OpenDNSSEC-signer  2.0.4
namedb.c
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2009 NLNet Labs. All rights reserved.
3  *
4  * Redistribution and use in source and binary forms, with or without
5  * modification, are permitted provided that the following conditions
6  * are met:
7  * 1. Redistributions of source code must retain the above copyright
8  * notice, this list of conditions and the following disclaimer.
9  * 2. Redistributions in binary form must reproduce the above copyright
10  * notice, this list of conditions and the following disclaimer in the
11  * documentation and/or other materials provided with the distribution.
12  *
13  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
14  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
15  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
17  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
19  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
20  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
21  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
22  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
23  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
24  *
25  */
26 
32 #include "config.h"
33 #include "status.h"
34 #include "file.h"
35 #include "log.h"
36 #include "util.h"
37 #include "signer/backup.h"
38 #include "signer/namedb.h"
39 #include "signer/zone.h"
40 
41 const char* db_str = "namedb";
42 
47 static ldns_rbnode_t*
48 domain2node(domain_type* domain)
49 {
50  ldns_rbnode_t* node = (ldns_rbnode_t*) malloc(sizeof(ldns_rbnode_t));
51  if (!node) {
52  return NULL;
53  }
54  node->key = domain->dname;
55  node->data = domain;
56  return node;
57 }
58 
59 
64 static ldns_rbnode_t*
65 denial2node(denial_type* denial)
66 {
67  ldns_rbnode_t* node = (ldns_rbnode_t*) malloc(sizeof(ldns_rbnode_t));
68  if (!node) {
69  return NULL;
70  }
71  node->key = denial->dname;
72  node->data = denial;
73  return node;
74 }
75 
76 
81 static int
82 domain_compare(const void* a, const void* b)
83 {
84  ldns_rdf* x = (ldns_rdf*)a;
85  ldns_rdf* y = (ldns_rdf*)b;
86  return ldns_dname_compare(x, y);
87 }
88 
89 
94 void
96 {
97  if (db) {
98  db->denials = ldns_rbtree_create(domain_compare);
99  }
100 }
101 
102 
107 static void
108 namedb_init_domains(namedb_type* db)
109 {
110  if (db) {
111  db->domains = ldns_rbtree_create(domain_compare);
112  }
113 }
114 
115 
121 namedb_create(void* zone)
122 {
123  namedb_type* db = NULL;
124  zone_type* z = (zone_type*) zone;
125 
126  ods_log_assert(z);
127  ods_log_assert(z->name);
128  CHECKALLOC(db = (namedb_type*) malloc(sizeof(namedb_type)));
129  if (!db) {
130  ods_log_error("[%s] unable to create namedb for zone %s: "
131  "allocator_alloc() failed", db_str, z->name);
132  return NULL;
133  }
134  db->zone = zone;
135 
136  namedb_init_domains(db);
137  if (!db->domains) {
138  ods_log_error("[%s] unable to create namedb for zone %s: "
139  "init domains failed", db_str, z->name);
140  namedb_cleanup(db);
141  return NULL;
142  }
144  if (!db->denials) {
145  ods_log_error("[%s] unable to create namedb for zone %s: "
146  "init denials failed", db_str, z->name);
147  namedb_cleanup(db);
148  return NULL;
149  }
150  db->inbserial = 0;
151  db->intserial = 0;
152  db->outserial = 0;
153  db->altserial = 0;
154  db->is_initialized = 0;
155  db->have_serial = 0;
156  db->is_processed = 0;
157  db->serial_updated = 0;
158  db->force_serial = 0;
159  return db;
160 }
161 
162 
167 static void*
168 namedb_domain_search(ldns_rbtree_t* tree, ldns_rdf* dname)
169 {
170  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
171  if (!tree || !dname) {
172  return NULL;
173  }
174  node = ldns_rbtree_search(tree, dname);
175  if (node && node != LDNS_RBTREE_NULL) {
176  return (void*) node->data;
177  }
178  return NULL;
179 }
180 
181 
182 static uint32_t
183 max(uint32_t a, uint32_t b)
184 {
185  return (a<b?b:a);
186 }
187 
188 
193 ods_status
194 namedb_update_serial(namedb_type* db, const char* zone_name, const char* format,
195  uint32_t inbound_serial)
196 {
197  uint32_t soa = 0;
198  uint32_t prev = 0;
199  uint32_t update = 0;
200  if (!db || !format || !zone_name) {
201  return ODS_STATUS_ASSERT_ERR;
202  }
203  prev = max(db->outserial, inbound_serial);
204  if (!db->have_serial) {
205  prev = inbound_serial;
206  }
207  ods_log_debug("[%s] zone %s update serial: format=%s in=%u internal=%u "
208  "out=%u now=%u", db_str, zone_name, format, db->inbserial,
209  db->intserial, db->outserial, (uint32_t) time_now());
210  if (db->force_serial) {
211  soa = db->altserial;
212  if (!util_serial_gt(soa, prev)) {
213  ods_log_warning("[%s] zone %s unable to enforce serial: %u does not "
214  " increase %u. Serial set to %u", db_str, zone_name, soa, prev,
215  (prev+1));
216  soa = prev + 1;
217  } else {
218  ods_log_info("[%s] zone %s enforcing serial %u", db_str, zone_name,
219  soa);
220  }
221  db->force_serial = 0;
222  } else if (ods_strcmp(format, "unixtime") == 0) {
223  soa = (uint32_t) time_now();
224  if (!util_serial_gt(soa, prev)) {
225  if (!db->have_serial) {
226  ods_log_warning("[%s] zone %s unable to use unixtime as serial: "
227  "%u does not increase %u. Serial set to %u", db_str,
228  zone_name, soa, prev, (prev+1));
229  }
230  soa = prev + 1;
231  }
232  } else if (ods_strcmp(format, "datecounter") == 0) {
233  soa = (uint32_t) time_datestamp(0, "%Y%m%d", NULL) * 100;
234  if (!util_serial_gt(soa, prev)) {
235  if (!db->have_serial) {
236  ods_log_info("[%s] zone %s unable to use datecounter as "
237  "serial: %u does not increase %u. Serial set to %u", db_str,
238  zone_name, soa, prev, (prev+1));
239  }
240  soa = prev + 1;
241  }
242  } else if (ods_strcmp(format, "counter") == 0) {
243  soa = inbound_serial + 1;
244  if (db->have_serial && !util_serial_gt(soa, prev)) {
245  soa = prev + 1;
246  }
247  } else if (ods_strcmp(format, "keep") == 0) {
248  prev = db->outserial;
249  soa = inbound_serial;
250  if (db->have_serial && !util_serial_gt(soa, prev)) {
251  ods_log_error("[%s] zone %s cannot keep SOA SERIAL from input zone "
252  " (%u): previous output SOA SERIAL is %u", db_str, zone_name,
253  soa, prev);
254  return ODS_STATUS_CONFLICT_ERR;
255  }
256  } else {
257  ods_log_error("[%s] zone %s unknown serial type %s", db_str, zone_name,
258  format);
259  return ODS_STATUS_ERR;
260  }
261  /* serial is stored in 32 bits */
262  update = soa - prev;
263  if (update > 0x7FFFFFFF) {
264  update = 0x7FFFFFFF;
265  }
266  if (!db->have_serial) {
267  db->intserial = soa;
268  } else {
269  db->intserial = prev + update; /* automatically does % 2^32 */
270  }
271  ods_log_debug("[%s] zone %s update serial: %u + %u = %u", db_str, zone_name,
272  prev, update, db->intserial);
273  return ODS_STATUS_OK;
274 }
275 
276 
281 ods_status
282 namedb_domain_entize(namedb_type* db, domain_type* domain, ldns_rdf* apex)
283 {
284  ldns_rdf* parent_rdf = NULL;
285  domain_type* parent_domain = NULL;
286  ods_log_assert(apex);
287  ods_log_assert(domain);
288  ods_log_assert(domain->dname);
289  ods_log_assert(db);
290  ods_log_assert(db->domains);
291  if (domain->parent) {
292  /* domain already has parent */
293  return ODS_STATUS_OK;
294  }
295 
296  while (domain && ldns_dname_is_subdomain(domain->dname, apex) &&
297  ldns_dname_compare(domain->dname, apex) != 0) {
305  parent_rdf = ldns_dname_left_chop(domain->dname);
306  if (!parent_rdf) {
307  ods_log_error("[%s] unable to entize domain: left chop failed",
308  db_str);
309  return ODS_STATUS_ERR;
310  }
311  parent_domain = namedb_lookup_domain(db, parent_rdf);
312  if (!parent_domain) {
313  parent_domain = namedb_add_domain(db, parent_rdf);
314  ldns_rdf_deep_free(parent_rdf);
315  if (!parent_domain) {
316  ods_log_error("[%s] unable to entize domain: failed to add "
317  "parent domain", db_str);
318  return ODS_STATUS_ERR;
319  }
320  domain->parent = parent_domain;
321  /* continue with the parent domain */
322  domain = parent_domain;
323  } else {
324  ldns_rdf_deep_free(parent_rdf);
325  domain->parent = parent_domain;
326  /* domain has parent, entize done */
327  domain = NULL;
328  }
329  }
330  return ODS_STATUS_OK;
331 }
332 
333 
339 namedb_lookup_domain(namedb_type* db, ldns_rdf* dname)
340 {
341  if (!db) {
342  return NULL;
343  }
344  return (domain_type*) namedb_domain_search(db->domains, dname);
345 }
346 
347 
353 namedb_add_domain(namedb_type* db, ldns_rdf* dname)
354 {
355  domain_type* domain = NULL;
356  ldns_rbnode_t* new_node = LDNS_RBTREE_NULL;
357  if (!dname || !db || !db->domains) {
358  return NULL;
359  }
360  domain = domain_create(db->zone, dname);
361  if (!domain) {
362  ods_log_error("[%s] unable to add domain: domain_create() failed",
363  db_str);
364  return NULL;
365  }
366  new_node = domain2node(domain);
367  if (!new_node) {
368  ods_log_error("[%s] unable to add domain: domain2node() failed",
369  db_str);
370  return NULL;
371  }
372  if (ldns_rbtree_insert(db->domains, new_node) == NULL) {
373  ods_log_error("[%s] unable to add domain: already present", db_str);
374  log_dname(domain->dname, "ERR +DOMAIN", LOG_ERR);
375  domain_cleanup(domain);
376  free((void*)new_node);
377  return NULL;
378  }
379  domain = (domain_type*) new_node->data;
380  domain->node = new_node;
381  domain->is_new = 1;
382  log_dname(domain->dname, "+DOMAIN", LOG_DEEEBUG);
383  return domain;
384 }
385 
386 
393 {
394  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
395  if (!domain || !db || !db->domains) {
396  ods_log_error("[%s] unable to delete domain: !db || !domain", db_str);
397  return NULL;
398  }
399  if (domain->rrsets || domain->denial) {
400  ods_log_error("[%s] unable to delete domain: domain in use", db_str);
401  log_dname(domain->dname, "ERR -DOMAIN", LOG_ERR);
402  return NULL;
403  }
404  node = ldns_rbtree_delete(db->domains, (const void*)domain->dname);
405  if (node) {
406  ods_log_assert(domain->node == node);
407  ods_log_assert(!domain->rrsets);
408  ods_log_assert(!domain->denial);
409  free((void*)node);
410  domain->node = NULL;
411  log_dname(domain->dname, "-DOMAIN", LOG_DEEEBUG);
412  return domain;
413  }
414  ods_log_error("[%s] unable to delete domain: not found", db_str);
415  log_dname(domain->dname, "ERR -DOMAIN", LOG_ERR);
416  return NULL;
417 }
418 
419 
425 namedb_lookup_denial(namedb_type* db, ldns_rdf* dname)
426 {
427  if (!db) {
428  return NULL;
429  }
430  return (denial_type*) namedb_domain_search(db->denials, dname);
431 }
432 
433 
438 static int
439 domain_is_empty_terminal(domain_type* domain)
440 {
441  ldns_rbnode_t* n = LDNS_RBTREE_NULL;
442  domain_type* d = NULL;
443  ods_log_assert(domain);
444  if (domain->is_apex) {
445  return 0;
446  }
447  if (domain->rrsets) {
448  return 0;
449  }
450  n = ldns_rbtree_next(domain->node);
451  if (n) {
452  d = (domain_type*) n->data;
453  }
454  /* if it has children domains, do not delete it */
455  if(d && ldns_dname_is_subdomain(d->dname, domain->dname)) {
456  return 0;
457  }
458  return 1;
459 }
460 
461 
466 static int
467 domain_can_be_deleted(domain_type* domain)
468 {
469  ods_log_assert(domain);
470  return (domain_is_empty_terminal(domain) && !domain->denial);
471 }
472 
473 
478 static void
479 namedb_add_nsec_trigger(namedb_type* db, domain_type* domain)
480 {
481  ldns_rr_type dstatus = LDNS_RR_TYPE_FIRST;
482  denial_type* denial = NULL;
483  ods_log_assert(db);
484  ods_log_assert(domain);
485  ods_log_assert(!domain->denial);
486  dstatus = domain_is_occluded(domain);
487  if (dstatus == LDNS_RR_TYPE_DNAME || dstatus == LDNS_RR_TYPE_A) {
488  return; /* don't do occluded/glue domain */
489  }
490  if (!domain->rrsets) {
491  return; /* don't do empty domain */
492  }
493  /* ok, nsecify this domain */
494  denial = namedb_add_denial(db, domain->dname, NULL);
495  ods_log_assert(denial);
496  denial->domain = (void*) domain;
497  domain->denial = (void*) denial;
498  domain->is_new = 0;
499 }
500 
501 
506 static void
507 namedb_add_nsec3_trigger(namedb_type* db, domain_type* domain,
508  nsec3params_type* n3p)
509 {
510  ldns_rr_type dstatus = LDNS_RR_TYPE_FIRST;
511  denial_type* denial = NULL;
512  ods_log_assert(db);
513  ods_log_assert(n3p);
514  ods_log_assert(domain);
515  ods_log_assert(!domain->denial);
516  dstatus = domain_is_occluded(domain);
517  if (dstatus == LDNS_RR_TYPE_DNAME || dstatus == LDNS_RR_TYPE_A) {
518  return; /* don't do occluded/glue domain */
519  }
520  /* Opt-Out? */
521  if (n3p->flags) {
522  dstatus = domain_is_delegpt(domain);
523  /* If Opt-Out is being used, owner names of unsigned delegations
524  MAY be excluded. */
525  if (dstatus == LDNS_RR_TYPE_NS) {
526  return;
527  }
528  }
529  /* ok, nsecify3 this domain */
530  denial = namedb_add_denial(db, domain->dname, n3p);
531  ods_log_assert(denial);
532  denial->domain = (void*) domain;
533  domain->denial = (void*) denial;
534  domain->is_new = 0;
535 }
536 
537 
542 static void
543 namedb_add_denial_trigger(namedb_type* db, domain_type* domain)
544 {
545  zone_type* zone = NULL;
546  ods_log_assert(db);
547  ods_log_assert(domain);
548  if (!domain->denial) {
549  zone = domain->zone;
550  ods_log_assert(zone);
551  ods_log_assert(zone->signconf);
552  if (!zone->signconf->passthrough) {
553  if (zone->signconf->nsec_type == LDNS_RR_TYPE_NSEC) {
554  namedb_add_nsec_trigger(db, domain);
555  } else {
556  ods_log_assert(zone->signconf->nsec_type == LDNS_RR_TYPE_NSEC3);
557  namedb_add_nsec3_trigger(db, domain, zone->signconf->nsec3params);
558  }
559  }
560  }
561 }
562 
563 
568 static void
569 namedb_del_nsec_trigger(namedb_type* db, domain_type* domain)
570 {
571  ldns_rr_type dstatus = LDNS_RR_TYPE_FIRST;
572  denial_type* denial = NULL;
573  ods_log_assert(db);
574  ods_log_assert(domain);
575  ods_log_assert(domain->denial);
576  dstatus = domain_is_occluded(domain);
577  if (dstatus == LDNS_RR_TYPE_DNAME || dstatus == LDNS_RR_TYPE_A ||
578  domain_is_empty_terminal(domain) || !domain->rrsets) {
579  /* domain has become occluded/glue or empty non-terminal*/
580  denial_diff((denial_type*) domain->denial);
581  denial = namedb_del_denial(db, domain->denial);
582  denial_cleanup(denial);
583  domain->denial = NULL;
584  }
585 }
586 
587 
592 static void
593 namedb_del_nsec3_trigger(namedb_type* db, domain_type* domain,
594  nsec3params_type* n3p)
595 {
596  ldns_rr_type dstatus = LDNS_RR_TYPE_FIRST;
597  denial_type* denial = NULL;
598  ods_log_assert(db);
599  ods_log_assert(n3p);
600  ods_log_assert(domain);
601  ods_log_assert(domain->denial);
602  dstatus = domain_is_occluded(domain);
603  if (dstatus == LDNS_RR_TYPE_DNAME || dstatus == LDNS_RR_TYPE_A ||
604  domain_is_empty_terminal(domain)) {
605  /* domain has become occluded/glue */
606  denial_diff((denial_type*) domain->denial);
607  denial = namedb_del_denial(db, domain->denial);
608  denial_cleanup(denial);
609  domain->denial = NULL;
610  } else if (n3p->flags) {
611  dstatus = domain_is_delegpt(domain);
612  /* If Opt-Out is being used, owner names of unsigned delegations
613  MAY be excluded. */
614  if (dstatus == LDNS_RR_TYPE_NS) {
615  denial_diff((denial_type*) domain->denial);
616  denial = namedb_del_denial(db, domain->denial);
617  denial_cleanup(denial);
618  domain->denial = NULL;
619  }
620  }
621 }
622 
623 
628 static int
629 namedb_del_denial_trigger(namedb_type* db, domain_type* domain, int rollback)
630 {
631  domain_type* parent = NULL;
632  zone_type* zone = NULL;
633  unsigned is_deleted = 0;
634  ods_log_assert(db);
635  ods_log_assert(domain);
636  ods_log_assert(domain->dname);
637  zone = domain->zone;
638  ods_log_assert(zone);
639  ods_log_assert(zone->signconf);
640  while(domain) {
641  if (!rollback) {
642  if (domain->denial) {
643  if (zone->signconf->nsec_type == LDNS_RR_TYPE_NSEC) {
644  namedb_del_nsec_trigger(db, domain);
645  } else {
646  ods_log_assert(zone->signconf->nsec_type ==
647  LDNS_RR_TYPE_NSEC3);
648  namedb_del_nsec3_trigger(db, domain,
649  zone->signconf->nsec3params);
650  }
651  }
652  }
653  parent = domain->parent;
654  if (domain_can_be_deleted(domain)) {
655  /* -DOMAIN */
656  domain = namedb_del_domain(db, domain);
657  domain_cleanup(domain);
658  is_deleted = 1;
659  }
660  /* continue with parent */
661  domain = parent;
662  }
663  return is_deleted;
664 }
665 
666 
671 static ldns_rdf*
672 dname_hash(ldns_rdf* dname, ldns_rdf* apex, nsec3params_type* nsec3params)
673 {
674  ldns_rdf* hashed_ownername = NULL;
675  ldns_rdf* hashed_label = NULL;
676  ods_log_assert(dname);
677  ods_log_assert(apex);
678  ods_log_assert(nsec3params);
683  hashed_label = ldns_nsec3_hash_name(dname, nsec3params->algorithm,
684  nsec3params->iterations, nsec3params->salt_len,
685  nsec3params->salt_data);
686  if (!hashed_label) {
687  return NULL;
688  }
689  hashed_ownername = ldns_dname_cat_clone((const ldns_rdf*) hashed_label,
690  (const ldns_rdf*) apex);
691  if (!hashed_ownername) {
692  return NULL;
693  }
694  ldns_rdf_deep_free(hashed_label);
695  return hashed_ownername;
696 }
697 
698 
704 namedb_add_denial(namedb_type* db, ldns_rdf* dname, nsec3params_type* n3p)
705 {
706  zone_type* z = NULL;
707  ldns_rbnode_t* new_node = LDNS_RBTREE_NULL;
708  ldns_rbnode_t* pnode = LDNS_RBTREE_NULL;
709  ldns_rdf* owner = NULL;
710  denial_type* denial = NULL;
711  denial_type* pdenial = NULL;
712 
713  ods_log_assert(db);
714  ods_log_assert(db->denials);
715  ods_log_assert(dname);
716  /* nsec or nsec3 */
717  if (n3p) {
718  z = (zone_type*) db->zone;
719  owner = dname_hash(dname, z->apex, n3p);
720  } else {
721  owner = ldns_rdf_clone(dname);
722  }
723  if (!owner) {
724  ods_log_error("[%s] unable to add denial: create owner failed",
725  db_str);
726  return NULL;
727  }
728  denial = denial_create(db->zone, owner);
729  if (!denial) {
730  ods_log_error("[%s] unable to add denial: denial_create() failed",
731  db_str);
732  return NULL;
733  }
734  new_node = denial2node(denial);
735  if (!new_node) {
736  ods_log_error("[%s] unable to add denial: denial2node() failed",
737  db_str);
738  return NULL;
739  }
740  if (!ldns_rbtree_insert(db->denials, new_node)) {
741  ods_log_error("[%s] unable to add denial: already present", db_str);
742  log_dname(denial->dname, "ERR +DENIAL", LOG_ERR);
743  denial_cleanup(denial);
744  free((void*)new_node);
745  return NULL;
746  }
747  /* denial of existence data point added */
748  denial = (denial_type*) new_node->data;
749  denial->node = new_node;
750  denial->nxt_changed = 1;
751  pnode = ldns_rbtree_previous(new_node);
752  if (!pnode || pnode == LDNS_RBTREE_NULL) {
753  pnode = ldns_rbtree_last(db->denials);
754  }
755  ods_log_assert(pnode);
756  pdenial = (denial_type*) pnode->data;
757  ods_log_assert(pdenial);
758  pdenial->nxt_changed = 1;
759  log_dname(denial->dname, "+DENIAL", LOG_DEEEBUG);
760  return denial;
761 }
762 
763 
770 {
771  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
772  ldns_rbnode_t* pnode = LDNS_RBTREE_NULL;
773  denial_type* pdenial = NULL;
774 
775  if (!denial || !db || !db->denials) {
776  return NULL;
777  }
778  if (denial->rrset && denial->rrset->rr_count) {
779  ods_log_error("[%s] unable to delete denial: denial in use [#%lu]",
780  db_str, (unsigned long)denial->rrset->rr_count);
781  log_dname(denial->dname, "ERR -DENIAL", LOG_ERR);
782  return NULL;
783  }
784  pnode = ldns_rbtree_previous(denial->node);
785  if (!pnode || pnode == LDNS_RBTREE_NULL) {
786  pnode = ldns_rbtree_last(db->denials);
787  }
788  ods_log_assert(pnode);
789  pdenial = (denial_type*) pnode->data;
790  ods_log_assert(pdenial);
791  node = ldns_rbtree_delete(db->denials, (const void*)denial->dname);
792  if (!node) {
793  ods_log_error("[%s] unable to delete denial: not found", db_str);
794  log_dname(denial->dname, "ERR -DENIAL", LOG_ERR);
795  return NULL;
796  }
797  ods_log_assert(denial->node == node);
798  pdenial->nxt_changed = 1;
799  free((void*)node);
800  denial->domain = NULL;
801  denial->node = NULL;
802  log_dname(denial->dname, "-DENIAL", LOG_DEEEBUG);
803  return denial;
804 }
805 
806 
811 void
812 namedb_diff(namedb_type* db, unsigned is_ixfr, unsigned more_coming)
813 {
814  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
815  domain_type* domain = NULL;
816  if (!db || !db->domains) {
817  return;
818  }
819  node = ldns_rbtree_first(db->domains);
820  if (!node || node == LDNS_RBTREE_NULL) {
821  return;
822  }
823  while (node && node != LDNS_RBTREE_NULL) {
824  domain = (domain_type*) node->data;
825  node = ldns_rbtree_next(node);
826  domain_diff(domain, is_ixfr, more_coming);
827  }
828  node = ldns_rbtree_first(db->domains);
829  if (!node || node == LDNS_RBTREE_NULL) {
830  return;
831  }
832  while (node && node != LDNS_RBTREE_NULL) {
833  domain = (domain_type*) node->data;
834  node = ldns_rbtree_next(node);
835  if (!namedb_del_denial_trigger(db, domain, 0)) {
836  /* del_denial did not delete domain */
837  namedb_add_denial_trigger(db, domain);
838  }
839  }
840 }
841 
842 
847 void
848 namedb_rollback(namedb_type* db, unsigned keepsc)
849 {
850  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
851  domain_type* domain = NULL;
852  if (!db || !db->domains) {
853  return;
854  }
855  node = ldns_rbtree_first(db->domains);
856  if (!node || node == LDNS_RBTREE_NULL) {
857  return;
858  }
859  while (node && node != LDNS_RBTREE_NULL) {
860  domain = (domain_type*) node->data;
861  node = ldns_rbtree_next(node);
862  domain_rollback(domain, keepsc);
863  (void) namedb_del_denial_trigger(db, domain, 1);
864  }
865 }
866 
867 
872 void
873 namedb_nsecify(namedb_type* db, uint32_t* num_added)
874 {
875  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
876  ldns_rbnode_t* nxt_node = LDNS_RBTREE_NULL;
877  denial_type* denial = NULL;
878  denial_type* nxt = NULL;
879  uint32_t nsec_added = 0;
880  ods_log_assert(db);
881  node = ldns_rbtree_first(db->denials);
882  while (node && node != LDNS_RBTREE_NULL) {
883  denial = (denial_type*) node->data;
884  nxt_node = ldns_rbtree_next(node);
885  if (!nxt_node || nxt_node == LDNS_RBTREE_NULL) {
886  nxt_node = ldns_rbtree_first(db->denials);
887  }
888  nxt = (denial_type*) nxt_node->data;
889  denial_nsecify(denial, nxt, &nsec_added);
890  node = ldns_rbtree_next(node);
891  }
892  if (num_added) {
893  *num_added = nsec_added;
894  }
895 }
896 
897 
902 ods_status
904 {
905  ods_status status = ODS_STATUS_OK;
906  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
907  domain_type* domain = NULL;
908  rrset_type* rrset = NULL;
909  int soa_seen = 0;
910 /*
911  ldns_rr_type dstatus = LDNS_RR_TYPE_FIRST;
912  ldns_rr_type delegpt = LDNS_RR_TYPE_FIRST;
913 */
914 
915  if (!db || !db->domains) {
916  /* no db, no error */
917  return ODS_STATUS_OK;
918  }
919  if (db->domains->root != LDNS_RBTREE_NULL) {
920  node = ldns_rbtree_first(db->domains);
921  }
922  while (node && node != LDNS_RBTREE_NULL) {
923  domain = (domain_type*) node->data;
924  rrset = domain_lookup_rrset(domain, LDNS_RR_TYPE_CNAME);
925  if (rrset) {
926  /* Thou shall not have other data next to CNAME */
927  if (domain_count_rrset_is_added(domain) > 1 &&
928  rrset_count_rr_is_added(rrset) > 0) {
929  log_rrset(domain->dname, rrset->rrtype,
930  "CNAME and other data at the same name", LOG_ERR);
931  return ODS_STATUS_CONFLICT_ERR;
932  }
933  /* Thou shall have at most one CNAME per name */
934  if (rrset_count_rr_is_added(rrset) > 1) {
935  log_rrset(domain->dname, rrset->rrtype,
936  "multiple CNAMEs at the same name", LOG_ERR);
937  return ODS_STATUS_CONFLICT_ERR;
938  }
939  }
940  rrset = domain_lookup_rrset(domain, LDNS_RR_TYPE_DNAME);
941  if (rrset) {
942  /* Thou shall have at most one DNAME per name */
943  if (rrset_count_rr_is_added(rrset) > 1) {
944  log_rrset(domain->dname, rrset->rrtype,
945  "multiple DNAMEs at the same name", LOG_ERR);
946  return ODS_STATUS_CONFLICT_ERR;
947  }
948  }
949  if (!soa_seen && domain->is_apex) {
950  rrset = domain_lookup_rrset(domain, LDNS_RR_TYPE_SOA);
951  if (rrset) {
952  /* Thou shall have one and only one SOA */
953  if (rrset_count_rr_is_added(rrset) != 1) {
954  log_rrset(domain->dname, rrset->rrtype,
955  "Wrong number of SOA records, should be 1", LOG_ERR);
956  return ODS_STATUS_CONFLICT_ERR;
957  }
958  } else {
959  log_rrset(domain->dname, LDNS_RR_TYPE_SOA, "missing SOA RRset",
960  LOG_ERR);
961  return ODS_STATUS_CONFLICT_ERR;
962  }
963  }
964 /*
965  dstatus = domain_is_occluded(domain);
966  delegpt = domain_is_delegpt(domain);
967 */
968  /* Thou shall not have occluded data in your zone file */
969  node = ldns_rbtree_next(node);
970  }
971  return status;
972 }
973 
974 
979 void
981 {
982  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
983  denial_type* denial = NULL;
984  zone_type* zone = NULL;
985  size_t i = 0;
986 
987  if (db && db->denials) {
988  zone = (zone_type*) db->zone;
989  ods_log_assert(zone);
990  ods_log_assert(zone->name);
991  ods_log_debug("[%s] wipe denial of existence space zone %s", db_str,
992  zone->name);
993  node = ldns_rbtree_first(db->denials);
994  while (node && node != LDNS_RBTREE_NULL) {
995  denial = (denial_type*) node->data;
996  if (!denial->rrset) {
997  node = ldns_rbtree_next(node);
998  continue;
999  }
1000  for (i=0; i < denial->rrset->rr_count; i++) {
1001  if (denial->rrset->rrs[i].exists) {
1002  /* ixfr -RR */
1003  lock_basic_lock(&zone->ixfr->ixfr_lock);
1004  ixfr_del_rr(zone->ixfr, denial->rrset->rrs[i].rr);
1005  lock_basic_unlock(&zone->ixfr->ixfr_lock);
1006  }
1007  denial->rrset->rrs[i].exists = 0;
1008  rrset_del_rr(denial->rrset, i);
1009  i--;
1010  }
1011  rrset_drop_rrsigs(zone, denial->rrset);
1012  rrset_cleanup(denial->rrset);
1013  denial->rrset = NULL;
1014  node = ldns_rbtree_next(node);
1015  }
1016  }
1017 }
1018 
1023 void
1024 namedb_export(FILE* fd, namedb_type* db, ods_status* status)
1025 {
1026  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
1027  domain_type* domain = NULL;
1028  if (!fd || !db || !db->domains) {
1029  if (status) {
1030  ods_log_error("[%s] unable to export namedb: file descriptor "
1031  "or name database missing", db_str);
1032  *status = ODS_STATUS_ASSERT_ERR;
1033  }
1034  return;
1035  }
1036  node = ldns_rbtree_first(db->domains);
1037  if (!node || node == LDNS_RBTREE_NULL) {
1038  fprintf(fd, "; empty zone\n");
1039  if (status) {
1040  *status = ODS_STATUS_OK;
1041  }
1042  return;
1043  }
1044  while (node && node != LDNS_RBTREE_NULL) {
1045  domain = (domain_type*) node->data;
1046  if (domain) {
1047  domain_print(fd, domain, status);
1048  }
1049  node = ldns_rbtree_next(node);
1050  }
1051 }
1052 
1053 
1058 static void
1059 domain_delfunc(ldns_rbnode_t* elem)
1060 {
1061  domain_type* domain = NULL;
1062  if (elem && elem != LDNS_RBTREE_NULL) {
1063  domain = (domain_type*) elem->data;
1064  domain_delfunc(elem->left);
1065  domain_delfunc(elem->right);
1066  domain_cleanup(domain);
1067  free((void*)elem);
1068  }
1069 }
1070 
1071 
1076 static void
1077 denial_delfunc(ldns_rbnode_t* elem)
1078 {
1079  denial_type* denial = NULL;
1080  domain_type* domain = NULL;
1081  if (elem && elem != LDNS_RBTREE_NULL) {
1082  denial = (denial_type*) elem->data;
1083  denial_delfunc(elem->left);
1084  denial_delfunc(elem->right);
1085  domain = (domain_type*) denial->domain;
1086  if (domain) {
1087  domain->denial = NULL;
1088  }
1089  denial_cleanup(denial);
1090  free((void*)elem);
1091  }
1092 }
1093 
1094 
1099 static void
1100 namedb_cleanup_domains(namedb_type* db)
1101 {
1102  if (db && db->domains) {
1103  domain_delfunc(db->domains->root);
1104  ldns_rbtree_free(db->domains);
1105  db->domains = NULL;
1106  }
1107 }
1108 
1109 
1114 void
1116 {
1117  if (db && db->denials) {
1118  denial_delfunc(db->denials->root);
1119  ldns_rbtree_free(db->denials);
1120  db->denials = NULL;
1121  }
1122 }
1123 
1124 
1129 void
1131 {
1132  zone_type* z = NULL;
1133  if (!db) {
1134  return;
1135  }
1136  z = (zone_type*) db->zone;
1137  if (!z) {
1138  return;
1139  }
1141  namedb_cleanup_domains(db);
1142  free(db);
1143 }
1144 
1145 
1150 void
1152 {
1153  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
1154  domain_type* domain = NULL;
1155  denial_type* denial = NULL;
1156  if (!fd || !db) {
1157  return;
1158  }
1159  node = ldns_rbtree_first(db->domains);
1160  while (node && node != LDNS_RBTREE_NULL) {
1161  domain = (domain_type*) node->data;
1162  domain_backup2(fd, domain, 0);
1163  node = ldns_rbtree_next(node);
1164  }
1165  fprintf(fd, ";\n");
1166  node = ldns_rbtree_first(db->denials);
1167  while (node && node != LDNS_RBTREE_NULL) {
1168  denial = (denial_type*) node->data;
1169  if (denial->rrset) {
1170  rrset_print(fd, denial->rrset, 1, NULL);
1171  }
1172  node = ldns_rbtree_next(node);
1173  }
1174  fprintf(fd, ";\n");
1175  /* signatures */
1176  node = ldns_rbtree_first(db->domains);
1177  while (node && node != LDNS_RBTREE_NULL) {
1178  domain = (domain_type*) node->data;
1179  domain_backup2(fd, domain, 1);
1180  node = ldns_rbtree_next(node);
1181  }
1182  node = ldns_rbtree_first(db->denials);
1183  while (node && node != LDNS_RBTREE_NULL) {
1184  denial = (denial_type*) node->data;
1185  if (denial->rrset) {
1186  rrset_backup2(fd, denial->rrset);
1187  }
1188  node = ldns_rbtree_next(node);
1189  }
1190  fprintf(fd, ";\n");
1191 }
size_t domain_count_rrset_is_added(domain_type *domain)
Definition: domain.c:118
void domain_cleanup(domain_type *domain)
Definition: domain.c:469
denial_type * denial_create(zone_type *zone, ldns_rdf *dname)
Definition: denial.c:48
void namedb_cleanup_denials(namedb_type *db)
Definition: namedb.c:1115
uint32_t intserial
Definition: namedb.h:54
void namedb_export(FILE *fd, namedb_type *db, ods_status *status)
Definition: namedb.c:1024
rrset_type * rrset
Definition: denial.h:55
size_t rr_count
Definition: rrset.h:65
void rrset_cleanup(rrset_type *rrset)
Definition: rrset.c:845
void domain_backup2(FILE *fd, domain_type *domain, int sigs)
Definition: domain.c:485
rrset_type * domain_lookup_rrset(domain_type *domain, ldns_rr_type rrtype)
Definition: domain.c:141
domain_type * namedb_del_domain(namedb_type *db, domain_type *domain)
Definition: namedb.c:392
void denial_cleanup(denial_type *denial)
Definition: denial.c:350
uint16_t iterations
Definition: nsec3params.h:51
void namedb_cleanup(namedb_type *db)
Definition: namedb.c:1130
void domain_print(FILE *fd, domain_type *domain, ods_status *status)
Definition: domain.c:402
size_t rrset_count_rr_is_added(rrset_type *rrset)
Definition: rrset.c:264
unsigned have_serial
Definition: namedb.h:61
void ixfr_del_rr(ixfr_type *ixfr, ldns_rr *rr)
Definition: ixfr.c:151
domain_type * domain
Definition: denial.h:52
void rrset_drop_rrsigs(zone_type *zone, rrset_type *rrset)
Definition: rrset.c:399
uint32_t outserial
Definition: namedb.h:55
ldns_rbtree_t * domains
Definition: namedb.h:51
void namedb_init_denials(namedb_type *db)
Definition: namedb.c:95
ods_status namedb_update_serial(namedb_type *db, const char *zone_name, const char *format, uint32_t inbound_serial)
Definition: namedb.c:194
ldns_rr_type rrtype
Definition: rrset.h:63
void namedb_diff(namedb_type *db, unsigned is_ixfr, unsigned more_coming)
Definition: namedb.c:812
void domain_diff(domain_type *domain, unsigned is_ixfr, unsigned more_coming)
Definition: domain.c:190
ldns_rr_type nsec_type
Definition: signconf.h:55
void namedb_backup2(FILE *fd, namedb_type *db)
Definition: namedb.c:1151
denial_type * denial
Definition: domain.h:52
void namedb_nsecify(namedb_type *db, uint32_t *num_added)
Definition: namedb.c:873
unsigned exists
Definition: rrset.h:54
domain_type * parent
Definition: domain.h:56
uint8_t * salt_data
Definition: nsec3params.h:53
void log_rrset(ldns_rdf *dname, ldns_rr_type type, const char *pre, int level)
Definition: rrset.c:99
denial_type * namedb_del_denial(namedb_type *db, denial_type *denial)
Definition: namedb.c:769
ixfr_type * ixfr
Definition: zone.h:78
uint32_t inbserial
Definition: namedb.h:53
unsigned nxt_changed
Definition: denial.h:57
unsigned serial_updated
Definition: namedb.h:59
unsigned is_initialized
Definition: namedb.h:57
ldns_rbtree_t * denials
Definition: namedb.h:52
ldns_rr_type domain_is_delegpt(domain_type *domain)
Definition: domain.c:348
unsigned is_processed
Definition: namedb.h:58
ods_status namedb_domain_entize(namedb_type *db, domain_type *domain, ldns_rdf *apex)
Definition: namedb.c:282
signconf_type * signconf
Definition: zone.h:75
ldns_rr_type domain_is_occluded(domain_type *domain)
Definition: domain.c:373
domain_type * domain_create(zone_type *zone, ldns_rdf *dname)
Definition: domain.c:88
void namedb_rollback(namedb_type *db, unsigned keepsc)
Definition: namedb.c:848
void log_dname(ldns_rdf *rdf, const char *pre, int level)
Definition: domain.c:48
unsigned force_serial
Definition: namedb.h:60
domain_type * namedb_lookup_domain(namedb_type *db, ldns_rdf *dname)
Definition: namedb.c:339
unsigned is_apex
Definition: domain.h:59
void rrset_backup2(FILE *fd, rrset_type *rrset)
Definition: rrset.c:868
unsigned is_new
Definition: domain.h:58
void rrset_del_rr(rrset_type *rrset, uint16_t rrnum)
Definition: rrset.c:320
namedb_type * namedb_create(void *zone)
Definition: namedb.c:121
zone_type * zone
Definition: domain.h:53
void denial_diff(denial_type *denial)
Definition: denial.c:246
ldns_rr * rr
Definition: rrset.h:52
lock_basic_type ixfr_lock
Definition: ixfr.h:64
const char * db_str
Definition: namedb.c:41
nsec3params_type * nsec3params
Definition: signconf.h:60
ods_status namedb_examine(namedb_type *db)
Definition: namedb.c:903
domain_type * namedb_add_domain(namedb_type *db, ldns_rdf *dname)
Definition: namedb.c:353
const char * name
Definition: zone.h:67
ldns_rbnode_t * node
Definition: domain.h:54
void domain_rollback(domain_type *domain, int keepsc)
Definition: domain.c:241
uint32_t altserial
Definition: namedb.h:56
ldns_rdf * dname
Definition: denial.h:54
ldns_rbnode_t * node
Definition: denial.h:53
rrset_type * rrsets
Definition: domain.h:57
zone_type * zone
Definition: namedb.h:50
void namedb_wipe_denial(namedb_type *db)
Definition: namedb.c:980
void denial_nsecify(denial_type *denial, denial_type *nxt, uint32_t *num_added)
Definition: denial.c:295
ldns_rdf * apex
Definition: zone.h:59
denial_type * namedb_add_denial(namedb_type *db, ldns_rdf *dname, nsec3params_type *n3p)
Definition: namedb.c:704
denial_type * namedb_lookup_denial(namedb_type *db, ldns_rdf *dname)
Definition: namedb.c:425
void rrset_print(FILE *fd, rrset_type *rrset, int skip_rrsigs, ods_status *status)
Definition: rrset.c:788
ldns_rdf * dname
Definition: domain.h:55
rr_type * rrs
Definition: rrset.h:64