void
ldns_dnssec_zone_print_fmt(FILE *out, const ldns_output_format *fmt,
ldns_dnssec_zone *zone)
{
if (zone) {
if (zone->soa) {
if ((fmt->flags & LDNS_COMMENT_LAYOUT)) {
fprintf(out, ";; Zone: ");
ldns_rdf_print(out, ldns_dnssec_name_name(
zone->soa));
fprintf(out, "\n;\n");
}
ldns_dnssec_rrsets_print_fmt(out, fmt,
ldns_dnssec_name_find_rrset(
zone->soa,
LDNS_RR_TYPE_SOA),
false);
if ((fmt->flags & LDNS_COMMENT_LAYOUT))
fprintf(out, ";\n");
}
if (zone->names) {
ldns_dnssec_zone_names_print_fmt(out, fmt,
zone->names, false);
}
}
}
int
ldns_dnssec_name_cmp(const void *a, const void *b)
{
ldns_dnssec_name *na = (ldns_dnssec_name *) a;
ldns_dnssec_name *nb = (ldns_dnssec_name *) b;
if (na && nb) {
return ldns_dname_compare(ldns_dnssec_name_name(na),
ldns_dnssec_name_name(nb));
} else if (na) {
return 1;
} else if (nb) {
return -1;
} else {
return 0;
}
}
ldns_status
ldns_dnssec_name_add_rr(ldns_dnssec_name *name,
ldns_rr *rr)
{
ldns_status result = LDNS_STATUS_OK;
ldns_rdf *name_name;
bool hashed_name = false;
ldns_rr_type rr_type;
ldns_rr_type typecovered = 0;
/* special handling for NSEC3 and NSECX covering RRSIGS */
if (!name || !rr) {
return LDNS_STATUS_ERR;
}
rr_type = ldns_rr_get_type(rr);
if (rr_type == LDNS_RR_TYPE_RRSIG) {
typecovered = ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(rr));
}
#ifdef HAVE_SSL
if (rr_type == LDNS_RR_TYPE_NSEC3 ||
typecovered == LDNS_RR_TYPE_NSEC3) {
name_name = ldns_nsec3_hash_name_frm_nsec3(rr,
ldns_dnssec_name_name(name));
hashed_name = true;
} else {
name_name = ldns_dnssec_name_name(name);
}
#else
name_name = ldns_dnssec_name_name(name);
#endif /* HAVE_SSL */
if (rr_type == LDNS_RR_TYPE_NSEC ||
rr_type == LDNS_RR_TYPE_NSEC3) {
/* XX check if is already set (and error?) */
name->nsec = rr;
} else if (typecovered == LDNS_RR_TYPE_NSEC ||
typecovered == LDNS_RR_TYPE_NSEC3) {
if (name->nsec_signatures) {
result = ldns_dnssec_rrs_add_rr(name->nsec_signatures, rr);
} else {
name->nsec_signatures = ldns_dnssec_rrs_new();
name->nsec_signatures->rr = rr;
}
} else {
/* it's a 'normal' RR, add it to the right rrset */
if (name->rrsets) {
result = ldns_dnssec_rrsets_add_rr(name->rrsets, rr);
} else {
name->rrsets = ldns_dnssec_rrsets_new();
result = ldns_dnssec_rrsets_add_rr(name->rrsets, rr);
}
}
if (hashed_name) {
ldns_rdf_deep_free(name_name);
}
return result;
}
/**
* Marks the names in the zone that are occluded. Those names will be skipped
* when walking the tree with the ldns_dnssec_name_node_next_nonglue()
* function. But watch out! Names that are partially occluded (like glue with
* the same name as the delegation) will not be marked and should specifically
* be taken into account separately.
*
* When glue_list is given (not NULL), in the process of marking the names, all
* glue resource records will be pushed to that list, even glue at delegation names.
*
* \param[in] zone the zone in which to mark the names
* \param[in] glue_list the list to which to push the glue rrs
* \return LDNS_STATUS_OK on success, an error code otherwise
*/
ldns_status
ldns_dnssec_zone_mark_and_get_glue(ldns_dnssec_zone *zone,
ldns_rr_list *glue_list)
{
ldns_rbnode_t *node;
ldns_dnssec_name *name;
ldns_rdf *owner;
ldns_rdf *cut = NULL; /* keeps track of zone cuts */
/* When the cut is caused by a delegation, below_delegation will be 1.
* When caused by a DNAME, below_delegation will be 0.
*/
int below_delegation = -1; /* init suppresses comiler warning */
ldns_status s;
if (!zone || !zone->names) {
return LDNS_STATUS_NULL;
}
for (node = ldns_rbtree_first(zone->names);
node != LDNS_RBTREE_NULL;
node = ldns_rbtree_next(node)) {
name = (ldns_dnssec_name *) node->data;
owner = ldns_dnssec_name_name(name);
if (cut) {
/* The previous node was a zone cut, or a subdomain
* below a zone cut. Is this node (still) a subdomain
* below the cut? Then the name is occluded. Unless
* the name contains a SOA, after which we are
* authoritative again.
*
* FIXME! If there are labels in between the SOA and
* the cut, going from the authoritative space (below
* the SOA) up into occluded space again, will not be
* detected with the contruct below!
*/
if (ldns_dname_is_subdomain(owner, cut) &&
!ldns_dnssec_rrsets_contains_type(
name->rrsets, LDNS_RR_TYPE_SOA)) {
if (below_delegation && glue_list) {
s = ldns_dnssec_addresses_on_glue_list(
name->rrsets, glue_list);
if (s != LDNS_STATUS_OK) {
return s;
}
}
name->is_glue = true; /* Mark occluded name! */
continue;
} else {
cut = NULL;
}
}
/* The node is not below a zone cut. Is it a zone cut itself?
* Everything below a SOA is authoritative of course; Except
* when the name also contains a DNAME :).
*/
if (ldns_dnssec_rrsets_contains_type(
name->rrsets, LDNS_RR_TYPE_NS)
&& !ldns_dnssec_rrsets_contains_type(
name->rrsets, LDNS_RR_TYPE_SOA)) {
cut = owner;
below_delegation = 1;
if (glue_list) { /* record glue on the zone cut */
s = ldns_dnssec_addresses_on_glue_list(
name->rrsets, glue_list);
if (s != LDNS_STATUS_OK) {
return s;
}
}
} else if (ldns_dnssec_rrsets_contains_type(
name->rrsets, LDNS_RR_TYPE_DNAME)) {
cut = owner;
below_delegation = 0;
}
}
return LDNS_STATUS_OK;
}
