[Opendnssec-commits] matthijs r7149 - in branches/OpenDNSSEC-1.4/signer: doc man src/adapter src/daemon src/signer

commits at svn.opendnssec.org commits at svn.opendnssec.org
Wed Jun 12 10:33:21 CEST 2013


Author: matthijs
Date: Wed Jun 12 10:33:21 2013
New Revision: 7149
URL: http://fisheye.opendnssec.org/changelog/opendnssec?cs=7149

Log:
OPENDNSSEC-401: SUPPORT-58: Extend ods-signer sign <zone> with --serial <nr>
so that the user can specify the SOA serial to use in the signed zone.

Modified:
   branches/OpenDNSSEC-1.4/signer/doc/Changelog
   branches/OpenDNSSEC-1.4/signer/man/ods-signer.8.in
   branches/OpenDNSSEC-1.4/signer/src/adapter/adapi.c
   branches/OpenDNSSEC-1.4/signer/src/daemon/cmdhandler.c
   branches/OpenDNSSEC-1.4/signer/src/signer/namedb.c
   branches/OpenDNSSEC-1.4/signer/src/signer/namedb.h
   branches/OpenDNSSEC-1.4/signer/src/signer/zone.c

Modified: branches/OpenDNSSEC-1.4/signer/doc/Changelog
==============================================================================
--- branches/OpenDNSSEC-1.4/signer/doc/Changelog	Tue Jun 11 16:11:43 2013	(r7148)
+++ branches/OpenDNSSEC-1.4/signer/doc/Changelog	Wed Jun 12 10:33:21 2013	(r7149)
@@ -1,3 +1,7 @@
+12 June 2013: Matthijs
+- OPENDNSSEC-401: SUPPORT-58: Extend ods-signer sign <zone> with --serial <nr>
+  so that the user can specify the SOA serial to use in the signed zone.
+
 10 June 2013: Matthijs
 - Bugfix: Fix malform in Outbound IXFR/TCP subsequent packet (thanks Stuart
   Lau).

Modified: branches/OpenDNSSEC-1.4/signer/man/ods-signer.8.in
==============================================================================
--- branches/OpenDNSSEC-1.4/signer/man/ods-signer.8.in	Tue Jun 11 16:11:43 2013	(r7148)
+++ branches/OpenDNSSEC-1.4/signer/man/ods-signer.8.in	Wed Jun 12 10:33:21 2013	(r7149)
@@ -19,7 +19,7 @@
 .I running
 |
 .I sign 
-.IR <zone>
+.IR <zone> [ \-\-serial <number> ]
 |
 .I sign \-\-all 
 |

Modified: branches/OpenDNSSEC-1.4/signer/src/adapter/adapi.c
==============================================================================
--- branches/OpenDNSSEC-1.4/signer/src/adapter/adapi.c	Tue Jun 11 16:11:43 2013	(r7148)
+++ branches/OpenDNSSEC-1.4/signer/src/adapter/adapi.c	Wed Jun 12 10:33:21 2013	(r7149)
@@ -235,7 +235,8 @@
         return ODS_STATUS_OK;
     }
     tmp = ldns_rdf2native_int32(ldns_rr_rdf(rr, SE_SOA_RDATA_SERIAL));
-    status = namedb_update_serial(zone->db, zone->signconf->soa_serial, tmp);
+    status = namedb_update_serial(zone->db, zone->name,
+        zone->signconf->soa_serial, tmp);
     if (status != ODS_STATUS_OK) {
         ods_log_error("[%s] unable to add soa to zone %s: failed to replace "
             "soa serial rdata (%s)", adapi_str, zone->name,

Modified: branches/OpenDNSSEC-1.4/signer/src/daemon/cmdhandler.c
==============================================================================
--- branches/OpenDNSSEC-1.4/signer/src/daemon/cmdhandler.c	Tue Jun 11 16:11:43 2013	(r7148)
+++ branches/OpenDNSSEC-1.4/signer/src/daemon/cmdhandler.c	Wed Jun 12 10:33:21 2013	(r7149)
@@ -215,6 +215,7 @@
         if (!zone) {
             (void)snprintf(buf, ODS_SE_MAXLINE, "Zone %s not found.\n",
                 tbd);
+        lock_basic_lock(&zone->zone_lock);
             ods_writen(sockfd, buf, strlen(buf));
             /* update all */
             cmdhandler_handle_cmd_update(sockfd, cmdc, "--all");
@@ -321,10 +322,15 @@
         lock_basic_lock(&zone->zone_lock);
         if (force_serial) {
             ods_log_assert(zone->db);
+            if (!util_serial_gt(serial, zone->db->intserial)) {
+                lock_basic_unlock(&zone->zone_lock);
+                (void)snprintf(buf, ODS_SE_MAXLINE, "Error: Unable to enforce "
+                    "serial %u for zone %s.\n", serial, tbd);
+                ods_writen(sockfd, buf, strlen(buf));
+                return;
+            }
             zone->db->altserial = serial;
             zone->db->force_serial = 1;
-            ods_log_info("[%s] enforcing serial %u on zone %s", cmdh_str,
-                serial, zone->name);
         }
         status = zone_reschedule_task(zone, engine->taskq, TASK_READ);
         lock_basic_unlock(&zone->zone_lock);

Modified: branches/OpenDNSSEC-1.4/signer/src/signer/namedb.c
==============================================================================
--- branches/OpenDNSSEC-1.4/signer/src/signer/namedb.c	Tue Jun 11 16:11:43 2013	(r7148)
+++ branches/OpenDNSSEC-1.4/signer/src/signer/namedb.c	Wed Jun 12 10:33:21 2013	(r7149)
@@ -196,31 +196,41 @@
  *
  */
 ods_status
-namedb_update_serial(namedb_type* db, const char* format,
+namedb_update_serial(namedb_type* db, const char* zone_name, const char* format,
     uint32_t inbound_serial)
 {
     uint32_t soa = 0;
     uint32_t prev = 0;
     uint32_t update = 0;
-    if (!db || !format) {
+    if (!db || !format || !zone_name) {
         return ODS_STATUS_ASSERT_ERR;
     }
     prev = max(db->outserial, inbound_serial);
     if (!db->is_initialized) {
         prev = inbound_serial;
     }
-    ods_log_debug("[%s] update serial: format=%s "
-        "in=%u internal=%u out=%u now=%u",
-        db_str, format, db->inbserial, db->intserial, db->outserial,
-        (uint32_t) time_now());
-
-    if (ods_strcmp(format, "unixtime") == 0) {
+    ods_log_debug("[%s] zone %s update serial: format=%s in=%u internal=%u "
+        "out=%u now=%u", db_str, zone_name, format, db->inbserial,
+        db->intserial, db->outserial, (uint32_t) time_now());
+    if (db->force_serial) {
+        soa = db->altserial;
+        if (!util_serial_gt(soa, prev)) {
+            ods_log_warning("[%s] zone %s unable to enforce serial: %u does not "
+                " increase %u. Serial set to %u", db_str, zone_name, soa, prev,
+                (prev+1));
+            soa = prev + 1;
+        } else {
+            ods_log_info("[%s] zone %s enforcing serial %u", db_str, zone_name,
+                soa);
+        }
+        db->force_serial = 0;
+    } else if (ods_strcmp(format, "unixtime") == 0) {
         soa = (uint32_t) time_now();
         if (!util_serial_gt(soa, prev)) {
             if (!db->is_initialized) {
-                ods_log_warning("[%s] unable to use unixtime as serial: %u "
-                    "does not increase %u. Serial set to %u", db_str, soa, prev,
-                    (prev+1));
+                ods_log_warning("[%s] zone %s unable to use unixtime as serial: "
+                    "%u does not increase %u. Serial set to %u", db_str,
+                    zone_name, soa, prev, (prev+1));
             }
             soa = prev + 1;
         }
@@ -228,9 +238,9 @@
         soa = (uint32_t) time_datestamp(0, "%Y%m%d", NULL) * 100;
         if (!util_serial_gt(soa, prev)) {
             if (!db->is_initialized) {
-                ods_log_warning("[%s] unable to use datecounter as serial: %u "
-                    "does not increase %u. Serial set to %u", db_str, soa, prev,
-                    (prev+1));
+                ods_log_warning("[%s] zone %s unable to use datecounter as "
+                    "serial: %u does not increase %u. Serial set to %u", db_str,
+                    zone_name, soa, prev, (prev+1));
             }
             soa = prev + 1;
         }
@@ -243,12 +253,14 @@
         prev = db->outserial;
         soa = inbound_serial;
         if (db->is_initialized && !util_serial_gt(soa, prev)) {
-            ods_log_error("[%s] cannot keep SOA SERIAL from input zone "
-                " (%u): previous output SOA SERIAL is %u", db_str, soa, prev);
+            ods_log_error("[%s] zone %s cannot keep SOA SERIAL from input zone "
+                " (%u): previous output SOA SERIAL is %u", db_str, zone_name,
+                soa, prev);
             return ODS_STATUS_CONFLICT_ERR;
         }
     } else {
-        ods_log_error("[%s] unknown serial type %s", db_str, format);
+        ods_log_error("[%s] zone %s unknown serial type %s", db_str, zone_name,
+            format);
         return ODS_STATUS_ERR;
     }
     /* serial is stored in 32 bits */
@@ -261,8 +273,8 @@
     } else {
         db->intserial += update; /* automatically does % 2^32 */
     }
-    ods_log_debug("[%s] update serial: %u + %u = %u", db_str, prev, update,
-        db->intserial);
+    ods_log_debug("[%s] zone %s update serial: %u + %u = %u", db_str, zone_name,
+        prev, update, db->intserial);
     return ODS_STATUS_OK;
 }
 

Modified: branches/OpenDNSSEC-1.4/signer/src/signer/namedb.h
==============================================================================
--- branches/OpenDNSSEC-1.4/signer/src/signer/namedb.h	Tue Jun 11 16:11:43 2013	(r7148)
+++ branches/OpenDNSSEC-1.4/signer/src/signer/namedb.h	Wed Jun 12 10:33:21 2013	(r7149)
@@ -78,13 +78,14 @@
 /**
  * Determine new SOA SERIAL.
  * \param[in] db namedb
+ * \param[in] zone_name zone name
  * \param[in] format <SOA><Serial> format from signer configuration
  * \param[in] inbound_serial inbound serial
  * \return ods_status status
  *
  */
-ods_status namedb_update_serial(namedb_type* db, const char* format,
-    uint32_t inbound_serial);
+ods_status namedb_update_serial(namedb_type* db, const char* zone_name,
+    const char* format, uint32_t inbound_serial);
 
 /**
  * Add empty non-terminals for domain.

Modified: branches/OpenDNSSEC-1.4/signer/src/signer/zone.c
==============================================================================
--- branches/OpenDNSSEC-1.4/signer/src/signer/zone.c	Tue Jun 11 16:11:43 2013	(r7148)
+++ branches/OpenDNSSEC-1.4/signer/src/signer/zone.c	Wed Jun 12 10:33:21 2013	(r7149)
@@ -456,8 +456,8 @@
             "clone soa rr", zone_str, zone->name);
         return ODS_STATUS_ERR;
     }
-    status = namedb_update_serial(zone->db, zone->signconf->soa_serial,
-        zone->db->inbserial);
+    status = namedb_update_serial(zone->db, zone->name,
+        zone->signconf->soa_serial, zone->db->inbserial);
     if (status != ODS_STATUS_OK) {
         ods_log_error("[%s] unable to update zone %s soa serial: %s",
             zone_str, zone->name, ods_status2str(status));



More information about the Opendnssec-commits mailing list