make dnssec-verify and dnssec-signzone read journal files

author Evan Hunt <each@isc.org>

Sat, 5 Feb 2022 00:52:22 +0000 (16:52 -0800)

committer Evan Hunt <each@isc.org>

Thu, 17 Feb 2022 20:03:01 +0000 (12:03 -0800)
author Evan Hunt <each@isc.org>
Sat, 5 Feb 2022 00:52:22 +0000 (16:52 -0800)
committer Evan Hunt <each@isc.org>
Thu, 17 Feb 2022 20:03:01 +0000 (12:03 -0800)
diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c

index 1c01388bd65979007425fbadf04e45ba33a104e1..cf203b127608b0dc346cd82f95a94335442787e7 100644 (file)
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@@ -3357,9 +3357,9 @@ main(int argc, char *argv[]) {
         atomic_init(&finished, false);
  
         /* Unused letters: Bb G J q Yy (and F is reserved). */
-#define CMDLINE_FLAGS                                                         \
-       "3:AaCc:Dd:E:e:f:FghH:i:I:j:K:k:L:l:m:M:n:N:o:O:PpQqRr:s:ST:tuUv:VX:" \
-       "xzZ:"
+#define CMDLINE_FLAGS                                                        \
+       "3:AaCc:Dd:E:e:f:FghH:i:I:j:J:K:k:L:l:m:M:n:N:o:O:PpQqRr:s:ST:tuUv:" \
+       "VX:xzZ:"
  
         /*
          * Process memory debugging argument first.
@@ -3507,6 +3507,10 @@ main(int argc, char *argv[]) {
                         }
                         break;
  
+               case 'J':
+                       journal = isc_commandline_argument;
+                       break;
+
                 case 'K':
                         directory = isc_commandline_argument;
                         break;
@@ -3810,6 +3814,9 @@ main(int argc, char *argv[]) {
         gdb = NULL;
         TIME_NOW(&timer_start);
         loadzone(file, origin, rdclass, &gdb);
+       if (journal != NULL) {
+               loadjournal(mctx, gdb, journal);
+       }
         gorigin = dns_db_origin(gdb);
         gclass = dns_db_class(gdb);
         get_soa_ttls();
diff --git a/bin/dnssec/dnssec-verify.c b/bin/dnssec/dnssec-verify.c

index 27b2e9fce784b6e2a284d6b6edbc88640c94a7c2..4d704e7d3860a48f70d3122e7d809098bf4bab05 100644 (file)
--- a/bin/dnssec/dnssec-verify.c
+++ b/bin/dnssec/dnssec-verify.c
@@ -70,10 +70,10 @@ const char *program = "dnssec-verify";
  static isc_stdtime_t now;
  static isc_mem_t *mctx = NULL;
  static dns_masterformat_t inputformat = dns_masterformat_text;
-static dns_db_t *gdb;            /* The database */
-static dns_dbversion_t *gversion; /* The database version */
-static dns_rdataclass_t gclass;          /* The class */
-static dns_name_t *gorigin;      /* The database origin */
+static dns_db_t *gdb = NULL;            /* The database */
+static dns_dbversion_t *gversion = NULL; /* The database version */
+static dns_rdataclass_t gclass;                 /* The class */
+static dns_name_t *gorigin = NULL;      /* The database origin */
  static bool ignore_kskflag = false;
  static bool keyset_kskonly = false;
  
@@ -180,7 +180,7 @@ main(int argc, char *argv[]) {
         char *endp;
         int ch;
  
-#define CMDLINE_FLAGS "c:E:hm:o:I:qv:Vxz"
+#define CMDLINE_FLAGS "c:E:hJ:m:o:I:qv:Vxz"
  
         /*
          * Process memory debugging argument first.
@@ -226,6 +226,10 @@ main(int argc, char *argv[]) {
                         inputformatstr = isc_commandline_argument;
                         break;
  
+               case 'J':
+                       journal = isc_commandline_argument;
+                       break;
+
                 case 'm':
                         break;
  
@@ -319,6 +323,9 @@ main(int argc, char *argv[]) {
         gdb = NULL;
         report("Loading zone '%s' from file '%s'\n", origin, file);
         loadzone(file, origin, rdclass, &gdb);
+       if (journal != NULL) {
+               loadjournal(mctx, gdb, journal);
+       }
         gorigin = dns_db_origin(gdb);
         gclass = dns_db_class(gdb);
  
diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c

index 095bb59c90ef8f45af7f2ae0988c1ed7c0854f24..5908aa7df5aa982df9d5dd1f7edb09ec38fb7ba8 100644 (file)
--- a/bin/dnssec/dnssectool.c
+++ b/bin/dnssec/dnssectool.c
@@ -39,6 +39,7 @@
  #include <dns/dbiterator.h>
  #include <dns/dnssec.h>
  #include <dns/fixedname.h>
+#include <dns/journal.h>
  #include <dns/keyvalues.h>
  #include <dns/log.h>
  #include <dns/name.h>
@@ -64,6 +65,7 @@ static const char *keystates[KEYSTATES_NVALUES] = {
  
  int verbose = 0;
  bool quiet = false;
+const char *journal = NULL;
  dns_dsdigest_t dtype[8];
  
  static fatalcallback_t *fatalcallback = NULL;
@@ -564,3 +566,41 @@ isoptarg(const char *arg, char **argv, void (*usage)(void)) {
         }
         return (false);
  }
+
+void
+loadjournal(isc_mem_t *mctx, dns_db_t *db, const char *file) {
+       dns_journal_t *jnl = NULL;
+       isc_result_t result;
+
+       result = dns_journal_open(mctx, file, DNS_JOURNAL_READ, &jnl);
+       if (result == ISC_R_NOTFOUND) {
+               fprintf(stderr, "%s: journal file %s not found\n", program,
+                       file);
+               goto cleanup;
+       } else if (result != ISC_R_SUCCESS) {
+               fatal("unable to open journal %s: %s\n", file,
+                     isc_result_totext(result));
+       }
+
+       if (dns_journal_empty(jnl)) {
+               dns_journal_destroy(&jnl);
+               return;
+       }
+
+       result = dns_journal_rollforward(jnl, db, 0);
+       switch (result) {
+       case ISC_R_SUCCESS:
+       case DNS_R_UPTODATE:
+               break;
+
+       case ISC_R_NOTFOUND:
+       case ISC_R_RANGE:
+               fatal("journal %s out of sync with zone", file);
+
+       default:
+               fatal("journal %s: %s\n", file, isc_result_totext(result));
+       }
+
+cleanup:
+       dns_journal_destroy(&jnl);
+}
diff --git a/bin/dnssec/dnssectool.h b/bin/dnssec/dnssectool.h

index 9abc3e3f201166c4127dc654095bd1c030f9b10e..9f9d9750ac1505c4f1218baa876699baf5da26ea 100644 (file)
--- a/bin/dnssec/dnssectool.h
+++ b/bin/dnssec/dnssectool.h
@@ -32,6 +32,9 @@ extern bool quiet;
  /*! program name, statically initialized in each program */
  extern const char *program;
  
+/*! journal file */
+extern const char *journal;
+
  /*!
   * List of DS digest types used by dnssec-cds and dnssec-dsfromkey,
   * defined in dnssectool.c. Filled in by add_dtype() from -a
@@ -102,3 +105,6 @@ key_collision(dst_key_t *key, dns_name_t *name, const char *dir,
  
  bool
  isoptarg(const char *arg, char **argv, void (*usage)(void));
+
+void
+loadjournal(isc_mem_t *mctx, dns_db_t *db, const char *journal);
author	Evan Hunt <each@isc.org>
	Sat, 5 Feb 2022 00:52:22 +0000 (16:52 -0800)
committer	Evan Hunt <each@isc.org>
	Thu, 17 Feb 2022 20:03:01 +0000 (12:03 -0800)
bin/dnssec/dnssec-signzone.c		patch \| blob \| blame \| history
bin/dnssec/dnssec-verify.c		patch \| blob \| blame \| history
bin/dnssec/dnssectool.c		patch \| blob \| blame \| history
bin/dnssec/dnssectool.h		patch \| blob \| blame \| history