try to match a command name or it's prefix.
*/
static inline cmd_match_t cmd_match(const char *cmd, const char *search)
{
size_t cmd_len = strlen(cmd);
size_t search_len = strlen(search);
if (search_len > cmd_len || strncmp(search, cmd, search_len) != 0) {
return CMD_MATCH_NO;
}
return search_len < cmd_len ? CMD_MATCH_PREFIX : CMD_MATCH_EXACT;
}
/* Copyright (C) 2014 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "shared/print.h"
#include "utils/keymgr/cmdparse/match.h"
#include "utils/keymgr/cmdparse/parameter.h"
#include <assert.h>
static const parameter_t *param_match(const parameter_t *params, const char *search)
{
const parameter_t *match = NULL;
for (const parameter_t *p = params; p->name; p++) {
cmd_match_t m = cmd_match(p->name, search);
if (m == CMD_MATCH_NO) {
continue;
}
if (m == CMD_MATCH_EXACT) {
match = p;
break;
}
assert(m == CMD_MATCH_PREFIX);
if (p->req_full_match) {
continue;
}
if (match) {
error("Ambiguous parameter '%s' ('%s' or '%s').",
search, match->name, p->name);
return NULL;
}
match = p;
}
if (!match) {
error("Invalid parameter '%s'.", search);
return NULL;
}
return match;
}
int parse_parameters(const parameter_t *params, int argc, char *argv[], void *data)
{
assert(params);
assert(argv);
while (argc > 0) {
char *search = argv[0];
const parameter_t *match = param_match(params, search);
if (!match) {
// error printed
return 1;
}
assert(match->process);
int eaten = match->process(argc - 1, argv + 1, match, data);
if (eaten < 0) {
return -eaten;
}
argc -= (eaten + 1);
argv += (eaten + 1);
}
return 0;
}
/* Copyright (C) 2014 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#pragma once
#include <stdbool.h>
#include <stdlib.h>
struct parameter;
typedef struct parameter parameter_t;
typedef int (*parameter_cb)(int argc, char *argv[],
const parameter_t *parameter, void *data);
struct parameter {
char *name;
parameter_cb process;
bool req_full_match;
char *hint;
size_t offset;
};
int parse_parameters(const parameter_t *params, int argc, char *argv[], void *data);
/* Copyright (C) 2016 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "dnssec/key.h"
#include "dnssec/tsig.h"
#include "shared/print.h"
#include "utils/keymgr/cmdparse/value.h"
#include <assert.h>
#include <ctype.h>
#include <errno.h>
#include <inttypes.h>
#include <stdbool.h>
#include <stdint.h>
#include <string.h>
#include <time.h>
static void error_missing_option(const parameter_t *p)
{
error("Missing value for option '%s'.", p->name);
}
static void error_invalid_value(const parameter_t *p, const char *value)
{
error("Invalid value '%s' for option '%s'.", value, p->name);
}
int value_flag(int argc, char *argv[], const parameter_t *p, void *data)
{
assert(p);
assert(data);
bool *flag = data + p->offset;
*flag = true;
return 0;
}
int value_bool(int argc, char *argv[], const parameter_t *p, void *data)
{
assert(p);
assert(data);
if (argc < 1) {
error_missing_option(p);
return -1;
}
bool *value = data + p->offset;
char *input = argv[0];
struct value_name {
char *value;
bool flag;
};
static const struct value_name VALUE_NAMES[] = {
{ "true", true }, { "false", false },
{ "yes", true }, { "no", false },
{ "on", true }, { "off", false },
{ "t", true }, { "f", false },
{ "y", true }, { "n", false },
{ NULL }
};
for (const struct value_name *v = VALUE_NAMES; v->value; v++) {
if (strcasecmp(v->value, input) == 0) {
*value = v->flag;
return 1;
}
}
error_invalid_value(p, input);
return -1;
}
int value_string(int argc, char *argv[], const parameter_t *p, void *data)
{
assert(p);
assert(data);
if (argc < 1) {
error_missing_option(p);
return -1;
}
char *copy = strdup(argv[0]);
if (!copy) {
error("Allocation failed for '%s'.", p->name);
return -1;
}
char **string = data + p->offset;
free(*string);
*string = copy;
return 1;
}
int value_static_string(int argc, char *argv[], const parameter_t *p, void *data)
{
assert(p);
assert(data);
if (argc < 1) {
error_missing_option(p);
return -1;
}
char **string = data + p->offset;
*string = argv[0];
return 1;
}
/*!
* Skip non-alphanumerc characters and convert to lower case.
*/
static void simplify_algorithm_name(char *name)
{
size_t len = strlen(name);
int ri, wi;
for (ri = 0, wi = 0; ri < len; ri++) {
int c = name[ri];
if (isalnum(c)) {
name[wi] = tolower(c);
wi += 1;
}
}
name[wi] = '\0';
}
int value_algorithm(int argc, char *argv[], const parameter_t *p, void *data)
{
assert(p);
assert(data);
if (argc < 1) {
error_missing_option(p);
return -1;
}
dnssec_key_algorithm_t *algorithm = data + p->offset;
char *input = argv[0];
// numeric value
errno = 0;
char *end = NULL;
long value = strtol(input, &end, 10);
if (*end == '\0' && errno == 0) {
if (value <= 0 || UINT8_MAX < value) {
error("Invalid algorithm number.");
return -1;
}
*algorithm = value;
return 1;
}
// name (IANA mnemonics, simplified)
struct lookup {
const char *name;
dnssec_key_algorithm_t algorithm;
};
static const struct lookup mnemonics[] = {
{ "dsa", DNSSEC_KEY_ALGORITHM_DSA_SHA1 },
{ "rsasha1", DNSSEC_KEY_ALGORITHM_RSA_SHA1 },
{ "dsansec3sha1", DNSSEC_KEY_ALGORITHM_DSA_SHA1_NSEC3 },
{ "rsasha1nsec3sha1", DNSSEC_KEY_ALGORITHM_RSA_SHA1_NSEC3 },
{ "rsasha256", DNSSEC_KEY_ALGORITHM_RSA_SHA256 },
{ "rsasha512", DNSSEC_KEY_ALGORITHM_RSA_SHA512 },
{ "ecdsap256sha256", DNSSEC_KEY_ALGORITHM_ECDSA_P256_SHA256 },
{ "ecdsap384sha384", DNSSEC_KEY_ALGORITHM_ECDSA_P384_SHA384 },
{ NULL }
};
simplify_algorithm_name(input);
for (const struct lookup *m = mnemonics; m->name; m++) {
if (strcmp(input, m->name) == 0) {
*algorithm = m->algorithm;
return 1;
}
}
error("Invalid value for '%s'. Use number or IANA mnemonic.", p->name);
return -1;
}
int value_tsig_algorithm(int argc, char *argv[], const parameter_t *p, void *data)
{
assert(p);
assert(data);
if (argc < 1) {
error_missing_option(p);
return -1;
}
dnssec_tsig_algorithm_t *algorithm = data + p->offset;
char *input = argv[0];
dnssec_tsig_algorithm_t match = dnssec_tsig_algorithm_from_name(input);
if (match == DNSSEC_TSIG_UNKNOWN) {
error("Invalid value for '%s'.", p->name);
return -1;
}
*algorithm = match;
return 1;
}
int value_key_size(int argc, char *argv[], const parameter_t *p, void *data)
{
assert(p);
assert(data);
if (argc < 1) {
error_missing_option(p);
return -1;
}
uint16_t *key_size = data + p->offset;
char *input = argv[0];
errno = 0;
char *end = NULL;
unsigned long value = strtoul(input, &end, 10);
if (*end != '\0' || errno != 0 || value > UINT16_MAX) {
error("Invalid key size.");
return -1;
}
*key_size = value;
return 1;
}
static int value_uint(int argc, char *argv[], const parameter_t *p,
uintmax_t max, uintmax_t *value_ptr)
{
assert(p);
assert(value_ptr);
if (argc < 1) {
error_missing_option(p);
return -1;
}
char *input = argv[0];
errno = 0;
char *end = NULL;
uintmax_t value = strtoumax(input, &end, 10);
if (*end != '\0' || errno != 0) {
error_invalid_value(p, input);
return -1;
}
if (value > max) {
error_invalid_value(p, input);
return -1;
}
*value_ptr = value;
return 1;
}
#define VALUE_UINT(argc, argv, p, data, type, max) ({ \
uintmax_t value = 0; \
int r = value_uint((argc), (argv), (p), (max), &value); \
if (r >= 0) { \
assert(value <= (max)); \
*(type *)((data) + (p)->offset) = value; \
} \
r; \
})
int value_uint8(int argc, char *argv[], const parameter_t *p, void *data)
{
return VALUE_UINT(argc, argv, p, data, uint8_t, UINT8_MAX);
}
int value_uint16(int argc, char *argv[], const parameter_t *p, void *data)
{
return VALUE_UINT(argc, argv, p, data, uint16_t, UINT16_MAX);
}
int value_uint32(int argc, char *argv[], const parameter_t *p, void *data)
{