1/*****************************************************************
2**
3**	@(#) zconf.h
4**
5**	Copyright (c) Jan 2005, Jeroen Masar, Holger Zuleger.
6**	All rights reserved.
7**
8**	This software is open source.
9**
10**	Redistribution and use in source and binary forms, with or without
11**	modification, are permitted provided that the following conditions
12**	are met:
13**
14**	Redistributions of source code must retain the above copyright notice,
15**	this list of conditions and the following disclaimer.
16**
17**	Redistributions in binary form must reproduce the above copyright notice,
18**	this list of conditions and the following disclaimer in the documentation
19**	and/or other materials provided with the distribution.
20**
21**	Neither the name of Jeroen Masar and Holger Zuleger nor the
22**	names of its contributors may be used to endorse or promote products
23**	derived from this software without specific prior written permission.
24**
25**	THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
26**	"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
27**	TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
28**	PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE
29**	LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
30**	CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
31**	SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
32**	INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
33**	CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
34**	ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
35**	POSSIBILITY OF SUCH DAMAGE.
36**
37*****************************************************************/
38#ifndef ZCONF_H
39# define ZCONF_H
40
41
42# define	MINSEC	60L
43# define	HOURSEC	(MINSEC * 60)
44# define	DAYSEC	(HOURSEC * 24)
45# define	WEEKSEC	(DAYSEC * 7)
46# define	YEARSEC	(DAYSEC * 365)
47# define	DAY	(1)
48# define	WEEK	(DAY * 7)
49# define	MONTH	(DAY * 30)
50# define	YEAR	(DAY * 365)
51
52# define	SIG_VALID_DAYS	(10)	/* or 3 Weeks ? */
53# define	SIG_VALIDITY	(SIG_VALID_DAYS * DAYSEC)
54# define	MAX_TTL		( 8 * HOURSEC)	/* default value of maximum ttl time */
55# define	KEY_TTL		( 4 * HOURSEC)	/* default value of KEY TTL */
56# define	PROPTIME	( 5 * MINSEC)	/* expected slave propagation time */
57						/* should be small if notify is used  */
58#if defined (DEF_TTL)
59# define	DEF_TTL		(MAX_TTL/2)	/* currently not used */
60#endif
61
62# define	RESIGN_INT	((SIG_VALID_DAYS - (SIG_VALID_DAYS / 3)) * DAYSEC)
63# define	KSK_LIFETIME	(1 * YEARSEC)
64#if 0
65# define	ZSK_LIFETIME	((SIG_VALID_DAYS * 3) * DAYSEC)	/* set to three times the sig validity */
66#else
67# if 0
68#  define	ZSK_LIFETIME	((MONTH * 3) * DAYSEC)	/* set fixed to 3 month */
69# else
70#  define	ZSK_LIFETIME	(12 * WEEKSEC)	/* set fixed to 3 month */
71# endif
72#endif
73
74/* # define	KSK_ALGO	(DK_ALGO_RSASHA1)	KSK_ALGO renamed to KEY_ALGO (v0.99) */
75# define	KEY_ALGO	(DK_ALGO_RSASHA1)	/* general KEY_ALGO used for both ksk and zsk */
76# define	ADDITIONAL_KEY_ALGO	0
77# define	KSK_BITS	(1300)
78# define	KSK_RANDOM	"/dev/urandom"	/* was NULL before v0.94 */
79/* # define	ZSK_ALGO	(DK_ALGO_RSASHA1)	ZSK_ALGO has to be the same as KSK, so this is no longer used (v0.99) */
80# define	ZSK_BITS	(512)
81# define	ZSK_RANDOM	"/dev/urandom"
82# define	NSEC3		0		/* by default nsec3 is off */
83# define	SALTLEN		24		/* salt length in bits (resolution is 4 bits)*/
84
85# define	ZONEDIR		"."
86# define	RECURSIVE	0
87# define	PRINTTIME	1
88# define	PRINTAGE	0
89# define	LJUST		0
90# define	LSCOLORTERM	NULL	/* or "" */
91# define	KEYSETDIR	NULL	/* keysets */
92# define	LOGFILE		""
93# define	LOGLEVEL	"error"
94# define	LOGDOMAINDIR	""
95# define	SYSLOGFACILITY	"none"
96# define	SYSLOGLEVEL	"notice"
97# define	VERBOSELOG	0
98# define	ZONEFILE	"zone.db"
99# define	DNSKEYFILE	"dnskey.db"
100# define	LOOKASIDEDOMAIN	""	/* "dlv.trusted-keys.de" */
101# define	SIG_RANDOM	NULL	/* "/dev/urandom" */
102# define	SIG_PSEUDO	0
103# define	SIG_GENDS	1
104# define	SIG_DNSKEY_KSK	0	/* Sign DNSKEY RR with KSK only */
105# define	SIG_PARAM	""
106# define	DIST_CMD	NULL	/* default is to run "rndc reload" */
107# define	NAMED_CHROOT	NULL	/* default is none */
108
109#ifndef CONFIG_PATH
110# define	CONFIG_PATH	"/var/named/"
111#endif
112# define	CONFIG_FILE	CONFIG_PATH "dnssec.conf"
113# define	LOCALCONF_FILE	"dnssec.conf"
114
115/* external command execution path (should be set via config.h) */
116#ifndef BIND_UTIL_PATH
117# define BIND_UTIL_PATH	"/usr/local/sbin/"	/* beware of trailing '/' */
118#endif
119# define	SIGNCMD		BIND_UTIL_PATH "dnssec-signzone"
120# define	KEYGENCMD	BIND_UTIL_PATH "dnssec-keygen"
121# define	RELOADCMD	BIND_UTIL_PATH "rndc"
122
123typedef	enum {
124	Unixtime = 1,
125	Incremental
126} serial_form_t;
127
128typedef	enum {
129	NSEC3_OFF = 0,
130	NSEC3_ON,
131	NSEC3_OPTOUT
132} nsec3_t;
133
134typedef	enum {
135	none = 0,
136	user,
137	local0, local1, local2, local3, local4, local5, local6, local7
138} syslog_facility_t;
139
140typedef	struct zconf	{
141	char	*zonedir;
142	int	recursive;
143	int	printtime;
144	int	printage;
145	int	ljust;
146	char	*colorterm;
147	long	sigvalidity;	/* should be less than expire time */
148	long	max_ttl;	/* should be set to the maximum used ttl in the zone */
149	long	key_ttl;
150	long	proptime;	/* expected time offset for zone propagation */
151#if defined (DEF_TTL)
152	long	def_ttl;	/* default ttl set in soa record  */
153#endif
154	serial_form_t	serialform;	/* format of serial no */
155	long	resign;		/* resign interval */
156
157	int	k_algo;
158	int	k2_algo;
159	long	k_life;
160	int	k_bits;
161	char	*k_random;
162	long	z_life;
163	/* int	z_algo;		no longer used; renamed to k2_algo (v0.99) */
164	int	z_bits;
165	char	*z_random;
166	nsec3_t	nsec3;		/* 0 == off; 1 == on; 2 == on with optout */
167	int	saltbits;
168
169	char	*view;
170	int	noexec;
171	// char	*errlog;
172	char	*logfile;
173	char	*loglevel;
174	char	*logdomaindir;
175	char	*syslogfacility;
176	char	*sysloglevel;
177	int	verboselog;
178	int	verbosity;
179	char	*keyfile;
180	char	*zonefile;
181	char	*keysetdir;
182	char	*lookaside;
183	char	*sig_random;
184	int	sig_pseudo;
185	int	sig_gends;
186	int	sig_dnskeyksk;
187	char	*sig_param;
188	char	*dist_cmd;	/* cmd to run instead of "rndc reload" */
189	char	*chroot_dir;	/* chroot directory of named */
190} zconf_t;
191
192extern	const char	*timeint2str (unsigned long val);
193extern	zconf_t	*loadconfig (const char *filename, zconf_t *z);
194extern	zconf_t	*loadconfig_fromstr (const char *str, zconf_t *z);
195extern	zconf_t	*dupconfig (const zconf_t *conf);
196extern	zconf_t	*freeconfig (zconf_t *conf);
197extern	int	setconfigpar (zconf_t *conf, char *entry, const void *pval);
198extern	int	printconfig (const char *fname, const zconf_t *cp);
199extern	int	printconfigdiff (const char *fname, const zconf_t *ref, const zconf_t *z);
200extern	int	checkconfig (const zconf_t *z);
201extern	void	setconfigversion (int version);
202
203#endif
204