From c3fd94cd4dc6869e85c1c4eefbdbd13632353651 Mon Sep 17 00:00:00 2001
From: Evan Hunt <each@isc.org>
Date: Fri, 4 Feb 2022 16:52:22 -0800
Subject: [PATCH] make dnssec-verify and dnssec-signzone read journal files

add a -J option to dnssec-verify and dnssec-signzone to read
a specified journal file when loading a zone.
---
 bin/dnssec/dnssec-signzone.c | 13 +++++++++---
 bin/dnssec/dnssec-verify.c   | 17 ++++++++++-----
 bin/dnssec/dnssectool.c      | 40 ++++++++++++++++++++++++++++++++++++
 bin/dnssec/dnssectool.h      |  6 ++++++
 4 files changed, 68 insertions(+), 8 deletions(-)

diff --git a/bin/dnssec/dnssec-signzone.c b/bin/dnssec/dnssec-signzone.c
index 1c01388bd6..cf203b1276 100644
--- a/bin/dnssec/dnssec-signzone.c
+++ b/bin/dnssec/dnssec-signzone.c
@@ -3357,9 +3357,9 @@ main(int argc, char *argv[]) {
 	atomic_init(&finished, false);
 
 	/* Unused letters: Bb G J q Yy (and F is reserved). */
-#define CMDLINE_FLAGS                                                         \
-	"3:AaCc:Dd:E:e:f:FghH:i:I:j:K:k:L:l:m:M:n:N:o:O:PpQqRr:s:ST:tuUv:VX:" \
-	"xzZ:"
+#define CMDLINE_FLAGS                                                        \
+	"3:AaCc:Dd:E:e:f:FghH:i:I:j:J:K:k:L:l:m:M:n:N:o:O:PpQqRr:s:ST:tuUv:" \
+	"VX:xzZ:"
 
 	/*
 	 * Process memory debugging argument first.
@@ -3507,6 +3507,10 @@ main(int argc, char *argv[]) {
 			}
 			break;
 
+		case 'J':
+			journal = isc_commandline_argument;
+			break;
+
 		case 'K':
 			directory = isc_commandline_argument;
 			break;
@@ -3810,6 +3814,9 @@ main(int argc, char *argv[]) {
 	gdb = NULL;
 	TIME_NOW(&timer_start);
 	loadzone(file, origin, rdclass, &gdb);
+	if (journal != NULL) {
+		loadjournal(mctx, gdb, journal);
+	}
 	gorigin = dns_db_origin(gdb);
 	gclass = dns_db_class(gdb);
 	get_soa_ttls();
diff --git a/bin/dnssec/dnssec-verify.c b/bin/dnssec/dnssec-verify.c
index 27b2e9fce7..4d704e7d38 100644
--- a/bin/dnssec/dnssec-verify.c
+++ b/bin/dnssec/dnssec-verify.c
@@ -70,10 +70,10 @@ const char *program = "dnssec-verify";
 static isc_stdtime_t now;
 static isc_mem_t *mctx = NULL;
 static dns_masterformat_t inputformat = dns_masterformat_text;
-static dns_db_t *gdb;		  /* The database */
-static dns_dbversion_t *gversion; /* The database version */
-static dns_rdataclass_t gclass;	  /* The class */
-static dns_name_t *gorigin;	  /* The database origin */
+static dns_db_t *gdb = NULL;		 /* The database */
+static dns_dbversion_t *gversion = NULL; /* The database version */
+static dns_rdataclass_t gclass;		 /* The class */
+static dns_name_t *gorigin = NULL;	 /* The database origin */
 static bool ignore_kskflag = false;
 static bool keyset_kskonly = false;
 
@@ -180,7 +180,7 @@ main(int argc, char *argv[]) {
 	char *endp;
 	int ch;
 
-#define CMDLINE_FLAGS "c:E:hm:o:I:qv:Vxz"
+#define CMDLINE_FLAGS "c:E:hJ:m:o:I:qv:Vxz"
 
 	/*
 	 * Process memory debugging argument first.
@@ -226,6 +226,10 @@ main(int argc, char *argv[]) {
 			inputformatstr = isc_commandline_argument;
 			break;
 
+		case 'J':
+			journal = isc_commandline_argument;
+			break;
+
 		case 'm':
 			break;
 
@@ -319,6 +323,9 @@ main(int argc, char *argv[]) {
 	gdb = NULL;
 	report("Loading zone '%s' from file '%s'\n", origin, file);
 	loadzone(file, origin, rdclass, &gdb);
+	if (journal != NULL) {
+		loadjournal(mctx, gdb, journal);
+	}
 	gorigin = dns_db_origin(gdb);
 	gclass = dns_db_class(gdb);
 
diff --git a/bin/dnssec/dnssectool.c b/bin/dnssec/dnssectool.c
index 095bb59c90..5908aa7df5 100644
--- a/bin/dnssec/dnssectool.c
+++ b/bin/dnssec/dnssectool.c
@@ -39,6 +39,7 @@
 #include <dns/dbiterator.h>
 #include <dns/dnssec.h>
 #include <dns/fixedname.h>
+#include <dns/journal.h>
 #include <dns/keyvalues.h>
 #include <dns/log.h>
 #include <dns/name.h>
@@ -64,6 +65,7 @@ static const char *keystates[KEYSTATES_NVALUES] = {
 
 int verbose = 0;
 bool quiet = false;
+const char *journal = NULL;
 dns_dsdigest_t dtype[8];
 
 static fatalcallback_t *fatalcallback = NULL;
@@ -564,3 +566,41 @@ isoptarg(const char *arg, char **argv, void (*usage)(void)) {
 	}
 	return (false);
 }
+
+void
+loadjournal(isc_mem_t *mctx, dns_db_t *db, const char *file) {
+	dns_journal_t *jnl = NULL;
+	isc_result_t result;
+
+	result = dns_journal_open(mctx, file, DNS_JOURNAL_READ, &jnl);
+	if (result == ISC_R_NOTFOUND) {
+		fprintf(stderr, "%s: journal file %s not found\n", program,
+			file);
+		goto cleanup;
+	} else if (result != ISC_R_SUCCESS) {
+		fatal("unable to open journal %s: %s\n", file,
+		      isc_result_totext(result));
+	}
+
+	if (dns_journal_empty(jnl)) {
+		dns_journal_destroy(&jnl);
+		return;
+	}
+
+	result = dns_journal_rollforward(jnl, db, 0);
+	switch (result) {
+	case ISC_R_SUCCESS:
+	case DNS_R_UPTODATE:
+		break;
+
+	case ISC_R_NOTFOUND:
+	case ISC_R_RANGE:
+		fatal("journal %s out of sync with zone", file);
+
+	default:
+		fatal("journal %s: %s\n", file, isc_result_totext(result));
+	}
+
+cleanup:
+	dns_journal_destroy(&jnl);
+}
diff --git a/bin/dnssec/dnssectool.h b/bin/dnssec/dnssectool.h
index 9abc3e3f20..9f9d9750ac 100644
--- a/bin/dnssec/dnssectool.h
+++ b/bin/dnssec/dnssectool.h
@@ -32,6 +32,9 @@ extern bool quiet;
 /*! program name, statically initialized in each program */
 extern const char *program;
 
+/*! journal file */
+extern const char *journal;
+
 /*!
  * List of DS digest types used by dnssec-cds and dnssec-dsfromkey,
  * defined in dnssectool.c. Filled in by add_dtype() from -a
@@ -102,3 +105,6 @@ key_collision(dst_key_t *key, dns_name_t *name, const char *dir,
 
 bool
 isoptarg(const char *arg, char **argv, void (*usage)(void));
+
+void
+loadjournal(isc_mem_t *mctx, dns_db_t *db, const char *journal);