d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import ldns 1.6.16

Browse Source
This commit is contained in:
Dag-Erling Smørgrav 2013-02-15 13:51:54 +00:00
parent a1ba2d1ca3
commit 2f10c3e258
Notes: svn2git 2020-12-20 02:59:44 +00:00 
svn path=/vendor/ldns/dist/; revision=246828
svn path=/vendor/ldns/1.6.16/; revision=246829; tag=vendor/ldns/1.6.16
96 changed files with 13278 additions and 3337 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
Changelog
View File

@ -1,3 +1,51 @@
1.6.16 2012-11-13
* Fix Makefile to build pyldns with BSD make
* Fix typo in exporting b32_* symbols to make pyldns load again
* Allow leaving the RR owner name empty in ldns-testns datafiles.
* Fix fail to create NSEC3 bitmap for empty non-terminal (bug
introduced in 1.6.14).
1.6.15 2012-10-25
* Remove LDNS_STATUS_EXISTS_ERR from ldns/error.h to make ldns
binary compatible with earlier releases again.
1.6.14 2012-10-23
* DANE support (RFC6698), including ldns-dane example tool.
* Configurable default CA certificate repository for ldns-dane with
--with-ca-file=CAFILE and --with-ca-path=CAPATH
* Configurable default trust anchor with --with-trust-anchor=FILE
for drill, ldns-verify-zone and ldns-dane
* bugfix #474: Define socklen_t when undefined (like in Win32)
* bugfix #473: Dead code removal and resource leak fix in drill
* bugfix #471: Let ldns_resolver_push_dnssec_anchor accept DS RR's too.
* Various bugfixes from code reviews from CZ.NIC and Paul Wouters
* ldns-notify TSIG option argument checking
* Let ldns_resolver_nameservers_randomize keep nameservers and rtt's
in sync.
* Let ldns_pkt_push_rr now return false on (memory) errors.
* Make buffer_export comply to documentation and fix buffer2str
* Various improvements and fixes of pyldns from Katel Slany
now documented in their own Changelog.
* bugfix: Make ldns_resolver_pop_nameserver clear the array when
there was only one.
* bugfix #459: Remove ldns_symbols and export symbols based on regex
* bugfix #458: Track all newly created signatures when signing.
* bugfix #454: Only set -g and -O2 CFLAGS when no CFLAGS was given.
* bugfix #457: Memory leak fix for ldns_key_new_frm_algorithm.
* pyldns memory handling fixes and the python3/ldns-signzone.py
examples script contribution from Karel Slany.
* bugfix #450: Base # bytes for P, G and Y (T) on the guaranteed
to be bigger (or equal) P in ldns_key_dsa2bin.
* bugfix #449: Deep free cloned rdf's in ldns_tsig_mac_new.
* bugfix #448: Copy nameserver value (in stead of reference) of the
answering nameserver to the answer packet in ldns_send_buffer, so
the original value may be deep freed with the ldns_resolver struct.
* New -0 option for ldns-read-zone to replace inception, expiration
and signature rdata fields with (null). Thanks Paul Wouters.
* New -p option for ldns-read-zone to prepend-pad SOA serial to take
up ten characters.
* Return error if printing RR fails due to unknown/null RDATA.
1.6.13 2012-05-21
* New -S option for ldns-verify-zone to chase signatures online.
* New -k option for ldns-verify-zone to validate using a trusted key.

955
Makefile.in
View File

File diff suppressed because it is too large Load Diff

3
buffer.c
View File

@ -140,7 +140,8 @@ ldns_buffer_free(ldns_buffer *buffer)
return;
}
LDNS_FREE(buffer->_data);
if (!buffer->_fixed)
LDNS_FREE(buffer->_data);
LDNS_FREE(buffer);
}

153
configure vendored
View File

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.68 for ldns 1.6.13.
# Generated by GNU Autoconf 2.68 for ldns 1.6.16.
#
# Report bugs to <libdns@nlnetlabs.nl>.
#
@ -570,8 +570,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='ldns'
PACKAGE_TARNAME='libdns'
PACKAGE_VERSION='1.6.13'
PACKAGE_STRING='ldns 1.6.13'
PACKAGE_VERSION='1.6.16'
PACKAGE_STRING='ldns 1.6.16'
PACKAGE_BUGREPORT='libdns@nlnetlabs.nl'
PACKAGE_URL=''
@ -613,17 +613,23 @@ ac_includes_default="\
#endif"
ac_subst_vars='LTLIBOBJS
CONFIG_FILES
ldns_build_config_have_attr_unused
ldns_build_config_have_attr_format
ldns_build_config_have_ssl
DEFAULT_CAPATH
DEFAULT_CAFILE
LDNS_TRUST_ANCHOR_FILE
WINDRES
LIBOBJS
ldns_build_config_have_socklen_t
LIBPCAP_LIBS
include_unistd_h
include_systypes_h
include_inttypes_h
ldns_build_config_have_inttypes_h
include_sys_socket_h
LIBSSL_SSL_LIBS
LIBSSL_LIBS
LIBSSL_LDFLAGS
LIBSSL_CPPFLAGS
@ -767,6 +773,9 @@ enable_sha2
enable_gost
enable_ecdsa
enable_rpath
with_trust_anchor
with_ca_file
with_ca_path
'
ac_precious_vars='build_alias
host_alias
@ -1320,7 +1329,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures ldns 1.6.13 to adapt to many kinds of systems.
\`configure' configures ldns 1.6.16 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1385,7 +1394,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of ldns 1.6.13:";;
short | recursive ) echo "Configuration of ldns 1.6.16:";;
esac
cat <<\_ACEOF
@ -1421,6 +1430,12 @@ Optional Packages:
--with-ssl=pathname enable SSL (will check /usr/local/ssl /usr/lib/ssl
/usr/ssl /usr/pkg /usr/local /opt/local /usr/sfw
/usr)
--with-trust-anchor=KEYFILE
Default location of the trust anchor file for drill
and ldns-dane. [default=SYSCONFDIR/unbound/root.key]
--with-ca-file=CAFILE File containing CA certificates for ldns-dane
--with-ca-path=CAPATH Directory containing CA certificate files for
ldns-dane
Some influential environment variables:
CC C compiler command
@ -1502,7 +1517,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
ldns configure 1.6.13
ldns configure 1.6.16
generated by GNU Autoconf 2.68
Copyright (C) 2010 Free Software Foundation, Inc.
@ -2206,7 +2221,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by ldns $as_me 1.6.13, which was
It was created by ldns $as_me 1.6.16, which was
generated by GNU Autoconf 2.68. Invocation command line was
$ $0 $@
@ -2556,13 +2571,13 @@ ac_compiler_gnu=$ac_cv_c_compiler_gnu
# needed to build correct soname
LIBTOOL_VERSION_INFO=1:6:13
LIBTOOL_VERSION_INFO=1:6:16
LDNS_VERSION_MAJOR=1
LDNS_VERSION_MINOR=6
LDNS_VERSION_MICRO=13
LDNS_VERSION_MICRO=16
OURCPPFLAGS=''
@ -4684,6 +4699,7 @@ ac_compile='$CC -c $CFLAGS $CPPFLAGS conftest.$ac_ext >&5'
ac_link='$CC -o conftest$ac_exeext $CFLAGS $CPPFLAGS $LDFLAGS conftest.$ac_ext $LIBS >&5'
ac_compiler_gnu=$ac_cv_c_compiler_gnu
if test "x$CFLAGS" = "x" ; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC supports -g" >&5
@ -4707,7 +4723,7 @@ if eval "test \"`echo '$cv_prog_cc_flag_'$cache`\" = yes"; then
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: yes" >&5
$as_echo "yes" >&6; }
:
CFLAGS="-g $CFLAGS"
CFLAGS="-g"
else
{ $as_echo "$as_me:${as_lineno-$LINENO}: result: no" >&5
$as_echo "no" >&6; }
@ -4746,6 +4762,7 @@ $as_echo "no" >&6; }
fi
fi
{ $as_echo "$as_me:${as_lineno-$LINENO}: checking whether $CC supports -Wall" >&5
@ -5931,6 +5948,7 @@ This does not work with the --with-drill option.
Please remove the config.h from the drill subdirectory
or do not use the --with-drill option." "$LINENO" 5
fi
DRILL_CONFIG=" drill/drill.1"
else
DRILL=""
@ -5942,6 +5960,7 @@ else
LINT_DRILL=""
DRILL_CONFIG=""
fi
@ -5971,6 +5990,7 @@ This does not work with the --with-examples option.
Please remove the config.h from the examples subdirectory
or do not use the --with-examples option." "$LINENO" 5
fi
EXAMPLES_CONFIG=" examples/ldns-dane.1 examples/ldns-verify-zone.1"
else
EXAMPLES=""
@ -5982,6 +6002,7 @@ else
LINT_EXAMPLES=""
EXAMPLES_CONFIG=""
fi
# add option to disable installation of ldns-config script
@ -6981,7 +7002,6 @@ else
fi
# Use libtool
# skip these tests, we do not need them.
@ -14706,6 +14726,10 @@ esac
if test "x$HAVE_SSL" = "xyes"; then
LIBSSL_SSL_LIBS="$LIBSSL_LIBS -lssl"
fi
CPPFLAGS=$tmp_CPPFLAGS
LDFLAGS=$tmp_LDFLAGS
LIBS=$tmp_LIBS
@ -15452,6 +15476,13 @@ $as_echo "#define socklen_t int" >>confdefs.h
fi
if test "x$ac_cv_type_socklen_t" = xyes; then
ldns_build_config_have_socklen_t=1
else
ldns_build_config_have_socklen_t=0
fi
ac_fn_c_check_type "$LINENO" "size_t" "ac_cv_type_size_t" "$ac_includes_default"
if test "x$ac_cv_type_size_t" = xyes; then :
@ -16514,6 +16545,91 @@ $as_echo "#define SYSCONFDIR sysconfdir" >>confdefs.h
# Check whether --with-trust-anchor was given.
if test "${with_trust_anchor+set}" = set; then :
withval=$with_trust_anchor;
LDNS_TRUST_ANCHOR_FILE="$withval"
else
if test "x$LDNS_TRUST_ANCHOR_FILE" = "x"; then
if test "x$sysconfdir" = 'x${prefix}/etc' ; then
if test "x$prefix" = 'xNONE' ; then
LDNS_TRUST_ANCHOR_FILE="/etc/unbound/root.key"
else
LDNS_TRUST_ANCHOR_FILE="${prefix}/etc/unbound/root.key"
fi
else
LDNS_TRUST_ANCHOR_FILE="${sysconfdir}/unbound/root.key"
fi
fi
fi
cat >>confdefs.h <<_ACEOF
#define LDNS_TRUST_ANCHOR_FILE "$LDNS_TRUST_ANCHOR_FILE"
_ACEOF
{ $as_echo "$as_me:${as_lineno-$LINENO}: Default trust anchor: $LDNS_TRUST_ANCHOR_FILE" >&5
$as_echo "$as_me: Default trust anchor: $LDNS_TRUST_ANCHOR_FILE" >&6;}
# Check whether --with-ca-file was given.
if test "${with_ca_file+set}" = set; then :
withval=$with_ca_file;
$as_echo "#define HAVE_DANE_CA_FILE 1" >>confdefs.h
cat >>confdefs.h <<_ACEOF
#define LDNS_DANE_CA_FILE "$withval"
_ACEOF
{ $as_echo "$as_me:${as_lineno-$LINENO}: Using CAfile: $withval" >&5
$as_echo "$as_me: Using CAfile: $withval" >&6;}
DEFAULT_CAFILE="Default is $withval"
else
$as_echo "#define HAVE_DANE_CA_FILE 0" >>confdefs.h
fi
# Check whether --with-ca-path was given.
if test "${with_ca_path+set}" = set; then :
withval=$with_ca_path;
$as_echo "#define HAVE_DANE_CA_PATH 1" >>confdefs.h
cat >>confdefs.h <<_ACEOF
#define LDNS_DANE_CA_PATH "$withval"
_ACEOF
{ $as_echo "$as_me:${as_lineno-$LINENO}: Using CApath: $withval" >&5
$as_echo "$as_me: Using CApath: $withval" >&6;}
DEFAULT_CAPATH="Default is $withval"
else
$as_echo "#define HAVE_DANE_CA_PATH 0" >>confdefs.h
fi
@ -16539,7 +16655,9 @@ else
fi
ac_config_files="$ac_config_files Makefile ldns/common.h ldns/net.h ldns/util.h packaging/libldns.pc packaging/ldns-config"
CONFIG_FILES="Makefile ldns/common.h ldns/net.h ldns/util.h packaging/libldns.pc packaging/ldns-config $DRILL_CONFIG $EXAMPLES_CONFIG"
ac_config_files="$ac_config_files $CONFIG_FILES"
ac_config_headers="$ac_config_headers ldns/config.h"
@ -17063,7 +17181,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by ldns $as_me 1.6.13, which was
This file was extended by ldns $as_me 1.6.16, which was
generated by GNU Autoconf 2.68. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -17129,7 +17247,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
ldns config.status 1.6.13
ldns config.status 1.6.16
configured by $0, generated by GNU Autoconf 2.68,
with options \\"\$ac_cs_config\\"
@ -17534,12 +17652,7 @@ do
case $ac_config_target in
"libtool") CONFIG_COMMANDS="$CONFIG_COMMANDS libtool" ;;
"disable-rpath") CONFIG_COMMANDS="$CONFIG_COMMANDS disable-rpath" ;;
"Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
"ldns/common.h") CONFIG_FILES="$CONFIG_FILES ldns/common.h" ;;
"ldns/net.h") CONFIG_FILES="$CONFIG_FILES ldns/net.h" ;;
"ldns/util.h") CONFIG_FILES="$CONFIG_FILES ldns/util.h" ;;
"packaging/libldns.pc") CONFIG_FILES="$CONFIG_FILES packaging/libldns.pc" ;;
"packaging/ldns-config") CONFIG_FILES="$CONFIG_FILES packaging/ldns-config" ;;
"$CONFIG_FILES") CONFIG_FILES="$CONFIG_FILES $CONFIG_FILES" ;;
"ldns/config.h") CONFIG_HEADERS="$CONFIG_HEADERS ldns/config.h" ;;
*) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;

62
configure.ac
View File

@ -6,7 +6,7 @@ sinclude(acx_nlnetlabs.m4)
# must be numbers. ac_defun because of later processing.
m4_define([VERSION_MAJOR],[1])
m4_define([VERSION_MINOR],[6])
m4_define([VERSION_MICRO],[13])
m4_define([VERSION_MICRO],[16])
AC_INIT(ldns, m4_defn([VERSION_MAJOR]).m4_defn([VERSION_MINOR]).m4_defn([VERSION_MICRO]), libdns@nlnetlabs.nl, libdns)
AC_CONFIG_SRCDIR([packet.c])
# needed to build correct soname
@ -63,8 +63,10 @@ COPY_FILES($srcdir/$1/*.h, $2)
# Checks for typedefs, structures, and compiler characteristics.
AC_C_CONST
AC_LANG_C
ACX_CHECK_COMPILER_FLAG(g, [CFLAGS="-g $CFLAGS"])
if test "x$CFLAGS" = "x" ; then
ACX_CHECK_COMPILER_FLAG(g, [CFLAGS="-g"])
ACX_CHECK_COMPILER_FLAG(O2, [CFLAGS="-O2 $CFLAGS"])
fi
ACX_CHECK_COMPILER_FLAG(Wall, [CFLAGS="-Wall $CFLAGS"])
ACX_CHECK_COMPILER_FLAG(W, [CFLAGS="-W $CFLAGS"])
ACX_CHECK_COMPILER_FLAG(Wwrite-strings, [CFLAGS="-Wwrite-strings $CFLAGS"])
@ -112,12 +114,14 @@ This does not work with the --with-drill option.
Please remove the config.h from the drill subdirectory
or do not use the --with-drill option.])
fi
DRILL_CONFIG=" drill/drill.1"
else
AC_SUBST(DRILL,[""])
AC_SUBST(INSTALL_DRILL,[""])
AC_SUBST(UNINSTALL_DRILL,[""])
AC_SUBST(CLEAN_DRILL,[""])
AC_SUBST(LINT_DRILL,[""])
DRILL_CONFIG=""
fi
@ -137,12 +141,14 @@ This does not work with the --with-examples option.
Please remove the config.h from the examples subdirectory
or do not use the --with-examples option.])
fi
EXAMPLES_CONFIG=" examples/ldns-dane.1 examples/ldns-verify-zone.1"
else
AC_SUBST(EXAMPLES,[""])
AC_SUBST(INSTALL_EXAMPLES,[""])
AC_SUBST(UNINSTALL_EXAMPLES,[""])
AC_SUBST(CLEAN_EXAMPLES,[""])
AC_SUBST(LINT_EXAMPLES,[""])
EXAMPLES_CONFIG=""
fi
# add option to disable installation of ldns-config script
@ -249,7 +255,6 @@ else
AC_SUBST(PYLDNSXUNINST, "")
fi
# Use libtool
ACX_LIBTOOL_C_ONLY
@ -318,6 +323,9 @@ esac
AC_SUBST(LIBSSL_CPPFLAGS)
AC_SUBST(LIBSSL_LDFLAGS)
AC_SUBST(LIBSSL_LIBS)
if test "x$HAVE_SSL" = "xyes"; then
AC_SUBST(LIBSSL_SSL_LIBS, ["$LIBSSL_LIBS -lssl"])
fi
CPPFLAGS=$tmp_CPPFLAGS
LDFLAGS=$tmp_LDFLAGS
LIBS=$tmp_LIBS
@ -444,6 +452,11 @@ AC_INCLUDES_DEFAULT
fi
ACX_TYPE_SOCKLEN_T
if test "x$ac_cv_type_socklen_t" = xyes; then
AC_SUBST(ldns_build_config_have_socklen_t, 1)
else
AC_SUBST(ldns_build_config_have_socklen_t, 0)
fi
AC_TYPE_SIZE_T
AC_TYPE_SSIZE_T
AC_TYPE_INTPTR_T
@ -507,6 +520,45 @@ fi
AC_DEFINE([SYSCONFDIR], [sysconfdir], [System configuration dir])
AC_ARG_WITH(trust-anchor, AC_HELP_STRING([--with-trust-anchor=KEYFILE], [Default location of the trust anchor file for drill and ldns-dane. [default=SYSCONFDIR/unbound/root.key]]), [
LDNS_TRUST_ANCHOR_FILE="$withval"
],[
if test "x$LDNS_TRUST_ANCHOR_FILE" = "x"; then
if test "x$sysconfdir" = 'x${prefix}/etc' ; then
if test "x$prefix" = 'xNONE' ; then
LDNS_TRUST_ANCHOR_FILE="/etc/unbound/root.key"
else
LDNS_TRUST_ANCHOR_FILE="${prefix}/etc/unbound/root.key"
fi
else
LDNS_TRUST_ANCHOR_FILE="${sysconfdir}/unbound/root.key"
fi
fi
])
AC_DEFINE_UNQUOTED([LDNS_TRUST_ANCHOR_FILE], ["$LDNS_TRUST_ANCHOR_FILE"], [Default trust anchor file])
AC_SUBST(LDNS_TRUST_ANCHOR_FILE)
AC_MSG_NOTICE([Default trust anchor: $LDNS_TRUST_ANCHOR_FILE])
AC_ARG_WITH(ca-file, AC_HELP_STRING([--with-ca-file=CAFILE], [File containing CA certificates for ldns-dane]), [
AC_DEFINE([HAVE_DANE_CA_FILE], [1], [Is a CAFILE given at configure time])
AC_DEFINE_UNQUOTED([LDNS_DANE_CA_FILE], ["$withval"], [Is a CAFILE given at configure time])
AC_MSG_NOTICE([Using CAfile: $withval])
AC_SUBST(DEFAULT_CAFILE, ["Default is $withval"])
],[
AC_DEFINE([HAVE_DANE_CA_FILE], [0], [Is a CAFILE given at configure time])
AC_SUBST(DEFAULT_CAFILE, [])
])
AC_ARG_WITH(ca-path, AC_HELP_STRING([--with-ca-path=CAPATH], [Directory containing CA certificate files for ldns-dane]), [
AC_DEFINE([HAVE_DANE_CA_PATH], [1], [Is a CAPATH given at configure time])
AC_DEFINE_UNQUOTED([LDNS_DANE_CA_PATH], ["$withval"], [Is a CAPATH given at configure time])
AC_MSG_NOTICE([Using CApath: $withval])
AC_SUBST(DEFAULT_CAPATH, ["Default is $withval"])
],[
AC_DEFINE([HAVE_DANE_CA_PATH], [0], [Is a CAPATH given at configure time])
AC_SUBST(DEFAULT_CAPATH, [])
])
AH_BOTTOM([
#include <stdio.h>
#include <string.h>
@ -663,7 +715,9 @@ else
AC_SUBST(ldns_build_config_have_attr_unused, 0)
fi
AC_CONFIG_FILES([Makefile ldns/common.h ldns/net.h ldns/util.h packaging/libldns.pc packaging/ldns-config])
CONFIG_FILES="Makefile ldns/common.h ldns/net.h ldns/util.h packaging/libldns.pc packaging/ldns-config $DRILL_CONFIG $EXAMPLES_CONFIG"
AC_SUBST(CONFIG_FILES)
AC_CONFIG_FILES([$CONFIG_FILES])
AC_CONFIG_HEADER([ldns/config.h])
AC_OUTPUT

66
contrib/python/Changelog Normal file
View File

@ -0,0 +1,66 @@
1.6.16 2012-11-13
* Fix typo in ldns_struct_pkt.opcode2str
1.6.14 2012-10-23
* Added rich comparison methods for ldns_dname, ldns_rdf, ldns_rr and
ldns_rr_list classes.
* Added deprecation warnings into ldns_rr.new_frm_fp() and
ldns_rr.new_frm_fp_l() and others.
* Fixed ldns_rr.set_rdf(), which may cause memory leaks, because it
returns new objects (in the scope of Python). Also it leaked memory,
when the call was not successful.
* Fixed ldns_get_rr_list_hosts_frm_file, marked as newobject.
* Fixed ldns_rr_list.cat() to return bool as mentioned in documentation.
* Fixed ldns_rr_list_cat_clone, marked as newobject.
* Fixed ldns_rr_list.new_frm_file(). Exception argument was invalid.
* Fixed ldns_rr_list.push_rr() to return bool as mentioned in
documentation.
* Fixed ldns_rr_list.push_rr_list() to return bool as mentioned in
documentation.
* Fixed ldns_rr_list.set_rr(), which caused memory corruption, double free
problems and memory leaks. (The wrapper used original function instead
of its push cloned variant which was missing.)
* Fixed ldns_rr_list.set_rr_count(), added python exception raise in order
to avoid assertion failure.
* Fixed ldns_rr_list.subtype_by_rdf(), marked as newobject.
* Added ldns_rr.to_canonical(), ldns_rr.is_question(),
ldns_rr.type_by_name(), ldns_rr.class_by_name(), ldns_rr_list.new(),
ldns_rr.set_question().
* Modified ldns_rr_list.owner() and ldns_rr.owner(), now returns ldns_dname.
* Fixed assertion failures for several methods when receiving incorrect but
syntactically valid arguments (i.e., ldns_rr.a_address(),
ldns_rr.dnskey_algorithm(), ldns_rr.dnskey_flags(),
ldns_rr.dnskey_key(), ldns_rr.dnskey_protocol(),
ldns_rr.mx_exchange(), ldns_rr.mx_preference(), ldns_rr.ns_nsdname(),
ldns_rr.owner(), ldns_rr.rdf(), ldns_rr.rrsig_algorithm(),
ldns_rr.rrsig_expiration(), ldns_rr.rrsig_inception(),
ldns_rr.rrsig_keytag(), ldns_rr.rrsig_labels(), ldns_rr.rrsig_origttl(),
ldns_rr.rrsig_sig(), ldns_rr.rrsig_signame(),
ldns_rr.rrsig_typecovered(), ldns_rr_list.owner(), ldns_rr_list.rr())
* Fixed ldns_rr.a_address(), which was asserting when called
on non A or AAAA type rr. Now returns None when fails.
* Added scripts for testing the basic functionality of the ldns_rr,
ldns_rr_descriptor and ldns_rr_list class code.
* Improved documentation of ldns_rr, ldns_rr_descriptor and ldns_rr_list.
* Fixed automatic conversion from Python string to ldns_rdf and
ldns_dname. Caused memory corruption when using Python 3.
* The Python 3 wrapper code now raises TypeError instead of ValueError
when receiving a non FILE * argument when it should be a FILE *.
* Fixed wrong handling of _ldns_rr_list_free() and
_ldns_rr_list_deep_free() when compiling with LDNS_DEBUG directive.
* Fixed malfunctioning ldns.ldns_rdf_new_frm_fp_l().
* Fixed malfunctioning ldns_drf.absolute() and ldns_dname.absolute().
* Marked several functions related to ldns_rdf and ldns_buffer as
returning new objects.
* Method operating on ldns_dnames and returning dname ldns_rdfs now
return ldns_dname instances.
* Improved documentation of ldns_buffer, ldns_rdf and ldns_dname
classes.
* Methods ldns_buffer.available() and ldns_buffer.available_at() now
return bool types as described in the documentation.
* Added scripts for testing the basic functionality of the ldns_buffer,
ldns_rdf, ldns_dname class code.
* Added deprecation warnings to ldns_rdf methods operating on dname
rdfs. The user is encouraged to converts dname ldns_rdfs to
ldns_dnames.
* Extended ldns_dname constructor to accept ldns_rdfs containing dnames.

63
contrib/python/Makefile
View File

@ -28,6 +28,9 @@
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
.PHONY: help clean testenv test doc te bw bw3 sw sw3
help:
@echo "Please use \`make <target>' where <target> is one of"
@echo " testenv to make test environment and run bash "
@ -41,27 +44,65 @@ help:
_ldns.so: ../../Makefile
$(MAKE) -C ../..
../../.libs/ldns.so.1: ../../Makefile
../../.libs/libldns.so.1: ../../Makefile
$(MAKE) -C ../..
clean:
rm -rdf examples/ldns
rm -rf examples/ldns
rm -f _ldns.so ldns_wrapper.o
$(MAKE) -C ../.. clean
testenv: ../../.libs/libldns.so.1 _ldns.so
rm -rdf examples/ldns
cd examples && mkdir ldns && ln -s ../../ldns.py ldns/__init__.py && ln -s ../../_ldns.so ldns/_ldns.so && ln -s ../../../../.libs/libldns.so.1 ldns/libldns.so.1 && ls -la
rm -rf examples/ldns
cd examples && mkdir ldns && ln -s ../../ldns.py ldns/__init__.py && ln -s ../../../../.libs/_ldns.so ldns/_ldns.so && ln -s ../../../../.libs/libldns.so.1 ldns/libldns.so.1 && ls -la
@echo "Run a script by typing ./script_name.py"
cd examples && LD_LIBRARY_PATH=ldns bash
rm -rdf examples/ldns
rm -rf examples/ldns
doc: ../../.libs/ldns.so.1 _ldns.so
test: ../../.libs/libldns.so.1 _ldns.so examples/test_buffer.py examples/test_rdf.py examples/test_dname.py examples/test_rr.py
@rm -rf examples/ldns
@cd examples && mkdir ldns && ln -s ../../ldns.py ldns/__init__.py && ln -s ../../../../.libs/_ldns.so ldns/_ldns.so && ln -s ../../../../.libs/libldns.so.1 ldns/libldns.so.1
@cd examples && LD_LIBRARY_PATH=ldns ./test_buffer.py 2>/dev/null
@cd examples && LD_LIBRARY_PATH=ldns ./test_rdf.py 2>/dev/null
@cd examples && LD_LIBRARY_PATH=ldns ./test_dname.py 2>/dev/null
@cd examples && LD_LIBRARY_PATH=ldns ./test_rr.py 2>/dev/null
@rm -rf examples/ldns
doc: ../../.libs/libldns.so.1 _ldns.so
echo @VERSION_MAJOR@
rm -f _ldns.so
ln -s ../../.libs/_ldns.so
$(MAKE) -C docs html
rm -f _ldns.so
#for development only
swig: ldns.i
swig -python -py3 -o ldns_wrapper.c -I../.. ldns.i
gcc -c ldns_wrapper.c -O9 -fPIC -I../.. -I../../ldns -I/usr/include/python3.1 -I. -o ldns_wrapper.o
ld -shared ldns_wrapper.o -L../../.libs -lldns -o _ldns.so
# For development only:
# Test environment, does not build the wrapper from dependencies.
te:
rm -rf examples/ldns
cd examples && mkdir ldns && ln -s ../../ldns.py ldns/__init__.py && ln -s ../../../../.libs/_ldns.so ldns/_ldns.so && ln -s ../../../../.libs/libldns.so.1 ldns/libldns.so.1 && ls -la
@echo "Run a script by typing ./script_name.py"
cd examples && LD_LIBRARY_PATH=ldns bash
rm -rf examples/ldns
# Builds Python 2 wrapper from present wrapper C code.
bw:
gcc -c ldns_wrapper.c -O9 -fPIC -I../.. -I../../ldns -I/usr/include/python2.7 -I. -o ldns_wrapper.o
mkdir -p ../../.libs
ld -shared ldns_wrapper.o -L../../.libs -lldns -o ../../.libs/_ldns.so
# Builds Python 3 wrapper from present wrapper C code.
bw3:
gcc -c ldns_wrapper.c -O9 -fPIC -I../.. -I../../ldns -I/usr/include/python3.2 -I. -o ldns_wrapper.o
mkdir -p ../../.libs
ld -shared ldns_wrapper.o -L../../.libs -ldns -o ../../.libs/_ldns.so
# Builds Python 2 wrapper from interface file.
sw: ldns.i
swig -python -o ldns_wrapper.c -I../.. ldns.i
$(MAKE) bw
# Builds Python 3 wrapper from interface file.
sw3: ldns.i
swig -python -py3 -DPY3 -o ldns_wrapper.c -I../.. ldns.i
$(MAKE) bw3

4
contrib/python/docs/source/conf.py
View File

@ -43,9 +43,9 @@
# other places throughout the built documents.
#
# The short X.Y version.
version = '1.0'
version = '1.6'
# The full version, including alpha/beta/rc tags.
release = '1.0.0'
release = '1.6.16'
# There are two options for replacing |today|: either, you set today to some
# non-false value, then it is used:

56
contrib/python/docs/source/install.rst
View File

@ -3,44 +3,70 @@ Installation
**Prerequisites**
Python 2.4 or higher, SWIG 1.3 or higher, GNU make
SWIG 1.3 and GNU make are required to build modules for Python 2.4 and higher
(but lower than 3). In order to build modules for Python 3.2 or higher,
SWIG in version 2.0.4 or higher is required.
Note that Python 3.0 and 3.1 are not supported.
In order to build this documentation the Sphinx Python documentation generator
is required.
**Download**
You can download the source codes `here`_.
The latest release is 1.4.1, Jan 15, 2009.
The lates source codes can be downloaded from `here`_.
.. _here: ldns-1.4.1-py.tar.gz
.. _here: http://nlnetlabs.nl/projects/ldns/
**Compiling**
After downloading, you can compile the library by doing::
After downloading the source code archive (this example uses
ldns-1.6.13.tar.gz), pyLDNS can be enabled and compiled by typing::
> tar -xzf ldns-1.4.1-py.tar.gz
> cd ldns-1.4.1
> tar -xzf ldns-1.6.13.tar.gz
> cd ldns-1.6.13
> ./configure --with-pyldns
> make
You need GNU make to compile pyLDNS; SWIG and Python development libraries to compile extension module.
You need GNU make to compile pyLDNS; SWIG and Python development libraries to
compile the extension module.
**Selecting Target Python Interpreter**
By default, the pyLDNS module builds for the default Python interpreter (i.e.,
the Python interpreter which can be accessed by just typing ``python`` in
the command line). If you desire to build the pyLDNS module for a different
Python version then you must specify the desired Python version by setting
the ``PYTHON_VERSION`` variable during the configure phase::
> PYTHON_VERSION=3.2 ./configure --with-pyldns
> make
By default the pyLDNS compiles from sources for a single Python interpreter.
Remember to execute scripts requiring pyLDNS in those Python interpreters which
have pyLDNS installed.
**Testing**
If the compilation is successfull, you can test the python LDNS extension module by::
If the compilation is successful, you can test the python LDNS extension module
by executing the commands::
> cd contrib/python
> make testenv
> ./ldns-mx.py
This will start a new shell, during which the symbolic links will be working.
When you exit the shell, then symbolic links will be deleted.
Again, remember to use the Python interpreter version which the pyLDNS module
has been compiled with.
In ``contrib/examples`` you can find many simple applications in python which demostrates the capabilities of LDNS library.
The commands will start a new shell, in which several symbolic links will be
set-up. When you exit the shell, then symbolic links will be deleted.
In ``contrib/python/examples`` several simple Python scripts utilising pyLDNS
can be found. These scripts demonstrate the capabilities of the LDNS library.
**Installation**
To install libraries and extension type::
To install the libraries and it's extensions type::
> cd ldns-1.4.1
> cd ldns-1.6.13
> make install

2
contrib/python/examples/ldns-keygen.py
View File

@ -7,7 +7,7 @@
algorithm = ldns.LDNS_SIGN_DSA
bits = 512
ldns.ldns_init_random(open("/dev/random","rb"), (bits+7)//8)
ldns.ldns_init_random(open("/dev/urandom","rb"), (bits+7)//8)
domain = ldns.ldns_dname("example.")

65
contrib/python/examples/python3/ldns-signzone.py Executable file
View File

@ -0,0 +1,65 @@
#!/usr/bin/python
# This example shows how to sign a given zone file with private key
import ldns
import sys, os, time
#private key TAG which identifies the private key
#use ldns-keygen.py in order to obtain private key
keytag = 30761
# Read zone file
#-------------------------------------------------------------
zone = ldns.ldns_zone.new_frm_fp(open("zone.txt","r"), None, 0, ldns.LDNS_RR_CLASS_IN)
soa = zone.soa()
origin = soa.owner()
# Prepare keys
#-------------------------------------------------------------
#Read private key from file
keyfile = open("key-%s-%d.private" % (origin, keytag), "r");
key = ldns.ldns_key.new_frm_fp(keyfile)
#Read public key from file
pubfname = "key-%s-%d.key" % (origin, keytag)
pubkey = None
if os.path.isfile(pubfname):
pubkeyfile = open(pubfname, "r");
pubkey,_,_,_ = ldns.ldns_rr.new_frm_fp(pubkeyfile)
if not pubkey:
#Create new public key
pubkey = key.key_to_rr()
#Set key expiration
key.set_expiration(int(time.time()) + 365*60*60*24) #365 days
#Set key owner (important step)
key.set_pubkey_owner(origin)
#Insert DNSKEY RR
zone.push_rr(pubkey)
# Sign zone
#-------------------------------------------------------------
#Create keylist and push private key
keys = ldns.ldns_key_list()
keys.push_key(key)
#Add SOA
signed_zone = ldns.ldns_dnssec_zone()
signed_zone.add_rr(soa)
#Add RRs
for rr in zone.rrs().rrs():
print("RR:", str(rr), end=" ")
signed_zone.add_rr(rr)
added_rrs = ldns.ldns_rr_list()
status = signed_zone.sign(added_rrs, keys)
if (status == ldns.LDNS_STATUS_OK):
signed_zone.print_to_file(open("zone_signed.txt","w"))

843
contrib/python/examples/test_buffer.py Executable file
View File

@ -0,0 +1,843 @@
#!/usr/bin/env python
#
# ldns_buffer testing script.
#
# Do not use constructs that differ between Python 2 and 3.
# Use write on stdout or stderr.
#
import ldns
import sys
import os
import inspect
class_name = "ldns_buffer"
method_name = None
error_detected = False
def set_error():
"""
Writes an error message and sets error flag.
"""
global class_name
global method_name
global error_detected
error_detected = True
sys.stderr.write("(line %d): malfunctioning method %s.\n" % \
(inspect.currentframe().f_back.f_lineno, method_name))
# Buffer creation.
capacity = 1024
#if not error_detected:
if True:
method_name = "ldns_buffer.__init__()"
try:
buf = ldns.ldns_buffer(1024)
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_buffer.__str__()"
buf.printf("abcedf")
try:
string = buf.__str__()
except:
set_error()
if not isinstance(string, str):
# Should be string.
set_error()
buf.clear()
#if not error_detected:
if True:
method_name = "ldns_buffer.at()"
try:
ret = buf.at(512)
except:
set_error()
try:
# Must raise TypeError.
ret = buf.at("")
set_error()
except TypeError:
pass
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_buffer.available()"
try:
ret = buf.available(capacity)
except:
set_error()
if not isinstance(ret, bool):
# Should be bool.
set_error()
if not buf.available(capacity):
# Should return True.
set_error()
if buf.available(capacity + 1):
# Should return False.
set_error()
try:
# Must raise TypeError.
ret = buf.available("")
set_error()
except TypeError:
pass
except:
set_error()
# try:
# # Must raise ValueError.
# ret = buf.available("")
# set_error()
# except ValueError:
# pass
# except:
# set_error()
#if not error_detected:
if True:
method_name = "ldns_buffer.available_at()"
try:
ret = buf.available_at(512, capacity - 512)
except:
set_error()
if not isinstance(ret, bool):
# Should be bool.
set_error()
if not buf.available_at(512, capacity - 512):
# Should return True.
set_error()
if buf.available_at(512, capacity - 512 + 1):
# Should return False.
set_error()
try:
# Must raise TypeError.
ret = buf.available_at("", 1)
set_error()
except TypeError:
pass
except:
set_error()
try:
# Must raise TypeError.
ret = buf.available_at(1, "")
set_error()
except TypeError:
pass
except:
set_error()
# try:
# # Must raise ValueError.
# ret = buf.available_at(-1, 512)
# set_error()
# except ValueError:
# pass
# except:
# set_error()
# try:
# # Must raise ValueError.
# ret = buf.available_at(512, -1)
# set_error()
# except ValueError:
# pass
# except:
# set_error()
#if not error_detected:
if True:
method_name = "ldns_buffer.begin()"
try:
ret = buf.begin()
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_buffer.capacity()"
try:
ret = buf.capacity()
except:
set_error()
if not isinstance(ret, int):
# Should be int.
set_error()
#if not error_detected:
if True:
method_name = "ldns_buffer.clear()"
try:
buf.clear()
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_buffer.copy()"
sys.stderr.write("%s not tested.\n" % (method_name))
# buf2 = ldns.ldns_buffer(10)
# buf2.printf("abcdef")
# try:
# buf.copy(buf2)
# print buf.capacity()
# print buf2.capacity()
# except:
# set_error()
# buf.printf("2")
# print buf
#if not error_detected:
if True:
method_name = "ldns_buffer.current()"
try:
ret = buf.current()
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_buffer.end()"
try:
ret = buf.end()
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_buffer.export()"
sys.stderr.write("%s not tested.\n" % (method_name))
#if not error_detected:
if True:
mehod_name = "ldns_buffer.flip()"
buf.printf("abcdef")
try:
buf.flip()
except:
set_error()
# if buf.remaining() != capacity:
# # Should be at beginning.
# set_error()
buf.clear()
#if not error_detected:
if True:
method_name = "ldns_buffer.getc()"
buf.printf("a")
buf.rewind()
try:
ret = buf.getc()
except:
set_error()
if ret != ord("a"):
set_error()
# Test return value for -1
buf.clear()
#if not error_detected:
if True:
method_name = "ldns_buffer.invariant()"
try:
buf.invariant()
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_buffer.limit()"
try:
ret = buf.limit()
except:
set_error()
if ret != capacity:
set_error()
#if not error_detected:
if True:
method_name = "ldns_buffer.position()"
try:
ret = buf.position()
except:
set_error()
if not isinstance(ret, int):
set_error()
#if not error_detected:
if True:
method_name = "ldns_buffer.printf()"
try:
ret = buf.printf("abcdef")
except:
set_error()
if not isinstance(ret, int):
set_error()
try:
ret = buf.printf(10)
set_error()
except TypeError:
pass
except:
set_error()
buf.clear()
#if not error_detected:
if True:
method_name = "ldns_buffer.read()"
sys.stderr.write("%s not tested.\n" % (method_name))
#if not error_detected:
if True:
method_name = "ldns_buffer.read_at()"
sys.stderr.write("%s not tested.\n" % (method_name))
#if not error_detected:
if True:
method_name = "ldns_buffer.read_u16()"
buf.printf("aac")
buf.rewind()
try:
ret = buf.read_u16()
except:
set_error()
if not isinstance(ret, int):
set_error()
if ret != (ord("a") * 0x0101):
set_error()
buf.clear()
#if not error_detected:
if True:
method_name = "ldns_buffer.read_u16_at()"
buf.printf("abbc")
try:
ret = buf.read_u16_at(1)
except:
set_error()
if not isinstance(ret, int):
set_error()
if ret != (ord("b") * 0x0101):
set_error()
try:
ret = buf.read_u16_at("")
set_error()
except TypeError:
pass
except:
set_error()
# try:
# ret = buf.read_u16_at(-1)
# set_error()
# except ValueError:
# pass
# except:
# set_error()
buf.clear()
#if not error_detected:
if True:
method_name = "ldns_buffer.read_u32()"
buf.printf("aaaac")
buf.rewind()
try:
ret = buf.read_u32()
except:
set_error()
if not isinstance(ret, int):
set_error()
if ret != (ord("a") * 0x01010101):
set_error()
buf.clear()
#if not error_detected:
if True:
method_name = "ldns_buffer.read_u32_at()"
buf.printf("abbbbc")
try:
ret = buf.read_u32_at(1)
except:
set_error()
if not isinstance(ret, int):
set_error()
if ret != (ord("b") * 0x01010101):
set_error()
try:
ret = buf.read_u32_at("")
set_error()
except TypeError:
pass
except:
set_error()
# try:
# ret = buf.read_u32_at(-1)
# set_error()
# except ValueError:
# pass
# except:
# set_error()
buf.clear()
#if not error_detected:
if True:
method_name = "ldns_buffer.read_u8()"
buf.printf("ac")
buf.rewind()
try:
ret = buf.read_u8()
except:
set_error()
if not isinstance(ret, int):
set_error()
if ret != ord("a"):
set_error()
buf.clear()
#if not error_detected:
if True:
method_name = "ldns_buffer.read_u8_at()"
buf.printf("abc")
try:
ret = buf.read_u8_at(1)
except:
set_error()
if not isinstance(ret, int):
set_error()
if ret != ord("b"):
set_error()
try:
ret = buf.read_u8_at("")
set_error()
except TypeError:
pass
except:
set_error()
# try:
# ret = buf.read_u8_at(-1)
# set_error()
# except ValueError:
# pass
# except:
# set_error()
buf.clear()
#if not error_detected:
if True:
method_name = "ldns_buffer.remaining()"
buf.printf("abcdef")
try:
ret = buf.remaining()
except:
set_error()
if not isinstance(ret, int):
set_error()
if ret != (capacity - 6):
set_error()
buf.clear()
#if not error_detected:
if True:
method_name = "ldns_buffer.remaining_at()"
buf.printf("abcdef")
try:
ret = buf.remaining_at(1)
except:
set_error()
if not isinstance(ret, int):
set_error()
if ret != (capacity - 1):
set_error()
try:
ret = buf.remaining_at("")
set_error()
except TypeError:
pass
except:
set_error()
# try:
# ret = buf.remaining_at(-1)
# set_error()
# except ValueError:
# pass
# except:
# set_error()
buf.clear()
#if not error_detected:
if True:
method_name = "ldns_buffer.reserve()"
buf2 = ldns.ldns_buffer(512)
try:
ret = buf2.reserve(1024)
except:
set_error()
if not isinstance(ret, bool):
set_error()
try:
ret = buf2.reserve("")
set_error()
except TypeError:
pass
except:
set_error()
# try:
# ret = buf2.reserve(-1)
# set_error()
# except ValueError:
# pass
# except:
# set_error()
#if not error_detected:
if True:
method_name = "ldns_buffer.rewind()"
buf.printf("abcdef")
try:
buf.rewind()
except:
set_error()
if buf.position() != 0:
set_error()
buf.clear()
#if not error_detected:
if True:
method_name = "ldns_buffer.set_capacity()"
try:
ret = buf.set_capacity(capacity)
except:
set_error()
if not isinstance(ret, bool):
set_error()
try:
ret = buf.set_capacity("")
set_error()
except TypeError:
pass
except:
set_error()
# try:
# ret = buf.set_capacity(-1)
# set_error()
# except ValueError:
# pass
# except:
# set_error()
buf.clear()
#if not error_detected:
if True:
method_name = "ldns_buffer.set_limit()"
try:
buf.set_limit(0)
except:
set_error()
try:
buf.set_limit("")
set_error()
except TypeError:
pass
except:
set_error()
# try:
# buf.set_limit(-1)
# set_error()
# except ValueError:
# pass
# except:
# set_error()
buf.clear()
#if not error_detected:
if True:
method_name = "ldns_buffer.set_position()"
try:
buf.set_position(0)
except:
set_error()
try:
buf.set_position("")
except TypeError:
pass
except:
set_error()
# try:
# buf.set_position(-1)
# except ValueError:
# pass
# except:
# set_error()
buf.clear()
#if not error_detected:
if True:
method_name = "ldns_buffer.skip()"
try:
buf.skip(10)
except:
set_error()
try:
buf.skip(-1)
except:
set_error()
try:
buf.skip("")
set_error()
except TypeError:
pass
except:
set_error()
buf.clear()
#if not error_detected:
if True:
method_name = "ldns_buffer.status()"
try:
ret = buf.status()
except:
set_error()
# Returned status is an integer.
if not isinstance(ret, int):
set_error()
buf.clear()
#if not error_detected:
if True:
method_name = "ldns_buffer.status_ok()"
try:
ret = buf.status_ok()
except:
set_error()
if not isinstance(ret, bool):
set_error()
buf.clear()
#if not error_detected:
if True:
method_name = "ldns_buffer.write()"
sys.stderr.write("%s not tested.\n" % (method_name))
#if not error_detected:
if True:
method_name = "ldns_buffer.write_at()"
sys.stderr.write("%s not tested.\n" % (method_name))
#if not error_detected:
if True:
method_name = "ldns_buffer.write_string()"
try:
buf.write_string("abcdef")
except:
set_error()
# try:
# buf.write_sring(-1)
# set_error()
# except TypeError:
# pass
# except:
# set_error()
sys.stderr.write("%s not tested for parameter correctness.\n" % \
(method_name))
buf.clear()
#if not error_detected:
if True:
method_name = "ldns_buffer.write_string_at()"
sys.stderr.write("%s not tested.\n" % (method_name))
#if not error_detected:
if True:
method_name = "ldns_buffer.write_u16()"
try:
buf.write_u16(ord("b") * 0x0101)
except:
set_error()
try:
buf.write_u16("")
set_error()
except TypeError:
pass
except:
set_error()
buf.clear()
#if not error_detected:
if True:
method_name = "ldns_buffer.write_u16_at()"
buf.printf("a")
try:
buf.write_u16_at(1, ord("b") * 0x0101)
except:
set_error()
try:
buf.write_u16_at("", ord("b") * 0x0101)
set_error()
except TypeError:
pass
except:
set_error()
# try:
# buf.write_u16_at(-1, ord("b") * 0x0101)
# set_error()
# except ValueError:
# pass
# except:
# set_error()
try:
buf.write_u16_at(1, "")
set_error()
except TypeError:
pass
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_buffer.write_u32()"
try:
buf.write_u32(ord("b") * 0x01010101)
except:
set_error()
try:
buf.write_u32("")
set_error()
except TypeError:
pass
except:
set_error()
buf.clear()
#if not error_detected:
if True:
method_name = "ldns_buffer.write_u32_at()"
buf.printf("a")
try:
buf.write_u32_at(1, ord("b") * 0x01010101)
except:
set_error()
try:
buf.write_u32_at("", ord("b") * 0x01010101)
set_error()
except TypeError:
pass
except:
set_error()
# try:
# buf.write_u32_at(-1, ord("b") * 0x01010101)
# set_error()
# except ValueError:
# pass
# except:
# set_error()
try:
buf.write_u32_at(1, "")
set_error()
except TypeError:
pass
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_buffer.write_u8()"
try:
buf.write_u8(ord("b"))
except:
set_error()
try:
buf.write_u8("")
set_error()
except TypeError:
pass
except:
set_error()
buf.clear()
#if not error_detected:
if True:
method_name = "ldns_buffer.write_u8_at()"
buf.printf("a")
try:
buf.write_u8_at(1, ord("b"))
except:
set_error()
try:
buf.write_u8_at("", ord("b"))
set_error()
except TypeError:
pass
except:
set_error()
# try:
# buf.write_u8_at(-1, ord("b"))
# set_error()
# except ValueError:
# pass
# except:
# set_error()
try:
buf.write_u8_at(1, "")
set_error()
except TypeError:
pass
except:
set_error()
if not error_detected:
sys.stdout.write("%s: passed.\n" % (os.path.basename(__file__)))
else:
sys.stdout.write("%s: errors detected.\n" % (os.path.basename(__file__)))
sys.exit(1)

474
contrib/python/examples/test_dname.py Executable file
View File

@ -0,0 +1,474 @@
#!/usr/bin/env python
#
# ldns_dname testing script.
#
# Do not use constructs that differ between Python 2 and 3.
# Use write on stdout or stderr.
#
import ldns
import sys
import os
import inspect
class_name = "ldns_dname"
method_name = None
error_detected = False
temp_fname = "tmp_dname.txt"
def set_error():
"""
Writes an error message and sets error flag.
"""
global class_name
global method_name
global error_detected
error_detected = True
sys.stderr.write("(line %d): malfunctioning method %s.\n" % \
(inspect.currentframe().f_back.f_lineno, method_name))
#if not error_detected:
if True:
method_name = class_name + ".__init__()"
rdf1 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "test.nic.cz.")
rdf2 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "217.31.205.50")
try:
dname = ldns.ldns_dname("www.nic.cz.")
if not isinstance(dname, ldns.ldns_dname):
set_error()
except:
set_error()
#
# Error when printing a dname wich was created fron an empty string.
# Must find out why.
#
try:
dname = ldns.ldns_dname(rdf1)
if not isinstance(dname, ldns.ldns_dname):
set_error()
except:
set_error()
# Test whether rdf1 and dname independent.
dname.cat(dname)
if dname.__str__() == rdf1.__str__():
set_error()
# Test whether rdf1 and dname are dependent.
dname = ldns.ldns_dname(rdf1, clone=False)
dname.cat(dname)
if dname.__str__() != rdf1.__str__():
set_error()
# Test whether constructs from non-dname rdfs.
try:
dname = ldns.ldns_dname(rdf2)
set_error()
except TypeError:
pass
except:
set_error()
try:
dname = ldns.ldns_dname(1)
set_error()
except TypeError:
pass
except:
set_error()
#if not error_detected:
if True:
method_name = class_name + ".[comparison operators]"
dn1 = ldns.ldns_dname("a.test")
dn2 = ldns.ldns_dname("b.test")
try:
ret = dn1 < dn2
if not isinstance(ret, bool):
set_error()
if ret != True:
set_error()
except:
set_error()
try:
ret = dn2 < dn1
if not isinstance(ret, bool):
set_error()
if ret != False:
set_error()
except:
set_error()
try:
ret = dn1 <= dn2
if not isinstance(ret, bool):
set_error()
if ret != True:
set_error()
except:
set_error()
try:
ret = dn2 <= dn1
if not isinstance(ret, bool):
set_error()
if ret != False:
set_error()
except:
set_error()
try:
ret = dn1 == dn2
if not isinstance(ret, bool):
set_error()
if ret != False:
set_error()
except:
set_error()
try:
ret = dn1 == dn1
if not isinstance(ret, bool):
set_error()
if ret != True:
set_error()
except:
set_error()
try:
ret = dn1 != dn2
if not isinstance(ret, bool):
set_error()
if ret != True:
set_error()
except:
set_error()
try:
ret = dn1 != dn1
if not isinstance(ret, bool):
set_error()
if ret != False:
set_error()
except:
set_error()
try:
ret = dn1 > dn2
if not isinstance(ret, bool):
set_error()
if ret != False:
set_error()
except:
set_error()
try:
ret = dn2 > dn1
if not isinstance(ret, bool):
set_error()
if ret != True:
set_error()
except:
set_error()
try:
ret = dn1 >= dn2
if not isinstance(ret, bool):
set_error()
if ret != False:
set_error()
except:
set_error()
try:
ret = dn2 >= dn1
if not isinstance(ret, bool):
set_error()
if ret != True:
set_error()
except:
set_error()
#if not error_detected:
if True:
method_name = class_name + ".absolute()"
dname = ldns.ldns_dname("www.nic.cz.")
try:
ret = dname.absolute()
if not isinstance(ret, bool):
set_error()
if ret != True:
set_error()
except:
set_error()
#if not error_detected:
if True:
method_name = class_name + ".cat()"
rdf1 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "test.nic.cz.")
rdf2 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "217.31.205.50")
dname = ldns.ldns_dname("www.nic.cz.")
try:
ret = dname.cat(dname)
if ret != ldns.LDNS_STATUS_OK:
set_error()
if dname.__str__() != "www.nic.cz.www.nic.cz.":
set_error()
except:
set_error()
try:
ret = dname.cat(rdf1)
if ret != ldns.LDNS_STATUS_OK:
set_error()
if dname.__str__() != "www.nic.cz.www.nic.cz.test.nic.cz.":
set_error()
except:
set_error()
try:
ret = dname.cat(rdf2)
if ret == ldns.LDNS_STATUS_OK:
set_error()
except:
set_error()
try:
ret = dname.cat("")
set_error()
except TypeError:
pass
except:
set_error()
#if not error_detected:
if True:
method_name = class_name + ".cat_clone()"
rdf1 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "test.nic.cz.")
rdf2 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "217.31.205.50")
dname = ldns.ldns_dname("www.nic.cz.")
try:
ret = dname.cat_clone(dname)
if not isinstance(ret, ldns.ldns_dname):
set_error()
if ret.__str__() != "www.nic.cz.www.nic.cz.":
set_error()
except:
set_error()
try:
ret = dname.cat_clone(rdf1)
if not isinstance(ret, ldns.ldns_dname):
set_error()
if ret.__str__() != "www.nic.cz.test.nic.cz.":
set_error()
except:
set_error()
try:
ret = dname.cat_clone(rdf2)
if ret != None:
set_error()
except:
set_error()
try:
ret = dname.cat_clone("")
except TypeError:
pass
except:
set_error()
#if not error_detected:
if True:
method_name = class_name + ".interval()"
dn1 = ldns.ldns_dname("a.ns.nic.cz.")
dn2 = ldns.ldns_dname("b.ns.nic.cz.")
dn3 = ldns.ldns_dname("c.ns.nic.cz.")
try:
ret = dn1.interval(dn2, dn3)
if ret != -1:
set_error()
except:
set_error()
try:
ret = dn2.interval(dn1, dn3)
if ret != 1:
set_error()
except:
set_error()
rdf4 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "d.ns.nic.cz.")
rdf5 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "194.0.12.1")
try:
ret = dn1.interval(dn2, rdf4)
if ret != -1:
set_error()
except:
set_error()
try:
ret = dn2.interval(dn1, rdf4)
if ret != 1:
set_error()
except:
set_error()
try:
ret = dn1.interval(dn2, rdf5)
set_error()
except Exception:
pass
except:
set_error()
try:
ret = dn1.interval(dn2, "")
set_error()
except TypeError:
pass
except:
set_error()
#if not error_detected:
if True:
method_name = class_name + ".is_subdomain()"
dn1 = ldns.ldns_dname("nic.cz.")
dn2 = ldns.ldns_dname("www.nic.cz.")
rdf3 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.")
try:
ret = dn1.is_subdomain(dn2)
if not isinstance(ret, bool):
set_error()
if ret == True:
set_error()
ret = dn2.is_subdomain(dn1)
if ret != True:
set_error()
except:
set_error()
try:
ret = dn1.is_subdomain(rdf3)
if not isinstance(ret, bool):
set_error()
if ret == True:
set_error()
except:
set_error()
rdf4 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "194.0.12.1")
try:
ret = dn1.is_subdomain(rdf4)
if ret != False:
set_error()
except:
set_error()
try:
ret = dn1.is_subdomain("")
set_error()
except TypeError:
pass
except:
set_error()
#if not error_detected:
if True:
method_name = class_name + ".label()"
dn = ldns.ldns_dname("nic.cz.")
try:
ret = dn.label(0)
if not isinstance(ret, ldns.ldns_dname):
set_error()
except:
set_error()
try:
ret = dn.label(10)
if ret != None:
set_error()
except:
set_error()
try:
ret = dn.label("")
except TypeError:
pass
except:
set_error()
#if not error_detected:
if True:
method_name = class_name + ".label_count()"
dn = ldns.ldns_dname("www.nic.cz.")
try:
ret = dn.label_count()
if not isinstance(ret, int):
set_error()
if ret != 3:
set_error()
except:
set_error()
#if not error_detected:
if True:
method_name = class_name + ".left_chop()"
dn = ldns.ldns_dname("www.nic.cz.")
try:
ret = dn.left_chop()
if not isinstance(ret, ldns.ldns_dname):
set_error()
except:
set_error()
#if not error_detected:
if True:
method_name = class_name + ".make_canonical()"
dn = ldns.ldns_dname("WWW.NIC.CZ.")
try:
dn.make_canonical()
if dn.__str__() != "www.nic.cz.":
set_error()
except:
set_error()
#if not error_detected:
if True:
method_name = class_name + ".new_frm_rdf()"
# Tested via constructor call.
#if not error_detected:
if True:
method_name = class_name + ".new_frm_str()"
# Tested via constructor call.
#if not error_detected:
if True:
method_name = class_name + ".reverse()"
dn = ldns.ldns_dname("www.nic.cz.")
try:
ret = dn.reverse()
if not isinstance(ret, ldns.ldns_dname):
set_error()
if ret.__str__() != "cz.nic.www.":
set_error()
except:
set_error()
#if not error_detected:
if True:
method_name = class_name + ".write_to_buffer()"
dn = ldns.ldns_dname("www.nic.cz.")
buf = ldns.ldns_buffer(1024)
try:
ret = dn.write_to_buffer(buf)
if ret != ldns.LDNS_STATUS_OK:
set_error()
if buf.position() != 12:
set_error()
except:
set_error()
try:
ret = dn.write_to_buffer("")
except TypeError:
pass
except:
set_error()
if not error_detected:
sys.stdout.write("%s: passed.\n" % (os.path.basename(__file__)))
else:
sys.stdout.write("%s: errors detected.\n" % (os.path.basename(__file__)))
sys.exit(1)

805
contrib/python/examples/test_rdf.py Executable file
View File

@ -0,0 +1,805 @@
#!/usr/bin/env python
#
# ldns_rdf testing script.
#
# Do not use constructs that differ between Python 2 and 3.
# Use write on stdout or stderr.
#
import ldns
import sys
import os
import inspect
class_name = "ldns_rdf"
method_name = None
error_detected = False
temp_fname = "tmp_rdf.txt"
def set_error():
"""
Writes an error message and sets error flag.
"""
global class_name
global method_name
global error_detected
error_detected = True
sys.stderr.write("(line %d): malfunctioning method %s.\n" % \
(inspect.currentframe().f_back.f_lineno, method_name))
#if not error_detected:
if True:
method_name = class_name + ".__init__()"
try:
# Should raise an Exception
rdf = ldns.ldns_rdf()
set_error()
except Exception as e:
pass
#if not error_detected:
if True:
method_name = class_name + ".[comparison operators]"
rdf1 = ldns.ldns_rdf.new_frm_str("0.0.0.0", ldns.LDNS_RDF_TYPE_A)
rdf2 = ldns.ldns_rdf.new_frm_str("1.1.1.1", ldns.LDNS_RDF_TYPE_A)
try:
ret = rdf1 < rdf2
if not isinstance(ret, bool):
set_error()
if ret != True:
set_error()
except:
set_error()
try:
ret = rdf2 < rdf1
if not isinstance(ret, bool):
set_error()
if ret != False:
set_error()
except:
set_error()
try:
ret = rdf1 <= rdf2
if not isinstance(ret, bool):
set_error()
if ret != True:
set_error()
except:
set_error()
try:
ret = rdf2 <= rdf1
if not isinstance(ret, bool):
set_error()
if ret != False:
set_error()
except:
set_error()
try:
ret = rdf1 == rdf2
if not isinstance(ret, bool):
set_error()
if ret != False:
set_error()
except:
set_error()
try:
ret = rdf1 == rdf1
if not isinstance(ret, bool):
set_error()
if ret != True:
set_error()
except:
set_error()
try:
ret = rdf1 != rdf2
if not isinstance(ret, bool):
set_error()
if ret != True:
set_error()
except:
set_error()
try:
ret = rdf1 != rdf1
if not isinstance(ret, bool):
set_error()
if ret != False:
set_error()
except:
set_error()
try:
ret = rdf1 > rdf2
if not isinstance(ret, bool):
set_error()
if ret != False:
set_error()
except:
set_error()
try:
ret = rdf2 > rdf1
if not isinstance(ret, bool):
set_error()
if ret != True:
set_error()
except:
set_error()
try:
ret = rdf1 >= rdf2
if not isinstance(ret, bool):
set_error()
if ret != False:
set_error()
except:
set_error()
try:
ret = rdf2 >= rdf1
if not isinstance(ret, bool):
set_error()
if ret != True:
set_error()
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_rdf_new()"
sys.stderr.write("%s not tested.\n" % (method_name))
#if not error_detected:
if True:
method_name = "ldns_rdf_new_frm_data()"
sys.stderr.write("%s not tested.\n" % (method_name))
#if not error_detected:
if True:
method_name = "ldns_rdf_new_frm_str()"
try:
rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz")
except:
set_error()
try:
rdf = ldns.ldns_rdf_new_frm_str("", "www.nic.cz")
et_error()
except TypeError:
pass
except:
set_error()
try:
rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, 1)
except TypeError:
pass
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_rdf_new_frm_fp()"
f = open(temp_fname, "w")
f.write("217.31.205.50")
f.close()
f = open(temp_fname, "r")
try:
status, rdf = ldns.ldns_rdf_new_frm_fp(ldns.LDNS_RDF_TYPE_A, f)
if status != ldns.LDNS_STATUS_OK:
set_error()
if rdf == None:
set_error()
except:
set_error()
try:
# Reading past file end.
status, rdf = ldns.ldns_rdf_new_frm_fp(ldns.LDNS_RDF_TYPE_AAAA, f)
if status == ldns.LDNS_STATUS_OK:
set_error()
if rdf != None:
set_error()
except:
set_error()
f.close()
f = open(temp_fname, "r")
try:
status, rdf = ldns.ldns_rdf_new_frm_fp(ldns.LDNS_RDF_TYPE_AAAA, f)
if status != ldns.LDNS_STATUS_OK:
set_error()
if rdf != None:
set_error()
except:
set_error()
f.close()
os.remove(temp_fname)
try:
status, rdf = ldns.ldns_rdf_new_frm_fp("", f)
except TypeError:
pass
except:
set_error()
try:
status, rdf = ldns.ldns_rdf_new_frm_fp(ldns.LDNS_RDF_TYPE_AAAA, "")
except TypeError:
pass
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_rdf_new_frm_fp_l()"
f = open(temp_fname, "w")
f.write("217.31.205.50\n194.0.12.1")
f.close()
f = open(temp_fname, "r")
try:
status, rdf, line = ldns.ldns_rdf_new_frm_fp_l(ldns.LDNS_RDF_TYPE_A, f)
if status != ldns.LDNS_STATUS_OK:
set_error()
if rdf == None:
set_error()
except:
set_error()
try:
status, rdf, line = ldns.ldns_rdf_new_frm_fp_l(ldns.LDNS_RDF_TYPE_A, f)
if status != ldns.LDNS_STATUS_OK:
set_error()
if rdf == None:
set_error()
except:
set_error()
try:
# Reading past file end.
status, rdf, line = ldns.ldns_rdf_new_frm_fp_l(ldns.LDNS_RDF_TYPE_A, f)
if status == ldns.LDNS_STATUS_OK:
set_error()
if rdf != None:
set_error()
except:
set_error()
f.close()
os.remove(temp_fname)
try:
status, rdf = ldns.ldns_rdf_new_frm_fp_l("", f)
except TypeError:
pass
except:
set_error()
try:
status, rdf = ldns.ldns_rdf_new_frm_fp_l(ldns.LDNS_RDF_TYPE_AAAA, "")
except TypeError:
pass
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_drf.absolute()"
rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.")
try:
ret = rdf.absolute()
if not isinstance(ret, bool):
set_error()
if not ret:
set_error()
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_rdf.address_reverse()"
rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "194.0.12.1")
try:
ret = rdf.address_reverse()
if ret == None:
set_error()
except:
set_error()
rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_AAAA, "::1")
try:
ret = rdf.address_reverse()
if ret == None:
set_error()
except:
set_error()
rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.")
try:
ret = rdf.address_reverse()
if ret != None:
set_error()
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_rdf.cat()"
rdf1 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic")
rdf2 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "cz.")
try:
ret = rdf1.cat(rdf2)
if ret != ldns.LDNS_STATUS_OK:
set_error()
except:
set_error()
rdf1 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.")
rdf2 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "127.0.0.1")
try:
ret = rdf1.cat(rdf2)
if ret == ldns.LDNS_STATUS_OK:
set_error()
except:
set_error()
try:
ret = rdf2.cat(rdf1)
if ret == ldns.LDNS_STATUS_OK:
set_error()
except:
set_error()
try:
ret = rdf2.cat("")
set_error()
except TypeError:
pass
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_rdf.cat_clone()"
rdf1 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic")
rdf2 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "cz.")
try:
ret = rdf1.cat_clone(rdf2)
if ret == None:
set_error()
except:
set_error()
rdf1 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.")
rdf2 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "127.0.0.1")
try:
ret = rdf1.cat_clone(rdf2)
if ret != None:
set_error()
except:
set_error()
try:
ret = rdf2.cat_clone(rdf1)
if ret != None:
set_error()
except:
set_error()
try:
ret = rdf2.cat_clone("")
set_error()
except TypeError:
pass
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_rdf.clone()"
rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.")
try:
ret = rdf.clone()
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_rdf.data()"
rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.")
try:
ret = rdf.data()
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_rdf.dname_compare()"
rdf1 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.")
rdf2 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "nic.cz.")
try:
ret = rdf1.dname_compare(rdf2)
if ret != 1:
set_error()
except:
set_error()
try:
ret = rdf2.dname_compare(rdf1)
if ret != -1:
set_error()
except:
set_error()
try:
ret = rdf1.dname_compare(rdf1)
if ret != 0:
set_error()
except:
set_error()
rdf1 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.")
rdf2 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "127.0.0.1")
try:
ret = rdf1.dname_compare(rdf2)
set_error()
except Exception:
pass
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_rdf.dname_new_frm_str()"
try:
rdf = ldns.ldns_rdf.dname_new_frm_str("www.nic.cz.")
if rdf == None:
set_error()
except:
set_error()
try:
rdf = ldns.ldns_rdf.dname_new_frm_str("")
if rdf != None:
set_error()
except:
set_error()
try:
rdf = ldns.ldns_rdf.dname_new_frm_str(1)
set_error()
except TypeError:
pass
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_rdf.get_type()"
rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.")
try:
ret = rdf.get_type()
if not isinstance(ret, int):
set_error()
if ret != ldns.LDNS_RDF_TYPE_DNAME:
set_error()
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_rdf.get_type_str()"
rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.")
try:
ret = rdf.get_type_str()
if not isinstance(ret, str):
set_error()
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_rdf.interval()"
rdf1 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "a.ns.nic.cz.")
rdf2 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "b.ns.nic.cz.")
rdf3 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "c.ns.nic.cz.")
try:
ret = rdf1.interval(rdf2, rdf3)
if ret != -1:
set_error()
except:
set_error()
try:
ret = rdf2.interval(rdf1, rdf3)
if ret != 1:
set_error()
except:
set_error()
rdf1 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "194.0.12.1")
rdf2 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "b.ns.nic.cz.")
rdf3 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "c.ns.nic.cz.")
try:
ret = rdf1.interval(rdf2, rdf3)
set_error()
except Exception:
pass
except:
set_error()
try:
ret = rdf2.interval("", rdf3)
set_error()
except TypeError:
pass
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_rdf.is_subdomain()"
rdf1 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "nic.cz.")
rdf2 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.")
try:
ret = rdf1.is_subdomain(rdf2)
if not isinstance(ret, bool):
set_error()
if ret == True:
set_error()
ret = rdf2.is_subdomain(rdf1)
if ret != True:
set_error()
except:
set_error()
rdf1 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "194.0.12.1")
rdf2 = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.")
try:
ret = rdf1.is_subdomain(rdf2)
if ret != False:
set_error()
except:
set_error()
try:
ret = rdf2.is_subdomain(rdf1)
if ret != False:
set_error()
except:
set_error()
try:
ret = rdf2.is_subdomain("")
set_error()
except TypeError:
pass
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_rdf.label()"
rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.")
try:
ret = rdf.label(0)
if not isinstance(ret, ldns.ldns_rdf):
set_error()
except:
set_error()
try:
ret = rdf.label(10)
if ret != None:
set_error()
except:
set_error()
try:
ret = rdf.label("")
except TypeError:
pass
except:
set_error()
rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "127.0.0.1")
try:
ret = rdf.label(0)
if ret != None:
set_error()
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_rdf.label_count()"
rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.")
try:
ret = rdf.label_count()
if not isinstance(ret, int):
set_error()
if ret != 3:
set_error()
except:
set_error()
rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "127.0.0.1")
try:
ret = rdf.label_count()
if not isinstance(ret, int):
set_error()
if ret != 0:
set_error()
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_rdf.left_chop()"
rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.")
try:
ret = rdf.left_chop()
if not isinstance(ret, ldns.ldns_rdf):
set_error()
except:
set_error()
rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "127.0.0.1")
try:
ret = rdf.left_chop()
if ret != None:
set_error()
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_rdf.make_canonical()"
rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "WWW.NIC.CZ.")
try:
rdf.make_canonical()
if rdf.__str__() != "www.nic.cz.":
set_error()
except:
set_error()
rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "127.0.0.1")
try:
rdf.make_canonical()
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_rdf.new_frm_str()"
try:
rdf = ldns.ldns_rdf.new_frm_str("www.nic.cz.", ldns.LDNS_RDF_TYPE_DNAME)
except:
set_error()
try:
rdf = ldns.ldns_rdf.new_frm_str("www.nic.cz.", ldns.LDNS_RDF_TYPE_AAAA)
set_error()
except Exception:
pass
except:
set_error()
try:
rdf = ldns.ldns_rdf.new_frm_str("www.nic.cz.", ldns.LDNS_RDF_TYPE_AAAA, raiseException = False)
if rdf != None:
set_error()
except:
set_error()
try:
rdf = ldns.ldns_rdf.new_frm_str("", "www.nic.cz")
et_error()
except TypeError:
pass
except:
set_error()
try:
rdf = ldns.ldns_rdf.new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, 1)
except TypeError:
pass
except:
set_error()
#if not error_detected:
if True:
rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "127.0.0.1")
f = open(temp_fname, "w")
try:
rdf.print_to_file(f)
except:
set_error()
f.close()
f = open(temp_fname, "r")
if f.read() != "127.0.0.1":
set_error()
f.close()
os.remove(temp_fname)
#if not error_detected:
if True:
rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.")
try:
ret = rdf.reverse()
if not isinstance(ret, ldns.ldns_rdf):
set_error()
if ret.__str__() != "cz.nic.www.":
set_error()
except:
set_error()
rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_A, "127.0.0.1")
try:
ret = rdf.reverse()
if not isinstance(ret, ldns.ldns_rdf):
set_error()
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_rdf.set_data()"
sys.stderr.write("%s not tested.\n" % (method_name))
#if not error_detected:
if True:
method_name = "ldns_rdf.set_size()"
sys.stderr.write("%s not tested.\n" % (method_name))
#if not error_detected:
if True:
method_name = "ldns_rdf.set_type()"
sys.stderr.write("%s not tested.\n" % (method_name))
#if not error_detected:
if True:
method_name = "ldns_rdf.size()"
rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.")
try:
ret = rdf.size()
if ret != 12:
set_error()
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_rdf.write_to_buffer()"
rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "www.nic.cz.")
buf = ldns.ldns_buffer(1024)
try:
ret = rdf.write_to_buffer(buf)
if ret != ldns.LDNS_STATUS_OK:
set_error()
if buf.position() != 12:
set_error()
except:
set_error()
try:
ret = rdf.write_to_buffer("")
except TypeError:
pass
except:
set_error()
#if not error_detected:
if True:
method_name = "ldns_rdf.write_to_buffer_canonical()"
rdf = ldns.ldns_rdf_new_frm_str(ldns.LDNS_RDF_TYPE_DNAME, "WWW.NIC.CZ.")
buf = ldns.ldns_buffer(1024)
try:
ret = rdf.write_to_buffer_canonical(buf)
if ret != ldns.LDNS_STATUS_OK:
set_error()
if buf.position() != 12:
set_error()
except:
set_error()
try:
ret = rdf.write_to_buffer_canonical("")
except TypeError:
pass
except:
set_error()
if not error_detected:
sys.stdout.write("%s: passed.\n" % (os.path.basename(__file__)))
else:
sys.stdout.write("%s: errors detected.\n" % (os.path.basename(__file__)))
sys.exit(1)

2383
contrib/python/examples/test_rr.py Normal file
View File

File diff suppressed because it is too large Load Diff

3
contrib/python/file_py3.i
View File

@ -103,7 +103,8 @@ dispose_file(FILE **fp) {
%typemap(check, noblock = 1) FILE* {
if ($1 == NULL) {
SWIG_exception_fail(SWIG_ValueError, "in method '" "$symname" "', argument "
/* The generated wrapper function raises TypeError on mismatching types. */
SWIG_exception_fail(SWIG_TypeError, "in method '" "$symname" "', argument "
"$argnum"" of type '" "$type""'");
}
}

82
contrib/python/ldns.i
View File

@ -78,6 +78,36 @@
#endif
%include "typemaps.i"
/* ========================================================================= */
/* Preliminary Python code. */
/* ========================================================================= */
%pythoncode
%{
#
# Use and don't ignore DeprecationWarning and
# PendingDeprecationWarning.
#
import warnings
warnings.filterwarnings("module", category=DeprecationWarning)
warnings.filterwarnings("module", category=PendingDeprecationWarning)
%}
/* Tell SWIG how to handle ssize_t as input parameter. */
%typemap(in, noblock=1) (ssize_t)
{
int $1_res = 0;
$1_res = SWIG_AsVal_long($input, &$1);
if (!SWIG_IsOK($1_res)) {
SWIG_exception_fail(SWIG_ArgError($1_res), "in method '"
"$symname" "', argument " "$argnum" " of type '"
"$type""'");
}
}
%inline %{
struct timeval* ldns_make_timeval(uint32_t sec, uint32_t usec)
{
@ -97,8 +127,9 @@ uint32_t ldns_read_timeval_usec(struct timeval* t) {
%immutable ldns_error_str;
%immutable ldns_signing_algorithms;
//new_frm_fp_l
%apply int *OUTPUT { int *line_nr};
//*_new_frm_fp_l
%apply int *OUTPUT { (int *line_nr) };
%apply uint32_t *OUTPUT { uint32_t *default_ttl};
// wire2pkt
@ -192,8 +223,53 @@ typedef struct ldns_dnssec_zone { };
return tuple;
}
PyObject* ldns_rr_new_frm_fp_(FILE *fp, uint32_t default_ttl, ldns_rdf* origin, ldns_rdf* prev)
//returns tuple (status, ldns_rr, ttl, origin, prev)
{
uint32_t defttl = default_ttl;
uint32_t *p_defttl = &defttl;
if (defttl == 0) p_defttl = 0;
/* origin and prev have to be cloned in order to decouple the data
* from the python wrapper
*/
if (origin != NULL)
origin = ldns_rdf_clone(origin);
if (prev != NULL)
prev = ldns_rdf_clone(prev);
ldns_rdf *p_origin = origin;
ldns_rdf **pp_origin = &p_origin;
//if (p_origin == 0) pp_origin = 0;
ldns_rdf *p_prev = prev;
ldns_rdf **pp_prev = &p_prev;
//if (p_prev == 0) pp_prev = 0;
ldns_rr *p_rr = 0;
ldns_rr **pp_rr = &p_rr;
ldns_status st = ldns_rr_new_frm_fp(pp_rr, fp, p_defttl, pp_origin, pp_prev);
PyObject* tuple;
tuple = PyTuple_New(5);
int idx = 0;
PyTuple_SetItem(tuple, idx, SWIG_From_int(st));
idx++;
PyTuple_SetItem(tuple, idx, (st == LDNS_STATUS_OK) ?
SWIG_NewPointerObj(SWIG_as_voidptr(p_rr), SWIGTYPE_p_ldns_struct_rr, SWIG_POINTER_OWN | 0 ) :
(Py_INCREF(Py_None), Py_None));
idx++;
PyTuple_SetItem(tuple, idx, SWIG_From_int(defttl));
idx++;
PyTuple_SetItem(tuple, idx, SWIG_NewPointerObj(SWIG_as_voidptr(p_origin), SWIGTYPE_p_ldns_struct_rdf, SWIG_POINTER_OWN | 0 ));
idx++;
PyTuple_SetItem(tuple, idx, SWIG_NewPointerObj(SWIG_as_voidptr(p_prev), SWIGTYPE_p_ldns_struct_rdf, SWIG_POINTER_OWN | 0 ));
return tuple;
}
PyObject* ldns_rr_new_frm_fp_l_(FILE *fp, uint32_t default_ttl, ldns_rdf* origin, ldns_rdf* prev)
//returns tuple (status, ldns_rr, [line if ret_linenr], ttl, origin, prev)
//returns tuple (status, ldns_rr, line, ttl, origin, prev)
{
int linenr = 0;
int *p_linenr = &linenr;

721
contrib/python/ldns_buffer.i
View File

@ -14,8 +14,8 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* * Neither the name of the organization nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@ -28,46 +28,43 @@
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
******************************************************************************/
*****************************************************************************/
%typemap(in,numinputs=0,noblock=1) (ldns_buffer **)
/* ========================================================================= */
/* SWIG setting and definitions. */
/* ========================================================================= */
/* Creates a temporary instance of (ldns_buffer *). */
%typemap(in, numinputs=0, noblock=1) (ldns_buffer **)
{
ldns_buffer *$1_buf;
$1 = &$1_buf;
ldns_buffer *$1_buf;
$1 = &$1_buf;
}
/* result generation */
%typemap(argout,noblock=1) (ldns_buffer **)
/* Result generation, appends (ldns_buffer *) after the result. */
%typemap(argout, noblock=1) (ldns_buffer **)
{
$result = SWIG_Python_AppendOutput($result, SWIG_NewPointerObj(SWIG_as_voidptr($1_buf), SWIGTYPE_p_ldns_struct_buffer, SWIG_POINTER_OWN | 0 ));
$result = SWIG_Python_AppendOutput($result,
SWIG_NewPointerObj(SWIG_as_voidptr($1_buf),
SWIGTYPE_p_ldns_struct_buffer, SWIG_POINTER_OWN | 0));
}
%nodefaultctor ldns_struct_buffer; //no default constructor & destructor
%nodefaultdtor ldns_struct_buffer;
%delobject ldns_buffer_free;
%newobject ldns_buffer_new;
%newobject ldns_dname_new;
%newobject ldns_dname_new_frm_data;
%newobject ldns_dname_label;
# limit the number of arguments to 2 and
# deal with variable number of arguments the Python way
/*
* Limit the number of arguments to 2 and deal with variable
* number of arguments in the Python way.
*/
%varargs(2, char *arg = NULL) ldns_buffer_printf;
%rename(ldns_buffer) ldns_struct_buffer;
%nodefaultctor ldns_struct_buffer; /* No default constructor. */
%nodefaultdtor ldns_struct_buffer; /* No default destructor. */
#ifdef LDNS_DEBUG
%rename(__ldns_buffer_free) ldns_buffer_free;
%inline %{
void _ldns_buffer_free (ldns_buffer* b) {
printf("******** LDNS_BUFFER free 0x%lX ************\n", (long unsigned int)b);
ldns_buffer_free(b);
}
%}
#else
%rename(_ldns_buffer_free) ldns_buffer_free;
#endif
%newobject ldns_buffer_new;
%newobject ldns_dname_new_frm_data;
%delobject ldns_buffer_free;
%rename(ldns_buffer) ldns_struct_buffer;
%ignore ldns_struct_buffer::_position;
%ignore ldns_struct_buffer::_limit;
@ -76,301 +73,425 @@ void _ldns_buffer_free (ldns_buffer* b) {
%ignore ldns_struct_buffer::_fixed;
%ignore ldns_struct_buffer::_status;
%ignore ldns_buffer_new_frm_data;
/* ========================================================================= */
/* Debugging related code. */
/* ========================================================================= */
#ifdef LDNS_DEBUG
%rename(__ldns_buffer_free) ldns_buffer_free;
%inline
%{
/*!
* @brief Frees the buffer and print a message.
*/
void _ldns_buffer_free (ldns_buffer* b)
{
printf("******** LDNS_BUFFER free 0x%lX ************\n",
(long unsigned int) b);
ldns_buffer_free(b);
}
%}
#else /* !LDNS_DEBUG */
%rename(_ldns_buffer_free) ldns_buffer_free;
#endif /* LDNS_DEBUG */
/* ========================================================================= */
/* Added C code. */
/* ========================================================================= */
/* None. */
/* ========================================================================= */
/* Encapsulating Python code. */
/* ========================================================================= */
%feature("docstring") "LDNS buffer."
%extend ldns_struct_buffer {
%pythoncode %{
%pythoncode
%{
def __init__(self, capacity):
"""Creates a new buffer with the specified capacity.
"""
Creates a new buffer with the specified capacity.
:param capacity: the size (in bytes) to allocate for the buffer
:param capacity: Number of bytes to allocate for the buffer.
:type capacity: integer
:throws TypeError: When `capacity` of non-integer type.
:return: (:class:`ldns_buffer`)
"""
self.this = _ldns.ldns_buffer_new(capacity)
__swig_destroy__ = _ldns._ldns_buffer_free
def __str__(self):
"""Returns the data in the buffer as a string. Buffer data must be char * type."""
"""
Returns the data in the buffer as a string.
Buffer data must be char * type.
:return: string
"""
return _ldns.ldns_buffer2str(self)
def getc(self):
"""returns the next character from a buffer.
"""
Returns the next character from a buffer.
Advances the position pointer with 1. When end of buffer is reached returns EOF. This is the buffer's equivalent for getc().
Advances the position pointer with 1. When end of buffer
is reached returns EOF. This is the buffer's equivalent
for getc().
:returns: (int) EOF on failure otherwise return the character
:return: (integer) EOF on failure otherwise return
the character.
"""
return _ldns.ldns_bgetc(self)
#LDNS_BUFFER_METHODS_#
def at(self,at):
"""returns a pointer to the data at the indicated position.
:param at:
position
:returns: (uint8_t \*) the pointer to the data
#
# LDNS_BUFFER_METHODS_
#
def at(self, at):
"""
return _ldns.ldns_buffer_at(self,at)
#parameters: const ldns_buffer *,size_t,
Returns a pointer to the data at the indicated position.
:param at: position
:type at: positive integer
:throws TypeError: When `at` of non-integer type.
:return: (uint8_t \*) The pointer to the data.
"""
return _ldns.ldns_buffer_at(self, at)
#parameters: const ldns_buffer *, size_t,
#retvals: uint8_t *
def available(self,count):
"""checks if the buffer has count bytes available at the current position
:param count:
how much is available
:returns: (int) true or false
def available(self, count):
"""
return _ldns.ldns_buffer_available(self,count)
#parameters: ldns_buffer *,size_t,
Checks whether the buffer has count bytes available at
the current position.
:param count: How much is available.
:type count: integer
:throws TypeError: When `count` of non-integer type.
:return: (bool) True or False.
"""
return _ldns.ldns_buffer_available(self, count) != 0
#parameters: ldns_buffer *, size_t,
#retvals: int
def available_at(self,at,count):
"""checks if the buffer has at least COUNT more bytes available.
Before reading or writing the caller needs to ensure enough space is available!
:param at:
indicated position
:param count:
how much is available
:returns: (int) true or false
def available_at(self, at, count):
"""
return _ldns.ldns_buffer_available_at(self,at,count)
Checks if the buffer has at least `count` more bytes available.
Before reading or writing the caller needs to ensure that
enough space is available!
:param at: Indicated position.
:type at: positive integer
:param count: How much is available.
:type count: positive integer
:throws TypeError: When `at` or `count` of non-integer type.
:return: (bool) True or False.
"""
return _ldns.ldns_buffer_available_at(self, at, count) != 0
#parameters: ldns_buffer *,size_t,size_t,
#retvals: int
def begin(self):
"""returns a pointer to the beginning of the buffer (the data at position 0).
"""
Returns a pointer to the beginning of the buffer
(the data at position 0).
:returns: (uint8_t \*) the pointer
:return: (uint8_t \*) Pointer.
"""
return _ldns.ldns_buffer_begin(self)
#parameters: const ldns_buffer *,
#retvals: uint8_t *
def capacity(self):
"""returns the number of bytes the buffer can hold.
"""
Returns the number of bytes the buffer can hold.
:returns: (size_t) the number of bytes
:return: (size_t) The number of bytes.
"""
return _ldns.ldns_buffer_capacity(self)
#parameters: ldns_buffer *,
#retvals: size_t
def clear(self):
"""clears the buffer and make it ready for writing.
"""
Clears the buffer and make it ready for writing.
The buffer's limit is set to the capacity and the position is set to 0.
The buffer's limit is set to the capacity and the position
is set to 0.
"""
_ldns.ldns_buffer_clear(self)
#parameters: ldns_buffer *,
#retvals:
def copy(self,bfrom):
"""Copy contents of the other buffer to this buffer.
def copy(self, bfrom):
"""
Copy contents of the other buffer to this buffer.
Silently truncated if this buffer is too small.
:param bfrom: other buffer
:param bfrom: Source buffer.
:type bfrom: :class:`ldns_buffer`
:throws TypeError: When `bfrom` of non-:class:`ldns_buffer`
type.
"""
_ldns.ldns_buffer_copy(self,bfrom)
#parameters: ldns_buffer *,ldns_buffer *,
_ldns.ldns_buffer_copy(self, bfrom)
#parameters: ldns_buffer *, ldns_buffer *,
#retvals:
def current(self):
"""returns a pointer to the data at the buffer's current position.
"""
Returns a pointer to the data at the buffer's current position.
:returns: (uint8_t \*) the pointer
:return: (uint8_t \*) A pointer.
"""
return _ldns.ldns_buffer_current(self)
#parameters: ldns_buffer *,
#retvals: uint8_t *
def end(self):
"""returns a pointer to the end of the buffer (the data at the buffer's limit).
"""
Returns a pointer to the end of the buffer (the data
at the buffer's limit).
:returns: (uint8_t \*) the pointer
:return: (uint8_t \*) Pointer.
"""
return _ldns.ldns_buffer_end(self)
#parameters: ldns_buffer *,
#retvals: uint8_t *
def export(self):
"""Makes the buffer fixed and returns a pointer to the data.
"""
Makes the buffer fixed and returns a pointer to the data.
The caller is responsible for free'ing the result.
The caller is responsible for freeing the result.
:returns: (void \*) void
:return: (void \*) Void pointer.
"""
return _ldns.ldns_buffer_export(self)
#parameters: ldns_buffer *,
#retvals: void *
def flip(self):
"""makes the buffer ready for reading the data that has been written to the buffer.
"""
Makes the buffer ready for reading the data that has been
written to the buffer.
The buffer's limit is set to the current position and the position is set to 0.
The buffer's limit is set to the current position and
the position is set to 0.
"""
_ldns.ldns_buffer_flip(self)
#parameters: ldns_buffer *,
def invariant(self):
"""
Performs no action.
In debugging mode this method performs a buffer settings
check. It asserts if something is wrong.
"""
_ldns.ldns_buffer_invariant(self)
#parameters: ldns_buffer *,
def limit(self):
"""returns the maximum size of the buffer
"""
Returns the maximum size of the buffer.
:returns: (size_t) the size
:return: (size_t) The size.
"""
return _ldns.ldns_buffer_limit(self)
#parameters: ldns_buffer *,
#retvals: size_t
def position(self):
"""returns the current position in the buffer (as a number of bytes)
"""
Returns the current position in the buffer
(as a number of bytes).
:returns: (size_t) the current position
:return: (size_t) The current position.
"""
return _ldns.ldns_buffer_position(self)
#parameters: ldns_buffer *,
#retvals: size_t
def printf(self, str, *args):
"""Prints to the buffer, increasing the capacity if required using buffer_reserve().
The buffer's position is set to the terminating '\0'. Returns the number of characters written (not including the terminating '\0') or -1 on failure.
:param str: a string
:returns: (int)
def printf(self, string, *args):
"""
data = str % args
return _ldns.ldns_buffer_printf(self,data)
#parameters: ldns_buffer *,const char *,...
Prints to the buffer, increasing the capacity
if required using buffer_reserve().
The buffer's position is set to the terminating '\0'.
Returns the number of characters written (not including
the terminating '\0') or -1 on failure.
:param string: A string to be written.
:type string: string
:throws: TypeError when `string` not a string.
:return: (int) Number of written characters or -1 on failure.
"""
data = string % args
return _ldns.ldns_buffer_printf(self, data)
#parameters: ldns_buffer *, const char *, ...
#retvals: int
def read(self,data,count):
"""copies count bytes of data at the current position to the given data-array
def read(self, data, count):
"""
Copies count bytes of data at the current position to the given
`data`-array
:param data:
buffer to copy to
:param count:
the length of the data to copy
:param data: Target buffer to copy to.
:type data: void \*
:param count: The length of the data to copy.
:type count: size_t
"""
_ldns.ldns_buffer_read(self,data,count)
#parameters: ldns_buffer *,void *,size_t,
#parameters: ldns_buffer *, void *, size_t,
#retvals:
def read_at(self,at,data,count):
"""copies count bytes of data at the given position to the given data-array
def read_at(self, at, data, count):
"""
Copies count bytes of data at the given position to the
given `data`-array.
:param at:
the position in the buffer to start
:param data:
buffer to copy to
:param count:
the length of the data to copy
:param at: The position in the buffer to start reading.
:type at: size_t
:param data: Target buffer to copy to.
:type data: void \*
:param count: The length of the data to copy.
:type count: size_t
"""
_ldns.ldns_buffer_read_at(self,at,data,count)
#parameters: ldns_buffer *,size_t,void *,size_t,
#parameters: ldns_buffer *, size_t, void *, size_t,
#retvals:
def read_u16(self):
"""returns the 2-byte integer value at the current position in the buffer
"""
Returns the 2-byte integer value at the current position
from the buffer.
:returns: (uint16_t) 2 byte integer
:return: (uint16_t) Word.
"""
return _ldns.ldns_buffer_read_u16(self)
#parameters: ldns_buffer *,
#retvals: uint16_t
def read_u16_at(self,at):
"""returns the 2-byte integer value at the given position in the buffer
:param at:
position in the buffer
:returns: (uint16_t) 2 byte integer
def read_u16_at(self, at):
"""
return _ldns.ldns_buffer_read_u16_at(self,at)
#parameters: ldns_buffer *,size_t,
Returns the 2-byte integer value at the given position
from the buffer.
:param at: Position in the buffer.
:type at: positive integer
:throws TypeError: When `at` of non-integer type.
:return: (uint16_t) Word.
"""
return _ldns.ldns_buffer_read_u16_at(self, at)
#parameters: ldns_buffer *, size_t,
#retvals: uint16_t
def read_u32(self):
"""returns the 4-byte integer value at the current position in the buffer
"""
Returns the 4-byte integer value at the current position
from the buffer.
:returns: (uint32_t) 4 byte integer
:return: (uint32_t) Double-word.
"""
return _ldns.ldns_buffer_read_u32(self)
#parameters: ldns_buffer *,
#retvals: uint32_t
def read_u32_at(self,at):
"""returns the 4-byte integer value at the given position in the buffer
:param at:
position in the buffer
:returns: (uint32_t) 4 byte integer
def read_u32_at(self, at):
"""
return _ldns.ldns_buffer_read_u32_at(self,at)
#parameters: ldns_buffer *,size_t,
Returns the 4-byte integer value at the given position
from the buffer.
:param at: Position in the buffer.
:type at: positive integer
:throws TypeError: When `at` of non-integer type.
:return: (uint32_t) Double-word.
"""
return _ldns.ldns_buffer_read_u32_at(self, at)
#parameters: ldns_buffer *, size_t,
#retvals: uint32_t
def read_u8(self):
"""returns the byte value at the current position in the buffer
"""
Returns the byte value at the current position from the buffer.
:returns: (uint8_t) 1 byte integer
:return: (uint8_t) A byte (not a character).
"""
return _ldns.ldns_buffer_read_u8(self)
#parameters: ldns_buffer *,
#retvals: uint8_t
def read_u8_at(self,at):
"""returns the byte value at the given position in the buffer
:param at:
the position in the buffer
:returns: (uint8_t) 1 byte integer
def read_u8_at(self, at):
"""
return _ldns.ldns_buffer_read_u8_at(self,at)
#parameters: ldns_buffer *,size_t,
Returns the byte value at the given position from the buffer.
:param at: The position in the buffer.
:type at: positive integer
:throws TypeError: When `at` of non-integer type.
:return: (uint8_t) Byte value.
"""
return _ldns.ldns_buffer_read_u8_at(self, at)
#parameters: ldns_buffer *, size_t,
#retvals: uint8_t
def remaining(self):
"""returns the number of bytes remaining between the buffer's position and limit.
"""
Returns the number of bytes remaining between the buffer's
position and limit.
:returns: (size_t) the number of bytes
:return: (size_t) The number of bytes.
"""
return _ldns.ldns_buffer_remaining(self)
#parameters: ldns_buffer *,
#retvals: size_t
def remaining_at(self,at):
"""returns the number of bytes remaining between the indicated position and the limit.
:param at:
indicated position
:returns: (size_t) number of bytes
def remaining_at(self, at):
"""
return _ldns.ldns_buffer_remaining_at(self,at)
Returns the number of bytes remaining between the indicated
position and the limit.
:param at: Indicated position.
:type at: positive integer
:throws TypeError: When `at` of non-integer type.
:return: (size_t) number of bytes
"""
return _ldns.ldns_buffer_remaining_at(self, at)
#parameters: ldns_buffer *,size_t,
#retvals: size_t
def reserve(self,amount):
"""ensures BUFFER can contain at least AMOUNT more bytes.
The buffer's capacity is increased if necessary using buffer_set_capacity().
The buffer's limit is always set to the (possibly increased) capacity.
:param amount:
amount to use
:returns: (bool) whether this failed or succeeded
def reserve(self, amount):
"""
return _ldns.ldns_buffer_reserve(self,amount)
#parameters: ldns_buffer *,size_t,
Ensures that the buffer can contain at least `amount` more
bytes.
The buffer's capacity is increased if necessary using
buffer_set_capacity().
The buffer's limit is always set to the (possibly increased)
capacity.
:param amount: Amount to use.
:type amount: positive integer
:throws TypeError: When `amount` of non-integer type.
:return: (bool) hether this failed or succeeded.
"""
return _ldns.ldns_buffer_reserve(self, amount)
#parameters: ldns_buffer *, size_t,
#retvals: bool
def rewind(self):
"""make the buffer ready for re-reading the data.
"""
Make the buffer ready for re-reading the data.
The buffer's position is reset to 0.
"""
@ -378,188 +499,228 @@ void _ldns_buffer_free (ldns_buffer* b) {
#parameters: ldns_buffer *,
#retvals:
def set_capacity(self,capacity):
"""changes the buffer's capacity.
The data is reallocated so any pointers to the data may become invalid. The buffer's limit is set to the buffer's new capacity.
:param capacity:
the capacity to use
:returns: (bool) whether this failed or succeeded
def set_capacity(self, capacity):
"""
return _ldns.ldns_buffer_set_capacity(self,capacity)
#parameters: ldns_buffer *,size_t,
Changes the buffer's capacity.
The data is reallocated so any pointers to the data may become
invalid. The buffer's limit is set to the buffer's new capacity.
:param capacity: The capacity to use.
:type capacity: positive integer
:throws TypeError: When `capacity` of non-integer type.
:return: (bool) whether this failed or succeeded
"""
return _ldns.ldns_buffer_set_capacity(self, capacity)
#parameters: ldns_buffer *, size_t,
#retvals: bool
def set_limit(self,limit):
"""changes the buffer's limit.
If the buffer's position is greater than the new limit the position is set to the limit.
:param limit:
the new limit
def set_limit(self, limit):
"""
_ldns.ldns_buffer_set_limit(self,limit)
#parameters: ldns_buffer *,size_t,
Changes the buffer's limit.
If the buffer's position is greater than the new limit
then the position is set to the limit.
:param limit: The new limit.
:type limit: positive integer
:throws TypeError: When `limit` of non-integer type.
"""
_ldns.ldns_buffer_set_limit(self, limit)
#parameters: ldns_buffer *, size_t,
#retvals:
def set_position(self,mark):
"""sets the buffer's position to MARK.
"""
Sets the buffer's position to `mark`.
The position must be less than or equal to the buffer's limit.
:param mark:
the mark to use
:param mark: The mark to use.
:type mark: positive integer
:throws TypeError: When `mark` of non-integer type.
"""
_ldns.ldns_buffer_set_position(self,mark)
#parameters: ldns_buffer *,size_t,
#retvals:
def skip(self,count):
"""changes the buffer's position by COUNT bytes.
The position must not be moved behind the buffer's limit or before the beginning of the buffer.
:param count:
the count to use
def skip(self, count):
"""
_ldns.ldns_buffer_skip(self,count)
#parameters: ldns_buffer *,ssize_t,
Changes the buffer's position by `count` bytes.
The position must not be moved behind the buffer's limit or
before the beginning of the buffer.
:param count: The count to use.
:type count: integer
:throws TypeError: When `count` of non-integer type.
"""
_ldns.ldns_buffer_skip(self, count)
#parameters: ldns_buffer *, ssize_t,
#retvals:
def status(self):
"""returns the status of the buffer
"""
Returns the status of the buffer.
:returns: (ldns_status) the status
:return: (ldns_status) The status.
"""
return _ldns.ldns_buffer_status(self)
#parameters: ldns_buffer *,
#retvals: ldns_status
def status_ok(self):
"""returns true if the status of the buffer is LDNS_STATUS_OK, false otherwise
"""
Returns True if the status of the buffer is LDNS_STATUS_OK,
False otherwise.
:returns: (bool) true or false
:return: (bool) True or False.
"""
return _ldns.ldns_buffer_status_ok(self)
#parameters: ldns_buffer *,
#retvals: bool
def write(self,data,count):
"""writes count bytes of data to the current position of the buffer
:param data:
the data to write
:param count:
the lenght of the data to write
def write(self, data, count):
"""
_ldns.ldns_buffer_write(self,data,count)
#parameters: ldns_buffer *,const void *,size_t,
Writes count bytes of data to the current position of
the buffer.
:param data: The data to write.
:type data: void \*
:param count: The length of the data to write.
:type count: size_t
"""
_ldns.ldns_buffer_write(self, data, count)
#parameters: ldns_buffer *, const void *, size_t,
#retvals:
def write_at(self,at,data,count):
"""writes the given data to the buffer at the specified position
:param at:
the position (in number of bytes) to write the data at
:param data:
pointer to the data to write to the buffer
:param count:
the number of bytes of data to write
def write_at(self, at, data, count):
"""
_ldns.ldns_buffer_write_at(self,at,data,count)
#parameters: ldns_buffer *,size_t,const void *,size_t,
Writes the given data to the buffer at the specified position
by `at`.
:param at: The position (in number of bytes) to write the
data at.
:param data: Pointer to the data to write to the buffer.
:param count: The number of bytes of data to write.
"""
_ldns.ldns_buffer_write_at(self, at, data, count)
#parameters: ldns_buffer *, size_t, const void *, size_t,
#retvals:
def write_string(self,str):
"""copies the given (null-delimited) string to the current position at the buffer
:param str:
the string to write
def write_string(self, string):
"""
_ldns.ldns_buffer_write_string(self,str)
Copies the given (null-delimited) string to the current
position into the buffer.
:param string: The string to write.
:type string: string
:throws TypeError: When `string` not a string.
"""
_ldns.ldns_buffer_write_string(self,string)
#parameters: ldns_buffer *,const char *,
#retvals:
def write_string_at(self,at,str):
"""copies the given (null-delimited) string to the specified position at the buffer
:param at:
the position in the buffer
:param str:
the string to write
def write_string_at(self, at, string):
"""
_ldns.ldns_buffer_write_string_at(self,at,str)
#parameters: ldns_buffer *,size_t,const char *,
Copies the given (null-delimited) string to the specified
position `at` into the buffer.
:param at: The position in the buffer.
:type at: positive integer
:param string: The string to write.
:type string: string
:throws TypeError: When types mismatch.
"""
_ldns.ldns_buffer_write_string_at(self, at, string)
#parameters: ldns_buffer *, size_t, const char *,
#retvals:
def write_u16(self,data):
"""writes the given 2 byte integer at the current position in the buffer
def write_u16(self, data):
"""Writes the given 2 byte integer at the current
position in the buffer.
:param data:
the 16 bits to write
:param data: The word to write.
:type data: uint16_t
:throws TypeError: When `data` of non-integer type.
"""
_ldns.ldns_buffer_write_u16(self,data)
#parameters: ldns_buffer *,uint16_t,
_ldns.ldns_buffer_write_u16(self, data)
#parameters: ldns_buffer *, uint16_t,
#retvals:
def write_u16_at(self,at,data):
"""writes the given 2 byte integer at the given position in the buffer
def write_u16_at(self, at, data):
"""
Writes the given 2 byte integer at the given position
in the buffer.
:param at:
the position in the buffer
:param data:
the 16 bits to write
:param at: The position in the buffer.
:type at: positive integer
:param data: The word to write.
:type data: uint16_t
:throws TypeError: When `at` or `data` of non-integer type.
"""
_ldns.ldns_buffer_write_u16_at(self,at,data)
#parameters: ldns_buffer *,size_t,uint16_t,
#retvals:
def write_u32(self,data):
"""writes the given 4 byte integer at the current position in the buffer
:param data:
the 32 bits to write
def write_u32(self, data):
"""
_ldns.ldns_buffer_write_u32(self,data)
#parameters: ldns_buffer *,uint32_t,
Writes the given 4 byte integer at the current position
in the buffer.
:param data: The double-word to write.
:type data: uint32_t
:throws TypeError: When `data` of non-integer type.
"""
_ldns.ldns_buffer_write_u32(self, data)
#parameters: ldns_buffer *, uint32_t,
#retvals:
def write_u32_at(self,at,data):
"""writes the given 4 byte integer at the given position in the buffer
:param at:
the position in the buffer
:param data:
the 32 bits to write
def write_u32_at(self, at, data):
"""
_ldns.ldns_buffer_write_u32_at(self,at,data)
Writes the given 4 byte integer at the given position
in the buffer.
:param at: The position in the buffer.
:type at: positive integer
:param data: The double-word to write.
:type data: uint32_t
:throws TypeError: When `at` or `data` of non-integer type.
"""
_ldns.ldns_buffer_write_u32_at(self, at, data)
#parameters: ldns_buffer *,size_t,uint32_t,
#retvals:
def write_u8(self,data):
"""writes the given byte of data at the current position in the buffer
:param data:
the 8 bits to write
def write_u8(self, data):
"""
_ldns.ldns_buffer_write_u8(self,data)
#parameters: ldns_buffer *,uint8_t,
Writes the given byte of data at the current position
in the buffer.
:param data: The byte to write.
:type data: uint8_t
:throws TypeError: When `data` of non-integer type.
"""
_ldns.ldns_buffer_write_u8(self, data)
#parameters: ldns_buffer *, uint8_t,
#retvals:
def write_u8_at(self,at,data):
"""writes the given byte of data at the given position in the buffer
"""
Writes the given byte of data at the given position
in the buffer.
:param at:
the position in the buffer
:param data:
the 8 bits to write
:param at: The position in the buffer.
:type at: positive integer
:param data: The byte to write.
:type data: uint8_t
:throws TypeError: When `at` or `data` of non-integer type.
"""
_ldns.ldns_buffer_write_u8_at(self,at,data)
#parameters: ldns_buffer *,size_t,uint8_t,
#retvals:
#_LDNS_BUFFER_METHODS#
%}
#
# _LDNS_BUFFER_METHODS
#
%}
}

645
contrib/python/ldns_dname.i
View File

@ -14,8 +14,8 @@
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* * Neither the name of the organization nor the names of its
* contributors may be used to endorse or promote products derived from this
* software without specific prior written permission.
* contributors may be used to endorse or promote products derived from
* this software without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
@ -28,169 +28,598 @@
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
* POSSIBILITY OF SUCH DAMAGE.
******************************************************************************/
%pythoncode %{
class ldns_dname(ldns_rdf):
"""Domain name
*****************************************************************************/
This class contains methods to read and manipulate domain names.
Domain names are stored in ldns_rdf structures, with the type LDNS_RDF_TYPE_DNAME
/* ========================================================================= */
/* SWIG setting and definitions. */
/* ========================================================================= */
/*
* Not here (with the exception of functions defined in this C code sction),
* must be set in ldns_rdf.i.
*/
/* ========================================================================= */
/* Debugging related code. */
/* ========================================================================= */
/*
* Not here (with the exception of functions defined in this C code sction),
* must be set in ldns_rdf.i.
*/
/* ========================================================================= */
/* Added C code. */
/* ========================================================================= */
/* None */
/* ========================================================================= */
/* Encapsulating Python code. */
/* ========================================================================= */
%pythoncode
%{
class ldns_dname(ldns_rdf):
"""
Domain name.
This class contains methods to read and manipulate domain name drfs.
Domain names are stored in :class:`ldns_rdf` structures,
with the type LDNS_RDF_TYPE_DNAME. This class encapsulates such
rdfs.
**Usage**
>>> import ldns
>>> resolver = ldns.ldns_resolver.new_frm_file("/etc/resolv.conf")
>>> dn1 = ldns.ldns_dname("test.nic.cz")
>>> print dn1
test.nic.cz.
>>> dn2 = ldns.ldns_dname("nic.cz")
>>> if dn2.is_subdomain(dn1): print dn2,"is subdomain of",dn1
>>> if dn1.is_subdomain(dn2): print dn1,"is subdomain of",dn2
test.nic.cz. is subdomain of nic.cz.
>>> import ldns
>>> dn1 = ldns.ldns_dname("test.nic.cz")
>>> print dn1
test.nic.cz.
>>> dn2 = ldns.ldns_dname("nic.cz")
>>> if dn2.is_subdomain(dn1): print dn2, "is sub-domain of", dn1
>>> if dn1.is_subdomain(dn2): print dn1, "is sub-domain of", dn2
test.nic.cz. is sub-domain of nic.cz.
The following two examples show the creation of :class:`ldns_dname`
from :class:`ldns_rdf`. The first shows the creation of
:class:`ldns_dname` instance which is independent of the original
`rdf`.
>>> import ldns
>>> rdf = ldns.ldns_rdf.new_frm_str("a.ns.nic.cz", ldns.LDNS_RDF_TYPE_DNAME)
>>> dn = ldns.ldns_dname(rdf)
>>> print dn
a.ns.nic.cz.
The latter shows the wrapping of a :class:`ldns_rdf` onto
a :class:`ldns_dname` without the creation of a copy.
>>> import ldns
>>> dn = ldns.ldns_dname(ldns.ldns_rdf.new_frm_str("a.ns.nic.cz", ldns.LDNS_RDF_TYPE_DNAME), clone=False)
>>> print dn
a.ns.nic.cz.
"""
def __init__(self, str):
"""Creates a new dname rdf from a string.
:parameter str: str string to use
def __init__(self, initialiser, clone=True):
"""
self.this = _ldns.ldns_dname_new_frm_str(str)
Creates a new dname rdf from a string or :class:`ldns_rdf`.
:param initialiser: string or :class:`ldns_rdf`
:type initialiser: string or :class:`ldns_rdf` containing
a dname
:param clone: Whether to clone or directly grab the parameter.
:type clone: bool
:throws TypeError: When `initialiser` of invalid type.
"""
if isinstance(initialiser, ldns_rdf) and \
(initialiser.get_type() == _ldns.LDNS_RDF_TYPE_DNAME):
if clone == True:
self.this = _ldns.ldns_rdf_clone(initialiser)
else:
self.this = initialiser
else:
self.this = _ldns.ldns_dname_new_frm_str(initialiser)
#
# LDNS_DNAME_CONSTRUCTORS_
#
@staticmethod
def new_frm_str(str):
"""Creates a new dname rdf instance from a string.
This static method is equivalent to using of default class constructor.
:parameter str: str string to use
def new_frm_str(string):
"""
return ldns_dname(str)
Creates a new dname rdf instance from a string.
This static method is equivalent to using default
:class:`ldns_dname` constructor.
:param string: String to use.
:type string: string
:throws TypeError: When `string` not a string.
:return: (:class:`ldns_dname`) dname rdf.
"""
return ldns_dname(string)
@staticmethod
def new_frm_rdf(rdf, clone=True):
"""
Creates a new dname rdf instance from a dname :class:`ldns_rdf`.
This static method is equivalent to using the default
:class:`ldns_dname` constructor.
:param rdf: A dname :class:`ldns_rdf`.
:type rdf: :class:`ldns_rdf`
:throws TypeError: When `rdf` of inappropriate type.
:param clone: Whether to create a clone or to wrap present
instance.
:type clone: bool
:return: (:class:`ldns_dname`) dname rdf.
"""
return ldns_dname(rdf, clone=clone)
#
# _LDNS_DNAME_CONSTRUCTORS
#
def write_to_buffer(self, buffer):
"""
Copies the dname data to the buffer in wire format.
:param buffer: Buffer to append the result to.
:type param: :class:`ldns_buffer`
:throws TypeError: When `buffer` of non-:class:`ldns_buffer`
type.
:return: (ldns_status) ldns_status
"""
return _ldns.ldns_dname2buffer_wire(buffer, self)
#parameters: ldns_buffer *, const ldns_rdf *,
#retvals: ldns_status
#
# LDNS_DNAME_METHODS_
#
def absolute(self):
"""Checks whether the given dname string is absolute (i.e. ends with a '.')
:returns: (bool) True or False
"""
return self.endswith(".")
Checks whether the given dname string is absolute (i.e.,
ends with a '.').
:return: (bool) True or False
"""
string = self.__str__()
return _ldns.ldns_dname_str_absolute(string) != 0
def make_canonical(self):
"""Put a dname into canonical fmt - ie. lowercase it
"""
Put a dname into canonical format (i.e., convert to lower case).
"""
_ldns.ldns_dname2canonical(self)
def __cmp__(self,other):
"""Compares the two dname rdf's according to the algorithm for ordering in RFC4034 Section 6.
:param other:
the second dname rdf to compare
:returns: (int) -1 if dname comes before other, 1 if dname comes after other, and 0 if they are equal.
def __cmp__(self, other):
"""
return _ldns.ldns_dname_compare(self,other)
Compares two dname rdf according to the algorithm for
ordering in RFC4034 Section 6.
:param other: The second dname rdf to compare.
:type other: :class:`ldns_dname`
:throws TypeError: When `other` of invalid type.
:return: (int) -1, 0 or 1 if self comes before other,
self is equal or self comes after other respectively.
def write_to_buffer(self,buffer):
"""Copies the dname data to the buffer in wire format.
:param buffer: buffer to append the result to
:returns: (ldns_status) ldns_status
.. note::
The type checking of parameter `other` is benevolent.
It allows also to pass a dname :class:`ldns_rdf` object.
This will probably change in future.
"""
return _ldns.ldns_dname2buffer_wire(buffer,self)
#parameters: ldns_buffer *,const ldns_rdf *,
#
# The wrapped function generates asserts instead of setting
# error status. They cannot be caught from Python so a check
# is necessary.
#
if (not isinstance(other, ldns_dname)) and \
isinstance(other, ldns_rdf) and \
other.get_type() == _ldns.LDNS_RDF_TYPE_DNAME:
warnings.warn("The ldns_dname.__cmp__() method will" +
" drop the possibility to compare ldns_rdf." +
" Convert arguments to ldns_dname.",
PendingDeprecationWarning, stacklevel=2)
if not isinstance(other, ldns_rdf):
raise TypeError("Parameter must be derived from ldns_rdf.")
if (other.get_type() != _ldns.LDNS_RDF_TYPE_DNAME):
raise Exception("Operands must be ldns_dname.")
return _ldns.ldns_dname_compare(self, other)
def __lt__(self, other):
"""
Compares two dname rdf according to the algorithm for
ordering in RFC4034 Section 6.
:param other: The second dname rdf to compare.
:type other: :class:`ldns_dname`
:throws TypeError: When `other` of invalid type.
:return: (bool) True when `self` is less than 'other'.
.. note::
The type checking of parameter `other` is benevolent.
It allows also to pass a dname :class:`ldns_rdf` object.
This will probably change in future.
"""
#
# The wrapped function generates asserts instead of setting
# error status. They cannot be caught from Python so a check
# is necessary.
#
if (not isinstance(other, ldns_dname)) and \
isinstance(other, ldns_rdf) and \
other.get_type() == _ldns.LDNS_RDF_TYPE_DNAME:
warnings.warn("The ldns_dname.__lt__() method will" +
" drop the possibility to compare ldns_rdf." +
" Convert arguments to ldns_dname.",
PendingDeprecationWarning, stacklevel=2)
if not isinstance(other, ldns_rdf):
raise TypeError("Parameter must be derived from ldns_rdf.")
if (other.get_type() != _ldns.LDNS_RDF_TYPE_DNAME):
raise Exception("Operands must be ldns_dname.")
return _ldns.ldns_dname_compare(self, other) == -1
def __le__(self, other):
"""
Compares two dname rdf according to the algorithm for
ordering in RFC4034 Section 6.
:param other: The second dname rdf to compare.
:type other: :class:`ldns_dname`
:throws TypeError: When `other` of invalid type.
:return: (bool) True when `self` is less than or equal to
'other'.
.. note::
The type checking of parameter `other` is benevolent.
It allows also to pass a dname :class:`ldns_rdf` object.
This will probably change in future.
"""
#
# The wrapped function generates asserts instead of setting
# error status. They cannot be caught from Python so a check
# is necessary.
#
if (not isinstance(other, ldns_dname)) and \
isinstance(other, ldns_rdf) and \
other.get_type() == _ldns.LDNS_RDF_TYPE_DNAME:
warnings.warn("The ldns_dname.__le__() method will" +
" drop the possibility to compare ldns_rdf." +
" Convert arguments to ldns_dname.",
PendingDeprecationWarning, stacklevel=2)
if not isinstance(other, ldns_rdf):
raise TypeError("Parameter must be derived from ldns_rdf.")
if (other.get_type() != _ldns.LDNS_RDF_TYPE_DNAME):
raise Exception("Operands must be ldns_dname.")
return _ldns.ldns_dname_compare(self, other) != 1
def __eq__(self, other):
"""
Compares two dname rdf according to the algorithm for
ordering in RFC4034 Section 6.
:param other: The second dname rdf to compare.
:type other: :class:`ldns_dname`
:throws TypeError: When `other` of invalid type.
:return: (bool) True when `self` is equal to 'other'.
.. note::
The type checking of parameter `other` is benevolent.
It allows also to pass a dname :class:`ldns_rdf` object.
This will probably change in future.
"""
#
# The wrapped function generates asserts instead of setting
# error status. They cannot be caught from Python so a check
# is necessary.
#
if (not isinstance(other, ldns_dname)) and \
isinstance(other, ldns_rdf) and \
other.get_type() == _ldns.LDNS_RDF_TYPE_DNAME:
warnings.warn("The ldns_dname.__eq__() method will" +
" drop the possibility to compare ldns_rdf." +
" Convert arguments to ldns_dname.",
PendingDeprecationWarning, stacklevel=2)
if not isinstance(other, ldns_rdf):
raise TypeError("Parameter must be derived from ldns_rdf.")
if (other.get_type() != _ldns.LDNS_RDF_TYPE_DNAME):
raise Exception("Operands must be ldns_dname.")
return _ldns.ldns_dname_compare(self, other) == 0
def __ne__(self, other):
"""
Compares two dname rdf according to the algorithm for
ordering in RFC4034 Section 6.
:param other: The second dname rdf to compare.
:type other: :class:`ldns_dname`
:throws TypeError: When `other` of invalid type.
:return: (bool) True when `self` is not equal to 'other'.
.. note::
The type checking of parameter `other` is benevolent.
It allows also to pass a dname :class:`ldns_rdf` object.
This will probably change in future.
"""
#
# The wrapped function generates asserts instead of setting
# error status. They cannot be caught from Python so a check
# is necessary.
#
if (not isinstance(other, ldns_dname)) and \
isinstance(other, ldns_rdf) and \
other.get_type() == _ldns.LDNS_RDF_TYPE_DNAME:
warnings.warn("The ldns_dname.__ne__() method will" +
" drop the possibility to compare ldns_rdf." +
" Convert arguments to ldns_dname.",
PendingDeprecationWarning, stacklevel=2)
if not isinstance(other, ldns_rdf):
raise TypeError("Parameter must be derived from ldns_rdf.")
if (other.get_type() != _ldns.LDNS_RDF_TYPE_DNAME):
raise Exception("Operands must be ldns_dname.")
return _ldns.ldns_dname_compare(self, other) != 0
def __gt__(self, other):
"""
Compares two dname rdf according to the algorithm for
ordering in RFC4034 Section 6.
:param other: The second dname rdf to compare.
:type other: :class:`ldns_dname`
:throws TypeError: When `other` of invalid type.
:return: (bool) True when `self` is greater than 'other'.
.. note::
The type checking of parameter `other` is benevolent.
It allows also to pass a dname :class:`ldns_rdf` object.
This will probably change in future.
"""
#
# The wrapped function generates asserts instead of setting
# error status. They cannot be caught from Python so a check
# is necessary.
#
if (not isinstance(other, ldns_dname)) and \
isinstance(other, ldns_rdf) and \
other.get_type() == _ldns.LDNS_RDF_TYPE_DNAME:
warnings.warn("The ldns_dname.__gt__() method will" +
" drop the possibility to compare ldns_rdf." +
" Convert arguments to ldns_dname.",
PendingDeprecationWarning, stacklevel=2)
if not isinstance(other, ldns_rdf):
raise TypeError("Parameter must be derived from ldns_rdf.")
if (other.get_type() != _ldns.LDNS_RDF_TYPE_DNAME):
raise Exception("Operands must be ldns_dname.")
return _ldns.ldns_dname_compare(self, other) == 1
def __ge__(self, other):
"""
Compares two dname rdf according to the algorithm for
ordering in RFC4034 Section 6.
:param other: The second dname rdf to compare.
:type other: :class:`ldns_dname`
:throws TypeError: When `other` of invalid type.
:return: (bool) True when `self` is greater than or equal to
'other'.
.. note::
The type checking of parameter `other` is benevolent.
It allows also to pass a dname :class:`ldns_rdf` object.
This will probably change in future.
"""
#
# The wrapped function generates asserts instead of setting
# error status. They cannot be caught from Python so a check
# is necessary.
#
if (not isinstance(other, ldns_dname)) and \
isinstance(other, ldns_rdf) and \
other.get_type() == _ldns.LDNS_RDF_TYPE_DNAME:
warnings.warn("The ldns_dname.__ge__() method will" +
" drop the possibility to compare ldns_rdf." +
" Convert arguments to ldns_dname.",
PendingDeprecationWarning, stacklevel=2)
if not isinstance(other, ldns_rdf):
raise TypeError("Parameter must be derived from ldns_rdf.")
if (other.get_type() != _ldns.LDNS_RDF_TYPE_DNAME):
raise Exception("Operands must be ldns_dname.")
return _ldns.ldns_dname_compare(self, other) != -1
def cat(self, rd2):
"""
Concatenates rd2 after this dname (`rd2` is copied,
`this` dname is modified).
:param rd2: The right-hand side.
:type rd2: :class:`ldns_dname`
:throws TypeError: When `rd2` of invalid type.
:return: (ldns_status) LDNS_STATUS_OK on success
.. note::
The type checking of parameter `rd2` is benevolent.
It allows also to pass a dname :class:`ldns_rdf` object.
This will probably change in future.
"""
if (not isinstance(rd2, ldns_dname)) and \
isinstance(rd2, ldns_rdf) and \
rd2.get_type() == _ldns.LDNS_RDF_TYPE_DNAME:
warnings.warn("The ldns_dname.cat() method will" +
" drop the support of ldns_rdf." +
" Convert arguments to ldns_dname.",
PendingDeprecationWarning, stacklevel=2)
return _ldns.ldns_dname_cat(self, rd2)
#parameters: ldns_rdf *, ldns_rdf *,
#retvals: ldns_status
#LDNS_DNAME_METHODS_#
def cat(self,rd2):
"""concatenates rd2 after this dname (rd2 is copied, this dname is modified)
:param rd2:
the rightside
:returns: (ldns_status) LDNS_STATUS_OK on success
def cat_clone(self, rd2):
"""
return _ldns.ldns_dname_cat(self,rd2)
#parameters: ldns_rdf *,ldns_rdf *,
#retvals: ldns_status
def cat_clone(self,rd2):
"""concatenates two dnames together
Concatenates two dnames together.
:param rd2:
the rightside
:returns: (ldns_rdf \*) a new rdf with leftside/rightside
:param rd2: The right-hand side.
:type rd2: :class:`ldns_dname`
:throws TypeError: When `rd2` of invalid type.
:return: (:class:`ldns_dname`) A new rdf with
left-hand side + right-hand side content None when
error.
.. note::
The type checking of parameter `rd2` is benevolent.
It allows also to pass a dname :class:`ldns_rdf` object.
This will probably change in future.
"""
return _ldns.ldns_dname_cat_clone(self,rd2)
#parameters: const ldns_rdf *,const ldns_rdf *,
if (not isinstance(rd2, ldns_dname)) and \
isinstance(rd2, ldns_rdf) and \
rd2.get_type() == _ldns.LDNS_RDF_TYPE_DNAME:
warnings.warn("The ldns_dname.cat_clone() method will" +
" drop the support of ldns_rdf." +
" Convert arguments to ldns_dname.",
PendingDeprecationWarning, stacklevel=2)
ret = _ldns.ldns_dname_cat_clone(self, rd2)
if ret != None:
ret = ldns_dname(ret, clone=False)
return ret
#parameters: const ldns_rdf *, const ldns_rdf *,
#retvals: ldns_rdf *
def interval(self,middle,next):
"""check if middle lays in the interval defined by prev and next prev <= middle < next.
This is usefull for nsec checking
:param middle:
the dname to check
:param next:
the next dname return 0 on error or unknown, -1 when middle is in the interval, +1 when not
:returns: (int)
def interval(self, middle, next):
"""
return _ldns.ldns_dname_interval(self,middle,next)
#parameters: const ldns_rdf *,const ldns_rdf *,const ldns_rdf *,
Check whether `middle` lays in the interval defined by
`this` and `next` (`this` <= `middle` < `next`).
This method is useful for nsec checking.
:param middle: The dname to check.
:type middle: :class:`ldns_dname`
:param next: The boundary.
:type next: :class:`ldns_dname`
:throws TypeError: When `middle` or `next` of
non-:class:`ldns_rdf` type.
:throws Exception: When non-dname rdfs compared.
:return: (int) 0 on error or unknown,
-1 when middle is in the interval, 1 when not.
.. note::
The type checking of parameters is benevolent.
It allows also to pass a dname :class:`ldns_rdf` object.
This will probably change in future.
"""
#
# The wrapped function generates asserts instead of setting
# error status. They cannot be caught from Python so a check
# is necessary.
#
if (not isinstance(middle, ldns_rdf)) or \
(not isinstance(next, ldns_rdf)):
raise TypeError("Parameters must be derived from ldns_dname.")
if (self.get_type() != _ldns.LDNS_RDF_TYPE_DNAME) or \
(middle.get_type() != _ldns.LDNS_RDF_TYPE_DNAME) or \
(next.get_type() != _ldns.LDNS_RDF_TYPE_DNAME):
raise Exception("All operands must be dname rdfs.")
if (not isinstance(middle, ldns_dname)) or \
(not isinstance(next, ldns_dname)):
warnings.warn("The ldns_dname.interval() method will" +
" drop the possibility to compare ldns_rdf." +
" Convert arguments to ldns_dname.",
PendingDeprecationWarning, stacklevel=2)
return _ldns.ldns_dname_interval(self, middle, next)
#parameters: const ldns_rdf *, const ldns_rdf *, const ldns_rdf *,
#retvals: int
def is_subdomain(self,parent):
"""Tests wether the name sub falls under parent (i.e. is a subdomain of parent).
def is_subdomain(self, parent):
"""
Tests whether the name of the instance falls under
`parent` (i.e., is a sub-domain of `parent`).
This function will return false if the given dnames are equal.
:param parent:
(ldns_rdf) the parent's name
:returns: (bool) true if sub falls under parent, otherwise false
:param parent: The parent's name.
:type parent: :class:`ldns_dname`
:throws TypeError: When `parent` of non-:class:`ldns_rdf`
or derived type.
:return: (bool) True if `this` falls under `parent`, otherwise
False.
.. note::
The type checking of parameters is benevolent.
It allows also to pass a dname :class:`ldns_rdf` object.
This will probably change in future.
"""
return _ldns.ldns_dname_is_subdomain(self,parent)
#parameters: const ldns_rdf *,const ldns_rdf *,
if (not isinstance(parent, ldns_dname)) and \
isinstance(parent, ldns_rdf) and \
parent.get_type() == _ldns.LDNS_RDF_TYPE_DNAME:
warnings.warn("The ldns_dname.is_subdomain() method will" +
" drop the support of ldns_rdf." +
" Convert arguments to ldns_dname.",
PendingDeprecationWarning, stacklevel=2)
return _ldns.ldns_dname_is_subdomain(self, parent)
#parameters: const ldns_rdf *, const ldns_rdf *,
#retvals: bool
def label(self,labelpos):
"""look inside the rdf and if it is an LDNS_RDF_TYPE_DNAME try and retrieve a specific label.
def label(self, labelpos):
"""
Look inside the rdf and retrieve a specific label.
The labels are numbered starting from 0 (left most).
:param labelpos:
return the label with this number
:returns: (ldns_rdf \*) a ldns_rdf* with the label as name or NULL on error
:param labelpos: Index of the label. (Labels are numbered
0, which is the left most.)
:type labelpos: integer
:throws TypeError: When `labelpos` of non-integer type.
:return: (:class:`ldns_dname`) A new rdf with the label
as name or None on error.
"""
return _ldns.ldns_dname_label(self,labelpos)
#parameters: const ldns_rdf *,uint8_t,
ret = _ldns.ldns_dname_label(self, labelpos)
if ret != None:
ret = ldns_dname(ret, clone=False)
return ret
#parameters: const ldns_rdf *, uint8_t,
#retvals: ldns_rdf *
def label_count(self):
"""count the number of labels inside a LDNS_RDF_DNAME type rdf.
"""
Counts the number of labels.
:returns: (uint8_t) the number of labels
:return: (uint8_t) the number of labels. Will return 0
if not a dname.
"""
return _ldns.ldns_dname_label_count(self)
#parameters: const ldns_rdf *,
#retvals: uint8_t
def left_chop(self):
"""chop one label off the left side of a dname.
so wwww.nlnetlabs.nl, becomes nlnetlabs.nl
:returns: (ldns_rdf \*) the remaining dname
"""
return _ldns.ldns_dname_left_chop(self)
Chop one label off the left side of a dname.
(e.g., wwww.nlnetlabs.nl, becomes nlnetlabs.nl)
:return: (:class:`ldns_dname`) The remaining dname or None
when error.
"""
return ldns_dname(_ldns.ldns_dname_left_chop(self), clone=False)
#parameters: const ldns_rdf *,
#retvals: ldns_rdf *
def reverse(self):
"""Returns a clone of the given dname with the labels reversed.
:returns: (ldns_rdf \*) clone of the dname with the labels reversed.
"""
return _ldns.ldns_dname_reverse(self)
Returns a clone of the given dname with the labels reversed.
:return: (:class:`ldns_dname`) A clone of the dname with
the labels reversed.
"""
return ldns_dname(_ldns.ldns_dname_reverse(self), clone=False)
#parameters: const ldns_rdf *,
#retvals: ldns_rdf *
#_LDNS_DNAME_METHODS#
#
# _LDNS_DNAME_METHODS
#
%}

25
contrib/python/ldns_dnssec.i
View File

@ -247,6 +247,29 @@ ldns_status ldns_dnssec_zone_sign_defcb(ldns_dnssec_zone *zone, ldns_rr_list *ne
return ldns_dnssec_zone_sign(zone, new_rrs, key_list, ldns_dnssec_default_replace_signatures, NULL);
}
ldns_status ldns_dnssec_zone_add_rr_(ldns_dnssec_zone *zone, ldns_rr *rr)
{
ldns_rr *new_rr;
ldns_status status;
new_rr = ldns_rr_clone(rr);
/*
* A clone of the RR is created to be stored in the DNSSEC zone.
* The Python engine frees a RR object as soon it's reference count
* reaches zero. The code must avoid double freeing or accessing of freed
* memory.
*/
status = ldns_dnssec_zone_add_rr(zone, new_rr);
if (status != LDNS_STATUS_OK) {
ldns_rr_free(new_rr);
}
return status;
}
%}
%extend ldns_dnssec_zone {
@ -413,7 +436,7 @@ ldns_status ldns_dnssec_zone_sign_defcb(ldns_dnssec_zone *zone, ldns_rr_list *ne
The RR to add
:returns: (ldns_status) LDNS_STATUS_OK on success, an error code otherwise
"""
return _ldns.ldns_dnssec_zone_add_rr(self,rr)
return _ldns.ldns_dnssec_zone_add_rr_(self,rr)
#parameters: ldns_dnssec_zone *,ldns_rr *,
#retvals: ldns_status

2
contrib/python/ldns_packet.i
View File

@ -217,7 +217,7 @@ This simple example instances a resolver in order to resolve NS for nic.cz.
def opcode2str(self):
"""Converts a packet opcode to its mnemonic and returns that as an allocated null-terminated string."""
return _ldns.ldns_pkt_opcode2str(sefl.get_opcode())
return _ldns.ldns_pkt_opcode2str(self.get_opcode())
def rcode2str(self):
"""Converts a packet rcode to its mnemonic and returns that as an allocated null-terminated string."""

882
contrib/python/ldns_rdf.i
View File

File diff suppressed because it is too large Load Diff

2653
contrib/python/ldns_rr.i
View File

File diff suppressed because it is too large Load Diff

742
dane.c Normal file
View File

@ -0,0 +1,742 @@
/*
* Verify or create TLS authentication with DANE (RFC6698)
*
* (c) NLnetLabs 2012
*
* See the file LICENSE for the license.
*
*/
#include <ldns/config.h>
#include <ldns/ldns.h>
#include <ldns/dane.h>
#include <unistd.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#ifdef HAVE_SSL
#include <openssl/ssl.h>
#include <openssl/err.h>
#include <openssl/x509v3.h>
#endif
ldns_status
ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner, const ldns_rdf* name,
uint16_t port, ldns_dane_transport transport)
{
char buf[LDNS_MAX_DOMAINLEN];
size_t s;
assert(tlsa_owner != NULL);
assert(name != NULL);
assert(ldns_rdf_get_type(name) == LDNS_RDF_TYPE_DNAME);
s = (size_t)snprintf(buf, LDNS_MAX_DOMAINLEN, "X_%d", (int)port);
buf[0] = (char)(s - 1);
switch(transport) {
case LDNS_DANE_TRANSPORT_TCP:
s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\004_tcp");
break;
case LDNS_DANE_TRANSPORT_UDP:
s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\004_udp");
break;
case LDNS_DANE_TRANSPORT_SCTP:
s += snprintf(buf + s, LDNS_MAX_DOMAINLEN - s, "\005_sctp");
break;
default:
return LDNS_STATUS_DANE_UNKNOWN_TRANSPORT;
}
if (s + ldns_rdf_size(name) > LDNS_MAX_DOMAINLEN) {
return LDNS_STATUS_DOMAINNAME_OVERFLOW;
}
memcpy(buf + s, ldns_rdf_data(name), ldns_rdf_size(name));
*tlsa_owner = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_DNAME,
s + ldns_rdf_size(name), buf);
if (*tlsa_owner == NULL) {
return LDNS_STATUS_MEM_ERR;
}
return LDNS_STATUS_OK;
}
#ifdef HAVE_SSL
ldns_status
ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert,
ldns_tlsa_selector selector,
ldns_tlsa_matching_type matching_type)
{
unsigned char* buf = NULL;
size_t len;
X509_PUBKEY* xpubkey;
EVP_PKEY* epubkey;
unsigned char* digest;
assert(rdf != NULL);
assert(cert != NULL);
switch(selector) {
case LDNS_TLSA_SELECTOR_FULL_CERTIFICATE:
len = (size_t)i2d_X509(cert, &buf);
break;
case LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO:
#ifndef S_SPLINT_S
xpubkey = X509_get_X509_PUBKEY(cert);
#endif
if (! xpubkey) {
return LDNS_STATUS_SSL_ERR;
}
epubkey = X509_PUBKEY_get(xpubkey);
if (! epubkey) {
return LDNS_STATUS_SSL_ERR;
}
len = (size_t)i2d_PUBKEY(epubkey, &buf);
break;
default:
return LDNS_STATUS_DANE_UNKNOWN_SELECTOR;
}
switch(matching_type) {
case LDNS_TLSA_MATCHING_TYPE_NO_HASH_USED:
*rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, len, buf);
return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
break;
case LDNS_TLSA_MATCHING_TYPE_SHA256:
digest = LDNS_XMALLOC(unsigned char, SHA256_DIGEST_LENGTH);
if (digest == NULL) {
LDNS_FREE(buf);
return LDNS_STATUS_MEM_ERR;
}
(void) ldns_sha256(buf, (unsigned int)len, digest);
*rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, SHA256_DIGEST_LENGTH,
digest);
LDNS_FREE(buf);
return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
break;
case LDNS_TLSA_MATCHING_TYPE_SHA512:
digest = LDNS_XMALLOC(unsigned char, SHA512_DIGEST_LENGTH);
if (digest == NULL) {
LDNS_FREE(buf);
return LDNS_STATUS_MEM_ERR;
}
(void) ldns_sha512(buf, (unsigned int)len, digest);
*rdf = ldns_rdf_new(LDNS_RDF_TYPE_HEX, SHA512_DIGEST_LENGTH,
digest);
LDNS_FREE(buf);
return *rdf ? LDNS_STATUS_OK : LDNS_STATUS_MEM_ERR;
break;
default:
LDNS_FREE(buf);
return LDNS_STATUS_DANE_UNKNOWN_MATCHING_TYPE;
}
}
/* Ordinary PKIX validation of cert (with extra_certs to help)
* against the CA's in store
*/
static ldns_status
ldns_dane_pkix_validate(X509* cert, STACK_OF(X509)* extra_certs,
X509_STORE* store)
{
X509_STORE_CTX* vrfy_ctx;
ldns_status s;
if (! store) {
return LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
}
vrfy_ctx = X509_STORE_CTX_new();
if (! vrfy_ctx) {
return LDNS_STATUS_SSL_ERR;
} else if (X509_STORE_CTX_init(vrfy_ctx, store,
cert, extra_certs) != 1) {
s = LDNS_STATUS_SSL_ERR;
} else if (X509_verify_cert(vrfy_ctx) == 1) {
s = LDNS_STATUS_OK;
} else {
s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
}
X509_STORE_CTX_free(vrfy_ctx);
return s;
}
/* Orinary PKIX validation of cert (with extra_certs to help)
* against the CA's in store, but also return the validation chain.
*/
static ldns_status
ldns_dane_pkix_validate_and_get_chain(STACK_OF(X509)** chain, X509* cert,
STACK_OF(X509)* extra_certs, X509_STORE* store)
{
ldns_status s;
X509_STORE* empty_store = NULL;
X509_STORE_CTX* vrfy_ctx;
assert(chain != NULL);
if (! store) {
store = empty_store = X509_STORE_new();
}
s = LDNS_STATUS_SSL_ERR;
vrfy_ctx = X509_STORE_CTX_new();
if (! vrfy_ctx) {
goto exit_free_empty_store;
} else if (X509_STORE_CTX_init(vrfy_ctx, store,
cert, extra_certs) != 1) {
goto exit_free_vrfy_ctx;
} else if (X509_verify_cert(vrfy_ctx) == 1) {
s = LDNS_STATUS_OK;
} else {
s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
}
*chain = X509_STORE_CTX_get1_chain(vrfy_ctx);
if (! *chain) {
s = LDNS_STATUS_SSL_ERR;
}
exit_free_vrfy_ctx:
X509_STORE_CTX_free(vrfy_ctx);
exit_free_empty_store:
if (empty_store) {
X509_STORE_free(empty_store);
}
return s;
}
/* Return the validation chain that can be build out of cert, with extra_certs.
*/
static ldns_status
ldns_dane_pkix_get_chain(STACK_OF(X509)** chain,
X509* cert, STACK_OF(X509)* extra_certs)
{
ldns_status s;
X509_STORE* empty_store = NULL;
X509_STORE_CTX* vrfy_ctx;
assert(chain != NULL);
empty_store = X509_STORE_new();
s = LDNS_STATUS_SSL_ERR;
vrfy_ctx = X509_STORE_CTX_new();
if (! vrfy_ctx) {
goto exit_free_empty_store;
} else if (X509_STORE_CTX_init(vrfy_ctx, empty_store,
cert, extra_certs) != 1) {
goto exit_free_vrfy_ctx;
}
(void) X509_verify_cert(vrfy_ctx);
*chain = X509_STORE_CTX_get1_chain(vrfy_ctx);
if (! *chain) {
s = LDNS_STATUS_SSL_ERR;
} else {
s = LDNS_STATUS_OK;
}
exit_free_vrfy_ctx:
X509_STORE_CTX_free(vrfy_ctx);
exit_free_empty_store:
X509_STORE_free(empty_store);
return s;
}
/* Pop n+1 certs and return the last popped.
*/
static ldns_status
ldns_dane_get_nth_cert_from_validation_chain(
X509** cert, STACK_OF(X509)* chain, int n, bool ca)
{
if (n >= sk_X509_num(chain) || n < 0) {
return LDNS_STATUS_DANE_OFFSET_OUT_OF_RANGE;
}
*cert = sk_X509_pop(chain);
while (n-- > 0) {
X509_free(*cert);
*cert = sk_X509_pop(chain);
}
if (ca && ! X509_check_ca(*cert)) {
return LDNS_STATUS_DANE_NON_CA_CERTIFICATE;
}
return LDNS_STATUS_OK;
}
/* Create validation chain with cert and extra_certs and returns the last
* self-signed (if present).
*/
static ldns_status
ldns_dane_pkix_get_last_self_signed(X509** out_cert,
X509* cert, STACK_OF(X509)* extra_certs)
{
ldns_status s;
X509_STORE* empty_store = NULL;
X509_STORE_CTX* vrfy_ctx;
assert(out_cert != NULL);
empty_store = X509_STORE_new();
s = LDNS_STATUS_SSL_ERR;
vrfy_ctx = X509_STORE_CTX_new();
if (! vrfy_ctx) {
goto exit_free_empty_store;
} else if (X509_STORE_CTX_init(vrfy_ctx, empty_store,
cert, extra_certs) != 1) {
goto exit_free_vrfy_ctx;
}
(void) X509_verify_cert(vrfy_ctx);
if (vrfy_ctx->error == X509_V_ERR_SELF_SIGNED_CERT_IN_CHAIN ||
vrfy_ctx->error == X509_V_ERR_DEPTH_ZERO_SELF_SIGNED_CERT){
*out_cert = X509_STORE_CTX_get_current_cert( vrfy_ctx);
s = LDNS_STATUS_OK;
} else {
s = LDNS_STATUS_DANE_PKIX_NO_SELF_SIGNED_TRUST_ANCHOR;
}
exit_free_vrfy_ctx:
X509_STORE_CTX_free(vrfy_ctx);
exit_free_empty_store:
X509_STORE_free(empty_store);
return s;
}
ldns_status
ldns_dane_select_certificate(X509** selected_cert,
X509* cert, STACK_OF(X509)* extra_certs,
X509_STORE* pkix_validation_store,
ldns_tlsa_certificate_usage cert_usage, int offset)
{
ldns_status s;
STACK_OF(X509)* pkix_validation_chain = NULL;
assert(selected_cert != NULL);
assert(cert != NULL);
/* With PKIX validation explicitely turned off (pkix_validation_store
* == NULL), treat the "CA constraint" and "Service certificate
* constraint" the same as "Trust anchor assertion" and "Domain issued
* certificate" respectively.
*/
if (pkix_validation_store == NULL) {
switch (cert_usage) {
case LDNS_TLSA_USAGE_CA_CONSTRAINT:
cert_usage = LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION;
break;
case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT:
cert_usage = LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE;
break;
default:
break;
}
}
/* Now what to do with each Certificate usage...
*/
switch (cert_usage) {
case LDNS_TLSA_USAGE_CA_CONSTRAINT:
s = ldns_dane_pkix_validate_and_get_chain(
&pkix_validation_chain,
cert, extra_certs,
pkix_validation_store);
if (! pkix_validation_chain) {
return s;
}
if (s == LDNS_STATUS_OK) {
if (offset == -1) {
offset = 0;
}
s = ldns_dane_get_nth_cert_from_validation_chain(
selected_cert, pkix_validation_chain,
offset, true);
}
sk_X509_pop_free(pkix_validation_chain, X509_free);
return s;
break;
case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT:
*selected_cert = cert;
return ldns_dane_pkix_validate(cert, extra_certs,
pkix_validation_store);
break;
case LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION:
if (offset == -1) {
s = ldns_dane_pkix_get_last_self_signed(
selected_cert, cert, extra_certs);
return s;
} else {
s = ldns_dane_pkix_get_chain(
&pkix_validation_chain,
cert, extra_certs);
if (s == LDNS_STATUS_OK) {
s =
ldns_dane_get_nth_cert_from_validation_chain(
selected_cert, pkix_validation_chain,
offset, false);
} else if (! pkix_validation_chain) {
return s;
}
sk_X509_pop_free(pkix_validation_chain, X509_free);
return s;
}
break;
case LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE:
*selected_cert = cert;
return LDNS_STATUS_OK;
break;
default:
return LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE;
break;
}
}
ldns_status
ldns_dane_create_tlsa_rr(ldns_rr** tlsa,
ldns_tlsa_certificate_usage certificate_usage,
ldns_tlsa_selector selector,
ldns_tlsa_matching_type matching_type,
X509* cert)
{
ldns_rdf* rdf;
ldns_status s;
assert(tlsa != NULL);
assert(cert != NULL);
/* create rr */
*tlsa = ldns_rr_new_frm_type(LDNS_RR_TYPE_TLSA);
if (*tlsa == NULL) {
return LDNS_STATUS_MEM_ERR;
}
rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8,
(uint8_t)certificate_usage);
if (rdf == NULL) {
goto memerror;
}
(void) ldns_rr_set_rdf(*tlsa, rdf, 0);
rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t)selector);
if (rdf == NULL) {
goto memerror;
}
(void) ldns_rr_set_rdf(*tlsa, rdf, 1);
rdf = ldns_native2rdf_int8(LDNS_RDF_TYPE_INT8, (uint8_t)matching_type);
if (rdf == NULL) {
goto memerror;
}
(void) ldns_rr_set_rdf(*tlsa, rdf, 2);
s = ldns_dane_cert2rdf(&rdf, cert, selector, matching_type);
if (s == LDNS_STATUS_OK) {
(void) ldns_rr_set_rdf(*tlsa, rdf, 3);
return LDNS_STATUS_OK;
}
ldns_rr_free(*tlsa);
*tlsa = NULL;
return s;
memerror:
ldns_rr_free(*tlsa);
*tlsa = NULL;
return LDNS_STATUS_MEM_ERR;
}
/* Return tlsas that actually are TLSA resource records with known values
* for the Certificate usage, Selector and Matching type rdata fields.
*/
static ldns_rr_list*
ldns_dane_filter_unusable_records(const ldns_rr_list* tlsas)
{
size_t i;
ldns_rr_list* r = ldns_rr_list_new();
ldns_rr* tlsa_rr;
if (! r) {
return NULL;
}
for (i = 0; i < ldns_rr_list_rr_count(tlsas); i++) {
tlsa_rr = ldns_rr_list_rr(tlsas, i);
if (ldns_rr_get_type(tlsa_rr) == LDNS_RR_TYPE_TLSA &&
ldns_rr_rd_count(tlsa_rr) == 4 &&
ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0)) <= 3 &&
ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1)) <= 1 &&
ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2)) <= 2) {
if (! ldns_rr_list_push_rr(r, tlsa_rr)) {
ldns_rr_list_free(r);
return NULL;
}
}
}
return r;
}
/* Return whether cert/selector/matching_type matches data.
*/
static ldns_status
ldns_dane_match_cert_with_data(X509* cert, ldns_tlsa_selector selector,
ldns_tlsa_matching_type matching_type, ldns_rdf* data)
{
ldns_status s;
ldns_rdf* match_data;
s = ldns_dane_cert2rdf(&match_data, cert, selector, matching_type);
if (s == LDNS_STATUS_OK) {
if (ldns_rdf_compare(data, match_data) != 0) {
s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH;
}
ldns_rdf_free(match_data);
}
return s;
}
/* Return whether any certificate from the chain with selector/matching_type
* matches data.
* ca should be true if the certificate has to be a CA certificate too.
*/
static ldns_status
ldns_dane_match_any_cert_with_data(STACK_OF(X509)* chain,
ldns_tlsa_selector selector,
ldns_tlsa_matching_type matching_type,
ldns_rdf* data, bool ca)
{
ldns_status s = LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH;
size_t n, i;
X509* cert;
n = (size_t)sk_X509_num(chain);
for (i = 0; i < n; i++) {
cert = sk_X509_pop(chain);
if (! cert) {
s = LDNS_STATUS_SSL_ERR;
break;
}
s = ldns_dane_match_cert_with_data(cert,
selector, matching_type, data);
if (ca && s == LDNS_STATUS_OK && ! X509_check_ca(cert)) {
s = LDNS_STATUS_DANE_NON_CA_CERTIFICATE;
}
X509_free(cert);
if (s != LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH) {
break;
}
/* when s == LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH,
* try to match the next certificate
*/
}
return s;
}
ldns_status
ldns_dane_verify_rr(const ldns_rr* tlsa_rr,
X509* cert, STACK_OF(X509)* extra_certs,
X509_STORE* pkix_validation_store)
{
ldns_status s;
STACK_OF(X509)* pkix_validation_chain = NULL;
ldns_tlsa_certificate_usage cert_usage;
ldns_tlsa_selector selector;
ldns_tlsa_matching_type matching_type;
ldns_rdf* data;
if (! tlsa_rr) {
/* No TLSA, so regular PKIX validation
*/
return ldns_dane_pkix_validate(cert, extra_certs,
pkix_validation_store);
}
cert_usage = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 0));
selector = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 1));
matching_type = ldns_rdf2native_int8(ldns_rr_rdf(tlsa_rr, 2));
data = ldns_rr_rdf(tlsa_rr, 3) ;
switch (cert_usage) {
case LDNS_TLSA_USAGE_CA_CONSTRAINT:
s = ldns_dane_pkix_validate_and_get_chain(
&pkix_validation_chain,
cert, extra_certs,
pkix_validation_store);
if (! pkix_validation_chain) {
return s;
}
if (s == LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE) {
/*
* NO PKIX validation. We still try to match *any*
* certificate from the chain, so we return
* TLSA errors over PKIX errors.
*
* i.e. When the TLSA matches no certificate, we return
* TLSA_DID_NOT_MATCH and not PKIX_DID_NOT_VALIDATE
*/
s = ldns_dane_match_any_cert_with_data(
pkix_validation_chain,
selector, matching_type, data, true);
if (s == LDNS_STATUS_OK) {
/* A TLSA record did match a cert from the
* chain, thus the error is failed PKIX
* validation.
*/
s = LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE;
}
} else if (s == LDNS_STATUS_OK) {
/* PKIX validated, does the TLSA match too? */
s = ldns_dane_match_any_cert_with_data(
pkix_validation_chain,
selector, matching_type, data, true);
}
sk_X509_pop_free(pkix_validation_chain, X509_free);
return s;
break;
case LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT:
s = ldns_dane_match_cert_with_data(cert,
selector, matching_type, data);
if (s == LDNS_STATUS_OK) {
return ldns_dane_pkix_validate(cert, extra_certs,
pkix_validation_store);
}
return s;
break;
case LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION:
s = ldns_dane_pkix_get_chain(&pkix_validation_chain,
cert, extra_certs);
if (s == LDNS_STATUS_OK) {
s = ldns_dane_match_any_cert_with_data(
pkix_validation_chain,
selector, matching_type, data, false);
} else if (! pkix_validation_chain) {
return s;
}
sk_X509_pop_free(pkix_validation_chain, X509_free);
return s;
break;
case LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE:
return ldns_dane_match_cert_with_data(cert,
selector, matching_type, data);
break;
default:
break;
}
return LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE;
}
ldns_status
ldns_dane_verify(ldns_rr_list* tlsas,
X509* cert, STACK_OF(X509)* extra_certs,
X509_STORE* pkix_validation_store)
{
size_t i;
ldns_rr* tlsa_rr;
ldns_status s = LDNS_STATUS_OK, ps;
assert(cert != NULL);
if (tlsas && ldns_rr_list_rr_count(tlsas) > 0) {
tlsas = ldns_dane_filter_unusable_records(tlsas);
if (! tlsas) {
return LDNS_STATUS_MEM_ERR;
}
}
if (! tlsas || ldns_rr_list_rr_count(tlsas) == 0) {
/* No TLSA's, so regular PKIX validation
*/
return ldns_dane_pkix_validate(cert, extra_certs,
pkix_validation_store);
} else {
for (i = 0; i < ldns_rr_list_rr_count(tlsas); i++) {
tlsa_rr = ldns_rr_list_rr(tlsas, i);
ps = s;
s = ldns_dane_verify_rr(tlsa_rr, cert, extra_certs,
pkix_validation_store);
if (s != LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH &&
s != LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE) {
/* which would be LDNS_STATUS_OK (match)
* or some fatal error preventing use from
* trying the next TLSA record.
*/
break;
}
s = (s > ps ? s : ps); /* prefer PKIX_DID_NOT_VALIDATE
* over TLSA_DID_NOT_MATCH
*/
}
ldns_rr_list_free(tlsas);
}
return s;
}
#endif /* HAVE_SSL */

91
dname.c
View File

@ -30,6 +30,24 @@
#include <arpa/inet.h>
#endif
/* Returns whether the last label in the name is a root label (a empty label).
* Note that it is not enough to just test the last character to be 0,
* because it may be part of the last label itself.
*/
static bool
ldns_dname_last_label_is_root_label(const ldns_rdf* dname)
{
size_t src_pos;
size_t len = 0;
for (src_pos = 0; src_pos < ldns_rdf_size(dname); src_pos += len + 1) {
len = ldns_rdf_data(dname)[src_pos];
}
assert(src_pos == ldns_rdf_size(dname));
return src_pos > 0 && len == 0;
}
ldns_rdf *
ldns_dname_cat_clone(const ldns_rdf *rd1, const ldns_rdf *rd2)
{
@ -47,7 +65,7 @@ ldns_dname_cat_clone(const ldns_rdf *rd1, const ldns_rdf *rd2)
* rd, by reducing the size with 1
*/
left_size = ldns_rdf_size(rd1);
if (left_size > 0 &&ldns_rdf_data(rd1)[left_size - 1] == 0) {
if (ldns_dname_last_label_is_root_label(rd1)) {
left_size--;
}
@ -84,7 +102,7 @@ ldns_dname_cat(ldns_rdf *rd1, ldns_rdf *rd2)
* rd, by reducing the size with 1
*/
left_size = ldns_rdf_size(rd1);
if (left_size > 0 &&ldns_rdf_data(rd1)[left_size - 1] == 0) {
if (ldns_dname_last_label_is_root_label(rd1)) {
left_size--;
}
@ -102,36 +120,39 @@ ldns_dname_cat(ldns_rdf *rd1, ldns_rdf *rd2)
return LDNS_STATUS_OK;
}
ldns_rdf *
ldns_dname_reverse(const ldns_rdf *d)
ldns_rdf*
ldns_dname_reverse(const ldns_rdf *dname)
{
ldns_rdf *new;
ldns_rdf *tmp;
ldns_rdf *d_tmp;
ldns_status status;
size_t rd_size;
uint8_t* buf;
ldns_rdf* new;
size_t src_pos;
size_t len ;
d_tmp = ldns_rdf_clone(d);
new = ldns_dname_new_frm_str(".");
if(!new)
return NULL;
while(ldns_dname_label_count(d_tmp) > 0) {
tmp = ldns_dname_label(d_tmp, 0);
status = ldns_dname_cat(tmp, new);
if(status != LDNS_STATUS_OK) {
ldns_rdf_deep_free(new);
ldns_rdf_deep_free(d_tmp);
return NULL;
}
ldns_rdf_deep_free(new);
new = tmp;
tmp = ldns_dname_left_chop(d_tmp);
ldns_rdf_deep_free(d_tmp);
d_tmp = tmp;
assert(ldns_rdf_get_type(dname) == LDNS_RDF_TYPE_DNAME);
rd_size = ldns_rdf_size(dname);
buf = LDNS_XMALLOC(uint8_t, rd_size);
if (! buf) {
return NULL;
}
new = ldns_rdf_new(LDNS_RDF_TYPE_DNAME, rd_size, buf);
if (! new) {
LDNS_FREE(buf);
return NULL;
}
/* If dname ends in a root label, the reverse should too.
*/
if (ldns_dname_last_label_is_root_label(dname)) {
buf[rd_size - 1] = 0;
rd_size -= 1;
}
for (src_pos = 0; src_pos < rd_size; src_pos += len + 1) {
len = ldns_rdf_data(dname)[src_pos];
memcpy(&buf[rd_size - src_pos - len - 1],
&ldns_rdf_data(dname)[src_pos], len + 1);
}
ldns_rdf_deep_free(d_tmp);
return new;
}
@ -519,6 +540,18 @@ ldns_dname_str_absolute(const char *dname_str)
return 0;
}
bool
ldns_dname_absolute(const ldns_rdf *rdf)
{
char *str = ldns_rdf2str(rdf);
if (str) {
bool r = ldns_dname_str_absolute(str);
LDNS_FREE(str);
return r;
}
return false;
}
ldns_rdf *
ldns_dname_label(const ldns_rdf *rdf, uint8_t labelpos)
{

43
dnssec.c
View File

@ -743,7 +743,6 @@ ldns_dnssec_create_nsec_bitmap(ldns_rr_type rr_type_list[],
memcpy(data + cur_data_size + 2, cur_data, cur_window_max+1);
cur_data_size += cur_window_max + 3;
}
bitmap_rdf = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_NSEC,
cur_data_size,
data);
@ -1154,12 +1153,15 @@ ldns_create_nsec3(ldns_rdf *cur_owner,
salt_length,
salt);
status = ldns_dname_cat(hashed_owner, cur_zone);
if(status != LDNS_STATUS_OK)
if(status != LDNS_STATUS_OK) {
ldns_rdf_deep_free(hashed_owner);
return NULL;
}
nsec = ldns_rr_new_frm_type(LDNS_RR_TYPE_NSEC3);
if(!nsec)
if(!nsec) {
ldns_rdf_deep_free(hashed_owner);
return NULL;
}
ldns_rr_set_type(nsec, LDNS_RR_TYPE_NSEC3);
ldns_rr_set_owner(nsec, hashed_owner);
@ -1443,8 +1445,9 @@ ldns_pkt_verify_time(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o,
sigs = s;
} else {
/* otherwise get them from the packet */
sigs = ldns_pkt_rr_list_by_name_and_type(p, o, LDNS_RR_TYPE_RRSIG,
LDNS_SECTION_ANY_NOQUESTION);
sigs = ldns_pkt_rr_list_by_name_and_type(p, o,
LDNS_RR_TYPE_RRSIG,
LDNS_SECTION_ANY_NOQUESTION);
if (!sigs) {
/* no sigs */
return LDNS_STATUS_ERR;
@ -1457,24 +1460,26 @@ ldns_pkt_verify_time(ldns_pkt *p, ldns_rr_type t, ldns_rdf *o,
*/
t_netorder = htons(t); /* rdf are in network order! */
/* a type identifier is a 16-bit number, so the size is 2 bytes */
rdf_t = ldns_rdf_new(LDNS_RDF_TYPE_TYPE,
2,
&t_netorder);
rdf_t = ldns_rdf_new(LDNS_RDF_TYPE_TYPE, 2, &t_netorder);
sigs_covered = ldns_rr_list_subtype_by_rdf(sigs, rdf_t, 0);
ldns_rdf_free(rdf_t);
if (! sigs_covered) {
if (! s) {
ldns_rr_list_deep_free(sigs);
}
return LDNS_STATUS_ERR;
}
ldns_rr_list_deep_free(sigs_covered);
rrset = ldns_pkt_rr_list_by_name_and_type(p,
o,
t,
LDNS_SECTION_ANY_NOQUESTION);
rrset = ldns_pkt_rr_list_by_name_and_type(p, o, t,
LDNS_SECTION_ANY_NOQUESTION);
if (!rrset) {
if (! s) {
ldns_rr_list_deep_free(sigs);
}
return LDNS_STATUS_ERR;
}
if (!sigs_covered) {
return LDNS_STATUS_ERR;
}
return ldns_verify_time(rrset, sigs, k, check_time, good_keys);
}

33
dnssec_sign.c
View File

@ -260,6 +260,8 @@ ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys)
ldns_buffer_free(sign_buf);
/* ERROR */
ldns_rr_list_deep_free(rrset_clone);
ldns_rr_free(current_sig);
ldns_rr_list_deep_free(signatures);
return NULL;
}
@ -268,6 +270,8 @@ ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys)
!= LDNS_STATUS_OK) {
ldns_buffer_free(sign_buf);
ldns_rr_list_deep_free(rrset_clone);
ldns_rr_free(current_sig);
ldns_rr_list_deep_free(signatures);
return NULL;
}
@ -276,6 +280,8 @@ ldns_sign_public(ldns_rr_list *rrset, ldns_key_list *keys)
if (!b64rdf) {
/* signing went wrong */
ldns_rr_list_deep_free(rrset_clone);
ldns_rr_free(current_sig);
ldns_rr_list_deep_free(signatures);
return NULL;
}
@ -481,10 +487,7 @@ ldns_sign_public_rsasha1(ldns_buffer *to_sign, RSA *key)
(unsigned char*)ldns_buffer_begin(b64sig),
&siglen, key);
if (result != 1) {
return NULL;
}
if (result != 1) {
ldns_buffer_free(b64sig);
return NULL;
}
@ -859,16 +862,14 @@ ldns_dnssec_zone_create_nsec3s_mkmap(ldns_dnssec_zone *zone,
ldns_rbtree_next(current_name_node));
}
if (result != LDNS_STATUS_OK) {
ldns_rr_list_free(nsec3_list);
return result;
}
ldns_rr_list_sort_nsec3(nsec3_list);
result = ldns_dnssec_chain_nsec3_list(nsec3_list);
if (result != LDNS_STATUS_OK) {
return result;
}
ldns_rr_list_free(nsec3_list);
return result;
}
@ -1023,9 +1024,9 @@ ldns_key_list_filter_for_non_dnskey(ldns_key_list *key_list)
}
ldns_status
ldns_dnssec_zone_create_rrsigs_flg( ATTR_UNUSED(ldns_dnssec_zone *zone)
, ATTR_UNUSED(ldns_rr_list *new_rrs)
, ATTR_UNUSED(ldns_key_list *key_list)
ldns_dnssec_zone_create_rrsigs_flg( ldns_dnssec_zone *zone
, ldns_rr_list *new_rrs
, ldns_key_list *key_list
, int (*func)(ldns_rr *, void*)
, void *arg
, int flags
@ -1112,9 +1113,11 @@ ldns_dnssec_zone_create_rrsigs_flg( ATTR_UNUSED(ldns_dnssec_zone *zone)
cur_rrset->signatures = ldns_dnssec_rrs_new();
cur_rrset->signatures->rr =
ldns_rr_list_rr(siglist, i);
}
if (new_rrs) {
ldns_rr_list_push_rr(new_rrs,
ldns_rr_list_rr(siglist,
i));
ldns_rr_list_rr(siglist,
i));
}
}
ldns_rr_list_free(siglist);
@ -1146,8 +1149,10 @@ ldns_dnssec_zone_create_rrsigs_flg( ATTR_UNUSED(ldns_dnssec_zone *zone)
cur_name->nsec_signatures = ldns_dnssec_rrs_new();
cur_name->nsec_signatures->rr =
ldns_rr_list_rr(siglist, i);
}
if (new_rrs) {
ldns_rr_list_push_rr(new_rrs,
ldns_rr_list_rr(siglist, i));
ldns_rr_list_rr(siglist, i));
}
}

61
dnssec_verify.c
View File

@ -285,9 +285,11 @@ ldns_dnssec_build_data_chain(ldns_resolver *res,
ldns_rr_class c = 0;
bool other_rrset = false;
ldns_dnssec_data_chain *new_chain = ldns_dnssec_data_chain_new();
assert(pkt != NULL);
if (!ldns_dnssec_pkt_has_rrsigs(pkt)) {
/* hmm. no dnssec data in the packet. go up to try and deny
* DS? */
@ -402,15 +404,16 @@ ldns_dnssec_build_data_chain(ldns_resolver *res,
if (signatures && ldns_rr_list_rr_count(signatures) > 0) {
key_name = ldns_rr_rdf(ldns_rr_list_rr(signatures, 0), 7);
}
if (!key_name) {
if (signatures) {
ldns_rr_list_deep_free(signatures);
}
return ldns_dnssec_build_data_chain_nokeyname(res,
qflags,
orig_rr,
rrset,
new_chain);
}
if (type != LDNS_RR_TYPE_DNSKEY) {
ldns_dnssec_build_data_chain_dnskey(res,
qflags,
@ -419,7 +422,7 @@ ldns_dnssec_build_data_chain(ldns_resolver *res,
new_chain,
key_name,
c
);
);
} else {
ldns_dnssec_build_data_chain_other(res,
qflags,
@ -427,13 +430,11 @@ ldns_dnssec_build_data_chain(ldns_resolver *res,
key_name,
c,
dss
);
);
}
if (signatures) {
ldns_rr_list_deep_free(signatures);
}
return new_chain;
}
@ -826,10 +827,7 @@ ldns_dnssec_derive_trust_tree_normal_rrset_time(
/* might contain different names!
sort and split */
ldns_rr_list_sort(cur_rrset);
if (tmp_rrset && tmp_rrset != cur_rrset) {
ldns_rr_list_deep_free(tmp_rrset);
tmp_rrset = NULL;
}
assert(tmp_rrset == cur_rrset);
tmp_rrset = ldns_rr_list_pop_rrset(cur_rrset);
/* with nsecs, this might be the wrong one */
@ -849,6 +847,12 @@ ldns_dnssec_derive_trust_tree_normal_rrset_time(
cur_sig_rr,
cur_parent_rr,
check_time);
if (tmp_rrset && tmp_rrset != cur_rrset
) {
ldns_rr_list_deep_free(
tmp_rrset);
tmp_rrset = NULL;
}
/* avoid dupes */
for (i = 0; i < new_tree->parent_count; i++) {
if (cur_parent_rr == new_tree->parents[i]->rr) {
@ -870,9 +874,6 @@ ldns_dnssec_derive_trust_tree_normal_rrset_time(
}
}
done:
if (tmp_rrset && tmp_rrset != cur_rrset) {
ldns_rr_list_deep_free(tmp_rrset);
}
ldns_rr_list_deep_free(cur_rrset);
}
@ -1077,7 +1078,8 @@ ldns_dnssec_trust_tree_contains_keys(ldns_dnssec_trust_tree *tree,
if (tree->parent_status[i] != LDNS_STATUS_OK) {
result = tree->parent_status[i];
} else {
if (ldns_rr_get_type(tree->rr)
if (tree->rr &&
ldns_rr_get_type(tree->rr)
== LDNS_RR_TYPE_NSEC &&
parent_result == LDNS_STATUS_OK
) {
@ -1210,8 +1212,8 @@ ldns_fetch_valid_domain_keys_time(const ldns_resolver *res,
*status = LDNS_STATUS_CRYPTO_NO_TRUSTED_DNSKEY;
parent_domain = ldns_dname_left_chop(domain);
while (ldns_rdf_size(parent_domain) > 0) {
/* Fail if we are at the root */
while (parent_domain && /* Fail if we are at the root*/
ldns_rdf_size(parent_domain) > 0) {
if ((parent_keys =
ldns_fetch_valid_domain_keys_time(res,
@ -1247,7 +1249,9 @@ ldns_fetch_valid_domain_keys_time(const ldns_resolver *res,
ldns_rdf_deep_free(prev_parent_domain);
}
}
ldns_rdf_deep_free(parent_domain);
if (parent_domain) {
ldns_rdf_deep_free(parent_domain);
}
}
}
return trusted_keys;
@ -1519,12 +1523,11 @@ ldns_dnssec_verify_denial(ldns_rr *rr,
rr_name = ldns_rr_owner(rr);
chopped_dname = ldns_dname_left_chop(rr_name);
result = ldns_dname_cat(wildcard_name, chopped_dname);
ldns_rdf_deep_free(chopped_dname);
if (result != LDNS_STATUS_OK) {
return result;
}
ldns_rdf_deep_free(chopped_dname);
for (i = 0; i < ldns_rr_list_rr_count(nsecs); i++) {
cur_nsec = ldns_rr_list_rr(nsecs, i);
if (ldns_dname_compare(rr_name, ldns_rr_owner(cur_nsec)) == 0) {
@ -1576,7 +1579,6 @@ ldns_dnssec_verify_denial(ldns_rr *rr,
return LDNS_STATUS_OK;
}
#ifdef HAVE_SSL
ldns_status
ldns_dnssec_verify_denial_nsec3_match( ldns_rr *rr
, ldns_rr_list *nsecs
@ -1612,7 +1614,7 @@ ldns_dnssec_verify_denial_nsec3_match( ldns_rr *rr
ldns_rr_get_type(rr),
nsecs);
if(!closest_encloser) {
result = LDNS_STATUS_NSEC3_ERR;
result = LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED;
goto done;
}
@ -1636,16 +1638,14 @@ ldns_dnssec_verify_denial_nsec3_match( ldns_rr *rr
ldns_rdf_deep_free(hashed_wildcard_name);
}
if (! wildcard_covered) {
result = LDNS_STATUS_DNSSEC_NSEC_WILDCARD_NOT_COVERED;
} else {
result = LDNS_STATUS_OK;
}
ldns_rdf_deep_free(closest_encloser);
ldns_rdf_deep_free(wildcard);
if (!wildcard_covered) {
result = LDNS_STATUS_DNSSEC_NSEC_WILDCARD_NOT_COVERED;
} else if (closest_encloser && wildcard_covered) {
result = LDNS_STATUS_OK;
} else {
result = LDNS_STATUS_DNSSEC_NSEC_RR_NOT_COVERED;
}
} else if (packet_nodata && packet_qtype != LDNS_RR_TYPE_DS) {
/* section 8.5 */
hashed_name = ldns_nsec3_hash_name_frm_nsec3(
@ -1819,9 +1819,6 @@ ldns_dnssec_verify_denial_nsec3(ldns_rr *rr,
);
}
#endif /* HAVE_SSL */
#ifdef USE_GOST
EVP_PKEY*
ldns_gost2pkey_raw(unsigned char* key, size_t keylen)

27
dnssec_zone.c
View File

@ -708,6 +708,7 @@ ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, ldns_rdf* origin,
case LDNS_STATUS_SYNTAX_EMPTY: /* empty line was seen */
case LDNS_STATUS_SYNTAX_TTL: /* the ttl was set*/
case LDNS_STATUS_SYNTAX_ORIGIN: /* the origin was set*/
status = LDNS_STATUS_OK;
break;
case LDNS_STATUS_SYNTAX_INCLUDE:/* $include not implemented */
@ -721,38 +722,42 @@ ldns_dnssec_zone_new_frm_fp_l(ldns_dnssec_zone** z, FILE* fp, ldns_rdf* origin,
if (ldns_rr_list_rr_count(todo_nsec3s) > 0) {
(void) ldns_dnssec_zone_add_empty_nonterminals(newzone);
for (i = 0; i < ldns_rr_list_rr_count(todo_nsec3s); i++) {
for (i = 0; status == LDNS_STATUS_OK &&
i < ldns_rr_list_rr_count(todo_nsec3s); i++) {
cur_rr = ldns_rr_list_rr(todo_nsec3s, i);
status = ldns_dnssec_zone_add_rr(newzone, cur_rr);
}
for (i = 0; i < ldns_rr_list_rr_count(todo_nsec3_rrsigs); i++){
for (i = 0; status == LDNS_STATUS_OK &&
i < ldns_rr_list_rr_count(todo_nsec3_rrsigs);
i++){
cur_rr = ldns_rr_list_rr(todo_nsec3_rrsigs, i);
status = ldns_dnssec_zone_add_rr(newzone, cur_rr);
}
} else if (ldns_rr_list_rr_count(todo_nsec3_rrsigs) > 0) {
for (i = 0; i < ldns_rr_list_rr_count(todo_nsec3_rrsigs); i++){
for (i = 0; status == LDNS_STATUS_OK &&
i < ldns_rr_list_rr_count(todo_nsec3_rrsigs);
i++){
cur_rr = ldns_rr_list_rr(todo_nsec3_rrsigs, i);
status = ldns_dnssec_zone_add_rr(newzone, cur_rr);
}
}
ldns_rr_list_free(todo_nsec3_rrsigs);
ldns_rr_list_free(todo_nsec3s);
if (z) {
*z = newzone;
newzone = NULL;
} else {
ldns_dnssec_zone_free(newzone);
}
return LDNS_STATUS_OK;
error:
#ifdef FASTER_DNSSEC_ZONE_NEW_FRM_FP
if (zone) {
ldns_zone_free(zone);
}
#endif
ldns_rr_list_free(todo_nsec3_rrsigs);
ldns_rr_list_free(todo_nsec3s);
if (my_origin) {
ldns_rdf_deep_free(my_origin);
}
@ -822,7 +827,6 @@ ldns_dname_compare_v(const void *a, const void *b) {
return ldns_dname_compare((ldns_rdf *)a, (ldns_rdf *)b);
}
#ifdef HAVE_SSL
ldns_rbnode_t *
ldns_dnssec_zone_find_nsec3_original(ldns_dnssec_zone *zone,
ldns_rr *rr) {
@ -912,7 +916,6 @@ ldns_dnssec_zone_add_rr(ldns_dnssec_zone *zone, ldns_rr *rr)
return result;
}
#endif /* HAVE_SSL */
void
ldns_dnssec_zone_names_print_fmt(FILE *out, const ldns_output_format *fmt,
@ -1009,7 +1012,9 @@ ldns_dnssec_zone_add_empty_nonterminals(ldns_dnssec_zone *zone)
if (next_node == LDNS_RBTREE_NULL) {
next_node = ldns_rbtree_first(zone->names);
}
if (! cur_node->data || ! next_node->data) {
return LDNS_STATUS_ERR;
}
cur_name = ((ldns_dnssec_name *)cur_node->data)->name;
next_name = ((ldns_dnssec_name *)next_node->data)->name;
cur_label_count = ldns_dname_label_count(cur_name);

19
doc/doxyparse.pl
View File

@ -87,7 +87,7 @@ if (defined $options{'m'}) {
# 0 - somewhere in the file
# 1 - in a doxygen par
# 2 - after doxygen, except funcion
# 2 - after doxygen, expect function
# create our pwd
mkdir "doc";
@ -126,7 +126,14 @@ while($i < $max) {
}
if ($cur_line =~ /\*\// and $state == 1) {
#print "END Comment seen!\n";
$state = 2;
if ($description =~ /^\\\\file/mg) {
# Doxygen text for the file, do not expect
# a function coming.
#
$state = 0;
} else {
$state = 2;
}
$i++;
next;
}
@ -184,6 +191,14 @@ while($i < $max) {
$description =~ s/\\param\[out\][ \t]*([\*\w]+)[ \t]+/.br\n\\fB$1\\fR: /g;
$description =~ s/\\return[ \t]*/.br\nReturns /g;
# Delete leading spaces to prevent manpages to be ascii format-
# ted and enable justification of text.
#
$description =~ s/^[ \t]*//mg;
# Prevent hyphening of all caps and underscore words
$description =~ s/\b([A-Z_]+)\b/\\%$1/g;
$description{$key} = $description;
$api{$key} = $api;
$return{$key} = $return;

5
doc/function_manpages
View File

@ -39,6 +39,11 @@ ldns_dname_compare, ldns_dname_interval | ldns_dname_is_subdomain | ldns_dname
ldns_dname | ldns_dname_left_chop, ldns_dname_label_count, ldns_dname2canonical, ldns_dname_cat, ldns_dname_cat_clone, ldns_dname_new, ldns_dname_new_frm_str, ldns_dname_new_frm_data, ldns_dname_is_subdomain, ldns_dname_str_absolute, ldns_dname_label, ldns_dname_compare, ldns_dname_interval
### /dname.h
### dane.h
ldns_dane_create_tlsa_owner, ldns_dane_cert2rdf, ldns_dane_select_certificate, ldns_dane_create_tlsa_rr | ldns_dane_verify, ldns_dane_verify_rr
ldns_dane_verify, ldns_dane_verify_rr | ldns_dane_create_tlsa_owner, ldns_dane_cert2rdf, ldns_dane_select_certificate, ldns_dane_create_tlsa_rr
### /dane.h
### rdata.h
ldns_rdf, ldns_rdf_type | ldns_rdf_set_size, ldns_rdf_set_type, ldns_rdf_set_data, ldns_rdf_size, ldns_rdf_get_type, ldns_rdf_data, ldns_rdf_compare, ldns_rdf_new, ldns_rdf_clone, ldns_rdf_new_frm_data, ldns_rdf_new_frm_str, ldns_rdf_new_frm_fp, ldns_rdf_free, ldns_rdf_deep_free, ldns_rdf_print, ldns_native2rdf_int8, ldns_native2rdf_int16, ldns_native2rdf_int32, ldns_native2rdf_int16_data, ldns_rdf2native_int8, ldns_rdf2native_int16, ldns_rdf2native_int32, ldns_rdf2native_sockaddr_storage, ldns_rdf2native_time_t, ldns_native2rdf_int8, ldns_native2rdf_int16, ldns_native2rdf_int32, ldns_native2rdf_int16_data, ldns_rdf2native_int8, ldns_rdf2native_int16, ldns_rdf2native_int32, ldns_rdf2native_sockaddr_storage, ldns_rdf2native_time_t, ldns_native2rdf_int8, ldns_native2rdf_int16, ldns_native2rdf_int32, ldns_native2rdf_int16_data, ldns_rdf2native_int8, ldns_rdf2native_int16, ldns_rdf2native_int32, ldns_rdf2native_sockaddr_storage, ldns_rdf2native_time_t
ldns_rdf_set_size, ldns_rdf_set_type, ldns_rdf_set_data | ldns_rdf

8
drill/Makefile.in
View File

@ -9,6 +9,7 @@ exec_prefix = @exec_prefix@
bindir = @bindir@
mandir = @mandir@
includedir = @includedir@
datarootdir = @datarootdir@
CC = @CC@
CFLAGS = -I. @CFLAGS@
@ -77,7 +78,6 @@ docclean:
distclean: clean docclean
rm -f config.h
rm -f drill.h
realclean: clean docclean
rm -f tags
@ -88,9 +88,9 @@ realclean: clean docclean
rm -rf autom4te.cache
rm -f config.h
rm -f config.h.in
rm -f drill.h
rm -f configure
rm -f Makefile
rm -f drill.1
rm -f aclocal.m4
doc:
@ -99,7 +99,7 @@ doc:
install: all
$(INSTALL) -d $(DESTDIR)$(bindir)
$(INSTALL) drill $(DESTDIR)$(bindir)/drill
$(INSTALL) -m 644 $(srcdir)/drill.1 $(DESTDIR)$(mandir)/man1/drill.1
$(INSTALL) -m 644 drill.1 $(DESTDIR)$(mandir)/man1/drill.1
uninstall:
@echo
@ -116,4 +116,4 @@ lint:
done
confclean: clean
rm -rf config.log config.status config.h Makefile
rm -rf config.log config.status config.h Makefile drill.1

14
drill/chasetrace.c
View File

@ -45,7 +45,15 @@ do_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t,
p = ldns_pkt_new();
res = ldns_resolver_new();
if (!p || !res) {
if (!p) {
if (res) {
ldns_resolver_free(res);
}
error("Memory allocation failed");
return NULL;
}
if (!res) {
ldns_pkt_free(p);
error("Memory allocation failed");
return NULL;
}
@ -73,6 +81,8 @@ do_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t,
if (status != LDNS_STATUS_OK) {
fprintf(stderr, "Error adding root servers to resolver: %s\n", ldns_get_errorstr_by_id(status));
ldns_rr_list_print(stdout, global_dns_root);
ldns_resolver_free(res);
ldns_pkt_free(p);
return NULL;
}
@ -118,7 +128,7 @@ do_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t,
drill_pkt_print_footer(stdout, local_res, p);
/* remove the old nameserver from the resolver */
while((pop = ldns_resolver_pop_nameserver(res))) { /* do it */ }
while(ldns_resolver_pop_nameserver(res)) { /* do it */ }
/* also check for new_nss emptyness */

3
drill/config.h.in
View File

@ -111,6 +111,9 @@
/* Define to 1 if you have the <ws2tcpip.h> header file. */
#undef HAVE_WS2TCPIP_H
/* Default trust anchor file */
#undef LDNS_TRUST_ANCHOR_FILE
/* Define to the address where bug reports for this package should be sent. */
#undef PACKAGE_BUGREPORT

58
drill/configure vendored
View File

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.68 for ldns 1.6.13.
# Generated by GNU Autoconf 2.68 for ldns 1.6.16.
#
# Report bugs to <libdns@nlnetlabs.nl>.
#
@ -560,8 +560,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='ldns'
PACKAGE_TARNAME='libdns'
PACKAGE_VERSION='1.6.13'
PACKAGE_STRING='ldns 1.6.13'
PACKAGE_VERSION='1.6.16'
PACKAGE_STRING='ldns 1.6.16'
PACKAGE_BUGREPORT='libdns@nlnetlabs.nl'
PACKAGE_URL=''
@ -604,6 +604,7 @@ ac_includes_default="\
ac_subst_vars='LTLIBOBJS
LIBOBJS
LDNS_TRUST_ANCHOR_FILE
LDNSDIR
LIBS_STC
RUNTIME_PATH
@ -664,6 +665,7 @@ enable_option_checking
enable_rpath
with_ssl
with_ldns
with_trust_anchor
'
ac_precious_vars='build_alias
host_alias
@ -1216,7 +1218,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures ldns 1.6.13 to adapt to many kinds of systems.
\`configure' configures ldns 1.6.16 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1277,7 +1279,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of ldns 1.6.13:";;
short | recursive ) echo "Configuration of ldns 1.6.16:";;
esac
cat <<\_ACEOF
@ -1296,6 +1298,9 @@ Optional Packages:
--with-ldns=PATH specify prefix of path of ldns library to use
--with-trust-anchor=KEYFILE
Default location of the trust anchor file.
[default=SYSCONFDIR/unbound/root.key]
Some influential environment variables:
CC C compiler command
@ -1373,7 +1378,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
ldns configure 1.6.13
ldns configure 1.6.16
generated by GNU Autoconf 2.68
Copyright (C) 2010 Free Software Foundation, Inc.
@ -1796,7 +1801,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by ldns $as_me 1.6.13, which was
It was created by ldns $as_me 1.6.16, which was
generated by GNU Autoconf 2.68. Invocation command line was
$ $0 $@
@ -5379,7 +5384,6 @@ else
as_fn_error $? "Can't find ldns library" "$LINENO" 5
fi
fi
@ -5387,8 +5391,39 @@ fi
# Check whether --with-trust-anchor was given.
if test "${with_trust_anchor+set}" = set; then :
withval=$with_trust_anchor;
LDNS_TRUST_ANCHOR_FILE="$withval"
ac_config_files="$ac_config_files Makefile"
else
if test "x$LDNS_TRUST_ANCHOR_FILE" = "x"; then
if test "x$sysconfdir" = 'x${prefix}/etc' ; then
if test "x$prefix" = 'xNONE' ; then
LDNS_TRUST_ANCHOR_FILE="/etc/unbound/root.key"
else
LDNS_TRUST_ANCHOR_FILE="${prefix}/etc/unbound/root.key"
fi
else
LDNS_TRUST_ANCHOR_FILE="${sysconfdir}/unbound/root.key"
fi
fi
fi
cat >>confdefs.h <<_ACEOF
#define LDNS_TRUST_ANCHOR_FILE "$LDNS_TRUST_ANCHOR_FILE"
_ACEOF
{ $as_echo "$as_me:${as_lineno-$LINENO}: Default trust anchor: $LDNS_TRUST_ANCHOR_FILE" >&5
$as_echo "$as_me: Default trust anchor: $LDNS_TRUST_ANCHOR_FILE" >&6;}
ac_config_files="$ac_config_files Makefile drill.1"
ac_config_headers="$ac_config_headers config.h"
@ -5910,7 +5945,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by ldns $as_me 1.6.13, which was
This file was extended by ldns $as_me 1.6.16, which was
generated by GNU Autoconf 2.68. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -5972,7 +6007,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
ldns config.status 1.6.13
ldns config.status 1.6.16
configured by $0, generated by GNU Autoconf 2.68,
with options \\"\$ac_cs_config\\"
@ -6094,6 +6129,7 @@ for ac_config_target in $ac_config_targets
do
case $ac_config_target in
"Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
"drill.1") CONFIG_FILES="$CONFIG_FILES drill.1" ;;
"config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
*) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;

26
drill/configure.ac
View File

@ -2,7 +2,7 @@
# Process this file with autoconf to produce a configure script.
AC_PREREQ(2.56)
AC_INIT(ldns, 1.6.13, libdns@nlnetlabs.nl,libdns)
AC_INIT(ldns, 1.6.16, libdns@nlnetlabs.nl,libdns)
AC_CONFIG_SRCDIR([drill.c])
sinclude(../acx_nlnetlabs.m4)
@ -170,13 +170,33 @@ if test -f $ldns_dev_dir/ldns/util.h && \
else
AC_MSG_RESULT([no])
AC_CHECK_LIB(ldns, ldns_rr_new, , [
AC_MSG_ERROR([Can't find ldns library])
AC_MSG_ERROR([Can't find ldns library])dnl '
]
)
fi
AC_SUBST(LDNSDIR)
AC_ARG_WITH(trust-anchor, AC_HELP_STRING([--with-trust-anchor=KEYFILE],
[Default location of the trust anchor file. [default=SYSCONFDIR/unbound/root.key]]), [
LDNS_TRUST_ANCHOR_FILE="$withval"
],[
if test "x$LDNS_TRUST_ANCHOR_FILE" = "x"; then
if test "x$sysconfdir" = 'x${prefix}/etc' ; then
if test "x$prefix" = 'xNONE' ; then
LDNS_TRUST_ANCHOR_FILE="/etc/unbound/root.key"
else
LDNS_TRUST_ANCHOR_FILE="${prefix}/etc/unbound/root.key"
fi
else
LDNS_TRUST_ANCHOR_FILE="${sysconfdir}/unbound/root.key"
fi
fi
])
AC_DEFINE_UNQUOTED([LDNS_TRUST_ANCHOR_FILE], ["$LDNS_TRUST_ANCHOR_FILE"], [Default trust anchor file])
AC_SUBST(LDNS_TRUST_ANCHOR_FILE)
AC_MSG_NOTICE([Default trust anchor: $LDNS_TRUST_ANCHOR_FILE])
AH_BOTTOM([
#include <stdio.h>
@ -254,6 +274,6 @@ extern int optind, opterr;
#endif
])
AC_CONFIG_FILES([Makefile])
AC_CONFIG_FILES([Makefile drill.1])
AC_CONFIG_HEADER([config.h])
AC_OUTPUT

107
drill/dnssec.c
View File

@ -22,12 +22,10 @@ get_rr(ldns_resolver *res, ldns_rdf *zname, ldns_rr_type t, ldns_rr_class c)
p = ldns_pkt_new();
found = NULL;
if (ldns_resolver_send(&p, res, zname, t, c, 0) != LDNS_STATUS_OK) {
/* oops */
return NULL;
} else {
if (ldns_resolver_send(&p, res, zname, t, c, 0) == LDNS_STATUS_OK) {
found = ldns_pkt_rr_list_by_type(p, t, LDNS_SECTION_ANY_NOQUESTION);
}
ldns_pkt_free(p);
return found;
}
@ -36,6 +34,7 @@ drill_pkt_print(FILE *fd, ldns_resolver *r, ldns_pkt *p)
{
ldns_rr_list *new_nss;
ldns_rr_list *hostnames;
char *answerfrom_str;
if (verbosity < 5) {
return;
@ -46,8 +45,7 @@ drill_pkt_print(FILE *fd, ldns_resolver *r, ldns_pkt *p)
new_nss = ldns_pkt_rr_list_by_type(p,
LDNS_RR_TYPE_NS, LDNS_SECTION_ANSWER);
ldns_rr_list_print(fd, new_nss);
/* new_nss can be empty.... */
ldns_rr_list_deep_free(new_nss);
fprintf(fd, ";; Received %d bytes from %s#%d(",
(int) ldns_pkt_size(p),
@ -59,7 +57,11 @@ drill_pkt_print(FILE *fd, ldns_resolver *r, ldns_pkt *p)
ldns_rr_rdf(ldns_rr_list_rr(hostnames, 0), 0));
ldns_rr_list_deep_free(hostnames);
} else {
fprintf(fd, "%s", ldns_rdf2str(ldns_pkt_answerfrom(p)));
answerfrom_str = ldns_rdf2str(ldns_pkt_answerfrom(p));
if (answerfrom_str) {
fprintf(fd, "%s", answerfrom_str);
LDNS_FREE(answerfrom_str);
}
}
fprintf(fd, ") in %u ms\n\n", (unsigned int)ldns_pkt_querytime(p));
}
@ -68,6 +70,7 @@ void
drill_pkt_print_footer(FILE *fd, ldns_resolver *r, ldns_pkt *p)
{
ldns_rr_list *hostnames;
char *answerfrom_str;
if (verbosity < 5) {
return;
@ -85,7 +88,11 @@ drill_pkt_print_footer(FILE *fd, ldns_resolver *r, ldns_pkt *p)
ldns_rr_rdf(ldns_rr_list_rr(hostnames, 0), 0));
ldns_rr_list_deep_free(hostnames);
} else {
fprintf(fd, "%s", ldns_rdf2str(ldns_pkt_answerfrom(p)));
answerfrom_str = ldns_rdf2str(ldns_pkt_answerfrom(p));
if (answerfrom_str) {
fprintf(fd, "%s", answerfrom_str);
LDNS_FREE(answerfrom_str);
}
}
fprintf(fd, ") in %u ms\n\n", (unsigned int)ldns_pkt_querytime(p));
}
@ -98,7 +105,6 @@ get_dnssec_rr(ldns_pkt *p, ldns_rdf *name, ldns_rr_type t,
ldns_rr_list **rrlist, ldns_rr_list **sig)
{
ldns_pkt_type pt = LDNS_PACKET_UNKNOWN;
ldns_rr_list *rr = NULL;
ldns_rr_list *sigs = NULL;
size_t i;
@ -111,36 +117,52 @@ get_dnssec_rr(ldns_pkt *p, ldns_rdf *name, ldns_rr_type t,
pt = ldns_pkt_reply_type(p);
if (name) {
rr = ldns_pkt_rr_list_by_name_and_type(p, name, t, LDNS_SECTION_ANSWER);
if (!rr) {
rr = ldns_pkt_rr_list_by_name_and_type(p, name, t, LDNS_SECTION_AUTHORITY);
if (rrlist) {
*rrlist = ldns_pkt_rr_list_by_name_and_type(p, name, t,
LDNS_SECTION_ANSWER);
if (!*rrlist) {
*rrlist = ldns_pkt_rr_list_by_name_and_type(
p, name, t,
LDNS_SECTION_AUTHORITY);
}
}
sigs = ldns_pkt_rr_list_by_name_and_type(p, name, LDNS_RR_TYPE_RRSIG,
LDNS_SECTION_ANSWER);
if (!sigs) {
sigs = ldns_pkt_rr_list_by_name_and_type(p, name, LDNS_RR_TYPE_RRSIG,
LDNS_SECTION_AUTHORITY);
if (sig) {
sigs = ldns_pkt_rr_list_by_name_and_type(p, name,
LDNS_RR_TYPE_RRSIG,
LDNS_SECTION_ANSWER);
if (!sigs) {
sigs = ldns_pkt_rr_list_by_name_and_type(
p, name, LDNS_RR_TYPE_RRSIG,
LDNS_SECTION_AUTHORITY);
}
}
} else {
/* A DS-referral - get the DS records if they are there */
rr = ldns_pkt_rr_list_by_type(p, t, LDNS_SECTION_AUTHORITY);
sigs = ldns_pkt_rr_list_by_type(p, LDNS_RR_TYPE_RRSIG,
LDNS_SECTION_AUTHORITY);
/* A DS-referral - get the DS records if they are there */
if (rrlist) {
*rrlist = ldns_pkt_rr_list_by_type(
p, t, LDNS_SECTION_AUTHORITY);
}
if (sig) {
sigs = ldns_pkt_rr_list_by_type(p,
LDNS_RR_TYPE_RRSIG,
LDNS_SECTION_AUTHORITY);
}
}
if (sig) {
*sig = ldns_rr_list_new();
for (i = 0; i < ldns_rr_list_rr_count(sigs); i++) {
/* only add the sigs that cover this type */
if (ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(ldns_rr_list_rr(sigs, i))) ==
t) {
ldns_rr_list_push_rr(*sig, ldns_rr_clone(ldns_rr_list_rr(sigs, i)));
if (t == ldns_rdf2rr_type(ldns_rr_rrsig_typecovered(
ldns_rr_list_rr(sigs, i)))) {
ldns_rr_list_push_rr(*sig,
ldns_rr_clone(
ldns_rr_list_rr(
sigs, i)));
}
}
}
ldns_rr_list_deep_free(sigs);
if (rrlist) {
*rrlist = rr;
}
if (pt == LDNS_PACKET_NXDOMAIN || pt == LDNS_PACKET_NODATA) {
return pt;
@ -153,6 +175,7 @@ get_dnssec_rr(ldns_pkt *p, ldns_rdf *name, ldns_rr_type t,
ldns_status
ldns_verify_denial(ldns_pkt *pkt, ldns_rdf *name, ldns_rr_type type, ldns_rr_list **nsec_rrs, ldns_rr_list **nsec_rr_sigs)
{
#ifdef HAVE_SSL
uint16_t nsec_i;
ldns_rr_list *nsecs;
@ -216,12 +239,28 @@ ldns_verify_denial(ldns_pkt *pkt, ldns_rdf *name, ldns_rr_type type, ldns_rr_lis
ldns_rr_list* sigs = ldns_pkt_rr_list_by_type(pkt, LDNS_RR_TYPE_RRSIG, LDNS_SECTION_ANY_NOQUESTION);
ldns_rr* q = ldns_rr_new();
ldns_rr* match = NULL;
if(!sigs) return LDNS_STATUS_MEM_ERR;
if(!q) return LDNS_STATUS_MEM_ERR;
if(!sigs) {
if (q) {
ldns_rr_free(q);
}
ldns_rr_list_deep_free(nsecs);
return LDNS_STATUS_MEM_ERR;
}
if(!q) {
ldns_rr_list_deep_free(nsecs);
ldns_rr_list_deep_free(sigs);
return LDNS_STATUS_MEM_ERR;
}
ldns_rr_set_question(q, 1);
ldns_rr_set_ttl(q, 0);
ldns_rr_set_owner(q, ldns_rdf_clone(name));
if(!ldns_rr_owner(q)) return LDNS_STATUS_MEM_ERR;
if(!ldns_rr_owner(q)) {
ldns_rr_free(q);
ldns_rr_list_deep_free(sigs);
ldns_rr_list_deep_free(nsecs);
return LDNS_STATUS_MEM_ERR;
}
ldns_rr_set_type(q, type);
/* result = ldns_dnssec_verify_denial_nsec3(q, nsecs, sigs, ldns_pkt_get_rcode(pkt), type, ldns_pkt_ancount(pkt) == 0); */
@ -234,6 +273,14 @@ ldns_verify_denial(ldns_pkt *pkt, ldns_rdf *name, ldns_rr_type type, ldns_rr_lis
ldns_rr_list_deep_free(sigs);
}
return result;
#else
(void)pkt;
(void)name;
(void)type;
(void)nsec_rrs;
(void)nsec_rr_sigs;
return LDNS_STATUS_ERR;
#endif /* HAVE_SSL */
}
/* NSEC3 draft -07 */

12
drill/drill.1 → drill/drill.1.in
View File

@ -161,6 +161,11 @@ given \fBdrill\fR tries to validate the current answer with this
key. No chasing is done. When \fBdrill\fR is doing a secure trace, this
key will be used as trust anchor. Can contain a DNSKEY or a DS record.
Alternatively, when DNSSEC enabled tracing (\fB-TD\fR) or signature
chasing (\fB-S\fR), if \fB-k\fR is not specified, and a default trust anchor
(@LDNS_TRUST_ANCHOR_FILE@) exists and contains a valid DNSKEY or DS record,
it will be used as the trust anchor.
.TP
\fB\-o \fImnemonic\fR
Use this option to set or unset specific header bits. A bit is
@ -212,6 +217,13 @@ specify named base64 tsig key, and optional an algorithm (defaults to hmac-md5.s
\fB\-z \fR
don't randomize the nameserver list before sending queries.
.SH "FILES"
.TP
@LDNS_TRUST_ANCHOR_FILE@
The file from which trusted keys are loaded when no \fB-k\fR option is given.
.SH "SEE ALSO"
.LP
unbound-anchor(8)
.SH AUTHOR
Jelte Jansen and Miek Gieben. Both of NLnet Labs.

30
drill/drill.c
View File

@ -47,19 +47,25 @@ usage(FILE *stream, const char *progname)
fprintf(stream, "\t-6\t\tstay on ip6\n");
fprintf(stream, "\t-a\t\tfallback to EDNS0 and TCP if the answer is truncated\n");
fprintf(stream, "\t-b <bufsize>\tuse <bufsize> as the buffer size (defaults to 512 b)\n");
fprintf(stream, "\t-c <file>\t\tuse file for rescursive nameserver configuration (/etc/resolv.conf)\n");
fprintf(stream, "\t-k <file>\tspecify a file that contains a trusted DNSSEC key (DNSKEY|DS) [**]\n");
fprintf(stream, "\t\t\tused to verify any signatures in the current answer\n");
fprintf(stream, "\t-o <mnemonic>\tset flags to: [QR|qr][AA|aa][TC|tc][RD|rd][CD|cd][RA|ra][AD|ad]\n");
fprintf(stream, "\t-c <file>\tuse file for rescursive nameserver configuration"
"\n\t\t\t(/etc/resolv.conf)\n");
fprintf(stream, "\t-k <file>\tspecify a file that contains a trusted DNSSEC key [**]\n");
fprintf(stream, "\t\t\tUsed to verify any signatures in the current answer.\n");
fprintf(stream, "\t\t\tWhen DNSSEC enabled tracing (-TD) or signature\n"
"\t\t\tchasing (-S) and no key files are given, keys are read\n"
"\t\t\tfrom: %s\n",
LDNS_TRUST_ANCHOR_FILE);
fprintf(stream, "\t-o <mnemonic>\tset flags to:"
"\n\t\t\t[QR|qr][AA|aa][TC|tc][RD|rd][CD|cd][RA|ra][AD|ad]\n");
fprintf(stream, "\t\t\tlowercase: unset bit, uppercase: set bit\n");
fprintf(stream, "\t-p <port>\tuse <port> as remote port number\n");
fprintf(stream, "\t-s\t\tshow the DS RR for each key in a packet\n");
fprintf(stream, "\t-u\t\tsend the query with udp (the default)\n");
fprintf(stream, "\t-x\t\tdo a reverse lookup\n");
fprintf(stream, "\twhen doing a secure trace:\n");
fprintf(stream, "\t-r <file>\t\tuse file as root servers hint file\n");
fprintf(stream, "\t-r <file>\tuse file as root servers hint file\n");
fprintf(stream, "\t-t\t\tsend the query with tcp (connected)\n");
fprintf(stream, "\t-d <domain>\t\tuse domain as the start point for the trace\n");
fprintf(stream, "\t-d <domain>\tuse domain as the start point for the trace\n");
fprintf(stream, "\t-y <name:key[:algo]>\tspecify named base64 tsig key, and optional an\n\t\t\talgorithm (defaults to hmac-md5.sig-alg.reg.int)\n");
fprintf(stream, "\t-z\t\tdon't randomize the nameservers before use\n");
fprintf(stream, "\n [*] = enables/implies DNSSEC\n");
@ -272,7 +278,8 @@ main(int argc, char *argv[])
qusevc = true;
break;
case 'k':
status = read_key_file(optarg, key_list);
status = read_key_file(optarg,
key_list, false);
if (status != LDNS_STATUS_OK) {
error("Could not parse the key file %s: %s", optarg, ldns_get_errorstr_by_id(status));
}
@ -397,6 +404,15 @@ main(int argc, char *argv[])
argc -= optind;
argv += optind;
if ((PURPOSE == DRILL_CHASE || (PURPOSE == DRILL_TRACE && qdnssec)) &&
ldns_rr_list_rr_count(key_list) == 0) {
(void) read_key_file(LDNS_TRUST_ANCHOR_FILE, key_list, true);
}
if (ldns_rr_list_rr_count(key_list) > 0) {
printf(";; Number of trusted keys: %d\n",
(int) ldns_rr_list_rr_count(key_list));
}
/* do a secure trace when requested */
if (PURPOSE == DRILL_TRACE && qdnssec) {
#ifdef HAVE_SSL

1
drill/drill.h
View File

@ -85,7 +85,6 @@ ldns_status ldns_verify_denial(ldns_pkt *pkt,
ldns_rr_list **nsec_rrs,
ldns_rr_list **nsec_rr_sigs);
ldns_status read_key_file(const char *filename, ldns_rr_list *key_list);
ldns_pkt *read_hex_pkt(char *filename);
ldns_buffer *read_hex_buffer(char *filename);
void init_root(void);

32
drill/drill_util.c
View File

@ -13,14 +13,14 @@
#include <errno.h>
static size_t
static int
read_line(FILE *input, char *line, size_t len)
{
size_t i;
int i;
char c;
for (i = 0; i < len-1; i++) {
c = getc(input);
for (i = 0; i < (int)len-1; i++) {
c = (char)getc(input);
if (c == EOF) {
return -1;
} else if (c != '\n') {
@ -35,20 +35,22 @@ read_line(FILE *input, char *line, size_t len)
/* key_list must be initialized with ldns_rr_list_new() */
ldns_status
read_key_file(const char *filename, ldns_rr_list *key_list)
read_key_file(const char *filename, ldns_rr_list *key_list, bool silently)
{
int line_len = 0;
int line_nr = 0;
int key_count = 0;
char line[LDNS_MAX_PACKETLEN];
char line[LDNS_MAX_LINELEN];
ldns_status status;
FILE *input_file;
ldns_rr *rr;
input_file = fopen(filename, "r");
if (!input_file) {
fprintf(stderr, "Error opening %s: %s\n",
filename, strerror(errno));
if (! silently) {
fprintf(stderr, "Error opening %s: %s\n",
filename, strerror(errno));
}
return LDNS_STATUS_ERR;
}
while (line_len >= 0) {
@ -57,10 +59,13 @@ read_key_file(const char *filename, ldns_rr_list *key_list)
if (line_len > 0 && line[0] != ';') {
status = ldns_rr_new_frm_str(&rr, line, 0, NULL, NULL);
if (status != LDNS_STATUS_OK) {
fprintf(stderr,
"Error parsing DNSKEY RR in line %d: %s\n",
line_nr,
ldns_get_errorstr_by_id(status));
if (! silently) {
fprintf(stderr,
"Error parsing DNSKEY RR "
"in line %d: %s\n", line_nr,
ldns_get_errorstr_by_id(status)
);
}
} else if (ldns_rr_get_type(rr) == LDNS_RR_TYPE_DNSKEY ||
ldns_rr_get_type(rr) == LDNS_RR_TYPE_DS) {
ldns_rr_list_push_rr(key_list, rr);
@ -70,7 +75,7 @@ read_key_file(const char *filename, ldns_rr_list *key_list)
}
}
}
printf(";; Number of trusted keys: %d\n", key_count);
fclose(input_file);
if (key_count > 0) {
return LDNS_STATUS_OK;
} else {
@ -132,6 +137,7 @@ print_ds_of_keys(ldns_pkt *p)
ds = ldns_key_rr2ds(ldns_rr_list_rr(keys, i), LDNS_SHA256);
local_print_ds(stdout, "; sha256: ", ds);
}
ldns_rr_list_deep_free(keys);
}
}

7
drill/drill_util.h
View File

@ -12,6 +12,13 @@
#define _DRILL_UTIL_H_
#include <ldns/ldns.h>
/**
* Read keys from filename and append to key_list.
*/
ldns_status read_key_file(const char *filename, ldns_rr_list *key_list,
bool silently);
/**
* return a address rdf, either A or AAAA
* NULL if anything goes wrong

4
drill/securetrace.c
View File

@ -231,7 +231,8 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t,
if (status != LDNS_STATUS_OK) {
printf("ERRRRR: %s\n", ldns_get_errorstr_by_id(status));
ldns_rr_list_print(stdout, global_dns_root);
return status;
result = status;
goto done;
}
labels_count = ldns_dname_label_count(name);
if (start_name) {
@ -392,7 +393,6 @@ do_secure_trace(ldns_resolver *local_res, ldns_rdf *name, ldns_rr_type t,
printf(";; There is an empty non-terminal here, continue\n");
continue;
}
goto done;
}
if (ldns_resolver_nameserver_count(res) == 0) {

26
drill/work.c
View File

@ -122,11 +122,6 @@ packetbuffromfile(char *filename, uint8_t *wire)
hexbuf[hexbufpos] = (uint8_t) c;
hexbufpos++;
break;
default:
warning("unknown state while reading %s", filename);
xfree(hexbuf);
return 0;
break;
}
c = fgetc(fp);
}
@ -178,20 +173,7 @@ read_hex_buffer(char *filename)
size_t wiresize;
ldns_buffer *result_buffer = NULL;
FILE *fp = NULL;
if (strncmp(filename, "-", 2) != 0) {
fp = fopen(filename, "r");
} else {
fp = stdin;
}
if (fp == NULL) {
perror("");
warning("Unable to open %s", filename);
return NULL;
}
wire = xmalloc(LDNS_MAX_PACKETLEN);
wiresize = packetbuffromfile(filename, wire);
@ -199,8 +181,8 @@ read_hex_buffer(char *filename)
result_buffer = LDNS_MALLOC(ldns_buffer);
ldns_buffer_new_frm_data(result_buffer, wire, wiresize);
ldns_buffer_set_position(result_buffer, ldns_buffer_capacity(result_buffer));
xfree(wire);
return result_buffer;
}
@ -236,7 +218,7 @@ read_hex_pkt(char *filename)
void
dump_hex(const ldns_pkt *pkt, const char *filename)
{
uint8_t *wire;
uint8_t *wire = NULL;
size_t size, i;
FILE *fp;
ldns_status status;
@ -252,6 +234,7 @@ dump_hex(const ldns_pkt *pkt, const char *filename)
if (status != LDNS_STATUS_OK) {
error("Unable to convert packet: error code %u", status);
LDNS_FREE(wire);
return;
}
@ -273,4 +256,5 @@ dump_hex(const ldns_pkt *pkt, const char *filename)
}
fprintf(fp, "\n");
fclose(fp);
LDNS_FREE(wire);
}

29
error.c
View File

@ -95,6 +95,35 @@ ldns_lookup_table ldns_error_str[] = {
"DNSSEC signature will expire too soon" },
{ LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED_WITHIN_MARGIN,
"DNSSEC signature not incepted long enough" },
{ LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE,
"Unknown TLSA Certificate Usage" },
{ LDNS_STATUS_DANE_UNKNOWN_SELECTOR, "Unknown TLSA Selector" },
{ LDNS_STATUS_DANE_UNKNOWN_MATCHING_TYPE,
"Unknown TLSA Matching Type" },
{ LDNS_STATUS_DANE_UNKNOWN_PROTOCOL,
"Unknown protocol. Only IPv4 and IPv6 are understood" },
{ LDNS_STATUS_DANE_UNKNOWN_TRANSPORT,
"Unknown transport. Should be one of {tcp, udp, sctp}" },
{ LDNS_STATUS_DANE_MISSING_EXTRA_CERTS, /* Trust anchor assertion */
"More than one certificate should be provided" },
{ LDNS_STATUS_DANE_EXTRA_CERTS_NOT_USED, /* Trust anchor assertion */
"Non of the extra certificates is used to sign the first" },
{ LDNS_STATUS_DANE_OFFSET_OUT_OF_RANGE, /* Trust anchor assertion */
"The offset was out of range" },
{ LDNS_STATUS_DANE_INSECURE, /* Unused by library */
"The queried resource records were insecure" },
{ LDNS_STATUS_DANE_BOGUS, /* Unused by library */
"The queried resource records were bogus" },
{ LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH,
"The TLSA record(s) "
"did not match with the server certificate (chain)" },
{ LDNS_STATUS_DANE_NON_CA_CERTIFICATE,
"The certificate was not a CA certificate" },
{ LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE,
"Could not PKIX validate" },
{ LDNS_STATUS_DANE_PKIX_NO_SELF_SIGNED_TRUST_ANCHOR,
"The validation path "
"did not end in a self-signed certificate" },
{ 0, NULL }
};

39
examples/Makefile.in
View File

@ -9,6 +9,7 @@ exec_prefix = @exec_prefix@
bindir = @bindir@
mandir = @mandir@
libtool = @libtool@
datarootdir = @datarootdir@
CC = @CC@
CFLAGS = -I. -I${srcdir} @CFLAGS@
@ -18,6 +19,7 @@ LIBNSL_LIBS = @LIBNSL_LIBS@
LIBSSL_CPPFLAGS = @LIBSSL_CPPFLAGS@
LIBSSL_LDFLAGS = @LIBSSL_LDFLAGS@
LIBSSL_LIBS = @LIBSSL_LIBS@
LIBSSL_SSL_LIBS = @LIBSSL_SSL_LIBS@
LIBS = @LIBS@
RUNTIME_PATH = @RUNTIME_PATH@
LDNSDIR = @LDNSDIR@
@ -70,7 +72,8 @@ MAIN_SOURCES = ldns-read-zone.c \
MAIN_SSL_SOURCES = ldns-signzone.c \
ldns-verify-zone.c \
ldns-revoke.c \
ldns-nsec3-hash.c
ldns-nsec3-hash.c \
ldns-dane.c
OTHER_SOURCES = ldns-testpkts.c
@ -104,6 +107,18 @@ ldnsd.stc: ldnsd.o
$(LINK_STATIC) $(LIBNSL_LDFLAGS) -o $@ $^ ; \
fi
ldns-dane.prg-ssl: ldns-dane.o
@if test ! -f $(@:.prg-ssl=) -o $< -nt $(@:.prg-ssl=); then \
echo $(LINK) $(LIBNSL_LIBS) $(LIBSSL_LDFLAGS) $(LIBSSL_SSL_LIBS) -o $(@:.prg-ssl=) $^ ; \
$(LINK) $(LIBNSL_LIBS) $(LIBSSL_LDFLAGS) $(LIBSSL_SSL_LIBS) -o $(@:.prg-ssl=) $^ ; \
fi
ldns-dane.stc-ssl: ldns-dane.o
@if test ! -f $@ -o $< -nt $@; then \
echo $(LINK_STATIC) $(LIBNSL_LIBS) $(LIBSSL_LDFLAGS) $(LIBSSL_SSL_LIBS) -o $@ $^ ; \
$(LINK_STATIC) $(LIBNSL_LIBS) $(LIBSSL_LDFLAGS) $(LIBSSL_SSL_LIBS) -o $@ $^ ; \
fi
%.prg-ssl: %.o
@if test ! -f $(@:.prg-ssl=) -o $< -nt $(@:.prg-ssl=); then \
echo $(LINK) $(LIBNSL_LIBS) $(LIBSSL_LDFLAGS) $(LIBSSL_LIBS) -o $(@:.prg-ssl=) $^ ; \
@ -142,11 +157,12 @@ clean:
realclean: clean
rm -rf autom4te.cache/
rm -f config.log config.status aclocal.m4 config.h.in configure Makefile
rm -f config.h
rm -f config.log config.status aclocal.m4 config.h.in configure
rm -f config.h ldns-dane.1 ldns-verify-zone.1 Makefile
confclean: clean
rm -rf config.log config.status config.h Makefile
rm -rf config.log config.status
rm -f config.h ldns-dane.1 ldns-verify-zone.1 Makefile
install: $(PROGRAMS) $(SSL_PROGRAMS)
$(INSTALL) -d -m 755 $(DESTDIR)$(bindir)
@ -154,7 +170,10 @@ install: $(PROGRAMS) $(SSL_PROGRAMS)
$(INSTALL) -d -m 755 $(DESTDIR)$(mandir)/man1
for i in $(PROGRAMS) $(SSL_PROGRAMS); do \
$(libtool) --tag=CC --mode=install ${INSTALL} -c $$i $(DESTDIR)$(bindir) ; \
$(INSTALL) -c -m 644 $(srcdir)/$$i.1 $(DESTDIR)$(mandir)/man1/$$i.1 ; \
if test -f $$i.1 ; \
then $(INSTALL) -c -m 644 $$i.1 $(DESTDIR)$(mandir)/man1/$$i.1 ; \
else $(INSTALL) -c -m 644 $(srcdir)/$$i.1 $(DESTDIR)$(mandir)/man1/$$i.1 ; \
fi ; \
done
exit 0
@ -164,11 +183,17 @@ install-static: all-static
$(INSTALL) -d -m 755 $(DESTDIR)$(mandir)/man1
for i in $(PROGRAMS); do \
$(libtool) --tag=CC --mode=install ${INSTALL} -c $$i.stc $(DESTDIR)$(bindir) ; \
$(INSTALL) -c -m 644 $(srcdir)/$$i.1 $(DESTDIR)$(mandir)/man1/$$i.1 ; \
if test -f $$i.1 ; \
then $(INSTALL) -c -m 644 $$i.1 $(DESTDIR)$(mandir)/man1/$$i.1 ; \
else $(INSTALL) -c -m 644 $(srcdir)/$$i.1 $(DESTDIR)$(mandir)/man1/$$i.1 ; \
fi ; \
done
for i in $(SSL_PROGRAMS); do \
$(libtool) --tag=CC --mode=install ${INSTALL} -c $$i.stc-ssl $(DESTDIR)$(bindir) ; \
$(INSTALL) -c -m 644 $(srcdir)/$$i.1 $(DESTDIR)$(mandir)/man1/$$i.1 ; \
if test -f $$i.1 ; \
then $(INSTALL) -c -m 644 $$i.1 $(DESTDIR)$(mandir)/man1/$$i.1 ; \
else $(INSTALL) -c -m 644 $(srcdir)/$$i.1 $(DESTDIR)$(mandir)/man1/$$i.1 ; \
fi ; \
done
exit 0

15
examples/config.h.in
View File

@ -9,6 +9,12 @@
/* Define to 1 if you have the <ctype.h> header file. */
#undef HAVE_CTYPE_H
/* Is a CAFILE given at configure time */
#undef HAVE_DANE_CA_FILE
/* Is a CAPATH given at configure time */
#undef HAVE_DANE_CA_PATH
/* Define to 1 if you have the declaration of `in6addr_any', and to 0 if you
don't. */
#undef HAVE_DECL_IN6ADDR_ANY
@ -151,6 +157,15 @@
/* Define to 1 if you have the <ws2tcpip.h> header file. */
#undef HAVE_WS2TCPIP_H
/* Is a CAFILE given at configure time */
#undef LDNS_DANE_CA_FILE
/* Is a CAPATH given at configure time */
#undef LDNS_DANE_CA_PATH
/* Default trust anchor file */
#undef LDNS_TRUST_ANCHOR_FILE
/* Define to the address where bug reports for this package should be sent. */
#undef PACKAGE_BUGREPORT

123
examples/configure vendored
View File

@ -1,6 +1,6 @@
#! /bin/sh
# Guess values for system-dependent variables and create Makefiles.
# Generated by GNU Autoconf 2.68 for ldns 1.6.13.
# Generated by GNU Autoconf 2.68 for ldns 1.6.16.
#
# Report bugs to <libdns@nlnetlabs.nl>.
#
@ -560,8 +560,8 @@ MAKEFLAGS=
# Identity of this package.
PACKAGE_NAME='ldns'
PACKAGE_TARNAME='libdns'
PACKAGE_VERSION='1.6.13'
PACKAGE_STRING='ldns 1.6.13'
PACKAGE_VERSION='1.6.16'
PACKAGE_STRING='ldns 1.6.16'
PACKAGE_BUGREPORT='libdns@nlnetlabs.nl'
PACKAGE_URL=''
@ -604,7 +604,11 @@ ac_includes_default="\
ac_subst_vars='LTLIBOBJS
LIBOBJS
DEFAULT_CAPATH
DEFAULT_CAFILE
LDNS_TRUST_ANCHOR_FILE
LDNSDIR
LIBSSL_SSL_LIBS
LIBSSL_LIBS
LIBSSL_LDFLAGS
LIBSSL_CPPFLAGS
@ -670,6 +674,9 @@ enable_sha2
enable_gost
enable_ecdsa
with_ldns
with_trust_anchor
with_ca_file
with_ca_path
'
ac_precious_vars='build_alias
host_alias
@ -1222,7 +1229,7 @@ if test "$ac_init_help" = "long"; then
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
\`configure' configures ldns 1.6.13 to adapt to many kinds of systems.
\`configure' configures ldns 1.6.16 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@ -1283,7 +1290,7 @@ fi
if test -n "$ac_init_help"; then
case $ac_init_help in
short | recursive ) echo "Configuration of ldns 1.6.13:";;
short | recursive ) echo "Configuration of ldns 1.6.16:";;
esac
cat <<\_ACEOF
@ -1305,6 +1312,12 @@ Optional Packages:
--with-ldns=PATH specify prefix of path of ldns library to use
--with-trust-anchor=KEYFILE
Default location of the trust anchor file for drill
and ldns-dane. [default=SYSCONFDIR/unbound/root.key]
--with-ca-file=CAFILE File containing CA certificates for ldns-dane
--with-ca-path=CAPATH Directory containing CA certificate files for
ldns-dane
Some influential environment variables:
CC C compiler command
@ -1382,7 +1395,7 @@ fi
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
ldns configure 1.6.13
ldns configure 1.6.16
generated by GNU Autoconf 2.68
Copyright (C) 2010 Free Software Foundation, Inc.
@ -1851,7 +1864,7 @@ cat >config.log <<_ACEOF
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
It was created by ldns $as_me 1.6.13, which was
It was created by ldns $as_me 1.6.16, which was
generated by GNU Autoconf 2.68. Invocation command line was
$ $0 $@
@ -5258,7 +5271,10 @@ done
if test "x$HAVE_SSL" = "xyes"; then
LIBSSL_SSL_LIBS="$LIBSSL_LIBS -lssl"
fi
CPPFLAGS="$tmp_CPPFLAGS"
LDFLAGS="$tmp_LDFLAGS"
LIBS="$tmp_LIBS"
@ -5858,7 +5874,6 @@ else
as_fn_error $? "Can't find ldns library" "$LINENO" 5
fi
fi
@ -5866,9 +5881,93 @@ fi
# Check whether --with-trust-anchor was given.
if test "${with_trust_anchor+set}" = set; then :
withval=$with_trust_anchor;
LDNS_TRUST_ANCHOR_FILE="$withval"
else
if test "x$LDNS_TRUST_ANCHOR_FILE" = "x"; then
if test "x$sysconfdir" = 'x${prefix}/etc' ; then
if test "x$prefix" = 'xNONE' ; then
LDNS_TRUST_ANCHOR_FILE="/etc/unbound/root.key"
else
LDNS_TRUST_ANCHOR_FILE="${prefix}/etc/unbound/root.key"
fi
else
LDNS_TRUST_ANCHOR_FILE="${sysconfdir}/unbound/root.key"
fi
fi
fi
ac_config_files="$ac_config_files Makefile"
cat >>confdefs.h <<_ACEOF
#define LDNS_TRUST_ANCHOR_FILE "$LDNS_TRUST_ANCHOR_FILE"
_ACEOF
{ $as_echo "$as_me:${as_lineno-$LINENO}: Default trust anchor: $LDNS_TRUST_ANCHOR_FILE" >&5
$as_echo "$as_me: Default trust anchor: $LDNS_TRUST_ANCHOR_FILE" >&6;}
# Check whether --with-ca-file was given.
if test "${with_ca_file+set}" = set; then :
withval=$with_ca_file;
$as_echo "#define HAVE_DANE_CA_FILE 1" >>confdefs.h
cat >>confdefs.h <<_ACEOF
#define LDNS_DANE_CA_FILE "$withval"
_ACEOF
{ $as_echo "$as_me:${as_lineno-$LINENO}: Using CAfile: $withval" >&5
$as_echo "$as_me: Using CAfile: $withval" >&6;}
DEFAULT_CAFILE="Default is $withval"
else
$as_echo "#define HAVE_DANE_CA_FILE 0" >>confdefs.h
fi
# Check whether --with-ca-path was given.
if test "${with_ca_path+set}" = set; then :
withval=$with_ca_path;
$as_echo "#define HAVE_DANE_CA_PATH 1" >>confdefs.h
cat >>confdefs.h <<_ACEOF
#define LDNS_DANE_CA_PATH "$withval"
_ACEOF
{ $as_echo "$as_me:${as_lineno-$LINENO}: Using CApath: $withval" >&5
$as_echo "$as_me: Using CApath: $withval" >&6;}
DEFAULT_CAPATH="Default is $withval"
else
$as_echo "#define HAVE_DANE_CA_PATH 0" >>confdefs.h
fi
ac_config_files="$ac_config_files Makefile ldns-dane.1 ldns-verify-zone.1"
ac_config_headers="$ac_config_headers config.h"
@ -6390,7 +6489,7 @@ cat >>$CONFIG_STATUS <<\_ACEOF || ac_write_fail=1
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
This file was extended by ldns $as_me 1.6.13, which was
This file was extended by ldns $as_me 1.6.16, which was
generated by GNU Autoconf 2.68. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@ -6452,7 +6551,7 @@ _ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
ldns config.status 1.6.13
ldns config.status 1.6.16
configured by $0, generated by GNU Autoconf 2.68,
with options \\"\$ac_cs_config\\"
@ -6574,6 +6673,8 @@ for ac_config_target in $ac_config_targets
do
case $ac_config_target in
"Makefile") CONFIG_FILES="$CONFIG_FILES Makefile" ;;
"ldns-dane.1") CONFIG_FILES="$CONFIG_FILES ldns-dane.1" ;;
"ldns-verify-zone.1") CONFIG_FILES="$CONFIG_FILES ldns-verify-zone.1" ;;
"config.h") CONFIG_HEADERS="$CONFIG_HEADERS config.h" ;;
*) as_fn_error $? "invalid argument: \`$ac_config_target'" "$LINENO" 5;;

48
examples/configure.ac
View File

@ -2,7 +2,7 @@
# Process this file with autoconf to produce a configure script.
AC_PREREQ(2.56)
AC_INIT(ldns, 1.6.13, libdns@nlnetlabs.nl,libdns)
AC_INIT(ldns, 1.6.16, libdns@nlnetlabs.nl,libdns)
AC_CONFIG_SRCDIR([ldns-read-zone.c])
sinclude(../acx_nlnetlabs.m4)
@ -136,7 +136,9 @@ ACX_WITH_SSL_OPTIONAL
AC_SUBST(LIBSSL_CPPFLAGS)
AC_SUBST(LIBSSL_LDFLAGS)
AC_SUBST(LIBSSL_LIBS)
if test "x$HAVE_SSL" = "xyes"; then
AC_SUBST(LIBSSL_SSL_LIBS, ["$LIBSSL_LIBS -lssl"])
fi
CPPFLAGS="$tmp_CPPFLAGS"
LDFLAGS="$tmp_LDFLAGS"
LIBS="$tmp_LIBS"
@ -313,13 +315,51 @@ if test -f $ldns_dev_dir/ldns/util.h && \
else
AC_MSG_RESULT([no])
AC_CHECK_LIB(ldns, ldns_rr_new,, [
AC_MSG_ERROR([Can't find ldns library])
AC_MSG_ERROR([Can't find ldns library])dnl'
]
)
fi
AC_SUBST(LDNSDIR)
AC_ARG_WITH(trust-anchor, AC_HELP_STRING([--with-trust-anchor=KEYFILE], [Default location of the trust anchor file for drill and ldns-dane. [default=SYSCONFDIR/unbound/root.key]]), [
LDNS_TRUST_ANCHOR_FILE="$withval"
],[
if test "x$LDNS_TRUST_ANCHOR_FILE" = "x"; then
if test "x$sysconfdir" = 'x${prefix}/etc' ; then
if test "x$prefix" = 'xNONE' ; then
LDNS_TRUST_ANCHOR_FILE="/etc/unbound/root.key"
else
LDNS_TRUST_ANCHOR_FILE="${prefix}/etc/unbound/root.key"
fi
else
LDNS_TRUST_ANCHOR_FILE="${sysconfdir}/unbound/root.key"
fi
fi
])
AC_DEFINE_UNQUOTED([LDNS_TRUST_ANCHOR_FILE], ["$LDNS_TRUST_ANCHOR_FILE"], [Default trust anchor file])
AC_SUBST(LDNS_TRUST_ANCHOR_FILE)
AC_MSG_NOTICE([Default trust anchor: $LDNS_TRUST_ANCHOR_FILE])
AC_ARG_WITH(ca-file, AC_HELP_STRING([--with-ca-file=CAFILE], [File containing CA certificates for ldns-dane]), [
AC_DEFINE([HAVE_DANE_CA_FILE], [1], [Is a CAFILE given at configure time])
AC_DEFINE_UNQUOTED([LDNS_DANE_CA_FILE], ["$withval"], [Is a CAFILE given at configure time])
AC_MSG_NOTICE([Using CAfile: $withval])
AC_SUBST(DEFAULT_CAFILE, ["Default is $withval"])
],[
AC_DEFINE([HAVE_DANE_CA_FILE], [0], [Is a CAFILE given at configure time])
AC_SUBST(DEFAULT_CAFILE, [])
])
AC_ARG_WITH(ca-path, AC_HELP_STRING([--with-ca-path=CAPATH], [Directory containing CA certificate files for ldns-dane]), [
AC_DEFINE([HAVE_DANE_CA_PATH], [1], [Is a CAPATH given at configure time])
AC_DEFINE_UNQUOTED([LDNS_DANE_CA_PATH], ["$withval"], [Is a CAPATH given at configure time])
AC_MSG_NOTICE([Using CApath: $withval])
AC_SUBST(DEFAULT_CAPATH, ["Default is $withval"])
],[
AC_DEFINE([HAVE_DANE_CA_PATH], [0], [Is a CAPATH given at configure time])
AC_SUBST(DEFAULT_CAPATH, [])
])
AH_BOTTOM([
@ -416,6 +456,6 @@ extern int optind, opterr;
#endif
])
AC_CONFIG_FILES([Makefile])
AC_CONFIG_FILES([Makefile ldns-dane.1 ldns-verify-zone.1])
AC_CONFIG_HEADER([config.h])
AC_OUTPUT

179
examples/ldns-dane.1.in Normal file
View File

@ -0,0 +1,179 @@
.TH ldns-dane 1 "17 September 2012"
.SH NAME
ldns-dane \- verify or create TLS authentication with DANE (RFC6698)
.SH SYNOPSIS
.PD 0
.B ldns-dane
.IR [OPTIONS]
.IR verify
.IR name
.IR port
.PP
.B ldns-dane
.IR [OPTIONS]
.IR -t
.IR tlsafile
.IR verify
.B ldns-dane
.IR [OPTIONS]
.IR name
.IR port
.IR create
.PP
[
.IR Certificate-usage
[
.IR Selector
[
.IR Matching-type
] ] ]
.B ldns-dane
.IR -h
.PP
.B ldns-dane
.IR -v
.PD 1
.SH DESCRIPTION
In the first form:
A TLS connection to \fIname\fR:\fIport\fR is established.
The TLSA resource record(s) for \fIname\fR are used to authenticate
the connection.
In the second form:
The TLSA record(s) are read from \fItlsafile\fR and used to authenticate
the TLS service they reference.
In the third form:
A TLS connection to \fIname\fR:\fIport\fR is established and used to
create the TLSA resource record(s) that would authenticate the connection.
The parameters for TLSA rr creation are:
.PD 0
.I Certificate-usage\fR:
.RS
.IP 0
CA constraint
.IP 1
Service certificate constraint
.IP 2
Trust anchor assertion
.IP 3
Domain-issued certificate (default)
.RE
.I Selector\fR:
.RS
.IP 0
Full certificate (default)
.IP 1
SubjectPublicKeyInfo
.RE
.I Matching-type\fR:
.RS
.IP 0
No hash used
.IP 1
SHA-256 (default)
.IP 2
SHA-512
.RE
.PD 1
In stead of numbers the first few letters of the value may be used.
Except for the hash algorithm name, where the full name must be specified.
.SH OPTIONS
.IP -4
TLS connect IPv4 only
.IP -6
TLS connect IPv6 only
.IP "-a \fIaddress\fR"
Don't try to resolve \fIname\fR, but connect to \fIaddress\fR instead.
This option may be given more than once.
.IP -b
print "\fIname\fR\. TYPE52 \\# \fIsize\fR \fIhexdata\fR" form instead
of TLSA presentation format.
.IP "-c \fIcertfile\fR"
Do not TLS connect to \fIname\fR:\fIport\fR, but authenticate (or make
TLSA records) for the certificate (chain) in \fIcertfile\fR instead.
.IP -d
Assume DNSSEC validity even when the TLSA records were acquired insecure
or were bogus.
.IP "-f \fICAfile\fR"
Use CAfile to validate. @DEFAULT_CAFILE@
.IP -h
Print short usage help
.IP -i
Interact after connecting.
.IP "-k \fIkeyfile\fR"
Specify a file that contains a trusted DNSKEY or DS rr.
Key(s) are used when chasing signatures (i.e. \fI-S\fR is given).
This option may be given more than once.
Alternatively, if \fB-k\fR is not specified, and a default trust anchor
(@LDNS_TRUST_ANCHOR_FILE@) exists and contains a valid DNSKEY or DS record,
it will be used as the trust anchor.
.IP -n
Do \fBnot\fR verify server name in certificate.
.IP "-o \fIoffset\fR"
When creating a "Trust anchor assertion" TLSA resource record,
select the \fIoffset\fRth certificate offset from the end
of the validation chain. 0 means the last certificate, 1 the one but last,
2 the second but last, etc.
When \fIoffset\fR is -1 (the default), the last certificate
is used (like with 0) that MUST be self-signed. This can help to make
sure that the intended (self signed) trust anchor is actually present
in the server certificate chain (which is a DANE requirement).
.IP "-p \fICApath\fR"
Use certificates in the \fICApath\fR directory to validate. @DEFAULT_CAPATH@
.IP -s
When creating TLSA resource records with the "CA Constraint" and the
"Service Certificate Constraint" certificate usage, do not validate and
assume PKIX is valid.
For "CA Constraint" this means that verification should end with a
self-signed certificate.
.IP -S
Chase signature(s) to a known key.
Without this option, the local network is trusted to provide
a DNSSEC resolver (i.e. AD bit is checked).
.IP "-t \fItlsafile\fR"
Read TLSA record(s) from \fItlsafile\fR. When \fIname\fR and \fIport\fR
are also given, only TLSA records that match the \fIname\fR, \fIport\fR and
\fItransport\fR are used. Otherwise the owner name of the TLSA record(s)
will be used to determine \fIname\fR, \fIport\fR and \fItransport\fR.
.IP -u
Use UDP transport instead of TCP.
.IP -v
Show version and exit.
.SH "FILES"
.TP
@LDNS_TRUST_ANCHOR_FILE@
The file from which trusted keys are loaded for signature chasing,
when no \fB-k\fR option is given.
.SH "SEE ALSO"
.LP
unbound-anchor(8)
.SH AUTHOR
Written by the ldns team as an example for ldns usage.
.SH REPORTING BUGS
Report bugs to \fIldns-team@nlnetlabs.nl\fR.
.SH COPYRIGHT
Copyright (C) 2012 NLnet Labs. This is free software. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE.

1722
examples/ldns-dane.c Normal file
View File

File diff suppressed because it is too large Load Diff

2
examples/ldns-gen-zone.c
View File

@ -133,7 +133,7 @@ main(int argc, char **argv) {
break;
case 'p':
dsperc = atoi(optarg);
if (dsperc <= 0 || dsperc > 100) {
if (dsperc < 0 || dsperc > 100) {
fprintf(stderr, "error: percentage of signed delegations must be between [0-100].\n");
exit(EXIT_FAILURE);
}

25
examples/ldns-keyfetcher.c
View File

@ -649,13 +649,26 @@ main(int argc, char *argv[])
fprintf(stderr, "Warning: Unable to create stub resolver from /etc/resolv.conf:\n");
fprintf(stderr, "%s\n", ldns_get_errorstr_by_id(status));
fprintf(stderr, "defaulting to nameserver at 127.0.0.1 for separate nameserver name lookups\n");
res = ldns_resolver_new();
ns = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_A, "127.0.0.1");
status = ldns_resolver_push_nameserver(res, ns);
if (status != LDNS_STATUS_OK) {
fprintf(stderr, "Unable to create stub resolver: %s\n", ldns_get_errorstr_by_id(status));
do {
res = ldns_resolver_new();
if (res) {
ns = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_A,
"127.0.0.1");
if (ns) {
status = ldns_resolver_push_nameserver(
res, ns);
if (status == LDNS_STATUS_OK) {
break;
}
ldns_rdf_deep_free(ns);
}
ldns_resolver_free(res);
}
fprintf(stderr, "Unable to create stub resolver: %s\n",
ldns_get_errorstr_by_id(status));
exit(EXIT_FAILURE);
}
} while (false);
ldns_rdf_deep_free(ns);
}

8
examples/ldns-keygen.1
View File

@ -14,7 +14,13 @@ will create 3 files; a .key file with the public DNSKEY, a .private
file with the private keydata and a .ds with the DS record of the
DNSKEY record.
It prints out the basename for these files: K<name>+<alg>+<id>
\fBldns-keygen\fR can also be used to create symmetric keys (for TSIG) by
selecting the appropriate algorithm: \%\fIhmac-md5.sig-alg.reg.int\fR,
\%\fIhmac-sha1\fR or \%\fIhmac-sha256\fR.
In that case no DS record will be created and no .ds file.
\fBldns-keygen\fR prints the basename for the key files:
K<name>+<alg>+<id>
.SH OPTIONS
.TP

7
examples/ldns-notify.c
View File

@ -204,6 +204,11 @@ main(int argc, char **argv)
tsig_cred.algorithm = (char*)"hmac-md5.sig-alg.reg.int.";
tsig_cred.keyname = optarg;
tsig_cred.keydata = strchr(optarg, ':');
if (tsig_cred.keydata == NULL) {
printf("TSIG argument is not in form "
"key:data: %s\n", optarg);
exit(1);
}
*tsig_cred.keydata = '\0';
tsig_cred.keydata++;
printf("Sign with %s : %s\n", tsig_cred.keyname,
@ -250,7 +255,7 @@ main(int argc, char **argv)
ldns_pkt_set_opcode(notify, LDNS_PACKET_NOTIFY);
ldns_pkt_push_rr(notify, LDNS_SECTION_QUESTION, question);
ldns_pkt_set_aa(notify, true);
ldns_pkt_set_id(notify, random()&0xffff);
ldns_pkt_set_random_id(notify);
if(include_soa) {
char buf[10240];
ldns_rr *soa_rr=NULL;

11
examples/ldns-read-zone.1
View File

@ -21,6 +21,12 @@ Only print DNSSEC data from the zone. This option skips every record
that is not of type NSEC, NSEC3, RRSIG or DNSKEY. DS records are not
printed.
.TP
\fB-0\fR
Print a (null) for the RRSIG inception, expiry and key data. This option
can be used when comparing different signing systems that use the same
DNSKEYs for signing but would have a slightly different timings/jitter.
.TP
\fB-h\fR
Show usage and exit
@ -29,6 +35,11 @@ Show usage and exit
\fB-n\fR
Do not print the SOA record
.TP
\fB-p\fR
Pad the SOA serial number with spaces so the number and the spaces together
take ten characters. This is useful for in file serial number increments.
.TP
\fB-s\fR
Strip DNSSEC data from the zone. This option skips every record

82
examples/ldns-read-zone.c
View File

@ -33,14 +33,23 @@ main(int argc, char **argv)
ldns_rr_list *stripped_list;
ldns_rr *cur_rr;
ldns_rr_type cur_rr_type;
const ldns_output_format *fmt = NULL;
ldns_output_format fmt = {
ldns_output_format_default->flags,
ldns_output_format_default->data
};
ldns_soa_serial_increment_func_t soa_serial_increment_func = NULL;
int soa_serial_increment_func_data = 0;
while ((c = getopt(argc, argv, "bcdhnsvzS:")) != -1) {
while ((c = getopt(argc, argv, "0bcdhnpsvzS:")) != -1) {
switch(c) {
case 'b':
fmt = ldns_output_format_bubblebabble;
fmt.flags |=
( LDNS_COMMENT_BUBBLEBABBLE |
LDNS_COMMENT_FLAGS );
break;
case '0':
fmt.flags |= LDNS_FMT_ZEROIZE_RRSIGS;
break;
case 'c':
canonicalize = true;
break;
@ -51,14 +60,17 @@ main(int argc, char **argv)
}
break;
case 'h':
printf("Usage: %s [-c] [-v] [-z] <zonefile>\n", argv[0]);
printf("Usage: %s [OPTIONS] <zonefile>\n", argv[0]);
printf("\tReads the zonefile and prints it.\n");
printf("\tThe RR count of the zone is printed to stderr.\n");
printf("\t-b include bubblebabble of DS's.\n");
printf("\t-0 zeroize timestamps and signature in RRSIG records.\n");
printf("\t-c canonicalize all rrs in the zone.\n");
printf("\t-d only show DNSSEC data from the zone\n");
printf("\t-h show this text\n");
printf("\t-n do not print the SOA record\n");
printf("\t-p prepend SOA serial with spaces so"
" it takes exactly ten characters.\n");
printf("\t-s strip DNSSEC data from the zone\n");
printf("\t-S [[+|-]<number> | YYYYMMDDxx | "
" unixtime ]\n"
@ -80,6 +92,9 @@ main(int argc, char **argv)
case 'n':
print_soa = false;
break;
case 'p':
fmt.flags |= LDNS_FMT_PAD_SOA_SERIAL;
break;
case 's':
strip = true;
if (only_dnssec) {
@ -141,6 +156,15 @@ main(int argc, char **argv)
s = ldns_zone_new_frm_fp_l(&z, fp, NULL, 0, LDNS_RR_CLASS_IN, &line_nr);
fclose(fp);
if (s != LDNS_STATUS_OK) {
fprintf(stderr, "%s at %d\n",
ldns_get_errorstr_by_id(s),
line_nr);
exit(EXIT_FAILURE);
}
if (strip) {
stripped_list = ldns_rr_list_new();
while ((cur_rr = ldns_rr_list_pop_rr(ldns_zone_rrs(z)))) {
@ -176,37 +200,29 @@ main(int argc, char **argv)
ldns_zone_set_rrs(z, stripped_list);
}
if (s == LDNS_STATUS_OK) {
if (canonicalize) {
ldns_rr2canonical(ldns_zone_soa(z));
for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(z)); i++) {
ldns_rr2canonical(ldns_rr_list_rr(ldns_zone_rrs(z), i));
}
if (canonicalize) {
ldns_rr2canonical(ldns_zone_soa(z));
for (i = 0; i < ldns_rr_list_rr_count(ldns_zone_rrs(z)); i++) {
ldns_rr2canonical(ldns_rr_list_rr(ldns_zone_rrs(z), i));
}
if (sort) {
ldns_zone_sort(z);
}
if (print_soa && ldns_zone_soa(z)) {
if (soa_serial_increment_func) {
ldns_rr_soa_increment_func_int(
ldns_zone_soa(z)
, soa_serial_increment_func
, soa_serial_increment_func_data
);
}
ldns_rr_print_fmt(stdout, fmt, ldns_zone_soa(z));
}
ldns_rr_list_print_fmt(stdout, fmt, ldns_zone_rrs(z));
ldns_zone_deep_free(z);
} else {
fprintf(stderr, "%s at %d\n",
ldns_get_errorstr_by_id(s),
line_nr);
exit(EXIT_FAILURE);
}
fclose(fp);
if (sort) {
ldns_zone_sort(z);
}
if (print_soa && ldns_zone_soa(z)) {
if (soa_serial_increment_func) {
ldns_rr_soa_increment_func_int(
ldns_zone_soa(z)
, soa_serial_increment_func
, soa_serial_increment_func_data
);
}
ldns_rr_print_fmt(stdout, &fmt, ldns_zone_soa(z));
}
ldns_rr_list_print_fmt(stdout, &fmt, ldns_zone_rrs(z));
ldns_zone_deep_free(z);
exit(EXIT_SUCCESS);
}

31
examples/ldns-signzone.c
View File

@ -411,14 +411,16 @@ main(int argc, char *argv[])
tm.tm_year -= 1900;
tm.tm_mon--;
check_tm(tm);
expiration = (uint32_t) mktime_from_utc(&tm);
expiration =
(uint32_t) ldns_mktime_from_utc(&tm);
} else if (strlen(optarg) == 14 &&
sscanf(optarg, "%4d%2d%2d%2d%2d%2d", &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec)
) {
tm.tm_year -= 1900;
tm.tm_mon--;
check_tm(tm);
expiration = (uint32_t) mktime_from_utc(&tm);
expiration =
(uint32_t) ldns_mktime_from_utc(&tm);
} else {
expiration = (uint32_t) atol(optarg);
}
@ -436,14 +438,16 @@ main(int argc, char *argv[])
tm.tm_year -= 1900;
tm.tm_mon--;
check_tm(tm);
inception = (uint32_t) mktime_from_utc(&tm);
inception =
(uint32_t) ldns_mktime_from_utc(&tm);
} else if (strlen(optarg) == 14 &&
sscanf(optarg, "%4d%2d%2d%2d%2d%2d", &tm.tm_year, &tm.tm_mon, &tm.tm_mday, &tm.tm_hour, &tm.tm_min, &tm.tm_sec)
) {
tm.tm_year -= 1900;
tm.tm_mon--;
check_tm(tm);
inception = (uint32_t) mktime_from_utc(&tm);
inception =
(uint32_t) ldns_mktime_from_utc(&tm);
} else {
inception = (uint32_t) atol(optarg);
}
@ -509,13 +513,6 @@ main(int argc, char *argv[])
printf("Engine key id: %s, algo %d\n", eng_key_id, eng_key_algo);
if (expiration != 0) {
ldns_key_set_expiration(key, expiration);
}
if (inception != 0) {
ldns_key_set_inception(key, inception);
}
s = ldns_key_new_frm_engine(&key, engine, eng_key_id, eng_key_algo);
if (s == LDNS_STATUS_OK) {
/* must be dnssec key */
@ -540,6 +537,14 @@ main(int argc, char *argv[])
fprintf(stderr, "Warning, key not suitable for signing, ignoring key with algorithm %u\n", ldns_key_algorithm(key));
break;
}
if (expiration != 0) {
ldns_key_set_expiration(key,
expiration);
}
if (inception != 0) {
ldns_key_set_inception(key,
inception);
}
} else {
printf("Error reading key '%s' from engine: %s\n", eng_key_id, ldns_get_errorstr_by_id(s));
#ifdef HAVE_SSL
@ -674,10 +679,6 @@ main(int argc, char *argv[])
}
}
if (!origin) {
origin = ldns_rr_owner(orig_soa);
}
/* read the ZSKs */
argi = 1;
while (argi < argc) {

24
examples/ldns-test-edns.c
View File

@ -15,6 +15,18 @@
/** print error details */
static int verb = 1;
struct sockaddr_in6* cast_sockaddr_storage2sockaddr_in6(
struct sockaddr_storage* s)
{
return (struct sockaddr_in6*)s;
}
struct sockaddr_in* cast_sockaddr_storage2sockaddr_in(
struct sockaddr_storage* s)
{
return (struct sockaddr_in*)s;
}
/** parse IP address */
static int
convert_addr(char* str, int p, struct sockaddr_storage* addr, socklen_t* len)
@ -22,8 +34,10 @@ convert_addr(char* str, int p, struct sockaddr_storage* addr, socklen_t* len)
#ifdef AF_INET6
if(strchr(str, ':')) {
*len = (socklen_t)sizeof(struct sockaddr_in6);
((struct sockaddr_in6*)addr)->sin6_family = AF_INET6;
((struct sockaddr_in6*)addr)->sin6_port = htons((uint16_t)p);
cast_sockaddr_storage2sockaddr_in6(addr)->sin6_family =
AF_INET6;
cast_sockaddr_storage2sockaddr_in6(addr)->sin6_port =
htons((uint16_t)p);
if(inet_pton(AF_INET6, str,
&((struct sockaddr_in6*)addr)->sin6_addr) == 1)
return 1;
@ -31,9 +45,11 @@ convert_addr(char* str, int p, struct sockaddr_storage* addr, socklen_t* len)
#endif
*len = (socklen_t)sizeof(struct sockaddr_in);
#ifndef S_SPLINT_S
((struct sockaddr_in*)addr)->sin_family = AF_INET;
cast_sockaddr_storage2sockaddr_in(addr)->sin_family =
AF_INET;
#endif
((struct sockaddr_in*)addr)->sin_port = htons((uint16_t)p);
cast_sockaddr_storage2sockaddr_in(addr)->sin_port =
htons((uint16_t)p);
if(inet_pton(AF_INET, str,
&((struct sockaddr_in*)addr)->sin_addr) == 1)
return 1;

2
examples/ldns-testns.c
View File

@ -492,7 +492,7 @@ main(int argc, char **argv)
datafile = argv[0];
log_msg("Reading datafile %s\n", datafile);
entries = read_datafile(datafile);
entries = read_datafile(datafile, 0);
#ifdef USE_WINSOCK
if(WSAStartup(MAKEWORD(2,2), &wsa_data) != 0)

43
examples/ldns-testpkts.c
View File

@ -323,7 +323,7 @@ data_buffer2wire(ldns_buffer *data_buffer)
uint8_t *hexbuf;
int hexbufpos = 0;
size_t wirelen;
uint8_t *data_wire = (uint8_t *) ldns_buffer_export(data_buffer);
uint8_t *data_wire = (uint8_t *) ldns_buffer_begin(data_buffer);
uint8_t *wire = LDNS_XMALLOC(uint8_t, LDNS_MAX_PACKETLEN);
hexbuf = LDNS_XMALLOC(uint8_t, LDNS_MAX_PACKETLEN);
@ -340,6 +340,12 @@ data_buffer2wire(ldns_buffer *data_buffer)
(c >= 'a' && c <= 'f') ||
(c >= 'A' && c <= 'F') )
{
if (hexbufpos >= LDNS_MAX_PACKETLEN) {
error("buffer overflow");
LDNS_FREE(hexbuf);
return 0;
}
hexbuf[hexbufpos] = (uint8_t) c;
hexbufpos++;
} else if (c == ';') {
@ -354,14 +360,14 @@ data_buffer2wire(ldns_buffer *data_buffer)
}
break;
case 2:
if (hexbufpos >= LDNS_MAX_PACKETLEN) {
error("buffer overflow");
LDNS_FREE(hexbuf);
return 0;
}
hexbuf[hexbufpos] = (uint8_t) c;
hexbufpos++;
break;
default:
error("unknown state while reading");
LDNS_FREE(hexbuf);
return 0;
break;
}
}
@ -371,6 +377,11 @@ data_buffer2wire(ldns_buffer *data_buffer)
/* lenient mode: length must be multiple of 2 */
if (hexbufpos % 2 != 0) {
if (hexbufpos >= LDNS_MAX_PACKETLEN) {
error("buffer overflow");
LDNS_FREE(hexbuf);
return 0;
}
hexbuf[hexbufpos] = (uint8_t) '0';
hexbufpos++;
}
@ -415,7 +426,7 @@ get_origin(const char* name, int lineno, ldns_rdf** origin, char* parse)
/* Reads one entry from file. Returns entry or NULL on error. */
struct entry*
read_entry(FILE* in, const char* name, int *lineno, uint32_t* default_ttl,
ldns_rdf** origin, ldns_rdf** prev_rr)
ldns_rdf** origin, ldns_rdf** prev_rr, int skip_whitespace)
{
struct entry* current = NULL;
char line[MAX_LINE];
@ -485,7 +496,10 @@ read_entry(FILE* in, const char* name, int *lineno, uint32_t* default_ttl,
reading_hex = false;
cur_reply->reply_from_hex = data_buffer2wire(hex_data_buffer);
ldns_buffer_free(hex_data_buffer);
hex_data_buffer = NULL;
} else if(str_keyword(&parse, "ENTRY_END")) {
if (hex_data_buffer)
ldns_buffer_free(hex_data_buffer);
return current;
} else if(reading_hex) {
ldns_buffer_printf(hex_data_buffer, line);
@ -493,14 +507,17 @@ read_entry(FILE* in, const char* name, int *lineno, uint32_t* default_ttl,
/* it must be a RR, parse and add to packet. */
ldns_rr* n = NULL;
ldns_status status;
char* rrstr = line;
if (skip_whitespace)
rrstr = parse;
if(add_section == LDNS_SECTION_QUESTION)
status = ldns_rr_new_question_frm_str(
&n, parse, *origin, prev_rr);
else status = ldns_rr_new_frm_str(&n, parse,
&n, rrstr, *origin, prev_rr);
else status = ldns_rr_new_frm_str(&n, rrstr,
*default_ttl, *origin, prev_rr);
if(status != LDNS_STATUS_OK)
error("%s line %d:\n\t%s: %s", name, *lineno,
ldns_get_errorstr_by_id(status), parse);
ldns_get_errorstr_by_id(status), rrstr);
ldns_pkt_push_rr(cur_reply->reply, add_section, n);
}
@ -518,7 +535,7 @@ read_entry(FILE* in, const char* name, int *lineno, uint32_t* default_ttl,
/* reads the canned reply file and returns a list of structs */
struct entry*
read_datafile(const char* name)
read_datafile(const char* name, int skip_whitespace)
{
struct entry* list = NULL;
struct entry* last = NULL;
@ -535,7 +552,7 @@ read_datafile(const char* name)
}
while((current = read_entry(in, name, &lineno, &default_ttl,
&origin, &prev_rr)))
&origin, &prev_rr, skip_whitespace)))
{
if(last)
last->next = current;
@ -815,7 +832,7 @@ handle_query(uint8_t* inbuf, ssize_t inlen, struct entry* entries, int* count,
/* still try to adjust ID */
answer_size = ldns_buffer_capacity(p->reply_from_hex);
outbuf = LDNS_XMALLOC(uint8_t, answer_size);
memcpy(outbuf, ldns_buffer_export(p->reply_from_hex), answer_size);
memcpy(outbuf, ldns_buffer_begin(p->reply_from_hex), answer_size);
if(entry->copy_id) {
ldns_write_uint16(outbuf,
ldns_pkt_id(query_pkt));

7
examples/ldns-testpkts.h
View File

@ -197,8 +197,9 @@ struct entry {
/**
* reads the canned reply file and returns a list of structs
* does an exit on error.
* @param skip_withespace: skip leftside whitespace.
*/
struct entry* read_datafile(const char* name);
struct entry* read_datafile(const char* name, int skip_whitespace);
/**
* Delete linked list of entries.
@ -217,10 +218,12 @@ void delete_entry(struct entry* list);
* later it stores the $ORIGIN value last seen. Often &NULL or the zone
* name on first call.
* @param prev_rr: previous rr name for correcter parsing. &NULL on first call.
* @param skip_whitespace: skip leftside whitespace.
* @return: The entry read (malloced) or NULL if no entry could be read.
*/
struct entry* read_entry(FILE* in, const char* name, int *lineno,
uint32_t* default_ttl, ldns_rdf** origin, ldns_rdf** prev_rr);
uint32_t* default_ttl, ldns_rdf** origin, ldns_rdf** prev_rr,
int skip_whitespace);
/**
* finds entry in list, or returns NULL.

18
examples/ldns-update.c
View File

@ -19,7 +19,7 @@ ldns_update_resolver_new(const char *fqdn, const char *zone,
ldns_resolver *r1, *r2;
ldns_pkt *query = NULL, *resp;
ldns_rr_list *nslist, *iplist;
ldns_rdf *soa_zone, *soa_mname, *ns_name;
ldns_rdf *soa_zone, *soa_mname = NULL, *ns_name;
size_t i;
ldns_status s;
@ -96,6 +96,7 @@ ldns_update_resolver_new(const char *fqdn, const char *zone,
/* Match */
iplist = ldns_get_rr_list_addr_by_name(r1, ns_name, class, 0);
(void) ldns_resolver_push_nameserver_rr_list(r2, iplist);
ldns_rr_list_deep_free(iplist);
break;
}
}
@ -109,12 +110,15 @@ ldns_update_resolver_new(const char *fqdn, const char *zone,
/* No match, add it now. */
iplist = ldns_get_rr_list_addr_by_name(r1, ns_name, class, 0);
(void) ldns_resolver_push_nameserver_rr_list(r2, iplist);
ldns_rr_list_deep_free(iplist);
}
}
ldns_resolver_set_random(r2, false);
ldns_pkt_free(resp);
ldns_resolver_deep_free(r1);
if (soa_mname)
ldns_rdf_deep_free(soa_mname);
return r2;
bad:
@ -126,6 +130,8 @@ ldns_update_resolver_new(const char *fqdn, const char *zone,
ldns_pkt_free(query);
if (resp)
ldns_pkt_free(resp);
if (soa_mname)
ldns_rdf_deep_free(soa_mname);
return NULL;
}
@ -138,7 +144,7 @@ ldns_update_send_simple_addr(const char *fqdn, const char *zone,
ldns_pkt *u_pkt = NULL, *r_pkt;
ldns_rr_list *up_rrlist;
ldns_rr *up_rr;
ldns_rdf *zone_rdf;
ldns_rdf *zone_rdf = NULL;
char *rrstr;
uint32_t rrstrlen, status = LDNS_STATUS_OK;
@ -231,6 +237,8 @@ ldns_update_send_simple_addr(const char *fqdn, const char *zone,
ldns_resolver_deep_free(res);
if (u_pkt)
ldns_pkt_free(u_pkt);
if (zone_rdf)
ldns_rdf_deep_free(zone_rdf);
return LDNS_STATUS_ERR;
}
@ -302,8 +310,10 @@ main(int argc, char **argv)
printf(";; trying UPDATE with FQDN \"%s\" and IP \"%s\"\n",
fqdn, ipaddr ? ipaddr : "<none>");
printf(";; tsig: \"%s\" \"%s\" \"%s\"\n", tsig_cr.keyname,
tsig_cr.algorithm, tsig_cr.keydata);
if (argc == 6 || argc == 7) {
printf(";; tsig: \"%s\" \"%s\" \"%s\"\n", tsig_cr.keyname,
tsig_cr.algorithm, tsig_cr.keydata);
}
ret = ldns_update_send_simple_addr(fqdn, zone, ipaddr, port, defttl, tsig_cred);
exit(ret);

13
examples/ldns-verify-zone.1 → examples/ldns-verify-zone.1.in
View File

@ -37,6 +37,9 @@ Default signatures should just be valid now.
A file that contains a trusted DNSKEY or DS rr.
This option may be given more than once.
Alternatively, if \fB-k\fR is not specified, and a default trust anchor
(@LDNS_TRUST_ANCHOR_FILE@) exists and contains a valid DNSKEY or DS record,
it will be used as the trust anchor.
.TP
\fB-p\fR \fI[0-100]\fR
Only check this percentage of the zone.
@ -77,6 +80,16 @@ P[n]Y[n]M[n]DT[n]H[n]M[n]S
.LP
If no file is given standard input is read.
.SH "FILES"
.TP
@LDNS_TRUST_ANCHOR_FILE@
The file from which trusted keys are loaded for signature chasing,
when no \fB-k\fR option is given.
.SH "SEE ALSO"
.LP
unbound-anchor(8)
.SH AUTHOR
Written by the ldns team as an example for ldns usage.

34
examples/ldns-verify-zone.c
View File

@ -66,10 +66,6 @@ read_key_file(const char *filename, ldns_rr_list *keys)
int line_nr;
if (!(fp = fopen(filename, "r"))) {
if (verbosity > 0) {
fprintf(myerr, "Error opening %s: %s\n", filename,
strerror(errno));
}
return LDNS_STATUS_FILE_ERR;
}
while (!feof(fp)) {
@ -92,6 +88,7 @@ read_key_file(const char *filename, ldns_rr_list *keys)
else
break;
}
fclose(fp);
return status;
}
@ -308,6 +305,10 @@ verify_next_hashed_name(ldns_dnssec_zone* zone, ldns_dnssec_name *name)
if (!cur_next_name) {
cur_next_name = cur_first_name;
}
assert(cur_next_name != NULL);
/* Because this function is called on nsec occurrence,
* there must be a cur_next_name!
*/
next_owner_str = ldns_rdf2str(ldns_nsec3_next_owner(name->nsec));
next_owner_dname = ldns_dname_new_frm_str(next_owner_str);
@ -749,7 +750,8 @@ main(int argc, char **argv)
"now)\n");
printf("\t-k <file>\tspecify a file that contains a "
"trusted DNSKEY or DS rr.\n\t\t\t"
"This option may be given more than once.\n");
"This option may be given more than once.\n"
"\t\t\tDefault is %s", LDNS_TRUST_ANCHOR_FILE);
printf("\t-p [0-100]\tonly checks this percentage of "
"the zone.\n\t\t\tDefaults to 100\n");
printf("\t-S\t\tchase signature(s) to a known key. "
@ -794,6 +796,13 @@ main(int argc, char **argv)
break;
case 'k':
s = read_key_file(optarg, keys);
if (s == LDNS_STATUS_FILE_ERR) {
if (verbosity > 0) {
fprintf(myerr,
"Error opening %s: %s\n",
optarg, strerror(errno));
}
}
if (s != LDNS_STATUS_OK) {
if (verbosity > 0) {
fprintf(myerr,
@ -838,7 +847,7 @@ main(int argc, char **argv)
tm.tm_year -= 1900;
tm.tm_mon--;
check_time = mktime_from_utc(&tm);
check_time = ldns_mktime_from_utc(&tm);
}
else {
check_time += atoi(optarg);
@ -855,11 +864,16 @@ main(int argc, char **argv)
}
}
if (do_sigchase && nkeys == 0) {
if (verbosity > 0) {
fprintf(myerr,
"Unable to chase signature without keys.\n");
(void) read_key_file(LDNS_TRUST_ANCHOR_FILE, keys);
nkeys = ldns_rr_list_rr_count(keys);
if (nkeys == 0) {
if (verbosity > 0) {
fprintf(myerr, "Unable to chase "
"signature without keys.\n");
}
exit(EXIT_FAILURE);
}
exit(EXIT_FAILURE);
}
argc -= optind;

1
examples/ldns-zsplit.c
View File

@ -63,6 +63,7 @@ open_keyfiles(char **files, uint16_t filec)
}
if (ldns_rr_new_frm_fp(&k, kfp, NULL, NULL, NULL) != LDNS_STATUS_OK) {
fprintf(stderr, "Error parsing the key file %s: %s\n", files[i], strerror(errno));
ldns_rr_list_deep_free(pubkeys);
return NULL;
}
fclose(kfp);

1
higher.c
View File

@ -126,6 +126,7 @@ ldns_get_rr_list_name_by_addr(ldns_resolver *res, ldns_rdf *addr, ldns_rr_class
/* add the RD flags, because we want an answer */
pkt = ldns_resolver_query(res, name, LDNS_RR_TYPE_PTR, c, flags | LDNS_RD);
ldns_rdf_deep_free(name);
if (pkt) {
/* extract the data we need */
names = ldns_pkt_rr_list_by_type(pkt,

112
host2str.c
View File

@ -123,6 +123,7 @@ const ldns_output_format *ldns_output_format_onlykeyids
= &ldns_output_format_onlykeyids_record;
const ldns_output_format *ldns_output_format_default
= &ldns_output_format_onlykeyids_record;
const ldns_output_format ldns_output_format_bubblebabble_record = {
LDNS_COMMENT_KEY | LDNS_COMMENT_BUBBLEBABBLE | LDNS_COMMENT_FLAGS, NULL
};
@ -195,7 +196,7 @@ ldns_pkt_opcode2str(ldns_pkt_opcode opcode)
str = NULL;
if (ldns_pkt_opcode2buffer_str(buf, opcode) == LDNS_STATUS_OK) {
str = ldns_buffer2str(buf);
str = ldns_buffer_export2str(buf);
}
ldns_buffer_free(buf);
@ -215,7 +216,7 @@ ldns_pkt_rcode2str(ldns_pkt_rcode rcode)
str = NULL;
if (ldns_pkt_rcode2buffer_str(buf, rcode) == LDNS_STATUS_OK) {
str = ldns_buffer2str(buf);
str = ldns_buffer_export2str(buf);
}
ldns_buffer_free(buf);
@ -236,7 +237,7 @@ ldns_pkt_algorithm2str(ldns_algorithm algorithm)
str = NULL;
if (ldns_algorithm2buffer_str(buf, algorithm)
== LDNS_STATUS_OK) {
str = ldns_buffer2str(buf);
str = ldns_buffer_export2str(buf);
}
ldns_buffer_free(buf);
@ -257,7 +258,7 @@ ldns_pkt_cert_algorithm2str(ldns_cert_algorithm cert_algorithm)
str = NULL;
if (ldns_cert_algorithm2buffer_str(buf, cert_algorithm)
== LDNS_STATUS_OK) {
str = ldns_buffer2str(buf);
str = ldns_buffer_export2str(buf);
}
ldns_buffer_free(buf);
@ -567,7 +568,7 @@ ldns_rr_type2str(const ldns_rr_type type)
str = NULL;
if (ldns_rr_type2buffer_str(buf, type) == LDNS_STATUS_OK) {
str = ldns_buffer2str(buf);
str = ldns_buffer_export2str(buf);
}
ldns_buffer_free(buf);
@ -603,7 +604,7 @@ ldns_rr_class2str(const ldns_rr_class klass)
str = NULL;
if (ldns_rr_class2buffer_str(buf, klass) == LDNS_STATUS_OK) {
str = ldns_buffer2str(buf);
str = ldns_buffer_export2str(buf);
}
ldns_buffer_free(buf);
return str;
@ -1149,8 +1150,9 @@ ldns_rdf2buffer_str(ldns_buffer *buffer, const ldns_rdf *rdf)
break;
}
} else {
/** This will write mangled RRs */
ldns_buffer_printf(buffer, "(null) ");
res = ldns_buffer_status(buffer);
res = LDNS_STATUS_ERR;
}
return res;
}
@ -1230,7 +1232,33 @@ ldns_rr2buffer_str_fmt(ldns_buffer *output,
for (i = 0; i < ldns_rr_rd_count(rr); i++) {
/* ldns_rdf2buffer_str handles NULL input fine! */
status = ldns_rdf2buffer_str(output, ldns_rr_rdf(rr, i));
if ((fmt->flags & LDNS_FMT_ZEROIZE_RRSIGS) &&
(ldns_rr_get_type(rr) == LDNS_RR_TYPE_RRSIG) &&
((/* inception */ i == 4 &&
ldns_rdf_get_type(ldns_rr_rdf(rr, 4)) ==
LDNS_RDF_TYPE_TIME) ||
(/* expiration */ i == 5 &&
ldns_rdf_get_type(ldns_rr_rdf(rr, 5)) ==
LDNS_RDF_TYPE_TIME) ||
(/* signature */ i == 8 &&
ldns_rdf_get_type(ldns_rr_rdf(rr, 8)) ==
LDNS_RDF_TYPE_B64))) {
ldns_buffer_printf(output, "(null)");
status = ldns_buffer_status(output);
} else if ((fmt->flags & LDNS_FMT_PAD_SOA_SERIAL) &&
(ldns_rr_get_type(rr) == LDNS_RR_TYPE_SOA) &&
/* serial */ i == 2 &&
ldns_rdf_get_type(ldns_rr_rdf(rr, 2)) ==
LDNS_RDF_TYPE_INT32) {
ldns_buffer_printf(output, "%10lu",
(unsigned long) ldns_read_uint32(
ldns_rdf_data(ldns_rr_rdf(rr, 2))));
status = ldns_buffer_status(output);
} else {
status = ldns_rdf2buffer_str(output,
ldns_rr_rdf(rr, i));
}
if(status != LDNS_STATUS_OK)
return status;
if (i < ldns_rr_rd_count(rr) - 1) {
@ -1633,12 +1661,12 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
{
ldns_status status = LDNS_STATUS_OK;
unsigned char *bignum;
#ifndef S_SPLINT_S
uint16_t i;
#endif
#ifdef HAVE_SSL
# ifndef S_SPLINT_S
uint16_t i;
# endif
/* not used when ssl is not defined */
/*@unused@*/
ldns_rdf *b64_bignum = NULL;
RSA *rsa;
@ -1716,6 +1744,7 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
}
b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
ldns_rdf_deep_free(b64_bignum);
goto error;
}
ldns_rdf_deep_free(b64_bignum);
@ -1727,6 +1756,7 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
}
b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
ldns_rdf_deep_free(b64_bignum);
goto error;
}
ldns_rdf_deep_free(b64_bignum);
@ -1740,6 +1770,7 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
}
b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
ldns_rdf_deep_free(b64_bignum);
goto error;
}
ldns_rdf_deep_free(b64_bignum);
@ -1756,6 +1787,7 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
}
b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
ldns_rdf_deep_free(b64_bignum);
goto error;
}
ldns_rdf_deep_free(b64_bignum);
@ -1772,6 +1804,7 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
}
b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
ldns_rdf_deep_free(b64_bignum);
goto error;
}
ldns_rdf_deep_free(b64_bignum);
@ -1788,6 +1821,7 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
}
b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
ldns_rdf_deep_free(b64_bignum);
goto error;
}
ldns_rdf_deep_free(b64_bignum);
@ -1804,6 +1838,7 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
}
b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
ldns_rdf_deep_free(b64_bignum);
goto error;
}
ldns_rdf_deep_free(b64_bignum);
@ -1820,6 +1855,7 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
}
b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
ldns_rdf_deep_free(b64_bignum);
goto error;
}
ldns_rdf_deep_free(b64_bignum);
@ -1853,6 +1889,7 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
}
b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
ldns_rdf_deep_free(b64_bignum);
goto error;
}
ldns_rdf_deep_free(b64_bignum);
@ -1869,6 +1906,7 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
}
b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
ldns_rdf_deep_free(b64_bignum);
goto error;
}
ldns_rdf_deep_free(b64_bignum);
@ -1885,6 +1923,7 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
}
b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
ldns_rdf_deep_free(b64_bignum);
goto error;
}
ldns_rdf_deep_free(b64_bignum);
@ -1901,6 +1940,7 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
}
b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
ldns_rdf_deep_free(b64_bignum);
goto error;
}
ldns_rdf_deep_free(b64_bignum);
@ -1917,6 +1957,7 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
}
b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
ldns_rdf_deep_free(b64_bignum);
goto error;
}
ldns_rdf_deep_free(b64_bignum);
@ -1960,6 +2001,7 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
}
b64_bignum = ldns_rdf_new_frm_data(LDNS_RDF_TYPE_B64, i, bignum);
if (ldns_rdf2buffer_str(output, b64_bignum) != LDNS_STATUS_OK) {
ldns_rdf_deep_free(b64_bignum);
goto error;
}
ldns_rdf_deep_free(b64_bignum);
@ -1993,9 +2035,6 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
}
#endif /* HAVE_SSL */
} else {
#ifdef HAVE_SSL
LDNS_FREE(b64_bignum);
#endif
LDNS_FREE(bignum);
return ldns_buffer_status(output);
}
@ -2012,12 +2051,11 @@ ldns_key2buffer_str(ldns_buffer *output, const ldns_key *k)
}
/*
* Zero terminate the buffer and fix it to the size of the string.
* Zero terminate the buffer and copy data.
*/
char *
ldns_buffer2str(ldns_buffer *buffer)
{
char *tmp_str;
char *str;
/* check if buffer ends with \0, if not, and
@ -2032,16 +2070,30 @@ ldns_buffer2str(ldns_buffer *buffer)
}
}
tmp_str = ldns_buffer_export(buffer);
str = LDNS_XMALLOC(char, strlen(tmp_str) + 1);
str = strdup((const char *)ldns_buffer_begin(buffer));
if(!str) {
return NULL;
}
memcpy(str, tmp_str, strlen(tmp_str) + 1);
return str;
}
/*
* Zero terminate the buffer and export data.
*/
char *
ldns_buffer_export2str(ldns_buffer *buffer)
{
/* Append '\0' as string terminator */
if (! ldns_buffer_reserve(buffer, 1)) {
return NULL;
}
ldns_buffer_write_u8(buffer, 0);
/* reallocate memory to the size of the string and export */
ldns_buffer_set_capacity(buffer, ldns_buffer_position(buffer));
return ldns_buffer_export(buffer);
}
char *
ldns_rdf2str(const ldns_rdf *rdf)
{
@ -2053,7 +2105,7 @@ ldns_rdf2str(const ldns_rdf *rdf)
}
if (ldns_rdf2buffer_str(tmp_buffer, rdf) == LDNS_STATUS_OK) {
/* export and return string, destroy rest */
result = ldns_buffer2str(tmp_buffer);
result = ldns_buffer_export2str(tmp_buffer);
}
ldns_buffer_free(tmp_buffer);
return result;
@ -2071,7 +2123,7 @@ ldns_rr2str_fmt(const ldns_output_format *fmt, const ldns_rr *rr)
if (ldns_rr2buffer_str_fmt(tmp_buffer, fmt, rr)
== LDNS_STATUS_OK) {
/* export and return string, destroy rest */
result = ldns_buffer2str(tmp_buffer);
result = ldns_buffer_export2str(tmp_buffer);
}
ldns_buffer_free(tmp_buffer);
return result;
@ -2095,7 +2147,7 @@ ldns_pkt2str_fmt(const ldns_output_format *fmt, const ldns_pkt *pkt)
if (ldns_pkt2buffer_str_fmt(tmp_buffer, fmt, pkt)
== LDNS_STATUS_OK) {
/* export and return string, destroy rest */
result = ldns_buffer2str(tmp_buffer);
result = ldns_buffer_export2str(tmp_buffer);
}
ldns_buffer_free(tmp_buffer);
@ -2119,7 +2171,7 @@ ldns_key2str(const ldns_key *k)
}
if (ldns_key2buffer_str(tmp_buffer, k) == LDNS_STATUS_OK) {
/* export and return string, destroy rest */
result = ldns_buffer2str(tmp_buffer);
result = ldns_buffer_export2str(tmp_buffer);
}
ldns_buffer_free(tmp_buffer);
return result;
@ -2149,7 +2201,7 @@ ldns_rr_list2str_fmt(const ldns_output_format *fmt, const ldns_rr_list *list)
}
/* export and return string, destroy rest */
result = ldns_buffer2str(tmp_buffer);
result = ldns_buffer_export2str(tmp_buffer);
ldns_buffer_free(tmp_buffer);
return result;
}
@ -2167,20 +2219,20 @@ ldns_rdf_print(FILE *output, const ldns_rdf *rdf)
if (str) {
fprintf(output, "%s", str);
} else {
fprintf(output, "Unable to convert rdf to string\n");
fprintf(output, ";Unable to convert rdf to string\n");
}
LDNS_FREE(str);
}
void
ldns_rr_print_fmt(FILE *output,
ldns_rr_print_fmt(FILE *output,
const ldns_output_format *fmt, const ldns_rr *rr)
{
char *str = ldns_rr2str_fmt(fmt, rr);
if (str) {
fprintf(output, "%s", str);
} else {
fprintf(output, "Unable to convert rr to string\n");
fprintf(output, ";Unable to convert rr to string\n");
}
LDNS_FREE(str);
}
@ -2199,7 +2251,7 @@ ldns_pkt_print_fmt(FILE *output,
if (str) {
fprintf(output, "%s", str);
} else {
fprintf(output, "Unable to convert packet to string\n");
fprintf(output, ";Unable to convert packet to string\n");
}
LDNS_FREE(str);
}

48
host2wire.c
View File

@ -341,7 +341,6 @@ ldns_status
ldns_rdf2wire(uint8_t **dest, const ldns_rdf *rdf, size_t *result_size)
{
ldns_buffer *buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
uint8_t *result = NULL;
ldns_status status;
*result_size = 0;
*dest = NULL;
@ -350,21 +349,8 @@ ldns_rdf2wire(uint8_t **dest, const ldns_rdf *rdf, size_t *result_size)
status = ldns_rdf2buffer_wire(buffer, rdf);
if (status == LDNS_STATUS_OK) {
*result_size = ldns_buffer_position(buffer);
result = (uint8_t *) ldns_buffer_export(buffer);
} else {
ldns_buffer_free(buffer);
return status;
*dest = (uint8_t *) ldns_buffer_export(buffer);
}
if (result) {
*dest = LDNS_XMALLOC(uint8_t, ldns_buffer_position(buffer));
if(!*dest) {
ldns_buffer_free(buffer);
return LDNS_STATUS_MEM_ERR;
}
memcpy(*dest, result, ldns_buffer_position(buffer));
}
ldns_buffer_free(buffer);
return status;
}
@ -373,7 +359,6 @@ ldns_status
ldns_rr2wire(uint8_t **dest, const ldns_rr *rr, int section, size_t *result_size)
{
ldns_buffer *buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
uint8_t *result = NULL;
ldns_status status;
*result_size = 0;
*dest = NULL;
@ -382,21 +367,8 @@ ldns_rr2wire(uint8_t **dest, const ldns_rr *rr, int section, size_t *result_size
status = ldns_rr2buffer_wire(buffer, rr, section);
if (status == LDNS_STATUS_OK) {
*result_size = ldns_buffer_position(buffer);
result = (uint8_t *) ldns_buffer_export(buffer);
} else {
ldns_buffer_free(buffer);
return status;
*dest = (uint8_t *) ldns_buffer_export(buffer);
}
if (result) {
*dest = LDNS_XMALLOC(uint8_t, ldns_buffer_position(buffer));
if(!*dest) {
ldns_buffer_free(buffer);
return LDNS_STATUS_MEM_ERR;
}
memcpy(*dest, result, ldns_buffer_position(buffer));
}
ldns_buffer_free(buffer);
return status;
}
@ -405,7 +377,6 @@ ldns_status
ldns_pkt2wire(uint8_t **dest, const ldns_pkt *packet, size_t *result_size)
{
ldns_buffer *buffer = ldns_buffer_new(LDNS_MAX_PACKETLEN);
uint8_t *result = NULL;
ldns_status status;
*result_size = 0;
*dest = NULL;
@ -414,21 +385,8 @@ ldns_pkt2wire(uint8_t **dest, const ldns_pkt *packet, size_t *result_size)
status = ldns_pkt2buffer_wire(buffer, packet);
if (status == LDNS_STATUS_OK) {
*result_size = ldns_buffer_position(buffer);
result = (uint8_t *) ldns_buffer_export(buffer);
} else {
ldns_buffer_free(buffer);
return status;
*dest = (uint8_t *) ldns_buffer_export(buffer);
}
if (result) {
*dest = LDNS_XMALLOC(uint8_t, ldns_buffer_position(buffer));
if(!*dest) {
ldns_buffer_free(buffer);
return LDNS_STATUS_MEM_ERR;
}
memcpy(*dest, result, ldns_buffer_position(buffer));
}
ldns_buffer_free(buffer);
return status;
}

50
keys.c
View File

@ -431,8 +431,7 @@ ldns_key_new_frm_fp_l(ldns_key **key, FILE *fp, int *line_nr)
ldns_key_free(k);
return LDNS_STATUS_ERR;
}
ldns_key_set_rsa_key(k, rsa);
RSA_free(rsa);
ldns_key_assign_rsa_key(k, rsa);
#endif /* HAVE_SSL */
break;
case LDNS_SIGN_DSA:
@ -444,8 +443,7 @@ ldns_key_new_frm_fp_l(ldns_key **key, FILE *fp, int *line_nr)
ldns_key_free(k);
return LDNS_STATUS_ERR;
}
ldns_key_set_dsa_key(k, dsa);
DSA_free(dsa);
ldns_key_assign_dsa_key(k, dsa);
#endif /* HAVE_SSL */
break;
case LDNS_SIGN_HMACMD5:
@ -505,6 +503,7 @@ ldns_key_new_frm_fp_l(ldns_key **key, FILE *fp, int *line_nr)
*key = k;
return LDNS_STATUS_OK;
}
ldns_key_free(k);
return LDNS_STATUS_ERR;
}
@ -751,28 +750,21 @@ ldns_key_new_frm_fp_hmac_l( FILE *f
, size_t *hmac_size
)
{
size_t i;
char *d;
unsigned char *buf;
d = LDNS_XMALLOC(char, LDNS_MAX_LINELEN);
buf = LDNS_XMALLOC(unsigned char, LDNS_MAX_LINELEN);
if(!d || !buf) {
goto error;
}
size_t i, bufsz;
char d[LDNS_MAX_LINELEN];
unsigned char *buf = NULL;
if (ldns_fget_keyword_data_l(f, "Key", ": ", d, "\n", LDNS_MAX_LINELEN, line_nr) == -1) {
goto error;
}
i = (size_t) ldns_b64_pton((const char*)d,
buf,
ldns_b64_ntop_calculate_size(strlen(d)));
bufsz = ldns_b64_ntop_calculate_size(strlen(d));
buf = LDNS_XMALLOC(unsigned char, bufsz);
i = (size_t) ldns_b64_pton((const char*)d, buf, bufsz);
*hmac_size = i;
return buf;
error:
LDNS_FREE(d);
LDNS_FREE(buf);
*hmac_size = 0;
return NULL;
@ -850,6 +842,7 @@ ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size)
return NULL;
}
ldns_key_set_rsa_key(k, r);
RSA_free(r);
#endif /* HAVE_SSL */
break;
case LDNS_SIGN_DSA:
@ -865,6 +858,7 @@ ldns_key_new_frm_algorithm(ldns_signing_algorithm alg, uint16_t size)
return NULL;
}
ldns_key_set_dsa_key(k, d);
DSA_free(d);
#endif /* HAVE_SSL */
break;
case LDNS_SIGN_HMACMD5:
@ -1005,6 +999,22 @@ ldns_key_set_dsa_key(ldns_key *k, DSA *d)
EVP_PKEY_set1_DSA(key, d);
k->_key.key = key;
}
void
ldns_key_assign_rsa_key(ldns_key *k, RSA *r)
{
EVP_PKEY *key = EVP_PKEY_new();
EVP_PKEY_assign_RSA(key, r);
k->_key.key = key;
}
void
ldns_key_assign_dsa_key(ldns_key *k, DSA *d)
{
EVP_PKEY *key = EVP_PKEY_new();
EVP_PKEY_assign_DSA(key, d);
k->_key.key = key;
}
#endif /* splint */
#endif /* HAVE_SSL */
@ -1302,7 +1312,7 @@ ldns_key_dsa2bin(unsigned char *data, DSA *k, uint16_t *size)
}
/* See RFC2536 */
*size = (uint16_t)BN_num_bytes(k->g);
*size = (uint16_t)BN_num_bytes(k->p);
T = (*size - 64) / 8;
memcpy(data, &T, 1);
@ -1365,10 +1375,10 @@ ldns_key2rr(const ldns_key *k)
#endif
int internal_data = 0;
pubkey = ldns_rr_new();
if (!k) {
return NULL;
}
pubkey = ldns_rr_new();
switch (ldns_key_algorithm(k)) {
case LDNS_SIGN_HMACMD5:
@ -1638,7 +1648,7 @@ ldns_key_get_file_base_name(ldns_key *key)
"+%03u+%05u",
ldns_key_algorithm(key),
ldns_key_keytag(key));
file_base_name = strdup(ldns_buffer_export(buffer));
file_base_name = ldns_buffer_export(buffer);
ldns_buffer_free(buffer);
return file_base_name;
}

5
ldns/buffer.h
View File

@ -630,8 +630,9 @@ void ldns_buffer_free(ldns_buffer *buffer);
void *ldns_buffer_export(ldns_buffer *buffer);
/**
* Copy contents of the other buffer to this buffer. Silently truncated
* if this buffer is too small.
* Copy contents of the from buffer to the result buffer and then flips
* the result buffer. Data will be silently truncated if the result buffer is
* too small.
* \param[out] *result resulting buffer which is copied to.
* \param[in] *from what to copy to result.
*/

5
ldns/common.h.in
View File

@ -23,6 +23,7 @@
#define LDNS_BUILD_CONFIG_HAVE_INTTYPES_H @ldns_build_config_have_inttypes_h@
#define LDNS_BUILD_CONFIG_HAVE_ATTR_FORMAT @ldns_build_config_have_attr_format@
#define LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED @ldns_build_config_have_attr_unused@
#define LDNS_BUILD_CONFIG_HAVE_SOCKLEN_T @ldns_build_config_have_socklen_t@
/*
* HAVE_STDBOOL_H is not available when distributed as a library, but no build
@ -65,4 +66,8 @@ typedef bool _Bool;
#define ATTR_UNUSED(x) x
#endif /* !LDNS_BUILD_CONFIG_HAVE_ATTR_UNUSED */
#if !LDNS_BUILD_CONFIG_HAVE_SOCKLEN_T
typedef int socklen_t;
#endif
#endif /* LDNS_COMMON_H */

15
ldns/config.h.in
View File

@ -33,6 +33,12 @@
/* Define to 1 if you have the `ctime_r' function. */
#undef HAVE_CTIME_R
/* Is a CAFILE given at configure time */
#undef HAVE_DANE_CA_FILE
/* Is a CAPATH given at configure time */
#undef HAVE_DANE_CA_PATH
/* Define to 1 if you have the declaration of `NID_secp384r1', and to 0 if you
don't. */
#undef HAVE_DECL_NID_SECP384R1
@ -250,6 +256,15 @@
/* Define to 1 if the system has the type `_Bool'. */
#undef HAVE__BOOL
/* Is a CAFILE given at configure time */
#undef LDNS_DANE_CA_FILE
/* Is a CAPATH given at configure time */
#undef LDNS_DANE_CA_PATH
/* Default trust anchor file */
#undef LDNS_TRUST_ANCHOR_FILE
/* Define to the sub-directory in which libtool stores uninstalled libraries.
*/
#undef LT_OBJDIR

244
ldns/dane.h Normal file
View File

@ -0,0 +1,244 @@
/*
* dane.h -- defines for the DNS-Based Authentication of Named Entities (DANE)
* Transport Layer Security (TLS) Protocol: TLSA
*
* Copyright (c) 2012, NLnet Labs. All rights reserved.
*
* See LICENSE for the license.
*
*/
/**
* \file
*
* This module contains base functions for creating and verifying TLSA RR's
* with PKIX certificates, certificate chains and validation stores.
* (See RFC6394 and RFC6698).
*
* Since those functions heavily rely op cryptographic operations,
* this module is dependent on openssl.
*/
#ifndef LDNS_DANE_H
#define LDNS_DANE_H
#include <ldns/common.h>
#include <ldns/rdata.h>
#include <ldns/rr.h>
#if LDNS_BUILD_CONFIG_HAVE_SSL
#include <openssl/ssl.h>
#include <openssl/err.h>
#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
#ifdef __cplusplus
extern "C" {
#endif
/**
* The different "Certificate usage" rdata field values for a TLSA RR.
*/
enum ldns_enum_tlsa_certificate_usage
{
/** CA constraint */
LDNS_TLSA_USAGE_CA_CONSTRAINT = 0,
/** Sevice certificate constraint */
LDNS_TLSA_USAGE_SERVICE_CERTIFICATE_CONSTRAINT = 1,
/** Trust anchor assertion */
LDNS_TLSA_USAGE_TRUST_ANCHOR_ASSERTION = 2,
/** Domain issued certificate */
LDNS_TLSA_USAGE_DOMAIN_ISSUED_CERTIFICATE = 3
};
typedef enum ldns_enum_tlsa_certificate_usage ldns_tlsa_certificate_usage;
/**
* The different "Selector" rdata field values for a TLSA RR.
*/
enum ldns_enum_tlsa_selector
{
/**
* Full certificate: the Certificate binary structure
* as defined in [RFC5280]
*/
LDNS_TLSA_SELECTOR_FULL_CERTIFICATE = 0,
/**
* SubjectPublicKeyInfo: DER-encoded binary structure
* as defined in [RFC5280]
*/
LDNS_TLSA_SELECTOR_SUBJECTPUBLICKEYINFO = 1
};
typedef enum ldns_enum_tlsa_selector ldns_tlsa_selector;
/**
* The different "Matching type" rdata field values for a TLSA RR.
*/
enum ldns_enum_tlsa_matching_type
{
/** Exact match on selected content */
LDNS_TLSA_MATCHING_TYPE_NO_HASH_USED = 0,
/** SHA-256 hash of selected content [RFC6234] */
LDNS_TLSA_MATCHING_TYPE_SHA256 = 1,
/** SHA-512 hash of selected content [RFC6234] */
LDNS_TLSA_MATCHING_TYPE_SHA512 = 2
};
typedef enum ldns_enum_tlsa_matching_type ldns_tlsa_matching_type;
/**
* Known transports to use with TLSA owner names.
*/
enum ldns_enum_dane_transport
{
/** TCP */
LDNS_DANE_TRANSPORT_TCP = 0,
/** UDP */
LDNS_DANE_TRANSPORT_UDP = 1,
/** SCTP */
LDNS_DANE_TRANSPORT_SCTP = 2
};
typedef enum ldns_enum_dane_transport ldns_dane_transport;
/**
* Creates a dname consisting of the given name, prefixed by the service port
* and type of transport: _<EM>port</EM>._<EM>transport</EM>.<EM>name</EM>.
*
* \param[out] tlsa_owner The created dname.
* \param[in] name The dname that should be prefixed.
* \param[in] port The service port number for wich the name should be created.
* \param[in] transport The transport for wich the name should be created.
* \return LDNS_STATUS_OK on success or an error code otherwise.
*/
ldns_status ldns_dane_create_tlsa_owner(ldns_rdf** tlsa_owner,
const ldns_rdf* name, uint16_t port,
ldns_dane_transport transport);
#if LDNS_BUILD_CONFIG_HAVE_SSL
/**
* Creates a LDNS_RDF_TYPE_HEX type rdf based on the binary data choosen by
* the selector and encoded using matching_type.
*
* \param[out] rdf The created created rdf of type LDNS_RDF_TYPE_HEX.
* \param[in] cert The certificate from which the data is selected
* \param[in] selector The full certificate or the public key
* \param[in] matching_type The full data or the SHA256 or SHA512 hash
* of the selected data
* \return LDNS_STATUS_OK on success or an error code otherwise.
*/
ldns_status ldns_dane_cert2rdf(ldns_rdf** rdf, X509* cert,
ldns_tlsa_selector selector,
ldns_tlsa_matching_type matching_type);
/**
* Selects the certificate from cert, extra_certs or the pkix_validation_store
* based on the value of cert_usage and index.
*
* \param[out] selected_cert The selected cert.
* \param[in] cert The certificate to validate (or not)
* \param[in] extra_certs Intermediate certificates that might be necessary
* during validation. May be NULL, except when the certificate
* usage is "Trust Anchor Assertion" because the trust anchor has
* to be provided.(otherwise choose a "Domain issued certificate!"
* \param[in] pkix_validation_store Used when the certificate usage is
* "CA constraint" or "Service Certificate Constraint" to
* validate the certificate and, in case of "CA constraint",
* select the CA.
* When pkix_validation_store is NULL, validation is explicitely
* turned off and the behaviour is then the same as for "Trust
* anchor assertion" and "Domain issued certificate" respectively.
* \param[in] cert_usage Which certificate to use and how to validate.
* \param[in] index Used to select the trust anchor when certificate usage
* is "Trust Anchor Assertion". 0 is the last certificate in the
* validation chain. 1 the one but last, etc. When index is -1,
* the last certificate is used that MUST be self-signed.
* This can help to make sure that the intended (self signed)
* trust anchor is actually present in extra_certs (which is a
* DANE requirement).
*
* \return LDNS_STATUS_OK on success or an error code otherwise.
*/
ldns_status ldns_dane_select_certificate(X509** selected_cert,
X509* cert, STACK_OF(X509)* extra_certs,
X509_STORE* pkix_validation_store,
ldns_tlsa_certificate_usage cert_usage, int index);
/**
* Creates a TLSA resource record from the certificate.
* No PKIX validation is performed! The given certificate is used as data
* regardless the value of certificate_usage.
*
* \param[out] tlsa The created TLSA resource record.
* \param[in] certificate_usage The value for the Certificate Usage field
* \param[in] selector The value for the Selector field
* \param[in] matching_type The value for the Matching Type field
* \param[in] cert The certificate which data will be represented
*
* \return LDNS_STATUS_OK on success or an error code otherwise.
*/
ldns_status ldns_dane_create_tlsa_rr(ldns_rr** tlsa,
ldns_tlsa_certificate_usage certificate_usage,
ldns_tlsa_selector selector,
ldns_tlsa_matching_type matching_type,
X509* cert);
/**
* Verify if the given TLSA resource record matches the given certificate.
* Reporting on a TLSA rr mismatch (LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH)
* is preferred over PKIX failure (LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE).
* So when PKIX validation is required by the TLSA Certificate usage,
* but the TLSA data does not match, LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH
* is returned whether the PKIX validated or not.
*
* \param[in] tlsa_rr The resource record that specifies what and how to
* match the certificate. With tlsa_rr == NULL, regular PKIX
* validation is performed.
* \param[in] cert The certificate to match (and validate)
* \param[in] extra_certs Intermediate certificates that might be necessary
* creating the validation chain.
* \param[in] pkix_validation_store Used when the certificate usage is
* "CA constraint" or "Service Certificate Constraint" to
* validate the certificate.
*
* \return LDNS_STATUS_OK on success,
* LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH on TLSA data mismatch,
* LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE when TLSA matched,
* but the PKIX validation failed, or other ldns_status errors.
*/
ldns_status ldns_dane_verify_rr(const ldns_rr* tlsa_rr,
X509* cert, STACK_OF(X509)* extra_certs,
X509_STORE* pkix_validation_store);
/**
* Verify if any of the given TLSA resource records matches the given
* certificate.
*
* \param[in] tlsas The resource records that specify what and how to
* match the certificate. One must match for this function
* to succeed. With tlsas == NULL or the number of TLSA records
* in tlsas == 0, regular PKIX validation is performed.
* \param[in] cert The certificate to match (and validate)
* \param[in] extra_certs Intermediate certificates that might be necessary
* creating the validation chain.
* \param[in] pkix_validation_store Used when the certificate usage is
* "CA constraint" or "Service Certificate Constraint" to
* validate the certificate.
*
* \return LDNS_STATUS_OK on success,
* LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE when one of the TLSA's
* matched but the PKIX validation failed,
* LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH when none of the TLSA's matched,
* or other ldns_status errors.
*/
ldns_status ldns_dane_verify(ldns_rr_list* tlsas,
X509* cert, STACK_OF(X509)* extra_certs,
X509_STORE* pkix_validation_store);
#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
#ifdef __cplusplus
}
#endif
#endif /* LDNS_DANE_H */

9
ldns/dname.h
View File

@ -111,6 +111,7 @@ ldns_rdf *ldns_dname_new_frm_str(const char *str);
* Create a new dname rdf from a string
* \param[in] s the size of the new dname
* \param[in] *data pointer to the actual data
*
* \return ldns_rdf*
*/
ldns_rdf *ldns_dname_new(uint16_t s, void *data);
@ -119,6 +120,7 @@ ldns_rdf *ldns_dname_new(uint16_t s, void *data);
* Create a new dname rdf from data (the data is copied)
* \param[in] size the size of the data
* \param[in] *data pointer to the actual data
*
* \return ldns_rdf*
*/
ldns_rdf *ldns_dname_new_frm_data(uint16_t size, const void *data);
@ -177,6 +179,13 @@ int ldns_dname_interval(const ldns_rdf *prev, const ldns_rdf *middle, const ldns
*/
bool ldns_dname_str_absolute(const char *dname_str);
/**
* Checks whether the given dname is absolute (i.e. ends with a '.')
* \param[in] *dname a rdf representing the dname
* \return true or false
*/
bool ldns_dname_absolute(const ldns_rdf *dname);
/**
* look inside the rdf and if it is an LDNS_RDF_TYPE_DNAME
* try and retrieve a specific label. The labels are numbered

1
ldns/dnssec.h
View File

@ -198,6 +198,7 @@ RSA *ldns_key_buf2rsa_raw(unsigned char* key, size_t len);
*
* \param[in] *key the key to convert
* \param[in] h the hash to use LDNS_SHA1/LDNS_SHA256
*
* \return ldns_rr* a new rr pointer to a DS
*/
ldns_rr *ldns_key_rr2ds(const ldns_rr *key, ldns_hash h);

1
ldns/dnssec_verify.h
View File

@ -367,6 +367,7 @@ void ldns_dnssec_derive_trust_tree_no_sig_time(
*
* \param *tree The trust tree so search
* \param *keys A ldns_rr_list of DNSKEY and DS rrs to look for
*
* \return LDNS_STATUS_OK if there is a trusted path to one of
* the keys, or the *first* error encountered
* if there were no paths

1
ldns/dnssec_zone.h
View File

@ -8,7 +8,6 @@
#ifndef LDNS_DNSSEC_ZONE_H
#define LDNS_DNSSEC_ZONE_H
#include <ldns/ldns.h>
#include <ldns/rbtree.h>
#include <ldns/host2str.h>

17
ldns/error.h
View File

@ -102,7 +102,22 @@ enum ldns_enum_status {
LDNS_STATUS_MISSING_RDATA_FIELDS_RRSIG,
LDNS_STATUS_MISSING_RDATA_FIELDS_KEY,
LDNS_STATUS_CRYPTO_SIG_EXPIRED_WITHIN_MARGIN,
LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED_WITHIN_MARGIN
LDNS_STATUS_CRYPTO_SIG_NOT_INCEPTED_WITHIN_MARGIN,
LDNS_STATUS_DANE_STATUS_MESSAGES,
LDNS_STATUS_DANE_UNKNOWN_CERTIFICATE_USAGE,
LDNS_STATUS_DANE_UNKNOWN_SELECTOR,
LDNS_STATUS_DANE_UNKNOWN_MATCHING_TYPE,
LDNS_STATUS_DANE_UNKNOWN_PROTOCOL,
LDNS_STATUS_DANE_UNKNOWN_TRANSPORT,
LDNS_STATUS_DANE_MISSING_EXTRA_CERTS,
LDNS_STATUS_DANE_EXTRA_CERTS_NOT_USED,
LDNS_STATUS_DANE_OFFSET_OUT_OF_RANGE,
LDNS_STATUS_DANE_INSECURE,
LDNS_STATUS_DANE_BOGUS,
LDNS_STATUS_DANE_TLSA_DID_NOT_MATCH,
LDNS_STATUS_DANE_NON_CA_CERTIFICATE,
LDNS_STATUS_DANE_PKIX_DID_NOT_VALIDATE,
LDNS_STATUS_DANE_PKIX_NO_SELF_SIGNED_TRUST_ANCHOR
};
typedef enum ldns_enum_status ldns_status;

18
ldns/host2str.h
View File

@ -64,6 +64,8 @@ extern "C" {
#define LDNS_COMMENT_LAYOUT 0x0080
/** Also comment KEY_ID with RRSIGS **/
#define LDNS_COMMENT_RRSIGS 0x0100
#define LDNS_FMT_ZEROIZE_RRSIGS 0x0200
#define LDNS_FMT_PAD_SOA_SERIAL 0x0400
/**
* Output format specifier
@ -601,14 +603,26 @@ char *ldns_rr_list2str_fmt(
const ldns_output_format *fmt, const ldns_rr_list *rr_list);
/**
* Returns the data in the buffer as a null terminated char * string
* Buffer data must be char * type, and must be freed by the caller
* Returns a copy of the data in the buffer as a null terminated
* char * string. The returned string must be freed by the caller.
* The buffer must be in write modus and may thus not have been flipped.
*
* \param[in] buffer buffer containing char * data
* \return null terminated char * data, or NULL on error
*/
char *ldns_buffer2str(ldns_buffer *buffer);
/**
* Exports and returns the data in the buffer as a null terminated
* char * string. The returned string must be freed by the caller.
* The buffer must be in write modus and may thus not have been flipped.
* The buffer is fixed after this function returns.
*
* \param[in] buffer buffer containing char * data
* \return null terminated char * data, or NULL on error
*/
char *ldns_buffer_export2str(ldns_buffer *buffer);
/**
* Prints the data in the rdata field to the given file stream
* (in presentation format)

22
ldns/keys.h
View File

@ -25,7 +25,6 @@
#if LDNS_BUILD_CONFIG_HAVE_SSL
#include <openssl/ssl.h>
#endif /* LDNS_BUILD_CONFIG_HAVE_SSL */
#include <ldns/dnssec.h>
#include <ldns/util.h>
#include <errno.h>
@ -299,18 +298,37 @@ void ldns_key_set_algorithm(ldns_key *k, ldns_signing_algorithm l);
void ldns_key_set_evp_key(ldns_key *k, EVP_PKEY *e);
/**
* Set the key's rsa data
* Set the key's rsa data.
* The rsa data should be freed by the user.
* \param[in] k the key
* \param[in] r the rsa data
*/
void ldns_key_set_rsa_key(ldns_key *k, RSA *r);
/**
* Set the key's dsa data
* The dsa data should be freed by the user.
* \param[in] k the key
* \param[in] d the dsa data
*/
void ldns_key_set_dsa_key(ldns_key *k, DSA *d);
/**
* Assign the key's rsa data
* The rsa data will be freed automatically when the key is freed.
* \param[in] k the key
* \param[in] r the rsa data
*/
void ldns_key_assign_rsa_key(ldns_key *k, RSA *r);
/**
* Assign the key's dsa data
* The dsa data will be freed automatically when the key is freed.
* \param[in] k the key
* \param[in] d the dsa data
*/
void ldns_key_assign_dsa_key(ldns_key *k, DSA *d);
/**
* Get the PKEY id for GOST, loads GOST into openssl as a side effect.
* Only available if GOST is compiled into the library and openssl.

1
ldns/ldns.h
View File

@ -95,6 +95,7 @@ Or you can just use the menu above to browse through the API docs.
#include <ldns/util.h>
#include <ldns/buffer.h>
#include <ldns/common.h>
#include <ldns/dane.h>
#include <ldns/dname.h>
#include <ldns/dnssec.h>
#include <ldns/dnssec_verify.h>

2
ldns/rdata.h
View File

@ -194,6 +194,7 @@ ldns_rdf_type ldns_rdf_get_type(const ldns_rdf *rd);
/**
* returns the data of the rdf.
* \param[in] *rd the rdf to read from
*
* \return uint8_t* pointer to the rdf's data
*/
uint8_t *ldns_rdf_data(const ldns_rdf *rd);
@ -303,6 +304,7 @@ ldns_rdf *ldns_native2rdf_int32(ldns_rdf_type type, uint32_t value);
* The memory is copied, and an LDNS_RDF_TYPE_INT16DATA is returned
* \param[in] size the size of the data
* \param[in] *data pointer to the actual data
*
* \return ldns_rd* the rdf with the data
*/
ldns_rdf *ldns_native2rdf_int16_data(size_t size, uint8_t *data);

4
ldns/resolver.h
View File

@ -578,6 +578,7 @@ ldns_status ldns_resolver_push_nameserver_rr_list(ldns_resolver *r, ldns_rr_list
* \param[in] t query for this type (may be 0, defaults to A)
* \param[in] c query for this class (may be 0, default to IN)
* \param[in] flags the query flags
*
* \return ldns_pkt* a packet with the reply from the nameserver
*/
ldns_pkt* ldns_resolver_search(const ldns_resolver *r, const ldns_rdf *rdf, ldns_rr_type t, ldns_rr_class c, uint16_t flags);
@ -590,6 +591,7 @@ ldns_pkt* ldns_resolver_search(const ldns_resolver *r, const ldns_rdf *rdf, ldns
* \param[in] t query for this type (may be 0, defaults to A)
* \param[in] c query for this class (may be 0, default to IN)
* \param[in] f the query flags
*
* \return ldns_pkt* a packet with the reply from the nameserver
*/
ldns_status ldns_resolver_prepare_query_pkt(ldns_pkt **q, ldns_resolver *r, const ldns_rdf *name, ldns_rr_type t, ldns_rr_class c, uint16_t f);
@ -602,6 +604,7 @@ ldns_status ldns_resolver_prepare_query_pkt(ldns_pkt **q, ldns_resolver *r, cons
* \param[in] t query for this type (may be 0, defaults to A)
* \param[in] c query for this class (may be 0, default to IN)
* \param[in] flags the query flags
*
* \return ldns_pkt* a packet with the reply from the nameserver
*/
ldns_status ldns_resolver_send(ldns_pkt **answer, ldns_resolver *r, const ldns_rdf *name, ldns_rr_type t, ldns_rr_class c, uint16_t flags);
@ -621,6 +624,7 @@ ldns_status ldns_resolver_send_pkt(ldns_pkt **answer, ldns_resolver *r, ldns_pkt
* \param[in] *t query for this type (may be 0, defaults to A)
* \param[in] *c query for this class (may be 0, default to IN)
* \param[in] flags the query flags
*
* \return ldns_pkt* a packet with the reply from the nameserver
* if _defnames is true the default domain will be added
*/

4
ldns/rr.h
View File

@ -37,7 +37,7 @@ extern "C" {
#define LDNS_RR_OVERHEAD 10
/* The first fields are 'common' and can be referenced instantly */
#define LDNS_RDATA_FIELD_DESCRIPTORS_COMMON 52
#define LDNS_RDATA_FIELD_DESCRIPTORS_COMMON 53
@ -179,6 +179,8 @@ enum ldns_enum_rr_type
LDNS_RR_TYPE_NSEC3 = 50, /* RFC 5155 */
LDNS_RR_TYPE_NSEC3PARAM = 51, /* RFC 5155 */
LDNS_RR_TYPE_NSEC3PARAMS = 51,
/** draft-ietf-dane-protocol */
LDNS_RR_TYPE_TLSA = 52,
/** draft-ietf-dnsop-trust-history */
LDNS_RR_TYPE_TALINK = 58,

2
ldns/util.h.in
View File

@ -268,6 +268,8 @@ const char * ldns_version(void);
* \param[in] tm a struct tm* with the date
* \return the seconds since epoch
*/
time_t ldns_mktime_from_utc(const struct tm *tm);
time_t mktime_from_utc(const struct tm *tm);
/**

783
ldns_symbols.def
View File

@ -1,783 +0,0 @@
ldns_algorithm2buffer_str
ldns_algorithms
ldns_axfr_complete
ldns_axfr_last_pkt
ldns_axfr_next
ldns_axfr_start
ldns_b32_ntop
ldns_b32_ntop_ar
ldns_b32_ntop_extended_hex
ldns_b32_pton
ldns_b32_pton_ar
ldns_b32_pton_extended_hex
ldns_b64_ntop
ldns_b64_pton
ldns_bgetc
ldns_bget_keyword_data
ldns_bget_token
ldns_bskipc
ldns_bskipcs
ldns_bubblebabble
ldns_buffer2pkt_wire
ldns_buffer2str
ldns_buffer_copy
ldns_buffer_export
ldns_buffer_free
ldns_buffer_new
ldns_buffer_new_frm_data
ldns_buffer_printf
ldns_buffer_reserve
ldns_buffer_set_capacity
ldns_calc_keytag
ldns_calc_keytag_raw
ldns_cert_algorithm2buffer_str
ldns_cert_algorithms
ldns_convert_dsa_rrsig_asn12rdf
ldns_convert_dsa_rrsig_rdf2asn1
ldns_convert_ecdsa_rrsig_asn12rdf
ldns_convert_ecdsa_rrsig_rdf2asn1
ldns_create_empty_rrsig
ldns_create_nsec
ldns_create_nsec3
ldns_digest_evp
ldns_directive_types
ldns_dname2buffer_wire
ldns_dname2canonical
ldns_dname_cat
ldns_dname_cat_clone
ldns_dname_clone_from
ldns_dname_compare
ldns_dname_compare_v
ldns_dname_interval
ldns_dname_is_subdomain
ldns_dname_is_wildcard
ldns_dname_label
ldns_dname_label_count
ldns_dname_left_chop
ldns_dname_match_wildcard
ldns_dname_new
ldns_dname_new_frm_data
ldns_dname_new_frm_str
ldns_dname_reverse
ldns_dname_str_absolute
ldns_dnssec_build_data_chain
ldns_dnssec_build_data_chain_nokeyname
ldns_dnssec_chain_nsec3_list
ldns_dnssec_create_nsec
ldns_dnssec_create_nsec3
ldns_dnssec_create_nsec_bitmap
ldns_dnssec_data_chain_deep_free
ldns_dnssec_data_chain_free
ldns_dnssec_data_chain_new
ldns_dnssec_data_chain_print
ldns_dnssec_data_chain_print_fmt
ldns_dnssec_default_add_to_signatures
ldns_dnssec_default_delete_signatures
ldns_dnssec_default_leave_signatures
ldns_dnssec_default_replace_signatures
ldns_dnssec_derive_trust_tree
ldns_dnssec_derive_trust_tree_dnskey_rrset
ldns_dnssec_derive_trust_tree_dnskey_rrset_time
ldns_dnssec_derive_trust_tree_ds_rrset
ldns_dnssec_derive_trust_tree_ds_rrset_time
ldns_dnssec_derive_trust_tree_normal_rrset
ldns_dnssec_derive_trust_tree_normal_rrset_time
ldns_dnssec_derive_trust_tree_no_sig
ldns_dnssec_derive_trust_tree_no_sig_time
ldns_dnssec_derive_trust_tree_time
ldns_dnssec_get_dnskey_for_rrsig
ldns_dnssec_get_rrsig_for_name_and_type
ldns_dnssec_name_add_rr
ldns_dnssec_name_cmp
ldns_dnssec_name_deep_free
ldns_dnssec_name_find_rrset
ldns_dnssec_name_free
ldns_dnssec_name_is_glue
ldns_dnssec_name_name
ldns_dnssec_name_new
ldns_dnssec_name_new_frm_rr
ldns_dnssec_name_node_deep_free
ldns_dnssec_name_node_free
ldns_dnssec_name_node_next_nonglue
ldns_dnssec_name_nsec
ldns_dnssec_name_print
ldns_dnssec_name_print_fmt
ldns_dnssec_name_print_soa
ldns_dnssec_name_print_soa_fmt
ldns_dnssec_name_set_name
ldns_dnssec_name_set_nsec
ldns_dnssec_nsec3_closest_encloser
ldns_dnssec_pkt_get_rrsigs_for_name_and_type
ldns_dnssec_pkt_get_rrsigs_for_type
ldns_dnssec_pkt_has_rrsigs
ldns_dnssec_remove_signatures
ldns_dnssec_rrs_add_rr
ldns_dnssec_rrs_deep_free
ldns_dnssec_rrsets_add_rr
ldns_dnssec_rrsets_contains_type
ldns_dnssec_rrsets_deep_free
ldns_dnssec_rrsets_free
ldns_dnssec_rrsets_new
ldns_dnssec_rrsets_new_frm_rr
ldns_dnssec_rrsets_print
ldns_dnssec_rrsets_print_fmt
ldns_dnssec_rrsets_print_soa
ldns_dnssec_rrsets_print_soa_fmt
ldns_dnssec_rrsets_set_type
ldns_dnssec_rrsets_type
ldns_dnssec_rrs_free
ldns_dnssec_rrs_new
ldns_dnssec_rrs_print
ldns_dnssec_rrs_print_fmt
ldns_dnssec_trust_tree_add_parent
ldns_dnssec_trust_tree_contains_keys
ldns_dnssec_trust_tree_depth
ldns_dnssec_trust_tree_free
ldns_dnssec_trust_tree_new
ldns_dnssec_trust_tree_print
ldns_dnssec_trust_tree_print_fmt
ldns_dnssec_trust_tree_print_sm
ldns_dnssec_trust_tree_print_sm_fmt
ldns_dnssec_verify_denial
ldns_dnssec_verify_denial_nsec3
ldns_dnssec_zone_add_empty_nonterminals
ldns_dnssec_zone_add_rr
ldns_dnssec_zone_create_nsec3s
ldns_dnssec_zone_create_nsecs
ldns_dnssec_zone_create_rrsigs
ldns_dnssec_zone_create_rrsigs_flg
ldns_dnssec_zone_deep_free
ldns_dnssec_zone_find_nsec3_original
ldns_dnssec_zone_find_rrset
ldns_dnssec_zone_free
ldns_dnssec_zone_is_nsec3_optout
ldns_dnssec_zone_mark_and_get_glue
ldns_dnssec_zone_mark_glue
ldns_dnssec_zone_names_print
ldns_dnssec_zone_names_print_fmt
ldns_dnssec_zone_new
ldns_dnssec_zone_new_frm_fp
ldns_dnssec_zone_new_frm_fp_l
ldns_dnssec_zone_print
ldns_dnssec_zone_print_fmt
ldns_dnssec_zone_sign
ldns_dnssec_zone_sign_flg
ldns_dnssec_zone_sign_nsec3
ldns_dnssec_zone_sign_nsec3_flg
ldns_dnssec_zone_sign_nsec3_flg_mkmap
ldns_ecdsa2pkey_raw
ldns_edns_flags
ldns_error_str
ldns_fetch_valid_domain_keys
ldns_fetch_valid_domain_keys_time
ldns_fget_keyword_data
ldns_fget_keyword_data_l
ldns_fget_token
ldns_fget_token_l
ldns_fskipc
ldns_fskipcs
ldns_fskipcs_l
ldns_getaddrinfo
ldns_get_bit
ldns_get_bit_r
ldns_get_errorstr_by_id
ldns_get_random
ldns_get_rr_class_by_name
ldns_get_rr_list_addr_by_name
ldns_get_rr_list_hosts_frm_file
ldns_get_rr_list_hosts_frm_fp
ldns_get_rr_list_hosts_frm_fp_l
ldns_get_rr_list_name_by_addr
ldns_get_rr_type_by_name
ldns_get_signing_algorithm_by_name
ldns_gost2pkey_raw
ldns_hexdigit_to_int
ldns_hexstring_to_data
ldns_init_random
ldns_int_to_hexdigit
ldns_is_rrset
ldns_key2buffer_str
ldns_key2rr
ldns_key2str
ldns_key_algorithm
ldns_key_algo_supported
ldns_key_buf2dsa
ldns_key_buf2dsa_raw
ldns_key_buf2rsa
ldns_key_buf2rsa_raw
ldns_key_deep_free
ldns_key_dsa_key
ldns_key_evp_key
ldns_key_EVP_load_gost_id
ldns_key_EVP_unload_gost
ldns_key_expiration
ldns_key_external_key
ldns_key_flags
ldns_key_free
ldns_key_get_file_base_name
ldns_key_hmac_key
ldns_key_hmac_size
ldns_key_inception
ldns_key_keytag
ldns_key_list_free
ldns_key_list_key
ldns_key_list_key_count
ldns_key_list_new
ldns_key_list_pop_key
ldns_key_list_push_key
ldns_key_list_set_key_count
ldns_key_list_set_use
ldns_key_new
ldns_key_new_frm_algorithm
ldns_key_new_frm_engine
ldns_key_new_frm_fp
ldns_key_new_frm_fp_dsa
ldns_key_new_frm_fp_dsa_l
ldns_key_new_frm_fp_hmac
ldns_key_new_frm_fp_hmac_l
ldns_key_new_frm_fp_l
ldns_key_new_frm_fp_rsa
ldns_key_new_frm_fp_rsa_l
ldns_key_origttl
ldns_key_print
ldns_key_pubkey_owner
ldns_key_rr2ds
ldns_key_rsa_key
ldns_key_set_algorithm
ldns_key_set_dsa_key
ldns_key_set_evp_key
ldns_key_set_expiration
ldns_key_set_external_key
ldns_key_set_flags
ldns_key_set_hmac_key
ldns_key_set_hmac_size
ldns_key_set_inception
ldns_key_set_keytag
ldns_key_set_origttl
ldns_key_set_pubkey_owner
ldns_key_set_rsa_key
ldns_key_set_use
ldns_key_use
ldns_lookup_by_id
ldns_lookup_by_name
ldns_native2rdf_int16
ldns_native2rdf_int16_data
ldns_native2rdf_int32
ldns_native2rdf_int8
ldns_nsec3_add_param_rdfs
ldns_nsec3_algorithm
ldns_nsec3_bitmap
ldns_nsec3_flags
ldns_nsec3_hash_name
ldns_nsec3_hash_name_frm_nsec3
ldns_nsec3_iterations
ldns_nsec3_next_owner
ldns_nsec3_optout
ldns_nsec3_salt
ldns_nsec3_salt_data
ldns_nsec3_salt_length
ldns_nsec_bitmap_covers_type
ldns_nsec_covers_name
ldns_nsec_get_bitmap
ldns_nsec_type_check
ldns_octet
ldns_opcodes
ldns_pkt2buffer_str
ldns_pkt2buffer_str_fmt
ldns_pkt2buffer_wire
ldns_pkt2str
ldns_pkt2str_fmt
ldns_pkt2wire
ldns_pkt_aa
ldns_pkt_ad
ldns_pkt_additional
ldns_pkt_algorithm2str
ldns_pkt_all
ldns_pkt_all_noquestion
ldns_pkt_ancount
ldns_pkt_answer
ldns_pkt_answerfrom
ldns_pkt_arcount
ldns_pkt_authority
ldns_pkt_cd
ldns_pkt_cert_algorithm2str
ldns_pkt_clone
ldns_pkt_edns
ldns_pkt_edns_data
ldns_pkt_edns_do
ldns_pkt_edns_extended_rcode
ldns_pkt_edns_udp_size
ldns_pkt_edns_version
ldns_pkt_edns_z
ldns_pkt_empty
ldns_pkt_free
ldns_pkt_get_opcode
ldns_pkt_get_rcode
ldns_pkt_get_section_clone
ldns_pktheader2buffer_str
ldns_pkt_id
ldns_pkt_new
ldns_pkt_nscount
ldns_pkt_opcode2buffer_str
ldns_pkt_opcode2str
ldns_pkt_print
ldns_pkt_print_fmt
ldns_pkt_push_rr
ldns_pkt_push_rr_list
ldns_pkt_qdcount
ldns_pkt_qr
ldns_pkt_query_new
ldns_pkt_query_new_frm_str
ldns_pkt_querytime
ldns_pkt_question
ldns_pkt_ra
ldns_pkt_rcode2buffer_str
ldns_pkt_rcode2str
ldns_pkt_rd
ldns_pkt_reply_type
ldns_pkt_rr
ldns_pkt_rr_list_by_name
ldns_pkt_rr_list_by_name_and_type
ldns_pkt_rr_list_by_type
ldns_pkt_safe_push_rr
ldns_pkt_safe_push_rr_list
ldns_pkt_section_count
ldns_pkt_set_aa
ldns_pkt_set_ad
ldns_pkt_set_additional
ldns_pkt_set_ancount
ldns_pkt_set_answer
ldns_pkt_set_answerfrom
ldns_pkt_set_arcount
ldns_pkt_set_authority
ldns_pkt_set_cd
ldns_pkt_set_edns_data
ldns_pkt_set_edns_do
ldns_pkt_set_edns_extended_rcode
ldns_pkt_set_edns_udp_size
ldns_pkt_set_edns_version
ldns_pkt_set_edns_z
ldns_pkt_set_flags
ldns_pkt_set_id
ldns_pkt_set_nscount
ldns_pkt_set_opcode
ldns_pkt_set_qdcount
ldns_pkt_set_qr
ldns_pkt_set_querytime
ldns_pkt_set_question
ldns_pkt_set_ra
ldns_pkt_set_random_id
ldns_pkt_set_rcode
ldns_pkt_set_rd
ldns_pkt_set_section_count
ldns_pkt_set_size
ldns_pkt_set_tc
ldns_pkt_set_timestamp
ldns_pkt_set_tsig
ldns_pkt_size
ldns_pkt_tc
ldns_pkt_timestamp
ldns_pkt_tsig
ldns_pkt_tsig_sign
ldns_pkt_tsig_sign_next
ldns_pkt_tsig_verify
ldns_pkt_tsig_verify_next
ldns_pkt_verify
ldns_pkt_verify_time
ldns_print_rr_rdf
ldns_rbtree_create
ldns_rbtree_delete
ldns_rbtree_find_less_equal
ldns_rbtree_first
ldns_rbtree_free
ldns_rbtree_init
ldns_rbtree_insert
ldns_rbtree_insert_vref
ldns_rbtree_join
ldns_rbtree_last
ldns_rbtree_next
ldns_rbtree_null_node
ldns_rbtree_previous
ldns_rbtree_search
ldns_rbtree_split
ldns_rcodes
ldns_rdf2buffer_str
ldns_rdf2buffer_str_a
ldns_rdf2buffer_str_aaaa
ldns_rdf2buffer_str_alg
ldns_rdf2buffer_str_apl
ldns_rdf2buffer_str_b32_ext
ldns_rdf2buffer_str_b64
ldns_rdf2buffer_str_cert_alg
ldns_rdf2buffer_str_class
ldns_rdf2buffer_str_dname
ldns_rdf2buffer_str_hex
ldns_rdf2buffer_str_int16
ldns_rdf2buffer_str_int16_data
ldns_rdf2buffer_str_int32
ldns_rdf2buffer_str_int8
ldns_rdf2buffer_str_ipseckey
ldns_rdf2buffer_str_loc
ldns_rdf2buffer_str_nsap
ldns_rdf2buffer_str_nsec
ldns_rdf2buffer_str_nsec3_salt
ldns_rdf2buffer_str_period
ldns_rdf2buffer_str_str
ldns_rdf2buffer_str_time
ldns_rdf2buffer_str_tsig
ldns_rdf2buffer_str_tsigtime
ldns_rdf2buffer_str_type
ldns_rdf2buffer_str_unknown
ldns_rdf2buffer_str_wks
ldns_rdf2buffer_wire
ldns_rdf2buffer_wire_canonical
ldns_rdf2native_int16
ldns_rdf2native_int32
ldns_rdf2native_int8
ldns_rdf2native_sockaddr_storage
ldns_rdf2native_time_t
ldns_rdf2rr_type
ldns_rdf2str
ldns_rdf2wire
ldns_rdf_address_reverse
ldns_rdf_clone
ldns_rdf_compare
ldns_rdf_data
ldns_rdf_deep_free
ldns_rdf_free
ldns_rdf_get_type
ldns_rdf_new
ldns_rdf_new_frm_data
ldns_rdf_new_frm_fp
ldns_rdf_new_frm_fp_l
ldns_rdf_new_frm_str
ldns_rdf_print
ldns_rdf_set_data
ldns_rdf_set_size
ldns_rdf_set_type
ldns_rdf_size
ldns_read_anchor_file
ldns_resolver_debug
ldns_resolver_dec_nameserver_count
ldns_resolver_deep_free
ldns_resolver_defnames
ldns_resolver_dnsrch
ldns_resolver_dnssec
ldns_resolver_dnssec_anchors
ldns_resolver_dnssec_cd
ldns_resolver_domain
ldns_resolver_edns_udp_size
ldns_resolver_fail
ldns_resolver_fallback
ldns_resolver_free
ldns_resolver_igntc
ldns_resolver_incr_nameserver_count
ldns_resolver_ip6
ldns_resolver_nameserver_count
ldns_resolver_nameserver_rtt
ldns_resolver_nameservers
ldns_resolver_nameservers_randomize
ldns_resolver_new
ldns_resolver_new_frm_file
ldns_resolver_new_frm_fp
ldns_resolver_new_frm_fp_l
ldns_resolver_pop_nameserver
ldns_resolver_port
ldns_resolver_prepare_query_pkt
ldns_resolver_print
ldns_resolver_print_fmt
ldns_resolver_push_dnssec_anchor
ldns_resolver_push_nameserver
ldns_resolver_push_nameserver_rr
ldns_resolver_push_nameserver_rr_list
ldns_resolver_push_searchlist
ldns_resolver_query
ldns_resolver_random
ldns_resolver_recursive
ldns_resolver_retrans
ldns_resolver_retry
ldns_resolver_rtt
ldns_resolver_search
ldns_resolver_searchlist
ldns_resolver_searchlist_count
ldns_resolver_send
ldns_resolver_send_pkt
ldns_resolver_set_debug
ldns_resolver_set_defnames
ldns_resolver_set_dnsrch
ldns_resolver_set_dnssec
ldns_resolver_set_dnssec_anchors
ldns_resolver_set_dnssec_cd
ldns_resolver_set_domain
ldns_resolver_set_edns_udp_size
ldns_resolver_set_fail
ldns_resolver_set_fallback
ldns_resolver_set_igntc
ldns_resolver_set_ip6
ldns_resolver_set_nameserver_count
ldns_resolver_set_nameserver_rtt
ldns_resolver_set_nameservers
ldns_resolver_set_port
ldns_resolver_set_random
ldns_resolver_set_recursive
ldns_resolver_set_retrans
ldns_resolver_set_retry
ldns_resolver_set_rtt
ldns_resolver_set_searchlist_count
ldns_resolver_set_timeout
ldns_resolver_set_tsig_algorithm
ldns_resolver_set_tsig_keydata
ldns_resolver_set_tsig_keyname
ldns_resolver_set_usevc
ldns_resolver_timeout
ldns_resolver_trusted_key
ldns_resolver_tsig_algorithm
ldns_resolver_tsig_keydata
ldns_resolver_tsig_keyname
ldns_resolver_usevc
ldns_rr2buffer_str
ldns_rr2buffer_str_fmt
ldns_rr2buffer_wire
ldns_rr2buffer_wire_canonical
ldns_rr2canonical
ldns_rr2str
ldns_rr2str_fmt
ldns_rr2wire
ldns_rr_a_address
ldns_rr_a_set_address
ldns_rr_class2buffer_str
ldns_rr_class2str
ldns_rr_classes
ldns_rr_clone
ldns_rr_compare
ldns_rr_compare_ds
ldns_rr_compare_no_rdata
ldns_rr_compare_wire
ldns_rr_descript
ldns_rr_descriptor_field_type
ldns_rr_descriptor_maximum
ldns_rr_descriptor_minimum
ldns_rr_dnskey_algorithm
ldns_rr_dnskey_flags
ldns_rr_dnskey_key
ldns_rr_dnskey_key_size
ldns_rr_dnskey_key_size_raw
ldns_rr_dnskey_protocol
ldns_rr_dnskey_set_algorithm
ldns_rr_dnskey_set_flags
ldns_rr_dnskey_set_key
ldns_rr_dnskey_set_protocol
ldns_rr_free
ldns_rr_get_class
ldns_rr_get_type
ldns_rr_label_count
ldns_rr_list2buffer_str
ldns_rr_list2buffer_str_fmt
ldns_rr_list2buffer_wire
ldns_rr_list2canonical
ldns_rr_list2str
ldns_rr_list2str_fmt
ldns_rr_list_cat
ldns_rr_list_cat_clone
ldns_rr_list_clone
ldns_rr_list_compare
ldns_rr_list_contains_rr
ldns_rr_list_deep_free
ldns_rr_list_free
ldns_rr_list_new
ldns_rr_list_owner
ldns_rr_list_pop_rr
ldns_rr_list_pop_rr_list
ldns_rr_list_pop_rrset
ldns_rr_list_print
ldns_rr_list_print_fmt
ldns_rr_list_push_rr
ldns_rr_list_push_rr_list
ldns_rr_list_rr
ldns_rr_list_rr_count
ldns_rr_list_set_rr
ldns_rr_list_set_rr_count
ldns_rr_list_sort
ldns_rr_list_sort_nsec3
ldns_rr_list_subtype_by_rdf
ldns_rr_list_type
ldns_rr_mx_exchange
ldns_rr_mx_preference
ldns_rr_new
ldns_rr_new_frm_fp
ldns_rr_new_frm_fp_l
ldns_rr_new_frm_str
ldns_rr_new_frm_type
ldns_rr_new_question_frm_str
ldns_rr_ns_nsdname
ldns_rr_owner
ldns_rr_pop_rdf
ldns_rr_print
ldns_rr_print_fmt
ldns_rr_push_rdf
ldns_rr_rdata2buffer_wire
ldns_rr_rd_count
ldns_rr_rdf
ldns_rr_rrsig_algorithm
ldns_rr_rrsig_expiration
ldns_rr_rrsig_inception
ldns_rr_rrsig_keytag
ldns_rr_rrsig_labels
ldns_rr_rrsig_origttl
ldns_rr_rrsig_set_algorithm
ldns_rr_rrsig_set_expiration
ldns_rr_rrsig_set_inception
ldns_rr_rrsig_set_keytag
ldns_rr_rrsig_set_labels
ldns_rr_rrsig_set_origttl
ldns_rr_rrsig_set_sig
ldns_rr_rrsig_set_signame
ldns_rr_rrsig_set_typecovered
ldns_rr_rrsig_sig
ldns_rr_rrsig_signame
ldns_rr_rrsig_typecovered
ldns_rr_set_class
ldns_rr_set_owner
ldns_rr_set_pop_rr
ldns_rr_set_push_rr
ldns_rr_set_rd_count
ldns_rr_set_rdf
ldns_rr_set_ttl
ldns_rr_set_type
ldns_rr_soa_increment
ldns_rr_soa_increment_func
ldns_rr_soa_increment_func_data
ldns_rr_soa_increment_func_int
ldns_rrsig2buffer_wire
ldns_rr_ttl
ldns_rr_type2buffer_str
ldns_rr_type2str
ldns_rr_uncompressed_size
ldns_send
ldns_send_buffer
ldns_serial_arithmitics_gmtime_r
ldns_set_bit
ldns_sha1
ldns_sha1_final
ldns_sha1_init
ldns_sha1_transform
ldns_sha1_update
ldns_signing_algorithms
ldns_sign_public
ldns_sign_public_buffer
ldns_sign_public_dsa
ldns_sign_public_evp
ldns_sign_public_rsamd5
ldns_sign_public_rsasha1
ldns_soa_serial_datecounter
ldns_soa_serial_identity
ldns_soa_serial_increment
ldns_soa_serial_increment_by
ldns_soa_serial_unixtime
ldns_sockaddr_storage2rdf
ldns_str2period
ldns_str2rdf_a
ldns_str2rdf_aaaa
ldns_str2rdf_alg
ldns_str2rdf_apl
ldns_str2rdf_b32_ext
ldns_str2rdf_b64
ldns_str2rdf_cert_alg
ldns_str2rdf_class
ldns_str2rdf_dname
ldns_str2rdf_hex
ldns_str2rdf_int16
ldns_str2rdf_int32
ldns_str2rdf_int8
ldns_str2rdf_loc
ldns_str2rdf_nsap
ldns_str2rdf_nsec
ldns_str2rdf_nsec3_salt
ldns_str2rdf_period
ldns_str2rdf_service
ldns_str2rdf_str
ldns_str2rdf_time
ldns_str2rdf_tsig
ldns_str2rdf_type
ldns_str2rdf_unknown
ldns_str2rdf_wks
ldns_tcp_bgsend
ldns_tcp_connect
ldns_tcp_read_wire
ldns_tcp_read_wire_timeout
ldns_tcp_send
ldns_tcp_send_query
ldns_traverse_postorder
ldns_tsig_algorithm
ldns_tsig_keydata
ldns_tsig_keydata_clone
ldns_tsig_keyname
ldns_tsig_keyname_clone
ldns_tsig_prepare_pkt_wire
ldns_udp_bgsend
ldns_udp_connect
ldns_udp_read_wire
ldns_udp_send
ldns_udp_send_query
ldns_update_ad
ldns_update_pkt_new
ldns_update_pkt_tsig_add
ldns_update_prcount
ldns_update_set_adcount
ldns_update_set_prcount
ldns_update_set_upcount
ldns_update_set_zo
ldns_update_soa_mname
ldns_update_soa_zone_mname
ldns_update_upcount
ldns_update_zocount
ldns_validate_domain_dnskey
ldns_validate_domain_dnskey_time
ldns_validate_domain_ds
ldns_validate_domain_ds_time
ldns_verify
ldns_verify_notime
ldns_verify_rrsig
ldns_verify_rrsig_buffers
ldns_verify_rrsig_buffers_raw
ldns_verify_rrsig_dsa
ldns_verify_rrsig_dsa_raw
ldns_verify_rrsig_evp
ldns_verify_rrsig_evp_raw
ldns_verify_rrsig_keylist
ldns_verify_rrsig_keylist_notime
ldns_verify_rrsig_keylist_time
ldns_verify_rrsig_rsamd5
ldns_verify_rrsig_rsamd5_raw
ldns_verify_rrsig_rsasha1
ldns_verify_rrsig_rsasha1_raw
ldns_verify_rrsig_rsasha256_raw
ldns_verify_rrsig_rsasha512_raw
ldns_verify_rrsig_time
ldns_verify_time
ldns_verify_trusted
ldns_verify_trusted_time
ldns_version
ldns_wire2dname
ldns_wire2pkt
ldns_wire2rdf
ldns_wire2rr
ldns_zone_deep_free
ldns_zone_free
ldns_zone_glue_rr_list
ldns_zone_new
ldns_zone_new_frm_fp
ldns_zone_new_frm_fp_l
ldns_zone_print
ldns_zone_print_fmt
ldns_zone_push_rr
ldns_zone_push_rr_list
ldns_zone_rr_count
ldns_zone_rrs
ldns_zone_set_rrs
ldns_zone_set_soa
ldns_zone_sign
ldns_zone_sign_nsec3
ldns_zone_soa
ldns_zone_sort
ldns_zone_strip_glue_rrs

189
libdns.doxygen
View File

@ -1,4 +1,4 @@
# Doxyfile 1.7.3
# Doxyfile 1.7.6.1
# This file describes the settings to be used by the documentation system
# doxygen (www.doxygen.org) for a project.
@ -22,8 +22,9 @@
DOXYFILE_ENCODING = UTF-8
# The PROJECT_NAME tag is a single word (or a sequence of words surrounded
# by quotes) that should identify the project.
# The PROJECT_NAME tag is a single word (or sequence of words) that should
# identify the project. Note that if you do not use Doxywizard you need
# to put quotes around the project name if it contains spaces.
PROJECT_NAME = ldns
@ -33,7 +34,9 @@ PROJECT_NAME = ldns
PROJECT_NUMBER = 1.6.7
# Using the PROJECT_BRIEF tag one can provide an optional one line description for a project that appears at the top of each page and should give viewer a quick idea about the purpose of the project. Keep the description short.
# Using the PROJECT_BRIEF tag one can provide an optional one line description
# for a project that appears at the top of each page and should give viewer
# a quick idea about the purpose of the project. Keep the description short.
PROJECT_BRIEF =
@ -192,6 +195,13 @@ TAB_SIZE = 8
ALIASES =
# This tag can be used to specify a number of word-keyword mappings (TCL only).
# A mapping has the form "name=value". For example adding
# "class=itcl::class" will allow you to use the command class in the
# itcl::class meaning.
TCL_SUBST =
# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C
# sources only. Doxygen will then generate output that is more tailored for C.
# For instance, some of the names that are used will be different. The list
@ -274,6 +284,22 @@ DISTRIBUTE_GROUP_DOC = NO
SUBGROUPING = YES
# When the INLINE_GROUPED_CLASSES tag is set to YES, classes, structs and
# unions are shown inside the group in which they are included (e.g. using
# @ingroup) instead of on a separate page (for HTML and Man pages) or
# section (for LaTeX and RTF).
INLINE_GROUPED_CLASSES = NO
# When the INLINE_SIMPLE_STRUCTS tag is set to YES, structs, classes, and
# unions with only public data fields will be shown inline in the documentation
# of the scope in which they are defined (i.e. file, namespace, or group
# documentation), provided this scope is documented. If set to NO (the default),
# structs, classes, and unions are shown on a separate page (for HTML and Man
# pages) or section (for LaTeX and RTF).
INLINE_SIMPLE_STRUCTS = NO
# When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum
# is documented as struct, union, or enum with the name of the typedef. So
# typedef struct TypeS {} TypeT, will appear in the documentation as a struct
@ -296,10 +322,21 @@ TYPEDEF_HIDES_STRUCT = NO
# a logarithmic scale so increasing the size by one will roughly double the
# memory usage. The cache size is given by this formula:
# 2^(16+SYMBOL_CACHE_SIZE). The valid range is 0..9, the default is 0,
# corresponding to a cache size of 2^16 = 65536 symbols
# corresponding to a cache size of 2^16 = 65536 symbols.
SYMBOL_CACHE_SIZE = 0
# Similar to the SYMBOL_CACHE_SIZE the size of the symbol lookup cache can be
# set using LOOKUP_CACHE_SIZE. This cache is used to resolve symbols given
# their name and scope. Since this can be an expensive process and often the
# same symbol appear multiple times in the code, doxygen keeps a cache of
# pre-resolved symbols. If the cache is too small doxygen will become slower.
# If the cache is too large, memory is wasted. The cache size is given by this
# formula: 2^(16+LOOKUP_CACHE_SIZE). The valid range is 0..9, the default is 0,
# corresponding to a cache size of 2^16 = 65536 symbols.
LOOKUP_CACHE_SIZE = 0
#---------------------------------------------------------------------------
# Build related configuration options
#---------------------------------------------------------------------------
@ -449,8 +486,11 @@ SORT_GROUP_NAMES = NO
SORT_BY_SCOPE_NAME = NO
# If the STRICT_PROTO_MATCHING option is enabled and doxygen fails to do proper type resolution of all parameters of a function it will reject a
# match between the prototype and the implementation of a member function even if there is only one candidate or it is obvious which candidate to choose by doing a simple string match. By disabling STRICT_PROTO_MATCHING doxygen
# If the STRICT_PROTO_MATCHING option is enabled and doxygen fails to
# do proper type resolution of all parameters of a function it will reject a
# match between the prototype and the implementation of a member function even
# if there is only one candidate or it is obvious which candidate to choose
# by doing a simple string match. By disabling STRICT_PROTO_MATCHING doxygen
# will still accept a match between prototype and implementation in such cases.
STRICT_PROTO_MATCHING = NO
@ -538,6 +578,16 @@ FILE_VERSION_FILTER =
LAYOUT_FILE =
# The CITE_BIB_FILES tag can be used to specify one or more bib files
# containing the references data. This must be a list of .bib files. The
# .bib extension is automatically appended if omitted. Using this command
# requires the bibtex tool to be installed. See also
# http://en.wikipedia.org/wiki/BibTeX for more info. For LaTeX the style
# of the bibliography can be controlled using LATEX_BIB_STYLE. To use this
# feature you need bibtex and perl available in the search path.
CITE_BIB_FILES =
#---------------------------------------------------------------------------
# configuration options related to warning and progress messages
#---------------------------------------------------------------------------
@ -629,13 +679,15 @@ FILE_PATTERNS =
RECURSIVE = NO
# The EXCLUDE tag can be used to specify files and/or directories that should
# The EXCLUDE tag can be used to specify files and/or directories that should be
# excluded from the INPUT source files. This way you can easily exclude a
# subdirectory from a directory tree whose root is specified with the INPUT tag.
# Note that relative paths are relative to the directory from which doxygen is
# run.
EXCLUDE =
# The EXCLUDE_SYMLINKS tag can be used select whether or not files or
# The EXCLUDE_SYMLINKS tag can be used to select whether or not files or
# directories that are symbolic links (a Unix file system feature) are excluded
# from the input.
@ -821,7 +873,14 @@ HTML_FILE_EXTENSION = .html
# The HTML_HEADER tag can be used to specify a personal HTML header for
# each generated HTML page. If it is left blank doxygen will generate a
# standard header.
# standard header. Note that when using a custom header you are responsible
# for the proper inclusion of any scripts and style sheets that doxygen
# needs, which is dependent on the configuration options used.
# It is advised to generate a default header using "doxygen -w html
# header.html footer.html stylesheet.css YourConfigFile" and then modify
# that header. Note that the header is subject to change so you typically
# have to redo this when upgrading to a newer version of doxygen or when
# changing the value of configuration settings such as GENERATE_TREEVIEW!
HTML_HEADER = doc/header.html
@ -836,12 +895,21 @@ HTML_FOOTER =
# fine-tune the look of the HTML output. If the tag is left blank doxygen
# will generate a default style sheet. Note that doxygen will try to copy
# the style sheet file to the HTML output directory, so don't put your own
# stylesheet in the HTML output directory as well, or it will be erased!
# style sheet in the HTML output directory as well, or it will be erased!
HTML_STYLESHEET =
# The HTML_EXTRA_FILES tag can be used to specify one or more extra images or
# other source files which should be copied to the HTML output directory. Note
# that these files will be copied to the base HTML output directory. Use the
# $relpath$ marker in the HTML_HEADER and/or HTML_FOOTER files to load these
# files. In the HTML_STYLESHEET file, use the file name only. Also note that
# the files will be copied as-is; there are no commands or markers available.
HTML_EXTRA_FILES =
# The HTML_COLORSTYLE_HUE tag controls the color of the HTML output.
# Doxygen will adjust the colors in the stylesheet and background images
# Doxygen will adjust the colors in the style sheet and background images
# according to this color. Hue is specified as an angle on a colorwheel,
# see http://en.wikipedia.org/wiki/Hue for more information.
# For instance the value 0 represents red, 60 is yellow, 120 is green,
@ -871,12 +939,6 @@ HTML_COLORSTYLE_GAMMA = 80
HTML_TIMESTAMP = YES
# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes,
# files or namespaces will be aligned in HTML using tables. If set to
# NO a bullet list will be used.
HTML_ALIGN_MEMBERS = YES
# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML
# documentation will contain sections that can be hidden and shown after the
# page has loaded. For this to work a browser that supports
@ -1036,18 +1098,14 @@ GENERATE_ECLIPSEHELP = NO
ECLIPSE_DOC_ID = org.doxygen.Project
# The DISABLE_INDEX tag can be used to turn on/off the condensed index at
# top of each HTML page. The value NO (the default) enables the index and
# the value YES disables it.
# The DISABLE_INDEX tag can be used to turn on/off the condensed index (tabs)
# at top of each HTML page. The value NO (the default) enables the index and
# the value YES disables it. Since the tabs have the same information as the
# navigation tree you can set this option to NO if you already set
# GENERATE_TREEVIEW to YES.
DISABLE_INDEX = NO
# This tag can be used to set the number of enum values (range [0,1..20])
# that doxygen will group on one line in the generated HTML documentation.
# Note that a value of 0 will completely suppress the enum values from appearing in the overview section.
ENUM_VALUES_PER_LINE = 4
# The GENERATE_TREEVIEW tag is used to specify whether a tree-like index
# structure should be generated to display hierarchical information.
# If the tag value is set to YES, a side panel will be generated
@ -1055,13 +1113,17 @@ ENUM_VALUES_PER_LINE = 4
# is generated for HTML Help). For this to work a browser that supports
# JavaScript, DHTML, CSS and frames is required (i.e. any modern browser).
# Windows users are probably better off using the HTML help feature.
# Since the tree basically has the same information as the tab index you
# could consider to set DISABLE_INDEX to NO when enabling this option.
GENERATE_TREEVIEW = NO
# By enabling USE_INLINE_TREES, doxygen will generate the Groups, Directories,
# and Class Hierarchy pages using a tree view instead of an ordered list.
# The ENUM_VALUES_PER_LINE tag can be used to set the number of enum values
# (range [0,1..20]) that doxygen will group on one line in the generated HTML
# documentation. Note that a value of 0 will completely suppress the enum
# values from appearing in the overview section.
USE_INLINE_TREES = NO
ENUM_VALUES_PER_LINE = 4
# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be
# used to set the initial width (in pixels) of the frame in which the tree
@ -1103,12 +1165,18 @@ USE_MATHJAX = NO
# HTML output directory using the MATHJAX_RELPATH option. The destination
# directory should contain the MathJax.js script. For instance, if the mathjax
# directory is located at the same level as the HTML output directory, then
# MATHJAX_RELPATH should be ../mathjax. The default value points to the mathjax.org site, so you can quickly see the result without installing
# MATHJAX_RELPATH should be ../mathjax. The default value points to the
# mathjax.org site, so you can quickly see the result without installing
# MathJax, but it is strongly recommended to install a local copy of MathJax
# before deployment.
MATHJAX_RELPATH = http://www.mathjax.org/mathjax
# The MATHJAX_EXTENSIONS tag can be used to specify one or MathJax extension
# names that should be enabled during MathJax rendering.
MATHJAX_EXTENSIONS =
# When the SEARCHENGINE tag is enabled doxygen will generate a search box
# for the HTML output. The underlying search engine uses javascript
# and DHTML and should work on any modern browser. Note that when using
@ -1182,6 +1250,13 @@ EXTRA_PACKAGES =
LATEX_HEADER =
# The LATEX_FOOTER tag can be used to specify a personal LaTeX footer for
# the generated latex document. The footer should contain everything after
# the last chapter. If it is left blank doxygen will generate a
# standard footer. Notice: only use this tag if you know what you are doing!
LATEX_FOOTER =
# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated
# is prepared for conversion to pdf (using ps2pdf). The pdf file will
# contain links (just like the HTML output) instead of page references
@ -1215,6 +1290,12 @@ LATEX_HIDE_INDICES = NO
LATEX_SOURCE_CODE = NO
# The LATEX_BIB_STYLE tag can be used to specify the style to use for the
# bibliography, e.g. plainnat, or ieeetr. The default style is "plain". See
# http://en.wikipedia.org/wiki/BibTeX for more info.
LATEX_BIB_STYLE = plain
#---------------------------------------------------------------------------
# configuration options related to the RTF output
#---------------------------------------------------------------------------
@ -1246,7 +1327,7 @@ COMPACT_RTF = NO
RTF_HYPERLINKS = NO
# Load stylesheet definitions from file. Syntax is similar to doxygen's
# Load style sheet definitions from file. Syntax is similar to doxygen's
# config file, i.e. a series of assignments. You only have to provide
# replacements, missing definitions are set to their default value.
@ -1391,7 +1472,7 @@ MACRO_EXPANSION = YES
EXPAND_ONLY_PREDEF = NO
# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files
# in the INCLUDE_PATH (see below) will be search if a #include is found.
# pointed to by INCLUDE_PATH will be searched when a #include is found.
SEARCH_INCLUDES = YES
@ -1399,7 +1480,7 @@ SEARCH_INCLUDES = YES
# contain include files that are not input files but should be processed by
# the preprocessor.
INCLUDE_PATH =
INCLUDE_PATH = .
# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard
# patterns (like *.h and *.hpp) to filter out the header-files in the
@ -1421,7 +1502,8 @@ PREDEFINED = HAVE_SSL
# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then
# this tag can be used to specify a list of macro names that should be expanded.
# The macro definition that is found in the sources will be used.
# Use the PREDEFINED tag if you want to use a different macro definition that overrules the definition found in the source code.
# Use the PREDEFINED tag if you want to use a different macro definition that
# overrules the definition found in the source code.
EXPAND_AS_DEFINED =
@ -1519,13 +1601,12 @@ HAVE_DOT = NO
DOT_NUM_THREADS = 0
# By default doxygen will write a font called Helvetica to the output
# directory and reference it in all dot files that doxygen generates.
# When you want a differently looking font you can specify the font name
# using DOT_FONTNAME. You need to make sure dot is able to find the font,
# which can be done by putting it in a standard location or by setting the
# DOTFONTPATH environment variable or by setting DOT_FONTPATH to the directory
# containing the font.
# By default doxygen will use the Helvetica font for all dot files that
# doxygen generates. When you want a differently looking font you can specify
# the font name using DOT_FONTNAME. You need to make sure dot is able to find
# the font, which can be done by putting it in a standard location or by setting
# the DOTFONTPATH environment variable or by setting DOT_FONTPATH to the
# directory containing the font.
DOT_FONTNAME = Helvetica
@ -1534,17 +1615,16 @@ DOT_FONTNAME = Helvetica
DOT_FONTSIZE = 10
# By default doxygen will tell dot to use the output directory to look for the
# FreeSans.ttf font (which doxygen will put there itself). If you specify a
# different font using DOT_FONTNAME you can set the path where dot
# can find it using this tag.
# By default doxygen will tell dot to use the Helvetica font.
# If you specify a different font using DOT_FONTNAME you can use DOT_FONTPATH to
# set the path where dot can find it.
DOT_FONTPATH =
# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen
# will generate a graph for each documented class showing the direct and
# indirect inheritance relations. Setting this tag to YES will force the
# the CLASS_DIAGRAMS tag to NO.
# CLASS_DIAGRAMS tag to NO.
CLASS_GRAPH = YES
@ -1614,11 +1694,22 @@ GRAPHICAL_HIERARCHY = YES
DIRECTORY_GRAPH = YES
# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images
# generated by dot. Possible values are png, svg, gif or svg.
# If left blank png will be used.
# generated by dot. Possible values are svg, png, jpg, or gif.
# If left blank png will be used. If you choose svg you need to set
# HTML_FILE_EXTENSION to xhtml in order to make the SVG files
# visible in IE 9+ (other browsers do not have this requirement).
DOT_IMAGE_FORMAT = png
# If DOT_IMAGE_FORMAT is set to svg, then this option can be set to YES to
# enable generation of interactive SVG images that allow zooming and panning.
# Note that this requires a modern browser other than Internet Explorer.
# Tested and working are Firefox, Chrome, Safari, and Opera. For IE 9+ you
# need to set HTML_FILE_EXTENSION to xhtml in order to make the SVG files
# visible. Older versions of IE do not have SVG support.
INTERACTIVE_SVG = NO
# The tag DOT_PATH can be used to specify the path where the dot tool can be
# found. If left blank, it is assumed the dot tool can be found in the path.

17
net.c
View File

@ -110,12 +110,14 @@ ldns_send_buffer(ldns_pkt **result, ldns_resolver *r, ldns_buffer *qb, ldns_rdf
if ((ns->ss_family == AF_INET) &&
(ldns_resolver_ip6(r) == LDNS_RESOLV_INET6)) {
/* not reachable */
LDNS_FREE(ns);
continue;
}
if ((ns->ss_family == AF_INET6) &&
(ldns_resolver_ip6(r) == LDNS_RESOLV_INET)) {
/* not reachable */
LDNS_FREE(ns);
continue;
}
#endif
@ -182,7 +184,8 @@ ldns_send_buffer(ldns_pkt **result, ldns_resolver *r, ldns_buffer *qb, ldns_rdf
ldns_pkt_set_querytime(reply, (uint32_t)
((tv_e.tv_sec - tv_s.tv_sec) * 1000) +
(tv_e.tv_usec - tv_s.tv_usec) / 1000);
ldns_pkt_set_answerfrom(reply, ns_array[i]);
ldns_pkt_set_answerfrom(reply,
ldns_rdf_clone(ns_array[i]));
ldns_pkt_set_timestamp(reply, tv_s);
ldns_pkt_set_size(reply, reply_size);
break;
@ -203,7 +206,7 @@ ldns_send_buffer(ldns_pkt **result, ldns_resolver *r, ldns_buffer *qb, ldns_rdf
return LDNS_STATUS_RES_NO_NS;
}
#ifdef HAVE_SSL
if (tsig_mac && reply_bytes) {
if (tsig_mac && reply && reply_bytes) {
if (!ldns_pkt_tsig_verify(reply,
reply_bytes,
reply_size,
@ -470,7 +473,7 @@ ldns_tcp_send_query(ldns_buffer *qbin, int sockfd,
sendbuf = LDNS_XMALLOC(uint8_t, ldns_buffer_position(qbin) + 2);
if(!sendbuf) return 0;
ldns_write_uint16(sendbuf, ldns_buffer_position(qbin));
memcpy(sendbuf + 2, ldns_buffer_export(qbin), ldns_buffer_position(qbin));
memcpy(sendbuf + 2, ldns_buffer_begin(qbin), ldns_buffer_position(qbin));
bytes = sendto(sockfd, (void*)sendbuf,
ldns_buffer_position(qbin) + 2, 0, (struct sockaddr *)to, tolen);
@ -669,7 +672,7 @@ ldns_tcp_send(uint8_t **result, ldns_buffer *qbin, const struct sockaddr_storag
}
/* resize accordingly */
*result = (uint8_t*)LDNS_XREALLOC(answer, uint8_t *, (size_t)*answer_size);
*result = LDNS_XREALLOC(answer, uint8_t, (size_t)*answer_size);
if(!*result) {
LDNS_FREE(answer);
return LDNS_STATUS_MEM_ERR;
@ -807,6 +810,9 @@ ldns_axfr_start(ldns_resolver *resolver, ldns_rdf *domain, ldns_rr_class class)
ns_i < ldns_resolver_nameserver_count(resolver) &&
resolver->_socket == 0;
ns_i++) {
if (ns != NULL) {
LDNS_FREE(ns);
}
ns = ldns_rdf2native_sockaddr_storage(
resolver->_nameservers[ns_i],
ldns_resolver_port(resolver), &ns_len);
@ -837,6 +843,9 @@ ldns_axfr_start(ldns_resolver *resolver, ldns_rdf *domain, ldns_rr_class class)
#endif
resolver->_socket = 0;
ldns_pkt_free(query);
LDNS_FREE(ns);
return LDNS_STATUS_CRYPTO_TSIG_ERR;
}
}

136
packet.c
View File

@ -255,7 +255,6 @@ ldns_pkt_rr_list_by_name(ldns_pkt *packet,
ldns_pkt_section sec)
{
ldns_rr_list *rrs;
ldns_rr_list *new;
ldns_rr_list *ret;
uint16_t i;
@ -264,7 +263,6 @@ ldns_pkt_rr_list_by_name(ldns_pkt *packet,
}
rrs = ldns_pkt_get_section_clone(packet, sec);
new = ldns_rr_list_new();
ret = NULL;
for(i = 0; i < ldns_rr_list_rr_count(rrs); i++) {
@ -272,8 +270,10 @@ ldns_pkt_rr_list_by_name(ldns_pkt *packet,
ldns_rr_list_rr(rrs, i)),
ownername) == 0) {
/* owner names match */
ldns_rr_list_push_rr(new, ldns_rr_list_rr(rrs, i));
ret = new;
if (ret == NULL) {
ret = ldns_rr_list_new();
}
ldns_rr_list_push_rr(ret, ldns_rr_list_rr(rrs, i));
}
}
return ret;
@ -649,19 +649,27 @@ ldns_pkt_push_rr(ldns_pkt *packet, ldns_pkt_section section, ldns_rr *rr)
{
switch(section) {
case LDNS_SECTION_QUESTION:
ldns_rr_list_push_rr(ldns_pkt_question(packet), rr);
if (!ldns_rr_list_push_rr(ldns_pkt_question(packet), rr)) {
return false;
}
ldns_pkt_set_qdcount(packet, ldns_pkt_qdcount(packet) + 1);
break;
case LDNS_SECTION_ANSWER:
ldns_rr_list_push_rr(ldns_pkt_answer(packet), rr);
if (!ldns_rr_list_push_rr(ldns_pkt_answer(packet), rr)) {
return false;
}
ldns_pkt_set_ancount(packet, ldns_pkt_ancount(packet) + 1);
break;
case LDNS_SECTION_AUTHORITY:
ldns_rr_list_push_rr(ldns_pkt_authority(packet), rr);
if (!ldns_rr_list_push_rr(ldns_pkt_authority(packet), rr)) {
return false;
}
ldns_pkt_set_nscount(packet, ldns_pkt_nscount(packet) + 1);
break;
case LDNS_SECTION_ADDITIONAL:
ldns_rr_list_push_rr(ldns_pkt_additional(packet), rr);
if (!ldns_rr_list_push_rr(ldns_pkt_additional(packet), rr)) {
return false;
}
ldns_pkt_set_arcount(packet, ldns_pkt_arcount(packet) + 1);
break;
case LDNS_SECTION_ANY:
@ -783,6 +791,7 @@ ldns_pkt_free(ldns_pkt *packet)
ldns_rr_list_deep_free(packet->_additional);
ldns_rr_free(packet->_tsig_rr);
ldns_rdf_deep_free(packet->_edns_data);
ldns_rdf_deep_free(packet->_answerfrom);
LDNS_FREE(packet);
}
}
@ -817,6 +826,86 @@ ldns_pkt_set_flags(ldns_pkt *packet, uint16_t flags)
return true;
}
static ldns_status
ldns_pkt_add_authsoa(ldns_pkt* packet, ldns_rdf* rr_name, ldns_rr_class rr_class)
{
ldns_rr* soa_rr = ldns_rr_new();
ldns_rdf *owner_rdf;
ldns_rdf *mname_rdf;
ldns_rdf *rname_rdf;
ldns_rdf *serial_rdf;
ldns_rdf *refresh_rdf;
ldns_rdf *retry_rdf;
ldns_rdf *expire_rdf;
ldns_rdf *minimum_rdf;
if (!soa_rr) {
return LDNS_STATUS_MEM_ERR;
}
owner_rdf = ldns_rdf_clone(rr_name);
if (!owner_rdf) {
ldns_rr_free(soa_rr);
return LDNS_STATUS_MEM_ERR;
}
ldns_rr_set_owner(soa_rr, owner_rdf);
ldns_rr_set_type(soa_rr, LDNS_RR_TYPE_SOA);
ldns_rr_set_class(soa_rr, rr_class);
ldns_rr_set_question(soa_rr, false);
if (ldns_str2rdf_dname(&mname_rdf, ".") != LDNS_STATUS_OK) {
ldns_rr_free(soa_rr);
return LDNS_STATUS_MEM_ERR;
} else {
ldns_rr_push_rdf(soa_rr, mname_rdf);
}
if (ldns_str2rdf_dname(&rname_rdf, ".") != LDNS_STATUS_OK) {
ldns_rr_free(soa_rr);
return LDNS_STATUS_MEM_ERR;
} else {
ldns_rr_push_rdf(soa_rr, rname_rdf);
}
serial_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0);
if (!serial_rdf) {
ldns_rr_free(soa_rr);
return LDNS_STATUS_MEM_ERR;
} else {
ldns_rr_push_rdf(soa_rr, serial_rdf);
}
refresh_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0);
if (!refresh_rdf) {
ldns_rr_free(soa_rr);
return LDNS_STATUS_MEM_ERR;
} else {
ldns_rr_push_rdf(soa_rr, refresh_rdf);
}
retry_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0);
if (!retry_rdf) {
ldns_rr_free(soa_rr);
return LDNS_STATUS_MEM_ERR;
} else {
ldns_rr_push_rdf(soa_rr, retry_rdf);
}
expire_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0);
if (!expire_rdf) {
ldns_rr_free(soa_rr);
return LDNS_STATUS_MEM_ERR;
} else {
ldns_rr_push_rdf(soa_rr, expire_rdf);
}
minimum_rdf = ldns_native2rdf_int32(LDNS_RDF_TYPE_INT32, 0);
if (!minimum_rdf) {
ldns_rr_free(soa_rr);
return LDNS_STATUS_MEM_ERR;
} else {
ldns_rr_push_rdf(soa_rr, minimum_rdf);
}
ldns_pkt_push_rr(packet, LDNS_SECTION_AUTHORITY, soa_rr);
return LDNS_STATUS_OK;
}
ldns_status
ldns_pkt_query_new_frm_str(ldns_pkt **p, const char *name, ldns_rr_type rr_type,
ldns_rr_class rr_class, uint16_t flags)
@ -851,21 +940,29 @@ ldns_pkt_query_new_frm_str(ldns_pkt **p, const char *name, ldns_rr_type rr_type,
ldns_rr_set_type(question_rr, rr_type);
ldns_rr_set_class(question_rr, rr_class);
ldns_rr_set_question(question_rr, true);
ldns_pkt_push_rr(packet, LDNS_SECTION_QUESTION, question_rr);
} else {
ldns_rr_free(question_rr);
ldns_pkt_free(packet);
return LDNS_STATUS_ERR;
}
/** IXFR? */
if (rr_type == LDNS_RR_TYPE_IXFR) {
if (ldns_pkt_add_authsoa(packet, name_rdf, rr_class) != LDNS_STATUS_OK) {
ldns_pkt_free(packet);
return LDNS_STATUS_ERR;
}
}
packet->_tsig_rr = NULL;
ldns_pkt_set_answerfrom(packet, NULL);
if (p) {
*p = packet;
return LDNS_STATUS_OK;
} else {
ldns_pkt_free(packet);
return LDNS_STATUS_NULL;
}
}
@ -888,6 +985,7 @@ ldns_pkt_query_new(ldns_rdf *rr_name, ldns_rr_type rr_type, ldns_rr_class rr_cla
question_rr = ldns_rr_new();
if (!question_rr) {
ldns_pkt_free(packet);
return NULL;
}
@ -902,11 +1000,17 @@ ldns_pkt_query_new(ldns_rdf *rr_name, ldns_rr_type rr_type, ldns_rr_class rr_cla
ldns_rr_set_type(question_rr, rr_type);
ldns_rr_set_class(question_rr, rr_class);
ldns_rr_set_question(question_rr, true);
packet->_tsig_rr = NULL;
ldns_pkt_push_rr(packet, LDNS_SECTION_QUESTION, question_rr);
/** IXFR? */
if (rr_type == LDNS_RR_TYPE_IXFR) {
if (ldns_pkt_add_authsoa(packet, rr_name, rr_class) != LDNS_STATUS_OK) {
ldns_pkt_free(packet);
return NULL;
}
}
packet->_tsig_rr = NULL;
return packet;
}
@ -980,7 +1084,9 @@ ldns_pkt_clone(ldns_pkt *pkt)
ldns_pkt_set_ancount(new_pkt, ldns_pkt_ancount(pkt));
ldns_pkt_set_nscount(new_pkt, ldns_pkt_nscount(pkt));
ldns_pkt_set_arcount(new_pkt, ldns_pkt_arcount(pkt));
ldns_pkt_set_answerfrom(new_pkt, ldns_pkt_answerfrom(pkt));
if (ldns_pkt_answerfrom(pkt))
ldns_pkt_set_answerfrom(new_pkt,
ldns_rdf_clone(ldns_pkt_answerfrom(pkt)));
ldns_pkt_set_querytime(new_pkt, ldns_pkt_querytime(pkt));
ldns_pkt_set_size(new_pkt, ldns_pkt_size(pkt));
ldns_pkt_set_tsig(new_pkt, ldns_rr_clone(ldns_pkt_tsig(pkt)));

4
parse.c
View File

@ -161,7 +161,7 @@ ldns_fget_token_l(FILE *f, char *token, const char *delim, size_t limit, int *li
return (ssize_t)i;
tokenread:
ldns_fskipcs_l(f, delim, line_nr);
ldns_fskipcs_l(f, del, line_nr);
*t = '\0';
if (p != 0) {
return -1;
@ -331,7 +331,7 @@ ldns_bget_token(ldns_buffer *b, char *token, const char *delim, size_t limit)
return (ssize_t)i;
tokenread:
ldns_bskipcs(b, delim);
ldns_bskipcs(b, del);
*t = '\0';
if (p != 0) {

59
resolver.c
View File

@ -253,13 +253,20 @@ ldns_resolver_pop_nameserver(ldns_resolver *r)
pop = nameservers[ns_count - 1];
nameservers = LDNS_XREALLOC(nameservers, ldns_rdf *, (ns_count - 1));
rtt = LDNS_XREALLOC(rtt, size_t, (ns_count - 1));
if (ns_count == 1) {
LDNS_FREE(nameservers);
LDNS_FREE(rtt);
ldns_resolver_set_nameservers(r, NULL);
ldns_resolver_set_rtt(r, NULL);
} else {
nameservers = LDNS_XREALLOC(nameservers, ldns_rdf *,
(ns_count - 1));
rtt = LDNS_XREALLOC(rtt, size_t, (ns_count - 1));
if(nameservers)
ldns_resolver_set_nameservers(r, nameservers);
if(rtt)
ldns_resolver_set_rtt(r, rtt);
}
/* decr the count */
ldns_resolver_dec_nameserver_count(r);
return pop;
@ -385,7 +392,9 @@ ldns_resolver_push_dnssec_anchor(ldns_resolver *r, ldns_rr *rr)
{
ldns_rr_list * trust_anchors;
if ((!rr) || (ldns_rr_get_type(rr) != LDNS_RR_TYPE_DNSKEY)) {
if ((!rr) || (ldns_rr_get_type(rr) != LDNS_RR_TYPE_DNSKEY &&
ldns_rr_get_type(rr) != LDNS_RR_TYPE_DS)) {
return LDNS_STATUS_ERR;
}
@ -800,8 +809,7 @@ ldns_resolver_new_frm_fp_l(ldns_resolver **res, FILE *fp, int *line_nr)
gtr -= bgtr;
if(word[0] == '#') {
expect = LDNS_RESOLV_KEYWORD;
ldns_buffer_free(b);
continue;
break;
}
tmp = ldns_rdf_new_frm_str(LDNS_RDF_TYPE_DNAME, word);
if (!tmp) {
@ -817,8 +825,10 @@ ldns_resolver_new_frm_fp_l(ldns_resolver **res, FILE *fp, int *line_nr)
(size_t) gtr + 1);
}
ldns_buffer_free(b);
gtr = 1;
expect = LDNS_RESOLV_KEYWORD;
if (expect != LDNS_RESOLV_KEYWORD) {
gtr = 1;
expect = LDNS_RESOLV_KEYWORD;
}
break;
case LDNS_RESOLV_SORTLIST:
gtr = ldns_fget_token_l(fp, word, LDNS_PARSE_SKIP_SPACE, 0, line_nr);
@ -885,6 +895,7 @@ ldns_resolver_new_frm_file(ldns_resolver **res, const char *filename)
*res = r;
return LDNS_STATUS_OK;
} else {
ldns_resolver_free(r);
return LDNS_STATUS_NULL;
}
}
@ -947,15 +958,12 @@ ldns_resolver_search(const ldns_resolver *r,const ldns_rdf *name,
ldns_rr_type t, ldns_rr_class c, uint16_t flags)
{
char *str_dname;
ldns_rdf *new_name;
ldns_rdf **search_list;
size_t i;
ldns_pkt *p;
str_dname = ldns_rdf2str(name);
if (ldns_dname_str_absolute(str_dname)) {
if (ldns_dname_absolute(name)) {
/* query as-is */
return ldns_resolver_query(r, name, t, c, flags);
} else if (ldns_resolver_dnsrch(r)) {
@ -1017,9 +1025,6 @@ ldns_resolver_query(const ldns_resolver *r, const ldns_rdf *name,
newname = ldns_dname_cat_clone((const ldns_rdf*)name, ldns_resolver_domain(r));
if (!newname) {
if (pkt) {
ldns_pkt_free(pkt);
}
return NULL;
}
@ -1212,9 +1217,11 @@ ldns_resolver_send(ldns_pkt **answer, ldns_resolver *r, const ldns_rdf *name,
ldns_resolver_tsig_keydata(r),
300, ldns_resolver_tsig_algorithm(r), NULL);
if (status != LDNS_STATUS_OK) {
ldns_pkt_free(query_pkt);
return LDNS_STATUS_CRYPTO_TSIG_ERR;
}
#else
ldns_pkt_free(query_pkt);
return LDNS_STATUS_CRYPTO_TSIG_ERR;
#endif /* HAVE_SSL */
}
@ -1294,7 +1301,14 @@ ldns_axfr_next(ldns_resolver *resolver)
return NULL;
} else if (ldns_pkt_get_rcode(resolver->_cur_axfr_pkt) != 0) {
rcode = ldns_lookup_by_id(ldns_rcodes, (int) ldns_pkt_get_rcode(resolver->_cur_axfr_pkt));
fprintf(stderr, "Error in AXFR: %s\n", rcode->name);
if (rcode) {
fprintf(stderr, "Error in AXFR: %s\n",
rcode->name);
} else {
fprintf(stderr, "Error in AXFR: %d\n",
(int) ldns_pkt_get_rcode(
resolver->_cur_axfr_pkt));
}
/* RoRi: we must now also close the socket, otherwise subsequent uses of the
same resolver structure will fail because the link is still open or
@ -1333,17 +1347,22 @@ void
ldns_resolver_nameservers_randomize(ldns_resolver *r)
{
uint16_t i, j;
ldns_rdf **ns, *tmp;
ldns_rdf **ns, *tmpns;
size_t *rtt, tmprtt;
/* should I check for ldns_resolver_random?? */
assert(r != NULL);
ns = ldns_resolver_nameservers(r);
rtt = ldns_resolver_rtt(r);
for (i = 0; i < ldns_resolver_nameserver_count(r); i++) {
j = ldns_get_random() % ldns_resolver_nameserver_count(r);
tmp = ns[i];
tmpns = ns[i];
ns[i] = ns[j];
ns[j] = tmp;
ns[j] = tmpns;
tmprtt = rtt[i];
rtt[i] = rtt[j];
rtt[j] = tmprtt;
}
ldns_resolver_set_nameservers(r, ns);
}

32
rr.c
View File

@ -119,7 +119,7 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
char *type = NULL;
char *rdata = NULL;
char *rd = NULL;
char *b64 = NULL;
char * b64 = NULL;
size_t rd_strlen;
const char *delimiters;
ssize_t c;
@ -477,6 +477,7 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
ldns_buffer_free(rr_buf);
LDNS_FREE(rdata);
ldns_rr_free(new);
LDNS_FREE(hex_data);
return s;
}
LDNS_FREE(hex_data);
@ -600,6 +601,9 @@ ldns_rr_new_frm_str_internal(ldns_rr **newrr, const char *str,
if (newrr) {
*newrr = new;
} else {
/* Maybe the caller just wanted to see if it would parse? */
ldns_rr_free(new);
}
return LDNS_STATUS_OK;
@ -724,8 +728,13 @@ ldns_rr_new_frm_fp_l(ldns_rr **newrr, FILE *fp, uint32_t *default_ttl, ldns_rdf
}
}
LDNS_FREE(line);
if (newrr && s == LDNS_STATUS_OK) {
*newrr = rr;
if (s == LDNS_STATUS_OK) {
if (newrr) {
*newrr = rr;
} else {
/* Just testing if it would parse? */
ldns_rr_free(rr);
}
}
return s;
}
@ -1156,7 +1165,8 @@ ldns_rr_list_pop_rr_list(ldns_rr_list *rr_list, size_t howmany)
i--;
}
if (i == howmany) {
if (i == howmany) { /* so i <= 0 */
ldns_rr_list_free(popped);
return NULL;
} else {
return popped;
@ -1480,6 +1490,7 @@ ldns_rr_list_sort(ldns_rr_list *unsorted)
LDNS_FREE(sortables[i]);
}
/* no way to return error */
LDNS_FREE(sortables);
return;
}
sortables[i]->original_object = ldns_rr_list_rr(unsorted, i);
@ -1941,6 +1952,12 @@ static const ldns_rdf_type type_tsig_wireformat[] = {
LDNS_RDF_TYPE_INT16,
LDNS_RDF_TYPE_INT16_DATA
};
static const ldns_rdf_type type_tlsa_wireformat[] = {
LDNS_RDF_TYPE_INT8,
LDNS_RDF_TYPE_INT8,
LDNS_RDF_TYPE_INT8,
LDNS_RDF_TYPE_HEX
};
/** \endcond */
/** \cond */
@ -2048,13 +2065,14 @@ static ldns_rr_descriptor rdata_field_descriptors[] = {
/* 48 */
{LDNS_RR_TYPE_DNSKEY, "DNSKEY", 4, 4, type_dnskey_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
/* 49 */
{LDNS_RR_TYPE_DHCID, "DHCID", 1, 1, type_dhcid_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
{LDNS_RR_TYPE_DHCID, "DHCID", 1, 1, type_dhcid_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
/* 50 */
{LDNS_RR_TYPE_NSEC3, "NSEC3", 5, 6, type_nsec3_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
/* 51 */
{LDNS_RR_TYPE_NSEC3PARAM, "NSEC3PARAM", 4, 4, type_nsec3param_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
{LDNS_RR_TYPE_NSEC3PARAM, "NSEC3PARAM", 4, 4, type_nsec3param_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
/* 52 */
{LDNS_RR_TYPE_NULL, "TYPE52", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
{LDNS_RR_TYPE_TLSA, "TLSA", 4, 4, type_tlsa_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
{LDNS_RR_TYPE_NULL, "TYPE53", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
{LDNS_RR_TYPE_NULL, "TYPE54", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },
{LDNS_RR_TYPE_NULL, "TYPE55", 1, 1, type_0_wireformat, LDNS_RDF_TYPE_NONE, LDNS_RR_NO_COMPRESS, 0 },

5
str2host.c
View File

@ -96,7 +96,7 @@ ldns_str2rdf_time(ldns_rdf **rd, const char *time)
goto bad_format;
}
l = htonl(mktime_from_utc(&tm));
l = htonl(ldns_mktime_from_utc(&tm));
memcpy(r, &l, sizeof(uint32_t));
*rd = ldns_rdf_new_frm_data(
LDNS_RDF_TYPE_TIME, sizeof(uint32_t), r);
@ -534,6 +534,7 @@ ldns_str2rdf_apl(ldns_rdf **rd, const char *str)
data = LDNS_XMALLOC(uint8_t, 4 + afdlength);
if(!data) {
LDNS_FREE(afdpart);
LDNS_FREE(my_ip_str);
return LDNS_STATUS_INVALID_STR;
}
@ -1104,8 +1105,6 @@ ldns_str2rdf_wks(ldns_rdf **rd, const char *str)
data[0] = (uint8_t) proto->p_proto;
} else if (proto_str) {
data[0] = (uint8_t) atoi(proto_str);
} else {
data[0] = 0;
}
memcpy(data + 1, bitmap, (size_t) bm_len);

12
tsig.c
View File

@ -179,10 +179,12 @@ ldns_tsig_mac_new(ldns_rdf **tsig_mac, uint8_t *pkt_wire, size_t pkt_wire_size,
return LDNS_STATUS_NULL;
}
canonical_key_name_rdf = ldns_rdf_clone(key_name_rdf);
if (canonical_key_name_rdf == NULL) {
return LDNS_STATUS_MEM_ERR;
}
canonical_algorithm_rdf = ldns_rdf_clone(algorithm_rdf);
if (canonical_key_name_rdf == NULL
|| canonical_algorithm_rdf == NULL) {
if (canonical_algorithm_rdf == NULL) {
ldns_rdf_deep_free(canonical_key_name_rdf);
return LDNS_STATUS_MEM_ERR;
}
/*
@ -266,8 +268,8 @@ ldns_tsig_mac_new(ldns_rdf **tsig_mac, uint8_t *pkt_wire, size_t pkt_wire_size,
LDNS_FREE(key_bytes);
LDNS_FREE(algorithm_name);
ldns_buffer_free(data_buffer);
ldns_rdf_free(canonical_algorithm_rdf);
ldns_rdf_free(canonical_key_name_rdf);
ldns_rdf_deep_free(canonical_algorithm_rdf);
ldns_rdf_deep_free(canonical_key_name_rdf);
return status;
}
#endif /* HAVE_SSL */

9
util.c
View File

@ -227,7 +227,7 @@ leap_days(int y1, int y2)
* Code adapted from Python 2.4.1 sources (Lib/calendar.py).
*/
time_t
mktime_from_utc(const struct tm *tm)
ldns_mktime_from_utc(const struct tm *tm)
{
int year = 1900 + tm->tm_year;
time_t days = 365 * ((time_t) year - 1970) + leap_days(1970, year);
@ -251,6 +251,12 @@ mktime_from_utc(const struct tm *tm)
return seconds;
}
time_t
mktime_from_utc(const struct tm *tm)
{
return ldns_mktime_from_utc(tm);
}
#if SIZEOF_TIME_T <= 4
static void
@ -398,6 +404,7 @@ ldns_init_random(FILE *fd, unsigned int size)
if (read < size) {
LDNS_FREE(seed);
if (!fd) fclose(rand_f);
return 1;
} else {
#ifdef HAVE_SSL