Lines Matching defs:z
173 auth_packed_rrset_copy_region(struct auth_zone* z, struct auth_data* node,
183 key.rk.rrset_class = htons(z->dclass);
224 msg_add_rrset_an(struct auth_zone* z, struct regional* region,
232 z->dclass))
239 auth_packed_rrset_copy_region(z, node, rrset, region, 0)))
249 msg_add_rrset_ns(struct auth_zone* z, struct regional* region,
256 z->dclass))
263 auth_packed_rrset_copy_region(z, node, rrset, region, 0)))
273 msg_add_rrset_ar(struct auth_zone* z, struct regional* region,
279 z->dclass))
286 auth_packed_rrset_copy_region(z, node, rrset, region, 0)))
385 struct auth_data* z = (struct auth_data*)n->key;
386 auth_data_delete(z);
391 auth_zone_delete(struct auth_zone* z, struct auth_zones* az)
393 if(!z) return;
394 lock_rw_destroy(&z->lock);
395 traverse_postorder(&z->data, auth_data_del, NULL);
397 if(az && z->rpz) {
400 if(z->rpz_az_prev)
401 z->rpz_az_prev->rpz_az_next = z->rpz_az_next;
403 az->rpz_first = z->rpz_az_next;
404 if(z->rpz_az_next)
405 z->rpz_az_next->rpz_az_prev = z->rpz_az_prev;
408 if(z->rpz)
409 rpz_delete(z->rpz);
410 free(z->name);
411 free(z->zonefile);
412 free(z);
419 struct auth_zone* z = (struct auth_zone*)calloc(1, sizeof(*z));
420 if(!z) {
423 z->node.key = z;
424 z->dclass = dclass;
425 z->namelen = nmlen;
426 z->namelabs = dname_count_labels(nm);
427 z->name = memdup(nm, nmlen);
428 if(!z->name) {
429 free(z);
432 rbtree_init(&z->data, &auth_data_cmp);
433 lock_rw_init(&z->lock);
434 lock_protect(&z->lock, &z->name, sizeof(*z)-sizeof(rbnode_type)-
435 sizeof(&z->rpz_az_next)-sizeof(&z->rpz_az_prev));
436 lock_rw_wrlock(&z->lock);
437 /* z lock protects all, except rbtree itself and the rpz linked list
439 if(!rbtree_insert(&az->ztree, &z->node)) {
440 lock_rw_unlock(&z->lock);
441 auth_zone_delete(z, NULL);
445 return z;
477 uint16_t dclass, struct auth_zone** z)
485 return rbtree_find_less_equal(&az->ztree, &key, (rbnode_type**)z);
496 struct auth_zone* z;
497 if(auth_zone_find_less_equal(az, nm, nmlen, dclass, &z)) {
499 return z;
502 if(!z) return NULL; /* nothing smaller, nothing above it */
505 nm = dname_get_shared_topdomain(z->name, name);
507 z = NULL;
511 while(!z) {
512 z = auth_zone_find(az, nm, nmlen, dclass);
513 if(z) return z;
527 struct auth_zone* z;
533 z = auth_zone_find(az, nm, nmlen, LDNS_RR_CLASS_IN);
534 if(!z) {
536 z = auth_zone_create(az, nm, nmlen, LDNS_RR_CLASS_IN);
538 lock_rw_wrlock(&z->lock);
540 return z;
546 auth_zones_find_or_add_xfer(struct auth_zones* az, struct auth_zone* z)
549 x = auth_xfer_find(az, z->name, z->namelen, z->dclass);
552 x = auth_xfer_create(az, z);
560 auth_zone_set_zonefile(struct auth_zone* z, char* zonefile)
562 if(z->zonefile) free(z->zonefile);
564 z->zonefile = NULL;
566 z->zonefile = strdup(zonefile);
567 if(!z->zonefile) {
577 auth_zone_set_fallback(struct auth_zone* z, char* fallbackstr)
584 z->fallback_enabled = (strcmp(fallbackstr, "yes")==0);
590 az_domain_create(struct auth_zone* z, uint8_t* nm, size_t nmlen)
603 if(!rbtree_insert(&z->data, &n->node)) {
614 az_find_name(struct auth_zone* z, uint8_t* nm, size_t nmlen)
621 return (struct auth_data*)rbtree_search(&z->data, &key);
626 az_find_domain(struct auth_zone* z, struct query_info* qinfo, int* node_exact,
634 *node_exact = rbtree_find_less_equal(&z->data, &key,
640 az_domain_find_or_create(struct auth_zone* z, uint8_t* dname,
643 struct auth_data* n = az_find_name(z, dname, dname_len);
645 n = az_domain_create(z, dname, dname_len);
1161 az_insert_rr(struct auth_zone* z, uint8_t* rr, size_t rr_len,
1174 if(rr_class != z->dclass) {
1178 if(!(node=az_domain_find_or_create(z, dname, dname_len))) {
1187 if(z->rpz) {
1188 if(!(rpz_insert_rr(z->rpz, z->name, z->namelen, dname,
1270 az_remove_rr(struct auth_zone* z, uint8_t* rr, size_t rr_len,
1282 if(rr_class != z->dclass) {
1290 node = az_find_name(z, dname, dname_len);
1305 (void)rbtree_delete(&z->data, node);
1308 if(z->rpz) {
1309 rpz_remove_rr(z->rpz, z->name, z->namelen, dname, dname_len,
1418 az_insert_rr_decompress(struct auth_zone* z, uint8_t* pkt, size_t pktlen,
1434 return az_insert_rr(z, rr, rr_len, dname_len, duplicate);
1440 az_remove_rr_decompress(struct auth_zone* z, uint8_t* pkt, size_t pktlen,
1456 return az_remove_rr(z, rr, rr_len, dname_len, nonexist);
1461 * @param z: zone to read in.
1476 az_parse_file(struct auth_zone* z, FILE* in, uint8_t* rr, size_t rrbuflen,
1526 if(!az_parse_file(z, inc, rr, rrbuflen,
1554 if(!az_insert_rr(z, rr, rr_len, dname_len, NULL)) {
1567 auth_zone_read_zonefile(struct auth_zone* z, struct config_file* cfg)
1573 if(!z || !z->zonefile || z->zonefile[0]==0)
1576 zfilename = z->zonefile;
1582 dname_str(z->name, nm);
1587 char* n = sldns_wire2str_dname(z->name, z->namelen);
1588 if(z->zone_is_slave && errno == ENOENT) {
1602 traverse_postorder(&z->data, auth_data_del, NULL);
1603 rbtree_init(&z->data, &auth_data_cmp);
1605 if(z->rpz)
1606 rpz_clear(z->rpz);
1612 if(z->namelen <= sizeof(state.origin)) {
1613 memcpy(state.origin, z->name, z->namelen);
1614 state.origin_len = z->namelen;
1617 if(!az_parse_file(z, in, rr, sizeof(rr), &state, zfilename, 0, cfg)) {
1618 char* n = sldns_wire2str_dname(z->name, z->namelen);
1627 if(z->rpz)
1628 rpz_finish_config(z->rpz);
1688 auth_zone_write_rrset(struct auth_zone* z, struct auth_data* node,
1695 z->dclass, r->data, i, buf, sizeof(buf))) {
1707 auth_zone_write_domain(struct auth_zone* z, struct auth_data* n, FILE* out)
1711 if(z->namelen == n->namelen) {
1714 if(!auth_zone_write_rrset(z, n, soa, out))
1720 if(z->namelen == n->namelen &&
1723 if(!auth_zone_write_rrset(z, n, r, out))
1729 int auth_zone_write_file(struct auth_zone* z, const char* fname)
1738 RBTREE_FOR(n, struct auth_data*, &z->data) {
1739 if(!auth_zone_write_domain(z, n, out)) {
1754 zonemd_offline_verify(struct auth_zone* z, struct module_env* env_for_val,
1759 if(!z->zonemd_check)
1776 auth_zone_verify_zonemd(z, &env, mods, NULL, 1, 0);
1789 struct auth_zone* z;
1791 RBTREE_FOR(z, struct auth_zone*, &az->ztree) {
1792 lock_rw_wrlock(&z->lock);
1793 if(!auth_zone_read_zonefile(z, cfg)) {
1794 lock_rw_unlock(&z->lock);
1798 if(z->zonefile && z->zonefile[0]!=0 && env)
1799 zonemd_offline_verify(z, env, mods);
1800 lock_rw_unlock(&z->lock);
1869 * @param z: auth zone to check for.
1875 static int auth_zone_zonemd_check_hash(struct auth_zone* z,
1891 if(!auth_zone_get_serial(z, &soa_serial)) {
1896 apex = az_find_name(z, z->name, z->namelen);
1937 if(auth_zone_generate_zonemd_check(z, scheme, hashalgo,
1946 dname_str(z->name, zstr);
1954 dname_str(z->name, zstr);
1977 dname_str(z->name, zstr);
1984 struct auth_rrset* auth_zone_get_soa_rrset(struct auth_zone* z)
1988 apex = az_find_name(z, z->name, z->namelen);
1996 auth_zone_get_serial(struct auth_zone* z, uint32_t* serial)
2001 apex = az_find_name(z, z->name, z->namelen);
2014 xfr_find_soa(struct auth_zone* z, struct auth_xfer* xfr)
2019 apex = az_find_name(z, z->name, z->namelen);
2041 * @param z: locked by caller, and modified for setup
2046 auth_xfer_setup(struct auth_zone* z, struct auth_xfer* x)
2050 if(!z || !x) return 1;
2051 if(!xfr_find_soa(z, x)) {
2066 struct auth_zone* z;
2069 RBTREE_FOR(z, struct auth_zone*, &az->ztree) {
2070 lock_rw_wrlock(&z->lock);
2071 x = auth_xfer_find(az, z->name, z->namelen, z->dclass);
2075 if(!auth_xfer_setup(z, x)) {
2079 lock_rw_unlock(&z->lock);
2086 lock_rw_unlock(&z->lock);
2096 struct auth_zone* z;
2106 if(!(z=auth_zones_find_or_add_zone(az, c->name))) {
2114 if(!(x=auth_zones_find_or_add_xfer(az, z))) {
2116 lock_rw_unlock(&z->lock);
2128 z->zone_deleted = 0;
2129 if(!auth_zone_set_zonefile(z, c->zonefile)) {
2133 lock_rw_unlock(&z->lock);
2139 z->for_downstream = c->for_downstream;
2140 z->for_upstream = c->for_upstream;
2141 z->fallback_enabled = c->fallback_enabled;
2142 z->zonemd_check = c->zonemd_check;
2143 z->zonemd_reject_absence = c->zonemd_reject_absence;
2144 if(c->isrpz && !z->rpz){
2145 if(!(z->rpz = rpz_create(c))){
2149 lock_protect(&z->lock, &z->rpz->local_zones, sizeof(*z->rpz));
2151 z->rpz_az_next = az->rpz_first;
2153 az->rpz_first->rpz_az_prev = z;
2154 az->rpz_first = z;
2155 } else if(c->isrpz && z->rpz) {
2156 if(!rpz_config(z->rpz, c)) {
2161 lock_rw_unlock(&z->lock);
2172 z->zone_is_slave = 1;
2176 lock_rw_unlock(&z->lock);
2181 lock_rw_unlock(&z->lock);
2187 lock_rw_unlock(&z->lock);
2197 struct auth_zone* z;
2199 RBTREE_FOR(z, struct auth_zone*, &az->ztree) {
2200 lock_rw_wrlock(&z->lock);
2201 z->zone_deleted = 1;
2202 lock_rw_unlock(&z->lock);
2213 struct auth_zone* z;
2217 RBTREE_FOR(z, struct auth_zone*, &az->ztree) {
2218 lock_rw_wrlock(&z->lock);
2219 if(z->zone_deleted) {
2223 z->delete_next = delete_list;
2224 delete_list = z;
2226 lock_rw_unlock(&z->lock);
2230 z = delete_list;
2231 while(z) {
2232 next = z->delete_next;
2233 xfr = auth_xfer_find(az, z->name, z->namelen, z->dclass);
2238 (void)rbtree_delete(&az->ztree, &z->node);
2239 auth_zone_delete(z, az);
2240 z = next;
2353 struct auth_zone* z = (struct auth_zone*)n->key;
2354 auth_zone_delete(z, NULL);
2361 struct auth_xfer* z = (struct auth_xfer*)n->key;
2362 auth_xfer_delete(z);
2394 az_find_wildcard_domain(struct auth_zone* z, uint8_t* nm, size_t nmlen)
2402 return az_find_name(z, wc, nmlen+2);
2407 az_find_wildcard(struct auth_zone* z, struct query_info* qinfo,
2413 if(!dname_subdomain_c(nm, z->name))
2415 while((node=az_find_wildcard_domain(z, nm, nmlen))==NULL) {
2417 if(nmlen == z->namelen)
2431 az_find_candidate_ce(struct auth_zone* z, struct query_info* qinfo,
2442 n = az_find_name(z, nm, nmlen);
2448 n = az_find_name(z, nm, nmlen);
2455 az_domain_go_up(struct auth_zone* z, struct auth_data* n)
2461 if((n=az_find_name(z, nm, nmlen)) != NULL)
2480 az_find_ce(struct auth_zone* z, struct query_info* qinfo,
2490 n = az_find_candidate_ce(z, qinfo, n);
2507 if(n->namelen != z->namelen &&
2534 n = az_domain_go_up(z, n);
2543 az_add_additionals_from(struct auth_zone* z, struct regional* region,
2558 domain = az_find_name(z, d->rr_data[i]+2+offset, dlen);
2562 if(!msg_add_rrset_ar(z, region, msg, domain, ref))
2566 if(!msg_add_rrset_ar(z, region, msg, domain, ref))
2575 az_add_negative_soa(struct auth_zone* z, struct regional* region,
2582 struct auth_data* apex = az_find_name(z, z->name, z->namelen);
2590 if(!msg_add_rrset_ns(z, region, msg, apex, soa)) return 0;
2612 az_empty_nonterminal(struct auth_zone* z, struct query_info* qinfo,
2619 next = (struct auth_data*)rbtree_first(&z->data);
2728 add_synth_cname(struct auth_zone* z, uint8_t* qname, size_t qname_len,
2735 z->dclass, &cname)) {
2776 az_find_nsec_cover(struct auth_zone* z, struct auth_data** node)
2792 if(nmlen == z->namelen) return NULL;
2795 *node = az_find_name(z, nm, nmlen);
2802 az_nsec_wildcard_denial(struct auth_zone* z, struct regional* region,
2822 az_find_domain(z, &qinfo, &node_exact, &node);
2823 if((nsec=az_find_nsec_cover(z, &node)) != NULL) {
2824 if(!msg_add_rrset_ns(z, region, msg, node, nsec)) return 0;
2831 az_nsec3_param(struct auth_zone* z, int* algo, size_t* iter, uint8_t** salt,
2837 apex = az_find_name(z, z->name, z->namelen);
2901 az_nsec3_hashname(struct auth_zone* z, uint8_t* hashname, size_t* hashnmlen,
2912 if(*hashnmlen < hlen*2+1+z->namelen) /* approx b32 as hexb16 */
2920 if((*hashnmlen) - ret < z->namelen)
2922 memmove(hashname+ret, z->name, z->namelen);
2923 *hashnmlen = z->namelen+(size_t)ret;
2929 az_nsec3_findnode(struct auth_zone* z, uint8_t* hashnm, size_t hashnmlen)
2940 az_find_domain(z, &qinfo, &node_exact, &node);
2955 az_nsec3_find_cover(struct auth_zone* z, uint8_t* nm, size_t nmlen,
2961 if(!az_nsec3_hashname(z, hname, &hlen, nm, nmlen, algo, iter,
2964 node = az_nsec3_findnode(z, hname, hlen);
2969 node = (struct auth_data*)rbtree_last(&z->data);
2981 az_nsec3_find_exact(struct auth_zone* z, uint8_t* nm, size_t nmlen,
2987 if(!az_nsec3_hashname(z, hname, &hlen, nm, nmlen, algo, iter,
2990 node = az_find_name(z, hname, hlen);
3015 az_nsec3_find_ce(struct auth_zone* z, uint8_t** cenm, size_t* cenmlen,
3019 while((node = az_nsec3_find_exact(z, *cenm, *cenmlen,
3021 if(*cenmlen == z->namelen) {
3033 az_nsec3_insert(struct auth_zone* z, struct regional* region,
3040 if(!msg_add_rrset_ns(z, region, msg, node, nsec3)) return 0;
3059 az_add_nsec3_proof(struct auth_zone* z, struct regional* region,
3071 if(!az_nsec3_param(z, &algo, &iter, &salt, &saltlen))
3077 match = az_nsec3_find_exact(z, qname, qname_len, algo,
3080 if(!az_nsec3_insert(z, region, msg, match))
3088 node = az_nsec3_find_ce(z, &cenm, &cenmlen, &no_exact_ce,
3091 if(!az_nsec3_insert(z, region, msg, node))
3101 node = az_nsec3_find_cover(z, nx, nxlen, algo, iter, salt,
3103 if(!az_nsec3_insert(z, region, msg, node))
3117 node = az_nsec3_find_cover(z, wc, wclen, algo, iter, salt,
3119 if(!az_nsec3_insert(z, region, msg, node))
3127 az_generate_positive_answer(struct auth_zone* z, struct regional* region,
3130 if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0;
3133 if(!az_add_additionals_from(z, region, msg, rrset, 2))
3136 if(!az_add_additionals_from(z, region, msg, rrset, 6))
3139 if(!az_add_additionals_from(z, region, msg, rrset, 0))
3147 az_generate_any_answer(struct auth_zone* z, struct regional* region,
3154 if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0;
3158 if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0;
3162 if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0;
3166 if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0;
3170 if(!msg_add_rrset_an(z, region, msg, node,
3178 follow_cname_chain(struct auth_zone* z, uint16_t qtype,
3193 if(!dname_subdomain_c(d->rr_data[0]+2, z->name))
3195 if((node = az_find_name(z, d->rr_data[0]+2, clen))==NULL)
3199 if(!msg_add_rrset_an(z, region, msg, node, rrset))
3205 if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0;
3213 az_generate_cname_answer(struct auth_zone* z, struct query_info* qinfo,
3217 if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0;
3219 if(!follow_cname_chain(z, qinfo->qtype, region, msg, rrset->data))
3226 az_generate_notype_answer(struct auth_zone* z, struct regional* region,
3230 if(!az_add_negative_soa(z, region, msg)) return 0;
3233 if(!msg_add_rrset_ns(z, region, msg, node, rrset)) return 0;
3236 if(!az_add_nsec3_proof(z, region, msg, node->name,
3246 az_generate_referral_answer(struct auth_zone* z, struct regional* region,
3253 if(!msg_add_rrset_ns(z, region, msg, ce, rrset)) return 0;
3256 if(!msg_add_rrset_ns(z, region, msg, ce, ds)) return 0;
3260 if(!msg_add_rrset_ns(z, region, msg, ce, nsec))
3263 if(!az_add_nsec3_proof(z, region, msg, ce->name,
3270 if(!az_add_additionals_from(z, region, msg, rrset, 0)) return 0;
3276 az_generate_dname_answer(struct auth_zone* z, struct query_info* qinfo,
3282 if(!msg_add_rrset_an(z, region, msg, ce, rrset)) return 0;
3283 if(!add_synth_cname(z, qinfo->qname, qinfo->qname_len, region,
3290 if(!follow_cname_chain(z, qinfo->qtype, region, msg,
3299 az_generate_wildcard_answer(struct auth_zone* z, struct query_info* qinfo,
3307 if(!msg_add_rrset_an(z, region, msg, wildcard, rrset))
3313 if(!msg_add_rrset_an(z, region, msg, wildcard, rrset))
3317 if(!follow_cname_chain(z, qinfo->qtype, region, msg,
3322 if(!az_generate_any_answer(z, region, msg, wildcard))
3329 if(!az_generate_notype_answer(z, region, msg, wildcard))
3338 if((nsec=az_find_nsec_cover(z, &node)) != NULL) {
3339 if(!msg_add_rrset_ns(z, region, msg, node, nsec)) return 0;
3344 if(!az_add_nsec3_proof(z, region, msg, wildup,
3359 az_generate_nxdomain_answer(struct auth_zone* z, struct regional* region,
3364 if(!az_add_negative_soa(z, region, msg)) return 0;
3365 if((nsec=az_find_nsec_cover(z, &node)) != NULL) {
3366 if(!msg_add_rrset_ns(z, region, msg, node, nsec)) return 0;
3367 if(ce && !az_nsec_wildcard_denial(z, region, msg, ce->name,
3370 if(!az_add_nsec3_proof(z, region, msg, ce->name,
3380 az_generate_answer_with_node(struct auth_zone* z, struct query_info* qinfo,
3386 return az_generate_positive_answer(z, region, msg, node, rrset);
3390 return az_generate_cname_answer(z, qinfo, region, msg,
3395 return az_generate_any_answer(z, region, msg, node);
3398 return az_generate_notype_answer(z, region, msg, node);
3404 az_generate_answer_nonexistnode(struct auth_zone* z, struct query_info* qinfo,
3413 return az_generate_referral_answer(z, region, msg, ce, rrset);
3416 return az_generate_dname_answer(z, qinfo, region, msg, ce,
3421 if(az_empty_nonterminal(z, qinfo, node)) {
3422 return az_generate_notype_answer(z, region, msg, node);
3425 if((wildcard=az_find_wildcard(z, qinfo, ce)) != NULL) {
3426 return az_generate_wildcard_answer(z, qinfo, region, msg,
3430 return az_generate_nxdomain_answer(z, region, msg, ce, node);
3435 auth_zone_generate_answer(struct auth_zone* z, struct query_info* qinfo,
3442 *fallback = z->fallback_enabled;
3446 az_find_domain(z, qinfo, &node_exact, &node);
3452 node_exists = az_find_ce(z, qinfo, node, node_exact, &ce, &rrset);
3460 sldns_wire2str_dname_buf(z->name, z->namelen, zname,
3481 return az_generate_answer_with_node(z, qinfo, region, *msg,
3484 return az_generate_answer_nonexistnode(z, qinfo, region, *msg,
3493 struct auth_zone* z;
3496 z = auth_zone_find(az, dp_nm, dp_nmlen, qinfo->qclass);
3497 if(!z) {
3503 lock_rw_rdlock(&z->lock);
3507 if(!z->for_upstream) {
3508 lock_rw_unlock(&z->lock);
3512 if(z->zone_expired) {
3513 *fallback = z->fallback_enabled;
3514 lock_rw_unlock(&z->lock);
3518 r = auth_zone_generate_answer(z, qinfo, region, msg, fallback);
3519 lock_rw_unlock(&z->lock);
3573 struct auth_zone* z;
3587 z = auth_zones_find_zone(az, delname, delnamelen,
3590 z = auth_zones_find_zone(az, qinfo->qname, qinfo->qname_len,
3593 if(!z) {
3598 lock_rw_rdlock(&z->lock);
3600 if(!z->for_downstream) {
3601 lock_rw_unlock(&z->lock);
3604 if(z->zone_expired) {
3605 if(z->fallback_enabled) {
3606 lock_rw_unlock(&z->lock);
3609 lock_rw_unlock(&z->lock);
3616 /* answer it from zone z */
3617 r = auth_zone_generate_answer(z, qinfo, temp, &msg, &fallback);
3618 lock_rw_unlock(&z->lock);
3638 struct auth_zone* z;
3640 z = auth_zone_find(az, nm, nmlen, dclass);
3641 if(!z) {
3646 lock_rw_rdlock(&z->lock);
3648 r = z->fallback_enabled || (!z->for_upstream);
3649 lock_rw_unlock(&z->lock);
3882 struct auth_zone* z;
3891 z = auth_zone_find(env->auth_zones, xfr->name, xfr->namelen,
3893 if(!z) {
3897 lock_rw_wrlock(&z->lock);
3901 z->zone_expired = expired;
3902 lock_rw_unlock(&z->lock);
4659 http_parse_add_rr(struct auth_xfer* xfr, struct auth_zone* z,
4689 return az_insert_rr(z, rr, rr_len, dname_len, NULL);
4864 /** apply IXFR to zone in memory. z is locked. false on failure(mallocfail) */
4866 apply_ixfr(struct auth_xfer* xfr, struct auth_zone* z,
4955 if(!az_remove_rr_decompress(z, rr_chunk->data,
4975 if(!az_insert_rr_decompress(z, rr_chunk->data,
5001 /** apply AXFR to zone in memory. z is locked. false on failure(mallocfail) */
5003 apply_axfr(struct auth_xfer* xfr, struct auth_zone* z,
5018 traverse_postorder(&z->data, auth_data_del, NULL);
5019 rbtree_init(&z->data, &auth_data_cmp);
5021 if(z->rpz)
5022 rpz_clear(z->rpz);
5051 if(!az_insert_rr_decompress(z, rr_chunk->data, rr_chunk->len,
5071 /** apply HTTP to zone in memory. z is locked. false on failure(mallocfail) */
5073 apply_http(struct auth_xfer* xfr, struct auth_zone* z,
5119 traverse_postorder(&z->data, auth_data_del, NULL);
5120 rbtree_init(&z->data, &auth_data_cmp);
5122 if(z->rpz)
5123 rpz_clear(z->rpz);
5159 if(!http_parse_add_rr(xfr, z, scratch_buffer, &pstate)) {
5197 struct auth_zone* z;
5205 z = auth_zone_find(env->auth_zones, xfr->name, xfr->namelen,
5207 if(!z) {
5213 lock_rw_rdlock(&z->lock);
5217 if(z->zonefile == NULL || z->zonefile[0] == 0) {
5218 lock_rw_unlock(&z->lock);
5222 zfilename = z->zonefile;
5228 dname_str(z->name, nm);
5236 lock_rw_unlock(&z->lock);
5245 lock_rw_unlock(&z->lock);
5248 } else if(!auth_zone_write_file(z, tmpfile)) {
5250 lock_rw_unlock(&z->lock);
5260 lock_rw_unlock(&z->lock);
5263 lock_rw_unlock(&z->lock);
5267 * with xfr and z locks, if fail, no z lock */
5269 struct module_env* env, struct auth_zone** z)
5272 * z->lock and xfr->lock */
5274 *z = auth_zone_find(env->auth_zones, xfr->name, xfr->namelen,
5276 if(!*z) {
5279 *z = NULL;
5282 lock_rw_wrlock(&(*z)->lock);
5294 struct auth_zone* z;
5298 if(!xfr_process_reacquire_locks(xfr, env, &z)) {
5302 /* holding xfr and z locks */
5306 if(!apply_http(xfr, z, env->scratch_buffer)) {
5307 lock_rw_unlock(&z->lock);
5314 if(!apply_ixfr(xfr, z, env->scratch_buffer)) {
5315 lock_rw_unlock(&z->lock);
5322 if(!apply_axfr(xfr, z, env->scratch_buffer)) {
5323 lock_rw_unlock(&z->lock);
5330 z->zone_expired = 0;
5331 if(!xfr_find_soa(z, xfr)) {
5332 lock_rw_unlock(&z->lock);
5341 /* holding z lock */
5342 auth_zone_verify_zonemd(z, env, &env->mesh->mods, NULL, 0, 0);
5343 if(z->zone_expired) {
5347 * and both xfr and z again after releasing xfr for potential
5349 lock_rw_unlock(&z->lock);
5350 if(!xfr_process_reacquire_locks(xfr, env, &z))
5355 lock_rw_unlock(&z->lock);
5359 * and both xfr and z again after releasing xfr for potential
5361 lock_rw_unlock(&z->lock);
5362 if(!xfr_process_reacquire_locks(xfr, env, &z))
5364 /* holding xfr and z locks */
5369 if(z->rpz)
5370 rpz_finish_config(z->rpz);
5373 lock_rw_unlock(&z->lock);
7055 * @param z: auth_zone with name of zone.
7058 auth_xfer_new(struct auth_zone* z)
7063 xfr->name = memdup(z->name, z->namelen);
7069 xfr->namelen = z->namelen;
7070 xfr->namelabs = z->namelabs;
7071 xfr->dclass = z->dclass;
7129 auth_xfer_create(struct auth_zones* az, struct auth_zone* z)
7134 xfr = auth_xfer_new(z);
7464 static int zonemd_simple_rrset(struct auth_zone* z, int hashalgo,
7477 key.rk.rrset_class = htons(z->dclass);
7495 struct auth_zone* z, struct auth_data* node)
7504 query_dname_compare(z->name, node->name)==0) {
7513 query_dname_compare(z->name, node->name)==0) {
7544 struct auth_zone* z, struct auth_data* node)
7552 query_dname_compare(z->name, node->name)==0) {
7570 struct auth_zone* z, struct auth_data* node)
7578 query_dname_compare(z->name, node->name)==0) {
7594 static int zonemd_simple_rrsig(struct auth_zone* z, int hashalgo,
7621 key.rk.rrset_class = htons(z->dclass);
7622 data.count = zonemd_simple_count_rrsig(rrset, rrlist, rrnum, z, node);
7629 add_rrlist_rrsigs_into_data(&data, &done, rrlist, rrnum, z, node);
7631 add_rrset_into_data(&data, &done, rrset, z, node);
7650 static int zonemd_simple_domain(struct auth_zone* z, int hashalgo,
7659 if(!dname_subdomain_c(node->name, z->name))
7667 query_dname_compare(z->name, node->name) == 0) {
7673 if(!zonemd_simple_rrsig(z, hashalgo, h, node,
7676 } else if(!zonemd_simple_rrset(z, hashalgo, h, node,
7685 static int zonemd_simple_collate(struct auth_zone* z, int hashalgo,
7692 RBTREE_FOR(n, struct auth_data*, &z->data) {
7693 if(!zonemd_simple_domain(z, hashalgo, h, n, region, buf,
7700 int auth_zone_generate_zonemd_hash(struct auth_zone* z, int scheme,
7711 if(!zonemd_simple_collate(z, hashalgo, h, region, buf, reason)) {
7727 int auth_zone_generate_zonemd_check(struct auth_zone* z, int scheme,
7750 if(!auth_zone_generate_zonemd_hash(z, scheme, hashalgo, gen,
7799 static int zonemd_dnssec_verify_rrset(struct auth_zone* z,
7812 auth_zone_log(z->name, VERB_ALGO, "zonemd dnssec verify: have "
7824 pk.rk.rrset_class = htons(z->dclass);
7829 auth_zone_log(z->name, VERB_ALGO,
7838 auth_zone_log(z->name, VERB_ALGO, "DNSSEC verify was bogus: %s", *why_bogus);
7873 static int zonemd_check_dnssec_absence(struct auth_zone* z,
7888 if(!zonemd_dnssec_verify_rrset(z, env, mods, dnskey, apex,
7900 auth_zone_log(z->name, VERB_ALGO, "zonemd DNSSEC NSEC verification of absence of ZONEMD secure");
7914 if(!az_nsec3_param(z, &algo, &iter, &salt, &saltlen)) {
7919 match = az_nsec3_find_exact(z, z->name, z->namelen, algo,
7931 if(!zonemd_dnssec_verify_rrset(z, env, mods, dnskey, match,
7942 auth_zone_log(z->name, VERB_ALGO, "zonemd DNSSEC NSEC3 verification of absence of ZONEMD secure");
7950 static int zonemd_check_dnssec_soazonemd(struct auth_zone* z,
7966 if(!zonemd_dnssec_verify_rrset(z, env, mods, dnskey, apex, soa,
7971 if(!zonemd_dnssec_verify_rrset(z, env, mods, dnskey, apex,
7976 auth_zone_log(z->name, VERB_ALGO, "zonemd DNSSEC verification of SOA and ZONEMD RRsets secure");
7982 * @param z: auth zone that fails.
7988 static void auth_zone_zonemd_fail(struct auth_zone* z, struct module_env* env,
7994 dname_str(z->name, zstr);
8018 z->zone_expired = 1;
8023 * @param z: auth zone.
8036 auth_zone_verify_zonemd_with_key(struct auth_zone* z, struct module_env* env,
8047 apex = az_find_name(z, z->name, z->namelen);
8064 auth_zone_zonemd_fail(z, env, "DNSKEY missing", NULL, result);
8068 if(!zonemd_check_dnssec_absence(z, env, mods, dnskey, apex,
8071 auth_zone_zonemd_fail(z, env, reason, why_bogus, result);
8077 if(!zonemd_check_dnssec_soazonemd(z, env, mods, dnskey, apex,
8080 auth_zone_zonemd_fail(z, env, reason, why_bogus, result);
8085 if(zonemd_absent && z->zonemd_reject_absence) {
8086 auth_zone_zonemd_fail(z, env, "ZONEMD absent and that is not allowed by config", NULL, result);
8090 auth_zone_log(z->name, VERB_ALGO, "DNSSEC verified nonexistence of ZONEMD");
8098 auth_zone_log(z->name, VERB_ALGO, "no ZONEMD present");
8107 if(!auth_zone_zonemd_check_hash(z, env, &reason)) {
8108 auth_zone_zonemd_fail(z, env, reason, NULL, result);
8114 auth_zone_log(z->name, VERB_ALGO, "ZONEMD %s", reason);
8115 else auth_zone_log(z->name, VERB_ALGO, "ZONEMD verification successful");
8128 * @param z: the auth zone.
8142 zonemd_get_dnskey_from_anchor(struct auth_zone* z, struct module_env* env,
8154 apex = az_find_name(z, z->name, z->namelen);
8178 keystorage->rk.rrset_class = htons(z->dclass);
8179 auth_zone_log(z->name, VERB_QUERY,
8195 auth_zone_log(z->name, VERB_ALGO,
8203 auth_zone_verify_zonemd_key_with_ds(struct auth_zone* z,
8216 apex = az_find_name(z, z->name, z->namelen);
8240 keystorage->rk.rrset_class = htons(z->dclass);
8241 auth_zone_log(z->name, VERB_QUERY, "zonemd: verify zone DNSKEY with DS");
8256 auth_zone_log(z->name, VERB_ALGO,
8267 struct auth_zone* z = (struct auth_zone*)arg;
8276 lock_rw_wrlock(&z->lock);
8277 env = z->zonemd_callback_env;
8280 z->zonemd_callback_env = NULL;
8281 if(!env || env->outnet->want_to_quit || z->zone_deleted) {
8282 lock_rw_unlock(&z->lock);
8285 if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DS)
8293 if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DNSKEY)
8297 auth_zone_log(z->name, VERB_ALGO,
8300 uint16_t wanted_qtype = z->zonemd_callback_qtype;
8307 query_dname_compare(z->name, rq.qname) == 0 &&
8313 if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DNSKEY)
8316 auth_zone_log(z->name, VERB_ALGO,
8320 auth_zone_log(z->name, VERB_ALGO,
8324 auth_zone_log(z->name, VERB_ALGO,
8328 auth_zone_log(z->name, VERB_ALGO,
8331 auth_zone_log(z->name, VERB_ALGO,
8333 if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DNSKEY)
8338 query_dname_compare(z->name, rq.qname) == 0 &&
8347 auth_zone_log(z->name, VERB_ALGO,
8350 query_dname_compare(z->name, rq.qname) == 0 &&
8354 auth_zone_log(z->name, VERB_ALGO,
8357 query_dname_compare(z->name, rq.qname) == 0 &&
8361 auth_zone_log(z->name, VERB_ALGO,
8364 auth_zone_log(z->name, VERB_ALGO,
8366 if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DNSKEY)
8371 auth_zone_log(z->name, VERB_ALGO,
8373 if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DNSKEY)
8379 dnskey = auth_zone_verify_zonemd_key_with_ds(z, env,
8388 auth_zone_zonemd_fail(z, env, reason, ds_bogus, NULL);
8389 lock_rw_unlock(&z->lock);
8394 auth_zone_verify_zonemd_with_key(z, env, &env->mesh->mods, dnskey,
8397 lock_rw_unlock(&z->lock);
8402 zonemd_lookup_dnskey(struct auth_zone* z, struct module_env* env)
8410 if(!z->fallback_enabled) {
8416 if(z->zonemd_callback_env) {
8421 auth_zone_log(z->name, VERB_ALGO,
8428 qinfo.qname_len = z->namelen;
8429 qinfo.qname = z->name;
8430 qinfo.qclass = z->dclass;
8438 dname_str(z->name, buf2);
8457 z->zonemd_callback_env = env;
8458 z->zonemd_callback_qtype = qinfo.qtype;
8460 lock_rw_unlock(&z->lock);
8462 &auth_zonemd_dnskey_lookup_callback, z, 0)) {
8463 lock_rw_wrlock(&z->lock);
8468 lock_rw_wrlock(&z->lock);
8472 void auth_zone_verify_zonemd(struct auth_zone* z, struct module_env* env,
8483 if(!z->zonemd_check)
8485 if(z->data.count == 0)
8494 anchor = anchors_lookup(env->anchors, z->name, z->namelen,
8495 z->dclass);
8503 } else if(anchor && query_dname_compare(z->name, anchor->name) == 0) {
8509 dnskey = zonemd_get_dnskey_from_anchor(z, env, mods, anchor,
8522 if(zonemd_lookup_dnskey(z, env)) {
8536 auth_zone_zonemd_fail(z, env, reason, why_bogus, result);
8541 auth_zone_verify_zonemd_with_key(z, env, mods, dnskey, is_insecure,
8552 struct auth_zone* z;
8555 RBTREE_FOR(z, struct auth_zone*, &az->ztree) {
8556 lock_rw_wrlock(&z->lock);
8557 if(!z->zonemd_check) {
8558 lock_rw_unlock(&z->lock);
8561 key.dclass = z->dclass;
8562 key.namelabs = z->namelabs;
8563 if(z->namelen > sizeof(savezname)) {
8564 lock_rw_unlock(&z->lock);
8568 savezname_len = z->namelen;
8569 memmove(savezname, z->name, z->namelen);
8571 auth_zone_verify_zonemd(z, env, &env->mesh->mods, NULL, 0, 1);
8572 lock_rw_unlock(&z->lock);
8579 z = (struct auth_zone*)rbtree_search(&az->ztree, &key);
8580 if(!z)
8608 auth_zone_get_mem(struct auth_zone* z)
8610 size_t m = sizeof(*z) + z->namelen;
8612 if(z->zonefile)
8613 m += strlen(z->zonefile)+1;
8614 RBTREE_FOR(node, struct auth_data*, &z->data) {
8617 if(z->rpz)
8618 m += rpz_get_mem(z->rpz);
8694 struct auth_zone* z;
8695 RBTREE_FOR(z, struct auth_zone*, &az->ztree) {
8696 lock_rw_rdlock(&z->lock);
8697 m += auth_zone_get_mem(z);
8698 lock_rw_unlock(&z->lock);