From 1405517deb46125731445a4f9a99761ad89033e1 Mon Sep 17 00:00:00 2001
From: Tomas Krizek <tomas.krizek@nic.cz>
Date: Mon, 18 Mar 2019 18:24:11 +0100
Subject: [PATCH] daemon: remove -k/-K options

Since DNSSEC is now enabled by default and always loads the
keyfile_default specified during compilation, these options are
obsolete.

Use trust_anchors.add_file() in config file if you require this
functionality.
---
 daemon/lua/trust_anchors.test/root.keys   |  1 +
 daemon/lua/trust_anchors.test/ta.test.lua | 28 ++++++++++++
 daemon/main.c                             | 54 -----------------------
 doc/kresd.8.in                            | 24 +---------
 tests/config/keyfile/bad_args.test.lua    |  0
 tests/config/keyfile/load_ta.test.lua     | 37 ----------------
 tests/config/keyfile/nonexist1.test.lua   |  2 -
 tests/config/keyfile/nonexist2.test.lua   |  2 -
 tests/config/keyfile/root1.keys           |  1 -
 tests/config/keyfile/root2.keys           |  1 -
 tests/config/meson.build                  | 16 -------
 11 files changed, 31 insertions(+), 135 deletions(-)
 create mode 100644 daemon/lua/trust_anchors.test/root.keys
 delete mode 100644 tests/config/keyfile/bad_args.test.lua
 delete mode 100644 tests/config/keyfile/load_ta.test.lua
 delete mode 100644 tests/config/keyfile/nonexist1.test.lua
 delete mode 100644 tests/config/keyfile/nonexist2.test.lua
 delete mode 100644 tests/config/keyfile/root1.keys
 delete mode 100644 tests/config/keyfile/root2.keys

diff --git a/daemon/lua/trust_anchors.test/root.keys b/daemon/lua/trust_anchors.test/root.keys
new file mode 100644
index 000000000..e292b5a7b
--- /dev/null
+++ b/daemon/lua/trust_anchors.test/root.keys
@@ -0,0 +1 @@
+. IN DS 20326 8 2 E06D44B80B8F1D39A95C0B0D7C65D08458E880409BBC683457104237C7F8EC8D
diff --git a/daemon/lua/trust_anchors.test/ta.test.lua b/daemon/lua/trust_anchors.test/ta.test.lua
index 0384b7f36..6993f8fd7 100644
--- a/daemon/lua/trust_anchors.test/ta.test.lua
+++ b/daemon/lua/trust_anchors.test/ta.test.lua
@@ -2,6 +2,17 @@ trust_anchors.keyfile_default = nil
 
 local ffi = require('ffi')
 
+-- count warning messages
+warn_msg = {}
+overriding_msg="[ ta ] warning: overriding previously set trust anchors for ."
+warn_msg[overriding_msg] = 0
+function warn(fmt, ...)
+	msg = string.format(fmt, ...)
+	if warn_msg[msg] ~= nil then
+		warn_msg[msg] = warn_msg[msg] + 1
+	end
+end
+
 -- Test that adding a revoked DNSKEY is refused.
 local function test_revoked_key()
 	local ta_c = kres.context().trust_anchors
@@ -37,8 +48,25 @@ local function test_remove()
 	same(root_ta == nil, true, 'C interface does not have the removed key')
 end
 
+local function test_add_file()
+	boom(trust_anchors.add_file, {'nonwriteable/root.keys', false},
+	     "Managed trust anchor in non-writeable directory")
+
+	boom(trust_anchors.add_file, {'nonexist.keys', true},
+	     "Nonexist unmanaged trust anchor file")
+
+	is(warn_msg[overriding_msg], 0, "No override warning messages at start of test")
+	trust_anchors.add_file('root.keys', true)
+	trust_anchors.add_file('root.keys', true)
+	is(warn_msg[overriding_msg], 1, "Warning message when override trust anchors")
+
+	is(trust_anchors.keysets['\0'][1].key_tag, 20326,
+	   "Loaded KeyTag from root.keys")
+end
+
 return {
 	test_revoked_key,
 	test_remove,
+	test_add_file,
 }
 
diff --git a/daemon/main.c b/daemon/main.c
index 4f94c1e18..aee9d378f 100644
--- a/daemon/main.c
+++ b/daemon/main.c
@@ -58,8 +58,6 @@ struct args {
 	addr_array_t tls_set;
 	fd_array_t fd_set;
 	fd_array_t tls_fd_set;
-	char *keyfile;
-	int keyfile_unmanaged;
 	const char *config;
 	int control_fd;
 	const char *rundir;
@@ -68,16 +66,6 @@ struct args {
 	bool tty_binary_output;
 };
 
-/* lua_pcall helper function */
-static inline char *lua_strerror(int lua_err) {
-	switch (lua_err) {
-	case LUA_ERRRUN: return "a runtime error";
-	case LUA_ERRMEM: return "memory allocation error.";
-	case LUA_ERRERR: return "error while running the error handler function.";
-	default: return "a unknown error";
-	}
-}
-
 /**
  * TTY control: process input and free() the buffer.
  *
@@ -384,8 +372,6 @@ static void help(int argc, char *argv[])
 	       " -S, --fd=[fd]          Listen on given fd (handed out by supervisor).\n"
 	       " -T, --tlsfd=[fd]       Listen using TLS on given fd (handed out by supervisor).\n"
 	       " -c, --config=[path]    Config file path (relative to [rundir]) (default: config).\n"
-	       " -k, --keyfile=[path]   File with root domain trust anchors (DS or DNSKEY), automatically updated.\n"
-	       " -K, --keyfile-ro=[path] File with read-only root domain trust anchors, for use with an external updater.\n"
 	       " -f, --forks=N          Start N forks sharing the configuration.\n"
 	       " -q, --quiet            No command prompt in interactive mode.\n"
 	       " -v, --verbose          Run in verbose mode."
@@ -483,31 +469,6 @@ static void free_sd_socket_names(char **socket_names, int count)
 }
 #endif
 
-static int set_keyfile(struct engine *engine, char *keyfile, bool unmanaged)
-{
-	assert(keyfile != NULL);
-	auto_free char *cmd = afmt("trust_anchors.config('%s',%s)",
-				   keyfile, unmanaged ? "true" : "nil");
-	if (!cmd) {
-		kr_log_error("[system] not enough memory\n");
-		return kr_error(ENOMEM);
-	}
-	int lua_ret = engine_cmd(engine->L, cmd, false);
-	if (lua_ret != 0) {
-		if (lua_gettop(engine->L) > 0) {
-			kr_log_error("%s\n", lua_tostring(engine->L, -1));
-		} else {
-			kr_log_error("[ ta ] keyfile '%s': failed to load (%s)\n",
-					keyfile, lua_strerror(lua_ret));
-		}
-		return lua_ret;
-	}
-
-	lua_settop(engine->L, 0);
-	return kr_ok();
-}
-
-
 static void args_init(struct args *args)
 {
 	memset(args, 0, sizeof(struct args));
@@ -542,8 +503,6 @@ static int parse_args(int argc, char **argv, struct args *args)
 		{"fd",         required_argument, 0, 'S'},
 		{"tlsfd",      required_argument, 0, 'T'},
 		{"config",     required_argument, 0, 'c'},
-		{"keyfile",    required_argument, 0, 'k'},
-		{"keyfile-ro", required_argument, 0, 'K'},
 		{"forks",      required_argument, 0, 'f'},
 		{"verbose",          no_argument, 0, 'v'},
 		{"quiet",            no_argument, 0, 'q'},
@@ -578,15 +537,6 @@ static int parse_args(int argc, char **argv, struct args *args)
 				return EXIT_FAILURE;
 			}
 			break;
-		case 'K':
-			args->keyfile_unmanaged = 1;
-		case 'k':
-			if (args->keyfile != NULL) {
-				kr_log_error("[system] error only one of '--keyfile' and '--keyfile-ro' allowed\n");
-				return EXIT_FAILURE;
-			}
-			args->keyfile = optarg;
-			break;
 		case 'v':
 			kr_verbose_set(true);
 #ifdef NOVERBOSELOG
@@ -800,10 +750,6 @@ int main(int argc, char **argv)
 		}
 		lua_settop(engine.L, 0);
 	}
-	if (args.keyfile != NULL && set_keyfile(&engine, args.keyfile, args.keyfile_unmanaged) != 0) {
-		ret = EXIT_FAILURE;
-		goto cleanup;
-	}
 	if (args.config == NULL || strcmp(args.config, "-") !=0) {
 		if(engine_load_defaults(&engine) != 0) {
 			ret = EXIT_FAILURE;
diff --git a/doc/kresd.8.in b/doc/kresd.8.in
index 524c7eacb..8bd87fc9e 100644
--- a/doc/kresd.8.in
+++ b/doc/kresd.8.in
@@ -22,10 +22,6 @@
 .IR fd ]
 .RB [ \-c | \-\-config
 .IR config ]
-.RB [ \-k | \-\-keyfile
-.IR keyfile ]
-.RB [ \-K | \-\-keyfile\-ro
-.IR keyfile ]
 .RB [ \-f | \-\-forks
 .IR N ]
 .RB [ \-q | \-\-quiet ]
@@ -69,7 +65,7 @@ and start
 .PP
 .nf
 .RS 6n
-$ kresd -a 127.0.0.1 -k root.keys
+$ kresd -a 127.0.0.1
 [system] interactive mode
 >
 .RE
@@ -90,7 +86,7 @@ online documentation.
 $ cat << EOF > config
 modules = { 'policy' }
 policy.add(policy.all(policy.FORWARD('192.168.1.1')))
-$ kresd -a 127.0.0.1 -k root.keys
+$ kresd -a 127.0.0.1
 EOF
 .RE
 .fi
@@ -120,22 +116,6 @@ Set the config file with settings for kresd to read instead of reading the
 file at the default location (\fIconfig\fR). The syntax is
 described in \fIdaemon/README.md\fR.
 .TP
-.B \-k\fI keyfile\fR, \fB\-\-keyfile=\fI<keyfile>
-(Recommended!) Automatically managed root trust anchors file.
-Root trust anchors in this file are managed using standard RFC 5011 (Automated Updates of DNS Security Trust Anchors).
-Kresd needs write access to the directory containing the keyfile.
-
-If the file does not exist, it will be automatically boostrapped from IANA using HTTPS protocol
-and warning that you need to to check the key before trusting it will be issued.
-
-The file contains DNSKEY/DS records in presentation format,
-and is compatible with Unbound and BIND 9 root key files.
-@man_managed_keyfile_default@
-.TP
-.B \-K\fI keyfile\fR, \fB\-\-keyfile\-ro=\fI<keyfile>
-(Discouraged) Static root trust anchors file. The file is not updated by kresd. Use of this option is discouraged because it will break your installation when the trust anchor key changes!
-@man_unmanaged_keyfile_default@
-.TP
 .B \-f\fI N\fR, \fB\-\-forks=\fI<N>
 With this option, the daemon is started in non-interactive mode and instead creates a
 UNIX socket in \fIrundir\fR that the operator can connect to for interactive session.
diff --git a/tests/config/keyfile/bad_args.test.lua b/tests/config/keyfile/bad_args.test.lua
deleted file mode 100644
index e69de29bb..000000000
diff --git a/tests/config/keyfile/load_ta.test.lua b/tests/config/keyfile/load_ta.test.lua
deleted file mode 100644
index bfe851b7c..000000000
--- a/tests/config/keyfile/load_ta.test.lua
+++ /dev/null
@@ -1,37 +0,0 @@
--- test fixtures
-
--- count warning message, fail with other than allowed message
-warn_msg = {}
-overriding_msg="[ ta ] warning: overriding previously set trust anchors for ."
-warn_msg[overriding_msg] = 0
-function warn(fmt, ...)
-	msg = string.format(fmt, ...)
-	if warn_msg[msg] == nil then
-		fail(string.format("Not allowed warn message: %s", msg))
-	else
-		warn_msg[msg] = warn_msg[msg] + 1
-	end
-end
-
--- tests
-
-boom(trust_anchors.add_file, {'nonwriteable/root.keys', false},
-     "Managed trust anchor in non-writeable directory")
-
-boom(trust_anchors.add_file, {'nonexist.keys', true},
-     "Nonexist unmanaged trust anchor file")
-
-trust_anchors.add_file('root2.keys', true)
-trust_anchors.add_file('root1.keys', true)
-is(warn_msg[overriding_msg], 1, "Warning message when override trust anchors")
-
-is(trust_anchors.keysets['\0'][1].key_tag, 19036,
-   "Loaded KeyTag from root1.keys")
-
-local function test_loading_from_cmdline()
-	is(trust_anchors.keysets['\0'][1].key_tag , 20326,
-	   "Loaded KeyTag from cmdline file root2.keys")
-	is(warn_msg[overriding_msg], 2, "Warning message when override trust anchors")
-end
-
-return {test_loading_from_cmdline}
diff --git a/tests/config/keyfile/nonexist1.test.lua b/tests/config/keyfile/nonexist1.test.lua
deleted file mode 100644
index 332919dab..000000000
--- a/tests/config/keyfile/nonexist1.test.lua
+++ /dev/null
@@ -1,2 +0,0 @@
--- simulate building without keyfile_default
-trust_anchors.keyfile_default = nil
diff --git a/tests/config/keyfile/nonexist2.test.lua b/tests/config/keyfile/nonexist2.test.lua
deleted file mode 100644
index e801c6d32..000000000
--- a/tests/config/keyfile/nonexist2.test.lua
+++ /dev/null
@@ -1,2 +0,0 @@
--- simulate building with keyfile_default
-trust_anchors.keyfile_default = "../../../../tests/config/keyfile/root1.keys"
diff --git a/tests/config/keyfile/root1.keys b/tests/config/keyfile/root1.keys
deleted file mode 100644
index c7343371b..000000000
--- a/tests/config/keyfile/root1.keys
+++ /dev/null
@@ -1 +0,0 @@
-.                   	172800	DNSKEY	257 3 8 AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjFFVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoXbfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaDX6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpzW5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relSQageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulqQxA+Uk1ihz0= ; Valid: ; KeyTag:19036
diff --git a/tests/config/keyfile/root2.keys b/tests/config/keyfile/root2.keys
deleted file mode 100644
index 5e9d6ac6e..000000000
--- a/tests/config/keyfile/root2.keys
+++ /dev/null
@@ -1 +0,0 @@
-.                   	172800	DNSKEY	257 3 8 AwEAAaz/tAm8yTn4Mfeh5eyI96WSVexTBAvkMgJzkKTOiW1vkIbzxeF3+/4RgWOq7HrxRixHlFlExOLAJr5emLvN7SWXgnLh4+B5xQlNVz8Og8kvArMtNROxVQuCaSnIDdD5LKyWbRd2n9WGe2R8PzgCmr3EgVLrjyBxWezF0jLHwVN8efS3rCj/EWgvIWgb9tarpVUDK/b58Da+sqqls3eNbuv7pr+eoZG+SrDK6nWeL3c6H5Apxz7LjVc1uTIdsIXxuOLYA4/ilBmSVIzuDWfdRUfhHdY6+cn8HFRm+2hM8AnXGXws9555KrUB5qihylGa8subX2Nn6UwNR1AkUTV74bU= ; Valid: ; KeyTag:20326
diff --git a/tests/config/meson.build b/tests/config/meson.build
index 7d9a68b0b..494d67118 100644
--- a/tests/config/meson.build
+++ b/tests/config/meson.build
@@ -1,22 +1,6 @@
 config_tests += [
   ['basic', files('basic.test.lua'), [], false, ['skip_asan']],
   ['cache', files('cache.test.lua'), [], false, ['skip_asan']],
-  ['keyfile.bad_args', files('keyfile/bad_args.test.lua'),
-    ['--keyfile-ro', 'root.keys',
-     '--keyfile', 'root.keys'],
-    true,
-  ],
-  ['keyfile.load_ta', files('keyfile/load_ta.test.lua'),
-    ['--keyfile-ro', files('keyfile/root2.keys')]
-  ],
-  ['keyfile.nonexist1', files('keyfile/nonexist1.test.lua'),
-    ['--keyfile-ro', 'nonexist'],
-    true,
-  ],
-  ['keyfile.nonexist2', files('keyfile/nonexist2.test.lua'),
-    ['--keyfile-ro', 'nonexist'],
-    true,
-  ],
   ['lru', files('lru.test.lua')],
   ['tls', files('tls.test.lua')],
   ['worker', files('worker.test.lua')],
-- 
2.47.3