44 #include <ldns/ldns.h> 46 static const char* zone_str =
"zone";
59 if (!name || !klass) {
64 if (strlen(name) > 1 && name[strlen(name)-1] ==
'.') {
65 name[strlen(name)-1] =
'\0';
69 if (pthread_mutex_init(&zone->
zone_lock, NULL)) {
73 if (pthread_mutex_init(&zone->
xfr_lock, NULL)) {
74 (void)pthread_mutex_destroy(&zone->
zone_lock);
79 zone->
name = strdup(name);
81 ods_log_error(
"[%s] unable to create zone %s: allocator_strdup() " 82 "failed", zone_str, name);
88 zone->
apex = ldns_dname_new_frm_str(name);
103 ods_log_error(
"[%s] unable to create zone %s: namedb_create() " 104 "failed", zone_str, name);
110 ods_log_error(
"[%s] unable to create zone %s: ixfr_create() " 111 "failed", zone_str, name);
116 if (!zone->signconf) {
117 ods_log_error(
"[%s] unable to create zone %s: signconf_create() " 118 "failed", zone_str, name);
134 ods_status status = ODS_STATUS_OK;
136 char* datestamp = NULL;
139 return ODS_STATUS_ASSERT_ERR;
142 ods_log_warning(
"[%s] zone %s has no signconf filename, treat as " 143 "insecure?", zone_str, zone->
name);
144 return ODS_STATUS_INSECURE;
148 if (status == ODS_STATUS_OK) {
151 ods_log_alert(
"[%s] unable to load signconf for zone %s: signconf " 152 "status ok but no signconf stored", zone_str, zone->
name);
153 return ODS_STATUS_ASSERT_ERR;
157 ods_log_debug(
"[%s] zone %s signconf file %s is modified since %s",
159 datestamp?datestamp:
"Unknown");
160 free((
void*)datestamp);
161 *new_signconf = signconf;
162 }
else if (status == ODS_STATUS_UNCHANGED) {
167 "%Y-%m-%d %T", &datestamp);
168 ods_log_verbose(
"[%s] zone %s signconf file %s is unchanged since " 170 datestamp?datestamp:
"Unknown");
171 free((
void*)datestamp);
173 ods_log_error(
"[%s] unable to load signconf for zone %s: signconf %s " 175 ods_status2str(status));
189 ods_status status = ODS_STATUS_OK;
191 ods_log_assert(taskq);
192 ods_log_assert(zone);
193 ods_log_assert(zone->
name);
194 ods_log_assert(zone->
task);
195 ods_log_debug(
"[%s] reschedule task for zone %s", zone_str, zone->
name);
199 if (task->
what != what) {
205 if (task->
what > what) {
208 task->
when = time_now();
212 ods_log_verbose(
"[%s] unable to reschedule task for zone %s now: " 213 "task is not queued (task will be rescheduled when it is put " 214 "back on the queue)", zone_str, zone->
name);
232 hsm_ctx_t* ctx = NULL;
235 ods_status status = ODS_STATUS_OK;
240 return ODS_STATUS_ASSERT_ERR;
242 ods_log_assert(zone->
name);
245 ctx = hsm_create_context();
247 ods_log_error(
"[%s] unable to publish keys for zone %s: " 248 "error creating libhsm context", zone_str, zone->
name);
249 return ODS_STATUS_HSM_ERR;
265 ods_log_error(
"[%s] unable to publish dnskeys for zone %s: " 266 "error decoding literal dnskey", zone_str, zone->
name);
267 hsm_destroy_context(ctx);
273 if (status != ODS_STATUS_OK) {
274 ods_log_error(
"[%s] unable to publish dnskeys for zone %s: " 275 "error creating dnskey", zone_str, zone->
name);
280 ods_log_debug(
"[%s] publish %s DNSKEY locator %s", zone_str,
286 if (status == ODS_STATUS_UNCHANGED) {
289 ods_log_assert(rrset);
292 ods_log_assert(dnskey);
297 status = ODS_STATUS_OK;
298 }
else if (status != ODS_STATUS_OK) {
299 ods_log_error(
"[%s] unable to publish dnskeys for zone %s: " 300 "error adding dnskey", zone_str, zone->
name);
305 hsm_destroy_context(ctx);
329 if (dnskey && !dnskey->
exists &&
348 ods_status status = ODS_STATUS_OK;
351 return ODS_STATUS_ASSERT_ERR;
356 return ODS_STATUS_OK;
362 rr = ldns_rr_new_frm_type(LDNS_RR_TYPE_NSEC3PARAMS);
364 ods_log_error(
"[%s] unable to publish nsec3params for zone %s: " 365 "error creating rr (%s)", zone_str, zone->
name,
366 ods_status2str(status));
367 return ODS_STATUS_MALLOC_ERR;
369 ldns_rr_set_class(rr, zone->
klass);
370 ldns_rr_set_ttl(rr, paramttl);
371 ldns_rr_set_owner(rr, ldns_rdf_clone(zone->
apex));
372 ldns_nsec3_add_param_rdfs(rr,
381 ldns_set_bit(ldns_rdf_data(ldns_rr_rdf(rr, 1)), 7, 0);
390 if (status == ODS_STATUS_UNCHANGED) {
393 ods_log_assert(rrset);
395 ods_log_assert(n3prr);
400 status = ODS_STATUS_OK;
401 }
else if (status != ODS_STATUS_OK) {
402 ods_log_error(
"[%s] unable to publish nsec3params for zone %s: " 403 "error adding nsec3params (%s)", zone_str,
404 zone->
name, ods_status2str(status));
426 if (n3prr && !n3prr->
exists &&
441 hsm_ctx_t* ctx = NULL;
443 ods_status status = ODS_STATUS_OK;
446 return ODS_STATUS_ASSERT_ERR;
448 ods_log_assert(zone->
name);
450 ctx = hsm_create_context();
452 ods_log_error(
"[%s] unable to prepare signing keys for zone %s: " 453 "error creating libhsm context", zone_str, zone->
name);
454 return ODS_STATUS_HSM_ERR;
462 if (status != ODS_STATUS_OK) {
463 ods_log_error(
"[%s] unable to prepare signing keys for zone %s: " 464 "error getting dnskey", zone_str, zone->
name);
471 hsm_destroy_context(ctx);
483 ods_status status = ODS_STATUS_OK;
487 ldns_rdf* soa_rdata = NULL;
489 ods_log_assert(zone);
490 ods_log_assert(zone->
apex);
491 ods_log_assert(zone->
name);
492 ods_log_assert(zone->
db);
497 ods_log_debug(
"[%s] zone %s soa serial already up to date",
498 zone_str, zone->
name);
500 return ODS_STATUS_OK;
503 if (!rrset || !rrset->
rrs || !rrset->
rrs[0].
rr) {
504 ods_log_error(
"[%s] unable to update zone %s soa serial: failed to " 505 "find soa rrset", zone_str, zone->
name);
506 return ODS_STATUS_ERR;
508 ods_log_assert(rrset);
509 ods_log_assert(rrset->
rrs);
510 ods_log_assert(rrset->
rrs[0].
rr);
511 rr = ldns_rr_clone(rrset->
rrs[0].
rr);
513 ods_log_error(
"[%s] unable to update zone %s soa serial: failed to " 514 "clone soa rr", zone_str, zone->
name);
515 return ODS_STATUS_ERR;
519 if (status != ODS_STATUS_OK) {
520 ods_log_error(
"[%s] unable to update zone %s soa serial: %s",
521 zone_str, zone->
name, ods_status2str(status));
522 if (status == ODS_STATUS_CONFLICT_ERR) {
523 ods_log_error(
"[%s] If this is the result of a key rollover, " 524 "please increment the serial in the unsigned zone %s",
525 zone_str, zone->
name);
530 ods_log_verbose(
"[%s] zone %s set soa serial to %u", zone_str,
532 soa_rdata = ldns_rr_set_rdf(rr,
533 ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32,
536 ldns_rdf_deep_free(soa_rdata);
539 ods_log_error(
"[%s] unable to update zone %s soa serial: failed to " 540 "replace soa serial rdata", zone_str, zone->
name);
542 return ODS_STATUS_ERR;
548 return ODS_STATUS_OK;
560 if (!zone || !owner || !type) {
581 ods_status status = ODS_STATUS_OK;
586 ods_log_assert(zone);
587 ods_log_assert(zone->
name);
588 ods_log_assert(zone->
db);
595 ods_log_error(
"[%s] unable to add RR to zone %s: " 596 "failed to add domain", zone_str, zone->
name);
597 return ODS_STATUS_ERR;
599 if (ldns_dname_compare(domain->
dname, zone->
apex) == 0) {
603 if (status != ODS_STATUS_OK) {
604 ods_log_error(
"[%s] unable to add RR to zone %s: " 605 "failed to entize domain", zone_str, zone->
name);
606 return ODS_STATUS_ERR;
614 ods_log_error(
"[%s] unable to add RR to zone %s: " 615 "failed to add RRset", zone_str, zone->
name);
616 return ODS_STATUS_ERR;
622 if (record && ldns_rr_ttl(rr) != ldns_rr_ttl(record->
rr))
628 return ODS_STATUS_UNCHANGED;
631 ods_log_assert(record);
632 ods_log_assert(record->
rr);
634 if (ldns_rr_ttl(rr) != ldns_rr_ttl(rrset->
rrs[0].
rr)) {
635 str = ldns_rr2str(rr);
636 str[(strlen(str)) - 1] =
'\0';
637 for (i = 0; i < strlen(str); i++) {
638 if (str[i] ==
'\t') {
642 ods_log_error(
"In zone file %s: TTL for the record '%s' set to %d", zone->
name, str, ldns_rr_ttl(rrset->
rrs[0].
rr));
647 if (do_stats && zone->
stats) {
650 return ODS_STATUS_OK;
665 ods_log_assert(zone);
666 ods_log_assert(zone->
name);
667 ods_log_assert(zone->
db);
671 ods_log_warning(
"[%s] unable to delete RR from zone %s: " 672 "domain not found", zone_str, zone->
name);
673 return ODS_STATUS_UNCHANGED;
677 ods_log_warning(
"[%s] unable to delete RR from zone %s: " 678 "RRset not found", zone_str, zone->
name);
679 return ODS_STATUS_UNCHANGED;
683 ods_log_error(
"[%s] unable to delete RR from zone %s: " 684 "RR not found", zone_str, zone->
name);
685 return ODS_STATUS_UNCHANGED;
691 if (do_stats && zone->
stats) {
694 return ODS_STATUS_OK;
709 ods_log_assert(zone);
710 ods_log_assert(zone->
name);
711 ods_log_assert(zone->
db);
715 ods_log_verbose(
"[%s] unable to delete RR from zone %s: " 716 "domain not found", zone_str, zone->
name);
717 return ODS_STATUS_UNCHANGED;
722 ods_log_verbose(
"[%s] NSEC3PARAM in zone %s not found: " 723 "skipping delete", zone_str, zone->
name);
724 return ODS_STATUS_UNCHANGED;
731 for (i=0; i < rrset->
rr_count; i++) {
734 return ODS_STATUS_OK;
755 ods_log_error(
"[%s] failed to merge policy %s name to zone " 773 ods_log_error(
"[%s] failed to merge signconf filename %s to " 812 ldns_rdf_deep_free(zone->
apex);
825 free((
void*)zone->
name);
826 collection_class_destroy(&zone->
rrstore);
827 lock_basic_destroy(&zone->
xfr_lock);
840 char* filename = NULL;
842 const char* token = NULL;
845 ods_status status = ODS_STATUS_OK;
848 uint32_t inbound = 0,
internal = 0, outbound = 0;
852 const char* salt = NULL;
854 ods_log_assert(zone);
855 ods_log_assert(zone->
name);
857 ods_log_assert(zone->
db);
859 filename = ods_build_path(zone->
name,
".backup2", 0, 1);
861 return ODS_STATUS_MALLOC_ERR;
863 fd = ods_fopen(filename, NULL,
"r");
867 ods_log_error(
"[%s] corrupted backup file zone %s: read magic " 868 "error", zone_str, zone->
name);
873 ods_log_error(
"[%s] corrupted backup file zone %s: read time " 874 "error", zone_str, zone->
name);
881 ods_log_error(
"[%s] corrupted backup file zone %s: read name " 882 "error", zone_str, zone->
name);
887 ods_log_error(
"[%s] corrupted backup file zone %s: read class " 888 "error", zone_str, zone->
name);
897 ods_log_error(
"[%s] corrupted backup file zone %s: read serial " 898 "error", zone_str, zone->
name);
901 zone->
klass = (ldns_rr_class) klass;
935 ods_log_error(
"[%s] corrupted backup file zone %s: read signconf " 936 "error", zone_str, zone->
name);
950 ods_log_error(
"[%s] corrupted backup file zone %s: read " 951 "nsec3parameters error", zone_str, zone->
name);
964 ods_log_error(
"[%s] corrupted backup file zone %s: unable to " 965 "create nsec3param", zone_str, zone->
name);
974 if (ods_strcmp(token,
";;Key:") == 0) {
976 ods_log_error(
"[%s] corrupted backup file zone %s: read " 977 "key error", zone_str, zone->
name);
980 }
else if (ods_strcmp(token,
";;") == 0) {
994 if (status != ODS_STATUS_OK) {
995 ods_log_error(
"[%s] corrupted backup file zone %s: unable to " 996 "publish dnskeys (%s)", zone_str, zone->
name,
997 ods_status2str(status));
1003 if (status != ODS_STATUS_OK) {
1004 ods_log_error(
"[%s] corrupted backup file zone %s: unable to " 1005 "publish nsec3param (%s)", zone_str, zone->
name,
1006 ods_status2str(status));
1007 goto recover_error2;
1011 if (status != ODS_STATUS_OK) {
1012 ods_log_error(
"[%s] corrupted backup file zone %s: unable to " 1013 "read resource records (%s)", zone_str, zone->
name,
1014 ods_status2str(status));
1015 goto recover_error2;
1020 ods_log_error(
"[%s] failed to restore zone %s: unable to " 1021 "create task", zone_str, zone->name);
1022 goto recover_error2;
1024 zone->task = (
void*) task;
1025 free((
void*)filename);
1027 zone->db->is_initialized = 1;
1028 zone->db->have_serial = 1;
1030 filename = ods_build_path(zone->name,
".ixfr", 0, 1);
1032 fd = ods_fopen(filename, NULL,
"r");
1036 if (status != ODS_STATUS_OK) {
1037 ods_log_warning(
"[%s] corrupted journal file zone %s, " 1038 "skipping (%s)", zone_str, zone->name,
1039 ods_status2str(status));
1040 (void)unlink(filename);
1045 lock_basic_lock(&zone->ixfr->ixfr_lock);
1047 lock_basic_unlock(&zone->ixfr->ixfr_lock);
1050 free((
void*)filename);
1055 lock_basic_lock(&zone->stats->stats_lock);
1057 lock_basic_unlock(&zone->stats->stats_lock);
1059 return ODS_STATUS_OK;
1062 return ODS_STATUS_UNCHANGED;
1065 free((
void*)filename);
1076 ods_log_assert(zone->db);
1079 lock_basic_lock(&zone->stats->stats_lock);
1081 lock_basic_unlock(&zone->stats->stats_lock);
1083 return ODS_STATUS_ERR;
1094 char* filename = NULL;
1095 char* tmpfile = NULL;
1099 ods_status status = ODS_STATUS_OK;
1101 ods_log_assert(zone);
1102 ods_log_assert(zone->
name);
1103 ods_log_assert(zone->
db);
1105 ods_log_assert(zone->
task);
1107 tmpfile = ods_build_path(zone->
name,
".backup2.tmp", 0, 1);
1108 filename = ods_build_path(zone->
name,
".backup2", 0, 1);
1109 if (!tmpfile || !filename) {
1112 return ODS_STATUS_MALLOC_ERR;
1114 fd = ods_fopen(tmpfile, NULL,
"w");
1116 fprintf(fd,
"%s\n", ODS_SE_FILE_MAGIC_V3);
1118 fprintf(fd,
";;Time: %u\n", (
unsigned) task->
when);
1120 fprintf(fd,
";;Zone: name %s class %i inbound %u internal %u " 1121 "outbound %u\n", zone->
name, (
int) zone->
klass,
1135 ODS_SE_FILE_MAGIC_V3);
1139 fprintf(fd,
";;\n");
1143 fprintf(fd,
"%s\n", ODS_SE_FILE_MAGIC_V3);
1145 ret = rename(tmpfile, filename);
1147 ods_log_error(
"[%s] unable to rename zone %s backup %s to %s: %s",
1148 zone_str, zone->
name, tmpfile, filename, strerror(errno));
1149 status = ODS_STATUS_RENAME_ERR;
1152 status = ODS_STATUS_FOPEN_ERR;
1155 free((
void*) tmpfile);
1156 free((
void*) filename);
signconf_type * signconf_create(void)
ods_status zone_del_nsec3params(zone_type *zone)
void ixfr_cleanup(ixfr_type *ixfr)
rr_type * rrset_lookup_rr(rrset_type *rrset, ldns_rr *rr)
int backup_read_str(FILE *in, const char **str)
uint32_t nsec3_iterations
void zone_cleanup(zone_type *zone)
duration_type * sig_inception_offset
void signconf_backup(FILE *fd, signconf_type *sc, const char *version)
int adapter_compare(adapter_type *a1, adapter_type *a2)
void domain_add_rrset(domain_type *domain, rrset_type *rrset)
rrset_type * domain_lookup_rrset(domain_type *domain, ldns_rr_type rrtype)
int backup_read_duration(FILE *in, duration_type **v)
void zone_merge(zone_type *z1, zone_type *z2)
stats_type * stats_create(void)
ods_status rrset_getliteralrr(ldns_rr **dnskey, const char *resourcerecord, uint32_t ttl, ldns_rdf *apex)
duration_type * sig_validity_default
void signconf_cleanup(signconf_type *sc)
void namedb_cleanup(namedb_type *db)
ixfr_type * ixfr_create(zone_type *zone)
int backup_read_rr_type(FILE *in, ldns_rr_type *v)
duration_type * sig_validity_denial
duration_type * nsec3param_ttl
ods_status zone_recover2(zone_type *zone)
ods_status schedule_task(schedule_type *schedule, task_type *task, int log)
int backup_read_time_t(FILE *in, time_t *v)
lock_basic_type zone_lock
collection_class rrset_store_initialize()
rr_type * rrset_add_rr(rrset_type *rrset, ldns_rr *rr)
ods_status namedb_update_serial(namedb_type *db, const char *zone_name, const char *format, uint32_t inbound_serial)
keylist_type * keylist_create(signconf_type *signconf)
int backup_read_int(FILE *in, int *v)
zone_type * zone_create(char *name, ldns_rr_class klass)
ods_status backup_read_ixfr(FILE *in, void *zone)
void namedb_backup2(FILE *fd, namedb_type *db)
void notify_cleanup(notify_type *notify)
void nsec3params_backup(FILE *fd, uint8_t algo, uint8_t flags, uint16_t iter, const char *salt, ldns_rr *rr, const char *version)
enum task_id_enum task_id
adapter_type * adoutbound
nsec3params_type * nsec3params_create(void *sc, uint8_t algo, uint8_t flags, uint16_t iter, const char *salt)
ods_status backup_read_namedb(FILE *in, void *zone)
ods_status zone_publish_nsec3param(zone_type *zone)
duration_type * sig_refresh_interval
duration_type * sig_validity_keyset
ods_status lhsm_get_key(hsm_ctx_t *ctx, ldns_rdf *owner, key_type *key_id)
const char ** dnskey_signature
ods_status namedb_domain_entize(namedb_type *db, domain_type *domain, ldns_rdf *apex)
ods_status zone_backup2(zone_type *zone)
ods_status zone_update_serial(zone_type *zone)
ods_status zone_add_rr(zone_type *zone, ldns_rr *rr, int do_stats)
void xfrd_cleanup(xfrd_type *xfrd, int backup)
domain_type * namedb_lookup_domain(namedb_type *db, ldns_rdf *dname)
void stats_cleanup(stats_type *stats)
task_type * unschedule_task(schedule_type *schedule, task_type *task)
const char * resourcerecord
const char * signconf_filename
void zone_rollback_dnskeys(zone_type *zone)
ods_status zone_publish_dnskeys(zone_type *zone)
ods_status zone_reschedule_task(zone_type *zone, schedule_type *taskq, task_id what)
namedb_type * namedb_create(void *zone)
ods_status zone_del_rr(zone_type *zone, ldns_rr *rr, int do_stats)
void zone_rollback_nsec3param(zone_type *zone)
rrset_type * zone_lookup_rrset(zone_type *zone, ldns_rdf *owner, ldns_rr_type type)
nsec3params_type * nsec3params
domain_type * namedb_add_domain(namedb_type *db, ldns_rdf *dname)
duration_type * dnskey_ttl
ods_status zone_prepare_keys(zone_type *zone)
int backup_read_check_str(FILE *in, const char *str)
duration_type * sig_jitter
hsm_sign_params_t * params
duration_type * sig_resign_interval
void ixfr_purge(ixfr_type *ixfr)
lock_basic_type schedule_lock
void rrset_diff(rrset_type *rrset, unsigned is_ixfr, unsigned more_coming)
ods_status zone_load_signconf(zone_type *zone, signconf_type **new_signconf)
rrset_type * rrset_create(zone_type *zone, ldns_rr_type type)
void adapter_cleanup(adapter_type *adapter)
key_type * key_recover2(FILE *fd, keylist_type *kl)
void keylist_backup(FILE *fd, keylist_type *kl, const char *version)
task_type * task_create(task_id what, time_t when, void *zone)
ods_status signconf_update(signconf_type **signconf, const char *scfile, time_t last_modified)
int backup_read_uint32_t(FILE *in, uint32_t *v)
void stats_clear(stats_type *stats)