Lines Matching +full:pd +full:- +full:node
2 * validator/val_anchor.c - validator trust anchor storage.
66 if(n1->dclass != n2->dclass) { in anchor_cmp()
67 if(n1->dclass < n2->dclass) in anchor_cmp()
68 return -1; in anchor_cmp()
71 return dname_lab_cmp(n1->name, n1->namelabs, n2->name, n2->namelabs, in anchor_cmp()
81 a->tree = rbtree_create(anchor_cmp); in anchors_create()
82 if(!a->tree) { in anchors_create()
86 a->autr = autr_global_create(); in anchors_create()
87 if(!a->autr) { in anchors_create()
91 lock_basic_init(&a->lock); in anchors_create()
92 lock_protect(&a->lock, a, sizeof(*a)); in anchors_create()
93 lock_protect(&a->lock, a->autr, sizeof(*a->autr)); in anchors_create()
102 if(pkey->entry.data) { in assembled_rrset_delete()
103 struct packed_rrset_data* pd = (struct packed_rrset_data*) in assembled_rrset_delete() local
104 pkey->entry.data; in assembled_rrset_delete()
105 free(pd->rr_data); in assembled_rrset_delete()
106 free(pd->rr_ttl); in assembled_rrset_delete()
107 free(pd->rr_len); in assembled_rrset_delete()
108 free(pd); in assembled_rrset_delete()
110 free(pkey->rk.dname); in assembled_rrset_delete()
120 if(ta->autr) { in anchors_delfunc()
124 lock_basic_destroy(&ta->lock); in anchors_delfunc()
125 free(ta->name); in anchors_delfunc()
126 p = ta->keylist; in anchors_delfunc()
128 np = p->next; in anchors_delfunc()
129 free(p->data); in anchors_delfunc()
133 assembled_rrset_delete(ta->ds_rrset); in anchors_delfunc()
134 assembled_rrset_delete(ta->dnskey_rrset); in anchors_delfunc()
144 lock_unprotect(&anchors->lock, anchors->autr); in anchors_delete()
145 lock_unprotect(&anchors->lock, anchors); in anchors_delete()
146 lock_basic_destroy(&anchors->lock); in anchors_delete()
147 if(anchors->tree) in anchors_delete()
148 traverse_postorder(anchors->tree, anchors_delfunc, NULL); in anchors_delete()
149 free(anchors->tree); in anchors_delete()
150 autr_global_delete(anchors->autr); in anchors_delete()
157 struct trust_anchor* node, *prev = NULL, *p; in anchors_init_parents_locked() local
161 RBTREE_FOR(node, struct trust_anchor*, anchors->tree) { in anchors_init_parents_locked()
162 lock_basic_lock(&node->lock); in anchors_init_parents_locked()
163 node->parent = NULL; in anchors_init_parents_locked()
164 if(!prev || prev->dclass != node->dclass) { in anchors_init_parents_locked()
165 prev = node; in anchors_init_parents_locked()
166 lock_basic_unlock(&node->lock); in anchors_init_parents_locked()
169 (void)dname_lab_cmp(prev->name, prev->namelabs, node->name, in anchors_init_parents_locked()
170 node->namelabs, &m); /* we know prev is smaller */ in anchors_init_parents_locked()
172 /* find the previous, or parent-parent-parent */ in anchors_init_parents_locked()
173 for(p = prev; p; p = p->parent) in anchors_init_parents_locked()
175 if(p->namelabs <= m) { in anchors_init_parents_locked()
179 node->parent = p; in anchors_init_parents_locked()
182 lock_basic_unlock(&node->lock); in anchors_init_parents_locked()
183 prev = node; in anchors_init_parents_locked()
191 lock_basic_lock(&anchors->lock); in init_parents()
193 lock_basic_unlock(&anchors->lock); in init_parents()
203 key.node.key = &key; in anchor_find()
208 lock_basic_lock(&anchors->lock); in anchor_find()
209 n = rbtree_search(anchors->tree, &key); in anchor_find()
211 lock_basic_lock(&((struct trust_anchor*)n->key)->lock); in anchor_find()
213 lock_basic_unlock(&anchors->lock); in anchor_find()
216 return (struct trust_anchor*)n->key; in anchor_find()
232 ta->node.key = ta; in anchor_new_ta()
233 ta->name = memdup(name, namelen); in anchor_new_ta()
234 if(!ta->name) { in anchor_new_ta()
238 ta->namelabs = namelabs; in anchor_new_ta()
239 ta->namelen = namelen; in anchor_new_ta()
240 ta->dclass = dclass; in anchor_new_ta()
241 lock_basic_init(&ta->lock); in anchor_new_ta()
243 lock_basic_lock(&anchors->lock); in anchor_new_ta()
250 rbtree_insert(anchors->tree, &ta->node); in anchor_new_ta()
252 lock_basic_unlock(&anchors->lock); in anchor_new_ta()
264 for(k = ta->keylist; k; k = k->next) { in anchor_find_key()
265 if(k->type == type && k->len == rdata_len && in anchor_find_key()
266 memcmp(k->data, rdata, rdata_len) == 0) in anchor_find_key()
280 k->data = memdup(rdata, rdata_len); in anchor_new_ta_key()
281 if(!k->data) { in anchor_new_ta_key()
285 k->len = rdata_len; in anchor_new_ta_key()
286 k->type = type; in anchor_new_ta_key()
322 lock_basic_lock(&ta->lock); in anchor_store_new_key()
325 lock_basic_unlock(&ta->lock); in anchor_store_new_key()
330 lock_basic_unlock(&ta->lock); in anchor_store_new_key()
335 lock_basic_unlock(&ta->lock); in anchor_store_new_key()
340 ta->numDS++; in anchor_store_new_key()
341 else ta->numDNSKEY++; in anchor_store_new_key()
342 k->next = ta->keylist; in anchor_store_new_key()
343 ta->keylist = k; in anchor_store_new_key()
344 lock_basic_unlock(&ta->lock); in anchor_store_new_key()
424 * @return NULL on error. Else last trust-anchor point.
542 sldns_buffer_position(buf)-1) == '/') { in readkeyword_bindfile()
543 sldns_buffer_skip(buf, -1); in readkeyword_bindfile()
544 numdone--; in readkeyword_bindfile()
550 sldns_buffer_position(buf)-1) == '/') { in readkeyword_bindfile()
551 sldns_buffer_skip(buf, -1); in readkeyword_bindfile()
552 numdone--; in readkeyword_bindfile()
582 fatal_exit("trusted-keys, %d, string too long", *line); in readkeyword_bindfile()
617 log_err("trusted-keys, line %d, expected %c", in skip_to_special()
623 log_err("trusted-keys, line %d, expected %c got EOF", *line, spec); in skip_to_special()
628 * read contents of trusted-keys{ ... ; clauses and insert keys into storage.
656 } else if(rdlen == 1 && sldns_buffer_current(buf)[-1] == '"') { in process_bind_contents()
662 sldns_buffer_skip(buf, -1); in process_bind_contents()
674 } else if(rdlen == 1 && sldns_buffer_current(buf)[-1] == ';') { in process_bind_contents()
681 sldns_buffer_skip(buf, -1); in process_bind_contents()
699 } else if(rdlen == 1 && sldns_buffer_current(buf)[-1] == '}') { in process_bind_contents()
707 isspace((unsigned char)sldns_buffer_current(buf)[-1])) { in process_bind_contents()
744 verbose(VERB_QUERY, "reading in bind-compat-mode: '%s'", fname); in anchor_read_bind_file()
745 /* scan for trusted-keys keyword, ignore everything else */ in anchor_read_bind_file()
749 "trusted-keys", 12) != 0) { in anchor_read_bind_file()
751 /* ignore everything but trusted-keys */ in anchor_read_bind_file()
816 verbose(VERB_QUERY, "trusted-keys-file: " in anchor_read_bind_file_wild()
820 log_err("wildcard trusted-keys-file %s: " in anchor_read_bind_file_wild()
823 log_err("wildcard trusted-keys-file %s: expansion " in anchor_read_bind_file_wild()
826 log_err("wildcard trusted-keys-file %s: expansion " in anchor_read_bind_file_wild()
836 "trusted-keys-file: %s", g.gl_pathv[i]); in anchor_read_bind_file_wild()
860 struct packed_rrset_data* pd; in assemble_it() local
866 pkey->rk.dname = memdup(ta->name, ta->namelen); in assemble_it()
867 if(!pkey->rk.dname) { in assemble_it()
872 pkey->rk.dname_len = ta->namelen; in assemble_it()
873 pkey->rk.type = htons(type); in assemble_it()
874 pkey->rk.rrset_class = htons(ta->dclass); in assemble_it()
877 pd = (struct packed_rrset_data*)malloc(sizeof(*pd)); in assemble_it()
878 if(!pd) { in assemble_it()
879 free(pkey->rk.dname); in assemble_it()
883 memset(pd, 0, sizeof(*pd)); in assemble_it()
884 pd->count = num; in assemble_it()
885 pd->trust = rrset_trust_ultimate; in assemble_it()
886 pd->rr_len = (size_t*)reallocarray(NULL, num, sizeof(size_t)); in assemble_it()
887 if(!pd->rr_len) { in assemble_it()
888 free(pd); in assemble_it()
889 free(pkey->rk.dname); in assemble_it()
893 pd->rr_ttl = (time_t*)reallocarray(NULL, num, sizeof(time_t)); in assemble_it()
894 if(!pd->rr_ttl) { in assemble_it()
895 free(pd->rr_len); in assemble_it()
896 free(pd); in assemble_it()
897 free(pkey->rk.dname); in assemble_it()
901 pd->rr_data = (uint8_t**)reallocarray(NULL, num, sizeof(uint8_t*)); in assemble_it()
902 if(!pd->rr_data) { in assemble_it()
903 free(pd->rr_ttl); in assemble_it()
904 free(pd->rr_len); in assemble_it()
905 free(pd); in assemble_it()
906 free(pkey->rk.dname); in assemble_it()
912 for(tk = ta->keylist; tk; tk = tk->next) { in assemble_it()
913 if(tk->type != type) in assemble_it()
915 pd->rr_len[i] = tk->len; in assemble_it()
917 pd->rr_data[i] = tk->data; in assemble_it()
918 pd->rr_ttl[i] = 0; in assemble_it()
921 pkey->entry.data = (void*)pd; in assemble_it()
933 if(ta->numDS > 0) { in anchors_assemble()
934 ta->ds_rrset = assemble_it(ta, ta->numDS, LDNS_RR_TYPE_DS); in anchors_assemble()
935 if(!ta->ds_rrset) in anchors_assemble()
938 if(ta->numDNSKEY > 0) { in anchors_assemble()
939 ta->dnskey_rrset = assemble_it(ta, ta->numDNSKEY, in anchors_assemble()
941 if(!ta->dnskey_rrset) in anchors_assemble()
956 for(i=0; i<ta->numDS; i++) { in anchors_ds_unsupported()
957 if(!ds_digest_algo_is_supported(ta->ds_rrset, i) || in anchors_ds_unsupported()
958 !ds_key_algo_is_supported(ta->ds_rrset, i)) in anchors_ds_unsupported()
973 for(i=0; i<ta->numDNSKEY; i++) { in anchors_dnskey_unsupported()
974 if(!dnskey_algo_is_supported(ta->dnskey_rrset, i) || in anchors_dnskey_unsupported()
975 !dnskey_size_is_supported(ta->dnskey_rrset, i)) in anchors_dnskey_unsupported()
992 lock_basic_lock(&anchors->lock); in anchors_assemble_rrsets()
993 ta=(struct trust_anchor*)rbtree_first(anchors->tree); in anchors_assemble_rrsets()
995 next = (struct trust_anchor*)rbtree_next(&ta->node); in anchors_assemble_rrsets()
996 lock_basic_lock(&ta->lock); in anchors_assemble_rrsets()
997 if(ta->autr || (ta->numDS == 0 && ta->numDNSKEY == 0)) { in anchors_assemble_rrsets()
998 lock_basic_unlock(&ta->lock); in anchors_assemble_rrsets()
1004 lock_basic_unlock(&ta->lock); in anchors_assemble_rrsets()
1005 lock_basic_unlock(&anchors->lock); in anchors_assemble_rrsets()
1013 ta->name, LDNS_RR_TYPE_DS, ta->dclass); in anchors_assemble_rrsets()
1018 ta->name, LDNS_RR_TYPE_DNSKEY, ta->dclass); in anchors_assemble_rrsets()
1020 if(nods == ta->numDS && nokey == ta->numDNSKEY) { in anchors_assemble_rrsets()
1022 dname_str(ta->name, b); in anchors_assemble_rrsets()
1032 (void)rbtree_delete(anchors->tree, &ta->node); in anchors_assemble_rrsets()
1033 lock_basic_unlock(&ta->lock); in anchors_assemble_rrsets()
1034 anchors_delfunc(&ta->node, NULL); in anchors_assemble_rrsets()
1038 lock_basic_unlock(&ta->lock); in anchors_assemble_rrsets()
1041 lock_basic_unlock(&anchors->lock); in anchors_assemble_rrsets()
1056 if(cfg->insecure_lan_zones) { in anchors_apply_cfg()
1059 log_err("error in insecure-lan-zones: %s", *zstr); in anchors_apply_cfg()
1065 for(f = cfg->domain_insecure; f; f = f->next) { in anchors_apply_cfg()
1066 if(!f->str || f->str[0] == 0) /* empty "" */ in anchors_apply_cfg()
1068 if(!anchor_insert_insecure(anchors, f->str)) { in anchors_apply_cfg()
1069 log_err("error in domain-insecure: %s", f->str); in anchors_apply_cfg()
1074 for(f = cfg->trust_anchor_file_list; f; f = f->next) { in anchors_apply_cfg()
1075 if(!f->str || f->str[0] == 0) /* empty "" */ in anchors_apply_cfg()
1077 nm = f->str; in anchors_apply_cfg()
1078 if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm, in anchors_apply_cfg()
1079 cfg->chrootdir, strlen(cfg->chrootdir)) == 0) in anchors_apply_cfg()
1080 nm += strlen(cfg->chrootdir); in anchors_apply_cfg()
1082 log_err("error reading trust-anchor-file: %s", f->str); in anchors_apply_cfg()
1087 for(f = cfg->trusted_keys_file_list; f; f = f->next) { in anchors_apply_cfg()
1088 if(!f->str || f->str[0] == 0) /* empty "" */ in anchors_apply_cfg()
1090 nm = f->str; in anchors_apply_cfg()
1091 if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm, in anchors_apply_cfg()
1092 cfg->chrootdir, strlen(cfg->chrootdir)) == 0) in anchors_apply_cfg()
1093 nm += strlen(cfg->chrootdir); in anchors_apply_cfg()
1095 log_err("error reading trusted-keys-file: %s", f->str); in anchors_apply_cfg()
1100 for(f = cfg->trust_anchor_list; f; f = f->next) { in anchors_apply_cfg()
1101 if(!f->str || f->str[0] == 0) /* empty "" */ in anchors_apply_cfg()
1103 if(!anchor_store_str(anchors, parsebuf, f->str)) { in anchors_apply_cfg()
1104 log_err("error in trust-anchor: \"%s\"", f->str); in anchors_apply_cfg()
1111 for(f = cfg->auto_trust_anchor_file_list; f; f = f->next) { in anchors_apply_cfg()
1112 if(!f->str || f->str[0] == 0) /* empty "" */ in anchors_apply_cfg()
1114 nm = f->str; in anchors_apply_cfg()
1115 if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(nm, in anchors_apply_cfg()
1116 cfg->chrootdir, strlen(cfg->chrootdir)) == 0) in anchors_apply_cfg()
1117 nm += strlen(cfg->chrootdir); in anchors_apply_cfg()
1119 log_err("error reading auto-trust-anchor-file: %s", in anchors_apply_cfg()
1120 f->str); in anchors_apply_cfg()
1140 key.node.key = &key; in anchors_lookup()
1145 lock_basic_lock(&anchors->lock); in anchors_lookup()
1146 if(rbtree_find_less_equal(anchors->tree, &key, &res)) { in anchors_lookup()
1153 if(!result || result->dclass != qclass) { in anchors_lookup()
1154 lock_basic_unlock(&anchors->lock); in anchors_lookup()
1158 (void)dname_lab_cmp(result->name, result->namelabs, key.name, in anchors_lookup()
1161 if(result->namelabs <= m) in anchors_lookup()
1163 result = result->parent; in anchors_lookup()
1167 lock_basic_lock(&result->lock); in anchors_lookup()
1169 lock_basic_unlock(&anchors->lock); in anchors_lookup()
1180 RBTREE_FOR(ta, struct trust_anchor*, anchors->tree) { in anchors_get_mem()
1181 s += sizeof(*ta) + ta->namelen; in anchors_get_mem()
1191 key.node.key = &key; in anchors_add_insecure()
1195 lock_basic_lock(&anchors->lock); in anchors_add_insecure()
1196 if(rbtree_search(anchors->tree, &key)) { in anchors_add_insecure()
1197 lock_basic_unlock(&anchors->lock); in anchors_add_insecure()
1203 lock_basic_unlock(&anchors->lock); in anchors_add_insecure()
1208 lock_basic_unlock(&anchors->lock); in anchors_add_insecure()
1218 key.node.key = &key; in anchors_delete_insecure()
1222 lock_basic_lock(&anchors->lock); in anchors_delete_insecure()
1223 if(!(ta=(struct trust_anchor*)rbtree_search(anchors->tree, &key))) { in anchors_delete_insecure()
1224 lock_basic_unlock(&anchors->lock); in anchors_delete_insecure()
1229 lock_basic_lock(&ta->lock); in anchors_delete_insecure()
1231 if(ta->keylist || ta->autr || ta->numDS || ta->numDNSKEY) { in anchors_delete_insecure()
1232 lock_basic_unlock(&anchors->lock); in anchors_delete_insecure()
1233 lock_basic_unlock(&ta->lock); in anchors_delete_insecure()
1239 (void)rbtree_delete(anchors->tree, &ta->node); in anchors_delete_insecure()
1241 lock_basic_unlock(&anchors->lock); in anchors_delete_insecure()
1244 lock_basic_unlock(&ta->lock); in anchors_delete_insecure()
1245 anchors_delfunc(&ta->node, NULL); in anchors_delete_insecure()
1248 /** compare two keytags, return -1, 0 or 1 */
1256 return -1; in keytag_compare()
1263 if(ta->numDS == 0 && ta->numDNSKEY == 0) in anchor_list_keytags()
1265 if(ta->numDS != 0 && ta->ds_rrset) { in anchor_list_keytags()
1267 ta->ds_rrset->entry.data; in anchor_list_keytags()
1268 for(i=0; i<d->count; i++) { in anchor_list_keytags()
1270 list[ret++] = ds_get_keytag(ta->ds_rrset, i); in anchor_list_keytags()
1273 if(ta->numDNSKEY != 0 && ta->dnskey_rrset) { in anchor_list_keytags()
1275 ta->dnskey_rrset->entry.data; in anchor_list_keytags()
1276 for(i=0; i<d->count; i++) { in anchor_list_keytags()
1278 list[ret++] = dnskey_calc_keytag(ta->dnskey_rrset, i); in anchor_list_keytags()
1296 if(!anchor->numDS && !anchor->numDNSKEY) { in anchor_has_keytag()
1297 lock_basic_unlock(&anchor->lock); in anchor_has_keytag()
1301 taglist = calloc(anchor->numDS + anchor->numDNSKEY, sizeof(*taglist)); in anchor_has_keytag()
1303 lock_basic_unlock(&anchor->lock); in anchor_has_keytag()
1308 anchor->numDS+anchor->numDNSKEY); in anchor_has_keytag()
1309 lock_basic_unlock(&anchor->lock); in anchor_has_keytag()
1330 lock_basic_lock(&anchors->lock); in anchors_find_any_noninsecure()
1331 ta=(struct trust_anchor*)rbtree_first(anchors->tree); in anchors_find_any_noninsecure()
1333 next = (struct trust_anchor*)rbtree_next(&ta->node); in anchors_find_any_noninsecure()
1334 lock_basic_lock(&ta->lock); in anchors_find_any_noninsecure()
1335 if(ta->numDS != 0 || ta->numDNSKEY != 0) { in anchors_find_any_noninsecure()
1337 lock_basic_unlock(&anchors->lock); in anchors_find_any_noninsecure()
1340 lock_basic_unlock(&ta->lock); in anchors_find_any_noninsecure()
1343 lock_basic_unlock(&anchors->lock); in anchors_find_any_noninsecure()