+2747. [bug] Journal roll forwards failed to set the re-signing
+ time of RRSIGs correctly. [RT #20541]
+
2743. [bug] RRSIG could be incorrectly set in the NSEC3 record
for a insecure delegation.
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: journal.h,v 1.33.120.2 2009/01/18 23:47:41 tbox Exp $ */
+/* $Id: journal.h,v 1.33.120.3 2009/11/04 01:35:07 marka Exp $ */
#ifndef DNS_JOURNAL_H
#define DNS_JOURNAL_H 1
isc_result_t
dns_journal_rollforward(isc_mem_t *mctx, dns_db_t *db, unsigned int options,
const char *filename);
+
+isc_result_t
+dns_journal_rollforward2(isc_mem_t *mctx, dns_db_t *db, unsigned int options,
+ isc_uint32_t resign, const char *filename);
/*%<
* Roll forward (play back) the journal file "filename" into the
* database "db". This should be called when the server starts
- * after a shutdown or crash.
+ * after a shutdown or crash. 'resign' is how many seconds before
+ * a RRSIG is due to expire it should be scheduled to be regenerated.
*
* Requires:
+ *\li dns_journal_rollforward() requires that DNS_JOURNALOPT_RESIGN
+ * is not set.
*\li 'mctx' is a valid memory context.
*\li 'db' is a valid database which does not have a version
* open for writing.
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: journal.c,v 1.103.48.2 2009/01/18 23:47:37 tbox Exp $ */
+/* $Id: journal.c,v 1.103.48.3 2009/11/04 01:35:06 marka Exp $ */
#include <config.h>
/* XXX Share code with incoming IXFR? */
static isc_result_t
-roll_forward(dns_journal_t *j, dns_db_t *db, unsigned int options) {
+roll_forward(dns_journal_t *j, dns_db_t *db, unsigned int options,
+ isc_uint32_t resign)
+{
isc_buffer_t source; /* Transaction data from disk */
isc_buffer_t target; /* Ditto after _fromwire check */
isc_uint32_t db_serial; /* Database SOA serial */
REQUIRE(DNS_DB_VALID(db));
dns_diff_init(j->mctx, &diff);
+ diff.resign = resign;
/*
* Set up empty initial buffers for unchecked and checked
isc_result_t
dns_journal_rollforward(isc_mem_t *mctx, dns_db_t *db,
unsigned int options, const char *filename)
+{
+ REQUIRE((options & DNS_JOURNALOPT_RESIGN) == 0);
+ return (dns_journal_rollforward2(mctx, db, options, 0, filename));
+}
+
+isc_result_t
+dns_journal_rollforward2(isc_mem_t *mctx, dns_db_t *db, unsigned int options,
+ isc_uint32_t resign, const char *filename)
{
dns_journal_t *j;
isc_result_t result;
if (JOURNAL_EMPTY(&j->header))
result = DNS_R_UPTODATE;
else
- result = roll_forward(j, db, options);
+ result = roll_forward(j, db, options, resign);
dns_journal_destroy(&j);
* PERFORMANCE OF THIS SOFTWARE.
*/
-/* $Id: zone.c,v 1.483.36.14 2009/10/05 23:47:50 tbox Exp $ */
+/* $Id: zone.c,v 1.483.36.15 2009/11/04 01:35:07 marka Exp $ */
/*! \file */
set_resigntime(dns_zone_t *zone) {
dns_rdataset_t rdataset;
dns_fixedname_t fixed;
- char namebuf[DNS_NAME_FORMATSIZE];
unsigned int resign;
isc_result_t result;
isc_uint32_t nanosecs;
return;
}
resign = rdataset.resign;
- dns_name_format(dns_fixedname_name(&fixed), namebuf, sizeof(namebuf));
dns_rdataset_disassociate(&rdataset);
isc_random_get(&nanosecs);
nanosecs %= 1000000000;
options = DNS_JOURNALOPT_RESIGN;
else
options = 0;
- result = dns_journal_rollforward(zone->mctx, db, options,
- zone->journal);
+ result = dns_journal_rollforward2(zone->mctx, db, options,
+ zone->sigresigninginterval,
+ zone->journal);
if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND &&
result != DNS_R_UPTODATE && result != DNS_R_NOJOURNAL &&
result != ISC_R_RANGE) {
projects / thirdparty / bind9.git / commitdiff
