dnssec-signzone.c revision 64ee08a3550c81cf450fab4ee0f92ae262b89b74
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews * Portions Copyright (C) 1999, 2000 Internet Software Consortium.
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews * Permission to use, copy, modify, and distribute this software for any
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews * purpose with or without fee is hereby granted, provided that the above
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews * copyright notice and this permission notice appear in all copies.
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM AND
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews * NETWORK ASSOCIATES DISCLAIM ALL WARRANTIES WITH REGARD TO THIS
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews * SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews * FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE CONSORTIUM OR NETWORK
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews * ASSOCIATES BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
28a8f5b0de57d269cf2845c69cb6abe18cbd3b3aMark Andrews * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt * PERFORMANCE OF THIS SOFTWARE.
ef421f66f47224a42073deaf087378c5d0c9952eEvan Hunt/* $Id: dnssec-signzone.c,v 1.116 2000/12/07 21:49:11 bwelling Exp $ */
a2ca594252024a7b26d2f6b1984cb6da6f5bd09cMark Andrews unsigned int position;
a2ca594252024a7b26d2f6b1984cb6da6f5bd09cMark Andrews#define SIGNER_EVENTCLASS ISC_EVENTCLASS(0x4453)
a2ca594252024a7b26d2f6b1984cb6da6f5bd09cMark Andrews#define SIGNER_EVENT_WRITE (SIGNER_EVENTCLASS + 0)
ce376a81fa674d240197628ceb6113a4fa5a1ab3Mukund Sivaraman#define SIGNER_EVENT_WORK (SIGNER_EVENTCLASS + 1)
dbb012765c735ee0d82dedb116cdc7cf18957814Evan Huntstatic unsigned int keycount = 0;
c3b9fad5e3be639c9b36ff0ac921c30133da395cMar Andrewsstatic isc_stdtime_t starttime = 0, endtime = 0, now;
ef421f66f47224a42073deaf087378c5d0c9952eEvan Huntstatic const dns_master_style_t *masterstyle = &dns_master_style_explicitttl;
ef421f66f47224a42073deaf087378c5d0c9952eEvan Huntstatic unsigned int nsigned = 0, nretained = 0, ndropped = 0;
dbb012765c735ee0d82dedb116cdc7cf18957814Evan Huntstatic unsigned int nverified = 0, nverifyfailed = 0;
ef421f66f47224a42073deaf087378c5d0c9952eEvan Huntstatic const char *directory;
0cfb24736841b3e98bb25853229a0efabab88bddEvan Huntstatic dns_dbversion_t *gversion; /* The database version */
0cfb24736841b3e98bb25853229a0efabab88bddEvan Huntstatic dns_dbiterator_t *gdbiter; /* The database iterator */
dbb012765c735ee0d82dedb116cdc7cf18957814Evan Huntstatic dns_name_t *gorigin; /* The database origin */
215ef83bbed20727813a52ddcdbcd1455856638bMark Andrewsstatic dns_dbnode_t *gnode = NULL; /* The "current" database node */
a69070d8fab55dbc63ba9f96c9d3e34f0ea9119aMark Andrewsstatic unsigned int ntasks = 0;
a920fb9dc2ff16f32dd73e53469d0febcdcc6c11Mark Andrewsstatic isc_boolean_t shuttingdown = ISC_FALSE, finished = ISC_FALSE;
a920fb9dc2ff16f32dd73e53469d0febcdcc6c11Mark Andrewsstatic unsigned int assigned = 0, completed = 0;
dbb012765c735ee0d82dedb116cdc7cf18957814Evan Huntstatic inline void
42cf2ff7bad81c5a1f5d3be29d06e12504c3af24Evan Huntset_bit(unsigned char *array, unsigned int index, unsigned int bit) {
de52784e45e3a7a92c0d8ad843eb4db313bbfd97Mark Andrewsnewkeystruct(dst_key_t *dstkey, isc_boolean_t isdefault) {
a266ab205bfd1c510022e2cd2a8cb62988242593Mark Andrewssignwithkey(dns_name_t *name, dns_rdataset_t *rdataset, dns_rdata_t *rdata,
ef9f4d097794609e018963087fab10a8b51d8ad1Mark Andrews result = dns_dnssec_sign(name, rdataset, key, &starttime, &endtime,
dbb012765c735ee0d82dedb116cdc7cf18957814Evan Hunt return (ISC_TF(dns_name_equal(dst_key_name(key->key), gorigin) &&
dbb012765c735ee0d82dedb116cdc7cf18957814Evan Hunt * Finds the key that generated a SIG, if possible. First look at the keys
501941f0b6cce74c2ff75b10aff3f230d5d37e4cEvan Hunt * that we've loaded already, and then see if there's a key on disk.
5a75f61dd413720c16d229b24ebba6bd6ecdb738Evan Hunt dns_name_equal(&sig->signer, dst_key_name(key->key)))
b4d8192d210290112e07b0e22b491c45c50ba696Evan Hunt result = dst_key_fromfile(&sig->signer, sig->keyid, sig->algorithm,
return (NULL);
return (key);
static isc_boolean_t
switch (result) {
case ISC_R_SUCCESS:
case DNS_R_NXDOMAIN:
case DNS_R_NXRRSET:
return (ISC_TRUE);
case DNS_R_DELEGATION:
case DNS_R_CNAME:
case DNS_R_DNAME:
return (ISC_FALSE);
static inline isc_boolean_t
return (ISC_TRUE);
return (ISC_FALSE);
int arraysize;
if (!nosigs)
for (i = 0; i < arraysize; i++)
if (nosigs)
sigstr);
sigstr);
if (!expired)
} else if (!expired) {
if (keep) {
&tuple);
if (resign) {
isc_buffer_t b;
&tuple);
isc_buffer_t b;
&tuple);
static isc_boolean_t
return (ISC_TRUE);
return (ISC_FALSE);
isc_buffer_t b;
if (isc_buffer_availablelength(&b) == 0) {
isc_buffer_putuint8(&b, 0);
goto failure;
goto failure;
goto failure;
goto failure;
goto failure;
static isc_boolean_t
return (ISC_FALSE);
goto failure;
goto failure;
goto failure;
goto failure;
goto failure;
return (found);
isc_buffer_t b;
static int warnwild = 0;
if (warnwild++ == 0) {
program);
if (!atorigin) {
NULL);
if (isdelegation) {
NULL);
} else if (childkey) {
if (neednullkey)
goto skip;
goto skip;
if (isdelegation) {
goto skip;
if (!nokeys)
if (neednullkey)
skip:
static inline isc_boolean_t
if (!active)
if (!active) {
dns_rdatatype_nxt, 0);
return (active);
static inline isc_result_t
if (!active) {
return (result);
static inline isc_result_t
return (ISC_R_SUCCESS);
return (result);
static dns_ttl_t
soattl(void) {
return (ttl);
if (destroy) {
covers);
presign() {
postsign(void) {
static isc_result_t
goto out;
&rdsiter);
sizeof(dns_name_t));
out:
return (result);
assigned++;
completed++;
isc_buffer_t b;
int len;
unsigned int nkeys, i;
for (i = 0; i < nkeys; i++) {
&pubkey);
goto next;
goto next;
next:
usage(void) {
exit(0);
int i, ch;
char *endp;
unsigned int eflags;
switch (ch) {
usage();
if (!pseudorandom)
if (ntasks == 0)
usage();
if (argc == 0) {
for (i = 0; i < argc; i++) {
usage();
argv[i]);
program);
for (i = 0; i < (int)ntasks; i++) {
if (printstats)
presign();
(void)isc_app_run();
if (!finished)
for (i = 0; i < (int)ntasks; i++)
postsign();
if (printstats)
if (free_output)
(void) isc_app_finish();
if (printstats) {
nsigned);
ndropped);