OpenDNSSEC-signer  1.4.10
zone.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2009 NLNet Labs. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  * notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  * notice, this list of conditions and the following disclaimer in the
11  * documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
15  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
17  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
19  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
20  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
21  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
22  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
23  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  *
25  */
26 
32 #include "adapter/adapter.h"
33 #include "shared/allocator.h"
34 #include "shared/file.h"
35 #include "shared/hsm.h"
36 #include "shared/locks.h"
37 #include "shared/log.h"
38 #include "shared/status.h"
39 #include "shared/util.h"
40 #include "signer/backup.h"
41 #include "signer/zone.h"
42 #include "wire/netio.h"
43 
44 #include <ldns/ldns.h>
45 
46 static const char* zone_str = "zone";
47 
48 
53 zone_type*
54 zone_create(char* name, ldns_rr_class klass)
55 {
56  allocator_type* allocator = NULL;
57  zone_type* zone = NULL;
58 
59  if (!name || !klass) {
60  return NULL;
61  }
62  allocator = allocator_create(malloc, free);
63  if (!allocator) {
64  ods_log_error("[%s] unable to create zone %s: allocator_create() "
65  "failed", zone_str, name);
66  return NULL;
67  }
68  zone = (zone_type*) allocator_alloc(allocator, sizeof(zone_type));
69  if (!zone) {
70  ods_log_error("[%s] unable to create zone %s: allocator_alloc()",
71  "failed", zone_str, name);
72  allocator_cleanup(allocator);
73  return NULL;
74  }
75  zone->allocator = allocator;
76  /* [start] PS 9218653: Drop trailing dot in domain name */
77  if (strlen(name) > 1 && name[strlen(name)-1] == '.') {
78  name[strlen(name)-1] = '\0';
79  }
80  /* [end] PS 9218653 */
81  zone->name = allocator_strdup(allocator, name);
82  if (!zone->name) {
83  ods_log_error("[%s] unable to create zone %s: allocator_strdup() "
84  "failed", zone_str, name);
85  zone_cleanup(zone);
86  return NULL;
87  }
88  zone->klass = klass;
89  zone->default_ttl = 3600; /* TODO: configure --default-ttl option? */
90  zone->apex = ldns_dname_new_frm_str(name);
91  /* check zone->apex? */
92  zone->notify_command = NULL;
93  zone->notify_ns = NULL;
94  zone->notify_args = NULL;
95  zone->policy_name = NULL;
96  zone->signconf_filename = NULL;
97  zone->adinbound = NULL;
98  zone->adoutbound = NULL;
99  zone->zl_status = ZONE_ZL_OK;
100  zone->task = NULL;
101  zone->xfrd = NULL;
102  zone->notify = NULL;
103  zone->db = namedb_create((void*)zone);
104  if (!zone->db) {
105  ods_log_error("[%s] unable to create zone %s: namedb_create() "
106  "failed", zone_str, name);
107  zone_cleanup(zone);
108  return NULL;
109  }
110  zone->ixfr = ixfr_create((void*)zone);
111  if (!zone->ixfr) {
112  ods_log_error("[%s] unable to create zone %s: ixfr_create() "
113  "failed", zone_str, name);
114  zone_cleanup(zone);
115  return NULL;
116  }
117  zone->signconf = signconf_create();
118  if (!zone->signconf) {
119  ods_log_error("[%s] unable to create zone %s: signconf_create() "
120  "failed", zone_str, name);
121  zone_cleanup(zone);
122  return NULL;
123  }
124  zone->stats = stats_create();
125  lock_basic_init(&zone->zone_lock);
126  lock_basic_init(&zone->xfr_lock);
127  return zone;
128 }
129 
130 
137 {
138  ods_status status = ODS_STATUS_OK;
139  signconf_type* signconf = NULL;
140  char* datestamp = NULL;
141 
142  if (!zone || !zone->name || !zone->signconf) {
143  return ODS_STATUS_ASSERT_ERR;
144  }
145  if (!zone->signconf_filename) {
146  ods_log_warning("[%s] zone %s has no signconf filename, treat as "
147  "insecure?", zone_str, zone->name);
148  return ODS_STATUS_INSECURE;
149  }
150  status = signconf_update(&signconf, zone->signconf_filename,
151  zone->signconf->last_modified);
152  if (status == ODS_STATUS_OK) {
153  if (!signconf) {
154  /* this is unexpected */
155  ods_log_alert("[%s] unable to load signconf for zone %s: signconf "
156  "status ok but no signconf stored", zone_str, zone->name);
157  return ODS_STATUS_ASSERT_ERR;
158  }
159  (void)time_datestamp(signconf->last_modified, "%Y-%m-%d %T",
160  &datestamp);
161  ods_log_debug("[%s] zone %s signconf file %s is modified since %s",
162  zone_str, zone->name, zone->signconf_filename,
163  datestamp?datestamp:"Unknown");
164  free((void*)datestamp);
165  *new_signconf = signconf;
166  } else if (status == ODS_STATUS_UNCHANGED) {
168  "%Y-%m-%d %T", &datestamp);
169  ods_log_verbose("[%s] zone %s signconf file %s is unchanged since "
170  "%s", zone_str, zone->name, zone->signconf_filename,
171  datestamp?datestamp:"Unknown");
172  free((void*)datestamp);
173  } else {
174  ods_log_error("[%s] unable to load signconf for zone %s: signconf %s "
175  "%s", zone_str, zone->name, zone->signconf_filename,
176  ods_status2str(status));
177  }
178  return status;
179 }
180 
181 
188 {
189  task_type* task = NULL;
190  ods_status status = ODS_STATUS_OK;
191 
192  ods_log_assert(taskq);
193  ods_log_assert(zone);
194  ods_log_assert(zone->name);
195  ods_log_assert(zone->task);
196  ods_log_debug("[%s] reschedule task for zone %s", zone_str, zone->name);
198  task = unschedule_task(taskq, (task_type*) zone->task);
199  if (task != NULL) {
200  if (task->what != what) {
201  task->halted = task->what;
202  task->halted_when = task->when;
203  task->interrupt = what;
204  }
206  if (task->what > what) {
207  task->what = what;
208  }
209  task->when = time_now();
210  status = schedule_task(taskq, task, 0);
211  } else {
212  /* task not queued, being worked on? */
213  ods_log_verbose("[%s] unable to reschedule task for zone %s now: "
214  "task is not queued (task will be rescheduled when it is put "
215  "back on the queue)", zone_str, zone->name);
216  task = (task_type*) zone->task;
217  task->interrupt = what;
218  /* task->halted(_when) set by worker */
219  }
221  zone->task = task;
222  return status;
223 }
224 
225 
232 {
233  hsm_ctx_t* ctx = NULL;
234  uint32_t ttl = 0;
235  uint16_t i = 0;
236  ods_status status = ODS_STATUS_OK;
237  rrset_type* rrset = NULL;
238  rr_type* dnskey = NULL;
239 
240  if (!zone || !zone->db || !zone->signconf || !zone->signconf->keys) {
241  return ODS_STATUS_ASSERT_ERR;
242  }
243  ods_log_assert(zone->name);
244 
245  /* hsm access */
246  ctx = hsm_create_context();
247  if (ctx == NULL) {
248  ods_log_error("[%s] unable to publish keys for zone %s: "
249  "error creating libhsm context", zone_str, zone->name);
250  return ODS_STATUS_HSM_ERR;
251  }
252  /* dnskey ttl */
253  ttl = zone->default_ttl;
254  if (zone->signconf->dnskey_ttl) {
255  ttl = (uint32_t) duration2time(zone->signconf->dnskey_ttl);
256  }
257  /* publish keys */
258  for (i=0; i < zone->signconf->keys->count; i++) {
259  if (!zone->signconf->keys->keys[i].publish) {
260  continue;
261  }
262  if (!zone->signconf->keys->keys[i].dnskey) {
263  /* get dnskey */
264  status = lhsm_get_key(ctx, zone->apex,
265  &zone->signconf->keys->keys[i]);
266  if (status != ODS_STATUS_OK) {
267  ods_log_error("[%s] unable to publish dnskeys for zone %s: "
268  "error creating dnskey", zone_str, zone->name);
269  break;
270  }
271  }
272  ods_log_assert(zone->signconf->keys->keys[i].dnskey);
273  ldns_rr_set_ttl(zone->signconf->keys->keys[i].dnskey, ttl);
274  ldns_rr_set_class(zone->signconf->keys->keys[i].dnskey, zone->klass);
275  status = zone_add_rr(zone, zone->signconf->keys->keys[i].dnskey, 0);
276  if (status == ODS_STATUS_UNCHANGED) {
277  /* rr already exists, adjust pointer */
278  rrset = zone_lookup_rrset(zone, zone->apex, LDNS_RR_TYPE_DNSKEY);
279  ods_log_assert(rrset);
280  dnskey = rrset_lookup_rr(rrset,
281  zone->signconf->keys->keys[i].dnskey);
282  ods_log_assert(dnskey);
283  if (dnskey->rr != zone->signconf->keys->keys[i].dnskey) {
284  ldns_rr_free(zone->signconf->keys->keys[i].dnskey);
285  }
286  zone->signconf->keys->keys[i].dnskey = dnskey->rr;
287  status = ODS_STATUS_OK;
288  } else if (status != ODS_STATUS_OK) {
289  ods_log_error("[%s] unable to publish dnskeys for zone %s: "
290  "error adding dnskey", zone_str, zone->name);
291  break;
292  }
293  }
294  /* done */
295  hsm_destroy_context(ctx);
296  return status;
297 }
298 
299 
304 void
306 {
307  uint16_t i = 0;
308  rrset_type* rrset = NULL;
309  rr_type* dnskey = NULL;
310  if (!zone || !zone->signconf || !zone->signconf->keys) {
311  return;
312  }
313  rrset = zone_lookup_rrset(zone, zone->apex, LDNS_RR_TYPE_DNSKEY);
314  /* unlink dnskey rrs */
315  for (i=0; i < zone->signconf->keys->count; i++) {
316  if (rrset && zone->signconf->keys->keys[i].dnskey) {
317  dnskey = rrset_lookup_rr(rrset,
318  zone->signconf->keys->keys[i].dnskey);
319  if (dnskey && !dnskey->exists &&
320  dnskey->rr == zone->signconf->keys->keys[i].dnskey) {
321  zone->signconf->keys->keys[i].dnskey = NULL;
322  }
323  }
324  }
325  /* done */
326  return;
327 }
328 
329 
336 {
337  rrset_type* rrset = NULL;
338  rr_type* n3prr = NULL;
339  ldns_rr* rr = NULL;
340  ods_status status = ODS_STATUS_OK;
341 
342  if (!zone || !zone->name || !zone->db || !zone->signconf) {
343  return ODS_STATUS_ASSERT_ERR;
344  }
345  if (!zone->signconf->nsec3params) {
346  /* NSEC */
347  ods_log_assert(zone->signconf->nsec_type == LDNS_RR_TYPE_NSEC);
348  return ODS_STATUS_OK;
349  }
350 
351  if (!zone->signconf->nsec3params->rr) {
352  uint32_t paramttl =
353  (uint32_t) duration2time(zone->signconf->nsec3param_ttl);
354  rr = ldns_rr_new_frm_type(LDNS_RR_TYPE_NSEC3PARAMS);
355  if (!rr) {
356  ods_log_error("[%s] unable to publish nsec3params for zone %s: "
357  "error creating rr (%s)", zone_str, zone->name,
358  ods_status2str(status));
359  return ODS_STATUS_MALLOC_ERR;
360  }
361  ldns_rr_set_class(rr, zone->klass);
362  ldns_rr_set_ttl(rr, paramttl);
363  ldns_rr_set_owner(rr, ldns_rdf_clone(zone->apex));
364  ldns_nsec3_add_param_rdfs(rr,
365  zone->signconf->nsec3params->algorithm, 0,
367  zone->signconf->nsec3params->salt_len,
368  zone->signconf->nsec3params->salt_data);
373  ldns_set_bit(ldns_rdf_data(ldns_rr_rdf(rr, 1)), 7, 0);
374  zone->signconf->nsec3params->rr = rr;
375  }
376 
377  /* Delete all nsec3param rrs. */
378  (void) zone_del_nsec3params(zone);
379 
381  status = zone_add_rr(zone, zone->signconf->nsec3params->rr, 0);
382  if (status == ODS_STATUS_UNCHANGED) {
383  /* rr already exists, adjust pointer */
384  rrset = zone_lookup_rrset(zone, zone->apex, LDNS_RR_TYPE_NSEC3PARAMS);
385  ods_log_assert(rrset);
386  n3prr = rrset_lookup_rr(rrset, zone->signconf->nsec3params->rr);
387  ods_log_assert(n3prr);
388  if (n3prr->rr != zone->signconf->nsec3params->rr) {
389  ldns_rr_free(zone->signconf->nsec3params->rr);
390  }
391  zone->signconf->nsec3params->rr = n3prr->rr;
392  status = ODS_STATUS_OK;
393  } else if (status != ODS_STATUS_OK) {
394  ods_log_error("[%s] unable to publish nsec3params for zone %s: "
395  "error adding nsec3params (%s)", zone_str,
396  zone->name, ods_status2str(status));
397  }
398  return status;
399 }
400 
401 
406 void
408 {
409  rrset_type* rrset = NULL;
410  rr_type* n3prr = NULL;
411 
412  if (!zone || !zone->signconf || !zone->signconf->nsec3params) {
413  return;
414  }
415  rrset = zone_lookup_rrset(zone, zone->apex, LDNS_RR_TYPE_NSEC3PARAMS);
416  if (rrset && zone->signconf->nsec3params->rr) {
417  n3prr = rrset_lookup_rr(rrset, zone->signconf->nsec3params->rr);
418  if (n3prr && !n3prr->exists &&
419  n3prr->rr == zone->signconf->nsec3params->rr) {
420  zone->signconf->nsec3params->rr = NULL;
421  }
422  }
423  return;
424 }
425 
426 
433 {
434  hsm_ctx_t* ctx = NULL;
435  uint16_t i = 0;
436  ods_status status = ODS_STATUS_OK;
437 
438  if (!zone || !zone->db || !zone->signconf || !zone->signconf->keys) {
439  return ODS_STATUS_ASSERT_ERR;
440  }
441  ods_log_assert(zone->name);
442  /* hsm access */
443  ctx = hsm_create_context();
444  if (ctx == NULL) {
445  ods_log_error("[%s] unable to prepare signing keys for zone %s: "
446  "error creating libhsm context", zone_str, zone->name);
447  return ODS_STATUS_HSM_ERR;
448  }
449  /* prepare keys */
450  for (i=0; i < zone->signconf->keys->count; i++) {
451  /* get dnskey */
452  status = lhsm_get_key(ctx, zone->apex, &zone->signconf->keys->keys[i]);
453  if (status != ODS_STATUS_OK) {
454  ods_log_error("[%s] unable to prepare signing keys for zone %s: "
455  "error getting dnskey", zone_str, zone->name);
456  break;
457  }
458  ods_log_assert(zone->signconf->keys->keys[i].dnskey);
459  ods_log_assert(zone->signconf->keys->keys[i].params);
460  }
461  /* done */
462  hsm_destroy_context(ctx);
463  return status;
464 }
465 
466 
473 {
474  ods_status status = ODS_STATUS_OK;
475  rrset_type* rrset = NULL;
476  rr_type* soa = NULL;
477  ldns_rr* rr = NULL;
478  ldns_rdf* soa_rdata = NULL;
479 
480  ods_log_assert(zone);
481  ods_log_assert(zone->apex);
482  ods_log_assert(zone->name);
483  ods_log_assert(zone->db);
484  ods_log_assert(zone->signconf);
485 
486  if (zone->db->serial_updated) {
487  /* already done, unmark and return ok */
488  ods_log_debug("[%s] zone %s soa serial already up to date",
489  zone_str, zone->name);
490  zone->db->serial_updated = 0;
491  return ODS_STATUS_OK;
492  }
493  rrset = zone_lookup_rrset(zone, zone->apex, LDNS_RR_TYPE_SOA);
494  if (!rrset || !rrset->rrs || !rrset->rrs[0].rr) {
495  ods_log_error("[%s] unable to update zone %s soa serial: failed to "
496  "find soa rrset", zone_str, zone->name);
497  return ODS_STATUS_ERR;
498  }
499  ods_log_assert(rrset);
500  ods_log_assert(rrset->rrs);
501  ods_log_assert(rrset->rrs[0].rr);
502  rr = ldns_rr_clone(rrset->rrs[0].rr);
503  if (!rr) {
504  ods_log_error("[%s] unable to update zone %s soa serial: failed to "
505  "clone soa rr", zone_str, zone->name);
506  return ODS_STATUS_ERR;
507  }
508  status = namedb_update_serial(zone->db, zone->name,
509  zone->signconf->soa_serial, zone->db->inbserial);
510  if (status != ODS_STATUS_OK) {
511  ods_log_error("[%s] unable to update zone %s soa serial: %s",
512  zone_str, zone->name, ods_status2str(status));
513  if (status == ODS_STATUS_CONFLICT_ERR) {
514  ods_log_error("[%s] If this is the result of a key rollover, "
515  "please increment the serial in the unsigned zone %s",
516  zone_str, zone->name);
517  }
518  ldns_rr_free(rr);
519  return status;
520  }
521  ods_log_verbose("[%s] zone %s set soa serial to %u", zone_str,
522  zone->name, zone->db->intserial);
523  soa_rdata = ldns_rr_set_rdf(rr,
524  ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32,
525  zone->db->intserial), SE_SOA_RDATA_SERIAL);
526  if (soa_rdata) {
527  ldns_rdf_deep_free(soa_rdata);
528  soa_rdata = NULL;
529  } else {
530  ods_log_error("[%s] unable to update zone %s soa serial: failed to "
531  "replace soa serial rdata", zone_str, zone->name);
532  ldns_rr_free(rr);
533  return ODS_STATUS_ERR;
534  }
535  soa = rrset_add_rr(rrset, rr);
536  ods_log_assert(soa);
537  rrset_diff(rrset, 0, 0);
538  zone->db->serial_updated = 0;
539  return ODS_STATUS_OK;
540 }
541 
542 
547 rrset_type*
548 zone_lookup_rrset(zone_type* zone, ldns_rdf* owner, ldns_rr_type type)
549 {
550  domain_type* domain = NULL;
551  if (!zone || !owner || !type) {
552  return NULL;
553  }
554  domain = namedb_lookup_domain(zone->db, owner);
555  if (!domain) {
556  return NULL;
557  }
558  return domain_lookup_rrset(domain, type);
559 }
560 
561 
567 zone_add_rr(zone_type* zone, ldns_rr* rr, int do_stats)
568 {
569  domain_type* domain = NULL;
570  rrset_type* rrset = NULL;
571  rr_type* record = NULL;
572  ods_status status = ODS_STATUS_OK;
573  char* str = NULL;
574  int i;
575 
576  ods_log_assert(rr);
577  ods_log_assert(zone);
578  ods_log_assert(zone->name);
579  ods_log_assert(zone->db);
580  ods_log_assert(zone->signconf);
581  /* If we already have this RR, return ODS_STATUS_UNCHANGED */
582  domain = namedb_lookup_domain(zone->db, ldns_rr_owner(rr));
583  if (!domain) {
584  domain = namedb_add_domain(zone->db, ldns_rr_owner(rr));
585  if (!domain) {
586  ods_log_error("[%s] unable to add RR to zone %s: "
587  "failed to add domain", zone_str, zone->name);
588  return ODS_STATUS_ERR;
589  }
590  if (ldns_dname_compare(domain->dname, zone->apex) == 0) {
591  domain->is_apex = 1;
592  } else {
593  status = namedb_domain_entize(zone->db, domain, zone->apex);
594  if (status != ODS_STATUS_OK) {
595  ods_log_error("[%s] unable to add RR to zone %s: "
596  "failed to entize domain", zone_str, zone->name);
597  return ODS_STATUS_ERR;
598  }
599  }
600  }
601  rrset = domain_lookup_rrset(domain, ldns_rr_get_type(rr));
602  if (!rrset) {
603  rrset = rrset_create(domain->zone, ldns_rr_get_type(rr));
604  if (!rrset) {
605  ods_log_error("[%s] unable to add RR to zone %s: "
606  "failed to add RRset", zone_str, zone->name);
607  return ODS_STATUS_ERR;
608  }
609  domain_add_rrset(domain, rrset);
610  }
611  record = rrset_lookup_rr(rrset, rr);
612  if (record && ldns_rr_ttl(rr) != ldns_rr_ttl(record->rr))
613  record = NULL;
614 
615  if (record) {
616  record->is_added = 1; /* already exists, just mark added */
617  record->is_removed = 0; /* unset is_removed */
618  return ODS_STATUS_UNCHANGED;
619  } else {
620  record = rrset_add_rr(rrset, rr);
621  ods_log_assert(record);
622  ods_log_assert(record->rr);
623  ods_log_assert(record->is_added);
624  if (ldns_rr_ttl(rr) != ldns_rr_ttl(rrset->rrs[0].rr)) {
625  str = ldns_rr2str(rr);
626  str[(strlen(str)) - 1] = '\0';
627  for (i = 0; i < strlen(str); i++) {
628  if (str[i] == '\t') {
629  str[i] = ' ';
630  }
631  }
632  ods_log_error("In zone file %s: TTL for the record '%s' set to %d", zone->name, str, ldns_rr_ttl(rrset->rrs[0].rr));
633  LDNS_FREE(str);
634  }
635  }
636  /* update stats */
637  if (do_stats && zone->stats) {
638  zone->stats->sort_count += 1;
639  }
640  return ODS_STATUS_OK;
641 }
642 
643 
649 zone_del_rr(zone_type* zone, ldns_rr* rr, int do_stats)
650 {
651  domain_type* domain = NULL;
652  rrset_type* rrset = NULL;
653  rr_type* record = NULL;
654  ods_log_assert(rr);
655  ods_log_assert(zone);
656  ods_log_assert(zone->name);
657  ods_log_assert(zone->db);
658  ods_log_assert(zone->signconf);
659  domain = namedb_lookup_domain(zone->db, ldns_rr_owner(rr));
660  if (!domain) {
661  ods_log_warning("[%s] unable to delete RR from zone %s: "
662  "domain not found", zone_str, zone->name);
663  return ODS_STATUS_UNCHANGED;
664  }
665  rrset = domain_lookup_rrset(domain, ldns_rr_get_type(rr));
666  if (!rrset) {
667  ods_log_warning("[%s] unable to delete RR from zone %s: "
668  "RRset not found", zone_str, zone->name);
669  return ODS_STATUS_UNCHANGED;
670  }
671  record = rrset_lookup_rr(rrset, rr);
672  if (!record) {
673  ods_log_error("[%s] unable to delete RR from zone %s: "
674  "RR not found", zone_str, zone->name);
675  return ODS_STATUS_UNCHANGED;
676  }
677 
678  record->is_removed = 1;
679  record->is_added = 0; /* unset is_added */
680  /* update stats */
681  if (do_stats && zone->stats) {
682  zone->stats->sort_count -= 1;
683  }
684  return ODS_STATUS_OK;
685 }
686 
694 {
695  domain_type* domain = NULL;
696  rrset_type* rrset = NULL;
697  int i;
698 
699  ods_log_assert(zone);
700  ods_log_assert(zone->name);
701  ods_log_assert(zone->db);
702 
703  domain = namedb_lookup_domain(zone->db, zone->apex);
704  if (!domain) {
705  ods_log_warning("[%s] unable to delete RR from zone %s: "
706  "domain not found", zone_str, zone->name);
707  return ODS_STATUS_UNCHANGED;
708  }
709 
710  rrset = domain_lookup_rrset(domain, LDNS_RR_TYPE_NSEC3PARAMS);
711  if (!rrset) {
712  ods_log_verbose("[%s] NSEC3PARAM in zone %s not found: "
713  "skipping delete", zone_str, zone->name);
714  return ODS_STATUS_UNCHANGED;
715  }
716 
717  /* We don't actually delete the record as we still need the
718  * information in the IXFR. Just set it as removed. The code
719  * inserting the new record may flip this flag when the record
720  * hasn't changed. */
721  for (i=0; i < rrset->rr_count; i++) {
722  rrset->rrs[i].is_removed = 1;
723  }
724  return ODS_STATUS_OK;
725 }
726 
731 void
733 {
734  const char* str;
735  adapter_type* adtmp = NULL;
736 
737  if (!z1 || !z2) {
738  return;
739  }
740  /* policy name */
741  if (ods_strcmp(z2->policy_name, z1->policy_name) != 0) {
742  if (z2->policy_name) {
743  str = strdup(z2->policy_name);
744  if (!str) {
745  ods_log_error("[%s] failed to merge policy %s name to zone "
746  "%s", zone_str, z2->policy_name, z1->name);
747  } else {
748  free((void*)z1->policy_name);
749  z1->policy_name = str;
751  }
752  } else {
753  free((void*)z1->policy_name);
754  z1->policy_name = NULL;
756  }
757  }
758  /* signconf filename */
759  if (ods_strcmp(z2->signconf_filename, z1->signconf_filename) != 0) {
760  if (z2->signconf_filename) {
761  str = strdup(z2->signconf_filename);
762  if (!str) {
763  ods_log_error("[%s] failed to merge signconf filename %s to "
764  "zone %s", zone_str, z2->policy_name, z1->name);
765  } else {
766  free((void*)z1->signconf_filename);
767  z1->signconf_filename = str;
769  }
770  } else {
771  free((void*)z1->signconf_filename);
772  z1->signconf_filename = NULL;
774  }
775  }
776  /* adapters */
777  if (adapter_compare(z2->adinbound, z1->adinbound) != 0) {
778  adtmp = z2->adinbound;
779  z2->adinbound = z1->adinbound;
780  z1->adinbound = adtmp;
781  adtmp = NULL;
782  }
783  if (adapter_compare(z2->adoutbound, z1->adoutbound) != 0) {
784  adtmp = z2->adoutbound;
785  z2->adoutbound = z1->adoutbound;
786  z1->adoutbound = adtmp;
787  adtmp = NULL;
788  }
789  return;
790 }
791 
792 
797 void
799 {
800  allocator_type* allocator;
801  lock_basic_type zone_lock;
802  lock_basic_type xfr_lock;
803  if (!zone) {
804  return;
805  }
806  allocator = zone->allocator;
807  zone_lock = zone->zone_lock;
808  xfr_lock = zone->xfr_lock;
809  ldns_rdf_deep_free(zone->apex);
810  adapter_cleanup(zone->adinbound);
812  namedb_cleanup(zone->db);
813  ixfr_cleanup(zone->ixfr);
814  xfrd_cleanup(zone->xfrd, 1);
815  notify_cleanup(zone->notify);
816  signconf_cleanup(zone->signconf);
817  stats_cleanup(zone->stats);
818  allocator_deallocate(allocator, (void*) zone->notify_command);
819  allocator_deallocate(allocator, (void*) zone->notify_args);
820  allocator_deallocate(allocator, (void*) zone->policy_name);
821  allocator_deallocate(allocator, (void*) zone->signconf_filename);
822  allocator_deallocate(allocator, (void*) zone->name);
823  allocator_deallocate(allocator, (void*) zone);
824  allocator_cleanup(allocator);
825  lock_basic_destroy(&xfr_lock);
826  lock_basic_destroy(&zone_lock);
827  return;
828 }
829 
830 
837 {
838  char* filename = NULL;
839  FILE* fd = NULL;
840  const char* token = NULL;
841  time_t when = 0;
842  task_type* task = NULL;
843  ods_status status = ODS_STATUS_OK;
844  /* zone part */
845  int klass = 0;
846  uint32_t inbound = 0, internal = 0, outbound = 0;
847  /* signconf part */
848  time_t lastmod = 0;
849  /* nsec3params part */
850  const char* salt = NULL;
851 
852  ods_log_assert(zone);
853  ods_log_assert(zone->name);
854  ods_log_assert(zone->signconf);
855  ods_log_assert(zone->db);
856 
857  filename = ods_build_path(zone->name, ".backup2", 0, 1);
858  if (!filename) {
859  return ODS_STATUS_MALLOC_ERR;
860  }
861  fd = ods_fopen(filename, NULL, "r");
862  if (fd) {
863  /* start recovery */
864  if (!backup_read_check_str(fd, ODS_SE_FILE_MAGIC_V3)) {
865  ods_log_error("[%s] corrupted backup file zone %s: read magic "
866  "error", zone_str, zone->name);
867  goto recover_error2;
868  }
869  if (!backup_read_check_str(fd, ";;Time:") |
870  !backup_read_time_t(fd, &when)) {
871  ods_log_error("[%s] corrupted backup file zone %s: read time "
872  "error", zone_str, zone->name);
873  goto recover_error2;
874  }
875  /* zone stuff */
876  if (!backup_read_check_str(fd, ";;Zone:") |
877  !backup_read_check_str(fd, "name") |
878  !backup_read_check_str(fd, zone->name)) {
879  ods_log_error("[%s] corrupted backup file zone %s: read name "
880  "error", zone_str, zone->name);
881  goto recover_error2;
882  }
883  if (!backup_read_check_str(fd, "class") |
884  !backup_read_int(fd, &klass)) {
885  ods_log_error("[%s] corrupted backup file zone %s: read class "
886  "error", zone_str, zone->name);
887  goto recover_error2;
888  }
889  if (!backup_read_check_str(fd, "inbound") |
890  !backup_read_uint32_t(fd, &inbound) |
891  !backup_read_check_str(fd, "internal") |
892  !backup_read_uint32_t(fd, &internal) |
893  !backup_read_check_str(fd, "outbound") |
894  !backup_read_uint32_t(fd, &outbound)) {
895  ods_log_error("[%s] corrupted backup file zone %s: read serial "
896  "error", zone_str, zone->name);
897  goto recover_error2;
898  }
899  zone->klass = (ldns_rr_class) klass;
900  zone->db->inbserial = inbound;
901  zone->db->intserial = internal;
902  zone->db->outserial = outbound;
903  /* signconf part */
904  if (!backup_read_check_str(fd, ";;Signconf:") |
905  !backup_read_check_str(fd, "lastmod") |
906  !backup_read_time_t(fd, &lastmod) |
907  !backup_read_check_str(fd, "maxzonettl") |
908  !backup_read_check_str(fd, "0") |
909  !backup_read_check_str(fd, "resign") |
911  !backup_read_check_str(fd, "refresh") |
913  !backup_read_check_str(fd, "valid") |
915  !backup_read_check_str(fd, "denial") |
917  !backup_read_check_str(fd, "jitter") |
919  !backup_read_check_str(fd, "offset") |
921  !backup_read_check_str(fd, "nsec") |
922  !backup_read_rr_type(fd, &zone->signconf->nsec_type) |
923  !backup_read_check_str(fd, "dnskeyttl") |
925  !backup_read_check_str(fd, "soattl") |
926  !backup_read_duration(fd, &zone->signconf->soa_ttl) |
927  !backup_read_check_str(fd, "soamin") |
928  !backup_read_duration(fd, &zone->signconf->soa_min) |
929  !backup_read_check_str(fd, "serial") |
930  !backup_read_str(fd, &zone->signconf->soa_serial)) {
931  ods_log_error("[%s] corrupted backup file zone %s: read signconf "
932  "error", zone_str, zone->name);
933  goto recover_error2;
934  }
935  /* nsec3params part */
936  if (zone->signconf->nsec_type == LDNS_RR_TYPE_NSEC3) {
937  if (!backup_read_check_str(fd, ";;Nsec3parameters:") |
938  !backup_read_check_str(fd, "salt") |
939  !backup_read_str(fd, &salt) |
940  !backup_read_check_str(fd, "algorithm") |
942  !backup_read_check_str(fd, "optout") |
943  !backup_read_int(fd, &zone->signconf->nsec3_optout) |
944  !backup_read_check_str(fd, "iterations") |
946  ods_log_error("[%s] corrupted backup file zone %s: read "
947  "nsec3parameters error", zone_str, zone->name);
948  goto recover_error2;
949  }
951  zone->signconf->allocator, salt);
952  free((void*) salt);
953  salt = NULL;
955  (void*) zone->signconf,
956  (uint8_t) zone->signconf->nsec3_algo,
957  (uint8_t) zone->signconf->nsec3_optout,
958  (uint16_t) zone->signconf->nsec3_iterations,
959  zone->signconf->nsec3_salt);
960  if (!zone->signconf->nsec3params) {
961  ods_log_error("[%s] corrupted backup file zone %s: unable to "
962  "create nsec3param", zone_str, zone->name);
963  goto recover_error2;
964  }
965  }
966  zone->signconf->last_modified = lastmod;
967  zone->default_ttl = (uint32_t) duration2time(zone->signconf->soa_min);
968  /* keys part */
969  zone->signconf->keys = keylist_create((void*) zone->signconf);
970  while (backup_read_str(fd, &token)) {
971  if (ods_strcmp(token, ";;Key:") == 0) {
972  if (!key_recover2(fd, zone->signconf->keys)) {
973  ods_log_error("[%s] corrupted backup file zone %s: read "
974  "key error", zone_str, zone->name);
975  goto recover_error2;
976  }
977  } else if (ods_strcmp(token, ";;") == 0) {
978  /* keylist done */
979  free((void*) token);
980  token = NULL;
981  break;
982  } else {
983  /* keylist corrupted */
984  goto recover_error2;
985  }
986  free((void*) token);
987  token = NULL;
988  }
989  /* publish dnskeys */
990  status = zone_publish_dnskeys(zone);
991  if (status != ODS_STATUS_OK) {
992  ods_log_error("[%s] corrupted backup file zone %s: unable to "
993  "publish dnskeys (%s)", zone_str, zone->name,
994  ods_status2str(status));
995  goto recover_error2;
996  }
997  /* publish nsec3param */
998  status = zone_publish_nsec3param(zone);
999  if (status != ODS_STATUS_OK) {
1000  ods_log_error("[%s] corrupted backup file zone %s: unable to "
1001  "publish nsec3param (%s)", zone_str, zone->name,
1002  ods_status2str(status));
1003  goto recover_error2;
1004  }
1005  /* publish other records */
1006  status = backup_read_namedb(fd, zone);
1007  if (status != ODS_STATUS_OK) {
1008  ods_log_error("[%s] corrupted backup file zone %s: unable to "
1009  "read resource records (%s)", zone_str, zone->name,
1010  ods_status2str(status));
1011  goto recover_error2;
1012  }
1013  /* task */
1014  task = task_create(TASK_SIGN, when, (void*) zone);
1015  if (!task) {
1016  ods_log_error("[%s] failed to restore zone %s: unable to "
1017  "create task", zone_str, zone->name);
1018  goto recover_error2;
1019  }
1020  zone->task = (void*) task;
1021  free((void*)filename);
1022  ods_fclose(fd);
1023  zone->db->is_initialized = 1;
1024  zone->db->have_serial = 1;
1025  /* journal */
1026  filename = ods_build_path(zone->name, ".ixfr", 0, 1);
1027  if (filename) {
1028  fd = ods_fopen(filename, NULL, "r");
1029  }
1030  if (fd) {
1031  status = backup_read_ixfr(fd, zone);
1032  if (status != ODS_STATUS_OK) {
1033  ods_log_warning("[%s] corrupted journal file zone %s, "
1034  "skipping (%s)", zone_str, zone->name,
1035  ods_status2str(status));
1036  (void)unlink(filename);
1037  ixfr_cleanup(zone->ixfr);
1038  zone->ixfr = ixfr_create((void*)zone);
1039  }
1040  }
1041  lock_basic_lock(&zone->ixfr->ixfr_lock);
1042  ixfr_purge(zone->ixfr);
1043  lock_basic_unlock(&zone->ixfr->ixfr_lock);
1044 
1045  /* all ok */
1046  free((void*)filename);
1047  if (fd) {
1048  ods_fclose(fd);
1049  }
1050  if (zone->stats) {
1051  lock_basic_lock(&zone->stats->stats_lock);
1052  stats_clear(zone->stats);
1054  }
1055  return ODS_STATUS_OK;
1056  }
1057  return ODS_STATUS_UNCHANGED;
1058 
1059 recover_error2:
1060  free((void*)filename);
1061  ods_fclose(fd);
1062  /* signconf cleanup */
1063  free((void*)salt);
1064  salt = NULL;
1065  signconf_cleanup(zone->signconf);
1066  zone->signconf = signconf_create();
1067  ods_log_assert(zone->signconf);
1068  /* namedb cleanup */
1069  namedb_cleanup(zone->db);
1070  zone->db = namedb_create((void*)zone);
1071  ods_log_assert(zone->db);
1072  /* stats reset */
1073  if (zone->stats) {
1074  lock_basic_lock(&zone->stats->stats_lock);
1075  stats_clear(zone->stats);
1077  }
1078  return ODS_STATUS_ERR;
1079 }
1080 
1081 
1086 ods_status
1088 {
1089  char* filename = NULL;
1090  char* tmpfile = NULL;
1091  FILE* fd = NULL;
1092  task_type* task = NULL;
1093  int ret = 0;
1094  ods_status status = ODS_STATUS_OK;
1095 
1096  ods_log_assert(zone);
1097  ods_log_assert(zone->name);
1098  ods_log_assert(zone->db);
1099  ods_log_assert(zone->signconf);
1100  ods_log_assert(zone->task);
1101 
1102  tmpfile = ods_build_path(zone->name, ".backup2.tmp", 0, 1);
1103  filename = ods_build_path(zone->name, ".backup2", 0, 1);
1104  if (!tmpfile || !filename) {
1105  free(tmpfile);
1106  free(filename);
1107  return ODS_STATUS_MALLOC_ERR;
1108  }
1109  fd = ods_fopen(tmpfile, NULL, "w");
1110  if (fd) {
1111  fprintf(fd, "%s\n", ODS_SE_FILE_MAGIC_V3);
1112  task = (task_type*) zone->task;
1113  fprintf(fd, ";;Time: %u\n", (unsigned) task->when);
1115  fprintf(fd, ";;Zone: name %s class %i inbound %u internal %u "
1116  "outbound %u\n", zone->name, (int) zone->klass,
1117  (unsigned) zone->db->inbserial,
1118  (unsigned) zone->db->intserial,
1119  (unsigned) zone->db->outserial);
1121  signconf_backup(fd, zone->signconf, ODS_SE_FILE_MAGIC_V3);
1123  if (zone->signconf->nsec3params) {
1124  nsec3params_backup(fd,
1125  zone->signconf->nsec3_algo,
1126  zone->signconf->nsec3_optout,
1127  zone->signconf->nsec3_iterations,
1128  zone->signconf->nsec3_salt,
1129  zone->signconf->nsec3params->rr,
1130  ODS_SE_FILE_MAGIC_V3);
1131  }
1133  keylist_backup(fd, zone->signconf->keys, ODS_SE_FILE_MAGIC_V3);
1134  fprintf(fd, ";;\n");
1136  namedb_backup2(fd, zone->db);
1138  fprintf(fd, "%s\n", ODS_SE_FILE_MAGIC_V3);
1139  ods_fclose(fd);
1140  ret = rename(tmpfile, filename);
1141  if (ret != 0) {
1142  ods_log_error("[%s] unable to rename zone %s backup %s to %s: %s",
1143  zone_str, zone->name, tmpfile, filename, strerror(errno));
1144  status = ODS_STATUS_RENAME_ERR;
1145  }
1146  } else {
1147  status = ODS_STATUS_FOPEN_ERR;
1148  }
1149 
1150  free((void*) tmpfile);
1151  free((void*) filename);
1152  return status;
1153 }
void ods_log_alert(const char *format,...)
Definition: log.c:366
signconf_type * signconf_create(void)
Definition: signconf.c:47
ods_status zone_del_nsec3params(zone_type *zone)
Definition: zone.c:693
void ixfr_cleanup(ixfr_type *ixfr)
Definition: ixfr.c:320
rr_type * rrset_lookup_rr(rrset_type *rrset, ldns_rr *rr)
Definition: rrset.c:219
uint32_t default_ttl
Definition: zone.h:70
int backup_read_str(FILE *in, const char **str)
Definition: backup.c:97
uint32_t nsec3_iterations
Definition: signconf.h:66
uint32_t intserial
Definition: namedb.h:52
void zone_cleanup(zone_type *zone)
Definition: zone.c:798
duration_type * sig_inception_offset
Definition: signconf.h:60
int publish
Definition: keys.h:60
void signconf_backup(FILE *fd, signconf_type *sc, const char *version)
Definition: signconf.c:222
size_t rr_count
Definition: rrset.h:79
int adapter_compare(adapter_type *a1, adapter_type *a2)
Definition: adapter.c:231
void domain_add_rrset(domain_type *domain, rrset_type *rrset)
Definition: domain.c:189
rrset_type * domain_lookup_rrset(domain_type *domain, ldns_rr_type rrtype)
Definition: domain.c:170
void ods_log_debug(const char *format,...)
Definition: log.c:270
time_t when
Definition: task.h:59
duration_type * soa_min
Definition: signconf.h:74
uint32_t time_datestamp(time_t tt, const char *format, char **str)
Definition: duration.c:531
int backup_read_duration(FILE *in, duration_type **v)
Definition: backup.c:131
void zone_merge(zone_type *z1, zone_type *z2)
Definition: zone.c:732
stats_type * stats_create(void)
Definition: stats.c:40
ldns_rr * dnskey
Definition: keys.h:55
#define lock_basic_destroy(lock)
Definition: locks.h:93
const char * nsec3_salt
Definition: signconf.h:67
const char * soa_serial
Definition: signconf.h:75
task_id interrupt
Definition: task.h:57
keylist_type * keys
Definition: signconf.h:71
duration_type * soa_ttl
Definition: signconf.h:73
void * allocator_alloc(allocator_type *allocator, size_t size)
Definition: allocator.c:66
duration_type * sig_validity_default
Definition: signconf.h:57
char * notify_command
Definition: zone.h:72
uint16_t iterations
Definition: nsec3params.h:57
void signconf_cleanup(signconf_type *sc)
Definition: signconf.c:564
void namedb_cleanup(namedb_type *db)
Definition: namedb.c:1154
rrset_type * rrset_create(void *zoneptr, ldns_rr_type type)
Definition: rrset.c:187
int backup_read_rr_type(FILE *in, ldns_rr_type *v)
Definition: backup.c:148
unsigned have_serial
Definition: namedb.h:59
duration_type * sig_validity_denial
Definition: signconf.h:58
duration_type * nsec3param_ttl
Definition: signconf.h:62
ods_status zone_recover2(zone_type *zone)
Definition: zone.c:836
ods_status schedule_task(schedule_type *schedule, task_type *task, int log)
Definition: schedule.c:146
int backup_read_time_t(FILE *in, time_t *v)
Definition: backup.c:114
enum ods_enum_status ods_status
Definition: status.h:90
lock_basic_type zone_lock
Definition: zone.h:95
rr_type * rrset_add_rr(rrset_type *rrset, ldns_rr *rr)
Definition: rrset.c:269
void ods_log_error(const char *format,...)
Definition: log.c:334
uint32_t outserial
Definition: namedb.h:53
lock_basic_type stats_lock
Definition: stats.h:67
int32_t sort_count
Definition: stats.h:55
const char * ods_status2str(ods_status status)
Definition: status.c:111
#define SE_SOA_RDATA_SERIAL
Definition: util.h:47
ods_status namedb_update_serial(namedb_type *db, const char *zone_name, const char *format, uint32_t inbound_serial)
Definition: namedb.c:198
zone_zl_status zl_status
Definition: zone.h:79
Definition: task.h:45
int ods_strcmp(const char *s1, const char *s2)
Definition: file.c:320
int backup_read_int(FILE *in, int *v)
Definition: backup.c:165
zone_type * zone_create(char *name, ldns_rr_class klass)
Definition: zone.c:54
ods_status backup_read_ixfr(FILE *in, void *zone)
Definition: backup.c:520
ldns_rr_type nsec_type
Definition: signconf.h:63
void namedb_backup2(FILE *fd, namedb_type *db)
Definition: namedb.c:1176
void notify_cleanup(notify_type *notify)
Definition: notify.c:590
void nsec3params_backup(FILE *fd, uint8_t algo, uint8_t flags, uint16_t iter, const char *salt, ldns_rr *rr, const char *version)
Definition: nsec3params.c:143
enum task_id_enum task_id
Definition: task.h:48
adapter_type * adoutbound
Definition: zone.h:82
FILE * ods_fopen(const char *file, const char *dir, const char *mode)
Definition: file.c:190
nsec3params_type * nsec3params_create(void *sc, uint8_t algo, uint8_t flags, uint16_t iter, const char *salt)
Definition: nsec3params.c:103
unsigned exists
Definition: rrset.h:62
ods_status backup_read_namedb(FILE *in, void *zone)
Definition: backup.c:328
ods_status zone_publish_nsec3param(zone_type *zone)
Definition: zone.c:335
duration_type * sig_refresh_interval
Definition: signconf.h:56
#define lock_basic_lock(lock)
Definition: locks.h:94
uint8_t * salt_data
Definition: nsec3params.h:59
namedb_type * db
Definition: zone.h:86
unsigned is_removed
Definition: rrset.h:64
ixfr_type * ixfr
Definition: zone.h:87
uint32_t inbserial
Definition: namedb.h:51
allocator_type * allocator_create(void *(*allocator)(size_t size), void(*deallocator)(void *))
Definition: allocator.c:47
time_t halted_when
Definition: task.h:60
ods_status lhsm_get_key(hsm_ctx_t *ctx, ldns_rdf *owner, key_type *key_id)
Definition: hsm.c:82
unsigned serial_updated
Definition: namedb.h:57
unsigned is_initialized
Definition: namedb.h:55
key_type * keys
Definition: keys.h:73
int lock_basic_type
Definition: locks.h:91
ods_status namedb_domain_entize(namedb_type *db, domain_type *domain, ldns_rdf *apex)
Definition: namedb.c:286
signconf_type * signconf
Definition: zone.h:84
ods_status zone_backup2(zone_type *zone)
Definition: zone.c:1087
ods_status zone_update_serial(zone_type *zone)
Definition: zone.c:472
adapter_type * adinbound
Definition: zone.h:81
task_id halted
Definition: task.h:58
char * allocator_strdup(allocator_type *allocator, const char *string)
Definition: allocator.c:121
ods_status zone_add_rr(zone_type *zone, ldns_rr *rr, int do_stats)
Definition: zone.c:567
void xfrd_cleanup(xfrd_type *xfrd, int backup)
Definition: xfrd.c:2196
domain_type * namedb_lookup_domain(namedb_type *db, ldns_rdf *dname)
Definition: namedb.c:343
unsigned is_apex
Definition: domain.h:62
char ** notify_args
Definition: zone.h:74
void stats_cleanup(stats_type *stats)
Definition: stats.c:107
task_type * unschedule_task(schedule_type *schedule, task_type *task)
Definition: schedule.c:191
const char * signconf_filename
Definition: zone.h:78
void zone_rollback_dnskeys(zone_type *zone)
Definition: zone.c:305
ods_status zone_publish_dnskeys(zone_type *zone)
Definition: zone.c:231
allocator_type * allocator
Definition: zone.h:67
ods_status zone_reschedule_task(zone_type *zone, schedule_type *taskq, task_id what)
Definition: zone.c:187
namedb_type * namedb_create(void *zone)
Definition: namedb.c:124
char * ods_build_path(const char *file, const char *suffix, int dir, int no_slash)
Definition: file.c:125
const char * notify_ns
Definition: zone.h:73
time_t duration2time(duration_type *duration)
Definition: duration.c:371
ods_status zone_del_rr(zone_type *zone, ldns_rr *rr, int do_stats)
Definition: zone.c:649
void zone_rollback_nsec3param(zone_type *zone)
Definition: zone.c:407
ldns_rr * rr
Definition: rrset.h:60
void ods_log_verbose(const char *format,...)
Definition: log.c:286
keylist_type * keylist_create(void *sc)
Definition: keys.c:47
time_t last_modified
Definition: signconf.h:78
lock_basic_type ixfr_lock
Definition: ixfr.h:62
ldns_rr_class klass
Definition: zone.h:69
rrset_type * zone_lookup_rrset(zone_type *zone, ldns_rdf *owner, ldns_rr_type type)
Definition: zone.c:548
uint32_t nsec3_algo
Definition: signconf.h:65
nsec3params_type * nsec3params
Definition: signconf.h:68
task_id what
Definition: task.h:56
#define lock_basic_init(lock)
Definition: locks.h:92
size_t count
Definition: keys.h:74
void ods_fclose(FILE *fd)
Definition: file.c:250
allocator_type * allocator
Definition: signconf.h:53
domain_type * namedb_add_domain(namedb_type *db, ldns_rdf *dname)
Definition: namedb.c:357
void allocator_cleanup(allocator_type *allocator)
Definition: allocator.c:151
duration_type * dnskey_ttl
Definition: signconf.h:70
const char * name
Definition: zone.h:76
ods_status zone_prepare_keys(zone_type *zone)
Definition: zone.c:432
int backup_read_check_str(FILE *in, const char *str)
Definition: backup.c:77
duration_type * sig_jitter
Definition: signconf.h:59
hsm_sign_params_t * params
Definition: keys.h:56
duration_type * sig_resign_interval
Definition: signconf.h:55
void ixfr_purge(ixfr_type *ixfr)
Definition: ixfr.c:275
void allocator_deallocate(allocator_type *allocator, void *data)
Definition: allocator.c:135
lock_basic_type schedule_lock
Definition: schedule.h:63
void rrset_diff(rrset_type *rrset, unsigned is_ixfr, unsigned more_coming)
Definition: rrset.c:344
notify_type * notify
Definition: zone.h:90
void * task
Definition: zone.h:92
const char * policy_name
Definition: zone.h:77
#define ods_log_assert(x)
Definition: log.h:154
ods_status zone_load_signconf(zone_type *zone, signconf_type **new_signconf)
Definition: zone.c:136
void adapter_cleanup(adapter_type *adapter)
Definition: adapter.c:253
xfrd_type * xfrd
Definition: zone.h:89
ixfr_type * ixfr_create(void *zone)
Definition: ixfr.c:100
unsigned is_added
Definition: rrset.h:63
#define lock_basic_unlock(lock)
Definition: locks.h:95
void ods_log_warning(const char *format,...)
Definition: log.c:318
key_type * key_recover2(FILE *fd, keylist_type *kl)
Definition: keys.c:308
void keylist_backup(FILE *fd, keylist_type *kl, const char *version)
Definition: keys.c:351
ldns_rdf * apex
Definition: zone.h:68
task_type * task_create(task_id what, time_t when, void *zone)
Definition: task.c:48
time_t time_now(void)
Definition: duration.c:513
ods_status signconf_update(signconf_type **signconf, const char *scfile, time_t last_modified)
Definition: signconf.c:161
ldns_rdf * dname
Definition: domain.h:58
stats_type * stats
Definition: zone.h:94
int backup_read_uint32_t(FILE *in, uint32_t *v)
Definition: backup.c:233
void * zone
Definition: domain.h:55
rr_type * rrs
Definition: rrset.h:77
void stats_clear(stats_type *stats)
Definition: stats.c:54
int nsec3_optout
Definition: signconf.h:64
lock_basic_type xfr_lock
Definition: zone.h:96