val_anchor.c File Reference

This file contains storage for the trust anchors for the validator. More...

#include "config.h"
#include "validator/val_anchor.h"
#include "validator/val_sigcrypt.h"
#include "validator/autotrust.h"
#include "util/data/packed_rrset.h"
#include "util/data/dname.h"
#include "util/log.h"
#include "util/net_help.h"
#include "util/regional.h"
#include "util/config_file.h"
#include <glob.h>

Functions

int anchor_cmp (const void *k1, const void *k2)
 compare two trust anchors
struct val_anchorsanchors_create ()
 Create trust anchor storage.
static void anchors_delfunc (rbnode_t *elem, void *arg)
 destroy locks in tree and delete autotrust anchors
void anchors_delete (struct val_anchors *anchors)
 Delete trust anchor storage.
void anchors_init_parents_locked (struct val_anchors *anchors)
 Recalculate parent pointers.
static void init_parents (struct val_anchors *anchors)
 initialise parent pointers in the tree
struct trust_anchoranchor_find (struct val_anchors *anchors, uint8_t *name, int namelabs, size_t namelen, uint16_t dclass)
 Find a trust anchor.
static struct trust_anchoranchor_new_ta (struct val_anchors *anchors, uint8_t *name, int namelabs, size_t namelen, uint16_t dclass)
 create new trust anchor object
static struct ta_keyanchor_find_key (struct trust_anchor *ta, uint8_t *rdata, size_t rdata_len, uint16_t type)
 find trustanchor key by exact data match
static struct ta_keyanchor_new_ta_key (struct val_anchors *anchors, uint8_t *rdata, size_t rdata_len, uint16_t type)
 create new trustanchor key
static struct trust_anchoranchor_store_new_key (struct val_anchors *anchors, uint8_t *name, uint16_t type, uint16_t dclass, uint8_t *rdata, size_t rdata_len)
 This routine adds a new RR to a trust anchor.
static struct trust_anchoranchor_store_new_rr (struct val_anchors *anchors, ldns_buffer *buffer, ldns_rr *rr)
 Add new RR.
static struct trust_anchoranchor_insert_insecure (struct val_anchors *anchors, const char *str)
 Insert insecure anchor.
struct trust_anchoranchor_store_str (struct val_anchors *anchors, ldns_buffer *buffer, const char *str)
 Store one string as trust anchor RR.
static struct trust_anchoranchor_read_file (struct val_anchors *anchors, ldns_buffer *buffer, const char *fname, int onlyone)
 Read a file with trust anchors.
static void skip_to_eol (FILE *in)
 skip file to end of line
static int is_bind_special (int c)
 true for special characters in bind configs
static int readkeyword_bindfile (FILE *in, ldns_buffer *buf, int *line, int comments)
 Read a keyword skipping bind comments; spaces, specials, restkeywords.
static int skip_to_special (FILE *in, ldns_buffer *buf, int *line, int spec)
 skip through file to { or ;
static int process_bind_contents (struct val_anchors *anchors, ldns_buffer *buf, int *line, FILE *in)
 read contents of trusted-keys{ .
static int anchor_read_bind_file (struct val_anchors *anchors, ldns_buffer *buffer, const char *fname)
 Read a BIND9 like file with trust anchors in named.conf format.
static int anchor_read_bind_file_wild (struct val_anchors *anchors, ldns_buffer *buffer, const char *pat)
 Read a BIND9 like files with trust anchors in named.conf format.
static struct ub_packed_rrset_keyassemble_it (struct regional *region, struct trust_anchor *ta, size_t num, uint16_t type)
 Assemble an rrset structure for the type.
static int anchors_assemble (struct val_anchors *anchors, struct trust_anchor *ta)
 Assemble structures for the trust DS and DNSKEY rrsets.
static size_t anchors_ds_unsupported (struct trust_anchor *ta)
 Check DS algos for support, warn if not.
static size_t anchors_dnskey_unsupported (struct trust_anchor *ta)
 Check DNSKEY algos for support, warn if not.
static int anchors_assemble_rrsets (struct val_anchors *anchors)
 Assemble the rrsets in the anchors, ready for use by validator.
int anchors_apply_cfg (struct val_anchors *anchors, struct config_file *cfg)
 Process trust anchor config.
struct trust_anchoranchors_lookup (struct val_anchors *anchors, uint8_t *qname, size_t qname_len, uint16_t qclass)
 Given a qname/qclass combination, find the trust anchor closest above it.
size_t anchors_get_mem (struct val_anchors *anchors)
 Get memory in use by the trust anchor storage.

Detailed Description

This file contains storage for the trust anchors for the validator.


Function Documentation

struct val_anchors* anchors_create (  )  [read]

Create trust anchor storage.

Returns:
new storage or NULL on error.

References anchor_cmp(), anchors_delete(), val_anchors::autr, autr_global_create(), val_anchors::lock, rbtree_create(), val_anchors::region, regional_create(), and val_anchors::tree.

Referenced by anchors_test(), and val_apply_cfg().

void anchors_delete ( struct val_anchors anchors  ) 
void anchors_init_parents_locked ( struct val_anchors anchors  ) 

Recalculate parent pointers.

The caller must hold the lock on the anchors structure (say after removing an item from the rbtree). Caller must not hold any locks on trust anchors. After the call is complete the parent pointers are updated and an item just removed is no longer referenced in parent pointers.

Parameters:
anchors,: the structure to update.

References trust_anchor::dclass, dname_lab_cmp(), trust_anchor::lock, trust_anchor::name, trust_anchor::namelabs, trust_anchor::node, trust_anchor::parent, RBTREE_FOR, and val_anchors::tree.

Referenced by autr_tp_remove(), and init_parents().

struct trust_anchor* anchor_find ( struct val_anchors anchors,
uint8_t *  name,
int  namelabs,
size_t  namelen,
uint16_t  dclass 
) [read]

Find a trust anchor.

Exact matching.

Parameters:
anchors,: anchor storage.
name,: name of trust anchor (wireformat)
namelabs,: labels in name
namelen,: length of name
dclass,: class of trust anchor
Returns:
NULL if not found. The anchor is locked.

References trust_anchor::dclass, rbnode_t::key, val_anchors::lock, trust_anchor::name, trust_anchor::namelabs, trust_anchor::namelen, trust_anchor::node, rbtree_search(), and val_anchors::tree.

Referenced by anchor_store_new_key(), find_add_tp(), iter_indicates_dnssec(), and process_prime_response().

static struct trust_anchor* anchor_store_new_key ( struct val_anchors anchors,
uint8_t *  name,
uint16_t  type,
uint16_t  dclass,
uint8_t *  rdata,
size_t  rdata_len 
) [static, read]

This routine adds a new RR to a trust anchor.

The trust anchor may not exist yet, and is created if not. The RR can be DS or DNSKEY. This routine will also remove duplicates; storing them only once.

Parameters:
anchors,: anchor storage.
name,: name of trust anchor (wireformat)
type,: type or RR
dclass,: class of RR
rdata,: rdata wireformat, starting with rdlength. If NULL, nothing is stored, but an entry is created.
rdata_len,: length of rdata including rdlength.
Returns:
: NULL on error, else the trust anchor.

References anchor_find(), anchor_find_key(), anchor_new_ta(), anchor_new_ta_key(), dname_count_size_labels(), trust_anchor::keylist, trust_anchor::lock, log_err(), trust_anchor::namelabs, trust_anchor::namelen, ta_key::next, trust_anchor::numDNSKEY, and trust_anchor::numDS.

Referenced by anchor_insert_insecure(), and anchor_store_new_rr().

static struct trust_anchor* anchor_store_new_rr ( struct val_anchors anchors,
ldns_buffer *  buffer,
ldns_rr *  rr 
) [static, read]

Add new RR.

It converts ldns RR to wire format.

Parameters:
anchors,: anchor storage.
buffer,: parsing buffer.
rr,: the rr (allocated by caller).
Returns:
NULL on error, else the trust anchor.

References anchor_store_new_key(), log_err(), log_nametypeclass(), and VERB_QUERY.

Referenced by anchor_read_file(), and anchor_store_str().

static struct trust_anchor* anchor_insert_insecure ( struct val_anchors anchors,
const char *  str 
) [static, read]

Insert insecure anchor.

Parameters:
anchors,: anchor storage.
str,: the domain name.
Returns:
NULL on error, Else last trust anchor point

References anchor_store_new_key(), and log_err().

Referenced by anchors_apply_cfg().

struct trust_anchor* anchor_store_str ( struct val_anchors anchors,
ldns_buffer *  buffer,
const char *  str 
) [read]

Store one string as trust anchor RR.

Parameters:
anchors,: anchor storage.
buffer,: parsing buffer, to generate the RR wireformat in.
str,: string.
Returns:
NULL on error.

References anchor_store_new_rr(), and log_err().

Referenced by anchors_apply_cfg(), process_bind_contents(), test_anchor_one(), and test_anchors().

static struct trust_anchor* anchor_read_file ( struct val_anchors anchors,
ldns_buffer *  buffer,
const char *  fname,
int  onlyone 
) [static, read]

Read a file with trust anchors.

Parameters:
anchors,: anchor storage.
buffer,: parsing buffer.
fname,: string.
onlyone,: only one trust anchor allowed in file.
Returns:
NULL on error. Else last trust-anchor point.

References anchor_store_new_rr(), and log_err().

Referenced by anchors_apply_cfg().

static int readkeyword_bindfile ( FILE *  in,
ldns_buffer *  buf,
int *  line,
int  comments 
) [static]

Read a keyword skipping bind comments; spaces, specials, restkeywords.

The file is split into the following tokens: * special characters, on their own, rdlen=1, { } doublequote ; * whitespace becomes a single ' ' or tab. Newlines become spaces. * other words ('keywords') * comments are skipped if desired / / C++ style comment to end of line # to end of line / * C style comment * /

Parameters:
in,: file to read from.
buf,: buffer, what is read is stored after current buffer position. Space is left in the buffer to write a terminating 0.
line,: line number is increased per line, for error reports.
comments,: if 0, comments are not possible and become text. if 1, comments are skipped entirely. In BIND files, this is when reading quoted strings, for example " base 64 text with / / in there "
Returns:
the number of character written to the buffer. 0 on end of file.

References fatal_exit(), is_bind_special(), and skip_to_eol().

Referenced by anchor_read_bind_file(), process_bind_contents(), and skip_to_special().

static int process_bind_contents ( struct val_anchors anchors,
ldns_buffer *  buf,
int *  line,
FILE *  in 
) [static]

read contents of trusted-keys{ .

.. ; clauses and insert keys into storage.

Parameters:
anchors,: where to store keys
buf,: buffer to use
line,: line number in file
in,: file to read from.
Returns:
0 on error.

References anchor_store_str(), log_err(), and readkeyword_bindfile().

Referenced by anchor_read_bind_file().

static int anchor_read_bind_file ( struct val_anchors anchors,
ldns_buffer *  buffer,
const char *  fname 
) [static]

Read a BIND9 like file with trust anchors in named.conf format.

Parameters:
anchors,: anchor storage.
buffer,: parsing buffer.
fname,: string.
Returns:
false on error.

References log_err(), process_bind_contents(), readkeyword_bindfile(), skip_to_special(), VERB_QUERY, and verbose().

Referenced by anchor_read_bind_file_wild().

static int anchor_read_bind_file_wild ( struct val_anchors anchors,
ldns_buffer *  buffer,
const char *  pat 
) [static]

Read a BIND9 like files with trust anchors in named.conf format.

Performs wildcard processing of name.

Parameters:
anchors,: anchor storage.
buffer,: parsing buffer.
pat,: pattern string. (can be wildcarded)
Returns:
false on error.

References anchor_read_bind_file(), log_err(), VERB_QUERY, and verbose().

Referenced by anchors_apply_cfg().

static struct ub_packed_rrset_key* assemble_it ( struct regional region,
struct trust_anchor ta,
size_t  num,
uint16_t  type 
) [static, read]
static int anchors_assemble ( struct val_anchors anchors,
struct trust_anchor ta 
) [static]

Assemble structures for the trust DS and DNSKEY rrsets.

Parameters:
anchors,: trust anchor storage.
ta,: trust anchor
Returns:
: false on error.

References assemble_it(), trust_anchor::dnskey_rrset, trust_anchor::ds_rrset, trust_anchor::numDNSKEY, trust_anchor::numDS, and val_anchors::region.

Referenced by anchors_assemble_rrsets().

static size_t anchors_ds_unsupported ( struct trust_anchor ta  )  [static]

Check DS algos for support, warn if not.

Parameters:
ta,: trust anchor
Returns:
number of DS anchors with unsupported algorithms.

References ds_digest_algo_is_supported(), ds_key_algo_is_supported(), trust_anchor::ds_rrset, and trust_anchor::numDS.

Referenced by anchors_assemble_rrsets().

static size_t anchors_dnskey_unsupported ( struct trust_anchor ta  )  [static]

Check DNSKEY algos for support, warn if not.

Parameters:
ta,: trust anchor
Returns:
number of DNSKEY anchors with unsupported algorithms.

References dnskey_algo_is_supported(), trust_anchor::dnskey_rrset, and trust_anchor::numDNSKEY.

Referenced by anchors_assemble_rrsets().

static int anchors_assemble_rrsets ( struct val_anchors anchors  )  [static]
int anchors_apply_cfg ( struct val_anchors anchors,
struct config_file cfg 
)
struct trust_anchor* anchors_lookup ( struct val_anchors anchors,
uint8_t *  qname,
size_t  qname_len,
uint16_t  qclass 
) [read]

Given a qname/qclass combination, find the trust anchor closest above it.

Or return NULL if none exists.

Parameters:
anchors,: struct anchor storage
qname,: query name, uncompressed wireformat.
qname_len,: length of qname.
qclass,: class to query for.
Returns:
the trust anchor or NULL if none is found. The anchor is locked.

References trust_anchor::dclass, dname_count_labels(), dname_lab_cmp(), rbnode_t::key, trust_anchor::lock, val_anchors::lock, trust_anchor::name, trust_anchor::namelabs, trust_anchor::namelen, trust_anchor::node, trust_anchor::parent, rbtree_find_less_equal(), and val_anchors::tree.

Referenced by check_no_anchor(), processInit(), test_anchor_empty(), test_anchor_one(), and test_anchors().

size_t anchors_get_mem ( struct val_anchors anchors  ) 

Get memory in use by the trust anchor storage.

Parameters:
anchors,: anchor storage.
Returns:
memory in use in bytes.

References val_anchors::region, and regional_get_mem().

Referenced by val_get_mem().

Generated on Thu Apr 22 00:27:08 2010 for unbound by  doxygen 1.6.3