OpenDNSSEC-enforcer  2.0.3
keystate_ds.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2014 Stichting NLnet Labs
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  * notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  * notice, this list of conditions and the following disclaimer in the
12  * documentation and/or other materials provided with the distribution.
13  *
14  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
15  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
16  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
17  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
18  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
19  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
20  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
21  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
22  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
23  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
24  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
25  *
26  */
27 
28 #include "config.h"
29 
30 #include <sys/stat.h>
31 
32 #include "daemon/cmdhandler.h"
33 #include "daemon/engine.h"
34 #include "enforcer/enforce_task.h"
35 #include "file.h"
36 #include "log.h"
37 #include "str.h"
38 #include "clientpipe.h"
39 #include "duration.h"
40 #include "db/key_data.h"
41 #include "db/zone.h"
42 #include "db/db_error.h"
43 #include "db/hsm_key.h"
44 #include "libhsm.h"
45 #include "libhsmdns.h"
46 
47 #include "keystate/keystate_ds.h"
48 
49 static const char *module_str = "keystate_ds_x_cmd";
50 
57 static ldns_rr *
58 get_dnskey(const char *id, const char *zone, int alg, uint32_t ttl)
59 {
60  libhsm_key_t *key;
61  hsm_sign_params_t *sign_params;
62  ldns_rr *dnskey_rr;
63  /* Code to output the DNSKEY record (stolen from hsmutil) */
64  hsm_ctx_t *hsm_ctx = hsm_create_context();
65  if (!hsm_ctx) {
66  ods_log_error("[%s] Could not connect to HSM", module_str);
67  return NULL;
68  }
69  if (!(key = hsm_find_key_by_id(hsm_ctx, id))) {
70  hsm_destroy_context(hsm_ctx);
71  return NULL;
72  }
73 
74  /* Sign params only need to be kept around
75  * for the hsm_get_dnskey() call. */
76  sign_params = hsm_sign_params_new();
77  sign_params->owner = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, zone);
78  sign_params->algorithm = (ldns_algorithm) alg;
79  sign_params->flags = LDNS_KEY_ZONE_KEY | LDNS_KEY_SEP_KEY;
80 
81  /* Get the DNSKEY record */
82  dnskey_rr = hsm_get_dnskey(hsm_ctx, key, sign_params);
83 
84  free(key);
85  hsm_sign_params_free(sign_params);
86  hsm_destroy_context(hsm_ctx);
87 
88  /* Override the TTL in the dnskey rr */
89  if (ttl) ldns_rr_set_ttl(dnskey_rr, ttl);
90 
91  return dnskey_rr;
92 }
93 
95 static int
96 exec_dnskey_by_id(int sockfd, key_data_t *key, const char* ds_command,
97  const char* action)
98 {
99  ldns_rr *dnskey_rr;
100  int ttl = 0, status, i;
101  const char *locator;
102  char *rrstr, *chrptr;
103  zone_t* zone;
104  struct stat stat_ret;
105  int cka = 0;
106  char *pos = NULL;
107 
108  assert(key);
109 
110  zone = key_data_get_zone(key);
111  if(key_data_cache_hsm_key(key) != DB_OK) {
112  ods_log_error_and_printf(sockfd, module_str,
113  "Error fetching from database");
114  zone_free(zone);
115  return 1;
116  }
117  locator = hsm_key_locator(key_data_hsm_key(key));
118  if (!locator) {
119  zone_free(zone);
120  return 1;
121  }
122  /* This fetches the states from the DB, I'm only assuming they get
123  * cleaned up when 'key' is cleaned(?) */
124  if (key_data_cache_key_states(key) != DB_OK) {
125  zone_free(zone);
126  return 1;
127  }
128 
130 
131  dnskey_rr = get_dnskey(locator, zone_name(zone), key_data_algorithm(key), ttl);
132  zone_free(zone);
133  if (!dnskey_rr) return 2;
134 
135  rrstr = ldns_rr2str(dnskey_rr);
136 
137  /* Replace tab with white-space */
138  for (i = 0; rrstr[i]; ++i) {
139  if (rrstr[i] == '\t') rrstr[i] = ' ';
140  }
141 
142  /* We need to strip off trailing comments before we send
143  to any clients that might be listening */
144  if ((chrptr = strchr(rrstr, ';'))) {
145  chrptr[0] = '\n';
146  chrptr[1] = '\0';
147  }
148 
149  if (!ds_command || ds_command[0] == '\0') {
150  ods_log_error_and_printf(sockfd, module_str,
151  "No \"DelegationSigner%sCommand\" "
152  "configured.", action);
153  status = 1;
154  } else {
155  pos = strstr(ds_command, " --cka_id");
156  if (pos){
157  cka = 1;
158  *pos = '\0';
159  rrstr[strlen(rrstr)-1] = '\0';
160  pos = NULL;
161  }
162 
163  if (stat(ds_command, &stat_ret) != 0) {
164  ods_log_error_and_printf(sockfd, module_str,
165  "Cannot stat file %s: %s", ds_command,
166  strerror(errno));
167  status = 2;
168  } else if (S_ISREG(stat_ret.st_mode) &&
169  !(stat_ret.st_mode & S_IXUSR ||
170  stat_ret.st_mode & S_IXGRP ||
171  stat_ret.st_mode & S_IXOTH)) {
172  /* Then see if it is a regular file, then if usr, grp or
173  * all have execute set */
174  status = 3;
175  ods_log_error_and_printf(sockfd, module_str,
176  "File %s is not executable", ds_command);
177  } else {
178  /* send records to the configured command */
179  FILE *fp = popen(ds_command, "w");
180  if (fp == NULL) {
181  status = 4;
182  ods_log_error_and_printf(sockfd, module_str,
183  "failed to run command: %s: %s",ds_command,
184  strerror(errno));
185  } else {
186  int bytes_written;
187  if (cka)
188  bytes_written = fprintf(fp, "%s; {cka_id = %s}\n", rrstr, locator);
189  else
190  bytes_written = fprintf(fp, "%s", rrstr);
191  if (bytes_written < 0) {
192  status = 5;
193  ods_log_error_and_printf(sockfd, module_str,
194  "[%s] Failed to write to %s: %s", ds_command,
195  strerror(errno));
196  } else if (pclose(fp) == -1) {
197  status = 6;
198  ods_log_error_and_printf(sockfd, module_str,
199  "failed to close %s: %s", ds_command,
200  strerror(errno));
201  } else {
202  client_printf(sockfd, "key %sed to %s\n",
203  action, ds_command);
204  status = 0;
205  }
206  }
207  }
208  }
209  LDNS_FREE(rrstr);
210  ldns_rr_free(dnskey_rr);
211  return status;
212 }
213 
214 static int
215 submit_dnskey_by_id(int sockfd, key_data_t *key, engine_type* engine)
216 {
217  const char* ds_submit_command;
218  ds_submit_command = engine->config->delegation_signer_submit_command;
219  return exec_dnskey_by_id(sockfd, key, ds_submit_command, "submit");
220 }
221 
222 static int
223 retract_dnskey_by_id(int sockfd, key_data_t *key, engine_type* engine)
224 {
225  const char* ds_retract_command;
226  ds_retract_command = engine->config->delegation_signer_retract_command;
227  return exec_dnskey_by_id(sockfd, key, ds_retract_command, "retract");
228 }
229 
230 static int
231 ds_list_keys(db_connection_t *dbconn, int sockfd,
233 {
234  const char *fmth = "%-31s %-13s %-13s %-40s\n";
235  const char *fmtl = "%-31s %-13s %-13u %-40s\n";
236 
237  key_data_list_t *key_list;
238  const key_data_t *key;
239  zone_t *zone = NULL;
240  hsm_key_t* hsmkey = NULL;
241  db_clause_list_t* clause_list;
242  db_clause_t* clause;
243 
244  if (!(key_list = key_data_list_new(dbconn))
245  || !(clause_list = db_clause_list_new()))
246  {
247  key_data_list_free(key_list);
248  return 10;
249  }
250  if (!(clause = key_data_role_clause(clause_list, KEY_DATA_ROLE_ZSK))
252  || !(clause = key_data_ds_at_parent_clause(clause_list, state))
254  {
255  key_data_list_free(key_list);
256  db_clause_list_free(clause_list);
257  return 11;
258  }
259  if (key_data_list_get_by_clauses(key_list, clause_list)) {
260  key_data_list_free(key_list);
261  db_clause_list_free(clause_list);
262  return 12;
263  }
264  db_clause_list_free(clause_list);
265 
266  client_printf(sockfd, fmth, "Zone:", "Key role:", "Keytag:", "Id:");
267 
268  for (key = key_data_list_next(key_list); key;
269  key = key_data_list_next(key_list))
270  {
271  zone = key_data_get_zone(key);
272  hsmkey = key_data_get_hsm_key(key);
273  client_printf(sockfd, fmtl,
274  (zone ? zone_name(zone) : "NOT_FOUND"),
276  (hsmkey ? hsm_key_locator(hsmkey) : "NOT_FOUND")
277  );
278  zone_free(zone);
279  hsm_key_free(hsmkey);
280  }
281  key_data_list_free(key_list);
282  return 0;
283 }
284 
285 static int
286 push_clauses(db_clause_list_t *clause_list, zone_t *zone,
287  key_data_ds_at_parent_t state_from, const hsm_key_t* hsmkey, int keytag)
288 {
289  db_clause_t* clause;
290 
291  if (!key_data_zone_id_clause(clause_list, zone_id(zone)))
292  return 1;
293  if (!(clause = key_data_role_clause(clause_list, KEY_DATA_ROLE_ZSK)) ||
295  return 1;
296  if (!key_data_ds_at_parent_clause(clause_list, state_from))
297  return 1;
298  /* filter in id and or keytag conditionally. */
299  if (hsmkey) {
300  if (hsmkey && !key_data_hsm_key_id_clause(clause_list, hsm_key_id(hsmkey)))
301  return 1;
302  } else {
303  if (keytag < 0 || !key_data_keytag_clause(clause_list, keytag))
304  return 1;
305  }
306  return 0;
307 }
308 
310 static int
311 ds_changed(key_data_t *key)
312 {
313  key_state_list_t* keystatelist;
314  key_state_t* keystate;
315 
316  if(key_data_retrieve_key_state_list(key)) return 1;
317  keystatelist = key_data_key_state_list(key);
318  keystate = key_state_list_get_begin(keystatelist);
319  if (!keystate) return 1;
320 
321  while (keystate) {
322  key_state_t* keystate_next;
323  if (keystate->type == KEY_STATE_TYPE_DS) {
324  keystate->last_change = time_now();
325  if(key_state_update(keystate)) {
326  key_state_free(keystate);
327  return 1;
328  }
329  key_state_free(keystate);
330  return 0;
331  }
332  keystate_next = key_state_list_get_next(keystatelist);
333  key_state_free(keystate);
334  keystate = keystate_next;
335  }
336  return 1;
337 }
338 
339 /* Change DS state, when zonename not given do it for all zones!
340  */
341 int
343  const char *zonename, const hsm_key_t* hsmkey, int keytag,
345  engine_type *engine)
346 {
347  key_data_list_t *key_list = NULL;
348  key_data_t *key;
349  zone_t *zone = NULL;
350  int status = 0, key_match = 0, key_mod = 0;
351  db_clause_list_t* clause_list = NULL;
352  db_clause_t* clause = NULL;
353 
354  if (zonename) {
355  if (!(key_list = key_data_list_new(dbconn)) ||
356  !(clause_list = db_clause_list_new()) ||
357  !(zone = zone_new_get_by_name(dbconn, zonename)) ||
358  push_clauses(clause_list, zone, state_from, hsmkey, keytag) ||
359  key_data_list_get_by_clauses(key_list, clause_list))
360  {
361  key_data_list_free(key_list);
362  db_clause_list_free(clause_list);
363  zone_free(zone);
364  client_printf_err(sockfd, "Could not find ksk for zone %s, "
365  "does zone exist?\n", zonename);
366  ods_log_error("[%s] Error fetching from database", module_str);
367  return 10;
368  }
369  db_clause_list_free(clause_list);
370  } else {
371  /* Select all KSKs */
372  if (!(clause_list = db_clause_list_new()) ||
373  !key_data_ds_at_parent_clause(clause_list, state_from) ||
374  !(clause = key_data_role_clause(clause_list, KEY_DATA_ROLE_ZSK)) ||
376  !(key_list = key_data_list_new_get_by_clauses(dbconn, clause_list)))
377  {
378  key_data_list_free(key_list);
379  db_clause_list_free(clause_list);
380  ods_log_error("[%s] Error fetching from database", module_str);
381  return 14;
382  }
383  db_clause_list_free(clause_list);
384  }
385  while ((key = key_data_list_get_next(key_list))) {
386  key_match++;
387  /* if from is submit also exec dsSubmit command? */
388  if (state_from == KEY_DATA_DS_AT_PARENT_SUBMIT &&
390  {
391  (void)submit_dnskey_by_id(sockfd, key, engine);
392  } else if (state_from == KEY_DATA_DS_AT_PARENT_RETRACT &&
394  {
395  (void)retract_dnskey_by_id(sockfd, key, engine);
396  }
397 
398  if (key_data_set_ds_at_parent(key, state_to) ||
399  key_data_update(key) || ds_changed(key) )
400  {
401  key_data_free(key);
402  ods_log_error("[%s] Error writing to database", module_str);
403  client_printf(sockfd, "[%s] Error writing to database", module_str);
404  status = 12;
405  break;
406  }
407  key_mod++;
408  key_data_free(key);
409  }
410  key_data_list_free(key_list);
411 
412  client_printf(sockfd, "%d KSK matches found.\n", key_match);
413  if (!key_match) status = 11;
414  client_printf(sockfd, "%d KSKs changed.\n", key_mod);
415  if (zone) {
416  zone->next_change = 0; /* asap */
417  (void)zone_update(zone);
418  }
419  zone_free(zone);
420  return status;
421 }
422 
423 static int
424 get_args(int sockfd, const char *cmd, ssize_t n, const char **zone,
425  const char **cka_id, int *keytag, int *all, char *buf)
426 {
427 
428  #define NARGV 6
429  const char *argv[NARGV], *tag;
430  int argc;
431  (void)n;
432 
433  *keytag = -1;
434  *zone = NULL;
435  *cka_id = NULL;
436  tag = NULL;
437 
438  strncpy(buf, cmd, ODS_SE_MAXLINE);
439  argc = ods_str_explode(buf, NARGV, argv);
440  buf[sizeof(buf)-1] = '\0';
441  if (argc > NARGV) {
442  ods_log_warning("[%s] too many arguments for %s command",
443  module_str, cmd);
444  client_printf_err(sockfd, "too many arguments for %s command\n",
445  cmd);
446  client_printf_err(sockfd, "expected --zone and either --cka_id or "
447  "--keytag option.\n");
448  return 1;
449  }
450 
451  (void)ods_find_arg_and_param(&argc, argv, "zone", "z", zone);
452  (void)ods_find_arg_and_param(&argc, argv, "cka_id", "k", cka_id);
453  (void)ods_find_arg_and_param(&argc, argv, "keytag", "x", &tag);
454  *all = ods_find_arg(&argc, argv, "all", "a") > -1 ? 1 : 0;
455 
456  if (argc > 2) {
457  client_printf_err(sockfd, "Unknown arguments\n");
458  return 1;
459  }
460 
461  if (tag) {
462  *keytag = atoi(tag);
463  if (*keytag < 0 || *keytag >= 65536) {
464  ods_log_warning("[%s] value \"%d\" for --keytag is invalid",
465  module_str, *keytag);
466  client_printf(sockfd, "value \"%d\" for --keytag is invalid\n",
467  *keytag);
468 
469  return 1;
470  }
471  }
472  return 0;
473 }
474 
475 int
476 run_ds_cmd(int sockfd, const char *cmd, ssize_t n,
477  db_connection_t *dbconn, key_data_ds_at_parent_t state_from,
478  key_data_ds_at_parent_t state_to, engine_type *engine)
479 {
480  const char *zonename, *cka_id;
481  int keytag;
482  hsm_key_t* hsmkey = NULL;
483  int ret;
484  char buf[ODS_SE_MAXLINE];
485  zone_t* zone = NULL;
486  int all;
487 
488  if (get_args(sockfd, cmd, n, &zonename, &cka_id, &keytag, &all, buf)) {
489  return -1;
490  }
491 
492  if (!all && !zonename && !cka_id && keytag == -1) {
493  return ds_list_keys(dbconn, sockfd, state_from);
494  }
495 
496  if (all && zonename) {
497  ods_log_warning ("[%s] Error: Unable to use --zone and --all together", module_str);
498  client_printf_err(sockfd, "Error: Unable to use --zone and --all together\n");
499  return -1;
500  }
501 
502  if (zonename && (!(zone = zone_new(dbconn)) || zone_get_by_name(zone, zonename))) {
503  ods_log_warning ("[%s] Error: Unable to find a zone named \"%s\" in database\n", module_str, zonename);
504  client_printf_err(sockfd, "Error: Unable to find a zone named \"%s\" in database\n", zonename);
505  zone_free(zone);
506  zone = NULL;
507  return -1;
508  }
509  zone_free(zone);
510  zone = NULL;
511  if (!zonename && (keytag != -1 || cka_id)) {
512  ods_log_warning ("[%s] Error: expected --zone <zone>", module_str);
513  client_printf_err(sockfd, "Error: expected --zone <zone>\n");
514  return -1;
515  }
516 
517  if (!(zonename && ((cka_id && keytag == -1) || (!cka_id && keytag != -1))) && !all)
518  {
519  ods_log_warning("[%s] expected --zone and either --cka_id or "
520  "--keytag option or expected --all", module_str);
521  client_printf_err(sockfd, "expected --zone and either --cka_id or "
522  "--keytag option or expected --all.\n");
523  return -1;
524  }
525 
526  if (cka_id) {
527  if (!(hsmkey = hsm_key_new_get_by_locator(dbconn, cka_id))) {
528  client_printf_err(sockfd, "CKA_ID %s can not be found!\n", cka_id);
529  }
530  }
531  ret = change_keys_from_to(dbconn, sockfd, zonename, hsmkey, keytag,
532  state_from, state_to, engine);
533  hsm_key_free(hsmkey);
534  return ret;
535 }
const char * key_data_role_text(const key_data_t *key_data)
Definition: key_data.c:711
const char * delegation_signer_submit_command
Definition: cfg.h:61
hsm_key_t * key_data_get_hsm_key(const key_data_t *key_data)
Definition: key_data.c:649
int next_change
Definition: zone.h:56
db_clause_list_t * db_clause_list_new(void)
Definition: db_clause.c:202
db_clause_t * key_data_keytag_clause(db_clause_list_t *clause_list, unsigned int keytag)
Definition: key_data.c:1072
int key_data_list_get_by_clauses(key_data_list_t *key_data_list, const db_clause_list_t *clause_list)
Definition: key_data.c:2119
int zone_update(zone_t *zone)
Definition: zone.c:1589
key_state_t * key_state_list_get_next(key_state_list_t *key_state_list)
Definition: key_state.c:1398
key_state_list_t * key_data_key_state_list(key_data_t *key_data)
Definition: key_data.c:783
int db_clause_set_type(db_clause_t *clause, db_clause_type_t type)
Definition: db_clause.c:130
enum key_data_ds_at_parent key_data_ds_at_parent_t
int zone_get_by_name(zone_t *zone, const char *name)
Definition: zone.c:1519
void ods_log_error(const char *format,...)
Definition: log.c:69
unsigned int key_data_keytag(const key_data_t *key_data)
Definition: key_data.c:767
key_data_t * key_data_list_get_next(key_data_list_t *key_data_list)
Definition: key_data.c:2425
const char * delegation_signer_retract_command
Definition: cfg.h:62
db_clause_t * key_data_hsm_key_id_clause(db_clause_list_t *clause_list, const db_value_t *hsm_key_id)
Definition: key_data.c:1003
void zone_free(zone_t *zone)
Definition: zone.c:325
void db_clause_list_free(db_clause_list_t *clause_list)
Definition: db_clause.c:209
int key_state_update(key_state_t *key_state)
Definition: key_state.c:684
engineconfig_type * config
Definition: engine.h:53
db_clause_t * key_data_zone_id_clause(db_clause_list_t *clause_list, const db_value_t *zone_id)
Definition: key_data.c:976
void key_state_free(key_state_t *key_state)
Definition: key_state.c:214
zone_t * zone_new(const db_connection_t *connection)
Definition: zone.c:287
const key_data_t * key_data_list_next(key_data_list_t *key_data_list)
Definition: key_data.c:2359
int key_data_cache_key_states(key_data_t *key_data)
Definition: key_data_ext.c:33
key_state_type_t type
Definition: key_state.h:72
const char * hsm_key_locator(const hsm_key_t *hsm_key)
Definition: hsm_key.c:520
zone_t * zone_new_get_by_name(const db_connection_t *connection, const char *name)
Definition: zone.c:1569
key_data_list_t * key_data_list_new(const db_connection_t *connection)
Definition: key_data.c:1651
zone_t * key_data_get_zone(const key_data_t *key_data)
Definition: key_data.c:569
key_data_list_t * key_data_list_new_get_by_clauses(const db_connection_t *connection, const db_clause_list_t *clause_list)
Definition: key_data.c:2161
unsigned int key_state_ttl(const key_state_t *key_state)
Definition: key_state.c:409
const char * zone_name(const zone_t *zone)
Definition: zone.c:782
db_clause_t * key_data_role_clause(db_clause_list_t *clause_list, key_data_role_t role)
Definition: key_data.c:1030
int run_ds_cmd(int sockfd, const char *cmd, ssize_t n, db_connection_t *dbconn, key_data_ds_at_parent_t state_from, key_data_ds_at_parent_t state_to, engine_type *engine)
Definition: keystate_ds.c:476
int key_data_cache_hsm_key(key_data_t *key_data)
Definition: key_data.c:615
void key_data_list_free(key_data_list_t *key_data_list)
Definition: key_data.c:1694
db_clause_t * key_data_ds_at_parent_clause(db_clause_list_t *clause_list, key_data_ds_at_parent_t ds_at_parent)
Definition: key_data.c:1051
const key_state_t * key_data_cached_dnskey(key_data_t *key_data)
Definition: key_data_ext.c:68
key_state_t * key_state_list_get_begin(key_state_list_t *key_state_list)
Definition: key_state.c:1296
void key_data_free(key_data_t *key_data)
Definition: key_data.c:304
const db_value_t * zone_id(const zone_t *zone)
Definition: zone.c:728
int key_data_set_ds_at_parent(key_data_t *key_data, key_data_ds_at_parent_t ds_at_parent)
Definition: key_data.c:943
unsigned int last_change
Definition: key_state.h:74
#define DB_OK
Definition: db_error.h:36
void hsm_key_free(hsm_key_t *hsm_key)
Definition: hsm_key.c:286
int key_data_retrieve_key_state_list(key_data_t *key_data)
Definition: key_data.c:801
const hsm_key_t * key_data_hsm_key(const key_data_t *key_data)
Definition: key_data.c:638
Definition: zone.h:46
unsigned int key_data_algorithm(const key_data_t *key_data)
Definition: key_data.c:687
int key_data_update(key_data_t *key_data)
Definition: key_data.c:1349
const db_value_t * hsm_key_id(const hsm_key_t *hsm_key)
Definition: hsm_key.c:504
#define NARGV
void ods_log_warning(const char *format,...)
Definition: log.c:62
hsm_key_t * hsm_key_new_get_by_locator(const db_connection_t *connection, const char *locator)
Definition: hsm_key.c:1205
int change_keys_from_to(db_connection_t *dbconn, int sockfd, const char *zonename, const hsm_key_t *hsmkey, int keytag, key_data_ds_at_parent_t state_from, key_data_ds_at_parent_t state_to, engine_type *engine)
Definition: keystate_ds.c:342