static isc_stdtime_t
setresign(dns_rdataset_t *modified) {
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdata_rrsig_t sig;
isc_stdtime_t when;
isc_result_t result;
result = dns_rdataset_first(modified);
INSIST(result == ISC_R_SUCCESS);
dns_rdataset_current(modified, &rdata);
(void)dns_rdata_tostruct(&rdata, &sig, NULL);
if ((rdata.flags & DNS_RDATA_OFFLINE) != 0)
when = 0;
else
when = sig.timeexpire;
dns_rdata_reset(&rdata);
result = dns_rdataset_next(modified);
while (result == ISC_R_SUCCESS) {
dns_rdataset_current(modified, &rdata);
(void)dns_rdata_tostruct(&rdata, &sig, NULL);
if ((rdata.flags & DNS_RDATA_OFFLINE) != 0) {
goto next_rr;
}
if (when == 0 || sig.timeexpire < when)
when = sig.timeexpire;
next_rr:
dns_rdata_reset(&rdata);
result = dns_rdataset_next(modified);
}
INSIST(result == ISC_R_NOMORE);
return (when);
}
isc_result_t
dns_rdataset_additionaldata(dns_rdataset_t *rdataset,
dns_additionaldatafunc_t add, void *arg)
{
dns_rdata_t rdata = DNS_RDATA_INIT;
isc_result_t result;
/*
* For each rdata in rdataset, call 'add' for each name and type in the
* rdata which is subject to additional section processing.
*/
REQUIRE(DNS_RDATASET_VALID(rdataset));
REQUIRE((rdataset->attributes & DNS_RDATASETATTR_QUESTION) == 0);
result = dns_rdataset_first(rdataset);
if (result != ISC_R_SUCCESS)
return (result);
do {
dns_rdataset_current(rdataset, &rdata);
result = dns_rdata_additionaldata(&rdata, add, arg);
if (result == ISC_R_SUCCESS)
result = dns_rdataset_next(rdataset);
dns_rdata_reset(&rdata);
} while (result == ISC_R_SUCCESS);
if (result != ISC_R_NOMORE)
return (result);
return (ISC_R_SUCCESS);
}
static isc_result_t
fill_array(int *pos, dns_rdataset_t *rdataset,
int size, unsigned char **rdatas, lwres_uint16_t *rdatalen)
{
dns_rdata_t rdata;
isc_result_t result;
isc_region_t r;
UNUSED(size);
dns_rdata_init(&rdata);
for (result = dns_rdataset_first(rdataset);
result == ISC_R_SUCCESS;
result = dns_rdataset_next(rdataset))
{
INSIST(*pos < size);
dns_rdataset_current(rdataset, &rdata);
dns_rdata_toregion(&rdata, &r);
rdatas[*pos] = r.base;
rdatalen[*pos] = r.length;
dns_rdata_reset(&rdata);
(*pos)++;
}
if (result == ISC_R_NOMORE)
result = ISC_R_SUCCESS;
return (result);
}
isc_result_t
dns_nsec_nseconly(dns_db_t *db, dns_dbversion_t *version,
isc_boolean_t *answer)
{
dns_dbnode_t *node = NULL;
dns_rdataset_t rdataset;
dns_rdata_dnskey_t dnskey;
isc_result_t result;
REQUIRE(answer != NULL);
dns_rdataset_init(&rdataset);
result = dns_db_getoriginnode(db, &node);
if (result != ISC_R_SUCCESS)
return (result);
result = dns_db_findrdataset(db, node, version, dns_rdatatype_dnskey,
0, 0, &rdataset, NULL);
dns_db_detachnode(db, &node);
if (result == ISC_R_NOTFOUND) {
*answer = ISC_FALSE;
return (ISC_R_SUCCESS);
}
if (result != ISC_R_SUCCESS)
return (result);
for (result = dns_rdataset_first(&rdataset);
result == ISC_R_SUCCESS;
result = dns_rdataset_next(&rdataset)) {
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdataset_current(&rdataset, &rdata);
result = dns_rdata_tostruct(&rdata, &dnskey, NULL);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
if (dnskey.algorithm == DST_ALG_RSAMD5 ||
dnskey.algorithm == DST_ALG_RSASHA1 ||
dnskey.algorithm == DST_ALG_DSA ||
dnskey.algorithm == DST_ALG_ECC)
break;
}
dns_rdataset_disassociate(&rdataset);
if (result == ISC_R_SUCCESS)
*answer = ISC_TRUE;
if (result == ISC_R_NOMORE) {
*answer = ISC_FALSE;
result = ISC_R_SUCCESS;
}
return (result);
}
static isc_result_t
db_rr_iterator_next(db_rr_iterator_t *it) {
if (it->result != ISC_R_SUCCESS)
return (it->result);
INSIST(it->dbit != NULL);
INSIST(it->node != NULL);
INSIST(it->rdatasetit != NULL);
it->result = dns_rdataset_next(&it->rdataset);
if (it->result == ISC_R_NOMORE) {
dns_rdataset_disassociate(&it->rdataset);
it->result = dns_rdatasetiter_next(it->rdatasetit);
/*
* The while loop body is executed more than once
* only when an empty dbnode needs to be skipped.
*/
while (it->result == ISC_R_NOMORE) {
dns_rdatasetiter_destroy(&it->rdatasetit);
dns_db_detachnode(it->db, &it->node);
it->result = dns_dbiterator_next(it->dbit);
if (it->result == ISC_R_NOMORE) {
/* We are at the end of the entire database. */
return (it->result);
}
if (it->result != ISC_R_SUCCESS)
return (it->result);
it->result = dns_dbiterator_current(it->dbit,
&it->node,
dns_fixedname_name(&it->fixedname));
if (it->result != ISC_R_SUCCESS)
return (it->result);
it->result = dns_db_allrdatasets(it->db, it->node,
it->ver, it->now,
&it->rdatasetit);
if (it->result != ISC_R_SUCCESS)
return (it->result);
it->result = dns_rdatasetiter_first(it->rdatasetit);
}
if (it->result != ISC_R_SUCCESS)
return (it->result);
dns_rdatasetiter_current(it->rdatasetit, &it->rdataset);
it->rdataset.attributes |= DNS_RDATASETATTR_LOADORDER;
it->result = dns_rdataset_first(&it->rdataset);
if (it->result != ISC_R_SUCCESS)
return (it->result);
}
return (it->result);
}
isc_result_t
dns_rriterator_next(dns_rriterator_t *it) {
REQUIRE(VALID_RRITERATOR(it));
if (it->result != ISC_R_SUCCESS)
return (it->result);
INSIST(it->dbit != NULL);
INSIST(it->node != NULL);
INSIST(it->rdatasetit != NULL);
it->result = dns_rdataset_next(&it->rdataset);
if (it->result == ISC_R_NOMORE)
return (dns_rriterator_nextrrset(it));
return (it->result);
}
static isc_boolean_t
inrrset(dns_rdataset_t *rrset, dns_rdata_t *rdata) {
isc_result_t result;
dns_rdata_t current = DNS_RDATA_INIT;
result = dns_rdataset_first(rrset);
while (result == ISC_R_SUCCESS) {
dns_rdataset_current(rrset, ¤t);
if (dns_rdata_compare(rdata, ¤t) == 0)
return (ISC_TRUE);
dns_rdata_reset(¤t);
result = dns_rdataset_next(rrset);
}
return (ISC_FALSE);
}
/*%
* short_form message print handler. Calls above say_message()
*/
static isc_result_t
short_answer(dns_message_t *msg, dns_messagetextflag_t flags,
isc_buffer_t *buf, dig_query_t *query)
{
dns_name_t *name;
dns_rdataset_t *rdataset;
isc_result_t result, loopresult;
dns_name_t empty_name;
dns_rdata_t rdata = DNS_RDATA_INIT;
UNUSED(flags);
dns_name_init(&empty_name, NULL);
result = dns_message_firstname(msg, DNS_SECTION_ANSWER);
if (result == ISC_R_NOMORE)
return (ISC_R_SUCCESS);
else if (result != ISC_R_SUCCESS)
return (result);
for (;;) {
name = NULL;
dns_message_currentname(msg, DNS_SECTION_ANSWER, &name);
for (rdataset = ISC_LIST_HEAD(name->list);
rdataset != NULL;
rdataset = ISC_LIST_NEXT(rdataset, link)) {
loopresult = dns_rdataset_first(rdataset);
while (loopresult == ISC_R_SUCCESS) {
dns_rdataset_current(rdataset, &rdata);
result = say_message(&rdata, query,
buf);
if (result == ISC_R_NOSPACE)
return (result);
check_result(result, "say_message");
loopresult = dns_rdataset_next(rdataset);
dns_rdata_reset(&rdata);
}
}
result = dns_message_nextname(msg, DNS_SECTION_ANSWER);
if (result == ISC_R_NOMORE)
break;
else if (result != ISC_R_SUCCESS)
return (result);
}
return (ISC_R_SUCCESS);
}
static inline isc_result_t
copy_rdataset(dns_rdataset_t *rdataset, isc_buffer_t *buffer) {
isc_result_t result;
unsigned int count;
isc_region_t ar, r;
dns_rdata_t rdata = DNS_RDATA_INIT;
/*
* Copy the rdataset count to the buffer.
*/
isc_buffer_availableregion(buffer, &ar);
if (ar.length < 2)
return (ISC_R_NOSPACE);
count = dns_rdataset_count(rdataset);
INSIST(count <= 65535);
isc_buffer_putuint16(buffer, (isc_uint16_t)count);
result = dns_rdataset_first(rdataset);
while (result == ISC_R_SUCCESS) {
dns_rdataset_current(rdataset, &rdata);
dns_rdata_toregion(&rdata, &r);
INSIST(r.length <= 65535);
isc_buffer_availableregion(buffer, &ar);
if (ar.length < 2)
return (ISC_R_NOSPACE);
/*
* Copy the rdata length to the buffer.
*/
isc_buffer_putuint16(buffer, (isc_uint16_t)r.length);
/*
* Copy the rdata to the buffer.
*/
result = isc_buffer_copyregion(buffer, &r);
if (result != ISC_R_SUCCESS)
return (result);
dns_rdata_reset(&rdata);
result = dns_rdataset_next(rdataset);
}
if (result != ISC_R_NOMORE)
return (result);
return (ISC_R_SUCCESS);
}
isc_result_t
dns_db_getsoaserial(dns_db_t *db, dns_dbversion_t *ver, isc_uint32_t *serialp)
{
isc_result_t result;
dns_dbnode_t *node = NULL;
dns_rdataset_t rdataset;
dns_rdata_t rdata = DNS_RDATA_INIT;
isc_buffer_t buffer;
REQUIRE(dns_db_iszone(db) || dns_db_isstub(db));
result = dns_db_findnode(db, dns_db_origin(db), ISC_FALSE, &node);
if (result != ISC_R_SUCCESS)
return (result);
dns_rdataset_init(&rdataset);
result = dns_db_findrdataset(db, node, ver, dns_rdatatype_soa, 0,
(isc_stdtime_t)0, &rdataset, NULL);
if (result != ISC_R_SUCCESS)
goto freenode;
result = dns_rdataset_first(&rdataset);
if (result != ISC_R_SUCCESS)
goto freerdataset;
dns_rdataset_current(&rdataset, &rdata);
result = dns_rdataset_next(&rdataset);
INSIST(result == ISC_R_NOMORE);
INSIST(rdata.length > 20);
isc_buffer_init(&buffer, rdata.data, rdata.length);
isc_buffer_add(&buffer, rdata.length);
isc_buffer_forward(&buffer, rdata.length - 20);
*serialp = isc_buffer_getuint32(&buffer);
result = ISC_R_SUCCESS;
freerdataset:
dns_rdataset_disassociate(&rdataset);
freenode:
dns_db_detachnode(db, &node);
return (result);
}
static isc_result_t
in_rootns(dns_rdataset_t *rootns, dns_name_t *name) {
isc_result_t result;
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdata_ns_t ns;
if (!dns_rdataset_isassociated(rootns))
return (ISC_R_NOTFOUND);
result = dns_rdataset_first(rootns);
while (result == ISC_R_SUCCESS) {
dns_rdataset_current(rootns, &rdata);
result = dns_rdata_tostruct(&rdata, &ns, NULL);
if (result != ISC_R_SUCCESS)
return (result);
if (dns_name_compare(name, &ns.name) == 0)
return (ISC_R_SUCCESS);
result = dns_rdataset_next(rootns);
}
if (result == ISC_R_NOMORE)
result = ISC_R_NOTFOUND;
return (result);
}
/*
* Sort the rdataset into an array.
*/
static isc_result_t
rdataset_to_sortedarray(dns_rdataset_t *set, isc_mem_t *mctx,
dns_rdata_t **rdata, int *nrdata)
{
isc_result_t ret;
int i = 0, n;
dns_rdata_t *data;
n = dns_rdataset_count(set);
data = isc_mem_get(mctx, n * sizeof(dns_rdata_t));
if (data == NULL)
return (ISC_R_NOMEMORY);
ret = dns_rdataset_first(set);
if (ret != ISC_R_SUCCESS) {
isc_mem_put(mctx, data, n * sizeof(dns_rdata_t));
return (ret);
}
/*
* Put them in the array.
*/
do {
dns_rdata_init(&data[i]);
dns_rdataset_current(set, &data[i++]);
} while (dns_rdataset_next(set) == ISC_R_SUCCESS);
/*
* Sort the array.
*/
qsort(data, n, sizeof(dns_rdata_t), rdata_compare_wrapper);
*rdata = data;
*nrdata = n;
return (ISC_R_SUCCESS);
}
isc_result_t
dns_ncache_getsigrdataset(dns_rdataset_t *ncacherdataset, dns_name_t *name,
dns_rdatatype_t covers, dns_rdataset_t *rdataset)
{
dns_name_t tname;
dns_rdata_rrsig_t rrsig;
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdataset_t clone;
dns_rdatatype_t type;
dns_trust_t trust = dns_trust_none;
isc_buffer_t source;
isc_region_t remaining, sigregion;
isc_result_t result;
unsigned char *raw;
unsigned int count;
REQUIRE(ncacherdataset != NULL);
REQUIRE(ncacherdataset->type == 0);
REQUIRE((ncacherdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0);
REQUIRE(name != NULL);
REQUIRE(!dns_rdataset_isassociated(rdataset));
dns_rdataset_init(&clone);
dns_rdataset_clone(ncacherdataset, &clone);
result = dns_rdataset_first(&clone);
while (result == ISC_R_SUCCESS) {
dns_rdataset_current(&clone, &rdata);
isc_buffer_init(&source, rdata.data, rdata.length);
isc_buffer_add(&source, rdata.length);
dns_name_init(&tname, NULL);
isc_buffer_remainingregion(&source, &remaining);
dns_name_fromregion(&tname, &remaining);
INSIST(remaining.length >= tname.length);
isc_buffer_forward(&source, tname.length);
isc_region_consume(&remaining, tname.length);
INSIST(remaining.length >= 2);
type = isc_buffer_getuint16(&source);
isc_region_consume(&remaining, 2);
if (type != dns_rdatatype_rrsig ||
!dns_name_equal(&tname, name)) {
result = dns_rdataset_next(&clone);
dns_rdata_reset(&rdata);
continue;
}
INSIST(remaining.length >= 1);
trust = isc_buffer_getuint8(&source);
INSIST(trust <= dns_trust_ultimate);
isc_region_consume(&remaining, 1);
raw = remaining.base;
count = raw[0] * 256 + raw[1];
INSIST(count > 0);
raw += 2;
sigregion.length = raw[0] * 256 + raw[1];
raw += 2;
sigregion.base = raw;
dns_rdata_reset(&rdata);
dns_rdata_fromregion(&rdata, rdataset->rdclass,
dns_rdatatype_rrsig, &sigregion);
(void)dns_rdata_tostruct(&rdata, &rrsig, NULL);
if (rrsig.covered == covers) {
isc_buffer_remainingregion(&source, &remaining);
break;
}
result = dns_rdataset_next(&clone);
dns_rdata_reset(&rdata);
}
dns_rdataset_disassociate(&clone);
if (result == ISC_R_NOMORE)
return (ISC_R_NOTFOUND);
if (result != ISC_R_SUCCESS)
return (result);
INSIST(remaining.length != 0);
rdataset->methods = &rdataset_methods;
rdataset->rdclass = ncacherdataset->rdclass;
rdataset->type = dns_rdatatype_rrsig;
rdataset->covers = covers;
rdataset->ttl = ncacherdataset->ttl;
rdataset->trust = trust;
rdataset->private1 = NULL;
rdataset->private2 = NULL;
rdataset->private3 = remaining.base;
/*
* Reset iterator state.
*/
rdataset->privateuint4 = 0;
rdataset->private5 = NULL;
rdataset->private6 = NULL;
return (ISC_R_SUCCESS);
}
int
main(int argc, char *argv[])
{
char *sql;
int res;
char *errmsg = NULL;
char *porigin, *zonefile;
dns_fixedname_t forigin, fname;
dns_name_t *origin, *name;
dns_db_t *db = NULL;
dns_dbiterator_t *dbiter;
dns_dbnode_t *node;
dns_rdatasetiter_t *rdsiter;
dns_rdataset_t rdataset;
dns_rdata_t rdata = DNS_RDATA_INIT;
isc_mem_t *mctx = NULL;
isc_entropy_t *ectx = NULL;
isc_buffer_t b;
isc_result_t result;
if (argc != 5) {
printf("usage: %s <zone> <zonefile> <dbfile> <dbtable>\n", argv[0]);
exit(1);
}
porigin = argv[1];
zonefile = argv[2];
dbi.filename = argv[3];
dbi.table = argv[4];
dns_result_register();
result = isc_mem_create(0, 0, &mctx);
check_result(result, "isc_mem_create");
result = isc_entropy_create(mctx, &ectx);
check_result(result, "isc_entropy_create");
result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
check_result(result, "isc_hash_create");
isc_buffer_init(&b, porigin, strlen(porigin));
isc_buffer_add(&b, strlen(porigin));
dns_fixedname_init(&forigin);
origin = dns_fixedname_name(&forigin);
result = dns_name_fromtext(origin, &b, dns_rootname, 0, NULL);
check_result(result, "dns_name_fromtext");
db = NULL;
result = dns_db_create(mctx, "rbt", origin, dns_dbtype_zone,
dns_rdataclass_in, 0, NULL, &db);
check_result(result, "dns_db_create");
result = dns_db_load(db, zonefile);
if (result == DNS_R_SEENINCLUDE)
result = ISC_R_SUCCESS;
check_result(result, "dns_db_load");
printf("Connecting to '%s'\n", dbi.filename);
if ((result = db_connect(&dbi)) != ISC_R_SUCCESS) {
fprintf(stderr, "Connection to database '%s' failed\n",
dbi.filename);
closeandexit(1);
}
sql = sqlite3_mprintf("DROP TABLE %q ", dbi.table);
printf("%s\n", sql);
res = sqlite3_exec(dbi.db, sql, NULL, NULL, &errmsg);
sqlite3_free(sql);
#if 0
if (res != SQLITE_OK) {
fprintf(stderr, "DROP TABLE %s failed: %s\n",
dbi.table, errmsg);
}
#endif
#if 0
sql = sqlite3_mprintf(sql, "BEGIN TRANSACTION");
printf("%s\n", sql);
res = sqlite3_exec(dbi.db, sql, NULL, NULL, &errmsg);
sqlite3_free(sql);
if (res != SQLITE_OK) {
fprintf(stderr, "BEGIN TRANSACTION failed: %s\n", errmsg);
closeandexit(1);
}
#endif
sql = sqlite3_mprintf(
"CREATE TABLE %q "
"(NAME TEXT, TTL INTEGER, RDTYPE TEXT, RDATA TEXT) ",
dbi.table);
printf("%s\n", sql);
res = sqlite3_exec(dbi.db, sql, NULL, NULL, &errmsg);
sqlite3_free(sql);
if (res != SQLITE_OK) {
fprintf(stderr, "CREATE TABLE %s failed: %s\n",
dbi.table, errmsg);
closeandexit(1);
}
dbiter = NULL;
result = dns_db_createiterator(db, 0, &dbiter);
check_result(result, "dns_db_createiterator()");
result = dns_dbiterator_first(dbiter);
check_result(result, "dns_dbiterator_first");
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
dns_rdataset_init(&rdataset);
dns_rdata_init(&rdata);
while (result == ISC_R_SUCCESS) {
node = NULL;
result = dns_dbiterator_current(dbiter, &node, name);
if (result == ISC_R_NOMORE)
break;
check_result(result, "dns_dbiterator_current");
rdsiter = NULL;
result = dns_db_allrdatasets(db, node, NULL, 0, &rdsiter);
check_result(result, "dns_db_allrdatasets");
result = dns_rdatasetiter_first(rdsiter);
while (result == ISC_R_SUCCESS) {
dns_rdatasetiter_current(rdsiter, &rdataset);
result = dns_rdataset_first(&rdataset);
check_result(result, "dns_rdataset_first");
while (result == ISC_R_SUCCESS) {
dns_rdataset_current(&rdataset, &rdata);
addrdata(name, rdataset.ttl, &rdata);
dns_rdata_reset(&rdata);
result = dns_rdataset_next(&rdataset);
}
dns_rdataset_disassociate(&rdataset);
result = dns_rdatasetiter_next(rdsiter);
}
dns_rdatasetiter_destroy(&rdsiter);
dns_db_detachnode(db, &node);
result = dns_dbiterator_next(dbiter);
}
#if 0
sql = sqlite3_mprintf(sql, "COMMIT TRANSACTION ");
printf("%s\n", sql);
res = sqlite3_exec(dbi.db, sql, NULL, NULL, &errmsg);
sqlite3_free(sql);
if (res != SQLITE_OK) {
fprintf(stderr, "COMMIT TRANSACTION failed: %s\n", errmsg);
closeandexit(1);
}
#endif
dns_dbiterator_destroy(&dbiter);
dns_db_detach(&db);
isc_hash_destroy();
isc_entropy_detach(&ectx);
isc_mem_destroy(&mctx);
closeandexit(0);
exit(0);
}
isc_result_t
dns_ncache_getrdataset(dns_rdataset_t *ncacherdataset, dns_name_t *name,
dns_rdatatype_t type, dns_rdataset_t *rdataset)
{
isc_result_t result;
dns_rdata_t rdata = DNS_RDATA_INIT;
isc_region_t remaining;
isc_buffer_t source;
dns_name_t tname;
dns_rdatatype_t ttype;
dns_trust_t trust = dns_trust_none;
dns_rdataset_t clone;
REQUIRE(ncacherdataset != NULL);
REQUIRE(ncacherdataset->type == 0);
REQUIRE((ncacherdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0);
REQUIRE(name != NULL);
REQUIRE(!dns_rdataset_isassociated(rdataset));
REQUIRE(type != dns_rdatatype_rrsig);
dns_rdataset_init(&clone);
dns_rdataset_clone(ncacherdataset, &clone);
result = dns_rdataset_first(&clone);
while (result == ISC_R_SUCCESS) {
dns_rdataset_current(&clone, &rdata);
isc_buffer_init(&source, rdata.data, rdata.length);
isc_buffer_add(&source, rdata.length);
dns_name_init(&tname, NULL);
isc_buffer_remainingregion(&source, &remaining);
dns_name_fromregion(&tname, &remaining);
INSIST(remaining.length >= tname.length);
isc_buffer_forward(&source, tname.length);
remaining.length -= tname.length;
INSIST(remaining.length >= 3);
ttype = isc_buffer_getuint16(&source);
if (ttype == type && dns_name_equal(&tname, name)) {
trust = isc_buffer_getuint8(&source);
INSIST(trust <= dns_trust_ultimate);
isc_buffer_remainingregion(&source, &remaining);
break;
}
result = dns_rdataset_next(&clone);
dns_rdata_reset(&rdata);
}
dns_rdataset_disassociate(&clone);
if (result == ISC_R_NOMORE)
return (ISC_R_NOTFOUND);
if (result != ISC_R_SUCCESS)
return (result);
INSIST(remaining.length != 0);
rdataset->methods = &rdataset_methods;
rdataset->rdclass = ncacherdataset->rdclass;
rdataset->type = type;
rdataset->covers = 0;
rdataset->ttl = ncacherdataset->ttl;
rdataset->trust = trust;
rdataset->private1 = NULL;
rdataset->private2 = NULL;
rdataset->private3 = remaining.base;
/*
* Reset iterator state.
*/
rdataset->privateuint4 = 0;
rdataset->private5 = NULL;
rdataset->private6 = NULL;
return (ISC_R_SUCCESS);
}
isc_result_t
dns_ncache_towire(dns_rdataset_t *rdataset, dns_compress_t *cctx,
isc_buffer_t *target, unsigned int options,
unsigned int *countp)
{
dns_rdata_t rdata = DNS_RDATA_INIT;
isc_result_t result;
isc_region_t remaining, tavailable;
isc_buffer_t source, savedbuffer, rdlen;
dns_name_t name;
dns_rdatatype_t type;
unsigned int i, rcount, count;
/*
* Convert the negative caching rdataset 'rdataset' to wire format,
* compressing names as specified in 'cctx', and storing the result in
* 'target'.
*/
REQUIRE(rdataset != NULL);
REQUIRE(rdataset->type == 0);
REQUIRE((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0);
savedbuffer = *target;
count = 0;
result = dns_rdataset_first(rdataset);
while (result == ISC_R_SUCCESS) {
dns_rdataset_current(rdataset, &rdata);
isc_buffer_init(&source, rdata.data, rdata.length);
isc_buffer_add(&source, rdata.length);
dns_name_init(&name, NULL);
isc_buffer_remainingregion(&source, &remaining);
dns_name_fromregion(&name, &remaining);
INSIST(remaining.length >= name.length);
isc_buffer_forward(&source, name.length);
remaining.length -= name.length;
INSIST(remaining.length >= 5);
type = isc_buffer_getuint16(&source);
isc_buffer_forward(&source, 1);
rcount = isc_buffer_getuint16(&source);
for (i = 0; i < rcount; i++) {
/*
* Get the length of this rdata and set up an
* rdata structure for it.
*/
isc_buffer_remainingregion(&source, &remaining);
INSIST(remaining.length >= 2);
dns_rdata_reset(&rdata);
rdata.length = isc_buffer_getuint16(&source);
isc_buffer_remainingregion(&source, &remaining);
rdata.data = remaining.base;
rdata.type = type;
rdata.rdclass = rdataset->rdclass;
INSIST(remaining.length >= rdata.length);
isc_buffer_forward(&source, rdata.length);
if ((options & DNS_NCACHETOWIRE_OMITDNSSEC) != 0 &&
dns_rdatatype_isdnssec(type))
continue;
/*
* Write the name.
*/
dns_compress_setmethods(cctx, DNS_COMPRESS_GLOBAL14);
result = dns_name_towire(&name, cctx, target);
if (result != ISC_R_SUCCESS)
goto rollback;
/*
* See if we have space for type, class, ttl, and
* rdata length. Write the type, class, and ttl.
*/
isc_buffer_availableregion(target, &tavailable);
if (tavailable.length < 10) {
result = ISC_R_NOSPACE;
goto rollback;
}
isc_buffer_putuint16(target, type);
isc_buffer_putuint16(target, rdataset->rdclass);
isc_buffer_putuint32(target, rdataset->ttl);
/*
* Save space for rdata length.
*/
rdlen = *target;
isc_buffer_add(target, 2);
/*
* Write the rdata.
*/
result = dns_rdata_towire(&rdata, cctx, target);
if (result != ISC_R_SUCCESS)
goto rollback;
/*
* Set the rdata length field to the compressed
* length.
*/
INSIST((target->used >= rdlen.used + 2) &&
(target->used - rdlen.used - 2 < 65536));
isc_buffer_putuint16(&rdlen,
(isc_uint16_t)(target->used -
rdlen.used - 2));
count++;
}
INSIST(isc_buffer_remaininglength(&source) == 0);
result = dns_rdataset_next(rdataset);
dns_rdata_reset(&rdata);
}
if (result != ISC_R_NOMORE)
goto rollback;
*countp = count;
return (ISC_R_SUCCESS);
rollback:
INSIST(savedbuffer.used < 65536);
dns_compress_rollback(cctx, (isc_uint16_t)savedbuffer.used);
*countp = 0;
*target = savedbuffer;
return (result);
}
void
dns_root_checkhints(dns_view_t *view, dns_db_t *hints, dns_db_t *db) {
isc_result_t result;
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdata_ns_t ns;
dns_rdataset_t hintns, rootns;
const char *viewname = "", *sep = "";
isc_stdtime_t now;
dns_name_t *name;
dns_fixedname_t fixed;
REQUIRE(hints != NULL);
REQUIRE(db != NULL);
REQUIRE(view != NULL);
isc_stdtime_get(&now);
if (strcmp(view->name, "_bind") != 0 &&
strcmp(view->name, "_default") != 0) {
viewname = view->name;
sep = ": view ";
}
dns_rdataset_init(&hintns);
dns_rdataset_init(&rootns);
dns_fixedname_init(&fixed);
name = dns_fixedname_name(&fixed);
result = dns_db_find(hints, dns_rootname, NULL, dns_rdatatype_ns, 0,
now, NULL, name, &hintns, NULL);
if (result != ISC_R_SUCCESS) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
"checkhints%s%s: unable to get root NS rrset "
"from hints: %s", sep, viewname,
dns_result_totext(result));
goto cleanup;
}
result = dns_db_find(db, dns_rootname, NULL, dns_rdatatype_ns, 0,
now, NULL, name, &rootns, NULL);
if (result != ISC_R_SUCCESS) {
isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
"checkhints%s%s: unable to get root NS rrset "
"from cache: %s", sep, viewname,
dns_result_totext(result));
goto cleanup;
}
/*
* Look for missing root NS names.
*/
result = dns_rdataset_first(&rootns);
while (result == ISC_R_SUCCESS) {
dns_rdataset_current(&rootns, &rdata);
result = dns_rdata_tostruct(&rdata, &ns, NULL);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
result = in_rootns(&hintns, &ns.name);
if (result != ISC_R_SUCCESS) {
char namebuf[DNS_NAME_FORMATSIZE];
/* missing from hints */
dns_name_format(&ns.name, namebuf, sizeof(namebuf));
isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
"checkhints%s%s: unable to find root "
"NS '%s' in hints", sep, viewname,
namebuf);
} else
check_address_records(view, hints, db, &ns.name, now);
dns_rdata_reset(&rdata);
result = dns_rdataset_next(&rootns);
}
if (result != ISC_R_NOMORE) {
goto cleanup;
}
/*
* Look for extra root NS names.
*/
result = dns_rdataset_first(&hintns);
while (result == ISC_R_SUCCESS) {
dns_rdataset_current(&hintns, &rdata);
result = dns_rdata_tostruct(&rdata, &ns, NULL);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
result = in_rootns(&rootns, &ns.name);
if (result != ISC_R_SUCCESS) {
char namebuf[DNS_NAME_FORMATSIZE];
/* extra entry in hints */
dns_name_format(&ns.name, namebuf, sizeof(namebuf));
isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL,
DNS_LOGMODULE_HINTS, ISC_LOG_WARNING,
"checkhints%s%s: extra NS '%s' in hints",
sep, viewname, namebuf);
}
dns_rdata_reset(&rdata);
result = dns_rdataset_next(&hintns);
}
if (result != ISC_R_NOMORE) {
goto cleanup;
}
cleanup:
if (dns_rdataset_isassociated(&rootns))
dns_rdataset_disassociate(&rootns);
if (dns_rdataset_isassociated(&hintns))
dns_rdataset_disassociate(&hintns);
}
static isc_result_t
process_dhtkey(dns_message_t *msg, dns_name_t *signer, dns_name_t *name,
dns_rdata_tkey_t *tkeyin, dns_tkeyctx_t *tctx,
dns_rdata_tkey_t *tkeyout,
dns_tsig_keyring_t *ring, dns_namelist_t *namelist)
{
isc_result_t result = ISC_R_SUCCESS;
dns_name_t *keyname, ourname;
dns_rdataset_t *keyset = NULL;
dns_rdata_t keyrdata = DNS_RDATA_INIT, ourkeyrdata = DNS_RDATA_INIT;
isc_boolean_t found_key = ISC_FALSE, found_incompatible = ISC_FALSE;
dst_key_t *pubkey = NULL;
isc_buffer_t ourkeybuf, *shared = NULL;
isc_region_t r, r2, ourkeyr;
unsigned char keydata[DST_KEY_MAXSIZE];
unsigned int sharedsize;
isc_buffer_t secret;
unsigned char *randomdata = NULL, secretdata[256];
dns_ttl_t ttl = 0;
if (tctx->dhkey == NULL) {
tkey_log("process_dhtkey: tkey-dhkey not defined");
tkeyout->error = dns_tsigerror_badalg;
return (DNS_R_REFUSED);
}
if (!dns_name_equal(&tkeyin->algorithm, DNS_TSIG_HMACMD5_NAME)) {
tkey_log("process_dhtkey: algorithms other than "
"hmac-md5 are not supported");
tkeyout->error = dns_tsigerror_badalg;
return (ISC_R_SUCCESS);
}
/*
* Look for a DH KEY record that will work with ours.
*/
for (result = dns_message_firstname(msg, DNS_SECTION_ADDITIONAL);
result == ISC_R_SUCCESS && !found_key;
result = dns_message_nextname(msg, DNS_SECTION_ADDITIONAL)) {
keyname = NULL;
dns_message_currentname(msg, DNS_SECTION_ADDITIONAL, &keyname);
keyset = NULL;
result = dns_message_findtype(keyname, dns_rdatatype_key, 0,
&keyset);
if (result != ISC_R_SUCCESS)
continue;
for (result = dns_rdataset_first(keyset);
result == ISC_R_SUCCESS && !found_key;
result = dns_rdataset_next(keyset)) {
dns_rdataset_current(keyset, &keyrdata);
pubkey = NULL;
result = dns_dnssec_keyfromrdata(keyname, &keyrdata,
msg->mctx, &pubkey);
if (result != ISC_R_SUCCESS) {
dns_rdata_reset(&keyrdata);
continue;
}
if (dst_key_alg(pubkey) == DNS_KEYALG_DH) {
if (dst_key_paramcompare(pubkey, tctx->dhkey))
{
found_key = ISC_TRUE;
ttl = keyset->ttl;
break;
} else
found_incompatible = ISC_TRUE;
}
dst_key_free(&pubkey);
dns_rdata_reset(&keyrdata);
}
}
if (!found_key) {
if (found_incompatible) {
tkey_log("process_dhtkey: found an incompatible key");
tkeyout->error = dns_tsigerror_badkey;
return (ISC_R_SUCCESS);
} else {
tkey_log("process_dhtkey: failed to find a key");
return (DNS_R_FORMERR);
}
}
RETERR(add_rdata_to_list(msg, keyname, &keyrdata, ttl, namelist));
isc_buffer_init(&ourkeybuf, keydata, sizeof(keydata));
RETERR(dst_key_todns(tctx->dhkey, &ourkeybuf));
isc_buffer_usedregion(&ourkeybuf, &ourkeyr);
dns_rdata_fromregion(&ourkeyrdata, dns_rdataclass_any,
dns_rdatatype_key, &ourkeyr);
dns_name_init(&ourname, NULL);
dns_name_clone(dst_key_name(tctx->dhkey), &ourname);
/*
* XXXBEW The TTL should be obtained from the database, if it exists.
*/
RETERR(add_rdata_to_list(msg, &ourname, &ourkeyrdata, 0, namelist));
RETERR(dst_key_secretsize(tctx->dhkey, &sharedsize));
RETERR(isc_buffer_allocate(msg->mctx, &shared, sharedsize));
result = dst_key_computesecret(pubkey, tctx->dhkey, shared);
if (result != ISC_R_SUCCESS) {
tkey_log("process_dhtkey: failed to compute shared secret: %s",
isc_result_totext(result));
goto failure;
}
dst_key_free(&pubkey);
isc_buffer_init(&secret, secretdata, sizeof(secretdata));
randomdata = isc_mem_get(tkeyout->mctx, TKEY_RANDOM_AMOUNT);
if (randomdata == NULL)
goto failure;
result = dst__entropy_getdata(randomdata, TKEY_RANDOM_AMOUNT,
ISC_FALSE);
if (result != ISC_R_SUCCESS) {
tkey_log("process_dhtkey: failed to obtain entropy: %s",
isc_result_totext(result));
goto failure;
}
r.base = randomdata;
r.length = TKEY_RANDOM_AMOUNT;
r2.base = tkeyin->key;
r2.length = tkeyin->keylen;
RETERR(compute_secret(shared, &r2, &r, &secret));
isc_buffer_free(&shared);
RETERR(dns_tsigkey_create(name, &tkeyin->algorithm,
isc_buffer_base(&secret),
isc_buffer_usedlength(&secret),
ISC_TRUE, signer, tkeyin->inception,
tkeyin->expire, ring->mctx, ring, NULL));
/* This key is good for a long time */
tkeyout->inception = tkeyin->inception;
tkeyout->expire = tkeyin->expire;
tkeyout->key = randomdata;
tkeyout->keylen = TKEY_RANDOM_AMOUNT;
return (ISC_R_SUCCESS);
failure:
if (!ISC_LIST_EMPTY(*namelist))
free_namelist(msg, namelist);
if (shared != NULL)
isc_buffer_free(&shared);
if (pubkey != NULL)
dst_key_free(&pubkey);
if (randomdata != NULL)
isc_mem_put(tkeyout->mctx, randomdata, TKEY_RANDOM_AMOUNT);
return (result);
}
static void
resolve_nsaddress(isc_task_t *task, isc_event_t *event) {
struct probe_trans *trans = event->ev_arg;
dns_clientresevent_t *rev = (dns_clientresevent_t *)event;
dns_name_t *name;
dns_rdataset_t *rdataset;
dns_rdata_t rdata = DNS_RDATA_INIT;
struct probe_ns *pns = trans->current_ns;
isc_result_t result;
REQUIRE(task == probe_task);
REQUIRE(trans->inuse == ISC_TRUE);
REQUIRE(pns != NULL);
INSIST(outstanding_probes > 0);
for (name = ISC_LIST_HEAD(rev->answerlist); name != NULL;
name = ISC_LIST_NEXT(name, link)) {
for (rdataset = ISC_LIST_HEAD(name->list);
rdataset != NULL;
rdataset = ISC_LIST_NEXT(rdataset, link)) {
(void)print_rdataset(rdataset, name);
if (rdataset->type != dns_rdatatype_a)
continue;
for (result = dns_rdataset_first(rdataset);
result == ISC_R_SUCCESS;
result = dns_rdataset_next(rdataset)) {
dns_rdata_in_a_t rdata_a;
struct server *server;
dns_rdataset_current(rdataset, &rdata);
result = dns_rdata_tostruct(&rdata, &rdata_a,
NULL);
if (result != ISC_R_SUCCESS)
continue;
server = isc_mem_get(mctx, sizeof(*server));
if (server == NULL) {
fprintf(stderr, "resolve_nsaddress: "
"mem_get failed");
result = ISC_R_NOMEMORY;
POST(result);
goto cleanup;
}
isc_sockaddr_fromin(&server->address,
&rdata_a.in_addr, 53);
ISC_LINK_INIT(server, link);
server->result_a = none;
server->result_aaaa = none;
ISC_LIST_APPEND(pns->servers, server, link);
}
}
}
cleanup:
dns_client_freeresanswer(client, &rev->answerlist);
dns_client_destroyrestrans(&trans->resid);
isc_event_free(&event);
next_ns:
trans->current_ns = ISC_LIST_NEXT(pns, link);
if (trans->current_ns == NULL) {
trans->current_ns = ISC_LIST_HEAD(trans->nslist);
dns_fixedname_invalidate(&trans->fixedname);
trans->qname = NULL;
result = set_nextqname(trans);
if (result == ISC_R_SUCCESS)
result = probe_name(trans, dns_rdatatype_a);
} else {
result = fetch_nsaddress(trans);
if (result != ISC_R_SUCCESS)
goto next_ns; /* XXX: this is unlikely to succeed */
}
if (result != ISC_R_SUCCESS)
reset_probe(trans);
}
static isc_result_t
printsection(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers,
dns_section_t section) {
isc_result_t result, loopresult;
dns_name_t *name;
dns_rdataset_t *rdataset = NULL;
dns_rdata_t rdata = DNS_RDATA_INIT;
char namebuf[DNS_NAME_FORMATSIZE];
UNUSED(query);
UNUSED(headers);
debug("printsection()");
result = dns_message_firstname(msg, section);
if (result == ISC_R_NOMORE)
return (ISC_R_SUCCESS);
else if (result != ISC_R_SUCCESS)
return (result);
for (;;) {
name = NULL;
dns_message_currentname(msg, section,
&name);
for (rdataset = ISC_LIST_HEAD(name->list);
rdataset != NULL;
rdataset = ISC_LIST_NEXT(rdataset, link)) {
loopresult = dns_rdataset_first(rdataset);
while (loopresult == ISC_R_SUCCESS) {
dns_rdataset_current(rdataset, &rdata);
switch (rdata.type) {
case dns_rdatatype_a:
if (section != DNS_SECTION_ANSWER)
goto def_short_section;
dns_name_format(name, namebuf,
sizeof(namebuf));
printf("Name:\t%s\n", namebuf);
printa(&rdata);
break;
case dns_rdatatype_soa:
dns_name_format(name, namebuf,
sizeof(namebuf));
printf("%s\n", namebuf);
printsoa(&rdata);
break;
default:
def_short_section:
dns_name_format(name, namebuf,
sizeof(namebuf));
printf("%s\t", namebuf);
printrdata(&rdata);
break;
}
dns_rdata_reset(&rdata);
loopresult = dns_rdataset_next(rdataset);
}
}
result = dns_message_nextname(msg, section);
if (result == ISC_R_NOMORE)
break;
else if (result != ISC_R_SUCCESS) {
return (result);
}
}
return (ISC_R_SUCCESS);
}
static isc_result_t
towiresorted(dns_rdataset_t *rdataset, const dns_name_t *owner_name,
dns_compress_t *cctx, isc_buffer_t *target,
dns_rdatasetorderfunc_t order, const void *order_arg,
isc_boolean_t partial, unsigned int options,
unsigned int *countp, void **state)
{
dns_rdata_t rdata = DNS_RDATA_INIT;
isc_region_t r;
isc_result_t result;
unsigned int i, count = 0, added, choice;
isc_buffer_t savedbuffer, rdlen, rrbuffer;
unsigned int headlen;
isc_boolean_t question = ISC_FALSE;
isc_boolean_t shuffle = ISC_FALSE;
dns_rdata_t *shuffled = NULL, shuffled_fixed[MAX_SHUFFLE];
struct towire_sort *sorted = NULL, sorted_fixed[MAX_SHUFFLE];
/* count processed auswer ips */
int answer_count = 0;
int is_no_auth_answer = 0;
/* tmp count for record */
int tmp_count = 0;
UNUSED(state);
/*
* Convert 'rdataset' to wire format, compressing names as specified
* in cctx, and storing the result in 'target'.
*/
REQUIRE(DNS_RDATASET_VALID(rdataset));
REQUIRE(countp != NULL);
REQUIRE((order == NULL) == (order_arg == NULL));
REQUIRE(cctx != NULL && cctx->mctx != NULL);
if ((rdataset->attributes & DNS_RDATASETATTR_QUESTION) != 0) {
question = ISC_TRUE;
count = 1;
result = dns_rdataset_first(rdataset);
INSIST(result == ISC_R_NOMORE);
} else if ((rdataset->attributes & DNS_RDATASETATTR_NEGATIVE) != 0) {
/*
* This is a negative caching rdataset.
*/
unsigned int ncache_opts = 0;
if ((options & DNS_RDATASETTOWIRE_OMITDNSSEC) != 0)
ncache_opts |= DNS_NCACHETOWIRE_OMITDNSSEC;
return (dns_ncache_towire(rdataset, cctx, target, ncache_opts,
countp));
} else {
count = (rdataset->methods->count)(rdataset);
result = dns_rdataset_first(rdataset);
if (result == ISC_R_NOMORE)
return (ISC_R_SUCCESS);
if (result != ISC_R_SUCCESS)
return (result);
}
/*
* Do we want to shuffle this answer?
*/
if (!question && count > 1 &&
(!WANT_FIXED(rdataset) || order != NULL) &&
rdataset->type != dns_rdatatype_rrsig)
shuffle = ISC_TRUE;
if (shuffle && count > MAX_SHUFFLE) {
shuffled = isc_mem_get(cctx->mctx, count * sizeof(*shuffled));
sorted = isc_mem_get(cctx->mctx, count * sizeof(*sorted));
if (shuffled == NULL || sorted == NULL)
shuffle = ISC_FALSE;
} else {
shuffled = shuffled_fixed;
sorted = sorted_fixed;
}
if (shuffle) {
/*
* First we get handles to all of the rdata.
*/
i = 0;
do {
INSIST(i < count);
dns_rdata_init(&shuffled[i]);
dns_rdataset_current(rdataset, &shuffled[i]);
i++;
result = dns_rdataset_next(rdataset);
} while (result == ISC_R_SUCCESS);
if (result != ISC_R_NOMORE)
goto cleanup;
INSIST(i == count);
/*
* Now we shuffle.
*/
if (WANT_FIXED(rdataset)) {
/*
* 'Fixed' order.
*/
INSIST(order != NULL);
for (i = 0; i < count; i++) {
sorted[i].key = (*order)(&shuffled[i],
order_arg);
sorted[i].rdata = &shuffled[i];
}
} else if (WANT_RANDOM(rdataset)) {
/*
* 'Random' order.
*/
for (i = 0; i < count; i++) {
dns_rdata_t rdata;
isc_uint32_t val;
isc_random_get(&val);
choice = i + (val % (count - i));
rdata = shuffled[i];
shuffled[i] = shuffled[choice];
shuffled[choice] = rdata;
if (order != NULL)
sorted[i].key = (*order)(&shuffled[i],
order_arg);
else
sorted[i].key = 0; /* Unused */
sorted[i].rdata = &shuffled[i];
}
} else {
/*
* "Cyclic" order.
*/
isc_uint32_t val;
unsigned int j;
val = rdataset->count;
if (val == ISC_UINT32_MAX)
isc_random_get(&val);
j = val % count;
for (i = 0; i < count; i++) {
if (order != NULL)
sorted[i].key = (*order)(&shuffled[j],
order_arg);
else
sorted[i].key = 0; /* Unused */
sorted[i].rdata = &shuffled[j];
j++;
if (j == count)
j = 0; /* Wrap around. */
}
}
/*
* Sorted order.
*/
if (order != NULL)
qsort(sorted, count, sizeof(sorted[0]),
towire_compare);
}
savedbuffer = *target;
i = 0;
added = 0;
// save the count here
tmp_count = count;
do {
/*
* Copy out the name, type, class, ttl.
*/
/* mark if is answer data. */
is_no_auth_answer = 0;
/* Answer from a non-authoritative server,we set the ttl fixed as 500. */
if(rdataset->attributes == DNS_RDATASETATTR_LOADORDER &&
rdataset->type == dns_rdatatype_a){
/* Answer from a non-authoritative server,we set the ttl fixed as 500. */
if(rdataset->trust == dns_trust_answer ){
is_no_auth_answer = 1;
}
/* for all multi-ip answer,if set DNS_ANSWER_ONLY_ONE_IP flag, return only 1 ip. */
if(answer_count == 0){
answer_count ++;
}else{
if( DNS_ANSWER_ONLY_ONE_IP ){
//fprintf(stderr,"DNS_ANSWER_ONLY_ONE_IP set,skip. \n");
if (shuffle) {
tmp_count--;
if (i == tmp_count)
result = ISC_R_NOMORE;
else
result = ISC_R_SUCCESS;
} else {
result = dns_rdataset_next(rdataset);
}
continue;
}
}
}
rrbuffer = *target;
dns_compress_setmethods(cctx, DNS_COMPRESS_GLOBAL14);
result = dns_name_towire(owner_name, cctx, target);
if (result != ISC_R_SUCCESS)
goto rollback;
headlen = sizeof(dns_rdataclass_t) + sizeof(dns_rdatatype_t);
if (!question)
headlen += sizeof(dns_ttl_t)
+ 2; /* XXX 2 for rdata len */
isc_buffer_availableregion(target, &r);
if (r.length < headlen) {
result = ISC_R_NOSPACE;
goto rollback;
}
isc_buffer_putuint16(target, rdataset->type);
isc_buffer_putuint16(target, rdataset->rdclass);
if (!question) {
if( is_no_auth_answer ){
isc_buffer_putuint32(target, DNS_DEFAULT_TTL_FOR_NO_AUTH_NAME);
}else{
isc_buffer_putuint32(target, rdataset->ttl);
}
//fprintf(stderr,"xxxxxxxxx:trust : %d artr: %d ttl:%d cover: %d type: %d count: %d class: %d\n", rdataset->trust,rdataset->attributes,rdataset->ttl, rdataset->covers,rdataset->type, rdataset->count, rdataset->rdclass);
/*
* Save space for rdlen.
*/
rdlen = *target;
isc_buffer_add(target, 2);
/*
* Copy out the rdata
*/
if (shuffle)
rdata = *(sorted[i].rdata);
else {
dns_rdata_reset(&rdata);
dns_rdataset_current(rdataset, &rdata);
}
result = dns_rdata_towire(&rdata, cctx, target);
if (result != ISC_R_SUCCESS)
goto rollback;
INSIST((target->used >= rdlen.used + 2) &&
(target->used - rdlen.used - 2 < 65536));
isc_buffer_putuint16(&rdlen,
(isc_uint16_t)(target->used -
rdlen.used - 2));
added++;
}
if (shuffle) {
i++;
if (i == tmp_count)
result = ISC_R_NOMORE;
else
result = ISC_R_SUCCESS;
} else {
result = dns_rdataset_next(rdataset);
}
} while (result == ISC_R_SUCCESS);
if (result != ISC_R_NOMORE)
goto rollback;
*countp += tmp_count;
result = ISC_R_SUCCESS;
goto cleanup;
rollback:
if (partial && result == ISC_R_NOSPACE) {
INSIST(rrbuffer.used < 65536);
dns_compress_rollback(cctx, (isc_uint16_t)rrbuffer.used);
*countp += added;
*target = rrbuffer;
goto cleanup;
}
INSIST(savedbuffer.used < 65536);
dns_compress_rollback(cctx, (isc_uint16_t)savedbuffer.used);
*countp = 0;
*target = savedbuffer;
cleanup:
if (sorted != NULL && sorted != sorted_fixed)
isc_mem_put(cctx->mctx, sorted, count * sizeof(*sorted));
if (shuffled != NULL && shuffled != shuffled_fixed)
isc_mem_put(cctx->mctx, shuffled, count * sizeof(*shuffled));
return (result);
}
static isc_result_t
detailsection(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers,
dns_section_t section) {
isc_result_t result, loopresult;
dns_name_t *name;
dns_rdataset_t *rdataset = NULL;
dns_rdata_t rdata = DNS_RDATA_INIT;
char namebuf[DNS_NAME_FORMATSIZE];
UNUSED(query);
debug("detailsection()");
if (headers) {
switch (section) {
case DNS_SECTION_QUESTION:
puts(" QUESTIONS:");
break;
case DNS_SECTION_ANSWER:
puts(" ANSWERS:");
break;
case DNS_SECTION_AUTHORITY:
puts(" AUTHORITY RECORDS:");
break;
case DNS_SECTION_ADDITIONAL:
puts(" ADDITIONAL RECORDS:");
break;
}
}
result = dns_message_firstname(msg, section);
if (result == ISC_R_NOMORE)
return (ISC_R_SUCCESS);
else if (result != ISC_R_SUCCESS)
return (result);
for (;;) {
name = NULL;
dns_message_currentname(msg, section,
&name);
for (rdataset = ISC_LIST_HEAD(name->list);
rdataset != NULL;
rdataset = ISC_LIST_NEXT(rdataset, link)) {
if (section == DNS_SECTION_QUESTION) {
dns_name_format(name, namebuf,
sizeof(namebuf));
printf("\t%s, ", namebuf);
dns_rdatatype_format(rdataset->type,
namebuf,
sizeof(namebuf));
printf("type = %s, ", namebuf);
dns_rdataclass_format(rdataset->rdclass,
namebuf,
sizeof(namebuf));
printf("class = %s\n", namebuf);
}
loopresult = dns_rdataset_first(rdataset);
while (loopresult == ISC_R_SUCCESS) {
dns_rdataset_current(rdataset, &rdata);
dns_name_format(name, namebuf,
sizeof(namebuf));
printf(" -> %s\n", namebuf);
switch (rdata.type) {
case dns_rdatatype_soa:
printsoa(&rdata);
break;
default:
printf("\t");
printrdata(&rdata);
}
dns_rdata_reset(&rdata);
printf("\tttl = %u\n", rdataset->ttl);
loopresult = dns_rdataset_next(rdataset);
}
}
result = dns_message_nextname(msg, section);
if (result == ISC_R_NOMORE)
break;
else if (result != ISC_R_SUCCESS) {
return (result);
}
}
return (ISC_R_SUCCESS);
}
isc_result_t
dns_dnssec_findzonekeys2(dns_db_t *db, dns_dbversion_t *ver,
dns_dbnode_t *node, dns_name_t *name,
const char *directory, isc_mem_t *mctx,
unsigned int maxkeys, dst_key_t **keys,
unsigned int *nkeys)
{
dns_rdataset_t rdataset;
dns_rdata_t rdata = DNS_RDATA_INIT;
isc_result_t result;
dst_key_t *pubkey = NULL;
unsigned int count = 0;
REQUIRE(nkeys != NULL);
REQUIRE(keys != NULL);
*nkeys = 0;
dns_rdataset_init(&rdataset);
RETERR(dns_db_findrdataset(db, node, ver, dns_rdatatype_dnskey, 0, 0,
&rdataset, NULL));
RETERR(dns_rdataset_first(&rdataset));
while (result == ISC_R_SUCCESS && count < maxkeys) {
pubkey = NULL;
dns_rdataset_current(&rdataset, &rdata);
RETERR(dns_dnssec_keyfromrdata(name, &rdata, mctx, &pubkey));
if (!is_zone_key(pubkey) ||
(dst_key_flags(pubkey) & DNS_KEYTYPE_NOAUTH) != 0)
goto next;
keys[count] = NULL;
result = dst_key_fromfile(dst_key_name(pubkey),
dst_key_id(pubkey),
dst_key_alg(pubkey),
DST_TYPE_PUBLIC|DST_TYPE_PRIVATE,
directory,
mctx, &keys[count]);
if (result == ISC_R_FILENOTFOUND) {
keys[count] = pubkey;
pubkey = NULL;
count++;
goto next;
}
if (result != ISC_R_SUCCESS)
goto failure;
if ((dst_key_flags(keys[count]) & DNS_KEYTYPE_NOAUTH) != 0) {
/* We should never get here. */
dst_key_free(&keys[count]);
goto next;
}
count++;
next:
if (pubkey != NULL)
dst_key_free(&pubkey);
dns_rdata_reset(&rdata);
result = dns_rdataset_next(&rdataset);
}
if (result != ISC_R_NOMORE)
goto failure;
if (count == 0)
result = ISC_R_NOTFOUND;
else
result = ISC_R_SUCCESS;
failure:
if (dns_rdataset_isassociated(&rdataset))
dns_rdataset_disassociate(&rdataset);
if (pubkey != NULL)
dst_key_free(&pubkey);
if (result != ISC_R_SUCCESS)
while (count > 0)
dst_key_free(&keys[--count]);
*nkeys = count;
return (result);
}
int
main(int argc, char **argv) {
char *algname = NULL, *classname = NULL;
char *filename = NULL, *dir = NULL, *namestr;
char *lookaside = NULL;
char *endp;
int ch;
unsigned int dtype = DNS_DSDIGEST_SHA1;
isc_boolean_t both = ISC_TRUE;
isc_boolean_t usekeyset = ISC_FALSE;
isc_boolean_t showall = ISC_FALSE;
isc_result_t result;
isc_log_t *log = NULL;
isc_entropy_t *ectx = NULL;
dns_rdataset_t rdataset;
dns_rdata_t rdata;
dns_rdata_init(&rdata);
if (argc == 1)
usage();
result = isc_mem_create(0, 0, &mctx);
if (result != ISC_R_SUCCESS)
fatal("out of memory");
dns_result_register();
isc_commandline_errprint = ISC_FALSE;
while ((ch = isc_commandline_parse(argc, argv,
"12Aa:c:d:Ff:K:l:sv:h")) != -1) {
switch (ch) {
case '1':
dtype = DNS_DSDIGEST_SHA1;
both = ISC_FALSE;
break;
case '2':
dtype = DNS_DSDIGEST_SHA256;
both = ISC_FALSE;
break;
case 'A':
showall = ISC_TRUE;
break;
case 'a':
algname = isc_commandline_argument;
both = ISC_FALSE;
break;
case 'c':
classname = isc_commandline_argument;
break;
case 'd':
fprintf(stderr, "%s: the -d option is deprecated; "
"use -K\n", program);
/* fall through */
case 'K':
dir = isc_commandline_argument;
if (strlen(dir) == 0U)
fatal("directory must be non-empty string");
break;
case 'f':
filename = isc_commandline_argument;
break;
case 'l':
lookaside = isc_commandline_argument;
if (strlen(lookaside) == 0U)
fatal("lookaside must be a non-empty string");
break;
case 's':
usekeyset = ISC_TRUE;
break;
case 'v':
verbose = strtol(isc_commandline_argument, &endp, 0);
if (*endp != '\0')
fatal("-v must be followed by a number");
break;
case 'F':
/* Reserved for FIPS mode */
/* FALLTHROUGH */
case '?':
if (isc_commandline_option != '?')
fprintf(stderr, "%s: invalid argument -%c\n",
program, isc_commandline_option);
/* FALLTHROUGH */
case 'h':
usage();
default:
fprintf(stderr, "%s: unhandled option -%c\n",
program, isc_commandline_option);
exit(1);
}
}
if (algname != NULL) {
if (strcasecmp(algname, "SHA1") == 0 ||
strcasecmp(algname, "SHA-1") == 0)
dtype = DNS_DSDIGEST_SHA1;
else if (strcasecmp(algname, "SHA256") == 0 ||
strcasecmp(algname, "SHA-256") == 0)
dtype = DNS_DSDIGEST_SHA256;
#ifdef HAVE_OPENSSL_GOST
else if (strcasecmp(algname, "GOST") == 0)
dtype = DNS_DSDIGEST_GOST;
#endif
else if (strcasecmp(algname, "SHA384") == 0 ||
strcasecmp(algname, "SHA-384") == 0)
dtype = DNS_DSDIGEST_SHA384;
else
fatal("unknown algorithm %s", algname);
}
rdclass = strtoclass(classname);
if (usekeyset && filename != NULL)
fatal("cannot use both -s and -f");
/* When not using -f, -A is implicit */
if (filename == NULL)
showall = ISC_TRUE;
if (argc < isc_commandline_index + 1 && filename == NULL)
fatal("the key file name was not specified");
if (argc > isc_commandline_index + 1)
fatal("extraneous arguments");
if (ectx == NULL)
setup_entropy(mctx, NULL, &ectx);
result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
if (result != ISC_R_SUCCESS)
fatal("could not initialize hash");
result = dst_lib_init(mctx, ectx,
ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
if (result != ISC_R_SUCCESS)
fatal("could not initialize dst: %s",
isc_result_totext(result));
isc_entropy_stopcallbacksources(ectx);
setup_logging(verbose, mctx, &log);
dns_rdataset_init(&rdataset);
if (usekeyset || filename != NULL) {
if (argc < isc_commandline_index + 1 && filename != NULL) {
/* using zone name as the zone file name */
namestr = filename;
} else
namestr = argv[isc_commandline_index];
result = initname(namestr);
if (result != ISC_R_SUCCESS)
fatal("could not initialize name %s", namestr);
if (usekeyset)
result = loadkeyset(dir, &rdataset);
else
result = loadsetfromfile(filename, &rdataset);
if (result != ISC_R_SUCCESS)
fatal("could not load DNSKEY set: %s\n",
isc_result_totext(result));
for (result = dns_rdataset_first(&rdataset);
result == ISC_R_SUCCESS;
result = dns_rdataset_next(&rdataset)) {
dns_rdata_init(&rdata);
dns_rdataset_current(&rdataset, &rdata);
if (verbose > 2)
logkey(&rdata);
if (both) {
emit(DNS_DSDIGEST_SHA1, showall, lookaside,
&rdata);
emit(DNS_DSDIGEST_SHA256, showall, lookaside,
&rdata);
} else
emit(dtype, showall, lookaside, &rdata);
}
} else {
unsigned char key_buf[DST_KEY_MAXSIZE];
loadkey(argv[isc_commandline_index], key_buf,
DST_KEY_MAXSIZE, &rdata);
if (both) {
emit(DNS_DSDIGEST_SHA1, showall, lookaside, &rdata);
emit(DNS_DSDIGEST_SHA256, showall, lookaside, &rdata);
} else
emit(dtype, showall, lookaside, &rdata);
}
if (dns_rdataset_isassociated(&rdataset))
dns_rdataset_disassociate(&rdataset);
cleanup_logging(&log);
dst_lib_destroy();
isc_hash_destroy();
cleanup_entropy(&ectx);
dns_name_destroy();
if (verbose > 10)
isc_mem_stats(mctx, stdout);
isc_mem_destroy(&mctx);
fflush(stdout);
if (ferror(stdout)) {
fprintf(stderr, "write error\n");
return (1);
} else
return (0);
}
int
main (int *argc, char **argv)
{
isc_mem_t *mctx = NULL;
isc_entropy_t *ectx = NULL;
isc_result_t result;
char *basedn;
ldap_info *tmp;
LDAPMod *base_attrs[2];
LDAPMod base;
isc_buffer_t buff;
char *zonefile;
char fullbasedn[1024];
char *ctmp;
dns_fixedname_t fixedzone, fixedname;
dns_rdataset_t rdataset;
char **dc_list;
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_rdatasetiter_t *riter;
dns_name_t *zone, *name;
dns_db_t *db = NULL;
dns_dbiterator_t *dbit = NULL;
dns_dbnode_t *node;
extern char *optarg;
extern int optind, opterr, optopt;
int create_base = 0;
int topt;
if ((int) argc < 2)
{
usage ();
exit (-1);
}
while ((topt = getopt ((int) argc, argv, "D:w:b:z:f:h:?dcv")) != -1)
{
switch (topt)
{
case 'v':
printf("%s\n", VERSION);
exit(0);
case 'c':
create_base++;
break;
case 'd':
debug++;
break;
case 'D':
binddn = strdup (optarg);
break;
case 'w':
bindpw = strdup (optarg);
break;
case 'b':
ldapbase = strdup (optarg);
break;
case 'z':
argzone = strdup (optarg);
// We wipe argzone all to hell when we parse it for the DN */
gbl_zone = strdup(argzone);
break;
case 'f':
zonefile = strdup (optarg);
break;
case 'h':
ldapsystem = strdup (optarg);
break;
case '?':
default:
usage ();
exit (0);
}
}
if ((argzone == NULL) || (zonefile == NULL))
{
usage ();
exit (-1);
}
if (debug)
printf ("Initializing ISC Routines, parsing zone file\n");
result = isc_mem_create (0, 0, &mctx);
isc_result_check (result, "isc_mem_create");
result = isc_entropy_create(mctx, &ectx);
isc_result_check (result, "isc_entropy_create");
result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
isc_result_check (result, "isc_hash_create");
isc_buffer_init (&buff, argzone, strlen (argzone));
isc_buffer_add (&buff, strlen (argzone));
dns_fixedname_init (&fixedzone);
zone = dns_fixedname_name (&fixedzone);
result = dns_name_fromtext (zone, &buff, dns_rootname, 0, NULL);
isc_result_check (result, "dns_name_fromtext");
result = dns_db_create (mctx, "rbt", zone, dns_dbtype_zone,
dns_rdataclass_in, 0, NULL, &db);
isc_result_check (result, "dns_db_create");
result = dns_db_load (db, zonefile);
isc_result_check (result, "Check Zone Syntax: dns_db_load");
result = dns_db_createiterator (db, 0, &dbit);
isc_result_check (result, "dns_db_createiterator");
result = dns_dbiterator_first (dbit);
isc_result_check (result, "dns_dbiterator_first");
dns_fixedname_init (&fixedname);
name = dns_fixedname_name (&fixedname);
dns_rdataset_init (&rdataset);
dns_rdata_init (&rdata);
while (result == ISC_R_SUCCESS)
{
node = NULL;
result = dns_dbiterator_current (dbit, &node, name);
if (result == ISC_R_NOMORE)
break;
isc_result_check (result, "dns_dbiterator_current");
riter = NULL;
result = dns_db_allrdatasets (db, node, NULL, 0, &riter);
isc_result_check (result, "dns_db_allrdatasets");
result = dns_rdatasetiter_first (riter);
//isc_result_check(result, "dns_rdatasetiter_first");
while (result == ISC_R_SUCCESS)
{
dns_rdatasetiter_current (riter, &rdataset);
result = dns_rdataset_first (&rdataset);
isc_result_check (result, "dns_rdatasetiter_current");
while (result == ISC_R_SUCCESS)
{
dns_rdataset_current (&rdataset, &rdata);
generate_ldap (name, &rdata, rdataset.ttl);
dns_rdata_reset (&rdata);
result = dns_rdataset_next (&rdataset);
}
dns_rdataset_disassociate (&rdataset);
result = dns_rdatasetiter_next (riter);
}
dns_rdatasetiter_destroy (&riter);
result = dns_dbiterator_next (dbit);
}
/* Initialize the LDAP Connection */
if (debug)
printf ("Initializing LDAP Connection to %s as %s\n", ldapsystem, binddn);
init_ldap_conn ();
if (create_base)
{
if (debug)
printf ("Creating base zone DN %s\n", argzone);
dc_list = hostname_to_dn_list (argzone, argzone, DNS_TOP);
basedn = build_dn_from_dc_list (dc_list, 0, NO_SPEC);
for (ctmp = &basedn[strlen (basedn)]; ctmp >= &basedn[0]; ctmp--)
{
if ((*ctmp == ',') || (ctmp == &basedn[0]))
{
base.mod_op = LDAP_MOD_ADD;
base.mod_type = "objectClass";
base.mod_values = topObjectClasses;
base_attrs[0] = &base;
base_attrs[1] = NULL;
if (ldapbase)
{
if (ctmp != &basedn[0])
sprintf (fullbasedn, "%s,%s", ctmp + 1, ldapbase);
else
sprintf (fullbasedn, "%s,%s", ctmp, ldapbase);
}
else
{
if (ctmp != &basedn[0])
sprintf (fullbasedn, "%s", ctmp + 1);
else
sprintf (fullbasedn, "%s", ctmp);
}
result = ldap_add_s (conn, fullbasedn, base_attrs);
ldap_result_check ("intial ldap_add_s", fullbasedn, result);
}
}
}
else
{
if (debug)
printf ("Skipping zone base dn creation for %s\n", argzone);
}
for (tmp = ldap_info_base; tmp != NULL; tmp = tmp->next)
{
if (debug)
printf ("Adding DN: %s\n", tmp->dn);
add_ldap_values (tmp);
}
if (debug)
printf("Operation Complete.\n");
/* Cleanup */
isc_hash_destroy();
isc_entropy_detach(&ectx);
isc_mem_destroy(&mctx);
if (zonefile)
free(zonefile);
return 0;
}
int
main(int argc, char **argv) {
char *porigin, *zonefile;
dns_fixedname_t forigin, fname;
dns_name_t *origin, *name;
dns_db_t *db = NULL;
dns_dbiterator_t *dbiter;
dns_dbnode_t *node;
dns_rdatasetiter_t *rdsiter;
dns_rdataset_t rdataset;
dns_rdata_t rdata = DNS_RDATA_INIT;
isc_mem_t *mctx = NULL;
isc_entropy_t *ectx = NULL;
isc_buffer_t b;
isc_result_t result;
PGresult *res;
if (argc != 5) {
printf("usage: %s origin file dbname dbtable\n", argv[0]);
printf("Note that dbname must be an existing database.\n");
exit(1);
}
porigin = argv[1];
zonefile = argv[2];
dbname = argv[3];
dbtable = argv[4];
dns_result_register();
mctx = NULL;
result = isc_mem_create(0, 0, &mctx);
check_result(result, "isc_mem_create");
result = isc_entropy_create(mctx, &ectx);
result_check (result, "isc_entropy_create");
result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
check_result (result, "isc_hash_create");
isc_buffer_init(&b, porigin, strlen(porigin));
isc_buffer_add(&b, strlen(porigin));
dns_fixedname_init(&forigin);
origin = dns_fixedname_name(&forigin);
result = dns_name_fromtext(origin, &b, dns_rootname, ISC_FALSE, NULL);
check_result(result, "dns_name_fromtext");
db = NULL;
result = dns_db_create(mctx, "rbt", origin, dns_dbtype_zone,
dns_rdataclass_in, 0, NULL, &db);
check_result(result, "dns_db_create");
result = dns_db_load(db, zonefile);
if (result == DNS_R_SEENINCLUDE)
result = ISC_R_SUCCESS;
check_result(result, "dns_db_load");
printf("Connecting to '%s'\n", dbname);
conn = PQsetdb(NULL, NULL, NULL, NULL, dbname);
if (PQstatus(conn) == CONNECTION_BAD) {
fprintf(stderr, "Connection to database '%s' failed: %s\n",
dbname, PQerrorMessage(conn));
closeandexit(1);
}
snprintf(str, sizeof(str),
"DROP TABLE %s", dbtable);
printf("%s\n", str);
res = PQexec(conn, str);
if (!res || PQresultStatus(res) != PGRES_COMMAND_OK)
fprintf(stderr, "DROP TABLE command failed: %s\n",
PQresultErrorMessage(res));
PQclear(res);
snprintf(str, sizeof(str), "BEGIN");
printf("%s\n", str);
res = PQexec(conn, str);
if (!res || PQresultStatus(res) != PGRES_COMMAND_OK) {
fprintf(stderr, "BEGIN command failed: %s\n",
PQresultErrorMessage(res));
PQclear(res);
closeandexit(1);
}
PQclear(res);
snprintf(str, sizeof(str),
"CREATE TABLE %s "
"(NAME TEXT, TTL INTEGER, RDTYPE TEXT, RDATA TEXT)",
dbtable);
printf("%s\n", str);
res = PQexec(conn, str);
if (!res || PQresultStatus(res) != PGRES_COMMAND_OK) {
fprintf(stderr, "CREATE TABLE command failed: %s\n",
PQresultErrorMessage(res));
PQclear(res);
closeandexit(1);
}
PQclear(res);
dbiter = NULL;
result = dns_db_createiterator(db, ISC_FALSE, &dbiter);
check_result(result, "dns_db_createiterator()");
result = dns_dbiterator_first(dbiter);
check_result(result, "dns_dbiterator_first");
dns_fixedname_init(&fname);
name = dns_fixedname_name(&fname);
dns_rdataset_init(&rdataset);
dns_rdata_init(&rdata);
while (result == ISC_R_SUCCESS) {
node = NULL;
result = dns_dbiterator_current(dbiter, &node, name);
if (result == ISC_R_NOMORE)
break;
check_result(result, "dns_dbiterator_current");
rdsiter = NULL;
result = dns_db_allrdatasets(db, node, NULL, 0, &rdsiter);
check_result(result, "dns_db_allrdatasets");
result = dns_rdatasetiter_first(rdsiter);
while (result == ISC_R_SUCCESS) {
dns_rdatasetiter_current(rdsiter, &rdataset);
result = dns_rdataset_first(&rdataset);
check_result(result, "dns_rdataset_first");
while (result == ISC_R_SUCCESS) {
dns_rdataset_current(&rdataset, &rdata);
addrdata(name, rdataset.ttl, &rdata);
dns_rdata_reset(&rdata);
result = dns_rdataset_next(&rdataset);
}
dns_rdataset_disassociate(&rdataset);
result = dns_rdatasetiter_next(rdsiter);
}
dns_rdatasetiter_destroy(&rdsiter);
dns_db_detachnode(db, &node);
result = dns_dbiterator_next(dbiter);
}
snprintf(str, sizeof(str), "COMMIT TRANSACTION");
printf("%s\n", str);
res = PQexec(conn, str);
if (!res || PQresultStatus(res) != PGRES_COMMAND_OK) {
fprintf(stderr, "COMMIT command failed: %s\n",
PQresultErrorMessage(res));
PQclear(res);
closeandexit(1);
}
PQclear(res);
dns_dbiterator_destroy(&dbiter);
dns_db_detach(&db);
isc_hash_destroy();
isc_entropy_detach(&ectx);
isc_mem_destroy(&mctx);
closeandexit(0);
exit(0);
}
void
ns_xfr_start(ns_client_t *client, dns_rdatatype_t reqtype) {
isc_result_t result;
dns_name_t *question_name;
dns_rdataset_t *question_rdataset;
dns_zone_t *zone = NULL, *raw = NULL, *mayberaw;
dns_db_t *db = NULL;
dns_dbversion_t *ver = NULL;
dns_rdataclass_t question_class;
rrstream_t *soa_stream = NULL;
rrstream_t *data_stream = NULL;
rrstream_t *stream = NULL;
dns_difftuple_t *current_soa_tuple = NULL;
dns_name_t *soa_name;
dns_rdataset_t *soa_rdataset;
dns_rdata_t soa_rdata = DNS_RDATA_INIT;
isc_boolean_t have_soa = ISC_FALSE;
const char *mnemonic = NULL;
isc_mem_t *mctx = client->mctx;
dns_message_t *request = client->message;
xfrout_ctx_t *xfr = NULL;
isc_quota_t *quota = NULL;
dns_transfer_format_t format = client->view->transfer_format;
isc_netaddr_t na;
dns_peer_t *peer = NULL;
isc_buffer_t *tsigbuf = NULL;
char *journalfile;
char msg[NS_CLIENT_ACLMSGSIZE("zone transfer")];
char keyname[DNS_NAME_FORMATSIZE];
isc_boolean_t is_poll = ISC_FALSE;
isc_boolean_t is_dlz = ISC_FALSE;
isc_boolean_t is_ixfr = ISC_FALSE;
isc_uint32_t begin_serial = 0, current_serial;
switch (reqtype) {
case dns_rdatatype_axfr:
mnemonic = "AXFR";
break;
case dns_rdatatype_ixfr:
mnemonic = "IXFR";
break;
default:
INSIST(0);
break;
}
ns_client_log(client,
DNS_LOGCATEGORY_XFER_OUT, NS_LOGMODULE_XFER_OUT,
ISC_LOG_DEBUG(6), "%s request", mnemonic);
/*
* Apply quota.
*/
result = isc_quota_attach(&ns_g_server->xfroutquota, "a);
if (result != ISC_R_SUCCESS) {
isc_log_write(XFROUT_COMMON_LOGARGS, ISC_LOG_WARNING,
"%s request denied: %s", mnemonic,
isc_result_totext(result));
goto failure;
}
/*
* Interpret the question section.
*/
result = dns_message_firstname(request, DNS_SECTION_QUESTION);
INSIST(result == ISC_R_SUCCESS);
/*
* The question section must contain exactly one question, and
* it must be for AXFR/IXFR as appropriate.
*/
question_name = NULL;
dns_message_currentname(request, DNS_SECTION_QUESTION, &question_name);
question_rdataset = ISC_LIST_HEAD(question_name->list);
question_class = question_rdataset->rdclass;
INSIST(question_rdataset->type == reqtype);
if (ISC_LIST_NEXT(question_rdataset, link) != NULL)
FAILC(DNS_R_FORMERR, "multiple questions");
result = dns_message_nextname(request, DNS_SECTION_QUESTION);
if (result != ISC_R_NOMORE)
FAILC(DNS_R_FORMERR, "multiple questions");
result = dns_zt_find(client->view->zonetable, question_name, 0, NULL,
&zone);
if (result != ISC_R_SUCCESS) {
/*
* Normal zone table does not have a match.
* Try the DLZ database
*/
// Temporary: only searching the first DLZ database
if (! ISC_LIST_EMPTY(client->view->dlz_searched)) {
result = dns_dlzallowzonexfr(client->view,
question_name,
&client->peeraddr,
&db);
pfilter_notify(result, client, "zonexfr");
if (result == ISC_R_NOPERM) {
char _buf1[DNS_NAME_FORMATSIZE];
char _buf2[DNS_RDATACLASS_FORMATSIZE];
result = DNS_R_REFUSED;
dns_name_format(question_name, _buf1,
sizeof(_buf1));
dns_rdataclass_format(question_class,
_buf2, sizeof(_buf2));
ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
NS_LOGMODULE_XFER_OUT,
ISC_LOG_ERROR,
"zone transfer '%s/%s' denied",
_buf1, _buf2);
goto failure;
}
if (result != ISC_R_SUCCESS)
FAILQ(DNS_R_NOTAUTH, "non-authoritative zone",
question_name, question_class);
is_dlz = ISC_TRUE;
} else {
/*
* not DLZ and not in normal zone table, we are
* not authoritative
*/
FAILQ(DNS_R_NOTAUTH, "non-authoritative zone",
question_name, question_class);
}
} else {
/* zone table has a match */
switch(dns_zone_gettype(zone)) {
/* Master and slave zones are OK for transfer. */
case dns_zone_master:
case dns_zone_slave:
case dns_zone_dlz:
break;
default:
FAILQ(DNS_R_NOTAUTH, "non-authoritative zone",
question_name, question_class);
}
CHECK(dns_zone_getdb(zone, &db));
dns_db_currentversion(db, &ver);
}
xfrout_log1(client, question_name, question_class, ISC_LOG_DEBUG(6),
"%s question section OK", mnemonic);
/*
* Check the authority section. Look for a SOA record with
* the same name and class as the question.
*/
for (result = dns_message_firstname(request, DNS_SECTION_AUTHORITY);
result == ISC_R_SUCCESS;
result = dns_message_nextname(request, DNS_SECTION_AUTHORITY))
{
soa_name = NULL;
dns_message_currentname(request, DNS_SECTION_AUTHORITY,
&soa_name);
/*
* Ignore data whose owner name is not the zone apex.
*/
if (! dns_name_equal(soa_name, question_name))
continue;
for (soa_rdataset = ISC_LIST_HEAD(soa_name->list);
soa_rdataset != NULL;
soa_rdataset = ISC_LIST_NEXT(soa_rdataset, link))
{
/*
* Ignore non-SOA data.
*/
if (soa_rdataset->type != dns_rdatatype_soa)
continue;
if (soa_rdataset->rdclass != question_class)
continue;
CHECK(dns_rdataset_first(soa_rdataset));
dns_rdataset_current(soa_rdataset, &soa_rdata);
result = dns_rdataset_next(soa_rdataset);
if (result == ISC_R_SUCCESS)
FAILC(DNS_R_FORMERR,
"IXFR authority section "
"has multiple SOAs");
have_soa = ISC_TRUE;
goto got_soa;
}
}
got_soa:
if (result != ISC_R_NOMORE)
CHECK(result);
xfrout_log1(client, question_name, question_class, ISC_LOG_DEBUG(6),
"%s authority section OK", mnemonic);
/*
* If not a DLZ zone, decide whether to allow this transfer.
*/
if (!is_dlz) {
ns_client_aclmsg("zone transfer", question_name, reqtype,
client->view->rdclass, msg, sizeof(msg));
CHECK(ns_client_checkacl(client, NULL, msg,
dns_zone_getxfracl(zone),
ISC_TRUE, ISC_LOG_ERROR));
}
/*
* AXFR over UDP is not possible.
*/
if (reqtype == dns_rdatatype_axfr &&
(client->attributes & NS_CLIENTATTR_TCP) == 0)
FAILC(DNS_R_FORMERR, "attempted AXFR over UDP");
/*
* Look up the requesting server in the peer table.
*/
isc_netaddr_fromsockaddr(&na, &client->peeraddr);
(void)dns_peerlist_peerbyaddr(client->view->peers, &na, &peer);
/*
* Decide on the transfer format (one-answer or many-answers).
*/
if (peer != NULL)
(void)dns_peer_gettransferformat(peer, &format);
/*
* Get a dynamically allocated copy of the current SOA.
*/
if (is_dlz)
dns_db_currentversion(db, &ver);
CHECK(dns_db_createsoatuple(db, ver, mctx, DNS_DIFFOP_EXISTS,
¤t_soa_tuple));
current_serial = dns_soa_getserial(¤t_soa_tuple->rdata);
if (reqtype == dns_rdatatype_ixfr) {
isc_boolean_t provide_ixfr;
/*
* Outgoing IXFR may have been disabled for this peer
* or globally.
*/
provide_ixfr = client->view->provideixfr;
if (peer != NULL)
(void) dns_peer_getprovideixfr(peer, &provide_ixfr);
if (provide_ixfr == ISC_FALSE)
goto axfr_fallback;
if (! have_soa)
FAILC(DNS_R_FORMERR,
"IXFR request missing SOA");
begin_serial = dns_soa_getserial(&soa_rdata);
/*
* RFC1995 says "If an IXFR query with the same or
* newer version number than that of the server
* is received, it is replied to with a single SOA
* record of the server's current version, just as
* in AXFR". The claim about AXFR is incorrect,
* but other than that, we do as the RFC says.
*
* Sending a single SOA record is also how we refuse
* IXFR over UDP (currently, we always do).
*/
if (DNS_SERIAL_GE(begin_serial, current_serial) ||
(client->attributes & NS_CLIENTATTR_TCP) == 0)
{
CHECK(soa_rrstream_create(mctx, db, ver, &stream));
is_poll = ISC_TRUE;
goto have_stream;
}
journalfile = is_dlz ? NULL : dns_zone_getjournal(zone);
if (journalfile != NULL)
result = ixfr_rrstream_create(mctx,
journalfile,
begin_serial,
current_serial,
&data_stream);
else
result = ISC_R_NOTFOUND;
if (result == ISC_R_NOTFOUND ||
result == ISC_R_RANGE) {
xfrout_log1(client, question_name, question_class,
ISC_LOG_DEBUG(4),
"IXFR version not in journal, "
"falling back to AXFR");
mnemonic = "AXFR-style IXFR";
goto axfr_fallback;
}
CHECK(result);
is_ixfr = ISC_TRUE;
} else {
axfr_fallback:
CHECK(axfr_rrstream_create(mctx, db, ver, &data_stream));
}
/*
* Bracket the data stream with SOAs.
*/
CHECK(soa_rrstream_create(mctx, db, ver, &soa_stream));
CHECK(compound_rrstream_create(mctx, &soa_stream, &data_stream,
&stream));
soa_stream = NULL;
data_stream = NULL;
have_stream:
CHECK(dns_message_getquerytsig(request, mctx, &tsigbuf));
/*
* Create the xfrout context object. This transfers the ownership
* of "stream", "db", "ver", and "quota" to the xfrout context object.
*/
if (is_dlz)
CHECK(xfrout_ctx_create(mctx, client, request->id,
question_name, reqtype, question_class,
zone, db, ver, quota, stream,
dns_message_gettsigkey(request),
tsigbuf,
3600,
3600,
(format == dns_many_answers) ?
ISC_TRUE : ISC_FALSE,
&xfr));
else
CHECK(xfrout_ctx_create(mctx, client, request->id,
question_name, reqtype, question_class,
zone, db, ver, quota, stream,
dns_message_gettsigkey(request),
tsigbuf,
dns_zone_getmaxxfrout(zone),
dns_zone_getidleout(zone),
(format == dns_many_answers) ?
ISC_TRUE : ISC_FALSE,
&xfr));
xfr->mnemonic = mnemonic;
stream = NULL;
quota = NULL;
CHECK(xfr->stream->methods->first(xfr->stream));
if (xfr->tsigkey != NULL)
dns_name_format(&xfr->tsigkey->name, keyname, sizeof(keyname));
else
keyname[0] = '\0';
if (is_poll)
xfrout_log1(client, question_name, question_class,
ISC_LOG_DEBUG(1), "IXFR poll up to date%s%s",
(xfr->tsigkey != NULL) ? ": TSIG " : "", keyname);
else if (is_ixfr)
xfrout_log1(client, question_name, question_class,
ISC_LOG_INFO, "%s started%s%s (serial %u -> %u)",
mnemonic, (xfr->tsigkey != NULL) ? ": TSIG " : "",
keyname, begin_serial, current_serial);
else
xfrout_log1(client, question_name, question_class,
ISC_LOG_INFO, "%s started%s%s (serial %u)",
mnemonic, (xfr->tsigkey != NULL) ? ": TSIG " : "",
keyname, current_serial);
if (zone != NULL) {
dns_zone_getraw(zone, &raw);
mayberaw = (raw != NULL) ? raw : zone;
if ((client->attributes & NS_CLIENTATTR_WANTEXPIRE) != 0 &&
dns_zone_gettype(mayberaw) == dns_zone_slave) {
isc_time_t expiretime;
isc_uint32_t secs;
dns_zone_getexpiretime(zone, &expiretime);
secs = isc_time_seconds(&expiretime);
if (secs >= client->now && result == ISC_R_SUCCESS) {
client->attributes |= NS_CLIENTATTR_HAVEEXPIRE;
client->expire = secs - client->now;
}
}
if (raw != NULL)
dns_zone_detach(&raw);
}
/*
* Hand the context over to sendstream(). Set xfr to NULL;
* sendstream() is responsible for either passing the
* context on to a later event handler or destroying it.
*/
sendstream(xfr);
xfr = NULL;
result = ISC_R_SUCCESS;
failure:
if (result == DNS_R_REFUSED)
inc_stats(zone, dns_nsstatscounter_xfrrej);
if (quota != NULL)
isc_quota_detach("a);
if (current_soa_tuple != NULL)
dns_difftuple_free(¤t_soa_tuple);
if (stream != NULL)
stream->methods->destroy(&stream);
if (soa_stream != NULL)
soa_stream->methods->destroy(&soa_stream);
if (data_stream != NULL)
data_stream->methods->destroy(&data_stream);
if (ver != NULL)
dns_db_closeversion(db, &ver, ISC_FALSE);
if (db != NULL)
dns_db_detach(&db);
if (zone != NULL)
dns_zone_detach(&zone);
/* XXX kludge */
if (xfr != NULL) {
xfrout_fail(xfr, result, "setting up zone transfer");
} else if (result != ISC_R_SUCCESS) {
ns_client_log(client, DNS_LOGCATEGORY_XFER_OUT,
NS_LOGMODULE_XFER_OUT,
ISC_LOG_DEBUG(3), "zone transfer setup failed");
ns_client_error(client, result);
}
}
static void
check_address_records(dns_view_t *view, dns_db_t *hints, dns_db_t *db,
dns_name_t *name, isc_stdtime_t now)
{
isc_result_t hresult, rresult, result;
dns_rdataset_t hintrrset, rootrrset;
dns_rdata_t rdata = DNS_RDATA_INIT;
dns_name_t *foundname;
dns_fixedname_t fixed;
dns_rdataset_init(&hintrrset);
dns_rdataset_init(&rootrrset);
dns_fixedname_init(&fixed);
foundname = dns_fixedname_name(&fixed);
hresult = dns_db_find(hints, name, NULL, dns_rdatatype_a, 0,
now, NULL, foundname, &hintrrset, NULL);
rresult = dns_db_find(db, name, NULL, dns_rdatatype_a,
DNS_DBFIND_GLUEOK, now, NULL, foundname,
&rootrrset, NULL);
if (hresult == ISC_R_SUCCESS &&
(rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) {
result = dns_rdataset_first(&rootrrset);
while (result == ISC_R_SUCCESS) {
dns_rdata_reset(&rdata);
dns_rdataset_current(&rootrrset, &rdata);
if (!inrrset(&hintrrset, &rdata))
report(view, name, ISC_TRUE, &rdata);
result = dns_rdataset_next(&rootrrset);
}
result = dns_rdataset_first(&hintrrset);
while (result == ISC_R_SUCCESS) {
dns_rdata_reset(&rdata);
dns_rdataset_current(&hintrrset, &rdata);
if (!inrrset(&rootrrset, &rdata))
report(view, name, ISC_FALSE, &rdata);
result = dns_rdataset_next(&hintrrset);
}
}
if (hresult == ISC_R_NOTFOUND &&
(rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) {
result = dns_rdataset_first(&rootrrset);
while (result == ISC_R_SUCCESS) {
dns_rdata_reset(&rdata);
dns_rdataset_current(&rootrrset, &rdata);
report(view, name, ISC_TRUE, &rdata);
result = dns_rdataset_next(&rootrrset);
}
}
if (dns_rdataset_isassociated(&rootrrset))
dns_rdataset_disassociate(&rootrrset);
if (dns_rdataset_isassociated(&hintrrset))
dns_rdataset_disassociate(&hintrrset);
/*
* Check AAAA records.
*/
hresult = dns_db_find(hints, name, NULL, dns_rdatatype_aaaa, 0,
now, NULL, foundname, &hintrrset, NULL);
rresult = dns_db_find(db, name, NULL, dns_rdatatype_aaaa,
DNS_DBFIND_GLUEOK, now, NULL, foundname,
&rootrrset, NULL);
if (hresult == ISC_R_SUCCESS &&
(rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) {
result = dns_rdataset_first(&rootrrset);
while (result == ISC_R_SUCCESS) {
dns_rdata_reset(&rdata);
dns_rdataset_current(&rootrrset, &rdata);
if (!inrrset(&hintrrset, &rdata))
report(view, name, ISC_TRUE, &rdata);
dns_rdata_reset(&rdata);
result = dns_rdataset_next(&rootrrset);
}
result = dns_rdataset_first(&hintrrset);
while (result == ISC_R_SUCCESS) {
dns_rdata_reset(&rdata);
dns_rdataset_current(&hintrrset, &rdata);
if (!inrrset(&rootrrset, &rdata))
report(view, name, ISC_FALSE, &rdata);
dns_rdata_reset(&rdata);
result = dns_rdataset_next(&hintrrset);
}
}
if (hresult == ISC_R_NOTFOUND &&
(rresult == ISC_R_SUCCESS || rresult == DNS_R_GLUE)) {
result = dns_rdataset_first(&rootrrset);
while (result == ISC_R_SUCCESS) {
dns_rdata_reset(&rdata);
dns_rdataset_current(&rootrrset, &rdata);
report(view, name, ISC_TRUE, &rdata);
dns_rdata_reset(&rdata);
result = dns_rdataset_next(&rootrrset);
}
}
if (dns_rdataset_isassociated(&rootrrset))
dns_rdataset_disassociate(&rootrrset);
if (dns_rdataset_isassociated(&hintrrset))
dns_rdataset_disassociate(&hintrrset);
}
static void
resolve_ns(isc_task_t *task, isc_event_t *event) {
struct probe_trans *trans = event->ev_arg;
dns_clientresevent_t *rev = (dns_clientresevent_t *)event;
dns_name_t *name;
dns_rdataset_t *rdataset;
isc_result_t result = ISC_R_SUCCESS;
dns_rdata_t rdata = DNS_RDATA_INIT;
struct probe_ns *pns;
REQUIRE(task == probe_task);
REQUIRE(trans->inuse == ISC_TRUE);
INSIST(outstanding_probes > 0);
for (name = ISC_LIST_HEAD(rev->answerlist); name != NULL;
name = ISC_LIST_NEXT(name, link)) {
for (rdataset = ISC_LIST_HEAD(name->list);
rdataset != NULL;
rdataset = ISC_LIST_NEXT(rdataset, link)) {
(void)print_rdataset(rdataset, name);
if (rdataset->type != dns_rdatatype_ns)
continue;
for (result = dns_rdataset_first(rdataset);
result == ISC_R_SUCCESS;
result = dns_rdataset_next(rdataset)) {
dns_rdata_ns_t ns;
dns_rdataset_current(rdataset, &rdata);
/*
* Extract the name from the NS record.
*/
result = dns_rdata_tostruct(&rdata, &ns, NULL);
if (result != ISC_R_SUCCESS)
continue;
pns = isc_mem_get(mctx, sizeof(*pns));
if (pns == NULL) {
fprintf(stderr,
"resolve_ns: mem_get failed");
result = ISC_R_NOMEMORY;
POST(result);
/*
* XXX: should we continue with the
* available servers anyway?
*/
goto cleanup;
}
dns_fixedname_init(&pns->fixedname);
pns->name =
dns_fixedname_name(&pns->fixedname);
ISC_LINK_INIT(pns, link);
ISC_LIST_APPEND(trans->nslist, pns, link);
ISC_LIST_INIT(pns->servers);
dns_name_copy(&ns.name, pns->name, NULL);
dns_rdata_reset(&rdata);
dns_rdata_freestruct(&ns);
}
}
}
cleanup:
dns_client_freeresanswer(client, &rev->answerlist);
dns_client_destroyrestrans(&trans->resid);
isc_event_free(&event);
if (!ISC_LIST_EMPTY(trans->nslist)) {
/* Go get addresses of NSes */
trans->current_ns = ISC_LIST_HEAD(trans->nslist);
result = fetch_nsaddress(trans);
} else
result = ISC_R_FAILURE;
if (result == ISC_R_SUCCESS)
return;
reset_probe(trans);
}
isc_result_t
dns_rdataslab_fromrdataset(dns_rdataset_t *rdataset, isc_mem_t *mctx,
isc_region_t *region, unsigned int reservelen)
{
/*
* Use &removed as a sentinal pointer for duplicate
* rdata as rdata.data == NULL is valid.
*/
static unsigned char removed;
struct xrdata *x;
unsigned char *rawbuf;
#if DNS_RDATASET_FIXED
unsigned char *offsetbase;
#endif
unsigned int buflen;
isc_result_t result;
unsigned int nitems;
unsigned int nalloc;
unsigned int i;
#if DNS_RDATASET_FIXED
unsigned int *offsettable;
#endif
unsigned int length;
buflen = reservelen + 2;
nalloc = dns_rdataset_count(rdataset);
nitems = nalloc;
if (nitems == 0 && rdataset->type != 0)
return (ISC_R_FAILURE);
if (nalloc > 0xffff)
return (ISC_R_NOSPACE);
if (nalloc != 0) {
x = isc_mem_get(mctx, nalloc * sizeof(struct xrdata));
if (x == NULL)
return (ISC_R_NOMEMORY);
} else
x = NULL;
/*
* Save all of the rdata members into an array.
*/
result = dns_rdataset_first(rdataset);
if (result != ISC_R_SUCCESS && result != ISC_R_NOMORE)
goto free_rdatas;
for (i = 0; i < nalloc && result == ISC_R_SUCCESS; i++) {
INSIST(result == ISC_R_SUCCESS);
dns_rdata_init(&x[i].rdata);
dns_rdataset_current(rdataset, &x[i].rdata);
INSIST(x[i].rdata.data != &removed);
#if DNS_RDATASET_FIXED
x[i].order = i;
#endif
result = dns_rdataset_next(rdataset);
}
if (result != ISC_R_NOMORE)
goto free_rdatas;
if (i != nalloc) {
/*
* Somehow we iterated over fewer rdatas than
* dns_rdataset_count() said there were!
*/
result = ISC_R_FAILURE;
goto free_rdatas;
}
/*
* Put into DNSSEC order.
*/
qsort(x, nalloc, sizeof(struct xrdata), compare_rdata);
/*
* Remove duplicates and compute the total storage required.
*
* If an rdata is not a duplicate, accumulate the storage size
* required for the rdata. We do not store the class, type, etc,
* just the rdata, so our overhead is 2 bytes for the number of
* records, and 8 for each rdata, (length(2), offset(4) and order(2))
* and then the rdata itself.
*/
for (i = 1; i < nalloc; i++) {
if (compare_rdata(&x[i-1].rdata, &x[i].rdata) == 0) {
x[i-1].rdata.data = &removed;
#if DNS_RDATASET_FIXED
/*
* Preserve the least order so A, B, A -> A, B
* after duplicate removal.
*/
if (x[i-1].order < x[i].order)
x[i].order = x[i-1].order;
#endif
nitems--;
} else {
#if DNS_RDATASET_FIXED
buflen += (8 + x[i-1].rdata.length);
#else
buflen += (2 + x[i-1].rdata.length);
#endif
/*
* Provide space to store the per RR meta data.
*/
if (rdataset->type == dns_rdatatype_rrsig)
buflen++;
}
}
/*
* Don't forget the last item!
*/
if (nalloc != 0) {
#if DNS_RDATASET_FIXED
buflen += (8 + x[i-1].rdata.length);
#else
buflen += (2 + x[i-1].rdata.length);
#endif
}
/*
* Provide space to store the per RR meta data.
*/
if (rdataset->type == dns_rdatatype_rrsig)
buflen++;
/*
* Ensure that singleton types are actually singletons.
*/
if (nitems > 1 && dns_rdatatype_issingleton(rdataset->type)) {
/*
* We have a singleton type, but there's more than one
* RR in the rdataset.
*/
result = DNS_R_SINGLETON;
goto free_rdatas;
}
/*
* Allocate the memory, set up a buffer, start copying in
* data.
*/
rawbuf = isc_mem_get(mctx, buflen);
if (rawbuf == NULL) {
result = ISC_R_NOMEMORY;
goto free_rdatas;
}
#if DNS_RDATASET_FIXED
/* Allocate temporary offset table. */
offsettable = isc_mem_get(mctx, nalloc * sizeof(unsigned int));
if (offsettable == NULL) {
isc_mem_put(mctx, rawbuf, buflen);
result = ISC_R_NOMEMORY;
goto free_rdatas;
}
memset(offsettable, 0, nalloc * sizeof(unsigned int));
#endif
region->base = rawbuf;
region->length = buflen;
rawbuf += reservelen;
#if DNS_RDATASET_FIXED
offsetbase = rawbuf;
#endif
*rawbuf++ = (nitems & 0xff00) >> 8;
*rawbuf++ = (nitems & 0x00ff);
#if DNS_RDATASET_FIXED
/* Skip load order table. Filled in later. */
rawbuf += nitems * 4;
#endif
for (i = 0; i < nalloc; i++) {
if (x[i].rdata.data == &removed)
continue;
#if DNS_RDATASET_FIXED
offsettable[x[i].order] = rawbuf - offsetbase;
#endif
length = x[i].rdata.length;
if (rdataset->type == dns_rdatatype_rrsig)
length++;
INSIST(length <= 0xffff);
*rawbuf++ = (length & 0xff00) >> 8;
*rawbuf++ = (length & 0x00ff);
#if DNS_RDATASET_FIXED
rawbuf += 2; /* filled in later */
#endif
/*
* Store the per RR meta data.
*/
if (rdataset->type == dns_rdatatype_rrsig) {
*rawbuf++ |= (x[i].rdata.flags & DNS_RDATA_OFFLINE) ?
DNS_RDATASLAB_OFFLINE : 0;
}
memcpy(rawbuf, x[i].rdata.data, x[i].rdata.length);
rawbuf += x[i].rdata.length;
}
#if DNS_RDATASET_FIXED
fillin_offsets(offsetbase, offsettable, nalloc);
isc_mem_put(mctx, offsettable, nalloc * sizeof(unsigned int));
#endif
result = ISC_R_SUCCESS;
free_rdatas:
if (x != NULL)
isc_mem_put(mctx, x, nalloc * sizeof(struct xrdata));
return (result);
}
