Changes - j0ke.net Open Build Service

@@ -1,3 +1,35 @@ +1.6.10 + * New example tool added: ldns-gen-zone. + * bugfix #359: Serial-arithmetic for the inception and expiration + fields of a RRSIG and correctly converting them to broken-out time + information. + * bugfix #364: Slight performance increase of ldns-verifyzone. + * bugfix #367: Fix to allow glue records with the same name as the + delegation. + * Fix ldns-verifyzone to allow NSEC3-less records for NS rrsets *and* + glue when the zone is opt-out. + * bugfix #376: Adapt ldns_nsec3_salt, ldns_nsec3_iterations, + ldns_nsec3_flags and ldns_nsec3_algorithm to work for NSEC3PARAMS too. + * pyldns memory leaks fixed by Bedrich Kosata (at the cost of a bit + performance) + * Better handling of reference variables in ldns_rr_new_frm_fp_l from + pyldns, with a very nice generator function by Bedrich Kosata. + * Decoupling of the rdfs in rrs in the python wrappers to enable + the python garbage collector by Bedrich Kosata. + * bugfix #380: Minimizing effect of discrepancies in sizeof(bool) at + build time and when used. + * bugfix #383: Fix detection of empty nonterminals of multiple labels. + * Fixed the ommission of rrsets in nsec(3)s and rrsigs to all occluded + names (in stead of just the ones that contain glue only) and all + occluded records on the delegation points (in stead of just the glue). + * Clarify the operation of ldns_dnssec_mark_glue and the usage of + ldns_dnssec_node_next_nonglue functions in the documentation. + * Added function ldns_dnssec_mark_and_get_glue as an real fast + alternative for ldns_zone_glue_rr_list. + * Fix parse buffer overflow for max length domain names. + * Fix Makefile for U in environment, since wrong U is more common than + deansification necessity. + 1.6.9 2011-03-16 * Fix creating NSEC(3) bitmaps: make array size 65536, don't add doubles.

@@ -32,6 +32,10 @@ libtool = $(glibtool) endif +# override $U variable which is used by autotools for deansification (for +# K&R C compilers), but causes problems if $U is defined in the env). +U= + CC = @CC@ ifeq "$(srcdir)" "." CPPFLAGS = $(strip -I. @CPPFLAGS@ @DEFS@) @@ -44,6 +48,7 @@ LIBOBJS = @LIBOBJS@ PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@ PYTHON_LDFLAGS = @PYTHON_LDFLAGS@ +PYTHON_X_CFLAGS = @PYTHON_X_CFLAGS@ LIBSSL_CPPFLAGS = @LIBSSL_CPPFLAGS@ LIBSSL_LDFLAGS = @LIBSSL_LDFLAGS@ LIBSSL_LIBS = @LIBSSL_LIBS@ @@ -56,7 +61,7 @@ LINTFLAGS=+quiet -weak -warnposix -unrecog -Din_addr_t=uint32_t -Du_int=unsigned -Du_char=uint8_t -preproc -Drlimit=rlimit64 -D__gnuc_va_list=va_list #-Dglob64=glob -Dglobfree64=globfree # compat with openssl linux edition. -LINTFLAGS+="-DBN_ULONG=unsigned long" -Dkrb5_int32=int "-Dkrb5_ui_4=unsigned int" -DPQ_64BIT=uint64_t -DRC4_INT=unsigned -fixedformalarray -D"ENGINE=unsigned" -D"RSA=unsigned" -D"DSA=unsigned" -D"EVP_PKEY=unsigned" -D"EVP_MD=unsigned" -D"SSL=unsigned" -D"SSL_CTX=unsigned" -D"X509=unsigned" -D"RC4_KEY=unsigned" -D"EVP_MD_CTX=unsigned" -D"EC_KEY=unsigned" -D"EC_POINT=unsigned" -D"EC_GROUP=unsigned" +LINTFLAGS+="-DBN_ULONG=unsigned long" -Dkrb5_int32=int "-Dkrb5_ui_4=unsigned int" -DPQ_64BIT=uint64_t -DRC4_INT=unsigned -fixedformalarray -D"ENGINE=unsigned" -D"RSA=unsigned" -D"DSA=unsigned" -D"EVP_PKEY=unsigned" -D"EVP_MD=unsigned" -D"SSL=unsigned" -D"SSL_CTX=unsigned" -D"X509=unsigned" -D"RC4_KEY=unsigned" -D"EVP_MD_CTX=unsigned" -D"EC_KEY=unsigned" -D"EC_POINT=unsigned" -D"EC_GROUP=unsigned" -D"EVP_PKEY_ASN1_METHOD=struct evp_pkey_asn1_method_st" -D"EVP_PKEY_CTX=struct evp_pkey_ctx_st" # compat with NetBSD ifeq "$(shell uname)" "NetBSD" LINTFLAGS+="-D__RENAME(x)=" -D_NETINET_IN_H_ @@ -76,7 +81,6 @@ sha1.c sha2.c LIBDNS_HEADERS = $(srcdir)/ldns/error.h \ $(srcdir)/ldns/packet.h \ - $(srcdir)/ldns/common.h \ $(srcdir)/ldns/rdata.h \ $(srcdir)/ldns/rr.h \ $(srcdir)/ldns/wire2host.h \ @@ -111,7 +115,7 @@ LINK = $(CC) $(strip $(CFLAGS) $(LDFLAGS) $(LIBS)) LINK_LIB = $(LIBTOOL) --mode=link $(CC) $(strip $(CFLAGS) $(LDFLAGS) $(LIBS) -version-number $(version_info) -no-undefined) -%.o: $(srcdir)/%.c $(LIBDNS_HEADERS) ldns/net.h ldns/util.h ldns/config.h +%.o: $(srcdir)/%.c $(LIBDNS_HEADERS) ldns/common.h ldns/net.h ldns/util.h ldns/config.h $(COMP_LIB) $(LIBSSL_CPPFLAGS) -c $< .PHONY: clean realclean docclean manpages doc lint all lib pyldns test @@ -120,7 +124,7 @@ all: copy-headers lib linktest manpages @PYLDNS@ -linktest: $(srcdir)/linktest.c $(LIBDNS_HEADERS) ldns/net.h ldns/util.h ldns/config.h libldns.la +linktest: $(srcdir)/linktest.c $(LIBDNS_HEADERS) ldns/common.h ldns/net.h ldns/util.h ldns/config.h libldns.la $(LIBTOOL) --mode=link $(CC) $(srcdir)/linktest.c $(CPPFLAGS) $(LIBSSL_CPPFLAGS) $(CFLAGS) -lldns $(LIBS) -o linktest lib: libldns.la @@ -140,12 +144,12 @@ @if [ ! -d include/ldns ] ; then (cd include; ln -s ../ldns ./ldns || echo "include/ldns exists") ; fi ; $(INSTALL) -c -m 644 $< ./include/ldns/ -include/ldns/util.h include/ldns/net.h include/ldns/config.h: include/ldns/%.h: ./ldns/%.h +include/ldns/util.h include/ldns/common.h include/ldns/net.h include/ldns/config.h: include/ldns/%.h: ./ldns/%.h @if [ ! -d include ] ; then ($(INSTALL) -d include || echo "include exists") ; fi ; @if [ ! -d include/ldns ] ; then (cd include; ln -s ../ldns ./ldns || echo "include/ldns exists") ; fi ; $(INSTALL) -c -m 644 $< ./include/ldns/ -copy-headers: $(addprefix include/ldns/, $(notdir $(LIBDNS_HEADERS))) include/ldns/util.h include/ldns/net.h include/ldns/config.h +copy-headers: $(addprefix include/ldns/, $(notdir $(LIBDNS_HEADERS))) include/ldns/common.h include/ldns/util.h include/ldns/net.h include/ldns/config.h mancheck: sh -c 'find . -name \*.\[13\] -exec troff -z {} \;' 2>&1 | sed "s/^\.\///" | sed "s/$:[0\-9]\+:$/\1 warning:/g" @@ -167,18 +171,18 @@ pyldns: _ldns.la -$(pywrapdir)/ldns_wrapper.c: $(pywrapdir)/ldns.i $(wildcard $(pywrapdir)/*.i) $(LIBDNS_HEADERS) ldns/util.h ldns/config.h +$(pywrapdir)/ldns_wrapper.c: $(pywrapdir)/ldns.i $(wildcard $(pywrapdir)/*.i) $(LIBDNS_HEADERS) ldns/common.h ldns/util.h ldns/config.h $(swig) -python -o $@ $(CPPFLAGS) $(PYTHON_CPPFLAGS) $< -ldns_wrapper.lo: $(pywrapdir)/ldns_wrapper.c $(LIBDNS_HEADERS) ldns/util.h ldns/config.h - $(COMP_LIB) -I./include/ldns $(PYTHON_CPPFLAGS) -c $< -o $@ +ldns_wrapper.lo: $(pywrapdir)/ldns_wrapper.c $(LIBDNS_HEADERS) ldns/common.h ldns/util.h ldns/config.h + $(COMP_LIB) -I./include/ldns $(PYTHON_CPPFLAGS) $(PYTHON_X_CFLAGS) -c $< -o $@ _ldns.la: ldns_wrapper.lo libldns.la $(LIBTOOL) --tag=CC --mode=link $(CC) $(strip $(CFLAGS) $(PYTHON_CFLAGS) $(LDFLAGS) $(PYTHON_LDFLAGS) -module -version-number $(version_info) -no-undefined -o $@ $< -rpath $(python_site) -L. -L.libs -lldns $(LIBS)) install: install-h install-lib install-config install-manpages $(pyldns_inst) -uninstall: uninstall-manpages uninstall-h uninstall-lib $(pyldns_uninst) +uninstall: uninstall-manpages uninstall-config uninstall-h uninstall-lib $(pyldns_uninst) destclean: uninstall @@ -188,6 +192,12 @@ $(INSTALL) -c -m 755 packaging/ldns-config $(DESTDIR)$(bindir)/; \ fi +uninstall-config: + if [ $(INSTALL_LDNS_CONFIG) = "yes" ] ; then \ + rm -f $(DESTDIR)$(bindir)/ldns-config; \ + [ ! -d $(DESTDIR)$(bindir) ] || rmdir -p $(DESTDIR)$(bindir) || echo "ok, dir already gone"; \ + fi + install-manpages: manpages ${INSTALL} -d $(DESTDIR)$(mandir)/man3 for f in doc/man/man3/*; do \ @@ -203,12 +213,16 @@ $(INSTALL) -m 755 -d $(DESTDIR)$(includedir)/ldns for i in $(LIBDNS_HEADERS); do \ $(INSTALL) -c -m 644 $$i $(DESTDIR)$(includedir)/ldns/; done + $(INSTALL) -c -m 644 include/ldns/common.h $(DESTDIR)$(includedir)/ldns/ $(INSTALL) -c -m 644 include/ldns/util.h $(DESTDIR)$(includedir)/ldns/ $(INSTALL) -c -m 644 include/ldns/net.h $(DESTDIR)$(includedir)/ldns/ uninstall-h: for i in $(LIBDNS_HEADERS); do \ rm -f $(DESTDIR)$(includedir)/$$i; done + rm -f $(DESTDIR)$(includedir)/ldns/net.h + rm -f $(DESTDIR)$(includedir)/ldns/util.h + rm -f $(DESTDIR)$(includedir)/ldns/common.h [ ! -d $(DESTDIR)$(includedir)/ldns ] || rmdir -p $(DESTDI)$(includedir)/ldns || echo "ok, dir already gone" exit 0 @@ -255,6 +269,7 @@ rm -f ldns/config.h.in rm -f ldns/config.h rm -f ldns/util.h + rm -f ldns/common.h rm -f config.h.in rm -f configure rm -f config.sub @@ -275,7 +290,7 @@ $(LIBTOOL) --mode clean rm -f libldns.so $(LIBTOOL) --mode clean rm -f libldns.so.* $(LIBTOOL) --mode clean rm -f _ldns.la - rm -rf ldns/net.h ldns/util.h ldns/config.h + rm -rf ldns/net.h ldns/util.h ldns/config.h ldns/common.h rm -rf *.lo rm -rf .libs rm -rf libtool

@@ -8,6 +8,8 @@ INFORMATION FOR SPECIFIC OPERATING SYSTEMS Mac OS X Solaris + KNOWN ISSUES + pyldns Your Support Project page: @@ -65,6 +67,7 @@ * Developers ldns is developed by the ldns team at NLnet Labs. This team currently consists of: + o Willem Toorop o Wouter Wijngaards o Matthijs Mekking @@ -74,6 +77,7 @@ * Credits We have received patches from the following people, thanks! + o Bedrich Kosata o Erik Rozendaal o Håkan Olsson o Jakob Schlyter @@ -82,7 +86,7 @@ o Ondřej Surý -IFORMATION FOR SPECIFIC OPERATING SYSTEMS +INFORMATION FOR SPECIFIC OPERATING SYSTEMS MAC OS X @@ -103,6 +107,17 @@ script that sets the right build and link options. You can find it in contrib/build-solaris.sh +KNOWN ISSUES + +A complete list of currently known open issues can be found here: +http://www.nlnetlabs.nl/projects/ldns/bugs + +* pyldns +Compiling pyldns produces many ``unused parameter'' warnings. Those are +harmless and may safely be ignored. +Also when building with Swig which version is before 2.0.4, compiling +pyldns produces many ``missing initializer'' warnings. Those are harmless +too. Your Support NLnet Labs offers all of its software products as open source, most are

@@ -0,0 +1,24 @@ +/* Just a replacement, if the original malloc is not + GNU-compliant. See autoconf documentation. */ + +#if HAVE_CONFIG_H +#include <ldns/config.h> +#endif + +void *calloc(); + +#if !HAVE_BZERO && HAVE_MEMSET +# define bzero(buf, bytes) ((void) memset (buf, 0, bytes)) +#endif + +void * +calloc(size_t num, size_t size) +{ + void *new = malloc(num * size); + if (!new) { + return NULL; + } + bzero(new, num * size); + return new; +} +

@@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for ldns 1.6.9. +# Generated by GNU Autoconf 2.68 for ldns 1.6.10. # # Report bugs to <libdns@nlnetlabs.nl>. # @@ -570,8 +570,8 @@ # Identity of this package. PACKAGE_NAME='ldns' PACKAGE_TARNAME='libdns' -PACKAGE_VERSION='1.6.9' -PACKAGE_STRING='ldns 1.6.9' +PACKAGE_VERSION='1.6.10' +PACKAGE_STRING='ldns 1.6.10' PACKAGE_BUGREPORT='libdns@nlnetlabs.nl' PACKAGE_URL='' @@ -615,16 +615,21 @@ enable_option_checking=no ac_subst_vars='subdirs LTLIBOBJS +ldns_build_config_have_attr_unused +ldns_build_config_have_attr_format +ldns_build_config_have_ssl WINDRES LIBOBJS include_unistd_h include_systypes_h include_inttypes_h +ldns_build_config_have_inttypes_h include_sys_socket_h INSTALL_LDNS_CONFIG LIBSSL_LIBS LIBSSL_LDFLAGS LIBSSL_CPPFLAGS +ldns_build_config_use_ecdsa RUNTIME_PATH HAVE_SSL OTOOL64 @@ -657,6 +662,7 @@ build_cpu build libtool +PYTHON_X_CFLAGS swig PYLDNS SWIG_LIB @@ -1297,7 +1303,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures ldns 1.6.9 to adapt to many kinds of systems. +\`configure' configures ldns 1.6.10 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1362,7 +1368,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of ldns 1.6.9:";; + short | recursive ) echo "Configuration of ldns 1.6.10:";; esac cat <<\_ACEOF @@ -1475,7 +1481,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -ldns configure 1.6.9 +ldns configure 1.6.10 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -1941,6 +1947,184 @@ } # ac_fn_c_check_decl +# ac_fn_c_compute_int LINENO EXPR VAR INCLUDES +# -------------------------------------------- +# Tries to find the compile-time value of EXPR in a program that includes +# INCLUDES, setting VAR accordingly. Returns whether the value could be +# computed +ac_fn_c_compute_int () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if test "$cross_compiling" = yes; then + # Depending upon the size, compute the lo and hi bounds. +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +static int test_array [1 - 2 * !(($2) >= 0)]; +test_array [0] = 0 + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_lo=0 ac_mid=0 + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +static int test_array [1 - 2 * !(($2) <= $ac_mid)]; +test_array [0] = 0 + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_hi=$ac_mid; break +else + as_fn_arith $ac_mid + 1 && ac_lo=$as_val + if test $ac_lo -le $ac_mid; then + ac_lo= ac_hi= + break + fi + as_fn_arith 2 '*' $ac_mid + 1 && ac_mid=$as_val +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +static int test_array [1 - 2 * !(($2) < 0)]; +test_array [0] = 0 + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_hi=-1 ac_mid=-1 + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +static int test_array [1 - 2 * !(($2) >= $ac_mid)]; +test_array [0] = 0 + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_lo=$ac_mid; break +else + as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val + if test $ac_mid -le $ac_hi; then + ac_lo= ac_hi= + break + fi + as_fn_arith 2 '*' $ac_mid && ac_mid=$as_val +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done +else + ac_lo= ac_hi= +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +# Binary search between lo and hi bounds. +while test "x$ac_lo" != "x$ac_hi"; do + as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +int +main () +{ +static int test_array [1 - 2 * !(($2) <= $ac_mid)]; +test_array [0] = 0 + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_hi=$ac_mid +else + as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +done +case $ac_lo in #(( +?*) eval "$3=\$ac_lo"; ac_retval=0 ;; +'') ac_retval=1 ;; +esac + else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ +$4 +static long int longval () { return $2; } +static unsigned long int ulongval () { return $2; } +#include <stdio.h> +#include <stdlib.h> +int +main () +{ + + FILE *f = fopen ("conftest.val", "w"); + if (! f) + return 1; + if (($2) < 0) + { + long int i = longval (); + if (i != ($2)) + return 1; + fprintf (f, "%ld", i); + } + else + { + unsigned long int i = ulongval (); + if (i != ($2)) + return 1; + fprintf (f, "%lu", i); + } + /* Do not output a trailing newline, as this causes \r\n confusion + on some platforms. */ + return ferror (f) || fclose (f) != 0; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + echo >>conftest.val; read $3 <conftest.val; ac_retval=0 +else + ac_retval=1 +fi +rm -f core *.core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f conftest.val + + fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_compute_int + # ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES # ---------------------------------------------------- # Tries to find if the field MEMBER exists in type AGGR, after including @@ -2001,7 +2185,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by ldns $as_me 1.6.9, which was +It was created by ldns $as_me 1.6.10, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -2351,13 +2535,13 @@ # needed to build correct soname -LIBTOOL_VERSION_INFO=1:6:9 +LIBTOOL_VERSION_INFO=1:6:10 LDNS_VERSION_MAJOR=1 LDNS_VERSION_MINOR=6 -LDNS_VERSION_MICRO=9 +LDNS_VERSION_MICRO=10 OURCPPFLAGS='' @@ -5564,6 +5748,7 @@ # check for python +PYTHON_X_CFLAGS="" # Check whether --with-pyldns was given. if test "${with_pyldns+set}" = set; then : @@ -6060,9 +6245,45 @@ fi else { $as_echo "$as_me:${as_lineno-$LINENO}: result: *** don't have Python, skipping Swig, no pyldns ***" >&5 -$as_echo "*** don't have Python, skipping Swig, no pyldns ***" >&6; } +$as_echo "*** don't have Python, skipping Swig, no pyldns ***" >&6; } # ' fi + + # xtra cflags for pyldns + if test x_$ldns_have_python != x_no; then + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC supports -fno-strict-aliasing" >&5 +$as_echo_n "checking whether $CC supports -fno-strict-aliasing... " >&6; } +cache=`echo fno-strict-aliasing | sed 'y%.=/+-%___p_%'` +if eval \${cv_prog_cc_flag_$cache+:} false; then : + $as_echo_n "(cached) " >&6 +else + +echo 'void f(){}' >conftest.c +if test -z "`$CC $CPPFLAGS $CFLAGS -fno-strict-aliasing -c conftest.c 2>&1`"; then +eval "cv_prog_cc_flag_$cache=yes" +else +eval "cv_prog_cc_flag_$cache=no" fi +rm -f conftest conftest.o conftest.c + +fi + +if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +: +PYTHON_X_CFLAGS="-fno-strict-aliasing" +else +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +: + +fi + + fi +fi + # Use libtool ac_aux_dir= @@ -13811,6 +14032,8 @@ #define USE_ECDSA 1 _ACEOF + ldns_build_config_use_ecdsa=1 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ***************************************************************** *** YOU HAVE ENABLED ECDSA WHICH IS EXPERIMENTAL AT THIS TIME *** @@ -13823,8 +14046,12 @@ *****************************************************************" >&2;} ;; no) + ldns_build_config_use_ecdsa=0 + ;; *) + ldns_build_config_use_ecdsa=0 + ;; esac @@ -14219,10 +14446,102 @@ fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for stdbool.h that conforms to C99" >&5 +$as_echo_n "checking for stdbool.h that conforms to C99... " >&6; } +if ${ac_cv_header_stdbool_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + +#include <stdbool.h> +#ifndef bool + "error: bool is not defined" +#endif +#ifndef false + "error: false is not defined" +#endif +#if false + "error: false is not 0" +#endif +#ifndef true + "error: true is not defined" +#endif +#if true != 1 + "error: true is not 1" +#endif +#ifndef __bool_true_false_are_defined + "error: __bool_true_false_are_defined is not defined" +#endif + + struct s { _Bool s: 1; _Bool t; } s; + + char a[true == 1 ? 1 : -1]; + char b[false == 0 ? 1 : -1]; + char c[__bool_true_false_are_defined == 1 ? 1 : -1]; + char d[(bool) 0.5 == true ? 1 : -1]; + /* See body of main program for 'e'. */ + char f[(_Bool) 0.0 == false ? 1 : -1]; + char g[true]; + char h[sizeof (_Bool)]; + char i[sizeof s.t]; + enum { j = false, k = true, l = false * true, m = true * 256 }; + /* The following fails for + HP aC++/ANSI C B3910B A.05.55 [Dec 04 2003]. */ + _Bool n[m]; + char o[sizeof n == m * sizeof n[0] ? 1 : -1]; + char p[-1 - (_Bool) 0 < 0 && -1 - (bool) 0 < 0 ? 1 : -1]; + /* Catch a bug in an HP-UX C compiler. See + http://gcc.gnu.org/ml/gcc-patches/2003-12/msg02303.html + http://lists.gnu.org/archive/html/bug-coreutils/2005-11/msg00161.html + */ + _Bool q = true; + _Bool *pq = &q; + +int +main () +{ + + bool e = &s; + *pq |= q; + *pq |= ! q; + /* Refer to every declared value, to avoid compiler optimizations. */ + return (!a + !b + !c + !d + !e + !f + !g + !h + !i + !!j + !k + !!l + + !m + !n + !o + !p + !q + !pq); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_header_stdbool_h=yes +else + ac_cv_header_stdbool_h=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdbool_h" >&5 +$as_echo "$ac_cv_header_stdbool_h" >&6; } +ac_fn_c_check_type "$LINENO" "_Bool" "ac_cv_type__Bool" "$ac_includes_default" +if test "x$ac_cv_type__Bool" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE__BOOL 1 +_ACEOF + + +fi + +if test $ac_cv_header_stdbool_h = yes; then + +$as_echo "#define HAVE_STDBOOL_H 1" >>confdefs.h + +fi + #AC_HEADER_SYS_WAIT #AC_CHECK_HEADERS([getopt.h fcntl.h stdlib.h string.h strings.h unistd.h]) # do the very minimum - we can always extend this -for ac_header in getopt.h stdarg.h stdbool.h openssl/ssl.h netinet/in.h time.h arpa/inet.h netdb.h +for ac_header in getopt.h stdarg.h openssl/ssl.h netinet/in.h time.h arpa/inet.h netdb.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" | $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default @@ -14288,10 +14607,14 @@ $as_echo "#define HAVE_INTTYPES_H 1" >>confdefs.h +ldns_build_config_have_inttypes_h=1 + else include_inttypes_h='' +ldns_build_config_have_inttypes_h=0 + fi @@ -14334,6 +14657,53 @@ +# The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of time_t" >&5 +$as_echo_n "checking size of time_t... " >&6; } +if ${ac_cv_sizeof_time_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (time_t))" "ac_cv_sizeof_time_t" " +$ac_includes_default +#ifdef TIME_WITH_SYS_TIME +# include <sys/time.h> +# include <time.h> +#else +# ifdef HAVE_SYS_TIME_H +# include <sys/time.h> +# else +# include <time.h> +# endif +#endif + +"; then : + +else + if test "$ac_cv_type_time_t" = yes; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (time_t) +See \`config.log' for more details" "$LINENO" 5; } + else + ac_cv_sizeof_time_t=0 + fi +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_time_t" >&5 +$as_echo "$ac_cv_sizeof_time_t" >&6; } + + + +cat >>confdefs.h <<_ACEOF +#define SIZEOF_TIME_T $ac_cv_sizeof_time_t +_ACEOF + + + ac_fn_c_check_type "$LINENO" "socklen_t" "ac_cv_type_socklen_t" " $ac_includes_default @@ -14633,6 +15003,20 @@ fi +ac_fn_c_check_func "$LINENO" "calloc" "ac_cv_func_calloc" +if test "x$ac_cv_func_calloc" = xyes; then : + $as_echo "#define HAVE_CALLOC 1" >>confdefs.h + +else + case " $LIBOBJS " in + *" calloc.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS calloc.$ac_objext" + ;; +esac + +fi + + ac_fn_c_check_func "$LINENO" "timegm" "ac_cv_func_timegm" if test "x$ac_cv_func_timegm" = xyes; then : $as_echo "#define HAVE_TIMEGM 1" >>confdefs.h @@ -14787,7 +15171,7 @@ fi -for ac_func in endprotoent endservent sleep random fcntl strtoul +for ac_func in endprotoent endservent sleep random fcntl strtoul bzero memset do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" | $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -15112,7 +15496,29 @@ -ac_config_files="$ac_config_files Makefile ldns/net.h ldns/util.h packaging/libldns.pc packaging/ldns-config" +if test "x$HAVE_SSL" = "xyes"; then + ldns_build_config_have_ssl=1 + +else + ldns_build_config_have_ssl=0 + +fi +if test "x$ac_cv_c_format_attribute" = "xyes"; then + ldns_build_config_have_attr_format=1 + +else + ldns_build_config_have_attr_format=0 + +fi +if test "x$ac_cv_c_unused_attribute" = "xyes"; then + ldns_build_config_have_attr_unused=1 + +else + ldns_build_config_have_attr_unused=0 + +fi + +ac_config_files="$ac_config_files Makefile ldns/common.h ldns/net.h ldns/util.h packaging/libldns.pc packaging/ldns-config" ac_config_headers="$ac_config_headers ldns/config.h" @@ -15636,7 +16042,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by ldns $as_me 1.6.9, which was +This file was extended by ldns $as_me 1.6.10, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -15702,7 +16108,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -ldns config.status 1.6.9 +ldns config.status 1.6.10 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" @@ -16108,6 +16514,7 @@ "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;; "disable-rpath") CONFIG_COMMANDS="$CONFIG_COMMANDS disable-rpath" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "ldns/common.h") CONFIG_FILES="$CONFIG_FILES ldns/common.h" ;; "ldns/net.h") CONFIG_FILES="$CONFIG_FILES ldns/net.h" ;; "ldns/util.h") CONFIG_FILES="$CONFIG_FILES ldns/util.h" ;; "packaging/libldns.pc") CONFIG_FILES="$CONFIG_FILES packaging/libldns.pc" ;;

@@ -6,7 +6,7 @@ # must be numbers. ac_defun because of later processing. m4_define([VERSION_MAJOR],[1]) m4_define([VERSION_MINOR],[6]) -m4_define([VERSION_MICRO],[9]) +m4_define([VERSION_MICRO],[10]) AC_INIT(ldns, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), libdns@nlnetlabs.nl, libdns) AC_CONFIG_SRCDIR([packet.c]) # needed to build correct soname @@ -84,6 +84,7 @@ AC_SEARCH_LIBS([inet_pton], [nsl]) # check for python +PYTHON_X_CFLAGS="" AC_ARG_WITH(pyldns, AC_HELP_STRING([--with-pyldns], [generate python library, or --without-pyldns to disable Python support.]), [],[ withval="no" ]) @@ -113,9 +114,15 @@ AC_SUBST(swig, "$SWIG") fi else - AC_MSG_RESULT([*** don't have Python, skipping Swig, no pyldns ***]) + AC_MSG_RESULT([*** don't have Python, skipping Swig, no pyldns ***]) # ' + fi + + # xtra cflags for pyldns + if test x_$ldns_have_python != x_no; then + ACX_CHECK_COMPILER_FLAG(fno-strict-aliasing, [PYTHON_X_CFLAGS="-fno-strict-aliasing"]) fi fi +AC_SUBST(PYTHON_X_CFLAGS) # Use libtool ACX_LIBTOOL_C_ONLY @@ -177,6 +184,7 @@ ]) # we now know we have ECDSA and the required curves. AC_DEFINE_UNQUOTED([USE_ECDSA], [1], [Define this to enable ECDSA support.]) + AC_SUBST(ldns_build_config_use_ecdsa, 1) AC_WARN([ ***************************************************************** *** YOU HAVE ENABLED ECDSA WHICH IS EXPERIMENTAL AT THIS TIME *** @@ -184,8 +192,10 @@ *****************************************************************]) ;; no) + AC_SUBST(ldns_build_config_use_ecdsa, 0) ;; *) + AC_SUBST(ldns_build_config_use_ecdsa, 0) ;; esac @@ -229,10 +239,11 @@ # Checks for header files. AC_HEADER_STDC +AC_HEADER_STDBOOL #AC_HEADER_SYS_WAIT #AC_CHECK_HEADERS([getopt.h fcntl.h stdlib.h string.h strings.h unistd.h]) # do the very minimum - we can always extend this -AC_CHECK_HEADERS([getopt.h stdarg.h stdbool.h openssl/ssl.h netinet/in.h time.h arpa/inet.h netdb.h],,, [AC_INCLUDES_DEFAULT]) +AC_CHECK_HEADERS([getopt.h stdarg.h openssl/ssl.h netinet/in.h time.h arpa/inet.h netdb.h],,, [AC_INCLUDES_DEFAULT]) AC_CHECK_HEADERS(sys/param.h sys/mount.h,,, [AC_INCLUDES_DEFAULT [ @@ -259,8 +270,10 @@ [ include_inttypes_h='#include <inttypes.h>' AC_DEFINE(HAVE_INTTYPES_H, 1, [define if you have inttypes.h]) +AC_SUBST(ldns_build_config_have_inttypes_h, 1) ],[ include_inttypes_h='' +AC_SUBST(ldns_build_config_have_inttypes_h, 0) ],[AC_INCLUDES_DEFAULT ]) AC_SUBST(include_inttypes_h) @@ -283,6 +296,20 @@ ]) AC_SUBST(include_unistd_h) +AC_CHECK_SIZEOF(time_t,,[ +AC_INCLUDES_DEFAULT +#ifdef TIME_WITH_SYS_TIME +# include <sys/time.h> +# include <time.h> +#else +# ifdef HAVE_SYS_TIME_H +# include <sys/time.h> +# else +# include <time.h> +# endif +#endif +]) + ACX_TYPE_SOCKLEN_T AC_CHECK_TYPE(ssize_t, int) AC_CHECK_TYPE(in_addr_t, [], [AC_DEFINE([in_addr_t], [uint32_t], [in_addr_t])], [ @@ -308,6 +335,7 @@ AC_REPLACE_FUNCS(b64_ntop) AC_REPLACE_FUNCS(b32_pton) AC_REPLACE_FUNCS(b32_ntop) +AC_REPLACE_FUNCS(calloc) AC_REPLACE_FUNCS(timegm) AC_REPLACE_FUNCS(gmtime_r) AC_REPLACE_FUNCS(ctime_r) @@ -319,7 +347,7 @@ AC_REPLACE_FUNCS(snprintf) AC_REPLACE_FUNCS(strlcpy) AC_REPLACE_FUNCS(memmove) -AC_CHECK_FUNCS([endprotoent endservent sleep random fcntl strtoul]) +AC_CHECK_FUNCS([endprotoent endservent sleep random fcntl strtoul bzero memset]) ACX_CHECK_GETADDRINFO_WITH_INCLUDES if test $ac_cv_func_getaddrinfo = no; then @@ -479,7 +507,23 @@ #endif ]) -AC_CONFIG_FILES([Makefile ldns/net.h ldns/util.h packaging/libldns.pc packaging/ldns-config]) +if test "x$HAVE_SSL" = "xyes"; then + AC_SUBST(ldns_build_config_have_ssl, 1) +else + AC_SUBST(ldns_build_config_have_ssl, 0) +fi +if test "x$ac_cv_c_format_attribute" = "xyes"; then + AC_SUBST(ldns_build_config_have_attr_format, 1) +else + AC_SUBST(ldns_build_config_have_attr_format, 0) +fi +if test "x$ac_cv_c_unused_attribute" = "xyes"; then + AC_SUBST(ldns_build_config_have_attr_unused, 1) +else + AC_SUBST(ldns_build_config_have_attr_unused, 0) +fi + +AC_CONFIG_FILES([Makefile ldns/common.h ldns/net.h ldns/util.h packaging/libldns.pc packaging/ldns-config]) AC_CONFIG_HEADER([ldns/config.h]) AC_OUTPUT

@@ -62,6 +62,6 @@ #for development only swig: ldns.i swig -python -o ldns_wrapper.c -I../.. ldns.i - gcc -c ldns_wrapper.c -O9 -fPIC -I../.. -I../../ldns -I/usr/include/python2.5 -I. -o ldns_wrapper.o + gcc -c ldns_wrapper.c -O9 -fPIC -I../.. -I../../ldns -I/usr/local/include/python2.6 -I. -o ldns_wrapper.o ld -shared ldns_wrapper.o -L../../.libs -lldns -o _ldns.so

@@ -0,0 +1,15 @@ +import ldns +import sys + +if len(sys.argv) <= 1: + print "Usage: %s zone_file" % sys.argv[0] + sys.exit() + +inp = open(sys.argv[1],"r"); +for rr in ldns.ldns_rr_iter_frm_fp_l(inp): + print rr + +inp.close() + + +

@@ -0,0 +1,43 @@ +import ldns +import sys + +if len(sys.argv) <= 1: + print "Usage: %s zone_file" % sys.argv[0] + sys.exit() + +inp = open(sys.argv[1],"r"); +# variables that preserve the parsers state +my_ttl = 3600; +my_origin = None +my_prev = None +# additional state variables +last_pos = 0 +line_nr = 0 + +while True: + ret = ldns.ldns_rr_new_frm_fp_l_(inp, my_ttl, my_origin, my_prev) + s, rr, line_inc, new_ttl, new_origin, new_prev = ret # unpack the result + line_nr += line_inc # increase number of parsed lines + my_prev = new_prev # update ref to previous owner + + if s == ldns.LDNS_STATUS_SYNTAX_TTL: + my_ttl = new_ttl # update default TTL + print "$TTL:", my_ttl + elif s == ldns.LDNS_STATUS_SYNTAX_ORIGIN: + my_origin = new_origin # update reference to origin + print "$ORIGIN:", my_origin + elif s == ldns.LDNS_STATUS_SYNTAX_EMPTY: + if last_pos == inp.tell(): + break # no advance since last read - EOF + last_pos = inp.tell() + elif s != ldns.LDNS_STATUS_OK: + print "! parse error in line", line_nr + else: + # we are sure to have LDNS_STATUS_OK + print rr + +inp.close() +print "--------------------" +print "Read %d lines" % line_nr + +

@@ -95,6 +95,9 @@ %apply int *OUTPUT { int *line_nr}; %apply uint32_t *OUTPUT { uint32_t *default_ttl}; +// wire2pkt +%apply (char *STRING, int LENGTH) { (const char *str, int len) }; + %include "ldns_packet.i" %include "ldns_resolver.i" %include "ldns_rr.i" @@ -144,6 +147,14 @@ { PyObject* tuple; + /* origin and prev have to be cloned in order to decouple the data + * from the python wrapper + */ + if (origin != NULL) + origin = ldns_rdf_clone(origin); + if (prev != NULL) + prev = ldns_rdf_clone(prev); + ldns_rdf *p_prev = prev; ldns_rdf **pp_prev = &p_prev; if (p_prev == 0) pp_prev = 0; @@ -157,14 +168,14 @@ PyTuple_SetItem(tuple, 0, SWIG_From_int(st)); PyTuple_SetItem(tuple, 1, (st == LDNS_STATUS_OK) ? SWIG_NewPointerObj(SWIG_as_voidptr(p_rr), SWIGTYPE_p_ldns_struct_rr, SWIG_POINTER_OWN | 0 ) : - Py_None); + (Py_INCREF(Py_None), Py_None)); PyTuple_SetItem(tuple, 2, (p_prev != prev) ? SWIG_NewPointerObj(SWIG_as_voidptr(p_prev), SWIGTYPE_p_ldns_struct_rdf, SWIG_POINTER_OWN | 0 ) : - Py_None); + (Py_INCREF(Py_None), Py_None)); return tuple; } - PyObject* ldns_rr_new_frm_fp_l_(FILE *fp, uint32_t default_ttl, ldns_rdf* origin, ldns_rdf* prev, int ret_linenr) + PyObject* ldns_rr_new_frm_fp_l_(FILE *fp, uint32_t default_ttl, ldns_rdf* origin, ldns_rdf* prev) //returns tuple (status, ldns_rr, [line if ret_linenr], ttl, origin, prev) { int linenr = 0; @@ -174,13 +185,21 @@ uint32_t *p_defttl = &defttl; if (defttl == 0) p_defttl = 0; + /* origin and prev have to be cloned in order to decouple the data + * from the python wrapper + */ + if (origin != NULL) + origin = ldns_rdf_clone(origin); + if (prev != NULL) + prev = ldns_rdf_clone(prev); + ldns_rdf *p_origin = origin; ldns_rdf **pp_origin = &p_origin; - if (p_origin == 0) pp_origin = 0; + //if (p_origin == 0) pp_origin = 0; ldns_rdf *p_prev = prev; ldns_rdf **pp_prev = &p_prev; - if (p_prev == 0) pp_prev = 0; + //if (p_prev == 0) pp_prev = 0; ldns_rr *p_rr = 0; ldns_rr **pp_rr = &p_rr; @@ -188,35 +207,38 @@ ldns_status st = ldns_rr_new_frm_fp_l(pp_rr, fp, p_defttl, pp_origin, pp_prev, p_linenr); PyObject* tuple; - tuple = PyTuple_New(ret_linenr ? 6 : 5); + tuple = PyTuple_New(6); int idx = 0; PyTuple_SetItem(tuple, idx, SWIG_From_int(st)); idx++; PyTuple_SetItem(tuple, idx, (st == LDNS_STATUS_OK) ? SWIG_NewPointerObj(SWIG_as_voidptr(p_rr), SWIGTYPE_p_ldns_struct_rr, SWIG_POINTER_OWN | 0 ) : - Py_None); + (Py_INCREF(Py_None), Py_None)); idx++; - if (ret_linenr) { - PyTuple_SetItem(tuple, idx, SWIG_From_int(linenr)); - idx++; - } - PyTuple_SetItem(tuple, idx, (defttl != default_ttl) ? SWIG_From_int(defttl) : Py_None); + PyTuple_SetItem(tuple, idx, SWIG_From_int(linenr)); idx++; - PyTuple_SetItem(tuple, idx, (p_origin != origin) ? - SWIG_NewPointerObj(SWIG_as_voidptr(p_origin), SWIGTYPE_p_ldns_struct_rdf, SWIG_POINTER_OWN | 0 ) : - Py_None); + PyTuple_SetItem(tuple, idx, SWIG_From_int(defttl)); idx++; - PyTuple_SetItem(tuple, idx, (p_prev != prev) ? - SWIG_NewPointerObj(SWIG_as_voidptr(p_prev), SWIGTYPE_p_ldns_struct_rdf, SWIG_POINTER_OWN | 0 ) : - Py_None); + PyTuple_SetItem(tuple, idx, SWIG_NewPointerObj(SWIG_as_voidptr(p_origin), SWIGTYPE_p_ldns_struct_rdf, SWIG_POINTER_OWN | 0 )); + idx++; + PyTuple_SetItem(tuple, idx, SWIG_NewPointerObj(SWIG_as_voidptr(p_prev), SWIGTYPE_p_ldns_struct_rdf, SWIG_POINTER_OWN | 0 )); return tuple; } - PyObject* ldns_rr_new_question_frm_str_(const char *str, ldns_rdf* origin, ldns_rdf* prev) + +PyObject* ldns_rr_new_question_frm_str_(const char *str, ldns_rdf* origin, ldns_rdf* prev) //returns tuple (status, ldns_rr, prev) { PyObject* tuple; + /* origin and prev have to be cloned in order to decouple the data + * from the python wrapper + */ + if (origin != NULL) + origin = ldns_rdf_clone(origin); + if (prev != NULL) + prev = ldns_rdf_clone(prev); + ldns_rdf *p_prev = prev; ldns_rdf **pp_prev = &p_prev; if (p_prev == 0) pp_prev = 0; @@ -230,10 +252,10 @@ PyTuple_SetItem(tuple, 0, SWIG_From_int(st)); PyTuple_SetItem(tuple, 1, (st == LDNS_STATUS_OK) ? SWIG_NewPointerObj(SWIG_as_voidptr(p_rr), SWIGTYPE_p_ldns_struct_rr, SWIG_POINTER_OWN | 0 ) : - Py_None); + (Py_INCREF(Py_None), Py_None)); PyTuple_SetItem(tuple, 2, (p_prev != prev) ? SWIG_NewPointerObj(SWIG_as_voidptr(p_prev), SWIGTYPE_p_ldns_struct_rdf, SWIG_POINTER_OWN | 0 ) : - Py_None); + (Py_INCREF(Py_None), Py_None)); return tuple; } @@ -254,14 +276,70 @@ PyTuple_SetItem(tuple, 0, SWIG_From_int(st)); PyTuple_SetItem(tuple, 1, (st == LDNS_STATUS_OK) ? SWIG_NewPointerObj(SWIG_as_voidptr(rrl), SWIGTYPE_p_ldns_struct_rr_list, SWIG_POINTER_OWN | 0 ) : - Py_None); + (Py_INCREF(Py_None), Py_None)); return tuple; } +PyObject* ldns_wire2pkt_(const char *str, int len) + //returns tuple (status, result) + { + PyObject *resultobj = 0; + ldns_pkt *arg1 = NULL; + uint8_t *arg2 = (uint8_t *) str; + size_t arg3 = (size_t) len; + ldns_status result; + PyObject* tuple; + + result = (ldns_status)ldns_wire2pkt(&arg1,arg2,arg3); + tuple = PyTuple_New(2); + PyTuple_SetItem(tuple, 0, SWIG_From_int(result)); + if (result == LDNS_STATUS_OK) + PyTuple_SetItem(tuple, 1, SWIG_NewPointerObj(SWIG_as_voidptr(arg1), SWIGTYPE_p_ldns_struct_pkt, SWIG_POINTER_OWN | 0 )); + else { + Py_INCREF(Py_None); + PyTuple_SetItem(tuple, 1, Py_None); + } + return tuple; +} + %} %pythoncode %{ def ldns_fetch_valid_domain_keys(res, domain, keys): return _ldns.ldns_fetch_valid_domain_keys_(res, domain, keys) -%} +def ldns_wire2pkt(data): + return _ldns.ldns_wire2pkt_(data) + +def ldns_rr_iter_frm_fp_l(input_file): + """Creates an iterator (generator) that returns individual parsed + RRs from an open zone file.""" + # variables that preserve the parsers state + my_ttl = 0; + my_origin = None + my_prev = None + # additional state variables + last_pos = 0 + line_nr = 0 + + while True: + ret = _ldns.ldns_rr_new_frm_fp_l_(input_file, my_ttl, my_origin, my_prev) + s, rr, line_inc, new_ttl, new_origin, new_prev = ret # unpack the result + line_nr += line_inc # increase number of parsed lines + my_prev = new_prev # update ref to previous owner + + if s == _ldns.LDNS_STATUS_SYNTAX_TTL: + my_ttl = new_ttl # update default TTL + elif s == _ldns.LDNS_STATUS_SYNTAX_ORIGIN: + my_origin = new_origin # update reference to origin + elif s == _ldns.LDNS_STATUS_SYNTAX_EMPTY: + if last_pos == input_file.tell(): + break # no advance since last read - EOF + last_pos = input_file.tell() + elif s != _ldns.LDNS_STATUS_OK: + raise ValueError("Parse error in line %d" % line_nr) + else: + # we are sure to have LDNS_STATUS_OK + yield rr + +%}

@@ -51,6 +51,10 @@ %newobject ldns_dname_new_frm_data; %newobject ldns_dname_label; +# limit the number of arguments to 2 and +# deal with variable number of arguments the Python way +%varargs(2, char *arg = NULL) ldns_buffer_printf; + %rename(ldns_buffer) ldns_struct_buffer; #ifdef LDNS_DEBUG @@ -232,14 +236,15 @@ #parameters: ldns_buffer *, #retvals: size_t - def printf(self,*str): + def printf(self, str, *args): """Prints to the buffer, increasing the capacity if required using buffer_reserve(). The buffer's position is set to the terminating '\0'. Returns the number of characters written (not including the terminating '\0') or -1 on failure. :param str: a string :returns: (int) """ - return _ldns.ldns_buffer_printf(self,*str) + data = str % args + return _ldns.ldns_buffer_printf(self,data) #parameters: ldns_buffer *,const char *,... #retvals: int

@@ -41,12 +41,14 @@ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(SWIG_as_voidptr($1_pkt), SWIGTYPE_p_ldns_struct_pkt, SWIG_POINTER_OWN | 0 )); } +%newobject ldns_pkt_new; %newobject ldns_pkt_clone; %newobject ldns_pkt_rr_list_by_type; %newobject ldns_pkt_rr_list_by_name_and_type; %newobject ldns_pkt_rr_list_by_name; %newobject ldns_update_pkt_new; + %nodefaultctor ldns_struct_pkt; //no default constructor & destructor %nodefaultdtor ldns_struct_pkt; @@ -69,9 +71,57 @@ %newobject ldns_pkt_algorithm2str; %newobject ldns_pkt_cert_algorithm2str; -%exception ldns_pkt_push_rr(ldns_pkt *packet, ldns_pkt_section section, ldns_rr *rr) %{ $action if (result) Py_INCREF(obj2); %} -%exception ldns_pkt_push_rr_list(ldns_pkt *packet, ldns_pkt_section section, ldns_rr_list *list) %{ $action if (result) Py_INCREF(obj2); %} +/* cloning of packet_lists to make them independent of the original packet */ + +%newobject _ldns_pkt_additional; +%newobject _ldns_pkt_answer; +%newobject _ldns_pkt_authority; +%newobject _ldns_pkt_question; + +%rename(__ldns_pkt_additional) ldns_pkt_additional; +%inline %{ +ldns_rr_list* _ldns_pkt_additional(ldns_pkt* p) { + return ldns_rr_list_clone(ldns_pkt_additional(p)); +} +%} + +%rename(__ldns_pkt_answer) ldns_pkt_answer; +%inline %{ +ldns_rr_list* _ldns_pkt_answer(ldns_pkt* p) { + return ldns_rr_list_clone(ldns_pkt_answer(p)); +} +%} + +%rename(__ldns_pkt_authority) ldns_pkt_authority; +%inline %{ +ldns_rr_list* _ldns_pkt_authority(ldns_pkt* p) { + return ldns_rr_list_clone(ldns_pkt_authority(p)); +} +%} + +%rename(__ldns_pkt_question) ldns_pkt_question; +%inline %{ +ldns_rr_list* _ldns_pkt_question(ldns_pkt* p) { + return ldns_rr_list_clone(ldns_pkt_question(p)); +} +%} + +/* clone data when pushed in */ + +%rename(__ldns_pkt_push_rr) ldns_pkt_push_rr; +%inline %{ +bool _ldns_pkt_push_rr(ldns_pkt* p, ldns_pkt_section sec, ldns_rr *rr) { + return ldns_pkt_push_rr(p, sec, ldns_rr_clone(rr)); +} +%} + +%rename(__ldns_pkt_push_rr_list) ldns_pkt_push_rr_list; +%inline %{ +bool _ldns_pkt_push_rr_list(ldns_pkt* p, ldns_pkt_section sec, ldns_rr_list *rrl) { + return ldns_pkt_push_rr_list(p, sec, ldns_rr_list_clone(rrl)); +} +%} %feature("docstring") ldns_struct_pkt "LDNS packet object. @@ -224,7 +274,7 @@ :returns: (ldns_rr_list \*) the section """ - return _ldns.ldns_pkt_additional(self) + return _ldns._ldns_pkt_additional(self) #parameters: const ldns_pkt *, #retvals: ldns_rr_list * @@ -252,7 +302,7 @@ :returns: (ldns_rr_list \*) the section """ - return _ldns.ldns_pkt_answer(self) + return _ldns._ldns_pkt_answer(self) #parameters: const ldns_pkt *, #retvals: ldns_rr_list * @@ -279,7 +329,7 @@ :returns: (ldns_rr_list \*) the section """ - return _ldns.ldns_pkt_authority(self) + return _ldns._ldns_pkt_authority(self) #parameters: const ldns_pkt *, #retvals: ldns_rr_list * @@ -433,7 +483,7 @@ rr to push :returns: (bool) a boolean which is true when the rr was added """ - return _ldns.ldns_pkt_push_rr(self,section,rr) + return _ldns._ldns_pkt_push_rr(self,section,rr) #parameters: ldns_pkt *,ldns_pkt_section,ldns_rr *, #retvals: bool @@ -446,7 +496,7 @@ the rr_list to push :returns: (bool) a boolean which is true when the rr was added """ - return _ldns.ldns_pkt_push_rr_list(self,section,list) + return _ldns._ldns_pkt_push_rr_list(self,section,list) #parameters: ldns_pkt *,ldns_pkt_section,ldns_rr_list *, #retvals: bool @@ -482,7 +532,7 @@ :returns: (ldns_rr_list \*) the section """ - return _ldns.ldns_pkt_question(self) + return _ldns._ldns_pkt_question(self) #parameters: const ldns_pkt *, #retvals: ldns_rr_list *

@@ -66,6 +66,10 @@ %newobject ldns_dname_new_frm_str; %newobject ldns_dname_new_frm_data; +%newobject ldns_rdf_new; +%newobject ldns_rdf_new_frm_str; +%newobject ldns_rdf_new_frm_data; + %delobject ldns_rdf_deep_free; %delobject ldns_rdf_free; @@ -141,7 +145,7 @@ def __init__(self): raise Exception("This class can't be created directly. Please use: ldns_rdf_new, ldns_rdf_new_frm_data, ldns_rdf_new_frm_str, ldns_rdf_new_frm_fp, ldns_rdf_new_frm_fp_l") - __swig_destroy__ = _ldns._ldns_rdf_free + __swig_destroy__ = _ldns._ldns_rdf_deep_free #LDNS_RDF_CONSTRUCTORS_# @staticmethod

@@ -166,7 +166,10 @@ www.l.google.com. 300 IN A 74.125.43.147 """ - return _ldns.ldns_get_rr_list_addr_by_name(self, name, aclass, flags) + rdf = name + if isinstance(name, str): + rdf = _ldns.ldns_dname_new_frm_str(name) + return _ldns.ldns_get_rr_list_addr_by_name(self, rdf, aclass, flags) def get_name_by_addr(self, addr, aclass = _ldns.LDNS_RR_CLASS_IN, flags = _ldns.LDNS_RD): """Ask the resolver about the address and return the name

@@ -48,6 +48,7 @@ %ignore ldns_struct_rr::_rdata_fields; %newobject ldns_rr_clone; +%newobject ldns_rr_new; %newobject ldns_rr_pop_rdf; %delobject ldns_rr_free; @@ -70,6 +71,299 @@ %newobject ldns_rr_class2str; %newobject ldns_read_anchor_file; + +// clone rdf data on pull + +%newobject _ldns_rr_rdf; +%rename(__ldns_rr_rdf) ldns_rr_rdf; +%inline %{ +ldns_rdf* _ldns_rr_rdf(ldns_rr* rr, size_t i) { + return ldns_rdf_clone(ldns_rr_rdf(rr, i)); +} +%} + +%newobject _ldns_rr_rrsig_algorithm; +%rename(__ldns_rr_rrsig_algorithm) ldns_rr_rrsig_algorithm; +%inline %{ +ldns_rdf* _ldns_rr_rrsig_algorithm(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_rrsig_algorithm(rr)); +} +%} + +%newobject _ldns_rr_dnskey_algorithm; +%rename(__ldns_rr_dnskey_algorithm) ldns_rr_dnskey_algorithm; +%inline %{ +ldns_rdf* _ldns_rr_dnskey_algorithm(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_dnskey_algorithm(rr)); +} +%} + +%newobject _ldns_rr_dnskey_flags; +%rename(__ldns_rr_dnskey_flags) ldns_rr_dnskey_flags; +%inline %{ +ldns_rdf* _ldns_rr_dnskey_flags(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_dnskey_flags(rr)); +} +%} + +%newobject _ldns_rr_dnskey_key; +%rename(__ldns_rr_dnskey_key) ldns_rr_dnskey_key; +%inline %{ +ldns_rdf* _ldns_rr_dnskey_key(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_dnskey_key(rr)); +} +%} + +%newobject _ldns_rr_dnskey_protocol; +%rename(__ldns_rr_dnskey_protocol) ldns_rr_dnskey_protocol; +%inline %{ +ldns_rdf* _ldns_rr_dnskey_protocol(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_dnskey_protocol(rr)); +} +%} + + +%newobject _ldns_rr_owner; +%rename(__ldns_rr_owner) ldns_rr_owner; +%inline %{ +ldns_rdf* _ldns_rr_owner(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_owner(rr)); +} +%} + + +%newobject _ldns_rr_a_address; +%rename(__ldns_rr_a_address) ldns_rr_a_address; +%inline %{ +ldns_rdf* _ldns_rr_a_address(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_a_address(rr)); +} +%} + + +%newobject _ldns_rr_mx_exchange; +%rename(__ldns_rr_mx_exchange) ldns_rr_mx_exchange; +%inline %{ +ldns_rdf* _ldns_rr_mx_exchange(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_mx_exchange(rr)); +} +%} + + +%newobject _ldns_rr_mx_preference; +%rename(__ldns_rr_mx_preference) ldns_rr_mx_preference; +%inline %{ +ldns_rdf* _ldns_rr_mx_preference(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_mx_preference(rr)); +} +%} + + +%newobject _ldns_rr_ns_nsdname; +%rename(__ldns_rr_ns_nsdname) ldns_rr_ns_nsdname; +%inline %{ +ldns_rdf* _ldns_rr_ns_nsdname(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_ns_nsdname(rr)); +} +%} + + +%newobject _ldns_rr_rrsig_expiration; +%rename(__ldns_rr_rrsig_expiration) ldns_rr_rrsig_expiration; +%inline %{ +ldns_rdf* _ldns_rr_rrsig_expiration(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_rrsig_expiration(rr)); +} +%} + + +%newobject _ldns_rr_rrsig_inception; +%rename(__ldns_rr_rrsig_inception) ldns_rr_rrsig_inception; +%inline %{ +ldns_rdf* _ldns_rr_rrsig_inception(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_rrsig_inception(rr)); +} +%} + + +%newobject _ldns_rr_rrsig_keytag; +%rename(__ldns_rr_rrsig_keytag) ldns_rr_rrsig_keytag; +%inline %{ +ldns_rdf* _ldns_rr_rrsig_keytag(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_rrsig_keytag(rr)); +} +%} + + +%newobject _ldns_rr_rrsig_labels; +%rename(__ldns_rr_rrsig_labels) ldns_rr_rrsig_labels; +%inline %{ +ldns_rdf* _ldns_rr_rrsig_labels(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_rrsig_labels(rr)); +} +%} + + +%newobject _ldns_rr_rrsig_origttl; +%rename(__ldns_rr_rrsig_origttl) ldns_rr_rrsig_origttl; +%inline %{ +ldns_rdf* _ldns_rr_rrsig_origttl(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_rrsig_origttl(rr)); +} +%} + + +%newobject _ldns_rr_rrsig_sig; +%rename(__ldns_rr_rrsig_sig) ldns_rr_rrsig_sig; +%inline %{ +ldns_rdf* _ldns_rr_rrsig_sig(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_rrsig_sig(rr)); +} +%} + + +%newobject _ldns_rr_rrsig_signame; +%rename(__ldns_rr_rrsig_signame) ldns_rr_rrsig_signame; +%inline %{ +ldns_rdf* _ldns_rr_rrsig_signame(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_rrsig_signame(rr)); +} +%} + + +%newobject _ldns_rr_rrsig_typecovered; +%rename(__ldns_rr_rrsig_typecovered) ldns_rr_rrsig_typecovered; +%inline %{ +ldns_rdf* _ldns_rr_rrsig_typecovered(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_rrsig_typecovered(rr)); +} +%} + +// end of pull cloning + +// clone rdf data on push + +%rename(__ldns_rr_a_set_address) ldns_rr_a_set_address; +%inline %{ +bool _ldns_rr_a_set_address(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_a_set_address(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_dnskey_set_algorithm) ldns_rr_dnskey_set_algorithm; +%inline %{ +bool _ldns_rr_dnskey_set_algorithm(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_dnskey_set_algorithm(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_dnskey_set_flags) ldns_rr_dnskey_set_flags; +%inline %{ +bool _ldns_rr_dnskey_set_flags(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_dnskey_set_flags(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_dnskey_set_key) ldns_rr_dnskey_set_key; +%inline %{ +bool _ldns_rr_dnskey_set_key(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_dnskey_set_key(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_dnskey_set_protocol) ldns_rr_dnskey_set_protocol; +%inline %{ +bool _ldns_rr_dnskey_set_protocol(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_dnskey_set_protocol(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_push_rdf) ldns_rr_push_rdf; +%inline %{ +bool _ldns_rr_push_rdf(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_push_rdf(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_rrsig_set_algorithm) ldns_rr_rrsig_set_algorithm; +%inline %{ +bool _ldns_rr_rrsig_set_algorithm(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_rrsig_set_algorithm(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_rrsig_set_expiration) ldns_rr_rrsig_set_expiration; +%inline %{ +bool _ldns_rr_rrsig_set_expiration(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_rrsig_set_expiration(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_rrsig_set_inception) ldns_rr_rrsig_set_inception; +%inline %{ +bool _ldns_rr_rrsig_set_inception(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_rrsig_set_inception(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_rrsig_set_keytag) ldns_rr_rrsig_set_keytag; +%inline %{ +bool _ldns_rr_rrsig_set_keytag(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_rrsig_set_keytag(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_rrsig_set_labels) ldns_rr_rrsig_set_labels; +%inline %{ +bool _ldns_rr_rrsig_set_labels(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_rrsig_set_labels(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_rrsig_set_origttl) ldns_rr_rrsig_set_origttl; +%inline %{ +bool _ldns_rr_rrsig_set_origttl(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_rrsig_set_origttl(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_rrsig_set_sig) ldns_rr_rrsig_set_sig; +%inline %{ +bool _ldns_rr_rrsig_set_sig(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_rrsig_set_sig(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_rrsig_set_signame) ldns_rr_rrsig_set_signame; +%inline %{ +bool _ldns_rr_rrsig_set_signame(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_rrsig_set_signame(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_rrsig_set_typecovered) ldns_rr_rrsig_set_typecovered; +%inline %{ +bool _ldns_rr_rrsig_set_typecovered(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_rrsig_set_typecovered(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_set_owner) ldns_rr_set_owner; +%inline %{ +void _ldns_rr_set_owner(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_set_owner(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_set_rdf) ldns_rr_set_rdf; +%inline %{ + ldns_rdf* _ldns_rr_set_rdf(ldns_rr* rr, ldns_rdf* rdf, size_t pos) { + return ldns_rr_set_rdf(rr, ldns_rdf_clone(rdf), pos); +} +%} + +// end of push cloning + %rename(_ldns_rr_new_frm_str) ldns_rr_new_frm_str; %rename(_ldns_rr_new_frm_fp_l) ldns_rr_new_frm_fp_l; %rename(_ldns_rr_new_frm_fp) ldns_rr_new_frm_fp; @@ -227,18 +521,6 @@ for i in range(0,self.rd_count()): yield self.rdf(i) - def get_function(self,rtype,pos): - """return a specific rdf""" - return _ldns.ldns_rr_function(rtype,self,pos) - #parameters: ldns_rr_type,const ldns_rr *,size_t, - #retvals: ldns_rdf * - - def set_function(self,rtype,rdf,pos): - """set a specific rdf""" - return _ldns.ldns_rr_set_function(rtype,self,rdf,pos) - #parameters: ldns_rr_type,ldns_rr *,ldns_rdf *,size_t, - #retvals: bool - def print_to_file(self,output): """Prints the data in the resource record to the given file stream (in presentation format).""" _ldns.ldns_rr_print(output,self) @@ -313,7 +595,7 @@ :returns: (ldns_rdf \*) a ldns_rdf* with the address or NULL on failure """ - return _ldns.ldns_rr_a_address(self) + return _ldns._ldns_rr_a_address(self) #parameters: const ldns_rr *, #retvals: ldns_rdf * @@ -324,7 +606,7 @@ the address to set :returns: (bool) true on success, false otherwise """ - return _ldns.ldns_rr_a_set_address(self,f) + return _ldns._ldns_rr_a_set_address(self,f) #parameters: ldns_rr *,ldns_rdf *, #retvals: bool @@ -366,7 +648,7 @@ :returns: (ldns_rdf \*) a ldns_rdf* with the algorithm or NULL on failure """ - return _ldns.ldns_rr_dnskey_algorithm(self) + return _ldns._ldns_rr_dnskey_algorithm(self) #parameters: const ldns_rr *, #retvals: ldns_rdf * @@ -375,7 +657,7 @@ :returns: (ldns_rdf \*) a ldns_rdf* with the flags or NULL on failure """ - return _ldns.ldns_rr_dnskey_flags(self) + return _ldns._ldns_rr_dnskey_flags(self) #parameters: const ldns_rr *, #retvals: ldns_rdf * @@ -384,7 +666,7 @@ :returns: (ldns_rdf \*) a ldns_rdf* with the key data or NULL on failure """ - return _ldns.ldns_rr_dnskey_key(self) + return _ldns._ldns_rr_dnskey_key(self) #parameters: const ldns_rr *, #retvals: ldns_rdf * @@ -402,7 +684,7 @@ :returns: (ldns_rdf \*) a ldns_rdf* with the protocol or NULL on failure """ - return _ldns.ldns_rr_dnskey_protocol(self) + return _ldns._ldns_rr_dnskey_protocol(self) #parameters: const ldns_rr *, #retvals: ldns_rdf * @@ -413,7 +695,7 @@ the algorithm to set :returns: (bool) true on success, false otherwise """ - return _ldns.ldns_rr_dnskey_set_algorithm(self,f) + return _ldns._ldns_rr_dnskey_set_algorithm(self,f) #parameters: ldns_rr *,ldns_rdf *, #retvals: bool @@ -424,7 +706,7 @@ the flags to set :returns: (bool) true on success, false otherwise """ - return _ldns.ldns_rr_dnskey_set_flags(self,f) + return _ldns._ldns_rr_dnskey_set_flags(self,f) #parameters: ldns_rr *,ldns_rdf *, #retvals: bool @@ -435,7 +717,7 @@ the key data to set :returns: (bool) true on success, false otherwise """ - return _ldns.ldns_rr_dnskey_set_key(self,f) + return _ldns._ldns_rr_dnskey_set_key(self,f) #parameters: ldns_rr *,ldns_rdf *, #retvals: bool @@ -446,7 +728,7 @@ the protocol to set :returns: (bool) true on success, false otherwise """ - return _ldns.ldns_rr_dnskey_set_protocol(self,f) + return _ldns._ldns_rr_dnskey_set_protocol(self,f) #parameters: ldns_rr *,ldns_rdf *, #retvals: bool @@ -482,7 +764,7 @@ :returns: (ldns_rdf \*) a ldns_rdf* with the name of the MX host or NULL on failure """ - return _ldns.ldns_rr_mx_exchange(self) + return _ldns._ldns_rr_mx_exchange(self) #parameters: const ldns_rr *, #retvals: ldns_rdf * @@ -493,7 +775,7 @@ :returns: (ldns_rdf \*) a ldns_rdf* with the preference or NULL on failure """ - return _ldns.ldns_rr_mx_preference(self) + return _ldns._ldns_rr_mx_preference(self) #parameters: const ldns_rr *, #retvals: ldns_rdf * @@ -502,7 +784,7 @@ :returns: (ldns_rdf \*) a ldns_rdf* with the name or NULL on failure """ - return _ldns.ldns_rr_ns_nsdname(self) + return _ldns._ldns_rr_ns_nsdname(self) #parameters: const ldns_rr *, #retvals: ldns_rdf * @@ -511,7 +793,7 @@ :returns: (ldns_rdf \*) ldns_rdf * """ - return _ldns.ldns_rr_owner(self) + return _ldns._ldns_rr_owner(self) #parameters: const ldns_rr *, #retvals: ldns_rdf * @@ -530,7 +812,7 @@ :param f: :returns: (bool) bool """ - return _ldns.ldns_rr_push_rdf(self,f) + return _ldns._ldns_rr_push_rdf(self,f) #parameters: ldns_rr *,const ldns_rdf *, #retvals: bool @@ -550,7 +832,7 @@ the number of the rdf to return :returns: (ldns_rdf \*) ldns_rdf * """ - return _ldns.ldns_rr_rdf(self,nr) + return _ldns._ldns_rr_rdf(self,nr) #parameters: const ldns_rr *,size_t, #retvals: ldns_rdf * @@ -559,7 +841,7 @@ :returns: (ldns_rdf \*) a ldns_rdf* with the algorithm or NULL on failure """ - return _ldns.ldns_rr_rrsig_algorithm(self) + return _ldns._ldns_rr_rrsig_algorithm(self) #parameters: const ldns_rr *, #retvals: ldns_rdf * @@ -568,7 +850,7 @@ :returns: (ldns_rdf \*) a ldns_rdf* with the expiration time or NULL on failure """ - return _ldns.ldns_rr_rrsig_expiration(self) + return _ldns._ldns_rr_rrsig_expiration(self) #parameters: const ldns_rr *, #retvals: ldns_rdf * @@ -577,7 +859,7 @@ :returns: (ldns_rdf \*) a ldns_rdf* with the inception time or NULL on failure """ - return _ldns.ldns_rr_rrsig_inception(self) + return _ldns._ldns_rr_rrsig_inception(self) #parameters: const ldns_rr *, #retvals: ldns_rdf * @@ -586,7 +868,7 @@ :returns: (ldns_rdf \*) a ldns_rdf* with the keytag or NULL on failure """ - return _ldns.ldns_rr_rrsig_keytag(self) + return _ldns._ldns_rr_rrsig_keytag(self) #parameters: const ldns_rr *, #retvals: ldns_rdf * @@ -595,7 +877,7 @@ :returns: (ldns_rdf \*) a ldns_rdf* with the number of labels or NULL on failure """ - return _ldns.ldns_rr_rrsig_labels(self) + return _ldns._ldns_rr_rrsig_labels(self) #parameters: const ldns_rr *, #retvals: ldns_rdf * @@ -604,7 +886,7 @@ :returns: (ldns_rdf \*) a ldns_rdf* with the original TTL or NULL on failure """ - return _ldns.ldns_rr_rrsig_origttl(self) + return _ldns._ldns_rr_rrsig_origttl(self) #parameters: const ldns_rr *, #retvals: ldns_rdf * @@ -615,7 +897,7 @@ the algorithm to set :returns: (bool) true on success, false otherwise """ - return _ldns.ldns_rr_rrsig_set_algorithm(self,f) + return _ldns._ldns_rr_rrsig_set_algorithm(self,f) #parameters: ldns_rr *,ldns_rdf *, #retvals: bool @@ -626,7 +908,7 @@ the expireation date to set :returns: (bool) true on success, false otherwise """ - return _ldns.ldns_rr_rrsig_set_expiration(self,f) + return _ldns._ldns_rr_rrsig_set_expiration(self,f) #parameters: ldns_rr *,ldns_rdf *, #retvals: bool @@ -637,7 +919,7 @@ the inception date to set :returns: (bool) true on success, false otherwise """ - return _ldns.ldns_rr_rrsig_set_inception(self,f) + return _ldns._ldns_rr_rrsig_set_inception(self,f) #parameters: ldns_rr *,ldns_rdf *, #retvals: bool @@ -648,7 +930,7 @@ the keytag to set :returns: (bool) true on success, false otherwise """ - return _ldns.ldns_rr_rrsig_set_keytag(self,f) + return _ldns._ldns_rr_rrsig_set_keytag(self,f) #parameters: ldns_rr *,ldns_rdf *, #retvals: bool @@ -659,7 +941,7 @@ the number of labels to set :returns: (bool) true on success, false otherwise """ - return _ldns.ldns_rr_rrsig_set_labels(self,f) + return _ldns._ldns_rr_rrsig_set_labels(self,f) #parameters: ldns_rr *,ldns_rdf *, #retvals: bool @@ -670,7 +952,7 @@ the original TTL to set :returns: (bool) true on success, false otherwise """ - return _ldns.ldns_rr_rrsig_set_origttl(self,f) + return _ldns._ldns_rr_rrsig_set_origttl(self,f) #parameters: ldns_rr *,ldns_rdf *, #retvals: bool @@ -681,7 +963,7 @@ the signature data to set :returns: (bool) true on success, false otherwise """ - return _ldns.ldns_rr_rrsig_set_sig(self,f) + return _ldns._ldns_rr_rrsig_set_sig(self,f) #parameters: ldns_rr *,ldns_rdf *, #retvals: bool @@ -692,7 +974,7 @@ the signers name to set :returns: (bool) true on success, false otherwise """ - return _ldns.ldns_rr_rrsig_set_signame(self,f) + return _ldns._ldns_rr_rrsig_set_signame(self,f) #parameters: ldns_rr *,ldns_rdf *, #retvals: bool @@ -703,7 +985,7 @@ the typecovered to set :returns: (bool) true on success, false otherwise """ - return _ldns.ldns_rr_rrsig_set_typecovered(self,f) + return _ldns._ldns_rr_rrsig_set_typecovered(self,f) #parameters: ldns_rr *,ldns_rdf *, #retvals: bool @@ -712,7 +994,7 @@ :returns: (ldns_rdf \*) a ldns_rdf* with the signature data or NULL on failure """ - return _ldns.ldns_rr_rrsig_sig(self) + return _ldns._ldns_rr_rrsig_sig(self) #parameters: const ldns_rr *, #retvals: ldns_rdf * @@ -721,7 +1003,7 @@ :returns: (ldns_rdf \*) a ldns_rdf* with the signers name or NULL on failure """ - return _ldns.ldns_rr_rrsig_signame(self) + return _ldns._ldns_rr_rrsig_signame(self) #parameters: const ldns_rr *, #retvals: ldns_rdf * @@ -730,7 +1012,7 @@ :returns: (ldns_rdf \*) a ldns_rdf* with the type covered or NULL on failure """ - return _ldns.ldns_rr_rrsig_typecovered(self) + return _ldns._ldns_rr_rrsig_typecovered(self) #parameters: const ldns_rr *, #retvals: ldns_rdf * @@ -749,7 +1031,7 @@ :param owner: """ - _ldns.ldns_rr_set_owner(self,owner) + _ldns._ldns_rr_set_owner(self,owner) #parameters: ldns_rr *,ldns_rdf *, #retvals: @@ -773,7 +1055,7 @@ the position the set the rdf :returns: (ldns_rdf \*) the old value in the rr, NULL on failyre """ - return _ldns.ldns_rr_set_rdf(self,f,position) + return _ldns._ldns_rr_set_rdf(self,f,position) #parameters: ldns_rr *,const ldns_rdf *,size_t, #retvals: ldns_rdf * @@ -828,6 +1110,8 @@ %newobject ldns_rr_list_pop_rr; %newobject ldns_rr_list_pop_rr_list; %newobject ldns_rr_list_pop_rrset; +%newobject ldns_rr_list_rr; +%newobject ldns_rr_list_new; %delobject ldns_rr_list_deep_free; %delobject ldns_rr_list_free; @@ -846,11 +1130,49 @@ %rename(_ldns_rr_list_free) ldns_rr_list_free; #endif -%exception ldns_rr_list_push_rr(ldns_rr_list *rr_list, const ldns_rr *rr) %{ $action if (result) Py_INCREF(obj1); %} -%exception ldns_rr_list_push_rr_list(ldns_rr_list *rr_list, const ldns_rr_list *push_list) %{ $action if (result) Py_INCREF(obj1); %} +/* clone data on push */ + +%rename(__ldns_rr_list_push_rr) ldns_rr_list_push_rr; +%inline %{ +void _ldns_rr_list_push_rr(ldns_rr_list* r, ldns_rr *rr) { + ldns_rr_list_push_rr(r, ldns_rr_clone(rr)); +} +%} + +%rename(__ldns_rr_list_push_rr_list) ldns_rr_list_push_rr_list; +%inline %{ +void _ldns_rr_list_push_rr_list(ldns_rr_list* r, ldns_rr_list *r2) { + ldns_rr_list_push_rr_list(r, ldns_rr_list_clone(r2)); +} +%} + +%rename(__ldns_rr_list_cat) ldns_rr_list_cat; +%inline %{ +void _ldns_rr_list_cat(ldns_rr_list* r, ldns_rr_list *r2) { + ldns_rr_list_cat(r, ldns_rr_list_clone(r2)); +} +%} + + +/* clone data on pull */ + +%newobject _ldns_rr_list_rr; + +%rename(__ldns_rr_list_rr) ldns_rr_list_rr; +%inline %{ +ldns_rr* _ldns_rr_list_rr(ldns_rr_list* r, int i) { + return ldns_rr_clone(ldns_rr_list_rr(r, i)); +} +%} %newobject ldns_rr_list2str; +%rename(__ldns_rr_list_owner) ldns_rr_list_owner; +%inline %{ +ldns_rdf* _ldns_rr_list_owner(ldns_rr_list* r) { + return ldns_rdf_clone(ldns_rr_list_owner(r)); +} +%} @@ -867,7 +1189,7 @@ if not self.this: raise Exception("Can't create new RR_LIST") - __swig_destroy__ = _ldns._ldns_rr_list_free + __swig_destroy__ = _ldns._ldns_rr_list_deep_free #LDNS_RR_LIST_CONSTRUCTORS_# @staticmethod @@ -942,7 +1264,7 @@ the rightside :returns: (bool) a left with right concatenated to it """ - return _ldns.ldns_rr_list_cat(self,right) + return _ldns._ldns_rr_list_cat(self,right) #parameters: ldns_rr_list *,ldns_rr_list *, #retvals: bool @@ -982,7 +1304,7 @@ :returns: (ldns_rdf \*) dname of the first element, or NULL if the list is empty """ - return _ldns.ldns_rr_list_owner(self) + return _ldns._ldns_rr_list_owner(self) #parameters: const ldns_rr_list *, #retvals: ldns_rdf * @@ -991,7 +1313,10 @@ :returns: (ldns_rr \*) NULL if nothing to pop. Otherwise the popped RR """ - return _ldns.ldns_rr_list_pop_rr(self) + rr = _ldns.ldns_rr_list_pop_rr(self) + #if hasattr(self, "_python_rr_refs") and rr in self._python_rr_refs: + # self._python_rr_refs.remove(rr) + return rr #parameters: ldns_rr_list *, #retvals: ldns_rr * @@ -1022,7 +1347,11 @@ the rr to push :returns: (bool) false on error, otherwise true """ - return _ldns.ldns_rr_list_push_rr(self,rr) + #if hasattr(self, "_python_rr_refs"): + # self._python_rr_refs.add(rr) + #else: + # self._python_rr_refs = set([rr]) + return _ldns._ldns_rr_list_push_rr(self,rr) #parameters: ldns_rr_list *,const ldns_rr *, #retvals: bool @@ -1033,7 +1362,7 @@ the rr_list to push :returns: (bool) false on error, otherwise true """ - return _ldns.ldns_rr_list_push_rr_list(self,push_list) + return _ldns._ldns_rr_list_push_rr_list(self,push_list) #parameters: ldns_rr_list *,const ldns_rr_list *, #retvals: bool @@ -1044,7 +1373,7 @@ return this rr :returns: (ldns_rr \*) the rr at position nr """ - return _ldns.ldns_rr_list_rr(self,nr) + return _ldns._ldns_rr_list_rr(self,nr) #parameters: const ldns_rr_list *,size_t, #retvals: ldns_rr * @@ -1126,7 +1455,6 @@ %feature("docstring") ldns_struct_rr_descriptor "Resource Record descriptor - This structure contains, for all rr types, the rdata fields that are defined." %extend ldns_struct_rr_descriptor { @@ -1166,4 +1494,91 @@ #_LDNS_RR_DESCRIPTOR_METHODS# %} } - + +/* + +rrsig checking wrappers + + copying of rr pointers into the good_keys list leads to double free + problems, therefore we provide two options - either ignore the keys + or get list of indexes of the keys. The latter allows fetching of the + keys later on from the original key set +*/ + +%rename(__ldns_verify_rrsig_keylist) ldns_verify_rrsig_keylist; +%inline %{ +ldns_status ldns_verify_rrsig_keylist_status_only(ldns_rr_list *rrset, + ldns_rr *rrsig, + const ldns_rr_list *keys) { + ldns_rr_list *good_keys = ldns_rr_list_new(); + ldns_status status = ldns_verify_rrsig_keylist(rrset, rrsig, keys, good_keys); + ldns_rr_list_free(good_keys); + return status; +} +%} + +%rename(__ldns_verify_rrsig_keylist) ldns_verify_rrsig_keylist; +%inline %{ +PyObject* ldns_verify_rrsig_keylist_(ldns_rr_list *rrset, + ldns_rr *rrsig, + const ldns_rr_list *keys) { + PyObject* tuple; + PyObject* keylist; + ldns_rr_list *good_keys = ldns_rr_list_new(); + ldns_status status = ldns_verify_rrsig_keylist(rrset, rrsig, keys, good_keys); + + tuple = PyTuple_New(2); + PyTuple_SetItem(tuple, 0, SWIG_From_int(status)); + keylist = PyList_New(0); + if (status == LDNS_STATUS_OK) { + unsigned int i; + for (i = 0; i < ldns_rr_list_rr_count(keys); i++) + if (ldns_rr_list_contains_rr(good_keys, ldns_rr_list_rr(keys, i))) + PyList_Append(keylist, SWIG_From_int(i)); + } + PyTuple_SetItem(tuple, 1, keylist); + ldns_rr_list_free(good_keys); + return tuple; + } +%} + + +%rename(__ldns_verify_rrsig_keylist_notime) ldns_verify_rrsig_keylist_notime; +%inline %{ +ldns_status ldns_verify_rrsig_keylist_notime_status_only(ldns_rr_list *rrset, + ldns_rr *rrsig, + const ldns_rr_list *keys) { + ldns_rr_list *good_keys = ldns_rr_list_new(); + ldns_status status = ldns_verify_rrsig_keylist_notime(rrset, rrsig, keys, good_keys); + ldns_rr_list_free(good_keys); + return status; +} +%} + +%rename(__ldns_verify_rrsig_keylist_notime) ldns_verify_rrsig_keylist_notime; +%inline %{ +PyObject* ldns_verify_rrsig_keylist_notime_(ldns_rr_list *rrset, + ldns_rr *rrsig, + const ldns_rr_list *keys) { + PyObject* tuple; + PyObject* keylist; + ldns_rr_list *good_keys = ldns_rr_list_new(); + ldns_status status = ldns_verify_rrsig_keylist_notime(rrset, rrsig, keys, good_keys); + + tuple = PyTuple_New(2); + PyTuple_SetItem(tuple, 0, SWIG_From_int(status)); + keylist = PyList_New(0); + if (status == LDNS_STATUS_OK) { + unsigned int i; + for (i = 0; i < ldns_rr_list_rr_count(keys); i++) + if (ldns_rr_list_contains_rr(good_keys, ldns_rr_list_rr(keys, i))) + PyList_Append(keylist, SWIG_From_int(i)); + } + PyTuple_SetItem(tuple, 1, keylist); + ldns_rr_list_free(good_keys); + return tuple; + } +%} + +/* -- end of rrsig checking wrappers */ +

@@ -764,20 +764,6 @@ return 0; } -/* returns true if the current dnssec_rrset from the given list of rrsets - * is glue */ -static int -is_glue(ldns_dnssec_rrsets *cur_rrsets, ldns_dnssec_rrsets *orig_rrsets) -{ - /* only glue if a or aaaa if there are no ns, unless there is soa */ - return (cur_rrsets->type == LDNS_RR_TYPE_A || - cur_rrsets->type == LDNS_RR_TYPE_AAAA) && - (ldns_dnssec_rrsets_contains_type(orig_rrsets, - LDNS_RR_TYPE_NS) && - !ldns_dnssec_rrsets_contains_type(orig_rrsets, - LDNS_RR_TYPE_SOA)); -} - ldns_rr * ldns_dnssec_create_nsec(ldns_dnssec_name *from, ldns_dnssec_name *to, @@ -787,6 +773,7 @@ ldns_rr_type types[65536]; size_t type_count = 0; ldns_dnssec_rrsets *cur_rrsets; + int on_delegation_point; if (!from || !to || (nsec_type != LDNS_RR_TYPE_NSEC && nsec_type != LDNS_RR_TYPE_NSEC3)) { @@ -798,14 +785,22 @@ ldns_rr_set_owner(nsec_rr, ldns_rdf_clone(ldns_dnssec_name_name(from))); ldns_rr_push_rdf(nsec_rr, ldns_rdf_clone(ldns_dnssec_name_name(to))); + on_delegation_point = ldns_dnssec_rrsets_contains_type( + from->rrsets, LDNS_RR_TYPE_NS) + && !ldns_dnssec_rrsets_contains_type( + from->rrsets, LDNS_RR_TYPE_SOA); + cur_rrsets = from->rrsets; while (cur_rrsets) { - if (is_glue(cur_rrsets, from->rrsets)) { - cur_rrsets = cur_rrsets->next; - continue; - } - if (cur_rrsets->type != LDNS_RR_TYPE_RRSIG && - cur_rrsets->type != LDNS_RR_TYPE_NSEC) { + /* Do not include non-authoritative rrsets on the delegation point + * in the type bitmap */ + if ((on_delegation_point && ( + cur_rrsets->type == LDNS_RR_TYPE_NS + || cur_rrsets->type == LDNS_RR_TYPE_DS)) + || (!on_delegation_point && + cur_rrsets->type != LDNS_RR_TYPE_RRSIG + && cur_rrsets->type != LDNS_RR_TYPE_NSEC)) { + types[type_count] = cur_rrsets->type; type_count++; } @@ -839,6 +834,7 @@ size_t type_count = 0; ldns_dnssec_rrsets *cur_rrsets; ldns_status status; + int on_delegation_point; flags = flags; @@ -865,13 +861,24 @@ salt_length, salt); + on_delegation_point = ldns_dnssec_rrsets_contains_type( + from->rrsets, LDNS_RR_TYPE_NS) + && !ldns_dnssec_rrsets_contains_type( + from->rrsets, LDNS_RR_TYPE_SOA); cur_rrsets = from->rrsets; while (cur_rrsets) { - if (is_glue(cur_rrsets, from->rrsets)) { - cur_rrsets = cur_rrsets->next; - continue; - } - if (cur_rrsets->type != LDNS_RR_TYPE_RRSIG) { + /* Do not include non-authoritative rrsets on the delegation point + * in the type bitmap. Potentionally not skipping insecure + * delegation should have been done earlier, in function + * ldns_dnssec_zone_create_nsec3s, or even earlier in: + * ldns_dnssec_zone_sign_nsec3_flg . + */ + if ((on_delegation_point && ( + cur_rrsets->type == LDNS_RR_TYPE_NS + || cur_rrsets->type == LDNS_RR_TYPE_DS)) + || (!on_delegation_point && + cur_rrsets->type != LDNS_RR_TYPE_RRSIG)) { + types[type_count] = cur_rrsets->type; type_count++; } @@ -1199,8 +1206,10 @@ uint8_t ldns_nsec3_algorithm(const ldns_rr *nsec3_rr) { - if (nsec3_rr && ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 && - ldns_rdf_size(ldns_rr_rdf(nsec3_rr, 0)) > 0 + if (nsec3_rr && + (ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 || + ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3PARAM) + && ldns_rdf_size(ldns_rr_rdf(nsec3_rr, 0)) > 0 ) { return ldns_rdf2native_int8(ldns_rr_rdf(nsec3_rr, 0)); } @@ -1210,8 +1219,10 @@ uint8_t ldns_nsec3_flags(const ldns_rr *nsec3_rr) { - if (nsec3_rr && ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 && - ldns_rdf_size(ldns_rr_rdf(nsec3_rr, 1)) > 0 + if (nsec3_rr && + (ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 || + ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3PARAM) + && ldns_rdf_size(ldns_rr_rdf(nsec3_rr, 1)) > 0 ) { return ldns_rdf2native_int8(ldns_rr_rdf(nsec3_rr, 1)); } @@ -1227,8 +1238,10 @@ uint16_t ldns_nsec3_iterations(const ldns_rr *nsec3_rr) { - if (nsec3_rr && ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 && - ldns_rdf_size(ldns_rr_rdf(nsec3_rr, 2)) > 0 + if (nsec3_rr && + (ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 || + ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3PARAM) + && ldns_rdf_size(ldns_rr_rdf(nsec3_rr, 2)) > 0 ) { return ldns_rdf2native_int16(ldns_rr_rdf(nsec3_rr, 2)); } @@ -1239,7 +1252,10 @@ ldns_rdf * ldns_nsec3_salt(const ldns_rr *nsec3_rr) { - if (nsec3_rr && ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3) { + if (nsec3_rr && + (ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 || + ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3PARAM) + ) { return ldns_rr_rdf(nsec3_rr, 3); } return NULL;

@@ -522,59 +522,148 @@ } #endif /* HAVE_SSL */ -static int -ldns_dnssec_name_has_only_a(ldns_dnssec_name *cur_name) +/** + * Pushes all rrs from the rrsets of type A and AAAA on gluelist. + */ +static ldns_status +ldns_dnssec_addresses_on_glue_list( + ldns_dnssec_rrsets *cur_rrset, + ldns_rr_list *glue_list) { - ldns_dnssec_rrsets *cur_rrset; - cur_rrset = cur_name->rrsets; + ldns_dnssec_rrs *cur_rrs; while (cur_rrset) { - if (cur_rrset->type != LDNS_RR_TYPE_A && - cur_rrset->type != LDNS_RR_TYPE_AAAA) { - return 0; - } else { - cur_rrset = cur_rrset->next; + if (cur_rrset->type == LDNS_RR_TYPE_A + || cur_rrset->type == LDNS_RR_TYPE_AAAA) { + for (cur_rrs = cur_rrset->rrs; + cur_rrs; + cur_rrs = cur_rrs->next) { + if (cur_rrs->rr) { + if (!ldns_rr_list_push_rr(glue_list, + cur_rrs->rr)) { + return LDNS_STATUS_MEM_ERR; + /* ldns_rr_list_push_rr() + * returns false when unable + * to increase the capacity + * of the ldsn_rr_list + */ + } + } + } } + cur_rrset = cur_rrset->next; } - return 1; + return LDNS_STATUS_OK; } +/** + * Marks the names in the zone that are occluded. Those names will be skipped + * when walking the tree with the ldns_dnssec_name_node_next_nonglue() + * function. But watch out! Names that are partially occluded (like glue with + * the same name as the delegation) will not be marked and should specifically + * be taken into account seperately. + * + * When glue_list is given (not NULL), in the process of marking the names, all + * glue resource records will be pushed to that list, even glue at delegation names. + * + * \param[in] zone the zone in which to mark the names + * \param[in] glue_list the list to which to push the glue rrs + * \return LDNS_STATUS_OK on success, an error code otherwise + */ ldns_status -ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone) +ldns_dnssec_zone_mark_and_get_glue(ldns_dnssec_zone *zone, + ldns_rr_list *glue_list) { - ldns_rbnode_t *cur_node; - ldns_dnssec_name *cur_name; - ldns_rdf *cur_owner, *cur_parent; + ldns_rbnode_t *node; + ldns_dnssec_name *name; + ldns_rdf *owner; + ldns_rdf *cut = NULL; /* keeps track of zone cuts */ + /* When the cut is caused by a delegation, below_delegation will be 1. + * When caused by a DNAME, below_delegation will be 0. + */ + int below_delegation = -1; /* init suppresses comiler warning */ + ldns_status s; - cur_node = ldns_rbtree_first(zone->names); - while (cur_node != LDNS_RBTREE_NULL) { - cur_name = (ldns_dnssec_name *) cur_node->data; - cur_node = ldns_rbtree_next(cur_node); - if (ldns_dnssec_name_has_only_a(cur_name)) { - /* assume glue XXX check for zone cur */ - cur_owner = ldns_rdf_clone(ldns_rr_owner( - cur_name->rrsets->rrs->rr)); - while (ldns_dname_label_count(cur_owner) > - ldns_dname_label_count(zone->soa->name)) { - if (ldns_dnssec_zone_find_rrset(zone, - cur_owner, - LDNS_RR_TYPE_NS)) { - /* - fprintf(stderr, "[XX] Marking as glue: "); - ldns_rdf_print(stderr, cur_name->name); - fprintf(stderr, "\n"); - */ - cur_name->is_glue = true; + if (!zone || !zone->names) { + return LDNS_STATUS_NULL; + } + for (node = ldns_rbtree_first(zone->names); + node != LDNS_RBTREE_NULL; + node = ldns_rbtree_next(node)) { + name = (ldns_dnssec_name *) node->data; + owner = ldns_dnssec_name_name(name); + + if (cut) { + /* The previous node was a zone cut, or a subdomain + * below a zone cut. Is this node (still) a subdomain + * below the cut? Then the name is occluded. Unless + * the name contains a SOA, after which we are + * authoritative again. + * + * FIXME! If there are labels in between the SOA and + * the cut, going from the authoritative space (below + * the SOA) up into occluded space again, will not be + * detected with the contruct below! + */ + if (ldns_dname_is_subdomain(owner, cut) && + !ldns_dnssec_rrsets_contains_type( + name->rrsets, LDNS_RR_TYPE_SOA)) { + + if (below_delegation && glue_list) { + s = ldns_dnssec_addresses_on_glue_list( + name->rrsets, glue_list); + if (s != LDNS_STATUS_OK) { + return s; + } } - cur_parent = ldns_dname_left_chop(cur_owner); - ldns_rdf_deep_free(cur_owner); - cur_owner = cur_parent; + name->is_glue = true; /* Mark occluded name! */ + continue; + } else { + cut = NULL; } - ldns_rdf_deep_free(cur_owner); + } + + /* The node is not below a zone cut. Is it a zone cut itself? + * Everything below a SOA is authoritative of course; Except + * when the name also contains a DNAME :). + */ + if (ldns_dnssec_rrsets_contains_type( + name->rrsets, LDNS_RR_TYPE_NS) + && !ldns_dnssec_rrsets_contains_type( + name->rrsets, LDNS_RR_TYPE_SOA)) { + cut = owner; + below_delegation = 1; + if (glue_list) { /* record glue on the zone cut */ + s = ldns_dnssec_addresses_on_glue_list( + name->rrsets, glue_list); + if (s != LDNS_STATUS_OK) { + return s; + } + } + } else if (ldns_dnssec_rrsets_contains_type( + name->rrsets, LDNS_RR_TYPE_DNAME)) { + cut = owner; + below_delegation = 0; } } return LDNS_STATUS_OK; } +/** + * Marks the names in the zone that are occluded. Those names will be skipped + * when walking the tree with the ldns_dnssec_name_node_next_nonglue() + * function. But watch out! Names that are partially occluded (like glue with + * the same name as the delegation) will not be marked and should specifically + * be taken into account seperately. + * + * \param[in] zone the zone in which to mark the names + * \return LDNS_STATUS_OK on success, an error code otherwise + */ +ldns_status +ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone) +{ + return ldns_dnssec_zone_mark_and_get_glue(zone, NULL); +} + ldns_rbnode_t * ldns_dnssec_name_node_next_nonglue(ldns_rbnode_t *node) { @@ -915,6 +1004,8 @@ size_t i; + int on_delegation_point = 0; /* handle partially occluded names */ + ldns_rr_list *pubkey_list = ldns_rr_list_new(); zone = zone; new_rrs = new_rrs; @@ -930,6 +1021,10 @@ cur_name = (ldns_dnssec_name *) cur_node->data; if (!cur_name->is_glue) { + on_delegation_point = ldns_dnssec_rrsets_contains_type( + cur_name->rrsets, LDNS_RR_TYPE_NS) + && !ldns_dnssec_rrsets_contains_type( + cur_name->rrsets, LDNS_RR_TYPE_SOA); cur_rrset = cur_name->rrsets; while (cur_rrset) { /* reset keys to use */ @@ -959,20 +1054,15 @@ } /* only sign non-delegation RRsets */ - /* (glue should have been marked earlier) */ - if ((ldns_rr_list_type(rr_list) != LDNS_RR_TYPE_NS || - ldns_dname_compare(ldns_rr_list_owner(rr_list), - zone->soa->name) == 0) && - /* OK, there is also the possibility that the record - * is glue, but at the same owner name as other records that - * are not NS nor A/AAAA. Bleh, our current data structure - * doesn't really support that... */ - !((ldns_rr_list_type(rr_list) == LDNS_RR_TYPE_A || - ldns_rr_list_type(rr_list) == LDNS_RR_TYPE_AAAA) && - !ldns_dname_compare(ldns_rr_list_owner(rr_list), zone->soa->name) == 0 && - ldns_dnssec_zone_find_rrset(zone, ldns_rr_list_owner(rr_list), LDNS_RR_TYPE_NS) - )) { - + /* (glue should have been marked earlier, + * except on the delegation points itself) */ + if (!on_delegation_point || + ldns_rr_list_type(rr_list) + == LDNS_RR_TYPE_DS || + ldns_rr_list_type(rr_list) + == LDNS_RR_TYPE_NSEC || + ldns_rr_list_type(rr_list) + == LDNS_RR_TYPE_NSEC3) { siglist = ldns_sign_public(rr_list, key_list); for (i = 0; i < ldns_rr_list_rr_count(siglist); i++) { if (cur_rrset->signatures) { @@ -1109,7 +1199,7 @@ uint8_t *salt, int signflags) { - ldns_rr *nsec3, *nsec3params; + ldns_rr *nsec3, *nsec3param; ldns_status result = LDNS_STATUS_OK; /* zone is already sorted */ @@ -1134,13 +1224,13 @@ } else { if (!ldns_dnssec_zone_find_rrset(zone, zone->soa->name, - LDNS_RR_TYPE_NSEC3PARAMS)) { - /* create and add the nsec3params rr */ - nsec3params = - ldns_rr_new_frm_type(LDNS_RR_TYPE_NSEC3PARAMS); - ldns_rr_set_owner(nsec3params, + LDNS_RR_TYPE_NSEC3PARAM)) { + /* create and add the nsec3param rr */ + nsec3param = + ldns_rr_new_frm_type(LDNS_RR_TYPE_NSEC3PARAM); + ldns_rr_set_owner(nsec3param, ldns_rdf_clone(zone->soa->name)); - ldns_nsec3_add_param_rdfs(nsec3params, + ldns_nsec3_add_param_rdfs(nsec3param, algorithm, flags, iterations, @@ -1148,12 +1238,12 @@ salt); /* always set bit 7 of the flags to zero, according to * rfc5155 section 11 */ - ldns_set_bit(ldns_rdf_data(ldns_rr_rdf(nsec3params, 1)), 7, 0); - result = ldns_dnssec_zone_add_rr(zone, nsec3params); + ldns_set_bit(ldns_rdf_data(ldns_rr_rdf(nsec3param, 1)), 7, 0); + result = ldns_dnssec_zone_add_rr(zone, nsec3param); if (result != LDNS_STATUS_OK) { return result; } - ldns_rr_list_push_rr(new_rrs, nsec3params); + ldns_rr_list_push_rr(new_rrs, nsec3param); } result = ldns_dnssec_zone_create_nsec3s(zone, new_rrs, @@ -1267,3 +1357,4 @@ } #endif /* HAVE_SSL */ +

@@ -18,8 +18,11 @@ ldns_dnssec_data_chain * ldns_dnssec_data_chain_new() { - ldns_dnssec_data_chain *nc = LDNS_XMALLOC(ldns_dnssec_data_chain, 1); + ldns_dnssec_data_chain *nc = LDNS_CALLOC(ldns_dnssec_data_chain, 1); if(!nc) return NULL; + /* + * not needed anymore because CALLOC initalizes everything to zero. + nc->rrset = NULL; nc->parent_type = 0; nc->parent = NULL; @@ -27,6 +30,8 @@ nc->packet_rcode = 0; nc->packet_qtype = 0; nc->packet_nodata = false; + + */ return nc; } @@ -1398,12 +1403,13 @@ #ifdef HAVE_SSL ldns_status -ldns_dnssec_verify_denial_nsec3(ldns_rr *rr, +ldns_dnssec_verify_denial_nsec3_match(ldns_rr *rr, ldns_rr_list *nsecs, ldns_rr_list *rrsigs, ldns_pkt_rcode packet_rcode, ldns_rr_type packet_qtype, - bool packet_nodata) + bool packet_nodata, + ldns_rr **match) { ldns_rdf *closest_encloser; ldns_rdf *wildcard; @@ -1416,6 +1422,10 @@ rrsigs = rrsigs; + if (match) { + *match = NULL; + } + zone_name = ldns_dname_left_chop(ldns_rr_owner(ldns_rr_list_rr(nsecs,0))); /* section 8.4 */ @@ -1442,6 +1452,9 @@ if (ldns_nsec_covers_name(ldns_rr_list_rr(nsecs, i), hashed_wildcard_name)) { wildcard_covered = true; + if (match) { + *match = ldns_rr_list_rr(nsecs, i); + } } ldns_rdf_deep_free(hashed_wildcard_name); } @@ -1474,6 +1487,9 @@ ldns_nsec3_bitmap(ldns_rr_list_rr(nsecs, i)), LDNS_RR_TYPE_CNAME)) { result = LDNS_STATUS_OK; + if (match) { + *match = ldns_rr_list_rr(nsecs, i); + } goto done; } } @@ -1500,6 +1516,9 @@ ldns_nsec3_bitmap(ldns_rr_list_rr(nsecs, i)), LDNS_RR_TYPE_CNAME)) { result = LDNS_STATUS_OK; + if (match) { + *match = ldns_rr_list_rr(nsecs, i); + } goto done; } } @@ -1513,6 +1532,22 @@ ldns_rdf_deep_free(zone_name); return result; } + +ldns_status +ldns_dnssec_verify_denial_nsec3(ldns_rr *rr, + ldns_rr_list *nsecs, + ldns_rr_list *rrsigs, + ldns_pkt_rcode packet_rcode, + ldns_rr_type packet_qtype, + bool packet_nodata) +{ + return ldns_dnssec_verify_denial_nsec3_match( + rr, nsecs, rrsigs, packet_rcode, + packet_qtype, packet_nodata, NULL + ); +} + + #endif /* HAVE_SSL */ #ifdef USE_GOST

@@ -297,10 +297,12 @@ { ldns_dnssec_name *new_name; - new_name = LDNS_MALLOC(ldns_dnssec_name); + new_name = LDNS_CALLOC(ldns_dnssec_name, 1); if (!new_name) { return NULL; } + /* + * not needed anymore because CALLOC initalizes everything to zero. new_name->name = NULL; new_name->rrsets = NULL; @@ -311,6 +313,7 @@ new_name->is_glue = false; new_name->hashed_name = NULL; + */ return new_name; } @@ -375,6 +378,15 @@ return NULL; } +bool +ldns_dnssec_name_is_glue(ldns_dnssec_name *name) +{ + if (name) { + return name->is_glue; + } + return false; +} + void ldns_dnssec_name_set_name(ldns_dnssec_name *rrset, ldns_rdf *dname) @@ -789,11 +801,11 @@ for (i = 1; i < next_label_count - soa_label_count; i++) { lpos = (int)cur_label_count - (int)next_label_count + (int)i; if (lpos >= 0) { - l1 = ldns_dname_label(cur_name, (uint8_t)lpos); + l1 = ldns_dname_clone_from(cur_name, (uint8_t)lpos); } else { l1 = NULL; } - l2 = ldns_dname_label(next_name, i); + l2 = ldns_dname_clone_from(next_name, i); if (!l1 || ldns_dname_compare(l1, l2) != 0) { /* We have an empty nonterminal, add it to the @@ -805,7 +817,7 @@ } new_name->name = ldns_dname_clone_from(next_name, i); - if (!new_name) { + if (!new_name->name) { ldns_dnssec_name_free(new_name); return LDNS_STATUS_MEM_ERR; }

@@ -10,6 +10,9 @@ * ./configure --with-tools --with-drill (Bug #264) * Drill: print appropriate DS RRs (relates to Bug #355) * ldns-signzone optout to be really optout +* Compression when generating wireformat. Preferably with a configurable + policy: refer only backwards, case sensitivity, only refer to other owner + names, etc. Bugfixes: * Bug #279: fix return values for net.h functions, and related: make return

@@ -37,6 +37,8 @@ # FreeBSD8 LINTFLAGS+="-D__uint16_t=uint16_t" LINTFLAGS+=-D__signed__=signed "-D__packed=" "-D__aligned(x)=" +# Ubuntu Linux 11.04 +LINTFLAGS+="-D__u16=struct __u16" "-D__u32=struct __u32" "-D__u64=struct __u64" OBJ=drill.o drill_util.o error.o root.o work.o chasetrace.o dnssec.o securetrace.o SRC=$(OBJ:.o=.c)

@@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for ldns 1.6.9. +# Generated by GNU Autoconf 2.68 for ldns 1.6.10. # # Report bugs to <libdns@nlnetlabs.nl>. # @@ -560,8 +560,8 @@ # Identity of this package. PACKAGE_NAME='ldns' PACKAGE_TARNAME='libdns' -PACKAGE_VERSION='1.6.9' -PACKAGE_STRING='ldns 1.6.9' +PACKAGE_VERSION='1.6.10' +PACKAGE_STRING='ldns 1.6.10' PACKAGE_BUGREPORT='libdns@nlnetlabs.nl' PACKAGE_URL='' @@ -1221,7 +1221,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures ldns 1.6.9 to adapt to many kinds of systems. +\`configure' configures ldns 1.6.10 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1282,7 +1282,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of ldns 1.6.9:";; + short | recursive ) echo "Configuration of ldns 1.6.10:";; esac cat <<\_ACEOF @@ -1378,7 +1378,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -ldns configure 1.6.9 +ldns configure 1.6.10 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -1801,7 +1801,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by ldns $as_me 1.6.9, which was +It was created by ldns $as_me 1.6.10, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -5894,7 +5894,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by ldns $as_me 1.6.9, which was +This file was extended by ldns $as_me 1.6.10, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -5956,7 +5956,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -ldns config.status 1.6.9 +ldns config.status 1.6.10 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\"

@@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.56) -AC_INIT(ldns, 1.6.9, libdns@nlnetlabs.nl,libdns) +AC_INIT(ldns, 1.6.10, libdns@nlnetlabs.nl,libdns) AC_CONFIG_SRCDIR([drill.c]) sinclude(../acx_nlnetlabs.m4)

@@ -215,6 +215,7 @@ } else if( (nsecs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_NSEC3, LDNS_SECTION_ANY_NOQUESTION)) ) { ldns_rr_list* sigs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_RRSIG, LDNS_SECTION_ANY_NOQUESTION); ldns_rr* q = ldns_rr_new(); + ldns_rr* match = NULL; if(!sigs) return LDNS_STATUS_MEM_ERR; if(!q) return LDNS_STATUS_MEM_ERR; ldns_rr_set_question(q, 1); @@ -223,7 +224,11 @@ if(!ldns_rr_owner(q)) return LDNS_STATUS_MEM_ERR; ldns_rr_set_type(q, type); - result = ldns_dnssec_verify_denial_nsec3(q, nsecs, sigs, ldns_pkt_get_rcode(pkt), type, ldns_pkt_ancount(pkt) == 0); + /* result = ldns_dnssec_verify_denial_nsec3(q, nsecs, sigs, ldns_pkt_get_rcode(pkt), type, ldns_pkt_ancount(pkt) == 0); */ + result = ldns_dnssec_verify_denial_nsec3_match(q, nsecs, sigs, ldns_pkt_get_rcode(pkt), type, ldns_pkt_ancount(pkt) == 0, &match); + if (result == LDNS_STATUS_OK && match && nsec_rrs && nsec_rr_sigs) { + (void) get_dnssec_rr(pkt, ldns_rr_owner(match), LDNS_RR_TYPE_NSEC3, nsec_rrs, nsec_rr_sigs); + } ldns_rr_free(q); ldns_rr_list_deep_free(nsecs); ldns_rr_list_deep_free(sigs);

@@ -263,11 +263,6 @@ for(i = 2 ; i < (ssize_t)labels_count + 2; i++) { labels[i] = ldns_dname_left_chop(labels[i - 1]); } - /* if no servers is given with @, start by asking local resolver */ - /* first part todo :) */ - for (i = 0; i < (ssize_t) ldns_resolver_nameserver_count(local_res); i++) { - (void) ldns_resolver_push_nameserver(res, ldns_resolver_nameservers(local_res)[i]); - } /* get the nameserver for the label * ask: dnskey and ds for the label

@@ -42,6 +42,8 @@ # FreeBSD8 LINTFLAGS+="-D__uint16_t=uint16_t" LINTFLAGS+=-D__signed__=signed "-D__packed=" "-D__aligned(x)=" +# Ubuntu 11.04 +LINTFLAGS+="-D__u16=struct __u16" "-D__u32=struct __u32" "-D__u64=struct __u64" HEADER = config.h MAIN_SOURCES = ldns-read-zone.c \ @@ -62,6 +64,7 @@ ldns-notify.c \ ldns-testns.c \ ldns-compare-zones.c \ + ldns-gen-zone.c \ ldnsd.c MAIN_SSL_SOURCES = ldns-signzone.c \

@@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for ldns 1.6.9. +# Generated by GNU Autoconf 2.68 for ldns 1.6.10. # # Report bugs to <libdns@nlnetlabs.nl>. # @@ -560,8 +560,8 @@ # Identity of this package. PACKAGE_NAME='ldns' PACKAGE_TARNAME='libdns' -PACKAGE_VERSION='1.6.9' -PACKAGE_STRING='ldns 1.6.9' +PACKAGE_VERSION='1.6.10' +PACKAGE_STRING='ldns 1.6.10' PACKAGE_BUGREPORT='libdns@nlnetlabs.nl' PACKAGE_URL='' @@ -1227,7 +1227,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures ldns 1.6.9 to adapt to many kinds of systems. +\`configure' configures ldns 1.6.10 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1288,7 +1288,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of ldns 1.6.9:";; + short | recursive ) echo "Configuration of ldns 1.6.10:";; esac cat <<\_ACEOF @@ -1387,7 +1387,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -ldns configure 1.6.9 +ldns configure 1.6.10 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -1856,7 +1856,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by ldns $as_me 1.6.9, which was +It was created by ldns $as_me 1.6.10, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -6382,7 +6382,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by ldns $as_me 1.6.9, which was +This file was extended by ldns $as_me 1.6.10, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -6444,7 +6444,7 @@ cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -ldns config.status 1.6.9 +ldns config.status 1.6.10 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\"

@@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.56) -AC_INIT(ldns, 1.6.9, libdns@nlnetlabs.nl,libdns) +AC_INIT(ldns, 1.6.10, libdns@nlnetlabs.nl,libdns) AC_CONFIG_SRCDIR([ldns-read-zone.c]) sinclude(../acx_nlnetlabs.m4)

@@ -0,0 +1,98 @@ +.TH ldns-gen-zone 1 "10 June 2010" +.SH NAME +ldns-gen-zone \- read a zonefile and print it while adding DS records and extra RR's +.SH SYNOPSIS +.B ldns-gen-zone +.IR ZONEFILE + +.SH DESCRIPTION + +\fBldns-gen-zone\fR reads a DNS zone file and prints it. + +It is build for speed, not for a nice formatting. The output +has one resource record per line and no pretty-printing makeup. + +DNSSEC data (NSEC, NSEC3, RRSIG or DNSKEY) is not stripped. You may want to +use \fBldns-read-zone\fR for that. Existing DS records are also not stripped. + +The idea is to use this tool for quickly generating a representative +artificial zonefile from a real zonefile, to use it for testing purposes. + +.SH OPTIONS +.TP +\fB-a NUM\fR +Adds NUM extra artificial NS RRSets to the output. +The RRSets owner names start +with 'xn--' in an attempt to ensure uniqueness (nl.-zone does not support +IDN's - and this tool was written with that knowledge in mind). + +An artificial NS RRSet has two NS records; ns1.example.com and +ns2.example.com. + +.TP +\fB-p NUM\fR +Add NUM% of DS RRSets to the NS RRSets (anywhere between +1-4 DS records per RRSet). + +.TP +\fB-o ORIGIN\fR +Sets an $ORIGIN, which can be handy if the one in the zonefile +is set to '@' for example. If there is an $ORIGIN in the zonefile, +this option will silently be ignored. + +.TP +\fB-s\fR +This is the recommended way of processing large zones that +are already sorted and canonicalized (ie lowercase). It skips the +sorting and canonicalization step that is required for properly +grouping RRSets together (before adding any DS records to them. Skipping +this step will speed things up. + +It is not recommended to use this option if you want to add DS records +to unsorted, non-canonicalized zones. + +.TP +\fB-h\fR +Show usage and exit. + +.TP +\fB-v\fR +Show version and exit. + +.SH EXAMPLES + +.TP +\fBldns-gen-zone -a 100000 -p 10 -s ./zonefile.txt\fR +Read a zonefile, add 100.000 artificial NS RRSets and 10% of DS records, +print it to standard output. Don't sort (will only work well if the input +zonefile is already sorted and canonicalized). + +.TP +\fBldns-gen-zone -p 10 -s -o nl zonefile.txt | named-compilezone -s relative -i none -o zonefile_10.txt nl /dev/stdin\fR +This creates a nicely formatted zone file with the help of \fBnamed-compilezone\fR. +It adds 10% DS records to the .nl zone, reformats it and saves it as \fBzonefile_10.txt\fR. + +.SH AUTHOR +Initially written by Marco Davids, several modifications added by Miek +Gieben, both from SIDN. + +.SH REPORTING BUGS +Report bugs to <ldns-team@nlnetlabs.nl>. + +.SH BUGS +Only undiscovered ones. + +.SH CAVEATS +May require a machine with a considerable amount of memory for large zone files. + +Fake DS records hashes are generated as digest type SHA-256 (RFC4509). Be aware not to change +the DIGESTTYPE #define in the source code in anything else but 2 if you want +to keep things realistic. + +Despite a number of efforts, this program is still not the fastest in the +world. + +.SH COPYRIGHT +Copyright (C) 2010 SIDN. This is free software. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR +PURPOSE.

@@ -0,0 +1,310 @@ +/* + * Reads a zone file from disk and prints it to stdout, one RR per line. + * Adds artificial DS records and RRs. + * For the purpose of generating a test zone file + * + * (c) SIDN 2010/2011 - Marco Davids/Miek Gieben + * + * See the LICENSE file for the license + */ + +#include "config.h" +#include <unistd.h> +#include <stdlib.h> +#include <ldns/ldns.h> +#include <errno.h> + +#define NUM_DS 4 /* maximum of 4 DS records per delegation */ +#define ALGO 8 /* Algorithm to use for fake DS records - RSASHA256 - RFC5702 */ +#define DIGESTTYPE 2 /* Digest type to use for fake DS records - SHA-256 - RFC 4509 */ + + +/** + * Usage function. + * + */ +static void +usage(FILE *fp, char *prog) { + fprintf(fp, "\n\nUsage: %s [-hsv] [-ap NUM] [-o ORIGIN] [<zonefile>]\n", prog); + fprintf(fp, "\tReads a zonefile and add some artificial NS RRsets and DS records.\n"); + fprintf(fp, "\tIf no zonefile is given, the zone is read from stdin.\n"); + fprintf(fp, "\t-a <NUM> add NUM artifical delegations (NS RRSets) to output.\n"); + fprintf(fp, "\t-p <NUM> add NUM percent of DS RRset's to the NS RRsets (1-%d RR's per DS RRset).\n", NUM_DS); + fprintf(fp, "\t-o ORIGIN sets an $ORIGIN, which can be handy if the one in the zonefile is set to @.\n"); + fprintf(fp, "\t-s if input zone file is already sorted and canonicalized (ie all lowercase),\n\t use this option to speed things up while inserting DS records.\n"); + fprintf(fp, "\t-h show this text.\n"); + fprintf(fp, "\t-v shows the version and exits.\n"); + fprintf(fp, "\nif no file is given standard input is read.\n\n"); +} + +/** + * Insert the DS records, return the amount added. + * + */ +static int +insert_ds(ldns_rdf *dsowner, uint32_t ttl) +{ + int d, dsrand; + int keytag = 0; + char *dsownerstr; + char digeststr[70]; + + /** + * Average the amount of DS records per delegation a little. + */ + dsrand = 1+rand() % NUM_DS; + for(d = 0; d < dsrand; d++) { + keytag = 1+rand() % 65535; + /** + * Dynamic hashes method below is still too slow... 20% slower than a fixed string... + * + * We assume RAND_MAX is 32 bit, http://www.gnu.org/s/libc/manual/html_node/ISO-Random.html + * 2147483647 or 0x7FFFFFFF + */ + snprintf(digeststr, 65, + "%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x", + (unsigned) rand()%RAND_MAX, (unsigned) rand()%RAND_MAX, (unsigned) rand()%RAND_MAX, + (unsigned) rand()%RAND_MAX, (unsigned) rand()%RAND_MAX, (unsigned) rand()%RAND_MAX, + (unsigned) rand()%RAND_MAX, (unsigned) rand()%RAND_MAX, (unsigned) rand()%RAND_MAX, + (unsigned) rand()%RAND_MAX, (unsigned) rand()%RAND_MAX, (unsigned) rand()%RAND_MAX, + (unsigned) rand()%RAND_MAX, (unsigned) rand()%RAND_MAX, (unsigned) rand()%RAND_MAX, + (unsigned) rand()%RAND_MAX); + dsownerstr = ldns_rdf2str(dsowner); + fprintf(stdout, "%s\t%u\tIN\tDS\t%d %d %d %s\n", dsownerstr, (unsigned) ttl, keytag, ALGO, DIGESTTYPE, digeststr); + } + return dsrand; +} + +int +main(int argc, char **argv) { + char *filename, *rrstr, *ownerstr; + char *classtypestr1 = "IN NS ns1.example.com."; + char *classtypestr2 = "IN NS ns2.example.com."; + const size_t classtypelen = strlen(classtypestr1); + /* Simply because this was developed by SIDN and we don't use xn-- for .nl :-) */ + const char *punystr = "xn--fake-rr"; + const size_t punylen = strlen(punystr); + size_t rrstrlen, ownerlen; + FILE *fp; + int c, nsrand; + uint32_t ttl; + int counta,countd,countr; + ldns_zone *z; + ldns_rdf *origin = NULL; + int line_nr = 0; + int addrrs = 0; + int dsperc = 0; + bool canonicalize = true; + bool sort = true; + bool do_ds = false; + ldns_status s; + size_t i; + ldns_rr_list *rrset_list; + ldns_rdf *owner; + ldns_rr_type cur_rr_type; + ldns_rr *cur_rr; + ldns_status status; + + counta = countd = countr = 0; + + /** + * Set some random seed. + */ + srand((unsigned int)time(NULL)); + + /** + * Commandline options. + */ + while ((c = getopt(argc, argv, "a:p:shvo:")) != -1) { + switch (c) { + case 'a': + addrrs = atoi(optarg); + if (addrrs <= 0) { + fprintf(stderr, "error\n"); + exit(EXIT_FAILURE); + } + break; + case 'o': + origin = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, optarg); + if (!origin) { + fprintf(stderr, "error: creating origin from -o %s failed.\n", optarg); + exit(EXIT_FAILURE); + } + break; + case 'p': + dsperc = atoi(optarg); + if (dsperc <= 0 || dsperc > 100) { + fprintf(stderr, "error: percentage of signed delegations must be between [0-100].\n"); + exit(EXIT_FAILURE); + } + do_ds = true; + break; + case 's': + sort = false; + canonicalize = false; + break; + case 'h': + usage(stdout, argv[0]); + exit(EXIT_SUCCESS); + case 'v': + fprintf(stdout, "ldns-gen-zone version %s (ldns version %s)\n", LDNS_VERSION, ldns_version()); + exit(EXIT_SUCCESS); + default: + fprintf(stderr, "\nTry -h for more information.\n\n"); + exit(EXIT_FAILURE); + } + } + argc -= optind; + argv += optind; + + /** + * Read zone. + */ + if (argc == 0) { + fp = stdin; + } else { + filename = argv[0]; + fp = fopen(filename, "r"); + if (!fp) { + fprintf(stderr, "Unable to open %s: %s\n", filename, strerror (errno)); + exit(EXIT_FAILURE); + } + } + s = ldns_zone_new_frm_fp_l(&z, fp, origin, 0, LDNS_RR_CLASS_IN, &line_nr); + if (s != LDNS_STATUS_OK) { + fprintf(stderr, "%s at %d\n", ldns_get_errorstr_by_id(s), line_nr); + exit(EXIT_FAILURE); + } + if (!ldns_zone_soa(z)) { + fprintf(stderr, "No zone data seen\n"); + exit(EXIT_FAILURE); + } + + ttl = ldns_rr_ttl(ldns_zone_soa(z)); + if (!origin) { + origin = ldns_rr_owner(ldns_zone_soa(z)); + // Check for root (.) origin here TODO(MG) + } + ownerstr = ldns_rdf2str(origin); + if (!ownerstr) { + fprintf(stderr, "ldns_rdf2str(origin) failed\n"); + exit(EXIT_FAILURE); + } + ownerlen = strlen(ownerstr); + + ldns_rr_print(stdout, ldns_zone_soa(z)); + + if (addrrs > 0) { + while (addrrs > counta) { + counta++; + rrstrlen = punylen + ownerlen + classtypelen + 4; + rrstrlen *= 2; /* estimate */ + rrstr = (char*)malloc(rrstrlen); + if (!rrstr) { + fprintf(stderr, "malloc() failed: Out of memory\n"); + exit(EXIT_FAILURE); + } + (void)snprintf(rrstr, rrstrlen, "%s%d.%s %u %s", punystr, counta, + ownerstr, (unsigned) ttl, classtypestr1); + status = ldns_rr_new_frm_str(&cur_rr, rrstr, 0, NULL, NULL); + if (status == LDNS_STATUS_OK) { + ldns_rr_print(stdout, cur_rr); + ldns_rr_free(cur_rr); + } else { + fprintf(stderr, "ldns_rr_new_frm_str() failed\n"); + exit(EXIT_FAILURE); + } + + (void)snprintf(rrstr, rrstrlen, "%s%d.%s %u %s", punystr, counta, + ownerstr, (unsigned) ttl, classtypestr2); + status = ldns_rr_new_frm_str(&cur_rr, rrstr, 0, NULL, NULL); + if (status == LDNS_STATUS_OK) { + ldns_rr_print(stdout, cur_rr); + } else { + fprintf(stderr, "ldns_rr_new_frm_str() failed\n"); + exit(EXIT_FAILURE); + } + + free(rrstr); + + /* may we add a DS record as well? */ + if (do_ds) { + /* + * Per definition this may not be the same as the origin, so no + * check required same for NS check - so the only thing left is some + * randomization. + */ + nsrand = rand() % 100; + if (nsrand < dsperc) { + owner = ldns_rr_owner(cur_rr); + ttl = ldns_rr_ttl(cur_rr); + countd += insert_ds(owner, ttl); + } + } + ldns_rr_free(cur_rr); + } + } + + if (!do_ds) { + ldns_rr_list_print(stdout, ldns_zone_rrs(z)); + } else { + /* + * We use dns_rr_list_pop_rrset and that requires a sorted list weird things may happen + * if the -s option was used on unsorted, non-canonicalized input + */ + if (canonicalize) { + ldns_rr2canonical(ldns_zone_soa(z)); + for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(z)); i++) { + ldns_rr2canonical(ldns_rr_list_rr(ldns_zone_rrs(z), i)); + } + } + + if (sort) { + ldns_zone_sort(z); + } + + /* Work on a per RRset basis for DS records - weird things will happen if the -s option + * was used in combination with an unsorted zone file + */ + while((rrset_list = ldns_rr_list_pop_rrset(ldns_zone_rrs(z)))) { + owner = ldns_rr_list_owner(rrset_list); + cur_rr_type = ldns_rr_list_type(rrset_list); + /** + * Print them... + */ + cur_rr = ldns_rr_list_pop_rr(rrset_list); + while (cur_rr) { + ttl = ldns_rr_ttl(cur_rr); + fprintf(stdout, "%s", ldns_rr2str(cur_rr)); + cur_rr = ldns_rr_list_pop_rr(rrset_list); + } + /* + * And all the way at the end a DS record if + * we are dealing with an NS rrset + */ + nsrand = rand() % 100; + if (nsrand == 0) { + nsrand = 100; + } + + if ((cur_rr_type == LDNS_RR_TYPE_NS) && + (ldns_rdf_compare(owner, origin) != 0) && (nsrand < dsperc)) { + /** + * No DS records for the $ORIGIN, only for delegations, obey dsperc. + */ + countr++; + countd += insert_ds(owner, ttl); + } + ldns_rr_list_free(rrset_list); + ldns_rdf_free(owner); + } + } + + /** + * And done... + */ + fclose(fp); + fprintf(stdout, ";; Added %d DS records (percentage was %d) to %d NS RRset's (from input-zone: %d, from added: %d)\n;; lines in original input-zone: %d\n", + countd, dsperc, counta + countr, countr, counta, line_nr); + exit(EXIT_SUCCESS); +}

@@ -102,7 +102,7 @@ if (cur_rr_type == LDNS_RR_TYPE_RRSIG || cur_rr_type == LDNS_RR_TYPE_NSEC || cur_rr_type == LDNS_RR_TYPE_NSEC3 || - cur_rr_type == LDNS_RR_TYPE_NSEC3PARAMS + cur_rr_type == LDNS_RR_TYPE_NSEC3PARAM ) { ldns_rr_free(cur_rr); } else { @@ -119,7 +119,7 @@ if (cur_rr_type == LDNS_RR_TYPE_RRSIG || cur_rr_type == LDNS_RR_TYPE_NSEC || cur_rr_type == LDNS_RR_TYPE_NSEC3 || - cur_rr_type == LDNS_RR_TYPE_NSEC3PARAMS + cur_rr_type == LDNS_RR_TYPE_NSEC3PARAM ) { ldns_rr_list_push_rr(stripped_list, cur_rr); } else {

@@ -34,10 +34,11 @@ uint8_t i, j; ldns_rr_type t; char * type_name; - time_t incep, expir; + struct tm incep, expir; char incep_buf[26]; char expir_buf[26]; ldns_status s; + time_t now = time(NULL); p = NULL; rrsig = NULL; @@ -178,19 +179,30 @@ } for(i = 0; i < ldns_rr_list_rr_count(rrsig_type); i++) { - incep = ldns_rdf2native_time_t( - ldns_rr_rrsig_inception( - ldns_rr_list_rr(rrsig_type, i))); - expir = ldns_rdf2native_time_t( - ldns_rr_rrsig_expiration( - ldns_rr_list_rr(rrsig_type, i))); - - /* convert to human readable */ - ctime_r(&incep, incep_buf); - ctime_r(&expir, expir_buf); - /* kill the newline */ - incep_buf[24] = '\0'; - expir_buf[24] = '\0'; + memset(&incep, 0, sizeof(incep)); + if (ldns_serial_arithmitics_gmtime_r( + ldns_rdf2native_time_t( + ldns_rr_rrsig_inception( + ldns_rr_list_rr(rrsig_type, i))), + now, &incep + ) + && asctime_r(&incep, incep_buf)) { + incep_buf[24] = '\0'; + } else { + incep_buf[0] = '\0'; + } + memset(&expir, 0, sizeof(expir)); + if (ldns_serial_arithmitics_gmtime_r( + ldns_rdf2native_time_t( + ldns_rr_rrsig_expiration( + ldns_rr_list_rr(rrsig_type, i))), + now, &expir + ) + && asctime_r(&expir, expir_buf)) { + expir_buf[24] = '\0'; + } else { + expir_buf[0] = '\0'; + } fprintf(stdout, "%s RRSIG(%s): %s - %s\n", argv[1], type_name, incep_buf, expir_buf);

@@ -215,7 +215,7 @@ int main(int argc, char **argv) { - int i, r, info=0, ok=0; + int i, r=0, info=0, ok=0; #ifdef USE_WINSOCK WSADATA wsa_data; if(WSAStartup(MAKEWORD(2,2), &wsa_data) != 0) {

@@ -21,21 +21,6 @@ int verbosity = 3; -/* returns 1 if the list is empty, or if there are only ns rrs in the - * list, 0 otherwise */ -static int -only_ns_in_rrsets(ldns_dnssec_rrsets *rrsets) { - ldns_dnssec_rrsets *cur_rrset = rrsets; - - while (cur_rrset) { - if (cur_rrset->type != LDNS_RR_TYPE_NS) { - return 0; - } - cur_rrset = cur_rrset->next; - } - return 1; -} - static int zone_is_nsec3_optout(ldns_rbtree_t *zone_nodes) { @@ -144,8 +129,7 @@ verify_dnssec_rrset(ldns_rdf *zone_name, ldns_rdf *name, ldns_dnssec_rrsets *rrset, - ldns_rr_list *keys, - ldns_rr_list *glue_rrs) + ldns_rr_list *keys) { ldns_rr_list *rrset_rrs; ldns_dnssec_rrs *cur_rr, *cur_sig; @@ -357,29 +341,10 @@ } } -static ldns_rbnode_t * -next_nonglue_node(ldns_rbnode_t *node, ldns_rr_list *glue_rrs) -{ - ldns_rbnode_t *cur_node = ldns_rbtree_next(node); - ldns_dnssec_name *cur_name; - while (cur_node != LDNS_RBTREE_NULL) { - cur_name = (ldns_dnssec_name *) cur_node->data; - if (cur_name && cur_name->name) { - if (!ldns_rr_list_contains_name(glue_rrs, cur_name->name)) { - return cur_node; - } - } - cur_node = ldns_rbtree_next(cur_node); - } - return LDNS_RBTREE_NULL; -} - static ldns_status verify_nsec(ldns_rbtree_t *zone_nodes, ldns_rbnode_t *cur_node, - ldns_rr_list *keys, - ldns_rr_list *glue_rrs -) + ldns_rr_list *keys) { ldns_rbnode_t *next_node; ldns_dnssec_name *name, *next_name; @@ -409,10 +374,11 @@ switch (ldns_rr_get_type(name->nsec)) { case LDNS_RR_TYPE_NSEC: /* simply try next name */ - next_node = next_nonglue_node(cur_node, glue_rrs); + next_node = ldns_rbtree_next(cur_node); if (next_node == LDNS_RBTREE_NULL) { next_node = ldns_rbtree_first(zone_nodes); } + next_node = ldns_dnssec_name_node_next_nonglue(next_node); next_name = (ldns_dnssec_name *)next_node->data; if (ldns_dname_compare(next_name->name, ldns_rr_rdf(name->nsec, 0)) @@ -420,6 +386,13 @@ printf("Error: the NSEC record for "); ldns_rdf_print(stdout, name->name); printf(" points to the wrong next owner name\n"); + if (verbosity >= 4) { + printf(" : "); + ldns_rdf_print(stdout,ldns_rr_rdf(name->nsec, 0)); + printf(" i.s.o. "); + ldns_rdf_print(stdout, next_name->name); + printf(".\n"); + } if (result == LDNS_STATUS_OK) { result = LDNS_STATUS_ERR; } @@ -442,7 +415,14 @@ } else { /* todo; do this once and cache result? */ if (zone_is_nsec3_optout(zone_nodes) && - only_ns_in_rrsets(name->rrsets)) { + ( ldns_dnssec_name_is_glue(name) + || ( + ldns_dnssec_rrsets_contains_type( + name->rrsets, LDNS_RR_TYPE_NS) + && !ldns_dnssec_rrsets_contains_type( + name->rrsets, LDNS_RR_TYPE_DS) + ) + )) { /* ok, no problem, but we need to remember to check * whether the chain does not actually point to this * name later */ @@ -460,34 +440,18 @@ return result; } -static int -ldns_dnssec_name_has_only_a(ldns_dnssec_name *cur_name) -{ - ldns_dnssec_rrsets *cur_rrset; - cur_rrset = cur_name->rrsets; - while (cur_rrset) { - if (cur_rrset->type != LDNS_RR_TYPE_A && - cur_rrset->type != LDNS_RR_TYPE_AAAA) { - return 0; - } else { - cur_rrset = cur_rrset->next; - } - } - return 1; -} - static ldns_status verify_dnssec_name(ldns_rdf *zone_name, ldns_dnssec_zone *zone, ldns_rbtree_t *zone_nodes, ldns_rbnode_t *cur_node, - ldns_rr_list *keys, - ldns_rr_list *glue_rrs) + ldns_rr_list *keys) { ldns_status result = LDNS_STATUS_OK; ldns_status status; ldns_dnssec_rrsets *cur_rrset; ldns_dnssec_name *name; + int on_delegation_point; /* for NSEC chain checks */ name = (ldns_dnssec_name *) cur_node->data; @@ -497,9 +461,7 @@ printf("\n"); } - if (ldns_rr_list_contains_name(glue_rrs, name->name) && - ldns_dnssec_name_has_only_a(name) - ) { + if (ldns_dnssec_name_is_glue(name)) { /* glue */ cur_rrset = name->rrsets; while (cur_rrset) { @@ -525,11 +487,26 @@ } } else { /* not glue, do real verify */ + + on_delegation_point = ldns_dnssec_rrsets_contains_type( + name->rrsets, LDNS_RR_TYPE_NS) + && !ldns_dnssec_rrsets_contains_type( + name->rrsets, LDNS_RR_TYPE_SOA); + cur_rrset = name->rrsets; while(cur_rrset) { - if (cur_rrset->type != LDNS_RR_TYPE_A || - !ldns_dnssec_zone_find_rrset(zone, name->name, LDNS_RR_TYPE_NS)) { - status = verify_dnssec_rrset(zone_name, name->name, cur_rrset, keys, glue_rrs); + + /* Do not check occluded rrsets + * on the delegation point + */ + if ( ( on_delegation_point && ( + cur_rrset->type == LDNS_RR_TYPE_NS + || cur_rrset->type == LDNS_RR_TYPE_DS)) + || (!on_delegation_point && + cur_rrset->type != LDNS_RR_TYPE_RRSIG + && cur_rrset->type != LDNS_RR_TYPE_NSEC)) { + + status = verify_dnssec_rrset(zone_name, name->name, cur_rrset, keys); if (status != LDNS_STATUS_OK && result == LDNS_STATUS_OK) { result = status; } @@ -537,7 +514,7 @@ cur_rrset = cur_rrset->next; } - status = verify_nsec(zone_nodes, cur_node, keys, glue_rrs); + status = verify_nsec(zone_nodes, cur_node, keys); if (result == LDNS_STATUS_OK) { result = status; } @@ -547,9 +524,7 @@ static ldns_status verify_dnssec_zone(ldns_dnssec_zone *dnssec_zone, - ldns_rdf *zone_name, - ldns_rr_list *glue_rrs) -{ + ldns_rdf *zone_name) { ldns_rr_list *keys; ldns_rbnode_t *cur_node; ldns_dnssec_rrsets *cur_key_rrset; @@ -591,8 +566,7 @@ dnssec_zone, dnssec_zone->names, cur_node, - keys, - glue_rrs); + keys); if (status != LDNS_STATUS_OK && result == LDNS_STATUS_OK) { result = status; } @@ -615,7 +589,6 @@ ldns_status s; ldns_dnssec_zone *dnssec_zone; ldns_status result = LDNS_STATUS_ERR; - ldns_rr_list *glue_rrs; while ((c = getopt(argc, argv, "hvV:")) != -1) { switch(c) { @@ -669,16 +642,20 @@ exit(1); } - glue_rrs = ldns_zone_glue_rr_list(z); dnssec_zone = create_dnssec_zone(z); + result = ldns_dnssec_zone_mark_glue(dnssec_zone); + if (result != LDNS_STATUS_OK) { + if (verbosity >= 1) { + printf("There were errors identifying the glue in the zone\n"); + } + } if (verbosity >= 5) { ldns_dnssec_zone_print(stdout, dnssec_zone); } result = verify_dnssec_zone(dnssec_zone, - ldns_rr_owner(ldns_zone_soa(z)), - glue_rrs); + ldns_rr_owner(ldns_zone_soa(z))); if (result == LDNS_STATUS_OK) {

@@ -330,13 +330,12 @@ ldns_rdf2buffer_str_time(ldns_buffer *output, const ldns_rdf *rdf) { /* create a YYYYMMDDHHMMSS string if possible */ - time_t data_time = (time_t) ldns_read_uint32(ldns_rdf_data(rdf)); struct tm tm; char date_buf[16]; memset(&tm, 0, sizeof(tm)); - - if (gmtime_r(&data_time, &tm) && strftime(date_buf, 15, "%Y%m%d%H%M%S", &tm)) { + if (ldns_serial_arithmitics_gmtime_r(ldns_rdf2native_int32(rdf), time(NULL), &tm) + && strftime(date_buf, 15, "%Y%m%d%H%M%S", &tm)) { ldns_buffer_printf(output, "%s", date_buf); } return ldns_buffer_status(output);

@@ -0,0 +1,69 @@ +/** + * \file common.h + * + * Common definitions for LDNS + */ + +/** + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004-2006 + * + * See the file LICENSE for the license + */ + +#ifndef LDNS_COMMON_H +#define LDNS_COMMON_H + +/* + * The build configuration that is used in the distributed headers, + * as detected and determined by the auto configure script. + */ +#define LDNS_BUILD_CONFIG_HAVE_SSL @ldns_build_config_have_ssl@ +#define LDNS_BUILD_CONFIG_USE_ECDSA @ldns_build_config_use_ecdsa@ +#define LDNS_BUILD_CONFIG_HAVE_INTTYPES_H @ldns_build_config_have_inttypes_h@ +#define LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT @ldns_build_config_have_attr_format@ +#define LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED @ldns_build_config_have_attr_unused@ + +/* + * HAVE_STDBOOL_H is not available when distributed as a library, but no build + * configuration variables may be used (like those above) because the header + * is sometimes only available when using special compiler flags to enable the + * c99 environment. Because we cannot force the usage of this flag, we have to + * provide a default type. Below what is suggested by the autoconf manual. + */ +/*@ignore@*/ +/* splint barfs on this construct */ +#ifdef HAVE_STDBOOL_H +# include <stdbool.h> +#else +# ifndef HAVE__BOOL +# ifdef __cplusplus +typedef bool _Bool; +# else +# define _Bool signed char +# endif +# endif +# define bool _Bool +# define false 0 +# define true 1 +# define __bool_true_false_are_defined 1 +#endif +/*@end@*/ + +#if LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT +#define ATTR_FORMAT(archetype, string_index, first_to_check) \ + __attribute__ ((format (archetype, string_index, first_to_check))) +#else /* !LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT */ +#define ATTR_FORMAT(archetype, string_index, first_to_check) /* empty */ +#endif /* !LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT */ + +#if defined(__cplusplus) +#define ATTR_UNUSED(x) +#elif LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED +#define ATTR_UNUSED(x) x __attribute__((unused)) +#else /* !LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED */ +#define ATTR_UNUSED(x) x +#endif /* !LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED */ + +#endif /* LDNS_COMMON_H */

@@ -24,6 +24,12 @@ /* Define to 1 if you have the `b64_pton' function. */ #undef HAVE_B64_PTON +/* Define to 1 if you have the `bzero' function. */ +#undef HAVE_BZERO + +/* Define to 1 if you have the `calloc' function. */ +#undef HAVE_CALLOC + /* Define to 1 if you have the `ctime_r' function. */ #undef HAVE_CTIME_R @@ -93,6 +99,9 @@ /* Define to 1 if you have the <memory.h> header file. */ #undef HAVE_MEMORY_H +/* Define to 1 if you have the `memset' function. */ +#undef HAVE_MEMSET + /* Define to 1 if you have the <netdb.h> header file. */ #undef HAVE_NETDB_H @@ -130,7 +139,7 @@ /* Define to 1 if you have the <stdarg.h> header file. */ #undef HAVE_STDARG_H -/* Define to 1 if you have the <stdbool.h> header file. */ +/* Define to 1 if stdbool.h conforms to C99. */ #undef HAVE_STDBOOL_H /* Define to 1 if you have the <stdint.h> header file. */ @@ -184,6 +193,9 @@ /* Define to 1 if you have the <ws2tcpip.h> header file. */ #undef HAVE_WS2TCPIP_H +/* Define to 1 if the system has the type `_Bool'. */ +#undef HAVE__BOOL + /* Define to the sub-directory in which libtool stores uninstalled libraries. */ #undef LT_OBJDIR @@ -206,6 +218,9 @@ /* Define to the version of this package. */ #undef PACKAGE_VERSION +/* The size of `time_t', as computed by sizeof. */ +#undef SIZEOF_TIME_T + /* Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS

@@ -23,11 +23,11 @@ #ifndef LDNS_DNSSEC_H #define LDNS_DNSSEC_H -#ifdef HAVE_SSL +#include <ldns/common.h> +#if LDNS_BUILD_CONFIG_HAVE_SSL #include <openssl/ssl.h> #include <openssl/evp.h> -#endif /* HAVE_SSL */ -#include <ldns/common.h> +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ #include <ldns/packet.h> #include <ldns/keys.h> #include <ldns/zone.h> @@ -127,7 +127,7 @@ */ uint16_t ldns_calc_keytag_raw(uint8_t* key, size_t keysize); -#ifdef HAVE_SSL +#if LDNS_BUILD_CONFIG_HAVE_SSL /** * converts a buffer holding key material to a DSA key in openssl. * @@ -173,9 +173,9 @@ */ EVP_PKEY* ldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo); -#endif /* HAVE_SSL */ +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ -#ifdef HAVE_SSL +#if LDNS_BUILD_CONFIG_HAVE_SSL /** * converts a buffer holding key material to a RSA key in openssl. * @@ -191,7 +191,7 @@ * \return a RSA * structure with the key material */ RSA *ldns_key_buf2rsa_raw(unsigned char* key, size_t len); -#endif /* HAVE_SSL */ +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ /** * returns a new DS rr that represents the given key rr. @@ -211,6 +211,16 @@ ldns_rr_type nsec_type); /** + * returns whether a rrset of the given type is found in the rrsets. + * + * \param[in] rrsets the rrsets to be tested + * \param[in] type the type to test for + * \return int 1 if the type was found, 0 otherwise. + */ +int +ldns_dnssec_rrsets_contains_type (ldns_dnssec_rrsets *rrsets, ldns_rr_type type); + +/** * Creates NSEC */ ldns_rr * @@ -372,7 +382,7 @@ */ bool ldns_nsec_covers_name(const ldns_rr *nsec, const ldns_rdf *name); -#ifdef HAVE_SSL +#if LDNS_BUILD_CONFIG_HAVE_SSL /** * verify a packet * \param[in] p the packet @@ -438,7 +448,7 @@ */ int ldns_dnssec_default_replace_signatures(ldns_rr *sig, void *n); -#ifdef HAVE_SSL +#if LDNS_BUILD_CONFIG_HAVE_SSL /** * Converts the DSA signature from ASN1 representation (RFC2459, as * used by OpenSSL) to raw signature data as used in DNS (rfc2536) @@ -488,7 +498,7 @@ ldns_convert_ecdsa_rrsig_rdf2asn1(ldns_buffer *target_buffer, const ldns_rdf *sig_rdf); -#endif /* HAVE_SSL */ +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ #ifdef __cplusplus }

@@ -42,7 +42,7 @@ */ ldns_rr_list *ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys); -#ifdef HAVE_SSL +#if LDNS_BUILD_CONFIG_HAVE_SSL /** * Sign a buffer with the DSA key (hash with SHA1) * \param[in] to_sign buffer with the data @@ -80,11 +80,42 @@ * \return a ldns_rdf with the signed data */ ldns_rdf *ldns_sign_public_rsamd5(ldns_buffer *to_sign, RSA *key); -#endif /* HAVE_SSL */ +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ /** - * Finds the first dnssec_name node in the rbtree that has not been marked - * as glue, starting at the given node + * Marks the names in the zone that are occluded. Those names will be skipped + * when walking the tree with the ldns_dnssec_name_node_next_nonglue() + * function. But watch out! Names that are partially occluded (like glue with + * the same name as the delegation) will not be marked and should specifically + * be taken into account seperately. + * + * When glue_list is given (not NULL), in the process of marking the names, all + * glue resource records will be pushed to that list, even glue at the delegation name. + * + * \param[in] zone the zone in which to mark the names + * \param[in] glue_list the list to which to push the glue rrs + * \return LDNS_STATUS_OK on success, an error code otherwise + */ +ldns_status +ldns_dnssec_zone_mark_and_get_glue( + ldns_dnssec_zone *zone, ldns_rr_list *glue_list); + +/** + * Marks the names in the zone that are occluded. Those names will be skipped + * when walking the tree with the ldns_dnssec_name_node_next_nonglue() + * function. But watch out! Names that are partially occluded (like glue with + * the same name as the delegation) will not be marked and should specifically + * be taken into account seperately. + * + * \param[in] zone the zone in which to mark the names + * \return LDNS_STATUS_OK on succesful completion + */ +ldns_status +ldns_dnssec_zone_mark_glue(ldns_dnssec_zone *zone); + +/** + * Finds the first dnssec_name node in the rbtree that is not occluded. + * It *does* return names that are partially occluded. * * \param[in] node the first node to check * \return the first node that has not been marked as glue, or NULL

@@ -390,6 +390,31 @@ bool packet_nodata); /** + * Same as ldns_status ldns_dnssec_verify_denial_nsec3 but also returns + * the nsec rr that matched. + * + * \param[in] rr The (query) RR to check the denial of existence for + * \param[in] nsecs The list of NSEC3 RRs that are supposed to deny the + * existence of the RR + * \param[in] rrsigs The RRSIG rr covering the NSEC RRs + * \param[in] packet_rcode The RCODE value of the packet that provided the + * NSEC3 RRs + * \param[in] packet_qtype The original query RR type + * \param[in] packet_nodata True if the providing packet had an empty ANSWER + * section + * \param[in] match On match, the given (reference to a) pointer will be set + * to point to the matching nsec resource record. + * \return LDNS_STATUS_OK if the NSEC3 RRs deny the existence, error code + * containing the reason they do not otherwise + */ +ldns_status ldns_dnssec_verify_denial_nsec3_match(ldns_rr *rr, + ldns_rr_list *nsecs, + ldns_rr_list *rrsigs, + ldns_pkt_rcode packet_rcode, + ldns_rr_type packet_qtype, + bool packet_nodata, + ldns_rr **match); +/** * Verifies the already processed data in the buffers * This function should probably not be used directly. * @@ -465,6 +490,7 @@ ldns_rr *rrsig, ldns_rr *key); +#if LDNS_BUILD_CONFIG_HAVE_SSL /** * verifies a buffer with signature data for a buffer with rrset data * with an EVP_PKEY @@ -474,12 +500,10 @@ * \param[in] key the EVP key structure * \param[in] digest_type The digest type of the signature */ -#ifdef HAVE_SSL ldns_status ldns_verify_rrsig_evp(ldns_buffer *sig, ldns_buffer *rrset, EVP_PKEY *key, const EVP_MD *digest_type); -#endif /** * Like ldns_verify_rrsig_evp, but uses raw signature data. @@ -489,7 +513,6 @@ * \param[in] key the EVP key structure * \param[in] digest_type The digest type of the signature */ -#ifdef HAVE_SSL ldns_status ldns_verify_rrsig_evp_raw(unsigned char *sig, size_t siglen, ldns_buffer *rrset,

@@ -70,8 +70,13 @@ */ ldns_dnssec_rrs *nsec_signatures; /** - * Set to true if this name is glue - * (as marked by ldns_dnssec_zone_mark_glue()) + * Unlike what the name is_glue suggests, this field is set to true by + * ldns_dnssec_zone_mark_glue() or ldns_dnssec_zone_mark_and_get_glue() + * when the name, this dnssec_name struct represents, is occluded. + * Names that contain other occluded rrsets and records with glue on + * the delegation point will NOT have this bool set to true. + * This field should NOT be read directly, but only via the + * ldns_dnssec_name_is_glue() function! */ bool is_glue; /** @@ -237,6 +242,18 @@ */ void ldns_dnssec_name_set_name(ldns_dnssec_name *name, ldns_rdf *dname); +/** + * Returns if dnssec_name structure is marked as glue. + * The ldns_dnssec_zone_mark_glue() function has to be called on a zone before + * using this function. + * Only names that have only glue rrsets will be marked. + * Names that have other occluded rrsets and names containing glue on the + * delegation point will NOT be marked! + * + * \param[in] name the dnssec name to get the domain name from + * \return true if the structure is marked as glue, false otherwise. + */ +bool ldns_dnssec_name_is_glue(ldns_dnssec_name *name); /** * Sets the NSEC(3) RR of the given dnssec_name structure

@@ -21,9 +21,10 @@ #ifndef LDNS_KEYS_H #define LDNS_KEYS_H -#ifdef HAVE_SSL +#include <ldns/common.h> +#if LDNS_BUILD_CONFIG_HAVE_SSL #include <openssl/ssl.h> -#endif /* HAVE_SSL */ +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ #include <ldns/dnssec.h> #include <ldns/util.h> #include <errno.h> @@ -53,7 +54,7 @@ LDNS_RSASHA256 = 8, /* RFC 5702 */ LDNS_RSASHA512 = 10, /* RFC 5702 */ LDNS_ECC_GOST = 12, /* RFC 5933 */ -#ifdef USE_ECDSA +#if LDNS_BUILD_CONFIG_USE_ECDSA /* this ifdef has to be removed once it is no longer experimental, * to be able to use these values outside of the ldns library itself */ LDNS_ECDSAP256SHA256 = 13, /* draft-hoffman-dnssec-ecdsa */ @@ -73,7 +74,7 @@ LDNS_SHA1 = 1, /* RFC 4034 */ LDNS_SHA256 = 2, /* RFC 4509 */ LDNS_HASH_GOST = 3 /* RFC 5933 */ -#ifdef USE_ECDSA +#if LDNS_BUILD_CONFIG_USE_ECDSA /* this ifdef has to be removed once it is no longer experimental, * to be able to use these values outside of the ldns library itself */ ,LDNS_SHA384 = 4 /* draft-hoffman-dnssec-ecdsa EXPERIMENTAL */ @@ -94,7 +95,7 @@ LDNS_SIGN_RSASHA512 = LDNS_RSASHA512, LDNS_SIGN_DSA_NSEC3 = LDNS_DSA_NSEC3, LDNS_SIGN_ECC_GOST = LDNS_ECC_GOST, -#ifdef USE_ECDSA +#if LDNS_BUILD_CONFIG_USE_ECDSA /* this ifdef has to be removed once it is no longer experimental, * to be able to use these values outside of the ldns library itself */ LDNS_SIGN_ECDSAP256SHA256 = LDNS_ECDSAP256SHA256, @@ -123,13 +124,13 @@ /** Storage pointers for the types of keys supported */ /* TODO remove unions? */ struct { -#ifdef HAVE_SSL +#if LDNS_BUILD_CONFIG_HAVE_SSL #ifndef S_SPLINT_S /* The key can be an OpenSSL EVP Key */ EVP_PKEY *key; #endif -#endif /* HAVE_SSL */ +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ /** * The key can be an HMAC key */ @@ -220,7 +221,7 @@ */ ldns_status ldns_key_new_frm_fp_l(ldns_key **k, FILE *fp, int *line_nr); -#ifdef HAVE_SSL +#if LDNS_BUILD_CONFIG_HAVE_SSL /** * Read the key with the given id from the given engine and store it * in the given ldns_key structure. The algorithm type is set @@ -235,9 +236,9 @@ * \return NULL on failure otherwise a RSA structure */ RSA *ldns_key_new_frm_fp_rsa(FILE *fp); -#endif /* HAVE_SSL */ +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ -#ifdef HAVE_SSL +#if LDNS_BUILD_CONFIG_HAVE_SSL /** * frm_fp helper function. This function parses the * remainder of the (RSA) priv. key file generated from bind9 @@ -246,9 +247,9 @@ * \return NULL on failure otherwise a RSA structure */ RSA *ldns_key_new_frm_fp_rsa_l(FILE *fp, int *line_nr); -#endif /* HAVE_SSL */ +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ -#ifdef HAVE_SSL +#if LDNS_BUILD_CONFIG_HAVE_SSL /** * frm_fp helper function. This function parses the * remainder of the (DSA) priv. key file @@ -256,9 +257,9 @@ * \return NULL on failure otherwise a RSA structure */ DSA *ldns_key_new_frm_fp_dsa(FILE *fp); -#endif /* HAVE_SSL */ +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ -#ifdef HAVE_SSL +#if LDNS_BUILD_CONFIG_HAVE_SSL /** * frm_fp helper function. This function parses the * remainder of the (DSA) priv. key file @@ -267,9 +268,9 @@ * \return NULL on failure otherwise a RSA structure */ DSA *ldns_key_new_frm_fp_dsa_l(FILE *fp, int *line_nr); -#endif /* HAVE_SSL */ +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ -#ifdef HAVE_SSL +#if LDNS_BUILD_CONFIG_HAVE_SSL /** * frm_fp helper function. This function parses the * remainder of the (HMAC-MD5) key file @@ -281,7 +282,7 @@ unsigned char *ldns_key_new_frm_fp_hmac(FILE *fp, size_t *hmac_size); #endif -#ifdef HAVE_SSL +#if LDNS_BUILD_CONFIG_HAVE_SSL /** * frm_fp helper function. This function parses the * remainder of the (HMAC-MD5) key file @@ -292,7 +293,7 @@ * \return NULL on failure otherwise a newly allocated char buffer */ unsigned char *ldns_key_new_frm_fp_hmac_l(FILE *fp, int *line_nr, size_t *hmac_size); -#endif /* HAVE_SSL */ +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ /* acces write functions */ /** @@ -301,7 +302,7 @@ * \param[in] l the algorithm */ void ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l); -#ifdef HAVE_SSL +#if LDNS_BUILD_CONFIG_HAVE_SSL /** * Set the key's evp key * \param[in] k the key @@ -331,7 +332,7 @@ /** Release the engine reference held for the GOST engine. */ void ldns_key_EVP_unload_gost(void); -#endif /* HAVE_SSL */ +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ /** * Set the key's hmac data @@ -424,7 +425,7 @@ */ ldns_key *ldns_key_list_key(const ldns_key_list *key, size_t nr); -#ifdef HAVE_SSL +#if LDNS_BUILD_CONFIG_HAVE_SSL /** * returns the (openssl) RSA struct contained in the key * \param[in] k the key to look in @@ -437,14 +438,14 @@ * \return the RSA * structure in the key */ EVP_PKEY *ldns_key_evp_key(const ldns_key *k); -#endif /* HAVE_SSL */ +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ /** * returns the (openssl) DSA struct contained in the key */ -#ifdef HAVE_SSL +#if LDNS_BUILD_CONFIG_HAVE_SSL DSA *ldns_key_dsa_key(const ldns_key *k); -#endif /* HAVE_SSL */ +#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */ /** * return the signing alg of the key

@@ -20,7 +20,7 @@ extern "C" { #endif -#define LDNS_DEFAULT_TIMEOUT_SEC 2 +#define LDNS_DEFAULT_TIMEOUT_SEC 5 #define LDNS_DEFAULT_TIMEOUT_USEC 0 /**

@@ -176,6 +176,7 @@ LDNS_RR_TYPE_DHCID = 49, LDNS_RR_TYPE_NSEC3 = 50, + LDNS_RR_TYPE_NSEC3PARAM = 51, LDNS_RR_TYPE_NSEC3PARAMS = 51, /** draft-ietf-dnsop-trust-history */

@@ -55,17 +55,14 @@ * Import u_intXX_t size_t type definitions from system headers. You * may need to change this, or define these things yourself in this * file. - * - * (include ldns/config.h so HAVE_INTTYPES is defined (or not, depending - * on the system)) */ #include <sys/types.h> -#ifdef HAVE_INTTYPES_H +#if LDNS_BUILD_CONFIG_HAVE_INTTYPES_H #include <inttypes.h> -#endif /* HAVE_INTTYPES_H */ +#endif /* LDNS_BUILD_CONFIG_HAVE_INTTYPES_H */ /*** SHA-256/384/512 Various Length Definitions ***********************/

@@ -50,6 +50,8 @@ #define LDNS_XMALLOC(type, count) ((type *) malloc((count) * sizeof(type))) +#define LDNS_CALLOC(type, count) ((type *) calloc((count), sizeof(type))) + #define LDNS_REALLOC(ptr, type) LDNS_XREALLOC((ptr), type, 1) #define LDNS_XREALLOC(ptr, type, count) \ @@ -269,6 +271,22 @@ time_t mktime_from_utc(const struct tm *tm); /** + * The function interprets time as the number of seconds since epoch + * with respect to now using serial arithmitics (rfc1982). + * That number of seconds is then converted to broken-out time information. + * This is especially usefull when converting the inception and expiration + * fields of RRSIG records. + * + * \param[in] time number of seconds since epoch (midnight, January 1st, 1970) + * to be intepreted as a serial arithmitics number relative to now. + * \param[in] now number of seconds since epoch (midnight, January 1st, 1970) + * to which the time value is compared to determine the final value. + * \param[out] result the struct with the broken-out time information + * \return result on success or NULL on error + */ +struct tm * ldns_serial_arithmitics_gmtime_r(int32_t time, time_t now, struct tm *result); + +/** * Seed the random function. * If the file descriptor is specified, the random generator is seeded with * data from that file. If not, /dev/urandom is used.

@@ -117,7 +117,8 @@ * * Due to the current zone implementation (as a list of rr's), this * function is extremely slow. Another (probably better) way to do this - * is to use an ldns_dnssec_zone structure and the mark_glue function + * is to use an ldns_dnssec_zone structure and the + * ldns_dnssec_mark_and_get_glue() function. * * \param[in] z the zone to look for glue * \return the rr_list with the glue

@@ -85,6 +85,7 @@ ldns_dnssec_name_deep_free ldns_dnssec_name_find_rrset ldns_dnssec_name_free +ldns_dnssec_name_is_glue ldns_dnssec_name_name ldns_dnssec_name_new ldns_dnssec_name_new_frm_rr @@ -135,6 +136,7 @@ ldns_dnssec_zone_find_nsec3_original ldns_dnssec_zone_find_rrset ldns_dnssec_zone_free +ldns_dnssec_zone_mark_and_get_glue ldns_dnssec_zone_mark_glue ldns_dnssec_zone_names_print ldns_dnssec_zone_new @@ -618,6 +620,7 @@ ldns_rr_uncompressed_size ldns_send ldns_send_buffer +ldns_serial_arithmitics_gmtime_r ldns_set_bit ldns_sha1 ldns_sha1_final

@@ -7,7 +7,7 @@ Summary: Lowlevel DNS(SEC) library with API Name: ldns -Version: 1.6.9 +Version: 1.6.10 Release: 2%{?dist} License: BSD Url: http://www.nlnetlabs.nl/%{name}/

@@ -132,13 +132,15 @@ } } if (c != '\0' && c != '\n') { - *t++ = c; i++; } if (limit > 0 && i >= limit) { *t = '\0'; return -1; } + if (c != '\0' && c != '\n') { + *t++ = c; + } if (c == '\\' && prev_c == '\\') prev_c = 0; else prev_c = c; @@ -302,12 +304,12 @@ } } - *t++ = c; i++; if (limit > 0 && i >= limit) { *t = '\0'; return -1; } + *t++ = c; if (c == '\\' && lc == '\\') { lc = 0;

@@ -431,6 +431,16 @@ cur_hex_data_size = 0; while(cur_hex_data_size < 2 * hex_data_size) { c = ldns_bget_token(rd_buf, rd, delimiters, LDNS_MAX_RDFLEN); + if (c == -1) { + LDNS_FREE(hex_data_str); + LDNS_FREE(rd); + LDNS_FREE(b64); + ldns_buffer_free(rd_buf); + ldns_buffer_free(rr_buf); + LDNS_FREE(rdata); + ldns_rr_free(new); + return LDNS_STATUS_SYNTAX_RDATA_ERR; + } rd_strlen = strlen(rd); strncpy(hex_data_str + cur_hex_data_size, rd, rd_strlen); cur_hex_data_size += rd_strlen; @@ -1900,7 +1910,7 @@ LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_NSEC3_SALT, LDNS_RDF_TYPE_NSEC3_NEXT_OWNER, LDNS_RDF_TYPE_NSEC }; -static const ldns_rdf_type type_nsec3params_wireformat[] = { +static const ldns_rdf_type type_nsec3param_wireformat[] = { /* LDNS_RDF_TYPE_NSEC3_PARAMS_VARS*/ LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, @@ -2034,7 +2044,7 @@ /* 50 */ {LDNS_RR_TYPE_NSEC3, "NSEC3", 5, 6, type_nsec3_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, /* 51 */ -{LDNS_RR_TYPE_NSEC3PARAMS, "NSEC3PARAM", 4, 4, type_nsec3params_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NSEC3PARAM, "NSEC3PARAM", 4, 4, type_nsec3param_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, /* 52 */ {LDNS_RR_TYPE_NULL, "TYPE52", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, {LDNS_RR_TYPE_NULL, "TYPE53", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },

@@ -241,6 +241,100 @@ return seconds; } +#if SIZEOF_TIME_T <= 4 + +static void +ldns_year_and_yday_from_days_since_epoch(int64_t days, struct tm *result) +{ + int year = 1970; + int new_year; + + while (days < 0 || days >= (int64_t) (is_leap_year(year) ? 366 : 365)) { + new_year = year + (int) (days / 366); + if (year == new_year) { + year += days < 0 ? -1 : 1; + } + days -= (new_year - year) * 365; + days -= leap_days(year, new_year); + year = new_year; + } + result->tm_year = year; + result->tm_yday = (int) days; +} + +/* Number of days per month in a leap year. */ +static const int leap_year_mdays[] = { + 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 +}; + +static void +ldns_mon_and_mday_from_year_and_yday(struct tm *result) +{ + int idays = result->tm_yday; + const int *mon_lengths = is_leap_year(result->tm_year) ? + leap_year_mdays : mdays; + + result->tm_mon = 0; + while (idays >= mon_lengths[result->tm_mon]) { + idays -= mon_lengths[result->tm_mon++]; + } + result->tm_mday = idays + 1; +} + +static void +ldns_wday_from_year_and_yday(struct tm *result) +{ + result->tm_wday = 4 /* 1-1-1970 was a thursday */ + + ((result->tm_year - 1970) % 7) * (365 % 7) + + leap_days(1970, result->tm_year) + + result->tm_yday; + result->tm_wday %= 7; + if (result->tm_wday < 0) { + result->tm_wday += 7; + } +} + +static struct tm * +ldns_gmtime64_r(int64_t clock, struct tm *result) +{ + result->tm_isdst = 0; + result->tm_sec = (int) (clock % 60); + clock /= 60; + result->tm_min = (int) (clock % 60); + clock /= 60; + result->tm_hour = (int) (clock % 24); + clock /= 24; + + ldns_year_and_yday_from_days_since_epoch(clock, result); + ldns_mon_and_mday_from_year_and_yday(result); + ldns_wday_from_year_and_yday(result); + result->tm_year -= 1900; + + return result; +} + +#endif /* SIZEOF_TIME_T <= 4 */ + +static int64_t +ldns_serial_arithmitics_time(int32_t time, time_t now) +{ + int32_t offset = time - (int32_t) now; + return (int64_t) now + offset; +} + + +struct tm * +ldns_serial_arithmitics_gmtime_r(int32_t time, time_t now, struct tm *result) +{ +#if SIZEOF_TIME_T <= 4 + int64_t secs_since_epoch = ldns_serial_arithmitics_time(time, now); + return ldns_gmtime64_r(secs_since_epoch, result); +#else + time_t secs_since_epoch = ldns_serial_arithmitics_time(time, now); + return gmtime_r(&secs_since_epoch, result); +#endif +} + /** * Init the random source * applications should call this if they need entropy data within ldns

@@ -228,7 +228,8 @@ a = ldns_rr_list_rr(addr, j); dname_a = ldns_rr_owner(a); - if (ldns_dname_is_subdomain(dname_a, ns_owner)) { + if (ldns_dname_is_subdomain(dname_a, ns_owner) || + ldns_dname_compare(dname_a, ns_owner) == 0) { /* GLUE! */ if (!ldns_rr_list_push_rr(glue, a)) goto memory_error; }

@@ -1,52 +0,0 @@ -/** - * \file common.h - * - * Common definitions for LDNS - */ - -/** - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2004-2006 - * - * See the file LICENSE for the license - */ - -#ifndef LDNS_COMMON_H -#define LDNS_COMMON_H - -#if !defined(__cplusplus) && !defined(__bool_true_false_are_defined) - -#if defined(HAVE_STDBOOL_H) -#include <stdbool.h> -#else - -/*@ignore@*/ -/* splint barfs on this construct */ -typedef unsigned int bool; -#define bool bool -#define false 0 -#define true 1 -#define __bool_true_false_are_defined 1 -/*@end@*/ - -#endif - -#endif - -#ifdef HAVE_ATTR_FORMAT -#define ATTR_FORMAT(archetype, string_index, first_to_check) \ - __attribute__ ((format (archetype, string_index, first_to_check))) -#else /* !HAVE_ATTR_FORMAT */ -#define ATTR_FORMAT(archetype, string_index, first_to_check) /* empty */ -#endif /* !HAVE_ATTR_FORMAT */ - -#if defined(__cplusplus) -#define ATTR_UNUSED(x) -#elif defined(HAVE_ATTR_UNUSED) -#define ATTR_UNUSED(x) x __attribute__((unused)) -#else /* !HAVE_ATTR_UNUSED */ -#define ATTR_UNUSED(x) x -#endif /* !HAVE_ATTR_UNUSED */ - -#endif /* LDNS_COMMON_H */

[-] [+]	Changed	ldns.changes
@@ -1,4 +1,9 @@ ------------------------------------------------------------------- +Sun Aug 7 18:59:21 UTC 2011 - cs@linux-administrator.com + +- new version 1.6.10 + +------------------------------------------------------------------- Wed May 25 13:38:43 UTC 2011 - lnussel@suse.de - new version 1.6.9
[-] [+]	Changed	ldns.spec ^
@@ -1,8 +1,8 @@ # norootforbuild Name: ldns -Version: 1.6.9 -Release: 0 +Version: 1.6.10 +Release: 1 # Group: Development/Libraries/C and C++ License: BSD
[-] [+]	Changed	ldns-1.6.10.tar.gz/Changelog ^
@@ -1,3 +1,35 @@ +1.6.10 + * New example tool added: ldns-gen-zone. + * bugfix #359: Serial-arithmetic for the inception and expiration + fields of a RRSIG and correctly converting them to broken-out time + information. + * bugfix #364: Slight performance increase of ldns-verifyzone. + * bugfix #367: Fix to allow glue records with the same name as the + delegation. + * Fix ldns-verifyzone to allow NSEC3-less records for NS rrsets and + glue when the zone is opt-out. + * bugfix #376: Adapt ldns_nsec3_salt, ldns_nsec3_iterations, + ldns_nsec3_flags and ldns_nsec3_algorithm to work for NSEC3PARAMS too. + * pyldns memory leaks fixed by Bedrich Kosata (at the cost of a bit + performance) + * Better handling of reference variables in ldns_rr_new_frm_fp_l from + pyldns, with a very nice generator function by Bedrich Kosata. + * Decoupling of the rdfs in rrs in the python wrappers to enable + the python garbage collector by Bedrich Kosata. + * bugfix #380: Minimizing effect of discrepancies in sizeof(bool) at + build time and when used. + * bugfix #383: Fix detection of empty nonterminals of multiple labels. + * Fixed the ommission of rrsets in nsec(3)s and rrsigs to all occluded + names (in stead of just the ones that contain glue only) and all + occluded records on the delegation points (in stead of just the glue). + * Clarify the operation of ldns_dnssec_mark_glue and the usage of + ldns_dnssec_node_next_nonglue functions in the documentation. + * Added function ldns_dnssec_mark_and_get_glue as an real fast + alternative for ldns_zone_glue_rr_list. + * Fix parse buffer overflow for max length domain names. + * Fix Makefile for U in environment, since wrong U is more common than + deansification necessity. + 1.6.9 2011-03-16 * Fix creating NSEC(3) bitmaps: make array size 65536, don't add doubles.
[-] [+]	Changed	ldns-1.6.10.tar.gz/Makefile.in ^
@@ -32,6 +32,10 @@ libtool = $(glibtool) endif +# override $U variable which is used by autotools for deansification (for +# K&R C compilers), but causes problems if $U is defined in the env). +U= + CC = @CC@ ifeq "$(srcdir)" "." CPPFLAGS = $(strip -I. @CPPFLAGS@ @DEFS@) @@ -44,6 +48,7 @@ LIBOBJS = @LIBOBJS@ PYTHON_CPPFLAGS = @PYTHON_CPPFLAGS@ PYTHON_LDFLAGS = @PYTHON_LDFLAGS@ +PYTHON_X_CFLAGS = @PYTHON_X_CFLAGS@ LIBSSL_CPPFLAGS = @LIBSSL_CPPFLAGS@ LIBSSL_LDFLAGS = @LIBSSL_LDFLAGS@ LIBSSL_LIBS = @LIBSSL_LIBS@ @@ -56,7 +61,7 @@ LINTFLAGS=+quiet -weak -warnposix -unrecog -Din_addr_t=uint32_t -Du_int=unsigned -Du_char=uint8_t -preproc -Drlimit=rlimit64 -D__gnuc_va_list=va_list #-Dglob64=glob -Dglobfree64=globfree # compat with openssl linux edition. -LINTFLAGS+="-DBN_ULONG=unsigned long" -Dkrb5_int32=int "-Dkrb5_ui_4=unsigned int" -DPQ_64BIT=uint64_t -DRC4_INT=unsigned -fixedformalarray -D"ENGINE=unsigned" -D"RSA=unsigned" -D"DSA=unsigned" -D"EVP_PKEY=unsigned" -D"EVP_MD=unsigned" -D"SSL=unsigned" -D"SSL_CTX=unsigned" -D"X509=unsigned" -D"RC4_KEY=unsigned" -D"EVP_MD_CTX=unsigned" -D"EC_KEY=unsigned" -D"EC_POINT=unsigned" -D"EC_GROUP=unsigned" +LINTFLAGS+="-DBN_ULONG=unsigned long" -Dkrb5_int32=int "-Dkrb5_ui_4=unsigned int" -DPQ_64BIT=uint64_t -DRC4_INT=unsigned -fixedformalarray -D"ENGINE=unsigned" -D"RSA=unsigned" -D"DSA=unsigned" -D"EVP_PKEY=unsigned" -D"EVP_MD=unsigned" -D"SSL=unsigned" -D"SSL_CTX=unsigned" -D"X509=unsigned" -D"RC4_KEY=unsigned" -D"EVP_MD_CTX=unsigned" -D"EC_KEY=unsigned" -D"EC_POINT=unsigned" -D"EC_GROUP=unsigned" -D"EVP_PKEY_ASN1_METHOD=struct evp_pkey_asn1_method_st" -D"EVP_PKEY_CTX=struct evp_pkey_ctx_st" # compat with NetBSD ifeq "$(shell uname)" "NetBSD" LINTFLAGS+="-D__RENAME(x)=" -D_NETINET_IN_H_ @@ -76,7 +81,6 @@ sha1.c sha2.c LIBDNS_HEADERS = $(srcdir)/ldns/error.h \ $(srcdir)/ldns/packet.h \ - $(srcdir)/ldns/common.h \ $(srcdir)/ldns/rdata.h \ $(srcdir)/ldns/rr.h \ $(srcdir)/ldns/wire2host.h \ @@ -111,7 +115,7 @@ LINK = $(CC) $(strip $(CFLAGS) $(LDFLAGS) $(LIBS)) LINK_LIB = $(LIBTOOL) --mode=link $(CC) $(strip $(CFLAGS) $(LDFLAGS) $(LIBS) -version-number $(version_info) -no-undefined) -%.o: $(srcdir)/%.c $(LIBDNS_HEADERS) ldns/net.h ldns/util.h ldns/config.h +%.o: $(srcdir)/%.c $(LIBDNS_HEADERS) ldns/common.h ldns/net.h ldns/util.h ldns/config.h $(COMP_LIB) $(LIBSSL_CPPFLAGS) -c $< .PHONY: clean realclean docclean manpages doc lint all lib pyldns test @@ -120,7 +124,7 @@ all: copy-headers lib linktest manpages @PYLDNS@ -linktest: $(srcdir)/linktest.c $(LIBDNS_HEADERS) ldns/net.h ldns/util.h ldns/config.h libldns.la +linktest: $(srcdir)/linktest.c $(LIBDNS_HEADERS) ldns/common.h ldns/net.h ldns/util.h ldns/config.h libldns.la $(LIBTOOL) --mode=link $(CC) $(srcdir)/linktest.c $(CPPFLAGS) $(LIBSSL_CPPFLAGS) $(CFLAGS) -lldns $(LIBS) -o linktest lib: libldns.la @@ -140,12 +144,12 @@ @if [ ! -d include/ldns ] ; then (cd include; ln -s ../ldns ./ldns \|\| echo "include/ldns exists") ; fi ; $(INSTALL) -c -m 644 $< ./include/ldns/ -include/ldns/util.h include/ldns/net.h include/ldns/config.h: include/ldns/%.h: ./ldns/%.h +include/ldns/util.h include/ldns/common.h include/ldns/net.h include/ldns/config.h: include/ldns/%.h: ./ldns/%.h @if [ ! -d include ] ; then ($(INSTALL) -d include \|\| echo "include exists") ; fi ; @if [ ! -d include/ldns ] ; then (cd include; ln -s ../ldns ./ldns \|\| echo "include/ldns exists") ; fi ; $(INSTALL) -c -m 644 $< ./include/ldns/ -copy-headers: $(addprefix include/ldns/, $(notdir $(LIBDNS_HEADERS))) include/ldns/util.h include/ldns/net.h include/ldns/config.h +copy-headers: $(addprefix include/ldns/, $(notdir $(LIBDNS_HEADERS))) include/ldns/common.h include/ldns/util.h include/ldns/net.h include/ldns/config.h mancheck: sh -c 'find . -name \.\[13\] -exec troff -z {} \;' 2>&1 \| sed "s/^\.\///" \| sed "s/\(:[0\-9]\+:\)/\1 warning:/g" @@ -167,18 +171,18 @@ pyldns: _ldns.la -$(pywrapdir)/ldns_wrapper.c: $(pywrapdir)/ldns.i $(wildcard $(pywrapdir)/.i) $(LIBDNS_HEADERS) ldns/util.h ldns/config.h +$(pywrapdir)/ldns_wrapper.c: $(pywrapdir)/ldns.i $(wildcard $(pywrapdir)/.i) $(LIBDNS_HEADERS) ldns/common.h ldns/util.h ldns/config.h $(swig) -python -o $@ $(CPPFLAGS) $(PYTHON_CPPFLAGS) $< -ldns_wrapper.lo: $(pywrapdir)/ldns_wrapper.c $(LIBDNS_HEADERS) ldns/util.h ldns/config.h - $(COMP_LIB) -I./include/ldns $(PYTHON_CPPFLAGS) -c $< -o $@ +ldns_wrapper.lo: $(pywrapdir)/ldns_wrapper.c $(LIBDNS_HEADERS) ldns/common.h ldns/util.h ldns/config.h + $(COMP_LIB) -I./include/ldns $(PYTHON_CPPFLAGS) $(PYTHON_X_CFLAGS) -c $< -o $@ _ldns.la: ldns_wrapper.lo libldns.la $(LIBTOOL) --tag=CC --mode=link $(CC) $(strip $(CFLAGS) $(PYTHON_CFLAGS) $(LDFLAGS) $(PYTHON_LDFLAGS) -module -version-number $(version_info) -no-undefined -o $@ $< -rpath $(python_site) -L. -L.libs -lldns $(LIBS)) install: install-h install-lib install-config install-manpages $(pyldns_inst) -uninstall: uninstall-manpages uninstall-h uninstall-lib $(pyldns_uninst) +uninstall: uninstall-manpages uninstall-config uninstall-h uninstall-lib $(pyldns_uninst) destclean: uninstall @@ -188,6 +192,12 @@ $(INSTALL) -c -m 755 packaging/ldns-config $(DESTDIR)$(bindir)/; \ fi +uninstall-config: + if [ $(INSTALL_LDNS_CONFIG) = "yes" ] ; then \ + rm -f $(DESTDIR)$(bindir)/ldns-config; \ + [ ! -d $(DESTDIR)$(bindir) ] \|\| rmdir -p $(DESTDIR)$(bindir) \|\| echo "ok, dir already gone"; \ + fi + install-manpages: manpages ${INSTALL} -d $(DESTDIR)$(mandir)/man3 for f in doc/man/man3/; do \ @@ -203,12 +213,16 @@ $(INSTALL) -m 755 -d $(DESTDIR)$(includedir)/ldns for i in $(LIBDNS_HEADERS); do \ $(INSTALL) -c -m 644 $$i $(DESTDIR)$(includedir)/ldns/; done + $(INSTALL) -c -m 644 include/ldns/common.h $(DESTDIR)$(includedir)/ldns/ $(INSTALL) -c -m 644 include/ldns/util.h $(DESTDIR)$(includedir)/ldns/ $(INSTALL) -c -m 644 include/ldns/net.h $(DESTDIR)$(includedir)/ldns/ uninstall-h: for i in $(LIBDNS_HEADERS); do \ rm -f $(DESTDIR)$(includedir)/$$i; done + rm -f $(DESTDIR)$(includedir)/ldns/net.h + rm -f $(DESTDIR)$(includedir)/ldns/util.h + rm -f $(DESTDIR)$(includedir)/ldns/common.h [ ! -d $(DESTDIR)$(includedir)/ldns ] \|\| rmdir -p $(DESTDI)$(includedir)/ldns \|\| echo "ok, dir already gone" exit 0 @@ -255,6 +269,7 @@ rm -f ldns/config.h.in rm -f ldns/config.h rm -f ldns/util.h + rm -f ldns/common.h rm -f config.h.in rm -f configure rm -f config.sub @@ -275,7 +290,7 @@ $(LIBTOOL) --mode clean rm -f libldns.so $(LIBTOOL) --mode clean rm -f libldns.so.* $(LIBTOOL) --mode clean rm -f _ldns.la - rm -rf ldns/net.h ldns/util.h ldns/config.h + rm -rf ldns/net.h ldns/util.h ldns/config.h ldns/common.h rm -rf *.lo rm -rf .libs rm -rf libtool
[-] [+]	Changed	ldns-1.6.10.tar.gz/README ^
@@ -8,6 +8,8 @@ INFORMATION FOR SPECIFIC OPERATING SYSTEMS Mac OS X Solaris + KNOWN ISSUES + pyldns Your Support Project page: @@ -65,6 +67,7 @@ * Developers ldns is developed by the ldns team at NLnet Labs. This team currently consists of: + o Willem Toorop o Wouter Wijngaards o Matthijs Mekking @@ -74,6 +77,7 @@ * Credits We have received patches from the following people, thanks! + o Bedrich Kosata o Erik Rozendaal o Håkan Olsson o Jakob Schlyter @@ -82,7 +86,7 @@ o Ondřej Surý -IFORMATION FOR SPECIFIC OPERATING SYSTEMS +INFORMATION FOR SPECIFIC OPERATING SYSTEMS MAC OS X @@ -103,6 +107,17 @@ script that sets the right build and link options. You can find it in contrib/build-solaris.sh +KNOWN ISSUES + +A complete list of currently known open issues can be found here: +http://www.nlnetlabs.nl/projects/ldns/bugs + +* pyldns +Compiling pyldns produces many ``unused parameter'' warnings. Those are +harmless and may safely be ignored. +Also when building with Swig which version is before 2.0.4, compiling +pyldns produces many ``missing initializer'' warnings. Those are harmless +too. Your Support NLnet Labs offers all of its software products as open source, most are
[-] [+]	Added	ldns-1.6.10.tar.gz/compat/calloc.c ^
@@ -0,0 +1,24 @@ +/* Just a replacement, if the original malloc is not + GNU-compliant. See autoconf documentation. / + +#if HAVE_CONFIG_H +#include <ldns/config.h> +#endif + +void calloc(); + +#if !HAVE_BZERO && HAVE_MEMSET +# define bzero(buf, bytes) ((void) memset (buf, 0, bytes)) +#endif + +void * +calloc(size_t num, size_t size) +{ + void new = malloc(num size); + if (!new) { + return NULL; + } + bzero(new, num * size); + return new; +} +
[-] [+]	Changed	ldns-1.6.10.tar.gz/configure ^
@@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for ldns 1.6.9. +# Generated by GNU Autoconf 2.68 for ldns 1.6.10. # # Report bugs to <libdns@nlnetlabs.nl>. # @@ -570,8 +570,8 @@ # Identity of this package. PACKAGE_NAME='ldns' PACKAGE_TARNAME='libdns' -PACKAGE_VERSION='1.6.9' -PACKAGE_STRING='ldns 1.6.9' +PACKAGE_VERSION='1.6.10' +PACKAGE_STRING='ldns 1.6.10' PACKAGE_BUGREPORT='libdns@nlnetlabs.nl' PACKAGE_URL='' @@ -615,16 +615,21 @@ enable_option_checking=no ac_subst_vars='subdirs LTLIBOBJS +ldns_build_config_have_attr_unused +ldns_build_config_have_attr_format +ldns_build_config_have_ssl WINDRES LIBOBJS include_unistd_h include_systypes_h include_inttypes_h +ldns_build_config_have_inttypes_h include_sys_socket_h INSTALL_LDNS_CONFIG LIBSSL_LIBS LIBSSL_LDFLAGS LIBSSL_CPPFLAGS +ldns_build_config_use_ecdsa RUNTIME_PATH HAVE_SSL OTOOL64 @@ -657,6 +662,7 @@ build_cpu build libtool +PYTHON_X_CFLAGS swig PYLDNS SWIG_LIB @@ -1297,7 +1303,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures ldns 1.6.9 to adapt to many kinds of systems. +\`configure' configures ldns 1.6.10 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1362,7 +1368,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short \| recursive ) echo "Configuration of ldns 1.6.9:";; + short \| recursive ) echo "Configuration of ldns 1.6.10:";; esac cat <<\_ACEOF @@ -1475,7 +1481,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -ldns configure 1.6.9 +ldns configure 1.6.10 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -1941,6 +1947,184 @@ } # ac_fn_c_check_decl +# ac_fn_c_compute_int LINENO EXPR VAR INCLUDES +# -------------------------------------------- +# Tries to find the compile-time value of EXPR in a program that includes +# INCLUDES, setting VAR accordingly. Returns whether the value could be +# computed +ac_fn_c_compute_int () +{ + as_lineno=${as_lineno-"$1"} as_lineno_stack=as_lineno_stack=$as_lineno_stack + if test "$cross_compiling" = yes; then + # Depending upon the size, compute the lo and hi bounds. +cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. / +$4 +int +main () +{ +static int test_array [1 - 2 !(($2) >= 0)]; +test_array [0] = 0 + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_lo=0 ac_mid=0 + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. / +$4 +int +main () +{ +static int test_array [1 - 2 !(($2) <= $ac_mid)]; +test_array [0] = 0 + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_hi=$ac_mid; break +else + as_fn_arith $ac_mid + 1 && ac_lo=$as_val + if test $ac_lo -le $ac_mid; then + ac_lo= ac_hi= + break + fi + as_fn_arith 2 '' $ac_mid + 1 && ac_mid=$as_val +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/ end confdefs.h. / +$4 +int +main () +{ +static int test_array [1 - 2 !(($2) < 0)]; +test_array [0] = 0 + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_hi=-1 ac_mid=-1 + while :; do + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. / +$4 +int +main () +{ +static int test_array [1 - 2 !(($2) >= $ac_mid)]; +test_array [0] = 0 + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_lo=$ac_mid; break +else + as_fn_arith '(' $ac_mid ')' - 1 && ac_hi=$as_val + if test $ac_mid -le $ac_hi; then + ac_lo= ac_hi= + break + fi + as_fn_arith 2 '' $ac_mid && ac_mid=$as_val +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext + done +else + ac_lo= ac_hi= +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +# Binary search between lo and hi bounds. +while test "x$ac_lo" != "x$ac_hi"; do + as_fn_arith '(' $ac_hi - $ac_lo ')' / 2 + $ac_lo && ac_mid=$as_val + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/ end confdefs.h. / +$4 +int +main () +{ +static int test_array [1 - 2 !(($2) <= $ac_mid)]; +test_array [0] = 0 + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_hi=$ac_mid +else + as_fn_arith '(' $ac_mid ')' + 1 && ac_lo=$as_val +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +done +case $ac_lo in #(( +?) eval "$3=\$ac_lo"; ac_retval=0 ;; +'') ac_retval=1 ;; +esac + else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/ end confdefs.h. / +$4 +static long int longval () { return $2; } +static unsigned long int ulongval () { return $2; } +#include <stdio.h> +#include <stdlib.h> +int +main () +{ + + FILE f = fopen ("conftest.val", "w"); + if (! f) + return 1; + if (($2) < 0) + { + long int i = longval (); + if (i != ($2)) + return 1; + fprintf (f, "%ld", i); + } + else + { + unsigned long int i = ulongval (); + if (i != ($2)) + return 1; + fprintf (f, "%lu", i); + } + /* Do not output a trailing newline, as this causes \r\n confusion + on some platforms. / + return ferror (f) \|\| fclose (f) != 0; + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_run "$LINENO"; then : + echo >>conftest.val; read $3 <conftest.val; ac_retval=0 +else + ac_retval=1 +fi +rm -f core .core core.conftest.* gmon.out bb.out conftest$ac_exeext \ + conftest.$ac_objext conftest.beam conftest.$ac_ext +rm -f conftest.val + + fi + eval $as_lineno_stack; ${as_lineno_stack:+:} unset as_lineno + as_fn_set_status $ac_retval + +} # ac_fn_c_compute_int + # ac_fn_c_check_member LINENO AGGR MEMBER VAR INCLUDES # ---------------------------------------------------- # Tries to find if the field MEMBER exists in type AGGR, after including @@ -2001,7 +2185,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by ldns $as_me 1.6.9, which was +It was created by ldns $as_me 1.6.10, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -2351,13 +2535,13 @@ # needed to build correct soname -LIBTOOL_VERSION_INFO=1:6:9 +LIBTOOL_VERSION_INFO=1:6:10 LDNS_VERSION_MAJOR=1 LDNS_VERSION_MINOR=6 -LDNS_VERSION_MICRO=9 +LDNS_VERSION_MICRO=10 OURCPPFLAGS='' @@ -5564,6 +5748,7 @@ # check for python +PYTHON_X_CFLAGS="" # Check whether --with-pyldns was given. if test "${with_pyldns+set}" = set; then : @@ -6060,9 +6245,45 @@ fi else { $as_echo "$as_me:${as_lineno-$LINENO}: result: * don't have Python, skipping Swig, no pyldns " >&5 -$as_echo " don't have Python, skipping Swig, no pyldns " >&6; } +$as_echo " don't have Python, skipping Swig, no pyldns " >&6; } # ' fi + + # xtra cflags for pyldns + if test x_$ldns_have_python != x_no; then + + +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC supports -fno-strict-aliasing" >&5 +$as_echo_n "checking whether $CC supports -fno-strict-aliasing... " >&6; } +cache=`echo fno-strict-aliasing \| sed 'y%.=/+-%___p_%'` +if eval \${cv_prog_cc_flag_$cache+:} false; then : + $as_echo_n "(cached) " >&6 +else + +echo 'void f(){}' >conftest.c +if test -z "`$CC $CPPFLAGS $CFLAGS -fno-strict-aliasing -c conftest.c 2>&1`"; then +eval "cv_prog_cc_flag_$cache=yes" +else +eval "cv_prog_cc_flag_$cache=no" fi +rm -f conftest conftest.o conftest.c + +fi + +if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5 +$as_echo "yes" >&6; } +: +PYTHON_X_CFLAGS="-fno-strict-aliasing" +else +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5 +$as_echo "no" >&6; } +: + +fi + + fi +fi + # Use libtool ac_aux_dir= @@ -13811,6 +14032,8 @@ #define USE_ECDSA 1 _ACEOF + ldns_build_config_use_ecdsa=1 + { $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: ************************************************************** * YOU HAVE ENABLED ECDSA WHICH IS EXPERIMENTAL AT THIS TIME * @@ -13823,8 +14046,12 @@ **************************************************************" >&2;} ;; no) + ldns_build_config_use_ecdsa=0 + ;; ) + ldns_build_config_use_ecdsa=0 + ;; esac @@ -14219,10 +14446,102 @@ fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking for stdbool.h that conforms to C99" >&5 +$as_echo_n "checking for stdbool.h that conforms to C99... " >&6; } +if ${ac_cv_header_stdbool_h+:} false; then : + $as_echo_n "(cached) " >&6 +else + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. / + +#include <stdbool.h> +#ifndef bool + "error: bool is not defined" +#endif +#ifndef false + "error: false is not defined" +#endif +#if false + "error: false is not 0" +#endif +#ifndef true + "error: true is not defined" +#endif +#if true != 1 + "error: true is not 1" +#endif +#ifndef __bool_true_false_are_defined + "error: __bool_true_false_are_defined is not defined" +#endif + + struct s { _Bool s: 1; _Bool t; } s; + + char a[true == 1 ? 1 : -1]; + char b[false == 0 ? 1 : -1]; + char c[__bool_true_false_are_defined == 1 ? 1 : -1]; + char d[(bool) 0.5 == true ? 1 : -1]; + / See body of main program for 'e'. / + char f[(_Bool) 0.0 == false ? 1 : -1]; + char g[true]; + char h[sizeof (_Bool)]; + char i[sizeof s.t]; + enum { j = false, k = true, l = false true, m = true * 256 }; + /* The following fails for + HP aC++/ANSI C B3910B A.05.55 [Dec 04 2003]. / + _Bool n[m]; + char o[sizeof n == m sizeof n[0] ? 1 : -1]; + char p[-1 - (_Bool) 0 < 0 && -1 - (bool) 0 < 0 ? 1 : -1]; + /* Catch a bug in an HP-UX C compiler. See + http://gcc.gnu.org/ml/gcc-patches/2003-12/msg02303.html + http://lists.gnu.org/archive/html/bug-coreutils/2005-11/msg00161.html + / + _Bool q = true; + _Bool pq = &q; + +int +main () +{ + + bool e = &s; + pq \|= q; + pq \|= ! q; + /* Refer to every declared value, to avoid compiler optimizations. / + return (!a + !b + !c + !d + !e + !f + !g + !h + !i + !!j + !k + !!l + + !m + !n + !o + !p + !q + !pq); + + ; + return 0; +} +_ACEOF +if ac_fn_c_try_compile "$LINENO"; then : + ac_cv_header_stdbool_h=yes +else + ac_cv_header_stdbool_h=no +fi +rm -f core conftest.err conftest.$ac_objext conftest.$ac_ext +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_header_stdbool_h" >&5 +$as_echo "$ac_cv_header_stdbool_h" >&6; } +ac_fn_c_check_type "$LINENO" "_Bool" "ac_cv_type__Bool" "$ac_includes_default" +if test "x$ac_cv_type__Bool" = xyes; then : + +cat >>confdefs.h <<_ACEOF +#define HAVE__BOOL 1 +_ACEOF + + +fi + +if test $ac_cv_header_stdbool_h = yes; then + +$as_echo "#define HAVE_STDBOOL_H 1" >>confdefs.h + +fi + #AC_HEADER_SYS_WAIT #AC_CHECK_HEADERS([getopt.h fcntl.h stdlib.h string.h strings.h unistd.h]) # do the very minimum - we can always extend this -for ac_header in getopt.h stdarg.h stdbool.h openssl/ssl.h netinet/in.h time.h arpa/inet.h netdb.h +for ac_header in getopt.h stdarg.h openssl/ssl.h netinet/in.h time.h arpa/inet.h netdb.h do : as_ac_Header=`$as_echo "ac_cv_header_$ac_header" \| $as_tr_sh` ac_fn_c_check_header_compile "$LINENO" "$ac_header" "$as_ac_Header" "$ac_includes_default @@ -14288,10 +14607,14 @@ $as_echo "#define HAVE_INTTYPES_H 1" >>confdefs.h +ldns_build_config_have_inttypes_h=1 + else include_inttypes_h='' +ldns_build_config_have_inttypes_h=0 + fi @@ -14334,6 +14657,53 @@ +# The cast to long int works around a bug in the HP C Compiler +# version HP92453-01 B.11.11.23709.GP, which incorrectly rejects +# declarations like `int a3[[(sizeof (unsigned char)) >= 0]];'. +# This bug is HP SR number 8606223364. +{ $as_echo "$as_me:${as_lineno-$LINENO}: checking size of time_t" >&5 +$as_echo_n "checking size of time_t... " >&6; } +if ${ac_cv_sizeof_time_t+:} false; then : + $as_echo_n "(cached) " >&6 +else + if ac_fn_c_compute_int "$LINENO" "(long int) (sizeof (time_t))" "ac_cv_sizeof_time_t" " +$ac_includes_default +#ifdef TIME_WITH_SYS_TIME +# include <sys/time.h> +# include <time.h> +#else +# ifdef HAVE_SYS_TIME_H +# include <sys/time.h> +# else +# include <time.h> +# endif +#endif + +"; then : + +else + if test "$ac_cv_type_time_t" = yes; then + { { $as_echo "$as_me:${as_lineno-$LINENO}: error: in \`$ac_pwd':" >&5 +$as_echo "$as_me: error: in \`$ac_pwd':" >&2;} +as_fn_error 77 "cannot compute sizeof (time_t) +See \`config.log' for more details" "$LINENO" 5; } + else + ac_cv_sizeof_time_t=0 + fi +fi + +fi +{ $as_echo "$as_me:${as_lineno-$LINENO}: result: $ac_cv_sizeof_time_t" >&5 +$as_echo "$ac_cv_sizeof_time_t" >&6; } + + + +cat >>confdefs.h <<_ACEOF +#define SIZEOF_TIME_T $ac_cv_sizeof_time_t +_ACEOF + + + ac_fn_c_check_type "$LINENO" "socklen_t" "ac_cv_type_socklen_t" " $ac_includes_default @@ -14633,6 +15003,20 @@ fi +ac_fn_c_check_func "$LINENO" "calloc" "ac_cv_func_calloc" +if test "x$ac_cv_func_calloc" = xyes; then : + $as_echo "#define HAVE_CALLOC 1" >>confdefs.h + +else + case " $LIBOBJS " in + " calloc.$ac_objext "* ) ;; + *) LIBOBJS="$LIBOBJS calloc.$ac_objext" + ;; +esac + +fi + + ac_fn_c_check_func "$LINENO" "timegm" "ac_cv_func_timegm" if test "x$ac_cv_func_timegm" = xyes; then : $as_echo "#define HAVE_TIMEGM 1" >>confdefs.h @@ -14787,7 +15171,7 @@ fi -for ac_func in endprotoent endservent sleep random fcntl strtoul +for ac_func in endprotoent endservent sleep random fcntl strtoul bzero memset do : as_ac_var=`$as_echo "ac_cv_func_$ac_func" \| $as_tr_sh` ac_fn_c_check_func "$LINENO" "$ac_func" "$as_ac_var" @@ -15112,7 +15496,29 @@ -ac_config_files="$ac_config_files Makefile ldns/net.h ldns/util.h packaging/libldns.pc packaging/ldns-config" +if test "x$HAVE_SSL" = "xyes"; then + ldns_build_config_have_ssl=1 + +else + ldns_build_config_have_ssl=0 + +fi +if test "x$ac_cv_c_format_attribute" = "xyes"; then + ldns_build_config_have_attr_format=1 + +else + ldns_build_config_have_attr_format=0 + +fi +if test "x$ac_cv_c_unused_attribute" = "xyes"; then + ldns_build_config_have_attr_unused=1 + +else + ldns_build_config_have_attr_unused=0 + +fi + +ac_config_files="$ac_config_files Makefile ldns/common.h ldns/net.h ldns/util.h packaging/libldns.pc packaging/ldns-config" ac_config_headers="$ac_config_headers ldns/config.h" @@ -15636,7 +16042,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by ldns $as_me 1.6.9, which was +This file was extended by ldns $as_me 1.6.10, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -15702,7 +16108,7 @@ cat >>$CONFIG_STATUS <<_ACEOF \|\| ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" \| sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -ldns config.status 1.6.9 +ldns config.status 1.6.10 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\" @@ -16108,6 +16514,7 @@ "libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;; "disable-rpath") CONFIG_COMMANDS="$CONFIG_COMMANDS disable-rpath" ;; "Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;; + "ldns/common.h") CONFIG_FILES="$CONFIG_FILES ldns/common.h" ;; "ldns/net.h") CONFIG_FILES="$CONFIG_FILES ldns/net.h" ;; "ldns/util.h") CONFIG_FILES="$CONFIG_FILES ldns/util.h" ;; "packaging/libldns.pc") CONFIG_FILES="$CONFIG_FILES packaging/libldns.pc" ;;
[-] [+]	Changed	ldns-1.6.10.tar.gz/configure.ac ^
@@ -6,7 +6,7 @@ # must be numbers. ac_defun because of later processing. m4_define([VERSION_MAJOR],[1]) m4_define([VERSION_MINOR],[6]) -m4_define([VERSION_MICRO],[9]) +m4_define([VERSION_MICRO],[10]) AC_INIT(ldns, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), libdns@nlnetlabs.nl, libdns) AC_CONFIG_SRCDIR([packet.c]) # needed to build correct soname @@ -84,6 +84,7 @@ AC_SEARCH_LIBS([inet_pton], [nsl]) # check for python +PYTHON_X_CFLAGS="" AC_ARG_WITH(pyldns, AC_HELP_STRING([--with-pyldns], [generate python library, or --without-pyldns to disable Python support.]), [],[ withval="no" ]) @@ -113,9 +114,15 @@ AC_SUBST(swig, "$SWIG") fi else - AC_MSG_RESULT([* don't have Python, skipping Swig, no pyldns ]) + AC_MSG_RESULT([ don't have Python, skipping Swig, no pyldns ]) # ' + fi + + # xtra cflags for pyldns + if test x_$ldns_have_python != x_no; then + ACX_CHECK_COMPILER_FLAG(fno-strict-aliasing, [PYTHON_X_CFLAGS="-fno-strict-aliasing"]) fi fi +AC_SUBST(PYTHON_X_CFLAGS) # Use libtool ACX_LIBTOOL_C_ONLY @@ -177,6 +184,7 @@ ]) # we now know we have ECDSA and the required curves. AC_DEFINE_UNQUOTED([USE_ECDSA], [1], [Define this to enable ECDSA support.]) + AC_SUBST(ldns_build_config_use_ecdsa, 1) AC_WARN([ ************************************************************** * YOU HAVE ENABLED ECDSA WHICH IS EXPERIMENTAL AT THIS TIME * @@ -184,8 +192,10 @@ **************************************************************]) ;; no) + AC_SUBST(ldns_build_config_use_ecdsa, 0) ;; ) + AC_SUBST(ldns_build_config_use_ecdsa, 0) ;; esac @@ -229,10 +239,11 @@ # Checks for header files. AC_HEADER_STDC +AC_HEADER_STDBOOL #AC_HEADER_SYS_WAIT #AC_CHECK_HEADERS([getopt.h fcntl.h stdlib.h string.h strings.h unistd.h]) # do the very minimum - we can always extend this -AC_CHECK_HEADERS([getopt.h stdarg.h stdbool.h openssl/ssl.h netinet/in.h time.h arpa/inet.h netdb.h],,, [AC_INCLUDES_DEFAULT]) +AC_CHECK_HEADERS([getopt.h stdarg.h openssl/ssl.h netinet/in.h time.h arpa/inet.h netdb.h],,, [AC_INCLUDES_DEFAULT]) AC_CHECK_HEADERS(sys/param.h sys/mount.h,,, [AC_INCLUDES_DEFAULT [ @@ -259,8 +270,10 @@ [ include_inttypes_h='#include <inttypes.h>' AC_DEFINE(HAVE_INTTYPES_H, 1, [define if you have inttypes.h]) +AC_SUBST(ldns_build_config_have_inttypes_h, 1) ],[ include_inttypes_h='' +AC_SUBST(ldns_build_config_have_inttypes_h, 0) ],[AC_INCLUDES_DEFAULT ]) AC_SUBST(include_inttypes_h) @@ -283,6 +296,20 @@ ]) AC_SUBST(include_unistd_h) +AC_CHECK_SIZEOF(time_t,,[ +AC_INCLUDES_DEFAULT +#ifdef TIME_WITH_SYS_TIME +# include <sys/time.h> +# include <time.h> +#else +# ifdef HAVE_SYS_TIME_H +# include <sys/time.h> +# else +# include <time.h> +# endif +#endif +]) + ACX_TYPE_SOCKLEN_T AC_CHECK_TYPE(ssize_t, int) AC_CHECK_TYPE(in_addr_t, [], [AC_DEFINE([in_addr_t], [uint32_t], [in_addr_t])], [ @@ -308,6 +335,7 @@ AC_REPLACE_FUNCS(b64_ntop) AC_REPLACE_FUNCS(b32_pton) AC_REPLACE_FUNCS(b32_ntop) +AC_REPLACE_FUNCS(calloc) AC_REPLACE_FUNCS(timegm) AC_REPLACE_FUNCS(gmtime_r) AC_REPLACE_FUNCS(ctime_r) @@ -319,7 +347,7 @@ AC_REPLACE_FUNCS(snprintf) AC_REPLACE_FUNCS(strlcpy) AC_REPLACE_FUNCS(memmove) -AC_CHECK_FUNCS([endprotoent endservent sleep random fcntl strtoul]) +AC_CHECK_FUNCS([endprotoent endservent sleep random fcntl strtoul bzero memset]) ACX_CHECK_GETADDRINFO_WITH_INCLUDES if test $ac_cv_func_getaddrinfo = no; then @@ -479,7 +507,23 @@ #endif ]) -AC_CONFIG_FILES([Makefile ldns/net.h ldns/util.h packaging/libldns.pc packaging/ldns-config]) +if test "x$HAVE_SSL" = "xyes"; then + AC_SUBST(ldns_build_config_have_ssl, 1) +else + AC_SUBST(ldns_build_config_have_ssl, 0) +fi +if test "x$ac_cv_c_format_attribute" = "xyes"; then + AC_SUBST(ldns_build_config_have_attr_format, 1) +else + AC_SUBST(ldns_build_config_have_attr_format, 0) +fi +if test "x$ac_cv_c_unused_attribute" = "xyes"; then + AC_SUBST(ldns_build_config_have_attr_unused, 1) +else + AC_SUBST(ldns_build_config_have_attr_unused, 0) +fi + +AC_CONFIG_FILES([Makefile ldns/common.h ldns/net.h ldns/util.h packaging/libldns.pc packaging/ldns-config]) AC_CONFIG_HEADER([ldns/config.h]) AC_OUTPUT
[-] [+]	Changed	ldns-1.6.10.tar.gz/contrib/python/Makefile ^
@@ -62,6 +62,6 @@ #for development only swig: ldns.i swig -python -o ldns_wrapper.c -I../.. ldns.i - gcc -c ldns_wrapper.c -O9 -fPIC -I../.. -I../../ldns -I/usr/include/python2.5 -I. -o ldns_wrapper.o + gcc -c ldns_wrapper.c -O9 -fPIC -I../.. -I../../ldns -I/usr/local/include/python2.6 -I. -o ldns_wrapper.o ld -shared ldns_wrapper.o -L../../.libs -lldns -o _ldns.so
[-] [+]	Added	ldns-1.6.10.tar.gz/contrib/python/examples/ldns_rr_iter_frm_fp_l.demo.py ^
@@ -0,0 +1,15 @@ +import ldns +import sys + +if len(sys.argv) <= 1: + print "Usage: %s zone_file" % sys.argv[0] + sys.exit() + +inp = open(sys.argv[1],"r"); +for rr in ldns.ldns_rr_iter_frm_fp_l(inp): + print rr + +inp.close() + + +
[-] [+]	Added	ldns-1.6.10.tar.gz/contrib/python/examples/ldns_rr_new_frm_fp_l.demo.py ^
@@ -0,0 +1,43 @@ +import ldns +import sys + +if len(sys.argv) <= 1: + print "Usage: %s zone_file" % sys.argv[0] + sys.exit() + +inp = open(sys.argv[1],"r"); +# variables that preserve the parsers state +my_ttl = 3600; +my_origin = None +my_prev = None +# additional state variables +last_pos = 0 +line_nr = 0 + +while True: + ret = ldns.ldns_rr_new_frm_fp_l_(inp, my_ttl, my_origin, my_prev) + s, rr, line_inc, new_ttl, new_origin, new_prev = ret # unpack the result + line_nr += line_inc # increase number of parsed lines + my_prev = new_prev # update ref to previous owner + + if s == ldns.LDNS_STATUS_SYNTAX_TTL: + my_ttl = new_ttl # update default TTL + print "$TTL:", my_ttl + elif s == ldns.LDNS_STATUS_SYNTAX_ORIGIN: + my_origin = new_origin # update reference to origin + print "$ORIGIN:", my_origin + elif s == ldns.LDNS_STATUS_SYNTAX_EMPTY: + if last_pos == inp.tell(): + break # no advance since last read - EOF + last_pos = inp.tell() + elif s != ldns.LDNS_STATUS_OK: + print "! parse error in line", line_nr + else: + # we are sure to have LDNS_STATUS_OK + print rr + +inp.close() +print "--------------------" +print "Read %d lines" % line_nr + +
[-] [+]	Changed	ldns-1.6.10.tar.gz/contrib/python/ldns.i ^
@@ -95,6 +95,9 @@ %apply int OUTPUT { int line_nr}; %apply uint32_t OUTPUT { uint32_t default_ttl}; +// wire2pkt +%apply (char STRING, int LENGTH) { (const char str, int len) }; + %include "ldns_packet.i" %include "ldns_resolver.i" %include "ldns_rr.i" @@ -144,6 +147,14 @@ { PyObject* tuple; + /* origin and prev have to be cloned in order to decouple the data + * from the python wrapper + / + if (origin != NULL) + origin = ldns_rdf_clone(origin); + if (prev != NULL) + prev = ldns_rdf_clone(prev); + ldns_rdf p_prev = prev; ldns_rdf *pp_prev = &p_prev; if (p_prev == 0) pp_prev = 0; @@ -157,14 +168,14 @@ PyTuple_SetItem(tuple, 0, SWIG_From_int(st)); PyTuple_SetItem(tuple, 1, (st == LDNS_STATUS_OK) ? SWIG_NewPointerObj(SWIG_as_voidptr(p_rr), SWIGTYPE_p_ldns_struct_rr, SWIG_POINTER_OWN \| 0 ) : - Py_None); + (Py_INCREF(Py_None), Py_None)); PyTuple_SetItem(tuple, 2, (p_prev != prev) ? SWIG_NewPointerObj(SWIG_as_voidptr(p_prev), SWIGTYPE_p_ldns_struct_rdf, SWIG_POINTER_OWN \| 0 ) : - Py_None); + (Py_INCREF(Py_None), Py_None)); return tuple; } - PyObject ldns_rr_new_frm_fp_l_(FILE fp, uint32_t default_ttl, ldns_rdf origin, ldns_rdf* prev, int ret_linenr) + PyObject* ldns_rr_new_frm_fp_l_(FILE fp, uint32_t default_ttl, ldns_rdf origin, ldns_rdf* prev) //returns tuple (status, ldns_rr, [line if ret_linenr], ttl, origin, prev) { int linenr = 0; @@ -174,13 +185,21 @@ uint32_t p_defttl = &defttl; if (defttl == 0) p_defttl = 0; + / origin and prev have to be cloned in order to decouple the data + * from the python wrapper + / + if (origin != NULL) + origin = ldns_rdf_clone(origin); + if (prev != NULL) + prev = ldns_rdf_clone(prev); + ldns_rdf p_origin = origin; ldns_rdf *pp_origin = &p_origin; - if (p_origin == 0) pp_origin = 0; + //if (p_origin == 0) pp_origin = 0; ldns_rdf p_prev = prev; ldns_rdf *pp_prev = &p_prev; - if (p_prev == 0) pp_prev = 0; + //if (p_prev == 0) pp_prev = 0; ldns_rr p_rr = 0; ldns_rr *pp_rr = &p_rr; @@ -188,35 +207,38 @@ ldns_status st = ldns_rr_new_frm_fp_l(pp_rr, fp, p_defttl, pp_origin, pp_prev, p_linenr); PyObject tuple; - tuple = PyTuple_New(ret_linenr ? 6 : 5); + tuple = PyTuple_New(6); int idx = 0; PyTuple_SetItem(tuple, idx, SWIG_From_int(st)); idx++; PyTuple_SetItem(tuple, idx, (st == LDNS_STATUS_OK) ? SWIG_NewPointerObj(SWIG_as_voidptr(p_rr), SWIGTYPE_p_ldns_struct_rr, SWIG_POINTER_OWN \| 0 ) : - Py_None); + (Py_INCREF(Py_None), Py_None)); idx++; - if (ret_linenr) { - PyTuple_SetItem(tuple, idx, SWIG_From_int(linenr)); - idx++; - } - PyTuple_SetItem(tuple, idx, (defttl != default_ttl) ? SWIG_From_int(defttl) : Py_None); + PyTuple_SetItem(tuple, idx, SWIG_From_int(linenr)); idx++; - PyTuple_SetItem(tuple, idx, (p_origin != origin) ? - SWIG_NewPointerObj(SWIG_as_voidptr(p_origin), SWIGTYPE_p_ldns_struct_rdf, SWIG_POINTER_OWN \| 0 ) : - Py_None); + PyTuple_SetItem(tuple, idx, SWIG_From_int(defttl)); idx++; - PyTuple_SetItem(tuple, idx, (p_prev != prev) ? - SWIG_NewPointerObj(SWIG_as_voidptr(p_prev), SWIGTYPE_p_ldns_struct_rdf, SWIG_POINTER_OWN \| 0 ) : - Py_None); + PyTuple_SetItem(tuple, idx, SWIG_NewPointerObj(SWIG_as_voidptr(p_origin), SWIGTYPE_p_ldns_struct_rdf, SWIG_POINTER_OWN \| 0 )); + idx++; + PyTuple_SetItem(tuple, idx, SWIG_NewPointerObj(SWIG_as_voidptr(p_prev), SWIGTYPE_p_ldns_struct_rdf, SWIG_POINTER_OWN \| 0 )); return tuple; } - PyObject* ldns_rr_new_question_frm_str_(const char str, ldns_rdf origin, ldns_rdf* prev) + +PyObject* ldns_rr_new_question_frm_str_(const char str, ldns_rdf origin, ldns_rdf* prev) //returns tuple (status, ldns_rr, prev) { PyObject* tuple; + /* origin and prev have to be cloned in order to decouple the data + * from the python wrapper + / + if (origin != NULL) + origin = ldns_rdf_clone(origin); + if (prev != NULL) + prev = ldns_rdf_clone(prev); + ldns_rdf p_prev = prev; ldns_rdf *pp_prev = &p_prev; if (p_prev == 0) pp_prev = 0; @@ -230,10 +252,10 @@ PyTuple_SetItem(tuple, 0, SWIG_From_int(st)); PyTuple_SetItem(tuple, 1, (st == LDNS_STATUS_OK) ? SWIG_NewPointerObj(SWIG_as_voidptr(p_rr), SWIGTYPE_p_ldns_struct_rr, SWIG_POINTER_OWN \| 0 ) : - Py_None); + (Py_INCREF(Py_None), Py_None)); PyTuple_SetItem(tuple, 2, (p_prev != prev) ? SWIG_NewPointerObj(SWIG_as_voidptr(p_prev), SWIGTYPE_p_ldns_struct_rdf, SWIG_POINTER_OWN \| 0 ) : - Py_None); + (Py_INCREF(Py_None), Py_None)); return tuple; } @@ -254,14 +276,70 @@ PyTuple_SetItem(tuple, 0, SWIG_From_int(st)); PyTuple_SetItem(tuple, 1, (st == LDNS_STATUS_OK) ? SWIG_NewPointerObj(SWIG_as_voidptr(rrl), SWIGTYPE_p_ldns_struct_rr_list, SWIG_POINTER_OWN \| 0 ) : - Py_None); + (Py_INCREF(Py_None), Py_None)); return tuple; } +PyObject ldns_wire2pkt_(const char str, int len) + //returns tuple (status, result) + { + PyObject resultobj = 0; + ldns_pkt arg1 = NULL; + uint8_t arg2 = (uint8_t ) str; + size_t arg3 = (size_t) len; + ldns_status result; + PyObject tuple; + + result = (ldns_status)ldns_wire2pkt(&arg1,arg2,arg3); + tuple = PyTuple_New(2); + PyTuple_SetItem(tuple, 0, SWIG_From_int(result)); + if (result == LDNS_STATUS_OK) + PyTuple_SetItem(tuple, 1, SWIG_NewPointerObj(SWIG_as_voidptr(arg1), SWIGTYPE_p_ldns_struct_pkt, SWIG_POINTER_OWN \| 0 )); + else { + Py_INCREF(Py_None); + PyTuple_SetItem(tuple, 1, Py_None); + } + return tuple; +} + %} %pythoncode %{ def ldns_fetch_valid_domain_keys(res, domain, keys): return _ldns.ldns_fetch_valid_domain_keys_(res, domain, keys) -%} +def ldns_wire2pkt(data): + return _ldns.ldns_wire2pkt_(data) + +def ldns_rr_iter_frm_fp_l(input_file): + """Creates an iterator (generator) that returns individual parsed + RRs from an open zone file.""" + # variables that preserve the parsers state + my_ttl = 0; + my_origin = None + my_prev = None + # additional state variables + last_pos = 0 + line_nr = 0 + + while True: + ret = _ldns.ldns_rr_new_frm_fp_l_(input_file, my_ttl, my_origin, my_prev) + s, rr, line_inc, new_ttl, new_origin, new_prev = ret # unpack the result + line_nr += line_inc # increase number of parsed lines + my_prev = new_prev # update ref to previous owner + + if s == _ldns.LDNS_STATUS_SYNTAX_TTL: + my_ttl = new_ttl # update default TTL + elif s == _ldns.LDNS_STATUS_SYNTAX_ORIGIN: + my_origin = new_origin # update reference to origin + elif s == _ldns.LDNS_STATUS_SYNTAX_EMPTY: + if last_pos == input_file.tell(): + break # no advance since last read - EOF + last_pos = input_file.tell() + elif s != _ldns.LDNS_STATUS_OK: + raise ValueError("Parse error in line %d" % line_nr) + else: + # we are sure to have LDNS_STATUS_OK + yield rr + +%}
[-] [+]	Changed	ldns-1.6.10.tar.gz/contrib/python/ldns_buffer.i ^
@@ -51,6 +51,10 @@ %newobject ldns_dname_new_frm_data; %newobject ldns_dname_label; +# limit the number of arguments to 2 and +# deal with variable number of arguments the Python way +%varargs(2, char arg = NULL) ldns_buffer_printf; + %rename(ldns_buffer) ldns_struct_buffer; #ifdef LDNS_DEBUG @@ -232,14 +236,15 @@ #parameters: ldns_buffer , #retvals: size_t - def printf(self,str): + def printf(self, str, args): """Prints to the buffer, increasing the capacity if required using buffer_reserve(). The buffer's position is set to the terminating '\0'. Returns the number of characters written (not including the terminating '\0') or -1 on failure. :param str: a string :returns: (int) """ - return _ldns.ldns_buffer_printf(self,str) + data = str % args + return _ldns.ldns_buffer_printf(self,data) #parameters: ldns_buffer ,const char *,... #retvals: int
[-] [+]	Changed	ldns-1.6.10.tar.gz/contrib/python/ldns_packet.i ^
@@ -41,12 +41,14 @@ $result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(SWIG_as_voidptr($1_pkt), SWIGTYPE_p_ldns_struct_pkt, SWIG_POINTER_OWN \| 0 )); } +%newobject ldns_pkt_new; %newobject ldns_pkt_clone; %newobject ldns_pkt_rr_list_by_type; %newobject ldns_pkt_rr_list_by_name_and_type; %newobject ldns_pkt_rr_list_by_name; %newobject ldns_update_pkt_new; + %nodefaultctor ldns_struct_pkt; //no default constructor & destructor %nodefaultdtor ldns_struct_pkt; @@ -69,9 +71,57 @@ %newobject ldns_pkt_algorithm2str; %newobject ldns_pkt_cert_algorithm2str; -%exception ldns_pkt_push_rr(ldns_pkt packet, ldns_pkt_section section, ldns_rr rr) %{ $action if (result) Py_INCREF(obj2); %} -%exception ldns_pkt_push_rr_list(ldns_pkt packet, ldns_pkt_section section, ldns_rr_list list) %{ $action if (result) Py_INCREF(obj2); %} +/* cloning of packet_lists to make them independent of the original packet / + +%newobject _ldns_pkt_additional; +%newobject _ldns_pkt_answer; +%newobject _ldns_pkt_authority; +%newobject _ldns_pkt_question; + +%rename(__ldns_pkt_additional) ldns_pkt_additional; +%inline %{ +ldns_rr_list _ldns_pkt_additional(ldns_pkt* p) { + return ldns_rr_list_clone(ldns_pkt_additional(p)); +} +%} + +%rename(__ldns_pkt_answer) ldns_pkt_answer; +%inline %{ +ldns_rr_list* _ldns_pkt_answer(ldns_pkt* p) { + return ldns_rr_list_clone(ldns_pkt_answer(p)); +} +%} + +%rename(__ldns_pkt_authority) ldns_pkt_authority; +%inline %{ +ldns_rr_list* _ldns_pkt_authority(ldns_pkt* p) { + return ldns_rr_list_clone(ldns_pkt_authority(p)); +} +%} + +%rename(__ldns_pkt_question) ldns_pkt_question; +%inline %{ +ldns_rr_list* _ldns_pkt_question(ldns_pkt* p) { + return ldns_rr_list_clone(ldns_pkt_question(p)); +} +%} + +/* clone data when pushed in / + +%rename(__ldns_pkt_push_rr) ldns_pkt_push_rr; +%inline %{ +bool _ldns_pkt_push_rr(ldns_pkt p, ldns_pkt_section sec, ldns_rr rr) { + return ldns_pkt_push_rr(p, sec, ldns_rr_clone(rr)); +} +%} + +%rename(__ldns_pkt_push_rr_list) ldns_pkt_push_rr_list; +%inline %{ +bool _ldns_pkt_push_rr_list(ldns_pkt p, ldns_pkt_section sec, ldns_rr_list rrl) { + return ldns_pkt_push_rr_list(p, sec, ldns_rr_list_clone(rrl)); +} +%} %feature("docstring") ldns_struct_pkt "LDNS packet object. @@ -224,7 +274,7 @@ :returns: (ldns_rr_list \) the section """ - return _ldns.ldns_pkt_additional(self) + return _ldns._ldns_pkt_additional(self) #parameters: const ldns_pkt , #retvals: ldns_rr_list @@ -252,7 +302,7 @@ :returns: (ldns_rr_list \) the section """ - return _ldns.ldns_pkt_answer(self) + return _ldns._ldns_pkt_answer(self) #parameters: const ldns_pkt , #retvals: ldns_rr_list * @@ -279,7 +329,7 @@ :returns: (ldns_rr_list \) the section """ - return _ldns.ldns_pkt_authority(self) + return _ldns._ldns_pkt_authority(self) #parameters: const ldns_pkt , #retvals: ldns_rr_list * @@ -433,7 +483,7 @@ rr to push :returns: (bool) a boolean which is true when the rr was added """ - return _ldns.ldns_pkt_push_rr(self,section,rr) + return _ldns._ldns_pkt_push_rr(self,section,rr) #parameters: ldns_pkt ,ldns_pkt_section,ldns_rr , #retvals: bool @@ -446,7 +496,7 @@ the rr_list to push :returns: (bool) a boolean which is true when the rr was added """ - return _ldns.ldns_pkt_push_rr_list(self,section,list) + return _ldns._ldns_pkt_push_rr_list(self,section,list) #parameters: ldns_pkt ,ldns_pkt_section,ldns_rr_list , #retvals: bool @@ -482,7 +532,7 @@ :returns: (ldns_rr_list \) the section """ - return _ldns.ldns_pkt_question(self) + return _ldns._ldns_pkt_question(self) #parameters: const ldns_pkt , #retvals: ldns_rr_list *
[-] [+]	Changed	ldns-1.6.10.tar.gz/contrib/python/ldns_rdf.i ^
@@ -66,6 +66,10 @@ %newobject ldns_dname_new_frm_str; %newobject ldns_dname_new_frm_data; +%newobject ldns_rdf_new; +%newobject ldns_rdf_new_frm_str; +%newobject ldns_rdf_new_frm_data; + %delobject ldns_rdf_deep_free; %delobject ldns_rdf_free; @@ -141,7 +145,7 @@ def __init__(self): raise Exception("This class can't be created directly. Please use: ldns_rdf_new, ldns_rdf_new_frm_data, ldns_rdf_new_frm_str, ldns_rdf_new_frm_fp, ldns_rdf_new_frm_fp_l") - __swig_destroy__ = _ldns._ldns_rdf_free + __swig_destroy__ = _ldns._ldns_rdf_deep_free #LDNS_RDF_CONSTRUCTORS_# @staticmethod
[-] [+]	Changed	ldns-1.6.10.tar.gz/contrib/python/ldns_resolver.i ^
@@ -166,7 +166,10 @@ www.l.google.com. 300 IN A 74.125.43.147 """ - return _ldns.ldns_get_rr_list_addr_by_name(self, name, aclass, flags) + rdf = name + if isinstance(name, str): + rdf = _ldns.ldns_dname_new_frm_str(name) + return _ldns.ldns_get_rr_list_addr_by_name(self, rdf, aclass, flags) def get_name_by_addr(self, addr, aclass = _ldns.LDNS_RR_CLASS_IN, flags = _ldns.LDNS_RD): """Ask the resolver about the address and return the name
[-] [+]	Changed	ldns-1.6.10.tar.gz/contrib/python/ldns_rr.i ^
@@ -48,6 +48,7 @@ %ignore ldns_struct_rr::_rdata_fields; %newobject ldns_rr_clone; +%newobject ldns_rr_new; %newobject ldns_rr_pop_rdf; %delobject ldns_rr_free; @@ -70,6 +71,299 @@ %newobject ldns_rr_class2str; %newobject ldns_read_anchor_file; + +// clone rdf data on pull + +%newobject _ldns_rr_rdf; +%rename(__ldns_rr_rdf) ldns_rr_rdf; +%inline %{ +ldns_rdf* _ldns_rr_rdf(ldns_rr* rr, size_t i) { + return ldns_rdf_clone(ldns_rr_rdf(rr, i)); +} +%} + +%newobject _ldns_rr_rrsig_algorithm; +%rename(__ldns_rr_rrsig_algorithm) ldns_rr_rrsig_algorithm; +%inline %{ +ldns_rdf* _ldns_rr_rrsig_algorithm(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_rrsig_algorithm(rr)); +} +%} + +%newobject _ldns_rr_dnskey_algorithm; +%rename(__ldns_rr_dnskey_algorithm) ldns_rr_dnskey_algorithm; +%inline %{ +ldns_rdf* _ldns_rr_dnskey_algorithm(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_dnskey_algorithm(rr)); +} +%} + +%newobject _ldns_rr_dnskey_flags; +%rename(__ldns_rr_dnskey_flags) ldns_rr_dnskey_flags; +%inline %{ +ldns_rdf* _ldns_rr_dnskey_flags(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_dnskey_flags(rr)); +} +%} + +%newobject _ldns_rr_dnskey_key; +%rename(__ldns_rr_dnskey_key) ldns_rr_dnskey_key; +%inline %{ +ldns_rdf* _ldns_rr_dnskey_key(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_dnskey_key(rr)); +} +%} + +%newobject _ldns_rr_dnskey_protocol; +%rename(__ldns_rr_dnskey_protocol) ldns_rr_dnskey_protocol; +%inline %{ +ldns_rdf* _ldns_rr_dnskey_protocol(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_dnskey_protocol(rr)); +} +%} + + +%newobject _ldns_rr_owner; +%rename(__ldns_rr_owner) ldns_rr_owner; +%inline %{ +ldns_rdf* _ldns_rr_owner(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_owner(rr)); +} +%} + + +%newobject _ldns_rr_a_address; +%rename(__ldns_rr_a_address) ldns_rr_a_address; +%inline %{ +ldns_rdf* _ldns_rr_a_address(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_a_address(rr)); +} +%} + + +%newobject _ldns_rr_mx_exchange; +%rename(__ldns_rr_mx_exchange) ldns_rr_mx_exchange; +%inline %{ +ldns_rdf* _ldns_rr_mx_exchange(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_mx_exchange(rr)); +} +%} + + +%newobject _ldns_rr_mx_preference; +%rename(__ldns_rr_mx_preference) ldns_rr_mx_preference; +%inline %{ +ldns_rdf* _ldns_rr_mx_preference(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_mx_preference(rr)); +} +%} + + +%newobject _ldns_rr_ns_nsdname; +%rename(__ldns_rr_ns_nsdname) ldns_rr_ns_nsdname; +%inline %{ +ldns_rdf* _ldns_rr_ns_nsdname(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_ns_nsdname(rr)); +} +%} + + +%newobject _ldns_rr_rrsig_expiration; +%rename(__ldns_rr_rrsig_expiration) ldns_rr_rrsig_expiration; +%inline %{ +ldns_rdf* _ldns_rr_rrsig_expiration(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_rrsig_expiration(rr)); +} +%} + + +%newobject _ldns_rr_rrsig_inception; +%rename(__ldns_rr_rrsig_inception) ldns_rr_rrsig_inception; +%inline %{ +ldns_rdf* _ldns_rr_rrsig_inception(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_rrsig_inception(rr)); +} +%} + + +%newobject _ldns_rr_rrsig_keytag; +%rename(__ldns_rr_rrsig_keytag) ldns_rr_rrsig_keytag; +%inline %{ +ldns_rdf* _ldns_rr_rrsig_keytag(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_rrsig_keytag(rr)); +} +%} + + +%newobject _ldns_rr_rrsig_labels; +%rename(__ldns_rr_rrsig_labels) ldns_rr_rrsig_labels; +%inline %{ +ldns_rdf* _ldns_rr_rrsig_labels(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_rrsig_labels(rr)); +} +%} + + +%newobject _ldns_rr_rrsig_origttl; +%rename(__ldns_rr_rrsig_origttl) ldns_rr_rrsig_origttl; +%inline %{ +ldns_rdf* _ldns_rr_rrsig_origttl(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_rrsig_origttl(rr)); +} +%} + + +%newobject _ldns_rr_rrsig_sig; +%rename(__ldns_rr_rrsig_sig) ldns_rr_rrsig_sig; +%inline %{ +ldns_rdf* _ldns_rr_rrsig_sig(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_rrsig_sig(rr)); +} +%} + + +%newobject _ldns_rr_rrsig_signame; +%rename(__ldns_rr_rrsig_signame) ldns_rr_rrsig_signame; +%inline %{ +ldns_rdf* _ldns_rr_rrsig_signame(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_rrsig_signame(rr)); +} +%} + + +%newobject _ldns_rr_rrsig_typecovered; +%rename(__ldns_rr_rrsig_typecovered) ldns_rr_rrsig_typecovered; +%inline %{ +ldns_rdf* _ldns_rr_rrsig_typecovered(ldns_rr* rr) { + return ldns_rdf_clone(ldns_rr_rrsig_typecovered(rr)); +} +%} + +// end of pull cloning + +// clone rdf data on push + +%rename(__ldns_rr_a_set_address) ldns_rr_a_set_address; +%inline %{ +bool _ldns_rr_a_set_address(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_a_set_address(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_dnskey_set_algorithm) ldns_rr_dnskey_set_algorithm; +%inline %{ +bool _ldns_rr_dnskey_set_algorithm(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_dnskey_set_algorithm(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_dnskey_set_flags) ldns_rr_dnskey_set_flags; +%inline %{ +bool _ldns_rr_dnskey_set_flags(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_dnskey_set_flags(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_dnskey_set_key) ldns_rr_dnskey_set_key; +%inline %{ +bool _ldns_rr_dnskey_set_key(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_dnskey_set_key(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_dnskey_set_protocol) ldns_rr_dnskey_set_protocol; +%inline %{ +bool _ldns_rr_dnskey_set_protocol(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_dnskey_set_protocol(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_push_rdf) ldns_rr_push_rdf; +%inline %{ +bool _ldns_rr_push_rdf(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_push_rdf(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_rrsig_set_algorithm) ldns_rr_rrsig_set_algorithm; +%inline %{ +bool _ldns_rr_rrsig_set_algorithm(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_rrsig_set_algorithm(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_rrsig_set_expiration) ldns_rr_rrsig_set_expiration; +%inline %{ +bool _ldns_rr_rrsig_set_expiration(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_rrsig_set_expiration(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_rrsig_set_inception) ldns_rr_rrsig_set_inception; +%inline %{ +bool _ldns_rr_rrsig_set_inception(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_rrsig_set_inception(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_rrsig_set_keytag) ldns_rr_rrsig_set_keytag; +%inline %{ +bool _ldns_rr_rrsig_set_keytag(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_rrsig_set_keytag(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_rrsig_set_labels) ldns_rr_rrsig_set_labels; +%inline %{ +bool _ldns_rr_rrsig_set_labels(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_rrsig_set_labels(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_rrsig_set_origttl) ldns_rr_rrsig_set_origttl; +%inline %{ +bool _ldns_rr_rrsig_set_origttl(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_rrsig_set_origttl(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_rrsig_set_sig) ldns_rr_rrsig_set_sig; +%inline %{ +bool _ldns_rr_rrsig_set_sig(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_rrsig_set_sig(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_rrsig_set_signame) ldns_rr_rrsig_set_signame; +%inline %{ +bool _ldns_rr_rrsig_set_signame(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_rrsig_set_signame(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_rrsig_set_typecovered) ldns_rr_rrsig_set_typecovered; +%inline %{ +bool _ldns_rr_rrsig_set_typecovered(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_rrsig_set_typecovered(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_set_owner) ldns_rr_set_owner; +%inline %{ +void _ldns_rr_set_owner(ldns_rr* rr, ldns_rdf* rdf) { + return ldns_rr_set_owner(rr, ldns_rdf_clone(rdf)); +} +%} + +%rename(__ldns_rr_set_rdf) ldns_rr_set_rdf; +%inline %{ + ldns_rdf* _ldns_rr_set_rdf(ldns_rr* rr, ldns_rdf* rdf, size_t pos) { + return ldns_rr_set_rdf(rr, ldns_rdf_clone(rdf), pos); +} +%} + +// end of push cloning + %rename(_ldns_rr_new_frm_str) ldns_rr_new_frm_str; %rename(_ldns_rr_new_frm_fp_l) ldns_rr_new_frm_fp_l; %rename(_ldns_rr_new_frm_fp) ldns_rr_new_frm_fp; @@ -227,18 +521,6 @@ for i in range(0,self.rd_count()): yield self.rdf(i) - def get_function(self,rtype,pos): - """return a specific rdf""" - return _ldns.ldns_rr_function(rtype,self,pos) - #parameters: ldns_rr_type,const ldns_rr ,size_t, - #retvals: ldns_rdf - - def set_function(self,rtype,rdf,pos): - """set a specific rdf""" - return _ldns.ldns_rr_set_function(rtype,self,rdf,pos) - #parameters: ldns_rr_type,ldns_rr ,ldns_rdf ,size_t, - #retvals: bool - def print_to_file(self,output): """Prints the data in the resource record to the given file stream (in presentation format).""" _ldns.ldns_rr_print(output,self) @@ -313,7 +595,7 @@ :returns: (ldns_rdf \) a ldns_rdf with the address or NULL on failure """ - return _ldns.ldns_rr_a_address(self) + return _ldns._ldns_rr_a_address(self) #parameters: const ldns_rr , #retvals: ldns_rdf @@ -324,7 +606,7 @@ the address to set :returns: (bool) true on success, false otherwise """ - return _ldns.ldns_rr_a_set_address(self,f) + return _ldns._ldns_rr_a_set_address(self,f) #parameters: ldns_rr ,ldns_rdf , #retvals: bool @@ -366,7 +648,7 @@ :returns: (ldns_rdf \) a ldns_rdf with the algorithm or NULL on failure """ - return _ldns.ldns_rr_dnskey_algorithm(self) + return _ldns._ldns_rr_dnskey_algorithm(self) #parameters: const ldns_rr , #retvals: ldns_rdf @@ -375,7 +657,7 @@ :returns: (ldns_rdf \) a ldns_rdf with the flags or NULL on failure """ - return _ldns.ldns_rr_dnskey_flags(self) + return _ldns._ldns_rr_dnskey_flags(self) #parameters: const ldns_rr , #retvals: ldns_rdf @@ -384,7 +666,7 @@ :returns: (ldns_rdf \) a ldns_rdf with the key data or NULL on failure """ - return _ldns.ldns_rr_dnskey_key(self) + return _ldns._ldns_rr_dnskey_key(self) #parameters: const ldns_rr , #retvals: ldns_rdf @@ -402,7 +684,7 @@ :returns: (ldns_rdf \) a ldns_rdf with the protocol or NULL on failure """ - return _ldns.ldns_rr_dnskey_protocol(self) + return _ldns._ldns_rr_dnskey_protocol(self) #parameters: const ldns_rr , #retvals: ldns_rdf @@ -413,7 +695,7 @@ the algorithm to set :returns: (bool) true on success, false otherwise """ - return _ldns.ldns_rr_dnskey_set_algorithm(self,f) + return _ldns._ldns_rr_dnskey_set_algorithm(self,f) #parameters: ldns_rr ,ldns_rdf , #retvals: bool @@ -424,7 +706,7 @@ the flags to set :returns: (bool) true on success, false otherwise """ - return _ldns.ldns_rr_dnskey_set_flags(self,f) + return _ldns._ldns_rr_dnskey_set_flags(self,f) #parameters: ldns_rr ,ldns_rdf , #retvals: bool @@ -435,7 +717,7 @@ the key data to set :returns: (bool) true on success, false otherwise """ - return _ldns.ldns_rr_dnskey_set_key(self,f) + return _ldns._ldns_rr_dnskey_set_key(self,f) #parameters: ldns_rr ,ldns_rdf , #retvals: bool @@ -446,7 +728,7 @@ the protocol to set :returns: (bool) true on success, false otherwise """ - return _ldns.ldns_rr_dnskey_set_protocol(self,f) + return _ldns._ldns_rr_dnskey_set_protocol(self,f) #parameters: ldns_rr ,ldns_rdf , #retvals: bool @@ -482,7 +764,7 @@ :returns: (ldns_rdf \) a ldns_rdf with the name of the MX host or NULL on failure """ - return _ldns.ldns_rr_mx_exchange(self) + return _ldns._ldns_rr_mx_exchange(self) #parameters: const ldns_rr , #retvals: ldns_rdf @@ -493,7 +775,7 @@ :returns: (ldns_rdf \) a ldns_rdf with the preference or NULL on failure """ - return _ldns.ldns_rr_mx_preference(self) + return _ldns._ldns_rr_mx_preference(self) #parameters: const ldns_rr , #retvals: ldns_rdf @@ -502,7 +784,7 @@ :returns: (ldns_rdf \) a ldns_rdf with the name or NULL on failure """ - return _ldns.ldns_rr_ns_nsdname(self) + return _ldns._ldns_rr_ns_nsdname(self) #parameters: const ldns_rr , #retvals: ldns_rdf @@ -511,7 +793,7 @@ :returns: (ldns_rdf \) ldns_rdf """ - return _ldns.ldns_rr_owner(self) + return _ldns._ldns_rr_owner(self) #parameters: const ldns_rr , #retvals: ldns_rdf @@ -530,7 +812,7 @@ :param f: :returns: (bool) bool """ - return _ldns.ldns_rr_push_rdf(self,f) + return _ldns._ldns_rr_push_rdf(self,f) #parameters: ldns_rr ,const ldns_rdf , #retvals: bool @@ -550,7 +832,7 @@ the number of the rdf to return :returns: (ldns_rdf \) ldns_rdf """ - return _ldns.ldns_rr_rdf(self,nr) + return _ldns._ldns_rr_rdf(self,nr) #parameters: const ldns_rr ,size_t, #retvals: ldns_rdf @@ -559,7 +841,7 @@ :returns: (ldns_rdf \) a ldns_rdf with the algorithm or NULL on failure """ - return _ldns.ldns_rr_rrsig_algorithm(self) + return _ldns._ldns_rr_rrsig_algorithm(self) #parameters: const ldns_rr , #retvals: ldns_rdf @@ -568,7 +850,7 @@ :returns: (ldns_rdf \) a ldns_rdf with the expiration time or NULL on failure """ - return _ldns.ldns_rr_rrsig_expiration(self) + return _ldns._ldns_rr_rrsig_expiration(self) #parameters: const ldns_rr , #retvals: ldns_rdf @@ -577,7 +859,7 @@ :returns: (ldns_rdf \) a ldns_rdf with the inception time or NULL on failure """ - return _ldns.ldns_rr_rrsig_inception(self) + return _ldns._ldns_rr_rrsig_inception(self) #parameters: const ldns_rr , #retvals: ldns_rdf @@ -586,7 +868,7 @@ :returns: (ldns_rdf \) a ldns_rdf with the keytag or NULL on failure """ - return _ldns.ldns_rr_rrsig_keytag(self) + return _ldns._ldns_rr_rrsig_keytag(self) #parameters: const ldns_rr , #retvals: ldns_rdf @@ -595,7 +877,7 @@ :returns: (ldns_rdf \) a ldns_rdf with the number of labels or NULL on failure """ - return _ldns.ldns_rr_rrsig_labels(self) + return _ldns._ldns_rr_rrsig_labels(self) #parameters: const ldns_rr , #retvals: ldns_rdf @@ -604,7 +886,7 @@ :returns: (ldns_rdf \) a ldns_rdf with the original TTL or NULL on failure """ - return _ldns.ldns_rr_rrsig_origttl(self) + return _ldns._ldns_rr_rrsig_origttl(self) #parameters: const ldns_rr , #retvals: ldns_rdf @@ -615,7 +897,7 @@ the algorithm to set :returns: (bool) true on success, false otherwise """ - return _ldns.ldns_rr_rrsig_set_algorithm(self,f) + return _ldns._ldns_rr_rrsig_set_algorithm(self,f) #parameters: ldns_rr ,ldns_rdf , #retvals: bool @@ -626,7 +908,7 @@ the expireation date to set :returns: (bool) true on success, false otherwise """ - return _ldns.ldns_rr_rrsig_set_expiration(self,f) + return _ldns._ldns_rr_rrsig_set_expiration(self,f) #parameters: ldns_rr ,ldns_rdf , #retvals: bool @@ -637,7 +919,7 @@ the inception date to set :returns: (bool) true on success, false otherwise """ - return _ldns.ldns_rr_rrsig_set_inception(self,f) + return _ldns._ldns_rr_rrsig_set_inception(self,f) #parameters: ldns_rr ,ldns_rdf , #retvals: bool @@ -648,7 +930,7 @@ the keytag to set :returns: (bool) true on success, false otherwise """ - return _ldns.ldns_rr_rrsig_set_keytag(self,f) + return _ldns._ldns_rr_rrsig_set_keytag(self,f) #parameters: ldns_rr ,ldns_rdf , #retvals: bool @@ -659,7 +941,7 @@ the number of labels to set :returns: (bool) true on success, false otherwise """ - return _ldns.ldns_rr_rrsig_set_labels(self,f) + return _ldns._ldns_rr_rrsig_set_labels(self,f) #parameters: ldns_rr ,ldns_rdf , #retvals: bool @@ -670,7 +952,7 @@ the original TTL to set :returns: (bool) true on success, false otherwise """ - return _ldns.ldns_rr_rrsig_set_origttl(self,f) + return _ldns._ldns_rr_rrsig_set_origttl(self,f) #parameters: ldns_rr ,ldns_rdf , #retvals: bool @@ -681,7 +963,7 @@ the signature data to set :returns: (bool) true on success, false otherwise """ - return _ldns.ldns_rr_rrsig_set_sig(self,f) + return _ldns._ldns_rr_rrsig_set_sig(self,f) #parameters: ldns_rr ,ldns_rdf , #retvals: bool @@ -692,7 +974,7 @@ the signers name to set :returns: (bool) true on success, false otherwise """ - return _ldns.ldns_rr_rrsig_set_signame(self,f) + return _ldns._ldns_rr_rrsig_set_signame(self,f) #parameters: ldns_rr ,ldns_rdf , #retvals: bool @@ -703,7 +985,7 @@ the typecovered to set :returns: (bool) true on success, false otherwise """ - return _ldns.ldns_rr_rrsig_set_typecovered(self,f) + return _ldns._ldns_rr_rrsig_set_typecovered(self,f) #parameters: ldns_rr ,ldns_rdf , #retvals: bool @@ -712,7 +994,7 @@ :returns: (ldns_rdf \) a ldns_rdf with the signature data or NULL on failure """ - return _ldns.ldns_rr_rrsig_sig(self) + return _ldns._ldns_rr_rrsig_sig(self) #parameters: const ldns_rr , #retvals: ldns_rdf @@ -721,7 +1003,7 @@ :returns: (ldns_rdf \) a ldns_rdf with the signers name or NULL on failure """ - return _ldns.ldns_rr_rrsig_signame(self) + return _ldns._ldns_rr_rrsig_signame(self) #parameters: const ldns_rr , #retvals: ldns_rdf @@ -730,7 +1012,7 @@ :returns: (ldns_rdf \) a ldns_rdf with the type covered or NULL on failure """ - return _ldns.ldns_rr_rrsig_typecovered(self) + return _ldns._ldns_rr_rrsig_typecovered(self) #parameters: const ldns_rr , #retvals: ldns_rdf @@ -749,7 +1031,7 @@ :param owner: """ - _ldns.ldns_rr_set_owner(self,owner) + _ldns._ldns_rr_set_owner(self,owner) #parameters: ldns_rr ,ldns_rdf , #retvals: @@ -773,7 +1055,7 @@ the position the set the rdf :returns: (ldns_rdf \) the old value in the rr, NULL on failyre """ - return _ldns.ldns_rr_set_rdf(self,f,position) + return _ldns._ldns_rr_set_rdf(self,f,position) #parameters: ldns_rr ,const ldns_rdf ,size_t, #retvals: ldns_rdf @@ -828,6 +1110,8 @@ %newobject ldns_rr_list_pop_rr; %newobject ldns_rr_list_pop_rr_list; %newobject ldns_rr_list_pop_rrset; +%newobject ldns_rr_list_rr; +%newobject ldns_rr_list_new; %delobject ldns_rr_list_deep_free; %delobject ldns_rr_list_free; @@ -846,11 +1130,49 @@ %rename(_ldns_rr_list_free) ldns_rr_list_free; #endif -%exception ldns_rr_list_push_rr(ldns_rr_list rr_list, const ldns_rr rr) %{ $action if (result) Py_INCREF(obj1); %} -%exception ldns_rr_list_push_rr_list(ldns_rr_list rr_list, const ldns_rr_list push_list) %{ $action if (result) Py_INCREF(obj1); %} +/* clone data on push / + +%rename(__ldns_rr_list_push_rr) ldns_rr_list_push_rr; +%inline %{ +void _ldns_rr_list_push_rr(ldns_rr_list r, ldns_rr rr) { + ldns_rr_list_push_rr(r, ldns_rr_clone(rr)); +} +%} + +%rename(__ldns_rr_list_push_rr_list) ldns_rr_list_push_rr_list; +%inline %{ +void _ldns_rr_list_push_rr_list(ldns_rr_list r, ldns_rr_list r2) { + ldns_rr_list_push_rr_list(r, ldns_rr_list_clone(r2)); +} +%} + +%rename(__ldns_rr_list_cat) ldns_rr_list_cat; +%inline %{ +void _ldns_rr_list_cat(ldns_rr_list r, ldns_rr_list r2) { + ldns_rr_list_cat(r, ldns_rr_list_clone(r2)); +} +%} + + +/ clone data on pull / + +%newobject _ldns_rr_list_rr; + +%rename(__ldns_rr_list_rr) ldns_rr_list_rr; +%inline %{ +ldns_rr _ldns_rr_list_rr(ldns_rr_list* r, int i) { + return ldns_rr_clone(ldns_rr_list_rr(r, i)); +} +%} %newobject ldns_rr_list2str; +%rename(__ldns_rr_list_owner) ldns_rr_list_owner; +%inline %{ +ldns_rdf* _ldns_rr_list_owner(ldns_rr_list* r) { + return ldns_rdf_clone(ldns_rr_list_owner(r)); +} +%} @@ -867,7 +1189,7 @@ if not self.this: raise Exception("Can't create new RR_LIST") - __swig_destroy__ = _ldns._ldns_rr_list_free + __swig_destroy__ = _ldns._ldns_rr_list_deep_free #LDNS_RR_LIST_CONSTRUCTORS_# @staticmethod @@ -942,7 +1264,7 @@ the rightside :returns: (bool) a left with right concatenated to it """ - return _ldns.ldns_rr_list_cat(self,right) + return _ldns._ldns_rr_list_cat(self,right) #parameters: ldns_rr_list ,ldns_rr_list , #retvals: bool @@ -982,7 +1304,7 @@ :returns: (ldns_rdf \) dname of the first element, or NULL if the list is empty """ - return _ldns.ldns_rr_list_owner(self) + return _ldns._ldns_rr_list_owner(self) #parameters: const ldns_rr_list , #retvals: ldns_rdf * @@ -991,7 +1313,10 @@ :returns: (ldns_rr \) NULL if nothing to pop. Otherwise the popped RR """ - return _ldns.ldns_rr_list_pop_rr(self) + rr = _ldns.ldns_rr_list_pop_rr(self) + #if hasattr(self, "_python_rr_refs") and rr in self._python_rr_refs: + # self._python_rr_refs.remove(rr) + return rr #parameters: ldns_rr_list , #retvals: ldns_rr * @@ -1022,7 +1347,11 @@ the rr to push :returns: (bool) false on error, otherwise true """ - return _ldns.ldns_rr_list_push_rr(self,rr) + #if hasattr(self, "_python_rr_refs"): + # self._python_rr_refs.add(rr) + #else: + # self._python_rr_refs = set([rr]) + return _ldns._ldns_rr_list_push_rr(self,rr) #parameters: ldns_rr_list ,const ldns_rr , #retvals: bool @@ -1033,7 +1362,7 @@ the rr_list to push :returns: (bool) false on error, otherwise true """ - return _ldns.ldns_rr_list_push_rr_list(self,push_list) + return _ldns._ldns_rr_list_push_rr_list(self,push_list) #parameters: ldns_rr_list ,const ldns_rr_list , #retvals: bool @@ -1044,7 +1373,7 @@ return this rr :returns: (ldns_rr \) the rr at position nr """ - return _ldns.ldns_rr_list_rr(self,nr) + return _ldns._ldns_rr_list_rr(self,nr) #parameters: const ldns_rr_list ,size_t, #retvals: ldns_rr * @@ -1126,7 +1455,6 @@ %feature("docstring") ldns_struct_rr_descriptor "Resource Record descriptor - This structure contains, for all rr types, the rdata fields that are defined." %extend ldns_struct_rr_descriptor { @@ -1166,4 +1494,91 @@ #_LDNS_RR_DESCRIPTOR_METHODS# %} } - + +/* + +rrsig checking wrappers + + copying of rr pointers into the good_keys list leads to double free + problems, therefore we provide two options - either ignore the keys + or get list of indexes of the keys. The latter allows fetching of the + keys later on from the original key set +/ + +%rename(__ldns_verify_rrsig_keylist) ldns_verify_rrsig_keylist; +%inline %{ +ldns_status ldns_verify_rrsig_keylist_status_only(ldns_rr_list rrset, + ldns_rr rrsig, + const ldns_rr_list keys) { + ldns_rr_list good_keys = ldns_rr_list_new(); + ldns_status status = ldns_verify_rrsig_keylist(rrset, rrsig, keys, good_keys); + ldns_rr_list_free(good_keys); + return status; +} +%} + +%rename(__ldns_verify_rrsig_keylist) ldns_verify_rrsig_keylist; +%inline %{ +PyObject ldns_verify_rrsig_keylist_(ldns_rr_list rrset, + ldns_rr rrsig, + const ldns_rr_list keys) { + PyObject tuple; + PyObject* keylist; + ldns_rr_list good_keys = ldns_rr_list_new(); + ldns_status status = ldns_verify_rrsig_keylist(rrset, rrsig, keys, good_keys); + + tuple = PyTuple_New(2); + PyTuple_SetItem(tuple, 0, SWIG_From_int(status)); + keylist = PyList_New(0); + if (status == LDNS_STATUS_OK) { + unsigned int i; + for (i = 0; i < ldns_rr_list_rr_count(keys); i++) + if (ldns_rr_list_contains_rr(good_keys, ldns_rr_list_rr(keys, i))) + PyList_Append(keylist, SWIG_From_int(i)); + } + PyTuple_SetItem(tuple, 1, keylist); + ldns_rr_list_free(good_keys); + return tuple; + } +%} + + +%rename(__ldns_verify_rrsig_keylist_notime) ldns_verify_rrsig_keylist_notime; +%inline %{ +ldns_status ldns_verify_rrsig_keylist_notime_status_only(ldns_rr_list rrset, + ldns_rr rrsig, + const ldns_rr_list keys) { + ldns_rr_list good_keys = ldns_rr_list_new(); + ldns_status status = ldns_verify_rrsig_keylist_notime(rrset, rrsig, keys, good_keys); + ldns_rr_list_free(good_keys); + return status; +} +%} + +%rename(__ldns_verify_rrsig_keylist_notime) ldns_verify_rrsig_keylist_notime; +%inline %{ +PyObject ldns_verify_rrsig_keylist_notime_(ldns_rr_list rrset, + ldns_rr rrsig, + const ldns_rr_list keys) { + PyObject tuple; + PyObject* keylist; + ldns_rr_list good_keys = ldns_rr_list_new(); + ldns_status status = ldns_verify_rrsig_keylist_notime(rrset, rrsig, keys, good_keys); + + tuple = PyTuple_New(2); + PyTuple_SetItem(tuple, 0, SWIG_From_int(status)); + keylist = PyList_New(0); + if (status == LDNS_STATUS_OK) { + unsigned int i; + for (i = 0; i < ldns_rr_list_rr_count(keys); i++) + if (ldns_rr_list_contains_rr(good_keys, ldns_rr_list_rr(keys, i))) + PyList_Append(keylist, SWIG_From_int(i)); + } + PyTuple_SetItem(tuple, 1, keylist); + ldns_rr_list_free(good_keys); + return tuple; + } +%} + +/ -- end of rrsig checking wrappers */ +
[-] [+]	Changed	ldns-1.6.10.tar.gz/dnssec.c ^
@@ -764,20 +764,6 @@ return 0; } -/* returns true if the current dnssec_rrset from the given list of rrsets - * is glue / -static int -is_glue(ldns_dnssec_rrsets cur_rrsets, ldns_dnssec_rrsets orig_rrsets) -{ - / only glue if a or aaaa if there are no ns, unless there is soa / - return (cur_rrsets->type == LDNS_RR_TYPE_A \|\| - cur_rrsets->type == LDNS_RR_TYPE_AAAA) && - (ldns_dnssec_rrsets_contains_type(orig_rrsets, - LDNS_RR_TYPE_NS) && - !ldns_dnssec_rrsets_contains_type(orig_rrsets, - LDNS_RR_TYPE_SOA)); -} - ldns_rr ldns_dnssec_create_nsec(ldns_dnssec_name from, ldns_dnssec_name to, @@ -787,6 +773,7 @@ ldns_rr_type types[65536]; size_t type_count = 0; ldns_dnssec_rrsets cur_rrsets; + int on_delegation_point; if (!from \|\| !to \|\| (nsec_type != LDNS_RR_TYPE_NSEC && nsec_type != LDNS_RR_TYPE_NSEC3)) { @@ -798,14 +785,22 @@ ldns_rr_set_owner(nsec_rr, ldns_rdf_clone(ldns_dnssec_name_name(from))); ldns_rr_push_rdf(nsec_rr, ldns_rdf_clone(ldns_dnssec_name_name(to))); + on_delegation_point = ldns_dnssec_rrsets_contains_type( + from->rrsets, LDNS_RR_TYPE_NS) + && !ldns_dnssec_rrsets_contains_type( + from->rrsets, LDNS_RR_TYPE_SOA); + cur_rrsets = from->rrsets; while (cur_rrsets) { - if (is_glue(cur_rrsets, from->rrsets)) { - cur_rrsets = cur_rrsets->next; - continue; - } - if (cur_rrsets->type != LDNS_RR_TYPE_RRSIG && - cur_rrsets->type != LDNS_RR_TYPE_NSEC) { + / Do not include non-authoritative rrsets on the delegation point + * in the type bitmap / + if ((on_delegation_point && ( + cur_rrsets->type == LDNS_RR_TYPE_NS + \|\| cur_rrsets->type == LDNS_RR_TYPE_DS)) + \|\| (!on_delegation_point && + cur_rrsets->type != LDNS_RR_TYPE_RRSIG + && cur_rrsets->type != LDNS_RR_TYPE_NSEC)) { + types[type_count] = cur_rrsets->type; type_count++; } @@ -839,6 +834,7 @@ size_t type_count = 0; ldns_dnssec_rrsets cur_rrsets; ldns_status status; + int on_delegation_point; flags = flags; @@ -865,13 +861,24 @@ salt_length, salt); + on_delegation_point = ldns_dnssec_rrsets_contains_type( + from->rrsets, LDNS_RR_TYPE_NS) + && !ldns_dnssec_rrsets_contains_type( + from->rrsets, LDNS_RR_TYPE_SOA); cur_rrsets = from->rrsets; while (cur_rrsets) { - if (is_glue(cur_rrsets, from->rrsets)) { - cur_rrsets = cur_rrsets->next; - continue; - } - if (cur_rrsets->type != LDNS_RR_TYPE_RRSIG) { + /* Do not include non-authoritative rrsets on the delegation point + * in the type bitmap. Potentionally not skipping insecure + * delegation should have been done earlier, in function + * ldns_dnssec_zone_create_nsec3s, or even earlier in: + * ldns_dnssec_zone_sign_nsec3_flg . + / + if ((on_delegation_point && ( + cur_rrsets->type == LDNS_RR_TYPE_NS + \|\| cur_rrsets->type == LDNS_RR_TYPE_DS)) + \|\| (!on_delegation_point && + cur_rrsets->type != LDNS_RR_TYPE_RRSIG)) { + types[type_count] = cur_rrsets->type; type_count++; } @@ -1199,8 +1206,10 @@ uint8_t ldns_nsec3_algorithm(const ldns_rr nsec3_rr) { - if (nsec3_rr && ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 && - ldns_rdf_size(ldns_rr_rdf(nsec3_rr, 0)) > 0 + if (nsec3_rr && + (ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 \|\| + ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3PARAM) + && ldns_rdf_size(ldns_rr_rdf(nsec3_rr, 0)) > 0 ) { return ldns_rdf2native_int8(ldns_rr_rdf(nsec3_rr, 0)); } @@ -1210,8 +1219,10 @@ uint8_t ldns_nsec3_flags(const ldns_rr nsec3_rr) { - if (nsec3_rr && ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 && - ldns_rdf_size(ldns_rr_rdf(nsec3_rr, 1)) > 0 + if (nsec3_rr && + (ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 \|\| + ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3PARAM) + && ldns_rdf_size(ldns_rr_rdf(nsec3_rr, 1)) > 0 ) { return ldns_rdf2native_int8(ldns_rr_rdf(nsec3_rr, 1)); } @@ -1227,8 +1238,10 @@ uint16_t ldns_nsec3_iterations(const ldns_rr nsec3_rr) { - if (nsec3_rr && ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 && - ldns_rdf_size(ldns_rr_rdf(nsec3_rr, 2)) > 0 + if (nsec3_rr && + (ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 \|\| + ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3PARAM) + && ldns_rdf_size(ldns_rr_rdf(nsec3_rr, 2)) > 0 ) { return ldns_rdf2native_int16(ldns_rr_rdf(nsec3_rr, 2)); } @@ -1239,7 +1252,10 @@ ldns_rdf * ldns_nsec3_salt(const ldns_rr *nsec3_rr) { - if (nsec3_rr && ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3) { + if (nsec3_rr && + (ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3 \|\| + ldns_rr_get_type(nsec3_rr) == LDNS_RR_TYPE_NSEC3PARAM) + ) { return ldns_rr_rdf(nsec3_rr, 3); } return NULL;
[-] [+]	Changed	ldns-1.6.10.tar.gz/dnssec_sign.c ^
@@ -522,59 +522,148 @@ } #endif /* HAVE_SSL / -static int -ldns_dnssec_name_has_only_a(ldns_dnssec_name cur_name) +/** + * Pushes all rrs from the rrsets of type A and AAAA on gluelist. + / +static ldns_status +ldns_dnssec_addresses_on_glue_list( + ldns_dnssec_rrsets cur_rrset, + ldns_rr_list glue_list) { - ldns_dnssec_rrsets cur_rrset; - cur_rrset = cur_name->rrsets; + ldns_dnssec_rrs cur_rrs; while (cur_rrset) { - if (cur_rrset->type != LDNS_RR_TYPE_A && - cur_rrset->type != LDNS_RR_TYPE_AAAA) { - return 0; - } else { - cur_rrset = cur_rrset->next; + if (cur_rrset->type == LDNS_RR_TYPE_A + \|\| cur_rrset->type == LDNS_RR_TYPE_AAAA) { + for (cur_rrs = cur_rrset->rrs; + cur_rrs; + cur_rrs = cur_rrs->next) { + if (cur_rrs->rr) { + if (!ldns_rr_list_push_rr(glue_list, + cur_rrs->rr)) { + return LDNS_STATUS_MEM_ERR; + / ldns_rr_list_push_rr() + * returns false when unable + * to increase the capacity + * of the ldsn_rr_list + / + } + } + } } + cur_rrset = cur_rrset->next; } - return 1; + return LDNS_STATUS_OK; } +/* + * Marks the names in the zone that are occluded. Those names will be skipped + * when walking the tree with the ldns_dnssec_name_node_next_nonglue() + * function. But watch out! Names that are partially occluded (like glue with + * the same name as the delegation) will not be marked and should specifically + * be taken into account seperately. + * + * When glue_list is given (not NULL), in the process of marking the names, all + * glue resource records will be pushed to that list, even glue at delegation names. + * + * \param[in] zone the zone in which to mark the names + * \param[in] glue_list the list to which to push the glue rrs + * \return LDNS_STATUS_OK on success, an error code otherwise + / ldns_status -ldns_dnssec_zone_mark_glue(ldns_dnssec_zone zone) +ldns_dnssec_zone_mark_and_get_glue(ldns_dnssec_zone zone, + ldns_rr_list glue_list) { - ldns_rbnode_t cur_node; - ldns_dnssec_name cur_name; - ldns_rdf cur_owner, cur_parent; + ldns_rbnode_t node; + ldns_dnssec_name name; + ldns_rdf owner; + ldns_rdf cut = NULL; /* keeps track of zone cuts / + / When the cut is caused by a delegation, below_delegation will be 1. + * When caused by a DNAME, below_delegation will be 0. + / + int below_delegation = -1; / init suppresses comiler warning / + ldns_status s; - cur_node = ldns_rbtree_first(zone->names); - while (cur_node != LDNS_RBTREE_NULL) { - cur_name = (ldns_dnssec_name ) cur_node->data; - cur_node = ldns_rbtree_next(cur_node); - if (ldns_dnssec_name_has_only_a(cur_name)) { - /* assume glue XXX check for zone cur / - cur_owner = ldns_rdf_clone(ldns_rr_owner( - cur_name->rrsets->rrs->rr)); - while (ldns_dname_label_count(cur_owner) > - ldns_dname_label_count(zone->soa->name)) { - if (ldns_dnssec_zone_find_rrset(zone, - cur_owner, - LDNS_RR_TYPE_NS)) { - / - fprintf(stderr, "[XX] Marking as glue: "); - ldns_rdf_print(stderr, cur_name->name); - fprintf(stderr, "\n"); - / - cur_name->is_glue = true; + if (!zone \|\| !zone->names) { + return LDNS_STATUS_NULL; + } + for (node = ldns_rbtree_first(zone->names); + node != LDNS_RBTREE_NULL; + node = ldns_rbtree_next(node)) { + name = (ldns_dnssec_name ) node->data; + owner = ldns_dnssec_name_name(name); + + if (cut) { + /* The previous node was a zone cut, or a subdomain + * below a zone cut. Is this node (still) a subdomain + * below the cut? Then the name is occluded. Unless + * the name contains a SOA, after which we are + * authoritative again. + * + * FIXME! If there are labels in between the SOA and + * the cut, going from the authoritative space (below + * the SOA) up into occluded space again, will not be + * detected with the contruct below! + / + if (ldns_dname_is_subdomain(owner, cut) && + !ldns_dnssec_rrsets_contains_type( + name->rrsets, LDNS_RR_TYPE_SOA)) { + + if (below_delegation && glue_list) { + s = ldns_dnssec_addresses_on_glue_list( + name->rrsets, glue_list); + if (s != LDNS_STATUS_OK) { + return s; + } } - cur_parent = ldns_dname_left_chop(cur_owner); - ldns_rdf_deep_free(cur_owner); - cur_owner = cur_parent; + name->is_glue = true; / Mark occluded name! / + continue; + } else { + cut = NULL; } - ldns_rdf_deep_free(cur_owner); + } + + / The node is not below a zone cut. Is it a zone cut itself? + * Everything below a SOA is authoritative of course; Except + * when the name also contains a DNAME :). + / + if (ldns_dnssec_rrsets_contains_type( + name->rrsets, LDNS_RR_TYPE_NS) + && !ldns_dnssec_rrsets_contains_type( + name->rrsets, LDNS_RR_TYPE_SOA)) { + cut = owner; + below_delegation = 1; + if (glue_list) { / record glue on the zone cut / + s = ldns_dnssec_addresses_on_glue_list( + name->rrsets, glue_list); + if (s != LDNS_STATUS_OK) { + return s; + } + } + } else if (ldns_dnssec_rrsets_contains_type( + name->rrsets, LDNS_RR_TYPE_DNAME)) { + cut = owner; + below_delegation = 0; } } return LDNS_STATUS_OK; } +/* + * Marks the names in the zone that are occluded. Those names will be skipped + * when walking the tree with the ldns_dnssec_name_node_next_nonglue() + * function. But watch out! Names that are partially occluded (like glue with + * the same name as the delegation) will not be marked and should specifically + * be taken into account seperately. + * + * \param[in] zone the zone in which to mark the names + * \return LDNS_STATUS_OK on success, an error code otherwise + / +ldns_status +ldns_dnssec_zone_mark_glue(ldns_dnssec_zone zone) +{ + return ldns_dnssec_zone_mark_and_get_glue(zone, NULL); +} + ldns_rbnode_t * ldns_dnssec_name_node_next_nonglue(ldns_rbnode_t node) { @@ -915,6 +1004,8 @@ size_t i; + int on_delegation_point = 0; / handle partially occluded names / + ldns_rr_list pubkey_list = ldns_rr_list_new(); zone = zone; new_rrs = new_rrs; @@ -930,6 +1021,10 @@ cur_name = (ldns_dnssec_name ) cur_node->data; if (!cur_name->is_glue) { + on_delegation_point = ldns_dnssec_rrsets_contains_type( + cur_name->rrsets, LDNS_RR_TYPE_NS) + && !ldns_dnssec_rrsets_contains_type( + cur_name->rrsets, LDNS_RR_TYPE_SOA); cur_rrset = cur_name->rrsets; while (cur_rrset) { / reset keys to use / @@ -959,20 +1054,15 @@ } / only sign non-delegation RRsets / - / (glue should have been marked earlier) / - if ((ldns_rr_list_type(rr_list) != LDNS_RR_TYPE_NS \|\| - ldns_dname_compare(ldns_rr_list_owner(rr_list), - zone->soa->name) == 0) && - / OK, there is also the possibility that the record - * is glue, but at the same owner name as other records that - * are not NS nor A/AAAA. Bleh, our current data structure - * doesn't really support that... / - !((ldns_rr_list_type(rr_list) == LDNS_RR_TYPE_A \|\| - ldns_rr_list_type(rr_list) == LDNS_RR_TYPE_AAAA) && - !ldns_dname_compare(ldns_rr_list_owner(rr_list), zone->soa->name) == 0 && - ldns_dnssec_zone_find_rrset(zone, ldns_rr_list_owner(rr_list), LDNS_RR_TYPE_NS) - )) { - + / (glue should have been marked earlier, + * except on the delegation points itself) / + if (!on_delegation_point \|\| + ldns_rr_list_type(rr_list) + == LDNS_RR_TYPE_DS \|\| + ldns_rr_list_type(rr_list) + == LDNS_RR_TYPE_NSEC \|\| + ldns_rr_list_type(rr_list) + == LDNS_RR_TYPE_NSEC3) { siglist = ldns_sign_public(rr_list, key_list); for (i = 0; i < ldns_rr_list_rr_count(siglist); i++) { if (cur_rrset->signatures) { @@ -1109,7 +1199,7 @@ uint8_t salt, int signflags) { - ldns_rr nsec3, nsec3params; + ldns_rr nsec3, nsec3param; ldns_status result = LDNS_STATUS_OK; /* zone is already sorted / @@ -1134,13 +1224,13 @@ } else { if (!ldns_dnssec_zone_find_rrset(zone, zone->soa->name, - LDNS_RR_TYPE_NSEC3PARAMS)) { - / create and add the nsec3params rr / - nsec3params = - ldns_rr_new_frm_type(LDNS_RR_TYPE_NSEC3PARAMS); - ldns_rr_set_owner(nsec3params, + LDNS_RR_TYPE_NSEC3PARAM)) { + / create and add the nsec3param rr / + nsec3param = + ldns_rr_new_frm_type(LDNS_RR_TYPE_NSEC3PARAM); + ldns_rr_set_owner(nsec3param, ldns_rdf_clone(zone->soa->name)); - ldns_nsec3_add_param_rdfs(nsec3params, + ldns_nsec3_add_param_rdfs(nsec3param, algorithm, flags, iterations, @@ -1148,12 +1238,12 @@ salt); / always set bit 7 of the flags to zero, according to * rfc5155 section 11 / - ldns_set_bit(ldns_rdf_data(ldns_rr_rdf(nsec3params, 1)), 7, 0); - result = ldns_dnssec_zone_add_rr(zone, nsec3params); + ldns_set_bit(ldns_rdf_data(ldns_rr_rdf(nsec3param, 1)), 7, 0); + result = ldns_dnssec_zone_add_rr(zone, nsec3param); if (result != LDNS_STATUS_OK) { return result; } - ldns_rr_list_push_rr(new_rrs, nsec3params); + ldns_rr_list_push_rr(new_rrs, nsec3param); } result = ldns_dnssec_zone_create_nsec3s(zone, new_rrs, @@ -1267,3 +1357,4 @@ } #endif / HAVE_SSL */ +
[-] [+]	Changed	ldns-1.6.10.tar.gz/dnssec_verify.c ^
@@ -18,8 +18,11 @@ ldns_dnssec_data_chain * ldns_dnssec_data_chain_new() { - ldns_dnssec_data_chain nc = LDNS_XMALLOC(ldns_dnssec_data_chain, 1); + ldns_dnssec_data_chain nc = LDNS_CALLOC(ldns_dnssec_data_chain, 1); if(!nc) return NULL; + /* + * not needed anymore because CALLOC initalizes everything to zero. + nc->rrset = NULL; nc->parent_type = 0; nc->parent = NULL; @@ -27,6 +30,8 @@ nc->packet_rcode = 0; nc->packet_qtype = 0; nc->packet_nodata = false; + + / return nc; } @@ -1398,12 +1403,13 @@ #ifdef HAVE_SSL ldns_status -ldns_dnssec_verify_denial_nsec3(ldns_rr rr, +ldns_dnssec_verify_denial_nsec3_match(ldns_rr rr, ldns_rr_list nsecs, ldns_rr_list rrsigs, ldns_pkt_rcode packet_rcode, ldns_rr_type packet_qtype, - bool packet_nodata) + bool packet_nodata, + ldns_rr match) { ldns_rdf closest_encloser; ldns_rdf wildcard; @@ -1416,6 +1422,10 @@ rrsigs = rrsigs; + if (match) { + match = NULL; + } + zone_name = ldns_dname_left_chop(ldns_rr_owner(ldns_rr_list_rr(nsecs,0))); /* section 8.4 / @@ -1442,6 +1452,9 @@ if (ldns_nsec_covers_name(ldns_rr_list_rr(nsecs, i), hashed_wildcard_name)) { wildcard_covered = true; + if (match) { + match = ldns_rr_list_rr(nsecs, i); + } } ldns_rdf_deep_free(hashed_wildcard_name); } @@ -1474,6 +1487,9 @@ ldns_nsec3_bitmap(ldns_rr_list_rr(nsecs, i)), LDNS_RR_TYPE_CNAME)) { result = LDNS_STATUS_OK; + if (match) { + match = ldns_rr_list_rr(nsecs, i); + } goto done; } } @@ -1500,6 +1516,9 @@ ldns_nsec3_bitmap(ldns_rr_list_rr(nsecs, i)), LDNS_RR_TYPE_CNAME)) { result = LDNS_STATUS_OK; + if (match) { + match = ldns_rr_list_rr(nsecs, i); + } goto done; } } @@ -1513,6 +1532,22 @@ ldns_rdf_deep_free(zone_name); return result; } + +ldns_status +ldns_dnssec_verify_denial_nsec3(ldns_rr rr, + ldns_rr_list nsecs, + ldns_rr_list rrsigs, + ldns_pkt_rcode packet_rcode, + ldns_rr_type packet_qtype, + bool packet_nodata) +{ + return ldns_dnssec_verify_denial_nsec3_match( + rr, nsecs, rrsigs, packet_rcode, + packet_qtype, packet_nodata, NULL + ); +} + + #endif / HAVE_SSL */ #ifdef USE_GOST
[-] [+]	Changed	ldns-1.6.10.tar.gz/dnssec_zone.c ^
@@ -297,10 +297,12 @@ { ldns_dnssec_name new_name; - new_name = LDNS_MALLOC(ldns_dnssec_name); + new_name = LDNS_CALLOC(ldns_dnssec_name, 1); if (!new_name) { return NULL; } + / + * not needed anymore because CALLOC initalizes everything to zero. new_name->name = NULL; new_name->rrsets = NULL; @@ -311,6 +313,7 @@ new_name->is_glue = false; new_name->hashed_name = NULL; + / return new_name; } @@ -375,6 +378,15 @@ return NULL; } +bool +ldns_dnssec_name_is_glue(ldns_dnssec_name name) +{ + if (name) { + return name->is_glue; + } + return false; +} + void ldns_dnssec_name_set_name(ldns_dnssec_name rrset, ldns_rdf dname) @@ -789,11 +801,11 @@ for (i = 1; i < next_label_count - soa_label_count; i++) { lpos = (int)cur_label_count - (int)next_label_count + (int)i; if (lpos >= 0) { - l1 = ldns_dname_label(cur_name, (uint8_t)lpos); + l1 = ldns_dname_clone_from(cur_name, (uint8_t)lpos); } else { l1 = NULL; } - l2 = ldns_dname_label(next_name, i); + l2 = ldns_dname_clone_from(next_name, i); if (!l1 \|\| ldns_dname_compare(l1, l2) != 0) { /* We have an empty nonterminal, add it to the @@ -805,7 +817,7 @@ } new_name->name = ldns_dname_clone_from(next_name, i); - if (!new_name) { + if (!new_name->name) { ldns_dnssec_name_free(new_name); return LDNS_STATUS_MEM_ERR; }
[-] [+]	Changed	ldns-1.6.10.tar.gz/doc/TODO ^
@@ -10,6 +10,9 @@ * ./configure --with-tools --with-drill (Bug #264) * Drill: print appropriate DS RRs (relates to Bug #355) * ldns-signzone optout to be really optout +* Compression when generating wireformat. Preferably with a configurable + policy: refer only backwards, case sensitivity, only refer to other owner + names, etc. Bugfixes: * Bug #279: fix return values for net.h functions, and related: make return
[-] [+]	Changed	ldns-1.6.10.tar.gz/drill/Makefile.in ^
@@ -37,6 +37,8 @@ # FreeBSD8 LINTFLAGS+="-D__uint16_t=uint16_t" LINTFLAGS+=-D__signed__=signed "-D__packed=" "-D__aligned(x)=" +# Ubuntu Linux 11.04 +LINTFLAGS+="-D__u16=struct __u16" "-D__u32=struct __u32" "-D__u64=struct __u64" OBJ=drill.o drill_util.o error.o root.o work.o chasetrace.o dnssec.o securetrace.o SRC=$(OBJ:.o=.c)
[-] [+]	Changed	ldns-1.6.10.tar.gz/drill/configure ^
@@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for ldns 1.6.9. +# Generated by GNU Autoconf 2.68 for ldns 1.6.10. # # Report bugs to <libdns@nlnetlabs.nl>. # @@ -560,8 +560,8 @@ # Identity of this package. PACKAGE_NAME='ldns' PACKAGE_TARNAME='libdns' -PACKAGE_VERSION='1.6.9' -PACKAGE_STRING='ldns 1.6.9' +PACKAGE_VERSION='1.6.10' +PACKAGE_STRING='ldns 1.6.10' PACKAGE_BUGREPORT='libdns@nlnetlabs.nl' PACKAGE_URL='' @@ -1221,7 +1221,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures ldns 1.6.9 to adapt to many kinds of systems. +\`configure' configures ldns 1.6.10 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1282,7 +1282,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short \| recursive ) echo "Configuration of ldns 1.6.9:";; + short \| recursive ) echo "Configuration of ldns 1.6.10:";; esac cat <<\_ACEOF @@ -1378,7 +1378,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -ldns configure 1.6.9 +ldns configure 1.6.10 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -1801,7 +1801,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by ldns $as_me 1.6.9, which was +It was created by ldns $as_me 1.6.10, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -5894,7 +5894,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by ldns $as_me 1.6.9, which was +This file was extended by ldns $as_me 1.6.10, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -5956,7 +5956,7 @@ cat >>$CONFIG_STATUS <<_ACEOF \|\| ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" \| sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -ldns config.status 1.6.9 +ldns config.status 1.6.10 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\"
[-] [+]	Changed	ldns-1.6.10.tar.gz/drill/configure.ac ^
@@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.56) -AC_INIT(ldns, 1.6.9, libdns@nlnetlabs.nl,libdns) +AC_INIT(ldns, 1.6.10, libdns@nlnetlabs.nl,libdns) AC_CONFIG_SRCDIR([drill.c]) sinclude(../acx_nlnetlabs.m4)
[-] [+]	Changed	ldns-1.6.10.tar.gz/drill/dnssec.c ^
@@ -215,6 +215,7 @@ } else if( (nsecs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_NSEC3, LDNS_SECTION_ANY_NOQUESTION)) ) { ldns_rr_list* sigs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_RRSIG, LDNS_SECTION_ANY_NOQUESTION); ldns_rr* q = ldns_rr_new(); + ldns_rr* match = NULL; if(!sigs) return LDNS_STATUS_MEM_ERR; if(!q) return LDNS_STATUS_MEM_ERR; ldns_rr_set_question(q, 1); @@ -223,7 +224,11 @@ if(!ldns_rr_owner(q)) return LDNS_STATUS_MEM_ERR; ldns_rr_set_type(q, type); - result = ldns_dnssec_verify_denial_nsec3(q, nsecs, sigs, ldns_pkt_get_rcode(pkt), type, ldns_pkt_ancount(pkt) == 0); + /* result = ldns_dnssec_verify_denial_nsec3(q, nsecs, sigs, ldns_pkt_get_rcode(pkt), type, ldns_pkt_ancount(pkt) == 0); */ + result = ldns_dnssec_verify_denial_nsec3_match(q, nsecs, sigs, ldns_pkt_get_rcode(pkt), type, ldns_pkt_ancount(pkt) == 0, &match); + if (result == LDNS_STATUS_OK && match && nsec_rrs && nsec_rr_sigs) { + (void) get_dnssec_rr(pkt, ldns_rr_owner(match), LDNS_RR_TYPE_NSEC3, nsec_rrs, nsec_rr_sigs); + } ldns_rr_free(q); ldns_rr_list_deep_free(nsecs); ldns_rr_list_deep_free(sigs);
[-] [+]	Changed	ldns-1.6.10.tar.gz/drill/securetrace.c ^
@@ -263,11 +263,6 @@ for(i = 2 ; i < (ssize_t)labels_count + 2; i++) { labels[i] = ldns_dname_left_chop(labels[i - 1]); } - /* if no servers is given with @, start by asking local resolver / - / first part todo :) / - for (i = 0; i < (ssize_t) ldns_resolver_nameserver_count(local_res); i++) { - (void) ldns_resolver_push_nameserver(res, ldns_resolver_nameservers(local_res)[i]); - } / get the nameserver for the label * ask: dnskey and ds for the label
[-] [+]	Changed	ldns-1.6.10.tar.gz/examples/Makefile.in ^
@@ -42,6 +42,8 @@ # FreeBSD8 LINTFLAGS+="-D__uint16_t=uint16_t" LINTFLAGS+=-D__signed__=signed "-D__packed=" "-D__aligned(x)=" +# Ubuntu 11.04 +LINTFLAGS+="-D__u16=struct __u16" "-D__u32=struct __u32" "-D__u64=struct __u64" HEADER = config.h MAIN_SOURCES = ldns-read-zone.c \ @@ -62,6 +64,7 @@ ldns-notify.c \ ldns-testns.c \ ldns-compare-zones.c \ + ldns-gen-zone.c \ ldnsd.c MAIN_SSL_SOURCES = ldns-signzone.c \
[-] [+]	Changed	ldns-1.6.10.tar.gz/examples/configure ^
@@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.68 for ldns 1.6.9. +# Generated by GNU Autoconf 2.68 for ldns 1.6.10. # # Report bugs to <libdns@nlnetlabs.nl>. # @@ -560,8 +560,8 @@ # Identity of this package. PACKAGE_NAME='ldns' PACKAGE_TARNAME='libdns' -PACKAGE_VERSION='1.6.9' -PACKAGE_STRING='ldns 1.6.9' +PACKAGE_VERSION='1.6.10' +PACKAGE_STRING='ldns 1.6.10' PACKAGE_BUGREPORT='libdns@nlnetlabs.nl' PACKAGE_URL='' @@ -1227,7 +1227,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures ldns 1.6.9 to adapt to many kinds of systems. +\`configure' configures ldns 1.6.10 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1288,7 +1288,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short \| recursive ) echo "Configuration of ldns 1.6.9:";; + short \| recursive ) echo "Configuration of ldns 1.6.10:";; esac cat <<\_ACEOF @@ -1387,7 +1387,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -ldns configure 1.6.9 +ldns configure 1.6.10 generated by GNU Autoconf 2.68 Copyright (C) 2010 Free Software Foundation, Inc. @@ -1856,7 +1856,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by ldns $as_me 1.6.9, which was +It was created by ldns $as_me 1.6.10, which was generated by GNU Autoconf 2.68. Invocation command line was $ $0 $@ @@ -6382,7 +6382,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by ldns $as_me 1.6.9, which was +This file was extended by ldns $as_me 1.6.10, which was generated by GNU Autoconf 2.68. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -6444,7 +6444,7 @@ cat >>$CONFIG_STATUS <<_ACEOF \|\| ac_write_fail=1 ac_cs_config="`$as_echo "$ac_configure_args" \| sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`" ac_cs_version="\\ -ldns config.status 1.6.9 +ldns config.status 1.6.10 configured by $0, generated by GNU Autoconf 2.68, with options \\"\$ac_cs_config\\"
[-] [+]	Changed	ldns-1.6.10.tar.gz/examples/configure.ac ^
@@ -2,7 +2,7 @@ # Process this file with autoconf to produce a configure script. AC_PREREQ(2.56) -AC_INIT(ldns, 1.6.9, libdns@nlnetlabs.nl,libdns) +AC_INIT(ldns, 1.6.10, libdns@nlnetlabs.nl,libdns) AC_CONFIG_SRCDIR([ldns-read-zone.c]) sinclude(../acx_nlnetlabs.m4)
[-] [+]	Added	ldns-1.6.10.tar.gz/examples/ldns-gen-zone.1 ^
@@ -0,0 +1,98 @@ +.TH ldns-gen-zone 1 "10 June 2010" +.SH NAME +ldns-gen-zone \- read a zonefile and print it while adding DS records and extra RR's +.SH SYNOPSIS +.B ldns-gen-zone +.IR ZONEFILE + +.SH DESCRIPTION + +\fBldns-gen-zone\fR reads a DNS zone file and prints it. + +It is build for speed, not for a nice formatting. The output +has one resource record per line and no pretty-printing makeup. + +DNSSEC data (NSEC, NSEC3, RRSIG or DNSKEY) is not stripped. You may want to +use \fBldns-read-zone\fR for that. Existing DS records are also not stripped. + +The idea is to use this tool for quickly generating a representative +artificial zonefile from a real zonefile, to use it for testing purposes. + +.SH OPTIONS +.TP +\fB-a NUM\fR +Adds NUM extra artificial NS RRSets to the output. +The RRSets owner names start +with 'xn--' in an attempt to ensure uniqueness (nl.-zone does not support +IDN's - and this tool was written with that knowledge in mind). + +An artificial NS RRSet has two NS records; ns1.example.com and +ns2.example.com. + +.TP +\fB-p NUM\fR +Add NUM% of DS RRSets to the NS RRSets (anywhere between +1-4 DS records per RRSet). + +.TP +\fB-o ORIGIN\fR +Sets an $ORIGIN, which can be handy if the one in the zonefile +is set to '@' for example. If there is an $ORIGIN in the zonefile, +this option will silently be ignored. + +.TP +\fB-s\fR +This is the recommended way of processing large zones that +are already sorted and canonicalized (ie lowercase). It skips the +sorting and canonicalization step that is required for properly +grouping RRSets together (before adding any DS records to them. Skipping +this step will speed things up. + +It is not recommended to use this option if you want to add DS records +to unsorted, non-canonicalized zones. + +.TP +\fB-h\fR +Show usage and exit. + +.TP +\fB-v\fR +Show version and exit. + +.SH EXAMPLES + +.TP +\fBldns-gen-zone -a 100000 -p 10 -s ./zonefile.txt\fR +Read a zonefile, add 100.000 artificial NS RRSets and 10% of DS records, +print it to standard output. Don't sort (will only work well if the input +zonefile is already sorted and canonicalized). + +.TP +\fBldns-gen-zone -p 10 -s -o nl zonefile.txt \| named-compilezone -s relative -i none -o zonefile_10.txt nl /dev/stdin\fR +This creates a nicely formatted zone file with the help of \fBnamed-compilezone\fR. +It adds 10% DS records to the .nl zone, reformats it and saves it as \fBzonefile_10.txt\fR. + +.SH AUTHOR +Initially written by Marco Davids, several modifications added by Miek +Gieben, both from SIDN. + +.SH REPORTING BUGS +Report bugs to <ldns-team@nlnetlabs.nl>. + +.SH BUGS +Only undiscovered ones. + +.SH CAVEATS +May require a machine with a considerable amount of memory for large zone files. + +Fake DS records hashes are generated as digest type SHA-256 (RFC4509). Be aware not to change +the DIGESTTYPE #define in the source code in anything else but 2 if you want +to keep things realistic. + +Despite a number of efforts, this program is still not the fastest in the +world. + +.SH COPYRIGHT +Copyright (C) 2010 SIDN. This is free software. There is NO +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR +PURPOSE.
[-] [+]	Added	ldns-1.6.10.tar.gz/examples/ldns-gen-zone.c ^
@@ -0,0 +1,310 @@ +/* + * Reads a zone file from disk and prints it to stdout, one RR per line. + * Adds artificial DS records and RRs. + * For the purpose of generating a test zone file + * + * (c) SIDN 2010/2011 - Marco Davids/Miek Gieben + * + * See the LICENSE file for the license + / + +#include "config.h" +#include <unistd.h> +#include <stdlib.h> +#include <ldns/ldns.h> +#include <errno.h> + +#define NUM_DS 4 / maximum of 4 DS records per delegation / +#define ALGO 8 / Algorithm to use for fake DS records - RSASHA256 - RFC5702 / +#define DIGESTTYPE 2 / Digest type to use for fake DS records - SHA-256 - RFC 4509 / + + +/* + * Usage function. + * + / +static void +usage(FILE fp, char prog) { + fprintf(fp, "\n\nUsage: %s [-hsv] [-ap NUM] [-o ORIGIN] [<zonefile>]\n", prog); + fprintf(fp, "\tReads a zonefile and add some artificial NS RRsets and DS records.\n"); + fprintf(fp, "\tIf no zonefile is given, the zone is read from stdin.\n"); + fprintf(fp, "\t-a <NUM> add NUM artifical delegations (NS RRSets) to output.\n"); + fprintf(fp, "\t-p <NUM> add NUM percent of DS RRset's to the NS RRsets (1-%d RR's per DS RRset).\n", NUM_DS); + fprintf(fp, "\t-o ORIGIN sets an $ORIGIN, which can be handy if the one in the zonefile is set to @.\n"); + fprintf(fp, "\t-s if input zone file is already sorted and canonicalized (ie all lowercase),\n\t use this option to speed things up while inserting DS records.\n"); + fprintf(fp, "\t-h show this text.\n"); + fprintf(fp, "\t-v shows the version and exits.\n"); + fprintf(fp, "\nif no file is given standard input is read.\n\n"); +} + +/* + * Insert the DS records, return the amount added. + * + / +static int +insert_ds(ldns_rdf dsowner, uint32_t ttl) +{ + int d, dsrand; + int keytag = 0; + char dsownerstr; + char digeststr[70]; + + /* + * Average the amount of DS records per delegation a little. + / + dsrand = 1+rand() % NUM_DS; + for(d = 0; d < dsrand; d++) { + keytag = 1+rand() % 65535; + /* + * Dynamic hashes method below is still too slow... 20% slower than a fixed string... + * + * We assume RAND_MAX is 32 bit, http://www.gnu.org/s/libc/manual/html_node/ISO-Random.html + * 2147483647 or 0x7FFFFFFF + / + snprintf(digeststr, 65, + "%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x%08x", + (unsigned) rand()%RAND_MAX, (unsigned) rand()%RAND_MAX, (unsigned) rand()%RAND_MAX, + (unsigned) rand()%RAND_MAX, (unsigned) rand()%RAND_MAX, (unsigned) rand()%RAND_MAX, + (unsigned) rand()%RAND_MAX, (unsigned) rand()%RAND_MAX, (unsigned) rand()%RAND_MAX, + (unsigned) rand()%RAND_MAX, (unsigned) rand()%RAND_MAX, (unsigned) rand()%RAND_MAX, + (unsigned) rand()%RAND_MAX, (unsigned) rand()%RAND_MAX, (unsigned) rand()%RAND_MAX, + (unsigned) rand()%RAND_MAX); + dsownerstr = ldns_rdf2str(dsowner); + fprintf(stdout, "%s\t%u\tIN\tDS\t%d %d %d %s\n", dsownerstr, (unsigned) ttl, keytag, ALGO, DIGESTTYPE, digeststr); + } + return dsrand; +} + +int +main(int argc, char argv) { + char filename, rrstr, ownerstr; + char classtypestr1 = "IN NS ns1.example.com."; + char classtypestr2 = "IN NS ns2.example.com."; + const size_t classtypelen = strlen(classtypestr1); + /* Simply because this was developed by SIDN and we don't use xn-- for .nl :-) / + const char punystr = "xn--fake-rr"; + const size_t punylen = strlen(punystr); + size_t rrstrlen, ownerlen; + FILE fp; + int c, nsrand; + uint32_t ttl; + int counta,countd,countr; + ldns_zone z; + ldns_rdf origin = NULL; + int line_nr = 0; + int addrrs = 0; + int dsperc = 0; + bool canonicalize = true; + bool sort = true; + bool do_ds = false; + ldns_status s; + size_t i; + ldns_rr_list rrset_list; + ldns_rdf owner; + ldns_rr_type cur_rr_type; + ldns_rr cur_rr; + ldns_status status; + + counta = countd = countr = 0; + + /** + * Set some random seed. + / + srand((unsigned int)time(NULL)); + + /* + * Commandline options. + / + while ((c = getopt(argc, argv, "a:p:shvo:")) != -1) { + switch (c) { + case 'a': + addrrs = atoi(optarg); + if (addrrs <= 0) { + fprintf(stderr, "error\n"); + exit(EXIT_FAILURE); + } + break; + case 'o': + origin = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, optarg); + if (!origin) { + fprintf(stderr, "error: creating origin from -o %s failed.\n", optarg); + exit(EXIT_FAILURE); + } + break; + case 'p': + dsperc = atoi(optarg); + if (dsperc <= 0 \|\| dsperc > 100) { + fprintf(stderr, "error: percentage of signed delegations must be between [0-100].\n"); + exit(EXIT_FAILURE); + } + do_ds = true; + break; + case 's': + sort = false; + canonicalize = false; + break; + case 'h': + usage(stdout, argv[0]); + exit(EXIT_SUCCESS); + case 'v': + fprintf(stdout, "ldns-gen-zone version %s (ldns version %s)\n", LDNS_VERSION, ldns_version()); + exit(EXIT_SUCCESS); + default: + fprintf(stderr, "\nTry -h for more information.\n\n"); + exit(EXIT_FAILURE); + } + } + argc -= optind; + argv += optind; + + /* + * Read zone. + / + if (argc == 0) { + fp = stdin; + } else { + filename = argv[0]; + fp = fopen(filename, "r"); + if (!fp) { + fprintf(stderr, "Unable to open %s: %s\n", filename, strerror (errno)); + exit(EXIT_FAILURE); + } + } + s = ldns_zone_new_frm_fp_l(&z, fp, origin, 0, LDNS_RR_CLASS_IN, &line_nr); + if (s != LDNS_STATUS_OK) { + fprintf(stderr, "%s at %d\n", ldns_get_errorstr_by_id(s), line_nr); + exit(EXIT_FAILURE); + } + if (!ldns_zone_soa(z)) { + fprintf(stderr, "No zone data seen\n"); + exit(EXIT_FAILURE); + } + + ttl = ldns_rr_ttl(ldns_zone_soa(z)); + if (!origin) { + origin = ldns_rr_owner(ldns_zone_soa(z)); + // Check for root (.) origin here TODO(MG) + } + ownerstr = ldns_rdf2str(origin); + if (!ownerstr) { + fprintf(stderr, "ldns_rdf2str(origin) failed\n"); + exit(EXIT_FAILURE); + } + ownerlen = strlen(ownerstr); + + ldns_rr_print(stdout, ldns_zone_soa(z)); + + if (addrrs > 0) { + while (addrrs > counta) { + counta++; + rrstrlen = punylen + ownerlen + classtypelen + 4; + rrstrlen = 2; /* estimate / + rrstr = (char)malloc(rrstrlen); + if (!rrstr) { + fprintf(stderr, "malloc() failed: Out of memory\n"); + exit(EXIT_FAILURE); + } + (void)snprintf(rrstr, rrstrlen, "%s%d.%s %u %s", punystr, counta, + ownerstr, (unsigned) ttl, classtypestr1); + status = ldns_rr_new_frm_str(&cur_rr, rrstr, 0, NULL, NULL); + if (status == LDNS_STATUS_OK) { + ldns_rr_print(stdout, cur_rr); + ldns_rr_free(cur_rr); + } else { + fprintf(stderr, "ldns_rr_new_frm_str() failed\n"); + exit(EXIT_FAILURE); + } + + (void)snprintf(rrstr, rrstrlen, "%s%d.%s %u %s", punystr, counta, + ownerstr, (unsigned) ttl, classtypestr2); + status = ldns_rr_new_frm_str(&cur_rr, rrstr, 0, NULL, NULL); + if (status == LDNS_STATUS_OK) { + ldns_rr_print(stdout, cur_rr); + } else { + fprintf(stderr, "ldns_rr_new_frm_str() failed\n"); + exit(EXIT_FAILURE); + } + + free(rrstr); + + /* may we add a DS record as well? / + if (do_ds) { + / + * Per definition this may not be the same as the origin, so no + * check required same for NS check - so the only thing left is some + * randomization. + / + nsrand = rand() % 100; + if (nsrand < dsperc) { + owner = ldns_rr_owner(cur_rr); + ttl = ldns_rr_ttl(cur_rr); + countd += insert_ds(owner, ttl); + } + } + ldns_rr_free(cur_rr); + } + } + + if (!do_ds) { + ldns_rr_list_print(stdout, ldns_zone_rrs(z)); + } else { + / + * We use dns_rr_list_pop_rrset and that requires a sorted list weird things may happen + * if the -s option was used on unsorted, non-canonicalized input + / + if (canonicalize) { + ldns_rr2canonical(ldns_zone_soa(z)); + for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(z)); i++) { + ldns_rr2canonical(ldns_rr_list_rr(ldns_zone_rrs(z), i)); + } + } + + if (sort) { + ldns_zone_sort(z); + } + + / Work on a per RRset basis for DS records - weird things will happen if the -s option + * was used in combination with an unsorted zone file + / + while((rrset_list = ldns_rr_list_pop_rrset(ldns_zone_rrs(z)))) { + owner = ldns_rr_list_owner(rrset_list); + cur_rr_type = ldns_rr_list_type(rrset_list); + /* + * Print them... + / + cur_rr = ldns_rr_list_pop_rr(rrset_list); + while (cur_rr) { + ttl = ldns_rr_ttl(cur_rr); + fprintf(stdout, "%s", ldns_rr2str(cur_rr)); + cur_rr = ldns_rr_list_pop_rr(rrset_list); + } + / + * And all the way at the end a DS record if + * we are dealing with an NS rrset + / + nsrand = rand() % 100; + if (nsrand == 0) { + nsrand = 100; + } + + if ((cur_rr_type == LDNS_RR_TYPE_NS) && + (ldns_rdf_compare(owner, origin) != 0) && (nsrand < dsperc)) { + /* + * No DS records for the $ORIGIN, only for delegations, obey dsperc. + / + countr++; + countd += insert_ds(owner, ttl); + } + ldns_rr_list_free(rrset_list); + ldns_rdf_free(owner); + } + } + + /* + * And done... + */ + fclose(fp); + fprintf(stdout, ";; Added %d DS records (percentage was %d) to %d NS RRset's (from input-zone: %d, from added: %d)\n;; lines in original input-zone: %d\n", + countd, dsperc, counta + countr, countr, counta, line_nr); + exit(EXIT_SUCCESS); +}
[-] [+]	Changed	ldns-1.6.10.tar.gz/examples/ldns-read-zone.c ^
@@ -102,7 +102,7 @@ if (cur_rr_type == LDNS_RR_TYPE_RRSIG \|\| cur_rr_type == LDNS_RR_TYPE_NSEC \|\| cur_rr_type == LDNS_RR_TYPE_NSEC3 \|\| - cur_rr_type == LDNS_RR_TYPE_NSEC3PARAMS + cur_rr_type == LDNS_RR_TYPE_NSEC3PARAM ) { ldns_rr_free(cur_rr); } else { @@ -119,7 +119,7 @@ if (cur_rr_type == LDNS_RR_TYPE_RRSIG \|\| cur_rr_type == LDNS_RR_TYPE_NSEC \|\| cur_rr_type == LDNS_RR_TYPE_NSEC3 \|\| - cur_rr_type == LDNS_RR_TYPE_NSEC3PARAMS + cur_rr_type == LDNS_RR_TYPE_NSEC3PARAM ) { ldns_rr_list_push_rr(stripped_list, cur_rr); } else {
[-] [+]	Changed	ldns-1.6.10.tar.gz/examples/ldns-rrsig.c ^
@@ -34,10 +34,11 @@ uint8_t i, j; ldns_rr_type t; char * type_name; - time_t incep, expir; + struct tm incep, expir; char incep_buf[26]; char expir_buf[26]; ldns_status s; + time_t now = time(NULL); p = NULL; rrsig = NULL; @@ -178,19 +179,30 @@ } for(i = 0; i < ldns_rr_list_rr_count(rrsig_type); i++) { - incep = ldns_rdf2native_time_t( - ldns_rr_rrsig_inception( - ldns_rr_list_rr(rrsig_type, i))); - expir = ldns_rdf2native_time_t( - ldns_rr_rrsig_expiration( - ldns_rr_list_rr(rrsig_type, i))); - - /* convert to human readable / - ctime_r(&incep, incep_buf); - ctime_r(&expir, expir_buf); - / kill the newline */ - incep_buf[24] = '\0'; - expir_buf[24] = '\0'; + memset(&incep, 0, sizeof(incep)); + if (ldns_serial_arithmitics_gmtime_r( + ldns_rdf2native_time_t( + ldns_rr_rrsig_inception( + ldns_rr_list_rr(rrsig_type, i))), + now, &incep + ) + && asctime_r(&incep, incep_buf)) { + incep_buf[24] = '\0'; + } else { + incep_buf[0] = '\0'; + } + memset(&expir, 0, sizeof(expir)); + if (ldns_serial_arithmitics_gmtime_r( + ldns_rdf2native_time_t( + ldns_rr_rrsig_expiration( + ldns_rr_list_rr(rrsig_type, i))), + now, &expir + ) + && asctime_r(&expir, expir_buf)) { + expir_buf[24] = '\0'; + } else { + expir_buf[0] = '\0'; + } fprintf(stdout, "%s RRSIG(%s): %s - %s\n", argv[1], type_name, incep_buf, expir_buf);
[-] [+]	Changed	ldns-1.6.10.tar.gz/examples/ldns-test-edns.c ^
@@ -215,7 +215,7 @@ int main(int argc, char **argv) { - int i, r, info=0, ok=0; + int i, r=0, info=0, ok=0; #ifdef USE_WINSOCK WSADATA wsa_data; if(WSAStartup(MAKEWORD(2,2), &wsa_data) != 0) {
[-] [+]	Changed	ldns-1.6.10.tar.gz/examples/ldns-verify-zone.c ^
@@ -21,21 +21,6 @@ int verbosity = 3; -/* returns 1 if the list is empty, or if there are only ns rrs in the - * list, 0 otherwise / -static int -only_ns_in_rrsets(ldns_dnssec_rrsets rrsets) { - ldns_dnssec_rrsets cur_rrset = rrsets; - - while (cur_rrset) { - if (cur_rrset->type != LDNS_RR_TYPE_NS) { - return 0; - } - cur_rrset = cur_rrset->next; - } - return 1; -} - static int zone_is_nsec3_optout(ldns_rbtree_t zone_nodes) { @@ -144,8 +129,7 @@ verify_dnssec_rrset(ldns_rdf zone_name, ldns_rdf name, ldns_dnssec_rrsets rrset, - ldns_rr_list keys, - ldns_rr_list glue_rrs) + ldns_rr_list keys) { ldns_rr_list rrset_rrs; ldns_dnssec_rrs cur_rr, cur_sig; @@ -357,29 +341,10 @@ } } -static ldns_rbnode_t -next_nonglue_node(ldns_rbnode_t node, ldns_rr_list glue_rrs) -{ - ldns_rbnode_t cur_node = ldns_rbtree_next(node); - ldns_dnssec_name cur_name; - while (cur_node != LDNS_RBTREE_NULL) { - cur_name = (ldns_dnssec_name ) cur_node->data; - if (cur_name && cur_name->name) { - if (!ldns_rr_list_contains_name(glue_rrs, cur_name->name)) { - return cur_node; - } - } - cur_node = ldns_rbtree_next(cur_node); - } - return LDNS_RBTREE_NULL; -} - static ldns_status verify_nsec(ldns_rbtree_t zone_nodes, ldns_rbnode_t cur_node, - ldns_rr_list keys, - ldns_rr_list glue_rrs -) + ldns_rr_list keys) { ldns_rbnode_t next_node; ldns_dnssec_name name, next_name; @@ -409,10 +374,11 @@ switch (ldns_rr_get_type(name->nsec)) { case LDNS_RR_TYPE_NSEC: / simply try next name / - next_node = next_nonglue_node(cur_node, glue_rrs); + next_node = ldns_rbtree_next(cur_node); if (next_node == LDNS_RBTREE_NULL) { next_node = ldns_rbtree_first(zone_nodes); } + next_node = ldns_dnssec_name_node_next_nonglue(next_node); next_name = (ldns_dnssec_name )next_node->data; if (ldns_dname_compare(next_name->name, ldns_rr_rdf(name->nsec, 0)) @@ -420,6 +386,13 @@ printf("Error: the NSEC record for "); ldns_rdf_print(stdout, name->name); printf(" points to the wrong next owner name\n"); + if (verbosity >= 4) { + printf(" : "); + ldns_rdf_print(stdout,ldns_rr_rdf(name->nsec, 0)); + printf(" i.s.o. "); + ldns_rdf_print(stdout, next_name->name); + printf(".\n"); + } if (result == LDNS_STATUS_OK) { result = LDNS_STATUS_ERR; } @@ -442,7 +415,14 @@ } else { /* todo; do this once and cache result? / if (zone_is_nsec3_optout(zone_nodes) && - only_ns_in_rrsets(name->rrsets)) { + ( ldns_dnssec_name_is_glue(name) + \|\| ( + ldns_dnssec_rrsets_contains_type( + name->rrsets, LDNS_RR_TYPE_NS) + && !ldns_dnssec_rrsets_contains_type( + name->rrsets, LDNS_RR_TYPE_DS) + ) + )) { / ok, no problem, but we need to remember to check * whether the chain does not actually point to this * name later / @@ -460,34 +440,18 @@ return result; } -static int -ldns_dnssec_name_has_only_a(ldns_dnssec_name cur_name) -{ - ldns_dnssec_rrsets cur_rrset; - cur_rrset = cur_name->rrsets; - while (cur_rrset) { - if (cur_rrset->type != LDNS_RR_TYPE_A && - cur_rrset->type != LDNS_RR_TYPE_AAAA) { - return 0; - } else { - cur_rrset = cur_rrset->next; - } - } - return 1; -} - static ldns_status verify_dnssec_name(ldns_rdf zone_name, ldns_dnssec_zone zone, ldns_rbtree_t zone_nodes, ldns_rbnode_t cur_node, - ldns_rr_list keys, - ldns_rr_list glue_rrs) + ldns_rr_list keys) { ldns_status result = LDNS_STATUS_OK; ldns_status status; ldns_dnssec_rrsets cur_rrset; ldns_dnssec_name name; + int on_delegation_point; /* for NSEC chain checks / name = (ldns_dnssec_name ) cur_node->data; @@ -497,9 +461,7 @@ printf("\n"); } - if (ldns_rr_list_contains_name(glue_rrs, name->name) && - ldns_dnssec_name_has_only_a(name) - ) { + if (ldns_dnssec_name_is_glue(name)) { /* glue / cur_rrset = name->rrsets; while (cur_rrset) { @@ -525,11 +487,26 @@ } } else { / not glue, do real verify / + + on_delegation_point = ldns_dnssec_rrsets_contains_type( + name->rrsets, LDNS_RR_TYPE_NS) + && !ldns_dnssec_rrsets_contains_type( + name->rrsets, LDNS_RR_TYPE_SOA); + cur_rrset = name->rrsets; while(cur_rrset) { - if (cur_rrset->type != LDNS_RR_TYPE_A \|\| - !ldns_dnssec_zone_find_rrset(zone, name->name, LDNS_RR_TYPE_NS)) { - status = verify_dnssec_rrset(zone_name, name->name, cur_rrset, keys, glue_rrs); + + / Do not check occluded rrsets + * on the delegation point + / + if ( ( on_delegation_point && ( + cur_rrset->type == LDNS_RR_TYPE_NS + \|\| cur_rrset->type == LDNS_RR_TYPE_DS)) + \|\| (!on_delegation_point && + cur_rrset->type != LDNS_RR_TYPE_RRSIG + && cur_rrset->type != LDNS_RR_TYPE_NSEC)) { + + status = verify_dnssec_rrset(zone_name, name->name, cur_rrset, keys); if (status != LDNS_STATUS_OK && result == LDNS_STATUS_OK) { result = status; } @@ -537,7 +514,7 @@ cur_rrset = cur_rrset->next; } - status = verify_nsec(zone_nodes, cur_node, keys, glue_rrs); + status = verify_nsec(zone_nodes, cur_node, keys); if (result == LDNS_STATUS_OK) { result = status; } @@ -547,9 +524,7 @@ static ldns_status verify_dnssec_zone(ldns_dnssec_zone dnssec_zone, - ldns_rdf zone_name, - ldns_rr_list glue_rrs) -{ + ldns_rdf zone_name) { ldns_rr_list keys; ldns_rbnode_t cur_node; ldns_dnssec_rrsets cur_key_rrset; @@ -591,8 +566,7 @@ dnssec_zone, dnssec_zone->names, cur_node, - keys, - glue_rrs); + keys); if (status != LDNS_STATUS_OK && result == LDNS_STATUS_OK) { result = status; } @@ -615,7 +589,6 @@ ldns_status s; ldns_dnssec_zone dnssec_zone; ldns_status result = LDNS_STATUS_ERR; - ldns_rr_list glue_rrs; while ((c = getopt(argc, argv, "hvV:")) != -1) { switch(c) { @@ -669,16 +642,20 @@ exit(1); } - glue_rrs = ldns_zone_glue_rr_list(z); dnssec_zone = create_dnssec_zone(z); + result = ldns_dnssec_zone_mark_glue(dnssec_zone); + if (result != LDNS_STATUS_OK) { + if (verbosity >= 1) { + printf("There were errors identifying the glue in the zone\n"); + } + } if (verbosity >= 5) { ldns_dnssec_zone_print(stdout, dnssec_zone); } result = verify_dnssec_zone(dnssec_zone, - ldns_rr_owner(ldns_zone_soa(z)), - glue_rrs); + ldns_rr_owner(ldns_zone_soa(z))); if (result == LDNS_STATUS_OK) {
[-] [+]	Changed	ldns-1.6.10.tar.gz/host2str.c ^
@@ -330,13 +330,12 @@ ldns_rdf2buffer_str_time(ldns_buffer output, const ldns_rdf rdf) { /* create a YYYYMMDDHHMMSS string if possible */ - time_t data_time = (time_t) ldns_read_uint32(ldns_rdf_data(rdf)); struct tm tm; char date_buf[16]; memset(&tm, 0, sizeof(tm)); - - if (gmtime_r(&data_time, &tm) && strftime(date_buf, 15, "%Y%m%d%H%M%S", &tm)) { + if (ldns_serial_arithmitics_gmtime_r(ldns_rdf2native_int32(rdf), time(NULL), &tm) + && strftime(date_buf, 15, "%Y%m%d%H%M%S", &tm)) { ldns_buffer_printf(output, "%s", date_buf); } return ldns_buffer_status(output);
[-] [+]	Added	ldns-1.6.10.tar.gz/ldns/common.h.in ^
@@ -0,0 +1,69 @@ +/** + * \file common.h + * + * Common definitions for LDNS + / + +/* + * a Net::DNS like library for C + * + * (c) NLnet Labs, 2004-2006 + * + * See the file LICENSE for the license + / + +#ifndef LDNS_COMMON_H +#define LDNS_COMMON_H + +/ + * The build configuration that is used in the distributed headers, + * as detected and determined by the auto configure script. + / +#define LDNS_BUILD_CONFIG_HAVE_SSL @ldns_build_config_have_ssl@ +#define LDNS_BUILD_CONFIG_USE_ECDSA @ldns_build_config_use_ecdsa@ +#define LDNS_BUILD_CONFIG_HAVE_INTTYPES_H @ldns_build_config_have_inttypes_h@ +#define LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT @ldns_build_config_have_attr_format@ +#define LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED @ldns_build_config_have_attr_unused@ + +/ + * HAVE_STDBOOL_H is not available when distributed as a library, but no build + * configuration variables may be used (like those above) because the header + * is sometimes only available when using special compiler flags to enable the + * c99 environment. Because we cannot force the usage of this flag, we have to + * provide a default type. Below what is suggested by the autoconf manual. + / +/@ignore@/ +/ splint barfs on this construct / +#ifdef HAVE_STDBOOL_H +# include <stdbool.h> +#else +# ifndef HAVE__BOOL +# ifdef __cplusplus +typedef bool _Bool; +# else +# define _Bool signed char +# endif +# endif +# define bool _Bool +# define false 0 +# define true 1 +# define __bool_true_false_are_defined 1 +#endif +/@end@/ + +#if LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT +#define ATTR_FORMAT(archetype, string_index, first_to_check) \ + __attribute__ ((format (archetype, string_index, first_to_check))) +#else / !LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT / +#define ATTR_FORMAT(archetype, string_index, first_to_check) / empty / +#endif / !LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT / + +#if defined(__cplusplus) +#define ATTR_UNUSED(x) +#elif LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED +#define ATTR_UNUSED(x) x __attribute__((unused)) +#else / !LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED / +#define ATTR_UNUSED(x) x +#endif / !LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED / + +#endif / LDNS_COMMON_H */
[-] [+]	Changed	ldns-1.6.10.tar.gz/ldns/config.h.in ^
@@ -24,6 +24,12 @@ /* Define to 1 if you have the `b64_pton' function. / #undef HAVE_B64_PTON +/ Define to 1 if you have the `bzero' function. / +#undef HAVE_BZERO + +/ Define to 1 if you have the `calloc' function. / +#undef HAVE_CALLOC + / Define to 1 if you have the `ctime_r' function. / #undef HAVE_CTIME_R @@ -93,6 +99,9 @@ / Define to 1 if you have the <memory.h> header file. / #undef HAVE_MEMORY_H +/ Define to 1 if you have the `memset' function. / +#undef HAVE_MEMSET + / Define to 1 if you have the <netdb.h> header file. / #undef HAVE_NETDB_H @@ -130,7 +139,7 @@ / Define to 1 if you have the <stdarg.h> header file. / #undef HAVE_STDARG_H -/ Define to 1 if you have the <stdbool.h> header file. / +/ Define to 1 if stdbool.h conforms to C99. / #undef HAVE_STDBOOL_H / Define to 1 if you have the <stdint.h> header file. / @@ -184,6 +193,9 @@ / Define to 1 if you have the <ws2tcpip.h> header file. / #undef HAVE_WS2TCPIP_H +/ Define to 1 if the system has the type `_Bool'. / +#undef HAVE__BOOL + / Define to the sub-directory in which libtool stores uninstalled libraries. / #undef LT_OBJDIR @@ -206,6 +218,9 @@ / Define to the version of this package. / #undef PACKAGE_VERSION +/ The size of `time_t', as computed by sizeof. / +#undef SIZEOF_TIME_T + / Define to 1 if you have the ANSI C header files. */ #undef STDC_HEADERS
[-] [+]	Changed	ldns-1.6.10.tar.gz/ldns/dnssec.h ^
@@ -23,11 +23,11 @@ #ifndef LDNS_DNSSEC_H #define LDNS_DNSSEC_H -#ifdef HAVE_SSL +#include <ldns/common.h> +#if LDNS_BUILD_CONFIG_HAVE_SSL #include <openssl/ssl.h> #include <openssl/evp.h> -#endif /* HAVE_SSL / -#include <ldns/common.h> +#endif / LDNS_BUILD_CONFIG_HAVE_SSL / #include <ldns/packet.h> #include <ldns/keys.h> #include <ldns/zone.h> @@ -127,7 +127,7 @@ / uint16_t ldns_calc_keytag_raw(uint8_t* key, size_t keysize); -#ifdef HAVE_SSL +#if LDNS_BUILD_CONFIG_HAVE_SSL /** * converts a buffer holding key material to a DSA key in openssl. * @@ -173,9 +173,9 @@ / EVP_PKEY ldns_ecdsa2pkey_raw(unsigned char* key, size_t keylen, uint8_t algo); -#endif /* HAVE_SSL / +#endif / LDNS_BUILD_CONFIG_HAVE_SSL / -#ifdef HAVE_SSL +#if LDNS_BUILD_CONFIG_HAVE_SSL /* * converts a buffer holding key material to a RSA key in openssl. * @@ -191,7 +191,7 @@ * \return a RSA * structure with the key material / RSA ldns_key_buf2rsa_raw(unsigned char* key, size_t len); -#endif /* HAVE_SSL / +#endif / LDNS_BUILD_CONFIG_HAVE_SSL / /* * returns a new DS rr that represents the given key rr. @@ -211,6 +211,16 @@ ldns_rr_type nsec_type); /** + * returns whether a rrset of the given type is found in the rrsets. + * + * \param[in] rrsets the rrsets to be tested + * \param[in] type the type to test for + * \return int 1 if the type was found, 0 otherwise. + / +int +ldns_dnssec_rrsets_contains_type (ldns_dnssec_rrsets rrsets, ldns_rr_type type); + +/** * Creates NSEC / ldns_rr @@ -372,7 +382,7 @@ / bool ldns_nsec_covers_name(const ldns_rr nsec, const ldns_rdf name); -#ifdef HAVE_SSL +#if LDNS_BUILD_CONFIG_HAVE_SSL /* * verify a packet * \param[in] p the packet @@ -438,7 +448,7 @@ / int ldns_dnssec_default_replace_signatures(ldns_rr sig, void n); -#ifdef HAVE_SSL +#if LDNS_BUILD_CONFIG_HAVE_SSL /* * Converts the DSA signature from ASN1 representation (RFC2459, as * used by OpenSSL) to raw signature data as used in DNS (rfc2536) @@ -488,7 +498,7 @@ ldns_convert_ecdsa_rrsig_rdf2asn1(ldns_buffer target_buffer, const ldns_rdf sig_rdf); -#endif /* HAVE_SSL / +#endif / LDNS_BUILD_CONFIG_HAVE_SSL */ #ifdef __cplusplus }
[-] [+]	Changed	ldns-1.6.10.tar.gz/ldns/dnssec_sign.h ^
@@ -42,7 +42,7 @@ / ldns_rr_list ldns_sign_public(ldns_rr_list rrset, ldns_key_list keys); -#ifdef HAVE_SSL +#if LDNS_BUILD_CONFIG_HAVE_SSL /** * Sign a buffer with the DSA key (hash with SHA1) * \param[in] to_sign buffer with the data @@ -80,11 +80,42 @@ * \return a ldns_rdf with the signed data / ldns_rdf ldns_sign_public_rsamd5(ldns_buffer to_sign, RSA key); -#endif /* HAVE_SSL / +#endif / LDNS_BUILD_CONFIG_HAVE_SSL / /* - * Finds the first dnssec_name node in the rbtree that has not been marked - * as glue, starting at the given node + * Marks the names in the zone that are occluded. Those names will be skipped + * when walking the tree with the ldns_dnssec_name_node_next_nonglue() + * function. But watch out! Names that are partially occluded (like glue with + * the same name as the delegation) will not be marked and should specifically + * be taken into account seperately. + * + * When glue_list is given (not NULL), in the process of marking the names, all + * glue resource records will be pushed to that list, even glue at the delegation name. + * + * \param[in] zone the zone in which to mark the names + * \param[in] glue_list the list to which to push the glue rrs + * \return LDNS_STATUS_OK on success, an error code otherwise + / +ldns_status +ldns_dnssec_zone_mark_and_get_glue( + ldns_dnssec_zone zone, ldns_rr_list glue_list); + +/* + * Marks the names in the zone that are occluded. Those names will be skipped + * when walking the tree with the ldns_dnssec_name_node_next_nonglue() + * function. But watch out! Names that are partially occluded (like glue with + * the same name as the delegation) will not be marked and should specifically + * be taken into account seperately. + * + * \param[in] zone the zone in which to mark the names + * \return LDNS_STATUS_OK on succesful completion + / +ldns_status +ldns_dnssec_zone_mark_glue(ldns_dnssec_zone zone); + +/** + * Finds the first dnssec_name node in the rbtree that is not occluded. + * It does return names that are partially occluded. * * \param[in] node the first node to check * \return the first node that has not been marked as glue, or NULL
[-] [+]	Changed	ldns-1.6.10.tar.gz/ldns/dnssec_verify.h ^
@@ -390,6 +390,31 @@ bool packet_nodata); /** + * Same as ldns_status ldns_dnssec_verify_denial_nsec3 but also returns + * the nsec rr that matched. + * + * \param[in] rr The (query) RR to check the denial of existence for + * \param[in] nsecs The list of NSEC3 RRs that are supposed to deny the + * existence of the RR + * \param[in] rrsigs The RRSIG rr covering the NSEC RRs + * \param[in] packet_rcode The RCODE value of the packet that provided the + * NSEC3 RRs + * \param[in] packet_qtype The original query RR type + * \param[in] packet_nodata True if the providing packet had an empty ANSWER + * section + * \param[in] match On match, the given (reference to a) pointer will be set + * to point to the matching nsec resource record. + * \return LDNS_STATUS_OK if the NSEC3 RRs deny the existence, error code + * containing the reason they do not otherwise + / +ldns_status ldns_dnssec_verify_denial_nsec3_match(ldns_rr rr, + ldns_rr_list nsecs, + ldns_rr_list rrsigs, + ldns_pkt_rcode packet_rcode, + ldns_rr_type packet_qtype, + bool packet_nodata, + ldns_rr match); +/ * Verifies the already processed data in the buffers * This function should probably not be used directly. * @@ -465,6 +490,7 @@ ldns_rr rrsig, ldns_rr key); +#if LDNS_BUILD_CONFIG_HAVE_SSL /** * verifies a buffer with signature data for a buffer with rrset data * with an EVP_PKEY @@ -474,12 +500,10 @@ * \param[in] key the EVP key structure * \param[in] digest_type The digest type of the signature / -#ifdef HAVE_SSL ldns_status ldns_verify_rrsig_evp(ldns_buffer sig, ldns_buffer rrset, EVP_PKEY key, const EVP_MD digest_type); -#endif /* * Like ldns_verify_rrsig_evp, but uses raw signature data. @@ -489,7 +513,6 @@ * \param[in] key the EVP key structure * \param[in] digest_type The digest type of the signature / -#ifdef HAVE_SSL ldns_status ldns_verify_rrsig_evp_raw(unsigned char sig, size_t siglen, ldns_buffer *rrset,
[-] [+]	Changed	ldns-1.6.10.tar.gz/ldns/dnssec_zone.h ^
@@ -70,8 +70,13 @@ / ldns_dnssec_rrs nsec_signatures; /** - * Set to true if this name is glue - * (as marked by ldns_dnssec_zone_mark_glue()) + * Unlike what the name is_glue suggests, this field is set to true by + * ldns_dnssec_zone_mark_glue() or ldns_dnssec_zone_mark_and_get_glue() + * when the name, this dnssec_name struct represents, is occluded. + * Names that contain other occluded rrsets and records with glue on + * the delegation point will NOT have this bool set to true. + * This field should NOT be read directly, but only via the + * ldns_dnssec_name_is_glue() function! / bool is_glue; /* @@ -237,6 +242,18 @@ / void ldns_dnssec_name_set_name(ldns_dnssec_name name, ldns_rdf dname); +/* + * Returns if dnssec_name structure is marked as glue. + * The ldns_dnssec_zone_mark_glue() function has to be called on a zone before + * using this function. + * Only names that have only glue rrsets will be marked. + * Names that have other occluded rrsets and names containing glue on the + * delegation point will NOT be marked! + * + * \param[in] name the dnssec name to get the domain name from + * \return true if the structure is marked as glue, false otherwise. + / +bool ldns_dnssec_name_is_glue(ldns_dnssec_name name); /** * Sets the NSEC(3) RR of the given dnssec_name structure
[-] [+]	Changed	ldns-1.6.10.tar.gz/ldns/keys.h ^
@@ -21,9 +21,10 @@ #ifndef LDNS_KEYS_H #define LDNS_KEYS_H -#ifdef HAVE_SSL +#include <ldns/common.h> +#if LDNS_BUILD_CONFIG_HAVE_SSL #include <openssl/ssl.h> -#endif /* HAVE_SSL / +#endif / LDNS_BUILD_CONFIG_HAVE_SSL / #include <ldns/dnssec.h> #include <ldns/util.h> #include <errno.h> @@ -53,7 +54,7 @@ LDNS_RSASHA256 = 8, / RFC 5702 / LDNS_RSASHA512 = 10, / RFC 5702 / LDNS_ECC_GOST = 12, / RFC 5933 / -#ifdef USE_ECDSA +#if LDNS_BUILD_CONFIG_USE_ECDSA / this ifdef has to be removed once it is no longer experimental, * to be able to use these values outside of the ldns library itself / LDNS_ECDSAP256SHA256 = 13, / draft-hoffman-dnssec-ecdsa / @@ -73,7 +74,7 @@ LDNS_SHA1 = 1, / RFC 4034 / LDNS_SHA256 = 2, / RFC 4509 / LDNS_HASH_GOST = 3 / RFC 5933 / -#ifdef USE_ECDSA +#if LDNS_BUILD_CONFIG_USE_ECDSA / this ifdef has to be removed once it is no longer experimental, * to be able to use these values outside of the ldns library itself / ,LDNS_SHA384 = 4 / draft-hoffman-dnssec-ecdsa EXPERIMENTAL / @@ -94,7 +95,7 @@ LDNS_SIGN_RSASHA512 = LDNS_RSASHA512, LDNS_SIGN_DSA_NSEC3 = LDNS_DSA_NSEC3, LDNS_SIGN_ECC_GOST = LDNS_ECC_GOST, -#ifdef USE_ECDSA +#if LDNS_BUILD_CONFIG_USE_ECDSA / this ifdef has to be removed once it is no longer experimental, * to be able to use these values outside of the ldns library itself / LDNS_SIGN_ECDSAP256SHA256 = LDNS_ECDSAP256SHA256, @@ -123,13 +124,13 @@ /* Storage pointers for the types of keys supported / / TODO remove unions? / struct { -#ifdef HAVE_SSL +#if LDNS_BUILD_CONFIG_HAVE_SSL #ifndef S_SPLINT_S / The key can be an OpenSSL EVP Key / EVP_PKEY key; #endif -#endif /* HAVE_SSL / +#endif / LDNS_BUILD_CONFIG_HAVE_SSL / /* * The key can be an HMAC key / @@ -220,7 +221,7 @@ / ldns_status ldns_key_new_frm_fp_l(ldns_key *k, FILE fp, int line_nr); -#ifdef HAVE_SSL +#if LDNS_BUILD_CONFIG_HAVE_SSL /* * Read the key with the given id from the given engine and store it * in the given ldns_key structure. The algorithm type is set @@ -235,9 +236,9 @@ * \return NULL on failure otherwise a RSA structure / RSA ldns_key_new_frm_fp_rsa(FILE fp); -#endif / HAVE_SSL / +#endif / LDNS_BUILD_CONFIG_HAVE_SSL / -#ifdef HAVE_SSL +#if LDNS_BUILD_CONFIG_HAVE_SSL /* * frm_fp helper function. This function parses the * remainder of the (RSA) priv. key file generated from bind9 @@ -246,9 +247,9 @@ * \return NULL on failure otherwise a RSA structure / RSA ldns_key_new_frm_fp_rsa_l(FILE fp, int line_nr); -#endif /* HAVE_SSL / +#endif / LDNS_BUILD_CONFIG_HAVE_SSL / -#ifdef HAVE_SSL +#if LDNS_BUILD_CONFIG_HAVE_SSL /* * frm_fp helper function. This function parses the * remainder of the (DSA) priv. key file @@ -256,9 +257,9 @@ * \return NULL on failure otherwise a RSA structure / DSA ldns_key_new_frm_fp_dsa(FILE fp); -#endif / HAVE_SSL / +#endif / LDNS_BUILD_CONFIG_HAVE_SSL / -#ifdef HAVE_SSL +#if LDNS_BUILD_CONFIG_HAVE_SSL /* * frm_fp helper function. This function parses the * remainder of the (DSA) priv. key file @@ -267,9 +268,9 @@ * \return NULL on failure otherwise a RSA structure / DSA ldns_key_new_frm_fp_dsa_l(FILE fp, int line_nr); -#endif /* HAVE_SSL / +#endif / LDNS_BUILD_CONFIG_HAVE_SSL / -#ifdef HAVE_SSL +#if LDNS_BUILD_CONFIG_HAVE_SSL /* * frm_fp helper function. This function parses the * remainder of the (HMAC-MD5) key file @@ -281,7 +282,7 @@ unsigned char ldns_key_new_frm_fp_hmac(FILE fp, size_t hmac_size); #endif -#ifdef HAVE_SSL +#if LDNS_BUILD_CONFIG_HAVE_SSL /* * frm_fp helper function. This function parses the * remainder of the (HMAC-MD5) key file @@ -292,7 +293,7 @@ * \return NULL on failure otherwise a newly allocated char buffer / unsigned char ldns_key_new_frm_fp_hmac_l(FILE fp, int line_nr, size_t hmac_size); -#endif / HAVE_SSL / +#endif / LDNS_BUILD_CONFIG_HAVE_SSL / / acces write functions / /* @@ -301,7 +302,7 @@ * \param[in] l the algorithm / void ldns_key_set_algorithm(ldns_key k, ldns_signing_algorithm l); -#ifdef HAVE_SSL +#if LDNS_BUILD_CONFIG_HAVE_SSL /** * Set the key's evp key * \param[in] k the key @@ -331,7 +332,7 @@ /** Release the engine reference held for the GOST engine. / void ldns_key_EVP_unload_gost(void); -#endif / HAVE_SSL / +#endif / LDNS_BUILD_CONFIG_HAVE_SSL / /* * Set the key's hmac data @@ -424,7 +425,7 @@ / ldns_key ldns_key_list_key(const ldns_key_list key, size_t nr); -#ifdef HAVE_SSL +#if LDNS_BUILD_CONFIG_HAVE_SSL /* * returns the (openssl) RSA struct contained in the key * \param[in] k the key to look in @@ -437,14 +438,14 @@ * \return the RSA * structure in the key / EVP_PKEY ldns_key_evp_key(const ldns_key k); -#endif / HAVE_SSL / +#endif / LDNS_BUILD_CONFIG_HAVE_SSL / /* * returns the (openssl) DSA struct contained in the key / -#ifdef HAVE_SSL +#if LDNS_BUILD_CONFIG_HAVE_SSL DSA ldns_key_dsa_key(const ldns_key k); -#endif / HAVE_SSL / +#endif / LDNS_BUILD_CONFIG_HAVE_SSL / /* * return the signing alg of the key
[-] [+]	Changed	ldns-1.6.10.tar.gz/ldns/net.h.in ^
@@ -20,7 +20,7 @@ extern "C" { #endif -#define LDNS_DEFAULT_TIMEOUT_SEC 2 +#define LDNS_DEFAULT_TIMEOUT_SEC 5 #define LDNS_DEFAULT_TIMEOUT_USEC 0 /**
[-] [+]	Changed	ldns-1.6.10.tar.gz/ldns/rr.h ^
@@ -176,6 +176,7 @@ LDNS_RR_TYPE_DHCID = 49, LDNS_RR_TYPE_NSEC3 = 50, + LDNS_RR_TYPE_NSEC3PARAM = 51, LDNS_RR_TYPE_NSEC3PARAMS = 51, /** draft-ietf-dnsop-trust-history */
[-] [+]	Changed	ldns-1.6.10.tar.gz/ldns/sha2.h ^
@@ -55,17 +55,14 @@ * Import u_intXX_t size_t type definitions from system headers. You * may need to change this, or define these things yourself in this * file. - * - * (include ldns/config.h so HAVE_INTTYPES is defined (or not, depending - * on the system)) / #include <sys/types.h> -#ifdef HAVE_INTTYPES_H +#if LDNS_BUILD_CONFIG_HAVE_INTTYPES_H #include <inttypes.h> -#endif / HAVE_INTTYPES_H / +#endif / LDNS_BUILD_CONFIG_HAVE_INTTYPES_H / / SHA-256/384/512 Various Length Definitions *********************/
[-] [+]	Changed	ldns-1.6.10.tar.gz/ldns/util.h.in ^
@@ -50,6 +50,8 @@ #define LDNS_XMALLOC(type, count) ((type ) malloc((count) sizeof(type))) +#define LDNS_CALLOC(type, count) ((type ) calloc((count), sizeof(type))) + #define LDNS_REALLOC(ptr, type) LDNS_XREALLOC((ptr), type, 1) #define LDNS_XREALLOC(ptr, type, count) \ @@ -269,6 +271,22 @@ time_t mktime_from_utc(const struct tm tm); /** + * The function interprets time as the number of seconds since epoch + * with respect to now using serial arithmitics (rfc1982). + * That number of seconds is then converted to broken-out time information. + * This is especially usefull when converting the inception and expiration + * fields of RRSIG records. + * + * \param[in] time number of seconds since epoch (midnight, January 1st, 1970) + * to be intepreted as a serial arithmitics number relative to now. + * \param[in] now number of seconds since epoch (midnight, January 1st, 1970) + * to which the time value is compared to determine the final value. + * \param[out] result the struct with the broken-out time information + * \return result on success or NULL on error + / +struct tm ldns_serial_arithmitics_gmtime_r(int32_t time, time_t now, struct tm result); + +/* * Seed the random function. * If the file descriptor is specified, the random generator is seeded with * data from that file. If not, /dev/urandom is used.
[-] [+]	Changed	ldns-1.6.10.tar.gz/ldns/zone.h ^
@@ -117,7 +117,8 @@ * * Due to the current zone implementation (as a list of rr's), this * function is extremely slow. Another (probably better) way to do this - * is to use an ldns_dnssec_zone structure and the mark_glue function + * is to use an ldns_dnssec_zone structure and the + * ldns_dnssec_mark_and_get_glue() function. * * \param[in] z the zone to look for glue * \return the rr_list with the glue
[-] [+]	Changed	ldns-1.6.10.tar.gz/ldns_symbols.def ^
@@ -85,6 +85,7 @@ ldns_dnssec_name_deep_free ldns_dnssec_name_find_rrset ldns_dnssec_name_free +ldns_dnssec_name_is_glue ldns_dnssec_name_name ldns_dnssec_name_new ldns_dnssec_name_new_frm_rr @@ -135,6 +136,7 @@ ldns_dnssec_zone_find_nsec3_original ldns_dnssec_zone_find_rrset ldns_dnssec_zone_free +ldns_dnssec_zone_mark_and_get_glue ldns_dnssec_zone_mark_glue ldns_dnssec_zone_names_print ldns_dnssec_zone_new @@ -618,6 +620,7 @@ ldns_rr_uncompressed_size ldns_send ldns_send_buffer +ldns_serial_arithmitics_gmtime_r ldns_set_bit ldns_sha1 ldns_sha1_final
[-] [+]	Changed	ldns-1.6.10.tar.gz/packaging/fedora/ldns.spec ^
@@ -7,7 +7,7 @@ Summary: Lowlevel DNS(SEC) library with API Name: ldns -Version: 1.6.9 +Version: 1.6.10 Release: 2%{?dist} License: BSD Url: http://www.nlnetlabs.nl/%{name}/
[-] [+]	Changed	ldns-1.6.10.tar.gz/parse.c ^
@@ -132,13 +132,15 @@ } } if (c != '\0' && c != '\n') { - t++ = c; i++; } if (limit > 0 && i >= limit) { t = '\0'; return -1; } + if (c != '\0' && c != '\n') { + t++ = c; + } if (c == '\\' && prev_c == '\\') prev_c = 0; else prev_c = c; @@ -302,12 +304,12 @@ } } - t++ = c; i++; if (limit > 0 && i >= limit) { t = '\0'; return -1; } + t++ = c; if (c == '\\' && lc == '\\') { lc = 0;
[-] [+]	Changed	ldns-1.6.10.tar.gz/rr.c ^
@@ -431,6 +431,16 @@ cur_hex_data_size = 0; while(cur_hex_data_size < 2 * hex_data_size) { c = ldns_bget_token(rd_buf, rd, delimiters, LDNS_MAX_RDFLEN); + if (c == -1) { + LDNS_FREE(hex_data_str); + LDNS_FREE(rd); + LDNS_FREE(b64); + ldns_buffer_free(rd_buf); + ldns_buffer_free(rr_buf); + LDNS_FREE(rdata); + ldns_rr_free(new); + return LDNS_STATUS_SYNTAX_RDATA_ERR; + } rd_strlen = strlen(rd); strncpy(hex_data_str + cur_hex_data_size, rd, rd_strlen); cur_hex_data_size += rd_strlen; @@ -1900,7 +1910,7 @@ LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT16, LDNS_RDF_TYPE_NSEC3_SALT, LDNS_RDF_TYPE_NSEC3_NEXT_OWNER, LDNS_RDF_TYPE_NSEC }; -static const ldns_rdf_type type_nsec3params_wireformat[] = { +static const ldns_rdf_type type_nsec3param_wireformat[] = { /* LDNS_RDF_TYPE_NSEC3_PARAMS_VARS/ LDNS_RDF_TYPE_INT8, LDNS_RDF_TYPE_INT8, @@ -2034,7 +2044,7 @@ / 50 / {LDNS_RR_TYPE_NSEC3, "NSEC3", 5, 6, type_nsec3_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, / 51 / -{LDNS_RR_TYPE_NSEC3PARAMS, "NSEC3PARAM", 4, 4, type_nsec3params_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, +{LDNS_RR_TYPE_NSEC3PARAM, "NSEC3PARAM", 4, 4, type_nsec3param_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, / 52 */ {LDNS_RR_TYPE_NULL, "TYPE52", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 }, {LDNS_RR_TYPE_NULL, "TYPE53", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
[-] [+]	Changed	ldns-1.6.10.tar.gz/util.c ^
@@ -241,6 +241,100 @@ return seconds; } +#if SIZEOF_TIME_T <= 4 + +static void +ldns_year_and_yday_from_days_since_epoch(int64_t days, struct tm result) +{ + int year = 1970; + int new_year; + + while (days < 0 \|\| days >= (int64_t) (is_leap_year(year) ? 366 : 365)) { + new_year = year + (int) (days / 366); + if (year == new_year) { + year += days < 0 ? -1 : 1; + } + days -= (new_year - year) 365; + days -= leap_days(year, new_year); + year = new_year; + } + result->tm_year = year; + result->tm_yday = (int) days; +} + +/* Number of days per month in a leap year. / +static const int leap_year_mdays[] = { + 31, 29, 31, 30, 31, 30, 31, 31, 30, 31, 30, 31 +}; + +static void +ldns_mon_and_mday_from_year_and_yday(struct tm result) +{ + int idays = result->tm_yday; + const int mon_lengths = is_leap_year(result->tm_year) ? + leap_year_mdays : mdays; + + result->tm_mon = 0; + while (idays >= mon_lengths[result->tm_mon]) { + idays -= mon_lengths[result->tm_mon++]; + } + result->tm_mday = idays + 1; +} + +static void +ldns_wday_from_year_and_yday(struct tm result) +{ + result->tm_wday = 4 /* 1-1-1970 was a thursday / + + ((result->tm_year - 1970) % 7) (365 % 7) + + leap_days(1970, result->tm_year) + + result->tm_yday; + result->tm_wday %= 7; + if (result->tm_wday < 0) { + result->tm_wday += 7; + } +} + +static struct tm * +ldns_gmtime64_r(int64_t clock, struct tm result) +{ + result->tm_isdst = 0; + result->tm_sec = (int) (clock % 60); + clock /= 60; + result->tm_min = (int) (clock % 60); + clock /= 60; + result->tm_hour = (int) (clock % 24); + clock /= 24; + + ldns_year_and_yday_from_days_since_epoch(clock, result); + ldns_mon_and_mday_from_year_and_yday(result); + ldns_wday_from_year_and_yday(result); + result->tm_year -= 1900; + + return result; +} + +#endif / SIZEOF_TIME_T <= 4 / + +static int64_t +ldns_serial_arithmitics_time(int32_t time, time_t now) +{ + int32_t offset = time - (int32_t) now; + return (int64_t) now + offset; +} + + +struct tm +ldns_serial_arithmitics_gmtime_r(int32_t time, time_t now, struct tm result) +{ +#if SIZEOF_TIME_T <= 4 + int64_t secs_since_epoch = ldns_serial_arithmitics_time(time, now); + return ldns_gmtime64_r(secs_since_epoch, result); +#else + time_t secs_since_epoch = ldns_serial_arithmitics_time(time, now); + return gmtime_r(&secs_since_epoch, result); +#endif +} + /* * Init the random source * applications should call this if they need entropy data within ldns
[-] [+]	Changed	ldns-1.6.10.tar.gz/zone.c ^
@@ -228,7 +228,8 @@ a = ldns_rr_list_rr(addr, j); dname_a = ldns_rr_owner(a); - if (ldns_dname_is_subdomain(dname_a, ns_owner)) { + if (ldns_dname_is_subdomain(dname_a, ns_owner) \|\| + ldns_dname_compare(dname_a, ns_owner) == 0) { /* GLUE! */ if (!ldns_rr_list_push_rr(glue, a)) goto memory_error; }
[-] [+]	Deleted	ldns-1.6.9.tar.gz/ldns/common.h ^
@@ -1,52 +0,0 @@ -/** - * \file common.h - * - * Common definitions for LDNS - / - -/* - * a Net::DNS like library for C - * - * (c) NLnet Labs, 2004-2006 - * - * See the file LICENSE for the license - / - -#ifndef LDNS_COMMON_H -#define LDNS_COMMON_H - -#if !defined(__cplusplus) && !defined(__bool_true_false_are_defined) - -#if defined(HAVE_STDBOOL_H) -#include <stdbool.h> -#else - -/@ignore@/ -/ splint barfs on this construct / -typedef unsigned int bool; -#define bool bool -#define false 0 -#define true 1 -#define __bool_true_false_are_defined 1 -/@end@/ - -#endif - -#endif - -#ifdef HAVE_ATTR_FORMAT -#define ATTR_FORMAT(archetype, string_index, first_to_check) \ - __attribute__ ((format (archetype, string_index, first_to_check))) -#else / !HAVE_ATTR_FORMAT / -#define ATTR_FORMAT(archetype, string_index, first_to_check) / empty / -#endif / !HAVE_ATTR_FORMAT / - -#if defined(__cplusplus) -#define ATTR_UNUSED(x) -#elif defined(HAVE_ATTR_UNUSED) -#define ATTR_UNUSED(x) x __attribute__((unused)) -#else / !HAVE_ATTR_UNUSED / -#define ATTR_UNUSED(x) x -#endif / !HAVE_ATTR_UNUSED / - -#endif / LDNS_COMMON_H */

Changes of Revision 2