dnssec-signzone.c revision 6098d364b690cb9dabf96e9664c4689c8559bd2e
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt * Portions Copyright (C) 2004-2008 Internet Systems Consortium, Inc. ("ISC")
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt * Portions Copyright (C) 1999-2003 Internet Software Consortium.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt * Permission to use, copy, modify, and/or distribute this software for any
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt * purpose with or without fee is hereby granted, provided that the above
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt * copyright notice and this permission notice appear in all copies.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt * Permission to use, copy, modify, and/or distribute this software for any
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt * purpose with or without fee is hereby granted, provided that the above
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt * copyright notice and this permission notice appear in all copies.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
4a53e3c2b83c476a93148eaee0272649beb221caMark Andrews * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt/* $Id: dnssec-signzone.c,v 1.207 2008/09/24 02:46:21 marka Exp $ */
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt#define IS_NSEC3 (nsec_datatype == dns_rdatatype_nsec3)
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt#define OPTOUT(x) (((x) & DNS_NSEC3FLAG_OPTOUT) != 0)
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt unsigned int position;
#define SOA_SERIAL_KEEP 0
struct signer_event {
static unsigned int keycount = 0;
static int jitter = 0;
static const char *directory;
static int nsec3flags = 0;
static unsigned int ntasks = 0;
static unsigned int hash_length = 0;
if (printstats) { \
counter++; \
static isc_boolean_t
static signer_key_t *
return (key);
if (tryverify) {
static inline isc_boolean_t
static inline isc_boolean_t
static signer_key_t *
return key;
return (NULL);
return (key);
static isc_boolean_t
switch (result) {
case ISC_R_SUCCESS:
case DNS_R_NXDOMAIN:
case DNS_R_NXRRSET:
return (ISC_TRUE);
case DNS_R_DELEGATION:
case DNS_R_CNAME:
case DNS_R_DNAME:
return (ISC_FALSE);
static inline isc_boolean_t
return (ISC_TRUE);
return (ISC_FALSE);
int arraysize;
if (!nosigs)
for (i = 0; i < arraysize; i++)
if (nosigs)
sigstr);
sigstr);
if (!expired)
} else if (!expired) {
if (keep) {
&sigrdata,
&tuple);
&sigrdata,
&tuple);
if (resign) {
isc_buffer_t b;
&tuple);
isc_buffer_t b;
struct hashlist {
unsigned char *hashbuf;
l->entries = 0;
if (nodes != 0) {
l->size = 0;
l->size = 0;
l->entries++;
unsigned int len;
size_t i;
if (verbose) {
for (i = 0 ; i < len; i++)
hashlist_comp(const void *a, const void *b) {
static isc_boolean_t
unsigned char *current;
entries--;
return (ISC_TRUE);
return (ISC_FALSE);
return (next);
static isc_boolean_t
return (ISC_TRUE);
return (ISC_FALSE);
if (verbose) {
ISC_TRUE);
isc_buffer_t b;
if (isc_buffer_availablelength(&b) == 0) {
isc_buffer_putuint8(&b, 0);
static isc_result_t
return (ISC_R_NOTFOUND);
return (DNS_R_BADDB);
return (result);
return (result);
static isc_boolean_t
return (ISC_FALSE);
static isc_boolean_t
return (ISC_FALSE);
goto skip;
if (isdelegation) {
goto skip;
namebuf);
skip:
static inline isc_boolean_t
if (!active)
if (!found) {
covers);
if (covers != 0)
return (active);
static dns_ttl_t
soattl(void) {
return (ttl);
static isc_result_t
return result;
goto cleanup;
if (serial) {
if (new_serial == 0)
dns_rdatatype_soa, 0);
goto cleanup;
goto cleanup;
return (result);
if (destroy) {
covers);
presign(void) {
postsign(void) {
signapex(void) {
if (shuttingdown)
if (finished) {
ended++;
goto unlock;
while (!found) {
goto next;
nsec_datatype, 0, 0,
if (!found) {
next:
if (!found) {
ended++;
goto unlock;
dns_rdatatype_ds, 0);
nsecify(void) {
while (!done) {
if (generateds)
nextname);
if (!active) {
zonettl);
static isc_boolean_t
return (answer);
unsigned int iterations)
isc_buffer_t b;
&nsec3param, &b);
const unsigned char *nexthash;
0, NULL);
if (!delete_rrsigs)
int order;
while (!done) {
nextname);
if (!active) {
if (generateds)
count--;
while (!done) {
nextname);
count--;
isc_buffer_t b;
int len;
unsigned int nkeys, i;
for (i = 0; i < nkeys; i++) {
&pubkey);
goto next;
goto next;
next:
program);
char *filename;
isc_buffer_t b;
isc_region_t r;
unsigned int filenamelen;
filename[0] = 0;
unsigned int labels;
isc_buffer_usedregion(&b, &r);
usage(void) {
exit(0);
removetempfile(void) {
if (removefile)
if (runtime_us > 0) {
int i, ch;
int ndskeys = 0;
char *endp;
unsigned int eflags;
int tempfilelen;
isc_buffer_t b;
int len;
switch (ch) {
switch (ch) {
char *sarg;
sizeof(saltbuf));
salt_length = 0;
usage();
&endp, 0);
if (!pseudorandom)
if (ntasks == 0)
usage();
if (IS_NSEC3) {
if (answer)
if (argc == 0) {
for (i = 0; i < argc; i++) {
argv[i]);
for (i = 0; i < ndskeys; i++) {
program);
if (IS_NSEC3) {
unsigned int max;
switch (serialformat) {
case SOA_SERIAL_INCREMENT:
setsoaserial(0);
case SOA_SERIAL_UNIXTIME:
case SOA_SERIAL_KEEP:
if (IS_NSEC3)
&hashlist);
nsecify();
if (!nokeys) {
for (i = 0; i < (int)ntasks; i++) {
if (printstats)
presign();
signapex();
if (!finished) {
for (i = 0; i < (int)ntasks; i++) {
tasks[i]);
(void)isc_app_run();
if (!finished)
for (i = 0; i < (int)ntasks; i++)
postsign();
fp);
if (printstats)
if (free_output)
(void) isc_app_finish();
if (printstats) {