Commit Diff
Diff:
edd0c5fa7d89f7c01f4f97a1ff2c49348c5a5b40
ebd28fc68c5efe11c6c2a42d1f517f6f4019a936
Commit:
ebd28fc68c5efe11c6c2a42d1f517f6f4019a936
Tree:
e7f966c227b479d37a6f5dc8866aa4e95c87d51d
Author:
pjp <pjp@delphinusdns.org>
Committer:
pjp <pjp@delphinusdns.org>
Date:
Thu Dec 29 17:40:45 2016 UTC
Message:
* create sign_nsec3 - based on sign_nsec3param() * fix/modify sign_nsec3param() to fix the RDATA section * fix label_count() since this was based on another function it should be re- visited * change output of print_sd() to print out period terminated hostnames. With this change the output of dd-convert.c equals the output of dd-convert.rb when used on the current centroid.eu zone. Both outputs should be run through the following commands to be equal: cat centroid.eu.signed | sed -n '3,$p' | tr '[A-Z]' '[a-z]' | sort | md5
blob - de8640758fc5bcb7769263e0b3a552b473220b93
blob + 9eaa94e251e4a367cafb9da39cd60e0469fc9adc
--- dd-convert.c
+++ dd-convert.c
@@ -57,8 +57,9 @@ int sign_cname(DB *, char *, char *, int, struct doma
int sign_soa(DB *, char *, char *, int, struct domain *);
int sign_txt(DB *, char *, char *, int, struct domain *);
int sign_aaaa(DB *, char *, char *, int, struct domain *);
-int sign_nsec3param(DB *, char *, char *, int, struct domain *);
int sign_ptr(DB *, char *, char *, int, struct domain *);
+int sign_nsec3(DB *, char *, char *, int, struct domain *);
+int sign_nsec3param(DB *, char *, char *, int, struct domain *);
u_int keytag(u_char *key, u_int keysize);
void pack(char *, char *, int);
void pack32(char *, u_int32_t);
@@ -133,7 +134,7 @@ main(int argc, char *argv[])
int ch;
int ret, bits = 2048;
- int ttl = 86400;
+ int ttl = 3600;
int create_zsk = 0;
int create_ksk = 0;
int algorithm = ALGORITHM_RSASHA256;
@@ -563,6 +564,9 @@ dump_db(DB *db, FILE *of, char *zonename)
int labellen;
int lzerrno, retval;
+ fprintf(of, "; this file is automatically generated, do NOT edit\n");
+ fprintf(of, "; it was generated by dd-convert.c\n");
+
fprintf(of, "zone \"%s\" {\n", zonename);
dnsname = dns_label(zonename, &labellen);
@@ -922,6 +926,9 @@ calculate_rrsigs(DB *db, char *zonename, char *zsk_key
if (sd->flags & DOMAIN_HAVE_AAAA)
if (sign_aaaa(db, zonename, zsk_key, expiry, sd) < 0)
return -1;
+ if (sd->flags & DOMAIN_HAVE_NSEC3)
+ if (sign_nsec3(db, zonename, zsk_key, expiry, sd) < 0)
+ return -1;
if (sd->flags & DOMAIN_HAVE_NSEC3PARAM)
if (sign_nsec3param(db, zonename, zsk_key, expiry, sd) < 0)
return -1;
@@ -1041,7 +1048,7 @@ sign_soa(DB *db, char *zonename, char *zsk_key, int ex
return -1;
}
- labels = label_count(sd->zonename);
+ labels = label_count(sd->zone);
if (labels < 0) {
dolog(LOG_INFO, "label_count");
return -1;
@@ -1287,7 +1294,7 @@ sign_txt(DB *db, char *zonename, char *zsk_key, int ex
return -1;
}
- labels = label_count(sd->zonename);
+ labels = label_count(sd->zone);
if (labels < 0) {
dolog(LOG_INFO, "label_count");
return -1;
@@ -1520,7 +1527,7 @@ sign_aaaa(DB *db, char *zonename, char *zsk_key, int e
return -1;
}
- labels = label_count(sd->zonename);
+ labels = label_count(sd->zone);
if (labels < 0) {
dolog(LOG_INFO, "label_count");
return -1;
@@ -1653,7 +1660,261 @@ sign_aaaa(DB *db, char *zonename, char *zsk_key, int e
return 0;
}
+/*
+ * create a RRSIG for an NSEC3 record
+ */
+int
+sign_nsec3(DB *db, char *zonename, char *zsk_key, int expiry, struct domain *sd)
+{
+ struct domain_nsec3 *sdnsec3;
+
+ char tmp[4096];
+ char signature[4096];
+ char buf[512];
+ char shabuf[64];
+
+ SHA_CTX sha1;
+ SHA256_CTX sha256;
+ SHA512_CTX sha512;
+
+ char *dnsname;
+ char *p;
+ char *key;
+ char *zone;
+
+ uint32_t ttl;
+ uint16_t flags;
+ uint8_t protocol;
+ uint8_t algorithm;
+
+ int labellen;
+ int keyid;
+ int fd, len;
+ int keylen, siglen;
+ int rsatype;
+ int bufsize;
+ int labels;
+
+ RSA *rsa;
+ time_t now;
+
+ char timebuf[32];
+ u_int64_t expiredon, signedon;
+ struct tm *tm;
+ u_int32_t expiredon2, signedon2;
+
+ memset(&shabuf, 0, sizeof(shabuf));
+
+ now = time(NULL);
+ tm = gmtime(&now);
+ strftime(timebuf, sizeof(timebuf), "%Y%m%d%H%M%S", tm);
+ signedon = atoll(timebuf);
+ now += expiry;
+ tm = gmtime(&now);
+ strftime(timebuf, sizeof(timebuf), "%Y%m%d%H%M%S", tm);
+ expiredon = atoll(timebuf);
+
+#if PROVIDED_SIGNTIME
+ signedon = SIGNEDON;
+ expiredon = EXPIREDON;
+#endif
+
+
+ key = malloc(10 * 4096);
+ if (key == NULL) {
+ dolog(LOG_INFO, "out of memory\n");
+ return -1;
+ }
+
+ /* get the ZSK */
+ snprintf(buf, sizeof(buf), "%s.key", zsk_key);
+ if ((fd = open(buf, O_RDONLY, 0)) < 0) {
+ dolog(LOG_INFO, "open %s: %s\n", buf, strerror(errno));
+ return -1;
+ }
+
+ if ((zone = parse_keyfile(fd, &ttl, &flags, &protocol, &algorithm, (char *)&tmp, &keyid)) == NULL) {
+ dolog(LOG_INFO, "parse %s\n", buf);
+ close (fd);
+ return -1;
+ }
+
+ close(fd);
+
+ /* check the keytag supplied */
+ p = key;
+ pack16(p, htons(flags));
+ p += 2;
+ pack8(p, protocol);
+ p++;
+ pack8(p, algorithm);
+ p++;
+ keylen = mybase64_decode(tmp, (char *)&signature, sizeof(signature));
+ pack(p, signature, keylen);
+ p += keylen;
+ keylen = (p - key);
+ if (keyid != keytag(key, keylen)) {
+ dolog(LOG_ERR, "keytag does not match %d vs. %d\n", keyid, keytag(key, keylen));
+ return -1;
+ }
+
+ labels = label_count(sd->zone);
+ if (labels < 0) {
+ dolog(LOG_INFO, "label_count");
+ return -1;
+ }
+
+ dnsname = dns_label(zonename, &labellen);
+ if (dnsname == NULL)
+ return -1;
+
+ if (sd->flags & DOMAIN_HAVE_NSEC3) {
+ if ((sdnsec3 = (struct domain_nsec3 *)find_substruct(sd, INTERNAL_TYPE_NSEC3)) == NULL) {
+ dolog(LOG_INFO, "no NSEC3 records but have flags!\n");
+ return -1;
+ }
+ }
+
+ p = key;
+
+ pack16(p, htons(DNS_TYPE_NSEC3));
+ p += 2;
+ pack8(p, algorithm);
+ p++;
+ pack8(p, labels);
+ p++;
+ pack32(p, htonl(sd->ttl[INTERNAL_TYPE_NSEC3]));
+ p += 4;
+
+ snprintf(timebuf, sizeof(timebuf), "%lld", expiredon);
+ strptime(timebuf, "%Y%m%d%H%M%S", tm);
+ expiredon2 = timegm(tm);
+ snprintf(timebuf, sizeof(timebuf), "%lld", signedon);
+ strptime(timebuf, "%Y%m%d%H%M%S", tm);
+ signedon2 = timegm(tm);
+
+ pack32(p, htonl(expiredon2));
+ p += 4;
+ pack32(p, htonl(signedon2));
+ p += 4;
+ pack16(p, htons(keyid));
+ p += 2;
+ pack(p, dnsname, labellen);
+ p += labellen;
+
+ /* no signature here */
+ /* XXX this should probably be done on a canonical sorted records */
+
+ pack(p, sd->zone, sd->zonelen);
+ p += sd->zonelen;
+
+ pack16(p, htons(DNS_TYPE_NSEC3));
+ p += 2;
+ pack16(p, htons(DNS_CLASS_IN));
+ p += 2;
+ pack32(p, htonl(sd->ttl[INTERNAL_TYPE_NSEC3]));
+ p += 4;
+ pack16(p, htons(1 + 1 + 2 + 1 + sdnsec3->nsec3.saltlen + 1 + sdnsec3->nsec3.nextlen + sdnsec3->nsec3.bitmap_len));
+ p += 2;
+ pack8(p, sdnsec3->nsec3.algorithm);
+ p++;
+ pack8(p, sdnsec3->nsec3.flags);
+ p++;
+ pack16(p, htons(sdnsec3->nsec3.iterations));
+ p += 2;
+
+ pack8(p, sdnsec3->nsec3.saltlen);
+ p++;
+
+ if (sdnsec3->nsec3.saltlen) {
+ pack(p, sdnsec3->nsec3.salt, sdnsec3->nsec3.saltlen);
+ p += sdnsec3->nsec3.saltlen;
+ }
+
+ pack8(p, sdnsec3->nsec3.nextlen);
+ p++;
+ pack(p, sdnsec3->nsec3.next, sdnsec3->nsec3.nextlen);
+ p += sdnsec3->nsec3.nextlen;
+ pack(p, sdnsec3->nsec3.bitmap, sdnsec3->nsec3.bitmap_len);
+ p += sdnsec3->nsec3.bitmap_len;
+
+ keylen = (p - key);
+
+#if 0
+ {
+ int i;
+ fd = open("bindump.bin", O_WRONLY | O_CREAT | O_TRUNC, 0600);
+ for (i = 0; i < keylen; i++) {
+ write(fd, (char *)&key[i], 1);
+ }
+ close(fd);
+ }
+
+#endif
+
+ switch (algorithm) {
+ case ALGORITHM_RSASHA1:
+ SHA1_Init(&sha1);
+ SHA1_Update(&sha1, key, keylen);
+ SHA1_Final((u_char *)shabuf, &sha1);
+ bufsize = 20;
+ break;
+ case ALGORITHM_RSASHA256:
+ SHA256_Init(&sha256);
+ SHA256_Update(&sha256, key, keylen);
+ SHA256_Final((u_char *)shabuf, &sha256);
+ bufsize = 32;
+
+#if 0
+ printf("keylen = %d\n", keylen);
+ fd = open("bindump-sha256.bin", O_WRONLY | O_CREAT | O_TRUNC, 0600);
+ for (i = 0; i < bufsize; i++) {
+ write(fd, (char *)&shabuf[i], 1);
+ }
+ close(fd);
+#endif
+
+ break;
+ case ALGORITHM_RSASHA512:
+ SHA512_Init(&sha512);
+ SHA512_Update(&sha512, &key, keylen);
+ SHA512_Final((u_char *)shabuf, &sha512);
+ bufsize = 64;
+ break;
+ default:
+ return -1;
+ }
+
+ rsa = read_private_key(zonename, keyid, algorithm);
+ if (rsa == NULL) {
+ dolog(LOG_INFO, "reading private key failed\n");
+ return -1;
+ }
+
+ rsatype = alg_to_rsa(algorithm);
+ if (rsatype == -1) {
+ dolog(LOG_INFO, "algorithm mismatch\n");
+ return -1;
+ }
+
+ if (RSA_sign(rsatype, (u_char *)shabuf, bufsize, (u_char *)signature, &siglen, rsa) != 1) {
+ dolog(LOG_INFO, "unable to sign with algorithm %d: %s\n", algorithm, ERR_error_string(ERR_get_error(), NULL));
+ return -1;
+ }
+
+ len = mybase64_encode(signature, siglen, tmp, sizeof(tmp));
+ tmp[len] = '\0';
+
+ if (fill_rrsig(sd->zonename, "RRSIG", sd->ttl[INTERNAL_TYPE_NSEC3], "NSEC3", algorithm, labels, sd->ttl[INTERNAL_TYPE_NSEC3], expiredon, signedon, keyid, zonename, tmp) < 0) {
+ dolog(LOG_INFO, "fill_rrsig\n");
+ return -1;
+ }
+
+ return 0;
+}
+
+
/*
* create a RRSIG for an NSEC3PARAM record
*/
@@ -1753,7 +2014,7 @@ sign_nsec3param(DB *db, char *zonename, char *zsk_key,
return -1;
}
- labels = label_count(sd->zonename);
+ labels = label_count(sd->zone);
if (labels < 0) {
dolog(LOG_INFO, "label_count");
return -1;
@@ -1808,10 +2069,7 @@ sign_nsec3param(DB *db, char *zonename, char *zsk_key,
p += 2;
pack32(p, htonl(sd->ttl[INTERNAL_TYPE_NSEC3PARAM]));
p += 4;
- if (sdnsec3->nsec3param.saltlen)
- pack16(p, htons(1 + 1 + 2 + sdnsec3->nsec3param.saltlen));
- else
- pack16(p, htons(1 + 1 + 2 + 1));
+ pack16(p, htons(1 + 1 + 2 + 1 + sdnsec3->nsec3param.saltlen));
p += 2;
pack8(p, sdnsec3->nsec3param.algorithm);
p++;
@@ -1819,15 +2077,15 @@ sign_nsec3param(DB *db, char *zonename, char *zsk_key,
p++;
pack16(p, htons(sdnsec3->nsec3param.iterations));
p += 2;
+
+ pack8(p, sdnsec3->nsec3param.saltlen);
+ p++;
if (sdnsec3->nsec3param.saltlen) {
pack(p, sdnsec3->nsec3param.salt, sdnsec3->nsec3param.saltlen);
p += sdnsec3->nsec3param.saltlen;
- } else {
- pack(p, sdnsec3->nsec3param.salt, 1);
- p++;
- }
-
+ }
+
keylen = (p - key);
#if 0
@@ -1895,7 +2153,7 @@ sign_nsec3param(DB *db, char *zonename, char *zsk_key,
len = mybase64_encode(signature, siglen, tmp, sizeof(tmp));
tmp[len] = '\0';
- if (fill_rrsig(sd->zonename, "RRSIG", sd->ttl[INTERNAL_TYPE_NSEC3PARAM], "NSEC3PARAM", algorithm, labels, sd->ttl[INTERNAL_TYPE_NSEC3PARAM], expiredon, signedon, keyid, zonename, tmp) < 0) {
+ if (fill_rrsig(sd->zonename, "RRSIG", 0, "NSEC3PARAM", algorithm, labels, 0, expiredon, signedon, keyid, zonename, tmp) < 0) {
dolog(LOG_INFO, "fill_rrsig\n");
return -1;
}
@@ -2002,7 +2260,7 @@ sign_spf(DB *db, char *zonename, char *zsk_key, int ex
return -1;
}
- labels = label_count(sd->zonename);
+ labels = label_count(sd->zone);
if (labels < 0) {
dolog(LOG_INFO, "label_count");
return -1;
@@ -2236,7 +2494,7 @@ sign_cname(DB *db, char *zonename, char *zsk_key, int
return -1;
}
- labels = label_count(sd->zonename);
+ labels = label_count(sd->zone);
if (labels < 0) {
dolog(LOG_INFO, "label_count");
return -1;
@@ -2467,7 +2725,7 @@ sign_ptr(DB *db, char *zonename, char *zsk_key, int ex
return -1;
}
- labels = label_count(sd->zonename);
+ labels = label_count(sd->zone);
if (labels < 0) {
dolog(LOG_INFO, "label_count");
return -1;
@@ -2700,7 +2958,7 @@ sign_ns(DB *db, char *zonename, char *zsk_key, int exp
return -1;
}
- labels = label_count(sd->zonename);
+ labels = label_count(sd->zone);
if (labels < 0) {
dolog(LOG_INFO, "label_count");
return -1;
@@ -2932,7 +3190,7 @@ sign_mx(DB *db, char *zonename, char *zsk_key, int exp
return -1;
}
- labels = label_count(sd->zonename);
+ labels = label_count(sd->zone);
if (labels < 0) {
dolog(LOG_INFO, "label_count");
return -1;
@@ -3167,7 +3425,7 @@ sign_a(DB *db, char *zonename, char *zsk_key, int expi
return -1;
}
- labels = label_count(sd->zonename);
+ labels = label_count(sd->zone);
if (labels < 0) {
dolog(LOG_INFO, "label_count");
return -1;
@@ -3319,7 +3577,7 @@ sign_dnskey(DB *db, char *zonename, char *zsk_key, cha
char *key;
char *zone;
- uint32_t ttl;
+ uint32_t ttl = 3600;
uint16_t flags;
uint8_t protocol;
uint8_t algorithm;
@@ -3395,7 +3653,7 @@ sign_dnskey(DB *db, char *zonename, char *zsk_key, cha
return -1;
}
- labels = label_count(sd->zonename);
+ labels = label_count(sd->zone);
if (labels < 0) {
dolog(LOG_INFO, "label_count");
return -1;
@@ -3525,10 +3783,16 @@ sign_dnskey(DB *db, char *zonename, char *zsk_key, cha
len = mybase64_encode(signature, siglen, tmp, sizeof(tmp));
tmp[len] = '\0';
+#if 0
if (fill_rrsig(sd->zonename, "RRSIG", ttl, "DNSKEY", algorithm, labels, sd->ttl[INTERNAL_TYPE_DNSKEY], expiredon, signedon, keyid, zonename, tmp) < 0) {
dolog(LOG_INFO, "fill_rrsig\n");
return -1;
}
+#endif
+ if (fill_rrsig(sd->zonename, "RRSIG", ttl, "DNSKEY", algorithm, labels, ttl, expiredon, signedon, keyid, zonename, tmp) < 0) {
+ dolog(LOG_INFO, "fill_rrsig\n");
+ return -1;
+ }
/* now work out the ZSK */
snprintf(buf, sizeof(buf), "%s.key", zsk_key);
@@ -3562,7 +3826,7 @@ sign_dnskey(DB *db, char *zonename, char *zsk_key, cha
return -1;
}
- labels = label_count(sd->zonename);
+ labels = label_count(sd->zone);
if (labels < 0) {
dolog(LOG_INFO, "label_count");
return -1;
@@ -3692,10 +3956,16 @@ sign_dnskey(DB *db, char *zonename, char *zsk_key, cha
len = mybase64_encode(signature, siglen, tmp, sizeof(tmp));
tmp[len] = '\0';
+#if 0
if (fill_rrsig(sd->zonename, "RRSIG", ttl, "DNSKEY", algorithm, labels, sd->ttl[INTERNAL_TYPE_DNSKEY], expiredon, signedon, keyid, zonename, tmp) < 0) {
dolog(LOG_INFO, "fill_rrsig\n");
return -1;
}
+#endif
+ if (fill_rrsig(sd->zonename, "RRSIG", ttl, "DNSKEY", algorithm, labels, ttl, expiredon, signedon, keyid, zonename, tmp) < 0) {
+ dolog(LOG_INFO, "fill_rrsig\n");
+ return -1;
+ }
return 0;
}
@@ -4221,7 +4491,7 @@ print_sd(FILE *of, struct domain *sdomain)
return -1;
}
fprintf(of, " %s,soa,%d,%s,%s,%d,%d,%d,%d,%d\n",
- sdomain->zonename,
+ convert_name(sdomain->zone, sdomain->zonelen),
sdomain->ttl[INTERNAL_TYPE_SOA],
convert_name(sdsoa->soa.nsserver, sdsoa->soa.nsserver_len),
convert_name(sdsoa->soa.responsible_person, sdsoa->soa.rp_len),
@@ -4235,7 +4505,7 @@ print_sd(FILE *of, struct domain *sdomain)
}
for (i = 0; i < sdns->ns_count; i++) {
fprintf(of, " %s,ns,%d,%s\n",
- sdomain->zonename,
+ convert_name(sdomain->zone, sdomain->zonelen),
sdomain->ttl[INTERNAL_TYPE_NS],
convert_name(sdns->ns[i].nsserver, sdns->ns[i].nslen));
}
@@ -4247,7 +4517,7 @@ print_sd(FILE *of, struct domain *sdomain)
}
for (i = 0; i < sdmx->mx_count; i++) {
fprintf(of, " %s,mx,%d,%d,%s\n",
- sdomain->zonename,
+ convert_name(sdomain->zone, sdomain->zonelen),
sdomain->ttl[INTERNAL_TYPE_MX],
sdmx->mx[i].preference,
convert_name(sdmx->mx[i].exchange, sdmx->mx[i].exchangelen));
@@ -4259,7 +4529,7 @@ print_sd(FILE *of, struct domain *sdomain)
return -1;
}
fprintf(of, " %s,cname,%d,%s\n",
- sdomain->zonename,
+ convert_name(sdomain->zone, sdomain->zonelen),
sdomain->ttl[INTERNAL_TYPE_CNAME],
convert_name(sdcname->cname, sdcname->cnamelen));
}
@@ -4269,7 +4539,7 @@ print_sd(FILE *of, struct domain *sdomain)
return -1;
}
fprintf(of, " %s,spf,%d,\"",
- sdomain->zonename,
+ convert_name(sdomain->zone, sdomain->zonelen),
sdomain->ttl[INTERNAL_TYPE_SPF]);
for (i = 0; i < sdspf->spflen; i++) {
fprintf(of, "%c", sdspf->spf[i]);
@@ -4282,7 +4552,7 @@ print_sd(FILE *of, struct domain *sdomain)
return -1;
}
fprintf(of, " %s,txt,%d,\"",
- sdomain->zonename,
+ convert_name(sdomain->zone, sdomain->zonelen),
sdomain->ttl[INTERNAL_TYPE_TXT]);
for (i = 0; i < sdtxt->txtlen; i++) {
fprintf(of, "%c", sdtxt->txt[i]);
@@ -4295,7 +4565,7 @@ print_sd(FILE *of, struct domain *sdomain)
return -1;
}
fprintf(of, " %s,ptr,%d,%s\n",
- sdomain->zonename,
+ convert_name(sdomain->zone, sdomain->zonelen),
sdomain->ttl[INTERNAL_TYPE_PTR],
convert_name(sdptr->ptr, sdptr->ptrlen));
}
@@ -4307,7 +4577,7 @@ print_sd(FILE *of, struct domain *sdomain)
for (i = 0; i < sda->a_count; i++) {
inet_ntop(AF_INET, &sda->a[i], buf, sizeof(buf));
fprintf(of, " %s,a,%d,%s\n",
- sdomain->zonename,
+ convert_name(sdomain->zone, sdomain->zonelen),
sdomain->ttl[INTERNAL_TYPE_A],
buf);
}
@@ -4320,7 +4590,7 @@ print_sd(FILE *of, struct domain *sdomain)
for (i = 0; i < sdaaaa->aaaa_count; i++) {
inet_ntop(AF_INET6, &sdaaaa->aaaa[i], buf, sizeof(buf));
fprintf(of, " %s,aaaa,%d,%s\n",
- sdomain->zonename,
+ convert_name(sdomain->zone, sdomain->zonelen),
sdomain->ttl[INTERNAL_TYPE_AAAA],
buf);
}
@@ -4336,8 +4606,8 @@ print_sd(FILE *of, struct domain *sdomain)
for (i = 0; i < sddk->dnskey_count; i++) {
len = mybase64_encode(sddk->dnskey[i].public_key, sddk->dnskey[i].publickey_len, buf, sizeof(buf));
buf[len] = '\0';
- fprintf(of, " %s,dnskey,%d,%d,%d,%d,%s\n",
- sdomain->zonename,
+ fprintf(of, " %s,dnskey,%d,%d,%d,%d,\"%s\"\n",
+ convert_name(sdomain->zone, sdomain->zonelen),
sdomain->ttl[INTERNAL_TYPE_DNSKEY],
sddk->dnskey[i].flags,
sddk->dnskey[i].protocol,
@@ -4354,9 +4624,8 @@ print_sd(FILE *of, struct domain *sdomain)
return -1;
}
- fprintf(of, " %s,nsec3param,%d,%d,%d,%d,\"%s\"\n",
- sdomain->zonename,
- sdomain->ttl[INTERNAL_TYPE_NSEC3PARAM],
+ fprintf(of, " %s,nsec3param,0,%d,%d,%d,\"%s\"\n",
+ convert_name(sdomain->zone, sdomain->zonelen),
sdn3param->nsec3param.algorithm,
sdn3param->nsec3param.flags,
sdn3param->nsec3param.iterations,
@@ -4372,7 +4641,7 @@ print_sd(FILE *of, struct domain *sdomain)
}
fprintf(of, " %s,nsec3,%d,%d,%d,%d,\"%s\",\"%s\",\"%s\"\n",
- sdomain->zonename,
+ convert_name(sdomain->zone, sdomain->zonelen),
sdomain->ttl[INTERNAL_TYPE_NSEC3],
sdn3->nsec3.algorithm,
sdn3->nsec3.flags,
@@ -4399,8 +4668,8 @@ print_sd(FILE *of, struct domain *sdomain)
buf[len] = '\0';
fprintf(of, " %s,rrsig,%d,%s,%d,%d,%d,%llu,%llu,%d,%s,\"%s\"\n",
- sdomain->zonename,
- sdomain->ttl[INTERNAL_TYPE_RRSIG],
+ convert_name(sdomain->zone, sdomain->zonelen),
+ sdomain->ttl[INTERNAL_TYPE_DNSKEY],
get_dns_type(rss->type_covered, 0),
rss->algorithm, rss->labels,
rss->original_ttl,
@@ -4417,7 +4686,7 @@ print_sd(FILE *of, struct domain *sdomain)
buf[len] = '\0';
fprintf(of, " %s,rrsig,%d,%s,%d,%d,%d,%llu,%llu,%d,%s,\"%s\"\n",
- sdomain->zonename,
+ convert_name(sdomain->zone, sdomain->zonelen),
sdomain->ttl[INTERNAL_TYPE_RRSIG],
get_dns_type(rss->type_covered, 0),
rss->algorithm, rss->labels,
@@ -4435,7 +4704,7 @@ print_sd(FILE *of, struct domain *sdomain)
buf[len] = '\0';
fprintf(of, " %s,rrsig,%d,%s,%d,%d,%d,%llu,%llu,%d,%s,\"%s\"\n",
- sdomain->zonename,
+ convert_name(sdomain->zone, sdomain->zonelen),
sdomain->ttl[INTERNAL_TYPE_RRSIG],
get_dns_type(rss->type_covered, 0),
rss->algorithm, rss->labels,
@@ -4453,7 +4722,7 @@ print_sd(FILE *of, struct domain *sdomain)
buf[len] = '\0';
fprintf(of, " %s,rrsig,%d,%s,%d,%d,%d,%llu,%llu,%d,%s,\"%s\"\n",
- sdomain->zonename,
+ convert_name(sdomain->zone, sdomain->zonelen),
sdomain->ttl[INTERNAL_TYPE_RRSIG],
get_dns_type(rss->type_covered, 0),
rss->algorithm, rss->labels,
@@ -4465,13 +4734,13 @@ print_sd(FILE *of, struct domain *sdomain)
buf);
}
- if (sdomain->flags & DOMAIN_HAVE_NSEC3PARAM) {
- rss = (struct rrsig *)&sdrr->rrsig[INTERNAL_TYPE_NSEC3PARAM];
+ if (sdomain->flags & DOMAIN_HAVE_NSEC3) {
+ rss = (struct rrsig *)&sdrr->rrsig[INTERNAL_TYPE_NSEC3];
len = mybase64_encode(rss->signature, rss->signature_len, buf, sizeof(buf));
buf[len] = '\0';
fprintf(of, " %s,rrsig,%d,%s,%d,%d,%d,%llu,%llu,%d,%s,\"%s\"\n",
- sdomain->zonename,
+ convert_name(sdomain->zone,sdomain->zonelen),
sdomain->ttl[INTERNAL_TYPE_RRSIG],
get_dns_type(rss->type_covered, 0),
rss->algorithm, rss->labels,
@@ -4483,13 +4752,31 @@ print_sd(FILE *of, struct domain *sdomain)
buf);
}
+
+ if (sdomain->flags & DOMAIN_HAVE_NSEC3PARAM) {
+ rss = (struct rrsig *)&sdrr->rrsig[INTERNAL_TYPE_NSEC3PARAM];
+ len = mybase64_encode(rss->signature, rss->signature_len, buf, sizeof(buf));
+ buf[len] = '\0';
+
+ fprintf(of, " %s,rrsig,0,%s,%d,%d,%d,%llu,%llu,%d,%s,\"%s\"\n",
+ convert_name(sdomain->zone, sdomain->zonelen),
+ get_dns_type(rss->type_covered, 0),
+ rss->algorithm, rss->labels,
+ 0, /* original ttl */
+ timethuman(rss->signature_expiration),
+ timethuman(rss->signature_inception),
+ rss->key_tag,
+ convert_name(rss->signers_name, rss->signame_len),
+ buf);
+ }
+
if (sdomain->flags & DOMAIN_HAVE_SPF) {
rss = (struct rrsig *)&sdrr->rrsig[INTERNAL_TYPE_SPF];
len = mybase64_encode(rss->signature, rss->signature_len, buf, sizeof(buf));
buf[len] = '\0';
fprintf(of, " %s,rrsig,%d,%s,%d,%d,%d,%llu,%llu,%d,%s,\"%s\"\n",
- sdomain->zonename,
+ convert_name(sdomain->zone, sdomain->zonelen),
sdomain->ttl[INTERNAL_TYPE_RRSIG],
get_dns_type(rss->type_covered, 0),
rss->algorithm, rss->labels,
@@ -4508,7 +4795,7 @@ print_sd(FILE *of, struct domain *sdomain)
buf[len] = '\0';
fprintf(of, " %s,rrsig,%d,%s,%d,%d,%d,%llu,%llu,%d,%s,\"%s\"\n",
- sdomain->zonename,
+ convert_name(sdomain->zone, sdomain->zonelen),
sdomain->ttl[INTERNAL_TYPE_RRSIG],
get_dns_type(rss->type_covered, 0),
rss->algorithm, rss->labels,
@@ -4526,7 +4813,7 @@ print_sd(FILE *of, struct domain *sdomain)
buf[len] = '\0';
fprintf(of, " %s,rrsig,%d,%s,%d,%d,%d,%llu,%llu,%d,%s,\"%s\"\n",
- sdomain->zonename,
+ convert_name(sdomain->zone, sdomain->zonelen),
sdomain->ttl[INTERNAL_TYPE_RRSIG],
get_dns_type(rss->type_covered, 0),
rss->algorithm, rss->labels,
@@ -4546,7 +4833,7 @@ print_sd(FILE *of, struct domain *sdomain)
buf[len] = '\0';
fprintf(of, " %s,rrsig,%d,%s,%d,%d,%d,%llu,%llu,%d,%s,\"%s\"\n",
- sdomain->zonename,
+ convert_name(sdomain->zone, sdomain->zonelen),
sdomain->ttl[INTERNAL_TYPE_RRSIG],
get_dns_type(rss->type_covered, 0),
rss->algorithm, rss->labels,
@@ -4564,7 +4851,7 @@ print_sd(FILE *of, struct domain *sdomain)
buf[len] = '\0';
fprintf(of, " %s,rrsig,%d,%s,%d,%d,%d,%llu,%llu,%d,%s,\"%s\"\n",
- sdomain->zonename,
+ convert_name(sdomain->zone, sdomain->zonelen),
sdomain->ttl[INTERNAL_TYPE_RRSIG],
get_dns_type(rss->type_covered, 0),
rss->algorithm, rss->labels,
@@ -4582,7 +4869,7 @@ print_sd(FILE *of, struct domain *sdomain)
buf[len] = '\0';
fprintf(of, " %s,rrsig,%d,%s,%d,%d,%d,%llu,%llu,%d,%s,\"%s\"\n",
- sdomain->zonename,
+ convert_name(sdomain->zone, sdomain->zonelen),
sdomain->ttl[INTERNAL_TYPE_RRSIG],
get_dns_type(rss->type_covered, 0),
rss->algorithm, rss->labels,
blob - 0b73efcb25eb3f9510a4646065c3eb37e48309f7
blob + 298d614c0f19e7c71b4e8546f361b53af536ced6
--- util.c
+++ util.c
@@ -79,30 +79,24 @@ struct typetable {
};
/*
- * LABEL_COUNT - count the labels and return that number, based on dns_label()
+ * LABEL_COUNT - count the labels and return that number
*/
int
label_count(char *name)
{
- char *labels[255];
- char **pl;
int lc = 0;
- char tname[DNS_MAXNAME + 1]; /* 255 bytes + 1*/
- char *pt = &tname[0];
+ char *p;
if (name == NULL)
return -1;
-#if __linux__
- strncpy(tname, name, sizeof(tname));
- tname[sizeof(tname) - 1] = 0;
-#else
- strlcpy(tname, name, sizeof(tname));
-#endif
+ p = name;
+ while (*p != '\0') {
+ lc++;
+ p += (*p + 1);
+ }
- for (pl=labels;pl<&labels[254]&&(*pl=strsep(&pt,"."))!= NULL;pl++,lc++);
-
return (lc);
}
@@ -120,7 +114,7 @@ dns_label(char *name, int *returnlen)
char *dnslabel, *p;
char *labels[255];
char **pl;
- char tname[DNS_MAXNAME + 1]; /* 255 bytes + 1*/
+ static char tname[DNS_MAXNAME + 1]; /* 255 bytes + 1*/
char *pt = &tname[0];
repomaster@centroid.eu