2747. [bug] Journal roll forwards failed to set the re-signing

                        time of RRSIGs correctly. [RT #20541]

diff --git a/CHANGES b/CHANGES
index a385948f61000b75aa53b17224cfc92ab15630d0..64fdd6474068b8fda18cda195c0a1d3ac11bc7b2 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,3 +1,6 @@
+2747.  [bug]           Journal roll forwards failed to set the re-signing
+                       time of RRSIGs correctly. [RT #20541]
+
 2746.  [port]          hpux: address signed/unsigned expansion mismatch of
                        dns_rbtnode_t.nsec. [RT #20542]
 

diff --git a/lib/dns/include/dns/journal.h b/lib/dns/include/dns/journal.h
index 04ab4c6920678a92102ac263ee5f135d65d05985..ba125c9a1cefaf906468dd2c71024bb3d288f1c3 100644 (file)
--- a/lib/dns/include/dns/journal.h
+++ b/lib/dns/include/dns/journal.h
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: journal.h,v 1.35 2009/01/17 23:47:43 tbox Exp $ */
+/* $Id: journal.h,v 1.36 2009/11/04 01:25:55 marka Exp $ */
 
 #ifndef DNS_JOURNAL_H
 #define DNS_JOURNAL_H 1
@@ -232,12 +232,19 @@ dns_journal_current_rr(dns_journal_t *j, dns_name_t **name, isc_uint32_t *ttl,
 isc_result_t
 dns_journal_rollforward(isc_mem_t *mctx, dns_db_t *db, unsigned int options,
                        const char *filename);
+
+isc_result_t
+dns_journal_rollforward2(isc_mem_t *mctx, dns_db_t *db, unsigned int options,
+                        isc_uint32_t resign, const char *filename);
 /*%<
  * Roll forward (play back) the journal file "filename" into the
  * database "db".  This should be called when the server starts
- * after a shutdown or crash.
+ * after a shutdown or crash.  'resign' is how many seconds before
+ * a RRSIG is due to expire it should be scheduled to be regenerated. 
  *
  * Requires:
+ *\li  dns_journal_rollforward() requires that DNS_JOURNALOPT_RESIGN 
+ *     is not set.
  *\li   'mctx' is a valid memory context.
  *\li  'db' is a valid database which does not have a version
  *           open for writing.

diff --git a/lib/dns/journal.c b/lib/dns/journal.c
index bc1ba0cddaf58f26a43d0a8bab8774baac9f350c..6062d5d683cf6fc3072d96d9990a401f01855d2a 100644 (file)
--- a/lib/dns/journal.c
+++ b/lib/dns/journal.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: journal.c,v 1.106 2009/08/25 07:41:28 marka Exp $ */
+/* $Id: journal.c,v 1.107 2009/11/04 01:25:55 marka Exp $ */
 
 #include <config.h>
 
@@ -1216,7 +1216,9 @@ dns_journal_destroy(dns_journal_t **journalp) {
 /* XXX Share code with incoming IXFR? */
 
 static isc_result_t
-roll_forward(dns_journal_t *j, dns_db_t *db, unsigned int options) {
+roll_forward(dns_journal_t *j, dns_db_t *db, unsigned int options,
+            isc_uint32_t resign)
+{
        isc_buffer_t source;            /* Transaction data from disk */
        isc_buffer_t target;            /* Ditto after _fromwire check */
        isc_uint32_t db_serial;         /* Database SOA serial */
@@ -1233,6 +1235,7 @@ roll_forward(dns_journal_t *j, dns_db_t *db, unsigned int options) {
        REQUIRE(DNS_DB_VALID(db));
 
        dns_diff_init(j->mctx, &diff);
+       diff.resign = resign;
 
        /*
         * Set up empty initial buffers for unchecked and checked
@@ -1350,6 +1353,14 @@ roll_forward(dns_journal_t *j, dns_db_t *db, unsigned int options) {
 isc_result_t
 dns_journal_rollforward(isc_mem_t *mctx, dns_db_t *db,
                        unsigned int options, const char *filename)
+{
+       REQUIRE((options & DNS_JOURNALOPT_RESIGN) == 0);
+       return (dns_journal_rollforward2(mctx, db, options, 0, filename));
+}
+
+isc_result_t
+dns_journal_rollforward2(isc_mem_t *mctx, dns_db_t *db, unsigned int options,
+                        isc_uint32_t resign, const char *filename)
 {
        dns_journal_t *j;
        isc_result_t result;
@@ -1369,7 +1380,7 @@ dns_journal_rollforward(isc_mem_t *mctx, dns_db_t *db,
        if (JOURNAL_EMPTY(&j->header))
                result = DNS_R_UPTODATE;
        else
-               result = roll_forward(j, db, options);
+               result = roll_forward(j, db, options, resign);
 
        dns_journal_destroy(&j);
 

diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index a0e3509545263b73e91319462a432d135a2e986a..319c93e1c75bb22011f20cd1dd83f9a299d65743 100644 (file)
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zone.c,v 1.523 2009/10/27 23:47:45 tbox Exp $ */
+/* $Id: zone.c,v 1.524 2009/11/04 01:25:55 marka Exp $ */
 
 /*! \file */
 
@@ -2429,7 +2429,6 @@ static void
 set_resigntime(dns_zone_t *zone) {
        dns_rdataset_t rdataset;
        dns_fixedname_t fixed;
-       char namebuf[DNS_NAME_FORMATSIZE];
        unsigned int resign;
        isc_result_t result;
        isc_uint32_t nanosecs;
@@ -2443,7 +2442,6 @@ set_resigntime(dns_zone_t *zone) {
                return;
        }
        resign = rdataset.resign;
-       dns_name_format(dns_fixedname_name(&fixed), namebuf, sizeof(namebuf));
        dns_rdataset_disassociate(&rdataset);
        isc_random_get(&nanosecs);
        nanosecs %= 1000000000;
@@ -3262,8 +3260,9 @@ zone_postload(dns_zone_t *zone, dns_db_t *db, isc_time_t loadtime,
                        options = DNS_JOURNALOPT_RESIGN;
                else
                        options = 0;
-               result = dns_journal_rollforward(zone->mctx, db, options,
-                                                zone->journal);
+               result = dns_journal_rollforward2(zone->mctx, db, options,
+                                                 zone->sigresigninginterval,
+                                                 zone->journal);
                if (result != ISC_R_SUCCESS && result != ISC_R_NOTFOUND &&
                    result != DNS_R_UPTODATE && result != DNS_R_NOJOURNAL &&
                    result != ISC_R_RANGE) {