Lines Matching +full:unlock +full:- +full:keys
2 * validator/autotrust.c - RFC5011 trust anchor management for unbound.
80 rbtree_init(&global->probe, &probetree_cmp); in autr_global_create()
96 log_assert(a->autr && b->autr); in probetree_cmp()
97 if(a->autr->next_probe_time < b->autr->next_probe_time) in probetree_cmp()
98 return -1; in probetree_cmp()
99 if(a->autr->next_probe_time > b->autr->next_probe_time) in probetree_cmp()
111 lock_basic_lock(&anchors->lock); in autr_get_num_anchors()
112 if(anchors->autr) in autr_get_num_anchors()
113 res = anchors->autr->probe.count; in autr_get_num_anchors()
114 lock_basic_unlock(&anchors->lock); in autr_get_num_anchors()
124 return (int)(pos-str)+(int)strlen(sub); in position_in_string()
125 return -1; in position_in_string()
146 char* str = sldns_wire2str_dname(ta->rr, ta->dname_len); in verbose_key()
148 ta->rr, ta->rr_len, ta->dname_len), in verbose_key()
149 sldns_wirerr_get_rdatalen(ta->rr, ta->rr_len, in verbose_key()
150 ta->dname_len)); in verbose_key()
200 ta->s = AUTR_STATE_VALID; in parse_comments()
203 int s = (int) comments[pos] - '0'; in parse_comments()
212 ta->s = s; in parse_comments()
217 ta->s = AUTR_STATE_START; in parse_comments()
230 ta->pending_count = 0; in parse_comments()
234 ta->pending_count = (uint8_t)atoi(comments); in parse_comments()
251 ta->last_change = 0; in parse_comments()
253 ta->last_change = (time_t)timestamp; in parse_comments()
301 sldns_wirerr_get_type(ta->rr, ta->rr_len, ta->dname_len), in ta_is_dnskey_sep()
302 sldns_wirerr_get_rdata(ta->rr, ta->rr_len, ta->dname_len), in ta_is_dnskey_sep()
303 sldns_wirerr_get_rdatalen(ta->rr, ta->rr_len, ta->dname_len) in ta_is_dnskey_sep()
324 ta->rr = rr; in autr_ta_create()
325 ta->rr_len = rr_len; in autr_ta_create()
326 ta->dname_len = dname_len; in autr_ta_create()
337 tp->name = memdup(own, own_len); in autr_tp_create()
338 if(!tp->name) { in autr_tp_create()
342 tp->namelen = own_len; in autr_tp_create()
343 tp->namelabs = dname_count_labels(tp->name); in autr_tp_create()
344 tp->node.key = tp; in autr_tp_create()
345 tp->dclass = dc; in autr_tp_create()
346 tp->autr = (struct autr_point_data*)calloc(1, sizeof(*tp->autr)); in autr_tp_create()
347 if(!tp->autr) { in autr_tp_create()
348 free(tp->name); in autr_tp_create()
352 tp->autr->pnode.key = tp; in autr_tp_create()
354 lock_basic_lock(&anchors->lock); in autr_tp_create()
355 if(!rbtree_insert(anchors->tree, &tp->node)) { in autr_tp_create()
357 lock_basic_unlock(&anchors->lock); in autr_tp_create()
358 dname_str(tp->name, buf); in autr_tp_create()
360 free(tp->name); in autr_tp_create()
361 free(tp->autr); in autr_tp_create()
365 if(!rbtree_insert(&anchors->autr->probe, &tp->autr->pnode)) { in autr_tp_create()
367 (void)rbtree_delete(anchors->tree, tp); in autr_tp_create()
368 lock_basic_unlock(&anchors->lock); in autr_tp_create()
369 dname_str(tp->name, buf); in autr_tp_create()
371 free(tp->name); in autr_tp_create()
372 free(tp->autr); in autr_tp_create()
376 lock_basic_init(&tp->lock); in autr_tp_create()
377 lock_protect(&tp->lock, tp, sizeof(*tp)); in autr_tp_create()
378 lock_protect(&tp->lock, tp->autr, sizeof(*tp->autr)); in autr_tp_create()
379 lock_basic_unlock(&anchors->lock); in autr_tp_create()
388 free(r->rk.dname); in autr_rrset_delete()
389 free(r->entry.data); in autr_rrset_delete()
398 lock_unprotect(&tp->lock, tp); in autr_point_delete()
399 lock_unprotect(&tp->lock, tp->autr); in autr_point_delete()
400 lock_basic_destroy(&tp->lock); in autr_point_delete()
401 autr_rrset_delete(tp->ds_rrset); in autr_point_delete()
402 autr_rrset_delete(tp->dnskey_rrset); in autr_point_delete()
403 if(tp->autr) { in autr_point_delete()
404 struct autr_ta* p = tp->autr->keys, *np; in autr_point_delete()
406 np = p->next; in autr_point_delete()
407 free(p->rr); in autr_point_delete()
411 free(tp->autr->file); in autr_point_delete()
412 free(tp->autr); in autr_point_delete()
414 free(tp->name); in autr_point_delete()
427 if(!tp->autr) { in find_add_tp()
429 lock_basic_unlock(&tp->lock); in find_add_tp()
438 lock_basic_lock(&tp->lock); in find_add_tp()
452 free(ta->rr); in add_trustanchor_frm_rr()
457 ta->next = (*tp)->autr->keys; in add_trustanchor_frm_rr()
458 (*tp)->autr->keys = ta; in add_trustanchor_frm_rr()
459 lock_basic_unlock(&(*tp)->lock); in add_trustanchor_frm_rr()
540 lock_basic_lock(&tp->lock); in load_trustanchor()
542 lock_basic_unlock(&tp->lock); in load_trustanchor()
545 if(!tp->autr->file) { in load_trustanchor()
546 tp->autr->file = strdup(fname); in load_trustanchor()
547 if(!tp->autr->file) { in load_trustanchor()
548 lock_basic_unlock(&tp->lock); in load_trustanchor()
553 lock_basic_unlock(&tp->lock); in load_trustanchor()
563 if(sldns_wirerr_get_type((*list)->rr, (*list)->rr_len, in assemble_iterate_ds()
564 (*list)->dname_len) == LDNS_RR_TYPE_DS) { in assemble_iterate_ds()
565 *rr = (*list)->rr; in assemble_iterate_ds()
566 *rr_len = (*list)->rr_len; in assemble_iterate_ds()
567 *dname_len = (*list)->dname_len; in assemble_iterate_ds()
568 *list = (*list)->next; in assemble_iterate_ds()
571 *list = (*list)->next; in assemble_iterate_ds()
582 if(sldns_wirerr_get_type((*list)->rr, (*list)->rr_len, in assemble_iterate_dnskey()
583 (*list)->dname_len) != LDNS_RR_TYPE_DS && in assemble_iterate_dnskey()
584 ((*list)->s == AUTR_STATE_VALID || in assemble_iterate_dnskey()
585 (*list)->s == AUTR_STATE_MISSING)) { in assemble_iterate_dnskey()
586 *rr = (*list)->rr; in assemble_iterate_dnskey()
587 *rr_len = (*list)->rr_len; in assemble_iterate_dnskey()
588 *dname_len = (*list)->dname_len; in assemble_iterate_dnskey()
589 *list = (*list)->next; in assemble_iterate_dnskey()
592 *list = (*list)->next; in assemble_iterate_dnskey()
597 /** see if iterator-list has any elements in it, or it is empty */
624 * Keys for the cache have to be obtained from alloc.h .
641 k->rk.type = htons(sldns_wirerr_get_type(rr, rr_len, dname_len)); in ub_packed_rrset_heap_key()
642 k->rk.rrset_class = htons(sldns_wirerr_get_class(rr, rr_len, dname_len)); in ub_packed_rrset_heap_key()
643 k->rk.dname_len = dname_len; in ub_packed_rrset_heap_key()
644 k->rk.dname = memdup(rr, dname_len); in ub_packed_rrset_heap_key()
645 if(!k->rk.dname) { in ub_packed_rrset_heap_key()
692 data->ttl = ttl; in packed_rrset_heap_data()
693 data->count = count; in packed_rrset_heap_data()
694 data->rrsig_count = rrsig_count; in packed_rrset_heap_data()
695 data->rr_len = (size_t*)((uint8_t*)data + in packed_rrset_heap_data()
697 data->rr_data = (uint8_t**)&(data->rr_len[total]); in packed_rrset_heap_data()
698 data->rr_ttl = (time_t*)&(data->rr_data[total]); in packed_rrset_heap_data()
699 nextrdata = (uint8_t*)&(data->rr_ttl[total]); in packed_rrset_heap_data()
705 data->rr_ttl[i] = (time_t)sldns_wirerr_get_ttl(rr, rr_len, in packed_rrset_heap_data()
707 if(data->rr_ttl[i] < data->ttl) in packed_rrset_heap_data()
708 data->ttl = data->rr_ttl[i]; in packed_rrset_heap_data()
709 data->rr_len[i] = 2 /* the rdlength */ + in packed_rrset_heap_data()
716 data->rr_data[i] = nextrdata; in packed_rrset_heap_data()
717 nextrdata += data->rr_len[i]; in packed_rrset_heap_data()
724 log_assert(data->rr_data[i]); in packed_rrset_heap_data()
725 memmove(data->rr_data[i], in packed_rrset_heap_data()
727 data->rr_len[i]); in packed_rrset_heap_data()
731 if(data->rrsig_count && data->count == 0) { in packed_rrset_heap_data()
732 data->count = data->rrsig_count; /* rrset type is RRSIG */ in packed_rrset_heap_data()
733 data->rrsig_count = 0; in packed_rrset_heap_data()
750 /* make packed rrset keys - malloced with no ID number, they in autr_assemble()
753 if(assemble_iterate_hasfirst(assemble_iterate_ds, tp->autr->keys)) { in autr_assemble()
755 assemble_iterate_ds, tp->autr->keys); in autr_assemble()
758 ubds->entry.data = packed_rrset_heap_data( in autr_assemble()
759 assemble_iterate_ds, tp->autr->keys); in autr_assemble()
760 if(!ubds->entry.data) in autr_assemble()
765 if(assemble_iterate_hasfirst(assemble_iterate_dnskey, tp->autr->keys)) { in autr_assemble()
767 assemble_iterate_dnskey, tp->autr->keys); in autr_assemble()
770 ubdnskey->entry.data = packed_rrset_heap_data( in autr_assemble()
771 assemble_iterate_dnskey, tp->autr->keys); in autr_assemble()
772 if(!ubdnskey->entry.data) { in autr_assemble()
780 /* we have prepared the new keys so nothing can go wrong any more. in autr_assemble()
782 * any errors. Put in the new keys and remove old ones. */ in autr_assemble()
785 autr_rrset_delete(tp->ds_rrset); in autr_assemble()
786 autr_rrset_delete(tp->dnskey_rrset); in autr_assemble()
789 tp->ds_rrset = ubds; in autr_assemble()
790 tp->dnskey_rrset = ubdnskey; in autr_assemble()
791 tp->numDS = assemble_iterate_count(assemble_iterate_ds, in autr_assemble()
792 tp->autr->keys); in autr_assemble()
793 tp->numDNSKEY = assemble_iterate_count(assemble_iterate_dnskey, in autr_assemble()
794 tp->autr->keys); in autr_assemble()
805 *ret = -1; /* parse error */ in parse_int()
832 if(r == -1) { in parse_id()
849 * @return: 0 no match, -1 failed syntax error, +1 success line read.
860 if(!*anchor) return -1; in parse_var_line()
865 return -1; in parse_var_line()
869 if(!tp) return -1; in parse_var_line()
870 lock_basic_lock(&tp->lock); in parse_var_line()
871 tp->autr->last_queried = (time_t)parse_int(line+16, &r); in parse_var_line()
872 lock_basic_unlock(&tp->lock); in parse_var_line()
874 if(!tp) return -1; in parse_var_line()
875 lock_basic_lock(&tp->lock); in parse_var_line()
876 tp->autr->last_success = (time_t)parse_int(line+16, &r); in parse_var_line()
877 lock_basic_unlock(&tp->lock); in parse_var_line()
879 if(!tp) return -1; in parse_var_line()
880 lock_basic_lock(&anchors->lock); in parse_var_line()
881 lock_basic_lock(&tp->lock); in parse_var_line()
882 (void)rbtree_delete(&anchors->autr->probe, tp); in parse_var_line()
883 tp->autr->next_probe_time = (time_t)parse_int(line+19, &r); in parse_var_line()
884 (void)rbtree_insert(&anchors->autr->probe, &tp->autr->pnode); in parse_var_line()
885 lock_basic_unlock(&tp->lock); in parse_var_line()
886 lock_basic_unlock(&anchors->lock); in parse_var_line()
888 if(!tp) return -1; in parse_var_line()
889 lock_basic_lock(&tp->lock); in parse_var_line()
890 tp->autr->query_failed = (uint8_t)parse_int(line+16, &r); in parse_var_line()
891 lock_basic_unlock(&tp->lock); in parse_var_line()
893 if(!tp) return -1; in parse_var_line()
894 lock_basic_lock(&tp->lock); in parse_var_line()
895 tp->autr->query_interval = (time_t)parse_int(line+18, &r); in parse_var_line()
896 lock_basic_unlock(&tp->lock); in parse_var_line()
898 if(!tp) return -1; in parse_var_line()
899 lock_basic_lock(&tp->lock); in parse_var_line()
900 tp->autr->retry_time = (time_t)parse_int(line+14, &r); in parse_var_line()
901 lock_basic_unlock(&tp->lock); in parse_var_line()
933 buf[len-1] = 0; in read_multiline()
940 say for TXT records, but this routine only has to read keys */ in read_multiline()
947 return -1; in read_multiline()
949 depth--; in read_multiline()
962 pos[poslen-1] = 0; /* strip newline */ in read_multiline()
969 left -= poslen; in read_multiline()
973 return -1; in read_multiline()
978 left -= 1; in read_multiline()
982 return -1; in read_multiline()
1011 if(r == -1 || (r = parse_var_line(line, anchors, &tp)) == -1) { in autr_read_file()
1012 log_err("could not parse auto-trust-anchor-file " in autr_read_file()
1041 "the file may only contain keys for one name, " in autr_read_file()
1042 "remove keys for other domain names", nm); in autr_read_file()
1059 lock_basic_lock(&tp->lock); in autr_read_file()
1061 lock_basic_unlock(&tp->lock); in autr_read_file()
1065 lock_basic_unlock(&tp->lock); in autr_read_file()
1125 if(tp->autr->revoked) { in autr_write_contents()
1127 fprintf(out, "; The zone has all keys revoked, and is\n" in autr_write_contents()
1136 if(!print_id(out, fn, tp->name, tp->namelen, tp->dclass)) { in autr_write_contents()
1140 (unsigned int)tp->autr->last_queried, in autr_write_contents()
1141 autr_ctime_r(&(tp->autr->last_queried), tmi)) < 0 || in autr_write_contents()
1143 (unsigned int)tp->autr->last_success, in autr_write_contents()
1144 autr_ctime_r(&(tp->autr->last_success), tmi)) < 0 || in autr_write_contents()
1146 (unsigned int)tp->autr->next_probe_time, in autr_write_contents()
1147 autr_ctime_r(&(tp->autr->next_probe_time), tmi)) < 0 || in autr_write_contents()
1148 fprintf(out, ";;query_failed: %d\n", (int)tp->autr->query_failed)<0 in autr_write_contents()
1150 (int)tp->autr->query_interval) < 0 || in autr_write_contents()
1151 fprintf(out, ";;retry_time: %d\n", (int)tp->autr->retry_time) < 0) { in autr_write_contents()
1157 for(ta=tp->autr->keys; ta; ta=ta->next) { in autr_write_contents()
1158 /* by default do not store START and REMOVED keys */ in autr_write_contents()
1159 if(ta->s == AUTR_STATE_START) in autr_write_contents()
1161 if(ta->s == AUTR_STATE_REMOVED) in autr_write_contents()
1163 /* only store keys */ in autr_write_contents()
1164 if(sldns_wirerr_get_type(ta->rr, ta->rr_len, ta->dname_len) in autr_write_contents()
1167 str = sldns_wire2str_rr(ta->rr, ta->rr_len); in autr_write_contents()
1173 str[strlen(str)-1] = 0; /* remove newline */ in autr_write_contents()
1175 ";;lastchange=%u ;;%s", str, (int)ta->s, in autr_write_contents()
1176 trustanchor_state2str(ta->s), (int)ta->pending_count, in autr_write_contents()
1177 (unsigned int)ta->last_change, in autr_write_contents()
1178 autr_ctime_r(&(ta->last_change), tmi)) < 0) { in autr_write_contents()
1191 char* fname = tp->autr->file; in autr_write_file()
1196 log_assert(tp->autr); in autr_write_file()
1210 snprintf(tempf, sizeof(tempf), "%s.%d-%d-" ARG_LL "x", fname, (int)getpid(), in autr_write_file()
1211 env->worker?*(int*)env->worker:0, llvalue); in autr_write_file()
1268 int downprot = env->cfg->harden_algo_downgrade; in verify_dnskey()
1270 tp->ds_rrset, tp->dnskey_rrset, downprot?sigalg:NULL, &reason, in verify_dnskey()
1296 for(i=dd->count; i<dd->count+dd->rrsig_count; i++) { in min_expiry()
1297 t = rrsig_get_expiry(dd->rr_data[i], dd->rr_len[i]); in min_expiry()
1298 if((int32_t)t - (int32_t)*env->now > 0) { in min_expiry()
1299 t -= (int32_t)*env->now; in min_expiry()
1307 /** Is rr self-signed revoked key */
1315 verbose(VERB_ALGO, "seen REVOKE flag, check self-signed, rr %d", in rr_is_selfsigned_revoked()
1328 ta->fetched = seen; in seen_trustanchor()
1329 if(ta->pending_count < 250) /* no numerical overflow, please */ in seen_trustanchor()
1330 ta->pending_count++; in seen_trustanchor()
1337 ta->revoked = revoked; in seen_revoked_trustanchor()
1346 if(sldns_wirerr_get_type(ta->rr, ta->rr_len, ta->dname_len) != in revoke_dnskey()
1349 if(sldns_wirerr_get_rdatalen(ta->rr, ta->rr_len, ta->dname_len) < 2) in revoke_dnskey()
1351 data = sldns_wirerr_get_rdata(ta->rr, ta->rr_len, ta->dname_len); in revoke_dnskey()
1366 return -1; in dnskey_compare_skip_revbit()
1378 if (rdf1 < rdf2) return -1; in dnskey_compare_skip_revbit()
1389 if(!a) return -1; in ta_compare()
1390 else if(!b) return -1; in ta_compare()
1391 else if(sldns_wirerr_get_type(a->rr, a->rr_len, a->dname_len) != t) in ta_compare()
1392 return (int)sldns_wirerr_get_type(a->rr, a->rr_len, in ta_compare()
1393 a->dname_len) - (int)t; in ta_compare()
1396 sldns_wirerr_get_rdata(a->rr, a->rr_len, a->dname_len), in ta_compare()
1397 sldns_wirerr_get_rdatalen(a->rr, a->rr_len, in ta_compare()
1398 a->dname_len), b, b_len); in ta_compare()
1401 if(sldns_wirerr_get_rdatalen(a->rr, a->rr_len, a->dname_len) != in ta_compare()
1403 return -1; in ta_compare()
1404 return memcmp(sldns_wirerr_get_rdata(a->rr, in ta_compare()
1405 a->rr_len, a->dname_len), b, b_len); in ta_compare()
1407 return -1; in ta_compare()
1428 for(ta=tp->autr->keys; ta; ta=ta->next) { in find_key()
1448 dname_len = tp->namelen; in add_key()
1453 memmove(rr, tp->name, tp->namelen); in add_key()
1465 ta->next = tp->autr->keys; in add_key()
1466 tp->autr->keys = ta; in add_key()
1474 struct packed_rrset_data* d = (struct packed_rrset_data*)k->entry.data; in key_ttl()
1475 return d->ttl; in key_ttl()
1483 time_t x, qi = tp->autr->query_interval, rt = tp->autr->retry_time; in set_tp_times()
1494 tp->autr->query_interval = 3600; in set_tp_times()
1495 else tp->autr->query_interval = x; in set_tp_times()
1496 } else tp->autr->query_interval = x; in set_tp_times()
1507 tp->autr->retry_time = 3600; in set_tp_times()
1508 else tp->autr->retry_time = x; in set_tp_times()
1509 } else tp->autr->retry_time = x; in set_tp_times()
1511 if(qi != tp->autr->query_interval || rt != tp->autr->retry_time) { in set_tp_times()
1517 (int)tp->autr->query_interval, in set_tp_times()
1518 (int)tp->autr->retry_time); in set_tp_times()
1527 for(ta=tp->autr->keys; ta; ta=ta->next) { in init_events()
1528 ta->fetched = 0; in init_events()
1532 /** check for revoked keys without trusting any other information */
1539 dnskey_rrset->entry.data; in check_contains_revoked()
1541 log_assert(ntohs(dnskey_rrset->rk.type) == LDNS_RR_TYPE_DNSKEY); in check_contains_revoked()
1542 for(i=0; i<dd->count; i++) { in check_contains_revoked()
1544 if(!rr_is_dnskey_sep(ntohs(dnskey_rrset->rk.type), in check_contains_revoked()
1545 dd->rr_data[i]+2, dd->rr_len[i]-2) || in check_contains_revoked()
1546 !rr_is_dnskey_revoked(ntohs(dnskey_rrset->rk.type), in check_contains_revoked()
1547 dd->rr_data[i]+2, dd->rr_len[i]-2)) in check_contains_revoked()
1549 if(!find_key(tp, ntohs(dnskey_rrset->rk.type), in check_contains_revoked()
1550 dd->rr_data[i]+2, dd->rr_len[i]-2, &ta)) { in check_contains_revoked()
1560 log_assert(dnskey_calc_keytag(dnskey_rrset, i)-128 == in check_contains_revoked()
1562 ta->rr, ta->rr_len, ta->dname_len), in check_contains_revoked()
1563 sldns_wirerr_get_rdatalen(ta->rr, ta->rr_len, in check_contains_revoked()
1564 ta->dname_len)) || in check_contains_revoked()
1567 ta->rr, ta->rr_len, ta->dname_len), in check_contains_revoked()
1568 sldns_wirerr_get_rdatalen(ta->rr, ta->rr_len, in check_contains_revoked()
1569 ta->dname_len))); /* checks conversion*/ in check_contains_revoked()
1570 verbose_key(ta, VERB_ALGO, "is self-signed revoked"); in check_contains_revoked()
1571 if(!ta->revoked) in check_contains_revoked()
1586 ds_rrset->entry.data; in key_matches_a_ds()
1587 size_t ds_idx, num = dd->count; in key_matches_a_ds()
1631 dnskey_rrset->entry.data; in update_events()
1633 log_assert(ntohs(dnskey_rrset->rk.type) == LDNS_RR_TYPE_DNSKEY); in update_events()
1635 for(i=0; i<dd->count; i++) { in update_events()
1637 if(!rr_is_dnskey_sep(ntohs(dnskey_rrset->rk.type), in update_events()
1638 dd->rr_data[i]+2, dd->rr_len[i]-2)) in update_events()
1640 if(rr_is_dnskey_revoked(ntohs(dnskey_rrset->rk.type), in update_events()
1641 dd->rr_data[i]+2, dd->rr_len[i]-2)) { in update_events()
1642 /* self-signed revoked keys already detected before, in update_events()
1643 * other revoked keys are not 'added' again */ in update_events()
1653 tp->name, LDNS_RR_TYPE_DNSKEY, tp->dclass); in update_events()
1658 if(!find_key(tp, ntohs(dnskey_rrset->rk.type), in update_events()
1659 dd->rr_data[i]+2, dd->rr_len[i]-2, &ta)) { in update_events()
1663 ta = add_key(tp, (uint32_t)dd->rr_ttl[i], in update_events()
1664 dd->rr_data[i]+2, dd->rr_len[i]-2); in update_events()
1667 if(ta && tp->ds_rrset && key_matches_a_ds(env, ve, in update_events()
1668 dnskey_rrset, i, tp->ds_rrset)) { in update_events()
1670 ta->s = AUTR_STATE_VALID; in update_events()
1685 * setting: add-holddown: add holddown timer
1686 * setting: del-holddown: del holddown timer
1697 if(*env->now < ta->last_change) { in check_holddown()
1701 elapsed = *env->now - ta->last_change; in check_holddown()
1703 return elapsed-(time_t)holddown; in check_holddown()
1706 (long long) ((time_t)holddown-elapsed)); in check_holddown()
1715 ta->last_change = *env->now; in reset_holddown()
1725 trustanchor_state2str(ta->s), trustanchor_state2str(s)); in set_trustanchor_state()
1726 ta->s = s; in set_trustanchor_state()
1735 if (anchor->s == AUTR_STATE_START) in do_newkey()
1746 time_t exceeded = check_holddown(env, anchor, env->cfg->add_holddown); in do_addtime()
1747 if (exceeded && anchor->s == AUTR_STATE_ADDPEND) { in do_addtime()
1748 verbose_key(anchor, VERB_ALGO, "add-holddown time exceeded " in do_addtime()
1749 ARG_LL "d seconds ago, and pending-count %d", in do_addtime()
1750 (long long)exceeded, anchor->pending_count); in do_addtime()
1751 if(anchor->pending_count >= MIN_PENDINGCOUNT) { in do_addtime()
1753 anchor->pending_count = 0; in do_addtime()
1756 verbose_key(anchor, VERB_ALGO, "add-holddown time sanity check " in do_addtime()
1757 "failed (pending count: %d)", anchor->pending_count); in do_addtime()
1765 time_t exceeded = check_holddown(env, anchor, env->cfg->del_holddown); in do_remtime()
1766 if(exceeded && anchor->s == AUTR_STATE_REVOKED) { in do_remtime()
1767 verbose_key(anchor, VERB_ALGO, "del-holddown time exceeded " in do_remtime()
1777 if(anchor->s == AUTR_STATE_ADDPEND) { in do_keyrem()
1779 anchor->pending_count = 0; in do_keyrem()
1780 } else if(anchor->s == AUTR_STATE_VALID) in do_keyrem()
1788 if(anchor->s == AUTR_STATE_MISSING) in do_keypres()
1796 if(anchor->s == AUTR_STATE_VALID || anchor->s == AUTR_STATE_MISSING) { in do_revoked()
1809 switch(anchor->s) { in anchor_state_update()
1813 if (anchor->fetched) in anchor_state_update()
1819 if (!anchor->fetched) in anchor_state_update()
1827 if (anchor->revoked) in anchor_state_update()
1830 else if (!anchor->fetched) in anchor_state_update()
1832 else if(!anchor->last_change) { in anchor_state_update()
1840 if (anchor->revoked) in anchor_state_update()
1843 else if (anchor->fetched) in anchor_state_update()
1848 if (anchor->fetched) in anchor_state_update()
1868 for(anchor = tp->autr->keys; anchor; anchor = anchor->next) { in init_zsk_to_ksk()
1870 if(sldns_wirerr_get_type(anchor->rr, anchor->rr_len, in init_zsk_to_ksk()
1871 anchor->dname_len) == LDNS_RR_TYPE_DNSKEY && in init_zsk_to_ksk()
1872 anchor->last_change == 0 && in init_zsk_to_ksk()
1874 anchor->s == AUTR_STATE_VALID) in init_zsk_to_ksk()
1879 for(anchor = tp->autr->keys; anchor; anchor = anchor->next) { in init_zsk_to_ksk()
1881 anchor->s == AUTR_STATE_ADDPEND) { in init_zsk_to_ksk()
1901 for(anchor = tp->autr->keys; anchor; anchor = anchor->next) { in remove_missing_trustanchors()
1905 if (anchor->s == AUTR_STATE_VALID) in remove_missing_trustanchors()
1909 * a ZSK (last-change=0) anchor, which is VALID and there are KSKs in remove_missing_trustanchors()
1921 for(anchor = tp->autr->keys; anchor; anchor = anchor->next) { in remove_missing_trustanchors()
1923 if(anchor->s == AUTR_STATE_START) in remove_missing_trustanchors()
1935 /* Only do MISSING keys */ in remove_missing_trustanchors()
1936 if (anchor->s != AUTR_STATE_MISSING) in remove_missing_trustanchors()
1938 if(env->cfg->keep_missing == 0) in remove_missing_trustanchors()
1941 exceeded = check_holddown(env, anchor, env->cfg->keep_missing); in remove_missing_trustanchors()
1945 verbose_key(anchor, VERB_ALGO, "keep-missing time " in remove_missing_trustanchors()
1959 for(anchor = tp->autr->keys; anchor; anchor = anchor->next) { in do_statetable()
1974 for(anchor = tp->autr->keys; anchor; anchor = anchor->next) { in autr_holddown_exceed()
1976 anchor->s == AUTR_STATE_ADDPEND) in autr_holddown_exceed()
1986 prevp = &tp->autr->keys; in autr_cleanup_keys()
1987 p = tp->autr->keys; in autr_cleanup_keys()
1990 if(p->s == AUTR_STATE_START || p->s == AUTR_STATE_REMOVED || in autr_cleanup_keys()
1991 sldns_wirerr_get_type(p->rr, p->rr_len, p->dname_len) in autr_cleanup_keys()
1993 struct autr_ta* np = p->next; in autr_cleanup_keys()
1995 free(p->rr); in autr_cleanup_keys()
2003 if(p->s != AUTR_STATE_ADDPEND) in autr_cleanup_keys()
2004 p->pending_count = 0; in autr_cleanup_keys()
2005 prevp = &p->next; in autr_cleanup_keys()
2006 p = p->next; in autr_cleanup_keys()
2014 /* make it random, 90-100% */ in calc_next_probe()
2023 rest = wait-rnd; in calc_next_probe()
2024 rnd = (time_t)ub_random_max(env->rnd, (long int)rnd); in calc_next_probe()
2025 return (time_t)(*env->now + rest + rnd); in calc_next_probe()
2032 rbnode_type* t = rbtree_first(&anchors->autr->probe); in wait_probe_time()
2034 return ((struct trust_anchor*)t->key)->autr->next_probe_time; in wait_probe_time()
2044 time_t next = (time_t)wait_probe_time(env->anchors); in reset_worker_timer()
2046 if(!env->probe_timer) in reset_worker_timer()
2048 if(next > *env->now) in reset_worker_timer()
2049 tv.tv_sec = (time_t)(next - *env->now); in reset_worker_timer()
2053 comm_timer_set(env->probe_timer, &tv); in reset_worker_timer()
2066 key.name = dnskey_rrset->rk.dname; in set_next_probe()
2067 key.namelen = dnskey_rrset->rk.dname_len; in set_next_probe()
2069 key.dclass = tp->dclass; in set_next_probe()
2070 lock_basic_unlock(&tp->lock); in set_next_probe()
2073 lock_basic_lock(&env->anchors->lock); in set_next_probe()
2074 tp2 = (struct trust_anchor*)rbtree_search(env->anchors->tree, &key); in set_next_probe()
2077 lock_basic_unlock(&env->anchors->lock); in set_next_probe()
2081 lock_basic_lock(&tp->lock); in set_next_probe()
2084 mold = wait_probe_time(env->anchors); in set_next_probe()
2085 (void)rbtree_delete(&env->anchors->autr->probe, tp); in set_next_probe()
2086 tp->autr->next_probe_time = calc_next_probe(env, in set_next_probe()
2087 tp->autr->query_interval); in set_next_probe()
2088 (void)rbtree_insert(&env->anchors->autr->probe, &tp->autr->pnode); in set_next_probe()
2089 mnew = wait_probe_time(env->anchors); in set_next_probe()
2091 lock_basic_unlock(&env->anchors->lock); in set_next_probe()
2093 (int)tp->autr->next_probe_time - (int)*env->now); in set_next_probe()
2111 tp->name, LDNS_RR_TYPE_DNSKEY, tp->dclass); in autr_tp_remove()
2112 tp->autr->revoked = 1; in autr_tp_remove()
2120 pd.next_probe_time = tp->autr->next_probe_time; in autr_tp_remove()
2121 key.name = dnskey_rrset->rk.dname; in autr_tp_remove()
2122 key.namelen = tp->namelen; in autr_tp_remove()
2123 key.namelabs = tp->namelabs; in autr_tp_remove()
2124 key.dclass = tp->dclass; in autr_tp_remove()
2126 /* unlock */ in autr_tp_remove()
2127 lock_basic_unlock(&tp->lock); in autr_tp_remove()
2130 lock_basic_lock(&env->anchors->lock); in autr_tp_remove()
2131 del_tp = (struct trust_anchor*)rbtree_delete(env->anchors->tree, &key); in autr_tp_remove()
2132 mold = wait_probe_time(env->anchors); in autr_tp_remove()
2133 (void)rbtree_delete(&env->anchors->autr->probe, &key); in autr_tp_remove()
2134 mnew = wait_probe_time(env->anchors); in autr_tp_remove()
2135 anchors_init_parents_locked(env->anchors); in autr_tp_remove()
2136 lock_basic_unlock(&env->anchors->lock); in autr_tp_remove()
2143 del_tp->autr->next_probe_time = 0; /* no more probing for it */ in autr_tp_remove()
2159 log_assert(tp && tp->autr); in autr_process_prime()
2164 * is busy deleting it. Just unlock and let the other do its job */ in autr_process_prime()
2165 if(tp->autr->revoked) { in autr_process_prime()
2167 "trust point revoked", tp->name, in autr_process_prime()
2168 LDNS_RR_TYPE_DNSKEY, tp->dclass); in autr_process_prime()
2169 lock_basic_unlock(&tp->lock); in autr_process_prime()
2174 tp->autr->last_queried = *env->now; in autr_process_prime()
2177 tp->name, LDNS_RR_TYPE_DNSKEY, tp->dclass); in autr_process_prime()
2178 /* see if time alone makes some keys valid */ in autr_process_prime()
2183 log_err("malloc failure assembling autotrust keys"); in autr_process_prime()
2196 /* check for revoked keys to remove immediately */ in autr_process_prime()
2201 log_err("malloc failure assembling autotrust keys"); in autr_process_prime()
2204 if(!tp->ds_rrset && !tp->dnskey_rrset) { in autr_process_prime()
2205 /* no more keys, all are revoked */ in autr_process_prime()
2207 tp->autr->last_success = *env->now; in autr_process_prime()
2217 if(tp->autr->last_success) { in autr_process_prime()
2218 tp->autr->query_failed += 1; in autr_process_prime()
2224 tp->autr->last_success = *env->now; in autr_process_prime()
2225 tp->autr->query_failed = 0; in autr_process_prime()
2228 * - note which trust anchors are seen this probe. in autr_process_prime()
2230 * - find minimum rrsig expiration interval in autr_process_prime()
2238 /* - for every SEP key do the 5011 statetable. in autr_process_prime()
2239 * - remove missing trustanchors (if veryold and we have new anchors). in autr_process_prime()
2254 log_err("malloc failure assembling autotrust keys"); in autr_process_prime()
2257 if(!tp->ds_rrset && !tp->dnskey_rrset) { in autr_process_prime()
2258 /* no more keys, all are revoked */ in autr_process_prime()
2272 char* str = sldns_wire2str_rr(ta->rr, ta->rr_len); in autr_debug_print_ta()
2277 if(str[0]) str[strlen(str)-1]=0; /* remove newline */ in autr_debug_print_ta()
2278 (void)autr_ctime_r(&ta->last_change, buf); in autr_debug_print_ta()
2279 if(buf[0]) buf[strlen(buf)-1]=0; /* remove newline */ in autr_debug_print_ta()
2281 trustanchor_state2str(ta->s), str, ta->s, ta->pending_count, in autr_debug_print_ta()
2282 ta->fetched?" fetched":"", ta->revoked?" revoked":"", buf); in autr_debug_print_ta()
2292 if(!tp->autr) in autr_debug_print_tp()
2294 dname_str(tp->name, buf); in autr_debug_print_tp()
2295 log_info("trust point %s : %d", buf, (int)tp->dclass); in autr_debug_print_tp()
2297 (int)tp->numDS, (int)tp->numDNSKEY); in autr_debug_print_tp()
2298 if(tp->ds_rrset) { in autr_debug_print_tp()
2299 log_packed_rrset(NO_VERBOSE, "DS:", tp->ds_rrset); in autr_debug_print_tp()
2301 if(tp->dnskey_rrset) { in autr_debug_print_tp()
2302 log_packed_rrset(NO_VERBOSE, "DNSKEY:", tp->dnskey_rrset); in autr_debug_print_tp()
2304 log_info("file %s", tp->autr->file); in autr_debug_print_tp()
2305 (void)autr_ctime_r(&tp->autr->last_queried, buf); in autr_debug_print_tp()
2306 if(buf[0]) buf[strlen(buf)-1]=0; /* remove newline */ in autr_debug_print_tp()
2307 log_info("last_queried: %u %s", (unsigned)tp->autr->last_queried, buf); in autr_debug_print_tp()
2308 (void)autr_ctime_r(&tp->autr->last_success, buf); in autr_debug_print_tp()
2309 if(buf[0]) buf[strlen(buf)-1]=0; /* remove newline */ in autr_debug_print_tp()
2310 log_info("last_success: %u %s", (unsigned)tp->autr->last_success, buf); in autr_debug_print_tp()
2311 (void)autr_ctime_r(&tp->autr->next_probe_time, buf); in autr_debug_print_tp()
2312 if(buf[0]) buf[strlen(buf)-1]=0; /* remove newline */ in autr_debug_print_tp()
2313 log_info("next_probe_time: %u %s", (unsigned)tp->autr->next_probe_time, in autr_debug_print_tp()
2315 log_info("query_interval: %u", (unsigned)tp->autr->query_interval); in autr_debug_print_tp()
2316 log_info("retry_time: %u", (unsigned)tp->autr->retry_time); in autr_debug_print_tp()
2317 log_info("query_failed: %u", (unsigned)tp->autr->query_failed); in autr_debug_print_tp()
2319 for(ta=tp->autr->keys; ta; ta=ta->next) { in autr_debug_print_tp()
2328 lock_basic_lock(&anchors->lock); in autr_debug_print()
2329 RBTREE_FOR(tp, struct trust_anchor*, anchors->tree) { in autr_debug_print()
2330 lock_basic_lock(&tp->lock); in autr_debug_print()
2332 lock_basic_unlock(&tp->lock); in autr_debug_print()
2334 lock_basic_unlock(&anchors->lock); in autr_debug_print()
2342 * re-querytime is set when query succeeded, but that may not in probe_answer_cb()
2363 sldns_buffer* buf = env->scratch_buffer; in probe_anchor()
2364 qinfo.qname = regional_alloc_init(env->scratch, tp->name, tp->namelen); in probe_anchor()
2369 qinfo.qname_len = tp->namelen; in probe_anchor()
2371 qinfo.qclass = tp->dclass; in probe_anchor()
2375 (int)tp->autr->next_probe_time - (int)*env->now); in probe_anchor()
2391 lock_basic_unlock(&tp->lock); in probe_anchor()
2396 rrset_cache_remove(env->rrset_cache, qinfo.qname, qinfo.qname_len, in probe_anchor()
2398 key_cache_remove(env->key_cache, qinfo.qname, qinfo.qname_len, in probe_anchor()
2401 if(!mesh_new_callback(env->mesh, &qinfo, qflags, &edns, buf, 0, in probe_anchor()
2407 /** fetch first to-probe trust-anchor and lock it and set retrytime */
2414 lock_basic_lock(&env->anchors->lock); in todo_probe()
2415 if( (el=rbtree_first(&env->anchors->autr->probe)) == RBTREE_NULL) { in todo_probe()
2417 lock_basic_unlock(&env->anchors->lock); in todo_probe()
2422 tp = (struct trust_anchor*)el->key; in todo_probe()
2423 lock_basic_lock(&tp->lock); in todo_probe()
2426 if((time_t)tp->autr->next_probe_time > *env->now) { in todo_probe()
2428 *next = (time_t)tp->autr->next_probe_time - *env->now; in todo_probe()
2429 lock_basic_unlock(&tp->lock); in todo_probe()
2430 lock_basic_unlock(&env->anchors->lock); in todo_probe()
2435 (void)rbtree_delete(&env->anchors->autr->probe, tp); in todo_probe()
2436 tp->autr->next_probe_time = calc_next_probe(env, tp->autr->retry_time); in todo_probe()
2437 (void)rbtree_insert(&env->anchors->autr->probe, &tp->autr->pnode); in todo_probe()
2438 lock_basic_unlock(&env->anchors->lock); in todo_probe()
2457 regional_free_all(env->scratch); in autr_probe_timer()