OpenDNSSEC-signer  1.4.6
namedb.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2009 NLNet Labs. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  * notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  * notice, this list of conditions and the following disclaimer in the
11  * documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
15  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
17  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
19  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
20  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
21  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
22  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
23  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  *
25  */
26 
32 #include "config.h"
33 #include "shared/allocator.h"
34 #include "shared/file.h"
35 #include "shared/log.h"
36 #include "shared/util.h"
37 #include "signer/backup.h"
38 #include "signer/namedb.h"
39 #include "signer/zone.h"
40 
41 const char* db_str = "namedb";
42 
43 
48 static ldns_rbnode_t*
49 domain2node(domain_type* domain)
50 {
51  ldns_rbnode_t* node = (ldns_rbnode_t*) malloc(sizeof(ldns_rbnode_t));
52  if (!node) {
53  return NULL;
54  }
55  node->key = domain->dname;
56  node->data = domain;
57  return node;
58 }
59 
60 
65 static ldns_rbnode_t*
66 denial2node(denial_type* denial)
67 {
68  ldns_rbnode_t* node = (ldns_rbnode_t*) malloc(sizeof(ldns_rbnode_t));
69  if (!node) {
70  return NULL;
71  }
72  node->key = denial->dname;
73  node->data = denial;
74  return node;
75 }
76 
77 
82 static int
83 domain_compare(const void* a, const void* b)
84 {
85  ldns_rdf* x = (ldns_rdf*)a;
86  ldns_rdf* y = (ldns_rdf*)b;
87  return ldns_dname_compare(x, y);
88 }
89 
90 
95 void
97 {
98  if (db) {
99  db->denials = ldns_rbtree_create(domain_compare);
100  }
101  return;
102 }
103 
104 
109 static void
110 namedb_init_domains(namedb_type* db)
111 {
112  if (db) {
113  db->domains = ldns_rbtree_create(domain_compare);
114  }
115  return;
116 }
117 
118 
124 namedb_create(void* zone)
125 {
126  namedb_type* db = NULL;
127  zone_type* z = (zone_type*) zone;
128 
129  ods_log_assert(z);
130  ods_log_assert(z->name);
132  db = (namedb_type*) allocator_alloc(z->allocator, sizeof(namedb_type));
133  if (!db) {
134  ods_log_error("[%s] unable to create namedb for zone %s: "
135  "allocator_alloc() failed", db_str, z->name);
136  return NULL;
137  }
138  db->zone = zone;
139 
140  namedb_init_domains(db);
141  if (!db->domains) {
142  ods_log_error("[%s] unable to create namedb for zone %s: "
143  "init domains failed", db_str, z->name);
144  namedb_cleanup(db);
145  return NULL;
146  }
148  if (!db->denials) {
149  ods_log_error("[%s] unable to create namedb for zone %s: "
150  "init denials failed", db_str, z->name);
151  namedb_cleanup(db);
152  return NULL;
153  }
154  db->inbserial = 0;
155  db->intserial = 0;
156  db->outserial = 0;
157  db->altserial = 0;
158  db->is_initialized = 0;
159  db->have_serial = 0;
160  db->is_processed = 0;
161  db->serial_updated = 0;
162  db->force_serial = 0;
163  return db;
164 }
165 
166 
171 static void*
172 namedb_domain_search(ldns_rbtree_t* tree, ldns_rdf* dname)
173 {
174  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
175  if (!tree || !dname) {
176  return NULL;
177  }
178  node = ldns_rbtree_search(tree, dname);
179  if (node && node != LDNS_RBTREE_NULL) {
180  return (void*) node->data;
181  }
182  return NULL;
183 }
184 
185 
186 static uint32_t
187 max(uint32_t a, uint32_t b)
188 {
189  return (a<b?b:a);
190 }
191 
192 
198 namedb_update_serial(namedb_type* db, const char* zone_name, const char* format,
199  uint32_t inbound_serial)
200 {
201  uint32_t soa = 0;
202  uint32_t prev = 0;
203  uint32_t update = 0;
204  if (!db || !format || !zone_name) {
205  return ODS_STATUS_ASSERT_ERR;
206  }
207  prev = max(db->outserial, inbound_serial);
208  if (!db->have_serial) {
209  prev = inbound_serial;
210  }
211  ods_log_debug("[%s] zone %s update serial: format=%s in=%u internal=%u "
212  "out=%u now=%u", db_str, zone_name, format, db->inbserial,
213  db->intserial, db->outserial, (uint32_t) time_now());
214  if (db->force_serial) {
215  soa = db->altserial;
216  if (!util_serial_gt(soa, prev)) {
217  ods_log_warning("[%s] zone %s unable to enforce serial: %u does not "
218  " increase %u. Serial set to %u", db_str, zone_name, soa, prev,
219  (prev+1));
220  soa = prev + 1;
221  } else {
222  ods_log_info("[%s] zone %s enforcing serial %u", db_str, zone_name,
223  soa);
224  }
225  db->force_serial = 0;
226  } else if (ods_strcmp(format, "unixtime") == 0) {
227  soa = (uint32_t) time_now();
228  if (!util_serial_gt(soa, prev)) {
229  if (!db->have_serial) {
230  ods_log_warning("[%s] zone %s unable to use unixtime as serial: "
231  "%u does not increase %u. Serial set to %u", db_str,
232  zone_name, soa, prev, (prev+1));
233  }
234  soa = prev + 1;
235  }
236  } else if (ods_strcmp(format, "datecounter") == 0) {
237  soa = (uint32_t) time_datestamp(0, "%Y%m%d", NULL) * 100;
238  if (!util_serial_gt(soa, prev)) {
239  if (!db->have_serial) {
240  ods_log_warning("[%s] zone %s unable to use datecounter as "
241  "serial: %u does not increase %u. Serial set to %u", db_str,
242  zone_name, soa, prev, (prev+1));
243  }
244  soa = prev + 1;
245  }
246  } else if (ods_strcmp(format, "counter") == 0) {
247  soa = inbound_serial + 1;
248  if (db->have_serial && !util_serial_gt(soa, prev)) {
249  soa = prev + 1;
250  }
251  } else if (ods_strcmp(format, "keep") == 0) {
252  prev = db->outserial;
253  soa = inbound_serial;
254  if (db->have_serial && !util_serial_gt(soa, prev)) {
255  ods_log_error("[%s] zone %s cannot keep SOA SERIAL from input zone "
256  " (%u): previous output SOA SERIAL is %u", db_str, zone_name,
257  soa, prev);
259  }
260  } else {
261  ods_log_error("[%s] zone %s unknown serial type %s", db_str, zone_name,
262  format);
263  return ODS_STATUS_ERR;
264  }
265  /* serial is stored in 32 bits */
266  update = soa - prev;
267  if (update > 0x7FFFFFFF) {
268  update = 0x7FFFFFFF;
269  }
270  if (!db->have_serial) {
271  db->intserial = soa;
272  } else {
273  db->intserial = prev + update; /* automatically does % 2^32 */
274  }
275  ods_log_debug("[%s] zone %s update serial: %u + %u = %u", db_str, zone_name,
276  prev, update, db->intserial);
277  return ODS_STATUS_OK;
278 }
279 
280 
286 namedb_domain_entize(namedb_type* db, domain_type* domain, ldns_rdf* apex)
287 {
288  ldns_rdf* parent_rdf = NULL;
289  domain_type* parent_domain = NULL;
290  ods_log_assert(apex);
291  ods_log_assert(domain);
292  ods_log_assert(domain->dname);
293  ods_log_assert(db);
294  ods_log_assert(db->domains);
295  if (domain->parent) {
296  /* domain already has parent */
297  return ODS_STATUS_OK;
298  }
299 
300  while (domain && ldns_dname_is_subdomain(domain->dname, apex) &&
301  ldns_dname_compare(domain->dname, apex) != 0) {
309  parent_rdf = ldns_dname_left_chop(domain->dname);
310  if (!parent_rdf) {
311  ods_log_error("[%s] unable to entize domain: left chop failed",
312  db_str);
313  return ODS_STATUS_ERR;
314  }
315  parent_domain = namedb_lookup_domain(db, parent_rdf);
316  if (!parent_domain) {
317  parent_domain = namedb_add_domain(db, parent_rdf);
318  ldns_rdf_deep_free(parent_rdf);
319  if (!parent_domain) {
320  ods_log_error("[%s] unable to entize domain: failed to add "
321  "parent domain", db_str);
322  return ODS_STATUS_ERR;
323  }
324  domain->parent = parent_domain;
325  /* continue with the parent domain */
326  domain = parent_domain;
327  } else {
328  ldns_rdf_deep_free(parent_rdf);
329  domain->parent = parent_domain;
330  /* domain has parent, entize done */
331  domain = NULL;
332  }
333  }
334  return ODS_STATUS_OK;
335 }
336 
337 
343 namedb_lookup_domain(namedb_type* db, ldns_rdf* dname)
344 {
345  if (!db) {
346  return NULL;
347  }
348  return (domain_type*) namedb_domain_search(db->domains, dname);
349 }
350 
351 
357 namedb_add_domain(namedb_type* db, ldns_rdf* dname)
358 {
359  domain_type* domain = NULL;
360  ldns_rbnode_t* new_node = LDNS_RBTREE_NULL;
361  if (!dname || !db || !db->domains) {
362  return NULL;
363  }
364  domain = domain_create(db->zone, dname);
365  if (!domain) {
366  ods_log_error("[%s] unable to add domain: domain_create() failed",
367  db_str);
368  return NULL;
369  }
370  new_node = domain2node(domain);
371  if (!new_node) {
372  ods_log_error("[%s] unable to add domain: domain2node() failed",
373  db_str);
374  return NULL;
375  }
376  if (ldns_rbtree_insert(db->domains, new_node) == NULL) {
377  ods_log_error("[%s] unable to add domain: already present", db_str);
378  log_dname(domain->dname, "ERR +DOMAIN", LOG_ERR);
379  domain_cleanup(domain);
380  free((void*)new_node);
381  return NULL;
382  }
383  domain = (domain_type*) new_node->data;
384  domain->node = new_node;
385  domain->is_new = 1;
386  log_dname(domain->dname, "+DOMAIN", LOG_DEEEBUG);
387  return domain;
388 }
389 
390 
397 {
398  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
399  if (!domain || !db || !db->domains) {
400  ods_log_error("[%s] unable to delete domain: !db || !domain", db_str);
401  return NULL;
402  }
403  if (domain->rrsets || domain->denial) {
404  ods_log_error("[%s] unable to delete domain: domain in use", db_str);
405  log_dname(domain->dname, "ERR -DOMAIN", LOG_ERR);
406  return NULL;
407  }
408  node = ldns_rbtree_delete(db->domains, (const void*)domain->dname);
409  if (node) {
410  ods_log_assert(domain->node == node);
411  ods_log_assert(!domain->rrsets);
412  ods_log_assert(!domain->denial);
413  free((void*)node);
414  domain->node = NULL;
415  log_dname(domain->dname, "-DOMAIN", LOG_DEEEBUG);
416  return domain;
417  }
418  ods_log_error("[%s] unable to delete domain: not found", db_str);
419  log_dname(domain->dname, "ERR -DOMAIN", LOG_ERR);
420  return NULL;
421 }
422 
423 
429 namedb_lookup_denial(namedb_type* db, ldns_rdf* dname)
430 {
431  if (!db) {
432  return NULL;
433  }
434  return (denial_type*) namedb_domain_search(db->denials, dname);
435 }
436 
437 
442 static int
443 domain_is_empty_terminal(domain_type* domain)
444 {
445  ldns_rbnode_t* n = LDNS_RBTREE_NULL;
446  domain_type* d = NULL;
447  ods_log_assert(domain);
448  if (domain->is_apex) {
449  return 0;
450  }
451  if (domain->rrsets) {
452  return 0;
453  }
454  n = ldns_rbtree_next(domain->node);
455  if (n) {
456  d = (domain_type*) n->data;
457  }
458  /* if it has children domains, do not delete it */
459  if(d && ldns_dname_is_subdomain(d->dname, domain->dname)) {
460  return 0;
461  }
462  return 1;
463 }
464 
465 
470 static int
471 domain_can_be_deleted(domain_type* domain)
472 {
473  ods_log_assert(domain);
474  return (domain_is_empty_terminal(domain) && !domain->denial);
475 }
476 
477 
482 static void
483 namedb_add_nsec_trigger(namedb_type* db, domain_type* domain)
484 {
485  ldns_rr_type dstatus = LDNS_RR_TYPE_FIRST;
486  denial_type* denial = NULL;
487  ods_log_assert(db);
488  ods_log_assert(domain);
489  ods_log_assert(!domain->denial);
490  dstatus = domain_is_occluded(domain);
491  if (dstatus == LDNS_RR_TYPE_DNAME || dstatus == LDNS_RR_TYPE_A) {
492  return; /* don't do occluded/glue domain */
493  }
494  if (!domain->rrsets) {
495  return; /* don't do empty domain */
496  }
497  /* ok, nsecify this domain */
498  denial = namedb_add_denial(db, domain->dname, NULL);
499  ods_log_assert(denial);
500  denial->domain = (void*) domain;
501  domain->denial = (void*) denial;
502  domain->is_new = 0;
503  return;
504 }
505 
506 
511 static void
512 namedb_add_nsec3_trigger(namedb_type* db, domain_type* domain,
513  nsec3params_type* n3p)
514 {
515  ldns_rr_type dstatus = LDNS_RR_TYPE_FIRST;
516  denial_type* denial = NULL;
517  ods_log_assert(db);
518  ods_log_assert(n3p);
519  ods_log_assert(domain);
520  ods_log_assert(!domain->denial);
521  dstatus = domain_is_occluded(domain);
522  if (dstatus == LDNS_RR_TYPE_DNAME || dstatus == LDNS_RR_TYPE_A) {
523  return; /* don't do occluded/glue domain */
524  }
525  /* Opt-Out? */
526  if (n3p->flags) {
527  dstatus = domain_is_delegpt(domain);
528  /* If Opt-Out is being used, owner names of unsigned delegations
529  MAY be excluded. */
530  if (dstatus == LDNS_RR_TYPE_NS) {
531  return;
532  }
533  }
534  /* ok, nsecify3 this domain */
535  denial = namedb_add_denial(db, domain->dname, n3p);
536  ods_log_assert(denial);
537  denial->domain = (void*) domain;
538  domain->denial = (void*) denial;
539  domain->is_new = 0;
540  return;
541 }
542 
543 
548 static void
549 namedb_add_denial_trigger(namedb_type* db, domain_type* domain)
550 {
551  zone_type* zone = NULL;
552  ods_log_assert(db);
553  ods_log_assert(domain);
554  if (!domain->denial) {
555  zone = (void*) domain->zone;
556  ods_log_assert(zone);
557  ods_log_assert(zone->signconf);
558  if (zone->signconf->nsec_type == LDNS_RR_TYPE_NSEC) {
559  namedb_add_nsec_trigger(db, domain);
560  } else {
561  ods_log_assert(zone->signconf->nsec_type == LDNS_RR_TYPE_NSEC3);
562  namedb_add_nsec3_trigger(db, domain, zone->signconf->nsec3params);
563  }
564  }
565  return;
566 }
567 
568 
573 static void
574 namedb_del_nsec_trigger(namedb_type* db, domain_type* domain)
575 {
576  ldns_rr_type dstatus = LDNS_RR_TYPE_FIRST;
577  denial_type* denial = NULL;
578  ods_log_assert(db);
579  ods_log_assert(domain);
580  ods_log_assert(domain->denial);
581  dstatus = domain_is_occluded(domain);
582  if (dstatus == LDNS_RR_TYPE_DNAME || dstatus == LDNS_RR_TYPE_A ||
583  domain_is_empty_terminal(domain) || !domain->rrsets) {
584  /* domain has become occluded/glue or empty non-terminal*/
585  denial_diff((denial_type*) domain->denial);
586  denial = namedb_del_denial(db, domain->denial);
587  denial_cleanup(denial);
588  domain->denial = NULL;
589  }
590  return;
591 }
592 
593 
598 static void
599 namedb_del_nsec3_trigger(namedb_type* db, domain_type* domain,
600  nsec3params_type* n3p)
601 {
602  ldns_rr_type dstatus = LDNS_RR_TYPE_FIRST;
603  denial_type* denial = NULL;
604  ods_log_assert(db);
605  ods_log_assert(n3p);
606  ods_log_assert(domain);
607  ods_log_assert(domain->denial);
608  dstatus = domain_is_occluded(domain);
609  if (dstatus == LDNS_RR_TYPE_DNAME || dstatus == LDNS_RR_TYPE_A ||
610  domain_is_empty_terminal(domain)) {
611  /* domain has become occluded/glue */
612  denial_diff((denial_type*) domain->denial);
613  denial = namedb_del_denial(db, domain->denial);
614  denial_cleanup(denial);
615  domain->denial = NULL;
616  } else if (n3p->flags) {
617  dstatus = domain_is_delegpt(domain);
618  /* If Opt-Out is being used, owner names of unsigned delegations
619  MAY be excluded. */
620  if (dstatus == LDNS_RR_TYPE_NS) {
621  denial_diff((denial_type*) domain->denial);
622  denial = namedb_del_denial(db, domain->denial);
623  denial_cleanup(denial);
624  domain->denial = NULL;
625  }
626  }
627  return;
628 }
629 
630 
635 static int
636 namedb_del_denial_trigger(namedb_type* db, domain_type* domain, int rollback)
637 {
638  domain_type* parent = NULL;
639  zone_type* zone = NULL;
640  unsigned is_deleted = 0;
641  ods_log_assert(db);
642  ods_log_assert(domain);
643  ods_log_assert(domain->dname);
644  zone = (void*) domain->zone;
645  ods_log_assert(zone);
646  ods_log_assert(zone->signconf);
647  while(domain) {
648  if (!rollback) {
649  if (domain->denial) {
650  if (zone->signconf->nsec_type == LDNS_RR_TYPE_NSEC) {
651  namedb_del_nsec_trigger(db, domain);
652  } else {
654  LDNS_RR_TYPE_NSEC3);
655  namedb_del_nsec3_trigger(db, domain,
656  zone->signconf->nsec3params);
657  }
658  }
659  }
660  parent = domain->parent;
661  if (domain_can_be_deleted(domain)) {
662  /* -DOMAIN */
663  domain = namedb_del_domain(db, domain);
664  domain_cleanup(domain);
665  is_deleted = 1;
666  }
667  /* continue with parent */
668  domain = parent;
669  }
670  return is_deleted;
671 }
672 
673 
678 static ldns_rdf*
679 dname_hash(ldns_rdf* dname, ldns_rdf* apex, nsec3params_type* nsec3params)
680 {
681  ldns_rdf* hashed_ownername = NULL;
682  ldns_rdf* hashed_label = NULL;
683  ods_log_assert(dname);
684  ods_log_assert(apex);
685  ods_log_assert(nsec3params);
690  hashed_label = ldns_nsec3_hash_name(dname, nsec3params->algorithm,
691  nsec3params->iterations, nsec3params->salt_len,
692  nsec3params->salt_data);
693  if (!hashed_label) {
694  return NULL;
695  }
696  hashed_ownername = ldns_dname_cat_clone((const ldns_rdf*) hashed_label,
697  (const ldns_rdf*) apex);
698  if (!hashed_ownername) {
699  return NULL;
700  }
701  ldns_rdf_deep_free(hashed_label);
702  return hashed_ownername;
703 }
704 
705 
711 namedb_add_denial(namedb_type* db, ldns_rdf* dname, nsec3params_type* n3p)
712 {
713  zone_type* z = NULL;
714  ldns_rbnode_t* new_node = LDNS_RBTREE_NULL;
715  ldns_rbnode_t* pnode = LDNS_RBTREE_NULL;
716  ldns_rdf* owner = NULL;
717  denial_type* denial = NULL;
718  denial_type* pdenial = NULL;
719 
720  ods_log_assert(db);
721  ods_log_assert(db->denials);
722  ods_log_assert(dname);
723  /* nsec or nsec3 */
724  if (n3p) {
725  z = (zone_type*) db->zone;
726  owner = dname_hash(dname, z->apex, n3p);
727  } else {
728  owner = ldns_rdf_clone(dname);
729  }
730  if (!owner) {
731  ods_log_error("[%s] unable to add denial: create owner failed",
732  db_str);
733  return NULL;
734  }
735  denial = denial_create(db->zone, owner);
736  if (!denial) {
737  ods_log_error("[%s] unable to add denial: denial_create() failed",
738  db_str);
739  return NULL;
740  }
741  new_node = denial2node(denial);
742  if (!new_node) {
743  ods_log_error("[%s] unable to add denial: denial2node() failed",
744  db_str);
745  return NULL;
746  }
747  if (!ldns_rbtree_insert(db->denials, new_node)) {
748  ods_log_error("[%s] unable to add denial: already present", db_str);
749  log_dname(denial->dname, "ERR +DENIAL", LOG_ERR);
750  denial_cleanup(denial);
751  free((void*)new_node);
752  return NULL;
753  }
754  /* denial of existence data point added */
755  denial = (denial_type*) new_node->data;
756  denial->node = new_node;
757  denial->nxt_changed = 1;
758  pnode = ldns_rbtree_previous(new_node);
759  if (!pnode || pnode == LDNS_RBTREE_NULL) {
760  pnode = ldns_rbtree_last(db->denials);
761  }
762  ods_log_assert(pnode);
763  pdenial = (denial_type*) pnode->data;
764  ods_log_assert(pdenial);
765  pdenial->nxt_changed = 1;
766  log_dname(denial->dname, "+DENIAL", LOG_DEEEBUG);
767  return denial;
768 }
769 
770 
777 {
778  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
779  ldns_rbnode_t* pnode = LDNS_RBTREE_NULL;
780  denial_type* pdenial = NULL;
781 
782  if (!denial || !db || !db->denials) {
783  return NULL;
784  }
785  if (denial->rrset && denial->rrset->rr_count) {
786  ods_log_error("[%s] unable to delete denial: denial in use [#%u]",
787  db_str, denial->rrset->rr_count);
788  log_dname(denial->dname, "ERR -DENIAL", LOG_ERR);
789  return NULL;
790  }
791  pnode = ldns_rbtree_previous(denial->node);
792  if (!pnode || pnode == LDNS_RBTREE_NULL) {
793  pnode = ldns_rbtree_last(db->denials);
794  }
795  ods_log_assert(pnode);
796  pdenial = (denial_type*) pnode->data;
797  ods_log_assert(pdenial);
798  node = ldns_rbtree_delete(db->denials, (const void*)denial->dname);
799  if (!node) {
800  ods_log_error("[%s] unable to delete denial: not found", db_str);
801  log_dname(denial->dname, "ERR -DENIAL", LOG_ERR);
802  return NULL;
803  }
804  ods_log_assert(denial->node == node);
805  pdenial->nxt_changed = 1;
806  free((void*)node);
807  denial->domain = NULL;
808  denial->node = NULL;
809  log_dname(denial->dname, "-DENIAL", LOG_DEEEBUG);
810  return denial;
811 }
812 
813 
818 void
819 namedb_diff(namedb_type* db, unsigned is_ixfr, unsigned more_coming)
820 {
821  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
822  domain_type* domain = NULL;
823  if (!db || !db->domains) {
824  return;
825  }
826  node = ldns_rbtree_first(db->domains);
827  if (!node || node == LDNS_RBTREE_NULL) {
828  return;
829  }
830  while (node && node != LDNS_RBTREE_NULL) {
831  domain = (domain_type*) node->data;
832  node = ldns_rbtree_next(node);
833  domain_diff(domain, is_ixfr, more_coming);
834  }
835  node = ldns_rbtree_first(db->domains);
836  if (!node || node == LDNS_RBTREE_NULL) {
837  return;
838  }
839  while (node && node != LDNS_RBTREE_NULL) {
840  domain = (domain_type*) node->data;
841  node = ldns_rbtree_next(node);
842  if (!namedb_del_denial_trigger(db, domain, 0)) {
843  /* del_denial did not delete domain */
844  namedb_add_denial_trigger(db, domain);
845  }
846  }
847  return;
848 }
849 
850 
855 void
856 namedb_rollback(namedb_type* db, unsigned keepsc)
857 {
858  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
859  domain_type* domain = NULL;
860  if (!db || !db->domains) {
861  return;
862  }
863  node = ldns_rbtree_first(db->domains);
864  if (!node || node == LDNS_RBTREE_NULL) {
865  return;
866  }
867  while (node && node != LDNS_RBTREE_NULL) {
868  domain = (domain_type*) node->data;
869  node = ldns_rbtree_next(node);
870  domain_rollback(domain, keepsc);
871  (void) namedb_del_denial_trigger(db, domain, 1);
872  }
873  return;
874 }
875 
876 
881 void
882 namedb_nsecify(namedb_type* db, uint32_t* num_added)
883 {
884  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
885  ldns_rbnode_t* nxt_node = LDNS_RBTREE_NULL;
886  denial_type* denial = NULL;
887  denial_type* nxt = NULL;
888  uint32_t nsec_added = 0;
889  ods_log_assert(db);
890  node = ldns_rbtree_first(db->denials);
891  while (node && node != LDNS_RBTREE_NULL) {
892  denial = (denial_type*) node->data;
893  nxt_node = ldns_rbtree_next(node);
894  if (!nxt_node || nxt_node == LDNS_RBTREE_NULL) {
895  nxt_node = ldns_rbtree_first(db->denials);
896  }
897  nxt = (denial_type*) nxt_node->data;
898  denial_nsecify(denial, nxt, &nsec_added);
899  node = ldns_rbtree_next(node);
900  }
901  if (num_added) {
902  *num_added = nsec_added;
903  }
904  return;
905 }
906 
907 
914 {
915  ods_status status = ODS_STATUS_OK;
916  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
917  domain_type* domain = NULL;
918  rrset_type* rrset = NULL;
919  int soa_seen = 0;
920 /*
921  ldns_rr_type dstatus = LDNS_RR_TYPE_FIRST;
922  ldns_rr_type delegpt = LDNS_RR_TYPE_FIRST;
923 */
924 
925  if (!db || !db->domains) {
926  /* no db, no error */
927  return ODS_STATUS_OK;
928  }
929  if (db->domains->root != LDNS_RBTREE_NULL) {
930  node = ldns_rbtree_first(db->domains);
931  }
932  while (node && node != LDNS_RBTREE_NULL) {
933  domain = (domain_type*) node->data;
934  rrset = domain_lookup_rrset(domain, LDNS_RR_TYPE_CNAME);
935  if (rrset) {
936  /* Thou shall not have other data next to CNAME */
937  if (domain_count_rrset_is_added(domain) > 1 &&
938  rrset_count_rr_is_added(rrset) > 0) {
939  log_rrset(domain->dname, rrset->rrtype,
940  "CNAME and other data at the same name", LOG_ERR);
942  }
943  /* Thou shall have at most one CNAME per name */
944  if (rrset_count_rr_is_added(rrset) > 1) {
945  log_rrset(domain->dname, rrset->rrtype,
946  "multiple CNAMEs at the same name", LOG_ERR);
948  }
949  }
950  rrset = domain_lookup_rrset(domain, LDNS_RR_TYPE_DNAME);
951  if (rrset) {
952  /* Thou shall have at most one DNAME per name */
953  if (rrset_count_rr_is_added(rrset) > 1) {
954  log_rrset(domain->dname, rrset->rrtype,
955  "multiple DNAMEs at the same name", LOG_ERR);
957  }
958  }
959  if (!soa_seen && domain->is_apex) {
960  rrset = domain_lookup_rrset(domain, LDNS_RR_TYPE_SOA);
961  if (rrset) {
962  /* Thou shall have one and only one SOA */
963  if (rrset_count_rr_is_added(rrset) != 1) {
964  log_rrset(domain->dname, rrset->rrtype,
965  "Wrong number of SOA records, should be 1", LOG_ERR);
967  }
968  } else {
969  log_rrset(domain->dname, rrset->rrtype, "missing SOA RRset",
970  LOG_ERR);
972  }
973  }
974 /*
975  dstatus = domain_is_occluded(domain);
976  delegpt = domain_is_delegpt(domain);
977 */
978  /* Thou shall not have occluded data in your zone file */
979  node = ldns_rbtree_next(node);
980  }
981  return status;
982 }
983 
984 
989 void
991 {
992  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
993  denial_type* denial = NULL;
994  zone_type* zone = NULL;
995  size_t i = 0;
996 
997  if (db && db->denials) {
998  zone = (zone_type*) db->zone;
999  ods_log_assert(zone);
1000  ods_log_assert(zone->name);
1001  ods_log_debug("[%s] wipe denial of existence space zone %s", db_str,
1002  zone->name);
1003  node = ldns_rbtree_first(db->denials);
1004  while (node && node != LDNS_RBTREE_NULL) {
1005  denial = (denial_type*) node->data;
1006  if (!denial->rrset) {
1007  node = ldns_rbtree_next(node);
1008  continue;
1009  }
1010  for (i=0; i < denial->rrset->rr_count; i++) {
1011  if (denial->rrset->rrs[i].exists) {
1012  /* ixfr -RR */
1013  lock_basic_lock(&zone->ixfr->ixfr_lock);
1014  ixfr_del_rr(zone->ixfr, denial->rrset->rrs[i].rr);
1015  lock_basic_unlock(&zone->ixfr->ixfr_lock);
1016  }
1017  denial->rrset->rrs[i].exists = 0;
1018  rrset_del_rr(denial->rrset, i);
1019  i--;
1020  }
1021  for (i=0; i < denial->rrset->rrsig_count; i++) {
1022  /* ixfr -RRSIG */
1023  lock_basic_lock(&zone->ixfr->ixfr_lock);
1024  ixfr_del_rr(zone->ixfr, denial->rrset->rrsigs[i].rr);
1025  lock_basic_unlock(&zone->ixfr->ixfr_lock);
1026  rrset_del_rrsig(denial->rrset, i);
1027  i--;
1028  }
1029  rrset_cleanup(denial->rrset);
1030  denial->rrset = NULL;
1031  node = ldns_rbtree_next(node);
1032  }
1033  }
1034  return;
1035 }
1036 
1037 
1042 void
1043 namedb_export(FILE* fd, namedb_type* db, ods_status* status)
1044 {
1045  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
1046  domain_type* domain = NULL;
1047  if (!fd || !db || !db->domains) {
1048  if (status) {
1049  ods_log_error("[%s] unable to export namedb: file descriptor "
1050  "or name database missing", db_str);
1051  *status = ODS_STATUS_ASSERT_ERR;
1052  }
1053  return;
1054  }
1055  node = ldns_rbtree_first(db->domains);
1056  if (!node || node == LDNS_RBTREE_NULL) {
1057  fprintf(fd, "; empty zone\n");
1058  if (status) {
1059  *status = ODS_STATUS_OK;
1060  }
1061  return;
1062  }
1063  while (node && node != LDNS_RBTREE_NULL) {
1064  domain = (domain_type*) node->data;
1065  if (domain) {
1066  domain_print(fd, domain, status);
1067  }
1068  node = ldns_rbtree_next(node);
1069  }
1070  return;
1071 }
1072 
1073 
1078 static void
1079 domain_delfunc(ldns_rbnode_t* elem)
1080 {
1081  domain_type* domain = NULL;
1082  if (elem && elem != LDNS_RBTREE_NULL) {
1083  domain = (domain_type*) elem->data;
1084  domain_delfunc(elem->left);
1085  domain_delfunc(elem->right);
1086  domain_cleanup(domain);
1087  free((void*)elem);
1088  }
1089  return;
1090 }
1091 
1092 
1097 static void
1098 denial_delfunc(ldns_rbnode_t* elem)
1099 {
1100  denial_type* denial = NULL;
1101  domain_type* domain = NULL;
1102  if (elem && elem != LDNS_RBTREE_NULL) {
1103  denial = (denial_type*) elem->data;
1104  denial_delfunc(elem->left);
1105  denial_delfunc(elem->right);
1106  domain = (domain_type*) denial->domain;
1107  if (domain) {
1108  domain->denial = NULL;
1109  }
1110  denial_cleanup(denial);
1111  free((void*)elem);
1112  }
1113  return;
1114 }
1115 
1116 
1121 static void
1122 namedb_cleanup_domains(namedb_type* db)
1123 {
1124  if (db && db->domains) {
1125  domain_delfunc(db->domains->root);
1126  ldns_rbtree_free(db->domains);
1127  db->domains = NULL;
1128  }
1129  return;
1130 }
1131 
1132 
1137 void
1139 {
1140  if (db && db->denials) {
1141  denial_delfunc(db->denials->root);
1142  ldns_rbtree_free(db->denials);
1143  db->denials = NULL;
1144  }
1145  return;
1146 }
1147 
1148 
1153 void
1155 {
1156  zone_type* z = NULL;
1157  if (!db) {
1158  return;
1159  }
1160  z = (zone_type*) db->zone;
1161  if (!z || !z->allocator) {
1162  return;
1163  }
1165  namedb_cleanup_domains(db);
1166  allocator_deallocate(z->allocator, (void*) db);
1167  return;
1168 }
1169 
1170 
1175 void
1177 {
1178  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
1179  domain_type* domain = NULL;
1180  denial_type* denial = NULL;
1181  if (!fd || !db) {
1182  return;
1183  }
1184  node = ldns_rbtree_first(db->domains);
1185  while (node && node != LDNS_RBTREE_NULL) {
1186  domain = (domain_type*) node->data;
1187  domain_backup2(fd, domain, 0);
1188  node = ldns_rbtree_next(node);
1189  }
1190  fprintf(fd, ";\n");
1191  node = ldns_rbtree_first(db->denials);
1192  while (node && node != LDNS_RBTREE_NULL) {
1193  denial = (denial_type*) node->data;
1194  if (denial->rrset) {
1195  rrset_print(fd, denial->rrset, 1, NULL);
1196  }
1197  node = ldns_rbtree_next(node);
1198  }
1199  fprintf(fd, ";\n");
1200  /* signatures */
1201  node = ldns_rbtree_first(db->domains);
1202  while (node && node != LDNS_RBTREE_NULL) {
1203  domain = (domain_type*) node->data;
1204  domain_backup2(fd, domain, 1);
1205  node = ldns_rbtree_next(node);
1206  }
1207  node = ldns_rbtree_first(db->denials);
1208  while (node && node != LDNS_RBTREE_NULL) {
1209  denial = (denial_type*) node->data;
1210  if (denial->rrset) {
1211  rrset_backup2(fd, denial->rrset);
1212  }
1213  node = ldns_rbtree_next(node);
1214  }
1215  fprintf(fd, ";\n");
1216  return;
1217 }
size_t domain_count_rrset_is_added(domain_type *domain)
Definition: domain.c:147
void domain_cleanup(domain_type *domain)
Definition: domain.c:561
void namedb_cleanup_denials(namedb_type *db)
Definition: namedb.c:1138
uint32_t intserial
Definition: namedb.h:52
void namedb_export(FILE *fd, namedb_type *db, ods_status *status)
Definition: namedb.c:1043
rrset_type * rrset
Definition: denial.h:54
size_t rr_count
Definition: rrset.h:79
void rrset_cleanup(rrset_type *rrset)
Definition: rrset.c:852
void domain_backup2(FILE *fd, domain_type *domain, int sigs)
Definition: domain.c:580
rrset_type * domain_lookup_rrset(domain_type *domain, ldns_rr_type rrtype)
Definition: domain.c:170
domain_type * namedb_del_domain(namedb_type *db, domain_type *domain)
Definition: namedb.c:396
void ods_log_debug(const char *format,...)
Definition: log.c:270
uint32_t time_datestamp(time_t tt, const char *format, char **str)
Definition: duration.c:531
denial_type * denial_create(void *zoneptr, ldns_rdf *dname)
Definition: denial.c:48
void denial_cleanup(denial_type *denial)
Definition: denial.c:353
void * allocator_alloc(allocator_type *allocator, size_t size)
Definition: allocator.c:66
uint16_t iterations
Definition: nsec3params.h:57
void * domain
Definition: denial.h:51
void namedb_cleanup(namedb_type *db)
Definition: namedb.c:1154
void domain_print(FILE *fd, domain_type *domain, ods_status *status)
Definition: domain.c:493
size_t rrset_count_rr_is_added(rrset_type *rrset)
Definition: rrset.c:248
unsigned have_serial
Definition: namedb.h:59
void ixfr_del_rr(ixfr_type *ixfr, ldns_rr *rr)
Definition: ixfr.c:161
void ods_log_info(const char *format,...)
Definition: log.c:302
enum ods_enum_status ods_status
Definition: status.h:90
void ods_log_error(const char *format,...)
Definition: log.c:334
uint32_t outserial
Definition: namedb.h:53
ldns_rbtree_t * domains
Definition: namedb.h:49
void namedb_init_denials(namedb_type *db)
Definition: namedb.c:96
ods_status namedb_update_serial(namedb_type *db, const char *zone_name, const char *format, uint32_t inbound_serial)
Definition: namedb.c:198
int ods_strcmp(const char *s1, const char *s2)
Definition: file.c:320
ldns_rr_type rrtype
Definition: rrset.h:76
void namedb_diff(namedb_type *db, unsigned is_ixfr, unsigned more_coming)
Definition: namedb.c:819
void domain_diff(domain_type *domain, unsigned is_ixfr, unsigned more_coming)
Definition: domain.c:279
ldns_rr_type nsec_type
Definition: signconf.h:63
void namedb_backup2(FILE *fd, namedb_type *db)
Definition: namedb.c:1176
int util_serial_gt(uint32_t serial_new, uint32_t serial_old)
Definition: util.c:72
void namedb_nsecify(namedb_type *db, uint32_t *num_added)
Definition: namedb.c:882
unsigned exists
Definition: rrset.h:62
domain_type * parent
Definition: domain.h:59
#define lock_basic_lock(lock)
Definition: locks.h:91
uint8_t * salt_data
Definition: nsec3params.h:59
void log_rrset(ldns_rdf *dname, ldns_rr_type type, const char *pre, int level)
Definition: rrset.c:100
denial_type * namedb_del_denial(namedb_type *db, denial_type *denial)
Definition: namedb.c:776
ixfr_type * ixfr
Definition: zone.h:87
uint32_t inbserial
Definition: namedb.h:51
unsigned nxt_changed
Definition: denial.h:56
unsigned serial_updated
Definition: namedb.h:57
unsigned is_initialized
Definition: namedb.h:55
ldns_rbtree_t * denials
Definition: namedb.h:50
ldns_rr_type domain_is_delegpt(domain_type *domain)
Definition: domain.c:439
unsigned is_processed
Definition: namedb.h:56
ods_status namedb_domain_entize(namedb_type *db, domain_type *domain, ldns_rdf *apex)
Definition: namedb.c:286
ldns_rr * rr
Definition: rrset.h:48
signconf_type * signconf
Definition: zone.h:84
ldns_rr_type domain_is_occluded(domain_type *domain)
Definition: domain.c:464
void rrset_del_rrsig(rrset_type *rrset, uint16_t rrnum)
Definition: rrset.c:436
void namedb_rollback(namedb_type *db, unsigned keepsc)
Definition: namedb.c:856
void log_dname(ldns_rdf *rdf, const char *pre, int level)
Definition: domain.c:48
unsigned force_serial
Definition: namedb.h:58
domain_type * namedb_lookup_domain(namedb_type *db, ldns_rdf *dname)
Definition: namedb.c:343
unsigned is_apex
Definition: domain.h:62
void rrset_backup2(FILE *fd, rrset_type *rrset)
Definition: rrset.c:885
allocator_type * allocator
Definition: zone.h:67
unsigned is_new
Definition: domain.h:61
void * zone
Definition: namedb.h:48
void rrset_del_rr(rrset_type *rrset, uint16_t rrnum)
Definition: rrset.c:307
namedb_type * namedb_create(void *zone)
Definition: namedb.c:124
#define LOG_ERR
Definition: log.h:47
void denial_diff(denial_type *denial)
Definition: denial.c:249
ldns_rr * rr
Definition: rrset.h:60
#define LOG_DEEEBUG
Definition: log.h:53
lock_basic_type ixfr_lock
Definition: ixfr.h:62
const char * db_str
Definition: namedb.c:41
nsec3params_type * nsec3params
Definition: signconf.h:68
ods_status namedb_examine(namedb_type *db)
Definition: namedb.c:913
domain_type * namedb_add_domain(namedb_type *db, ldns_rdf *dname)
Definition: namedb.c:357
const char * name
Definition: zone.h:76
ldns_rbnode_t * node
Definition: domain.h:57
void domain_rollback(domain_type *domain, int keepsc)
Definition: domain.c:331
size_t rrsig_count
Definition: rrset.h:80
uint32_t altserial
Definition: namedb.h:54
void allocator_deallocate(allocator_type *allocator, void *data)
Definition: allocator.c:135
ldns_rdf * dname
Definition: denial.h:53
ldns_rbnode_t * node
Definition: denial.h:52
rrset_type * rrsets
Definition: domain.h:60
rrsig_type * rrsigs
Definition: rrset.h:78
#define ods_log_assert(x)
Definition: log.h:154
void * denial
Definition: domain.h:56
void namedb_wipe_denial(namedb_type *db)
Definition: namedb.c:990
#define lock_basic_unlock(lock)
Definition: locks.h:92
void ods_log_warning(const char *format,...)
Definition: log.c:318
void denial_nsecify(denial_type *denial, denial_type *nxt, uint32_t *num_added)
Definition: denial.c:300
ldns_rdf * apex
Definition: zone.h:68
denial_type * namedb_add_denial(namedb_type *db, ldns_rdf *dname, nsec3params_type *n3p)
Definition: namedb.c:711
denial_type * namedb_lookup_denial(namedb_type *db, ldns_rdf *dname)
Definition: namedb.c:429
time_t time_now(void)
Definition: duration.c:513
void rrset_print(FILE *fd, rrset_type *rrset, int skip_rrsigs, ods_status *status)
Definition: rrset.c:797
ldns_rdf * dname
Definition: domain.h:58
domain_type * domain_create(void *zoneptr, ldns_rdf *dname)
Definition: domain.c:89
void * zone
Definition: domain.h:55
rr_type * rrs
Definition: rrset.h:77