let signer check for glue

diff --git a/Makefile.in b/Makefile.in
index f709761d95f1d5a50afa0266dc04789bc189a41d..9e649626105f9f4eaf9b126627ced9375ca439c5 100644 (file)
--- a/Makefile.in
+++ b/Makefile.in
@@ -89,7 +89,7 @@ drill:                ./drill/config.log
                ( cd drill ; $(MAKE) -f Makefile all)
 
 ./examples/config.log:
-               ( mkdir examples ; cd examples ; ../$(srcdir)/examples/configure LDFLAGS="-L../.libs" CPPFLAGS="-I.. -I../..")
+               ( $(INSTALL) -d examples ; cd examples ; ../$(srcdir)/examples/configure LDFLAGS="-L../.libs" CPPFLAGS="-I.. -I../..")
 
 examples:              ./examples/config.log
                ( cd examples ; $(MAKE) -f Makefile all)

diff --git a/dname.c b/dname.c
index 8b310dc68881e2adcb05e77afac8927e0c8a153b..93530c859f7c03c6d4f87ad34d07ead44a465923 100644 (file)
--- a/dname.c
+++ b/dname.c
@@ -177,7 +177,9 @@ ldns_dname_is_subdomain(const ldns_rdf *sub, const ldns_rdf *parent)
        ldns_rdf *tmp_par;
 
        if (ldns_rdf_get_type(sub) != LDNS_RDF_TYPE_DNAME ||
-                       ldns_rdf_get_type(parent) != LDNS_RDF_TYPE_DNAME) {
+                       ldns_rdf_get_type(parent) != LDNS_RDF_TYPE_DNAME ||
+                       ldns_rdf_compare(sub, parent) == 0
+                       ) {
                return false;
        }
 

diff --git a/dnssec.c b/dnssec.c
index 1bfcec7df2cdfac0c10aeafee01c4574de53f791..cce34199b5459cac92fbac55825a02a7ebd99cfd 100644 (file)
--- a/dnssec.c
+++ b/dnssec.c
@@ -1151,6 +1151,8 @@ ldns_zone_sign(ldns_zone *zone, ldns_key_list *key_list)
        ldns_rr_list *orig_zone_rrs;
        ldns_rr_list *signed_zone_rrs;
        ldns_rr_list *pubkeys;
+       ldns_rr_list *glue_rrs;
+       
        ldns_rdf *cur_dname = NULL;
        ldns_rdf *next_dname = NULL;
        ldns_rr *nsec;
@@ -1173,6 +1175,9 @@ ldns_zone_sign(ldns_zone *zone, ldns_key_list *key_list)
        ldns_rr_list_free(cur_rrsigs);
        
        orig_zone_rrs = ldns_rr_list_clone(ldns_zone_rrs(zone));
+
+       glue_rrs = ldns_zone_glue_rr_list(zone);
+
        /* add the key (TODO: check if it's there already? */
        pubkeys = ldns_rr_list_new();
        for (i = 0; i < ldns_key_list_key_count(key_list); i++) {
@@ -1213,7 +1218,8 @@ ldns_zone_sign(ldns_zone *zone, ldns_key_list *key_list)
                if (cur_rrset_type != LDNS_RR_TYPE_RRSIG &&
                    (ldns_dname_is_subdomain(cur_dname, ldns_rr_owner(ldns_zone_soa(zone))) ||
                     ldns_rdf_compare(cur_dname, ldns_rr_owner(ldns_zone_soa(zone))) == 0
-                   )
+                   ) &&
+                   !(ldns_rr_list_contains_rr(glue_rrs, ldns_rr_list_rr(cur_rrset, 0)))
                   ) {
                        cur_rrsigs = ldns_sign_public(cur_rrset, key_list);
 

diff --git a/examples/configure.ac b/examples/configure.ac
index 03bcaf95e9ec753024b1b64f43223d19d4e5d4cf..91e10f00a76fd3b38c431df8d37b88ed9ec167e8 100644 (file)
--- a/examples/configure.ac
+++ b/examples/configure.ac
@@ -73,8 +73,6 @@ AH_BOTTOM([
 
 #AC_DEFINE_UNQUOTED(SYSCONFDIR, "$sysconfdir")
 
-#AC_CONFIG_FILES([Makefile
-#               drill.h
-#                 ])
+AC_CONFIG_FILES([Makefile])
 AC_CONFIG_HEADER([config.h])
 AC_OUTPUT

diff --git a/ldns-signzone.c b/ldns-signzone.c
index 318d1d58873e5f4d855221706dec8a39f7a07cd9..792427f897d5453e1aeaefcef03491f01a94f386 100644 (file)
--- a/ldns-signzone.c
+++ b/ldns-signzone.c
@@ -47,6 +47,8 @@ main(int argc, char *argv[])
        ldns_key_list *keys;
 
 
+       uint16_t default_ttl = LDNS_DEFAULT_TTL;
+
        char *outputfile_name = NULL;
        FILE *outputfile;
        
@@ -200,7 +202,7 @@ main(int argc, char *argv[])
                                if (!keyfile) {
                                        fprintf(stderr, "Error: unable to read %s: %s\n", keyfile_name, strerror(errno));
                                } else {
-                                       pubkey = ldns_rr_new_frm_fp_l(keyfile, LDNS_DEFAULT_TTL, NULL, &line_nr);
+                                       pubkey = ldns_rr_new_frm_fp_l(keyfile, &default_ttl, NULL, &line_nr);
                                        if (pubkey) {
                                                ldns_key_set_pubkey_owner(key, ldns_rdf_clone(ldns_rr_owner(pubkey)));
                                                ldns_key_set_flags(key, ldns_rdf2native_int16(ldns_rr_rdf(pubkey, 0)));

diff --git a/ldns/rr.h b/ldns/rr.h
index d23bc774b0bf747127c46130b8badc5bb66c5f1e..885ea60254ac8940d5c876798d2b2e7b204cc88a 100644 (file)
--- a/ldns/rr.h
+++ b/ldns/rr.h
@@ -485,6 +485,15 @@ bool ldns_rr_list_push_rr(ldns_rr_list *rr_list, ldns_rr *rr);
  */
 ldns_rr* ldns_rr_list_pop_rr(ldns_rr_list *rr_list);
 
+/**
+ * returns true if the given rr is one of the rrs in the
+ * list, or if it is equal to one
+ * \param[in] rr_list the rr_list to check
+ * \param[in] rr the rr to check
+ * \return true if rr_list contains rr, false otherwise
+ */
+bool ldns_rr_list_contains_rr(ldns_rr_list *rr_list, ldns_rr *rr); 
+
 /**
  * checks if an rr_list is a rrset.
  * \param[in] rr_list the rr_list to check

diff --git a/ldns/zone.h b/ldns/zone.h
index bb1b648c3ed88173085288451f75b844e0c1c166..a9b5d6f3602c596c64c99b6e2ba6c942e4da75bc 100644 (file)
--- a/ldns/zone.h
+++ b/ldns/zone.h
@@ -49,6 +49,7 @@ ldns_zone * ldns_zone_new(void);
 ldns_rr * ldns_zone_soa(ldns_zone *z);
 
 /**
+ * Returns the number of resource records in the zone, NOT counting the SOA record
  * \param[in] z the zone to read from
  * \return the number of rr's in the zone
  */

diff --git a/rr.c b/rr.c
index 76e8b86031a186163b339d940da6d00e3f5c8918..d0d51186187cb09633d0085b61f1d6ab535b977a 100644 (file)
--- a/rr.c
+++ b/rr.c
@@ -415,7 +415,12 @@ ldns_rr_new_frm_fp_l(FILE *fp, uint16_t *default_ttl, ldns_rdf **origin, int *li
                 return NULL;
         }
 
-       rr = ldns_rr_new_frm_str((const char*) line, ttl, *origin);
+       if (origin) {
+               rr = ldns_rr_new_frm_str((const char*) line, ttl, *origin);
+       } else {
+               rr = ldns_rr_new_frm_str((const char*) line, ttl, NULL);
+       }
+       
        if (!rr) {
                if ((keyword = strstr(line, "$ORIGIN "))) {
                        if (*origin) {
@@ -831,6 +836,25 @@ ldns_rr_list_pop_rr(ldns_rr_list *rr_list)
        return pop;
 }
 
+bool
+ldns_rr_list_contains_rr(ldns_rr_list *rr_list, ldns_rr *rr)
+{
+       size_t i;
+       
+       if (!rr_list || !rr || ldns_rr_list_rr_count(rr_list) == 0) {
+               return false;
+       }
+
+       for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) {
+               if (rr == ldns_rr_list_rr(rr_list, i)) {
+                       return true;
+               } else if (ldns_rr_compare(rr, ldns_rr_list_rr(rr_list, i)) == 0) {
+                       return true;
+               }
+       }
+       return false;
+}
+
 bool
 ldns_is_rrset(ldns_rr_list *rr_list)
 {

diff --git a/zone.c b/zone.c
index d078587965a8d1cb917cf6a9b982b0bbfda96ce7..384a249deeb1318c602594f95f6888ae54b4ec66 100644 (file)
--- a/zone.c
+++ b/zone.c
@@ -22,7 +22,7 @@ ldns_zone_soa(ldns_zone *z)
 uint16_t
 ldns_zone_rr_count(ldns_zone *z)
 {
-       return ldns_rr_list_rr_count(z->_rrs) + 1; /* SOA record */
+       return ldns_rr_list_rr_count(z->_rrs);
 }
 
 void
@@ -86,8 +86,6 @@ ldns_zone_glue_rr_list(ldns_zone *z)
 
        for(i = 0; i < ldns_zone_rr_count(z); i++) {
                r = ldns_rr_list_rr(ldns_zone_rrs(z), i);
-               ldns_rr_print(stdout, r);
-
                if (ldns_rr_get_type(r) == LDNS_RR_TYPE_A ||
                                ldns_rr_get_type(r) == LDNS_RR_TYPE_AAAA) {
                        /* possibly glue */
@@ -98,16 +96,21 @@ ldns_zone_glue_rr_list(ldns_zone *z)
                        /* multiple zones will end up here -
                         * for now; not a problem
                         */
-                       ldns_rr_list_push_rr(zone_cuts, r);
+                       /* don't add NS records for the current zone itself */
+                       if (ldns_rdf_compare(ldns_rr_owner(r), ldns_rr_owner(ldns_zone_soa(z))) != 0) {
+                               ldns_rr_list_push_rr(zone_cuts, r);
+                       }
                        continue;
                }
        }
-       /* will sorting make it quicker ?? */
 
+       /* will sorting make it quicker ?? */
        for(i = 0; i < ldns_rr_list_rr_count(zone_cuts); i++) {
                ns = ldns_rr_list_rr(zone_cuts, i);
+/*
                dname_ns = ldns_rr_ns_nsdname(ns);
-
+*/
+               dname_ns = ldns_rr_owner(ns);
                for(j = 0; j < ldns_rr_list_rr_count(addr); j++) {
                        a = ldns_rr_list_rr(addr, j);
                        dname_a = ldns_rr_owner(a);