ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
Files
00a3d91e2d54f8fdaaae80a1ddbcfff30e255f4e
bind9/bin/dnssec/dnssec-verify.c
Ondřej Surý 091d738c72 Convert all categories and modules into static lists 
Remove the complicated mechanism that could be (in theory) used by
external libraries to register new categories and modules with
statically defined lists in <isc/log.h>.  This is similar to what we
have done for <isc/result.h> result codes.  All the libraries are now
internal to BIND 9, so we don't need to provide a mechanism to register
extra categories and modules.
2024-08-20 12:50:39 +00:00

335 lines
7.4 KiB
C
Raw Blame History

/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* SPDX-License-Identifier: MPL-2.0
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, you can obtain one at https://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
/*! \file */
#include <stdbool.h>
#include <stdlib.h>
#include <time.h>
#include <isc/attributes.h>
#include <isc/base32.h>
#include <isc/commandline.h>
#include <isc/file.h>
#include <isc/hash.h>
#include <isc/hex.h>
#include <isc/log.h>
#include <isc/mem.h>
#include <isc/mutex.h>
#include <isc/os.h>
#include <isc/random.h>
#include <isc/result.h>
#include <isc/rwlock.h>
#include <isc/serial.h>
#include <isc/stdio.h>
#include <isc/string.h>
#include <isc/time.h>
#include <isc/util.h>
#include <dns/db.h>
#include <dns/dbiterator.h>
#include <dns/diff.h>
#include <dns/dnssec.h>
#include <dns/ds.h>
#include <dns/fixedname.h>
#include <dns/keyvalues.h>
#include <dns/master.h>
#include <dns/masterdump.h>
#include <dns/nsec.h>
#include <dns/nsec3.h>
#include <dns/rdata.h>
#include <dns/rdataclass.h>
#include <dns/rdatalist.h>
#include <dns/rdataset.h>
#include <dns/rdatasetiter.h>
#include <dns/rdatastruct.h>
#include <dns/rdatatype.h>
#include <dns/soa.h>
#include <dns/time.h>
#include <dns/zoneverify.h>
#include <dst/dst.h>
#include "dnssectool.h"
const char *program = "dnssec-verify";
static isc_stdtime_t now;
static isc_mem_t *mctx = NULL;
static dns_masterformat_t inputformat = dns_masterformat_text;
static dns_db_t *gdb = NULL; /* The database */
static dns_dbversion_t *gversion = NULL; /* The database version */
static dns_rdataclass_t gclass; /* The class */
static dns_name_t *gorigin = NULL; /* The database origin */
static bool ignore_kskflag = false;
static bool keyset_kskonly = false;
static void
report(const char *format, ...) {
if (!quiet) {
char buf[4096];
va_list args;
va_start(args, format);
vsnprintf(buf, sizeof(buf), format, args);
va_end(args);
fprintf(stdout, "%s\n", buf);
}
}
/*%
* Load the zone file from disk
*/
static void
loadzone(char *file, char *origin, dns_rdataclass_t rdclass, dns_db_t **db) {
isc_buffer_t b;
int len;
dns_fixedname_t fname;
dns_name_t *name;
isc_result_t result;
len = strlen(origin);
isc_buffer_init(&b, origin, len);
isc_buffer_add(&b, len);
name = dns_fixedname_initname(&fname);
result = dns_name_fromtext(name, &b, dns_rootname, 0, NULL);
if (result != ISC_R_SUCCESS) {
fatal("failed converting name '%s' to dns format: %s", origin,
isc_result_totext(result));
}
result = dns_db_create(mctx, ZONEDB_DEFAULT, name, dns_dbtype_zone,
rdclass, 0, NULL, db);
check_result(result, "dns_db_create()");
result = dns_db_load(*db, file, inputformat, 0);
switch (result) {
case DNS_R_SEENINCLUDE:
case ISC_R_SUCCESS:
break;
case DNS_R_NOTZONETOP:
/*
* Comparing pointers (vs. using strcmp()) is intentional: we
* want to check whether -o was supplied on the command line,
* not whether origin and file contain the same string.
*/
if (origin == file) {
fatal("failed loading zone '%s' from file '%s': "
"use -o to specify a different zone origin",
origin, file);
}
FALLTHROUGH;
default:
fatal("failed loading zone from '%s': %s", file,
isc_result_totext(result));
}
}
ISC_NORETURN static void
usage(void);
static void
usage(void) {
fprintf(stderr, "Usage:\n");
fprintf(stderr, "\t%s [options] zonefile [keys]\n", program);
fprintf(stderr, "\n");
fprintf(stderr, "Version: %s\n", PACKAGE_VERSION);
fprintf(stderr, "Options: (default value in parenthesis) \n");
fprintf(stderr, "\t-v debuglevel (0)\n");
fprintf(stderr, "\t-q quiet\n");
fprintf(stderr, "\t-V:\tprint version information\n");
fprintf(stderr, "\t-o origin:\n");
fprintf(stderr, "\t\tzone origin (name of zonefile)\n");
fprintf(stderr, "\t-I format:\n");
fprintf(stderr, "\t\tfile format of input zonefile (text)\n");
fprintf(stderr, "\t-c class (IN)\n");
fprintf(stderr, "\t-x:\tDNSKEY record signed with KSKs only, "
"not ZSKs\n");
fprintf(stderr, "\t-z:\tAll records signed with KSKs\n");
exit(EXIT_SUCCESS);
}
int
main(int argc, char *argv[]) {
char *origin = NULL, *file = NULL;
char *inputformatstr = NULL;
isc_result_t result;
char *classname = NULL;
dns_rdataclass_t rdclass;
char *endp;
int ch;
#define CMDLINE_FLAGS "c:E:hJ:m:o:I:qv:Vxz"
/*
* Process memory debugging argument first.
*/
while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
switch (ch) {
case 'm':
if (strcasecmp(isc_commandline_argument, "record") == 0)
{
isc_mem_debugging |= ISC_MEM_DEBUGRECORD;
}
if (strcasecmp(isc_commandline_argument, "trace") == 0)
{
isc_mem_debugging |= ISC_MEM_DEBUGTRACE;
}
if (strcasecmp(isc_commandline_argument, "usage") == 0)
{
isc_mem_debugging |= ISC_MEM_DEBUGUSAGE;
}
break;
default:
break;
}
}
isc_commandline_reset = true;
isc_mem_create(&mctx);
isc_commandline_errprint = false;
while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
switch (ch) {
case 'c':
classname = isc_commandline_argument;
break;
case 'E':
fatal("%s", isc_result_totext(DST_R_NOENGINE));
break;
case 'I':
inputformatstr = isc_commandline_argument;
break;
case 'J':
journal = isc_commandline_argument;
break;
case 'm':
break;
case 'o':
origin = isc_commandline_argument;
break;
case 'v':
endp = NULL;
verbose = strtol(isc_commandline_argument, &endp, 0);
if (*endp != '\0') {
fatal("verbose level must be numeric");
}
break;
case 'q':
quiet = true;
break;
case 'x':
keyset_kskonly = true;
break;
case 'z':
ignore_kskflag = true;
break;
case '?':
if (isc_commandline_option != '?') {
fprintf(stderr, "%s: invalid argument -%c\n",
program, isc_commandline_option);
}
FALLTHROUGH;
case 'h':
/* Does not return. */
usage();
case 'V':
/* Does not return. */
version(program);
default:
fprintf(stderr, "%s: unhandled option -%c\n", program,
isc_commandline_option);
exit(EXIT_FAILURE);
}
}
now = isc_stdtime_now();
rdclass = strtoclass(classname);
setup_logging();
argc -= isc_commandline_index;
argv += isc_commandline_index;
if (argc < 1) {
usage();
}
file = argv[0];
argc -= 1;
argv += 1;
POST(argc);
POST(argv);
if (origin == NULL) {
origin = file;
}
if (inputformatstr != NULL) {
if (strcasecmp(inputformatstr, "text") == 0) {
inputformat = dns_masterformat_text;
} else if (strcasecmp(inputformatstr, "raw") == 0) {
inputformat = dns_masterformat_raw;
} else {
fatal("unknown file format: %s\n", inputformatstr);
}
}
gdb = NULL;
report("Loading zone '%s' from file '%s'\n", origin, file);
loadzone(file, origin, rdclass, &gdb);
if (journal != NULL) {
loadjournal(mctx, gdb, journal);
}
gorigin = dns_db_origin(gdb);
gclass = dns_db_class(gdb);
gversion = NULL;
result = dns_db_newversion(gdb, &gversion);
check_result(result, "dns_db_newversion()");
result = dns_zoneverify_dnssec(NULL, gdb, gversion, gorigin, NULL, mctx,
ignore_kskflag, keyset_kskonly, report);
dns_db_closeversion(gdb, &gversion, false);
dns_db_detach(&gdb);
if (verbose > 10) {
isc_mem_stats(mctx, stdout);
}
isc_mem_destroy(&mctx);
return (result == ISC_R_SUCCESS ? 0 : 1);
}
View Git Blame Copy Permalink