[Opendnssec-commits] [keihatsu.kirei.se/svn/dnssec] r4054 - trunk/OpenDNSSEC/signer/src/signer

Matthijs Mekking matthijs at nlnetlabs.nl
Tue Oct 5 15:40:00 CEST 2010


Author: matthijs
Date: 2010-10-05 15:40:00 +0200 (Tue, 05 Oct 2010)
New Revision: 4054

Modified:
   trunk/OpenDNSSEC/signer/src/signer/domain.c
   trunk/OpenDNSSEC/signer/src/signer/domain.h
   trunk/OpenDNSSEC/signer/src/signer/rrset.c
   trunk/OpenDNSSEC/signer/src/signer/rrset.h
   trunk/OpenDNSSEC/signer/src/signer/rrsigs.c
   trunk/OpenDNSSEC/signer/src/signer/rrsigs.h
   trunk/OpenDNSSEC/signer/src/signer/zone.c
   trunk/OpenDNSSEC/signer/src/signer/zonedata.c
   trunk/OpenDNSSEC/signer/src/signer/zonedata.h
Log:
recover rrsigs from backup changes




Modified: trunk/OpenDNSSEC/signer/src/signer/domain.c
===================================================================
--- trunk/OpenDNSSEC/signer/src/signer/domain.c	2010-10-05 12:44:20 UTC (rev 4053)
+++ trunk/OpenDNSSEC/signer/src/signer/domain.c	2010-10-05 13:40:00 UTC (rev 4054)
@@ -777,7 +777,7 @@
  */
 int
 domain_recover_rrsig_from_backup(domain_type* domain, ldns_rr* rrsig,
-    ldns_rr_type type_covered)
+    ldns_rr_type type_covered, const char* locator, uint32_t flags)
 {
     rrset_type* rrset = NULL;
 
@@ -791,7 +791,8 @@
     if (type_covered == LDNS_RR_TYPE_NSEC ||
         type_covered == LDNS_RR_TYPE_NSEC3) {
         if (domain->nsec_rrset) {
-            return rrset_recover_rrsig_from_backup(domain->nsec_rrset, rrsig);
+            return rrset_recover_rrsig_from_backup(domain->nsec_rrset, rrsig,
+                locator, flags);
         } else if (type_covered == LDNS_RR_TYPE_NSEC) {
             se_log_error("unable to recover RRSIG to domain: no NSEC RRset");
         } else {
@@ -800,7 +801,8 @@
     } else {
         rrset = domain_lookup_rrset(domain, type_covered);
         if (rrset) {
-            return rrset_recover_rrsig_from_backup(rrset, rrsig);
+            return rrset_recover_rrsig_from_backup(rrset, rrsig,
+                locator, flags);
         } else {
             se_log_error("unable to recover RRSIG to domain: no such RRset");
         }

Modified: trunk/OpenDNSSEC/signer/src/signer/domain.h
===================================================================
--- trunk/OpenDNSSEC/signer/src/signer/domain.h	2010-10-05 12:44:20 UTC (rev 4053)
+++ trunk/OpenDNSSEC/signer/src/signer/domain.h	2010-10-05 13:40:00 UTC (rev 4054)
@@ -215,11 +215,13 @@
  * \param[in] domain domain
  * \param[in] rrsig RRSIG
  * \param[in] type_covered RRtype that is covered by rrsig
+ * \param[in] locator key locator
+ * \param[in] flags key flags
  * \return int 0 on success, 1 on error
  *
  */
 int domain_recover_rrsig_from_backup(domain_type* domain, ldns_rr* rrsig,
-    ldns_rr_type type_covered);
+    ldns_rr_type type_covered, const char* locator, uint32_t flags);
 
 /**
  * Delete RR from domain.

Modified: trunk/OpenDNSSEC/signer/src/signer/rrset.c
===================================================================
--- trunk/OpenDNSSEC/signer/src/signer/rrset.c	2010-10-05 12:44:20 UTC (rev 4053)
+++ trunk/OpenDNSSEC/signer/src/signer/rrset.c	2010-10-05 13:40:00 UTC (rev 4054)
@@ -242,7 +242,8 @@
  *
  */
 int
-rrset_recover_rrsig_from_backup(rrset_type* rrset, ldns_rr* rrsig)
+rrset_recover_rrsig_from_backup(rrset_type* rrset, ldns_rr* rrsig,
+    const char* locator, uint32_t flags)
 {
     int error = 0;
 
@@ -253,7 +254,7 @@
         rrset->rrsigs = rrsigs_create();
     }
 
-    error = rrsigs_add_sig(rrset->rrsigs, rrsig, NULL);
+    error = rrsigs_add_sig(rrset->rrsigs, rrsig, locator, flags);
     if (!error) {
         rrset->rrsig_count += 1;
     } else {
@@ -633,7 +634,8 @@
                     return 1;
                 }
                 /* add the signature to the RRset */
-                error = rrsigs_add_sig(rrset->rrsigs, rrsig, key);
+                error = rrsigs_add_sig(rrset->rrsigs, rrsig, key->locator,
+                    key->flags);
                 if (error) {
                     se_log_error("error adding RRSIG to RRset (%i): %s",
                         rrset->rr_type, ldns_get_errorstr_by_id(status));

Modified: trunk/OpenDNSSEC/signer/src/signer/rrset.h
===================================================================
--- trunk/OpenDNSSEC/signer/src/signer/rrset.h	2010-10-05 12:44:20 UTC (rev 4053)
+++ trunk/OpenDNSSEC/signer/src/signer/rrset.h	2010-10-05 13:40:00 UTC (rev 4054)
@@ -112,10 +112,13 @@
  * Recover RRSIG from backup.
  * \param[in] rrset RRset
  * \param[in] rrsig RRSIG
+ * \param[in] locator key locator
+ * \param[in] flags key flags
  * \return 0 on success, 1 on error
  *
  */
-int rrset_recover_rrsig_from_backup(rrset_type* rrset, ldns_rr* rrsig);
+int rrset_recover_rrsig_from_backup(rrset_type* rrset, ldns_rr* rrsig,
+    const char* locator, uint32_t flags);
 
 /**
  * Sign RRset.

Modified: trunk/OpenDNSSEC/signer/src/signer/rrsigs.c
===================================================================
--- trunk/OpenDNSSEC/signer/src/signer/rrsigs.c	2010-10-05 12:44:20 UTC (rev 4053)
+++ trunk/OpenDNSSEC/signer/src/signer/rrsigs.c	2010-10-05 13:40:00 UTC (rev 4054)
@@ -62,7 +62,8 @@
  *
  */
 int
-rrsigs_add_sig(rrsigs_type* rrsigs, ldns_rr* rr, key_type* key)
+rrsigs_add_sig(rrsigs_type* rrsigs, ldns_rr* rr, const char* locator,
+    uint32_t flags)
 {
     int cmp;
     uint32_t default_ttl = 0;
@@ -75,10 +76,10 @@
 
     if (!rrsigs->rr) {
         rrsigs->rr = rr;
-        if (key) {
-            rrsigs->key_locator = se_strdup(key->locator);
-            rrsigs->key_flags = key->flags;
+        if (locator) {
+            rrsigs->key_locator = se_strdup(locator);
         }
+        rrsigs->key_flags = flags;
         return 0;
     }
 
@@ -89,10 +90,15 @@
 
     if (cmp < 0) {
         if (rrsigs->next) {
-            return rrsigs_add_sig(rrsigs->next, rr, key);
+            return rrsigs_add_sig(rrsigs->next, rr, locator, flags);
         } else {
             new_rrsigs = rrsigs_create();
             new_rrsigs->rr = rr;
+            if (locator) {
+                new_rrsigs->key_locator = se_strdup(locator);
+            }
+            new_rrsigs->key_flags = flags;
+
             rrsigs->next = new_rrsigs;
 
             default_ttl = ldns_rr_ttl(rrsigs->rr);
@@ -112,6 +118,10 @@
 
         rrsigs->rr = rr;
         rrsigs->next = new_rrsigs;
+        if (locator) {
+            rrsigs->key_locator = se_strdup(locator);
+        }
+        rrsigs->key_flags = flags;
 
         default_ttl = ldns_rr_ttl(new_rrsigs->rr);
         if (rr_ttl < default_ttl) {

Modified: trunk/OpenDNSSEC/signer/src/signer/rrsigs.h
===================================================================
--- trunk/OpenDNSSEC/signer/src/signer/rrsigs.h	2010-10-05 12:44:20 UTC (rev 4053)
+++ trunk/OpenDNSSEC/signer/src/signer/rrsigs.h	2010-10-05 13:40:00 UTC (rev 4054)
@@ -58,11 +58,13 @@
  * Add RRSIG to signature set.
  * \param[in] rrsigs signature set
  * \param[in] rr RRSIG record
- * \param[in] key key used to create this signature
+ * \param[in] locator key locator
+ * \param[in] flags key flags
  * \return int 0 on success, 1 on error
  *
  */
-int rrsigs_add_sig(rrsigs_type* rrsigs, ldns_rr* rr, key_type* key);
+int rrsigs_add_sig(rrsigs_type* rrsigs, ldns_rr* rr, const char* locator,
+    uint32_t flags);
 
 /*
  * Clean up signature set.

Modified: trunk/OpenDNSSEC/signer/src/signer/zone.c
===================================================================
--- trunk/OpenDNSSEC/signer/src/signer/zone.c	2010-10-05 12:44:20 UTC (rev 4053)
+++ trunk/OpenDNSSEC/signer/src/signer/zone.c	2010-10-05 13:40:00 UTC (rev 4054)
@@ -636,7 +636,6 @@
     char* filename = NULL;
     time_t start = 0;
     time_t end = 0;
-    const char* end_rr = ". 3600 IN TXT end";
 
     se_log_assert(zone);
     se_log_assert(zone->signconf);
@@ -659,7 +658,6 @@
         if (fd) {
             fprintf(fd, "%s\n", ODS_SE_FILE_MAGIC);
             zonedata_print_rrsig(fd, zone->zonedata);
-            fprintf(fd, "%s\n", end_rr);
             fprintf(fd, "%s\n", ODS_SE_FILE_MAGIC);
             se_fclose(fd);
         } else {
@@ -790,6 +788,9 @@
 zone_recover_rrsigs_from_backup(zone_type* zone, FILE* fd)
 {
     int corrupted = 0;
+    const char* token = NULL;
+    const char* locator = NULL;
+    uint32_t flags = 0;
     ldns_rr* rr = NULL;
     ldns_status status = LDNS_STATUS_OK;
 
@@ -798,19 +799,46 @@
     }
 
     while (!corrupted) {
-        status = ldns_rr_new_frm_fp(&rr, fd, NULL, NULL, NULL);
-        if (status != LDNS_STATUS_OK) {
-            se_log_error("error reading RRSIG from backup");
+        if (backup_read_str(fd, &token)) {
+
+            if (se_strcmp(token, ";RRSIG") == 0) {
+                if (!backup_read_str(fd, &locator) ||
+                    !backup_read_int(fd, &flags)) {
+
+                    se_log_error("error reading key credentials from backup");
+                    corrupted = 1;
+                } else {
+                    status = ldns_rr_new_frm_fp(&rr, fd, NULL, NULL, NULL);
+                   if (status != LDNS_STATUS_OK) {
+                       se_log_error("error reading RRSIG from backup");
+                       corrupted = 1;
+                    } else if (ldns_rr_get_type(rr) != LDNS_RR_TYPE_RRSIG) {
+                       se_log_error("expecting RRtype RRSIG from backup");
+                       corrupted = 1;
+                    } else {
+                       corrupted = zonedata_recover_rrsig_from_backup(
+                           zone->zonedata, rr, locator, flags);
+                    }
+                }
+            } else if (se_strcmp(token, ODS_SE_FILE_MAGIC) == 0) {
+                break;
+            } else {
+                corrupted = 1;
+            }
+        } else {
             corrupted = 1;
-        } else if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_RRSIG) {
-            corrupted = zonedata_recover_rrsig_from_backup(zone->zonedata, rr);
-        } else if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_TXT) {
-            /* perhaps check more? owner = '.', rdata = "end" */
-            break;
         }
+
+        /* reset */
+        if (locator) {
+            se_free((void*) locator);
+            locator = NULL;
+        }
+        flags = 0;
+        status = LDNS_STATUS_OK;
     }
 
-    if (!backup_read_check_str(fd, ODS_SE_FILE_MAGIC)) {
+    if (!corrupted && !backup_read_check_str(fd, ODS_SE_FILE_MAGIC)) {
         corrupted = 1;
     }
     return corrupted;

Modified: trunk/OpenDNSSEC/signer/src/signer/zonedata.c
===================================================================
--- trunk/OpenDNSSEC/signer/src/signer/zonedata.c	2010-10-05 12:44:20 UTC (rev 4053)
+++ trunk/OpenDNSSEC/signer/src/signer/zonedata.c	2010-10-05 13:40:00 UTC (rev 4054)
@@ -1074,7 +1074,8 @@
  *
  */
 int
-zonedata_recover_rrsig_from_backup(zonedata_type* zd, ldns_rr* rrsig)
+zonedata_recover_rrsig_from_backup(zonedata_type* zd, ldns_rr* rrsig,
+    const char* locator, uint32_t flags)
 {
     domain_type* domain = NULL;
     ldns_rr_type type_covered;
@@ -1090,7 +1091,8 @@
         domain = zonedata_lookup_domain(zd, ldns_rr_owner(rrsig));
     }
     if (domain) {
-        return domain_recover_rrsig_from_backup(domain, rrsig, type_covered);
+        return domain_recover_rrsig_from_backup(domain, rrsig, type_covered,
+            locator, flags);
     }
     se_log_error("unable to recover RRSIG to zonedata: domain does not exist");
     return 1;

Modified: trunk/OpenDNSSEC/signer/src/signer/zonedata.h
===================================================================
--- trunk/OpenDNSSEC/signer/src/signer/zonedata.h	2010-10-05 12:44:20 UTC (rev 4053)
+++ trunk/OpenDNSSEC/signer/src/signer/zonedata.h	2010-10-05 13:40:00 UTC (rev 4054)
@@ -175,10 +175,13 @@
  * Recover RRSIG from backup.
  * \param[in] zd zone data
  * \param[in] rrsig RRSIG to add
+ * \param[in] locator key locaotor
+ * \param[in] flags key flags
  * \return int 0 on success, 1 on false
  *
  */
-int zonedata_recover_rrsig_from_backup(zonedata_type* zd, ldns_rr* rrsig);
+int zonedata_recover_rrsig_from_backup(zonedata_type* zd, ldns_rr* rrsig,
+    const char* locator, uint32_t flags);
 
 /**
  * Delete RR from zone data.




More information about the Opendnssec-commits mailing list