Changeset 1984
- Timestamp:
- 02/07/11 10:33:20 (2 years ago)
- Files:
-
- 1 modified
-
trunk/pdns/pdns/pdnssec.cc (modified) (7 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/pdns/pdns/pdnssec.cc
r1970 r1984 12 12 #include "zoneparser-tng.hh" 13 13 #include "signingpipe.hh" 14 14 15 StatBag S; 15 16 PacketCache PC; … … 20 21 21 22 string s_programname="pdns"; 23 24 #if 0 25 void launchSigningService(int fd) 26 { 27 UeberBackend db("key-only"); 28 DNSSECKeeper dk; 29 string str; 30 vector<DNSResourceRecord> chunk; 31 uint64_t signatures=0; 32 while(readLStringFromSocket(fd, str)) 33 { 34 if(str.empty()) 35 break; 36 chunk=convertDNSRRVectorFromPBString(str); 37 38 addRRSigs(dk, db, "big.aa", chunk); // sucks 39 40 ++signatures; 41 str=convertDNSRRVectorToPBString(chunk); 42 writeLStringToSocket(fd, str); 43 } 44 cerr<<"Exiting after "<<signatures<<" signatures"<<endl; 45 char c; 46 //read(fd, &c, 1); // wait for EOF, signifies that the other side received everything 47 _exit(1); 48 } 49 50 void signingServer() 51 { 52 ComboAddress local("::", 2000); 53 int sock = socket(AF_INET6, SOCK_STREAM, 0); 54 55 setSocketReusable(sock); 56 if(::bind(sock, (struct sockaddr*)&local, local.getSocklen()) < 0) 57 unixDie("Binding signing server to socket"); 58 listen(sock, 5); 59 for(;;) { 60 ComboAddress remote("::"); 61 socklen_t remotelen = remote.getSocklen(); 62 int client = accept(sock, (struct sockaddr*)&remote, &remotelen); 63 64 if(client < 0) 65 break; 66 cerr<<"Got connection from "<<remote.toString()<<endl; 67 if(fork()) 68 continue; 69 launchSigningService(client); 70 } 71 } 72 #endif 22 73 23 74 ArgvMap &arg() … … 183 234 } 184 235 185 void testSpeed(DNSSECKeeper& dk, const string& zone, int cores)236 void testSpeed(DNSSECKeeper& dk, const string& zone, const string& remote, int cores) 186 237 { 187 238 DNSResourceRecord rr; … … 194 245 rr.priority=0; 195 246 196 UeberBackend db ;197 198 ChunkedSigningPipe csp( dk, db, zone, 1, cores);247 UeberBackend db("key-only"); 248 249 ChunkedSigningPipe csp(zone, 1, remote, cores); 199 250 200 251 vector<DNSResourceRecord> signatures; … … 258 309 259 310 string msg = getMessageForRRSET(qname, rrc, toSign); 260 DNSCryptoKeyEngine* dpk = DNSCryptoKeyEngine::make(rrc.d_algorithm); 261 string hash = dpk->sign(msg); 262 cerr<<"Verify: "<<DNSCryptoKeyEngine::makeFromPublicKeyString(drc.d_algorithm, drc.d_key)->verify(hash, rrc.d_signature)<<endl; 311 cerr<<"Verify: "<<DNSCryptoKeyEngine::makeFromPublicKeyString(drc.d_algorithm, drc.d_key)->verify(msg, rrc.d_signature)<<endl; 263 312 if(dsrc.d_digesttype) { 264 313 cerr<<"Calculated DS: "<<apex<<" IN DS "<<makeDSFromDNSKey(apex, drc, dsrc.d_digesttype).getZoneRepresentation()<<endl; … … 393 442 checkZone(dk, cmds[1]); 394 443 } 444 #if 0 445 else if(cmds[0] == "signing-server" ) 446 { 447 signingServer(); 448 } 449 else if(cmds[0] == "signing-slave") 450 { 451 launchSigningService(0); 452 } 453 #endif 395 454 else if(cmds[0] == "test-speed") { 396 if(cmds.size() !=3) {397 cerr << "Error: "<<cmds[0]<<" takes exactly 2 parameters, zone numcores"<<endl;398 return 0; 399 } 400 testSpeed(dk, cmds[1], atoi(cmds[2].c_str()));455 if(cmds.size() < 3) { 456 cerr << "Error: "<<cmds[0]<<" takes 2 or 3 parameters, zone numcores [signing-server]"<<endl; 457 return 0; 458 } 459 testSpeed(dk, cmds[1], (cmds.size() > 3) ? cmds[3] : "", atoi(cmds[2].c_str())); 401 460 } 402 461 else if(cmds[0] == "verify-crypto") { … … 484 543 } 485 544 486 dk.secureZone(zone, 8); 545 if(!dk.secureZone(zone, 8)) { 546 cerr<<"No backend was able to secure '"<<zone<<"', most likely because no DNSSEC\n"; 547 cerr<<"capable backends are loaded, or because the backends have DNSSEC disabled.\n"; 548 cerr<<"For the Generic SQL backends, set 'gsqlite3-dnssec' or 'gmysql-dnssec' or\n"; 549 cerr<<"'gpgsql-dnssec' etc. Also make sure the schema has been updated for DNSSEC!\n"; 550 return 0; 551 } 487 552 488 553 if(!dk.isSecuredZone(zone)) {
