static isc_result_t
add_ns(dns_db_t *db, dns_dbversion_t *version, dns_name_t *name,
dns_name_t *nsname)
{
dns_dbnode_t *node = NULL;
dns_rdata_ns_t ns;
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdatalist_t rdatalist;
dns_rdataset_t rdataset;
isc_result_t result;
isc_buffer_t b;
unsigned char buf[DNS_NAME_MAXWIRE];
isc_buffer_init(&b, buf, sizeof(buf));
dns_rdataset_init(&rdataset);
dns_rdatalist_init(&rdatalist);
ns.common.rdtype = dns_rdatatype_ns;
ns.common.rdclass = dns_db_class(db);
ns.mctx = NULL;
dns_name_init(&ns.name, NULL);
dns_name_clone(nsname, &ns.name);
CHECK(dns_rdata_fromstruct(&rdata, dns_db_class(db), dns_rdatatype_ns,
&ns, &b));
rdatalist.type = rdata.type;
rdatalist.covers = 0;
rdatalist.rdclass = rdata.rdclass;
rdatalist.ttl = 86400;
ISC_LIST_APPEND(rdatalist.rdata, &rdata, link);
CHECK(dns_rdatalist_tordataset(&rdatalist, &rdataset));
CHECK(dns_db_findnode(db, name, ISC_TRUE, &node));
CHECK(dns_db_addrdataset(db, node, version, 0, &rdataset, 0, NULL));
cleanup:
if (node != NULL)
dns_db_detachnode(db, &node);
return (result);
}
static isc_result_t
loadsetfromfile(char *filename, dns_rdataset_t *rdataset) {
isc_result_t result;
dns_db_t *db = NULL;
dns_dbnode_t *node = NULL;
char setname[DNS_NAME_FORMATSIZE];
dns_name_format(name, setname, sizeof(setname));
result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone,
rdclass, 0, NULL, &db);
if (result != ISC_R_SUCCESS)
fatal("can't create database");
result = dns_db_load(db, filename);
if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE)
fatal("can't load %s: %s", filename, isc_result_totext(result));
result = dns_db_findnode(db, name, ISC_FALSE, &node);
if (result != ISC_R_SUCCESS)
fatal("can't find %s node in %s", setname, filename);
result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_dnskey,
0, 0, rdataset, NULL);
if (result == ISC_R_NOTFOUND)
fatal("no DNSKEY RR for %s in %s", setname, filename);
else if (result != ISC_R_SUCCESS)
fatal("dns_db_findrdataset");
if (node != NULL)
dns_db_detachnode(db, &node);
if (db != NULL)
dns_db_detach(&db);
return (result);
}
static void
resigned(isc_assertioncallback_t callback) {
isc_result_t result;
dns_rdataset_t rdataset, added;
dns_dbnode_t *node = NULL;
dns_rdatalist_t rdatalist;
dns_rdata_rrsig_t rrsig;
dns_rdata_t rdata = DNS_RDATA_INIT;
isc_buffer_t b;
unsigned char buf[1024];
result = dns_test_begin(NULL, ISC_FALSE);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
setup_db();
/*
* Create a dummy RRSIG record and set a resigning time.
*/
dns_rdataset_init(&added);
dns_rdataset_init(&rdataset);
dns_rdatalist_init(&rdatalist);
isc_buffer_init(&b, buf, sizeof(buf));
DNS_RDATACOMMON_INIT(&rrsig, dns_rdatatype_rrsig, dns_rdataclass_in);
rrsig.covered = dns_rdatatype_a;
rrsig.algorithm = 100;
rrsig.labels = 0;
rrsig.originalttl = 0;
rrsig.timeexpire = 3600;
rrsig.timesigned = 0;
rrsig.keyid = 0;
dns_name_init(&rrsig.signer, NULL);
dns_name_clone(dns_rootname, &rrsig.signer);
rrsig.siglen = 0;
rrsig.signature = NULL;
result = dns_rdata_fromstruct(&rdata, dns_rdataclass_in,
dns_rdatatype_rrsig, &rrsig, &b);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
rdatalist.rdclass = dns_rdataclass_in;
rdatalist.type = dns_rdatatype_rrsig;
ISC_LIST_APPEND(rdatalist.rdata, &rdata, link);
result = dns_rdatalist_tordataset(&rdatalist, &rdataset);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
rdataset.attributes |= DNS_RDATASETATTR_RESIGN;
rdataset.resign = 7200;
result = dns_db_findnode(db1, dns_rootname, ISC_FALSE, &node);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
result = dns_db_addrdataset(db1, node, v1, 0, &rdataset, 0, &added);
ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
dns_db_detachnode(db1, &node);
ATF_REQUIRE_EQ(node, NULL);
isc_assertion_setcallback(callback);
dns_db_resigned(db1, &added, VERSION(callback));
if (callback != NULL)
atf_tc_fail("dns_db_resigned did not assert");
dns_rdataset_disassociate(&added);
close_db();
dns_test_end();
}
static isc_result_t
diff_apply(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *ver,
isc_boolean_t warn)
{
dns_difftuple_t *t;
dns_dbnode_t *node = NULL;
isc_result_t result;
char namebuf[DNS_NAME_FORMATSIZE];
char typebuf[DNS_RDATATYPE_FORMATSIZE];
char classbuf[DNS_RDATACLASS_FORMATSIZE];
REQUIRE(DNS_DIFF_VALID(diff));
REQUIRE(DNS_DB_VALID(db));
t = ISC_LIST_HEAD(diff->tuples);
while (t != NULL) {
dns_name_t *name;
INSIST(node == NULL);
name = &t->name;
/*
* Find the node.
* We create the node if it does not exist.
* This will cause an empty node to be created if the diff
* contains a deletion of an RR at a nonexistent name,
* but such diffs should never be created in the first
* place.
*/
while (t != NULL && dns_name_equal(&t->name, name)) {
dns_rdatatype_t type, covers;
dns_diffop_t op;
dns_rdatalist_t rdl;
dns_rdataset_t rds;
dns_rdataset_t ardataset;
dns_rdataset_t *modified = NULL;
op = t->op;
type = t->rdata.type;
covers = rdata_covers(&t->rdata);
/*
* Collect a contiguous set of updates with
* the same operation (add/delete) and RR type
* into a single rdatalist so that the
* database rrset merging/subtraction code
* can work more efficiently than if each
* RR were merged into / subtracted from
* the database separately.
*
* This is done by linking rdata structures from the
* diff into "rdatalist". This uses the rdata link
* field, not the diff link field, so the structure
* of the diff itself is not affected.
*/
dns_rdatalist_init(&rdl);
rdl.type = type;
rdl.covers = covers;
rdl.rdclass = t->rdata.rdclass;
rdl.ttl = t->ttl;
node = NULL;
if (type != dns_rdatatype_nsec3 &&
covers != dns_rdatatype_nsec3)
CHECK(dns_db_findnode(db, name, ISC_TRUE,
&node));
else
CHECK(dns_db_findnsec3node(db, name, ISC_TRUE,
&node));
while (t != NULL &&
dns_name_equal(&t->name, name) &&
t->op == op &&
t->rdata.type == type &&
rdata_covers(&t->rdata) == covers)
{
dns_name_format(name, namebuf, sizeof(namebuf));
dns_rdatatype_format(t->rdata.type, typebuf,
sizeof(typebuf));
dns_rdataclass_format(t->rdata.rdclass,
classbuf,
sizeof(classbuf));
if (t->ttl != rdl.ttl && warn)
isc_log_write(DIFF_COMMON_LOGARGS,
ISC_LOG_WARNING,
"'%s/%s/%s': TTL differs in "
"rdataset, adjusting "
"%lu -> %lu",
namebuf, typebuf, classbuf,
(unsigned long) t->ttl,
(unsigned long) rdl.ttl);
ISC_LIST_APPEND(rdl.rdata, &t->rdata, link);
t = ISC_LIST_NEXT(t, link);
}
/*
* Convert the rdatalist into a rdataset.
*/
dns_rdataset_init(&rds);
CHECK(dns_rdatalist_tordataset(&rdl, &rds));
if (rds.type == dns_rdatatype_rrsig)
switch (op) {
case DNS_DIFFOP_ADDRESIGN:
case DNS_DIFFOP_DELRESIGN:
modified = &ardataset;
dns_rdataset_init(modified);
break;
default:
break;
}
rds.trust = dns_trust_ultimate;
/*
* Merge the rdataset into the database.
*/
switch (op) {
case DNS_DIFFOP_ADD:
case DNS_DIFFOP_ADDRESIGN:
result = dns_db_addrdataset(db, node, ver,
0, &rds,
DNS_DBADD_MERGE|
DNS_DBADD_EXACT|
DNS_DBADD_EXACTTTL,
modified);
break;
case DNS_DIFFOP_DEL:
case DNS_DIFFOP_DELRESIGN:
result = dns_db_subtractrdataset(db, node, ver,
&rds,
DNS_DBSUB_EXACT,
modified);
break;
default:
INSIST(0);
}
if (result == ISC_R_SUCCESS) {
if (modified != NULL) {
isc_stdtime_t resign;
resign = setresign(modified);
dns_db_setsigningtime(db, modified,
resign);
}
} else if (result == DNS_R_UNCHANGED) {
/*
* This will not happen when executing a
* dynamic update, because that code will
* generate strictly minimal diffs.
* It may happen when receiving an IXFR
* from a server that is not as careful.
* Issue a warning and continue.
*/
if (warn) {
dns_name_format(dns_db_origin(db),
namebuf,
sizeof(namebuf));
dns_rdataclass_format(dns_db_class(db),
classbuf,
sizeof(classbuf));
isc_log_write(DIFF_COMMON_LOGARGS,
ISC_LOG_WARNING,
"%s/%s: dns_diff_apply: "
"update with no effect",
namebuf, classbuf);
}
} else if (result == DNS_R_NXRRSET) {
/*
* OK.
*/
} else {
if (modified != NULL &&
dns_rdataset_isassociated(modified))
dns_rdataset_disassociate(modified);
CHECK(result);
}
dns_db_detachnode(db, &node);
if (modified != NULL &&
dns_rdataset_isassociated(modified))
dns_rdataset_disassociate(modified);
}
}
return (ISC_R_SUCCESS);
failure:
if (node != NULL)
dns_db_detachnode(db, &node);
return (result);
}
/*%
* Configure static-stub zone.
*/
static isc_result_t
configure_staticstub(const cfg_obj_t *zconfig, dns_zone_t *zone,
const char *zname, const char *dbtype)
{
int i = 0;
const cfg_obj_t *obj;
isc_mem_t *mctx = dns_zone_getmctx(zone);
dns_db_t *db = NULL;
dns_dbversion_t *dbversion = NULL;
dns_dbnode_t *apexnode = NULL;
dns_name_t apexname;
isc_result_t result;
dns_rdataset_t rdataset;
dns_rdatalist_t rdatalist_ns, rdatalist_a, rdatalist_aaaa;
dns_rdatalist_t* rdatalists[] = {
&rdatalist_ns, &rdatalist_a, &rdatalist_aaaa, NULL
};
dns_rdata_t *rdata;
isc_region_t region;
/* Create the DB beforehand */
RETERR(dns_db_create(mctx, dbtype, dns_zone_getorigin(zone),
dns_dbtype_stub, dns_zone_getclass(zone),
0, NULL, &db));
dns_zone_setdb(zone, db);
dns_rdatalist_init(&rdatalist_ns);
rdatalist_ns.rdclass = dns_zone_getclass(zone);
rdatalist_ns.type = dns_rdatatype_ns;
rdatalist_ns.ttl = STATICSTUB_SERVER_TTL;
dns_rdatalist_init(&rdatalist_a);
rdatalist_a.rdclass = dns_zone_getclass(zone);
rdatalist_a.type = dns_rdatatype_a;
rdatalist_a.ttl = STATICSTUB_SERVER_TTL;
dns_rdatalist_init(&rdatalist_aaaa);
rdatalist_aaaa.rdclass = dns_zone_getclass(zone);
rdatalist_aaaa.type = dns_rdatatype_aaaa;
rdatalist_aaaa.ttl = STATICSTUB_SERVER_TTL;
/* Prepare zone RRs from the configuration */
obj = NULL;
result = cfg_map_get(zconfig, "server-addresses", &obj);
if (result == ISC_R_SUCCESS) {
INSIST(obj != NULL);
result = configure_staticstub_serveraddrs(obj, zone,
&rdatalist_ns,
&rdatalist_a,
&rdatalist_aaaa);
if (result != ISC_R_SUCCESS)
goto cleanup;
}
obj = NULL;
result = cfg_map_get(zconfig, "server-names", &obj);
if (result == ISC_R_SUCCESS) {
INSIST(obj != NULL);
result = configure_staticstub_servernames(obj, zone,
&rdatalist_ns,
zname);
if (result != ISC_R_SUCCESS)
goto cleanup;
}
/*
* Sanity check: there should be at least one NS RR at the zone apex
* to trigger delegation.
*/
if (ISC_LIST_EMPTY(rdatalist_ns.rdata)) {
isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_SERVER, ISC_LOG_ERROR,
"No NS record is configured for a "
"static-stub zone '%s'", zname);
result = ISC_R_FAILURE;
goto cleanup;
}
/*
* Now add NS and glue A/AAAA RRsets to the zone DB.
* First open a new version for the add operation and get a pointer
* to the apex node (all RRs are of the apex name).
*/
result = dns_db_newversion(db, &dbversion);
if (result != ISC_R_SUCCESS)
goto cleanup;
dns_name_init(&apexname, NULL);
dns_name_clone(dns_zone_getorigin(zone), &apexname);
result = dns_db_findnode(db, &apexname, ISC_FALSE, &apexnode);
if (result != ISC_R_SUCCESS)
goto cleanup;
/* Add NS RRset */
dns_rdataset_init(&rdataset);
RUNTIME_CHECK(dns_rdatalist_tordataset(&rdatalist_ns, &rdataset)
== ISC_R_SUCCESS);
result = dns_db_addrdataset(db, apexnode, dbversion, 0, &rdataset,
0, NULL);
dns_rdataset_disassociate(&rdataset);
if (result != ISC_R_SUCCESS)
goto cleanup;
/* Add glue A RRset, if any */
if (!ISC_LIST_EMPTY(rdatalist_a.rdata)) {
RUNTIME_CHECK(dns_rdatalist_tordataset(&rdatalist_a, &rdataset)
== ISC_R_SUCCESS);
result = dns_db_addrdataset(db, apexnode, dbversion, 0,
&rdataset, 0, NULL);
dns_rdataset_disassociate(&rdataset);
if (result != ISC_R_SUCCESS)
goto cleanup;
}
/* Add glue AAAA RRset, if any */
if (!ISC_LIST_EMPTY(rdatalist_aaaa.rdata)) {
RUNTIME_CHECK(dns_rdatalist_tordataset(&rdatalist_aaaa,
&rdataset)
== ISC_R_SUCCESS);
result = dns_db_addrdataset(db, apexnode, dbversion, 0,
&rdataset, 0, NULL);
dns_rdataset_disassociate(&rdataset);
if (result != ISC_R_SUCCESS)
goto cleanup;
}
result = ISC_R_SUCCESS;
cleanup:
if (apexnode != NULL)
dns_db_detachnode(db, &apexnode);
if (dbversion != NULL)
dns_db_closeversion(db, &dbversion, ISC_TRUE);
if (db != NULL)
dns_db_detach(&db);
for (i = 0; rdatalists[i] != NULL; i++) {
while ((rdata = ISC_LIST_HEAD(rdatalists[i]->rdata)) != NULL) {
ISC_LIST_UNLINK(rdatalists[i]->rdata, rdata, link);
dns_rdata_toregion(rdata, ®ion);
isc_mem_put(mctx, rdata,
sizeof(*rdata) + region.length);
}
}
return (result);
}
static isc_result_t
diff_apply(dns_diff_t *diff, dns_db_t *db, dns_dbversion_t *ver,
isc_boolean_t warn)
{
dns_difftuple_t *t;
dns_dbnode_t *node = NULL;
isc_result_t result;
REQUIRE(DNS_DIFF_VALID(diff));
REQUIRE(DNS_DB_VALID(db));
t = ISC_LIST_HEAD(diff->tuples);
while (t != NULL) {
dns_name_t *name;
INSIST(node == NULL);
name = &t->name;
/*
* Find the node.
* We create the node if it does not exist.
* This will cause an empty node to be created if the diff
* contains a deletion of an RR at a nonexistent name,
* but such diffs should never be created in the first
* place.
*/
node = NULL;
CHECK(dns_db_findnode(db, name, ISC_TRUE, &node));
while (t != NULL && dns_name_equal(&t->name, name)) {
dns_rdatatype_t type, covers;
dns_diffop_t op;
dns_rdatalist_t rdl;
dns_rdataset_t rds;
op = t->op;
type = t->rdata.type;
covers = rdata_covers(&t->rdata);
/*
* Collect a contiguous set of updates with
* the same operation (add/delete) and RR type
* into a single rdatalist so that the
* database rrset merging/subtraction code
* can work more efficiently than if each
* RR were merged into / subtracted from
* the database separately.
*
* This is done by linking rdata structures from the
* diff into "rdatalist". This uses the rdata link
* field, not the diff link field, so the structure
* of the diff itself is not affected.
*/
rdl.type = type;
rdl.covers = covers;
rdl.rdclass = t->rdata.rdclass;
rdl.ttl = t->ttl;
ISC_LIST_INIT(rdl.rdata);
ISC_LINK_INIT(&rdl, link);
while (t != NULL &&
dns_name_equal(&t->name, name) &&
t->op == op &&
t->rdata.type == type &&
rdata_covers(&t->rdata) == covers)
{
if (t->ttl != rdl.ttl && warn)
isc_log_write(DIFF_COMMON_LOGARGS,
ISC_LOG_WARNING,
"TTL differs in rdataset, "
"adjusting %lu -> %lu",
(unsigned long) t->ttl,
(unsigned long) rdl.ttl);
ISC_LIST_APPEND(rdl.rdata, &t->rdata, link);
t = ISC_LIST_NEXT(t, link);
}
/*
* Convert the rdatalist into a rdataset.
*/
dns_rdataset_init(&rds);
CHECK(dns_rdatalist_tordataset(&rdl, &rds));
rds.trust = dns_trust_ultimate;
/*
* Merge the rdataset into the database.
*/
if (op == DNS_DIFFOP_ADD) {
result = dns_db_addrdataset(db, node, ver,
0, &rds,
DNS_DBADD_MERGE|
DNS_DBADD_EXACT|
DNS_DBADD_EXACTTTL,
NULL);
} else if (op == DNS_DIFFOP_DEL) {
result = dns_db_subtractrdataset(db, node, ver,
&rds,
DNS_DBSUB_EXACT,
NULL);
} else {
INSIST(0);
}
if (result == DNS_R_UNCHANGED) {
/*
* This will not happen when executing a
* dynamic update, because that code will
* generate strictly minimal diffs.
* It may happen when receiving an IXFR
* from a server that is not as careful.
* Issue a warning and continue.
*/
if (warn)
isc_log_write(DIFF_COMMON_LOGARGS,
ISC_LOG_WARNING,
"update with no effect");
} else if (result == ISC_R_SUCCESS ||
result == DNS_R_NXRRSET) {
/*
* OK.
*/
} else {
CHECK(result);
}
}
dns_db_detachnode(db, &node);
}
return (ISC_R_SUCCESS);
failure:
if (node != NULL)
dns_db_detachnode(db, &node);
return (result);
}
