OpenDNSSEC-signer  1.4.1
namedb.c
Go to the documentation of this file.
1 /*
2  * $Id: namedb.c 5467 2011-08-24 06:51:16Z matthijs $
3  *
4  * Copyright (c) 2009 NLNet Labs. All rights reserved.
5  *
6  * Redistribution and use in source and binary forms, with or without
7  * modification, are permitted provided that the following conditions
8  * are met:
9  * 1. Redistributions of source code must retain the above copyright
10  * notice, this list of conditions and the following disclaimer.
11  * 2. Redistributions in binary form must reproduce the above copyright
12  * notice, this list of conditions and the following disclaimer in the
13  * documentation and/or other materials provided with the distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR
16  * IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED
17  * WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
18  * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
19  * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
20  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE
21  * GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
22  * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER
23  * IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24  * OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN
25  * IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26  *
27  */
28 
34 #include "config.h"
35 #include "shared/allocator.h"
36 #include "shared/file.h"
37 #include "shared/log.h"
38 #include "shared/util.h"
39 #include "signer/backup.h"
40 #include "signer/namedb.h"
41 #include "signer/zone.h"
42 
43 const char* db_str = "namedb";
44 
45 
50 static ldns_rbnode_t*
51 domain2node(domain_type* domain)
52 {
53  ldns_rbnode_t* node = (ldns_rbnode_t*) malloc(sizeof(ldns_rbnode_t));
54  if (!node) {
55  return NULL;
56  }
57  node->key = domain->dname;
58  node->data = domain;
59  return node;
60 }
61 
62 
67 static ldns_rbnode_t*
68 denial2node(denial_type* denial)
69 {
70  ldns_rbnode_t* node = (ldns_rbnode_t*) malloc(sizeof(ldns_rbnode_t));
71  if (!node) {
72  return NULL;
73  }
74  node->key = denial->dname;
75  node->data = denial;
76  return node;
77 }
78 
79 
84 static int
85 domain_compare(const void* a, const void* b)
86 {
87  ldns_rdf* x = (ldns_rdf*)a;
88  ldns_rdf* y = (ldns_rdf*)b;
89  return ldns_dname_compare(x, y);
90 }
91 
92 
97 void
99 {
100  if (db) {
101  db->denials = ldns_rbtree_create(domain_compare);
102  }
103  return;
104 }
105 
106 
111 static void
112 namedb_init_domains(namedb_type* db)
113 {
114  if (db) {
115  db->domains = ldns_rbtree_create(domain_compare);
116  }
117  return;
118 }
119 
120 
126 namedb_create(void* zone)
127 {
128  namedb_type* db = NULL;
129  zone_type* z = (zone_type*) zone;
130 
131  ods_log_assert(z);
132  ods_log_assert(z->name);
134  db = (namedb_type*) allocator_alloc(z->allocator, sizeof(namedb_type));
135  if (!db) {
136  ods_log_error("[%s] unable to create namedb for zone %s: "
137  "allocator_alloc() failed", db_str, z->name);
138  return NULL;
139  }
140  db->zone = zone;
141 
142  namedb_init_domains(db);
143  if (!db->domains) {
144  ods_log_error("[%s] unable to create namedb for zone %s: "
145  "init domains failed", db_str, z->name);
146  namedb_cleanup(db);
147  return NULL;
148  }
150  if (!db->denials) {
151  ods_log_error("[%s] unable to create namedb for zone %s: "
152  "init denials failed", db_str, z->name);
153  namedb_cleanup(db);
154  return NULL;
155  }
156  db->inbserial = 0;
157  db->intserial = 0;
158  db->outserial = 0;
159  db->altserial = 0;
160  db->is_initialized = 0;
161  db->is_processed = 0;
162  db->serial_updated = 0;
163  db->force_serial = 0;
164  return db;
165 }
166 
167 
172 static void*
173 namedb_domain_search(ldns_rbtree_t* tree, ldns_rdf* dname)
174 {
175  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
176  if (!tree || !dname) {
177  return NULL;
178  }
179  node = ldns_rbtree_search(tree, dname);
180  if (node && node != LDNS_RBTREE_NULL) {
181  return (void*) node->data;
182  }
183  return NULL;
184 }
185 
186 
187 static uint32_t
188 max(uint32_t a, uint32_t b)
189 {
190  return (a<b?b:a);
191 }
192 
193 
199 namedb_update_serial(namedb_type* db, const char* zone_name, const char* format,
200  uint32_t inbound_serial)
201 {
202  uint32_t soa = 0;
203  uint32_t prev = 0;
204  uint32_t update = 0;
205  if (!db || !format || !zone_name) {
206  return ODS_STATUS_ASSERT_ERR;
207  }
208  prev = max(db->outserial, inbound_serial);
209  if (!db->is_initialized) {
210  prev = inbound_serial;
211  }
212  ods_log_debug("[%s] zone %s update serial: format=%s in=%u internal=%u "
213  "out=%u now=%u", db_str, zone_name, format, db->inbserial,
214  db->intserial, db->outserial, (uint32_t) time_now());
215  if (db->force_serial) {
216  soa = db->altserial;
217  if (!util_serial_gt(soa, prev)) {
218  ods_log_warning("[%s] zone %s unable to enforce serial: %u does not "
219  " increase %u. Serial set to %u", db_str, zone_name, soa, prev,
220  (prev+1));
221  soa = prev + 1;
222  } else {
223  ods_log_info("[%s] zone %s enforcing serial %u", db_str, zone_name,
224  soa);
225  }
226  db->force_serial = 0;
227  } else if (ods_strcmp(format, "unixtime") == 0) {
228  soa = (uint32_t) time_now();
229  if (!util_serial_gt(soa, prev)) {
230  if (!db->is_initialized) {
231  ods_log_warning("[%s] zone %s unable to use unixtime as serial: "
232  "%u does not increase %u. Serial set to %u", db_str,
233  zone_name, soa, prev, (prev+1));
234  }
235  soa = prev + 1;
236  }
237  } else if (ods_strcmp(format, "datecounter") == 0) {
238  soa = (uint32_t) time_datestamp(0, "%Y%m%d", NULL) * 100;
239  if (!util_serial_gt(soa, prev)) {
240  if (!db->is_initialized) {
241  ods_log_warning("[%s] zone %s unable to use datecounter as "
242  "serial: %u does not increase %u. Serial set to %u", db_str,
243  zone_name, soa, prev, (prev+1));
244  }
245  soa = prev + 1;
246  }
247  } else if (ods_strcmp(format, "counter") == 0) {
248  soa = inbound_serial + 1;
249  if (db->is_initialized && !util_serial_gt(soa, prev)) {
250  soa = prev + 1;
251  }
252  } else if (ods_strcmp(format, "keep") == 0) {
253  prev = db->outserial;
254  soa = inbound_serial;
255  if (db->is_initialized && !util_serial_gt(soa, prev)) {
256  ods_log_error("[%s] zone %s cannot keep SOA SERIAL from input zone "
257  " (%u): previous output SOA SERIAL is %u", db_str, zone_name,
258  soa, prev);
260  }
261  } else {
262  ods_log_error("[%s] zone %s unknown serial type %s", db_str, zone_name,
263  format);
264  return ODS_STATUS_ERR;
265  }
266  /* serial is stored in 32 bits */
267  update = soa - prev;
268  if (update > 0x7FFFFFFF) {
269  update = 0x7FFFFFFF;
270  }
271  if (!db->is_initialized) {
272  db->intserial = soa;
273  } else {
274  db->intserial = prev + update; /* automatically does % 2^32 */
275  }
276  ods_log_debug("[%s] zone %s update serial: %u + %u = %u", db_str, zone_name,
277  prev, update, db->intserial);
278  return ODS_STATUS_OK;
279 }
280 
281 
287 namedb_domain_entize(namedb_type* db, domain_type* domain, ldns_rdf* apex)
288 {
289  ldns_rdf* parent_rdf = NULL;
290  domain_type* parent_domain = NULL;
291  ods_log_assert(apex);
292  ods_log_assert(domain);
293  ods_log_assert(domain->dname);
294  ods_log_assert(db);
295  ods_log_assert(db->domains);
296  if (domain->parent) {
297  /* domain already has parent */
298  return ODS_STATUS_OK;
299  }
300 
301  while (domain && ldns_dname_is_subdomain(domain->dname, apex) &&
302  ldns_dname_compare(domain->dname, apex) != 0) {
310  parent_rdf = ldns_dname_left_chop(domain->dname);
311  if (!parent_rdf) {
312  ods_log_error("[%s] unable to entize domain: left chop failed",
313  db_str);
314  return ODS_STATUS_ERR;
315  }
316  parent_domain = namedb_lookup_domain(db, parent_rdf);
317  if (!parent_domain) {
318  parent_domain = namedb_add_domain(db, parent_rdf);
319  ldns_rdf_deep_free(parent_rdf);
320  if (!parent_domain) {
321  ods_log_error("[%s] unable to entize domain: failed to add "
322  "parent domain", db_str);
323  return ODS_STATUS_ERR;
324  }
325  domain->parent = parent_domain;
326  /* continue with the parent domain */
327  domain = parent_domain;
328  } else {
329  ldns_rdf_deep_free(parent_rdf);
330  domain->parent = parent_domain;
331  /* domain has parent, entize done */
332  domain = NULL;
333  }
334  }
335  return ODS_STATUS_OK;
336 }
337 
338 
344 namedb_lookup_domain(namedb_type* db, ldns_rdf* dname)
345 {
346  if (!db) {
347  return NULL;
348  }
349  return (domain_type*) namedb_domain_search(db->domains, dname);
350 }
351 
352 
358 namedb_add_domain(namedb_type* db, ldns_rdf* dname)
359 {
360  domain_type* domain = NULL;
361  ldns_rbnode_t* new_node = LDNS_RBTREE_NULL;
362  if (!dname || !db || !db->domains) {
363  return NULL;
364  }
365  domain = domain_create(db->zone, dname);
366  if (!domain) {
367  ods_log_error("[%s] unable to add domain: domain_create() failed",
368  db_str);
369  return NULL;
370  }
371  new_node = domain2node(domain);
372  if (!new_node) {
373  ods_log_error("[%s] unable to add domain: domain2node() failed",
374  db_str);
375  return NULL;
376  }
377  if (ldns_rbtree_insert(db->domains, new_node) == NULL) {
378  ods_log_error("[%s] unable to add domain: already present", db_str);
379  log_dname(domain->dname, "ERR +DOMAIN", LOG_ERR);
380  domain_cleanup(domain);
381  free((void*)new_node);
382  return NULL;
383  }
384  domain = (domain_type*) new_node->data;
385  domain->node = new_node;
386  domain->is_new = 1;
387  log_dname(domain->dname, "+DOMAIN", LOG_DEEEBUG);
388  return domain;
389 }
390 
391 
398 {
399  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
400  if (!domain || !db || !db->domains) {
401  ods_log_error("[%s] unable to delete domain: !db || !domain", db_str);
402  return NULL;
403  }
404  if (domain->rrsets || domain->denial) {
405  ods_log_error("[%s] unable to delete domain: domain in use", db_str);
406  log_dname(domain->dname, "ERR -DOMAIN", LOG_ERR);
407  return NULL;
408  }
409  node = ldns_rbtree_delete(db->domains, (const void*)domain->dname);
410  if (node) {
411  ods_log_assert(domain->node == node);
412  ods_log_assert(!domain->rrsets);
413  ods_log_assert(!domain->denial);
414  free((void*)node);
415  domain->node = NULL;
416  log_dname(domain->dname, "-DOMAIN", LOG_DEEEBUG);
417  return domain;
418  }
419  ods_log_error("[%s] unable to delete domain: not found", db_str);
420  log_dname(domain->dname, "ERR -DOMAIN", LOG_ERR);
421  return NULL;
422 }
423 
424 
430 namedb_lookup_denial(namedb_type* db, ldns_rdf* dname)
431 {
432  if (!db) {
433  return NULL;
434  }
435  return (denial_type*) namedb_domain_search(db->denials, dname);
436 }
437 
438 
443 static int
444 domain_is_empty_terminal(domain_type* domain)
445 {
446  ldns_rbnode_t* n = LDNS_RBTREE_NULL;
447  domain_type* d = NULL;
448  ods_log_assert(domain);
449  if (domain->is_apex) {
450  return 0;
451  }
452  if (domain->rrsets) {
453  return 0;
454  }
455  n = ldns_rbtree_next(domain->node);
456  if (n) {
457  d = (domain_type*) n->data;
458  }
459  /* if it has children domains, do not delete it */
460  if(d && ldns_dname_is_subdomain(d->dname, domain->dname)) {
461  return 0;
462  }
463  return 1;
464 }
465 
466 
471 static int
472 domain_can_be_deleted(domain_type* domain)
473 {
474  ods_log_assert(domain);
475  return (domain_is_empty_terminal(domain) && !domain->denial);
476 }
477 
478 
483 static void
484 namedb_add_nsec_trigger(namedb_type* db, domain_type* domain)
485 {
486  ldns_rr_type dstatus = LDNS_RR_TYPE_FIRST;
487  denial_type* denial = NULL;
488  ods_log_assert(db);
489  ods_log_assert(domain);
490  ods_log_assert(!domain->denial);
491  dstatus = domain_is_occluded(domain);
492  if (dstatus == LDNS_RR_TYPE_DNAME || dstatus == LDNS_RR_TYPE_A) {
493  return; /* don't do occluded/glue domain */
494  }
495  if (!domain->rrsets) {
496  return; /* don't do empty domain */
497  }
498  /* ok, nsecify this domain */
499  denial = namedb_add_denial(db, domain->dname, NULL);
500  ods_log_assert(denial);
501  denial->domain = (void*) domain;
502  domain->denial = (void*) denial;
503  domain->is_new = 0;
504  return;
505 }
506 
507 
512 static void
513 namedb_add_nsec3_trigger(namedb_type* db, domain_type* domain,
514  nsec3params_type* n3p)
515 {
516  ldns_rr_type dstatus = LDNS_RR_TYPE_FIRST;
517  denial_type* denial = NULL;
518  ods_log_assert(db);
519  ods_log_assert(n3p);
520  ods_log_assert(domain);
521  ods_log_assert(!domain->denial);
522  dstatus = domain_is_occluded(domain);
523  if (dstatus == LDNS_RR_TYPE_DNAME || dstatus == LDNS_RR_TYPE_A) {
524  return; /* don't do occluded/glue domain */
525  }
526  /* Opt-Out? */
527  if (n3p->flags) {
528  dstatus = domain_is_delegpt(domain);
529  /* If Opt-Out is being used, owner names of unsigned delegations
530  MAY be excluded. */
531  if (dstatus == LDNS_RR_TYPE_NS || domain_ent2unsignedns(domain)) {
532  return;
533  }
534  }
535  /* ok, nsecify3 this domain */
536  denial = namedb_add_denial(db, domain->dname, n3p);
537  ods_log_assert(denial);
538  denial->domain = (void*) domain;
539  domain->denial = (void*) denial;
540  domain->is_new = 0;
541  return;
542 }
543 
544 
549 static void
550 namedb_add_denial_trigger(namedb_type* db, domain_type* domain)
551 {
552  zone_type* zone = NULL;
553  ods_log_assert(db);
554  ods_log_assert(domain);
555  if (!domain->denial) {
556  zone = (void*) domain->zone;
557  ods_log_assert(zone);
558  ods_log_assert(zone->signconf);
559  if (zone->signconf->nsec_type == LDNS_RR_TYPE_NSEC) {
560  namedb_add_nsec_trigger(db, domain);
561  } else {
562  ods_log_assert(zone->signconf->nsec_type == LDNS_RR_TYPE_NSEC3);
563  namedb_add_nsec3_trigger(db, domain, zone->signconf->nsec3params);
564  }
565  }
566  return;
567 }
568 
569 
574 static void
575 namedb_del_nsec_trigger(namedb_type* db, domain_type* domain)
576 {
577  ldns_rr_type dstatus = LDNS_RR_TYPE_FIRST;
578  denial_type* denial = NULL;
579  ods_log_assert(db);
580  ods_log_assert(domain);
581  ods_log_assert(domain->denial);
582  dstatus = domain_is_occluded(domain);
583  if (dstatus == LDNS_RR_TYPE_DNAME || dstatus == LDNS_RR_TYPE_A ||
584  domain_is_empty_terminal(domain) || !domain->rrsets) {
585  /* domain has become occluded/glue or empty non-terminal*/
586  denial_diff((denial_type*) domain->denial);
587  denial = namedb_del_denial(db, domain->denial);
588  denial_cleanup(denial);
589  domain->denial = NULL;
590  }
591  return;
592 }
593 
594 
599 static void
600 namedb_del_nsec3_trigger(namedb_type* db, domain_type* domain,
601  nsec3params_type* n3p)
602 {
603  ldns_rr_type dstatus = LDNS_RR_TYPE_FIRST;
604  denial_type* denial = NULL;
605  ods_log_assert(db);
606  ods_log_assert(n3p);
607  ods_log_assert(domain);
608  ods_log_assert(domain->denial);
609  dstatus = domain_is_occluded(domain);
610  if (dstatus == LDNS_RR_TYPE_DNAME || dstatus == LDNS_RR_TYPE_A ||
611  domain_is_empty_terminal(domain)) {
612  /* domain has become occluded/glue */
613  denial_diff((denial_type*) domain->denial);
614  denial = namedb_del_denial(db, domain->denial);
615  denial_cleanup(denial);
616  domain->denial = NULL;
617  } else if (n3p->flags) {
618  dstatus = domain_is_delegpt(domain);
619  /* If Opt-Out is being used, owner names of unsigned delegations
620  MAY be excluded. */
621  if (dstatus == LDNS_RR_TYPE_NS || domain_ent2unsignedns(domain)) {
622  denial_diff((denial_type*) domain->denial);
623  denial = namedb_del_denial(db, domain->denial);
624  denial_cleanup(denial);
625  domain->denial = NULL;
626  }
627  }
628  return;
629 }
630 
631 
636 static int
637 namedb_del_denial_trigger(namedb_type* db, domain_type* domain, int rollback)
638 {
639  domain_type* parent = NULL;
640  zone_type* zone = NULL;
641  unsigned is_deleted = 0;
642  ods_log_assert(db);
643  ods_log_assert(domain);
644  ods_log_assert(domain->dname);
645  zone = (void*) domain->zone;
646  ods_log_assert(zone);
647  ods_log_assert(zone->signconf);
648  while(domain) {
649  if (!rollback) {
650  if (domain->denial) {
651  if (zone->signconf->nsec_type == LDNS_RR_TYPE_NSEC) {
652  namedb_del_nsec_trigger(db, domain);
653  } else {
655  LDNS_RR_TYPE_NSEC3);
656  namedb_del_nsec3_trigger(db, domain,
657  zone->signconf->nsec3params);
658  }
659  }
660  }
661  parent = domain->parent;
662  if (domain_can_be_deleted(domain)) {
663  /* -DOMAIN */
664  domain = namedb_del_domain(db, domain);
665  domain_cleanup(domain);
666  is_deleted = 1;
667  }
668  /* continue with parent */
669  domain = parent;
670  }
671  return is_deleted;
672 }
673 
674 
679 static ldns_rdf*
680 dname_hash(ldns_rdf* dname, ldns_rdf* apex, nsec3params_type* nsec3params)
681 {
682  ldns_rdf* hashed_ownername = NULL;
683  ldns_rdf* hashed_label = NULL;
684  ods_log_assert(dname);
685  ods_log_assert(apex);
686  ods_log_assert(nsec3params);
691  hashed_label = ldns_nsec3_hash_name(dname, nsec3params->algorithm,
692  nsec3params->iterations, nsec3params->salt_len,
693  nsec3params->salt_data);
694  if (!hashed_label) {
695  return NULL;
696  }
697  hashed_ownername = ldns_dname_cat_clone((const ldns_rdf*) hashed_label,
698  (const ldns_rdf*) apex);
699  if (!hashed_ownername) {
700  return NULL;
701  }
702  ldns_rdf_deep_free(hashed_label);
703  return hashed_ownername;
704 }
705 
706 
712 namedb_add_denial(namedb_type* db, ldns_rdf* dname, nsec3params_type* n3p)
713 {
714  zone_type* z = NULL;
715  ldns_rbnode_t* new_node = LDNS_RBTREE_NULL;
716  ldns_rbnode_t* pnode = LDNS_RBTREE_NULL;
717  ldns_rdf* owner = NULL;
718  denial_type* denial = NULL;
719  denial_type* pdenial = NULL;
720 
721  ods_log_assert(db);
722  ods_log_assert(db->denials);
723  ods_log_assert(dname);
724  /* nsec or nsec3 */
725  if (n3p) {
726  z = (zone_type*) db->zone;
727  owner = dname_hash(dname, z->apex, n3p);
728  } else {
729  owner = ldns_rdf_clone(dname);
730  }
731  if (!owner) {
732  ods_log_error("[%s] unable to add denial: create owner failed",
733  db_str);
734  return NULL;
735  }
736  denial = denial_create(db->zone, owner);
737  if (!denial) {
738  ods_log_error("[%s] unable to add denial: denial_create() failed",
739  db_str);
740  return NULL;
741  }
742  new_node = denial2node(denial);
743  if (!new_node) {
744  ods_log_error("[%s] unable to add denial: denial2node() failed",
745  db_str);
746  return NULL;
747  }
748  if (!ldns_rbtree_insert(db->denials, new_node)) {
749  ods_log_error("[%s] unable to add denial: already present", db_str);
750  log_dname(denial->dname, "ERR +DENIAL", LOG_ERR);
751  denial_cleanup(denial);
752  free((void*)new_node);
753  return NULL;
754  }
755  /* denial of existence data point added */
756  denial = (denial_type*) new_node->data;
757  denial->node = new_node;
758  denial->nxt_changed = 1;
759  pnode = ldns_rbtree_previous(new_node);
760  if (!pnode || pnode == LDNS_RBTREE_NULL) {
761  pnode = ldns_rbtree_last(db->denials);
762  }
763  ods_log_assert(pnode);
764  pdenial = (denial_type*) pnode->data;
765  ods_log_assert(pdenial);
766  pdenial->nxt_changed = 1;
767  log_dname(denial->dname, "+DENIAL", LOG_DEEEBUG);
768  return denial;
769 }
770 
771 
778 {
779  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
780  ldns_rbnode_t* pnode = LDNS_RBTREE_NULL;
781  denial_type* pdenial = NULL;
782 
783  if (!denial || !db || !db->denials) {
784  return NULL;
785  }
786  if (denial->rrset && denial->rrset->rr_count) {
787  ods_log_error("[%s] unable to delete denial: denial in use [#%u]",
788  db_str, denial->rrset->rr_count);
789  log_dname(denial->dname, "ERR -DENIAL", LOG_ERR);
790  return NULL;
791  }
792  pnode = ldns_rbtree_previous(denial->node);
793  if (!pnode || pnode == LDNS_RBTREE_NULL) {
794  pnode = ldns_rbtree_last(db->denials);
795  }
796  ods_log_assert(pnode);
797  pdenial = (denial_type*) pnode->data;
798  ods_log_assert(pdenial);
799  node = ldns_rbtree_delete(db->denials, (const void*)denial->dname);
800  if (!node) {
801  ods_log_error("[%s] unable to delete denial: not found", db_str);
802  log_dname(denial->dname, "ERR -DENIAL", LOG_ERR);
803  return NULL;
804  }
805  ods_log_assert(denial->node == node);
806  pdenial->nxt_changed = 1;
807  free((void*)node);
808  denial->domain = NULL;
809  denial->node = NULL;
810  log_dname(denial->dname, "-DENIAL", LOG_DEEEBUG);
811  return denial;
812 }
813 
814 
819 void
820 namedb_diff(namedb_type* db, unsigned is_ixfr, unsigned more_coming)
821 {
822  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
823  domain_type* domain = NULL;
824  if (!db || !db->domains) {
825  return;
826  }
827  node = ldns_rbtree_first(db->domains);
828  if (!node || node == LDNS_RBTREE_NULL) {
829  return;
830  }
831  while (node && node != LDNS_RBTREE_NULL) {
832  domain = (domain_type*) node->data;
833  node = ldns_rbtree_next(node);
834  domain_diff(domain, is_ixfr, more_coming);
835  }
836  node = ldns_rbtree_first(db->domains);
837  if (!node || node == LDNS_RBTREE_NULL) {
838  return;
839  }
840  while (node && node != LDNS_RBTREE_NULL) {
841  domain = (domain_type*) node->data;
842  node = ldns_rbtree_next(node);
843  if (!namedb_del_denial_trigger(db, domain, 0)) {
844  /* del_denial did not delete domain */
845  namedb_add_denial_trigger(db, domain);
846  }
847  }
848  return;
849 }
850 
851 
856 void
857 namedb_rollback(namedb_type* db, unsigned keepsc)
858 {
859  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
860  domain_type* domain = NULL;
861  if (!db || !db->domains) {
862  return;
863  }
864  node = ldns_rbtree_first(db->domains);
865  if (!node || node == LDNS_RBTREE_NULL) {
866  return;
867  }
868  while (node && node != LDNS_RBTREE_NULL) {
869  domain = (domain_type*) node->data;
870  node = ldns_rbtree_next(node);
871  domain_rollback(domain, keepsc);
872  (void) namedb_del_denial_trigger(db, domain, 1);
873  }
874  return;
875 }
876 
877 
882 void
883 namedb_nsecify(namedb_type* db, uint32_t* num_added)
884 {
885  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
886  ldns_rbnode_t* nxt_node = LDNS_RBTREE_NULL;
887  denial_type* denial = NULL;
888  denial_type* nxt = NULL;
889  uint32_t nsec_added = 0;
890  ods_log_assert(db);
891  node = ldns_rbtree_first(db->denials);
892  while (node && node != LDNS_RBTREE_NULL) {
893  denial = (denial_type*) node->data;
894  nxt_node = ldns_rbtree_next(node);
895  if (!nxt_node || nxt_node == LDNS_RBTREE_NULL) {
896  nxt_node = ldns_rbtree_first(db->denials);
897  }
898  nxt = (denial_type*) nxt_node->data;
899  denial_nsecify(denial, nxt, &nsec_added);
900  node = ldns_rbtree_next(node);
901  }
902  if (num_added) {
903  *num_added = nsec_added;
904  }
905  return;
906 }
907 
908 
915 {
916  ods_status status = ODS_STATUS_OK;
917  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
918  domain_type* domain = NULL;
919  rrset_type* rrset = NULL;
920 /*
921  ldns_rr_type dstatus = LDNS_RR_TYPE_FIRST;
922  ldns_rr_type delegpt = LDNS_RR_TYPE_FIRST;
923 */
924 
925  if (!db || !db->domains) {
926  /* no db, no error */
927  return ODS_STATUS_OK;
928  }
929  if (db->domains->root != LDNS_RBTREE_NULL) {
930  node = ldns_rbtree_first(db->domains);
931  }
932  while (node && node != LDNS_RBTREE_NULL) {
933  domain = (domain_type*) node->data;
934  rrset = domain_lookup_rrset(domain, LDNS_RR_TYPE_CNAME);
935  if (rrset) {
936  /* Thou shall not have other data next to CNAME */
937  if (domain_count_rrset_is_added(domain) > 1 &&
938  rrset_count_rr_is_added(rrset) > 0) {
939  log_rrset(domain->dname, rrset->rrtype,
940  "CNAME and other data at the same name", LOG_ERR);
942  }
943  /* Thou shall have at most one CNAME per name */
944  if (rrset_count_rr_is_added(rrset) > 1) {
945  log_rrset(domain->dname, rrset->rrtype,
946  "multiple CNAMEs at the same name", LOG_ERR);
948  }
949  }
950  rrset = domain_lookup_rrset(domain, LDNS_RR_TYPE_DNAME);
951  if (rrset) {
952  /* Thou shall have at most one DNAME per name */
953  if (rrset_count_rr_is_added(rrset) > 1) {
954  log_rrset(domain->dname, rrset->rrtype,
955  "multiple DNAMEs at the same name", LOG_ERR);
957  }
958  }
959 /*
960  dstatus = domain_is_occluded(domain);
961  delegpt = domain_is_delegpt(domain);
962 */
963  /* Thou shall not have occluded data in your zone file */
964  node = ldns_rbtree_next(node);
965  }
966  return status;
967 }
968 
969 
974 void
976 {
977  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
978  denial_type* denial = NULL;
979  zone_type* zone = NULL;
980  size_t i = 0;
981 
982  if (db && db->denials) {
983  zone = (zone_type*) db->zone;
984  ods_log_assert(zone);
985  ods_log_assert(zone->name);
986  ods_log_debug("[%s] wipe denial of existence space zone %s", db_str,
987  zone->name);
988  node = ldns_rbtree_first(db->denials);
989  while (node && node != LDNS_RBTREE_NULL) {
990  denial = (denial_type*) node->data;
991  if (!denial->rrset) {
992  node = ldns_rbtree_next(node);
993  continue;
994  }
995  for (i=0; i < denial->rrset->rr_count; i++) {
996  if (denial->rrset->rrs[i].exists) {
997  /* ixfr -RR */
998  lock_basic_lock(&zone->ixfr->ixfr_lock);
999  ixfr_del_rr(zone->ixfr, denial->rrset->rrs[i].rr);
1000  lock_basic_unlock(&zone->ixfr->ixfr_lock);
1001  }
1002  denial->rrset->rrs[i].exists = 0;
1003  rrset_del_rr(denial->rrset, i);
1004  i--;
1005  }
1006  for (i=0; i < denial->rrset->rrsig_count; i++) {
1007  /* ixfr -RRSIG */
1008  lock_basic_lock(&zone->ixfr->ixfr_lock);
1009  ixfr_del_rr(zone->ixfr, denial->rrset->rrsigs[i].rr);
1010  lock_basic_unlock(&zone->ixfr->ixfr_lock);
1011  rrset_del_rrsig(denial->rrset, i);
1012  i--;
1013  }
1014  rrset_cleanup(denial->rrset);
1015  denial->rrset = NULL;
1016  node = ldns_rbtree_next(node);
1017  }
1018  }
1019  return;
1020 }
1021 
1022 
1027 void
1028 namedb_export(FILE* fd, namedb_type* db, ods_status* status)
1029 {
1030  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
1031  domain_type* domain = NULL;
1032  if (!fd || !db || !db->domains) {
1033  if (status) {
1034  ods_log_error("[%s] unable to export namedb: file descriptor "
1035  "or name database missing", db_str);
1036  *status = ODS_STATUS_ASSERT_ERR;
1037  }
1038  return;
1039  }
1040  node = ldns_rbtree_first(db->domains);
1041  if (!node || node == LDNS_RBTREE_NULL) {
1042  fprintf(fd, "; empty zone\n");
1043  if (status) {
1044  *status = ODS_STATUS_OK;
1045  }
1046  return;
1047  }
1048  while (node && node != LDNS_RBTREE_NULL) {
1049  domain = (domain_type*) node->data;
1050  if (domain) {
1051  domain_print(fd, domain, status);
1052  }
1053  node = ldns_rbtree_next(node);
1054  }
1055  return;
1056 }
1057 
1058 
1063 static void
1064 domain_delfunc(ldns_rbnode_t* elem)
1065 {
1066  domain_type* domain = NULL;
1067  if (elem && elem != LDNS_RBTREE_NULL) {
1068  domain = (domain_type*) elem->data;
1069  domain_delfunc(elem->left);
1070  domain_delfunc(elem->right);
1071  domain_cleanup(domain);
1072  free((void*)elem);
1073  }
1074  return;
1075 }
1076 
1077 
1082 static void
1083 denial_delfunc(ldns_rbnode_t* elem)
1084 {
1085  denial_type* denial = NULL;
1086  domain_type* domain = NULL;
1087  if (elem && elem != LDNS_RBTREE_NULL) {
1088  denial = (denial_type*) elem->data;
1089  denial_delfunc(elem->left);
1090  denial_delfunc(elem->right);
1091  domain = (domain_type*) denial->domain;
1092  if (domain) {
1093  domain->denial = NULL;
1094  }
1095  denial_cleanup(denial);
1096  free((void*)elem);
1097  }
1098  return;
1099 }
1100 
1101 
1106 static void
1107 namedb_cleanup_domains(namedb_type* db)
1108 {
1109  if (db && db->domains) {
1110  domain_delfunc(db->domains->root);
1111  ldns_rbtree_free(db->domains);
1112  db->domains = NULL;
1113  }
1114  return;
1115 }
1116 
1117 
1122 void
1124 {
1125  if (db && db->denials) {
1126  denial_delfunc(db->denials->root);
1127  ldns_rbtree_free(db->denials);
1128  db->denials = NULL;
1129  }
1130  return;
1131 }
1132 
1133 
1138 void
1140 {
1141  zone_type* z = NULL;
1142  if (!db) {
1143  return;
1144  }
1145  z = (zone_type*) db->zone;
1146  if (!z || !z->allocator) {
1147  return;
1148  }
1150  namedb_cleanup_domains(db);
1151  allocator_deallocate(z->allocator, (void*) db);
1152  return;
1153 }
1154 
1155 
1160 void
1162 {
1163  ldns_rbnode_t* node = LDNS_RBTREE_NULL;
1164  domain_type* domain = NULL;
1165  denial_type* denial = NULL;
1166  if (!fd || !db) {
1167  return;
1168  }
1169  node = ldns_rbtree_first(db->domains);
1170  while (node && node != LDNS_RBTREE_NULL) {
1171  domain = (domain_type*) node->data;
1172  domain_backup2(fd, domain, 0);
1173  node = ldns_rbtree_next(node);
1174  }
1175  fprintf(fd, ";\n");
1176  node = ldns_rbtree_first(db->denials);
1177  while (node && node != LDNS_RBTREE_NULL) {
1178  denial = (denial_type*) node->data;
1179  if (denial->rrset) {
1180  rrset_print(fd, denial->rrset, 1, NULL);
1181  }
1182  node = ldns_rbtree_next(node);
1183  }
1184  fprintf(fd, ";\n");
1185  /* signatures */
1186  node = ldns_rbtree_first(db->domains);
1187  while (node && node != LDNS_RBTREE_NULL) {
1188  domain = (domain_type*) node->data;
1189  domain_backup2(fd, domain, 1);
1190  node = ldns_rbtree_next(node);
1191  }
1192  node = ldns_rbtree_first(db->denials);
1193  while (node && node != LDNS_RBTREE_NULL) {
1194  denial = (denial_type*) node->data;
1195  if (denial->rrset) {
1196  rrset_backup2(fd, denial->rrset);
1197  }
1198  node = ldns_rbtree_next(node);
1199  }
1200  fprintf(fd, ";\n");
1201  return;
1202 }