zconf.h   [plain text]

/*****************************************************************
**
**	@(#) zconf.h  
**
**	Copyright (c) Jan 2005, Jeroen Masar, Holger Zuleger.
**	All rights reserved.
**	
**	This software is open source.
**	
**	Redistribution and use in source and binary forms, with or without
**	modification, are permitted provided that the following conditions
**	are met:
**	
**	Redistributions of source code must retain the above copyright notice,
**	this list of conditions and the following disclaimer.
**	
**	Redistributions in binary form must reproduce the above copyright notice,
**	this list of conditions and the following disclaimer in the documentation
**	and/or other materials provided with the distribution.
**	
**	Neither the name of Jeroen Masar and Holger Zuleger nor the
**	names of its contributors may be used to endorse or promote products
**	derived from this software without specific prior written permission.
**	
**	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
**	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
**	TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
**	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
**	LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
**	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
**	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
**	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
**	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
**	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
**	POSSIBILITY OF SUCH DAMAGE.
**
*****************************************************************/
#ifndef ZCONF_H
# define ZCONF_H


# define	MINSEC	60L
# define	HOURSEC	(MINSEC * 60)
# define	DAYSEC	(HOURSEC * 24)
# define	WEEKSEC	(DAYSEC * 7)
# define	YEARSEC	(DAYSEC * 365)
# define	DAY	(1)
# define	WEEK	(DAY * 7)
# define	MONTH	(DAY * 30)
# define	YEAR	(DAY * 365)

# define	SIG_VALID_DAYS	(10)	/* or 3 Weeks ? */
# define	SIG_VALIDITY	(SIG_VALID_DAYS * DAYSEC)
# define	MAX_TTL		( 8 * HOURSEC)	/* default value of maximum ttl time */
# define	KEY_TTL		( 4 * HOURSEC)	/* default value of KEY TTL */
# define	PROPTIME	( 5 * MINSEC)	/* expected slave propagation time */
						/* should be small if notify is used  */
#if defined (DEF_TTL)
# define	DEF_TTL		(MAX_TTL/2)	/* currently not used */
#endif

# define	RESIGN_INT	((SIG_VALID_DAYS - (SIG_VALID_DAYS / 3)) * DAYSEC)
# define	KSK_LIFETIME	(1 * YEARSEC)
#if 0
# define	ZSK_LIFETIME	((SIG_VALID_DAYS * 3) * DAYSEC)	/* set to three times the sig validity */
#else
# if 0
#  define	ZSK_LIFETIME	((MONTH * 3) * DAYSEC)	/* set fixed to 3 month */
# else
#  define	ZSK_LIFETIME	(12 * WEEKSEC)	/* set fixed to 3 month */
# endif
#endif

/* # define	KSK_ALGO	(DK_ALGO_RSASHA1)	KSK_ALGO renamed to KEY_ALGO (v0.99) */
# define	KEY_ALGO	(DK_ALGO_RSASHA1)	/* general KEY_ALGO used for both ksk and zsk */
# define	ADDITIONAL_KEY_ALGO	0
# define	KSK_BITS	(1300)
# define	KSK_RANDOM	"/dev/urandom"	/* was NULL before v0.94 */
/* # define	ZSK_ALGO	(DK_ALGO_RSASHA1)	ZSK_ALGO has to be the same as KSK, so this is no longer used (v0.99) */
# define	ZSK_BITS	(512)
# define	ZSK_RANDOM	"/dev/urandom"
# define	NSEC3		0		/* by default nsec3 is off */
# define	SALTLEN		24		/* salt length in bits (resolution is 4 bits)*/

# define	ZONEDIR		"."
# define	RECURSIVE	0
# define	PRINTTIME	1
# define	PRINTAGE	0
# define	LJUST		0
# define	LSCOLORTERM	NULL	/* or "" */
# define	KEYSETDIR	NULL	/* keysets */
# define	LOGFILE		""
# define	LOGLEVEL	"error"
# define	LOGDOMAINDIR	""
# define	SYSLOGFACILITY	"none"
# define	SYSLOGLEVEL	"notice"
# define	VERBOSELOG	0
# define	ZONEFILE	"zone.db"
# define	DNSKEYFILE	"dnskey.db"
# define	LOOKASIDEDOMAIN	""	/* "dlv.trusted-keys.de" */
# define	SIG_RANDOM	NULL	/* "/dev/urandom" */
# define	SIG_PSEUDO	0
# define	SIG_GENDS	1
# define	SIG_DNSKEY_KSK	0	/* Sign DNSKEY RR with KSK only */
# define	SIG_PARAM	""
# define	DIST_CMD	NULL	/* default is to run "rndc reload" */
# define	NAMED_CHROOT	NULL	/* default is none */

#ifndef CONFIG_PATH
# define	CONFIG_PATH	"/var/named/"
#endif
# define	CONFIG_FILE	CONFIG_PATH "dnssec.conf"
# define	LOCALCONF_FILE	"dnssec.conf"

/* external command execution path (should be set via config.h) */
#ifndef BIND_UTIL_PATH
# define BIND_UTIL_PATH	"/usr/local/sbin/"	/* beware of trailing '/' */
#endif
# define	SIGNCMD		BIND_UTIL_PATH "dnssec-signzone"
# define	KEYGENCMD	BIND_UTIL_PATH "dnssec-keygen"
# define	RELOADCMD	BIND_UTIL_PATH "rndc"

typedef	enum {
	Unixtime = 1,
	Incremental
} serial_form_t;

typedef	enum {
	NSEC3_OFF = 0,
	NSEC3_ON,
	NSEC3_OPTOUT
} nsec3_t;

typedef	enum {
	none = 0,
	user,
	local0, local1, local2, local3, local4, local5, local6, local7
} syslog_facility_t;

typedef	struct zconf	{
	char	*zonedir;
	int	recursive;
	int	printtime;
	int	printage;
	int	ljust;
	char	*colorterm;
	long	sigvalidity;	/* should be less than expire time */
	long	max_ttl;	/* should be set to the maximum used ttl in the zone */
	long	key_ttl;
	long	proptime;	/* expected time offset for zone propagation */
#if defined (DEF_TTL)
	long	def_ttl;	/* default ttl set in soa record  */
#endif
	serial_form_t	serialform;	/* format of serial no */
	long	resign;		/* resign interval */

	int	k_algo;
	int	k2_algo;
	long	k_life;
	int	k_bits;
	char	*k_random;
	long	z_life;
	/* int	z_algo;		no longer used; renamed to k2_algo (v0.99) */
	int	z_bits;
	char	*z_random;
	nsec3_t	nsec3;		/* 0 == off; 1 == on; 2 == on with optout */
	int	saltbits;

	char	*view;
	int	noexec;
	// char	*errlog;
	char	*logfile;
	char	*loglevel;
	char	*logdomaindir;
	char	*syslogfacility;
	char	*sysloglevel;
	int	verboselog;
	int	verbosity;
	char	*keyfile;
	char	*zonefile;
	char	*keysetdir;
	char	*lookaside;
	char	*sig_random;
	int	sig_pseudo;
	int	sig_gends;
	int	sig_dnskeyksk;
	char	*sig_param;
	char	*dist_cmd;	/* cmd to run instead of "rndc reload" */
	char	*chroot_dir;	/* chroot directory of named */
} zconf_t;

extern	const char	*timeint2str (unsigned long val);
extern	zconf_t	*loadconfig (const char *filename, zconf_t *z);
extern	zconf_t	*loadconfig_fromstr (const char *str, zconf_t *z);
extern	zconf_t	*dupconfig (const zconf_t *conf);
extern	zconf_t	*freeconfig (zconf_t *conf);
extern	int	setconfigpar (zconf_t *conf, char *entry, const void *pval);
extern	int	printconfig (const char *fname, const zconf_t *cp);
extern	int	printconfigdiff (const char *fname, const zconf_t *ref, const zconf_t *z);
extern	int	checkconfig (const zconf_t *z);
extern	void	setconfigversion (int version);

#endif