static ya_result config_zone_section_print(config_data *config)
{
zone_set_lock(&config->zones);
if(!treeset_avl_isempty(&config->zones.set))
{
treeset_avl_iterator iter;
treeset_avl_iterator_init(&config->zones.set, &iter);
while(treeset_avl_iterator_hasnext(&iter))
{
treeset_node *zone_node = treeset_avl_iterator_next_node(&iter);
zone_data *zone_desc = (zone_data*)zone_node->data;
print("<zone>\n");
confs_print(zone_tab, zone_desc);
print("</zone>\n");
}
zone_set_unlock(&config->zones);
}
else
{
zone_set_unlock(&config->zones);
print("# no zone\n");
}
return SUCCESS;
}
static void
nsec3_icmtl_destroy_nsec3param(treeset_tree *tree)
{
if(!treeset_avl_isempty(tree))
{
treeset_avl_iterator n3p_avl_iter;
treeset_avl_iterator_init(tree, &n3p_avl_iter);
while(treeset_avl_iterator_hasnext(&n3p_avl_iter))
{
treeset_node *node = treeset_avl_iterator_next_node(&n3p_avl_iter);
zdb_ttlrdata* nsec3param = (zdb_ttlrdata*)node->data;
if(nsec3param != NULL)
{
zdb_ttlrdata_delete(nsec3param);
}
node->key = NULL;
node->data = NULL;
}
treeset_avl_destroy(tree);
}
}
static void
nsec3_icmtl_destroy_nsec3rrsig_del(treeset_tree *tree)
{
if(!treeset_avl_isempty(tree))
{
/* stuff to delete */
treeset_avl_iterator ts_avl_iter;
treeset_avl_iterator_init(tree, &ts_avl_iter);
while(treeset_avl_iterator_hasnext(&ts_avl_iter))
{
treeset_node *node = treeset_avl_iterator_next_node(&ts_avl_iter);
u8 *fqdn = (u8*)node->key;
zdb_ttlrdata *ttlrdata = (zdb_ttlrdata*)node->data;
free(fqdn);
while(ttlrdata != NULL)
{
zdb_ttlrdata *tmp = ttlrdata->next;
if(ttlrdata != NULL)
{
zdb_ttlrdata_delete(ttlrdata);
}
ttlrdata = tmp;
}
}
treeset_avl_destroy(tree);
}
}
static void
nsec3_icmtl_destroy_nsec(treeset_tree *tree)
{
if(!treeset_avl_isempty(tree))
{
treeset_avl_iterator n3p_avl_iter;
treeset_avl_iterator_init(tree, &n3p_avl_iter);
while(treeset_avl_iterator_hasnext(&n3p_avl_iter))
{
treeset_node *node = treeset_avl_iterator_next_node(&n3p_avl_iter);
free(node->key);
node->key = NULL;
node->data = NULL;
}
treeset_avl_destroy(tree);
}
}
void
nsec_icmtl_replay_execute(nsec_icmtl_replay *replay)
{
if(!treeset_avl_isempty(&replay->nsec_del))
{
/* stuff to delete */
treeset_avl_iterator ts_avl_iter;
treeset_avl_iterator_init(&replay->nsec_del, &ts_avl_iter);
while(treeset_avl_iterator_hasnext(&ts_avl_iter))
{
treeset_node *node = treeset_avl_iterator_next_node(&ts_avl_iter);
u8 *fqdn = (u8*)node->key;
log_debug("icmtl replay: NSEC: post/del %{dnsname}", fqdn);
treeset_node *add_node;
if((add_node = treeset_avl_find(&replay->nsec_add, fqdn)) != NULL)
{
/*
* del and add => nothing to do (almost)
*
* NOTE: I have to ensure that the label link is right (if the label has ENTIERLY been destroyed,
* then re-made, this will break)
*/
log_debug("icmtl replay: NSEC: upd %{dnsname}", fqdn);
/*
*
*/
u8* add_key = add_node->key;
treeset_avl_delete(&replay->nsec_add, fqdn);
free(add_key);
}
else
{
log_debug("icmtl replay: NSEC: del %{dnsname}", fqdn);
/*
* The node has to be deleted
*/
dnslabel_vector labels;
s32 labels_top = dnsname_to_dnslabel_vector(fqdn, labels);
zdb_rr_label* label = zdb_rr_label_find_exact(replay->zone->apex, labels, labels_top);
nsec_delete_label_node(replay->zone, label, labels, labels_top);
}
free(fqdn);
}
treeset_avl_destroy(&replay->nsec_del);
}
if(!treeset_avl_isempty(&replay->nsec_add))
{
/* stuff to add */
treeset_avl_iterator ts_avl_iter;
treeset_avl_iterator_init(&replay->nsec_add, &ts_avl_iter);
while(treeset_avl_iterator_hasnext(&ts_avl_iter))
{
treeset_node *node = treeset_avl_iterator_next_node(&ts_avl_iter);
u8 *fqdn = (u8*)node->key;
log_debug("icmtl replay: NSEC: add %{dnsname}", fqdn);
/*
* The node must be added. It should not exist already.
* After all changes (del/upd/add) all the added records should be matched again (check)
*/
dnslabel_vector labels;
s32 labels_top = dnsname_to_dnslabel_vector(fqdn, labels);
zdb_rr_label* label = zdb_rr_label_find_exact(replay->zone->apex, labels, labels_top - replay->zone->origin_vector.size - 1);
nsec_update_label_node(replay->zone, label, labels, labels_top);
free(fqdn);
}
treeset_avl_destroy(&replay->nsec_add);
}
}
static ya_result
config_zone_section_assign(config_data *config)
{
u32 port = 0;
ya_result return_code;
config_zone_section_register(config);
if(FAIL(return_code = parse_u32_check_range(config->server_port, &port, 1, MAX_U16, 10)))
{
osformatln(termerr, "config: zone: wrong dns port set in main '%s': %r", config->server_port, return_code);
return return_code;
}
zone_set_lock(&config->zones);
treeset_avl_iterator iter;
treeset_avl_iterator_init(&config->zones.set, &iter);
while(treeset_avl_iterator_hasnext(&iter))
{
treeset_node *zone_node = treeset_avl_iterator_next_node(&iter);
zone_data *zone = (zone_data *)zone_node->data;
zone_setdefaults(zone);
if(!config_check_bounds_s32(SIGNATURE_VALIDITY_INTERVAL_MIN, SIGNATURE_VALIDITY_INTERVAL_MAX, zone->sig_validity_interval, "sig-validity-interval"))
{
return ERROR;
}
if(!config_check_bounds_s32(SIGNATURE_VALIDITY_REGENERATION_MIN, SIGNATURE_VALIDITY_REGENERATION_MAX, zone->sig_validity_regeneration, "sig-validity-regeneration"))
{
return ERROR;
}
if(!config_check_bounds_s32(SIGNATURE_VALIDITY_JITTER_MIN, SIGNATURE_VALIDITY_JITTER_MAX, zone->sig_validity_jitter, "sig-validity-jitter"))
{
return ERROR;
}
if(!config_check_bounds_s32(NOTIFY_RETRY_COUNT_MIN, NOTIFY_RETRY_COUNT_MAX, zone->notify.retry_count, "notify-retry-count"))
{
return ERROR;
}
if(!config_check_bounds_s32(NOTIFY_RETRY_PERIOD_MIN, NOTIFY_RETRY_PERIOD_MAX, zone->notify.retry_period, "notify-period-count"))
{
return ERROR;
}
if(!config_check_bounds_s32(NOTIFY_RETRY_PERIOD_INCREASE_MIN, NOTIFY_RETRY_PERIOD_INCREASE_MAX, zone->notify.retry_period_increase, "notify-period-increase"))
{
return ERROR;
}
zone->ctrl_flags |= ZONE_CTRL_FLAG_READ_FROM_CONF;
}
zone_set_unlock(&config->zones);
return SUCCESS;
}
ya_result
nsec3_icmtl_replay_execute(nsec3_icmtl_replay *replay)
{
bool nsec3param_added = FALSE;
if(!treeset_avl_isempty(&replay->nsec3param_add))
{
treeset_avl_iterator n3p_avl_iter;
treeset_avl_iterator_init(&replay->nsec3param_add, &n3p_avl_iter);
while(treeset_avl_iterator_hasnext(&n3p_avl_iter))
{
treeset_node *node = treeset_avl_iterator_next_node(&n3p_avl_iter);
zdb_ttlrdata* nsec3param = (zdb_ttlrdata*)node->data;
nsec3_zone* n3 = nsec3_zone_get_from_rdata(replay->zone, nsec3param->rdata_size, nsec3param->rdata_pointer);
if(n3 == NULL)
{
/*
* add the record
*/
zdb_packed_ttlrdata *packed_ttlrdata;
ZDB_RECORD_ZALLOC(packed_ttlrdata, 0, nsec3param->rdata_size ,nsec3param->rdata_pointer);
zdb_record_insert(&replay->zone->apex->resource_record_set, TYPE_NSEC3PARAM, packed_ttlrdata);
nsec3_zone_add_from_rdata(replay->zone, nsec3param->rdata_size, nsec3param->rdata_pointer);
//nsec3_load_chain_init(nsec3param->rdata_pointer, nsec3param->rdata_size);
nsec3param_added = TRUE;
}
zdb_ttlrdata_delete(nsec3param);
node->key = NULL;
node->data = NULL;
}
treeset_avl_destroy(&replay->nsec3param_add);
}
if(!treeset_avl_isempty(&replay->nsec3_del))
{
/* stuff to delete */
treeset_avl_iterator ts_avl_iter;
treeset_avl_iterator_init(&replay->nsec3_del, &ts_avl_iter);
while(treeset_avl_iterator_hasnext(&ts_avl_iter))
{
treeset_node *node = treeset_avl_iterator_next_node(&ts_avl_iter);
u8 *fqdn = (u8*)node->key;
zdb_ttlrdata *ttlrdata = (zdb_ttlrdata*)node->data;
#ifndef NDEBUG
log_debug("journal: NSEC3: post/del %{dnsname}", fqdn);
#endif
treeset_node *add_node;
if((add_node = treeset_avl_find(&replay->nsec3_add, fqdn)) != NULL)
{
/* replace */
#ifndef NDEBUG
log_debug("journal: NSEC3: upd %{dnsname}", fqdn);
rdata_desc type_len_rdata = {TYPE_NSEC3, ttlrdata->rdata_size, ttlrdata->rdata_pointer };
log_debug("journal: NSEC3: - %{typerdatadesc}", &type_len_rdata);
#endif
zdb_ttlrdata *add_ttlrdata = (zdb_ttlrdata *)add_node->data;
#ifndef NDEBUG
rdata_desc add_type_len_rdata = {TYPE_NSEC3, add_ttlrdata->rdata_size, add_ttlrdata->rdata_pointer };
log_debug("journal: NSEC3: + %{typerdatadesc}", &add_type_len_rdata);
#endif
/*
* The node may need an update of the type bitmap
* After all changes (del/upd/add) all the added records should be matched again (check)
*
* nsec3_zone_item_get_by_name();
* nsec3_zone_item_update_bitmap(item, rdata, rdata_len)
*/
nsec3_zone_item *add_item = nsec3_zone_item_find_by_record(replay->zone, fqdn, ttlrdata->rdata_size, ttlrdata->rdata_pointer);
if(add_item != NULL)
{
nsec3_zone_item_update_bitmap(add_item, add_ttlrdata->rdata_pointer, add_ttlrdata->rdata_size);
u8* add_key = add_node->key;
treeset_avl_delete(&replay->nsec3_add, fqdn);
zdb_ttlrdata_delete(add_ttlrdata);
free(add_key);
}
else
{
log_err("journal: NSEC3: %{dnsname} has not been found in the NSEC3 database (del/add)", fqdn);
return ERROR;
}
}
else
{
#ifndef NDEBUG
log_debug("journal: NSEC3: del %{dnsname}", fqdn);
rdata_desc type_len_rdata = {TYPE_NSEC3, ttlrdata->rdata_size, ttlrdata->rdata_pointer };
log_debug("journal: NSEC3: - %{typerdatadesc}", &type_len_rdata);
#endif
/* delete */
nsec3_zone_item *add_item = nsec3_zone_item_find_by_record(replay->zone, fqdn, ttlrdata->rdata_size, ttlrdata->rdata_pointer);
if(add_item != NULL)
{
nsec3_remove_nsec3_by_name(replay->zone, fqdn, ttlrdata->rdata_pointer);
}
else
{
log_err("journal: NSEC3: %{dnsname} has not been found in the NSEC3 database (del)", fqdn);
}
/*
* The node has to be deleted
*/
}
zdb_ttlrdata_delete(ttlrdata);
free(fqdn);
node->key = NULL;
node->data = NULL;
}
treeset_avl_destroy(&replay->nsec3_del);
}
if(!treeset_avl_isempty(&replay->nsec3_add))
{
/* stuff to add */
treeset_avl_iterator ts_avl_iter;
treeset_avl_iterator_init(&replay->nsec3_add, &ts_avl_iter);
while(treeset_avl_iterator_hasnext(&ts_avl_iter))
{
treeset_node *node = treeset_avl_iterator_next_node(&ts_avl_iter);
u8 *fqdn = (u8*)node->key;
#ifndef NDEBUG
log_debug("journal: NSEC3: post/add %{dnsname}", fqdn);
#endif
zdb_ttlrdata *ttlrdata = (zdb_ttlrdata*)node->data;
#ifndef NDEBUG
log_debug("journal: NSEC3: add %{dnsname}", fqdn);
rdata_desc type_len_rdata = {TYPE_NSEC3, ttlrdata->rdata_size, ttlrdata->rdata_pointer };
log_debug("journal: NSEC3: + %{typerdatadesc}", &type_len_rdata);
#endif
/*
* The node must be added. It should not exist already.
* After all changes (del/upd/add) all the added records should be matched again (check)
*/
nsec3_zone_item *add_item = nsec3_zone_item_find_by_record(replay->zone, fqdn, ttlrdata->rdata_size, ttlrdata->rdata_pointer);
if(add_item != NULL)
{
log_err("journal: NSEC3: already exists");
nsec3_zone *n3 = replay->zone->nsec.nsec3;
if(n3 != NULL )
{
zdb_packed_ttlrdata *nsec3;
zdb_packed_ttlrdata *nsec3_rrsig;
u8 owner[256];
nsec3_zone_item_to_zdb_packed_ttlrdata(n3,
add_item,
replay->zone->origin,
owner,
600,
&nsec3,
&nsec3_rrsig);
#ifndef NDEBUG
rdata_desc type_len_rdata = {TYPE_NSEC3, nsec3->rdata_size, nsec3->rdata_start };
log_debug("journal: NSEC3: ? %{typerdatadesc}", &type_len_rdata);
#endif
free(nsec3);
nsec3_remove_nsec3_by_digest(replay->zone, add_item->digest, ttlrdata->rdata_pointer);
}
}
nsec3_add_nsec3_by_name(replay->zone, fqdn, ttlrdata->rdata_pointer, ttlrdata->rdata_size);
zdb_ttlrdata_delete(ttlrdata);
free(fqdn);
node->key = NULL;
node->data = NULL;
}
treeset_avl_destroy(&replay->nsec3_add);
}
if(!treeset_avl_isempty(&replay->nsec3rrsig_del))
{
/* stuff to add */
treeset_avl_iterator ts_avl_iter;
treeset_avl_iterator_init(&replay->nsec3rrsig_del, &ts_avl_iter);
while(treeset_avl_iterator_hasnext(&ts_avl_iter))
{
treeset_node *node = treeset_avl_iterator_next_node(&ts_avl_iter);
u8 *fqdn = (u8*)node->key;
#ifndef NDEBUG
log_debug("journal: NSEC3: post/add %{dnsname}", fqdn);
#endif
zdb_ttlrdata *nsec3_rrsig = (zdb_ttlrdata*)node->data;
#ifndef NDEBUG
log_debug("journal: NSEC3: add %{dnsname}", fqdn);
rdata_desc type_len_rdata = {TYPE_RRSIG, ZDB_RECORD_PTR_RDATASIZE(nsec3_rrsig), ZDB_RECORD_PTR_RDATAPTR(nsec3_rrsig) };
log_debug("journal: NSEC3: + %{typerdatadesc}", &type_len_rdata);
#endif
/*
* The node must be added. It should not exist already.
* After all changes (del/upd/add) all the added records should be matched again (check)
*/
nsec3_zone_item *item = nsec3_zone_item_find_by_name_ext(replay->zone, fqdn, NULL);
if(item != NULL)
{
nsec3_zone_item_rrsig_del(item, nsec3_rrsig);
}
zdb_ttlrdata_delete(nsec3_rrsig);
free(fqdn);
node->key = NULL;
node->data = NULL;
}
treeset_avl_destroy(&replay->nsec3rrsig_del);
}
if(!treeset_avl_isempty(&replay->nsec3rrsig_add))
{
/* stuff to add */
treeset_avl_iterator ts_avl_iter;
treeset_avl_iterator_init(&replay->nsec3rrsig_add, &ts_avl_iter);
while(treeset_avl_iterator_hasnext(&ts_avl_iter))
{
treeset_node *node = treeset_avl_iterator_next_node(&ts_avl_iter);
u8 *fqdn = (u8*)node->key;
#ifndef NDEBUG
log_debug("journal: NSEC3: post/add %{dnsname}", fqdn);
#endif
zdb_packed_ttlrdata *nsec3_rrsig = (zdb_packed_ttlrdata*)node->data;
#ifndef NDEBUG
log_debug("journal: NSEC3: add %{dnsname}", fqdn);
rdata_desc type_len_rdata = {TYPE_RRSIG, ZDB_PACKEDRECORD_PTR_RDATASIZE(nsec3_rrsig), ZDB_PACKEDRECORD_PTR_RDATAPTR(nsec3_rrsig) };
log_debug("journal: NSEC3: + %{typerdatadesc}", &type_len_rdata);
#endif
/*
* The node must be added. It should not exist already.
* After all changes (del/upd/add) all the added records should be matched again (check)
*/
nsec3_zone_item *item = nsec3_zone_item_find_by_name_ext(replay->zone, fqdn, NULL);
if(item != NULL)
{
nsec3_zone_item_rrsig_add(item, nsec3_rrsig);
}
else
{
ZDB_RECORD_ZFREE(nsec3_rrsig);
}
free(fqdn);
node->key = NULL;
node->data = NULL;
}
treeset_avl_destroy(&replay->nsec3rrsig_add);
}
if(!treeset_avl_isempty(&replay->nsec3_labels))
{
/* labels to update */
treeset_avl_iterator ts_avl_iter;
treeset_avl_iterator_init(&replay->nsec3_labels, &ts_avl_iter);
while(treeset_avl_iterator_hasnext(&ts_avl_iter))
{
treeset_node *node = treeset_avl_iterator_next_node(&ts_avl_iter);
u8 *fqdn = (u8*)node->key;
zdb_rr_label *rr_label = (zdb_rr_label*)node->data;
#ifndef NDEBUG
log_debug("journal: NSEC3: lbl %{dnsname} (%{dnslabel})", fqdn, rr_label->name);
#endif
/*
* The fqdn/label should be updated for self & star match.
*/
if(rr_label->nsec.nsec3 == NULL)
{
nsec3_label_link(replay->zone, rr_label, fqdn);
}
free(fqdn);
node->key = NULL;
node->data = NULL;
}
treeset_avl_destroy(&replay->nsec3_labels);
}
/**/
if(nsec3param_added)
{
/*
* ALL the labels of the zone have to be linked again.
*/
zdb_zone_label_iterator label_iterator;
u8 fqdn[MAX_DOMAIN_LENGTH];
zdb_zone_label_iterator_init(replay->zone, &label_iterator);
while(zdb_zone_label_iterator_hasnext(&label_iterator))
{
zdb_zone_label_iterator_nextname(&label_iterator, fqdn);
zdb_rr_label* label = zdb_zone_label_iterator_next(&label_iterator);
nsec3_label_link(replay->zone, label, fqdn);
}
}
if(!treeset_avl_isempty(&replay->nsec3param_del))
{
treeset_avl_iterator n3p_avl_iter;
treeset_avl_iterator_init(&replay->nsec3param_del, &n3p_avl_iter);
while(treeset_avl_iterator_hasnext(&n3p_avl_iter))
{
treeset_node *node = treeset_avl_iterator_next_node(&n3p_avl_iter);
zdb_ttlrdata* nsec3param = (zdb_ttlrdata*)node->data;
nsec3_zone* n3 = nsec3_zone_get_from_rdata(replay->zone, nsec3param->rdata_size, nsec3param->rdata_pointer);
if(n3 == NULL)
{
nsec3_zone_destroy(replay->zone, n3);
zdb_record_delete_exact(&replay->zone->apex->resource_record_set, TYPE_NSEC3PARAM, nsec3param);
}
zdb_ttlrdata_delete(nsec3param);
node->key = NULL;
node->data = NULL;
}
treeset_avl_destroy(&replay->nsec3param_del);
}
return SUCCESS;
}
