opendnssec-1.4.9/�����������������������������������������������������������������������������������0000755�0001750�0001750�00000000000�12650166152�010673� 5����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/config.guess�����������������������������������������������������������������������0000755�0001750�0001750�00000124753�12650165764�013157� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#! /bin/sh
# Attempt to guess a canonical system name.
# Copyright 1992-2015 Free Software Foundation, Inc.
timestamp='2015-08-20'
# This file is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, see .
me=`echo "$0" | sed -e 's,.*/,,'`
usage="\
Usage: $0 [OPTION]
Output the configuration name of the system \`$me' is run on.
Operation modes:
-h, --help print this help, then exit
-t, --time-stamp print date of last modification, then exit
-v, --version print version number, then exit
Report bugs and patches to ."
version="\
GNU config.guess ($timestamp)
Originally written by Per Bothner.
Copyright 1992-2015 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE."
help="
Try \`$me --help' for more information."
# Parse command line
while test $# -gt 0 ; do
case $1 in
--time-stamp | --time* | -t )
echo "$timestamp" ; exit ;;
--version | -v )
echo "$version" ; exit ;;
--help | --h* | -h )
echo "$usage"; exit ;;
-- ) # Stop option processing
shift; break ;;
- ) # Use stdin as input.
break ;;
-* )
echo "$me: invalid option $1$help" >&2
exit 1 ;;
* )
break ;;
esac
done
if test $# != 0; then
echo "$me: too many arguments$help" >&2
exit 1
fi
trap 'exit 1' 1 2 15
# CC_FOR_BUILD -- compiler used by this script. Note that the use of a
# compiler to aid in system detection is discouraged as it requires
# temporary files to be created and, as you can see below, it is a
# headache to deal with in a portable fashion.
# Historically, `CC_FOR_BUILD' used to be named `HOST_CC'. We still
# use `HOST_CC' if defined, but it is deprecated.
# Portable tmp directory creation inspired by the Autoconf team.
set_cc_for_build='
trap "exitcode=\$?; (rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null) && exit \$exitcode" 0 ;
trap "rm -f \$tmpfiles 2>/dev/null; rmdir \$tmp 2>/dev/null; exit 1" 1 2 13 15 ;
: ${TMPDIR=/tmp} ;
{ tmp=`(umask 077 && mktemp -d "$TMPDIR/cgXXXXXX") 2>/dev/null` && test -n "$tmp" && test -d "$tmp" ; } ||
{ test -n "$RANDOM" && tmp=$TMPDIR/cg$$-$RANDOM && (umask 077 && mkdir $tmp) ; } ||
{ tmp=$TMPDIR/cg-$$ && (umask 077 && mkdir $tmp) && echo "Warning: creating insecure temp directory" >&2 ; } ||
{ echo "$me: cannot create a temporary directory in $TMPDIR" >&2 ; exit 1 ; } ;
dummy=$tmp/dummy ;
tmpfiles="$dummy.c $dummy.o $dummy.rel $dummy" ;
case $CC_FOR_BUILD,$HOST_CC,$CC in
,,) echo "int x;" > $dummy.c ;
for c in cc gcc c89 c99 ; do
if ($c -c -o $dummy.o $dummy.c) >/dev/null 2>&1 ; then
CC_FOR_BUILD="$c"; break ;
fi ;
done ;
if test x"$CC_FOR_BUILD" = x ; then
CC_FOR_BUILD=no_compiler_found ;
fi
;;
,,*) CC_FOR_BUILD=$CC ;;
,*,*) CC_FOR_BUILD=$HOST_CC ;;
esac ; set_cc_for_build= ;'
# This is needed to find uname on a Pyramid OSx when run in the BSD universe.
# (ghazi@noc.rutgers.edu 1994-08-24)
if (test -f /.attbin/uname) >/dev/null 2>&1 ; then
PATH=$PATH:/.attbin ; export PATH
fi
UNAME_MACHINE=`(uname -m) 2>/dev/null` || UNAME_MACHINE=unknown
UNAME_RELEASE=`(uname -r) 2>/dev/null` || UNAME_RELEASE=unknown
UNAME_SYSTEM=`(uname -s) 2>/dev/null` || UNAME_SYSTEM=unknown
UNAME_VERSION=`(uname -v) 2>/dev/null` || UNAME_VERSION=unknown
case "${UNAME_SYSTEM}" in
Linux|GNU|GNU/*)
# If the system lacks a compiler, then just pick glibc.
# We could probably try harder.
LIBC=gnu
eval $set_cc_for_build
cat <<-EOF > $dummy.c
#include
#if defined(__UCLIBC__)
LIBC=uclibc
#elif defined(__dietlibc__)
LIBC=dietlibc
#else
LIBC=gnu
#endif
EOF
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^LIBC' | sed 's, ,,g'`
;;
esac
# Note: order is significant - the case branches are not exclusive.
case "${UNAME_MACHINE}:${UNAME_SYSTEM}:${UNAME_RELEASE}:${UNAME_VERSION}" in
*:NetBSD:*:*)
# NetBSD (nbsd) targets should (where applicable) match one or
# more of the tuples: *-*-netbsdelf*, *-*-netbsdaout*,
# *-*-netbsdecoff* and *-*-netbsd*. For targets that recently
# switched to ELF, *-*-netbsd* would select the old
# object file format. This provides both forward
# compatibility and a consistent mechanism for selecting the
# object file format.
#
# Note: NetBSD doesn't particularly care about the vendor
# portion of the name. We always set it to "unknown".
sysctl="sysctl -n hw.machine_arch"
UNAME_MACHINE_ARCH=`(uname -p 2>/dev/null || \
/sbin/$sysctl 2>/dev/null || \
/usr/sbin/$sysctl 2>/dev/null || \
echo unknown)`
case "${UNAME_MACHINE_ARCH}" in
armeb) machine=armeb-unknown ;;
arm*) machine=arm-unknown ;;
sh3el) machine=shl-unknown ;;
sh3eb) machine=sh-unknown ;;
sh5el) machine=sh5le-unknown ;;
earmv*)
arch=`echo ${UNAME_MACHINE_ARCH} | sed -e 's,^e\(armv[0-9]\).*$,\1,'`
endian=`echo ${UNAME_MACHINE_ARCH} | sed -ne 's,^.*\(eb\)$,\1,p'`
machine=${arch}${endian}-unknown
;;
*) machine=${UNAME_MACHINE_ARCH}-unknown ;;
esac
# The Operating System including object format, if it has switched
# to ELF recently, or will in the future.
case "${UNAME_MACHINE_ARCH}" in
arm*|earm*|i386|m68k|ns32k|sh3*|sparc|vax)
eval $set_cc_for_build
if echo __ELF__ | $CC_FOR_BUILD -E - 2>/dev/null \
| grep -q __ELF__
then
# Once all utilities can be ECOFF (netbsdecoff) or a.out (netbsdaout).
# Return netbsd for either. FIX?
os=netbsd
else
os=netbsdelf
fi
;;
*)
os=netbsd
;;
esac
# Determine ABI tags.
case "${UNAME_MACHINE_ARCH}" in
earm*)
expr='s/^earmv[0-9]/-eabi/;s/eb$//'
abi=`echo ${UNAME_MACHINE_ARCH} | sed -e "$expr"`
;;
esac
# The OS release
# Debian GNU/NetBSD machines have a different userland, and
# thus, need a distinct triplet. However, they do not need
# kernel version information, so it can be replaced with a
# suitable tag, in the style of linux-gnu.
case "${UNAME_VERSION}" in
Debian*)
release='-gnu'
;;
*)
release=`echo ${UNAME_RELEASE} | sed -e 's/[-_].*//' | cut -d. -f1,2`
;;
esac
# Since CPU_TYPE-MANUFACTURER-KERNEL-OPERATING_SYSTEM:
# contains redundant information, the shorter form:
# CPU_TYPE-MANUFACTURER-OPERATING_SYSTEM is used.
echo "${machine}-${os}${release}${abi}"
exit ;;
*:Bitrig:*:*)
UNAME_MACHINE_ARCH=`arch | sed 's/Bitrig.//'`
echo ${UNAME_MACHINE_ARCH}-unknown-bitrig${UNAME_RELEASE}
exit ;;
*:OpenBSD:*:*)
UNAME_MACHINE_ARCH=`arch | sed 's/OpenBSD.//'`
echo ${UNAME_MACHINE_ARCH}-unknown-openbsd${UNAME_RELEASE}
exit ;;
*:ekkoBSD:*:*)
echo ${UNAME_MACHINE}-unknown-ekkobsd${UNAME_RELEASE}
exit ;;
*:SolidBSD:*:*)
echo ${UNAME_MACHINE}-unknown-solidbsd${UNAME_RELEASE}
exit ;;
macppc:MirBSD:*:*)
echo powerpc-unknown-mirbsd${UNAME_RELEASE}
exit ;;
*:MirBSD:*:*)
echo ${UNAME_MACHINE}-unknown-mirbsd${UNAME_RELEASE}
exit ;;
*:Sortix:*:*)
echo ${UNAME_MACHINE}-unknown-sortix
exit ;;
alpha:OSF1:*:*)
case $UNAME_RELEASE in
*4.0)
UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $3}'`
;;
*5.*)
UNAME_RELEASE=`/usr/sbin/sizer -v | awk '{print $4}'`
;;
esac
# According to Compaq, /usr/sbin/psrinfo has been available on
# OSF/1 and Tru64 systems produced since 1995. I hope that
# covers most systems running today. This code pipes the CPU
# types through head -n 1, so we only detect the type of CPU 0.
ALPHA_CPU_TYPE=`/usr/sbin/psrinfo -v | sed -n -e 's/^ The alpha \(.*\) processor.*$/\1/p' | head -n 1`
case "$ALPHA_CPU_TYPE" in
"EV4 (21064)")
UNAME_MACHINE="alpha" ;;
"EV4.5 (21064)")
UNAME_MACHINE="alpha" ;;
"LCA4 (21066/21068)")
UNAME_MACHINE="alpha" ;;
"EV5 (21164)")
UNAME_MACHINE="alphaev5" ;;
"EV5.6 (21164A)")
UNAME_MACHINE="alphaev56" ;;
"EV5.6 (21164PC)")
UNAME_MACHINE="alphapca56" ;;
"EV5.7 (21164PC)")
UNAME_MACHINE="alphapca57" ;;
"EV6 (21264)")
UNAME_MACHINE="alphaev6" ;;
"EV6.7 (21264A)")
UNAME_MACHINE="alphaev67" ;;
"EV6.8CB (21264C)")
UNAME_MACHINE="alphaev68" ;;
"EV6.8AL (21264B)")
UNAME_MACHINE="alphaev68" ;;
"EV6.8CX (21264D)")
UNAME_MACHINE="alphaev68" ;;
"EV6.9A (21264/EV69A)")
UNAME_MACHINE="alphaev69" ;;
"EV7 (21364)")
UNAME_MACHINE="alphaev7" ;;
"EV7.9 (21364A)")
UNAME_MACHINE="alphaev79" ;;
esac
# A Pn.n version is a patched version.
# A Vn.n version is a released version.
# A Tn.n version is a released field test version.
# A Xn.n version is an unreleased experimental baselevel.
# 1.2 uses "1.2" for uname -r.
echo ${UNAME_MACHINE}-dec-osf`echo ${UNAME_RELEASE} | sed -e 's/^[PVTX]//' | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
# Reset EXIT trap before exiting to avoid spurious non-zero exit code.
exitcode=$?
trap '' 0
exit $exitcode ;;
Alpha\ *:Windows_NT*:*)
# How do we know it's Interix rather than the generic POSIX subsystem?
# Should we change UNAME_MACHINE based on the output of uname instead
# of the specific Alpha model?
echo alpha-pc-interix
exit ;;
21064:Windows_NT:50:3)
echo alpha-dec-winnt3.5
exit ;;
Amiga*:UNIX_System_V:4.0:*)
echo m68k-unknown-sysv4
exit ;;
*:[Aa]miga[Oo][Ss]:*:*)
echo ${UNAME_MACHINE}-unknown-amigaos
exit ;;
*:[Mm]orph[Oo][Ss]:*:*)
echo ${UNAME_MACHINE}-unknown-morphos
exit ;;
*:OS/390:*:*)
echo i370-ibm-openedition
exit ;;
*:z/VM:*:*)
echo s390-ibm-zvmoe
exit ;;
*:OS400:*:*)
echo powerpc-ibm-os400
exit ;;
arm:RISC*:1.[012]*:*|arm:riscix:1.[012]*:*)
echo arm-acorn-riscix${UNAME_RELEASE}
exit ;;
arm*:riscos:*:*|arm*:RISCOS:*:*)
echo arm-unknown-riscos
exit ;;
SR2?01:HI-UX/MPP:*:* | SR8000:HI-UX/MPP:*:*)
echo hppa1.1-hitachi-hiuxmpp
exit ;;
Pyramid*:OSx*:*:* | MIS*:OSx*:*:* | MIS*:SMP_DC-OSx*:*:*)
# akee@wpdis03.wpafb.af.mil (Earle F. Ake) contributed MIS and NILE.
if test "`(/bin/universe) 2>/dev/null`" = att ; then
echo pyramid-pyramid-sysv3
else
echo pyramid-pyramid-bsd
fi
exit ;;
NILE*:*:*:dcosx)
echo pyramid-pyramid-svr4
exit ;;
DRS?6000:unix:4.0:6*)
echo sparc-icl-nx6
exit ;;
DRS?6000:UNIX_SV:4.2*:7* | DRS?6000:isis:4.2*:7*)
case `/usr/bin/uname -p` in
sparc) echo sparc-icl-nx7; exit ;;
esac ;;
s390x:SunOS:*:*)
echo ${UNAME_MACHINE}-ibm-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit ;;
sun4H:SunOS:5.*:*)
echo sparc-hal-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit ;;
sun4*:SunOS:5.*:* | tadpole*:SunOS:5.*:*)
echo sparc-sun-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit ;;
i86pc:AuroraUX:5.*:* | i86xen:AuroraUX:5.*:*)
echo i386-pc-auroraux${UNAME_RELEASE}
exit ;;
i86pc:SunOS:5.*:* | i86xen:SunOS:5.*:*)
eval $set_cc_for_build
SUN_ARCH="i386"
# If there is a compiler, see if it is configured for 64-bit objects.
# Note that the Sun cc does not turn __LP64__ into 1 like gcc does.
# This test works for both compilers.
if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
if (echo '#ifdef __amd64'; echo IS_64BIT_ARCH; echo '#endif') | \
(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
grep IS_64BIT_ARCH >/dev/null
then
SUN_ARCH="x86_64"
fi
fi
echo ${SUN_ARCH}-pc-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit ;;
sun4*:SunOS:6*:*)
# According to config.sub, this is the proper way to canonicalize
# SunOS6. Hard to guess exactly what SunOS6 will be like, but
# it's likely to be more like Solaris than SunOS4.
echo sparc-sun-solaris3`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit ;;
sun4*:SunOS:*:*)
case "`/usr/bin/arch -k`" in
Series*|S4*)
UNAME_RELEASE=`uname -v`
;;
esac
# Japanese Language versions have a version number like `4.1.3-JL'.
echo sparc-sun-sunos`echo ${UNAME_RELEASE}|sed -e 's/-/_/'`
exit ;;
sun3*:SunOS:*:*)
echo m68k-sun-sunos${UNAME_RELEASE}
exit ;;
sun*:*:4.2BSD:*)
UNAME_RELEASE=`(sed 1q /etc/motd | awk '{print substr($5,1,3)}') 2>/dev/null`
test "x${UNAME_RELEASE}" = "x" && UNAME_RELEASE=3
case "`/bin/arch`" in
sun3)
echo m68k-sun-sunos${UNAME_RELEASE}
;;
sun4)
echo sparc-sun-sunos${UNAME_RELEASE}
;;
esac
exit ;;
aushp:SunOS:*:*)
echo sparc-auspex-sunos${UNAME_RELEASE}
exit ;;
# The situation for MiNT is a little confusing. The machine name
# can be virtually everything (everything which is not
# "atarist" or "atariste" at least should have a processor
# > m68000). The system name ranges from "MiNT" over "FreeMiNT"
# to the lowercase version "mint" (or "freemint"). Finally
# the system name "TOS" denotes a system which is actually not
# MiNT. But MiNT is downward compatible to TOS, so this should
# be no problem.
atarist[e]:*MiNT:*:* | atarist[e]:*mint:*:* | atarist[e]:*TOS:*:*)
echo m68k-atari-mint${UNAME_RELEASE}
exit ;;
atari*:*MiNT:*:* | atari*:*mint:*:* | atarist[e]:*TOS:*:*)
echo m68k-atari-mint${UNAME_RELEASE}
exit ;;
*falcon*:*MiNT:*:* | *falcon*:*mint:*:* | *falcon*:*TOS:*:*)
echo m68k-atari-mint${UNAME_RELEASE}
exit ;;
milan*:*MiNT:*:* | milan*:*mint:*:* | *milan*:*TOS:*:*)
echo m68k-milan-mint${UNAME_RELEASE}
exit ;;
hades*:*MiNT:*:* | hades*:*mint:*:* | *hades*:*TOS:*:*)
echo m68k-hades-mint${UNAME_RELEASE}
exit ;;
*:*MiNT:*:* | *:*mint:*:* | *:*TOS:*:*)
echo m68k-unknown-mint${UNAME_RELEASE}
exit ;;
m68k:machten:*:*)
echo m68k-apple-machten${UNAME_RELEASE}
exit ;;
powerpc:machten:*:*)
echo powerpc-apple-machten${UNAME_RELEASE}
exit ;;
RISC*:Mach:*:*)
echo mips-dec-mach_bsd4.3
exit ;;
RISC*:ULTRIX:*:*)
echo mips-dec-ultrix${UNAME_RELEASE}
exit ;;
VAX*:ULTRIX*:*:*)
echo vax-dec-ultrix${UNAME_RELEASE}
exit ;;
2020:CLIX:*:* | 2430:CLIX:*:*)
echo clipper-intergraph-clix${UNAME_RELEASE}
exit ;;
mips:*:*:UMIPS | mips:*:*:RISCos)
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#ifdef __cplusplus
#include /* for printf() prototype */
int main (int argc, char *argv[]) {
#else
int main (argc, argv) int argc; char *argv[]; {
#endif
#if defined (host_mips) && defined (MIPSEB)
#if defined (SYSTYPE_SYSV)
printf ("mips-mips-riscos%ssysv\n", argv[1]); exit (0);
#endif
#if defined (SYSTYPE_SVR4)
printf ("mips-mips-riscos%ssvr4\n", argv[1]); exit (0);
#endif
#if defined (SYSTYPE_BSD43) || defined(SYSTYPE_BSD)
printf ("mips-mips-riscos%sbsd\n", argv[1]); exit (0);
#endif
#endif
exit (-1);
}
EOF
$CC_FOR_BUILD -o $dummy $dummy.c &&
dummyarg=`echo "${UNAME_RELEASE}" | sed -n 's/\([0-9]*\).*/\1/p'` &&
SYSTEM_NAME=`$dummy $dummyarg` &&
{ echo "$SYSTEM_NAME"; exit; }
echo mips-mips-riscos${UNAME_RELEASE}
exit ;;
Motorola:PowerMAX_OS:*:*)
echo powerpc-motorola-powermax
exit ;;
Motorola:*:4.3:PL8-*)
echo powerpc-harris-powermax
exit ;;
Night_Hawk:*:*:PowerMAX_OS | Synergy:PowerMAX_OS:*:*)
echo powerpc-harris-powermax
exit ;;
Night_Hawk:Power_UNIX:*:*)
echo powerpc-harris-powerunix
exit ;;
m88k:CX/UX:7*:*)
echo m88k-harris-cxux7
exit ;;
m88k:*:4*:R4*)
echo m88k-motorola-sysv4
exit ;;
m88k:*:3*:R3*)
echo m88k-motorola-sysv3
exit ;;
AViiON:dgux:*:*)
# DG/UX returns AViiON for all architectures
UNAME_PROCESSOR=`/usr/bin/uname -p`
if [ $UNAME_PROCESSOR = mc88100 ] || [ $UNAME_PROCESSOR = mc88110 ]
then
if [ ${TARGET_BINARY_INTERFACE}x = m88kdguxelfx ] || \
[ ${TARGET_BINARY_INTERFACE}x = x ]
then
echo m88k-dg-dgux${UNAME_RELEASE}
else
echo m88k-dg-dguxbcs${UNAME_RELEASE}
fi
else
echo i586-dg-dgux${UNAME_RELEASE}
fi
exit ;;
M88*:DolphinOS:*:*) # DolphinOS (SVR3)
echo m88k-dolphin-sysv3
exit ;;
M88*:*:R3*:*)
# Delta 88k system running SVR3
echo m88k-motorola-sysv3
exit ;;
XD88*:*:*:*) # Tektronix XD88 system running UTekV (SVR3)
echo m88k-tektronix-sysv3
exit ;;
Tek43[0-9][0-9]:UTek:*:*) # Tektronix 4300 system running UTek (BSD)
echo m68k-tektronix-bsd
exit ;;
*:IRIX*:*:*)
echo mips-sgi-irix`echo ${UNAME_RELEASE}|sed -e 's/-/_/g'`
exit ;;
????????:AIX?:[12].1:2) # AIX 2.2.1 or AIX 2.1.1 is RT/PC AIX.
echo romp-ibm-aix # uname -m gives an 8 hex-code CPU id
exit ;; # Note that: echo "'`uname -s`'" gives 'AIX '
i*86:AIX:*:*)
echo i386-ibm-aix
exit ;;
ia64:AIX:*:*)
if [ -x /usr/bin/oslevel ] ; then
IBM_REV=`/usr/bin/oslevel`
else
IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
fi
echo ${UNAME_MACHINE}-ibm-aix${IBM_REV}
exit ;;
*:AIX:2:3)
if grep bos325 /usr/include/stdio.h >/dev/null 2>&1; then
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#include
main()
{
if (!__power_pc())
exit(1);
puts("powerpc-ibm-aix3.2.5");
exit(0);
}
EOF
if $CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy`
then
echo "$SYSTEM_NAME"
else
echo rs6000-ibm-aix3.2.5
fi
elif grep bos324 /usr/include/stdio.h >/dev/null 2>&1; then
echo rs6000-ibm-aix3.2.4
else
echo rs6000-ibm-aix3.2
fi
exit ;;
*:AIX:*:[4567])
IBM_CPU_ID=`/usr/sbin/lsdev -C -c processor -S available | sed 1q | awk '{ print $1 }'`
if /usr/sbin/lsattr -El ${IBM_CPU_ID} | grep ' POWER' >/dev/null 2>&1; then
IBM_ARCH=rs6000
else
IBM_ARCH=powerpc
fi
if [ -x /usr/bin/lslpp ] ; then
IBM_REV=`/usr/bin/lslpp -Lqc bos.rte.libc |
awk -F: '{ print $3 }' | sed s/[0-9]*$/0/`
else
IBM_REV=${UNAME_VERSION}.${UNAME_RELEASE}
fi
echo ${IBM_ARCH}-ibm-aix${IBM_REV}
exit ;;
*:AIX:*:*)
echo rs6000-ibm-aix
exit ;;
ibmrt:4.4BSD:*|romp-ibm:BSD:*)
echo romp-ibm-bsd4.4
exit ;;
ibmrt:*BSD:*|romp-ibm:BSD:*) # covers RT/PC BSD and
echo romp-ibm-bsd${UNAME_RELEASE} # 4.3 with uname added to
exit ;; # report: romp-ibm BSD 4.3
*:BOSX:*:*)
echo rs6000-bull-bosx
exit ;;
DPX/2?00:B.O.S.:*:*)
echo m68k-bull-sysv3
exit ;;
9000/[34]??:4.3bsd:1.*:*)
echo m68k-hp-bsd
exit ;;
hp300:4.4BSD:*:* | 9000/[34]??:4.3bsd:2.*:*)
echo m68k-hp-bsd4.4
exit ;;
9000/[34678]??:HP-UX:*:*)
HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
case "${UNAME_MACHINE}" in
9000/31? ) HP_ARCH=m68000 ;;
9000/[34]?? ) HP_ARCH=m68k ;;
9000/[678][0-9][0-9])
if [ -x /usr/bin/getconf ]; then
sc_cpu_version=`/usr/bin/getconf SC_CPU_VERSION 2>/dev/null`
sc_kernel_bits=`/usr/bin/getconf SC_KERNEL_BITS 2>/dev/null`
case "${sc_cpu_version}" in
523) HP_ARCH="hppa1.0" ;; # CPU_PA_RISC1_0
528) HP_ARCH="hppa1.1" ;; # CPU_PA_RISC1_1
532) # CPU_PA_RISC2_0
case "${sc_kernel_bits}" in
32) HP_ARCH="hppa2.0n" ;;
64) HP_ARCH="hppa2.0w" ;;
'') HP_ARCH="hppa2.0" ;; # HP-UX 10.20
esac ;;
esac
fi
if [ "${HP_ARCH}" = "" ]; then
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#define _HPUX_SOURCE
#include
#include
int main ()
{
#if defined(_SC_KERNEL_BITS)
long bits = sysconf(_SC_KERNEL_BITS);
#endif
long cpu = sysconf (_SC_CPU_VERSION);
switch (cpu)
{
case CPU_PA_RISC1_0: puts ("hppa1.0"); break;
case CPU_PA_RISC1_1: puts ("hppa1.1"); break;
case CPU_PA_RISC2_0:
#if defined(_SC_KERNEL_BITS)
switch (bits)
{
case 64: puts ("hppa2.0w"); break;
case 32: puts ("hppa2.0n"); break;
default: puts ("hppa2.0"); break;
} break;
#else /* !defined(_SC_KERNEL_BITS) */
puts ("hppa2.0"); break;
#endif
default: puts ("hppa1.0"); break;
}
exit (0);
}
EOF
(CCOPTS= $CC_FOR_BUILD -o $dummy $dummy.c 2>/dev/null) && HP_ARCH=`$dummy`
test -z "$HP_ARCH" && HP_ARCH=hppa
fi ;;
esac
if [ ${HP_ARCH} = "hppa2.0w" ]
then
eval $set_cc_for_build
# hppa2.0w-hp-hpux* has a 64-bit kernel and a compiler generating
# 32-bit code. hppa64-hp-hpux* has the same kernel and a compiler
# generating 64-bit code. GNU and HP use different nomenclature:
#
# $ CC_FOR_BUILD=cc ./config.guess
# => hppa2.0w-hp-hpux11.23
# $ CC_FOR_BUILD="cc +DA2.0w" ./config.guess
# => hppa64-hp-hpux11.23
if echo __LP64__ | (CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) |
grep -q __LP64__
then
HP_ARCH="hppa2.0w"
else
HP_ARCH="hppa64"
fi
fi
echo ${HP_ARCH}-hp-hpux${HPUX_REV}
exit ;;
ia64:HP-UX:*:*)
HPUX_REV=`echo ${UNAME_RELEASE}|sed -e 's/[^.]*.[0B]*//'`
echo ia64-hp-hpux${HPUX_REV}
exit ;;
3050*:HI-UX:*:*)
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#include
int
main ()
{
long cpu = sysconf (_SC_CPU_VERSION);
/* The order matters, because CPU_IS_HP_MC68K erroneously returns
true for CPU_PA_RISC1_0. CPU_IS_PA_RISC returns correct
results, however. */
if (CPU_IS_PA_RISC (cpu))
{
switch (cpu)
{
case CPU_PA_RISC1_0: puts ("hppa1.0-hitachi-hiuxwe2"); break;
case CPU_PA_RISC1_1: puts ("hppa1.1-hitachi-hiuxwe2"); break;
case CPU_PA_RISC2_0: puts ("hppa2.0-hitachi-hiuxwe2"); break;
default: puts ("hppa-hitachi-hiuxwe2"); break;
}
}
else if (CPU_IS_HP_MC68K (cpu))
puts ("m68k-hitachi-hiuxwe2");
else puts ("unknown-hitachi-hiuxwe2");
exit (0);
}
EOF
$CC_FOR_BUILD -o $dummy $dummy.c && SYSTEM_NAME=`$dummy` &&
{ echo "$SYSTEM_NAME"; exit; }
echo unknown-hitachi-hiuxwe2
exit ;;
9000/7??:4.3bsd:*:* | 9000/8?[79]:4.3bsd:*:* )
echo hppa1.1-hp-bsd
exit ;;
9000/8??:4.3bsd:*:*)
echo hppa1.0-hp-bsd
exit ;;
*9??*:MPE/iX:*:* | *3000*:MPE/iX:*:*)
echo hppa1.0-hp-mpeix
exit ;;
hp7??:OSF1:*:* | hp8?[79]:OSF1:*:* )
echo hppa1.1-hp-osf
exit ;;
hp8??:OSF1:*:*)
echo hppa1.0-hp-osf
exit ;;
i*86:OSF1:*:*)
if [ -x /usr/sbin/sysversion ] ; then
echo ${UNAME_MACHINE}-unknown-osf1mk
else
echo ${UNAME_MACHINE}-unknown-osf1
fi
exit ;;
parisc*:Lites*:*:*)
echo hppa1.1-hp-lites
exit ;;
C1*:ConvexOS:*:* | convex:ConvexOS:C1*:*)
echo c1-convex-bsd
exit ;;
C2*:ConvexOS:*:* | convex:ConvexOS:C2*:*)
if getsysinfo -f scalar_acc
then echo c32-convex-bsd
else echo c2-convex-bsd
fi
exit ;;
C34*:ConvexOS:*:* | convex:ConvexOS:C34*:*)
echo c34-convex-bsd
exit ;;
C38*:ConvexOS:*:* | convex:ConvexOS:C38*:*)
echo c38-convex-bsd
exit ;;
C4*:ConvexOS:*:* | convex:ConvexOS:C4*:*)
echo c4-convex-bsd
exit ;;
CRAY*Y-MP:*:*:*)
echo ymp-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit ;;
CRAY*[A-Z]90:*:*:*)
echo ${UNAME_MACHINE}-cray-unicos${UNAME_RELEASE} \
| sed -e 's/CRAY.*\([A-Z]90\)/\1/' \
-e y/ABCDEFGHIJKLMNOPQRSTUVWXYZ/abcdefghijklmnopqrstuvwxyz/ \
-e 's/\.[^.]*$/.X/'
exit ;;
CRAY*TS:*:*:*)
echo t90-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit ;;
CRAY*T3E:*:*:*)
echo alphaev5-cray-unicosmk${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit ;;
CRAY*SV1:*:*:*)
echo sv1-cray-unicos${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit ;;
*:UNICOS/mp:*:*)
echo craynv-cray-unicosmp${UNAME_RELEASE} | sed -e 's/\.[^.]*$/.X/'
exit ;;
F30[01]:UNIX_System_V:*:* | F700:UNIX_System_V:*:*)
FUJITSU_PROC=`uname -m | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz'`
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
FUJITSU_REL=`echo ${UNAME_RELEASE} | sed -e 's/ /_/'`
echo "${FUJITSU_PROC}-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
exit ;;
5000:UNIX_System_V:4.*:*)
FUJITSU_SYS=`uname -p | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/\///'`
FUJITSU_REL=`echo ${UNAME_RELEASE} | tr 'ABCDEFGHIJKLMNOPQRSTUVWXYZ' 'abcdefghijklmnopqrstuvwxyz' | sed -e 's/ /_/'`
echo "sparc-fujitsu-${FUJITSU_SYS}${FUJITSU_REL}"
exit ;;
i*86:BSD/386:*:* | i*86:BSD/OS:*:* | *:Ascend\ Embedded/OS:*:*)
echo ${UNAME_MACHINE}-pc-bsdi${UNAME_RELEASE}
exit ;;
sparc*:BSD/OS:*:*)
echo sparc-unknown-bsdi${UNAME_RELEASE}
exit ;;
*:BSD/OS:*:*)
echo ${UNAME_MACHINE}-unknown-bsdi${UNAME_RELEASE}
exit ;;
*:FreeBSD:*:*)
UNAME_PROCESSOR=`/usr/bin/uname -p`
case ${UNAME_PROCESSOR} in
amd64)
echo x86_64-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
*)
echo ${UNAME_PROCESSOR}-unknown-freebsd`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'` ;;
esac
exit ;;
i*:CYGWIN*:*)
echo ${UNAME_MACHINE}-pc-cygwin
exit ;;
*:MINGW64*:*)
echo ${UNAME_MACHINE}-pc-mingw64
exit ;;
*:MINGW*:*)
echo ${UNAME_MACHINE}-pc-mingw32
exit ;;
*:MSYS*:*)
echo ${UNAME_MACHINE}-pc-msys
exit ;;
i*:windows32*:*)
# uname -m includes "-pc" on this system.
echo ${UNAME_MACHINE}-mingw32
exit ;;
i*:PW*:*)
echo ${UNAME_MACHINE}-pc-pw32
exit ;;
*:Interix*:*)
case ${UNAME_MACHINE} in
x86)
echo i586-pc-interix${UNAME_RELEASE}
exit ;;
authenticamd | genuineintel | EM64T)
echo x86_64-unknown-interix${UNAME_RELEASE}
exit ;;
IA64)
echo ia64-unknown-interix${UNAME_RELEASE}
exit ;;
esac ;;
[345]86:Windows_95:* | [345]86:Windows_98:* | [345]86:Windows_NT:*)
echo i${UNAME_MACHINE}-pc-mks
exit ;;
8664:Windows_NT:*)
echo x86_64-pc-mks
exit ;;
i*:Windows_NT*:* | Pentium*:Windows_NT*:*)
# How do we know it's Interix rather than the generic POSIX subsystem?
# It also conflicts with pre-2.0 versions of AT&T UWIN. Should we
# UNAME_MACHINE based on the output of uname instead of i386?
echo i586-pc-interix
exit ;;
i*:UWIN*:*)
echo ${UNAME_MACHINE}-pc-uwin
exit ;;
amd64:CYGWIN*:*:* | x86_64:CYGWIN*:*:*)
echo x86_64-unknown-cygwin
exit ;;
p*:CYGWIN*:*)
echo powerpcle-unknown-cygwin
exit ;;
prep*:SunOS:5.*:*)
echo powerpcle-unknown-solaris2`echo ${UNAME_RELEASE}|sed -e 's/[^.]*//'`
exit ;;
*:GNU:*:*)
# the GNU system
echo `echo ${UNAME_MACHINE}|sed -e 's,[-/].*$,,'`-unknown-${LIBC}`echo ${UNAME_RELEASE}|sed -e 's,/.*$,,'`
exit ;;
*:GNU/*:*:*)
# other systems with GNU libc and userland
echo ${UNAME_MACHINE}-unknown-`echo ${UNAME_SYSTEM} | sed 's,^[^/]*/,,' | tr '[A-Z]' '[a-z]'``echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`-${LIBC}
exit ;;
i*86:Minix:*:*)
echo ${UNAME_MACHINE}-pc-minix
exit ;;
aarch64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
aarch64_be:Linux:*:*)
UNAME_MACHINE=aarch64_be
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
alpha:Linux:*:*)
case `sed -n '/^cpu model/s/^.*: \(.*\)/\1/p' < /proc/cpuinfo` in
EV5) UNAME_MACHINE=alphaev5 ;;
EV56) UNAME_MACHINE=alphaev56 ;;
PCA56) UNAME_MACHINE=alphapca56 ;;
PCA57) UNAME_MACHINE=alphapca56 ;;
EV6) UNAME_MACHINE=alphaev6 ;;
EV67) UNAME_MACHINE=alphaev67 ;;
EV68*) UNAME_MACHINE=alphaev68 ;;
esac
objdump --private-headers /bin/sh | grep -q ld.so.1
if test "$?" = 0 ; then LIBC="gnulibc1" ; fi
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
arc:Linux:*:* | arceb:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
arm*:Linux:*:*)
eval $set_cc_for_build
if echo __ARM_EABI__ | $CC_FOR_BUILD -E - 2>/dev/null \
| grep -q __ARM_EABI__
then
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
else
if echo __ARM_PCS_VFP | $CC_FOR_BUILD -E - 2>/dev/null \
| grep -q __ARM_PCS_VFP
then
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabi
else
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}eabihf
fi
fi
exit ;;
avr32*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
cris:Linux:*:*)
echo ${UNAME_MACHINE}-axis-linux-${LIBC}
exit ;;
crisv32:Linux:*:*)
echo ${UNAME_MACHINE}-axis-linux-${LIBC}
exit ;;
e2k:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
frv:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
hexagon:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
i*86:Linux:*:*)
echo ${UNAME_MACHINE}-pc-linux-${LIBC}
exit ;;
ia64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
m32r*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
m68*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
mips:Linux:*:* | mips64:Linux:*:*)
eval $set_cc_for_build
sed 's/^ //' << EOF >$dummy.c
#undef CPU
#undef ${UNAME_MACHINE}
#undef ${UNAME_MACHINE}el
#if defined(__MIPSEL__) || defined(__MIPSEL) || defined(_MIPSEL) || defined(MIPSEL)
CPU=${UNAME_MACHINE}el
#else
#if defined(__MIPSEB__) || defined(__MIPSEB) || defined(_MIPSEB) || defined(MIPSEB)
CPU=${UNAME_MACHINE}
#else
CPU=
#endif
#endif
EOF
eval `$CC_FOR_BUILD -E $dummy.c 2>/dev/null | grep '^CPU'`
test x"${CPU}" != x && { echo "${CPU}-unknown-linux-${LIBC}"; exit; }
;;
openrisc*:Linux:*:*)
echo or1k-unknown-linux-${LIBC}
exit ;;
or32:Linux:*:* | or1k*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
padre:Linux:*:*)
echo sparc-unknown-linux-${LIBC}
exit ;;
parisc64:Linux:*:* | hppa64:Linux:*:*)
echo hppa64-unknown-linux-${LIBC}
exit ;;
parisc:Linux:*:* | hppa:Linux:*:*)
# Look for CPU level
case `grep '^cpu[^a-z]*:' /proc/cpuinfo 2>/dev/null | cut -d' ' -f2` in
PA7*) echo hppa1.1-unknown-linux-${LIBC} ;;
PA8*) echo hppa2.0-unknown-linux-${LIBC} ;;
*) echo hppa-unknown-linux-${LIBC} ;;
esac
exit ;;
ppc64:Linux:*:*)
echo powerpc64-unknown-linux-${LIBC}
exit ;;
ppc:Linux:*:*)
echo powerpc-unknown-linux-${LIBC}
exit ;;
ppc64le:Linux:*:*)
echo powerpc64le-unknown-linux-${LIBC}
exit ;;
ppcle:Linux:*:*)
echo powerpcle-unknown-linux-${LIBC}
exit ;;
s390:Linux:*:* | s390x:Linux:*:*)
echo ${UNAME_MACHINE}-ibm-linux-${LIBC}
exit ;;
sh64*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
sh*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
sparc:Linux:*:* | sparc64:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
tile*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
vax:Linux:*:*)
echo ${UNAME_MACHINE}-dec-linux-${LIBC}
exit ;;
x86_64:Linux:*:*)
echo ${UNAME_MACHINE}-pc-linux-${LIBC}
exit ;;
xtensa*:Linux:*:*)
echo ${UNAME_MACHINE}-unknown-linux-${LIBC}
exit ;;
i*86:DYNIX/ptx:4*:*)
# ptx 4.0 does uname -s correctly, with DYNIX/ptx in there.
# earlier versions are messed up and put the nodename in both
# sysname and nodename.
echo i386-sequent-sysv4
exit ;;
i*86:UNIX_SV:4.2MP:2.*)
# Unixware is an offshoot of SVR4, but it has its own version
# number series starting with 2...
# I am not positive that other SVR4 systems won't match this,
# I just have to hope. -- rms.
# Use sysv4.2uw... so that sysv4* matches it.
echo ${UNAME_MACHINE}-pc-sysv4.2uw${UNAME_VERSION}
exit ;;
i*86:OS/2:*:*)
# If we were able to find `uname', then EMX Unix compatibility
# is probably installed.
echo ${UNAME_MACHINE}-pc-os2-emx
exit ;;
i*86:XTS-300:*:STOP)
echo ${UNAME_MACHINE}-unknown-stop
exit ;;
i*86:atheos:*:*)
echo ${UNAME_MACHINE}-unknown-atheos
exit ;;
i*86:syllable:*:*)
echo ${UNAME_MACHINE}-pc-syllable
exit ;;
i*86:LynxOS:2.*:* | i*86:LynxOS:3.[01]*:* | i*86:LynxOS:4.[02]*:*)
echo i386-unknown-lynxos${UNAME_RELEASE}
exit ;;
i*86:*DOS:*:*)
echo ${UNAME_MACHINE}-pc-msdosdjgpp
exit ;;
i*86:*:4.*:* | i*86:SYSTEM_V:4.*:*)
UNAME_REL=`echo ${UNAME_RELEASE} | sed 's/\/MP$//'`
if grep Novell /usr/include/link.h >/dev/null 2>/dev/null; then
echo ${UNAME_MACHINE}-univel-sysv${UNAME_REL}
else
echo ${UNAME_MACHINE}-pc-sysv${UNAME_REL}
fi
exit ;;
i*86:*:5:[678]*)
# UnixWare 7.x, OpenUNIX and OpenServer 6.
case `/bin/uname -X | grep "^Machine"` in
*486*) UNAME_MACHINE=i486 ;;
*Pentium) UNAME_MACHINE=i586 ;;
*Pent*|*Celeron) UNAME_MACHINE=i686 ;;
esac
echo ${UNAME_MACHINE}-unknown-sysv${UNAME_RELEASE}${UNAME_SYSTEM}${UNAME_VERSION}
exit ;;
i*86:*:3.2:*)
if test -f /usr/options/cb.name; then
UNAME_REL=`sed -n 's/.*Version //p' /dev/null >/dev/null ; then
UNAME_REL=`(/bin/uname -X|grep Release|sed -e 's/.*= //')`
(/bin/uname -X|grep i80486 >/dev/null) && UNAME_MACHINE=i486
(/bin/uname -X|grep '^Machine.*Pentium' >/dev/null) \
&& UNAME_MACHINE=i586
(/bin/uname -X|grep '^Machine.*Pent *II' >/dev/null) \
&& UNAME_MACHINE=i686
(/bin/uname -X|grep '^Machine.*Pentium Pro' >/dev/null) \
&& UNAME_MACHINE=i686
echo ${UNAME_MACHINE}-pc-sco$UNAME_REL
else
echo ${UNAME_MACHINE}-pc-sysv32
fi
exit ;;
pc:*:*:*)
# Left here for compatibility:
# uname -m prints for DJGPP always 'pc', but it prints nothing about
# the processor, so we play safe by assuming i586.
# Note: whatever this is, it MUST be the same as what config.sub
# prints for the "djgpp" host, or else GDB configury will decide that
# this is a cross-build.
echo i586-pc-msdosdjgpp
exit ;;
Intel:Mach:3*:*)
echo i386-pc-mach3
exit ;;
paragon:*:*:*)
echo i860-intel-osf1
exit ;;
i860:*:4.*:*) # i860-SVR4
if grep Stardent /usr/include/sys/uadmin.h >/dev/null 2>&1 ; then
echo i860-stardent-sysv${UNAME_RELEASE} # Stardent Vistra i860-SVR4
else # Add other i860-SVR4 vendors below as they are discovered.
echo i860-unknown-sysv${UNAME_RELEASE} # Unknown i860-SVR4
fi
exit ;;
mini*:CTIX:SYS*5:*)
# "miniframe"
echo m68010-convergent-sysv
exit ;;
mc68k:UNIX:SYSTEM5:3.51m)
echo m68k-convergent-sysv
exit ;;
M680?0:D-NIX:5.3:*)
echo m68k-diab-dnix
exit ;;
M68*:*:R3V[5678]*:*)
test -r /sysV68 && { echo 'm68k-motorola-sysv'; exit; } ;;
3[345]??:*:4.0:3.0 | 3[34]??A:*:4.0:3.0 | 3[34]??,*:*:4.0:3.0 | 3[34]??/*:*:4.0:3.0 | 4400:*:4.0:3.0 | 4850:*:4.0:3.0 | SKA40:*:4.0:3.0 | SDS2:*:4.0:3.0 | SHG2:*:4.0:3.0 | S7501*:*:4.0:3.0)
OS_REL=''
test -r /etc/.relid \
&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
&& { echo i486-ncr-sysv4.3${OS_REL}; exit; }
/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
&& { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
3[34]??:*:4.0:* | 3[34]??,*:*:4.0:*)
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
&& { echo i486-ncr-sysv4; exit; } ;;
NCR*:*:4.2:* | MPRAS*:*:4.2:*)
OS_REL='.3'
test -r /etc/.relid \
&& OS_REL=.`sed -n 's/[^ ]* [^ ]* \([0-9][0-9]\).*/\1/p' < /etc/.relid`
/bin/uname -p 2>/dev/null | grep 86 >/dev/null \
&& { echo i486-ncr-sysv4.3${OS_REL}; exit; }
/bin/uname -p 2>/dev/null | /bin/grep entium >/dev/null \
&& { echo i586-ncr-sysv4.3${OS_REL}; exit; }
/bin/uname -p 2>/dev/null | /bin/grep pteron >/dev/null \
&& { echo i586-ncr-sysv4.3${OS_REL}; exit; } ;;
m68*:LynxOS:2.*:* | m68*:LynxOS:3.0*:*)
echo m68k-unknown-lynxos${UNAME_RELEASE}
exit ;;
mc68030:UNIX_System_V:4.*:*)
echo m68k-atari-sysv4
exit ;;
TSUNAMI:LynxOS:2.*:*)
echo sparc-unknown-lynxos${UNAME_RELEASE}
exit ;;
rs6000:LynxOS:2.*:*)
echo rs6000-unknown-lynxos${UNAME_RELEASE}
exit ;;
PowerPC:LynxOS:2.*:* | PowerPC:LynxOS:3.[01]*:* | PowerPC:LynxOS:4.[02]*:*)
echo powerpc-unknown-lynxos${UNAME_RELEASE}
exit ;;
SM[BE]S:UNIX_SV:*:*)
echo mips-dde-sysv${UNAME_RELEASE}
exit ;;
RM*:ReliantUNIX-*:*:*)
echo mips-sni-sysv4
exit ;;
RM*:SINIX-*:*:*)
echo mips-sni-sysv4
exit ;;
*:SINIX-*:*:*)
if uname -p 2>/dev/null >/dev/null ; then
UNAME_MACHINE=`(uname -p) 2>/dev/null`
echo ${UNAME_MACHINE}-sni-sysv4
else
echo ns32k-sni-sysv
fi
exit ;;
PENTIUM:*:4.0*:*) # Unisys `ClearPath HMP IX 4000' SVR4/MP effort
# says
echo i586-unisys-sysv4
exit ;;
*:UNIX_System_V:4*:FTX*)
# From Gerald Hewes .
# How about differentiating between stratus architectures? -djm
echo hppa1.1-stratus-sysv4
exit ;;
*:*:*:FTX*)
# From seanf@swdc.stratus.com.
echo i860-stratus-sysv4
exit ;;
i*86:VOS:*:*)
# From Paul.Green@stratus.com.
echo ${UNAME_MACHINE}-stratus-vos
exit ;;
*:VOS:*:*)
# From Paul.Green@stratus.com.
echo hppa1.1-stratus-vos
exit ;;
mc68*:A/UX:*:*)
echo m68k-apple-aux${UNAME_RELEASE}
exit ;;
news*:NEWS-OS:6*:*)
echo mips-sony-newsos6
exit ;;
R[34]000:*System_V*:*:* | R4000:UNIX_SYSV:*:* | R*000:UNIX_SV:*:*)
if [ -d /usr/nec ]; then
echo mips-nec-sysv${UNAME_RELEASE}
else
echo mips-unknown-sysv${UNAME_RELEASE}
fi
exit ;;
BeBox:BeOS:*:*) # BeOS running on hardware made by Be, PPC only.
echo powerpc-be-beos
exit ;;
BeMac:BeOS:*:*) # BeOS running on Mac or Mac clone, PPC only.
echo powerpc-apple-beos
exit ;;
BePC:BeOS:*:*) # BeOS running on Intel PC compatible.
echo i586-pc-beos
exit ;;
BePC:Haiku:*:*) # Haiku running on Intel PC compatible.
echo i586-pc-haiku
exit ;;
x86_64:Haiku:*:*)
echo x86_64-unknown-haiku
exit ;;
SX-4:SUPER-UX:*:*)
echo sx4-nec-superux${UNAME_RELEASE}
exit ;;
SX-5:SUPER-UX:*:*)
echo sx5-nec-superux${UNAME_RELEASE}
exit ;;
SX-6:SUPER-UX:*:*)
echo sx6-nec-superux${UNAME_RELEASE}
exit ;;
SX-7:SUPER-UX:*:*)
echo sx7-nec-superux${UNAME_RELEASE}
exit ;;
SX-8:SUPER-UX:*:*)
echo sx8-nec-superux${UNAME_RELEASE}
exit ;;
SX-8R:SUPER-UX:*:*)
echo sx8r-nec-superux${UNAME_RELEASE}
exit ;;
Power*:Rhapsody:*:*)
echo powerpc-apple-rhapsody${UNAME_RELEASE}
exit ;;
*:Rhapsody:*:*)
echo ${UNAME_MACHINE}-apple-rhapsody${UNAME_RELEASE}
exit ;;
*:Darwin:*:*)
UNAME_PROCESSOR=`uname -p` || UNAME_PROCESSOR=unknown
eval $set_cc_for_build
if test "$UNAME_PROCESSOR" = unknown ; then
UNAME_PROCESSOR=powerpc
fi
if test `echo "$UNAME_RELEASE" | sed -e 's/\..*//'` -le 10 ; then
if [ "$CC_FOR_BUILD" != 'no_compiler_found' ]; then
if (echo '#ifdef __LP64__'; echo IS_64BIT_ARCH; echo '#endif') | \
(CCOPTS= $CC_FOR_BUILD -E - 2>/dev/null) | \
grep IS_64BIT_ARCH >/dev/null
then
case $UNAME_PROCESSOR in
i386) UNAME_PROCESSOR=x86_64 ;;
powerpc) UNAME_PROCESSOR=powerpc64 ;;
esac
fi
fi
elif test "$UNAME_PROCESSOR" = i386 ; then
# Avoid executing cc on OS X 10.9, as it ships with a stub
# that puts up a graphical alert prompting to install
# developer tools. Any system running Mac OS X 10.7 or
# later (Darwin 11 and later) is required to have a 64-bit
# processor. This is not true of the ARM version of Darwin
# that Apple uses in portable devices.
UNAME_PROCESSOR=x86_64
fi
echo ${UNAME_PROCESSOR}-apple-darwin${UNAME_RELEASE}
exit ;;
*:procnto*:*:* | *:QNX:[0123456789]*:*)
UNAME_PROCESSOR=`uname -p`
if test "$UNAME_PROCESSOR" = "x86"; then
UNAME_PROCESSOR=i386
UNAME_MACHINE=pc
fi
echo ${UNAME_PROCESSOR}-${UNAME_MACHINE}-nto-qnx${UNAME_RELEASE}
exit ;;
*:QNX:*:4*)
echo i386-pc-qnx
exit ;;
NEO-?:NONSTOP_KERNEL:*:*)
echo neo-tandem-nsk${UNAME_RELEASE}
exit ;;
NSE-*:NONSTOP_KERNEL:*:*)
echo nse-tandem-nsk${UNAME_RELEASE}
exit ;;
NSR-?:NONSTOP_KERNEL:*:*)
echo nsr-tandem-nsk${UNAME_RELEASE}
exit ;;
*:NonStop-UX:*:*)
echo mips-compaq-nonstopux
exit ;;
BS2000:POSIX*:*:*)
echo bs2000-siemens-sysv
exit ;;
DS/*:UNIX_System_V:*:*)
echo ${UNAME_MACHINE}-${UNAME_SYSTEM}-${UNAME_RELEASE}
exit ;;
*:Plan9:*:*)
# "uname -m" is not consistent, so use $cputype instead. 386
# is converted to i386 for consistency with other x86
# operating systems.
if test "$cputype" = "386"; then
UNAME_MACHINE=i386
else
UNAME_MACHINE="$cputype"
fi
echo ${UNAME_MACHINE}-unknown-plan9
exit ;;
*:TOPS-10:*:*)
echo pdp10-unknown-tops10
exit ;;
*:TENEX:*:*)
echo pdp10-unknown-tenex
exit ;;
KS10:TOPS-20:*:* | KL10:TOPS-20:*:* | TYPE4:TOPS-20:*:*)
echo pdp10-dec-tops20
exit ;;
XKL-1:TOPS-20:*:* | TYPE5:TOPS-20:*:*)
echo pdp10-xkl-tops20
exit ;;
*:TOPS-20:*:*)
echo pdp10-unknown-tops20
exit ;;
*:ITS:*:*)
echo pdp10-unknown-its
exit ;;
SEI:*:*:SEIUX)
echo mips-sei-seiux${UNAME_RELEASE}
exit ;;
*:DragonFly:*:*)
echo ${UNAME_MACHINE}-unknown-dragonfly`echo ${UNAME_RELEASE}|sed -e 's/[-(].*//'`
exit ;;
*:*VMS:*:*)
UNAME_MACHINE=`(uname -p) 2>/dev/null`
case "${UNAME_MACHINE}" in
A*) echo alpha-dec-vms ; exit ;;
I*) echo ia64-dec-vms ; exit ;;
V*) echo vax-dec-vms ; exit ;;
esac ;;
*:XENIX:*:SysV)
echo i386-pc-xenix
exit ;;
i*86:skyos:*:*)
echo ${UNAME_MACHINE}-pc-skyos`echo ${UNAME_RELEASE}` | sed -e 's/ .*$//'
exit ;;
i*86:rdos:*:*)
echo ${UNAME_MACHINE}-pc-rdos
exit ;;
i*86:AROS:*:*)
echo ${UNAME_MACHINE}-pc-aros
exit ;;
x86_64:VMkernel:*:*)
echo ${UNAME_MACHINE}-unknown-esx
exit ;;
esac
cat >&2 < in order to provide the needed
information to handle your system.
config.guess timestamp = $timestamp
uname -m = `(uname -m) 2>/dev/null || echo unknown`
uname -r = `(uname -r) 2>/dev/null || echo unknown`
uname -s = `(uname -s) 2>/dev/null || echo unknown`
uname -v = `(uname -v) 2>/dev/null || echo unknown`
/usr/bin/uname -p = `(/usr/bin/uname -p) 2>/dev/null`
/bin/uname -X = `(/bin/uname -X) 2>/dev/null`
hostinfo = `(hostinfo) 2>/dev/null`
/bin/universe = `(/bin/universe) 2>/dev/null`
/usr/bin/arch -k = `(/usr/bin/arch -k) 2>/dev/null`
/bin/arch = `(/bin/arch) 2>/dev/null`
/usr/bin/oslevel = `(/usr/bin/oslevel) 2>/dev/null`
/usr/convex/getsysinfo = `(/usr/convex/getsysinfo) 2>/dev/null`
UNAME_MACHINE = ${UNAME_MACHINE}
UNAME_RELEASE = ${UNAME_RELEASE}
UNAME_SYSTEM = ${UNAME_SYSTEM}
UNAME_VERSION = ${UNAME_VERSION}
EOF
exit 1
# Local variables:
# eval: (add-hook 'write-file-hooks 'time-stamp)
# time-stamp-start: "timestamp='"
# time-stamp-format: "%:y-%02m-%02d"
# time-stamp-end: "'"
# End:
���������������������opendnssec-1.4.9/NEWS�������������������������������������������������������������������������������0000644�0001750�0001750�00000153244�12650165732�011326� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������OpenDNSSEC 1.4.9 - 2016-01-21
Bugfixes:
* Add TCP waiting queue. Fix signer getting 'stuck' when adding many zones
at once. Thanks to Havard Eidnes to bringing this to our attention.
* OPENDNSSEC-723: received SOA serial reported as on disk.
* Fix potential locking issue on SOA serial.
* Crash on shutdown. At all times join xfr and dns handler threads.
* Make handling of notifies more consistent. Previous implementation would
bounce between code paths.
Known Issues:
* When using SoftHSM2 compiled with OpenSSL, and libmysql with OpenSSL as
database backend for OpenDNSSEC. "ods-ksmutil key list --verbose" crashes
on exit. This is ultimately a bug in OpenSSL and not new for this particular
release. Make sure you don't use this specific combination.
OpenDNSSEC 1.4.8 - 2015-09-24
* Support for RFC5011 style KSK rollovers. KSK section in the KASP now
accepts .
* OPENDNSSEC-621: conf.xml: New options: for both enforcer and
signer, and for the signer.
* New tool: ods-getconf: to retrieve a configuration value from conf.xml
given an expression.
Bugfixes:
* OPENDNSSEC-469: ods-ksmutil: 'zone add' command when zonelist.xml.backup
can't be written zone is still added to database, solved it by checking the
zonelist.xml.backup is writable before adding zones, and add error message
when add zone failed.
* OPENDNSSEC-617: Signer Engine: Fix DNS Input Adapter to not reject zone
the first time due to RFC 1982 serial arethmetic.
* OPENDNSSEC-619: memory leak when signer failed, solved it by add
ldns_rr_free(signature) in libhsm.c
* OPENDNSSEC-627: Signer Engine: Unable to update serial after restart
when the backup files has been removed.
* OPENDNSSEC-628: Signer Engine: Ingored notifies log level is changed
from debug to info.
* OPENDNSSEC-630: Signer Engine: Fix inbound zone transfer for root zone.
* libhsm: Fixed a few other memory leaks.
* simple-dnskey-mailer.sh: Fix syntax error. (by Patrik Lundin
https://github.com/eest)
OpenDNSSEC 1.4.5 - 2014-04-11
Bugfixes:
* OPENDNSSEC-607: libhsm not using all mandatory attributes for GOST key
generation.
* OPENDNSSEC-609: ods-ksmutil: 'key list' command fails with error in 1.4.4
on MySQL. Reported by Mark Elkins
OpenDNSSEC 1.4.4 - 2014-03-25
* SUPPORT-114: libhsm: Optimize storage in HSM by deleting the public
key directly if SkipPublicKey is used [OPENDNSSEC-574].
* OPENDNSSEC-358: ods-ksmutil:Extend 'key list' command with options to filter
on key type and state. This allows keys in the GENERATE and DEAD state to be
output.
* OPENDNSSEC-457: ods-ksmutil: Add a check on the 'zone add' input/output
type parameter to allow only File or DNS.
* OPENDNSSEC-549: Signer Engine: Put NSEC3 records on empty non-terminals
derived from unsigned delegations (be compatible with servers that are
incompatible with RFC 5155 errata 3441).
* Make/build: Include README.md in dist tar-ball.
Bugfixes:
* SUPPORT-86: Fixed build on OS X [OPENDNSSEC-512].
* SUPPORT-97: Signer Engine: Fix after restart signer thinks zone has expired
[OPENDNSSEC-526].
* SUPPORT-101: Signer Engine: Fix multiple zone transfer to single file bug
[OPENDNSSEC-529].
* SUPPORT-102: Signer Engine: Fix statistics (count can be negative)/
* SUPPORT-108: Signer Engine: Don't replace tabs in RRs with whitespace
[OPENDNSSEC-520].
* SUPPORT-116: ods-ksmutil: 'key import' date validation fails on certain
dates [OPENDNSSEC-553].
* SUPPORT-128: ods-ksmutil. Man page had incorrect formatting [OPENDNSSEC-576].
* SUPPORT-127: ods-signer: Fix manpage sections.
* OPENDNSSEC-481: libhsm: Fix an off-by-one length check error.
* OPENDNSSEC-482: libhsm: Improved cleanup for C_FindObjects.
* OPENDNSSEC-531: ods-ksmutil: Exported value of in
'policy export' output could be wrong on MySQL.
* OPENDNSSEC-537: libhsm: Possible memory corruption in hsm_get_slot_id.
* OPENDNSSEC-544: Signer Engine: Fix assertion error that happens on an IXFR
request with EDNS.
* OPENDNSSEC-546: enforcer & ods-ksmutil: Improve logging on key creation
and alloctaion.
* OPENDNSSEC-560: Signer Engine: Don't crash when unsigned zone has no SOA.
* Signer Engine: Fix a race condition when stopping daemon.
OpenDNSSEC 1.4.3 - 2013-12-04
* SUPPORT-72: Improve logging when failed to increment serial in case
of key rollover and serial value "keep" [OPENDNSSEC-461].
* OPENDNSSEC-106: Add 'ods-enforcerd -p ' option. This prompts the
enforcer to run once and only process the specified policy and associated
zones.
* OPENDNSSEC-330: NSEC3PARAM TTL can now be optionally configured in kasp.xml.
Default value remains PT0S.
* OPENDNSSEC-390: ods-ksmutil: Add an option to the 'ods-ksmutil key ds-seen'
command so the user can choose not to notify the enforcer.
* OPENDNSSEC-430: ods-ksmutil: Improve 'zone add' - Zone add command
could warn if a specified zone file or adapter file does not exits.
* OPENDNSSEC-431: ods-ksmutil: Improve 'zone add' - Support default values for DNS adapters.
* OPENDNSSEC-454: ods-ksmutil: Add option for 'ods-ksmutil key import' to
check if there is a matching key in the repository before import.
Bugfixes:
* OPENDNSSEC-435: Signer Engine: Fix a serious memory leak in signature
cleanup.
* OPENDNSSEC-463: Signer Engine: Duration PT0S is now printed correctly.
* OPENDNSSEC-466: Signer Engine: Created bad TSIG signature when falling back
to AXFR.
* OPENDNSSEC-467: Signer Engine: After ods-signer clear, signer should not use
inbound serial.
OpenDNSSEC 1.4.2 - 2013-09-11
* OPENDNSSEC-428: ods-ksmutil: Add option for 'ods-ksmutil key generate' to
take number of zones as a parameter
Bugfixes:
* SUPPORT-66: Signer Engine: Fix file descriptor leak in case of TCP write
error [OPENDNSSEC-427].
* SUPPORT-71: Signer Engine: Fix double free crash in case of HSM connection
error during signing [OPENDNSSEC-444].
* OPENDNSSEC-401: 'ods-signer sign --serial ' command produces seg
fault when run directly on command line (i.e. not via interactive mode)
* OPENDNSSEC-440: 'ods-ksmutil key generate' and the enforcer can create
too many keys if there are keys already available and the KSK and ZSK use
same algorithm and length
* OPENDNSSEC-424: Signer Engine: Respond to SOA queries from file instead
of memory. Makes response non-blocking.
* OPENDNSSEC-425 Change "hsmutil list" output so that the table header goes
to stdout not stderr
* OPENDNSSEC-438: 'ods-ksmutil key generate' and the enforcer can create
too many keys for with --serial so that the user
can specify the SOA serial to use in the signed zone [OPENDNSSEC-401].
* OPENDNSSEC-91: Make the keytype flag required when rolling keys
Bugfixes:
* SUPPORT-60: Fix datecounter in case inbound serial is higher than outbound
serial [OPENDNSSEC-420].
* OPENDNSSEC-247: Signer Engine: TTL on NSEC3 was not updated on SOA
Minimum change.
* OPENDNSSEC-421: Signer Engine: Fix assertion error in case NSEC3 hash
algorithm in signconf is not SHA1.
* OPENDNSSEC-421: ods-kaspcheck: Check whether NSEC3 hash algorithm in kasp
is valid.
* Bugfix: The time when inbound serial is acquired was reset invalidly,
could cause OpenDNSSEC wanting AXFR responses while requesting IXFR (thanks
Stuart Lau).
* Bugfix: Fix malform in Outbound IXFR/TCP subsequent packet (thanks Stuart
Lau).
* OPENDNSSEC-398: The ods-ksmutil key rollover command does not work correctly
when rolling all keys using the --policy option
OpenDNSSEC 1.4.0 - 2013-04-22
* Production release of 1.4
* Versioning scheme and release support policies updated
* Summary of changes in 1.4 can be found on the wiki:
http://wiki.opendnssec.org/display/DOCS
OpenDNSSEC 1.4.0rc3 - 2013-03-15
* Further testing of OPENDNSSEC-387 completed, release returned to rc status.
OpenDNSSEC 1.4.0b3 - 2013-02-20
Note: This release is marked as a beta release (rather than rc3) due to
OPENDNSSEC-387, which is a significant functional change compared to rc2.
* OPENDNSSEC-387: Rollback of multi-threaded enforcer. Due to key allocation
issues the usefulness of the threaded enforcer is outweighed by the code
complications. The option still remains in conf.xml for compatibility with
existing use; but it will now be silently ignored.
Bugfixes:
* OPENDNSSEC-388: Signer Engine: Internal serial should take into account
the inbound serial.
* SUPPORT-50/51: Signer Engine: Inbound DNS Adapter incorrectly updates
NSEC3PARAM and DNSKEY RRset [OPENDNSSEC-389]
* OPENDNSSEC-389: Input DNS Adapter incorrectly updating NSEC3PARAM and DNSKEY RRsets
OpenDNSSEC 1.4.0rc2 - 2013-01-25
* OPENDNSSEC-350: Signer Engine: Better log message when IXFR is not ready for
reading.
* OPENDNSSEC-367: ods-ksmutil: Require user confirmation if the algorithm for
a key is changed in a policy (as this rollover is not handled cleanly)
Bugfixes:
* SUPPORT-44: Signer Engine: Drop privileges after binding to socket
[OPENDNSSEC-364].
* Signer Engine: XFR not ready should not be a fatal status for task read
(thanks Ville Mattila).
* OPENDNSSEC-365: Enforcer: Nasty bug where KSKs could get prematurely retired.
OpenDNSSEC 1.4.0rc1 - 2013-01-10
* OPENDNSSEC-359: Remove eppclient
OpenDNSSEC 1.4.0b2 - 2012-12-17
* OPENDNSSEC-292: Provide scripts to convert database between different
supported formats
* OPENDNSSEC-299: ods-ksmutil: ods-ksmutil now includes policy import
* OPENDNSSEC-300: ods-ksmutil: policy purge documented with a warning
* OPENDNSSEC-315: "ods-hsmutil logout" will delete any credentials in the
shared memory.
* OPENDNSSEC-330: Signer Engine: NSEC3PARAM TTL should be set to zero.
* OPENDNSSEC-338: ods-ksmutil: fix zone delete on MySQL (broken by SUPPORT-27)
* OPENDNSSEC-345: ods-ksmutil: use ods-control to HUP the enforcerd process
* ods-ksmutil: Deprecate the one-step key backup command
Bugfixes:
* SUPPORT-40: Signer Engine: Keep occluded data in signed zone files/transfers.
* OPENDNSSEC-349: Enforcer: Fix some memory leaks in the enforcer found by
valgrind.
* OPENDNSSEC-353: Signer Engine: Add/remove NSEC3s for empty non-terminals
between apex and delegation when DS is added/removed.
* Signer Engine: Fixed locking and notification on the drudge work queue,
signals could be missed so that drudgers would stall when there was work to
be done.
* libhsm: Fixed PIN handling on OpenBSD.
* Enforcer: If enabled enforcer workers and configured number of workers is 1,
make sure that enforcer runs the signer update command after signer
configuration change.
* Signer Engine: Don't add double RRSIGs generated by the same key for the
DNSKEY RRset.
* Signer Engine: Rollback incompleted zone transfers on disk (could happen
if a connection was reset during transfer).
* Multi-threaded enforcer: various minor fixes including deadlock problems.
OpenDNSSEC 1.4.0b1 - 2012-09-06
* OPENDNSSEC-130: libhsm: The PIN is now optional in conf.xml. The PIN can be
entered using "ods-hsmutil login" and is stored in shared memory. The daemons
will not start until this has been done by the user.
* OPENDNSSEC-297: Enforcer: Multi-threaded option available for the enforcer to
improve performance (MySQL only).
* OPENDNSSEC-320: Signer Engine: The , ,
and elements are now optional, but if provided they require
one or more or elements.
Bugfixes:
* OPENDNSSEC-255: Signer Engine: OpenDNSSEC 1.4.0a1 writes out mangled RRSIG
record.
* OPENDNSSEC-261: Signer Engine: Ldns fails to parse RR that seems
syntactically correct.
* OPENDNSSEC-269: Signer Engine: Crash when multiple threads access ixfr
struct.
* OPENDNSSEC-281: Commandhandler sometimes unresponsive.
* OPENDNSSEC-318: Signer Engine: Don't stop dns and xfr handlers if these
threads have not yet been started.
* OPENDNSSEC-319: Signer Engine: Fix TSIG segfault on signer shutdown.
* OPENDNSSEC-325: Signer Engine: Don't include RRSIG records when DO bit is
not set.
* OPENDNSSEC-326: Signer Engine: Stop serving a zone that could not be
transferred from master and has been expired.
OpenDNSSEC 1.4.0a3 - 2012-08-08
* OPENDNSSEC-258: Optionally include cka_id in output to
DelegationSignerSubmitCommand.
Bugfixes:
* SUPPORT-27: ods-ksmutil: simplify zone delete so that it only marks keys
as dead (rather than actually removing them). Leave the key removal to purge
jobs.
* SUPPORT-29: Signer Engine: Fix ods-signer clear command exits
prematurely [OPENDNSSEC-289].
* SUPPORT-30: Signer Engine: RRSIGs are left in the signed zone when
authoritative RRsets become glue [OPENDNSSEC-282].
* OPENDNSSEC-278: ods-ksmutil processes waiting forever to get DB lock
* OPENDNSSEC-290: Signer Engine: Fix false conflict when changing CNAME into
other RRtype.
* OPENDNSSEC-298: Enforcer: Only unlink existing pidfile on exit if we wrote it.
* OPENDNSSEC-304: Signer Engine: Check pidfile on startup, if pidfile exists
and corresponding process is running, then complain and exit.
* OPENDNSSEC-306: Can't delete zone until Enforcer made signconf.
* Fix assertion error when printing signed zone with empty non-terminals and
NSEC.
* Make setting QUERY ID in XFR requests more random.
OpenDNSSEC 1.4.0a2 - 2012-05-24
* OPENDNSSEC-226: Change in conf.xml: Configure the DNS listener IP address
with /Listener/Interface/Address instead of /Listener/Interface/IPv{4,6}.
* OPENDNSSEC-228: Signer Engine: Make 'ods-signer update' reload signconfs
even if zonelist has not changed.
* OPENDNSSEC-231: Signer Engine: Allow for Classless IN-ADDR.ARPA names
(RFC 2317).
* OPENDNSSEC-249: ods-ksmutil: If key export finds nothing to do then say so
rather than display nothing which might be misinterpreted.
* OPENDNSSEC-262: Signer Engine: Make DNS Adapter ACL optional.
* OPENDNSSEC-263: Signer Engine: Added EDNS0 support, so that zone transfers
and SOA requests with OPT RRs are possible.
* Enforcer: Add indexes for foreign keys. (sqlite only, MySQL already has them.)
Bugfixes:
* OPENDNSSEC-247: Signer Engine: TTL on NSEC(3) was not updated on SOA
Minimum change.
* OPENDNSSEC-252: Signer Engine: Mark xfrhandler started, so that we don't
try to join a non-existing thread on exit.
* OPENDNSSEC-259: Signer Engine: Fix assertion failure for outbound AXFR for
large zones.
* OPENDNSSEC-264: Signer Engine: Fix assertion error on reading IXFR from
backup.
* OPENDNSSEC-265: Signer Engine: Fix crash in corner cases when signing zone
with NSEC3 and Opt-out.
* OPENDNSSEC-267: Signer Engine: Sign NOTIFY OK response with TSIG, if present
in the query and ACL.
OpenDNSSEC 1.4.0a1 - 2012-03-15
* Auditor: The Auditor has been removed.
* Enforcer: Key label logging upon deletion (#192 Sebastian Castro)
* Enforcer: Stop multiple instances of the Enforcer running by checking for
the pidfile at startup. If you want to run multiple instances then a
different pidfile will need to be specified with the -P flag.
* Enforcer/ods-ksmutil: Use TTLs from KASP when generating DNSKEY and DS
records for output.
* Enforcer/ods-ksmutil: Give a more descriptive error message if the
tag in conf.xml does not match the database-backend set at
compile time.
* ods-ksmutil: Add warnings on "key export --ds" if no active or ready keys
were seen, or if both were seen (so a key rollover is happening).
* ods-ksmutil: Prevent MySQL username or password being interpreted by the
shell when running "ods-ksmutil setup"
* ods-ksmutil: "zone delete" renames the signconf file; so that if the zone is
put back the signer will not pick up the old file.
* ods-ksmutil: "key delete" added. It allows keys that are not currently in
use to be deleted from the database and HSM.
* OPENDNSSEC-1: Enforcer: Check DelegationSignerSubmitCommand exists and can
be executed by ods-enforcerd.
* OPENDNSSEC-10: ods-ksmutil: Include key size and algorithm in "key list"
with -v flag.
* OPENDNSSEC-28: ods-ksmutil: "key list" shows next state with -v flag.
* OPENDNSSEC-35: ods-ksmutil: "rollover list -v" now includes more information
on the KSKs waiting for the ds-seen command.
* OPENDNSSEC-83: ods-ksmutil: "key generate" now displays how many keys will
be generated and presents the user with the opportunity to stop the
operation.
* OPENDNSSEC-124: ods-ksmutil: Suppress database connection information when
no -v flag is given.
* Signer Engine: Input and Output DNS Adapters.
* Signer Engine: Zonefetcher has been removed.
Known issues:
* Signer Engine: The backup files do not work correctly in this alpha release.
Bugfixes:
* Bugfix #246: Less confusing text for XML validation in ods-kaspcheck.
* ods-ksmutil: "update kasp" now reflects changes in policy descriptions.
* ods-ksmutil: Policy descriptions now have special characters quoted.
* ods-ksmutil: Fix typo in policy export with NSEC3.
OpenDNSSEC 1.3.13 - 2013-02-20
Bugfixes:
* OPENDNSSEC-388: Signer Engine: Internal serial should take into account
the inbound serial.
* OPENDNSSEC-242: Signer Engine: Could get stuck on load signconf while
signconf was not changed.
* Signer Engine: Fixed locking and notification on the drudge work queue,
signals could be missed so that drudgers would stall when there was work to
be done.
OpenDNSSEC 1.3.12 - 2012-12-03
Bugfixes:
* SUPPORT-42: ./configure fails on FreeBSD (or if ldns is not installed in a
directory in the default search path of the complier).
* OpenDNSSEC does not compile against ldns 1.6.16 on platforms that rely on
the OpenDNSSEC implementation of strlcpy/cat
OpenDNSSEC 1.3.11 - 2012-11-13
* OPENDNSSEC-330: NSEC3PARAM TTL should be set to zero.
Bugfixes:
* OPENDNSSEC-306: Cant delete zone until Enforcer made signerconf.
* OPENDNSSEC-281: Commandhandler sometimes unresponsive.
* OPENDNSSEC-299: ods-ksmutil now includes policy import
* OPENDNSSEC-300: ods-ksmutil policy purge documented with a warning
* OPENDNSSEC-338: ods-ksmutil: fix zone delete on MySQL (broken by SUPPORT-27)
* OPENDNSSEC-342: Auditor comparisons made case-insensitive
* OPENDNSSEC-345: ods-ksmutil: use ods-control to HUP the enforcerd process
OpenDNSSEC 1.3.10 - 2012-08-10
Bugfixes:
* SUPPORT-30: RRSIGs are left in the signed zone when authoritative RRsets
become glue [OPENDNSSEC-282].
* OPENDNSSEC-261: Ldns fails to parse RR that seems syntactically correct.
Was due to memory allocation issues. Provided better log message.
* OPENDNSSEC-285: Signer segfault for 6 or more -v options
* OPENDNSSEC-298: Only unlink existing pidfile on exit if we wrote it.
* OPENDNSSEC-303: Return if open/parse of zonelist.xml fails in ksmutil.c
update_zones() and cmd_listzone().
* OPENDNSSEC-304: Signer Engine: Check pidfile on startup, if pidfile exists
and corresponding process is running, then complain and exit.
* Signer seems to hang on a ods-signer command. Shutdown client explicitly
with shutdown().
* opendnssec.spec file removed
OpenDNSSEC 1.3.9 - 2012-06-15
* OPENDNSSEC-277: Enforcer: Performance optimisation of database access.
Bugfixes:
* SUPPORT-27: ods-ksmutil: simplify zone delete so that it only marks keys as
dead (rather than actually removing them). Leave the key removal to purge
jobs.
OpenDNSSEC 1.3.8 - 2012-05-09
* OPENDNSSEC-228: Signer Engine: Make 'ods-signer update' reload signconfs
even if zonelist has not changed.
* OPENDNSSEC-231: Signer Engine: Allow for Classless IN-ADDR.ARPA names
(RFC 2317).
* OPENDNSSEC-234: Enforcer: Add indexes for foreign keys in kasp DB. (sqlite
only, MySQL already has them.)
* OPENDNSSEC-246: Signer Engine: Warn if is PT0S means that refresh equals signtime.
* Signer Engine: Defense in depth in signer for duplicate keys.
* Signer Engine: Make sure that all required zonelist elements exist,
otherwise error.
* Signer Engine: Warn the user if the serial is b0rk, and you can not
use the serial from the signconf.
* Signer Engine: Log Auditor exit code.
* Fix a similar bug like #257: Error in ods-signerd, where a corrupted
backup file results in an invalid pointer free().
OpenDNSSEC 1.3.2 - 2011-09-13
Bugfixes:
* Bugfix #257: Error in ods-signerd, where a corrupted backup file results
in an invalid pointer free().
* Signer Engine: Mark that a zone has a valid signer configuration, after
recovering the zone from the backup files.
OpenDNSSEC 1.3.1 - 2011-09-07
Bugfixes:
* Auditor: Fix 'ZSK in use too long' message to handle new signer behaviour.
* Bugfix #255: RHEL6 patch to contrib/opendnssec.spec. (Rick van Rein)
* Bugfix #256: Make sure argument in "ods-control signer" is not stripped off.
* Bugfix #259: ods-ksmutil: Prevent MySQL username or password being
interpreted by the shell when running "ods-ksmutil setup".
* Bugfix #260: "ods-ksmutil zone list" now handles empty zonelists.
* Enforcer: Unsigned comparison resulting in wrong error message.
* ods-ksmutil: fixed issue where first ds-seen command run on a zone would
work, but return an error code and not send a HUP to the enforcerd.
* Signer Engine: A threading issue occasionally puts the default validity
on NSEC(3) RRs and the denial validity on other RRs.
* Signer Engine: An update command could interrupt the signing process and the
zone would get missing signatures.
* Signer Engine: Fix an issue where some systems could not copy the zone file.
* Zonefetcher: Check inbound serial in transferred file, to prevent
redundant zone transfers.
OpenDNSSEC 1.3.0 - 2011-07-12
* Include simple-dnskey-mailer-plugin in dist.
* Enforcer: Change message about KSK retirement to make it less confusing.
Bugfixes:
* ods-control: If the Enforcer did not close down, you entered an infinite
loop.
* Signer Engine: Fix log message typos.
* Signer Engine: Fix crash where ods-signer update
* Signer Engine: Also replace DNSKEYs if has changed in policy.
* Zonefetcher: Sometimes invalid 'Address already in use' occurred.
* Bugfix #247: Fixes bug introduced by bugfix #242.
OpenDNSSEC 1.3.0rc3 - 2011-06-12
* Do not distribute trang.
Bugfixes:
* Fix test for java executable and others.
* Auditor: Fix delegation checks.
* Bugfix #242: Race condition when receiving multiple NOTIFIES for a zone.
* ods-kaspcheck: Do not expect resalt in NSEC policy.
* Signer Engine: Ifdef a header file.
* Signer Engine: The default working directory was not specified.
* Signer Engine: Handle stdout console output throttling that would
truncate daemon output intermittently.
OpenDNSSEC 1.3.0.rc2 - 2011-05-18
* Match the names of the signer pidfile and enforcer pidfile.
* Include check for resign < resalt in ods-kaspcheck.
Bugfixes:
* Bugfix #231: Fix MySQL version check.
* ods-ksmutil: Update now sends a HUP to the enforcerd.
* Signer Engine: Fix assertion failure if zone was just added.
* Signer Engine: Don't hsm_close() on setup error.
* Signer Engine: Fix race condition bug when doing a single run.
* Signer Engine: In case of failure, also mark zone processed (single run).
* Signer Engine: Don't leak backup file descriptor.
* signconf.rnc now allows NSEC3 Iterations of 0
OpenDNSSEC 1.3.0rc1 - 2011-04-21
* tag in conf.xml.
* Include check for resign < resalt in ods-kaspcheck.
Bugfixes:
* Bugfix #221: Segmentation Fault on schedule.c:232
* Enforcer: 'make check' now works.
* Enforcer: Fixed some memory leaks in the tests.
* Signer Engine: Coverity report fixes some leaks and thread issues.
* Signer Engine: Now logs to the correct facility again.
OpenDNSSEC 1.3.0b1 - 2011-03-23
* Support for signing the root. Use the zone name "."
* Enforcer: Stop import of policy if it is not consistent.
* ods-signer: The queue command will now also show what tasks the workers
are working on.
* Signer Engine: Just warn if occluded zone data was found, don't stop signing
process.
* Signer Engine: Simpler serial maintenance, reduces the number of conflicts.
Less chance to hit a 'cannot update: serial too small' error message.
* Signer Engine: Simpler NSEC(3) maintenance.
* Signer Engine: Temperate the number of backup files.
* Signer Engine: Set number of in conf.xml to
get peak performance from HSMs that can handle multiple threads.
Bugfixes:
* Bugreport #139: ods-auditor fails on root zone.
* Bugreport #198: Zone updates ignored?
* Replace tab with white-space when writing to syslog.
* Signer Engine: Do not block update command while signing.
OpenDNSSEC 1.2.1 - 2011-03-18
* ldns 1.6.9 is required for bugfixes.
* dnsruby-1.52 required for bugfixes.
Bugfixes:
* Auditor: 'make check' now works when srcdir != builddir.
* Auditor: Include the 'make check' files in the tarball.
* Enforcer: Fix the migration script for SQLite.
* Enforcer: Increase size of keypairs(id) field in MySQL to allow more than
32767 keys; see MIGRATION for details.
* Enforcer: Minor change to NOT_READY_KEY error message.
* libhsm: Increase the maximum number of attached HSM:s from 10 to 100.
* ods-ksmutil: Send trivial MySQL messages to stdout when exporting zonelist
etc. Otherwise the resulting XML needs to be edited by hand.
* ods-control: Fix for Bourne shell.
* Signer Engine: Prevent race condition when setting up the workers and
the command handler.
* Signer Engine: Check if the signature exists before recycling it.
* Signer Engine: Quit when there are errors in the configuration.
* Signer Engine: Enable core dump on failure.
* Signer Engine: Explicitly close down log msg with null.
* Signer Engine: Backup state after writing output.
* Signer Engine: Allow update of serial if internal structure is not
initialized.
* Signer Engine: NSEC chain could become broken if the predecessor domain
of a deleted domain was a glue domain.
OpenDNSSEC 1.2.0 - 2011-01-13
Bugfixes:
* Enforcer: Fixed a number of build warnings.
OpenDNSSEC 1.2.0rc3 - 2010-12-27
* Moved migration instructions to the file MIGRATION
Bugfixes:
* Bugreport #199: The previous DB schema change made the zone removal broken.
* Enforcer: When retiring old KSK, use TTL(ds) and not TTL(ksk).
* Enforcer: Minimize the set of DS RRs sent to DelegationSignerSubmitCommand.
* Enforcer: Replace tab with a space character in the DNSKEY printed to syslog.
* Enforcer: Fixed pontential format string bug.
* ods-ksmutil: Log to syslog when ds-seen changes a key to active/standby.
* Signer Engine: Don't be smart with RRSIG TTLs, the hsm will set them for you.
* Signer Engine: Set notify command for zone when receiving ods-signer update.
* Signer Engine: Update TTL of NSEC(3) records if SOA Minimum has changed
in KASP.
* Signer Engine: Now logs to the correct facility.
* Signer Engine: Also remove NSEC records when detecting changes in
signconf
* Signer Engine: Dropped privileges before starting Zonefetcher.
OpenDNSSEC 1.2.0rc2 - 2010-11-24
Bugfixes:
* Signer Engine: Use the correct TTL for RRs after the $INCLUDE directive.
* Signer Engine: Also create new signature if TTL of RR has changed.
* Signer Engine: Drop old NSEC/NSEC3 records.
* ods-ksmutil: Fixed some memory leaks.
OpenDNSSEC 1.2.0rc1 - 2010-11-17
* New commandline option for the signer: ods-signer running.
* Allow connection to different MySQL ports in the Enforcer.
* Tone down and explain warning when converting M or Y to seconds
* ldns 1.6.7 is required for bugfixes
* dnsruby 1.51 is required for bugfixes
Bugfixes:
* Bugreport #187: ods-control signer start will return non-zero if start up
failed (uses ods-signer running).
* Narrow glue at the zone cut is allowed, do not consider it as occluded.
* Move zone fetcher output to correct input adapter file.
* Enforcer shared keys on zones with ShareKeys disabled.
* Make names of key states consistent.
* Signer Engine file descriptor leak fix on engine.sock.
* Set explicit "unlimited" repository capacity to prevent random integer being
read. Requires "ods-ksmutil update conf" to be run if using an existing
database.
* Fix issue with key generation creating too many keys Ticket #194.
* Bugreport #189: Auditor did not handle white-space-seperated substrings
for base64 text
* Bugreport #190: Auditor (and signer) does not handle case correctly
* Signer now silence stdout-output from the notify command
OpenDNSSEC 1.2.0b1 - 2010-10-18
* A new signer engine, written in c. Zones are maintained in memory, instead of
in files on disk.
* Signer Engine: Check if the signature exists before recycling it.
* Removed the python and python-4suite-xml dependencies.
* Remove separate autoconf for libhsm/conf/enforcer.
* Add option to disable building the signer.
* Signer logs statistics just after outputting a new signed zone.
* libhsm will skip processing (and not create) any public keys if the
per repository option tag added to automatically delete keys that have been dead
for some interval.
* Rename all OpenDNSSEC command line tools and daemons to ods-XXX (e.g.
ksmutil becomes ods-ksmutil).
* kasp_check command added to check the conf.xml and kasp.xml configuration
files for sanity and consistency.
* communicated and keygend combined to form "ods-enforcerd".
* ksmutil command line changes. Most commands have changed slightly, but
there are some significant changes (see
http://svn.opendnssec.org/docs/command-tools-syntax.txt for details.)
* Enforcer database now has a version number. If it differs from the version
number in the code (specified via a #define statement), the software will
issue an error message and not connect to the database.
* "ksmutil list keys" now displays the keytag if the -l flag is passed to it.
* "Emergency Keys" renamed to "Standby Keys" as this better reflects their
role in OpenDNSSEC.
* The behaviour of SOA Serial value 'counter' has changed according to
Ticket #31.
* The directory "xml" and been renamed to "conf". (This is part of repository
clean.)
* There are changes to the KASP DB:
* Zone fetcher added, that will do AXFR from the master.
If want to use your old database, use the following commands to upgrade:
sqlite3 < enforcer/utils/migrate_090922_1.sqlite3
sqlite3 < enforcer/utils/migrate_090930_1.sqlite3
sqlite3 < enforcer/utils/migrate_091002_1.sqlite3
Or, to start a new (with loss of information), remove old keys from the HSM
and issue the command:
ksmutil setup
Bugfixes:
* Make sure that parenthesis in zonefiles don't concatenate rdata fields.
Known issues:
* TCP-support for LDNS on Solaris is currently broken due to an issue with
SO_RCVTIMEO. The result is that the zonefetcher doesn't work. No other
parts of OpenDNSSEC is affected by this bug.
There is currently no workaround.
OpenDNSSEC 1.0a5 - 2009-09-21
Features:
* support %zonefile expansion in the signer engine NotifyCommand
Bugfixes:
* Read < enforcer/utils/migrate_090901_1.sqlite3
Or start fresh (with loss of information. User should remove old keys
from the HSM):
ksmutil setup
Bugfixes:
* "signer_engine_cli clear " dont crash on missing files anymore
and removes all internal files now
* Bugreport #18, #19: Fix segfault at nseccer, nsec3er or finalizer when
handling large zones.
* Signer Engine starts correctly (problem was python 2.4, not RHEL5).
OpenDNSSEC 1.0a3 - 2009-08-26
Features:
* ksmutil import key implemented for importing key ID of existing keys
* "hsmspeed" will test the speed of the HSM.
* "hsmutil test" will test the HSM against OpenDNSSEC.
* Changes to the KASP DB, please apply:
If want to use your old DB:
sqlite3 < enforcer/utils/migrate_090820_1.sqlite3
Or start fresh (with loss of information. User should remove old keys
from the HSM):
ksmutil setup
Bugfixes:
* Better display of null backups (i.e. backup required) in ksmutil list
* Don't show historical rollovers in ksmutil list
* Fix key counting routines so that they all agree
* Missing SQLite includes in the Enforcer
Known bugs:
* Signer Engine not starting correctly in RHEL5.
Use "signer_engine -d" for now
* "signer_engine_cli clear " crashes on missing files
OpenDNSSEC 1.0a2 - 2009-08-14
Features:
* conf.xml format changed
* Read the default path to kasp.xml from conf.xml
* libksm integrated into enforcer (and no longer installed)
* Dropping privileges as specified
* Option to specify that a key from a specific repository
should not be used if it has not been backed up
* ksmutil backup done, to signal that the keys are backed up
* KASP Auditor should now function properly
* A quick start script is available
* XSLT to translate KASP into readable text (HTML)
* Changes to the KASP DB, please apply:
If want to use your old DB:
sqlite3 < enforcer/utils/migrate_090812_1.sqlite3
sqlite3 < enforcer/utils/migrate_090813_1.sqlite3
Or start fresh (with loss of information):
ksmutil setup
Bugfixes:
* Signer Engine can now read standard bind format correctly
* make install creates an incorrectly named directory
* ksmutil addzone defaults to wrong path
* SoftHSM links libsofthsm to build directory
* libksm install problem when builddir == srcdir
* Missing include of header file in SoftHSM
* Text about a problem with Botan on some systems.
OpenDNSSEC 1.0a1 - 2009-07-30
* Initial release (aka "Technology Preview")
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/KNOWN_ISSUES�����������������������������������������������������������������������0000644�0001750�0001750�00000004751�12650165732�012537� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������OpenDNSSEC 1.4.0 - Known Restrictions
The following are the known problems and/or restrictions of release 1.4.0 of
OpenDNSSEC.
BUGS:
-----
OPENDNSSEC-332: Statistics on average sigs/sec not accurate
OPENDNSSEC-437: Problem with invalid signatures on SOA RRset.
OPENDNSSEC-104: Incorrect ZSK retire duration calculation.
Limitations on Number of Zones
------------------------------
Owing to contention in the key management database, performance is degraded if
OpenDNSSEC is used to sign large numbers of zones that do not share common
keys. The problem is worse if SQLite is used for the key and signature manager
database.
As a workaround, we suggest that either the same key is used for all zones, or
that the number of zones be limited to about 5,000.
This will be addressed in a future release of the software.
Issue with rolling from one algorithm to another
------------------------------------------------
The current version will handle key rollovers that also change algorithm just
the same as any other key rollover. This is not sufficient; and so rolling
between algorithms is broken and should not be done with the current system.
Handling of external command calls
----------------------------------
External commands (e.g. NotifyCommand or DelegationSignerSubmitCommand) are
called with popen. This can lead to errors with these external scripts not
being noticed by OpenDNSSEC. It is therefore recommended that when writing
scripts like these that they log enough information for the user to tell
independently if they failed.
Maximum number of HSMs
----------------------
The datatype of the column storing HSMs in the kasp database is only large
enough to store 127 separate HSMs (with a MySQL backend).
Quotation marks in strings
--------------------------
Enforcer does not remove/handle any quotation marks in the imported strings.
This will create a problem when importing the information from e.g. the policy
description field into the Enforcer database.
Intermittent segmentation faults on FreeBSD 9 amd64
-------------------------------------------------
Segmentation faults in _pthread_mutex_init_calloc_cb () from /lib/libc.so.7
have been intermittently seen when running regression tests on our FreeBSD
test server (amd64, FreeBSD 9.0-RELEASE-p3). The segfaults have been seen to
originate in the enforcer, the signer and SQLite on different occasions. These
appear to be due to a bug in the FreeBSD malloc/pthread implementation and are
not due to issues in the OpenDNSSEC code.
�����������������������opendnssec-1.4.9/Makefile.am������������������������������������������������������������������������0000644�0001750�0001750�00000002227�12650165732�012655� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������ACLOCAL_AMFLAGS = -I m4
MAINTAINERCLEANFILES = \
config.log config.status \
$(srcdir)/Makefile.in \
$(srcdir)/common/config.h.in $(srcdir)/common/config.h.in~ \
$(srcdir)/configure \
$(srcdir)/install-sh $(srcdir)/ltmain.sh $(srcdir)/missing \
$(srcdir)/depcomp $(srcdir)/aclocal.m4 $(srcdir)/compile \
$(srcdir)/config.guess $(srcdir)/config.sub
SUBDIRS = common libhsm enforcer conf tools
if ENABLE_SIGNER
SUBDIRS += signer
endif
EXTRA_DIST = $(srcdir)/LICENSE \
$(srcdir)/KNOWN_ISSUES \
$(srcdir)/MIGRATION \
$(srcdir)/README.md \
$(srcdir)/plugins/simple-dnskey-mailer/simple-dnskey-mailer.sh
install-data-hook:
$(INSTALL) -d $(DESTDIR)$(localstatedir)
$(INSTALL) -d $(DESTDIR)$(localstatedir)/opendnssec
$(INSTALL) -d $(DESTDIR)$(localstatedir)/opendnssec/tmp
$(INSTALL) -d $(DESTDIR)$(localstatedir)/opendnssec/signconf
$(INSTALL) -d $(DESTDIR)$(localstatedir)/opendnssec/unsigned
$(INSTALL) -d $(DESTDIR)$(localstatedir)/opendnssec/signed
$(INSTALL) -d $(DESTDIR)$(localstatedir)/run
$(INSTALL) -d $(DESTDIR)$(localstatedir)/run/opendnssec
docs:
(cd libhsm; $(MAKE) doxygen)
(cd enforcer; $(MAKE) doxygen)
(cd signer; $(MAKE) doxygen)
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/tools/�����������������������������������������������������������������������������0000755�0001750�0001750�00000000000�12650166152�012033� 5����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/tools/Makefile.am������������������������������������������������������������������0000644�0001750�0001750�00000000305�12650165675�014016� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������MAINTAINERCLEANFILES = $(srcdir)/Makefile.in
SUBDIRS = solaris
sbin_SCRIPTS = ods-control
bin_SCRIPTS = ods-kasp2html
man5_MANS = ods-timing.5
man7_MANS = opendnssec.7
man8_MANS = ods-control.8
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/tools/opendnssec.7.in��������������������������������������������������������������0000644�0001750�0001750�00000007521�12650165675�014627� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������.TH "opendnssec" "7" "February 2010" "OpenDNSSEC" "OpenDNSSEC overview"
.SH "NAME"
.LP
.B OpenDNSSEC
\- making DNSSEC easy for DNS administrators
.SH "SYNOPSIS"
.LP
.B ods-control start
.LP
.B ods-control stop
.LP
.B ods-ksmutil
.RB \fIsubcommand...\fB
.LP
.B ods-signer
.RB [\fIsubcommand...\fB]
.SH "DESCRIPTION"
.LP
OpenDNSSEC is a complete DNSSEC zone signing system which maintains stability and security of signed domains. DNSSEC adds many cryptographic concerns to DNS; OpenDNSSEC automates those to allow current DNS administrators to adopt DNSSEC.
.PP
Domain signing is done by placing OpenDNSSEC between the place where the
zone files are edited and where they are published. The current version
of OpenDNSSEC supports files and AXFR to communicate the zone data;
effectively, OpenDNSSEC acts as a "bump in the wire" between editing and
publishing a zone.
.PP
OpenDNSSEC has two daemons, which are unitedly started and stopped through
the
.I ods\-control(8)
command.
The two daemons in turn invoke other programs to get their work done.
.PP
One of the daemons is the KASP Enforcer, which enforces policies that define
security and timing requirements for each individual zone. Operators tend
to interact with the KASP Enforcer a lot, through the
.I ods\-ksmutil(1)
command.
.PP
The other daemon is the Signer Engine, which in turn signs the zone content.
It retrieves that content from a file or through AXFR, and publishes a signed
version of the zone into a file or through AXFR. Direct interaction with the
Signer Engine, although not normally necessary, is possible through the
.I ods\-signer(8)
command.
.PP
The keys that sign the zones are managed by an independent repository, which
is accessed over a PKCS #11 interface. The principle idea of this interface
being to unleash access to cryptographic hardware, there are implementations
in software. Also, implementations range from open to commercial, and from
very simple to highly secure. By default, OpenDNSSEC is configured to run on
top of a SoftHSM, but a few other commands exist to test any
Hardware Security Module that may sit under the PKCS #11 API.
.SH "OPERATIONAL PRACTICES"
The approach used by OpenDNSSEC follows the best current practice of
two kinds of key per zone:
.TP
.B KSK\fR or \fBKey Signing Key
This key belongs in the apex of a zone, and is referenced in the parent
zone (quite possibly a registry) in the form of DS records alongside
NS records. These parent references function as trust delegations.
The KSK is usually a longer key, and it could harm the efficiency of
secure resolvers if all individual resource records were signed with it.
This is why it is advisable to use the KSK only to sign the ZSK.
In DNS records, the KSK can usually be recognised by having its SEP
(Secure Entry Point) flag set.
.TP
.B ZSK\fR or \fBZone Signing Key
This key also belongs in the apex of a zone, and
is actually used to sign the resource records in a zone.
It is a shorter key for reasons of efficiency, that is rolled over
on a fairly regular basis. To detach these rollovers from the parent,
the ZSK is not directly trusted by the parent zone, but instead its
trust is established by way of a signature by the KSK on the ZSK.
.PP
OpenDNSSEC is mindful about the period of validity of each key, and will
rollover in time to keep the domain signed, with new keys, without any
downtime for the secure domain. The only thing that is not standardised,
and thus cannot be automated at the moment is the interface between a zone
and its parent, so this has to be done manually, or scripted around
OpenDNSSEC.
.SH "SEE ALSO"
.LP
ods\-control(8), ods\-enforcerd(8), ods\-hsmspeed(1),
ods\-hsmutil(1), ods\-kaspcheck(1), ods\-ksmutil(1), ods\-signer(8),
ods\-signerd(8), ods\-timing(5),
.B http://www.opendnssec.org/
.SH "AUTHORS"
.LP
.B OpenDNSSEC
was made by the OpenDNSSEC project, to be found on
.B http://www.opendnssec.org/
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/tools/ods-kasp2html.in�������������������������������������������������������������0000644�0001750�0001750�00000003425�12650165732�015002� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/bin/sh
#
# Copyright (c) 2010 Kirei AB. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
# GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
# IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
XMLLINT=@XMLLINT@
XSLTPROC=@XSLTPROC@
KASP_SCHEMA=@OPENDNSSEC_DATA_DIR@/kasp.rng
KASP_XSL=@OPENDNSSEC_DATA_DIR@/kasp2html.xsl
KASP_XML=$1
if [ ! -x "$XMLLINT" ]; then
echo "error: xmllint required, but not found"
exit 1
fi
if [ ! -x "$XSLTPROC" ]; then
echo "error: xsltproc required, but not found"
exit 1
fi
if [ -f "$KASP_XML" ]; then
$XMLLINT --noout --relaxng $KASP_SCHEMA $KASP_XML && \
$XSLTPROC $KASP_XSL $KASP_XML
else
echo "usage: $0 [kasp.xml]"
fi
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/tools/ods-control.in���������������������������������������������������������������0000644�0001750�0001750�00000010047�12650165732�014553� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/bin/sh
#
# Copyright (c) 2009 .SE (The Internet Infrastructure Foundation)
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
# GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
# IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
progname="ods-control"
configfile="@OPENDNSSEC_CONFIG_FILE@"
bindir="@OPENDNSSEC_BIN_DIR@"
sbindir="@OPENDNSSEC_SBIN_DIR@"
enforcer_pid_file=`${bindir}/ods-getconf -c "${configfile}" //Configuration/Enforcer/PidFile`
signer_pid_file=`${bindir}/ods-getconf -c "${configfile}" //Configuration/Signer/PidFile`
signer_socket_file=`${bindir}/ods-getconf -c "${configfile}" //Configuration/Signer/SocketFile`
[ "$enforcer_pid_file" = "" ] && enforcer_pid_file="@OPENDNSSEC_ENFORCER_PIDFILE@"
[ "$signer_pid_file" = "" ] && signer_pid_file="@OPENDNSSEC_SIGNER_PIDFILE@"
[ "$signer_socket_file" = "" ] && signer_socket_file="@OPENDNSSEC_SIGNER_SOCKET@"
case "$1" in
'ksm')
shift
"$bindir/ods-ksmutil" $@
;;
'hsm')
shift
"$bindir/ods-hsmutil" $@
;;
'signer')
case "$2" in
'start')
echo "Starting signer engine..."
"$sbindir/ods-signer" start
RETVAL=$?
if [ $RETVAL = 0 ]; then
i=0
while [ ! -r "$signer_pid_file" ]; do
sleep 1
i=`expr $i + 1`
if [ $i -ge 5 ]; then
RETVAL=1
echo "Could not start signer"
exit $RETVAL
fi
done
i=0
while [ ! -r "$signer_socket_file" ]; do
sleep 1
i=`expr $i + 1`
if [ $i -ge 5 ]; then
RETVAL=1
echo "Could not start signer"
exit $RETVAL
fi
done
sleep 1
"$sbindir/ods-signer" running
RETVAL=$?
fi
exit $RETVAL
;;
*)
shift
"$sbindir/ods-signer" "$@"
;;
esac
;;
'enforcer')
case "$2" in
'start')
echo "Starting enforcer..."
"$sbindir/ods-enforcerd"
RETVAL=$?
if [ $RETVAL = 0 ]; then
i=0
while [ ! -r "$enforcer_pid_file" ]; do
sleep 1
i=`expr $i + 1`
if [ $i -ge 5 ]; then
RETVAL=1
echo "Could not start enforcer"
break
fi
done
fi
exit $RETVAL
;;
'stop')
echo "Stopping enforcer..."
if [ -r "$enforcer_pid_file" ]; then
kill -TERM `cat "$enforcer_pid_file"`
RETVAL=$?
if [ $RETVAL = 0 ]; then
i=0
while [ -r "$enforcer_pid_file" ]; do
sleep 1
i=`expr $i + 1`
if [ $i -ge 5 ]; then
RETVAL=1
echo "Could not stop enforcer"
break
fi
done
fi
else
echo "Cannot find PID file"
RETVAL=1
fi
exit $RETVAL
;;
'notify')
echo "Notifying enforcer of new database..."
if [ -r "$enforcer_pid_file" ]; then
kill -HUP `cat "$enforcer_pid_file"`
RETVAL=$?
else
echo "Cannot find PID file"
RETVAL=1
fi
exit $RETVAL
;;
*)
echo "usage: $progname enforcer start|stop|notify"
;;
esac
;;
'start')
"$0" enforcer start
RETVAL=$?
if [ $RETVAL != 0 ]
then
exit $RETVAL
fi
"$0" signer start
RETVAL=$?
exit $RETVAL
;;
'stop')
"$0" enforcer stop
echo "Stopping signer engine..."
"$sbindir/ods-signer" stop
;;
*)
echo "usage: $progname ksm|hsm|signer|enforcer|start|stop ..."
;;
esac
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/tools/ods-timing.5.in��������������������������������������������������������������0000644�0001750�0001750�00000005500�12650165675�014531� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������.TH "ods-timing" "5" "February 2010" OpenDNSSEC "OpenDNSSEC timinig"
.SH "NAME"
.LP
.B ods-timing
\- OpenDNSSEC timing specification
.SH "SYNOPSIS"
.LP
.B @OPENDNSSEC_CONFIG_DIR@/conf.xml
.br
.B @OPENDNSSEC_CONFIG_DIR@/kasp.xml
.br
.B @OPENDNSSEC_CONFIG_DIR@/zonelist.xml
.SH "DESCRIPTION"
.LP
The configuration files of OpenDNSSEC need to have timing descriptions,
notably for periods. These descriptions follow ISO 8601 with exceptions
for the duration of a month and a year, as these periods would be allowed
to vary if ISO 8601 were strictly adhered to.
.PP
Durations are represented by the format \fBP[n]Y[n]M[n]DT[n]H[n]M[n]S\fR.
In these representations, the \fB[n]\fR is replaced by the value for each
of the date and time elements that follow the \fB[n]\fR. Leading zeros are
not required. The capital letters \fBP\fR, \fBY\fR, \fBM\fR, \fBW\fR,
\fBD\fR, \fBT\fR, \fBH\fR, \fBM\fR and \fBS\fR are designators for each of
the date and time elements and are not replaced
.TP
.B P
is the duration designator (historically called "period") placed at the start of the duration representation.
.TP
.B Y
is the year designator that follows the value for the number of years.
.TP
.B M
is the month designator that follows the value for the number of months.
.TP
.B W
is the week designator that follows the value for the number of weeks.
.TP
.B D
is the day designator that follows the value for the number of days.
.TP
.B T
is the time designator that precedes the time components of the representation.
.TP
.B H
is the hour designator that follows the value for the number of hours.
.TP
.B M
is the minute designator that follows the value for the number of minutes.
.TP
.B S
is the second designator that follows the value for the number of seconds.
.PP
For example,
.B P3Y6M4DT12H30M5S
represents a duration of "three years, six months, four days, twelve hours, thirty minutes, and five seconds". Date and time elements including their designator may be omitted if their value is zero, and lower order elements may also be omitted for reduced precision. For example,
.B P23DT23H
and
.B P4Y
are both acceptable duration representations.
.SH "EXCEPTION"
.LP
A year or month vary in duration depending on the current date. For OpenDNSSEC, we assume fixed values
.TP
.B One month
is assumed to be 31 days.
.TP
.B One year
is assumed to be 365 days.
.PP
This exception may or may not change in future releases of OpenDNSSEC.
The reason for making this exception is to avoid complicating this
software in a way that may not meet any practical need.
.SH "SEE ALSO"
.LP
ods\-control(8), ods\-enforcerd(8), ods\-hsmspeed(1),
ods\-hsmutil(1), ods\-kaspcheck(1), ods\-ksmutil(1), ods\-signer(8),
ods\-signerd(8), opendnssec(7),
ISO 8601,
.B http://www.opendnssec.org/
.SH "AUTHORS"
.LP
.B OpenDNSSEC
was made by the OpenDNSSEC project, to be found on
.B http://www.opendnssec.org/
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/tools/solaris/���������������������������������������������������������������������0000755�0001750�0001750�00000000000�12650166152�013507� 5����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/tools/solaris/ods-enforcerd-smf.xml������������������������������������������������0000644�0001750�0001750�00000003734�12650165675�017506� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������
OpenDNSSEC
������������������������������������opendnssec-1.4.9/tools/solaris/Makefile.am����������������������������������������������������������0000644�0001750�0001750�00000000664�12650165675�015502� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������MAINTAINERCLEANFILES = \
config.log config.status \
$(srcdir)/Makefile.in \
$(srcdir)/config.h.in $(srcdir)/config.h.in~ \
$(srcdir)/configure \
$(srcdir)/install-sh $(srcdir)/ltmain.sh $(srcdir)/missing \
$(srcdir)/depcomp $(srcdir)/aclocal.m4 $(srcdir)/compile \
$(srcdir)/config.guess $(srcdir)/config.sub
EXTRA_DIST = \
README \
ods-enforcerd-smf.xml \
ods-signerd-smf.xml \
ods-enforcerd.init.in \
ods-signerd.init.in
����������������������������������������������������������������������������opendnssec-1.4.9/tools/solaris/ods-signerd.init.in��������������������������������������������������0000644�0001750�0001750�00000004770�12650165675�017160� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/bin/sh
#
# Copyright (c) 2009 Nominet UK. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
# GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
# IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
# export SOFTHSM_CONF=/etc/softhsm.conf
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:@OPENDNSSEC_LIB_DIR@
signer_bin_file="@OPENDNSSEC_SBIN_DIR@/ods-signerd"
signer_cli_file="@OPENDNSSEC_SBIN_DIR@/ods-signer"
signer_pid_file="@OPENDNSSEC_PID_DIR@/signerd.pid"
case "$1" in
'start')
# Check program is not running
ps -ef | grep '\' | grep -v grep
if [ $? -eq 0 ]
then
echo "signer_engine is already running"
exit 0
fi
# Start program up
if [ -x $signer_bin_file ]
then
echo "Starting signer engine"
$signer_bin_file &
fi
;;
'stop')
# Stop program
if [ -x $signer_cli_file ]
then
echo "Stopping signer engine"
$signer_cli_file stop
else
if [ -x $signer_pid_file ]
then
echo "Stopping signer engine via pid_file"
kill -TERM `cat $signer_pid_file`
else
echo "Stopping signer engine via pid"
PID=`ps -ef | grep '\' | grep -v grep | awk '{ print $2 }'`
if [ ! -z "$PID" ]
then
kill $PID
fi
fi
fi
;;
*)
echo "Usage: $0 { start | stop }"
exit 1
;;
esac
exit 0
��������opendnssec-1.4.9/tools/solaris/ods-enforcerd.init.in������������������������������������������������0000644�0001750�0001750�00000004436�12650165675�017473� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������#!/bin/sh
#
# Copyright (c) 2009 Nominet UK. All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
# IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
# WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
# ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
# DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
# GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
# IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
# IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#
# export SOFTHSM_CONF=/etc/softhsm.conf
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:@OPENDNSSEC_LIB_DIR@
enforcer_bin_file="@OPENDNSSEC_SBIN_DIR@/ods-enforcerd"
enforcer_pid_file="@OPENDNSSEC_PID_DIR@/enforcerd.pid"
case "$1" in
'start')
# Check program is not running
ps -ef | grep '$enforcer_bin_file' | grep -v grep
if [ $? -eq 0 ]
then
echo "ods-enforcerd is already running"
exit 0
fi
# Start program up
if [ -x $enforcer_bin_file ]
then
echo "Starting enforcer"
$enforcer_bin_file &
fi
;;
'stop')
# Stop programs
if [ -x $enforcer_pid_file ]
then
echo "Stopping ods-enforcerd via pid_file"
kill -TERM `cat $enforcer_pid_file`
else
PID=`ps -ef | grep '$enforcer_bin_file' | grep -v grep | awk '{ print $2 }'`
if [ ! -z "$PID" ]
then
echo "Stopping ods-enforcerd via pid"
kill $PID
fi
fi
;;
*)
echo "Usage: $0 { start | stop }"
exit 1
;;
esac
exit 0
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/tools/solaris/Makefile.in����������������������������������������������������������0000644�0001750�0001750�00000040006�12650165765�015505� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
VPATH = @srcdir@
am__is_gnu_make = { \
if test -z '$(MAKELEVEL)'; then \
false; \
elif test -n '$(MAKE_HOST)'; then \
true; \
elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
true; \
else \
false; \
fi; \
}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
*) echo "am__make_running_with_option: internal error: invalid" \
"target option '$${target_option-}' specified" >&2; \
exit 1;; \
esac; \
has_opt=no; \
sane_makeflags=$$MAKEFLAGS; \
if $(am__is_gnu_make); then \
sane_makeflags=$$MFLAGS; \
else \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
bs=\\; \
sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
| sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
esac; \
fi; \
skip_next=no; \
strip_trailopt () \
{ \
flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
}; \
for flg in $$sane_makeflags; do \
test $$skip_next = yes && { skip_next=no; continue; }; \
case $$flg in \
*=*|--*) continue;; \
-*I) strip_trailopt 'I'; skip_next=yes;; \
-*I?*) strip_trailopt 'I';; \
-*O) strip_trailopt 'O'; skip_next=yes;; \
-*O?*) strip_trailopt 'O';; \
-*l) strip_trailopt 'l'; skip_next=yes;; \
-*l?*) strip_trailopt 'l';; \
-[dEDm]) skip_next=yes;; \
-[JT]) skip_next=yes;; \
esac; \
case $$flg in \
*$$target_option*) has_opt=yes; break;; \
esac; \
done; \
test $$has_opt = yes
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_HEADER = $(INSTALL_DATA)
transform = $(program_transform_name)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = tools/solaris
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/acx_broken_setres.m4 \
$(top_srcdir)/m4/acx_check_strptime.m4 \
$(top_srcdir)/m4/acx_cunit.m4 \
$(top_srcdir)/m4/acx_database_backend.m4 \
$(top_srcdir)/m4/acx_dbparams.m4 \
$(top_srcdir)/m4/acx_dlopen.m4 $(top_srcdir)/m4/acx_ldns.m4 \
$(top_srcdir)/m4/acx_libc.m4 $(top_srcdir)/m4/acx_libxml2.m4 \
$(top_srcdir)/m4/acx_mysql.m4 $(top_srcdir)/m4/acx_pedantic.m4 \
$(top_srcdir)/m4/acx_pkcs11_modules.m4 \
$(top_srcdir)/m4/acx_prefixhack.m4 \
$(top_srcdir)/m4/acx_rpath.m4 $(top_srcdir)/m4/acx_rt.m4 \
$(top_srcdir)/m4/acx_sqlite3.m4 $(top_srcdir)/m4/acx_ssl.m4 \
$(top_srcdir)/m4/acx_strict.m4 \
$(top_srcdir)/m4/ax_prog_doxygen.m4 \
$(top_srcdir)/m4/ax_pthread.m4 \
$(top_srcdir)/m4/check_compiler_flag.m4 \
$(top_srcdir)/m4/check_compiler_flag_needed.m4 \
$(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
$(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
$(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/m4/opendnssec_common.m4 $(top_srcdir)/version.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/common/config.h
CONFIG_CLEAN_FILES = ods-enforcerd.init ods-signerd.init
CONFIG_CLEAN_VPATH_FILES =
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo " GEN " $@;
am__v_GEN_1 =
AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 =
SOURCES =
DIST_SOURCES =
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
am__DIST_COMMON = $(srcdir)/Makefile.in \
$(srcdir)/ods-enforcerd.init.in $(srcdir)/ods-signerd.init.in \
README
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CP = @CP@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CUCUMBER = @CUCUMBER@
CUNIT_INCLUDES = @CUNIT_INCLUDES@
CUNIT_LIBS = @CUNIT_LIBS@
CYGPATH_W = @CYGPATH_W@
C_LIBS = @C_LIBS@
DB_HOST = @DB_HOST@
DB_INCLUDES = @DB_INCLUDES@
DB_LIBS = @DB_LIBS@
DB_NAME = @DB_NAME@
DB_PASS = @DB_PASS@
DB_PORT = @DB_PORT@
DB_TYPE = @DB_TYPE@
DB_USER = @DB_USER@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DLLTOOL = @DLLTOOL@
DOXYGEN_PAPER_SIZE = @DOXYGEN_PAPER_SIZE@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
DX_CONFIG = @DX_CONFIG@
DX_DOCDIR = @DX_DOCDIR@
DX_DOT = @DX_DOT@
DX_DOXYGEN = @DX_DOXYGEN@
DX_DVIPS = @DX_DVIPS@
DX_EGREP = @DX_EGREP@
DX_ENV = @DX_ENV@
DX_FLAG_chi = @DX_FLAG_chi@
DX_FLAG_chm = @DX_FLAG_chm@
DX_FLAG_doc = @DX_FLAG_doc@
DX_FLAG_dot = @DX_FLAG_dot@
DX_FLAG_html = @DX_FLAG_html@
DX_FLAG_man = @DX_FLAG_man@
DX_FLAG_pdf = @DX_FLAG_pdf@
DX_FLAG_ps = @DX_FLAG_ps@
DX_FLAG_rtf = @DX_FLAG_rtf@
DX_FLAG_xml = @DX_FLAG_xml@
DX_HHC = @DX_HHC@
DX_LATEX = @DX_LATEX@
DX_MAKEINDEX = @DX_MAKEINDEX@
DX_PDFLATEX = @DX_PDFLATEX@
DX_PERL = @DX_PERL@
DX_PROJECT = @DX_PROJECT@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
HAVE_SSL = @HAVE_SSL@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
JAVA = @JAVA@
LD = @LD@
LDFLAGS = @LDFLAGS@
LDNS_CONFIG = @LDNS_CONFIG@
LDNS_INCLUDES = @LDNS_INCLUDES@
LDNS_LIBS = @LDNS_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
MYSQL = @MYSQL@
MYSQL_CONFIG = @MYSQL_CONFIG@
MYSQL_INCLUDES = @MYSQL_INCLUDES@
MYSQL_LIBS = @MYSQL_LIBS@
NM = @NM@
NMEDIT = @NMEDIT@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OPENDNSSEC_BIN_DIR = @OPENDNSSEC_BIN_DIR@
OPENDNSSEC_CONFIG_DIR = @OPENDNSSEC_CONFIG_DIR@
OPENDNSSEC_CONFIG_FILE = @OPENDNSSEC_CONFIG_FILE@
OPENDNSSEC_DATA_DIR = @OPENDNSSEC_DATA_DIR@
OPENDNSSEC_ENFORCER_PIDFILE = @OPENDNSSEC_ENFORCER_PIDFILE@
OPENDNSSEC_FETCH_PIDFILE = @OPENDNSSEC_FETCH_PIDFILE@
OPENDNSSEC_LIBEXEC_DIR = @OPENDNSSEC_LIBEXEC_DIR@
OPENDNSSEC_LIB_DIR = @OPENDNSSEC_LIB_DIR@
OPENDNSSEC_LOCALSTATE_DIR = @OPENDNSSEC_LOCALSTATE_DIR@
OPENDNSSEC_PID_DIR = @OPENDNSSEC_PID_DIR@
OPENDNSSEC_SBIN_DIR = @OPENDNSSEC_SBIN_DIR@
OPENDNSSEC_SCHEMA_DIR = @OPENDNSSEC_SCHEMA_DIR@
OPENDNSSEC_SIGNER_CLI = @OPENDNSSEC_SIGNER_CLI@
OPENDNSSEC_SIGNER_ENGINE = @OPENDNSSEC_SIGNER_ENGINE@
OPENDNSSEC_SIGNER_PIDFILE = @OPENDNSSEC_SIGNER_PIDFILE@
OPENDNSSEC_SIGNER_SOCKET = @OPENDNSSEC_SIGNER_SOCKET@
OPENDNSSEC_STATE_DIR = @OPENDNSSEC_STATE_DIR@
OPENDNSSEC_SYSCONF_DIR = @OPENDNSSEC_SYSCONF_DIR@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PTHREAD_CC = @PTHREAD_CC@
PTHREAD_CFLAGS = @PTHREAD_CFLAGS@
PTHREAD_LIBS = @PTHREAD_LIBS@
RANLIB = @RANLIB@
RT_LIBS = @RT_LIBS@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
SQLITE3 = @SQLITE3@
SQLITE3_INCLUDES = @SQLITE3_INCLUDES@
SQLITE3_LIBS = @SQLITE3_LIBS@
SSL_INCLUDES = @SSL_INCLUDES@
SSL_LIBS = @SSL_LIBS@
STRIP = @STRIP@
VERSION = @VERSION@
XML2_CONFIG = @XML2_CONFIG@
XML2_INCLUDES = @XML2_INCLUDES@
XML2_LIBS = @XML2_LIBS@
XMLLINT = @XMLLINT@
XSLTPROC = @XSLTPROC@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
ax_pthread_config = @ax_pthread_config@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
pkcs11_aepkeyper_module = @pkcs11_aepkeyper_module@
pkcs11_etoken_module = @pkcs11_etoken_module@
pkcs11_ncipher_module = @pkcs11_ncipher_module@
pkcs11_opensc_module = @pkcs11_opensc_module@
pkcs11_sca6000_module = @pkcs11_sca6000_module@
pkcs11_softhsm_module = @pkcs11_softhsm_module@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
runstatedir = @runstatedir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
MAINTAINERCLEANFILES = \
config.log config.status \
$(srcdir)/Makefile.in \
$(srcdir)/config.h.in $(srcdir)/config.h.in~ \
$(srcdir)/configure \
$(srcdir)/install-sh $(srcdir)/ltmain.sh $(srcdir)/missing \
$(srcdir)/depcomp $(srcdir)/aclocal.m4 $(srcdir)/compile \
$(srcdir)/config.guess $(srcdir)/config.sub
EXTRA_DIST = \
README \
ods-enforcerd-smf.xml \
ods-signerd-smf.xml \
ods-enforcerd.init.in \
ods-signerd.init.in
all: all-am
.SUFFIXES:
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
&& { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign tools/solaris/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --foreign tools/solaris/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(top_srcdir)/configure: $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
ods-enforcerd.init: $(top_builddir)/config.status $(srcdir)/ods-enforcerd.init.in
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
ods-signerd.init: $(top_builddir)/config.status $(srcdir)/ods-signerd.init.in
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
tags TAGS:
ctags CTAGS:
cscope cscopelist:
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
dist_files=`for file in $$list; do echo $$file; done | \
sed -e "s|^$$srcdirstrip/||;t" \
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
case $$dist_files in \
*/*) $(MKDIR_P) `echo "$$dist_files" | \
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
sort -u` ;; \
esac; \
for file in $$dist_files; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d "$(distdir)/$$file"; then \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
test -f "$(distdir)/$$file" \
|| cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
check-am: all-am
check: check-am
all-am: Makefile
installdirs:
install: install-am
install-exec: install-exec-am
install-data: install-data-am
uninstall: uninstall-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-am
install-strip:
if test -z '$(STRIP)'; then \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
install; \
else \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
fi
mostlyclean-generic:
clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
clean: clean-am
clean-am: clean-generic clean-libtool mostlyclean-am
distclean: distclean-am
-rm -f Makefile
distclean-am: clean-am distclean-generic
dvi: dvi-am
dvi-am:
html: html-am
html-am:
info: info-am
info-am:
install-data-am:
install-dvi: install-dvi-am
install-dvi-am:
install-exec-am:
install-html: install-html-am
install-html-am:
install-info: install-info-am
install-info-am:
install-man:
install-pdf: install-pdf-am
install-pdf-am:
install-ps: install-ps-am
install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-am
mostlyclean-am: mostlyclean-generic mostlyclean-libtool
pdf: pdf-am
pdf-am:
ps: ps-am
ps-am:
uninstall-am:
.MAKE: install-am install-strip
.PHONY: all all-am check check-am clean clean-generic clean-libtool \
cscopelist-am ctags-am distclean distclean-generic \
distclean-libtool distdir dvi dvi-am html html-am info info-am \
install install-am install-data install-data-am install-dvi \
install-dvi-am install-exec install-exec-am install-html \
install-html-am install-info install-info-am install-man \
install-pdf install-pdf-am install-ps install-ps-am \
install-strip installcheck installcheck-am installdirs \
maintainer-clean maintainer-clean-generic mostlyclean \
mostlyclean-generic mostlyclean-libtool pdf pdf-am ps ps-am \
tags-am uninstall uninstall-am
.PRECIOUS: Makefile
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/tools/solaris/README���������������������������������������������������������������0000644�0001750�0001750�00000002233�12650165675�014320� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������Solaris scripts to control OpenDNSSEC processes:
Any package for solaris should probably include something like the following:
In the prototype:
...
i preremove
i postinstall
d none /lib/svc/method/opendnssec 0755 root root
d none /var/svc/manifest/site/opendnssec 0755 root root
d none /lib/svc/method/opendnssec/ods-signerd.init=ods-signerd.init 0555 root root
d none /lib/svc/method/opendnssec/ods-enforcerd.init=ods-enforcerd.init 0555 root root
f none /var/svc/manifest/site/opendnssec/ods-signerd-smf.xml=ods-signerd-smf.xml 0555 root root
f none /var/svc/manifest/site/opendnssec/ods-enforcerd-smf.xml=ods-enforcerd-smf.xml 0555 root root
...
In the preremove
...
/usr/sbin/svcadm disable enforcer
/usr/sbin/svccfg -v delete svc:/site/opendnssec/enforcer:default
/usr/sbin/svcadm disable signer
/usr/sbin/svccfg -v delete svc:/site/opendnssec/signer:default
...
In the postinstall
...
/usr/sbin/svccfg -v import /var/svc/manifest/site/opendnssec/ods-signerd-smf.xml
/usr/sbin/svccfg -v import /var/svc/manifest/site/opendnssec/ods-enforcerd-smf.xml
...
Then you can use:
svcadm [enable|disable] signer
svcadm [enable|disable] enforcer
to control the processes
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/tools/solaris/ods-signerd-smf.xml��������������������������������������������������0000644�0001750�0001750�00000003724�12650165675�017171� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������
OpenDNSSEC
��������������������������������������������opendnssec-1.4.9/tools/Makefile.in������������������������������������������������������������������0000644�0001750�0001750�00000077433�12650165765�014047� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
VPATH = @srcdir@
am__is_gnu_make = { \
if test -z '$(MAKELEVEL)'; then \
false; \
elif test -n '$(MAKE_HOST)'; then \
true; \
elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
true; \
else \
false; \
fi; \
}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
*) echo "am__make_running_with_option: internal error: invalid" \
"target option '$${target_option-}' specified" >&2; \
exit 1;; \
esac; \
has_opt=no; \
sane_makeflags=$$MAKEFLAGS; \
if $(am__is_gnu_make); then \
sane_makeflags=$$MFLAGS; \
else \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
bs=\\; \
sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
| sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
esac; \
fi; \
skip_next=no; \
strip_trailopt () \
{ \
flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
}; \
for flg in $$sane_makeflags; do \
test $$skip_next = yes && { skip_next=no; continue; }; \
case $$flg in \
*=*|--*) continue;; \
-*I) strip_trailopt 'I'; skip_next=yes;; \
-*I?*) strip_trailopt 'I';; \
-*O) strip_trailopt 'O'; skip_next=yes;; \
-*O?*) strip_trailopt 'O';; \
-*l) strip_trailopt 'l'; skip_next=yes;; \
-*l?*) strip_trailopt 'l';; \
-[dEDm]) skip_next=yes;; \
-[JT]) skip_next=yes;; \
esac; \
case $$flg in \
*$$target_option*) has_opt=yes; break;; \
esac; \
done; \
test $$has_opt = yes
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_HEADER = $(INSTALL_DATA)
transform = $(program_transform_name)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = tools
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/acx_broken_setres.m4 \
$(top_srcdir)/m4/acx_check_strptime.m4 \
$(top_srcdir)/m4/acx_cunit.m4 \
$(top_srcdir)/m4/acx_database_backend.m4 \
$(top_srcdir)/m4/acx_dbparams.m4 \
$(top_srcdir)/m4/acx_dlopen.m4 $(top_srcdir)/m4/acx_ldns.m4 \
$(top_srcdir)/m4/acx_libc.m4 $(top_srcdir)/m4/acx_libxml2.m4 \
$(top_srcdir)/m4/acx_mysql.m4 $(top_srcdir)/m4/acx_pedantic.m4 \
$(top_srcdir)/m4/acx_pkcs11_modules.m4 \
$(top_srcdir)/m4/acx_prefixhack.m4 \
$(top_srcdir)/m4/acx_rpath.m4 $(top_srcdir)/m4/acx_rt.m4 \
$(top_srcdir)/m4/acx_sqlite3.m4 $(top_srcdir)/m4/acx_ssl.m4 \
$(top_srcdir)/m4/acx_strict.m4 \
$(top_srcdir)/m4/ax_prog_doxygen.m4 \
$(top_srcdir)/m4/ax_pthread.m4 \
$(top_srcdir)/m4/check_compiler_flag.m4 \
$(top_srcdir)/m4/check_compiler_flag_needed.m4 \
$(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
$(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
$(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/m4/opendnssec_common.m4 $(top_srcdir)/version.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/common/config.h
CONFIG_CLEAN_FILES = ods-control ods-timing.5 opendnssec.7 \
ods-control.8 ods-kasp2html
CONFIG_CLEAN_VPATH_FILES =
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
am__vpath_adj = case $$p in \
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
*) f=$$p;; \
esac;
am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
am__install_max = 40
am__nobase_strip_setup = \
srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
am__nobase_strip = \
for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
am__nobase_list = $(am__nobase_strip_setup); \
for p in $$list; do echo "$$p $$p"; done | \
sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
$(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
if (++n[$$2] == $(am__install_max)) \
{ print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
END { for (dir in files) print dir, files[dir] }'
am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__uninstall_files_from_dir = { \
test -z "$$files" \
|| { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
$(am__cd) "$$dir" && rm -f $$files; }; \
}
am__installdirs = "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" \
"$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man7dir)" \
"$(DESTDIR)$(man8dir)"
SCRIPTS = $(bin_SCRIPTS) $(sbin_SCRIPTS)
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo " GEN " $@;
am__v_GEN_1 =
AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 =
SOURCES =
DIST_SOURCES =
RECURSIVE_TARGETS = all-recursive check-recursive cscopelist-recursive \
ctags-recursive dvi-recursive html-recursive info-recursive \
install-data-recursive install-dvi-recursive \
install-exec-recursive install-html-recursive \
install-info-recursive install-pdf-recursive \
install-ps-recursive install-recursive installcheck-recursive \
installdirs-recursive pdf-recursive ps-recursive \
tags-recursive uninstall-recursive
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
man5dir = $(mandir)/man5
man7dir = $(mandir)/man7
man8dir = $(mandir)/man8
NROFF = nroff
MANS = $(man5_MANS) $(man7_MANS) $(man8_MANS)
RECURSIVE_CLEAN_TARGETS = mostlyclean-recursive clean-recursive \
distclean-recursive maintainer-clean-recursive
am__recursive_targets = \
$(RECURSIVE_TARGETS) \
$(RECURSIVE_CLEAN_TARGETS) \
$(am__extra_recursive_targets)
AM_RECURSIVE_TARGETS = $(am__recursive_targets:-recursive=) TAGS CTAGS \
distdir
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
# Read a list of newline-separated strings from the standard input,
# and print each of them once, without duplicates. Input order is
# *not* preserved.
am__uniquify_input = $(AWK) '\
BEGIN { nonempty = 0; } \
{ items[$$0] = 1; nonempty = 1; } \
END { if (nonempty) { for (i in items) print i; }; } \
'
# Make sure the list of sources is unique. This is necessary because,
# e.g., the same source file might be shared among _SOURCES variables
# for different programs/libraries.
am__define_uniq_tagged_files = \
list='$(am__tagged_files)'; \
unique=`for i in $$list; do \
if test -f "$$i"; then echo $$i; else echo $(srcdir)/$$i; fi; \
done | $(am__uniquify_input)`
ETAGS = etags
CTAGS = ctags
DIST_SUBDIRS = $(SUBDIRS)
am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/ods-control.8.in \
$(srcdir)/ods-control.in $(srcdir)/ods-kasp2html.in \
$(srcdir)/ods-timing.5.in $(srcdir)/opendnssec.7.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
am__relativize = \
dir0=`pwd`; \
sed_first='s,^\([^/]*\)/.*$$,\1,'; \
sed_rest='s,^[^/]*/*,,'; \
sed_last='s,^.*/\([^/]*\)$$,\1,'; \
sed_butlast='s,/*[^/]*$$,,'; \
while test -n "$$dir1"; do \
first=`echo "$$dir1" | sed -e "$$sed_first"`; \
if test "$$first" != "."; then \
if test "$$first" = ".."; then \
dir2=`echo "$$dir0" | sed -e "$$sed_last"`/"$$dir2"; \
dir0=`echo "$$dir0" | sed -e "$$sed_butlast"`; \
else \
first2=`echo "$$dir2" | sed -e "$$sed_first"`; \
if test "$$first2" = "$$first"; then \
dir2=`echo "$$dir2" | sed -e "$$sed_rest"`; \
else \
dir2="../$$dir2"; \
fi; \
dir0="$$dir0"/"$$first"; \
fi; \
fi; \
dir1=`echo "$$dir1" | sed -e "$$sed_rest"`; \
done; \
reldir="$$dir2"
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CP = @CP@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CUCUMBER = @CUCUMBER@
CUNIT_INCLUDES = @CUNIT_INCLUDES@
CUNIT_LIBS = @CUNIT_LIBS@
CYGPATH_W = @CYGPATH_W@
C_LIBS = @C_LIBS@
DB_HOST = @DB_HOST@
DB_INCLUDES = @DB_INCLUDES@
DB_LIBS = @DB_LIBS@
DB_NAME = @DB_NAME@
DB_PASS = @DB_PASS@
DB_PORT = @DB_PORT@
DB_TYPE = @DB_TYPE@
DB_USER = @DB_USER@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DLLTOOL = @DLLTOOL@
DOXYGEN_PAPER_SIZE = @DOXYGEN_PAPER_SIZE@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
DX_CONFIG = @DX_CONFIG@
DX_DOCDIR = @DX_DOCDIR@
DX_DOT = @DX_DOT@
DX_DOXYGEN = @DX_DOXYGEN@
DX_DVIPS = @DX_DVIPS@
DX_EGREP = @DX_EGREP@
DX_ENV = @DX_ENV@
DX_FLAG_chi = @DX_FLAG_chi@
DX_FLAG_chm = @DX_FLAG_chm@
DX_FLAG_doc = @DX_FLAG_doc@
DX_FLAG_dot = @DX_FLAG_dot@
DX_FLAG_html = @DX_FLAG_html@
DX_FLAG_man = @DX_FLAG_man@
DX_FLAG_pdf = @DX_FLAG_pdf@
DX_FLAG_ps = @DX_FLAG_ps@
DX_FLAG_rtf = @DX_FLAG_rtf@
DX_FLAG_xml = @DX_FLAG_xml@
DX_HHC = @DX_HHC@
DX_LATEX = @DX_LATEX@
DX_MAKEINDEX = @DX_MAKEINDEX@
DX_PDFLATEX = @DX_PDFLATEX@
DX_PERL = @DX_PERL@
DX_PROJECT = @DX_PROJECT@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
HAVE_SSL = @HAVE_SSL@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
JAVA = @JAVA@
LD = @LD@
LDFLAGS = @LDFLAGS@
LDNS_CONFIG = @LDNS_CONFIG@
LDNS_INCLUDES = @LDNS_INCLUDES@
LDNS_LIBS = @LDNS_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
MYSQL = @MYSQL@
MYSQL_CONFIG = @MYSQL_CONFIG@
MYSQL_INCLUDES = @MYSQL_INCLUDES@
MYSQL_LIBS = @MYSQL_LIBS@
NM = @NM@
NMEDIT = @NMEDIT@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OPENDNSSEC_BIN_DIR = @OPENDNSSEC_BIN_DIR@
OPENDNSSEC_CONFIG_DIR = @OPENDNSSEC_CONFIG_DIR@
OPENDNSSEC_CONFIG_FILE = @OPENDNSSEC_CONFIG_FILE@
OPENDNSSEC_DATA_DIR = @OPENDNSSEC_DATA_DIR@
OPENDNSSEC_ENFORCER_PIDFILE = @OPENDNSSEC_ENFORCER_PIDFILE@
OPENDNSSEC_FETCH_PIDFILE = @OPENDNSSEC_FETCH_PIDFILE@
OPENDNSSEC_LIBEXEC_DIR = @OPENDNSSEC_LIBEXEC_DIR@
OPENDNSSEC_LIB_DIR = @OPENDNSSEC_LIB_DIR@
OPENDNSSEC_LOCALSTATE_DIR = @OPENDNSSEC_LOCALSTATE_DIR@
OPENDNSSEC_PID_DIR = @OPENDNSSEC_PID_DIR@
OPENDNSSEC_SBIN_DIR = @OPENDNSSEC_SBIN_DIR@
OPENDNSSEC_SCHEMA_DIR = @OPENDNSSEC_SCHEMA_DIR@
OPENDNSSEC_SIGNER_CLI = @OPENDNSSEC_SIGNER_CLI@
OPENDNSSEC_SIGNER_ENGINE = @OPENDNSSEC_SIGNER_ENGINE@
OPENDNSSEC_SIGNER_PIDFILE = @OPENDNSSEC_SIGNER_PIDFILE@
OPENDNSSEC_SIGNER_SOCKET = @OPENDNSSEC_SIGNER_SOCKET@
OPENDNSSEC_STATE_DIR = @OPENDNSSEC_STATE_DIR@
OPENDNSSEC_SYSCONF_DIR = @OPENDNSSEC_SYSCONF_DIR@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PTHREAD_CC = @PTHREAD_CC@
PTHREAD_CFLAGS = @PTHREAD_CFLAGS@
PTHREAD_LIBS = @PTHREAD_LIBS@
RANLIB = @RANLIB@
RT_LIBS = @RT_LIBS@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
SQLITE3 = @SQLITE3@
SQLITE3_INCLUDES = @SQLITE3_INCLUDES@
SQLITE3_LIBS = @SQLITE3_LIBS@
SSL_INCLUDES = @SSL_INCLUDES@
SSL_LIBS = @SSL_LIBS@
STRIP = @STRIP@
VERSION = @VERSION@
XML2_CONFIG = @XML2_CONFIG@
XML2_INCLUDES = @XML2_INCLUDES@
XML2_LIBS = @XML2_LIBS@
XMLLINT = @XMLLINT@
XSLTPROC = @XSLTPROC@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
ax_pthread_config = @ax_pthread_config@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
pkcs11_aepkeyper_module = @pkcs11_aepkeyper_module@
pkcs11_etoken_module = @pkcs11_etoken_module@
pkcs11_ncipher_module = @pkcs11_ncipher_module@
pkcs11_opensc_module = @pkcs11_opensc_module@
pkcs11_sca6000_module = @pkcs11_sca6000_module@
pkcs11_softhsm_module = @pkcs11_softhsm_module@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
runstatedir = @runstatedir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
MAINTAINERCLEANFILES = $(srcdir)/Makefile.in
SUBDIRS = solaris
sbin_SCRIPTS = ods-control
bin_SCRIPTS = ods-kasp2html
man5_MANS = ods-timing.5
man7_MANS = opendnssec.7
man8_MANS = ods-control.8
all: all-recursive
.SUFFIXES:
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
&& { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign tools/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --foreign tools/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(top_srcdir)/configure: $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
ods-control: $(top_builddir)/config.status $(srcdir)/ods-control.in
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
ods-timing.5: $(top_builddir)/config.status $(srcdir)/ods-timing.5.in
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
opendnssec.7: $(top_builddir)/config.status $(srcdir)/opendnssec.7.in
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
ods-control.8: $(top_builddir)/config.status $(srcdir)/ods-control.8.in
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
ods-kasp2html: $(top_builddir)/config.status $(srcdir)/ods-kasp2html.in
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
install-binSCRIPTS: $(bin_SCRIPTS)
@$(NORMAL_INSTALL)
@list='$(bin_SCRIPTS)'; test -n "$(bindir)" || list=; \
if test -n "$$list"; then \
echo " $(MKDIR_P) '$(DESTDIR)$(bindir)'"; \
$(MKDIR_P) "$(DESTDIR)$(bindir)" || exit 1; \
fi; \
for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
done | \
sed -e 'p;s,.*/,,;n' \
-e 'h;s|.*|.|' \
-e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
{ d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
if ($$2 == $$4) { files[d] = files[d] " " $$1; \
if (++n[d] == $(am__install_max)) { \
print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
else { print "f", d "/" $$4, $$1 } } \
END { for (d in files) print "f", d, files[d] }' | \
while read type dir files; do \
if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
test -z "$$files" || { \
echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(bindir)$$dir'"; \
$(INSTALL_SCRIPT) $$files "$(DESTDIR)$(bindir)$$dir" || exit $$?; \
} \
; done
uninstall-binSCRIPTS:
@$(NORMAL_UNINSTALL)
@list='$(bin_SCRIPTS)'; test -n "$(bindir)" || exit 0; \
files=`for p in $$list; do echo "$$p"; done | \
sed -e 's,.*/,,;$(transform)'`; \
dir='$(DESTDIR)$(bindir)'; $(am__uninstall_files_from_dir)
install-sbinSCRIPTS: $(sbin_SCRIPTS)
@$(NORMAL_INSTALL)
@list='$(sbin_SCRIPTS)'; test -n "$(sbindir)" || list=; \
if test -n "$$list"; then \
echo " $(MKDIR_P) '$(DESTDIR)$(sbindir)'"; \
$(MKDIR_P) "$(DESTDIR)$(sbindir)" || exit 1; \
fi; \
for p in $$list; do \
if test -f "$$p"; then d=; else d="$(srcdir)/"; fi; \
if test -f "$$d$$p"; then echo "$$d$$p"; echo "$$p"; else :; fi; \
done | \
sed -e 'p;s,.*/,,;n' \
-e 'h;s|.*|.|' \
-e 'p;x;s,.*/,,;$(transform)' | sed 'N;N;N;s,\n, ,g' | \
$(AWK) 'BEGIN { files["."] = ""; dirs["."] = 1; } \
{ d=$$3; if (dirs[d] != 1) { print "d", d; dirs[d] = 1 } \
if ($$2 == $$4) { files[d] = files[d] " " $$1; \
if (++n[d] == $(am__install_max)) { \
print "f", d, files[d]; n[d] = 0; files[d] = "" } } \
else { print "f", d "/" $$4, $$1 } } \
END { for (d in files) print "f", d, files[d] }' | \
while read type dir files; do \
if test "$$dir" = .; then dir=; else dir=/$$dir; fi; \
test -z "$$files" || { \
echo " $(INSTALL_SCRIPT) $$files '$(DESTDIR)$(sbindir)$$dir'"; \
$(INSTALL_SCRIPT) $$files "$(DESTDIR)$(sbindir)$$dir" || exit $$?; \
} \
; done
uninstall-sbinSCRIPTS:
@$(NORMAL_UNINSTALL)
@list='$(sbin_SCRIPTS)'; test -n "$(sbindir)" || exit 0; \
files=`for p in $$list; do echo "$$p"; done | \
sed -e 's,.*/,,;$(transform)'`; \
dir='$(DESTDIR)$(sbindir)'; $(am__uninstall_files_from_dir)
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
install-man5: $(man5_MANS)
@$(NORMAL_INSTALL)
@list1='$(man5_MANS)'; \
list2=''; \
test -n "$(man5dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
echo " $(MKDIR_P) '$(DESTDIR)$(man5dir)'"; \
$(MKDIR_P) "$(DESTDIR)$(man5dir)" || exit 1; \
{ for i in $$list1; do echo "$$i"; done; \
if test -n "$$list2"; then \
for i in $$list2; do echo "$$i"; done \
| sed -n '/\.5[a-z]*$$/p'; \
fi; \
} | while read p; do \
if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; echo "$$p"; \
done | \
sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
sed 'N;N;s,\n, ,g' | { \
list=; while read file base inst; do \
if test "$$base" = "$$inst"; then list="$$list $$file"; else \
echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man5dir)/$$inst'"; \
$(INSTALL_DATA) "$$file" "$(DESTDIR)$(man5dir)/$$inst" || exit $$?; \
fi; \
done; \
for i in $$list; do echo "$$i"; done | $(am__base_list) | \
while read files; do \
test -z "$$files" || { \
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man5dir)'"; \
$(INSTALL_DATA) $$files "$(DESTDIR)$(man5dir)" || exit $$?; }; \
done; }
uninstall-man5:
@$(NORMAL_UNINSTALL)
@list='$(man5_MANS)'; test -n "$(man5dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^5][0-9a-z]*$$,5,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
dir='$(DESTDIR)$(man5dir)'; $(am__uninstall_files_from_dir)
install-man7: $(man7_MANS)
@$(NORMAL_INSTALL)
@list1='$(man7_MANS)'; \
list2=''; \
test -n "$(man7dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
echo " $(MKDIR_P) '$(DESTDIR)$(man7dir)'"; \
$(MKDIR_P) "$(DESTDIR)$(man7dir)" || exit 1; \
{ for i in $$list1; do echo "$$i"; done; \
if test -n "$$list2"; then \
for i in $$list2; do echo "$$i"; done \
| sed -n '/\.7[a-z]*$$/p'; \
fi; \
} | while read p; do \
if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; echo "$$p"; \
done | \
sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^7][0-9a-z]*$$,7,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
sed 'N;N;s,\n, ,g' | { \
list=; while read file base inst; do \
if test "$$base" = "$$inst"; then list="$$list $$file"; else \
echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man7dir)/$$inst'"; \
$(INSTALL_DATA) "$$file" "$(DESTDIR)$(man7dir)/$$inst" || exit $$?; \
fi; \
done; \
for i in $$list; do echo "$$i"; done | $(am__base_list) | \
while read files; do \
test -z "$$files" || { \
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man7dir)'"; \
$(INSTALL_DATA) $$files "$(DESTDIR)$(man7dir)" || exit $$?; }; \
done; }
uninstall-man7:
@$(NORMAL_UNINSTALL)
@list='$(man7_MANS)'; test -n "$(man7dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^7][0-9a-z]*$$,7,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
dir='$(DESTDIR)$(man7dir)'; $(am__uninstall_files_from_dir)
install-man8: $(man8_MANS)
@$(NORMAL_INSTALL)
@list1='$(man8_MANS)'; \
list2=''; \
test -n "$(man8dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \
$(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \
{ for i in $$list1; do echo "$$i"; done; \
if test -n "$$list2"; then \
for i in $$list2; do echo "$$i"; done \
| sed -n '/\.8[a-z]*$$/p'; \
fi; \
} | while read p; do \
if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; echo "$$p"; \
done | \
sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
sed 'N;N;s,\n, ,g' | { \
list=; while read file base inst; do \
if test "$$base" = "$$inst"; then list="$$list $$file"; else \
echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
$(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
fi; \
done; \
for i in $$list; do echo "$$i"; done | $(am__base_list) | \
while read files; do \
test -z "$$files" || { \
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
$(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
done; }
uninstall-man8:
@$(NORMAL_UNINSTALL)
@list='$(man8_MANS)'; test -n "$(man8dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
# This directory's subdirectories are mostly independent; you can cd
# into them and run 'make' without going through this Makefile.
# To change the values of 'make' variables: instead of editing Makefiles,
# (1) if the variable is set in 'config.status', edit 'config.status'
# (which will cause the Makefiles to be regenerated when you run 'make');
# (2) otherwise, pass the desired values on the 'make' command line.
$(am__recursive_targets):
@fail=; \
if $(am__make_keepgoing); then \
failcom='fail=yes'; \
else \
failcom='exit 1'; \
fi; \
dot_seen=no; \
target=`echo $@ | sed s/-recursive//`; \
case "$@" in \
distclean-* | maintainer-clean-*) list='$(DIST_SUBDIRS)' ;; \
*) list='$(SUBDIRS)' ;; \
esac; \
for subdir in $$list; do \
echo "Making $$target in $$subdir"; \
if test "$$subdir" = "."; then \
dot_seen=yes; \
local_target="$$target-am"; \
else \
local_target="$$target"; \
fi; \
($(am__cd) $$subdir && $(MAKE) $(AM_MAKEFLAGS) $$local_target) \
|| eval $$failcom; \
done; \
if test "$$dot_seen" = "no"; then \
$(MAKE) $(AM_MAKEFLAGS) "$$target-am" || exit 1; \
fi; test -z "$$fail"
ID: $(am__tagged_files)
$(am__define_uniq_tagged_files); mkid -fID $$unique
tags: tags-recursive
TAGS: tags
tags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
set x; \
here=`pwd`; \
if ($(ETAGS) --etags-include --version) >/dev/null 2>&1; then \
include_option=--etags-include; \
empty_fix=.; \
else \
include_option=--include; \
empty_fix=; \
fi; \
list='$(SUBDIRS)'; for subdir in $$list; do \
if test "$$subdir" = .; then :; else \
test ! -f $$subdir/TAGS || \
set "$$@" "$$include_option=$$here/$$subdir/TAGS"; \
fi; \
done; \
$(am__define_uniq_tagged_files); \
shift; \
if test -z "$(ETAGS_ARGS)$$*$$unique"; then :; else \
test -n "$$unique" || unique=$$empty_fix; \
if test $$# -gt 0; then \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
"$$@" $$unique; \
else \
$(ETAGS) $(ETAGSFLAGS) $(AM_ETAGSFLAGS) $(ETAGS_ARGS) \
$$unique; \
fi; \
fi
ctags: ctags-recursive
CTAGS: ctags
ctags-am: $(TAGS_DEPENDENCIES) $(am__tagged_files)
$(am__define_uniq_tagged_files); \
test -z "$(CTAGS_ARGS)$$unique" \
|| $(CTAGS) $(CTAGSFLAGS) $(AM_CTAGSFLAGS) $(CTAGS_ARGS) \
$$unique
GTAGS:
here=`$(am__cd) $(top_builddir) && pwd` \
&& $(am__cd) $(top_srcdir) \
&& gtags -i $(GTAGS_ARGS) "$$here"
cscopelist: cscopelist-recursive
cscopelist-am: $(am__tagged_files)
list='$(am__tagged_files)'; \
case "$(srcdir)" in \
[\\/]* | ?:[\\/]*) sdir="$(srcdir)" ;; \
*) sdir=$(subdir)/$(srcdir) ;; \
esac; \
for i in $$list; do \
if test -f "$$i"; then \
echo "$(subdir)/$$i"; \
else \
echo "$$sdir/$$i"; \
fi; \
done >> $(top_builddir)/cscope.files
distclean-tags:
-rm -f TAGS ID GTAGS GRTAGS GSYMS GPATH tags
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
dist_files=`for file in $$list; do echo $$file; done | \
sed -e "s|^$$srcdirstrip/||;t" \
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
case $$dist_files in \
*/*) $(MKDIR_P) `echo "$$dist_files" | \
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
sort -u` ;; \
esac; \
for file in $$dist_files; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d "$(distdir)/$$file"; then \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
test -f "$(distdir)/$$file" \
|| cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
@list='$(DIST_SUBDIRS)'; for subdir in $$list; do \
if test "$$subdir" = .; then :; else \
$(am__make_dryrun) \
|| test -d "$(distdir)/$$subdir" \
|| $(MKDIR_P) "$(distdir)/$$subdir" \
|| exit 1; \
dir1=$$subdir; dir2="$(distdir)/$$subdir"; \
$(am__relativize); \
new_distdir=$$reldir; \
dir1=$$subdir; dir2="$(top_distdir)"; \
$(am__relativize); \
new_top_distdir=$$reldir; \
echo " (cd $$subdir && $(MAKE) $(AM_MAKEFLAGS) top_distdir="$$new_top_distdir" distdir="$$new_distdir" \\"; \
echo " am__remove_distdir=: am__skip_length_check=: am__skip_mode_fix=: distdir)"; \
($(am__cd) $$subdir && \
$(MAKE) $(AM_MAKEFLAGS) \
top_distdir="$$new_top_distdir" \
distdir="$$new_distdir" \
am__remove_distdir=: \
am__skip_length_check=: \
am__skip_mode_fix=: \
distdir) \
|| exit 1; \
fi; \
done
check-am: all-am
check: check-recursive
all-am: Makefile $(SCRIPTS) $(MANS)
installdirs: installdirs-recursive
installdirs-am:
for dir in "$(DESTDIR)$(bindir)" "$(DESTDIR)$(sbindir)" "$(DESTDIR)$(man5dir)" "$(DESTDIR)$(man7dir)" "$(DESTDIR)$(man8dir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-recursive
install-exec: install-exec-recursive
install-data: install-data-recursive
uninstall: uninstall-recursive
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-recursive
install-strip:
if test -z '$(STRIP)'; then \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
install; \
else \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
fi
mostlyclean-generic:
clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
clean: clean-recursive
clean-am: clean-generic clean-libtool mostlyclean-am
distclean: distclean-recursive
-rm -f Makefile
distclean-am: clean-am distclean-generic distclean-tags
dvi: dvi-recursive
dvi-am:
html: html-recursive
html-am:
info: info-recursive
info-am:
install-data-am: install-man
install-dvi: install-dvi-recursive
install-dvi-am:
install-exec-am: install-binSCRIPTS install-sbinSCRIPTS
install-html: install-html-recursive
install-html-am:
install-info: install-info-recursive
install-info-am:
install-man: install-man5 install-man7 install-man8
install-pdf: install-pdf-recursive
install-pdf-am:
install-ps: install-ps-recursive
install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-recursive
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-recursive
mostlyclean-am: mostlyclean-generic mostlyclean-libtool
pdf: pdf-recursive
pdf-am:
ps: ps-recursive
ps-am:
uninstall-am: uninstall-binSCRIPTS uninstall-man uninstall-sbinSCRIPTS
uninstall-man: uninstall-man5 uninstall-man7 uninstall-man8
.MAKE: $(am__recursive_targets) install-am install-strip
.PHONY: $(am__recursive_targets) CTAGS GTAGS TAGS all all-am check \
check-am clean clean-generic clean-libtool cscopelist-am ctags \
ctags-am distclean distclean-generic distclean-libtool \
distclean-tags distdir dvi dvi-am html html-am info info-am \
install install-am install-binSCRIPTS install-data \
install-data-am install-dvi install-dvi-am install-exec \
install-exec-am install-html install-html-am install-info \
install-info-am install-man install-man5 install-man7 \
install-man8 install-pdf install-pdf-am install-ps \
install-ps-am install-sbinSCRIPTS install-strip installcheck \
installcheck-am installdirs installdirs-am maintainer-clean \
maintainer-clean-generic mostlyclean mostlyclean-generic \
mostlyclean-libtool pdf pdf-am ps ps-am tags tags-am uninstall \
uninstall-am uninstall-binSCRIPTS uninstall-man uninstall-man5 \
uninstall-man7 uninstall-man8 uninstall-sbinSCRIPTS
.PRECIOUS: Makefile
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/tools/ods-control.8.in�������������������������������������������������������������0000644�0001750�0001750�00000003327�12650165732�014724� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������.TH "ods-control" "8" "February 2010" "OpenDNSSEC" "OpenDNSSEC ods-control"
.SH "NAME"
.LP
.B ods\-control
\- OpenDNSSEC control utility
.SH "SYNOPSIS"
.LP
.B ods\-control ksm ...
.br
.B ods\-control hsm ...
.br
.B ods\-control signer ...
.br
.B ods\-control start
.br
.B ods\-control stop
.br
.B ods\-control enforcer start
.br
.B ods\-control enforcer stop
.br
.B ods\-control enforcer notify
.SH "DESCRIPTION"
.LP
ods\-control is a helper utility which gives a combined interface for different
command utilities within OpenDNSSEC. It can also start and stop OpenDNSSEC by
controlling the two daemons.
.SH "OPTIONS"
.LP
.TP
\fBksm\fR
The remainder of the command line will be sent to the ods\-ksmutil utility
.TP
\fBhsm\fR
The remainder of the command line will be sent to the ods\-hsmutil utility
.TP
\fBsigner\fR
The remainder of the command line will be sent to the ods\-signer utility
.TP
\fBstart\fR
Will start the two daemons of OpenDNSSEC, ods\-enforcerd and ods\-signerd
.TP
\fBstop\fR
Will stop the two daemons of OpenDNSSEC, ods\-enforcerd and ods\-signerd
.TP
\fBenforcer start\fR
Start the ods\-enforcerd daemon without touching the ods\-signerd and
return non-zero on problems
.TP
\fBenforcer stop\fR
Stop the ods\-enforcerd daemon without touching the ods\-signerd and
return non-zero on problems
.TP
\fBenforcer notify\fR
Notify the enforcer that its database has been updated and may need
further processing by the KASP Enforcer.
.SH "SEE ALSO"
.LP
ods\-enforcerd(8), ods\-hsmspeed(1),
ods\-hsmutil(1), ods\-kaspcheck(1), ods\-ksmutil(1), ods\-signer(8),
ods\-signerd(8), ods\-timing(5), opendnssec(7),
.B http://www.opendnssec.org/
.SH "AUTHORS"
.LP
.B ods\-control
was written by Jakob Schlyter as part of the OpenDNSSEC project.
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/����������������������������������������������������������������������������0000755�0001750�0001750�00000000000�12650166152�012162� 5����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/Makefile.am�����������������������������������������������������������������0000644�0001750�0001750�00000000451�12650165675�014147� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������MAINTAINERCLEANFILES = $(srcdir)/Makefile.in
SUBDIRS = src man
doxygen:
rm -fr $(top_builddir)/signer/doxygen-doc
env $(DX_ENV) \
PROJECT_NAME="OpenDNSSEC-signer" \
SRCDIR=$(top_srcdir)/signer \
OUTPUTDIR=$(top_builddir)/signer/doxygen-doc \
$(DX_DOXYGEN) $(top_builddir)/$(DX_CONFIG)
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/man/������������������������������������������������������������������������0000755�0001750�0001750�00000000000�12650166152�012735� 5����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/man/Makefile.am�������������������������������������������������������������0000644�0001750�0001750�00000000144�12650165732�014713� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������MAINTAINERCLEANFILES = $(srcdir)/Makefile.in
man8_MANS = ods-signer.8 ods-signerd.8 ods-getconf.8
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/man/ods-getconf.8.in��������������������������������������������������������0000644�0001750�0001750�00000001675�12650165732�015577� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������.TH "ods-getconf" "8" "May 2014" "OpenDNSSEC" "OpenDNSSEC ods-getconf"
.SH "NAME"
.B ods\-getconf
\- OpenDNSSEC get configuration values
.LP
.SH "SYNOPSIS"
.B ods\-getconf
.RB [ \-c
.IR FILE ]
.RB [ \-h ]
.RB [ \-V ] expr
.LP
.SH "DESCRIPTION"
ods\-getconf is part of the OpenDNSSEC software. With this tool, you can extract
the value of a configuration option by giving the appropriate expression. For more
information, go to
.B http://www.opendnssec.org
and visit the Documentation page.
.LP
.SH "OPTIONS"
.LP
.TP
.B \-c\fI FILE
Read configuration from file, instead of using the default.
.TP
.B \-h
Show this help.
.TP
.B \-V
Show version and exit.
.LP
.SH "SEE ALSO"
.LP
ods\-control(8), ods\-enforcerd(8), ods\-hsmspeed(1),
ods\-hsmutil(1), ods\-kaspcheck(1), ods\-ksmutil(1),
ods\-signerd(8), ods\-timing(5), opendnssec(7),
.B http://www.opendnssec.org/
.SH "AUTHORS"
.LP
.B ods\-getconf was written by NLnet Labs as part of the OpenDNSSEC project.
�������������������������������������������������������������������opendnssec-1.4.9/signer/man/ods-signer.8.in���������������������������������������������������������0000644�0001750�0001750�00000002105�12650165732�015426� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������.TH "ods-signer" "8" "February 2012" "OpenDNSSEC" "OpenDNSSEC ods-signer"
.SH "NAME"
.B ods\-signer
\- OpenDNSSEC Signer Engine client
.LP
.SH "SYNOPSIS"
.B ods\-signer
.RB [ \-h ]
.I clear
.IR
|
.I flush
|
.I queue
|
.I reload
|
.I running
|
.I sign
.IR [ \-\-serial ]
|
.I sign \-\-all
|
.I start
|
.I stop
|
.I update
.RB [ \-\-all ]
|
.I update
.IR
|
.I retransfer
.IR
|
.I verbosity
.IR
|
.I zones
.LP
.SH "DESCRIPTION"
ods\-signer is part of the OpenDNSSEC software. With this tool, you can send
commands to the signer engine daemon. For more information, go to
.B http://www.opendnssec.org
and visit the Documentation page.
.LP
.SH "OPTIONS"
.LP
.TP
.B \-h
Show this help.
.P
.SH "DIAGNOSTICS"
.LP
will log all the problems via stderr.
.SH "SEE ALSO"
.LP
ods\-control(8), ods\-enforcerd(8), ods\-hsmspeed(1),
ods\-hsmutil(1), ods\-kaspcheck(1), ods\-ksmutil(1),
ods\-signerd(8), ods\-timing(5), opendnssec(7),
.B http://www.opendnssec.org/
.SH "AUTHORS"
.LP
.B ods\-signer
was written by NLnet Labs as part of the OpenDNSSEC project.
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/man/Makefile.in�������������������������������������������������������������0000644�0001750�0001750�00000045412�12650165765�014741� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������# Makefile.in generated by automake 1.15 from Makefile.am.
# @configure_input@
# Copyright (C) 1994-2014 Free Software Foundation, Inc.
# This Makefile.in is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
@SET_MAKE@
VPATH = @srcdir@
am__is_gnu_make = { \
if test -z '$(MAKELEVEL)'; then \
false; \
elif test -n '$(MAKE_HOST)'; then \
true; \
elif test -n '$(MAKE_VERSION)' && test -n '$(CURDIR)'; then \
true; \
else \
false; \
fi; \
}
am__make_running_with_option = \
case $${target_option-} in \
?) ;; \
*) echo "am__make_running_with_option: internal error: invalid" \
"target option '$${target_option-}' specified" >&2; \
exit 1;; \
esac; \
has_opt=no; \
sane_makeflags=$$MAKEFLAGS; \
if $(am__is_gnu_make); then \
sane_makeflags=$$MFLAGS; \
else \
case $$MAKEFLAGS in \
*\\[\ \ ]*) \
bs=\\; \
sane_makeflags=`printf '%s\n' "$$MAKEFLAGS" \
| sed "s/$$bs$$bs[$$bs $$bs ]*//g"`;; \
esac; \
fi; \
skip_next=no; \
strip_trailopt () \
{ \
flg=`printf '%s\n' "$$flg" | sed "s/$$1.*$$//"`; \
}; \
for flg in $$sane_makeflags; do \
test $$skip_next = yes && { skip_next=no; continue; }; \
case $$flg in \
*=*|--*) continue;; \
-*I) strip_trailopt 'I'; skip_next=yes;; \
-*I?*) strip_trailopt 'I';; \
-*O) strip_trailopt 'O'; skip_next=yes;; \
-*O?*) strip_trailopt 'O';; \
-*l) strip_trailopt 'l'; skip_next=yes;; \
-*l?*) strip_trailopt 'l';; \
-[dEDm]) skip_next=yes;; \
-[JT]) skip_next=yes;; \
esac; \
case $$flg in \
*$$target_option*) has_opt=yes; break;; \
esac; \
done; \
test $$has_opt = yes
am__make_dryrun = (target_option=n; $(am__make_running_with_option))
am__make_keepgoing = (target_option=k; $(am__make_running_with_option))
pkgdatadir = $(datadir)/@PACKAGE@
pkgincludedir = $(includedir)/@PACKAGE@
pkglibdir = $(libdir)/@PACKAGE@
pkglibexecdir = $(libexecdir)/@PACKAGE@
am__cd = CDPATH="$${ZSH_VERSION+.}$(PATH_SEPARATOR)" && cd
install_sh_DATA = $(install_sh) -c -m 644
install_sh_PROGRAM = $(install_sh) -c
install_sh_SCRIPT = $(install_sh) -c
INSTALL_HEADER = $(INSTALL_DATA)
transform = $(program_transform_name)
NORMAL_INSTALL = :
PRE_INSTALL = :
POST_INSTALL = :
NORMAL_UNINSTALL = :
PRE_UNINSTALL = :
POST_UNINSTALL = :
build_triplet = @build@
host_triplet = @host@
subdir = signer/man
ACLOCAL_M4 = $(top_srcdir)/aclocal.m4
am__aclocal_m4_deps = $(top_srcdir)/m4/acx_broken_setres.m4 \
$(top_srcdir)/m4/acx_check_strptime.m4 \
$(top_srcdir)/m4/acx_cunit.m4 \
$(top_srcdir)/m4/acx_database_backend.m4 \
$(top_srcdir)/m4/acx_dbparams.m4 \
$(top_srcdir)/m4/acx_dlopen.m4 $(top_srcdir)/m4/acx_ldns.m4 \
$(top_srcdir)/m4/acx_libc.m4 $(top_srcdir)/m4/acx_libxml2.m4 \
$(top_srcdir)/m4/acx_mysql.m4 $(top_srcdir)/m4/acx_pedantic.m4 \
$(top_srcdir)/m4/acx_pkcs11_modules.m4 \
$(top_srcdir)/m4/acx_prefixhack.m4 \
$(top_srcdir)/m4/acx_rpath.m4 $(top_srcdir)/m4/acx_rt.m4 \
$(top_srcdir)/m4/acx_sqlite3.m4 $(top_srcdir)/m4/acx_ssl.m4 \
$(top_srcdir)/m4/acx_strict.m4 \
$(top_srcdir)/m4/ax_prog_doxygen.m4 \
$(top_srcdir)/m4/ax_pthread.m4 \
$(top_srcdir)/m4/check_compiler_flag.m4 \
$(top_srcdir)/m4/check_compiler_flag_needed.m4 \
$(top_srcdir)/m4/libtool.m4 $(top_srcdir)/m4/ltoptions.m4 \
$(top_srcdir)/m4/ltsugar.m4 $(top_srcdir)/m4/ltversion.m4 \
$(top_srcdir)/m4/lt~obsolete.m4 \
$(top_srcdir)/m4/opendnssec_common.m4 $(top_srcdir)/version.m4 \
$(top_srcdir)/configure.ac
am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
$(ACLOCAL_M4)
DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
mkinstalldirs = $(install_sh) -d
CONFIG_HEADER = $(top_builddir)/common/config.h
CONFIG_CLEAN_FILES = ods-getconf.8 ods-signer.8 ods-signerd.8
CONFIG_CLEAN_VPATH_FILES =
AM_V_P = $(am__v_P_@AM_V@)
am__v_P_ = $(am__v_P_@AM_DEFAULT_V@)
am__v_P_0 = false
am__v_P_1 = :
AM_V_GEN = $(am__v_GEN_@AM_V@)
am__v_GEN_ = $(am__v_GEN_@AM_DEFAULT_V@)
am__v_GEN_0 = @echo " GEN " $@;
am__v_GEN_1 =
AM_V_at = $(am__v_at_@AM_V@)
am__v_at_ = $(am__v_at_@AM_DEFAULT_V@)
am__v_at_0 = @
am__v_at_1 =
SOURCES =
DIST_SOURCES =
am__can_run_installinfo = \
case $$AM_UPDATE_INFO_DIR in \
n|no|NO) false;; \
*) (install-info --version) >/dev/null 2>&1;; \
esac
am__vpath_adj_setup = srcdirstrip=`echo "$(srcdir)" | sed 's|.|.|g'`;
am__vpath_adj = case $$p in \
$(srcdir)/*) f=`echo "$$p" | sed "s|^$$srcdirstrip/||"`;; \
*) f=$$p;; \
esac;
am__strip_dir = f=`echo $$p | sed -e 's|^.*/||'`;
am__install_max = 40
am__nobase_strip_setup = \
srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*|]/\\\\&/g'`
am__nobase_strip = \
for p in $$list; do echo "$$p"; done | sed -e "s|$$srcdirstrip/||"
am__nobase_list = $(am__nobase_strip_setup); \
for p in $$list; do echo "$$p $$p"; done | \
sed "s| $$srcdirstrip/| |;"' / .*\//!s/ .*/ ./; s,\( .*\)/[^/]*$$,\1,' | \
$(AWK) 'BEGIN { files["."] = "" } { files[$$2] = files[$$2] " " $$1; \
if (++n[$$2] == $(am__install_max)) \
{ print $$2, files[$$2]; n[$$2] = 0; files[$$2] = "" } } \
END { for (dir in files) print dir, files[dir] }'
am__base_list = \
sed '$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;$$!N;s/\n/ /g' | \
sed '$$!N;$$!N;$$!N;$$!N;s/\n/ /g'
am__uninstall_files_from_dir = { \
test -z "$$files" \
|| { test ! -d "$$dir" && test ! -f "$$dir" && test ! -r "$$dir"; } \
|| { echo " ( cd '$$dir' && rm -f" $$files ")"; \
$(am__cd) "$$dir" && rm -f $$files; }; \
}
man8dir = $(mandir)/man8
am__installdirs = "$(DESTDIR)$(man8dir)"
NROFF = nroff
MANS = $(man8_MANS)
am__tagged_files = $(HEADERS) $(SOURCES) $(TAGS_FILES) $(LISP)
am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/ods-getconf.8.in \
$(srcdir)/ods-signer.8.in $(srcdir)/ods-signerd.8.in
DISTFILES = $(DIST_COMMON) $(DIST_SOURCES) $(TEXINFOS) $(EXTRA_DIST)
ACLOCAL = @ACLOCAL@
AMTAR = @AMTAR@
AM_DEFAULT_VERBOSITY = @AM_DEFAULT_VERBOSITY@
AR = @AR@
AUTOCONF = @AUTOCONF@
AUTOHEADER = @AUTOHEADER@
AUTOMAKE = @AUTOMAKE@
AWK = @AWK@
CC = @CC@
CCDEPMODE = @CCDEPMODE@
CFLAGS = @CFLAGS@
CP = @CP@
CPP = @CPP@
CPPFLAGS = @CPPFLAGS@
CUCUMBER = @CUCUMBER@
CUNIT_INCLUDES = @CUNIT_INCLUDES@
CUNIT_LIBS = @CUNIT_LIBS@
CYGPATH_W = @CYGPATH_W@
C_LIBS = @C_LIBS@
DB_HOST = @DB_HOST@
DB_INCLUDES = @DB_INCLUDES@
DB_LIBS = @DB_LIBS@
DB_NAME = @DB_NAME@
DB_PASS = @DB_PASS@
DB_PORT = @DB_PORT@
DB_TYPE = @DB_TYPE@
DB_USER = @DB_USER@
DEFS = @DEFS@
DEPDIR = @DEPDIR@
DLLTOOL = @DLLTOOL@
DOXYGEN_PAPER_SIZE = @DOXYGEN_PAPER_SIZE@
DSYMUTIL = @DSYMUTIL@
DUMPBIN = @DUMPBIN@
DX_CONFIG = @DX_CONFIG@
DX_DOCDIR = @DX_DOCDIR@
DX_DOT = @DX_DOT@
DX_DOXYGEN = @DX_DOXYGEN@
DX_DVIPS = @DX_DVIPS@
DX_EGREP = @DX_EGREP@
DX_ENV = @DX_ENV@
DX_FLAG_chi = @DX_FLAG_chi@
DX_FLAG_chm = @DX_FLAG_chm@
DX_FLAG_doc = @DX_FLAG_doc@
DX_FLAG_dot = @DX_FLAG_dot@
DX_FLAG_html = @DX_FLAG_html@
DX_FLAG_man = @DX_FLAG_man@
DX_FLAG_pdf = @DX_FLAG_pdf@
DX_FLAG_ps = @DX_FLAG_ps@
DX_FLAG_rtf = @DX_FLAG_rtf@
DX_FLAG_xml = @DX_FLAG_xml@
DX_HHC = @DX_HHC@
DX_LATEX = @DX_LATEX@
DX_MAKEINDEX = @DX_MAKEINDEX@
DX_PDFLATEX = @DX_PDFLATEX@
DX_PERL = @DX_PERL@
DX_PROJECT = @DX_PROJECT@
ECHO_C = @ECHO_C@
ECHO_N = @ECHO_N@
ECHO_T = @ECHO_T@
EGREP = @EGREP@
EXEEXT = @EXEEXT@
FGREP = @FGREP@
GREP = @GREP@
HAVE_SSL = @HAVE_SSL@
INSTALL = @INSTALL@
INSTALL_DATA = @INSTALL_DATA@
INSTALL_PROGRAM = @INSTALL_PROGRAM@
INSTALL_SCRIPT = @INSTALL_SCRIPT@
INSTALL_STRIP_PROGRAM = @INSTALL_STRIP_PROGRAM@
JAVA = @JAVA@
LD = @LD@
LDFLAGS = @LDFLAGS@
LDNS_CONFIG = @LDNS_CONFIG@
LDNS_INCLUDES = @LDNS_INCLUDES@
LDNS_LIBS = @LDNS_LIBS@
LIBOBJS = @LIBOBJS@
LIBS = @LIBS@
LIBTOOL = @LIBTOOL@
LIPO = @LIPO@
LN_S = @LN_S@
LTLIBOBJS = @LTLIBOBJS@
MAKEINFO = @MAKEINFO@
MANIFEST_TOOL = @MANIFEST_TOOL@
MKDIR_P = @MKDIR_P@
MYSQL = @MYSQL@
MYSQL_CONFIG = @MYSQL_CONFIG@
MYSQL_INCLUDES = @MYSQL_INCLUDES@
MYSQL_LIBS = @MYSQL_LIBS@
NM = @NM@
NMEDIT = @NMEDIT@
OBJDUMP = @OBJDUMP@
OBJEXT = @OBJEXT@
OPENDNSSEC_BIN_DIR = @OPENDNSSEC_BIN_DIR@
OPENDNSSEC_CONFIG_DIR = @OPENDNSSEC_CONFIG_DIR@
OPENDNSSEC_CONFIG_FILE = @OPENDNSSEC_CONFIG_FILE@
OPENDNSSEC_DATA_DIR = @OPENDNSSEC_DATA_DIR@
OPENDNSSEC_ENFORCER_PIDFILE = @OPENDNSSEC_ENFORCER_PIDFILE@
OPENDNSSEC_FETCH_PIDFILE = @OPENDNSSEC_FETCH_PIDFILE@
OPENDNSSEC_LIBEXEC_DIR = @OPENDNSSEC_LIBEXEC_DIR@
OPENDNSSEC_LIB_DIR = @OPENDNSSEC_LIB_DIR@
OPENDNSSEC_LOCALSTATE_DIR = @OPENDNSSEC_LOCALSTATE_DIR@
OPENDNSSEC_PID_DIR = @OPENDNSSEC_PID_DIR@
OPENDNSSEC_SBIN_DIR = @OPENDNSSEC_SBIN_DIR@
OPENDNSSEC_SCHEMA_DIR = @OPENDNSSEC_SCHEMA_DIR@
OPENDNSSEC_SIGNER_CLI = @OPENDNSSEC_SIGNER_CLI@
OPENDNSSEC_SIGNER_ENGINE = @OPENDNSSEC_SIGNER_ENGINE@
OPENDNSSEC_SIGNER_PIDFILE = @OPENDNSSEC_SIGNER_PIDFILE@
OPENDNSSEC_SIGNER_SOCKET = @OPENDNSSEC_SIGNER_SOCKET@
OPENDNSSEC_STATE_DIR = @OPENDNSSEC_STATE_DIR@
OPENDNSSEC_SYSCONF_DIR = @OPENDNSSEC_SYSCONF_DIR@
OTOOL = @OTOOL@
OTOOL64 = @OTOOL64@
PACKAGE = @PACKAGE@
PACKAGE_BUGREPORT = @PACKAGE_BUGREPORT@
PACKAGE_NAME = @PACKAGE_NAME@
PACKAGE_STRING = @PACKAGE_STRING@
PACKAGE_TARNAME = @PACKAGE_TARNAME@
PACKAGE_URL = @PACKAGE_URL@
PACKAGE_VERSION = @PACKAGE_VERSION@
PATH_SEPARATOR = @PATH_SEPARATOR@
PERL = @PERL@
PTHREAD_CC = @PTHREAD_CC@
PTHREAD_CFLAGS = @PTHREAD_CFLAGS@
PTHREAD_LIBS = @PTHREAD_LIBS@
RANLIB = @RANLIB@
RT_LIBS = @RT_LIBS@
SED = @SED@
SET_MAKE = @SET_MAKE@
SHELL = @SHELL@
SQLITE3 = @SQLITE3@
SQLITE3_INCLUDES = @SQLITE3_INCLUDES@
SQLITE3_LIBS = @SQLITE3_LIBS@
SSL_INCLUDES = @SSL_INCLUDES@
SSL_LIBS = @SSL_LIBS@
STRIP = @STRIP@
VERSION = @VERSION@
XML2_CONFIG = @XML2_CONFIG@
XML2_INCLUDES = @XML2_INCLUDES@
XML2_LIBS = @XML2_LIBS@
XMLLINT = @XMLLINT@
XSLTPROC = @XSLTPROC@
abs_builddir = @abs_builddir@
abs_srcdir = @abs_srcdir@
abs_top_builddir = @abs_top_builddir@
abs_top_srcdir = @abs_top_srcdir@
ac_ct_AR = @ac_ct_AR@
ac_ct_CC = @ac_ct_CC@
ac_ct_DUMPBIN = @ac_ct_DUMPBIN@
am__include = @am__include@
am__leading_dot = @am__leading_dot@
am__quote = @am__quote@
am__tar = @am__tar@
am__untar = @am__untar@
ax_pthread_config = @ax_pthread_config@
bindir = @bindir@
build = @build@
build_alias = @build_alias@
build_cpu = @build_cpu@
build_os = @build_os@
build_vendor = @build_vendor@
builddir = @builddir@
datadir = @datadir@
datarootdir = @datarootdir@
docdir = @docdir@
dvidir = @dvidir@
exec_prefix = @exec_prefix@
host = @host@
host_alias = @host_alias@
host_cpu = @host_cpu@
host_os = @host_os@
host_vendor = @host_vendor@
htmldir = @htmldir@
includedir = @includedir@
infodir = @infodir@
install_sh = @install_sh@
libdir = @libdir@
libexecdir = @libexecdir@
localedir = @localedir@
localstatedir = @localstatedir@
mandir = @mandir@
mkdir_p = @mkdir_p@
oldincludedir = @oldincludedir@
pdfdir = @pdfdir@
pkcs11_aepkeyper_module = @pkcs11_aepkeyper_module@
pkcs11_etoken_module = @pkcs11_etoken_module@
pkcs11_ncipher_module = @pkcs11_ncipher_module@
pkcs11_opensc_module = @pkcs11_opensc_module@
pkcs11_sca6000_module = @pkcs11_sca6000_module@
pkcs11_softhsm_module = @pkcs11_softhsm_module@
prefix = @prefix@
program_transform_name = @program_transform_name@
psdir = @psdir@
runstatedir = @runstatedir@
sbindir = @sbindir@
sharedstatedir = @sharedstatedir@
srcdir = @srcdir@
sysconfdir = @sysconfdir@
target_alias = @target_alias@
top_build_prefix = @top_build_prefix@
top_builddir = @top_builddir@
top_srcdir = @top_srcdir@
MAINTAINERCLEANFILES = $(srcdir)/Makefile.in
man8_MANS = ods-signer.8 ods-signerd.8 ods-getconf.8
all: all-am
.SUFFIXES:
$(srcdir)/Makefile.in: $(srcdir)/Makefile.am $(am__configure_deps)
@for dep in $?; do \
case '$(am__configure_deps)' in \
*$$dep*) \
( cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh ) \
&& { if test -f $@; then exit 0; else break; fi; }; \
exit 1;; \
esac; \
done; \
echo ' cd $(top_srcdir) && $(AUTOMAKE) --foreign signer/man/Makefile'; \
$(am__cd) $(top_srcdir) && \
$(AUTOMAKE) --foreign signer/man/Makefile
Makefile: $(srcdir)/Makefile.in $(top_builddir)/config.status
@case '$?' in \
*config.status*) \
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh;; \
*) \
echo ' cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe)'; \
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@ $(am__depfiles_maybe);; \
esac;
$(top_builddir)/config.status: $(top_srcdir)/configure $(CONFIG_STATUS_DEPENDENCIES)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(top_srcdir)/configure: $(am__configure_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(ACLOCAL_M4): $(am__aclocal_m4_deps)
cd $(top_builddir) && $(MAKE) $(AM_MAKEFLAGS) am--refresh
$(am__aclocal_m4_deps):
ods-getconf.8: $(top_builddir)/config.status $(srcdir)/ods-getconf.8.in
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
ods-signer.8: $(top_builddir)/config.status $(srcdir)/ods-signer.8.in
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
ods-signerd.8: $(top_builddir)/config.status $(srcdir)/ods-signerd.8.in
cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
mostlyclean-libtool:
-rm -f *.lo
clean-libtool:
-rm -rf .libs _libs
install-man8: $(man8_MANS)
@$(NORMAL_INSTALL)
@list1='$(man8_MANS)'; \
list2=''; \
test -n "$(man8dir)" \
&& test -n "`echo $$list1$$list2`" \
|| exit 0; \
echo " $(MKDIR_P) '$(DESTDIR)$(man8dir)'"; \
$(MKDIR_P) "$(DESTDIR)$(man8dir)" || exit 1; \
{ for i in $$list1; do echo "$$i"; done; \
if test -n "$$list2"; then \
for i in $$list2; do echo "$$i"; done \
| sed -n '/\.8[a-z]*$$/p'; \
fi; \
} | while read p; do \
if test -f $$p; then d=; else d="$(srcdir)/"; fi; \
echo "$$d$$p"; echo "$$p"; \
done | \
sed -e 'n;s,.*/,,;p;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,' | \
sed 'N;N;s,\n, ,g' | { \
list=; while read file base inst; do \
if test "$$base" = "$$inst"; then list="$$list $$file"; else \
echo " $(INSTALL_DATA) '$$file' '$(DESTDIR)$(man8dir)/$$inst'"; \
$(INSTALL_DATA) "$$file" "$(DESTDIR)$(man8dir)/$$inst" || exit $$?; \
fi; \
done; \
for i in $$list; do echo "$$i"; done | $(am__base_list) | \
while read files; do \
test -z "$$files" || { \
echo " $(INSTALL_DATA) $$files '$(DESTDIR)$(man8dir)'"; \
$(INSTALL_DATA) $$files "$(DESTDIR)$(man8dir)" || exit $$?; }; \
done; }
uninstall-man8:
@$(NORMAL_UNINSTALL)
@list='$(man8_MANS)'; test -n "$(man8dir)" || exit 0; \
files=`{ for i in $$list; do echo "$$i"; done; \
} | sed -e 's,.*/,,;h;s,.*\.,,;s,^[^8][0-9a-z]*$$,8,;x' \
-e 's,\.[0-9a-z]*$$,,;$(transform);G;s,\n,.,'`; \
dir='$(DESTDIR)$(man8dir)'; $(am__uninstall_files_from_dir)
tags TAGS:
ctags CTAGS:
cscope cscopelist:
distdir: $(DISTFILES)
@srcdirstrip=`echo "$(srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
topsrcdirstrip=`echo "$(top_srcdir)" | sed 's/[].[^$$\\*]/\\\\&/g'`; \
list='$(DISTFILES)'; \
dist_files=`for file in $$list; do echo $$file; done | \
sed -e "s|^$$srcdirstrip/||;t" \
-e "s|^$$topsrcdirstrip/|$(top_builddir)/|;t"`; \
case $$dist_files in \
*/*) $(MKDIR_P) `echo "$$dist_files" | \
sed '/\//!d;s|^|$(distdir)/|;s,/[^/]*$$,,' | \
sort -u` ;; \
esac; \
for file in $$dist_files; do \
if test -f $$file || test -d $$file; then d=.; else d=$(srcdir); fi; \
if test -d $$d/$$file; then \
dir=`echo "/$$file" | sed -e 's,/[^/]*$$,,'`; \
if test -d "$(distdir)/$$file"; then \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
if test -d $(srcdir)/$$file && test $$d != $(srcdir); then \
cp -fpR $(srcdir)/$$file "$(distdir)$$dir" || exit 1; \
find "$(distdir)/$$file" -type d ! -perm -700 -exec chmod u+rwx {} \;; \
fi; \
cp -fpR $$d/$$file "$(distdir)$$dir" || exit 1; \
else \
test -f "$(distdir)/$$file" \
|| cp -p $$d/$$file "$(distdir)/$$file" \
|| exit 1; \
fi; \
done
check-am: all-am
check: check-am
all-am: Makefile $(MANS)
installdirs:
for dir in "$(DESTDIR)$(man8dir)"; do \
test -z "$$dir" || $(MKDIR_P) "$$dir"; \
done
install: install-am
install-exec: install-exec-am
install-data: install-data-am
uninstall: uninstall-am
install-am: all-am
@$(MAKE) $(AM_MAKEFLAGS) install-exec-am install-data-am
installcheck: installcheck-am
install-strip:
if test -z '$(STRIP)'; then \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
install; \
else \
$(MAKE) $(AM_MAKEFLAGS) INSTALL_PROGRAM="$(INSTALL_STRIP_PROGRAM)" \
install_sh_PROGRAM="$(INSTALL_STRIP_PROGRAM)" INSTALL_STRIP_FLAG=-s \
"INSTALL_PROGRAM_ENV=STRIPPROG='$(STRIP)'" install; \
fi
mostlyclean-generic:
clean-generic:
distclean-generic:
-test -z "$(CONFIG_CLEAN_FILES)" || rm -f $(CONFIG_CLEAN_FILES)
-test . = "$(srcdir)" || test -z "$(CONFIG_CLEAN_VPATH_FILES)" || rm -f $(CONFIG_CLEAN_VPATH_FILES)
maintainer-clean-generic:
@echo "This command is intended for maintainers to use"
@echo "it deletes files that may require special tools to rebuild."
-test -z "$(MAINTAINERCLEANFILES)" || rm -f $(MAINTAINERCLEANFILES)
clean: clean-am
clean-am: clean-generic clean-libtool mostlyclean-am
distclean: distclean-am
-rm -f Makefile
distclean-am: clean-am distclean-generic
dvi: dvi-am
dvi-am:
html: html-am
html-am:
info: info-am
info-am:
install-data-am: install-man
install-dvi: install-dvi-am
install-dvi-am:
install-exec-am:
install-html: install-html-am
install-html-am:
install-info: install-info-am
install-info-am:
install-man: install-man8
install-pdf: install-pdf-am
install-pdf-am:
install-ps: install-ps-am
install-ps-am:
installcheck-am:
maintainer-clean: maintainer-clean-am
-rm -f Makefile
maintainer-clean-am: distclean-am maintainer-clean-generic
mostlyclean: mostlyclean-am
mostlyclean-am: mostlyclean-generic mostlyclean-libtool
pdf: pdf-am
pdf-am:
ps: ps-am
ps-am:
uninstall-am: uninstall-man
uninstall-man: uninstall-man8
.MAKE: install-am install-strip
.PHONY: all all-am check check-am clean clean-generic clean-libtool \
cscopelist-am ctags-am distclean distclean-generic \
distclean-libtool distdir dvi dvi-am html html-am info info-am \
install install-am install-data install-data-am install-dvi \
install-dvi-am install-exec install-exec-am install-html \
install-html-am install-info install-info-am install-man \
install-man8 install-pdf install-pdf-am install-ps \
install-ps-am install-strip installcheck installcheck-am \
installdirs maintainer-clean maintainer-clean-generic \
mostlyclean mostlyclean-generic mostlyclean-libtool pdf pdf-am \
ps ps-am tags-am uninstall uninstall-am uninstall-man \
uninstall-man8
.PRECIOUS: Makefile
# Tell versions [3.59,3.63) of GNU make to not export all variables.
# Otherwise a system limit (for SysV at least) may be exceeded.
.NOEXPORT:
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/man/ods-signerd.8.in��������������������������������������������������������0000644�0001750�0001750�00000002313�12650165732�015573� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������.TH "ods-signerd" "8" "February 2012" "OpenDNSSEC" "OpenDNSSEC ods-signerd"
.SH "NAME"
.LP
.B ods\-signerd
\- OpenDNSSEC Signer Engine daemon
.SH "SYNOPSIS"
.LP
.B ods\-signerd
.RB [ \-1 ]
.RB [ \-c
.IR FILE ]
.RB [ \-d ]
.RB [ \-h ]
.RB [ \-i ]
.RB [ \-v ]
.RB [ \-V ]
.P
.SH "DESCRIPTION"
.LP
ods\-signerd is part of the OpenDNSSEC software. It will keep your DNS zones
continuous signed. For more information, go to
.B http://www.opendnssec.org
and visit the Documentation page.
.P
.SH "OPTIONS"
.LP
.TP
.B \-1
Run signer engine once, then exit (for debugging purposes).
.TP
.B \-c\fI FILE
Read configuration from file, instead of using the default.
.TP
.B \-d
Run daemon in foreground.
.TP
.B \-h
Show this help.
.TP
.B \-i
Print configuration and exit (for debugging purposes).
.TP
.B \-v
Increase verbosity.
.TP
.B \-V
Show version and exit.
.P
.SH "DIAGNOSTICS"
.LP
will log all the problems via standard syslog(8).
.SH "SEE ALSO"
.LP
ods\-control(8), ods\-enforcerd(8), ods\-hsmspeed(1),
ods\-hsmutil(1), ods\-kaspcheck(1), ods\-ksmutil(1), ods\-signer(8),
ods\-timing(5), opendnssec(7),
.B http://www.opendnssec.org/
.SH "AUTHORS"
.LP
.B ods\-signerd
was written by NLnet Labs as part of the OpenDNSSEC project.
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/������������������������������������������������������������������������0000755�0001750�0001750�00000000000�12650166152�012751� 5����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/Makefile.am�������������������������������������������������������������0000644�0001750�0001750�00000015724�12650165732�014741� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������MAINTAINERCLEANFILES = $(srcdir)/Makefile.in
LIBHSM = ${top_builddir}/libhsm/src/lib/libhsm.a
LIBCOMPAT = ${top_builddir}/common/libcompat.a
AM_CPPFLAGS = \
-I$(top_srcdir)/common \
-I$(top_builddir)/common \
-I$(top_srcdir)/libhsm/src/lib \
@SSL_INCLUDES@ \
@XML2_INCLUDES@ \
@LDNS_INCLUDES@
signerdir = @libdir@/opendnssec/signer
sbin_PROGRAMS = ods-signerd ods-signer
bin_PROGRAMS = ods-getconf
ods_signerd_SOURCES= ods-signerd.c \
adapter/adapi.c adapter/adapi.h \
adapter/adapter.c adapter/adapter.h \
adapter/addns.c adapter/addns.h \
adapter/adfile.c adapter/adfile.h \
adapter/adutil.c adapter/adutil.h \
daemon/cfg.c daemon/cfg.h \
daemon/cmdhandler.c daemon/cmdhandler.h \
daemon/dnshandler.c daemon/dnshandler.h \
daemon/xfrhandler.c daemon/xfrhandler.h \
daemon/engine.c daemon/engine.h \
daemon/signal.c daemon/signal.h \
daemon/worker.c daemon/worker.h \
parser/addnsparser.c parser/addnsparser.h \
parser/confparser.c parser/confparser.h \
parser/signconfparser.c parser/signconfparser.h \
parser/zonelistparser.c parser/zonelistparser.h \
scheduler/fifoq.c scheduler/fifoq.h \
scheduler/schedule.c scheduler/schedule.h \
scheduler/task.c scheduler/task.h \
shared/allocator.c shared/allocator.h \
shared/duration.c shared/duration.h \
shared/file.c shared/file.h \
shared/hsm.c shared/hsm.h \
shared/locks.c shared/locks.h \
shared/log.c shared/log.h \
shared/privdrop.c shared/privdrop.h \
shared/status.c shared/status.h \
shared/util.c shared/util.h \
signer/backup.c signer/backup.h \
signer/denial.c signer/denial.h \
signer/domain.c signer/domain.h \
signer/ixfr.c signer/ixfr.h \
signer/keys.c signer/keys.h \
signer/namedb.c signer/namedb.h \
signer/nsec3params.c signer/nsec3params.h \
signer/rrset.c signer/rrset.h \
signer/signconf.c signer/signconf.h \
signer/stats.c signer/stats.h \
signer/tools.c signer/tools.h \
signer/zone.c signer/zone.h \
signer/zonelist.c signer/zonelist.h \
wire/acl.c wire/acl.h \
wire/axfr.c wire/axfr.h \
wire/buffer.c wire/buffer.h \
wire/edns.c wire/edns.h \
wire/listener.c wire/listener.h \
wire/netio.c wire/netio.h \
wire/notify.c wire/notify.h \
wire/query.c wire/query.h \
wire/sock.c wire/sock.h \
wire/tcpset.c wire/tcpset.h \
wire/tsig.c wire/tsig.h \
wire/tsig-openssl.c wire/tsig-openssl.h \
wire/xfrd.c wire/xfrd.h
ods_signerd_LDADD= $(LIBHSM)
ods_signerd_LDADD+= $(LIBCOMPAT)
ods_signerd_LDADD+= @LDNS_LIBS@ @XML2_LIBS@ @PTHREAD_LIBS@ @RT_LIBS@ @SSL_LIBS@ @C_LIBS@
ods_signer_SOURCES= ods-signer.c \
adapter/adapi.c adapter/adapi.h \
adapter/adapter.c adapter/adapter.h \
adapter/addns.c adapter/addns.h \
adapter/adfile.c adapter/adfile.h \
adapter/adutil.c adapter/adutil.h \
daemon/cfg.c daemon/cfg.h \
daemon/cmdhandler.c daemon/cmdhandler.h \
daemon/dnshandler.c daemon/dnshandler.h \
daemon/xfrhandler.c daemon/xfrhandler.h \
daemon/engine.c daemon/engine.h \
daemon/signal.c daemon/signal.h \
daemon/worker.c daemon/worker.h \
parser/addnsparser.c parser/addnsparser.h \
parser/confparser.c parser/confparser.h \
parser/signconfparser.c parser/signconfparser.h \
parser/zonelistparser.c parser/zonelistparser.h \
scheduler/fifoq.c scheduler/fifoq.h \
scheduler/schedule.c scheduler/schedule.h \
scheduler/task.c scheduler/task.h \
shared/allocator.c shared/allocator.h \
shared/duration.c shared/duration.h \
shared/file.c shared/file.h \
shared/hsm.c shared/hsm.h \
shared/locks.c shared/locks.h \
shared/log.c shared/log.h \
shared/privdrop.c shared/privdrop.h \
shared/status.c shared/status.h \
shared/util.c shared/util.h \
signer/backup.c signer/backup.h \
signer/denial.c signer/denial.h \
signer/domain.c signer/domain.h \
signer/ixfr.c signer/ixfr.h \
signer/keys.c signer/keys.h \
signer/namedb.c signer/namedb.h \
signer/nsec3params.c signer/nsec3params.h \
signer/rrset.c signer/rrset.h \
signer/signconf.c signer/signconf.h \
signer/stats.c signer/stats.h \
signer/tools.c signer/tools.h \
signer/zone.c signer/zone.h \
signer/zonelist.c signer/zonelist.h \
wire/acl.c wire/acl.h \
wire/axfr.c wire/axfr.h \
wire/buffer.c wire/buffer.h \
wire/edns.c wire/edns.h \
wire/listener.c wire/listener.h \
wire/netio.c wire/netio.h \
wire/notify.c wire/notify.h \
wire/query.c wire/query.h \
wire/sock.c wire/sock.h \
wire/tcpset.c wire/tcpset.h \
wire/tsig.c wire/tsig.h \
wire/tsig-openssl.c wire/tsig-openssl.h \
wire/xfrd.c wire/xfrd.h
ods_signer_LDADD= $(LIBHSM)
ods_signer_LDADD+= @LDNS_LIBS@ @XML2_LIBS@ @RT_LIBS@
ods_signer_LDADD+= $(LIBCOMPAT)
ods_getconf_SOURCES= ods-getconf.c \
adapter/adapi.c adapter/adapi.h \
adapter/adapter.c adapter/adapter.h \
adapter/addns.c adapter/addns.h \
adapter/adfile.c adapter/adfile.h \
adapter/adutil.c adapter/adutil.h \
daemon/cfg.c daemon/cfg.h \
daemon/cmdhandler.c daemon/cmdhandler.h \
daemon/dnshandler.c daemon/dnshandler.h \
daemon/xfrhandler.c daemon/xfrhandler.h \
daemon/engine.c daemon/engine.h \
daemon/signal.c daemon/signal.h \
daemon/worker.c daemon/worker.h \
parser/addnsparser.c parser/addnsparser.h \
parser/confparser.c parser/confparser.h \
parser/signconfparser.c parser/signconfparser.h \
parser/zonelistparser.c parser/zonelistparser.h \
scheduler/fifoq.c scheduler/fifoq.h \
scheduler/schedule.c scheduler/schedule.h \
scheduler/task.c scheduler/task.h \
shared/allocator.c shared/allocator.h \
shared/duration.c shared/duration.h \
shared/file.c shared/file.h \
shared/hsm.c shared/hsm.h \
shared/locks.c shared/locks.h \
shared/log.c shared/log.h \
shared/privdrop.c shared/privdrop.h \
shared/status.c shared/status.h \
shared/util.c shared/util.h \
signer/backup.c signer/backup.h \
signer/denial.c signer/denial.h \
signer/domain.c signer/domain.h \
signer/ixfr.c signer/ixfr.h \
signer/keys.c signer/keys.h \
signer/namedb.c signer/namedb.h \
signer/nsec3params.c signer/nsec3params.h \
signer/rrset.c signer/rrset.h \
signer/signconf.c signer/signconf.h \
signer/stats.c signer/stats.h \
signer/tools.c signer/tools.h \
signer/zone.c signer/zone.h \
signer/zonelist.c signer/zonelist.h \
wire/acl.c wire/acl.h \
wire/axfr.c wire/axfr.h \
wire/buffer.c wire/buffer.h \
wire/edns.c wire/edns.h \
wire/listener.c wire/listener.h \
wire/netio.c wire/netio.h \
wire/notify.c wire/notify.h \
wire/query.c wire/query.h \
wire/sock.c wire/sock.h \
wire/tcpset.c wire/tcpset.h \
wire/tsig.c wire/tsig.h \
wire/tsig-openssl.c wire/tsig-openssl.h \
wire/xfrd.c wire/xfrd.h
ods_getconf_LDADD= $(LIBHSM)
ods_getconf_LDADD+= @LDNS_LIBS@ @XML2_LIBS@ @RT_LIBS@
ods_getconf_LDADD+= $(LIBCOMPAT)
��������������������������������������������opendnssec-1.4.9/signer/src/ods-signerd.c�����������������������������������������������������������0000644�0001750�0001750�00000011652�12650165732�015263� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* OpenDNSSEC signer engine daemon.
*
*/
#include "config.h"
#include "daemon/engine.h"
#include
#include
#include
#define AUTHOR_NAME "Matthijs Mekking"
#define COPYRIGHT_STR "Copyright (C) 2008-2010 NLnet Labs OpenDNSSEC"
/**
* Prints usage.
*
*/
static void
usage(FILE* out)
{
fprintf(out, "Usage: %s [OPTIONS]\n", "ods-signerd");
fprintf(out, "Start the OpenDNSSEC signer engine daemon.\n\n");
fprintf(out, "Supported options:\n");
fprintf(out, " -c | --config Read configuration from file.\n");
fprintf(out, " -d | --no-daemon Do not daemonize the signer "
"engine.\n");
fprintf(out, " -1 | --single-run Run once, then exit.\n");
fprintf(out, " -h | --help Show this help and exit.\n");
fprintf(out, " -i | --info Print configuration and exit.\n");
fprintf(out, " -v | --verbose Increase verbosity.\n");
fprintf(out, " -V | --version Show version and exit.\n");
fprintf(out, "\nBSD licensed, see LICENSE in source package for "
"details.\n");
fprintf(out, "Version %s. Report bugs to <%s>.\n",
PACKAGE_VERSION, PACKAGE_BUGREPORT);
}
/**
* Prints version.
*
*/
static void
version(FILE* out)
{
fprintf(out, "%s version %s\n", PACKAGE_NAME, PACKAGE_VERSION);
fprintf(out, "Written by %s.\n\n", AUTHOR_NAME);
fprintf(out, "%s. This is free software.\n", COPYRIGHT_STR);
fprintf(out, "See source files for more license information\n");
exit(0);
}
/**
* Main. start engine and run it.
*
*/
int
main(int argc, char* argv[])
{
int c;
int options_index = 0;
int info = 0;
int single_run = 0;
int daemonize = 1;
int cmdline_verbosity = 0;
const char* cfgfile = ODS_SE_CFGFILE;
static struct option long_options[] = {
{"single-run", no_argument, 0, '1'},
{"config", required_argument, 0, 'c'},
{"no-daemon", no_argument, 0, 'd'},
{"help", no_argument, 0, 'h'},
{"info", no_argument, 0, 'i'},
{"verbose", no_argument, 0, 'v'},
{"version", no_argument, 0, 'V'},
{ 0, 0, 0, 0}
};
/* parse the commandline */
while ((c=getopt_long(argc, argv, "1c:dhivV",
long_options, &options_index)) != -1) {
switch (c) {
case '1':
single_run = 1;
break;
case 'c':
cfgfile = optarg;
break;
case 'd':
daemonize = 0;
break;
case 'h':
usage(stdout);
exit(0);
break;
case 'i':
info = 1;
break;
case 'v':
cmdline_verbosity++;
break;
case 'V':
version(stdout);
exit(0);
break;
default:
usage(stderr);
exit(2);
break;
}
}
argc -= optind;
argv += optind;
if (argc != 0) {
usage(stderr);
exit(2);
}
#ifdef ENFORCER_TIMESHIFT
if (getenv("ENFORCER_TIMESHIFT")) {
fprintf(stdout, "WARNING: timeshift %s detected, running once only\n",
getenv("ENFORCER_TIMESHIFT"));
single_run = 1;
} else {
fprintf(stdout, "DEBUG: timeshift mode enabled, but not set.\n");
}
#endif /* ENFORCER_TIMESHIFT */
/* main stuff */
fprintf(stdout, "OpenDNSSEC signer engine version %s\n", PACKAGE_VERSION);
engine_start(cfgfile, cmdline_verbosity, daemonize, info, single_run);
/* done */
return 0;
}
��������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/shared/�����������������������������������������������������������������0000755�0001750�0001750�00000000000�12650166152�014217� 5����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/shared/hsm.h������������������������������������������������������������0000644�0001750�0001750�00000005363�12650165732�015111� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Hardware Security Module support.
*
*/
#ifndef SHARED_HSM_H
#define SHARED_HSM_H
#include "config.h"
#include "shared/status.h"
#include "signer/keys.h"
#include
#include
#include
#include
#include
/**
* Open HSM.
* \param[in] filename the configuration filename
* \return int hsm status
*
*/
int lhsm_open(const char* filename);
/**
* Reopen HSM.
* \param[in] filename the configuration filename
* \return int hsm status
*
*/
int lhsm_reopen(const char* filename);
/**
* Check the HSM connection, reload engine if necessary.
* \param[in] engine signer engine.
*
*/
void lhsm_check_connection(void* engine);
/**
* Get key from one of the HSMs, store the DNSKEY and HSM key.
* \param[in] ctx HSM context
* \param[in] owner the zone owner name
* \param[in] key_id key credentials
* \return ods_status status
*
*/
ods_status lhsm_get_key(hsm_ctx_t* ctx, ldns_rdf* owner, key_type* key_id);
/**
* Get RRSIG from one of the HSMs, given a RRset and a key.
* \param[in] ctx HSM context
* \param[in] rrset RRset to be signed
* \param[in] key_id key credentials
* \param[in] owner owner of the keys
* \param[in] inception signature inception
* \param[in] expiration signature expiration
* \return ldns_rr* RRSIG record
*
*/
ldns_rr* lhsm_sign(hsm_ctx_t* ctx, ldns_rr_list* rrset, key_type* key_id,
ldns_rdf* owner, time_t inception, time_t expiration);
#endif /* SHARED_HSM_H */
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/shared/allocator.c������������������������������������������������������0000644�0001750�0001750�00000007057�12650165732�016277� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2010-2011 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Memory management.
*
*/
#include "config.h"
#include "shared/allocator.h"
#include "shared/log.h"
#include
#include
static const char* allocator_str = "allocator";
/**
* Create allocator.
*
*/
allocator_type*
allocator_create(void *(*allocator)(size_t size), void (*deallocator)(void *))
{
allocator_type* result =
(allocator_type*) allocator(sizeof(allocator_type));
if (!result) {
ods_log_error("[%s] failed to create allocator", allocator_str);
return NULL;
}
result->allocator = allocator;
result->deallocator = deallocator;
return result;
}
/**
* Allocate memory.
*
*/
void*
allocator_alloc(allocator_type* allocator, size_t size)
{
void* result;
ods_log_assert(allocator);
/* align size */
if (size == 0) {
size = 1;
}
result = allocator->allocator(size);
if (!result) {
ods_fatal_exit("[%s] allocator failed: out of memory", allocator_str);
return NULL;
}
return result;
}
/**
* Allocate memory and initialize to zero.
*
*/
void*
allocator_alloc_zero(allocator_type *allocator, size_t size)
{
void *result = allocator_alloc(allocator, size);
if (!result) {
return NULL;
}
memset(result, 0, size);
return result;
}
/**
* Allocate memory and initialize with data.
*
*/
void*
allocator_alloc_init(allocator_type *allocator, size_t size, const void *init)
{
void *result = allocator_alloc(allocator, size);
if (!result) {
return NULL;
}
memcpy(result, init, size);
return result;
}
/**
* Duplicate string.
*
*/
char*
allocator_strdup(allocator_type *allocator, const char *string)
{
if (!string) {
return NULL;
}
return (char*) allocator_alloc_init(allocator, strlen(string) + 1, string);
}
/**
* Deallocate memory.
*
*/
void
allocator_deallocate(allocator_type *allocator, void* data)
{
ods_log_assert(allocator);
if (!data) {
return;
}
allocator->deallocator(data);
return;
}
/**
* Cleanup allocator.
*
*/
void
allocator_cleanup(allocator_type *allocator)
{
void (*deallocator)(void *);
if (!allocator) {
return;
}
deallocator = allocator->deallocator;
deallocator(allocator);
return;
}
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/shared/privdrop.c�������������������������������������������������������0000644�0001750�0001750�00000021506�12650165732�016157� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 Nominet UK. All rights reserved.
*
* Based heavily on uidswap.c from openssh-5.2p1
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
*
* Privileges.
*/
#define _GNU_SOURCE /* defines for setres{g|u}id */
#include "config.h"
#include "shared/log.h"
#include "shared/privdrop.h"
#include "shared/status.h"
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#ifndef _SC_GETPW_R_SIZE_MAX
#define _SC_GETPW_R_SIZE_MAX 16384
#endif /* _SC_GETPW_R_SIZE_MAX */
#ifndef _SC_GETGR_R_SIZE_MAX
#define _SC_GETGR_R_SIZE_MAX 16384
#endif /* _SC_GETGR_R_SIZE_MAX */
static const char* privdrop_str = "privdrop";
/**
* Get the user identifier from the username.
*
*/
uid_t
privuid(const char* username)
{
struct passwd pwd;
struct passwd* result;
long bufsize;
char* buf;
uid_t uid;
int s;
uid = geteuid();
if (username) {
bufsize = sysconf(_SC_GETPW_R_SIZE_MAX);
if (bufsize == -1) {
bufsize = 16384; /* should be more than enough */
}
buf = (char*) calloc(bufsize, sizeof(char));
if (!buf) {
ods_log_error("[%s] calloc failed: out of memory?", privdrop_str);
return -1;
}
/* Lookup the user id in /etc/passwd */
s = getpwnam_r(username, &pwd, buf, bufsize, &result); /* LEAK */
if (s) {
ods_log_error("[%s] unable to get user id for %s: %s",
privdrop_str, username, strerror(s));
}
if (result != NULL) {
uid = pwd.pw_uid;
}
free((void*) buf);
} else {
uid = -1;
}
return uid;
}
/**
* Get the group identifier from the group name.
*
*/
gid_t
privgid(const char *groupname)
{
struct group grp;
struct group* result;
long bufsize;
char* buf;
gid_t gid;
int s;
gid = getegid();
if (groupname) {
bufsize = sysconf(_SC_GETGR_R_SIZE_MAX);
if (bufsize == -1) {
bufsize = 16384; /* should be more than enough */
}
buf = (char*) calloc(bufsize, sizeof(char));
if (!buf) {
ods_log_error("[%s] calloc failed: out of memory?", privdrop_str);
return -1;
}
/* Lookup the group id in /etc/group */
s = getgrnam_r(groupname, &grp, buf, bufsize, &result); /* LEAK */
if (s) {
ods_log_error("[%s] unable to get group id for %s: %s",
privdrop_str, groupname, strerror(s));
}
if (result != NULL) {
gid = grp.gr_gid;
}
free((void*) buf);
} else {
gid = -1;
}
return gid;
}
/**
* Drop privileges.
*
*/
ods_status
privdrop(const char *username, const char *groupname, const char *newroot,
uid_t* puid, gid_t* pgid)
{
int status;
uid_t uid, olduid;
gid_t gid;
long ngroups_max;
gid_t *final_groups;
int final_group_len = -1;
/* Save effective uid/gid */
uid = olduid = geteuid();
gid = getegid();
/* Check if we're going to drop uid */
if (username) {
uid = privuid(username);
if (uid == (uid_t)-1) {
ods_log_error("[%s] user %s does not exist", privdrop_str,
username);
return ODS_STATUS_PRIVDROP_ERR;
}
}
/* Check if we're going to drop gid */
if (groupname) {
gid = privgid(groupname);
if (gid == (gid_t)-1) {
ods_log_error("[%s] group %s does not exist", privdrop_str,
groupname);
return ODS_STATUS_PRIVDROP_ERR;
}
}
/* Change root if requested */
if (newroot) {
#ifdef HAVE_CHROOT
status = chroot(newroot);
if (status != 0 || chdir("/") != 0) {
ods_log_error("[%s] chroot to %s failed: %.100s", privdrop_str,
newroot, strerror(errno));
return ODS_STATUS_CHROOT_ERR;
}
#else
ods_log_error("[%s] chroot to %s failed: !HAVE_CHROOT", privdrop_str,
newroot);
return ODS_STATUS_CHROOT_ERR;
#endif /* HAVE_CHROOT */
}
/* Do additional groups first */
if (username != NULL && !olduid) {
#ifdef HAVE_INITGROUPS
if (initgroups(username, gid) < 0) {
ods_log_error("[%s] initgroups failed: %s: %.100s", privdrop_str,
username, strerror(errno));
return ODS_STATUS_PRIVDROP_ERR;
}
#else
ods_log_error("initgroups failed: %s: !HAVE_INITGROUPS", username);
return ODS_STATUS_PRIVDROP_ERR;
#endif /* HAVE_INITGROUPS */
ngroups_max = sysconf(_SC_NGROUPS_MAX) + 1;
final_groups = (gid_t *)malloc(ngroups_max *sizeof(gid_t));
if (!final_groups) {
return ODS_STATUS_MALLOC_ERR;
}
#if defined(HAVE_GETGROUPS) && defined(HAVE_SETGROUPS)
final_group_len = getgroups(ngroups_max, final_groups);
/* If we are root then drop all groups other than the final one */
if (!olduid) {
setgroups(final_group_len, final_groups);
}
#endif /* defined(HAVE_GETGROUPS) && defined(HAVE_SETGROUPS) */
free((void*)final_groups);
}
else {
/* If we are root then drop all groups other than the final one */
#if defined(HAVE_SETGROUPS)
if (!olduid) setgroups(1, &(gid));
#endif /* defined(HAVE_SETGROUPS) */
}
/* Drop gid? */
if (groupname) {
#if defined(HAVE_SETRESGID) && !defined(BROKEN_SETRESGID)
status = setresgid(gid, gid, gid);
#elif defined(HAVE_SETREGID) && !defined(BROKEN_SETREGID)
status = setregid(gid, gid);
#else
# ifndef SETEUID_BREAKS_SETUID
status = setegid(gid);
if (status != 0) {
ods_log_error("[%s] setegid() for %s (%lu) failed: %s",
privdrop_str, groupname, (unsigned long) gid, strerror(errno));
return ODS_STATUS_PRIVDROP_ERR;
}
# endif /* SETEUID_BREAKS_SETUID */
status = setgid(gid);
#endif
if (status != 0) {
ods_log_error("[%s] setgid() for %s (%lu) failed: %s",
privdrop_str, groupname, (unsigned long) gid, strerror(errno));
return ODS_STATUS_PRIVDROP_ERR;
} else {
ods_log_debug("[%s] group set to %s (%lu)", privdrop_str,
groupname, (unsigned long) gid);
}
}
/* Drop uid? */
if (username) {
/* Set the user to drop to if specified; else just set the uid as the real one */
#if defined(HAVE_SETRESUID) && !defined(BROKEN_SETRESUID)
status = setresuid(uid, uid, uid);
#elif defined(HAVE_SETREUID) && !defined(BROKEN_SETREUID)
status = setreuid(uid, uid);
#else
# ifndef SETEUID_BREAKS_SETUID
status = seteuid(uid);
if (status != 0) {
ods_log_error("[%s] seteuid() for %s (%lu) failed: %s",
privdrop_str, username, (unsigned long) uid, strerror(errno));
return ODS_STATUS_PRIVDROP_ERR;
}
# endif /* SETEUID_BREAKS_SETUID */
status = setuid(uid);
#endif
if (status != 0) {
ods_log_error("[%s] setuid() for %s (%lu) failed: %s",
privdrop_str, username, (unsigned long) uid, strerror(errno));
return ODS_STATUS_PRIVDROP_ERR;
} else {
ods_log_debug("[%s] user set to %s (%lu)", privdrop_str,
username, (unsigned long) uid);
}
}
*puid = uid;
*pgid = gid;
return ODS_STATUS_OK;
}
/**
* Close privdrop.
*
*/
void
privclose(const char* username, const char* groupname)
{
if (username) {
endpwent();
}
if (groupname) {
endgrent();
}
return;
}
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/shared/allocator.h������������������������������������������������������0000644�0001750�0001750�00000006115�12650165732�016276� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2010-2011 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Memory management.
*
*/
#ifndef SHARED_ALLOCATOR_H
#define SHARED_ALLOCATOR_H
#include "config.h"
#include
typedef struct allocator_struct allocator_type;
struct allocator_struct {
void* (*allocator)(size_t);
void (*deallocator)(void *);
};
/**
* Create allocator.
* \param[in] allocator function for allocating
* \param[in] deallocator function for deallocating
* \return allocator_type* allocator
*/
allocator_type* allocator_create(void *(*allocator)(size_t size),
void (*deallocator)(void *));
/**
* Allocate memory.
* \param[in] allocator the allocator
* \param[in] size size to allocate
* \return void* pointer to allocated memory
*/
void* allocator_alloc(allocator_type* allocator, size_t size);
/**
* Allocate memory and initialize to zero.
* \param[in] allocator the allocator
* \param[in] size size to allocate
* \return void* pointer to allocated memory
*/
void* allocator_alloc_zero(allocator_type* allocator, size_t size);
/**
* Allocate memory and initialize with data.
* \param[in] allocator the allocator
* \param[in] size size to allocate
* \param[in] init initialized data
* \return void* pointer to allocated memory
*
*/
void* allocator_alloc_init(allocator_type *allocator, size_t size,
const void* init);
/**
* Duplicate string.
* \param[in] allocator the allocator
* \param[in] string
* \return char* duplicated string
*
*/
char* allocator_strdup(allocator_type *allocator, const char *string);
/**
* Deallocate memory.
* \param[in] allocator the allocator
* \param[in] data memory to deallocate
*
*/
void allocator_deallocate(allocator_type* allocator, void* data);
/**
* Cleanup allocator.
* \param[in] allocator the allocator
*
*/
void allocator_cleanup(allocator_type* allocator);
#endif /* SHARED_ALLOCATOR_H */
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/shared/util.c�����������������������������������������������������������0000644�0001750�0001750�00000025400�12650165732�015264� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
*
* Utility tools.
*/
#include "config.h"
#include "shared/file.h"
#include "shared/log.h"
#include "shared/util.h"
#include
#include
#include
#include
#include
#include
#include
static const char* util_str = "util";
/**
* Check if a RR is a DNSSEC RR (RRSIG, NSEC, NSEC3 or NSEC3PARAMS).
*
*/
int
util_is_dnssec_rr(ldns_rr* rr)
{
ldns_rr_type type = 0;
if (!rr) {
return 0;
}
type = ldns_rr_get_type(rr);
return (type == LDNS_RR_TYPE_RRSIG ||
type == LDNS_RR_TYPE_NSEC ||
type == LDNS_RR_TYPE_NSEC3 ||
type == LDNS_RR_TYPE_NSEC3PARAMS);
}
/**
* Compare SERIALs.
*
*/
int
util_serial_gt(uint32_t serial_new, uint32_t serial_old)
{
return DNS_SERIAL_GT(serial_new, serial_old);
}
/**
* Compare SOA RDATAs.
*
*/
int
util_soa_compare_rdata(ldns_rr* rr1, ldns_rr* rr2)
{
size_t i = 0;
size_t rdata_count = SE_SOA_RDATA_MINIMUM;
for (i = 0; i <= rdata_count; i++) {
if (i != SE_SOA_RDATA_SERIAL &&
ldns_rdf_compare(ldns_rr_rdf(rr1, i), ldns_rr_rdf(rr2, i)) != 0) {
return 1;
}
}
return 0;
}
/**
* Compare SOA RRs.
*
*/
int
util_soa_compare(ldns_rr* rr1, ldns_rr* rr2)
{
size_t rr1_len = 0;
size_t rr2_len = 0;
size_t offset = 0;
if (!rr1 || !rr2) {
return 1;
}
rr1_len = ldns_rr_uncompressed_size(rr1);
rr2_len = ldns_rr_uncompressed_size(rr2);
if (ldns_dname_compare(ldns_rr_owner(rr1), ldns_rr_owner(rr2)) != 0) {
return 1;
}
if (ldns_rr_get_class(rr1) != ldns_rr_get_class(rr2)) {
return 1;
}
if (ldns_rr_get_type(rr1) != LDNS_RR_TYPE_SOA) {
return 1;
}
if (ldns_rr_get_type(rr1) != ldns_rr_get_type(rr2)) {
return 1;
}
if (offset > rr1_len || offset > rr2_len) {
if (rr1_len == rr2_len) {
return util_soa_compare_rdata(rr1, rr2);
}
return 1;
}
return util_soa_compare_rdata(rr1, rr2);
}
/**
* Compare RRs only on RDATA.
*
*/
ldns_status
util_dnssec_rrs_compare(ldns_rr* rr1, ldns_rr* rr2, int* cmp)
{
ldns_status status = LDNS_STATUS_OK;
size_t rr1_len;
size_t rr2_len;
ldns_buffer* rr1_buf;
ldns_buffer* rr2_buf;
if (!rr1 || !rr2) {
return LDNS_STATUS_ERR;
}
rr1_len = ldns_rr_uncompressed_size(rr1);
rr2_len = ldns_rr_uncompressed_size(rr2);
rr1_buf = ldns_buffer_new(rr1_len);
rr2_buf = ldns_buffer_new(rr2_len);
/* name, class and type should already be equal */
status = ldns_rr2buffer_wire_canonical(rr1_buf, rr1, LDNS_SECTION_ANY);
if (status != LDNS_STATUS_OK) {
ldns_buffer_free(rr1_buf);
ldns_buffer_free(rr2_buf);
/* critical */
return status;
}
status = ldns_rr2buffer_wire_canonical(rr2_buf, rr2, LDNS_SECTION_ANY);
if (status != LDNS_STATUS_OK) {
ldns_buffer_free(rr1_buf);
ldns_buffer_free(rr2_buf);
/* critical */
return status;
}
*cmp = ldns_rr_compare_wire(rr1_buf, rr2_buf);
ldns_buffer_free(rr1_buf);
ldns_buffer_free(rr2_buf);
return LDNS_STATUS_OK;
}
/**
* A more efficient ldns_dnssec_rrs_add_rr(), get rid of ldns_rr_compare().
*
*/
ldns_status
util_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr)
{
int cmp = 0;
ldns_dnssec_rrs *new_rrs = NULL;
ldns_status status = LDNS_STATUS_OK;
uint32_t rr_ttl = 0;
uint32_t default_ttl = 0;
if (!rrs || !rrs->rr || !rr) {
return LDNS_STATUS_ERR;
}
rr_ttl = ldns_rr_ttl(rr);
status = util_dnssec_rrs_compare(rrs->rr, rr, &cmp);
if (status != LDNS_STATUS_OK) {
/* critical */
return status;
}
if (cmp < 0) {
if (rrs->next) {
return util_dnssec_rrs_add_rr(rrs->next, rr);
} else {
new_rrs = ldns_dnssec_rrs_new();
new_rrs->rr = rr;
rrs->next = new_rrs;
default_ttl = ldns_rr_ttl(rrs->rr);
if (rr_ttl < default_ttl) {
ldns_rr_set_ttl(rrs->rr, rr_ttl);
} else {
ldns_rr_set_ttl(new_rrs->rr, default_ttl);
}
return LDNS_STATUS_OK;
}
} else if (cmp > 0) {
/* put the current old rr in the new next, put the new
rr in the current container */
new_rrs = ldns_dnssec_rrs_new();
new_rrs->rr = rrs->rr;
new_rrs->next = rrs->next;
rrs->rr = rr;
rrs->next = new_rrs;
default_ttl = ldns_rr_ttl(new_rrs->rr);
if (rr_ttl < default_ttl) {
ldns_rr_set_ttl(new_rrs->rr, rr_ttl);
} else {
ldns_rr_set_ttl(rrs->rr, default_ttl);
}
return LDNS_STATUS_OK;
} else {
/* should we error on equal? or free memory of rr */
ods_log_warning("[%s] adding duplicate RR?", util_str);
return LDNS_STATUS_NO_DATA;
}
return LDNS_STATUS_OK;
}
/**
* Read process id from file.
*
*/
static pid_t
util_read_pidfile(const char* file)
{
int fd;
pid_t pid;
char pidbuf[32];
char *t;
int l;
if ((fd = open(file, O_RDONLY)) == -1) {
return -1;
}
if (((l = read(fd, pidbuf, sizeof(pidbuf)))) == -1) {
close(fd);
return -1;
}
close(fd);
/* Empty pidfile means no pidfile... */
if (l == 0) {
errno = ENOENT;
return -1;
}
pid = (pid_t) strtol(pidbuf, &t, 10);
if (*t && *t != '\n') {
return -1;
}
return pid;
}
/**
* Check process id file.
*
*/
int
util_check_pidfile(const char* pidfile)
{
pid_t oldpid;
struct stat stat_ret;
/**
* If the file exists then either we didn't shutdown cleanly or
* a signer daemon is already running: in either case shutdown.
*/
if (stat(pidfile, &stat_ret) != 0) {
if (errno != ENOENT) {
ods_log_error("[%s] cannot stat pidfile %s: %s", util_str, pidfile,
strerror(errno));
} /* else: file does not exist: carry on */
} else {
if (S_ISREG(stat_ret.st_mode)) {
/** The pidfile exists already */
if ((oldpid = util_read_pidfile(pidfile)) == -1) {
/** Consider stale pidfile */
if (errno != ENOENT) {
ods_log_error("[%s] cannot read pidfile %s: %s", util_str,
pidfile, strerror(errno));
}
} else {
if (kill(oldpid, 0) == 0 || errno == EPERM) {
ods_log_crit("[%s] pidfile %s already exists, "
"a process with pid %u is already running. "
"If no ods-signerd process is running, a previous "
"instance didn't shutdown cleanly, please remove this "
"file and try again.", util_str, pidfile, oldpid);
return 0;
} else {
/** Consider state pidfile */
ods_log_warning("[%s] pidfile %s already exists, "
"but no process with pid %u is running. "
"A previous instance didn't shutdown cleanly, this "
"pidfile is stale.", util_str, pidfile, oldpid);
}
}
}
}
/** All good, carry on */
return 1;
}
/**
* Write process id to file.
*
*/
int
util_write_pidfile(const char* pidfile, pid_t pid)
{
FILE* fd;
char pidbuf[32];
size_t result = 0, size = 0;
ods_log_assert(pidfile);
ods_log_assert(pid);
ods_log_debug("[%s] writing pid %lu to pidfile %s", util_str,
(unsigned long) pid, pidfile);
snprintf(pidbuf, sizeof(pidbuf), "%lu\n", (unsigned long) pid);
fd = ods_fopen(pidfile, NULL, "w");
if (!fd) {
return -1;
}
size = strlen(pidbuf);
if (size == 0) {
result = 1;
} else {
result = fwrite((const void*) pidbuf, 1, size, fd);
}
if (result == 0) {
ods_log_error("[%s] write to pidfile %s failed: %s", util_str,
pidfile, strerror(errno));
} else if (result < size) {
ods_log_error("[%s] short write to pidfile %s: disk full?", util_str,
pidfile);
result = 0;
} else {
result = 1;
}
ods_fclose(fd);
if (!result) {
return -1;
}
return 0;
}
/**
* Print an LDNS RR, check status.
*
*/
ods_status
util_rr_print(FILE* fd, const ldns_rr* rr)
{
char* result = NULL;
ldns_buffer* tmp_buffer = NULL;
ods_status status = ODS_STATUS_OK;
if (!fd || !rr) {
return ODS_STATUS_ASSERT_ERR;
}
tmp_buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
if (!tmp_buffer) {
return ODS_STATUS_MALLOC_ERR;
}
if (ldns_rr2buffer_str_fmt(tmp_buffer, NULL, rr)
== LDNS_STATUS_OK) {
/* export and return string, destroy rest */
result = ldns_buffer2str(tmp_buffer);
if (result) {
fprintf(fd, "%s", result);
status = ODS_STATUS_OK;
LDNS_FREE(result);
} else {
fprintf(fd, "; Unable to convert rr to string\n");
status = ODS_STATUS_FWRITE_ERR;
}
} else {
status = ODS_STATUS_FWRITE_ERR;
}
ldns_buffer_free(tmp_buffer);
return status;
}
/**
* Calculates the size needed to store the result of b64_pton.
*
*/
size_t
util_b64_pton_calculate_size(size_t srcsize)
{
return (((((srcsize + 3) / 4) * 3)) + 1);
}
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/shared/locks.h����������������������������������������������������������0000644�0001750�0001750�00000010316�12650165732�015427� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Threading and locking.
*
*/
#ifndef SCHEDULER_LOCKS_H
#define SCHEDULER_LOCKS_H
#include "config.h"
#include "shared/log.h"
#include
#include
#define LOCKRET(func) do { \
int err; \
if ( (err=(func)) != 0) \
ods_log_error("%s at %d could not " #func ": %s", \
__FILE__, __LINE__, strerror(err)); \
} while(0)
#if defined(HAVE_PTHREAD)
#include
/** ods-signerd will crash if the thread stacksize is too small */
#define ODS_MINIMUM_STACKSIZE 524288
/** use pthread mutex for basic lock */
typedef pthread_mutex_t lock_basic_type;
/** use pthread cond for basic condition */
typedef pthread_cond_t cond_basic_type;
/** small front for pthread init func, NULL is default attrs. */
#define lock_basic_init(lock) LOCKRET(pthread_mutex_init(lock, NULL))
#define lock_basic_destroy(lock) LOCKRET(pthread_mutex_destroy(lock))
#define lock_basic_lock(lock) LOCKRET(pthread_mutex_lock(lock))
#define lock_basic_unlock(lock) LOCKRET(pthread_mutex_unlock(lock))
/** our own alarm clock */
#define lock_basic_set(cond) LOCKRET(pthread_cond_init(cond, NULL))
#define lock_basic_sleep(cond, lock, sleep) LOCKRET(ods_thread_wait(cond, lock, sleep))
#define lock_basic_alarm(cond) LOCKRET(pthread_cond_signal(cond))
#define lock_basic_broadcast(cond) LOCKRET(pthread_cond_broadcast(cond))
#define lock_basic_off(cond) LOCKRET(pthread_cond_destroy(cond))
int ods_thread_wait(cond_basic_type* cond, lock_basic_type* lock, time_t wait);
/** thread creation */
typedef pthread_t ods_thread_type;
/** Pass where to store tread_t in thr. */
#define ods_thread_detach(thr) LOCKRET(pthread_detach(thr))
#define ods_thread_self() pthread_self()
#define ods_thread_join(thr) LOCKRET(pthread_join(thr, NULL))
#define ods_thread_kill(thr, sig) LOCKRET(pthread_kill(thr, sig))
int ods_thread_create(pthread_t *thr, void *(*func)(void *), void *arg);
int ods_thread_wait(cond_basic_type* cond, lock_basic_type* lock, time_t wait);
void ods_thread_blocksigs(void);
#else /* !HAVE_PTHREAD */
/* we do not have PTHREADS */
#define PTHREADS_DISABLED 1
typedef int lock_basic_type;
#define lock_basic_init(lock) /* nop */
#define lock_basic_destroy(lock) /* nop */
#define lock_basic_lock(lock) /* nop */
#define lock_basic_unlock(lock) /* nop */
#define lock_basic_set(cond) /* nop */
#define lock_basic_sleep(cond, lock, sleep) /* nop */
#define lock_basic_alarm(cond) /* nop */
#define lock_basic_broadcast(cond) /* nop */
#define lock_basic_off(cond) /* nop */
typedef pid_t ods_thread_type;
#define ods_thread_create(thr, func, arg) ods_thr_fork_create(thr, func, arg)
#define ods_thread_detach(thr) /* nop */
#define ods_thread_self() getpid()
#define ods_thread_join(thr) ods_thr_fork_wait(thr)
void ods_thr_fork_create(ods_thread_type* thr, void* (*func)(void*), void* arg);
void ods_thr_fork_wait(ods_thread_type thread);
#endif /* HAVE_PTHREAD */
void ods_thread_blocksigs(void);
#endif /* SHARED_LOCKS_H */
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/shared/log.c������������������������������������������������������������0000644�0001750�0001750�00000021552�12650165732�015074� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLnet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Logging.
*
*/
#include "config.h"
#include "shared/duration.h"
#include "shared/file.h"
#include "shared/log.h"
#include "shared/util.h"
#ifdef HAVE_SYSLOG_H
static int logging_to_syslog = 0;
#endif /* !HAVE_SYSLOG_H */
#include /* va_start(), va_end() */
#include /* fflush, fprintf(), vsnprintf() */
#include /* exit() */
#include /* strlen() */
static FILE* logfile = NULL;
static int log_level = LOG_CRIT;
#define CTIME_LENGTH 26
/**
* Use _r() functions on platforms that have. They are thread safe versions of
* the normal syslog functions. Platforms without _r() usually have thread safe
* normal functions.
*/
#if defined(HAVE_SYSLOG_R) && defined(HAVE_OPENLOG_R) && defined(HAVE_CLOSELOG_R)
struct syslog_data sdata = SYSLOG_DATA_INIT;
#else
#undef HAVE_SYSLOG_R
#undef HAVE_OPENLOG_R
#undef HAVE_CLOSELOG_R
#endif
/* TODO:
- log_init should have program_name variable
- wrap special case logging onto generic one
- check if xml-specific logging functions are still neeeded (enforcer)
-
*/
#define MY_PACKAGE_TARNAME "ods-signerd"
static const char* log_str = "log";
/**
* Initialize logging.
*
*/
void
ods_log_init(const char *filename, int use_syslog, int verbosity)
{
#ifdef HAVE_SYSLOG_H
int facility;
#endif /* HAVE_SYSLOG_H */
ods_log_verbose("[%s] switching log to %s verbosity %i (log level %i)",
log_str, use_syslog?"syslog":(filename&&filename[0]?filename:"stderr"),
verbosity, verbosity+2);
if (logfile && logfile != stderr) {
ods_fclose(logfile);
}
log_level = verbosity + 2;
#ifdef HAVE_SYSLOG_H
if(logging_to_syslog) {
#ifdef HAVE_CLOSELOG_R
closelog_r(&sdata);
#else
closelog();
#endif
logging_to_syslog = 0;
}
if(use_syslog) {
facility = ods_log_get_facility(filename);
#ifdef HAVE_OPENLOG_R
openlog_r(MY_PACKAGE_TARNAME, LOG_NDELAY, facility, &sdata);
#else
openlog(MY_PACKAGE_TARNAME, LOG_NDELAY, facility);
#endif
logging_to_syslog = 1;
return;
}
#endif /* HAVE_SYSLOG_H */
if(filename && filename[0]) {
logfile = ods_fopen(filename, NULL, "a");
if (logfile) {
ods_log_debug("[%s] new logfile %s", log_str, filename);
return;
}
logfile = stderr;
ods_log_warning("[%s] cannot open %s for appending, logging to "
"stderr", log_str, filename);
} else {
logfile = stderr;
}
return;
}
/**
* Close logging.
*
*/
void
ods_log_close(void)
{
ods_log_debug("[%s] close log", log_str);
ods_log_init(NULL, 0, 0);
}
/**
* Get facility by string.
* ods_log_get_user
* ods_log_get_facility
* return error, LOG_*** as a parameter
*
*/
#ifdef HAVE_SYSLOG_H
int
ods_log_get_facility(const char* facility)
{
int length;
if (!facility) {
return LOG_DAEMON;
}
length = strlen(facility);
if (length == 4 && strncasecmp(facility, "KERN", 4) == 0)
return LOG_KERN;
else if (length == 4 && strncasecmp(facility, "USER", 4) == 0)
return LOG_USER;
else if (length == 4 && strncasecmp(facility, "MAIL", 4) == 0)
return LOG_MAIL;
else if (length == 6 && strncasecmp(facility, "DAEMON", 6) == 0)
return LOG_DAEMON;
else if (length == 4 && strncasecmp(facility, "AUTH", 4) == 0)
return LOG_AUTH;
else if (length == 3 && strncasecmp(facility, "LPR", 3) == 0)
return LOG_LPR;
else if (length == 4 && strncasecmp(facility, "NEWS", 4) == 0)
return LOG_NEWS;
else if (length == 4 && strncasecmp(facility, "UUCP", 4) == 0)
return LOG_UUCP;
else if (length == 4 && strncasecmp(facility, "CRON", 4) == 0)
return LOG_CRON;
else if (length == 6 && strncasecmp(facility, "LOCAL0", 6) == 0)
return LOG_LOCAL0;
else if (length == 6 && strncasecmp(facility, "LOCAL1", 6) == 0)
return LOG_LOCAL1;
else if (length == 6 && strncasecmp(facility, "LOCAL2", 6) == 0)
return LOG_LOCAL2;
else if (length == 6 && strncasecmp(facility, "LOCAL3", 6) == 0)
return LOG_LOCAL3;
else if (length == 6 && strncasecmp(facility, "LOCAL4", 6) == 0)
return LOG_LOCAL4;
else if (length == 6 && strncasecmp(facility, "LOCAL5", 6) == 0)
return LOG_LOCAL5;
else if (length == 6 && strncasecmp(facility, "LOCAL6", 6) == 0)
return LOG_LOCAL6;
else if (length == 6 && strncasecmp(facility, "LOCAL7", 6) == 0)
return LOG_LOCAL7;
ods_log_warning("[%s] syslog facility %s not supported, logging to "
"log_daemon", log_str, facility);
return LOG_DAEMON;
}
#endif /* HAVE_SYSLOG_H */
/**
* Get the log level.
*
*/
int
ods_log_get_level()
{
return log_level;
}
/**
* Log message wrapper.
*
*/
static void
ods_log_vmsg(int priority, const char* t, const char* s, va_list args)
{
char message[ODS_SE_MAXLINE];
static char nowstr[CTIME_LENGTH];
time_t now = time_now();
vsnprintf(message, sizeof(message), s, args);
#ifdef HAVE_SYSLOG_H
if (logging_to_syslog) {
#ifdef HAVE_SYSLOG_R
syslog_r(priority, &sdata, "%s", message);
#else
syslog(priority, "%s", message);
#endif
return;
}
#endif /* HAVE_SYSLOG_H */
if (!logfile) {
return;
}
(void) ctime_r(&now, nowstr);
nowstr[CTIME_LENGTH-2] = '\0'; /* remove trailing linefeed */
fprintf(logfile, "[%s] %s[%i] %s: %s\n", nowstr,
MY_PACKAGE_TARNAME, priority, t, message);
fflush(logfile);
}
/**
* Heavy debug logging.
*
*/
void
ods_log_deeebug(const char *format, ...)
{
va_list args;
va_start(args, format);
if (log_level >= LOG_DEEEBUG) {
ods_log_vmsg(LOG_DEBUG, "debug ", format, args);
}
va_end(args);
}
/**
* Log debug.
*
*/
void
ods_log_debug(const char *format, ...)
{
va_list args;
va_start(args, format);
if (log_level >= LOG_DEBUG) {
ods_log_vmsg(LOG_DEBUG, "debug ", format, args);
}
va_end(args);
}
/**
* Log verbose.
*
*/
void
ods_log_verbose(const char *format, ...)
{
va_list args;
va_start(args, format);
if (log_level >= LOG_INFO) {
ods_log_vmsg(LOG_INFO, "verbose", format, args);
}
va_end(args);
}
/**
* Log info.
*
*/
void
ods_log_info(const char *format, ...)
{
va_list args;
va_start(args, format);
if (log_level >= LOG_NOTICE) {
ods_log_vmsg(LOG_NOTICE, "msg ", format, args);
}
va_end(args);
}
/**
* Log warning.
*
*/
void
ods_log_warning(const char *format, ...)
{
va_list args;
va_start(args, format);
if (log_level >= LOG_WARNING) {
ods_log_vmsg(LOG_WARNING, "warning", format, args);
}
va_end(args);
}
/**
* Log error.
*
*/
void
ods_log_error(const char *format, ...)
{
va_list args;
va_start(args, format);
if (log_level >= LOG_ERR) {
ods_log_vmsg(LOG_ERR, "error ", format, args);
}
va_end(args);
}
/**
* Log critical.
*
*/
void
ods_log_crit(const char *format, ...)
{
va_list args;
va_start(args, format);
if (log_level >= LOG_CRIT) {
ods_log_vmsg(LOG_CRIT, "crit ", format, args);
}
va_end(args);
}
/**
* Log alert.
*
*/
void
ods_log_alert(const char *format, ...)
{
va_list args;
va_start(args, format);
if (log_level >= LOG_ALERT) {
ods_log_vmsg(LOG_ALERT, "alert ", format, args);
}
va_end(args);
}
/**
* Log emergency and exit.
*
*/
void
ods_fatal_exit(const char *format, ...)
{
va_list args;
va_start(args, format);
if (log_level >= LOG_CRIT) {
ods_log_vmsg(LOG_CRIT, "fatal ", format, args);
}
va_end(args);
abort();
}
������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/shared/privdrop.h�������������������������������������������������������0000644�0001750�0001750�00000004506�12650165732�016165� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 Nominet UK. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
*
* Privileges.
*/
#ifndef SHARED_PRIVDROP_H
#define SHARED_PRIVDROP_H
#include
#include
#include "shared/status.h"
/**
* Get the group identifier from a group name.
* \param[in] groupname group name
* \return gid_t group identifier
*
*/
gid_t privgid(const char* groupname);
/**
* Get the user identifier from a username.
* \param[in] username username
* \return uid_t user identifier
*
*/
uid_t privuid(const char* username);
/**
* Drop privileges.
* \param[in] username drop priviliges to this user
* \param[in] groupname drop priviliges to this group
* \param[in] newroot make this the new root directory
* \param[out] puid user id
* \param[out] pgid group id
* \return ods_status status.
*
*/
ods_status privdrop(const char *username, const char *groupname,
const char *newroot, uid_t* puid, gid_t* pgid);
/**
* Close privdrop.
* \param[in] username username
* \param[in] groupname group name
*
*/
void privclose(const char* username, const char* groupname);
#endif /* SHARED_PRIVDROP_H */
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/shared/status.c���������������������������������������������������������0000644�0001750�0001750�00000010553�12650165732�015635� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009-2011 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
*
* Status.
*/
#include "config.h"
#include "shared/status.h"
#include
ods_lookup_table ods_status_str[] = {
{ ODS_STATUS_OK, "All OK" },
{ ODS_STATUS_EOF, "End of file" },
{ ODS_STATUS_NOTIMPL, "Not implemented"},
{ ODS_STATUS_UPTODATE, "Up to date"},
{ ODS_STATUS_ASSERT_ERR, "Assertion error"},
{ ODS_STATUS_CFG_ERR, "Configuration error"},
{ ODS_STATUS_CHDIR_ERR, "Change directory failed"},
{ ODS_STATUS_CHROOT_ERR, "Change root failed"},
{ ODS_STATUS_CMDHANDLER_ERR, "Command handler error"},
{ ODS_STATUS_XFRHANDLER_ERR, "XFR handler error"},
{ ODS_STATUS_CONFLICT_ERR, "Conflict detected"},
{ ODS_STATUS_ERR, "General error"},
{ ODS_STATUS_FOPEN_ERR, "Unable to open file"},
{ ODS_STATUS_FSEEK_ERR, "fseek() failed"},
{ ODS_STATUS_FORK_ERR, "fork() failed"},
{ ODS_STATUS_FREAD_ERR, "Unable to read file"},
{ ODS_STATUS_FWRITE_ERR, "Unable to write file"},
{ ODS_STATUS_HSM_ERR, "HSM error"},
{ ODS_STATUS_INSECURE, "Insecure"},
{ ODS_STATUS_MALLOC_ERR, "Memory allocation error"},
{ ODS_STATUS_RENAME_ERR, "Unable to rename file"},
{ ODS_STATUS_UNLINK_ERR, "Unable to unlink file"},
{ ODS_STATUS_SOCK_BIND, "Unable to bind socket"},
{ ODS_STATUS_SOCK_FCNTL_NONBLOCK, "Unable to set socket to nonblocking"},
{ ODS_STATUS_SOCK_GETADDRINFO, "Unable to retrieve address information"},
{ ODS_STATUS_SOCK_LISTEN, "Unable to listen on socket"},
{ ODS_STATUS_SOCK_SETSOCKOPT_V6ONLY, "Unable to set socket to v6only"},
{ ODS_STATUS_SOCK_SOCKET_UDP, "Unable to create udp socket"},
{ ODS_STATUS_SOCK_SOCKET_TCP, "Unable to create tcp socket"},
{ ODS_STATUS_ACL_SUBNET_BAD_RANGE, "Bad subnet range"},
{ ODS_STATUS_ACL_SUBNET_OUT_RANGE, "Subnet out of range"},
{ ODS_STATUS_PARSE_ERR, "Parse error"},
{ ODS_STATUS_PRIVDROP_ERR, "Unable to drop privileges"},
{ ODS_STATUS_RNG_ERR, "RelaxNG error"},
{ ODS_STATUS_SETSID_ERR, "setsid() failed"},
{ ODS_STATUS_UNCHANGED, "Status unchanged"},
{ ODS_STATUS_WRITE_PIDFILE_ERR, "Unable to write process id to pidfile"},
{ ODS_STATUS_XML_ERR, "XML error"},
{ ODS_STATUS_XFR_NOT_READY, "Incoming zone transfer not ready"},
{ ODS_STATUS_SKIPDNAME, "Failed to skip domain name"},
{ ODS_STATUS_BUFAVAIL, "Insufficient space available in buffer"},
{ ODS_STATUS_PARSESOA, "Failed to parse SOA RR"},
{ ODS_STATUS_REQAXFR, "Got IXFR, but AXFR required"},
{ ODS_STATUS_INSERIAL, "Serial mismatch"},
{ ODS_STATUS_XFRBADFORM, "XFR bad format"},
{ ODS_STATUS_XFRINCOMPLETE, "XFR on disk incomplete (in progress?)"},
{ 0, NULL }
};
ods_lookup_table*
ods_lookup_by_id(ods_lookup_table *table, int id)
{
while (table->name != NULL) {
if (table->id == id) {
return table;
}
table++;
}
return NULL;
}
/**
* Look up a descriptive text by each status.
*
*/
const char*
ods_status2str(ods_status status)
{
ods_lookup_table *lt;
lt = ods_lookup_by_id(ods_status_str, status);
if (lt) {
return lt->name;
}
return NULL;
}
�����������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/shared/util.h�����������������������������������������������������������0000644�0001750�0001750�00000007025�12650165732�015274� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
*
* Utility tools.
*/
#ifndef UTIL_UTIL_H
#define UTIL_UTIL_H
#include "config.h"
#include "shared/status.h"
#ifdef HAVE_SYS_TYPES_H
# include
#endif
#ifdef HAVE_UNISTD_H
# include
#endif
#include
#define SE_SOA_RDATA_SERIAL 2
#define SE_SOA_RDATA_EXPIRE 5
#define SE_SOA_RDATA_MINIMUM 6
/* copycode: This define is taken from BIND9 */
#define DNS_SERIAL_GT(a, b) ((int)(((a) - (b)) & 0xFFFFFFFF) > 0)
/**
* Check if a RR is a DNSSEC RR (RRSIG, NSEC, NSEC3 or NSEC3PARAMS).
* \param[in] rr RR
* \return int 1 on true, 0 on false
*
*/
int util_is_dnssec_rr(ldns_rr* rr);
/**
* Compare SERIALs.
* \param serial_new new SERIAL value
* \param serial_old old SERIAL value
* \return int 0 if the new SERIAL <= old SERIAL, non-zero otherwise
*
*/
int util_serial_gt(uint32_t serial_new, uint32_t serial_old);
/**
* Compare RRs, ignore SOA SERIAL.
* \param[in] rr1 RR
* \param[in] rr2 another RR
* \return int 0 if equal SOA RRs, 1 otherwise
*
*/
int util_soa_compare(ldns_rr* rr1, ldns_rr* rr2);
/**
* Compare RRs only on RDATA.
* \param[in] rr1 RR
* \param[in] rr2 another RR
* \param[out] cmp compare value
* \return status compare status
*
*/
ldns_status util_dnssec_rrs_compare(ldns_rr* rr1, ldns_rr* rr2, int* cmp);
/**
* A more efficient ldns_dnssec_rrs_add_rr(), get rid of ldns_rr_compare().
* \param[in] rrs RRset
* \param[in] rr to add
* \return ldns_status status
*
*/
ldns_status util_dnssec_rrs_add_rr(ldns_dnssec_rrs *rrs, ldns_rr *rr);
/**
* Check process id file.
* \param[in] pidfile pid filename
* \return int status (0 if process id in pidfile is running)
*
*/
int util_check_pidfile(const char* pidfile);
/**
* Write process id to file.
* \param[in] pidfile pid filename
* \param[in] pid process id
* \return int status
*
*/
int util_write_pidfile(const char* pidfile, pid_t pid);
/**
* Print an LDNS RR, check status.
* \param[in] fd file descriptor
* \param[in] rr RR
* \return ods_status status
*
*/
ods_status util_rr_print(FILE* fd, const ldns_rr* rr);
/**
* Calculates the size needed to store the result of b64_pton.
* \param[in] len strlen
* \return size of b64_pton
*
*/
size_t util_b64_pton_calculate_size(size_t srcsize);
#endif /* UTIL_UTIL_H */
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/shared/hsm.c������������������������������������������������������������0000644�0001750�0001750�00000016223�12650165732�015101� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Hardware Security Module support.
*
*/
#include "daemon/engine.h"
#include "shared/hsm.h"
#include "shared/log.h"
static const char* hsm_str = "hsm";
/**
* Open HSM.
*
*/
int
lhsm_open(const char* filename)
{
int result = hsm_open(filename, hsm_check_pin);
if (result != HSM_OK) {
char* error = hsm_get_error(NULL);
if (error != NULL) {
ods_log_error("[%s] %s", hsm_str, error);
free(error);
} else {
ods_log_crit("[%s] error opening libhsm (errno %i)", hsm_str,
result);
}
/* exit? */
} else {
ods_log_info("[%s] libhsm connection opened succesfully", hsm_str);
}
return result;
}
/**
* Reopen HSM.
*
*/
int
lhsm_reopen(const char* filename)
{
if (hsm_check_context(NULL) != HSM_OK) {
ods_log_warning("[%s] idle libhsm connection, trying to reopen",
hsm_str);
hsm_close();
return lhsm_open(filename);
}
return HSM_OK;
}
/**
* Clear key cache.
*
*/
static void
lhsm_clear_key_cache(key_type* key)
{
if (!key) {
return;
}
if (key->dnskey) {
/* DNSKEY still exists in zone */
key->dnskey = NULL;
}
if (key->hsmkey) {
hsm_key_free(key->hsmkey);
key->hsmkey = NULL;
}
if (key->params) {
hsm_sign_params_free(key->params);
key->params = NULL;
}
return;
}
/**
* Check the HSM connection, reload engine if necessary.
*
*/
void
lhsm_check_connection(void* engine)
{
engine_type* e = (engine_type*) engine;
if (hsm_check_context(NULL) != HSM_OK) {
ods_log_warning("[%s] idle libhsm connection, trying to reopen",
hsm_str);
engine_stop_drudgers(e);
hsm_close();
(void)lhsm_open(e->config->cfg_filename);
engine_start_drudgers((engine_type*) engine);
} else {
ods_log_debug("[%s] libhsm connection ok", hsm_str);
}
return;
}
/**
* Get key from one of the HSMs.
*
*/
ods_status
lhsm_get_key(hsm_ctx_t* ctx, ldns_rdf* owner, key_type* key_id)
{
char *error = NULL;
int retries = 0;
if (!owner || !key_id) {
ods_log_error("[%s] unable to get key: missing required elements",
hsm_str);
return ODS_STATUS_ASSERT_ERR;
}
lhsm_key_start:
/* set parameters */
if (!key_id->params) {
key_id->params = hsm_sign_params_new();
if (key_id->params) {
key_id->params->owner = ldns_rdf_clone(owner);
key_id->params->algorithm = key_id->algorithm;
key_id->params->flags = key_id->flags;
} else {
/* could not create params */
error = hsm_get_error(ctx);
if (error) {
ods_log_error("[%s] %s", hsm_str, error);
free((void*)error);
} else if (!retries) {
lhsm_clear_key_cache(key_id);
retries++;
goto lhsm_key_start;
}
ods_log_error("[%s] unable to get key: create params for key %s "
"failed", hsm_str, key_id->locator?key_id->locator:"(null)");
return ODS_STATUS_ERR;
}
}
/* lookup key */
if (!key_id->hsmkey) {
key_id->hsmkey = hsm_find_key_by_id(ctx, key_id->locator);
}
if (!key_id->hsmkey) {
error = hsm_get_error(ctx);
if (error) {
ods_log_error("[%s] %s", hsm_str, error);
free((void*)error);
} else if (!retries) {
lhsm_clear_key_cache(key_id);
retries++;
goto lhsm_key_start;
}
/* could not find key */
ods_log_error("[%s] unable to get key: key %s not found", hsm_str,
key_id->locator?key_id->locator:"(null)");
return ODS_STATUS_ERR;
}
/* get dnskey */
if (!key_id->dnskey) {
key_id->dnskey = hsm_get_dnskey(ctx, key_id->hsmkey, key_id->params);
}
if (!key_id->dnskey) {
error = hsm_get_error(ctx);
if (error) {
ods_log_error("[%s] %s", hsm_str, error);
free((void*)error);
} else if (!retries) {
lhsm_clear_key_cache(key_id);
retries++;
goto lhsm_key_start;
}
ods_log_error("[%s] unable to get key: hsm failed to create dnskey",
hsm_str);
return ODS_STATUS_ERR;
}
key_id->params->keytag = ldns_calc_keytag(key_id->dnskey);
return ODS_STATUS_OK;
}
/**
* Get RRSIG from one of the HSMs, given a RRset and a key.
*
*/
ldns_rr*
lhsm_sign(hsm_ctx_t* ctx, ldns_rr_list* rrset, key_type* key_id,
ldns_rdf* owner, time_t inception, time_t expiration)
{
char* error = NULL;
ldns_rr* result = NULL;
hsm_sign_params_t* params = NULL;
if (!owner || !key_id || !rrset || !inception || !expiration) {
ods_log_error("[%s] unable to sign: missing required elements",
hsm_str);
return NULL;
}
ods_log_assert(key_id->dnskey);
ods_log_assert(key_id->hsmkey);
ods_log_assert(key_id->params);
/* adjust parameters */
params = hsm_sign_params_new();
params->owner = ldns_rdf_clone(key_id->params->owner);
params->algorithm = key_id->algorithm;
params->flags = key_id->flags;
params->inception = inception;
params->expiration = expiration;
params->keytag = key_id->params->keytag;
ods_log_deeebug("[%s] sign RRset[%i] with key %s tag %u", hsm_str,
ldns_rr_get_type(ldns_rr_list_rr(rrset, 0)),
key_id->locator?key_id->locator:"(null)", params->keytag);
result = hsm_sign_rrset(ctx, rrset, key_id->hsmkey, params);
hsm_sign_params_free(params);
if (!result) {
error = hsm_get_error(ctx);
if (error) {
ods_log_error("[%s] %s", hsm_str, error);
free((void*)error);
}
ods_log_crit("[%s] error signing rrset with libhsm", hsm_str);
}
return result;
}
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/shared/file.c�����������������������������������������������������������0000644�0001750�0001750�00000033774�12650165732�015243� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
*
* File access.
*/
#include "config.h"
#include "shared/file.h"
#include "shared/log.h"
#include
#include
#include
#include
#include
#include
#include
#include
#include
#define BUFFER_SIZE (16 * 1024) /* use 16K buffers */
static const char* file_str = "file";
static unsigned int file_count = 0;
/**
* Convert file mode to readable string.
*
*/
const char*
ods_file_mode2str(const char* mode)
{
if (!mode) {
return "no mode";
}
if (ods_strcmp(mode, "a") == 0) {
return "appending";
} else if (ods_strcmp(mode, "r") == 0) {
return "reading";
} else if (ods_strcmp(mode, "w") == 0) {
return "writing";
}
return "unknown mode";
}
/**
* Get next char.
*
*/
int
ods_fgetc(FILE* fd, unsigned int* line_nr)
{
int c;
ods_log_assert(fd);
ods_log_assert(line_nr);
c = fgetc(fd);
if (c == '\n') {
(*line_nr)++;
}
if (c == EOF && errno != 0) {
ods_log_crit("[%s] fgetc() failed, enough memory? (%s)",
file_str, strerror(errno));
}
return c;
}
/**
* Skip white space.
*
*/
int
ods_skip_whitespace(FILE* fd, unsigned int* line_nr)
{
int c;
ods_log_assert(fd);
ods_log_assert(line_nr);
while ((c=ods_fgetc(fd, line_nr)) != EOF) {
if (c == ' ' || c == '\t' || c == '\r') {
continue;
}
return c;
}
return EOF;
}
/**
* Construct file name. (StrAppend?, snprintf?)
*
*/
char*
ods_build_path(const char* file, const char* suffix, int dir, int no_slash)
{
size_t len_file = 0;
size_t len_suffix = 0;
size_t len_total = 0;
char* openf = NULL;
const char* f = "root";
if (file) {
if (ods_strcmp(file, ".")) {
f = file;
}
len_file = strlen(f);
if (suffix) {
len_suffix = strlen(suffix);
}
len_total = len_suffix + len_file;
if (dir) {
len_total++;
}
if (len_total > 0) {
openf = (char*) malloc(sizeof(char)*(len_total + 1));
if (!openf) {
ods_log_crit("[%s] build path failed: malloc failed", file_str);
return NULL;
}
strncpy(openf, f, len_file);
openf[len_file] = '\0';
if (no_slash) {
size_t i = 0;
for (i=0; i 0) {
openf = (char*) malloc(sizeof(char)*(len_total + 1));
if (!openf) {
ods_log_error("[%s] unable to open file %s%s%s for %s: malloc() "
"failed", file_str, (dir?dir:""), (dir?"/":""),
(file?file:"(null)"), ods_file_mode2str(mode));
return NULL;
}
if (dir) {
strncpy(openf, dir, len_dir);
openf[len_dir] = '\0';
if (file) {
strncat(openf, file, len_file);
}
} else if (file) {
strncpy(openf, file, len_file);
}
openf[len_total] = '\0';
if (len_file) {
fd = fopen(openf, mode);
if (!fd) {
ods_log_debug("[%s] unable to open file %s for %s: %s",
file_str, openf,
ods_file_mode2str(mode), strerror(errno));
} else {
file_count++;
ods_log_debug("[%s] openfile %s count %u", file_str, openf, file_count);
}
}
free((void*) openf);
}
return fd;
}
/**
* Close a file.
*
*/
void
ods_fclose(FILE* fd)
{
if (fd) {
file_count--;
fclose(fd);
}
return;
}
/**
* Write to file descriptor.
*
*/
ssize_t
ods_writen(int fd, const void* vptr, size_t n)
{
size_t nleft;
ssize_t nwritten;
const char* ptr;
ptr = vptr;
nleft = n;
while (nleft > 0) {
if ((nwritten = write(fd, ptr, nleft)) <= 0) {
if (nwritten < 0 && errno == EINTR) {
nwritten = 0; /* and call write again */
} else {
return -1; /* error */
}
}
nleft -= nwritten;
ptr += nwritten;
}
return n;
}
/**
* Get file last modified.
*
*/
time_t
ods_file_lastmodified(const char* file)
{
int ret;
struct stat buf;
FILE* fd;
ods_log_assert(file);
if ((fd = ods_fopen(file, NULL, "r")) != NULL) {
ret = stat(file, &buf);
if (ret == -1) {
ods_log_warning("[%s] unable to stat file %s: %s", file_str,
file, strerror(errno));
}
ods_fclose(fd);
return buf.st_mtime;
} else {
ods_log_debug("[%s] unable to stat file %s: ods_fopen() failed",
file_str, file);
}
return 0;
}
/**
* Compare strings.
*
*/
int
ods_strcmp(const char* s1, const char* s2)
{
if (!s1 && !s2) {
return 0;
} else if (!s1) {
return -1;
} else if (!s2) {
return 1;
} else if (strlen(s1) != strlen(s2)) {
if (strncmp(s1, s2, strlen(s1)) == 0) {
return strlen(s1) - strlen(s2);
}
}
return strncmp(s1, s2, strlen(s1));
}
/**
* Compare a string lowercased
*
*/
int
ods_strlowercmp(const char* str1, const char* str2)
{
while (str1 && str2 && *str1 != '\0' && *str2 != '\0') {
if (tolower((int)*str1) != tolower((int)*str2)) {
if (tolower((int)*str1) < tolower((int)*str2)) {
return -1;
}
return 1;
}
str1++;
str2++;
}
if (str1 && str2) {
if (*str1 == *str2) {
return 0;
} else if (*str1 == '\0') {
return -1;
}
} else if (!str1 && !str2) {
return 0;
} else if (!str1 && str2) {
return -1;
}
return 1;
}
/**
* Replace a substring in string.
*
*/
const char*
ods_replace(const char *str, const char *oldstr, const char *newstr)
{
char* buffer = NULL;
char* ch = NULL;
size_t part1_len = 0;
size_t part2_len = 0;
size_t part3_len = 0;
if (!str) {
return NULL;
}
if (!oldstr || !newstr) {
return str;
}
if (!(ch = strstr(str, oldstr))) {
buffer = strdup(str);
return buffer;
}
part1_len = ch-str;
part2_len = strlen(newstr);
part3_len = strlen(ch+strlen(oldstr));
buffer = calloc(part1_len+part2_len+part3_len+1, sizeof(char));
if (!buffer) {
return NULL;
}
if (part1_len) {
strncpy(buffer, str, part1_len);
buffer[part1_len] = '\0';
if (part2_len) {
strncat(buffer, str, part2_len);
buffer[part1_len+part2_len] = '\0';
}
} else {
strncpy(buffer, newstr, part2_len);
buffer[part2_len] = '\0';
}
if (part3_len) {
strncat(buffer, ch+strlen(oldstr), part3_len);
buffer[part1_len+part2_len+part3_len] = '\0';
}
buffer[ch-str] = '\0';
snprintf(buffer+(ch-str), SYSTEM_MAXLEN, "%s%s", newstr, ch+strlen(oldstr));
return buffer;
}
/**
* File copy.
*
*/
ods_status
ods_file_copy(const char* file1, const char* file2, long startpos, int append)
{
char buf[BUFFER_SIZE];
int fin = 0;
int fout = 0;
int read_size = 0;
if (!file1 || !file2) {
return ODS_STATUS_ASSERT_ERR;
}
if ((fin = open(file1, O_RDONLY|O_NONBLOCK)) < 0) {
return ODS_STATUS_FOPEN_ERR;
}
if (append) {
fout = open(file2, O_WRONLY|O_APPEND|O_CREAT, 0666);
} else {
fout = open(file2, O_WRONLY|O_TRUNC|O_CREAT, 0666);
}
if (fout < 0) {
close(fin);
return ODS_STATUS_FOPEN_ERR;
}
ods_log_debug("[%s] lseek file %s pos %ld", file_str, file1, startpos);
if (lseek(fin, startpos, SEEK_SET) < 0) {
close(fin);
close(fout);
return ODS_STATUS_FSEEK_ERR;
}
while (1) {
read_size = read(fin, buf, sizeof(buf));
if (read_size == 0) {
break;
}
if (read_size < 0) {
ods_log_error("[%s] read file %s error %s", file_str, file1,
strerror(errno));
close(fin);
close(fout);
return ODS_STATUS_FREAD_ERR;
}
if (write(fout, buf, (unsigned int) read_size) < 0) {
ods_log_error("[%s] write file %s error %s", file_str, file1,
strerror(errno));
close(fin);
close(fout);
return ODS_STATUS_FWRITE_ERR;
}
}
close(fin);
close(fout);
return ODS_STATUS_OK;
}
/**
* Get directory part of filename.
*
*/
char*
ods_dir_name(const char* file) {
int l = strlen(file);
char* dir = NULL;
ods_log_assert(file);
/* find seperator */
while (l>0 && strncmp(file + (l-1), "/", 1) != 0) {
l--;
}
/* now strip off (multiple seperators) */
while (l>0 && strncmp(file + (l-1), "/", 1) == 0) {
l--;
}
if (l) {
dir = (char*) calloc(l+1, sizeof(char));
if (dir) {
dir = strncpy(dir, file, l);
}
return dir;
}
return NULL;
}
/**
* (Create) and change ownership of directories
*
*/
void
ods_chown(const char* file, uid_t uid, gid_t gid, int getdir)
{
char* dir = NULL;
if (!file) {
ods_log_warning("[%s] no filename given for chown()", file_str);
return;
}
if (!getdir) {
ods_log_debug("[%s] create and chown %s with user=%ld group=%ld",
file_str, file, (signed long) uid, (signed long) gid);
if (chown(file, uid, gid) != 0) {
ods_log_error("[%s] chown() %s failed: %s", file_str, file,
strerror(errno));
}
} else if ((dir = ods_dir_name(file)) != NULL) {
ods_log_debug("[%s] create and chown %s with user=%ld group=%ld",
file_str, dir, (signed long) uid, (signed long) gid);
if (chown(dir, uid, gid) != 0) {
ods_log_error("[%s] chown() %s failed: %s", file_str,
dir, strerror(errno));
}
free((void*) dir);
} else {
ods_log_warning("[%s] use of relative path: %s", file_str, file);
}
return;
}
/**
* Remove leading and trailing whitespace.
*
*/
void
ods_str_trim(char* str)
{
int i = strlen(str), nl = 0;
/* trailing */
while (i>0) {
--i;
if (str[i] == '\n') {
nl = 1;
}
if (str[i] == ' ' || str[i] == '\t' || str[i] == '\n') {
str[i] = '\0';
} else {
break;
}
}
if (nl) {
str[++i] = '\n';
}
/* leading */
i = 0;
while (str[i] == ' ' || str[i] == '\t') {
i++;
}
while (*(str+i) != '\0') {
*str = *(str+i);
str++;
}
*str = '\0';
return;
}
/**
* Add a string to a list of strings. Taken from ods-enforcer.
*
*/
void
ods_str_list_add(char*** list, char* str)
{
char** old = NULL;
size_t count = 0;
if (*list) {
for (count=0; (*list)[count]; ++count) {
;
}
old = *list;
*list = (char**) calloc(sizeof(char*), count+2);
if (!*list) {
ods_fatal_exit("[%s] fatal ods_str_list_add(): calloc() failed",
file_str);
}
if (old) {
memcpy(*list, old, count * sizeof(char*));
}
free(old);
(*list)[count] = str;
(*list)[count+1] = NULL;
} else {
/** List is NULL, allocate new */
*list = calloc(sizeof(char*), 2);
if (!*list) {
ods_fatal_exit("[%s] fatal ods_str_list_add(): calloc() failed",
file_str);
}
(*list)[0] = str;
}
return;
}
����opendnssec-1.4.9/signer/src/shared/duration.h�������������������������������������������������������0000644�0001750�0001750�00000007350�12650165732�016145� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
*
* Durations.
*/
#ifndef UTIL_DURATION_H
#define UTIL_DURATION_H
#include "config.h"
#include "shared/allocator.h"
#include
#include
/**
* Duration.
*
*/
typedef struct duration_struct duration_type;
struct duration_struct
{
allocator_type* allocator;
time_t years;
time_t months;
time_t weeks;
time_t days;
time_t hours;
time_t minutes;
time_t seconds;
};
/**
* Create a new 'instant' duration.
* \return duration_type* created duration
*
*/
duration_type* duration_create(void);
/**
* Compare durations.
* \param[in] d1 one duration
* \param[in] d2 another duration
* \return int 0 if equal, -1 if d1 < d2, 1 if d2 < d1
*
*/
int duration_compare(duration_type* d1, duration_type* d2);
/**
* Create a duration from string.
* \param[in] str string-format duration
* \return duration_type* created duration
*
*/
duration_type* duration_create_from_string(const char* str);
/**
* Convert a duration to a string.
* \param[in] duration duration to be converted
* \return char* string-format duration
*
*/
char* duration2string(duration_type* duration);
/**
* Convert a duration to a time.
* \param[in] duration duration to be converted
* \return time_t time-format duration
*
*/
time_t duration2time(duration_type* duration);
/**
* Return a random time.
* \param[in] mod modulo
* \return time_t random time
*
*/
time_t ods_rand(time_t mod);
/**
* Return the shortest time.
* \param[in] a one time
* \param[in] b another time
* \return time_t the shortest time
*
*/
time_t time_minimum(time_t a, time_t b);
/**
* Return the longest time.
* \param[in] a one time
* \param[in] b another time
* \return time_t the shortest time
*
*/
time_t time_maximum(time_t a, time_t b);
/**
* Convert time into string.
* \param[in] n time
* \param[in] s string
*
*/
void time_itoa(time_t n, char* s);
/**
* Return time in datestamp.
* \param[in] tt time
* \param[in] format stamp format
* \param[out] str store string
* \return uint32_t integer based datestamp.
*
*/
uint32_t time_datestamp(time_t tt, const char* format, char** str);
/**
* Return the time since Epoch, measured in seconds.
* If the timeshift is enabled, return the environment variable.
* \return time_t now (or timeshift).
*
*/
time_t time_now(void);
/**
* Clean up duration.
* \param[in] duration duration to be cleaned up
*
*/
void duration_cleanup(duration_type* duration);
#endif /* UTIL_DURATION_H */
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/shared/status.h���������������������������������������������������������0000644�0001750�0001750�00000006355�12650165732�015647� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2010-2011 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
*
* Status.
*/
#ifndef UTIL_STATUS_H
#define UTIL_STATUS_H
#include "config.h"
enum ods_enum_status {
ODS_STATUS_OK,
ODS_STATUS_EOF,
ODS_STATUS_NOTIMPL,
ODS_STATUS_UPTODATE,
ODS_STATUS_ASSERT_ERR,
ODS_STATUS_CFG_ERR,
ODS_STATUS_CHDIR_ERR,
ODS_STATUS_CHROOT_ERR,
ODS_STATUS_CMDHANDLER_ERR,
ODS_STATUS_XFRHANDLER_ERR,
ODS_STATUS_CONFLICT_ERR,
ODS_STATUS_ERR,
ODS_STATUS_FOPEN_ERR,
ODS_STATUS_FSEEK_ERR,
ODS_STATUS_FORK_ERR,
ODS_STATUS_FREAD_ERR,
ODS_STATUS_FWRITE_ERR,
ODS_STATUS_HSM_ERR,
ODS_STATUS_INSECURE,
ODS_STATUS_MALLOC_ERR,
ODS_STATUS_RENAME_ERR,
ODS_STATUS_UNLINK_ERR,
ODS_STATUS_SOCK_BIND,
ODS_STATUS_SOCK_FCNTL_NONBLOCK,
ODS_STATUS_SOCK_GETADDRINFO,
ODS_STATUS_SOCK_LISTEN,
ODS_STATUS_SOCK_SETSOCKOPT_V6ONLY,
ODS_STATUS_SOCK_SOCKET_UDP,
ODS_STATUS_SOCK_SOCKET_TCP,
ODS_STATUS_ACL_SUBNET_BAD_RANGE,
ODS_STATUS_ACL_SUBNET_OUT_RANGE,
ODS_STATUS_PARSE_ERR,
ODS_STATUS_PRIVDROP_ERR,
ODS_STATUS_RNG_ERR,
ODS_STATUS_SETSID_ERR,
ODS_STATUS_UNCHANGED,
ODS_STATUS_WRITE_PIDFILE_ERR,
ODS_STATUS_XML_ERR,
ODS_STATUS_XFR_NOT_READY,
ODS_STATUS_SKIPDNAME,
ODS_STATUS_BUFAVAIL,
ODS_STATUS_PARSESOA,
ODS_STATUS_REQAXFR,
ODS_STATUS_INSERIAL,
ODS_STATUS_XFRBADFORM,
ODS_STATUS_XFRINCOMPLETE
};
typedef enum ods_enum_status ods_status;
typedef struct ods_struct_lookup_table ods_lookup_table;
struct ods_struct_lookup_table {
int id;
const char* name;
};
extern ods_lookup_table ods_status_str[];
/**
* Look up item in table.
* \param[in] table table
* \param[in] id identifier
*
*/
ods_lookup_table* ods_lookup_by_id(ods_lookup_table *table, int id);
/**
* Look up a descriptive text by each status.
* \param[in] status status identifierr
* \return const char* corresponding descriptive text
*
*/
const char *ods_status2str(ods_status status);
#endif /* UTIL_STATUS_H */
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/shared/locks.c����������������������������������������������������������0000644�0001750�0001750�00000012624�12650165732�015426� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Threading and locking.
*
*/
#include "config.h"
#include "shared/locks.h"
#include "shared/log.h"
#include
#include /* sigfillset(), sigprocmask() */
#include /* strerror() */
#ifdef HAVE_SYS_TIME_H
#include /* gettimeofday() */
#endif
#ifdef HAVE_TIME_H
#include /* gettimeofday() */
#endif
static const char* lock_str = "lock";
#if !defined(HAVE_PTHREAD)
#include /* waitpid() */
#include /* getpid(), waitpid() */
#include /* fork(), getpid() */
/**
* No threading available: fork a new process.
* This means no shared data structure, and no locking.
* Only the main thread ever returns. Exits on errors.
* @param thr: the location where to store the thread-id.
* @param func: function body of the thread. Return value of func is lost.
* @param arg: user argument to func.
*/
void
ods_thr_fork_create(ods_thread_type* thr, void* (*func)(void*), void* arg)
{
pid_t pid = fork();
switch (pid) {
case 0: /* child */
*thr = (ods_thread_type)getpid();
(void)(*func)(arg);
exit(0);
case -1: /* error */
ods_fatal_exit("[%s] unable to fork thread: %s", lock_str,
strerror(errno));
default: /* main */
*thr = (ods_thread_type)pid;
return;
}
return;
}
/**
* There is no threading. Wait for a process to terminate.
* Note that ub_thread_t is defined as pid_t.
* @param thread: the process id to wait for.
*/
void ods_thr_fork_wait(ods_thread_type thread)
{
int status = 0;
if (waitpid((pid_t)thread, &status, 0) == -1) {
ods_log_error("[%s] waitpid(%d): %s", lock_str, (int)thread,
strerror(errno));
}
if (status != 0) {
ods_log_warning("[%s] process %d abnormal exit with status %d",
lock_str, (int)thread, status);
}
return;
}
#else /* defined(HAVE_PTHREAD) */
int
ods_thread_create(pthread_t *thr, void *(*func)(void *), void *arg)
{
int ret, attr_set;
pthread_attr_t attr;
size_t stacksize;
attr_set = (
!pthread_attr_init(&attr)
&& !pthread_attr_getstacksize(&attr, &stacksize)
&& stacksize < ODS_MINIMUM_STACKSIZE
&& !pthread_attr_setstacksize(&attr, ODS_MINIMUM_STACKSIZE)
);
ret = pthread_create(thr, attr_set?&attr:NULL, func, arg);
if (attr_set)
(void) pthread_attr_destroy(&attr);
if ( ret != 0) {
ods_log_error("%s at %d could not pthread_create(thr, &attr, func, arg): %s",
__FILE__, __LINE__, strerror(ret));
}
return ret;
}
int
ods_thread_wait(cond_basic_type* cond, lock_basic_type* lock, time_t wait)
{
struct timespec ts;
int ret = 0;
/* If timeshift is enabled, we don't care about threads. No need
* to take the timeshift into account here */
#ifndef HAVE_CLOCK_GETTIME
struct timeval tv;
if (gettimeofday(&tv, NULL) != 0) {
ods_log_error("[%s] clock_gettime() error: %s", lock_str,
strerror(errno));
return 1;
}
ts.tv_sec = tv.tv_sec;
ts.tv_nsec = (tv.tv_usec/1000);
#else /* HAVE_CLOCK_GETTIME */
if (clock_gettime(CLOCK_REALTIME, &ts) < 0) {
ods_log_error("[%s] clock_gettime() error: %s", lock_str,
strerror(errno));
return 1;
}
#endif /* !HAVE_CLOCK_GETTIME */
if (wait > 0) {
ts.tv_sec = ts.tv_sec + wait;
ret = pthread_cond_timedwait(cond, lock, &ts);
} else {
ret = pthread_cond_wait(cond, lock);
}
if (ret == ETIMEDOUT) {
return 0;
}
return ret;
}
#endif /* defined(HAVE_PTHREAD) */
void
ods_thread_blocksigs(void)
{
#ifdef HAVE_PTHREAD
int err = 0;
#endif
sigset_t sigset;
sigfillset(&sigset);
#ifdef HAVE_PTHREAD
if((err=pthread_sigmask(SIG_SETMASK, &sigset, NULL)))
ods_fatal_exit("[%s] pthread_sigmask: %s", lock_str, strerror(err));
#else /* !HAVE_PTHREAD */
/* have nothing, do single process signal mask */
if(sigprocmask(SIG_SETMASK, &sigset, NULL) != 0)
ods_fatal_exit("[%s] sigprocmask: %s", lock_str, strerror(errno));
#endif /* HAVE_PTHREAD */
}
������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/shared/log.h������������������������������������������������������������0000644�0001750�0001750�00000010060�12650165732�015071� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLnet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Log wrapper.
*
*/
#ifndef SHARED_LOG_H
#define SHARED_LOG_H
#include "config.h"
#include
#include
#ifdef HAVE_SYSLOG_H
#include /* strncasecmp() */
#include /* openlog(), closelog(), syslog() */
#else /* !HAVE_SYSLOG_H */
#define LOG_EMERG 0 /* ods_fatal_exit */
#define LOG_ALERT 1 /* ods_log_alert */
#define LOG_CRIT 2 /* ods_log_crit */
#define LOG_ERR 3 /* ods_log_error */
#define LOG_WARNING 4 /* ods_log_warning */
#define LOG_NOTICE 5 /* ods_log_info */
#define LOG_INFO 6 /* ods_log_verbose */
#define LOG_DEBUG 7 /* ods_log_debug */
#endif /* HAVE_SYSLOG_H */
#define LOG_DEEEBUG 8 /* ods_log_deeebug */
/**
* Initialize logging.
* \param[in] filename logfile, stderr if NULL.
* \param[in] use_syslog: use syslog(3) and ingore filename
* \param[in] verbosity: log level
*
*/
void ods_log_init(const char *filename, int use_syslog, int verbosity);
/**
* Close logging.
*
*/
void ods_log_close(void);
/**
* Get the facility by string.
* \param[in] facility string based facility
* \return int facility
*
*/
int ods_log_get_facility(const char* facility);
/**
* Get the log level.
* \return int log_level
*
*/
int ods_log_get_level();
/**
* Heavy debug loggin.
* \param[in] format printf-style format string, arguments follow
*
*/
void ods_log_deeebug(const char *format, ...);
/**
* Log debug.
* \param[in] format printf-style format string, arguments follow
*
*/
void ods_log_debug(const char *format, ...);
/**
* Log verbose.
* \param[in] format printf-style format string, arguments follow
*
*/
void ods_log_verbose(const char *format, ...);
/**
* Log informational messages.
* \param[in] format printf-style format string, arguments follow
*
*/
void ods_log_info(const char *format, ...);
/**
* Log warnings.
* \param[in] format printf-style format string, arguments follow
*
*/
void ods_log_warning(const char *format, ...);
/**
* Log errors.
* \param[in] format printf-style format string, arguments follow
*
*/
void ods_log_error(const char *format, ...);
/**
* Log criticals.
* \param[in] format printf-style format string, arguments follow
*
*/
void ods_log_crit(const char *format, ...);
/**
* Log alerts.
* \param[in] format printf-style format string, arguments follow
*
*/
void ods_log_alert(const char *format, ...);
/**
* Log critical errors and exit.
* \param[in] format printf-style format string, arguments follow
*
*/
void ods_fatal_exit(const char *format, ...);
/**
* Log assertion.
*
*/
#define ODS_LOG_DEBUG 1
#ifdef ODS_LOG_DEBUG
#define ods_log_assert(x) \
do { if(!(x)) \
ods_fatal_exit("%s:%d: %s: assertion %s failed", \
__FILE__, __LINE__, __func__, #x); \
} while(0);
#else
#define ods_log_assert(x)
#endif
#endif /* SHARED_LOG_H */
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/shared/file.h�����������������������������������������������������������0000644�0001750�0001750�00000011423�12650165732�015233� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
*
* File access wrapper.
*/
#ifndef SHARED_FILE_H
#define SHARED_FILE_H
#include "config.h"
#include "shared/status.h"
#include
#include
#include
#ifdef HAVE_SYS_TYPES_H
# include
#endif
#ifdef HAVE_UNISTD_H
# include
#endif
#define SYSTEM_MAXLEN 1024
/**
* Convert file mode to readable string.
* \param[in] mode file mode
* \return const char* string
*
*/
const char* ods_file_mode2str(const char* mode);
/**
* Get next character.
* \param[in] fd file descriptor
* \param[in] line_nr line number
* \return int next character.
*
*/
int ods_fgetc(FILE* fd, unsigned int* line_nr);
/**
* Skip white space.
* \param[in] fd file descriptor
* \param[in] line_nr line number
* \return int first encountered non-whitespace character
*
*/
int ods_skip_whitespace(FILE* fd, unsigned int* line_nr);
/**
* Construct file or directory name.
* \param[in] file filename without extension
* \param[in] suffix extension.
* \param[in] dir directory or not
* \param[in] no_slash no forward slashes and such characters allowed
* \return char* concatenation of file and suffix
*
*/
char* ods_build_path(const char* file, const char* suffix, int dir,
int no_slash);
/**
* Open a file.
* \param[in] file filename.
* \param[in] dir directory.
* \param[in] mode file mode
* \return FILE* file descriptor
*
*/
FILE* ods_fopen(const char* file, const char* dir, const char* mode);
/**
* Close a file.
* \param[in] fd the file descriptor
*
*/
void ods_fclose(FILE* fd);
/**
* Write to file descriptor.
* \param[in] fd file descriptor
* \param[in] vptr pointer to data
* \param[in] n size of data
*
*/
ssize_t ods_writen(int fd, const void* vptr, size_t n);
/**
* Get file status.
* \param[in] file file name
* \return time_t last modified
*
*/
time_t ods_file_lastmodified(const char* file);
/**
* Compare strings.
* \param[in] s1 one string
* \param[in] s2 another string
* \return <0, 0 or >0
*
*/
int ods_strcmp(const char* s1, const char* s2);
/**
* Compare strings lowercased.
* \param[in] s1 one string
* \param[in] s2 another string
* \return -1, 0 or 1
*
*/
int ods_strlowercmp(const char* s1, const char* s2);
/**
* Replace a substring in string.
* \param[in] str The string
* \param[in] oldstr old substring
* \param[in] newstr new substring
* \return char* the substituted string.
*
*/
const char* ods_replace(const char *str, const char *oldstr,
const char *newstr);
/**
* Get directory part of filename.
* \param[in] file file name
* \return char* directory part
*
*/
char* ods_dir_name(const char* file);
/**
* Copy file.
* \param[in] file1 from file name
* \param[in] file2 to file name
* \param[in] startpos starting file position in file1
* \param[in] append whether to append or do a regular copy
* \return ods_status
*
*/
ods_status ods_file_copy(const char* file1, const char* file2, long startpos,
int append);
/**
* (Create) and change ownership of directories.
* \param[in] file file name
* \param[in] uid user id
* \param[in] gid group id
* \param[in] getdir fetch directory part
*
*/
void ods_chown(const char* file, uid_t uid, gid_t gid, int getdir);
/**
* Remove leading and trailing whitespace.
* \param[in] str string to trim
*
*/
void ods_str_trim(char* str);
/**
* Add a string to a list of strings. Taken from ods-enforcer.
* \param[out] list string list
* \param[in] str string to add
*
*/
void ods_str_list_add(char*** list, char* str);
#endif /* SHARED_FILE_H */
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/shared/duration.c�������������������������������������������������������0000644�0001750�0001750�00000033661�12650165732�016144� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
*
* Durations.
*/
#include "shared/allocator.h"
#include "shared/duration.h"
#include "shared/log.h"
#include
#include
#include
#include
static const char* duration_str = "duration";
/**
* Create a new 'instant' duration.
*
*/
duration_type*
duration_create(void)
{
duration_type* duration;
allocator_type* allocator = allocator_create(malloc, free);
if (!allocator) {
ods_log_error("[%s] cannot create: no allocator available",
duration_str);
return NULL;
}
duration = (duration_type*) allocator_alloc(allocator,
sizeof(duration_type));
if (!duration) {
ods_log_error("[%s] cannot create: allocator failed", duration_str);
allocator_cleanup(allocator);
return NULL;
}
duration->allocator = allocator;
duration->years = 0;
duration->months = 0;
duration->weeks = 0;
duration->days = 0;
duration->hours = 0;
duration->minutes = 0;
duration->seconds = 0;
return duration;
}
/**
* Compare durations.
*
*/
int
duration_compare(duration_type* d1, duration_type* d2)
{
if (!d1 && !d2) {
return 0;
}
if (!d1 || !d2) {
return d1?-1:1;
}
if (d1->years != d2->years) {
return d1->years - d2->years;
}
if (d1->months != d2->months) {
return d1->months - d2->months;
}
if (d1->weeks != d2->weeks) {
return d1->weeks - d2->weeks;
}
if (d1->days != d2->days) {
return d1->days - d2->days;
}
if (d1->hours != d2->hours) {
return d1->hours - d2->hours;
}
if (d1->minutes != d2->minutes) {
return d1->minutes - d2->minutes;
}
if (d1->seconds != d2->seconds) {
return d1->seconds - d2->seconds;
}
return 0;
}
/**
* Create a duration from string.
*
*/
duration_type*
duration_create_from_string(const char* str)
{
duration_type* duration = duration_create();
char* P, *X, *T, *W;
int not_weeks = 0;
if (!duration) {
ods_log_error("[%s] cannot create from string %s: create failed",
duration_str, str);
return NULL;
}
if (!str) {
return duration;
}
P = strchr(str, 'P');
if (!P) {
ods_log_error("[%s] cannot create from string %s: P not found",
duration_str, str);
duration_cleanup(duration);
return NULL;
}
T = strchr(str, 'T');
X = strchr(str, 'Y');
if (X) {
duration->years = atoi(str+1);
str = X;
not_weeks = 1;
}
X = strchr(str, 'M');
if (X && (!T || (size_t) (X-P) < (size_t) (T-P))) {
duration->months = atoi(str+1);
str = X;
not_weeks = 1;
}
X = strchr(str, 'D');
if (X) {
duration->days = atoi(str+1);
str = X;
not_weeks = 1;
}
if (T) {
str = T;
not_weeks = 1;
}
X = strchr(str, 'H');
if (X && T) {
duration->hours = atoi(str+1);
str = X;
not_weeks = 1;
}
X = strrchr(str, 'M');
if (X && T && (size_t) (X-P) > (size_t) (T-P)) {
duration->minutes = atoi(str+1);
str = X;
not_weeks = 1;
}
X = strchr(str, 'S');
if (X && T) {
duration->seconds = atoi(str+1);
str = X;
not_weeks = 1;
}
W = strchr(str, 'W');
if (W) {
if (not_weeks) {
ods_log_error("[%s] cannot create from string: parse error",
duration_str, P);
duration_cleanup(duration);
return NULL;
} else {
duration->weeks = atoi(str+1);
str = W;
}
}
return duration;
}
/**
* Get the number of digits in a number.
*
*/
static size_t
digits_in_number(time_t duration)
{
uint32_t period = (uint32_t) duration;
size_t count = 0;
if (!period) {
return 1;
}
while (period > 0) {
count++;
period /= 10;
}
return count;
}
/**
* Convert a duration to a string.
*
*/
char*
duration2string(duration_type* duration)
{
char* str = NULL, *num = NULL;
size_t count = 2;
int T = 0, D = 0;
if (!duration) {
return NULL;
}
if (duration->years > 0) {
count = count + 1 + digits_in_number(duration->years);
D = 1;
}
if (duration->months > 0) {
count = count + 1 + digits_in_number(duration->months);
D = 1;
}
if (duration->weeks > 0) {
count = count + 1 + digits_in_number(duration->weeks);
D = 1;
}
if (duration->days > 0) {
count = count + 1 + digits_in_number(duration->days);
D = 1;
}
if (duration->hours > 0) {
count = count + 1 + digits_in_number(duration->hours);
T = 1;
}
if (duration->minutes > 0) {
count = count + 1 + digits_in_number(duration->minutes);
T = 1;
}
if (duration->seconds > 0 ||
(!D && !duration->hours && !duration->minutes)) {
count = count + 1 + digits_in_number(duration->seconds);
T = 1;
}
if (T) {
count++;
}
str = (char*) calloc(count, sizeof(char));
str[0] = 'P';
str[1] = '\0';
if (duration->years > 0) {
count = digits_in_number(duration->years);
num = (char*) calloc(count+2, sizeof(char));
if (num) {
snprintf(num, count+2, "%uY", (uint32_t) duration->years);
str = strncat(str, num, count+2);
free((void*) num);
} else {
goto duration2string_num_calloc_failed;
}
}
if (duration->months > 0) {
count = digits_in_number(duration->months);
num = (char*) calloc(count+2, sizeof(char));
if (num) {
snprintf(num, count+2, "%uM", (uint32_t) duration->months);
str = strncat(str, num, count+2);
free((void*) num);
} else {
goto duration2string_num_calloc_failed;
}
}
if (duration->weeks > 0) {
count = digits_in_number(duration->weeks);
num = (char*) calloc(count+2, sizeof(char));
if (num) {
snprintf(num, count+2, "%uW", (uint32_t) duration->weeks);
str = strncat(str, num, count+2);
free((void*) num);
} else {
goto duration2string_num_calloc_failed;
}
}
if (duration->days > 0) {
count = digits_in_number(duration->days);
num = (char*) calloc(count+2, sizeof(char));
if (num) {
snprintf(num, count+2, "%uD", (uint32_t) duration->days);
str = strncat(str, num, count+2);
free((void*) num);
} else {
goto duration2string_num_calloc_failed;
}
}
if (T) {
str = strncat(str, "T", 1);
}
if (duration->hours > 0) {
count = digits_in_number(duration->hours);
num = (char*) calloc(count+2, sizeof(char));
if (num) {
snprintf(num, count+2, "%uH", (uint32_t) duration->hours);
str = strncat(str, num, count+2);
free((void*) num);
} else {
goto duration2string_num_calloc_failed;
}
}
if (duration->minutes > 0) {
count = digits_in_number(duration->minutes);
num = (char*) calloc(count+2, sizeof(char));
if (num) {
snprintf(num, count+2, "%uM", (uint32_t) duration->minutes);
str = strncat(str, num, count+2);
free((void*) num);
} else {
goto duration2string_num_calloc_failed;
}
}
if (duration->seconds > 0 ||
(!D && !duration->hours && !duration->minutes)) {
count = digits_in_number(duration->seconds);
num = (char*) calloc(count+2, sizeof(char));
if (num) {
snprintf(num, count+2, "%uS", (uint32_t) duration->seconds);
str = strncat(str, num, count+2);
free((void*) num);
} else {
goto duration2string_num_calloc_failed;
}
}
return str;
duration2string_num_calloc_failed:
ods_log_error("[%s] cannot create string: malloc error", duration_str);
free((void*) str);
return NULL;
}
/**
* Convert a duration to a time.
*
*/
time_t
duration2time(duration_type* duration)
{
time_t period = 0;
char* dstr = NULL;
if (duration) {
period += (duration->seconds);
period += (duration->minutes)*60;
period += (duration->hours)*3600;
period += (duration->days)*86400;
period += (duration->weeks)*86400*7;
period += (duration->months)*86400*31;
period += (duration->years)*86400*365;
if (duration->months || duration->years) {
/* [TODO] calculate correct number of days in this month/year */
dstr = duration2string(duration);
ods_log_warning("[%s] converting duration %s to approximate value",
duration_str, dstr?dstr:"(null)");
free((void*) dstr);
}
}
return period;
}
/**
* Return the shortest time.
*
*/
time_t
time_minimum(time_t a, time_t b)
{
return (a < b ? a : b);
}
/**
* Return the longest time.
*
*/
time_t
time_maximum(time_t a, time_t b)
{
return (a > b ? a : b);
}
/**
* Return a random time.
*
*/
time_t
ods_rand(time_t mod)
{
#ifdef HAVE_ARC4RANDOM_UNIFORM
return (time_t) (arc4random_uniform((uint32_t) mod+1));
#elif HAVE_ARC4RANDOM
return (time_t) (arc4random() % (unsigned) mod+1);
#else
return (time_t) (random() % (unsigned) mod+1);
#endif
}
#ifdef ENFORCER_TIMESHIFT
/* Number of days per month (except for February in leap years). */
static const int mdays[] = {
31, 28, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31
};
static int
is_leap_year(int year)
{
return year % 4 == 0 && (year % 100 != 0 || year % 400 == 0);
}
static int
leap_days(int y1, int y2)
{
--y1;
--y2;
return (y2/4 - y1/4) - (y2/100 - y1/100) + (y2/400 - y1/400);
}
/*
* Code taken from NSD 3.2.5, which is
* code adapted from Python 2.4.1 sources (Lib/calendar.py).
*/
static time_t
mktime_from_utc(const struct tm *tm)
{
int year = 1900 + tm->tm_year;
time_t days = 365 * ((time_t) (year - 1970)) +
((time_t) leap_days(1970, year));
time_t hours;
time_t minutes;
time_t seconds;
int i;
for (i = 0; i < tm->tm_mon; ++i) {
days += mdays[i];
}
if (tm->tm_mon > 1 && is_leap_year(year)) {
++days;
}
days += tm->tm_mday - 1;
hours = days * 24 + tm->tm_hour;
minutes = hours * 60 + tm->tm_min;
seconds = minutes * 60 + tm->tm_sec;
return seconds;
}
/**
* Convert time in string format into seconds.
*
*/
static time_t
timeshift2time(const char *time)
{
/* convert a string in format YYMMDDHHMMSS to time_t */
struct tm tm;
time_t timeshift = 0;
/* Try to scan the time... */
if (strptime(time, "%Y%m%d%H%M%S", &tm)) {
timeshift = mktime_from_utc(&tm);
}
return timeshift;
}
#endif
/**
* Return the time since Epoch, measured in seconds.
*
*/
time_t
time_now(void)
{
#ifdef ENFORCER_TIMESHIFT
const char* env = getenv("ENFORCER_TIMESHIFT");
if (env) {
return timeshift2time(env);
} else
#endif /* ENFORCER_TIMESHIFT */
return time(NULL);
}
/**
* copycode: This code is based on the EXAMPLE in the strftime manual.
*
*/
uint32_t
time_datestamp(time_t tt, const char* format, char** str)
{
time_t t;
struct tm *tmp;
uint32_t ut = 0;
char outstr[32];
if (tt) {
t = tt;
} else {
t = time_now();
}
tmp = localtime(&t);
if (tmp == NULL) {
ods_log_error("[%s] time_datestamp: localtime() failed", duration_str);
return 0;
}
if (strftime(outstr, sizeof(outstr), format, tmp) == 0) {
ods_log_error("[%s] time_datestamp: strftime() failed", duration_str);
return 0;
}
ut = (uint32_t) strtoul(outstr, NULL, 10);
if (str) {
*str = strdup(outstr);
}
return ut;
}
static void
time_itoa_reverse(char* s)
{
int i, j;
char c;
for (i = 0, j = strlen(s)-1; i 0); /* delete it */
s[i] = '\0';
time_itoa_reverse(s);
return;
}
/**
* Clean up duration.
*
*/
void
duration_cleanup(duration_type* duration)
{
allocator_type* allocator;
if (!duration) {
return;
}
allocator = duration->allocator;
allocator_deallocate(allocator, (void*) duration);
allocator_cleanup(allocator);
return;
}
�������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/signer/�����������������������������������������������������������������0000755�0001750�0001750�00000000000�12650166152�014240� 5����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/signer/keys.c�����������������������������������������������������������0000644�0001750�0001750�00000020617�12650165732�015310� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Signing keys.
*
*/
#include "shared/file.h"
#include "shared/log.h"
#include "shared/util.h"
#include "signer/backup.h"
#include "signer/keys.h"
#include "signer/signconf.h"
static const char* key_str = "keys";
/**
* Create a new key list.
*
*/
keylist_type*
keylist_create(void* sc)
{
signconf_type* signconf = (signconf_type*) sc;
keylist_type* kl = NULL;
if (!signconf || !signconf->allocator) {
return NULL;
}
kl = (keylist_type*) allocator_alloc(signconf->allocator,
sizeof(keylist_type));
if (!kl) {
ods_log_error("[%s] create list failed: allocator_alloc() failed",
key_str);
return NULL;
}
kl->sc = sc;
kl->count = 0;
kl->keys = NULL;
return kl;
}
/**
* Lookup a key in the key list by locator.
*
*/
key_type*
keylist_lookup_by_locator(keylist_type* kl, const char* locator)
{
uint16_t i = 0;
if (!kl || !locator || kl->count <= 0) {
return NULL;
}
for (i=0; i < kl->count; i++) {
if (&kl->keys[i] && kl->keys[i].locator) {
if (ods_strcmp(kl->keys[i].locator, locator) == 0) {
return &kl->keys[i];
}
}
}
return NULL;
}
/**
* Lookup a key in the key list by dnskey.
*
*/
key_type*
keylist_lookup_by_dnskey(keylist_type* kl, ldns_rr* dnskey)
{
uint16_t i = 0;
if (!kl || !dnskey || kl->count <= 0) {
return NULL;
}
for (i=0; i < kl->count; i++) {
if (&kl->keys[i] && kl->keys[i].dnskey) {
if (ldns_rr_compare(kl->keys[i].dnskey, dnskey) == 0) {
return &kl->keys[i];
}
}
}
return NULL;
}
/**
* Push a key to the key list.
*
*/
key_type*
keylist_push(keylist_type* kl, const char* locator,
uint8_t algorithm, uint32_t flags, int publish, int ksk, int zsk,
int rfc5011)
{
key_type* keys_old = NULL;
signconf_type* sc = NULL;
ods_log_assert(kl);
ods_log_assert(locator);
ods_log_debug("[%s] add locator %s", key_str, locator);
sc = (signconf_type*) kl->sc;
keys_old = kl->keys;
kl->keys = (key_type*) allocator_alloc(sc->allocator,
(kl->count + 1) * sizeof(key_type));
if (!kl->keys) {
ods_fatal_exit("[%s] unable to add key: allocator_alloc() failed",
key_str);
}
if (keys_old) {
memcpy(kl->keys, keys_old, (kl->count) * sizeof(key_type));
}
allocator_deallocate(sc->allocator, (void*) keys_old);
kl->count++;
kl->keys[kl->count -1].locator = locator;
kl->keys[kl->count -1].algorithm = algorithm;
kl->keys[kl->count -1].flags = flags;
kl->keys[kl->count -1].publish = publish;
kl->keys[kl->count -1].ksk = ksk;
kl->keys[kl->count -1].zsk = zsk;
kl->keys[kl->count -1].rfc5011 = rfc5011;
kl->keys[kl->count -1].dnskey = NULL;
kl->keys[kl->count -1].hsmkey = NULL;
kl->keys[kl->count -1].params = NULL;
return &kl->keys[kl->count -1];
}
/**
* Print key.
*
*/
static void
key_print(FILE* fd, key_type* key)
{
if (!fd || !key) {
return;
}
fprintf(fd, "\t\t\t\n");
fprintf(fd, "\t\t\t\t%u \n", key->flags);
fprintf(fd, "\t\t\t\t%u \n", key->algorithm);
if (key->locator) {
fprintf(fd, "\t\t\t\t%s \n", key->locator);
}
if (key->ksk) {
fprintf(fd, "\t\t\t\t \n");
fprintf(fd, "\n");
return;
}
/**
* Log key.
*
*/
static void
key_log(key_type* key, const char* name)
{
if (!key) {
return;
}
ods_log_debug("[%s] zone %s key: LOCATOR[%s] FLAGS[%u] ALGORITHM[%u] "
"KSK[%i] ZSK[%i] PUBLISH[%i] RFC5011[%i]", key_str, name?name:"(null)", key->locator,
key->flags, key->algorithm, key->ksk, key->zsk, key->publish, key->rfc5011);
return;
}
/**
* Print key list.
*
*/
void
keylist_print(FILE* fd, keylist_type* kl)
{
uint16_t i = 0;
if (!fd || !kl || kl->count <= 0) {
return;
}
for (i=0; i < kl->count; i++) {
key_print(fd, &kl->keys[i]);
}
return;
}
/**
* Log key list.
*
*/
void
keylist_log(keylist_type* kl, const char* name)
{
uint16_t i = 0;
if (!kl || kl->count <= 0) {
return;
}
for (i=0; i < kl->count; i++) {
key_log(&kl->keys[i], name);
}
return;
}
/**
* Clean up key.
*
*/
static void
key_delfunc(key_type* key)
{
if (!key) {
return;
}
/* ldns_rr_free(key->dnskey); */
hsm_key_free(key->hsmkey);
hsm_sign_params_free(key->params);
free((void*) key->locator);
return;
}
/**
* Clean up key list.
*
*/
void
keylist_cleanup(keylist_type* kl)
{
uint16_t i = 0;
signconf_type* sc = NULL;
if (!kl) {
return;
}
for (i=0; i < kl->count; i++) {
key_delfunc(&kl->keys[i]);
}
sc = (signconf_type*) kl->sc;
allocator_deallocate(sc->allocator, (void*) kl->keys);
allocator_deallocate(sc->allocator, (void*) kl);
}
/**
* Backup key.
*
*/
static void
key_backup(FILE* fd, key_type* key, const char* version)
{
if (!fd || !key) {
return;
}
fprintf(fd, ";;Key: locator %s algorithm %u flags %u publish %i ksk %i "
"zsk %i rfc5011 %i\n", key->locator, (unsigned) key->algorithm,
(unsigned) key->flags, key->publish, key->ksk, key->zsk, key->rfc5011);
if (strcmp(version, ODS_SE_FILE_MAGIC_V2) == 0) {
if (key->dnskey) {
(void)util_rr_print(fd, key->dnskey);
}
fprintf(fd, ";;Keydone\n");
}
return;
}
/**
* Recover key from backup.
*
*/
key_type*
key_recover2(FILE* fd, keylist_type* kl)
{
const char* locator = NULL;
uint8_t algorithm = 0;
uint32_t flags = 0;
int publish = 0;
int ksk = 0;
int zsk = 0;
int rfc5011 = 0;
ods_log_assert(fd);
if (!backup_read_check_str(fd, "locator") ||
!backup_read_str(fd, &locator) ||
!backup_read_check_str(fd, "algorithm") ||
!backup_read_uint8_t(fd, &algorithm) ||
!backup_read_check_str(fd, "flags") ||
!backup_read_uint32_t(fd, &flags) ||
!backup_read_check_str(fd, "publish") ||
!backup_read_int(fd, &publish) ||
!backup_read_check_str(fd, "ksk") ||
!backup_read_int(fd, &ksk) ||
!backup_read_check_str(fd, "zsk") ||
!backup_read_int(fd, &zsk) ||
!backup_read_check_str(fd, "rfc5011") ||
!backup_read_int(fd, &rfc5011)) {
if (locator) {
free((void*)locator);
locator = NULL;
}
return NULL;
}
/* key ok */
return keylist_push(kl, locator, algorithm, flags, publish, ksk,
zsk, rfc5011);
}
/**
* Backup key list.
*
*/
void
keylist_backup(FILE* fd, keylist_type* kl, const char* version)
{
uint16_t i = 0;
if (!fd || !kl || kl->count <= 0) {
return;
}
for (i=0; i < kl->count; i++) {
key_backup(fd, &kl->keys[i], version);
}
return;
}
�����������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/signer/backup.h���������������������������������������������������������0000644�0001750�0001750�00000010235�12650165732�015602� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2006-2010 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Recover from backup.
*
*/
#ifndef SIGNER_BACKUP_H
#define SIGNER_BACKUP_H
#include "config.h"
#include "shared/duration.h"
#include "shared/file.h"
#include "shared/status.h"
#include
/**
* Read token from backup file.
* \param[in] in input file descriptor
* \return char* read token
*
*/
char* backup_read_token(FILE* in);
/**
* Read and match a string from backup file.
* \param[in] in input file descriptor
* \param[in] str string to match
* \return 1 if string was read and matched, 0 otherwise
*
*/
int backup_read_check_str(FILE* in, const char* str);
/**
* Read a string from backup file.
* \param[in] in input file descriptor
* \param[out] string storage
* \return int 1 on success, 0 otherwise
*
*/
int backup_read_str(FILE* in, const char** str);
/**
* Read time from backup file.
* \param[in] in input file descriptor
* \param[out] v time_t storage
* \return int 1 on success, 0 otherwise
*
*/
int backup_read_time_t(FILE* in, time_t* v);
/**
* Read duration from backup file.
* \param[in] in input file descriptor
* \param[out] v duration storage
* \return int 1 on success, 0 otherwise
*
*/
int backup_read_duration(FILE* in, duration_type** v);
/**
* Read rr type from backup file.
* \param[in] in input file descriptor
* \param[out] v rr type storage
* \return int 1 on success, 0 otherwise
*
*/
int backup_read_rr_type(FILE* in, ldns_rr_type* v);
/**
* Read integer from backup file.
* \param[in] in input file descriptor
* \param[out] v integer storage
* \return int 1 on success, 0 otherwise
*
*/
int backup_read_int(FILE* in, int* v);
/**
* Read size type from backup file.
* \param[in] in input file descriptor
* \param[out] v integer storage
* \return int 1 on success, 0 otherwise
*
*/
int backup_read_size_t(FILE* in, size_t* v);
/**
* Read 8bit unsigned integer from backup file.
* \param[in] in input file descriptor
* \param[out] v uint8_t storage
* \return int 1 on success, 0 otherwise
*
*/
int backup_read_uint8_t(FILE* in, uint8_t* v);
/**
* Read 16bit unsigned integer from backup file.
* \param[in] in input file descriptor
* \param[out] v uint16_t storage
* \return int 1 on success, 0 otherwise
*
*/
int backup_read_uint16_t(FILE* in, uint16_t* v);
/**
* Read 32bit unsigned integer from backup file.
* \param[in] in input file descriptor
* \param[out] v uint32_t storage
* \return int 1 on success, 0 otherwise
*
*/
int backup_read_uint32_t(FILE* in, uint32_t* v);
/**
* Read namedb from backup file.
* \param[in] in input file descriptor
* \param[in] zone zone reference
* \return ods_status status
*
*/
ods_status backup_read_namedb(FILE* in, void* zone);
/**
* Read ixfr journal from file.
* \param[in] in input file descriptor
* \param[in] zone zone reference
* \return ods_status status
*
*/
ods_status backup_read_ixfr(FILE* in, void* zone);
#endif /* SIGNER_BACKUP_H */
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/signer/zone.c�����������������������������������������������������������0000644�0001750�0001750�00000110273�12650165732�015306� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Zone.
*
*/
#include "adapter/adapter.h"
#include "shared/allocator.h"
#include "shared/file.h"
#include "shared/hsm.h"
#include "shared/locks.h"
#include "shared/log.h"
#include "shared/status.h"
#include "shared/util.h"
#include "signer/backup.h"
#include "signer/zone.h"
#include "wire/netio.h"
#include
static const char* zone_str = "zone";
/**
* Create a new zone.
*
*/
zone_type*
zone_create(char* name, ldns_rr_class klass)
{
allocator_type* allocator = NULL;
zone_type* zone = NULL;
if (!name || !klass) {
return NULL;
}
allocator = allocator_create(malloc, free);
if (!allocator) {
ods_log_error("[%s] unable to create zone %s: allocator_create() "
"failed", zone_str, name);
return NULL;
}
zone = (zone_type*) allocator_alloc(allocator, sizeof(zone_type));
if (!zone) {
ods_log_error("[%s] unable to create zone %s: allocator_alloc()",
"failed", zone_str, name);
allocator_cleanup(allocator);
return NULL;
}
zone->allocator = allocator;
/* [start] PS 9218653: Drop trailing dot in domain name */
if (strlen(name) > 1 && name[strlen(name)-1] == '.') {
name[strlen(name)-1] = '\0';
}
/* [end] PS 9218653 */
zone->name = allocator_strdup(allocator, name);
if (!zone->name) {
ods_log_error("[%s] unable to create zone %s: allocator_strdup() "
"failed", zone_str, name);
zone_cleanup(zone);
return NULL;
}
zone->klass = klass;
zone->default_ttl = 3600; /* TODO: configure --default-ttl option? */
zone->apex = ldns_dname_new_frm_str(name);
/* check zone->apex? */
zone->notify_command = NULL;
zone->notify_ns = NULL;
zone->notify_args = NULL;
zone->policy_name = NULL;
zone->signconf_filename = NULL;
zone->adinbound = NULL;
zone->adoutbound = NULL;
zone->zl_status = ZONE_ZL_OK;
zone->task = NULL;
zone->xfrd = NULL;
zone->notify = NULL;
zone->db = namedb_create((void*)zone);
if (!zone->db) {
ods_log_error("[%s] unable to create zone %s: namedb_create() "
"failed", zone_str, name);
zone_cleanup(zone);
return NULL;
}
zone->ixfr = ixfr_create((void*)zone);
if (!zone->ixfr) {
ods_log_error("[%s] unable to create zone %s: ixfr_create() "
"failed", zone_str, name);
zone_cleanup(zone);
return NULL;
}
zone->signconf = signconf_create();
if (!zone->signconf) {
ods_log_error("[%s] unable to create zone %s: signconf_create() "
"failed", zone_str, name);
zone_cleanup(zone);
return NULL;
}
zone->stats = stats_create();
lock_basic_init(&zone->zone_lock);
lock_basic_init(&zone->xfr_lock);
return zone;
}
/**
* Load signer configuration for zone.
*
*/
ods_status
zone_load_signconf(zone_type* zone, signconf_type** new_signconf)
{
ods_status status = ODS_STATUS_OK;
signconf_type* signconf = NULL;
char* datestamp = NULL;
if (!zone || !zone->name || !zone->signconf) {
return ODS_STATUS_ASSERT_ERR;
}
if (!zone->signconf_filename) {
ods_log_warning("[%s] zone %s has no signconf filename, treat as "
"insecure?", zone_str, zone->name);
return ODS_STATUS_INSECURE;
}
status = signconf_update(&signconf, zone->signconf_filename,
zone->signconf->last_modified);
if (status == ODS_STATUS_OK) {
if (!signconf) {
/* this is unexpected */
ods_log_alert("[%s] unable to load signconf for zone %s: signconf "
"status ok but no signconf stored", zone_str, zone->name);
return ODS_STATUS_ASSERT_ERR;
}
(void)time_datestamp(signconf->last_modified, "%Y-%m-%d %T",
&datestamp);
ods_log_debug("[%s] zone %s signconf file %s is modified since %s",
zone_str, zone->name, zone->signconf_filename,
datestamp?datestamp:"Unknown");
free((void*)datestamp);
*new_signconf = signconf;
} else if (status == ODS_STATUS_UNCHANGED) {
(void)time_datestamp(zone->signconf->last_modified,
"%Y-%m-%d %T", &datestamp);
ods_log_verbose("[%s] zone %s signconf file %s is unchanged since "
"%s", zone_str, zone->name, zone->signconf_filename,
datestamp?datestamp:"Unknown");
free((void*)datestamp);
} else {
ods_log_error("[%s] unable to load signconf for zone %s: signconf %s "
"%s", zone_str, zone->name, zone->signconf_filename,
ods_status2str(status));
}
return status;
}
/**
* Reschedule task for zone.
*
*/
ods_status
zone_reschedule_task(zone_type* zone, schedule_type* taskq, task_id what)
{
task_type* task = NULL;
ods_status status = ODS_STATUS_OK;
ods_log_assert(taskq);
ods_log_assert(zone);
ods_log_assert(zone->name);
ods_log_assert(zone->task);
ods_log_debug("[%s] reschedule task for zone %s", zone_str, zone->name);
lock_basic_lock(&taskq->schedule_lock);
task = unschedule_task(taskq, (task_type*) zone->task);
if (task != NULL) {
if (task->what != what) {
task->halted = task->what;
task->halted_when = task->when;
task->interrupt = what;
}
/** Only reschedule if what to do is lower than what was scheduled. */
if (task->what > what) {
task->what = what;
}
task->when = time_now();
status = schedule_task(taskq, task, 0);
} else {
/* task not queued, being worked on? */
ods_log_verbose("[%s] unable to reschedule task for zone %s now: "
"task is not queued (task will be rescheduled when it is put "
"back on the queue)", zone_str, zone->name);
task = (task_type*) zone->task;
task->interrupt = what;
/* task->halted(_when) set by worker */
}
lock_basic_unlock(&taskq->schedule_lock);
zone->task = task;
return status;
}
/**
* Publish the keys as indicated by the signer configuration.
*
*/
ods_status
zone_publish_dnskeys(zone_type* zone)
{
hsm_ctx_t* ctx = NULL;
uint32_t ttl = 0;
uint16_t i = 0;
ods_status status = ODS_STATUS_OK;
rrset_type* rrset = NULL;
rr_type* dnskey = NULL;
if (!zone || !zone->db || !zone->signconf || !zone->signconf->keys) {
return ODS_STATUS_ASSERT_ERR;
}
ods_log_assert(zone->name);
/* hsm access */
ctx = hsm_create_context();
if (ctx == NULL) {
ods_log_error("[%s] unable to publish keys for zone %s: "
"error creating libhsm context", zone_str, zone->name);
return ODS_STATUS_HSM_ERR;
}
/* dnskey ttl */
ttl = zone->default_ttl;
if (zone->signconf->dnskey_ttl) {
ttl = (uint32_t) duration2time(zone->signconf->dnskey_ttl);
}
/* publish keys */
for (i=0; i < zone->signconf->keys->count; i++) {
if (!zone->signconf->keys->keys[i].publish) {
continue;
}
if (!zone->signconf->keys->keys[i].dnskey) {
/* get dnskey */
status = lhsm_get_key(ctx, zone->apex,
&zone->signconf->keys->keys[i]);
if (status != ODS_STATUS_OK) {
ods_log_error("[%s] unable to publish dnskeys for zone %s: "
"error creating dnskey", zone_str, zone->name);
break;
}
}
ods_log_assert(zone->signconf->keys->keys[i].dnskey);
ldns_rr_set_ttl(zone->signconf->keys->keys[i].dnskey, ttl);
ldns_rr_set_class(zone->signconf->keys->keys[i].dnskey, zone->klass);
status = zone_add_rr(zone, zone->signconf->keys->keys[i].dnskey, 0);
if (status == ODS_STATUS_UNCHANGED) {
/* rr already exists, adjust pointer */
rrset = zone_lookup_rrset(zone, zone->apex, LDNS_RR_TYPE_DNSKEY);
ods_log_assert(rrset);
dnskey = rrset_lookup_rr(rrset,
zone->signconf->keys->keys[i].dnskey);
ods_log_assert(dnskey);
if (dnskey->rr != zone->signconf->keys->keys[i].dnskey) {
ldns_rr_free(zone->signconf->keys->keys[i].dnskey);
}
zone->signconf->keys->keys[i].dnskey = dnskey->rr;
status = ODS_STATUS_OK;
} else if (status != ODS_STATUS_OK) {
ods_log_error("[%s] unable to publish dnskeys for zone %s: "
"error adding dnskey", zone_str, zone->name);
break;
}
}
/* done */
hsm_destroy_context(ctx);
return status;
}
/**
* Unlink DNSKEY RRs.
*
*/
void
zone_rollback_dnskeys(zone_type* zone)
{
uint16_t i = 0;
rrset_type* rrset = NULL;
rr_type* dnskey = NULL;
if (!zone || !zone->signconf || !zone->signconf->keys) {
return;
}
rrset = zone_lookup_rrset(zone, zone->apex, LDNS_RR_TYPE_DNSKEY);
/* unlink dnskey rrs */
for (i=0; i < zone->signconf->keys->count; i++) {
if (rrset && zone->signconf->keys->keys[i].dnskey) {
dnskey = rrset_lookup_rr(rrset,
zone->signconf->keys->keys[i].dnskey);
if (dnskey && !dnskey->exists &&
dnskey->rr == zone->signconf->keys->keys[i].dnskey) {
zone->signconf->keys->keys[i].dnskey = NULL;
}
}
}
/* done */
return;
}
/**
* Publish the NSEC3 parameters as indicated by the signer configuration.
*
*/
ods_status
zone_publish_nsec3param(zone_type* zone)
{
rrset_type* rrset = NULL;
rr_type* n3prr = NULL;
ldns_rr* rr = NULL;
ods_status status = ODS_STATUS_OK;
if (!zone || !zone->name || !zone->db || !zone->signconf) {
return ODS_STATUS_ASSERT_ERR;
}
if (!zone->signconf->nsec3params) {
/* NSEC */
ods_log_assert(zone->signconf->nsec_type == LDNS_RR_TYPE_NSEC);
return ODS_STATUS_OK;
}
if (!zone->signconf->nsec3params->rr) {
uint32_t paramttl =
(uint32_t) duration2time(zone->signconf->nsec3param_ttl);
rr = ldns_rr_new_frm_type(LDNS_RR_TYPE_NSEC3PARAMS);
if (!rr) {
ods_log_error("[%s] unable to publish nsec3params for zone %s: "
"error creating rr (%s)", zone_str, zone->name,
ods_status2str(status));
return ODS_STATUS_MALLOC_ERR;
}
ldns_rr_set_class(rr, zone->klass);
ldns_rr_set_ttl(rr, paramttl);
ldns_rr_set_owner(rr, ldns_rdf_clone(zone->apex));
ldns_nsec3_add_param_rdfs(rr,
zone->signconf->nsec3params->algorithm, 0,
zone->signconf->nsec3params->iterations,
zone->signconf->nsec3params->salt_len,
zone->signconf->nsec3params->salt_data);
/**
* Always set bit 7 of the flags to zero,
* according to rfc5155 section 11
*/
ldns_set_bit(ldns_rdf_data(ldns_rr_rdf(rr, 1)), 7, 0);
zone->signconf->nsec3params->rr = rr;
}
ods_log_assert(zone->signconf->nsec3params->rr);
status = zone_add_rr(zone, zone->signconf->nsec3params->rr, 0);
if (status == ODS_STATUS_UNCHANGED) {
/* rr already exists, adjust pointer */
rrset = zone_lookup_rrset(zone, zone->apex, LDNS_RR_TYPE_NSEC3PARAMS);
ods_log_assert(rrset);
n3prr = rrset_lookup_rr(rrset, zone->signconf->nsec3params->rr);
ods_log_assert(n3prr);
if (n3prr->rr != zone->signconf->nsec3params->rr) {
ldns_rr_free(zone->signconf->nsec3params->rr);
}
zone->signconf->nsec3params->rr = n3prr->rr;
status = ODS_STATUS_OK;
} else if (status != ODS_STATUS_OK) {
ods_log_error("[%s] unable to publish nsec3params for zone %s: "
"error adding nsec3params (%s)", zone_str,
zone->name, ods_status2str(status));
}
return status;
}
/**
* Unlink NSEC3PARAM RR.
*
*/
void
zone_rollback_nsec3param(zone_type* zone)
{
rrset_type* rrset = NULL;
rr_type* n3prr = NULL;
if (!zone || !zone->signconf || !zone->signconf->nsec3params) {
return;
}
rrset = zone_lookup_rrset(zone, zone->apex, LDNS_RR_TYPE_NSEC3PARAMS);
if (rrset && zone->signconf->nsec3params->rr) {
n3prr = rrset_lookup_rr(rrset, zone->signconf->nsec3params->rr);
if (n3prr && !n3prr->exists &&
n3prr->rr == zone->signconf->nsec3params->rr) {
zone->signconf->nsec3params->rr = NULL;
}
}
return;
}
/**
* Prepare keys for signing.
*
*/
ods_status
zone_prepare_keys(zone_type* zone)
{
hsm_ctx_t* ctx = NULL;
uint16_t i = 0;
ods_status status = ODS_STATUS_OK;
if (!zone || !zone->db || !zone->signconf || !zone->signconf->keys) {
return ODS_STATUS_ASSERT_ERR;
}
ods_log_assert(zone->name);
/* hsm access */
ctx = hsm_create_context();
if (ctx == NULL) {
ods_log_error("[%s] unable to prepare signing keys for zone %s: "
"error creating libhsm context", zone_str, zone->name);
return ODS_STATUS_HSM_ERR;
}
/* prepare keys */
for (i=0; i < zone->signconf->keys->count; i++) {
/* get dnskey */
status = lhsm_get_key(ctx, zone->apex, &zone->signconf->keys->keys[i]);
if (status != ODS_STATUS_OK) {
ods_log_error("[%s] unable to prepare signing keys for zone %s: "
"error getting dnskey", zone_str, zone->name);
break;
}
ods_log_assert(zone->signconf->keys->keys[i].dnskey);
ods_log_assert(zone->signconf->keys->keys[i].hsmkey);
ods_log_assert(zone->signconf->keys->keys[i].params);
}
/* done */
hsm_destroy_context(ctx);
return status;
}
/**
* Update serial.
*
*/
ods_status
zone_update_serial(zone_type* zone)
{
ods_status status = ODS_STATUS_OK;
rrset_type* rrset = NULL;
rr_type* soa = NULL;
ldns_rr* rr = NULL;
ldns_rdf* soa_rdata = NULL;
ods_log_assert(zone);
ods_log_assert(zone->apex);
ods_log_assert(zone->name);
ods_log_assert(zone->db);
ods_log_assert(zone->signconf);
if (zone->db->serial_updated) {
/* already done, unmark and return ok */
ods_log_debug("[%s] zone %s soa serial already up to date",
zone_str, zone->name);
zone->db->serial_updated = 0;
return ODS_STATUS_OK;
}
rrset = zone_lookup_rrset(zone, zone->apex, LDNS_RR_TYPE_SOA);
if (!rrset || !rrset->rrs || !rrset->rrs[0].rr) {
ods_log_error("[%s] unable to update zone %s soa serial: failed to "
"find soa rrset", zone_str, zone->name);
return ODS_STATUS_ERR;
}
ods_log_assert(rrset);
ods_log_assert(rrset->rrs);
ods_log_assert(rrset->rrs[0].rr);
rr = ldns_rr_clone(rrset->rrs[0].rr);
if (!rr) {
ods_log_error("[%s] unable to update zone %s soa serial: failed to "
"clone soa rr", zone_str, zone->name);
return ODS_STATUS_ERR;
}
status = namedb_update_serial(zone->db, zone->name,
zone->signconf->soa_serial, zone->db->inbserial);
if (status != ODS_STATUS_OK) {
ods_log_error("[%s] unable to update zone %s soa serial: %s",
zone_str, zone->name, ods_status2str(status));
if (status == ODS_STATUS_CONFLICT_ERR) {
ods_log_error("[%s] If this is the result of a key rollover, "
"please increment the serial in the unsigned zone %s",
zone_str, zone->name);
}
ldns_rr_free(rr);
return status;
}
ods_log_verbose("[%s] zone %s set soa serial to %u", zone_str,
zone->name, zone->db->intserial);
soa_rdata = ldns_rr_set_rdf(rr,
ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32,
zone->db->intserial), SE_SOA_RDATA_SERIAL);
if (soa_rdata) {
ldns_rdf_deep_free(soa_rdata);
soa_rdata = NULL;
} else {
ods_log_error("[%s] unable to update zone %s soa serial: failed to "
"replace soa serial rdata", zone_str, zone->name);
ldns_rr_free(rr);
return ODS_STATUS_ERR;
}
soa = rrset_add_rr(rrset, rr);
ods_log_assert(soa);
rrset_diff(rrset, 0, 0);
zone->db->serial_updated = 0;
return ODS_STATUS_OK;
}
/**
* Lookup RRset.
*
*/
rrset_type*
zone_lookup_rrset(zone_type* zone, ldns_rdf* owner, ldns_rr_type type)
{
domain_type* domain = NULL;
if (!zone || !owner || !type) {
return NULL;
}
domain = namedb_lookup_domain(zone->db, owner);
if (!domain) {
return NULL;
}
return domain_lookup_rrset(domain, type);
}
/**
* Add RR.
*
*/
ods_status
zone_add_rr(zone_type* zone, ldns_rr* rr, int do_stats)
{
domain_type* domain = NULL;
rrset_type* rrset = NULL;
rr_type* record = NULL;
ods_status status = ODS_STATUS_OK;
ods_log_assert(rr);
ods_log_assert(zone);
ods_log_assert(zone->name);
ods_log_assert(zone->db);
ods_log_assert(zone->signconf);
/* If we already have this RR, return ODS_STATUS_UNCHANGED */
domain = namedb_lookup_domain(zone->db, ldns_rr_owner(rr));
if (!domain) {
domain = namedb_add_domain(zone->db, ldns_rr_owner(rr));
if (!domain) {
ods_log_error("[%s] unable to add RR to zone %s: "
"failed to add domain", zone_str, zone->name);
return ODS_STATUS_ERR;
}
if (ldns_dname_compare(domain->dname, zone->apex) == 0) {
domain->is_apex = 1;
} else {
status = namedb_domain_entize(zone->db, domain, zone->apex);
if (status != ODS_STATUS_OK) {
ods_log_error("[%s] unable to add RR to zone %s: "
"failed to entize domain", zone_str, zone->name);
return ODS_STATUS_ERR;
}
}
}
rrset = domain_lookup_rrset(domain, ldns_rr_get_type(rr));
if (!rrset) {
rrset = rrset_create(domain->zone, ldns_rr_get_type(rr));
if (!rrset) {
ods_log_error("[%s] unable to add RR to zone %s: "
"failed to add RRset", zone_str, zone->name);
return ODS_STATUS_ERR;
}
domain_add_rrset(domain, rrset);
}
record = rrset_lookup_rr(rrset, rr);
if (record) {
record->is_added = 1; /* already exists, just mark added */
record->is_removed = 0; /* unset is_removed */
if (ldns_rr_ttl(rr) != ldns_rr_ttl(record->rr)) {
ldns_rr_set_ttl(record->rr, ldns_rr_ttl(rr));
rrset->needs_signing = 1;
}
return ODS_STATUS_UNCHANGED;
} else {
record = rrset_add_rr(rrset, rr);
ods_log_assert(record);
ods_log_assert(record->rr);
ods_log_assert(record->is_added);
}
/* update stats */
if (do_stats && zone->stats) {
zone->stats->sort_count += 1;
}
return ODS_STATUS_OK;
}
/**
* Delete RR.
*
*/
ods_status
zone_del_rr(zone_type* zone, ldns_rr* rr, int do_stats)
{
domain_type* domain = NULL;
rrset_type* rrset = NULL;
rr_type* record = NULL;
ods_log_assert(rr);
ods_log_assert(zone);
ods_log_assert(zone->name);
ods_log_assert(zone->db);
ods_log_assert(zone->signconf);
domain = namedb_lookup_domain(zone->db, ldns_rr_owner(rr));
if (!domain) {
ods_log_warning("[%s] unable to delete RR from zone %s: "
"domain not found", zone_str, zone->name);
return ODS_STATUS_UNCHANGED;
}
rrset = domain_lookup_rrset(domain, ldns_rr_get_type(rr));
if (!rrset) {
ods_log_warning("[%s] unable to delete RR from zone %s: "
"RRset not found", zone_str, zone->name);
return ODS_STATUS_UNCHANGED;
}
record = rrset_lookup_rr(rrset, rr);
if (!record) {
ods_log_error("[%s] unable to delete RR from zone %s: "
"RR not found", zone_str, zone->name);
return ODS_STATUS_UNCHANGED;
}
record->is_removed = 1;
record->is_added = 0; /* unset is_added */
/* update stats */
if (do_stats && zone->stats) {
zone->stats->sort_count -= 1;
}
return ODS_STATUS_OK;
}
/**
* Merge zones.
*
*/
void
zone_merge(zone_type* z1, zone_type* z2)
{
const char* str;
adapter_type* adtmp = NULL;
if (!z1 || !z2) {
return;
}
/* policy name */
if (ods_strcmp(z2->policy_name, z1->policy_name) != 0) {
if (z2->policy_name) {
str = strdup(z2->policy_name);
if (!str) {
ods_log_error("[%s] failed to merge policy %s name to zone "
"%s", zone_str, z2->policy_name, z1->name);
} else {
free((void*)z1->policy_name);
z1->policy_name = str;
z1->zl_status = ZONE_ZL_UPDATED;
}
} else {
free((void*)z1->policy_name);
z1->policy_name = NULL;
z1->zl_status = ZONE_ZL_UPDATED;
}
}
/* signconf filename */
if (ods_strcmp(z2->signconf_filename, z1->signconf_filename) != 0) {
if (z2->signconf_filename) {
str = strdup(z2->signconf_filename);
if (!str) {
ods_log_error("[%s] failed to merge signconf filename %s to "
"zone %s", zone_str, z2->policy_name, z1->name);
} else {
free((void*)z1->signconf_filename);
z1->signconf_filename = str;
z1->zl_status = ZONE_ZL_UPDATED;
}
} else {
free((void*)z1->signconf_filename);
z1->signconf_filename = NULL;
z1->zl_status = ZONE_ZL_UPDATED;
}
}
/* adapters */
if (adapter_compare(z2->adinbound, z1->adinbound) != 0) {
adtmp = z2->adinbound;
z2->adinbound = z1->adinbound;
z1->adinbound = adtmp;
adtmp = NULL;
}
if (adapter_compare(z2->adoutbound, z1->adoutbound) != 0) {
adtmp = z2->adoutbound;
z2->adoutbound = z1->adoutbound;
z1->adoutbound = adtmp;
adtmp = NULL;
}
return;
}
/**
* Clean up zone.
*
*/
void
zone_cleanup(zone_type* zone)
{
allocator_type* allocator;
lock_basic_type zone_lock;
lock_basic_type xfr_lock;
if (!zone) {
return;
}
allocator = zone->allocator;
zone_lock = zone->zone_lock;
xfr_lock = zone->xfr_lock;
ldns_rdf_deep_free(zone->apex);
adapter_cleanup(zone->adinbound);
adapter_cleanup(zone->adoutbound);
namedb_cleanup(zone->db);
ixfr_cleanup(zone->ixfr);
xfrd_cleanup(zone->xfrd, 1);
notify_cleanup(zone->notify);
signconf_cleanup(zone->signconf);
stats_cleanup(zone->stats);
allocator_deallocate(allocator, (void*) zone->notify_command);
allocator_deallocate(allocator, (void*) zone->notify_args);
allocator_deallocate(allocator, (void*) zone->policy_name);
allocator_deallocate(allocator, (void*) zone->signconf_filename);
allocator_deallocate(allocator, (void*) zone->name);
allocator_deallocate(allocator, (void*) zone);
allocator_cleanup(allocator);
lock_basic_destroy(&xfr_lock);
lock_basic_destroy(&zone_lock);
return;
}
/**
* Recover zone from backup.
*
*/
ods_status
zone_recover2(zone_type* zone)
{
char* filename = NULL;
FILE* fd = NULL;
const char* token = NULL;
time_t when = 0;
task_type* task = NULL;
ods_status status = ODS_STATUS_OK;
/* zone part */
int klass = 0;
uint32_t inbound = 0, internal = 0, outbound = 0;
/* signconf part */
time_t lastmod = 0;
/* nsec3params part */
const char* salt = NULL;
ods_log_assert(zone);
ods_log_assert(zone->name);
ods_log_assert(zone->signconf);
ods_log_assert(zone->db);
filename = ods_build_path(zone->name, ".backup2", 0, 1);
if (!filename) {
return ODS_STATUS_MALLOC_ERR;
}
fd = ods_fopen(filename, NULL, "r");
if (fd) {
/* start recovery */
if (!backup_read_check_str(fd, ODS_SE_FILE_MAGIC_V3)) {
ods_log_error("[%s] corrupted backup file zone %s: read magic "
"error", zone_str, zone->name);
goto recover_error2;
}
if (!backup_read_check_str(fd, ";;Time:") |
!backup_read_time_t(fd, &when)) {
ods_log_error("[%s] corrupted backup file zone %s: read time "
"error", zone_str, zone->name);
goto recover_error2;
}
/* zone stuff */
if (!backup_read_check_str(fd, ";;Zone:") |
!backup_read_check_str(fd, "name") |
!backup_read_check_str(fd, zone->name)) {
ods_log_error("[%s] corrupted backup file zone %s: read name "
"error", zone_str, zone->name);
goto recover_error2;
}
if (!backup_read_check_str(fd, "class") |
!backup_read_int(fd, &klass)) {
ods_log_error("[%s] corrupted backup file zone %s: read class "
"error", zone_str, zone->name);
goto recover_error2;
}
if (!backup_read_check_str(fd, "inbound") |
!backup_read_uint32_t(fd, &inbound) |
!backup_read_check_str(fd, "internal") |
!backup_read_uint32_t(fd, &internal) |
!backup_read_check_str(fd, "outbound") |
!backup_read_uint32_t(fd, &outbound)) {
ods_log_error("[%s] corrupted backup file zone %s: read serial "
"error", zone_str, zone->name);
goto recover_error2;
}
zone->klass = (ldns_rr_class) klass;
zone->db->inbserial = inbound;
zone->db->intserial = internal;
zone->db->outserial = outbound;
/* signconf part */
if (!backup_read_check_str(fd, ";;Signconf:") |
!backup_read_check_str(fd, "lastmod") |
!backup_read_time_t(fd, &lastmod) |
!backup_read_check_str(fd, "maxzonettl") |
!backup_read_check_str(fd, "0") |
!backup_read_check_str(fd, "resign") |
!backup_read_duration(fd, &zone->signconf->sig_resign_interval) |
!backup_read_check_str(fd, "refresh") |
!backup_read_duration(fd, &zone->signconf->sig_refresh_interval) |
!backup_read_check_str(fd, "valid") |
!backup_read_duration(fd, &zone->signconf->sig_validity_default) |
!backup_read_check_str(fd, "denial") |
!backup_read_duration(fd,&zone->signconf->sig_validity_denial) |
!backup_read_check_str(fd, "jitter") |
!backup_read_duration(fd, &zone->signconf->sig_jitter) |
!backup_read_check_str(fd, "offset") |
!backup_read_duration(fd, &zone->signconf->sig_inception_offset) |
!backup_read_check_str(fd, "nsec") |
!backup_read_rr_type(fd, &zone->signconf->nsec_type) |
!backup_read_check_str(fd, "dnskeyttl") |
!backup_read_duration(fd, &zone->signconf->dnskey_ttl) |
!backup_read_check_str(fd, "soattl") |
!backup_read_duration(fd, &zone->signconf->soa_ttl) |
!backup_read_check_str(fd, "soamin") |
!backup_read_duration(fd, &zone->signconf->soa_min) |
!backup_read_check_str(fd, "serial") |
!backup_read_str(fd, &zone->signconf->soa_serial)) {
ods_log_error("[%s] corrupted backup file zone %s: read signconf "
"error", zone_str, zone->name);
goto recover_error2;
}
/* nsec3params part */
if (zone->signconf->nsec_type == LDNS_RR_TYPE_NSEC3) {
if (!backup_read_check_str(fd, ";;Nsec3parameters:") |
!backup_read_check_str(fd, "salt") |
!backup_read_str(fd, &salt) |
!backup_read_check_str(fd, "algorithm") |
!backup_read_uint32_t(fd, &zone->signconf->nsec3_algo) |
!backup_read_check_str(fd, "optout") |
!backup_read_int(fd, &zone->signconf->nsec3_optout) |
!backup_read_check_str(fd, "iterations") |
!backup_read_uint32_t(fd, &zone->signconf->nsec3_iterations)) {
ods_log_error("[%s] corrupted backup file zone %s: read "
"nsec3parameters error", zone_str, zone->name);
goto recover_error2;
}
zone->signconf->nsec3_salt = allocator_strdup(
zone->signconf->allocator, salt);
free((void*) salt);
salt = NULL;
zone->signconf->nsec3params = nsec3params_create(
(void*) zone->signconf,
(uint8_t) zone->signconf->nsec3_algo,
(uint8_t) zone->signconf->nsec3_optout,
(uint16_t) zone->signconf->nsec3_iterations,
zone->signconf->nsec3_salt);
if (!zone->signconf->nsec3params) {
ods_log_error("[%s] corrupted backup file zone %s: unable to "
"create nsec3param", zone_str, zone->name);
goto recover_error2;
}
}
zone->signconf->last_modified = lastmod;
zone->default_ttl = (uint32_t) duration2time(zone->signconf->soa_min);
/* keys part */
zone->signconf->keys = keylist_create((void*) zone->signconf);
while (backup_read_str(fd, &token)) {
if (ods_strcmp(token, ";;Key:") == 0) {
if (!key_recover2(fd, zone->signconf->keys)) {
ods_log_error("[%s] corrupted backup file zone %s: read "
"key error", zone_str, zone->name);
goto recover_error2;
}
} else if (ods_strcmp(token, ";;") == 0) {
/* keylist done */
free((void*) token);
token = NULL;
break;
} else {
/* keylist corrupted */
goto recover_error2;
}
free((void*) token);
token = NULL;
}
/* publish dnskeys */
status = zone_publish_dnskeys(zone);
if (status != ODS_STATUS_OK) {
ods_log_error("[%s] corrupted backup file zone %s: unable to "
"publish dnskeys (%s)", zone_str, zone->name,
ods_status2str(status));
goto recover_error2;
}
/* publish nsec3param */
status = zone_publish_nsec3param(zone);
if (status != ODS_STATUS_OK) {
ods_log_error("[%s] corrupted backup file zone %s: unable to "
"publish nsec3param (%s)", zone_str, zone->name,
ods_status2str(status));
goto recover_error2;
}
/* publish other records */
status = backup_read_namedb(fd, zone);
if (status != ODS_STATUS_OK) {
ods_log_error("[%s] corrupted backup file zone %s: unable to "
"read resource records (%s)", zone_str, zone->name,
ods_status2str(status));
goto recover_error2;
}
/* task */
task = task_create(TASK_SIGN, when, (void*) zone);
if (!task) {
ods_log_error("[%s] failed to restore zone %s: unable to "
"create task", zone_str, zone->name);
goto recover_error2;
}
zone->task = (void*) task;
free((void*)filename);
ods_fclose(fd);
zone->db->is_initialized = 1;
zone->db->have_serial = 1;
/* journal */
filename = ods_build_path(zone->name, ".ixfr", 0, 1);
if (filename) {
fd = ods_fopen(filename, NULL, "r");
}
if (fd) {
status = backup_read_ixfr(fd, zone);
if (status != ODS_STATUS_OK) {
ods_log_warning("[%s] corrupted journal file zone %s, "
"skipping (%s)", zone_str, zone->name,
ods_status2str(status));
(void)unlink(filename);
ixfr_cleanup(zone->ixfr);
zone->ixfr = ixfr_create((void*)zone);
}
}
lock_basic_lock(&zone->ixfr->ixfr_lock);
ixfr_purge(zone->ixfr);
lock_basic_unlock(&zone->ixfr->ixfr_lock);
/* all ok */
free((void*)filename);
if (fd) {
ods_fclose(fd);
}
if (zone->stats) {
lock_basic_lock(&zone->stats->stats_lock);
stats_clear(zone->stats);
lock_basic_unlock(&zone->stats->stats_lock);
}
return ODS_STATUS_OK;
}
return ODS_STATUS_UNCHANGED;
recover_error2:
free((void*)filename);
ods_fclose(fd);
/* signconf cleanup */
free((void*)salt);
salt = NULL;
signconf_cleanup(zone->signconf);
zone->signconf = signconf_create();
ods_log_assert(zone->signconf);
/* namedb cleanup */
namedb_cleanup(zone->db);
zone->db = namedb_create((void*)zone);
ods_log_assert(zone->db);
/* stats reset */
if (zone->stats) {
lock_basic_lock(&zone->stats->stats_lock);
stats_clear(zone->stats);
lock_basic_unlock(&zone->stats->stats_lock);
}
return ODS_STATUS_ERR;
}
/**
* Backup zone.
*
*/
ods_status
zone_backup2(zone_type* zone)
{
char* filename = NULL;
char* tmpfile = NULL;
FILE* fd = NULL;
task_type* task = NULL;
int ret = 0;
ods_status status = ODS_STATUS_OK;
ods_log_assert(zone);
ods_log_assert(zone->name);
ods_log_assert(zone->db);
ods_log_assert(zone->signconf);
ods_log_assert(zone->task);
tmpfile = ods_build_path(zone->name, ".backup2.tmp", 0, 1);
filename = ods_build_path(zone->name, ".backup2", 0, 1);
if (!tmpfile || !filename) {
free(tmpfile);
free(filename);
return ODS_STATUS_MALLOC_ERR;
}
fd = ods_fopen(tmpfile, NULL, "w");
if (fd) {
fprintf(fd, "%s\n", ODS_SE_FILE_MAGIC_V3);
task = (task_type*) zone->task;
fprintf(fd, ";;Time: %u\n", (unsigned) task->when);
/** Backup zone */
fprintf(fd, ";;Zone: name %s class %i inbound %u internal %u "
"outbound %u\n", zone->name, (int) zone->klass,
(unsigned) zone->db->inbserial,
(unsigned) zone->db->intserial,
(unsigned) zone->db->outserial);
/** Backup signconf */
signconf_backup(fd, zone->signconf, ODS_SE_FILE_MAGIC_V3);
/** Backup NSEC3 parameters */
if (zone->signconf->nsec3params) {
nsec3params_backup(fd,
zone->signconf->nsec3_algo,
zone->signconf->nsec3_optout,
zone->signconf->nsec3_iterations,
zone->signconf->nsec3_salt,
zone->signconf->nsec3params->rr,
ODS_SE_FILE_MAGIC_V3);
}
/** Backup keylist */
keylist_backup(fd, zone->signconf->keys, ODS_SE_FILE_MAGIC_V3);
fprintf(fd, ";;\n");
/** Backup domains and stuff */
namedb_backup2(fd, zone->db);
/** Done */
fprintf(fd, "%s\n", ODS_SE_FILE_MAGIC_V3);
ods_fclose(fd);
ret = rename(tmpfile, filename);
if (ret != 0) {
ods_log_error("[%s] unable to rename zone %s backup %s to %s: %s",
zone_str, zone->name, tmpfile, filename, strerror(errno));
status = ODS_STATUS_RENAME_ERR;
}
} else {
status = ODS_STATUS_FOPEN_ERR;
}
free((void*) tmpfile);
free((void*) filename);
return status;
}
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/signer/tools.h����������������������������������������������������������0000644�0001750�0001750�00000003714�12650165732�015501� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Zone signing tools.
*
*/
#ifndef SIGNER_TOOLS_H
#define SIGNER_TOOLS_H
#include "config.h"
#include "daemon/engine.h"
#include "shared/status.h"
#include "signer/zone.h"
/**
* Load zone signconf.
* \param[in] zone zone
* \return ods_status status
*
*/
ods_status tools_signconf(zone_type* zone);
/**
* Read zone from input adapter.
* \param[in] zone zone
* \return ods_status status
*
*/
ods_status tools_input(zone_type* zone);
/**
* Write zone to output adapter.
* \param[in] zone zone
* \param[in] engine signer engine
* \return ods_status status
*
*/
ods_status tools_output(zone_type* zone, engine_type* engine);
#endif /* SIGNER_TOOLS_H */
����������������������������������������������������opendnssec-1.4.9/signer/src/signer/tools.c����������������������������������������������������������0000644�0001750�0001750�00000022431�12650165732�015471� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Zone signing tools.
*
*/
#include "config.h"
#include "daemon/dnshandler.h"
#include "adapter/adapter.h"
#include "shared/log.h"
#include "signer/tools.h"
#include "signer/zone.h"
#include
#include
#include
#include
static const char* tools_str = "tools";
/**
* Load zone signconf.
*
*/
ods_status
tools_signconf(zone_type* zone)
{
ods_status status = ODS_STATUS_OK;
signconf_type* new_signconf = NULL;
ods_log_assert(zone);
ods_log_assert(zone->name);
status = zone_load_signconf(zone, &new_signconf);
if (status == ODS_STATUS_OK) {
ods_log_assert(new_signconf);
/* Denial of Existence Rollover? */
if (signconf_compare_denial(zone->signconf, new_signconf)
== TASK_NSECIFY) {
/**
* Or NSEC -> NSEC3, or NSEC3 -> NSEC, or NSEC3 params changed.
* All NSEC(3)s become invalid.
*/
namedb_wipe_denial(zone->db);
namedb_cleanup_denials(zone->db);
namedb_init_denials(zone->db);
}
/* all ok, switch signer configuration */
signconf_cleanup(zone->signconf);
ods_log_debug("[%s] zone %s switch to new signconf", tools_str,
zone->name);
zone->signconf = new_signconf;
signconf_log(zone->signconf, zone->name);
zone->default_ttl = (uint32_t) duration2time(zone->signconf->soa_min);
} else if (status != ODS_STATUS_UNCHANGED) {
ods_log_error("[%s] unable to load signconf for zone %s: %s",
tools_str, zone->name, ods_status2str(status));
}
return status;
}
/**
* Read zone from input adapter.
*
*/
ods_status
tools_input(zone_type* zone)
{
ods_status status = ODS_STATUS_OK;
time_t start = 0;
time_t end = 0;
ods_log_assert(zone);
ods_log_assert(zone->name);
ods_log_assert(zone->adinbound);
ods_log_assert(zone->signconf);
/* Key Rollover? */
status = zone_publish_dnskeys(zone);
if (status != ODS_STATUS_OK) {
ods_log_error("[%s] unable to read zone %s: failed to "
"publish dnskeys (%s)", tools_str, zone->name,
ods_status2str(status));
zone_rollback_dnskeys(zone);
zone_rollback_nsec3param(zone);
namedb_rollback(zone->db, 0);
return status;
}
/* Denial of Existence Rollover? */
status = zone_publish_nsec3param(zone);
if (status != ODS_STATUS_OK) {
ods_log_error("[%s] unable to read zone %s: failed to "
"publish nsec3param (%s)", tools_str, zone->name,
ods_status2str(status));
zone_rollback_dnskeys(zone);
zone_rollback_nsec3param(zone);
namedb_rollback(zone->db, 0);
return status;
}
if (zone->stats) {
lock_basic_lock(&zone->stats->stats_lock);
zone->stats->sort_done = 0;
zone->stats->sort_count = 0;
zone->stats->sort_time = 0;
lock_basic_unlock(&zone->stats->stats_lock);
}
/* Input Adapter */
start = time(NULL);
status = adapter_read((void*)zone);
if (status != ODS_STATUS_OK && status != ODS_STATUS_UNCHANGED) {
if (status == ODS_STATUS_XFRINCOMPLETE) {
ods_log_info("[%s] read zone %s: xfr in progress",
tools_str, zone->name);
} else {
ods_log_error("[%s] unable to read zone %s: adapter failed (%s)",
tools_str, zone->name, ods_status2str(status));
}
zone_rollback_dnskeys(zone);
zone_rollback_nsec3param(zone);
namedb_rollback(zone->db, 0);
}
end = time(NULL);
if ((status == ODS_STATUS_OK || status == ODS_STATUS_UNCHANGED)
&& zone->stats) {
lock_basic_lock(&zone->stats->stats_lock);
zone->stats->start_time = start;
zone->stats->sort_time = (end-start);
zone->stats->sort_done = 1;
lock_basic_unlock(&zone->stats->stats_lock);
}
return status;
}
/**
* Close file descriptors.
*
*/
static void
ods_closeall(int fd)
{
int fdlimit = sysconf(_SC_OPEN_MAX);
while (fd < fdlimit) {
close(fd++);
}
return;
}
/**
* Write zone to output adapter.
*
*/
ods_status
tools_output(zone_type* zone, engine_type* engine)
{
ods_status status = ODS_STATUS_OK;
ods_log_assert(engine);
ods_log_assert(engine->config);
ods_log_assert(zone);
ods_log_assert(zone->db);
ods_log_assert(zone->name);
ods_log_assert(zone->signconf);
ods_log_assert(zone->adoutbound);
/* prepare */
if (zone->stats) {
lock_basic_lock(&zone->stats->stats_lock);
if (zone->stats->sort_done == 0 &&
(zone->stats->sig_count <= zone->stats->sig_soa_count)) {
ods_log_verbose("[%s] skip write zone %s serial %u (zone not "
"changed)", tools_str, zone->name?zone->name:"(null)",
zone->db->intserial);
stats_clear(zone->stats);
lock_basic_unlock(&zone->stats->stats_lock);
zone->db->intserial =
zone->db->outserial;
return ODS_STATUS_OK;
}
lock_basic_unlock(&zone->stats->stats_lock);
}
/* Output Adapter */
status = adapter_write((void*)zone);
if (status != ODS_STATUS_OK) {
ods_log_error("[%s] unable to write zone %s: adapter failed (%s)",
tools_str, zone->name, ods_status2str(status));
return status;
}
zone->db->outserial = zone->db->intserial;
zone->db->is_initialized = 1;
zone->db->have_serial = 1;
lock_basic_lock(&zone->ixfr->ixfr_lock);
ixfr_purge(zone->ixfr);
lock_basic_unlock(&zone->ixfr->ixfr_lock);
/* kick the nameserver */
if (zone->notify_ns) {
int status;
pid_t pid, wpid;
ods_log_verbose("[%s] notify nameserver: %s", tools_str,
zone->notify_ns);
/** fork */
switch ((pid = fork())) {
case -1: /* error */
ods_log_error("[%s] notify nameserver failed: unable to fork "
"(%s)", tools_str, strerror(errno));
return ODS_STATUS_FORK_ERR;
case 0: /* child */
/** close fds */
ods_closeall(0);
/** execv */
execvp(zone->notify_ns, zone->notify_args);
/** error */
ods_log_error("[%s] notify nameserver failed: execv() failed "
"(%s)", tools_str, strerror(errno));
exit(1);
break;
default: /* parent */
ods_log_debug("[%s] notify nameserver process forked",
tools_str);
/** wait for completion */
while((wpid = waitpid(pid, &status, 0)) <= 0) {
if (errno != EINTR) {
break;
}
}
if (wpid == -1) {
ods_log_error("[%s] notify nameserver failed: waitpid() ",
"failed (%s)", tools_str, strerror(errno));
} else if (!WIFEXITED(status)) {
ods_log_error("[%s] notify nameserver failed: notify ",
"command did not terminate normally", tools_str);
} else {
ods_log_verbose("[%s] notify nameserver ok", tools_str);
}
break;
}
}
/* log stats */
if (zone->stats) {
lock_basic_lock(&zone->stats->stats_lock);
zone->stats->end_time = time(NULL);
ods_log_debug("[%s] log stats for zone %s serial %u", tools_str,
zone->name?zone->name:"(null)", (unsigned) zone->db->outserial);
stats_log(zone->stats, zone->name, zone->db->outserial,
zone->signconf->nsec_type);
stats_clear(zone->stats);
lock_basic_unlock(&zone->stats->stats_lock);
}
if (engine->dnshandler) {
ods_log_debug("[%s] forward a notify", tools_str);
dnshandler_fwd_notify(engine->dnshandler, (uint8_t*) ODS_SE_NOTIFY_CMD,
strlen(ODS_SE_NOTIFY_CMD));
}
return status;
}
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/signer/domain.c���������������������������������������������������������0000644�0001750�0001750�00000037634�12650165732�015613� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Domain.
*
*/
#include "config.h"
#include "shared/log.h"
#include "signer/backup.h"
#include "signer/denial.h"
#include "signer/domain.h"
#include "signer/ixfr.h"
#include "signer/zone.h"
static const char* dname_str = "domain";
/**
* Log domain name.
*
*/
void
log_dname(ldns_rdf *rdf, const char* pre, int level)
{
char* str = NULL;
if (ods_log_get_level() < level) {
return;
}
str = ldns_rdf2str(rdf);
if (!str) {
return;
}
if (level == LOG_EMERG) {
ods_fatal_exit("[%s] %s: %s", dname_str, pre?pre:"", str);
} else if (level == LOG_ALERT) {
ods_log_alert("[%s] %s: %s", dname_str, pre?pre:"", str);
} else if (level == LOG_CRIT) {
ods_log_crit("[%s] %s: %s", dname_str, pre?pre:"", str);
} else if (level == LOG_ERR) {
ods_log_error("[%s] %s: %s", dname_str, pre?pre:"", str);
} else if (level == LOG_WARNING) {
ods_log_warning("[%s] %s: %s", dname_str, pre?pre:"", str);
} else if (level == LOG_NOTICE) {
ods_log_info("[%s] %s: %s", dname_str, pre?pre:"", str);
} else if (level == LOG_INFO) {
ods_log_verbose("[%s] %s: %s", dname_str, pre?pre:"", str);
} else if (level == LOG_DEBUG) {
ods_log_debug("[%s] %s: %s", dname_str, pre?pre:"", str);
} else if (level == LOG_DEEEBUG) {
ods_log_deeebug("[%s] %s: %s", dname_str, pre?pre:"", str);
} else {
ods_log_deeebug("[%s] %s: %s", dname_str, pre?pre:"", str);
}
free((void*)str);
return;
}
/**
* Create domain.
*
*/
domain_type*
domain_create(void* zoneptr, ldns_rdf* dname)
{
domain_type* domain = NULL;
zone_type* zone = (zone_type*) zoneptr;
if (!dname || !zoneptr) {
return NULL;
}
domain = (domain_type*) allocator_alloc(
zone->allocator, sizeof(domain_type));
if (!domain) {
ods_log_error("[%s] unable to create domain: allocator_alloc() "
"failed", dname_str);
return NULL;
}
domain->dname = ldns_rdf_clone(dname);
if (!domain->dname) {
ods_log_error("[%s] unable to create domain: ldns_rdf_clone() "
"failed", dname_str);
allocator_deallocate(zone->allocator, domain);
return NULL;
}
domain->zone = zoneptr;
domain->denial = NULL; /* no reference yet */
domain->node = NULL; /* not in db yet */
domain->rrsets = NULL;
domain->parent = NULL;
domain->is_apex = 0;
domain->is_new = 0;
return domain;
}
/**
* Count the number of RRsets at this domain.
*
*/
size_t
domain_count_rrset(domain_type* domain)
{
rrset_type* rrset = NULL;
size_t count = 0;
if (!domain) {
return 0;
}
rrset = domain->rrsets;
while (rrset) {
count++; /* rr_count may be zero */
rrset = rrset->next;
}
return count;
}
/**
* Count the number of RRsets at this domain with RRs that have is_added.
*
*/
size_t
domain_count_rrset_is_added(domain_type* domain)
{
rrset_type* rrset = NULL;
size_t count = 0;
if (!domain) {
return 0;
}
rrset = domain->rrsets;
while (rrset) {
if (rrset_count_rr_is_added(rrset)) {
count++;
}
rrset = rrset->next;
}
return count;
}
/**
* Look up RRset at this domain.
*
*/
rrset_type*
domain_lookup_rrset(domain_type* domain, ldns_rr_type rrtype)
{
rrset_type* rrset = NULL;
if (!domain || !domain->rrsets || !rrtype) {
return NULL;
}
rrset = domain->rrsets;
while (rrset && rrset->rrtype != rrtype) {
rrset = rrset->next;
}
return rrset;
}
/**
* Add RRset to domain.
*
*/
void
domain_add_rrset(domain_type* domain, rrset_type* rrset)
{
rrset_type** p = NULL;
denial_type* denial = NULL;
ods_log_assert(domain);
ods_log_assert(rrset);
if (!domain->rrsets) {
domain->rrsets = rrset;
} else {
p = &domain->rrsets;
while(*p) {
p = &((*p)->next);
}
*p = rrset;
rrset->next = NULL;
}
log_rrset(domain->dname, rrset->rrtype, "+RRSET", LOG_DEEEBUG);
rrset->domain = (void*) domain;
if (domain->denial) {
denial = (denial_type*) domain->denial;
denial->bitmap_changed = 1;
}
return;
}
/**
* Delete RRset from domain.
*
*/
rrset_type*
domain_del_rrset(domain_type* domain, ldns_rr_type rrtype)
{
rrset_type* cur = NULL;
denial_type* denial = NULL;
if (!domain || !rrtype) {
return NULL;
}
if (!domain->rrsets) {
ods_log_error("[%s] unable to delete RRset: RRset with RRtype %s "
"does not exist", dname_str, rrset_type2str(rrtype));
return NULL;
}
if (domain->rrsets->rrtype == rrtype) {
cur = domain->rrsets;
domain->rrsets = cur->next;
cur->domain = NULL;
cur->next = NULL;
log_rrset(domain->dname, rrtype, "-RRSET", LOG_DEEEBUG);
if (domain->denial) {
denial = (denial_type*) domain->denial;
denial->bitmap_changed = 1;
}
return cur;
}
cur = domain->rrsets;
while (cur) {
if (!cur->next) {
ods_log_error("[%s] unable to delete RRset: RRset with RRtype %s "
"does not exist", dname_str, rrset_type2str(rrtype));
return NULL;
}
ods_log_assert(cur->next);
if (cur->next->rrtype != rrtype) {
cur = cur->next;
} else {
ods_log_assert(cur->next->rrtype == rrtype);
cur->next = cur->next->next;
cur = cur->next;
cur->domain = NULL;
cur->next = NULL;
log_rrset(domain->dname, rrtype, "-RRSET", LOG_DEEEBUG);
if (domain->denial) {
denial = (denial_type*) domain->denial;
denial->bitmap_changed = 1;
}
return cur;
}
}
ods_log_error("[%s] unable to delete RRset: RRset with RRtype %s "
"does not exist", dname_str, rrset_type2str(rrtype));
return NULL;
}
/**
* Apply differences at domain.
*
*/
void
domain_diff(domain_type* domain, unsigned is_ixfr, unsigned more_coming)
{
denial_type* denial = NULL;
rrset_type* rrset = NULL;
rrset_type* prev_rrset = NULL;
if (!domain) {
return;
}
rrset = domain->rrsets;
while (rrset) {
if (rrset->rrtype == LDNS_RR_TYPE_NSEC3PARAMS ||
rrset->rrtype == LDNS_RR_TYPE_DNSKEY) {
/* always do full diff on NSEC3PARAMS | DNSKEY RRset */
rrset_diff(rrset, 0, more_coming);
} else {
rrset_diff(rrset, is_ixfr, more_coming);
}
if (rrset->rr_count <= 0) {
/* delete entire rrset */
if (!prev_rrset) {
domain->rrsets = rrset->next;
} else {
prev_rrset->next = rrset->next;
}
rrset->next = NULL;
log_rrset(domain->dname, rrset->rrtype, "-RRSET", LOG_DEEEBUG);
rrset_cleanup(rrset);
if (!prev_rrset) {
rrset = domain->rrsets;
} else {
rrset = prev_rrset->next;
}
if (domain->denial) {
denial = (denial_type*) domain->denial;
denial->bitmap_changed = 1;
}
} else {
/* just go to next rrset */
prev_rrset = rrset;
rrset = rrset->next;
}
}
return;
}
/**
* Rollback differences at domain.
*
*/
void
domain_rollback(domain_type* domain, int keepsc)
{
denial_type* denial = NULL;
rrset_type* rrset = NULL;
rrset_type* prev_rrset = NULL;
ldns_rr* del_rr = NULL;
int del_rrset = 0;
uint16_t i = 0;
if (!domain) {
return;
}
rrset = domain->rrsets;
while (rrset) {
if (keepsc) {
/* skip rollback for NSEC3PARAM and DNSKEY RRset */
if (rrset->rrtype == LDNS_RR_TYPE_NSEC3PARAMS ||
rrset->rrtype == LDNS_RR_TYPE_DNSKEY) {
prev_rrset = rrset;
rrset = rrset->next;
continue;
}
}
/* walk rrs */
for (i=0; i < rrset->rr_count; i++) {
rrset->rrs[i].is_added = 0;
rrset->rrs[i].is_removed = 0;
if (!rrset->rrs[i].exists) {
/* can we delete the RRset? */
if(rrset->rr_count == 1) {
del_rrset = 1;
}
del_rr = rrset->rrs[i].rr;
rrset_del_rr(rrset, i);
ldns_rr_free(del_rr);
del_rr = NULL;
i--;
}
}
/* next rrset */
if (del_rrset) {
/* delete entire rrset */
if (!prev_rrset) {
domain->rrsets = rrset->next;
} else {
prev_rrset->next = rrset->next;
}
rrset->next = NULL;
log_rrset(domain->dname, rrset->rrtype, "-RRSET", LOG_DEEEBUG);
rrset_cleanup(rrset);
if (!prev_rrset) {
rrset = domain->rrsets;
} else {
rrset = prev_rrset->next;
}
if (domain->denial) {
denial = (denial_type*) domain->denial;
denial->bitmap_changed = 0;
}
del_rrset = 0;
} else {
/* just go to next rrset */
prev_rrset = rrset;
rrset = rrset->next;
}
}
return;
}
/**
* Check whether a domain is an empty non-terminal to unsigned delegation.
*
*/
int
domain_ent2unsignedns(domain_type* domain)
{
ldns_rbnode_t* n = LDNS_RBTREE_NULL;
domain_type* d = NULL;
ods_log_assert(domain);
if (domain->rrsets) {
return 0; /* not an empty non-terminal */
}
n = ldns_rbtree_next(domain->node);
while (n && n != LDNS_RBTREE_NULL) {
d = (domain_type*) n->data;
if (!ldns_dname_is_subdomain(d->dname, domain->dname)) {
break;
}
if (d->rrsets) {
if (domain_is_delegpt(d) != LDNS_RR_TYPE_NS &&
domain_is_occluded(d) == LDNS_RR_TYPE_SOA) {
/* domain has signed delegation/auth */
return 0;
}
}
/* maybe there is data at the next domain */
n = ldns_rbtree_next(n);
}
return 1;
}
/**
* Check whether the domain is a delegation point.
*
*/
ldns_rr_type
domain_is_delegpt(domain_type* domain)
{
ods_log_assert(domain);
if (domain->is_apex) {
return LDNS_RR_TYPE_SOA;
}
if (domain_lookup_rrset(domain, LDNS_RR_TYPE_NS)) {
if (domain_lookup_rrset(domain, LDNS_RR_TYPE_DS)) {
/* Signed delegation */
return LDNS_RR_TYPE_DS;
} else {
/* Unsigned delegation */
return LDNS_RR_TYPE_NS;
}
}
/* Authoritative */
return LDNS_RR_TYPE_SOA;
}
/**
* Check whether the domain is occluded.
*
*/
ldns_rr_type
domain_is_occluded(domain_type* domain)
{
domain_type* parent = NULL;
ods_log_assert(domain);
if (domain->is_apex) {
return LDNS_RR_TYPE_SOA;
}
parent = domain->parent;
while (parent && !parent->is_apex) {
if (domain_lookup_rrset(parent, LDNS_RR_TYPE_NS)) {
/* Glue / Empty non-terminal to Glue */
return LDNS_RR_TYPE_A;
}
if (domain_lookup_rrset(parent, LDNS_RR_TYPE_DNAME)) {
/* Occluded data / Empty non-terminal to Occluded data */
return LDNS_RR_TYPE_DNAME;
}
parent = parent->parent;
}
/* Authoritative or delegation */
return LDNS_RR_TYPE_SOA;
}
/**
* Print domain.
*
*/
void
domain_print(FILE* fd, domain_type* domain, ods_status* status)
{
char* str = NULL;
rrset_type* rrset = NULL;
rrset_type* soa_rrset = NULL;
rrset_type* cname_rrset = NULL;
if (!domain || !fd) {
if (status) {
ods_log_crit("[%s] unable to print domain: domain or fd missing",
dname_str);
*status = ODS_STATUS_ASSERT_ERR;
}
return;
}
/* empty non-terminal? */
if (!domain->rrsets) {
str = ldns_rdf2str(domain->dname);
fprintf(fd, ";;Empty non-terminal %s\n", str);
free((void*)str);
/* Denial of Existence */
if (domain->denial) {
denial_print(fd, (denial_type*) domain->denial, status);
}
return;
}
/* no other data may accompany a CNAME */
cname_rrset = domain_lookup_rrset(domain, LDNS_RR_TYPE_CNAME);
if (cname_rrset) {
rrset_print(fd, cname_rrset, 0, status);
} else {
/* if SOA, print soa first */
if (domain->is_apex) {
soa_rrset = domain_lookup_rrset(domain, LDNS_RR_TYPE_SOA);
if (soa_rrset) {
rrset_print(fd, soa_rrset, 0, status);
if (status && *status != ODS_STATUS_OK) {
return;
}
}
}
/* print other RRsets */
rrset = domain->rrsets;
while (rrset) {
/* skip SOA RRset */
if (rrset->rrtype != LDNS_RR_TYPE_SOA) {
rrset_print(fd, rrset, 0, status);
}
if (status && *status != ODS_STATUS_OK) {
ods_log_crit("[%s] failed to print one or more RRsets: %s",
dname_str, ods_status2str(*status));
return;
}
rrset = rrset->next;
}
}
/* Denial of Existence */
if (domain->denial) {
denial_print(fd, (denial_type*) domain->denial, status);
}
return;
}
/**
* Clean up domain.
*
*/
void
domain_cleanup(domain_type* domain)
{
zone_type* zone = NULL;
if (!domain) {
return;
}
zone = (zone_type*) domain->zone;
ldns_rdf_deep_free(domain->dname);
rrset_cleanup(domain->rrsets);
allocator_deallocate(zone->allocator, (void*)domain);
return;
}
/**
* Backup domain.
*
*/
void
domain_backup2(FILE* fd, domain_type* domain, int sigs)
{
rrset_type* rrset = NULL;
if (!domain || !fd) {
return;
}
/* if SOA, print soa first */
if (domain->is_apex) {
rrset = domain_lookup_rrset(domain, LDNS_RR_TYPE_SOA);
if (rrset) {
if (sigs) {
rrset_backup2(fd, rrset);
} else {
rrset_print(fd, rrset, 1, NULL);
}
}
}
rrset = domain->rrsets;
while (rrset) {
/* skip SOA RRset */
if (rrset->rrtype != LDNS_RR_TYPE_SOA) {
if (sigs) {
rrset_backup2(fd, rrset);
} else {
rrset_print(fd, rrset, 1, NULL);
}
}
rrset = rrset->next;
}
return;
}
����������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/signer/keys.h�����������������������������������������������������������0000644�0001750�0001750�00000010133�12650165732�015305� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Signing keys.
*
*/
#ifndef SIGNER_KEYS_H
#define SIGNER_KEYS_H
#include "shared/allocator.h"
#include "shared/status.h"
#ifdef HAVE_SYS_TYPES_H
# include
#endif
#ifdef HAVE_UNISTD_H
# include
#endif
#include
#include
#include
/**
* Key.
*
*/
typedef struct key_struct key_type;
struct key_struct {
ldns_rr* dnskey;
hsm_key_t* hsmkey;
hsm_sign_params_t* params;
const char* locator;
uint8_t algorithm;
uint32_t flags;
int publish;
int ksk;
int zsk;
int rfc5011;
};
/**
* Key list.
*
*/
typedef struct keylist_struct keylist_type;
struct keylist_struct {
void* sc;
key_type* keys;
size_t count;
};
/**
* Create a new key list.
* \param[in] sc signer configuration reference
* \return keylist_type* key list
*
*/
keylist_type* keylist_create(void* sc);
/**
* Lookup a key in the key list by locator.
* \param[in] kl key list
* \param[in] locator key locator
* \return key_type* key if it exists, NULL otherwise
*
*/
key_type* keylist_lookup_by_locator(keylist_type* kl, const char* locator);
/**
* Lookup a key in the key list by dnskey.
* \param[in] kl key list
* \param[in] dnskey dnskey
* \return key_type* key if it exists, NULL otherwise
*
*/
key_type* keylist_lookup_by_dnskey(keylist_type* kl, ldns_rr* dnskey);
/**
* Push a key to the keylist.
* \param[in] kl key list
* \param[in] locator string that identifies location of key
* \param[in] algorithm DNSKEY algorithm field value
* \param[in] flags DNSKEY flags field value
* \param[in] publish if true, publish key as a DNSKEY
* \param[in] ksk if true, sign DNSKEY RRset with this key
* \param[in] zsk if true, sign all but DNSKEY RRset with this key
* \param[in] rfc5011 if true, key will use 5011 style revocation
* \return key_type* key
*
*/
key_type* keylist_push(keylist_type* kl, const char* locator,
uint8_t algorithm, uint32_t flags, int publish, int ksk, int zsk,
int rfc5011);
/**
* Print key list.
* \param[in] fd file descriptor
* \param[in] kl key list to print
*
*/
void keylist_print(FILE* fd, keylist_type* kl);
/**
* Log key list.
* \param[in] kl key list to print
* \param[in] name zone name
*
*/
void keylist_log(keylist_type* kl, const char* name);
/**
* Clean up key list.
* \param[in] kl key list to clean up
*
*/
void keylist_cleanup(keylist_type* kl);
/**
* Recover key from backup.
* \param[in] fd file descriptor of key backup file
* \param[in] kl key list to print
* \return key_type* key
*
*/
key_type* key_recover2(FILE* fd, keylist_type* kl);
/**
* Backup key list.
* \param[in] fd file descriptor
* \param[in] kl key list to print
* \param[in] version version string
*
*/
void keylist_backup(FILE* fd, keylist_type* kl, const char* version);
#endif /* SIGNER_KEYS_H */
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/signer/ixfr.h�����������������������������������������������������������0000644�0001750�0001750�00000005127�12650165732�015311� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Domain name database.
*
*/
#ifndef SIGNER_IXFR_H
#define SIGNER_IXFR_H
#include "config.h"
#include "shared/locks.h"
#include
#define IXFR_MAX_PARTS 3
/**
* Part of IXFR Journal.
*
*/
typedef struct part_struct part_type;
struct part_struct {
ldns_rr* soamin;
ldns_rr_list* min;
ldns_rr* soaplus;
ldns_rr_list* plus;
};
/**
* IXFR Journal.
*
*/
typedef struct ixfr_struct ixfr_type;
struct ixfr_struct {
void* zone;
part_type* part[IXFR_MAX_PARTS];
lock_basic_type ixfr_lock;
};
/**
* Create a new ixfr journal.
* \param[in] zone zone reference
* \return ixfr_type* ixfr
*
*/
ixfr_type* ixfr_create(void* zone);
/**
* Add +RR to ixfr journal.
* \param[in] ixfr journal
* \param[in] rr +RR
*
*/
void ixfr_add_rr(ixfr_type* ixfr, ldns_rr* rr);
/**
* Add -RR to ixfr journal.
* \param[in] ixfr journal
* \param[in] rr -RR
*
*/
void ixfr_del_rr(ixfr_type* ixfr, ldns_rr* rr);
/**
* Print the ixfr journal.
* \param[in] fd file descriptor
* \param[in] ixfr journal
*
*/
void ixfr_print(FILE* fd, ixfr_type* ixfr);
/**
* Purge the ixfr journal.
* \param[in] ixfr journal
*
*/
void ixfr_purge(ixfr_type* ixfr);
/**
* Cleanup the ixfr journal.
* \param[in] ixfr journal
*
*/
void ixfr_cleanup(ixfr_type* ixfr);
#endif /* SIGNER_IXFR_H */
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/signer/signconf.h�������������������������������������������������������0000644�0001750�0001750�00000010177�12650165732�016150� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Signer configuration.
*
*/
#ifndef SIGNER_SIGNCONF_H
#define SIGNER_SIGNCONF_H
#include "scheduler/task.h"
#include "shared/allocator.h"
#include "shared/duration.h"
#include "signer/keys.h"
#include "signer/nsec3params.h"
#include
#include
/**
* Signer Configuration.
*
*/
typedef struct signconf_struct signconf_type;
struct signconf_struct {
/* Zone */
const char* name;
allocator_type* allocator;
/* Signatures */
duration_type* sig_resign_interval;
duration_type* sig_refresh_interval;
duration_type* sig_validity_default;
duration_type* sig_validity_denial;
duration_type* sig_jitter;
duration_type* sig_inception_offset;
/* Denial of existence */
duration_type* nsec3param_ttl;
ldns_rr_type nsec_type;
int nsec3_optout;
uint32_t nsec3_algo;
uint32_t nsec3_iterations;
const char* nsec3_salt;
nsec3params_type* nsec3params;
/* Keys */
duration_type* dnskey_ttl;
keylist_type* keys;
/* Source of authority */
duration_type* soa_ttl;
duration_type* soa_min;
const char* soa_serial;
/* Other useful information */
const char* filename;
time_t last_modified;
};
/**
* Create a new signer configuration with the 'empty' settings.
* \return signconf_type* signer configuration
*
*/
signconf_type* signconf_create(void);
/**
* Update signer configuration.
* \param[out] signconf signer configuration
* \param[in] scfile signer configuration file name
* \param[in] last_modified last known modification
* \return ods_status status
*
*/
ods_status signconf_update(signconf_type** signconf, const char* scfile,
time_t last_modified);
/**
* Backup signer configuration.
* \param[in] fd file descriptor
* \param[in] sc signer configuration settings
* \param[in] version version string
*
*/
void signconf_backup(FILE* fd, signconf_type* sc, const char* version);
/**
* Check signer configuration.
* \param signconf signer configuration
* \return ods_status status
*
*/
ods_status signconf_check(signconf_type* signconf);
/**
* Compare signer configurations on denial of existence material.
* \param[in] a a signer configuration
* \param[in] b another signer configuration
* \return task_id what task needs to be scheduled
*
*/
task_id signconf_compare_denial(signconf_type* a, signconf_type* b);
/**
* Print signer configuration.
* \param[in] out file descriptor
* \param[in] sc signconf to print
* \param[in] name zone name
*
*/
void signconf_print(FILE* out, signconf_type* sc, const char* name);
/**
* Log signer configuration.
* \param[in] sc signconf to log
* \param[in] name zone name
*
*/
void signconf_log(signconf_type* sc, const char* name);
/**
* Clean up signer configuration.
* \param[in] sc signconf to cleanup
*
*/
void signconf_cleanup(signconf_type* sc);
#endif /* SIGNER_SIGNCONF_H */
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/signer/rrset.h����������������������������������������������������������0000644�0001750�0001750�00000011666�12650165732�015505� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* RRset.
*
*/
#ifndef SIGNER_RRSET_H
#define SIGNER_RRSET_H
#include "config.h"
#include "shared/status.h"
#include "signer/stats.h"
#include
#include
/**
* RRSIG.
*
*/
typedef struct rrsig_struct rrsig_type;
struct rrsig_struct {
ldns_rr* rr;
void* owner;
const char* key_locator;
uint32_t key_flags;
};
/**
* RR.
*
*/
typedef struct rr_struct rr_type;
struct rr_struct {
ldns_rr* rr;
void* owner;
unsigned exists : 1;
unsigned is_added : 1;
unsigned is_removed : 1;
};
/**
* RRset.
*
*/
typedef struct rrset_struct rrset_type;
struct rrset_struct {
rrset_type* next;
void* zone;
void* domain;
ldns_rr_type rrtype;
rr_type* rrs;
rrsig_type* rrsigs;
size_t rr_count;
size_t rrsig_count;
unsigned needs_signing : 1;
};
/**
* Log RR.
* \param[in] rr RR
* \param[in] pre log message
* \param[in] level log level
*
*/
void log_rr(ldns_rr* rr, const char* pre, int level);
/**
* Log RRset.
* \param[in] dname domain name
* \param[in] type RRtype
* \param[in] pre log message
* \param[in] level log level
*
*/
void log_rrset(ldns_rdf* dname, ldns_rr_type type, const char* pre, int level);
/**
* Get the string-format of RRtype.
* \param[in] type RRtype
* \return const char* string-format of RRtype
*
*/
const char* rrset_type2str(ldns_rr_type type);
/**
* Create RRset.
* \param[in] zoneptr zone reference
* \param[in] type RRtype
* \return rrset_type* RRset
*
*/
rrset_type* rrset_create(void* zoneptr, ldns_rr_type type);
/**
* Lookup RR in RRset.
* \param[in] rrset RRset
* \param[in] rr RR
* \return rr_type* RR if found
*
*/
rr_type* rrset_lookup_rr(rrset_type* rrset, ldns_rr* rr);
/**
* Count the number of RRs in this RRset that have is_added.
* \param[in] rrset RRset
* \return size_t number of RRs
*
*/
size_t rrset_count_rr_is_added(rrset_type* rrset);
/**
* Add RR to RRset.
* \param[in] rrset RRset
* \param[in] rr RR
* \return rr_type* added RR
*
*/
rr_type* rrset_add_rr(rrset_type* rrset, ldns_rr* rr);
/**
* Delete RR from RRset.
* \param[in] rrset RRset
* \param[in] rrnum position of RR
*
*/
void rrset_del_rr(rrset_type* rrset, uint16_t rrnum);
/**
* Add RRSIG to RRset.
* \param[in] rrset RRset
* \param[in] rr RRSIG
* \param[in] locator key locator
* \param[in] flags key flags
* \return rr_type* added RRSIG
*
*/
rrsig_type* rrset_add_rrsig(rrset_type* rrset, ldns_rr* rr,
const char* locator, uint32_t flags);
/**
* Delete RRSIG from RRset.
* \param[in] rrset RRset
* \param[in] rrnum position of RRSIG
*
*/
void rrset_del_rrsig(rrset_type* rrset, uint16_t rrnum);
/**
* Apply differences at RRset.
* \param[in] rrset RRset
* \param[in] is_ixfr true if incremental change
* \param[in] more_coming more transactions possible
*
*/
void rrset_diff(rrset_type* rrset, unsigned is_ixfr, unsigned more_coming);
/**
* Sign RRset.
* \param[in] ctx HSM context
* \param[in] rrset RRset
* \param[in] signtime time when the zone is being signed
* \return ods_status status
*
*/
ods_status rrset_sign(hsm_ctx_t* ctx, rrset_type* rrset, time_t signtime);
/**
* Print RRset.
* \param[in] fd file descriptor
* \param[in] rrset RRset to be printed
* \param[in] skip_rrsigs if true, don't print RRSIG records
* \param[out] status status
*
*/
void rrset_print(FILE* fd, rrset_type* rrset, int skip_rrsigs,
ods_status* status);
/**
* Clean up RRset.
* \param[in] rrset RRset to be cleaned up
*
*/
void rrset_cleanup(rrset_type* rrset);
/**
* Backup RRset.
* \param[in] fd file descriptor
* \param[in] rrset RRset
*
*/
void rrset_backup2(FILE* fd, rrset_type* rrset);
#endif /* SIGNER_RRSET_H */
��������������������������������������������������������������������������opendnssec-1.4.9/signer/src/signer/namedb.h���������������������������������������������������������0000644�0001750�0001750�00000012644�12650165732�015571� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Domain name database.
*
*/
#ifndef SIGNER_NAMEDB_H
#define SIGNER_NAMEDB_H
#include "config.h"
#include "signer/denial.h"
#include "signer/domain.h"
#include "signer/nsec3params.h"
#include
/**
* Domain name database.
*
*/
typedef struct namedb_struct namedb_type;
struct namedb_struct {
void* zone;
ldns_rbtree_t* domains;
ldns_rbtree_t* denials;
uint32_t inbserial;
uint32_t intserial;
uint32_t outserial;
uint32_t altserial;
unsigned is_initialized : 1;
unsigned is_processed : 1;
unsigned serial_updated : 1;
unsigned force_serial : 1;
unsigned have_serial : 1;
};
/**
* Initialize denial of existence chain.
* \param[in] db namedb
*
*/
void namedb_init_denials(namedb_type* db);
/**
* Create a new namedb.
* \param[in] zone zone reference
* \return namedb_type* namedb
*
*/
namedb_type* namedb_create(void* zone);
/**
* Determine new SOA SERIAL.
* \param[in] db namedb
* \param[in] zone_name zone name
* \param[in] format format from signer configuration
* \param[in] inbound_serial inbound serial
* \return ods_status status
*
*/
ods_status namedb_update_serial(namedb_type* db, const char* zone_name,
const char* format, uint32_t inbound_serial);
/**
* Add empty non-terminals for domain.
* \param[in] db namedb
* \param[in] domain domain
* \param[in] apex apex domain name
* \return ods_status status
*
*/
ods_status namedb_domain_entize(namedb_type* db, domain_type* domain,
ldns_rdf* apex);
/**
* Look up domain.
* \param[in] db namedb
* \param[in] dname domain name
* \return domain_type* domain, if found
*
*/
domain_type* namedb_lookup_domain(namedb_type* db, ldns_rdf* dname);
/**
* Add domain to namedb.
* \param[in] db namedb
* \param[in] dname domain name
* \return domain_type* added domain
*
*/
domain_type* namedb_add_domain(namedb_type* db, ldns_rdf* dname);
/**
* Delete domain from namedb
* \param[in] db namedb
* \param[in] domain domain
* \return domain_type* deleted domain
*
*/
domain_type* namedb_del_domain(namedb_type* db, domain_type* domain);
/**
* Lookup denial.
* \param[in] db namedb
* \param[in] dname domain name
* \return denial_type* denial, if found
*
*/
denial_type* namedb_lookup_denial(namedb_type* db, ldns_rdf* dname);
/**
* Add denial to namedb.
* \param[in] db namedb
* \param[in] dname domain name
* \param[in] n3p NSEC3 parameters, NULL if we do NSEC
* \return denial_type* added denial
*
*/
denial_type* namedb_add_denial(namedb_type* db, ldns_rdf* dname,
nsec3params_type* n3p);
/**
* Delete denial from namedb
* \param[in] db namedb
* \param[in] denial denial
* \return denial_type* deleted denial
*
*/
denial_type* namedb_del_denial(namedb_type* db, denial_type* denial);
/**
* Examine updates to namedb.
* \param[in] db namedb
* \return ods_status status
*
*/
ods_status namedb_examine(namedb_type* db);
/**
* Apply differences in db.
* \param[in] db namedb
* \param[in] is_ixfr true if incremental change
* \param[in] more_coming more transactions possible
*
*/
void namedb_diff(namedb_type* db, unsigned is_ixfr, unsigned more_coming);
/**
* Rollback differences in db.
* \param[in] db namedb
* \param[in] keepsc keep RRs that did not came from the adapter.
*
*/
void namedb_rollback(namedb_type* db, unsigned keepsc);
/**
* Nsecify db.
* \param[in] db namedb
* \param[out] num_added number of NSEC RRs added
*
*/
void namedb_nsecify(namedb_type* db, uint32_t* num_added);
/**
* Export db to file.
* \param[in] fd file descriptor
* \param[in] namedb namedb
* \param[out] status status
*
*/
void namedb_export(FILE* fd, namedb_type* db, ods_status* status);
/**
* Wipe out all NSEC(3) RRsets.
* \param[in] db namedb
*
*/
void namedb_wipe_denial(namedb_type* db);
/**
* Clean up denial of existence chain.
* \param[in] db namedb
*
*/
void namedb_cleanup_denials(namedb_type* db);
/**
* Clean up namedb.
* \param[in] namedb namedb
*
*/
void namedb_cleanup(namedb_type* db);
/**
* Backup namedb.
* \param[in] fd output file descriptor
* \param[in] zd zone data
*
*/
void namedb_backup2(FILE* fd, namedb_type* db);
#endif /* SIGNER_NAMEDB_H */
��������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/signer/signconf.c�������������������������������������������������������0000644�0001750�0001750�00000046171�12650165732�016146� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Signer configuration.
*
*/
#include "parser/signconfparser.h"
#include "shared/duration.h"
#include "shared/file.h"
#include "shared/log.h"
#include "shared/status.h"
#include "signer/signconf.h"
static const char* sc_str = "signconf";
/**
* Create a new signer configuration with the 'empty' settings.
*
*/
signconf_type*
signconf_create(void)
{
signconf_type* sc = NULL;
allocator_type* allocator = allocator_create(malloc, free);
if (!allocator) {
ods_log_error("[%s] unable to create signconf: allocator_create() "
" failed", sc_str);
return NULL;
}
sc = (signconf_type*) allocator_alloc(allocator, sizeof(signconf_type));
if (!sc) {
ods_log_error("[%s] unable to create signconf: allocator_alloc() "
" failed", sc_str);
allocator_cleanup(allocator);
return NULL;
}
sc->allocator = allocator;
sc->filename = NULL;
/* Signatures */
sc->sig_resign_interval = NULL;
sc->sig_refresh_interval = NULL;
sc->sig_validity_default = NULL;
sc->sig_validity_denial = NULL;
sc->sig_jitter = NULL;
sc->sig_inception_offset = NULL;
/* Denial of existence */
sc->nsec3param_ttl = NULL;
sc->nsec_type = 0;
sc->nsec3_optout = 0;
sc->nsec3_algo = 0;
sc->nsec3_iterations = 0;
sc->nsec3_salt = NULL;
sc->nsec3params = NULL;
/* Keys */
sc->dnskey_ttl = NULL;
sc->keys = NULL;
/* Source of authority */
sc->soa_ttl = NULL;
sc->soa_min = NULL;
sc->soa_serial = NULL;
/* Other useful information */
sc->last_modified = 0;
return sc;
}
/**
* Read signer configuration.
*
*/
static ods_status
signconf_read(signconf_type* signconf, const char* scfile)
{
const char* rngfile = ODS_SE_RNGDIR "/signconf.rng";
ods_status status = ODS_STATUS_OK;
FILE* fd = NULL;
if (!scfile || !signconf) {
return ODS_STATUS_ASSERT_ERR;
}
ods_log_debug("[%s] read signconf file %s", sc_str, scfile);
status = parse_file_check(scfile, rngfile);
if (status != ODS_STATUS_OK) {
ods_log_error("[%s] unable to read signconf: parse error in "
"file %s (%s)", sc_str, scfile, ods_status2str(status));
return status;
}
fd = ods_fopen(scfile, NULL, "r");
if (fd) {
signconf->filename = allocator_strdup(signconf->allocator, scfile);
signconf->sig_resign_interval = parse_sc_sig_resign_interval(scfile);
signconf->sig_refresh_interval = parse_sc_sig_refresh_interval(scfile);
signconf->sig_validity_default = parse_sc_sig_validity_default(scfile);
signconf->sig_validity_denial = parse_sc_sig_validity_denial(scfile);
signconf->sig_jitter = parse_sc_sig_jitter(scfile);
signconf->sig_inception_offset = parse_sc_sig_inception_offset(scfile);
signconf->nsec_type = parse_sc_nsec_type(scfile);
if (signconf->nsec_type == LDNS_RR_TYPE_NSEC3) {
signconf->nsec3param_ttl = parse_sc_nsec3param_ttl(scfile);
signconf->nsec3_optout = parse_sc_nsec3_optout(scfile);
signconf->nsec3_algo = parse_sc_nsec3_algorithm(scfile);
signconf->nsec3_iterations = parse_sc_nsec3_iterations(scfile);
signconf->nsec3_salt = parse_sc_nsec3_salt(signconf->allocator,
scfile);
signconf->nsec3params = nsec3params_create((void*) signconf,
(uint8_t) signconf->nsec3_algo, (uint8_t) signconf->nsec3_optout,
(uint16_t)signconf->nsec3_iterations, signconf->nsec3_salt);
if (!signconf->nsec3params) {
ods_log_error("[%s] unable to read signconf %s: "
"nsec3params_create() failed", sc_str, scfile);
ods_fclose(fd);
return ODS_STATUS_MALLOC_ERR;
}
}
signconf->keys = parse_sc_keys((void*) signconf, scfile);
signconf->dnskey_ttl = parse_sc_dnskey_ttl(scfile);
signconf->soa_ttl = parse_sc_soa_ttl(scfile);
signconf->soa_min = parse_sc_soa_min(scfile);
signconf->soa_serial = parse_sc_soa_serial(signconf->allocator,
scfile);
ods_fclose(fd);
return ODS_STATUS_OK;
}
ods_log_error("[%s] unable to read signconf: failed to open file %s",
sc_str, scfile);
return ODS_STATUS_ERR;
}
/**
* Update signer configuration.
*
*/
ods_status
signconf_update(signconf_type** signconf, const char* scfile,
time_t last_modified)
{
signconf_type* new_sc = NULL;
time_t st_mtime = 0;
ods_status status = ODS_STATUS_OK;
if (!scfile || !signconf) {
return ODS_STATUS_UNCHANGED;
}
/* is the file updated? */
st_mtime = ods_file_lastmodified(scfile);
if (st_mtime <= last_modified) {
return ODS_STATUS_UNCHANGED;
}
/* if so, read the new signer configuration */
new_sc = signconf_create();
if (!new_sc) {
ods_log_error("[%s] unable to update signconf: signconf_create() "
"failed", sc_str);
return ODS_STATUS_ERR;
}
status = signconf_read(new_sc, scfile);
if (status == ODS_STATUS_OK) {
new_sc->last_modified = st_mtime;
if (signconf_check(new_sc) != ODS_STATUS_OK) {
ods_log_error("[%s] unable to update signconf: signconf %s has "
"errors", sc_str, scfile);
signconf_cleanup(new_sc);
return ODS_STATUS_CFG_ERR;
}
*signconf = new_sc;
} else {
ods_log_error("[%s] unable to update signconf: failed to read file "
"%s (%s)", sc_str, scfile, ods_status2str(status));
signconf_cleanup(new_sc);
}
return status;
}
/**
* Backup duration.
*
*/
static void
signconf_backup_duration(FILE* fd, const char* opt, duration_type* duration)
{
char* str = duration2string(duration);
fprintf(fd, "%s %s ", opt, str);
free((void*) str?str:"(null)");
return;
}
/**
* Backup signconf values.
*
*/
void
signconf_backup(FILE* fd, signconf_type* sc, const char* version)
{
if (!fd || !sc) {
return;
}
fprintf(fd, ";;Signconf: lastmod %u ", (unsigned) sc->last_modified);
if (strcmp(version, ODS_SE_FILE_MAGIC_V2) &&
strcmp(version, ODS_SE_FILE_MAGIC_V1)) {
/* version 3 and up */
fprintf(fd, "maxzonettl 0 "); /* prepare for enforcer ng */
}
signconf_backup_duration(fd, "resign", sc->sig_resign_interval);
signconf_backup_duration(fd, "refresh", sc->sig_refresh_interval);
signconf_backup_duration(fd, "valid", sc->sig_validity_default);
signconf_backup_duration(fd, "denial", sc->sig_validity_denial);
signconf_backup_duration(fd, "jitter", sc->sig_jitter);
signconf_backup_duration(fd, "offset", sc->sig_inception_offset);
fprintf(fd, "nsec %u ", (unsigned) sc->nsec_type);
signconf_backup_duration(fd, "dnskeyttl", sc->dnskey_ttl);
signconf_backup_duration(fd, "soattl", sc->soa_ttl);
signconf_backup_duration(fd, "soamin", sc->soa_min);
fprintf(fd, "serial %s ", sc->soa_serial?sc->soa_serial:"(null)");
if (strcmp(version, ODS_SE_FILE_MAGIC_V2) == 0) {
fprintf(fd, "audit 0");
}
fprintf(fd, "\n");
return;
}
/**
* Check the SOA/Serial type.
*
*/
static int
signconf_soa_serial_check(const char* serial) {
if (!serial) {
return 1;
}
if (strlen(serial) == 4 && strncmp(serial, "keep", 4) == 0) {
return 0;
}
if (strlen(serial) == 7 && strncmp(serial, "counter", 7) == 0) {
return 0;
}
if (strlen(serial) == 8 && strncmp(serial, "unixtime", 8) == 0) {
return 0;
}
if (strlen(serial) == 11 && strncmp(serial, "datecounter", 11) == 0) {
return 0;
}
return 1;
}
/**
* Check signer configuration settings.
*
*/
ods_status
signconf_check(signconf_type* sc)
{
ods_status status = ODS_STATUS_OK;
if (!sc->sig_resign_interval) {
ods_log_error("[%s] check failed: no signature resign interval found",
sc_str);
status = ODS_STATUS_CFG_ERR;
}
if (!sc->sig_refresh_interval) {
ods_log_error("[%s] check failed: no signature resign interval found",
sc_str);
status = ODS_STATUS_CFG_ERR;
}
if (!sc->sig_validity_default) {
ods_log_error("[%s] check failed: no signature default validity found",
sc_str);
status = ODS_STATUS_CFG_ERR;
}
if (!sc->sig_validity_denial) {
ods_log_error("[%s] check failed: no signature denial validity found",
sc_str);
status = ODS_STATUS_CFG_ERR;
}
if (!sc->sig_jitter) {
ods_log_error("[%s] check failed: no signature jitter found", sc_str);
status = ODS_STATUS_CFG_ERR;
}
if (!sc->sig_inception_offset) {
ods_log_error("[%s] check failed: no signature inception offset found",
sc_str);
status = ODS_STATUS_CFG_ERR;
}
if (sc->nsec_type == LDNS_RR_TYPE_NSEC3) {
if (sc->nsec3_algo != LDNS_SHA1) {
ods_log_error("[%s] check failed: invalid nsec3 algorithm",
sc_str);
status = ODS_STATUS_CFG_ERR;
}
/* iterations */
/* salt */
/* optout */
} else if (sc->nsec_type != LDNS_RR_TYPE_NSEC) {
ods_log_error("[%s] check failed: wrong nsec type %i", sc_str,
sc->nsec_type);
status = ODS_STATUS_CFG_ERR;
}
if (!sc->keys || sc->keys->count == 0) {
ods_log_error("[%s] check failed: no keys found", sc_str);
status = ODS_STATUS_CFG_ERR;
}
if (!sc->dnskey_ttl) {
ods_log_error("[%s] check failed: no dnskey ttl found", sc_str);
status = ODS_STATUS_CFG_ERR;
}
if (!sc->soa_ttl) {
ods_log_error("[%s] check failed: no soa ttl found", sc_str);
status = ODS_STATUS_CFG_ERR;
}
if (!sc->soa_min) {
ods_log_error("[%s] check failed: no soa minimum found", sc_str);
status = ODS_STATUS_CFG_ERR;
}
if (!sc->soa_serial) {
ods_log_error("[%s] check failed: no soa serial type found", sc_str);
status = ODS_STATUS_CFG_ERR;
} else if (signconf_soa_serial_check(sc->soa_serial) != 0) {
ods_log_error("[%s] check failed: wrong soa serial type %s", sc_str,
sc->soa_serial);
status = ODS_STATUS_CFG_ERR;
}
return status;
}
/**
* Compare signer configurations on denial of existence material.
*
*/
task_id
signconf_compare_denial(signconf_type* a, signconf_type* b)
{
task_id new_task = TASK_NONE;
if (!a || !b) {
return TASK_NONE;
}
ods_log_assert(a);
ods_log_assert(b);
if (duration_compare(a->soa_min, b->soa_min)) {
new_task = TASK_NSECIFY;
} else if (a->nsec_type != b->nsec_type) {
new_task = TASK_NSECIFY;
} else if (a->nsec_type == LDNS_RR_TYPE_NSEC3) {
if ((ods_strcmp(a->nsec3_salt, b->nsec3_salt) != 0) ||
(a->nsec3_algo != b->nsec3_algo) ||
(a->nsec3_iterations != b->nsec3_iterations) ||
(a->nsec3_optout != b->nsec3_optout)) {
new_task = TASK_NSECIFY;
} else if (duration_compare(a->nsec3param_ttl, b->nsec3param_ttl)) {
new_task = TASK_READ;
}
}
return new_task;
}
/**
* Print sign configuration.
*
*/
void
signconf_print(FILE* out, signconf_type* sc, const char* name)
{
char* s = NULL;
fprintf(out, "\n");
if (sc) {
fprintf(out, "\n");
fprintf(out, "\t\n", name?name:"(null)");
/* Signatures */
fprintf(out, "\t\t\n");
s = duration2string(sc->sig_resign_interval);
fprintf(out, "\t\t\t%s \n", s?s:"(null)");
free((void*)s);
s = duration2string(sc->sig_refresh_interval);
fprintf(out, "\t\t\t%s \n", s?s:"(null)");
free((void*)s);
fprintf(out, "\t\t\t\n");
s = duration2string(sc->sig_validity_default);
fprintf(out, "\t\t\t\t%s \n", s?s:"(null)");
free((void*)s);
s = duration2string(sc->sig_validity_denial);
fprintf(out, "\t\t\t\t%s \n", s?s:"(null)");
free((void*)s);
fprintf(out, "\t\t\t \n");
s = duration2string(sc->sig_jitter);
fprintf(out, "\t\t\t%s \n", s?s:"(null)");
free((void*)s);
s = duration2string(sc->sig_inception_offset);
fprintf(out, "\t\t\t%s \n",
s?s:"(null)");
free((void*)s);
fprintf(out, "\t\t \n");
fprintf(out, "\n");
/* Denial */
fprintf(out, "\t\t\n");
if (sc->nsec_type == LDNS_RR_TYPE_NSEC) {
fprintf(out, "\t\t\t\n");
if (sc->nsec3param_ttl) {
s = duration2string(sc->nsec3param_ttl);
fprintf(out, "\t\t\t\t%s \n", s?s:"(null)");
free((void*)s);
}
if (sc->nsec3_optout) {
fprintf(out, "\t\t\t\t\n");
fprintf(out, "\t\t\t\t\t%i \n",
sc->nsec3_algo);
fprintf(out, "\t\t\t\t\t%i \n",
sc->nsec3_iterations);
fprintf(out, "\t\t\t\t\t%s \n",
sc->nsec3_salt?sc->nsec3_salt:"(null)");
fprintf(out, "\t\t\t\t \n");
fprintf(out, "\t\t\t \n");
}
fprintf(out, "\t\t \n");
fprintf(out, "\n");
/* Keys */
fprintf(out, "\t\t\n");
s = duration2string(sc->dnskey_ttl);
fprintf(out, "\t\t\t%s \n", s?s:"(null)");
free((void*)s);
fprintf(out, "\n");
keylist_print(out, sc->keys);
fprintf(out, "\t\t \n");
fprintf(out, "\n");
/* SOA */
fprintf(out, "\t\t\n");
s = duration2string(sc->soa_ttl);
fprintf(out, "\t\t\t%s \n", s?s:"(null)");
free((void*)s);
s = duration2string(sc->soa_min);
fprintf(out, "\t\t\t%s \n", s?s:"(null)");
free((void*)s);
fprintf(out, "\t\t\t%s \n",
sc->soa_serial?sc->soa_serial:"(null)");
fprintf(out, "\t\t \n");
fprintf(out, "\n");
fprintf(out, "\t \n");
fprintf(out, " \n");
}
return;
}
/**
* Log sign configuration.
*
*/
void
signconf_log(signconf_type* sc, const char* name)
{
char* resign = NULL;
char* refresh = NULL;
char* validity = NULL;
char* denial = NULL;
char* jitter = NULL;
char* offset = NULL;
char* dnskeyttl = NULL;
char* soattl = NULL;
char* soamin = NULL;
char* paramttl = NULL;
if (sc) {
resign = duration2string(sc->sig_resign_interval);
refresh = duration2string(sc->sig_refresh_interval);
validity = duration2string(sc->sig_validity_default);
denial = duration2string(sc->sig_validity_denial);
jitter = duration2string(sc->sig_jitter);
offset = duration2string(sc->sig_inception_offset);
dnskeyttl = duration2string(sc->dnskey_ttl);
paramttl = duration2string(sc->nsec3param_ttl);
soattl = duration2string(sc->soa_ttl);
soamin = duration2string(sc->soa_min);
/* signconf */
ods_log_info("[%s] zone %s signconf: RESIGN[%s] REFRESH[%s] "
"VALIDITY[%s] DENIAL[%s] JITTER[%s] OFFSET[%s] NSEC[%i] "
"DNSKEYTTL[%s] SOATTL[%s] MINIMUM[%s] SERIAL[%s]",
sc_str,
name?name:"(null)",
resign?resign:"(null)",
refresh?refresh:"(null)",
validity?validity:"(null)",
denial?denial:"(null)",
jitter?jitter:"(null)",
offset?offset:"(null)",
(int) sc->nsec_type,
dnskeyttl?dnskeyttl:"(null)",
soattl?soattl:"(null)",
soamin?soamin:"(null)",
sc->soa_serial?sc->soa_serial:"(null)");
/* nsec3 parameters */
if (sc->nsec_type == LDNS_RR_TYPE_NSEC3) {
ods_log_debug("[%s] zone %s nsec3: PARAMTTL[%s] OPTOUT[%i] "
"ALGORITHM[%u] ITERATIONS[%u] SALT[%s]",
sc_str,
name?name:"(null)",
paramttl?paramttl:"PT0S",
sc->nsec3_optout,
sc->nsec3_algo,
sc->nsec3_iterations,
sc->nsec3_salt?sc->nsec3_salt:"(null)");
}
/* keys */
keylist_log(sc->keys, name);
/* cleanup */
free((void*)resign);
free((void*)refresh);
free((void*)validity);
free((void*)denial);
free((void*)jitter);
free((void*)offset);
free((void*)dnskeyttl);
free((void*)paramttl);
free((void*)soattl);
free((void*)soamin);
}
return;
}
/**
* Clean up signer configuration.
*
*/
void
signconf_cleanup(signconf_type* sc)
{
allocator_type* allocator = NULL;
if (!sc) {
return;
}
duration_cleanup(sc->sig_resign_interval);
duration_cleanup(sc->sig_refresh_interval);
duration_cleanup(sc->sig_validity_default);
duration_cleanup(sc->sig_validity_denial);
duration_cleanup(sc->sig_jitter);
duration_cleanup(sc->sig_inception_offset);
duration_cleanup(sc->dnskey_ttl);
duration_cleanup(sc->soa_ttl);
duration_cleanup(sc->soa_min);
keylist_cleanup(sc->keys);
nsec3params_cleanup(sc->nsec3params);
allocator = sc->allocator;
allocator_deallocate(allocator, (void*) sc->filename);
allocator_deallocate(allocator, (void*) sc->nsec3_salt);
allocator_deallocate(allocator, (void*) sc->soa_serial);
allocator_deallocate(allocator, (void*) sc);
allocator_cleanup(allocator);
return;
}
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/signer/nsec3params.h����������������������������������������������������0000644�0001750�0001750�00000006527�12650165732�016565� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* NSEC3 Parameters.
*
*/
#ifndef SIGNER_NSEC3PARAMS_H
#define SIGNER_NSEC3PARAMS_H
#include "config.h"
#include "shared/status.h"
#include
#include
#ifdef HAVE_SYS_TYPES_H
# include
#endif
#ifdef HAVE_UNISTD_H
# include
#endif
#include
/**
* NSEC3 Parameters structure.
*/
typedef struct nsec3params_struct nsec3params_type;
struct nsec3params_struct {
void* sc;
uint8_t algorithm;
uint8_t flags;
uint16_t iterations;
uint8_t salt_len;
uint8_t* salt_data;
ldns_rr* rr;
};
/**
* Create NSEC3 salt.
* \param[in] salt_str the salt in string format
* \param[out] salt_len lenght of the salt data
* \param[out] salt salt in raw data format
* \return ods_status status
*
*/
ods_status nsec3params_create_salt(const char* salt_str, uint8_t* salt_len,
uint8_t** salt);
/**
* Create new NSEC3 parameters.
* \param[in] sc signer configuration reference
* \param[in] algo algorithm
* \param[in] flags flags, Opt-Out or Opt-In
* \param[in] iter number of iterations
* \param[in] salt salt
* \return nsec3params_type* the created nsec3params
*
*/
nsec3params_type* nsec3params_create(void* sc, uint8_t algo, uint8_t flags,
uint16_t iter, const char* salt);
/**
* Backup NSEC3 parameters.
* \param[in] fd file descriptor
* \param[in] algo algorithm
* \param[in] flags glags, Opt-Out or Opt-In
* \param[in] iter number of iterations
* \param[in] salt salt
* \param[in] rr NSEC3PARAM RR
* \param[in] version version string
*
*/
void nsec3params_backup(FILE* fd, uint8_t algo, uint8_t flags,
uint16_t iter, const char* salt, ldns_rr* rr, const char* version);
/**
* Convert salt to string.
* \param[in] nsec3params NSEC3 parameters
* \return const char* str salt in string format
*
*/
const char* nsec3params_salt2str(nsec3params_type* nsec3params);
/**
* Clean up the NSEC3 parameters.
* \param[in] nsec3params the nsec3param to be deleted
*
*/
void nsec3params_cleanup(nsec3params_type* nsec3params);
#endif /* SIGNER_NSEC3PARAMS_H */
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/signer/zonelist.c�������������������������������������������������������0000644�0001750�0001750�00000030522�12650165732�016200� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
*
* The zonelist and all.
*/
#include "config.h"
#include "parser/confparser.h"
#include "parser/zonelistparser.h"
#include "shared/allocator.h"
#include "shared/duration.h"
#include "shared/file.h"
#include "shared/log.h"
#include "shared/status.h"
#include "signer/zone.h"
#include "signer/zonelist.h"
#include
#include
static const char* zl_str = "zonelist";
/**
* Compare two zones.
*
*/
static int
zone_compare(const void* a, const void* b)
{
zone_type* x = (zone_type*)a;
zone_type* y = (zone_type*)b;
ods_log_assert(x);
ods_log_assert(y);
if (x->klass != y->klass) {
if (x->klass < y->klass) {
return -1;
}
return 1;
}
return ldns_dname_compare(x->apex, y->apex);
}
/**
* Create a new zone list.
*
*/
zonelist_type*
zonelist_create(allocator_type* allocator)
{
zonelist_type* zlist = NULL;
if (allocator) {
zlist = (zonelist_type*) allocator_alloc(allocator, sizeof(zonelist_type));
}
if (!zlist) {
ods_log_error("[%s] unable to create zonelist: allocator_alloc() "
"failed", zl_str);
return NULL;
}
zlist->allocator = allocator;
zlist->zones = ldns_rbtree_create(zone_compare);
if (!zlist->zones) {
ods_log_error("[%s] unable to create zonelist: ldns_rbtree_create() "
"failed", zl_str);
allocator_deallocate(allocator, (void*) zlist);
return NULL;
}
zlist->last_modified = 0;
lock_basic_init(&zlist->zl_lock);
return zlist;
}
/**
* Read a zonelist file.
*
*/
static ods_status
zonelist_read(zonelist_type* zl, const char* zlfile)
{
const char* rngfile = ODS_SE_RNGDIR "/zonelist.rng";
ods_status status = ODS_STATUS_OK;
ods_log_assert(zlfile);
ods_log_verbose("[%s] read file %s", zl_str, zlfile);
status = parse_file_check(zlfile, rngfile);
if (status != ODS_STATUS_OK) {
ods_log_error("[%s] unable to read file: parse error in %s", zl_str,
zlfile);
return status;
}
return parse_zonelist_zones((struct zonelist_struct*) zl, zlfile);
}
/**
* Convert a zone to a tree node.
*
*/
static ldns_rbnode_t*
zone2node(zone_type* zone)
{
ldns_rbnode_t* node = (ldns_rbnode_t*) malloc(sizeof(ldns_rbnode_t));
if (!node) {
return NULL;
}
node->key = zone;
node->data = zone;
return node;
}
/**
* Lookup zone.
*
*/
static zone_type*
zonelist_lookup_zone(zonelist_type* zonelist, zone_type* zone)
{
ldns_rbnode_t* node = LDNS_RBTREE_NULL;
if (zonelist && zonelist->zones && zone) {
node = ldns_rbtree_search(zonelist->zones, zone);
if (node) {
return (zone_type*) node->data;
}
}
return NULL;
}
/**
* Lookup zone by name.
*
*/
zone_type*
zonelist_lookup_zone_by_name(zonelist_type* zonelist, const char* name,
ldns_rr_class klass)
{
zone_type* zone = NULL;
zone_type* result = NULL;
if (zonelist && zonelist->zones && name && klass) {
zone = zone_create((char*) name, klass);
if (!zone) {
ods_log_error("[%s] unable to lookup zone %s: "
"zone_create() failed", zl_str, name);
/* result stays NULL */
} else {
result = zonelist_lookup_zone(zonelist, zone);
zone_cleanup(zone);
}
}
return result;
}
/**
* Lookup zone by dname.
*
*/
zone_type*
zonelist_lookup_zone_by_dname(zonelist_type* zonelist, ldns_rdf* dname,
ldns_rr_class klass)
{
char* name = NULL;
zone_type* result = NULL;
if (zonelist && zonelist->zones && dname && klass) {
name = ldns_rdf2str(dname);
result = zonelist_lookup_zone_by_name(zonelist, name, klass);
free((void*)name);
}
return result;
}
/**
* Add zone.
*
*/
zone_type*
zonelist_add_zone(zonelist_type* zlist, zone_type* zone)
{
ldns_rbnode_t* new_node = NULL;
if (!zone) {
return NULL;
}
if (!zlist || !zlist->zones) {
zone_cleanup(zone);
return NULL;
}
/* look up */
if (zonelist_lookup_zone(zlist, zone) != NULL) {
ods_log_warning("[%s] unable to add zone %s: already present", zl_str,
zone->name);
zone_cleanup(zone);
return NULL;
}
/* add */
new_node = zone2node(zone);
if (ldns_rbtree_insert(zlist->zones, new_node) == NULL) {
ods_log_error("[%s] unable to add zone %s: ldns_rbtree_insert() "
"failed", zl_str, zone->name);
free((void*) new_node);
zone_cleanup(zone);
return NULL;
}
zone->zl_status = ZONE_ZL_ADDED;
zlist->just_added++;
return zone;
}
/**
* Delete zone.
*
*/
zone_type*
zonelist_del_zone(zonelist_type* zlist, zone_type* zone)
{
ldns_rbnode_t* old_node = LDNS_RBTREE_NULL;
if (!zone) {
return NULL;
}
if (!zlist || !zlist->zones) {
goto zone_not_present;
}
old_node = ldns_rbtree_delete(zlist->zones, zone);
if (!old_node) {
goto zone_not_present;
}
free((void*) old_node);
return zone;
zone_not_present:
ods_log_warning("[%s] unable to delete zone %s: not present", zl_str,
zone->name);
return zone;
}
/**
* Merge zone lists.
*
*/
static void
zonelist_merge(zonelist_type* zl1, zonelist_type* zl2)
{
zone_type* z1 = NULL;
zone_type* z2 = NULL;
ldns_rbnode_t* n1 = LDNS_RBTREE_NULL;
ldns_rbnode_t* n2 = LDNS_RBTREE_NULL;
int ret = 0;
ods_log_assert(zl1);
ods_log_assert(zl2);
ods_log_assert(zl1->zones);
ods_log_assert(zl2->zones);
ods_log_debug("[%s] merge two zone lists", zl_str);
n1 = ldns_rbtree_first(zl1->zones);
n2 = ldns_rbtree_first(zl2->zones);
while (n2 && n2 != LDNS_RBTREE_NULL) {
z2 = (zone_type*) n2->data;
if (n1 && n1 != LDNS_RBTREE_NULL) {
z1 = (zone_type*) n1->data;
} else {
z1 = NULL;
}
if (!z2) {
/* no more zones to merge into zl1 */
return;
} else if (!z1) {
/* just add remaining zones from zl2 */
z2 = zonelist_add_zone(zl1, z2);
if (!z2) {
ods_log_crit("[%s] merge failed: z2 not added", zl_str);
return;
}
n2 = ldns_rbtree_next(n2);
} else {
/* compare the zones z1 and z2 */
ret = zone_compare(z1, z2);
if (ret < 0) {
/* remove zone z1, it is not present in the new list zl2 */
z1->zl_status = ZONE_ZL_REMOVED;
zl1->just_removed++;
n1 = ldns_rbtree_next(n1);
} else if (ret > 0) {
/* add the new zone z2 */
z2 = zonelist_add_zone(zl1, z2);
if (!z2) {
ods_log_crit("[%s] merge failed: z2 not added", zl_str);
return;
}
n2 = ldns_rbtree_next(n2);
} else {
/* just update zone z1 */
n1 = ldns_rbtree_next(n1);
n2 = ldns_rbtree_next(n2);
zone_merge(z1, z2);
zone_cleanup(z2);
if (z1->zl_status == ZONE_ZL_UPDATED) {
zl1->just_updated++;
}
z1->zl_status = ZONE_ZL_UPDATED;
}
}
}
/* remove remaining zones from z1 */
while (n1 && n1 != LDNS_RBTREE_NULL) {
z1 = (zone_type*) n1->data;
z1->zl_status = ZONE_ZL_REMOVED;
zl1->just_removed++;
n1 = ldns_rbtree_next(n1);
}
zl1->last_modified = zl2->last_modified;
return;
}
/**
* Update zone list.
*
*/
ods_status
zonelist_update(zonelist_type* zl, const char* zlfile)
{
zonelist_type* new_zlist = NULL;
allocator_type* tmp_alloc = NULL;
time_t st_mtime = 0;
ods_status status = ODS_STATUS_OK;
char* datestamp = NULL;
ods_log_debug("[%s] update zone list", zl_str);
if (!zl|| !zl->zones || !zlfile) {
return ODS_STATUS_ASSERT_ERR;
}
/* is the file updated? */
st_mtime = ods_file_lastmodified(zlfile);
if (st_mtime <= zl->last_modified) {
(void)time_datestamp(zl->last_modified, "%Y-%m-%d %T", &datestamp);
ods_log_debug("[%s] zonelist file %s is unchanged since %s",
zl_str, zlfile, datestamp?datestamp:"Unknown");
free((void*)datestamp);
return ODS_STATUS_UNCHANGED;
}
/* create new zonelist */
tmp_alloc = allocator_create(malloc, free);
if (!tmp_alloc) {
return ODS_STATUS_MALLOC_ERR;
}
new_zlist = zonelist_create(tmp_alloc);
if (!new_zlist) {
ods_log_error("[%s] unable to update zonelist: zonelist_create() "
"failed", zl_str);
allocator_cleanup(tmp_alloc);
return ODS_STATUS_ERR;
}
/* read zonelist */
status = zonelist_read(new_zlist, zlfile);
if (status == ODS_STATUS_OK) {
zl->just_removed = 0;
zl->just_added = 0;
zl->just_updated = 0;
new_zlist->last_modified = st_mtime;
zonelist_merge(zl, new_zlist);
(void)time_datestamp(zl->last_modified, "%Y-%m-%d %T", &datestamp);
ods_log_debug("[%s] file %s is modified since %s", zl_str, zlfile,
datestamp?datestamp:"Unknown");
free((void*)datestamp);
} else {
ods_log_error("[%s] unable to update zonelist: read file %s failed "
"(%s)", zl_str, zlfile, ods_status2str(status));
}
zonelist_free(new_zlist);
allocator_cleanup(tmp_alloc);
return status;
}
/**
* Internal zone cleanup function.
*
*/
static void
zone_delfunc(ldns_rbnode_t* elem)
{
zone_type* zone;
if (elem && elem != LDNS_RBTREE_NULL) {
zone = (zone_type*) elem->data;
zone_delfunc(elem->left);
zone_delfunc(elem->right);
ods_log_deeebug("[%s] cleanup zone %s", zl_str, zone->name);
zone_cleanup(zone);
free((void*)elem);
}
return;
}
/**
* Internal node cleanup function.
*
*/
static void
node_delfunc(ldns_rbnode_t* elem)
{
if (elem && elem != LDNS_RBTREE_NULL) {
node_delfunc(elem->left);
node_delfunc(elem->right);
free((void*)elem);
}
return;
}
/**
* Clean up a zonelist.
*
*/
void
zonelist_cleanup(zonelist_type* zl)
{
allocator_type* allocator;
lock_basic_type zl_lock;
if (!zl) {
return;
}
ods_log_debug("[%s] cleanup zonelist", zl_str);
if (zl->zones) {
zone_delfunc(zl->zones->root);
ldns_rbtree_free(zl->zones);
zl->zones = NULL;
}
allocator = zl->allocator;
zl_lock = zl->zl_lock;
allocator_deallocate(allocator, (void*) zl);
lock_basic_destroy(&zl_lock);
return;
}
/**
* Free zonelist.
*
*/
void
zonelist_free(zonelist_type* zl)
{
allocator_type* allocator;
lock_basic_type zl_lock;
if (!zl) {
return;
}
if (zl->zones) {
node_delfunc(zl->zones->root);
ldns_rbtree_free(zl->zones);
zl->zones = NULL;
}
allocator = zl->allocator;
zl_lock = zl->zl_lock;
allocator_deallocate(allocator, (void*) zl);
lock_basic_destroy(&zl_lock);
return;
}
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/signer/backup.c���������������������������������������������������������0000644�0001750�0001750�00000043061�12650165732�015600� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2006-2010 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Recover from backup.
*
*/
#include "config.h"
#include "adapter/adapi.h"
#include "adapter/adutil.h"
#include "shared/duration.h"
#include "shared/file.h"
#include "shared/log.h"
#include "shared/status.h"
#include "shared/util.h"
#include "signer/backup.h"
#include "signer/zone.h"
#include
static const char* backup_str = "backup";
/**
* Read token from backup file.
*
*/
char*
backup_read_token(FILE* in)
{
static char buf[4000];
buf[sizeof(buf)-1]=0;
while (1) {
if (fscanf(in, "%3990s", buf) != 1) {
return 0;
}
if (buf[0] != '#') {
return buf;
}
if (!fgets(buf, sizeof(buf), in)) {
return 0;
}
}
return 0;
}
/**
* Read and match a string from backup file.
*
*/
int
backup_read_check_str(FILE* in, const char* str)
{
char *p = backup_read_token(in);
if (!p) {
ods_log_debug("[%s] cannot read check string \'%s\'", backup_str, str);
return 0;
}
if (ods_strcmp(p, str) != 0) {
ods_log_debug("[%s] \'%s\' does not match \'%s\'", backup_str, p, str);
return 0;
}
return 1;
}
/**
* Read a string from backup file.
*
*/
int
backup_read_str(FILE* in, const char** str)
{
char *p = backup_read_token(in);
if (!p) {
ods_log_debug("[%s] cannot read string", backup_str);
return 0;
}
*str = strdup(p);
return 1;
}
/**
* Read time from backup file.
*
*/
int
backup_read_time_t(FILE* in, time_t* v)
{
char* p = backup_read_token(in);
if (!p) {
ods_log_debug("[%s] cannot read time", backup_str);
return 0;
}
*v=atol(p);
return 1;
}
/**
* Read duration from backup file.
*
*/
int
backup_read_duration(FILE* in, duration_type** v)
{
char* p = backup_read_token(in);
if (!p) {
ods_log_debug("[%s] cannot read duration", backup_str);
return 0;
}
*v=duration_create_from_string((const char*) p);
return 1;
}
/**
* Read rr type from backup file.
*
*/
int
backup_read_rr_type(FILE* in, ldns_rr_type* v)
{
char* p = backup_read_token(in);
if (!p) {
ods_log_debug("[%s] cannot read rr type", backup_str);
return 0;
}
*v=(ldns_rr_type) atoi(p);
return 1;
}
/**
* Read integer from backup file.
*
*/
int
backup_read_int(FILE* in, int* v)
{
char* p = backup_read_token(in);
if (!p) {
ods_log_debug("[%s] cannot read integer", backup_str);
return 0;
}
*v=atoi(p);
return 1;
}
/**
* Read size type from backup file.
*
*/
int
backup_read_size_t(FILE* in, size_t* v)
{
char* p = backup_read_token(in);
if (!p) {
ods_log_debug("[%s] cannot read size_t", backup_str);
return 0;
}
*v=(size_t)atoi(p);
return 1;
}
/**
* Read 8bit unsigned integer from backup file.
*
*/
int
backup_read_uint8_t(FILE* in, uint8_t* v)
{
char* p = backup_read_token(in);
if (!p) {
ods_log_debug("[%s] cannot read uint8_t", backup_str);
return 0;
}
*v= (uint8_t)atoi(p);
return 1;
}
/**
* Read 16bit unsigned integer from backup file.
*
*/
int
backup_read_uint16_t(FILE* in, uint16_t* v)
{
char* p = backup_read_token(in);
if (!p) {
ods_log_debug("[%s] cannot read uint16_t", backup_str);
return 0;
}
*v= (uint16_t)atoi(p);
return 1;
}
/**
* Read 32bit unsigned integer from backup file.
*
*/
int
backup_read_uint32_t(FILE* in, uint32_t* v)
{
char* p = backup_read_token(in);
if (!p) {
ods_log_debug("[%s] cannot read uint32_t", backup_str);
return 0;
}
*v= (uint32_t)atol(p);
return 1;
}
/**
* Read the next RR from the backup file.
*
*/
static ldns_rr*
backup_read_rr(FILE* in, zone_type* zone, char* line, ldns_rdf** orig,
ldns_rdf** prev, ldns_status* status, unsigned int* l)
{
ldns_rr* rr = NULL;
int len = 0;
backup_read_line:
len = adutil_readline_frm_file(in, line, l, 1);
if (len >= 0) {
switch (line[0]) {
case ';':
/* done */
*status = LDNS_STATUS_OK;
return NULL;
break;
case '\n':
case '\0':
goto backup_read_line; /* perhaps next line is rr */
break;
/* let's hope its a RR */
default:
*status = ldns_rr_new_frm_str(&rr, line, zone->default_ttl,
*orig, prev);
if (*status == LDNS_STATUS_OK) {
return rr;
} else if (*status == LDNS_STATUS_SYNTAX_EMPTY) {
if (rr) {
ldns_rr_free(rr);
rr = NULL;
}
*status = LDNS_STATUS_OK;
goto backup_read_line; /* perhaps next line is rr */
break;
} else {
ods_log_error("[%s] error parsing RR #%i (%s): %s",
backup_str, l&&*l?*l:0,
ldns_get_errorstr_by_id(*status), line);
if (rr) {
ldns_rr_free(rr);
rr = NULL;
}
return NULL;
}
break;
}
}
/* -1, EOF */
*status = LDNS_STATUS_OK;
return NULL;
}
/**
* Get locator from string.
*
*/
static char*
replace_space_with_nul(char* str)
{
int i = 0;
if (!str) {
return NULL;
}
i = strlen(str);
while (i>0) {
--i;
if (str[i] == ' ') {
str[i] = '\0';
}
}
return strdup(str);
}
/**
* Read namedb from backup file.
*
*/
ods_status
backup_read_namedb(FILE* in, void* zone)
{
zone_type* z = (zone_type*) zone;
denial_type* denial = NULL;
rrset_type* rrset = NULL;
ods_status result = ODS_STATUS_OK;
ldns_rr_type type_covered;
ldns_rr* rr = NULL;
ldns_rdf* prev = NULL;
ldns_rdf* orig = NULL;
ldns_rdf* dname = NULL;
ldns_status status = LDNS_STATUS_OK;
char line[SE_ADFILE_MAXLINE];
char* str = NULL;
char* locator = NULL;
uint32_t flags = 0;
unsigned int l = 0;
ods_log_assert(in);
ods_log_assert(z);
/* $ORIGIN */
dname = adapi_get_origin(z);
if (!dname) {
ods_log_error("[%s] error getting default value for $ORIGIN",
backup_str);
return ODS_STATUS_ERR;
}
orig = ldns_rdf_clone(dname);
if (!orig) {
ods_log_error("[%s] error setting default value for $ORIGIN",
backup_str);
return ODS_STATUS_ERR;
}
/* read RRs */
ods_log_debug("[%s] read RRs %s", backup_str, z->name);
while ((rr = backup_read_rr(in, z, line, &orig, &prev, &status, &l))
!= NULL) {
/* check status */
if (status != LDNS_STATUS_OK) {
ods_log_error("[%s] error reading RR #%i (%s): %s",
backup_str, l, ldns_get_errorstr_by_id(status), line);
result = ODS_STATUS_ERR;
goto backup_namedb_done;
}
/* add to the database */
result = adapi_add_rr(z, rr, 1);
if (result == ODS_STATUS_UNCHANGED) {
ods_log_debug("[%s] skipping RR #%i (duplicate): %s",
backup_str, l, line);
ldns_rr_free(rr);
rr = NULL;
result = ODS_STATUS_OK;
continue;
} else if (result != ODS_STATUS_OK) {
ods_log_error("[%s] error adding RR #%i: %s",
backup_str, l, line);
ldns_rr_free(rr);
rr = NULL;
goto backup_namedb_done;
}
}
if (result == ODS_STATUS_OK && status != LDNS_STATUS_OK) {
ods_log_error("[%s] error reading RR #%i (%s): %s",
backup_str, l, ldns_get_errorstr_by_id(status), line);
result = ODS_STATUS_ERR;
goto backup_namedb_done;
}
namedb_diff(z->db, 0, 0);
/* read NSEC(3)s */
ods_log_debug("[%s] read NSEC(3)s %s", backup_str, z->name);
l = 0;
while ((rr = backup_read_rr(in, z, line, &orig, &prev, &status, &l))
!= NULL) {
/* check status */
if (status != LDNS_STATUS_OK) {
ods_log_error("[%s] error reading NSEC(3) #%i (%s): %s",
backup_str, l, ldns_get_errorstr_by_id(status), line);
result = ODS_STATUS_ERR;
goto backup_namedb_done;
}
if (ldns_rr_get_type(rr) != LDNS_RR_TYPE_NSEC &&
ldns_rr_get_type(rr) != LDNS_RR_TYPE_NSEC3) {
ods_log_error("[%s] error NSEC(3) #%i is not NSEC(3): %s",
backup_str, l, line);
ldns_rr_free(rr);
rr = NULL;
result = ODS_STATUS_ERR;
goto backup_namedb_done;
}
/* add to the denial chain */
denial = namedb_lookup_denial(z->db, ldns_rr_owner(rr));
if (!denial) {
ods_log_error("[%s] error adding NSEC(3) #%i: %s",
backup_str, l, line);
ldns_rr_free(rr);
rr = NULL;
result = ODS_STATUS_ERR;
goto backup_namedb_done;
}
denial_add_rr(denial, rr);
}
if (result == ODS_STATUS_OK && status != LDNS_STATUS_OK) {
ods_log_error("[%s] error reading NSEC(3) #%i (%s): %s",
backup_str, l, ldns_get_errorstr_by_id(status), line);
result = ODS_STATUS_ERR;
goto backup_namedb_done;
}
/* read RRSIGs */
ods_log_debug("[%s] read RRSIGs %s", backup_str, z->name);
l = 0;
while ((rr = backup_read_rr(in, z, line, &orig, &prev, &status, &l))
!= NULL) {
/* check status */
if (status != LDNS_STATUS_OK) {
ods_log_error("[%s] error reading RRSIG #%i (%s): %s",
backup_str, l, ldns_get_errorstr_by_id(status), line);
result = ODS_STATUS_ERR;
goto backup_namedb_done;
}
if (ldns_rr_get_type(rr) != LDNS_RR_TYPE_RRSIG) {
ods_log_error("[%s] error RRSIG #%i is not RRSIG: %s",
backup_str, l, line);
ldns_rr_free(rr);
rr = NULL;
result = ODS_STATUS_ERR;
goto backup_namedb_done;
}
/* read locator and flags */
str = strstr(line, "flags");
if (str) {
flags = (uint32_t) atoi(str+6);
}
str = strstr(line, "locator");
if (str) {
locator = replace_space_with_nul(str+8);
}
/* add signatures */
type_covered = ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr));
if (type_covered == LDNS_RR_TYPE_NSEC ||
type_covered == LDNS_RR_TYPE_NSEC3) {
denial = namedb_lookup_denial(z->db, ldns_rr_owner(rr));
if (!denial) {
ods_log_error("[%s] error restoring RRSIG #%i (%s): %s",
backup_str, l, ldns_get_errorstr_by_id(status), line);
ldns_rr_free(rr);
rr = NULL;
result = ODS_STATUS_ERR;
goto backup_namedb_done;
}
rrset = denial->rrset;
} else {
rrset = zone_lookup_rrset(z, ldns_rr_owner(rr), type_covered);
}
if (!rrset || !rrset_add_rrsig(rrset, rr, locator, flags)) {
ods_log_error("[%s] error restoring RRSIG #%i (%s): %s",
backup_str, l, ldns_get_errorstr_by_id(status), line);
ldns_rr_free(rr);
rr = NULL;
result = ODS_STATUS_ERR;
goto backup_namedb_done;
} else {
rrset->needs_signing = 0;
}
}
if (result == ODS_STATUS_OK && status != LDNS_STATUS_OK) {
ods_log_error("[%s] error reading RRSIG #%i (%s): %s",
backup_str, l, ldns_get_errorstr_by_id(status), line);
result = ODS_STATUS_ERR;
}
backup_namedb_done:
if (orig) {
ldns_rdf_deep_free(orig);
orig = NULL;
}
if (prev) {
ldns_rdf_deep_free(prev);
prev = NULL;
}
return result;
}
/**
* Read ixfr journal from file.
*
*
*/
ods_status
backup_read_ixfr(FILE* in, void* zone)
{
zone_type* z = (zone_type*) zone;
ods_status result = ODS_STATUS_OK;
ldns_rr* rr = NULL;
ldns_rdf* prev = NULL;
ldns_rdf* orig = NULL;
ldns_rdf* dname = NULL;
ldns_status status = LDNS_STATUS_OK;
char line[SE_ADFILE_MAXLINE];
uint32_t serial = 0;
unsigned l = 0;
unsigned first_soa = 0;
unsigned del_mode = 0;
ods_log_assert(in);
ods_log_assert(z);
/* $ORIGIN */
dname = adapi_get_origin(z);
if (!dname) {
ods_log_error("[%s] error getting default value for $ORIGIN",
backup_str);
return ODS_STATUS_ERR;
}
orig = ldns_rdf_clone(dname);
if (!orig) {
ods_log_error("[%s] error setting default value for $ORIGIN",
backup_str);
return ODS_STATUS_ERR;
}
/* read RRs */
while ((rr = backup_read_rr(in, z, line, &orig, &prev, &status, &l))
!= NULL) {
/* check status */
if (status != LDNS_STATUS_OK) {
ods_log_error("[%s] error reading RR #%i (%s): %s",
backup_str, l, ldns_get_errorstr_by_id(status), line);
result = ODS_STATUS_ERR;
goto backup_ixfr_done;
}
if (first_soa == 2) {
ods_log_error("[%s] bad ixfr journal: trailing RRs after final "
"SOA", backup_str);
ldns_rr_free(rr);
rr = NULL;
result = ODS_STATUS_ERR;
goto backup_ixfr_done;
}
if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_SOA) {
serial = ldns_rdf2native_int32(
ldns_rr_rdf(rr, SE_SOA_RDATA_SERIAL));
if (!first_soa) {
ods_log_debug("[%s] ixfr first SOA: %s", backup_str,
ldns_rr2str(rr));
/* first SOA */
ldns_rr_free(rr);
rr = NULL;
if (z->db->outserial != serial) {
ods_log_error("[%s] bad ixfr journal: first SOA wrong "
"serial (was %u, expected %u)", backup_str,
serial, z->db->outserial);
result = ODS_STATUS_ERR;
goto backup_ixfr_done;
}
first_soa = 1;
continue;
}
ods_log_assert(first_soa);
if (!del_mode) {
if (z->db->outserial == serial) {
/* final SOA */
ods_log_debug("[%s] ixfr final SOA: %s", backup_str,
ldns_rr2str(rr));
ldns_rr_free(rr);
rr = NULL;
result = ODS_STATUS_OK;
first_soa = 2;
continue;
} else {
ods_log_debug("[%s] new part SOA: %s", backup_str,
ldns_rr2str(rr));
lock_basic_lock(&z->ixfr->ixfr_lock);
ixfr_purge(z->ixfr);
lock_basic_unlock(&z->ixfr->ixfr_lock);
}
} else {
ods_log_debug("[%s] second part SOA: %s", backup_str,
ldns_rr2str(rr));
}
del_mode = !del_mode;
}
/* ixfr add or del rr */
if (!first_soa) {
ods_log_error("[%s] bad ixfr journal: first RR not SOA",
backup_str);
ldns_rr_free(rr);
rr = NULL;
result = ODS_STATUS_ERR;
goto backup_ixfr_done;
}
ods_log_assert(first_soa);
lock_basic_lock(&z->ixfr->ixfr_lock);
if (del_mode) {
ods_log_deeebug("[%s] -IXFR: %s", backup_str, ldns_rr2str(rr));
ixfr_del_rr(z->ixfr, rr);
} else {
ods_log_deeebug("[%s] +IXFR: %s", backup_str, ldns_rr2str(rr));
ixfr_add_rr(z->ixfr, rr);
}
lock_basic_unlock(&z->ixfr->ixfr_lock);
}
if (result == ODS_STATUS_OK && status != LDNS_STATUS_OK) {
ods_log_error("[%s] error reading RR #%i (%s): %s",
backup_str, l, ldns_get_errorstr_by_id(status), line);
result = ODS_STATUS_ERR;
}
backup_ixfr_done:
if (orig) {
ldns_rdf_deep_free(orig);
orig = NULL;
}
if (prev) {
ldns_rdf_deep_free(prev);
prev = NULL;
}
return result;
}
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/signer/zonelist.h�������������������������������������������������������0000644�0001750�0001750�00000006424�12650165732�016211� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
*
* The zonelist and all.
*/
#ifndef SIGNER_ZONELIST_H
#define SIGNER_ZONELIST_H
#include "shared/allocator.h"
#include "shared/locks.h"
#include "signer/zone.h"
#include
#include
#include
/**
* Zone list
*
*/
typedef struct zonelist_struct zonelist_type;
struct zonelist_struct {
allocator_type* allocator;
ldns_rbtree_t* zones;
time_t last_modified;
int just_added;
int just_updated;
int just_removed;
lock_basic_type zl_lock;
};
/**
* Create zone list.
* \param[in] allocator memory allocator
* \return zonelist_type* created zone list
*
*/
zonelist_type* zonelist_create(allocator_type* allocator);
/**
* Lookup zone by name and class.
* \param[in] zl zone list
* \param[in] name zone name
* \param[in] klass zone class
* \return zone_type* found zone
*
*/
zone_type* zonelist_lookup_zone_by_name(zonelist_type* zonelist,
const char* name, ldns_rr_class klass);
/**
* Lookup zone by dname and class.
* \param[in] zl zone list
* \param[in] dname zone domain name
* \param[in] klass zone class
* \return zone_type* found zone
*
*/
zone_type* zonelist_lookup_zone_by_dname(zonelist_type* zonelist,
ldns_rdf* dname, ldns_rr_class klass);
/**
* Add zone.
* \param[in] zl zone list
* \param[in] zone zone
* \return zone_type* added zone
*
*/
zone_type* zonelist_add_zone(zonelist_type* zl, zone_type* zone);
/**
* Delete zone.
* \param[in] zl zone list
* \param[in] zone zone
* \return zone_type* deleted zone
*
*/
zone_type* zonelist_del_zone(zonelist_type* zlist, zone_type* zone);
/**
* Update zonelist.
* \param[in] zl zone list
* \param[in] zlfile zone list filename
* \return ods_status status
*
*/
ods_status zonelist_update(zonelist_type* zl, const char* zlfile);
/**
* Clean up zone list.
* \param[in] zl zone list
*
*/
void zonelist_cleanup(zonelist_type* zl);
/**
* Free zone list.
* \param[in] zl zone list
*
*/
void zonelist_free(zonelist_type* zl);
#endif /* SIGNER_ZONELIST_H */
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/signer/stats.h����������������������������������������������������������0000644�0001750�0001750�00000005234�12650165732�015476� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Signer statistics.
*
*/
#ifndef SIGNER_STATS_H
#define SIGNER_STATS_H
#include "shared/locks.h"
#include
#include
#include
#include
#ifdef HAVE_SYS_TYPES_H
# include
#endif
#ifdef HAVE_UNISTD_H
# include
#endif
#include
/**
* Statistics structure.
*/
typedef struct stats_struct stats_type;
struct stats_struct {
int32_t sort_count;
time_t sort_time;
int sort_done;
int32_t nsec_count;
time_t nsec_time;
int32_t sig_count;
int32_t sig_soa_count;
int32_t sig_reuse;
time_t sig_time;
time_t audit_time;
time_t start_time;
time_t end_time;
lock_basic_type stats_lock;
};
/**
* Initialize statistics.
* \return the initialized stats;
*
*/
stats_type* stats_create(void);
/**
* Log statistics.
* \param[in] stats statistics
* \param[in] name zone name
* \param[in] serial serial
* \param[in] nsec_type NSEC or NSEC3
*
*/
void stats_log(stats_type* stats, const char* name, uint32_t serial,
ldns_rr_type nsec_type);
/**
* Clear statistics.
* \param[in] stats statistics to be cleared
*
*/
void stats_clear(stats_type* stats);
/**
* Clean up statistics.
* \param[in] stats statistics to be deleted
*
*/
void stats_cleanup(stats_type* stats);
#endif /* SIGNER_STATS_H */
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/signer/stats.c����������������������������������������������������������0000644�0001750�0001750�00000005713�12650165732�015473� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Signer statistics.
*
*/
#include "shared/log.h"
#include "signer/stats.h"
/**
* Initialize statistics.
*
*/
stats_type*
stats_create(void)
{
stats_type* stats = (stats_type*) malloc(sizeof(stats_type));
stats_clear(stats);
lock_basic_init(&stats->stats_lock);
return stats;
}
/**
* Clear statistics.
*
*/
void
stats_clear(stats_type* stats)
{
ods_log_assert(stats);
stats->sort_count = 0;
stats->sort_time = 0;
stats->sort_done = 0;
stats->nsec_count = 0;
stats->nsec_time = 0;
stats->sig_count = 0;
stats->sig_soa_count = 0;
stats->sig_reuse = 0;
stats->sig_time = 0;
stats->start_time = 0;
stats->end_time = 0;
}
/**
* Log statistics.
*
*/
void
stats_log(stats_type* stats, const char* name, uint32_t serial,
ldns_rr_type nsec_type)
{
uint32_t avsign = 0;
if (!stats) {
return;
}
ods_log_assert(stats);
if (stats->sig_time) {
avsign = (uint32_t) (stats->sig_count/stats->sig_time);
}
ods_log_info("[STATS] %s %u RR[count=%d time=%u(sec)] "
"NSEC%s[count=%d time=%u(sec)] "
"RRSIG[new=%d reused=%d time=%u(sec) avg=%u(sig/sec)] "
"TOTAL[time=%u(sec)] ",
name?name:"(null)", (unsigned) serial,
stats->sort_count, stats->sort_time,
nsec_type==LDNS_RR_TYPE_NSEC3?"3":"", stats->nsec_count,
stats->nsec_time, stats->sig_count, stats->sig_reuse,
stats->sig_time, avsign,
(uint32_t) (stats->end_time - stats->start_time));
return;
}
/**
* Clean up statistics.
*
*/
void
stats_cleanup(stats_type* stats)
{
lock_basic_destroy(&stats->stats_lock);
free((void*) stats);
return;
}
�����������������������������������������������������opendnssec-1.4.9/signer/src/signer/ixfr.c�����������������������������������������������������������0000644�0001750�0001750�00000017407�12650165732�015310� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* IXFR Journal.
*
*/
#include "config.h"
#include "shared/util.h"
#include "signer/ixfr.h"
#include "signer/rrset.h"
#include "signer/zone.h"
static const char* ixfr_str = "journal";
/**
* Create a part of ixfr journal.
*
*/
static part_type*
part_create(allocator_type* allocator)
{
part_type* part = NULL;
ods_log_assert(allocator);
part = (part_type*) allocator_alloc(allocator, sizeof(part_type));
if (!part) {
ods_log_error("[%s] unable to create ixfr part: "
"allocator_alloc() failed", ixfr_str);
return NULL;
}
part->soaplus = NULL;
part->soamin = NULL;
part->plus = ldns_rr_list_new();
if (!part->plus) {
ods_log_error("[%s] unable to create ixfr part: "
"ldns_rr_list_new() failed", ixfr_str);
allocator_deallocate(allocator, (void*) part);
return NULL;
}
part->min = ldns_rr_list_new();
if (!part->min) {
ods_log_error("[%s] unable to create ixfr part: "
"ldns_rr_list_new() failed", ixfr_str);
ldns_rr_list_free(part->plus);
allocator_deallocate(allocator, (void*) part);
return NULL;
}
return part;
}
/**
* Clean up a part of ixfr journal.
*
*/
static void
part_cleanup(allocator_type* allocator, part_type* part)
{
if (!part || !allocator) {
return;
}
ldns_rr_list_deep_free(part->min);
ldns_rr_list_free(part->plus);
allocator_deallocate(allocator, (void*) part);
return;
}
/**
* Create a new ixfr journal.
*
*/
ixfr_type*
ixfr_create(void* zone)
{
size_t i = 0;
ixfr_type* xfr = NULL;
zone_type* z = (zone_type*) zone;
ods_log_assert(z);
ods_log_assert(z->name);
ods_log_assert(z->allocator);
xfr = (ixfr_type*) allocator_alloc(z->allocator, sizeof(ixfr_type));
if (!xfr) {
ods_log_error("[%s] unable to create ixfr for zone %s: "
"allocator_alloc() failed", ixfr_str, z->name);
return NULL;
}
for (i=0; i < IXFR_MAX_PARTS; i++) {
xfr->part[i] = NULL;
}
xfr->zone = zone;
lock_basic_init(&xfr->ixfr_lock);
return xfr;
}
/**
* Add +RR to ixfr journal.
*
*/
void
ixfr_add_rr(ixfr_type* ixfr, ldns_rr* rr)
{
zone_type* zone = NULL;
if (!ixfr || !rr) {
return;
}
zone = (zone_type*) ixfr->zone;
ods_log_assert(zone);
ods_log_assert(zone->db);
if (!zone->db->is_initialized) {
/* no ixfr yet */
return;
}
ods_log_assert(ixfr->part[0]);
ods_log_assert(ixfr->part[0]->plus);
if (!ldns_rr_list_push_rr(ixfr->part[0]->plus, rr)) {
ods_fatal_exit("[%s] fatal unable to +RR: ldns_rr_list_push_rr() failed",
ixfr_str);
}
if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_SOA) {
ixfr->part[0]->soaplus = rr;
}
return;
}
/**
* Add -RR to ixfr journal.
*
*/
void
ixfr_del_rr(ixfr_type* ixfr, ldns_rr* rr)
{
zone_type* zone = NULL;
if (!ixfr || !rr) {
return;
}
zone = (zone_type*) ixfr->zone;
ods_log_assert(zone);
ods_log_assert(zone->db);
if (!zone->db->is_initialized) {
/* no ixfr yet */
return;
}
ods_log_assert(ixfr->part[0]);
ods_log_assert(ixfr->part[0]->min);
if (!ldns_rr_list_push_rr(ixfr->part[0]->min, rr)) {
ods_fatal_exit("[%s] fatal unable to -RR: ldns_rr_list_push_rr() failed",
ixfr_str);
}
if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_SOA) {
ixfr->part[0]->soamin = rr;
}
return;
}
/**
* Print all RRs in list, except SOA RRs.
*
*/
static int
part_rr_list_print_nonsoa(FILE* fd, ldns_rr_list* list)
{
size_t i = 0;
int error = 0;
if (!list || !fd) {
return 1;
}
for (i = 0; i < ldns_rr_list_rr_count(list); i++) {
if (ldns_rr_get_type(ldns_rr_list_rr(list, i)) != LDNS_RR_TYPE_SOA) {
if (util_rr_print(fd, ldns_rr_list_rr(list, i)) != ODS_STATUS_OK) {
error = 1;
}
}
}
return error;
}
/**
* Print part of the ixfr journal.
*
*/
static void
part_print(FILE* fd, ixfr_type* ixfr, size_t i)
{
zone_type* zone = NULL;
part_type* part = NULL;
int error = 0;
if (!ixfr || !fd) {
return;
}
zone = (zone_type*) ixfr->zone;
part = ixfr->part[i];
if (!part) {
return;
}
ods_log_assert(part->min);
ods_log_assert(part->plus);
ods_log_assert(part->soamin);
ods_log_assert(part->soaplus);
if (util_rr_print(fd, part->soamin) != ODS_STATUS_OK) {
zone->adoutbound->error = 1;
}
error = part_rr_list_print_nonsoa(fd, part->min);
if (error) {
zone->adoutbound->error = 1;
}
if (util_rr_print(fd, part->soaplus) != ODS_STATUS_OK) {
zone->adoutbound->error = 1;
}
error = part_rr_list_print_nonsoa(fd, part->plus);
if (error) {
zone->adoutbound->error = 1;
}
return;
}
/**
* Print the ixfr journal.
*
*/
void
ixfr_print(FILE* fd, ixfr_type* ixfr)
{
int i = 0;
if (!ixfr || !fd) {
return;
}
ods_log_debug("[%s] print ixfr", ixfr_str);
for (i = IXFR_MAX_PARTS - 1; i >= 0; i--) {
ods_log_deeebug("[%s] print ixfr part #%d", ixfr_str, i);
part_print(fd, ixfr, i);
}
return;
}
/**
* Purge the ixfr journal.
*
*/
void
ixfr_purge(ixfr_type* ixfr)
{
int i = 0;
zone_type* zone = NULL;
if (!ixfr) {
return;
}
zone = (zone_type*) ixfr->zone;
ods_log_assert(zone);
ods_log_assert(zone->allocator);
ods_log_debug("[%s] purge ixfr for zone %s", ixfr_str, zone->name);
for (i = IXFR_MAX_PARTS - 1; i >= 0; i--) {
if (i == (IXFR_MAX_PARTS - 1)) {
part_cleanup(zone->allocator, ixfr->part[i]);
ixfr->part[i] = NULL;
} else {
ixfr->part[i+1] = ixfr->part[i];
ixfr->part[i] = NULL;
}
}
ixfr->part[0] = part_create(zone->allocator);
if (!ixfr->part[0]) {
ods_fatal_exit("[%s] fatal unable to purge ixfr for zone %s: "
"part_create() failed", ixfr_str, zone->name);
}
return;
}
/**
* Cleanup the ixfr journal.
*
*/
void
ixfr_cleanup(ixfr_type* ixfr)
{
int i = 0;
zone_type* z = NULL;
lock_basic_type ixfr_lock;
if (!ixfr) {
return;
}
z = (zone_type*) ixfr->zone;
ixfr_lock = ixfr->ixfr_lock;
for (i = IXFR_MAX_PARTS - 1; i >= 0; i--) {
part_cleanup(z->allocator, ixfr->part[i]);
}
allocator_deallocate(z->allocator, (void*) ixfr);
lock_basic_destroy(&ixfr_lock);
return;
}
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/signer/namedb.c���������������������������������������������������������0000644�0001750�0001750�00000100260�12650165732�015554� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Domain name database.
*
*/
#include "config.h"
#include "shared/allocator.h"
#include "shared/file.h"
#include "shared/log.h"
#include "shared/util.h"
#include "signer/backup.h"
#include "signer/namedb.h"
#include "signer/zone.h"
const char* db_str = "namedb";
/**
* Convert a domain to a tree node.
*
*/
static ldns_rbnode_t*
domain2node(domain_type* domain)
{
ldns_rbnode_t* node = (ldns_rbnode_t*) malloc(sizeof(ldns_rbnode_t));
if (!node) {
return NULL;
}
node->key = domain->dname;
node->data = domain;
return node;
}
/**
* Convert a denial to a tree node.
*
*/
static ldns_rbnode_t*
denial2node(denial_type* denial)
{
ldns_rbnode_t* node = (ldns_rbnode_t*) malloc(sizeof(ldns_rbnode_t));
if (!node) {
return NULL;
}
node->key = denial->dname;
node->data = denial;
return node;
}
/**
* Compare domains.
*
*/
static int
domain_compare(const void* a, const void* b)
{
ldns_rdf* x = (ldns_rdf*)a;
ldns_rdf* y = (ldns_rdf*)b;
return ldns_dname_compare(x, y);
}
/**
* Initialize denials.
*
*/
void
namedb_init_denials(namedb_type* db)
{
if (db) {
db->denials = ldns_rbtree_create(domain_compare);
}
return;
}
/**
* Initialize domains.
*
*/
static void
namedb_init_domains(namedb_type* db)
{
if (db) {
db->domains = ldns_rbtree_create(domain_compare);
}
return;
}
/**
* Create a new namedb.
*
*/
namedb_type*
namedb_create(void* zone)
{
namedb_type* db = NULL;
zone_type* z = (zone_type*) zone;
ods_log_assert(z);
ods_log_assert(z->name);
ods_log_assert(z->allocator);
db = (namedb_type*) allocator_alloc(z->allocator, sizeof(namedb_type));
if (!db) {
ods_log_error("[%s] unable to create namedb for zone %s: "
"allocator_alloc() failed", db_str, z->name);
return NULL;
}
db->zone = zone;
namedb_init_domains(db);
if (!db->domains) {
ods_log_error("[%s] unable to create namedb for zone %s: "
"init domains failed", db_str, z->name);
namedb_cleanup(db);
return NULL;
}
namedb_init_denials(db);
if (!db->denials) {
ods_log_error("[%s] unable to create namedb for zone %s: "
"init denials failed", db_str, z->name);
namedb_cleanup(db);
return NULL;
}
db->inbserial = 0;
db->intserial = 0;
db->outserial = 0;
db->altserial = 0;
db->is_initialized = 0;
db->have_serial = 0;
db->is_processed = 0;
db->serial_updated = 0;
db->force_serial = 0;
return db;
}
/**
* Internal lookup domain function.
*
*/
static void*
namedb_domain_search(ldns_rbtree_t* tree, ldns_rdf* dname)
{
ldns_rbnode_t* node = LDNS_RBTREE_NULL;
if (!tree || !dname) {
return NULL;
}
node = ldns_rbtree_search(tree, dname);
if (node && node != LDNS_RBTREE_NULL) {
return (void*) node->data;
}
return NULL;
}
static uint32_t
max(uint32_t a, uint32_t b)
{
return (aoutserial, inbound_serial);
if (!db->have_serial) {
prev = inbound_serial;
}
ods_log_debug("[%s] zone %s update serial: format=%s in=%u internal=%u "
"out=%u now=%u", db_str, zone_name, format, db->inbserial,
db->intserial, db->outserial, (uint32_t) time_now());
if (db->force_serial) {
soa = db->altserial;
if (!util_serial_gt(soa, prev)) {
ods_log_warning("[%s] zone %s unable to enforce serial: %u does not "
" increase %u. Serial set to %u", db_str, zone_name, soa, prev,
(prev+1));
soa = prev + 1;
} else {
ods_log_info("[%s] zone %s enforcing serial %u", db_str, zone_name,
soa);
}
db->force_serial = 0;
} else if (ods_strcmp(format, "unixtime") == 0) {
soa = (uint32_t) time_now();
if (!util_serial_gt(soa, prev)) {
if (!db->have_serial) {
ods_log_warning("[%s] zone %s unable to use unixtime as serial: "
"%u does not increase %u. Serial set to %u", db_str,
zone_name, soa, prev, (prev+1));
}
soa = prev + 1;
}
} else if (ods_strcmp(format, "datecounter") == 0) {
soa = (uint32_t) time_datestamp(0, "%Y%m%d", NULL) * 100;
if (!util_serial_gt(soa, prev)) {
if (!db->have_serial) {
ods_log_warning("[%s] zone %s unable to use datecounter as "
"serial: %u does not increase %u. Serial set to %u", db_str,
zone_name, soa, prev, (prev+1));
}
soa = prev + 1;
}
} else if (ods_strcmp(format, "counter") == 0) {
soa = inbound_serial + 1;
if (db->have_serial && !util_serial_gt(soa, prev)) {
soa = prev + 1;
}
} else if (ods_strcmp(format, "keep") == 0) {
prev = db->outserial;
soa = inbound_serial;
if (db->have_serial && !util_serial_gt(soa, prev)) {
ods_log_error("[%s] zone %s cannot keep SOA SERIAL from input zone "
" (%u): previous output SOA SERIAL is %u", db_str, zone_name,
soa, prev);
return ODS_STATUS_CONFLICT_ERR;
}
} else {
ods_log_error("[%s] zone %s unknown serial type %s", db_str, zone_name,
format);
return ODS_STATUS_ERR;
}
/* serial is stored in 32 bits */
update = soa - prev;
if (update > 0x7FFFFFFF) {
update = 0x7FFFFFFF;
}
if (!db->have_serial) {
db->intserial = soa;
} else {
db->intserial = prev + update; /* automatically does % 2^32 */
}
ods_log_debug("[%s] zone %s update serial: %u + %u = %u", db_str, zone_name,
prev, update, db->intserial);
return ODS_STATUS_OK;
}
/**
* Add empty non-terminals for domain.
*
*/
ods_status
namedb_domain_entize(namedb_type* db, domain_type* domain, ldns_rdf* apex)
{
ldns_rdf* parent_rdf = NULL;
domain_type* parent_domain = NULL;
ods_log_assert(apex);
ods_log_assert(domain);
ods_log_assert(domain->dname);
ods_log_assert(db);
ods_log_assert(db->domains);
if (domain->parent) {
/* domain already has parent */
return ODS_STATUS_OK;
}
while (domain && ldns_dname_is_subdomain(domain->dname, apex) &&
ldns_dname_compare(domain->dname, apex) != 0) {
/**
* RFC5155:
* 4. If the difference in number of labels between the apex and
* the original owner name is greater than 1, additional NSEC3
* RRs need to be added for every empty non-terminal between
* the apex and the original owner name.
*/
parent_rdf = ldns_dname_left_chop(domain->dname);
if (!parent_rdf) {
ods_log_error("[%s] unable to entize domain: left chop failed",
db_str);
return ODS_STATUS_ERR;
}
parent_domain = namedb_lookup_domain(db, parent_rdf);
if (!parent_domain) {
parent_domain = namedb_add_domain(db, parent_rdf);
ldns_rdf_deep_free(parent_rdf);
if (!parent_domain) {
ods_log_error("[%s] unable to entize domain: failed to add "
"parent domain", db_str);
return ODS_STATUS_ERR;
}
domain->parent = parent_domain;
/* continue with the parent domain */
domain = parent_domain;
} else {
ldns_rdf_deep_free(parent_rdf);
domain->parent = parent_domain;
/* domain has parent, entize done */
domain = NULL;
}
}
return ODS_STATUS_OK;
}
/**
* Lookup domain.
*
*/
domain_type*
namedb_lookup_domain(namedb_type* db, ldns_rdf* dname)
{
if (!db) {
return NULL;
}
return (domain_type*) namedb_domain_search(db->domains, dname);
}
/**
* Add domain to namedb.
*
*/
domain_type*
namedb_add_domain(namedb_type* db, ldns_rdf* dname)
{
domain_type* domain = NULL;
ldns_rbnode_t* new_node = LDNS_RBTREE_NULL;
if (!dname || !db || !db->domains) {
return NULL;
}
domain = domain_create(db->zone, dname);
if (!domain) {
ods_log_error("[%s] unable to add domain: domain_create() failed",
db_str);
return NULL;
}
new_node = domain2node(domain);
if (!new_node) {
ods_log_error("[%s] unable to add domain: domain2node() failed",
db_str);
return NULL;
}
if (ldns_rbtree_insert(db->domains, new_node) == NULL) {
ods_log_error("[%s] unable to add domain: already present", db_str);
log_dname(domain->dname, "ERR +DOMAIN", LOG_ERR);
domain_cleanup(domain);
free((void*)new_node);
return NULL;
}
domain = (domain_type*) new_node->data;
domain->node = new_node;
domain->is_new = 1;
log_dname(domain->dname, "+DOMAIN", LOG_DEEEBUG);
return domain;
}
/**
* Delete domain from namedb
*
*/
domain_type*
namedb_del_domain(namedb_type* db, domain_type* domain)
{
ldns_rbnode_t* node = LDNS_RBTREE_NULL;
if (!domain || !db || !db->domains) {
ods_log_error("[%s] unable to delete domain: !db || !domain", db_str);
return NULL;
}
if (domain->rrsets || domain->denial) {
ods_log_error("[%s] unable to delete domain: domain in use", db_str);
log_dname(domain->dname, "ERR -DOMAIN", LOG_ERR);
return NULL;
}
node = ldns_rbtree_delete(db->domains, (const void*)domain->dname);
if (node) {
ods_log_assert(domain->node == node);
ods_log_assert(!domain->rrsets);
ods_log_assert(!domain->denial);
free((void*)node);
domain->node = NULL;
log_dname(domain->dname, "-DOMAIN", LOG_DEEEBUG);
return domain;
}
ods_log_error("[%s] unable to delete domain: not found", db_str);
log_dname(domain->dname, "ERR -DOMAIN", LOG_ERR);
return NULL;
}
/**
* Lookup denial.
*
*/
denial_type*
namedb_lookup_denial(namedb_type* db, ldns_rdf* dname)
{
if (!db) {
return NULL;
}
return (denial_type*) namedb_domain_search(db->denials, dname);
}
/**
* See if a domain is an empty terminal
*
*/
static int
domain_is_empty_terminal(domain_type* domain)
{
ldns_rbnode_t* n = LDNS_RBTREE_NULL;
domain_type* d = NULL;
ods_log_assert(domain);
if (domain->is_apex) {
return 0;
}
if (domain->rrsets) {
return 0;
}
n = ldns_rbtree_next(domain->node);
if (n) {
d = (domain_type*) n->data;
}
/* if it has children domains, do not delete it */
if(d && ldns_dname_is_subdomain(d->dname, domain->dname)) {
return 0;
}
return 1;
}
/**
* See if a domain can be deleted
*
*/
static int
domain_can_be_deleted(domain_type* domain)
{
ods_log_assert(domain);
return (domain_is_empty_terminal(domain) && !domain->denial);
}
/**
* Add NSEC data point.
*
*/
static void
namedb_add_nsec_trigger(namedb_type* db, domain_type* domain)
{
ldns_rr_type dstatus = LDNS_RR_TYPE_FIRST;
denial_type* denial = NULL;
ods_log_assert(db);
ods_log_assert(domain);
ods_log_assert(!domain->denial);
dstatus = domain_is_occluded(domain);
if (dstatus == LDNS_RR_TYPE_DNAME || dstatus == LDNS_RR_TYPE_A) {
return; /* don't do occluded/glue domain */
}
if (!domain->rrsets) {
return; /* don't do empty domain */
}
/* ok, nsecify this domain */
denial = namedb_add_denial(db, domain->dname, NULL);
ods_log_assert(denial);
denial->domain = (void*) domain;
domain->denial = (void*) denial;
domain->is_new = 0;
return;
}
/**
* Add NSEC3 data point.
*
*/
static void
namedb_add_nsec3_trigger(namedb_type* db, domain_type* domain,
nsec3params_type* n3p)
{
ldns_rr_type dstatus = LDNS_RR_TYPE_FIRST;
denial_type* denial = NULL;
ods_log_assert(db);
ods_log_assert(n3p);
ods_log_assert(domain);
ods_log_assert(!domain->denial);
dstatus = domain_is_occluded(domain);
if (dstatus == LDNS_RR_TYPE_DNAME || dstatus == LDNS_RR_TYPE_A) {
return; /* don't do occluded/glue domain */
}
/* Opt-Out? */
if (n3p->flags) {
dstatus = domain_is_delegpt(domain);
/* If Opt-Out is being used, owner names of unsigned delegations
MAY be excluded. */
if (dstatus == LDNS_RR_TYPE_NS) {
return;
}
}
/* ok, nsecify3 this domain */
denial = namedb_add_denial(db, domain->dname, n3p);
ods_log_assert(denial);
denial->domain = (void*) domain;
domain->denial = (void*) denial;
domain->is_new = 0;
return;
}
/**
* See if denials need to be added.
*
*/
static void
namedb_add_denial_trigger(namedb_type* db, domain_type* domain)
{
zone_type* zone = NULL;
ods_log_assert(db);
ods_log_assert(domain);
if (!domain->denial) {
zone = (void*) domain->zone;
ods_log_assert(zone);
ods_log_assert(zone->signconf);
if (zone->signconf->nsec_type == LDNS_RR_TYPE_NSEC) {
namedb_add_nsec_trigger(db, domain);
} else {
ods_log_assert(zone->signconf->nsec_type == LDNS_RR_TYPE_NSEC3);
namedb_add_nsec3_trigger(db, domain, zone->signconf->nsec3params);
}
}
return;
}
/**
* Delete NSEC data point.
*
*/
static void
namedb_del_nsec_trigger(namedb_type* db, domain_type* domain)
{
ldns_rr_type dstatus = LDNS_RR_TYPE_FIRST;
denial_type* denial = NULL;
ods_log_assert(db);
ods_log_assert(domain);
ods_log_assert(domain->denial);
dstatus = domain_is_occluded(domain);
if (dstatus == LDNS_RR_TYPE_DNAME || dstatus == LDNS_RR_TYPE_A ||
domain_is_empty_terminal(domain) || !domain->rrsets) {
/* domain has become occluded/glue or empty non-terminal*/
denial_diff((denial_type*) domain->denial);
denial = namedb_del_denial(db, domain->denial);
denial_cleanup(denial);
domain->denial = NULL;
}
return;
}
/**
* Delete NSEC3 data point.
*
*/
static void
namedb_del_nsec3_trigger(namedb_type* db, domain_type* domain,
nsec3params_type* n3p)
{
ldns_rr_type dstatus = LDNS_RR_TYPE_FIRST;
denial_type* denial = NULL;
ods_log_assert(db);
ods_log_assert(n3p);
ods_log_assert(domain);
ods_log_assert(domain->denial);
dstatus = domain_is_occluded(domain);
if (dstatus == LDNS_RR_TYPE_DNAME || dstatus == LDNS_RR_TYPE_A ||
domain_is_empty_terminal(domain)) {
/* domain has become occluded/glue */
denial_diff((denial_type*) domain->denial);
denial = namedb_del_denial(db, domain->denial);
denial_cleanup(denial);
domain->denial = NULL;
} else if (n3p->flags) {
dstatus = domain_is_delegpt(domain);
/* If Opt-Out is being used, owner names of unsigned delegations
MAY be excluded. */
if (dstatus == LDNS_RR_TYPE_NS) {
denial_diff((denial_type*) domain->denial);
denial = namedb_del_denial(db, domain->denial);
denial_cleanup(denial);
domain->denial = NULL;
}
}
return;
}
/**
* See if domains/denials can be deleted.
*
*/
static int
namedb_del_denial_trigger(namedb_type* db, domain_type* domain, int rollback)
{
domain_type* parent = NULL;
zone_type* zone = NULL;
unsigned is_deleted = 0;
ods_log_assert(db);
ods_log_assert(domain);
ods_log_assert(domain->dname);
zone = (void*) domain->zone;
ods_log_assert(zone);
ods_log_assert(zone->signconf);
while(domain) {
if (!rollback) {
if (domain->denial) {
if (zone->signconf->nsec_type == LDNS_RR_TYPE_NSEC) {
namedb_del_nsec_trigger(db, domain);
} else {
ods_log_assert(zone->signconf->nsec_type ==
LDNS_RR_TYPE_NSEC3);
namedb_del_nsec3_trigger(db, domain,
zone->signconf->nsec3params);
}
}
}
parent = domain->parent;
if (domain_can_be_deleted(domain)) {
/* -DOMAIN */
domain = namedb_del_domain(db, domain);
domain_cleanup(domain);
is_deleted = 1;
}
/* continue with parent */
domain = parent;
}
return is_deleted;
}
/**
* Hash domain name.
*
*/
static ldns_rdf*
dname_hash(ldns_rdf* dname, ldns_rdf* apex, nsec3params_type* nsec3params)
{
ldns_rdf* hashed_ownername = NULL;
ldns_rdf* hashed_label = NULL;
ods_log_assert(dname);
ods_log_assert(apex);
ods_log_assert(nsec3params);
/**
* The owner name of the NSEC3 RR is the hash of the original owner
* name, prepended as a single label to the zone name.
*/
hashed_label = ldns_nsec3_hash_name(dname, nsec3params->algorithm,
nsec3params->iterations, nsec3params->salt_len,
nsec3params->salt_data);
if (!hashed_label) {
return NULL;
}
hashed_ownername = ldns_dname_cat_clone((const ldns_rdf*) hashed_label,
(const ldns_rdf*) apex);
if (!hashed_ownername) {
return NULL;
}
ldns_rdf_deep_free(hashed_label);
return hashed_ownername;
}
/**
* Add denial to namedb.
*
*/
denial_type*
namedb_add_denial(namedb_type* db, ldns_rdf* dname, nsec3params_type* n3p)
{
zone_type* z = NULL;
ldns_rbnode_t* new_node = LDNS_RBTREE_NULL;
ldns_rbnode_t* pnode = LDNS_RBTREE_NULL;
ldns_rdf* owner = NULL;
denial_type* denial = NULL;
denial_type* pdenial = NULL;
ods_log_assert(db);
ods_log_assert(db->denials);
ods_log_assert(dname);
/* nsec or nsec3 */
if (n3p) {
z = (zone_type*) db->zone;
owner = dname_hash(dname, z->apex, n3p);
} else {
owner = ldns_rdf_clone(dname);
}
if (!owner) {
ods_log_error("[%s] unable to add denial: create owner failed",
db_str);
return NULL;
}
denial = denial_create(db->zone, owner);
if (!denial) {
ods_log_error("[%s] unable to add denial: denial_create() failed",
db_str);
return NULL;
}
new_node = denial2node(denial);
if (!new_node) {
ods_log_error("[%s] unable to add denial: denial2node() failed",
db_str);
return NULL;
}
if (!ldns_rbtree_insert(db->denials, new_node)) {
ods_log_error("[%s] unable to add denial: already present", db_str);
log_dname(denial->dname, "ERR +DENIAL", LOG_ERR);
denial_cleanup(denial);
free((void*)new_node);
return NULL;
}
/* denial of existence data point added */
denial = (denial_type*) new_node->data;
denial->node = new_node;
denial->nxt_changed = 1;
pnode = ldns_rbtree_previous(new_node);
if (!pnode || pnode == LDNS_RBTREE_NULL) {
pnode = ldns_rbtree_last(db->denials);
}
ods_log_assert(pnode);
pdenial = (denial_type*) pnode->data;
ods_log_assert(pdenial);
pdenial->nxt_changed = 1;
log_dname(denial->dname, "+DENIAL", LOG_DEEEBUG);
return denial;
}
/**
* Delete denial from namedb
*
*/
denial_type*
namedb_del_denial(namedb_type* db, denial_type* denial)
{
ldns_rbnode_t* node = LDNS_RBTREE_NULL;
ldns_rbnode_t* pnode = LDNS_RBTREE_NULL;
denial_type* pdenial = NULL;
if (!denial || !db || !db->denials) {
return NULL;
}
if (denial->rrset && denial->rrset->rr_count) {
ods_log_error("[%s] unable to delete denial: denial in use [#%u]",
db_str, denial->rrset->rr_count);
log_dname(denial->dname, "ERR -DENIAL", LOG_ERR);
return NULL;
}
pnode = ldns_rbtree_previous(denial->node);
if (!pnode || pnode == LDNS_RBTREE_NULL) {
pnode = ldns_rbtree_last(db->denials);
}
ods_log_assert(pnode);
pdenial = (denial_type*) pnode->data;
ods_log_assert(pdenial);
node = ldns_rbtree_delete(db->denials, (const void*)denial->dname);
if (!node) {
ods_log_error("[%s] unable to delete denial: not found", db_str);
log_dname(denial->dname, "ERR -DENIAL", LOG_ERR);
return NULL;
}
ods_log_assert(denial->node == node);
pdenial->nxt_changed = 1;
free((void*)node);
denial->domain = NULL;
denial->node = NULL;
log_dname(denial->dname, "-DENIAL", LOG_DEEEBUG);
return denial;
}
/**
* Apply differences in db.
*
*/
void
namedb_diff(namedb_type* db, unsigned is_ixfr, unsigned more_coming)
{
ldns_rbnode_t* node = LDNS_RBTREE_NULL;
domain_type* domain = NULL;
if (!db || !db->domains) {
return;
}
node = ldns_rbtree_first(db->domains);
if (!node || node == LDNS_RBTREE_NULL) {
return;
}
while (node && node != LDNS_RBTREE_NULL) {
domain = (domain_type*) node->data;
node = ldns_rbtree_next(node);
domain_diff(domain, is_ixfr, more_coming);
}
node = ldns_rbtree_first(db->domains);
if (!node || node == LDNS_RBTREE_NULL) {
return;
}
while (node && node != LDNS_RBTREE_NULL) {
domain = (domain_type*) node->data;
node = ldns_rbtree_next(node);
if (!namedb_del_denial_trigger(db, domain, 0)) {
/* del_denial did not delete domain */
namedb_add_denial_trigger(db, domain);
}
}
return;
}
/**
* Rollback differences in db.
*
*/
void
namedb_rollback(namedb_type* db, unsigned keepsc)
{
ldns_rbnode_t* node = LDNS_RBTREE_NULL;
domain_type* domain = NULL;
if (!db || !db->domains) {
return;
}
node = ldns_rbtree_first(db->domains);
if (!node || node == LDNS_RBTREE_NULL) {
return;
}
while (node && node != LDNS_RBTREE_NULL) {
domain = (domain_type*) node->data;
node = ldns_rbtree_next(node);
domain_rollback(domain, keepsc);
(void) namedb_del_denial_trigger(db, domain, 1);
}
return;
}
/**
* Nsecify db.
*
*/
void
namedb_nsecify(namedb_type* db, uint32_t* num_added)
{
ldns_rbnode_t* node = LDNS_RBTREE_NULL;
ldns_rbnode_t* nxt_node = LDNS_RBTREE_NULL;
denial_type* denial = NULL;
denial_type* nxt = NULL;
uint32_t nsec_added = 0;
ods_log_assert(db);
node = ldns_rbtree_first(db->denials);
while (node && node != LDNS_RBTREE_NULL) {
denial = (denial_type*) node->data;
nxt_node = ldns_rbtree_next(node);
if (!nxt_node || nxt_node == LDNS_RBTREE_NULL) {
nxt_node = ldns_rbtree_first(db->denials);
}
nxt = (denial_type*) nxt_node->data;
denial_nsecify(denial, nxt, &nsec_added);
node = ldns_rbtree_next(node);
}
if (num_added) {
*num_added = nsec_added;
}
return;
}
/**
* Examine updates to db.
*
*/
ods_status
namedb_examine(namedb_type* db)
{
ods_status status = ODS_STATUS_OK;
ldns_rbnode_t* node = LDNS_RBTREE_NULL;
domain_type* domain = NULL;
rrset_type* rrset = NULL;
int soa_seen = 0;
/*
ldns_rr_type dstatus = LDNS_RR_TYPE_FIRST;
ldns_rr_type delegpt = LDNS_RR_TYPE_FIRST;
*/
if (!db || !db->domains) {
/* no db, no error */
return ODS_STATUS_OK;
}
if (db->domains->root != LDNS_RBTREE_NULL) {
node = ldns_rbtree_first(db->domains);
}
while (node && node != LDNS_RBTREE_NULL) {
domain = (domain_type*) node->data;
rrset = domain_lookup_rrset(domain, LDNS_RR_TYPE_CNAME);
if (rrset) {
/* Thou shall not have other data next to CNAME */
if (domain_count_rrset_is_added(domain) > 1 &&
rrset_count_rr_is_added(rrset) > 0) {
log_rrset(domain->dname, rrset->rrtype,
"CNAME and other data at the same name", LOG_ERR);
return ODS_STATUS_CONFLICT_ERR;
}
/* Thou shall have at most one CNAME per name */
if (rrset_count_rr_is_added(rrset) > 1) {
log_rrset(domain->dname, rrset->rrtype,
"multiple CNAMEs at the same name", LOG_ERR);
return ODS_STATUS_CONFLICT_ERR;
}
}
rrset = domain_lookup_rrset(domain, LDNS_RR_TYPE_DNAME);
if (rrset) {
/* Thou shall have at most one DNAME per name */
if (rrset_count_rr_is_added(rrset) > 1) {
log_rrset(domain->dname, rrset->rrtype,
"multiple DNAMEs at the same name", LOG_ERR);
return ODS_STATUS_CONFLICT_ERR;
}
}
if (!soa_seen && domain->is_apex) {
rrset = domain_lookup_rrset(domain, LDNS_RR_TYPE_SOA);
if (rrset) {
/* Thou shall have one and only one SOA */
if (rrset_count_rr_is_added(rrset) != 1) {
log_rrset(domain->dname, rrset->rrtype,
"Wrong number of SOA records, should be 1", LOG_ERR);
return ODS_STATUS_CONFLICT_ERR;
}
} else {
log_rrset(domain->dname, LDNS_RR_TYPE_SOA, "missing SOA RRset",
LOG_ERR);
return ODS_STATUS_CONFLICT_ERR;
}
}
/*
dstatus = domain_is_occluded(domain);
delegpt = domain_is_delegpt(domain);
*/
/* Thou shall not have occluded data in your zone file */
node = ldns_rbtree_next(node);
}
return status;
}
/**
* Wipe out all NSEC RRsets.
*
*/
void
namedb_wipe_denial(namedb_type* db)
{
ldns_rbnode_t* node = LDNS_RBTREE_NULL;
denial_type* denial = NULL;
zone_type* zone = NULL;
size_t i = 0;
if (db && db->denials) {
zone = (zone_type*) db->zone;
ods_log_assert(zone);
ods_log_assert(zone->name);
ods_log_debug("[%s] wipe denial of existence space zone %s", db_str,
zone->name);
node = ldns_rbtree_first(db->denials);
while (node && node != LDNS_RBTREE_NULL) {
denial = (denial_type*) node->data;
if (!denial->rrset) {
node = ldns_rbtree_next(node);
continue;
}
for (i=0; i < denial->rrset->rr_count; i++) {
if (denial->rrset->rrs[i].exists) {
/* ixfr -RR */
lock_basic_lock(&zone->ixfr->ixfr_lock);
ixfr_del_rr(zone->ixfr, denial->rrset->rrs[i].rr);
lock_basic_unlock(&zone->ixfr->ixfr_lock);
}
denial->rrset->rrs[i].exists = 0;
rrset_del_rr(denial->rrset, i);
i--;
}
for (i=0; i < denial->rrset->rrsig_count; i++) {
/* ixfr -RRSIG */
lock_basic_lock(&zone->ixfr->ixfr_lock);
ixfr_del_rr(zone->ixfr, denial->rrset->rrsigs[i].rr);
lock_basic_unlock(&zone->ixfr->ixfr_lock);
rrset_del_rrsig(denial->rrset, i);
i--;
}
rrset_cleanup(denial->rrset);
denial->rrset = NULL;
node = ldns_rbtree_next(node);
}
}
return;
}
/**
* Export db to file.
*
*/
void
namedb_export(FILE* fd, namedb_type* db, ods_status* status)
{
ldns_rbnode_t* node = LDNS_RBTREE_NULL;
domain_type* domain = NULL;
if (!fd || !db || !db->domains) {
if (status) {
ods_log_error("[%s] unable to export namedb: file descriptor "
"or name database missing", db_str);
*status = ODS_STATUS_ASSERT_ERR;
}
return;
}
node = ldns_rbtree_first(db->domains);
if (!node || node == LDNS_RBTREE_NULL) {
fprintf(fd, "; empty zone\n");
if (status) {
*status = ODS_STATUS_OK;
}
return;
}
while (node && node != LDNS_RBTREE_NULL) {
domain = (domain_type*) node->data;
if (domain) {
domain_print(fd, domain, status);
}
node = ldns_rbtree_next(node);
}
return;
}
/**
* Clean up domains in namedb.
*
*/
static void
domain_delfunc(ldns_rbnode_t* elem)
{
domain_type* domain = NULL;
if (elem && elem != LDNS_RBTREE_NULL) {
domain = (domain_type*) elem->data;
domain_delfunc(elem->left);
domain_delfunc(elem->right);
domain_cleanup(domain);
free((void*)elem);
}
return;
}
/**
* Clean up denials.
*
*/
static void
denial_delfunc(ldns_rbnode_t* elem)
{
denial_type* denial = NULL;
domain_type* domain = NULL;
if (elem && elem != LDNS_RBTREE_NULL) {
denial = (denial_type*) elem->data;
denial_delfunc(elem->left);
denial_delfunc(elem->right);
domain = (domain_type*) denial->domain;
if (domain) {
domain->denial = NULL;
}
denial_cleanup(denial);
free((void*)elem);
}
return;
}
/**
* Clean up domains.
*
*/
static void
namedb_cleanup_domains(namedb_type* db)
{
if (db && db->domains) {
domain_delfunc(db->domains->root);
ldns_rbtree_free(db->domains);
db->domains = NULL;
}
return;
}
/**
* Clean up denials.
*
*/
void
namedb_cleanup_denials(namedb_type* db)
{
if (db && db->denials) {
denial_delfunc(db->denials->root);
ldns_rbtree_free(db->denials);
db->denials = NULL;
}
return;
}
/**
* Clean up namedb.
*
*/
void
namedb_cleanup(namedb_type* db)
{
zone_type* z = NULL;
if (!db) {
return;
}
z = (zone_type*) db->zone;
if (!z || !z->allocator) {
return;
}
namedb_cleanup_denials(db);
namedb_cleanup_domains(db);
allocator_deallocate(z->allocator, (void*) db);
return;
}
/**
* Backup namedb.
*
*/
void
namedb_backup2(FILE* fd, namedb_type* db)
{
ldns_rbnode_t* node = LDNS_RBTREE_NULL;
domain_type* domain = NULL;
denial_type* denial = NULL;
if (!fd || !db) {
return;
}
node = ldns_rbtree_first(db->domains);
while (node && node != LDNS_RBTREE_NULL) {
domain = (domain_type*) node->data;
domain_backup2(fd, domain, 0);
node = ldns_rbtree_next(node);
}
fprintf(fd, ";\n");
node = ldns_rbtree_first(db->denials);
while (node && node != LDNS_RBTREE_NULL) {
denial = (denial_type*) node->data;
if (denial->rrset) {
rrset_print(fd, denial->rrset, 1, NULL);
}
node = ldns_rbtree_next(node);
}
fprintf(fd, ";\n");
/* signatures */
node = ldns_rbtree_first(db->domains);
while (node && node != LDNS_RBTREE_NULL) {
domain = (domain_type*) node->data;
domain_backup2(fd, domain, 1);
node = ldns_rbtree_next(node);
}
node = ldns_rbtree_first(db->denials);
while (node && node != LDNS_RBTREE_NULL) {
denial = (denial_type*) node->data;
if (denial->rrset) {
rrset_backup2(fd, denial->rrset);
}
node = ldns_rbtree_next(node);
}
fprintf(fd, ";\n");
return;
}
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/signer/denial.h���������������������������������������������������������0000644�0001750�0001750�00000006122�12650165732�015571� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2011 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Denial of Existence.
*
*/
#ifndef SIGNER_DENIAL_H
#define SIGNER_DENIAL_H
#include "config.h"
#include "shared/allocator.h"
#include "shared/status.h"
#include "signer/nsec3params.h"
#include "signer/rrset.h"
#include
#include
/**
* Denial of Existence data point.
*
*/
typedef struct denial_struct denial_type;
struct denial_struct {
void* zone;
void* domain;
ldns_rbnode_t* node;
ldns_rdf* dname;
rrset_type* rrset;
unsigned bitmap_changed : 1;
unsigned nxt_changed : 1;
};
/**
* Create new Denial of Existence data point.
* \param[in] zoneptr zone reference
* \param[in] dname owner name
* \return denial_type* denial of existence data point
*
*/
denial_type* denial_create(void* zoneptr, ldns_rdf* dname);
/**
* Apply differences at denial.
* \param[in] denial Denial of Existence data point
*
*/
void denial_diff(denial_type* denial);
/**
* Add NSEC(3) to the Denial of Existence data point.
* \param[in] denial Denial of Existence data point
* \param[in] rr NSEC(3) resource record
*
*/
void denial_add_rr(denial_type* denial, ldns_rr* rr);
/**
* Nsecify Denial of Existence data point.
* \param[in] denial Denial of Existence data point
* \param[in] nxt next Denial of Existence data point
* \param[out] num_added number of RRs added
*
*/
void denial_nsecify(denial_type* denial, denial_type* nxt, uint32_t* num_added);
/**
* Print Denial of Existence data point.
* \param[in] fd file descriptor
* \param[in] denial denial of existence data point
* \param[out] status status
*
*/
void denial_print(FILE* fd, denial_type* denial, ods_status* status);
/**
* Cleanup Denial of Existence data point.
* \param[in] denial denial of existence data point
*
*/
void denial_cleanup(denial_type* denial);
#endif /* SIGNER_DENIAL_H */
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/signer/nsec3params.c����������������������������������������������������0000644�0001750�0001750�00000014505�12650165732�016553� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* NSEC3 Parameters.
*
*/
#include "shared/allocator.h"
#include "shared/log.h"
#include "shared/util.h"
#include "signer/backup.h"
#include "signer/nsec3params.h"
#include "signer/signconf.h"
#include
#include
#include
#include
static const char* nsec3_str = "nsec3";
/**
* Create NSEC3 salt.
*
*/
ods_status
nsec3params_create_salt(const char* salt_str, uint8_t* salt_len,
uint8_t** salt)
{
uint8_t c;
uint8_t* salt_tmp;
if (!salt_str) {
*salt_len = 0;
*salt = NULL;
return ODS_STATUS_OK;
}
*salt_len = (uint8_t) strlen(salt_str);
if (*salt_len == 1 && salt_str[0] == '-') {
*salt_len = 0;
*salt = NULL;
return ODS_STATUS_OK;
} else if (*salt_len % 2 != 0) {
ods_log_error("[%s] invalid salt %s", nsec3_str, salt_str);
*salt = NULL;
return ODS_STATUS_ERR;
}
/* construct salt data */
salt_tmp = (uint8_t*) calloc(*salt_len / 2, sizeof(uint8_t));
if (!salt_tmp) {
ods_log_error("[%s] construct salt data for %s failed", nsec3_str,
salt_str);
*salt = NULL;
return ODS_STATUS_MALLOC_ERR;
}
for (c = 0; c < *salt_len; c += 2) {
if (isxdigit((int) salt_str[c]) && isxdigit((int) salt_str[c+1])) {
salt_tmp[c/2] = (uint8_t) ldns_hexdigit_to_int(salt_str[c]) * 16 +
ldns_hexdigit_to_int(salt_str[c+1]);
} else {
ods_log_error("[%s] invalid salt %s", nsec3_str, salt_str);
free((void*)salt_tmp);
*salt = NULL;
return ODS_STATUS_ERR;
}
}
*salt_len = *salt_len / 2; /* update length */
*salt = salt_tmp;
return ODS_STATUS_OK;
}
/**
* Create new NSEC3 parameters.
*
*/
nsec3params_type*
nsec3params_create(void* sc, uint8_t algo, uint8_t flags, uint16_t iter,
const char* salt)
{
nsec3params_type* nsec3params = NULL;
signconf_type* signconf = (signconf_type*) sc;
uint8_t salt_len; /* calculate salt len */
uint8_t* salt_data; /* calculate salt data */
if (!sc) {
return NULL;
}
nsec3params = (nsec3params_type*) allocator_alloc(signconf->allocator,
sizeof(nsec3params_type));
if (!nsec3params) {
ods_log_error("[%s] unable to create: allocator_alloc() failed",
nsec3_str);
return NULL;
}
nsec3params->sc = sc;
nsec3params->algorithm = algo;
nsec3params->flags = flags;
nsec3params->iterations = iter;
/* construct the salt from the string */
if (nsec3params_create_salt(salt, &salt_len, &salt_data) != 0) {
ods_log_error("[%s] unable to create: create salt failed", nsec3_str);
allocator_deallocate(signconf->allocator, (void*)nsec3params);
return NULL;
}
nsec3params->salt_len = salt_len;
nsec3params->salt_data = salt_data;
nsec3params->rr = NULL;
return nsec3params;
}
/**
* Backup NSEC3 parameters.
*
*/
void
nsec3params_backup(FILE* fd, uint8_t algo, uint8_t flags,
uint16_t iter, const char* salt, ldns_rr* rr, const char* version)
{
if (!fd) {
return;
}
fprintf(fd, ";;Nsec3parameters: salt %s algorithm %u optout %u "
"iterations %u\n", salt?salt:"-", (unsigned) algo,
(unsigned) flags, (unsigned) iter);
if (strcmp(version, ODS_SE_FILE_MAGIC_V2) == 0) {
if (rr) {
(void)util_rr_print(fd, rr);
}
fprintf(fd, ";;Nsec3done\n");
fprintf(fd, ";;\n");
}
return;
}
/**
* Convert salt to string.
*
*/
const char*
nsec3params_salt2str(nsec3params_type* nsec3params)
{
uint8_t *data;
uint8_t salt_length = 0;
uint8_t salt_pos = 0;
int written = 0;
char* str = NULL;
ldns_buffer* buffer = NULL;
salt_length = nsec3params->salt_len;
data = nsec3params->salt_data;
/* from now there are variable length entries so remember pos */
if (salt_length == 0) {
buffer = ldns_buffer_new(2);
written = ldns_buffer_printf(buffer, "-");
} else {
buffer = ldns_buffer_new(salt_pos+1);
for (salt_pos = 0; salt_pos < salt_length; salt_pos++) {
written = ldns_buffer_printf(buffer, "%02x", data[salt_pos]);
}
}
if (ldns_buffer_status(buffer) == LDNS_STATUS_OK) {
str = ldns_buffer2str(buffer);
} else if (written) {
ods_log_error("[%s] unable to convert nsec3 salt to string: %s",
nsec3_str, ldns_get_errorstr_by_id(ldns_buffer_status(buffer)));
} else {
ods_log_error("[%s] unable to convert nsec3 salt to string: zero "
"bytes written", nsec3_str);
}
ldns_buffer_free(buffer);
return (const char*) str;
}
/**
* Clean up NSEC3 parameters.
*
*/
void
nsec3params_cleanup(nsec3params_type* nsec3params)
{
signconf_type* sc = NULL;
if (!nsec3params) {
return;
}
sc = (signconf_type*) nsec3params->sc;
allocator_deallocate(sc->allocator, (void*) nsec3params->salt_data);
allocator_deallocate(sc->allocator, (void*) nsec3params);
return;
}
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/signer/domain.h���������������������������������������������������������0000644�0001750�0001750�00000012203�12650165732�015601� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Domain.
*
*/
#ifndef SIGNER_DOMAIN_H
#define SIGNER_DOMAIN_H
#include "config.h"
#include "shared/allocator.h"
#include "shared/status.h"
#include "signer/rrset.h"
#include
#include
#define SE_NSEC_RDATA_NXT 0
#define SE_NSEC_RDATA_BITMAP 1
#define SE_NSEC3_RDATA_NSEC3PARAMS 4
#define SE_NSEC3_RDATA_NXT 4
#define SE_NSEC3_RDATA_BITMAP 5
/**
* Domain.
*
*/
typedef struct domain_struct domain_type;
struct domain_struct {
void* zone;
void* denial;
ldns_rbnode_t* node;
ldns_rdf* dname;
domain_type* parent;
rrset_type* rrsets;
unsigned is_new : 1;
unsigned is_apex : 1; /* apex */
};
/**
* Log domain name.
* \param[in] rdf domain name
* \param[in] pre log message
* \param[in] level log level
*
*/
void log_dname(ldns_rdf* rdf, const char* pre, int level);
/**
* Create domain.
* \param[in] zoneptr zone reference
* \param[in] dname owner name
* \return domain_type* domain
*
*/
domain_type* domain_create(void* zoneptr, ldns_rdf* dname);
/**
* Count the number of RRsets at this domain.
* \param[in] domain domain
* \return size_t number of RRsets
*
*/
size_t domain_count_rrset(domain_type* domain);
/**
* Count the number of RRsets at this domain with RRs that have is_added.
* \param[in] domain domain
* \return size_t number of RRsets
*
*/
size_t domain_count_rrset_is_added(domain_type* domain);
/**
* Look up RRset at this domain.
* \param[in] domain the domain
* \param[in] rrtype RRtype
* \return rrset_type* RRset, if found
*
*/
rrset_type* domain_lookup_rrset(domain_type* domain, ldns_rr_type rrtype);
/**
* Add RRset to domain.
* \param[in] domain domain
* \param[in] rrset RRset
*
*/
void domain_add_rrset(domain_type* domain, rrset_type* rrset);
/**
* Delete RRset from domain.
* \param[in] domain domain
* \param[in] rrtype RRtype of RRset
* \return rrset_type* deleted RRset
*
*/
rrset_type* domain_del_rrset(domain_type* domain, ldns_rr_type rrtype);
/**
* Apply differences at domain.
* \param[in] domain domain
* \param[in] is_ixfr true if incremental change
* \param[in] more_coming more transactions possible
*
*/
void domain_diff(domain_type* domain, unsigned is_ixfr, unsigned more_coming);
/**
* Rollback differences at domain.
* \param[in] domain domain
* \param[in] keepsc keep RRs that did not came from the adapter
*
*/
void domain_rollback(domain_type* domain, int keepsc);
/**
* Check whether a domain is an empty non-terminal to an unsigned delegation.
* \param[in] domain domain
* \return int yes or no
*
*/
int domain_ent2unsignedns(domain_type* domain);
/**
* Check whether a domain is a delegation, regardless of parent.
* \param[in] domain domain
* \return ldns_rr_type RRtype that hints whether the domain is occluded.
* LDNS_RR_TYPE_NS Unsigned delegation
* LDNS_RR_TYPE_DS Signed delegation
* LDNS_RR_TYPE_SOA Authoritative data (or signed delegation)
*
*/
ldns_rr_type domain_is_delegpt(domain_type* domain);
/**
* Check whether the domain is occluded.
* \param[in] domain domain
* \return ldns_rr_type RRtype that hints whether the domain is occluded.
* LDNS_RR_TYPE_DNAME Occluded
* LDNS_RR_TYPE_A Glue
* LDNS_RR_TYPE_SOA Authoritative data or delegation
*
*/
ldns_rr_type domain_is_occluded(domain_type* domain);
/**
* Print domain.
* \param[in] fd file descriptor
* \param[in] domain domain
* \param[out] status status
*
*/
void domain_print(FILE* fd, domain_type* domain, ods_status* status);
/**
* Clean up domain.
* \param[in] domain domain to cleanup
*
*/
void domain_cleanup(domain_type* domain);
/**
* Backup domain.
* \param[in] fd file descriptor
* \param[in] domain domain
* \param[in] sigs do RRSIGS if true, otherwise do RRset
*
*/
void domain_backup2(FILE* fd, domain_type* domain, int sigs);
#endif /* SIGNER_DOMAIN_H */
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/signer/rrset.c����������������������������������������������������������0000644�0001750�0001750�00000064116�12650165732�015476� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* RRset.
*
*/
#include "config.h"
#include "shared/file.h"
#include "shared/hsm.h"
#include "shared/log.h"
#include "shared/util.h"
#include "signer/rrset.h"
#include "signer/zone.h"
static const char* rrset_str = "rrset";
/**
* Log RR.
*
*/
void
log_rr(ldns_rr* rr, const char* pre, int level)
{
char* str = NULL;
size_t i = 0;
if (ods_log_get_level() < level) {
return;
}
str = ldns_rr2str(rr);
if (!str) {
ods_log_error("[%s] %s: Error converting RR to string", rrset_str,
pre?pre:"");
return;
}
str[(strlen(str))-1] = '\0';
/* replace tabs with white space */
for (i=0; i < strlen(str); i++) {
if (str[i] == '\t') {
str[i] = ' ';
}
}
if (level == LOG_EMERG) {
ods_fatal_exit("[%s] %s: %s", rrset_str, pre?pre:"", str);
} else if (level == LOG_ALERT) {
ods_log_alert("[%s] %s: %s", rrset_str, pre?pre:"", str);
} else if (level == LOG_CRIT) {
ods_log_crit("[%s] %s: %s", rrset_str, pre?pre:"", str);
} else if (level == LOG_ERR) {
ods_log_error("[%s] %s: %s", rrset_str, pre?pre:"", str);
} else if (level == LOG_WARNING) {
ods_log_warning("[%s] %s: %s", rrset_str, pre?pre:"", str);
} else if (level == LOG_NOTICE) {
ods_log_info("[%s] %s: %s", rrset_str, pre?pre:"", str);
} else if (level == LOG_INFO) {
ods_log_verbose("[%s] %s: %s", rrset_str, pre?pre:"", str);
} else if (level == LOG_DEBUG) {
ods_log_debug("[%s] %s: %s", rrset_str, pre?pre:"", str);
} else if (level == LOG_DEEEBUG) {
ods_log_deeebug("[%s] %s: %s", rrset_str, pre?pre:"", str);
} else {
ods_log_deeebug("[%s] %s: %s", rrset_str, pre?pre:"", str);
}
free((void*)str);
return;
}
/**
* Log RRset.
*
*/
void
log_rrset(ldns_rdf* dname, ldns_rr_type type, const char* pre, int level)
{
char* str = NULL;
size_t i = 0;
if (ods_log_get_level() < level) {
return;
}
str = ldns_rdf2str(dname);
if (!str) {
return;
}
str[(strlen(str))-1] = '\0';
/* replace tabs with white space */
for (i=0; i < strlen(str); i++) {
if (str[i] == '\t') {
str[i] = ' ';
}
}
if (level == LOG_EMERG) {
ods_fatal_exit("[%s] %s: <%s,%s>", rrset_str, pre?pre:"", str,
rrset_type2str(type));
} else if (level == LOG_ALERT) {
ods_log_alert("[%s] %s: <%s,%s>", rrset_str, pre?pre:"", str,
rrset_type2str(type));
} else if (level == LOG_CRIT) {
ods_log_crit("[%s] %s: <%s,%s>", rrset_str, pre?pre:"", str,
rrset_type2str(type));
} else if (level == LOG_ERR) {
ods_log_error("[%s] %s: <%s,%s>", rrset_str, pre?pre:"", str,
rrset_type2str(type));
} else if (level == LOG_WARNING) {
ods_log_warning("[%s] %s: <%s,%s>", rrset_str, pre?pre:"", str,
rrset_type2str(type));
} else if (level == LOG_NOTICE) {
ods_log_info("[%s] %s: <%s,%s>", rrset_str, pre?pre:"", str,
rrset_type2str(type));
} else if (level == LOG_INFO) {
ods_log_verbose("[%s] %s: <%s,%s>", rrset_str, pre?pre:"", str,
rrset_type2str(type));
} else if (level == LOG_DEBUG) {
ods_log_debug("[%s] %s: <%s,%s>", rrset_str, pre?pre:"", str,
rrset_type2str(type));
} else if (level == LOG_DEEEBUG) {
ods_log_deeebug("[%s] %s: <%s,%s>", rrset_str, pre?pre:"", str,
rrset_type2str(type));
} else {
ods_log_deeebug("[%s] %s: <%s,%s>", rrset_str, pre?pre:"", str,
rrset_type2str(type));
}
free((void*)str);
return;
}
/**
* Get the string-format of RRtype.
*
*/
const char*
rrset_type2str(ldns_rr_type type)
{
if (type == LDNS_RR_TYPE_IXFR) {
return "IXFR";
} else if (type == LDNS_RR_TYPE_AXFR) {
return "AXFR";
} else if (type == LDNS_RR_TYPE_MAILB) {
return "MAILB";
} else if (type == LDNS_RR_TYPE_MAILA) {
return "MAILA";
} else if (type == LDNS_RR_TYPE_ANY) {
return "ANY";
} else {
const ldns_rr_descriptor* descriptor = ldns_rr_descript(type);
if (descriptor && descriptor->_name) {
return descriptor->_name;
}
}
return "TYPE???";
}
/**
* Create RRset.
*
*/
rrset_type*
rrset_create(void* zoneptr, ldns_rr_type type)
{
zone_type* zone = (zone_type*) zoneptr;
rrset_type* rrset = NULL;
if (!type || !zoneptr) {
return NULL;
}
rrset = (rrset_type*) allocator_alloc(
zone->allocator, sizeof(rrset_type));
if (!rrset) {
ods_log_error("[%s] unable to create RRset %u: allocator_alloc() "
"failed", rrset_str, (unsigned) type);
return NULL;
}
rrset->next = NULL;
rrset->rrs = NULL;
rrset->rrsigs = NULL;
rrset->domain = NULL;
rrset->zone = zoneptr;
rrset->rrtype = type;
rrset->rr_count = 0;
rrset->rrsig_count = 0;
rrset->needs_signing = 0;
return rrset;
}
/**
* Lookup RR in RRset.
*
*/
rr_type*
rrset_lookup_rr(rrset_type* rrset, ldns_rr* rr)
{
ldns_status lstatus = LDNS_STATUS_OK;
int cmp = 0;
size_t i = 0;
if (!rrset || !rr || rrset->rr_count <= 0) {
return NULL;
}
for (i=0; i < rrset->rr_count; i++) {
lstatus = util_dnssec_rrs_compare(rrset->rrs[i].rr, rr, &cmp);
if (lstatus != LDNS_STATUS_OK) {
ods_log_error("[%s] unable to lookup RR: compare failed (%s)",
rrset_str, ldns_get_errorstr_by_id(lstatus));
return NULL;
}
if (!cmp) { /* equal */
return &rrset->rrs[i];
}
}
return NULL;
}
/**
* Count the number of RRs in this RRset that have is_added.
*
*/
size_t
rrset_count_rr_is_added(rrset_type* rrset)
{
size_t i = 0;
size_t count = 0;
if (!rrset) {
return 0;
}
for (i=0; i < rrset->rr_count; i++) {
if (rrset->rrs[i].is_added) {
count++;
}
}
return count;
}
/**
* Add RR to RRset.
*
*/
rr_type*
rrset_add_rr(rrset_type* rrset, ldns_rr* rr)
{
rr_type* rrs_old = NULL;
zone_type* zone = NULL;
ods_log_assert(rrset);
ods_log_assert(rr);
ods_log_assert(rrset->rrtype == ldns_rr_get_type(rr));
zone = (zone_type*) rrset->zone;
rrs_old = rrset->rrs;
rrset->rrs = (rr_type*) allocator_alloc(zone->allocator,
(rrset->rr_count + 1) * sizeof(rr_type));
if (!rrset->rrs) {
ods_fatal_exit("[%s] fatal unable to add RR: allocator_alloc() failed",
rrset_str);
}
if (rrs_old) {
memcpy(rrset->rrs, rrs_old, (rrset->rr_count) * sizeof(rr_type));
}
allocator_deallocate(zone->allocator, (void*) rrs_old);
rrset->rr_count++;
rrset->rrs[rrset->rr_count - 1].owner = rrset->domain;
rrset->rrs[rrset->rr_count - 1].rr = rr;
rrset->rrs[rrset->rr_count - 1].exists = 0;
rrset->rrs[rrset->rr_count - 1].is_added = 1;
rrset->rrs[rrset->rr_count - 1].is_removed = 0;
rrset->needs_signing = 1;
log_rr(rr, "+RR", LOG_DEEEBUG);
return &rrset->rrs[rrset->rr_count -1];
}
/**
* Delete RR from RRset.
*
*/
void
rrset_del_rr(rrset_type* rrset, uint16_t rrnum)
{
rr_type* rrs_orig = NULL;
zone_type* zone = NULL;
ods_log_assert(rrset);
ods_log_assert(rrnum < rrset->rr_count);
zone = (zone_type*) rrset->zone;
log_rr(rrset->rrs[rrnum].rr, "-RR", LOG_DEEEBUG);
rrset->rrs[rrnum].owner = NULL;
rrset->rrs[rrnum].rr = NULL;
while (rrnum < rrset->rr_count-1) {
rrset->rrs[rrnum] = rrset->rrs[rrnum+1];
rrnum++;
}
memset(&rrset->rrs[rrset->rr_count-1], 0, sizeof(rr_type));
rrs_orig = rrset->rrs;
rrset->rrs = (rr_type*) allocator_alloc(zone->allocator,
(rrset->rr_count - 1) * sizeof(rr_type));
if(!rrset->rrs) {
ods_fatal_exit("[%s] fatal unable to delete RR: allocator_alloc() failed",
rrset_str);
}
memcpy(rrset->rrs, rrs_orig, (rrset->rr_count -1) * sizeof(rr_type));
allocator_deallocate(zone->allocator, (void*) rrs_orig);
rrset->rr_count--;
rrset->needs_signing = 1;
return;
}
/**
* Apply differences at RRset.
*
*/
void
rrset_diff(rrset_type* rrset, unsigned is_ixfr, unsigned more_coming)
{
zone_type* zone = NULL;
uint16_t i = 0;
uint8_t del_sigs = 0;
if (!rrset) {
return;
}
zone = (zone_type*) rrset->zone;
for (i=0; i < rrset->rr_count; i++) {
if (rrset->rrs[i].is_added) {
if (!rrset->rrs[i].exists) {
/* ixfr +RR */
lock_basic_lock(&zone->ixfr->ixfr_lock);
ixfr_add_rr(zone->ixfr, rrset->rrs[i].rr);
lock_basic_unlock(&zone->ixfr->ixfr_lock);
del_sigs = 1;
}
rrset->rrs[i].exists = 1;
if ((rrset->rrtype == LDNS_RR_TYPE_DNSKEY ||
rrset->rrtype == LDNS_RR_TYPE_NSEC3PARAMS) && more_coming) {
continue;
}
rrset->rrs[i].is_added = 0;
} else if (!is_ixfr || rrset->rrs[i].is_removed) {
if (rrset->rrs[i].exists) {
/* ixfr -RR */
lock_basic_lock(&zone->ixfr->ixfr_lock);
ixfr_del_rr(zone->ixfr, rrset->rrs[i].rr);
lock_basic_unlock(&zone->ixfr->ixfr_lock);
}
rrset->rrs[i].exists = 0;
rrset_del_rr(rrset, i);
del_sigs = 1;
i--;
}
}
if (del_sigs) {
for (i=0; i < rrset->rrsig_count; i++) {
/* ixfr -RRSIG */
lock_basic_lock(&zone->ixfr->ixfr_lock);
ixfr_del_rr(zone->ixfr, rrset->rrsigs[i].rr);
lock_basic_unlock(&zone->ixfr->ixfr_lock);
rrset_del_rrsig(rrset, i);
i--;
}
}
return;
}
/**
* Add RRSIG to RRset.
*
*/
rrsig_type*
rrset_add_rrsig(rrset_type* rrset, ldns_rr* rr,
const char* locator, uint32_t flags)
{
rrsig_type* rrsigs_old = NULL;
zone_type* zone = NULL;
ods_log_assert(rrset);
ods_log_assert(rr);
ods_log_assert(ldns_rr_get_type(rr) == LDNS_RR_TYPE_RRSIG);
zone = (zone_type*) rrset->zone;
rrsigs_old = rrset->rrsigs;
rrset->rrsigs = (rrsig_type*) allocator_alloc(zone->allocator,
(rrset->rrsig_count + 1) * sizeof(rrsig_type));
if (!rrset->rrsigs) {
ods_fatal_exit("[%s] fatal unable to add RRSIG: allocator_alloc() failed",
rrset_str);
}
if (rrsigs_old) {
memcpy(rrset->rrsigs, rrsigs_old,
(rrset->rrsig_count) * sizeof(rrsig_type));
}
allocator_deallocate(zone->allocator, (void*) rrsigs_old);
rrset->rrsig_count++;
rrset->rrsigs[rrset->rrsig_count - 1].owner = rrset->domain;
rrset->rrsigs[rrset->rrsig_count - 1].rr = rr;
rrset->rrsigs[rrset->rrsig_count - 1].key_locator = locator;
rrset->rrsigs[rrset->rrsig_count - 1].key_flags = flags;
log_rr(rr, "+RRSIG", LOG_DEEEBUG);
return &rrset->rrsigs[rrset->rrsig_count -1];
}
/**
* Delete RRSIG from RRset.
*
*/
void
rrset_del_rrsig(rrset_type* rrset, uint16_t rrnum)
{
rrsig_type* rrsigs_orig = NULL;
zone_type* zone = NULL;
ods_log_assert(rrset);
ods_log_assert(rrnum < rrset->rrsig_count);
zone = (zone_type*) rrset->zone;
log_rr(rrset->rrsigs[rrnum].rr, "-RRSIG", LOG_DEEEBUG);
rrset->rrsigs[rrnum].owner = NULL;
rrset->rrsigs[rrnum].rr = NULL;
allocator_deallocate(zone->allocator,
(void*)rrset->rrsigs[rrnum].key_locator);
rrset->rrsigs[rrnum].key_locator = NULL;
while (rrnum < rrset->rrsig_count-1) {
rrset->rrsigs[rrnum] = rrset->rrsigs[rrnum+1];
rrnum++;
}
memset(&rrset->rrsigs[rrset->rrsig_count-1], 0, sizeof(rrsig_type));
rrsigs_orig = rrset->rrsigs;
rrset->rrsigs = (rrsig_type*) allocator_alloc(zone->allocator,
(rrset->rrsig_count - 1) * sizeof(rrsig_type));
if(!rrset->rrsigs) {
ods_fatal_exit("[%s] fatal unable to delete RRSIG: allocator_alloc() failed",
rrset_str);
}
memcpy(rrset->rrsigs, rrsigs_orig,
(rrset->rrsig_count -1) * sizeof(rrsig_type));
allocator_deallocate(zone->allocator, (void*) rrsigs_orig);
rrset->rrsig_count--;
return;
}
/**
* Recycle signatures from RRset and drop unreusable signatures.
*
*/
static uint32_t
rrset_recycle(rrset_type* rrset, time_t signtime, ldns_rr_type dstatus,
ldns_rr_type delegpt)
{
uint32_t refresh = 0;
uint32_t expiration = 0;
uint32_t inception = 0;
uint32_t reusedsigs = 0;
unsigned drop_sig = 0;
size_t i = 0;
key_type* key = NULL;
zone_type* zone = NULL;
if (!rrset) {
return 0;
}
zone = (zone_type*) rrset->zone;
/* Calculate the Refresh Window = Signing time + Refresh */
if (zone->signconf && zone->signconf->sig_refresh_interval) {
refresh = (uint32_t) (signtime +
duration2time(zone->signconf->sig_refresh_interval));
}
/* Check every signature if it matches the recycling logic. */
for (i=0; i < rrset->rrsig_count; i++) {
drop_sig = 0;
/* 0. Skip delegation, glue and occluded RRsets */
if (dstatus != LDNS_RR_TYPE_SOA || (delegpt != LDNS_RR_TYPE_SOA &&
rrset->rrtype != LDNS_RR_TYPE_DS)) {
drop_sig = 1;
goto recycle_drop_sig;
}
ods_log_assert(dstatus == LDNS_RR_TYPE_SOA ||
(delegpt == LDNS_RR_TYPE_SOA || rrset->rrtype == LDNS_RR_TYPE_DS));
/* 1. If the RRset has changed, drop all signatures */
/* 2. If Refresh is disabled, drop all signatures */
if (rrset->needs_signing || refresh <= (uint32_t) signtime) {
drop_sig = 1;
goto recycle_drop_sig;
}
/* 3. Expiration - Refresh has passed */
expiration = ldns_rdf2native_int32(
ldns_rr_rrsig_expiration(rrset->rrsigs[i].rr));
if (expiration < refresh) {
drop_sig = 1;
goto recycle_drop_sig;
}
/* 4. Inception has not yet passed */
inception = ldns_rdf2native_int32(
ldns_rr_rrsig_inception(rrset->rrsigs[i].rr));
if (inception > (uint32_t) signtime) {
drop_sig = 1;
goto recycle_drop_sig;
}
/* 5. Corresponding key is dead (key is locator+flags) */
key = keylist_lookup_by_locator(zone->signconf->keys,
rrset->rrsigs[i].key_locator);
if (!key || key->flags != rrset->rrsigs[i].key_flags) {
drop_sig = 1;
}
recycle_drop_sig:
if (drop_sig) {
/* A rule mismatched, refresh signature */
/* ixfr -RRSIG */
lock_basic_lock(&zone->ixfr->ixfr_lock);
ixfr_del_rr(zone->ixfr, rrset->rrsigs[i].rr);
lock_basic_unlock(&zone->ixfr->ixfr_lock);
rrset_del_rrsig(rrset, i);
i--;
} else {
/* All rules ok, recycle signature */
reusedsigs += 1;
}
}
return reusedsigs;
}
/**
* Is the RRset signed with this algorithm?
*
*/
static int
rrset_sigalgo(rrset_type* rrset, uint8_t algorithm)
{
size_t i = 0;
if (!rrset) {
return 0;
}
for (i=0; i < rrset->rrsig_count; i++) {
if (algorithm == ldns_rdf2native_int8(
ldns_rr_rrsig_algorithm(rrset->rrsigs[i].rr))) {
return 1;
}
}
return 0;
}
/**
* Is the RRset signed with this locator?
*
*/
static int
rrset_siglocator(rrset_type* rrset, const char* locator)
{
size_t i = 0;
if (!rrset) {
return 0;
}
for (i=0; i < rrset->rrsig_count; i++) {
if (!ods_strcmp(locator, rrset->rrsigs[i].key_locator)) {
return 1;
}
}
return 0;
}
/**
* Transmogrify the RRset to a RRlist.
*
*/
static ldns_rr_list*
rrset2rrlist(rrset_type* rrset)
{
ldns_rr_list* rr_list = NULL;
int ret = 0;
size_t i = 0;
rr_list = ldns_rr_list_new();
for (i=0; i < rrset->rr_count; i++) {
if (!rrset->rrs[i].exists) {
log_rr(rrset->rrs[i].rr, "RR does not exist", LOG_WARNING);
continue;
}
/* clone if you want to keep the original format in the signed zone */
ldns_rr2canonical(rrset->rrs[i].rr);
ret = (int) ldns_rr_list_push_rr(rr_list, rrset->rrs[i].rr);
if (!ret) {
ldns_rr_list_free(rr_list);
return NULL;
}
if (rrset->rrtype == LDNS_RR_TYPE_CNAME ||
rrset->rrtype == LDNS_RR_TYPE_DNAME) {
/* singleton types */
return rr_list;
}
}
ldns_rr_list_sort(rr_list);
return rr_list;
}
/**
* Calculate the signature validation period.
*
*/
static void
rrset_sigvalid_period(signconf_type* sc, ldns_rr_type rrtype, time_t signtime,
time_t* inception, time_t* expiration)
{
time_t jitter = 0;
time_t offset = 0;
time_t validity = 0;
time_t random_jitter = 0;
if (!sc || !rrtype || !signtime) {
return;
}
jitter = duration2time(sc->sig_jitter);
if (jitter) {
random_jitter = ods_rand(jitter*2);
}
offset = duration2time(sc->sig_inception_offset);
if (rrtype == LDNS_RR_TYPE_NSEC || rrtype == LDNS_RR_TYPE_NSEC3) {
validity = duration2time(sc->sig_validity_denial);
} else {
validity = duration2time(sc->sig_validity_default);
}
*inception = signtime - offset;
*expiration = (signtime + validity + random_jitter) - jitter;
return;
}
/**
* Sign RRset.
*
*/
ods_status
rrset_sign(hsm_ctx_t* ctx, rrset_type* rrset, time_t signtime)
{
zone_type* zone = NULL;
uint32_t newsigs = 0;
uint32_t reusedsigs = 0;
ldns_rr* rrsig = NULL;
ldns_rr_list* rr_list = NULL;
rrsig_type* signature = NULL;
const char* locator = NULL;
time_t inception = 0;
time_t expiration = 0;
size_t i = 0;
domain_type* domain = NULL;
ldns_rr_type dstatus = LDNS_RR_TYPE_FIRST;
ldns_rr_type delegpt = LDNS_RR_TYPE_FIRST;
ods_log_assert(ctx);
ods_log_assert(rrset);
zone = (zone_type*) rrset->zone;
ods_log_assert(zone);
ods_log_assert(zone->signconf);
/* Recycle signatures */
if (rrset->rrtype == LDNS_RR_TYPE_NSEC ||
rrset->rrtype == LDNS_RR_TYPE_NSEC3) {
dstatus = LDNS_RR_TYPE_SOA;
delegpt = LDNS_RR_TYPE_SOA;
} else {
domain = (domain_type*) rrset->domain;
dstatus = domain_is_occluded(domain);
delegpt = domain_is_delegpt(domain);
}
reusedsigs = rrset_recycle(rrset, signtime, dstatus, delegpt);
rrset->needs_signing = 0;
ods_log_assert(rrset->rrs);
ods_log_assert(rrset->rrs[0].rr);
/* Skip delegation, glue and occluded RRsets */
if (dstatus != LDNS_RR_TYPE_SOA) {
log_rrset(ldns_rr_owner(rrset->rrs[0].rr), rrset->rrtype,
"skip signing occluded RRset", LOG_DEEEBUG);
return ODS_STATUS_OK;
}
if (delegpt != LDNS_RR_TYPE_SOA && rrset->rrtype != LDNS_RR_TYPE_DS) {
log_rrset(ldns_rr_owner(rrset->rrs[0].rr), rrset->rrtype,
"skip signing delegation RRset", LOG_DEEEBUG);
return ODS_STATUS_OK;
}
log_rrset(ldns_rr_owner(rrset->rrs[0].rr), rrset->rrtype,
"sign RRset", LOG_DEEEBUG);
ods_log_assert(dstatus == LDNS_RR_TYPE_SOA ||
(delegpt == LDNS_RR_TYPE_SOA || rrset->rrtype == LDNS_RR_TYPE_DS));
/* Transmogrify rrset */
rr_list = rrset2rrlist(rrset);
if (!rr_list) {
ods_log_error("[%s] unable to sign RRset[%i]: rrset2rrlist() failed",
rrset_str, rrset->rrtype);
return ODS_STATUS_MALLOC_ERR;
}
if (ldns_rr_list_rr_count(rr_list) <= 0) {
/* Empty RRset, no signatures needed */
ldns_rr_list_free(rr_list);
return ODS_STATUS_OK;
}
/* Calculate signature validity */
rrset_sigvalid_period(zone->signconf, rrset->rrtype, signtime,
&inception, &expiration);
/* Walk keys */
for (i=0; i < zone->signconf->keys->count; i++) {
/* If not ZSK don't sign other RRsets */
if (!zone->signconf->keys->keys[i].zsk &&
rrset->rrtype != LDNS_RR_TYPE_DNSKEY) {
continue;
}
/* If not KSK don't sign DNSKEY RRset */
if (!zone->signconf->keys->keys[i].ksk &&
rrset->rrtype == LDNS_RR_TYPE_DNSKEY) {
continue;
}
/* Additional rules for signatures */
if (rrset_siglocator(rrset, zone->signconf->keys->keys[i].locator)) {
continue;
}
if (rrset->rrtype != LDNS_RR_TYPE_DNSKEY &&
rrset_sigalgo(rrset, zone->signconf->keys->keys[i].algorithm)) {
continue;
}
/**
* currently, there is no rule that the number of signatures
* over this RRset equals the number of active keys.
*/
/* Sign the RRset with this key */
ods_log_deeebug("[%s] signing RRset[%i] with key %s", rrset_str,
rrset->rrtype, zone->signconf->keys->keys[i].locator);
rrsig = lhsm_sign(ctx, rr_list, &zone->signconf->keys->keys[i],
zone->apex, inception, expiration);
if (!rrsig) {
ods_log_crit("[%s] unable to sign RRset[%i]: lhsm_sign() failed",
rrset_str, rrset->rrtype);
ldns_rr_list_free(rr_list);
return ODS_STATUS_HSM_ERR;
}
/* Add signature */
locator = allocator_strdup(zone->allocator,
zone->signconf->keys->keys[i].locator);
signature = rrset_add_rrsig(rrset, rrsig, locator,
zone->signconf->keys->keys[i].flags);
newsigs++;
/* ixfr +RRSIG */
ods_log_assert(signature->rr);
lock_basic_lock(&zone->ixfr->ixfr_lock);
ixfr_add_rr(zone->ixfr, signature->rr);
lock_basic_unlock(&zone->ixfr->ixfr_lock);
}
/* RRset signing completed */
ldns_rr_list_free(rr_list);
lock_basic_lock(&zone->stats->stats_lock);
if (rrset->rrtype == LDNS_RR_TYPE_SOA) {
zone->stats->sig_soa_count += newsigs;
}
zone->stats->sig_count += newsigs;
zone->stats->sig_reuse += reusedsigs;
lock_basic_unlock(&zone->stats->stats_lock);
return ODS_STATUS_OK;
}
/**
* Print RRset.
*
*/
void
rrset_print(FILE* fd, rrset_type* rrset, int skip_rrsigs,
ods_status* status)
{
uint16_t i = 0;
ods_status result = ODS_STATUS_OK;
if (!rrset || !fd) {
ods_log_crit("[%s] unable to print RRset: rrset or fd missing",
rrset_str);
if (status) {
*status = ODS_STATUS_ASSERT_ERR;
}
return;
}
for (i=0; i < rrset->rr_count; i++) {
if (rrset->rrs[i].exists) {
result = util_rr_print(fd, rrset->rrs[i].rr);
if (rrset->rrtype == LDNS_RR_TYPE_CNAME ||
rrset->rrtype == LDNS_RR_TYPE_DNAME) {
/* singleton types */
break;
}
if (result != ODS_STATUS_OK) {
zone_type* zone = (zone_type*) rrset->zone;
log_rrset(ldns_rr_owner(rrset->rrs[i].rr), rrset->rrtype,
"error printing RRset", LOG_CRIT);
zone->adoutbound->error = 1;
break;
}
}
}
if (! (skip_rrsigs || !rrset->rrsig_count)) {
for (i=0; i < rrset->rrsig_count; i++) {
result = util_rr_print(fd, rrset->rrsigs[i].rr);
if (result != ODS_STATUS_OK) {
zone_type* zone = (zone_type*) rrset->zone;
log_rrset(ldns_rr_owner(rrset->rrs[i].rr), rrset->rrtype,
"error printing RRset", LOG_CRIT);
zone->adoutbound->error = 1;
break;
}
}
}
if (status) {
*status = result;
}
return;
}
/**
* Clean up RRset.
*
*/
void
rrset_cleanup(rrset_type* rrset)
{
uint16_t i = 0;
zone_type* zone = NULL;
if (!rrset) {
return;
}
rrset_cleanup(rrset->next);
rrset->next = NULL;
rrset->domain = NULL;
zone = (zone_type*) rrset->zone;
for (i=0; i < rrset->rr_count; i++) {
ldns_rr_free(rrset->rrs[i].rr);
rrset->rrs[i].owner = NULL;
}
for (i=0; i < rrset->rrsig_count; i++) {
allocator_deallocate(zone->allocator,
(void*)rrset->rrsigs[i].key_locator);
ldns_rr_free(rrset->rrsigs[i].rr);
rrset->rrsigs[i].owner = NULL;
}
allocator_deallocate(zone->allocator, (void*) rrset->rrs);
allocator_deallocate(zone->allocator, (void*) rrset->rrsigs);
allocator_deallocate(zone->allocator, (void*) rrset);
return;
}
/**
* Backup RRset.
*
*/
void
rrset_backup2(FILE* fd, rrset_type* rrset)
{
char* str = NULL;
uint16_t i = 0;
if (!rrset || !fd) {
return;
}
for (i=0; i < rrset->rrsig_count; i++) {
str = ldns_rr2str(rrset->rrsigs[i].rr);
if (!str) {
continue;
}
str[(strlen(str))-1] = '\0';
fprintf(fd, "%s; {locator %s flags %u}\n", str,
rrset->rrsigs[i].key_locator, rrset->rrsigs[i].key_flags);
free((void*)str);
}
return;
}
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/signer/zone.h�����������������������������������������������������������0000644�0001750�0001750�00000014641�12650165732�015315� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Zone.
*
*/
#ifndef SIGNER_ZONE_H
#define SIGNER_ZONE_H
#include "config.h"
#include "adapter/adapter.h"
#include "scheduler/schedule.h"
#include "shared/allocator.h"
#include "shared/locks.h"
#include "shared/status.h"
#include "signer/ixfr.h"
#include "signer/namedb.h"
#include "signer/signconf.h"
#include "signer/stats.h"
#include "wire/buffer.h"
#include "wire/notify.h"
#include "wire/xfrd.h"
#include
struct schedule_struct;
enum zone_zl_status_enum {
ZONE_ZL_OK = 0,
ZONE_ZL_ADDED,
ZONE_ZL_UPDATED,
ZONE_ZL_REMOVED
};
typedef enum zone_zl_status_enum zone_zl_status;
/**
* Zone.
*
*/
typedef struct zone_struct zone_type;
struct zone_struct {
allocator_type* allocator; /* memory allocator */
ldns_rdf* apex; /* wire format zone name */
ldns_rr_class klass; /* class */
uint32_t default_ttl; /* ttl */
/* from conf.xml */
char *notify_command; /* placeholder for the whole notify command */
const char* notify_ns; /* master name server reload command */
char** notify_args; /* reload command arguments */
/* from zonelist.xml */
const char* name; /* string format zone name */
const char* policy_name; /* policy identifier */
const char* signconf_filename; /* signconf filename */
zone_zl_status zl_status; /* zonelist status */
/* adapters */
adapter_type* adinbound; /* inbound adapter */
adapter_type* adoutbound; /* outbound adapter */
/* from signconf.xml */
signconf_type* signconf; /* signer configuration values */
/* zone data */
namedb_type* db;
ixfr_type* ixfr;
/* zone transfers */
xfrd_type* xfrd;
notify_type* notify;
/* worker variables */
void* task; /* next assigned task */
/* statistics */
stats_type* stats;
lock_basic_type zone_lock;
lock_basic_type xfr_lock;
};
/**
* Create a new zone.
* \param[in] name zone name
* \param[in] klass zone class
* \return zone_type* zone
*
*/
zone_type* zone_create(char* name, ldns_rr_class klass);
/**
* Load signer configuration for zone.
* \param[in] zone zone
* \param[out] new_signconf new signer configuration
* \return ods_status status
* ODS_STATUS_OK: new signer configuration loaded
* ODS_STATUS_UNCHANGED: signer configuration has not changed
* other: signer configuration not loaded, error occurred
*
*/
ods_status zone_load_signconf(zone_type* zone, signconf_type** new_signconf);
/**
* Reschedule task for zone.
* \param[in] zone zone
* \param[in] taskq task queue
* \param[in] what new task identifier
* \return ods_status status
*
*/
ods_status zone_reschedule_task(zone_type* zone, schedule_type* taskq,
task_id what);
/**
* Publish the keys as indicated by the signer configuration.
* \param[in] zone zone
* \return ods_status status
*
*/
ods_status zone_publish_dnskeys(zone_type* zone);
/**
* Unlink DNSKEY RRs.
* \param[in] zone zone
*
*/
void zone_rollback_dnskeys(zone_type* zone);
/**
* Publish the NSEC3 parameters as indicated by the signer configuration.
* \param[in] zone zone
* \return ods_status status
*
*/
ods_status zone_publish_nsec3param(zone_type* zone);
/**
* Unlink NSEC3PARAM RR.
* \param[in] zone zone
*
*/
void zone_rollback_nsec3param(zone_type* zone);
/**
* Prepare keys for signing.
* \param[in] zone zone
* \return ods_status status
*
*/
ods_status zone_prepare_keys(zone_type* zone);
/**
* Update serial.
* \param[in] zone zone
* \return ods_status status
*
*/
ods_status zone_update_serial(zone_type* zone);
/**
* Lookup RRset.
* \param[in] zone zone
* \param[in] owner RRset owner
* \param[in] type RRtype
* \return rrset_type* RRset, if found
*
*/
rrset_type* zone_lookup_rrset(zone_type* zone, ldns_rdf* owner,
ldns_rr_type type);
/**
* Add RR.
* \param[in] zone zone
* \param[in] rr rr
* \param[in] do_stats true if we need to maintain statistics
* \return ods_status status
* ODS_STATUS_OK: rr to be added to zone
* ODS_STATUS_UNCHANGED: rr not added to zone, rr already exists
* other: rr not added to zone, error occurred
*
*/
ods_status zone_add_rr(zone_type* zone, ldns_rr* rr, int do_stats);
/**
* Delete RR.
* \param[in] zone zone
* \param[in] rr rr
* \param[in] do_stats true if we need to maintain statistics
* \return ods_status status
* ODS_STATUS_OK: rr to be removed from zone
* ODS_STATUS_UNCHANGED: rr not removed from zone, rr does not exist
* other: rr not removed from zone, error occurred
*
*/
ods_status zone_del_rr(zone_type* zone, ldns_rr* rr, int do_stats);
/**
* Merge zones. Values that are merged:
* - policy name
* - signconf filename
* - input and output adapter
*
* \param[in] z1 zone
* \param[in] z2 zone with new values
*
*/
void zone_merge(zone_type* z1, zone_type* z2);
/**
* Clean up zone.
* \param[in] zone zone
*
*/
void zone_cleanup(zone_type* zone);
/**
* Backup zone.
* \param[in] zone corresponding zone
* \return ods_status status
*
*/
ods_status zone_backup2(zone_type* zone);
/**
* Recover zone from backup.
* \param[in] zone corresponding zone
*
*/
ods_status zone_recover2(zone_type* zone);
#endif /* SIGNER_ZONE_H */
�����������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/signer/denial.c���������������������������������������������������������0000644�0001750�0001750�00000024066�12650165732�015573� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2011 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Denial of Existence.
*
*/
#include "config.h"
#include "shared/log.h"
#include "signer/denial.h"
#include "signer/domain.h"
#include "signer/zone.h"
#define SE_MAX_RRTYPE_COUNT 65536
static const char* denial_str = "denial";
/**
* Create new Denial of Existence data point.
*
*/
denial_type*
denial_create(void* zoneptr, ldns_rdf* dname)
{
denial_type* denial = NULL;
zone_type* zone = (zone_type*) zoneptr;
if (!dname || !zoneptr) {
return NULL;
}
denial = (denial_type*) allocator_alloc(
zone->allocator, sizeof(denial_type));
if (!denial) {
ods_log_error("[%s] unable to create denial: allocator_alloc() "
"failed", denial_str);
return NULL;
}
denial->dname = dname;
denial->zone = zoneptr;
denial->domain = NULL; /* no back reference yet */
denial->node = NULL; /* not in db yet */
denial->rrset = NULL;
denial->bitmap_changed = 0;
denial->nxt_changed = 0;
return denial;
}
/**
* Create NSEC(3) Type Bitmaps Field.
*
*/
static void
denial_create_bitmap(denial_type* denial, ldns_rr_type types[],
size_t* types_count)
{
domain_type* domain = NULL;
rrset_type* rrset = NULL;
ods_log_assert(denial);
ods_log_assert(denial->domain);
domain = (domain_type*) denial->domain;
rrset = domain->rrsets;
while (rrset) {
ldns_rr_type dstatus = domain_is_occluded(domain);
if (dstatus == LDNS_RR_TYPE_SOA) {
/* Authoritative or delegation */
dstatus = domain_is_delegpt(domain);
if (dstatus == LDNS_RR_TYPE_SOA ||
rrset->rrtype == LDNS_RR_TYPE_NS ||
rrset->rrtype == LDNS_RR_TYPE_DS) {
types[*types_count] = rrset->rrtype;
*types_count = *types_count + 1;
}
}
rrset = rrset->next;
}
return;
}
/**
* Create NSEC3 Next Hashed Owner Name Field.
*
*/
static ldns_rdf*
denial_create_nsec3_nxt(ldns_rdf* nxt)
{
ldns_status status = LDNS_STATUS_OK;
ldns_rdf* next_owner_label = NULL;
ldns_rdf* next_owner_rdf = NULL;
char* next_owner_string = NULL;
ods_log_assert(nxt);
next_owner_label = ldns_dname_label(nxt, 0);
if (!next_owner_label) {
ods_log_alert("[%s] unable to create NSEC3 Next: "
"ldns_dname_label() failed", denial_str);
return NULL;
}
next_owner_string = ldns_rdf2str(next_owner_label);
if (!next_owner_string) {
ods_log_alert("[%s] unable to create NSEC3 Next: "
"ldns_rdf2str() failed", denial_str);
ldns_rdf_deep_free(next_owner_label);
return NULL;
}
if (next_owner_string[strlen(next_owner_string)-1] == '.') {
next_owner_string[strlen(next_owner_string)-1] = '\0';
}
status = ldns_str2rdf_b32_ext(&next_owner_rdf, next_owner_string);
if (status != LDNS_STATUS_OK) {
ods_log_alert("[%s] unable to create NSEC3 Next: "
"ldns_str2rdf_b32_ext() failed", denial_str);
}
free((void*)next_owner_string);
ldns_rdf_deep_free(next_owner_label);
return next_owner_rdf;
}
/**
* Create NSEC(3) RR.
*
*/
static ldns_rr*
denial_create_nsec(denial_type* denial, denial_type* nxt, uint32_t ttl,
ldns_rr_class klass, nsec3params_type* n3p)
{
ldns_rr* nsec_rr = NULL;
ldns_rr_type rrtype = LDNS_RR_TYPE_NSEC;
ldns_rr_type dstatus = LDNS_RR_TYPE_FIRST;
ldns_rdf* rdf = NULL;
domain_type* domain = NULL;
ldns_rr_type types[SE_MAX_RRTYPE_COUNT];
size_t types_count = 0;
int i = 0;
ods_log_assert(denial);
ods_log_assert(denial->dname);
ods_log_assert(nxt);
ods_log_assert(nxt->dname);
nsec_rr = ldns_rr_new();
if (!nsec_rr) {
ods_log_alert("[%s] unable to create NSEC(3) RR: "
"ldns_rr_new() failed", denial_str);
return NULL;
}
/* RRtype */
if (n3p) {
rrtype = LDNS_RR_TYPE_NSEC3;
}
ldns_rr_set_type(nsec_rr, rrtype);
/* owner */
rdf = ldns_rdf_clone(denial->dname);
if (!rdf) {
ods_log_alert("[%s] unable to create NSEC(3) RR: "
"ldns_rdf_clone(owner) failed", denial_str);
ldns_rr_free(nsec_rr);
return NULL;
}
ldns_rr_set_owner(nsec_rr, rdf);
/* NSEC3 parameters */
if (n3p) {
/* set all to NULL first, then call nsec3_add_param_rdfs. */
for (i=0; i < SE_NSEC3_RDATA_NSEC3PARAMS; i++) {
ldns_rr_push_rdf(nsec_rr, NULL);
}
ldns_nsec3_add_param_rdfs(nsec_rr, n3p->algorithm, n3p->flags,
n3p->iterations, n3p->salt_len, n3p->salt_data);
}
/* NXT */
if (n3p) {
rdf = denial_create_nsec3_nxt(nxt->dname);
} else {
rdf = ldns_rdf_clone(nxt->dname);
}
if (!rdf) {
ods_log_alert("[%s] unable to create NSEC(3) RR: "
"create next field failed", denial_str);
ldns_rr_free(nsec_rr);
return NULL;
}
ldns_rr_push_rdf(nsec_rr, rdf);
/* Type Bit Maps */
denial_create_bitmap(denial, types, &types_count);
if (n3p) {
domain = (domain_type*) denial->domain;
dstatus = domain_is_occluded(domain);
if (dstatus == LDNS_RR_TYPE_SOA) {
dstatus = domain_is_delegpt(domain);
if (dstatus != LDNS_RR_TYPE_NS && domain->rrsets) {
/* Authoritative domain, not empty: add RRSIGs */
types[types_count] = LDNS_RR_TYPE_RRSIG;
types_count++;
}
}
/* and don't add NSEC3 type... */
} else {
types[types_count] = LDNS_RR_TYPE_RRSIG;
types_count++;
types[types_count] = LDNS_RR_TYPE_NSEC;
types_count++;
}
rdf = ldns_dnssec_create_nsec_bitmap(types, types_count, rrtype);
if (!rdf) {
ods_log_alert("[%s] unable to create NSEC(3) RR: "
"ldns_dnssec_create_nsec_bitmap() failed", denial_str);
ldns_rr_free(nsec_rr);
return NULL;
}
ldns_rr_push_rdf(nsec_rr, rdf);
ldns_rr_set_ttl(nsec_rr, ttl);
ldns_rr_set_class(nsec_rr, klass);
return nsec_rr;
}
/**
* Apply differences at denial.
*
*/
void
denial_diff(denial_type* denial)
{
if (denial && denial->rrset) {
rrset_diff(denial->rrset, 0, 0);
}
return;
}
/**
* Add NSEC(3) to the Denial of Existence data point.
*
*/
void
denial_add_rr(denial_type* denial, ldns_rr* rr)
{
rr_type* record = NULL;
zone_type* zone = NULL;
ods_log_assert(denial);
ods_log_assert(rr);
zone = (zone_type*) denial->zone;
ods_log_assert(zone);
ods_log_assert(zone->signconf);
if (!denial->rrset) {
if (zone->signconf->nsec3params) {
denial->rrset = rrset_create(denial->zone, LDNS_RR_TYPE_NSEC3);
} else {
denial->rrset = rrset_create(denial->zone, LDNS_RR_TYPE_NSEC);
}
if (!denial->rrset) {
ods_fatal_exit("[%s] unable to nsecify: rrset_create() failed",
denial_str);
}
}
ods_log_assert(denial->rrset);
record = rrset_add_rr(denial->rrset, rr);
ods_log_assert(record);
ods_log_assert(record->rr);
record->owner = (void*) denial;
denial_diff(denial);
denial->bitmap_changed = 0;
denial->nxt_changed = 0;
return;
}
/**
* Nsecify Denial of Existence data point.
*
*/
void
denial_nsecify(denial_type* denial, denial_type* nxt, uint32_t* num_added)
{
ldns_rr* nsec_rr = NULL;
zone_type* zone = NULL;
ods_log_assert(denial);
ods_log_assert(nxt);
zone = (zone_type*) denial->zone;
ods_log_assert(zone);
ods_log_assert(zone->signconf);
if (denial->nxt_changed || denial->bitmap_changed) {
/* create new NSEC(3) rr */
nsec_rr = denial_create_nsec(denial, nxt, zone->default_ttl,
zone->klass, zone->signconf->nsec3params);
if (!nsec_rr) {
ods_fatal_exit("[%s] unable to nsecify: denial_create_nsec() "
"failed", denial_str);
}
denial_add_rr(denial, nsec_rr);
if (num_added) {
(*num_added)++;
}
}
return;
}
/**
* Print Denial of Existence data point.
*
*/
void
denial_print(FILE* fd, denial_type* denial, ods_status* status)
{
if (!denial || !fd) {
if (status) {
ods_log_crit("[%s] unable to print denial: denial of fd missing",
denial_str);
*status = ODS_STATUS_ASSERT_ERR;
}
return;
}
if (denial->rrset) {
rrset_print(fd, denial->rrset, 0, status);
}
return;
}
/**
* Cleanup Denial of Existence data point.
*
*/
void
denial_cleanup(denial_type* denial)
{
zone_type* zone = NULL;
if (!denial) {
return;
}
zone = (zone_type*) denial->zone;
ldns_rdf_deep_free(denial->dname);
rrset_cleanup(denial->rrset);
allocator_deallocate(zone->allocator, (void*) denial);
return;
}
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/adapter/����������������������������������������������������������������0000755�0001750�0001750�00000000000�12650166152�014371� 5����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/adapter/adutil.c��������������������������������������������������������0000644�0001750�0001750�00000013617�12650165732�015752� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009-2011 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
*
* Adapter utilities.
*/
#include "config.h"
#include "adapter/adutil.h"
#include "shared/file.h"
#include "shared/log.h"
#include
static const char* adapter_str = "adapter";
/**
* Lookup SOA RR.
*
*/
ldns_rr*
adutil_lookup_soa_rr(FILE* fd)
{
ldns_rr *cur_rr = NULL;
char line[SE_ADFILE_MAXLINE];
ldns_status status = LDNS_STATUS_OK;
int line_len = 0;
unsigned int l = 0;
while (line_len >= 0) {
line_len = adutil_readline_frm_file(fd, (char*) line, &l, 0);
adutil_rtrim_line(line, &line_len);
if (line_len > 0) {
if (line[0] != ';') {
status = ldns_rr_new_frm_str(&cur_rr, line, 0, NULL, NULL);
if (status == LDNS_STATUS_OK) {
if (ldns_rr_get_type(cur_rr) == LDNS_RR_TYPE_SOA) {
return cur_rr;
} else {
ldns_rr_free(cur_rr);
cur_rr = NULL;
}
}
}
}
}
return NULL;
}
/**
* Read one line from zone file.
*
*/
int
adutil_readline_frm_file(FILE* fd, char* line, unsigned int* l,
int keep_comments)
{
int i = 0;
int li = 0;
int in_string = 0;
int depth = 0;
int comments = 0;
int c = 0;
int lc = 0;
for (i = 0; i < SE_ADFILE_MAXLINE; i++) {
c = ods_fgetc(fd, l);
if (comments) {
while (c != EOF && (char)c != '\n') {
c = ods_fgetc(fd, l);
}
}
if (c == EOF) {
if (depth != 0) {
ods_log_error("[%s] read line: bracket mismatch discovered at "
"line %i, missing ')'", adapter_str, l&&*l?*l:0);
}
if (li > 0) {
line[li] = '\0';
return li;
} else {
return -1;
}
} else if ((char)c == '"' && (char)lc != '\\') {
in_string = 1 - in_string; /* swap status */
line[li] = (char)c;
li++;
} else if ((char)c == '(') {
if (in_string) {
line[li] = (char)c;
li++;
} else if ((char)lc != '\\') {
depth++;
line[li] = ' ';
li++;
} else {
line[li] = (char)c;
li++;
}
} else if ((char)c == ')') {
if (in_string) {
line[li] = (char)c;
li++;
} else if ((char)lc != '\\') {
if (depth < 1) {
ods_log_error("[%s] read line: bracket mismatch "
"discovered at line %i, missing '('", adapter_str,
l&&*l?*l:0);
line[li] = '\0';
return li;
}
depth--;
line[li] = ' ';
li++;
} else {
line[li] = (char)c;
li++;
}
} else if ((char)c == ';') {
if (in_string) {
line[li] = (char)c;
li++;
} else if ((char)lc != '\\' && !keep_comments) {
comments = 1;
} else {
line[li] = (char)c;
li++;
}
} else if ((char)c == '\n' && (char)lc != '\\') {
comments = 0;
/* if no depth issue, we are done */
if (depth == 0) {
break;
}
line[li] = ' ';
li++;
} else {
line[li] = (char)c;
li++;
}
/* continue with line */
lc = c;
}
/* done */
if (depth != 0) {
ods_log_error("[%s] read line: bracket mismatch discovered at line %i,"
" missing ')'", adapter_str, l&&*l?*l:0);
return li;
}
line[li] = '\0';
return li;
}
/*
* Trim trailing whitespace.
*
*/
void
adutil_rtrim_line(char* line, int* line_len)
{
int i = strlen(line), nl = 0;
int trimmed = 0;
while (i>0) {
--i;
if (line[i] == '\n') {
nl = 1;
}
if (line[i] == ' ' || line[i] == '\t' || line[i] == '\n') {
line[i] = '\0';
trimmed++;
} else {
break;
}
}
if (nl) {
line[++i] = '\n';
}
*line_len -= trimmed;
return;
}
/**
* Check for white space.
*
*/
int
adutil_whitespace_line(char* line, int line_len)
{
int i;
for (i = 0; i < line_len; i++) {
if (!isspace((int)line[i])) {
return 0;
}
}
return 1;
}
�����������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/adapter/adfile.h��������������������������������������������������������0000644�0001750�0001750�00000003625�12650165732�015717� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* File Adapters.
*
*/
#ifndef ADAPTER_ADFILE_H
#define ADAPTER_ADFILE_H
#include "config.h"
#include "shared/allocator.h"
#include "shared/status.h"
#include
/**
* File adapter.
*
*/
/** NULL */
/**
* Read zone from input file adapter.
* \param[in] zone zone reference
* \return ods_status status
*
*/
ods_status adfile_read(void* zone);
/**
* Write zone to output file adapter.
* \param[in] zone zone reference
* \param[in] filename write to this specific file
* \return ods_status status
*
*/
ods_status adfile_write(void* zone, const char* filename);
#endif /* ADAPTER_ADFILE_H */
�����������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/adapter/adfile.c��������������������������������������������������������0000644�0001750�0001750�00000030456�12650165732�015714� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* File Adapters.
*
*/
#include "config.h"
#include "adapter/adapi.h"
#include "adapter/adapter.h"
#include "adapter/adfile.h"
#include "adapter/adutil.h"
#include "shared/duration.h"
#include "shared/file.h"
#include "shared/log.h"
#include "shared/status.h"
#include "shared/util.h"
#include "signer/zone.h"
#include
#include
#include
static const char* adapter_str = "adapter";
static ods_status adfile_read_file(FILE* fd, zone_type* zone);
/**
* Read the next RR from zone file.
*
*/
static ldns_rr*
adfile_read_rr(FILE* fd, zone_type* zone, char* line, ldns_rdf** orig,
ldns_rdf** prev, uint32_t* ttl, ldns_status* status, unsigned int* l)
{
ldns_rr* rr = NULL;
ldns_rdf* tmp = NULL;
FILE* fd_include = NULL;
int len = 0;
ods_status s = ODS_STATUS_OK;
uint32_t new_ttl = 0;
const char *endptr; /* unused */
int offset = 0;
adfile_read_line:
if (ttl) {
new_ttl = *ttl;
}
len = adutil_readline_frm_file(fd, line, l, 0);
adutil_rtrim_line(line, &len);
if (len >= 0) {
switch (line[0]) {
/* directive */
case '$':
if (strncmp(line, "$ORIGIN", 7) == 0 && isspace((int)line[7])) {
/* copy from ldns */
if (*orig) {
ldns_rdf_deep_free(*orig);
*orig = NULL;
}
offset = 8;
while (isspace((int)line[offset])) {
offset++;
}
tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME,
line + offset);
if (!tmp) {
/* could not parse what next to $ORIGIN */
*status = LDNS_STATUS_SYNTAX_DNAME_ERR;
return NULL;
}
*orig = tmp;
/* end copy from ldns */
goto adfile_read_line; /* perhaps next line is rr */
break;
} else if (strncmp(line, "$TTL", 4) == 0 &&
isspace((int)line[4])) {
/* override default ttl */
offset = 5;
while (isspace((int)line[offset])) {
offset++;
}
if (ttl) {
*ttl = ldns_str2period(line + offset, &endptr);
new_ttl = *ttl;
}
goto adfile_read_line; /* perhaps next line is rr */
break;
} else if (strncmp(line, "$INCLUDE", 8) == 0 &&
isspace((int)line[8])) {
/* dive into this file */
offset = 9;
while (isspace((int)line[offset])) {
offset++;
}
fd_include = ods_fopen(line + offset, NULL, "r");
if (fd_include) {
s = adfile_read_file(fd_include, zone);
ods_fclose(fd_include);
} else {
ods_log_error("[%s] unable to open include file %s",
adapter_str, (line+offset));
*status = LDNS_STATUS_SYNTAX_ERR;
return NULL;
}
if (s != ODS_STATUS_OK) {
*status = LDNS_STATUS_SYNTAX_ERR;
ods_log_error("[%s] error in include file %s",
adapter_str, (line+offset));
return NULL;
}
/* restore current ttl */
if (ttl) {
*ttl = new_ttl;
}
goto adfile_read_line; /* perhaps next line is rr */
break;
}
goto adfile_read_rr; /* this can be an owner name */
break;
/* comments, empty lines */
case ';':
case '\n':
goto adfile_read_line; /* perhaps next line is rr */
break;
/* let's hope its a RR */
default:
adfile_read_rr:
if (adutil_whitespace_line(line, len)) {
goto adfile_read_line; /* perhaps next line is rr */
break;
}
*status = ldns_rr_new_frm_str(&rr, line, new_ttl, *orig, prev);
if (*status == LDNS_STATUS_OK) {
return rr;
} else if (*status == LDNS_STATUS_SYNTAX_EMPTY) {
if (rr) {
ldns_rr_free(rr);
rr = NULL;
}
*status = LDNS_STATUS_OK;
goto adfile_read_line; /* perhaps next line is rr */
break;
} else {
ods_log_error("[%s] error parsing RR at line %i (%s): %s",
adapter_str, l&&*l?*l:0,
ldns_get_errorstr_by_id(*status), line);
while (len >= 0) {
len = adutil_readline_frm_file(fd, line, l, 0);
}
if (rr) {
ldns_rr_free(rr);
rr = NULL;
}
return NULL;
}
break;
}
}
/* -1, EOF */
*status = LDNS_STATUS_OK;
return NULL;
}
/**
* Read zone file.
*
*/
static ods_status
adfile_read_file(FILE* fd, zone_type* zone)
{
ods_status result = ODS_STATUS_OK;
ldns_rr* rr = NULL;
ldns_rdf* prev = NULL;
ldns_rdf* orig = NULL;
ldns_rdf* dname = NULL;
uint32_t ttl = 0;
uint32_t new_serial = 0;
ldns_status status = LDNS_STATUS_OK;
char line[SE_ADFILE_MAXLINE];
unsigned int line_update_interval = 100000;
unsigned int line_update = line_update_interval;
unsigned int l = 0;
ods_log_assert(fd);
ods_log_assert(zone);
/* $ORIGIN */
dname = adapi_get_origin(zone);
if (!dname) {
ods_log_error("[%s] error getting default value for $ORIGIN",
adapter_str);
return ODS_STATUS_ERR;
}
orig = ldns_rdf_clone(dname);
if (!orig) {
ods_log_error("[%s] error setting default value for $ORIGIN",
adapter_str);
return ODS_STATUS_ERR;
}
/* $TTL */
ttl = adapi_get_ttl(zone);
/* read RRs */
while ((rr = adfile_read_rr(fd, zone, line, &orig, &prev, &ttl,
&status, &l)) != NULL) {
/* check status */
if (status != LDNS_STATUS_OK) {
ods_log_error("[%s] error reading RR at line %i (%s): %s",
adapter_str, l, ldns_get_errorstr_by_id(status), line);
result = ODS_STATUS_ERR;
break;
}
/* debug update */
if (l > line_update) {
ods_log_debug("[%s] ...at line %i: %s", adapter_str, l, line);
line_update += line_update_interval;
}
/* SOA? */
if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_SOA) {
new_serial =
ldns_rdf2native_int32(ldns_rr_rdf(rr, SE_SOA_RDATA_SERIAL));
}
/* add to the database */
result = adapi_add_rr(zone, rr, 0);
if (result == ODS_STATUS_UNCHANGED) {
ods_log_debug("[%s] skipping RR at line %i (duplicate): %s",
adapter_str, l, line);
ldns_rr_free(rr);
rr = NULL;
result = ODS_STATUS_OK;
continue;
} else if (result != ODS_STATUS_OK) {
ods_log_error("[%s] error adding RR at line %i: %s",
adapter_str, l, line);
ldns_rr_free(rr);
rr = NULL;
break;
}
}
/* and done */
if (orig) {
ldns_rdf_deep_free(orig);
orig = NULL;
}
if (prev) {
ldns_rdf_deep_free(prev);
prev = NULL;
}
if (result == ODS_STATUS_OK && status != LDNS_STATUS_OK) {
ods_log_error("[%s] error reading RR at line %i (%s): %s",
adapter_str, l, ldns_get_errorstr_by_id(status), line);
result = ODS_STATUS_ERR;
}
/* input zone ok, set inbound serial and apply differences */
if (result == ODS_STATUS_OK) {
result = namedb_examine(zone->db);
if (result != ODS_STATUS_OK) {
ods_log_error("[%s] unable to read file: zonefile contains errors",
adapter_str);
return result;
}
adapi_set_serial(zone, new_serial);
}
return result;
}
/**
* Read zone from zonefile.
*
*/
ods_status
adfile_read(void* zone)
{
FILE* fd = NULL;
zone_type* adzone = (zone_type*) zone;
ods_status status = ODS_STATUS_OK;
if (!adzone || !adzone->adinbound || !adzone->adinbound->configstr) {
ods_log_error("[%s] unable to read file: no input adapter",
adapter_str);
return ODS_STATUS_ASSERT_ERR;
}
fd = ods_fopen(adzone->adinbound->configstr, NULL, "r");
if (!fd) {
return ODS_STATUS_FOPEN_ERR;
}
status = adfile_read_file(fd, adzone);
ods_fclose(fd);
if (status == ODS_STATUS_OK) {
adapi_trans_full(zone, 0);
}
return status;
}
/**
* Write zonefile.
*
*/
ods_status
adfile_write(void* zone, const char* filename)
{
FILE* fd = NULL;
char* tmpname = NULL;
zone_type* adzone = (zone_type*) zone;
ods_status status = ODS_STATUS_OK;
/* [start] sanity parameter checking */
if (!adzone || !adzone->adoutbound) {
ods_log_error("[%s] unable to write file: no output adapter",
adapter_str);
return ODS_STATUS_ASSERT_ERR;
}
if (!filename) {
ods_log_error("[%s] unable to write file: no filename given",
adapter_str);
return ODS_STATUS_ASSERT_ERR;
}
/* [end] sanity parameter checking */
/* [start] write zone */
tmpname = ods_build_path(filename, ".tmp", 0, 0);
if (!tmpname) {
return ODS_STATUS_MALLOC_ERR;
}
fd = ods_fopen(tmpname, NULL, "w");
if (fd) {
status = adapi_printzone(fd, adzone);
ods_fclose(fd);
if (status == ODS_STATUS_OK) {
if (adzone->adoutbound->error) {
ods_log_error("[%s] unable to write zone %s file %s: one or "
"more RR print failed", adapter_str, adzone->name,
filename);
/* clear error */
adzone->adoutbound->error = 0;
status = ODS_STATUS_FWRITE_ERR;
}
}
} else {
status = ODS_STATUS_FOPEN_ERR;
}
if (status == ODS_STATUS_OK) {
if (rename((const char*) tmpname, filename) != 0) {
ods_log_error("[%s] unable to write file: failed to rename %s "
"to %s (%s)", adapter_str, tmpname, filename, strerror(errno));
status = ODS_STATUS_RENAME_ERR;
}
}
free(tmpname);
/* [end] write zone */
return status;
}
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/adapter/addns.h���������������������������������������������������������0000644�0001750�0001750�00000007333�12650165732�015564� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* DNS Adapters.
*
*/
#ifndef ADAPTER_ADDNS_H
#define ADAPTER_ADDNS_H
#include "config.h"
#include "shared/allocator.h"
#include "shared/status.h"
#include "wire/acl.h"
#include "wire/tsig.h"
#include
#include
#include
/**
* DNS input adapter.
*
*/
typedef struct dnsin_struct dnsin_type;
struct dnsin_struct {
allocator_type* allocator;
acl_type* request_xfr;
acl_type* allow_notify;
tsig_type* tsig;
time_t last_modified;
};
/**
* DNS output adapter.
*
*/
typedef struct dnsout_struct dnsout_type;
struct dnsout_struct {
allocator_type* allocator;
acl_type* provide_xfr;
acl_type* do_notify;
tsig_type* tsig;
time_t last_modified;
};
/**
* Create DNS input adapter.
* \return dnsin_type* DNS input adapter
*
*/
dnsin_type* dnsin_create(void);
/**
* Create DNS output adapter.
* \return dnsout_type* DNS output adapter
*
*/
dnsout_type* dnsout_create(void);
/**
* Update DNS input adapter.
* \param[out] addns DNS input adapter
* \param[in] filename filename
* \param[out] last_mod last modified
* \return ods_status status
*
*/
ods_status dnsin_update(dnsin_type** addns, const char* filename,
time_t* last_mod);
/**
* Update DNS output adapter.
* \param[out] addns DNS output adapter
* \param[in] filename filename
* \param[out] last_mod last modified
* \return ods_status status
*
*/
ods_status dnsout_update(dnsout_type** addns, const char* filename,
time_t* last_mod);
/**
* Read the next RR from zone file.
* \param[in] fd file descriptor
* \param[in] line read line
* \param[in] orig origin
* \param[in] prev previous name
* \param[in] ttl default ttl
* \param[in] status status
* \param[out] l line count
* \return ldns_rr* RR
*
*/
ldns_rr* addns_read_rr(FILE* fd, char* line, ldns_rdf** orig, ldns_rdf** prev,
uint32_t* ttl, ldns_status* status, unsigned int* l);
/**
* Read zone from DNS input adapter.
* \param[in] zone zone reference
* \return ods_status status
*
*/
ods_status addns_read(void* zone);
/**
* Write zone to DNS output adapter.
* \param[in] zone zone reference
* \return ods_status status
*
*/
ods_status addns_write(void* zone);
/**
* Clean up DNS input adapter.
* \param[in] addns DNS input adapter
*
*/
void dnsin_cleanup(dnsin_type* addns);
/**
* Clean up DNS output adapter.
* \param[in] addns DNS output adapter
*
*/
void dnsout_cleanup(dnsout_type* addns);
#endif /* ADAPTER_ADDNS_H */
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/adapter/adutil.h��������������������������������������������������������0000644�0001750�0001750�00000004461�12650165732�015754� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009-2011 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
*
* Adapter utilities.
*/
#ifndef ADAPTER_ADUTIL_H
#define ADAPTER_ADUTIL_H
#include "config.h"
#include
#include
#define SE_ADFILE_MAXLINE 65535
/**
* Lookup SOA RR.
* \param[in] fd file descriptor
* \return ldns_rr* SOA RR
*
*/
ldns_rr* adutil_lookup_soa_rr(FILE* fd);
/**
* Read one line from file.
* \param[in] fd file descriptor of zonefile
* \param[out] line the one line
* \param[out] l keeps track of line numbers
* \param[in] keep_comments if true, keep comments
* \return int number of characters read
*
*/
int adutil_readline_frm_file(FILE* fd, char* line, unsigned int* l,
int keep_comments);
/*
* Trim trailing whitespace.
* \param[in] line line to be trimmed
* \param[out] line_len maintain line length
*
*/
void adutil_rtrim_line(char* line, int* line_len);
/**
* Check for white space.
* \param[in] line line to be checked
* \param[in] line_len line length
*
*/
int adutil_whitespace_line(char* line, int line_len);
#endif /* ADAPTER_ADUTIL_H */
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/adapter/adapter.h�������������������������������������������������������0000644�0001750�0001750�00000005723�12650165732�016114� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Inbound and Outbound Adapters.
*
*/
#ifndef ADAPTER_ADAPTER_H
#define ADAPTER_ADAPTER_H
#include "config.h"
#include "adapter/addns.h"
#include "adapter/adfile.h"
#include "shared/allocator.h"
#include "shared/status.h"
#include
/** Adapter mode. */
enum adapter_mode_enum
{
ADAPTER_FILE = 1,
ADAPTER_DNS
};
typedef enum adapter_mode_enum adapter_mode;
/**
* Adapter.
*
*/
typedef struct adapter_struct adapter_type;
struct adapter_struct {
allocator_type* allocator;
adapter_mode type;
time_t config_last_modified;
const char* configstr;
void* config;
unsigned inbound : 1;
unsigned error : 1;
};
/**
* Create new adapter.
* \param[in] str configuration string
* \param[in] type type of adapter
* \param[in] in inbound or not (thus outbound)
* \return adapter_type* created adapter
*
*/
adapter_type* adapter_create(const char* str, adapter_mode type, unsigned in);
/**
* Load configuration.
* \param[in] adapter adapter
* \return ods_status status
*
*/
ods_status adapter_load_config(adapter_type* adapter);
/**
* Compare adapters.
* \param[in] a1 adapter 1
* \param[in] a2 adapter 2
* \return int 0 on equal, -1 if a1 < a2, 1 if a1 > a2
*
*/
int adapter_compare(adapter_type* a1, adapter_type* a2);
/**
* Read zone from input adapter.
* \param[in] zone zone
* \return ods_status status
*
*/
ods_status adapter_read(void* zone);
/**
* Write zone to output adapter.
* \param[in] zone zone
* \return ods_status status
*
*/
ods_status adapter_write(void* zone);
/**
* Clean up adapter.
* \param[in] adapter adapter to cleanup
*
*/
void adapter_cleanup(adapter_type* adapter);
#endif /* ADAPTER_ADAPTER_H */
���������������������������������������������opendnssec-1.4.9/signer/src/adapter/addns.c���������������������������������������������������������0000644�0001750�0001750�00000073160�12650165732�015560� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* DNS Adapters.
*
*/
#include "config.h"
#include "adapter/adapi.h"
#include "adapter/adapter.h"
#include "adapter/addns.h"
#include "adapter/adutil.h"
#include "parser/addnsparser.h"
#include "parser/confparser.h"
#include "shared/duration.h"
#include "shared/file.h"
#include "shared/log.h"
#include "shared/status.h"
#include "shared/util.h"
#include "signer/zone.h"
#include "wire/notify.h"
#include "wire/xfrd.h"
#include
#include
#include
static const char* adapter_str = "adapter";
static ods_status addns_read_pkt(FILE* fd, zone_type* zone);
static ods_status addns_read_file(FILE* fd, zone_type* zone);
/**
* Read the next RR from zone file.
*
*/
ldns_rr*
addns_read_rr(FILE* fd, char* line, ldns_rdf** orig, ldns_rdf** prev,
uint32_t* ttl, ldns_status* status, unsigned int* l)
{
ldns_rr* rr = NULL;
int len = 0;
uint32_t new_ttl = 0;
addns_read_line:
if (ttl) {
new_ttl = *ttl;
}
len = adutil_readline_frm_file(fd, line, l, 1);
adutil_rtrim_line(line, &len);
if (len >= 0) {
switch (line[0]) {
/* no directives */
/* comments, empty lines */
case ';':
case '\n':
if (ods_strcmp(";;ENDPACKET", line) == 0) {
/* end of pkt */
*status = LDNS_STATUS_OK;
return NULL;
}
if (ods_strcmp(";;BEGINPACKET", line) == 0) {
/* begin packet but previous not ended, rollback */
*status = LDNS_STATUS_OK;
return NULL;
}
goto addns_read_line; /* perhaps next line is rr */
break;
/* let's hope its a RR */
default:
if (adutil_whitespace_line(line, len)) {
goto addns_read_line; /* perhaps next line is rr */
break;
}
*status = ldns_rr_new_frm_str(&rr, line, new_ttl, *orig, prev);
if (*status == LDNS_STATUS_OK) {
return rr;
} else if (*status == LDNS_STATUS_SYNTAX_EMPTY) {
if (rr) {
ldns_rr_free(rr);
rr = NULL;
}
*status = LDNS_STATUS_OK;
goto addns_read_line; /* perhaps next line is rr */
break;
} else {
ods_log_error("[%s] error parsing RR at line %i (%s): %s",
adapter_str, l&&*l?*l:0,
ldns_get_errorstr_by_id(*status), line);
while (len >= 0) {
len = adutil_readline_frm_file(fd, line, l, 0);
}
if (rr) {
ldns_rr_free(rr);
rr = NULL;
}
return NULL;
}
break;
}
}
/* -1, EOF */
*status = LDNS_STATUS_OK;
return NULL;
}
/**
* Read pkt from file.
*
*/
static ods_status
addns_read_pkt(FILE* fd, zone_type* zone)
{
ldns_rr* rr = NULL;
long startpos = 0;
long fpos = 0;
int len = 0;
uint32_t new_serial = 0;
uint32_t old_serial = 0;
uint32_t tmp_serial = 0;
ldns_rdf* prev = NULL;
ldns_rdf* orig = NULL;
ldns_rdf* dname = NULL;
uint32_t ttl = 0;
size_t rr_count = 0;
ods_status result = ODS_STATUS_OK;
ldns_status status = LDNS_STATUS_OK;
char line[SE_ADFILE_MAXLINE];
unsigned is_axfr = 0;
unsigned del_mode = 0;
unsigned soa_seen = 0;
unsigned line_update_interval = 100000;
unsigned line_update = line_update_interval;
unsigned l = 0;
char* xfrd;
char* fin;
char* fout;
ods_log_assert(fd);
ods_log_assert(zone);
ods_log_assert(zone->name);
fpos = ftell(fd);
len = adutil_readline_frm_file(fd, line, &l, 1);
if (len < 0) {
/* -1 EOF */
return ODS_STATUS_EOF;
}
adutil_rtrim_line(line, &len);
if (ods_strcmp(";;BEGINPACKET", line) != 0) {
ods_log_error("[%s] bogus xfrd file zone %s, missing ;;BEGINPACKET (was %s)",
adapter_str, zone->name, line);
return ODS_STATUS_ERR;
}
startpos = fpos;
fpos = ftell(fd);
begin_pkt:
rr_count = 0;
is_axfr = 0;
del_mode = 0;
soa_seen = 0;
/* $ORIGIN */
dname = adapi_get_origin(zone);
if (!dname) {
ods_log_error("[%s] error getting default value for $ORIGIN",
adapter_str);
return ODS_STATUS_ERR;
}
orig = ldns_rdf_clone(dname);
if (!orig) {
ods_log_error("[%s] error setting default value for $ORIGIN",
adapter_str);
return ODS_STATUS_ERR;
}
/* $TTL */
ttl = adapi_get_ttl(zone);
/* read RRs */
while ((rr = addns_read_rr(fd, line, &orig, &prev, &ttl, &status, &l))
!= NULL) {
/* update file position */
fpos = ftell(fd);
/* check status */
if (status != LDNS_STATUS_OK) {
ods_log_error("[%s] error reading RR at line %i (%s): %s",
adapter_str, l, ldns_get_errorstr_by_id(status), line);
result = ODS_STATUS_ERR;
break;
}
/* debug update */
if (l > line_update) {
ods_log_debug("[%s] ...at line %i: %s", adapter_str, l, line);
line_update += line_update_interval;
}
/* first RR: check if SOA and correct zone & serialno */
if (rr_count == 0) {
rr_count++;
if (ldns_rr_get_type(rr) != LDNS_RR_TYPE_SOA) {
ods_log_error("[%s] bad xfr, first rr is not soa",
adapter_str);
ldns_rr_free(rr);
rr = NULL;
result = ODS_STATUS_ERR;
break;
}
soa_seen++;
if (ldns_dname_compare(ldns_rr_owner(rr), zone->apex)) {
ods_log_error("[%s] bad xfr, soa dname not equal to zone "
"dname %s", adapter_str, zone->name);
ldns_rr_free(rr);
rr = NULL;
result = ODS_STATUS_ERR;
break;
}
tmp_serial =
ldns_rdf2native_int32(ldns_rr_rdf(rr, SE_SOA_RDATA_SERIAL));
old_serial = adapi_get_serial(zone);
/**
* Do we need to make this check? It is already done by xfrd.
* By not doing this check, retransfers will be taken into account.
*
if (!util_serial_gt(tmp_serial, old_serial) &&
zone->db->is_initialized) {
ods_log_info("[%s] zone %s is already up to date, have "
"serial %u, got serial %u", adapter_str, zone->name,
old_serial, tmp_serial);
new_serial = tmp_serial;
ldns_rr_free(rr);
rr = NULL;
result = ODS_STATUS_UPTODATE;
while (len >= 0) {
len = adutil_readline_frm_file(fd, line, &l, 1);
if (len && ods_strcmp(";;ENDPACKET", line) == 0) {
startpos = 0;
break;
}
}
break;
}
*
**/
ldns_rr_free(rr);
rr = NULL;
result = ODS_STATUS_OK;
continue;
}
/* second RR: if not soa, this is an AXFR */
if (rr_count == 1) {
if (ldns_rr_get_type(rr) != LDNS_RR_TYPE_SOA) {
ods_log_verbose("[%s] detected axfr serial=%u for zone %s",
adapter_str, tmp_serial, zone->name);
new_serial = tmp_serial;
is_axfr = 1;
del_mode = 0;
} else {
ods_log_verbose("[%s] detected ixfr serial=%u for zone %s",
adapter_str, tmp_serial, zone->name);
if (!util_serial_gt(tmp_serial, old_serial) &&
zone->db->is_initialized) {
ods_log_error("[%s] bad ixfr for zone %s, bad start serial %u",
adapter_str, zone->name, tmp_serial);
result = ODS_STATUS_ERR;
}
new_serial = tmp_serial;
tmp_serial =
ldns_rdf2native_int32(ldns_rr_rdf(rr, SE_SOA_RDATA_SERIAL));
ldns_rr_free(rr);
rr = NULL;
rr_count++;
if (tmp_serial < new_serial) {
del_mode = 1;
result = ODS_STATUS_OK;
continue;
} else {
ods_log_error("[%s] bad ixfr for zone %s, bad soa serial %u",
adapter_str, zone->name, tmp_serial);
result = ODS_STATUS_ERR;
break;
}
}
}
/* soa means swap */
rr_count++;
if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_SOA) {
if (!is_axfr) {
tmp_serial =
ldns_rdf2native_int32(ldns_rr_rdf(rr, SE_SOA_RDATA_SERIAL));
if (tmp_serial <= new_serial) {
if (tmp_serial == new_serial) {
soa_seen++;
}
del_mode = !del_mode;
ldns_rr_free(rr);
rr = NULL;
result = ODS_STATUS_OK;
continue;
} else {
ods_log_assert(tmp_serial > new_serial);
ods_log_error("[%s] bad xfr for zone %s, bad soa serial",
adapter_str, zone->name);
ldns_rr_free(rr);
rr = NULL;
result = ODS_STATUS_ERR;
break;
}
} else {
/* for axfr */
soa_seen++;
}
}
/* [add to/remove from] the zone */
if (!is_axfr && del_mode) {
ods_log_deeebug("[%s] delete RR #%i at line %i: %s",
adapter_str, rr_count, l, line);
result = adapi_del_rr(zone, rr, 0);
ldns_rr_free(rr);
rr = NULL;
} else {
ods_log_deeebug("[%s] add RR #%i at line %i: %s",
adapter_str, rr_count, l, line);
result = adapi_add_rr(zone, rr, 0);
}
if (result == ODS_STATUS_UNCHANGED) {
ods_log_deeebug("[%s] skipping RR at line %i (%s): %s",
adapter_str, l, del_mode?"not found":"duplicate", line);
ldns_rr_free(rr);
rr = NULL;
result = ODS_STATUS_OK;
continue;
} else if (result != ODS_STATUS_OK) {
ods_log_error("[%s] error %s RR at line %i: %s",
adapter_str, del_mode?"deleting":"adding", l, line);
ldns_rr_free(rr);
rr = NULL;
break;
}
}
/* and done */
if (orig) {
ldns_rdf_deep_free(orig);
orig = NULL;
}
if (prev) {
ldns_rdf_deep_free(prev);
prev = NULL;
}
/* check again */
if (ods_strcmp(";;ENDPACKET", line) == 0) {
ods_log_verbose("[%s] xfr zone %s on disk complete, commit to db",
adapter_str, zone->name);
startpos = 0;
} else {
ods_log_warning("[%s] xfr zone %s on disk incomplete, rollback",
adapter_str, zone->name);
namedb_rollback(zone->db, 1);
if (ods_strcmp(";;BEGINPACKET", line) == 0) {
result = ODS_STATUS_OK;
startpos = fpos;
goto begin_pkt;
} else {
result = ODS_STATUS_XFRINCOMPLETE;
}
}
/* otherwise EOF */
if (result == ODS_STATUS_OK && status != LDNS_STATUS_OK) {
ods_log_error("[%s] error reading RR at line %i (%s): %s",
adapter_str, l, ldns_get_errorstr_by_id(status), line);
result = ODS_STATUS_ERR;
}
/* check the number of SOAs seen */
if (result == ODS_STATUS_OK) {
if ((is_axfr && soa_seen != 2) || (!is_axfr && soa_seen != 3)) {
ods_log_error("[%s] bad %s, wrong number of SOAs (%u)",
adapter_str, is_axfr?"axfr":"ixfr", soa_seen);
result = ODS_STATUS_ERR;
}
}
/* input zone ok, set inbound serial and apply differences */
if (result == ODS_STATUS_OK) {
adapi_set_serial(zone, new_serial);
if (is_axfr) {
adapi_trans_full(zone, 1);
} else {
adapi_trans_diff(zone, 1);
}
}
if (result == ODS_STATUS_UPTODATE) {
/* do a transaction for DNSKEY and NSEC3PARAM */
adapi_trans_diff(zone, 1);
result = ODS_STATUS_OK;
}
if (result == ODS_STATUS_XFRINCOMPLETE) {
/** we have to restore the incomplete zone transfer:
* xfrd = (xfrd.tmp + startpos) . (xfrd)
*/
xfrd = ods_build_path(zone->name, ".xfrd", 0, 1);
fin = ods_build_path(zone->name, ".xfrd.tmp", 0, 1);
fout = ods_build_path(zone->name, ".xfrd.bak", 0, 1);
if (!xfrd || !fin || !fout) {
return ODS_STATUS_MALLOC_ERR;
}
ods_log_debug("[%s] restore xfrd zone %s xfrd %s fin %s fout %s",
adapter_str, zone->name, xfrd, fin, fout);
result = ods_file_copy(fin, fout, startpos, 0);
if (result != ODS_STATUS_OK) {
ods_log_crit("[%s] unable to restore incomple xfr zone %s: %s",
adapter_str, zone->name, ods_status2str(result));
} else {
lock_basic_lock(&zone->xfrd->rw_lock);
if (ods_file_lastmodified(xfrd)) {
result = ods_file_copy(xfrd, fout, 0, 1);
if (result != ODS_STATUS_OK) {
ods_log_crit("[%s] unable to restore xfrd zone %s: %s",
adapter_str, zone->name, ods_status2str(result));
} else if (rename(fout, xfrd) != 0) {
result = ODS_STATUS_RENAME_ERR;
ods_log_crit("[%s] unable to restore xfrd zone %s: %s",
adapter_str, zone->name, ods_status2str(result));
}
} else if (rename(fout, xfrd) != 0) {
result = ODS_STATUS_RENAME_ERR;
ods_log_crit("[%s] unable to restore xfrd zone %s: %s",
adapter_str, zone->name, ods_status2str(result));
}
lock_basic_unlock(&zone->xfrd->rw_lock);
}
free((void*) xfrd);
free((void*) fin);
free((void*) fout);
result = ODS_STATUS_XFRINCOMPLETE;
}
return result;
}
/**
* Read pkt from file.
*
*/
static ods_status
addns_read_file(FILE* fd, zone_type* zone)
{
ods_status status = ODS_STATUS_OK;
while (status == ODS_STATUS_OK) {
status = addns_read_pkt(fd, zone);
if (status == ODS_STATUS_OK) {
lock_basic_lock(&zone->xfrd->serial_lock);
zone->xfrd->serial_xfr = adapi_get_serial(zone);
zone->xfrd->serial_xfr_acquired = zone->xfrd->serial_disk_acquired;
lock_basic_unlock(&zone->xfrd->serial_lock);
}
}
if (status == ODS_STATUS_EOF) {
status = ODS_STATUS_OK;
}
return status;
}
/**
* Create DNS input adapter.
*
*/
dnsin_type*
dnsin_create(void)
{
dnsin_type* addns = NULL;
allocator_type* allocator = allocator_create(malloc, free);
if (!allocator) {
ods_log_error("[%s] unable to create dnsin: allocator_create() "
" failed", adapter_str);
return NULL;
}
addns = (dnsin_type*) allocator_alloc(allocator, sizeof(dnsin_type));
if (!addns) {
ods_log_error("[%s] unable to create dnsin: allocator_alloc() "
" failed", adapter_str);
allocator_cleanup(allocator);
return NULL;
}
addns->allocator = allocator;
addns->request_xfr = NULL;
addns->allow_notify = NULL;
addns->tsig = NULL;
return addns;
}
/**
* Create DNS output adapter.
*
*/
dnsout_type*
dnsout_create(void)
{
dnsout_type* addns = NULL;
allocator_type* allocator = allocator_create(malloc, free);
if (!allocator) {
ods_log_error("[%s] unable to create dnsout: allocator_create() "
" failed", adapter_str);
return NULL;
}
addns = (dnsout_type*) allocator_alloc(allocator, sizeof(dnsout_type));
if (!addns) {
ods_log_error("[%s] unable to create dnsout: allocator_alloc() "
" failed", adapter_str);
allocator_cleanup(allocator);
return NULL;
}
addns->allocator = allocator;
addns->provide_xfr = NULL;
addns->do_notify = NULL;
addns->tsig = NULL;
return addns;
}
/**
* Read DNS input adapter.
*
*/
static ods_status
dnsin_read(dnsin_type* addns, const char* filename)
{
const char* rngfile = ODS_SE_RNGDIR "/addns.rng";
ods_status status = ODS_STATUS_OK;
FILE* fd = NULL;
if (!filename || !addns) {
return ODS_STATUS_ASSERT_ERR;
}
ods_log_debug("[%s] read dnsin file %s", adapter_str, filename);
status = parse_file_check(filename, rngfile);
if (status != ODS_STATUS_OK) {
ods_log_error("[%s] unable to read dnsin: parse error in "
"file %s (%s)", adapter_str, filename, ods_status2str(status));
return status;
}
fd = ods_fopen(filename, NULL, "r");
if (fd) {
addns->tsig = parse_addns_tsig(addns->allocator, filename);
addns->request_xfr = parse_addns_request_xfr(addns->allocator,
filename, addns->tsig);
addns->allow_notify = parse_addns_allow_notify(addns->allocator,
filename, addns->tsig);
ods_fclose(fd);
return ODS_STATUS_OK;
}
ods_log_error("[%s] unable to read dnsout: failed to open file %s",
adapter_str, filename);
return ODS_STATUS_ERR;
}
/**
* Update DNS input adapter.
*
*/
ods_status
dnsin_update(dnsin_type** addns, const char* filename, time_t* last_mod)
{
dnsin_type* new_addns = NULL;
time_t st_mtime = 0;
ods_status status = ODS_STATUS_OK;
if (!filename || !addns || !last_mod) {
return ODS_STATUS_UNCHANGED;
}
/* read the new signer configuration */
new_addns = dnsin_create();
if (!new_addns) {
ods_log_error("[%s] unable to update dnsin: dnsin_create() "
"failed", adapter_str);
return ODS_STATUS_ERR;
}
status = dnsin_read(new_addns, filename);
if (status == ODS_STATUS_OK) {
*addns = new_addns;
*last_mod = st_mtime;
} else {
ods_log_error("[%s] unable to update dnsin: dnsin_read(%s) "
"failed (%s)", adapter_str, filename, ods_status2str(status));
dnsin_cleanup(new_addns);
}
return status;
}
/**
* Read DNS output adapter.
*
*/
static ods_status
dnsout_read(dnsout_type* addns, const char* filename)
{
const char* rngfile = ODS_SE_RNGDIR "/addns.rng";
ods_status status = ODS_STATUS_OK;
FILE* fd = NULL;
if (!filename || !addns) {
return ODS_STATUS_ASSERT_ERR;
}
ods_log_debug("[%s] read dnsout file %s", adapter_str, filename);
status = parse_file_check(filename, rngfile);
if (status != ODS_STATUS_OK) {
ods_log_error("[%s] unable to read dnsout: parse error in "
"file %s (%s)", adapter_str, filename, ods_status2str(status));
return status;
}
fd = ods_fopen(filename, NULL, "r");
if (fd) {
addns->tsig = parse_addns_tsig(addns->allocator, filename);
addns->provide_xfr = parse_addns_provide_xfr(addns->allocator,
filename, addns->tsig);
addns->do_notify = parse_addns_do_notify(addns->allocator, filename,
addns->tsig);
ods_fclose(fd);
return ODS_STATUS_OK;
}
ods_log_error("[%s] unable to read dnsout: failed to open file %s",
adapter_str, filename);
return ODS_STATUS_ERR;
}
/**
* Update DNS output adapter.
*
*/
ods_status
dnsout_update(dnsout_type** addns, const char* filename, time_t* last_mod)
{
dnsout_type* new_addns = NULL;
time_t st_mtime = 0;
ods_status status = ODS_STATUS_OK;
if (!filename || !addns || !last_mod) {
return ODS_STATUS_UNCHANGED;
}
/* read the new signer configuration */
new_addns = dnsout_create();
if (!new_addns) {
ods_log_error("[%s] unable to update dnsout: dnsout_create() "
"failed", adapter_str);
return ODS_STATUS_ERR;
}
status = dnsout_read(new_addns, filename);
if (status == ODS_STATUS_OK) {
*addns = new_addns;
*last_mod = st_mtime;
} else {
ods_log_error("[%s] unable to update dnsout: dnsout_read(%s) "
"failed (%s)", adapter_str, filename, ods_status2str(status));
dnsout_cleanup(new_addns);
}
return status;
}
/**
* Send notifies.
*
*/
static void
dnsout_send_notify(void* zone)
{
zone_type* z = (zone_type*) zone;
rrset_type* rrset = NULL;
ldns_rr* soa = NULL;
if (!z->notify) {
ods_log_error("[%s] unable to send notify for zone %s: no notify "
"handler", adapter_str, z->name);
return;
}
ods_log_assert(z->adoutbound);
ods_log_assert(z->adoutbound->config);
ods_log_assert(z->adoutbound->type == ADAPTER_DNS);
ods_log_assert(z->db);
ods_log_assert(z->name);
ods_log_debug("[%s] enable notify for zone %s serial %u", adapter_str,
z->name, z->db->intserial);
rrset = zone_lookup_rrset(z, z->apex, LDNS_RR_TYPE_SOA);
ods_log_assert(rrset);
soa = ldns_rr_clone(rrset->rrs[0].rr);
notify_enable(z->notify, soa);
return;
}
/**
* Read zone from DNS Input Adapter.
*
*/
ods_status
addns_read(void* zone)
{
zone_type* z = (zone_type*) zone;
ods_status status = ODS_STATUS_OK;
char* xfrfile = NULL;
char* file = NULL;
FILE* fd = NULL;
ods_log_assert(z);
ods_log_assert(z->name);
ods_log_assert(z->xfrd);
ods_log_assert(z->db);
ods_log_assert(z->adinbound);
ods_log_assert(z->adinbound->type == ADAPTER_DNS);
lock_basic_lock(&z->xfrd->rw_lock);
lock_basic_lock(&z->xfrd->serial_lock);
/* did we already store a new zone transfer on disk? */
if (!z->xfrd->serial_disk_acquired ||
z->xfrd->serial_disk_acquired <= z->xfrd->serial_xfr_acquired) {
if (!z->xfrd->serial_disk_acquired) {
lock_basic_unlock(&z->xfrd->serial_lock);
lock_basic_unlock(&z->xfrd->rw_lock);
return ODS_STATUS_XFR_NOT_READY;
}
lock_basic_unlock(&z->xfrd->serial_lock);
lock_basic_unlock(&z->xfrd->rw_lock);
/* do a transaction for DNSKEY and NSEC3PARAM */
adapi_trans_diff(z, 0);
ods_log_verbose("[%s] no new xfr ready for zone %s", adapter_str,
z->name);
return ODS_STATUS_UNCHANGED;
}
/* copy zone transfers */
xfrfile = ods_build_path(z->name, ".xfrd", 0, 1);
file = ods_build_path(z->name, ".xfrd.tmp", 0, 1);
if (!xfrfile || !file) {
free(xfrfile);
free(file);
lock_basic_unlock(&z->xfrd->serial_lock);
lock_basic_unlock(&z->xfrd->rw_lock);
ods_log_error("[%s] unable to build paths to xfrd files", adapter_str);
return ODS_STATUS_MALLOC_ERR;
}
if (rename(xfrfile, file) != 0) {
lock_basic_unlock(&z->xfrd->serial_lock);
lock_basic_unlock(&z->xfrd->rw_lock);
ods_log_error("[%s] unable to rename file %s to %s: %s", adapter_str,
xfrfile, file, strerror(errno));
free((void*) xfrfile);
free((void*) file);
return ODS_STATUS_RENAME_ERR;
}
lock_basic_unlock(&z->xfrd->serial_lock);
/* open copy of zone transfers to read */
fd = ods_fopen(file, NULL, "r");
free((void*) xfrfile);
if (!fd) {
lock_basic_unlock(&z->xfrd->rw_lock);
free((void*) file);
return ODS_STATUS_FOPEN_ERR;
}
lock_basic_unlock(&z->xfrd->rw_lock);
status = addns_read_file(fd, z);
if (status == ODS_STATUS_OK) {
/* clean up copy of zone transfer */
if (unlink((const char*) file) != 0) {
ods_log_error("[%s] unable to unlink zone transfer copy file %s: "
" %s", adapter_str, strerror(errno));
/* should be no issue */
}
}
free((void*) file);
ods_fclose(fd);
return status;
}
/**
* Write to DNS Output Adapter.
*
*/
ods_status
addns_write(void* zone)
{
FILE* fd = NULL;
char* atmpfile = NULL;
char* axfrfile = NULL;
char* itmpfile = NULL;
char* ixfrfile = NULL;
zone_type* z = (zone_type*) zone;
int ret = 0;
ods_status status = ODS_STATUS_OK;
ods_log_assert(z);
ods_log_assert(z->name);
ods_log_assert(z->adoutbound);
ods_log_assert(z->adoutbound->type == ADAPTER_DNS);
atmpfile = ods_build_path(z->name, ".axfr.tmp", 0, 1);
if (!atmpfile) {
return ODS_STATUS_MALLOC_ERR;
}
fd = ods_fopen(atmpfile, NULL, "w");
if (!fd) {
free((void*) atmpfile);
return ODS_STATUS_FOPEN_ERR;
}
status = adapi_printaxfr(fd, z);
ods_fclose(fd);
if (status != ODS_STATUS_OK) {
free((void*) atmpfile);
return status;
}
if (z->db->is_initialized) {
itmpfile = ods_build_path(z->name, ".ixfr.tmp", 0, 1);
if (!itmpfile) {
free((void*) atmpfile);
return ODS_STATUS_MALLOC_ERR;
}
fd = ods_fopen(itmpfile, NULL, "w");
if (!fd) {
free((void*) atmpfile);
free((void*) itmpfile);
return ODS_STATUS_FOPEN_ERR;
}
status = adapi_printixfr(fd, z);
ods_fclose(fd);
if (status != ODS_STATUS_OK) {
free((void*) atmpfile);
free((void*) itmpfile);
return status;
}
}
if (status == ODS_STATUS_OK) {
if (z->adoutbound->error) {
ods_log_error("[%s] unable to write zone %s axfr: one or "
"more RR print failed", adapter_str, z->name);
/* clear error */
z->adoutbound->error = 0;
free((void*) atmpfile);
free((void*) itmpfile);
return ODS_STATUS_FWRITE_ERR;
}
}
/* lock and move */
axfrfile = ods_build_path(z->name, ".axfr", 0, 1);
if (!axfrfile) {
free((void*) atmpfile);
free((void*) itmpfile);
return ODS_STATUS_MALLOC_ERR;
}
lock_basic_lock(&z->xfr_lock);
ret = rename(atmpfile, axfrfile);
if (ret != 0) {
ods_log_error("[%s] unable to rename file %s to %s: %s", adapter_str,
atmpfile, axfrfile, strerror(errno));
lock_basic_unlock(&z->xfr_lock);
free((void*) atmpfile);
free((void*) axfrfile);
free((void*) itmpfile);
return ODS_STATUS_RENAME_ERR;
}
free((void*) axfrfile);
free((void*) atmpfile);
axfrfile = NULL;
atmpfile = NULL;
if (z->db->is_initialized) {
ixfrfile = ods_build_path(z->name, ".ixfr", 0, 1);
if (!ixfrfile) {
free((void*) axfrfile);
free((void*) atmpfile);
free((void*) itmpfile);
return ODS_STATUS_MALLOC_ERR;
}
ret = rename(itmpfile, ixfrfile);
if (ret != 0) {
ods_log_error("[%s] unable to rename file %s to %s: %s",
adapter_str, itmpfile, ixfrfile, strerror(errno));
lock_basic_unlock(&z->xfr_lock);
free((void*) itmpfile);
free((void*) ixfrfile);
return ODS_STATUS_RENAME_ERR;
}
free((void*) ixfrfile);
}
free((void*) itmpfile);
lock_basic_unlock(&z->xfr_lock);
dnsout_send_notify(zone);
return ODS_STATUS_OK;
}
/**
* Clean up DNS input adapter.
*
*/
void
dnsin_cleanup(dnsin_type* addns)
{
allocator_type* allocator = NULL;
if (!addns) {
return;
}
allocator = addns->allocator;
acl_cleanup(addns->request_xfr, allocator);
acl_cleanup(addns->allow_notify, allocator);
tsig_cleanup(addns->tsig, allocator);
allocator_deallocate(allocator, (void*) addns);
allocator_cleanup(allocator);
return;
}
/**
* Clean up DNS output adapter.
*
*/
void
dnsout_cleanup(dnsout_type* addns)
{
allocator_type* allocator = NULL;
if (!addns) {
return;
}
allocator = addns->allocator;
acl_cleanup(addns->provide_xfr, allocator);
acl_cleanup(addns->do_notify, allocator);
tsig_cleanup(addns->tsig, allocator);
allocator_deallocate(allocator, (void*) addns);
allocator_cleanup(allocator);
return;
}
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/adapter/adapter.c�������������������������������������������������������0000644�0001750�0001750�00000020431�12650165732�016100� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Inbound and Outbound Adapters.
*
*/
#include "adapter/adapter.h"
#include "shared/allocator.h"
#include "shared/file.h"
#include "shared/log.h"
#include "shared/status.h"
#include "signer/zone.h"
#include
static const char* adapter_str = "adapter";
/**
* Create a new adapter.
*
*/
adapter_type*
adapter_create(const char* str, adapter_mode type, unsigned in)
{
adapter_type* adapter = NULL;
allocator_type* allocator = NULL;
allocator = allocator_create(malloc, free);
if (!allocator) {
ods_log_error("[%s] unable to create adapter: allocator_create() "
"failed", adapter_str);
return NULL;
}
adapter = (adapter_type*) allocator_alloc(allocator, sizeof(adapter_type));
if (!adapter) {
ods_log_error("[%s] unable to create adapter: allocator_alloc() "
"failed", adapter_str);
allocator_cleanup(allocator);
return NULL;
}
adapter->allocator = allocator;
adapter->type = type;
adapter->inbound = in;
adapter->error = 0;
adapter->config = NULL;
adapter->config_last_modified = 0;
adapter->configstr = allocator_strdup(allocator, str);
if (!adapter->configstr) {
ods_log_error("[%s] unable to create adapter: allocator_strdup() "
"failed", adapter_str);
adapter_cleanup(adapter);
return NULL;
}
/* type specific */
switch(adapter->type) {
case ADAPTER_FILE:
break;
case ADAPTER_DNS:
if (adapter->inbound) {
adapter->config = (void*) dnsin_create();
if (!adapter->config) {
ods_log_error("[%s] unable to create adapter: "
"dnsin_create() failed", adapter_str);
adapter_cleanup(adapter);
return NULL;
}
} else {
adapter->config = (void*) dnsout_create();
if (!adapter->config) {
ods_log_error("[%s] unable to create adapter: "
"dnsout_create() failed", adapter_str);
adapter_cleanup(adapter);
return NULL;
}
}
break;
default:
break;
}
return adapter;
}
/**
* Load ACL.
*
*/
ods_status
adapter_load_config(adapter_type* adapter)
{
dnsin_type* dnsin = NULL;
dnsout_type* dnsout = NULL;
ods_status status = ODS_STATUS_OK;
if (!adapter || !adapter->configstr) {
return ODS_STATUS_ASSERT_ERR;
}
/* type specific */
switch(adapter->type) {
case ADAPTER_FILE:
break;
case ADAPTER_DNS:
ods_log_assert(adapter->config);
if (adapter->inbound) {
status = dnsin_update(&dnsin, adapter->configstr,
&adapter->config_last_modified);
if (status == ODS_STATUS_OK) {
ods_log_assert(dnsin);
dnsin_cleanup((dnsin_type*) adapter->config);
adapter->config = (void*) dnsin;
} else if (status != ODS_STATUS_UNCHANGED) {
return status;
}
return ODS_STATUS_OK;
} else { /* outbound */
status = dnsout_update(&dnsout, adapter->configstr,
&adapter->config_last_modified);
if (status == ODS_STATUS_OK) {
ods_log_assert(dnsout);
dnsout_cleanup((dnsout_type*) adapter->config);
adapter->config = (void*) dnsout;
} else if (status != ODS_STATUS_UNCHANGED) {
return status;
}
}
break;
default:
break;
}
return ODS_STATUS_OK;
}
/*
* Read zone from input adapter.
*
*/
ods_status
adapter_read(void* zone)
{
zone_type* adzone = (zone_type*) zone;
if (!adzone || !adzone->adinbound) {
ods_log_error("[%s] unable to read zone: no input adapter",
adapter_str);
return ODS_STATUS_ASSERT_ERR;
}
ods_log_assert(adzone->adinbound->configstr);
switch (adzone->adinbound->type) {
case ADAPTER_FILE:
ods_log_verbose("[%s] read zone %s from file input adapter %s",
adapter_str, adzone->name, adzone->adinbound->configstr);
return adfile_read(zone);
case ADAPTER_DNS:
ods_log_verbose("[%s] read zone %s from dns input adapter %s",
adapter_str, adzone->name, adzone->adinbound->configstr);
return addns_read(zone);
default:
ods_log_error("[%s] unable to read zone %s from adapter: unknown "
"adapter", adapter_str, adzone->name);
return ODS_STATUS_ERR;
}
/* not reached */
return ODS_STATUS_ERR;
}
/**
* Write zone to output adapter.
*
*/
ods_status
adapter_write(void* zone)
{
zone_type* adzone = (zone_type*) zone;
if (!adzone || !adzone->db || !adzone->adoutbound) {
ods_log_error("[%s] unable to write zone: no output adapter",
adapter_str);
return ODS_STATUS_ASSERT_ERR;
}
ods_log_assert(adzone->name);
ods_log_assert(adzone->adoutbound->configstr);
switch(adzone->adoutbound->type) {
case ADAPTER_FILE:
ods_log_verbose("[%s] write zone %s serial %u to output file "
"adapter %s", adapter_str, adzone->name,
adzone->db->intserial, adzone->adoutbound->configstr);
return adfile_write(zone, adzone->adoutbound->configstr);
case ADAPTER_DNS:
return addns_write(zone);
default:
ods_log_error("[%s] unable to write zone %s to adapter: unknown "
"adapter", adapter_str, adzone->name);
return ODS_STATUS_ERR;
}
/* not reached */
return ODS_STATUS_ERR;
}
/**
* Compare adapters.
*
*/
int
adapter_compare(adapter_type* a1, adapter_type* a2)
{
if (!a1 && !a2) {
return 0;
} else if (!a1) {
return -1;
} else if (!a2) {
return 1;
} else if (a1->inbound != a2->inbound) {
return a1->inbound - a2->inbound;
} else if (a1->type != a2->type) {
return a1->type - a2->type;
}
return ods_strcmp(a1->configstr, a2->configstr);
}
/**
* Clean up adapter.
*
*/
void
adapter_cleanup(adapter_type* adapter)
{
allocator_type* allocator = NULL;
if (!adapter) {
return;
}
allocator = adapter->allocator;
allocator_deallocate(allocator, (void*) adapter->configstr);
switch(adapter->type) {
case ADAPTER_FILE:
break;
case ADAPTER_DNS:
if (adapter->inbound) {
dnsin_cleanup((dnsin_type*) adapter->config);
} else { /* outbound */
dnsout_cleanup((dnsout_type*) adapter->config);
}
break;
default:
break;
}
allocator_deallocate(allocator, (void*) adapter);
allocator_cleanup(allocator);
return;
}
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/adapter/adapi.h���������������������������������������������������������0000644�0001750�0001750�00000006613�12650165732�015551� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009-2011 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
*
* Adapter API.
*/
#ifndef ADAPTER_ADAPI_H
#define ADAPTER_ADAPI_H
#include "config.h"
#include "shared/status.h"
#include "signer/zone.h"
#include
/**
* Get the inbound serial.
* \param[in] zone zone
* \return uint32_t inbound serial
*
*/
uint32_t adapi_get_serial(zone_type* zone);
/**
* Set the inbound serial.
* \param[in] zone zone
* \param[in] serial inbound serial
*
*/
void adapi_set_serial(zone_type* zone, uint32_t serial);
/**
* Get origin.
* \param[in] zone zone
* \return ldns_rdf* origin
*
*/
ldns_rdf* adapi_get_origin(zone_type* zone);
/**
* Get class.
* \param[in] zone zone
* \return ldns_rr_class class
*
*/
ldns_rr_class adapi_get_class(zone_type* zone);
/**
* Get ttl.
* \param[in] zone zone
* \return uint32_t ttl
*
*/
uint32_t adapi_get_ttl(zone_type* zone);
/*
* Do full zone transaction.
* \param[in] zone zone
* \param[in] more_coming more transactions are possible
*
*/
void adapi_trans_full(zone_type* zone, unsigned more_coming);
/*
* Do incremental zone transaction.
* \param[in] zone zone
* \param[in] more_coming more transactions are possible
*
*/
void adapi_trans_diff(zone_type* zone, unsigned more_coming);
/**
* Add RR.
* \param[in] zone zone
* \param[in] rr RR
* \param[in] backup from backup
* \return ods_status status
*
*/
ods_status adapi_add_rr(zone_type* zone, ldns_rr* rr, int backup);
/**
* Delete RR.
* \param[in] zone zone
* \param[in] rr RR
* \param[in] backup from backup
* \return ods_status status
*
*/
ods_status adapi_del_rr(zone_type* zone, ldns_rr* rr, int backup);
/**
* Print zonefile.
* \param[in] fd file descriptor
* \param[in] zone zone
* \return ods_status status
*
*/
ods_status adapi_printzone(FILE* fd, zone_type* zone);
/**
* Print axfr.
* \param[in] fd file descriptor
* \param[in] zone zone
* \return ods_status status
*
*/
ods_status adapi_printaxfr(FILE* fd, zone_type* zone);
/**
* Print ixfr.
* \param[in] fd file descriptor
* \param[in] zone zone
* \return ods_status status
*
*/
ods_status adapi_printixfr(FILE* fd, zone_type* zone);
#endif /* ADAPTER_ADAPI_H */
���������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/adapter/adapi.c���������������������������������������������������������0000644�0001750�0001750�00000026505�12650165732�015546� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009-2011 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
*
* Adapter API.
*/
#include "config.h"
#include "adapter/adapi.h"
#include "shared/duration.h"
#include "shared/log.h"
#include "shared/status.h"
#include "shared/util.h"
#include "signer/zone.h"
#include
static const char* adapi_str = "adapter";
/**
* Get the inbound serial.
*
*/
uint32_t
adapi_get_serial(zone_type* zone)
{
if (!zone || !zone->db) {
return 0;
}
return zone->db->inbserial;
}
/**
* Set the inbound serial.
*
*/
void
adapi_set_serial(zone_type* zone, uint32_t serial)
{
if (!zone || !zone->db) {
return;
}
zone->db->inbserial = serial;
return;
}
/**
* Get origin.
*
*/
ldns_rdf*
adapi_get_origin(zone_type* zone)
{
if (!zone) {
return NULL;
}
return zone->apex;
}
/**
* Get class.
*
*/
ldns_rr_class
adapi_get_class(zone_type* zone)
{
if (!zone) {
return LDNS_RR_CLASS_IN;
}
return zone->klass;
}
/**
* Get ttl.
*
*/
uint32_t
adapi_get_ttl(zone_type* zone)
{
if (!zone) {
return 0;
}
return zone->default_ttl;
}
/*
* Do full zone transaction.
*
*/
void
adapi_trans_full(zone_type* zone, unsigned more_coming)
{
time_t start = 0;
time_t end = 0;
uint32_t num_added = 0;
if (!zone || !zone->db) {
return;
}
namedb_diff(zone->db, 0, more_coming);
if (zone->stats) {
lock_basic_lock(&zone->stats->stats_lock);
zone->stats->nsec_time = 0;
zone->stats->nsec_count = 0;
lock_basic_unlock(&zone->stats->stats_lock);
}
start = time(NULL);
/* nsecify(3) */
namedb_nsecify(zone->db, &num_added);
end = time(NULL);
if (zone->stats) {
lock_basic_lock(&zone->stats->stats_lock);
if (!zone->stats->start_time) {
zone->stats->start_time = start;
}
zone->stats->nsec_time = (end-start);
zone->stats->nsec_count = num_added;
lock_basic_unlock(&zone->stats->stats_lock);
}
return;
}
/*
* Do incremental zone transaction.
*
*/
void
adapi_trans_diff(zone_type* zone, unsigned more_coming)
{
time_t start = 0;
time_t end = 0;
uint32_t num_added = 0;
if (!zone || !zone->db) {
return;
}
namedb_diff(zone->db, 1, more_coming);
if (zone->stats) {
lock_basic_lock(&zone->stats->stats_lock);
zone->stats->nsec_time = 0;
zone->stats->nsec_count = 0;
lock_basic_unlock(&zone->stats->stats_lock);
}
start = time(NULL);
/* nsecify(3) */
namedb_nsecify(zone->db, &num_added);
end = time(NULL);
if (zone->stats) {
lock_basic_lock(&zone->stats->stats_lock);
if (!zone->stats->start_time) {
zone->stats->start_time = start;
}
zone->stats->nsec_time = (end-start);
zone->stats->nsec_count = num_added;
lock_basic_unlock(&zone->stats->stats_lock);
}
return;
}
/**
* Process SOA.
*
*/
static ods_status
adapi_process_soa(zone_type* zone, ldns_rr* rr, int add, int backup)
{
uint32_t tmp = 0;
ldns_rdf* soa_rdata = NULL;
ods_status status = ODS_STATUS_OK;
ods_log_assert(rr);
ods_log_assert(zone);
ods_log_assert(zone->name);
ods_log_assert(zone->signconf);
if (backup) {
/* no need to do processing */
return ODS_STATUS_OK;
}
if (zone->signconf->soa_ttl) {
tmp = (uint32_t) duration2time(zone->signconf->soa_ttl);
ods_log_verbose("[%s] zone %s set soa ttl to %u",
adapi_str, zone->name, tmp);
ldns_rr_set_ttl(rr, tmp);
}
if (zone->signconf->soa_min) {
tmp = (uint32_t) duration2time(zone->signconf->soa_min);
ods_log_verbose("[%s] zone %s set soa minimum to %u",
adapi_str, zone->name, tmp);
soa_rdata = ldns_rr_set_rdf(rr,
ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, tmp),
SE_SOA_RDATA_MINIMUM);
if (soa_rdata) {
ldns_rdf_deep_free(soa_rdata);
soa_rdata = NULL;
} else {
ods_log_error("[%s] unable to %s soa to zone %s: failed to replace "
"soa minimum rdata", adapi_str, add?"add":"delete",
zone->name);
return ODS_STATUS_ASSERT_ERR;
}
}
if (!add) {
/* we are done */
return ODS_STATUS_OK;
}
tmp = ldns_rdf2native_int32(ldns_rr_rdf(rr, SE_SOA_RDATA_SERIAL));
status = namedb_update_serial(zone->db, zone->name,
zone->signconf->soa_serial, tmp);
if (status != ODS_STATUS_OK) {
ods_log_error("[%s] unable to add soa to zone %s: failed to replace "
"soa serial rdata (%s)", adapi_str, zone->name,
ods_status2str(status));
if (status == ODS_STATUS_CONFLICT_ERR) {
ods_log_error("[%s] If this is the result of a key rollover, "
"please increment the serial in the unsigned zone %s",
adapi_str, zone->name);
}
return status;
}
ods_log_verbose("[%s] zone %s set soa serial to %u", adapi_str,
zone->name, zone->db->intserial);
soa_rdata = ldns_rr_set_rdf(rr, ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32,
zone->db->intserial), SE_SOA_RDATA_SERIAL);
if (soa_rdata) {
ldns_rdf_deep_free(soa_rdata);
soa_rdata = NULL;
} else {
ods_log_error("[%s] unable to add soa to zone %s: failed to replace "
"soa serial rdata", adapi_str, zone->name);
return ODS_STATUS_ERR;
}
zone->db->serial_updated = 1;
return ODS_STATUS_OK;
}
/**
* Process DNSKEY.
*
*/
static void
adapi_process_dnskey(zone_type* zone, ldns_rr* rr)
{
uint32_t tmp = 0;
ods_log_assert(rr);
ods_log_assert(zone);
ods_log_assert(zone->name);
ods_log_assert(zone->signconf);
tmp = (uint32_t) duration2time(zone->signconf->dnskey_ttl);
ods_log_verbose("[%s] zone %s set dnskey ttl to %u",
adapi_str, zone->name, tmp);
ldns_rr_set_ttl(rr, tmp);
return;
}
/**
* Process RR.
*
*/
static ods_status
adapi_process_rr(zone_type* zone, ldns_rr* rr, int add, int backup)
{
ods_status status = ODS_STATUS_OK;
ods_log_assert(rr);
ods_log_assert(zone);
ods_log_assert(zone->name);
ods_log_assert(zone->db);
ods_log_assert(zone->signconf);
/* We only support IN class */
if (ldns_rr_get_class(rr) != LDNS_RR_CLASS_IN) {
ods_log_warning("[%s] only class in is supported, changing class "
"to in");
ldns_rr_set_class(rr, LDNS_RR_CLASS_IN);
}
/* RR processing */
if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_SOA) {
if (ldns_dname_compare(ldns_rr_owner(rr), zone->apex)) {
ods_log_error("[%s] unable to %s rr to zone: soa record has "
"invalid owner name", adapi_str, add?"add":"delete");
return ODS_STATUS_ERR;
}
status = adapi_process_soa(zone, rr, add, backup);
if (status != ODS_STATUS_OK) {
ods_log_error("[%s] unable to %s rr: failed to process soa "
"record", adapi_str, add?"add":"delete");
return status;
}
} else {
if (ldns_dname_compare(ldns_rr_owner(rr), zone->apex) &&
!ldns_dname_is_subdomain(ldns_rr_owner(rr), zone->apex)) {
ods_log_warning("[%s] zone %s contains out-of-zone data, "
"skipping", adapi_str, zone->name);
return ODS_STATUS_UNCHANGED;
} else if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_DNSKEY) {
adapi_process_dnskey(zone, rr);
} else if (util_is_dnssec_rr(rr) && !backup) {
ods_log_warning("[%s] zone %s contains dnssec data (type=%u), "
"skipping", adapi_str, zone->name,
(unsigned) ldns_rr_get_type(rr));
return ODS_STATUS_UNCHANGED;
}
}
/* TODO: DNAME and CNAME checks */
/* TODO: NS and DS checks */
if (add) {
return zone_add_rr(zone, rr, 1);
} else {
return zone_del_rr(zone, rr, 1);
}
/* not reached */
return ODS_STATUS_ERR;
}
/**
* Add RR.
*
*/
ods_status
adapi_add_rr(zone_type* zone, ldns_rr* rr, int backup)
{
return adapi_process_rr(zone, rr, 1, backup);
}
/**
* Delete RR.
*
*/
ods_status
adapi_del_rr(zone_type* zone, ldns_rr* rr, int backup)
{
return adapi_process_rr(zone, rr, 0, backup);
}
/**
* Print zone.
*
*/
ods_status
adapi_printzone(FILE* fd, zone_type* zone)
{
ods_status status = ODS_STATUS_OK;
if (!fd || !zone || !zone->db) {
ods_log_error("[%s] unable to print zone: file descriptor, zone or "
"name database missing", adapi_str);
return ODS_STATUS_ASSERT_ERR;
}
namedb_export(fd, zone->db, &status);
return status;
}
/**
* Print axfr.
*
*/
ods_status
adapi_printaxfr(FILE* fd, zone_type* zone)
{
rrset_type* rrset = NULL;
ods_status status = ODS_STATUS_OK;
if (!fd || !zone || !zone->db) {
ods_log_error("[%s] unable to print axfr: file descriptor, zone or "
"name database missing", adapi_str);
return ODS_STATUS_ASSERT_ERR;
}
namedb_export(fd, zone->db, &status);
if (status == ODS_STATUS_OK) {
rrset = zone_lookup_rrset(zone, zone->apex, LDNS_RR_TYPE_SOA);
ods_log_assert(rrset);
rrset_print(fd, rrset, 1, &status);
}
return status;
}
/**
* Print ixfr.
*
*/
ods_status
adapi_printixfr(FILE* fd, zone_type* zone)
{
rrset_type* rrset = NULL;
ods_status status = ODS_STATUS_OK;
if (!fd || !zone || !zone->db || !zone->ixfr) {
ods_log_error("[%s] unable to print ixfr: file descriptor, zone or "
"name database missing", adapi_str);
return ODS_STATUS_ASSERT_ERR;
}
if (!zone->db->is_initialized) {
/* no ixfr yet */
return ODS_STATUS_OK;
}
rrset = zone_lookup_rrset(zone, zone->apex, LDNS_RR_TYPE_SOA);
ods_log_assert(rrset);
rrset_print(fd, rrset, 1, &status);
if (status != ODS_STATUS_OK) {
return status;
}
lock_basic_lock(&zone->ixfr->ixfr_lock);
ixfr_print(fd, zone->ixfr);
lock_basic_unlock(&zone->ixfr->ixfr_lock);
rrset_print(fd, rrset, 1, &status);
return status;
}
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/scheduler/��������������������������������������������������������������0000755�0001750�0001750�00000000000�12650166152�014727� 5����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/scheduler/schedule.h����������������������������������������������������0000644�0001750�0001750�00000007523�12650165732�016626� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Task scheduling.
*
*/
#ifndef SCHEDULER_SCHEDULE_H
#define SCHEDULER_SCHEDULE_H
#include "config.h"
#include "scheduler/task.h"
#include "shared/allocator.h"
#include "shared/locks.h"
#include "shared/status.h"
#include
#include
#ifdef HAVE_SYS_TYPES_H
# include
#endif
#ifdef HAVE_UNISTD_H
# include
#endif
#include
/**
* Task schedule.
*/
typedef struct schedule_struct schedule_type;
struct schedule_struct {
allocator_type* allocator;
ldns_rbtree_t* tasks;
int flushcount;
int loading; /* to determine backoff */
lock_basic_type schedule_lock;
};
/**
* Create new schedule.
* \param[in] allocator memory allocator
* \return schedule_type* created schedule
*
*/
schedule_type* schedule_create(allocator_type* allocator);
/**
* Flush schedule.
* \param[in] schedule schedule to be flushed
* \param[in] override override task
*
*/
void schedule_flush(schedule_type* schedule, task_id override);
/**
* Look up task.
* \param[in] schedule schedule
* \param[in] task task
* \return task_type* task, if found
*
*/
task_type* schedule_lookup_task(schedule_type* schedule, task_type* task);
/**
* Schedule task.
* \param[in] schedule schedule
* \param[in] task task
* \param[in] log add entry in log for this
* \return ods_status status
*
*/
ods_status schedule_task(schedule_type* schedule, task_type* task, int log);
/**
* Unschedule task.
* \param[in] schedule schedule
* \param[in] task task to delete
* \return task_type* task, if it was scheduled
*
*/
task_type* unschedule_task(schedule_type* schedule, task_type* task);
/**
* Reschedule task.
* \param[in] schedule schedule
* \param[in] task task to delete
* \param[in] what new task
* \param[in] when new time
* \return ods_status status
*
*/
ods_status reschedule_task(schedule_type* schedule, task_type* task,
task_id what, time_t when);
/**
* Pop the first scheduled task.
* \param[in] schedule schedule
* \return task_type* popped task
*
*/
task_type* schedule_pop_task(schedule_type* schedule);
/**
* Get the first scheduled task.
* \param[in] schedule schedule
* \return task_type* first scheduled task
*
*/
task_type* schedule_get_first_task(schedule_type* schedule);
/**
* Print schedule.
* \param[in] out file descriptor
* \param[in] schedule schedule
*
*/
void schedule_print(FILE* out, schedule_type* schedule);
/**
* Clean up schedule.
* \param[in] schedule schedule to be cleaned up
*
*/
void schedule_cleanup(schedule_type* schedule);
#endif /* SCHEDULER_SCHEDULE_H */
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/scheduler/schedule.c����������������������������������������������������0000644�0001750�0001750�00000023150�12650165732�016613� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Task scheduling.
*
*/
#include "config.h"
#include "scheduler/schedule.h"
#include "scheduler/task.h"
#include "shared/duration.h"
#include "shared/log.h"
#include
static const char* schedule_str = "scheduler";
/**
* Create new schedule.
*
*/
schedule_type*
schedule_create(allocator_type* allocator)
{
schedule_type* schedule;
if (!allocator) {
return NULL;
}
schedule = (schedule_type*) allocator_alloc(allocator,
sizeof(schedule_type));
if (!schedule) {
ods_log_error("[%s] unable to create schedule: allocator_alloc() "
"failed", schedule_str);
return NULL;
}
schedule->allocator = allocator;
schedule->loading = 0;
schedule->flushcount = 0;
schedule->tasks = ldns_rbtree_create(task_compare);
if (!schedule->tasks) {
ods_log_error("[%s] unable to create schedule: ldns_rbtree_create() "
"failed", schedule_str);
allocator_deallocate(allocator, (void*) schedule);
return NULL;
}
lock_basic_init(&schedule->schedule_lock);
return schedule;
}
/**
* Flush schedule.
*
*/
void
schedule_flush(schedule_type* schedule, task_id override)
{
ldns_rbnode_t* node = LDNS_RBTREE_NULL;
task_type* task = NULL;
ods_log_debug("[%s] flush all tasks", schedule_str);
if (!schedule || !schedule->tasks) {
return;
}
node = ldns_rbtree_first(schedule->tasks);
while (node && node != LDNS_RBTREE_NULL) {
task = (task_type*) node->data;
task->flush = 1;
schedule->flushcount++;
if (override != TASK_NONE) {
task->what = override;
}
node = ldns_rbtree_next(node);
}
return;
}
/**
* Convert task to a tree node.
*
*/
static ldns_rbnode_t*
task2node(task_type* task)
{
ldns_rbnode_t* node = (ldns_rbnode_t*) malloc(sizeof(ldns_rbnode_t));
if (node) {
node->key = task;
node->data = task;
}
return node;
}
/**
* Look up task.
*
*/
task_type*
schedule_lookup_task(schedule_type* schedule, task_type* task)
{
ldns_rbnode_t* node = LDNS_RBTREE_NULL;
task_type* lookup = NULL;
if (!schedule || !task) {
return NULL;
}
ods_log_assert(schedule->tasks);
node = ldns_rbtree_search(schedule->tasks, task);
if (node && node != LDNS_RBTREE_NULL) {
lookup = (task_type*) node->data;
}
return lookup;
}
/**
* Schedule task.
*
*/
ods_status
schedule_task(schedule_type* schedule, task_type* task, int log)
{
ldns_rbnode_t* new_node = NULL;
ldns_rbnode_t* ins_node = NULL;
if (!task || !schedule || !schedule->tasks) {
return ODS_STATUS_ASSERT_ERR;
}
ods_log_debug("[%s] schedule task %s for zone %s", schedule_str,
task_what2str(task->what), task_who2str(task));
if (schedule_lookup_task(schedule, task) != NULL) {
ods_log_error("[%s] unable to schedule task %s for zone %s: "
" already present", schedule_str, task_what2str(task->what),
task_who2str(task));
return ODS_STATUS_ERR;
}
new_node = task2node(task);
if (!new_node) {
ods_log_error("[%s] unable to schedule task %s for zone %s: "
" task2node() failed", schedule_str, task_what2str(task->what),
task_who2str(task));
return ODS_STATUS_MALLOC_ERR;
}
ins_node = ldns_rbtree_insert(schedule->tasks, new_node);
if (!ins_node) {
ods_log_error("[%s] unable to schedule task %s for zone %s: "
" insert failed", schedule_str, task_what2str(task->what),
task_who2str(task));
free((void*)new_node);
return ODS_STATUS_ERR;
}
if (task->flush) {
schedule->flushcount++;
}
if (log) {
task_log(task);
}
return ODS_STATUS_OK;
}
/**
* Unschedule task.
*
*/
task_type*
unschedule_task(schedule_type* schedule, task_type* task)
{
ldns_rbnode_t* del_node = LDNS_RBTREE_NULL;
task_type* del_task = NULL;
if (!task || !schedule || !schedule->tasks) {
return NULL;
}
ods_log_debug("[%s] unschedule task %s for zone %s",
schedule_str, task_what2str(task->what), task_who2str(task));
del_node = ldns_rbtree_delete(schedule->tasks, (const void*) task);
if (del_node) {
del_task = (task_type*) del_node->data;
free((void*)del_node);
} else {
ods_log_warning("[%s] unable to unschedule task %s for zone %s: not "
"scheduled", schedule_str, task_what2str(task->what),
task_who2str(task));
return NULL;
}
if (del_task->flush) {
del_task->flush = 0;
schedule->flushcount--;
}
return del_task;
}
/**
* Reschedule task.
*
*/
ods_status
reschedule_task(schedule_type* schedule, task_type* task, task_id what,
time_t when)
{
task_type* del_task = NULL;
if (!task || !schedule || !schedule->tasks) {
return ODS_STATUS_ASSERT_ERR;
}
del_task = unschedule_task(schedule, task);
if (!del_task) {
del_task = task;
}
del_task->what = what;
del_task->when = when;
return schedule_task(schedule, del_task, 1);
}
/**
* Get the first scheduled task.
*
*/
task_type*
schedule_get_first_task(schedule_type* schedule)
{
ldns_rbnode_t* first_node = LDNS_RBTREE_NULL;
ldns_rbnode_t* node = LDNS_RBTREE_NULL;
task_type* pop = NULL;
if (!schedule || !schedule->tasks) {
return NULL;
}
first_node = ldns_rbtree_first(schedule->tasks);
if (!first_node) {
return NULL;
}
if (schedule->flushcount > 0) {
/* find remaining to be flushed tasks */
node = first_node;
while (node && node != LDNS_RBTREE_NULL) {
pop = (task_type*) node->data;
if (pop->flush) {
return pop;
}
node = ldns_rbtree_next(node);
}
/* no more to be flushed tasks found */
ods_log_warning("[%s] unable to get first scheduled task: could not "
"find flush-task, while there should be %i flush-tasks left",
schedule_str, schedule->flushcount);
ods_log_info("[%s] reset flush count to 0", schedule_str);
schedule->flushcount = 0;
}
/* no more tasks to be flushed, return first task in schedule */
pop = (task_type*) first_node->data;
return pop;
}
/**
* Pop the first scheduled task.
*
*/
task_type*
schedule_pop_task(schedule_type* schedule)
{
task_type* pop = NULL;
time_t now = 0;
if (!schedule || !schedule->tasks) {
return NULL;
}
now = time_now();
pop = schedule_get_first_task(schedule);
if (pop && (pop->flush || pop->when <= now)) {
if (pop->flush) {
ods_log_debug("[%s] flush task for zone %s", schedule_str,
task_who2str(pop));
} else {
ods_log_debug("[%s] pop task for zone %s", schedule_str,
task_who2str(pop));
}
return unschedule_task(schedule, pop);
}
return NULL;
}
/**
* Print schedule.
*
*/
void
schedule_print(FILE* out, schedule_type* schedule)
{
ldns_rbnode_t* node = LDNS_RBTREE_NULL;
task_type* task = NULL;
if (!out || !schedule || !schedule->tasks) {
return;
}
node = ldns_rbtree_first(schedule->tasks);
while (node && node != LDNS_RBTREE_NULL) {
task = (task_type*) node->data;
task_print(out, task);
node = ldns_rbtree_next(node);
}
fprintf(out, "\n");
return;
}
/**
* Internal task cleanup function.
*
*/
static void
task_delfunc(ldns_rbnode_t* elem)
{
task_type* task;
if (elem && elem != LDNS_RBTREE_NULL) {
task = (task_type*) elem->data;
task_delfunc(elem->left);
task_delfunc(elem->right);
task_cleanup(task);
free((void*)elem);
}
return;
}
/**
* Clean up schedule.
*
*/
void
schedule_cleanup(schedule_type* schedule)
{
allocator_type* allocator;
lock_basic_type schedule_lock;
if (!schedule) {
return;
}
ods_log_debug("[%s] cleanup schedule", schedule_str);
if (schedule->tasks) {
task_delfunc(schedule->tasks->root);
ldns_rbtree_free(schedule->tasks);
schedule->tasks = NULL;
}
allocator = schedule->allocator;
schedule_lock = schedule->schedule_lock;
allocator_deallocate(allocator, (void*) schedule);
lock_basic_destroy(&schedule_lock);
return;
}
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/scheduler/task.h��������������������������������������������������������0000644�0001750�0001750�00000006356�12650165732�015777� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Tasks.
*
*/
#ifndef SCHEDULER_TASK_H
#define SCHEDULER_TASK_H
#include "config.h"
#include "shared/allocator.h"
#include
enum task_id_enum {
TASK_NONE = 0,
TASK_SIGNCONF, /* ods-signer update */
TASK_READ, /* ods-signer sign */
TASK_NSECIFY,
TASK_SIGN, /* ods-signer flush */
TASK_WRITE
};
typedef enum task_id_enum task_id;
/**
* Task.
*/
typedef struct task_struct task_type;
struct task_struct {
allocator_type* allocator;
task_id what;
task_id interrupt;
task_id halted;
time_t when;
time_t halted_when;
time_t backoff;
int flush;
void* zone;
};
/**
* Create a new task.
* \param[in] what task identifier
* \param[in] when scheduled time
* \param[in] zone zone reference
* \return task_type* created task
*
*/
task_type* task_create(task_id what, time_t when, void* zone);
/**
* Backup task.
* \param[in] fd file descriptor
* \param[in] task task
*
*/
void task_backup(FILE* fd, task_type* task);
/**
* Compare tasks.
* \param[in] a one task
* \param[in] b another task
* \return int -1, 0 or 1
*
*/
int task_compare(const void* a, const void* b);
/**
* Convert task to string.
* \param[in] task task
* \param[out] buffer to store string-based task in
* \return string-format task
*
*/
char* task2str(task_type* task, char* buftask);
/**
* String-format of who.
* \param[in] what task identifier
* \return const char* string-format of what
*
*/
const char* task_what2str(task_id what);
/**
* String-format of who.
* \param[in] task task
* \return const char* string-format of who
*/
const char* task_who2str(task_type* task);
/**
* Print task.
* \param[in] out file descriptor
* \param[in] task task
*
*/
void task_print(FILE* out, task_type* task);
/**
* Log task.
* \param[in] task task
*
*/
void task_log(task_type* task);
/**
* Clean up task.
* \param[in] task task
*
*/
void task_cleanup(task_type* task);
#endif /* SCHEDULER_TASK_H */
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/scheduler/task.c��������������������������������������������������������0000644�0001750�0001750�00000015231�12650165732�015762� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Tasks.
*
*/
#include "config.h"
#include "scheduler/task.h"
#include "shared/allocator.h"
#include "shared/duration.h"
#include "shared/file.h"
#include "shared/log.h"
#include "signer/zone.h"
static const char* task_str = "task";
/**
* Create a new task.
*
*/
task_type*
task_create(task_id what, time_t when, void* zone)
{
allocator_type* allocator = NULL;
task_type* task = NULL;
if (!zone) {
return NULL;
}
allocator = allocator_create(malloc, free);
if (!allocator) {
ods_log_error("[%s] unable to create task: allocator_create() failed",
task_str);
return NULL;
}
task = (task_type*) allocator_alloc(allocator, sizeof(task_type));
if (!task) {
ods_log_error("[%s] unable to create task: allocator_alloc() failed",
task_str);
allocator_cleanup(allocator);
return NULL;
}
task->allocator = allocator;
task->what = what;
task->interrupt = TASK_NONE;
task->halted = TASK_NONE;
task->when = when;
task->halted_when = 0;
task->backoff = 0;
task->flush = 0;
task->zone = zone;
return task;
}
/**
* Backup task.
*
*/
void
task_backup(FILE* fd, task_type* task)
{
if (!fd || !task) {
return;
}
ods_log_assert(fd);
ods_log_assert(task);
fprintf(fd, ";;Task: when %u what %i interrupt %i halted %i backoff %i "
"flush %i\n",
(unsigned) task->when,
(int) task->what,
(int) task->interrupt,
(int) task->halted,
(unsigned) task->backoff,
task->flush);
return;
}
/**
* Compare tasks.
*
*/
int
task_compare(const void* a, const void* b)
{
task_type* x = (task_type*)a;
task_type* y = (task_type*)b;
zone_type* zx = NULL;
zone_type* zy = NULL;
ods_log_assert(x);
ods_log_assert(y);
zx = (zone_type*) x->zone;
zy = (zone_type*) y->zone;
if (!ldns_dname_compare((const void*) zx->apex,
(const void*) zy->apex)) {
/* if dname is the same, consider the same task */
return 0;
}
/* order task on time, what to do, dname */
if (x->when != y->when) {
return (int) x->when - y->when;
}
if (x->what != y->what) {
return (int) x->what - y->what;
}
/* this is unfair, it prioritizes zones that are first in canonical line */
return ldns_dname_compare((const void*) zx->apex,
(const void*) zy->apex);
}
/**
* String-format of what.
*
*/
const char*
task_what2str(task_id what)
{
switch (what) {
case TASK_NONE:
return "[ignore]";
break;
case TASK_SIGNCONF:
return "[configure]";
break;
case TASK_READ:
return "[read]";
break;
case TASK_SIGN:
return "[sign]";
break;
case TASK_WRITE:
return "[write]";
break;
default:
break;
}
return "[???]";
}
/**
* String-format of who.
*
*/
const char*
task_who2str(task_type* task)
{
zone_type* zone = NULL;
if (task) {
zone = (zone_type*) task->zone;
}
if (zone && zone->name) {
return zone->name;
}
return "(null)";
}
/**
* Convert task to string.
*
*/
char*
task2str(task_type* task, char* buftask)
{
char* strtime = NULL;
char* strtask = NULL;
if (task) {
strtime = ctime(&task->when);
if (strtime) {
strtime[strlen(strtime)-1] = '\0';
}
if (buftask) {
(void)snprintf(buftask, ODS_SE_MAXLINE, "%s %s I will %s zone %s"
"\n", task->flush?"Flush":"On", strtime?strtime:"(null)",
task_what2str(task->what), task_who2str(task));
return buftask;
} else {
strtask = (char*) calloc(ODS_SE_MAXLINE, sizeof(char));
if (strtask) {
snprintf(strtask, ODS_SE_MAXLINE, "%s %s I will %s zone %s\n",
task->flush?"Flush":"On", strtime?strtime:"(null)",
task_what2str(task->what), task_who2str(task));
return strtask;
} else {
ods_log_error("[%s] unable to convert task to string: malloc "
"error", task_str);
}
}
}
return NULL;
}
/**
* Print task.
*
*/
void
task_print(FILE* out, task_type* task)
{
char* strtime = NULL;
if (out && task) {
strtime = ctime(&task->when);
if (strtime) {
strtime[strlen(strtime)-1] = '\0';
}
fprintf(out, "%s %s I will %s zone %s\n",
task->flush?"Flush":"On", strtime?strtime:"(null)",
task_what2str(task->what), task_who2str(task));
}
return;
}
/**
* Log task.
*
*/
void
task_log(task_type* task)
{
char* strtime = NULL;
if (task) {
strtime = ctime(&task->when);
if (strtime) {
strtime[strlen(strtime)-1] = '\0';
}
ods_log_debug("[%s] %s %s I will %s zone %s", task_str,
task->flush?"Flush":"On", strtime?strtime:"(null)",
task_what2str(task->what), task_who2str(task));
}
return;
}
/**
* Clean up task.
*
*/
void
task_cleanup(task_type* task)
{
allocator_type* allocator;
if (!task) {
return;
}
allocator = task->allocator;
allocator_deallocate(allocator, (void*) task);
allocator_cleanup(allocator);
return;
}
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/scheduler/fifoq.h�������������������������������������������������������0000644�0001750�0001750�00000005544�12650165732�016137� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2011 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* FIFO Queue.
*
*/
#ifndef SCHEDULER_FIFOQ_H
#define SCHEDULER_FIFOQ_H
#include "config.h"
#include "daemon/worker.h"
#include "shared/allocator.h"
#include "shared/locks.h"
#include "shared/status.h"
#include
#include
#ifdef HAVE_SYS_TYPES_H
# include
#endif
#ifdef HAVE_UNISTD_H
# include
#endif
#include
#define FIFOQ_MAX_COUNT 1000
#define FIFOQ_TRIES_COUNT 10
/**
* FIFO Queue.
*/
typedef struct fifoq_struct fifoq_type;
struct fifoq_struct {
allocator_type* allocator;
void* blob[FIFOQ_MAX_COUNT];
worker_type* owner[FIFOQ_MAX_COUNT];
size_t count;
lock_basic_type q_lock;
cond_basic_type q_threshold;
cond_basic_type q_nonfull;
};
/**
* Create new FIFO queue.
* \param[in] allocator memory allocator
* \return fifoq_type* created queue
*
*/
fifoq_type* fifoq_create(allocator_type* allocator);
/**
* Wipe queue.
* \param[in] q queue to be wiped
*
*/
void fifoq_wipe(fifoq_type* q);
/**
* Pop item from queue.
* \param[in] q queue
* \param[out] worker worker that owns the item
* \return void* popped item
*
*/
void* fifoq_pop(fifoq_type* q, worker_type** worker);
/**
* Push item to queue.
* \param[in] q queue
* \param[in] item item
* \param[in] worker owner of item
* \param[out] tries number of tries
* \return ods_status status
*
*/
ods_status fifoq_push(fifoq_type* q, void* item, worker_type* worker,
int* tries);
/**
* Clean up queue.
* \param[in] q queue to be cleaned up
*
*/
void fifoq_cleanup(fifoq_type* q);
#endif /* SCHEDULER_FIFOQ_H */
������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/scheduler/fifoq.c�������������������������������������������������������0000644�0001750�0001750�00000010602�12650165732�016121� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2011 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* FIFO Queue.
*
*/
#include "config.h"
#include "scheduler/fifoq.h"
#include "shared/log.h"
#include
static const char* fifoq_str = "fifo";
/**
* Create new FIFO queue.
*
*/
fifoq_type*
fifoq_create(allocator_type* allocator)
{
fifoq_type* fifoq;
if (!allocator) {
return NULL;
}
fifoq = (fifoq_type*) allocator_alloc(allocator, sizeof(fifoq_type));
if (!fifoq) {
ods_log_error("[%s] unable to create fifoq: allocator_alloc() failed",
fifoq_str);
return NULL;
}
fifoq->allocator = allocator;
fifoq_wipe(fifoq);
lock_basic_init(&fifoq->q_lock);
lock_basic_set(&fifoq->q_threshold);
lock_basic_set(&fifoq->q_nonfull);
return fifoq;
}
/**
* Wipe queue.
*
*/
void
fifoq_wipe(fifoq_type* q)
{
size_t i = 0;
for (i=0; i < FIFOQ_MAX_COUNT; i++) {
q->blob[i] = NULL;
q->owner[i] = NULL;
}
q->count = 0;
return;
}
/**
* Pop item from queue.
*
*/
void*
fifoq_pop(fifoq_type* q, worker_type** worker)
{
void* pop = NULL;
size_t i = 0;
if (!q || q->count <= 0) {
return NULL;
}
pop = q->blob[0];
*worker = q->owner[0];
for (i = 0; i < q->count-1; i++) {
q->blob[i] = q->blob[i+1];
q->owner[i] = q->owner[i+1];
}
q->count -= 1;
if (q->count <= (size_t) FIFOQ_MAX_COUNT * 0.1) {
/**
* Notify waiting workers that they can start queuing again
* If no workers are waiting, this call has no effect.
*/
lock_basic_broadcast(&q->q_nonfull);
}
return pop;
}
/**
* Push item to queue.
*
*/
ods_status
fifoq_push(fifoq_type* q, void* item, worker_type* worker, int* tries)
{
if (!q || !item || !worker) {
return ODS_STATUS_ASSERT_ERR;
}
if (q->count >= FIFOQ_MAX_COUNT) {
/**
* #262:
* If drudgers remain on hold, do additional broadcast.
* If no drudgers are waiting, this call has no effect.
*/
if (*tries > FIFOQ_TRIES_COUNT) {
lock_basic_broadcast(&q->q_threshold);
ods_log_debug("[%s] queue full, notify drudgers again", fifoq_str);
/* reset tries */
*tries = 0;
}
return ODS_STATUS_UNCHANGED;
}
q->blob[q->count] = item;
q->owner[q->count] = worker;
q->count += 1;
if (q->count == 1) {
ods_log_deeebug("[%s] threshold %u reached, notify drudgers",
fifoq_str, q->count);
/* If no drudgers are waiting, this call has no effect. */
lock_basic_broadcast(&q->q_threshold);
}
return ODS_STATUS_OK;
}
/**
* Clean up queue.
*
*/
void
fifoq_cleanup(fifoq_type* q)
{
allocator_type* allocator;
lock_basic_type q_lock;
cond_basic_type q_threshold;
cond_basic_type q_nonfull;
if (!q) {
return;
}
allocator = q->allocator;
q_lock = q->q_lock;
q_threshold = q->q_threshold;
q_nonfull = q->q_nonfull;
allocator_deallocate(allocator, (void*) q);
lock_basic_off(&q_threshold);
lock_basic_off(&q_nonfull);
lock_basic_destroy(&q_lock);
return;
}
������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/daemon/�����������������������������������������������������������������0000755�0001750�0001750�00000000000�12650166152�014214� 5����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/daemon/dnshandler.c�����������������������������������������������������0000644�0001750�0001750�00000023056�12650165732�016433� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* DNS handler.
*
*/
#include "config.h"
#include "daemon/dnshandler.h"
#include "daemon/engine.h"
#include "shared/status.h"
#include "wire/buffer.h"
#include
#include
static const char* dnsh_str = "dnshandler";
static void dnshandler_handle_xfr(netio_type* netio,
netio_handler_type* handler, netio_events_type event_types);
/**
* Create dns handler.
*
*/
dnshandler_type*
dnshandler_create(allocator_type* allocator, listener_type* interfaces)
{
dnshandler_type* dnsh = NULL;
if (!allocator || !interfaces || interfaces->count <= 0) {
return NULL;
}
dnsh = (dnshandler_type*) allocator_alloc(allocator,
sizeof(dnshandler_type));
if (!dnsh) {
ods_log_error("[%s] unable to create dnshandler: "
"allocator_alloc() failed", dnsh_str);
return NULL;
}
dnsh->allocator = allocator;
dnsh->need_to_exit = 0;
dnsh->engine = NULL;
dnsh->interfaces = interfaces;
dnsh->socklist = NULL;
dnsh->netio = NULL;
dnsh->query = NULL;
/* setup */
dnsh->socklist = (socklist_type*) allocator_alloc(allocator,
sizeof(socklist_type));
if (!dnsh->socklist) {
ods_log_error("[%s] unable to create socklist: "
"allocator_alloc() failed", dnsh_str);
dnshandler_cleanup(dnsh);
return NULL;
}
dnsh->netio = netio_create(allocator);
if (!dnsh->netio) {
ods_log_error("[%s] unable to create dnshandler: "
"netio_create() failed", dnsh_str);
dnshandler_cleanup(dnsh);
return NULL;
}
dnsh->query = query_create();
if (!dnsh->query) {
ods_log_error("[%s] unable to create dnshandler: "
"query_create() failed", dnsh_str);
dnshandler_cleanup(dnsh);
return NULL;
}
dnsh->xfrhandler.fd = -1;
dnsh->xfrhandler.user_data = (void*) dnsh;
dnsh->xfrhandler.timeout = 0;
dnsh->xfrhandler.event_types = NETIO_EVENT_READ;
dnsh->xfrhandler.event_handler = dnshandler_handle_xfr;
return dnsh;
}
/**
* Start dns handler listener.
*
*/
ods_status
dnshandler_listen(dnshandler_type* dnshandler)
{
ods_status status = ODS_STATUS_OK;
ods_log_assert(dnshandler);
status = sock_listen(dnshandler->socklist, dnshandler->interfaces);
if (status != ODS_STATUS_OK) {
ods_log_error("[%s] unable to start: sock_listen() "
"failed (%s)", dnsh_str, ods_status2str(status));
dnshandler->thread_id = 0;
}
return status;
}
/**
* Start dns handler.
*
*/
void
dnshandler_start(dnshandler_type* dnshandler)
{
size_t i = 0;
engine_type* engine = NULL;
netio_handler_type* tcp_accept_handlers = NULL;
ods_log_assert(dnshandler);
ods_log_assert(dnshandler->engine);
ods_log_debug("[%s] start", dnsh_str);
/* udp */
for (i=0; i < dnshandler->interfaces->count; i++) {
struct udp_data* data = NULL;
netio_handler_type* handler = NULL;
data = (struct udp_data*) allocator_alloc(dnshandler->allocator,
sizeof(struct udp_data));
if (!data) {
ods_log_error("[%s] unable to start: allocator_alloc() "
"failed", dnsh_str);
dnshandler->thread_id = 0;
engine->need_to_exit = 1;
break;
}
data->query = dnshandler->query;
data->engine = dnshandler->engine;
data->socket = &dnshandler->socklist->udp[i];
handler = (netio_handler_type*) allocator_alloc(
dnshandler->allocator, sizeof(netio_handler_type));
if (!handler) {
ods_log_error("[%s] unable to start: allocator_alloc() "
"failed", dnsh_str);
allocator_deallocate(dnshandler->allocator, (void*)data);
dnshandler->thread_id = 0;
engine->need_to_exit = 1;
break;
}
handler->fd = dnshandler->socklist->udp[i].s;
handler->timeout = NULL;
handler->user_data = data;
handler->event_types = NETIO_EVENT_READ;
handler->event_handler = sock_handle_udp;
ods_log_debug("[%s] add udp network handler fd %u", dnsh_str,
(unsigned) handler->fd);
netio_add_handler(dnshandler->netio, handler);
}
/* tcp */
tcp_accept_handlers = (netio_handler_type*) allocator_alloc(
dnshandler->allocator,
dnshandler->interfaces->count * sizeof(netio_handler_type));
for (i=0; i < dnshandler->interfaces->count; i++) {
struct tcp_accept_data* data = NULL;
netio_handler_type* handler = NULL;
data = (struct tcp_accept_data*) allocator_alloc(
dnshandler->allocator, sizeof(struct tcp_accept_data));
if (!data) {
ods_log_error("[%s] unable to start: allocator_alloc() "
"failed", dnsh_str);
dnshandler->thread_id = 0;
engine->need_to_exit = 1;
return;
}
data->engine = dnshandler->engine;
data->socket = &dnshandler->socklist->udp[i];
data->tcp_accept_handler_count = dnshandler->interfaces->count;
data->tcp_accept_handlers = tcp_accept_handlers;
handler = &tcp_accept_handlers[i];
handler->fd = dnshandler->socklist->tcp[i].s;
handler->timeout = NULL;
handler->user_data = data;
handler->event_types = NETIO_EVENT_READ;
handler->event_handler = sock_handle_tcp_accept;
ods_log_debug("[%s] add tcp network handler fd %u", dnsh_str,
(unsigned) handler->fd);
netio_add_handler(dnshandler->netio, handler);
}
/* service */
while (dnshandler->need_to_exit == 0) {
ods_log_deeebug("[%s] netio dispatch", dnsh_str);
if (netio_dispatch(dnshandler->netio, NULL, NULL) == -1) {
if (errno != EINTR) {
ods_log_error("[%s] unable to dispatch netio: %s", dnsh_str,
strerror(errno));
break;
}
}
}
/* shutdown */
ods_log_debug("[%s] shutdown", dnsh_str);
for (i=0; i < dnshandler->interfaces->count; i++) {
if (dnshandler->socklist->udp[i].s != -1) {
close(dnshandler->socklist->udp[i].s);
freeaddrinfo((void*)dnshandler->socklist->udp[i].addr);
}
if (dnshandler->socklist->tcp[i].s != -1) {
close(dnshandler->socklist->tcp[i].s);
freeaddrinfo((void*)dnshandler->socklist->tcp[i].addr);
}
}
return;
}
/**
* Signal dns handler.
*
*/
void
dnshandler_signal(dnshandler_type* dnshandler)
{
if (dnshandler && dnshandler->thread_id) {
ods_thread_kill(dnshandler->thread_id, SIGHUP);
}
return;
}
/**
* Forward notify to zone transfer handler.
*
*/
void
dnshandler_fwd_notify(dnshandler_type* dnshandler, uint8_t* pkt, size_t len)
{
ssize_t nb = 0;
ods_log_assert(dnshandler);
ods_log_assert(pkt);
nb = send(dnshandler->xfrhandler.fd, (const void*) pkt, len, 0);
if (nb < 0) {
ods_log_error("[%s] unable to forward notify: send() failed (%s)",
dnsh_str, strerror(errno));
} else {
ods_log_debug("[%s] forwarded notify: %u bytes sent", dnsh_str, nb);
}
return;
}
/**
* Handle forwarded dns packets.
*
*/
static void
dnshandler_handle_xfr(netio_type* ATTR_UNUSED(netio),
netio_handler_type* handler, netio_events_type event_types)
{
dnshandler_type* dnshandler = NULL;
uint8_t buf[MAX_PACKET_SIZE];
ssize_t received = 0;
if (!handler) {
return;
}
dnshandler = (dnshandler_type*) handler->user_data;
ods_log_assert(event_types & NETIO_EVENT_READ);
received = read(dnshandler->xfrhandler.fd, &buf, MAX_PACKET_SIZE);
ods_log_debug("[%s] read forwarded xfr packet: %d bytes received",
dnsh_str, (int) received);
if (received == -1) {
ods_log_error("[%s] unable to forward xfr packet: %s", dnsh_str,
strerror(errno));
}
return;
}
/**
* Cleanup dns handler.
*
*/
void
dnshandler_cleanup(dnshandler_type* dnshandler)
{
allocator_type* allocator = NULL;
if (!dnshandler) {
return;
}
allocator = dnshandler->allocator;
netio_cleanup(dnshandler->netio);
query_cleanup(dnshandler->query);
allocator_deallocate(allocator, (void*) dnshandler->socklist);
allocator_deallocate(allocator, (void*) dnshandler);
return;
}
����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/daemon/cfg.c������������������������������������������������������������0000644�0001750�0001750�00000022167�12650165732�015052� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Signer engine configuration.
*
*/
#include "config.h"
#include "daemon/cfg.h"
#include "parser/confparser.h"
#include "shared/allocator.h"
#include "shared/file.h"
#include "shared/log.h"
#include "shared/status.h"
#include
#include
#include
static const char* conf_str = "config";
/**
* Configure engine.
*
*/
engineconfig_type*
engine_config(allocator_type* allocator, const char* cfgfile,
int cmdline_verbosity)
{
engineconfig_type* ecfg;
const char* rngfile = ODS_SE_RNGDIR "/conf.rng";
FILE* cfgfd = NULL;
if (!allocator || !cfgfile) {
return NULL;
}
/* check syntax (slows down parsing configuration file) */
if (parse_file_check(cfgfile, rngfile) != ODS_STATUS_OK) {
ods_log_error("[%s] unable to create config: parse error in %s",
conf_str, cfgfile);
return NULL;
}
/* open cfgfile */
cfgfd = ods_fopen(cfgfile, NULL, "r");
if (cfgfd) {
ods_log_verbose("[%s] read cfgfile: %s", conf_str, cfgfile);
/* create config */
ecfg = (engineconfig_type*) allocator_alloc(allocator,
sizeof(engineconfig_type));
if (!ecfg) {
ods_log_error("[%s] unable to create config: allocator_alloc() "
"failed", conf_str);
ods_fclose(cfgfd);
return NULL;
}
ecfg->allocator = allocator;
/* get values */
ecfg->cfg_filename = allocator_strdup(allocator, cfgfile);
ecfg->zonelist_filename = parse_conf_zonelist_filename(allocator,
cfgfile);
ecfg->log_filename = parse_conf_log_filename(allocator, cfgfile);
ecfg->pid_filename = parse_conf_pid_filename(allocator, cfgfile);
ecfg->notify_command = parse_conf_notify_command(allocator, cfgfile);
ecfg->clisock_filename = parse_conf_clisock_filename(allocator,
cfgfile);
ecfg->working_dir = parse_conf_working_dir(allocator, cfgfile);
ecfg->username = parse_conf_username(allocator, cfgfile);
ecfg->group = parse_conf_group(allocator, cfgfile);
ecfg->chroot = parse_conf_chroot(allocator, cfgfile);
ecfg->use_syslog = parse_conf_use_syslog(cfgfile);
ecfg->num_worker_threads = parse_conf_worker_threads(cfgfile);
ecfg->num_signer_threads = parse_conf_signer_threads(cfgfile);
/* If any verbosity has been specified at cmd line we will use that */
if (cmdline_verbosity > 0) {
ecfg->verbosity = cmdline_verbosity;
}
else {
ecfg->verbosity = parse_conf_verbosity(cfgfile);
}
ecfg->interfaces = parse_conf_listener(allocator, cfgfile);
/* done */
ods_fclose(cfgfd);
return ecfg;
}
ods_log_error("[%s] unable to create config: failed to open file %s",
conf_str, cfgfile);
return NULL;
}
/**
* Check configuration.
*
*/
ods_status
engine_config_check(engineconfig_type* config)
{
if (!config) {
ods_log_error("[%s] config-check failed: no config", conf_str);
return ODS_STATUS_CFG_ERR;
}
if (!config->cfg_filename) {
ods_log_error("[%s] config-check failed: no config filename",
conf_str);
return ODS_STATUS_CFG_ERR;
}
if (!config->zonelist_filename) {
ods_log_error("[%s] config-check failed: no zonelist filename",
conf_str);
return ODS_STATUS_CFG_ERR;
}
if (!config->clisock_filename) {
ods_log_error("[%s] config-check failed: no socket filename",
conf_str);
return ODS_STATUS_CFG_ERR;
}
if (!config->interfaces) {
ods_log_error("[%s] config-check failed: no listener",
conf_str);
return ODS_STATUS_CFG_ERR;
}
/* [TODO] room for more checks here */
return ODS_STATUS_OK;
}
/**
* Print configuration.
*
*/
void
engine_config_print(FILE* out, engineconfig_type* config)
{
if (!out) {
return;
}
fprintf(out, "\n");
if (config) {
fprintf(out, "\n");
/* Common */
fprintf(out, "\t\n");
if (config->use_syslog && config->log_filename) {
fprintf(out, "\t\t\n");
fprintf(out, "\t\t\t\n");
fprintf(out, "\t\t\t\t%s \n",
config->log_filename);
fprintf(out, "\t\t\t \n");
fprintf(out, "\t\t \n");
} else if (config->log_filename) {
fprintf(out, "\t\t\n");
fprintf(out, "\t\t\t\n");
fprintf(out, "\t\t\t\t%s \n",
config->log_filename);
fprintf(out, "\t\t\t \n");
fprintf(out, "\t\t \n");
}
fprintf(out, "\t\t%s \n",
config->zonelist_filename);
fprintf(out, "\t \n");
/* Signer */
fprintf(out, "\t\n");
if (config->username || config->group || config->chroot) {
fprintf(out, "\t\t\n");
if (config->username) {
fprintf(out, "\t\t%s \n", config->username);
}
if (config->group) {
fprintf(out, "\t\t%s \n", config->group);
}
if (config->chroot) {
fprintf(out, "\t\t%s \n",
config->chroot);
}
fprintf(out, "\t\t \n");
}
if (config->interfaces) {
size_t i = 0;
fprintf(out, "\t\t\n");
for (i=0; i < config->interfaces->count; i++) {
fprintf(out, "\t\t\t");
if (config->interfaces->interfaces[i].address) {
fprintf(out, "%s ",
config->interfaces->interfaces[i].address);
}
if (config->interfaces->interfaces[i].port) {
fprintf(out, "%s ",
config->interfaces->interfaces[i].port);
}
fprintf(out, "\n");
}
fprintf(out, "\t\t \n");
}
fprintf(out, "\t\t%s \n",
config->working_dir);
fprintf(out, "\t\t%i \n",
config->num_worker_threads);
fprintf(out, "\t\t%i \n",
config->num_signer_threads);
if (config->notify_command) {
fprintf(out, "\t\t%s \n",
config->notify_command);
}
fprintf(out, "\t \n");
fprintf(out, " \n");
/* make configurable:
- pid_filename
- clisock_filename
*/
}
return;
}
/**
* Clean up config.
*
*/
void
engine_config_cleanup(engineconfig_type* config)
{
allocator_type* allocator = NULL;
if (!config) {
return;
}
allocator = config->allocator;
listener_cleanup(config->interfaces);
allocator_deallocate(allocator, (void*) config->notify_command);
allocator_deallocate(allocator, (void*) config->cfg_filename);
allocator_deallocate(allocator, (void*) config->zonelist_filename);
allocator_deallocate(allocator, (void*) config->log_filename);
allocator_deallocate(allocator, (void*) config->pid_filename);
allocator_deallocate(allocator, (void*) config->clisock_filename);
allocator_deallocate(allocator, (void*) config->working_dir);
allocator_deallocate(allocator, (void*) config->username);
allocator_deallocate(allocator, (void*) config->group);
allocator_deallocate(allocator, (void*) config->chroot);
allocator_deallocate(allocator, (void*) config);
return;
}
���������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/daemon/signal.h���������������������������������������������������������0000644�0001750�0001750�00000003634�12650165732�015573� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Signal handling.
*
*/
#ifndef DAEMON_SIGNAL_H
#define DAEMON_SIGNAL_H
#include "config.h"
#include
#define SIGNAL_RUN 0
#define SIGNAL_INIT 1
#define SIGNAL_RELOAD 2
#define SIGNAL_SHUTDOWN 3
/**
* Set corresponding engine.
* \param[in] engine corresponding engine
*
*/
void signal_set_engine(void* engine);
/**
* Handle signals.
* \param[in] sig signal to handle
*
*/
void signal_handler(sig_atomic_t sig);
/**
* Capture signal.
* \param[in] dflsig default signal
* \return sig_atomic_t captured signal
*
*/
sig_atomic_t signal_capture(sig_atomic_t dflsig);
#endif /* DAEMON_SIGNAL_H */
����������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/daemon/cmdhandler.h�����������������������������������������������������0000644�0001750�0001750�00000004476�12650165732�016424� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Command handler.
*
*/
#ifndef DAEMON_CMDHANDLER_H
#define DAEMON_CMDHANDLER_H
#include "config.h"
#include "shared/allocator.h"
#include "shared/locks.h"
#include
#define ODS_SE_MAX_HANDLERS 5
typedef struct cmdhandler_struct cmdhandler_type;
struct cmdhandler_struct {
allocator_type* allocator;
void* engine;
struct sockaddr_un listen_addr;
ods_thread_type thread_id;
int listen_fd;
int client_fd;
int need_to_exit;
};
/**
* Create command handler.
* \param[in] allocator memory allocator
* \param[in] filename socket file name
* \return cmdhandler_type* created command handler
*
*/
cmdhandler_type* cmdhandler_create(allocator_type* allocator,
const char* filename);
/**
* Start command handler.
* \param[in] cmdhandler_type* command handler
*
*/
void cmdhandler_start(cmdhandler_type* cmdhandler);
/**
* Cleanup command handler.
* \param[in] cmdhandler_type* command handler
*
*/
void cmdhandler_cleanup(cmdhandler_type* cmdhandler);
#endif /* DAEMON_CMDHANDLER_H */
��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/daemon/cfg.h������������������������������������������������������������0000644�0001750�0001750�00000005765�12650165732�015064� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Signer engine configuration.
*
*/
#ifndef DAEMON_CONFIG_H
#define DAEMON_CONFIG_H
#include "config.h"
#include "shared/allocator.h"
#include "shared/locks.h"
#include "shared/status.h"
#include "wire/listener.h"
#include
/**
* Engine configuration.
*
*/
typedef struct engineconfig_struct engineconfig_type;
struct engineconfig_struct {
allocator_type* allocator;
listener_type* interfaces;
const char* cfg_filename;
const char* zonelist_filename;
const char* log_filename;
const char* pid_filename;
const char* notify_command;
const char* clisock_filename;
const char* working_dir;
const char* username;
const char* group;
const char* chroot;
int use_syslog;
int num_worker_threads;
int num_signer_threads;
int verbosity;
};
/**
* Configure engine.
* \param[in] allocator memory allocator
* \param[in] cfgfile config file
* \param[in] cmdline_verbosity log level
* \return engineconfig_type* engine configuration
*
*/
engineconfig_type* engine_config(allocator_type* allocator,
const char* cfgfile, int cmdline_verbosity);
/**
* Check configuration.
* \param[in] config engine configuration
* \return ods_status status
* ODS_STATUS_OK: configuration settings ok
* else: error in configuration settings
*
*/
ods_status engine_config_check(engineconfig_type* config);
/**
* Print engine configuration.
* \param[in] out output file descriptor
* \param[in] config engine configuration
*
*/
void engine_config_print(FILE* out, engineconfig_type* config);
/**
* Clean up config.
* \param[in] config engine configuration
*
*/
void engine_config_cleanup(engineconfig_type* config);
#endif /* DAEMON_CONFIG_H */
�����������opendnssec-1.4.9/signer/src/daemon/dnshandler.h�����������������������������������������������������0000644�0001750�0001750�00000006076�12650165732�016443� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* DNS handler.
*
*/
#ifndef DAEMON_DNSHANDLER_H
#define DAEMON_DNSHANDLER_H
#include "config.h"
#include "shared/allocator.h"
#include "shared/locks.h"
#include "shared/status.h"
#include "wire/listener.h"
#include "wire/netio.h"
#include "wire/query.h"
#include "wire/sock.h"
#include
#define ODS_SE_NOTIFY_CMD "NOTIFY"
#define ODS_SE_MAX_HANDLERS 5
typedef struct dnshandler_struct dnshandler_type;
struct dnshandler_struct {
allocator_type* allocator;
ods_thread_type thread_id;
void* engine;
listener_type* interfaces;
socklist_type* socklist;
netio_type* netio;
query_type* query;
netio_handler_type xfrhandler;
unsigned need_to_exit;
};
/**
* Create dns handler.
* \param[in] allocator memory allocator
* \param[in] interfaces list of interfaces
* \return dnshandler_type* created dns handler
*
*/
dnshandler_type* dnshandler_create(allocator_type* allocator,
listener_type* interfaces);
/**
* Start dns handler listener.
* \param[in] dnshandler_type* dns handler
* \return ods_status status
*
*/
ods_status dnshandler_listen(dnshandler_type* dnshandler);
/**
* Start dns handler.
* \param[in] dnshandler_type* dns handler
*
*/
void dnshandler_start(dnshandler_type* dnshandler);
/**
* Signal dns handler.
* \param[in] dnshandler_type* dns handler
*
*/
void dnshandler_signal(dnshandler_type* dnshandler);
/**
* Forward notify to zone transfer handler.
* \param[in] dnshandler_type* dns handler
* \param[in] pkt notify packet
* \param[in] len packet length
*
*/
void dnshandler_fwd_notify(dnshandler_type* dnshandler,
uint8_t* pkt, size_t len);
/**
* Cleanup dns handler.
* \param[in] dnshandler_type* dns handler
*
*/
void dnshandler_cleanup(dnshandler_type* dnshandler);
#endif /* DAEMON_DNSHANDLER_H */
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/daemon/engine.h���������������������������������������������������������0000644�0001750�0001750�00000006514�12650165732�015563� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* The engine.
*
*/
#ifndef DAEMON_ENGINE_H
#define DAEMON_ENGINE_H
#include "config.h"
#include "daemon/cfg.h"
#include "daemon/cmdhandler.h"
#include "daemon/dnshandler.h"
#include "daemon/xfrhandler.h"
#include "daemon/worker.h"
#include "scheduler/fifoq.h"
#include "scheduler/schedule.h"
#include "shared/allocator.h"
#include "shared/locks.h"
#include "signer/zonelist.h"
#include "wire/edns.h"
#include
/**
* Engine stuff.
*
*/
typedef struct engine_struct engine_type;
struct engine_struct {
allocator_type* allocator;
engineconfig_type* config;
worker_type** workers;
worker_type** drudgers;
zonelist_type* zonelist;
schedule_type* taskq;
fifoq_type* signq;
cmdhandler_type* cmdhandler;
dnshandler_type* dnshandler;
xfrhandler_type* xfrhandler;
edns_data_type edns;
int cmdhandler_done;
pid_t pid;
uid_t uid;
gid_t gid;
int daemonize;
int need_to_exit;
int need_to_reload;
sig_atomic_t signal;
cond_basic_type signal_cond;
lock_basic_type signal_lock;
};
/**
* Start engine.
* \param[in] cfgfile configuration file
* \param[in] cmdline_verbosity how many -v on the command line
* \param[in] daemonize to run as daemon or not
* \param[in] info print info and exit
* \param[in] single_run run once
*
*/
void engine_start(const char* cfgfile, int cmdline_verbosity,
int daemonize, int info, int single_run);
/**
* Start drudgers.
* \param[in] engine engine
*
*/
void engine_start_drudgers(engine_type* engine);
/**
* Stop drudgers.
* \param[in] engine engine
*
*/
void engine_stop_drudgers(engine_type* engine);
/**
* Wake up workers.
* \param[in] engine engine
*
*/
void engine_wakeup_workers(engine_type* engine);
/**
* Update zones.
* \param[in] engine engine
* \param[in] zl_changed whether the zonelist has changed or not
*
*/
void engine_update_zones(engine_type* engine, ods_status zl_changed);
/**
* Clean up engine.
* \param[in] engine engine
*
*/
void engine_cleanup(engine_type* engine);
#endif /* DAEMON_ENGINE_H */
������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/daemon/cmdhandler.c�����������������������������������������������������0000644�0001750�0001750�00000103061�12650165732�016405� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* Command handler.
*
*/
#include "daemon/cmdhandler.h"
#include "daemon/engine.h"
#include "shared/allocator.h"
#include "shared/file.h"
#include "shared/locks.h"
#include "shared/log.h"
#include "shared/status.h"
#include "shared/util.h"
#include
#include
#include
#include
#include
#include
#include
#include
#include
#ifdef HAVE_SYS_TYPES_H
# include
#endif
#include
/* According to earlier standards: select() sys/time.h sys/types.h unistd.h */
#include
#include
#define SE_CMDH_CMDLEN 7
#ifndef SUN_LEN
#define SUN_LEN(su) (sizeof(*(su)) - sizeof((su)->sun_path) + strlen((su)->sun_path))
#endif
static int count = 0;
static char* cmdh_str = "cmdhandler";
/**
* Handle the 'help' command.
*
*/
static void
cmdhandler_handle_cmd_help(int sockfd)
{
char buf[ODS_SE_MAXLINE];
(void) snprintf(buf, ODS_SE_MAXLINE,
"Commands:\n"
"zones Show the currently known zones.\n"
"sign [--serial ] Read zone and schedule for immediate "
"(re-)sign.\n"
" If a serial is given, that serial is used "
"in the output zone.\n"
"sign --all Read all zones and schedule all for "
"immediate (re-)sign.\n"
);
ods_writen(sockfd, buf, strlen(buf));
(void) snprintf(buf, ODS_SE_MAXLINE,
"clear Delete the internal storage of this "
"zone.\n"
" All signatures will be regenerated "
"on the next re-sign.\n"
"queue Show the current task queue.\n"
"flush Execute all scheduled tasks "
"immediately.\n"
);
ods_writen(sockfd, buf, strlen(buf));
(void) snprintf(buf, ODS_SE_MAXLINE,
"update Update this zone signer "
"configurations.\n"
"update [--all] Update zone list and all signer "
"configurations.\n"
"retransfer Retransfer the zone from the master.\n"
"start Start the engine.\n"
"running Check if the engine is running.\n"
"reload Reload the engine.\n"
"stop Stop the engine.\n"
"verbosity Set verbosity.\n"
);
ods_writen(sockfd, buf, strlen(buf));
return;
}
/**
* Handle the 'zones' command.
*
*/
static void
cmdhandler_handle_cmd_zones(int sockfd, cmdhandler_type* cmdc)
{
engine_type* engine = NULL;
char buf[ODS_SE_MAXLINE];
size_t i;
ldns_rbnode_t* node = LDNS_RBTREE_NULL;
zone_type* zone = NULL;
ods_log_assert(cmdc);
ods_log_assert(cmdc->engine);
engine = (engine_type*) cmdc->engine;
if (!engine->zonelist || !engine->zonelist->zones) {
(void)snprintf(buf, ODS_SE_MAXLINE, "I have no zones configured\n");
ods_writen(sockfd, buf, strlen(buf));
return;
}
/* how many zones */
lock_basic_lock(&engine->zonelist->zl_lock);
(void)snprintf(buf, ODS_SE_MAXLINE, "I have %i zones configured\n",
(int) engine->zonelist->zones->count);
ods_writen(sockfd, buf, strlen(buf));
/* list zones */
node = ldns_rbtree_first(engine->zonelist->zones);
while (node && node != LDNS_RBTREE_NULL) {
zone = (zone_type*) node->data;
for (i=0; i < ODS_SE_MAXLINE; i++) {
buf[i] = 0;
}
(void)snprintf(buf, ODS_SE_MAXLINE, "- %s\n", zone->name);
ods_writen(sockfd, buf, strlen(buf));
node = ldns_rbtree_next(node);
}
lock_basic_unlock(&engine->zonelist->zl_lock);
return;
}
/**
* Handle the 'update' command.
*
*/
static void
cmdhandler_handle_cmd_update(int sockfd, cmdhandler_type* cmdc,
const char* tbd)
{
engine_type* engine = NULL;
char buf[ODS_SE_MAXLINE];
ods_status status = ODS_STATUS_OK;
zone_type* zone = NULL;
ods_status zl_changed = ODS_STATUS_OK;
ods_log_assert(tbd);
ods_log_assert(cmdc);
ods_log_assert(cmdc->engine);
engine = (engine_type*) cmdc->engine;
ods_log_assert(engine->taskq);
if (ods_strcmp(tbd, "--all") == 0) {
lock_basic_lock(&engine->zonelist->zl_lock);
zl_changed = zonelist_update(engine->zonelist,
engine->config->zonelist_filename);
if (zl_changed == ODS_STATUS_UNCHANGED) {
(void)snprintf(buf, ODS_SE_MAXLINE, "Zone list has not changed."
" Signer configurations updated.\n");
ods_writen(sockfd, buf, strlen(buf));
} else if (zl_changed == ODS_STATUS_OK) {
(void)snprintf(buf, ODS_SE_MAXLINE, "Zone list updated: %i "
"removed, %i added, %i updated.\n",
engine->zonelist->just_removed,
engine->zonelist->just_added,
engine->zonelist->just_updated);
ods_writen(sockfd, buf, strlen(buf));
} else {
lock_basic_unlock(&engine->zonelist->zl_lock);
(void)snprintf(buf, ODS_SE_MAXLINE, "Zone list has errors.\n");
ods_writen(sockfd, buf, strlen(buf));
}
if (zl_changed == ODS_STATUS_OK ||
zl_changed == ODS_STATUS_UNCHANGED) {
engine->zonelist->just_removed = 0;
engine->zonelist->just_added = 0;
engine->zonelist->just_updated = 0;
lock_basic_unlock(&engine->zonelist->zl_lock);
/**
* Always update the signconf for zones, even if zonelist has
* not changed: ODS_STATUS_OK.
*/
engine_update_zones(engine, ODS_STATUS_OK);
}
return;
} else {
/* look up zone */
lock_basic_lock(&engine->zonelist->zl_lock);
zone = zonelist_lookup_zone_by_name(engine->zonelist, tbd,
LDNS_RR_CLASS_IN);
/* If this zone is just added, don't update (it might not have a
* task yet) */
if (zone && zone->zl_status == ZONE_ZL_ADDED) {
zone = NULL;
}
lock_basic_unlock(&engine->zonelist->zl_lock);
if (!zone) {
(void)snprintf(buf, ODS_SE_MAXLINE, "Error: Zone %s not found.\n",
tbd);
ods_writen(sockfd, buf, strlen(buf));
/* update all */
cmdhandler_handle_cmd_update(sockfd, cmdc, "--all");
return;
}
lock_basic_lock(&zone->zone_lock);
status = zone_reschedule_task(zone, engine->taskq, TASK_SIGNCONF);
lock_basic_unlock(&zone->zone_lock);
if (status != ODS_STATUS_OK) {
(void)snprintf(buf, ODS_SE_MAXLINE, "Error: Unable to reschedule "
"task for zone %s.\n", tbd);
ods_writen(sockfd, buf, strlen(buf));
ods_log_crit("[%s] unable to reschedule task for zone %s: %s",
cmdh_str, zone->name, ods_status2str(status));
} else {
(void)snprintf(buf, ODS_SE_MAXLINE, "Zone %s config being updated.\n",
tbd);
ods_writen(sockfd, buf, strlen(buf));
ods_log_verbose("[%s] zone %s scheduled for immediate update signconf",
cmdh_str, tbd);
engine_wakeup_workers(engine);
}
}
return;
}
/**
* Handle the 'retransfer' command.
*
*/
static void
cmdhandler_handle_cmd_retransfer(int sockfd, cmdhandler_type* cmdc, char* tbd)
{
engine_type* engine = NULL;
char buf[ODS_SE_MAXLINE];
zone_type* zone = NULL;
ods_log_assert(tbd);
ods_log_assert(cmdc);
ods_log_assert(cmdc->engine);
engine = (engine_type*) cmdc->engine;
ods_log_assert(engine->taskq);
/* look up zone */
lock_basic_lock(&engine->zonelist->zl_lock);
zone = zonelist_lookup_zone_by_name(engine->zonelist, tbd,
LDNS_RR_CLASS_IN);
/* If this zone is just added, don't retransfer (it might not have a
* task yet) */
if (zone && zone->zl_status == ZONE_ZL_ADDED) {
zone = NULL;
}
lock_basic_unlock(&engine->zonelist->zl_lock);
if (!zone) {
(void)snprintf(buf, ODS_SE_MAXLINE, "Error: Zone %s not found.\n",
tbd);
ods_writen(sockfd, buf, strlen(buf));
return;
} else if (zone->adinbound->type != ADAPTER_DNS) {
(void)snprintf(buf, ODS_SE_MAXLINE,
"Error: Zone %s not configured to use DNS input adapter.\n",
tbd);
ods_writen(sockfd, buf, strlen(buf));
return;
}
zone->xfrd->serial_retransfer = 1;
xfrd_set_timer_now(zone->xfrd);
ods_log_debug("[%s] forward a notify", cmdh_str);
dnshandler_fwd_notify(engine->dnshandler,
(uint8_t*) ODS_SE_NOTIFY_CMD, strlen(ODS_SE_NOTIFY_CMD));
(void)snprintf(buf, ODS_SE_MAXLINE, "Zone %s being retransferred.\n", tbd);
ods_writen(sockfd, buf, strlen(buf));
ods_log_verbose("[%s] zone %s being retransferred", cmdh_str, tbd);
return;
}
static uint32_t
max(uint32_t a, uint32_t b)
{
return (aengine);
engine = (engine_type*) cmdc->engine;
ods_log_assert(engine->taskq);
if (ods_strcmp(tbd, "--all") == 0) {
lock_basic_lock(&engine->taskq->schedule_lock);
schedule_flush(engine->taskq, TASK_READ);
lock_basic_unlock(&engine->taskq->schedule_lock);
engine_wakeup_workers(engine);
(void)snprintf(buf, ODS_SE_MAXLINE, "All zones scheduled for "
"immediate re-sign.\n");
ods_writen(sockfd, buf, strlen(buf));
ods_log_verbose("[%s] all zones scheduled for immediate re-sign",
cmdh_str);
return;
} else {
char* delim1 = strchr(tbd, ' ');
char* delim2 = NULL;
int force_serial = 0;
uint32_t serial = 0;
if (delim1) {
char* end = NULL;
/** Some trailing text, could it be --serial? */
if (strncmp(delim1+1, "--serial ", 9) != 0) {
(void)snprintf(buf, ODS_SE_MAXLINE, "Error: Expecting "
"--serial , got %s.\n", tbd);
ods_writen(sockfd, buf, strlen(buf));
return;
}
delim2 = strchr(delim1+1, ' ');
if (!delim2) {
(void)snprintf(buf, ODS_SE_MAXLINE, "Error: Expecting serial.\n");
ods_writen(sockfd, buf, strlen(buf));
return;
}
serial = (uint32_t) strtol(delim2+1, &end, 10);
if (*end != '\0') {
(void)snprintf(buf, ODS_SE_MAXLINE, "Error: Expecting serial, "
"got %s.\n", delim2+1);
ods_writen(sockfd, buf, strlen(buf));
return;
}
force_serial = 1;
*delim1 = '\0';
}
lock_basic_lock(&engine->zonelist->zl_lock);
zone = zonelist_lookup_zone_by_name(engine->zonelist, tbd,
LDNS_RR_CLASS_IN);
/* If this zone is just added, don't update (it might not have a task
* yet).
*/
if (zone && zone->zl_status == ZONE_ZL_ADDED) {
zone = NULL;
}
lock_basic_unlock(&engine->zonelist->zl_lock);
if (!zone) {
(void)snprintf(buf, ODS_SE_MAXLINE, "Error: Zone %s not found.\n",
tbd);
ods_writen(sockfd, buf, strlen(buf));
return;
}
lock_basic_lock(&zone->zone_lock);
if (force_serial) {
ods_log_assert(zone->db);
if (!util_serial_gt(serial, max(zone->db->outserial,
zone->db->inbserial))) {
lock_basic_unlock(&zone->zone_lock);
(void)snprintf(buf, ODS_SE_MAXLINE, "Error: Unable to enforce "
"serial %u for zone %s.\n", serial, tbd);
ods_writen(sockfd, buf, strlen(buf));
return;
}
zone->db->altserial = serial;
zone->db->force_serial = 1;
}
status = zone_reschedule_task(zone, engine->taskq, TASK_READ);
lock_basic_unlock(&zone->zone_lock);
if (status != ODS_STATUS_OK) {
(void)snprintf(buf, ODS_SE_MAXLINE, "Error: Unable to reschedule "
"task for zone %s.\n", tbd);
ods_writen(sockfd, buf, strlen(buf));
ods_log_crit("[%s] unable to reschedule task for zone %s: %s",
cmdh_str, zone->name, ods_status2str(status));
} else {
(void)snprintf(buf, ODS_SE_MAXLINE, "Zone %s scheduled for "
"immediate re-sign.\n", tbd);
ods_writen(sockfd, buf, strlen(buf));
ods_log_verbose("[%s] zone %s scheduled for immediate re-sign",
cmdh_str, tbd);
engine_wakeup_workers(engine);
}
}
return;
}
/**
* Unlink backup file.
*
*/
static void
unlink_backup_file(const char* filename, const char* extension)
{
char* tmpname = ods_build_path(filename, extension, 0, 1);
if (tmpname) {
ods_log_debug("[%s] unlink file %s", cmdh_str, tmpname);
unlink(tmpname);
free((void*)tmpname);
}
return;
}
/**
* Handle the 'clear' command.
*
*/
static void
cmdhandler_handle_cmd_clear(int sockfd, cmdhandler_type* cmdc, const char* tbd)
{
ods_status status = ODS_STATUS_OK;
engine_type* engine = NULL;
char buf[ODS_SE_MAXLINE];
zone_type* zone = NULL;
uint32_t inbserial = 0;
uint32_t intserial = 0;
uint32_t outserial = 0;
ods_log_assert(tbd);
ods_log_assert(cmdc);
ods_log_assert(cmdc->engine);
engine = (engine_type*) cmdc->engine;
unlink_backup_file(tbd, ".inbound");
unlink_backup_file(tbd, ".backup");
unlink_backup_file(tbd, ".axfr");
unlink_backup_file(tbd, ".ixfr");
lock_basic_lock(&engine->zonelist->zl_lock);
zone = zonelist_lookup_zone_by_name(engine->zonelist, tbd,
LDNS_RR_CLASS_IN);
lock_basic_unlock(&engine->zonelist->zl_lock);
if (zone) {
lock_basic_lock(&zone->zone_lock);
inbserial = zone->db->inbserial;
intserial = zone->db->intserial;
outserial = zone->db->outserial;
namedb_cleanup(zone->db);
ixfr_cleanup(zone->ixfr);
signconf_cleanup(zone->signconf);
zone->db = namedb_create((void*)zone);
zone->ixfr = ixfr_create((void*)zone);
zone->signconf = signconf_create();
if (!zone->signconf || !zone->ixfr || !zone->db) {
ods_fatal_exit("[%s] unable to clear zone %s: failed to recreate"
"signconf, ixfr of db structure (out of memory?)", cmdh_str, tbd);
return;
}
/* restore serial management */
zone->db->inbserial = inbserial;
zone->db->intserial = intserial;
zone->db->outserial = outserial;
zone->db->have_serial = 1;
status = zone_reschedule_task(zone, engine->taskq, TASK_SIGNCONF);
lock_basic_unlock(&zone->zone_lock);
if (status != ODS_STATUS_OK) {
(void)snprintf(buf, ODS_SE_MAXLINE, "Error: Unable to reschedule "
"task for zone %s.\n", tbd);
ods_log_crit("[%s] unable to reschedule task for zone %s: %s",
cmdh_str, zone->name, ods_status2str(status));
} else {
(void)snprintf(buf, ODS_SE_MAXLINE, "Internal zone information about "
"%s cleared", tbd?tbd:"(null)");
ods_log_info("[%s] internal zone information about %s cleared",
cmdh_str, tbd?tbd:"(null)");
}
} else {
(void)snprintf(buf, ODS_SE_MAXLINE, "Cannot clear zone %s, zone not "
"found", tbd?tbd:"(null)");
ods_log_warning("[%s] cannot clear zone %s, zone not found",
cmdh_str, tbd?tbd:"(null)");
}
ods_writen(sockfd, buf, strlen(buf));
return;
}
/**
* Handle the 'queue' command.
*
*/
static void
cmdhandler_handle_cmd_queue(int sockfd, cmdhandler_type* cmdc)
{
engine_type* engine = NULL;
char* strtime = NULL;
char buf[ODS_SE_MAXLINE];
size_t i = 0;
time_t now = 0;
ldns_rbnode_t* node = LDNS_RBTREE_NULL;
task_type* task = NULL;
ods_log_assert(cmdc);
ods_log_assert(cmdc->engine);
engine = (engine_type*) cmdc->engine;
if (!engine->taskq || !engine->taskq->tasks) {
(void)snprintf(buf, ODS_SE_MAXLINE, "I have no tasks scheduled.\n");
ods_writen(sockfd, buf, strlen(buf));
return;
}
/* current time */
now = time_now();
strtime = ctime(&now);
(void)snprintf(buf, ODS_SE_MAXLINE, "It is now %s",
strtime?strtime:"(null)");
ods_writen(sockfd, buf, strlen(buf));
/* current work */
lock_basic_lock(&engine->taskq->schedule_lock);
for (i=0; i < (size_t) engine->config->num_worker_threads; i++) {
task = engine->workers[i]->task;
if (task) {
(void)snprintf(buf, ODS_SE_MAXLINE, "Working with task %s on "
"zone %s\n",
task_what2str(engine->workers[i]->working_with),
task_who2str(task));
ods_writen(sockfd, buf, strlen(buf));
}
}
/* how many tasks */
(void)snprintf(buf, ODS_SE_MAXLINE, "\nI have %i tasks scheduled.\n",
(int) engine->taskq->tasks->count);
ods_writen(sockfd, buf, strlen(buf));
/* list tasks */
node = ldns_rbtree_first(engine->taskq->tasks);
while (node && node != LDNS_RBTREE_NULL) {
task = (task_type*) node->data;
for (i=0; i < ODS_SE_MAXLINE; i++) {
buf[i] = 0;
}
(void)task2str(task, (char*) &buf[0]);
ods_writen(sockfd, buf, strlen(buf));
node = ldns_rbtree_next(node);
}
lock_basic_unlock(&engine->taskq->schedule_lock);
return;
}
/**
* Handle the 'flush' command.
*
*/
static void
cmdhandler_handle_cmd_flush(int sockfd, cmdhandler_type* cmdc)
{
engine_type* engine = NULL;
char buf[ODS_SE_MAXLINE];
ods_log_assert(cmdc);
ods_log_assert(cmdc->engine);
engine = (engine_type*) cmdc->engine;
ods_log_assert(engine->taskq);
lock_basic_lock(&engine->taskq->schedule_lock);
schedule_flush(engine->taskq, TASK_NONE);
lock_basic_unlock(&engine->taskq->schedule_lock);
engine_wakeup_workers(engine);
(void)snprintf(buf, ODS_SE_MAXLINE, "All tasks scheduled immediately.\n");
ods_writen(sockfd, buf, strlen(buf));
ods_log_verbose("[%s] all tasks scheduled immediately", cmdh_str);
return;
}
/**
* Handle the 'reload' command.
*
*/
static void
cmdhandler_handle_cmd_reload(int sockfd, cmdhandler_type* cmdc)
{
engine_type* engine = NULL;
char buf[ODS_SE_MAXLINE];
ods_log_assert(cmdc);
ods_log_assert(cmdc->engine);
engine = (engine_type*) cmdc->engine;
engine->need_to_reload = 1;
lock_basic_lock(&engine->signal_lock);
lock_basic_alarm(&engine->signal_cond);
lock_basic_unlock(&engine->signal_lock);
(void)snprintf(buf, ODS_SE_MAXLINE, "Reloading engine.\n");
ods_writen(sockfd, buf, strlen(buf));
return;
}
/**
* Handle the 'stop' command.
*
*/
static void
cmdhandler_handle_cmd_stop(int sockfd, cmdhandler_type* cmdc)
{
engine_type* engine = NULL;
char buf[ODS_SE_MAXLINE];
ods_log_assert(cmdc);
ods_log_assert(cmdc->engine);
engine = (engine_type*) cmdc->engine;
engine->need_to_exit = 1;
lock_basic_lock(&engine->signal_lock);
lock_basic_alarm(&engine->signal_cond);
lock_basic_unlock(&engine->signal_lock);
(void)snprintf(buf, ODS_SE_MAXLINE, ODS_SE_STOP_RESPONSE);
ods_writen(sockfd, buf, strlen(buf));
return;
}
/**
* Handle the 'start' command.
*
*/
static void
cmdhandler_handle_cmd_start(int sockfd)
{
char buf[ODS_SE_MAXLINE];
(void)snprintf(buf, ODS_SE_MAXLINE, "Engine already running.\n");
ods_writen(sockfd, buf, strlen(buf));
return;
}
/**
* Handle the 'running' command.
*
*/
static void
cmdhandler_handle_cmd_running(int sockfd)
{
char buf[ODS_SE_MAXLINE];
(void)snprintf(buf, ODS_SE_MAXLINE, "Engine running.\n");
ods_writen(sockfd, buf, strlen(buf));
return;
}
/**
* Handle the 'verbosity' command.
*
*/
static void
cmdhandler_handle_cmd_verbosity(int sockfd, cmdhandler_type* cmdc, int val)
{
engine_type* engine = NULL;
char buf[ODS_SE_MAXLINE];
ods_log_assert(cmdc);
ods_log_assert(cmdc->engine);
engine = (engine_type*) cmdc->engine;
ods_log_assert(engine->config);
ods_log_init(engine->config->log_filename, engine->config->use_syslog,
val);
(void)snprintf(buf, ODS_SE_MAXLINE, "Verbosity level set to %i.\n", val);
ods_writen(sockfd, buf, strlen(buf));
return;
}
/**
* Handle erroneous command.
*
*/
static void
cmdhandler_handle_cmd_error(int sockfd, const char* str)
{
char buf[ODS_SE_MAXLINE];
(void)snprintf(buf, ODS_SE_MAXLINE, "Error: %s.\n", str?str:"(null)");
ods_writen(sockfd, buf, strlen(buf));
return;
}
/**
* Handle unknown command.
*
*/
static void
cmdhandler_handle_cmd_unknown(int sockfd, const char* str)
{
char buf[ODS_SE_MAXLINE];
(void)snprintf(buf, ODS_SE_MAXLINE, "Unknown command %s.\n",
str?str:"(null)");
ods_writen(sockfd, buf, strlen(buf));
return;
}
/**
* Handle not implemented.
*
static void
cmdhandler_handle_cmd_notimpl(int sockfd, const char* str)
{
char buf[ODS_SE_MAXLINE];
(void)snprintf(buf, ODS_SE_MAXLINE, "Command %s not implemented.\n", str);
ods_writen(sockfd, buf, strlen(buf));
return;
}
*/
/**
* Handle client command.
*
*/
static void
cmdhandler_handle_cmd(cmdhandler_type* cmdc)
{
ssize_t n = 0;
int sockfd = 0;
char buf[ODS_SE_MAXLINE];
ods_log_assert(cmdc);
sockfd = cmdc->client_fd;
again:
while ((n = read(sockfd, buf, ODS_SE_MAXLINE)) > 0) {
/* what if this number is smaller than the number of bytes requested? */
buf[n-1] = '\0';
n--;
ods_log_verbose("[%s] received command %s[%i]", cmdh_str, buf, n);
ods_str_trim(buf);
n = strlen(buf);
if (n == 4 && strncmp(buf, "help", n) == 0) {
ods_log_debug("[%s] help command", cmdh_str);
cmdhandler_handle_cmd_help(sockfd);
} else if (n == 5 && strncmp(buf, "zones", n) == 0) {
ods_log_debug("[%s] list zones command", cmdh_str);
cmdhandler_handle_cmd_zones(sockfd, cmdc);
} else if (n >= 4 && strncmp(buf, "sign", 4) == 0) {
ods_log_debug("[%s] sign zone command", cmdh_str);
if (n == 4 || buf[4] == '\0') {
/* NOTE: wouldn't it be nice that we default to --all? */
cmdhandler_handle_cmd_error(sockfd, "sign command needs "
"an argument (either '--all' or a zone name)");
} else if (buf[4] != ' ') {
cmdhandler_handle_cmd_unknown(sockfd, buf);
} else {
cmdhandler_handle_cmd_sign(sockfd, cmdc, &buf[5]);
}
} else if (n >= 5 && strncmp(buf, "clear", 5) == 0) {
ods_log_debug("[%s] clear zone command", cmdh_str);
if (n == 5 || buf[5] == '\0') {
cmdhandler_handle_cmd_error(sockfd, "clear command needs "
"a zone name");
} else if (buf[5] != ' ') {
cmdhandler_handle_cmd_unknown(sockfd, buf);
} else {
cmdhandler_handle_cmd_clear(sockfd, cmdc, &buf[6]);
}
} else if (n == 5 && strncmp(buf, "queue", n) == 0) {
ods_log_debug("[%s] list tasks command", cmdh_str);
cmdhandler_handle_cmd_queue(sockfd, cmdc);
} else if (n == 5 && strncmp(buf, "flush", n) == 0) {
ods_log_debug("[%s] flush tasks command", cmdh_str);
cmdhandler_handle_cmd_flush(sockfd, cmdc);
} else if (n >= 6 && strncmp(buf, "update", 6) == 0) {
ods_log_debug("[%s] update command", cmdh_str);
if (n == 6 || buf[6] == '\0') {
cmdhandler_handle_cmd_update(sockfd, cmdc, "--all");
} else if (buf[6] != ' ') {
cmdhandler_handle_cmd_unknown(sockfd, buf);
} else {
cmdhandler_handle_cmd_update(sockfd, cmdc, &buf[7]);
}
} else if (n == 4 && strncmp(buf, "stop", n) == 0) {
ods_log_debug("[%s] shutdown command", cmdh_str);
cmdhandler_handle_cmd_stop(sockfd, cmdc);
return;
} else if (n == 5 && strncmp(buf, "start", n) == 0) {
ods_log_debug("[%s] start command", cmdh_str);
cmdhandler_handle_cmd_start(sockfd);
} else if (n == 6 && strncmp(buf, "reload", n) == 0) {
ods_log_debug("[%s] reload command", cmdh_str);
cmdhandler_handle_cmd_reload(sockfd, cmdc);
} else if (n == 7 && strncmp(buf, "running", n) == 0) {
ods_log_debug("[%s] running command", cmdh_str);
cmdhandler_handle_cmd_running(sockfd);
} else if (n >= 9 && strncmp(buf, "verbosity", 9) == 0) {
ods_log_debug("[%s] verbosity command", cmdh_str);
if (n == 9 || buf[9] == '\0') {
cmdhandler_handle_cmd_error(sockfd, "verbosity command "
"an argument (verbosity level)");
} else if (buf[9] != ' ') {
cmdhandler_handle_cmd_unknown(sockfd, buf);
} else {
cmdhandler_handle_cmd_verbosity(sockfd, cmdc, atoi(&buf[10]));
}
} else if (n >= 10 && strncmp(buf, "retransfer", 10) == 0) {
ods_log_debug("[%s] retransfer zone command", cmdh_str);
if (n == 10 || buf[10] == '\0') {
cmdhandler_handle_cmd_error(sockfd, "retransfer command needs "
"an argument (a zone name)");
} else if (buf[10] != ' ') {
cmdhandler_handle_cmd_unknown(sockfd, buf);
} else {
cmdhandler_handle_cmd_retransfer(sockfd, cmdc, &buf[11]);
}
} else if (n > 0) {
ods_log_debug("[%s] unknown command", cmdh_str);
cmdhandler_handle_cmd_unknown(sockfd, buf);
}
ods_log_debug("[%s] done handling command %s[%i]", cmdh_str, buf, n);
(void)snprintf(buf, SE_CMDH_CMDLEN, "\ncmd> ");
ods_writen(sockfd, buf, strlen(buf));
}
if (n < 0 && (errno == EINTR || errno == EWOULDBLOCK || errno == EAGAIN) ) {
goto again;
} else if (n < 0 && errno == ECONNRESET) {
ods_log_debug("[%s] done handling client: %s", cmdh_str,
strerror(errno));
} else if (n < 0 ) {
ods_log_error("[%s] read error: %s", cmdh_str, strerror(errno));
}
return;
}
/**
* Accept client.
*
*/
static void*
cmdhandler_accept_client(void* arg)
{
cmdhandler_type* cmdc = (cmdhandler_type*) arg;
ods_thread_blocksigs();
ods_thread_detach(cmdc->thread_id);
ods_log_debug("[%s] accept client %i", cmdh_str, cmdc->client_fd);
cmdhandler_handle_cmd(cmdc);
if (cmdc->client_fd) {
shutdown(cmdc->client_fd, SHUT_RDWR);
close(cmdc->client_fd);
}
free(cmdc);
count--;
return NULL;
}
/**
* Create command handler.
*
*/
cmdhandler_type*
cmdhandler_create(allocator_type* allocator, const char* filename)
{
cmdhandler_type* cmdh = NULL;
struct sockaddr_un servaddr;
int listenfd = 0;
int flags = 0;
int ret = 0;
if (!allocator || !filename) {
return NULL;
}
/* new socket */
ods_log_debug("[%s] create socket %s", cmdh_str, filename);
listenfd = socket(AF_UNIX, SOCK_STREAM, 0);
if (listenfd < 0) {
ods_log_error("[%s] unable to create cmdhandler: "
"socket() failed (%s)", cmdh_str, strerror(errno));
return NULL;
}
/* set it to non-blocking */
flags = fcntl(listenfd, F_GETFL, 0);
if (flags < 0) {
ods_log_error("[%s] unable to create cmdhandler: "
"fcntl(F_GETFL) failed (%s)", cmdh_str, strerror(errno));
close(listenfd);
return NULL;
}
flags |= O_NONBLOCK;
if (fcntl(listenfd, F_SETFL, flags) < 0) {
ods_log_error("[%s] unable to create cmdhandler: "
"fcntl(F_SETFL) failed (%s)", cmdh_str, strerror(errno));
close(listenfd);
return NULL;
}
/* no surprises so far */
if (filename) {
(void)unlink(filename);
}
bzero(&servaddr, sizeof(servaddr));
servaddr.sun_family = AF_UNIX;
strncpy(servaddr.sun_path, filename, sizeof(servaddr.sun_path) - 1);
#ifdef HAVE_SOCKADDR_SUN_LEN
servaddr.sun_len = strlen(servaddr.sun_path);
#endif
/* bind and listen... */
ret = bind(listenfd, (const struct sockaddr*) &servaddr,
SUN_LEN(&servaddr));
if (ret != 0) {
ods_log_error("[%s] unable to create cmdhandler: "
"bind() failed (%s)", cmdh_str, strerror(errno));
close(listenfd);
return NULL;
}
ret = listen(listenfd, ODS_SE_MAX_HANDLERS);
if (ret != 0) {
ods_log_error("[%s] unable to create cmdhandler: "
"listen() failed (%s)", cmdh_str, strerror(errno));
close(listenfd);
return NULL;
}
/* all ok */
cmdh = (cmdhandler_type*) allocator_alloc(allocator,
sizeof(cmdhandler_type));
if (!cmdh) {
ods_log_error("[%s] unable to create cmdhandler: "
"allocator_alloc() failed", cmdh_str);
close(listenfd);
return NULL;
}
cmdh->allocator = allocator;
cmdh->listen_fd = listenfd;
cmdh->listen_addr = servaddr;
cmdh->need_to_exit = 0;
return cmdh;
}
/**
* Start command handler.
*
*/
void
cmdhandler_start(cmdhandler_type* cmdhandler)
{
struct sockaddr_un cliaddr;
socklen_t clilen;
cmdhandler_type* cmdc = NULL;
engine_type* engine = NULL;
fd_set rset;
int connfd = 0;
int ret = 0;
ods_log_assert(cmdhandler);
ods_log_assert(cmdhandler->engine);
ods_log_debug("[%s] start", cmdh_str);
engine = (engine_type*) cmdhandler->engine;
ods_thread_detach(cmdhandler->thread_id);
FD_ZERO(&rset);
while (cmdhandler->need_to_exit == 0) {
clilen = sizeof(cliaddr);
FD_SET(cmdhandler->listen_fd, &rset);
ret = select(cmdhandler->listen_fd+1, &rset, NULL, NULL, NULL);
if (ret < 0) {
if (errno != EINTR && errno != EWOULDBLOCK) {
ods_log_warning("[%s] select() error: %s", cmdh_str,
strerror(errno));
}
continue;
}
if (FD_ISSET(cmdhandler->listen_fd, &rset)) {
connfd = accept(cmdhandler->listen_fd,
(struct sockaddr *) &cliaddr, &clilen);
if (connfd < 0) {
if (errno != EINTR && errno != EWOULDBLOCK) {
ods_log_warning("[%s] accept() error: %s", cmdh_str,
strerror(errno));
}
continue;
}
/* client accepted, create new thread */
cmdc = (cmdhandler_type*) malloc(sizeof(cmdhandler_type));
if (!cmdc) {
ods_log_crit("[%s] unable to create thread for client: "
"malloc() failed", cmdh_str);
cmdhandler->need_to_exit = 1;
break;
}
cmdc->listen_fd = cmdhandler->listen_fd;
cmdc->client_fd = connfd;
cmdc->listen_addr = cmdhandler->listen_addr;
cmdc->engine = cmdhandler->engine;
cmdc->need_to_exit = cmdhandler->need_to_exit;
ods_thread_create(&cmdc->thread_id, &cmdhandler_accept_client,
(void*) cmdc);
count++;
ods_log_debug("[%s] %i clients in progress...", cmdh_str, count);
}
}
ods_log_debug("[%s] shutdown", cmdh_str);
engine = cmdhandler->engine;
engine->cmdhandler_done = 1;
return;
}
/**
* Cleanup command handler.
*
*/
void
cmdhandler_cleanup(cmdhandler_type* cmdhandler)
{
allocator_type* allocator = NULL;
if (!cmdhandler) {
return;
}
allocator = cmdhandler->allocator;
allocator_deallocate(allocator, (void*) cmdhandler);
return;
}
�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������opendnssec-1.4.9/signer/src/daemon/engine.c���������������������������������������������������������0000644�0001750�0001750�00000106223�12650165732�015554� �����������������������������������������������������������������������������������������������������������������������������������������������������������������������������0000000�0000000������������������������������������������������������������������������������������������������������������������������������������������������������������������������/*
* Copyright (c) 2009 NLNet Labs. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
* IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
* WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
* GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
* IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
* OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
* IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
*
*/
/**
* The engine.
*
*/
#include "config.h"
#include "daemon/cfg.h"
#include "daemon/engine.h"
#include "daemon/signal.h"
#include "shared/allocator.h"
#include "shared/duration.h"
#include "shared/file.h"
#include "shared/hsm.h"
#include "shared/locks.h"
#include "shared/log.h"
#include "shared/privdrop.h"
#include "shared/status.h"
#include "shared/util.h"
#include "signer/zonelist.h"
#include "wire/tsig.h"
#include
#include
#include
#include