#include <config.h>#include <time.h>#include <isc/log.h>#include <isc/magic.h>#include <isc/mem.h>#include <isc/netaddr.h>#include <isc/print.h>#include <isc/serial.h>#include <isc/stats.h>#include <isc/stdtime.h>#include <isc/string.h>#include <isc/taskpool.h>#include <isc/time.h>#include <isc/util.h>#include <dns/db.h>#include <dns/dbiterator.h>#include <dns/diff.h>#include <dns/dnssec.h>#include <dns/events.h>#include <dns/fixedname.h>#include <dns/journal.h>#include <dns/keyvalues.h>#include <dns/log.h>#include <dns/message.h>#include <dns/nsec.h>#include <dns/nsec3.h>#include <dns/private.h>#include <dns/rdataclass.h>#include <dns/rdataset.h>#include <dns/rdatasetiter.h>#include <dns/rdatastruct.h>#include <dns/rdatatype.h>#include <dns/result.h>#include <dns/soa.h>#include <dns/ssu.h>#include <dns/tsig.h>#include <dns/update.h>#include <dns/view.h>#include <dns/zone.h>#include <dns/zt.h>Go to the source code of this file.
Data Structures | |
| struct | rr |
| struct | foreach_node_rr_ctx_t |
| Internal context struct for foreach_node_rr(). More... | |
| struct | conditional_delete_ctx_t |
| Context structure for delete_if(). More... | |
| struct | dns_update_state |
Defines | |
| #define | STATE_MAGIC ISC_MAGIC('S', 'T', 'T', 'E') |
| #define | DNS_STATE_VALID(state) ISC_MAGIC_VALID(state, STATE_MAGIC) |
| #define | LOGLEVEL_PROTOCOL ISC_LOG_INFO |
| Log level for tracing dynamic update protocol requests. | |
| #define | LOGLEVEL_DEBUG ISC_LOG_DEBUG(8) |
| Log level for low-level debug tracing. | |
| #define | CHECK(op) |
| Check an operation for failure. These macros all assume that the function using them has a 'result' variable and a 'failure' label. | |
| #define | FAIL(code) |
| Fail unconditionally with result 'code', which must not be ISC_R_SUCCESS. The reason for failure presumably has been logged already. | |
| #define | FAILC(code, msg) |
| Fail unconditionally and log as a client error. The test against ISC_R_SUCCESS is there to keep the Solaris compiler from complaining about "end-of-loop code not reached". | |
| #define | FAILN(code, name, msg) |
| #define | FAILNT(code, name, type, msg) |
| #define | FAILS(code, msg) |
| Fail unconditionally and log as a server error. The test against ISC_R_SUCCESS is there to keep the Solaris compiler from complaining about "end-of-loop code not reached". | |
| #define | RETURN_EXISTENCE_FLAG |
| Utility macro for RR existence checking functions. | |
| #define | REVOKE(x) ((dst_key_flags(x) & DNS_KEYFLAG_REVOKE) != 0) |
| #define | KSK(x) ((dst_key_flags(x) & DNS_KEYFLAG_KSK) != 0) |
| #define | ALG(x) dst_key_alg(x) |
Typedefs | |
| typedef struct rr | rr_t |
| typedef struct update_event | update_event_t |
| typedef isc_result_t | rrset_func (void *data, dns_rdataset_t *rrset) |
| Function type for foreach_rrset() iterator actions. | |
| typedef isc_result_t | rr_func (void *data, rr_t *rr) |
| Function type for foreach_rr() iterator actions. | |
| typedef isc_boolean_t | rr_predicate (dns_rdata_t *update_rr, dns_rdata_t *db_rr) |
| Function type for predicate functions that compare a database RR 'db_rr' against an update RR 'update_rr'. | |
Functions | |
| static void | update_log (dns_update_log_t *callback, dns_zone_t *zone, int level, const char *fmt,...) ISC_FORMAT_PRINTF(4 |
| static isc_result_t | do_one_tuple (dns_difftuple_t **tuple, dns_db_t *db, dns_dbversion_t *ver, dns_diff_t *diff) |
| Update a single RR in version 'ver' of 'db' and log the update in 'diff'. | |
| static isc_result_t | update_one_rr (dns_db_t *db, dns_dbversion_t *ver, dns_diff_t *diff, dns_diffop_t op, dns_name_t *name, dns_ttl_t ttl, dns_rdata_t *rdata) |
| static isc_result_t | foreach_node_rr_action (void *data, dns_rdataset_t *rdataset) |
| Internal helper function for foreach_node_rr(). | |
| static isc_result_t | foreach_rrset (dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, rrset_func *action, void *action_data) |
| For each rdataset of 'name' in 'ver' of 'db', call 'action' with the rdataset and 'action_data' as arguments. If the name does not exist, do nothing. | |
| static isc_result_t | foreach_node_rr (dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, rr_func *rr_action, void *rr_action_data) |
| For each RR of 'name' in 'ver' of 'db', call 'action' with the RR and 'action_data' as arguments. If the name does not exist, do nothing. | |
| static isc_result_t | foreach_rr (dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers, rr_func *rr_action, void *rr_action_data) |
| For each of the RRs specified by 'db', 'ver', 'name', 'type', (which can be dns_rdatatype_any to match any type), and 'covers', call 'action' with the RR and 'action_data' as arguments. If the name does not exist, or if no RRset of the given type exists at the name, do nothing. | |
| static isc_result_t | rrset_exists_action (void *data, rr_t *rr) |
| Helper function for rrset_exists(). | |
| static isc_result_t | rrset_exists (dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers, isc_boolean_t *exists) |
| Set '*exists' to true iff an rrset of the given type exists, to false otherwise. | |
| static isc_result_t | rrset_visible (dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, dns_rdatatype_t type, isc_boolean_t *visible) |
| Set '*visible' to true if the RRset exists and is part of the visible zone. Otherwise '*visible' is set to false unless a error occurs. | |
| static isc_result_t | name_exists_action (void *data, dns_rdataset_t *rrset) |
| Context struct and helper function for name_exists(). | |
| static isc_result_t | name_exists (dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, isc_boolean_t *exists) |
| Set '*exists' to true iff the given name exists, to false otherwise. | |
| static int | temp_order (const void *av, const void *bv) |
| A comparison function defining the sorting order for the entries in the "temp" data structure. The major sort key is the owner name, followed by the type and rdata. | |
| static isc_boolean_t | true_p (dns_rdata_t *update_rr, dns_rdata_t *db_rr) |
| Predicate functions for delete_if(). | |
| static isc_boolean_t | rrsig_p (dns_rdata_t *update_rr, dns_rdata_t *db_rr) |
| Return true if the record is a RRSIG. | |
| static isc_result_t | delete_if_action (void *data, rr_t *rr) |
| Internal helper function for delete_if(). | |
| static isc_result_t | delete_if (rr_predicate *predicate, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers, dns_rdata_t *update_rr, dns_diff_t *diff) |
| Conditionally delete RRs. Apply 'predicate' to the RRs specified by 'db', 'ver', 'name', and 'type' (which can be dns_rdatatype_any to match any type). Delete those RRs for which the predicate returns true, and log the deletions in 'diff'. | |
| static isc_result_t | namelist_append_name (dns_diff_t *list, dns_name_t *name) |
| We abuse the dns_diff_t type to represent a set of domain names affected by the update. | |
| static isc_result_t | namelist_append_subdomain (dns_db_t *db, dns_name_t *name, dns_diff_t *affected) |
| static isc_result_t | is_non_nsec_action (void *data, dns_rdataset_t *rrset) |
| Helper function for non_nsec_rrset_exists(). | |
| static isc_result_t | non_nsec_rrset_exists (dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, isc_boolean_t *exists) |
| Check whether there is an rrset other than a NSEC or RRSIG NSEC, i.e., anything that justifies the continued existence of a name after a secure update. | |
| static int | name_order (const void *av, const void *bv) |
| A comparison function for sorting dns_diff_t:s by name. | |
| static isc_result_t | uniqify_name_list (dns_diff_t *list) |
| static isc_result_t | is_active (dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, isc_boolean_t *flag, isc_boolean_t *cut, isc_boolean_t *unsecure) |
| static isc_result_t | next_active (dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *oldname, dns_name_t *newname, isc_boolean_t forward) |
| Find the next/previous name that has a NSEC record. In other words, skip empty database nodes and names that have had their NSECs removed because they are obscured by a zone cut. | |
| static isc_result_t | add_nsec (dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, dns_ttl_t nsecttl, dns_diff_t *diff) |
| Add a NSEC record for "name", recording the change in "diff". The existing NSEC is removed. | |
| static isc_result_t | add_placeholder_nsec (dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, dns_diff_t *diff) |
| Add a placeholder NSEC record for "name", recording the change in "diff". | |
| static isc_result_t | find_zone_keys (dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, isc_mem_t *mctx, unsigned int maxkeys, dst_key_t **keys, unsigned int *nkeys) |
| static isc_result_t | add_sigs (dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, dns_rdatatype_t type, dns_diff_t *diff, dst_key_t **keys, unsigned int nkeys, isc_stdtime_t inception, isc_stdtime_t expire, isc_boolean_t check_ksk, isc_boolean_t keyset_kskonly) |
| Add RRSIG records for an RRset, recording the change in "diff". | |
| static isc_result_t | del_keysigs (dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, dns_diff_t *diff, dst_key_t **keys, unsigned int nkeys) |
| static isc_result_t | add_exposed_sigs (dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *ver, dns_name_t *name, isc_boolean_t cut, dns_diff_t *diff, dst_key_t **keys, unsigned int nkeys, isc_stdtime_t inception, isc_stdtime_t expire, isc_boolean_t check_ksk, isc_boolean_t keyset_kskonly, unsigned int *sigs) |
| isc_result_t | dns_update_signatures (dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *oldver, dns_dbversion_t *newver, dns_diff_t *diff, isc_uint32_t sigvalidityinterval) |
| Update RRSIG, NSEC and NSEC3 records affected by an update. The original update, including the SOA serial update but excluding the RRSIG & NSEC changes, is in "diff" and has already been applied to "newver" of "db". The database version prior to the update is "oldver". | |
| isc_result_t | dns_update_signaturesinc (dns_update_log_t *log, dns_zone_t *zone, dns_db_t *db, dns_dbversion_t *oldver, dns_dbversion_t *newver, dns_diff_t *diff, isc_uint32_t sigvalidityinterval, dns_update_state_t **statep) |
| static isc_stdtime_t | epoch_to_yyyymmdd (time_t when) |
| isc_uint32_t | dns_update_soaserial (isc_uint32_t serial, dns_updatemethod_t method) |
| Return the next serial number after 'serial', depending on the update method 'method':. | |
| #define STATE_MAGIC ISC_MAGIC('S', 'T', 'T', 'E') |
| #define LOGLEVEL_PROTOCOL ISC_LOG_INFO |
Log level for tracing dynamic update protocol requests.
Definition at line 70 of file update.c.
Referenced by send_forward_event(), and update_action().
| #define LOGLEVEL_DEBUG ISC_LOG_DEBUG(8) |
Log level for low-level debug tracing.
Definition at line 75 of file update.c.
Referenced by update_action().
| #define CHECK | ( | op | ) |
Value:
do { result = (op); \ if (result != ISC_R_SUCCESS) goto failure; \ } while (0)
| #define FAIL | ( | code | ) |
Value:
do { \ result = (code); \ if (result != ISC_R_SUCCESS) goto failure; \ } while (0)
The test against ISC_R_SUCCESS is there to keep the Solaris compiler from complaining about "end-of-loop code not reached".
| #define FAILC | ( | code, | |||
| msg | ) |
Value:
do { \ const char *_what = "failed"; \ result = (code); \ switch (result) { \ case DNS_R_NXDOMAIN: \ case DNS_R_YXDOMAIN: \ case DNS_R_YXRRSET: \ case DNS_R_NXRRSET: \ _what = "unsuccessful"; \ } \ update_log(log, zone, LOGLEVEL_PROTOCOL, \ "update %s: %s (%s)", _what, \ msg, isc_result_totext(result)); \ if (result != ISC_R_SUCCESS) goto failure; \ } while (0)
Definition at line 107 of file update.c.
Referenced by ns_update_start(), ns_xfr_start(), and update_action().
| #define FAILN | ( | code, | |||
| name, | |||||
| msg | ) |
Value:
do { \ const char *_what = "failed"; \ result = (code); \ switch (result) { \ case DNS_R_NXDOMAIN: \ case DNS_R_YXDOMAIN: \ case DNS_R_YXRRSET: \ case DNS_R_NXRRSET: \ _what = "unsuccessful"; \ } \ if (isc_log_wouldlog(dns_lctx, LOGLEVEL_PROTOCOL)) { \ char _nbuf[DNS_NAME_FORMATSIZE]; \ dns_name_format(name, _nbuf, sizeof(_nbuf)); \ update_log(log, zone, LOGLEVEL_PROTOCOL, \ "update %s: %s: %s (%s)", _what, _nbuf, \ msg, isc_result_totext(result)); \ } \ if (result != ISC_R_SUCCESS) goto failure; \ } while (0)
| #define FAILNT | ( | code, | |||
| name, | |||||
| type, | |||||
| msg | ) |
Value:
do { \ const char *_what = "failed"; \ result = (code); \ switch (result) { \ case DNS_R_NXDOMAIN: \ case DNS_R_YXDOMAIN: \ case DNS_R_YXRRSET: \ case DNS_R_NXRRSET: \ _what = "unsuccessful"; \ } \ if (isc_log_wouldlog(dns_lctx, LOGLEVEL_PROTOCOL)) { \ char _nbuf[DNS_NAME_FORMATSIZE]; \ char _tbuf[DNS_RDATATYPE_FORMATSIZE]; \ dns_name_format(name, _nbuf, sizeof(_nbuf)); \ dns_rdatatype_format(type, _tbuf, sizeof(_tbuf)); \ update_log(log, zone, LOGLEVEL_PROTOCOL, \ "update %s: %s/%s: %s (%s)", \ _what, _nbuf, _tbuf, msg, \ isc_result_totext(result)); \ } \ if (result != ISC_R_SUCCESS) goto failure; \ } while (0)
Definition at line 145 of file update.c.
Referenced by update_action().
| #define FAILS | ( | code, | |||
| msg | ) |
Value:
do { \ result = (code); \ update_log(log, zone, LOGLEVEL_PROTOCOL, \ "error: %s: %s", \ msg, isc_result_totext(result)); \ if (result != ISC_R_SUCCESS) goto failure; \ } while (0)
Definition at line 174 of file update.c.
Referenced by update_action().
| #define RETURN_EXISTENCE_FLAG |
Value:
return ((result == ISC_R_EXISTS) ? \ (*exists = ISC_TRUE, ISC_R_SUCCESS) : \ ((result == ISC_R_SUCCESS) ? \ (*exists = ISC_FALSE, ISC_R_SUCCESS) : \ result))
If the variable 'result' has the value ISC_R_EXISTS or ISC_R_SUCCESS, set *exists to ISC_TRUE or ISC_FALSE, respectively, and return success.
If 'result' has any other value, there was a failure. Return the failure result code and do not set *exists.
This would be more readable as "do { if ... } while(0)", but that form generates tons of warnings on Solaris 2.6.
Definition at line 516 of file update.c.
Referenced by cname_incompatible_rrset_exists(), name_exists(), non_nsec_rrset_exists(), and rrset_exists().
| #define REVOKE | ( | x | ) | ((dst_key_flags(x) & DNS_KEYFLAG_REVOKE) != 0) |
Referenced by add_sigs(), signset(), writeset(), and zone_sign().
| #define KSK | ( | x | ) | ((dst_key_flags(x) & DNS_KEYFLAG_KSK) != 0) |
Referenced by add_sigs(), delsig_ok(), and zone_sign().
| #define ALG | ( | x | ) | dst_key_alg(x) |
Referenced by add_sigs(), and zone_sign().
| typedef struct update_event update_event_t |
| typedef isc_result_t rrset_func(void *data, dns_rdataset_t *rrset) |
| typedef isc_result_t rr_func(void *data, rr_t *rr) |
| typedef isc_boolean_t rr_predicate(dns_rdata_t *update_rr, dns_rdata_t *db_rr) |
| static void static void update_log | ( | dns_update_log_t * | callback, | |
| dns_zone_t * | zone, | |||
| int | level, | |||
| const char * | fmt, | |||
| ... | ||||
| ) | [static] |
Definition at line 202 of file update.c.
References dns_lctx, ISC_FALSE, and isc_log_wouldlog().
Referenced by add_nsec3param_records(), add_sigs(), check_dnssec(), check_mx(), dns_update_signaturesinc(), next_active(), update_action(), and update_log_cb().
| static isc_result_t do_one_tuple | ( | dns_difftuple_t ** | tuple, | |
| dns_db_t * | db, | |||
| dns_dbversion_t * | ver, | |||
| dns_diff_t * | diff | |||
| ) | [static] |
Update a single RR in version 'ver' of 'db' and log the update in 'diff'.
Ensures:
Definition at line 231 of file update.c.
References dns_diff_appendminimal(), dns_diff_apply(), dns_diff_init(), dns_difftuple_free(), ISC_LIST_APPEND, ISC_LIST_UNLINK, ISC_R_SUCCESS, dns_diff::mctx, and update_event::result.
| static isc_result_t update_one_rr | ( | dns_db_t * | db, | |
| dns_dbversion_t * | ver, | |||
| dns_diff_t * | diff, | |||
| dns_diffop_t | op, | |||
| dns_name_t * | name, | |||
| dns_ttl_t | ttl, | |||
| dns_rdata_t * | rdata | |||
| ) | [static] |
Definition at line 265 of file update.c.
References dns_difftuple_create(), do_one_tuple(), ISC_R_SUCCESS, dns_diff::mctx, and update_event::result.
Referenced by add_nsec(), add_sigs(), add_soa(), create_keydata(), del_keysigs(), del_sig(), del_sigs(), delete_if_action(), delete_keydata(), delete_nsec(), deletematchingnsec3(), fixup_nsec3param(), keydone(), keyfetch_done(), minimal_update(), offline(), restore_nsec3param(), sign_a_node(), update_action(), updatesignwithkey(), and zone_refreshkeys().
| static isc_result_t foreach_node_rr_action | ( | void * | data, | |
| dns_rdataset_t * | rdataset | |||
| ) | [static] |
Internal helper function for foreach_node_rr().
Definition at line 320 of file update.c.
References DNS_RDATA_INIT, dns_rdataset_current(), dns_rdataset_first(), dns_rdataset_next(), ISC_R_NOMORE, ISC_R_SUCCESS, rr::rdata, foreach_node_rr_ctx_t::rr_action, foreach_node_rr_ctx_t::rr_action_data, dns_rdataset::ttl, and rr::ttl.
Referenced by foreach_node_rr().
| static isc_result_t foreach_rrset | ( | dns_db_t * | db, | |
| dns_dbversion_t * | ver, | |||
| dns_name_t * | name, | |||
| rrset_func * | action, | |||
| void * | action_data | |||
| ) | [static] |
For each rdataset of 'name' in 'ver' of 'db', call 'action' with the rdataset and 'action_data' as arguments. If the name does not exist, do nothing.
If 'action' returns an error, abort iteration and return the error.
Definition at line 348 of file update.c.
References dns_db_allrdatasets(), dns_db_detachnode(), dns_db_findnode(), dns_rdataset_disassociate(), dns_rdataset_init(), dns_rdatasetiter_current(), dns_rdatasetiter_destroy(), dns_rdatasetiter_first(), dns_rdatasetiter_next(), ISC_FALSE, ISC_R_NOMORE, ISC_R_NOTFOUND, and ISC_R_SUCCESS.
Referenced by cname_incompatible_rrset_exists(), foreach_node_rr(), name_exists(), non_nsec_rrset_exists(), and ssu_checkall().
| static isc_result_t foreach_node_rr | ( | dns_db_t * | db, | |
| dns_dbversion_t * | ver, | |||
| dns_name_t * | name, | |||
| rr_func * | rr_action, | |||
| void * | rr_action_data | |||
| ) | [static] |
For each RR of 'name' in 'ver' of 'db', call 'action' with the RR and 'action_data' as arguments. If the name does not exist, do nothing.
If 'action' returns an error, abort iteration and return the error.
Definition at line 404 of file update.c.
References foreach_node_rr_action(), foreach_rrset(), foreach_node_rr_ctx_t::rr_action, and foreach_node_rr_ctx_t::rr_action_data.
Referenced by foreach_rr().
| static isc_result_t foreach_rr | ( | dns_db_t * | db, | |
| dns_dbversion_t * | ver, | |||
| dns_name_t * | name, | |||
| dns_rdatatype_t | type, | |||
| dns_rdatatype_t | covers, | |||
| rr_func * | rr_action, | |||
| void * | rr_action_data | |||
| ) | [static] |
For each of the RRs specified by 'db', 'ver', 'name', 'type', (which can be dns_rdatatype_any to match any type), and 'covers', call 'action' with the RR and 'action_data' as arguments. If the name does not exist, or if no RRset of the given type exists at the name, do nothing.
If 'action' returns an error, abort iteration and return the error.
Definition at line 425 of file update.c.
References dns_db_detachnode(), dns_db_findnode(), dns_db_findnsec3node(), dns_db_findrdataset(), DNS_RDATA_INIT, dns_rdataset_current(), dns_rdataset_disassociate(), dns_rdataset_first(), dns_rdataset_init(), dns_rdataset_next(), foreach_node_rr(), ISC_FALSE, ISC_R_NOMORE, ISC_R_NOTFOUND, ISC_R_SUCCESS, rr::rdata, dns_rdataset::ttl, and rr::ttl.
Referenced by delete_if(), rr_count(), rrset_exists(), and update_action().
| static isc_result_t rrset_exists_action | ( | void * | data, | |
| rr_t * | rr | |||
| ) | [static] |
Helper function for rrset_exists().
Definition at line 497 of file update.c.
References ISC_R_EXISTS, and UNUSED.
Referenced by rrset_exists().
| static isc_result_t rrset_exists | ( | dns_db_t * | db, | |
| dns_dbversion_t * | ver, | |||
| dns_name_t * | name, | |||
| dns_rdatatype_t | type, | |||
| dns_rdatatype_t | covers, | |||
| isc_boolean_t * | exists | |||
| ) | [static] |
Set '*exists' to true iff an rrset of the given type exists, to false otherwise.
Definition at line 528 of file update.c.
References foreach_rr(), RETURN_EXISTENCE_FLAG, and rrset_exists_action().
Referenced by add_exposed_sigs(), dns_update_signaturesinc(), next_active(), remove_orphaned_ds(), and update_action().
| static isc_result_t rrset_visible | ( | dns_db_t * | db, | |
| dns_dbversion_t * | ver, | |||
| dns_name_t * | name, | |||
| dns_rdatatype_t | type, | |||
| isc_boolean_t * | visible | |||
| ) | [static] |
Set '*visible' to true if the RRset exists and is part of the visible zone. Otherwise '*visible' is set to false unless a error occurs.
Definition at line 544 of file update.c.
References dns_db_find(), DNS_DBFIND_NOWILD, dns_fixedname_init, dns_fixedname_name, DNS_R_CNAME, DNS_R_COVERINGNSEC, DNS_R_DELEGATION, DNS_R_DNAME, DNS_R_EMPTYNAME, DNS_R_NXDOMAIN, DNS_R_NXRRSET, fixed, ISC_FALSE, ISC_R_SUCCESS, and ISC_TRUE.
Referenced by dns_update_signaturesinc().
| static isc_result_t name_exists_action | ( | void * | data, | |
| dns_rdataset_t * | rrset | |||
| ) | [static] |
Context struct and helper function for name_exists().
Definition at line 582 of file update.c.
References ISC_R_EXISTS, and UNUSED.
Referenced by name_exists().
| static isc_result_t name_exists | ( | dns_db_t * | db, | |
| dns_dbversion_t * | ver, | |||
| dns_name_t * | name, | |||
| isc_boolean_t * | exists | |||
| ) | [static] |
Set '*exists' to true iff the given name exists, to false otherwise.
Definition at line 592 of file update.c.
References foreach_rrset(), name_exists_action(), and RETURN_EXISTENCE_FLAG.
| static int temp_order | ( | const void * | av, | |
| const void * | bv | |||
| ) | [static] |
A comparison function defining the sorting order for the entries in the "temp" data structure. The major sort key is the owner name, followed by the type and rdata.
Definition at line 618 of file update.c.
References dns_name_compare(), dns_rdata_casecompare(), dns_difftuple::name, r, dns_difftuple::rdata, and dns_rdata::type.
Referenced by dns_update_signaturesinc(), temp_check(), and update_action().
| static isc_boolean_t true_p | ( | dns_rdata_t * | update_rr, | |
| dns_rdata_t * | db_rr | |||
| ) | [static] |
Predicate functions for delete_if().
Return true always.
Definition at line 660 of file update.c.
References ISC_TRUE, and UNUSED.
Referenced by add_nsec(), dns_update_signaturesinc(), remove_orphaned_ds(), and update_action().
| static isc_boolean_t rrsig_p | ( | dns_rdata_t * | update_rr, | |
| dns_rdata_t * | db_rr | |||
| ) | [static] |
Return true if the record is a RRSIG.
Definition at line 670 of file update.c.
References ISC_FALSE, ISC_TRUE, dns_rdata::type, and UNUSED.
Referenced by dns_update_signaturesinc().
| static isc_result_t delete_if_action | ( | void * | data, | |
| rr_t * | rr | |||
| ) | [static] |
Internal helper function for delete_if().
Definition at line 680 of file update.c.
References conditional_delete_ctx_t::db, conditional_delete_ctx_t::diff, DNS_DIFFOP_DEL, ISC_R_SUCCESS, conditional_delete_ctx_t::name, conditional_delete_ctx_t::predicate, rr::rdata, rr::ttl, update_one_rr(), conditional_delete_ctx_t::update_rr, and conditional_delete_ctx_t::ver.
Referenced by delete_if().
| static isc_result_t delete_if | ( | rr_predicate * | predicate, | |
| dns_db_t * | db, | |||
| dns_dbversion_t * | ver, | |||
| dns_name_t * | name, | |||
| dns_rdatatype_t | type, | |||
| dns_rdatatype_t | covers, | |||
| dns_rdata_t * | update_rr, | |||
| dns_diff_t * | diff | |||
| ) | [static] |
Conditionally delete RRs. Apply 'predicate' to the RRs specified by 'db', 'ver', 'name', and 'type' (which can be dns_rdatatype_any to match any type). Delete those RRs for which the predicate returns true, and log the deletions in 'diff'.
Definition at line 701 of file update.c.
References conditional_delete_ctx_t::db, delete_if_action(), conditional_delete_ctx_t::diff, foreach_rr(), conditional_delete_ctx_t::name, conditional_delete_ctx_t::predicate, conditional_delete_ctx_t::update_rr, and conditional_delete_ctx_t::ver.
Referenced by add_nsec(), dns_update_signaturesinc(), remove_orphaned_ds(), and update_action().
| static isc_result_t namelist_append_name | ( | dns_diff_t * | list, | |
| dns_name_t * | name | |||
| ) | [static] |
We abuse the dns_diff_t type to represent a set of domain names affected by the update.
Definition at line 726 of file update.c.
References CHECK, dns_diff_append(), DNS_DIFFOP_EXISTS, dns_difftuple_create(), DNS_RDATA_INIT, and dns_diff::mctx.
Referenced by dns_update_signaturesinc(), and namelist_append_subdomain().
| static isc_result_t namelist_append_subdomain | ( | dns_db_t * | db, | |
| dns_name_t * | name, | |||
| dns_diff_t * | affected | |||
| ) | [static] |
Definition at line 739 of file update.c.
References CHECK, dns_db_createiterator(), dns_db_detachnode(), DNS_DB_NONSEC3, dns_dbiterator_current(), dns_dbiterator_destroy(), dns_dbiterator_next(), dns_dbiterator_seek(), dns_fixedname_init, dns_fixedname_name, dns_name_issubdomain(), ISC_R_NOMORE, ISC_R_SUCCESS, and namelist_append_name().
Referenced by dns_update_signaturesinc().
| static isc_result_t is_non_nsec_action | ( | void * | data, | |
| dns_rdataset_t * | rrset | |||
| ) | [static] |
Helper function for non_nsec_rrset_exists().
Definition at line 776 of file update.c.
References dns_rdataset::covers, ISC_R_EXISTS, ISC_R_SUCCESS, dns_rdataset::type, and UNUSED.
Referenced by non_nsec_rrset_exists().
| static isc_result_t non_nsec_rrset_exists | ( | dns_db_t * | db, | |
| dns_dbversion_t * | ver, | |||
| dns_name_t * | name, | |||
| isc_boolean_t * | exists | |||
| ) | [static] |
Check whether there is an rrset other than a NSEC or RRSIG NSEC, i.e., anything that justifies the continued existence of a name after a secure update.
If such an rrset exists, set '*exists' to ISC_TRUE. Otherwise, set it to ISC_FALSE.
Definition at line 796 of file update.c.
References foreach_rrset(), is_non_nsec_action(), and RETURN_EXISTENCE_FLAG.
Referenced by dns_update_signaturesinc().
| static int name_order | ( | const void * | av, | |
| const void * | bv | |||
| ) | [static] |
A comparison function for sorting dns_diff_t:s by name.
Definition at line 808 of file update.c.
References dns_name_compare(), and dns_difftuple::name.
Referenced by uniqify_name_list().
| static isc_result_t uniqify_name_list | ( | dns_diff_t * | list | ) | [static] |
Definition at line 817 of file update.c.
References CHECK, dns_diff_sort(), dns_difftuple_free(), dns_name_equal(), ISC_LIST_HEAD, ISC_LIST_NEXT, ISC_LIST_UNLINK, dns_difftuple::name, and name_order().
Referenced by dns_update_signaturesinc().
| static isc_result_t is_active | ( | dns_db_t * | db, | |
| dns_dbversion_t * | ver, | |||
| dns_name_t * | name, | |||
| isc_boolean_t * | flag, | |||
| isc_boolean_t * | cut, | |||
| isc_boolean_t * | unsecure | |||
| ) | [static] |
Definition at line 839 of file update.c.
References dns_db_find(), DNS_DBFIND_GLUEOK, DNS_DBFIND_NOWILD, dns_fixedname_init, dns_fixedname_name, DNS_R_DELEGATION, DNS_R_DNAME, DNS_R_EMPTYNAME, DNS_R_GLUE, DNS_R_NXDOMAIN, DNS_R_NXRRSET, DNS_R_ZONECUT, ISC_FALSE, ISC_R_SUCCESS, and ISC_TRUE.
Referenced by dns_update_signaturesinc().
| static isc_result_t next_active | ( | dns_update_log_t * | log, | |
| dns_zone_t * | zone, | |||
| dns_db_t * | db, | |||
| dns_dbversion_t * | ver, | |||
| dns_name_t * | oldname, | |||
| dns_name_t * | newname, | |||
| isc_boolean_t | forward | |||
| ) | [static] |
Find the next/previous name that has a NSEC record. In other words, skip empty database nodes and names that have had their NSECs removed because they are obscured by a zone cut.
Definition at line 899 of file update.c.
References CHECK, dns_db_createiterator(), dns_db_detachnode(), dns_db_find(), dns_db_issecure(), DNS_DBFIND_NOWILD, dns_dbiterator_current(), dns_dbiterator_destroy(), dns_dbiterator_first(), dns_dbiterator_last(), dns_dbiterator_next(), dns_dbiterator_pause(), dns_dbiterator_prev(), dns_dbiterator_seek(), dns_fixedname_init, dns_fixedname_name, dns_name_equal(), DNS_R_BADZONE, DNS_R_CNAME, DNS_R_DELEGATION, DNS_R_EMPTYNAME, DNS_R_NXDOMAIN, DNS_R_NXRRSET, ISC_FALSE, ISC_LOG_ERROR, ISC_R_NOMORE, ISC_R_SUCCESS, ISC_TRUE, rrset_exists(), secure(), and update_log().
Referenced by add_nsec(), and dns_update_signaturesinc().
| static isc_result_t add_nsec | ( | dns_update_log_t * | log, | |
| dns_zone_t * | zone, | |||
| dns_db_t * | db, | |||
| dns_dbversion_t * | ver, | |||
| dns_name_t * | name, | |||
| dns_ttl_t | nsecttl, | |||
| dns_diff_t * | diff | |||
| ) | [static] |
Add a NSEC record for "name", recording the change in "diff". The existing NSEC is removed.
Definition at line 981 of file update.c.
References buffer, CHECK, delete_if(), dns_db_detachnode(), dns_db_findnode(), DNS_DIFFOP_ADD, dns_difftuple_create(), dns_fixedname_init, dns_fixedname_name, DNS_NSEC_BUFFERSIZE, dns_nsec_buildrdata(), dns_rdata_init(), DNS_RDATA_INIT, do_one_tuple(), INSIST, ISC_FALSE, ISC_TRUE, dns_diff::mctx, next_active(), and true_p().
Referenced by dns_update_signaturesinc(), sign_a_node(), updatesecure(), and zone_nsec3chain().
| static isc_result_t add_placeholder_nsec | ( | dns_db_t * | db, | |
| dns_dbversion_t * | ver, | |||
| dns_name_t * | name, | |||
| dns_diff_t * | diff | |||
| ) | [static] |
Add a placeholder NSEC record for "name", recording the change in "diff".
Definition at line 1032 of file update.c.
References isc_region::base, CHECK, dns_db_class(), DNS_DIFFOP_ADD, dns_difftuple_create(), dns_rdata_fromregion(), DNS_RDATA_INIT, do_one_tuple(), isc_region::length, dns_diff::mctx, and r.
Referenced by dns_update_signaturesinc().
| static isc_result_t find_zone_keys | ( | dns_zone_t * | zone, | |
| dns_db_t * | db, | |||
| dns_dbversion_t * | ver, | |||
| isc_mem_t * | mctx, | |||
| unsigned int | maxkeys, | |||
| dst_key_t ** | keys, | |||
| unsigned int * | nkeys | |||
| ) | [static] |
Definition at line 1052 of file update.c.
References CHECK, directory, dns_db_detachnode(), dns_db_findnode(), dns_db_origin(), dns_dnssec_findzonekeys2(), dns_zone_getkeydirectory(), and ISC_FALSE.
Referenced by dns_update_signaturesinc(), zone_nsec3chain(), zone_resigninc(), and zone_sign().
| static isc_result_t add_sigs | ( | dns_update_log_t * | log, | |
| dns_zone_t * | zone, | |||
| dns_db_t * | db, | |||
| dns_dbversion_t * | ver, | |||
| dns_name_t * | name, | |||
| dns_rdatatype_t | type, | |||
| dns_diff_t * | diff, | |||
| dst_key_t ** | keys, | |||
| unsigned int | nkeys, | |||
| isc_stdtime_t | inception, | |||
| isc_stdtime_t | expire, | |||
| isc_boolean_t | check_ksk, | |||
| isc_boolean_t | keyset_kskonly | |||
| ) | [static] |
Add RRSIG records for an RRset, recording the change in "diff".
Definition at line 1072 of file update.c.
References ALG, buffer, CHECK, dns_db_detachnode(), dns_db_findnode(), dns_db_findnsec3node(), dns_db_findrdataset(), DNS_DIFFOP_ADDRESIGN, dns_dnssec_sign(), DNS_RDATA_INIT, dns_rdata_reset(), dns_rdataset_disassociate(), dns_rdataset_init(), dns_rdataset_isassociated(), dst_key_isprivate(), isc_buffer_init, ISC_FALSE, ISC_LOG_ERROR, ISC_R_NOTFOUND, ISC_TRUE, KSK, dns_diff::mctx, mctx, REVOKE, dns_rdataset::ttl, update_log(), and update_one_rr().
Referenced by add_exposed_sigs(), dns_update_signaturesinc(), update_sigs(), zone_nsec3chain(), zone_resigninc(), and zone_sign().
| static isc_result_t del_keysigs | ( | dns_db_t * | db, | |
| dns_dbversion_t * | ver, | |||
| dns_name_t * | name, | |||
| dns_diff_t * | diff, | |||
| dst_key_t ** | keys, | |||
| unsigned int | nkeys | |||
| ) | [static] |
Definition at line 1181 of file update.c.
References dns_db_detachnode(), dns_db_findnode(), dns_db_findrdataset(), DNS_DIFFOP_DEL, DNS_RDATA_INIT, dns_rdata_reset(), dns_rdata_tostruct(), dns_rdataset_current(), dns_rdataset_disassociate(), dns_rdataset_first(), dns_rdataset_init(), dns_rdataset_next(), dst_key_id(), dst_key_inactive(), dst_key_isprivate(), ISC_FALSE, ISC_R_NOMORE, ISC_R_NOTFOUND, ISC_R_SUCCESS, ISC_TRUE, RUNTIME_CHECK, dns_rdataset::ttl, and update_one_rr().
Referenced by dns_update_signaturesinc().
| static isc_result_t add_exposed_sigs | ( | dns_update_log_t * | log, | |
| dns_zone_t * | zone, | |||
| dns_db_t * | db, | |||
| dns_dbversion_t * | ver, | |||
| dns_name_t * | name, | |||
| isc_boolean_t | cut, | |||
| dns_diff_t * | diff, | |||
| dst_key_t ** | keys, | |||
| unsigned int | nkeys, | |||
| isc_stdtime_t | inception, | |||
| isc_stdtime_t | expire, | |||
| isc_boolean_t | check_ksk, | |||
| isc_boolean_t | keyset_kskonly, | |||
| unsigned int * | sigs | |||
| ) | [static] |
Definition at line 1255 of file update.c.
References add_sigs(), dns_db_allrdatasets(), dns_db_detachnode(), dns_db_findnode(), dns_rdataset_disassociate(), dns_rdataset_init(), dns_rdatasetiter_current(), dns_rdatasetiter_destroy(), dns_rdatasetiter_first(), dns_rdatasetiter_next(), ISC_FALSE, ISC_R_NOMORE, ISC_R_NOTFOUND, ISC_R_SUCCESS, rrset_exists(), and dns_rdataset::type.
Referenced by dns_update_signaturesinc().
| isc_result_t dns_update_signatures | ( | dns_update_log_t * | log, | |
| dns_zone_t * | zone, | |||
| dns_db_t * | db, | |||
| dns_dbversion_t * | oldver, | |||
| dns_dbversion_t * | newver, | |||
| dns_diff_t * | diff, | |||
| isc_uint32_t | sigvalidityinterval | |||
| ) |
Update RRSIG, NSEC and NSEC3 records affected by an update. The original update, including the SOA serial update but excluding the RRSIG & NSEC changes, is in "diff" and has already been applied to "newver" of "db". The database version prior to the update is "oldver".
The necessary RRSIG, NSEC and NSEC3 changes will be applied to "newver" and added (as a minimal diff) to "diff".
The RRSIGs generated will be valid for 'sigvalidityinterval' seconds.
Definition at line 1336 of file update.c.
References dns_update_signaturesinc().
Referenced by keydone(), and update_action().
| isc_result_t dns_update_signaturesinc | ( | dns_update_log_t * | log, | |
| dns_zone_t * | zone, | |||
| dns_db_t * | db, | |||
| dns_dbversion_t * | oldver, | |||
| dns_dbversion_t * | newver, | |||
| dns_diff_t * | diff, | |||
| isc_uint32_t | sigvalidityinterval, | |||
| dns_update_state_t ** | statep | |||
| ) |
Definition at line 1362 of file update.c.
References add_exposed_sigs(), add_nsec(), add_placeholder_nsec(), add_sigs(), dns_update_state::affected, CHECK, dns_update_state::check_ksk, del_keysigs(), delete_if(), dns_update_state::diffnames, dns_db_detachnode(), dns_db_findnode(), dns_db_findrdataset(), dns_db_origin(), dns_diff_appendminimal(), dns_diff_clear(), dns_diff_init(), dns_diff_sort(), DNS_DIFFOP_ADD, DNS_DIFFOP_DEL, dns_fixedname_init, dns_fixedname_name, DNS_MAXZONEKEYS, dns_name_equal(), dns_nsec3_addnsec3sx(), dns_nsec3_delnsec3sx(), dns_private_chains(), DNS_R_CONTINUE, DNS_RDATA_INIT, dns_rdata_tostruct(), dns_rdataset_current(), dns_rdataset_disassociate(), dns_rdataset_first(), dns_rdataset_init(), DNS_STATE_VALID, dns_zone_getoptions(), dns_zone_getprivatetype(), dns_zone_getsignatures(), DNS_ZONEOPT_DNSKEYKSKONLY, DNS_ZONEOPT_UPDATECHECKKSK, dst_key_free(), dns_update_state::expire, find_zone_keys(), dns_update_state::inception, INSIST, is_active(), ISC_FALSE, ISC_LIST_APPEND, ISC_LIST_APPENDLIST, ISC_LIST_EMPTY, ISC_LIST_HEAD, ISC_LIST_NEXT, ISC_LIST_UNLINK, ISC_LOG_DEBUG, ISC_LOG_ERROR, isc_mem_get, isc_mem_put, ISC_R_NOMEMORY, ISC_R_SUCCESS, isc_stdtime_get(), ISC_TF, dns_update_state::keyset_kskonly, dns_update_state::magic, dns_diff::mctx, dns_difftuple::name, name, name_exists(), namelist_append_name(), namelist_append_subdomain(), next_active(), dns_update_state::nkeys, non_nsec_rrset_exists(), now, dns_update_state::nsec_diff, dns_update_state::nsec_mindiff, dns_update_state::nsecttl, dns_difftuple::op, privatetype, dns_difftuple::rdata, REQUIRE, rrset_exists(), rrset_visible(), rrsig_p(), dns_update_state::sig_diff, dns_update_state::state, STATE_MAGIC, temp_order(), true_p(), dns_rdata::type, uniqify_name_list(), update_log(), dns_update_state::work, and dns_update_state::zone_keys.
Referenced by dns_update_signatures(), and receive_secure_serial().
| static isc_stdtime_t epoch_to_yyyymmdd | ( | time_t | when | ) | [static] |
| isc_uint32_t dns_update_soaserial | ( | isc_uint32_t | serial, | |
| dns_updatemethod_t | method | |||
| ) |
Return the next serial number after 'serial', depending on the update method 'method':.
Definition at line 2031 of file update.c.
References dns_updatemethod_date, dns_updatemethod_increment, dns_updatemethod_none, dns_updatemethod_unixtime, epoch_to_yyyymmdd(), isc_serial_gt(), isc_stdtime_get(), and now.
Referenced by ATF_TC_BODY(), setsoaserial(), and update_soa_serial().