1 /*------------------------------------------------------------------------------ 2 * 3 * Copyright (c) 2011-2021, EURid vzw. All rights reserved. 4 * The YADIFA TM software product is provided under the BSD 3-clause license: 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 10 * * Redistributions of source code must retain the above copyright 11 * notice, this list of conditions and the following disclaimer. 12 * * Redistributions in binary form must reproduce the above copyright 13 * notice, this list of conditions and the following disclaimer in the 14 * documentation and/or other materials provided with the distribution. 15 * * Neither the name of EURid nor the names of its contributors may be 16 * used to endorse or promote products derived from this software 17 * without specific prior written permission. 18 * 19 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 20 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 21 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 22 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE 23 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 24 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 25 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 26 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 27 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 28 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 29 * POSSIBILITY OF SUCH DAMAGE. 30 * 31 *------------------------------------------------------------------------------ 32 * 33 */ 34 35 /** @defgroup dnsdbzone Zone related functions 36 * @ingroup dnsdb 37 * @brief Functions used to manipulate a zone 38 * 39 * Functions used to manipulate a zone 40 * 41 * @{ 42 */ 43 44 #pragma once 45 46 #include <dnsdb/zdb_types.h> 47 #include <dnsdb/nsec.h> 48 #include <dnsdb/nsec3.h> 49 #include <dnsdb/dynupdate-diff.h> 50 51 // struct dnssec_chain 52 53 #include <dnscore/dnskey.h> 54 55 #ifdef __cplusplus 56 extern "C" 57 { 58 #endif 59 60 #define ZDB_ZONE_MAINTENANCE_NSEC3CHAIN_MAX 16 61 62 struct zdb_zone_maintenance_ctx 63 { 64 dnssec_chain nsec_chain_updater; // @note 20170119 edf -- Given recent changes, and depending on the post-processing, I may be able to handle NSEC & NSEC3 chains with a single (modified) object. 65 dnssec_chain nsec3_chains_updater; 66 nsec3_zone* nsec3_chain[ZDB_ZONE_MAINTENANCE_NSEC3CHAIN_MAX]; 67 u8 nsec3_chain_status[ZDB_ZONE_MAINTENANCE_NSEC3CHAIN_MAX]; 68 zdb_zone *zone; 69 zdb_rr_label *label; 70 71 dnssec_key_sll *keys; 72 intptr ksk_mask; 73 intptr zsk_mask; 74 75 int ksk_count; 76 int zsk_count; 77 78 ptr_vector ksks; 79 ptr_vector zsks; 80 81 time_t now; 82 u8 nsec_chain_status; 83 u8 nsec3_chain_count; 84 u8 fqdn[MAX_DOMAIN_LENGTH]; 85 dnsname_stack fqdn_stack; 86 }; 87 88 typedef struct zdb_zone_maintenance_ctx zdb_zone_maintenance_ctx; 89 90 ya_result zdb_zone_maintenance(zdb_zone* zone); 91 92 ya_result zdb_zone_sign(zdb_zone* zone); 93 94 /** 95 * Called by zdb_zone_maintenance 96 * 97 * Marks record sets that needs to be updated. 98 * Removes expired signatures. 99 * 100 * @param mctx 101 * @return 102 */ 103 104 ya_result zdb_zone_maintenance_rrsig(zdb_zone_maintenance_ctx* mctx, zone_diff_fqdn *diff_fqdn, ptr_vector *rrset_to_sign); 105 106 /** 107 * Called by zdb_zone_maintenance 108 * 109 * Updates the signatures of a zone incrementally. 110 * Each call goes a bit further. 111 * 112 * @param zone 113 * @param signature_count_loose_limit 114 * @param present_signatures_are_verified 115 * @return the number of actions counted 116 */ 117 118 int zdb_zone_maintenance_nsec(zdb_zone_maintenance_ctx* mctx, const zone_diff_fqdn *diff_fqdn, ptr_vector *rrset_to_sign); 119 120 /** 121 * Called by zdb_zone_maintenance 122 * 123 * Updates the signatures of a zone incrementally. 124 * Each call goes a bit further. 125 * 126 * @param zone 127 * @param signature_count_loose_limit 128 * @param present_signatures_are_verified 129 * @return the number of actions counted 130 */ 131 132 int zdb_zone_maintenance_nsec3(zdb_zone_maintenance_ctx* mctx, const zone_diff_fqdn *diff_fqdn); 133 134 void zdb_zone_maintenance_nsec3_add_rrsig_type(zone_diff *diff, zdb_zone *zone, ptr_vector *rrset_to_sign_vector, ptr_vector *ksks, ptr_vector *zsks, ptr_vector *remove, ptr_vector* add, zone_diff_fqdn *covered_diff_fqdn); 135 136 void zdb_zone_maintenance_nsec3_remove_rrsig_type(zone_diff *diff, zdb_zone *zone, ptr_vector *rrset_to_sign_vector, ptr_vector *ksks, ptr_vector *zsks, ptr_vector *remove, ptr_vector* add, zone_diff_fqdn *covered_diff_fqdn); 137 138 139 #ifdef __cplusplus 140 } 141 #endif 142 143 /** @} */ 144