435 lines
18 KiB
OpenEdge ABL
435 lines
18 KiB
OpenEdge ABL
|
/******************************************************************************
|
||
|
* ldns_dnssec.i: DNSSEC zone, name, rrs
|
||
|
*
|
||
|
* Copyright (c) 2009, Zdenek Vasicek (vasicek AT fit.vutbr.cz)
|
||
|
* Karel Slany (slany AT fit.vutbr.cz)
|
||
|
* All rights reserved.
|
||
|
*
|
||
|
* Redistribution and use in source and binary forms, with or without
|
||
|
* modification, are permitted provided that the following conditions are met:
|
||
|
*
|
||
|
* * Redistributions of source code must retain the above copyright notice,
|
||
|
* this list of conditions and the following disclaimer.
|
||
|
* * Redistributions in binary form must reproduce the above copyright
|
||
|
* notice, this list of conditions and the following disclaimer in the
|
||
|
* documentation and/or other materials provided with the distribution.
|
||
|
* * Neither the name of the organization nor the names of its
|
||
|
* contributors may be used to endorse or promote products derived from this
|
||
|
* software without specific prior written permission.
|
||
|
*
|
||
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
||
|
* AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
|
||
|
* LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
||
|
* CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
||
|
* SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
||
|
* INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
||
|
* CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
||
|
* ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
||
|
* POSSIBILITY OF SUCH DAMAGE.
|
||
|
******************************************************************************/
|
||
|
%nodefaultctor ldns_dnssec_rrs; //no default constructor & destructor
|
||
|
%nodefaultdtor ldns_dnssec_rrs;
|
||
|
|
||
|
%newobject ldns_dnssec_rrs_new;
|
||
|
%delobject ldns_dnssec_rrs_free;
|
||
|
|
||
|
%extend ldns_dnssec_rrs {
|
||
|
%pythoncode %{
|
||
|
|
||
|
def __init__(self):
|
||
|
"""Creates a new entry for 1 pointer to an rr and 1 pointer to the next rrs.
|
||
|
|
||
|
:returns: (ldns_dnssec_rrs) the allocated data
|
||
|
"""
|
||
|
self.this = _ldns.ldns_dnssec_rrs_new()
|
||
|
if not self.this:
|
||
|
raise Exception("Can't create rrs instance")
|
||
|
|
||
|
__swig_destroy__ = _ldns.ldns_dnssec_rrs_free
|
||
|
|
||
|
#LDNS_DNSSEC_RRS_METHODS_#
|
||
|
def add_rr(self,rr):
|
||
|
"""Adds an RR to the list of RRs.
|
||
|
|
||
|
The list will remain ordered
|
||
|
|
||
|
:param rr:
|
||
|
the RR to add
|
||
|
:returns: (ldns_status) LDNS_STATUS_OK on success
|
||
|
"""
|
||
|
return _ldns.ldns_dnssec_rrs_add_rr(self,rr)
|
||
|
#parameters: ldns_dnssec_rrs *,ldns_rr *,
|
||
|
#retvals: ldns_status
|
||
|
#_LDNS_DNSSEC_RRS_METHODS#
|
||
|
%}
|
||
|
}
|
||
|
|
||
|
// ================================================================================
|
||
|
// DNNSEC RRS
|
||
|
// ================================================================================
|
||
|
%nodefaultctor ldns_dnssec_rrsets; //no default constructor & destructor
|
||
|
%nodefaultdtor ldns_dnssec_rrsets;
|
||
|
|
||
|
%newobject ldns_dnssec_rrsets_new;
|
||
|
%delobject ldns_dnssec_rrsets_free;
|
||
|
|
||
|
%extend ldns_dnssec_rrsets {
|
||
|
%pythoncode %{
|
||
|
def __init__(self):
|
||
|
"""Creates a new list (entry) of RRsets.
|
||
|
|
||
|
:returns: (ldns_dnssec_rrsets \*) instance
|
||
|
"""
|
||
|
self.this = _ldns.ldns_dnssec_rrsets_new()
|
||
|
if not self.this:
|
||
|
raise Exception("Can't create rrsets instance")
|
||
|
|
||
|
__swig_destroy__ = _ldns.ldns_dnssec_rrsets_free
|
||
|
|
||
|
def print_to_file(self, file, follow):
|
||
|
"""Print the given list of rrsets to the given file descriptor.
|
||
|
|
||
|
:param file: file pointer
|
||
|
:param follow: if set to false, only print the first RRset
|
||
|
"""
|
||
|
_ldns.ldns_dnssec_rrsets_print(file,self,follow)
|
||
|
#parameters: FILE *,ldns_dnssec_rrsets *,bool,
|
||
|
#retvals:
|
||
|
|
||
|
#LDNS_DNSSEC_RRSETS_METHODS_#
|
||
|
def add_rr(self,rr):
|
||
|
"""Add an ldns_rr to the corresponding RRset in the given list of RRsets.
|
||
|
|
||
|
If it is not present, add it as a new RRset with 1 record.
|
||
|
|
||
|
:param rr:
|
||
|
the rr to add to the list of rrsets
|
||
|
:returns: (ldns_status) LDNS_STATUS_OK on success
|
||
|
"""
|
||
|
return _ldns.ldns_dnssec_rrsets_add_rr(self,rr)
|
||
|
#parameters: ldns_dnssec_rrsets *,ldns_rr *,
|
||
|
#retvals: ldns_status
|
||
|
|
||
|
def set_type(self,atype):
|
||
|
"""Sets the RR type of the rrset (that is head of the given list).
|
||
|
|
||
|
:param atype:
|
||
|
:returns: (ldns_status) LDNS_STATUS_OK on success
|
||
|
"""
|
||
|
return _ldns.ldns_dnssec_rrsets_set_type(self,atype)
|
||
|
#parameters: ldns_dnssec_rrsets *,ldns_rr_type,
|
||
|
#retvals: ldns_status
|
||
|
|
||
|
def type(self):
|
||
|
"""Returns the rr type of the rrset (that is head of the given list).
|
||
|
|
||
|
:returns: (ldns_rr_type) the rr type
|
||
|
"""
|
||
|
return _ldns.ldns_dnssec_rrsets_type(self)
|
||
|
#parameters: ldns_dnssec_rrsets *,
|
||
|
#retvals: ldns_rr_type
|
||
|
#_LDNS_DNSSEC_RRSETS_METHODS#
|
||
|
%}
|
||
|
}
|
||
|
|
||
|
// ================================================================================
|
||
|
// DNNSEC NAME
|
||
|
// ================================================================================
|
||
|
%nodefaultctor ldns_dnssec_name; //no default constructor & destructor
|
||
|
%nodefaultdtor ldns_dnssec_name;
|
||
|
|
||
|
%newobject ldns_dnssec_name_new;
|
||
|
%delobject ldns_dnssec_name_free;
|
||
|
|
||
|
%extend ldns_dnssec_name {
|
||
|
%pythoncode %{
|
||
|
def __init__(self):
|
||
|
"""Create a new instance of dnssec name."""
|
||
|
self.this = _ldns.ldns_dnssec_name_new()
|
||
|
if not self.this:
|
||
|
raise Exception("Can't create dnssec name instance")
|
||
|
|
||
|
__swig_destroy__ = _ldns.ldns_dnssec_name_free
|
||
|
|
||
|
def print_to_file(self,file):
|
||
|
"""Prints the RRs in the dnssec name structure to the given file descriptor.
|
||
|
|
||
|
:param file: file pointer
|
||
|
"""
|
||
|
_ldns.ldns_dnssec_name_print(file, self)
|
||
|
#parameters: FILE *,ldns_dnssec_name *,
|
||
|
|
||
|
@staticmethod
|
||
|
def new_frm_rr(raiseException=True):
|
||
|
"""Create a new instace of dnssec name for the given RR.
|
||
|
|
||
|
:returns: (ldns_dnssec_name) instance
|
||
|
"""
|
||
|
name = _ldns.ldns_dnssec_name_new_frm_rr(self)
|
||
|
if (not name) and (raiseException):
|
||
|
raise Exception("Can't create dnssec name")
|
||
|
return name
|
||
|
|
||
|
#LDNS_DNSSEC_NAME_METHODS_#
|
||
|
def add_rr(self,rr):
|
||
|
"""Inserts the given rr at the right place in the current dnssec_name No checking is done whether the name matches.
|
||
|
|
||
|
:param rr:
|
||
|
The RR to add
|
||
|
:returns: (ldns_status) LDNS_STATUS_OK on success, error code otherwise
|
||
|
"""
|
||
|
return _ldns.ldns_dnssec_name_add_rr(self,rr)
|
||
|
#parameters: ldns_dnssec_name *,ldns_rr *,
|
||
|
#retvals: ldns_status
|
||
|
|
||
|
def find_rrset(self,atype):
|
||
|
"""Find the RRset with the given type in within this name structure.
|
||
|
|
||
|
:param atype:
|
||
|
:returns: (ldns_dnssec_rrsets \*) the RRset, or NULL if not present
|
||
|
"""
|
||
|
return _ldns.ldns_dnssec_name_find_rrset(self,atype)
|
||
|
#parameters: ldns_dnssec_name *,ldns_rr_type,
|
||
|
#retvals: ldns_dnssec_rrsets *
|
||
|
|
||
|
def name(self):
|
||
|
"""Returns the domain name of the given dnssec_name structure.
|
||
|
|
||
|
:returns: (ldns_rdf \*) the domain name
|
||
|
"""
|
||
|
return _ldns.ldns_dnssec_name_name(self)
|
||
|
#parameters: ldns_dnssec_name *,
|
||
|
#retvals: ldns_rdf *
|
||
|
|
||
|
def set_name(self,dname):
|
||
|
"""Sets the domain name of the given dnssec_name structure.
|
||
|
|
||
|
:param dname:
|
||
|
the domain name to set it to. This data is *not* copied.
|
||
|
"""
|
||
|
_ldns.ldns_dnssec_name_set_name(self,dname)
|
||
|
#parameters: ldns_dnssec_name *,ldns_rdf *,
|
||
|
#retvals:
|
||
|
|
||
|
def set_nsec(self,nsec):
|
||
|
"""Sets the NSEC(3) RR of the given dnssec_name structure.
|
||
|
|
||
|
:param nsec:
|
||
|
the nsec rr to set it to. This data is *not* copied.
|
||
|
"""
|
||
|
_ldns.ldns_dnssec_name_set_nsec(self,nsec)
|
||
|
#parameters: ldns_dnssec_name *,ldns_rr *,
|
||
|
#retvals:
|
||
|
#_LDNS_DNSSEC_NAME_METHODS#
|
||
|
%}
|
||
|
}
|
||
|
|
||
|
// ================================================================================
|
||
|
// DNNSEC ZONE
|
||
|
// ================================================================================
|
||
|
%nodefaultctor ldns_dnssec_zone; //no default constructor & destructor
|
||
|
%nodefaultdtor ldns_dnssec_zone;
|
||
|
|
||
|
%newobject ldns_dnssec_zone_new;
|
||
|
%delobject ldns_dnssec_zone_free;
|
||
|
|
||
|
%inline %{
|
||
|
ldns_status ldns_dnssec_zone_sign_defcb(ldns_dnssec_zone *zone, ldns_rr_list *new_rrs, ldns_key_list *key_list, int cbtype)
|
||
|
{
|
||
|
if (cbtype == 0)
|
||
|
return ldns_dnssec_zone_sign(zone, new_rrs, key_list, ldns_dnssec_default_add_to_signatures, NULL);
|
||
|
if (cbtype == 1)
|
||
|
return ldns_dnssec_zone_sign(zone, new_rrs, key_list, ldns_dnssec_default_leave_signatures, NULL);
|
||
|
if (cbtype == 2)
|
||
|
return ldns_dnssec_zone_sign(zone, new_rrs, key_list, ldns_dnssec_default_delete_signatures, NULL);
|
||
|
|
||
|
return ldns_dnssec_zone_sign(zone, new_rrs, key_list, ldns_dnssec_default_replace_signatures, NULL);
|
||
|
}
|
||
|
%}
|
||
|
|
||
|
%extend ldns_dnssec_zone {
|
||
|
%pythoncode %{
|
||
|
|
||
|
def __init__(self):
|
||
|
"""Creates a new dnssec_zone instance"""
|
||
|
self.this = _ldns.ldns_dnssec_zone_new()
|
||
|
if not self.this:
|
||
|
raise Exception("Can't create dnssec zone instance")
|
||
|
|
||
|
__swig_destroy__ = _ldns.ldns_dnssec_zone_free
|
||
|
|
||
|
def print_to_file(self,file):
|
||
|
"""Prints the complete zone to the given file descriptor.
|
||
|
|
||
|
:param file: file pointer
|
||
|
"""
|
||
|
_ldns.ldns_dnssec_zone_print(file, self)
|
||
|
#parameters: FILE *, ldns_dnssec_zone *,
|
||
|
#retvals:
|
||
|
|
||
|
def create_nsec3s(self,new_rrs,algorithm,flags,iterations,salt_length,salt):
|
||
|
"""Adds NSEC3 records to the zone.
|
||
|
|
||
|
:param new_rrs:
|
||
|
:param algorithm:
|
||
|
:param flags:
|
||
|
:param iterations:
|
||
|
:param salt_length:
|
||
|
:param salt:
|
||
|
:returns: (ldns_status)
|
||
|
"""
|
||
|
return _ldns.ldns_dnssec_zone_create_nsec3s(self,new_rrs,algorithm,flags,iterations,salt_length,salt)
|
||
|
#parameters: ldns_dnssec_zone *,ldns_rr_list *,uint8_t,uint8_t,uint16_t,uint8_t,uint8_t *,
|
||
|
#retvals: ldns_status
|
||
|
|
||
|
def create_nsecs(self,new_rrs):
|
||
|
"""Adds NSEC records to the given dnssec_zone.
|
||
|
|
||
|
:param new_rrs:
|
||
|
ldns_rr's created by this function are added to this rr list, so the caller can free them later
|
||
|
:returns: (ldns_status) LDNS_STATUS_OK on success, an error code otherwise
|
||
|
"""
|
||
|
return _ldns.ldns_dnssec_zone_create_nsecs(self,new_rrs)
|
||
|
#parameters: ldns_dnssec_zone *,ldns_rr_list *,
|
||
|
#retvals: ldns_status
|
||
|
|
||
|
def create_rrsigs(self,new_rrs,key_list,func,arg):
|
||
|
"""Adds signatures to the zone.
|
||
|
|
||
|
:param new_rrs:
|
||
|
the RRSIG RRs that are created are also added to this list, so the caller can free them later
|
||
|
:param key_list:
|
||
|
list of keys to sign with.
|
||
|
:param func:
|
||
|
Callback function to decide what keys to use and what to do with old signatures
|
||
|
:param arg:
|
||
|
Optional argument for the callback function
|
||
|
:returns: (ldns_status) LDNS_STATUS_OK on success, error otherwise
|
||
|
"""
|
||
|
return _ldns.ldns_dnssec_zone_create_rrsigs(self,new_rrs,key_list,func,arg)
|
||
|
#parameters: ldns_dnssec_zone *,ldns_rr_list *,ldns_key_list *,int(*)(ldns_rr *, void *),void *,
|
||
|
#retvals: ldns_status
|
||
|
|
||
|
def sign_cb(self,new_rrs,key_list,func,arg):
|
||
|
"""signs the given zone with the given keys (with callback function)
|
||
|
|
||
|
:param new_rrs:
|
||
|
newly created resource records are added to this list, to free them later
|
||
|
:param key_list:
|
||
|
the list of keys to sign the zone with
|
||
|
:param func:
|
||
|
callback function that decides what to do with old signatures.
|
||
|
This function takes an ldns_rr and an optional arg argument, and returns one of four values:
|
||
|
|
||
|
* LDNS_SIGNATURE_LEAVE_ADD_NEW - leave the signature and add a new one for the corresponding key
|
||
|
|
||
|
* LDNS_SIGNATURE_REMOVE_ADD_NEW - remove the signature and replace is with a new one from the same key
|
||
|
|
||
|
* LDNS_SIGNATURE_LEAVE_NO_ADD - leave the signature and do not add a new one with the corresponding key
|
||
|
|
||
|
* LDNS_SIGNATURE_REMOVE_NO_ADD - remove the signature and do not replace
|
||
|
|
||
|
:param arg:
|
||
|
optional argument for the callback function
|
||
|
:returns: (ldns_status) LDNS_STATUS_OK on success, an error code otherwise
|
||
|
"""
|
||
|
return _ldns.ldns_dnssec_zone_sign(self,new_rrs,key_list,func,arg)
|
||
|
#parameters: ldns_dnssec_zone *,ldns_rr_list *,ldns_key_list *,int(*)(ldns_rr *, void *),void *,
|
||
|
#retvals: ldns_status
|
||
|
|
||
|
def sign(self,new_rrs,key_list, cbtype=3):
|
||
|
"""signs the given zone with the given keys
|
||
|
|
||
|
:param new_rrs:
|
||
|
newly created resource records are added to this list, to free them later
|
||
|
:param key_list:
|
||
|
the list of keys to sign the zone with
|
||
|
:param cb_type:
|
||
|
specifies how to deal with old signatures, possible values:
|
||
|
|
||
|
* 0 - ldns_dnssec_default_add_to_signatures,
|
||
|
|
||
|
* 1 - ldns_dnssec_default_leave_signatures,
|
||
|
|
||
|
* 2 - ldns_dnssec_default_delete_signatures,
|
||
|
|
||
|
* 3 - ldns_dnssec_default_replace_signatures
|
||
|
|
||
|
:returns: (ldns_status) LDNS_STATUS_OK on success, an error code otherwise
|
||
|
"""
|
||
|
return _ldns.ldns_dnssec_zone_sign_defcb(self,new_rrs,key_list, cbtype)
|
||
|
#parameters: ldns_dnssec_zone *,ldns_rr_list *,ldns_key_list *,
|
||
|
#retvals: ldns_status
|
||
|
|
||
|
def sign_nsec3(self,new_rrs,key_list,func,arg,algorithm,flags,iterations,salt_length,salt):
|
||
|
"""signs the given zone with the given new zone, with NSEC3
|
||
|
|
||
|
:param new_rrs:
|
||
|
newly created resource records are added to this list, to free them later
|
||
|
:param key_list:
|
||
|
the list of keys to sign the zone with
|
||
|
:param func:
|
||
|
callback function that decides what to do with old signatures
|
||
|
:param arg:
|
||
|
optional argument for the callback function
|
||
|
:param algorithm:
|
||
|
the NSEC3 hashing algorithm to use
|
||
|
:param flags:
|
||
|
NSEC3 flags
|
||
|
:param iterations:
|
||
|
the number of NSEC3 hash iterations to use
|
||
|
:param salt_length:
|
||
|
the length (in octets) of the NSEC3 salt
|
||
|
:param salt:
|
||
|
the NSEC3 salt data
|
||
|
:returns: (ldns_status) LDNS_STATUS_OK on success, an error code otherwise
|
||
|
"""
|
||
|
return _ldns.ldns_dnssec_zone_sign_nsec3(self,new_rrs,key_list,func,arg,algorithm,flags,iterations,salt_length,salt)
|
||
|
#parameters: ldns_dnssec_zone *,ldns_rr_list *,ldns_key_list *,int(*)(ldns_rr *, void *),void *,uint8_t,uint8_t,uint16_t,uint8_t,uint8_t *,
|
||
|
#retvals: ldns_status
|
||
|
|
||
|
#LDNS_DNSSEC_ZONE_METHODS_#
|
||
|
def add_empty_nonterminals(self):
|
||
|
"""Adds explicit dnssec_name structures for the empty nonterminals in this zone.
|
||
|
|
||
|
(this is needed for NSEC3 generation)
|
||
|
|
||
|
:returns: (ldns_status)
|
||
|
"""
|
||
|
return _ldns.ldns_dnssec_zone_add_empty_nonterminals(self)
|
||
|
#parameters: ldns_dnssec_zone *,
|
||
|
#retvals: ldns_status
|
||
|
|
||
|
def add_rr(self,rr):
|
||
|
"""Adds the given RR to the zone.
|
||
|
|
||
|
It find whether there is a dnssec_name with that name present.
|
||
|
If so, add it to that, if not create a new one.
|
||
|
Special handling of NSEC and RRSIG provided.
|
||
|
|
||
|
:param rr:
|
||
|
The RR to add
|
||
|
:returns: (ldns_status) LDNS_STATUS_OK on success, an error code otherwise
|
||
|
"""
|
||
|
return _ldns.ldns_dnssec_zone_add_rr(self,rr)
|
||
|
#parameters: ldns_dnssec_zone *,ldns_rr *,
|
||
|
#retvals: ldns_status
|
||
|
|
||
|
def find_rrset(self,dname,atype):
|
||
|
"""Find the RRset with the given name and type in the zone.
|
||
|
|
||
|
:param dname:
|
||
|
the domain name of the RRset to find
|
||
|
:param atype:
|
||
|
:returns: (ldns_dnssec_rrsets \*) the RRset, or NULL if not present
|
||
|
"""
|
||
|
return _ldns.ldns_dnssec_zone_find_rrset(self,dname,atype)
|
||
|
#parameters: ldns_dnssec_zone *,ldns_rdf *,ldns_rr_type,
|
||
|
#retvals: ldns_dnssec_rrsets *
|
||
|
|
||
|
#_LDNS_DNSSEC_ZONE_METHODS#
|
||
|
%}
|
||
|
}
|