1 /****************************************************************************** 2 * ldns_dnssec.i: DNSSEC zone, name, rrs 3 * 4 * Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz) 5 * Karel Slany (slany AT fit.vutbr.cz) 6 * All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions are met: 10 * 11 * * Redistributions of source code must retain the above copyright notice, 12 * this list of conditions and the following disclaimer. 13 * * Redistributions in binary form must reproduce the above copyright 14 * notice, this list of conditions and the following disclaimer in the 15 * documentation and/or other materials provided with the distribution. 16 * * Neither the name of the organization nor the names of its 17 * contributors may be used to endorse or promote products derived from this 18 * software without specific prior written permission. 19 * 20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 21 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 24 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 25 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 26 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 27 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 28 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 29 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 30 * POSSIBILITY OF SUCH DAMAGE. 31 ******************************************************************************/ 32 %nodefaultctor ldns_dnssec_rrs; //no default constructor & destructor 33 %nodefaultdtor ldns_dnssec_rrs; 34 35 %newobject ldns_dnssec_rrs_new; 36 %delobject ldns_dnssec_rrs_free; 37 38 %extend ldns_dnssec_rrs { 39 %pythoncode %{ 40 41 def __init__(self): 42 """Creates a new entry for 1 pointer to an rr and 1 pointer to the next rrs. 43 44 :returns: (ldns_dnssec_rrs) the allocated data 45 """ 46 self.this = _ldns.ldns_dnssec_rrs_new() 47 if not self.this: 48 raise Exception("Can't create rrs instance") 49 50 __swig_destroy__ = _ldns.ldns_dnssec_rrs_free 51 52 #LDNS_DNSSEC_RRS_METHODS_# 53 def add_rr(self,rr): 54 """Adds an RR to the list of RRs. 55 56 The list will remain ordered 57 58 :param rr: 59 the RR to add 60 :returns: (ldns_status) LDNS_STATUS_OK on success 61 """ 62 return _ldns.ldns_dnssec_rrs_add_rr(self,rr) 63 #parameters: ldns_dnssec_rrs *,ldns_rr *, 64 #retvals: ldns_status 65 #_LDNS_DNSSEC_RRS_METHODS# 66 %} 67 } 68 69 // ================================================================================ 70 // DNNSEC RRS 71 // ================================================================================ 72 %nodefaultctor ldns_dnssec_rrsets; //no default constructor & destructor 73 %nodefaultdtor ldns_dnssec_rrsets; 74 75 %newobject ldns_dnssec_rrsets_new; 76 %delobject ldns_dnssec_rrsets_free; 77 78 %extend ldns_dnssec_rrsets { 79 %pythoncode %{ 80 def __init__(self): 81 """Creates a new list (entry) of RRsets. 82 83 :returns: (ldns_dnssec_rrsets \*) instance 84 """ 85 self.this = _ldns.ldns_dnssec_rrsets_new() 86 if not self.this: 87 raise Exception("Can't create rrsets instance") 88 89 __swig_destroy__ = _ldns.ldns_dnssec_rrsets_free 90 91 def print_to_file(self, file, follow): 92 """Print the given list of rrsets to the given file descriptor. 93 94 :param file: file pointer 95 :param follow: if set to false, only print the first RRset 96 """ 97 _ldns.ldns_dnssec_rrsets_print(file,self,follow) 98 #parameters: FILE *,ldns_dnssec_rrsets *,bool, 99 #retvals: 100 101 #LDNS_DNSSEC_RRSETS_METHODS_# 102 def add_rr(self,rr): 103 """Add an ldns_rr to the corresponding RRset in the given list of RRsets. 104 105 If it is not present, add it as a new RRset with 1 record. 106 107 :param rr: 108 the rr to add to the list of rrsets 109 :returns: (ldns_status) LDNS_STATUS_OK on success 110 """ 111 return _ldns.ldns_dnssec_rrsets_add_rr(self,rr) 112 #parameters: ldns_dnssec_rrsets *,ldns_rr *, 113 #retvals: ldns_status 114 115 def set_type(self,atype): 116 """Sets the RR type of the rrset (that is head of the given list). 117 118 :param atype: 119 :returns: (ldns_status) LDNS_STATUS_OK on success 120 """ 121 return _ldns.ldns_dnssec_rrsets_set_type(self,atype) 122 #parameters: ldns_dnssec_rrsets *,ldns_rr_type, 123 #retvals: ldns_status 124 125 def type(self): 126 """Returns the rr type of the rrset (that is head of the given list). 127 128 :returns: (ldns_rr_type) the rr type 129 """ 130 return _ldns.ldns_dnssec_rrsets_type(self) 131 #parameters: ldns_dnssec_rrsets *, 132 #retvals: ldns_rr_type 133 #_LDNS_DNSSEC_RRSETS_METHODS# 134 %} 135 } 136 137 // ================================================================================ 138 // DNNSEC NAME 139 // ================================================================================ 140 %nodefaultctor ldns_dnssec_name; //no default constructor & destructor 141 %nodefaultdtor ldns_dnssec_name; 142 143 %newobject ldns_dnssec_name_new; 144 %delobject ldns_dnssec_name_free; 145 146 %extend ldns_dnssec_name { 147 %pythoncode %{ 148 def __init__(self): 149 """Create a new instance of dnssec name.""" 150 self.this = _ldns.ldns_dnssec_name_new() 151 if not self.this: 152 raise Exception("Can't create dnssec name instance") 153 154 __swig_destroy__ = _ldns.ldns_dnssec_name_free 155 156 def print_to_file(self,file): 157 """Prints the RRs in the dnssec name structure to the given file descriptor. 158 159 :param file: file pointer 160 """ 161 _ldns.ldns_dnssec_name_print(file, self) 162 #parameters: FILE *,ldns_dnssec_name *, 163 164 @staticmethod 165 def new_frm_rr(raiseException=True): 166 """Create a new instance of dnssec name for the given RR. 167 168 :returns: (ldns_dnssec_name) instance 169 """ 170 name = _ldns.ldns_dnssec_name_new_frm_rr(self) 171 if (not name) and (raiseException): 172 raise Exception("Can't create dnssec name") 173 return name 174 175 #LDNS_DNSSEC_NAME_METHODS_# 176 def add_rr(self,rr): 177 """Inserts the given rr at the right place in the current dnssec_name No checking is done whether the name matches. 178 179 :param rr: 180 The RR to add 181 :returns: (ldns_status) LDNS_STATUS_OK on success, error code otherwise 182 """ 183 return _ldns.ldns_dnssec_name_add_rr(self,rr) 184 #parameters: ldns_dnssec_name *,ldns_rr *, 185 #retvals: ldns_status 186 187 def find_rrset(self,atype): 188 """Find the RRset with the given type in within this name structure. 189 190 :param atype: 191 :returns: (ldns_dnssec_rrsets \*) the RRset, or NULL if not present 192 """ 193 return _ldns.ldns_dnssec_name_find_rrset(self,atype) 194 #parameters: ldns_dnssec_name *,ldns_rr_type, 195 #retvals: ldns_dnssec_rrsets * 196 197 def name(self): 198 """Returns the domain name of the given dnssec_name structure. 199 200 :returns: (ldns_rdf \*) the domain name 201 """ 202 return _ldns.ldns_dnssec_name_name(self) 203 #parameters: ldns_dnssec_name *, 204 #retvals: ldns_rdf * 205 206 def set_name(self,dname): 207 """Sets the domain name of the given dnssec_name structure. 208 209 :param dname: 210 the domain name to set it to. This data is *not* copied. 211 """ 212 _ldns.ldns_dnssec_name_set_name(self,dname) 213 #parameters: ldns_dnssec_name *,ldns_rdf *, 214 #retvals: 215 216 def set_nsec(self,nsec): 217 """Sets the NSEC(3) RR of the given dnssec_name structure. 218 219 :param nsec: 220 the nsec rr to set it to. This data is *not* copied. 221 """ 222 _ldns.ldns_dnssec_name_set_nsec(self,nsec) 223 #parameters: ldns_dnssec_name *,ldns_rr *, 224 #retvals: 225 #_LDNS_DNSSEC_NAME_METHODS# 226 %} 227 } 228 229 // ================================================================================ 230 // DNNSEC ZONE 231 // ================================================================================ 232 %nodefaultctor ldns_dnssec_zone; //no default constructor & destructor 233 %nodefaultdtor ldns_dnssec_zone; 234 235 %newobject ldns_dnssec_zone_new; 236 %delobject ldns_dnssec_zone_free; 237 238 %inline %{ 239 ldns_status ldns_dnssec_zone_sign_defcb(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int cbtype) 240 { 241 if (cbtype == 0) 242 return ldns_dnssec_zone_sign(zone, new_rrs, key_list, ldns_dnssec_default_add_to_signatures, NULL); 243 if (cbtype == 1) 244 return ldns_dnssec_zone_sign(zone, new_rrs, key_list, ldns_dnssec_default_leave_signatures, NULL); 245 if (cbtype == 2) 246 return ldns_dnssec_zone_sign(zone, new_rrs, key_list, ldns_dnssec_default_delete_signatures, NULL); 247 248 return ldns_dnssec_zone_sign(zone, new_rrs, key_list, ldns_dnssec_default_replace_signatures, NULL); 249 } 250 251 ldns_status ldns_dnssec_zone_add_rr_(ldns_dnssec_zone *zone, ldns_rr *rr) 252 { 253 ldns_rr *new_rr; 254 ldns_status status; 255 256 new_rr = ldns_rr_clone(rr); 257 258 /* 259 * A clone of the RR is created to be stored in the DNSSEC zone. 260 * The Python engine frees a RR object as soon it's reference count 261 * reaches zero. The code must avoid double freeing or accessing of freed 262 * memory. 263 */ 264 265 status = ldns_dnssec_zone_add_rr(zone, new_rr); 266 267 if (status != LDNS_STATUS_OK) { 268 ldns_rr_free(new_rr); 269 } 270 271 return status; 272 } 273 %} 274 275 %extend ldns_dnssec_zone { 276 %pythoncode %{ 277 278 def __init__(self): 279 """Creates a new dnssec_zone instance""" 280 self.this = _ldns.ldns_dnssec_zone_new() 281 if not self.this: 282 raise Exception("Can't create dnssec zone instance") 283 284 __swig_destroy__ = _ldns.ldns_dnssec_zone_free 285 286 def print_to_file(self,file): 287 """Prints the complete zone to the given file descriptor. 288 289 :param file: file pointer 290 """ 291 _ldns.ldns_dnssec_zone_print(file, self) 292 #parameters: FILE *, ldns_dnssec_zone *, 293 #retvals: 294 295 def create_nsec3s(self,new_rrs,algorithm,flags,iterations,salt_length,salt): 296 """Adds NSEC3 records to the zone. 297 298 :param new_rrs: 299 :param algorithm: 300 :param flags: 301 :param iterations: 302 :param salt_length: 303 :param salt: 304 :returns: (ldns_status) 305 """ 306 return _ldns.ldns_dnssec_zone_create_nsec3s(self,new_rrs,algorithm,flags,iterations,salt_length,salt) 307 #parameters: ldns_dnssec_zone *,ldns_rr_list *,uint8_t,uint8_t,uint16_t,uint8_t,uint8_t *, 308 #retvals: ldns_status 309 310 def create_nsecs(self,new_rrs): 311 """Adds NSEC records to the given dnssec_zone. 312 313 :param new_rrs: 314 ldns_rr's created by this function are added to this rr list, so the caller can free them later 315 :returns: (ldns_status) LDNS_STATUS_OK on success, an error code otherwise 316 """ 317 return _ldns.ldns_dnssec_zone_create_nsecs(self,new_rrs) 318 #parameters: ldns_dnssec_zone *,ldns_rr_list *, 319 #retvals: ldns_status 320 321 def create_rrsigs(self,new_rrs,key_list,func,arg): 322 """Adds signatures to the zone. 323 324 :param new_rrs: 325 the RRSIG RRs that are created are also added to this list, so the caller can free them later 326 :param key_list: 327 list of keys to sign with. 328 :param func: 329 Callback function to decide what keys to use and what to do with old signatures 330 :param arg: 331 Optional argument for the callback function 332 :returns: (ldns_status) LDNS_STATUS_OK on success, error otherwise 333 """ 334 return _ldns.ldns_dnssec_zone_create_rrsigs(self,new_rrs,key_list,func,arg) 335 #parameters: ldns_dnssec_zone *,ldns_rr_list *,ldns_key_list *,int(*)(ldns_rr *, void *),void *, 336 #retvals: ldns_status 337 338 def sign_cb(self,new_rrs,key_list,func,arg): 339 """signs the given zone with the given keys (with callback function) 340 341 :param new_rrs: 342 newly created resource records are added to this list, to free them later 343 :param key_list: 344 the list of keys to sign the zone with 345 :param func: 346 callback function that decides what to do with old signatures. 347 This function takes an ldns_rr and an optional arg argument, and returns one of four values: 348 349 * LDNS_SIGNATURE_LEAVE_ADD_NEW - leave the signature and add a new one for the corresponding key 350 351 * LDNS_SIGNATURE_REMOVE_ADD_NEW - remove the signature and replace is with a new one from the same key 352 353 * LDNS_SIGNATURE_LEAVE_NO_ADD - leave the signature and do not add a new one with the corresponding key 354 355 * LDNS_SIGNATURE_REMOVE_NO_ADD - remove the signature and do not replace 356 357 :param arg: 358 optional argument for the callback function 359 :returns: (ldns_status) LDNS_STATUS_OK on success, an error code otherwise 360 """ 361 return _ldns.ldns_dnssec_zone_sign(self,new_rrs,key_list,func,arg) 362 #parameters: ldns_dnssec_zone *,ldns_rr_list *,ldns_key_list *,int(*)(ldns_rr *, void *),void *, 363 #retvals: ldns_status 364 365 def sign(self,new_rrs,key_list, cbtype=3): 366 """signs the given zone with the given keys 367 368 :param new_rrs: 369 newly created resource records are added to this list, to free them later 370 :param key_list: 371 the list of keys to sign the zone with 372 :param cb_type: 373 specifies how to deal with old signatures, possible values: 374 375 * 0 - ldns_dnssec_default_add_to_signatures, 376 377 * 1 - ldns_dnssec_default_leave_signatures, 378 379 * 2 - ldns_dnssec_default_delete_signatures, 380 381 * 3 - ldns_dnssec_default_replace_signatures 382 383 :returns: (ldns_status) LDNS_STATUS_OK on success, an error code otherwise 384 """ 385 return _ldns.ldns_dnssec_zone_sign_defcb(self,new_rrs,key_list, cbtype) 386 #parameters: ldns_dnssec_zone *,ldns_rr_list *,ldns_key_list *, 387 #retvals: ldns_status 388 389 def sign_nsec3(self,new_rrs,key_list,func,arg,algorithm,flags,iterations,salt_length,salt): 390 """signs the given zone with the given new zone, with NSEC3 391 392 :param new_rrs: 393 newly created resource records are added to this list, to free them later 394 :param key_list: 395 the list of keys to sign the zone with 396 :param func: 397 callback function that decides what to do with old signatures 398 :param arg: 399 optional argument for the callback function 400 :param algorithm: 401 the NSEC3 hashing algorithm to use 402 :param flags: 403 NSEC3 flags 404 :param iterations: 405 the number of NSEC3 hash iterations to use 406 :param salt_length: 407 the length (in octets) of the NSEC3 salt 408 :param salt: 409 the NSEC3 salt data 410 :returns: (ldns_status) LDNS_STATUS_OK on success, an error code otherwise 411 """ 412 return _ldns.ldns_dnssec_zone_sign_nsec3(self,new_rrs,key_list,func,arg,algorithm,flags,iterations,salt_length,salt) 413 #parameters: ldns_dnssec_zone *,ldns_rr_list *,ldns_key_list *,int(*)(ldns_rr *, void *),void *,uint8_t,uint8_t,uint16_t,uint8_t,uint8_t *, 414 #retvals: ldns_status 415 416 #LDNS_DNSSEC_ZONE_METHODS_# 417 def add_empty_nonterminals(self): 418 """Adds explicit dnssec_name structures for the empty nonterminals in this zone. 419 420 (this is needed for NSEC3 generation) 421 422 :returns: (ldns_status) 423 """ 424 return _ldns.ldns_dnssec_zone_add_empty_nonterminals(self) 425 #parameters: ldns_dnssec_zone *, 426 #retvals: ldns_status 427 428 def add_rr(self,rr): 429 """Adds the given RR to the zone. 430 431 It find whether there is a dnssec_name with that name present. 432 If so, add it to that, if not create a new one. 433 Special handling of NSEC and RRSIG provided. 434 435 :param rr: 436 The RR to add 437 :returns: (ldns_status) LDNS_STATUS_OK on success, an error code otherwise 438 """ 439 return _ldns.ldns_dnssec_zone_add_rr_(self,rr) 440 #parameters: ldns_dnssec_zone *,ldns_rr *, 441 #retvals: ldns_status 442 443 def find_rrset(self,dname,atype): 444 """Find the RRset with the given name and type in the zone. 445 446 :param dname: 447 the domain name of the RRset to find 448 :param atype: 449 :returns: (ldns_dnssec_rrsets \*) the RRset, or NULL if not present 450 """ 451 return _ldns.ldns_dnssec_zone_find_rrset(self,dname,atype) 452 #parameters: ldns_dnssec_zone *,ldns_rdf *,ldns_rr_type, 453 #retvals: ldns_dnssec_rrsets * 454 455 #_LDNS_DNSSEC_ZONE_METHODS# 456 %} 457 } 458