OpenDNSSEC-signer  1.4.3
namedb.c
Go to the documentation of this file.
1 /*
2  * $Id: namedb.c 5467 2011-08-24 06:51:16Z matthijs $
3  *
4  * Copyright (c) 2009 NLNet Labs. All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  * notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  * notice, this list of conditions and the following disclaimer in the
13  * documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
19  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
21  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
23  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
25  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26  *
27  */
28 
34 #include "config.h"
35 #include "shared/allocator.h"
36 #include "shared/file.h"
37 #include "shared/log.h"
38 #include "shared/util.h"
39 #include "signer/backup.h"
40 #include "signer/namedb.h"
41 #include "signer/zone.h"
42 
43 const char* db_str = "namedb";
44 
45 
50 static ldns_rbnode_t*
51 domain2node(domain_type* domain)
52 {
53  ldns_rbnode_t* node = (ldns_rbnode_t*) malloc(sizeof(ldns_rbnode_t));
54  if (!node) {
55  return NULL;
56  }
57  node->key = domain->dname;
58  node->data = domain;
59  return node;
60 }
61 
62 
67 static ldns_rbnode_t*
68 denial2node(denial_type* denial)
69 {
70  ldns_rbnode_t* node = (ldns_rbnode_t*) malloc(sizeof(ldns_rbnode_t));
71  if (!node) {
72  return NULL;
73  }
74  node->key = denial->dname;
75  node->data = denial;
76  return node;
77 }
78 
79 
84 static int
85 domain_compare(const void* a, const void* b)
86 {
87  ldns_rdf* x = (ldns_rdf*)a;
88  ldns_rdf* y = (ldns_rdf*)b;
89  return ldns_dname_compare(x, y);
90 }
91 
92 
97 void
99 {
100  if (db) {
101  db->denials = ldns_rbtree_create(domain_compare);
102  }
103  return;
104 }
105 
106 
111 static void
112 namedb_init_domains(namedb_type* db)
113 {
114  if (db) {
115  db->domains = ldns_rbtree_create(domain_compare);
116  }
117  return;
118 }
119 
120 
126 namedb_create(void* zone)
127 {
128  namedb_type* db = NULL;
129  zone_type* z = (zone_type*) zone;
130 
131  ods_log_assert(z);
132  ods_log_assert(z->name);
134  db = (namedb_type*) allocator_alloc(z->allocator, sizeof(namedb_type));
135  if (!db) {
136  ods_log_error("[%s] unable to create namedb for zone %s: "
137  "allocator_alloc() failed", db_str, z->name);
138  return NULL;
139  }
140  db->zone = zone;
141 
142  namedb_init_domains(db);
143  if (!db->domains) {
144  ods_log_error("[%s] unable to create namedb for zone %s: "
145  "init domains failed", db_str, z->name);
146  namedb_cleanup(db);
147  return NULL;
148  }
150  if (!db->denials) {
151  ods_log_error("[%s] unable to create namedb for zone %s: "
152  "init denials failed", db_str, z->name);
153  namedb_cleanup(db);
154  return NULL;
155  }
156  db->inbserial = 0;
157  db->intserial = 0;
158  db->outserial = 0;
159  db->altserial = 0;
160  db->is_initialized = 0;
161  db->have_serial = 0;
162  db->is_processed = 0;
163  db->serial_updated = 0;
164  db->force_serial = 0;
165  return db;
166 }
167 
168 
173 static void*
174 namedb_domain_search(ldns_rbtree_t* tree, ldns_rdf* dname)
175 {
176  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
177  if (!tree || !dname) {
178  return NULL;
179  }
180  node = ldns_rbtree_search(tree, dname);
181  if (node && node != LDNS_RBTREE_NULL) {
182  return (void*) node->data;
183  }
184  return NULL;
185 }
186 
187 
188 static uint32_t
189 max(uint32_t a, uint32_t b)
190 {
191  return (a<b?b:a);
192 }
193 
194 
200 namedb_update_serial(namedb_type* db, const char* zone_name, const char* format,
201  uint32_t inbound_serial)
202 {
203  uint32_t soa = 0;
204  uint32_t prev = 0;
205  uint32_t update = 0;
206  if (!db || !format || !zone_name) {
207  return ODS_STATUS_ASSERT_ERR;
208  }
209  prev = max(db->outserial, inbound_serial);
210  if (!db->have_serial) {
211  prev = inbound_serial;
212  }
213  ods_log_debug("[%s] zone %s update serial: format=%s in=%u internal=%u "
214  "out=%u now=%u", db_str, zone_name, format, db->inbserial,
215  db->intserial, db->outserial, (uint32_t) time_now());
216  if (db->force_serial) {
217  soa = db->altserial;
218  if (!util_serial_gt(soa, prev)) {
219  ods_log_warning("[%s] zone %s unable to enforce serial: %u does not "
220  " increase %u. Serial set to %u", db_str, zone_name, soa, prev,
221  (prev+1));
222  soa = prev + 1;
223  } else {
224  ods_log_info("[%s] zone %s enforcing serial %u", db_str, zone_name,
225  soa);
226  }
227  db->force_serial = 0;
228  } else if (ods_strcmp(format, "unixtime") == 0) {
229  soa = (uint32_t) time_now();
230  if (!util_serial_gt(soa, prev)) {
231  if (!db->have_serial) {
232  ods_log_warning("[%s] zone %s unable to use unixtime as serial: "
233  "%u does not increase %u. Serial set to %u", db_str,
234  zone_name, soa, prev, (prev+1));
235  }
236  soa = prev + 1;
237  }
238  } else if (ods_strcmp(format, "datecounter") == 0) {
239  soa = (uint32_t) time_datestamp(0, "%Y%m%d", NULL) * 100;
240  if (!util_serial_gt(soa, prev)) {
241  if (!db->have_serial) {
242  ods_log_warning("[%s] zone %s unable to use datecounter as "
243  "serial: %u does not increase %u. Serial set to %u", db_str,
244  zone_name, soa, prev, (prev+1));
245  }
246  soa = prev + 1;
247  }
248  } else if (ods_strcmp(format, "counter") == 0) {
249  soa = inbound_serial + 1;
250  if (db->have_serial && !util_serial_gt(soa, prev)) {
251  soa = prev + 1;
252  }
253  } else if (ods_strcmp(format, "keep") == 0) {
254  prev = db->outserial;
255  soa = inbound_serial;
256  if (db->have_serial && !util_serial_gt(soa, prev)) {
257  ods_log_error("[%s] zone %s cannot keep SOA SERIAL from input zone "
258  " (%u): previous output SOA SERIAL is %u", db_str, zone_name,
259  soa, prev);
261  }
262  } else {
263  ods_log_error("[%s] zone %s unknown serial type %s", db_str, zone_name,
264  format);
265  return ODS_STATUS_ERR;
266  }
267  /* serial is stored in 32 bits */
268  update = soa - prev;
269  if (update > 0x7FFFFFFF) {
270  update = 0x7FFFFFFF;
271  }
272  if (!db->have_serial) {
273  db->intserial = soa;
274  } else {
275  db->intserial = prev + update; /* automatically does % 2^32 */
276  }
277  ods_log_debug("[%s] zone %s update serial: %u + %u = %u", db_str, zone_name,
278  prev, update, db->intserial);
279  return ODS_STATUS_OK;
280 }
281 
282 
288 namedb_domain_entize(namedb_type* db, domain_type* domain, ldns_rdf* apex)
289 {
290  ldns_rdf* parent_rdf = NULL;
291  domain_type* parent_domain = NULL;
292  ods_log_assert(apex);
293  ods_log_assert(domain);
294  ods_log_assert(domain->dname);
295  ods_log_assert(db);
296  ods_log_assert(db->domains);
297  if (domain->parent) {
298  /* domain already has parent */
299  return ODS_STATUS_OK;
300  }
301 
302  while (domain && ldns_dname_is_subdomain(domain->dname, apex) &&
303  ldns_dname_compare(domain->dname, apex) != 0) {
311  parent_rdf = ldns_dname_left_chop(domain->dname);
312  if (!parent_rdf) {
313  ods_log_error("[%s] unable to entize domain: left chop failed",
314  db_str);
315  return ODS_STATUS_ERR;
316  }
317  parent_domain = namedb_lookup_domain(db, parent_rdf);
318  if (!parent_domain) {
319  parent_domain = namedb_add_domain(db, parent_rdf);
320  ldns_rdf_deep_free(parent_rdf);
321  if (!parent_domain) {
322  ods_log_error("[%s] unable to entize domain: failed to add "
323  "parent domain", db_str);
324  return ODS_STATUS_ERR;
325  }
326  domain->parent = parent_domain;
327  /* continue with the parent domain */
328  domain = parent_domain;
329  } else {
330  ldns_rdf_deep_free(parent_rdf);
331  domain->parent = parent_domain;
332  /* domain has parent, entize done */
333  domain = NULL;
334  }
335  }
336  return ODS_STATUS_OK;
337 }
338 
339 
345 namedb_lookup_domain(namedb_type* db, ldns_rdf* dname)
346 {
347  if (!db) {
348  return NULL;
349  }
350  return (domain_type*) namedb_domain_search(db->domains, dname);
351 }
352 
353 
359 namedb_add_domain(namedb_type* db, ldns_rdf* dname)
360 {
361  domain_type* domain = NULL;
362  ldns_rbnode_t* new_node = LDNS_RBTREE_NULL;
363  if (!dname || !db || !db->domains) {
364  return NULL;
365  }
366  domain = domain_create(db->zone, dname);
367  if (!domain) {
368  ods_log_error("[%s] unable to add domain: domain_create() failed",
369  db_str);
370  return NULL;
371  }
372  new_node = domain2node(domain);
373  if (!new_node) {
374  ods_log_error("[%s] unable to add domain: domain2node() failed",
375  db_str);
376  return NULL;
377  }
378  if (ldns_rbtree_insert(db->domains, new_node) == NULL) {
379  ods_log_error("[%s] unable to add domain: already present", db_str);
380  log_dname(domain->dname, "ERR +DOMAIN", LOG_ERR);
381  domain_cleanup(domain);
382  free((void*)new_node);
383  return NULL;
384  }
385  domain = (domain_type*) new_node->data;
386  domain->node = new_node;
387  domain->is_new = 1;
388  log_dname(domain->dname, "+DOMAIN", LOG_DEEEBUG);
389  return domain;
390 }
391 
392 
399 {
400  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
401  if (!domain || !db || !db->domains) {
402  ods_log_error("[%s] unable to delete domain: !db || !domain", db_str);
403  return NULL;
404  }
405  if (domain->rrsets || domain->denial) {
406  ods_log_error("[%s] unable to delete domain: domain in use", db_str);
407  log_dname(domain->dname, "ERR -DOMAIN", LOG_ERR);
408  return NULL;
409  }
410  node = ldns_rbtree_delete(db->domains, (const void*)domain->dname);
411  if (node) {
412  ods_log_assert(domain->node == node);
413  ods_log_assert(!domain->rrsets);
414  ods_log_assert(!domain->denial);
415  free((void*)node);
416  domain->node = NULL;
417  log_dname(domain->dname, "-DOMAIN", LOG_DEEEBUG);
418  return domain;
419  }
420  ods_log_error("[%s] unable to delete domain: not found", db_str);
421  log_dname(domain->dname, "ERR -DOMAIN", LOG_ERR);
422  return NULL;
423 }
424 
425 
431 namedb_lookup_denial(namedb_type* db, ldns_rdf* dname)
432 {
433  if (!db) {
434  return NULL;
435  }
436  return (denial_type*) namedb_domain_search(db->denials, dname);
437 }
438 
439 
444 static int
445 domain_is_empty_terminal(domain_type* domain)
446 {
447  ldns_rbnode_t* n = LDNS_RBTREE_NULL;
448  domain_type* d = NULL;
449  ods_log_assert(domain);
450  if (domain->is_apex) {
451  return 0;
452  }
453  if (domain->rrsets) {
454  return 0;
455  }
456  n = ldns_rbtree_next(domain->node);
457  if (n) {
458  d = (domain_type*) n->data;
459  }
460  /* if it has children domains, do not delete it */
461  if(d && ldns_dname_is_subdomain(d->dname, domain->dname)) {
462  return 0;
463  }
464  return 1;
465 }
466 
467 
472 static int
473 domain_can_be_deleted(domain_type* domain)
474 {
475  ods_log_assert(domain);
476  return (domain_is_empty_terminal(domain) && !domain->denial);
477 }
478 
479 
484 static void
485 namedb_add_nsec_trigger(namedb_type* db, domain_type* domain)
486 {
487  ldns_rr_type dstatus = LDNS_RR_TYPE_FIRST;
488  denial_type* denial = NULL;
489  ods_log_assert(db);
490  ods_log_assert(domain);
491  ods_log_assert(!domain->denial);
492  dstatus = domain_is_occluded(domain);
493  if (dstatus == LDNS_RR_TYPE_DNAME || dstatus == LDNS_RR_TYPE_A) {
494  return; /* don't do occluded/glue domain */
495  }
496  if (!domain->rrsets) {
497  return; /* don't do empty domain */
498  }
499  /* ok, nsecify this domain */
500  denial = namedb_add_denial(db, domain->dname, NULL);
501  ods_log_assert(denial);
502  denial->domain = (void*) domain;
503  domain->denial = (void*) denial;
504  domain->is_new = 0;
505  return;
506 }
507 
508 
513 static void
514 namedb_add_nsec3_trigger(namedb_type* db, domain_type* domain,
515  nsec3params_type* n3p)
516 {
517  ldns_rr_type dstatus = LDNS_RR_TYPE_FIRST;
518  denial_type* denial = NULL;
519  ods_log_assert(db);
520  ods_log_assert(n3p);
521  ods_log_assert(domain);
522  ods_log_assert(!domain->denial);
523  dstatus = domain_is_occluded(domain);
524  if (dstatus == LDNS_RR_TYPE_DNAME || dstatus == LDNS_RR_TYPE_A) {
525  return; /* don't do occluded/glue domain */
526  }
527  /* Opt-Out? */
528  if (n3p->flags) {
529  dstatus = domain_is_delegpt(domain);
530  /* If Opt-Out is being used, owner names of unsigned delegations
531  MAY be excluded. */
532  if (dstatus == LDNS_RR_TYPE_NS || domain_ent2unsignedns(domain)) {
533  return;
534  }
535  }
536  /* ok, nsecify3 this domain */
537  denial = namedb_add_denial(db, domain->dname, n3p);
538  ods_log_assert(denial);
539  denial->domain = (void*) domain;
540  domain->denial = (void*) denial;
541  domain->is_new = 0;
542  return;
543 }
544 
545 
550 static void
551 namedb_add_denial_trigger(namedb_type* db, domain_type* domain)
552 {
553  zone_type* zone = NULL;
554  ods_log_assert(db);
555  ods_log_assert(domain);
556  if (!domain->denial) {
557  zone = (void*) domain->zone;
558  ods_log_assert(zone);
559  ods_log_assert(zone->signconf);
560  if (zone->signconf->nsec_type == LDNS_RR_TYPE_NSEC) {
561  namedb_add_nsec_trigger(db, domain);
562  } else {
563  ods_log_assert(zone->signconf->nsec_type == LDNS_RR_TYPE_NSEC3);
564  namedb_add_nsec3_trigger(db, domain, zone->signconf->nsec3params);
565  }
566  }
567  return;
568 }
569 
570 
575 static void
576 namedb_del_nsec_trigger(namedb_type* db, domain_type* domain)
577 {
578  ldns_rr_type dstatus = LDNS_RR_TYPE_FIRST;
579  denial_type* denial = NULL;
580  ods_log_assert(db);
581  ods_log_assert(domain);
582  ods_log_assert(domain->denial);
583  dstatus = domain_is_occluded(domain);
584  if (dstatus == LDNS_RR_TYPE_DNAME || dstatus == LDNS_RR_TYPE_A ||
585  domain_is_empty_terminal(domain) || !domain->rrsets) {
586  /* domain has become occluded/glue or empty non-terminal*/
587  denial_diff((denial_type*) domain->denial);
588  denial = namedb_del_denial(db, domain->denial);
589  denial_cleanup(denial);
590  domain->denial = NULL;
591  }
592  return;
593 }
594 
595 
600 static void
601 namedb_del_nsec3_trigger(namedb_type* db, domain_type* domain,
602  nsec3params_type* n3p)
603 {
604  ldns_rr_type dstatus = LDNS_RR_TYPE_FIRST;
605  denial_type* denial = NULL;
606  ods_log_assert(db);
607  ods_log_assert(n3p);
608  ods_log_assert(domain);
609  ods_log_assert(domain->denial);
610  dstatus = domain_is_occluded(domain);
611  if (dstatus == LDNS_RR_TYPE_DNAME || dstatus == LDNS_RR_TYPE_A ||
612  domain_is_empty_terminal(domain)) {
613  /* domain has become occluded/glue */
614  denial_diff((denial_type*) domain->denial);
615  denial = namedb_del_denial(db, domain->denial);
616  denial_cleanup(denial);
617  domain->denial = NULL;
618  } else if (n3p->flags) {
619  dstatus = domain_is_delegpt(domain);
620  /* If Opt-Out is being used, owner names of unsigned delegations
621  MAY be excluded. */
622  if (dstatus == LDNS_RR_TYPE_NS || domain_ent2unsignedns(domain)) {
623  denial_diff((denial_type*) domain->denial);
624  denial = namedb_del_denial(db, domain->denial);
625  denial_cleanup(denial);
626  domain->denial = NULL;
627  }
628  }
629  return;
630 }
631 
632 
637 static int
638 namedb_del_denial_trigger(namedb_type* db, domain_type* domain, int rollback)
639 {
640  domain_type* parent = NULL;
641  zone_type* zone = NULL;
642  unsigned is_deleted = 0;
643  ods_log_assert(db);
644  ods_log_assert(domain);
645  ods_log_assert(domain->dname);
646  zone = (void*) domain->zone;
647  ods_log_assert(zone);
648  ods_log_assert(zone->signconf);
649  while(domain) {
650  if (!rollback) {
651  if (domain->denial) {
652  if (zone->signconf->nsec_type == LDNS_RR_TYPE_NSEC) {
653  namedb_del_nsec_trigger(db, domain);
654  } else {
656  LDNS_RR_TYPE_NSEC3);
657  namedb_del_nsec3_trigger(db, domain,
658  zone->signconf->nsec3params);
659  }
660  }
661  }
662  parent = domain->parent;
663  if (domain_can_be_deleted(domain)) {
664  /* -DOMAIN */
665  domain = namedb_del_domain(db, domain);
666  domain_cleanup(domain);
667  is_deleted = 1;
668  }
669  /* continue with parent */
670  domain = parent;
671  }
672  return is_deleted;
673 }
674 
675 
680 static ldns_rdf*
681 dname_hash(ldns_rdf* dname, ldns_rdf* apex, nsec3params_type* nsec3params)
682 {
683  ldns_rdf* hashed_ownername = NULL;
684  ldns_rdf* hashed_label = NULL;
685  ods_log_assert(dname);
686  ods_log_assert(apex);
687  ods_log_assert(nsec3params);
692  hashed_label = ldns_nsec3_hash_name(dname, nsec3params->algorithm,
693  nsec3params->iterations, nsec3params->salt_len,
694  nsec3params->salt_data);
695  if (!hashed_label) {
696  return NULL;
697  }
698  hashed_ownername = ldns_dname_cat_clone((const ldns_rdf*) hashed_label,
699  (const ldns_rdf*) apex);
700  if (!hashed_ownername) {
701  return NULL;
702  }
703  ldns_rdf_deep_free(hashed_label);
704  return hashed_ownername;
705 }
706 
707 
713 namedb_add_denial(namedb_type* db, ldns_rdf* dname, nsec3params_type* n3p)
714 {
715  zone_type* z = NULL;
716  ldns_rbnode_t* new_node = LDNS_RBTREE_NULL;
717  ldns_rbnode_t* pnode = LDNS_RBTREE_NULL;
718  ldns_rdf* owner = NULL;
719  denial_type* denial = NULL;
720  denial_type* pdenial = NULL;
721 
722  ods_log_assert(db);
723  ods_log_assert(db->denials);
724  ods_log_assert(dname);
725  /* nsec or nsec3 */
726  if (n3p) {
727  z = (zone_type*) db->zone;
728  owner = dname_hash(dname, z->apex, n3p);
729  } else {
730  owner = ldns_rdf_clone(dname);
731  }
732  if (!owner) {
733  ods_log_error("[%s] unable to add denial: create owner failed",
734  db_str);
735  return NULL;
736  }
737  denial = denial_create(db->zone, owner);
738  if (!denial) {
739  ods_log_error("[%s] unable to add denial: denial_create() failed",
740  db_str);
741  return NULL;
742  }
743  new_node = denial2node(denial);
744  if (!new_node) {
745  ods_log_error("[%s] unable to add denial: denial2node() failed",
746  db_str);
747  return NULL;
748  }
749  if (!ldns_rbtree_insert(db->denials, new_node)) {
750  ods_log_error("[%s] unable to add denial: already present", db_str);
751  log_dname(denial->dname, "ERR +DENIAL", LOG_ERR);
752  denial_cleanup(denial);
753  free((void*)new_node);
754  return NULL;
755  }
756  /* denial of existence data point added */
757  denial = (denial_type*) new_node->data;
758  denial->node = new_node;
759  denial->nxt_changed = 1;
760  pnode = ldns_rbtree_previous(new_node);
761  if (!pnode || pnode == LDNS_RBTREE_NULL) {
762  pnode = ldns_rbtree_last(db->denials);
763  }
764  ods_log_assert(pnode);
765  pdenial = (denial_type*) pnode->data;
766  ods_log_assert(pdenial);
767  pdenial->nxt_changed = 1;
768  log_dname(denial->dname, "+DENIAL", LOG_DEEEBUG);
769  return denial;
770 }
771 
772 
779 {
780  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
781  ldns_rbnode_t* pnode = LDNS_RBTREE_NULL;
782  denial_type* pdenial = NULL;
783 
784  if (!denial || !db || !db->denials) {
785  return NULL;
786  }
787  if (denial->rrset && denial->rrset->rr_count) {
788  ods_log_error("[%s] unable to delete denial: denial in use [#%u]",
789  db_str, denial->rrset->rr_count);
790  log_dname(denial->dname, "ERR -DENIAL", LOG_ERR);
791  return NULL;
792  }
793  pnode = ldns_rbtree_previous(denial->node);
794  if (!pnode || pnode == LDNS_RBTREE_NULL) {
795  pnode = ldns_rbtree_last(db->denials);
796  }
797  ods_log_assert(pnode);
798  pdenial = (denial_type*) pnode->data;
799  ods_log_assert(pdenial);
800  node = ldns_rbtree_delete(db->denials, (const void*)denial->dname);
801  if (!node) {
802  ods_log_error("[%s] unable to delete denial: not found", db_str);
803  log_dname(denial->dname, "ERR -DENIAL", LOG_ERR);
804  return NULL;
805  }
806  ods_log_assert(denial->node == node);
807  pdenial->nxt_changed = 1;
808  free((void*)node);
809  denial->domain = NULL;
810  denial->node = NULL;
811  log_dname(denial->dname, "-DENIAL", LOG_DEEEBUG);
812  return denial;
813 }
814 
815 
820 void
821 namedb_diff(namedb_type* db, unsigned is_ixfr, unsigned more_coming)
822 {
823  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
824  domain_type* domain = NULL;
825  if (!db || !db->domains) {
826  return;
827  }
828  node = ldns_rbtree_first(db->domains);
829  if (!node || node == LDNS_RBTREE_NULL) {
830  return;
831  }
832  while (node && node != LDNS_RBTREE_NULL) {
833  domain = (domain_type*) node->data;
834  node = ldns_rbtree_next(node);
835  domain_diff(domain, is_ixfr, more_coming);
836  }
837  node = ldns_rbtree_first(db->domains);
838  if (!node || node == LDNS_RBTREE_NULL) {
839  return;
840  }
841  while (node && node != LDNS_RBTREE_NULL) {
842  domain = (domain_type*) node->data;
843  node = ldns_rbtree_next(node);
844  if (!namedb_del_denial_trigger(db, domain, 0)) {
845  /* del_denial did not delete domain */
846  namedb_add_denial_trigger(db, domain);
847  }
848  }
849  return;
850 }
851 
852 
857 void
858 namedb_rollback(namedb_type* db, unsigned keepsc)
859 {
860  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
861  domain_type* domain = NULL;
862  if (!db || !db->domains) {
863  return;
864  }
865  node = ldns_rbtree_first(db->domains);
866  if (!node || node == LDNS_RBTREE_NULL) {
867  return;
868  }
869  while (node && node != LDNS_RBTREE_NULL) {
870  domain = (domain_type*) node->data;
871  node = ldns_rbtree_next(node);
872  domain_rollback(domain, keepsc);
873  (void) namedb_del_denial_trigger(db, domain, 1);
874  }
875  return;
876 }
877 
878 
883 void
884 namedb_nsecify(namedb_type* db, uint32_t* num_added)
885 {
886  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
887  ldns_rbnode_t* nxt_node = LDNS_RBTREE_NULL;
888  denial_type* denial = NULL;
889  denial_type* nxt = NULL;
890  uint32_t nsec_added = 0;
891  ods_log_assert(db);
892  node = ldns_rbtree_first(db->denials);
893  while (node && node != LDNS_RBTREE_NULL) {
894  denial = (denial_type*) node->data;
895  nxt_node = ldns_rbtree_next(node);
896  if (!nxt_node || nxt_node == LDNS_RBTREE_NULL) {
897  nxt_node = ldns_rbtree_first(db->denials);
898  }
899  nxt = (denial_type*) nxt_node->data;
900  denial_nsecify(denial, nxt, &nsec_added);
901  node = ldns_rbtree_next(node);
902  }
903  if (num_added) {
904  *num_added = nsec_added;
905  }
906  return;
907 }
908 
909 
916 {
917  ods_status status = ODS_STATUS_OK;
918  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
919  domain_type* domain = NULL;
920  rrset_type* rrset = NULL;
921 /*
922  ldns_rr_type dstatus = LDNS_RR_TYPE_FIRST;
923  ldns_rr_type delegpt = LDNS_RR_TYPE_FIRST;
924 */
925 
926  if (!db || !db->domains) {
927  /* no db, no error */
928  return ODS_STATUS_OK;
929  }
930  if (db->domains->root != LDNS_RBTREE_NULL) {
931  node = ldns_rbtree_first(db->domains);
932  }
933  while (node && node != LDNS_RBTREE_NULL) {
934  domain = (domain_type*) node->data;
935  rrset = domain_lookup_rrset(domain, LDNS_RR_TYPE_CNAME);
936  if (rrset) {
937  /* Thou shall not have other data next to CNAME */
938  if (domain_count_rrset_is_added(domain) > 1 &&
939  rrset_count_rr_is_added(rrset) > 0) {
940  log_rrset(domain->dname, rrset->rrtype,
941  "CNAME and other data at the same name", LOG_ERR);
943  }
944  /* Thou shall have at most one CNAME per name */
945  if (rrset_count_rr_is_added(rrset) > 1) {
946  log_rrset(domain->dname, rrset->rrtype,
947  "multiple CNAMEs at the same name", LOG_ERR);
949  }
950  }
951  rrset = domain_lookup_rrset(domain, LDNS_RR_TYPE_DNAME);
952  if (rrset) {
953  /* Thou shall have at most one DNAME per name */
954  if (rrset_count_rr_is_added(rrset) > 1) {
955  log_rrset(domain->dname, rrset->rrtype,
956  "multiple DNAMEs at the same name", LOG_ERR);
958  }
959  }
960 /*
961  dstatus = domain_is_occluded(domain);
962  delegpt = domain_is_delegpt(domain);
963 */
964  /* Thou shall not have occluded data in your zone file */
965  node = ldns_rbtree_next(node);
966  }
967  return status;
968 }
969 
970 
975 void
977 {
978  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
979  denial_type* denial = NULL;
980  zone_type* zone = NULL;
981  size_t i = 0;
982 
983  if (db && db->denials) {
984  zone = (zone_type*) db->zone;
985  ods_log_assert(zone);
986  ods_log_assert(zone->name);
987  ods_log_debug("[%s] wipe denial of existence space zone %s", db_str,
988  zone->name);
989  node = ldns_rbtree_first(db->denials);
990  while (node && node != LDNS_RBTREE_NULL) {
991  denial = (denial_type*) node->data;
992  if (!denial->rrset) {
993  node = ldns_rbtree_next(node);
994  continue;
995  }
996  for (i=0; i < denial->rrset->rr_count; i++) {
997  if (denial->rrset->rrs[i].exists) {
998  /* ixfr -RR */
999  lock_basic_lock(&zone->ixfr->ixfr_lock);
1000  ixfr_del_rr(zone->ixfr, denial->rrset->rrs[i].rr);
1001  lock_basic_unlock(&zone->ixfr->ixfr_lock);
1002  }
1003  denial->rrset->rrs[i].exists = 0;
1004  rrset_del_rr(denial->rrset, i);
1005  i--;
1006  }
1007  for (i=0; i < denial->rrset->rrsig_count; i++) {
1008  /* ixfr -RRSIG */
1009  lock_basic_lock(&zone->ixfr->ixfr_lock);
1010  ixfr_del_rr(zone->ixfr, denial->rrset->rrsigs[i].rr);
1011  lock_basic_unlock(&zone->ixfr->ixfr_lock);
1012  rrset_del_rrsig(denial->rrset, i);
1013  i--;
1014  }
1015  rrset_cleanup(denial->rrset);
1016  denial->rrset = NULL;
1017  node = ldns_rbtree_next(node);
1018  }
1019  }
1020  return;
1021 }
1022 
1023 
1028 void
1029 namedb_export(FILE* fd, namedb_type* db, ods_status* status)
1030 {
1031  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
1032  domain_type* domain = NULL;
1033  if (!fd || !db || !db->domains) {
1034  if (status) {
1035  ods_log_error("[%s] unable to export namedb: file descriptor "
1036  "or name database missing", db_str);
1037  *status = ODS_STATUS_ASSERT_ERR;
1038  }
1039  return;
1040  }
1041  node = ldns_rbtree_first(db->domains);
1042  if (!node || node == LDNS_RBTREE_NULL) {
1043  fprintf(fd, "; empty zone\n");
1044  if (status) {
1045  *status = ODS_STATUS_OK;
1046  }
1047  return;
1048  }
1049  while (node && node != LDNS_RBTREE_NULL) {
1050  domain = (domain_type*) node->data;
1051  if (domain) {
1052  domain_print(fd, domain, status);
1053  }
1054  node = ldns_rbtree_next(node);
1055  }
1056  return;
1057 }
1058 
1059 
1064 static void
1065 domain_delfunc(ldns_rbnode_t* elem)
1066 {
1067  domain_type* domain = NULL;
1068  if (elem && elem != LDNS_RBTREE_NULL) {
1069  domain = (domain_type*) elem->data;
1070  domain_delfunc(elem->left);
1071  domain_delfunc(elem->right);
1072  domain_cleanup(domain);
1073  free((void*)elem);
1074  }
1075  return;
1076 }
1077 
1078 
1083 static void
1084 denial_delfunc(ldns_rbnode_t* elem)
1085 {
1086  denial_type* denial = NULL;
1087  domain_type* domain = NULL;
1088  if (elem && elem != LDNS_RBTREE_NULL) {
1089  denial = (denial_type*) elem->data;
1090  denial_delfunc(elem->left);
1091  denial_delfunc(elem->right);
1092  domain = (domain_type*) denial->domain;
1093  if (domain) {
1094  domain->denial = NULL;
1095  }
1096  denial_cleanup(denial);
1097  free((void*)elem);
1098  }
1099  return;
1100 }
1101 
1102 
1107 static void
1108 namedb_cleanup_domains(namedb_type* db)
1109 {
1110  if (db && db->domains) {
1111  domain_delfunc(db->domains->root);
1112  ldns_rbtree_free(db->domains);
1113  db->domains = NULL;
1114  }
1115  return;
1116 }
1117 
1118 
1123 void
1125 {
1126  if (db && db->denials) {
1127  denial_delfunc(db->denials->root);
1128  ldns_rbtree_free(db->denials);
1129  db->denials = NULL;
1130  }
1131  return;
1132 }
1133 
1134 
1139 void
1141 {
1142  zone_type* z = NULL;
1143  if (!db) {
1144  return;
1145  }
1146  z = (zone_type*) db->zone;
1147  if (!z || !z->allocator) {
1148  return;
1149  }
1151  namedb_cleanup_domains(db);
1152  allocator_deallocate(z->allocator, (void*) db);
1153  return;
1154 }
1155 
1156 
1161 void
1163 {
1164  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
1165  domain_type* domain = NULL;
1166  denial_type* denial = NULL;
1167  if (!fd || !db) {
1168  return;
1169  }
1170  node = ldns_rbtree_first(db->domains);
1171  while (node && node != LDNS_RBTREE_NULL) {
1172  domain = (domain_type*) node->data;
1173  domain_backup2(fd, domain, 0);
1174  node = ldns_rbtree_next(node);
1175  }
1176  fprintf(fd, ";\n");
1177  node = ldns_rbtree_first(db->denials);
1178  while (node && node != LDNS_RBTREE_NULL) {
1179  denial = (denial_type*) node->data;
1180  if (denial->rrset) {
1181  rrset_print(fd, denial->rrset, 1, NULL);
1182  }
1183  node = ldns_rbtree_next(node);
1184  }
1185  fprintf(fd, ";\n");
1186  /* signatures */
1187  node = ldns_rbtree_first(db->domains);
1188  while (node && node != LDNS_RBTREE_NULL) {
1189  domain = (domain_type*) node->data;
1190  domain_backup2(fd, domain, 1);
1191  node = ldns_rbtree_next(node);
1192  }
1193  node = ldns_rbtree_first(db->denials);
1194  while (node && node != LDNS_RBTREE_NULL) {
1195  denial = (denial_type*) node->data;
1196  if (denial->rrset) {
1197  rrset_backup2(fd, denial->rrset);
1198  }
1199  node = ldns_rbtree_next(node);
1200  }
1201  fprintf(fd, ";\n");
1202  return;
1203 }
size_t domain_count_rrset_is_added(domain_type *domain)
Definition: domain.c:149
void domain_cleanup(domain_type *domain)
Definition: domain.c:563
void namedb_cleanup_denials(namedb_type *db)
Definition: namedb.c:1124
uint32_t intserial
Definition: namedb.h:54
void namedb_export(FILE *fd, namedb_type *db, ods_status *status)
Definition: namedb.c:1029
rrset_type * rrset
Definition: denial.h:56
size_t rr_count
Definition: rrset.h:81
void rrset_cleanup(rrset_type *rrset)
Definition: rrset.c:854
void domain_backup2(FILE *fd, domain_type *domain, int sigs)
Definition: domain.c:582
rrset_type * domain_lookup_rrset(domain_type *domain, ldns_rr_type rrtype)
Definition: domain.c:172
domain_type * namedb_del_domain(namedb_type *db, domain_type *domain)
Definition: namedb.c:398
void ods_log_debug(const char *format,...)
Definition: log.c:272
uint32_t time_datestamp(time_t tt, const char *format, char **str)
Definition: duration.c:533
denial_type * denial_create(void *zoneptr, ldns_rdf *dname)
Definition: denial.c:50
void denial_cleanup(denial_type *denial)
Definition: denial.c:355
void * allocator_alloc(allocator_type *allocator, size_t size)
Definition: allocator.c:68
uint16_t iterations
Definition: nsec3params.h:59
void * domain
Definition: denial.h:53
void namedb_cleanup(namedb_type *db)
Definition: namedb.c:1140
void domain_print(FILE *fd, domain_type *domain, ods_status *status)
Definition: domain.c:495
size_t rrset_count_rr_is_added(rrset_type *rrset)
Definition: rrset.c:250
unsigned have_serial
Definition: namedb.h:61
void ixfr_del_rr(ixfr_type *ixfr, ldns_rr *rr)
Definition: ixfr.c:163
void ods_log_info(const char *format,...)
Definition: log.c:304
enum ods_enum_status ods_status
Definition: status.h:91
void ods_log_error(const char *format,...)
Definition: log.c:336
uint32_t outserial
Definition: namedb.h:55
ldns_rbtree_t * domains
Definition: namedb.h:51
void namedb_init_denials(namedb_type *db)
Definition: namedb.c:98
ods_status namedb_update_serial(namedb_type *db, const char *zone_name, const char *format, uint32_t inbound_serial)
Definition: namedb.c:200
int ods_strcmp(const char *s1, const char *s2)
Definition: file.c:317
ldns_rr_type rrtype
Definition: rrset.h:78
void namedb_diff(namedb_type *db, unsigned is_ixfr, unsigned more_coming)
Definition: namedb.c:821
void domain_diff(domain_type *domain, unsigned is_ixfr, unsigned more_coming)
Definition: domain.c:281
ldns_rr_type nsec_type
Definition: signconf.h:65
void namedb_backup2(FILE *fd, namedb_type *db)
Definition: namedb.c:1162
int util_serial_gt(uint32_t serial_new, uint32_t serial_old)
Definition: util.c:74
void namedb_nsecify(namedb_type *db, uint32_t *num_added)
Definition: namedb.c:884
unsigned exists
Definition: rrset.h:64
domain_type * parent
Definition: domain.h:61
#define lock_basic_lock(lock)
Definition: locks.h:93
uint8_t * salt_data
Definition: nsec3params.h:61
int domain_ent2unsignedns(domain_type *domain)
Definition: domain.c:407
void log_rrset(ldns_rdf *dname, ldns_rr_type type, const char *pre, int level)
Definition: rrset.c:102
denial_type * namedb_del_denial(namedb_type *db, denial_type *denial)
Definition: namedb.c:778
ixfr_type * ixfr
Definition: zone.h:89
uint32_t inbserial
Definition: namedb.h:53
unsigned nxt_changed
Definition: denial.h:58
unsigned serial_updated
Definition: namedb.h:59
unsigned is_initialized
Definition: namedb.h:57
ldns_rbtree_t * denials
Definition: namedb.h:52
ldns_rr_type domain_is_delegpt(domain_type *domain)
Definition: domain.c:441
unsigned is_processed
Definition: namedb.h:58
ods_status namedb_domain_entize(namedb_type *db, domain_type *domain, ldns_rdf *apex)
Definition: namedb.c:288
ldns_rr * rr
Definition: rrset.h:50
signconf_type * signconf
Definition: zone.h:86
ldns_rr_type domain_is_occluded(domain_type *domain)
Definition: domain.c:466
void rrset_del_rrsig(rrset_type *rrset, uint16_t rrnum)
Definition: rrset.c:438
void namedb_rollback(namedb_type *db, unsigned keepsc)
Definition: namedb.c:858
void log_dname(ldns_rdf *rdf, const char *pre, int level)
Definition: domain.c:50
unsigned force_serial
Definition: namedb.h:60
domain_type * namedb_lookup_domain(namedb_type *db, ldns_rdf *dname)
Definition: namedb.c:345
unsigned is_apex
Definition: domain.h:64
void rrset_backup2(FILE *fd, rrset_type *rrset)
Definition: rrset.c:887
allocator_type * allocator
Definition: zone.h:69
unsigned is_new
Definition: domain.h:63
void * zone
Definition: namedb.h:50
void rrset_del_rr(rrset_type *rrset, uint16_t rrnum)
Definition: rrset.c:309
namedb_type * namedb_create(void *zone)
Definition: namedb.c:126
#define LOG_ERR
Definition: log.h:49
void denial_diff(denial_type *denial)
Definition: denial.c:251
ldns_rr * rr
Definition: rrset.h:62
#define LOG_DEEEBUG
Definition: log.h:55
lock_basic_type ixfr_lock
Definition: ixfr.h:64
const char * db_str
Definition: namedb.c:43
nsec3params_type * nsec3params
Definition: signconf.h:70
ods_status namedb_examine(namedb_type *db)
Definition: namedb.c:915
domain_type * namedb_add_domain(namedb_type *db, ldns_rdf *dname)
Definition: namedb.c:359
const char * name
Definition: zone.h:78
ldns_rbnode_t * node
Definition: domain.h:59
void domain_rollback(domain_type *domain, int keepsc)
Definition: domain.c:333
size_t rrsig_count
Definition: rrset.h:82
uint32_t altserial
Definition: namedb.h:56
void allocator_deallocate(allocator_type *allocator, void *data)
Definition: allocator.c:137
ldns_rdf * dname
Definition: denial.h:55
ldns_rbnode_t * node
Definition: denial.h:54
rrset_type * rrsets
Definition: domain.h:62
rrsig_type * rrsigs
Definition: rrset.h:80
#define ods_log_assert(x)
Definition: log.h:156
void * denial
Definition: domain.h:58
void namedb_wipe_denial(namedb_type *db)
Definition: namedb.c:976
#define lock_basic_unlock(lock)
Definition: locks.h:94
void ods_log_warning(const char *format,...)
Definition: log.c:320
void denial_nsecify(denial_type *denial, denial_type *nxt, uint32_t *num_added)
Definition: denial.c:302
ldns_rdf * apex
Definition: zone.h:70
denial_type * namedb_add_denial(namedb_type *db, ldns_rdf *dname, nsec3params_type *n3p)
Definition: namedb.c:713
denial_type * namedb_lookup_denial(namedb_type *db, ldns_rdf *dname)
Definition: namedb.c:431
time_t time_now(void)
Definition: duration.c:515
void rrset_print(FILE *fd, rrset_type *rrset, int skip_rrsigs, ods_status *status)
Definition: rrset.c:799
ldns_rdf * dname
Definition: domain.h:60
domain_type * domain_create(void *zoneptr, ldns_rdf *dname)
Definition: domain.c:91
void * zone
Definition: domain.h:57
rr_type * rrs
Definition: rrset.h:79