[Opendnssec-commits] [keihatsu.kirei.se/svn/dnssec] r3826 - in trunk/OpenDNSSEC/signer/src: daemon signer

Matthijs Mekking matthijs at nlnetlabs.nl
Mon Aug 30 14:20:29 CEST 2010


Author: matthijs
Date: 2010-08-30 14:20:28 +0200 (Mon, 30 Aug 2010)
New Revision: 3826

Modified:
   trunk/OpenDNSSEC/signer/src/daemon/cmdhandler.c
   trunk/OpenDNSSEC/signer/src/signer/signconf.c
   trunk/OpenDNSSEC/signer/src/signer/signconf.h
   trunk/OpenDNSSEC/signer/src/signer/zone.c
Log:
more extensive backup for easy recover

Modified: trunk/OpenDNSSEC/signer/src/daemon/cmdhandler.c
===================================================================
--- trunk/OpenDNSSEC/signer/src/daemon/cmdhandler.c	2010-08-30 09:38:31 UTC (rev 3825)
+++ trunk/OpenDNSSEC/signer/src/daemon/cmdhandler.c	2010-08-30 12:20:28 UTC (rev 3826)
@@ -278,10 +278,18 @@
     se_log_assert(cmdc);
     se_log_assert(cmdc->engine);
 
+    tmpname = se_build_path(tbd, ".sc", 0);
+    unlink(tmpname);
+    se_free((void*)tmpname);
+
     tmpname = se_build_path(tbd, ".unsorted", 0);
     unlink(tmpname);
     se_free((void*)tmpname);
 
+    tmpname = se_build_path(tbd, ".dnskeys", 0);
+    unlink(tmpname);
+    se_free((void*)tmpname);
+
     tmpname = se_build_path(tbd, ".denial", 0);
     unlink(tmpname);
     se_free((void*)tmpname);
@@ -290,6 +298,10 @@
     unlink(tmpname);
     se_free((void*)tmpname);
 
+    tmpname = se_build_path(tbd, ".finalized", 0);
+    unlink(tmpname);
+    se_free((void*)tmpname);
+
     (void)snprintf(buf, ODS_SE_MAXLINE, "Internal information about "
         "%s cleared", tbd?tbd:"(null)");
     se_writen(sockfd, buf, strlen(buf));

Modified: trunk/OpenDNSSEC/signer/src/signer/signconf.c
===================================================================
--- trunk/OpenDNSSEC/signer/src/signer/signconf.c	2010-08-30 09:38:31 UTC (rev 3825)
+++ trunk/OpenDNSSEC/signer/src/signer/signconf.c	2010-08-30 12:20:28 UTC (rev 3826)
@@ -137,7 +137,85 @@
 }
 
 
+
 /**
+ * Backup duration.
+ *
+ */
+static void
+signconf_backup_duration(FILE* fd, const char* opt, duration_type* duration)
+{
+    char* str = duration2string(duration);
+    fprintf(fd, "; %s: %s\n", opt, str);
+    se_free((void*) str);
+    return;
+}
+
+
+
+/**
+ * Backup signconf values.
+ *
+ */
+void
+signconf_backup(signconf_type* sc)
+{
+    FILE* fd = NULL;
+    char* filename = NULL;
+
+    se_log_assert(sc);
+
+    filename = se_build_path(sc->name, ".sc", 0);
+    fd = se_fopen(filename, NULL, "w");
+    if (fd) {
+        fprintf(fd, ";%s\n", ODS_SE_FILE_MAGIC);
+        fprintf(fd, "; name: %s\n", sc->name?sc->name:"(null)");
+        fprintf(fd, "; filename: %s\n", sc->filename?sc->filename:"(null)");
+        fprintf(fd, "; last_modified: %u\n", (uint32_t) sc->last_modified);
+
+        signconf_backup_duration(fd, "sig_resign_interval",
+            sc->sig_resign_interval);
+        signconf_backup_duration(fd, "sig_refresh_interval",
+            sc->sig_refresh_interval);
+        signconf_backup_duration(fd, "sig_validity_default",
+            sc->sig_validity_default);
+        signconf_backup_duration(fd, "sig_validity_denial",
+            sc->sig_validity_denial);
+        signconf_backup_duration(fd, "sig_jitter",
+            sc->sig_jitter);
+        signconf_backup_duration(fd, "sig_inception_offset",
+            sc->sig_inception_offset);
+
+        fprintf(fd, "; nsec_type: %u\n", (unsigned int) sc->nsec_type);
+        if (sc->nsec_type == LDNS_RR_TYPE_NSEC3) {
+            fprintf(fd, "nsec3_optout: %i\n", sc->nsec3_optout);
+            fprintf(fd, "nsec3_algo: %u\n", sc->nsec3_algo);
+            fprintf(fd, "nsec3_iterations: %u\n", sc->nsec3_iterations);
+            fprintf(fd, "nsec3_salt: %s\n", sc->nsec3_salt?sc->nsec3_salt:"-");
+        }
+
+        signconf_backup_duration(fd, "dnskey_ttl", sc->dnskey_ttl);
+        /** Keys are backed up in .dnskeys */
+
+        signconf_backup_duration(fd, "soa_ttl", sc->soa_ttl);
+        signconf_backup_duration(fd, "soa_min", sc->soa_min);
+        fprintf(fd, "; soa_serial: %s\n",
+            sc->soa_serial?sc->soa_serial:"(null)");
+
+        fprintf(fd, "; audit: %i\n", sc->audit);
+
+        fprintf(fd, ";%s\n", ODS_SE_FILE_MAGIC);
+        se_fclose(fd);
+    } else {
+        se_log_warning("cannot backup signconf: cannot open file "
+        "%s for writing", filename?filename:"(null)");
+    }
+    se_free((void*) filename);
+    return;
+}
+
+
+/**
  * Check the SOA/Serial type.
  *
  */

Modified: trunk/OpenDNSSEC/signer/src/signer/signconf.h
===================================================================
--- trunk/OpenDNSSEC/signer/src/signer/signconf.h	2010-08-30 09:38:31 UTC (rev 3825)
+++ trunk/OpenDNSSEC/signer/src/signer/signconf.h	2010-08-30 12:20:28 UTC (rev 3826)
@@ -92,6 +92,13 @@
 signconf_type* signconf_read(const char* filename, time_t last_modified);
 
 /**
+ * Backup signer configuration.
+ * \param sc signer configuration settings
+ *
+ */
+void signconf_backup(signconf_type* sc);
+
+/**
  * Check signer configuration.
  * \param sc signer configuration settings
  * \return 0 on success, 1 on fail

Modified: trunk/OpenDNSSEC/signer/src/signer/zone.c
===================================================================
--- trunk/OpenDNSSEC/signer/src/signer/zone.c	2010-08-30 09:38:31 UTC (rev 3825)
+++ trunk/OpenDNSSEC/signer/src/signer/zone.c	2010-08-30 12:20:28 UTC (rev 3826)
@@ -208,6 +208,8 @@
         zone->signconf->name = zone->name;
         se_log_debug("zone %s now has signconf",
             zone->name?zone->name:"(null)");
+        signconf_backup(zone->signconf);
+
         /* zone state? */
         /* create task for new zone */
         now = time_now();
@@ -236,6 +238,7 @@
         zone->signconf->name = zone->name;
         se_log_debug("zone %s signconf updated",
             zone->name?zone->name:"(null)");
+        signconf_backup(zone->signconf);
         if (buf) {
             (void)snprintf(buf, ODS_SE_MAXLINE,
                 "Zone %s config updated.\n", zone->name?zone->name:"(null)");
@@ -298,6 +301,14 @@
                     key->locator?key->locator:"(null)");
                 break;
             } else if (fd) {
+                fprintf(fd, "; DNSKEY\n");
+                fprintf(fd, "; locator: %s\n",
+                    key->locator?key->locator:"(null)");
+                fprintf(fd, "; algorithm: %u\n", key->algorithm);
+                fprintf(fd, "; flags: %u\n", key->flags);
+                fprintf(fd, "; publish: %i\n", key->publish);
+                fprintf(fd, "; ksk: %i\n", key->ksk);
+                fprintf(fd, "; zsk: %i\n", key->zsk);
                 ldns_rr_print(fd, dnskey);
             }
         }
@@ -351,6 +362,11 @@
         se_log_error("error adding NSEC3PARAMS record to zone %s",
             zone->name?zone->name:"(null)");
     } else if (fd) {
+        fprintf(fd, "; NSEC3PARAMS\n");
+        fprintf(fd, "; salt: %s\n", zone->signconf->nsec3_salt);
+        fprintf(fd, "; algorithm: %u\n", zone->nsec3params->algorithm);
+        fprintf(fd, "; flags: %u\n", zone->nsec3params->flags);
+        fprintf(fd, "; iterations: %u\n", zone->nsec3params->iterations);
         ldns_rr_print(fd, nsec3params_rr);
     }
     return error;




More information about the Opendnssec-commits mailing list