unbound 0.1
|
This file contains storage for the trust anchors for the validator. More...
#include "config.h"
#include <ctype.h>
#include "ldns/dname.h"
#include "ldns/host2wire.h"
#include "validator/val_anchor.h"
#include "validator/val_sigcrypt.h"
#include "validator/autotrust.h"
#include "util/data/packed_rrset.h"
#include "util/data/dname.h"
#include "util/log.h"
#include "util/net_help.h"
#include "util/regional.h"
#include "util/config_file.h"
#include <glob.h>
Functions | |
int | anchor_cmp (const void *k1, const void *k2) |
compare two trust anchors | |
struct val_anchors * | anchors_create (void) |
Create trust anchor storage. | |
static void | anchors_delfunc (rbnode_t *elem, void *arg) |
destroy locks in tree and delete autotrust anchors | |
void | anchors_delete (struct val_anchors *anchors) |
Delete trust anchor storage. | |
void | anchors_init_parents_locked (struct val_anchors *anchors) |
Recalculate parent pointers. | |
static void | init_parents (struct val_anchors *anchors) |
initialise parent pointers in the tree | |
struct trust_anchor * | anchor_find (struct val_anchors *anchors, uint8_t *name, int namelabs, size_t namelen, uint16_t dclass) |
Find a trust anchor. | |
static struct trust_anchor * | anchor_new_ta (struct val_anchors *anchors, uint8_t *name, int namelabs, size_t namelen, uint16_t dclass) |
create new trust anchor object | |
static struct ta_key * | anchor_find_key (struct trust_anchor *ta, uint8_t *rdata, size_t rdata_len, uint16_t type) |
find trustanchor key by exact data match | |
static struct ta_key * | anchor_new_ta_key (struct val_anchors *anchors, uint8_t *rdata, size_t rdata_len, uint16_t type) |
create new trustanchor key | |
static struct trust_anchor * | anchor_store_new_key (struct val_anchors *anchors, uint8_t *name, uint16_t type, uint16_t dclass, uint8_t *rdata, size_t rdata_len) |
This routine adds a new RR to a trust anchor. | |
static struct trust_anchor * | anchor_store_new_rr (struct val_anchors *anchors, ldns_buffer *buffer, ldns_rr *rr) |
Add new RR. | |
static struct trust_anchor * | anchor_insert_insecure (struct val_anchors *anchors, const char *str) |
Insert insecure anchor. | |
struct trust_anchor * | anchor_store_str (struct val_anchors *anchors, ldns_buffer *buffer, const char *str) |
Store one string as trust anchor RR. | |
static struct trust_anchor * | anchor_read_file (struct val_anchors *anchors, ldns_buffer *buffer, const char *fname, int onlyone) |
Read a file with trust anchors. | |
static void | skip_to_eol (FILE *in) |
skip file to end of line | |
static int | is_bind_special (int c) |
true for special characters in bind configs | |
static int | readkeyword_bindfile (FILE *in, ldns_buffer *buf, int *line, int comments) |
Read a keyword skipping bind comments; spaces, specials, restkeywords. | |
static int | skip_to_special (FILE *in, ldns_buffer *buf, int *line, int spec) |
skip through file to { or ; | |
static int | process_bind_contents (struct val_anchors *anchors, ldns_buffer *buf, int *line, FILE *in) |
read contents of trusted-keys{ ... | |
static int | anchor_read_bind_file (struct val_anchors *anchors, ldns_buffer *buffer, const char *fname) |
Read a BIND9 like file with trust anchors in named.conf format. | |
static int | anchor_read_bind_file_wild (struct val_anchors *anchors, ldns_buffer *buffer, const char *pat) |
Read a BIND9 like files with trust anchors in named.conf format. | |
static struct ub_packed_rrset_key * | assemble_it (struct regional *region, struct trust_anchor *ta, size_t num, uint16_t type) |
Assemble an rrset structure for the type. | |
static int | anchors_assemble (struct val_anchors *anchors, struct trust_anchor *ta) |
Assemble structures for the trust DS and DNSKEY rrsets. | |
static size_t | anchors_ds_unsupported (struct trust_anchor *ta) |
Check DS algos for support, warn if not. | |
static size_t | anchors_dnskey_unsupported (struct trust_anchor *ta) |
Check DNSKEY algos for support, warn if not. | |
static int | anchors_assemble_rrsets (struct val_anchors *anchors) |
Assemble the rrsets in the anchors, ready for use by validator. | |
int | anchors_apply_cfg (struct val_anchors *anchors, struct config_file *cfg) |
Process trust anchor config. | |
struct trust_anchor * | anchors_lookup (struct val_anchors *anchors, uint8_t *qname, size_t qname_len, uint16_t qclass) |
Given a qname/qclass combination, find the trust anchor closest above it. | |
size_t | anchors_get_mem (struct val_anchors *anchors) |
Get memory in use by the trust anchor storage. |
This file contains storage for the trust anchors for the validator.
struct val_anchors* anchors_create | ( | void | ) | [read] |
Create trust anchor storage.
References anchor_cmp(), anchors_delete(), val_anchors::autr, autr_global_create(), val_anchors::lock, rbtree_create(), val_anchors::region, regional_create(), and val_anchors::tree.
Referenced by anchors_test(), and val_apply_cfg().
void anchors_delete | ( | struct val_anchors * | anchors | ) |
Delete trust anchor storage.
anchors,: | to delete. |
References anchors_delfunc(), val_anchors::autr, autr_global_delete(), val_anchors::lock, val_anchors::region, regional_destroy(), traverse_postorder(), and val_anchors::tree.
Referenced by anchors_create(), anchors_test(), and val_deinit().
void anchors_init_parents_locked | ( | struct val_anchors * | anchors | ) |
Recalculate parent pointers.
The caller must hold the lock on the anchors structure (say after removing an item from the rbtree). Caller must not hold any locks on trust anchors. After the call is complete the parent pointers are updated and an item just removed is no longer referenced in parent pointers.
anchors,: | the structure to update. |
References trust_anchor::dclass, dname_lab_cmp(), trust_anchor::lock, trust_anchor::name, trust_anchor::namelabs, trust_anchor::node, trust_anchor::parent, RBTREE_FOR, and val_anchors::tree.
Referenced by autr_tp_remove(), and init_parents().
struct trust_anchor* anchor_find | ( | struct val_anchors * | anchors, |
uint8_t * | name, | ||
int | namelabs, | ||
size_t | namelen, | ||
uint16_t | dclass | ||
) | [read] |
Find a trust anchor.
Exact matching.
anchors,: | anchor storage. |
name,: | name of trust anchor (wireformat) |
namelabs,: | labels in name |
namelen,: | length of name |
dclass,: | class of trust anchor |
References trust_anchor::dclass, rbnode_t::key, val_anchors::lock, trust_anchor::name, trust_anchor::namelabs, trust_anchor::namelen, trust_anchor::node, rbtree_search(), and val_anchors::tree.
Referenced by anchor_store_new_key(), find_add_tp(), iter_indicates_dnssec(), and process_prime_response().
static struct trust_anchor* anchor_store_new_key | ( | struct val_anchors * | anchors, |
uint8_t * | name, | ||
uint16_t | type, | ||
uint16_t | dclass, | ||
uint8_t * | rdata, | ||
size_t | rdata_len | ||
) | [static, read] |
This routine adds a new RR to a trust anchor.
The trust anchor may not exist yet, and is created if not. The RR can be DS or DNSKEY. This routine will also remove duplicates; storing them only once.
anchors,: | anchor storage. |
name,: | name of trust anchor (wireformat) |
type,: | type or RR |
dclass,: | class of RR |
rdata,: | rdata wireformat, starting with rdlength. If NULL, nothing is stored, but an entry is created. |
rdata_len,: | length of rdata including rdlength. |
References anchor_find(), anchor_find_key(), anchor_new_ta(), anchor_new_ta_key(), dname_count_size_labels(), trust_anchor::keylist, trust_anchor::lock, log_err(), trust_anchor::namelabs, trust_anchor::namelen, ta_key::next, trust_anchor::numDNSKEY, and trust_anchor::numDS.
Referenced by anchor_insert_insecure(), and anchor_store_new_rr().
static struct trust_anchor* anchor_store_new_rr | ( | struct val_anchors * | anchors, |
ldns_buffer * | buffer, | ||
ldns_rr * | rr | ||
) | [static, read] |
Add new RR.
It converts ldns RR to wire format.
anchors,: | anchor storage. |
buffer,: | parsing buffer. |
rr,: | the rr (allocated by caller). |
References anchor_store_new_key(), log_err(), log_nametypeclass(), and VERB_QUERY.
Referenced by anchor_read_file(), and anchor_store_str().
static struct trust_anchor* anchor_insert_insecure | ( | struct val_anchors * | anchors, |
const char * | str | ||
) | [static, read] |
Insert insecure anchor.
anchors,: | anchor storage. |
str,: | the domain name. |
References anchor_store_new_key(), and log_err().
Referenced by anchors_apply_cfg().
struct trust_anchor* anchor_store_str | ( | struct val_anchors * | anchors, |
ldns_buffer * | buffer, | ||
const char * | str | ||
) | [read] |
Store one string as trust anchor RR.
anchors,: | anchor storage. |
buffer,: | parsing buffer, to generate the RR wireformat in. |
str,: | string. |
References anchor_store_new_rr(), and log_err().
Referenced by anchors_apply_cfg(), process_bind_contents(), test_anchor_one(), and test_anchors().
static struct trust_anchor* anchor_read_file | ( | struct val_anchors * | anchors, |
ldns_buffer * | buffer, | ||
const char * | fname, | ||
int | onlyone | ||
) | [static, read] |
Read a file with trust anchors.
anchors,: | anchor storage. |
buffer,: | parsing buffer. |
fname,: | string. |
onlyone,: | only one trust anchor allowed in file. |
References anchor_store_new_rr(), and log_err().
Referenced by anchors_apply_cfg().
static int readkeyword_bindfile | ( | FILE * | in, |
ldns_buffer * | buf, | ||
int * | line, | ||
int | comments | ||
) | [static] |
Read a keyword skipping bind comments; spaces, specials, restkeywords.
The file is split into the following tokens: * special characters, on their own, rdlen=1, { } doublequote ; * whitespace becomes a single ' ' or tab. Newlines become spaces. * other words ('keywords') * comments are skipped if desired / / C++ style comment to end of line # to end of line / * C style comment * /
in,: | file to read from. |
buf,: | buffer, what is read is stored after current buffer position. Space is left in the buffer to write a terminating 0. |
line,: | line number is increased per line, for error reports. |
comments,: | if 0, comments are not possible and become text. if 1, comments are skipped entirely. In BIND files, this is when reading quoted strings, for example " base 64 text with / / in there " |
References fatal_exit(), is_bind_special(), and skip_to_eol().
Referenced by anchor_read_bind_file(), process_bind_contents(), and skip_to_special().
static int process_bind_contents | ( | struct val_anchors * | anchors, |
ldns_buffer * | buf, | ||
int * | line, | ||
FILE * | in | ||
) | [static] |
read contents of trusted-keys{ ...
; clauses and insert keys into storage.
anchors,: | where to store keys |
buf,: | buffer to use |
line,: | line number in file |
in,: | file to read from. |
References anchor_store_str(), log_err(), and readkeyword_bindfile().
Referenced by anchor_read_bind_file().
static int anchor_read_bind_file | ( | struct val_anchors * | anchors, |
ldns_buffer * | buffer, | ||
const char * | fname | ||
) | [static] |
Read a BIND9 like file with trust anchors in named.conf format.
anchors,: | anchor storage. |
buffer,: | parsing buffer. |
fname,: | string. |
References log_err(), process_bind_contents(), readkeyword_bindfile(), skip_to_special(), VERB_QUERY, and verbose().
Referenced by anchor_read_bind_file_wild().
static int anchor_read_bind_file_wild | ( | struct val_anchors * | anchors, |
ldns_buffer * | buffer, | ||
const char * | pat | ||
) | [static] |
Read a BIND9 like files with trust anchors in named.conf format.
Performs wildcard processing of name.
anchors,: | anchor storage. |
buffer,: | parsing buffer. |
pat,: | pattern string. (can be wildcarded) |
References anchor_read_bind_file(), log_err(), VERB_QUERY, and verbose().
Referenced by anchors_apply_cfg().
static struct ub_packed_rrset_key* assemble_it | ( | struct regional * | region, |
struct trust_anchor * | ta, | ||
size_t | num, | ||
uint16_t | type | ||
) | [static, read] |
Assemble an rrset structure for the type.
region,: | allocated in this region. |
ta,: | trust anchor. |
num,: | number of items to fetch from list. |
type,: | fetch only items of this type. |
References packed_rrset_data::count, lruhash_entry::data, ta_key::data, trust_anchor::dclass, packed_rrset_key::dname, packed_rrset_key::dname_len, ub_packed_rrset_key::entry, trust_anchor::keylist, ta_key::len, trust_anchor::name, trust_anchor::namelen, ta_key::next, regional_alloc(), regional_alloc_init(), ub_packed_rrset_key::rk, packed_rrset_data::rr_data, packed_rrset_data::rr_len, packed_rrset_data::rr_ttl, packed_rrset_key::rrset_class, rrset_trust_ultimate, packed_rrset_data::trust, ta_key::type, and packed_rrset_key::type.
Referenced by anchors_assemble().
static int anchors_assemble | ( | struct val_anchors * | anchors, |
struct trust_anchor * | ta | ||
) | [static] |
Assemble structures for the trust DS and DNSKEY rrsets.
anchors,: | trust anchor storage. |
ta,: | trust anchor |
References assemble_it(), trust_anchor::dnskey_rrset, trust_anchor::ds_rrset, trust_anchor::numDNSKEY, trust_anchor::numDS, and val_anchors::region.
Referenced by anchors_assemble_rrsets().
static size_t anchors_ds_unsupported | ( | struct trust_anchor * | ta | ) | [static] |
Check DS algos for support, warn if not.
ta,: | trust anchor |
References ds_digest_algo_is_supported(), ds_key_algo_is_supported(), trust_anchor::ds_rrset, and trust_anchor::numDS.
Referenced by anchors_assemble_rrsets().
static size_t anchors_dnskey_unsupported | ( | struct trust_anchor * | ta | ) | [static] |
Check DNSKEY algos for support, warn if not.
ta,: | trust anchor |
References dnskey_algo_is_supported(), trust_anchor::dnskey_rrset, and trust_anchor::numDNSKEY.
Referenced by anchors_assemble_rrsets().
static int anchors_assemble_rrsets | ( | struct val_anchors * | anchors | ) | [static] |
Assemble the rrsets in the anchors, ready for use by validator.
anchors,: | trust anchor storage. |
References anchors_assemble(), anchors_dnskey_unsupported(), anchors_ds_unsupported(), trust_anchor::autr, trust_anchor::dclass, dname_str(), trust_anchor::lock, val_anchors::lock, log_err(), log_nametypeclass(), log_warn(), trust_anchor::name, trust_anchor::node, trust_anchor::numDNSKEY, trust_anchor::numDS, rbtree_delete(), rbtree_first(), rbtree_next(), RBTREE_NULL, and val_anchors::tree.
Referenced by anchors_apply_cfg().
int anchors_apply_cfg | ( | struct val_anchors * | anchors, |
struct config_file * | cfg | ||
) |
Process trust anchor config.
anchors,: | struct anchor storage |
cfg,: | config options. |
References anchor_insert_insecure(), anchor_read_bind_file_wild(), anchor_read_file(), anchor_store_str(), anchors_assemble_rrsets(), config_file::auto_trust_anchor_file_list, autr_debug_print(), autr_read_file(), config_file::chrootdir, val_anchors::dlv_anchor, config_file::dlv_anchor_file, config_file::dlv_anchor_list, config_file::domain_insecure, init_parents(), val_anchors::lock, log_err(), config_strlist::next, config_strlist::str, config_file::trust_anchor_file_list, config_file::trust_anchor_list, config_file::trusted_keys_file_list, VERB_ALGO, and verbosity.
Referenced by val_apply_cfg().
struct trust_anchor* anchors_lookup | ( | struct val_anchors * | anchors, |
uint8_t * | qname, | ||
size_t | qname_len, | ||
uint16_t | qclass | ||
) | [read] |
Given a qname/qclass combination, find the trust anchor closest above it.
Or return NULL if none exists.
anchors,: | struct anchor storage |
qname,: | query name, uncompressed wireformat. |
qname_len,: | length of qname. |
qclass,: | class to query for. |
References trust_anchor::dclass, dname_count_labels(), dname_lab_cmp(), rbnode_t::key, trust_anchor::lock, val_anchors::lock, trust_anchor::name, trust_anchor::namelabs, trust_anchor::namelen, trust_anchor::node, trust_anchor::parent, rbtree_find_less_equal(), and val_anchors::tree.
Referenced by check_no_anchor(), processInit(), test_anchor_empty(), test_anchor_one(), and test_anchors().
size_t anchors_get_mem | ( | struct val_anchors * | anchors | ) |
Get memory in use by the trust anchor storage.
anchors,: | anchor storage. |
References val_anchors::region, and regional_get_mem().
Referenced by val_get_mem().