/** match two rr lists */
static int
match_list(ldns_rr_list* q, ldns_rr_list *p)
{
size_t i;
if(ldns_rr_list_rr_count(q) != ldns_rr_list_rr_count(p)) {
verbose(3, "rrlistcount different %d %d",
(int)ldns_rr_list_rr_count(q),
(int)ldns_rr_list_rr_count(p));
return 0;
}
for(i=0; i<ldns_rr_list_rr_count(q); i++)
{
if(matches_nolocation) {
if(!ldns_rr_list_contains_rr(p, ldns_rr_list_rr(q, i)))
{
verbose(3, "rr %u not found", (unsigned)i);
return 0;
}
} else {
if(ldns_rr_compare(ldns_rr_list_rr(q, i),
ldns_rr_list_rr(p, i)) != 0) {
verbose(3, "rr %u different", (unsigned)i);
return 0;
}
/* and check the ttl */
if(ldns_rr_ttl(ldns_rr_list_rr(q, i)) !=
ldns_rr_ttl(ldns_rr_list_rr(p, i))) {
verbose(3, "rr %u ttl different", (unsigned)i);
return 0;
}
}
}
return 1;
}
ldns_status
ldns_rr2buffer_wire(ldns_buffer *buffer, const ldns_rr *rr, int section)
{
uint16_t i;
uint16_t rdl_pos = 0;
if (ldns_rr_owner(rr)) {
(void) ldns_dname2buffer_wire(buffer, ldns_rr_owner(rr));
}
if (ldns_buffer_reserve(buffer, 4)) {
(void) ldns_buffer_write_u16(buffer, ldns_rr_get_type(rr));
(void) ldns_buffer_write_u16(buffer, ldns_rr_get_class(rr));
}
if (section != LDNS_SECTION_QUESTION) {
if (ldns_buffer_reserve(buffer, 6)) {
ldns_buffer_write_u32(buffer, ldns_rr_ttl(rr));
/* remember pos for later */
rdl_pos = ldns_buffer_position(buffer);
ldns_buffer_write_u16(buffer, 0);
}
for (i = 0; i < ldns_rr_rd_count(rr); i++) {
(void) ldns_rdf2buffer_wire(buffer, ldns_rr_rdf(rr, i));
}
if (rdl_pos != 0) {
ldns_buffer_write_u16_at(buffer, rdl_pos,
ldns_buffer_position(buffer)
- rdl_pos - 2);
}
}
return ldns_buffer_status(buffer);
}
/** match two rr lists */
static int
match_list(ldns_rr_list* q, ldns_rr_list *p, bool mttl)
{
size_t i;
if(ldns_rr_list_rr_count(q) != ldns_rr_list_rr_count(p))
return 0;
for(i=0; i<ldns_rr_list_rr_count(q); i++)
{
if(ldns_rr_compare(ldns_rr_list_rr(q, i),
ldns_rr_list_rr(p, i)) != 0) {
verbose(3, "rr %d different", (int)i);
return 0;
}
if(mttl && ldns_rr_ttl(ldns_rr_list_rr(q, i)) !=
ldns_rr_ttl(ldns_rr_list_rr(p, i))) {
verbose(3, "rr %d ttl different", (int)i);
return 0;
}
}
return 1;
}
/**
* Add RR to query.
*
*/
int
query_add_rr(query_type* q, ldns_rr* rr)
{
size_t i = 0;
size_t tc_mark = 0;
size_t rdlength_pos = 0;
uint16_t rdlength = 0;
ods_log_assert(q);
ods_log_assert(q->buffer);
ods_log_assert(rr);
/* set truncation mark, in case rr does not fit */
tc_mark = buffer_position(q->buffer);
/* owner type class ttl */
if (!buffer_available(q->buffer, ldns_rdf_size(ldns_rr_owner(rr)))) {
goto query_add_rr_tc;
}
buffer_write_rdf(q->buffer, ldns_rr_owner(rr));
if (!buffer_available(q->buffer, sizeof(uint16_t) + sizeof(uint16_t) +
sizeof(uint32_t) + sizeof(rdlength))) {
goto query_add_rr_tc;
}
buffer_write_u16(q->buffer, (uint16_t) ldns_rr_get_type(rr));
buffer_write_u16(q->buffer, (uint16_t) ldns_rr_get_class(rr));
buffer_write_u32(q->buffer, (uint32_t) ldns_rr_ttl(rr));
/* skip rdlength */
rdlength_pos = buffer_position(q->buffer);
buffer_skip(q->buffer, sizeof(rdlength));
/* write rdata */
for (i=0; i < ldns_rr_rd_count(rr); i++) {
if (!buffer_available(q->buffer, ldns_rdf_size(ldns_rr_rdf(rr, i)))) {
goto query_add_rr_tc;
}
buffer_write_rdf(q->buffer, ldns_rr_rdf(rr, i));
}
if (!query_overflow(q)) {
/* write rdlength */
rdlength = buffer_position(q->buffer) - rdlength_pos - sizeof(rdlength);
buffer_write_u16_at(q->buffer, rdlength_pos, rdlength);
/* position updated by buffer_write() */
return 1;
}
query_add_rr_tc:
buffer_set_position(q->buffer, tc_mark);
ods_log_assert(!query_overflow(q));
return 0;
}
ldns_rr *
ldns_create_empty_rrsig(ldns_rr_list *rrset,
ldns_key *current_key)
{
uint32_t orig_ttl;
time_t now;
ldns_rr *current_sig;
uint8_t label_count;
label_count = ldns_dname_label_count(ldns_rr_owner(ldns_rr_list_rr(rrset,
0)));
current_sig = ldns_rr_new_frm_type(LDNS_RR_TYPE_RRSIG);
/* set the type on the new signature */
orig_ttl = ldns_rr_ttl(ldns_rr_list_rr(rrset, 0));
ldns_rr_set_ttl(current_sig, orig_ttl);
ldns_rr_set_owner(current_sig,
ldns_rdf_clone(
ldns_rr_owner(
ldns_rr_list_rr(rrset,
0))));
/* fill in what we know of the signature */
/* set the orig_ttl */
(void)ldns_rr_rrsig_set_origttl(
current_sig,
ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32,
orig_ttl));
/* the signers name */
(void)ldns_rr_rrsig_set_signame(
current_sig,
ldns_rdf_clone(ldns_key_pubkey_owner(current_key)));
/* label count - get it from the first rr in the rr_list */
(void)ldns_rr_rrsig_set_labels(
current_sig,
ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8,
label_count));
/* inception, expiration */
now = time(NULL);
if (ldns_key_inception(current_key) != 0) {
(void)ldns_rr_rrsig_set_inception(
current_sig,
ldns_native2rdf_int32(
LDNS_RDF_TYPE_TIME,
ldns_key_inception(current_key)));
} else {
(void)ldns_rr_rrsig_set_inception(
current_sig,
ldns_native2rdf_int32(LDNS_RDF_TYPE_TIME, now));
}
if (ldns_key_expiration(current_key) != 0) {
(void)ldns_rr_rrsig_set_expiration(
current_sig,
ldns_native2rdf_int32(
LDNS_RDF_TYPE_TIME,
ldns_key_expiration(current_key)));
} else {
(void)ldns_rr_rrsig_set_expiration(
current_sig,
ldns_native2rdf_int32(
LDNS_RDF_TYPE_TIME,
now + LDNS_DEFAULT_EXP_TIME));
}
(void)ldns_rr_rrsig_set_keytag(
current_sig,
ldns_native2rdf_int16(LDNS_RDF_TYPE_INT16,
ldns_key_keytag(current_key)));
(void)ldns_rr_rrsig_set_algorithm(
current_sig,
ldns_native2rdf_int8(
LDNS_RDF_TYPE_ALG,
ldns_key_algorithm(current_key)));
(void)ldns_rr_rrsig_set_typecovered(
current_sig,
ldns_native2rdf_int16(
LDNS_RDF_TYPE_TYPE,
ldns_rr_get_type(ldns_rr_list_rr(rrset,
0))));
return current_sig;
}
ldns_status
ldns_rr2buffer_wire_canonical(ldns_buffer *buffer,
const ldns_rr *rr,
int section)
{
uint16_t i;
uint16_t rdl_pos = 0;
bool pre_rfc3597 = false;
switch (ldns_rr_get_type(rr)) {
case LDNS_RR_TYPE_NS:
case LDNS_RR_TYPE_MD:
case LDNS_RR_TYPE_MF:
case LDNS_RR_TYPE_CNAME:
case LDNS_RR_TYPE_SOA:
case LDNS_RR_TYPE_MB:
case LDNS_RR_TYPE_MG:
case LDNS_RR_TYPE_MR:
case LDNS_RR_TYPE_PTR:
case LDNS_RR_TYPE_HINFO:
case LDNS_RR_TYPE_MINFO:
case LDNS_RR_TYPE_MX:
case LDNS_RR_TYPE_RP:
case LDNS_RR_TYPE_AFSDB:
case LDNS_RR_TYPE_RT:
case LDNS_RR_TYPE_SIG:
case LDNS_RR_TYPE_PX:
case LDNS_RR_TYPE_NXT:
case LDNS_RR_TYPE_NAPTR:
case LDNS_RR_TYPE_KX:
case LDNS_RR_TYPE_SRV:
case LDNS_RR_TYPE_DNAME:
case LDNS_RR_TYPE_A6:
pre_rfc3597 = true;
break;
default:
break;
}
if (ldns_rr_owner(rr)) {
(void) ldns_rdf2buffer_wire_canonical(buffer, ldns_rr_owner(rr));
}
if (ldns_buffer_reserve(buffer, 4)) {
(void) ldns_buffer_write_u16(buffer, ldns_rr_get_type(rr));
(void) ldns_buffer_write_u16(buffer, ldns_rr_get_class(rr));
}
if (section != LDNS_SECTION_QUESTION) {
if (ldns_buffer_reserve(buffer, 6)) {
ldns_buffer_write_u32(buffer, ldns_rr_ttl(rr));
/* remember pos for later */
rdl_pos = ldns_buffer_position(buffer);
ldns_buffer_write_u16(buffer, 0);
}
for (i = 0; i < ldns_rr_rd_count(rr); i++) {
if (pre_rfc3597) {
(void) ldns_rdf2buffer_wire_canonical(buffer,
ldns_rr_rdf(rr, i));
} else {
(void) ldns_rdf2buffer_wire(buffer, ldns_rr_rdf(rr, i));
}
}
if (rdl_pos != 0) {
ldns_buffer_write_u16_at(buffer, rdl_pos,
ldns_buffer_position(buffer)
- rdl_pos - 2);
}
}
return ldns_buffer_status(buffer);
}
ldns_status
ldns_zone_new_frm_fp_l(ldns_zone **z, FILE *fp, ldns_rdf *origin, uint32_t ttl, ldns_rr_class c,
int *line_nr)
{
ldns_zone *newzone;
ldns_rr *rr;
uint32_t my_ttl = ttl;
ldns_rr_class my_class = c;
ldns_rr *last_rr = NULL;
ldns_rdf *my_origin;
ldns_rdf *my_prev;
bool soa_seen = false; /* 2 soa are an error */
ldns_status s;
newzone = ldns_zone_new();
my_origin = origin;
my_ttl = ttl;
my_class = c;
if (origin) {
my_origin = ldns_rdf_clone(origin);
/* also set the prev */
my_prev = ldns_rdf_clone(origin);
} else {
my_origin = NULL;
my_prev = NULL;
}
while(!feof(fp)) {
s = ldns_rr_new_frm_fp_l(&rr, fp, &my_ttl, &my_origin, &my_prev, line_nr);
switch (s) {
case LDNS_STATUS_OK:
if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_SOA) {
if (soa_seen) {
/* second SOA
* just skip, maybe we want to say
* something??? */
ldns_rr_free(rr);
continue;
}
soa_seen = true;
ldns_zone_set_soa(newzone, rr);
/* set origin to soa if not specified */
if (!my_origin) {
my_origin = ldns_rdf_clone(ldns_rr_owner(rr));
}
continue;
}
/* a normal RR - as sofar the DNS is normal */
last_rr = rr;
if (!ldns_zone_push_rr(newzone, rr)) {
if (my_origin) {
ldns_rdf_deep_free(my_origin);
}
ldns_zone_free(newzone);
return LDNS_STATUS_MEM_ERR;
}
/*my_origin = ldns_rr_owner(rr);*/
my_ttl = ldns_rr_ttl(rr);
my_class = ldns_rr_get_class(rr);
case LDNS_STATUS_SYNTAX_EMPTY:
/* empty line was seen */
case LDNS_STATUS_SYNTAX_TTL:
/* the function set the ttl */
break;
case LDNS_STATUS_SYNTAX_ORIGIN:
/* the function set the origin */
break;
default:
ldns_zone_free(newzone);
return s;
}
}
if (my_origin) {
ldns_rdf_deep_free(my_origin);
}
if (my_prev) {
ldns_rdf_deep_free(my_prev);
}
if (z) {
*z = newzone;
}
return LDNS_STATUS_OK;
}
/**
* Process RR.
*
*/
static ods_status
adapi_process_rr(zone_type* zone, ldns_rr* rr, int add, int backup)
{
ods_status status = ODS_STATUS_OK;
uint32_t tmp = 0;
ods_log_assert(rr);
ods_log_assert(zone);
ods_log_assert(zone->name);
ods_log_assert(zone->db);
ods_log_assert(zone->signconf);
/* We only support IN class */
if (ldns_rr_get_class(rr) != LDNS_RR_CLASS_IN) {
ods_log_warning("[%s] only class in is supported, changing class "
"to in", adapi_str);
ldns_rr_set_class(rr, LDNS_RR_CLASS_IN);
}
/* RR processing */
if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_SOA) {
if (ldns_dname_compare(ldns_rr_owner(rr), zone->apex)) {
ods_log_error("[%s] unable to %s rr to zone: soa record has "
"invalid owner name", adapi_str, add?"add":"delete");
return ODS_STATUS_ERR;
}
status = adapi_process_soa(zone, rr, add, backup);
if (status != ODS_STATUS_OK) {
ods_log_error("[%s] unable to %s rr: failed to process soa "
"record", adapi_str, add?"add":"delete");
return status;
}
} else {
if (ldns_dname_compare(ldns_rr_owner(rr), zone->apex) &&
!ldns_dname_is_subdomain(ldns_rr_owner(rr), zone->apex)) {
ods_log_warning("[%s] zone %s contains out-of-zone data, "
"skipping", adapi_str, zone->name);
return ODS_STATUS_UNCHANGED;
} else if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_DNSKEY) {
adapi_process_dnskey(zone, rr);
} else if (util_is_dnssec_rr(rr) && !backup) {
ods_log_warning("[%s] zone %s contains dnssec data (type=%u), "
"skipping", adapi_str, zone->name,
(unsigned) ldns_rr_get_type(rr));
return ODS_STATUS_UNCHANGED;
} else if (zone->signconf->max_zone_ttl) {
/* Convert MaxZoneTTL */
tmp = (uint32_t) duration2time(zone->signconf->max_zone_ttl);
}
}
/* //MaxZoneTTL. Only set for RRtype != SOA && RRtype != DNSKEY */
if (tmp && tmp < ldns_rr_ttl(rr)) {
char* str = ldns_rdf2str(ldns_rr_owner(rr));
if (str) {
size_t i = 0;
str[(strlen(str))-1] = '\0';
/* replace tabs with white space */
for (i=0; i < strlen(str); i++) {
if (str[i] == '\t') {
str[i] = ' ';
}
}
ods_log_debug("[%s] capping ttl %u to MaxZoneTTL %u for rrset "
"<%s,%s>", adapi_str, ldns_rr_ttl(rr), tmp, str,
rrset_type2str(ldns_rr_get_type(rr)));
}
ldns_rr_set_ttl(rr, tmp);
}
/* TODO: DNAME and CNAME checks */
/* TODO: NS and DS checks */
if (add) {
return zone_add_rr(zone, rr, 1);
} else {
return zone_del_rr(zone, rr, 1);
}
/* not reached */
return ODS_STATUS_ERR;
}
/** load an RR into rrset */
static int
load_rr(SSL* ssl, ldns_buffer* buf, struct regional* region,
struct ub_packed_rrset_key* rk, struct packed_rrset_data* d,
unsigned int i, int is_rrsig, int* go_on, uint32_t now)
{
ldns_rr* rr;
ldns_status status;
/* read the line */
if(!ssl_read_buf(ssl, buf))
return 0;
if(strncmp((char*)ldns_buffer_begin(buf), "BADRR\n", 6) == 0) {
*go_on = 0;
return 1;
}
status = ldns_rr_new_frm_str(&rr, (char*)ldns_buffer_begin(buf),
LDNS_DEFAULT_TTL, NULL, NULL);
if(status != LDNS_STATUS_OK) {
log_warn("error cannot parse rr: %s: %s",
ldns_get_errorstr_by_id(status),
(char*)ldns_buffer_begin(buf));
return 0;
}
if(is_rrsig && ldns_rr_get_type(rr) != LDNS_RR_TYPE_RRSIG) {
log_warn("error expected rrsig but got %s",
(char*)ldns_buffer_begin(buf));
return 0;
}
/* convert ldns rr into packed_rr */
d->rr_ttl[i] = ldns_rr_ttl(rr) + now;
ldns_buffer_clear(buf);
ldns_buffer_skip(buf, 2);
status = ldns_rr_rdata2buffer_wire(buf, rr);
if(status != LDNS_STATUS_OK) {
log_warn("error cannot rr2wire: %s",
ldns_get_errorstr_by_id(status));
ldns_rr_free(rr);
return 0;
}
ldns_buffer_flip(buf);
ldns_buffer_write_u16_at(buf, 0, ldns_buffer_limit(buf) - 2);
d->rr_len[i] = ldns_buffer_limit(buf);
d->rr_data[i] = (uint8_t*)regional_alloc_init(region,
ldns_buffer_begin(buf), ldns_buffer_limit(buf));
if(!d->rr_data[i]) {
ldns_rr_free(rr);
log_warn("error out of memory");
return 0;
}
/* if first entry, fill the key structure */
if(i==0) {
rk->rk.type = htons(ldns_rr_get_type(rr));
rk->rk.rrset_class = htons(ldns_rr_get_class(rr));
ldns_buffer_clear(buf);
status = ldns_dname2buffer_wire(buf, ldns_rr_owner(rr));
if(status != LDNS_STATUS_OK) {
log_warn("error cannot dname2buffer: %s",
ldns_get_errorstr_by_id(status));
ldns_rr_free(rr);
return 0;
}
ldns_buffer_flip(buf);
rk->rk.dname_len = ldns_buffer_limit(buf);
rk->rk.dname = regional_alloc_init(region,
ldns_buffer_begin(buf), ldns_buffer_limit(buf));
if(!rk->rk.dname) {
log_warn("error out of memory");
ldns_rr_free(rr);
return 0;
}
}
ldns_rr_free(rr);
return 1;
}
/**
* use this function to sign with a public/private key alg
* return the created signatures
*/
ldns_rr_list *
ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys)
{
ldns_rr_list *signatures;
ldns_rr_list *rrset_clone;
ldns_rr *current_sig;
ldns_rdf *b64rdf;
ldns_key *current_key;
size_t key_count;
uint16_t i;
ldns_buffer *sign_buf;
ldns_rdf *new_owner;
if (!rrset || ldns_rr_list_rr_count(rrset) < 1 || !keys) {
return NULL;
}
new_owner = NULL;
signatures = ldns_rr_list_new();
/* prepare a signature and add all the know data
* prepare the rrset. Sign this together. */
rrset_clone = ldns_rr_list_clone(rrset);
if (!rrset_clone) {
return NULL;
}
/* make it canonical */
for(i = 0; i < ldns_rr_list_rr_count(rrset_clone); i++) {
ldns_rr_set_ttl(ldns_rr_list_rr(rrset_clone, i),
ldns_rr_ttl(ldns_rr_list_rr(rrset, 0)));
ldns_rr2canonical(ldns_rr_list_rr(rrset_clone, i));
}
/* sort */
ldns_rr_list_sort(rrset_clone);
for (key_count = 0;
key_count < ldns_key_list_key_count(keys);
key_count++) {
if (!ldns_key_use(ldns_key_list_key(keys, key_count))) {
continue;
}
sign_buf = ldns_buffer_new(LDNS_MAX_PACKETLEN);
if (!sign_buf) {
ldns_rr_list_free(rrset_clone);
ldns_rr_list_free(signatures);
ldns_rdf_free(new_owner);
return NULL;
}
b64rdf = NULL;
current_key = ldns_key_list_key(keys, key_count);
/* sign all RRs with keys that have ZSKbit, !SEPbit.
sign DNSKEY RRs with keys that have ZSKbit&SEPbit */
if (ldns_key_flags(current_key) & LDNS_KEY_ZONE_KEY) {
current_sig = ldns_create_empty_rrsig(rrset_clone,
current_key);
/* right now, we have: a key, a semi-sig and an rrset. For
* which we can create the sig and base64 encode that and
* add that to the signature */
if (ldns_rrsig2buffer_wire(sign_buf, current_sig)
!= LDNS_STATUS_OK) {
ldns_buffer_free(sign_buf);
/* ERROR */
ldns_rr_list_deep_free(rrset_clone);
ldns_rr_free(current_sig);
ldns_rr_list_deep_free(signatures);
return NULL;
}
/* add the rrset in sign_buf */
if (ldns_rr_list2buffer_wire(sign_buf, rrset_clone)
!= LDNS_STATUS_OK) {
ldns_buffer_free(sign_buf);
ldns_rr_list_deep_free(rrset_clone);
ldns_rr_free(current_sig);
ldns_rr_list_deep_free(signatures);
return NULL;
}
b64rdf = ldns_sign_public_buffer(sign_buf, current_key);
if (!b64rdf) {
/* signing went wrong */
ldns_rr_list_deep_free(rrset_clone);
ldns_rr_free(current_sig);
ldns_rr_list_deep_free(signatures);
return NULL;
}
ldns_rr_rrsig_set_sig(current_sig, b64rdf);
/* push the signature to the signatures list */
ldns_rr_list_push_rr(signatures, current_sig);
}
ldns_buffer_free(sign_buf); /* restart for the next key */
}
ldns_rr_list_deep_free(rrset_clone);
return signatures;
}
int
getrrsetbyname(const char *hostname, unsigned int rdclass,
unsigned int rdtype, unsigned int flags,
struct rrsetinfo **res)
{
int result;
unsigned int i, j, index_ans, index_sig;
struct rrsetinfo *rrset = NULL;
struct rdatainfo *rdata;
size_t len;
ldns_resolver *ldns_res;
ldns_rdf *domain = NULL;
ldns_pkt *pkt = NULL;
ldns_rr_list *rrsigs = NULL, *rrdata = NULL;
ldns_status err;
ldns_rr *rr;
/* check for invalid class and type */
if (rdclass > 0xffff || rdtype > 0xffff) {
result = ERRSET_INVAL;
goto fail;
}
/* don't allow queries of class or type ANY */
if (rdclass == 0xff || rdtype == 0xff) {
result = ERRSET_INVAL;
goto fail;
}
/* don't allow flags yet, unimplemented */
if (flags) {
result = ERRSET_INVAL;
goto fail;
}
/* Initialize resolver from resolv.conf */
domain = ldns_dname_new_frm_str(hostname);
if ((err = ldns_resolver_new_frm_file(&ldns_res, NULL)) != \
LDNS_STATUS_OK) {
result = ERRSET_FAIL;
goto fail;
}
#ifdef LDNS_DEBUG
ldns_resolver_set_debug(ldns_res, true);
#endif /* LDNS_DEBUG */
ldns_resolver_set_dnssec(ldns_res, true); /* Use DNSSEC */
/* make query */
pkt = ldns_resolver_query(ldns_res, domain, rdtype, rdclass, LDNS_RD);
/*** TODO: finer errcodes -- see original **/
if (!pkt || ldns_pkt_ancount(pkt) < 1) {
result = ERRSET_FAIL;
goto fail;
}
/* initialize rrset */
rrset = calloc(1, sizeof(struct rrsetinfo));
if (rrset == NULL) {
result = ERRSET_NOMEMORY;
goto fail;
}
rrdata = ldns_pkt_rr_list_by_type(pkt, rdtype, LDNS_SECTION_ANSWER);
rrset->rri_nrdatas = ldns_rr_list_rr_count(rrdata);
if (!rrset->rri_nrdatas) {
result = ERRSET_NODATA;
goto fail;
}
/* copy name from answer section */
len = ldns_rdf_size(ldns_rr_owner(ldns_rr_list_rr(rrdata, 0)));
if ((rrset->rri_name = malloc(len)) == NULL) {
result = ERRSET_NOMEMORY;
goto fail;
}
memcpy(rrset->rri_name,
ldns_rdf_data(ldns_rr_owner(ldns_rr_list_rr(rrdata, 0))), len);
rrset->rri_rdclass = ldns_rr_get_class(ldns_rr_list_rr(rrdata, 0));
rrset->rri_rdtype = ldns_rr_get_type(ldns_rr_list_rr(rrdata, 0));
rrset->rri_ttl = ldns_rr_ttl(ldns_rr_list_rr(rrdata, 0));
debug2("ldns: got %u answers from DNS", rrset->rri_nrdatas);
/* Check for authenticated data */
if (ldns_pkt_ad(pkt)) {
rrset->rri_flags |= RRSET_VALIDATED;
} else { /* AD is not set, try autonomous validation */
ldns_rr_list * trusted_keys = ldns_rr_list_new();
debug2("ldns: trying to validate RRset");
/* Get eventual sigs */
rrsigs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_RRSIG,
LDNS_SECTION_ANSWER);
rrset->rri_nsigs = ldns_rr_list_rr_count(rrsigs);
debug2("ldns: got %u signature(s) (RRTYPE %u) from DNS",
rrset->rri_nsigs, LDNS_RR_TYPE_RRSIG);
if ((err = ldns_verify_trusted(ldns_res, rrdata, rrsigs,
trusted_keys)) == LDNS_STATUS_OK) {
rrset->rri_flags |= RRSET_VALIDATED;
debug2("ldns: RRset is signed with a valid key");
} else {
debug2("ldns: RRset validation failed: %s",
ldns_get_errorstr_by_id(err));
}
ldns_rr_list_deep_free(trusted_keys);
}
/* allocate memory for answers */
rrset->rri_rdatas = calloc(rrset->rri_nrdatas,
sizeof(struct rdatainfo));
if (rrset->rri_rdatas == NULL) {
result = ERRSET_NOMEMORY;
goto fail;
}
/* allocate memory for signatures */
if (rrset->rri_nsigs > 0) {
rrset->rri_sigs = calloc(rrset->rri_nsigs,
sizeof(struct rdatainfo));
if (rrset->rri_sigs == NULL) {
result = ERRSET_NOMEMORY;
goto fail;
}
}
/* copy answers & signatures */
for (i=0, index_ans=0, index_sig=0; i< pkt->_header->_ancount; i++) {
rdata = NULL;
rr = ldns_rr_list_rr(ldns_pkt_answer(pkt), i);
if (ldns_rr_get_class(rr) == rrset->rri_rdclass &&
ldns_rr_get_type(rr) == rrset->rri_rdtype) {
rdata = &rrset->rri_rdatas[index_ans++];
}
if (rr->_rr_class == rrset->rri_rdclass &&
rr->_rr_type == LDNS_RR_TYPE_RRSIG &&
rrset->rri_sigs) {
rdata = &rrset->rri_sigs[index_sig++];
}
if (rdata) {
size_t rdata_offset = 0;
rdata->rdi_length = 0;
for (j=0; j< rr->_rd_count; j++) {
rdata->rdi_length +=
ldns_rdf_size(ldns_rr_rdf(rr, j));
}
rdata->rdi_data = malloc(rdata->rdi_length);
if (rdata->rdi_data == NULL) {
result = ERRSET_NOMEMORY;
goto fail;
}
/* Re-create the raw DNS RDATA */
for (j=0; j< rr->_rd_count; j++) {
len = ldns_rdf_size(ldns_rr_rdf(rr, j));
memcpy(rdata->rdi_data + rdata_offset,
ldns_rdf_data(ldns_rr_rdf(rr, j)), len);
rdata_offset += len;
}
}
}
*res = rrset;
result = ERRSET_SUCCESS;
fail:
/* freerrset(rrset); */
ldns_rdf_deep_free(domain);
ldns_pkt_free(pkt);
ldns_rr_list_deep_free(rrsigs);
ldns_rr_list_deep_free(rrdata);
ldns_resolver_deep_free(ldns_res);
return result;
}
/**
* Add RR.
*
*/
ods_status
zone_add_rr(zone_type* zone, ldns_rr* rr, int do_stats)
{
domain_type* domain = NULL;
rrset_type* rrset = NULL;
rr_type* record = NULL;
ods_status status = ODS_STATUS_OK;
ods_log_assert(rr);
ods_log_assert(zone);
ods_log_assert(zone->name);
ods_log_assert(zone->db);
ods_log_assert(zone->signconf);
/* If we already have this RR, return ODS_STATUS_UNCHANGED */
domain = namedb_lookup_domain(zone->db, ldns_rr_owner(rr));
if (!domain) {
domain = namedb_add_domain(zone->db, ldns_rr_owner(rr));
if (!domain) {
ods_log_error("[%s] unable to add RR to zone %s: "
"failed to add domain", zone_str, zone->name);
return ODS_STATUS_ERR;
}
if (ldns_dname_compare(domain->dname, zone->apex) == 0) {
domain->is_apex = 1;
} else {
status = namedb_domain_entize(zone->db, domain, zone->apex);
if (status != ODS_STATUS_OK) {
ods_log_error("[%s] unable to add RR to zone %s: "
"failed to entize domain", zone_str, zone->name);
return ODS_STATUS_ERR;
}
}
}
rrset = domain_lookup_rrset(domain, ldns_rr_get_type(rr));
if (!rrset) {
rrset = rrset_create(domain->zone, ldns_rr_get_type(rr));
if (!rrset) {
ods_log_error("[%s] unable to add RR to zone %s: "
"failed to add RRset", zone_str, zone->name);
return ODS_STATUS_ERR;
}
domain_add_rrset(domain, rrset);
}
record = rrset_lookup_rr(rrset, rr);
if (record) {
record->is_added = 1; /* already exists, just mark added */
record->is_removed = 0; /* unset is_removed */
if (ldns_rr_ttl(rr) != ldns_rr_ttl(record->rr)) {
ldns_rr_set_ttl(record->rr, ldns_rr_ttl(rr));
rrset->needs_signing = 1;
}
return ODS_STATUS_UNCHANGED;
} else {
record = rrset_add_rr(rrset, rr);
ods_log_assert(record);
ods_log_assert(record->rr);
ods_log_assert(record->is_added);
}
/* update stats */
if (do_stats && zone->stats) {
zone->stats->sort_count += 1;
}
return ODS_STATUS_OK;
}
static CborError cbor_ldns_rr_list(CborEncoder *encoder, ldns_rr_list *list, size_t count, int *should_flush) {
CborError cbor_err = CborNoError;
size_t n;
ldns_buffer *dname;
char *dname_str;
if (!encoder) {
return CborErrorInternalError;
}
if (!list) {
return CborErrorInternalError;
}
if (!count) {
return CborErrorInternalError;
}
if (!should_flush) {
return CborErrorInternalError;
}
for (n = 0; cbor_err == CborNoError && n < count; n++) {
CborEncoder cbor_rr;
uint8_t *rdata_bytes;
ldns_buffer *rdata;
ldns_rr *rr = ldns_rr_list_rr(list, n);
size_t rd_count;
if (!rr) {
return CborErrorInternalError;
}
rd_count = ldns_rr_rd_count(rr);
if (!(dname = ldns_buffer_new(512))) {
return CborErrorOutOfMemory;
}
if (ldns_rdf2buffer_str_dname(dname, ldns_rr_owner(rr)) != LDNS_STATUS_OK) {
ldns_buffer_free(dname);
return CborErrorInternalError;
}
ldns_buffer_write_u8(dname, 0);
if (!(dname_str = ldns_buffer_export(dname))) {
ldns_buffer_free(dname);
return CborErrorOutOfMemory;
}
if (cbor_err == CborNoError) cbor_err = append_cbor_map(encoder, &cbor_rr, CborIndefiniteLength, should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor_rr, "NAME", should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor_rr, dname_str, should_flush);
free(dname_str);
ldns_buffer_free(dname);
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor_rr, "CLASS", should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_uint(&cbor_rr, ldns_rr_get_class(rr), should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor_rr, "TYPE", should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_uint(&cbor_rr, ldns_rr_get_type(rr), should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor_rr, "TTL", should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_uint(&cbor_rr, ldns_rr_ttl(rr), should_flush);
if (rd_count == 1) {
if (!(rdata = ldns_buffer_new(64*1024))) {
return CborErrorOutOfMemory;
}
if (ldns_rdf2buffer_wire(rdata, ldns_rr_rdf(rr, 0)) != LDNS_STATUS_OK) {
ldns_buffer_free(rdata);
return CborErrorInternalError;
}
if (!(rdata_bytes = ldns_buffer_export(rdata))) {
ldns_buffer_free(rdata);
return CborErrorOutOfMemory;
}
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor_rr, "RDLENGTH", should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_uint(&cbor_rr, ldns_buffer_position(rdata), should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor_rr, "RDATA", should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_bytes(&cbor_rr, rdata_bytes, ldns_buffer_position(rdata), should_flush);
free(rdata_bytes);
ldns_buffer_free(rdata);
}
else if (rd_count > 1) {
size_t n2;
CborEncoder rr_set;
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&cbor_rr, "rrSet", should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_array(&cbor_rr, &rr_set, CborIndefiniteLength, should_flush);
for (n2 = 0; n2 < rd_count; n2++) {
if (!(rdata = ldns_buffer_new(64*1024))) {
return CborErrorOutOfMemory;
}
if (ldns_rdf2buffer_wire(rdata, ldns_rr_rdf(rr, n2)) != LDNS_STATUS_OK) {
ldns_buffer_free(rdata);
return CborErrorInternalError;
}
if (!(rdata_bytes = ldns_buffer_export(rdata))) {
ldns_buffer_free(rdata);
return CborErrorOutOfMemory;
}
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&rr_set, "RDLENGTH", should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_uint(&rr_set, ldns_buffer_position(rdata), should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_text_stringz(&rr_set, "RDATA", should_flush);
if (cbor_err == CborNoError) cbor_err = append_cbor_bytes(&rr_set, rdata_bytes, ldns_buffer_position(rdata), should_flush);
free(rdata_bytes);
ldns_buffer_free(rdata);
}
if (cbor_err == CborNoError) cbor_err = close_cbor_container(&cbor_rr, &rr_set, should_flush);
}
if (cbor_err == CborNoError) cbor_err = close_cbor_container(encoder, &cbor_rr, should_flush);
}
return cbor_err;
}
