From: Jelte Jansen Date: Wed, 28 Sep 2005 13:08:05 +0000 (+0000) Subject: let signer check for glue X-Git-Tag: release-1.0.0~100 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=76d78edd75dd92cbcc4461e3d5f233c835502ab5;p=thirdparty%2Fldns.git let signer check for glue --- diff --git a/Makefile.in b/Makefile.in index f709761d..9e649626 100644 --- a/Makefile.in +++ b/Makefile.in @@ -89,7 +89,7 @@ drill: ./drill/config.log ( cd drill ; $(MAKE) -f Makefile all) ./examples/config.log: - ( mkdir examples ; cd examples ; ../$(srcdir)/examples/configure LDFLAGS="-L../.libs" CPPFLAGS="-I.. -I../..") + ( $(INSTALL) -d examples ; cd examples ; ../$(srcdir)/examples/configure LDFLAGS="-L../.libs" CPPFLAGS="-I.. -I../..") examples: ./examples/config.log ( cd examples ; $(MAKE) -f Makefile all) diff --git a/dname.c b/dname.c index 8b310dc6..93530c85 100644 --- a/dname.c +++ b/dname.c @@ -177,7 +177,9 @@ ldns_dname_is_subdomain(const ldns_rdf *sub, const ldns_rdf *parent) ldns_rdf *tmp_par; if (ldns_rdf_get_type(sub) != LDNS_RDF_TYPE_DNAME || - ldns_rdf_get_type(parent) != LDNS_RDF_TYPE_DNAME) { + ldns_rdf_get_type(parent) != LDNS_RDF_TYPE_DNAME || + ldns_rdf_compare(sub, parent) == 0 + ) { return false; } diff --git a/dnssec.c b/dnssec.c index 1bfcec7d..cce34199 100644 --- a/dnssec.c +++ b/dnssec.c @@ -1151,6 +1151,8 @@ ldns_zone_sign(ldns_zone *zone, ldns_key_list *key_list) ldns_rr_list *orig_zone_rrs; ldns_rr_list *signed_zone_rrs; ldns_rr_list *pubkeys; + ldns_rr_list *glue_rrs; + ldns_rdf *cur_dname = NULL; ldns_rdf *next_dname = NULL; ldns_rr *nsec; @@ -1173,6 +1175,9 @@ ldns_zone_sign(ldns_zone *zone, ldns_key_list *key_list) ldns_rr_list_free(cur_rrsigs); orig_zone_rrs = ldns_rr_list_clone(ldns_zone_rrs(zone)); + + glue_rrs = ldns_zone_glue_rr_list(zone); + /* add the key (TODO: check if it's there already? */ pubkeys = ldns_rr_list_new(); for (i = 0; i < ldns_key_list_key_count(key_list); i++) { @@ -1213,7 +1218,8 @@ ldns_zone_sign(ldns_zone *zone, ldns_key_list *key_list) if (cur_rrset_type != LDNS_RR_TYPE_RRSIG && (ldns_dname_is_subdomain(cur_dname, ldns_rr_owner(ldns_zone_soa(zone))) || ldns_rdf_compare(cur_dname, ldns_rr_owner(ldns_zone_soa(zone))) == 0 - ) + ) && + !(ldns_rr_list_contains_rr(glue_rrs, ldns_rr_list_rr(cur_rrset, 0))) ) { cur_rrsigs = ldns_sign_public(cur_rrset, key_list); diff --git a/examples/configure.ac b/examples/configure.ac index 03bcaf95..91e10f00 100644 --- a/examples/configure.ac +++ b/examples/configure.ac @@ -73,8 +73,6 @@ AH_BOTTOM([ #AC_DEFINE_UNQUOTED(SYSCONFDIR, "$sysconfdir") -#AC_CONFIG_FILES([Makefile -# drill.h -# ]) +AC_CONFIG_FILES([Makefile]) AC_CONFIG_HEADER([config.h]) AC_OUTPUT diff --git a/ldns-signzone.c b/ldns-signzone.c index 318d1d58..792427f8 100644 --- a/ldns-signzone.c +++ b/ldns-signzone.c @@ -47,6 +47,8 @@ main(int argc, char *argv[]) ldns_key_list *keys; + uint16_t default_ttl = LDNS_DEFAULT_TTL; + char *outputfile_name = NULL; FILE *outputfile; @@ -200,7 +202,7 @@ main(int argc, char *argv[]) if (!keyfile) { fprintf(stderr, "Error: unable to read %s: %s\n", keyfile_name, strerror(errno)); } else { - pubkey = ldns_rr_new_frm_fp_l(keyfile, LDNS_DEFAULT_TTL, NULL, &line_nr); + pubkey = ldns_rr_new_frm_fp_l(keyfile, &default_ttl, NULL, &line_nr); if (pubkey) { ldns_key_set_pubkey_owner(key, ldns_rdf_clone(ldns_rr_owner(pubkey))); ldns_key_set_flags(key, ldns_rdf2native_int16(ldns_rr_rdf(pubkey, 0))); diff --git a/ldns/rr.h b/ldns/rr.h index d23bc774..885ea602 100644 --- a/ldns/rr.h +++ b/ldns/rr.h @@ -485,6 +485,15 @@ bool ldns_rr_list_push_rr(ldns_rr_list *rr_list, ldns_rr *rr); */ ldns_rr* ldns_rr_list_pop_rr(ldns_rr_list *rr_list); +/** + * returns true if the given rr is one of the rrs in the + * list, or if it is equal to one + * \param[in] rr_list the rr_list to check + * \param[in] rr the rr to check + * \return true if rr_list contains rr, false otherwise + */ +bool ldns_rr_list_contains_rr(ldns_rr_list *rr_list, ldns_rr *rr); + /** * checks if an rr_list is a rrset. * \param[in] rr_list the rr_list to check diff --git a/ldns/zone.h b/ldns/zone.h index bb1b648c..a9b5d6f3 100644 --- a/ldns/zone.h +++ b/ldns/zone.h @@ -49,6 +49,7 @@ ldns_zone * ldns_zone_new(void); ldns_rr * ldns_zone_soa(ldns_zone *z); /** + * Returns the number of resource records in the zone, NOT counting the SOA record * \param[in] z the zone to read from * \return the number of rr's in the zone */ diff --git a/rr.c b/rr.c index 76e8b860..d0d51186 100644 --- a/rr.c +++ b/rr.c @@ -415,7 +415,12 @@ ldns_rr_new_frm_fp_l(FILE *fp, uint16_t *default_ttl, ldns_rdf **origin, int *li return NULL; } - rr = ldns_rr_new_frm_str((const char*) line, ttl, *origin); + if (origin) { + rr = ldns_rr_new_frm_str((const char*) line, ttl, *origin); + } else { + rr = ldns_rr_new_frm_str((const char*) line, ttl, NULL); + } + if (!rr) { if ((keyword = strstr(line, "$ORIGIN "))) { if (*origin) { @@ -831,6 +836,25 @@ ldns_rr_list_pop_rr(ldns_rr_list *rr_list) return pop; } +bool +ldns_rr_list_contains_rr(ldns_rr_list *rr_list, ldns_rr *rr) +{ + size_t i; + + if (!rr_list || !rr || ldns_rr_list_rr_count(rr_list) == 0) { + return false; + } + + for (i = 0; i < ldns_rr_list_rr_count(rr_list); i++) { + if (rr == ldns_rr_list_rr(rr_list, i)) { + return true; + } else if (ldns_rr_compare(rr, ldns_rr_list_rr(rr_list, i)) == 0) { + return true; + } + } + return false; +} + bool ldns_is_rrset(ldns_rr_list *rr_list) { diff --git a/zone.c b/zone.c index d0785879..384a249d 100644 --- a/zone.c +++ b/zone.c @@ -22,7 +22,7 @@ ldns_zone_soa(ldns_zone *z) uint16_t ldns_zone_rr_count(ldns_zone *z) { - return ldns_rr_list_rr_count(z->_rrs) + 1; /* SOA record */ + return ldns_rr_list_rr_count(z->_rrs); } void @@ -86,8 +86,6 @@ ldns_zone_glue_rr_list(ldns_zone *z) for(i = 0; i < ldns_zone_rr_count(z); i++) { r = ldns_rr_list_rr(ldns_zone_rrs(z), i); - ldns_rr_print(stdout, r); - if (ldns_rr_get_type(r) == LDNS_RR_TYPE_A || ldns_rr_get_type(r) == LDNS_RR_TYPE_AAAA) { /* possibly glue */ @@ -98,16 +96,21 @@ ldns_zone_glue_rr_list(ldns_zone *z) /* multiple zones will end up here - * for now; not a problem */ - ldns_rr_list_push_rr(zone_cuts, r); + /* don't add NS records for the current zone itself */ + if (ldns_rdf_compare(ldns_rr_owner(r), ldns_rr_owner(ldns_zone_soa(z))) != 0) { + ldns_rr_list_push_rr(zone_cuts, r); + } continue; } } - /* will sorting make it quicker ?? */ + /* will sorting make it quicker ?? */ for(i = 0; i < ldns_rr_list_rr_count(zone_cuts); i++) { ns = ldns_rr_list_rr(zone_cuts, i); +/* dname_ns = ldns_rr_ns_nsdname(ns); - +*/ + dname_ns = ldns_rr_owner(ns); for(j = 0; j < ldns_rr_list_rr_count(addr); j++) { a = ldns_rr_list_rr(addr, j); dname_a = ldns_rr_owner(a);