static isc_result_t
check_node(dns_rdataset_t *rootns, dns_name_t *name,
dns_rdatasetiter_t *rdsiter) {
isc_result_t result;
dns_rdataset_t rdataset;
dns_rdataset_init(&rdataset);
result = dns_rdatasetiter_first(rdsiter);
while (result == ISC_R_SUCCESS) {
dns_rdatasetiter_current(rdsiter, &rdataset);
switch (rdataset.type) {
case dns_rdatatype_a:
case dns_rdatatype_aaaa:
result = in_rootns(rootns, name);
if (result != ISC_R_SUCCESS)
goto cleanup;
break;
case dns_rdatatype_ns:
if (dns_name_compare(name, dns_rootname) == 0)
break;
/*FALLTHROUGH*/
default:
result = ISC_R_FAILURE;
goto cleanup;
}
dns_rdataset_disassociate(&rdataset);
result = dns_rdatasetiter_next(rdsiter);
}
if (result == ISC_R_NOMORE)
result = ISC_R_SUCCESS;
cleanup:
if (dns_rdataset_isassociated(&rdataset))
dns_rdataset_disassociate(&rdataset);
return (result);
}
static isc_result_t
db_rr_iterator_next(db_rr_iterator_t *it) {
if (it->result != ISC_R_SUCCESS)
return (it->result);
INSIST(it->dbit != NULL);
INSIST(it->node != NULL);
INSIST(it->rdatasetit != NULL);
it->result = dns_rdataset_next(&it->rdataset);
if (it->result == ISC_R_NOMORE) {
dns_rdataset_disassociate(&it->rdataset);
it->result = dns_rdatasetiter_next(it->rdatasetit);
/*
* The while loop body is executed more than once
* only when an empty dbnode needs to be skipped.
*/
while (it->result == ISC_R_NOMORE) {
dns_rdatasetiter_destroy(&it->rdatasetit);
dns_db_detachnode(it->db, &it->node);
it->result = dns_dbiterator_next(it->dbit);
if (it->result == ISC_R_NOMORE) {
/* We are at the end of the entire database. */
return (it->result);
}
if (it->result != ISC_R_SUCCESS)
return (it->result);
it->result = dns_dbiterator_current(it->dbit,
&it->node,
dns_fixedname_name(&it->fixedname));
if (it->result != ISC_R_SUCCESS)
return (it->result);
it->result = dns_db_allrdatasets(it->db, it->node,
it->ver, it->now,
&it->rdatasetit);
if (it->result != ISC_R_SUCCESS)
return (it->result);
it->result = dns_rdatasetiter_first(it->rdatasetit);
}
if (it->result != ISC_R_SUCCESS)
return (it->result);
dns_rdatasetiter_current(it->rdatasetit, &it->rdataset);
it->rdataset.attributes |= DNS_RDATASETATTR_LOADORDER;
it->result = dns_rdataset_first(&it->rdataset);
if (it->result != ISC_R_SUCCESS)
return (it->result);
}
return (it->result);
}
static void
print_rdatasets(dns_name_t *name, dns_rdatasetiter_t *rdsiter) {
isc_result_t result;
dns_rdataset_t rdataset;
dns_rdataset_init(&rdataset);
result = dns_rdatasetiter_first(rdsiter);
while (result == ISC_R_SUCCESS) {
dns_rdatasetiter_current(rdsiter, &rdataset);
print_rdataset(name, &rdataset);
dns_rdataset_disassociate(&rdataset);
result = dns_rdatasetiter_next(rdsiter);
}
if (result != ISC_R_NOMORE)
print_result("", result);
}
static inline isc_boolean_t active_node (dns_db_t * db, dns_dbversion_t * version, dns_dbnode_t * node)
{
dns_rdatasetiter_t *rdsiter;
isc_boolean_t active = ISC_FALSE;
isc_result_t result;
dns_rdataset_t rdataset;
dns_rdataset_init (&rdataset);
rdsiter = NULL;
result = dns_db_allrdatasets (db, node, version, 0, &rdsiter);
check_result (result, "dns_db_allrdatasets()");
result = dns_rdatasetiter_first (rdsiter);
while (result == ISC_R_SUCCESS)
{
dns_rdatasetiter_current (rdsiter, &rdataset);
if (rdataset.type != dns_rdatatype_nsec)
active = ISC_TRUE;
dns_rdataset_disassociate (&rdataset);
if (!active)
result = dns_rdatasetiter_next (rdsiter);
else
result = ISC_R_NOMORE;
}
if (result != ISC_R_NOMORE)
fatal ("rdataset iteration failed");
dns_rdatasetiter_destroy (&rdsiter);
if (!active)
{
/*
* Make sure there is no NSEC record for this node.
*/
result = dns_db_deleterdataset (db, node, version, dns_rdatatype_nsec, 0);
if (result == DNS_R_UNCHANGED)
result = ISC_R_SUCCESS;
check_result (result, "dns_db_deleterdataset");
}
return (active);
}
isc_result_t
dns_rriterator_nextrrset(dns_rriterator_t *it) {
REQUIRE(VALID_RRITERATOR(it));
if (dns_rdataset_isassociated(&it->rdataset))
dns_rdataset_disassociate(&it->rdataset);
it->result = dns_rdatasetiter_next(it->rdatasetit);
/*
* The while loop body is executed more than once
* only when an empty dbnode needs to be skipped.
*/
while (it->result == ISC_R_NOMORE) {
dns_rdatasetiter_destroy(&it->rdatasetit);
dns_db_detachnode(it->db, &it->node);
it->result = dns_dbiterator_next(it->dbit);
if (it->result == ISC_R_NOMORE) {
/* We are at the end of the entire database. */
return (it->result);
}
if (it->result != ISC_R_SUCCESS)
return (it->result);
it->result = dns_dbiterator_current(it->dbit, &it->node,
dns_fixedname_name(&it->fixedname));
if (it->result != ISC_R_SUCCESS)
return (it->result);
it->result = dns_db_allrdatasets(it->db, it->node, it->ver,
it->now, &it->rdatasetit);
if (it->result != ISC_R_SUCCESS)
return (it->result);
it->result = dns_rdatasetiter_first(it->rdatasetit);
}
if (it->result != ISC_R_SUCCESS)
return (it->result);
dns_rdatasetiter_current(it->rdatasetit, &it->rdataset);
dns_rdataset_getownercase(&it->rdataset,
dns_fixedname_name(&it->fixedname));
it->rdataset.attributes |= DNS_RDATASETATTR_LOADORDER;
it->result = dns_rdataset_first(&it->rdataset);
return (it->result);
}
int
main (int *argc, char **argv)
{
isc_mem_t *mctx = NULL;
isc_entropy_t *ectx = NULL;
isc_result_t result;
char *basedn;
ldap_info *tmp;
LDAPMod *base_attrs[2];
LDAPMod base;
isc_buffer_t buff;
char *zonefile;
char fullbasedn[1024];
char *ctmp;
dns_fixedname_t fixedzone, fixedname;
dns_rdataset_t rdataset;
char **dc_list;
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdatasetiter_t *riter;
dns_name_t *zone, *name;
dns_db_t *db = NULL;
dns_dbiterator_t *dbit = NULL;
dns_dbnode_t *node;
extern char *optarg;
extern int optind, opterr, optopt;
int create_base = 0;
int topt;
if ((int) argc < 2)
{
usage ();
exit (-1);
}
while ((topt = getopt ((int) argc, argv, "D:w:b:z:f:h:?dcv")) != -1)
{
switch (topt)
{
case 'v':
printf("%s\n", VERSION);
exit(0);
case 'c':
create_base++;
break;
case 'd':
debug++;
break;
case 'D':
binddn = strdup (optarg);
break;
case 'w':
bindpw = strdup (optarg);
break;
case 'b':
ldapbase = strdup (optarg);
break;
case 'z':
argzone = strdup (optarg);
// We wipe argzone all to hell when we parse it for the DN */
gbl_zone = strdup(argzone);
break;
case 'f':
zonefile = strdup (optarg);
break;
case 'h':
ldapsystem = strdup (optarg);
break;
case '?':
default:
usage ();
exit (0);
}
}
if ((argzone == NULL) || (zonefile == NULL))
{
usage ();
exit (-1);
}
if (debug)
printf ("Initializing ISC Routines, parsing zone file\n");
result = isc_mem_create (0, 0, &mctx);
isc_result_check (result, "isc_mem_create");
result = isc_entropy_create(mctx, &ectx);
isc_result_check (result, "isc_entropy_create");
result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
isc_result_check (result, "isc_hash_create");
isc_buffer_init (&buff, argzone, strlen (argzone));
isc_buffer_add (&buff, strlen (argzone));
dns_fixedname_init (&fixedzone);
zone = dns_fixedname_name (&fixedzone);
result = dns_name_fromtext (zone, &buff, dns_rootname, 0, NULL);
isc_result_check (result, "dns_name_fromtext");
result = dns_db_create (mctx, "rbt", zone, dns_dbtype_zone,
dns_rdataclass_in, 0, NULL, &db);
isc_result_check (result, "dns_db_create");
result = dns_db_load (db, zonefile);
isc_result_check (result, "Check Zone Syntax: dns_db_load");
result = dns_db_createiterator (db, 0, &dbit);
isc_result_check (result, "dns_db_createiterator");
result = dns_dbiterator_first (dbit);
isc_result_check (result, "dns_dbiterator_first");
dns_fixedname_init (&fixedname);
name = dns_fixedname_name (&fixedname);
dns_rdataset_init (&rdataset);
dns_rdata_init (&rdata);
while (result == ISC_R_SUCCESS)
{
node = NULL;
result = dns_dbiterator_current (dbit, &node, name);
if (result == ISC_R_NOMORE)
break;
isc_result_check (result, "dns_dbiterator_current");
riter = NULL;
result = dns_db_allrdatasets (db, node, NULL, 0, &riter);
isc_result_check (result, "dns_db_allrdatasets");
result = dns_rdatasetiter_first (riter);
//isc_result_check(result, "dns_rdatasetiter_first");
while (result == ISC_R_SUCCESS)
{
dns_rdatasetiter_current (riter, &rdataset);
result = dns_rdataset_first (&rdataset);
isc_result_check (result, "dns_rdatasetiter_current");
while (result == ISC_R_SUCCESS)
{
dns_rdataset_current (&rdataset, &rdata);
generate_ldap (name, &rdata, rdataset.ttl);
dns_rdata_reset (&rdata);
result = dns_rdataset_next (&rdataset);
}
dns_rdataset_disassociate (&rdataset);
result = dns_rdatasetiter_next (riter);
}
dns_rdatasetiter_destroy (&riter);
result = dns_dbiterator_next (dbit);
}
/* Initialize the LDAP Connection */
if (debug)
printf ("Initializing LDAP Connection to %s as %s\n", ldapsystem, binddn);
init_ldap_conn ();
if (create_base)
{
if (debug)
printf ("Creating base zone DN %s\n", argzone);
dc_list = hostname_to_dn_list (argzone, argzone, DNS_TOP);
basedn = build_dn_from_dc_list (dc_list, 0, NO_SPEC);
for (ctmp = &basedn[strlen (basedn)]; ctmp >= &basedn[0]; ctmp--)
{
if ((*ctmp == ',') || (ctmp == &basedn[0]))
{
base.mod_op = LDAP_MOD_ADD;
base.mod_type = "objectClass";
base.mod_values = topObjectClasses;
base_attrs[0] = &base;
base_attrs[1] = NULL;
if (ldapbase)
{
if (ctmp != &basedn[0])
sprintf (fullbasedn, "%s,%s", ctmp + 1, ldapbase);
else
sprintf (fullbasedn, "%s,%s", ctmp, ldapbase);
}
else
{
if (ctmp != &basedn[0])
sprintf (fullbasedn, "%s", ctmp + 1);
else
sprintf (fullbasedn, "%s", ctmp);
}
result = ldap_add_s (conn, fullbasedn, base_attrs);
ldap_result_check ("intial ldap_add_s", fullbasedn, result);
}
}
}
else
{
if (debug)
printf ("Skipping zone base dn creation for %s\n", argzone);
}
for (tmp = ldap_info_base; tmp != NULL; tmp = tmp->next)
{
if (debug)
printf ("Adding DN: %s\n", tmp->dn);
add_ldap_values (tmp);
}
if (debug)
printf("Operation Complete.\n");
/* Cleanup */
isc_hash_destroy();
isc_entropy_detach(&ectx);
isc_mem_destroy(&mctx);
if (zonefile)
free(zonefile);
return 0;
}
static isc_result_t
iterate_node(lwres_grbnresponse_t *grbn, dns_db_t *db, dns_dbnode_t *node,
isc_mem_t *mctx)
{
int used = 0, count;
int size = 8, oldsize = 0;
unsigned char **rdatas = NULL, **oldrdatas = NULL, **newrdatas = NULL;
lwres_uint16_t *lens = NULL, *oldlens = NULL, *newlens = NULL;
dns_rdatasetiter_t *iter = NULL;
dns_rdataset_t set;
dns_ttl_t ttl = ISC_INT32_MAX;
lwres_uint32_t flags = LWRDATA_VALIDATED;
isc_result_t result = ISC_R_NOMEMORY;
result = dns_db_allrdatasets(db, node, NULL, 0, &iter);
if (result != ISC_R_SUCCESS)
goto out;
rdatas = isc_mem_get(mctx, size * sizeof(*rdatas));
if (rdatas == NULL)
goto out;
lens = isc_mem_get(mctx, size * sizeof(*lens));
if (lens == NULL)
goto out;
for (result = dns_rdatasetiter_first(iter);
result == ISC_R_SUCCESS;
result = dns_rdatasetiter_next(iter))
{
result = ISC_R_NOMEMORY;
dns_rdataset_init(&set);
dns_rdatasetiter_current(iter, &set);
if (set.type != dns_rdatatype_rrsig) {
dns_rdataset_disassociate(&set);
continue;
}
count = dns_rdataset_count(&set);
if (used + count > size) {
/* copy & reallocate */
oldsize = size;
oldrdatas = rdatas;
oldlens = lens;
rdatas = NULL;
lens = NULL;
size *= 2;
rdatas = isc_mem_get(mctx, size * sizeof(*rdatas));
if (rdatas == NULL)
goto out;
lens = isc_mem_get(mctx, size * sizeof(*lens));
if (lens == NULL)
goto out;
memmove(rdatas, oldrdatas, used * sizeof(*rdatas));
memmove(lens, oldlens, used * sizeof(*lens));
isc_mem_put(mctx, oldrdatas,
oldsize * sizeof(*oldrdatas));
isc_mem_put(mctx, oldlens, oldsize * sizeof(*oldlens));
oldrdatas = NULL;
oldlens = NULL;
}
if (set.ttl < ttl)
ttl = set.ttl;
if (set.trust != dns_trust_secure)
flags &= (~LWRDATA_VALIDATED);
result = fill_array(&used, &set, size, rdatas, lens);
dns_rdataset_disassociate(&set);
if (result != ISC_R_SUCCESS)
goto out;
}
if (result == ISC_R_NOMORE)
result = ISC_R_SUCCESS;
if (result != ISC_R_SUCCESS)
goto out;
dns_rdatasetiter_destroy(&iter);
/*
* If necessary, shrink and copy the arrays.
*/
if (size != used) {
result = ISC_R_NOMEMORY;
newrdatas = isc_mem_get(mctx, used * sizeof(*rdatas));
if (newrdatas == NULL)
goto out;
newlens = isc_mem_get(mctx, used * sizeof(*lens));
if (newlens == NULL)
goto out;
memmove(newrdatas, rdatas, used * sizeof(*rdatas));
memmove(newlens, lens, used * sizeof(*lens));
isc_mem_put(mctx, rdatas, size * sizeof(*rdatas));
isc_mem_put(mctx, lens, size * sizeof(*lens));
grbn->rdatas = newrdatas;
grbn->rdatalen = newlens;
} else {
grbn->rdatas = rdatas;
grbn->rdatalen = lens;
}
grbn->nrdatas = used;
grbn->ttl = ttl;
grbn->flags = flags;
return (ISC_R_SUCCESS);
out:
dns_rdatasetiter_destroy(&iter);
if (rdatas != NULL)
isc_mem_put(mctx, rdatas, size * sizeof(*rdatas));
if (lens != NULL)
isc_mem_put(mctx, lens, size * sizeof(*lens));
if (oldrdatas != NULL)
isc_mem_put(mctx, oldrdatas, oldsize * sizeof(*oldrdatas));
if (oldlens != NULL)
isc_mem_put(mctx, oldlens, oldsize * sizeof(*oldlens));
if (newrdatas != NULL)
isc_mem_put(mctx, newrdatas, used * sizeof(*oldrdatas));
return (result);
}
isc_result_t
dns_nsec_buildrdata(dns_db_t *db, dns_dbversion_t *version,
dns_dbnode_t *node, dns_name_t *target,
unsigned char *buffer, dns_rdata_t *rdata)
{
isc_result_t result;
dns_rdataset_t rdataset;
isc_region_t r;
unsigned int i, window;
int octet;
unsigned char *nsec_bits, *bm;
unsigned int max_type;
dns_rdatasetiter_t *rdsiter;
memset(buffer, 0, DNS_NSEC_BUFFERSIZE);
dns_name_toregion(target, &r);
memcpy(buffer, r.base, r.length);
r.base = buffer;
/*
* Use the end of the space for a raw bitmap leaving enough
* space for the window identifiers and length octets.
*/
bm = r.base + r.length + 512;
nsec_bits = r.base + r.length;
set_bit(bm, dns_rdatatype_rrsig, 1);
set_bit(bm, dns_rdatatype_nsec, 1);
max_type = dns_rdatatype_nsec;
dns_rdataset_init(&rdataset);
rdsiter = NULL;
result = dns_db_allrdatasets(db, node, version, 0, &rdsiter);
if (result != ISC_R_SUCCESS)
return (result);
for (result = dns_rdatasetiter_first(rdsiter);
result == ISC_R_SUCCESS;
result = dns_rdatasetiter_next(rdsiter))
{
dns_rdatasetiter_current(rdsiter, &rdataset);
if (rdataset.type != dns_rdatatype_nsec &&
rdataset.type != dns_rdatatype_nsec3 &&
rdataset.type != dns_rdatatype_rrsig) {
if (rdataset.type > max_type)
max_type = rdataset.type;
set_bit(bm, rdataset.type, 1);
}
dns_rdataset_disassociate(&rdataset);
}
/*
* At zone cuts, deny the existence of glue in the parent zone.
*/
if (bit_isset(bm, dns_rdatatype_ns) &&
! bit_isset(bm, dns_rdatatype_soa)) {
for (i = 0; i <= max_type; i++) {
if (bit_isset(bm, i) &&
! dns_rdatatype_iszonecutauth((dns_rdatatype_t)i))
set_bit(bm, i, 0);
}
}
dns_rdatasetiter_destroy(&rdsiter);
if (result != ISC_R_NOMORE)
return (result);
for (window = 0; window < 256; window++) {
if (window * 256 > max_type)
break;
for (octet = 31; octet >= 0; octet--)
if (bm[window * 32 + octet] != 0)
break;
if (octet < 0)
continue;
nsec_bits[0] = window;
nsec_bits[1] = octet + 1;
/*
* Note: potential overlapping move.
*/
memmove(&nsec_bits[2], &bm[window * 32], octet + 1);
nsec_bits += 3 + octet;
}
r.length = nsec_bits - r.base;
INSIST(r.length <= DNS_NSEC_BUFFERSIZE);
dns_rdata_fromregion(rdata,
dns_db_class(db),
dns_rdatatype_nsec,
&r);
return (ISC_R_SUCCESS);
}
int
main(int argc, char **argv) {
char *porigin, *zonefile;
dns_fixedname_t forigin, fname;
dns_name_t *origin, *name;
dns_db_t *db = NULL;
dns_dbiterator_t *dbiter;
dns_dbnode_t *node;
dns_rdatasetiter_t *rdsiter;
dns_rdataset_t rdataset;
dns_rdata_t rdata = DNS_RDATA_INIT;
isc_mem_t *mctx = NULL;
isc_entropy_t *ectx = NULL;
isc_buffer_t b;
isc_result_t result;
PGresult *res;
if (argc != 5) {
printf("usage: %s origin file dbname dbtable\n", argv[0]);
printf("Note that dbname must be an existing database.\n");
exit(1);
}
porigin = argv[1];
zonefile = argv[2];
dbname = argv[3];
dbtable = argv[4];
dns_result_register();
mctx = NULL;
result = isc_mem_create(0, 0, &mctx);
check_result(result, "isc_mem_create");
result = isc_entropy_create(mctx, &ectx);
result_check (result, "isc_entropy_create");
result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
check_result (result, "isc_hash_create");
isc_buffer_init(&b, porigin, strlen(porigin));
isc_buffer_add(&b, strlen(porigin));
dns_fixedname_init(&forigin);
origin = dns_fixedname_name(&forigin);
result = dns_name_fromtext(origin, &b, dns_rootname, ISC_FALSE, NULL);
check_result(result, "dns_name_fromtext");
db = NULL;
result = dns_db_create(mctx, "rbt", origin, dns_dbtype_zone,
dns_rdataclass_in, 0, NULL, &db);
check_result(result, "dns_db_create");
result = dns_db_load(db, zonefile);
if (result == DNS_R_SEENINCLUDE)
result = ISC_R_SUCCESS;
check_result(result, "dns_db_load");
printf("Connecting to '%s'\n", dbname);
conn = PQsetdb(NULL, NULL, NULL, NULL, dbname);
if (PQstatus(conn) == CONNECTION_BAD) {
fprintf(stderr, "Connection to database '%s' failed: %s\n",
dbname, PQerrorMessage(conn));
closeandexit(1);
}
snprintf(str, sizeof(str),
"DROP TABLE %s", dbtable);
printf("%s\n", str);
res = PQexec(conn, str);
if (!res || PQresultStatus(res) != PGRES_COMMAND_OK)
fprintf(stderr, "DROP TABLE command failed: %s\n",
PQresultErrorMessage(res));
PQclear(res);
snprintf(str, sizeof(str), "BEGIN");
printf("%s\n", str);
res = PQexec(conn, str);
if (!res || PQresultStatus(res) != PGRES_COMMAND_OK) {
fprintf(stderr, "BEGIN command failed: %s\n",
PQresultErrorMessage(res));
PQclear(res);
closeandexit(1);
}
PQclear(res);
snprintf(str, sizeof(str),
"CREATE TABLE %s "
"(NAME TEXT, TTL INTEGER, RDTYPE TEXT, RDATA TEXT)",
dbtable);
printf("%s\n", str);
res = PQexec(conn, str);
if (!res || PQresultStatus(res) != PGRES_COMMAND_OK) {
fprintf(stderr, "CREATE TABLE command failed: %s\n",
PQresultErrorMessage(res));
PQclear(res);
closeandexit(1);
}
PQclear(res);
dbiter = NULL;
result = dns_db_createiterator(db, ISC_FALSE, &dbiter);
check_result(result, "dns_db_createiterator()");
result = dns_dbiterator_first(dbiter);
check_result(result, "dns_dbiterator_first");
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
dns_rdataset_init(&rdataset);
dns_rdata_init(&rdata);
while (result == ISC_R_SUCCESS) {
node = NULL;
result = dns_dbiterator_current(dbiter, &node, name);
if (result == ISC_R_NOMORE)
break;
check_result(result, "dns_dbiterator_current");
rdsiter = NULL;
result = dns_db_allrdatasets(db, node, NULL, 0, &rdsiter);
check_result(result, "dns_db_allrdatasets");
result = dns_rdatasetiter_first(rdsiter);
while (result == ISC_R_SUCCESS) {
dns_rdatasetiter_current(rdsiter, &rdataset);
result = dns_rdataset_first(&rdataset);
check_result(result, "dns_rdataset_first");
while (result == ISC_R_SUCCESS) {
dns_rdataset_current(&rdataset, &rdata);
addrdata(name, rdataset.ttl, &rdata);
dns_rdata_reset(&rdata);
result = dns_rdataset_next(&rdataset);
}
dns_rdataset_disassociate(&rdataset);
result = dns_rdatasetiter_next(rdsiter);
}
dns_rdatasetiter_destroy(&rdsiter);
dns_db_detachnode(db, &node);
result = dns_dbiterator_next(dbiter);
}
snprintf(str, sizeof(str), "COMMIT TRANSACTION");
printf("%s\n", str);
res = PQexec(conn, str);
if (!res || PQresultStatus(res) != PGRES_COMMAND_OK) {
fprintf(stderr, "COMMIT command failed: %s\n",
PQresultErrorMessage(res));
PQclear(res);
closeandexit(1);
}
PQclear(res);
dns_dbiterator_destroy(&dbiter);
dns_db_detach(&db);
isc_hash_destroy();
isc_entropy_detach(&ectx);
isc_mem_destroy(&mctx);
closeandexit(0);
exit(0);
}
int
main(int argc, char *argv[])
{
char *sql;
int res;
char *errmsg = NULL;
char *porigin, *zonefile;
dns_fixedname_t forigin, fname;
dns_name_t *origin, *name;
dns_db_t *db = NULL;
dns_dbiterator_t *dbiter;
dns_dbnode_t *node;
dns_rdatasetiter_t *rdsiter;
dns_rdataset_t rdataset;
dns_rdata_t rdata = DNS_RDATA_INIT;
isc_mem_t *mctx = NULL;
isc_entropy_t *ectx = NULL;
isc_buffer_t b;
isc_result_t result;
if (argc != 5) {
printf("usage: %s <zone> <zonefile> <dbfile> <dbtable>\n", argv[0]);
exit(1);
}
porigin = argv[1];
zonefile = argv[2];
dbi.filename = argv[3];
dbi.table = argv[4];
dns_result_register();
result = isc_mem_create(0, 0, &mctx);
check_result(result, "isc_mem_create");
result = isc_entropy_create(mctx, &ectx);
check_result(result, "isc_entropy_create");
result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
check_result(result, "isc_hash_create");
isc_buffer_init(&b, porigin, strlen(porigin));
isc_buffer_add(&b, strlen(porigin));
dns_fixedname_init(&forigin);
origin = dns_fixedname_name(&forigin);
result = dns_name_fromtext(origin, &b, dns_rootname, 0, NULL);
check_result(result, "dns_name_fromtext");
db = NULL;
result = dns_db_create(mctx, "rbt", origin, dns_dbtype_zone,
dns_rdataclass_in, 0, NULL, &db);
check_result(result, "dns_db_create");
result = dns_db_load(db, zonefile);
if (result == DNS_R_SEENINCLUDE)
result = ISC_R_SUCCESS;
check_result(result, "dns_db_load");
printf("Connecting to '%s'\n", dbi.filename);
if ((result = db_connect(&dbi)) != ISC_R_SUCCESS) {
fprintf(stderr, "Connection to database '%s' failed\n",
dbi.filename);
closeandexit(1);
}
sql = sqlite3_mprintf("DROP TABLE %q ", dbi.table);
printf("%s\n", sql);
res = sqlite3_exec(dbi.db, sql, NULL, NULL, &errmsg);
sqlite3_free(sql);
#if 0
if (res != SQLITE_OK) {
fprintf(stderr, "DROP TABLE %s failed: %s\n",
dbi.table, errmsg);
}
#endif
#if 0
sql = sqlite3_mprintf(sql, "BEGIN TRANSACTION");
printf("%s\n", sql);
res = sqlite3_exec(dbi.db, sql, NULL, NULL, &errmsg);
sqlite3_free(sql);
if (res != SQLITE_OK) {
fprintf(stderr, "BEGIN TRANSACTION failed: %s\n", errmsg);
closeandexit(1);
}
#endif
sql = sqlite3_mprintf(
"CREATE TABLE %q "
"(NAME TEXT, TTL INTEGER, RDTYPE TEXT, RDATA TEXT) ",
dbi.table);
printf("%s\n", sql);
res = sqlite3_exec(dbi.db, sql, NULL, NULL, &errmsg);
sqlite3_free(sql);
if (res != SQLITE_OK) {
fprintf(stderr, "CREATE TABLE %s failed: %s\n",
dbi.table, errmsg);
closeandexit(1);
}
dbiter = NULL;
result = dns_db_createiterator(db, 0, &dbiter);
check_result(result, "dns_db_createiterator()");
result = dns_dbiterator_first(dbiter);
check_result(result, "dns_dbiterator_first");
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
dns_rdataset_init(&rdataset);
dns_rdata_init(&rdata);
while (result == ISC_R_SUCCESS) {
node = NULL;
result = dns_dbiterator_current(dbiter, &node, name);
if (result == ISC_R_NOMORE)
break;
check_result(result, "dns_dbiterator_current");
rdsiter = NULL;
result = dns_db_allrdatasets(db, node, NULL, 0, &rdsiter);
check_result(result, "dns_db_allrdatasets");
result = dns_rdatasetiter_first(rdsiter);
while (result == ISC_R_SUCCESS) {
dns_rdatasetiter_current(rdsiter, &rdataset);
result = dns_rdataset_first(&rdataset);
check_result(result, "dns_rdataset_first");
while (result == ISC_R_SUCCESS) {
dns_rdataset_current(&rdataset, &rdata);
addrdata(name, rdataset.ttl, &rdata);
dns_rdata_reset(&rdata);
result = dns_rdataset_next(&rdataset);
}
dns_rdataset_disassociate(&rdataset);
result = dns_rdatasetiter_next(rdsiter);
}
dns_rdatasetiter_destroy(&rdsiter);
dns_db_detachnode(db, &node);
result = dns_dbiterator_next(dbiter);
}
#if 0
sql = sqlite3_mprintf(sql, "COMMIT TRANSACTION ");
printf("%s\n", sql);
res = sqlite3_exec(dbi.db, sql, NULL, NULL, &errmsg);
sqlite3_free(sql);
if (res != SQLITE_OK) {
fprintf(stderr, "COMMIT TRANSACTION failed: %s\n", errmsg);
closeandexit(1);
}
#endif
dns_dbiterator_destroy(&dbiter);
dns_db_detach(&db);
isc_hash_destroy();
isc_entropy_detach(&ectx);
isc_mem_destroy(&mctx);
closeandexit(0);
exit(0);
}
int
main(int argc, char *argv[])
{
isc_mem_t *mctx = NULL;
isc_buffer_t b;
int n;
dns_fixedname_t origin, name;
dns_db_t *db = NULL;
dns_dbiterator_t *dbiter = NULL;
isc_result_t res;
dns_dbnode_t *node = NULL;
dns_rdataset_t rdataset;
dns_rdatasetiter_t *rdatasetiter = NULL;
dns_rdata_t rdata;
DB *bdb;
if (argc != 4) usage(*argv);
REQUIRE(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
n = strlen(argv[1]);
isc_buffer_init(&b, argv[1], n);
isc_buffer_add(&b, n);
dns_fixedname_init(&origin);
REQUIRE(dns_name_fromtext(dns_fixedname_name(&origin), &b, dns_rootname,
0, NULL) == ISC_R_SUCCESS);
REQUIRE(dns_db_create(mctx, "rbt", dns_fixedname_name(&origin),
dns_dbtype_zone, dns_rdataclass_in, 0, NULL,
&db) == ISC_R_SUCCESS);
REQUIRE(dns_db_load(db, argv[2]) == ISC_R_SUCCESS);
REQUIRE(dns_db_createiterator(db, 0, &dbiter) == ISC_R_SUCCESS);
dns_rdataset_init(&rdataset);
dns_rdata_init(&rdata);
dns_fixedname_init(&name);
bdb = bdb_init(argv[3]);
for (res = dns_dbiterator_first(dbiter); res == ISC_R_SUCCESS;
res = dns_dbiterator_next(dbiter)) {
dns_dbiterator_current(dbiter, &node, dns_fixedname_name(&name));
REQUIRE(dns_db_allrdatasets(db, node, NULL, 0, &rdatasetiter)
== ISC_R_SUCCESS);
for (res = dns_rdatasetiter_first(rdatasetiter);
res == ISC_R_SUCCESS;
res = dns_rdatasetiter_next(rdatasetiter)) {
dns_rdatasetiter_current(rdatasetiter, &rdataset);
res = dns_rdataset_first(&rdataset);
while (res == ISC_R_SUCCESS) {
dns_rdataset_current(&rdataset, &rdata);
REQUIRE(bdb_putrdata(bdb,
dns_fixedname_name(&name),
rdataset.ttl, &rdata)
== ISC_R_SUCCESS);
dns_rdata_reset(&rdata);
res = dns_rdataset_next(&rdataset);
}
dns_rdataset_disassociate(&rdataset);
}
dns_rdatasetiter_destroy(&rdatasetiter);
dns_db_detachnode(db, &node);
}
dns_dbiterator_destroy(&dbiter);
REQUIRE(bdb_destroy(bdb) == ISC_R_SUCCESS);
return 0;
}
isc_result_t
dns_nsec3_buildrdata(dns_db_t *db, dns_dbversion_t *version,
dns_dbnode_t *node, unsigned int hashalg,
unsigned int flags, unsigned int iterations,
const unsigned char *salt, size_t salt_length,
const unsigned char *nexthash, size_t hash_length,
unsigned char *buffer, dns_rdata_t *rdata)
{
isc_result_t result;
dns_rdataset_t rdataset;
isc_region_t r;
unsigned int i, window;
int octet;
isc_boolean_t found;
isc_boolean_t found_ns;
isc_boolean_t need_rrsig;
unsigned char *nsec_bits, *bm;
unsigned int max_type;
dns_rdatasetiter_t *rdsiter;
unsigned char *p;
REQUIRE(salt_length < 256U);
REQUIRE(hash_length < 256U);
REQUIRE(flags <= 0xffU);
REQUIRE(hashalg <= 0xffU);
REQUIRE(iterations <= 0xffffU);
switch (hashalg) {
case dns_hash_sha1:
REQUIRE(hash_length == ISC_SHA1_DIGESTLENGTH);
break;
}
memset(buffer, 0, DNS_NSEC3_BUFFERSIZE);
p = buffer;
*p++ = hashalg;
*p++ = flags;
*p++ = iterations >> 8;
*p++ = iterations;
*p++ = salt_length;
memcpy(p, salt, salt_length);
p += salt_length;
*p++ = hash_length;
memcpy(p, nexthash, hash_length);
p += hash_length;
r.length = p - buffer;
r.base = buffer;
/*
* Use the end of the space for a raw bitmap leaving enough
* space for the window identifiers and length octets.
*/
bm = r.base + r.length + 512;
nsec_bits = r.base + r.length;
max_type = 0;
if (node == NULL)
goto collapse_bitmap;
dns_rdataset_init(&rdataset);
rdsiter = NULL;
result = dns_db_allrdatasets(db, node, version, 0, &rdsiter);
if (result != ISC_R_SUCCESS)
return (result);
found = found_ns = need_rrsig = ISC_FALSE;
for (result = dns_rdatasetiter_first(rdsiter);
result == ISC_R_SUCCESS;
result = dns_rdatasetiter_next(rdsiter))
{
dns_rdatasetiter_current(rdsiter, &rdataset);
if (rdataset.type != dns_rdatatype_nsec &&
rdataset.type != dns_rdatatype_nsec3 &&
rdataset.type != dns_rdatatype_rrsig) {
if (rdataset.type > max_type)
max_type = rdataset.type;
set_bit(bm, rdataset.type, 1);
/*
* Work out if we need to set the RRSIG bit for
* this node. We set the RRSIG bit if either of
* the following conditions are met:
* 1) We have a SOA or DS then we need to set
* the RRSIG bit as both always will be signed.
* 2) We set the RRSIG bit if we don't have
* a NS record but do have other data.
*/
if (rdataset.type == dns_rdatatype_soa ||
rdataset.type == dns_rdatatype_ds)
need_rrsig = ISC_TRUE;
else if (rdataset.type == dns_rdatatype_ns)
found_ns = ISC_TRUE;
else
found = ISC_TRUE;
}
dns_rdataset_disassociate(&rdataset);
}
if ((found && !found_ns) || need_rrsig) {
if (dns_rdatatype_rrsig > max_type)
max_type = dns_rdatatype_rrsig;
set_bit(bm, dns_rdatatype_rrsig, 1);
}
/*
* At zone cuts, deny the existence of glue in the parent zone.
*/
if (bit_isset(bm, dns_rdatatype_ns) &&
! bit_isset(bm, dns_rdatatype_soa)) {
for (i = 0; i <= max_type; i++) {
if (bit_isset(bm, i) &&
! dns_rdatatype_iszonecutauth((dns_rdatatype_t)i))
set_bit(bm, i, 0);
}
}
dns_rdatasetiter_destroy(&rdsiter);
if (result != ISC_R_NOMORE)
return (result);
collapse_bitmap:
for (window = 0; window < 256; window++) {
if (window * 256 > max_type)
break;
for (octet = 31; octet >= 0; octet--)
if (bm[window * 32 + octet] != 0)
break;
if (octet < 0)
continue;
nsec_bits[0] = window;
nsec_bits[1] = octet + 1;
/*
* Note: potentially overlapping move.
*/
memmove(&nsec_bits[2], &bm[window * 32], octet + 1);
nsec_bits += 3 + octet;
}
r.length = nsec_bits - r.base;
INSIST(r.length <= DNS_NSEC3_BUFFERSIZE);
dns_rdata_fromregion(rdata, dns_db_class(db), dns_rdatatype_nsec3, &r);
return (ISC_R_SUCCESS);
}
/*% scan the zone for oversize TTLs */
static isc_result_t
check_ttls(dns_zone_t *zone, dns_ttl_t maxttl) {
isc_result_t result;
dns_db_t *db = NULL;
dns_dbversion_t *version = NULL;
dns_dbnode_t *node = NULL;
dns_dbiterator_t *dbiter = NULL;
dns_rdatasetiter_t *rdsiter = NULL;
dns_rdataset_t rdataset;
dns_fixedname_t fname;
dns_name_t *name;
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
dns_rdataset_init(&rdataset);
CHECK(dns_zone_getdb(zone, &db));
INSIST(db != NULL);
CHECK(dns_db_newversion(db, &version));
CHECK(dns_db_createiterator(db, 0, &dbiter));
for (result = dns_dbiterator_first(dbiter);
result == ISC_R_SUCCESS;
result = dns_dbiterator_next(dbiter)) {
result = dns_dbiterator_current(dbiter, &node, name);
if (result == DNS_R_NEWORIGIN)
result = ISC_R_SUCCESS;
CHECK(result);
CHECK(dns_db_allrdatasets(db, node, version, 0, &rdsiter));
for (result = dns_rdatasetiter_first(rdsiter);
result == ISC_R_SUCCESS;
result = dns_rdatasetiter_next(rdsiter)) {
dns_rdatasetiter_current(rdsiter, &rdataset);
if (rdataset.ttl > maxttl) {
char nbuf[DNS_NAME_FORMATSIZE];
char tbuf[255];
isc_buffer_t b;
isc_region_t r;
dns_name_format(name, nbuf, sizeof(nbuf));
isc_buffer_init(&b, tbuf, sizeof(tbuf) - 1);
CHECK(dns_rdatatype_totext(rdataset.type, &b));
isc_buffer_usedregion(&b, &r);
r.base[r.length] = 0;
dns_zone_log(zone, ISC_LOG_ERROR,
"%s/%s TTL %d exceeds "
"maximum TTL %d",
nbuf, tbuf, rdataset.ttl, maxttl);
dns_rdataset_disassociate(&rdataset);
CHECK(ISC_R_RANGE);
}
dns_rdataset_disassociate(&rdataset);
}
if (result == ISC_R_NOMORE)
result = ISC_R_SUCCESS;
CHECK(result);
dns_rdatasetiter_destroy(&rdsiter);
dns_db_detachnode(db, &node);
}
if (result == ISC_R_NOMORE)
result = ISC_R_SUCCESS;
cleanup:
if (node != NULL)
dns_db_detachnode(db, &node);
if (rdsiter != NULL)
dns_rdatasetiter_destroy(&rdsiter);
if (dbiter != NULL)
dns_dbiterator_destroy(&dbiter);
if (version != NULL)
dns_db_closeversion(db, &version, ISC_FALSE);
if (db != NULL)
dns_db_detach(&db);
return (result);
}
isc_result_t
dns_nsec_buildrdata(dns_db_t *db, dns_dbversion_t *version,
dns_dbnode_t *node, dns_name_t *target,
unsigned char *buffer, dns_rdata_t *rdata)
{
isc_result_t result;
dns_rdataset_t rdataset;
isc_region_t r;
unsigned int i;
unsigned char *nsec_bits, *bm;
unsigned int max_type;
dns_rdatasetiter_t *rdsiter;
memset(buffer, 0, DNS_NSEC_BUFFERSIZE);
dns_name_toregion(target, &r);
memcpy(buffer, r.base, r.length);
r.base = buffer;
/*
* Use the end of the space for a raw bitmap leaving enough
* space for the window identifiers and length octets.
*/
bm = r.base + r.length + 512;
nsec_bits = r.base + r.length;
dns_nsec_setbit(bm, dns_rdatatype_rrsig, 1);
dns_nsec_setbit(bm, dns_rdatatype_nsec, 1);
max_type = dns_rdatatype_nsec;
dns_rdataset_init(&rdataset);
rdsiter = NULL;
result = dns_db_allrdatasets(db, node, version, 0, &rdsiter);
if (result != ISC_R_SUCCESS)
return (result);
for (result = dns_rdatasetiter_first(rdsiter);
result == ISC_R_SUCCESS;
result = dns_rdatasetiter_next(rdsiter))
{
dns_rdatasetiter_current(rdsiter, &rdataset);
if (rdataset.type != dns_rdatatype_nsec &&
rdataset.type != dns_rdatatype_nsec3 &&
rdataset.type != dns_rdatatype_rrsig) {
if (rdataset.type > max_type)
max_type = rdataset.type;
dns_nsec_setbit(bm, rdataset.type, 1);
}
dns_rdataset_disassociate(&rdataset);
}
/*
* At zone cuts, deny the existence of glue in the parent zone.
*/
if (dns_nsec_isset(bm, dns_rdatatype_ns) &&
! dns_nsec_isset(bm, dns_rdatatype_soa)) {
for (i = 0; i <= max_type; i++) {
if (dns_nsec_isset(bm, i) &&
! dns_rdatatype_iszonecutauth((dns_rdatatype_t)i))
dns_nsec_setbit(bm, i, 0);
}
}
dns_rdatasetiter_destroy(&rdsiter);
if (result != ISC_R_NOMORE)
return (result);
nsec_bits += dns_nsec_compressbitmap(nsec_bits, bm, max_type);
r.length = nsec_bits - r.base;
INSIST(r.length <= DNS_NSEC_BUFFERSIZE);
dns_rdata_fromregion(rdata,
dns_db_class(db),
dns_rdatatype_nsec,
&r);
return (ISC_R_SUCCESS);
}
