Implement dummy 'rndc dnssec -status' command

author Matthijs Mekking <matthijs@isc.org>

Wed, 17 Jun 2020 12:58:57 +0000 (14:58 +0200)

committer Matthijs Mekking <matthijs@isc.org>

Tue, 30 Jun 2020 07:51:04 +0000 (09:51 +0200)
author Matthijs Mekking <matthijs@isc.org>
Wed, 17 Jun 2020 12:58:57 +0000 (14:58 +0200)
committer Matthijs Mekking <matthijs@isc.org>
Tue, 30 Jun 2020 07:51:04 +0000 (09:51 +0200)
diff --git a/bin/named/control.c b/bin/named/control.c

index 7bb146017f2055d029ffb23577ce43c372da811f..035a8833f73aa27833d9235470f7ded13733295a 100644 (file)
--- a/bin/named/control.c
+++ b/bin/named/control.c
@@ -209,6 +209,8 @@ named_control_docommand(isccc_sexpr_t *message, bool readonly,
                 result = named_server_changezone(named_g_server, cmdline, text);
         } else if (command_compare(command, NAMED_COMMAND_DELZONE)) {
                 result = named_server_delzone(named_g_server, lex, text);
+       } else if (command_compare(command, NAMED_COMMAND_DNSSEC)) {
+               result = named_server_dnssec(named_g_server, lex, text);
         } else if (command_compare(command, NAMED_COMMAND_DNSTAP) ||
                    command_compare(command, NAMED_COMMAND_DNSTAPREOPEN))
         {
diff --git a/bin/named/include/named/control.h b/bin/named/include/named/control.h

index 99fe916d0e662b5bb94617c33e6580f8c255c916..b97f07ac73c66bf77b9ab5184329d88e32d93a8f 100644 (file)
--- a/bin/named/include/named/control.h
+++ b/bin/named/include/named/control.h
@@ -61,6 +61,7 @@
  #define NAMED_COMMAND_SHOWZONE    "showzone"
  #define NAMED_COMMAND_SYNC        "sync"
  #define NAMED_COMMAND_SIGNING     "signing"
+#define NAMED_COMMAND_DNSSEC      "dnssec"
  #define NAMED_COMMAND_ZONESTATUS   "zonestatus"
  #define NAMED_COMMAND_NTA         "nta"
  #define NAMED_COMMAND_TESTGEN     "testgen"
diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h

index e89c3b66befa1020b777e4c997da7cc4d4822523..fdc89958a33fee4dafa893b319fa263c0cc8ad95 100644 (file)
--- a/bin/named/include/named/server.h
+++ b/bin/named/include/named/server.h
@@ -333,6 +333,13 @@ isc_result_t
  named_server_signing(named_server_t *server, isc_lex_t *lex,
                      isc_buffer_t **text);
  
+/*%
+ * Lists the DNSSEC status for a given zone.
+ */
+isc_result_t
+named_server_dnssec(named_server_t *server, isc_lex_t *lex,
+                   isc_buffer_t **text);
+
  /*%
   * Lists status information for a given zone (e.g., name, type, files,
   * load time, expiry, etc).
diff --git a/bin/named/server.c b/bin/named/server.c

index c6d8238ac6f58e433d67c06492f5d813ccfb9280..ecacb9d32160a480da9ed149f6b237dc348f374d 100644 (file)
--- a/bin/named/server.c
+++ b/bin/named/server.c
@@ -59,6 +59,7 @@
  #include <dns/dlz.h>
  #include <dns/dns64.h>
  #include <dns/dnsrps.h>
+#include <dns/dnssec.h>
  #include <dns/dyndb.h>
  #include <dns/events.h>
  #include <dns/fixedname.h>
@@ -66,6 +67,7 @@
  #include <dns/geoip.h>
  #include <dns/journal.h>
  #include <dns/kasp.h>
+#include <dns/keymgr.h>
  #include <dns/keytable.h>
  #include <dns/keyvalues.h>
  #include <dns/lib.h>
@@ -14463,6 +14465,53 @@ cleanup:
         return (result);
  }
  
+isc_result_t
+named_server_dnssec(named_server_t *server, isc_lex_t *lex,
+                   isc_buffer_t **text) {
+       isc_result_t result = ISC_R_SUCCESS;
+       dns_zone_t *zone = NULL;
+       dns_kasp_t *kasp = NULL;
+       bool status = false;
+       const char *ptr;
+
+       /* Skip the command name. */
+       ptr = next_token(lex, text);
+       if (ptr == NULL) {
+               return (ISC_R_UNEXPECTEDEND);
+       }
+
+       /* Find out what we are to do. */
+       ptr = next_token(lex, text);
+       if (ptr == NULL) {
+               return (ISC_R_UNEXPECTEDEND);
+       }
+
+       if (strcasecmp(ptr, "-status") == 0) {
+               status = true;
+       } else {
+               CHECK(DNS_R_SYNTAX);
+       }
+
+       CHECK(zone_from_args(server, lex, NULL, &zone, NULL, text, false));
+       if (zone == NULL) {
+               CHECK(ISC_R_UNEXPECTEDEND);
+       }
+
+       kasp = dns_zone_getkasp(zone);
+
+       if (status) {
+               CHECK(putstr(text, "-status command not implemented"));
+               CHECK(putnull(text));
+       }
+
+cleanup:
+       if (zone != NULL) {
+               dns_zone_detach(&zone);
+       }
+
+       return (result);
+}
+
  static isc_result_t
  putmem(isc_buffer_t **b, const char *str, size_t len) {
         isc_result_t result;
diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c

index ba91747657cf005b063f3811a4a03bdc04475776..7a3123e19acd24e9939250c044fcf3e091505ca8 100644 (file)
--- a/bin/rndc/rndc.c
+++ b/bin/rndc/rndc.c
@@ -105,6 +105,9 @@ command is one of the following:\n\
                 Add zone to given view. Requires allow-new-zones option.\n\
    delzone [-clean] zone [class [view]]\n\
                 Removes zone from given view.\n\
+  dnssec -status zone [class [view]]\n\
+               Show the DNSSEC signing state for the specified zone.\n\
+               Requires the zone to have a dnssec-policy.\n\
    dnstap -reopen\n\
                 Close, truncate and re-open the DNSTAP output file.\n\
    dnstap -roll count\n\
diff --git a/bin/rndc/rndc.rst b/bin/rndc/rndc.rst

index ab4d806865561fd77f9f3ba4782b3352e3a67f5a..ef5febb259a815f73d4dede9e2d790d516ce126d 100644 (file)
--- a/bin/rndc/rndc.rst
+++ b/bin/rndc/rndc.rst
@@ -162,6 +162,10 @@ Currently supported commands are:
  
     See also ``rndc addzone`` and ``rndc modzone``.
  
+``dnssec`` [**-status** *zone* [*class* [*view*]]
+   Show the DNSSEC signing state for the specified zone.  Requires the
+   zone to have a "dnssec-policy".
+
  ``dnstap`` ( **-reopen** | **-roll** [*number*] )
     Close and re-open DNSTAP output files. ``rndc dnstap -reopen`` allows
     the output file to be renamed externally, so that :manpage:`named(8)` can
diff --git a/doc/man/rndc.8in b/doc/man/rndc.8in

index 43079e8435e5e9265720a8d9ba663e42d3d844a7..01f5ab372925d9e8ac386b7e9d23869e58dabd94 100644 (file)
--- a/doc/man/rndc.8in
+++ b/doc/man/rndc.8in
@@ -162,6 +162,10 @@ back. To remove it permanently, it must also be removed from
  .sp
  See also \fBrndc addzone\fP and \fBrndc modzone\fP\&.
  .TP
+\fBdnssec\fP [\fB\-status\fP \fIzone\fP [\fIclass\fP [\fIview\fP]]
+Show the DNSSEC signing state for the specified zone.  Requires the
+zone to have a \fBdnssec-policy\fP.
+.TP
  \fBdnstap\fP ( \fB\-reopen\fP | \fB\-roll\fP [\fInumber\fP] )
  Close and re\-open DNSTAP output files. \fBrndc dnstap \-reopen\fP allows
  the output file to be renamed externally, so that \fBnamed(8)\fP can
author	Matthijs Mekking <matthijs@isc.org>
	Wed, 17 Jun 2020 12:58:57 +0000 (14:58 +0200)
committer	Matthijs Mekking <matthijs@isc.org>
	Tue, 30 Jun 2020 07:51:04 +0000 (09:51 +0200)
bin/named/control.c		patch \| blob \| blame \| history
bin/named/include/named/control.h		patch \| blob \| blame \| history
bin/named/include/named/server.h		patch \| blob \| blame \| history
bin/named/server.c		patch \| blob \| blame \| history
bin/rndc/rndc.c		patch \| blob \| blame \| history
bin/rndc/rndc.rst		patch \| blob \| blame \| history
doc/man/rndc.8in		patch \| blob \| blame \| history