[Opendnssec-commits] [keihatsu.kirei.se/svn/dnssec] r4072 - trunk/OpenDNSSEC/signer/src/signer

Matthijs Mekking matthijs at nlnetlabs.nl
Thu Oct 7 16:31:40 CEST 2010


Author: matthijs
Date: 2010-10-07 16:31:40 +0200 (Thu, 07 Oct 2010)
New Revision: 4072

Modified:
   trunk/OpenDNSSEC/signer/src/signer/domain.c
   trunk/OpenDNSSEC/signer/src/signer/domain.h
   trunk/OpenDNSSEC/signer/src/signer/zone.c
   trunk/OpenDNSSEC/signer/src/signer/zonedata.c
   trunk/OpenDNSSEC/signer/src/signer/zonedata.h
Log:
examine zone data (in comments for now)

remove stray data stuff




Modified: trunk/OpenDNSSEC/signer/src/signer/domain.c
===================================================================
--- trunk/OpenDNSSEC/signer/src/signer/domain.c	2010-10-07 14:22:29 UTC (rev 4071)
+++ trunk/OpenDNSSEC/signer/src/signer/domain.c	2010-10-07 14:31:40 UTC (rev 4072)
@@ -263,6 +263,63 @@
 
 
 /**
+ * Examine domain and verify if there is no other data next to a RRset.
+ *
+ */
+int
+domain_examine_rrset_is_alone(domain_type* domain, ldns_rr_type rrtype)
+{
+    ldns_rbnode_t* node = LDNS_RBTREE_NULL;
+    rrset_type* rrset = NULL;
+
+    se_log_assert(domain);
+    se_log_assert(rrtype);
+
+    rrset = domain_lookup_rrset(domain, rrtype);
+    if (rrset) {
+        if (domain_count_rrset(domain) < 2) {
+            /* one or zero, that's ok */
+            return 0;
+        }
+        /* make sure all other RRsets become empty */
+        if (domain->rrsets->root != LDNS_RBTREE_NULL) {
+            node = ldns_rbtree_first(domain->rrsets);
+        }
+        while (node && node != LDNS_RBTREE_NULL) {
+            rrset = (rrset_type*) node->data;
+            if (rrset->rr_type != rrtype && rrset_count_RR(rrset) > 0) {
+                /* found other data next to rrtype */
+                return 1;
+            }
+            node = ldns_rbtree_next(node);
+        }
+    }
+    return 0;
+}
+
+
+/**
+ * Examine domain and verify if the RRset is a singleton.
+ *
+ */
+int
+domain_examine_rrset_is_singleton(domain_type* domain, ldns_rr_type rrtype)
+{
+    rrset_type* rrset = NULL;
+
+    se_log_assert(domain);
+    se_log_assert(rrtype);
+
+    rrset = domain_lookup_rrset(domain, rrtype);
+    if (rrset && rrset_count_RR(rrset) > 1) {
+        /* multiple RRs in the RRset for singleton RRtype*/
+        return 1;
+    }
+    return 0;
+}
+
+
+/**
  * Update domain with pending changes.
  *
  */
@@ -321,8 +378,7 @@
     domain_type* parent = NULL;
 
     se_log_assert(domain);
-    if (domain->domain_status == DOMAIN_STATUS_APEX ||
-        domain->domain_status == DOMAIN_STATUS_STRAY) {
+    if (domain->domain_status == DOMAIN_STATUS_APEX) {
         return;
     }
 
@@ -510,16 +566,13 @@
         if (!domain->nsec_rrset || orig_domain->nsec_bitmap_changed) {
             domain_nsecify_create_bitmap(orig_domain, types, &types_count);
             /* only add RRSIG type if we have authoritative data to sign */
-            if (orig_domain->domain_status != DOMAIN_STATUS_NONE &&
-                orig_domain->domain_status != DOMAIN_STATUS_OCCLUDED &&
-                orig_domain->domain_status != DOMAIN_STATUS_STRAY &&
-                domain_count_rrset(orig_domain) > 0) {
-                if (orig_domain->domain_status == DOMAIN_STATUS_APEX ||
-                    orig_domain->domain_status == DOMAIN_STATUS_AUTH ||
-                    orig_domain->domain_status == DOMAIN_STATUS_DS) {
-                    types[types_count] = LDNS_RR_TYPE_RRSIG;
-                    types_count++;
-                 }
+            if (domain_count_rrset(orig_domain) > 0 &&
+                (orig_domain->domain_status == DOMAIN_STATUS_APEX ||
+                 orig_domain->domain_status == DOMAIN_STATUS_AUTH ||
+                 orig_domain->domain_status == DOMAIN_STATUS_DS)) {
+
+                types[types_count] = LDNS_RR_TYPE_RRSIG;
+                types_count++;
             }
             /* and don't add NSEC3 type... */
         }
@@ -653,8 +706,7 @@
     se_log_assert(stats);
 
     if (domain->domain_status == DOMAIN_STATUS_NONE ||
-        domain->domain_status == DOMAIN_STATUS_OCCLUDED ||
-        domain->domain_status == DOMAIN_STATUS_STRAY) {
+        domain->domain_status == DOMAIN_STATUS_OCCLUDED) {
         return 0;
     }
 
@@ -965,8 +1017,7 @@
             rrset = (rrset_type*) node->data;
             if (rrset->rr_type != LDNS_RR_TYPE_SOA) {
                 if (domain->domain_status == DOMAIN_STATUS_NONE ||
-                    domain->domain_status == DOMAIN_STATUS_OCCLUDED ||
-                    domain->domain_status == DOMAIN_STATUS_STRAY) {
+                    domain->domain_status == DOMAIN_STATUS_OCCLUDED) {
 
                     parent = domain->parent;
                     print_glue = 0;

Modified: trunk/OpenDNSSEC/signer/src/signer/domain.h
===================================================================
--- trunk/OpenDNSSEC/signer/src/signer/domain.h	2010-10-07 14:22:29 UTC (rev 4071)
+++ trunk/OpenDNSSEC/signer/src/signer/domain.h	2010-10-07 14:31:40 UTC (rev 4072)
@@ -53,8 +53,7 @@
 #define DOMAIN_STATUS_ENT_NS    6 /* empty non-terminal to unsigned delegation */
 #define DOMAIN_STATUS_ENT_GLUE  7 /* empty non-terminal to occluded data */
 #define DOMAIN_STATUS_OCCLUDED  8 /* occluded data (glue) */
-#define DOMAIN_STATUS_STRAY     9 /* stray data (outside scope of zone) */
-#define DOMAIN_STATUS_HASH     10 /* hashed domain */
+#define DOMAIN_STATUS_HASH      9 /* hashed domain */
 
 #define SE_NSEC_RDATA_NXT          0
 #define SE_NSEC_RDATA_BITMAP       1
@@ -136,6 +135,24 @@
 int domain_count_rrset(domain_type* domain);
 
 /**
+ * Examine domain and verify if there is no other data next to a RRset.
+ * \param[in] domain domain
+ * \param[in] rrtype RRtype
+ * \retun 0 if the RRset is alone, 1 otherwise
+ *
+ */
+int domain_examine_rrset_is_alone(domain_type* domain, ldns_rr_type rrtype);
+
+/**
+ * Examine domain and verify if the RRset is a singleton.
+ * \param[in] domain domain
+ * \param[in] rrtype RRtype
+ * \retun 0 if the RRset is a singleton, 1 otherwise
+ *
+ */
+int domain_examine_rrset_is_singleton(domain_type* domain, ldns_rr_type rrtype);
+
+/**
  * Update domain with pending changes.
  * \param[in] domain domain
  * \param[in] serial version to update to

Modified: trunk/OpenDNSSEC/signer/src/signer/zone.c
===================================================================
--- trunk/OpenDNSSEC/signer/src/signer/zone.c	2010-10-07 14:22:29 UTC (rev 4071)
+++ trunk/OpenDNSSEC/signer/src/signer/zone.c	2010-10-07 14:31:40 UTC (rev 4072)
@@ -421,9 +421,21 @@
 int
 zone_update_zonedata(zone_type* zone)
 {
+    int error = 0;
+
     se_log_assert(zone);
     se_log_assert(zone->signconf);
     se_log_assert(zone->zonedata);
+
+    /* examine zone data */
+/*
+    error = zonedata_examine(zone->zonedata);
+    if (error) {
+        se_log_error("update zone %s failed: zone data contains errors",
+            zone->name);
+        return error;
+    }
+*/
     return zonedata_update(zone->zonedata, zone->signconf);
 }
 
@@ -487,7 +499,6 @@
     ldns_rr_type type = 0;
     int error = 0;
     int at_apex = 0;
-    int stray = 0;
     uint32_t tmp = 0;
     ldns_rdf* soa_min = NULL;
 
@@ -499,9 +510,9 @@
     /* in-zone? */
     if (ldns_dname_compare(zone->dname, ldns_rr_owner(rr)) != 0 &&
         !ldns_dname_is_subdomain(ldns_rr_owner(rr), zone->dname)) {
-        se_log_warning("zone %s contains out of zone data",
+        se_log_warning("zone %s contains out-of-zone data, skipping",
             zone->name?zone->name:"(null)");
-        stray = 1;
+        return 0;
     } else if (ldns_dname_compare(zone->dname, ldns_rr_owner(rr)) == 0) {
         at_apex = 1;
     }
@@ -539,7 +550,7 @@
     if (recover) {
        error = zonedata_recover_rr_from_backup(zone->zonedata, rr);
     } else {
-       error = zonedata_add_rr(zone->zonedata, rr, at_apex, stray);
+       error = zonedata_add_rr(zone->zonedata, rr, at_apex);
     }
     return error;
 }

Modified: trunk/OpenDNSSEC/signer/src/signer/zonedata.c
===================================================================
--- trunk/OpenDNSSEC/signer/src/signer/zonedata.c	2010-10-07 14:22:29 UTC (rev 4071)
+++ trunk/OpenDNSSEC/signer/src/signer/zonedata.c	2010-10-07 14:31:40 UTC (rev 4072)
@@ -128,8 +128,7 @@
                         current_domain->parent =
                             zonedata_lookup_domain(zd, parent_rdf);
                         se_log_assert(current_domain->parent ||
-                            current_domain->domain_status == DOMAIN_STATUS_APEX ||
-                            current_domain->domain_status == DOMAIN_STATUS_STRAY);
+                            current_domain->domain_status == DOMAIN_STATUS_APEX);
 
                         new_node = domain2node(current_domain);
                         if (!zd->domains) {
@@ -649,7 +648,6 @@
         /* don't do glue-only or empty domains */
         if (domain->domain_status == DOMAIN_STATUS_NONE ||
             domain->domain_status == DOMAIN_STATUS_OCCLUDED ||
-            domain->domain_status == DOMAIN_STATUS_STRAY ||
             domain_count_rrset(domain) <= 0) {
             node = ldns_rbtree_next(node);
             continue;
@@ -668,7 +666,6 @@
             /* don't do glue-only or empty domains */
             if (to->domain_status == DOMAIN_STATUS_NONE ||
                 to->domain_status == DOMAIN_STATUS_OCCLUDED ||
-                to->domain_status == DOMAIN_STATUS_STRAY ||
                 domain_count_rrset(to) <= 0) {
                 node = ldns_rbtree_next(node);
             } else {
@@ -719,7 +716,6 @@
         /* don't do glue-only domains */
         if (domain->domain_status == DOMAIN_STATUS_NONE ||
             domain->domain_status == DOMAIN_STATUS_OCCLUDED ||
-            domain->domain_status == DOMAIN_STATUS_STRAY ||
             domain->domain_status == DOMAIN_STATUS_ENT_GLUE) {
             str = ldns_rdf2str(domain->name);
             se_log_debug("nsecify3: skip glue domain %s", str?str:"(null)");
@@ -959,6 +955,44 @@
 
 
 /**
+ * Examine zone data.
+ *
+ */
+int
+zonedata_examine(zonedata_type* zd)
+{
+    int error = 0;
+    int result = 0;
+    ldns_rbnode_t* node = LDNS_RBTREE_NULL;
+    domain_type* domain = NULL;
+
+    se_log_assert(zd);
+    se_log_assert(zd->domains);
+
+    if (zd->domains->root != LDNS_RBTREE_NULL) {
+        node = ldns_rbtree_first(zd->domains);
+    }
+    while (node && node != LDNS_RBTREE_NULL) {
+        domain = (domain_type*) node->data;
+        result =
+        /* Thou shall not have other data next to CNAME */
+        domain_examine_rrset_is_alone(domain, LDNS_RR_TYPE_CNAME) ||
+        /* Thou shall have at most one CNAME per name */
+        domain_examine_rrset_is_singleton(domain, LDNS_RR_TYPE_CNAME) ||
+        /* Thou shall have at most one DNAME per name */
+        domain_examine_rrset_is_singleton(domain, LDNS_RR_TYPE_DNAME);
+
+        if (result) {
+            error = result;
+        }
+        node = ldns_rbtree_next(node);
+    }
+
+    return error;
+}
+
+
+/**
  * Update zone data with pending changes.
  *
  */
@@ -967,7 +1001,6 @@
 {
     ldns_rbnode_t* node = LDNS_RBTREE_NULL;
     domain_type* domain = NULL;
-    domain_type* parent = NULL;
     int error = 0;
 
     se_log_assert(sc);
@@ -1034,7 +1067,7 @@
  *
  */
 int
-zonedata_add_rr(zonedata_type* zd, ldns_rr* rr, int at_apex, int stray)
+zonedata_add_rr(zonedata_type* zd, ldns_rr* rr, int at_apex)
 {
     domain_type* domain = NULL;
 
@@ -1055,8 +1088,6 @@
     }
     if (at_apex) {
         domain->domain_status = DOMAIN_STATUS_APEX;
-    } else if (stray) {
-        domain->domain_status = DOMAIN_STATUS_STRAY;
     }
     return domain_add_rr(domain, rr);
 }
@@ -1235,23 +1266,12 @@
         fprintf(fd, "; zone empty\n");
         return;
     }
-
     while (node && node != LDNS_RBTREE_NULL) {
         domain = (domain_type*) node->data;
-        if (domain->domain_status != DOMAIN_STATUS_STRAY) {
-            domain_print(fd, domain);
-        }
+        domain_print(fd, domain);
         node = ldns_rbtree_next(node);
     }
 
-    node = ldns_rbtree_first(zd->domains);
-    while (node && node != LDNS_RBTREE_NULL) {
-        domain = (domain_type*) node->data;
-        if (domain->domain_status == DOMAIN_STATUS_STRAY) {
-            domain_print(fd, domain);
-        }
-        node = ldns_rbtree_next(node);
-    }
     return;
 }
 

Modified: trunk/OpenDNSSEC/signer/src/signer/zonedata.h
===================================================================
--- trunk/OpenDNSSEC/signer/src/signer/zonedata.h	2010-10-07 14:22:29 UTC (rev 4071)
+++ trunk/OpenDNSSEC/signer/src/signer/zonedata.h	2010-10-07 14:31:40 UTC (rev 4072)
@@ -156,11 +156,10 @@
  * \param[in] zd zone data
  * \param[in] rr RR to add
  * \param[in] at_apex if is at apex of the zone
- * \param[in] stray if the rr owner is out of zone
  * \return int 0 on success, 1 on false
  *
  */
-int zonedata_add_rr(zonedata_type* zd, ldns_rr* rr, int at_apex, int stray);
+int zonedata_add_rr(zonedata_type* zd, ldns_rr* rr, int at_apex);
 
 /**
  * Recover RR from backup.




More information about the Opendnssec-commits mailing list