xref: /freebsd/contrib/unbound/services/authzone.c (revision a03411e84728e9b267056fd31c7d1d9d1dc1b01e)
1 /*
2  * services/authzone.c - authoritative zone that is locally hosted.
3  *
4  * Copyright (c) 2017, NLnet Labs. All rights reserved.
5  *
6  * This software is open source.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * Redistributions of source code must retain the above copyright notice,
13  * this list of conditions and the following disclaimer.
14  *
15  * Redistributions in binary form must reproduce the above copyright notice,
16  * this list of conditions and the following disclaimer in the documentation
17  * and/or other materials provided with the distribution.
18  *
19  * Neither the name of the NLNET LABS nor the names of its contributors may
20  * be used to endorse or promote products derived from this software without
21  * specific prior written permission.
22  *
23  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
26  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
29  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
30  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34  */
35 
36 /**
37  * \file
38  *
39  * This file contains the functions for an authority zone.  This zone
40  * is queried by the iterator, just like a stub or forward zone, but then
41  * the data is locally held.
42  */
43 
44 #include "config.h"
45 #include "services/authzone.h"
46 #include "util/data/dname.h"
47 #include "util/data/msgparse.h"
48 #include "util/data/msgreply.h"
49 #include "util/data/msgencode.h"
50 #include "util/data/packed_rrset.h"
51 #include "util/regional.h"
52 #include "util/net_help.h"
53 #include "util/netevent.h"
54 #include "util/config_file.h"
55 #include "util/log.h"
56 #include "util/module.h"
57 #include "util/random.h"
58 #include "services/cache/dns.h"
59 #include "services/outside_network.h"
60 #include "services/listen_dnsport.h"
61 #include "services/mesh.h"
62 #include "sldns/rrdef.h"
63 #include "sldns/pkthdr.h"
64 #include "sldns/sbuffer.h"
65 #include "sldns/str2wire.h"
66 #include "sldns/wire2str.h"
67 #include "sldns/parseutil.h"
68 #include "sldns/keyraw.h"
69 #include "validator/val_nsec3.h"
70 #include "validator/val_nsec.h"
71 #include "validator/val_secalgo.h"
72 #include "validator/val_sigcrypt.h"
73 #include "validator/val_anchor.h"
74 #include "validator/val_utils.h"
75 #include <ctype.h>
76 
77 /** bytes to use for NSEC3 hash buffer. 20 for sha1 */
78 #define N3HASHBUFLEN 32
79 /** max number of CNAMEs we are willing to follow (in one answer) */
80 #define MAX_CNAME_CHAIN 8
81 /** timeout for probe packets for SOA */
82 #define AUTH_PROBE_TIMEOUT 100 /* msec */
83 /** when to stop with SOA probes (when exponential timeouts exceed this) */
84 #define AUTH_PROBE_TIMEOUT_STOP 1000 /* msec */
85 /* auth transfer timeout for TCP connections, in msec */
86 #define AUTH_TRANSFER_TIMEOUT 10000 /* msec */
87 /* auth transfer max backoff for failed transfers and probes */
88 #define AUTH_TRANSFER_MAX_BACKOFF 86400 /* sec */
89 /* auth http port number */
90 #define AUTH_HTTP_PORT 80
91 /* auth https port number */
92 #define AUTH_HTTPS_PORT 443
93 /* max depth for nested $INCLUDEs */
94 #define MAX_INCLUDE_DEPTH 10
95 /** number of timeouts before we fallback from IXFR to AXFR,
96  * because some versions of servers (eg. dnsmasq) drop IXFR packets. */
97 #define NUM_TIMEOUTS_FALLBACK_IXFR 3
98 
99 /** pick up nextprobe task to start waiting to perform transfer actions */
100 static void xfr_set_timeout(struct auth_xfer* xfr, struct module_env* env,
101 	int failure, int lookup_only);
102 /** move to sending the probe packets, next if fails. task_probe */
103 static void xfr_probe_send_or_end(struct auth_xfer* xfr,
104 	struct module_env* env);
105 /** pick up probe task with specified(or NULL) destination first,
106  * or transfer task if nothing to probe, or false if already in progress */
107 static int xfr_start_probe(struct auth_xfer* xfr, struct module_env* env,
108 	struct auth_master* spec);
109 /** delete xfer structure (not its tree entry) */
110 static void auth_xfer_delete(struct auth_xfer* xfr);
111 
112 /** create new dns_msg */
113 static struct dns_msg*
114 msg_create(struct regional* region, struct query_info* qinfo)
115 {
116 	struct dns_msg* msg = (struct dns_msg*)regional_alloc(region,
117 		sizeof(struct dns_msg));
118 	if(!msg)
119 		return NULL;
120 	msg->qinfo.qname = regional_alloc_init(region, qinfo->qname,
121 		qinfo->qname_len);
122 	if(!msg->qinfo.qname)
123 		return NULL;
124 	msg->qinfo.qname_len = qinfo->qname_len;
125 	msg->qinfo.qtype = qinfo->qtype;
126 	msg->qinfo.qclass = qinfo->qclass;
127 	msg->qinfo.local_alias = NULL;
128 	/* non-packed reply_info, because it needs to grow the array */
129 	msg->rep = (struct reply_info*)regional_alloc_zero(region,
130 		sizeof(struct reply_info)-sizeof(struct rrset_ref));
131 	if(!msg->rep)
132 		return NULL;
133 	msg->rep->flags = (uint16_t)(BIT_QR | BIT_AA);
134 	msg->rep->authoritative = 1;
135 	msg->rep->reason_bogus = LDNS_EDE_NONE;
136 	msg->rep->qdcount = 1;
137 	/* rrsets is NULL, no rrsets yet */
138 	return msg;
139 }
140 
141 /** grow rrset array by one in msg */
142 static int
143 msg_grow_array(struct regional* region, struct dns_msg* msg)
144 {
145 	if(msg->rep->rrsets == NULL) {
146 		msg->rep->rrsets = regional_alloc_zero(region,
147 			sizeof(struct ub_packed_rrset_key*)*(msg->rep->rrset_count+1));
148 		if(!msg->rep->rrsets)
149 			return 0;
150 	} else {
151 		struct ub_packed_rrset_key** rrsets_old = msg->rep->rrsets;
152 		msg->rep->rrsets = regional_alloc_zero(region,
153 			sizeof(struct ub_packed_rrset_key*)*(msg->rep->rrset_count+1));
154 		if(!msg->rep->rrsets)
155 			return 0;
156 		memmove(msg->rep->rrsets, rrsets_old,
157 			sizeof(struct ub_packed_rrset_key*)*msg->rep->rrset_count);
158 	}
159 	return 1;
160 }
161 
162 /** get ttl of rrset */
163 static time_t
164 get_rrset_ttl(struct ub_packed_rrset_key* k)
165 {
166 	struct packed_rrset_data* d = (struct packed_rrset_data*)
167 		k->entry.data;
168 	return d->ttl;
169 }
170 
171 /** Copy rrset into region from domain-datanode and packet rrset */
172 static struct ub_packed_rrset_key*
173 auth_packed_rrset_copy_region(struct auth_zone* z, struct auth_data* node,
174 	struct auth_rrset* rrset, struct regional* region, time_t adjust)
175 {
176 	struct ub_packed_rrset_key key;
177 	memset(&key, 0, sizeof(key));
178 	key.entry.key = &key;
179 	key.entry.data = rrset->data;
180 	key.rk.dname = node->name;
181 	key.rk.dname_len = node->namelen;
182 	key.rk.type = htons(rrset->type);
183 	key.rk.rrset_class = htons(z->dclass);
184 	key.entry.hash = rrset_key_hash(&key.rk);
185 	return packed_rrset_copy_region(&key, region, adjust);
186 }
187 
188 /** fix up msg->rep TTL and prefetch ttl */
189 static void
190 msg_ttl(struct dns_msg* msg)
191 {
192 	if(msg->rep->rrset_count == 0) return;
193 	if(msg->rep->rrset_count == 1) {
194 		msg->rep->ttl = get_rrset_ttl(msg->rep->rrsets[0]);
195 		msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl);
196 		msg->rep->serve_expired_ttl = msg->rep->ttl + SERVE_EXPIRED_TTL;
197 	} else if(get_rrset_ttl(msg->rep->rrsets[msg->rep->rrset_count-1]) <
198 		msg->rep->ttl) {
199 		msg->rep->ttl = get_rrset_ttl(msg->rep->rrsets[
200 			msg->rep->rrset_count-1]);
201 		msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl);
202 		msg->rep->serve_expired_ttl = msg->rep->ttl + SERVE_EXPIRED_TTL;
203 	}
204 }
205 
206 /** see if rrset is a duplicate in the answer message */
207 static int
208 msg_rrset_duplicate(struct dns_msg* msg, uint8_t* nm, size_t nmlen,
209 	uint16_t type, uint16_t dclass)
210 {
211 	size_t i;
212 	for(i=0; i<msg->rep->rrset_count; i++) {
213 		struct ub_packed_rrset_key* k = msg->rep->rrsets[i];
214 		if(ntohs(k->rk.type) == type && k->rk.dname_len == nmlen &&
215 			ntohs(k->rk.rrset_class) == dclass &&
216 			query_dname_compare(k->rk.dname, nm) == 0)
217 			return 1;
218 	}
219 	return 0;
220 }
221 
222 /** add rrset to answer section (no auth, add rrsets yet) */
223 static int
224 msg_add_rrset_an(struct auth_zone* z, struct regional* region,
225 	struct dns_msg* msg, struct auth_data* node, struct auth_rrset* rrset)
226 {
227 	log_assert(msg->rep->ns_numrrsets == 0);
228 	log_assert(msg->rep->ar_numrrsets == 0);
229 	if(!rrset || !node)
230 		return 1;
231 	if(msg_rrset_duplicate(msg, node->name, node->namelen, rrset->type,
232 		z->dclass))
233 		return 1;
234 	/* grow array */
235 	if(!msg_grow_array(region, msg))
236 		return 0;
237 	/* copy it */
238 	if(!(msg->rep->rrsets[msg->rep->rrset_count] =
239 		auth_packed_rrset_copy_region(z, node, rrset, region, 0)))
240 		return 0;
241 	msg->rep->rrset_count++;
242 	msg->rep->an_numrrsets++;
243 	msg_ttl(msg);
244 	return 1;
245 }
246 
247 /** add rrset to authority section (no additional section rrsets yet) */
248 static int
249 msg_add_rrset_ns(struct auth_zone* z, struct regional* region,
250 	struct dns_msg* msg, struct auth_data* node, struct auth_rrset* rrset)
251 {
252 	log_assert(msg->rep->ar_numrrsets == 0);
253 	if(!rrset || !node)
254 		return 1;
255 	if(msg_rrset_duplicate(msg, node->name, node->namelen, rrset->type,
256 		z->dclass))
257 		return 1;
258 	/* grow array */
259 	if(!msg_grow_array(region, msg))
260 		return 0;
261 	/* copy it */
262 	if(!(msg->rep->rrsets[msg->rep->rrset_count] =
263 		auth_packed_rrset_copy_region(z, node, rrset, region, 0)))
264 		return 0;
265 	msg->rep->rrset_count++;
266 	msg->rep->ns_numrrsets++;
267 	msg_ttl(msg);
268 	return 1;
269 }
270 
271 /** add rrset to additional section */
272 static int
273 msg_add_rrset_ar(struct auth_zone* z, struct regional* region,
274 	struct dns_msg* msg, struct auth_data* node, struct auth_rrset* rrset)
275 {
276 	if(!rrset || !node)
277 		return 1;
278 	if(msg_rrset_duplicate(msg, node->name, node->namelen, rrset->type,
279 		z->dclass))
280 		return 1;
281 	/* grow array */
282 	if(!msg_grow_array(region, msg))
283 		return 0;
284 	/* copy it */
285 	if(!(msg->rep->rrsets[msg->rep->rrset_count] =
286 		auth_packed_rrset_copy_region(z, node, rrset, region, 0)))
287 		return 0;
288 	msg->rep->rrset_count++;
289 	msg->rep->ar_numrrsets++;
290 	msg_ttl(msg);
291 	return 1;
292 }
293 
294 struct auth_zones* auth_zones_create(void)
295 {
296 	struct auth_zones* az = (struct auth_zones*)calloc(1, sizeof(*az));
297 	if(!az) {
298 		log_err("out of memory");
299 		return NULL;
300 	}
301 	rbtree_init(&az->ztree, &auth_zone_cmp);
302 	rbtree_init(&az->xtree, &auth_xfer_cmp);
303 	lock_rw_init(&az->lock);
304 	lock_protect(&az->lock, &az->ztree, sizeof(az->ztree));
305 	lock_protect(&az->lock, &az->xtree, sizeof(az->xtree));
306 	/* also lock protects the rbnode's in struct auth_zone, auth_xfer */
307 	lock_rw_init(&az->rpz_lock);
308 	lock_protect(&az->rpz_lock, &az->rpz_first, sizeof(az->rpz_first));
309 	return az;
310 }
311 
312 int auth_zone_cmp(const void* z1, const void* z2)
313 {
314 	/* first sort on class, so that hierarchy can be maintained within
315 	 * a class */
316 	struct auth_zone* a = (struct auth_zone*)z1;
317 	struct auth_zone* b = (struct auth_zone*)z2;
318 	int m;
319 	if(a->dclass != b->dclass) {
320 		if(a->dclass < b->dclass)
321 			return -1;
322 		return 1;
323 	}
324 	/* sorted such that higher zones sort before lower zones (their
325 	 * contents) */
326 	return dname_lab_cmp(a->name, a->namelabs, b->name, b->namelabs, &m);
327 }
328 
329 int auth_data_cmp(const void* z1, const void* z2)
330 {
331 	struct auth_data* a = (struct auth_data*)z1;
332 	struct auth_data* b = (struct auth_data*)z2;
333 	int m;
334 	/* canonical sort, because DNSSEC needs that */
335 	return dname_canon_lab_cmp(a->name, a->namelabs, b->name,
336 		b->namelabs, &m);
337 }
338 
339 int auth_xfer_cmp(const void* z1, const void* z2)
340 {
341 	/* first sort on class, so that hierarchy can be maintained within
342 	 * a class */
343 	struct auth_xfer* a = (struct auth_xfer*)z1;
344 	struct auth_xfer* b = (struct auth_xfer*)z2;
345 	int m;
346 	if(a->dclass != b->dclass) {
347 		if(a->dclass < b->dclass)
348 			return -1;
349 		return 1;
350 	}
351 	/* sorted such that higher zones sort before lower zones (their
352 	 * contents) */
353 	return dname_lab_cmp(a->name, a->namelabs, b->name, b->namelabs, &m);
354 }
355 
356 /** delete auth rrset node */
357 static void
358 auth_rrset_delete(struct auth_rrset* rrset)
359 {
360 	if(!rrset) return;
361 	free(rrset->data);
362 	free(rrset);
363 }
364 
365 /** delete auth data domain node */
366 static void
367 auth_data_delete(struct auth_data* n)
368 {
369 	struct auth_rrset* p, *np;
370 	if(!n) return;
371 	p = n->rrsets;
372 	while(p) {
373 		np = p->next;
374 		auth_rrset_delete(p);
375 		p = np;
376 	}
377 	free(n->name);
378 	free(n);
379 }
380 
381 /** helper traverse to delete zones */
382 static void
383 auth_data_del(rbnode_type* n, void* ATTR_UNUSED(arg))
384 {
385 	struct auth_data* z = (struct auth_data*)n->key;
386 	auth_data_delete(z);
387 }
388 
389 /** delete an auth zone structure (tree remove must be done elsewhere) */
390 static void
391 auth_zone_delete(struct auth_zone* z, struct auth_zones* az)
392 {
393 	if(!z) return;
394 	lock_rw_destroy(&z->lock);
395 	traverse_postorder(&z->data, auth_data_del, NULL);
396 
397 	if(az && z->rpz) {
398 		/* keep RPZ linked list intact */
399 		lock_rw_wrlock(&az->rpz_lock);
400 		if(z->rpz_az_prev)
401 			z->rpz_az_prev->rpz_az_next = z->rpz_az_next;
402 		else
403 			az->rpz_first = z->rpz_az_next;
404 		if(z->rpz_az_next)
405 			z->rpz_az_next->rpz_az_prev = z->rpz_az_prev;
406 		lock_rw_unlock(&az->rpz_lock);
407 	}
408 	if(z->rpz)
409 		rpz_delete(z->rpz);
410 	free(z->name);
411 	free(z->zonefile);
412 	free(z);
413 }
414 
415 struct auth_zone*
416 auth_zone_create(struct auth_zones* az, uint8_t* nm, size_t nmlen,
417 	uint16_t dclass)
418 {
419 	struct auth_zone* z = (struct auth_zone*)calloc(1, sizeof(*z));
420 	if(!z) {
421 		return NULL;
422 	}
423 	z->node.key = z;
424 	z->dclass = dclass;
425 	z->namelen = nmlen;
426 	z->namelabs = dname_count_labels(nm);
427 	z->name = memdup(nm, nmlen);
428 	if(!z->name) {
429 		free(z);
430 		return NULL;
431 	}
432 	rbtree_init(&z->data, &auth_data_cmp);
433 	lock_rw_init(&z->lock);
434 	lock_protect(&z->lock, &z->name, sizeof(*z)-sizeof(rbnode_type)-
435 			sizeof(&z->rpz_az_next)-sizeof(&z->rpz_az_prev));
436 	lock_rw_wrlock(&z->lock);
437 	/* z lock protects all, except rbtree itself and the rpz linked list
438 	 * pointers, which are protected using az->lock */
439 	if(!rbtree_insert(&az->ztree, &z->node)) {
440 		lock_rw_unlock(&z->lock);
441 		auth_zone_delete(z, NULL);
442 		log_warn("duplicate auth zone");
443 		return NULL;
444 	}
445 	return z;
446 }
447 
448 struct auth_zone*
449 auth_zone_find(struct auth_zones* az, uint8_t* nm, size_t nmlen,
450 	uint16_t dclass)
451 {
452 	struct auth_zone key;
453 	key.node.key = &key;
454 	key.dclass = dclass;
455 	key.name = nm;
456 	key.namelen = nmlen;
457 	key.namelabs = dname_count_labels(nm);
458 	return (struct auth_zone*)rbtree_search(&az->ztree, &key);
459 }
460 
461 struct auth_xfer*
462 auth_xfer_find(struct auth_zones* az, uint8_t* nm, size_t nmlen,
463 	uint16_t dclass)
464 {
465 	struct auth_xfer key;
466 	key.node.key = &key;
467 	key.dclass = dclass;
468 	key.name = nm;
469 	key.namelen = nmlen;
470 	key.namelabs = dname_count_labels(nm);
471 	return (struct auth_xfer*)rbtree_search(&az->xtree, &key);
472 }
473 
474 /** find an auth zone or sorted less-or-equal, return true if exact */
475 static int
476 auth_zone_find_less_equal(struct auth_zones* az, uint8_t* nm, size_t nmlen,
477 	uint16_t dclass, struct auth_zone** z)
478 {
479 	struct auth_zone key;
480 	key.node.key = &key;
481 	key.dclass = dclass;
482 	key.name = nm;
483 	key.namelen = nmlen;
484 	key.namelabs = dname_count_labels(nm);
485 	return rbtree_find_less_equal(&az->ztree, &key, (rbnode_type**)z);
486 }
487 
488 
489 /** find the auth zone that is above the given name */
490 struct auth_zone*
491 auth_zones_find_zone(struct auth_zones* az, uint8_t* name, size_t name_len,
492 	uint16_t dclass)
493 {
494 	uint8_t* nm = name;
495 	size_t nmlen = name_len;
496 	struct auth_zone* z;
497 	if(auth_zone_find_less_equal(az, nm, nmlen, dclass, &z)) {
498 		/* exact match */
499 		return z;
500 	} else {
501 		/* less-or-nothing */
502 		if(!z) return NULL; /* nothing smaller, nothing above it */
503 		/* we found smaller name; smaller may be above the name,
504 		 * but not below it. */
505 		nm = dname_get_shared_topdomain(z->name, name);
506 		dname_count_size_labels(nm, &nmlen);
507 		z = NULL;
508 	}
509 
510 	/* search up */
511 	while(!z) {
512 		z = auth_zone_find(az, nm, nmlen, dclass);
513 		if(z) return z;
514 		if(dname_is_root(nm)) break;
515 		dname_remove_label(&nm, &nmlen);
516 	}
517 	return NULL;
518 }
519 
520 /** find or create zone with name str. caller must have lock on az.
521  * returns a wrlocked zone */
522 static struct auth_zone*
523 auth_zones_find_or_add_zone(struct auth_zones* az, char* name)
524 {
525 	uint8_t nm[LDNS_MAX_DOMAINLEN+1];
526 	size_t nmlen = sizeof(nm);
527 	struct auth_zone* z;
528 
529 	if(sldns_str2wire_dname_buf(name, nm, &nmlen) != 0) {
530 		log_err("cannot parse auth zone name: %s", name);
531 		return 0;
532 	}
533 	z = auth_zone_find(az, nm, nmlen, LDNS_RR_CLASS_IN);
534 	if(!z) {
535 		/* not found, create the zone */
536 		z = auth_zone_create(az, nm, nmlen, LDNS_RR_CLASS_IN);
537 	} else {
538 		lock_rw_wrlock(&z->lock);
539 	}
540 	return z;
541 }
542 
543 /** find or create xfer zone with name str. caller must have lock on az.
544  * returns a locked xfer */
545 static struct auth_xfer*
546 auth_zones_find_or_add_xfer(struct auth_zones* az, struct auth_zone* z)
547 {
548 	struct auth_xfer* x;
549 	x = auth_xfer_find(az, z->name, z->namelen, z->dclass);
550 	if(!x) {
551 		/* not found, create the zone */
552 		x = auth_xfer_create(az, z);
553 	} else {
554 		lock_basic_lock(&x->lock);
555 	}
556 	return x;
557 }
558 
559 int
560 auth_zone_set_zonefile(struct auth_zone* z, char* zonefile)
561 {
562 	if(z->zonefile) free(z->zonefile);
563 	if(zonefile == NULL) {
564 		z->zonefile = NULL;
565 	} else {
566 		z->zonefile = strdup(zonefile);
567 		if(!z->zonefile) {
568 			log_err("malloc failure");
569 			return 0;
570 		}
571 	}
572 	return 1;
573 }
574 
575 /** set auth zone fallback. caller must have lock on zone */
576 int
577 auth_zone_set_fallback(struct auth_zone* z, char* fallbackstr)
578 {
579 	if(strcmp(fallbackstr, "yes") != 0 && strcmp(fallbackstr, "no") != 0){
580 		log_err("auth zone fallback, expected yes or no, got %s",
581 			fallbackstr);
582 		return 0;
583 	}
584 	z->fallback_enabled = (strcmp(fallbackstr, "yes")==0);
585 	return 1;
586 }
587 
588 /** create domain with the given name */
589 static struct auth_data*
590 az_domain_create(struct auth_zone* z, uint8_t* nm, size_t nmlen)
591 {
592 	struct auth_data* n = (struct auth_data*)malloc(sizeof(*n));
593 	if(!n) return NULL;
594 	memset(n, 0, sizeof(*n));
595 	n->node.key = n;
596 	n->name = memdup(nm, nmlen);
597 	if(!n->name) {
598 		free(n);
599 		return NULL;
600 	}
601 	n->namelen = nmlen;
602 	n->namelabs = dname_count_labels(nm);
603 	if(!rbtree_insert(&z->data, &n->node)) {
604 		log_warn("duplicate auth domain name");
605 		free(n->name);
606 		free(n);
607 		return NULL;
608 	}
609 	return n;
610 }
611 
612 /** find domain with exactly the given name */
613 static struct auth_data*
614 az_find_name(struct auth_zone* z, uint8_t* nm, size_t nmlen)
615 {
616 	struct auth_zone key;
617 	key.node.key = &key;
618 	key.name = nm;
619 	key.namelen = nmlen;
620 	key.namelabs = dname_count_labels(nm);
621 	return (struct auth_data*)rbtree_search(&z->data, &key);
622 }
623 
624 /** Find domain name (or closest match) */
625 static void
626 az_find_domain(struct auth_zone* z, struct query_info* qinfo, int* node_exact,
627 	struct auth_data** node)
628 {
629 	struct auth_zone key;
630 	key.node.key = &key;
631 	key.name = qinfo->qname;
632 	key.namelen = qinfo->qname_len;
633 	key.namelabs = dname_count_labels(key.name);
634 	*node_exact = rbtree_find_less_equal(&z->data, &key,
635 		(rbnode_type**)node);
636 }
637 
638 /** find or create domain with name in zone */
639 static struct auth_data*
640 az_domain_find_or_create(struct auth_zone* z, uint8_t* dname,
641 	size_t dname_len)
642 {
643 	struct auth_data* n = az_find_name(z, dname, dname_len);
644 	if(!n) {
645 		n = az_domain_create(z, dname, dname_len);
646 	}
647 	return n;
648 }
649 
650 /** find rrset of given type in the domain */
651 static struct auth_rrset*
652 az_domain_rrset(struct auth_data* n, uint16_t t)
653 {
654 	struct auth_rrset* rrset;
655 	if(!n) return NULL;
656 	rrset = n->rrsets;
657 	while(rrset) {
658 		if(rrset->type == t)
659 			return rrset;
660 		rrset = rrset->next;
661 	}
662 	return NULL;
663 }
664 
665 /** remove rrset of this type from domain */
666 static void
667 domain_remove_rrset(struct auth_data* node, uint16_t rr_type)
668 {
669 	struct auth_rrset* rrset, *prev;
670 	if(!node) return;
671 	prev = NULL;
672 	rrset = node->rrsets;
673 	while(rrset) {
674 		if(rrset->type == rr_type) {
675 			/* found it, now delete it */
676 			if(prev) prev->next = rrset->next;
677 			else	node->rrsets = rrset->next;
678 			auth_rrset_delete(rrset);
679 			return;
680 		}
681 		prev = rrset;
682 		rrset = rrset->next;
683 	}
684 }
685 
686 /** find an rrsig index in the rrset.  returns true if found */
687 static int
688 az_rrset_find_rrsig(struct packed_rrset_data* d, uint8_t* rdata, size_t len,
689 	size_t* index)
690 {
691 	size_t i;
692 	for(i=d->count; i<d->count + d->rrsig_count; i++) {
693 		if(d->rr_len[i] != len)
694 			continue;
695 		if(memcmp(d->rr_data[i], rdata, len) == 0) {
696 			*index = i;
697 			return 1;
698 		}
699 	}
700 	return 0;
701 }
702 
703 /** see if rdata is duplicate */
704 static int
705 rdata_duplicate(struct packed_rrset_data* d, uint8_t* rdata, size_t len)
706 {
707 	size_t i;
708 	for(i=0; i<d->count + d->rrsig_count; i++) {
709 		if(d->rr_len[i] != len)
710 			continue;
711 		if(memcmp(d->rr_data[i], rdata, len) == 0)
712 			return 1;
713 	}
714 	return 0;
715 }
716 
717 /** get rrsig type covered from rdata.
718  * @param rdata: rdata in wireformat, starting with 16bit rdlength.
719  * @param rdatalen: length of rdata buffer.
720  * @return type covered (or 0).
721  */
722 static uint16_t
723 rrsig_rdata_get_type_covered(uint8_t* rdata, size_t rdatalen)
724 {
725 	if(rdatalen < 4)
726 		return 0;
727 	return sldns_read_uint16(rdata+2);
728 }
729 
730 /** remove RR from existing RRset. Also sig, if it is a signature.
731  * reallocates the packed rrset for a new one, false on alloc failure */
732 static int
733 rrset_remove_rr(struct auth_rrset* rrset, size_t index)
734 {
735 	struct packed_rrset_data* d, *old = rrset->data;
736 	size_t i;
737 	if(index >= old->count + old->rrsig_count)
738 		return 0; /* index out of bounds */
739 	d = (struct packed_rrset_data*)calloc(1, packed_rrset_sizeof(old) - (
740 		sizeof(size_t) + sizeof(uint8_t*) + sizeof(time_t) +
741 		old->rr_len[index]));
742 	if(!d) {
743 		log_err("malloc failure");
744 		return 0;
745 	}
746 	d->ttl = old->ttl;
747 	d->count = old->count;
748 	d->rrsig_count = old->rrsig_count;
749 	if(index < d->count) d->count--;
750 	else d->rrsig_count--;
751 	d->trust = old->trust;
752 	d->security = old->security;
753 
754 	/* set rr_len, needed for ptr_fixup */
755 	d->rr_len = (size_t*)((uint8_t*)d +
756 		sizeof(struct packed_rrset_data));
757 	if(index > 0)
758 		memmove(d->rr_len, old->rr_len, (index)*sizeof(size_t));
759 	if(index+1 < old->count+old->rrsig_count)
760 		memmove(&d->rr_len[index], &old->rr_len[index+1],
761 		(old->count+old->rrsig_count - (index+1))*sizeof(size_t));
762 	packed_rrset_ptr_fixup(d);
763 
764 	/* move over ttls */
765 	if(index > 0)
766 		memmove(d->rr_ttl, old->rr_ttl, (index)*sizeof(time_t));
767 	if(index+1 < old->count+old->rrsig_count)
768 		memmove(&d->rr_ttl[index], &old->rr_ttl[index+1],
769 		(old->count+old->rrsig_count - (index+1))*sizeof(time_t));
770 
771 	/* move over rr_data */
772 	for(i=0; i<d->count+d->rrsig_count; i++) {
773 		size_t oldi;
774 		if(i < index) oldi = i;
775 		else oldi = i+1;
776 		memmove(d->rr_data[i], old->rr_data[oldi], d->rr_len[i]);
777 	}
778 
779 	/* recalc ttl (lowest of remaining RR ttls) */
780 	if(d->count + d->rrsig_count > 0)
781 		d->ttl = d->rr_ttl[0];
782 	for(i=0; i<d->count+d->rrsig_count; i++) {
783 		if(d->rr_ttl[i] < d->ttl)
784 			d->ttl = d->rr_ttl[i];
785 	}
786 
787 	free(rrset->data);
788 	rrset->data = d;
789 	return 1;
790 }
791 
792 /** add RR to existing RRset. If insert_sig is true, add to rrsigs.
793  * This reallocates the packed rrset for a new one */
794 static int
795 rrset_add_rr(struct auth_rrset* rrset, uint32_t rr_ttl, uint8_t* rdata,
796 	size_t rdatalen, int insert_sig)
797 {
798 	struct packed_rrset_data* d, *old = rrset->data;
799 	size_t total, old_total;
800 
801 	d = (struct packed_rrset_data*)calloc(1, packed_rrset_sizeof(old)
802 		+ sizeof(size_t) + sizeof(uint8_t*) + sizeof(time_t)
803 		+ rdatalen);
804 	if(!d) {
805 		log_err("out of memory");
806 		return 0;
807 	}
808 	/* copy base values */
809 	memcpy(d, old, sizeof(struct packed_rrset_data));
810 	if(!insert_sig) {
811 		d->count++;
812 	} else {
813 		d->rrsig_count++;
814 	}
815 	old_total = old->count + old->rrsig_count;
816 	total = d->count + d->rrsig_count;
817 	/* set rr_len, needed for ptr_fixup */
818 	d->rr_len = (size_t*)((uint8_t*)d +
819 		sizeof(struct packed_rrset_data));
820 	if(old->count != 0)
821 		memmove(d->rr_len, old->rr_len, old->count*sizeof(size_t));
822 	if(old->rrsig_count != 0)
823 		memmove(d->rr_len+d->count, old->rr_len+old->count,
824 			old->rrsig_count*sizeof(size_t));
825 	if(!insert_sig)
826 		d->rr_len[d->count-1] = rdatalen;
827 	else	d->rr_len[total-1] = rdatalen;
828 	packed_rrset_ptr_fixup(d);
829 	if((time_t)rr_ttl < d->ttl)
830 		d->ttl = rr_ttl;
831 
832 	/* copy old values into new array */
833 	if(old->count != 0) {
834 		memmove(d->rr_ttl, old->rr_ttl, old->count*sizeof(time_t));
835 		/* all the old rr pieces are allocated sequential, so we
836 		 * can copy them in one go */
837 		memmove(d->rr_data[0], old->rr_data[0],
838 			(old->rr_data[old->count-1] - old->rr_data[0]) +
839 			old->rr_len[old->count-1]);
840 	}
841 	if(old->rrsig_count != 0) {
842 		memmove(d->rr_ttl+d->count, old->rr_ttl+old->count,
843 			old->rrsig_count*sizeof(time_t));
844 		memmove(d->rr_data[d->count], old->rr_data[old->count],
845 			(old->rr_data[old_total-1] - old->rr_data[old->count]) +
846 			old->rr_len[old_total-1]);
847 	}
848 
849 	/* insert new value */
850 	if(!insert_sig) {
851 		d->rr_ttl[d->count-1] = rr_ttl;
852 		memmove(d->rr_data[d->count-1], rdata, rdatalen);
853 	} else {
854 		d->rr_ttl[total-1] = rr_ttl;
855 		memmove(d->rr_data[total-1], rdata, rdatalen);
856 	}
857 
858 	rrset->data = d;
859 	free(old);
860 	return 1;
861 }
862 
863 /** Create new rrset for node with packed rrset with one RR element */
864 static struct auth_rrset*
865 rrset_create(struct auth_data* node, uint16_t rr_type, uint32_t rr_ttl,
866 	uint8_t* rdata, size_t rdatalen)
867 {
868 	struct auth_rrset* rrset = (struct auth_rrset*)calloc(1,
869 		sizeof(*rrset));
870 	struct auth_rrset* p, *prev;
871 	struct packed_rrset_data* d;
872 	if(!rrset) {
873 		log_err("out of memory");
874 		return NULL;
875 	}
876 	rrset->type = rr_type;
877 
878 	/* the rrset data structure, with one RR */
879 	d = (struct packed_rrset_data*)calloc(1,
880 		sizeof(struct packed_rrset_data) + sizeof(size_t) +
881 		sizeof(uint8_t*) + sizeof(time_t) + rdatalen);
882 	if(!d) {
883 		free(rrset);
884 		log_err("out of memory");
885 		return NULL;
886 	}
887 	rrset->data = d;
888 	d->ttl = rr_ttl;
889 	d->trust = rrset_trust_prim_noglue;
890 	d->rr_len = (size_t*)((uint8_t*)d + sizeof(struct packed_rrset_data));
891 	d->rr_data = (uint8_t**)&(d->rr_len[1]);
892 	d->rr_ttl = (time_t*)&(d->rr_data[1]);
893 	d->rr_data[0] = (uint8_t*)&(d->rr_ttl[1]);
894 
895 	/* insert the RR */
896 	d->rr_len[0] = rdatalen;
897 	d->rr_ttl[0] = rr_ttl;
898 	memmove(d->rr_data[0], rdata, rdatalen);
899 	d->count++;
900 
901 	/* insert rrset into linked list for domain */
902 	/* find sorted place to link the rrset into the list */
903 	prev = NULL;
904 	p = node->rrsets;
905 	while(p && p->type<=rr_type) {
906 		prev = p;
907 		p = p->next;
908 	}
909 	/* so, prev is smaller, and p is larger than rr_type */
910 	rrset->next = p;
911 	if(prev) prev->next = rrset;
912 	else node->rrsets = rrset;
913 	return rrset;
914 }
915 
916 /** count number (and size) of rrsigs that cover a type */
917 static size_t
918 rrsig_num_that_cover(struct auth_rrset* rrsig, uint16_t rr_type, size_t* sigsz)
919 {
920 	struct packed_rrset_data* d = rrsig->data;
921 	size_t i, num = 0;
922 	*sigsz = 0;
923 	log_assert(d && rrsig->type == LDNS_RR_TYPE_RRSIG);
924 	for(i=0; i<d->count+d->rrsig_count; i++) {
925 		if(rrsig_rdata_get_type_covered(d->rr_data[i],
926 			d->rr_len[i]) == rr_type) {
927 			num++;
928 			(*sigsz) += d->rr_len[i];
929 		}
930 	}
931 	return num;
932 }
933 
934 /** See if rrsig set has covered sigs for rrset and move them over */
935 static int
936 rrset_moveover_rrsigs(struct auth_data* node, uint16_t rr_type,
937 	struct auth_rrset* rrset, struct auth_rrset* rrsig)
938 {
939 	size_t sigs, sigsz, i, j, total;
940 	struct packed_rrset_data* sigold = rrsig->data;
941 	struct packed_rrset_data* old = rrset->data;
942 	struct packed_rrset_data* d, *sigd;
943 
944 	log_assert(rrset->type == rr_type);
945 	log_assert(rrsig->type == LDNS_RR_TYPE_RRSIG);
946 	sigs = rrsig_num_that_cover(rrsig, rr_type, &sigsz);
947 	if(sigs == 0) {
948 		/* 0 rrsigs to move over, done */
949 		return 1;
950 	}
951 
952 	/* allocate rrset sigsz larger for extra sigs elements, and
953 	 * allocate rrsig sigsz smaller for less sigs elements. */
954 	d = (struct packed_rrset_data*)calloc(1, packed_rrset_sizeof(old)
955 		+ sigs*(sizeof(size_t) + sizeof(uint8_t*) + sizeof(time_t))
956 		+ sigsz);
957 	if(!d) {
958 		log_err("out of memory");
959 		return 0;
960 	}
961 	/* copy base values */
962 	total = old->count + old->rrsig_count;
963 	memcpy(d, old, sizeof(struct packed_rrset_data));
964 	d->rrsig_count += sigs;
965 	/* setup rr_len */
966 	d->rr_len = (size_t*)((uint8_t*)d +
967 		sizeof(struct packed_rrset_data));
968 	if(total != 0)
969 		memmove(d->rr_len, old->rr_len, total*sizeof(size_t));
970 	j = d->count+d->rrsig_count-sigs;
971 	for(i=0; i<sigold->count+sigold->rrsig_count; i++) {
972 		if(rrsig_rdata_get_type_covered(sigold->rr_data[i],
973 			sigold->rr_len[i]) == rr_type) {
974 			d->rr_len[j] = sigold->rr_len[i];
975 			j++;
976 		}
977 	}
978 	packed_rrset_ptr_fixup(d);
979 
980 	/* copy old values into new array */
981 	if(total != 0) {
982 		memmove(d->rr_ttl, old->rr_ttl, total*sizeof(time_t));
983 		/* all the old rr pieces are allocated sequential, so we
984 		 * can copy them in one go */
985 		memmove(d->rr_data[0], old->rr_data[0],
986 			(old->rr_data[total-1] - old->rr_data[0]) +
987 			old->rr_len[total-1]);
988 	}
989 
990 	/* move over the rrsigs to the larger rrset*/
991 	j = d->count+d->rrsig_count-sigs;
992 	for(i=0; i<sigold->count+sigold->rrsig_count; i++) {
993 		if(rrsig_rdata_get_type_covered(sigold->rr_data[i],
994 			sigold->rr_len[i]) == rr_type) {
995 			/* move this one over to location j */
996 			d->rr_ttl[j] = sigold->rr_ttl[i];
997 			memmove(d->rr_data[j], sigold->rr_data[i],
998 				sigold->rr_len[i]);
999 			if(d->rr_ttl[j] < d->ttl)
1000 				d->ttl = d->rr_ttl[j];
1001 			j++;
1002 		}
1003 	}
1004 
1005 	/* put it in and deallocate the old rrset */
1006 	rrset->data = d;
1007 	free(old);
1008 
1009 	/* now make rrsig set smaller */
1010 	if(sigold->count+sigold->rrsig_count == sigs) {
1011 		/* remove all sigs from rrsig, remove it entirely */
1012 		domain_remove_rrset(node, LDNS_RR_TYPE_RRSIG);
1013 		return 1;
1014 	}
1015 	log_assert(packed_rrset_sizeof(sigold) > sigs*(sizeof(size_t) +
1016 		sizeof(uint8_t*) + sizeof(time_t)) + sigsz);
1017 	sigd = (struct packed_rrset_data*)calloc(1, packed_rrset_sizeof(sigold)
1018 		- sigs*(sizeof(size_t) + sizeof(uint8_t*) + sizeof(time_t))
1019 		- sigsz);
1020 	if(!sigd) {
1021 		/* no need to free up d, it has already been placed in the
1022 		 * node->rrset structure */
1023 		log_err("out of memory");
1024 		return 0;
1025 	}
1026 	/* copy base values */
1027 	memcpy(sigd, sigold, sizeof(struct packed_rrset_data));
1028 	/* in sigd the RRSIGs are stored in the base of the RR, in count */
1029 	sigd->count -= sigs;
1030 	/* setup rr_len */
1031 	sigd->rr_len = (size_t*)((uint8_t*)sigd +
1032 		sizeof(struct packed_rrset_data));
1033 	j = 0;
1034 	for(i=0; i<sigold->count+sigold->rrsig_count; i++) {
1035 		if(rrsig_rdata_get_type_covered(sigold->rr_data[i],
1036 			sigold->rr_len[i]) != rr_type) {
1037 			sigd->rr_len[j] = sigold->rr_len[i];
1038 			j++;
1039 		}
1040 	}
1041 	packed_rrset_ptr_fixup(sigd);
1042 
1043 	/* copy old values into new rrsig array */
1044 	j = 0;
1045 	for(i=0; i<sigold->count+sigold->rrsig_count; i++) {
1046 		if(rrsig_rdata_get_type_covered(sigold->rr_data[i],
1047 			sigold->rr_len[i]) != rr_type) {
1048 			/* move this one over to location j */
1049 			sigd->rr_ttl[j] = sigold->rr_ttl[i];
1050 			memmove(sigd->rr_data[j], sigold->rr_data[i],
1051 				sigold->rr_len[i]);
1052 			if(j==0) sigd->ttl = sigd->rr_ttl[j];
1053 			else {
1054 				if(sigd->rr_ttl[j] < sigd->ttl)
1055 					sigd->ttl = sigd->rr_ttl[j];
1056 			}
1057 			j++;
1058 		}
1059 	}
1060 
1061 	/* put it in and deallocate the old rrset */
1062 	rrsig->data = sigd;
1063 	free(sigold);
1064 
1065 	return 1;
1066 }
1067 
1068 /** copy the rrsigs from the rrset to the rrsig rrset, because the rrset
1069  * is going to be deleted.  reallocates the RRSIG rrset data. */
1070 static int
1071 rrsigs_copy_from_rrset_to_rrsigset(struct auth_rrset* rrset,
1072 	struct auth_rrset* rrsigset)
1073 {
1074 	size_t i;
1075 	if(rrset->data->rrsig_count == 0)
1076 		return 1;
1077 
1078 	/* move them over one by one, because there might be duplicates,
1079 	 * duplicates are ignored */
1080 	for(i=rrset->data->count;
1081 		i<rrset->data->count+rrset->data->rrsig_count; i++) {
1082 		uint8_t* rdata = rrset->data->rr_data[i];
1083 		size_t rdatalen = rrset->data->rr_len[i];
1084 		time_t rr_ttl  = rrset->data->rr_ttl[i];
1085 
1086 		if(rdata_duplicate(rrsigset->data, rdata, rdatalen)) {
1087 			continue;
1088 		}
1089 		if(!rrset_add_rr(rrsigset, rr_ttl, rdata, rdatalen, 0))
1090 			return 0;
1091 	}
1092 	return 1;
1093 }
1094 
1095 /** Add rr to node, ignores duplicate RRs,
1096  * rdata points to buffer with rdatalen octets, starts with 2bytelength. */
1097 static int
1098 az_domain_add_rr(struct auth_data* node, uint16_t rr_type, uint32_t rr_ttl,
1099 	uint8_t* rdata, size_t rdatalen, int* duplicate)
1100 {
1101 	struct auth_rrset* rrset;
1102 	/* packed rrsets have their rrsigs along with them, sort them out */
1103 	if(rr_type == LDNS_RR_TYPE_RRSIG) {
1104 		uint16_t ctype = rrsig_rdata_get_type_covered(rdata, rdatalen);
1105 		if((rrset=az_domain_rrset(node, ctype))!= NULL) {
1106 			/* a node of the correct type exists, add the RRSIG
1107 			 * to the rrset of the covered data type */
1108 			if(rdata_duplicate(rrset->data, rdata, rdatalen)) {
1109 				if(duplicate) *duplicate = 1;
1110 				return 1;
1111 			}
1112 			if(!rrset_add_rr(rrset, rr_ttl, rdata, rdatalen, 1))
1113 				return 0;
1114 		} else if((rrset=az_domain_rrset(node, rr_type))!= NULL) {
1115 			/* add RRSIG to rrset of type RRSIG */
1116 			if(rdata_duplicate(rrset->data, rdata, rdatalen)) {
1117 				if(duplicate) *duplicate = 1;
1118 				return 1;
1119 			}
1120 			if(!rrset_add_rr(rrset, rr_ttl, rdata, rdatalen, 0))
1121 				return 0;
1122 		} else {
1123 			/* create rrset of type RRSIG */
1124 			if(!rrset_create(node, rr_type, rr_ttl, rdata,
1125 				rdatalen))
1126 				return 0;
1127 		}
1128 	} else {
1129 		/* normal RR type */
1130 		if((rrset=az_domain_rrset(node, rr_type))!= NULL) {
1131 			/* add data to existing node with data type */
1132 			if(rdata_duplicate(rrset->data, rdata, rdatalen)) {
1133 				if(duplicate) *duplicate = 1;
1134 				return 1;
1135 			}
1136 			if(!rrset_add_rr(rrset, rr_ttl, rdata, rdatalen, 0))
1137 				return 0;
1138 		} else {
1139 			struct auth_rrset* rrsig;
1140 			/* create new node with data type */
1141 			if(!(rrset=rrset_create(node, rr_type, rr_ttl, rdata,
1142 				rdatalen)))
1143 				return 0;
1144 
1145 			/* see if node of type RRSIG has signatures that
1146 			 * cover the data type, and move them over */
1147 			/* and then make the RRSIG type smaller */
1148 			if((rrsig=az_domain_rrset(node, LDNS_RR_TYPE_RRSIG))
1149 				!= NULL) {
1150 				if(!rrset_moveover_rrsigs(node, rr_type,
1151 					rrset, rrsig))
1152 					return 0;
1153 			}
1154 		}
1155 	}
1156 	return 1;
1157 }
1158 
1159 /** insert RR into zone, ignore duplicates */
1160 static int
1161 az_insert_rr(struct auth_zone* z, uint8_t* rr, size_t rr_len,
1162 	size_t dname_len, int* duplicate)
1163 {
1164 	struct auth_data* node;
1165 	uint8_t* dname = rr;
1166 	uint16_t rr_type = sldns_wirerr_get_type(rr, rr_len, dname_len);
1167 	uint16_t rr_class = sldns_wirerr_get_class(rr, rr_len, dname_len);
1168 	uint32_t rr_ttl = sldns_wirerr_get_ttl(rr, rr_len, dname_len);
1169 	size_t rdatalen = ((size_t)sldns_wirerr_get_rdatalen(rr, rr_len,
1170 		dname_len))+2;
1171 	/* rdata points to rdata prefixed with uint16 rdatalength */
1172 	uint8_t* rdata = sldns_wirerr_get_rdatawl(rr, rr_len, dname_len);
1173 
1174 	if(rr_class != z->dclass) {
1175 		log_err("wrong class for RR");
1176 		return 0;
1177 	}
1178 	if(!(node=az_domain_find_or_create(z, dname, dname_len))) {
1179 		log_err("cannot create domain");
1180 		return 0;
1181 	}
1182 	if(!az_domain_add_rr(node, rr_type, rr_ttl, rdata, rdatalen,
1183 		duplicate)) {
1184 		log_err("cannot add RR to domain");
1185 		return 0;
1186 	}
1187 	if(z->rpz) {
1188 		if(!(rpz_insert_rr(z->rpz, z->name, z->namelen, dname,
1189 			dname_len, rr_type, rr_class, rr_ttl, rdata, rdatalen,
1190 			rr, rr_len)))
1191 			return 0;
1192 	}
1193 	return 1;
1194 }
1195 
1196 /** Remove rr from node, ignores nonexisting RRs,
1197  * rdata points to buffer with rdatalen octets, starts with 2bytelength. */
1198 static int
1199 az_domain_remove_rr(struct auth_data* node, uint16_t rr_type,
1200 	uint8_t* rdata, size_t rdatalen, int* nonexist)
1201 {
1202 	struct auth_rrset* rrset;
1203 	size_t index = 0;
1204 
1205 	/* find the plain RR of the given type */
1206 	if((rrset=az_domain_rrset(node, rr_type))!= NULL) {
1207 		if(packed_rrset_find_rr(rrset->data, rdata, rdatalen, &index)) {
1208 			if(rrset->data->count == 1 &&
1209 				rrset->data->rrsig_count == 0) {
1210 				/* last RR, delete the rrset */
1211 				domain_remove_rrset(node, rr_type);
1212 			} else if(rrset->data->count == 1 &&
1213 				rrset->data->rrsig_count != 0) {
1214 				/* move RRSIGs to the RRSIG rrset, or
1215 				 * this one becomes that RRset */
1216 				struct auth_rrset* rrsigset = az_domain_rrset(
1217 					node, LDNS_RR_TYPE_RRSIG);
1218 				if(rrsigset) {
1219 					/* move left over rrsigs to the
1220 					 * existing rrset of type RRSIG */
1221 					rrsigs_copy_from_rrset_to_rrsigset(
1222 						rrset, rrsigset);
1223 					/* and then delete the rrset */
1224 					domain_remove_rrset(node, rr_type);
1225 				} else {
1226 					/* no rrset of type RRSIG, this
1227 					 * set is now of that type,
1228 					 * just remove the rr */
1229 					if(!rrset_remove_rr(rrset, index))
1230 						return 0;
1231 					rrset->type = LDNS_RR_TYPE_RRSIG;
1232 					rrset->data->count = rrset->data->rrsig_count;
1233 					rrset->data->rrsig_count = 0;
1234 				}
1235 			} else {
1236 				/* remove the RR from the rrset */
1237 				if(!rrset_remove_rr(rrset, index))
1238 					return 0;
1239 			}
1240 			return 1;
1241 		}
1242 		/* rr not found in rrset */
1243 	}
1244 
1245 	/* is it a type RRSIG, look under the covered type */
1246 	if(rr_type == LDNS_RR_TYPE_RRSIG) {
1247 		uint16_t ctype = rrsig_rdata_get_type_covered(rdata, rdatalen);
1248 		if((rrset=az_domain_rrset(node, ctype))!= NULL) {
1249 			if(az_rrset_find_rrsig(rrset->data, rdata, rdatalen,
1250 				&index)) {
1251 				/* rrsig should have d->count > 0, be
1252 				 * over some rr of that type */
1253 				/* remove the rrsig from the rrsigs list of the
1254 				 * rrset */
1255 				if(!rrset_remove_rr(rrset, index))
1256 					return 0;
1257 				return 1;
1258 			}
1259 		}
1260 		/* also RRSIG not found */
1261 	}
1262 
1263 	/* nothing found to delete */
1264 	if(nonexist) *nonexist = 1;
1265 	return 1;
1266 }
1267 
1268 /** remove RR from zone, ignore if it does not exist, false on alloc failure*/
1269 static int
1270 az_remove_rr(struct auth_zone* z, uint8_t* rr, size_t rr_len,
1271 	size_t dname_len, int* nonexist)
1272 {
1273 	struct auth_data* node;
1274 	uint8_t* dname = rr;
1275 	uint16_t rr_type = sldns_wirerr_get_type(rr, rr_len, dname_len);
1276 	uint16_t rr_class = sldns_wirerr_get_class(rr, rr_len, dname_len);
1277 	size_t rdatalen = ((size_t)sldns_wirerr_get_rdatalen(rr, rr_len,
1278 		dname_len))+2;
1279 	/* rdata points to rdata prefixed with uint16 rdatalength */
1280 	uint8_t* rdata = sldns_wirerr_get_rdatawl(rr, rr_len, dname_len);
1281 
1282 	if(rr_class != z->dclass) {
1283 		log_err("wrong class for RR");
1284 		/* really also a nonexisting entry, because no records
1285 		 * of that class in the zone, but return an error because
1286 		 * getting records of the wrong class is a failure of the
1287 		 * zone transfer */
1288 		return 0;
1289 	}
1290 	node = az_find_name(z, dname, dname_len);
1291 	if(!node) {
1292 		/* node with that name does not exist */
1293 		/* nonexisting entry, because no such name */
1294 		*nonexist = 1;
1295 		return 1;
1296 	}
1297 	if(!az_domain_remove_rr(node, rr_type, rdata, rdatalen, nonexist)) {
1298 		/* alloc failure or so */
1299 		return 0;
1300 	}
1301 	/* remove the node, if necessary */
1302 	/* an rrsets==NULL entry is not kept around for empty nonterminals,
1303 	 * and also parent nodes are not kept around, so we just delete it */
1304 	if(node->rrsets == NULL) {
1305 		(void)rbtree_delete(&z->data, node);
1306 		auth_data_delete(node);
1307 	}
1308 	if(z->rpz) {
1309 		rpz_remove_rr(z->rpz, z->name, z->namelen, dname, dname_len,
1310 			rr_type, rr_class, rdata, rdatalen);
1311 	}
1312 	return 1;
1313 }
1314 
1315 /** decompress an RR into the buffer where it'll be an uncompressed RR
1316  * with uncompressed dname and uncompressed rdata (dnames) */
1317 static int
1318 decompress_rr_into_buffer(struct sldns_buffer* buf, uint8_t* pkt,
1319 	size_t pktlen, uint8_t* dname, uint16_t rr_type, uint16_t rr_class,
1320 	uint32_t rr_ttl, uint8_t* rr_data, uint16_t rr_rdlen)
1321 {
1322 	sldns_buffer pktbuf;
1323 	size_t dname_len = 0;
1324 	size_t rdlenpos;
1325 	size_t rdlen;
1326 	uint8_t* rd;
1327 	const sldns_rr_descriptor* desc;
1328 	sldns_buffer_init_frm_data(&pktbuf, pkt, pktlen);
1329 	sldns_buffer_clear(buf);
1330 
1331 	/* decompress dname */
1332 	sldns_buffer_set_position(&pktbuf,
1333 		(size_t)(dname - sldns_buffer_current(&pktbuf)));
1334 	dname_len = pkt_dname_len(&pktbuf);
1335 	if(dname_len == 0) return 0; /* parse fail on dname */
1336 	if(!sldns_buffer_available(buf, dname_len)) return 0;
1337 	dname_pkt_copy(&pktbuf, sldns_buffer_current(buf), dname);
1338 	sldns_buffer_skip(buf, (ssize_t)dname_len);
1339 
1340 	/* type, class, ttl and rdatalength fields */
1341 	if(!sldns_buffer_available(buf, 10)) return 0;
1342 	sldns_buffer_write_u16(buf, rr_type);
1343 	sldns_buffer_write_u16(buf, rr_class);
1344 	sldns_buffer_write_u32(buf, rr_ttl);
1345 	rdlenpos = sldns_buffer_position(buf);
1346 	sldns_buffer_write_u16(buf, 0); /* rd length position */
1347 
1348 	/* decompress rdata */
1349 	desc = sldns_rr_descript(rr_type);
1350 	rd = rr_data;
1351 	rdlen = rr_rdlen;
1352 	if(rdlen > 0 && desc && desc->_dname_count > 0) {
1353 		int count = (int)desc->_dname_count;
1354 		int rdf = 0;
1355 		size_t len; /* how much rdata to plain copy */
1356 		size_t uncompressed_len, compressed_len;
1357 		size_t oldpos;
1358 		/* decompress dnames. */
1359 		while(rdlen > 0 && count) {
1360 			switch(desc->_wireformat[rdf]) {
1361 			case LDNS_RDF_TYPE_DNAME:
1362 				sldns_buffer_set_position(&pktbuf,
1363 					(size_t)(rd -
1364 					sldns_buffer_begin(&pktbuf)));
1365 				oldpos = sldns_buffer_position(&pktbuf);
1366 				/* moves pktbuf to right after the
1367 				 * compressed dname, and returns uncompressed
1368 				 * dname length */
1369 				uncompressed_len = pkt_dname_len(&pktbuf);
1370 				if(!uncompressed_len)
1371 					return 0; /* parse error in dname */
1372 				if(!sldns_buffer_available(buf,
1373 					uncompressed_len))
1374 					/* dname too long for buffer */
1375 					return 0;
1376 				dname_pkt_copy(&pktbuf,
1377 					sldns_buffer_current(buf), rd);
1378 				sldns_buffer_skip(buf, (ssize_t)uncompressed_len);
1379 				compressed_len = sldns_buffer_position(
1380 					&pktbuf) - oldpos;
1381 				rd += compressed_len;
1382 				rdlen -= compressed_len;
1383 				count--;
1384 				len = 0;
1385 				break;
1386 			case LDNS_RDF_TYPE_STR:
1387 				len = rd[0] + 1;
1388 				break;
1389 			default:
1390 				len = get_rdf_size(desc->_wireformat[rdf]);
1391 				break;
1392 			}
1393 			if(len) {
1394 				if(!sldns_buffer_available(buf, len))
1395 					return 0; /* too long for buffer */
1396 				sldns_buffer_write(buf, rd, len);
1397 				rd += len;
1398 				rdlen -= len;
1399 			}
1400 			rdf++;
1401 		}
1402 	}
1403 	/* copy remaining data */
1404 	if(rdlen > 0) {
1405 		if(!sldns_buffer_available(buf, rdlen)) return 0;
1406 		sldns_buffer_write(buf, rd, rdlen);
1407 	}
1408 	/* fixup rdlength */
1409 	sldns_buffer_write_u16_at(buf, rdlenpos,
1410 		sldns_buffer_position(buf)-rdlenpos-2);
1411 	sldns_buffer_flip(buf);
1412 	return 1;
1413 }
1414 
1415 /** insert RR into zone, from packet, decompress RR,
1416  * if duplicate is nonNULL set the flag but otherwise ignore duplicates */
1417 static int
1418 az_insert_rr_decompress(struct auth_zone* z, uint8_t* pkt, size_t pktlen,
1419 	struct sldns_buffer* scratch_buffer, uint8_t* dname, uint16_t rr_type,
1420 	uint16_t rr_class, uint32_t rr_ttl, uint8_t* rr_data,
1421 	uint16_t rr_rdlen, int* duplicate)
1422 {
1423 	uint8_t* rr;
1424 	size_t rr_len;
1425 	size_t dname_len;
1426 	if(!decompress_rr_into_buffer(scratch_buffer, pkt, pktlen, dname,
1427 		rr_type, rr_class, rr_ttl, rr_data, rr_rdlen)) {
1428 		log_err("could not decompress RR");
1429 		return 0;
1430 	}
1431 	rr = sldns_buffer_begin(scratch_buffer);
1432 	rr_len = sldns_buffer_limit(scratch_buffer);
1433 	dname_len = dname_valid(rr, rr_len);
1434 	return az_insert_rr(z, rr, rr_len, dname_len, duplicate);
1435 }
1436 
1437 /** remove RR from zone, from packet, decompress RR,
1438  * if nonexist is nonNULL set the flag but otherwise ignore nonexisting entries*/
1439 static int
1440 az_remove_rr_decompress(struct auth_zone* z, uint8_t* pkt, size_t pktlen,
1441 	struct sldns_buffer* scratch_buffer, uint8_t* dname, uint16_t rr_type,
1442 	uint16_t rr_class, uint32_t rr_ttl, uint8_t* rr_data,
1443 	uint16_t rr_rdlen, int* nonexist)
1444 {
1445 	uint8_t* rr;
1446 	size_t rr_len;
1447 	size_t dname_len;
1448 	if(!decompress_rr_into_buffer(scratch_buffer, pkt, pktlen, dname,
1449 		rr_type, rr_class, rr_ttl, rr_data, rr_rdlen)) {
1450 		log_err("could not decompress RR");
1451 		return 0;
1452 	}
1453 	rr = sldns_buffer_begin(scratch_buffer);
1454 	rr_len = sldns_buffer_limit(scratch_buffer);
1455 	dname_len = dname_valid(rr, rr_len);
1456 	return az_remove_rr(z, rr, rr_len, dname_len, nonexist);
1457 }
1458 
1459 /**
1460  * Parse zonefile
1461  * @param z: zone to read in.
1462  * @param in: file to read from (just opened).
1463  * @param rr: buffer to use for RRs, 64k.
1464  *	passed so that recursive includes can use the same buffer and do
1465  *	not grow the stack too much.
1466  * @param rrbuflen: sizeof rr buffer.
1467  * @param state: parse state with $ORIGIN, $TTL and 'prev-dname' and so on,
1468  *	that is kept between includes.
1469  *	The lineno is set at 1 and then increased by the function.
1470  * @param fname: file name.
1471  * @param depth: recursion depth for includes
1472  * @param cfg: config for chroot.
1473  * returns false on failure, has printed an error message
1474  */
1475 static int
1476 az_parse_file(struct auth_zone* z, FILE* in, uint8_t* rr, size_t rrbuflen,
1477 	struct sldns_file_parse_state* state, char* fname, int depth,
1478 	struct config_file* cfg)
1479 {
1480 	size_t rr_len, dname_len;
1481 	int status;
1482 	state->lineno = 1;
1483 
1484 	while(!feof(in)) {
1485 		rr_len = rrbuflen;
1486 		dname_len = 0;
1487 		status = sldns_fp2wire_rr_buf(in, rr, &rr_len, &dname_len,
1488 			state);
1489 		if(status == LDNS_WIREPARSE_ERR_INCLUDE && rr_len == 0) {
1490 			/* we have $INCLUDE or $something */
1491 			if(strncmp((char*)rr, "$INCLUDE ", 9) == 0 ||
1492 			   strncmp((char*)rr, "$INCLUDE\t", 9) == 0) {
1493 				FILE* inc;
1494 				int lineno_orig = state->lineno;
1495 				char* incfile = (char*)rr + 8;
1496 				if(depth > MAX_INCLUDE_DEPTH) {
1497 					log_err("%s:%d max include depth"
1498 					  "exceeded", fname, state->lineno);
1499 					return 0;
1500 				}
1501 				/* skip spaces */
1502 				while(*incfile == ' ' || *incfile == '\t')
1503 					incfile++;
1504 				/* adjust for chroot on include file */
1505 				if(cfg->chrootdir && cfg->chrootdir[0] &&
1506 					strncmp(incfile, cfg->chrootdir,
1507 						strlen(cfg->chrootdir)) == 0)
1508 					incfile += strlen(cfg->chrootdir);
1509 				incfile = strdup(incfile);
1510 				if(!incfile) {
1511 					log_err("malloc failure");
1512 					return 0;
1513 				}
1514 				verbose(VERB_ALGO, "opening $INCLUDE %s",
1515 					incfile);
1516 				inc = fopen(incfile, "r");
1517 				if(!inc) {
1518 					log_err("%s:%d cannot open include "
1519 						"file %s: %s", fname,
1520 						lineno_orig, incfile,
1521 						strerror(errno));
1522 					free(incfile);
1523 					return 0;
1524 				}
1525 				/* recurse read that file now */
1526 				if(!az_parse_file(z, inc, rr, rrbuflen,
1527 					state, incfile, depth+1, cfg)) {
1528 					log_err("%s:%d cannot parse include "
1529 						"file %s", fname,
1530 						lineno_orig, incfile);
1531 					fclose(inc);
1532 					free(incfile);
1533 					return 0;
1534 				}
1535 				fclose(inc);
1536 				verbose(VERB_ALGO, "done with $INCLUDE %s",
1537 					incfile);
1538 				free(incfile);
1539 				state->lineno = lineno_orig;
1540 			}
1541 			continue;
1542 		}
1543 		if(status != 0) {
1544 			log_err("parse error %s %d:%d: %s", fname,
1545 				state->lineno, LDNS_WIREPARSE_OFFSET(status),
1546 				sldns_get_errorstr_parse(status));
1547 			return 0;
1548 		}
1549 		if(rr_len == 0) {
1550 			/* EMPTY line, TTL or ORIGIN */
1551 			continue;
1552 		}
1553 		/* insert wirerr in rrbuf */
1554 		if(!az_insert_rr(z, rr, rr_len, dname_len, NULL)) {
1555 			char buf[17];
1556 			sldns_wire2str_type_buf(sldns_wirerr_get_type(rr,
1557 				rr_len, dname_len), buf, sizeof(buf));
1558 			log_err("%s:%d cannot insert RR of type %s",
1559 				fname, state->lineno, buf);
1560 			return 0;
1561 		}
1562 	}
1563 	return 1;
1564 }
1565 
1566 int
1567 auth_zone_read_zonefile(struct auth_zone* z, struct config_file* cfg)
1568 {
1569 	uint8_t rr[LDNS_RR_BUF_SIZE];
1570 	struct sldns_file_parse_state state;
1571 	char* zfilename;
1572 	FILE* in;
1573 	if(!z || !z->zonefile || z->zonefile[0]==0)
1574 		return 1; /* no file, or "", nothing to read */
1575 
1576 	zfilename = z->zonefile;
1577 	if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(zfilename,
1578 		cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
1579 		zfilename += strlen(cfg->chrootdir);
1580 	if(verbosity >= VERB_ALGO) {
1581 		char nm[255+1];
1582 		dname_str(z->name, nm);
1583 		verbose(VERB_ALGO, "read zonefile %s for %s", zfilename, nm);
1584 	}
1585 	in = fopen(zfilename, "r");
1586 	if(!in) {
1587 		char* n = sldns_wire2str_dname(z->name, z->namelen);
1588 		if(z->zone_is_slave && errno == ENOENT) {
1589 			/* we fetch the zone contents later, no file yet */
1590 			verbose(VERB_ALGO, "no zonefile %s for %s",
1591 				zfilename, n?n:"error");
1592 			free(n);
1593 			return 1;
1594 		}
1595 		log_err("cannot open zonefile %s for %s: %s",
1596 			zfilename, n?n:"error", strerror(errno));
1597 		free(n);
1598 		return 0;
1599 	}
1600 
1601 	/* clear the data tree */
1602 	traverse_postorder(&z->data, auth_data_del, NULL);
1603 	rbtree_init(&z->data, &auth_data_cmp);
1604 	/* clear the RPZ policies */
1605 	if(z->rpz)
1606 		rpz_clear(z->rpz);
1607 
1608 	memset(&state, 0, sizeof(state));
1609 	/* default TTL to 3600 */
1610 	state.default_ttl = 3600;
1611 	/* set $ORIGIN to the zone name */
1612 	if(z->namelen <= sizeof(state.origin)) {
1613 		memcpy(state.origin, z->name, z->namelen);
1614 		state.origin_len = z->namelen;
1615 	}
1616 	/* parse the (toplevel) file */
1617 	if(!az_parse_file(z, in, rr, sizeof(rr), &state, zfilename, 0, cfg)) {
1618 		char* n = sldns_wire2str_dname(z->name, z->namelen);
1619 		log_err("error parsing zonefile %s for %s",
1620 			zfilename, n?n:"error");
1621 		free(n);
1622 		fclose(in);
1623 		return 0;
1624 	}
1625 	fclose(in);
1626 
1627 	if(z->rpz)
1628 		rpz_finish_config(z->rpz);
1629 	return 1;
1630 }
1631 
1632 /** write buffer to file and check return codes */
1633 static int
1634 write_out(FILE* out, const char* str, size_t len)
1635 {
1636 	size_t r;
1637 	if(len == 0)
1638 		return 1;
1639 	r = fwrite(str, 1, len, out);
1640 	if(r == 0) {
1641 		log_err("write failed: %s", strerror(errno));
1642 		return 0;
1643 	} else if(r < len) {
1644 		log_err("write failed: too short (disk full?)");
1645 		return 0;
1646 	}
1647 	return 1;
1648 }
1649 
1650 /** convert auth rr to string */
1651 static int
1652 auth_rr_to_string(uint8_t* nm, size_t nmlen, uint16_t tp, uint16_t cl,
1653 	struct packed_rrset_data* data, size_t i, char* s, size_t buflen)
1654 {
1655 	int w = 0;
1656 	size_t slen = buflen, datlen;
1657 	uint8_t* dat;
1658 	if(i >= data->count) tp = LDNS_RR_TYPE_RRSIG;
1659 	dat = nm;
1660 	datlen = nmlen;
1661 	w += sldns_wire2str_dname_scan(&dat, &datlen, &s, &slen, NULL, 0, NULL);
1662 	w += sldns_str_print(&s, &slen, "\t");
1663 	w += sldns_str_print(&s, &slen, "%lu\t", (unsigned long)data->rr_ttl[i]);
1664 	w += sldns_wire2str_class_print(&s, &slen, cl);
1665 	w += sldns_str_print(&s, &slen, "\t");
1666 	w += sldns_wire2str_type_print(&s, &slen, tp);
1667 	w += sldns_str_print(&s, &slen, "\t");
1668 	datlen = data->rr_len[i]-2;
1669 	dat = data->rr_data[i]+2;
1670 	w += sldns_wire2str_rdata_scan(&dat, &datlen, &s, &slen, tp, NULL, 0, NULL);
1671 
1672 	if(tp == LDNS_RR_TYPE_DNSKEY) {
1673 		w += sldns_str_print(&s, &slen, " ;{id = %u}",
1674 			sldns_calc_keytag_raw(data->rr_data[i]+2,
1675 				data->rr_len[i]-2));
1676 	}
1677 	w += sldns_str_print(&s, &slen, "\n");
1678 
1679 	if(w >= (int)buflen) {
1680 		log_nametypeclass(NO_VERBOSE, "RR too long to print", nm, tp, cl);
1681 		return 0;
1682 	}
1683 	return 1;
1684 }
1685 
1686 /** write rrset to file */
1687 static int
1688 auth_zone_write_rrset(struct auth_zone* z, struct auth_data* node,
1689 	struct auth_rrset* r, FILE* out)
1690 {
1691 	size_t i, count = r->data->count + r->data->rrsig_count;
1692 	char buf[LDNS_RR_BUF_SIZE];
1693 	for(i=0; i<count; i++) {
1694 		if(!auth_rr_to_string(node->name, node->namelen, r->type,
1695 			z->dclass, r->data, i, buf, sizeof(buf))) {
1696 			verbose(VERB_ALGO, "failed to rr2str rr %d", (int)i);
1697 			continue;
1698 		}
1699 		if(!write_out(out, buf, strlen(buf)))
1700 			return 0;
1701 	}
1702 	return 1;
1703 }
1704 
1705 /** write domain to file */
1706 static int
1707 auth_zone_write_domain(struct auth_zone* z, struct auth_data* n, FILE* out)
1708 {
1709 	struct auth_rrset* r;
1710 	/* if this is zone apex, write SOA first */
1711 	if(z->namelen == n->namelen) {
1712 		struct auth_rrset* soa = az_domain_rrset(n, LDNS_RR_TYPE_SOA);
1713 		if(soa) {
1714 			if(!auth_zone_write_rrset(z, n, soa, out))
1715 				return 0;
1716 		}
1717 	}
1718 	/* write all the RRsets for this domain */
1719 	for(r = n->rrsets; r; r = r->next) {
1720 		if(z->namelen == n->namelen &&
1721 			r->type == LDNS_RR_TYPE_SOA)
1722 			continue; /* skip SOA here */
1723 		if(!auth_zone_write_rrset(z, n, r, out))
1724 			return 0;
1725 	}
1726 	return 1;
1727 }
1728 
1729 int auth_zone_write_file(struct auth_zone* z, const char* fname)
1730 {
1731 	FILE* out;
1732 	struct auth_data* n;
1733 	out = fopen(fname, "w");
1734 	if(!out) {
1735 		log_err("could not open %s: %s", fname, strerror(errno));
1736 		return 0;
1737 	}
1738 	RBTREE_FOR(n, struct auth_data*, &z->data) {
1739 		if(!auth_zone_write_domain(z, n, out)) {
1740 			log_err("could not write domain to %s", fname);
1741 			fclose(out);
1742 			return 0;
1743 		}
1744 	}
1745 	fclose(out);
1746 	return 1;
1747 }
1748 
1749 /** offline verify for zonemd, while reading a zone file to immediately
1750  * spot bad hashes in zonefile as they are read.
1751  * Creates temp buffers, but uses anchors and validation environment
1752  * from the module_env. */
1753 static void
1754 zonemd_offline_verify(struct auth_zone* z, struct module_env* env_for_val,
1755 	struct module_stack* mods)
1756 {
1757 	struct module_env env;
1758 	time_t now = 0;
1759 	if(!z->zonemd_check)
1760 		return;
1761 	env = *env_for_val;
1762 	env.scratch_buffer = sldns_buffer_new(env.cfg->msg_buffer_size);
1763 	if(!env.scratch_buffer) {
1764 		log_err("out of memory");
1765 		goto clean_exit;
1766 	}
1767 	env.scratch = regional_create();
1768 	if(!env.now) {
1769 		env.now = &now;
1770 		now = time(NULL);
1771 	}
1772 	if(!env.scratch) {
1773 		log_err("out of memory");
1774 		goto clean_exit;
1775 	}
1776 	auth_zone_verify_zonemd(z, &env, mods, NULL, 1, 0);
1777 
1778 clean_exit:
1779 	/* clean up and exit */
1780 	sldns_buffer_free(env.scratch_buffer);
1781 	regional_destroy(env.scratch);
1782 }
1783 
1784 /** read all auth zones from file (if they have) */
1785 static int
1786 auth_zones_read_zones(struct auth_zones* az, struct config_file* cfg,
1787 	struct module_env* env, struct module_stack* mods)
1788 {
1789 	struct auth_zone* z;
1790 	lock_rw_wrlock(&az->lock);
1791 	RBTREE_FOR(z, struct auth_zone*, &az->ztree) {
1792 		lock_rw_wrlock(&z->lock);
1793 		if(!auth_zone_read_zonefile(z, cfg)) {
1794 			lock_rw_unlock(&z->lock);
1795 			lock_rw_unlock(&az->lock);
1796 			return 0;
1797 		}
1798 		if(z->zonefile && z->zonefile[0]!=0 && env)
1799 			zonemd_offline_verify(z, env, mods);
1800 		lock_rw_unlock(&z->lock);
1801 	}
1802 	lock_rw_unlock(&az->lock);
1803 	return 1;
1804 }
1805 
1806 /** fetch the content of a ZONEMD RR from the rdata */
1807 static int zonemd_fetch_parameters(struct auth_rrset* zonemd_rrset, size_t i,
1808 	uint32_t* serial, int* scheme, int* hashalgo, uint8_t** hash,
1809 	size_t* hashlen)
1810 {
1811 	size_t rr_len;
1812 	uint8_t* rdata;
1813 	if(i >= zonemd_rrset->data->count)
1814 		return 0;
1815 	rr_len = zonemd_rrset->data->rr_len[i];
1816 	if(rr_len < 2+4+1+1)
1817 		return 0; /* too short, for rdlen+serial+scheme+algo */
1818 	rdata = zonemd_rrset->data->rr_data[i];
1819 	*serial = sldns_read_uint32(rdata+2);
1820 	*scheme = rdata[6];
1821 	*hashalgo = rdata[7];
1822 	*hashlen = rr_len - 8;
1823 	if(*hashlen == 0)
1824 		*hash = NULL;
1825 	else	*hash = rdata+8;
1826 	return 1;
1827 }
1828 
1829 /**
1830  * See if the ZONEMD scheme, hash occurs more than once.
1831  * @param zonemd_rrset: the zonemd rrset to check with the RRs in it.
1832  * @param index: index of the original, this is allowed to have that
1833  * 	scheme and hashalgo, but other RRs should not have it.
1834  * @param scheme: the scheme to check for.
1835  * @param hashalgo: the hash algorithm to check for.
1836  * @return true if it occurs more than once.
1837  */
1838 static int zonemd_is_duplicate_scheme_hash(struct auth_rrset* zonemd_rrset,
1839 	size_t index, int scheme, int hashalgo)
1840 {
1841 	size_t j;
1842 	for(j=0; j<zonemd_rrset->data->count; j++) {
1843 		uint32_t serial2 = 0;
1844 		int scheme2 = 0, hashalgo2 = 0;
1845 		uint8_t* hash2 = NULL;
1846 		size_t hashlen2 = 0;
1847 		if(index == j) {
1848 			/* this is the original */
1849 			continue;
1850 		}
1851 		if(!zonemd_fetch_parameters(zonemd_rrset, j, &serial2,
1852 			&scheme2, &hashalgo2, &hash2, &hashlen2)) {
1853 			/* malformed, skip it */
1854 			continue;
1855 		}
1856 		if(scheme == scheme2 && hashalgo == hashalgo2) {
1857 			/* duplicate scheme, hash */
1858 			verbose(VERB_ALGO, "zonemd duplicate for scheme %d "
1859 				"and hash %d", scheme, hashalgo);
1860 			return 1;
1861 		}
1862 	}
1863 	return 0;
1864 }
1865 
1866 /**
1867  * Check ZONEMDs if present for the auth zone.  Depending on config
1868  * it can warn or fail on that.  Checks the hash of the ZONEMD.
1869  * @param z: auth zone to check for.
1870  * 	caller must hold lock on zone.
1871  * @param env: module env for temp buffers.
1872  * @param reason: returned on failure.
1873  * @return false on failure, true if hash checks out.
1874  */
1875 static int auth_zone_zonemd_check_hash(struct auth_zone* z,
1876 	struct module_env* env, char** reason)
1877 {
1878 	/* loop over ZONEMDs and see which one is valid. if not print
1879 	 * failure (depending on config) */
1880 	struct auth_data* apex;
1881 	struct auth_rrset* zonemd_rrset;
1882 	size_t i;
1883 	struct regional* region = NULL;
1884 	struct sldns_buffer* buf = NULL;
1885 	uint32_t soa_serial = 0;
1886 	char* unsupported_reason = NULL;
1887 	int only_unsupported = 1;
1888 	region = env->scratch;
1889 	regional_free_all(region);
1890 	buf = env->scratch_buffer;
1891 	if(!auth_zone_get_serial(z, &soa_serial)) {
1892 		*reason = "zone has no SOA serial";
1893 		return 0;
1894 	}
1895 
1896 	apex = az_find_name(z, z->name, z->namelen);
1897 	if(!apex) {
1898 		*reason = "zone has no apex";
1899 		return 0;
1900 	}
1901 	zonemd_rrset = az_domain_rrset(apex, LDNS_RR_TYPE_ZONEMD);
1902 	if(!zonemd_rrset || zonemd_rrset->data->count==0) {
1903 		*reason = "zone has no ZONEMD";
1904 		return 0; /* no RRset or no RRs in rrset */
1905 	}
1906 
1907 	/* we have a ZONEMD, check if it is correct */
1908 	for(i=0; i<zonemd_rrset->data->count; i++) {
1909 		uint32_t serial = 0;
1910 		int scheme = 0, hashalgo = 0;
1911 		uint8_t* hash = NULL;
1912 		size_t hashlen = 0;
1913 		if(!zonemd_fetch_parameters(zonemd_rrset, i, &serial, &scheme,
1914 			&hashalgo, &hash, &hashlen)) {
1915 			/* malformed RR */
1916 			*reason = "ZONEMD rdata malformed";
1917 			only_unsupported = 0;
1918 			continue;
1919 		}
1920 		/* check for duplicates */
1921 		if(zonemd_is_duplicate_scheme_hash(zonemd_rrset, i, scheme,
1922 			hashalgo)) {
1923 			/* duplicate hash of the same scheme,hash
1924 			 * is not allowed. */
1925 			*reason = "ZONEMD RRSet contains more than one RR "
1926 				"with the same scheme and hash algorithm";
1927 			only_unsupported = 0;
1928 			continue;
1929 		}
1930 		regional_free_all(region);
1931 		if(serial != soa_serial) {
1932 			*reason = "ZONEMD serial is wrong";
1933 			only_unsupported = 0;
1934 			continue;
1935 		}
1936 		*reason = NULL;
1937 		if(auth_zone_generate_zonemd_check(z, scheme, hashalgo,
1938 			hash, hashlen, region, buf, reason)) {
1939 			/* success */
1940 			if(*reason) {
1941 				if(!unsupported_reason)
1942 					unsupported_reason = *reason;
1943 				/* continue to check for valid ZONEMD */
1944 				if(verbosity >= VERB_ALGO) {
1945 					char zstr[255+1];
1946 					dname_str(z->name, zstr);
1947 					verbose(VERB_ALGO, "auth-zone %s ZONEMD %d %d is unsupported: %s", zstr, (int)scheme, (int)hashalgo, *reason);
1948 				}
1949 				*reason = NULL;
1950 				continue;
1951 			}
1952 			if(verbosity >= VERB_ALGO) {
1953 				char zstr[255+1];
1954 				dname_str(z->name, zstr);
1955 				if(!*reason)
1956 					verbose(VERB_ALGO, "auth-zone %s ZONEMD hash is correct", zstr);
1957 			}
1958 			return 1;
1959 		}
1960 		only_unsupported = 0;
1961 		/* try next one */
1962 	}
1963 	/* have we seen no failures but only unsupported algo,
1964 	 * and one unsupported algorithm, or more. */
1965 	if(only_unsupported && unsupported_reason) {
1966 		/* only unsupported algorithms, with valid serial, not
1967 		 * malformed. Did not see supported algorithms, failed or
1968 		 * successful ones. */
1969 		*reason = unsupported_reason;
1970 		return 1;
1971 	}
1972 	/* fail, we may have reason */
1973 	if(!*reason)
1974 		*reason = "no ZONEMD records found";
1975 	if(verbosity >= VERB_ALGO) {
1976 		char zstr[255+1];
1977 		dname_str(z->name, zstr);
1978 		verbose(VERB_ALGO, "auth-zone %s ZONEMD failed: %s", zstr, *reason);
1979 	}
1980 	return 0;
1981 }
1982 
1983 /** find the apex SOA RRset, if it exists */
1984 struct auth_rrset* auth_zone_get_soa_rrset(struct auth_zone* z)
1985 {
1986 	struct auth_data* apex;
1987 	struct auth_rrset* soa;
1988 	apex = az_find_name(z, z->name, z->namelen);
1989 	if(!apex) return NULL;
1990 	soa = az_domain_rrset(apex, LDNS_RR_TYPE_SOA);
1991 	return soa;
1992 }
1993 
1994 /** find serial number of zone or false if none */
1995 int
1996 auth_zone_get_serial(struct auth_zone* z, uint32_t* serial)
1997 {
1998 	struct auth_data* apex;
1999 	struct auth_rrset* soa;
2000 	struct packed_rrset_data* d;
2001 	apex = az_find_name(z, z->name, z->namelen);
2002 	if(!apex) return 0;
2003 	soa = az_domain_rrset(apex, LDNS_RR_TYPE_SOA);
2004 	if(!soa || soa->data->count==0)
2005 		return 0; /* no RRset or no RRs in rrset */
2006 	if(soa->data->rr_len[0] < 2+4*5) return 0; /* SOA too short */
2007 	d = soa->data;
2008 	*serial = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-20));
2009 	return 1;
2010 }
2011 
2012 /** Find auth_zone SOA and populate the values in xfr(soa values). */
2013 int
2014 xfr_find_soa(struct auth_zone* z, struct auth_xfer* xfr)
2015 {
2016 	struct auth_data* apex;
2017 	struct auth_rrset* soa;
2018 	struct packed_rrset_data* d;
2019 	apex = az_find_name(z, z->name, z->namelen);
2020 	if(!apex) return 0;
2021 	soa = az_domain_rrset(apex, LDNS_RR_TYPE_SOA);
2022 	if(!soa || soa->data->count==0)
2023 		return 0; /* no RRset or no RRs in rrset */
2024 	if(soa->data->rr_len[0] < 2+4*5) return 0; /* SOA too short */
2025 	/* SOA record ends with serial, refresh, retry, expiry, minimum,
2026 	 * as 4 byte fields */
2027 	d = soa->data;
2028 	xfr->have_zone = 1;
2029 	xfr->serial = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-20));
2030 	xfr->refresh = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-16));
2031 	xfr->retry = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-12));
2032 	xfr->expiry = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-8));
2033 	/* soa minimum at d->rr_len[0]-4 */
2034 	return 1;
2035 }
2036 
2037 /**
2038  * Setup auth_xfer zone
2039  * This populates the have_zone, soa values, and so on times.
2040  * Doesn't do network traffic yet, can set option flags.
2041  * @param z: locked by caller, and modified for setup
2042  * @param x: locked by caller, and modified.
2043  * @return false on failure.
2044  */
2045 static int
2046 auth_xfer_setup(struct auth_zone* z, struct auth_xfer* x)
2047 {
2048 	/* for a zone without zone transfers, x==NULL, so skip them,
2049 	 * i.e. the zone config is fixed with no masters or urls */
2050 	if(!z || !x) return 1;
2051 	if(!xfr_find_soa(z, x)) {
2052 		return 1;
2053 	}
2054 	/* nothing for probe, nextprobe and transfer tasks */
2055 	return 1;
2056 }
2057 
2058 /**
2059  * Setup all zones
2060  * @param az: auth zones structure
2061  * @return false on failure.
2062  */
2063 static int
2064 auth_zones_setup_zones(struct auth_zones* az)
2065 {
2066 	struct auth_zone* z;
2067 	struct auth_xfer* x;
2068 	lock_rw_wrlock(&az->lock);
2069 	RBTREE_FOR(z, struct auth_zone*, &az->ztree) {
2070 		lock_rw_wrlock(&z->lock);
2071 		x = auth_xfer_find(az, z->name, z->namelen, z->dclass);
2072 		if(x) {
2073 			lock_basic_lock(&x->lock);
2074 		}
2075 		if(!auth_xfer_setup(z, x)) {
2076 			if(x) {
2077 				lock_basic_unlock(&x->lock);
2078 			}
2079 			lock_rw_unlock(&z->lock);
2080 			lock_rw_unlock(&az->lock);
2081 			return 0;
2082 		}
2083 		if(x) {
2084 			lock_basic_unlock(&x->lock);
2085 		}
2086 		lock_rw_unlock(&z->lock);
2087 	}
2088 	lock_rw_unlock(&az->lock);
2089 	return 1;
2090 }
2091 
2092 /** set config items and create zones */
2093 static int
2094 auth_zones_cfg(struct auth_zones* az, struct config_auth* c)
2095 {
2096 	struct auth_zone* z;
2097 	struct auth_xfer* x = NULL;
2098 
2099 	/* create zone */
2100 	if(c->isrpz) {
2101 		/* if the rpz lock is needed, grab it before the other
2102 		 * locks to avoid a lock dependency cycle */
2103 		lock_rw_wrlock(&az->rpz_lock);
2104 	}
2105 	lock_rw_wrlock(&az->lock);
2106 	if(!(z=auth_zones_find_or_add_zone(az, c->name))) {
2107 		lock_rw_unlock(&az->lock);
2108 		if(c->isrpz) {
2109 			lock_rw_unlock(&az->rpz_lock);
2110 		}
2111 		return 0;
2112 	}
2113 	if(c->masters || c->urls) {
2114 		if(!(x=auth_zones_find_or_add_xfer(az, z))) {
2115 			lock_rw_unlock(&az->lock);
2116 			lock_rw_unlock(&z->lock);
2117 			if(c->isrpz) {
2118 				lock_rw_unlock(&az->rpz_lock);
2119 			}
2120 			return 0;
2121 		}
2122 	}
2123 	if(c->for_downstream)
2124 		az->have_downstream = 1;
2125 	lock_rw_unlock(&az->lock);
2126 
2127 	/* set options */
2128 	z->zone_deleted = 0;
2129 	if(!auth_zone_set_zonefile(z, c->zonefile)) {
2130 		if(x) {
2131 			lock_basic_unlock(&x->lock);
2132 		}
2133 		lock_rw_unlock(&z->lock);
2134 		if(c->isrpz) {
2135 			lock_rw_unlock(&az->rpz_lock);
2136 		}
2137 		return 0;
2138 	}
2139 	z->for_downstream = c->for_downstream;
2140 	z->for_upstream = c->for_upstream;
2141 	z->fallback_enabled = c->fallback_enabled;
2142 	z->zonemd_check = c->zonemd_check;
2143 	z->zonemd_reject_absence = c->zonemd_reject_absence;
2144 	if(c->isrpz && !z->rpz){
2145 		if(!(z->rpz = rpz_create(c))){
2146 			fatal_exit("Could not setup RPZ zones");
2147 			return 0;
2148 		}
2149 		lock_protect(&z->lock, &z->rpz->local_zones, sizeof(*z->rpz));
2150 		/* the az->rpz_lock is locked above */
2151 		z->rpz_az_next = az->rpz_first;
2152 		if(az->rpz_first)
2153 			az->rpz_first->rpz_az_prev = z;
2154 		az->rpz_first = z;
2155 	}
2156 	if(c->isrpz) {
2157 		lock_rw_unlock(&az->rpz_lock);
2158 	}
2159 
2160 	/* xfer zone */
2161 	if(x) {
2162 		z->zone_is_slave = 1;
2163 		/* set options on xfer zone */
2164 		if(!xfer_set_masters(&x->task_probe->masters, c, 0)) {
2165 			lock_basic_unlock(&x->lock);
2166 			lock_rw_unlock(&z->lock);
2167 			return 0;
2168 		}
2169 		if(!xfer_set_masters(&x->task_transfer->masters, c, 1)) {
2170 			lock_basic_unlock(&x->lock);
2171 			lock_rw_unlock(&z->lock);
2172 			return 0;
2173 		}
2174 		lock_basic_unlock(&x->lock);
2175 	}
2176 
2177 	lock_rw_unlock(&z->lock);
2178 	return 1;
2179 }
2180 
2181 /** set all auth zones deleted, then in auth_zones_cfg, it marks them
2182  * as nondeleted (if they are still in the config), and then later
2183  * we can find deleted zones */
2184 static void
2185 az_setall_deleted(struct auth_zones* az)
2186 {
2187 	struct auth_zone* z;
2188 	lock_rw_wrlock(&az->lock);
2189 	RBTREE_FOR(z, struct auth_zone*, &az->ztree) {
2190 		lock_rw_wrlock(&z->lock);
2191 		z->zone_deleted = 1;
2192 		lock_rw_unlock(&z->lock);
2193 	}
2194 	lock_rw_unlock(&az->lock);
2195 }
2196 
2197 /** find zones that are marked deleted and delete them.
2198  * This is called from apply_cfg, and there are no threads and no
2199  * workers, so the xfr can just be deleted. */
2200 static void
2201 az_delete_deleted_zones(struct auth_zones* az)
2202 {
2203 	struct auth_zone* z;
2204 	struct auth_zone* delete_list = NULL, *next;
2205 	struct auth_xfer* xfr;
2206 	lock_rw_wrlock(&az->lock);
2207 	RBTREE_FOR(z, struct auth_zone*, &az->ztree) {
2208 		lock_rw_wrlock(&z->lock);
2209 		if(z->zone_deleted) {
2210 			/* we cannot alter the rbtree right now, but
2211 			 * we can put it on a linked list and then
2212 			 * delete it */
2213 			z->delete_next = delete_list;
2214 			delete_list = z;
2215 		}
2216 		lock_rw_unlock(&z->lock);
2217 	}
2218 	/* now we are out of the tree loop and we can loop and delete
2219 	 * the zones */
2220 	z = delete_list;
2221 	while(z) {
2222 		next = z->delete_next;
2223 		xfr = auth_xfer_find(az, z->name, z->namelen, z->dclass);
2224 		if(xfr) {
2225 			(void)rbtree_delete(&az->xtree, &xfr->node);
2226 			auth_xfer_delete(xfr);
2227 		}
2228 		(void)rbtree_delete(&az->ztree, &z->node);
2229 		auth_zone_delete(z, az);
2230 		z = next;
2231 	}
2232 	lock_rw_unlock(&az->lock);
2233 }
2234 
2235 int auth_zones_apply_cfg(struct auth_zones* az, struct config_file* cfg,
2236 	int setup, int* is_rpz, struct module_env* env,
2237 	struct module_stack* mods)
2238 {
2239 	struct config_auth* p;
2240 	az_setall_deleted(az);
2241 	for(p = cfg->auths; p; p = p->next) {
2242 		if(!p->name || p->name[0] == 0) {
2243 			log_warn("auth-zone without a name, skipped");
2244 			continue;
2245 		}
2246 		*is_rpz = (*is_rpz || p->isrpz);
2247 		if(!auth_zones_cfg(az, p)) {
2248 			log_err("cannot config auth zone %s", p->name);
2249 			return 0;
2250 		}
2251 	}
2252 	az_delete_deleted_zones(az);
2253 	if(!auth_zones_read_zones(az, cfg, env, mods))
2254 		return 0;
2255 	if(setup) {
2256 		if(!auth_zones_setup_zones(az))
2257 			return 0;
2258 	}
2259 	return 1;
2260 }
2261 
2262 /** delete chunks
2263  * @param at: transfer structure with chunks list.  The chunks and their
2264  * 	data are freed.
2265  */
2266 static void
2267 auth_chunks_delete(struct auth_transfer* at)
2268 {
2269 	if(at->chunks_first) {
2270 		struct auth_chunk* c, *cn;
2271 		c = at->chunks_first;
2272 		while(c) {
2273 			cn = c->next;
2274 			free(c->data);
2275 			free(c);
2276 			c = cn;
2277 		}
2278 	}
2279 	at->chunks_first = NULL;
2280 	at->chunks_last = NULL;
2281 }
2282 
2283 /** free master addr list */
2284 static void
2285 auth_free_master_addrs(struct auth_addr* list)
2286 {
2287 	struct auth_addr *n;
2288 	while(list) {
2289 		n = list->next;
2290 		free(list);
2291 		list = n;
2292 	}
2293 }
2294 
2295 /** free the masters list */
2296 static void
2297 auth_free_masters(struct auth_master* list)
2298 {
2299 	struct auth_master* n;
2300 	while(list) {
2301 		n = list->next;
2302 		auth_free_master_addrs(list->list);
2303 		free(list->host);
2304 		free(list->file);
2305 		free(list);
2306 		list = n;
2307 	}
2308 }
2309 
2310 /** delete auth xfer structure
2311  * @param xfr: delete this xfer and its tasks.
2312  */
2313 static void
2314 auth_xfer_delete(struct auth_xfer* xfr)
2315 {
2316 	if(!xfr) return;
2317 	lock_basic_destroy(&xfr->lock);
2318 	free(xfr->name);
2319 	if(xfr->task_nextprobe) {
2320 		comm_timer_delete(xfr->task_nextprobe->timer);
2321 		free(xfr->task_nextprobe);
2322 	}
2323 	if(xfr->task_probe) {
2324 		auth_free_masters(xfr->task_probe->masters);
2325 		comm_point_delete(xfr->task_probe->cp);
2326 		comm_timer_delete(xfr->task_probe->timer);
2327 		free(xfr->task_probe);
2328 	}
2329 	if(xfr->task_transfer) {
2330 		auth_free_masters(xfr->task_transfer->masters);
2331 		comm_point_delete(xfr->task_transfer->cp);
2332 		comm_timer_delete(xfr->task_transfer->timer);
2333 		if(xfr->task_transfer->chunks_first) {
2334 			auth_chunks_delete(xfr->task_transfer);
2335 		}
2336 		free(xfr->task_transfer);
2337 	}
2338 	auth_free_masters(xfr->allow_notify_list);
2339 	free(xfr);
2340 }
2341 
2342 /** helper traverse to delete zones */
2343 static void
2344 auth_zone_del(rbnode_type* n, void* ATTR_UNUSED(arg))
2345 {
2346 	struct auth_zone* z = (struct auth_zone*)n->key;
2347 	auth_zone_delete(z, NULL);
2348 }
2349 
2350 /** helper traverse to delete xfer zones */
2351 static void
2352 auth_xfer_del(rbnode_type* n, void* ATTR_UNUSED(arg))
2353 {
2354 	struct auth_xfer* z = (struct auth_xfer*)n->key;
2355 	auth_xfer_delete(z);
2356 }
2357 
2358 void auth_zones_delete(struct auth_zones* az)
2359 {
2360 	if(!az) return;
2361 	lock_rw_destroy(&az->lock);
2362 	lock_rw_destroy(&az->rpz_lock);
2363 	traverse_postorder(&az->ztree, auth_zone_del, NULL);
2364 	traverse_postorder(&az->xtree, auth_xfer_del, NULL);
2365 	free(az);
2366 }
2367 
2368 /** true if domain has only nsec3 */
2369 static int
2370 domain_has_only_nsec3(struct auth_data* n)
2371 {
2372 	struct auth_rrset* rrset = n->rrsets;
2373 	int nsec3_seen = 0;
2374 	while(rrset) {
2375 		if(rrset->type == LDNS_RR_TYPE_NSEC3) {
2376 			nsec3_seen = 1;
2377 		} else if(rrset->type != LDNS_RR_TYPE_RRSIG) {
2378 			return 0;
2379 		}
2380 		rrset = rrset->next;
2381 	}
2382 	return nsec3_seen;
2383 }
2384 
2385 /** see if the domain has a wildcard child '*.domain' */
2386 static struct auth_data*
2387 az_find_wildcard_domain(struct auth_zone* z, uint8_t* nm, size_t nmlen)
2388 {
2389 	uint8_t wc[LDNS_MAX_DOMAINLEN];
2390 	if(nmlen+2 > sizeof(wc))
2391 		return NULL; /* result would be too long */
2392 	wc[0] = 1; /* length of wildcard label */
2393 	wc[1] = (uint8_t)'*'; /* wildcard label */
2394 	memmove(wc+2, nm, nmlen);
2395 	return az_find_name(z, wc, nmlen+2);
2396 }
2397 
2398 /** find wildcard between qname and cename */
2399 static struct auth_data*
2400 az_find_wildcard(struct auth_zone* z, struct query_info* qinfo,
2401 	struct auth_data* ce)
2402 {
2403 	uint8_t* nm = qinfo->qname;
2404 	size_t nmlen = qinfo->qname_len;
2405 	struct auth_data* node;
2406 	if(!dname_subdomain_c(nm, z->name))
2407 		return NULL; /* out of zone */
2408 	while((node=az_find_wildcard_domain(z, nm, nmlen))==NULL) {
2409 		/* see if we can go up to find the wildcard */
2410 		if(nmlen == z->namelen)
2411 			return NULL; /* top of zone reached */
2412 		if(ce && nmlen == ce->namelen)
2413 			return NULL; /* ce reached */
2414 		if(dname_is_root(nm))
2415 			return NULL; /* cannot go up */
2416 		dname_remove_label(&nm, &nmlen);
2417 	}
2418 	return node;
2419 }
2420 
2421 /** domain is not exact, find first candidate ce (name that matches
2422  * a part of qname) in tree */
2423 static struct auth_data*
2424 az_find_candidate_ce(struct auth_zone* z, struct query_info* qinfo,
2425 	struct auth_data* n)
2426 {
2427 	uint8_t* nm;
2428 	size_t nmlen;
2429 	if(n) {
2430 		nm = dname_get_shared_topdomain(qinfo->qname, n->name);
2431 	} else {
2432 		nm = qinfo->qname;
2433 	}
2434 	dname_count_size_labels(nm, &nmlen);
2435 	n = az_find_name(z, nm, nmlen);
2436 	/* delete labels and go up on name */
2437 	while(!n) {
2438 		if(dname_is_root(nm))
2439 			return NULL; /* cannot go up */
2440 		dname_remove_label(&nm, &nmlen);
2441 		n = az_find_name(z, nm, nmlen);
2442 	}
2443 	return n;
2444 }
2445 
2446 /** go up the auth tree to next existing name. */
2447 static struct auth_data*
2448 az_domain_go_up(struct auth_zone* z, struct auth_data* n)
2449 {
2450 	uint8_t* nm = n->name;
2451 	size_t nmlen = n->namelen;
2452 	while(!dname_is_root(nm)) {
2453 		dname_remove_label(&nm, &nmlen);
2454 		if((n=az_find_name(z, nm, nmlen)) != NULL)
2455 			return n;
2456 	}
2457 	return NULL;
2458 }
2459 
2460 /** Find the closest encloser, an name that exists and is above the
2461  * qname.
2462  * return true if the node (param node) is existing, nonobscured and
2463  * 	can be used to generate answers from.  It is then also node_exact.
2464  * returns false if the node is not good enough (or it wasn't node_exact)
2465  *	in this case the ce can be filled.
2466  *	if ce is NULL, no ce exists, and likely the zone is completely empty,
2467  *	not even with a zone apex.
2468  *	if ce is nonNULL it is the closest enclosing upper name (that exists
2469  *	itself for answer purposes).  That name may have DNAME, NS or wildcard
2470  *	rrset is the closest DNAME or NS rrset that was found.
2471  */
2472 static int
2473 az_find_ce(struct auth_zone* z, struct query_info* qinfo,
2474 	struct auth_data* node, int node_exact, struct auth_data** ce,
2475 	struct auth_rrset** rrset)
2476 {
2477 	struct auth_data* n = node;
2478 	struct auth_rrset* lookrrset;
2479 	*ce = NULL;
2480 	*rrset = NULL;
2481 	if(!node_exact) {
2482 		/* if not exact, lookup closest exact match */
2483 		n = az_find_candidate_ce(z, qinfo, n);
2484 	} else {
2485 		/* if exact, the node itself is the first candidate ce */
2486 		*ce = n;
2487 	}
2488 
2489 	/* no direct answer from nsec3-only domains */
2490 	if(n && domain_has_only_nsec3(n)) {
2491 		node_exact = 0;
2492 		*ce = NULL;
2493 	}
2494 
2495 	/* with exact matches, walk up the labels until we find the
2496 	 * delegation, or DNAME or zone end */
2497 	while(n) {
2498 		/* see if the current candidate has issues */
2499 		/* not zone apex and has type NS */
2500 		if(n->namelen != z->namelen &&
2501 			(lookrrset=az_domain_rrset(n, LDNS_RR_TYPE_NS)) &&
2502 			/* delegate here, but DS at exact the dp has notype */
2503 			(qinfo->qtype != LDNS_RR_TYPE_DS ||
2504 			n->namelen != qinfo->qname_len)) {
2505 			/* referral */
2506 			/* this is ce and the lowernode is nonexisting */
2507 			*ce = n;
2508 			*rrset = lookrrset;
2509 			node_exact = 0;
2510 		}
2511 		/* not equal to qname and has type DNAME */
2512 		if(n->namelen != qinfo->qname_len &&
2513 			(lookrrset=az_domain_rrset(n, LDNS_RR_TYPE_DNAME))) {
2514 			/* this is ce and the lowernode is nonexisting */
2515 			*ce = n;
2516 			*rrset = lookrrset;
2517 			node_exact = 0;
2518 		}
2519 
2520 		if(*ce == NULL && !domain_has_only_nsec3(n)) {
2521 			/* if not found yet, this exact name must be
2522 			 * our lowest match (but not nsec3onlydomain) */
2523 			*ce = n;
2524 		}
2525 
2526 		/* walk up the tree by removing labels from name and lookup */
2527 		n = az_domain_go_up(z, n);
2528 	}
2529 	/* found no problems, if it was an exact node, it is fine to use */
2530 	return node_exact;
2531 }
2532 
2533 /** add additional A/AAAA from domain names in rrset rdata (+offset)
2534  * offset is number of bytes in rdata where the dname is located. */
2535 static int
2536 az_add_additionals_from(struct auth_zone* z, struct regional* region,
2537 	struct dns_msg* msg, struct auth_rrset* rrset, size_t offset)
2538 {
2539 	struct packed_rrset_data* d = rrset->data;
2540 	size_t i;
2541 	if(!d) return 0;
2542 	for(i=0; i<d->count; i++) {
2543 		size_t dlen;
2544 		struct auth_data* domain;
2545 		struct auth_rrset* ref;
2546 		if(d->rr_len[i] < 2+offset)
2547 			continue; /* too short */
2548 		if(!(dlen = dname_valid(d->rr_data[i]+2+offset,
2549 			d->rr_len[i]-2-offset)))
2550 			continue; /* malformed */
2551 		domain = az_find_name(z, d->rr_data[i]+2+offset, dlen);
2552 		if(!domain)
2553 			continue;
2554 		if((ref=az_domain_rrset(domain, LDNS_RR_TYPE_A)) != NULL) {
2555 			if(!msg_add_rrset_ar(z, region, msg, domain, ref))
2556 				return 0;
2557 		}
2558 		if((ref=az_domain_rrset(domain, LDNS_RR_TYPE_AAAA)) != NULL) {
2559 			if(!msg_add_rrset_ar(z, region, msg, domain, ref))
2560 				return 0;
2561 		}
2562 	}
2563 	return 1;
2564 }
2565 
2566 /** add negative SOA record (with negative TTL) */
2567 static int
2568 az_add_negative_soa(struct auth_zone* z, struct regional* region,
2569 	struct dns_msg* msg)
2570 {
2571 	time_t minimum;
2572 	size_t i;
2573 	struct packed_rrset_data* d;
2574 	struct auth_rrset* soa;
2575 	struct auth_data* apex = az_find_name(z, z->name, z->namelen);
2576 	if(!apex) return 0;
2577 	soa = az_domain_rrset(apex, LDNS_RR_TYPE_SOA);
2578 	if(!soa) return 0;
2579 	/* must be first to put in message; we want to fix the TTL with
2580 	 * one RRset here, otherwise we'd need to loop over the RRs to get
2581 	 * the resulting lower TTL */
2582 	log_assert(msg->rep->rrset_count == 0);
2583 	if(!msg_add_rrset_ns(z, region, msg, apex, soa)) return 0;
2584 	/* fixup TTL */
2585 	d = (struct packed_rrset_data*)msg->rep->rrsets[msg->rep->rrset_count-1]->entry.data;
2586 	/* last 4 bytes are minimum ttl in network format */
2587 	if(d->count == 0) return 0;
2588 	if(d->rr_len[0] < 2+4) return 0;
2589 	minimum = (time_t)sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-4));
2590 	minimum = d->ttl<minimum?d->ttl:minimum;
2591 	d->ttl = minimum;
2592 	for(i=0; i < d->count + d->rrsig_count; i++)
2593 		d->rr_ttl[i] = minimum;
2594 	msg->rep->ttl = get_rrset_ttl(msg->rep->rrsets[0]);
2595 	msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl);
2596 	msg->rep->serve_expired_ttl = msg->rep->ttl + SERVE_EXPIRED_TTL;
2597 	return 1;
2598 }
2599 
2600 /** See if the query goes to empty nonterminal (that has no auth_data,
2601  * but there are nodes underneath.  We already checked that there are
2602  * not NS, or DNAME above, so that we only need to check if some node
2603  * exists below (with nonempty rr list), return true if emptynonterminal */
2604 static int
2605 az_empty_nonterminal(struct auth_zone* z, struct query_info* qinfo,
2606 	struct auth_data* node)
2607 {
2608 	struct auth_data* next;
2609 	if(!node) {
2610 		/* no smaller was found, use first (smallest) node as the
2611 		 * next one */
2612 		next = (struct auth_data*)rbtree_first(&z->data);
2613 	} else {
2614 		next = (struct auth_data*)rbtree_next(&node->node);
2615 	}
2616 	while(next && (rbnode_type*)next != RBTREE_NULL && next->rrsets == NULL) {
2617 		/* the next name has empty rrsets, is an empty nonterminal
2618 		 * itself, see if there exists something below it */
2619 		next = (struct auth_data*)rbtree_next(&node->node);
2620 	}
2621 	if((rbnode_type*)next == RBTREE_NULL || !next) {
2622 		/* there is no next node, so something below it cannot
2623 		 * exist */
2624 		return 0;
2625 	}
2626 	/* a next node exists, if there was something below the query,
2627 	 * this node has to be it.  See if it is below the query name */
2628 	if(dname_strict_subdomain_c(next->name, qinfo->qname))
2629 		return 1;
2630 	return 0;
2631 }
2632 
2633 /** create synth cname target name in buffer, or fail if too long */
2634 static size_t
2635 synth_cname_buf(uint8_t* qname, size_t qname_len, size_t dname_len,
2636 	uint8_t* dtarg, size_t dtarglen, uint8_t* buf, size_t buflen)
2637 {
2638 	size_t newlen = qname_len + dtarglen - dname_len;
2639 	if(newlen > buflen) {
2640 		/* YXDOMAIN error */
2641 		return 0;
2642 	}
2643 	/* new name is concatenation of qname front (without DNAME owner)
2644 	 * and DNAME target name */
2645 	memcpy(buf, qname, qname_len-dname_len);
2646 	memmove(buf+(qname_len-dname_len), dtarg, dtarglen);
2647 	return newlen;
2648 }
2649 
2650 /** create synthetic CNAME rrset for in a DNAME answer in region,
2651  * false on alloc failure, cname==NULL when name too long. */
2652 static int
2653 create_synth_cname(uint8_t* qname, size_t qname_len, struct regional* region,
2654 	struct auth_data* node, struct auth_rrset* dname, uint16_t dclass,
2655 	struct ub_packed_rrset_key** cname)
2656 {
2657 	uint8_t buf[LDNS_MAX_DOMAINLEN];
2658 	uint8_t* dtarg;
2659 	size_t dtarglen, newlen;
2660 	struct packed_rrset_data* d;
2661 
2662 	/* get DNAME target name */
2663 	if(dname->data->count < 1) return 0;
2664 	if(dname->data->rr_len[0] < 3) return 0; /* at least rdatalen +1 */
2665 	dtarg = dname->data->rr_data[0]+2;
2666 	dtarglen = dname->data->rr_len[0]-2;
2667 	if(sldns_read_uint16(dname->data->rr_data[0]) != dtarglen)
2668 		return 0; /* rdatalen in DNAME rdata is malformed */
2669 	if(dname_valid(dtarg, dtarglen) != dtarglen)
2670 		return 0; /* DNAME RR has malformed rdata */
2671 	if(qname_len == 0)
2672 		return 0; /* too short */
2673 	if(qname_len <= node->namelen)
2674 		return 0; /* qname too short for dname removal */
2675 
2676 	/* synthesize a CNAME */
2677 	newlen = synth_cname_buf(qname, qname_len, node->namelen,
2678 		dtarg, dtarglen, buf, sizeof(buf));
2679 	if(newlen == 0) {
2680 		/* YXDOMAIN error */
2681 		*cname = NULL;
2682 		return 1;
2683 	}
2684 	*cname = (struct ub_packed_rrset_key*)regional_alloc(region,
2685 		sizeof(struct ub_packed_rrset_key));
2686 	if(!*cname)
2687 		return 0; /* out of memory */
2688 	memset(&(*cname)->entry, 0, sizeof((*cname)->entry));
2689 	(*cname)->entry.key = (*cname);
2690 	(*cname)->rk.type = htons(LDNS_RR_TYPE_CNAME);
2691 	(*cname)->rk.rrset_class = htons(dclass);
2692 	(*cname)->rk.flags = 0;
2693 	(*cname)->rk.dname = regional_alloc_init(region, qname, qname_len);
2694 	if(!(*cname)->rk.dname)
2695 		return 0; /* out of memory */
2696 	(*cname)->rk.dname_len = qname_len;
2697 	(*cname)->entry.hash = rrset_key_hash(&(*cname)->rk);
2698 	d = (struct packed_rrset_data*)regional_alloc_zero(region,
2699 		sizeof(struct packed_rrset_data) + sizeof(size_t) +
2700 		sizeof(uint8_t*) + sizeof(time_t) + sizeof(uint16_t)
2701 		+ newlen);
2702 	if(!d)
2703 		return 0; /* out of memory */
2704 	(*cname)->entry.data = d;
2705 	d->ttl = 0; /* 0 for synthesized CNAME TTL */
2706 	d->count = 1;
2707 	d->rrsig_count = 0;
2708 	d->trust = rrset_trust_ans_noAA;
2709 	d->rr_len = (size_t*)((uint8_t*)d +
2710 		sizeof(struct packed_rrset_data));
2711 	d->rr_len[0] = newlen + sizeof(uint16_t);
2712 	packed_rrset_ptr_fixup(d);
2713 	d->rr_ttl[0] = d->ttl;
2714 	sldns_write_uint16(d->rr_data[0], newlen);
2715 	memmove(d->rr_data[0] + sizeof(uint16_t), buf, newlen);
2716 	return 1;
2717 }
2718 
2719 /** add a synthesized CNAME to the answer section */
2720 static int
2721 add_synth_cname(struct auth_zone* z, uint8_t* qname, size_t qname_len,
2722 	struct regional* region, struct dns_msg* msg, struct auth_data* dname,
2723 	struct auth_rrset* rrset)
2724 {
2725 	struct ub_packed_rrset_key* cname;
2726 	/* synthesize a CNAME */
2727 	if(!create_synth_cname(qname, qname_len, region, dname, rrset,
2728 		z->dclass, &cname)) {
2729 		/* out of memory */
2730 		return 0;
2731 	}
2732 	if(!cname) {
2733 		/* cname cannot be create because of YXDOMAIN */
2734 		msg->rep->flags |= LDNS_RCODE_YXDOMAIN;
2735 		return 1;
2736 	}
2737 	/* add cname to message */
2738 	if(!msg_grow_array(region, msg))
2739 		return 0;
2740 	msg->rep->rrsets[msg->rep->rrset_count] = cname;
2741 	msg->rep->rrset_count++;
2742 	msg->rep->an_numrrsets++;
2743 	msg_ttl(msg);
2744 	return 1;
2745 }
2746 
2747 /** Change a dname to a different one, for wildcard namechange */
2748 static void
2749 az_change_dnames(struct dns_msg* msg, uint8_t* oldname, uint8_t* newname,
2750 	size_t newlen, int an_only)
2751 {
2752 	size_t i;
2753 	size_t start = 0, end = msg->rep->rrset_count;
2754 	if(!an_only) start = msg->rep->an_numrrsets;
2755 	if(an_only) end = msg->rep->an_numrrsets;
2756 	for(i=start; i<end; i++) {
2757 		/* allocated in region so we can change the ptrs */
2758 		if(query_dname_compare(msg->rep->rrsets[i]->rk.dname, oldname)
2759 			== 0) {
2760 			msg->rep->rrsets[i]->rk.dname = newname;
2761 			msg->rep->rrsets[i]->rk.dname_len = newlen;
2762 			msg->rep->rrsets[i]->entry.hash = rrset_key_hash(&msg->rep->rrsets[i]->rk);
2763 		}
2764 	}
2765 }
2766 
2767 /** find NSEC record covering the query */
2768 static struct auth_rrset*
2769 az_find_nsec_cover(struct auth_zone* z, struct auth_data** node)
2770 {
2771 	uint8_t* nm = (*node)->name;
2772 	size_t nmlen = (*node)->namelen;
2773 	struct auth_rrset* rrset;
2774 	/* find the NSEC for the smallest-or-equal node */
2775 	/* if node == NULL, we did not find a smaller name.  But the zone
2776 	 * name is the smallest name and should have an NSEC. So there is
2777 	 * no NSEC to return (for a properly signed zone) */
2778 	/* for empty nonterminals, the auth-data node should not exist,
2779 	 * and thus we don't need to go rbtree_previous here to find
2780 	 * a domain with an NSEC record */
2781 	/* but there could be glue, and if this is node, then it has no NSEC.
2782 	 * Go up to find nonglue (previous) NSEC-holding nodes */
2783 	while((rrset=az_domain_rrset(*node, LDNS_RR_TYPE_NSEC)) == NULL) {
2784 		if(dname_is_root(nm)) return NULL;
2785 		if(nmlen == z->namelen) return NULL;
2786 		dname_remove_label(&nm, &nmlen);
2787 		/* adjust *node for the nsec rrset to find in */
2788 		*node = az_find_name(z, nm, nmlen);
2789 	}
2790 	return rrset;
2791 }
2792 
2793 /** Find NSEC and add for wildcard denial */
2794 static int
2795 az_nsec_wildcard_denial(struct auth_zone* z, struct regional* region,
2796 	struct dns_msg* msg, uint8_t* cenm, size_t cenmlen)
2797 {
2798 	struct query_info qinfo;
2799 	int node_exact;
2800 	struct auth_data* node;
2801 	struct auth_rrset* nsec;
2802 	uint8_t wc[LDNS_MAX_DOMAINLEN];
2803 	if(cenmlen+2 > sizeof(wc))
2804 		return 0; /* result would be too long */
2805 	wc[0] = 1; /* length of wildcard label */
2806 	wc[1] = (uint8_t)'*'; /* wildcard label */
2807 	memmove(wc+2, cenm, cenmlen);
2808 
2809 	/* we have '*.ce' in wc wildcard name buffer */
2810 	/* get nsec cover for that */
2811 	qinfo.qname = wc;
2812 	qinfo.qname_len = cenmlen+2;
2813 	qinfo.qtype = 0;
2814 	qinfo.qclass = 0;
2815 	az_find_domain(z, &qinfo, &node_exact, &node);
2816 	if((nsec=az_find_nsec_cover(z, &node)) != NULL) {
2817 		if(!msg_add_rrset_ns(z, region, msg, node, nsec)) return 0;
2818 	}
2819 	return 1;
2820 }
2821 
2822 /** Find the NSEC3PARAM rrset (if any) and if true you have the parameters */
2823 static int
2824 az_nsec3_param(struct auth_zone* z, int* algo, size_t* iter, uint8_t** salt,
2825 	size_t* saltlen)
2826 {
2827 	struct auth_data* apex;
2828 	struct auth_rrset* param;
2829 	size_t i;
2830 	apex = az_find_name(z, z->name, z->namelen);
2831 	if(!apex) return 0;
2832 	param = az_domain_rrset(apex, LDNS_RR_TYPE_NSEC3PARAM);
2833 	if(!param || param->data->count==0)
2834 		return 0; /* no RRset or no RRs in rrset */
2835 	/* find out which NSEC3PARAM RR has supported parameters */
2836 	/* skip unknown flags (dynamic signer is recalculating nsec3 chain) */
2837 	for(i=0; i<param->data->count; i++) {
2838 		uint8_t* rdata = param->data->rr_data[i]+2;
2839 		size_t rdatalen = param->data->rr_len[i];
2840 		if(rdatalen < 2+5)
2841 			continue; /* too short */
2842 		if(!nsec3_hash_algo_size_supported((int)(rdata[0])))
2843 			continue; /* unsupported algo */
2844 		if(rdatalen < (size_t)(2+5+(size_t)rdata[4]))
2845 			continue; /* salt missing */
2846 		if((rdata[1]&NSEC3_UNKNOWN_FLAGS)!=0)
2847 			continue; /* unknown flags */
2848 		*algo = (int)(rdata[0]);
2849 		*iter = sldns_read_uint16(rdata+2);
2850 		*saltlen = rdata[4];
2851 		if(*saltlen == 0)
2852 			*salt = NULL;
2853 		else	*salt = rdata+5;
2854 		return 1;
2855 	}
2856 	/* no supported params */
2857 	return 0;
2858 }
2859 
2860 /** Hash a name with nsec3param into buffer, it has zone name appended.
2861  * return length of hash */
2862 static size_t
2863 az_nsec3_hash(uint8_t* buf, size_t buflen, uint8_t* nm, size_t nmlen,
2864 	int algo, size_t iter, uint8_t* salt, size_t saltlen)
2865 {
2866 	size_t hlen = nsec3_hash_algo_size_supported(algo);
2867 	/* buffer has domain name, nsec3hash, and 256 is for max saltlen
2868 	 * (salt has 0-255 length) */
2869 	unsigned char p[LDNS_MAX_DOMAINLEN+1+N3HASHBUFLEN+256];
2870 	size_t i;
2871 	if(nmlen+saltlen > sizeof(p) || hlen+saltlen > sizeof(p))
2872 		return 0;
2873 	if(hlen > buflen)
2874 		return 0; /* somehow too large for destination buffer */
2875 	/* hashfunc(name, salt) */
2876 	memmove(p, nm, nmlen);
2877 	query_dname_tolower(p);
2878 	if(salt && saltlen > 0)
2879 		memmove(p+nmlen, salt, saltlen);
2880 	(void)secalgo_nsec3_hash(algo, p, nmlen+saltlen, (unsigned char*)buf);
2881 	for(i=0; i<iter; i++) {
2882 		/* hashfunc(hash, salt) */
2883 		memmove(p, buf, hlen);
2884 		if(salt && saltlen > 0)
2885 			memmove(p+hlen, salt, saltlen);
2886 		(void)secalgo_nsec3_hash(algo, p, hlen+saltlen,
2887 			(unsigned char*)buf);
2888 	}
2889 	return hlen;
2890 }
2891 
2892 /** Hash name and return b32encoded hashname for lookup, zone name appended */
2893 static int
2894 az_nsec3_hashname(struct auth_zone* z, uint8_t* hashname, size_t* hashnmlen,
2895 	uint8_t* nm, size_t nmlen, int algo, size_t iter, uint8_t* salt,
2896 	size_t saltlen)
2897 {
2898 	uint8_t hash[N3HASHBUFLEN];
2899 	size_t hlen;
2900 	int ret;
2901 	hlen = az_nsec3_hash(hash, sizeof(hash), nm, nmlen, algo, iter,
2902 		salt, saltlen);
2903 	if(!hlen) return 0;
2904 	/* b32 encode */
2905 	if(*hashnmlen < hlen*2+1+z->namelen) /* approx b32 as hexb16 */
2906 		return 0;
2907 	ret = sldns_b32_ntop_extended_hex(hash, hlen, (char*)(hashname+1),
2908 		(*hashnmlen)-1);
2909 	if(ret<1)
2910 		return 0;
2911 	hashname[0] = (uint8_t)ret;
2912 	ret++;
2913 	if((*hashnmlen) - ret < z->namelen)
2914 		return 0;
2915 	memmove(hashname+ret, z->name, z->namelen);
2916 	*hashnmlen = z->namelen+(size_t)ret;
2917 	return 1;
2918 }
2919 
2920 /** Find the datanode that covers the nsec3hash-name */
2921 static struct auth_data*
2922 az_nsec3_findnode(struct auth_zone* z, uint8_t* hashnm, size_t hashnmlen)
2923 {
2924 	struct query_info qinfo;
2925 	struct auth_data* node;
2926 	int node_exact;
2927 	qinfo.qclass = 0;
2928 	qinfo.qtype = 0;
2929 	qinfo.qname = hashnm;
2930 	qinfo.qname_len = hashnmlen;
2931 	/* because canonical ordering and b32 nsec3 ordering are the same.
2932 	 * this is a good lookup to find the nsec3 name. */
2933 	az_find_domain(z, &qinfo, &node_exact, &node);
2934 	/* but we may have to skip non-nsec3 nodes */
2935 	/* this may be a lot, the way to speed that up is to have a
2936 	 * separate nsec3 tree with nsec3 nodes */
2937 	while(node && (rbnode_type*)node != RBTREE_NULL &&
2938 		!az_domain_rrset(node, LDNS_RR_TYPE_NSEC3)) {
2939 		node = (struct auth_data*)rbtree_previous(&node->node);
2940 	}
2941 	if((rbnode_type*)node == RBTREE_NULL)
2942 		node = NULL;
2943 	return node;
2944 }
2945 
2946 /** Find cover for hashed(nm, nmlen) (or NULL) */
2947 static struct auth_data*
2948 az_nsec3_find_cover(struct auth_zone* z, uint8_t* nm, size_t nmlen,
2949 	int algo, size_t iter, uint8_t* salt, size_t saltlen)
2950 {
2951 	struct auth_data* node;
2952 	uint8_t hname[LDNS_MAX_DOMAINLEN];
2953 	size_t hlen = sizeof(hname);
2954 	if(!az_nsec3_hashname(z, hname, &hlen, nm, nmlen, algo, iter,
2955 		salt, saltlen))
2956 		return NULL;
2957 	node = az_nsec3_findnode(z, hname, hlen);
2958 	if(node)
2959 		return node;
2960 	/* we did not find any, perhaps because the NSEC3 hash is before
2961 	 * the first hash, we have to find the 'last hash' in the zone */
2962 	node = (struct auth_data*)rbtree_last(&z->data);
2963 	while(node && (rbnode_type*)node != RBTREE_NULL &&
2964 		!az_domain_rrset(node, LDNS_RR_TYPE_NSEC3)) {
2965 		node = (struct auth_data*)rbtree_previous(&node->node);
2966 	}
2967 	if((rbnode_type*)node == RBTREE_NULL)
2968 		node = NULL;
2969 	return node;
2970 }
2971 
2972 /** Find exact match for hashed(nm, nmlen) NSEC3 record or NULL */
2973 static struct auth_data*
2974 az_nsec3_find_exact(struct auth_zone* z, uint8_t* nm, size_t nmlen,
2975 	int algo, size_t iter, uint8_t* salt, size_t saltlen)
2976 {
2977 	struct auth_data* node;
2978 	uint8_t hname[LDNS_MAX_DOMAINLEN];
2979 	size_t hlen = sizeof(hname);
2980 	if(!az_nsec3_hashname(z, hname, &hlen, nm, nmlen, algo, iter,
2981 		salt, saltlen))
2982 		return NULL;
2983 	node = az_find_name(z, hname, hlen);
2984 	if(az_domain_rrset(node, LDNS_RR_TYPE_NSEC3))
2985 		return node;
2986 	return NULL;
2987 }
2988 
2989 /** Return nextcloser name (as a ref into the qname).  This is one label
2990  * more than the cenm (cename must be a suffix of qname) */
2991 static void
2992 az_nsec3_get_nextcloser(uint8_t* cenm, uint8_t* qname, size_t qname_len,
2993 	uint8_t** nx, size_t* nxlen)
2994 {
2995 	int celabs = dname_count_labels(cenm);
2996 	int qlabs = dname_count_labels(qname);
2997 	int strip = qlabs - celabs -1;
2998 	log_assert(dname_strict_subdomain(qname, qlabs, cenm, celabs));
2999 	*nx = qname;
3000 	*nxlen = qname_len;
3001 	if(strip>0)
3002 		dname_remove_labels(nx, nxlen, strip);
3003 }
3004 
3005 /** Find the closest encloser that has exact NSEC3.
3006  * updated cenm to the new name. If it went up no-exact-ce is true. */
3007 static struct auth_data*
3008 az_nsec3_find_ce(struct auth_zone* z, uint8_t** cenm, size_t* cenmlen,
3009 	int* no_exact_ce, int algo, size_t iter, uint8_t* salt, size_t saltlen)
3010 {
3011 	struct auth_data* node;
3012 	while((node = az_nsec3_find_exact(z, *cenm, *cenmlen,
3013 		algo, iter, salt, saltlen)) == NULL) {
3014 		if(*cenmlen == z->namelen) {
3015 			/* next step up would take us out of the zone. fail */
3016 			return NULL;
3017 		}
3018 		*no_exact_ce = 1;
3019 		dname_remove_label(cenm, cenmlen);
3020 	}
3021 	return node;
3022 }
3023 
3024 /* Insert NSEC3 record in authority section, if NULL does nothing */
3025 static int
3026 az_nsec3_insert(struct auth_zone* z, struct regional* region,
3027 	struct dns_msg* msg, struct auth_data* node)
3028 {
3029 	struct auth_rrset* nsec3;
3030 	if(!node) return 1; /* no node, skip this */
3031 	nsec3 = az_domain_rrset(node, LDNS_RR_TYPE_NSEC3);
3032 	if(!nsec3) return 1; /* if no nsec3 RR, skip it */
3033 	if(!msg_add_rrset_ns(z, region, msg, node, nsec3)) return 0;
3034 	return 1;
3035 }
3036 
3037 /** add NSEC3 records to the zone for the nsec3 proof.
3038  * Specify with the flags with parts of the proof are required.
3039  * the ce is the exact matching name (for notype) but also delegation points.
3040  * qname is the one where the nextcloser name can be derived from.
3041  * If NSEC3 is not properly there (in the zone) nothing is added.
3042  * always enabled: include nsec3 proving about the Closest Encloser.
3043  * 	that is an exact match that should exist for it.
3044  * 	If that does not exist, a higher exact match + nxproof is enabled
3045  * 	(for some sort of opt-out empty nonterminal cases).
3046  * nodataproof: search for exact match and include that instead.
3047  * ceproof: include ce proof NSEC3 (omitted for wildcard replies).
3048  * nxproof: include denial of the qname.
3049  * wcproof: include denial of wildcard (wildcard.ce).
3050  */
3051 static int
3052 az_add_nsec3_proof(struct auth_zone* z, struct regional* region,
3053 	struct dns_msg* msg, uint8_t* cenm, size_t cenmlen, uint8_t* qname,
3054 	size_t qname_len, int nodataproof, int ceproof, int nxproof,
3055 	int wcproof)
3056 {
3057 	int algo;
3058 	size_t iter, saltlen;
3059 	uint8_t* salt;
3060 	int no_exact_ce = 0;
3061 	struct auth_data* node;
3062 
3063 	/* find parameters of nsec3 proof */
3064 	if(!az_nsec3_param(z, &algo, &iter, &salt, &saltlen))
3065 		return 1; /* no nsec3 */
3066 	if(nodataproof) {
3067 		/* see if the node has a hash of itself for the nodata
3068 		 * proof nsec3, this has to be an exact match nsec3. */
3069 		struct auth_data* match;
3070 		match = az_nsec3_find_exact(z, qname, qname_len, algo,
3071 			iter, salt, saltlen);
3072 		if(match) {
3073 			if(!az_nsec3_insert(z, region, msg, match))
3074 				return 0;
3075 			/* only nodata NSEC3 needed, no CE or others. */
3076 			return 1;
3077 		}
3078 	}
3079 	/* find ce that has an NSEC3 */
3080 	if(ceproof) {
3081 		node = az_nsec3_find_ce(z, &cenm, &cenmlen, &no_exact_ce,
3082 			algo, iter, salt, saltlen);
3083 		if(no_exact_ce) nxproof = 1;
3084 		if(!az_nsec3_insert(z, region, msg, node))
3085 			return 0;
3086 	}
3087 
3088 	if(nxproof) {
3089 		uint8_t* nx;
3090 		size_t nxlen;
3091 		/* create nextcloser domain name */
3092 		az_nsec3_get_nextcloser(cenm, qname, qname_len, &nx, &nxlen);
3093 		/* find nsec3 that matches or covers it */
3094 		node = az_nsec3_find_cover(z, nx, nxlen, algo, iter, salt,
3095 			saltlen);
3096 		if(!az_nsec3_insert(z, region, msg, node))
3097 			return 0;
3098 	}
3099 	if(wcproof) {
3100 		/* create wildcard name *.ce */
3101 		uint8_t wc[LDNS_MAX_DOMAINLEN];
3102 		size_t wclen;
3103 		if(cenmlen+2 > sizeof(wc))
3104 			return 0; /* result would be too long */
3105 		wc[0] = 1; /* length of wildcard label */
3106 		wc[1] = (uint8_t)'*'; /* wildcard label */
3107 		memmove(wc+2, cenm, cenmlen);
3108 		wclen = cenmlen+2;
3109 		/* find nsec3 that matches or covers it */
3110 		node = az_nsec3_find_cover(z, wc, wclen, algo, iter, salt,
3111 			saltlen);
3112 		if(!az_nsec3_insert(z, region, msg, node))
3113 			return 0;
3114 	}
3115 	return 1;
3116 }
3117 
3118 /** generate answer for positive answer */
3119 static int
3120 az_generate_positive_answer(struct auth_zone* z, struct regional* region,
3121 	struct dns_msg* msg, struct auth_data* node, struct auth_rrset* rrset)
3122 {
3123 	if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0;
3124 	/* see if we want additional rrs */
3125 	if(rrset->type == LDNS_RR_TYPE_MX) {
3126 		if(!az_add_additionals_from(z, region, msg, rrset, 2))
3127 			return 0;
3128 	} else if(rrset->type == LDNS_RR_TYPE_SRV) {
3129 		if(!az_add_additionals_from(z, region, msg, rrset, 6))
3130 			return 0;
3131 	} else if(rrset->type == LDNS_RR_TYPE_NS) {
3132 		if(!az_add_additionals_from(z, region, msg, rrset, 0))
3133 			return 0;
3134 	}
3135 	return 1;
3136 }
3137 
3138 /** generate answer for type ANY answer */
3139 static int
3140 az_generate_any_answer(struct auth_zone* z, struct regional* region,
3141 	struct dns_msg* msg, struct auth_data* node)
3142 {
3143 	struct auth_rrset* rrset;
3144 	int added = 0;
3145 	/* add a couple (at least one) RRs */
3146 	if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_SOA)) != NULL) {
3147 		if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0;
3148 		added++;
3149 	}
3150 	if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_MX)) != NULL) {
3151 		if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0;
3152 		added++;
3153 	}
3154 	if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_A)) != NULL) {
3155 		if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0;
3156 		added++;
3157 	}
3158 	if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_AAAA)) != NULL) {
3159 		if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0;
3160 		added++;
3161 	}
3162 	if(added == 0 && node && node->rrsets) {
3163 		if(!msg_add_rrset_an(z, region, msg, node,
3164 			node->rrsets)) return 0;
3165 	}
3166 	return 1;
3167 }
3168 
3169 /** follow cname chain and add more data to the answer section */
3170 static int
3171 follow_cname_chain(struct auth_zone* z, uint16_t qtype,
3172 	struct regional* region, struct dns_msg* msg,
3173 	struct packed_rrset_data* d)
3174 {
3175 	int maxchain = 0;
3176 	/* see if we can add the target of the CNAME into the answer */
3177 	while(maxchain++ < MAX_CNAME_CHAIN) {
3178 		struct auth_data* node;
3179 		struct auth_rrset* rrset;
3180 		size_t clen;
3181 		/* d has cname rdata */
3182 		if(d->count == 0) break; /* no CNAME */
3183 		if(d->rr_len[0] < 2+1) break; /* too small */
3184 		if((clen=dname_valid(d->rr_data[0]+2, d->rr_len[0]-2))==0)
3185 			break; /* malformed */
3186 		if(!dname_subdomain_c(d->rr_data[0]+2, z->name))
3187 			break; /* target out of zone */
3188 		if((node = az_find_name(z, d->rr_data[0]+2, clen))==NULL)
3189 			break; /* no such target name */
3190 		if((rrset=az_domain_rrset(node, qtype))!=NULL) {
3191 			/* done we found the target */
3192 			if(!msg_add_rrset_an(z, region, msg, node, rrset))
3193 				return 0;
3194 			break;
3195 		}
3196 		if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_CNAME))==NULL)
3197 			break; /* no further CNAME chain, notype */
3198 		if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0;
3199 		d = rrset->data;
3200 	}
3201 	return 1;
3202 }
3203 
3204 /** generate answer for cname answer */
3205 static int
3206 az_generate_cname_answer(struct auth_zone* z, struct query_info* qinfo,
3207 	struct regional* region, struct dns_msg* msg,
3208 	struct auth_data* node, struct auth_rrset* rrset)
3209 {
3210 	if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0;
3211 	if(!rrset) return 1;
3212 	if(!follow_cname_chain(z, qinfo->qtype, region, msg, rrset->data))
3213 		return 0;
3214 	return 1;
3215 }
3216 
3217 /** generate answer for notype answer */
3218 static int
3219 az_generate_notype_answer(struct auth_zone* z, struct regional* region,
3220 	struct dns_msg* msg, struct auth_data* node)
3221 {
3222 	struct auth_rrset* rrset;
3223 	if(!az_add_negative_soa(z, region, msg)) return 0;
3224 	/* DNSSEC denial NSEC */
3225 	if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_NSEC))!=NULL) {
3226 		if(!msg_add_rrset_ns(z, region, msg, node, rrset)) return 0;
3227 	} else if(node) {
3228 		/* DNSSEC denial NSEC3 */
3229 		if(!az_add_nsec3_proof(z, region, msg, node->name,
3230 			node->namelen, msg->qinfo.qname,
3231 			msg->qinfo.qname_len, 1, 1, 0, 0))
3232 			return 0;
3233 	}
3234 	return 1;
3235 }
3236 
3237 /** generate answer for referral answer */
3238 static int
3239 az_generate_referral_answer(struct auth_zone* z, struct regional* region,
3240 	struct dns_msg* msg, struct auth_data* ce, struct auth_rrset* rrset)
3241 {
3242 	struct auth_rrset* ds, *nsec;
3243 	/* turn off AA flag, referral is nonAA because it leaves the zone */
3244 	log_assert(ce);
3245 	msg->rep->flags &= ~BIT_AA;
3246 	if(!msg_add_rrset_ns(z, region, msg, ce, rrset)) return 0;
3247 	/* add DS or deny it */
3248 	if((ds=az_domain_rrset(ce, LDNS_RR_TYPE_DS))!=NULL) {
3249 		if(!msg_add_rrset_ns(z, region, msg, ce, ds)) return 0;
3250 	} else {
3251 		/* deny the DS */
3252 		if((nsec=az_domain_rrset(ce, LDNS_RR_TYPE_NSEC))!=NULL) {
3253 			if(!msg_add_rrset_ns(z, region, msg, ce, nsec))
3254 				return 0;
3255 		} else {
3256 			if(!az_add_nsec3_proof(z, region, msg, ce->name,
3257 				ce->namelen, msg->qinfo.qname,
3258 				msg->qinfo.qname_len, 1, 1, 0, 0))
3259 				return 0;
3260 		}
3261 	}
3262 	/* add additional rrs for type NS */
3263 	if(!az_add_additionals_from(z, region, msg, rrset, 0)) return 0;
3264 	return 1;
3265 }
3266 
3267 /** generate answer for DNAME answer */
3268 static int
3269 az_generate_dname_answer(struct auth_zone* z, struct query_info* qinfo,
3270 	struct regional* region, struct dns_msg* msg, struct auth_data* ce,
3271 	struct auth_rrset* rrset)
3272 {
3273 	log_assert(ce);
3274 	/* add the DNAME and then a CNAME */
3275 	if(!msg_add_rrset_an(z, region, msg, ce, rrset)) return 0;
3276 	if(!add_synth_cname(z, qinfo->qname, qinfo->qname_len, region,
3277 		msg, ce, rrset)) return 0;
3278 	if(FLAGS_GET_RCODE(msg->rep->flags) == LDNS_RCODE_YXDOMAIN)
3279 		return 1;
3280 	if(msg->rep->rrset_count == 0 ||
3281 		!msg->rep->rrsets[msg->rep->rrset_count-1])
3282 		return 0;
3283 	if(!follow_cname_chain(z, qinfo->qtype, region, msg,
3284 		(struct packed_rrset_data*)msg->rep->rrsets[
3285 		msg->rep->rrset_count-1]->entry.data))
3286 		return 0;
3287 	return 1;
3288 }
3289 
3290 /** generate answer for wildcard answer */
3291 static int
3292 az_generate_wildcard_answer(struct auth_zone* z, struct query_info* qinfo,
3293 	struct regional* region, struct dns_msg* msg, struct auth_data* ce,
3294 	struct auth_data* wildcard, struct auth_data* node)
3295 {
3296 	struct auth_rrset* rrset, *nsec;
3297 	int insert_ce = 0;
3298 	if((rrset=az_domain_rrset(wildcard, qinfo->qtype)) != NULL) {
3299 		/* wildcard has type, add it */
3300 		if(!msg_add_rrset_an(z, region, msg, wildcard, rrset))
3301 			return 0;
3302 		az_change_dnames(msg, wildcard->name, msg->qinfo.qname,
3303 			msg->qinfo.qname_len, 1);
3304 	} else if((rrset=az_domain_rrset(wildcard, LDNS_RR_TYPE_CNAME))!=NULL) {
3305 		/* wildcard has cname instead, do that */
3306 		if(!msg_add_rrset_an(z, region, msg, wildcard, rrset))
3307 			return 0;
3308 		az_change_dnames(msg, wildcard->name, msg->qinfo.qname,
3309 			msg->qinfo.qname_len, 1);
3310 		if(!follow_cname_chain(z, qinfo->qtype, region, msg,
3311 			rrset->data))
3312 			return 0;
3313 	} else if(qinfo->qtype == LDNS_RR_TYPE_ANY && wildcard->rrsets) {
3314 		/* add ANY rrsets from wildcard node */
3315 		if(!az_generate_any_answer(z, region, msg, wildcard))
3316 			return 0;
3317 		az_change_dnames(msg, wildcard->name, msg->qinfo.qname,
3318 			msg->qinfo.qname_len, 1);
3319 	} else {
3320 		/* wildcard has nodata, notype answer */
3321 		/* call other notype routine for dnssec notype denials */
3322 		if(!az_generate_notype_answer(z, region, msg, wildcard))
3323 			return 0;
3324 		/* because the notype, there is no positive data with an
3325 		 * RRSIG that indicates the wildcard position.  Thus the
3326 		 * wildcard qname denial needs to have a CE nsec3. */
3327 		insert_ce = 1;
3328 	}
3329 
3330 	/* ce and node for dnssec denial of wildcard original name */
3331 	if((nsec=az_find_nsec_cover(z, &node)) != NULL) {
3332 		if(!msg_add_rrset_ns(z, region, msg, node, nsec)) return 0;
3333 	} else if(ce) {
3334 		uint8_t* wildup = wildcard->name;
3335 		size_t wilduplen= wildcard->namelen;
3336 		dname_remove_label(&wildup, &wilduplen);
3337 		if(!az_add_nsec3_proof(z, region, msg, wildup,
3338 			wilduplen, msg->qinfo.qname,
3339 			msg->qinfo.qname_len, 0, insert_ce, 1, 0))
3340 			return 0;
3341 	}
3342 
3343 	/* fixup name of wildcard from *.zone to qname, use already allocated
3344 	 * pointer to msg qname */
3345 	az_change_dnames(msg, wildcard->name, msg->qinfo.qname,
3346 		msg->qinfo.qname_len, 0);
3347 	return 1;
3348 }
3349 
3350 /** generate answer for nxdomain answer */
3351 static int
3352 az_generate_nxdomain_answer(struct auth_zone* z, struct regional* region,
3353 	struct dns_msg* msg, struct auth_data* ce, struct auth_data* node)
3354 {
3355 	struct auth_rrset* nsec;
3356 	msg->rep->flags |= LDNS_RCODE_NXDOMAIN;
3357 	if(!az_add_negative_soa(z, region, msg)) return 0;
3358 	if((nsec=az_find_nsec_cover(z, &node)) != NULL) {
3359 		if(!msg_add_rrset_ns(z, region, msg, node, nsec)) return 0;
3360 		if(ce && !az_nsec_wildcard_denial(z, region, msg, ce->name,
3361 			ce->namelen)) return 0;
3362 	} else if(ce) {
3363 		if(!az_add_nsec3_proof(z, region, msg, ce->name,
3364 			ce->namelen, msg->qinfo.qname,
3365 			msg->qinfo.qname_len, 0, 1, 1, 1))
3366 			return 0;
3367 	}
3368 	return 1;
3369 }
3370 
3371 /** Create answers when an exact match exists for the domain name */
3372 static int
3373 az_generate_answer_with_node(struct auth_zone* z, struct query_info* qinfo,
3374 	struct regional* region, struct dns_msg* msg, struct auth_data* node)
3375 {
3376 	struct auth_rrset* rrset;
3377 	/* positive answer, rrset we are looking for exists */
3378 	if((rrset=az_domain_rrset(node, qinfo->qtype)) != NULL) {
3379 		return az_generate_positive_answer(z, region, msg, node, rrset);
3380 	}
3381 	/* CNAME? */
3382 	if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_CNAME)) != NULL) {
3383 		return az_generate_cname_answer(z, qinfo, region, msg,
3384 			node, rrset);
3385 	}
3386 	/* type ANY ? */
3387 	if(qinfo->qtype == LDNS_RR_TYPE_ANY) {
3388 		return az_generate_any_answer(z, region, msg, node);
3389 	}
3390 	/* NOERROR/NODATA (no such type at domain name) */
3391 	return az_generate_notype_answer(z, region, msg, node);
3392 }
3393 
3394 /** Generate answer without an existing-node that we can use.
3395  * So it'll be a referral, DNAME or nxdomain */
3396 static int
3397 az_generate_answer_nonexistnode(struct auth_zone* z, struct query_info* qinfo,
3398 	struct regional* region, struct dns_msg* msg, struct auth_data* ce,
3399 	struct auth_rrset* rrset, struct auth_data* node)
3400 {
3401 	struct auth_data* wildcard;
3402 
3403 	/* we do not have an exact matching name (that exists) */
3404 	/* see if we have a NS or DNAME in the ce */
3405 	if(ce && rrset && rrset->type == LDNS_RR_TYPE_NS) {
3406 		return az_generate_referral_answer(z, region, msg, ce, rrset);
3407 	}
3408 	if(ce && rrset && rrset->type == LDNS_RR_TYPE_DNAME) {
3409 		return az_generate_dname_answer(z, qinfo, region, msg, ce,
3410 			rrset);
3411 	}
3412 	/* if there is an empty nonterminal, wildcard and nxdomain don't
3413 	 * happen, it is a notype answer */
3414 	if(az_empty_nonterminal(z, qinfo, node)) {
3415 		return az_generate_notype_answer(z, region, msg, node);
3416 	}
3417 	/* see if we have a wildcard under the ce */
3418 	if((wildcard=az_find_wildcard(z, qinfo, ce)) != NULL) {
3419 		return az_generate_wildcard_answer(z, qinfo, region, msg,
3420 			ce, wildcard, node);
3421 	}
3422 	/* generate nxdomain answer */
3423 	return az_generate_nxdomain_answer(z, region, msg, ce, node);
3424 }
3425 
3426 /** Lookup answer in a zone. */
3427 static int
3428 auth_zone_generate_answer(struct auth_zone* z, struct query_info* qinfo,
3429 	struct regional* region, struct dns_msg** msg, int* fallback)
3430 {
3431 	struct auth_data* node, *ce;
3432 	struct auth_rrset* rrset;
3433 	int node_exact, node_exists;
3434 	/* does the zone want fallback in case of failure? */
3435 	*fallback = z->fallback_enabled;
3436 	if(!(*msg=msg_create(region, qinfo))) return 0;
3437 
3438 	/* lookup if there is a matching domain name for the query */
3439 	az_find_domain(z, qinfo, &node_exact, &node);
3440 
3441 	/* see if node exists for generating answers from (i.e. not glue and
3442 	 * obscured by NS or DNAME or NSEC3-only), and also return the
3443 	 * closest-encloser from that, closest node that should be used
3444 	 * to generate answers from that is above the query */
3445 	node_exists = az_find_ce(z, qinfo, node, node_exact, &ce, &rrset);
3446 
3447 	if(verbosity >= VERB_ALGO) {
3448 		char zname[256], qname[256], nname[256], cename[256],
3449 			tpstr[32], rrstr[32];
3450 		sldns_wire2str_dname_buf(qinfo->qname, qinfo->qname_len, qname,
3451 			sizeof(qname));
3452 		sldns_wire2str_type_buf(qinfo->qtype, tpstr, sizeof(tpstr));
3453 		sldns_wire2str_dname_buf(z->name, z->namelen, zname,
3454 			sizeof(zname));
3455 		if(node)
3456 			sldns_wire2str_dname_buf(node->name, node->namelen,
3457 				nname, sizeof(nname));
3458 		else	snprintf(nname, sizeof(nname), "NULL");
3459 		if(ce)
3460 			sldns_wire2str_dname_buf(ce->name, ce->namelen,
3461 				cename, sizeof(cename));
3462 		else	snprintf(cename, sizeof(cename), "NULL");
3463 		if(rrset) sldns_wire2str_type_buf(rrset->type, rrstr,
3464 			sizeof(rrstr));
3465 		else	snprintf(rrstr, sizeof(rrstr), "NULL");
3466 		log_info("auth_zone %s query %s %s, domain %s %s %s, "
3467 			"ce %s, rrset %s", zname, qname, tpstr, nname,
3468 			(node_exact?"exact":"notexact"),
3469 			(node_exists?"exist":"notexist"), cename, rrstr);
3470 	}
3471 
3472 	if(node_exists) {
3473 		/* the node is fine, generate answer from node */
3474 		return az_generate_answer_with_node(z, qinfo, region, *msg,
3475 			node);
3476 	}
3477 	return az_generate_answer_nonexistnode(z, qinfo, region, *msg,
3478 		ce, rrset, node);
3479 }
3480 
3481 int auth_zones_lookup(struct auth_zones* az, struct query_info* qinfo,
3482 	struct regional* region, struct dns_msg** msg, int* fallback,
3483 	uint8_t* dp_nm, size_t dp_nmlen)
3484 {
3485 	int r;
3486 	struct auth_zone* z;
3487 	/* find the zone that should contain the answer. */
3488 	lock_rw_rdlock(&az->lock);
3489 	z = auth_zone_find(az, dp_nm, dp_nmlen, qinfo->qclass);
3490 	if(!z) {
3491 		lock_rw_unlock(&az->lock);
3492 		/* no auth zone, fallback to internet */
3493 		*fallback = 1;
3494 		return 0;
3495 	}
3496 	lock_rw_rdlock(&z->lock);
3497 	lock_rw_unlock(&az->lock);
3498 
3499 	/* if not for upstream queries, fallback */
3500 	if(!z->for_upstream) {
3501 		lock_rw_unlock(&z->lock);
3502 		*fallback = 1;
3503 		return 0;
3504 	}
3505 	if(z->zone_expired) {
3506 		*fallback = z->fallback_enabled;
3507 		lock_rw_unlock(&z->lock);
3508 		return 0;
3509 	}
3510 	/* see what answer that zone would generate */
3511 	r = auth_zone_generate_answer(z, qinfo, region, msg, fallback);
3512 	lock_rw_unlock(&z->lock);
3513 	return r;
3514 }
3515 
3516 /** encode auth answer */
3517 static void
3518 auth_answer_encode(struct query_info* qinfo, struct module_env* env,
3519 	struct edns_data* edns, struct comm_reply* repinfo, sldns_buffer* buf,
3520 	struct regional* temp, struct dns_msg* msg)
3521 {
3522 	uint16_t udpsize;
3523 	udpsize = edns->udp_size;
3524 	edns->edns_version = EDNS_ADVERTISED_VERSION;
3525 	edns->udp_size = EDNS_ADVERTISED_SIZE;
3526 	edns->ext_rcode = 0;
3527 	edns->bits &= EDNS_DO;
3528 
3529 	if(!inplace_cb_reply_local_call(env, qinfo, NULL, msg->rep,
3530 		(int)FLAGS_GET_RCODE(msg->rep->flags), edns, repinfo, temp, env->now_tv)
3531 		|| !reply_info_answer_encode(qinfo, msg->rep,
3532 		*(uint16_t*)sldns_buffer_begin(buf),
3533 		sldns_buffer_read_u16_at(buf, 2),
3534 		buf, 0, 0, temp, udpsize, edns,
3535 		(int)(edns->bits&EDNS_DO), 0)) {
3536 		error_encode(buf, (LDNS_RCODE_SERVFAIL|BIT_AA), qinfo,
3537 			*(uint16_t*)sldns_buffer_begin(buf),
3538 			sldns_buffer_read_u16_at(buf, 2), edns);
3539 	}
3540 }
3541 
3542 /** encode auth error answer */
3543 static void
3544 auth_error_encode(struct query_info* qinfo, struct module_env* env,
3545 	struct edns_data* edns, struct comm_reply* repinfo, sldns_buffer* buf,
3546 	struct regional* temp, int rcode)
3547 {
3548 	edns->edns_version = EDNS_ADVERTISED_VERSION;
3549 	edns->udp_size = EDNS_ADVERTISED_SIZE;
3550 	edns->ext_rcode = 0;
3551 	edns->bits &= EDNS_DO;
3552 
3553 	if(!inplace_cb_reply_local_call(env, qinfo, NULL, NULL,
3554 		rcode, edns, repinfo, temp, env->now_tv))
3555 		edns->opt_list_inplace_cb_out = NULL;
3556 	error_encode(buf, rcode|BIT_AA, qinfo,
3557 		*(uint16_t*)sldns_buffer_begin(buf),
3558 		sldns_buffer_read_u16_at(buf, 2), edns);
3559 }
3560 
3561 int auth_zones_answer(struct auth_zones* az, struct module_env* env,
3562 	struct query_info* qinfo, struct edns_data* edns,
3563 	struct comm_reply* repinfo, struct sldns_buffer* buf, struct regional* temp)
3564 {
3565 	struct dns_msg* msg = NULL;
3566 	struct auth_zone* z;
3567 	int r;
3568 	int fallback = 0;
3569 
3570 	lock_rw_rdlock(&az->lock);
3571 	if(!az->have_downstream) {
3572 		/* no downstream auth zones */
3573 		lock_rw_unlock(&az->lock);
3574 		return 0;
3575 	}
3576 	if(qinfo->qtype == LDNS_RR_TYPE_DS) {
3577 		uint8_t* delname = qinfo->qname;
3578 		size_t delnamelen = qinfo->qname_len;
3579 		dname_remove_label(&delname, &delnamelen);
3580 		z = auth_zones_find_zone(az, delname, delnamelen,
3581 			qinfo->qclass);
3582 	} else {
3583 		z = auth_zones_find_zone(az, qinfo->qname, qinfo->qname_len,
3584 			qinfo->qclass);
3585 	}
3586 	if(!z) {
3587 		/* no zone above it */
3588 		lock_rw_unlock(&az->lock);
3589 		return 0;
3590 	}
3591 	lock_rw_rdlock(&z->lock);
3592 	lock_rw_unlock(&az->lock);
3593 	if(!z->for_downstream) {
3594 		lock_rw_unlock(&z->lock);
3595 		return 0;
3596 	}
3597 	if(z->zone_expired) {
3598 		if(z->fallback_enabled) {
3599 			lock_rw_unlock(&z->lock);
3600 			return 0;
3601 		}
3602 		lock_rw_unlock(&z->lock);
3603 		lock_rw_wrlock(&az->lock);
3604 		az->num_query_down++;
3605 		lock_rw_unlock(&az->lock);
3606 		auth_error_encode(qinfo, env, edns, repinfo, buf, temp,
3607 			LDNS_RCODE_SERVFAIL);
3608 		return 1;
3609 	}
3610 
3611 	/* answer it from zone z */
3612 	r = auth_zone_generate_answer(z, qinfo, temp, &msg, &fallback);
3613 	lock_rw_unlock(&z->lock);
3614 	if(!r && fallback) {
3615 		/* fallback to regular answering (recursive) */
3616 		return 0;
3617 	}
3618 	lock_rw_wrlock(&az->lock);
3619 	az->num_query_down++;
3620 	lock_rw_unlock(&az->lock);
3621 
3622 	/* encode answer */
3623 	if(!r)
3624 		auth_error_encode(qinfo, env, edns, repinfo, buf, temp,
3625 			LDNS_RCODE_SERVFAIL);
3626 	else	auth_answer_encode(qinfo, env, edns, repinfo, buf, temp, msg);
3627 
3628 	return 1;
3629 }
3630 
3631 int auth_zones_can_fallback(struct auth_zones* az, uint8_t* nm, size_t nmlen,
3632 	uint16_t dclass)
3633 {
3634 	int r;
3635 	struct auth_zone* z;
3636 	lock_rw_rdlock(&az->lock);
3637 	z = auth_zone_find(az, nm, nmlen, dclass);
3638 	if(!z) {
3639 		lock_rw_unlock(&az->lock);
3640 		/* no such auth zone, fallback */
3641 		return 1;
3642 	}
3643 	lock_rw_rdlock(&z->lock);
3644 	lock_rw_unlock(&az->lock);
3645 	r = z->fallback_enabled || (!z->for_upstream);
3646 	lock_rw_unlock(&z->lock);
3647 	return r;
3648 }
3649 
3650 int
3651 auth_zone_parse_notify_serial(sldns_buffer* pkt, uint32_t *serial)
3652 {
3653 	struct query_info q;
3654 	uint16_t rdlen;
3655 	memset(&q, 0, sizeof(q));
3656 	sldns_buffer_set_position(pkt, 0);
3657 	if(!query_info_parse(&q, pkt)) return 0;
3658 	if(LDNS_ANCOUNT(sldns_buffer_begin(pkt)) == 0) return 0;
3659 	/* skip name of RR in answer section */
3660 	if(sldns_buffer_remaining(pkt) < 1) return 0;
3661 	if(pkt_dname_len(pkt) == 0) return 0;
3662 	/* check type */
3663 	if(sldns_buffer_remaining(pkt) < 10 /* type,class,ttl,rdatalen*/)
3664 		return 0;
3665 	if(sldns_buffer_read_u16(pkt) != LDNS_RR_TYPE_SOA) return 0;
3666 	sldns_buffer_skip(pkt, 2); /* class */
3667 	sldns_buffer_skip(pkt, 4); /* ttl */
3668 	rdlen = sldns_buffer_read_u16(pkt); /* rdatalen */
3669 	if(sldns_buffer_remaining(pkt) < rdlen) return 0;
3670 	if(rdlen < 22) return 0; /* bad soa length */
3671 	sldns_buffer_skip(pkt, (ssize_t)(rdlen-20));
3672 	*serial = sldns_buffer_read_u32(pkt);
3673 	/* return true when has serial in answer section */
3674 	return 1;
3675 }
3676 
3677 /** see if addr appears in the list */
3678 static int
3679 addr_in_list(struct auth_addr* list, struct sockaddr_storage* addr,
3680 	socklen_t addrlen)
3681 {
3682 	struct auth_addr* p;
3683 	for(p=list; p; p=p->next) {
3684 		if(sockaddr_cmp_addr(addr, addrlen, &p->addr, p->addrlen)==0)
3685 			return 1;
3686 	}
3687 	return 0;
3688 }
3689 
3690 /** check if an address matches a master specification (or one of its
3691  * addresses in the addr list) */
3692 static int
3693 addr_matches_master(struct auth_master* master, struct sockaddr_storage* addr,
3694 	socklen_t addrlen, struct auth_master** fromhost)
3695 {
3696 	struct sockaddr_storage a;
3697 	socklen_t alen = 0;
3698 	int net = 0;
3699 	if(addr_in_list(master->list, addr, addrlen)) {
3700 		*fromhost = master;
3701 		return 1;
3702 	}
3703 	/* compare address (but not port number, that is the destination
3704 	 * port of the master, the port number of the received notify is
3705 	 * allowed to by any port on that master) */
3706 	if(extstrtoaddr(master->host, &a, &alen, UNBOUND_DNS_PORT) &&
3707 		sockaddr_cmp_addr(addr, addrlen, &a, alen)==0) {
3708 		*fromhost = master;
3709 		return 1;
3710 	}
3711 	/* prefixes, addr/len, like 10.0.0.0/8 */
3712 	/* not http and has a / and there is one / */
3713 	if(master->allow_notify && !master->http &&
3714 		strchr(master->host, '/') != NULL &&
3715 		strchr(master->host, '/') == strrchr(master->host, '/') &&
3716 		netblockstrtoaddr(master->host, UNBOUND_DNS_PORT, &a, &alen,
3717 		&net) && alen == addrlen) {
3718 		if(addr_in_common(addr, (addr_is_ip6(addr, addrlen)?128:32),
3719 			&a, net, alen) >= net) {
3720 			*fromhost = NULL; /* prefix does not have destination
3721 				to send the probe or transfer with */
3722 			return 1; /* matches the netblock */
3723 		}
3724 	}
3725 	return 0;
3726 }
3727 
3728 /** check access list for notifies */
3729 static int
3730 az_xfr_allowed_notify(struct auth_xfer* xfr, struct sockaddr_storage* addr,
3731 	socklen_t addrlen, struct auth_master** fromhost)
3732 {
3733 	struct auth_master* p;
3734 	for(p=xfr->allow_notify_list; p; p=p->next) {
3735 		if(addr_matches_master(p, addr, addrlen, fromhost)) {
3736 			return 1;
3737 		}
3738 	}
3739 	return 0;
3740 }
3741 
3742 /** see if the serial means the zone has to be updated, i.e. the serial
3743  * is newer than the zone serial, or we have no zone */
3744 static int
3745 xfr_serial_means_update(struct auth_xfer* xfr, uint32_t serial)
3746 {
3747 	if(!xfr->have_zone)
3748 		return 1; /* no zone, anything is better */
3749 	if(xfr->zone_expired)
3750 		return 1; /* expired, the sent serial is better than expired
3751 			data */
3752 	if(compare_serial(xfr->serial, serial) < 0)
3753 		return 1; /* our serial is smaller than the sent serial,
3754 			the data is newer, fetch it */
3755 	return 0;
3756 }
3757 
3758 /** note notify serial, updates the notify information in the xfr struct */
3759 static void
3760 xfr_note_notify_serial(struct auth_xfer* xfr, int has_serial, uint32_t serial)
3761 {
3762 	if(xfr->notify_received && xfr->notify_has_serial && has_serial) {
3763 		/* see if this serial is newer */
3764 		if(compare_serial(xfr->notify_serial, serial) < 0)
3765 			xfr->notify_serial = serial;
3766 	} else if(xfr->notify_received && xfr->notify_has_serial &&
3767 		!has_serial) {
3768 		/* remove serial, we have notify without serial */
3769 		xfr->notify_has_serial = 0;
3770 		xfr->notify_serial = 0;
3771 	} else if(xfr->notify_received && !xfr->notify_has_serial) {
3772 		/* we already have notify without serial, keep it
3773 		 * that way; no serial check when current operation
3774 		 * is done */
3775 	} else {
3776 		xfr->notify_received = 1;
3777 		xfr->notify_has_serial = has_serial;
3778 		xfr->notify_serial = serial;
3779 	}
3780 }
3781 
3782 /** process a notify serial, start new probe or note serial. xfr is locked */
3783 static void
3784 xfr_process_notify(struct auth_xfer* xfr, struct module_env* env,
3785 	int has_serial, uint32_t serial, struct auth_master* fromhost)
3786 {
3787 	/* if the serial of notify is older than we have, don't fetch
3788 	 * a zone, we already have it */
3789 	if(has_serial && !xfr_serial_means_update(xfr, serial)) {
3790 		lock_basic_unlock(&xfr->lock);
3791 		return;
3792 	}
3793 	/* start new probe with this addr src, or note serial */
3794 	if(!xfr_start_probe(xfr, env, fromhost)) {
3795 		/* not started because already in progress, note the serial */
3796 		xfr_note_notify_serial(xfr, has_serial, serial);
3797 		lock_basic_unlock(&xfr->lock);
3798 	}
3799 	/* successful end of start_probe unlocked xfr->lock */
3800 }
3801 
3802 int auth_zones_notify(struct auth_zones* az, struct module_env* env,
3803 	uint8_t* nm, size_t nmlen, uint16_t dclass,
3804 	struct sockaddr_storage* addr, socklen_t addrlen, int has_serial,
3805 	uint32_t serial, int* refused)
3806 {
3807 	struct auth_xfer* xfr;
3808 	struct auth_master* fromhost = NULL;
3809 	/* see which zone this is */
3810 	lock_rw_rdlock(&az->lock);
3811 	xfr = auth_xfer_find(az, nm, nmlen, dclass);
3812 	if(!xfr) {
3813 		lock_rw_unlock(&az->lock);
3814 		/* no such zone, refuse the notify */
3815 		*refused = 1;
3816 		return 0;
3817 	}
3818 	lock_basic_lock(&xfr->lock);
3819 	lock_rw_unlock(&az->lock);
3820 
3821 	/* check access list for notifies */
3822 	if(!az_xfr_allowed_notify(xfr, addr, addrlen, &fromhost)) {
3823 		lock_basic_unlock(&xfr->lock);
3824 		/* notify not allowed, refuse the notify */
3825 		*refused = 1;
3826 		return 0;
3827 	}
3828 
3829 	/* process the notify */
3830 	xfr_process_notify(xfr, env, has_serial, serial, fromhost);
3831 	return 1;
3832 }
3833 
3834 int auth_zones_startprobesequence(struct auth_zones* az,
3835 	struct module_env* env, uint8_t* nm, size_t nmlen, uint16_t dclass)
3836 {
3837 	struct auth_xfer* xfr;
3838 	lock_rw_rdlock(&az->lock);
3839 	xfr = auth_xfer_find(az, nm, nmlen, dclass);
3840 	if(!xfr) {
3841 		lock_rw_unlock(&az->lock);
3842 		return 0;
3843 	}
3844 	lock_basic_lock(&xfr->lock);
3845 	lock_rw_unlock(&az->lock);
3846 
3847 	xfr_process_notify(xfr, env, 0, 0, NULL);
3848 	return 1;
3849 }
3850 
3851 /** set a zone expired */
3852 static void
3853 auth_xfer_set_expired(struct auth_xfer* xfr, struct module_env* env,
3854 	int expired)
3855 {
3856 	struct auth_zone* z;
3857 
3858 	/* expire xfr */
3859 	lock_basic_lock(&xfr->lock);
3860 	xfr->zone_expired = expired;
3861 	lock_basic_unlock(&xfr->lock);
3862 
3863 	/* find auth_zone */
3864 	lock_rw_rdlock(&env->auth_zones->lock);
3865 	z = auth_zone_find(env->auth_zones, xfr->name, xfr->namelen,
3866 		xfr->dclass);
3867 	if(!z) {
3868 		lock_rw_unlock(&env->auth_zones->lock);
3869 		return;
3870 	}
3871 	lock_rw_wrlock(&z->lock);
3872 	lock_rw_unlock(&env->auth_zones->lock);
3873 
3874 	/* expire auth_zone */
3875 	z->zone_expired = expired;
3876 	lock_rw_unlock(&z->lock);
3877 }
3878 
3879 /** find master (from notify or probe) in list of masters */
3880 static struct auth_master*
3881 find_master_by_host(struct auth_master* list, char* host)
3882 {
3883 	struct auth_master* p;
3884 	for(p=list; p; p=p->next) {
3885 		if(strcmp(p->host, host) == 0)
3886 			return p;
3887 	}
3888 	return NULL;
3889 }
3890 
3891 /** delete the looked up auth_addrs for all the masters in the list */
3892 static void
3893 xfr_masterlist_free_addrs(struct auth_master* list)
3894 {
3895 	struct auth_master* m;
3896 	for(m=list; m; m=m->next) {
3897 		if(m->list) {
3898 			auth_free_master_addrs(m->list);
3899 			m->list = NULL;
3900 		}
3901 	}
3902 }
3903 
3904 /** copy a list of auth_addrs */
3905 static struct auth_addr*
3906 auth_addr_list_copy(struct auth_addr* source)
3907 {
3908 	struct auth_addr* list = NULL, *last = NULL;
3909 	struct auth_addr* p;
3910 	for(p=source; p; p=p->next) {
3911 		struct auth_addr* a = (struct auth_addr*)memdup(p, sizeof(*p));
3912 		if(!a) {
3913 			log_err("malloc failure");
3914 			auth_free_master_addrs(list);
3915 			return NULL;
3916 		}
3917 		a->next = NULL;
3918 		if(last) last->next = a;
3919 		if(!list) list = a;
3920 		last = a;
3921 	}
3922 	return list;
3923 }
3924 
3925 /** copy a master to a new structure, NULL on alloc failure */
3926 static struct auth_master*
3927 auth_master_copy(struct auth_master* o)
3928 {
3929 	struct auth_master* m;
3930 	if(!o) return NULL;
3931 	m = (struct auth_master*)memdup(o, sizeof(*o));
3932 	if(!m) {
3933 		log_err("malloc failure");
3934 		return NULL;
3935 	}
3936 	m->next = NULL;
3937 	if(m->host) {
3938 		m->host = strdup(m->host);
3939 		if(!m->host) {
3940 			free(m);
3941 			log_err("malloc failure");
3942 			return NULL;
3943 		}
3944 	}
3945 	if(m->file) {
3946 		m->file = strdup(m->file);
3947 		if(!m->file) {
3948 			free(m->host);
3949 			free(m);
3950 			log_err("malloc failure");
3951 			return NULL;
3952 		}
3953 	}
3954 	if(m->list) {
3955 		m->list = auth_addr_list_copy(m->list);
3956 		if(!m->list) {
3957 			free(m->file);
3958 			free(m->host);
3959 			free(m);
3960 			return NULL;
3961 		}
3962 	}
3963 	return m;
3964 }
3965 
3966 /** copy the master addresses from the task_probe lookups to the allow_notify
3967  * list of masters */
3968 static void
3969 probe_copy_masters_for_allow_notify(struct auth_xfer* xfr)
3970 {
3971 	struct auth_master* list = NULL, *last = NULL;
3972 	struct auth_master* p;
3973 	/* build up new list with copies */
3974 	for(p = xfr->task_transfer->masters; p; p=p->next) {
3975 		struct auth_master* m = auth_master_copy(p);
3976 		if(!m) {
3977 			auth_free_masters(list);
3978 			/* failed because of malloc failure, use old list */
3979 			return;
3980 		}
3981 		m->next = NULL;
3982 		if(last) last->next = m;
3983 		if(!list) list = m;
3984 		last = m;
3985 	}
3986 	/* success, replace list */
3987 	auth_free_masters(xfr->allow_notify_list);
3988 	xfr->allow_notify_list = list;
3989 }
3990 
3991 /** start the lookups for task_transfer */
3992 static void
3993 xfr_transfer_start_lookups(struct auth_xfer* xfr)
3994 {
3995 	/* delete all the looked up addresses in the list */
3996 	xfr->task_transfer->scan_addr = NULL;
3997 	xfr_masterlist_free_addrs(xfr->task_transfer->masters);
3998 
3999 	/* start lookup at the first master */
4000 	xfr->task_transfer->lookup_target = xfr->task_transfer->masters;
4001 	xfr->task_transfer->lookup_aaaa = 0;
4002 }
4003 
4004 /** move to the next lookup of hostname for task_transfer */
4005 static void
4006 xfr_transfer_move_to_next_lookup(struct auth_xfer* xfr, struct module_env* env)
4007 {
4008 	if(!xfr->task_transfer->lookup_target)
4009 		return; /* already at end of list */
4010 	if(!xfr->task_transfer->lookup_aaaa && env->cfg->do_ip6) {
4011 		/* move to lookup AAAA */
4012 		xfr->task_transfer->lookup_aaaa = 1;
4013 		return;
4014 	}
4015 	xfr->task_transfer->lookup_target =
4016 		xfr->task_transfer->lookup_target->next;
4017 	xfr->task_transfer->lookup_aaaa = 0;
4018 	if(!env->cfg->do_ip4 && xfr->task_transfer->lookup_target!=NULL)
4019 		xfr->task_transfer->lookup_aaaa = 1;
4020 }
4021 
4022 /** start the lookups for task_probe */
4023 static void
4024 xfr_probe_start_lookups(struct auth_xfer* xfr)
4025 {
4026 	/* delete all the looked up addresses in the list */
4027 	xfr->task_probe->scan_addr = NULL;
4028 	xfr_masterlist_free_addrs(xfr->task_probe->masters);
4029 
4030 	/* start lookup at the first master */
4031 	xfr->task_probe->lookup_target = xfr->task_probe->masters;
4032 	xfr->task_probe->lookup_aaaa = 0;
4033 }
4034 
4035 /** move to the next lookup of hostname for task_probe */
4036 static void
4037 xfr_probe_move_to_next_lookup(struct auth_xfer* xfr, struct module_env* env)
4038 {
4039 	if(!xfr->task_probe->lookup_target)
4040 		return; /* already at end of list */
4041 	if(!xfr->task_probe->lookup_aaaa && env->cfg->do_ip6) {
4042 		/* move to lookup AAAA */
4043 		xfr->task_probe->lookup_aaaa = 1;
4044 		return;
4045 	}
4046 	xfr->task_probe->lookup_target = xfr->task_probe->lookup_target->next;
4047 	xfr->task_probe->lookup_aaaa = 0;
4048 	if(!env->cfg->do_ip4 && xfr->task_probe->lookup_target!=NULL)
4049 		xfr->task_probe->lookup_aaaa = 1;
4050 }
4051 
4052 /** start the iteration of the task_transfer list of masters */
4053 static void
4054 xfr_transfer_start_list(struct auth_xfer* xfr, struct auth_master* spec)
4055 {
4056 	if(spec) {
4057 		xfr->task_transfer->scan_specific = find_master_by_host(
4058 			xfr->task_transfer->masters, spec->host);
4059 		if(xfr->task_transfer->scan_specific) {
4060 			xfr->task_transfer->scan_target = NULL;
4061 			xfr->task_transfer->scan_addr = NULL;
4062 			if(xfr->task_transfer->scan_specific->list)
4063 				xfr->task_transfer->scan_addr =
4064 					xfr->task_transfer->scan_specific->list;
4065 			return;
4066 		}
4067 	}
4068 	/* no specific (notified) host to scan */
4069 	xfr->task_transfer->scan_specific = NULL;
4070 	xfr->task_transfer->scan_addr = NULL;
4071 	/* pick up first scan target */
4072 	xfr->task_transfer->scan_target = xfr->task_transfer->masters;
4073 	if(xfr->task_transfer->scan_target && xfr->task_transfer->
4074 		scan_target->list)
4075 		xfr->task_transfer->scan_addr =
4076 			xfr->task_transfer->scan_target->list;
4077 }
4078 
4079 /** start the iteration of the task_probe list of masters */
4080 static void
4081 xfr_probe_start_list(struct auth_xfer* xfr, struct auth_master* spec)
4082 {
4083 	if(spec) {
4084 		xfr->task_probe->scan_specific = find_master_by_host(
4085 			xfr->task_probe->masters, spec->host);
4086 		if(xfr->task_probe->scan_specific) {
4087 			xfr->task_probe->scan_target = NULL;
4088 			xfr->task_probe->scan_addr = NULL;
4089 			if(xfr->task_probe->scan_specific->list)
4090 				xfr->task_probe->scan_addr =
4091 					xfr->task_probe->scan_specific->list;
4092 			return;
4093 		}
4094 	}
4095 	/* no specific (notified) host to scan */
4096 	xfr->task_probe->scan_specific = NULL;
4097 	xfr->task_probe->scan_addr = NULL;
4098 	/* pick up first scan target */
4099 	xfr->task_probe->scan_target = xfr->task_probe->masters;
4100 	if(xfr->task_probe->scan_target && xfr->task_probe->scan_target->list)
4101 		xfr->task_probe->scan_addr =
4102 			xfr->task_probe->scan_target->list;
4103 }
4104 
4105 /** pick up the master that is being scanned right now, task_transfer */
4106 static struct auth_master*
4107 xfr_transfer_current_master(struct auth_xfer* xfr)
4108 {
4109 	if(xfr->task_transfer->scan_specific)
4110 		return xfr->task_transfer->scan_specific;
4111 	return xfr->task_transfer->scan_target;
4112 }
4113 
4114 /** pick up the master that is being scanned right now, task_probe */
4115 static struct auth_master*
4116 xfr_probe_current_master(struct auth_xfer* xfr)
4117 {
4118 	if(xfr->task_probe->scan_specific)
4119 		return xfr->task_probe->scan_specific;
4120 	return xfr->task_probe->scan_target;
4121 }
4122 
4123 /** true if at end of list, task_transfer */
4124 static int
4125 xfr_transfer_end_of_list(struct auth_xfer* xfr)
4126 {
4127 	return !xfr->task_transfer->scan_specific &&
4128 		!xfr->task_transfer->scan_target;
4129 }
4130 
4131 /** true if at end of list, task_probe */
4132 static int
4133 xfr_probe_end_of_list(struct auth_xfer* xfr)
4134 {
4135 	return !xfr->task_probe->scan_specific && !xfr->task_probe->scan_target;
4136 }
4137 
4138 /** move to next master in list, task_transfer */
4139 static void
4140 xfr_transfer_nextmaster(struct auth_xfer* xfr)
4141 {
4142 	if(!xfr->task_transfer->scan_specific &&
4143 		!xfr->task_transfer->scan_target)
4144 		return;
4145 	if(xfr->task_transfer->scan_addr) {
4146 		xfr->task_transfer->scan_addr =
4147 			xfr->task_transfer->scan_addr->next;
4148 		if(xfr->task_transfer->scan_addr)
4149 			return;
4150 	}
4151 	if(xfr->task_transfer->scan_specific) {
4152 		xfr->task_transfer->scan_specific = NULL;
4153 		xfr->task_transfer->scan_target = xfr->task_transfer->masters;
4154 		if(xfr->task_transfer->scan_target && xfr->task_transfer->
4155 			scan_target->list)
4156 			xfr->task_transfer->scan_addr =
4157 				xfr->task_transfer->scan_target->list;
4158 		return;
4159 	}
4160 	if(!xfr->task_transfer->scan_target)
4161 		return;
4162 	xfr->task_transfer->scan_target = xfr->task_transfer->scan_target->next;
4163 	if(xfr->task_transfer->scan_target && xfr->task_transfer->
4164 		scan_target->list)
4165 		xfr->task_transfer->scan_addr =
4166 			xfr->task_transfer->scan_target->list;
4167 	return;
4168 }
4169 
4170 /** move to next master in list, task_probe */
4171 static void
4172 xfr_probe_nextmaster(struct auth_xfer* xfr)
4173 {
4174 	if(!xfr->task_probe->scan_specific && !xfr->task_probe->scan_target)
4175 		return;
4176 	if(xfr->task_probe->scan_addr) {
4177 		xfr->task_probe->scan_addr = xfr->task_probe->scan_addr->next;
4178 		if(xfr->task_probe->scan_addr)
4179 			return;
4180 	}
4181 	if(xfr->task_probe->scan_specific) {
4182 		xfr->task_probe->scan_specific = NULL;
4183 		xfr->task_probe->scan_target = xfr->task_probe->masters;
4184 		if(xfr->task_probe->scan_target && xfr->task_probe->
4185 			scan_target->list)
4186 			xfr->task_probe->scan_addr =
4187 				xfr->task_probe->scan_target->list;
4188 		return;
4189 	}
4190 	if(!xfr->task_probe->scan_target)
4191 		return;
4192 	xfr->task_probe->scan_target = xfr->task_probe->scan_target->next;
4193 	if(xfr->task_probe->scan_target && xfr->task_probe->
4194 		scan_target->list)
4195 		xfr->task_probe->scan_addr =
4196 			xfr->task_probe->scan_target->list;
4197 	return;
4198 }
4199 
4200 /** create SOA probe packet for xfr */
4201 static void
4202 xfr_create_soa_probe_packet(struct auth_xfer* xfr, sldns_buffer* buf,
4203 	uint16_t id)
4204 {
4205 	struct query_info qinfo;
4206 
4207 	memset(&qinfo, 0, sizeof(qinfo));
4208 	qinfo.qname = xfr->name;
4209 	qinfo.qname_len = xfr->namelen;
4210 	qinfo.qtype = LDNS_RR_TYPE_SOA;
4211 	qinfo.qclass = xfr->dclass;
4212 	qinfo_query_encode(buf, &qinfo);
4213 	sldns_buffer_write_u16_at(buf, 0, id);
4214 }
4215 
4216 /** create IXFR/AXFR packet for xfr */
4217 static void
4218 xfr_create_ixfr_packet(struct auth_xfer* xfr, sldns_buffer* buf, uint16_t id,
4219 	struct auth_master* master)
4220 {
4221 	struct query_info qinfo;
4222 	uint32_t serial;
4223 	int have_zone;
4224 	have_zone = xfr->have_zone;
4225 	serial = xfr->serial;
4226 
4227 	memset(&qinfo, 0, sizeof(qinfo));
4228 	qinfo.qname = xfr->name;
4229 	qinfo.qname_len = xfr->namelen;
4230 	xfr->task_transfer->got_xfr_serial = 0;
4231 	xfr->task_transfer->rr_scan_num = 0;
4232 	xfr->task_transfer->incoming_xfr_serial = 0;
4233 	xfr->task_transfer->on_ixfr_is_axfr = 0;
4234 	xfr->task_transfer->on_ixfr = 1;
4235 	qinfo.qtype = LDNS_RR_TYPE_IXFR;
4236 	if(!have_zone || xfr->task_transfer->ixfr_fail || !master->ixfr) {
4237 		qinfo.qtype = LDNS_RR_TYPE_AXFR;
4238 		xfr->task_transfer->ixfr_fail = 0;
4239 		xfr->task_transfer->on_ixfr = 0;
4240 	}
4241 
4242 	qinfo.qclass = xfr->dclass;
4243 	qinfo_query_encode(buf, &qinfo);
4244 	sldns_buffer_write_u16_at(buf, 0, id);
4245 
4246 	/* append serial for IXFR */
4247 	if(qinfo.qtype == LDNS_RR_TYPE_IXFR) {
4248 		size_t end = sldns_buffer_limit(buf);
4249 		sldns_buffer_clear(buf);
4250 		sldns_buffer_set_position(buf, end);
4251 		/* auth section count 1 */
4252 		sldns_buffer_write_u16_at(buf, LDNS_NSCOUNT_OFF, 1);
4253 		/* write SOA */
4254 		sldns_buffer_write_u8(buf, 0xC0); /* compressed ptr to qname */
4255 		sldns_buffer_write_u8(buf, 0x0C);
4256 		sldns_buffer_write_u16(buf, LDNS_RR_TYPE_SOA);
4257 		sldns_buffer_write_u16(buf, qinfo.qclass);
4258 		sldns_buffer_write_u32(buf, 0); /* ttl */
4259 		sldns_buffer_write_u16(buf, 22); /* rdata length */
4260 		sldns_buffer_write_u8(buf, 0); /* . */
4261 		sldns_buffer_write_u8(buf, 0); /* . */
4262 		sldns_buffer_write_u32(buf, serial); /* serial */
4263 		sldns_buffer_write_u32(buf, 0); /* refresh */
4264 		sldns_buffer_write_u32(buf, 0); /* retry */
4265 		sldns_buffer_write_u32(buf, 0); /* expire */
4266 		sldns_buffer_write_u32(buf, 0); /* minimum */
4267 		sldns_buffer_flip(buf);
4268 	}
4269 }
4270 
4271 /** check if returned packet is OK */
4272 static int
4273 check_packet_ok(sldns_buffer* pkt, uint16_t qtype, struct auth_xfer* xfr,
4274 	uint32_t* serial)
4275 {
4276 	/* parse to see if packet worked, valid reply */
4277 
4278 	/* check serial number of SOA */
4279 	if(sldns_buffer_limit(pkt) < LDNS_HEADER_SIZE)
4280 		return 0;
4281 
4282 	/* check ID */
4283 	if(LDNS_ID_WIRE(sldns_buffer_begin(pkt)) != xfr->task_probe->id)
4284 		return 0;
4285 
4286 	/* check flag bits and rcode */
4287 	if(!LDNS_QR_WIRE(sldns_buffer_begin(pkt)))
4288 		return 0;
4289 	if(LDNS_OPCODE_WIRE(sldns_buffer_begin(pkt)) != LDNS_PACKET_QUERY)
4290 		return 0;
4291 	if(LDNS_RCODE_WIRE(sldns_buffer_begin(pkt)) != LDNS_RCODE_NOERROR)
4292 		return 0;
4293 
4294 	/* check qname */
4295 	if(LDNS_QDCOUNT(sldns_buffer_begin(pkt)) != 1)
4296 		return 0;
4297 	sldns_buffer_skip(pkt, LDNS_HEADER_SIZE);
4298 	if(sldns_buffer_remaining(pkt) < xfr->namelen)
4299 		return 0;
4300 	if(query_dname_compare(sldns_buffer_current(pkt), xfr->name) != 0)
4301 		return 0;
4302 	sldns_buffer_skip(pkt, (ssize_t)xfr->namelen);
4303 
4304 	/* check qtype, qclass */
4305 	if(sldns_buffer_remaining(pkt) < 4)
4306 		return 0;
4307 	if(sldns_buffer_read_u16(pkt) != qtype)
4308 		return 0;
4309 	if(sldns_buffer_read_u16(pkt) != xfr->dclass)
4310 		return 0;
4311 
4312 	if(serial) {
4313 		uint16_t rdlen;
4314 		/* read serial number, from answer section SOA */
4315 		if(LDNS_ANCOUNT(sldns_buffer_begin(pkt)) == 0)
4316 			return 0;
4317 		/* read from first record SOA record */
4318 		if(sldns_buffer_remaining(pkt) < 1)
4319 			return 0;
4320 		if(dname_pkt_compare(pkt, sldns_buffer_current(pkt),
4321 			xfr->name) != 0)
4322 			return 0;
4323 		if(!pkt_dname_len(pkt))
4324 			return 0;
4325 		/* type, class, ttl, rdatalen */
4326 		if(sldns_buffer_remaining(pkt) < 4+4+2)
4327 			return 0;
4328 		if(sldns_buffer_read_u16(pkt) != qtype)
4329 			return 0;
4330 		if(sldns_buffer_read_u16(pkt) != xfr->dclass)
4331 			return 0;
4332 		sldns_buffer_skip(pkt, 4); /* ttl */
4333 		rdlen = sldns_buffer_read_u16(pkt);
4334 		if(sldns_buffer_remaining(pkt) < rdlen)
4335 			return 0;
4336 		if(sldns_buffer_remaining(pkt) < 1)
4337 			return 0;
4338 		if(!pkt_dname_len(pkt)) /* soa name */
4339 			return 0;
4340 		if(sldns_buffer_remaining(pkt) < 1)
4341 			return 0;
4342 		if(!pkt_dname_len(pkt)) /* soa name */
4343 			return 0;
4344 		if(sldns_buffer_remaining(pkt) < 20)
4345 			return 0;
4346 		*serial = sldns_buffer_read_u32(pkt);
4347 	}
4348 	return 1;
4349 }
4350 
4351 /** read one line from chunks into buffer at current position */
4352 static int
4353 chunkline_get_line(struct auth_chunk** chunk, size_t* chunk_pos,
4354 	sldns_buffer* buf)
4355 {
4356 	int readsome = 0;
4357 	while(*chunk) {
4358 		/* more text in this chunk? */
4359 		if(*chunk_pos < (*chunk)->len) {
4360 			readsome = 1;
4361 			while(*chunk_pos < (*chunk)->len) {
4362 				char c = (char)((*chunk)->data[*chunk_pos]);
4363 				(*chunk_pos)++;
4364 				if(sldns_buffer_remaining(buf) < 2) {
4365 					/* buffer too short */
4366 					verbose(VERB_ALGO, "http chunkline, "
4367 						"line too long");
4368 					return 0;
4369 				}
4370 				sldns_buffer_write_u8(buf, (uint8_t)c);
4371 				if(c == '\n') {
4372 					/* we are done */
4373 					return 1;
4374 				}
4375 			}
4376 		}
4377 		/* move to next chunk */
4378 		*chunk = (*chunk)->next;
4379 		*chunk_pos = 0;
4380 	}
4381 	/* no more text */
4382 	if(readsome) return 1;
4383 	return 0;
4384 }
4385 
4386 /** count number of open and closed parenthesis in a chunkline */
4387 static int
4388 chunkline_count_parens(sldns_buffer* buf, size_t start)
4389 {
4390 	size_t end = sldns_buffer_position(buf);
4391 	size_t i;
4392 	int count = 0;
4393 	int squote = 0, dquote = 0;
4394 	for(i=start; i<end; i++) {
4395 		char c = (char)sldns_buffer_read_u8_at(buf, i);
4396 		if(squote && c != '\'') continue;
4397 		if(dquote && c != '"') continue;
4398 		if(c == '"')
4399 			dquote = !dquote; /* skip quoted part */
4400 		else if(c == '\'')
4401 			squote = !squote; /* skip quoted part */
4402 		else if(c == '(')
4403 			count ++;
4404 		else if(c == ')')
4405 			count --;
4406 		else if(c == ';') {
4407 			/* rest is a comment */
4408 			return count;
4409 		}
4410 	}
4411 	return count;
4412 }
4413 
4414 /** remove trailing ;... comment from a line in the chunkline buffer */
4415 static void
4416 chunkline_remove_trailcomment(sldns_buffer* buf, size_t start)
4417 {
4418 	size_t end = sldns_buffer_position(buf);
4419 	size_t i;
4420 	int squote = 0, dquote = 0;
4421 	for(i=start; i<end; i++) {
4422 		char c = (char)sldns_buffer_read_u8_at(buf, i);
4423 		if(squote && c != '\'') continue;
4424 		if(dquote && c != '"') continue;
4425 		if(c == '"')
4426 			dquote = !dquote; /* skip quoted part */
4427 		else if(c == '\'')
4428 			squote = !squote; /* skip quoted part */
4429 		else if(c == ';') {
4430 			/* rest is a comment */
4431 			sldns_buffer_set_position(buf, i);
4432 			return;
4433 		}
4434 	}
4435 	/* nothing to remove */
4436 }
4437 
4438 /** see if a chunkline is a comment line (or empty line) */
4439 static int
4440 chunkline_is_comment_line_or_empty(sldns_buffer* buf)
4441 {
4442 	size_t i, end = sldns_buffer_limit(buf);
4443 	for(i=0; i<end; i++) {
4444 		char c = (char)sldns_buffer_read_u8_at(buf, i);
4445 		if(c == ';')
4446 			return 1; /* comment */
4447 		else if(c != ' ' && c != '\t' && c != '\r' && c != '\n')
4448 			return 0; /* not a comment */
4449 	}
4450 	return 1; /* empty */
4451 }
4452 
4453 /** find a line with ( ) collated */
4454 static int
4455 chunkline_get_line_collated(struct auth_chunk** chunk, size_t* chunk_pos,
4456 	sldns_buffer* buf)
4457 {
4458 	size_t pos;
4459 	int parens = 0;
4460 	sldns_buffer_clear(buf);
4461 	pos = sldns_buffer_position(buf);
4462 	if(!chunkline_get_line(chunk, chunk_pos, buf)) {
4463 		if(sldns_buffer_position(buf) < sldns_buffer_limit(buf))
4464 			sldns_buffer_write_u8_at(buf, sldns_buffer_position(buf), 0);
4465 		else sldns_buffer_write_u8_at(buf, sldns_buffer_position(buf)-1, 0);
4466 		sldns_buffer_flip(buf);
4467 		return 0;
4468 	}
4469 	parens += chunkline_count_parens(buf, pos);
4470 	while(parens > 0) {
4471 		chunkline_remove_trailcomment(buf, pos);
4472 		pos = sldns_buffer_position(buf);
4473 		if(!chunkline_get_line(chunk, chunk_pos, buf)) {
4474 			if(sldns_buffer_position(buf) < sldns_buffer_limit(buf))
4475 				sldns_buffer_write_u8_at(buf, sldns_buffer_position(buf), 0);
4476 			else sldns_buffer_write_u8_at(buf, sldns_buffer_position(buf)-1, 0);
4477 			sldns_buffer_flip(buf);
4478 			return 0;
4479 		}
4480 		parens += chunkline_count_parens(buf, pos);
4481 	}
4482 
4483 	if(sldns_buffer_remaining(buf) < 1) {
4484 		verbose(VERB_ALGO, "http chunkline: "
4485 			"line too long");
4486 		return 0;
4487 	}
4488 	sldns_buffer_write_u8_at(buf, sldns_buffer_position(buf), 0);
4489 	sldns_buffer_flip(buf);
4490 	return 1;
4491 }
4492 
4493 /** process $ORIGIN for http, 0 nothing, 1 done, 2 error */
4494 static int
4495 http_parse_origin(sldns_buffer* buf, struct sldns_file_parse_state* pstate)
4496 {
4497 	char* line = (char*)sldns_buffer_begin(buf);
4498 	if(strncmp(line, "$ORIGIN", 7) == 0 &&
4499 		isspace((unsigned char)line[7])) {
4500 		int s;
4501 		pstate->origin_len = sizeof(pstate->origin);
4502 		s = sldns_str2wire_dname_buf(sldns_strip_ws(line+8),
4503 			pstate->origin, &pstate->origin_len);
4504 		if(s) {
4505 			pstate->origin_len = 0;
4506 			return 2;
4507 		}
4508 		return 1;
4509 	}
4510 	return 0;
4511 }
4512 
4513 /** process $TTL for http, 0 nothing, 1 done, 2 error */
4514 static int
4515 http_parse_ttl(sldns_buffer* buf, struct sldns_file_parse_state* pstate)
4516 {
4517 	char* line = (char*)sldns_buffer_begin(buf);
4518 	if(strncmp(line, "$TTL", 4) == 0 &&
4519 		isspace((unsigned char)line[4])) {
4520 		const char* end = NULL;
4521 		int overflow = 0;
4522 		pstate->default_ttl = sldns_str2period(
4523 			sldns_strip_ws(line+5), &end, &overflow);
4524 		if(overflow) {
4525 			return 2;
4526 		}
4527 		return 1;
4528 	}
4529 	return 0;
4530 }
4531 
4532 /** find noncomment RR line in chunks, collates lines if ( ) format */
4533 static int
4534 chunkline_non_comment_RR(struct auth_chunk** chunk, size_t* chunk_pos,
4535 	sldns_buffer* buf, struct sldns_file_parse_state* pstate)
4536 {
4537 	int ret;
4538 	while(chunkline_get_line_collated(chunk, chunk_pos, buf)) {
4539 		if(chunkline_is_comment_line_or_empty(buf)) {
4540 			/* a comment, go to next line */
4541 			continue;
4542 		}
4543 		if((ret=http_parse_origin(buf, pstate))!=0) {
4544 			if(ret == 2)
4545 				return 0;
4546 			continue; /* $ORIGIN has been handled */
4547 		}
4548 		if((ret=http_parse_ttl(buf, pstate))!=0) {
4549 			if(ret == 2)
4550 				return 0;
4551 			continue; /* $TTL has been handled */
4552 		}
4553 		return 1;
4554 	}
4555 	/* no noncomments, fail */
4556 	return 0;
4557 }
4558 
4559 /** check syntax of chunklist zonefile, parse first RR, return false on
4560  * failure and return a string in the scratch buffer (first RR string)
4561  * on failure. */
4562 static int
4563 http_zonefile_syntax_check(struct auth_xfer* xfr, sldns_buffer* buf)
4564 {
4565 	uint8_t rr[LDNS_RR_BUF_SIZE];
4566 	size_t rr_len, dname_len = 0;
4567 	struct sldns_file_parse_state pstate;
4568 	struct auth_chunk* chunk;
4569 	size_t chunk_pos;
4570 	int e;
4571 	memset(&pstate, 0, sizeof(pstate));
4572 	pstate.default_ttl = 3600;
4573 	if(xfr->namelen < sizeof(pstate.origin)) {
4574 		pstate.origin_len = xfr->namelen;
4575 		memmove(pstate.origin, xfr->name, xfr->namelen);
4576 	}
4577 	chunk = xfr->task_transfer->chunks_first;
4578 	chunk_pos = 0;
4579 	if(!chunkline_non_comment_RR(&chunk, &chunk_pos, buf, &pstate)) {
4580 		return 0;
4581 	}
4582 	rr_len = sizeof(rr);
4583 	e=sldns_str2wire_rr_buf((char*)sldns_buffer_begin(buf), rr, &rr_len,
4584 		&dname_len, pstate.default_ttl,
4585 		pstate.origin_len?pstate.origin:NULL, pstate.origin_len,
4586 		pstate.prev_rr_len?pstate.prev_rr:NULL, pstate.prev_rr_len);
4587 	if(e != 0) {
4588 		log_err("parse failure on first RR[%d]: %s",
4589 			LDNS_WIREPARSE_OFFSET(e),
4590 			sldns_get_errorstr_parse(LDNS_WIREPARSE_ERROR(e)));
4591 		return 0;
4592 	}
4593 	/* check that class is correct */
4594 	if(sldns_wirerr_get_class(rr, rr_len, dname_len) != xfr->dclass) {
4595 		log_err("parse failure: first record in downloaded zonefile "
4596 			"from wrong RR class");
4597 		return 0;
4598 	}
4599 	return 1;
4600 }
4601 
4602 /** sum sizes of chunklist */
4603 static size_t
4604 chunklist_sum(struct auth_chunk* list)
4605 {
4606 	struct auth_chunk* p;
4607 	size_t s = 0;
4608 	for(p=list; p; p=p->next) {
4609 		s += p->len;
4610 	}
4611 	return s;
4612 }
4613 
4614 /** remove newlines from collated line */
4615 static void
4616 chunkline_newline_removal(sldns_buffer* buf)
4617 {
4618 	size_t i, end=sldns_buffer_limit(buf);
4619 	for(i=0; i<end; i++) {
4620 		char c = (char)sldns_buffer_read_u8_at(buf, i);
4621 		if(c == '\n' && i==end-1) {
4622 			sldns_buffer_write_u8_at(buf, i, 0);
4623 			sldns_buffer_set_limit(buf, end-1);
4624 			return;
4625 		}
4626 		if(c == '\n')
4627 			sldns_buffer_write_u8_at(buf, i, (uint8_t)' ');
4628 	}
4629 }
4630 
4631 /** for http download, parse and add RR to zone */
4632 static int
4633 http_parse_add_rr(struct auth_xfer* xfr, struct auth_zone* z,
4634 	sldns_buffer* buf, struct sldns_file_parse_state* pstate)
4635 {
4636 	uint8_t rr[LDNS_RR_BUF_SIZE];
4637 	size_t rr_len, dname_len = 0;
4638 	int e;
4639 	char* line = (char*)sldns_buffer_begin(buf);
4640 	rr_len = sizeof(rr);
4641 	e = sldns_str2wire_rr_buf(line, rr, &rr_len, &dname_len,
4642 		pstate->default_ttl,
4643 		pstate->origin_len?pstate->origin:NULL, pstate->origin_len,
4644 		pstate->prev_rr_len?pstate->prev_rr:NULL, pstate->prev_rr_len);
4645 	if(e != 0) {
4646 		log_err("%s/%s parse failure RR[%d]: %s in '%s'",
4647 			xfr->task_transfer->master->host,
4648 			xfr->task_transfer->master->file,
4649 			LDNS_WIREPARSE_OFFSET(e),
4650 			sldns_get_errorstr_parse(LDNS_WIREPARSE_ERROR(e)),
4651 			line);
4652 		return 0;
4653 	}
4654 	if(rr_len == 0)
4655 		return 1; /* empty line or so */
4656 
4657 	/* set prev */
4658 	if(dname_len < sizeof(pstate->prev_rr)) {
4659 		memmove(pstate->prev_rr, rr, dname_len);
4660 		pstate->prev_rr_len = dname_len;
4661 	}
4662 
4663 	return az_insert_rr(z, rr, rr_len, dname_len, NULL);
4664 }
4665 
4666 /** RR list iterator, returns RRs from answer section one by one from the
4667  * dns packets in the chunklist */
4668 static void
4669 chunk_rrlist_start(struct auth_xfer* xfr, struct auth_chunk** rr_chunk,
4670 	int* rr_num, size_t* rr_pos)
4671 {
4672 	*rr_chunk = xfr->task_transfer->chunks_first;
4673 	*rr_num = 0;
4674 	*rr_pos = 0;
4675 }
4676 
4677 /** RR list iterator, see if we are at the end of the list */
4678 static int
4679 chunk_rrlist_end(struct auth_chunk* rr_chunk, int rr_num)
4680 {
4681 	while(rr_chunk) {
4682 		if(rr_chunk->len < LDNS_HEADER_SIZE)
4683 			return 1;
4684 		if(rr_num < (int)LDNS_ANCOUNT(rr_chunk->data))
4685 			return 0;
4686 		/* no more RRs in this chunk */
4687 		/* continue with next chunk, see if it has RRs */
4688 		rr_chunk = rr_chunk->next;
4689 		rr_num = 0;
4690 	}
4691 	return 1;
4692 }
4693 
4694 /** RR list iterator, move to next RR */
4695 static void
4696 chunk_rrlist_gonext(struct auth_chunk** rr_chunk, int* rr_num,
4697 	size_t* rr_pos, size_t rr_nextpos)
4698 {
4699 	/* already at end of chunks? */
4700 	if(!*rr_chunk)
4701 		return;
4702 	/* move within this chunk */
4703 	if((*rr_chunk)->len >= LDNS_HEADER_SIZE &&
4704 		(*rr_num)+1 < (int)LDNS_ANCOUNT((*rr_chunk)->data)) {
4705 		(*rr_num) += 1;
4706 		*rr_pos = rr_nextpos;
4707 		return;
4708 	}
4709 	/* no more RRs in this chunk */
4710 	/* continue with next chunk, see if it has RRs */
4711 	if(*rr_chunk)
4712 		*rr_chunk = (*rr_chunk)->next;
4713 	while(*rr_chunk) {
4714 		*rr_num = 0;
4715 		*rr_pos = 0;
4716 		if((*rr_chunk)->len >= LDNS_HEADER_SIZE &&
4717 			LDNS_ANCOUNT((*rr_chunk)->data) > 0) {
4718 			return;
4719 		}
4720 		*rr_chunk = (*rr_chunk)->next;
4721 	}
4722 }
4723 
4724 /** RR iterator, get current RR information, false on parse error */
4725 static int
4726 chunk_rrlist_get_current(struct auth_chunk* rr_chunk, int rr_num,
4727 	size_t rr_pos, uint8_t** rr_dname, uint16_t* rr_type,
4728 	uint16_t* rr_class, uint32_t* rr_ttl, uint16_t* rr_rdlen,
4729 	uint8_t** rr_rdata, size_t* rr_nextpos)
4730 {
4731 	sldns_buffer pkt;
4732 	/* integrity checks on position */
4733 	if(!rr_chunk) return 0;
4734 	if(rr_chunk->len < LDNS_HEADER_SIZE) return 0;
4735 	if(rr_num >= (int)LDNS_ANCOUNT(rr_chunk->data)) return 0;
4736 	if(rr_pos >= rr_chunk->len) return 0;
4737 
4738 	/* fetch rr information */
4739 	sldns_buffer_init_frm_data(&pkt, rr_chunk->data, rr_chunk->len);
4740 	if(rr_pos == 0) {
4741 		size_t i;
4742 		/* skip question section */
4743 		sldns_buffer_set_position(&pkt, LDNS_HEADER_SIZE);
4744 		for(i=0; i<LDNS_QDCOUNT(rr_chunk->data); i++) {
4745 			if(pkt_dname_len(&pkt) == 0) return 0;
4746 			if(sldns_buffer_remaining(&pkt) < 4) return 0;
4747 			sldns_buffer_skip(&pkt, 4); /* type and class */
4748 		}
4749 	} else	{
4750 		sldns_buffer_set_position(&pkt, rr_pos);
4751 	}
4752 	*rr_dname = sldns_buffer_current(&pkt);
4753 	if(pkt_dname_len(&pkt) == 0) return 0;
4754 	if(sldns_buffer_remaining(&pkt) < 10) return 0;
4755 	*rr_type = sldns_buffer_read_u16(&pkt);
4756 	*rr_class = sldns_buffer_read_u16(&pkt);
4757 	*rr_ttl = sldns_buffer_read_u32(&pkt);
4758 	*rr_rdlen = sldns_buffer_read_u16(&pkt);
4759 	if(sldns_buffer_remaining(&pkt) < (*rr_rdlen)) return 0;
4760 	*rr_rdata = sldns_buffer_current(&pkt);
4761 	sldns_buffer_skip(&pkt, (ssize_t)(*rr_rdlen));
4762 	*rr_nextpos = sldns_buffer_position(&pkt);
4763 	return 1;
4764 }
4765 
4766 /** print log message where we are in parsing the zone transfer */
4767 static void
4768 log_rrlist_position(const char* label, struct auth_chunk* rr_chunk,
4769 	uint8_t* rr_dname, uint16_t rr_type, size_t rr_counter)
4770 {
4771 	sldns_buffer pkt;
4772 	size_t dlen;
4773 	uint8_t buf[256];
4774 	char str[256];
4775 	char typestr[32];
4776 	sldns_buffer_init_frm_data(&pkt, rr_chunk->data, rr_chunk->len);
4777 	sldns_buffer_set_position(&pkt, (size_t)(rr_dname -
4778 		sldns_buffer_begin(&pkt)));
4779 	if((dlen=pkt_dname_len(&pkt)) == 0) return;
4780 	if(dlen >= sizeof(buf)) return;
4781 	dname_pkt_copy(&pkt, buf, rr_dname);
4782 	dname_str(buf, str);
4783 	(void)sldns_wire2str_type_buf(rr_type, typestr, sizeof(typestr));
4784 	verbose(VERB_ALGO, "%s at[%d] %s %s", label, (int)rr_counter,
4785 		str, typestr);
4786 }
4787 
4788 /** check that start serial is OK for ixfr. we are at rr_counter == 0,
4789  * and we are going to check rr_counter == 1 (has to be type SOA) serial */
4790 static int
4791 ixfr_start_serial(struct auth_chunk* rr_chunk, int rr_num, size_t rr_pos,
4792 	uint8_t* rr_dname, uint16_t rr_type, uint16_t rr_class,
4793 	uint32_t rr_ttl, uint16_t rr_rdlen, uint8_t* rr_rdata,
4794 	size_t rr_nextpos, uint32_t transfer_serial, uint32_t xfr_serial)
4795 {
4796 	uint32_t startserial;
4797 	/* move forward on RR */
4798 	chunk_rrlist_gonext(&rr_chunk, &rr_num, &rr_pos, rr_nextpos);
4799 	if(chunk_rrlist_end(rr_chunk, rr_num)) {
4800 		/* no second SOA */
4801 		verbose(VERB_OPS, "IXFR has no second SOA record");
4802 		return 0;
4803 	}
4804 	if(!chunk_rrlist_get_current(rr_chunk, rr_num, rr_pos,
4805 		&rr_dname, &rr_type, &rr_class, &rr_ttl, &rr_rdlen,
4806 		&rr_rdata, &rr_nextpos)) {
4807 		verbose(VERB_OPS, "IXFR cannot parse second SOA record");
4808 		/* failed to parse RR */
4809 		return 0;
4810 	}
4811 	if(rr_type != LDNS_RR_TYPE_SOA) {
4812 		verbose(VERB_OPS, "IXFR second record is not type SOA");
4813 		return 0;
4814 	}
4815 	if(rr_rdlen < 22) {
4816 		verbose(VERB_OPS, "IXFR, second SOA has short rdlength");
4817 		return 0; /* bad SOA rdlen */
4818 	}
4819 	startserial = sldns_read_uint32(rr_rdata+rr_rdlen-20);
4820 	if(startserial == transfer_serial) {
4821 		/* empty AXFR, not an IXFR */
4822 		verbose(VERB_OPS, "IXFR second serial same as first");
4823 		return 0;
4824 	}
4825 	if(startserial != xfr_serial) {
4826 		/* wrong start serial, it does not match the serial in
4827 		 * memory */
4828 		verbose(VERB_OPS, "IXFR is from serial %u to %u but %u "
4829 			"in memory, rejecting the zone transfer",
4830 			(unsigned)startserial, (unsigned)transfer_serial,
4831 			(unsigned)xfr_serial);
4832 		return 0;
4833 	}
4834 	/* everything OK in second SOA serial */
4835 	return 1;
4836 }
4837 
4838 /** apply IXFR to zone in memory. z is locked. false on failure(mallocfail) */
4839 static int
4840 apply_ixfr(struct auth_xfer* xfr, struct auth_zone* z,
4841 	struct sldns_buffer* scratch_buffer)
4842 {
4843 	struct auth_chunk* rr_chunk;
4844 	int rr_num;
4845 	size_t rr_pos;
4846 	uint8_t* rr_dname, *rr_rdata;
4847 	uint16_t rr_type, rr_class, rr_rdlen;
4848 	uint32_t rr_ttl;
4849 	size_t rr_nextpos;
4850 	int have_transfer_serial = 0;
4851 	uint32_t transfer_serial = 0;
4852 	size_t rr_counter = 0;
4853 	int delmode = 0;
4854 	int softfail = 0;
4855 
4856 	/* start RR iterator over chunklist of packets */
4857 	chunk_rrlist_start(xfr, &rr_chunk, &rr_num, &rr_pos);
4858 	while(!chunk_rrlist_end(rr_chunk, rr_num)) {
4859 		if(!chunk_rrlist_get_current(rr_chunk, rr_num, rr_pos,
4860 			&rr_dname, &rr_type, &rr_class, &rr_ttl, &rr_rdlen,
4861 			&rr_rdata, &rr_nextpos)) {
4862 			/* failed to parse RR */
4863 			return 0;
4864 		}
4865 		if(verbosity>=7) log_rrlist_position("apply ixfr",
4866 			rr_chunk, rr_dname, rr_type, rr_counter);
4867 		/* twiddle add/del mode and check for start and end */
4868 		if(rr_counter == 0 && rr_type != LDNS_RR_TYPE_SOA)
4869 			return 0;
4870 		if(rr_counter == 1 && rr_type != LDNS_RR_TYPE_SOA) {
4871 			/* this is an AXFR returned from the IXFR master */
4872 			/* but that should already have been detected, by
4873 			 * on_ixfr_is_axfr */
4874 			return 0;
4875 		}
4876 		if(rr_type == LDNS_RR_TYPE_SOA) {
4877 			uint32_t serial;
4878 			if(rr_rdlen < 22) return 0; /* bad SOA rdlen */
4879 			serial = sldns_read_uint32(rr_rdata+rr_rdlen-20);
4880 			if(have_transfer_serial == 0) {
4881 				have_transfer_serial = 1;
4882 				transfer_serial = serial;
4883 				delmode = 1; /* gets negated below */
4884 				/* check second RR before going any further */
4885 				if(!ixfr_start_serial(rr_chunk, rr_num, rr_pos,
4886 					rr_dname, rr_type, rr_class, rr_ttl,
4887 					rr_rdlen, rr_rdata, rr_nextpos,
4888 					transfer_serial, xfr->serial)) {
4889 					return 0;
4890 				}
4891 			} else if(transfer_serial == serial) {
4892 				have_transfer_serial++;
4893 				if(rr_counter == 1) {
4894 					/* empty AXFR, with SOA; SOA; */
4895 					/* should have been detected by
4896 					 * on_ixfr_is_axfr */
4897 					return 0;
4898 				}
4899 				if(have_transfer_serial == 3) {
4900 					/* see serial three times for end */
4901 					/* eg. IXFR:
4902 					 *  SOA 3 start
4903 					 *  SOA 1 second RR, followed by del
4904 					 *  SOA 2 followed by add
4905 					 *  SOA 2 followed by del
4906 					 *  SOA 3 followed by add
4907 					 *  SOA 3 end */
4908 					/* ended by SOA record */
4909 					xfr->serial = transfer_serial;
4910 					break;
4911 				}
4912 			}
4913 			/* twiddle add/del mode */
4914 			/* switch from delete part to add part and back again
4915 			 * just before the soa, it gets deleted and added too
4916 			 * this means we switch to delete mode for the final
4917 			 * SOA(so skip that one) */
4918 			delmode = !delmode;
4919 		}
4920 		/* process this RR */
4921 		/* if the RR is deleted twice or added twice, then we
4922 		 * softfail, and continue with the rest of the IXFR, so
4923 		 * that we serve something fairly nice during the refetch */
4924 		if(verbosity>=7) log_rrlist_position((delmode?"del":"add"),
4925 			rr_chunk, rr_dname, rr_type, rr_counter);
4926 		if(delmode) {
4927 			/* delete this RR */
4928 			int nonexist = 0;
4929 			if(!az_remove_rr_decompress(z, rr_chunk->data,
4930 				rr_chunk->len, scratch_buffer, rr_dname,
4931 				rr_type, rr_class, rr_ttl, rr_rdata, rr_rdlen,
4932 				&nonexist)) {
4933 				/* failed, malloc error or so */
4934 				return 0;
4935 			}
4936 			if(nonexist) {
4937 				/* it was removal of a nonexisting RR */
4938 				if(verbosity>=4) log_rrlist_position(
4939 					"IXFR error nonexistent RR",
4940 					rr_chunk, rr_dname, rr_type, rr_counter);
4941 				softfail = 1;
4942 			}
4943 		} else if(rr_counter != 0) {
4944 			/* skip first SOA RR for addition, it is added in
4945 			 * the addition part near the end of the ixfr, when
4946 			 * that serial is seen the second time. */
4947 			int duplicate = 0;
4948 			/* add this RR */
4949 			if(!az_insert_rr_decompress(z, rr_chunk->data,
4950 				rr_chunk->len, scratch_buffer, rr_dname,
4951 				rr_type, rr_class, rr_ttl, rr_rdata, rr_rdlen,
4952 				&duplicate)) {
4953 				/* failed, malloc error or so */
4954 				return 0;
4955 			}
4956 			if(duplicate) {
4957 				/* it was a duplicate */
4958 				if(verbosity>=4) log_rrlist_position(
4959 					"IXFR error duplicate RR",
4960 					rr_chunk, rr_dname, rr_type, rr_counter);
4961 				softfail = 1;
4962 			}
4963 		}
4964 
4965 		rr_counter++;
4966 		chunk_rrlist_gonext(&rr_chunk, &rr_num, &rr_pos, rr_nextpos);
4967 	}
4968 	if(softfail) {
4969 		verbose(VERB_ALGO, "IXFR did not apply cleanly, fetching full zone");
4970 		return 0;
4971 	}
4972 	return 1;
4973 }
4974 
4975 /** apply AXFR to zone in memory. z is locked. false on failure(mallocfail) */
4976 static int
4977 apply_axfr(struct auth_xfer* xfr, struct auth_zone* z,
4978 	struct sldns_buffer* scratch_buffer)
4979 {
4980 	struct auth_chunk* rr_chunk;
4981 	int rr_num;
4982 	size_t rr_pos;
4983 	uint8_t* rr_dname, *rr_rdata;
4984 	uint16_t rr_type, rr_class, rr_rdlen;
4985 	uint32_t rr_ttl;
4986 	uint32_t serial = 0;
4987 	size_t rr_nextpos;
4988 	size_t rr_counter = 0;
4989 	int have_end_soa = 0;
4990 
4991 	/* clear the data tree */
4992 	traverse_postorder(&z->data, auth_data_del, NULL);
4993 	rbtree_init(&z->data, &auth_data_cmp);
4994 	/* clear the RPZ policies */
4995 	if(z->rpz)
4996 		rpz_clear(z->rpz);
4997 
4998 	xfr->have_zone = 0;
4999 	xfr->serial = 0;
5000 
5001 	/* insert all RRs in to the zone */
5002 	/* insert the SOA only once, skip the last one */
5003 	/* start RR iterator over chunklist of packets */
5004 	chunk_rrlist_start(xfr, &rr_chunk, &rr_num, &rr_pos);
5005 	while(!chunk_rrlist_end(rr_chunk, rr_num)) {
5006 		if(!chunk_rrlist_get_current(rr_chunk, rr_num, rr_pos,
5007 			&rr_dname, &rr_type, &rr_class, &rr_ttl, &rr_rdlen,
5008 			&rr_rdata, &rr_nextpos)) {
5009 			/* failed to parse RR */
5010 			return 0;
5011 		}
5012 		if(verbosity>=7) log_rrlist_position("apply_axfr",
5013 			rr_chunk, rr_dname, rr_type, rr_counter);
5014 		if(rr_type == LDNS_RR_TYPE_SOA) {
5015 			if(rr_counter != 0) {
5016 				/* end of the axfr */
5017 				have_end_soa = 1;
5018 				break;
5019 			}
5020 			if(rr_rdlen < 22) return 0; /* bad SOA rdlen */
5021 			serial = sldns_read_uint32(rr_rdata+rr_rdlen-20);
5022 		}
5023 
5024 		/* add this RR */
5025 		if(!az_insert_rr_decompress(z, rr_chunk->data, rr_chunk->len,
5026 			scratch_buffer, rr_dname, rr_type, rr_class, rr_ttl,
5027 			rr_rdata, rr_rdlen, NULL)) {
5028 			/* failed, malloc error or so */
5029 			return 0;
5030 		}
5031 
5032 		rr_counter++;
5033 		chunk_rrlist_gonext(&rr_chunk, &rr_num, &rr_pos, rr_nextpos);
5034 	}
5035 	if(!have_end_soa) {
5036 		log_err("no end SOA record for AXFR");
5037 		return 0;
5038 	}
5039 
5040 	xfr->serial = serial;
5041 	xfr->have_zone = 1;
5042 	return 1;
5043 }
5044 
5045 /** apply HTTP to zone in memory. z is locked. false on failure(mallocfail) */
5046 static int
5047 apply_http(struct auth_xfer* xfr, struct auth_zone* z,
5048 	struct sldns_buffer* scratch_buffer)
5049 {
5050 	/* parse data in chunks */
5051 	/* parse RR's and read into memory. ignore $INCLUDE from the
5052 	 * downloaded file*/
5053 	struct sldns_file_parse_state pstate;
5054 	struct auth_chunk* chunk;
5055 	size_t chunk_pos;
5056 	int ret;
5057 	memset(&pstate, 0, sizeof(pstate));
5058 	pstate.default_ttl = 3600;
5059 	if(xfr->namelen < sizeof(pstate.origin)) {
5060 		pstate.origin_len = xfr->namelen;
5061 		memmove(pstate.origin, xfr->name, xfr->namelen);
5062 	}
5063 
5064 	if(verbosity >= VERB_ALGO)
5065 		verbose(VERB_ALGO, "http download %s of size %d",
5066 		xfr->task_transfer->master->file,
5067 		(int)chunklist_sum(xfr->task_transfer->chunks_first));
5068 	if(xfr->task_transfer->chunks_first && verbosity >= VERB_ALGO) {
5069 		char preview[1024];
5070 		if(xfr->task_transfer->chunks_first->len+1 > sizeof(preview)) {
5071 			memmove(preview, xfr->task_transfer->chunks_first->data,
5072 				sizeof(preview)-1);
5073 			preview[sizeof(preview)-1]=0;
5074 		} else {
5075 			memmove(preview, xfr->task_transfer->chunks_first->data,
5076 				xfr->task_transfer->chunks_first->len);
5077 			preview[xfr->task_transfer->chunks_first->len]=0;
5078 		}
5079 		log_info("auth zone http downloaded content preview: %s",
5080 			preview);
5081 	}
5082 
5083 	/* perhaps a little syntax check before we try to apply the data? */
5084 	if(!http_zonefile_syntax_check(xfr, scratch_buffer)) {
5085 		log_err("http download %s/%s does not contain a zonefile, "
5086 			"but got '%s'", xfr->task_transfer->master->host,
5087 			xfr->task_transfer->master->file,
5088 			sldns_buffer_begin(scratch_buffer));
5089 		return 0;
5090 	}
5091 
5092 	/* clear the data tree */
5093 	traverse_postorder(&z->data, auth_data_del, NULL);
5094 	rbtree_init(&z->data, &auth_data_cmp);
5095 	/* clear the RPZ policies */
5096 	if(z->rpz)
5097 		rpz_clear(z->rpz);
5098 
5099 	xfr->have_zone = 0;
5100 	xfr->serial = 0;
5101 
5102 	chunk = xfr->task_transfer->chunks_first;
5103 	chunk_pos = 0;
5104 	pstate.lineno = 0;
5105 	while(chunkline_get_line_collated(&chunk, &chunk_pos, scratch_buffer)) {
5106 		/* process this line */
5107 		pstate.lineno++;
5108 		chunkline_newline_removal(scratch_buffer);
5109 		if(chunkline_is_comment_line_or_empty(scratch_buffer)) {
5110 			continue;
5111 		}
5112 		/* parse line and add RR */
5113 		if((ret=http_parse_origin(scratch_buffer, &pstate))!=0) {
5114 			if(ret == 2) {
5115 				verbose(VERB_ALGO, "error parsing ORIGIN on line [%s:%d] %s",
5116 					xfr->task_transfer->master->file,
5117 					pstate.lineno,
5118 					sldns_buffer_begin(scratch_buffer));
5119 				return 0;
5120 			}
5121 			continue; /* $ORIGIN has been handled */
5122 		}
5123 		if((ret=http_parse_ttl(scratch_buffer, &pstate))!=0) {
5124 			if(ret == 2) {
5125 				verbose(VERB_ALGO, "error parsing TTL on line [%s:%d] %s",
5126 					xfr->task_transfer->master->file,
5127 					pstate.lineno,
5128 					sldns_buffer_begin(scratch_buffer));
5129 				return 0;
5130 			}
5131 			continue; /* $TTL has been handled */
5132 		}
5133 		if(!http_parse_add_rr(xfr, z, scratch_buffer, &pstate)) {
5134 			verbose(VERB_ALGO, "error parsing line [%s:%d] %s",
5135 				xfr->task_transfer->master->file,
5136 				pstate.lineno,
5137 				sldns_buffer_begin(scratch_buffer));
5138 			return 0;
5139 		}
5140 	}
5141 	return 1;
5142 }
5143 
5144 /** write http chunks to zonefile to create downloaded file */
5145 static int
5146 auth_zone_write_chunks(struct auth_xfer* xfr, const char* fname)
5147 {
5148 	FILE* out;
5149 	struct auth_chunk* p;
5150 	out = fopen(fname, "w");
5151 	if(!out) {
5152 		log_err("could not open %s: %s", fname, strerror(errno));
5153 		return 0;
5154 	}
5155 	for(p = xfr->task_transfer->chunks_first; p ; p = p->next) {
5156 		if(!write_out(out, (char*)p->data, p->len)) {
5157 			log_err("could not write http download to %s", fname);
5158 			fclose(out);
5159 			return 0;
5160 		}
5161 	}
5162 	fclose(out);
5163 	return 1;
5164 }
5165 
5166 /** write to zonefile after zone has been updated */
5167 static void
5168 xfr_write_after_update(struct auth_xfer* xfr, struct module_env* env)
5169 {
5170 	struct config_file* cfg = env->cfg;
5171 	struct auth_zone* z;
5172 	char tmpfile[1024];
5173 	char* zfilename;
5174 	lock_basic_unlock(&xfr->lock);
5175 
5176 	/* get lock again, so it is a readlock and concurrently queries
5177 	 * can be answered */
5178 	lock_rw_rdlock(&env->auth_zones->lock);
5179 	z = auth_zone_find(env->auth_zones, xfr->name, xfr->namelen,
5180 		xfr->dclass);
5181 	if(!z) {
5182 		lock_rw_unlock(&env->auth_zones->lock);
5183 		/* the zone is gone, ignore xfr results */
5184 		lock_basic_lock(&xfr->lock);
5185 		return;
5186 	}
5187 	lock_rw_rdlock(&z->lock);
5188 	lock_basic_lock(&xfr->lock);
5189 	lock_rw_unlock(&env->auth_zones->lock);
5190 
5191 	if(z->zonefile == NULL || z->zonefile[0] == 0) {
5192 		lock_rw_unlock(&z->lock);
5193 		/* no write needed, no zonefile set */
5194 		return;
5195 	}
5196 	zfilename = z->zonefile;
5197 	if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(zfilename,
5198 		cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
5199 		zfilename += strlen(cfg->chrootdir);
5200 	if(verbosity >= VERB_ALGO) {
5201 		char nm[255+1];
5202 		dname_str(z->name, nm);
5203 		verbose(VERB_ALGO, "write zonefile %s for %s", zfilename, nm);
5204 	}
5205 
5206 	/* write to tempfile first */
5207 	if((size_t)strlen(zfilename) + 16 > sizeof(tmpfile)) {
5208 		verbose(VERB_ALGO, "tmpfilename too long, cannot update "
5209 			" zonefile %s", zfilename);
5210 		lock_rw_unlock(&z->lock);
5211 		return;
5212 	}
5213 	snprintf(tmpfile, sizeof(tmpfile), "%s.tmp%u", zfilename,
5214 		(unsigned)getpid());
5215 	if(xfr->task_transfer->master->http) {
5216 		/* use the stored chunk list to write them */
5217 		if(!auth_zone_write_chunks(xfr, tmpfile)) {
5218 			unlink(tmpfile);
5219 			lock_rw_unlock(&z->lock);
5220 			return;
5221 		}
5222 	} else if(!auth_zone_write_file(z, tmpfile)) {
5223 		unlink(tmpfile);
5224 		lock_rw_unlock(&z->lock);
5225 		return;
5226 	}
5227 #ifdef UB_ON_WINDOWS
5228 	(void)unlink(zfilename); /* windows does not replace file with rename() */
5229 #endif
5230 	if(rename(tmpfile, zfilename) < 0) {
5231 		log_err("could not rename(%s, %s): %s", tmpfile, zfilename,
5232 			strerror(errno));
5233 		unlink(tmpfile);
5234 		lock_rw_unlock(&z->lock);
5235 		return;
5236 	}
5237 	lock_rw_unlock(&z->lock);
5238 }
5239 
5240 /** reacquire locks and structures. Starts with no locks, ends
5241  * with xfr and z locks, if fail, no z lock */
5242 static int xfr_process_reacquire_locks(struct auth_xfer* xfr,
5243 	struct module_env* env, struct auth_zone** z)
5244 {
5245 	/* release xfr lock, then, while holding az->lock grab both
5246 	 * z->lock and xfr->lock */
5247 	lock_rw_rdlock(&env->auth_zones->lock);
5248 	*z = auth_zone_find(env->auth_zones, xfr->name, xfr->namelen,
5249 		xfr->dclass);
5250 	if(!*z) {
5251 		lock_rw_unlock(&env->auth_zones->lock);
5252 		lock_basic_lock(&xfr->lock);
5253 		*z = NULL;
5254 		return 0;
5255 	}
5256 	lock_rw_wrlock(&(*z)->lock);
5257 	lock_basic_lock(&xfr->lock);
5258 	lock_rw_unlock(&env->auth_zones->lock);
5259 	return 1;
5260 }
5261 
5262 /** process chunk list and update zone in memory,
5263  * return false if it did not work */
5264 static int
5265 xfr_process_chunk_list(struct auth_xfer* xfr, struct module_env* env,
5266 	int* ixfr_fail)
5267 {
5268 	struct auth_zone* z;
5269 
5270 	/* obtain locks and structures */
5271 	lock_basic_unlock(&xfr->lock);
5272 	if(!xfr_process_reacquire_locks(xfr, env, &z)) {
5273 		/* the zone is gone, ignore xfr results */
5274 		return 0;
5275 	}
5276 	/* holding xfr and z locks */
5277 
5278 	/* apply data */
5279 	if(xfr->task_transfer->master->http) {
5280 		if(!apply_http(xfr, z, env->scratch_buffer)) {
5281 			lock_rw_unlock(&z->lock);
5282 			verbose(VERB_ALGO, "http from %s: could not store data",
5283 				xfr->task_transfer->master->host);
5284 			return 0;
5285 		}
5286 	} else if(xfr->task_transfer->on_ixfr &&
5287 		!xfr->task_transfer->on_ixfr_is_axfr) {
5288 		if(!apply_ixfr(xfr, z, env->scratch_buffer)) {
5289 			lock_rw_unlock(&z->lock);
5290 			verbose(VERB_ALGO, "xfr from %s: could not store IXFR"
5291 				" data", xfr->task_transfer->master->host);
5292 			*ixfr_fail = 1;
5293 			return 0;
5294 		}
5295 	} else {
5296 		if(!apply_axfr(xfr, z, env->scratch_buffer)) {
5297 			lock_rw_unlock(&z->lock);
5298 			verbose(VERB_ALGO, "xfr from %s: could not store AXFR"
5299 				" data", xfr->task_transfer->master->host);
5300 			return 0;
5301 		}
5302 	}
5303 	xfr->zone_expired = 0;
5304 	z->zone_expired = 0;
5305 	if(!xfr_find_soa(z, xfr)) {
5306 		lock_rw_unlock(&z->lock);
5307 		verbose(VERB_ALGO, "xfr from %s: no SOA in zone after update"
5308 			" (or malformed RR)", xfr->task_transfer->master->host);
5309 		return 0;
5310 	}
5311 
5312 	/* release xfr lock while verifying zonemd because it may have
5313 	 * to spawn lookups in the state machines */
5314 	lock_basic_unlock(&xfr->lock);
5315 	/* holding z lock */
5316 	auth_zone_verify_zonemd(z, env, &env->mesh->mods, NULL, 0, 0);
5317 	if(z->zone_expired) {
5318 		char zname[256];
5319 		/* ZONEMD must have failed */
5320 		/* reacquire locks, so we hold xfr lock on exit of routine,
5321 		 * and both xfr and z again after releasing xfr for potential
5322 		 * state machine mesh callbacks */
5323 		lock_rw_unlock(&z->lock);
5324 		if(!xfr_process_reacquire_locks(xfr, env, &z))
5325 			return 0;
5326 		dname_str(xfr->name, zname);
5327 		verbose(VERB_ALGO, "xfr from %s: ZONEMD failed for %s, transfer is failed", xfr->task_transfer->master->host, zname);
5328 		xfr->zone_expired = 1;
5329 		lock_rw_unlock(&z->lock);
5330 		return 0;
5331 	}
5332 	/* reacquire locks, so we hold xfr lock on exit of routine,
5333 	 * and both xfr and z again after releasing xfr for potential
5334 	 * state machine mesh callbacks */
5335 	lock_rw_unlock(&z->lock);
5336 	if(!xfr_process_reacquire_locks(xfr, env, &z))
5337 		return 0;
5338 	/* holding xfr and z locks */
5339 
5340 	if(xfr->have_zone)
5341 		xfr->lease_time = *env->now;
5342 
5343 	if(z->rpz)
5344 		rpz_finish_config(z->rpz);
5345 
5346 	/* unlock */
5347 	lock_rw_unlock(&z->lock);
5348 
5349 	if(verbosity >= VERB_QUERY && xfr->have_zone) {
5350 		char zname[256];
5351 		dname_str(xfr->name, zname);
5352 		verbose(VERB_QUERY, "auth zone %s updated to serial %u", zname,
5353 			(unsigned)xfr->serial);
5354 	}
5355 	/* see if we need to write to a zonefile */
5356 	xfr_write_after_update(xfr, env);
5357 	return 1;
5358 }
5359 
5360 /** disown task_transfer.  caller must hold xfr.lock */
5361 static void
5362 xfr_transfer_disown(struct auth_xfer* xfr)
5363 {
5364 	/* remove timer (from this worker's event base) */
5365 	comm_timer_delete(xfr->task_transfer->timer);
5366 	xfr->task_transfer->timer = NULL;
5367 	/* remove the commpoint */
5368 	comm_point_delete(xfr->task_transfer->cp);
5369 	xfr->task_transfer->cp = NULL;
5370 	/* we don't own this item anymore */
5371 	xfr->task_transfer->worker = NULL;
5372 	xfr->task_transfer->env = NULL;
5373 }
5374 
5375 /** lookup a host name for its addresses, if needed */
5376 static int
5377 xfr_transfer_lookup_host(struct auth_xfer* xfr, struct module_env* env)
5378 {
5379 	struct sockaddr_storage addr;
5380 	socklen_t addrlen = 0;
5381 	struct auth_master* master = xfr->task_transfer->lookup_target;
5382 	struct query_info qinfo;
5383 	uint16_t qflags = BIT_RD;
5384 	uint8_t dname[LDNS_MAX_DOMAINLEN+1];
5385 	struct edns_data edns;
5386 	sldns_buffer* buf = env->scratch_buffer;
5387 	if(!master) return 0;
5388 	if(extstrtoaddr(master->host, &addr, &addrlen, UNBOUND_DNS_PORT)) {
5389 		/* not needed, host is in IP addr format */
5390 		return 0;
5391 	}
5392 	if(master->allow_notify)
5393 		return 0; /* allow-notifies are not transferred from, no
5394 		lookup is needed */
5395 
5396 	/* use mesh_new_callback to probe for non-addr hosts,
5397 	 * and then wait for them to be looked up (in cache, or query) */
5398 	qinfo.qname_len = sizeof(dname);
5399 	if(sldns_str2wire_dname_buf(master->host, dname, &qinfo.qname_len)
5400 		!= 0) {
5401 		log_err("cannot parse host name of master %s", master->host);
5402 		return 0;
5403 	}
5404 	qinfo.qname = dname;
5405 	qinfo.qclass = xfr->dclass;
5406 	qinfo.qtype = LDNS_RR_TYPE_A;
5407 	if(xfr->task_transfer->lookup_aaaa)
5408 		qinfo.qtype = LDNS_RR_TYPE_AAAA;
5409 	qinfo.local_alias = NULL;
5410 	if(verbosity >= VERB_ALGO) {
5411 		char buf1[512];
5412 		char buf2[LDNS_MAX_DOMAINLEN+1];
5413 		dname_str(xfr->name, buf2);
5414 		snprintf(buf1, sizeof(buf1), "auth zone %s: master lookup"
5415 			" for task_transfer", buf2);
5416 		log_query_info(VERB_ALGO, buf1, &qinfo);
5417 	}
5418 	edns.edns_present = 1;
5419 	edns.ext_rcode = 0;
5420 	edns.edns_version = 0;
5421 	edns.bits = EDNS_DO;
5422 	edns.opt_list_in = NULL;
5423 	edns.opt_list_out = NULL;
5424 	edns.opt_list_inplace_cb_out = NULL;
5425 	edns.padding_block_size = 0;
5426 	edns.cookie_present = 0;
5427 	edns.cookie_valid = 0;
5428 	if(sldns_buffer_capacity(buf) < 65535)
5429 		edns.udp_size = (uint16_t)sldns_buffer_capacity(buf);
5430 	else	edns.udp_size = 65535;
5431 
5432 	/* unlock xfr during mesh_new_callback() because the callback can be
5433 	 * called straight away */
5434 	lock_basic_unlock(&xfr->lock);
5435 	if(!mesh_new_callback(env->mesh, &qinfo, qflags, &edns, buf, 0,
5436 		&auth_xfer_transfer_lookup_callback, xfr, 0)) {
5437 		lock_basic_lock(&xfr->lock);
5438 		log_err("out of memory lookup up master %s", master->host);
5439 		return 0;
5440 	}
5441 	lock_basic_lock(&xfr->lock);
5442 	return 1;
5443 }
5444 
5445 /** initiate TCP to the target and fetch zone.
5446  * returns true if that was successfully started, and timeout setup. */
5447 static int
5448 xfr_transfer_init_fetch(struct auth_xfer* xfr, struct module_env* env)
5449 {
5450 	struct sockaddr_storage addr;
5451 	socklen_t addrlen = 0;
5452 	struct auth_master* master = xfr->task_transfer->master;
5453 	char *auth_name = NULL;
5454 	struct timeval t;
5455 	int timeout;
5456 	if(!master) return 0;
5457 	if(master->allow_notify) return 0; /* only for notify */
5458 
5459 	/* get master addr */
5460 	if(xfr->task_transfer->scan_addr) {
5461 		addrlen = xfr->task_transfer->scan_addr->addrlen;
5462 		memmove(&addr, &xfr->task_transfer->scan_addr->addr, addrlen);
5463 	} else {
5464 		if(!authextstrtoaddr(master->host, &addr, &addrlen, &auth_name)) {
5465 			/* the ones that are not in addr format are supposed
5466 			 * to be looked up.  The lookup has failed however,
5467 			 * so skip them */
5468 			char zname[255+1];
5469 			dname_str(xfr->name, zname);
5470 			log_err("%s: failed lookup, cannot transfer from master %s",
5471 				zname, master->host);
5472 			return 0;
5473 		}
5474 	}
5475 
5476 	/* remove previous TCP connection (if any) */
5477 	if(xfr->task_transfer->cp) {
5478 		comm_point_delete(xfr->task_transfer->cp);
5479 		xfr->task_transfer->cp = NULL;
5480 	}
5481 	if(!xfr->task_transfer->timer) {
5482 		xfr->task_transfer->timer = comm_timer_create(env->worker_base,
5483 			auth_xfer_transfer_timer_callback, xfr);
5484 		if(!xfr->task_transfer->timer) {
5485 			log_err("malloc failure");
5486 			return 0;
5487 		}
5488 	}
5489 	timeout = AUTH_TRANSFER_TIMEOUT;
5490 #ifndef S_SPLINT_S
5491         t.tv_sec = timeout/1000;
5492         t.tv_usec = (timeout%1000)*1000;
5493 #endif
5494 
5495 	if(master->http) {
5496 		/* perform http fetch */
5497 		/* store http port number into sockaddr,
5498 		 * unless someone used unbound's host@port notation */
5499 		xfr->task_transfer->on_ixfr = 0;
5500 		if(strchr(master->host, '@') == NULL)
5501 			sockaddr_store_port(&addr, addrlen, master->port);
5502 		xfr->task_transfer->cp = outnet_comm_point_for_http(
5503 			env->outnet, auth_xfer_transfer_http_callback, xfr,
5504 			&addr, addrlen, -1, master->ssl, master->host,
5505 			master->file, env->cfg);
5506 		if(!xfr->task_transfer->cp) {
5507 			char zname[255+1], as[256];
5508 			dname_str(xfr->name, zname);
5509 			addr_to_str(&addr, addrlen, as, sizeof(as));
5510 			verbose(VERB_ALGO, "cannot create http cp "
5511 				"connection for %s to %s", zname, as);
5512 			return 0;
5513 		}
5514 		comm_timer_set(xfr->task_transfer->timer, &t);
5515 		if(verbosity >= VERB_ALGO) {
5516 			char zname[255+1], as[256];
5517 			dname_str(xfr->name, zname);
5518 			addr_to_str(&addr, addrlen, as, sizeof(as));
5519 			verbose(VERB_ALGO, "auth zone %s transfer next HTTP fetch from %s started", zname, as);
5520 		}
5521 		/* Create or refresh the list of allow_notify addrs */
5522 		probe_copy_masters_for_allow_notify(xfr);
5523 		return 1;
5524 	}
5525 
5526 	/* perform AXFR/IXFR */
5527 	/* set the packet to be written */
5528 	/* create new ID */
5529 	xfr->task_transfer->id = GET_RANDOM_ID(env->rnd);
5530 	xfr_create_ixfr_packet(xfr, env->scratch_buffer,
5531 		xfr->task_transfer->id, master);
5532 
5533 	/* connect on fd */
5534 	xfr->task_transfer->cp = outnet_comm_point_for_tcp(env->outnet,
5535 		auth_xfer_transfer_tcp_callback, xfr, &addr, addrlen,
5536 		env->scratch_buffer, -1,
5537 		auth_name != NULL, auth_name);
5538 	if(!xfr->task_transfer->cp) {
5539 		char zname[255+1], as[256];
5540  		dname_str(xfr->name, zname);
5541 		addr_to_str(&addr, addrlen, as, sizeof(as));
5542 		verbose(VERB_ALGO, "cannot create tcp cp connection for "
5543 			"xfr %s to %s", zname, as);
5544 		return 0;
5545 	}
5546 	comm_timer_set(xfr->task_transfer->timer, &t);
5547 	if(verbosity >= VERB_ALGO) {
5548 		char zname[255+1], as[256];
5549  		dname_str(xfr->name, zname);
5550 		addr_to_str(&addr, addrlen, as, sizeof(as));
5551 		verbose(VERB_ALGO, "auth zone %s transfer next %s fetch from %s started", zname,
5552 			(xfr->task_transfer->on_ixfr?"IXFR":"AXFR"), as);
5553 	}
5554 	return 1;
5555 }
5556 
5557 /** perform next lookup, next transfer TCP, or end and resume wait time task */
5558 static void
5559 xfr_transfer_nexttarget_or_end(struct auth_xfer* xfr, struct module_env* env)
5560 {
5561 	log_assert(xfr->task_transfer->worker == env->worker);
5562 
5563 	/* are we performing lookups? */
5564 	while(xfr->task_transfer->lookup_target) {
5565 		if(xfr_transfer_lookup_host(xfr, env)) {
5566 			/* wait for lookup to finish,
5567 			 * note that the hostname may be in unbound's cache
5568 			 * and we may then get an instant cache response,
5569 			 * and that calls the callback just like a full
5570 			 * lookup and lookup failures also call callback */
5571 			if(verbosity >= VERB_ALGO) {
5572 				char zname[255+1];
5573 				dname_str(xfr->name, zname);
5574 				verbose(VERB_ALGO, "auth zone %s transfer next target lookup", zname);
5575 			}
5576 			lock_basic_unlock(&xfr->lock);
5577 			return;
5578 		}
5579 		xfr_transfer_move_to_next_lookup(xfr, env);
5580 	}
5581 
5582 	/* initiate TCP and fetch the zone from the master */
5583 	/* and set timeout on it */
5584 	while(!xfr_transfer_end_of_list(xfr)) {
5585 		xfr->task_transfer->master = xfr_transfer_current_master(xfr);
5586 		if(xfr_transfer_init_fetch(xfr, env)) {
5587 			/* successfully started, wait for callback */
5588 			lock_basic_unlock(&xfr->lock);
5589 			return;
5590 		}
5591 		/* failed to fetch, next master */
5592 		xfr_transfer_nextmaster(xfr);
5593 	}
5594 	if(verbosity >= VERB_ALGO) {
5595 		char zname[255+1];
5596 		dname_str(xfr->name, zname);
5597 		verbose(VERB_ALGO, "auth zone %s transfer failed, wait", zname);
5598 	}
5599 
5600 	/* we failed to fetch the zone, move to wait task
5601 	 * use the shorter retry timeout */
5602 	xfr_transfer_disown(xfr);
5603 
5604 	/* pick up the nextprobe task and wait */
5605 	if(xfr->task_nextprobe->worker == NULL)
5606 		xfr_set_timeout(xfr, env, 1, 0);
5607 	lock_basic_unlock(&xfr->lock);
5608 }
5609 
5610 /** add addrs from A or AAAA rrset to the master */
5611 static void
5612 xfr_master_add_addrs(struct auth_master* m, struct ub_packed_rrset_key* rrset,
5613 	uint16_t rrtype)
5614 {
5615 	size_t i;
5616 	struct packed_rrset_data* data;
5617 	if(!m || !rrset) return;
5618 	if(rrtype != LDNS_RR_TYPE_A && rrtype != LDNS_RR_TYPE_AAAA)
5619 		return;
5620 	data = (struct packed_rrset_data*)rrset->entry.data;
5621 	for(i=0; i<data->count; i++) {
5622 		struct auth_addr* a;
5623 		size_t len = data->rr_len[i] - 2;
5624 		uint8_t* rdata = data->rr_data[i]+2;
5625 		if(rrtype == LDNS_RR_TYPE_A && len != INET_SIZE)
5626 			continue; /* wrong length for A */
5627 		if(rrtype == LDNS_RR_TYPE_AAAA && len != INET6_SIZE)
5628 			continue; /* wrong length for AAAA */
5629 
5630 		/* add and alloc it */
5631 		a = (struct auth_addr*)calloc(1, sizeof(*a));
5632 		if(!a) {
5633 			log_err("out of memory");
5634 			return;
5635 		}
5636 		if(rrtype == LDNS_RR_TYPE_A) {
5637 			struct sockaddr_in* sa;
5638 			a->addrlen = (socklen_t)sizeof(*sa);
5639 			sa = (struct sockaddr_in*)&a->addr;
5640 			sa->sin_family = AF_INET;
5641 			sa->sin_port = (in_port_t)htons(UNBOUND_DNS_PORT);
5642 			memmove(&sa->sin_addr, rdata, INET_SIZE);
5643 		} else {
5644 			struct sockaddr_in6* sa;
5645 			a->addrlen = (socklen_t)sizeof(*sa);
5646 			sa = (struct sockaddr_in6*)&a->addr;
5647 			sa->sin6_family = AF_INET6;
5648 			sa->sin6_port = (in_port_t)htons(UNBOUND_DNS_PORT);
5649 			memmove(&sa->sin6_addr, rdata, INET6_SIZE);
5650 		}
5651 		if(verbosity >= VERB_ALGO) {
5652 			char s[64];
5653 			addr_to_str(&a->addr, a->addrlen, s, sizeof(s));
5654 			verbose(VERB_ALGO, "auth host %s lookup %s",
5655 				m->host, s);
5656 		}
5657 		/* append to list */
5658 		a->next = m->list;
5659 		m->list = a;
5660 	}
5661 }
5662 
5663 /** callback for task_transfer lookup of host name, of A or AAAA */
5664 void auth_xfer_transfer_lookup_callback(void* arg, int rcode, sldns_buffer* buf,
5665 	enum sec_status ATTR_UNUSED(sec), char* ATTR_UNUSED(why_bogus),
5666 	int ATTR_UNUSED(was_ratelimited))
5667 {
5668 	struct auth_xfer* xfr = (struct auth_xfer*)arg;
5669 	struct module_env* env;
5670 	log_assert(xfr->task_transfer);
5671 	lock_basic_lock(&xfr->lock);
5672 	env = xfr->task_transfer->env;
5673 	if(!env || env->outnet->want_to_quit) {
5674 		lock_basic_unlock(&xfr->lock);
5675 		return; /* stop on quit */
5676 	}
5677 
5678 	/* process result */
5679 	if(rcode == LDNS_RCODE_NOERROR) {
5680 		uint16_t wanted_qtype = LDNS_RR_TYPE_A;
5681 		struct regional* temp = env->scratch;
5682 		struct query_info rq;
5683 		struct reply_info* rep;
5684 		if(xfr->task_transfer->lookup_aaaa)
5685 			wanted_qtype = LDNS_RR_TYPE_AAAA;
5686 		memset(&rq, 0, sizeof(rq));
5687 		rep = parse_reply_in_temp_region(buf, temp, &rq);
5688 		if(rep && rq.qtype == wanted_qtype &&
5689 			FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NOERROR) {
5690 			/* parsed successfully */
5691 			struct ub_packed_rrset_key* answer =
5692 				reply_find_answer_rrset(&rq, rep);
5693 			if(answer) {
5694 				xfr_master_add_addrs(xfr->task_transfer->
5695 					lookup_target, answer, wanted_qtype);
5696 			} else {
5697 				if(verbosity >= VERB_ALGO) {
5698 					char zname[255+1];
5699 					dname_str(xfr->name, zname);
5700 					verbose(VERB_ALGO, "auth zone %s host %s type %s transfer lookup has nodata", zname, xfr->task_transfer->lookup_target->host, (xfr->task_transfer->lookup_aaaa?"AAAA":"A"));
5701 				}
5702 			}
5703 		} else {
5704 			if(verbosity >= VERB_ALGO) {
5705 				char zname[255+1];
5706 				dname_str(xfr->name, zname);
5707 				verbose(VERB_ALGO, "auth zone %s host %s type %s transfer lookup has no answer", zname, xfr->task_transfer->lookup_target->host, (xfr->task_transfer->lookup_aaaa?"AAAA":"A"));
5708 			}
5709 		}
5710 		regional_free_all(temp);
5711 	} else {
5712 		if(verbosity >= VERB_ALGO) {
5713 			char zname[255+1];
5714 			dname_str(xfr->name, zname);
5715 			verbose(VERB_ALGO, "auth zone %s host %s type %s transfer lookup failed", zname, xfr->task_transfer->lookup_target->host, (xfr->task_transfer->lookup_aaaa?"AAAA":"A"));
5716 		}
5717 	}
5718 	if(xfr->task_transfer->lookup_target->list &&
5719 		xfr->task_transfer->lookup_target == xfr_transfer_current_master(xfr))
5720 		xfr->task_transfer->scan_addr = xfr->task_transfer->lookup_target->list;
5721 
5722 	/* move to lookup AAAA after A lookup, move to next hostname lookup,
5723 	 * or move to fetch the zone, or, if nothing to do, end task_transfer */
5724 	xfr_transfer_move_to_next_lookup(xfr, env);
5725 	xfr_transfer_nexttarget_or_end(xfr, env);
5726 }
5727 
5728 /** check if xfer (AXFR or IXFR) packet is OK.
5729  * return false if we lost connection (SERVFAIL, or unreadable).
5730  * return false if we need to move from IXFR to AXFR, with gonextonfail
5731  * 	set to false, so the same master is tried again, but with AXFR.
5732  * return true if fine to link into data.
5733  * return true with transferdone=true when the transfer has ended.
5734  */
5735 static int
5736 check_xfer_packet(sldns_buffer* pkt, struct auth_xfer* xfr,
5737 	int* gonextonfail, int* transferdone)
5738 {
5739 	uint8_t* wire = sldns_buffer_begin(pkt);
5740 	int i;
5741 	if(sldns_buffer_limit(pkt) < LDNS_HEADER_SIZE) {
5742 		verbose(VERB_ALGO, "xfr to %s failed, packet too small",
5743 			xfr->task_transfer->master->host);
5744 		return 0;
5745 	}
5746 	if(!LDNS_QR_WIRE(wire)) {
5747 		verbose(VERB_ALGO, "xfr to %s failed, packet has no QR flag",
5748 			xfr->task_transfer->master->host);
5749 		return 0;
5750 	}
5751 	if(LDNS_TC_WIRE(wire)) {
5752 		verbose(VERB_ALGO, "xfr to %s failed, packet has TC flag",
5753 			xfr->task_transfer->master->host);
5754 		return 0;
5755 	}
5756 	/* check ID */
5757 	if(LDNS_ID_WIRE(wire) != xfr->task_transfer->id) {
5758 		verbose(VERB_ALGO, "xfr to %s failed, packet wrong ID",
5759 			xfr->task_transfer->master->host);
5760 		return 0;
5761 	}
5762 	if(LDNS_RCODE_WIRE(wire) != LDNS_RCODE_NOERROR) {
5763 		char rcode[32];
5764 		sldns_wire2str_rcode_buf((int)LDNS_RCODE_WIRE(wire), rcode,
5765 			sizeof(rcode));
5766 		/* if we are doing IXFR, check for fallback */
5767 		if(xfr->task_transfer->on_ixfr) {
5768 			if(LDNS_RCODE_WIRE(wire) == LDNS_RCODE_NOTIMPL ||
5769 				LDNS_RCODE_WIRE(wire) == LDNS_RCODE_SERVFAIL ||
5770 				LDNS_RCODE_WIRE(wire) == LDNS_RCODE_REFUSED ||
5771 				LDNS_RCODE_WIRE(wire) == LDNS_RCODE_FORMERR) {
5772 				verbose(VERB_ALGO, "xfr to %s, fallback "
5773 					"from IXFR to AXFR (with rcode %s)",
5774 					xfr->task_transfer->master->host,
5775 					rcode);
5776 				xfr->task_transfer->ixfr_fail = 1;
5777 				*gonextonfail = 0;
5778 				return 0;
5779 			}
5780 		}
5781 		verbose(VERB_ALGO, "xfr to %s failed, packet with rcode %s",
5782 			xfr->task_transfer->master->host, rcode);
5783 		return 0;
5784 	}
5785 	if(LDNS_OPCODE_WIRE(wire) != LDNS_PACKET_QUERY) {
5786 		verbose(VERB_ALGO, "xfr to %s failed, packet with bad opcode",
5787 			xfr->task_transfer->master->host);
5788 		return 0;
5789 	}
5790 	if(LDNS_QDCOUNT(wire) > 1) {
5791 		verbose(VERB_ALGO, "xfr to %s failed, packet has qdcount %d",
5792 			xfr->task_transfer->master->host,
5793 			(int)LDNS_QDCOUNT(wire));
5794 		return 0;
5795 	}
5796 
5797 	/* check qname */
5798 	sldns_buffer_set_position(pkt, LDNS_HEADER_SIZE);
5799 	for(i=0; i<(int)LDNS_QDCOUNT(wire); i++) {
5800 		size_t pos = sldns_buffer_position(pkt);
5801 		uint16_t qtype, qclass;
5802 		if(pkt_dname_len(pkt) == 0) {
5803 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5804 				"malformed dname",
5805 				xfr->task_transfer->master->host);
5806 			return 0;
5807 		}
5808 		if(dname_pkt_compare(pkt, sldns_buffer_at(pkt, pos),
5809 			xfr->name) != 0) {
5810 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5811 				"wrong qname",
5812 				xfr->task_transfer->master->host);
5813 			return 0;
5814 		}
5815 		if(sldns_buffer_remaining(pkt) < 4) {
5816 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5817 				"truncated query RR",
5818 				xfr->task_transfer->master->host);
5819 			return 0;
5820 		}
5821 		qtype = sldns_buffer_read_u16(pkt);
5822 		qclass = sldns_buffer_read_u16(pkt);
5823 		if(qclass != xfr->dclass) {
5824 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5825 				"wrong qclass",
5826 				xfr->task_transfer->master->host);
5827 			return 0;
5828 		}
5829 		if(xfr->task_transfer->on_ixfr) {
5830 			if(qtype != LDNS_RR_TYPE_IXFR) {
5831 				verbose(VERB_ALGO, "xfr to %s failed, packet "
5832 					"with wrong qtype, expected IXFR",
5833 				xfr->task_transfer->master->host);
5834 				return 0;
5835 			}
5836 		} else {
5837 			if(qtype != LDNS_RR_TYPE_AXFR) {
5838 				verbose(VERB_ALGO, "xfr to %s failed, packet "
5839 					"with wrong qtype, expected AXFR",
5840 				xfr->task_transfer->master->host);
5841 				return 0;
5842 			}
5843 		}
5844 	}
5845 
5846 	/* check parse of RRs in packet, store first SOA serial
5847 	 * to be able to detect last SOA (with that serial) to see if done */
5848 	/* also check for IXFR 'zone up to date' reply */
5849 	for(i=0; i<(int)LDNS_ANCOUNT(wire); i++) {
5850 		size_t pos = sldns_buffer_position(pkt);
5851 		uint16_t tp, rdlen;
5852 		if(pkt_dname_len(pkt) == 0) {
5853 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5854 				"malformed dname in answer section",
5855 				xfr->task_transfer->master->host);
5856 			return 0;
5857 		}
5858 		if(sldns_buffer_remaining(pkt) < 10) {
5859 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5860 				"truncated RR",
5861 				xfr->task_transfer->master->host);
5862 			return 0;
5863 		}
5864 		tp = sldns_buffer_read_u16(pkt);
5865 		(void)sldns_buffer_read_u16(pkt); /* class */
5866 		(void)sldns_buffer_read_u32(pkt); /* ttl */
5867 		rdlen = sldns_buffer_read_u16(pkt);
5868 		if(sldns_buffer_remaining(pkt) < rdlen) {
5869 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5870 				"truncated RR rdata",
5871 				xfr->task_transfer->master->host);
5872 			return 0;
5873 		}
5874 
5875 		/* RR parses (haven't checked rdata itself), now look at
5876 		 * SOA records to see serial number */
5877 		if(xfr->task_transfer->rr_scan_num == 0 &&
5878 			tp != LDNS_RR_TYPE_SOA) {
5879 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5880 				"malformed zone transfer, no start SOA",
5881 				xfr->task_transfer->master->host);
5882 			return 0;
5883 		}
5884 		if(xfr->task_transfer->rr_scan_num == 1 &&
5885 			tp != LDNS_RR_TYPE_SOA) {
5886 			/* second RR is not a SOA record, this is not an IXFR
5887 			 * the master is replying with an AXFR */
5888 			xfr->task_transfer->on_ixfr_is_axfr = 1;
5889 		}
5890 		if(tp == LDNS_RR_TYPE_SOA) {
5891 			uint32_t serial;
5892 			if(rdlen < 22) {
5893 				verbose(VERB_ALGO, "xfr to %s failed, packet "
5894 					"with SOA with malformed rdata",
5895 					xfr->task_transfer->master->host);
5896 				return 0;
5897 			}
5898 			if(dname_pkt_compare(pkt, sldns_buffer_at(pkt, pos),
5899 				xfr->name) != 0) {
5900 				verbose(VERB_ALGO, "xfr to %s failed, packet "
5901 					"with SOA with wrong dname",
5902 					xfr->task_transfer->master->host);
5903 				return 0;
5904 			}
5905 
5906 			/* read serial number of SOA */
5907 			serial = sldns_buffer_read_u32_at(pkt,
5908 				sldns_buffer_position(pkt)+rdlen-20);
5909 
5910 			/* check for IXFR 'zone has SOA x' reply */
5911 			if(xfr->task_transfer->on_ixfr &&
5912 				xfr->task_transfer->rr_scan_num == 0 &&
5913 				LDNS_ANCOUNT(wire)==1) {
5914 				verbose(VERB_ALGO, "xfr to %s ended, "
5915 					"IXFR reply that zone has serial %u,"
5916 					" fallback from IXFR to AXFR",
5917 					xfr->task_transfer->master->host,
5918 					(unsigned)serial);
5919 				xfr->task_transfer->ixfr_fail = 1;
5920 				*gonextonfail = 0;
5921 				return 0;
5922 			}
5923 
5924 			/* if first SOA, store serial number */
5925 			if(xfr->task_transfer->got_xfr_serial == 0) {
5926 				xfr->task_transfer->got_xfr_serial = 1;
5927 				xfr->task_transfer->incoming_xfr_serial =
5928 					serial;
5929 				verbose(VERB_ALGO, "xfr %s: contains "
5930 					"SOA serial %u",
5931 					xfr->task_transfer->master->host,
5932 					(unsigned)serial);
5933 			/* see if end of AXFR */
5934 			} else if(!xfr->task_transfer->on_ixfr ||
5935 				xfr->task_transfer->on_ixfr_is_axfr) {
5936 				/* second SOA with serial is the end
5937 				 * for AXFR */
5938 				*transferdone = 1;
5939 				verbose(VERB_ALGO, "xfr %s: last AXFR packet",
5940 					xfr->task_transfer->master->host);
5941 			/* for IXFR, count SOA records with that serial */
5942 			} else if(xfr->task_transfer->incoming_xfr_serial ==
5943 				serial && xfr->task_transfer->got_xfr_serial
5944 				== 1) {
5945 				xfr->task_transfer->got_xfr_serial++;
5946 			/* if not first soa, if serial==firstserial, the
5947 			 * third time we are at the end, for IXFR */
5948 			} else if(xfr->task_transfer->incoming_xfr_serial ==
5949 				serial && xfr->task_transfer->got_xfr_serial
5950 				== 2) {
5951 				verbose(VERB_ALGO, "xfr %s: last IXFR packet",
5952 					xfr->task_transfer->master->host);
5953 				*transferdone = 1;
5954 				/* continue parse check, if that succeeds,
5955 				 * transfer is done */
5956 			}
5957 		}
5958 		xfr->task_transfer->rr_scan_num++;
5959 
5960 		/* skip over RR rdata to go to the next RR */
5961 		sldns_buffer_skip(pkt, (ssize_t)rdlen);
5962 	}
5963 
5964 	/* check authority section */
5965 	/* we skip over the RRs checking packet format */
5966 	for(i=0; i<(int)LDNS_NSCOUNT(wire); i++) {
5967 		uint16_t rdlen;
5968 		if(pkt_dname_len(pkt) == 0) {
5969 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5970 				"malformed dname in authority section",
5971 				xfr->task_transfer->master->host);
5972 			return 0;
5973 		}
5974 		if(sldns_buffer_remaining(pkt) < 10) {
5975 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5976 				"truncated RR",
5977 				xfr->task_transfer->master->host);
5978 			return 0;
5979 		}
5980 		(void)sldns_buffer_read_u16(pkt); /* type */
5981 		(void)sldns_buffer_read_u16(pkt); /* class */
5982 		(void)sldns_buffer_read_u32(pkt); /* ttl */
5983 		rdlen = sldns_buffer_read_u16(pkt);
5984 		if(sldns_buffer_remaining(pkt) < rdlen) {
5985 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5986 				"truncated RR rdata",
5987 				xfr->task_transfer->master->host);
5988 			return 0;
5989 		}
5990 		/* skip over RR rdata to go to the next RR */
5991 		sldns_buffer_skip(pkt, (ssize_t)rdlen);
5992 	}
5993 
5994 	/* check additional section */
5995 	for(i=0; i<(int)LDNS_ARCOUNT(wire); i++) {
5996 		uint16_t rdlen;
5997 		if(pkt_dname_len(pkt) == 0) {
5998 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5999 				"malformed dname in additional section",
6000 				xfr->task_transfer->master->host);
6001 			return 0;
6002 		}
6003 		if(sldns_buffer_remaining(pkt) < 10) {
6004 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
6005 				"truncated RR",
6006 				xfr->task_transfer->master->host);
6007 			return 0;
6008 		}
6009 		(void)sldns_buffer_read_u16(pkt); /* type */
6010 		(void)sldns_buffer_read_u16(pkt); /* class */
6011 		(void)sldns_buffer_read_u32(pkt); /* ttl */
6012 		rdlen = sldns_buffer_read_u16(pkt);
6013 		if(sldns_buffer_remaining(pkt) < rdlen) {
6014 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
6015 				"truncated RR rdata",
6016 				xfr->task_transfer->master->host);
6017 			return 0;
6018 		}
6019 		/* skip over RR rdata to go to the next RR */
6020 		sldns_buffer_skip(pkt, (ssize_t)rdlen);
6021 	}
6022 
6023 	return 1;
6024 }
6025 
6026 /** Link the data from this packet into the worklist of transferred data */
6027 static int
6028 xfer_link_data(sldns_buffer* pkt, struct auth_xfer* xfr)
6029 {
6030 	/* alloc it */
6031 	struct auth_chunk* e;
6032 	e = (struct auth_chunk*)calloc(1, sizeof(*e));
6033 	if(!e) return 0;
6034 	e->next = NULL;
6035 	e->len = sldns_buffer_limit(pkt);
6036 	e->data = memdup(sldns_buffer_begin(pkt), e->len);
6037 	if(!e->data) {
6038 		free(e);
6039 		return 0;
6040 	}
6041 
6042 	/* alloc succeeded, link into list */
6043 	if(!xfr->task_transfer->chunks_first)
6044 		xfr->task_transfer->chunks_first = e;
6045 	if(xfr->task_transfer->chunks_last)
6046 		xfr->task_transfer->chunks_last->next = e;
6047 	xfr->task_transfer->chunks_last = e;
6048 	return 1;
6049 }
6050 
6051 /** task transfer.  the list of data is complete. process it and if failed
6052  * move to next master, if succeeded, end the task transfer */
6053 static void
6054 process_list_end_transfer(struct auth_xfer* xfr, struct module_env* env)
6055 {
6056 	int ixfr_fail = 0;
6057 	if(xfr_process_chunk_list(xfr, env, &ixfr_fail)) {
6058 		/* it worked! */
6059 		auth_chunks_delete(xfr->task_transfer);
6060 
6061 		/* we fetched the zone, move to wait task */
6062 		xfr_transfer_disown(xfr);
6063 
6064 		if(xfr->notify_received && (!xfr->notify_has_serial ||
6065 			(xfr->notify_has_serial &&
6066 			xfr_serial_means_update(xfr, xfr->notify_serial)))) {
6067 			uint32_t sr = xfr->notify_serial;
6068 			int has_sr = xfr->notify_has_serial;
6069 			/* we received a notify while probe/transfer was
6070 			 * in progress.  start a new probe and transfer */
6071 			xfr->notify_received = 0;
6072 			xfr->notify_has_serial = 0;
6073 			xfr->notify_serial = 0;
6074 			if(!xfr_start_probe(xfr, env, NULL)) {
6075 				/* if we couldn't start it, already in
6076 				 * progress; restore notify serial,
6077 				 * while xfr still locked */
6078 				xfr->notify_received = 1;
6079 				xfr->notify_has_serial = has_sr;
6080 				xfr->notify_serial = sr;
6081 				lock_basic_unlock(&xfr->lock);
6082 			}
6083 			return;
6084 		} else {
6085 			/* pick up the nextprobe task and wait (normail wait time) */
6086 			if(xfr->task_nextprobe->worker == NULL)
6087 				xfr_set_timeout(xfr, env, 0, 0);
6088 		}
6089 		lock_basic_unlock(&xfr->lock);
6090 		return;
6091 	}
6092 	/* processing failed */
6093 	/* when done, delete data from list */
6094 	auth_chunks_delete(xfr->task_transfer);
6095 	if(ixfr_fail) {
6096 		xfr->task_transfer->ixfr_fail = 1;
6097 	} else {
6098 		xfr_transfer_nextmaster(xfr);
6099 	}
6100 	xfr_transfer_nexttarget_or_end(xfr, env);
6101 }
6102 
6103 /** callback for the task_transfer timer */
6104 void
6105 auth_xfer_transfer_timer_callback(void* arg)
6106 {
6107 	struct auth_xfer* xfr = (struct auth_xfer*)arg;
6108 	struct module_env* env;
6109 	int gonextonfail = 1;
6110 	log_assert(xfr->task_transfer);
6111 	lock_basic_lock(&xfr->lock);
6112 	env = xfr->task_transfer->env;
6113 	if(!env || env->outnet->want_to_quit) {
6114 		lock_basic_unlock(&xfr->lock);
6115 		return; /* stop on quit */
6116 	}
6117 
6118 	verbose(VERB_ALGO, "xfr stopped, connection timeout to %s",
6119 		xfr->task_transfer->master->host);
6120 
6121 	/* see if IXFR caused the failure, if so, try AXFR */
6122 	if(xfr->task_transfer->on_ixfr) {
6123 		xfr->task_transfer->ixfr_possible_timeout_count++;
6124 		if(xfr->task_transfer->ixfr_possible_timeout_count >=
6125 			NUM_TIMEOUTS_FALLBACK_IXFR) {
6126 			verbose(VERB_ALGO, "xfr to %s, fallback "
6127 				"from IXFR to AXFR (because of timeouts)",
6128 				xfr->task_transfer->master->host);
6129 			xfr->task_transfer->ixfr_fail = 1;
6130 			gonextonfail = 0;
6131 		}
6132 	}
6133 
6134 	/* delete transferred data from list */
6135 	auth_chunks_delete(xfr->task_transfer);
6136 	comm_point_delete(xfr->task_transfer->cp);
6137 	xfr->task_transfer->cp = NULL;
6138 	if(gonextonfail)
6139 		xfr_transfer_nextmaster(xfr);
6140 	xfr_transfer_nexttarget_or_end(xfr, env);
6141 }
6142 
6143 /** callback for task_transfer tcp connections */
6144 int
6145 auth_xfer_transfer_tcp_callback(struct comm_point* c, void* arg, int err,
6146 	struct comm_reply* ATTR_UNUSED(repinfo))
6147 {
6148 	struct auth_xfer* xfr = (struct auth_xfer*)arg;
6149 	struct module_env* env;
6150 	int gonextonfail = 1;
6151 	int transferdone = 0;
6152 	log_assert(xfr->task_transfer);
6153 	lock_basic_lock(&xfr->lock);
6154 	env = xfr->task_transfer->env;
6155 	if(!env || env->outnet->want_to_quit) {
6156 		lock_basic_unlock(&xfr->lock);
6157 		return 0; /* stop on quit */
6158 	}
6159 	/* stop the timer */
6160 	comm_timer_disable(xfr->task_transfer->timer);
6161 
6162 	if(err != NETEVENT_NOERROR) {
6163 		/* connection failed, closed, or timeout */
6164 		/* stop this transfer, cleanup
6165 		 * and continue task_transfer*/
6166 		verbose(VERB_ALGO, "xfr stopped, connection lost to %s",
6167 			xfr->task_transfer->master->host);
6168 
6169 		/* see if IXFR caused the failure, if so, try AXFR */
6170 		if(xfr->task_transfer->on_ixfr) {
6171 			xfr->task_transfer->ixfr_possible_timeout_count++;
6172 			if(xfr->task_transfer->ixfr_possible_timeout_count >=
6173 				NUM_TIMEOUTS_FALLBACK_IXFR) {
6174 				verbose(VERB_ALGO, "xfr to %s, fallback "
6175 					"from IXFR to AXFR (because of timeouts)",
6176 					xfr->task_transfer->master->host);
6177 				xfr->task_transfer->ixfr_fail = 1;
6178 				gonextonfail = 0;
6179 			}
6180 		}
6181 
6182 	failed:
6183 		/* delete transferred data from list */
6184 		auth_chunks_delete(xfr->task_transfer);
6185 		comm_point_delete(xfr->task_transfer->cp);
6186 		xfr->task_transfer->cp = NULL;
6187 		if(gonextonfail)
6188 			xfr_transfer_nextmaster(xfr);
6189 		xfr_transfer_nexttarget_or_end(xfr, env);
6190 		return 0;
6191 	}
6192 	/* note that IXFR worked without timeout */
6193 	if(xfr->task_transfer->on_ixfr)
6194 		xfr->task_transfer->ixfr_possible_timeout_count = 0;
6195 
6196 	/* handle returned packet */
6197 	/* if it fails, cleanup and end this transfer */
6198 	/* if it needs to fallback from IXFR to AXFR, do that */
6199 	if(!check_xfer_packet(c->buffer, xfr, &gonextonfail, &transferdone)) {
6200 		goto failed;
6201 	}
6202 	/* if it is good, link it into the list of data */
6203 	/* if the link into list of data fails (malloc fail) cleanup and end */
6204 	if(!xfer_link_data(c->buffer, xfr)) {
6205 		verbose(VERB_ALGO, "xfr stopped to %s, malloc failed",
6206 			xfr->task_transfer->master->host);
6207 		goto failed;
6208 	}
6209 	/* if the transfer is done now, disconnect and process the list */
6210 	if(transferdone) {
6211 		comm_point_delete(xfr->task_transfer->cp);
6212 		xfr->task_transfer->cp = NULL;
6213 		process_list_end_transfer(xfr, env);
6214 		return 0;
6215 	}
6216 
6217 	/* if we want to read more messages, setup the commpoint to read
6218 	 * a DNS packet, and the timeout */
6219 	lock_basic_unlock(&xfr->lock);
6220 	c->tcp_is_reading = 1;
6221 	sldns_buffer_clear(c->buffer);
6222 	comm_point_start_listening(c, -1, AUTH_TRANSFER_TIMEOUT);
6223 	return 0;
6224 }
6225 
6226 /** callback for task_transfer http connections */
6227 int
6228 auth_xfer_transfer_http_callback(struct comm_point* c, void* arg, int err,
6229 	struct comm_reply* repinfo)
6230 {
6231 	struct auth_xfer* xfr = (struct auth_xfer*)arg;
6232 	struct module_env* env;
6233 	log_assert(xfr->task_transfer);
6234 	lock_basic_lock(&xfr->lock);
6235 	env = xfr->task_transfer->env;
6236 	if(!env || env->outnet->want_to_quit) {
6237 		lock_basic_unlock(&xfr->lock);
6238 		return 0; /* stop on quit */
6239 	}
6240 	verbose(VERB_ALGO, "auth zone transfer http callback");
6241 	/* stop the timer */
6242 	comm_timer_disable(xfr->task_transfer->timer);
6243 
6244 	if(err != NETEVENT_NOERROR && err != NETEVENT_DONE) {
6245 		/* connection failed, closed, or timeout */
6246 		/* stop this transfer, cleanup
6247 		 * and continue task_transfer*/
6248 		verbose(VERB_ALGO, "http stopped, connection lost to %s",
6249 			xfr->task_transfer->master->host);
6250 	failed:
6251 		/* delete transferred data from list */
6252 		auth_chunks_delete(xfr->task_transfer);
6253 		if(repinfo) repinfo->c = NULL; /* signal cp deleted to
6254 				the routine calling this callback */
6255 		comm_point_delete(xfr->task_transfer->cp);
6256 		xfr->task_transfer->cp = NULL;
6257 		xfr_transfer_nextmaster(xfr);
6258 		xfr_transfer_nexttarget_or_end(xfr, env);
6259 		return 0;
6260 	}
6261 
6262 	/* if it is good, link it into the list of data */
6263 	/* if the link into list of data fails (malloc fail) cleanup and end */
6264 	if(sldns_buffer_limit(c->buffer) > 0) {
6265 		verbose(VERB_ALGO, "auth zone http queued up %d bytes",
6266 			(int)sldns_buffer_limit(c->buffer));
6267 		if(!xfer_link_data(c->buffer, xfr)) {
6268 			verbose(VERB_ALGO, "http stopped to %s, malloc failed",
6269 				xfr->task_transfer->master->host);
6270 			goto failed;
6271 		}
6272 	}
6273 	/* if the transfer is done now, disconnect and process the list */
6274 	if(err == NETEVENT_DONE) {
6275 		if(repinfo) repinfo->c = NULL; /* signal cp deleted to
6276 				the routine calling this callback */
6277 		comm_point_delete(xfr->task_transfer->cp);
6278 		xfr->task_transfer->cp = NULL;
6279 		process_list_end_transfer(xfr, env);
6280 		return 0;
6281 	}
6282 
6283 	/* if we want to read more messages, setup the commpoint to read
6284 	 * a DNS packet, and the timeout */
6285 	lock_basic_unlock(&xfr->lock);
6286 	c->tcp_is_reading = 1;
6287 	sldns_buffer_clear(c->buffer);
6288 	comm_point_start_listening(c, -1, AUTH_TRANSFER_TIMEOUT);
6289 	return 0;
6290 }
6291 
6292 
6293 /** start transfer task by this worker , xfr is locked. */
6294 static void
6295 xfr_start_transfer(struct auth_xfer* xfr, struct module_env* env,
6296 	struct auth_master* master)
6297 {
6298 	log_assert(xfr->task_transfer != NULL);
6299 	log_assert(xfr->task_transfer->worker == NULL);
6300 	log_assert(xfr->task_transfer->chunks_first == NULL);
6301 	log_assert(xfr->task_transfer->chunks_last == NULL);
6302 	xfr->task_transfer->worker = env->worker;
6303 	xfr->task_transfer->env = env;
6304 
6305 	/* init transfer process */
6306 	/* find that master in the transfer's list of masters? */
6307 	xfr_transfer_start_list(xfr, master);
6308 	/* start lookup for hostnames in transfer master list */
6309 	xfr_transfer_start_lookups(xfr);
6310 
6311 	/* initiate TCP, and set timeout on it */
6312 	xfr_transfer_nexttarget_or_end(xfr, env);
6313 }
6314 
6315 /** disown task_probe.  caller must hold xfr.lock */
6316 static void
6317 xfr_probe_disown(struct auth_xfer* xfr)
6318 {
6319 	/* remove timer (from this worker's event base) */
6320 	comm_timer_delete(xfr->task_probe->timer);
6321 	xfr->task_probe->timer = NULL;
6322 	/* remove the commpoint */
6323 	comm_point_delete(xfr->task_probe->cp);
6324 	xfr->task_probe->cp = NULL;
6325 	/* we don't own this item anymore */
6326 	xfr->task_probe->worker = NULL;
6327 	xfr->task_probe->env = NULL;
6328 }
6329 
6330 /** send the UDP probe to the master, this is part of task_probe */
6331 static int
6332 xfr_probe_send_probe(struct auth_xfer* xfr, struct module_env* env,
6333 	int timeout)
6334 {
6335 	struct sockaddr_storage addr;
6336 	socklen_t addrlen = 0;
6337 	struct timeval t;
6338 	/* pick master */
6339 	struct auth_master* master = xfr_probe_current_master(xfr);
6340 	char *auth_name = NULL;
6341 	if(!master) return 0;
6342 	if(master->allow_notify) return 0; /* only for notify */
6343 	if(master->http) return 0; /* only masters get SOA UDP probe,
6344 		not urls, if those are in this list */
6345 
6346 	/* get master addr */
6347 	if(xfr->task_probe->scan_addr) {
6348 		addrlen = xfr->task_probe->scan_addr->addrlen;
6349 		memmove(&addr, &xfr->task_probe->scan_addr->addr, addrlen);
6350 	} else {
6351 		if(!authextstrtoaddr(master->host, &addr, &addrlen, &auth_name)) {
6352 			/* the ones that are not in addr format are supposed
6353 			 * to be looked up.  The lookup has failed however,
6354 			 * so skip them */
6355 			char zname[255+1];
6356 			dname_str(xfr->name, zname);
6357 			log_err("%s: failed lookup, cannot probe to master %s",
6358 				zname, master->host);
6359 			return 0;
6360 		}
6361 		if (auth_name != NULL) {
6362 			if (addr.ss_family == AF_INET
6363 			&&  (int)ntohs(((struct sockaddr_in *)&addr)->sin_port)
6364 		            == env->cfg->ssl_port)
6365 				((struct sockaddr_in *)&addr)->sin_port
6366 					= htons((uint16_t)env->cfg->port);
6367 			else if (addr.ss_family == AF_INET6
6368 			&&  (int)ntohs(((struct sockaddr_in6 *)&addr)->sin6_port)
6369 		            == env->cfg->ssl_port)
6370                         	((struct sockaddr_in6 *)&addr)->sin6_port
6371 					= htons((uint16_t)env->cfg->port);
6372 		}
6373 	}
6374 
6375 	/* create packet */
6376 	/* create new ID for new probes, but not on timeout retries,
6377 	 * this means we'll accept replies to previous retries to same ip */
6378 	if(timeout == AUTH_PROBE_TIMEOUT)
6379 		xfr->task_probe->id = GET_RANDOM_ID(env->rnd);
6380 	xfr_create_soa_probe_packet(xfr, env->scratch_buffer,
6381 		xfr->task_probe->id);
6382 	/* we need to remove the cp if we have a different ip4/ip6 type now */
6383 	if(xfr->task_probe->cp &&
6384 		((xfr->task_probe->cp_is_ip6 && !addr_is_ip6(&addr, addrlen)) ||
6385 		(!xfr->task_probe->cp_is_ip6 && addr_is_ip6(&addr, addrlen)))
6386 		) {
6387 		comm_point_delete(xfr->task_probe->cp);
6388 		xfr->task_probe->cp = NULL;
6389 	}
6390 	if(!xfr->task_probe->cp) {
6391 		if(addr_is_ip6(&addr, addrlen))
6392 			xfr->task_probe->cp_is_ip6 = 1;
6393 		else 	xfr->task_probe->cp_is_ip6 = 0;
6394 		xfr->task_probe->cp = outnet_comm_point_for_udp(env->outnet,
6395 			auth_xfer_probe_udp_callback, xfr, &addr, addrlen);
6396 		if(!xfr->task_probe->cp) {
6397 			char zname[255+1], as[256];
6398 			dname_str(xfr->name, zname);
6399 			addr_to_str(&addr, addrlen, as, sizeof(as));
6400 			verbose(VERB_ALGO, "cannot create udp cp for "
6401 				"probe %s to %s", zname, as);
6402 			return 0;
6403 		}
6404 	}
6405 	if(!xfr->task_probe->timer) {
6406 		xfr->task_probe->timer = comm_timer_create(env->worker_base,
6407 			auth_xfer_probe_timer_callback, xfr);
6408 		if(!xfr->task_probe->timer) {
6409 			log_err("malloc failure");
6410 			return 0;
6411 		}
6412 	}
6413 
6414 	/* send udp packet */
6415 	if(!comm_point_send_udp_msg(xfr->task_probe->cp, env->scratch_buffer,
6416 		(struct sockaddr*)&addr, addrlen, 0)) {
6417 		char zname[255+1], as[256];
6418 		dname_str(xfr->name, zname);
6419 		addr_to_str(&addr, addrlen, as, sizeof(as));
6420 		verbose(VERB_ALGO, "failed to send soa probe for %s to %s",
6421 			zname, as);
6422 		return 0;
6423 	}
6424 	if(verbosity >= VERB_ALGO) {
6425 		char zname[255+1], as[256];
6426 		dname_str(xfr->name, zname);
6427 		addr_to_str(&addr, addrlen, as, sizeof(as));
6428 		verbose(VERB_ALGO, "auth zone %s soa probe sent to %s", zname,
6429 			as);
6430 	}
6431 	xfr->task_probe->timeout = timeout;
6432 #ifndef S_SPLINT_S
6433 	t.tv_sec = timeout/1000;
6434 	t.tv_usec = (timeout%1000)*1000;
6435 #endif
6436 	comm_timer_set(xfr->task_probe->timer, &t);
6437 
6438 	return 1;
6439 }
6440 
6441 /** callback for task_probe timer */
6442 void
6443 auth_xfer_probe_timer_callback(void* arg)
6444 {
6445 	struct auth_xfer* xfr = (struct auth_xfer*)arg;
6446 	struct module_env* env;
6447 	log_assert(xfr->task_probe);
6448 	lock_basic_lock(&xfr->lock);
6449 	env = xfr->task_probe->env;
6450 	if(!env || env->outnet->want_to_quit) {
6451 		lock_basic_unlock(&xfr->lock);
6452 		return; /* stop on quit */
6453 	}
6454 
6455 	if(verbosity >= VERB_ALGO) {
6456 		char zname[255+1];
6457 		dname_str(xfr->name, zname);
6458 		verbose(VERB_ALGO, "auth zone %s soa probe timeout", zname);
6459 	}
6460 	if(xfr->task_probe->timeout <= AUTH_PROBE_TIMEOUT_STOP) {
6461 		/* try again with bigger timeout */
6462 		if(xfr_probe_send_probe(xfr, env, xfr->task_probe->timeout*2)) {
6463 			lock_basic_unlock(&xfr->lock);
6464 			return;
6465 		}
6466 	}
6467 	/* delete commpoint so a new one is created, with a fresh port nr */
6468 	comm_point_delete(xfr->task_probe->cp);
6469 	xfr->task_probe->cp = NULL;
6470 
6471 	/* too many timeouts (or fail to send), move to next or end */
6472 	xfr_probe_nextmaster(xfr);
6473 	xfr_probe_send_or_end(xfr, env);
6474 }
6475 
6476 /** callback for task_probe udp packets */
6477 int
6478 auth_xfer_probe_udp_callback(struct comm_point* c, void* arg, int err,
6479 	struct comm_reply* repinfo)
6480 {
6481 	struct auth_xfer* xfr = (struct auth_xfer*)arg;
6482 	struct module_env* env;
6483 	log_assert(xfr->task_probe);
6484 	lock_basic_lock(&xfr->lock);
6485 	env = xfr->task_probe->env;
6486 	if(!env || env->outnet->want_to_quit) {
6487 		lock_basic_unlock(&xfr->lock);
6488 		return 0; /* stop on quit */
6489 	}
6490 
6491 	/* the comm_point_udp_callback is in a for loop for NUM_UDP_PER_SELECT
6492 	 * and we set rep.c=NULL to stop if from looking inside the commpoint*/
6493 	repinfo->c = NULL;
6494 	/* stop the timer */
6495 	comm_timer_disable(xfr->task_probe->timer);
6496 
6497 	/* see if we got a packet and what that means */
6498 	if(err == NETEVENT_NOERROR) {
6499 		uint32_t serial = 0;
6500 		if(check_packet_ok(c->buffer, LDNS_RR_TYPE_SOA, xfr,
6501 			&serial)) {
6502 			/* successful lookup */
6503 			if(verbosity >= VERB_ALGO) {
6504 				char buf[256];
6505 				dname_str(xfr->name, buf);
6506 				verbose(VERB_ALGO, "auth zone %s: soa probe "
6507 					"serial is %u", buf, (unsigned)serial);
6508 			}
6509 			/* see if this serial indicates that the zone has
6510 			 * to be updated */
6511 			if(xfr_serial_means_update(xfr, serial)) {
6512 				/* if updated, start the transfer task, if needed */
6513 				verbose(VERB_ALGO, "auth_zone updated, start transfer");
6514 				if(xfr->task_transfer->worker == NULL) {
6515 					struct auth_master* master =
6516 						xfr_probe_current_master(xfr);
6517 					/* if we have download URLs use them
6518 					 * in preference to this master we
6519 					 * just probed the SOA from */
6520 					if(xfr->task_transfer->masters &&
6521 						xfr->task_transfer->masters->http)
6522 						master = NULL;
6523 					xfr_probe_disown(xfr);
6524 					xfr_start_transfer(xfr, env, master);
6525 					return 0;
6526 
6527 				}
6528 				/* other tasks are running, we don't do this anymore */
6529 				xfr_probe_disown(xfr);
6530 				lock_basic_unlock(&xfr->lock);
6531 				/* return, we don't sent a reply to this udp packet,
6532 				 * and we setup the tasks to do next */
6533 				return 0;
6534 			} else {
6535 				verbose(VERB_ALGO, "auth_zone master reports unchanged soa serial");
6536 				/* we if cannot find updates amongst the
6537 				 * masters, this means we then have a new lease
6538 				 * on the zone */
6539 				xfr->task_probe->have_new_lease = 1;
6540 			}
6541 		} else {
6542 			if(verbosity >= VERB_ALGO) {
6543 				char buf[256];
6544 				dname_str(xfr->name, buf);
6545 				verbose(VERB_ALGO, "auth zone %s: bad reply to soa probe", buf);
6546 			}
6547 		}
6548 	} else {
6549 		if(verbosity >= VERB_ALGO) {
6550 			char buf[256];
6551 			dname_str(xfr->name, buf);
6552 			verbose(VERB_ALGO, "auth zone %s: soa probe failed", buf);
6553 		}
6554 	}
6555 
6556 	/* failed lookup or not an update */
6557 	/* delete commpoint so a new one is created, with a fresh port nr */
6558 	comm_point_delete(xfr->task_probe->cp);
6559 	xfr->task_probe->cp = NULL;
6560 
6561 	/* if the result was not a successful probe, we need
6562 	 * to send the next one */
6563 	xfr_probe_nextmaster(xfr);
6564 	xfr_probe_send_or_end(xfr, env);
6565 	return 0;
6566 }
6567 
6568 /** lookup a host name for its addresses, if needed */
6569 static int
6570 xfr_probe_lookup_host(struct auth_xfer* xfr, struct module_env* env)
6571 {
6572 	struct sockaddr_storage addr;
6573 	socklen_t addrlen = 0;
6574 	struct auth_master* master = xfr->task_probe->lookup_target;
6575 	struct query_info qinfo;
6576 	uint16_t qflags = BIT_RD;
6577 	uint8_t dname[LDNS_MAX_DOMAINLEN+1];
6578 	struct edns_data edns;
6579 	sldns_buffer* buf = env->scratch_buffer;
6580 	if(!master) return 0;
6581 	if(extstrtoaddr(master->host, &addr, &addrlen, UNBOUND_DNS_PORT)) {
6582 		/* not needed, host is in IP addr format */
6583 		return 0;
6584 	}
6585 	if(master->allow_notify && !master->http &&
6586 		strchr(master->host, '/') != NULL &&
6587 		strchr(master->host, '/') == strrchr(master->host, '/')) {
6588 		return 0; /* is IP/prefix format, not something to look up */
6589 	}
6590 
6591 	/* use mesh_new_callback to probe for non-addr hosts,
6592 	 * and then wait for them to be looked up (in cache, or query) */
6593 	qinfo.qname_len = sizeof(dname);
6594 	if(sldns_str2wire_dname_buf(master->host, dname, &qinfo.qname_len)
6595 		!= 0) {
6596 		log_err("cannot parse host name of master %s", master->host);
6597 		return 0;
6598 	}
6599 	qinfo.qname = dname;
6600 	qinfo.qclass = xfr->dclass;
6601 	qinfo.qtype = LDNS_RR_TYPE_A;
6602 	if(xfr->task_probe->lookup_aaaa)
6603 		qinfo.qtype = LDNS_RR_TYPE_AAAA;
6604 	qinfo.local_alias = NULL;
6605 	if(verbosity >= VERB_ALGO) {
6606 		char buf1[512];
6607 		char buf2[LDNS_MAX_DOMAINLEN+1];
6608 		dname_str(xfr->name, buf2);
6609 		snprintf(buf1, sizeof(buf1), "auth zone %s: master lookup"
6610 			" for task_probe", buf2);
6611 		log_query_info(VERB_ALGO, buf1, &qinfo);
6612 	}
6613 	edns.edns_present = 1;
6614 	edns.ext_rcode = 0;
6615 	edns.edns_version = 0;
6616 	edns.bits = EDNS_DO;
6617 	edns.opt_list_in = NULL;
6618 	edns.opt_list_out = NULL;
6619 	edns.opt_list_inplace_cb_out = NULL;
6620 	edns.padding_block_size = 0;
6621 	edns.cookie_present = 0;
6622 	edns.cookie_valid = 0;
6623 	if(sldns_buffer_capacity(buf) < 65535)
6624 		edns.udp_size = (uint16_t)sldns_buffer_capacity(buf);
6625 	else	edns.udp_size = 65535;
6626 
6627 	/* unlock xfr during mesh_new_callback() because the callback can be
6628 	 * called straight away */
6629 	lock_basic_unlock(&xfr->lock);
6630 	if(!mesh_new_callback(env->mesh, &qinfo, qflags, &edns, buf, 0,
6631 		&auth_xfer_probe_lookup_callback, xfr, 0)) {
6632 		lock_basic_lock(&xfr->lock);
6633 		log_err("out of memory lookup up master %s", master->host);
6634 		return 0;
6635 	}
6636 	lock_basic_lock(&xfr->lock);
6637 	return 1;
6638 }
6639 
6640 /** move to sending the probe packets, next if fails. task_probe */
6641 static void
6642 xfr_probe_send_or_end(struct auth_xfer* xfr, struct module_env* env)
6643 {
6644 	/* are we doing hostname lookups? */
6645 	while(xfr->task_probe->lookup_target) {
6646 		if(xfr_probe_lookup_host(xfr, env)) {
6647 			/* wait for lookup to finish,
6648 			 * note that the hostname may be in unbound's cache
6649 			 * and we may then get an instant cache response,
6650 			 * and that calls the callback just like a full
6651 			 * lookup and lookup failures also call callback */
6652 			if(verbosity >= VERB_ALGO) {
6653 				char zname[255+1];
6654 				dname_str(xfr->name, zname);
6655 				verbose(VERB_ALGO, "auth zone %s probe next target lookup", zname);
6656 			}
6657 			lock_basic_unlock(&xfr->lock);
6658 			return;
6659 		}
6660 		xfr_probe_move_to_next_lookup(xfr, env);
6661 	}
6662 	/* probe of list has ended.  Create or refresh the list of of
6663 	 * allow_notify addrs */
6664 	probe_copy_masters_for_allow_notify(xfr);
6665 	if(verbosity >= VERB_ALGO) {
6666 		char zname[255+1];
6667 		dname_str(xfr->name, zname);
6668 		verbose(VERB_ALGO, "auth zone %s probe: notify addrs updated", zname);
6669 	}
6670 	if(xfr->task_probe->only_lookup) {
6671 		/* only wanted lookups for copy, stop probe and start wait */
6672 		xfr->task_probe->only_lookup = 0;
6673 		if(verbosity >= VERB_ALGO) {
6674 			char zname[255+1];
6675 			dname_str(xfr->name, zname);
6676 			verbose(VERB_ALGO, "auth zone %s probe: finished only_lookup", zname);
6677 		}
6678 		xfr_probe_disown(xfr);
6679 		if(xfr->task_nextprobe->worker == NULL)
6680 			xfr_set_timeout(xfr, env, 0, 0);
6681 		lock_basic_unlock(&xfr->lock);
6682 		return;
6683 	}
6684 
6685 	/* send probe packets */
6686 	while(!xfr_probe_end_of_list(xfr)) {
6687 		if(xfr_probe_send_probe(xfr, env, AUTH_PROBE_TIMEOUT)) {
6688 			/* successfully sent probe, wait for callback */
6689 			lock_basic_unlock(&xfr->lock);
6690 			return;
6691 		}
6692 		/* failed to send probe, next master */
6693 		xfr_probe_nextmaster(xfr);
6694 	}
6695 
6696 	/* done with probe sequence, wait */
6697 	if(xfr->task_probe->have_new_lease) {
6698 		/* if zone not updated, start the wait timer again */
6699 		if(verbosity >= VERB_ALGO) {
6700 			char zname[255+1];
6701 			dname_str(xfr->name, zname);
6702 			verbose(VERB_ALGO, "auth_zone %s unchanged, new lease, wait", zname);
6703 		}
6704 		xfr_probe_disown(xfr);
6705 		if(xfr->have_zone)
6706 			xfr->lease_time = *env->now;
6707 		if(xfr->task_nextprobe->worker == NULL)
6708 			xfr_set_timeout(xfr, env, 0, 0);
6709 	} else {
6710 		if(verbosity >= VERB_ALGO) {
6711 			char zname[255+1];
6712 			dname_str(xfr->name, zname);
6713 			verbose(VERB_ALGO, "auth zone %s soa probe failed, wait to retry", zname);
6714 		}
6715 		/* we failed to send this as well, move to the wait task,
6716 		 * use the shorter retry timeout */
6717 		xfr_probe_disown(xfr);
6718 		/* pick up the nextprobe task and wait */
6719 		if(xfr->task_nextprobe->worker == NULL)
6720 			xfr_set_timeout(xfr, env, 1, 0);
6721 	}
6722 
6723 	lock_basic_unlock(&xfr->lock);
6724 }
6725 
6726 /** callback for task_probe lookup of host name, of A or AAAA */
6727 void auth_xfer_probe_lookup_callback(void* arg, int rcode, sldns_buffer* buf,
6728 	enum sec_status ATTR_UNUSED(sec), char* ATTR_UNUSED(why_bogus),
6729 	int ATTR_UNUSED(was_ratelimited))
6730 {
6731 	struct auth_xfer* xfr = (struct auth_xfer*)arg;
6732 	struct module_env* env;
6733 	log_assert(xfr->task_probe);
6734 	lock_basic_lock(&xfr->lock);
6735 	env = xfr->task_probe->env;
6736 	if(!env || env->outnet->want_to_quit) {
6737 		lock_basic_unlock(&xfr->lock);
6738 		return; /* stop on quit */
6739 	}
6740 
6741 	/* process result */
6742 	if(rcode == LDNS_RCODE_NOERROR) {
6743 		uint16_t wanted_qtype = LDNS_RR_TYPE_A;
6744 		struct regional* temp = env->scratch;
6745 		struct query_info rq;
6746 		struct reply_info* rep;
6747 		if(xfr->task_probe->lookup_aaaa)
6748 			wanted_qtype = LDNS_RR_TYPE_AAAA;
6749 		memset(&rq, 0, sizeof(rq));
6750 		rep = parse_reply_in_temp_region(buf, temp, &rq);
6751 		if(rep && rq.qtype == wanted_qtype &&
6752 			FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NOERROR) {
6753 			/* parsed successfully */
6754 			struct ub_packed_rrset_key* answer =
6755 				reply_find_answer_rrset(&rq, rep);
6756 			if(answer) {
6757 				xfr_master_add_addrs(xfr->task_probe->
6758 					lookup_target, answer, wanted_qtype);
6759 			} else {
6760 				if(verbosity >= VERB_ALGO) {
6761 					char zname[255+1];
6762 					dname_str(xfr->name, zname);
6763 					verbose(VERB_ALGO, "auth zone %s host %s type %s probe lookup has nodata", zname, xfr->task_probe->lookup_target->host, (xfr->task_probe->lookup_aaaa?"AAAA":"A"));
6764 				}
6765 			}
6766 		} else {
6767 			if(verbosity >= VERB_ALGO) {
6768 				char zname[255+1];
6769 				dname_str(xfr->name, zname);
6770 				verbose(VERB_ALGO, "auth zone %s host %s type %s probe lookup has no address", zname, xfr->task_probe->lookup_target->host, (xfr->task_probe->lookup_aaaa?"AAAA":"A"));
6771 			}
6772 		}
6773 		regional_free_all(temp);
6774 	} else {
6775 		if(verbosity >= VERB_ALGO) {
6776 			char zname[255+1];
6777 			dname_str(xfr->name, zname);
6778 			verbose(VERB_ALGO, "auth zone %s host %s type %s probe lookup failed", zname, xfr->task_probe->lookup_target->host, (xfr->task_probe->lookup_aaaa?"AAAA":"A"));
6779 		}
6780 	}
6781 	if(xfr->task_probe->lookup_target->list &&
6782 		xfr->task_probe->lookup_target == xfr_probe_current_master(xfr))
6783 		xfr->task_probe->scan_addr = xfr->task_probe->lookup_target->list;
6784 
6785 	/* move to lookup AAAA after A lookup, move to next hostname lookup,
6786 	 * or move to send the probes, or, if nothing to do, end task_probe */
6787 	xfr_probe_move_to_next_lookup(xfr, env);
6788 	xfr_probe_send_or_end(xfr, env);
6789 }
6790 
6791 /** disown task_nextprobe.  caller must hold xfr.lock */
6792 static void
6793 xfr_nextprobe_disown(struct auth_xfer* xfr)
6794 {
6795 	/* delete the timer, because the next worker to pick this up may
6796 	 * not have the same event base */
6797 	comm_timer_delete(xfr->task_nextprobe->timer);
6798 	xfr->task_nextprobe->timer = NULL;
6799 	xfr->task_nextprobe->next_probe = 0;
6800 	/* we don't own this item anymore */
6801 	xfr->task_nextprobe->worker = NULL;
6802 	xfr->task_nextprobe->env = NULL;
6803 }
6804 
6805 /** xfer nextprobe timeout callback, this is part of task_nextprobe */
6806 void
6807 auth_xfer_timer(void* arg)
6808 {
6809 	struct auth_xfer* xfr = (struct auth_xfer*)arg;
6810 	struct module_env* env;
6811 	log_assert(xfr->task_nextprobe);
6812 	lock_basic_lock(&xfr->lock);
6813 	env = xfr->task_nextprobe->env;
6814 	if(!env || env->outnet->want_to_quit) {
6815 		lock_basic_unlock(&xfr->lock);
6816 		return; /* stop on quit */
6817 	}
6818 
6819 	/* see if zone has expired, and if so, also set auth_zone expired */
6820 	if(xfr->have_zone && !xfr->zone_expired &&
6821 	   *env->now >= xfr->lease_time + xfr->expiry) {
6822 		lock_basic_unlock(&xfr->lock);
6823 		auth_xfer_set_expired(xfr, env, 1);
6824 		lock_basic_lock(&xfr->lock);
6825 	}
6826 
6827 	xfr_nextprobe_disown(xfr);
6828 
6829 	if(!xfr_start_probe(xfr, env, NULL)) {
6830 		/* not started because already in progress */
6831 		lock_basic_unlock(&xfr->lock);
6832 	}
6833 }
6834 
6835 /** return true if there are probe (SOA UDP query) targets in the master list*/
6836 static int
6837 have_probe_targets(struct auth_master* list)
6838 {
6839 	struct auth_master* p;
6840 	for(p=list; p; p = p->next) {
6841 		if(!p->allow_notify && p->host)
6842 			return 1;
6843 	}
6844 	return 0;
6845 }
6846 
6847 /** start task_probe if possible, if no masters for probe start task_transfer
6848  * returns true if task has been started, and false if the task is already
6849  * in progress. */
6850 static int
6851 xfr_start_probe(struct auth_xfer* xfr, struct module_env* env,
6852 	struct auth_master* spec)
6853 {
6854 	/* see if we need to start a probe (or maybe it is already in
6855 	 * progress (due to notify)) */
6856 	if(xfr->task_probe->worker == NULL) {
6857 		if(!have_probe_targets(xfr->task_probe->masters) &&
6858 			!(xfr->task_probe->only_lookup &&
6859 			xfr->task_probe->masters != NULL)) {
6860 			/* useless to pick up task_probe, no masters to
6861 			 * probe. Instead attempt to pick up task transfer */
6862 			if(xfr->task_transfer->worker == NULL) {
6863 				xfr_start_transfer(xfr, env, spec);
6864 				return 1;
6865 			}
6866 			/* task transfer already in progress */
6867 			return 0;
6868 		}
6869 
6870 		/* pick up the probe task ourselves */
6871 		xfr->task_probe->worker = env->worker;
6872 		xfr->task_probe->env = env;
6873 		xfr->task_probe->cp = NULL;
6874 
6875 		/* start the task */
6876 		/* have not seen a new lease yet, this scan */
6877 		xfr->task_probe->have_new_lease = 0;
6878 		/* if this was a timeout, no specific first master to scan */
6879 		/* otherwise, spec is nonNULL the notified master, scan
6880 		 * first and also transfer first from it */
6881 		xfr_probe_start_list(xfr, spec);
6882 		/* setup to start the lookup of hostnames of masters afresh */
6883 		xfr_probe_start_lookups(xfr);
6884 		/* send the probe packet or next send, or end task */
6885 		xfr_probe_send_or_end(xfr, env);
6886 		return 1;
6887 	}
6888 	return 0;
6889 }
6890 
6891 /** for task_nextprobe.
6892  * determine next timeout for auth_xfer. Also (re)sets timer.
6893  * @param xfr: task structure
6894  * @param env: module environment, with worker and time.
6895  * @param failure: set true if timer should be set for failure retry.
6896  * @param lookup_only: only perform lookups when timer done, 0 sec timeout
6897  */
6898 static void
6899 xfr_set_timeout(struct auth_xfer* xfr, struct module_env* env,
6900 	int failure, int lookup_only)
6901 {
6902 	struct timeval tv;
6903 	log_assert(xfr->task_nextprobe != NULL);
6904 	log_assert(xfr->task_nextprobe->worker == NULL ||
6905 		xfr->task_nextprobe->worker == env->worker);
6906 	/* normally, nextprobe = startoflease + refresh,
6907 	 * but if expiry is sooner, use that one.
6908 	 * after a failure, use the retry timer instead. */
6909 	xfr->task_nextprobe->next_probe = *env->now;
6910 	if(xfr->lease_time && !failure)
6911 		xfr->task_nextprobe->next_probe = xfr->lease_time;
6912 
6913 	if(!failure) {
6914 		xfr->task_nextprobe->backoff = 0;
6915 	} else {
6916 		if(xfr->task_nextprobe->backoff == 0)
6917 				xfr->task_nextprobe->backoff = 3;
6918 		else	xfr->task_nextprobe->backoff *= 2;
6919 		if(xfr->task_nextprobe->backoff > AUTH_TRANSFER_MAX_BACKOFF)
6920 			xfr->task_nextprobe->backoff =
6921 				AUTH_TRANSFER_MAX_BACKOFF;
6922 	}
6923 
6924 	if(xfr->have_zone) {
6925 		time_t wait = xfr->refresh;
6926 		if(failure) wait = xfr->retry;
6927 		if(xfr->expiry < wait)
6928 			xfr->task_nextprobe->next_probe += xfr->expiry;
6929 		else	xfr->task_nextprobe->next_probe += wait;
6930 		if(failure)
6931 			xfr->task_nextprobe->next_probe +=
6932 				xfr->task_nextprobe->backoff;
6933 		/* put the timer exactly on expiry, if possible */
6934 		if(xfr->lease_time && xfr->lease_time+xfr->expiry <
6935 			xfr->task_nextprobe->next_probe &&
6936 			xfr->lease_time+xfr->expiry > *env->now)
6937 			xfr->task_nextprobe->next_probe =
6938 				xfr->lease_time+xfr->expiry;
6939 	} else {
6940 		xfr->task_nextprobe->next_probe +=
6941 			xfr->task_nextprobe->backoff;
6942 	}
6943 
6944 	if(!xfr->task_nextprobe->timer) {
6945 		xfr->task_nextprobe->timer = comm_timer_create(
6946 			env->worker_base, auth_xfer_timer, xfr);
6947 		if(!xfr->task_nextprobe->timer) {
6948 			/* failed to malloc memory. likely zone transfer
6949 			 * also fails for that. skip the timeout */
6950 			char zname[255+1];
6951 			dname_str(xfr->name, zname);
6952 			log_err("cannot allocate timer, no refresh for %s",
6953 				zname);
6954 			return;
6955 		}
6956 	}
6957 	xfr->task_nextprobe->worker = env->worker;
6958 	xfr->task_nextprobe->env = env;
6959 	if(*(xfr->task_nextprobe->env->now) <= xfr->task_nextprobe->next_probe)
6960 		tv.tv_sec = xfr->task_nextprobe->next_probe -
6961 			*(xfr->task_nextprobe->env->now);
6962 	else	tv.tv_sec = 0;
6963 	if(tv.tv_sec != 0 && lookup_only && xfr->task_probe->masters) {
6964 		/* don't lookup_only, if lookup timeout is 0 anyway,
6965 		 * or if we don't have masters to lookup */
6966 		tv.tv_sec = 0;
6967 		if(xfr->task_probe->worker == NULL)
6968 			xfr->task_probe->only_lookup = 1;
6969 	}
6970 	if(verbosity >= VERB_ALGO) {
6971 		char zname[255+1];
6972 		dname_str(xfr->name, zname);
6973 		verbose(VERB_ALGO, "auth zone %s timeout in %d seconds",
6974 			zname, (int)tv.tv_sec);
6975 	}
6976 	tv.tv_usec = 0;
6977 	comm_timer_set(xfr->task_nextprobe->timer, &tv);
6978 }
6979 
6980 /** initial pick up of worker timeouts, ties events to worker event loop */
6981 void
6982 auth_xfer_pickup_initial(struct auth_zones* az, struct module_env* env)
6983 {
6984 	struct auth_xfer* x;
6985 	lock_rw_wrlock(&az->lock);
6986 	RBTREE_FOR(x, struct auth_xfer*, &az->xtree) {
6987 		lock_basic_lock(&x->lock);
6988 		/* set lease_time, because we now have timestamp in env,
6989 		 * (not earlier during startup and apply_cfg), and this
6990 		 * notes the start time when the data was acquired */
6991 		if(x->have_zone)
6992 			x->lease_time = *env->now;
6993 		if(x->task_nextprobe && x->task_nextprobe->worker == NULL) {
6994 			xfr_set_timeout(x, env, 0, 1);
6995 		}
6996 		lock_basic_unlock(&x->lock);
6997 	}
6998 	lock_rw_unlock(&az->lock);
6999 }
7000 
7001 void auth_zones_cleanup(struct auth_zones* az)
7002 {
7003 	struct auth_xfer* x;
7004 	lock_rw_wrlock(&az->lock);
7005 	RBTREE_FOR(x, struct auth_xfer*, &az->xtree) {
7006 		lock_basic_lock(&x->lock);
7007 		if(x->task_nextprobe && x->task_nextprobe->worker != NULL) {
7008 			xfr_nextprobe_disown(x);
7009 		}
7010 		if(x->task_probe && x->task_probe->worker != NULL) {
7011 			xfr_probe_disown(x);
7012 		}
7013 		if(x->task_transfer && x->task_transfer->worker != NULL) {
7014 			auth_chunks_delete(x->task_transfer);
7015 			xfr_transfer_disown(x);
7016 		}
7017 		lock_basic_unlock(&x->lock);
7018 	}
7019 	lock_rw_unlock(&az->lock);
7020 }
7021 
7022 /**
7023  * malloc the xfer and tasks
7024  * @param z: auth_zone with name of zone.
7025  */
7026 static struct auth_xfer*
7027 auth_xfer_new(struct auth_zone* z)
7028 {
7029 	struct auth_xfer* xfr;
7030 	xfr = (struct auth_xfer*)calloc(1, sizeof(*xfr));
7031 	if(!xfr) return NULL;
7032 	xfr->name = memdup(z->name, z->namelen);
7033 	if(!xfr->name) {
7034 		free(xfr);
7035 		return NULL;
7036 	}
7037 	xfr->node.key = xfr;
7038 	xfr->namelen = z->namelen;
7039 	xfr->namelabs = z->namelabs;
7040 	xfr->dclass = z->dclass;
7041 
7042 	xfr->task_nextprobe = (struct auth_nextprobe*)calloc(1,
7043 		sizeof(struct auth_nextprobe));
7044 	if(!xfr->task_nextprobe) {
7045 		free(xfr->name);
7046 		free(xfr);
7047 		return NULL;
7048 	}
7049 	xfr->task_probe = (struct auth_probe*)calloc(1,
7050 		sizeof(struct auth_probe));
7051 	if(!xfr->task_probe) {
7052 		free(xfr->task_nextprobe);
7053 		free(xfr->name);
7054 		free(xfr);
7055 		return NULL;
7056 	}
7057 	xfr->task_transfer = (struct auth_transfer*)calloc(1,
7058 		sizeof(struct auth_transfer));
7059 	if(!xfr->task_transfer) {
7060 		free(xfr->task_probe);
7061 		free(xfr->task_nextprobe);
7062 		free(xfr->name);
7063 		free(xfr);
7064 		return NULL;
7065 	}
7066 
7067 	lock_basic_init(&xfr->lock);
7068 	lock_protect(&xfr->lock, &xfr->name, sizeof(xfr->name));
7069 	lock_protect(&xfr->lock, &xfr->namelen, sizeof(xfr->namelen));
7070 	lock_protect(&xfr->lock, xfr->name, xfr->namelen);
7071 	lock_protect(&xfr->lock, &xfr->namelabs, sizeof(xfr->namelabs));
7072 	lock_protect(&xfr->lock, &xfr->dclass, sizeof(xfr->dclass));
7073 	lock_protect(&xfr->lock, &xfr->notify_received, sizeof(xfr->notify_received));
7074 	lock_protect(&xfr->lock, &xfr->notify_serial, sizeof(xfr->notify_serial));
7075 	lock_protect(&xfr->lock, &xfr->zone_expired, sizeof(xfr->zone_expired));
7076 	lock_protect(&xfr->lock, &xfr->have_zone, sizeof(xfr->have_zone));
7077 	lock_protect(&xfr->lock, &xfr->serial, sizeof(xfr->serial));
7078 	lock_protect(&xfr->lock, &xfr->retry, sizeof(xfr->retry));
7079 	lock_protect(&xfr->lock, &xfr->refresh, sizeof(xfr->refresh));
7080 	lock_protect(&xfr->lock, &xfr->expiry, sizeof(xfr->expiry));
7081 	lock_protect(&xfr->lock, &xfr->lease_time, sizeof(xfr->lease_time));
7082 	lock_protect(&xfr->lock, &xfr->task_nextprobe->worker,
7083 		sizeof(xfr->task_nextprobe->worker));
7084 	lock_protect(&xfr->lock, &xfr->task_probe->worker,
7085 		sizeof(xfr->task_probe->worker));
7086 	lock_protect(&xfr->lock, &xfr->task_transfer->worker,
7087 		sizeof(xfr->task_transfer->worker));
7088 	lock_basic_lock(&xfr->lock);
7089 	return xfr;
7090 }
7091 
7092 /** Create auth_xfer structure.
7093  * This populates the have_zone, soa values, and so on times.
7094  * and sets the timeout, if a zone transfer is needed a short timeout is set.
7095  * For that the auth_zone itself must exist (and read in zonefile)
7096  * returns false on alloc failure. */
7097 struct auth_xfer*
7098 auth_xfer_create(struct auth_zones* az, struct auth_zone* z)
7099 {
7100 	struct auth_xfer* xfr;
7101 
7102 	/* malloc it */
7103 	xfr = auth_xfer_new(z);
7104 	if(!xfr) {
7105 		log_err("malloc failure");
7106 		return NULL;
7107 	}
7108 	/* insert in tree */
7109 	(void)rbtree_insert(&az->xtree, &xfr->node);
7110 	return xfr;
7111 }
7112 
7113 /** create new auth_master structure */
7114 static struct auth_master*
7115 auth_master_new(struct auth_master*** list)
7116 {
7117 	struct auth_master *m;
7118 	m = (struct auth_master*)calloc(1, sizeof(*m));
7119 	if(!m) {
7120 		log_err("malloc failure");
7121 		return NULL;
7122 	}
7123 	/* set first pointer to m, or next pointer of previous element to m */
7124 	(**list) = m;
7125 	/* store m's next pointer as future point to store at */
7126 	(*list) = &(m->next);
7127 	return m;
7128 }
7129 
7130 /** dup_prefix : create string from initial part of other string, malloced */
7131 static char*
7132 dup_prefix(char* str, size_t num)
7133 {
7134 	char* result;
7135 	size_t len = strlen(str);
7136 	if(len < num) num = len; /* not more than strlen */
7137 	result = (char*)malloc(num+1);
7138 	if(!result) {
7139 		log_err("malloc failure");
7140 		return result;
7141 	}
7142 	memmove(result, str, num);
7143 	result[num] = 0;
7144 	return result;
7145 }
7146 
7147 /** dup string and print error on error */
7148 static char*
7149 dup_all(char* str)
7150 {
7151 	char* result = strdup(str);
7152 	if(!result) {
7153 		log_err("malloc failure");
7154 		return NULL;
7155 	}
7156 	return result;
7157 }
7158 
7159 /** find first of two characters */
7160 static char*
7161 str_find_first_of_chars(char* s, char a, char b)
7162 {
7163 	char* ra = strchr(s, a);
7164 	char* rb = strchr(s, b);
7165 	if(!ra) return rb;
7166 	if(!rb) return ra;
7167 	if(ra < rb) return ra;
7168 	return rb;
7169 }
7170 
7171 /** parse URL into host and file parts, false on malloc or parse error */
7172 static int
7173 parse_url(char* url, char** host, char** file, int* port, int* ssl)
7174 {
7175 	char* p = url;
7176 	/* parse http://www.example.com/file.htm
7177 	 * or http://127.0.0.1   (index.html)
7178 	 * or https://[::1@1234]/a/b/c/d */
7179 	*ssl = 1;
7180 	*port = AUTH_HTTPS_PORT;
7181 
7182 	/* parse http:// or https:// */
7183 	if(strncmp(p, "http://", 7) == 0) {
7184 		p += 7;
7185 		*ssl = 0;
7186 		*port = AUTH_HTTP_PORT;
7187 	} else if(strncmp(p, "https://", 8) == 0) {
7188 		p += 8;
7189 	} else if(strstr(p, "://") && strchr(p, '/') > strstr(p, "://") &&
7190 		strchr(p, ':') >= strstr(p, "://")) {
7191 		char* uri = dup_prefix(p, (size_t)(strstr(p, "://")-p));
7192 		log_err("protocol %s:// not supported (for url %s)",
7193 			uri?uri:"", p);
7194 		free(uri);
7195 		return 0;
7196 	}
7197 
7198 	/* parse hostname part */
7199 	if(p[0] == '[') {
7200 		char* end = strchr(p, ']');
7201 		p++; /* skip over [ */
7202 		if(end) {
7203 			*host = dup_prefix(p, (size_t)(end-p));
7204 			if(!*host) return 0;
7205 			p = end+1; /* skip over ] */
7206 		} else {
7207 			*host = dup_all(p);
7208 			if(!*host) return 0;
7209 			p = end;
7210 		}
7211 	} else {
7212 		char* end = str_find_first_of_chars(p, ':', '/');
7213 		if(end) {
7214 			*host = dup_prefix(p, (size_t)(end-p));
7215 			if(!*host) return 0;
7216 		} else {
7217 			*host = dup_all(p);
7218 			if(!*host) return 0;
7219 		}
7220 		p = end; /* at next : or / or NULL */
7221 	}
7222 
7223 	/* parse port number */
7224 	if(p && p[0] == ':') {
7225 		char* end = NULL;
7226 		*port = strtol(p+1, &end, 10);
7227 		p = end;
7228 	}
7229 
7230 	/* parse filename part */
7231 	while(p && *p == '/')
7232 		p++;
7233 	if(!p || p[0] == 0)
7234 		*file = strdup("/");
7235 	else	*file = strdup(p);
7236 	if(!*file) {
7237 		log_err("malloc failure");
7238 		return 0;
7239 	}
7240 	return 1;
7241 }
7242 
7243 int
7244 xfer_set_masters(struct auth_master** list, struct config_auth* c,
7245 	int with_http)
7246 {
7247 	struct auth_master* m;
7248 	struct config_strlist* p;
7249 	/* list points to the first, or next pointer for the new element */
7250 	while(*list) {
7251 		list = &( (*list)->next );
7252 	}
7253 	if(with_http)
7254 	  for(p = c->urls; p; p = p->next) {
7255 		m = auth_master_new(&list);
7256 		if(!m) return 0;
7257 		m->http = 1;
7258 		if(!parse_url(p->str, &m->host, &m->file, &m->port, &m->ssl))
7259 			return 0;
7260 	}
7261 	for(p = c->masters; p; p = p->next) {
7262 		m = auth_master_new(&list);
7263 		if(!m) return 0;
7264 		m->ixfr = 1; /* this flag is not configurable */
7265 		m->host = strdup(p->str);
7266 		if(!m->host) {
7267 			log_err("malloc failure");
7268 			return 0;
7269 		}
7270 	}
7271 	for(p = c->allow_notify; p; p = p->next) {
7272 		m = auth_master_new(&list);
7273 		if(!m) return 0;
7274 		m->allow_notify = 1;
7275 		m->host = strdup(p->str);
7276 		if(!m->host) {
7277 			log_err("malloc failure");
7278 			return 0;
7279 		}
7280 	}
7281 	return 1;
7282 }
7283 
7284 #define SERIAL_BITS	32
7285 int
7286 compare_serial(uint32_t a, uint32_t b)
7287 {
7288 	const uint32_t cutoff = ((uint32_t) 1 << (SERIAL_BITS - 1));
7289 
7290 	if (a == b) {
7291 		return 0;
7292 	} else if ((a < b && b - a < cutoff) || (a > b && a - b > cutoff)) {
7293 		return -1;
7294 	} else {
7295 		return 1;
7296 	}
7297 }
7298 
7299 int zonemd_hashalgo_supported(int hashalgo)
7300 {
7301 	if(hashalgo == ZONEMD_ALGO_SHA384) return 1;
7302 	if(hashalgo == ZONEMD_ALGO_SHA512) return 1;
7303 	return 0;
7304 }
7305 
7306 int zonemd_scheme_supported(int scheme)
7307 {
7308 	if(scheme == ZONEMD_SCHEME_SIMPLE) return 1;
7309 	return 0;
7310 }
7311 
7312 /** initialize hash for hashing with zonemd hash algo */
7313 static struct secalgo_hash* zonemd_digest_init(int hashalgo, char** reason)
7314 {
7315 	struct secalgo_hash *h;
7316 	if(hashalgo == ZONEMD_ALGO_SHA384) {
7317 		/* sha384 */
7318 		h = secalgo_hash_create_sha384();
7319 		if(!h)
7320 			*reason = "digest sha384 could not be created";
7321 		return h;
7322 	} else if(hashalgo == ZONEMD_ALGO_SHA512) {
7323 		/* sha512 */
7324 		h = secalgo_hash_create_sha512();
7325 		if(!h)
7326 			*reason = "digest sha512 could not be created";
7327 		return h;
7328 	}
7329 	/* unknown hash algo */
7330 	*reason = "unsupported algorithm";
7331 	return NULL;
7332 }
7333 
7334 /** update the hash for zonemd */
7335 static int zonemd_digest_update(int hashalgo, struct secalgo_hash* h,
7336 	uint8_t* data, size_t len, char** reason)
7337 {
7338 	if(hashalgo == ZONEMD_ALGO_SHA384) {
7339 		if(!secalgo_hash_update(h, data, len)) {
7340 			*reason = "digest sha384 failed";
7341 			return 0;
7342 		}
7343 		return 1;
7344 	} else if(hashalgo == ZONEMD_ALGO_SHA512) {
7345 		if(!secalgo_hash_update(h, data, len)) {
7346 			*reason = "digest sha512 failed";
7347 			return 0;
7348 		}
7349 		return 1;
7350 	}
7351 	/* unknown hash algo */
7352 	*reason = "unsupported algorithm";
7353 	return 0;
7354 }
7355 
7356 /** finish the hash for zonemd */
7357 static int zonemd_digest_finish(int hashalgo, struct secalgo_hash* h,
7358 	uint8_t* result, size_t hashlen, size_t* resultlen, char** reason)
7359 {
7360 	if(hashalgo == ZONEMD_ALGO_SHA384) {
7361 		if(hashlen < 384/8) {
7362 			*reason = "digest buffer too small for sha384";
7363 			return 0;
7364 		}
7365 		if(!secalgo_hash_final(h, result, hashlen, resultlen)) {
7366 			*reason = "digest sha384 finish failed";
7367 			return 0;
7368 		}
7369 		return 1;
7370 	} else if(hashalgo == ZONEMD_ALGO_SHA512) {
7371 		if(hashlen < 512/8) {
7372 			*reason = "digest buffer too small for sha512";
7373 			return 0;
7374 		}
7375 		if(!secalgo_hash_final(h, result, hashlen, resultlen)) {
7376 			*reason = "digest sha512 finish failed";
7377 			return 0;
7378 		}
7379 		return 1;
7380 	}
7381 	/* unknown algo */
7382 	*reason = "unsupported algorithm";
7383 	return 0;
7384 }
7385 
7386 /** add rrsets from node to the list */
7387 static size_t authdata_rrsets_to_list(struct auth_rrset** array,
7388 	size_t arraysize, struct auth_rrset* first)
7389 {
7390 	struct auth_rrset* rrset = first;
7391 	size_t num = 0;
7392 	while(rrset) {
7393 		if(num >= arraysize)
7394 			return num;
7395 		array[num] = rrset;
7396 		num++;
7397 		rrset = rrset->next;
7398 	}
7399 	return num;
7400 }
7401 
7402 /** compare rr list entries */
7403 static int rrlist_compare(const void* arg1, const void* arg2)
7404 {
7405 	struct auth_rrset* r1 = *(struct auth_rrset**)arg1;
7406 	struct auth_rrset* r2 = *(struct auth_rrset**)arg2;
7407 	uint16_t t1, t2;
7408 	if(r1 == NULL) t1 = LDNS_RR_TYPE_RRSIG;
7409 	else t1 = r1->type;
7410 	if(r2 == NULL) t2 = LDNS_RR_TYPE_RRSIG;
7411 	else t2 = r2->type;
7412 	if(t1 < t2)
7413 		return -1;
7414 	if(t1 > t2)
7415 		return 1;
7416 	return 0;
7417 }
7418 
7419 /** add type RRSIG to rr list if not one there already,
7420  * this is to perform RRSIG collate processing at that point. */
7421 static void addrrsigtype_if_needed(struct auth_rrset** array,
7422 	size_t arraysize, size_t* rrnum, struct auth_data* node)
7423 {
7424 	if(az_domain_rrset(node, LDNS_RR_TYPE_RRSIG))
7425 		return; /* already one there */
7426 	if((*rrnum) >= arraysize)
7427 		return; /* array too small? */
7428 	array[*rrnum] = NULL; /* nothing there, but need entry in list */
7429 	(*rrnum)++;
7430 }
7431 
7432 /** collate the RRs in an RRset using the simple scheme */
7433 static int zonemd_simple_rrset(struct auth_zone* z, int hashalgo,
7434 	struct secalgo_hash* h, struct auth_data* node,
7435 	struct auth_rrset* rrset, struct regional* region,
7436 	struct sldns_buffer* buf, char** reason)
7437 {
7438 	/* canonicalize */
7439 	struct ub_packed_rrset_key key;
7440 	memset(&key, 0, sizeof(key));
7441 	key.entry.key = &key;
7442 	key.entry.data = rrset->data;
7443 	key.rk.dname = node->name;
7444 	key.rk.dname_len = node->namelen;
7445 	key.rk.type = htons(rrset->type);
7446 	key.rk.rrset_class = htons(z->dclass);
7447 	if(!rrset_canonicalize_to_buffer(region, buf, &key)) {
7448 		*reason = "out of memory";
7449 		return 0;
7450 	}
7451 	regional_free_all(region);
7452 
7453 	/* hash */
7454 	if(!zonemd_digest_update(hashalgo, h, sldns_buffer_begin(buf),
7455 		sldns_buffer_limit(buf), reason)) {
7456 		return 0;
7457 	}
7458 	return 1;
7459 }
7460 
7461 /** count number of RRSIGs in a domain name rrset list */
7462 static size_t zonemd_simple_count_rrsig(struct auth_rrset* rrset,
7463 	struct auth_rrset** rrlist, size_t rrnum,
7464 	struct auth_zone* z, struct auth_data* node)
7465 {
7466 	size_t i, count = 0;
7467 	if(rrset) {
7468 		size_t j;
7469 		for(j = 0; j<rrset->data->count; j++) {
7470 			if(rrsig_rdata_get_type_covered(rrset->data->
7471 				rr_data[j], rrset->data->rr_len[j]) ==
7472 				LDNS_RR_TYPE_ZONEMD &&
7473 				query_dname_compare(z->name, node->name)==0) {
7474 				/* omit RRSIGs over type ZONEMD at apex */
7475 				continue;
7476 			}
7477 			count++;
7478 		}
7479 	}
7480 	for(i=0; i<rrnum; i++) {
7481 		if(rrlist[i] && rrlist[i]->type == LDNS_RR_TYPE_ZONEMD &&
7482 			query_dname_compare(z->name, node->name)==0) {
7483 			/* omit RRSIGs over type ZONEMD at apex */
7484 			continue;
7485 		}
7486 		count += (rrlist[i]?rrlist[i]->data->rrsig_count:0);
7487 	}
7488 	return count;
7489 }
7490 
7491 /** allocate sparse rrset data for the number of entries in tepm region */
7492 static int zonemd_simple_rrsig_allocs(struct regional* region,
7493 	struct packed_rrset_data* data, size_t count)
7494 {
7495 	data->rr_len = regional_alloc(region, sizeof(*data->rr_len) * count);
7496 	if(!data->rr_len) {
7497 		return 0;
7498 	}
7499 	data->rr_ttl = regional_alloc(region, sizeof(*data->rr_ttl) * count);
7500 	if(!data->rr_ttl) {
7501 		return 0;
7502 	}
7503 	data->rr_data = regional_alloc(region, sizeof(*data->rr_data) * count);
7504 	if(!data->rr_data) {
7505 		return 0;
7506 	}
7507 	return 1;
7508 }
7509 
7510 /** add the RRSIGs from the rrs in the domain into the data */
7511 static void add_rrlist_rrsigs_into_data(struct packed_rrset_data* data,
7512 	size_t* done, struct auth_rrset** rrlist, size_t rrnum,
7513 	struct auth_zone* z, struct auth_data* node)
7514 {
7515 	size_t i;
7516 	for(i=0; i<rrnum; i++) {
7517 		size_t j;
7518 		if(!rrlist[i])
7519 			continue;
7520 		if(rrlist[i]->type == LDNS_RR_TYPE_ZONEMD &&
7521 			query_dname_compare(z->name, node->name)==0) {
7522 			/* omit RRSIGs over type ZONEMD at apex */
7523 			continue;
7524 		}
7525 		for(j = 0; j<rrlist[i]->data->rrsig_count; j++) {
7526 			data->rr_len[*done] = rrlist[i]->data->rr_len[rrlist[i]->data->count + j];
7527 			data->rr_ttl[*done] = rrlist[i]->data->rr_ttl[rrlist[i]->data->count + j];
7528 			/* reference the rdata in the rrset, no need to
7529 			 * copy it, it is no longer needed at the end of
7530 			 * the routine */
7531 			data->rr_data[*done] = rrlist[i]->data->rr_data[rrlist[i]->data->count + j];
7532 			(*done)++;
7533 		}
7534 	}
7535 }
7536 
7537 static void add_rrset_into_data(struct packed_rrset_data* data,
7538 	size_t* done, struct auth_rrset* rrset,
7539 	struct auth_zone* z, struct auth_data* node)
7540 {
7541 	if(rrset) {
7542 		size_t j;
7543 		for(j = 0; j<rrset->data->count; j++) {
7544 			if(rrsig_rdata_get_type_covered(rrset->data->
7545 				rr_data[j], rrset->data->rr_len[j]) ==
7546 				LDNS_RR_TYPE_ZONEMD &&
7547 				query_dname_compare(z->name, node->name)==0) {
7548 				/* omit RRSIGs over type ZONEMD at apex */
7549 				continue;
7550 			}
7551 			data->rr_len[*done] = rrset->data->rr_len[j];
7552 			data->rr_ttl[*done] = rrset->data->rr_ttl[j];
7553 			/* reference the rdata in the rrset, no need to
7554 			 * copy it, it is no longer need at the end of
7555 			 * the routine */
7556 			data->rr_data[*done] = rrset->data->rr_data[j];
7557 			(*done)++;
7558 		}
7559 	}
7560 }
7561 
7562 /** collate the RRSIGs using the simple scheme */
7563 static int zonemd_simple_rrsig(struct auth_zone* z, int hashalgo,
7564 	struct secalgo_hash* h, struct auth_data* node,
7565 	struct auth_rrset* rrset, struct auth_rrset** rrlist, size_t rrnum,
7566 	struct regional* region, struct sldns_buffer* buf, char** reason)
7567 {
7568 	/* the rrset pointer can be NULL, this means it is type RRSIG and
7569 	 * there is no ordinary type RRSIG there.  The RRSIGs are stored
7570 	 * with the RRsets in their data.
7571 	 *
7572 	 * The RRset pointer can be nonNULL. This happens if there is
7573 	 * no RR that is covered by the RRSIG for the domain.  Then this
7574 	 * RRSIG RR is stored in an rrset of type RRSIG. The other RRSIGs
7575 	 * are stored in the rrset entries for the RRs in the rr list for
7576 	 * the domain node.  We need to collate the rrset's data, if any, and
7577 	 * the rrlist's rrsigs */
7578 	/* if this is the apex, omit RRSIGs that cover type ZONEMD */
7579 	/* build rrsig rrset */
7580 	size_t done = 0;
7581 	struct ub_packed_rrset_key key;
7582 	struct packed_rrset_data data;
7583 	memset(&key, 0, sizeof(key));
7584 	memset(&data, 0, sizeof(data));
7585 	key.entry.key = &key;
7586 	key.entry.data = &data;
7587 	key.rk.dname = node->name;
7588 	key.rk.dname_len = node->namelen;
7589 	key.rk.type = htons(LDNS_RR_TYPE_RRSIG);
7590 	key.rk.rrset_class = htons(z->dclass);
7591 	data.count = zonemd_simple_count_rrsig(rrset, rrlist, rrnum, z, node);
7592 	if(!zonemd_simple_rrsig_allocs(region, &data, data.count)) {
7593 		*reason = "out of memory";
7594 		regional_free_all(region);
7595 		return 0;
7596 	}
7597 	/* all the RRSIGs stored in the other rrsets for this domain node */
7598 	add_rrlist_rrsigs_into_data(&data, &done, rrlist, rrnum, z, node);
7599 	/* plus the RRSIGs stored in an rrset of type RRSIG for this node */
7600 	add_rrset_into_data(&data, &done, rrset, z, node);
7601 
7602 	/* canonicalize */
7603 	if(!rrset_canonicalize_to_buffer(region, buf, &key)) {
7604 		*reason = "out of memory";
7605 		regional_free_all(region);
7606 		return 0;
7607 	}
7608 	regional_free_all(region);
7609 
7610 	/* hash */
7611 	if(!zonemd_digest_update(hashalgo, h, sldns_buffer_begin(buf),
7612 		sldns_buffer_limit(buf), reason)) {
7613 		return 0;
7614 	}
7615 	return 1;
7616 }
7617 
7618 /** collate a domain's rrsets using the simple scheme */
7619 static int zonemd_simple_domain(struct auth_zone* z, int hashalgo,
7620 	struct secalgo_hash* h, struct auth_data* node,
7621 	struct regional* region, struct sldns_buffer* buf, char** reason)
7622 {
7623 	const size_t rrlistsize = 65536;
7624 	struct auth_rrset* rrlist[rrlistsize];
7625 	size_t i, rrnum = 0;
7626 	/* see if the domain is out of scope, the zone origin,
7627 	 * that would be omitted */
7628 	if(!dname_subdomain_c(node->name, z->name))
7629 		return 1; /* continue */
7630 	/* loop over the rrsets in ascending order. */
7631 	rrnum = authdata_rrsets_to_list(rrlist, rrlistsize, node->rrsets);
7632 	addrrsigtype_if_needed(rrlist, rrlistsize, &rrnum, node);
7633 	qsort(rrlist, rrnum, sizeof(*rrlist), rrlist_compare);
7634 	for(i=0; i<rrnum; i++) {
7635 		if(rrlist[i] && rrlist[i]->type == LDNS_RR_TYPE_ZONEMD &&
7636 			query_dname_compare(z->name, node->name) == 0) {
7637 			/* omit type ZONEMD at apex */
7638 			continue;
7639 		}
7640 		if(rrlist[i] == NULL || rrlist[i]->type ==
7641 			LDNS_RR_TYPE_RRSIG) {
7642 			if(!zonemd_simple_rrsig(z, hashalgo, h, node,
7643 				rrlist[i], rrlist, rrnum, region, buf, reason))
7644 				return 0;
7645 		} else if(!zonemd_simple_rrset(z, hashalgo, h, node,
7646 			rrlist[i], region, buf, reason)) {
7647 			return 0;
7648 		}
7649 	}
7650 	return 1;
7651 }
7652 
7653 /** collate the zone using the simple scheme */
7654 static int zonemd_simple_collate(struct auth_zone* z, int hashalgo,
7655 	struct secalgo_hash* h, struct regional* region,
7656 	struct sldns_buffer* buf, char** reason)
7657 {
7658 	/* our tree is sorted in canonical order, so we can just loop over
7659 	 * the tree */
7660 	struct auth_data* n;
7661 	RBTREE_FOR(n, struct auth_data*, &z->data) {
7662 		if(!zonemd_simple_domain(z, hashalgo, h, n, region, buf,
7663 			reason))
7664 			return 0;
7665 	}
7666 	return 1;
7667 }
7668 
7669 int auth_zone_generate_zonemd_hash(struct auth_zone* z, int scheme,
7670 	int hashalgo, uint8_t* hash, size_t hashlen, size_t* resultlen,
7671 	struct regional* region, struct sldns_buffer* buf, char** reason)
7672 {
7673 	struct secalgo_hash* h = zonemd_digest_init(hashalgo, reason);
7674 	if(!h) {
7675 		if(!*reason)
7676 			*reason = "digest init fail";
7677 		return 0;
7678 	}
7679 	if(scheme == ZONEMD_SCHEME_SIMPLE) {
7680 		if(!zonemd_simple_collate(z, hashalgo, h, region, buf, reason)) {
7681 			if(!*reason) *reason = "scheme simple collate fail";
7682 			secalgo_hash_delete(h);
7683 			return 0;
7684 		}
7685 	}
7686 	if(!zonemd_digest_finish(hashalgo, h, hash, hashlen, resultlen,
7687 		reason)) {
7688 		secalgo_hash_delete(h);
7689 		*reason = "digest finish fail";
7690 		return 0;
7691 	}
7692 	secalgo_hash_delete(h);
7693 	return 1;
7694 }
7695 
7696 int auth_zone_generate_zonemd_check(struct auth_zone* z, int scheme,
7697 	int hashalgo, uint8_t* hash, size_t hashlen, struct regional* region,
7698 	struct sldns_buffer* buf, char** reason)
7699 {
7700 	uint8_t gen[512];
7701 	size_t genlen = 0;
7702 	*reason = NULL;
7703 	if(!zonemd_hashalgo_supported(hashalgo)) {
7704 		/* allow it */
7705 		*reason = "unsupported algorithm";
7706 		return 1;
7707 	}
7708 	if(!zonemd_scheme_supported(scheme)) {
7709 		/* allow it */
7710 		*reason = "unsupported scheme";
7711 		return 1;
7712 	}
7713 	if(hashlen < 12) {
7714 		/* the ZONEMD draft requires digests to fail if too small */
7715 		*reason = "digest length too small, less than 12";
7716 		return 0;
7717 	}
7718 	/* generate digest */
7719 	if(!auth_zone_generate_zonemd_hash(z, scheme, hashalgo, gen,
7720 		sizeof(gen), &genlen, region, buf, reason)) {
7721 		/* reason filled in by zonemd hash routine */
7722 		return 0;
7723 	}
7724 	/* check digest length */
7725 	if(hashlen != genlen) {
7726 		*reason = "incorrect digest length";
7727 		if(verbosity >= VERB_ALGO) {
7728 			verbose(VERB_ALGO, "zonemd scheme=%d hashalgo=%d",
7729 				scheme, hashalgo);
7730 			log_hex("ZONEMD should be  ", gen, genlen);
7731 			log_hex("ZONEMD to check is", hash, hashlen);
7732 		}
7733 		return 0;
7734 	}
7735 	/* check digest */
7736 	if(memcmp(hash, gen, genlen) != 0) {
7737 		*reason = "incorrect digest";
7738 		if(verbosity >= VERB_ALGO) {
7739 			verbose(VERB_ALGO, "zonemd scheme=%d hashalgo=%d",
7740 				scheme, hashalgo);
7741 			log_hex("ZONEMD should be  ", gen, genlen);
7742 			log_hex("ZONEMD to check is", hash, hashlen);
7743 		}
7744 		return 0;
7745 	}
7746 	return 1;
7747 }
7748 
7749 /** log auth zone message with zone name in front. */
7750 static void auth_zone_log(uint8_t* name, enum verbosity_value level,
7751 	const char* format, ...) ATTR_FORMAT(printf, 3, 4);
7752 static void auth_zone_log(uint8_t* name, enum verbosity_value level,
7753 	const char* format, ...)
7754 {
7755 	va_list args;
7756 	va_start(args, format);
7757 	if(verbosity >= level) {
7758 		char str[255+1];
7759 		char msg[MAXSYSLOGMSGLEN];
7760 		dname_str(name, str);
7761 		vsnprintf(msg, sizeof(msg), format, args);
7762 		verbose(level, "auth zone %s %s", str, msg);
7763 	}
7764 	va_end(args);
7765 }
7766 
7767 /** ZONEMD, dnssec verify the rrset with the dnskey */
7768 static int zonemd_dnssec_verify_rrset(struct auth_zone* z,
7769 	struct module_env* env, struct module_stack* mods,
7770 	struct ub_packed_rrset_key* dnskey, struct auth_data* node,
7771 	struct auth_rrset* rrset, char** why_bogus, uint8_t* sigalg)
7772 {
7773 	struct ub_packed_rrset_key pk;
7774 	enum sec_status sec;
7775 	struct val_env* ve;
7776 	int m;
7777 	m = modstack_find(mods, "validator");
7778 	if(m == -1) {
7779 		auth_zone_log(z->name, VERB_ALGO, "zonemd dnssec verify: have "
7780 			"DNSKEY chain of trust, but no validator module");
7781 		return 0;
7782 	}
7783 	ve = (struct val_env*)env->modinfo[m];
7784 
7785 	memset(&pk, 0, sizeof(pk));
7786 	pk.entry.key = &pk;
7787 	pk.entry.data = rrset->data;
7788 	pk.rk.dname = node->name;
7789 	pk.rk.dname_len = node->namelen;
7790 	pk.rk.type = htons(rrset->type);
7791 	pk.rk.rrset_class = htons(z->dclass);
7792 	if(verbosity >= VERB_ALGO) {
7793 		char typestr[32];
7794 		typestr[0]=0;
7795 		sldns_wire2str_type_buf(rrset->type, typestr, sizeof(typestr));
7796 		auth_zone_log(z->name, VERB_ALGO,
7797 			"zonemd: verify %s RRset with DNSKEY", typestr);
7798 	}
7799 	sec = dnskeyset_verify_rrset(env, ve, &pk, dnskey, sigalg, why_bogus, NULL,
7800 		LDNS_SECTION_ANSWER, NULL);
7801 	if(sec == sec_status_secure) {
7802 		return 1;
7803 	}
7804 	if(why_bogus)
7805 		auth_zone_log(z->name, VERB_ALGO, "DNSSEC verify was bogus: %s", *why_bogus);
7806 	return 0;
7807 }
7808 
7809 /** check for nsec3, the RR with params equal, if bitmap has the type */
7810 static int nsec3_of_param_has_type(struct auth_rrset* nsec3, int algo,
7811 	size_t iter, uint8_t* salt, size_t saltlen, uint16_t rrtype)
7812 {
7813 	int i, count = (int)nsec3->data->count;
7814 	struct ub_packed_rrset_key pk;
7815 	memset(&pk, 0, sizeof(pk));
7816 	pk.entry.data = nsec3->data;
7817 	for(i=0; i<count; i++) {
7818 		int rralgo;
7819 		size_t rriter, rrsaltlen;
7820 		uint8_t* rrsalt;
7821 		if(!nsec3_get_params(&pk, i, &rralgo, &rriter, &rrsalt,
7822 			&rrsaltlen))
7823 			continue; /* no parameters, malformed */
7824 		if(rralgo != algo || rriter != iter || rrsaltlen != saltlen)
7825 			continue; /* different parameters */
7826 		if(saltlen != 0) {
7827 			if(rrsalt == NULL || salt == NULL)
7828 				continue;
7829 			if(memcmp(rrsalt, salt, saltlen) != 0)
7830 				continue; /* different salt parameters */
7831 		}
7832 		if(nsec3_has_type(&pk, i, rrtype))
7833 			return 1;
7834 	}
7835 	return 0;
7836 }
7837 
7838 /** Verify the absence of ZONEMD with DNSSEC by checking NSEC, NSEC3 type flag.
7839  * return false on failure, reason contains description of failure. */
7840 static int zonemd_check_dnssec_absence(struct auth_zone* z,
7841 	struct module_env* env, struct module_stack* mods,
7842 	struct ub_packed_rrset_key* dnskey, struct auth_data* apex,
7843 	char** reason, char** why_bogus, uint8_t* sigalg)
7844 {
7845 	struct auth_rrset* nsec = NULL;
7846 	if(!apex) {
7847 		*reason = "zone has no apex domain but ZONEMD missing";
7848 		return 0;
7849 	}
7850 	nsec = az_domain_rrset(apex, LDNS_RR_TYPE_NSEC);
7851 	if(nsec) {
7852 		struct ub_packed_rrset_key pk;
7853 		/* dnssec verify the NSEC */
7854 		if(!zonemd_dnssec_verify_rrset(z, env, mods, dnskey, apex,
7855 			nsec, why_bogus, sigalg)) {
7856 			*reason = "DNSSEC verify failed for NSEC RRset";
7857 			return 0;
7858 		}
7859 		/* check type bitmap */
7860 		memset(&pk, 0, sizeof(pk));
7861 		pk.entry.data = nsec->data;
7862 		if(nsec_has_type(&pk, LDNS_RR_TYPE_ZONEMD)) {
7863 			*reason = "DNSSEC NSEC bitmap says type ZONEMD exists";
7864 			return 0;
7865 		}
7866 		auth_zone_log(z->name, VERB_ALGO, "zonemd DNSSEC NSEC verification of absence of ZONEMD secure");
7867 	} else {
7868 		/* NSEC3 perhaps ? */
7869 		int algo;
7870 		size_t iter, saltlen;
7871 		uint8_t* salt;
7872 		struct auth_rrset* nsec3param = az_domain_rrset(apex,
7873 			LDNS_RR_TYPE_NSEC3PARAM);
7874 		struct auth_data* match;
7875 		struct auth_rrset* nsec3;
7876 		if(!nsec3param) {
7877 			*reason = "zone has no NSEC information but ZONEMD missing";
7878 			return 0;
7879 		}
7880 		if(!az_nsec3_param(z, &algo, &iter, &salt, &saltlen)) {
7881 			*reason = "zone has no NSEC information but ZONEMD missing";
7882 			return 0;
7883 		}
7884 		/* find the NSEC3 record */
7885 		match = az_nsec3_find_exact(z, z->name, z->namelen, algo,
7886 			iter, salt, saltlen);
7887 		if(!match) {
7888 			*reason = "zone has no NSEC3 domain for the apex but ZONEMD missing";
7889 			return 0;
7890 		}
7891 		nsec3 = az_domain_rrset(match, LDNS_RR_TYPE_NSEC3);
7892 		if(!nsec3) {
7893 			*reason = "zone has no NSEC3 RRset for the apex but ZONEMD missing";
7894 			return 0;
7895 		}
7896 		/* dnssec verify the NSEC3 */
7897 		if(!zonemd_dnssec_verify_rrset(z, env, mods, dnskey, match,
7898 			nsec3, why_bogus, sigalg)) {
7899 			*reason = "DNSSEC verify failed for NSEC3 RRset";
7900 			return 0;
7901 		}
7902 		/* check type bitmap */
7903 		if(nsec3_of_param_has_type(nsec3, algo, iter, salt, saltlen,
7904 			LDNS_RR_TYPE_ZONEMD)) {
7905 			*reason = "DNSSEC NSEC3 bitmap says type ZONEMD exists";
7906 			return 0;
7907 		}
7908 		auth_zone_log(z->name, VERB_ALGO, "zonemd DNSSEC NSEC3 verification of absence of ZONEMD secure");
7909 	}
7910 
7911 	return 1;
7912 }
7913 
7914 /** Verify the SOA and ZONEMD DNSSEC signatures.
7915  * return false on failure, reason contains description of failure. */
7916 static int zonemd_check_dnssec_soazonemd(struct auth_zone* z,
7917 	struct module_env* env, struct module_stack* mods,
7918 	struct ub_packed_rrset_key* dnskey, struct auth_data* apex,
7919 	struct auth_rrset* zonemd_rrset, char** reason, char** why_bogus,
7920 	uint8_t* sigalg)
7921 {
7922 	struct auth_rrset* soa;
7923 	if(!apex) {
7924 		*reason = "zone has no apex domain";
7925 		return 0;
7926 	}
7927 	soa = az_domain_rrset(apex, LDNS_RR_TYPE_SOA);
7928 	if(!soa) {
7929 		*reason = "zone has no SOA RRset";
7930 		return 0;
7931 	}
7932 	if(!zonemd_dnssec_verify_rrset(z, env, mods, dnskey, apex, soa,
7933 		why_bogus, sigalg)) {
7934 		*reason = "DNSSEC verify failed for SOA RRset";
7935 		return 0;
7936 	}
7937 	if(!zonemd_dnssec_verify_rrset(z, env, mods, dnskey, apex,
7938 		zonemd_rrset, why_bogus, sigalg)) {
7939 		*reason = "DNSSEC verify failed for ZONEMD RRset";
7940 		return 0;
7941 	}
7942 	auth_zone_log(z->name, VERB_ALGO, "zonemd DNSSEC verification of SOA and ZONEMD RRsets secure");
7943 	return 1;
7944 }
7945 
7946 /**
7947  * Fail the ZONEMD verification.
7948  * @param z: auth zone that fails.
7949  * @param env: environment with config, to ignore failure or not.
7950  * @param reason: failure string description.
7951  * @param why_bogus: failure string for DNSSEC verification failure.
7952  * @param result: strdup result in here if not NULL.
7953  */
7954 static void auth_zone_zonemd_fail(struct auth_zone* z, struct module_env* env,
7955 	char* reason, char* why_bogus, char** result)
7956 {
7957 	char zstr[255+1];
7958 	/* if fail: log reason, and depending on config also take action
7959 	 * and drop the zone, eg. it is gone from memory, set zone_expired */
7960 	dname_str(z->name, zstr);
7961 	if(!reason) reason = "verification failed";
7962 	if(result) {
7963 		if(why_bogus) {
7964 			char res[1024];
7965 			snprintf(res, sizeof(res), "%s: %s", reason,
7966 				why_bogus);
7967 			*result = strdup(res);
7968 		} else {
7969 			*result = strdup(reason);
7970 		}
7971 		if(!*result) log_err("out of memory");
7972 	} else {
7973 		log_warn("auth zone %s: ZONEMD verification failed: %s", zstr, reason);
7974 	}
7975 
7976 	if(env->cfg->zonemd_permissive_mode) {
7977 		verbose(VERB_ALGO, "zonemd-permissive-mode enabled, "
7978 			"not blocking zone %s", zstr);
7979 		return;
7980 	}
7981 
7982 	/* expired means the zone gives servfail and is not used by
7983 	 * lookup if fallback_enabled*/
7984 	z->zone_expired = 1;
7985 }
7986 
7987 /**
7988  * Verify the zonemd with DNSSEC and hash check, with given key.
7989  * @param z: auth zone.
7990  * @param env: environment with config and temp buffers.
7991  * @param mods: module stack with validator env for verification.
7992  * @param dnskey: dnskey that we can use, or NULL.  If nonnull, the key
7993  * 	has been verified and is the start of the chain of trust.
7994  * @param is_insecure: if true, the dnskey is not used, the zone is insecure.
7995  * 	And dnssec is not used.  It is DNSSEC secure insecure or not under
7996  * 	a trust anchor.
7997  * @param sigalg: if nonNULL provide algorithm downgrade protection.
7998  * 	Otherwise one algorithm is enough. Must have space of ALGO_NEEDS_MAX+1.
7999  * @param result: if not NULL result reason copied here.
8000  */
8001 static void
8002 auth_zone_verify_zonemd_with_key(struct auth_zone* z, struct module_env* env,
8003 	struct module_stack* mods, struct ub_packed_rrset_key* dnskey,
8004 	int is_insecure, char** result, uint8_t* sigalg)
8005 {
8006 	char* reason = NULL, *why_bogus = NULL;
8007 	struct auth_data* apex = NULL;
8008 	struct auth_rrset* zonemd_rrset = NULL;
8009 	int zonemd_absent = 0, zonemd_absence_dnssecok = 0;
8010 
8011 	/* see if ZONEMD is present or absent. */
8012 	apex = az_find_name(z, z->name, z->namelen);
8013 	if(!apex) {
8014 		zonemd_absent = 1;
8015 	} else {
8016 		zonemd_rrset = az_domain_rrset(apex, LDNS_RR_TYPE_ZONEMD);
8017 		if(!zonemd_rrset || zonemd_rrset->data->count==0) {
8018 			zonemd_absent = 1;
8019 			zonemd_rrset = NULL;
8020 		}
8021 	}
8022 
8023 	/* if no DNSSEC, done. */
8024 	/* if no ZONEMD, and DNSSEC, use DNSKEY to verify NSEC or NSEC3 for
8025 	 * zone apex.  Check ZONEMD bit is turned off or else fail */
8026 	/* if ZONEMD, and DNSSEC, check DNSSEC signature on SOA and ZONEMD,
8027 	 * or else fail */
8028 	if(!dnskey && !is_insecure) {
8029 		auth_zone_zonemd_fail(z, env, "DNSKEY missing", NULL, result);
8030 		return;
8031 	} else if(!zonemd_rrset && dnskey && !is_insecure) {
8032 		/* fetch, DNSSEC verify, and check NSEC/NSEC3 */
8033 		if(!zonemd_check_dnssec_absence(z, env, mods, dnskey, apex,
8034 			&reason, &why_bogus, sigalg)) {
8035 			auth_zone_zonemd_fail(z, env, reason, why_bogus, result);
8036 			return;
8037 		}
8038 		zonemd_absence_dnssecok = 1;
8039 	} else if(zonemd_rrset && dnskey && !is_insecure) {
8040 		/* check DNSSEC verify of SOA and ZONEMD */
8041 		if(!zonemd_check_dnssec_soazonemd(z, env, mods, dnskey, apex,
8042 			zonemd_rrset, &reason, &why_bogus, sigalg)) {
8043 			auth_zone_zonemd_fail(z, env, reason, why_bogus, result);
8044 			return;
8045 		}
8046 	}
8047 
8048 	if(zonemd_absent && z->zonemd_reject_absence) {
8049 		auth_zone_zonemd_fail(z, env, "ZONEMD absent and that is not allowed by config", NULL, result);
8050 		return;
8051 	}
8052 	if(zonemd_absent && zonemd_absence_dnssecok) {
8053 		auth_zone_log(z->name, VERB_ALGO, "DNSSEC verified nonexistence of ZONEMD");
8054 		if(result) {
8055 			*result = strdup("DNSSEC verified nonexistence of ZONEMD");
8056 			if(!*result) log_err("out of memory");
8057 		}
8058 		return;
8059 	}
8060 	if(zonemd_absent) {
8061 		auth_zone_log(z->name, VERB_ALGO, "no ZONEMD present");
8062 		if(result) {
8063 			*result = strdup("no ZONEMD present");
8064 			if(!*result) log_err("out of memory");
8065 		}
8066 		return;
8067 	}
8068 
8069 	/* check ZONEMD checksum and report or else fail. */
8070 	if(!auth_zone_zonemd_check_hash(z, env, &reason)) {
8071 		auth_zone_zonemd_fail(z, env, reason, NULL, result);
8072 		return;
8073 	}
8074 
8075 	/* success! log the success */
8076 	if(reason)
8077 		auth_zone_log(z->name, VERB_ALGO, "ZONEMD %s", reason);
8078 	else	auth_zone_log(z->name, VERB_ALGO, "ZONEMD verification successful");
8079 	if(result) {
8080 		if(reason)
8081 			*result = strdup(reason);
8082 		else	*result = strdup("ZONEMD verification successful");
8083 		if(!*result) log_err("out of memory");
8084 	}
8085 }
8086 
8087 /**
8088  * verify the zone DNSKEY rrset from the trust anchor
8089  * This is possible because the anchor is for the zone itself, and can
8090  * thus apply straight to the zone DNSKEY set.
8091  * @param z: the auth zone.
8092  * @param env: environment with time and temp buffers.
8093  * @param mods: module stack for validator environment for dnssec validation.
8094  * @param anchor: trust anchor to use
8095  * @param is_insecure: returned, true if the zone is securely insecure.
8096  * @param why_bogus: if the routine fails, returns the failure reason.
8097  * @param keystorage: where to store the ub_packed_rrset_key that is created
8098  * 	on success. A pointer to it is returned on success.
8099  * @return the dnskey RRset, reference to zone data and keystorage, or
8100  * 	NULL on failure.
8101  */
8102 static struct ub_packed_rrset_key*
8103 zonemd_get_dnskey_from_anchor(struct auth_zone* z, struct module_env* env,
8104 	struct module_stack* mods, struct trust_anchor* anchor,
8105 	int* is_insecure, char** why_bogus,
8106 	struct ub_packed_rrset_key* keystorage)
8107 {
8108 	struct auth_data* apex;
8109 	struct auth_rrset* dnskey_rrset;
8110 	enum sec_status sec;
8111 	struct val_env* ve;
8112 	int m;
8113 
8114 	apex = az_find_name(z, z->name, z->namelen);
8115 	if(!apex) {
8116 		*why_bogus = "have trust anchor, but zone has no apex domain for DNSKEY";
8117 		return 0;
8118 	}
8119 	dnskey_rrset = az_domain_rrset(apex, LDNS_RR_TYPE_DNSKEY);
8120 	if(!dnskey_rrset || dnskey_rrset->data->count==0) {
8121 		*why_bogus = "have trust anchor, but zone has no DNSKEY";
8122 		return 0;
8123 	}
8124 
8125 	m = modstack_find(mods, "validator");
8126 	if(m == -1) {
8127 		*why_bogus = "have trust anchor, but no validator module";
8128 		return 0;
8129 	}
8130 	ve = (struct val_env*)env->modinfo[m];
8131 
8132 	memset(keystorage, 0, sizeof(*keystorage));
8133 	keystorage->entry.key = keystorage;
8134 	keystorage->entry.data = dnskey_rrset->data;
8135 	keystorage->rk.dname = apex->name;
8136 	keystorage->rk.dname_len = apex->namelen;
8137 	keystorage->rk.type = htons(LDNS_RR_TYPE_DNSKEY);
8138 	keystorage->rk.rrset_class = htons(z->dclass);
8139 	auth_zone_log(z->name, VERB_QUERY,
8140 		"zonemd: verify DNSKEY RRset with trust anchor");
8141 	sec = val_verify_DNSKEY_with_TA(env, ve, keystorage, anchor->ds_rrset,
8142 		anchor->dnskey_rrset, NULL, why_bogus, NULL, NULL);
8143 	regional_free_all(env->scratch);
8144 	if(sec == sec_status_secure) {
8145 		/* success */
8146 		*is_insecure = 0;
8147 		return keystorage;
8148 	} else if(sec == sec_status_insecure) {
8149 		/* insecure */
8150 		*is_insecure = 1;
8151 	} else {
8152 		/* bogus */
8153 		*is_insecure = 0;
8154 		auth_zone_log(z->name, VERB_ALGO,
8155 			"zonemd: verify DNSKEY RRset with trust anchor failed: %s", *why_bogus);
8156 	}
8157 	return NULL;
8158 }
8159 
8160 /** verify the DNSKEY from the zone with looked up DS record */
8161 static struct ub_packed_rrset_key*
8162 auth_zone_verify_zonemd_key_with_ds(struct auth_zone* z,
8163 	struct module_env* env, struct module_stack* mods,
8164 	struct ub_packed_rrset_key* ds, int* is_insecure, char** why_bogus,
8165 	struct ub_packed_rrset_key* keystorage, uint8_t* sigalg)
8166 {
8167 	struct auth_data* apex;
8168 	struct auth_rrset* dnskey_rrset;
8169 	enum sec_status sec;
8170 	struct val_env* ve;
8171 	int m;
8172 
8173 	/* fetch DNSKEY from zone data */
8174 	apex = az_find_name(z, z->name, z->namelen);
8175 	if(!apex) {
8176 		*why_bogus = "in verifywithDS, zone has no apex";
8177 		return NULL;
8178 	}
8179 	dnskey_rrset = az_domain_rrset(apex, LDNS_RR_TYPE_DNSKEY);
8180 	if(!dnskey_rrset || dnskey_rrset->data->count==0) {
8181 		*why_bogus = "in verifywithDS, zone has no DNSKEY";
8182 		return NULL;
8183 	}
8184 
8185 	m = modstack_find(mods, "validator");
8186 	if(m == -1) {
8187 		*why_bogus = "in verifywithDS, have no validator module";
8188 		return NULL;
8189 	}
8190 	ve = (struct val_env*)env->modinfo[m];
8191 
8192 	memset(keystorage, 0, sizeof(*keystorage));
8193 	keystorage->entry.key = keystorage;
8194 	keystorage->entry.data = dnskey_rrset->data;
8195 	keystorage->rk.dname = apex->name;
8196 	keystorage->rk.dname_len = apex->namelen;
8197 	keystorage->rk.type = htons(LDNS_RR_TYPE_DNSKEY);
8198 	keystorage->rk.rrset_class = htons(z->dclass);
8199 	auth_zone_log(z->name, VERB_QUERY, "zonemd: verify zone DNSKEY with DS");
8200 	sec = val_verify_DNSKEY_with_DS(env, ve, keystorage, ds, sigalg,
8201 		why_bogus, NULL, NULL);
8202 	regional_free_all(env->scratch);
8203 	if(sec == sec_status_secure) {
8204 		/* success */
8205 		return keystorage;
8206 	} else if(sec == sec_status_insecure) {
8207 		/* insecure */
8208 		*is_insecure = 1;
8209 	} else {
8210 		/* bogus */
8211 		*is_insecure = 0;
8212 		if(*why_bogus == NULL)
8213 			*why_bogus = "verify failed";
8214 		auth_zone_log(z->name, VERB_ALGO,
8215 			"zonemd: verify DNSKEY RRset with DS failed: %s",
8216 			*why_bogus);
8217 	}
8218 	return NULL;
8219 }
8220 
8221 /** callback for ZONEMD lookup of DNSKEY */
8222 void auth_zonemd_dnskey_lookup_callback(void* arg, int rcode, sldns_buffer* buf,
8223 	enum sec_status sec, char* why_bogus, int ATTR_UNUSED(was_ratelimited))
8224 {
8225 	struct auth_zone* z = (struct auth_zone*)arg;
8226 	struct module_env* env;
8227 	char* reason = NULL, *ds_bogus = NULL, *typestr="DNSKEY";
8228 	struct ub_packed_rrset_key* dnskey = NULL, *ds = NULL;
8229 	int is_insecure = 0, downprot;
8230 	struct ub_packed_rrset_key keystorage;
8231 	uint8_t sigalg[ALGO_NEEDS_MAX+1];
8232 
8233 	lock_rw_wrlock(&z->lock);
8234 	env = z->zonemd_callback_env;
8235 	/* release the env variable so another worker can pick up the
8236 	 * ZONEMD verification task if it wants to */
8237 	z->zonemd_callback_env = NULL;
8238 	if(!env || env->outnet->want_to_quit || z->zone_deleted) {
8239 		lock_rw_unlock(&z->lock);
8240 		return; /* stop on quit */
8241 	}
8242 	if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DS)
8243 		typestr = "DS";
8244 	downprot = env->cfg->harden_algo_downgrade;
8245 
8246 	/* process result */
8247 	if(sec == sec_status_bogus) {
8248 		reason = why_bogus;
8249 		if(!reason) {
8250 			if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DNSKEY)
8251 				reason = "lookup of DNSKEY was bogus";
8252 			else	reason = "lookup of DS was bogus";
8253 		}
8254 		auth_zone_log(z->name, VERB_ALGO,
8255 			"zonemd lookup of %s was bogus: %s", typestr, reason);
8256 	} else if(rcode == LDNS_RCODE_NOERROR) {
8257 		uint16_t wanted_qtype = z->zonemd_callback_qtype;
8258 		struct regional* temp = env->scratch;
8259 		struct query_info rq;
8260 		struct reply_info* rep;
8261 		memset(&rq, 0, sizeof(rq));
8262 		rep = parse_reply_in_temp_region(buf, temp, &rq);
8263 		if(rep && rq.qtype == wanted_qtype &&
8264 			query_dname_compare(z->name, rq.qname) == 0 &&
8265 			FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NOERROR) {
8266 			/* parsed successfully */
8267 			struct ub_packed_rrset_key* answer =
8268 				reply_find_answer_rrset(&rq, rep);
8269 			if(answer && sec == sec_status_secure) {
8270 				if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DNSKEY)
8271 					dnskey = answer;
8272 				else	ds = answer;
8273 				auth_zone_log(z->name, VERB_ALGO,
8274 					"zonemd lookup of %s was secure", typestr);
8275 			} else if(sec == sec_status_secure && !answer) {
8276 				is_insecure = 1;
8277 				auth_zone_log(z->name, VERB_ALGO,
8278 					"zonemd lookup of %s has no content, but is secure, treat as insecure", typestr);
8279 			} else if(sec == sec_status_insecure) {
8280 				is_insecure = 1;
8281 				auth_zone_log(z->name, VERB_ALGO,
8282 					"zonemd lookup of %s was insecure", typestr);
8283 			} else if(sec == sec_status_indeterminate) {
8284 				is_insecure = 1;
8285 				auth_zone_log(z->name, VERB_ALGO,
8286 					"zonemd lookup of %s was indeterminate, treat as insecure", typestr);
8287 			} else {
8288 				auth_zone_log(z->name, VERB_ALGO,
8289 					"zonemd lookup of %s has nodata", typestr);
8290 				if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DNSKEY)
8291 					reason = "lookup of DNSKEY has nodata";
8292 				else	reason = "lookup of DS has nodata";
8293 			}
8294 		} else if(rep && rq.qtype == wanted_qtype &&
8295 			query_dname_compare(z->name, rq.qname) == 0 &&
8296 			FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NXDOMAIN &&
8297 			sec == sec_status_secure) {
8298 			/* secure nxdomain, so the zone is like some RPZ zone
8299 			 * that does not exist in the wider internet, with
8300 			 * a secure nxdomain answer outside of it. So we
8301 			 * treat the zonemd zone without a dnssec chain of
8302 			 * trust, as insecure. */
8303 			is_insecure = 1;
8304 			auth_zone_log(z->name, VERB_ALGO,
8305 				"zonemd lookup of %s was secure NXDOMAIN, treat as insecure", typestr);
8306 		} else if(rep && rq.qtype == wanted_qtype &&
8307 			query_dname_compare(z->name, rq.qname) == 0 &&
8308 			FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NXDOMAIN &&
8309 			sec == sec_status_insecure) {
8310 			is_insecure = 1;
8311 			auth_zone_log(z->name, VERB_ALGO,
8312 				"zonemd lookup of %s was insecure NXDOMAIN, treat as insecure", typestr);
8313 		} else if(rep && rq.qtype == wanted_qtype &&
8314 			query_dname_compare(z->name, rq.qname) == 0 &&
8315 			FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NXDOMAIN &&
8316 			sec == sec_status_indeterminate) {
8317 			is_insecure = 1;
8318 			auth_zone_log(z->name, VERB_ALGO,
8319 				"zonemd lookup of %s was indeterminate NXDOMAIN, treat as insecure", typestr);
8320 		} else {
8321 			auth_zone_log(z->name, VERB_ALGO,
8322 				"zonemd lookup of %s has no answer", typestr);
8323 			if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DNSKEY)
8324 				reason = "lookup of DNSKEY has no answer";
8325 			else	reason = "lookup of DS has no answer";
8326 		}
8327 	} else {
8328 		auth_zone_log(z->name, VERB_ALGO,
8329 			"zonemd lookup of %s failed", typestr);
8330 		if(z->zonemd_callback_qtype == LDNS_RR_TYPE_DNSKEY)
8331 			reason = "lookup of DNSKEY failed";
8332 		else	reason = "lookup of DS failed";
8333 	}
8334 
8335 	if(!reason && !is_insecure && !dnskey && ds) {
8336 		dnskey = auth_zone_verify_zonemd_key_with_ds(z, env,
8337 			&env->mesh->mods, ds, &is_insecure, &ds_bogus,
8338 			&keystorage, downprot?sigalg:NULL);
8339 		if(!dnskey && !is_insecure && !reason)
8340 			reason = "DNSKEY verify with DS failed";
8341 	}
8342 
8343 	if(reason) {
8344 		auth_zone_zonemd_fail(z, env, reason, ds_bogus, NULL);
8345 		lock_rw_unlock(&z->lock);
8346 		return;
8347 	}
8348 
8349 	auth_zone_verify_zonemd_with_key(z, env, &env->mesh->mods, dnskey,
8350 		is_insecure, NULL, downprot?sigalg:NULL);
8351 	regional_free_all(env->scratch);
8352 	lock_rw_unlock(&z->lock);
8353 }
8354 
8355 /** lookup DNSKEY for ZONEMD verification */
8356 static int
8357 zonemd_lookup_dnskey(struct auth_zone* z, struct module_env* env)
8358 {
8359 	struct query_info qinfo;
8360 	uint16_t qflags = BIT_RD;
8361 	struct edns_data edns;
8362 	sldns_buffer* buf = env->scratch_buffer;
8363 	int fetch_ds = 0;
8364 
8365 	if(!z->fallback_enabled) {
8366 		/* we cannot actually get the DNSKEY, because it is in the
8367 		 * zone we have ourselves, and it is not served yet
8368 		 * (possibly), so fetch type DS */
8369 		fetch_ds = 1;
8370 	}
8371 	if(z->zonemd_callback_env) {
8372 		/* another worker is already working on the callback
8373 		 * for the DNSKEY lookup for ZONEMD verification.
8374 		 * We do not also have to do ZONEMD verification, let that
8375 		 * worker do it */
8376 		auth_zone_log(z->name, VERB_ALGO,
8377 			"zonemd needs lookup of %s and that already is worked on by another worker", (fetch_ds?"DS":"DNSKEY"));
8378 		return 1;
8379 	}
8380 
8381 	/* use mesh_new_callback to lookup the DNSKEY,
8382 	 * and then wait for them to be looked up (in cache, or query) */
8383 	qinfo.qname_len = z->namelen;
8384 	qinfo.qname = z->name;
8385 	qinfo.qclass = z->dclass;
8386 	if(fetch_ds)
8387 		qinfo.qtype = LDNS_RR_TYPE_DS;
8388 	else	qinfo.qtype = LDNS_RR_TYPE_DNSKEY;
8389 	qinfo.local_alias = NULL;
8390 	if(verbosity >= VERB_ALGO) {
8391 		char buf1[512];
8392 		char buf2[LDNS_MAX_DOMAINLEN+1];
8393 		dname_str(z->name, buf2);
8394 		snprintf(buf1, sizeof(buf1), "auth zone %s: lookup %s "
8395 			"for zonemd verification", buf2,
8396 			(fetch_ds?"DS":"DNSKEY"));
8397 		log_query_info(VERB_ALGO, buf1, &qinfo);
8398 	}
8399 	edns.edns_present = 1;
8400 	edns.ext_rcode = 0;
8401 	edns.edns_version = 0;
8402 	edns.bits = EDNS_DO;
8403 	edns.opt_list_in = NULL;
8404 	edns.opt_list_out = NULL;
8405 	edns.opt_list_inplace_cb_out = NULL;
8406 	if(sldns_buffer_capacity(buf) < 65535)
8407 		edns.udp_size = (uint16_t)sldns_buffer_capacity(buf);
8408 	else	edns.udp_size = 65535;
8409 
8410 	/* store the worker-specific module env for the callback.
8411 	 * We can then reference this when the callback executes */
8412 	z->zonemd_callback_env = env;
8413 	z->zonemd_callback_qtype = qinfo.qtype;
8414 	/* the callback can be called straight away */
8415 	lock_rw_unlock(&z->lock);
8416 	if(!mesh_new_callback(env->mesh, &qinfo, qflags, &edns, buf, 0,
8417 		&auth_zonemd_dnskey_lookup_callback, z, 0)) {
8418 		lock_rw_wrlock(&z->lock);
8419 		log_err("out of memory lookup of %s for zonemd",
8420 			(fetch_ds?"DS":"DNSKEY"));
8421 		return 0;
8422 	}
8423 	lock_rw_wrlock(&z->lock);
8424 	return 1;
8425 }
8426 
8427 void auth_zone_verify_zonemd(struct auth_zone* z, struct module_env* env,
8428 	struct module_stack* mods, char** result, int offline, int only_online)
8429 {
8430 	char* reason = NULL, *why_bogus = NULL;
8431 	struct trust_anchor* anchor = NULL;
8432 	struct ub_packed_rrset_key* dnskey = NULL;
8433 	struct ub_packed_rrset_key keystorage;
8434 	int is_insecure = 0;
8435 	/* verify the ZONEMD if present.
8436 	 * If not present check if absence is allowed by DNSSEC */
8437 	if(!z->zonemd_check)
8438 		return;
8439 	if(z->data.count == 0)
8440 		return; /* no data */
8441 
8442 	/* if zone is under a trustanchor */
8443 	/* is it equal to trustanchor - get dnskey's verified */
8444 	/* else, find chain of trust by fetching DNSKEYs lookup for zone */
8445 	/* result if that, if insecure, means no DNSSEC for the ZONEMD,
8446 	 * otherwise we have the zone DNSKEY for the DNSSEC verification. */
8447 	if(env->anchors)
8448 		anchor = anchors_lookup(env->anchors, z->name, z->namelen,
8449 			z->dclass);
8450 	if(anchor && anchor->numDS == 0 && anchor->numDNSKEY == 0) {
8451 		/* domain-insecure trust anchor for unsigned zones */
8452 		lock_basic_unlock(&anchor->lock);
8453 		if(only_online)
8454 			return;
8455 		dnskey = NULL;
8456 		is_insecure = 1;
8457 	} else if(anchor && query_dname_compare(z->name, anchor->name) == 0) {
8458 		if(only_online) {
8459 			lock_basic_unlock(&anchor->lock);
8460 			return;
8461 		}
8462 		/* equal to trustanchor, no need for online lookups */
8463 		dnskey = zonemd_get_dnskey_from_anchor(z, env, mods, anchor,
8464 			&is_insecure, &why_bogus, &keystorage);
8465 		lock_basic_unlock(&anchor->lock);
8466 		if(!dnskey && !reason && !is_insecure) {
8467 			reason = "verify DNSKEY RRset with trust anchor failed";
8468 		}
8469 	} else if(anchor) {
8470 		lock_basic_unlock(&anchor->lock);
8471 		/* perform online lookups */
8472 		if(offline)
8473 			return;
8474 		/* setup online lookups, and wait for them */
8475 		if(zonemd_lookup_dnskey(z, env)) {
8476 			/* wait for the lookup */
8477 			return;
8478 		}
8479 		reason = "could not lookup DNSKEY for chain of trust";
8480 	} else {
8481 		/* the zone is not under a trust anchor */
8482 		if(only_online)
8483 			return;
8484 		dnskey = NULL;
8485 		is_insecure = 1;
8486 	}
8487 
8488 	if(reason) {
8489 		auth_zone_zonemd_fail(z, env, reason, why_bogus, result);
8490 		return;
8491 	}
8492 
8493 	auth_zone_verify_zonemd_with_key(z, env, mods, dnskey, is_insecure,
8494 		result, NULL);
8495 	regional_free_all(env->scratch);
8496 }
8497 
8498 void auth_zones_pickup_zonemd_verify(struct auth_zones* az,
8499 	struct module_env* env)
8500 {
8501 	struct auth_zone key;
8502 	uint8_t savezname[255+1];
8503 	size_t savezname_len;
8504 	struct auth_zone* z;
8505 	key.node.key = &key;
8506 	lock_rw_rdlock(&az->lock);
8507 	RBTREE_FOR(z, struct auth_zone*, &az->ztree) {
8508 		lock_rw_wrlock(&z->lock);
8509 		if(!z->zonemd_check) {
8510 			lock_rw_unlock(&z->lock);
8511 			continue;
8512 		}
8513 		key.dclass = z->dclass;
8514 		key.namelabs = z->namelabs;
8515 		if(z->namelen > sizeof(savezname)) {
8516 			lock_rw_unlock(&z->lock);
8517 			log_err("auth_zones_pickup_zonemd_verify: zone name too long");
8518 			continue;
8519 		}
8520 		savezname_len = z->namelen;
8521 		memmove(savezname, z->name, z->namelen);
8522 		lock_rw_unlock(&az->lock);
8523 		auth_zone_verify_zonemd(z, env, &env->mesh->mods, NULL, 0, 1);
8524 		lock_rw_unlock(&z->lock);
8525 		lock_rw_rdlock(&az->lock);
8526 		/* find the zone we had before, it is not deleted,
8527 		 * because we have a flag for that that is processed at
8528 		 * apply_cfg time */
8529 		key.namelen = savezname_len;
8530 		key.name = savezname;
8531 		z = (struct auth_zone*)rbtree_search(&az->ztree, &key);
8532 		if(!z)
8533 			break;
8534 	}
8535 	lock_rw_unlock(&az->lock);
8536 }
8537