From: Mark Andrews Date: Wed, 4 Nov 2009 01:35:07 +0000 (+0000) Subject: 2747. [bug] Journal roll forwards failed to set the re-signing X-Git-Tag: v9.6.1-P2~2^2~22 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5211674cef44af48e2bff877db21a67670b7df34;p=thirdparty%2Fbind9.git 2747. [bug] Journal roll forwards failed to set the re-signing time of RRSIGs correctly. [RT #20541] --- diff --git a/CHANGES b/CHANGES index 52a7cc66e59..967f9b94697 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,6 @@ +2747. [bug] Journal roll forwards failed to set the re-signing + time of RRSIGs correctly. [RT #20541] + 2743. [bug] RRSIG could be incorrectly set in the NSEC3 record for a insecure delegation. diff --git a/lib/dns/include/dns/journal.h b/lib/dns/include/dns/journal.h index 3917d8db9a0..67adb113118 100644 --- a/lib/dns/include/dns/journal.h +++ b/lib/dns/include/dns/journal.h @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: journal.h,v 1.33.120.2 2009/01/18 23:47:41 tbox Exp $ */ +/* $Id: journal.h,v 1.33.120.3 2009/11/04 01:35:07 marka Exp $ */ #ifndef DNS_JOURNAL_H #define DNS_JOURNAL_H 1 @@ -232,12 +232,19 @@ dns_journal_current_rr(dns_journal_t *j, dns_name_t **name, isc_uint32_t *ttl, isc_result_t dns_journal_rollforward(isc_mem_t *mctx, dns_db_t *db, unsigned int options, const char *filename); + +isc_result_t +dns_journal_rollforward2(isc_mem_t *mctx, dns_db_t *db, unsigned int options, + isc_uint32_t resign, const char *filename); /*%< * Roll forward (play back) the journal file "filename" into the * database "db". This should be called when the server starts - * after a shutdown or crash. + * after a shutdown or crash. 'resign' is how many seconds before + * a RRSIG is due to expire it should be scheduled to be regenerated. * * Requires: + *\li dns_journal_rollforward() requires that DNS_JOURNALOPT_RESIGN + * is not set. *\li 'mctx' is a valid memory context. *\li 'db' is a valid database which does not have a version * open for writing. diff --git a/lib/dns/journal.c b/lib/dns/journal.c index 8c21f1ece34..97f6312924b 100644 --- a/lib/dns/journal.c +++ b/lib/dns/journal.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: journal.c,v 1.103.48.2 2009/01/18 23:47:37 tbox Exp $ */ +/* $Id: journal.c,v 1.103.48.3 2009/11/04 01:35:06 marka Exp $ */ #include @@ -1218,7 +1218,9 @@ dns_journal_destroy(dns_journal_t **journalp) { /* XXX Share code with incoming IXFR? */ static isc_result_t -roll_forward(dns_journal_t *j, dns_db_t *db, unsigned int options) { +roll_forward(dns_journal_t *j, dns_db_t *db, unsigned int options, + isc_uint32_t resign) +{ isc_buffer_t source; /* Transaction data from disk */ isc_buffer_t target; /* Ditto after _fromwire check */ isc_uint32_t db_serial; /* Database SOA serial */ @@ -1235,6 +1237,7 @@ roll_forward(dns_journal_t *j, dns_db_t *db, unsigned int options) { REQUIRE(DNS_DB_VALID(db)); dns_diff_init(j->mctx, &diff); + diff.resign = resign; /* * Set up empty initial buffers for unchecked and checked @@ -1352,6 +1355,14 @@ roll_forward(dns_journal_t *j, dns_db_t *db, unsigned int options) { isc_result_t dns_journal_rollforward(isc_mem_t *mctx, dns_db_t *db, unsigned int options, const char *filename) +{ + REQUIRE((options & DNS_JOURNALOPT_RESIGN) == 0); + return (dns_journal_rollforward2(mctx, db, options, 0, filename)); +} + +isc_result_t +dns_journal_rollforward2(isc_mem_t *mctx, dns_db_t *db, unsigned int options, + isc_uint32_t resign, const char *filename) { dns_journal_t *j; isc_result_t result; @@ -1371,7 +1382,7 @@ dns_journal_rollforward(isc_mem_t *mctx, dns_db_t *db, if (JOURNAL_EMPTY(&j->header)) result = DNS_R_UPTODATE; else - result = roll_forward(j, db, options); + result = roll_forward(j, db, options, resign); dns_journal_destroy(&j); diff --git a/lib/dns/zone.c b/lib/dns/zone.c index 556bb9675f8..43099696ec6 100644 --- a/lib/dns/zone.c +++ b/lib/dns/zone.c @@ -15,7 +15,7 @@ * PERFORMANCE OF THIS SOFTWARE. */ -/* $Id: zone.c,v 1.483.36.14 2009/10/05 23:47:50 tbox Exp $ */ +/* $Id: zone.c,v 1.483.36.15 2009/11/04 01:35:07 marka Exp $ */ /*! \file */ @@ -2341,7 +2341,6 @@ static void set_resigntime(dns_zone_t *zone) { dns_rdataset_t rdataset; dns_fixedname_t fixed; - char namebuf[DNS_NAME_FORMATSIZE]; unsigned int resign; isc_result_t result; isc_uint32_t nanosecs; @@ -2355,7 +2354,6 @@ set_resigntime(dns_zone_t *zone) { return; } resign = rdataset.resign; - dns_name_format(dns_fixedname_name(&fixed), namebuf, sizeof(namebuf)); dns_rdataset_disassociate(&rdataset); isc_random_get(&nanosecs); nanosecs %= 1000000000; @@ -2513,8 +2511,9 @@ zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime, options = DNS_JOURNALOPT_RESIGN; else options = 0; - result = dns_journal_rollforward(zone->mctx, db, options, - zone->journal); + result = dns_journal_rollforward2(zone->mctx, db, options, + zone->sigresigninginterval, + zone->journal); if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND && result != DNS_R_UPTODATE && result != DNS_R_NOJOURNAL && result != ISC_R_RANGE) {