Lines Matching +full:conf +full:- +full:pd
2 * validator/val_anchor.c - validator trust anchor storage.
66 if(n1->dclass != n2->dclass) {
67 if(n1->dclass < n2->dclass)
68 return -1;
71 return dname_lab_cmp(n1->name, n1->namelabs, n2->name, n2->namelabs,
81 a->tree = rbtree_create(anchor_cmp);
82 if(!a->tree) {
86 a->autr = autr_global_create();
87 if(!a->autr) {
91 lock_basic_init(&a->lock);
92 lock_protect(&a->lock, a, sizeof(*a));
93 lock_protect(&a->lock, a->autr, sizeof(*a->autr));
102 if(pkey->entry.data) {
103 struct packed_rrset_data* pd = (struct packed_rrset_data*)
104 pkey->entry.data;
105 free(pd->rr_data);
106 free(pd->rr_ttl);
107 free(pd->rr_len);
108 free(pd);
110 free(pkey->rk.dname);
120 if(ta->autr) {
124 lock_basic_destroy(&ta->lock);
125 free(ta->name);
126 p = ta->keylist;
128 np = p->next;
129 free(p->data);
133 assembled_rrset_delete(ta->ds_rrset);
134 assembled_rrset_delete(ta->dnskey_rrset);
144 lock_unprotect(&anchors->lock, anchors->autr);
145 lock_unprotect(&anchors->lock, anchors);
146 lock_basic_destroy(&anchors->lock);
147 if(anchors->tree)
148 traverse_postorder(anchors->tree, anchors_delfunc, NULL);
149 free(anchors->tree);
150 autr_global_delete(anchors->autr);
161 RBTREE_FOR(node, struct trust_anchor*, anchors->tree) {
162 lock_basic_lock(&node->lock);
163 node->parent = NULL;
164 if(!prev || prev->dclass != node->dclass) {
166 lock_basic_unlock(&node->lock);
169 (void)dname_lab_cmp(prev->name, prev->namelabs, node->name,
170 node->namelabs, &m); /* we know prev is smaller */
172 /* find the previous, or parent-parent-parent */
173 for(p = prev; p; p = p->parent)
175 if(p->namelabs <= m) {
179 node->parent = p;
182 lock_basic_unlock(&node->lock);
191 lock_basic_lock(&anchors->lock);
193 lock_basic_unlock(&anchors->lock);
208 lock_basic_lock(&anchors->lock);
209 n = rbtree_search(anchors->tree, &key);
211 lock_basic_lock(&((struct trust_anchor*)n->key)->lock);
213 lock_basic_unlock(&anchors->lock);
216 return (struct trust_anchor*)n->key;
232 ta->node.key = ta;
233 ta->name = memdup(name, namelen);
234 if(!ta->name) {
238 ta->namelabs = namelabs;
239 ta->namelen = namelen;
240 ta->dclass = dclass;
241 lock_basic_init(&ta->lock);
243 lock_basic_lock(&anchors->lock);
250 rbtree_insert(anchors->tree, &ta->node);
252 lock_basic_unlock(&anchors->lock);
264 for(k = ta->keylist; k; k = k->next) {
265 if(k->type == type && k->len == rdata_len &&
266 memcmp(k->data, rdata, rdata_len) == 0)
280 k->data = memdup(rdata, rdata_len);
281 if(!k->data) {
285 k->len = rdata_len;
286 k->type = type;
322 lock_basic_lock(&ta->lock);
325 lock_basic_unlock(&ta->lock);
330 lock_basic_unlock(&ta->lock);
335 lock_basic_unlock(&ta->lock);
340 ta->numDS++;
341 else ta->numDNSKEY++;
342 k->next = ta->keylist;
343 ta->keylist = k;
344 lock_basic_unlock(&ta->lock);
424 * @return NULL on error. Else last trust-anchor point.
542 sldns_buffer_position(buf)-1) == '/') {
543 sldns_buffer_skip(buf, -1);
544 numdone--;
551 sldns_buffer_position(buf)-1) == '/') {
552 sldns_buffer_skip(buf, -1);
553 numdone--;
584 fatal_exit("trusted-keys, %d, string too long", *line);
620 log_err("trusted-keys, line %d, expected %c",
626 log_err("trusted-keys, line %d, expected %c got EOF", *line, spec);
631 * read contents of trusted-keys{ ... ; clauses and insert keys into storage.
659 } else if(rdlen == 1 && sldns_buffer_current(buf)[-1] == '"') {
665 sldns_buffer_skip(buf, -1);
677 } else if(rdlen == 1 && sldns_buffer_current(buf)[-1] == ';') {
684 sldns_buffer_skip(buf, -1);
702 } else if(rdlen == 1 && sldns_buffer_current(buf)[-1] == '}') {
710 isspace((unsigned char)sldns_buffer_current(buf)[-1])) {
730 * Read a BIND9 like file with trust anchors in named.conf format.
747 verbose(VERB_QUERY, "reading in bind-compat-mode: '%s'", fname);
748 /* scan for trusted-keys keyword, ignore everything else */
752 "trusted-keys", 12) != 0) {
754 /* ignore everything but trusted-keys */
780 * Read a BIND9 like files with trust anchors in named.conf format.
819 verbose(VERB_QUERY, "trusted-keys-file: "
823 log_err("wildcard trusted-keys-file %s: "
826 log_err("wildcard trusted-keys-file %s: expansion "
829 log_err("wildcard trusted-keys-file %s: expansion "
839 "trusted-keys-file: %s", g.gl_pathv[i]);
863 struct packed_rrset_data* pd;
869 pkey->rk.dname = memdup(ta->name, ta->namelen);
870 if(!pkey->rk.dname) {
875 pkey->rk.dname_len = ta->namelen;
876 pkey->rk.type = htons(type);
877 pkey->rk.rrset_class = htons(ta->dclass);
880 pd = (struct packed_rrset_data*)malloc(sizeof(*pd));
881 if(!pd) {
882 free(pkey->rk.dname);
886 memset(pd, 0, sizeof(*pd));
887 pd->count = num;
888 pd->trust = rrset_trust_ultimate;
889 pd->rr_len = (size_t*)reallocarray(NULL, num, sizeof(size_t));
890 if(!pd->rr_len) {
891 free(pd);
892 free(pkey->rk.dname);
896 pd->rr_ttl = (time_t*)reallocarray(NULL, num, sizeof(time_t));
897 if(!pd->rr_ttl) {
898 free(pd->rr_len);
899 free(pd);
900 free(pkey->rk.dname);
904 pd->rr_data = (uint8_t**)reallocarray(NULL, num, sizeof(uint8_t*));
905 if(!pd->rr_data) {
906 free(pd->rr_ttl);
907 free(pd->rr_len);
908 free(pd);
909 free(pkey->rk.dname);
915 for(tk = ta->keylist; tk; tk = tk->next) {
916 if(tk->type != type)
918 pd->rr_len[i] = tk->len;
920 pd->rr_data[i] = tk->data;
921 pd->rr_ttl[i] = 0;
924 pkey->entry.data = (void*)pd;
936 if(ta->numDS > 0) {
937 ta->ds_rrset = assemble_it(ta, ta->numDS, LDNS_RR_TYPE_DS);
938 if(!ta->ds_rrset)
941 if(ta->numDNSKEY > 0) {
942 ta->dnskey_rrset = assemble_it(ta, ta->numDNSKEY,
944 if(!ta->dnskey_rrset)
959 for(i=0; i<ta->numDS; i++) {
960 if(!ds_digest_algo_is_supported(ta->ds_rrset, i) ||
961 !ds_key_algo_is_supported(ta->ds_rrset, i))
976 for(i=0; i<ta->numDNSKEY; i++) {
977 if(!dnskey_algo_is_supported(ta->dnskey_rrset, i) ||
978 !dnskey_size_is_supported(ta->dnskey_rrset, i))
995 lock_basic_lock(&anchors->lock);
996 ta=(struct trust_anchor*)rbtree_first(anchors->tree);
998 next = (struct trust_anchor*)rbtree_next(&ta->node);
999 lock_basic_lock(&ta->lock);
1000 if(ta->autr || (ta->numDS == 0 && ta->numDNSKEY == 0)) {
1001 lock_basic_unlock(&ta->lock);
1007 lock_basic_unlock(&ta->lock);
1008 lock_basic_unlock(&anchors->lock);
1016 ta->name, LDNS_RR_TYPE_DS, ta->dclass);
1021 ta->name, LDNS_RR_TYPE_DNSKEY, ta->dclass);
1023 if(nods == ta->numDS && nokey == ta->numDNSKEY) {
1025 dname_str(ta->name, b);
1035 (void)rbtree_delete(anchors->tree, &ta->node);
1036 lock_basic_unlock(&ta->lock);
1037 anchors_delfunc(&ta->node, NULL);
1041 lock_basic_unlock(&ta->lock);
1044 lock_basic_unlock(&anchors->lock);
1059 if(cfg->insecure_lan_zones) {
1062 log_err("error in insecure-lan-zones: %s", *zstr);
1068 for(f = cfg->domain_insecure; f; f = f->next) {
1069 if(!f->str || f->str[0] == 0) /* empty "" */
1071 if(!anchor_insert_insecure(anchors, f->str)) {
1072 log_err("error in domain-insecure: %s", f->str);
1077 for(f = cfg->trust_anchor_file_list; f; f = f->next) {
1078 if(!f->str || f->str[0] == 0) /* empty "" */
1080 nm = f->str;
1081 if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm,
1082 cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
1083 nm += strlen(cfg->chrootdir);
1085 log_err("error reading trust-anchor-file: %s", f->str);
1090 for(f = cfg->trusted_keys_file_list; f; f = f->next) {
1091 if(!f->str || f->str[0] == 0) /* empty "" */
1093 nm = f->str;
1094 if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm,
1095 cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
1096 nm += strlen(cfg->chrootdir);
1098 log_err("error reading trusted-keys-file: %s", f->str);
1103 for(f = cfg->trust_anchor_list; f; f = f->next) {
1104 if(!f->str || f->str[0] == 0) /* empty "" */
1106 if(!anchor_store_str(anchors, parsebuf, f->str)) {
1107 log_err("error in trust-anchor: \"%s\"", f->str);
1114 for(f = cfg->auto_trust_anchor_file_list; f; f = f->next) {
1115 if(!f->str || f->str[0] == 0) /* empty "" */
1117 nm = f->str;
1118 if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm,
1119 cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
1120 nm += strlen(cfg->chrootdir);
1122 log_err("error reading auto-trust-anchor-file: %s",
1123 f->str);
1148 lock_basic_lock(&anchors->lock);
1149 if(rbtree_find_less_equal(anchors->tree, &key, &res)) {
1156 if(!result || result->dclass != qclass) {
1157 lock_basic_unlock(&anchors->lock);
1161 (void)dname_lab_cmp(result->name, result->namelabs, key.name,
1164 if(result->namelabs <= m)
1166 result = result->parent;
1170 lock_basic_lock(&result->lock);
1172 lock_basic_unlock(&anchors->lock);
1183 s = sizeof(*pkey) + pkey->rk.dname_len;
1184 if(pkey->entry.data) {
1185 struct packed_rrset_data* pd = (struct packed_rrset_data*)
1186 pkey->entry.data;
1187 s += sizeof(*pd) + pd->count * (sizeof(size_t)+sizeof(time_t)+
1201 lock_basic_lock(&anchors->lock);
1202 RBTREE_FOR(ta, struct trust_anchor*, anchors->tree) {
1203 lock_basic_lock(&ta->lock);
1204 s += sizeof(*ta) + ta->namelen;
1206 for(k = ta->keylist; k; k = k->next) {
1207 s += sizeof(*k) + k->len;
1209 s += assembled_rrset_get_mem(ta->ds_rrset);
1210 s += assembled_rrset_get_mem(ta->dnskey_rrset);
1211 if(ta->autr) {
1213 s += sizeof(*ta->autr);
1214 if(ta->autr->file)
1215 s += strlen(ta->autr->file);
1216 for(p = ta->autr->keys; p; p=p->next) {
1217 s += sizeof(*p) + p->rr_len;
1220 lock_basic_unlock(&ta->lock);
1222 lock_basic_unlock(&anchors->lock);
1234 lock_basic_lock(&anchors->lock);
1235 if(rbtree_search(anchors->tree, &key)) {
1236 lock_basic_unlock(&anchors->lock);
1242 lock_basic_unlock(&anchors->lock);
1247 lock_basic_unlock(&anchors->lock);
1261 lock_basic_lock(&anchors->lock);
1262 if(!(ta=(struct trust_anchor*)rbtree_search(anchors->tree, &key))) {
1263 lock_basic_unlock(&anchors->lock);
1268 lock_basic_lock(&ta->lock);
1270 if(ta->keylist || ta->autr || ta->numDS || ta->numDNSKEY) {
1271 lock_basic_unlock(&anchors->lock);
1272 lock_basic_unlock(&ta->lock);
1278 (void)rbtree_delete(anchors->tree, &ta->node);
1280 lock_basic_unlock(&anchors->lock);
1283 lock_basic_unlock(&ta->lock);
1284 anchors_delfunc(&ta->node, NULL);
1287 /** compare two keytags, return -1, 0 or 1 */
1295 return -1;
1302 if(ta->numDS == 0 && ta->numDNSKEY == 0)
1304 if(ta->numDS != 0 && ta->ds_rrset) {
1306 ta->ds_rrset->entry.data;
1307 for(i=0; i<d->count; i++) {
1309 list[ret++] = ds_get_keytag(ta->ds_rrset, i);
1312 if(ta->numDNSKEY != 0 && ta->dnskey_rrset) {
1314 ta->dnskey_rrset->entry.data;
1315 for(i=0; i<d->count; i++) {
1317 list[ret++] = dnskey_calc_keytag(ta->dnskey_rrset, i);
1335 if(!anchor->numDS && !anchor->numDNSKEY) {
1336 lock_basic_unlock(&anchor->lock);
1340 taglist = calloc(anchor->numDS + anchor->numDNSKEY, sizeof(*taglist));
1342 lock_basic_unlock(&anchor->lock);
1347 anchor->numDS+anchor->numDNSKEY);
1348 lock_basic_unlock(&anchor->lock);
1369 lock_basic_lock(&anchors->lock);
1370 ta=(struct trust_anchor*)rbtree_first(anchors->tree);
1372 next = (struct trust_anchor*)rbtree_next(&ta->node);
1373 lock_basic_lock(&ta->lock);
1374 if(ta->numDS != 0 || ta->numDNSKEY != 0) {
1376 lock_basic_unlock(&anchors->lock);
1379 lock_basic_unlock(&ta->lock);
1382 lock_basic_unlock(&anchors->lock);
1395 oldtree = anchors->tree;
1396 oldprobe = anchors->autr->probe;
1398 anchors->tree = data->tree;
1399 anchors->autr->probe = data->autr->probe;
1401 data->tree = oldtree;
1402 data->autr->probe = oldprobe;