resolve conflicts

1 files changed, 90 insertions, 155 deletions

diff --git a/usr.sbin/bind/bin/dnssec/dnssec-makekeyset.c b/usr.sbin/bind/bin/dnssec/dnssec-makekeyset.c
index 350436c2f73..535f9105300 100644
--- a/usr.sbin/bind/bin/dnssec/dnssec-makekeyset.c
+++ b/usr.sbin/bind/bin/dnssec/dnssec-makekeyset.c
@@ -1,23 +1,22 @@
 /*
- * Portions Copyright (C) 2000, 2001  Internet Software Consortium.
+ * Portions Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2000-2003  Internet Software Consortium.
  * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
  *
  * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
- * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM AND
- * NETWORK ASSOCIATES DISCLAIM ALL WARRANTIES WITH REGARD TO THIS
- * SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
- * FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE CONSORTIUM OR NETWORK
- * ASSOCIATES BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
- * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
- * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
- * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+ * WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE
+ * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
+ * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $ISC: dnssec-makekeyset.c,v 1.52.2.1 2001/10/05 00:21:45 bwelling Exp $ */
+/* $ISC: dnssec-makekeyset.c,v 1.52.2.1.10.7 2004/08/28 06:25:27 marka Exp $ */
 
 #include <config.h>
 
@@ -26,15 +25,16 @@
 #include <isc/commandline.h>
 #include <isc/entropy.h>
 #include <isc/mem.h>
+#include <isc/print.h>
 #include <isc/string.h>
 #include <isc/util.h>
 
 #include <dns/db.h>
+#include <dns/diff.h>
 #include <dns/dnssec.h>
 #include <dns/fixedname.h>
 #include <dns/log.h>
 #include <dns/rdata.h>
-#include <dns/rdatalist.h>
 #include <dns/rdataset.h>
 #include <dns/result.h>
 #include <dns/secalg.h>
@@ -44,8 +44,6 @@
 
 #include "dnssectool.h"
 
-#define BUFSIZE 2048
-
 const char *program = "dnssec-makekeyset";
 int verbose;
 
@@ -71,6 +69,8 @@ usage(void) {
 
 	fprintf(stderr, "\n");
 
+	fprintf(stderr, "Version: %s\n", VERSION);
+
 	fprintf(stderr, "Options: (default value in parenthesis) \n");
 	fprintf(stderr, "\t-a\n");
 	fprintf(stderr, "\t\tverify generated signatures\n");
@@ -112,42 +112,29 @@ zonekey_on_list(dst_key_t *key) {
 	return (ISC_FALSE);
 }
 
-static isc_boolean_t
-rdata_on_list(dns_rdata_t *rdata, dns_rdatalist_t *list) {
-	dns_rdata_t *trdata;
-	for (trdata = ISC_LIST_HEAD(list->rdata);
-	     trdata != NULL;
-	     trdata = ISC_LIST_NEXT(trdata, link))
-	{
-		if (dns_rdata_compare(trdata, rdata) == 0)
-			return (ISC_TRUE);
-	}
-	return (ISC_FALSE);
-}
-
 int
 main(int argc, char *argv[]) {
 	int i, ch;
 	char *startstr = NULL, *endstr = NULL;
-	char *randomfile = NULL;
 	dns_fixedname_t fdomain;
 	dns_name_t *domain = NULL;
 	char *output = NULL;
 	char *endp;
-	unsigned char *data;
+	unsigned char data[65536];
 	dns_db_t *db;
-	dns_dbnode_t *node;
 	dns_dbversion_t *version;
+	dns_diff_t diff;
+	dns_difftuple_t *tuple;
+	dns_fixedname_t tname;
 	dst_key_t *key = NULL;
-	dns_rdata_t *rdata;
-	dns_rdatalist_t rdatalist, sigrdatalist;
-	dns_rdataset_t rdataset, sigrdataset;
+	dns_rdata_t rdata = DNS_RDATA_INIT;
+	dns_rdataset_t rdataset;
+	dns_rdataclass_t rdclass;
 	isc_result_t result;
 	isc_buffer_t b;
 	isc_region_t r;
 	isc_log_t *log = NULL;
 	keynode_t *keynode;
-	dns_name_t *savedname = NULL;
 	unsigned int eflags;
 	isc_boolean_t pseudorandom = ISC_FALSE;
 	isc_boolean_t tryverify = ISC_FALSE;
@@ -181,7 +168,7 @@ main(int argc, char *argv[]) {
 			break;
 
 		case 'r':
-			randomfile = isc_commandline_argument;
+			setup_entropy(mctx, isc_commandline_argument, &ectx);
 			break;
 
 		case 'v':
@@ -208,13 +195,14 @@ main(int argc, char *argv[]) {
 	if (argc < 1)
 		usage();
 
-	setup_entropy(mctx, randomfile, &ectx);
+	if (ectx == NULL)
+		setup_entropy(mctx, NULL, &ectx);
 	eflags = ISC_ENTROPY_BLOCKING;
 	if (!pseudorandom)
 		eflags |= ISC_ENTROPY_GOODONLY;
 	result = dst_lib_init(mctx, ectx, eflags);
 	if (result != ISC_R_SUCCESS)
-		fatal("could not initialize dst: %s",
+		fatal("could not initialize dst: %s", 
 		      isc_result_totext(result));
 
 	isc_stdtime_get(&now);
@@ -237,11 +225,8 @@ main(int argc, char *argv[]) {
 
 	setup_logging(verbose, mctx, &log);
 
-	dns_rdatalist_init(&rdatalist);
-	rdatalist.rdclass = 0;
-	rdatalist.type = dns_rdatatype_key;
-	rdatalist.covers = 0;
-	rdatalist.ttl = ttl;
+	dns_diff_init(mctx, &diff);
+	rdclass = 0;
 
 	ISC_LIST_INIT(keylist);
 
@@ -255,48 +240,37 @@ main(int argc, char *argv[]) {
 		if (result != ISC_R_SUCCESS)
 			fatal("error loading key from %s: %s", argv[i],
 			      isc_result_totext(result));
-		if (rdatalist.rdclass == 0)
-			rdatalist.rdclass = dst_key_class(key);
+		if (rdclass == 0)
+			rdclass = dst_key_class(key);
 
-		isc_buffer_init(&namebuf, namestr, sizeof namestr);
+		isc_buffer_init(&namebuf, namestr, sizeof(namestr));
 		result = dns_name_tofilenametext(dst_key_name(key),
 						 ISC_FALSE,
 						 &namebuf);
 		check_result(result, "dns_name_tofilenametext");
 		isc_buffer_putuint8(&namebuf, 0);
-		
-		if (savedname == NULL) {
-			savedname = isc_mem_get(mctx, sizeof(dns_name_t));
-			if (savedname == NULL)
-				fatal("out of memory");
-			dns_name_init(savedname, NULL);
-			result = dns_name_dup(dst_key_name(key), mctx,
-					      savedname);
-			if (result != ISC_R_SUCCESS)
-				fatal("out of memory");
-		} else {
-			char savednamestr[DNS_NAME_FORMATSIZE];
-			dns_name_format(savedname, savednamestr,
-					sizeof savednamestr);
-			if (!dns_name_equal(savedname, dst_key_name(key)) != 0)
-				fatal("all keys must have the same owner - %s "
-				      "and %s do not match",
-				      savednamestr, namestr);
+
+		if (domain == NULL) {
+			dns_fixedname_init(&fdomain);
+			domain = dns_fixedname_name(&fdomain);
+			dns_name_copy(dst_key_name(key), domain, NULL);
+		} else if (!dns_name_equal(domain, dst_key_name(key))) {
+			char str[DNS_NAME_FORMATSIZE];
+			dns_name_format(domain, str, sizeof(str));
+			fatal("all keys must have the same owner - %s "
+			      "and %s do not match", str, namestr);
 		}
+
 		if (output == NULL) {
 			size_t len;
-			len = strlen("keyset-") + strlen(namestr) + 1;
-			output = isc_mem_allocate(mctx, len);
+			len = strlen("keyset-") + strlen(namestr);
+			output = isc_mem_allocate(mctx, len + 1);
 			if (output == NULL)
 				fatal("out of memory");
-			strlcpy(output, "keyset-", len);
-			strlcat(output, namestr, len);
-		}
-		if (domain == NULL) {
-			dns_fixedname_init(&fdomain);
-			domain = dns_fixedname_name(&fdomain);
-			dns_name_copy(dst_key_name(key), domain, NULL);
+			strlcpy(output, "keyset-", len + 1);
+			strlcat(output, namestr, len + 1);
 		}
+
 		if (dst_key_iszonekey(key)) {
 			dst_key_t *zonekey = NULL;
 			result = dst_key_fromnamedfile(argv[i],
@@ -307,8 +281,7 @@ main(int argc, char *argv[]) {
 				fatal("failed to read private key %s: %s",
 				      argv[i], isc_result_totext(result));
 			if (!zonekey_on_list(zonekey)) {
-				keynode = isc_mem_get(mctx,
-						      sizeof (keynode_t));
+				keynode = isc_mem_get(mctx, sizeof(keynode_t));
 				if (keynode == NULL)
 					fatal("out of memory");
 				keynode->key = zonekey;
@@ -316,39 +289,41 @@ main(int argc, char *argv[]) {
 			} else
 				dst_key_free(&zonekey);
 		}
-		rdata = isc_mem_get(mctx, sizeof(dns_rdata_t));
-		if (rdata == NULL)
-			fatal("out of memory");
-		dns_rdata_init(rdata);
-		data = isc_mem_get(mctx, BUFSIZE);
-		if (data == NULL)
-			fatal("out of memory");
-		isc_buffer_init(&b, data, BUFSIZE);
+		dns_rdata_reset(&rdata);
+		isc_buffer_init(&b, data, sizeof(data));
 		result = dst_key_todns(key, &b);
+		dst_key_free(&key);
 		if (result != ISC_R_SUCCESS)
 			fatal("failed to convert key %s to a DNS KEY: %s",
 			      argv[i], isc_result_totext(result));
 		isc_buffer_usedregion(&b, &r);
-		dns_rdata_fromregion(rdata, rdatalist.rdclass,
-				     dns_rdatatype_key, &r);
-		if (!rdata_on_list(rdata, &rdatalist))
-			ISC_LIST_APPEND(rdatalist.rdata, rdata, link);
-		else {
-			isc_mem_put(mctx, data, BUFSIZE);
-			isc_mem_put(mctx, rdata, sizeof *rdata);
-		}
-		dst_key_free(&key);
+		dns_rdata_fromregion(&rdata, rdclass, dns_rdatatype_dnskey, &r);
+		tuple = NULL;
+		result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD,
+					      domain, ttl, &rdata, &tuple);
+		check_result(result, "dns_difftuple_create");
+		dns_diff_append(&diff, &tuple);
 	}
 
-	dns_rdataset_init(&rdataset);
-	result = dns_rdatalist_tordataset(&rdatalist, &rdataset);
-	check_result(result, "dns_rdatalist_tordataset()");
+	db = NULL;
+	result = dns_db_create(mctx, "rbt", dns_rootname, dns_dbtype_zone,
+			       rdclass, 0, NULL, &db);
+	if (result != ISC_R_SUCCESS)
+		fatal("failed to create a database");
 
-	dns_rdatalist_init(&sigrdatalist);
-	sigrdatalist.rdclass = rdatalist.rdclass;
-	sigrdatalist.type = dns_rdatatype_sig;
-	sigrdatalist.covers = dns_rdatatype_key;
-	sigrdatalist.ttl = ttl;
+	version = NULL;
+	dns_db_newversion(db, &version);
+
+	result = dns_diff_apply(&diff, db, version);
+	check_result(result, "dns_diff_apply");
+	dns_diff_clear(&diff);
+
+	dns_fixedname_init(&tname);
+	dns_rdataset_init(&rdataset);
+	result = dns_db_find(db, domain, version, dns_rdatatype_dnskey, 0, 0,
+			     NULL, dns_fixedname_name(&tname), &rdataset,
+			     NULL);
+	check_result(result, "dns_db_find");
 
 	if (ISC_LIST_EMPTY(keylist))
 		fprintf(stderr,
@@ -358,69 +333,48 @@ main(int argc, char *argv[]) {
 	     keynode != NULL;
 	     keynode = ISC_LIST_NEXT(keynode, link))
 	{
-		rdata = isc_mem_get(mctx, sizeof(dns_rdata_t));
-		if (rdata == NULL)
-			fatal("out of memory");
-		dns_rdata_init(rdata);
-		data = isc_mem_get(mctx, BUFSIZE);
-		if (data == NULL)
-			fatal("out of memory");
-		isc_buffer_init(&b, data, BUFSIZE);
+		dns_rdata_reset(&rdata);
+		isc_buffer_init(&b, data, sizeof(data));
 		result = dns_dnssec_sign(domain, &rdataset, keynode->key,
 					 &starttime, &endtime, mctx, &b,
-					 rdata);
+					 &rdata);
 		isc_entropy_stopcallbacksources(ectx);
 		if (result != ISC_R_SUCCESS) {
 			char keystr[KEY_FORMATSIZE];
-			key_format(keynode->key, keystr, sizeof keystr);
+			key_format(keynode->key, keystr, sizeof(keystr));
 			fatal("failed to sign keyset with key %s: %s",
 			      keystr, isc_result_totext(result));
 		}
 		if (tryverify) {
 			result = dns_dnssec_verify(domain, &rdataset,
 						   keynode->key, ISC_TRUE,
-						   mctx, rdata);
+						   mctx, &rdata);
 			if (result != ISC_R_SUCCESS) {
 				char keystr[KEY_FORMATSIZE];
-				key_format(keynode->key, keystr, sizeof keystr);
+				key_format(keynode->key, keystr, sizeof(keystr));
 				fatal("signature from key '%s' failed to "
 				      "verify: %s",
 				      keystr, isc_result_totext(result));
 			}
 		}
-		ISC_LIST_APPEND(sigrdatalist.rdata, rdata, link);
-		dns_rdataset_init(&sigrdataset);
-		result = dns_rdatalist_tordataset(&sigrdatalist, &sigrdataset);
-		check_result(result, "dns_rdatalist_tordataset()");
-	}
-
-	db = NULL;
-	result = dns_db_create(mctx, "rbt", dns_rootname, dns_dbtype_zone,
-			       rdataset.rdclass, 0, NULL, &db);
-	if (result != ISC_R_SUCCESS) {
-		char domainstr[DNS_NAME_FORMATSIZE];
-		dns_name_format(domain, domainstr, sizeof domainstr);
-		fatal("failed to create a database for %s", domainstr);
+		tuple = NULL;
+		result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD,
+					      domain, ttl, &rdata, &tuple);
+		check_result(result, "dns_difftuple_create");
+		dns_diff_append(&diff, &tuple);
 	}
 
-	version = NULL;
-	dns_db_newversion(db, &version);
-
-	node = NULL;
-	result = dns_db_findnode(db, domain, ISC_TRUE, &node);
-	check_result(result, "dns_db_findnode()");
+	result = dns_diff_apply(&diff, db, version);
+	check_result(result, "dns_diff_apply");
+	dns_diff_clear(&diff);
 
-	dns_db_addrdataset(db, node, version, 0, &rdataset, 0, NULL);
-	if (!ISC_LIST_EMPTY(keylist))
-		dns_db_addrdataset(db, node, version, 0, &sigrdataset, 0,
-				   NULL);
+	dns_rdataset_disassociate(&rdataset);
 
-	dns_db_detachnode(db, &node);
 	dns_db_closeversion(db, &version, ISC_TRUE);
 	result = dns_db_dump(db, version, output);
 	if (result != ISC_R_SUCCESS) {
 		char domainstr[DNS_NAME_FORMATSIZE];
-		dns_name_format(domain, domainstr, sizeof domainstr);
+		dns_name_format(domain, domainstr, sizeof(domainstr));
 		fatal("failed to write database for %s to %s",
 		      domainstr, output);
 	}
@@ -429,20 +383,6 @@ main(int argc, char *argv[]) {
 
 	dns_db_detach(&db);
 
-	dns_rdataset_disassociate(&rdataset);
-	while (!ISC_LIST_EMPTY(rdatalist.rdata)) {
-		rdata = ISC_LIST_HEAD(rdatalist.rdata);
-		ISC_LIST_UNLINK(rdatalist.rdata, rdata, link);
-		isc_mem_put(mctx, rdata->data, BUFSIZE);
-		isc_mem_put(mctx, rdata, sizeof *rdata);
-	}
-	while (!ISC_LIST_EMPTY(sigrdatalist.rdata)) {
-		rdata = ISC_LIST_HEAD(sigrdatalist.rdata);
-		ISC_LIST_UNLINK(sigrdatalist.rdata, rdata, link);
-		isc_mem_put(mctx, rdata->data, BUFSIZE);
-		isc_mem_put(mctx, rdata, sizeof *rdata);
-	}
-
 	while (!ISC_LIST_EMPTY(keylist)) {
 		keynode = ISC_LIST_HEAD(keylist);
 		ISC_LIST_UNLINK(keylist, keynode, link);
@@ -450,11 +390,6 @@ main(int argc, char *argv[]) {
 		isc_mem_put(mctx, keynode, sizeof(keynode_t));
 	}
 
-	if (savedname != NULL) {
-		dns_name_free(savedname, mctx);
-		isc_mem_put(mctx, savedname, sizeof(dns_name_t));
-	}
-
 	cleanup_logging(&log);
 	cleanup_entropy(&ectx);