Commit Diff
Diff:
1b2b790a5433dd165ba283ebde072ed5f57bcdbc
9be237170ab3bb69f17373cd31b74513a2765f24
Commit:
9be237170ab3bb69f17373cd31b74513a2765f24
Tree:
6cd1bf0efe1beba6e750f4302f9cf842560b9e82
Author:
pjp <pjp@delphinusdns.org>
Committer:
pjp <pjp@delphinusdns.org>
Date:
Fri Nov 21 09:04:41 2014 UTC
Message:
- DNSKEY and RRSIG RR's are now being parsed (could contain bugs) - add a base64.c, welcome ISC and IBM to my code, from OpenBSD this breaks a rule of thumb but in this case the base64 is not network facing and thus it should be OK. not tested, but it compiles.
blob - b0e6cd5d7d2947a3ca1b3a291bee7ada3890425e
blob + 13800fc15b429a3c55820c749a6a7170e27b0ee4
--- Makefile.freebsd
+++ Makefile.freebsd
@@ -1,6 +1,6 @@
PROG=delphinusdnsd
-SRCS=main.c parse.y reply.c additional.c region.c wildcard.c recurse.c log.c axfr.c filter.c ratelimit.c whitelist.c
+SRCS=main.c parse.y reply.c additional.c region.c wildcard.c recurse.c log.c axfr.c filter.c ratelimit.c whitelist.c base64.c
CFLAGS= -Wall -g -I/usr/local/include/db5/
LDFLAGS= -Wall -g -L/usr/local/lib/db5/
blob - 2237748822f59e2173e43724fc6995ad4582d9aa
blob + 25a6c115417b34e6dfd9c4708741fe3bf4db984e
--- Makefile.linux
+++ Makefile.linux
@@ -22,6 +22,7 @@ build:
$(CC) $(CFLAGS) -c filter.c
$(CC) $(CFLAGS) -c ratelimit.c
$(CC) $(CFLAGS) -c whitelist.c
+ $(CC) $(CFLAGS) -c base64.c
$(AR) -x libressllibcrypto.a libcompat_la-arc4random.o
$(AR) -x libressllibcrypto.a libcompat_la-getentropy_linux.o
$(AR) -x libressllibcrypto.a libcompatnoopt_la-explicit_bzero.o
blob - 7a141e7728f4d9441d5014ee11a3f7442b428390
blob + dfdee3fb3425948e3b4d1eb78a89aac9fa1aaabc
--- Makefile.macosx
+++ Makefile.macosx
@@ -19,6 +19,7 @@ build:
$(CC) $(CFLAGS) -c filter.c
$(CC) $(CFLAGS) -c ratelimit.c
$(CC) $(CFLAGS) -c whitelist.c
+ $(CC) $(CFLAGS) -c base64.c
$(CC) $(CFLAGS) -o delphinusdnsd additional.o main.o parse.o reply.o region.o wildcard.o log.o recurse.o axfr.o filter.o ratelimit.o whitelist.o $(LDADD)
clean:
blob - 35c515c20e012918cd5f9a2373f8fdb9f1a95d23
blob + 66f5aa667f0e07a4bae588ee01aab761c0c7d540
--- Makefile.netbsd
+++ Makefile.netbsd
@@ -1,6 +1,6 @@
PROG=delphinusdnsd
-SRCS=main.c parse.y reply.c additional.c region.c wildcard.c recurse.c log.c axfr.c filter.c ratelimit.c whitelist.c
+SRCS=main.c parse.y reply.c additional.c region.c wildcard.c recurse.c log.c axfr.c filter.c ratelimit.c whitelist.c base64.c
CFLAGS= -Wall -g -I/usr/pkg/include/db5/
LDFLAGS= -Wall -g -L/usr/pkg/lib -R/usr/pkg/lib
blob - 8a367010f76277fd9197ae727b505ea540dbcce7
blob + b48411c6bb8245fad930bc4dadeb1444b417841f
--- Makefile.openbsd
+++ Makefile.openbsd
@@ -1,6 +1,6 @@
PROG=delphinusdnsd
-SRCS=main.c parse.y reply.c additional.c region.c wildcard.c recurse.c log.c axfr.c filter.c ratelimit.c whitelist.c
+SRCS=main.c parse.y reply.c additional.c region.c wildcard.c recurse.c log.c axfr.c filter.c ratelimit.c whitelist.c base64.c
#CFLAGS= -DDEBUG -g -Wall
CFLAGS= -Wall -g -I/usr/local/include/db4
blob - /dev/null
blob + 0c53099e6983a9092904079c64a40ba84dc78e94 (mode 644)
--- /dev/null
+++ base64.c
@@ -0,0 +1,322 @@
+/* $OpenBSD: base64.c,v 1.7 2013/12/31 02:32:56 tedu Exp $ */
+
+/*
+ * Copyright (c) 1996 by Internet Software Consortium.
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+/*
+ * Portions Copyright (c) 1995 by International Business Machines, Inc.
+ *
+ * International Business Machines, Inc. (hereinafter called IBM) grants
+ * permission under its copyrights to use, copy, modify, and distribute this
+ * Software with or without fee, provided that the above copyright notice and
+ * all paragraphs of this notice appear in all copies, and that the name of IBM
+ * not be used in connection with the marketing of any product incorporating
+ * the Software or modifications thereof, without specific, written prior
+ * permission.
+ *
+ * To the extent it has a right to do so, IBM grants an immunity from suit
+ * under its patents, if any, for the use, sale or manufacture of products to
+ * the extent that such products are used for performing Domain Name System
+ * dynamic updates in TCP/IP networks by means of the Software. No immunity is
+ * granted for any product per se or for any other function of any product.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS", AND IBM DISCLAIMS ALL WARRANTIES,
+ * INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
+ * PARTICULAR PURPOSE. IN NO EVENT SHALL IBM BE LIABLE FOR ANY SPECIAL,
+ * DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER ARISING
+ * OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE, EVEN
+ * IF IBM IS APPRISED OF THE POSSIBILITY OF SUCH DAMAGES.
+ */
+
+#include <sys/types.h>
+#include <sys/param.h>
+#include <sys/socket.h>
+#include <netinet/in.h>
+#include <arpa/inet.h>
+#include <arpa/nameser.h>
+
+#include <ctype.h>
+#include <resolv.h>
+#include <stdio.h>
+
+#include <stdlib.h>
+#include <string.h>
+
+static const char rcsid[] = "$Id: base64.c,v 1.1 2014/11/21 09:04:41 pjp Exp $";
+
+static const char Base64[] =
+ "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/";
+static const char Pad64 = '=';
+
+/* these prototype names shouldn't collide with anything */
+int mybase64_encode(u_char const *, size_t, char *, size_t);
+int mybase64_decode(char const *, u_char *, size_t);
+
+/* (From RFC1521 and draft-ietf-dnssec-secext-03.txt)
+ The following encoding technique is taken from RFC 1521 by Borenstein
+ and Freed. It is reproduced here in a slightly edited form for
+ convenience.
+
+ A 65-character subset of US-ASCII is used, enabling 6 bits to be
+ represented per printable character. (The extra 65th character, "=",
+ is used to signify a special processing function.)
+
+ The encoding process represents 24-bit groups of input bits as output
+ strings of 4 encoded characters. Proceeding from left to right, a
+ 24-bit input group is formed by concatenating 3 8-bit input groups.
+ These 24 bits are then treated as 4 concatenated 6-bit groups, each
+ of which is translated into a single digit in the base64 alphabet.
+
+ Each 6-bit group is used as an index into an array of 64 printable
+ characters. The character referenced by the index is placed in the
+ output string.
+
+ Table 1: The Base64 Alphabet
+
+ Value Encoding Value Encoding Value Encoding Value Encoding
+ 0 A 17 R 34 i 51 z
+ 1 B 18 S 35 j 52 0
+ 2 C 19 T 36 k 53 1
+ 3 D 20 U 37 l 54 2
+ 4 E 21 V 38 m 55 3
+ 5 F 22 W 39 n 56 4
+ 6 G 23 X 40 o 57 5
+ 7 H 24 Y 41 p 58 6
+ 8 I 25 Z 42 q 59 7
+ 9 J 26 a 43 r 60 8
+ 10 K 27 b 44 s 61 9
+ 11 L 28 c 45 t 62 +
+ 12 M 29 d 46 u 63 /
+ 13 N 30 e 47 v
+ 14 O 31 f 48 w (pad) =
+ 15 P 32 g 49 x
+ 16 Q 33 h 50 y
+
+ Special processing is performed if fewer than 24 bits are available
+ at the end of the data being encoded. A full encoding quantum is
+ always completed at the end of a quantity. When fewer than 24 input
+ bits are available in an input group, zero bits are added (on the
+ right) to form an integral number of 6-bit groups. Padding at the
+ end of the data is performed using the '=' character.
+
+ Since all base64 input is an integral number of octets, only the
+ -------------------------------------------------
+ following cases can arise:
+
+ (1) the final quantum of encoding input is an integral
+ multiple of 24 bits; here, the final unit of encoded
+ output will be an integral multiple of 4 characters
+ with no "=" padding,
+ (2) the final quantum of encoding input is exactly 8 bits;
+ here, the final unit of encoded output will be two
+ characters followed by two "=" padding characters, or
+ (3) the final quantum of encoding input is exactly 16 bits;
+ here, the final unit of encoded output will be three
+ characters followed by one "=" padding character.
+ */
+
+int
+mybase64_encode(src, srclength, target, targsize)
+ u_char const *src;
+ size_t srclength;
+ char *target;
+ size_t targsize;
+{
+ size_t datalength = 0;
+ u_char input[3];
+ u_char output[4];
+ int i;
+
+ while (2 < srclength) {
+ input[0] = *src++;
+ input[1] = *src++;
+ input[2] = *src++;
+ srclength -= 3;
+
+ output[0] = input[0] >> 2;
+ output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
+ output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
+ output[3] = input[2] & 0x3f;
+
+ if (datalength + 4 > targsize)
+ return (-1);
+ target[datalength++] = Base64[output[0]];
+ target[datalength++] = Base64[output[1]];
+ target[datalength++] = Base64[output[2]];
+ target[datalength++] = Base64[output[3]];
+ }
+
+ /* Now we worry about padding. */
+ if (0 != srclength) {
+ /* Get what's left. */
+ input[0] = input[1] = input[2] = '\0';
+ for (i = 0; i < srclength; i++)
+ input[i] = *src++;
+
+ output[0] = input[0] >> 2;
+ output[1] = ((input[0] & 0x03) << 4) + (input[1] >> 4);
+ output[2] = ((input[1] & 0x0f) << 2) + (input[2] >> 6);
+
+ if (datalength + 4 > targsize)
+ return (-1);
+ target[datalength++] = Base64[output[0]];
+ target[datalength++] = Base64[output[1]];
+ if (srclength == 1)
+ target[datalength++] = Pad64;
+ else
+ target[datalength++] = Base64[output[2]];
+ target[datalength++] = Pad64;
+ }
+ if (datalength >= targsize)
+ return (-1);
+ target[datalength] = '\0'; /* Returned value doesn't count \0. */
+ return (datalength);
+}
+
+/* skips all whitespace anywhere.
+ converts characters, four at a time, starting at (or after)
+ src from base - 64 numbers into three 8 bit bytes in the target area.
+ it returns the number of data bytes stored at the target, or -1 on error.
+ */
+
+int
+mybase64_decode(src, target, targsize)
+ char const *src;
+ u_char *target;
+ size_t targsize;
+{
+ int tarindex, state, ch;
+ u_char nextbyte;
+ char *pos;
+
+ state = 0;
+ tarindex = 0;
+
+ while ((ch = (unsigned char)*src++) != '\0') {
+ if (isspace(ch)) /* Skip whitespace anywhere. */
+ continue;
+
+ if (ch == Pad64)
+ break;
+
+ pos = strchr(Base64, ch);
+ if (pos == 0) /* A non-base64 character. */
+ return (-1);
+
+ switch (state) {
+ case 0:
+ if (target) {
+ if (tarindex >= targsize)
+ return (-1);
+ target[tarindex] = (pos - Base64) << 2;
+ }
+ state = 1;
+ break;
+ case 1:
+ if (target) {
+ if (tarindex >= targsize)
+ return (-1);
+ target[tarindex] |= (pos - Base64) >> 4;
+ nextbyte = ((pos - Base64) & 0x0f) << 4;
+ if (tarindex + 1 < targsize)
+ target[tarindex+1] = nextbyte;
+ else if (nextbyte)
+ return (-1);
+ }
+ tarindex++;
+ state = 2;
+ break;
+ case 2:
+ if (target) {
+ if (tarindex >= targsize)
+ return (-1);
+ target[tarindex] |= (pos - Base64) >> 2;
+ nextbyte = ((pos - Base64) & 0x03) << 6;
+ if (tarindex + 1 < targsize)
+ target[tarindex+1] = nextbyte;
+ else if (nextbyte)
+ return (-1);
+ }
+ tarindex++;
+ state = 3;
+ break;
+ case 3:
+ if (target) {
+ if (tarindex >= targsize)
+ return (-1);
+ target[tarindex] |= (pos - Base64);
+ }
+ tarindex++;
+ state = 0;
+ break;
+ }
+ }
+
+ /*
+ * We are done decoding Base-64 chars. Let's see if we ended
+ * on a byte boundary, and/or with erroneous trailing characters.
+ */
+
+ if (ch == Pad64) { /* We got a pad char. */
+ ch = (unsigned char)*src++; /* Skip it, get next. */
+ switch (state) {
+ case 0: /* Invalid = in first position */
+ case 1: /* Invalid = in second position */
+ return (-1);
+
+ case 2: /* Valid, means one byte of info */
+ /* Skip any number of spaces. */
+ for (; ch != '\0'; ch = (unsigned char)*src++)
+ if (!isspace(ch))
+ break;
+ /* Make sure there is another trailing = sign. */
+ if (ch != Pad64)
+ return (-1);
+ ch = (unsigned char)*src++; /* Skip the = */
+ /* Fall through to "single trailing =" case. */
+ /* FALLTHROUGH */
+
+ case 3: /* Valid, means two bytes of info */
+ /*
+ * We know this char is an =. Is there anything but
+ * whitespace after it?
+ */
+ for (; ch != '\0'; ch = (unsigned char)*src++)
+ if (!isspace(ch))
+ return (-1);
+
+ /*
+ * Now make sure for cases 2 and 3 that the "extra"
+ * bits that slopped past the last full byte were
+ * zeros. If we don't check them, they become a
+ * subliminal channel.
+ */
+ if (target && tarindex < targsize &&
+ target[tarindex] != 0)
+ return (-1);
+ }
+ } else {
+ /*
+ * We ended by seeing the end of the string. Make sure we
+ * have no partial bytes lying around.
+ */
+ if (state != 0)
+ return (-1);
+ }
+
+ return (tarindex);
+}
blob - 900daeb490ae6ff5ba2170db3d9efaa5860afd21
blob + 2470c655df7c89371c533ac369286ebe27799447
--- db.h
+++ db.h
@@ -38,6 +38,24 @@
#define RECORD_COUNT 20
#define NEGATIVE_CACHE_TIME 600 /* DNS & Bind 3rd edition page 35 */
+#define INTERNAL_TYPE_SOA 0
+#define INTERNAL_TYPE_A 1
+#define INTERNAL_TYPE_AAAA 2
+#define INTERNAL_TYPE_MX 3
+#define INTERNAL_TYPE_NS 4
+#define INTERNAL_TYPE_CNAME 5
+#define INTERNAL_TYPE_PTR 6
+#define INTERNAL_TYPE_TXT 7
+#define INTERNAL_TYPE_SPF 8
+#define INTERNAL_TYPE_SRV 9
+#define INTERNAL_TYPE_SSHFP 10
+#define INTERNAL_TYPE_NAPTR 11
+#define INTERNAL_TYPE_DNSKEY 12
+#define INTERNAL_TYPE_DS 13
+#define INTERNAL_TYPE_NSEC 14
+#define INTERNAL_TYPE_RRSIG 15
+#define INTERNAL_TYPE_MAX 16
+
/* db stuff */
struct dnskey {
@@ -150,24 +168,13 @@ struct domain {
#define DOMAIN_HAVE_SPF 0x800
#define DOMAIN_HAVE_SSHFP 0x1000
#define DOMAIN_HAVE_NAPTR 0x2000
+#define DOMAIN_HAVE_DNSKEY 0x4000
+#define DOMAIN_HAVE_RRSIG 0x8000
+#define DOMAIN_HAVE_DS 0x10000
+#define DOMAIN_HAVE_NSEC 0x20000
struct soa soa; /* start of authority */
-#define INTERNAL_TYPE_SOA 0
-#define INTERNAL_TYPE_A 1
-#define INTERNAL_TYPE_AAAA 2
-#define INTERNAL_TYPE_MX 3
-#define INTERNAL_TYPE_NS 4
-#define INTERNAL_TYPE_CNAME 5
-#define INTERNAL_TYPE_PTR 6
-#define INTERNAL_TYPE_TXT 7
-#define INTERNAL_TYPE_SPF 8
-#define INTERNAL_TYPE_SRV 9
-#define INTERNAL_TYPE_SSHFP 10
-#define INTERNAL_TYPE_NAPTR 11
-#define INTERNAL_TYPE_DNSKEY 12
-#define INTERNAL_TYPE_DS 13
-#define INTERNAL_TYPE_NSEC 14
-#define INTERNAL_TYPE_MAX 15
- struct rrsig rrsig[INTERNAL_TYPE_MAX]; /* rrsig RR */
+ struct rrsig rrsig[INTERNAL_TYPE_MAX][RECORD_COUNT]; /* rrsig RR */
+ int rrsig_count; /* RRSIG count */
u_int32_t ttl[INTERNAL_TYPE_MAX]; /* time to lives */
time_t created; /* time created, for dynamic zones */
in_addr_t a[RECORD_COUNT]; /* IP addresses */
blob - 3836e6f39efc648b0d8e36647e2039c79e4c4738
blob + 9f36eda392b39f4ed7942a92b3df04b5c357254a
--- parse.y
+++ parse.y
@@ -37,6 +37,8 @@ extern int insert_recurse(char *, char *);
extern int insert_whitelist(char *, char *);
extern int insert_wildcard(char *, char *);
extern void slave_shutdown(void);
+extern int mybase64_encode(u_char const *, size_t, char *, size_t);
+extern int mybase64_decode(char const *, u_char *, size_t);
void yyerror(const char *);
extern int whitelist;
@@ -97,7 +99,7 @@ typedef struct {
#define YYSTYPE_IS_DECLARED 1
#endif
-static const char rcsid[] = "$Id: parse.y,v 1.2 2014/11/20 22:22:57 pjp Exp $";
+static const char rcsid[] = "$Id: parse.y,v 1.3 2014/11/21 09:04:41 pjp Exp $";
static int version = 0;
static int state = 0;
static uint8_t region = 0;
@@ -130,7 +132,8 @@ int fill_spf(char *, char *, int, char *);
int fill_sshfp(char *, char *, int, int, int, char *);
int fill_srv(char *, char *, int, int, int, int, char *);
int fill_txt(char *, char *, int, char *);
-int fill_rrsig(char *, char *, int, char *, int, int, int, int, int, int, char *, char *);
+int fill_dnskey(char *, char *, u_int32_t, u_int16_t, u_int8_t, u_int8_t, char *);
+int fill_rrsig(char *, char *, u_int32_t, char *, u_int8_t, u_int8_t, u_int32_t, u_int32_t, u_int32_t, u_int16_t, char *, char *);
int findeol(void);
int get_ip(char *, int);
@@ -153,7 +156,7 @@ int yyparse(void);
struct rrtab {
char *name;
u_int16_t type;
- int16_t rrsig;
+ int16_t internal_type;
} myrrtab[] = {
{ "a", DNS_TYPE_A, INTERNAL_TYPE_A } ,
{ "aaaa", DNS_TYPE_AAAA, INTERNAL_TYPE_AAAA },
@@ -549,6 +552,26 @@ zonestatement:
free ($17);
}
|
+ STRING COMMA STRING COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA QUOTEDSTRING CRLF
+ {
+ if (strcasecmp($3, "dnskey") == 0) {
+ if (fill_dnskey($1, $3, $5, $7, $9, $11, $13) < 0) {
+ return -1;
+ }
+
+ if (debug)
+ printf(" %s DNSKEY\n", $1);
+ } else {
+ if (debug)
+ printf("another dnskey like record I don't know?\n");
+ return (-1);
+ }
+
+ free ($1);
+ free ($3);
+ free ($13);
+ }
+ |
STRING COMMA STRING COMMA NUMBER COMMA STRING COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA NUMBER COMMA STRING COMMA QUOTEDSTRING CRLF
{
if (strcasecmp($3, "rrsig") == 0) {
@@ -1844,21 +1867,20 @@ fill_spf(char *name, char *type, int myttl, char *msg)
}
-/* first dnssec RR! */
-
-int
-fill_rrsig(char *name, char *type, int myttl, char *typecovered, int algorithm, int labels, int original_ttl, int sig_expiration, int sig_inception, int keytag, char *signers_name, char *signature)
+/* first two dnssec RRs! */
+int
+fill_dnskey(char *name, char *type, u_int32_t myttl, u_int16_t flags, u_int8_t protocol, u_int8_t algorithm, char *pubkey)
{
-#if 0
struct domain sdomain;
int converted_namelen;
char *converted_name;
+ int i, ret;
for (i = 0; i < strlen(name); i++) {
name[i] = tolower((int)name[i]);
}
- converted_name = check_rr(name, type, DNS_TYPE_RRSIG, &converted_namelen);
+ converted_name = check_rr(name, type, DNS_TYPE_DNSKEY, &converted_namelen);
if (converted_name == NULL) {
return -1;
}
@@ -1877,40 +1899,121 @@ fill_rrsig(char *name, char *type, int myttl, char *ty
memcpy(sdomain.zone, converted_name, converted_namelen);
sdomain.zonelen = converted_namelen;
- sdomain.ttl[INTERNAL_TYPE_RRSIG] = myttl;
+ sdomain.ttl[INTERNAL_TYPE_DNSKEY] = myttl;
- sdomain.naptr[sdomain.naptr_count].order = order;
- sdomain.naptr[sdomain.naptr_count].preference = preference;
+ sdomain.dnskey[sdomain.dnskey_count].flags = flags;
+ sdomain.dnskey[sdomain.dnskey_count].protocol = protocol;
+ sdomain.dnskey[sdomain.dnskey_count].algorithm = algorithm;
- memcpy(&sdomain.naptr[sdomain.naptr_count].flags, flags, flagslen);
- sdomain.naptr[sdomain.naptr_count].flagslen = flagslen;
+ /* feed our base64 key to the public key */
+ ret = mybase64_decode(pubkey, sdomain.dnskey[sdomain.dnskey_count].public_key, sizeof(sdomain.dnskey[sdomain.dnskey_count].public_key));
- memcpy(&sdomain.naptr[sdomain.naptr_count].services, services, serviceslen);
- sdomain.naptr[sdomain.naptr_count].serviceslen = serviceslen;
+ if (ret < 0)
+ return (-1);
- memcpy(&sdomain.naptr[sdomain.naptr_count].regexp, regexp, regexplen);
- sdomain.naptr[sdomain.naptr_count].regexplen = regexplen;
+ sdomain.dnskey[sdomain.dnskey_count].publickey_len = ret;
+
+ sdomain.dnskey_count++;
- naptrname = check_rr(replacement, type, DNS_TYPE_NAPTR, &naptr_namelen);
- if (naptrname == NULL) {
+ sdomain.flags |= DOMAIN_HAVE_DNSKEY;
+
+ set_record(&sdomain, converted_name, converted_namelen);
+
+ if (converted_name)
+ free (converted_name);
+
+ return (0);
+
+}
+
+int
+fill_rrsig(char *name, char *type, u_int32_t myttl, char *typecovered, u_int8_t algorithm, u_int8_t labels, u_int32_t original_ttl, u_int32_t sig_expiration, u_int32_t sig_inception, u_int16_t keytag, char *signers_name, char *signature)
+{
+ struct domain sdomain;
+ int converted_namelen, signers_namelen;
+ char *converted_name, *signers_name2;
+ struct rrtab *rr;
+ int i, ret;
+
+ for (i = 0; i < strlen(name); i++) {
+ name[i] = tolower((int)name[i]);
+ }
+
+ converted_name = check_rr(name, type, DNS_TYPE_RRSIG, &converted_namelen);
+ if (converted_name == NULL) {
return -1;
}
- memcpy(&sdomain.naptr[sdomain.naptr_count].replacement, naptrname, naptr_namelen);
- sdomain.naptr[sdomain.naptr_count].replacementlen = naptr_namelen;
+ memset(&sdomain, 0, sizeof(sdomain));
+ if (get_record(&sdomain, converted_name, converted_namelen) < 0) {
+ return (-1);
+ }
+
+#ifdef __linux__
+ strncpy((char *)sdomain.zonename, (char *)name, DNS_MAXNAME + 1);
+ sdomain.zonename[DNS_MAXNAME] = '\0';
+#else
+ strlcpy((char *)sdomain.zonename, (char *)name, DNS_MAXNAME + 1);
+#endif
+ memcpy(sdomain.zone, converted_name, converted_namelen);
+ sdomain.zonelen = converted_namelen;
+
+
+ if ((rr = rrlookup(typecovered)) == NULL) {
+ return (-1);
+ }
+
+ switch (rr->type) {
+ case DNS_TYPE_RRSIG:
+ fprintf(stderr, "can't RRSIG an RRSIG!\n");
+ return (-1);
+ break;
+ }
+
+ sdomain.ttl[rr->internal_type] = myttl;
+
+ sdomain.rrsig[rr->internal_type][sdomain.rrsig_count].type_covered = rr->type;
+ sdomain.rrsig[rr->internal_type][sdomain.rrsig_count].algorithm = algorithm;
+
+ if (sdomain.ttl[rr->internal_type] != original_ttl) {
+ return (-1);
+ }
+
+ sdomain.rrsig[rr->internal_type][sdomain.rrsig_count].original_ttl = original_ttl;
+ sdomain.rrsig[rr->internal_type][sdomain.rrsig_count].signature_expiration = sig_expiration;
+ sdomain.rrsig[rr->internal_type][sdomain.rrsig_count].signature_inception = sig_inception;
+ sdomain.rrsig[rr->internal_type][sdomain.rrsig_count].key_tag = keytag;
+
+ signers_name2 = check_rr(signers_name, type, DNS_TYPE_RRSIG, &signers_namelen);
+ if (signers_name2 == NULL) {
+ return (-1);
+ }
+
- sdomain.naptr_count++;
+ memcpy(sdomain.rrsig[rr->internal_type][sdomain.rrsig_count].signers_name, signers_name2, signers_namelen);
+ sdomain.rrsig[rr->internal_type][sdomain.rrsig_count].signame_len = signers_namelen;
- sdomain.flags |= DOMAIN_HAVE_NAPTR;
+
+ /* feed our base64 key the signature */
+ ret = mybase64_decode(signature, sdomain.rrsig[rr->internal_type][sdomain.rrsig_count].signature, sizeof(sdomain.rrsig[rr->internal_type][sdomain.rrsig_count].signature));
+ if (ret < 0)
+ return (-1);
+
+ sdomain.rrsig[rr->internal_type][sdomain.rrsig_count].signature_len = ret;
+
+
+ sdomain.rrsig_count++;
+
+ sdomain.flags |= DOMAIN_HAVE_RRSIG;
+
set_record(&sdomain, converted_name, converted_namelen);
- if (naptrname)
- free (naptrname);
+ if (signers_name2)
+ free (signers_name2);
if (converted_name)
free (converted_name);
-#endif
return (0);
repomaster@centroid.eu