Commit 21fd2017 authored by Libor Peltan's avatar Libor Peltan

xxx

parent 878dc577
/* Copyright (C) 2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
/* Copyright (C) 2020 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -170,6 +170,13 @@ int kdnssec_ctx_init(conf_t *conf, kdnssec_ctx_t *ctx, const knot_dname_t *zone_
goto init_error;
}
ret = kasp_db_get_saved_ttls(ctx->kasp_db, zone_name,
&ctx->policy->saved_max_ttl,
&ctx->policy->saved_key_ttl);
if (ret != KNOT_EOK && ret != KNOT_ENOENT) {
return ret;
}
conf_val_t policy_id;
if (from_module == NULL) {
policy_id = conf_zone_get(conf, C_DNSSEC_POLICY, zone_name);
......@@ -207,7 +214,15 @@ int kdnssec_ctx_commit(kdnssec_ctx_t *ctx)
return KNOT_EINVAL;
}
// do something with keytore? Probably not..
if (ctx->policy->dnskey_ttl != UINT32_MAX &&
ctx->policy->zone_maximal_ttl != UINT32_MAX) {
int ret = kasp_db_set_saved_ttls(ctx->kasp_db, ctx->zone->dname,
ctx->policy->dnskey_ttl,
ctx->policy->zone_maximal_ttl);
if (ret != KNOT_EOK) {
return ret;
}
}
return kasp_zone_save(ctx->zone, ctx->zone->dname, ctx->kasp_db);
}
......
/* Copyright (C) 2019 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
/* Copyright (C) 2020 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......
......@@ -31,6 +31,7 @@ typedef enum {
KASPDBKEY_MASTERSERIAL = 0x5,
KASPDBKEY_LASTSIGNEDSERIAL = 0x6,
KASPDBKEY_OFFLINE_RECORDS = 0x7,
KASPDBKEY_SAVED_TTLS = 0x8,
} keyclass_t;
static MDB_val make_key_str(keyclass_t kclass, const knot_dname_t *dname, const char *str)
......@@ -466,6 +467,28 @@ int kasp_db_delete_offline_records(knot_lmdb_db_t *db, const knot_dname_t *zone,
return txn.ret;
}
int kasp_db_get_saved_ttls(knot_lmdb_db_t *db, const knot_dname_t *zone,
uint32_t *max_ttl, uint32_t *key_ttl)
{
MDB_val key = make_key_str(KASPDBKEY_SAVED_TTLS, zone, NULL);
knot_lmdb_txn_t txn = { 0 };
knot_lmdb_begin(db, &txn, false);
if (knot_lmdb_find(&txn, &key, KNOT_LMDB_EXACT | KNOT_LMDB_FORCE)) {
knot_lmdb_unmake_curval(&txn, "II", max_ttl, key_ttl);
}
knot_lmdb_abort(&txn);
free(key.mv_data);
return txn.ret;
}
int kasp_db_set_saved_ttls(knot_lmdb_db_t *db, const knot_dname_t *zone,
uint32_t max_ttl, uint32_t key_ttl)
{
MDB_val key = make_key_str(KASPDBKEY_SAVED_TTLS, zone, NULL);
MDB_val val = knot_lmdb_make_key("II", max_ttl, key_ttl);
return knot_lmdb_quick_insert(db, key, val);
}
void kasp_db_ensure_init(knot_lmdb_db_t *db, conf_t *conf)
{
if (db->path == NULL) {
......
......@@ -224,6 +224,31 @@ int kasp_db_load_offline_records(knot_lmdb_db_t *db, const knot_dname_t *for_dna
int kasp_db_delete_offline_records(knot_lmdb_db_t *db, const knot_dname_t *zone,
knot_time_t from_time, knot_time_t to_time);
/*!
* \brief Load saved zone-max-TTL and DNSKEY-TTL.
*
* \param db KASP db.
* \param max_ttl Out: saved zone max TTL.
* \param key_ttl Out: saved DNSKEY TTL.
*
* \retval KNOT_ENOENT If not saved yet.
* \return KNOT_E*
*/
int kasp_db_get_saved_ttls(knot_lmdb_db_t *db, const knot_dname_t *zone,
uint32_t *max_ttl, uint32_t *key_ttl);
/*!
* \brief Save current zone-max-TTL and DNSKEY-TTL.
*
* \param db KASP db.
* \param max_ttl Current zone max TTL.
* \param key_ttl Current DNSKEY TTL.
*
* \return KNOT_E*
*/
int kasp_db_set_saved_ttls(knot_lmdb_db_t *db, const knot_dname_t *zone,
uint32_t max_ttl, uint32_t key_ttl);
/*!
* \brief Initialize KASP database according to conf, if not already.
*
......
......@@ -111,6 +111,8 @@ typedef struct {
uint8_t nsec3_salt_length;
// zone
uint32_t zone_maximal_ttl; // like knot_timediff_t
uint32_t saved_max_ttl;
uint32_t saved_key_ttl;
// data propagation delay
uint32_t propagation_delay; // like knot_timediff_t
// various
......
......@@ -283,7 +283,7 @@ static knot_time_t zsk_active_time(knot_time_t publish_time, const kdnssec_ctx_t
if (publish_time <= 0) {
return 0;
}
return knot_time_add(publish_time, ctx->policy->propagation_delay + ctx->policy->dnskey_ttl);
return knot_time_add(publish_time, ctx->policy->propagation_delay + ctx->policy->saved_key_ttl);
}
static knot_time_t zsk_remove_time(knot_time_t retire_time, const kdnssec_ctx_t *ctx)
......@@ -291,7 +291,7 @@ static knot_time_t zsk_remove_time(knot_time_t retire_time, const kdnssec_ctx_t
if (retire_time <= 0) {
return 0;
}
return knot_time_add(retire_time, ctx->policy->propagation_delay + ctx->policy->zone_maximal_ttl);
return knot_time_add(retire_time, ctx->policy->propagation_delay + ctx->policy->saved_max_ttl);
}
static knot_time_t ksk_rollover_time(knot_time_t created_time, const kdnssec_ctx_t *ctx)
......@@ -307,7 +307,7 @@ static knot_time_t ksk_ready_time(knot_time_t publish_time, const kdnssec_ctx_t
if (publish_time <= 0) {
return 0;
}
return knot_time_add(publish_time, ctx->policy->propagation_delay + ctx->policy->dnskey_ttl);
return knot_time_add(publish_time, ctx->policy->propagation_delay + ctx->policy->saved_key_ttl);
}
static knot_time_t ksk_sbm_max_time(knot_time_t ready_time, const kdnssec_ctx_t *ctx)
......@@ -324,7 +324,7 @@ static knot_time_t ksk_retire_time(knot_time_t retire_active_time, const kdnssec
return 0;
}
// this is not correct! It should be parent DS TTL.
return knot_time_add(retire_active_time, ctx->policy->propagation_delay + ctx->policy->dnskey_ttl);
return knot_time_add(retire_active_time, ctx->policy->propagation_delay + ctx->policy->saved_key_ttl);
}
static knot_time_t ksk_remove_time(knot_time_t retire_time, bool is_csk, const kdnssec_ctx_t *ctx)
......@@ -332,9 +332,9 @@ static knot_time_t ksk_remove_time(knot_time_t retire_time, bool is_csk, const k
if (retire_time <= 0) {
return 0;
}
knot_timediff_t use_ttl = ctx->policy->dnskey_ttl;
knot_timediff_t use_ttl = ctx->policy->saved_key_ttl;
if (is_csk) {
use_ttl = ctx->policy->zone_maximal_ttl;
use_ttl = ctx->policy->saved_max_ttl;
}
return knot_time_add(retire_time, ctx->policy->propagation_delay + use_ttl);
}
......@@ -346,7 +346,7 @@ static knot_time_t alg_publish_time(knot_time_t pre_active_time, const kdnssec_c
if (pre_active_time <= 0) {
return 0;
}
return knot_time_add(pre_active_time, ctx->policy->propagation_delay + ctx->policy->zone_maximal_ttl);
return knot_time_add(pre_active_time, ctx->policy->propagation_delay + ctx->policy->saved_max_ttl);
}
static knot_time_t alg_remove_time(knot_time_t post_active_time, const kdnssec_ctx_t *ctx)
......
/* Copyright (C) 2018 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
/* Copyright (C) 2020 CZ.NIC, z.s.p.o. <knot-dns@labs.nic.cz>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
......@@ -34,8 +34,14 @@ void update_policy_from_zone(knot_kasp_policy_t *policy,
if (policy->dnskey_ttl == UINT32_MAX) {
policy->dnskey_ttl = zone_soa_ttl(zone);
}
if (policy->saved_key_ttl == 0) { // possibly not set yet
policy->saved_key_ttl = policy->dnskey_ttl;
}
if (policy->zone_maximal_ttl == UINT32_MAX) {
policy->zone_maximal_ttl = zone->max_ttl;
}
if (policy->saved_max_ttl == 0) { // possibly not set yet
policy->saved_max_ttl = policy->zone_maximal_ttl;
}
}
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment