signer.c revision 3de75141d2e042a1db4c58b397ea4fc905cecf6e
a39a5f4d816ca7d3f43106712ca668dd1ab31d69Mark Andrews * Copyright (C) 1999, 2000 Internet Software Consortium.
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews * Permission to use, copy, modify, and distribute this software for any
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews * purpose with or without fee is hereby granted, provided that the above
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews * copyright notice and this permission notice appear in all copies.
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
bf8267aa453e5d2a735ed732a043b77a0b355b20Mark Andrews * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
d8680445d6212d5552ea8a22fd2f9951b11c4b10Tatuya JINMEI 神明達哉/*#define USE_ZONESTATUS*/
a39a5f4d816ca7d3f43106712ca668dd1ab31d69Mark Andrewstypedef struct signer_array_struct signer_array_t;
a39a5f4d816ca7d3f43106712ca668dd1ab31d69Mark Andrewsstatic isc_stdtime_t starttime = 0, endtime = 0, now;
d8680445d6212d5552ea8a22fd2f9951b11c4b10Tatuya JINMEI 神明達哉static isc_boolean_t tryverify = ISC_FALSE;
d8680445d6212d5552ea8a22fd2f9951b11c4b10Tatuya JINMEI 神明達哉static inline void
d8680445d6212d5552ea8a22fd2f9951b11c4b10Tatuya JINMEI 神明達哉 fprintf(stderr, "%s: %s\n", PROGRAM, message);
d8680445d6212d5552ea8a22fd2f9951b11c4b10Tatuya JINMEI 神明達哉static inline void
d8680445d6212d5552ea8a22fd2f9951b11c4b10Tatuya JINMEI 神明達哉check_result(isc_result_t result, char *message) {
d8680445d6212d5552ea8a22fd2f9951b11c4b10Tatuya JINMEI 神明達哉 fprintf(stderr, "%s: %s: %s\n", PROGRAM, message,
d8680445d6212d5552ea8a22fd2f9951b11c4b10Tatuya JINMEI 神明達哉vbprintf(int level, const char *fmt, ...) {
d8680445d6212d5552ea8a22fd2f9951b11c4b10Tatuya JINMEI 神明達哉/* Not thread-safe! */
d8680445d6212d5552ea8a22fd2f9951b11c4b10Tatuya JINMEI 神明達哉 return (char *) r.base;
d8680445d6212d5552ea8a22fd2f9951b11c4b10Tatuya JINMEI 神明達哉/* Not thread-safe! */
d8680445d6212d5552ea8a22fd2f9951b11c4b10Tatuya JINMEI 神明達哉 return (char *) r.base;
d8680445d6212d5552ea8a22fd2f9951b11c4b10Tatuya JINMEI 神明達哉/* Not thread-safe! */
d8680445d6212d5552ea8a22fd2f9951b11c4b10Tatuya JINMEI 神明達哉 return (char *) r.base;
d8680445d6212d5552ea8a22fd2f9951b11c4b10Tatuya JINMEI 神明達哉static inline void
d8680445d6212d5552ea8a22fd2f9951b11c4b10Tatuya JINMEI 神明達哉set_bit(unsigned char *array, unsigned int index, unsigned int bit) {
a39a5f4d816ca7d3f43106712ca668dd1ab31d69Mark Andrewssignwithkey(dns_name_t *name, dns_rdataset_t *rdataset, dns_rdata_t *rdata,
597642c0baaf66172ca44104ed5a18957a969748Evan Hunt result = dns_dnssec_sign(name, rdataset, key, &starttime, &endtime,
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt result = dns_name_totext(dns_db_origin(db), ISC_FALSE, &b);
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt return (ISC_TF(strcasecmp(dst_key_name(key->key), origin) == 0 &&
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt (dst_key_flags(key->key) & DNS_KEYFLAG_OWNERMASK) ==
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt * Finds the key that generated a SIG, if possible. First look at the keys
e11a0c114cdaf8f7e7832e9f1a011138248093a6Evan Hunt * that we've loaded already, and then see if there's a key on disk.
return key;
return (NULL);
return key;
static isc_boolean_t
switch (result) {
case ISC_R_SUCCESS:
case DNS_R_NXDOMAIN:
case DNS_R_NXRRSET:
return ISC_TRUE;
case DNS_R_DELEGATION:
case DNS_R_CNAME:
case DNS_R_DNAME:
return ISC_FALSE;
static inline isc_boolean_t
#define allocbufferandrdata \
isc_buffer_t b; \
if (!nosigs) {
if (!expired)
if (!expired &&
if (!expired &&
else if (!expired) {
if (keep) {
&sig, &b);
else if (resign) {
if (wassignedby[i] != 0) {
0, NULL);
else if (!nosigs) {
#ifndef USE_ZONESTATUS
static isc_boolean_t
return (ISC_TRUE);
return (ISC_FALSE);
isc_buffer_t b;
isc_region_t r;
isc_buffer_usedregion(&b, &r);
goto failure;
goto failure;
goto failure;
goto failure;
goto failure;
static isc_boolean_t
isc_buffer_t b;
isc_region_t r;
isc_buffer_usedregion(&b, &r);
goto failure;
goto failure;
goto failure;
goto disfail;
goto disfail;
goto disfail;
return (found);
static int warnwild = 0;
if (warnwild++ == 0)
if (!atorigin) {
NULL);
goto skip;
goto skip;
if (isdelegation) {
case dns_rdatatype_nxt:
#ifndef USE_ZONESTATUS
case dns_rdatatype_key:
goto skip;
goto skip;
unsigned char *nxt_bits;
isc_buffer_t b;
#ifdef USE_ZONESTATUS
0, 0, &keyset,
NULL);
goto alreadyhavenullkey;
isc_buffer_usedregion(&b, &r);
dns_rdatatype_key, &r);
link);
result =
&keyset);
NULL);
skip:
static inline isc_boolean_t
if (!active)
if (!active) {
dns_rdatatype_nxt, 0);
return (active);
static inline isc_result_t
if (!active) {
return (result);
static inline isc_result_t
return (ISC_R_SUCCESS);
return (result);
lastcut);
if (!atorigin) {
0, &rdsiter);
sizeof(dns_name_t));
int len;
unsigned int nkeys, i;
for (i = 0; i < nkeys; i++) {
static isc_stdtime_t
usage() {
exit(0);
== ISC_R_SUCCESS);
int i, ch;
char *endp;
int loglevel;
switch (ch) {
usage();
switch (verbose) {
usage();
if (argc == 0) {
for (i = 0; i < argc; i++) {
int alg;
isc_buffer_t b;
usage();