1 /*------------------------------------------------------------------------------ 2 * 3 * Copyright (c) 2011-2021, EURid vzw. All rights reserved. 4 * The YADIFA TM software product is provided under the BSD 3-clause license: 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * * Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * * Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * * Neither the name of EURid nor the names of its contributors may be 16 * used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 23 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 * 31 *------------------------------------------------------------------------------ 32 * 33 */ 34 35 /** @defgroup nsec NSEC functions 36 * @ingroup dnsdbdnssec 37 * @brief 38 * 39 * 40 * 41 * @{ 42 * 43 *----------------------------------------------------------------------------*/ 44 #ifndef _NSEC_H 45 #define _NSEC_H 46 47 #include <dnsdb/zdb_types.h> 48 49 #if !ZDB_HAS_NSEC_SUPPORT 50 #error "Please do not include nsec.h if ZDB_HAS_NSEC_SUPPORT is 0" 51 #endif 52 53 #include <dnsdb/nsec_collection.h> 54 #include <dnscore/ptr_set.h> 55 56 #ifdef __cplusplus 57 extern "C" 58 { 59 #endif 60 61 #define ZDB_NSECLABEL_TAG 0x4c42414c4345534e 62 63 #define NSEC_NEXT_DOMAIN_NAME(x__) (&(x__).rdata_start[0]) 64 65 /** 66 * Reverses the labels of the fqdn 67 * 68 * @param inverse_name 69 * @param name 70 * @return 71 */ 72 73 u32 nsec_inverse_name(u8 *inverse_name,const u8 *name); 74 75 /** 76 * 77 * Updates/Verifies the NSEC structures of the zone. 78 * 79 * @param zone the zone 80 * @param read_only a slave would not change the records. 81 * 82 * @return an error code (only fails if a slave got a zone with errors) 83 */ 84 85 ya_result nsec_update_zone(zdb_zone* zone, bool read_only); /* read_only a.k.a slave */ 86 87 /** 88 * Creates the NSEC node, creates or update the NSEC record 89 * 90 * @param zone 91 * @param label 92 * @param labels 93 * @param labels_top 94 */ 95 96 void nsec_update_label(zdb_zone* zone, zdb_rr_label* label, dnslabel_vector_reference labels, s32 labels_top); 97 98 /** 99 * Verifies and, if needed, update the NSEC record. 100 * There WILL be an NSEC record in the label at the end of the call. 101 * It does NOT create the NSEC node (needs it created already). 102 * It does NOT check for the relevancy of the NSEC record. 103 * 104 * @param label 105 * @param node 106 * @param next_node 107 * @param name 108 * @param ttl 109 * @return 110 */ 111 112 bool nsec_update_label_record(zdb_zone *zone, zdb_rr_label *label, nsec_node *node, nsec_node *next_node, u8 *name); 113 114 /** 115 * Creates the NSEC node, link it to the label. 116 * 117 * @param zone 118 * @param label 119 * @param labels 120 * @param labels_top 121 * @return 122 */ 123 124 nsec_node *nsec_update_label_node(zdb_zone* zone, zdb_rr_label* label, dnslabel_vector_reference labels, s32 labels_top); 125 126 /** 127 * 128 * Unlink the NSEC node from the label, then deletes said node from the chain. 129 * 130 * @param zone 131 * @param labels 132 * @param labels_top 133 * @return 134 */ 135 136 bool nsec_delete_label_node(zdb_zone* zone, dnslabel_vector_reference labels, s32 labels_top); 137 138 /** 139 * 140 * Find the label that has got the right NSEC interval for "nextname" 141 * 142 * @param zone 143 * @param name_vector 144 * @param dname_out 145 * @return 146 */ 147 148 zdb_rr_label *nsec_find_interval(const zdb_zone *zone, const dnsname_vector *name_vector, u8 **out_dname_p, u8 * restrict * pool); 149 150 void nsec_name_error(const zdb_zone* zone, const dnsname_vector *qname_not_const, s32 closest_index, 151 u8 * restrict * pool, 152 u8 **out_encloser_nsec_name_p, 153 zdb_rr_label** out_encloser_nsec_label, 154 u8 **out_wild_encloser_nsec_name_p, 155 zdb_rr_label** out_wildencloser_nsec_label 156 ); 157 158 void nsec_destroy_zone(zdb_zone* zone); 159 160 void nsec_logdump_tree(zdb_zone *zone); 161 162 #define NSEC_ZONE_DISABLED 0 163 #define NSEC_ZONE_ENABLED 1 164 #define NSEC_ZONE_GENERATING 2 165 #define NSEC_ZONE_REMOVING 4 166 167 #define TYPE_NSECCHAINSTATE NU16(0xff03) 168 169 /** 170 * marks the zone with private records 171 * 172 * @param zone 173 * @param status 174 * 175 * @return an error code 176 */ 177 178 ya_result nsec_zone_set_status(zdb_zone *zone, u8 secondary_lock, u8 status); 179 180 /** 181 * gets the zone status from private records 182 * 183 * @param zone 184 * @param statusp 185 * 186 * @return an error code 187 */ 188 189 ya_result nsec_zone_get_status(zdb_zone *zone, u8 *statusp); 190 191 #define ZONE_NSEC_AVAILABLE(zone_) zdb_rr_label_flag_isset((zone_)->apex, ZDB_RR_LABEL_NSEC) 192 193 #ifdef __cplusplus 194 } 195 #endif 196 197 #endif /* _NSEC_H */ 198 /** @} */ 199 200 201