Applied Bedrich Kosata's pyldns contributions and updated Changelog

diff --git a/Changelog b/Changelog
index 9692e56bdb2e1652d46c49e9c198ac18a8f282ac..e10024bd09cbb440f017acf0220241eeadbd7ff8 100644 (file)
--- a/Changelog
+++ b/Changelog
@@ -1,11 +1,31 @@
 1.6.10
        * New example tool added: ldns-gen-zone.
-       * Serial-arithmetic for the inception and expiration fields of a RRSIG
-         and correctly converting them to broken-out time information.
-       * Slight performance increase of ldns-verifyzone
-       * Fix to allow glue records with the same name as the delegation
-       * Fix ldns-verifyzone to allow NSEC3 less records for NS rrsets *and* 
+       * bugfix #359: Serial-arithmetic for the inception and expiration
+         fields of a RRSIG and correctly converting them to broken-out time
+         information.
+       * bugfix #364: Slight performance increase of ldns-verifyzone.
+       * bugfix #367: Fix to allow glue records with the same name as the
+         delegation.
+       * Fix ldns-verifyzone to allow NSEC3-less records for NS rrsets *and* 
          glue when the zone is opt-out.
+       * bugfix #376: Adapt ldns_nsec3_salt, ldns_nsec3_iterations, 
+         ldns_nsec3_flags and ldns_nsec3_algorithm to work for NSEC3PARAMS too.
+       * pyldns memory leaks fixed by Bedrich Kosata (at the cost of a bit
+         performance)
+       * Better handling of reference variables in ldns_rr_new_frm_fp_l from
+         pyldns, with a very nice generator function by Bedrich Kosata.
+       * Decoupling of the rdfs in rrs in the python wrappers to enable
+         the python garbage collector by Bedrich Kosata.
+       * bugfix #380: Minimizing effect of discrepancies in sizeof(bool) at
+         build time and when used.
+       * bugfix #383: Fix detection of empty nonterminals of multiple labels.
+       * Fixed the ommission of rrsets in nsec(3)s and rrsigs to all occluded
+         names (in stead of just the ones that contain glue only) and all
+         obscured records on the delegation points (in stead of just the glue).
+       * Clarify the operation of ldns_dnssec_mark_glue and the usage of
+         ldns_dnssec_node_next_nonglue functions in the documentation.
+       * Added function ldns_dnssec_mark_and_get_glue as an real fast
+         alternative for ldns_zone_glue_rr_list.
 
 1.6.9  2011-03-16
        * Fix creating NSEC(3) bitmaps: make array size 65536,

diff --git a/contrib/python/examples/ldns_rr_iter_frm_fp_l.demo.py b/contrib/python/examples/ldns_rr_iter_frm_fp_l.demo.py
new file mode 100644 (file)
index 0000000..e123f90
--- /dev/null
+++ b/contrib/python/examples/ldns_rr_iter_frm_fp_l.demo.py
@@ -0,0 +1,15 @@
+import ldns
+import sys
+
+if len(sys.argv) <= 1:
+    print "Usage: %s zone_file" % sys.argv[0]
+    sys.exit()
+
+inp = open(sys.argv[1],"r");
+for rr in ldns.ldns_rr_iter_frm_fp_l(inp):
+  print rr
+
+inp.close()
+
+    
+

diff --git a/contrib/python/examples/ldns_rr_new_frm_fp_l.demo.py b/contrib/python/examples/ldns_rr_new_frm_fp_l.demo.py
new file mode 100644 (file)
index 0000000..7099225
--- /dev/null
+++ b/contrib/python/examples/ldns_rr_new_frm_fp_l.demo.py
@@ -0,0 +1,43 @@
+import ldns
+import sys
+
+if len(sys.argv) <= 1:
+    print "Usage: %s zone_file" % sys.argv[0]
+    sys.exit()
+
+inp = open(sys.argv[1],"r");
+# variables that preserve the parsers state
+my_ttl = 3600;
+my_origin = None
+my_prev = None
+# additional state variables
+last_pos = 0
+line_nr = 0
+
+while True:
+    ret = ldns.ldns_rr_new_frm_fp_l_(inp, my_ttl, my_origin, my_prev)
+    s, rr, line_inc, new_ttl, new_origin, new_prev = ret  # unpack the result
+    line_nr += line_inc # increase number of parsed lines
+    my_prev = new_prev  # update ref to previous owner
+
+    if s == ldns.LDNS_STATUS_SYNTAX_TTL:
+        my_ttl = new_ttl  # update default TTL
+        print "$TTL:", my_ttl
+    elif s == ldns.LDNS_STATUS_SYNTAX_ORIGIN:
+        my_origin = new_origin  # update reference to origin
+        print "$ORIGIN:", my_origin
+    elif s == ldns.LDNS_STATUS_SYNTAX_EMPTY:
+        if last_pos == inp.tell():
+            break  # no advance since last read - EOF
+        last_pos = inp.tell()
+    elif s != ldns.LDNS_STATUS_OK:
+       print "! parse error in line", line_nr
+    else:
+        # we are sure to have LDNS_STATUS_OK
+        print rr
+
+inp.close()
+print "--------------------"
+print "Read %d lines" % line_nr
+    
+

diff --git a/contrib/python/ldns.i b/contrib/python/ldns.i
index 1931aaa930532c6e8a792a8653da5db150a159ee..c32de5ab2cf7923f0eb427dc3c754973ff1f5449 100644 (file)
--- a/contrib/python/ldns.i
+++ b/contrib/python/ldns.i
@@ -147,6 +147,14 @@ typedef struct ldns_dnssec_zone { };
  {
    PyObject* tuple;
 
+   /*  origin and prev have to be cloned in order to decouple the data
+    *  from the python wrapper
+    */
+   if (origin != NULL)
+       origin = ldns_rdf_clone(origin);
+   if (prev != NULL)
+       prev = ldns_rdf_clone(prev);
+
    ldns_rdf *p_prev = prev;
    ldns_rdf **pp_prev = &p_prev;
    if (p_prev == 0) pp_prev = 0;
@@ -167,7 +175,7 @@ typedef struct ldns_dnssec_zone { };
    return tuple;
  }
 
- PyObject* ldns_rr_new_frm_fp_l_(FILE *fp, uint32_t default_ttl,  ldns_rdf* origin,  ldns_rdf* prev, int ret_linenr) 
+ PyObject* ldns_rr_new_frm_fp_l_(FILE *fp, uint32_t default_ttl,  ldns_rdf* origin,  ldns_rdf* prev) 
  //returns tuple (status, ldns_rr, [line if ret_linenr], ttl, origin, prev)
  {
    int linenr = 0;
@@ -177,13 +185,21 @@ typedef struct ldns_dnssec_zone { };
    uint32_t *p_defttl = &defttl;
    if (defttl == 0) p_defttl = 0;
 
+   /*  origin and prev have to be cloned in order to decouple the data
+    *  from the python wrapper
+    */
+   if (origin != NULL)
+       origin = ldns_rdf_clone(origin);
+   if (prev != NULL)
+       prev = ldns_rdf_clone(prev);
+
    ldns_rdf *p_origin = origin;
    ldns_rdf **pp_origin = &p_origin;
-   if (p_origin == 0) pp_origin = 0;
+   //if (p_origin == 0) pp_origin = 0;
 
    ldns_rdf *p_prev = prev;
    ldns_rdf **pp_prev = &p_prev;
-   if (p_prev == 0) pp_prev = 0;
+   //if (p_prev == 0) pp_prev = 0;
 
    ldns_rr *p_rr = 0;
    ldns_rr **pp_rr = &p_rr;
@@ -191,7 +207,7 @@ typedef struct ldns_dnssec_zone { };
    ldns_status st = ldns_rr_new_frm_fp_l(pp_rr, fp, p_defttl, pp_origin, pp_prev, p_linenr);
 
    PyObject* tuple;
-   tuple = PyTuple_New(ret_linenr ? 6 : 5);
+   tuple = PyTuple_New(6);
    int idx = 0;
    PyTuple_SetItem(tuple, idx, SWIG_From_int(st)); 
    idx++;
@@ -199,27 +215,30 @@ typedef struct ldns_dnssec_zone { };
                              SWIG_NewPointerObj(SWIG_as_voidptr(p_rr), SWIGTYPE_p_ldns_struct_rr, SWIG_POINTER_OWN |  0 ) : 
                   (Py_INCREF(Py_None), Py_None));
    idx++;
-   if (ret_linenr) {
-      PyTuple_SetItem(tuple, idx, SWIG_From_int(linenr));
-      idx++;
-   }
-   PyTuple_SetItem(tuple, idx, (defttl != default_ttl) ? SWIG_From_int(defttl) : (Py_INCREF(Py_None), Py_None));
+   PyTuple_SetItem(tuple, idx, SWIG_From_int(linenr));
    idx++;
-   PyTuple_SetItem(tuple, idx, (p_origin != origin) ? 
-                             SWIG_NewPointerObj(SWIG_as_voidptr(p_origin), SWIGTYPE_p_ldns_struct_rdf, SWIG_POINTER_OWN |  0 ) :
-                  (Py_INCREF(Py_None), Py_None));
+   PyTuple_SetItem(tuple, idx, SWIG_From_int(defttl));
    idx++;
-   PyTuple_SetItem(tuple, idx, (p_prev != prev) ? 
-                             SWIG_NewPointerObj(SWIG_as_voidptr(p_prev), SWIGTYPE_p_ldns_struct_rdf, SWIG_POINTER_OWN |  0 ) :
-                  (Py_INCREF(Py_None), Py_None));
+   PyTuple_SetItem(tuple, idx, SWIG_NewPointerObj(SWIG_as_voidptr(p_origin), SWIGTYPE_p_ldns_struct_rdf, SWIG_POINTER_OWN |  0 ));
+   idx++;
+   PyTuple_SetItem(tuple, idx, SWIG_NewPointerObj(SWIG_as_voidptr(p_prev), SWIGTYPE_p_ldns_struct_rdf, SWIG_POINTER_OWN |  0 ));
    return tuple;
  }
 
- PyObject* ldns_rr_new_question_frm_str_(const char *str, ldns_rdf* origin, ldns_rdf* prev) 
+
+PyObject* ldns_rr_new_question_frm_str_(const char *str, ldns_rdf* origin, ldns_rdf* prev) 
  //returns tuple (status, ldns_rr, prev)
  {
    PyObject* tuple;
 
+   /*  origin and prev have to be cloned in order to decouple the data
+    *  from the python wrapper
+    */
+   if (origin != NULL)
+       origin = ldns_rdf_clone(origin);
+   if (prev != NULL)
+       prev = ldns_rdf_clone(prev);
+
    ldns_rdf *p_prev = prev;
    ldns_rdf **pp_prev = &p_prev;
    if (p_prev == 0) pp_prev = 0;
@@ -291,4 +310,36 @@ def ldns_fetch_valid_domain_keys(res, domain, keys):
 
 def ldns_wire2pkt(data):
     return _ldns.ldns_wire2pkt_(data)
+
+def ldns_rr_iter_frm_fp_l(input_file):
+    """Creates an iterator (generator) that returns individual parsed
+    RRs from an open zone file."""
+    # variables that preserve the parsers state
+    my_ttl = 0;
+    my_origin = None
+    my_prev = None
+    # additional state variables
+    last_pos = 0
+    line_nr = 0
+
+    while True:
+        ret = _ldns.ldns_rr_new_frm_fp_l_(input_file, my_ttl, my_origin, my_prev)
+        s, rr, line_inc, new_ttl, new_origin, new_prev = ret  # unpack the result
+        line_nr += line_inc # increase number of parsed lines
+        my_prev = new_prev  # update ref to previous owner
+
+        if s == _ldns.LDNS_STATUS_SYNTAX_TTL:
+            my_ttl = new_ttl  # update default TTL
+        elif s == _ldns.LDNS_STATUS_SYNTAX_ORIGIN:
+            my_origin = new_origin  # update reference to origin
+        elif s == _ldns.LDNS_STATUS_SYNTAX_EMPTY:
+            if last_pos == input_file.tell():
+                break  # no advance since last read - EOF
+            last_pos = input_file.tell()
+        elif s != _ldns.LDNS_STATUS_OK:
+            raise ValueError("Parse error in line %d" % line_nr)
+        else:
+            # we are sure to have LDNS_STATUS_OK
+            yield rr
+
 %}

diff --git a/contrib/python/ldns_rr.i b/contrib/python/ldns_rr.i
index c3967e0e895f4c1238ff2a3b065e0bd60e5553e2..1a9f3f1c21bb486e477f3f4d5a4b37469302f5ba 100644 (file)
--- a/contrib/python/ldns_rr.i
+++ b/contrib/python/ldns_rr.i
@@ -71,6 +71,299 @@ void _ldns_rr_free (ldns_rr* r) {
 %newobject ldns_rr_class2str;
 %newobject ldns_read_anchor_file;
 
+
+// clone rdf data on pull
+
+%newobject _ldns_rr_rdf;
+%rename(__ldns_rr_rdf) ldns_rr_rdf;
+%inline %{
+ldns_rdf* _ldns_rr_rdf(ldns_rr* rr, size_t i) {
+   return ldns_rdf_clone(ldns_rr_rdf(rr, i));
+}
+%}
+
+%newobject _ldns_rr_rrsig_algorithm;
+%rename(__ldns_rr_rrsig_algorithm) ldns_rr_rrsig_algorithm;
+%inline %{
+ldns_rdf* _ldns_rr_rrsig_algorithm(ldns_rr* rr) {
+   return ldns_rdf_clone(ldns_rr_rrsig_algorithm(rr));
+}
+%}
+
+%newobject _ldns_rr_dnskey_algorithm;
+%rename(__ldns_rr_dnskey_algorithm) ldns_rr_dnskey_algorithm;
+%inline %{
+ldns_rdf* _ldns_rr_dnskey_algorithm(ldns_rr* rr) {
+   return ldns_rdf_clone(ldns_rr_dnskey_algorithm(rr));
+}
+%}
+
+%newobject _ldns_rr_dnskey_flags;
+%rename(__ldns_rr_dnskey_flags) ldns_rr_dnskey_flags;
+%inline %{
+ldns_rdf* _ldns_rr_dnskey_flags(ldns_rr* rr) {
+   return ldns_rdf_clone(ldns_rr_dnskey_flags(rr));
+}
+%}
+
+%newobject _ldns_rr_dnskey_key;
+%rename(__ldns_rr_dnskey_key) ldns_rr_dnskey_key;
+%inline %{
+ldns_rdf* _ldns_rr_dnskey_key(ldns_rr* rr) {
+   return ldns_rdf_clone(ldns_rr_dnskey_key(rr));
+}
+%}
+
+%newobject _ldns_rr_dnskey_protocol;
+%rename(__ldns_rr_dnskey_protocol) ldns_rr_dnskey_protocol;
+%inline %{
+ldns_rdf* _ldns_rr_dnskey_protocol(ldns_rr* rr) {
+   return ldns_rdf_clone(ldns_rr_dnskey_protocol(rr));
+}
+%}
+
+
+%newobject _ldns_rr_owner;
+%rename(__ldns_rr_owner) ldns_rr_owner;
+%inline %{
+ldns_rdf* _ldns_rr_owner(ldns_rr* rr) {
+   return ldns_rdf_clone(ldns_rr_owner(rr));
+}
+%}
+
+
+%newobject _ldns_rr_a_address;
+%rename(__ldns_rr_a_address) ldns_rr_a_address;
+%inline %{
+ldns_rdf* _ldns_rr_a_address(ldns_rr* rr) {
+   return ldns_rdf_clone(ldns_rr_a_address(rr));
+}
+%}
+
+
+%newobject _ldns_rr_mx_exchange;
+%rename(__ldns_rr_mx_exchange) ldns_rr_mx_exchange;
+%inline %{
+ldns_rdf* _ldns_rr_mx_exchange(ldns_rr* rr) {
+   return ldns_rdf_clone(ldns_rr_mx_exchange(rr));
+}
+%}
+
+
+%newobject _ldns_rr_mx_preference;
+%rename(__ldns_rr_mx_preference) ldns_rr_mx_preference;
+%inline %{
+ldns_rdf* _ldns_rr_mx_preference(ldns_rr* rr) {
+   return ldns_rdf_clone(ldns_rr_mx_preference(rr));
+}
+%}
+
+
+%newobject _ldns_rr_ns_nsdname;
+%rename(__ldns_rr_ns_nsdname) ldns_rr_ns_nsdname;
+%inline %{
+ldns_rdf* _ldns_rr_ns_nsdname(ldns_rr* rr) {
+   return ldns_rdf_clone(ldns_rr_ns_nsdname(rr));
+}
+%}
+
+
+%newobject _ldns_rr_rrsig_expiration;
+%rename(__ldns_rr_rrsig_expiration) ldns_rr_rrsig_expiration;
+%inline %{
+ldns_rdf* _ldns_rr_rrsig_expiration(ldns_rr* rr) {
+   return ldns_rdf_clone(ldns_rr_rrsig_expiration(rr));
+}
+%}
+
+
+%newobject _ldns_rr_rrsig_inception;
+%rename(__ldns_rr_rrsig_inception) ldns_rr_rrsig_inception;
+%inline %{
+ldns_rdf* _ldns_rr_rrsig_inception(ldns_rr* rr) {
+   return ldns_rdf_clone(ldns_rr_rrsig_inception(rr));
+}
+%}
+
+
+%newobject _ldns_rr_rrsig_keytag;
+%rename(__ldns_rr_rrsig_keytag) ldns_rr_rrsig_keytag;
+%inline %{
+ldns_rdf* _ldns_rr_rrsig_keytag(ldns_rr* rr) {
+   return ldns_rdf_clone(ldns_rr_rrsig_keytag(rr));
+}
+%}
+
+
+%newobject _ldns_rr_rrsig_labels;
+%rename(__ldns_rr_rrsig_labels) ldns_rr_rrsig_labels;
+%inline %{
+ldns_rdf* _ldns_rr_rrsig_labels(ldns_rr* rr) {
+   return ldns_rdf_clone(ldns_rr_rrsig_labels(rr));
+}
+%}
+
+
+%newobject _ldns_rr_rrsig_origttl;
+%rename(__ldns_rr_rrsig_origttl) ldns_rr_rrsig_origttl;
+%inline %{
+ldns_rdf* _ldns_rr_rrsig_origttl(ldns_rr* rr) {
+   return ldns_rdf_clone(ldns_rr_rrsig_origttl(rr));
+}
+%}
+
+
+%newobject _ldns_rr_rrsig_sig;
+%rename(__ldns_rr_rrsig_sig) ldns_rr_rrsig_sig;
+%inline %{
+ldns_rdf* _ldns_rr_rrsig_sig(ldns_rr* rr) {
+   return ldns_rdf_clone(ldns_rr_rrsig_sig(rr));
+}
+%}
+
+
+%newobject _ldns_rr_rrsig_signame;
+%rename(__ldns_rr_rrsig_signame) ldns_rr_rrsig_signame;
+%inline %{
+ldns_rdf* _ldns_rr_rrsig_signame(ldns_rr* rr) {
+   return ldns_rdf_clone(ldns_rr_rrsig_signame(rr));
+}
+%}
+
+
+%newobject _ldns_rr_rrsig_typecovered;
+%rename(__ldns_rr_rrsig_typecovered) ldns_rr_rrsig_typecovered;
+%inline %{
+ldns_rdf* _ldns_rr_rrsig_typecovered(ldns_rr* rr) {
+   return ldns_rdf_clone(ldns_rr_rrsig_typecovered(rr));
+}
+%}
+
+// end of pull cloning
+
+// clone rdf data on push
+
+%rename(__ldns_rr_a_set_address) ldns_rr_a_set_address;
+%inline %{
+bool _ldns_rr_a_set_address(ldns_rr* rr, ldns_rdf* rdf) {
+  return ldns_rr_a_set_address(rr, ldns_rdf_clone(rdf));
+}
+%}
+
+%rename(__ldns_rr_dnskey_set_algorithm) ldns_rr_dnskey_set_algorithm;
+%inline %{
+bool _ldns_rr_dnskey_set_algorithm(ldns_rr* rr, ldns_rdf* rdf) {
+  return ldns_rr_dnskey_set_algorithm(rr, ldns_rdf_clone(rdf));
+}
+%}
+
+%rename(__ldns_rr_dnskey_set_flags) ldns_rr_dnskey_set_flags;
+%inline %{
+bool _ldns_rr_dnskey_set_flags(ldns_rr* rr, ldns_rdf* rdf) {
+  return ldns_rr_dnskey_set_flags(rr, ldns_rdf_clone(rdf));
+}
+%}
+
+%rename(__ldns_rr_dnskey_set_key) ldns_rr_dnskey_set_key;
+%inline %{
+bool _ldns_rr_dnskey_set_key(ldns_rr* rr, ldns_rdf* rdf) {
+  return ldns_rr_dnskey_set_key(rr, ldns_rdf_clone(rdf));
+}
+%}
+
+%rename(__ldns_rr_dnskey_set_protocol) ldns_rr_dnskey_set_protocol;
+%inline %{
+bool _ldns_rr_dnskey_set_protocol(ldns_rr* rr, ldns_rdf* rdf) {
+  return ldns_rr_dnskey_set_protocol(rr, ldns_rdf_clone(rdf));
+}
+%}
+
+%rename(__ldns_rr_push_rdf) ldns_rr_push_rdf;
+%inline %{
+bool _ldns_rr_push_rdf(ldns_rr* rr, ldns_rdf* rdf) {
+  return ldns_rr_push_rdf(rr, ldns_rdf_clone(rdf));
+}
+%}
+
+%rename(__ldns_rr_rrsig_set_algorithm) ldns_rr_rrsig_set_algorithm;
+%inline %{
+bool _ldns_rr_rrsig_set_algorithm(ldns_rr* rr, ldns_rdf* rdf) {
+  return ldns_rr_rrsig_set_algorithm(rr, ldns_rdf_clone(rdf));
+}
+%}
+
+%rename(__ldns_rr_rrsig_set_expiration) ldns_rr_rrsig_set_expiration;
+%inline %{
+bool _ldns_rr_rrsig_set_expiration(ldns_rr* rr, ldns_rdf* rdf) {
+  return ldns_rr_rrsig_set_expiration(rr, ldns_rdf_clone(rdf));
+}
+%}
+
+%rename(__ldns_rr_rrsig_set_inception) ldns_rr_rrsig_set_inception;
+%inline %{
+bool _ldns_rr_rrsig_set_inception(ldns_rr* rr, ldns_rdf* rdf) {
+  return ldns_rr_rrsig_set_inception(rr, ldns_rdf_clone(rdf));
+}
+%}
+
+%rename(__ldns_rr_rrsig_set_keytag) ldns_rr_rrsig_set_keytag;
+%inline %{
+bool _ldns_rr_rrsig_set_keytag(ldns_rr* rr, ldns_rdf* rdf) {
+  return ldns_rr_rrsig_set_keytag(rr, ldns_rdf_clone(rdf));
+}
+%}
+
+%rename(__ldns_rr_rrsig_set_labels) ldns_rr_rrsig_set_labels;
+%inline %{
+bool _ldns_rr_rrsig_set_labels(ldns_rr* rr, ldns_rdf* rdf) {
+  return ldns_rr_rrsig_set_labels(rr, ldns_rdf_clone(rdf));
+}
+%}
+
+%rename(__ldns_rr_rrsig_set_origttl) ldns_rr_rrsig_set_origttl;
+%inline %{
+bool _ldns_rr_rrsig_set_origttl(ldns_rr* rr, ldns_rdf* rdf) {
+  return ldns_rr_rrsig_set_origttl(rr, ldns_rdf_clone(rdf));
+}
+%}
+
+%rename(__ldns_rr_rrsig_set_sig) ldns_rr_rrsig_set_sig;
+%inline %{
+bool _ldns_rr_rrsig_set_sig(ldns_rr* rr, ldns_rdf* rdf) {
+  return ldns_rr_rrsig_set_sig(rr, ldns_rdf_clone(rdf));
+}
+%}
+
+%rename(__ldns_rr_rrsig_set_signame) ldns_rr_rrsig_set_signame;
+%inline %{
+bool _ldns_rr_rrsig_set_signame(ldns_rr* rr, ldns_rdf* rdf) {
+  return ldns_rr_rrsig_set_signame(rr, ldns_rdf_clone(rdf));
+}
+%}
+
+%rename(__ldns_rr_rrsig_set_typecovered) ldns_rr_rrsig_set_typecovered;
+%inline %{
+bool _ldns_rr_rrsig_set_typecovered(ldns_rr* rr, ldns_rdf* rdf) {
+  return ldns_rr_rrsig_set_typecovered(rr, ldns_rdf_clone(rdf));
+}
+%}
+
+%rename(__ldns_rr_set_owner) ldns_rr_set_owner;
+%inline %{
+void _ldns_rr_set_owner(ldns_rr* rr, ldns_rdf* rdf) {
+  return ldns_rr_set_owner(rr, ldns_rdf_clone(rdf));
+}
+%}
+
+%rename(__ldns_rr_set_rdf) ldns_rr_set_rdf;
+%inline %{
+  ldns_rdf* _ldns_rr_set_rdf(ldns_rr* rr, ldns_rdf* rdf, size_t pos) {
+  return ldns_rr_set_rdf(rr, ldns_rdf_clone(rdf), pos);
+}
+%}
+
+// end of push cloning
+
 %rename(_ldns_rr_new_frm_str) ldns_rr_new_frm_str;
 %rename(_ldns_rr_new_frm_fp_l) ldns_rr_new_frm_fp_l;
 %rename(_ldns_rr_new_frm_fp) ldns_rr_new_frm_fp;
@@ -228,18 +521,6 @@ The RR is the basic DNS element that contains actual data. This class allows to
             for i in range(0,self.rd_count()):
                 yield self.rdf(i)
 
-        def get_function(self,rtype,pos):
-            """return a specific rdf"""
-            return _ldns.ldns_rr_function(rtype,self,pos)
-            #parameters: ldns_rr_type,const ldns_rr *,size_t,
-            #retvals: ldns_rdf *
-
-        def set_function(self,rtype,rdf,pos):
-            """set a specific rdf"""
-            return _ldns.ldns_rr_set_function(rtype,self,rdf,pos)
-            #parameters: ldns_rr_type,ldns_rr *,ldns_rdf *,size_t,
-            #retvals: bool
-
         def print_to_file(self,output):
             """Prints the data in the resource record to the given file stream (in presentation format)."""
             _ldns.ldns_rr_print(output,self)
@@ -314,7 +595,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                
                :returns: (ldns_rdf \*) a ldns_rdf* with the address or NULL on failure
             """
-            return _ldns.ldns_rr_a_address(self)
+            return _ldns._ldns_rr_a_address(self)
             #parameters: const ldns_rr *,
             #retvals: ldns_rdf *
 
@@ -325,7 +606,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                    the address to set
                :returns: (bool) true on success, false otherwise
             """
-            return _ldns.ldns_rr_a_set_address(self,f)
+            return _ldns._ldns_rr_a_set_address(self,f)
             #parameters: ldns_rr *,ldns_rdf *,
             #retvals: bool
 
@@ -367,7 +648,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                
                :returns: (ldns_rdf \*) a ldns_rdf* with the algorithm or NULL on failure
             """
-            return _ldns.ldns_rr_dnskey_algorithm(self)
+            return _ldns._ldns_rr_dnskey_algorithm(self)
             #parameters: const ldns_rr *,
             #retvals: ldns_rdf *
 
@@ -376,7 +657,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                
                :returns: (ldns_rdf \*) a ldns_rdf* with the flags or NULL on failure
             """
-            return _ldns.ldns_rr_dnskey_flags(self)
+            return _ldns._ldns_rr_dnskey_flags(self)
             #parameters: const ldns_rr *,
             #retvals: ldns_rdf *
 
@@ -385,7 +666,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                
                :returns: (ldns_rdf \*) a ldns_rdf* with the key data or NULL on failure
             """
-            return _ldns.ldns_rr_dnskey_key(self)
+            return _ldns._ldns_rr_dnskey_key(self)
             #parameters: const ldns_rr *,
             #retvals: ldns_rdf *
 
@@ -403,7 +684,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                
                :returns: (ldns_rdf \*) a ldns_rdf* with the protocol or NULL on failure
             """
-            return _ldns.ldns_rr_dnskey_protocol(self)
+            return _ldns._ldns_rr_dnskey_protocol(self)
             #parameters: const ldns_rr *,
             #retvals: ldns_rdf *
 
@@ -414,7 +695,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                    the algorithm to set
                :returns: (bool) true on success, false otherwise
             """
-            return _ldns.ldns_rr_dnskey_set_algorithm(self,f)
+            return _ldns._ldns_rr_dnskey_set_algorithm(self,f)
             #parameters: ldns_rr *,ldns_rdf *,
             #retvals: bool
 
@@ -425,7 +706,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                    the flags to set
                :returns: (bool) true on success, false otherwise
             """
-            return _ldns.ldns_rr_dnskey_set_flags(self,f)
+            return _ldns._ldns_rr_dnskey_set_flags(self,f)
             #parameters: ldns_rr *,ldns_rdf *,
             #retvals: bool
 
@@ -436,7 +717,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                    the key data to set
                :returns: (bool) true on success, false otherwise
             """
-            return _ldns.ldns_rr_dnskey_set_key(self,f)
+            return _ldns._ldns_rr_dnskey_set_key(self,f)
             #parameters: ldns_rr *,ldns_rdf *,
             #retvals: bool
 
@@ -447,7 +728,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                    the protocol to set
                :returns: (bool) true on success, false otherwise
             """
-            return _ldns.ldns_rr_dnskey_set_protocol(self,f)
+            return _ldns._ldns_rr_dnskey_set_protocol(self,f)
             #parameters: ldns_rr *,ldns_rdf *,
             #retvals: bool
 
@@ -483,7 +764,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                
                :returns: (ldns_rdf \*) a ldns_rdf* with the name of the MX host or NULL on failure
             """
-            return _ldns.ldns_rr_mx_exchange(self)
+            return _ldns._ldns_rr_mx_exchange(self)
             #parameters: const ldns_rr *,
             #retvals: ldns_rdf *
 
@@ -494,7 +775,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                
                :returns: (ldns_rdf \*) a ldns_rdf* with the preference or NULL on failure
             """
-            return _ldns.ldns_rr_mx_preference(self)
+            return _ldns._ldns_rr_mx_preference(self)
             #parameters: const ldns_rr *,
             #retvals: ldns_rdf *
 
@@ -503,7 +784,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                
                :returns: (ldns_rdf \*) a ldns_rdf* with the name or NULL on failure
             """
-            return _ldns.ldns_rr_ns_nsdname(self)
+            return _ldns._ldns_rr_ns_nsdname(self)
             #parameters: const ldns_rr *,
             #retvals: ldns_rdf *
 
@@ -512,7 +793,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                
                :returns: (ldns_rdf \*) ldns_rdf *
             """
-            return _ldns.ldns_rr_owner(self)
+            return _ldns._ldns_rr_owner(self)
             #parameters: const ldns_rr *,
             #retvals: ldns_rdf *
 
@@ -531,7 +812,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                :param f:
                :returns: (bool) bool
             """
-            return _ldns.ldns_rr_push_rdf(self,f)
+            return _ldns._ldns_rr_push_rdf(self,f)
             #parameters: ldns_rr *,const ldns_rdf *,
             #retvals: bool
 
@@ -551,7 +832,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                    the number of the rdf to return
                :returns: (ldns_rdf \*) ldns_rdf *
             """
-            return _ldns.ldns_rr_rdf(self,nr)
+            return _ldns._ldns_rr_rdf(self,nr)
             #parameters: const ldns_rr *,size_t,
             #retvals: ldns_rdf *
 
@@ -560,7 +841,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                
                :returns: (ldns_rdf \*) a ldns_rdf* with the algorithm or NULL on failure
             """
-            return _ldns.ldns_rr_rrsig_algorithm(self)
+            return _ldns._ldns_rr_rrsig_algorithm(self)
             #parameters: const ldns_rr *,
             #retvals: ldns_rdf *
 
@@ -569,7 +850,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                
                :returns: (ldns_rdf \*) a ldns_rdf* with the expiration time or NULL on failure
             """
-            return _ldns.ldns_rr_rrsig_expiration(self)
+            return _ldns._ldns_rr_rrsig_expiration(self)
             #parameters: const ldns_rr *,
             #retvals: ldns_rdf *
 
@@ -578,7 +859,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                
                :returns: (ldns_rdf \*) a ldns_rdf* with the inception time or NULL on failure
             """
-            return _ldns.ldns_rr_rrsig_inception(self)
+            return _ldns._ldns_rr_rrsig_inception(self)
             #parameters: const ldns_rr *,
             #retvals: ldns_rdf *
 
@@ -587,7 +868,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                
                :returns: (ldns_rdf \*) a ldns_rdf* with the keytag or NULL on failure
             """
-            return _ldns.ldns_rr_rrsig_keytag(self)
+            return _ldns._ldns_rr_rrsig_keytag(self)
             #parameters: const ldns_rr *,
             #retvals: ldns_rdf *
 
@@ -596,7 +877,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                
                :returns: (ldns_rdf \*) a ldns_rdf* with the number of labels or NULL on failure
             """
-            return _ldns.ldns_rr_rrsig_labels(self)
+            return _ldns._ldns_rr_rrsig_labels(self)
             #parameters: const ldns_rr *,
             #retvals: ldns_rdf *
 
@@ -605,7 +886,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                
                :returns: (ldns_rdf \*) a ldns_rdf* with the original TTL or NULL on failure
             """
-            return _ldns.ldns_rr_rrsig_origttl(self)
+            return _ldns._ldns_rr_rrsig_origttl(self)
             #parameters: const ldns_rr *,
             #retvals: ldns_rdf *
 
@@ -616,7 +897,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                    the algorithm to set
                :returns: (bool) true on success, false otherwise
             """
-            return _ldns.ldns_rr_rrsig_set_algorithm(self,f)
+            return _ldns._ldns_rr_rrsig_set_algorithm(self,f)
             #parameters: ldns_rr *,ldns_rdf *,
             #retvals: bool
 
@@ -627,7 +908,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                    the expireation date to set
                :returns: (bool) true on success, false otherwise
             """
-            return _ldns.ldns_rr_rrsig_set_expiration(self,f)
+            return _ldns._ldns_rr_rrsig_set_expiration(self,f)
             #parameters: ldns_rr *,ldns_rdf *,
             #retvals: bool
 
@@ -638,7 +919,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                    the inception date to set
                :returns: (bool) true on success, false otherwise
             """
-            return _ldns.ldns_rr_rrsig_set_inception(self,f)
+            return _ldns._ldns_rr_rrsig_set_inception(self,f)
             #parameters: ldns_rr *,ldns_rdf *,
             #retvals: bool
 
@@ -649,7 +930,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                    the keytag to set
                :returns: (bool) true on success, false otherwise
             """
-            return _ldns.ldns_rr_rrsig_set_keytag(self,f)
+            return _ldns._ldns_rr_rrsig_set_keytag(self,f)
             #parameters: ldns_rr *,ldns_rdf *,
             #retvals: bool
 
@@ -660,7 +941,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                    the number of labels to set
                :returns: (bool) true on success, false otherwise
             """
-            return _ldns.ldns_rr_rrsig_set_labels(self,f)
+            return _ldns._ldns_rr_rrsig_set_labels(self,f)
             #parameters: ldns_rr *,ldns_rdf *,
             #retvals: bool
 
@@ -671,7 +952,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                    the original TTL to set
                :returns: (bool) true on success, false otherwise
             """
-            return _ldns.ldns_rr_rrsig_set_origttl(self,f)
+            return _ldns._ldns_rr_rrsig_set_origttl(self,f)
             #parameters: ldns_rr *,ldns_rdf *,
             #retvals: bool
 
@@ -682,7 +963,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                    the signature data to set
                :returns: (bool) true on success, false otherwise
             """
-            return _ldns.ldns_rr_rrsig_set_sig(self,f)
+            return _ldns._ldns_rr_rrsig_set_sig(self,f)
             #parameters: ldns_rr *,ldns_rdf *,
             #retvals: bool
 
@@ -693,7 +974,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                    the signers name to set
                :returns: (bool) true on success, false otherwise
             """
-            return _ldns.ldns_rr_rrsig_set_signame(self,f)
+            return _ldns._ldns_rr_rrsig_set_signame(self,f)
             #parameters: ldns_rr *,ldns_rdf *,
             #retvals: bool
 
@@ -704,7 +985,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                    the typecovered to set
                :returns: (bool) true on success, false otherwise
             """
-            return _ldns.ldns_rr_rrsig_set_typecovered(self,f)
+            return _ldns._ldns_rr_rrsig_set_typecovered(self,f)
             #parameters: ldns_rr *,ldns_rdf *,
             #retvals: bool
 
@@ -713,7 +994,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                
                :returns: (ldns_rdf \*) a ldns_rdf* with the signature data or NULL on failure
             """
-            return _ldns.ldns_rr_rrsig_sig(self)
+            return _ldns._ldns_rr_rrsig_sig(self)
             #parameters: const ldns_rr *,
             #retvals: ldns_rdf *
 
@@ -722,7 +1003,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                
                :returns: (ldns_rdf \*) a ldns_rdf* with the signers name or NULL on failure
             """
-            return _ldns.ldns_rr_rrsig_signame(self)
+            return _ldns._ldns_rr_rrsig_signame(self)
             #parameters: const ldns_rr *,
             #retvals: ldns_rdf *
 
@@ -731,7 +1012,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                
                :returns: (ldns_rdf \*) a ldns_rdf* with the type covered or NULL on failure
             """
-            return _ldns.ldns_rr_rrsig_typecovered(self)
+            return _ldns._ldns_rr_rrsig_typecovered(self)
             #parameters: const ldns_rr *,
             #retvals: ldns_rdf *
 
@@ -750,7 +1031,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                
                :param owner:
             """
-            _ldns.ldns_rr_set_owner(self,owner)
+            _ldns._ldns_rr_set_owner(self,owner)
             #parameters: ldns_rr *,ldns_rdf *,
             #retvals: 
 
@@ -774,7 +1055,7 @@ The RR is the basic DNS element that contains actual data. This class allows to
                    the position the set the rdf
                :returns: (ldns_rdf \*) the old value in the rr, NULL on failyre
             """
-            return _ldns.ldns_rr_set_rdf(self,f,position)
+            return _ldns._ldns_rr_set_rdf(self,f,position)
             #parameters: ldns_rr *,const ldns_rdf *,size_t,
             #retvals: ldns_rdf *
 
@@ -886,6 +1167,12 @@ ldns_rr* _ldns_rr_list_rr(ldns_rr_list* r, int i) {
 
 %newobject ldns_rr_list2str;
 
+%rename(__ldns_rr_list_owner) ldns_rr_list_owner;
+%inline %{
+ldns_rdf* _ldns_rr_list_owner(ldns_rr_list* r) {
+   return ldns_rdf_clone(ldns_rr_list_owner(r));
+}
+%}
 
 
 
@@ -1017,7 +1304,7 @@ This class contains a list of RR's (see :class:`ldns.ldns_rr`).
                
                :returns: (ldns_rdf \*) dname of the first element, or NULL if the list is empty
             """
-            return _ldns.ldns_rr_list_owner(self)
+            return _ldns._ldns_rr_list_owner(self)
             #parameters: const ldns_rr_list *,
             #retvals: ldns_rdf *
 
@@ -1168,7 +1455,6 @@ This class contains a list of RR's (see :class:`ldns.ldns_rr`).
 
 
 %feature("docstring") ldns_struct_rr_descriptor "Resource Record descriptor
-
 This structure contains, for all rr types, the rdata fields that are defined."
 
 %extend ldns_struct_rr_descriptor {
@@ -1208,4 +1494,91 @@ This structure contains, for all rr types, the rdata fields that are defined."
             #_LDNS_RR_DESCRIPTOR_METHODS#
  %}
 }
- 
+
+/*
+
+rrsig checking wrappers
+
+   copying of rr pointers into the good_keys list leads to double free
+   problems, therefore we provide two options - either ignore the keys
+   or get list of indexes of the keys. The latter allows fetching of the
+   keys later on from the original key set
+*/
+
+%rename(__ldns_verify_rrsig_keylist) ldns_verify_rrsig_keylist;
+%inline %{
+ldns_status ldns_verify_rrsig_keylist_status_only(ldns_rr_list *rrset,
+               ldns_rr *rrsig,
+               const ldns_rr_list *keys) {
+    ldns_rr_list *good_keys = ldns_rr_list_new();
+    ldns_status status = ldns_verify_rrsig_keylist(rrset, rrsig, keys, good_keys);
+    ldns_rr_list_free(good_keys);
+    return status;
+}
+%}
+
+%rename(__ldns_verify_rrsig_keylist) ldns_verify_rrsig_keylist;
+%inline %{
+PyObject* ldns_verify_rrsig_keylist_(ldns_rr_list *rrset,
+               ldns_rr *rrsig,
+               const ldns_rr_list *keys) {
+   PyObject* tuple;
+   PyObject* keylist;
+   ldns_rr_list *good_keys = ldns_rr_list_new();
+   ldns_status status = ldns_verify_rrsig_keylist(rrset, rrsig, keys, good_keys);
+
+   tuple = PyTuple_New(2);
+   PyTuple_SetItem(tuple, 0, SWIG_From_int(status)); 
+   keylist = PyList_New(0);
+   if (status == LDNS_STATUS_OK) {
+       unsigned int i;
+       for (i = 0; i < ldns_rr_list_rr_count(keys); i++)
+            if (ldns_rr_list_contains_rr(good_keys, ldns_rr_list_rr(keys, i)))
+                PyList_Append(keylist, SWIG_From_int(i));
+   }
+   PyTuple_SetItem(tuple, 1, keylist);
+   ldns_rr_list_free(good_keys);
+   return tuple;
+   }
+%}
+
+
+%rename(__ldns_verify_rrsig_keylist_notime) ldns_verify_rrsig_keylist_notime;
+%inline %{
+ldns_status ldns_verify_rrsig_keylist_notime_status_only(ldns_rr_list *rrset,
+               ldns_rr *rrsig,
+               const ldns_rr_list *keys) {
+    ldns_rr_list *good_keys = ldns_rr_list_new();
+    ldns_status status = ldns_verify_rrsig_keylist_notime(rrset, rrsig, keys, good_keys);
+    ldns_rr_list_free(good_keys);
+    return status;
+}
+%}
+
+%rename(__ldns_verify_rrsig_keylist_notime) ldns_verify_rrsig_keylist_notime;
+%inline %{
+PyObject* ldns_verify_rrsig_keylist_notime_(ldns_rr_list *rrset,
+               ldns_rr *rrsig,
+               const ldns_rr_list *keys) {
+   PyObject* tuple;
+   PyObject* keylist;
+   ldns_rr_list *good_keys = ldns_rr_list_new();
+   ldns_status status = ldns_verify_rrsig_keylist_notime(rrset, rrsig, keys, good_keys);
+
+   tuple = PyTuple_New(2);
+   PyTuple_SetItem(tuple, 0, SWIG_From_int(status)); 
+   keylist = PyList_New(0);
+   if (status == LDNS_STATUS_OK) {
+       unsigned int i;
+       for (i = 0; i < ldns_rr_list_rr_count(keys); i++)
+            if (ldns_rr_list_contains_rr(good_keys, ldns_rr_list_rr(keys, i)))
+                PyList_Append(keylist, SWIG_From_int(i));
+   }
+   PyTuple_SetItem(tuple, 1, keylist);
+   ldns_rr_list_free(good_keys);
+   return tuple;
+   }
+%}
+
+/* -- end of rrsig checking wrappers */
+