1 |
|
/* |
2 |
< |
* Copyright (C) 2008-2012 Internet Systems Consortium, Inc. ("ISC") |
2 |
> |
* Copyright (C) 2008-2012, 2014, 2015 Internet Systems Consortium, Inc. ("ISC") |
3 |
|
* |
4 |
|
* Permission to use, copy, modify, and/or distribute this software for any |
5 |
|
* purpose with or without fee is hereby granted, provided that the above |
14 |
|
* PERFORMANCE OF THIS SOFTWARE. |
15 |
|
*/ |
16 |
|
|
17 |
– |
/* $Id: dnssec-dsfromkey.c,v 1.19.14.2 2011/09/05 23:45:53 tbox Exp $ */ |
18 |
– |
|
17 |
|
/*! \file */ |
18 |
|
|
19 |
|
#include <config.h> |
29 |
|
#include <isc/string.h> |
30 |
|
#include <isc/util.h> |
31 |
|
|
32 |
+ |
#include <dns/callbacks.h> |
33 |
|
#include <dns/db.h> |
34 |
|
#include <dns/dbiterator.h> |
35 |
|
#include <dns/ds.h> |
36 |
|
#include <dns/fixedname.h> |
38 |
– |
#include <dns/log.h> |
37 |
|
#include <dns/keyvalues.h> |
38 |
+ |
#include <dns/log.h> |
39 |
|
#include <dns/master.h> |
40 |
|
#include <dns/name.h> |
41 |
|
#include <dns/rdata.h> |
60 |
|
static dns_fixedname_t fixed; |
61 |
|
static dns_name_t *name = NULL; |
62 |
|
static isc_mem_t *mctx = NULL; |
63 |
+ |
static isc_uint32_t ttl; |
64 |
+ |
static isc_boolean_t emitttl = ISC_FALSE; |
65 |
|
|
66 |
|
static isc_result_t |
67 |
|
initname(char *setname) { |
77 |
|
return (result); |
78 |
|
} |
79 |
|
|
80 |
+ |
static void |
81 |
+ |
db_load_from_stream(dns_db_t *db, FILE *fp) { |
82 |
+ |
isc_result_t result; |
83 |
+ |
dns_rdatacallbacks_t callbacks; |
84 |
+ |
|
85 |
+ |
dns_rdatacallbacks_init(&callbacks); |
86 |
+ |
result = dns_db_beginload(db, &callbacks.add, &callbacks.add_private); |
87 |
+ |
if (result != ISC_R_SUCCESS) |
88 |
+ |
fatal("dns_db_beginload failed: %s", isc_result_totext(result)); |
89 |
+ |
|
90 |
+ |
result = dns_master_loadstream(fp, name, name, rdclass, 0, |
91 |
+ |
&callbacks, mctx); |
92 |
+ |
if (result != ISC_R_SUCCESS) |
93 |
+ |
fatal("can't load from input: %s", isc_result_totext(result)); |
94 |
+ |
|
95 |
+ |
result = dns_db_endload(db, &callbacks.add_private); |
96 |
+ |
if (result != ISC_R_SUCCESS) |
97 |
+ |
fatal("dns_db_endload failed: %s", isc_result_totext(result)); |
98 |
+ |
} |
99 |
+ |
|
100 |
|
static isc_result_t |
101 |
< |
loadsetfromfile(char *filename, dns_rdataset_t *rdataset) { |
101 |
> |
loadset(const char *filename, dns_rdataset_t *rdataset) { |
102 |
|
isc_result_t result; |
103 |
|
dns_db_t *db = NULL; |
104 |
|
dns_dbnode_t *node = NULL; |
111 |
|
if (result != ISC_R_SUCCESS) |
112 |
|
fatal("can't create database"); |
113 |
|
|
114 |
< |
result = dns_db_load(db, filename); |
115 |
< |
if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE) |
116 |
< |
fatal("can't load %s: %s", filename, isc_result_totext(result)); |
114 |
> |
if (strcmp(filename, "-") == 0) { |
115 |
> |
db_load_from_stream(db, stdin); |
116 |
> |
filename = "input"; |
117 |
> |
} else { |
118 |
> |
result = dns_db_load(db, filename); |
119 |
> |
if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE) |
120 |
> |
fatal("can't load %s: %s", filename, |
121 |
> |
isc_result_totext(result)); |
122 |
> |
} |
123 |
|
|
124 |
|
result = dns_db_findnode(db, name, ISC_FALSE, &node); |
125 |
|
if (result != ISC_R_SUCCESS) |
168 |
|
return (ISC_R_NOSPACE); |
169 |
|
isc_buffer_putuint8(&buf, 0); |
170 |
|
|
171 |
< |
return (loadsetfromfile(filename, rdataset)); |
171 |
> |
return (loadset(filename, rdataset)); |
172 |
|
} |
173 |
|
|
174 |
|
static void |
238 |
|
|
239 |
|
static void |
240 |
|
emit(unsigned int dtype, isc_boolean_t showall, char *lookaside, |
241 |
< |
dns_rdata_t *rdata) |
241 |
> |
isc_boolean_t cds, dns_rdata_t *rdata) |
242 |
|
{ |
243 |
|
isc_result_t result; |
244 |
|
unsigned char buf[DNS_DS_BUFFERSIZE]; |
283 |
|
} |
284 |
|
} |
285 |
|
|
286 |
< |
result = dns_rdata_totext(&ds, (dns_name_t *) NULL, &textb); |
286 |
> |
result = dns_rdata_tofmttext(&ds, (dns_name_t *) NULL, 0, 0, 0, "", |
287 |
> |
&textb); |
288 |
> |
|
289 |
|
if (result != ISC_R_SUCCESS) |
290 |
|
fatal("can't print rdata"); |
291 |
|
|
296 |
|
isc_buffer_usedregion(&nameb, &r); |
297 |
|
printf("%.*s ", (int)r.length, r.base); |
298 |
|
|
299 |
+ |
if (emitttl) |
300 |
+ |
printf("%u ", ttl); |
301 |
+ |
|
302 |
|
isc_buffer_usedregion(&classb, &r); |
303 |
|
printf("%.*s", (int)r.length, r.base); |
304 |
|
|
305 |
< |
if (lookaside == NULL) |
306 |
< |
printf(" DS "); |
307 |
< |
else |
305 |
> |
if (lookaside == NULL) { |
306 |
> |
if (cds) |
307 |
> |
printf(" CDS "); |
308 |
> |
else |
309 |
> |
printf(" DS "); |
310 |
> |
} else |
311 |
|
printf(" DLV "); |
312 |
|
|
313 |
|
isc_buffer_usedregion(&textb, &r); |
328 |
|
fprintf(stderr, "Version: %s\n", VERSION); |
329 |
|
fprintf(stderr, "Options:\n"); |
330 |
|
fprintf(stderr, " -v <verbose level>\n"); |
331 |
+ |
fprintf(stderr, " -V: print version information\n"); |
332 |
|
fprintf(stderr, " -K <directory>: directory in which to find " |
333 |
|
"key file or keyset file\n"); |
334 |
|
fprintf(stderr, " -a algorithm: digest algorithm " |
335 |
|
"(SHA-1, SHA-256, GOST or SHA-384)\n"); |
336 |
|
fprintf(stderr, " -1: use SHA-1\n"); |
337 |
|
fprintf(stderr, " -2: use SHA-256\n"); |
338 |
+ |
fprintf(stderr, " -C: print CDS record\n"); |
339 |
|
fprintf(stderr, " -l: add lookaside zone and print DLV records\n"); |
340 |
|
fprintf(stderr, " -s: read keyset from keyset-<dnsname> file\n"); |
341 |
|
fprintf(stderr, " -c class: rdata class for DS set (default: IN)\n"); |
342 |
+ |
fprintf(stderr, " -T TTL\n"); |
343 |
|
fprintf(stderr, " -f file: read keyset from zone file\n"); |
344 |
|
fprintf(stderr, " -A: when used with -f, " |
345 |
|
"include all keys in DS set, not just KSKs\n"); |
356 |
|
char *endp; |
357 |
|
int ch; |
358 |
|
unsigned int dtype = DNS_DSDIGEST_SHA1; |
359 |
+ |
isc_boolean_t cds = ISC_FALSE; |
360 |
|
isc_boolean_t both = ISC_TRUE; |
361 |
|
isc_boolean_t usekeyset = ISC_FALSE; |
362 |
|
isc_boolean_t showall = ISC_FALSE; |
379 |
|
|
380 |
|
isc_commandline_errprint = ISC_FALSE; |
381 |
|
|
382 |
< |
while ((ch = isc_commandline_parse(argc, argv, |
383 |
< |
"12Aa:c:d:Ff:K:l:sv:h")) != -1) { |
382 |
> |
#define OPTIONS "12Aa:Cc:d:Ff:K:l:sT:v:hV" |
383 |
> |
while ((ch = isc_commandline_parse(argc, argv, OPTIONS)) != -1) { |
384 |
|
switch (ch) { |
385 |
|
case '1': |
386 |
|
dtype = DNS_DSDIGEST_SHA1; |
397 |
|
algname = isc_commandline_argument; |
398 |
|
both = ISC_FALSE; |
399 |
|
break; |
400 |
+ |
case 'C': |
401 |
+ |
if (lookaside != NULL) |
402 |
+ |
fatal("lookaside and CDS are mutually" |
403 |
+ |
" exclusive"); |
404 |
+ |
cds = ISC_TRUE; |
405 |
+ |
break; |
406 |
|
case 'c': |
407 |
|
classname = isc_commandline_argument; |
408 |
|
break; |
419 |
|
filename = isc_commandline_argument; |
420 |
|
break; |
421 |
|
case 'l': |
422 |
+ |
if (cds) |
423 |
+ |
fatal("lookaside and CDS are mutually" |
424 |
+ |
" exclusive"); |
425 |
|
lookaside = isc_commandline_argument; |
426 |
|
if (strlen(lookaside) == 0U) |
427 |
|
fatal("lookaside must be a non-empty string"); |
429 |
|
case 's': |
430 |
|
usekeyset = ISC_TRUE; |
431 |
|
break; |
432 |
+ |
case 'T': |
433 |
+ |
emitttl = ISC_TRUE; |
434 |
+ |
ttl = atol(isc_commandline_argument); |
435 |
+ |
break; |
436 |
|
case 'v': |
437 |
|
verbose = strtol(isc_commandline_argument, &endp, 0); |
438 |
|
if (*endp != '\0') |
447 |
|
program, isc_commandline_option); |
448 |
|
/* FALLTHROUGH */ |
449 |
|
case 'h': |
450 |
+ |
/* Does not return. */ |
451 |
|
usage(); |
452 |
|
|
453 |
+ |
case 'V': |
454 |
+ |
/* Does not return. */ |
455 |
+ |
version(program); |
456 |
+ |
|
457 |
|
default: |
458 |
|
fprintf(stderr, "%s: unhandled option -%c\n", |
459 |
|
program, isc_commandline_option); |
505 |
|
isc_result_totext(result)); |
506 |
|
isc_entropy_stopcallbacksources(ectx); |
507 |
|
|
508 |
< |
setup_logging(verbose, mctx, &log); |
508 |
> |
setup_logging(mctx, &log); |
509 |
|
|
510 |
|
dns_rdataset_init(&rdataset); |
511 |
|
|
523 |
|
if (usekeyset) |
524 |
|
result = loadkeyset(dir, &rdataset); |
525 |
|
else |
526 |
< |
result = loadsetfromfile(filename, &rdataset); |
526 |
> |
result = loadset(filename, &rdataset); |
527 |
|
|
528 |
|
if (result != ISC_R_SUCCESS) |
529 |
|
fatal("could not load DNSKEY set: %s\n", |
540 |
|
|
541 |
|
if (both) { |
542 |
|
emit(DNS_DSDIGEST_SHA1, showall, lookaside, |
543 |
< |
&rdata); |
543 |
> |
cds, &rdata); |
544 |
|
emit(DNS_DSDIGEST_SHA256, showall, lookaside, |
545 |
< |
&rdata); |
545 |
> |
cds, &rdata); |
546 |
|
} else |
547 |
< |
emit(dtype, showall, lookaside, &rdata); |
547 |
> |
emit(dtype, showall, lookaside, cds, &rdata); |
548 |
|
} |
549 |
|
} else { |
550 |
|
unsigned char key_buf[DST_KEY_MAXSIZE]; |
553 |
|
DST_KEY_MAXSIZE, &rdata); |
554 |
|
|
555 |
|
if (both) { |
556 |
< |
emit(DNS_DSDIGEST_SHA1, showall, lookaside, &rdata); |
557 |
< |
emit(DNS_DSDIGEST_SHA256, showall, lookaside, &rdata); |
556 |
> |
emit(DNS_DSDIGEST_SHA1, showall, lookaside, cds, |
557 |
> |
&rdata); |
558 |
> |
emit(DNS_DSDIGEST_SHA256, showall, lookaside, cds, |
559 |
> |
&rdata); |
560 |
|
} else |
561 |
< |
emit(dtype, showall, lookaside, &rdata); |
561 |
> |
emit(dtype, showall, lookaside, cds, &rdata); |
562 |
|
} |
563 |
|
|
564 |
|
if (dns_rdataset_isassociated(&rdataset)) |