mir/bind
2
0
Fork 0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-28 13:08:06 +00:00
Code Issues Releases Wiki Activity

remove DLV support from dnssec-dsfromkey

Browse Source
This commit is contained in:
Evan Hunt 2019-08-07 12:27:03 -07:00
parent 0b2b6b2ed1
commit 3a19e9ea19
2 changed files with 16 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

49
bin/dnssec/dnssec-dsfromkey.c
View File

@ -208,8 +208,7 @@ loadkey(char *filename, unsigned char *key_buf, unsigned int key_buf_size,
} }
static void static void
logkey(dns_rdata_t *rdata) logkey(dns_rdata_t *rdata) {
{
isc_result_t result; isc_result_t result;
dst_key_t *key = NULL; dst_key_t *key = NULL;
isc_buffer_t buf; isc_buffer_t buf;
@ -228,9 +227,7 @@ logkey(dns_rdata_t *rdata)
} }
static void static void
emit(dns_dsdigest_t dt, bool showall, char *lookaside, emit(dns_dsdigest_t dt, bool showall, bool cds, dns_rdata_t *rdata) {
bool cds, dns_rdata_t *rdata)
{
isc_result_t result; isc_result_t result;
unsigned char buf[DNS_DS_BUFFERSIZE]; unsigned char buf[DNS_DS_BUFFERSIZE];
char text_buf[DST_KEY_MAXTEXTSIZE]; char text_buf[DST_KEY_MAXTEXTSIZE];
@ -262,18 +259,6 @@ emit(dns_dsdigest_t dt, bool showall, char *lookaside,
if (result != ISC_R_SUCCESS) if (result != ISC_R_SUCCESS)
fatal("can't print name"); fatal("can't print name");
/* Add lookaside origin, if set */
if (lookaside != NULL) {
if (isc_buffer_availablelength(&nameb) < strlen(lookaside))
fatal("DLV origin '%s' is too long", lookaside);
isc_buffer_putstr(&nameb, lookaside);
if (lookaside[strlen(lookaside) - 1] != '.') {
if (isc_buffer_availablelength(&nameb) < 1)
fatal("DLV origin '%s' is too long", lookaside);
isc_buffer_putstr(&nameb, ".");
}
}
result = dns_rdata_tofmttext(&ds, (dns_name_t *) NULL, 0, 0, 0, "", result = dns_rdata_tofmttext(&ds, (dns_name_t *) NULL, 0, 0, 0, "",
&textb); &textb);
@ -293,26 +278,24 @@ emit(dns_dsdigest_t dt, bool showall, char *lookaside,
isc_buffer_usedregion(&classb, &r); isc_buffer_usedregion(&classb, &r);
printf("%.*s", (int)r.length, r.base); printf("%.*s", (int)r.length, r.base);
if (lookaside == NULL) { if (cds) {
if (cds)
printf(" CDS "); printf(" CDS ");
else } else {
printf(" DS "); printf(" DS ");
} else }
printf(" DLV ");
isc_buffer_usedregion(&textb, &r); isc_buffer_usedregion(&textb, &r);
printf("%.*s\n", (int)r.length, r.base); printf("%.*s\n", (int)r.length, r.base);
} }
static void static void
emits(bool showall, char *lookaside, bool cds, dns_rdata_t *rdata) { emits(bool showall, bool cds, dns_rdata_t *rdata) {
unsigned i, n; unsigned i, n;
n = sizeof(dtype)/sizeof(dtype[0]); n = sizeof(dtype)/sizeof(dtype[0]);
for (i = 0; i < n; i++) { for (i = 0; i < n; i++) {
if (dtype[i] != 0) { if (dtype[i] != 0) {
emit(dtype[i], showall, lookaside, cds, rdata); emit(dtype[i], showall, cds, rdata);
} }
} }
} }
@ -338,12 +321,11 @@ usage(void) {
" -f zonefile: read keys from a zone file\n" " -f zonefile: read keys from a zone file\n"
" -h: print help information\n" " -h: print help information\n"
" -K directory: where to find key or keyset files\n" " -K directory: where to find key or keyset files\n"
" -l zone: print DLV records in the given lookaside zone\n"
" -s: read keys from keyset-<dnsname> file\n" " -s: read keys from keyset-<dnsname> file\n"
" -T: TTL of output records (omitted by default)\n" " -T: TTL of output records (omitted by default)\n"
" -v level: verbosity\n" " -v level: verbosity\n"
" -V: print version information\n"); " -V: print version information\n");
fprintf(stderr, "Output: DS, DLV, or CDS RRs\n"); fprintf(stderr, "Output: DS or CDS RRs\n");
exit (-1); exit (-1);
} }
@ -352,7 +334,6 @@ int
main(int argc, char **argv) { main(int argc, char **argv) {
char *classname = NULL; char *classname = NULL;
char *filename = NULL, *dir = NULL, *namestr; char *filename = NULL, *dir = NULL, *namestr;
char *lookaside = NULL;
char *endp; char *endp;
int ch; int ch;
bool cds = false; bool cds = false;
@ -397,9 +378,6 @@ main(int argc, char **argv) {
add_dtype(strtodsdigest(isc_commandline_argument)); add_dtype(strtodsdigest(isc_commandline_argument));
break; break;
case 'C': case 'C':
if (lookaside != NULL)
fatal("lookaside and CDS are mutually"
" exclusive");
cds = true; cds = true;
break; break;
case 'c': case 'c':
@ -418,12 +396,7 @@ main(int argc, char **argv) {
filename = isc_commandline_argument; filename = isc_commandline_argument;
break; break;
case 'l': case 'l':
if (cds) fatal("-l option (DLV lookaside) is obsolete");
fatal("lookaside and CDS are mutually"
" exclusive");
lookaside = isc_commandline_argument;
if (strlen(lookaside) == 0U)
fatal("lookaside must be a non-empty string");
break; break;
case 's': case 's':
usekeyset = true; usekeyset = true;
@ -528,7 +501,7 @@ main(int argc, char **argv) {
logkey(&rdata); logkey(&rdata);
} }
emits(showall, lookaside, cds, &rdata); emits(showall, cds, &rdata);
} }
} else { } else {
unsigned char key_buf[DST_KEY_MAXSIZE]; unsigned char key_buf[DST_KEY_MAXSIZE];
@ -536,7 +509,7 @@ main(int argc, char **argv) {
loadkey(argv[isc_commandline_index], key_buf, loadkey(argv[isc_commandline_index], key_buf,
DST_KEY_MAXSIZE, &rdata); DST_KEY_MAXSIZE, &rdata);
emits(showall, lookaside, cds, &rdata); emits(showall, cds, &rdata);
} }
if (dns_rdataset_isassociated(&rdataset)) { if (dns_rdataset_isassociated(&rdataset)) {

24
bin/dnssec/dnssec-dsfromkey.docbook
View File

@ -112,10 +112,8 @@
<para> <para>
The <command>dnssec-dsfromkey</command> command outputs DS (Delegation The <command>dnssec-dsfromkey</command> command outputs DS (Delegation
Signer) resource records (RRs) and other similarly-constructed RRs: Signer) resource records (RRs), or CDS (Child DS) RRs with the
with the <option>-l</option> option it outputs DLV (DNSSEC Lookaside <option>-C</option> option.
Validation) RRs; or with the <option>-C</option> it outputs CDS (Child
DS) RRs.
</para> </para>
<para> <para>
@ -212,9 +210,7 @@
<term>-C</term> <term>-C</term>
<listitem> <listitem>
<para> <para>
Generate CDS records rather than DS records. This is mutually Generate CDS records rather than DS records.
exclusive with the <option>-l</option> option for generating DLV
records.
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
@ -260,19 +256,6 @@
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term>-l <replaceable class="parameter">domain</replaceable></term>
<listitem>
<para>
Generate a DLV set instead of a DS set. The specified
<replaceable>domain</replaceable> is appended to the name for each
record in the set.
This is mutually exclusive with the <option>-C</option> option
for generating CDS records.
</para>
</listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term>-s</term> <term>-s</term>
<listitem> <listitem>
@ -362,7 +345,6 @@
</citerefentry>, </citerefentry>,
<citetitle>BIND 9 Administrator Reference Manual</citetitle>, <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
<citetitle>RFC 3658</citetitle> (DS RRs), <citetitle>RFC 3658</citetitle> (DS RRs),
<citetitle>RFC 4431</citetitle> (DLV RRs),
<citetitle>RFC 4509</citetitle> (SHA-256 for DS RRs), <citetitle>RFC 4509</citetitle> (SHA-256 for DS RRs),
<citetitle>RFC 6605</citetitle> (SHA-384 for DS RRs), <citetitle>RFC 6605</citetitle> (SHA-384 for DS RRs),
<citetitle>RFC 7344</citetitle> (CDS and CDNSKEY RRs). <citetitle>RFC 7344</citetitle> (CDS and CDNSKEY RRs).