51 #include <ldns/ldns.h>
53 static const char* zone_str =
"zone";
66 if (!name || !klass) {
74 ods_log_error(
"[%s] unable to create zone %s: create allocator "
75 "failed", zone_str, name);
82 ods_log_error(
"[%s] unable to create zone %s: allocator failed",
91 if (strlen(name) > 1 && name[strlen(name)-1] ==
'.') {
92 name[strlen(name)-1] =
'\0';
98 zone->
dname = ldns_dname_new_frm_str(name);
99 ldns_dname2canonical(zone->
dname);
117 ods_log_error(
"[%s] unable to create zone %s: create zonedata "
118 "failed", zone_str, name);
125 ods_log_error(
"[%s] unable to create zone %s: create signconf "
126 "failed", zone_str, name);
148 ldns_rdf* soa_min = NULL;
149 ldns_rr_type type = LDNS_RR_TYPE_FIRST;
159 ods_log_error(
"[%s] unable to add RR: no storage", zone_str);
166 ods_log_error(
"[%s] unable to add RR: no signconf", zone_str);
172 if (ldns_dname_compare(zone->
dname, ldns_rr_owner(rr)) != 0 &&
173 !ldns_dname_is_subdomain(ldns_rr_owner(rr), zone->
dname)) {
175 zone_str, zone->
name?zone->
name:
"(null)");
182 type = ldns_rr_get_type(rr);
186 zone_str, zone->
name?zone->
name:
"(null)", tmp);
187 ldns_rr_set_ttl(rr, tmp);
189 if (type == LDNS_RR_TYPE_SOA) {
193 zone_str, zone->
name?zone->
name:
"(null)", tmp);
194 ldns_rr_set_ttl(rr, tmp);
199 zone_str, zone->
name?zone->
name:
"(null)", tmp);
200 soa_min = ldns_rr_set_rdf(rr,
201 ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, tmp),
204 ldns_rdf_deep_free(soa_min);
207 "rdata", zone_str, zone->
name?zone->
name:
"(null)");
228 if (ldns_dname_compare(domain->
dname, zone->
dname) == 0) {
254 ods_log_error(
"[%s] unable to add RR: pend RR failed", zone_str);
259 if (zone->
stats && do_stats) {
283 ods_log_error(
"[%s] unable to del RR: no storage", zone_str);
308 if (
rrset_del_rr(rrset, rr, (ldns_rr_get_type(rr) == LDNS_RR_TYPE_DNSKEY))
310 ods_log_error(
"[%s] unable to del RR: pend RR failed", zone_str);
315 if (do_stats && zone->
stats) {
327 dnskey_withdraw(
zone_type* zone, ldns_rr_list* del)
329 ldns_rr* clone = NULL;
333 for (i=0; i < ldns_rr_list_rr_count(del); i++) {
334 clone = ldns_rr_clone(ldns_rr_list_rr(del, i));
349 nsec3param_withdraw(
zone_type* zone, ldns_rr* rr)
351 ldns_rr* clone = NULL;
357 clone = ldns_rr_clone(rr);
375 ldns_rr_list* del = NULL;
376 char* datestamp = NULL;
383 ods_log_error(
"[%s] unable to load signconf: no zone", zone_str);
389 "insecure?", zone_str, zone->
name);
399 ods_log_error(
"[%s] unable to load signconf: zone %s signconf "
400 "%s: storage empty", zone_str, zone->
name,
406 ods_log_debug(
"[%s] zone %s signconf file %s is modified since %s",
408 datestamp?datestamp:
"Unknown");
409 free((
void*)datestamp);
412 del = ldns_rr_list_new();
415 "signconf %s: ldns_rr_list_new() failed",
423 "signconf %s: %s", zone_str, zone->
name,
430 status = dnskey_withdraw(zone, del);
432 ldns_rr_list_free(del);
435 "signconf %s: failed to delete DNSKEY from RRset",
449 "signconf %s: failed to delete NSEC3PARAM RRset",
480 ods_log_debug(
"[%s] zone %s switch to new signconf", zone_str,
491 "%Y-%m-%d %T", &datestamp);
494 datestamp?datestamp:
"Unknown");
495 free((
void*)datestamp);
497 ods_log_error(
"[%s] unable to load signconf: zone %s signconf %s: "
512 hsm_ctx_t* ctx = NULL;
517 ldns_rr* dnskey = NULL;
521 ods_log_error(
"[%s] unable to publish dnskeys: no zone", zone_str);
527 ods_log_error(
"[%s] unable to publish dnskeys zone %s: no signconf",
528 zone_str, zone->
name);
534 ods_log_error(
"[%s] unable to publish dnskeys zone %s: no keys",
535 zone_str, zone->
name);
541 ods_log_error(
"[%s] unable to publish dnskeys zone %s: no zonedata",
542 zone_str, zone->
name);
553 ctx = hsm_create_context();
555 ods_log_error(
"[%s] unable to publish dnskeys for zone %s: error "
556 "creating libhsm context", zone_str, zone->
name);
571 "error creating DNSKEY for key %s", zone_str,
578 dnskey = ldns_rr_clone(key->
dnskey);
580 }
else if (do_publish) {
581 ldns_rr_set_ttl(key->
dnskey, ttl);
583 ldns_rr2canonical(key->
dnskey);
584 dnskey = ldns_rr_clone(key->
dnskey);
592 "error adding DNSKEY[%u] for key %s", zone_str,
593 zone->
name, ldns_calc_keytag(dnskey),
605 hsm_destroy_context(ctx);
618 ldns_rr* nsec3params_rr = NULL;
620 int doe_rollover = 0;
623 ods_log_error(
"[%s] unable to prepare NSEC3: no zone", zone_str);
629 ods_log_error(
"[%s] unable to prepare NSEC3: no signconf", zone_str);
650 ods_log_error(
"[%s] unable to prepare zone %s for NSEC3: failed "
651 "to create NSEC3 parameters", zone_str, zone->
name);
659 }
else if (doe_rollover) {
662 nsec3params_rr = ldns_rr_new_frm_type(LDNS_RR_TYPE_NSEC3PARAMS);
663 if (!nsec3params_rr) {
664 ods_log_error(
"[%s] unable to prepare zone %s for NSEC3: failed "
665 "to create NSEC3PARAM RR", zone_str, zone->
name);
672 ldns_rr_set_class(nsec3params_rr, zone->
klass);
673 ldns_rr_set_ttl(nsec3params_rr, paramttl);
674 ldns_rr_set_owner(nsec3params_rr, ldns_rdf_clone(zone->
dname));
675 ldns_nsec3_add_param_rdfs(nsec3params_rr,
684 ldns_set_bit(ldns_rdf_data(ldns_rr_rdf(nsec3params_rr, 1)), 7, 0);
686 ldns_rr2canonical(nsec3params_rr);
693 zone_str, zone->
name);
696 ldns_rr_free(nsec3params_rr);
711 char* filename = NULL;
720 free((
void*)filename);
723 fprintf(fd,
"%s\n", ODS_SE_FILE_MAGIC);
725 fprintf(fd,
";;Zone: name %s class %i ttl %u inbound %u internal "
754 fprintf(fd,
"%s\n", ODS_SE_FILE_MAGIC);
770 char* filename = NULL;
772 const char* token = NULL;
777 uint32_t inbound = 0;
778 uint32_t
internal = 0;
779 uint32_t outbound = 0;
791 const char* salt = NULL;
792 ldns_rr* nsec3params_rr = NULL;
805 free((
void*)filename);
885 ldns_rr_new_frm_fp(&nsec3params_rr, fd, NULL, NULL, NULL) ||
916 free((
void*)filename);
921 zone->
klass = (ldns_rr_class) klass;
942 nsec3params->
rr = nsec3params_rr;
945 zone->
task = (
void*) task;
1000 free((
void*)filename);
1021 zone->
klass = (ldns_rr_class) klass;
1044 ods_log_error(
"[%s] unable to recover zone %s: corrupted file",
1045 zone_str, zone->
name);
1061 ldns_rr_free(nsec3params_rr);
1062 nsec3params_rr = NULL;
1064 nsec3params->
rr = NULL;
1109 ods_log_error(
"[%s] failed to merge policy %s name to zone "
1128 ods_log_error(
"[%s] failed to merge signconf filename %s to "
1166 hsm_ctx_t* ctx = NULL;
1174 ctx = hsm_create_context();
1176 ods_log_error(
"[%s] unable to prepare signing keys for zone %s: "
1177 "error creating libhsm context", zone_str, zone->
name);
1186 ods_log_error(
"[%s] unable to prepare signing keys for zone %s: "
1187 "error getting dnskey", zone_str, zone->
name);
1196 hsm_destroy_context(ctx);
1212 ldns_rdf* serial = NULL;
1214 if (!zone || !zone->
name) {
1215 ods_log_error(
"[%s] unable to update serial: no zone", zone_str);
1222 ods_log_error(
"[%s] unable to update serial zone %s: no signconf",
1229 ods_log_error(
"[%s] unable to update serial zone %s: no zonedata",
1237 ods_log_error(
"[%s] unable to update serial zone %s: failed to "
1240 ods_log_error(
"[%s] If this is the result of a key rollover, "
1241 "please increment the serial in the unsigned zone %s",
1242 zone_str, zone->
name);
1250 ods_log_error(
"[%s] unable to update serial zone %s: apex not found",
1251 zone_str, zone->
name);
1259 ods_log_error(
"[%s] unable to update serial zone %s: SOA RRset not found",
1260 zone_str, zone->
name);
1266 if (rrset->
rrs && rrset->
rrs->rr) {
1267 serial = ldns_rr_set_rdf(rrset->
rrs->rr,
1268 ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32,
1271 if (ldns_rdf2native_int32(serial) !=
1275 ldns_rdf_deep_free(serial);
1277 ods_log_error(
"[%s] unable to update serial zone %s: failed to "
1278 "replace SOA SERIAL rdata", zone_str, zone->
name);
1293 if (fd && zone && zone->
zonedata) {
1332 ldns_rdf_deep_free(zone->
dname);
signconf_type * signconf_create(void)
int backup_read_str(FILE *in, const char **str)
uint32_t nsec3_iterations
void zone_cleanup(zone_type *zone)
duration_type * sig_inception_offset
ods_status adbackup_read(struct zone_struct *zone, const char *filename)
void zonedata_cleanup(zonedata_type *zd)
task_id signconf_compare_denial(signconf_type *a, signconf_type *b)
int adapter_compare(adapter_type *a1, adapter_type *a2)
rrset_type * domain_lookup_rrset(domain_type *domain, ldns_rr_type rrtype)
void ods_log_debug(const char *format,...)
uint32_t time_datestamp(time_t tt, const char *format, char **str)
ods_status zonedata_entize(zonedata_type *zd, ldns_rdf *apex)
#define LOCKED_STATS_ZONE_RECOVER
int backup_read_duration(FILE *in, duration_type **v)
void zone_merge(zone_type *z1, zone_type *z2)
stats_type * stats_create(void)
#define lock_basic_destroy(lock)
void * allocator_alloc(allocator_type *allocator, size_t size)
duration_type * sig_validity_default
void signconf_cleanup(signconf_type *sc)
zonedata_type * zonedata_create(allocator_type *allocator)
int backup_read_rr_type(FILE *in, ldns_rr_type *v)
duration_type * sig_validity_denial
duration_type * nsec3param_ttl
int backup_read_time_t(FILE *in, time_t *v)
enum ods_enum_status ods_status
lock_basic_type zone_lock
void zonedata_wipe_denial(zonedata_type *zd)
ods_status zone_backup(zone_type *zone)
ods_status zone_publish_dnskeys(zone_type *zone, int recover)
ods_status zone_print(FILE *fd, zone_type *zone)
void keylist_backup(FILE *fd, keylist_type *kl)
void ods_log_error(const char *format,...)
lock_basic_type stats_lock
const char * ods_status2str(ods_status status)
#define SE_SOA_RDATA_SERIAL
int ods_strcmp(const char *s1, const char *s2)
nsec3params_type * nsec3params
int backup_read_int(FILE *in, int *v)
zone_type * zone_create(char *name, ldns_rr_class klass)
void zonedata_rollback(zonedata_type *zd)
ods_status keylist_push(keylist_type *kl, key_type *key)
ods_status zone_examine(zone_type *zone)
void zonedata_cleanup_chain(zonedata_type *zd)
enum task_id_enum task_id
adapter_type * adoutbound
FILE * ods_fopen(const char *file, const char *dir, const char *mode)
keylist_type * keylist_create(allocator_type *allocator)
task_type * task_create(task_id what, time_t when, const char *who, void *zone)
ods_status zone_load_signconf(zone_type *zone, task_id *tbs)
ldns_rr * rrset_add_rr(rrset_type *rrset, ldns_rr *rr)
rrset_type * domain_add_rrset(domain_type *domain, rrset_type *rrset)
duration_type * sig_refresh_interval
#define lock_basic_lock(lock)
key_type * key_recover(FILE *fd, allocator_type *allocator)
allocator_type * allocator_create(void *(*allocator)(size_t size), void(*deallocator)(void *))
ldns_rr * rrset_del_rr(rrset_type *rrset, ldns_rr *rr, int dupallowed)
ods_status lhsm_get_key(hsm_ctx_t *ctx, ldns_rdf *owner, key_type *key_id)
#define SE_SOA_RDATA_MINIMUM
void zonedata_backup(FILE *fd, zonedata_type *zd)
ods_status zone_update_serial(zone_type *zone)
void signconf_backup(FILE *fd, signconf_type *sc)
char * allocator_strdup(allocator_type *allocator, const char *string)
void task_cleanup(task_type *task)
ods_status zone_add_rr(zone_type *zone, ldns_rr *rr, int do_stats)
void nsec3params_backup(FILE *fd, uint8_t algo, uint8_t flags, uint16_t iter, const char *salt, ldns_rr *rr)
void stats_cleanup(stats_type *stats)
const char * signconf_filename
allocator_type * allocator
const char * task_what2str(int what)
char * ods_build_path(const char *file, const char *suffix, int dir, int no_slash)
time_t duration2time(duration_type *duration)
ods_status zone_del_rr(zone_type *zone, ldns_rr *rr, int do_stats)
void ods_log_verbose(const char *format,...)
ods_status zonedata_recover(zonedata_type *zd, FILE *fd)
ods_status zonedata_examine(zonedata_type *zd, ldns_rdf *apex, adapter_mode mode)
#define lock_basic_init(lock)
void ods_fclose(FILE *fd)
allocator_type * allocator
void allocator_cleanup(allocator_type *allocator)
duration_type * dnskey_ttl
void signconf_log(signconf_type *sc, const char *name)
ods_status zonedata_commit(zonedata_type *zd)
ods_status zone_prepare_keys(zone_type *zone)
ods_status zonedata_update_serial(zonedata_type *zd, signconf_type *sc, const char *zone_name)
int backup_read_check_str(FILE *in, const char *str)
duration_type * sig_jitter
hsm_sign_params_t * params
duration_type * sig_resign_interval
void zonedata_init_denial(zonedata_type *zd)
ods_status zone_prepare_nsec3(zone_type *zone, int recover)
void allocator_deallocate(allocator_type *allocator, void *data)
void nsec3params_cleanup(nsec3params_type *nsec3params)
nsec3params_type * nsec3params_create(uint8_t algo, uint8_t flags, uint16_t iter, const char *salt)
#define ods_log_assert(x)
void adapter_cleanup(adapter_type *adapter)
rrset_type * rrset_create(ldns_rr_type rrtype)
domain_type * zonedata_lookup_domain(zonedata_type *zd, ldns_rdf *dname)
#define lock_basic_unlock(lock)
void ods_log_warning(const char *format,...)
domain_type * domain_create(ldns_rdf *dname)
ods_status zone_recover(zone_type *zone)
ods_status signconf_update(signconf_type **signconf, const char *scfile, time_t last_modified)
ods_status zonedata_print(FILE *fd, zonedata_type *zd)
ods_status signconf_compare_keys(signconf_type *a, signconf_type *b, ldns_rr_list *del, task_id *task)
int backup_read_uint32_t(FILE *in, uint32_t *v)
void task_backup(FILE *fd, task_type *task)
domain_type * zonedata_add_domain(zonedata_type *zd, domain_type *domain)
void stats_clear(stats_type *stats)