⭐ 欢迎来到虫虫下载站! | 📦 资源下载 📁 资源专辑 ℹ️ 关于我们
⭐ 虫虫下载站
📤 上传资源

📄 dnssec-signzone.c

📁 bind-3.2.
💻 C
📖 第 1 页 / 共 4 页
字号:
🔍
1234 
	while (result == ISC_R_SUCCESS) {		pubkey = NULL;		dns_rdata_reset(&rdata);		dns_rdataset_current(&rdataset, &rdata);		result = dns_dnssec_keyfromrdata(gorigin, &rdata, mctx,						 &pubkey);		if (result != ISC_R_SUCCESS)			goto next;		if (!dst_key_iszonekey(pubkey)) {			dst_key_free(&pubkey);			goto next;		}		key = newkeystruct(pubkey, ISC_FALSE);		ISC_LIST_APPEND(keylist, key, link); next:		result = dns_rdataset_next(&rdataset);	}	dns_rdataset_disassociate(&rdataset);	dns_db_detachnode(db, &node);	dns_db_closeversion(db, &currentversion, ISC_FALSE);}static voidprint_time(FILE *fp) {	time_t currenttime;	currenttime = time(NULL);	fprintf(fp, "; File written on %s", ctime(&currenttime));}static voidprint_version(FILE *fp) {	fprintf(fp, "; dnssec_signzone version " VERSION "\n");}static voidusage(void) {	fprintf(stderr, "Usage:\n");	fprintf(stderr, "\t%s [options] zonefile [keys]\n", program);	fprintf(stderr, "\n");	fprintf(stderr, "Options: (default value in parenthesis) \n");	fprintf(stderr, "\t-c class (IN)\n");	fprintf(stderr, "\t-d directory\n");	fprintf(stderr, "\t\tdirectory to find signedkey files (.)\n");	fprintf(stderr, "\t-s YYYYMMDDHHMMSS|+offset:\n");	fprintf(stderr, "\t\tSIG start time - absolute|offset (now)\n");	fprintf(stderr, "\t-e YYYYMMDDHHMMSS|+offset|\"now\"+offset]:\n");	fprintf(stderr, "\t\tSIG end time  - absolute|from start|from now "				"(now + 30 days)\n");	fprintf(stderr, "\t-i interval:\n");	fprintf(stderr, "\t\tcycle interval - resign "				"if < interval from end ( (end-start)/4 )\n");	fprintf(stderr, "\t-v debuglevel (0)\n");	fprintf(stderr, "\t-o origin:\n");	fprintf(stderr, "\t\tzone origin (name of zonefile)\n");	fprintf(stderr, "\t-f outfile:\n");	fprintf(stderr, "\t\tfile the signed zone is written in "				"(zonefile + .signed)\n");	fprintf(stderr, "\t-r randomdev:\n");	fprintf(stderr,	"\t\ta file containing random data\n");	fprintf(stderr, "\t-a:\t");	fprintf(stderr, "verify generated signatures\n");	fprintf(stderr, "\t-p:\t");	fprintf(stderr, "use pseudorandom data (faster but less secure)\n");	fprintf(stderr, "\t-t:\t");	fprintf(stderr, "print statistics\n");	fprintf(stderr, "\t-n ncpus (number of cpus present)\n");	fprintf(stderr, "\n");	fprintf(stderr, "Signing Keys: ");	fprintf(stderr, "(default: all zone keys that have private keys)\n");	fprintf(stderr, "\tkeyfile (Kname+alg+tag)\n");#ifndef ISC_RFC2535	fprintf(stderr,"WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING\n""WARNING                                                         WARNING\n""WARNING This version of dnssec-signzone produces zones that are WARNING\n""WARNING incompatible with the forthcoming DS based DNSSEC       WARNING\n""WARNING standard.                                               WARNING\n""WARNING                                                         WARNING\n""WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING\n");#endif	exit(0);}static voidremovetempfile(void) {	if (removefile)		isc_file_remove(tempfile);}intmain(int argc, char *argv[]) {	int i, ch;	char *startstr = NULL, *endstr = NULL, *classname = NULL;	char *origin = NULL, *file = NULL, *output = NULL;	char *randomfile = NULL;	char *endp;	isc_time_t timer_start, timer_finish;	signer_key_t *key;	isc_result_t result;	isc_log_t *log = NULL;	isc_boolean_t pseudorandom = ISC_FALSE;	unsigned int eflags;	isc_boolean_t free_output = ISC_FALSE;	int tempfilelen;	dns_rdataclass_t rdclass;	isc_textregion_t r;	isc_task_t **tasks = NULL;	masterstyle = &dns_master_style_explicitttl;	check_result(isc_app_start(), "isc_app_start");	result = isc_mem_create(0, 0, &mctx);	if (result != ISC_R_SUCCESS)		fatal("out of memory");	dns_result_register();	while ((ch = isc_commandline_parse(argc, argv,					   "c:s:e:i:v:o:f:ahpr:td:n:"))	       != -1) {		switch (ch) {		case 'c':			classname = isc_commandline_argument;			break;		case 's':			startstr = isc_commandline_argument;			break;		case 'e':			endstr = isc_commandline_argument;			break;		case 'i':			endp = NULL;			cycle = strtol(isc_commandline_argument, &endp, 0);			if (*endp != '\0' || cycle < 0)				fatal("cycle period must be numeric and "				      "positive");			break;		case 'p':			pseudorandom = ISC_TRUE;			break;		case 'r':			randomfile = isc_commandline_argument;			break;		case 'v':			endp = NULL;			verbose = strtol(isc_commandline_argument, &endp, 0);			if (*endp != '\0')				fatal("verbose level must be numeric");			break;		case 'o':			origin = isc_commandline_argument;			break;		case 'f':			output = isc_commandline_argument;			break;		case 'a':			tryverify = ISC_TRUE;			break;		case 't':			printstats = ISC_TRUE;			break;		case 'd':			directory = isc_commandline_argument;			break;		case 'n':			endp = NULL;			ntasks = strtol(isc_commandline_argument, &endp, 0);			if (*endp != '\0' || ntasks > ISC_INT32_MAX)				fatal("number of cpus must be numeric");			break;		case 'h':		default:			usage();		}	}#ifndef ISC_RFC2535	fprintf(stderr,"WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING\n""WARNING                                                         WARNING\n""WARNING This version of dnssec-signzone produces zones that are WARNING\n""WARNING incompatible with the forth coming DS based DNSSEC      WARNING\n""WARNING standard.                                               WARNING\n""WARNING                                                         WARNING\n""WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING WARNING\n");#endif	setup_entropy(mctx, randomfile, &ectx);	eflags = ISC_ENTROPY_BLOCKING;	if (!pseudorandom)		eflags |= ISC_ENTROPY_GOODONLY;	result = dst_lib_init(mctx, ectx, eflags);	if (result != ISC_R_SUCCESS)		fatal("could not initialize dst");	isc_stdtime_get(&now);	if (startstr != NULL)		starttime = strtotime(startstr, now, now);	else		starttime = now;	if (endstr != NULL)		endtime = strtotime(endstr, now, starttime);	else		endtime = starttime + (30 * 24 * 60 * 60);	if (cycle == -1)		cycle = (endtime - starttime) / 4;	if (ntasks == 0)		ntasks = isc_os_ncpus();	vbprintf(4, "using %d cpus\n", ntasks);	if (classname != NULL) {		r.base = classname;		r.length = strlen(classname);		result = dns_rdataclass_fromtext(&rdclass, &r);		if (result != ISC_R_SUCCESS)			fatal("unknown class %s",classname);	} else		rdclass = dns_rdataclass_in;	setup_logging(verbose, mctx, &log);	argc -= isc_commandline_index;	argv += isc_commandline_index;	if (argc < 1)		usage();	file = argv[0];	argc -= 1;	argv += 1;	if (output == NULL) {		free_output = ISC_TRUE;		output = isc_mem_allocate(mctx,					  strlen(file) + strlen(".signed") + 1);		if (output == NULL)			fatal("out of memory");		sprintf(output, "%s.signed", file);	}	if (origin == NULL)		origin = file;	gdb = NULL;	isc_time_now(&timer_start);	loadzone(file, origin, rdclass, &gdb);	gorigin = dns_db_origin(gdb);	ISC_LIST_INIT(keylist);	if (argc == 0) {		signer_key_t *key;		loadzonekeys(gdb);		key = ISC_LIST_HEAD(keylist);		while (key != NULL) {			key->isdefault = ISC_TRUE;			key = ISC_LIST_NEXT(key, link);		}	} else {		for (i = 0; i < argc; i++) {			dst_key_t *newkey = NULL;			result = dst_key_fromnamedfile(argv[i],						       DST_TYPE_PUBLIC |						       DST_TYPE_PRIVATE,						       mctx, &newkey);			if (result != ISC_R_SUCCESS)				fatal("cannot load key %s: %s", argv[i],				      isc_result_totext(result)); 			key = ISC_LIST_HEAD(keylist);			while (key != NULL) {				dst_key_t *dkey = key->key;				if (dst_key_id(dkey) == dst_key_id(newkey) &&				    dst_key_alg(dkey) == dst_key_alg(newkey) &&				    dns_name_equal(dst_key_name(dkey),					    	   dst_key_name(newkey)))				{					key->isdefault = ISC_TRUE;					if (!dst_key_isprivate(dkey))						fatal("cannot sign zone with "						      "non-private key %s",						      argv[i]);					break;				}				key = ISC_LIST_NEXT(key, link);			}			if (key == NULL) {				key = newkeystruct(newkey, ISC_TRUE);				ISC_LIST_APPEND(keylist, key, link);			} else				dst_key_free(&newkey);		}		loadzonepubkeys(gdb);	}	if (ISC_LIST_EMPTY(keylist)) {		fprintf(stderr, "%s: warning: No keys specified or found\n",			program);		nokeys = ISC_TRUE;	}	gversion = NULL;	result = dns_db_newversion(gdb, &gversion);	check_result(result, "dns_db_newversion()");	tempfilelen = strlen(output) + 20;	tempfile = isc_mem_get(mctx, tempfilelen);	if (tempfile == NULL)		fatal("out of memory");	result = isc_file_mktemplate(output, tempfile, tempfilelen);	check_result(result, "isc_file_mktemplate");	fp = NULL;	result = isc_file_openunique(tempfile, &fp);	if (result != ISC_R_SUCCESS)		fatal("failed to open temporary output file: %s",		      isc_result_totext(result));	removefile = ISC_TRUE;	setfatalcallback(&removetempfile);	print_time(fp);	print_version(fp);	result = isc_taskmgr_create(mctx, ntasks, 0, &taskmgr);	if (result != ISC_R_SUCCESS)		fatal("failed to create task manager: %s",		      isc_result_totext(result));	master = NULL;	result = isc_task_create(taskmgr, 0, &master);	if (result != ISC_R_SUCCESS)		fatal("failed to create task: %s", isc_result_totext(result));	tasks = isc_mem_get(mctx, ntasks * sizeof(isc_task_t *));	if (tasks == NULL)		fatal("out of memory");	for (i = 0; i < (int)ntasks; i++) {		tasks[i] = NULL;		result = isc_task_create(taskmgr, 0, &tasks[i]);		if (result != ISC_R_SUCCESS)			fatal("failed to create task: %s",			      isc_result_totext(result));		result = isc_app_onrun(mctx, master, startworker, tasks[i]);		if (result != ISC_R_SUCCESS)			fatal("failed to start task: %s",			      isc_result_totext(result));	}	RUNTIME_CHECK(isc_mutex_init(&namelock) == ISC_R_SUCCESS);	if (printstats)		RUNTIME_CHECK(isc_mutex_init(&statslock) == ISC_R_SUCCESS);	presign();	(void)isc_app_run();	if (!finished)		fatal("process aborted by user");	shuttingdown = ISC_TRUE;	for (i = 0; i < (int)ntasks; i++)		isc_task_detach(&tasks[i]);	isc_taskmgr_destroy(&taskmgr);	isc_mem_put(mctx, tasks, ntasks * sizeof(isc_task_t *));	postsign();	result = isc_stdio_close(fp);	check_result(result, "isc_stdio_close");	removefile = ISC_FALSE;	result = isc_file_rename(tempfile, output);	if (result != ISC_R_SUCCESS)		fatal("failed to rename temp file to %s: %s\n",		      output, isc_result_totext(result));	DESTROYLOCK(&namelock);	if (printstats)		DESTROYLOCK(&statslock);	printf("%s\n", output);	dns_db_closeversion(gdb, &gversion, ISC_FALSE);	dns_db_detach(&gdb);	while (!ISC_LIST_EMPTY(keylist)) {		key = ISC_LIST_HEAD(keylist);		ISC_LIST_UNLINK(keylist, key, link);		dst_key_free(&key->key);		isc_mem_put(mctx, key, sizeof(signer_key_t));	}	isc_mem_put(mctx, tempfile, tempfilelen);	if (free_output)		isc_mem_free(mctx, output);	cleanup_logging(&log);	dst_lib_destroy();	cleanup_entropy(&ectx);	if (verbose > 10)		isc_mem_stats(mctx, stdout);	isc_mem_destroy(&mctx);	(void) isc_app_finish();	if (printstats) {		isc_uint64_t runtime_us;   /* Runtime in microseconds */		isc_uint64_t runtime_ms;   /* Runtime in milliseconds */		isc_uint64_t sig_ms;	   /* Signatures per millisecond */		isc_time_now(&timer_finish);		runtime_us = isc_time_microdiff(&timer_finish, &timer_start);		printf("Signatures generated:               %10d\n",		       nsigned);		printf("Signatures retained:                %10d\n",		       nretained);		printf("Signatures dropped:                 %10d\n",		       ndropped);		printf("Signatures successfully verified:   %10d\n",		       nverified);		printf("Signatures unsuccessfully verified: %10d\n",		       nverifyfailed);		runtime_ms = runtime_us / 1000;		printf("Runtime in seconds:                %7u.%03u\n", 		       (unsigned int) (runtime_ms / 1000), 		       (unsigned int) (runtime_ms % 1000));		if (runtime_us > 0) {			sig_ms = ((isc_uint64_t)nsigned * 1000000000) /				 runtime_us;			printf("Signatures per second:             %7u.%03u\n",			       (unsigned int) sig_ms / 1000, 			       (unsigned int) sig_ms % 1000);		}	}	return (0);}
1234

⌨️ 快捷键说明

复制代码 Ctrl + C
搜索代码 Ctrl + F
全屏模式 F11
切换主题 Ctrl + Shift + D
显示快捷键 ?
增大字号 Ctrl + =
减小字号 Ctrl + -