OpenDNSSEC-signer  1.3.16
zone.c
Go to the documentation of this file.
1 /*
2  * $Id: zone.c 7437 2013-11-27 10:20:58Z matthijs $
3  *
4  * Copyright (c) 2009 NLNet Labs. All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  * notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  * notice, this list of conditions and the following disclaimer in the
13  * documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
19  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
21  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
23  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
25  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26  *
27  */
28 
34 #include "adapter/adapi.h"
35 #include "adapter/adapter.h"
36 #include "scheduler/schedule.h"
37 #include "scheduler/task.h"
38 #include "shared/allocator.h"
39 #include "shared/file.h"
40 #include "shared/hsm.h"
41 #include "shared/locks.h"
42 #include "shared/log.h"
43 #include "shared/status.h"
44 #include "shared/util.h"
45 #include "signer/backup.h"
46 #include "signer/nsec3params.h"
47 #include "signer/signconf.h"
48 #include "signer/zone.h"
49 #include "signer/zonedata.h"
50 
51 #include <ldns/ldns.h>
52 
53 static const char* zone_str = "zone";
54 
55 
60 zone_type*
61 zone_create(char* name, ldns_rr_class klass)
62 {
63  allocator_type* allocator = NULL;
64  zone_type* zone = NULL;
65 
66  if (!name || !klass) {
67  ods_log_error("[%s] unable to create zone: no name or class",
68  zone_str);
69  return NULL;
70  }
71 
72  allocator = allocator_create(malloc, free);
73  if (!allocator) {
74  ods_log_error("[%s] unable to create zone %s: create allocator "
75  "failed", zone_str, name);
76  return NULL;
77  }
78  ods_log_assert(allocator);
79 
80  zone = (zone_type*) allocator_alloc(allocator, sizeof(zone_type));
81  if (!zone) {
82  ods_log_error("[%s] unable to create zone %s: allocator failed",
83  zone_str, name);
84  allocator_cleanup(allocator);
85  return NULL;
86  }
87  ods_log_assert(zone);
88 
89  zone->allocator = allocator;
90  /* [start] PS 9218653: Drop trailing dot in domain name */
91  if (strlen(name) > 1 && name[strlen(name)-1] == '.') {
92  name[strlen(name)-1] = '\0';
93  }
94  /* [end] PS 9218653 */
95  zone->name = allocator_strdup(allocator, name);
96  zone->klass = klass;
97 
98  zone->dname = ldns_dname_new_frm_str(name);
99  ldns_dname2canonical(zone->dname);
100  zone->notify_ns = NULL;
101  zone->policy_name = NULL;
102  zone->signconf_filename = NULL;
103 
104  zone->adinbound = NULL;
105  zone->adoutbound = NULL;
106  zone->nsec3params = NULL;
107 
108  zone->just_added = 0;
109  zone->just_updated = 0;
110  zone->tobe_removed = 0;
111  zone->processed = 0;
112  zone->prepared = 0;
113  zone->fetch = 0;
114 
115  zone->zonedata = zonedata_create(zone->allocator);
116  if (!zone->zonedata) {
117  ods_log_error("[%s] unable to create zone %s: create zonedata "
118  "failed", zone_str, name);
119  zone_cleanup(zone);
120  return NULL;
121  }
122 
123  zone->signconf = signconf_create();
124  if (!zone->signconf) {
125  ods_log_error("[%s] unable to create zone %s: create signconf "
126  "failed", zone_str, name);
127  zone_cleanup(zone);
128  return NULL;
129  }
130 
131  zone->stats = stats_create();
132  zone->task = NULL;
133  zone->zone_locked = 0;
134  lock_basic_init(&zone->zone_lock);
135  return zone;
136 }
137 
138 
144 zone_add_rr(zone_type* zone, ldns_rr* rr, int do_stats)
145 {
146  domain_type* domain = NULL;
147  rrset_type* rrset = NULL;
148  ldns_rdf* soa_min = NULL;
149  ldns_rr_type type = LDNS_RR_TYPE_FIRST;
150  uint32_t tmp = 0;
151 
152  if (!rr) {
153  ods_log_error("[%s] unable to add RR: no RR", zone_str);
154  return ODS_STATUS_ASSERT_ERR;
155  }
156  ods_log_assert(rr);
157 
158  if (!zone || !zone->zonedata) {
159  ods_log_error("[%s] unable to add RR: no storage", zone_str);
160  return ODS_STATUS_ASSERT_ERR;
161  }
162  ods_log_assert(zone);
163  ods_log_assert(zone->zonedata);
164 
165  if (!zone->signconf) {
166  ods_log_error("[%s] unable to add RR: no signconf", zone_str);
167  return ODS_STATUS_ASSERT_ERR;
168  }
169  ods_log_assert(zone->signconf);
170 
171  /* in-zone? */
172  if (ldns_dname_compare(zone->dname, ldns_rr_owner(rr)) != 0 &&
173  !ldns_dname_is_subdomain(ldns_rr_owner(rr), zone->dname)) {
174  ods_log_warning("[%s] zone %s contains out-of-zone data, skipping",
175  zone_str, zone->name?zone->name:"(null)");
176  /* ok, just filter */
177  ldns_rr_free(rr);
178  return ODS_STATUS_OK;
179  }
180 
181  /* type specific configuration */
182  type = ldns_rr_get_type(rr);
183  if (type == LDNS_RR_TYPE_DNSKEY && zone->signconf->dnskey_ttl) {
184  tmp = (uint32_t) duration2time(zone->signconf->dnskey_ttl);
185  ods_log_verbose("[%s] zone %s set DNSKEY TTL to %u",
186  zone_str, zone->name?zone->name:"(null)", tmp);
187  ldns_rr_set_ttl(rr, tmp);
188  }
189  if (type == LDNS_RR_TYPE_SOA) {
190  if (zone->signconf->soa_ttl) {
191  tmp = (uint32_t) duration2time(zone->signconf->soa_ttl);
192  ods_log_verbose("[%s] zone %s set SOA TTL to %u",
193  zone_str, zone->name?zone->name:"(null)", tmp);
194  ldns_rr_set_ttl(rr, tmp);
195  }
196  if (zone->signconf->soa_min) {
197  tmp = (uint32_t) duration2time(zone->signconf->soa_min);
198  ods_log_verbose("[%s] zone %s set SOA MINIMUM to %u",
199  zone_str, zone->name?zone->name:"(null)", tmp);
200  soa_min = ldns_rr_set_rdf(rr,
201  ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, tmp),
203  if (soa_min) {
204  ldns_rdf_deep_free(soa_min);
205  } else {
206  ods_log_error("[%s] zone %s failed to replace SOA MINIMUM "
207  "rdata", zone_str, zone->name?zone->name:"(null)");
208  return ODS_STATUS_ASSERT_ERR;
209  }
210  }
211  }
212 
213  /* lookup domain */
214  domain = zonedata_lookup_domain(zone->zonedata, ldns_rr_owner(rr));
215  if (!domain) {
216  /* add domain */
217  domain = domain_create(ldns_rr_owner(rr));
218  if (!domain) {
219  ods_log_error("[%s] unable to add RR: create domain failed",
220  zone_str);
221  return ODS_STATUS_ERR;
222  }
223  if (zonedata_add_domain(zone->zonedata, domain) == NULL) {
224  ods_log_error("[%s] unable to add RR: add domain failed",
225  zone_str);
226  return ODS_STATUS_ERR;
227  }
228  if (ldns_dname_compare(domain->dname, zone->dname) == 0) {
229  domain->dstatus = DOMAIN_STATUS_APEX;
230  }
231  }
232  ods_log_assert(domain);
233 
234  /* lookup RRset */
235  rrset = domain_lookup_rrset(domain, ldns_rr_get_type(rr));
236  if (!rrset) {
237  /* add RRset */
238  rrset = rrset_create(ldns_rr_get_type(rr));
239  if (!rrset) {
240  ods_log_error("[%s] unable to add RR: create RRset failed",
241  zone_str);
242  return ODS_STATUS_ERR;
243  }
244  if (domain_add_rrset(domain, rrset) == NULL) {
245  ods_log_error("[%s] unable to add RR: add RRset failed",
246  zone_str);
247  return ODS_STATUS_ERR;
248  }
249  }
250  ods_log_assert(rrset);
251 
252  /* add RR */
253  if (rrset_add_rr(rrset, rr) == NULL) {
254  ods_log_error("[%s] unable to add RR: pend RR failed", zone_str);
255  return ODS_STATUS_ERR;
256  }
257 
258  /* update stats */
259  if (zone->stats && do_stats) {
260  zone->stats->sort_count += 1;
261  }
262  return ODS_STATUS_OK;
263 }
264 
265 
271 zone_del_rr(zone_type* zone, ldns_rr* rr, int do_stats)
272 {
273  domain_type* domain = NULL;
274  rrset_type* rrset = NULL;
275 
276  if (!rr) {
277  ods_log_error("[%s] unable to del RR: no RR", zone_str);
278  return ODS_STATUS_ASSERT_ERR;
279  }
280  ods_log_assert(rr);
281 
282  if (!zone || !zone->zonedata) {
283  ods_log_error("[%s] unable to del RR: no storage", zone_str);
284  return ODS_STATUS_ASSERT_ERR;
285  }
286  ods_log_assert(zone);
287  ods_log_assert(zone->zonedata);
288 
289  /* lookup domain */
290  domain = zonedata_lookup_domain(zone->zonedata, ldns_rr_owner(rr));
291  if (!domain) {
292  /* no domain, no del */
293  ods_log_warning("[%s] unable to del RR: no such domain", zone_str);
294  return ODS_STATUS_UNCHANGED;
295  }
296  ods_log_assert(domain);
297 
298  /* lookup RRset */
299  rrset = domain_lookup_rrset(domain, ldns_rr_get_type(rr));
300  if (!rrset) {
301  /* no RRset, no del */
302  ods_log_warning("[%s] unable to del RR: no such RRset", zone_str);
303  return ODS_STATUS_UNCHANGED;
304  }
305  ods_log_assert(rrset);
306 
307  /* del RR */
308  if (rrset_del_rr(rrset, rr, (ldns_rr_get_type(rr) == LDNS_RR_TYPE_DNSKEY))
309  == NULL) {
310  ods_log_error("[%s] unable to del RR: pend RR failed", zone_str);
311  return ODS_STATUS_ERR;
312  }
313 
314  /* update stats */
315  if (do_stats && zone->stats) {
316  zone->stats->sort_count -= 1;
317  }
318  return ODS_STATUS_OK;
319 }
320 
321 
326 static ods_status
327 dnskey_withdraw(zone_type* zone, ldns_rr_list* del)
328 {
329  ldns_rr* clone = NULL;
330  ods_status status = ODS_STATUS_OK;
331  size_t i = 0;
332 
333  for (i=0; i < ldns_rr_list_rr_count(del); i++) {
334  clone = ldns_rr_clone(ldns_rr_list_rr(del, i));
335  status = zone_del_rr(zone, clone, 0);
336  if (status != ODS_STATUS_OK) {
337  return status;
338  }
339  }
340  return status;
341 }
342 
343 
348 static ods_status
349 nsec3param_withdraw(zone_type* zone, ldns_rr* rr)
350 {
351  ldns_rr* clone = NULL;
352  ods_status status = ODS_STATUS_OK;
353 
354  if (!rr) { /* no nsec3param, nothing to withdraw */
355  return status;
356  }
357  clone = ldns_rr_clone(rr);
358  status = zone_del_rr(zone, clone, 0);
359  if (status != ODS_STATUS_OK) {
360  return status;
361  }
362  return status;
363 }
364 
365 
372 {
373  ods_status status = ODS_STATUS_OK;
374  signconf_type* signconf = NULL;
375  ldns_rr_list* del = NULL;
376  char* datestamp = NULL;
377  uint32_t ustamp;
378  task_id denial_what;
379  task_id keys_what;
380  task_id what;
381 
382  if (!zone) {
383  ods_log_error("[%s] unable to load signconf: no zone", zone_str);
384  return ODS_STATUS_ASSERT_ERR;
385  }
386  ods_log_assert(zone);
387  if (!zone->signconf_filename) {
388  ods_log_warning("[%s] zone %s has no signconf filename, treat as "
389  "insecure?", zone_str, zone->name);
390  return ODS_STATUS_INSECURE;
391  }
393 
394  status = signconf_update(&signconf, zone->signconf_filename,
395  zone->signconf->last_modified);
396  if (status == ODS_STATUS_OK) {
397  if (!signconf) {
398  /* this is unexpected */
399  ods_log_error("[%s] unable to load signconf: zone %s signconf "
400  "%s: storage empty", zone_str, zone->name,
401  zone->signconf_filename);
402  return ODS_STATUS_ASSERT_ERR;
403  }
404  ustamp = time_datestamp(signconf->last_modified, "%Y-%m-%d %T",
405  &datestamp);
406  ods_log_debug("[%s] zone %s signconf file %s is modified since %s",
407  zone_str, zone->name, zone->signconf_filename,
408  datestamp?datestamp:"Unknown");
409  free((void*)datestamp);
410 
411  /* do stuff */
412  del = ldns_rr_list_new();
413  if (!del) {
414  ods_log_error("[%s] unable to load signconf: zone %s "
415  "signconf %s: ldns_rr_list_new() failed",
416  zone_str, zone->name, zone->signconf_filename);
417  return ODS_STATUS_MALLOC_ERR;
418  }
419  denial_what = signconf_compare_denial(zone->signconf, signconf);
420  status = signconf_compare_keys(zone->signconf, signconf, del, &keys_what);
421  if (status != ODS_STATUS_OK) {
422  ods_log_error("[%s] unable to load signconf: zone %s "
423  "signconf %s: %s", zone_str, zone->name,
424  zone->signconf_filename, ods_status2str(status));
425  return status;
426  }
427 
428  /* Key Rollover? */
429  if (keys_what == TASK_READ) {
430  status = dnskey_withdraw(zone, del);
431  }
432  ldns_rr_list_free(del);
433  if (status != ODS_STATUS_OK) {
434  ods_log_error("[%s] unable to load signconf: zone %s "
435  "signconf %s: failed to delete DNSKEY from RRset",
436  zone_str, zone->name, zone->signconf_filename);
438  return status;
439  }
440 
441  /* Denial of Existence Rollover? */
442  if (denial_what != TASK_NONE) {
443  status = ODS_STATUS_OK;
444  if (zone->nsec3params) {
445  status = nsec3param_withdraw(zone, zone->nsec3params->rr);
446  }
447  if (status != ODS_STATUS_OK) {
448  ods_log_error("[%s] unable to load signconf: zone %s "
449  "signconf %s: failed to delete NSEC3PARAM RRset",
450  zone_str, zone->name, zone->signconf_filename);
452  return status;
453  }
455  zone->nsec3params = NULL;
456  if (denial_what == TASK_NSECIFY) {
464  }
465  }
466 
467  /* all ok, switch to new signconf */
468  if (keys_what != TASK_NONE) {
469  what = keys_what;
470  } else {
471  what = denial_what;
472  }
473  if (what == TASK_NONE) { /* no major changes, continue signing */
474  what = TASK_SIGN;
475  }
476  *tbs = what;
477  ods_log_debug("[%s] tbs for zone %s set to: %s", zone_str,
478  zone->name, task_what2str(*tbs));
479  signconf_cleanup(zone->signconf);
480  ods_log_debug("[%s] zone %s switch to new signconf", zone_str,
481  zone->name);
482  zone->signconf = signconf;
483  signconf_log(zone->signconf, zone->name);
484  zone->zonedata->default_ttl =
485  (uint32_t) duration2time(zone->signconf->soa_min);
486  } else if (status == ODS_STATUS_UNCHANGED) {
487  *tbs = TASK_READ;
488  ods_log_debug("[%s] tbs for zone %s set to: %s", zone_str,
489  zone->name, task_what2str(*tbs));
490  ustamp = time_datestamp(zone->signconf->last_modified,
491  "%Y-%m-%d %T", &datestamp);
492  ods_log_verbose("[%s] zone %s signconf file %s is unchanged since "
493  "%s", zone_str, zone->name, zone->signconf_filename,
494  datestamp?datestamp:"Unknown");
495  free((void*)datestamp);
496  } else {
497  ods_log_error("[%s] unable to load signconf: zone %s signconf %s: "
498  "%s", zone_str, zone->name, zone->signconf_filename,
499  ods_status2str(status));
500  }
501  return status;
502 }
503 
504 
510 zone_publish_dnskeys(zone_type* zone, int recover)
511 {
512  hsm_ctx_t* ctx = NULL;
513  key_type* key = NULL;
514  uint32_t ttl = 0;
515  size_t count = 0;
516  ods_status status = ODS_STATUS_OK;
517  ldns_rr* dnskey = NULL;
518  int do_publish = 0;
519 
520  if (!zone) {
521  ods_log_error("[%s] unable to publish dnskeys: no zone", zone_str);
522  return ODS_STATUS_ASSERT_ERR;
523  }
524  ods_log_assert(zone);
525 
526  if (!zone->signconf) {
527  ods_log_error("[%s] unable to publish dnskeys zone %s: no signconf",
528  zone_str, zone->name);
529  return ODS_STATUS_ASSERT_ERR;
530  }
531  ods_log_assert(zone->signconf);
532 
533  if (!zone->signconf->keys) {
534  ods_log_error("[%s] unable to publish dnskeys zone %s: no keys",
535  zone_str, zone->name);
536  return ODS_STATUS_ASSERT_ERR;
537  }
538  ods_log_assert(zone->signconf->keys);
539 
540  if (!zone->zonedata) {
541  ods_log_error("[%s] unable to publish dnskeys zone %s: no zonedata",
542  zone_str, zone->name);
543  return ODS_STATUS_ASSERT_ERR;
544  }
545  ods_log_assert(zone->zonedata);
546 
547  ttl = zone->zonedata->default_ttl;
548  if (zone->signconf->dnskey_ttl) {
549  ttl = (uint32_t) duration2time(zone->signconf->dnskey_ttl);
550  }
551 
552  /* check connection here? */
553  ctx = hsm_create_context();
554  if (ctx == NULL) {
555  ods_log_error("[%s] unable to publish dnskeys for zone %s: error "
556  "creating libhsm context", zone_str, zone->name);
557  return ODS_STATUS_HSM_ERR;
558  }
559 
560  key = zone->signconf->keys->first_key;
561  for (count=0; count < zone->signconf->keys->count; count++) {
562  if (key->publish) {
563  do_publish = 0;
564  if (!key->dnskey) {
565  do_publish = 1;
566  }
567 
568  status = lhsm_get_key(ctx, zone->dname, key);
569  if (status != ODS_STATUS_OK) {
570  ods_log_error("[%s] unable to publish dnskeys zone %s: "
571  "error creating DNSKEY for key %s", zone_str,
572  zone->name, key->locator?key->locator:"(null)");
573  break;
574  }
575  ods_log_assert(key->dnskey);
576 
577  if (recover) {
578  dnskey = ldns_rr_clone(key->dnskey);
579  status = zone_add_rr(zone, dnskey, 0);
580  } else if (do_publish) {
581  ldns_rr_set_ttl(key->dnskey, ttl);
582  ldns_rr_set_class(key->dnskey, zone->klass);
583  ldns_rr2canonical(key->dnskey);
584  dnskey = ldns_rr_clone(key->dnskey);
585  status = zone_add_rr(zone, dnskey, 0);
586  } else {
587  status = ODS_STATUS_OK;
588  }
589 
590  if (status != ODS_STATUS_OK) {
591  ods_log_error("[%s] unable to publish dnskeys zone %s: "
592  "error adding DNSKEY[%u] for key %s", zone_str,
593  zone->name, ldns_calc_keytag(dnskey),
594  key->locator?key->locator:"(null)");
595  break;
596  }
597  }
598  key = key->next;
599  }
600 
601  if (status != ODS_STATUS_OK) {
603  }
604 
605  hsm_destroy_context(ctx);
606  ctx = NULL;
607  return status;
608 }
609 
610 
616 zone_prepare_nsec3(zone_type* zone, int recover)
617 {
618  ldns_rr* nsec3params_rr = NULL;
619  ods_status status = ODS_STATUS_OK;
620  int doe_rollover = 0;
621 
622  if (!zone) {
623  ods_log_error("[%s] unable to prepare NSEC3: no zone", zone_str);
624  return ODS_STATUS_ASSERT_ERR;
625  }
626  ods_log_assert(zone);
627 
628  if (!zone->signconf) {
629  ods_log_error("[%s] unable to prepare NSEC3: no signconf", zone_str);
630  return ODS_STATUS_ASSERT_ERR;
631  }
632  ods_log_assert(zone->signconf);
633 
634  if (zone->signconf->nsec_type != LDNS_RR_TYPE_NSEC3) {
635  /* no preparations needed */
636  return ODS_STATUS_OK;
637  }
638 
639  if (!zone->nsec3params) {
640  ods_log_debug("[%s] prepare NSEC3 for zone %s", zone_str, zone->name);
641 
643  (uint8_t) zone->signconf->nsec3_algo,
644  (uint8_t) zone->signconf->nsec3_optout,
645  (uint16_t) zone->signconf->nsec3_iterations,
646  zone->signconf->nsec3_salt);
647  doe_rollover = 1;
648  }
649  if (!zone->nsec3params) {
650  ods_log_error("[%s] unable to prepare zone %s for NSEC3: failed "
651  "to create NSEC3 parameters", zone_str, zone->name);
652  return ODS_STATUS_MALLOC_ERR;
653  }
655 
656  if (recover) {
657  nsec3params_rr = ldns_rr_clone(zone->nsec3params->rr);
658  status = zone_add_rr(zone, nsec3params_rr, 0);
659  } else if (doe_rollover) {
660  uint32_t paramttl =
661  (uint32_t) duration2time(zone->signconf->nsec3param_ttl);
662  nsec3params_rr = ldns_rr_new_frm_type(LDNS_RR_TYPE_NSEC3PARAMS);
663  if (!nsec3params_rr) {
664  ods_log_error("[%s] unable to prepare zone %s for NSEC3: failed "
665  "to create NSEC3PARAM RR", zone_str, zone->name);
667  zone->nsec3params = NULL;
668  return ODS_STATUS_MALLOC_ERR;
669  }
670  ods_log_assert(nsec3params_rr);
671 
672  ldns_rr_set_class(nsec3params_rr, zone->klass);
673  ldns_rr_set_ttl(nsec3params_rr, paramttl);
674  ldns_rr_set_owner(nsec3params_rr, ldns_rdf_clone(zone->dname));
675  ldns_nsec3_add_param_rdfs(nsec3params_rr,
676  zone->nsec3params->algorithm, 0,
677  zone->nsec3params->iterations,
678  zone->nsec3params->salt_len,
679  zone->nsec3params->salt_data);
684  ldns_set_bit(ldns_rdf_data(ldns_rr_rdf(nsec3params_rr, 1)), 7, 0);
685 
686  ldns_rr2canonical(nsec3params_rr);
687  zone->nsec3params->rr = ldns_rr_clone(nsec3params_rr);
688  status = zone_add_rr(zone, nsec3params_rr, 0);
689  }
690 
691  if (status != ODS_STATUS_OK) {
692  ods_log_error("[%s] unable to add NSEC3PARAM RR to zone %s",
693  zone_str, zone->name);
695  zone->nsec3params = NULL;
696  ldns_rr_free(nsec3params_rr);
697  }
698  /* previous nsec3params is already withdrawn during load signconf */
699 
700  return status;
701 }
702 
703 
710 {
711  char* filename = NULL;
712  FILE* fd = NULL;
713 
714  ods_log_assert(zone);
715  ods_log_assert(zone->zonedata);
716  ods_log_assert(zone->signconf);
717 
718  filename = ods_build_path(zone->name, ".backup", 0, 1);
719  fd = ods_fopen(filename, NULL, "w");
720  free((void*)filename);
721 
722  if (fd) {
723  fprintf(fd, "%s\n", ODS_SE_FILE_MAGIC);
725  fprintf(fd, ";;Zone: name %s class %i ttl %u inbound %u internal "
726  "%u outbound %u\n",
727  zone->name?zone->name:"(null)",
728  (int) zone->klass,
729  (unsigned) zone->zonedata->default_ttl,
730  (unsigned) zone->zonedata->inbound_serial,
731  (unsigned) zone->zonedata->internal_serial,
732  (unsigned) zone->zonedata->outbound_serial);
734  if (zone->task) {
735  task_backup(fd, (task_type*) zone->task);
736  }
738  signconf_backup(fd, zone->signconf);
739  fprintf(fd, ";;\n");
741  if (zone->nsec3params) {
743  zone->signconf->nsec3_algo,
744  zone->signconf->nsec3_optout,
745  zone->signconf->nsec3_iterations,
746  zone->signconf->nsec3_salt,
747  zone->nsec3params->rr);
748  }
750  keylist_backup(fd, zone->signconf->keys);
752  zonedata_backup(fd, zone->zonedata);
754  fprintf(fd, "%s\n", ODS_SE_FILE_MAGIC);
755  ods_fclose(fd);
756  } else {
757  return ODS_STATUS_FOPEN_ERR;
758  }
759  return ODS_STATUS_OK;
760 }
761 
762 
769 {
770  char* filename = NULL;
771  FILE* fd = NULL;
772  const char* token = NULL;
773  ods_status status = ODS_STATUS_OK;
774  /* zone part */
775  int klass = 0;
776  uint32_t ttl = 0;
777  uint32_t inbound = 0;
778  uint32_t internal = 0;
779  uint32_t outbound = 0;
780  /* task part */
781  task_type* task = NULL;
782  time_t when = 0;
783  time_t backoff = 0;
784  int what = 0;
785  int interrupt = 0;
786  int halted = 0;
787  int flush = 0;
788  /* signconf part */
789  time_t lastmod = 0;
790  /* nsec3params part */
791  const char* salt = NULL;
792  ldns_rr* nsec3params_rr = NULL;
793  nsec3params_type* nsec3params = NULL;
794  /* keys part */
795  key_type* key = NULL;
796  /* zonedata part */
797  int fetch = 0;
798 
799  ods_log_assert(zone);
800  ods_log_assert(zone->signconf);
801  ods_log_assert(zone->zonedata);
802 
803  filename = ods_build_path(zone->name, ".backup", 0, 1);
804  fd = ods_fopen(filename, NULL, "r");
805  free((void*)filename);
806  if (fd) {
807  /* start recovery */
808  if (!backup_read_check_str(fd, ODS_SE_FILE_MAGIC) ||
809  /* zone part */
810  !backup_read_check_str(fd, ";;Zone:") ||
811  !backup_read_check_str(fd, "name") ||
812  !backup_read_check_str(fd, zone->name) ||
813  !backup_read_check_str(fd, "class") ||
814  !backup_read_int(fd, &klass) ||
815  !backup_read_check_str(fd, "ttl") ||
816  !backup_read_uint32_t(fd, &ttl) ||
817  !backup_read_check_str(fd, "inbound") ||
818  !backup_read_uint32_t(fd, &inbound) ||
819  !backup_read_check_str(fd, "internal") ||
820  !backup_read_uint32_t(fd, &internal) ||
821  !backup_read_check_str(fd, "outbound") ||
822  !backup_read_uint32_t(fd, &outbound) ||
823  /* task part */
824  !backup_read_check_str(fd, ";;Task:") ||
825  !backup_read_check_str(fd, "when") ||
826  !backup_read_time_t(fd, &when) ||
827  !backup_read_check_str(fd, "what") ||
828  !backup_read_int(fd, &what) ||
829  !backup_read_check_str(fd, "interrupt") ||
830  !backup_read_int(fd, &interrupt) ||
831  !backup_read_check_str(fd, "halted") ||
832  !backup_read_int(fd, &halted) ||
833  !backup_read_check_str(fd, "backoff") ||
834  !backup_read_time_t(fd, &backoff) ||
835  !backup_read_check_str(fd, "flush") ||
836  !backup_read_int(fd, &flush) ||
837  /* signconf part */
838  !backup_read_check_str(fd, ";;Signconf:") ||
839  !backup_read_check_str(fd, "lastmod") ||
840  !backup_read_time_t(fd, &lastmod) ||
841  !backup_read_check_str(fd, "resign") ||
843  &zone->signconf->sig_resign_interval) ||
844  !backup_read_check_str(fd, "refresh") ||
846  &zone->signconf->sig_refresh_interval) ||
847  !backup_read_check_str(fd, "valid") ||
849  &zone->signconf->sig_validity_default) ||
850  !backup_read_check_str(fd, "denial") ||
852  &zone->signconf->sig_validity_denial) ||
853  !backup_read_check_str(fd, "jitter") ||
854  !backup_read_duration(fd, &zone->signconf->sig_jitter) ||
855  !backup_read_check_str(fd, "offset") ||
857  &zone->signconf->sig_inception_offset) ||
858  !backup_read_check_str(fd, "nsec") ||
859  !backup_read_rr_type(fd, &zone->signconf->nsec_type) ||
860  !backup_read_check_str(fd, "dnskeyttl") ||
861  !backup_read_duration(fd, &zone->signconf->dnskey_ttl) ||
862  !backup_read_check_str(fd, "soattl") ||
863  !backup_read_duration(fd, &zone->signconf->soa_ttl) ||
864  !backup_read_check_str(fd, "soamin") ||
865  !backup_read_duration(fd, &zone->signconf->soa_min) ||
866  !backup_read_check_str(fd, "serial") ||
867  !backup_read_str(fd, &zone->signconf->soa_serial) ||
868  !backup_read_check_str(fd, "audit") ||
869  !backup_read_int(fd, &zone->signconf->audit) ||
870  !backup_read_check_str(fd, ";;")) {
871  goto recover_error;
872  }
873  /* nsec3params part */
874  if (zone->signconf->nsec_type == LDNS_RR_TYPE_NSEC3) {
875  if (!backup_read_check_str(fd, ";;Nsec3parameters:") ||
876  !backup_read_check_str(fd, "salt") ||
877  !backup_read_str(fd, &salt) ||
878  !backup_read_check_str(fd, "algorithm") ||
879  !backup_read_uint32_t(fd, &zone->signconf->nsec3_algo) ||
880  !backup_read_check_str(fd, "optout") ||
881  !backup_read_int(fd, &zone->signconf->nsec3_optout) ||
882  !backup_read_check_str(fd, "iterations") ||
884  &zone->signconf->nsec3_iterations) ||
885  ldns_rr_new_frm_fp(&nsec3params_rr, fd, NULL, NULL, NULL) ||
886  !backup_read_check_str(fd, ";;Nsec3done") ||
887  !backup_read_check_str(fd, ";;")) {
888  goto recover_error;
889  }
890  }
891  /* keys part */
892  zone->signconf->keys = keylist_create(zone->signconf->allocator);
893  while (backup_read_str(fd, &token)) {
894  if (ods_strcmp(token, ";;Key:") == 0) {
895  key = key_recover(fd, zone->signconf->allocator);
896  if (!key || keylist_push(zone->signconf->keys, key) !=
897  ODS_STATUS_OK) {
898  goto recover_error;
899  }
900  key = NULL;
901  } else if (ods_strcmp(token, ";;") == 0) {
902  /* keylist done */
903  free((void*) token);
904  token = NULL;
905  break;
906  } else {
907  /* keylist corrupted */
908  goto recover_error;
909  }
910  free((void*) token);
911  token = NULL;
912  }
913  /* zonedata part */
914  filename = ods_build_path(zone->name, ".inbound", 0, 1);
915  status = adbackup_read(zone, filename);
916  free((void*)filename);
917  if (status != ODS_STATUS_OK) {
918  goto recover_error;
919  }
920 
921  zone->klass = (ldns_rr_class) klass;
922  zone->zonedata->default_ttl = ttl;
923  zone->zonedata->inbound_serial = inbound;
924  zone->zonedata->internal_serial = internal;
925  zone->zonedata->outbound_serial = outbound;
927  zone->signconf->allocator, salt);
928  free((void*) salt);
929  salt = NULL;
930  task = task_create((task_id) what, when, zone->name, (void*) zone);
931  if (!task) {
932  goto recover_error;
933  }
934  if (zone->signconf->nsec_type == LDNS_RR_TYPE_NSEC3) {
935  nsec3params = nsec3params_create(zone->signconf->nsec3_algo,
936  zone->signconf->nsec3_optout,
937  zone->signconf->nsec3_iterations,
938  zone->signconf->nsec3_salt);
939  if (!nsec3params) {
940  goto recover_error;
941  }
942  nsec3params->rr = nsec3params_rr;
943  zone->nsec3params = nsec3params;
944  }
945  zone->task = (void*) task;
946  zone->signconf->last_modified = lastmod;
947 
953  status = zone_publish_dnskeys(zone, 1);
954  if (status != ODS_STATUS_OK) {
955  zone->task = NULL;
956  zone->nsec3params = NULL;
957  goto recover_error;
958  }
959  status = zone_prepare_nsec3(zone, 1);
960  if (status != ODS_STATUS_OK) {
961  zone->task = NULL;
962  zone->nsec3params = NULL;
963  goto recover_error;
964  }
965  status = zonedata_commit(zone->zonedata);
966  if (status != ODS_STATUS_OK) {
967  zone->task = NULL;
968  zone->nsec3params = NULL;
969  goto recover_error;
970  }
971  status = zonedata_entize(zone->zonedata, zone->dname);
972  if (status != ODS_STATUS_OK) {
973  zone->task = NULL;
974  zone->nsec3params = NULL;
975  goto recover_error;
976  }
977  status = zonedata_recover(zone->zonedata, fd);
978  if (status != ODS_STATUS_OK) {
979  zone->task = NULL;
980  zone->nsec3params = NULL;
981  goto recover_error;
982  }
983  ods_fclose(fd);
984 
985  /* all ok */
986  zone->zonedata->initialized = 1;
987  zone->prepared = 1;
988  if (zone->stats) {
991  stats_clear(zone->stats);
992  zone->stats->stats_locked = 0;
994  }
995  return ODS_STATUS_OK;
996  } else {
997  /* backwards compatible backup recovery (serial) */
998  filename = ods_build_path(zone->name, ".state", 0, 1);
999  fd = ods_fopen(filename, NULL, "r");
1000  free((void*)filename);
1001  if (fd) {
1002  if (!backup_read_check_str(fd, ODS_SE_FILE_MAGIC_V1) ||
1003  !backup_read_check_str(fd, ";name:") ||
1004  !backup_read_check_str(fd, zone->name) ||
1005  !backup_read_check_str(fd, ";class:") ||
1006  !backup_read_int(fd, &klass) ||
1007  !backup_read_check_str(fd, ";fetch:") ||
1008  !backup_read_int(fd, &fetch) ||
1009  !backup_read_check_str(fd, ";default_ttl:") ||
1010  !backup_read_uint32_t(fd, &ttl) ||
1011  !backup_read_check_str(fd, ";inbound_serial:") ||
1012  !backup_read_uint32_t(fd, &inbound) ||
1013  !backup_read_check_str(fd, ";internal_serial:") ||
1014  !backup_read_uint32_t(fd, &internal) ||
1015  !backup_read_check_str(fd, ";outbound_serial:") ||
1016  !backup_read_uint32_t(fd, &outbound) ||
1017  !backup_read_check_str(fd, ODS_SE_FILE_MAGIC_V1))
1018  {
1019  goto recover_error;
1020  }
1021  zone->klass = (ldns_rr_class) klass;
1022  zone->zonedata->default_ttl = ttl;
1023  zone->zonedata->inbound_serial = inbound;
1024  zone->zonedata->internal_serial = internal;
1025  zone->zonedata->outbound_serial = outbound;
1026  /* all ok */
1027  zone->zonedata->initialized = 1;
1028  zone->prepared = 1;
1029  if (zone->stats) {
1030  lock_basic_lock(&zone->stats->stats_lock);
1032  stats_clear(zone->stats);
1033  zone->stats->stats_locked = 0;
1035  }
1036  return ODS_STATUS_UNCHANGED;
1037  }
1038  ods_fclose(fd);
1039  }
1040 
1041  return ODS_STATUS_UNCHANGED;
1042 
1043 recover_error:
1044  ods_log_error("[%s] unable to recover zone %s: corrupted file",
1045  zone_str, zone->name);
1046  ods_fclose(fd);
1047 
1048  /* signconf cleanup */
1049  signconf_cleanup(zone->signconf);
1050  zone->signconf = signconf_create();
1051  ods_log_assert(zone->signconf);
1052 
1053  /* task cleanup */
1054  task_cleanup(task);
1055  task = NULL;
1056 
1057  /* nsec3params cleanup */
1058  free((void*)salt);
1059  salt = NULL;
1060 
1061  ldns_rr_free(nsec3params_rr);
1062  nsec3params_rr = NULL;
1063  if (nsec3params) {
1064  nsec3params->rr = NULL;
1065  }
1066  nsec3params_cleanup(nsec3params);
1067  nsec3params = NULL;
1068 
1069  /* zonedata cleanup */
1070  zonedata_cleanup(zone->zonedata);
1071  zone->zonedata = zonedata_create(zone->allocator);
1072  ods_log_assert(zone->zonedata);
1073  /* do keep serial information */
1074  zone->zonedata->inbound_serial = inbound;
1075  zone->zonedata->internal_serial = internal;
1076  zone->zonedata->outbound_serial = outbound;
1077  zone->zonedata->initialized = 1;
1078 
1079  if (zone->stats) {
1080  lock_basic_lock(&zone->stats->stats_lock);
1082  stats_clear(zone->stats);
1083  zone->stats->stats_locked = 0;
1085  }
1086  return ODS_STATUS_ERR;
1087 }
1088 
1089 
1094 void
1096 {
1097  const char* str;
1098  adapter_type* adtmp = NULL;
1099 
1100  if (!z1 || !z2) {
1101  return;
1102  }
1103 
1104  /* policy name */
1105  if (ods_strcmp(z2->policy_name, z1->policy_name) != 0) {
1106  if (z2->policy_name) {
1107  str = strdup(z2->policy_name);
1108  if (!str) {
1109  ods_log_error("[%s] failed to merge policy %s name to zone "
1110  "%s", zone_str, z2->policy_name, z1->name);
1111  } else {
1112  free((void*)z1->policy_name);
1113  z1->policy_name = str;
1114  z1->just_updated = 1;
1115  }
1116  } else {
1117  free((void*)z1->policy_name);
1118  z1->policy_name = NULL;
1119  z1->just_updated = 1;
1120  }
1121  }
1122 
1123  /* signconf filename */
1124  if (ods_strcmp(z2->signconf_filename, z1->signconf_filename) != 0) {
1125  if (z2->signconf_filename) {
1126  str = strdup(z2->signconf_filename);
1127  if (!str) {
1128  ods_log_error("[%s] failed to merge signconf filename %s to "
1129  "zone %s", zone_str, z2->policy_name, z1->name);
1130  } else {
1131  free((void*)z1->signconf_filename);
1132  z1->signconf_filename = str;
1133  z1->just_updated = 1;
1134  }
1135  } else {
1136  free((void*)z1->signconf_filename);
1137  z1->signconf_filename = NULL;
1138  z1->just_updated = 1;
1139  }
1140  }
1141 
1142  /* adapters */
1143  if (adapter_compare(z2->adinbound, z1->adinbound) != 0) {
1144  adtmp = z2->adinbound;
1145  z2->adinbound = z1->adinbound;
1146  z1->adinbound = adtmp;
1147  adtmp = NULL;
1148  }
1149  if (adapter_compare(z2->adoutbound, z1->adoutbound) != 0) {
1150  adtmp = z2->adoutbound;
1151  z2->adoutbound = z1->adoutbound;
1152  z1->adoutbound = adtmp;
1153  adtmp = NULL;
1154  }
1155  return;
1156 }
1157 
1158 
1163 ods_status
1165 {
1166  hsm_ctx_t* ctx = NULL;
1167  key_type* key = NULL;
1168  ods_status status = ODS_STATUS_OK;
1169  if (!zone || !zone->zonedata || !zone->signconf || !zone->signconf->keys) {
1170  return ODS_STATUS_ASSERT_ERR;
1171  }
1172  ods_log_assert(zone->name);
1173  /* hsm access */
1174  ctx = hsm_create_context();
1175  if (ctx == NULL) {
1176  ods_log_error("[%s] unable to prepare signing keys for zone %s: "
1177  "error creating libhsm context", zone_str, zone->name);
1178  return ODS_STATUS_HSM_ERR;
1179  }
1180  /* prepare keys */
1181  key = zone->signconf->keys->first_key;
1182  while (key) {
1183  /* get dnskey */
1184  status = lhsm_get_key(ctx, zone->dname, key);
1185  if (status != ODS_STATUS_OK) {
1186  ods_log_error("[%s] unable to prepare signing keys for zone %s: "
1187  "error getting dnskey", zone_str, zone->name);
1188  break;
1189  }
1190  ods_log_assert(key->dnskey);
1191  ods_log_assert(key->hsmkey);
1192  ods_log_assert(key->params);
1193  key = key->next;
1194  }
1195  /* done */
1196  hsm_destroy_context(ctx);
1197  return status;
1198 
1199 }
1200 
1201 
1206 ods_status
1208 {
1209  ods_status status = ODS_STATUS_OK;
1210  domain_type* domain = NULL;
1211  rrset_type* rrset = NULL;
1212  ldns_rdf* serial = NULL;
1213 
1214  if (!zone || !zone->name) {
1215  ods_log_error("[%s] unable to update serial: no zone", zone_str);
1216  return ODS_STATUS_ASSERT_ERR;
1217  }
1218  ods_log_assert(zone);
1219  ods_log_assert(zone->name);
1220 
1221  if (!zone->signconf) {
1222  ods_log_error("[%s] unable to update serial zone %s: no signconf",
1223  zone_str);
1224  return ODS_STATUS_ASSERT_ERR;
1225  }
1226  ods_log_assert(zone->signconf);
1227 
1228  if (!zone->zonedata) {
1229  ods_log_error("[%s] unable to update serial zone %s: no zonedata",
1230  zone_str);
1231  return ODS_STATUS_ASSERT_ERR;
1232  }
1233  ods_log_assert(zone->zonedata);
1234 
1235  status = zonedata_update_serial(zone->zonedata, zone->signconf, zone->name);
1236  if (status != ODS_STATUS_OK) {
1237  ods_log_error("[%s] unable to update serial zone %s: failed to "
1238  "increment (%s)", zone_str, zone->name, ods_status2str(status));
1239  if (status == ODS_STATUS_CONFLICT_ERR) {
1240  ods_log_error("[%s] If this is the result of a key rollover, "
1241  "please increment the serial in the unsigned zone %s",
1242  zone_str, zone->name);
1243  }
1244  return status;
1245  }
1246 
1247  /* lookup domain */
1248  domain = zonedata_lookup_domain(zone->zonedata, zone->dname);
1249  if (!domain) {
1250  ods_log_error("[%s] unable to update serial zone %s: apex not found",
1251  zone_str, zone->name);
1252  return ODS_STATUS_ERR;
1253  }
1254  ods_log_assert(domain);
1255 
1256  /* lookup RRset */
1257  rrset = domain_lookup_rrset(domain, LDNS_RR_TYPE_SOA);
1258  if (!rrset) {
1259  ods_log_error("[%s] unable to update serial zone %s: SOA RRset not found",
1260  zone_str, zone->name);
1261  return ODS_STATUS_ERR;
1262  }
1263  ods_log_assert(rrset);
1264  ods_log_assert(rrset->rr_type == LDNS_RR_TYPE_SOA);
1265 
1266  if (rrset->rrs && rrset->rrs->rr) {
1267  serial = ldns_rr_set_rdf(rrset->rrs->rr,
1268  ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32,
1270  if (serial) {
1271  if (ldns_rdf2native_int32(serial) !=
1272  zone->zonedata->internal_serial) {
1273  rrset->needs_signing = 1;
1274  }
1275  ldns_rdf_deep_free(serial);
1276  } else {
1277  ods_log_error("[%s] unable to update serial zone %s: failed to "
1278  "replace SOA SERIAL rdata", zone_str, zone->name);
1279  return ODS_STATUS_ERR;
1280  }
1281  }
1282  return ODS_STATUS_OK;
1283 }
1284 
1285 
1290 ods_status
1291 zone_print(FILE* fd, zone_type* zone)
1292 {
1293  if (fd && zone && zone->zonedata) {
1294  return zonedata_print(fd, zone->zonedata);
1295  }
1296  return ODS_STATUS_ASSERT_ERR;
1297 }
1298 
1299 
1304 ods_status
1306 {
1307  if (zone && zone->zonedata && zone->adinbound) {
1308  return zonedata_examine(zone->zonedata, zone->dname,
1309  zone->adinbound->type);
1310  }
1311  return ODS_STATUS_ASSERT_ERR;
1312 }
1313 
1314 
1319 void
1321 {
1322  allocator_type* allocator;
1323  lock_basic_type zone_lock;
1324 
1325  if (!zone) {
1326  return;
1327  }
1328 
1329  allocator = zone->allocator;
1330  zone_lock = zone->zone_lock;
1331 
1332  ldns_rdf_deep_free(zone->dname);
1333  adapter_cleanup(zone->adinbound);
1334  adapter_cleanup(zone->adoutbound);
1335  zonedata_cleanup(zone->zonedata);
1336  signconf_cleanup(zone->signconf);
1338  stats_cleanup(zone->stats);
1339  allocator_deallocate(allocator, (void*) zone->notify_ns);
1340  allocator_deallocate(allocator, (void*) zone->policy_name);
1341  allocator_deallocate(allocator, (void*) zone->signconf_filename);
1342  allocator_deallocate(allocator, (void*) zone->name);
1343  allocator_deallocate(allocator, (void*) zone);
1344  allocator_cleanup(allocator);
1345  lock_basic_destroy(&zone_lock);
1346  return;
1347 }
signconf_type * signconf_create(void)
Definition: signconf.c:54
int prepared
Definition: zone.h:74
key_type * next
Definition: keys.h:67
uint32_t outbound_serial
Definition: zonedata.h:68
int backup_read_str(FILE *in, const char **str)
Definition: backup.c:94
Definition: task.h:43
uint32_t nsec3_iterations
Definition: signconf.h:67
void zone_cleanup(zone_type *zone)
Definition: zone.c:1320
duration_type * sig_inception_offset
Definition: signconf.h:61
ods_status adbackup_read(struct zone_struct *zone, const char *filename)
Definition: adfile.c:377
void zonedata_cleanup(zonedata_type *zd)
Definition: zonedata.c:1564
int publish
Definition: keys.h:64
task_id signconf_compare_denial(signconf_type *a, signconf_type *b)
Definition: signconf.c:436
int adapter_compare(adapter_type *a1, adapter_type *a2)
Definition: adapter.c:198
rrset_type * domain_lookup_rrset(domain_type *domain, ldns_rr_type rrtype)
Definition: domain.c:318
void ods_log_debug(const char *format,...)
Definition: log.c:285
duration_type * soa_min
Definition: signconf.h:74
uint32_t internal_serial
Definition: zonedata.h:67
uint32_t time_datestamp(time_t tt, const char *format, char **str)
Definition: duration.c:497
ods_status zonedata_entize(zonedata_type *zd, ldns_rdf *apex)
Definition: zonedata.c:913
#define LOCKED_STATS_ZONE_RECOVER
Definition: locks.h:75
int backup_read_duration(FILE *in, duration_type **v)
Definition: backup.c:128
void zone_merge(zone_type *z1, zone_type *z2)
Definition: zone.c:1095
stats_type * stats_create(void)
Definition: stats.c:42
ldns_rr * dnskey
Definition: keys.h:59
#define lock_basic_destroy(lock)
Definition: locks.h:153
const char * nsec3_salt
Definition: signconf.h:68
const char * soa_serial
Definition: signconf.h:75
keylist_type * keys
Definition: signconf.h:71
duration_type * soa_ttl
Definition: signconf.h:73
void * allocator_alloc(allocator_type *allocator, size_t size)
Definition: allocator.c:67
duration_type * sig_validity_default
Definition: signconf.h:58
int fetch
Definition: zone.h:64
uint16_t iterations
Definition: nsec3params.h:60
void signconf_cleanup(signconf_type *sc)
Definition: signconf.c:585
zonedata_type * zonedata_create(allocator_type *allocator)
Definition: zonedata.c:165
int backup_read_rr_type(FILE *in, ldns_rr_type *v)
Definition: backup.c:145
duration_type * sig_validity_denial
Definition: signconf.h:59
duration_type * nsec3param_ttl
Definition: signconf.h:63
int backup_read_time_t(FILE *in, time_t *v)
Definition: backup.c:111
int needs_signing
Definition: rrset.h:63
enum ods_enum_status ods_status
Definition: status.h:64
lock_basic_type zone_lock
Definition: zone.h:93
void zonedata_wipe_denial(zonedata_type *zd)
Definition: zonedata.c:1457
ldns_rdf * dname
Definition: zone.h:59
ods_status zone_backup(zone_type *zone)
Definition: zone.c:709
ods_status zone_publish_dnskeys(zone_type *zone, int recover)
Definition: zone.c:510
domain_status dstatus
Definition: domain.h:74
ods_status zone_print(FILE *fd, zone_type *zone)
Definition: zone.c:1291
void keylist_backup(FILE *fd, keylist_type *kl)
Definition: keys.c:408
void ods_log_error(const char *format,...)
Definition: log.c:349
lock_basic_type stats_lock
Definition: stats.h:69
const char * ods_status2str(ods_status status)
Definition: status.c:84
adapter_mode type
Definition: adapter.h:66
#define SE_SOA_RDATA_SERIAL
Definition: util.h:48
Definition: task.h:47
int ods_strcmp(const char *s1, const char *s2)
Definition: file.c:317
nsec3params_type * nsec3params
Definition: zone.h:82
int backup_read_int(FILE *in, int *v)
Definition: backup.c:162
zone_type * zone_create(char *name, ldns_rr_class klass)
Definition: zone.c:61
void zonedata_rollback(zonedata_type *zd)
Definition: zonedata.c:739
ods_status keylist_push(keylist_type *kl, key_type *key)
Definition: keys.c:299
ods_status zone_examine(zone_type *zone)
Definition: zone.c:1305
ldns_rr_type nsec_type
Definition: signconf.h:64
void zonedata_cleanup_chain(zonedata_type *zd)
Definition: zonedata.c:1548
enum task_id_enum task_id
Definition: task.h:51
adapter_type * adoutbound
Definition: zone.h:78
FILE * ods_fopen(const char *file, const char *dir, const char *mode)
Definition: file.c:188
keylist_type * keylist_create(allocator_type *allocator)
Definition: keys.c:268
task_type * task_create(task_id what, time_t when, const char *who, void *zone)
Definition: task.c:50
ods_status zone_load_signconf(zone_type *zone, task_id *tbs)
Definition: zone.c:371
ldns_rr * rrset_add_rr(rrset_type *rrset, ldns_rr *rr)
Definition: rrset.c:265
rrset_type * domain_add_rrset(domain_type *domain, rrset_type *rrset)
Definition: domain.c:332
duration_type * sig_refresh_interval
Definition: signconf.h:57
#define lock_basic_lock(lock)
Definition: locks.h:154
uint8_t * salt_data
Definition: nsec3params.h:62
key_type * key_recover(FILE *fd, allocator_type *allocator)
Definition: keys.c:98
const char * locator
Definition: keys.h:58
allocator_type * allocator_create(void *(*allocator)(size_t size), void(*deallocator)(void *))
Definition: allocator.c:48
ldns_rr * rrset_del_rr(rrset_type *rrset, ldns_rr *rr, int dupallowed)
Definition: rrset.c:326
Definition: task.h:45
ods_status lhsm_get_key(hsm_ctx_t *ctx, ldns_rdf *owner, key_type *key_id)
Definition: hsm.c:136
int lock_basic_type
Definition: locks.h:151
#define SE_SOA_RDATA_MINIMUM
Definition: util.h:49
void zonedata_backup(FILE *fd, zonedata_type *zd)
Definition: zonedata.c:1584
signconf_type * signconf
Definition: zone.h:81
ods_status zone_update_serial(zone_type *zone)
Definition: zone.c:1207
adapter_type * adinbound
Definition: zone.h:77
void signconf_backup(FILE *fd, signconf_type *sc)
Definition: signconf.c:300
char * allocator_strdup(allocator_type *allocator, const char *string)
Definition: allocator.c:122
void task_cleanup(task_type *task)
Definition: task.c:169
ods_status zone_add_rr(zone_type *zone, ldns_rr *rr, int do_stats)
Definition: zone.c:144
void nsec3params_backup(FILE *fd, uint8_t algo, uint8_t flags, uint16_t iter, const char *salt, ldns_rr *rr)
Definition: nsec3params.c:145
int processed
Definition: zone.h:73
uint32_t default_ttl
Definition: zonedata.h:65
void stats_cleanup(stats_type *stats)
Definition: stats.c:109
int zone_locked
Definition: zone.h:94
const char * signconf_filename
Definition: zone.h:69
allocator_type * allocator
Definition: zone.h:58
const char * task_what2str(int what)
Definition: task.c:222
char * ods_build_path(const char *file, const char *suffix, int dir, int no_slash)
Definition: file.c:128
const char * notify_ns
Definition: zone.h:63
time_t duration2time(duration_type *duration)
Definition: duration.c:340
ods_status zone_del_rr(zone_type *zone, ldns_rr *rr, int do_stats)
Definition: zone.c:271
ldns_rr_type rr_type
Definition: rrset.h:58
void ods_log_verbose(const char *format,...)
Definition: log.c:301
ods_status zonedata_recover(zonedata_type *zd, FILE *fd)
Definition: zonedata.c:202
time_t last_modified
Definition: signconf.h:78
ldns_rr_class klass
Definition: zone.h:60
uint32_t nsec3_algo
Definition: signconf.h:66
ods_status zonedata_examine(zonedata_type *zd, ldns_rdf *apex, adapter_mode mode)
Definition: zonedata.c:1408
#define lock_basic_init(lock)
Definition: locks.h:152
size_t count
Definition: keys.h:77
void ods_fclose(FILE *fd)
Definition: file.c:245
uint32_t sort_count
Definition: stats.h:57
allocator_type * allocator
Definition: signconf.h:54
void allocator_cleanup(allocator_type *allocator)
Definition: allocator.c:153
duration_type * dnskey_ttl
Definition: signconf.h:70
uint32_t inbound_serial
Definition: zonedata.h:66
void signconf_log(signconf_type *sc, const char *name)
Definition: signconf.c:731
const char * name
Definition: zone.h:67
ods_status zonedata_commit(zonedata_type *zd)
Definition: zonedata.c:687
ods_status zone_prepare_keys(zone_type *zone)
Definition: zone.c:1164
ods_status zonedata_update_serial(zonedata_type *zd, signconf_type *sc, const char *zone_name)
Definition: zonedata.c:1196
int backup_read_check_str(FILE *in, const char *str)
Definition: backup.c:74
duration_type * sig_jitter
Definition: signconf.h:60
hsm_sign_params_t * params
Definition: keys.h:61
duration_type * sig_resign_interval
Definition: signconf.h:56
key_type * first_key
Definition: keys.h:78
void zonedata_init_denial(zonedata_type *zd)
Definition: zonedata.c:137
ods_status zone_prepare_nsec3(zone_type *zone, int recover)
Definition: zone.c:616
int just_updated
Definition: zone.h:71
void allocator_deallocate(allocator_type *allocator, void *data)
Definition: allocator.c:136
int stats_locked
Definition: stats.h:70
void * task
Definition: zone.h:88
const char * policy_name
Definition: zone.h:68
void nsec3params_cleanup(nsec3params_type *nsec3params)
Definition: nsec3params.c:265
zonedata_type * zonedata
Definition: zone.h:85
nsec3params_type * nsec3params_create(uint8_t algo, uint8_t flags, uint16_t iter, const char *salt)
Definition: nsec3params.c:101
#define ods_log_assert(x)
Definition: log.h:141
int just_added
Definition: zone.h:70
void adapter_cleanup(adapter_type *adapter)
Definition: adapter.c:220
rrset_type * rrset_create(ldns_rr_type rrtype)
Definition: rrset.c:101
domain_type * zonedata_lookup_domain(zonedata_type *zd, ldns_rdf *dname)
Definition: zonedata.c:314
#define lock_basic_unlock(lock)
Definition: locks.h:155
void ods_log_warning(const char *format,...)
Definition: log.c:333
domain_type * domain_create(ldns_rdf *dname)
Definition: domain.c:67
int tobe_removed
Definition: zone.h:72
ods_status zone_recover(zone_type *zone)
Definition: zone.c:768
hsm_key_t * hsmkey
Definition: keys.h:60
ldns_dnssec_rrs * rrs
Definition: rrset.h:64
ods_status signconf_update(signconf_type **signconf, const char *scfile, time_t last_modified)
Definition: signconf.c:162
ldns_rdf * dname
Definition: domain.h:73
ods_status zonedata_print(FILE *fd, zonedata_type *zd)
Definition: zonedata.c:1609
stats_type * stats
Definition: zone.h:91
ods_status signconf_compare_keys(signconf_type *a, signconf_type *b, ldns_rr_list *del, task_id *task)
Definition: signconf.c:469
int backup_read_uint32_t(FILE *in, uint32_t *v)
Definition: backup.c:230
void task_backup(FILE *fd, task_type *task)
Definition: task.c:144
domain_type * zonedata_add_domain(zonedata_type *zd, domain_type *domain)
Definition: zonedata.c:327
void stats_clear(stats_type *stats)
Definition: stats.c:57
int nsec3_optout
Definition: signconf.h:65