#include <isc/log.h>#include <isc/stdtime.h>#include <dns/rdatastruct.h>#include <dst/dst.h>Go to the source code of this file.
Defines | |
| #define | DNSSECTOOL_H 1 |
| #define | check_dns_dbiterator_current(result) |
| #define | TYPE_FORMATSIZE 20 |
| #define | SIG_FORMATSIZE (DNS_NAME_FORMATSIZE + DNS_SECALG_FORMATSIZE + sizeof("65535")) |
Typedefs | |
| typedef void( | fatalcallback_t )(void) |
Functions | |
| ISC_PLATFORM_NORETURN_PRE void | fatal (const char *format,...) ISC_FORMAT_PRINTF(1 |
| void | setfatalcallback (fatalcallback_t *callback) |
| void | check_result (isc_result_t result, const char *message) |
| void | vbprintf (int level, const char *fmt,...) ISC_FORMAT_PRINTF(2 |
| void void | version (const char *program) |
| void | type_format (const dns_rdatatype_t type, char *cp, unsigned int size) |
| void | sig_format (dns_rdata_rrsig_t *sig, char *cp, unsigned int size) |
| void | setup_logging (isc_mem_t *mctx, isc_log_t **logp) |
| void | cleanup_logging (isc_log_t **logp) |
| void | setup_entropy (isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) |
| void | cleanup_entropy (isc_entropy_t **ectx) |
| dns_ttl_t | strtottl (const char *str) |
| isc_stdtime_t | strtotime (const char *str, isc_int64_t now, isc_int64_t base, isc_boolean_t *setp) |
| dns_rdataclass_t | strtoclass (const char *str) |
| isc_result_t | try_dir (const char *dirname) |
| void | check_keyversion (dst_key_t *key, char *keystr) |
| void | set_keyversion (dst_key_t *key) |
| isc_boolean_t | key_collision (dst_key_t *key, dns_name_t *name, const char *dir, isc_mem_t *mctx, isc_boolean_t *exact) |
| isc_boolean_t | is_delegation (dns_db_t *db, dns_dbversion_t *ver, dns_name_t *origin, dns_name_t *name, dns_dbnode_t *node, isc_uint32_t *ttlp) |
| void | verifyzone (dns_db_t *db, dns_dbversion_t *ver, dns_name_t *origin, isc_mem_t *mctx, isc_boolean_t ignore_kskflag, isc_boolean_t keyset_kskonly) |
| Verify that certain things are sane:. | |
Variables | |
| ISC_PLATFORM_NORETURN_PRE void | ISC_PLATFORM_NORETURN_POST |
| #define DNSSECTOOL_H 1 |
Definition at line 21 of file dnssectool.h.
| #define check_dns_dbiterator_current | ( | result | ) |
Value:
check_result((result == DNS_R_NEWORIGIN) ? ISC_R_SUCCESS : result, \ "dns_dbiterator_current()")
Definition at line 28 of file dnssectool.h.
Referenced by assignwork(), cleanup_zone(), nsec3ify(), nsecify(), signapex(), and verifyzone().
| #define TYPE_FORMATSIZE 20 |
| #define SIG_FORMATSIZE (DNS_NAME_FORMATSIZE + DNS_SECALG_FORMATSIZE + sizeof("65535")) |
| typedef void( fatalcallback_t)(void) |
Definition at line 33 of file dnssectool.h.
| ISC_PLATFORM_NORETURN_PRE void fatal | ( | const char * | format, | |
| ... | ||||
| ) |
| void setfatalcallback | ( | fatalcallback_t * | callback | ) |
| void check_result | ( | isc_result_t | result, | |
| const char * | message | |||
| ) |
Definition at line 574 of file dighost.c.
References fatal(), ISC_R_SUCCESS, and isc_result_totext().
Referenced by active_node(), add_ds(), add_opt(), add_question(), addnowildcardhash(), addnsec3(), addnsec3param(), bringup_timer(), build_final_keylist(), chase_cnamechain(), check_for_more_data(), check_no_rrsig(), check_tsig_error(), cleannode(), cleanup_zone(), destroy_libs(), dumpnode(), fetch_callback(), followup_lookup(), get_soa_ttls(), goodsig(), innsec3params(), insert_soa(), is_empty(), isoptout(), launch_next_query(), loadds(), loadkeyset(), loadzone(), main(), make_prereq(), match_nsec3(), nsec3clean(), nsec3ify(), nsecify(), opendb(), parse_name(), parse_rdata(), presign(), printa(), printmessage(), printrdata(), printsoa(), record_found(), recv_done(), recvsoa(), remove_records(), remove_sigs(), reset_system(), rrset_cleanup(), save_opt(), say_message(), send_tcp_connect(), send_udp(), send_update(), sendrequest(), set_nsec3params(), setsoaserial(), setup_keystr(), setup_libs(), setup_logging(), setup_lookup(), setup_system(), setup_text_key(), setzone(), short_answer(), show_message(), show_settings(), signapex(), signname(), signset(), signwithkey(), start_lookup(), start_update(), tcp_length_done(), type_format(), update_addordelete(), update_completed(), verifynode(), verifynsec(), verifynsec3(), verifyset(), verifyzone(), warnifallksk(), and writeset().
| void vbprintf | ( | int | level, | |
| const char * | fmt, | |||
| ... | ||||
| ) |
| void void version | ( | const char * | program | ) |
| void type_format | ( | const dns_rdatatype_t | type, | |
| char * | cp, | |||
| unsigned int | size | |||
| ) |
Definition at line 129 of file dnssectool.c.
References isc_region::base, check_result(), dns_rdatatype_totext(), isc_buffer_init, isc_buffer_usedregion, isc_region::length, and r.
Referenced by check_no_rrsig(), rrset_cleanup(), signset(), and verifyset().
| void sig_format | ( | dns_rdata_rrsig_t * | sig, | |
| char * | cp, | |||
| unsigned int | size | |||
| ) |
Definition at line 142 of file dnssectool.c.
References dns_name_format(), DNS_NAME_FORMATSIZE, and dns_secalg_format().
Referenced by signset().
Definition at line 152 of file dnssectool.c.
References check_result(), dns_log_init(), dns_log_setcontext(), isc_logdestination::file, isc_log_create(), isc_log_createchannel(), ISC_LOG_DEBUG, ISC_LOG_INFO, ISC_LOG_PRINTLEVEL, ISC_LOG_PRINTTAG, ISC_LOG_ROLLNEVER, isc_log_setcontext(), isc_log_settag(), ISC_LOG_TOFILEDESC, isc_log_usechannel(), ISC_LOG_WARNING, ISC_R_SUCCESS, isc_logfile::maximum_size, isc_logfile::name, program, RUNTIME_CHECK, isc_logfile::stream, verbose, and isc_logfile::versions.
| void cleanup_logging | ( | isc_log_t ** | logp | ) |
Definition at line 208 of file dnssectool.c.
References dns_log_setcontext(), isc_log_destroy(), isc_log_setcontext(), and REQUIRE.
Referenced by main().
| void setup_entropy | ( | isc_mem_t * | mctx, | |
| const char * | randomfile, | |||
| isc_entropy_t ** | ectx | |||
| ) |
Definition at line 223 of file dnssectool.c.
References fatal(), isc_entropy_create(), ISC_ENTROPY_KEYBOARDMAYBE, ISC_ENTROPY_KEYBOARDYES, isc_entropy_usebestsource(), ISC_LINK_INIT, ISC_LIST_APPEND, ISC_LIST_INIT, isc_mem_get, ISC_R_SUCCESS, isc_result_totext(), entropysource::mctx, REQUIRE, entropysource::source, and sources.
Referenced by main(), parse_args(), and setup_system().
| void cleanup_entropy | ( | isc_entropy_t ** | ectx | ) |
Definition at line 262 of file dnssectool.c.
References isc_entropy_destroysource(), isc_entropy_detach(), ISC_LIST_EMPTY, ISC_LIST_HEAD, ISC_LIST_UNLINK, isc_mem_put, entropysource::mctx, entropysource::source, and sources.
Referenced by doshutdown(), and main().
| dns_ttl_t strtottl | ( | const char * | str | ) |
Definition at line 314 of file dnssectool.c.
References fatal(), isnone(), time_units(), and ttl.
Referenced by main().
| isc_stdtime_t strtotime | ( | const char * | str, | |
| isc_int64_t | now, | |||
| isc_int64_t | base, | |||
| isc_boolean_t * | setp | |||
| ) |
Definition at line 330 of file dnssectool.c.
References dns_time64_fromtext(), fatal(), ISC_FALSE, ISC_R_SUCCESS, isc_result_totext(), ISC_TRUE, isnone(), and time_units().
Referenced by main().
| dns_rdataclass_t strtoclass | ( | const char * | str | ) |
Definition at line 396 of file dnssectool.c.
References isc_textregion::base, DE_CONST, dns_rdataclass_fromtext(), fatal(), ISC_R_SUCCESS, isc_textregion::length, r, and rdclass.
Referenced by main().
| isc_result_t try_dir | ( | const char * | dirname | ) |
Definition at line 412 of file dnssectool.c.
References isc_dir_close(), isc_dir_init(), isc_dir_open(), and ISC_R_SUCCESS.
Referenced by main().
| void check_keyversion | ( | dst_key_t * | key, | |
| char * | keystr | |||
| ) |
Definition at line 428 of file dnssectool.c.
References dst_key_getprivateformat(), DST_MAJOR_VERSION, DST_MINOR_VERSION, fatal(), and INSIST.
Referenced by main().
| void set_keyversion | ( | dst_key_t * | key | ) |
Definition at line 444 of file dnssectool.c.
References dst_key_getprivateformat(), dst_key_setprivateformat(), dst_key_settime(), DST_MAJOR_VERSION, DST_MINOR_VERSION, DST_TIME_CREATED, INSIST, isc_stdtime_get(), and now.
Referenced by main().
| isc_boolean_t key_collision | ( | dst_key_t * | key, | |
| dns_name_t * | name, | |||
| const char * | dir, | |||
| isc_mem_t * | mctx, | |||
| isc_boolean_t * | exact | |||
| ) |
Definition at line 465 of file dnssectool.c.
References dns_dnssec_findmatchingkeys(), dns_dnsseckey_destroy(), dst_key_alg(), dst_key_id(), dst_key_rid(), ISC_FALSE, ISC_LIST_EMPTY, ISC_LIST_HEAD, ISC_LIST_INIT, ISC_LIST_UNLINK, ISC_R_NOTFOUND, ISC_TRUE, dns_dnsseckey::key, key, and verbose.
Referenced by main().
| isc_boolean_t is_delegation | ( | dns_db_t * | db, | |
| dns_dbversion_t * | ver, | |||
| dns_name_t * | origin, | |||
| dns_name_t * | name, | |||
| dns_dbnode_t * | node, | |||
| isc_uint32_t * | ttlp | |||
| ) |
Definition at line 528 of file dnssectool.c.
References dns_db_findrdataset(), dns_name_equal(), dns_rdataset_disassociate(), dns_rdataset_init(), dns_rdataset_isassociated(), ISC_FALSE, ISC_R_SUCCESS, ISC_TF, and dns_rdataset::ttl.
Referenced by assignwork(), nsec3ify(), nsecify(), signname(), and verifyzone().
| void verifyzone | ( | dns_db_t * | db, | |
| dns_dbversion_t * | ver, | |||
| dns_name_t * | origin, | |||
| isc_mem_t * | mctx, | |||
| isc_boolean_t | ignore_kskflag, | |||
| isc_boolean_t | keyset_kskonly | |||
| ) |
Verify that certain things are sane:.
The apex has a DNSKEY record with at least one KSK, and at least one ZSK if the -x flag was not used.
The DNSKEY record was signed with at least one of the KSKs in this set.
The rest of the zone was signed with at least one of the ZSKs present in the DNSKEY RRSET.
Definition at line 1453 of file dnssectool.c.
References buffer, chain_compare(), check_dns_dbiterator_current, check_no_nsec(), check_result(), dns_db_createiterator(), dns_db_detachnode(), dns_db_findnode(), dns_db_findrdataset(), DNS_DB_NONSEC3, DNS_DB_NSEC3ONLY, dns_dbiterator_current(), dns_dbiterator_destroy(), dns_dbiterator_first(), dns_dbiterator_next(), dns_dnssec_selfsigns(), dns_dnssec_signs(), dns_fixedname_init, dns_fixedname_name, DNS_KEYFLAG_KSK, DNS_KEYFLAG_REVOKE, DNS_KEYOWNER_ZONE, dns_name_copy(), dns_name_format(), DNS_NAME_FORMATSIZE, dns_name_issubdomain(), dns_rdata_freestruct(), DNS_RDATA_INIT, dns_rdata_reset(), dns_rdata_tostruct(), dns_rdata_totext(), dns_rdataset_current(), dns_rdataset_disassociate(), dns_rdataset_first(), dns_rdataset_init(), dns_rdataset_isassociated(), dns_rdataset_next(), dns_result_totext(), dns_secalg_format(), fatal(), is_delegation(), is_empty(), isc_buffer_init, isc_buffer_usedlength, ISC_FALSE, isc_heap_create(), isc_heap_destroy(), ISC_R_NOMORE, ISC_R_NOTFOUND, ISC_R_SUCCESS, ISC_R_UNSET, isc_result_totext(), ISC_TRUE, isdelegation(), name, namebuf, record_found(), verify_nsec3_chains(), verifyemptynodes(), and verifynode().
Referenced by main().
| ISC_PLATFORM_NORETURN_PRE void ISC_PLATFORM_NORETURN_POST |
Definition at line 37 of file dnssectool.h.