[Opendnssec-commits] [keihatsu.kirei.se/svn/dnssec] r4075 - trunk/OpenDNSSEC/signer/src/signer

Matthijs Mekking matthijs at nlnetlabs.nl
Mon Oct 11 14:20:13 CEST 2010


Author: matthijs
Date: 2010-10-11 14:20:13 +0200 (Mon, 11 Oct 2010)
New Revision: 4075

Modified:
   trunk/OpenDNSSEC/signer/src/signer/zone.c
   trunk/OpenDNSSEC/signer/src/signer/zonedata.c
   trunk/OpenDNSSEC/signer/src/signer/zonedata.h
Log:
examine zonedata



Modified: trunk/OpenDNSSEC/signer/src/signer/zone.c
===================================================================
--- trunk/OpenDNSSEC/signer/src/signer/zone.c	2010-10-11 12:19:43 UTC (rev 4074)
+++ trunk/OpenDNSSEC/signer/src/signer/zone.c	2010-10-11 12:20:13 UTC (rev 4075)
@@ -425,17 +425,17 @@
 
     se_log_assert(zone);
     se_log_assert(zone->signconf);
+    se_log_assert(zone->inbound_adapter);
     se_log_assert(zone->zonedata);
 
     /* examine zone data */
-/*
-    error = zonedata_examine(zone->zonedata);
+    error = zonedata_examine(zone->zonedata,
+        zone->inbound_adapter->type==ADAPTER_FILE);
     if (error) {
         se_log_error("update zone %s failed: zone data contains errors",
             zone->name);
         return error;
     }
-*/
     return zonedata_update(zone->zonedata, zone->signconf);
 }
 

Modified: trunk/OpenDNSSEC/signer/src/signer/zonedata.c
===================================================================
--- trunk/OpenDNSSEC/signer/src/signer/zonedata.c	2010-10-11 12:19:43 UTC (rev 4074)
+++ trunk/OpenDNSSEC/signer/src/signer/zonedata.c	2010-10-11 12:20:13 UTC (rev 4075)
@@ -959,7 +959,7 @@
  *
  */
 int
-zonedata_examine(zonedata_type* zd)
+zonedata_examine(zonedata_type* zd, int is_file)
 {
     int error = 0;
     int result = 0;
@@ -982,6 +982,14 @@
         /* Thou shall have at most one DNAME per name */
         domain_examine_rrset_is_singleton(domain, LDNS_RR_TYPE_DNAME);
 
+        if (!result && is_file) {
+            result =
+            /* Thou shall not have data below DNAME in your zone file */
+            domain_examine_is_occluded(domain, LDNS_RR_TYPE_DNAME) ||
+            /* Thou shall not have non-glue data below NS in your zone file */
+            domain_examine_is_occluded(domain, LDNS_RR_TYPE_NS);
+        }
+
         if (result) {
             error = result;
         }

Modified: trunk/OpenDNSSEC/signer/src/signer/zonedata.h
===================================================================
--- trunk/OpenDNSSEC/signer/src/signer/zonedata.h	2010-10-11 12:19:43 UTC (rev 4074)
+++ trunk/OpenDNSSEC/signer/src/signer/zonedata.h	2010-10-11 12:20:13 UTC (rev 4075)
@@ -143,6 +143,16 @@
     stats_type* stats);
 
 /**
+ * Add empty non-terminals to zone data.
+ * \param[in] zd zone data
+ * \param[in] is_file if the inbound adapter is a zone file
+ *                    (if so, additional checking is required)
+ * \return int 0 if no error examined, 1 otherwise
+ *
+ */
+int zonedata_examine(zonedata_type* zd, int is_file);
+
+/**
  * Update zone data with pending changes.
  * \param[in] zd zone data
  * \param[in] sc signer configuration




More information about the Opendnssec-commits mailing list