xref: /freebsd/contrib/unbound/services/authzone.c (revision b4af4f93c682e445bf159f0d1ec90b636296c946)
1 /*
2  * services/authzone.c - authoritative zone that is locally hosted.
3  *
4  * Copyright (c) 2017, NLnet Labs. All rights reserved.
5  *
6  * This software is open source.
7  *
8  * Redistribution and use in source and binary forms, with or without
9  * modification, are permitted provided that the following conditions
10  * are met:
11  *
12  * Redistributions of source code must retain the above copyright notice,
13  * this list of conditions and the following disclaimer.
14  *
15  * Redistributions in binary form must reproduce the above copyright notice,
16  * this list of conditions and the following disclaimer in the documentation
17  * and/or other materials provided with the distribution.
18  *
19  * Neither the name of the NLNET LABS nor the names of its contributors may
20  * be used to endorse or promote products derived from this software without
21  * specific prior written permission.
22  *
23  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
24  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
25  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
26  * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
27  * HOLDER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
28  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
29  * TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
30  * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
31  * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
32  * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
33  * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
34  */
35 
36 /**
37  * \file
38  *
39  * This file contains the functions for an authority zone.  This zone
40  * is queried by the iterator, just like a stub or forward zone, but then
41  * the data is locally held.
42  */
43 
44 #include "config.h"
45 #include "services/authzone.h"
46 #include "util/data/dname.h"
47 #include "util/data/msgparse.h"
48 #include "util/data/msgreply.h"
49 #include "util/data/msgencode.h"
50 #include "util/data/packed_rrset.h"
51 #include "util/regional.h"
52 #include "util/net_help.h"
53 #include "util/netevent.h"
54 #include "util/config_file.h"
55 #include "util/log.h"
56 #include "util/module.h"
57 #include "util/random.h"
58 #include "services/cache/dns.h"
59 #include "services/outside_network.h"
60 #include "services/listen_dnsport.h"
61 #include "services/mesh.h"
62 #include "sldns/rrdef.h"
63 #include "sldns/pkthdr.h"
64 #include "sldns/sbuffer.h"
65 #include "sldns/str2wire.h"
66 #include "sldns/wire2str.h"
67 #include "sldns/parseutil.h"
68 #include "sldns/keyraw.h"
69 #include "validator/val_nsec3.h"
70 #include "validator/val_secalgo.h"
71 #include <ctype.h>
72 
73 /** bytes to use for NSEC3 hash buffer. 20 for sha1 */
74 #define N3HASHBUFLEN 32
75 /** max number of CNAMEs we are willing to follow (in one answer) */
76 #define MAX_CNAME_CHAIN 8
77 /** timeout for probe packets for SOA */
78 #define AUTH_PROBE_TIMEOUT 100 /* msec */
79 /** when to stop with SOA probes (when exponential timeouts exceed this) */
80 #define AUTH_PROBE_TIMEOUT_STOP 1000 /* msec */
81 /* auth transfer timeout for TCP connections, in msec */
82 #define AUTH_TRANSFER_TIMEOUT 10000 /* msec */
83 /* auth transfer max backoff for failed tranfers and probes */
84 #define AUTH_TRANSFER_MAX_BACKOFF 86400 /* sec */
85 /* auth http port number */
86 #define AUTH_HTTP_PORT 80
87 /* auth https port number */
88 #define AUTH_HTTPS_PORT 443
89 /* max depth for nested $INCLUDEs */
90 #define MAX_INCLUDE_DEPTH 10
91 /** number of timeouts before we fallback from IXFR to AXFR,
92  * because some versions of servers (eg. dnsmasq) drop IXFR packets. */
93 #define NUM_TIMEOUTS_FALLBACK_IXFR 3
94 
95 /** pick up nextprobe task to start waiting to perform transfer actions */
96 static void xfr_set_timeout(struct auth_xfer* xfr, struct module_env* env,
97 	int failure, int lookup_only);
98 /** move to sending the probe packets, next if fails. task_probe */
99 static void xfr_probe_send_or_end(struct auth_xfer* xfr,
100 	struct module_env* env);
101 /** pick up probe task with specified(or NULL) destination first,
102  * or transfer task if nothing to probe, or false if already in progress */
103 static int xfr_start_probe(struct auth_xfer* xfr, struct module_env* env,
104 	struct auth_master* spec);
105 /** delete xfer structure (not its tree entry) */
106 static void auth_xfer_delete(struct auth_xfer* xfr);
107 
108 /** create new dns_msg */
109 static struct dns_msg*
110 msg_create(struct regional* region, struct query_info* qinfo)
111 {
112 	struct dns_msg* msg = (struct dns_msg*)regional_alloc(region,
113 		sizeof(struct dns_msg));
114 	if(!msg)
115 		return NULL;
116 	msg->qinfo.qname = regional_alloc_init(region, qinfo->qname,
117 		qinfo->qname_len);
118 	if(!msg->qinfo.qname)
119 		return NULL;
120 	msg->qinfo.qname_len = qinfo->qname_len;
121 	msg->qinfo.qtype = qinfo->qtype;
122 	msg->qinfo.qclass = qinfo->qclass;
123 	msg->qinfo.local_alias = NULL;
124 	/* non-packed reply_info, because it needs to grow the array */
125 	msg->rep = (struct reply_info*)regional_alloc_zero(region,
126 		sizeof(struct reply_info)-sizeof(struct rrset_ref));
127 	if(!msg->rep)
128 		return NULL;
129 	msg->rep->flags = (uint16_t)(BIT_QR | BIT_AA);
130 	msg->rep->authoritative = 1;
131 	msg->rep->qdcount = 1;
132 	/* rrsets is NULL, no rrsets yet */
133 	return msg;
134 }
135 
136 /** grow rrset array by one in msg */
137 static int
138 msg_grow_array(struct regional* region, struct dns_msg* msg)
139 {
140 	if(msg->rep->rrsets == NULL) {
141 		msg->rep->rrsets = regional_alloc_zero(region,
142 			sizeof(struct ub_packed_rrset_key*)*(msg->rep->rrset_count+1));
143 		if(!msg->rep->rrsets)
144 			return 0;
145 	} else {
146 		struct ub_packed_rrset_key** rrsets_old = msg->rep->rrsets;
147 		msg->rep->rrsets = regional_alloc_zero(region,
148 			sizeof(struct ub_packed_rrset_key*)*(msg->rep->rrset_count+1));
149 		if(!msg->rep->rrsets)
150 			return 0;
151 		memmove(msg->rep->rrsets, rrsets_old,
152 			sizeof(struct ub_packed_rrset_key*)*msg->rep->rrset_count);
153 	}
154 	return 1;
155 }
156 
157 /** get ttl of rrset */
158 static time_t
159 get_rrset_ttl(struct ub_packed_rrset_key* k)
160 {
161 	struct packed_rrset_data* d = (struct packed_rrset_data*)
162 		k->entry.data;
163 	return d->ttl;
164 }
165 
166 /** Copy rrset into region from domain-datanode and packet rrset */
167 static struct ub_packed_rrset_key*
168 auth_packed_rrset_copy_region(struct auth_zone* z, struct auth_data* node,
169 	struct auth_rrset* rrset, struct regional* region, time_t adjust)
170 {
171 	struct ub_packed_rrset_key key;
172 	memset(&key, 0, sizeof(key));
173 	key.entry.key = &key;
174 	key.entry.data = rrset->data;
175 	key.rk.dname = node->name;
176 	key.rk.dname_len = node->namelen;
177 	key.rk.type = htons(rrset->type);
178 	key.rk.rrset_class = htons(z->dclass);
179 	key.entry.hash = rrset_key_hash(&key.rk);
180 	return packed_rrset_copy_region(&key, region, adjust);
181 }
182 
183 /** fix up msg->rep TTL and prefetch ttl */
184 static void
185 msg_ttl(struct dns_msg* msg)
186 {
187 	if(msg->rep->rrset_count == 0) return;
188 	if(msg->rep->rrset_count == 1) {
189 		msg->rep->ttl = get_rrset_ttl(msg->rep->rrsets[0]);
190 		msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl);
191 		msg->rep->serve_expired_ttl = msg->rep->ttl + SERVE_EXPIRED_TTL;
192 	} else if(get_rrset_ttl(msg->rep->rrsets[msg->rep->rrset_count-1]) <
193 		msg->rep->ttl) {
194 		msg->rep->ttl = get_rrset_ttl(msg->rep->rrsets[
195 			msg->rep->rrset_count-1]);
196 		msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl);
197 		msg->rep->serve_expired_ttl = msg->rep->ttl + SERVE_EXPIRED_TTL;
198 	}
199 }
200 
201 /** see if rrset is a duplicate in the answer message */
202 static int
203 msg_rrset_duplicate(struct dns_msg* msg, uint8_t* nm, size_t nmlen,
204 	uint16_t type, uint16_t dclass)
205 {
206 	size_t i;
207 	for(i=0; i<msg->rep->rrset_count; i++) {
208 		struct ub_packed_rrset_key* k = msg->rep->rrsets[i];
209 		if(ntohs(k->rk.type) == type && k->rk.dname_len == nmlen &&
210 			ntohs(k->rk.rrset_class) == dclass &&
211 			query_dname_compare(k->rk.dname, nm) == 0)
212 			return 1;
213 	}
214 	return 0;
215 }
216 
217 /** add rrset to answer section (no auth, add rrsets yet) */
218 static int
219 msg_add_rrset_an(struct auth_zone* z, struct regional* region,
220 	struct dns_msg* msg, struct auth_data* node, struct auth_rrset* rrset)
221 {
222 	log_assert(msg->rep->ns_numrrsets == 0);
223 	log_assert(msg->rep->ar_numrrsets == 0);
224 	if(!rrset || !node)
225 		return 1;
226 	if(msg_rrset_duplicate(msg, node->name, node->namelen, rrset->type,
227 		z->dclass))
228 		return 1;
229 	/* grow array */
230 	if(!msg_grow_array(region, msg))
231 		return 0;
232 	/* copy it */
233 	if(!(msg->rep->rrsets[msg->rep->rrset_count] =
234 		auth_packed_rrset_copy_region(z, node, rrset, region, 0)))
235 		return 0;
236 	msg->rep->rrset_count++;
237 	msg->rep->an_numrrsets++;
238 	msg_ttl(msg);
239 	return 1;
240 }
241 
242 /** add rrset to authority section (no additonal section rrsets yet) */
243 static int
244 msg_add_rrset_ns(struct auth_zone* z, struct regional* region,
245 	struct dns_msg* msg, struct auth_data* node, struct auth_rrset* rrset)
246 {
247 	log_assert(msg->rep->ar_numrrsets == 0);
248 	if(!rrset || !node)
249 		return 1;
250 	if(msg_rrset_duplicate(msg, node->name, node->namelen, rrset->type,
251 		z->dclass))
252 		return 1;
253 	/* grow array */
254 	if(!msg_grow_array(region, msg))
255 		return 0;
256 	/* copy it */
257 	if(!(msg->rep->rrsets[msg->rep->rrset_count] =
258 		auth_packed_rrset_copy_region(z, node, rrset, region, 0)))
259 		return 0;
260 	msg->rep->rrset_count++;
261 	msg->rep->ns_numrrsets++;
262 	msg_ttl(msg);
263 	return 1;
264 }
265 
266 /** add rrset to additional section */
267 static int
268 msg_add_rrset_ar(struct auth_zone* z, struct regional* region,
269 	struct dns_msg* msg, struct auth_data* node, struct auth_rrset* rrset)
270 {
271 	if(!rrset || !node)
272 		return 1;
273 	if(msg_rrset_duplicate(msg, node->name, node->namelen, rrset->type,
274 		z->dclass))
275 		return 1;
276 	/* grow array */
277 	if(!msg_grow_array(region, msg))
278 		return 0;
279 	/* copy it */
280 	if(!(msg->rep->rrsets[msg->rep->rrset_count] =
281 		auth_packed_rrset_copy_region(z, node, rrset, region, 0)))
282 		return 0;
283 	msg->rep->rrset_count++;
284 	msg->rep->ar_numrrsets++;
285 	msg_ttl(msg);
286 	return 1;
287 }
288 
289 struct auth_zones* auth_zones_create(void)
290 {
291 	struct auth_zones* az = (struct auth_zones*)calloc(1, sizeof(*az));
292 	if(!az) {
293 		log_err("out of memory");
294 		return NULL;
295 	}
296 	rbtree_init(&az->ztree, &auth_zone_cmp);
297 	rbtree_init(&az->xtree, &auth_xfer_cmp);
298 	lock_rw_init(&az->lock);
299 	lock_protect(&az->lock, &az->ztree, sizeof(az->ztree));
300 	lock_protect(&az->lock, &az->xtree, sizeof(az->xtree));
301 	/* also lock protects the rbnode's in struct auth_zone, auth_xfer */
302 	lock_rw_init(&az->rpz_lock);
303 	lock_protect(&az->rpz_lock, &az->rpz_first, sizeof(az->rpz_first));
304 	return az;
305 }
306 
307 int auth_zone_cmp(const void* z1, const void* z2)
308 {
309 	/* first sort on class, so that hierarchy can be maintained within
310 	 * a class */
311 	struct auth_zone* a = (struct auth_zone*)z1;
312 	struct auth_zone* b = (struct auth_zone*)z2;
313 	int m;
314 	if(a->dclass != b->dclass) {
315 		if(a->dclass < b->dclass)
316 			return -1;
317 		return 1;
318 	}
319 	/* sorted such that higher zones sort before lower zones (their
320 	 * contents) */
321 	return dname_lab_cmp(a->name, a->namelabs, b->name, b->namelabs, &m);
322 }
323 
324 int auth_data_cmp(const void* z1, const void* z2)
325 {
326 	struct auth_data* a = (struct auth_data*)z1;
327 	struct auth_data* b = (struct auth_data*)z2;
328 	int m;
329 	/* canonical sort, because DNSSEC needs that */
330 	return dname_canon_lab_cmp(a->name, a->namelabs, b->name,
331 		b->namelabs, &m);
332 }
333 
334 int auth_xfer_cmp(const void* z1, const void* z2)
335 {
336 	/* first sort on class, so that hierarchy can be maintained within
337 	 * a class */
338 	struct auth_xfer* a = (struct auth_xfer*)z1;
339 	struct auth_xfer* b = (struct auth_xfer*)z2;
340 	int m;
341 	if(a->dclass != b->dclass) {
342 		if(a->dclass < b->dclass)
343 			return -1;
344 		return 1;
345 	}
346 	/* sorted such that higher zones sort before lower zones (their
347 	 * contents) */
348 	return dname_lab_cmp(a->name, a->namelabs, b->name, b->namelabs, &m);
349 }
350 
351 /** delete auth rrset node */
352 static void
353 auth_rrset_delete(struct auth_rrset* rrset)
354 {
355 	if(!rrset) return;
356 	free(rrset->data);
357 	free(rrset);
358 }
359 
360 /** delete auth data domain node */
361 static void
362 auth_data_delete(struct auth_data* n)
363 {
364 	struct auth_rrset* p, *np;
365 	if(!n) return;
366 	p = n->rrsets;
367 	while(p) {
368 		np = p->next;
369 		auth_rrset_delete(p);
370 		p = np;
371 	}
372 	free(n->name);
373 	free(n);
374 }
375 
376 /** helper traverse to delete zones */
377 static void
378 auth_data_del(rbnode_type* n, void* ATTR_UNUSED(arg))
379 {
380 	struct auth_data* z = (struct auth_data*)n->key;
381 	auth_data_delete(z);
382 }
383 
384 /** delete an auth zone structure (tree remove must be done elsewhere) */
385 static void
386 auth_zone_delete(struct auth_zone* z, struct auth_zones* az)
387 {
388 	if(!z) return;
389 	lock_rw_destroy(&z->lock);
390 	traverse_postorder(&z->data, auth_data_del, NULL);
391 
392 	if(az && z->rpz) {
393 		/* keep RPZ linked list intact */
394 		lock_rw_wrlock(&az->rpz_lock);
395 		if(z->rpz->prev)
396 			z->rpz->prev->next = z->rpz->next;
397 		else
398 			az->rpz_first = z->rpz->next;
399 		if(z->rpz->next)
400 			z->rpz->next->prev = z->rpz->prev;
401 		lock_rw_unlock(&az->rpz_lock);
402 	}
403 	if(z->rpz)
404 		rpz_delete(z->rpz);
405 	free(z->name);
406 	free(z->zonefile);
407 	free(z);
408 }
409 
410 struct auth_zone*
411 auth_zone_create(struct auth_zones* az, uint8_t* nm, size_t nmlen,
412 	uint16_t dclass)
413 {
414 	struct auth_zone* z = (struct auth_zone*)calloc(1, sizeof(*z));
415 	if(!z) {
416 		return NULL;
417 	}
418 	z->node.key = z;
419 	z->dclass = dclass;
420 	z->namelen = nmlen;
421 	z->namelabs = dname_count_labels(nm);
422 	z->name = memdup(nm, nmlen);
423 	if(!z->name) {
424 		free(z);
425 		return NULL;
426 	}
427 	rbtree_init(&z->data, &auth_data_cmp);
428 	lock_rw_init(&z->lock);
429 	lock_protect(&z->lock, &z->name, sizeof(*z)-sizeof(rbnode_type));
430 	lock_rw_wrlock(&z->lock);
431 	/* z lock protects all, except rbtree itself, which is az->lock */
432 	if(!rbtree_insert(&az->ztree, &z->node)) {
433 		lock_rw_unlock(&z->lock);
434 		auth_zone_delete(z, NULL);
435 		log_warn("duplicate auth zone");
436 		return NULL;
437 	}
438 	return z;
439 }
440 
441 struct auth_zone*
442 auth_zone_find(struct auth_zones* az, uint8_t* nm, size_t nmlen,
443 	uint16_t dclass)
444 {
445 	struct auth_zone key;
446 	key.node.key = &key;
447 	key.dclass = dclass;
448 	key.name = nm;
449 	key.namelen = nmlen;
450 	key.namelabs = dname_count_labels(nm);
451 	return (struct auth_zone*)rbtree_search(&az->ztree, &key);
452 }
453 
454 struct auth_xfer*
455 auth_xfer_find(struct auth_zones* az, uint8_t* nm, size_t nmlen,
456 	uint16_t dclass)
457 {
458 	struct auth_xfer key;
459 	key.node.key = &key;
460 	key.dclass = dclass;
461 	key.name = nm;
462 	key.namelen = nmlen;
463 	key.namelabs = dname_count_labels(nm);
464 	return (struct auth_xfer*)rbtree_search(&az->xtree, &key);
465 }
466 
467 /** find an auth zone or sorted less-or-equal, return true if exact */
468 static int
469 auth_zone_find_less_equal(struct auth_zones* az, uint8_t* nm, size_t nmlen,
470 	uint16_t dclass, struct auth_zone** z)
471 {
472 	struct auth_zone key;
473 	key.node.key = &key;
474 	key.dclass = dclass;
475 	key.name = nm;
476 	key.namelen = nmlen;
477 	key.namelabs = dname_count_labels(nm);
478 	return rbtree_find_less_equal(&az->ztree, &key, (rbnode_type**)z);
479 }
480 
481 
482 /** find the auth zone that is above the given name */
483 struct auth_zone*
484 auth_zones_find_zone(struct auth_zones* az, uint8_t* name, size_t name_len,
485 	uint16_t dclass)
486 {
487 	uint8_t* nm = name;
488 	size_t nmlen = name_len;
489 	struct auth_zone* z;
490 	if(auth_zone_find_less_equal(az, nm, nmlen, dclass, &z)) {
491 		/* exact match */
492 		return z;
493 	} else {
494 		/* less-or-nothing */
495 		if(!z) return NULL; /* nothing smaller, nothing above it */
496 		/* we found smaller name; smaller may be above the name,
497 		 * but not below it. */
498 		nm = dname_get_shared_topdomain(z->name, name);
499 		dname_count_size_labels(nm, &nmlen);
500 		z = NULL;
501 	}
502 
503 	/* search up */
504 	while(!z) {
505 		z = auth_zone_find(az, nm, nmlen, dclass);
506 		if(z) return z;
507 		if(dname_is_root(nm)) break;
508 		dname_remove_label(&nm, &nmlen);
509 	}
510 	return NULL;
511 }
512 
513 /** find or create zone with name str. caller must have lock on az.
514  * returns a wrlocked zone */
515 static struct auth_zone*
516 auth_zones_find_or_add_zone(struct auth_zones* az, char* name)
517 {
518 	uint8_t nm[LDNS_MAX_DOMAINLEN+1];
519 	size_t nmlen = sizeof(nm);
520 	struct auth_zone* z;
521 
522 	if(sldns_str2wire_dname_buf(name, nm, &nmlen) != 0) {
523 		log_err("cannot parse auth zone name: %s", name);
524 		return 0;
525 	}
526 	z = auth_zone_find(az, nm, nmlen, LDNS_RR_CLASS_IN);
527 	if(!z) {
528 		/* not found, create the zone */
529 		z = auth_zone_create(az, nm, nmlen, LDNS_RR_CLASS_IN);
530 	} else {
531 		lock_rw_wrlock(&z->lock);
532 	}
533 	return z;
534 }
535 
536 /** find or create xfer zone with name str. caller must have lock on az.
537  * returns a locked xfer */
538 static struct auth_xfer*
539 auth_zones_find_or_add_xfer(struct auth_zones* az, struct auth_zone* z)
540 {
541 	struct auth_xfer* x;
542 	x = auth_xfer_find(az, z->name, z->namelen, z->dclass);
543 	if(!x) {
544 		/* not found, create the zone */
545 		x = auth_xfer_create(az, z);
546 	} else {
547 		lock_basic_lock(&x->lock);
548 	}
549 	return x;
550 }
551 
552 int
553 auth_zone_set_zonefile(struct auth_zone* z, char* zonefile)
554 {
555 	if(z->zonefile) free(z->zonefile);
556 	if(zonefile == NULL) {
557 		z->zonefile = NULL;
558 	} else {
559 		z->zonefile = strdup(zonefile);
560 		if(!z->zonefile) {
561 			log_err("malloc failure");
562 			return 0;
563 		}
564 	}
565 	return 1;
566 }
567 
568 /** set auth zone fallback. caller must have lock on zone */
569 int
570 auth_zone_set_fallback(struct auth_zone* z, char* fallbackstr)
571 {
572 	if(strcmp(fallbackstr, "yes") != 0 && strcmp(fallbackstr, "no") != 0){
573 		log_err("auth zone fallback, expected yes or no, got %s",
574 			fallbackstr);
575 		return 0;
576 	}
577 	z->fallback_enabled = (strcmp(fallbackstr, "yes")==0);
578 	return 1;
579 }
580 
581 /** create domain with the given name */
582 static struct auth_data*
583 az_domain_create(struct auth_zone* z, uint8_t* nm, size_t nmlen)
584 {
585 	struct auth_data* n = (struct auth_data*)malloc(sizeof(*n));
586 	if(!n) return NULL;
587 	memset(n, 0, sizeof(*n));
588 	n->node.key = n;
589 	n->name = memdup(nm, nmlen);
590 	if(!n->name) {
591 		free(n);
592 		return NULL;
593 	}
594 	n->namelen = nmlen;
595 	n->namelabs = dname_count_labels(nm);
596 	if(!rbtree_insert(&z->data, &n->node)) {
597 		log_warn("duplicate auth domain name");
598 		free(n->name);
599 		free(n);
600 		return NULL;
601 	}
602 	return n;
603 }
604 
605 /** find domain with exactly the given name */
606 static struct auth_data*
607 az_find_name(struct auth_zone* z, uint8_t* nm, size_t nmlen)
608 {
609 	struct auth_zone key;
610 	key.node.key = &key;
611 	key.name = nm;
612 	key.namelen = nmlen;
613 	key.namelabs = dname_count_labels(nm);
614 	return (struct auth_data*)rbtree_search(&z->data, &key);
615 }
616 
617 /** Find domain name (or closest match) */
618 static void
619 az_find_domain(struct auth_zone* z, struct query_info* qinfo, int* node_exact,
620 	struct auth_data** node)
621 {
622 	struct auth_zone key;
623 	key.node.key = &key;
624 	key.name = qinfo->qname;
625 	key.namelen = qinfo->qname_len;
626 	key.namelabs = dname_count_labels(key.name);
627 	*node_exact = rbtree_find_less_equal(&z->data, &key,
628 		(rbnode_type**)node);
629 }
630 
631 /** find or create domain with name in zone */
632 static struct auth_data*
633 az_domain_find_or_create(struct auth_zone* z, uint8_t* dname,
634 	size_t dname_len)
635 {
636 	struct auth_data* n = az_find_name(z, dname, dname_len);
637 	if(!n) {
638 		n = az_domain_create(z, dname, dname_len);
639 	}
640 	return n;
641 }
642 
643 /** find rrset of given type in the domain */
644 static struct auth_rrset*
645 az_domain_rrset(struct auth_data* n, uint16_t t)
646 {
647 	struct auth_rrset* rrset;
648 	if(!n) return NULL;
649 	rrset = n->rrsets;
650 	while(rrset) {
651 		if(rrset->type == t)
652 			return rrset;
653 		rrset = rrset->next;
654 	}
655 	return NULL;
656 }
657 
658 /** remove rrset of this type from domain */
659 static void
660 domain_remove_rrset(struct auth_data* node, uint16_t rr_type)
661 {
662 	struct auth_rrset* rrset, *prev;
663 	if(!node) return;
664 	prev = NULL;
665 	rrset = node->rrsets;
666 	while(rrset) {
667 		if(rrset->type == rr_type) {
668 			/* found it, now delete it */
669 			if(prev) prev->next = rrset->next;
670 			else	node->rrsets = rrset->next;
671 			auth_rrset_delete(rrset);
672 			return;
673 		}
674 		prev = rrset;
675 		rrset = rrset->next;
676 	}
677 }
678 
679 /** find an rrsig index in the rrset.  returns true if found */
680 static int
681 az_rrset_find_rrsig(struct packed_rrset_data* d, uint8_t* rdata, size_t len,
682 	size_t* index)
683 {
684 	size_t i;
685 	for(i=d->count; i<d->count + d->rrsig_count; i++) {
686 		if(d->rr_len[i] != len)
687 			continue;
688 		if(memcmp(d->rr_data[i], rdata, len) == 0) {
689 			*index = i;
690 			return 1;
691 		}
692 	}
693 	return 0;
694 }
695 
696 /** see if rdata is duplicate */
697 static int
698 rdata_duplicate(struct packed_rrset_data* d, uint8_t* rdata, size_t len)
699 {
700 	size_t i;
701 	for(i=0; i<d->count + d->rrsig_count; i++) {
702 		if(d->rr_len[i] != len)
703 			continue;
704 		if(memcmp(d->rr_data[i], rdata, len) == 0)
705 			return 1;
706 	}
707 	return 0;
708 }
709 
710 /** get rrsig type covered from rdata.
711  * @param rdata: rdata in wireformat, starting with 16bit rdlength.
712  * @param rdatalen: length of rdata buffer.
713  * @return type covered (or 0).
714  */
715 static uint16_t
716 rrsig_rdata_get_type_covered(uint8_t* rdata, size_t rdatalen)
717 {
718 	if(rdatalen < 4)
719 		return 0;
720 	return sldns_read_uint16(rdata+2);
721 }
722 
723 /** remove RR from existing RRset. Also sig, if it is a signature.
724  * reallocates the packed rrset for a new one, false on alloc failure */
725 static int
726 rrset_remove_rr(struct auth_rrset* rrset, size_t index)
727 {
728 	struct packed_rrset_data* d, *old = rrset->data;
729 	size_t i;
730 	if(index >= old->count + old->rrsig_count)
731 		return 0; /* index out of bounds */
732 	d = (struct packed_rrset_data*)calloc(1, packed_rrset_sizeof(old) - (
733 		sizeof(size_t) + sizeof(uint8_t*) + sizeof(time_t) +
734 		old->rr_len[index]));
735 	if(!d) {
736 		log_err("malloc failure");
737 		return 0;
738 	}
739 	d->ttl = old->ttl;
740 	d->count = old->count;
741 	d->rrsig_count = old->rrsig_count;
742 	if(index < d->count) d->count--;
743 	else d->rrsig_count--;
744 	d->trust = old->trust;
745 	d->security = old->security;
746 
747 	/* set rr_len, needed for ptr_fixup */
748 	d->rr_len = (size_t*)((uint8_t*)d +
749 		sizeof(struct packed_rrset_data));
750 	if(index > 0)
751 		memmove(d->rr_len, old->rr_len, (index)*sizeof(size_t));
752 	if(index+1 < old->count+old->rrsig_count)
753 		memmove(&d->rr_len[index], &old->rr_len[index+1],
754 		(old->count+old->rrsig_count - (index+1))*sizeof(size_t));
755 	packed_rrset_ptr_fixup(d);
756 
757 	/* move over ttls */
758 	if(index > 0)
759 		memmove(d->rr_ttl, old->rr_ttl, (index)*sizeof(time_t));
760 	if(index+1 < old->count+old->rrsig_count)
761 		memmove(&d->rr_ttl[index], &old->rr_ttl[index+1],
762 		(old->count+old->rrsig_count - (index+1))*sizeof(time_t));
763 
764 	/* move over rr_data */
765 	for(i=0; i<d->count+d->rrsig_count; i++) {
766 		size_t oldi;
767 		if(i < index) oldi = i;
768 		else oldi = i+1;
769 		memmove(d->rr_data[i], old->rr_data[oldi], d->rr_len[i]);
770 	}
771 
772 	/* recalc ttl (lowest of remaining RR ttls) */
773 	if(d->count + d->rrsig_count > 0)
774 		d->ttl = d->rr_ttl[0];
775 	for(i=0; i<d->count+d->rrsig_count; i++) {
776 		if(d->rr_ttl[i] < d->ttl)
777 			d->ttl = d->rr_ttl[i];
778 	}
779 
780 	free(rrset->data);
781 	rrset->data = d;
782 	return 1;
783 }
784 
785 /** add RR to existing RRset. If insert_sig is true, add to rrsigs.
786  * This reallocates the packed rrset for a new one */
787 static int
788 rrset_add_rr(struct auth_rrset* rrset, uint32_t rr_ttl, uint8_t* rdata,
789 	size_t rdatalen, int insert_sig)
790 {
791 	struct packed_rrset_data* d, *old = rrset->data;
792 	size_t total, old_total;
793 
794 	d = (struct packed_rrset_data*)calloc(1, packed_rrset_sizeof(old)
795 		+ sizeof(size_t) + sizeof(uint8_t*) + sizeof(time_t)
796 		+ rdatalen);
797 	if(!d) {
798 		log_err("out of memory");
799 		return 0;
800 	}
801 	/* copy base values */
802 	memcpy(d, old, sizeof(struct packed_rrset_data));
803 	if(!insert_sig) {
804 		d->count++;
805 	} else {
806 		d->rrsig_count++;
807 	}
808 	old_total = old->count + old->rrsig_count;
809 	total = d->count + d->rrsig_count;
810 	/* set rr_len, needed for ptr_fixup */
811 	d->rr_len = (size_t*)((uint8_t*)d +
812 		sizeof(struct packed_rrset_data));
813 	if(old->count != 0)
814 		memmove(d->rr_len, old->rr_len, old->count*sizeof(size_t));
815 	if(old->rrsig_count != 0)
816 		memmove(d->rr_len+d->count, old->rr_len+old->count,
817 			old->rrsig_count*sizeof(size_t));
818 	if(!insert_sig)
819 		d->rr_len[d->count-1] = rdatalen;
820 	else	d->rr_len[total-1] = rdatalen;
821 	packed_rrset_ptr_fixup(d);
822 	if((time_t)rr_ttl < d->ttl)
823 		d->ttl = rr_ttl;
824 
825 	/* copy old values into new array */
826 	if(old->count != 0) {
827 		memmove(d->rr_ttl, old->rr_ttl, old->count*sizeof(time_t));
828 		/* all the old rr pieces are allocated sequential, so we
829 		 * can copy them in one go */
830 		memmove(d->rr_data[0], old->rr_data[0],
831 			(old->rr_data[old->count-1] - old->rr_data[0]) +
832 			old->rr_len[old->count-1]);
833 	}
834 	if(old->rrsig_count != 0) {
835 		memmove(d->rr_ttl+d->count, old->rr_ttl+old->count,
836 			old->rrsig_count*sizeof(time_t));
837 		memmove(d->rr_data[d->count], old->rr_data[old->count],
838 			(old->rr_data[old_total-1] - old->rr_data[old->count]) +
839 			old->rr_len[old_total-1]);
840 	}
841 
842 	/* insert new value */
843 	if(!insert_sig) {
844 		d->rr_ttl[d->count-1] = rr_ttl;
845 		memmove(d->rr_data[d->count-1], rdata, rdatalen);
846 	} else {
847 		d->rr_ttl[total-1] = rr_ttl;
848 		memmove(d->rr_data[total-1], rdata, rdatalen);
849 	}
850 
851 	rrset->data = d;
852 	free(old);
853 	return 1;
854 }
855 
856 /** Create new rrset for node with packed rrset with one RR element */
857 static struct auth_rrset*
858 rrset_create(struct auth_data* node, uint16_t rr_type, uint32_t rr_ttl,
859 	uint8_t* rdata, size_t rdatalen)
860 {
861 	struct auth_rrset* rrset = (struct auth_rrset*)calloc(1,
862 		sizeof(*rrset));
863 	struct auth_rrset* p, *prev;
864 	struct packed_rrset_data* d;
865 	if(!rrset) {
866 		log_err("out of memory");
867 		return NULL;
868 	}
869 	rrset->type = rr_type;
870 
871 	/* the rrset data structure, with one RR */
872 	d = (struct packed_rrset_data*)calloc(1,
873 		sizeof(struct packed_rrset_data) + sizeof(size_t) +
874 		sizeof(uint8_t*) + sizeof(time_t) + rdatalen);
875 	if(!d) {
876 		free(rrset);
877 		log_err("out of memory");
878 		return NULL;
879 	}
880 	rrset->data = d;
881 	d->ttl = rr_ttl;
882 	d->trust = rrset_trust_prim_noglue;
883 	d->rr_len = (size_t*)((uint8_t*)d + sizeof(struct packed_rrset_data));
884 	d->rr_data = (uint8_t**)&(d->rr_len[1]);
885 	d->rr_ttl = (time_t*)&(d->rr_data[1]);
886 	d->rr_data[0] = (uint8_t*)&(d->rr_ttl[1]);
887 
888 	/* insert the RR */
889 	d->rr_len[0] = rdatalen;
890 	d->rr_ttl[0] = rr_ttl;
891 	memmove(d->rr_data[0], rdata, rdatalen);
892 	d->count++;
893 
894 	/* insert rrset into linked list for domain */
895 	/* find sorted place to link the rrset into the list */
896 	prev = NULL;
897 	p = node->rrsets;
898 	while(p && p->type<=rr_type) {
899 		prev = p;
900 		p = p->next;
901 	}
902 	/* so, prev is smaller, and p is larger than rr_type */
903 	rrset->next = p;
904 	if(prev) prev->next = rrset;
905 	else node->rrsets = rrset;
906 	return rrset;
907 }
908 
909 /** count number (and size) of rrsigs that cover a type */
910 static size_t
911 rrsig_num_that_cover(struct auth_rrset* rrsig, uint16_t rr_type, size_t* sigsz)
912 {
913 	struct packed_rrset_data* d = rrsig->data;
914 	size_t i, num = 0;
915 	*sigsz = 0;
916 	log_assert(d && rrsig->type == LDNS_RR_TYPE_RRSIG);
917 	for(i=0; i<d->count+d->rrsig_count; i++) {
918 		if(rrsig_rdata_get_type_covered(d->rr_data[i],
919 			d->rr_len[i]) == rr_type) {
920 			num++;
921 			(*sigsz) += d->rr_len[i];
922 		}
923 	}
924 	return num;
925 }
926 
927 /** See if rrsig set has covered sigs for rrset and move them over */
928 static int
929 rrset_moveover_rrsigs(struct auth_data* node, uint16_t rr_type,
930 	struct auth_rrset* rrset, struct auth_rrset* rrsig)
931 {
932 	size_t sigs, sigsz, i, j, total;
933 	struct packed_rrset_data* sigold = rrsig->data;
934 	struct packed_rrset_data* old = rrset->data;
935 	struct packed_rrset_data* d, *sigd;
936 
937 	log_assert(rrset->type == rr_type);
938 	log_assert(rrsig->type == LDNS_RR_TYPE_RRSIG);
939 	sigs = rrsig_num_that_cover(rrsig, rr_type, &sigsz);
940 	if(sigs == 0) {
941 		/* 0 rrsigs to move over, done */
942 		return 1;
943 	}
944 
945 	/* allocate rrset sigsz larger for extra sigs elements, and
946 	 * allocate rrsig sigsz smaller for less sigs elements. */
947 	d = (struct packed_rrset_data*)calloc(1, packed_rrset_sizeof(old)
948 		+ sigs*(sizeof(size_t) + sizeof(uint8_t*) + sizeof(time_t))
949 		+ sigsz);
950 	if(!d) {
951 		log_err("out of memory");
952 		return 0;
953 	}
954 	/* copy base values */
955 	total = old->count + old->rrsig_count;
956 	memcpy(d, old, sizeof(struct packed_rrset_data));
957 	d->rrsig_count += sigs;
958 	/* setup rr_len */
959 	d->rr_len = (size_t*)((uint8_t*)d +
960 		sizeof(struct packed_rrset_data));
961 	if(total != 0)
962 		memmove(d->rr_len, old->rr_len, total*sizeof(size_t));
963 	j = d->count+d->rrsig_count-sigs;
964 	for(i=0; i<sigold->count+sigold->rrsig_count; i++) {
965 		if(rrsig_rdata_get_type_covered(sigold->rr_data[i],
966 			sigold->rr_len[i]) == rr_type) {
967 			d->rr_len[j] = sigold->rr_len[i];
968 			j++;
969 		}
970 	}
971 	packed_rrset_ptr_fixup(d);
972 
973 	/* copy old values into new array */
974 	if(total != 0) {
975 		memmove(d->rr_ttl, old->rr_ttl, total*sizeof(time_t));
976 		/* all the old rr pieces are allocated sequential, so we
977 		 * can copy them in one go */
978 		memmove(d->rr_data[0], old->rr_data[0],
979 			(old->rr_data[total-1] - old->rr_data[0]) +
980 			old->rr_len[total-1]);
981 	}
982 
983 	/* move over the rrsigs to the larger rrset*/
984 	j = d->count+d->rrsig_count-sigs;
985 	for(i=0; i<sigold->count+sigold->rrsig_count; i++) {
986 		if(rrsig_rdata_get_type_covered(sigold->rr_data[i],
987 			sigold->rr_len[i]) == rr_type) {
988 			/* move this one over to location j */
989 			d->rr_ttl[j] = sigold->rr_ttl[i];
990 			memmove(d->rr_data[j], sigold->rr_data[i],
991 				sigold->rr_len[i]);
992 			if(d->rr_ttl[j] < d->ttl)
993 				d->ttl = d->rr_ttl[j];
994 			j++;
995 		}
996 	}
997 
998 	/* put it in and deallocate the old rrset */
999 	rrset->data = d;
1000 	free(old);
1001 
1002 	/* now make rrsig set smaller */
1003 	if(sigold->count+sigold->rrsig_count == sigs) {
1004 		/* remove all sigs from rrsig, remove it entirely */
1005 		domain_remove_rrset(node, LDNS_RR_TYPE_RRSIG);
1006 		return 1;
1007 	}
1008 	log_assert(packed_rrset_sizeof(sigold) > sigs*(sizeof(size_t) +
1009 		sizeof(uint8_t*) + sizeof(time_t)) + sigsz);
1010 	sigd = (struct packed_rrset_data*)calloc(1, packed_rrset_sizeof(sigold)
1011 		- sigs*(sizeof(size_t) + sizeof(uint8_t*) + sizeof(time_t))
1012 		- sigsz);
1013 	if(!sigd) {
1014 		/* no need to free up d, it has already been placed in the
1015 		 * node->rrset structure */
1016 		log_err("out of memory");
1017 		return 0;
1018 	}
1019 	/* copy base values */
1020 	memcpy(sigd, sigold, sizeof(struct packed_rrset_data));
1021 	/* in sigd the RRSIGs are stored in the base of the RR, in count */
1022 	sigd->count -= sigs;
1023 	/* setup rr_len */
1024 	sigd->rr_len = (size_t*)((uint8_t*)sigd +
1025 		sizeof(struct packed_rrset_data));
1026 	j = 0;
1027 	for(i=0; i<sigold->count+sigold->rrsig_count; i++) {
1028 		if(rrsig_rdata_get_type_covered(sigold->rr_data[i],
1029 			sigold->rr_len[i]) != rr_type) {
1030 			sigd->rr_len[j] = sigold->rr_len[i];
1031 			j++;
1032 		}
1033 	}
1034 	packed_rrset_ptr_fixup(sigd);
1035 
1036 	/* copy old values into new rrsig array */
1037 	j = 0;
1038 	for(i=0; i<sigold->count+sigold->rrsig_count; i++) {
1039 		if(rrsig_rdata_get_type_covered(sigold->rr_data[i],
1040 			sigold->rr_len[i]) != rr_type) {
1041 			/* move this one over to location j */
1042 			sigd->rr_ttl[j] = sigold->rr_ttl[i];
1043 			memmove(sigd->rr_data[j], sigold->rr_data[i],
1044 				sigold->rr_len[i]);
1045 			if(j==0) sigd->ttl = sigd->rr_ttl[j];
1046 			else {
1047 				if(sigd->rr_ttl[j] < sigd->ttl)
1048 					sigd->ttl = sigd->rr_ttl[j];
1049 			}
1050 			j++;
1051 		}
1052 	}
1053 
1054 	/* put it in and deallocate the old rrset */
1055 	rrsig->data = sigd;
1056 	free(sigold);
1057 
1058 	return 1;
1059 }
1060 
1061 /** copy the rrsigs from the rrset to the rrsig rrset, because the rrset
1062  * is going to be deleted.  reallocates the RRSIG rrset data. */
1063 static int
1064 rrsigs_copy_from_rrset_to_rrsigset(struct auth_rrset* rrset,
1065 	struct auth_rrset* rrsigset)
1066 {
1067 	size_t i;
1068 	if(rrset->data->rrsig_count == 0)
1069 		return 1;
1070 
1071 	/* move them over one by one, because there might be duplicates,
1072 	 * duplicates are ignored */
1073 	for(i=rrset->data->count;
1074 		i<rrset->data->count+rrset->data->rrsig_count; i++) {
1075 		uint8_t* rdata = rrset->data->rr_data[i];
1076 		size_t rdatalen = rrset->data->rr_len[i];
1077 		time_t rr_ttl  = rrset->data->rr_ttl[i];
1078 
1079 		if(rdata_duplicate(rrsigset->data, rdata, rdatalen)) {
1080 			continue;
1081 		}
1082 		if(!rrset_add_rr(rrsigset, rr_ttl, rdata, rdatalen, 0))
1083 			return 0;
1084 	}
1085 	return 1;
1086 }
1087 
1088 /** Add rr to node, ignores duplicate RRs,
1089  * rdata points to buffer with rdatalen octets, starts with 2bytelength. */
1090 static int
1091 az_domain_add_rr(struct auth_data* node, uint16_t rr_type, uint32_t rr_ttl,
1092 	uint8_t* rdata, size_t rdatalen, int* duplicate)
1093 {
1094 	struct auth_rrset* rrset;
1095 	/* packed rrsets have their rrsigs along with them, sort them out */
1096 	if(rr_type == LDNS_RR_TYPE_RRSIG) {
1097 		uint16_t ctype = rrsig_rdata_get_type_covered(rdata, rdatalen);
1098 		if((rrset=az_domain_rrset(node, ctype))!= NULL) {
1099 			/* a node of the correct type exists, add the RRSIG
1100 			 * to the rrset of the covered data type */
1101 			if(rdata_duplicate(rrset->data, rdata, rdatalen)) {
1102 				if(duplicate) *duplicate = 1;
1103 				return 1;
1104 			}
1105 			if(!rrset_add_rr(rrset, rr_ttl, rdata, rdatalen, 1))
1106 				return 0;
1107 		} else if((rrset=az_domain_rrset(node, rr_type))!= NULL) {
1108 			/* add RRSIG to rrset of type RRSIG */
1109 			if(rdata_duplicate(rrset->data, rdata, rdatalen)) {
1110 				if(duplicate) *duplicate = 1;
1111 				return 1;
1112 			}
1113 			if(!rrset_add_rr(rrset, rr_ttl, rdata, rdatalen, 0))
1114 				return 0;
1115 		} else {
1116 			/* create rrset of type RRSIG */
1117 			if(!rrset_create(node, rr_type, rr_ttl, rdata,
1118 				rdatalen))
1119 				return 0;
1120 		}
1121 	} else {
1122 		/* normal RR type */
1123 		if((rrset=az_domain_rrset(node, rr_type))!= NULL) {
1124 			/* add data to existing node with data type */
1125 			if(rdata_duplicate(rrset->data, rdata, rdatalen)) {
1126 				if(duplicate) *duplicate = 1;
1127 				return 1;
1128 			}
1129 			if(!rrset_add_rr(rrset, rr_ttl, rdata, rdatalen, 0))
1130 				return 0;
1131 		} else {
1132 			struct auth_rrset* rrsig;
1133 			/* create new node with data type */
1134 			if(!(rrset=rrset_create(node, rr_type, rr_ttl, rdata,
1135 				rdatalen)))
1136 				return 0;
1137 
1138 			/* see if node of type RRSIG has signatures that
1139 			 * cover the data type, and move them over */
1140 			/* and then make the RRSIG type smaller */
1141 			if((rrsig=az_domain_rrset(node, LDNS_RR_TYPE_RRSIG))
1142 				!= NULL) {
1143 				if(!rrset_moveover_rrsigs(node, rr_type,
1144 					rrset, rrsig))
1145 					return 0;
1146 			}
1147 		}
1148 	}
1149 	return 1;
1150 }
1151 
1152 /** insert RR into zone, ignore duplicates */
1153 static int
1154 az_insert_rr(struct auth_zone* z, uint8_t* rr, size_t rr_len,
1155 	size_t dname_len, int* duplicate)
1156 {
1157 	struct auth_data* node;
1158 	uint8_t* dname = rr;
1159 	uint16_t rr_type = sldns_wirerr_get_type(rr, rr_len, dname_len);
1160 	uint16_t rr_class = sldns_wirerr_get_class(rr, rr_len, dname_len);
1161 	uint32_t rr_ttl = sldns_wirerr_get_ttl(rr, rr_len, dname_len);
1162 	size_t rdatalen = ((size_t)sldns_wirerr_get_rdatalen(rr, rr_len,
1163 		dname_len))+2;
1164 	/* rdata points to rdata prefixed with uint16 rdatalength */
1165 	uint8_t* rdata = sldns_wirerr_get_rdatawl(rr, rr_len, dname_len);
1166 
1167 	if(rr_class != z->dclass) {
1168 		log_err("wrong class for RR");
1169 		return 0;
1170 	}
1171 	if(!(node=az_domain_find_or_create(z, dname, dname_len))) {
1172 		log_err("cannot create domain");
1173 		return 0;
1174 	}
1175 	if(!az_domain_add_rr(node, rr_type, rr_ttl, rdata, rdatalen,
1176 		duplicate)) {
1177 		log_err("cannot add RR to domain");
1178 		return 0;
1179 	}
1180 	if(z->rpz) {
1181 		if(!(rpz_insert_rr(z->rpz, z->namelen, dname, dname_len,
1182 			rr_type, rr_class, rr_ttl, rdata, rdatalen, rr,
1183 			rr_len)))
1184 			return 0;
1185 	}
1186 	return 1;
1187 }
1188 
1189 /** Remove rr from node, ignores nonexisting RRs,
1190  * rdata points to buffer with rdatalen octets, starts with 2bytelength. */
1191 static int
1192 az_domain_remove_rr(struct auth_data* node, uint16_t rr_type,
1193 	uint8_t* rdata, size_t rdatalen, int* nonexist)
1194 {
1195 	struct auth_rrset* rrset;
1196 	size_t index = 0;
1197 
1198 	/* find the plain RR of the given type */
1199 	if((rrset=az_domain_rrset(node, rr_type))!= NULL) {
1200 		if(packed_rrset_find_rr(rrset->data, rdata, rdatalen, &index)) {
1201 			if(rrset->data->count == 1 &&
1202 				rrset->data->rrsig_count == 0) {
1203 				/* last RR, delete the rrset */
1204 				domain_remove_rrset(node, rr_type);
1205 			} else if(rrset->data->count == 1 &&
1206 				rrset->data->rrsig_count != 0) {
1207 				/* move RRSIGs to the RRSIG rrset, or
1208 				 * this one becomes that RRset */
1209 				struct auth_rrset* rrsigset = az_domain_rrset(
1210 					node, LDNS_RR_TYPE_RRSIG);
1211 				if(rrsigset) {
1212 					/* move left over rrsigs to the
1213 					 * existing rrset of type RRSIG */
1214 					rrsigs_copy_from_rrset_to_rrsigset(
1215 						rrset, rrsigset);
1216 					/* and then delete the rrset */
1217 					domain_remove_rrset(node, rr_type);
1218 				} else {
1219 					/* no rrset of type RRSIG, this
1220 					 * set is now of that type,
1221 					 * just remove the rr */
1222 					if(!rrset_remove_rr(rrset, index))
1223 						return 0;
1224 					rrset->type = LDNS_RR_TYPE_RRSIG;
1225 					rrset->data->count = rrset->data->rrsig_count;
1226 					rrset->data->rrsig_count = 0;
1227 				}
1228 			} else {
1229 				/* remove the RR from the rrset */
1230 				if(!rrset_remove_rr(rrset, index))
1231 					return 0;
1232 			}
1233 			return 1;
1234 		}
1235 		/* rr not found in rrset */
1236 	}
1237 
1238 	/* is it a type RRSIG, look under the covered type */
1239 	if(rr_type == LDNS_RR_TYPE_RRSIG) {
1240 		uint16_t ctype = rrsig_rdata_get_type_covered(rdata, rdatalen);
1241 		if((rrset=az_domain_rrset(node, ctype))!= NULL) {
1242 			if(az_rrset_find_rrsig(rrset->data, rdata, rdatalen,
1243 				&index)) {
1244 				/* rrsig should have d->count > 0, be
1245 				 * over some rr of that type */
1246 				/* remove the rrsig from the rrsigs list of the
1247 				 * rrset */
1248 				if(!rrset_remove_rr(rrset, index))
1249 					return 0;
1250 				return 1;
1251 			}
1252 		}
1253 		/* also RRSIG not found */
1254 	}
1255 
1256 	/* nothing found to delete */
1257 	if(nonexist) *nonexist = 1;
1258 	return 1;
1259 }
1260 
1261 /** remove RR from zone, ignore if it does not exist, false on alloc failure*/
1262 static int
1263 az_remove_rr(struct auth_zone* z, uint8_t* rr, size_t rr_len,
1264 	size_t dname_len, int* nonexist)
1265 {
1266 	struct auth_data* node;
1267 	uint8_t* dname = rr;
1268 	uint16_t rr_type = sldns_wirerr_get_type(rr, rr_len, dname_len);
1269 	uint16_t rr_class = sldns_wirerr_get_class(rr, rr_len, dname_len);
1270 	size_t rdatalen = ((size_t)sldns_wirerr_get_rdatalen(rr, rr_len,
1271 		dname_len))+2;
1272 	/* rdata points to rdata prefixed with uint16 rdatalength */
1273 	uint8_t* rdata = sldns_wirerr_get_rdatawl(rr, rr_len, dname_len);
1274 
1275 	if(rr_class != z->dclass) {
1276 		log_err("wrong class for RR");
1277 		/* really also a nonexisting entry, because no records
1278 		 * of that class in the zone, but return an error because
1279 		 * getting records of the wrong class is a failure of the
1280 		 * zone transfer */
1281 		return 0;
1282 	}
1283 	node = az_find_name(z, dname, dname_len);
1284 	if(!node) {
1285 		/* node with that name does not exist */
1286 		/* nonexisting entry, because no such name */
1287 		*nonexist = 1;
1288 		return 1;
1289 	}
1290 	if(!az_domain_remove_rr(node, rr_type, rdata, rdatalen, nonexist)) {
1291 		/* alloc failure or so */
1292 		return 0;
1293 	}
1294 	/* remove the node, if necessary */
1295 	/* an rrsets==NULL entry is not kept around for empty nonterminals,
1296 	 * and also parent nodes are not kept around, so we just delete it */
1297 	if(node->rrsets == NULL) {
1298 		(void)rbtree_delete(&z->data, node);
1299 		auth_data_delete(node);
1300 	}
1301 	if(z->rpz) {
1302 		rpz_remove_rr(z->rpz, z->namelen, dname, dname_len, rr_type,
1303 			rr_class, rdata, rdatalen);
1304 	}
1305 	return 1;
1306 }
1307 
1308 /** decompress an RR into the buffer where it'll be an uncompressed RR
1309  * with uncompressed dname and uncompressed rdata (dnames) */
1310 static int
1311 decompress_rr_into_buffer(struct sldns_buffer* buf, uint8_t* pkt,
1312 	size_t pktlen, uint8_t* dname, uint16_t rr_type, uint16_t rr_class,
1313 	uint32_t rr_ttl, uint8_t* rr_data, uint16_t rr_rdlen)
1314 {
1315 	sldns_buffer pktbuf;
1316 	size_t dname_len = 0;
1317 	size_t rdlenpos;
1318 	size_t rdlen;
1319 	uint8_t* rd;
1320 	const sldns_rr_descriptor* desc;
1321 	sldns_buffer_init_frm_data(&pktbuf, pkt, pktlen);
1322 	sldns_buffer_clear(buf);
1323 
1324 	/* decompress dname */
1325 	sldns_buffer_set_position(&pktbuf,
1326 		(size_t)(dname - sldns_buffer_current(&pktbuf)));
1327 	dname_len = pkt_dname_len(&pktbuf);
1328 	if(dname_len == 0) return 0; /* parse fail on dname */
1329 	if(!sldns_buffer_available(buf, dname_len)) return 0;
1330 	dname_pkt_copy(&pktbuf, sldns_buffer_current(buf), dname);
1331 	sldns_buffer_skip(buf, (ssize_t)dname_len);
1332 
1333 	/* type, class, ttl and rdatalength fields */
1334 	if(!sldns_buffer_available(buf, 10)) return 0;
1335 	sldns_buffer_write_u16(buf, rr_type);
1336 	sldns_buffer_write_u16(buf, rr_class);
1337 	sldns_buffer_write_u32(buf, rr_ttl);
1338 	rdlenpos = sldns_buffer_position(buf);
1339 	sldns_buffer_write_u16(buf, 0); /* rd length position */
1340 
1341 	/* decompress rdata */
1342 	desc = sldns_rr_descript(rr_type);
1343 	rd = rr_data;
1344 	rdlen = rr_rdlen;
1345 	if(rdlen > 0 && desc && desc->_dname_count > 0) {
1346 		int count = (int)desc->_dname_count;
1347 		int rdf = 0;
1348 		size_t len; /* how much rdata to plain copy */
1349 		size_t uncompressed_len, compressed_len;
1350 		size_t oldpos;
1351 		/* decompress dnames. */
1352 		while(rdlen > 0 && count) {
1353 			switch(desc->_wireformat[rdf]) {
1354 			case LDNS_RDF_TYPE_DNAME:
1355 				sldns_buffer_set_position(&pktbuf,
1356 					(size_t)(rd -
1357 					sldns_buffer_begin(&pktbuf)));
1358 				oldpos = sldns_buffer_position(&pktbuf);
1359 				/* moves pktbuf to right after the
1360 				 * compressed dname, and returns uncompressed
1361 				 * dname length */
1362 				uncompressed_len = pkt_dname_len(&pktbuf);
1363 				if(!uncompressed_len)
1364 					return 0; /* parse error in dname */
1365 				if(!sldns_buffer_available(buf,
1366 					uncompressed_len))
1367 					/* dname too long for buffer */
1368 					return 0;
1369 				dname_pkt_copy(&pktbuf,
1370 					sldns_buffer_current(buf), rd);
1371 				sldns_buffer_skip(buf, (ssize_t)uncompressed_len);
1372 				compressed_len = sldns_buffer_position(
1373 					&pktbuf) - oldpos;
1374 				rd += compressed_len;
1375 				rdlen -= compressed_len;
1376 				count--;
1377 				len = 0;
1378 				break;
1379 			case LDNS_RDF_TYPE_STR:
1380 				len = rd[0] + 1;
1381 				break;
1382 			default:
1383 				len = get_rdf_size(desc->_wireformat[rdf]);
1384 				break;
1385 			}
1386 			if(len) {
1387 				if(!sldns_buffer_available(buf, len))
1388 					return 0; /* too long for buffer */
1389 				sldns_buffer_write(buf, rd, len);
1390 				rd += len;
1391 				rdlen -= len;
1392 			}
1393 			rdf++;
1394 		}
1395 	}
1396 	/* copy remaining data */
1397 	if(rdlen > 0) {
1398 		if(!sldns_buffer_available(buf, rdlen)) return 0;
1399 		sldns_buffer_write(buf, rd, rdlen);
1400 	}
1401 	/* fixup rdlength */
1402 	sldns_buffer_write_u16_at(buf, rdlenpos,
1403 		sldns_buffer_position(buf)-rdlenpos-2);
1404 	sldns_buffer_flip(buf);
1405 	return 1;
1406 }
1407 
1408 /** insert RR into zone, from packet, decompress RR,
1409  * if duplicate is nonNULL set the flag but otherwise ignore duplicates */
1410 static int
1411 az_insert_rr_decompress(struct auth_zone* z, uint8_t* pkt, size_t pktlen,
1412 	struct sldns_buffer* scratch_buffer, uint8_t* dname, uint16_t rr_type,
1413 	uint16_t rr_class, uint32_t rr_ttl, uint8_t* rr_data,
1414 	uint16_t rr_rdlen, int* duplicate)
1415 {
1416 	uint8_t* rr;
1417 	size_t rr_len;
1418 	size_t dname_len;
1419 	if(!decompress_rr_into_buffer(scratch_buffer, pkt, pktlen, dname,
1420 		rr_type, rr_class, rr_ttl, rr_data, rr_rdlen)) {
1421 		log_err("could not decompress RR");
1422 		return 0;
1423 	}
1424 	rr = sldns_buffer_begin(scratch_buffer);
1425 	rr_len = sldns_buffer_limit(scratch_buffer);
1426 	dname_len = dname_valid(rr, rr_len);
1427 	return az_insert_rr(z, rr, rr_len, dname_len, duplicate);
1428 }
1429 
1430 /** remove RR from zone, from packet, decompress RR,
1431  * if nonexist is nonNULL set the flag but otherwise ignore nonexisting entries*/
1432 static int
1433 az_remove_rr_decompress(struct auth_zone* z, uint8_t* pkt, size_t pktlen,
1434 	struct sldns_buffer* scratch_buffer, uint8_t* dname, uint16_t rr_type,
1435 	uint16_t rr_class, uint32_t rr_ttl, uint8_t* rr_data,
1436 	uint16_t rr_rdlen, int* nonexist)
1437 {
1438 	uint8_t* rr;
1439 	size_t rr_len;
1440 	size_t dname_len;
1441 	if(!decompress_rr_into_buffer(scratch_buffer, pkt, pktlen, dname,
1442 		rr_type, rr_class, rr_ttl, rr_data, rr_rdlen)) {
1443 		log_err("could not decompress RR");
1444 		return 0;
1445 	}
1446 	rr = sldns_buffer_begin(scratch_buffer);
1447 	rr_len = sldns_buffer_limit(scratch_buffer);
1448 	dname_len = dname_valid(rr, rr_len);
1449 	return az_remove_rr(z, rr, rr_len, dname_len, nonexist);
1450 }
1451 
1452 /**
1453  * Parse zonefile
1454  * @param z: zone to read in.
1455  * @param in: file to read from (just opened).
1456  * @param rr: buffer to use for RRs, 64k.
1457  *	passed so that recursive includes can use the same buffer and do
1458  *	not grow the stack too much.
1459  * @param rrbuflen: sizeof rr buffer.
1460  * @param state: parse state with $ORIGIN, $TTL and 'prev-dname' and so on,
1461  *	that is kept between includes.
1462  *	The lineno is set at 1 and then increased by the function.
1463  * @param fname: file name.
1464  * @param depth: recursion depth for includes
1465  * @param cfg: config for chroot.
1466  * returns false on failure, has printed an error message
1467  */
1468 static int
1469 az_parse_file(struct auth_zone* z, FILE* in, uint8_t* rr, size_t rrbuflen,
1470 	struct sldns_file_parse_state* state, char* fname, int depth,
1471 	struct config_file* cfg)
1472 {
1473 	size_t rr_len, dname_len;
1474 	int status;
1475 	state->lineno = 1;
1476 
1477 	while(!feof(in)) {
1478 		rr_len = rrbuflen;
1479 		dname_len = 0;
1480 		status = sldns_fp2wire_rr_buf(in, rr, &rr_len, &dname_len,
1481 			state);
1482 		if(status == LDNS_WIREPARSE_ERR_INCLUDE && rr_len == 0) {
1483 			/* we have $INCLUDE or $something */
1484 			if(strncmp((char*)rr, "$INCLUDE ", 9) == 0 ||
1485 			   strncmp((char*)rr, "$INCLUDE\t", 9) == 0) {
1486 				FILE* inc;
1487 				int lineno_orig = state->lineno;
1488 				char* incfile = (char*)rr + 8;
1489 				if(depth > MAX_INCLUDE_DEPTH) {
1490 					log_err("%s:%d max include depth"
1491 					  "exceeded", fname, state->lineno);
1492 					return 0;
1493 				}
1494 				/* skip spaces */
1495 				while(*incfile == ' ' || *incfile == '\t')
1496 					incfile++;
1497 				/* adjust for chroot on include file */
1498 				if(cfg->chrootdir && cfg->chrootdir[0] &&
1499 					strncmp(incfile, cfg->chrootdir,
1500 						strlen(cfg->chrootdir)) == 0)
1501 					incfile += strlen(cfg->chrootdir);
1502 				incfile = strdup(incfile);
1503 				if(!incfile) {
1504 					log_err("malloc failure");
1505 					return 0;
1506 				}
1507 				verbose(VERB_ALGO, "opening $INCLUDE %s",
1508 					incfile);
1509 				inc = fopen(incfile, "r");
1510 				if(!inc) {
1511 					log_err("%s:%d cannot open include "
1512 						"file %s: %s", fname,
1513 						lineno_orig, incfile,
1514 						strerror(errno));
1515 					free(incfile);
1516 					return 0;
1517 				}
1518 				/* recurse read that file now */
1519 				if(!az_parse_file(z, inc, rr, rrbuflen,
1520 					state, incfile, depth+1, cfg)) {
1521 					log_err("%s:%d cannot parse include "
1522 						"file %s", fname,
1523 						lineno_orig, incfile);
1524 					fclose(inc);
1525 					free(incfile);
1526 					return 0;
1527 				}
1528 				fclose(inc);
1529 				verbose(VERB_ALGO, "done with $INCLUDE %s",
1530 					incfile);
1531 				free(incfile);
1532 				state->lineno = lineno_orig;
1533 			}
1534 			continue;
1535 		}
1536 		if(status != 0) {
1537 			log_err("parse error %s %d:%d: %s", fname,
1538 				state->lineno, LDNS_WIREPARSE_OFFSET(status),
1539 				sldns_get_errorstr_parse(status));
1540 			return 0;
1541 		}
1542 		if(rr_len == 0) {
1543 			/* EMPTY line, TTL or ORIGIN */
1544 			continue;
1545 		}
1546 		/* insert wirerr in rrbuf */
1547 		if(!az_insert_rr(z, rr, rr_len, dname_len, NULL)) {
1548 			char buf[17];
1549 			sldns_wire2str_type_buf(sldns_wirerr_get_type(rr,
1550 				rr_len, dname_len), buf, sizeof(buf));
1551 			log_err("%s:%d cannot insert RR of type %s",
1552 				fname, state->lineno, buf);
1553 			return 0;
1554 		}
1555 	}
1556 	return 1;
1557 }
1558 
1559 int
1560 auth_zone_read_zonefile(struct auth_zone* z, struct config_file* cfg)
1561 {
1562 	uint8_t rr[LDNS_RR_BUF_SIZE];
1563 	struct sldns_file_parse_state state;
1564 	char* zfilename;
1565 	FILE* in;
1566 	if(!z || !z->zonefile || z->zonefile[0]==0)
1567 		return 1; /* no file, or "", nothing to read */
1568 
1569 	zfilename = z->zonefile;
1570 	if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(zfilename,
1571 		cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
1572 		zfilename += strlen(cfg->chrootdir);
1573 	if(verbosity >= VERB_ALGO) {
1574 		char nm[255+1];
1575 		dname_str(z->name, nm);
1576 		verbose(VERB_ALGO, "read zonefile %s for %s", zfilename, nm);
1577 	}
1578 	in = fopen(zfilename, "r");
1579 	if(!in) {
1580 		char* n = sldns_wire2str_dname(z->name, z->namelen);
1581 		if(z->zone_is_slave && errno == ENOENT) {
1582 			/* we fetch the zone contents later, no file yet */
1583 			verbose(VERB_ALGO, "no zonefile %s for %s",
1584 				zfilename, n?n:"error");
1585 			free(n);
1586 			return 1;
1587 		}
1588 		log_err("cannot open zonefile %s for %s: %s",
1589 			zfilename, n?n:"error", strerror(errno));
1590 		free(n);
1591 		return 0;
1592 	}
1593 
1594 	/* clear the data tree */
1595 	traverse_postorder(&z->data, auth_data_del, NULL);
1596 	rbtree_init(&z->data, &auth_data_cmp);
1597 	/* clear the RPZ policies */
1598 	if(z->rpz)
1599 		rpz_clear(z->rpz);
1600 
1601 	memset(&state, 0, sizeof(state));
1602 	/* default TTL to 3600 */
1603 	state.default_ttl = 3600;
1604 	/* set $ORIGIN to the zone name */
1605 	if(z->namelen <= sizeof(state.origin)) {
1606 		memcpy(state.origin, z->name, z->namelen);
1607 		state.origin_len = z->namelen;
1608 	}
1609 	/* parse the (toplevel) file */
1610 	if(!az_parse_file(z, in, rr, sizeof(rr), &state, zfilename, 0, cfg)) {
1611 		char* n = sldns_wire2str_dname(z->name, z->namelen);
1612 		log_err("error parsing zonefile %s for %s",
1613 			zfilename, n?n:"error");
1614 		free(n);
1615 		fclose(in);
1616 		return 0;
1617 	}
1618 	fclose(in);
1619 
1620 	if(z->rpz)
1621 		rpz_finish_config(z->rpz);
1622 	return 1;
1623 }
1624 
1625 /** write buffer to file and check return codes */
1626 static int
1627 write_out(FILE* out, const char* str, size_t len)
1628 {
1629 	size_t r;
1630 	if(len == 0)
1631 		return 1;
1632 	r = fwrite(str, 1, len, out);
1633 	if(r == 0) {
1634 		log_err("write failed: %s", strerror(errno));
1635 		return 0;
1636 	} else if(r < len) {
1637 		log_err("write failed: too short (disk full?)");
1638 		return 0;
1639 	}
1640 	return 1;
1641 }
1642 
1643 /** convert auth rr to string */
1644 static int
1645 auth_rr_to_string(uint8_t* nm, size_t nmlen, uint16_t tp, uint16_t cl,
1646 	struct packed_rrset_data* data, size_t i, char* s, size_t buflen)
1647 {
1648 	int w = 0;
1649 	size_t slen = buflen, datlen;
1650 	uint8_t* dat;
1651 	if(i >= data->count) tp = LDNS_RR_TYPE_RRSIG;
1652 	dat = nm;
1653 	datlen = nmlen;
1654 	w += sldns_wire2str_dname_scan(&dat, &datlen, &s, &slen, NULL, 0, NULL);
1655 	w += sldns_str_print(&s, &slen, "\t");
1656 	w += sldns_str_print(&s, &slen, "%lu\t", (unsigned long)data->rr_ttl[i]);
1657 	w += sldns_wire2str_class_print(&s, &slen, cl);
1658 	w += sldns_str_print(&s, &slen, "\t");
1659 	w += sldns_wire2str_type_print(&s, &slen, tp);
1660 	w += sldns_str_print(&s, &slen, "\t");
1661 	datlen = data->rr_len[i]-2;
1662 	dat = data->rr_data[i]+2;
1663 	w += sldns_wire2str_rdata_scan(&dat, &datlen, &s, &slen, tp, NULL, 0, NULL);
1664 
1665 	if(tp == LDNS_RR_TYPE_DNSKEY) {
1666 		w += sldns_str_print(&s, &slen, " ;{id = %u}",
1667 			sldns_calc_keytag_raw(data->rr_data[i]+2,
1668 				data->rr_len[i]-2));
1669 	}
1670 	w += sldns_str_print(&s, &slen, "\n");
1671 
1672 	if(w >= (int)buflen) {
1673 		log_nametypeclass(NO_VERBOSE, "RR too long to print", nm, tp, cl);
1674 		return 0;
1675 	}
1676 	return 1;
1677 }
1678 
1679 /** write rrset to file */
1680 static int
1681 auth_zone_write_rrset(struct auth_zone* z, struct auth_data* node,
1682 	struct auth_rrset* r, FILE* out)
1683 {
1684 	size_t i, count = r->data->count + r->data->rrsig_count;
1685 	char buf[LDNS_RR_BUF_SIZE];
1686 	for(i=0; i<count; i++) {
1687 		if(!auth_rr_to_string(node->name, node->namelen, r->type,
1688 			z->dclass, r->data, i, buf, sizeof(buf))) {
1689 			verbose(VERB_ALGO, "failed to rr2str rr %d", (int)i);
1690 			continue;
1691 		}
1692 		if(!write_out(out, buf, strlen(buf)))
1693 			return 0;
1694 	}
1695 	return 1;
1696 }
1697 
1698 /** write domain to file */
1699 static int
1700 auth_zone_write_domain(struct auth_zone* z, struct auth_data* n, FILE* out)
1701 {
1702 	struct auth_rrset* r;
1703 	/* if this is zone apex, write SOA first */
1704 	if(z->namelen == n->namelen) {
1705 		struct auth_rrset* soa = az_domain_rrset(n, LDNS_RR_TYPE_SOA);
1706 		if(soa) {
1707 			if(!auth_zone_write_rrset(z, n, soa, out))
1708 				return 0;
1709 		}
1710 	}
1711 	/* write all the RRsets for this domain */
1712 	for(r = n->rrsets; r; r = r->next) {
1713 		if(z->namelen == n->namelen &&
1714 			r->type == LDNS_RR_TYPE_SOA)
1715 			continue; /* skip SOA here */
1716 		if(!auth_zone_write_rrset(z, n, r, out))
1717 			return 0;
1718 	}
1719 	return 1;
1720 }
1721 
1722 int auth_zone_write_file(struct auth_zone* z, const char* fname)
1723 {
1724 	FILE* out;
1725 	struct auth_data* n;
1726 	out = fopen(fname, "w");
1727 	if(!out) {
1728 		log_err("could not open %s: %s", fname, strerror(errno));
1729 		return 0;
1730 	}
1731 	RBTREE_FOR(n, struct auth_data*, &z->data) {
1732 		if(!auth_zone_write_domain(z, n, out)) {
1733 			log_err("could not write domain to %s", fname);
1734 			fclose(out);
1735 			return 0;
1736 		}
1737 	}
1738 	fclose(out);
1739 	return 1;
1740 }
1741 
1742 /** read all auth zones from file (if they have) */
1743 static int
1744 auth_zones_read_zones(struct auth_zones* az, struct config_file* cfg)
1745 {
1746 	struct auth_zone* z;
1747 	lock_rw_wrlock(&az->lock);
1748 	RBTREE_FOR(z, struct auth_zone*, &az->ztree) {
1749 		lock_rw_wrlock(&z->lock);
1750 		if(!auth_zone_read_zonefile(z, cfg)) {
1751 			lock_rw_unlock(&z->lock);
1752 			lock_rw_unlock(&az->lock);
1753 			return 0;
1754 		}
1755 		lock_rw_unlock(&z->lock);
1756 	}
1757 	lock_rw_unlock(&az->lock);
1758 	return 1;
1759 }
1760 
1761 /** find serial number of zone or false if none */
1762 int
1763 auth_zone_get_serial(struct auth_zone* z, uint32_t* serial)
1764 {
1765 	struct auth_data* apex;
1766 	struct auth_rrset* soa;
1767 	struct packed_rrset_data* d;
1768 	apex = az_find_name(z, z->name, z->namelen);
1769 	if(!apex) return 0;
1770 	soa = az_domain_rrset(apex, LDNS_RR_TYPE_SOA);
1771 	if(!soa || soa->data->count==0)
1772 		return 0; /* no RRset or no RRs in rrset */
1773 	if(soa->data->rr_len[0] < 2+4*5) return 0; /* SOA too short */
1774 	d = soa->data;
1775 	*serial = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-20));
1776 	return 1;
1777 }
1778 
1779 /** Find auth_zone SOA and populate the values in xfr(soa values). */
1780 static int
1781 xfr_find_soa(struct auth_zone* z, struct auth_xfer* xfr)
1782 {
1783 	struct auth_data* apex;
1784 	struct auth_rrset* soa;
1785 	struct packed_rrset_data* d;
1786 	apex = az_find_name(z, z->name, z->namelen);
1787 	if(!apex) return 0;
1788 	soa = az_domain_rrset(apex, LDNS_RR_TYPE_SOA);
1789 	if(!soa || soa->data->count==0)
1790 		return 0; /* no RRset or no RRs in rrset */
1791 	if(soa->data->rr_len[0] < 2+4*5) return 0; /* SOA too short */
1792 	/* SOA record ends with serial, refresh, retry, expiry, minimum,
1793 	 * as 4 byte fields */
1794 	d = soa->data;
1795 	xfr->have_zone = 1;
1796 	xfr->serial = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-20));
1797 	xfr->refresh = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-16));
1798 	xfr->retry = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-12));
1799 	xfr->expiry = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-8));
1800 	/* soa minimum at d->rr_len[0]-4 */
1801 	return 1;
1802 }
1803 
1804 /**
1805  * Setup auth_xfer zone
1806  * This populates the have_zone, soa values, and so on times.
1807  * Doesn't do network traffic yet, can set option flags.
1808  * @param z: locked by caller, and modified for setup
1809  * @param x: locked by caller, and modified.
1810  * @return false on failure.
1811  */
1812 static int
1813 auth_xfer_setup(struct auth_zone* z, struct auth_xfer* x)
1814 {
1815 	/* for a zone without zone transfers, x==NULL, so skip them,
1816 	 * i.e. the zone config is fixed with no masters or urls */
1817 	if(!z || !x) return 1;
1818 	if(!xfr_find_soa(z, x)) {
1819 		return 1;
1820 	}
1821 	/* nothing for probe, nextprobe and transfer tasks */
1822 	return 1;
1823 }
1824 
1825 /**
1826  * Setup all zones
1827  * @param az: auth zones structure
1828  * @return false on failure.
1829  */
1830 static int
1831 auth_zones_setup_zones(struct auth_zones* az)
1832 {
1833 	struct auth_zone* z;
1834 	struct auth_xfer* x;
1835 	lock_rw_wrlock(&az->lock);
1836 	RBTREE_FOR(z, struct auth_zone*, &az->ztree) {
1837 		lock_rw_wrlock(&z->lock);
1838 		x = auth_xfer_find(az, z->name, z->namelen, z->dclass);
1839 		if(x) {
1840 			lock_basic_lock(&x->lock);
1841 		}
1842 		if(!auth_xfer_setup(z, x)) {
1843 			if(x) {
1844 				lock_basic_unlock(&x->lock);
1845 			}
1846 			lock_rw_unlock(&z->lock);
1847 			lock_rw_unlock(&az->lock);
1848 			return 0;
1849 		}
1850 		if(x) {
1851 			lock_basic_unlock(&x->lock);
1852 		}
1853 		lock_rw_unlock(&z->lock);
1854 	}
1855 	lock_rw_unlock(&az->lock);
1856 	return 1;
1857 }
1858 
1859 /** set config items and create zones */
1860 static int
1861 auth_zones_cfg(struct auth_zones* az, struct config_auth* c)
1862 {
1863 	struct auth_zone* z;
1864 	struct auth_xfer* x = NULL;
1865 
1866 	/* create zone */
1867 	lock_rw_wrlock(&az->lock);
1868 	if(!(z=auth_zones_find_or_add_zone(az, c->name))) {
1869 		lock_rw_unlock(&az->lock);
1870 		return 0;
1871 	}
1872 	if(c->masters || c->urls) {
1873 		if(!(x=auth_zones_find_or_add_xfer(az, z))) {
1874 			lock_rw_unlock(&az->lock);
1875 			lock_rw_unlock(&z->lock);
1876 			return 0;
1877 		}
1878 	}
1879 	if(c->for_downstream)
1880 		az->have_downstream = 1;
1881 	lock_rw_unlock(&az->lock);
1882 
1883 	/* set options */
1884 	z->zone_deleted = 0;
1885 	if(!auth_zone_set_zonefile(z, c->zonefile)) {
1886 		if(x) {
1887 			lock_basic_unlock(&x->lock);
1888 		}
1889 		lock_rw_unlock(&z->lock);
1890 		return 0;
1891 	}
1892 	z->for_downstream = c->for_downstream;
1893 	z->for_upstream = c->for_upstream;
1894 	z->fallback_enabled = c->fallback_enabled;
1895 	if(c->isrpz && !z->rpz){
1896 		if(!(z->rpz = rpz_create(c))){
1897 			fatal_exit("Could not setup RPZ zones");
1898 			return 0;
1899 		}
1900 		lock_rw_wrlock(&az->rpz_lock);
1901 		z->rpz->next = az->rpz_first;
1902 		if(az->rpz_first)
1903 			az->rpz_first->prev = z->rpz;
1904 		az->rpz_first = z->rpz;
1905 		lock_rw_unlock(&az->rpz_lock);
1906 	}
1907 
1908 	/* xfer zone */
1909 	if(x) {
1910 		z->zone_is_slave = 1;
1911 		/* set options on xfer zone */
1912 		if(!xfer_set_masters(&x->task_probe->masters, c, 0)) {
1913 			lock_basic_unlock(&x->lock);
1914 			lock_rw_unlock(&z->lock);
1915 			return 0;
1916 		}
1917 		if(!xfer_set_masters(&x->task_transfer->masters, c, 1)) {
1918 			lock_basic_unlock(&x->lock);
1919 			lock_rw_unlock(&z->lock);
1920 			return 0;
1921 		}
1922 		lock_basic_unlock(&x->lock);
1923 	}
1924 
1925 	lock_rw_unlock(&z->lock);
1926 	return 1;
1927 }
1928 
1929 /** set all auth zones deleted, then in auth_zones_cfg, it marks them
1930  * as nondeleted (if they are still in the config), and then later
1931  * we can find deleted zones */
1932 static void
1933 az_setall_deleted(struct auth_zones* az)
1934 {
1935 	struct auth_zone* z;
1936 	lock_rw_wrlock(&az->lock);
1937 	RBTREE_FOR(z, struct auth_zone*, &az->ztree) {
1938 		lock_rw_wrlock(&z->lock);
1939 		z->zone_deleted = 1;
1940 		lock_rw_unlock(&z->lock);
1941 	}
1942 	lock_rw_unlock(&az->lock);
1943 }
1944 
1945 /** find zones that are marked deleted and delete them.
1946  * This is called from apply_cfg, and there are no threads and no
1947  * workers, so the xfr can just be deleted. */
1948 static void
1949 az_delete_deleted_zones(struct auth_zones* az)
1950 {
1951 	struct auth_zone* z;
1952 	struct auth_zone* delete_list = NULL, *next;
1953 	struct auth_xfer* xfr;
1954 	lock_rw_wrlock(&az->lock);
1955 	RBTREE_FOR(z, struct auth_zone*, &az->ztree) {
1956 		lock_rw_wrlock(&z->lock);
1957 		if(z->zone_deleted) {
1958 			/* we cannot alter the rbtree right now, but
1959 			 * we can put it on a linked list and then
1960 			 * delete it */
1961 			z->delete_next = delete_list;
1962 			delete_list = z;
1963 		}
1964 		lock_rw_unlock(&z->lock);
1965 	}
1966 	/* now we are out of the tree loop and we can loop and delete
1967 	 * the zones */
1968 	z = delete_list;
1969 	while(z) {
1970 		next = z->delete_next;
1971 		xfr = auth_xfer_find(az, z->name, z->namelen, z->dclass);
1972 		if(xfr) {
1973 			(void)rbtree_delete(&az->xtree, &xfr->node);
1974 			auth_xfer_delete(xfr);
1975 		}
1976 		(void)rbtree_delete(&az->ztree, &z->node);
1977 		auth_zone_delete(z, az);
1978 		z = next;
1979 	}
1980 	lock_rw_unlock(&az->lock);
1981 }
1982 
1983 int auth_zones_apply_cfg(struct auth_zones* az, struct config_file* cfg,
1984 	int setup, int* is_rpz)
1985 {
1986 	struct config_auth* p;
1987 	az_setall_deleted(az);
1988 	for(p = cfg->auths; p; p = p->next) {
1989 		if(!p->name || p->name[0] == 0) {
1990 			log_warn("auth-zone without a name, skipped");
1991 			continue;
1992 		}
1993 		*is_rpz = (*is_rpz || p->isrpz);
1994 		if(!auth_zones_cfg(az, p)) {
1995 			log_err("cannot config auth zone %s", p->name);
1996 			return 0;
1997 		}
1998 	}
1999 	az_delete_deleted_zones(az);
2000 	if(!auth_zones_read_zones(az, cfg))
2001 		return 0;
2002 	if(setup) {
2003 		if(!auth_zones_setup_zones(az))
2004 			return 0;
2005 	}
2006 	return 1;
2007 }
2008 
2009 /** delete chunks
2010  * @param at: transfer structure with chunks list.  The chunks and their
2011  * 	data are freed.
2012  */
2013 static void
2014 auth_chunks_delete(struct auth_transfer* at)
2015 {
2016 	if(at->chunks_first) {
2017 		struct auth_chunk* c, *cn;
2018 		c = at->chunks_first;
2019 		while(c) {
2020 			cn = c->next;
2021 			free(c->data);
2022 			free(c);
2023 			c = cn;
2024 		}
2025 	}
2026 	at->chunks_first = NULL;
2027 	at->chunks_last = NULL;
2028 }
2029 
2030 /** free master addr list */
2031 static void
2032 auth_free_master_addrs(struct auth_addr* list)
2033 {
2034 	struct auth_addr *n;
2035 	while(list) {
2036 		n = list->next;
2037 		free(list);
2038 		list = n;
2039 	}
2040 }
2041 
2042 /** free the masters list */
2043 static void
2044 auth_free_masters(struct auth_master* list)
2045 {
2046 	struct auth_master* n;
2047 	while(list) {
2048 		n = list->next;
2049 		auth_free_master_addrs(list->list);
2050 		free(list->host);
2051 		free(list->file);
2052 		free(list);
2053 		list = n;
2054 	}
2055 }
2056 
2057 /** delete auth xfer structure
2058  * @param xfr: delete this xfer and its tasks.
2059  */
2060 static void
2061 auth_xfer_delete(struct auth_xfer* xfr)
2062 {
2063 	if(!xfr) return;
2064 	lock_basic_destroy(&xfr->lock);
2065 	free(xfr->name);
2066 	if(xfr->task_nextprobe) {
2067 		comm_timer_delete(xfr->task_nextprobe->timer);
2068 		free(xfr->task_nextprobe);
2069 	}
2070 	if(xfr->task_probe) {
2071 		auth_free_masters(xfr->task_probe->masters);
2072 		comm_point_delete(xfr->task_probe->cp);
2073 		comm_timer_delete(xfr->task_probe->timer);
2074 		free(xfr->task_probe);
2075 	}
2076 	if(xfr->task_transfer) {
2077 		auth_free_masters(xfr->task_transfer->masters);
2078 		comm_point_delete(xfr->task_transfer->cp);
2079 		comm_timer_delete(xfr->task_transfer->timer);
2080 		if(xfr->task_transfer->chunks_first) {
2081 			auth_chunks_delete(xfr->task_transfer);
2082 		}
2083 		free(xfr->task_transfer);
2084 	}
2085 	auth_free_masters(xfr->allow_notify_list);
2086 	free(xfr);
2087 }
2088 
2089 /** helper traverse to delete zones */
2090 static void
2091 auth_zone_del(rbnode_type* n, void* ATTR_UNUSED(arg))
2092 {
2093 	struct auth_zone* z = (struct auth_zone*)n->key;
2094 	auth_zone_delete(z, NULL);
2095 }
2096 
2097 /** helper traverse to delete xfer zones */
2098 static void
2099 auth_xfer_del(rbnode_type* n, void* ATTR_UNUSED(arg))
2100 {
2101 	struct auth_xfer* z = (struct auth_xfer*)n->key;
2102 	auth_xfer_delete(z);
2103 }
2104 
2105 void auth_zones_delete(struct auth_zones* az)
2106 {
2107 	if(!az) return;
2108 	lock_rw_destroy(&az->lock);
2109 	lock_rw_destroy(&az->rpz_lock);
2110 	traverse_postorder(&az->ztree, auth_zone_del, NULL);
2111 	traverse_postorder(&az->xtree, auth_xfer_del, NULL);
2112 	free(az);
2113 }
2114 
2115 /** true if domain has only nsec3 */
2116 static int
2117 domain_has_only_nsec3(struct auth_data* n)
2118 {
2119 	struct auth_rrset* rrset = n->rrsets;
2120 	int nsec3_seen = 0;
2121 	while(rrset) {
2122 		if(rrset->type == LDNS_RR_TYPE_NSEC3) {
2123 			nsec3_seen = 1;
2124 		} else if(rrset->type != LDNS_RR_TYPE_RRSIG) {
2125 			return 0;
2126 		}
2127 		rrset = rrset->next;
2128 	}
2129 	return nsec3_seen;
2130 }
2131 
2132 /** see if the domain has a wildcard child '*.domain' */
2133 static struct auth_data*
2134 az_find_wildcard_domain(struct auth_zone* z, uint8_t* nm, size_t nmlen)
2135 {
2136 	uint8_t wc[LDNS_MAX_DOMAINLEN];
2137 	if(nmlen+2 > sizeof(wc))
2138 		return NULL; /* result would be too long */
2139 	wc[0] = 1; /* length of wildcard label */
2140 	wc[1] = (uint8_t)'*'; /* wildcard label */
2141 	memmove(wc+2, nm, nmlen);
2142 	return az_find_name(z, wc, nmlen+2);
2143 }
2144 
2145 /** find wildcard between qname and cename */
2146 static struct auth_data*
2147 az_find_wildcard(struct auth_zone* z, struct query_info* qinfo,
2148 	struct auth_data* ce)
2149 {
2150 	uint8_t* nm = qinfo->qname;
2151 	size_t nmlen = qinfo->qname_len;
2152 	struct auth_data* node;
2153 	if(!dname_subdomain_c(nm, z->name))
2154 		return NULL; /* out of zone */
2155 	while((node=az_find_wildcard_domain(z, nm, nmlen))==NULL) {
2156 		/* see if we can go up to find the wildcard */
2157 		if(nmlen == z->namelen)
2158 			return NULL; /* top of zone reached */
2159 		if(ce && nmlen == ce->namelen)
2160 			return NULL; /* ce reached */
2161 		if(dname_is_root(nm))
2162 			return NULL; /* cannot go up */
2163 		dname_remove_label(&nm, &nmlen);
2164 	}
2165 	return node;
2166 }
2167 
2168 /** domain is not exact, find first candidate ce (name that matches
2169  * a part of qname) in tree */
2170 static struct auth_data*
2171 az_find_candidate_ce(struct auth_zone* z, struct query_info* qinfo,
2172 	struct auth_data* n)
2173 {
2174 	uint8_t* nm;
2175 	size_t nmlen;
2176 	if(n) {
2177 		nm = dname_get_shared_topdomain(qinfo->qname, n->name);
2178 	} else {
2179 		nm = qinfo->qname;
2180 	}
2181 	dname_count_size_labels(nm, &nmlen);
2182 	n = az_find_name(z, nm, nmlen);
2183 	/* delete labels and go up on name */
2184 	while(!n) {
2185 		if(dname_is_root(nm))
2186 			return NULL; /* cannot go up */
2187 		dname_remove_label(&nm, &nmlen);
2188 		n = az_find_name(z, nm, nmlen);
2189 	}
2190 	return n;
2191 }
2192 
2193 /** go up the auth tree to next existing name. */
2194 static struct auth_data*
2195 az_domain_go_up(struct auth_zone* z, struct auth_data* n)
2196 {
2197 	uint8_t* nm = n->name;
2198 	size_t nmlen = n->namelen;
2199 	while(!dname_is_root(nm)) {
2200 		dname_remove_label(&nm, &nmlen);
2201 		if((n=az_find_name(z, nm, nmlen)) != NULL)
2202 			return n;
2203 	}
2204 	return NULL;
2205 }
2206 
2207 /** Find the closest encloser, an name that exists and is above the
2208  * qname.
2209  * return true if the node (param node) is existing, nonobscured and
2210  * 	can be used to generate answers from.  It is then also node_exact.
2211  * returns false if the node is not good enough (or it wasn't node_exact)
2212  *	in this case the ce can be filled.
2213  *	if ce is NULL, no ce exists, and likely the zone is completely empty,
2214  *	not even with a zone apex.
2215  *	if ce is nonNULL it is the closest enclosing upper name (that exists
2216  *	itself for answer purposes).  That name may have DNAME, NS or wildcard
2217  *	rrset is the closest DNAME or NS rrset that was found.
2218  */
2219 static int
2220 az_find_ce(struct auth_zone* z, struct query_info* qinfo,
2221 	struct auth_data* node, int node_exact, struct auth_data** ce,
2222 	struct auth_rrset** rrset)
2223 {
2224 	struct auth_data* n = node;
2225 	*ce = NULL;
2226 	*rrset = NULL;
2227 	if(!node_exact) {
2228 		/* if not exact, lookup closest exact match */
2229 		n = az_find_candidate_ce(z, qinfo, n);
2230 	} else {
2231 		/* if exact, the node itself is the first candidate ce */
2232 		*ce = n;
2233 	}
2234 
2235 	/* no direct answer from nsec3-only domains */
2236 	if(n && domain_has_only_nsec3(n)) {
2237 		node_exact = 0;
2238 		*ce = NULL;
2239 	}
2240 
2241 	/* with exact matches, walk up the labels until we find the
2242 	 * delegation, or DNAME or zone end */
2243 	while(n) {
2244 		/* see if the current candidate has issues */
2245 		/* not zone apex and has type NS */
2246 		if(n->namelen != z->namelen &&
2247 			(*rrset=az_domain_rrset(n, LDNS_RR_TYPE_NS)) &&
2248 			/* delegate here, but DS at exact the dp has notype */
2249 			(qinfo->qtype != LDNS_RR_TYPE_DS ||
2250 			n->namelen != qinfo->qname_len)) {
2251 			/* referral */
2252 			/* this is ce and the lowernode is nonexisting */
2253 			*ce = n;
2254 			return 0;
2255 		}
2256 		/* not equal to qname and has type DNAME */
2257 		if(n->namelen != qinfo->qname_len &&
2258 			(*rrset=az_domain_rrset(n, LDNS_RR_TYPE_DNAME))) {
2259 			/* this is ce and the lowernode is nonexisting */
2260 			*ce = n;
2261 			return 0;
2262 		}
2263 
2264 		if(*ce == NULL && !domain_has_only_nsec3(n)) {
2265 			/* if not found yet, this exact name must be
2266 			 * our lowest match (but not nsec3onlydomain) */
2267 			*ce = n;
2268 		}
2269 
2270 		/* walk up the tree by removing labels from name and lookup */
2271 		n = az_domain_go_up(z, n);
2272 	}
2273 	/* found no problems, if it was an exact node, it is fine to use */
2274 	return node_exact;
2275 }
2276 
2277 /** add additional A/AAAA from domain names in rrset rdata (+offset)
2278  * offset is number of bytes in rdata where the dname is located. */
2279 static int
2280 az_add_additionals_from(struct auth_zone* z, struct regional* region,
2281 	struct dns_msg* msg, struct auth_rrset* rrset, size_t offset)
2282 {
2283 	struct packed_rrset_data* d = rrset->data;
2284 	size_t i;
2285 	if(!d) return 0;
2286 	for(i=0; i<d->count; i++) {
2287 		size_t dlen;
2288 		struct auth_data* domain;
2289 		struct auth_rrset* ref;
2290 		if(d->rr_len[i] < 2+offset)
2291 			continue; /* too short */
2292 		if(!(dlen = dname_valid(d->rr_data[i]+2+offset,
2293 			d->rr_len[i]-2-offset)))
2294 			continue; /* malformed */
2295 		domain = az_find_name(z, d->rr_data[i]+2+offset, dlen);
2296 		if(!domain)
2297 			continue;
2298 		if((ref=az_domain_rrset(domain, LDNS_RR_TYPE_A)) != NULL) {
2299 			if(!msg_add_rrset_ar(z, region, msg, domain, ref))
2300 				return 0;
2301 		}
2302 		if((ref=az_domain_rrset(domain, LDNS_RR_TYPE_AAAA)) != NULL) {
2303 			if(!msg_add_rrset_ar(z, region, msg, domain, ref))
2304 				return 0;
2305 		}
2306 	}
2307 	return 1;
2308 }
2309 
2310 /** add negative SOA record (with negative TTL) */
2311 static int
2312 az_add_negative_soa(struct auth_zone* z, struct regional* region,
2313 	struct dns_msg* msg)
2314 {
2315 	uint32_t minimum;
2316 	struct packed_rrset_data* d;
2317 	struct auth_rrset* soa;
2318 	struct auth_data* apex = az_find_name(z, z->name, z->namelen);
2319 	if(!apex) return 0;
2320 	soa = az_domain_rrset(apex, LDNS_RR_TYPE_SOA);
2321 	if(!soa) return 0;
2322 	/* must be first to put in message; we want to fix the TTL with
2323 	 * one RRset here, otherwise we'd need to loop over the RRs to get
2324 	 * the resulting lower TTL */
2325 	log_assert(msg->rep->rrset_count == 0);
2326 	if(!msg_add_rrset_ns(z, region, msg, apex, soa)) return 0;
2327 	/* fixup TTL */
2328 	d = (struct packed_rrset_data*)msg->rep->rrsets[msg->rep->rrset_count-1]->entry.data;
2329 	/* last 4 bytes are minimum ttl in network format */
2330 	if(d->count == 0) return 0;
2331 	if(d->rr_len[0] < 2+4) return 0;
2332 	minimum = sldns_read_uint32(d->rr_data[0]+(d->rr_len[0]-4));
2333 	d->ttl = (time_t)minimum;
2334 	d->rr_ttl[0] = (time_t)minimum;
2335 	msg->rep->ttl = get_rrset_ttl(msg->rep->rrsets[0]);
2336 	msg->rep->prefetch_ttl = PREFETCH_TTL_CALC(msg->rep->ttl);
2337 	msg->rep->serve_expired_ttl = msg->rep->ttl + SERVE_EXPIRED_TTL;
2338 	return 1;
2339 }
2340 
2341 /** See if the query goes to empty nonterminal (that has no auth_data,
2342  * but there are nodes underneath.  We already checked that there are
2343  * not NS, or DNAME above, so that we only need to check if some node
2344  * exists below (with nonempty rr list), return true if emptynonterminal */
2345 static int
2346 az_empty_nonterminal(struct auth_zone* z, struct query_info* qinfo,
2347 	struct auth_data* node)
2348 {
2349 	struct auth_data* next;
2350 	if(!node) {
2351 		/* no smaller was found, use first (smallest) node as the
2352 		 * next one */
2353 		next = (struct auth_data*)rbtree_first(&z->data);
2354 	} else {
2355 		next = (struct auth_data*)rbtree_next(&node->node);
2356 	}
2357 	while(next && (rbnode_type*)next != RBTREE_NULL && next->rrsets == NULL) {
2358 		/* the next name has empty rrsets, is an empty nonterminal
2359 		 * itself, see if there exists something below it */
2360 		next = (struct auth_data*)rbtree_next(&node->node);
2361 	}
2362 	if((rbnode_type*)next == RBTREE_NULL || !next) {
2363 		/* there is no next node, so something below it cannot
2364 		 * exist */
2365 		return 0;
2366 	}
2367 	/* a next node exists, if there was something below the query,
2368 	 * this node has to be it.  See if it is below the query name */
2369 	if(dname_strict_subdomain_c(next->name, qinfo->qname))
2370 		return 1;
2371 	return 0;
2372 }
2373 
2374 /** create synth cname target name in buffer, or fail if too long */
2375 static size_t
2376 synth_cname_buf(uint8_t* qname, size_t qname_len, size_t dname_len,
2377 	uint8_t* dtarg, size_t dtarglen, uint8_t* buf, size_t buflen)
2378 {
2379 	size_t newlen = qname_len + dtarglen - dname_len;
2380 	if(newlen > buflen) {
2381 		/* YXDOMAIN error */
2382 		return 0;
2383 	}
2384 	/* new name is concatenation of qname front (without DNAME owner)
2385 	 * and DNAME target name */
2386 	memcpy(buf, qname, qname_len-dname_len);
2387 	memmove(buf+(qname_len-dname_len), dtarg, dtarglen);
2388 	return newlen;
2389 }
2390 
2391 /** create synthetic CNAME rrset for in a DNAME answer in region,
2392  * false on alloc failure, cname==NULL when name too long. */
2393 static int
2394 create_synth_cname(uint8_t* qname, size_t qname_len, struct regional* region,
2395 	struct auth_data* node, struct auth_rrset* dname, uint16_t dclass,
2396 	struct ub_packed_rrset_key** cname)
2397 {
2398 	uint8_t buf[LDNS_MAX_DOMAINLEN];
2399 	uint8_t* dtarg;
2400 	size_t dtarglen, newlen;
2401 	struct packed_rrset_data* d;
2402 
2403 	/* get DNAME target name */
2404 	if(dname->data->count < 1) return 0;
2405 	if(dname->data->rr_len[0] < 3) return 0; /* at least rdatalen +1 */
2406 	dtarg = dname->data->rr_data[0]+2;
2407 	dtarglen = dname->data->rr_len[0]-2;
2408 	if(sldns_read_uint16(dname->data->rr_data[0]) != dtarglen)
2409 		return 0; /* rdatalen in DNAME rdata is malformed */
2410 	if(dname_valid(dtarg, dtarglen) != dtarglen)
2411 		return 0; /* DNAME RR has malformed rdata */
2412 	if(qname_len == 0)
2413 		return 0; /* too short */
2414 	if(qname_len <= node->namelen)
2415 		return 0; /* qname too short for dname removal */
2416 
2417 	/* synthesize a CNAME */
2418 	newlen = synth_cname_buf(qname, qname_len, node->namelen,
2419 		dtarg, dtarglen, buf, sizeof(buf));
2420 	if(newlen == 0) {
2421 		/* YXDOMAIN error */
2422 		*cname = NULL;
2423 		return 1;
2424 	}
2425 	*cname = (struct ub_packed_rrset_key*)regional_alloc(region,
2426 		sizeof(struct ub_packed_rrset_key));
2427 	if(!*cname)
2428 		return 0; /* out of memory */
2429 	memset(&(*cname)->entry, 0, sizeof((*cname)->entry));
2430 	(*cname)->entry.key = (*cname);
2431 	(*cname)->rk.type = htons(LDNS_RR_TYPE_CNAME);
2432 	(*cname)->rk.rrset_class = htons(dclass);
2433 	(*cname)->rk.flags = 0;
2434 	(*cname)->rk.dname = regional_alloc_init(region, qname, qname_len);
2435 	if(!(*cname)->rk.dname)
2436 		return 0; /* out of memory */
2437 	(*cname)->rk.dname_len = qname_len;
2438 	(*cname)->entry.hash = rrset_key_hash(&(*cname)->rk);
2439 	d = (struct packed_rrset_data*)regional_alloc_zero(region,
2440 		sizeof(struct packed_rrset_data) + sizeof(size_t) +
2441 		sizeof(uint8_t*) + sizeof(time_t) + sizeof(uint16_t)
2442 		+ newlen);
2443 	if(!d)
2444 		return 0; /* out of memory */
2445 	(*cname)->entry.data = d;
2446 	d->ttl = 0; /* 0 for synthesized CNAME TTL */
2447 	d->count = 1;
2448 	d->rrsig_count = 0;
2449 	d->trust = rrset_trust_ans_noAA;
2450 	d->rr_len = (size_t*)((uint8_t*)d +
2451 		sizeof(struct packed_rrset_data));
2452 	d->rr_len[0] = newlen + sizeof(uint16_t);
2453 	packed_rrset_ptr_fixup(d);
2454 	d->rr_ttl[0] = d->ttl;
2455 	sldns_write_uint16(d->rr_data[0], newlen);
2456 	memmove(d->rr_data[0] + sizeof(uint16_t), buf, newlen);
2457 	return 1;
2458 }
2459 
2460 /** add a synthesized CNAME to the answer section */
2461 static int
2462 add_synth_cname(struct auth_zone* z, uint8_t* qname, size_t qname_len,
2463 	struct regional* region, struct dns_msg* msg, struct auth_data* dname,
2464 	struct auth_rrset* rrset)
2465 {
2466 	struct ub_packed_rrset_key* cname;
2467 	/* synthesize a CNAME */
2468 	if(!create_synth_cname(qname, qname_len, region, dname, rrset,
2469 		z->dclass, &cname)) {
2470 		/* out of memory */
2471 		return 0;
2472 	}
2473 	if(!cname) {
2474 		/* cname cannot be create because of YXDOMAIN */
2475 		msg->rep->flags |= LDNS_RCODE_YXDOMAIN;
2476 		return 1;
2477 	}
2478 	/* add cname to message */
2479 	if(!msg_grow_array(region, msg))
2480 		return 0;
2481 	msg->rep->rrsets[msg->rep->rrset_count] = cname;
2482 	msg->rep->rrset_count++;
2483 	msg->rep->an_numrrsets++;
2484 	msg_ttl(msg);
2485 	return 1;
2486 }
2487 
2488 /** Change a dname to a different one, for wildcard namechange */
2489 static void
2490 az_change_dnames(struct dns_msg* msg, uint8_t* oldname, uint8_t* newname,
2491 	size_t newlen, int an_only)
2492 {
2493 	size_t i;
2494 	size_t start = 0, end = msg->rep->rrset_count;
2495 	if(!an_only) start = msg->rep->an_numrrsets;
2496 	if(an_only) end = msg->rep->an_numrrsets;
2497 	for(i=start; i<end; i++) {
2498 		/* allocated in region so we can change the ptrs */
2499 		if(query_dname_compare(msg->rep->rrsets[i]->rk.dname, oldname)
2500 			== 0) {
2501 			msg->rep->rrsets[i]->rk.dname = newname;
2502 			msg->rep->rrsets[i]->rk.dname_len = newlen;
2503 		}
2504 	}
2505 }
2506 
2507 /** find NSEC record covering the query */
2508 static struct auth_rrset*
2509 az_find_nsec_cover(struct auth_zone* z, struct auth_data** node)
2510 {
2511 	uint8_t* nm = (*node)->name;
2512 	size_t nmlen = (*node)->namelen;
2513 	struct auth_rrset* rrset;
2514 	/* find the NSEC for the smallest-or-equal node */
2515 	/* if node == NULL, we did not find a smaller name.  But the zone
2516 	 * name is the smallest name and should have an NSEC. So there is
2517 	 * no NSEC to return (for a properly signed zone) */
2518 	/* for empty nonterminals, the auth-data node should not exist,
2519 	 * and thus we don't need to go rbtree_previous here to find
2520 	 * a domain with an NSEC record */
2521 	/* but there could be glue, and if this is node, then it has no NSEC.
2522 	 * Go up to find nonglue (previous) NSEC-holding nodes */
2523 	while((rrset=az_domain_rrset(*node, LDNS_RR_TYPE_NSEC)) == NULL) {
2524 		if(dname_is_root(nm)) return NULL;
2525 		if(nmlen == z->namelen) return NULL;
2526 		dname_remove_label(&nm, &nmlen);
2527 		/* adjust *node for the nsec rrset to find in */
2528 		*node = az_find_name(z, nm, nmlen);
2529 	}
2530 	return rrset;
2531 }
2532 
2533 /** Find NSEC and add for wildcard denial */
2534 static int
2535 az_nsec_wildcard_denial(struct auth_zone* z, struct regional* region,
2536 	struct dns_msg* msg, uint8_t* cenm, size_t cenmlen)
2537 {
2538 	struct query_info qinfo;
2539 	int node_exact;
2540 	struct auth_data* node;
2541 	struct auth_rrset* nsec;
2542 	uint8_t wc[LDNS_MAX_DOMAINLEN];
2543 	if(cenmlen+2 > sizeof(wc))
2544 		return 0; /* result would be too long */
2545 	wc[0] = 1; /* length of wildcard label */
2546 	wc[1] = (uint8_t)'*'; /* wildcard label */
2547 	memmove(wc+2, cenm, cenmlen);
2548 
2549 	/* we have '*.ce' in wc wildcard name buffer */
2550 	/* get nsec cover for that */
2551 	qinfo.qname = wc;
2552 	qinfo.qname_len = cenmlen+2;
2553 	qinfo.qtype = 0;
2554 	qinfo.qclass = 0;
2555 	az_find_domain(z, &qinfo, &node_exact, &node);
2556 	if((nsec=az_find_nsec_cover(z, &node)) != NULL) {
2557 		if(!msg_add_rrset_ns(z, region, msg, node, nsec)) return 0;
2558 	}
2559 	return 1;
2560 }
2561 
2562 /** Find the NSEC3PARAM rrset (if any) and if true you have the parameters */
2563 static int
2564 az_nsec3_param(struct auth_zone* z, int* algo, size_t* iter, uint8_t** salt,
2565 	size_t* saltlen)
2566 {
2567 	struct auth_data* apex;
2568 	struct auth_rrset* param;
2569 	size_t i;
2570 	apex = az_find_name(z, z->name, z->namelen);
2571 	if(!apex) return 0;
2572 	param = az_domain_rrset(apex, LDNS_RR_TYPE_NSEC3PARAM);
2573 	if(!param || param->data->count==0)
2574 		return 0; /* no RRset or no RRs in rrset */
2575 	/* find out which NSEC3PARAM RR has supported parameters */
2576 	/* skip unknown flags (dynamic signer is recalculating nsec3 chain) */
2577 	for(i=0; i<param->data->count; i++) {
2578 		uint8_t* rdata = param->data->rr_data[i]+2;
2579 		size_t rdatalen = param->data->rr_len[i];
2580 		if(rdatalen < 2+5)
2581 			continue; /* too short */
2582 		if(!nsec3_hash_algo_size_supported((int)(rdata[0])))
2583 			continue; /* unsupported algo */
2584 		if(rdatalen < (size_t)(2+5+(size_t)rdata[4]))
2585 			continue; /* salt missing */
2586 		if((rdata[1]&NSEC3_UNKNOWN_FLAGS)!=0)
2587 			continue; /* unknown flags */
2588 		*algo = (int)(rdata[0]);
2589 		*iter = sldns_read_uint16(rdata+2);
2590 		*saltlen = rdata[4];
2591 		if(*saltlen == 0)
2592 			*salt = NULL;
2593 		else	*salt = rdata+5;
2594 		return 1;
2595 	}
2596 	/* no supported params */
2597 	return 0;
2598 }
2599 
2600 /** Hash a name with nsec3param into buffer, it has zone name appended.
2601  * return length of hash */
2602 static size_t
2603 az_nsec3_hash(uint8_t* buf, size_t buflen, uint8_t* nm, size_t nmlen,
2604 	int algo, size_t iter, uint8_t* salt, size_t saltlen)
2605 {
2606 	size_t hlen = nsec3_hash_algo_size_supported(algo);
2607 	/* buffer has domain name, nsec3hash, and 256 is for max saltlen
2608 	 * (salt has 0-255 length) */
2609 	unsigned char p[LDNS_MAX_DOMAINLEN+1+N3HASHBUFLEN+256];
2610 	size_t i;
2611 	if(nmlen+saltlen > sizeof(p) || hlen+saltlen > sizeof(p))
2612 		return 0;
2613 	if(hlen > buflen)
2614 		return 0; /* somehow too large for destination buffer */
2615 	/* hashfunc(name, salt) */
2616 	memmove(p, nm, nmlen);
2617 	query_dname_tolower(p);
2618 	if(salt && saltlen > 0)
2619 		memmove(p+nmlen, salt, saltlen);
2620 	(void)secalgo_nsec3_hash(algo, p, nmlen+saltlen, (unsigned char*)buf);
2621 	for(i=0; i<iter; i++) {
2622 		/* hashfunc(hash, salt) */
2623 		memmove(p, buf, hlen);
2624 		if(salt && saltlen > 0)
2625 			memmove(p+hlen, salt, saltlen);
2626 		(void)secalgo_nsec3_hash(algo, p, hlen+saltlen,
2627 			(unsigned char*)buf);
2628 	}
2629 	return hlen;
2630 }
2631 
2632 /** Hash name and return b32encoded hashname for lookup, zone name appended */
2633 static int
2634 az_nsec3_hashname(struct auth_zone* z, uint8_t* hashname, size_t* hashnmlen,
2635 	uint8_t* nm, size_t nmlen, int algo, size_t iter, uint8_t* salt,
2636 	size_t saltlen)
2637 {
2638 	uint8_t hash[N3HASHBUFLEN];
2639 	size_t hlen;
2640 	int ret;
2641 	hlen = az_nsec3_hash(hash, sizeof(hash), nm, nmlen, algo, iter,
2642 		salt, saltlen);
2643 	if(!hlen) return 0;
2644 	/* b32 encode */
2645 	if(*hashnmlen < hlen*2+1+z->namelen) /* approx b32 as hexb16 */
2646 		return 0;
2647 	ret = sldns_b32_ntop_extended_hex(hash, hlen, (char*)(hashname+1),
2648 		(*hashnmlen)-1);
2649 	if(ret<1)
2650 		return 0;
2651 	hashname[0] = (uint8_t)ret;
2652 	ret++;
2653 	if((*hashnmlen) - ret < z->namelen)
2654 		return 0;
2655 	memmove(hashname+ret, z->name, z->namelen);
2656 	*hashnmlen = z->namelen+(size_t)ret;
2657 	return 1;
2658 }
2659 
2660 /** Find the datanode that covers the nsec3hash-name */
2661 static struct auth_data*
2662 az_nsec3_findnode(struct auth_zone* z, uint8_t* hashnm, size_t hashnmlen)
2663 {
2664 	struct query_info qinfo;
2665 	struct auth_data* node;
2666 	int node_exact;
2667 	qinfo.qclass = 0;
2668 	qinfo.qtype = 0;
2669 	qinfo.qname = hashnm;
2670 	qinfo.qname_len = hashnmlen;
2671 	/* because canonical ordering and b32 nsec3 ordering are the same.
2672 	 * this is a good lookup to find the nsec3 name. */
2673 	az_find_domain(z, &qinfo, &node_exact, &node);
2674 	/* but we may have to skip non-nsec3 nodes */
2675 	/* this may be a lot, the way to speed that up is to have a
2676 	 * separate nsec3 tree with nsec3 nodes */
2677 	while(node && (rbnode_type*)node != RBTREE_NULL &&
2678 		!az_domain_rrset(node, LDNS_RR_TYPE_NSEC3)) {
2679 		node = (struct auth_data*)rbtree_previous(&node->node);
2680 	}
2681 	if((rbnode_type*)node == RBTREE_NULL)
2682 		node = NULL;
2683 	return node;
2684 }
2685 
2686 /** Find cover for hashed(nm, nmlen) (or NULL) */
2687 static struct auth_data*
2688 az_nsec3_find_cover(struct auth_zone* z, uint8_t* nm, size_t nmlen,
2689 	int algo, size_t iter, uint8_t* salt, size_t saltlen)
2690 {
2691 	struct auth_data* node;
2692 	uint8_t hname[LDNS_MAX_DOMAINLEN];
2693 	size_t hlen = sizeof(hname);
2694 	if(!az_nsec3_hashname(z, hname, &hlen, nm, nmlen, algo, iter,
2695 		salt, saltlen))
2696 		return NULL;
2697 	node = az_nsec3_findnode(z, hname, hlen);
2698 	if(node)
2699 		return node;
2700 	/* we did not find any, perhaps because the NSEC3 hash is before
2701 	 * the first hash, we have to find the 'last hash' in the zone */
2702 	node = (struct auth_data*)rbtree_last(&z->data);
2703 	while(node && (rbnode_type*)node != RBTREE_NULL &&
2704 		!az_domain_rrset(node, LDNS_RR_TYPE_NSEC3)) {
2705 		node = (struct auth_data*)rbtree_previous(&node->node);
2706 	}
2707 	if((rbnode_type*)node == RBTREE_NULL)
2708 		node = NULL;
2709 	return node;
2710 }
2711 
2712 /** Find exact match for hashed(nm, nmlen) NSEC3 record or NULL */
2713 static struct auth_data*
2714 az_nsec3_find_exact(struct auth_zone* z, uint8_t* nm, size_t nmlen,
2715 	int algo, size_t iter, uint8_t* salt, size_t saltlen)
2716 {
2717 	struct auth_data* node;
2718 	uint8_t hname[LDNS_MAX_DOMAINLEN];
2719 	size_t hlen = sizeof(hname);
2720 	if(!az_nsec3_hashname(z, hname, &hlen, nm, nmlen, algo, iter,
2721 		salt, saltlen))
2722 		return NULL;
2723 	node = az_find_name(z, hname, hlen);
2724 	if(az_domain_rrset(node, LDNS_RR_TYPE_NSEC3))
2725 		return node;
2726 	return NULL;
2727 }
2728 
2729 /** Return nextcloser name (as a ref into the qname).  This is one label
2730  * more than the cenm (cename must be a suffix of qname) */
2731 static void
2732 az_nsec3_get_nextcloser(uint8_t* cenm, uint8_t* qname, size_t qname_len,
2733 	uint8_t** nx, size_t* nxlen)
2734 {
2735 	int celabs = dname_count_labels(cenm);
2736 	int qlabs = dname_count_labels(qname);
2737 	int strip = qlabs - celabs -1;
2738 	log_assert(dname_strict_subdomain(qname, qlabs, cenm, celabs));
2739 	*nx = qname;
2740 	*nxlen = qname_len;
2741 	if(strip>0)
2742 		dname_remove_labels(nx, nxlen, strip);
2743 }
2744 
2745 /** Find the closest encloser that has exact NSEC3.
2746  * updated cenm to the new name. If it went up no-exact-ce is true. */
2747 static struct auth_data*
2748 az_nsec3_find_ce(struct auth_zone* z, uint8_t** cenm, size_t* cenmlen,
2749 	int* no_exact_ce, int algo, size_t iter, uint8_t* salt, size_t saltlen)
2750 {
2751 	struct auth_data* node;
2752 	while((node = az_nsec3_find_exact(z, *cenm, *cenmlen,
2753 		algo, iter, salt, saltlen)) == NULL) {
2754 		if(*cenmlen == z->namelen) {
2755 			/* next step up would take us out of the zone. fail */
2756 			return NULL;
2757 		}
2758 		*no_exact_ce = 1;
2759 		dname_remove_label(cenm, cenmlen);
2760 	}
2761 	return node;
2762 }
2763 
2764 /* Insert NSEC3 record in authority section, if NULL does nothing */
2765 static int
2766 az_nsec3_insert(struct auth_zone* z, struct regional* region,
2767 	struct dns_msg* msg, struct auth_data* node)
2768 {
2769 	struct auth_rrset* nsec3;
2770 	if(!node) return 1; /* no node, skip this */
2771 	nsec3 = az_domain_rrset(node, LDNS_RR_TYPE_NSEC3);
2772 	if(!nsec3) return 1; /* if no nsec3 RR, skip it */
2773 	if(!msg_add_rrset_ns(z, region, msg, node, nsec3)) return 0;
2774 	return 1;
2775 }
2776 
2777 /** add NSEC3 records to the zone for the nsec3 proof.
2778  * Specify with the flags with parts of the proof are required.
2779  * the ce is the exact matching name (for notype) but also delegation points.
2780  * qname is the one where the nextcloser name can be derived from.
2781  * If NSEC3 is not properly there (in the zone) nothing is added.
2782  * always enabled: include nsec3 proving about the Closest Encloser.
2783  * 	that is an exact match that should exist for it.
2784  * 	If that does not exist, a higher exact match + nxproof is enabled
2785  * 	(for some sort of opt-out empty nonterminal cases).
2786  * nodataproof: search for exact match and include that instead.
2787  * ceproof: include ce proof NSEC3 (omitted for wildcard replies).
2788  * nxproof: include denial of the qname.
2789  * wcproof: include denial of wildcard (wildcard.ce).
2790  */
2791 static int
2792 az_add_nsec3_proof(struct auth_zone* z, struct regional* region,
2793 	struct dns_msg* msg, uint8_t* cenm, size_t cenmlen, uint8_t* qname,
2794 	size_t qname_len, int nodataproof, int ceproof, int nxproof,
2795 	int wcproof)
2796 {
2797 	int algo;
2798 	size_t iter, saltlen;
2799 	uint8_t* salt;
2800 	int no_exact_ce = 0;
2801 	struct auth_data* node;
2802 
2803 	/* find parameters of nsec3 proof */
2804 	if(!az_nsec3_param(z, &algo, &iter, &salt, &saltlen))
2805 		return 1; /* no nsec3 */
2806 	if(nodataproof) {
2807 		/* see if the node has a hash of itself for the nodata
2808 		 * proof nsec3, this has to be an exact match nsec3. */
2809 		struct auth_data* match;
2810 		match = az_nsec3_find_exact(z, qname, qname_len, algo,
2811 			iter, salt, saltlen);
2812 		if(match) {
2813 			if(!az_nsec3_insert(z, region, msg, match))
2814 				return 0;
2815 			/* only nodata NSEC3 needed, no CE or others. */
2816 			return 1;
2817 		}
2818 	}
2819 	/* find ce that has an NSEC3 */
2820 	if(ceproof) {
2821 		node = az_nsec3_find_ce(z, &cenm, &cenmlen, &no_exact_ce,
2822 			algo, iter, salt, saltlen);
2823 		if(no_exact_ce) nxproof = 1;
2824 		if(!az_nsec3_insert(z, region, msg, node))
2825 			return 0;
2826 	}
2827 
2828 	if(nxproof) {
2829 		uint8_t* nx;
2830 		size_t nxlen;
2831 		/* create nextcloser domain name */
2832 		az_nsec3_get_nextcloser(cenm, qname, qname_len, &nx, &nxlen);
2833 		/* find nsec3 that matches or covers it */
2834 		node = az_nsec3_find_cover(z, nx, nxlen, algo, iter, salt,
2835 			saltlen);
2836 		if(!az_nsec3_insert(z, region, msg, node))
2837 			return 0;
2838 	}
2839 	if(wcproof) {
2840 		/* create wildcard name *.ce */
2841 		uint8_t wc[LDNS_MAX_DOMAINLEN];
2842 		size_t wclen;
2843 		if(cenmlen+2 > sizeof(wc))
2844 			return 0; /* result would be too long */
2845 		wc[0] = 1; /* length of wildcard label */
2846 		wc[1] = (uint8_t)'*'; /* wildcard label */
2847 		memmove(wc+2, cenm, cenmlen);
2848 		wclen = cenmlen+2;
2849 		/* find nsec3 that matches or covers it */
2850 		node = az_nsec3_find_cover(z, wc, wclen, algo, iter, salt,
2851 			saltlen);
2852 		if(!az_nsec3_insert(z, region, msg, node))
2853 			return 0;
2854 	}
2855 	return 1;
2856 }
2857 
2858 /** generate answer for positive answer */
2859 static int
2860 az_generate_positive_answer(struct auth_zone* z, struct regional* region,
2861 	struct dns_msg* msg, struct auth_data* node, struct auth_rrset* rrset)
2862 {
2863 	if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0;
2864 	/* see if we want additional rrs */
2865 	if(rrset->type == LDNS_RR_TYPE_MX) {
2866 		if(!az_add_additionals_from(z, region, msg, rrset, 2))
2867 			return 0;
2868 	} else if(rrset->type == LDNS_RR_TYPE_SRV) {
2869 		if(!az_add_additionals_from(z, region, msg, rrset, 6))
2870 			return 0;
2871 	} else if(rrset->type == LDNS_RR_TYPE_NS) {
2872 		if(!az_add_additionals_from(z, region, msg, rrset, 0))
2873 			return 0;
2874 	}
2875 	return 1;
2876 }
2877 
2878 /** generate answer for type ANY answer */
2879 static int
2880 az_generate_any_answer(struct auth_zone* z, struct regional* region,
2881 	struct dns_msg* msg, struct auth_data* node)
2882 {
2883 	struct auth_rrset* rrset;
2884 	int added = 0;
2885 	/* add a couple (at least one) RRs */
2886 	if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_SOA)) != NULL) {
2887 		if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0;
2888 		added++;
2889 	}
2890 	if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_MX)) != NULL) {
2891 		if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0;
2892 		added++;
2893 	}
2894 	if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_A)) != NULL) {
2895 		if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0;
2896 		added++;
2897 	}
2898 	if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_AAAA)) != NULL) {
2899 		if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0;
2900 		added++;
2901 	}
2902 	if(added == 0 && node && node->rrsets) {
2903 		if(!msg_add_rrset_an(z, region, msg, node,
2904 			node->rrsets)) return 0;
2905 	}
2906 	return 1;
2907 }
2908 
2909 /** follow cname chain and add more data to the answer section */
2910 static int
2911 follow_cname_chain(struct auth_zone* z, uint16_t qtype,
2912 	struct regional* region, struct dns_msg* msg,
2913 	struct packed_rrset_data* d)
2914 {
2915 	int maxchain = 0;
2916 	/* see if we can add the target of the CNAME into the answer */
2917 	while(maxchain++ < MAX_CNAME_CHAIN) {
2918 		struct auth_data* node;
2919 		struct auth_rrset* rrset;
2920 		size_t clen;
2921 		/* d has cname rdata */
2922 		if(d->count == 0) break; /* no CNAME */
2923 		if(d->rr_len[0] < 2+1) break; /* too small */
2924 		if((clen=dname_valid(d->rr_data[0]+2, d->rr_len[0]-2))==0)
2925 			break; /* malformed */
2926 		if(!dname_subdomain_c(d->rr_data[0]+2, z->name))
2927 			break; /* target out of zone */
2928 		if((node = az_find_name(z, d->rr_data[0]+2, clen))==NULL)
2929 			break; /* no such target name */
2930 		if((rrset=az_domain_rrset(node, qtype))!=NULL) {
2931 			/* done we found the target */
2932 			if(!msg_add_rrset_an(z, region, msg, node, rrset))
2933 				return 0;
2934 			break;
2935 		}
2936 		if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_CNAME))==NULL)
2937 			break; /* no further CNAME chain, notype */
2938 		if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0;
2939 		d = rrset->data;
2940 	}
2941 	return 1;
2942 }
2943 
2944 /** generate answer for cname answer */
2945 static int
2946 az_generate_cname_answer(struct auth_zone* z, struct query_info* qinfo,
2947 	struct regional* region, struct dns_msg* msg,
2948 	struct auth_data* node, struct auth_rrset* rrset)
2949 {
2950 	if(!msg_add_rrset_an(z, region, msg, node, rrset)) return 0;
2951 	if(!rrset) return 1;
2952 	if(!follow_cname_chain(z, qinfo->qtype, region, msg, rrset->data))
2953 		return 0;
2954 	return 1;
2955 }
2956 
2957 /** generate answer for notype answer */
2958 static int
2959 az_generate_notype_answer(struct auth_zone* z, struct regional* region,
2960 	struct dns_msg* msg, struct auth_data* node)
2961 {
2962 	struct auth_rrset* rrset;
2963 	if(!az_add_negative_soa(z, region, msg)) return 0;
2964 	/* DNSSEC denial NSEC */
2965 	if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_NSEC))!=NULL) {
2966 		if(!msg_add_rrset_ns(z, region, msg, node, rrset)) return 0;
2967 	} else if(node) {
2968 		/* DNSSEC denial NSEC3 */
2969 		if(!az_add_nsec3_proof(z, region, msg, node->name,
2970 			node->namelen, msg->qinfo.qname,
2971 			msg->qinfo.qname_len, 1, 1, 0, 0))
2972 			return 0;
2973 	}
2974 	return 1;
2975 }
2976 
2977 /** generate answer for referral answer */
2978 static int
2979 az_generate_referral_answer(struct auth_zone* z, struct regional* region,
2980 	struct dns_msg* msg, struct auth_data* ce, struct auth_rrset* rrset)
2981 {
2982 	struct auth_rrset* ds, *nsec;
2983 	/* turn off AA flag, referral is nonAA because it leaves the zone */
2984 	log_assert(ce);
2985 	msg->rep->flags &= ~BIT_AA;
2986 	if(!msg_add_rrset_ns(z, region, msg, ce, rrset)) return 0;
2987 	/* add DS or deny it */
2988 	if((ds=az_domain_rrset(ce, LDNS_RR_TYPE_DS))!=NULL) {
2989 		if(!msg_add_rrset_ns(z, region, msg, ce, ds)) return 0;
2990 	} else {
2991 		/* deny the DS */
2992 		if((nsec=az_domain_rrset(ce, LDNS_RR_TYPE_NSEC))!=NULL) {
2993 			if(!msg_add_rrset_ns(z, region, msg, ce, nsec))
2994 				return 0;
2995 		} else {
2996 			if(!az_add_nsec3_proof(z, region, msg, ce->name,
2997 				ce->namelen, msg->qinfo.qname,
2998 				msg->qinfo.qname_len, 1, 1, 0, 0))
2999 				return 0;
3000 		}
3001 	}
3002 	/* add additional rrs for type NS */
3003 	if(!az_add_additionals_from(z, region, msg, rrset, 0)) return 0;
3004 	return 1;
3005 }
3006 
3007 /** generate answer for DNAME answer */
3008 static int
3009 az_generate_dname_answer(struct auth_zone* z, struct query_info* qinfo,
3010 	struct regional* region, struct dns_msg* msg, struct auth_data* ce,
3011 	struct auth_rrset* rrset)
3012 {
3013 	log_assert(ce);
3014 	/* add the DNAME and then a CNAME */
3015 	if(!msg_add_rrset_an(z, region, msg, ce, rrset)) return 0;
3016 	if(!add_synth_cname(z, qinfo->qname, qinfo->qname_len, region,
3017 		msg, ce, rrset)) return 0;
3018 	if(FLAGS_GET_RCODE(msg->rep->flags) == LDNS_RCODE_YXDOMAIN)
3019 		return 1;
3020 	if(msg->rep->rrset_count == 0 ||
3021 		!msg->rep->rrsets[msg->rep->rrset_count-1])
3022 		return 0;
3023 	if(!follow_cname_chain(z, qinfo->qtype, region, msg,
3024 		(struct packed_rrset_data*)msg->rep->rrsets[
3025 		msg->rep->rrset_count-1]->entry.data))
3026 		return 0;
3027 	return 1;
3028 }
3029 
3030 /** generate answer for wildcard answer */
3031 static int
3032 az_generate_wildcard_answer(struct auth_zone* z, struct query_info* qinfo,
3033 	struct regional* region, struct dns_msg* msg, struct auth_data* ce,
3034 	struct auth_data* wildcard, struct auth_data* node)
3035 {
3036 	struct auth_rrset* rrset, *nsec;
3037 	int insert_ce = 0;
3038 	if((rrset=az_domain_rrset(wildcard, qinfo->qtype)) != NULL) {
3039 		/* wildcard has type, add it */
3040 		if(!msg_add_rrset_an(z, region, msg, wildcard, rrset))
3041 			return 0;
3042 		az_change_dnames(msg, wildcard->name, msg->qinfo.qname,
3043 			msg->qinfo.qname_len, 1);
3044 	} else if((rrset=az_domain_rrset(wildcard, LDNS_RR_TYPE_CNAME))!=NULL) {
3045 		/* wildcard has cname instead, do that */
3046 		if(!msg_add_rrset_an(z, region, msg, wildcard, rrset))
3047 			return 0;
3048 		az_change_dnames(msg, wildcard->name, msg->qinfo.qname,
3049 			msg->qinfo.qname_len, 1);
3050 		if(!follow_cname_chain(z, qinfo->qtype, region, msg,
3051 			rrset->data))
3052 			return 0;
3053 	} else if(qinfo->qtype == LDNS_RR_TYPE_ANY && wildcard->rrsets) {
3054 		/* add ANY rrsets from wildcard node */
3055 		if(!az_generate_any_answer(z, region, msg, wildcard))
3056 			return 0;
3057 		az_change_dnames(msg, wildcard->name, msg->qinfo.qname,
3058 			msg->qinfo.qname_len, 1);
3059 	} else {
3060 		/* wildcard has nodata, notype answer */
3061 		/* call other notype routine for dnssec notype denials */
3062 		if(!az_generate_notype_answer(z, region, msg, wildcard))
3063 			return 0;
3064 		/* because the notype, there is no positive data with an
3065 		 * RRSIG that indicates the wildcard position.  Thus the
3066 		 * wildcard qname denial needs to have a CE nsec3. */
3067 		insert_ce = 1;
3068 	}
3069 
3070 	/* ce and node for dnssec denial of wildcard original name */
3071 	if((nsec=az_find_nsec_cover(z, &node)) != NULL) {
3072 		if(!msg_add_rrset_ns(z, region, msg, node, nsec)) return 0;
3073 	} else if(ce) {
3074 		uint8_t* wildup = wildcard->name;
3075 		size_t wilduplen= wildcard->namelen;
3076 		dname_remove_label(&wildup, &wilduplen);
3077 		if(!az_add_nsec3_proof(z, region, msg, wildup,
3078 			wilduplen, msg->qinfo.qname,
3079 			msg->qinfo.qname_len, 0, insert_ce, 1, 0))
3080 			return 0;
3081 	}
3082 
3083 	/* fixup name of wildcard from *.zone to qname, use already allocated
3084 	 * pointer to msg qname */
3085 	az_change_dnames(msg, wildcard->name, msg->qinfo.qname,
3086 		msg->qinfo.qname_len, 0);
3087 	return 1;
3088 }
3089 
3090 /** generate answer for nxdomain answer */
3091 static int
3092 az_generate_nxdomain_answer(struct auth_zone* z, struct regional* region,
3093 	struct dns_msg* msg, struct auth_data* ce, struct auth_data* node)
3094 {
3095 	struct auth_rrset* nsec;
3096 	msg->rep->flags |= LDNS_RCODE_NXDOMAIN;
3097 	if(!az_add_negative_soa(z, region, msg)) return 0;
3098 	if((nsec=az_find_nsec_cover(z, &node)) != NULL) {
3099 		if(!msg_add_rrset_ns(z, region, msg, node, nsec)) return 0;
3100 		if(ce && !az_nsec_wildcard_denial(z, region, msg, ce->name,
3101 			ce->namelen)) return 0;
3102 	} else if(ce) {
3103 		if(!az_add_nsec3_proof(z, region, msg, ce->name,
3104 			ce->namelen, msg->qinfo.qname,
3105 			msg->qinfo.qname_len, 0, 1, 1, 1))
3106 			return 0;
3107 	}
3108 	return 1;
3109 }
3110 
3111 /** Create answers when an exact match exists for the domain name */
3112 static int
3113 az_generate_answer_with_node(struct auth_zone* z, struct query_info* qinfo,
3114 	struct regional* region, struct dns_msg* msg, struct auth_data* node)
3115 {
3116 	struct auth_rrset* rrset;
3117 	/* positive answer, rrset we are looking for exists */
3118 	if((rrset=az_domain_rrset(node, qinfo->qtype)) != NULL) {
3119 		return az_generate_positive_answer(z, region, msg, node, rrset);
3120 	}
3121 	/* CNAME? */
3122 	if((rrset=az_domain_rrset(node, LDNS_RR_TYPE_CNAME)) != NULL) {
3123 		return az_generate_cname_answer(z, qinfo, region, msg,
3124 			node, rrset);
3125 	}
3126 	/* type ANY ? */
3127 	if(qinfo->qtype == LDNS_RR_TYPE_ANY) {
3128 		return az_generate_any_answer(z, region, msg, node);
3129 	}
3130 	/* NOERROR/NODATA (no such type at domain name) */
3131 	return az_generate_notype_answer(z, region, msg, node);
3132 }
3133 
3134 /** Generate answer without an existing-node that we can use.
3135  * So it'll be a referral, DNAME or nxdomain */
3136 static int
3137 az_generate_answer_nonexistnode(struct auth_zone* z, struct query_info* qinfo,
3138 	struct regional* region, struct dns_msg* msg, struct auth_data* ce,
3139 	struct auth_rrset* rrset, struct auth_data* node)
3140 {
3141 	struct auth_data* wildcard;
3142 
3143 	/* we do not have an exact matching name (that exists) */
3144 	/* see if we have a NS or DNAME in the ce */
3145 	if(ce && rrset && rrset->type == LDNS_RR_TYPE_NS) {
3146 		return az_generate_referral_answer(z, region, msg, ce, rrset);
3147 	}
3148 	if(ce && rrset && rrset->type == LDNS_RR_TYPE_DNAME) {
3149 		return az_generate_dname_answer(z, qinfo, region, msg, ce,
3150 			rrset);
3151 	}
3152 	/* if there is an empty nonterminal, wildcard and nxdomain don't
3153 	 * happen, it is a notype answer */
3154 	if(az_empty_nonterminal(z, qinfo, node)) {
3155 		return az_generate_notype_answer(z, region, msg, node);
3156 	}
3157 	/* see if we have a wildcard under the ce */
3158 	if((wildcard=az_find_wildcard(z, qinfo, ce)) != NULL) {
3159 		return az_generate_wildcard_answer(z, qinfo, region, msg,
3160 			ce, wildcard, node);
3161 	}
3162 	/* generate nxdomain answer */
3163 	return az_generate_nxdomain_answer(z, region, msg, ce, node);
3164 }
3165 
3166 /** Lookup answer in a zone. */
3167 static int
3168 auth_zone_generate_answer(struct auth_zone* z, struct query_info* qinfo,
3169 	struct regional* region, struct dns_msg** msg, int* fallback)
3170 {
3171 	struct auth_data* node, *ce;
3172 	struct auth_rrset* rrset;
3173 	int node_exact, node_exists;
3174 	/* does the zone want fallback in case of failure? */
3175 	*fallback = z->fallback_enabled;
3176 	if(!(*msg=msg_create(region, qinfo))) return 0;
3177 
3178 	/* lookup if there is a matching domain name for the query */
3179 	az_find_domain(z, qinfo, &node_exact, &node);
3180 
3181 	/* see if node exists for generating answers from (i.e. not glue and
3182 	 * obscured by NS or DNAME or NSEC3-only), and also return the
3183 	 * closest-encloser from that, closest node that should be used
3184 	 * to generate answers from that is above the query */
3185 	node_exists = az_find_ce(z, qinfo, node, node_exact, &ce, &rrset);
3186 
3187 	if(verbosity >= VERB_ALGO) {
3188 		char zname[256], qname[256], nname[256], cename[256],
3189 			tpstr[32], rrstr[32];
3190 		sldns_wire2str_dname_buf(qinfo->qname, qinfo->qname_len, qname,
3191 			sizeof(qname));
3192 		sldns_wire2str_type_buf(qinfo->qtype, tpstr, sizeof(tpstr));
3193 		sldns_wire2str_dname_buf(z->name, z->namelen, zname,
3194 			sizeof(zname));
3195 		if(node)
3196 			sldns_wire2str_dname_buf(node->name, node->namelen,
3197 				nname, sizeof(nname));
3198 		else	snprintf(nname, sizeof(nname), "NULL");
3199 		if(ce)
3200 			sldns_wire2str_dname_buf(ce->name, ce->namelen,
3201 				cename, sizeof(cename));
3202 		else	snprintf(cename, sizeof(cename), "NULL");
3203 		if(rrset) sldns_wire2str_type_buf(rrset->type, rrstr,
3204 			sizeof(rrstr));
3205 		else	snprintf(rrstr, sizeof(rrstr), "NULL");
3206 		log_info("auth_zone %s query %s %s, domain %s %s %s, "
3207 			"ce %s, rrset %s", zname, qname, tpstr, nname,
3208 			(node_exact?"exact":"notexact"),
3209 			(node_exists?"exist":"notexist"), cename, rrstr);
3210 	}
3211 
3212 	if(node_exists) {
3213 		/* the node is fine, generate answer from node */
3214 		return az_generate_answer_with_node(z, qinfo, region, *msg,
3215 			node);
3216 	}
3217 	return az_generate_answer_nonexistnode(z, qinfo, region, *msg,
3218 		ce, rrset, node);
3219 }
3220 
3221 int auth_zones_lookup(struct auth_zones* az, struct query_info* qinfo,
3222 	struct regional* region, struct dns_msg** msg, int* fallback,
3223 	uint8_t* dp_nm, size_t dp_nmlen)
3224 {
3225 	int r;
3226 	struct auth_zone* z;
3227 	/* find the zone that should contain the answer. */
3228 	lock_rw_rdlock(&az->lock);
3229 	z = auth_zone_find(az, dp_nm, dp_nmlen, qinfo->qclass);
3230 	if(!z) {
3231 		lock_rw_unlock(&az->lock);
3232 		/* no auth zone, fallback to internet */
3233 		*fallback = 1;
3234 		return 0;
3235 	}
3236 	lock_rw_rdlock(&z->lock);
3237 	lock_rw_unlock(&az->lock);
3238 
3239 	/* if not for upstream queries, fallback */
3240 	if(!z->for_upstream) {
3241 		lock_rw_unlock(&z->lock);
3242 		*fallback = 1;
3243 		return 0;
3244 	}
3245 	if(z->zone_expired) {
3246 		*fallback = z->fallback_enabled;
3247 		lock_rw_unlock(&z->lock);
3248 		return 0;
3249 	}
3250 	/* see what answer that zone would generate */
3251 	r = auth_zone_generate_answer(z, qinfo, region, msg, fallback);
3252 	lock_rw_unlock(&z->lock);
3253 	return r;
3254 }
3255 
3256 /** encode auth answer */
3257 static void
3258 auth_answer_encode(struct query_info* qinfo, struct module_env* env,
3259 	struct edns_data* edns, struct comm_reply* repinfo, sldns_buffer* buf,
3260 	struct regional* temp, struct dns_msg* msg)
3261 {
3262 	uint16_t udpsize;
3263 	udpsize = edns->udp_size;
3264 	edns->edns_version = EDNS_ADVERTISED_VERSION;
3265 	edns->udp_size = EDNS_ADVERTISED_SIZE;
3266 	edns->ext_rcode = 0;
3267 	edns->bits &= EDNS_DO;
3268 
3269 	if(!inplace_cb_reply_local_call(env, qinfo, NULL, msg->rep,
3270 		(int)FLAGS_GET_RCODE(msg->rep->flags), edns, repinfo, temp)
3271 		|| !reply_info_answer_encode(qinfo, msg->rep,
3272 		*(uint16_t*)sldns_buffer_begin(buf),
3273 		sldns_buffer_read_u16_at(buf, 2),
3274 		buf, 0, 0, temp, udpsize, edns,
3275 		(int)(edns->bits&EDNS_DO), 0)) {
3276 		error_encode(buf, (LDNS_RCODE_SERVFAIL|BIT_AA), qinfo,
3277 			*(uint16_t*)sldns_buffer_begin(buf),
3278 			sldns_buffer_read_u16_at(buf, 2), edns);
3279 	}
3280 }
3281 
3282 /** encode auth error answer */
3283 static void
3284 auth_error_encode(struct query_info* qinfo, struct module_env* env,
3285 	struct edns_data* edns, struct comm_reply* repinfo, sldns_buffer* buf,
3286 	struct regional* temp, int rcode)
3287 {
3288 	edns->edns_version = EDNS_ADVERTISED_VERSION;
3289 	edns->udp_size = EDNS_ADVERTISED_SIZE;
3290 	edns->ext_rcode = 0;
3291 	edns->bits &= EDNS_DO;
3292 
3293 	if(!inplace_cb_reply_local_call(env, qinfo, NULL, NULL,
3294 		rcode, edns, repinfo, temp))
3295 		edns->opt_list = NULL;
3296 	error_encode(buf, rcode|BIT_AA, qinfo,
3297 		*(uint16_t*)sldns_buffer_begin(buf),
3298 		sldns_buffer_read_u16_at(buf, 2), edns);
3299 }
3300 
3301 int auth_zones_answer(struct auth_zones* az, struct module_env* env,
3302 	struct query_info* qinfo, struct edns_data* edns,
3303 	struct comm_reply* repinfo, struct sldns_buffer* buf, struct regional* temp)
3304 {
3305 	struct dns_msg* msg = NULL;
3306 	struct auth_zone* z;
3307 	int r;
3308 	int fallback = 0;
3309 
3310 	lock_rw_rdlock(&az->lock);
3311 	if(!az->have_downstream) {
3312 		/* no downstream auth zones */
3313 		lock_rw_unlock(&az->lock);
3314 		return 0;
3315 	}
3316 	if(qinfo->qtype == LDNS_RR_TYPE_DS) {
3317 		uint8_t* delname = qinfo->qname;
3318 		size_t delnamelen = qinfo->qname_len;
3319 		dname_remove_label(&delname, &delnamelen);
3320 		z = auth_zones_find_zone(az, delname, delnamelen,
3321 			qinfo->qclass);
3322 	} else {
3323 		z = auth_zones_find_zone(az, qinfo->qname, qinfo->qname_len,
3324 			qinfo->qclass);
3325 	}
3326 	if(!z) {
3327 		/* no zone above it */
3328 		lock_rw_unlock(&az->lock);
3329 		return 0;
3330 	}
3331 	lock_rw_rdlock(&z->lock);
3332 	lock_rw_unlock(&az->lock);
3333 	if(!z->for_downstream) {
3334 		lock_rw_unlock(&z->lock);
3335 		return 0;
3336 	}
3337 	if(z->zone_expired) {
3338 		if(z->fallback_enabled) {
3339 			lock_rw_unlock(&z->lock);
3340 			return 0;
3341 		}
3342 		lock_rw_unlock(&z->lock);
3343 		lock_rw_wrlock(&az->lock);
3344 		az->num_query_down++;
3345 		lock_rw_unlock(&az->lock);
3346 		auth_error_encode(qinfo, env, edns, repinfo, buf, temp,
3347 			LDNS_RCODE_SERVFAIL);
3348 		return 1;
3349 	}
3350 
3351 	/* answer it from zone z */
3352 	r = auth_zone_generate_answer(z, qinfo, temp, &msg, &fallback);
3353 	lock_rw_unlock(&z->lock);
3354 	if(!r && fallback) {
3355 		/* fallback to regular answering (recursive) */
3356 		return 0;
3357 	}
3358 	lock_rw_wrlock(&az->lock);
3359 	az->num_query_down++;
3360 	lock_rw_unlock(&az->lock);
3361 
3362 	/* encode answer */
3363 	if(!r)
3364 		auth_error_encode(qinfo, env, edns, repinfo, buf, temp,
3365 			LDNS_RCODE_SERVFAIL);
3366 	else	auth_answer_encode(qinfo, env, edns, repinfo, buf, temp, msg);
3367 
3368 	return 1;
3369 }
3370 
3371 int auth_zones_can_fallback(struct auth_zones* az, uint8_t* nm, size_t nmlen,
3372 	uint16_t dclass)
3373 {
3374 	int r;
3375 	struct auth_zone* z;
3376 	lock_rw_rdlock(&az->lock);
3377 	z = auth_zone_find(az, nm, nmlen, dclass);
3378 	if(!z) {
3379 		lock_rw_unlock(&az->lock);
3380 		/* no such auth zone, fallback */
3381 		return 1;
3382 	}
3383 	lock_rw_rdlock(&z->lock);
3384 	lock_rw_unlock(&az->lock);
3385 	r = z->fallback_enabled || (!z->for_upstream);
3386 	lock_rw_unlock(&z->lock);
3387 	return r;
3388 }
3389 
3390 int
3391 auth_zone_parse_notify_serial(sldns_buffer* pkt, uint32_t *serial)
3392 {
3393 	struct query_info q;
3394 	uint16_t rdlen;
3395 	memset(&q, 0, sizeof(q));
3396 	sldns_buffer_set_position(pkt, 0);
3397 	if(!query_info_parse(&q, pkt)) return 0;
3398 	if(LDNS_ANCOUNT(sldns_buffer_begin(pkt)) == 0) return 0;
3399 	/* skip name of RR in answer section */
3400 	if(sldns_buffer_remaining(pkt) < 1) return 0;
3401 	if(pkt_dname_len(pkt) == 0) return 0;
3402 	/* check type */
3403 	if(sldns_buffer_remaining(pkt) < 10 /* type,class,ttl,rdatalen*/)
3404 		return 0;
3405 	if(sldns_buffer_read_u16(pkt) != LDNS_RR_TYPE_SOA) return 0;
3406 	sldns_buffer_skip(pkt, 2); /* class */
3407 	sldns_buffer_skip(pkt, 4); /* ttl */
3408 	rdlen = sldns_buffer_read_u16(pkt); /* rdatalen */
3409 	if(sldns_buffer_remaining(pkt) < rdlen) return 0;
3410 	if(rdlen < 22) return 0; /* bad soa length */
3411 	sldns_buffer_skip(pkt, (ssize_t)(rdlen-20));
3412 	*serial = sldns_buffer_read_u32(pkt);
3413 	/* return true when has serial in answer section */
3414 	return 1;
3415 }
3416 
3417 /** see if addr appears in the list */
3418 static int
3419 addr_in_list(struct auth_addr* list, struct sockaddr_storage* addr,
3420 	socklen_t addrlen)
3421 {
3422 	struct auth_addr* p;
3423 	for(p=list; p; p=p->next) {
3424 		if(sockaddr_cmp_addr(addr, addrlen, &p->addr, p->addrlen)==0)
3425 			return 1;
3426 	}
3427 	return 0;
3428 }
3429 
3430 /** check if an address matches a master specification (or one of its
3431  * addresses in the addr list) */
3432 static int
3433 addr_matches_master(struct auth_master* master, struct sockaddr_storage* addr,
3434 	socklen_t addrlen, struct auth_master** fromhost)
3435 {
3436 	struct sockaddr_storage a;
3437 	socklen_t alen = 0;
3438 	int net = 0;
3439 	if(addr_in_list(master->list, addr, addrlen)) {
3440 		*fromhost = master;
3441 		return 1;
3442 	}
3443 	/* compare address (but not port number, that is the destination
3444 	 * port of the master, the port number of the received notify is
3445 	 * allowed to by any port on that master) */
3446 	if(extstrtoaddr(master->host, &a, &alen) &&
3447 		sockaddr_cmp_addr(addr, addrlen, &a, alen)==0) {
3448 		*fromhost = master;
3449 		return 1;
3450 	}
3451 	/* prefixes, addr/len, like 10.0.0.0/8 */
3452 	/* not http and has a / and there is one / */
3453 	if(master->allow_notify && !master->http &&
3454 		strchr(master->host, '/') != NULL &&
3455 		strchr(master->host, '/') == strrchr(master->host, '/') &&
3456 		netblockstrtoaddr(master->host, UNBOUND_DNS_PORT, &a, &alen,
3457 		&net) && alen == addrlen) {
3458 		if(addr_in_common(addr, (addr_is_ip6(addr, addrlen)?128:32),
3459 			&a, net, alen) >= net) {
3460 			*fromhost = NULL; /* prefix does not have destination
3461 				to send the probe or transfer with */
3462 			return 1; /* matches the netblock */
3463 		}
3464 	}
3465 	return 0;
3466 }
3467 
3468 /** check access list for notifies */
3469 static int
3470 az_xfr_allowed_notify(struct auth_xfer* xfr, struct sockaddr_storage* addr,
3471 	socklen_t addrlen, struct auth_master** fromhost)
3472 {
3473 	struct auth_master* p;
3474 	for(p=xfr->allow_notify_list; p; p=p->next) {
3475 		if(addr_matches_master(p, addr, addrlen, fromhost)) {
3476 			return 1;
3477 		}
3478 	}
3479 	return 0;
3480 }
3481 
3482 /** see if the serial means the zone has to be updated, i.e. the serial
3483  * is newer than the zone serial, or we have no zone */
3484 static int
3485 xfr_serial_means_update(struct auth_xfer* xfr, uint32_t serial)
3486 {
3487 	if(!xfr->have_zone)
3488 		return 1; /* no zone, anything is better */
3489 	if(xfr->zone_expired)
3490 		return 1; /* expired, the sent serial is better than expired
3491 			data */
3492 	if(compare_serial(xfr->serial, serial) < 0)
3493 		return 1; /* our serial is smaller than the sent serial,
3494 			the data is newer, fetch it */
3495 	return 0;
3496 }
3497 
3498 /** note notify serial, updates the notify information in the xfr struct */
3499 static void
3500 xfr_note_notify_serial(struct auth_xfer* xfr, int has_serial, uint32_t serial)
3501 {
3502 	if(xfr->notify_received && xfr->notify_has_serial && has_serial) {
3503 		/* see if this serial is newer */
3504 		if(compare_serial(xfr->notify_serial, serial) < 0)
3505 			xfr->notify_serial = serial;
3506 	} else if(xfr->notify_received && xfr->notify_has_serial &&
3507 		!has_serial) {
3508 		/* remove serial, we have notify without serial */
3509 		xfr->notify_has_serial = 0;
3510 		xfr->notify_serial = 0;
3511 	} else if(xfr->notify_received && !xfr->notify_has_serial) {
3512 		/* we already have notify without serial, keep it
3513 		 * that way; no serial check when current operation
3514 		 * is done */
3515 	} else {
3516 		xfr->notify_received = 1;
3517 		xfr->notify_has_serial = has_serial;
3518 		xfr->notify_serial = serial;
3519 	}
3520 }
3521 
3522 /** process a notify serial, start new probe or note serial. xfr is locked */
3523 static void
3524 xfr_process_notify(struct auth_xfer* xfr, struct module_env* env,
3525 	int has_serial, uint32_t serial, struct auth_master* fromhost)
3526 {
3527 	/* if the serial of notify is older than we have, don't fetch
3528 	 * a zone, we already have it */
3529 	if(has_serial && !xfr_serial_means_update(xfr, serial)) {
3530 		lock_basic_unlock(&xfr->lock);
3531 		return;
3532 	}
3533 	/* start new probe with this addr src, or note serial */
3534 	if(!xfr_start_probe(xfr, env, fromhost)) {
3535 		/* not started because already in progress, note the serial */
3536 		xfr_note_notify_serial(xfr, has_serial, serial);
3537 		lock_basic_unlock(&xfr->lock);
3538 	}
3539 	/* successful end of start_probe unlocked xfr->lock */
3540 }
3541 
3542 int auth_zones_notify(struct auth_zones* az, struct module_env* env,
3543 	uint8_t* nm, size_t nmlen, uint16_t dclass,
3544 	struct sockaddr_storage* addr, socklen_t addrlen, int has_serial,
3545 	uint32_t serial, int* refused)
3546 {
3547 	struct auth_xfer* xfr;
3548 	struct auth_master* fromhost = NULL;
3549 	/* see which zone this is */
3550 	lock_rw_rdlock(&az->lock);
3551 	xfr = auth_xfer_find(az, nm, nmlen, dclass);
3552 	if(!xfr) {
3553 		lock_rw_unlock(&az->lock);
3554 		/* no such zone, refuse the notify */
3555 		*refused = 1;
3556 		return 0;
3557 	}
3558 	lock_basic_lock(&xfr->lock);
3559 	lock_rw_unlock(&az->lock);
3560 
3561 	/* check access list for notifies */
3562 	if(!az_xfr_allowed_notify(xfr, addr, addrlen, &fromhost)) {
3563 		lock_basic_unlock(&xfr->lock);
3564 		/* notify not allowed, refuse the notify */
3565 		*refused = 1;
3566 		return 0;
3567 	}
3568 
3569 	/* process the notify */
3570 	xfr_process_notify(xfr, env, has_serial, serial, fromhost);
3571 	return 1;
3572 }
3573 
3574 int auth_zones_startprobesequence(struct auth_zones* az,
3575 	struct module_env* env, uint8_t* nm, size_t nmlen, uint16_t dclass)
3576 {
3577 	struct auth_xfer* xfr;
3578 	lock_rw_rdlock(&az->lock);
3579 	xfr = auth_xfer_find(az, nm, nmlen, dclass);
3580 	if(!xfr) {
3581 		lock_rw_unlock(&az->lock);
3582 		return 0;
3583 	}
3584 	lock_basic_lock(&xfr->lock);
3585 	lock_rw_unlock(&az->lock);
3586 
3587 	xfr_process_notify(xfr, env, 0, 0, NULL);
3588 	return 1;
3589 }
3590 
3591 /** set a zone expired */
3592 static void
3593 auth_xfer_set_expired(struct auth_xfer* xfr, struct module_env* env,
3594 	int expired)
3595 {
3596 	struct auth_zone* z;
3597 
3598 	/* expire xfr */
3599 	lock_basic_lock(&xfr->lock);
3600 	xfr->zone_expired = expired;
3601 	lock_basic_unlock(&xfr->lock);
3602 
3603 	/* find auth_zone */
3604 	lock_rw_rdlock(&env->auth_zones->lock);
3605 	z = auth_zone_find(env->auth_zones, xfr->name, xfr->namelen,
3606 		xfr->dclass);
3607 	if(!z) {
3608 		lock_rw_unlock(&env->auth_zones->lock);
3609 		return;
3610 	}
3611 	lock_rw_wrlock(&z->lock);
3612 	lock_rw_unlock(&env->auth_zones->lock);
3613 
3614 	/* expire auth_zone */
3615 	z->zone_expired = expired;
3616 	lock_rw_unlock(&z->lock);
3617 }
3618 
3619 /** find master (from notify or probe) in list of masters */
3620 static struct auth_master*
3621 find_master_by_host(struct auth_master* list, char* host)
3622 {
3623 	struct auth_master* p;
3624 	for(p=list; p; p=p->next) {
3625 		if(strcmp(p->host, host) == 0)
3626 			return p;
3627 	}
3628 	return NULL;
3629 }
3630 
3631 /** delete the looked up auth_addrs for all the masters in the list */
3632 static void
3633 xfr_masterlist_free_addrs(struct auth_master* list)
3634 {
3635 	struct auth_master* m;
3636 	for(m=list; m; m=m->next) {
3637 		if(m->list) {
3638 			auth_free_master_addrs(m->list);
3639 			m->list = NULL;
3640 		}
3641 	}
3642 }
3643 
3644 /** copy a list of auth_addrs */
3645 static struct auth_addr*
3646 auth_addr_list_copy(struct auth_addr* source)
3647 {
3648 	struct auth_addr* list = NULL, *last = NULL;
3649 	struct auth_addr* p;
3650 	for(p=source; p; p=p->next) {
3651 		struct auth_addr* a = (struct auth_addr*)memdup(p, sizeof(*p));
3652 		if(!a) {
3653 			log_err("malloc failure");
3654 			auth_free_master_addrs(list);
3655 			return NULL;
3656 		}
3657 		a->next = NULL;
3658 		if(last) last->next = a;
3659 		if(!list) list = a;
3660 		last = a;
3661 	}
3662 	return list;
3663 }
3664 
3665 /** copy a master to a new structure, NULL on alloc failure */
3666 static struct auth_master*
3667 auth_master_copy(struct auth_master* o)
3668 {
3669 	struct auth_master* m;
3670 	if(!o) return NULL;
3671 	m = (struct auth_master*)memdup(o, sizeof(*o));
3672 	if(!m) {
3673 		log_err("malloc failure");
3674 		return NULL;
3675 	}
3676 	m->next = NULL;
3677 	if(m->host) {
3678 		m->host = strdup(m->host);
3679 		if(!m->host) {
3680 			free(m);
3681 			log_err("malloc failure");
3682 			return NULL;
3683 		}
3684 	}
3685 	if(m->file) {
3686 		m->file = strdup(m->file);
3687 		if(!m->file) {
3688 			free(m->host);
3689 			free(m);
3690 			log_err("malloc failure");
3691 			return NULL;
3692 		}
3693 	}
3694 	if(m->list) {
3695 		m->list = auth_addr_list_copy(m->list);
3696 		if(!m->list) {
3697 			free(m->file);
3698 			free(m->host);
3699 			free(m);
3700 			return NULL;
3701 		}
3702 	}
3703 	return m;
3704 }
3705 
3706 /** copy the master addresses from the task_probe lookups to the allow_notify
3707  * list of masters */
3708 static void
3709 probe_copy_masters_for_allow_notify(struct auth_xfer* xfr)
3710 {
3711 	struct auth_master* list = NULL, *last = NULL;
3712 	struct auth_master* p;
3713 	/* build up new list with copies */
3714 	for(p = xfr->task_probe->masters; p; p=p->next) {
3715 		struct auth_master* m = auth_master_copy(p);
3716 		if(!m) {
3717 			auth_free_masters(list);
3718 			/* failed because of malloc failure, use old list */
3719 			return;
3720 		}
3721 		m->next = NULL;
3722 		if(last) last->next = m;
3723 		if(!list) list = m;
3724 		last = m;
3725 	}
3726 	/* success, replace list */
3727 	auth_free_masters(xfr->allow_notify_list);
3728 	xfr->allow_notify_list = list;
3729 }
3730 
3731 /** start the lookups for task_transfer */
3732 static void
3733 xfr_transfer_start_lookups(struct auth_xfer* xfr)
3734 {
3735 	/* delete all the looked up addresses in the list */
3736 	xfr->task_transfer->scan_addr = NULL;
3737 	xfr_masterlist_free_addrs(xfr->task_transfer->masters);
3738 
3739 	/* start lookup at the first master */
3740 	xfr->task_transfer->lookup_target = xfr->task_transfer->masters;
3741 	xfr->task_transfer->lookup_aaaa = 0;
3742 }
3743 
3744 /** move to the next lookup of hostname for task_transfer */
3745 static void
3746 xfr_transfer_move_to_next_lookup(struct auth_xfer* xfr, struct module_env* env)
3747 {
3748 	if(!xfr->task_transfer->lookup_target)
3749 		return; /* already at end of list */
3750 	if(!xfr->task_transfer->lookup_aaaa && env->cfg->do_ip6) {
3751 		/* move to lookup AAAA */
3752 		xfr->task_transfer->lookup_aaaa = 1;
3753 		return;
3754 	}
3755 	xfr->task_transfer->lookup_target =
3756 		xfr->task_transfer->lookup_target->next;
3757 	xfr->task_transfer->lookup_aaaa = 0;
3758 	if(!env->cfg->do_ip4 && xfr->task_transfer->lookup_target!=NULL)
3759 		xfr->task_transfer->lookup_aaaa = 1;
3760 }
3761 
3762 /** start the lookups for task_probe */
3763 static void
3764 xfr_probe_start_lookups(struct auth_xfer* xfr)
3765 {
3766 	/* delete all the looked up addresses in the list */
3767 	xfr->task_probe->scan_addr = NULL;
3768 	xfr_masterlist_free_addrs(xfr->task_probe->masters);
3769 
3770 	/* start lookup at the first master */
3771 	xfr->task_probe->lookup_target = xfr->task_probe->masters;
3772 	xfr->task_probe->lookup_aaaa = 0;
3773 }
3774 
3775 /** move to the next lookup of hostname for task_probe */
3776 static void
3777 xfr_probe_move_to_next_lookup(struct auth_xfer* xfr, struct module_env* env)
3778 {
3779 	if(!xfr->task_probe->lookup_target)
3780 		return; /* already at end of list */
3781 	if(!xfr->task_probe->lookup_aaaa && env->cfg->do_ip6) {
3782 		/* move to lookup AAAA */
3783 		xfr->task_probe->lookup_aaaa = 1;
3784 		return;
3785 	}
3786 	xfr->task_probe->lookup_target = xfr->task_probe->lookup_target->next;
3787 	xfr->task_probe->lookup_aaaa = 0;
3788 	if(!env->cfg->do_ip4 && xfr->task_probe->lookup_target!=NULL)
3789 		xfr->task_probe->lookup_aaaa = 1;
3790 }
3791 
3792 /** start the iteration of the task_transfer list of masters */
3793 static void
3794 xfr_transfer_start_list(struct auth_xfer* xfr, struct auth_master* spec)
3795 {
3796 	if(spec) {
3797 		xfr->task_transfer->scan_specific = find_master_by_host(
3798 			xfr->task_transfer->masters, spec->host);
3799 		if(xfr->task_transfer->scan_specific) {
3800 			xfr->task_transfer->scan_target = NULL;
3801 			xfr->task_transfer->scan_addr = NULL;
3802 			if(xfr->task_transfer->scan_specific->list)
3803 				xfr->task_transfer->scan_addr =
3804 					xfr->task_transfer->scan_specific->list;
3805 			return;
3806 		}
3807 	}
3808 	/* no specific (notified) host to scan */
3809 	xfr->task_transfer->scan_specific = NULL;
3810 	xfr->task_transfer->scan_addr = NULL;
3811 	/* pick up first scan target */
3812 	xfr->task_transfer->scan_target = xfr->task_transfer->masters;
3813 	if(xfr->task_transfer->scan_target && xfr->task_transfer->
3814 		scan_target->list)
3815 		xfr->task_transfer->scan_addr =
3816 			xfr->task_transfer->scan_target->list;
3817 }
3818 
3819 /** start the iteration of the task_probe list of masters */
3820 static void
3821 xfr_probe_start_list(struct auth_xfer* xfr, struct auth_master* spec)
3822 {
3823 	if(spec) {
3824 		xfr->task_probe->scan_specific = find_master_by_host(
3825 			xfr->task_probe->masters, spec->host);
3826 		if(xfr->task_probe->scan_specific) {
3827 			xfr->task_probe->scan_target = NULL;
3828 			xfr->task_probe->scan_addr = NULL;
3829 			if(xfr->task_probe->scan_specific->list)
3830 				xfr->task_probe->scan_addr =
3831 					xfr->task_probe->scan_specific->list;
3832 			return;
3833 		}
3834 	}
3835 	/* no specific (notified) host to scan */
3836 	xfr->task_probe->scan_specific = NULL;
3837 	xfr->task_probe->scan_addr = NULL;
3838 	/* pick up first scan target */
3839 	xfr->task_probe->scan_target = xfr->task_probe->masters;
3840 	if(xfr->task_probe->scan_target && xfr->task_probe->scan_target->list)
3841 		xfr->task_probe->scan_addr =
3842 			xfr->task_probe->scan_target->list;
3843 }
3844 
3845 /** pick up the master that is being scanned right now, task_transfer */
3846 static struct auth_master*
3847 xfr_transfer_current_master(struct auth_xfer* xfr)
3848 {
3849 	if(xfr->task_transfer->scan_specific)
3850 		return xfr->task_transfer->scan_specific;
3851 	return xfr->task_transfer->scan_target;
3852 }
3853 
3854 /** pick up the master that is being scanned right now, task_probe */
3855 static struct auth_master*
3856 xfr_probe_current_master(struct auth_xfer* xfr)
3857 {
3858 	if(xfr->task_probe->scan_specific)
3859 		return xfr->task_probe->scan_specific;
3860 	return xfr->task_probe->scan_target;
3861 }
3862 
3863 /** true if at end of list, task_transfer */
3864 static int
3865 xfr_transfer_end_of_list(struct auth_xfer* xfr)
3866 {
3867 	return !xfr->task_transfer->scan_specific &&
3868 		!xfr->task_transfer->scan_target;
3869 }
3870 
3871 /** true if at end of list, task_probe */
3872 static int
3873 xfr_probe_end_of_list(struct auth_xfer* xfr)
3874 {
3875 	return !xfr->task_probe->scan_specific && !xfr->task_probe->scan_target;
3876 }
3877 
3878 /** move to next master in list, task_transfer */
3879 static void
3880 xfr_transfer_nextmaster(struct auth_xfer* xfr)
3881 {
3882 	if(!xfr->task_transfer->scan_specific &&
3883 		!xfr->task_transfer->scan_target)
3884 		return;
3885 	if(xfr->task_transfer->scan_addr) {
3886 		xfr->task_transfer->scan_addr =
3887 			xfr->task_transfer->scan_addr->next;
3888 		if(xfr->task_transfer->scan_addr)
3889 			return;
3890 	}
3891 	if(xfr->task_transfer->scan_specific) {
3892 		xfr->task_transfer->scan_specific = NULL;
3893 		xfr->task_transfer->scan_target = xfr->task_transfer->masters;
3894 		if(xfr->task_transfer->scan_target && xfr->task_transfer->
3895 			scan_target->list)
3896 			xfr->task_transfer->scan_addr =
3897 				xfr->task_transfer->scan_target->list;
3898 		return;
3899 	}
3900 	if(!xfr->task_transfer->scan_target)
3901 		return;
3902 	xfr->task_transfer->scan_target = xfr->task_transfer->scan_target->next;
3903 	if(xfr->task_transfer->scan_target && xfr->task_transfer->
3904 		scan_target->list)
3905 		xfr->task_transfer->scan_addr =
3906 			xfr->task_transfer->scan_target->list;
3907 	return;
3908 }
3909 
3910 /** move to next master in list, task_probe */
3911 static void
3912 xfr_probe_nextmaster(struct auth_xfer* xfr)
3913 {
3914 	if(!xfr->task_probe->scan_specific && !xfr->task_probe->scan_target)
3915 		return;
3916 	if(xfr->task_probe->scan_addr) {
3917 		xfr->task_probe->scan_addr = xfr->task_probe->scan_addr->next;
3918 		if(xfr->task_probe->scan_addr)
3919 			return;
3920 	}
3921 	if(xfr->task_probe->scan_specific) {
3922 		xfr->task_probe->scan_specific = NULL;
3923 		xfr->task_probe->scan_target = xfr->task_probe->masters;
3924 		if(xfr->task_probe->scan_target && xfr->task_probe->
3925 			scan_target->list)
3926 			xfr->task_probe->scan_addr =
3927 				xfr->task_probe->scan_target->list;
3928 		return;
3929 	}
3930 	if(!xfr->task_probe->scan_target)
3931 		return;
3932 	xfr->task_probe->scan_target = xfr->task_probe->scan_target->next;
3933 	if(xfr->task_probe->scan_target && xfr->task_probe->
3934 		scan_target->list)
3935 		xfr->task_probe->scan_addr =
3936 			xfr->task_probe->scan_target->list;
3937 	return;
3938 }
3939 
3940 /** create SOA probe packet for xfr */
3941 static void
3942 xfr_create_soa_probe_packet(struct auth_xfer* xfr, sldns_buffer* buf,
3943 	uint16_t id)
3944 {
3945 	struct query_info qinfo;
3946 
3947 	memset(&qinfo, 0, sizeof(qinfo));
3948 	qinfo.qname = xfr->name;
3949 	qinfo.qname_len = xfr->namelen;
3950 	qinfo.qtype = LDNS_RR_TYPE_SOA;
3951 	qinfo.qclass = xfr->dclass;
3952 	qinfo_query_encode(buf, &qinfo);
3953 	sldns_buffer_write_u16_at(buf, 0, id);
3954 }
3955 
3956 /** create IXFR/AXFR packet for xfr */
3957 static void
3958 xfr_create_ixfr_packet(struct auth_xfer* xfr, sldns_buffer* buf, uint16_t id,
3959 	struct auth_master* master)
3960 {
3961 	struct query_info qinfo;
3962 	uint32_t serial;
3963 	int have_zone;
3964 	have_zone = xfr->have_zone;
3965 	serial = xfr->serial;
3966 
3967 	memset(&qinfo, 0, sizeof(qinfo));
3968 	qinfo.qname = xfr->name;
3969 	qinfo.qname_len = xfr->namelen;
3970 	xfr->task_transfer->got_xfr_serial = 0;
3971 	xfr->task_transfer->rr_scan_num = 0;
3972 	xfr->task_transfer->incoming_xfr_serial = 0;
3973 	xfr->task_transfer->on_ixfr_is_axfr = 0;
3974 	xfr->task_transfer->on_ixfr = 1;
3975 	qinfo.qtype = LDNS_RR_TYPE_IXFR;
3976 	if(!have_zone || xfr->task_transfer->ixfr_fail || !master->ixfr) {
3977 		qinfo.qtype = LDNS_RR_TYPE_AXFR;
3978 		xfr->task_transfer->ixfr_fail = 0;
3979 		xfr->task_transfer->on_ixfr = 0;
3980 	}
3981 
3982 	qinfo.qclass = xfr->dclass;
3983 	qinfo_query_encode(buf, &qinfo);
3984 	sldns_buffer_write_u16_at(buf, 0, id);
3985 
3986 	/* append serial for IXFR */
3987 	if(qinfo.qtype == LDNS_RR_TYPE_IXFR) {
3988 		size_t end = sldns_buffer_limit(buf);
3989 		sldns_buffer_clear(buf);
3990 		sldns_buffer_set_position(buf, end);
3991 		/* auth section count 1 */
3992 		sldns_buffer_write_u16_at(buf, LDNS_NSCOUNT_OFF, 1);
3993 		/* write SOA */
3994 		sldns_buffer_write_u8(buf, 0xC0); /* compressed ptr to qname */
3995 		sldns_buffer_write_u8(buf, 0x0C);
3996 		sldns_buffer_write_u16(buf, LDNS_RR_TYPE_SOA);
3997 		sldns_buffer_write_u16(buf, qinfo.qclass);
3998 		sldns_buffer_write_u32(buf, 0); /* ttl */
3999 		sldns_buffer_write_u16(buf, 22); /* rdata length */
4000 		sldns_buffer_write_u8(buf, 0); /* . */
4001 		sldns_buffer_write_u8(buf, 0); /* . */
4002 		sldns_buffer_write_u32(buf, serial); /* serial */
4003 		sldns_buffer_write_u32(buf, 0); /* refresh */
4004 		sldns_buffer_write_u32(buf, 0); /* retry */
4005 		sldns_buffer_write_u32(buf, 0); /* expire */
4006 		sldns_buffer_write_u32(buf, 0); /* minimum */
4007 		sldns_buffer_flip(buf);
4008 	}
4009 }
4010 
4011 /** check if returned packet is OK */
4012 static int
4013 check_packet_ok(sldns_buffer* pkt, uint16_t qtype, struct auth_xfer* xfr,
4014 	uint32_t* serial)
4015 {
4016 	/* parse to see if packet worked, valid reply */
4017 
4018 	/* check serial number of SOA */
4019 	if(sldns_buffer_limit(pkt) < LDNS_HEADER_SIZE)
4020 		return 0;
4021 
4022 	/* check ID */
4023 	if(LDNS_ID_WIRE(sldns_buffer_begin(pkt)) != xfr->task_probe->id)
4024 		return 0;
4025 
4026 	/* check flag bits and rcode */
4027 	if(!LDNS_QR_WIRE(sldns_buffer_begin(pkt)))
4028 		return 0;
4029 	if(LDNS_OPCODE_WIRE(sldns_buffer_begin(pkt)) != LDNS_PACKET_QUERY)
4030 		return 0;
4031 	if(LDNS_RCODE_WIRE(sldns_buffer_begin(pkt)) != LDNS_RCODE_NOERROR)
4032 		return 0;
4033 
4034 	/* check qname */
4035 	if(LDNS_QDCOUNT(sldns_buffer_begin(pkt)) != 1)
4036 		return 0;
4037 	sldns_buffer_skip(pkt, LDNS_HEADER_SIZE);
4038 	if(sldns_buffer_remaining(pkt) < xfr->namelen)
4039 		return 0;
4040 	if(query_dname_compare(sldns_buffer_current(pkt), xfr->name) != 0)
4041 		return 0;
4042 	sldns_buffer_skip(pkt, (ssize_t)xfr->namelen);
4043 
4044 	/* check qtype, qclass */
4045 	if(sldns_buffer_remaining(pkt) < 4)
4046 		return 0;
4047 	if(sldns_buffer_read_u16(pkt) != qtype)
4048 		return 0;
4049 	if(sldns_buffer_read_u16(pkt) != xfr->dclass)
4050 		return 0;
4051 
4052 	if(serial) {
4053 		uint16_t rdlen;
4054 		/* read serial number, from answer section SOA */
4055 		if(LDNS_ANCOUNT(sldns_buffer_begin(pkt)) == 0)
4056 			return 0;
4057 		/* read from first record SOA record */
4058 		if(sldns_buffer_remaining(pkt) < 1)
4059 			return 0;
4060 		if(dname_pkt_compare(pkt, sldns_buffer_current(pkt),
4061 			xfr->name) != 0)
4062 			return 0;
4063 		if(!pkt_dname_len(pkt))
4064 			return 0;
4065 		/* type, class, ttl, rdatalen */
4066 		if(sldns_buffer_remaining(pkt) < 4+4+2)
4067 			return 0;
4068 		if(sldns_buffer_read_u16(pkt) != qtype)
4069 			return 0;
4070 		if(sldns_buffer_read_u16(pkt) != xfr->dclass)
4071 			return 0;
4072 		sldns_buffer_skip(pkt, 4); /* ttl */
4073 		rdlen = sldns_buffer_read_u16(pkt);
4074 		if(sldns_buffer_remaining(pkt) < rdlen)
4075 			return 0;
4076 		if(sldns_buffer_remaining(pkt) < 1)
4077 			return 0;
4078 		if(!pkt_dname_len(pkt)) /* soa name */
4079 			return 0;
4080 		if(sldns_buffer_remaining(pkt) < 1)
4081 			return 0;
4082 		if(!pkt_dname_len(pkt)) /* soa name */
4083 			return 0;
4084 		if(sldns_buffer_remaining(pkt) < 20)
4085 			return 0;
4086 		*serial = sldns_buffer_read_u32(pkt);
4087 	}
4088 	return 1;
4089 }
4090 
4091 /** read one line from chunks into buffer at current position */
4092 static int
4093 chunkline_get_line(struct auth_chunk** chunk, size_t* chunk_pos,
4094 	sldns_buffer* buf)
4095 {
4096 	int readsome = 0;
4097 	while(*chunk) {
4098 		/* more text in this chunk? */
4099 		if(*chunk_pos < (*chunk)->len) {
4100 			readsome = 1;
4101 			while(*chunk_pos < (*chunk)->len) {
4102 				char c = (char)((*chunk)->data[*chunk_pos]);
4103 				(*chunk_pos)++;
4104 				if(sldns_buffer_remaining(buf) < 2) {
4105 					/* buffer too short */
4106 					verbose(VERB_ALGO, "http chunkline, "
4107 						"line too long");
4108 					return 0;
4109 				}
4110 				sldns_buffer_write_u8(buf, (uint8_t)c);
4111 				if(c == '\n') {
4112 					/* we are done */
4113 					return 1;
4114 				}
4115 			}
4116 		}
4117 		/* move to next chunk */
4118 		*chunk = (*chunk)->next;
4119 		*chunk_pos = 0;
4120 	}
4121 	/* no more text */
4122 	if(readsome) return 1;
4123 	return 0;
4124 }
4125 
4126 /** count number of open and closed parenthesis in a chunkline */
4127 static int
4128 chunkline_count_parens(sldns_buffer* buf, size_t start)
4129 {
4130 	size_t end = sldns_buffer_position(buf);
4131 	size_t i;
4132 	int count = 0;
4133 	int squote = 0, dquote = 0;
4134 	for(i=start; i<end; i++) {
4135 		char c = (char)sldns_buffer_read_u8_at(buf, i);
4136 		if(squote && c != '\'') continue;
4137 		if(dquote && c != '"') continue;
4138 		if(c == '"')
4139 			dquote = !dquote; /* skip quoted part */
4140 		else if(c == '\'')
4141 			squote = !squote; /* skip quoted part */
4142 		else if(c == '(')
4143 			count ++;
4144 		else if(c == ')')
4145 			count --;
4146 		else if(c == ';') {
4147 			/* rest is a comment */
4148 			return count;
4149 		}
4150 	}
4151 	return count;
4152 }
4153 
4154 /** remove trailing ;... comment from a line in the chunkline buffer */
4155 static void
4156 chunkline_remove_trailcomment(sldns_buffer* buf, size_t start)
4157 {
4158 	size_t end = sldns_buffer_position(buf);
4159 	size_t i;
4160 	int squote = 0, dquote = 0;
4161 	for(i=start; i<end; i++) {
4162 		char c = (char)sldns_buffer_read_u8_at(buf, i);
4163 		if(squote && c != '\'') continue;
4164 		if(dquote && c != '"') continue;
4165 		if(c == '"')
4166 			dquote = !dquote; /* skip quoted part */
4167 		else if(c == '\'')
4168 			squote = !squote; /* skip quoted part */
4169 		else if(c == ';') {
4170 			/* rest is a comment */
4171 			sldns_buffer_set_position(buf, i);
4172 			return;
4173 		}
4174 	}
4175 	/* nothing to remove */
4176 }
4177 
4178 /** see if a chunkline is a comment line (or empty line) */
4179 static int
4180 chunkline_is_comment_line_or_empty(sldns_buffer* buf)
4181 {
4182 	size_t i, end = sldns_buffer_limit(buf);
4183 	for(i=0; i<end; i++) {
4184 		char c = (char)sldns_buffer_read_u8_at(buf, i);
4185 		if(c == ';')
4186 			return 1; /* comment */
4187 		else if(c != ' ' && c != '\t' && c != '\r' && c != '\n')
4188 			return 0; /* not a comment */
4189 	}
4190 	return 1; /* empty */
4191 }
4192 
4193 /** find a line with ( ) collated */
4194 static int
4195 chunkline_get_line_collated(struct auth_chunk** chunk, size_t* chunk_pos,
4196 	sldns_buffer* buf)
4197 {
4198 	size_t pos;
4199 	int parens = 0;
4200 	sldns_buffer_clear(buf);
4201 	pos = sldns_buffer_position(buf);
4202 	if(!chunkline_get_line(chunk, chunk_pos, buf)) {
4203 		if(sldns_buffer_position(buf) < sldns_buffer_limit(buf))
4204 			sldns_buffer_write_u8_at(buf, sldns_buffer_position(buf), 0);
4205 		else sldns_buffer_write_u8_at(buf, sldns_buffer_position(buf)-1, 0);
4206 		sldns_buffer_flip(buf);
4207 		return 0;
4208 	}
4209 	parens += chunkline_count_parens(buf, pos);
4210 	while(parens > 0) {
4211 		chunkline_remove_trailcomment(buf, pos);
4212 		pos = sldns_buffer_position(buf);
4213 		if(!chunkline_get_line(chunk, chunk_pos, buf)) {
4214 			if(sldns_buffer_position(buf) < sldns_buffer_limit(buf))
4215 				sldns_buffer_write_u8_at(buf, sldns_buffer_position(buf), 0);
4216 			else sldns_buffer_write_u8_at(buf, sldns_buffer_position(buf)-1, 0);
4217 			sldns_buffer_flip(buf);
4218 			return 0;
4219 		}
4220 		parens += chunkline_count_parens(buf, pos);
4221 	}
4222 
4223 	if(sldns_buffer_remaining(buf) < 1) {
4224 		verbose(VERB_ALGO, "http chunkline: "
4225 			"line too long");
4226 		return 0;
4227 	}
4228 	sldns_buffer_write_u8_at(buf, sldns_buffer_position(buf), 0);
4229 	sldns_buffer_flip(buf);
4230 	return 1;
4231 }
4232 
4233 /** process $ORIGIN for http */
4234 static int
4235 http_parse_origin(sldns_buffer* buf, struct sldns_file_parse_state* pstate)
4236 {
4237 	char* line = (char*)sldns_buffer_begin(buf);
4238 	if(strncmp(line, "$ORIGIN", 7) == 0 &&
4239 		isspace((unsigned char)line[7])) {
4240 		int s;
4241 		pstate->origin_len = sizeof(pstate->origin);
4242 		s = sldns_str2wire_dname_buf(sldns_strip_ws(line+8),
4243 			pstate->origin, &pstate->origin_len);
4244 		if(s) pstate->origin_len = 0;
4245 		return 1;
4246 	}
4247 	return 0;
4248 }
4249 
4250 /** process $TTL for http */
4251 static int
4252 http_parse_ttl(sldns_buffer* buf, struct sldns_file_parse_state* pstate)
4253 {
4254 	char* line = (char*)sldns_buffer_begin(buf);
4255 	if(strncmp(line, "$TTL", 4) == 0 &&
4256 		isspace((unsigned char)line[4])) {
4257 		const char* end = NULL;
4258 		pstate->default_ttl = sldns_str2period(
4259 			sldns_strip_ws(line+5), &end);
4260 		return 1;
4261 	}
4262 	return 0;
4263 }
4264 
4265 /** find noncomment RR line in chunks, collates lines if ( ) format */
4266 static int
4267 chunkline_non_comment_RR(struct auth_chunk** chunk, size_t* chunk_pos,
4268 	sldns_buffer* buf, struct sldns_file_parse_state* pstate)
4269 {
4270 	while(chunkline_get_line_collated(chunk, chunk_pos, buf)) {
4271 		if(chunkline_is_comment_line_or_empty(buf)) {
4272 			/* a comment, go to next line */
4273 			continue;
4274 		}
4275 		if(http_parse_origin(buf, pstate)) {
4276 			continue; /* $ORIGIN has been handled */
4277 		}
4278 		if(http_parse_ttl(buf, pstate)) {
4279 			continue; /* $TTL has been handled */
4280 		}
4281 		return 1;
4282 	}
4283 	/* no noncomments, fail */
4284 	return 0;
4285 }
4286 
4287 /** check syntax of chunklist zonefile, parse first RR, return false on
4288  * failure and return a string in the scratch buffer (first RR string)
4289  * on failure. */
4290 static int
4291 http_zonefile_syntax_check(struct auth_xfer* xfr, sldns_buffer* buf)
4292 {
4293 	uint8_t rr[LDNS_RR_BUF_SIZE];
4294 	size_t rr_len, dname_len = 0;
4295 	struct sldns_file_parse_state pstate;
4296 	struct auth_chunk* chunk;
4297 	size_t chunk_pos;
4298 	int e;
4299 	memset(&pstate, 0, sizeof(pstate));
4300 	pstate.default_ttl = 3600;
4301 	if(xfr->namelen < sizeof(pstate.origin)) {
4302 		pstate.origin_len = xfr->namelen;
4303 		memmove(pstate.origin, xfr->name, xfr->namelen);
4304 	}
4305 	chunk = xfr->task_transfer->chunks_first;
4306 	chunk_pos = 0;
4307 	if(!chunkline_non_comment_RR(&chunk, &chunk_pos, buf, &pstate)) {
4308 		return 0;
4309 	}
4310 	rr_len = sizeof(rr);
4311 	e=sldns_str2wire_rr_buf((char*)sldns_buffer_begin(buf), rr, &rr_len,
4312 		&dname_len, pstate.default_ttl,
4313 		pstate.origin_len?pstate.origin:NULL, pstate.origin_len,
4314 		pstate.prev_rr_len?pstate.prev_rr:NULL, pstate.prev_rr_len);
4315 	if(e != 0) {
4316 		log_err("parse failure on first RR[%d]: %s",
4317 			LDNS_WIREPARSE_OFFSET(e),
4318 			sldns_get_errorstr_parse(LDNS_WIREPARSE_ERROR(e)));
4319 		return 0;
4320 	}
4321 	/* check that class is correct */
4322 	if(sldns_wirerr_get_class(rr, rr_len, dname_len) != xfr->dclass) {
4323 		log_err("parse failure: first record in downloaded zonefile "
4324 			"from wrong RR class");
4325 		return 0;
4326 	}
4327 	return 1;
4328 }
4329 
4330 /** sum sizes of chunklist */
4331 static size_t
4332 chunklist_sum(struct auth_chunk* list)
4333 {
4334 	struct auth_chunk* p;
4335 	size_t s = 0;
4336 	for(p=list; p; p=p->next) {
4337 		s += p->len;
4338 	}
4339 	return s;
4340 }
4341 
4342 /** remove newlines from collated line */
4343 static void
4344 chunkline_newline_removal(sldns_buffer* buf)
4345 {
4346 	size_t i, end=sldns_buffer_limit(buf);
4347 	for(i=0; i<end; i++) {
4348 		char c = (char)sldns_buffer_read_u8_at(buf, i);
4349 		if(c == '\n' && i==end-1) {
4350 			sldns_buffer_write_u8_at(buf, i, 0);
4351 			sldns_buffer_set_limit(buf, end-1);
4352 			return;
4353 		}
4354 		if(c == '\n')
4355 			sldns_buffer_write_u8_at(buf, i, (uint8_t)' ');
4356 	}
4357 }
4358 
4359 /** for http download, parse and add RR to zone */
4360 static int
4361 http_parse_add_rr(struct auth_xfer* xfr, struct auth_zone* z,
4362 	sldns_buffer* buf, struct sldns_file_parse_state* pstate)
4363 {
4364 	uint8_t rr[LDNS_RR_BUF_SIZE];
4365 	size_t rr_len, dname_len = 0;
4366 	int e;
4367 	char* line = (char*)sldns_buffer_begin(buf);
4368 	rr_len = sizeof(rr);
4369 	e = sldns_str2wire_rr_buf(line, rr, &rr_len, &dname_len,
4370 		pstate->default_ttl,
4371 		pstate->origin_len?pstate->origin:NULL, pstate->origin_len,
4372 		pstate->prev_rr_len?pstate->prev_rr:NULL, pstate->prev_rr_len);
4373 	if(e != 0) {
4374 		log_err("%s/%s parse failure RR[%d]: %s in '%s'",
4375 			xfr->task_transfer->master->host,
4376 			xfr->task_transfer->master->file,
4377 			LDNS_WIREPARSE_OFFSET(e),
4378 			sldns_get_errorstr_parse(LDNS_WIREPARSE_ERROR(e)),
4379 			line);
4380 		return 0;
4381 	}
4382 	if(rr_len == 0)
4383 		return 1; /* empty line or so */
4384 
4385 	/* set prev */
4386 	if(dname_len < sizeof(pstate->prev_rr)) {
4387 		memmove(pstate->prev_rr, rr, dname_len);
4388 		pstate->prev_rr_len = dname_len;
4389 	}
4390 
4391 	return az_insert_rr(z, rr, rr_len, dname_len, NULL);
4392 }
4393 
4394 /** RR list iterator, returns RRs from answer section one by one from the
4395  * dns packets in the chunklist */
4396 static void
4397 chunk_rrlist_start(struct auth_xfer* xfr, struct auth_chunk** rr_chunk,
4398 	int* rr_num, size_t* rr_pos)
4399 {
4400 	*rr_chunk = xfr->task_transfer->chunks_first;
4401 	*rr_num = 0;
4402 	*rr_pos = 0;
4403 }
4404 
4405 /** RR list iterator, see if we are at the end of the list */
4406 static int
4407 chunk_rrlist_end(struct auth_chunk* rr_chunk, int rr_num)
4408 {
4409 	while(rr_chunk) {
4410 		if(rr_chunk->len < LDNS_HEADER_SIZE)
4411 			return 1;
4412 		if(rr_num < (int)LDNS_ANCOUNT(rr_chunk->data))
4413 			return 0;
4414 		/* no more RRs in this chunk */
4415 		/* continue with next chunk, see if it has RRs */
4416 		rr_chunk = rr_chunk->next;
4417 		rr_num = 0;
4418 	}
4419 	return 1;
4420 }
4421 
4422 /** RR list iterator, move to next RR */
4423 static void
4424 chunk_rrlist_gonext(struct auth_chunk** rr_chunk, int* rr_num,
4425 	size_t* rr_pos, size_t rr_nextpos)
4426 {
4427 	/* already at end of chunks? */
4428 	if(!*rr_chunk)
4429 		return;
4430 	/* move within this chunk */
4431 	if((*rr_chunk)->len >= LDNS_HEADER_SIZE &&
4432 		(*rr_num)+1 < (int)LDNS_ANCOUNT((*rr_chunk)->data)) {
4433 		(*rr_num) += 1;
4434 		*rr_pos = rr_nextpos;
4435 		return;
4436 	}
4437 	/* no more RRs in this chunk */
4438 	/* continue with next chunk, see if it has RRs */
4439 	if(*rr_chunk)
4440 		*rr_chunk = (*rr_chunk)->next;
4441 	while(*rr_chunk) {
4442 		*rr_num = 0;
4443 		*rr_pos = 0;
4444 		if((*rr_chunk)->len >= LDNS_HEADER_SIZE &&
4445 			LDNS_ANCOUNT((*rr_chunk)->data) > 0) {
4446 			return;
4447 		}
4448 		*rr_chunk = (*rr_chunk)->next;
4449 	}
4450 }
4451 
4452 /** RR iterator, get current RR information, false on parse error */
4453 static int
4454 chunk_rrlist_get_current(struct auth_chunk* rr_chunk, int rr_num,
4455 	size_t rr_pos, uint8_t** rr_dname, uint16_t* rr_type,
4456 	uint16_t* rr_class, uint32_t* rr_ttl, uint16_t* rr_rdlen,
4457 	uint8_t** rr_rdata, size_t* rr_nextpos)
4458 {
4459 	sldns_buffer pkt;
4460 	/* integrity checks on position */
4461 	if(!rr_chunk) return 0;
4462 	if(rr_chunk->len < LDNS_HEADER_SIZE) return 0;
4463 	if(rr_num >= (int)LDNS_ANCOUNT(rr_chunk->data)) return 0;
4464 	if(rr_pos >= rr_chunk->len) return 0;
4465 
4466 	/* fetch rr information */
4467 	sldns_buffer_init_frm_data(&pkt, rr_chunk->data, rr_chunk->len);
4468 	if(rr_pos == 0) {
4469 		size_t i;
4470 		/* skip question section */
4471 		sldns_buffer_set_position(&pkt, LDNS_HEADER_SIZE);
4472 		for(i=0; i<LDNS_QDCOUNT(rr_chunk->data); i++) {
4473 			if(pkt_dname_len(&pkt) == 0) return 0;
4474 			if(sldns_buffer_remaining(&pkt) < 4) return 0;
4475 			sldns_buffer_skip(&pkt, 4); /* type and class */
4476 		}
4477 	} else	{
4478 		sldns_buffer_set_position(&pkt, rr_pos);
4479 	}
4480 	*rr_dname = sldns_buffer_current(&pkt);
4481 	if(pkt_dname_len(&pkt) == 0) return 0;
4482 	if(sldns_buffer_remaining(&pkt) < 10) return 0;
4483 	*rr_type = sldns_buffer_read_u16(&pkt);
4484 	*rr_class = sldns_buffer_read_u16(&pkt);
4485 	*rr_ttl = sldns_buffer_read_u32(&pkt);
4486 	*rr_rdlen = sldns_buffer_read_u16(&pkt);
4487 	if(sldns_buffer_remaining(&pkt) < (*rr_rdlen)) return 0;
4488 	*rr_rdata = sldns_buffer_current(&pkt);
4489 	sldns_buffer_skip(&pkt, (ssize_t)(*rr_rdlen));
4490 	*rr_nextpos = sldns_buffer_position(&pkt);
4491 	return 1;
4492 }
4493 
4494 /** print log message where we are in parsing the zone transfer */
4495 static void
4496 log_rrlist_position(const char* label, struct auth_chunk* rr_chunk,
4497 	uint8_t* rr_dname, uint16_t rr_type, size_t rr_counter)
4498 {
4499 	sldns_buffer pkt;
4500 	size_t dlen;
4501 	uint8_t buf[256];
4502 	char str[256];
4503 	char typestr[32];
4504 	sldns_buffer_init_frm_data(&pkt, rr_chunk->data, rr_chunk->len);
4505 	sldns_buffer_set_position(&pkt, (size_t)(rr_dname -
4506 		sldns_buffer_begin(&pkt)));
4507 	if((dlen=pkt_dname_len(&pkt)) == 0) return;
4508 	if(dlen >= sizeof(buf)) return;
4509 	dname_pkt_copy(&pkt, buf, rr_dname);
4510 	dname_str(buf, str);
4511 	(void)sldns_wire2str_type_buf(rr_type, typestr, sizeof(typestr));
4512 	verbose(VERB_ALGO, "%s at[%d] %s %s", label, (int)rr_counter,
4513 		str, typestr);
4514 }
4515 
4516 /** check that start serial is OK for ixfr. we are at rr_counter == 0,
4517  * and we are going to check rr_counter == 1 (has to be type SOA) serial */
4518 static int
4519 ixfr_start_serial(struct auth_chunk* rr_chunk, int rr_num, size_t rr_pos,
4520 	uint8_t* rr_dname, uint16_t rr_type, uint16_t rr_class,
4521 	uint32_t rr_ttl, uint16_t rr_rdlen, uint8_t* rr_rdata,
4522 	size_t rr_nextpos, uint32_t transfer_serial, uint32_t xfr_serial)
4523 {
4524 	uint32_t startserial;
4525 	/* move forward on RR */
4526 	chunk_rrlist_gonext(&rr_chunk, &rr_num, &rr_pos, rr_nextpos);
4527 	if(chunk_rrlist_end(rr_chunk, rr_num)) {
4528 		/* no second SOA */
4529 		verbose(VERB_OPS, "IXFR has no second SOA record");
4530 		return 0;
4531 	}
4532 	if(!chunk_rrlist_get_current(rr_chunk, rr_num, rr_pos,
4533 		&rr_dname, &rr_type, &rr_class, &rr_ttl, &rr_rdlen,
4534 		&rr_rdata, &rr_nextpos)) {
4535 		verbose(VERB_OPS, "IXFR cannot parse second SOA record");
4536 		/* failed to parse RR */
4537 		return 0;
4538 	}
4539 	if(rr_type != LDNS_RR_TYPE_SOA) {
4540 		verbose(VERB_OPS, "IXFR second record is not type SOA");
4541 		return 0;
4542 	}
4543 	if(rr_rdlen < 22) {
4544 		verbose(VERB_OPS, "IXFR, second SOA has short rdlength");
4545 		return 0; /* bad SOA rdlen */
4546 	}
4547 	startserial = sldns_read_uint32(rr_rdata+rr_rdlen-20);
4548 	if(startserial == transfer_serial) {
4549 		/* empty AXFR, not an IXFR */
4550 		verbose(VERB_OPS, "IXFR second serial same as first");
4551 		return 0;
4552 	}
4553 	if(startserial != xfr_serial) {
4554 		/* wrong start serial, it does not match the serial in
4555 		 * memory */
4556 		verbose(VERB_OPS, "IXFR is from serial %u to %u but %u "
4557 			"in memory, rejecting the zone transfer",
4558 			(unsigned)startserial, (unsigned)transfer_serial,
4559 			(unsigned)xfr_serial);
4560 		return 0;
4561 	}
4562 	/* everything OK in second SOA serial */
4563 	return 1;
4564 }
4565 
4566 /** apply IXFR to zone in memory. z is locked. false on failure(mallocfail) */
4567 static int
4568 apply_ixfr(struct auth_xfer* xfr, struct auth_zone* z,
4569 	struct sldns_buffer* scratch_buffer)
4570 {
4571 	struct auth_chunk* rr_chunk;
4572 	int rr_num;
4573 	size_t rr_pos;
4574 	uint8_t* rr_dname, *rr_rdata;
4575 	uint16_t rr_type, rr_class, rr_rdlen;
4576 	uint32_t rr_ttl;
4577 	size_t rr_nextpos;
4578 	int have_transfer_serial = 0;
4579 	uint32_t transfer_serial = 0;
4580 	size_t rr_counter = 0;
4581 	int delmode = 0;
4582 	int softfail = 0;
4583 
4584 	/* start RR iterator over chunklist of packets */
4585 	chunk_rrlist_start(xfr, &rr_chunk, &rr_num, &rr_pos);
4586 	while(!chunk_rrlist_end(rr_chunk, rr_num)) {
4587 		if(!chunk_rrlist_get_current(rr_chunk, rr_num, rr_pos,
4588 			&rr_dname, &rr_type, &rr_class, &rr_ttl, &rr_rdlen,
4589 			&rr_rdata, &rr_nextpos)) {
4590 			/* failed to parse RR */
4591 			return 0;
4592 		}
4593 		if(verbosity>=7) log_rrlist_position("apply ixfr",
4594 			rr_chunk, rr_dname, rr_type, rr_counter);
4595 		/* twiddle add/del mode and check for start and end */
4596 		if(rr_counter == 0 && rr_type != LDNS_RR_TYPE_SOA)
4597 			return 0;
4598 		if(rr_counter == 1 && rr_type != LDNS_RR_TYPE_SOA) {
4599 			/* this is an AXFR returned from the IXFR master */
4600 			/* but that should already have been detected, by
4601 			 * on_ixfr_is_axfr */
4602 			return 0;
4603 		}
4604 		if(rr_type == LDNS_RR_TYPE_SOA) {
4605 			uint32_t serial;
4606 			if(rr_rdlen < 22) return 0; /* bad SOA rdlen */
4607 			serial = sldns_read_uint32(rr_rdata+rr_rdlen-20);
4608 			if(have_transfer_serial == 0) {
4609 				have_transfer_serial = 1;
4610 				transfer_serial = serial;
4611 				delmode = 1; /* gets negated below */
4612 				/* check second RR before going any further */
4613 				if(!ixfr_start_serial(rr_chunk, rr_num, rr_pos,
4614 					rr_dname, rr_type, rr_class, rr_ttl,
4615 					rr_rdlen, rr_rdata, rr_nextpos,
4616 					transfer_serial, xfr->serial)) {
4617 					return 0;
4618 				}
4619 			} else if(transfer_serial == serial) {
4620 				have_transfer_serial++;
4621 				if(rr_counter == 1) {
4622 					/* empty AXFR, with SOA; SOA; */
4623 					/* should have been detected by
4624 					 * on_ixfr_is_axfr */
4625 					return 0;
4626 				}
4627 				if(have_transfer_serial == 3) {
4628 					/* see serial three times for end */
4629 					/* eg. IXFR:
4630 					 *  SOA 3 start
4631 					 *  SOA 1 second RR, followed by del
4632 					 *  SOA 2 followed by add
4633 					 *  SOA 2 followed by del
4634 					 *  SOA 3 followed by add
4635 					 *  SOA 3 end */
4636 					/* ended by SOA record */
4637 					xfr->serial = transfer_serial;
4638 					break;
4639 				}
4640 			}
4641 			/* twiddle add/del mode */
4642 			/* switch from delete part to add part and back again
4643 			 * just before the soa, it gets deleted and added too
4644 			 * this means we switch to delete mode for the final
4645 			 * SOA(so skip that one) */
4646 			delmode = !delmode;
4647 		}
4648 		/* process this RR */
4649 		/* if the RR is deleted twice or added twice, then we
4650 		 * softfail, and continue with the rest of the IXFR, so
4651 		 * that we serve something fairly nice during the refetch */
4652 		if(verbosity>=7) log_rrlist_position((delmode?"del":"add"),
4653 			rr_chunk, rr_dname, rr_type, rr_counter);
4654 		if(delmode) {
4655 			/* delete this RR */
4656 			int nonexist = 0;
4657 			if(!az_remove_rr_decompress(z, rr_chunk->data,
4658 				rr_chunk->len, scratch_buffer, rr_dname,
4659 				rr_type, rr_class, rr_ttl, rr_rdata, rr_rdlen,
4660 				&nonexist)) {
4661 				/* failed, malloc error or so */
4662 				return 0;
4663 			}
4664 			if(nonexist) {
4665 				/* it was removal of a nonexisting RR */
4666 				if(verbosity>=4) log_rrlist_position(
4667 					"IXFR error nonexistent RR",
4668 					rr_chunk, rr_dname, rr_type, rr_counter);
4669 				softfail = 1;
4670 			}
4671 		} else if(rr_counter != 0) {
4672 			/* skip first SOA RR for addition, it is added in
4673 			 * the addition part near the end of the ixfr, when
4674 			 * that serial is seen the second time. */
4675 			int duplicate = 0;
4676 			/* add this RR */
4677 			if(!az_insert_rr_decompress(z, rr_chunk->data,
4678 				rr_chunk->len, scratch_buffer, rr_dname,
4679 				rr_type, rr_class, rr_ttl, rr_rdata, rr_rdlen,
4680 				&duplicate)) {
4681 				/* failed, malloc error or so */
4682 				return 0;
4683 			}
4684 			if(duplicate) {
4685 				/* it was a duplicate */
4686 				if(verbosity>=4) log_rrlist_position(
4687 					"IXFR error duplicate RR",
4688 					rr_chunk, rr_dname, rr_type, rr_counter);
4689 				softfail = 1;
4690 			}
4691 		}
4692 
4693 		rr_counter++;
4694 		chunk_rrlist_gonext(&rr_chunk, &rr_num, &rr_pos, rr_nextpos);
4695 	}
4696 	if(softfail) {
4697 		verbose(VERB_ALGO, "IXFR did not apply cleanly, fetching full zone");
4698 		return 0;
4699 	}
4700 	return 1;
4701 }
4702 
4703 /** apply AXFR to zone in memory. z is locked. false on failure(mallocfail) */
4704 static int
4705 apply_axfr(struct auth_xfer* xfr, struct auth_zone* z,
4706 	struct sldns_buffer* scratch_buffer)
4707 {
4708 	struct auth_chunk* rr_chunk;
4709 	int rr_num;
4710 	size_t rr_pos;
4711 	uint8_t* rr_dname, *rr_rdata;
4712 	uint16_t rr_type, rr_class, rr_rdlen;
4713 	uint32_t rr_ttl;
4714 	uint32_t serial = 0;
4715 	size_t rr_nextpos;
4716 	size_t rr_counter = 0;
4717 	int have_end_soa = 0;
4718 
4719 	/* clear the data tree */
4720 	traverse_postorder(&z->data, auth_data_del, NULL);
4721 	rbtree_init(&z->data, &auth_data_cmp);
4722 	/* clear the RPZ policies */
4723 	if(z->rpz)
4724 		rpz_clear(z->rpz);
4725 
4726 	xfr->have_zone = 0;
4727 	xfr->serial = 0;
4728 
4729 	/* insert all RRs in to the zone */
4730 	/* insert the SOA only once, skip the last one */
4731 	/* start RR iterator over chunklist of packets */
4732 	chunk_rrlist_start(xfr, &rr_chunk, &rr_num, &rr_pos);
4733 	while(!chunk_rrlist_end(rr_chunk, rr_num)) {
4734 		if(!chunk_rrlist_get_current(rr_chunk, rr_num, rr_pos,
4735 			&rr_dname, &rr_type, &rr_class, &rr_ttl, &rr_rdlen,
4736 			&rr_rdata, &rr_nextpos)) {
4737 			/* failed to parse RR */
4738 			return 0;
4739 		}
4740 		if(verbosity>=7) log_rrlist_position("apply_axfr",
4741 			rr_chunk, rr_dname, rr_type, rr_counter);
4742 		if(rr_type == LDNS_RR_TYPE_SOA) {
4743 			if(rr_counter != 0) {
4744 				/* end of the axfr */
4745 				have_end_soa = 1;
4746 				break;
4747 			}
4748 			if(rr_rdlen < 22) return 0; /* bad SOA rdlen */
4749 			serial = sldns_read_uint32(rr_rdata+rr_rdlen-20);
4750 		}
4751 
4752 		/* add this RR */
4753 		if(!az_insert_rr_decompress(z, rr_chunk->data, rr_chunk->len,
4754 			scratch_buffer, rr_dname, rr_type, rr_class, rr_ttl,
4755 			rr_rdata, rr_rdlen, NULL)) {
4756 			/* failed, malloc error or so */
4757 			return 0;
4758 		}
4759 
4760 		rr_counter++;
4761 		chunk_rrlist_gonext(&rr_chunk, &rr_num, &rr_pos, rr_nextpos);
4762 	}
4763 	if(!have_end_soa) {
4764 		log_err("no end SOA record for AXFR");
4765 		return 0;
4766 	}
4767 
4768 	xfr->serial = serial;
4769 	xfr->have_zone = 1;
4770 	return 1;
4771 }
4772 
4773 /** apply HTTP to zone in memory. z is locked. false on failure(mallocfail) */
4774 static int
4775 apply_http(struct auth_xfer* xfr, struct auth_zone* z,
4776 	struct sldns_buffer* scratch_buffer)
4777 {
4778 	/* parse data in chunks */
4779 	/* parse RR's and read into memory. ignore $INCLUDE from the
4780 	 * downloaded file*/
4781 	struct sldns_file_parse_state pstate;
4782 	struct auth_chunk* chunk;
4783 	size_t chunk_pos;
4784 	memset(&pstate, 0, sizeof(pstate));
4785 	pstate.default_ttl = 3600;
4786 	if(xfr->namelen < sizeof(pstate.origin)) {
4787 		pstate.origin_len = xfr->namelen;
4788 		memmove(pstate.origin, xfr->name, xfr->namelen);
4789 	}
4790 
4791 	if(verbosity >= VERB_ALGO)
4792 		verbose(VERB_ALGO, "http download %s of size %d",
4793 		xfr->task_transfer->master->file,
4794 		(int)chunklist_sum(xfr->task_transfer->chunks_first));
4795 	if(xfr->task_transfer->chunks_first && verbosity >= VERB_ALGO) {
4796 		char preview[1024];
4797 		if(xfr->task_transfer->chunks_first->len+1 > sizeof(preview)) {
4798 			memmove(preview, xfr->task_transfer->chunks_first->data,
4799 				sizeof(preview)-1);
4800 			preview[sizeof(preview)-1]=0;
4801 		} else {
4802 			memmove(preview, xfr->task_transfer->chunks_first->data,
4803 				xfr->task_transfer->chunks_first->len);
4804 			preview[xfr->task_transfer->chunks_first->len]=0;
4805 		}
4806 		log_info("auth zone http downloaded content preview: %s",
4807 			preview);
4808 	}
4809 
4810 	/* perhaps a little syntax check before we try to apply the data? */
4811 	if(!http_zonefile_syntax_check(xfr, scratch_buffer)) {
4812 		log_err("http download %s/%s does not contain a zonefile, "
4813 			"but got '%s'", xfr->task_transfer->master->host,
4814 			xfr->task_transfer->master->file,
4815 			sldns_buffer_begin(scratch_buffer));
4816 		return 0;
4817 	}
4818 
4819 	/* clear the data tree */
4820 	traverse_postorder(&z->data, auth_data_del, NULL);
4821 	rbtree_init(&z->data, &auth_data_cmp);
4822 	/* clear the RPZ policies */
4823 	if(z->rpz)
4824 		rpz_clear(z->rpz);
4825 
4826 	xfr->have_zone = 0;
4827 	xfr->serial = 0;
4828 
4829 	chunk = xfr->task_transfer->chunks_first;
4830 	chunk_pos = 0;
4831 	pstate.lineno = 0;
4832 	while(chunkline_get_line_collated(&chunk, &chunk_pos, scratch_buffer)) {
4833 		/* process this line */
4834 		pstate.lineno++;
4835 		chunkline_newline_removal(scratch_buffer);
4836 		if(chunkline_is_comment_line_or_empty(scratch_buffer)) {
4837 			continue;
4838 		}
4839 		/* parse line and add RR */
4840 		if(http_parse_origin(scratch_buffer, &pstate)) {
4841 			continue; /* $ORIGIN has been handled */
4842 		}
4843 		if(http_parse_ttl(scratch_buffer, &pstate)) {
4844 			continue; /* $TTL has been handled */
4845 		}
4846 		if(!http_parse_add_rr(xfr, z, scratch_buffer, &pstate)) {
4847 			verbose(VERB_ALGO, "error parsing line [%s:%d] %s",
4848 				xfr->task_transfer->master->file,
4849 				pstate.lineno,
4850 				sldns_buffer_begin(scratch_buffer));
4851 			return 0;
4852 		}
4853 	}
4854 	return 1;
4855 }
4856 
4857 /** write http chunks to zonefile to create downloaded file */
4858 static int
4859 auth_zone_write_chunks(struct auth_xfer* xfr, const char* fname)
4860 {
4861 	FILE* out;
4862 	struct auth_chunk* p;
4863 	out = fopen(fname, "w");
4864 	if(!out) {
4865 		log_err("could not open %s: %s", fname, strerror(errno));
4866 		return 0;
4867 	}
4868 	for(p = xfr->task_transfer->chunks_first; p ; p = p->next) {
4869 		if(!write_out(out, (char*)p->data, p->len)) {
4870 			log_err("could not write http download to %s", fname);
4871 			fclose(out);
4872 			return 0;
4873 		}
4874 	}
4875 	fclose(out);
4876 	return 1;
4877 }
4878 
4879 /** write to zonefile after zone has been updated */
4880 static void
4881 xfr_write_after_update(struct auth_xfer* xfr, struct module_env* env)
4882 {
4883 	struct config_file* cfg = env->cfg;
4884 	struct auth_zone* z;
4885 	char tmpfile[1024];
4886 	char* zfilename;
4887 	lock_basic_unlock(&xfr->lock);
4888 
4889 	/* get lock again, so it is a readlock and concurrently queries
4890 	 * can be answered */
4891 	lock_rw_rdlock(&env->auth_zones->lock);
4892 	z = auth_zone_find(env->auth_zones, xfr->name, xfr->namelen,
4893 		xfr->dclass);
4894 	if(!z) {
4895 		lock_rw_unlock(&env->auth_zones->lock);
4896 		/* the zone is gone, ignore xfr results */
4897 		lock_basic_lock(&xfr->lock);
4898 		return;
4899 	}
4900 	lock_rw_rdlock(&z->lock);
4901 	lock_basic_lock(&xfr->lock);
4902 	lock_rw_unlock(&env->auth_zones->lock);
4903 
4904 	if(z->zonefile == NULL || z->zonefile[0] == 0) {
4905 		lock_rw_unlock(&z->lock);
4906 		/* no write needed, no zonefile set */
4907 		return;
4908 	}
4909 	zfilename = z->zonefile;
4910 	if(cfg->chrootdir && cfg->chrootdir[0] && strncmp(zfilename,
4911 		cfg->chrootdir, strlen(cfg->chrootdir)) == 0)
4912 		zfilename += strlen(cfg->chrootdir);
4913 	if(verbosity >= VERB_ALGO) {
4914 		char nm[255+1];
4915 		dname_str(z->name, nm);
4916 		verbose(VERB_ALGO, "write zonefile %s for %s", zfilename, nm);
4917 	}
4918 
4919 	/* write to tempfile first */
4920 	if((size_t)strlen(zfilename) + 16 > sizeof(tmpfile)) {
4921 		verbose(VERB_ALGO, "tmpfilename too long, cannot update "
4922 			" zonefile %s", zfilename);
4923 		lock_rw_unlock(&z->lock);
4924 		return;
4925 	}
4926 	snprintf(tmpfile, sizeof(tmpfile), "%s.tmp%u", zfilename,
4927 		(unsigned)getpid());
4928 	if(xfr->task_transfer->master->http) {
4929 		/* use the stored chunk list to write them */
4930 		if(!auth_zone_write_chunks(xfr, tmpfile)) {
4931 			unlink(tmpfile);
4932 			lock_rw_unlock(&z->lock);
4933 			return;
4934 		}
4935 	} else if(!auth_zone_write_file(z, tmpfile)) {
4936 		unlink(tmpfile);
4937 		lock_rw_unlock(&z->lock);
4938 		return;
4939 	}
4940 	if(rename(tmpfile, zfilename) < 0) {
4941 		log_err("could not rename(%s, %s): %s", tmpfile, zfilename,
4942 			strerror(errno));
4943 		unlink(tmpfile);
4944 		lock_rw_unlock(&z->lock);
4945 		return;
4946 	}
4947 	lock_rw_unlock(&z->lock);
4948 }
4949 
4950 /** process chunk list and update zone in memory,
4951  * return false if it did not work */
4952 static int
4953 xfr_process_chunk_list(struct auth_xfer* xfr, struct module_env* env,
4954 	int* ixfr_fail)
4955 {
4956 	struct auth_zone* z;
4957 
4958 	/* obtain locks and structures */
4959 	/* release xfr lock, then, while holding az->lock grab both
4960 	 * z->lock and xfr->lock */
4961 	lock_basic_unlock(&xfr->lock);
4962 	lock_rw_rdlock(&env->auth_zones->lock);
4963 	z = auth_zone_find(env->auth_zones, xfr->name, xfr->namelen,
4964 		xfr->dclass);
4965 	if(!z) {
4966 		lock_rw_unlock(&env->auth_zones->lock);
4967 		/* the zone is gone, ignore xfr results */
4968 		lock_basic_lock(&xfr->lock);
4969 		return 0;
4970 	}
4971 	lock_rw_wrlock(&z->lock);
4972 	lock_basic_lock(&xfr->lock);
4973 	lock_rw_unlock(&env->auth_zones->lock);
4974 
4975 	/* apply data */
4976 	if(xfr->task_transfer->master->http) {
4977 		if(!apply_http(xfr, z, env->scratch_buffer)) {
4978 			lock_rw_unlock(&z->lock);
4979 			verbose(VERB_ALGO, "http from %s: could not store data",
4980 				xfr->task_transfer->master->host);
4981 			return 0;
4982 		}
4983 	} else if(xfr->task_transfer->on_ixfr &&
4984 		!xfr->task_transfer->on_ixfr_is_axfr) {
4985 		if(!apply_ixfr(xfr, z, env->scratch_buffer)) {
4986 			lock_rw_unlock(&z->lock);
4987 			verbose(VERB_ALGO, "xfr from %s: could not store IXFR"
4988 				" data", xfr->task_transfer->master->host);
4989 			*ixfr_fail = 1;
4990 			return 0;
4991 		}
4992 	} else {
4993 		if(!apply_axfr(xfr, z, env->scratch_buffer)) {
4994 			lock_rw_unlock(&z->lock);
4995 			verbose(VERB_ALGO, "xfr from %s: could not store AXFR"
4996 				" data", xfr->task_transfer->master->host);
4997 			return 0;
4998 		}
4999 	}
5000 	xfr->zone_expired = 0;
5001 	z->zone_expired = 0;
5002 	if(!xfr_find_soa(z, xfr)) {
5003 		lock_rw_unlock(&z->lock);
5004 		verbose(VERB_ALGO, "xfr from %s: no SOA in zone after update"
5005 			" (or malformed RR)", xfr->task_transfer->master->host);
5006 		return 0;
5007 	}
5008 	if(xfr->have_zone)
5009 		xfr->lease_time = *env->now;
5010 
5011 	if(z->rpz)
5012 		rpz_finish_config(z->rpz);
5013 
5014 	/* unlock */
5015 	lock_rw_unlock(&z->lock);
5016 
5017 	if(verbosity >= VERB_QUERY && xfr->have_zone) {
5018 		char zname[256];
5019 		dname_str(xfr->name, zname);
5020 		verbose(VERB_QUERY, "auth zone %s updated to serial %u", zname,
5021 			(unsigned)xfr->serial);
5022 	}
5023 	/* see if we need to write to a zonefile */
5024 	xfr_write_after_update(xfr, env);
5025 	return 1;
5026 }
5027 
5028 /** disown task_transfer.  caller must hold xfr.lock */
5029 static void
5030 xfr_transfer_disown(struct auth_xfer* xfr)
5031 {
5032 	/* remove timer (from this worker's event base) */
5033 	comm_timer_delete(xfr->task_transfer->timer);
5034 	xfr->task_transfer->timer = NULL;
5035 	/* remove the commpoint */
5036 	comm_point_delete(xfr->task_transfer->cp);
5037 	xfr->task_transfer->cp = NULL;
5038 	/* we don't own this item anymore */
5039 	xfr->task_transfer->worker = NULL;
5040 	xfr->task_transfer->env = NULL;
5041 }
5042 
5043 /** lookup a host name for its addresses, if needed */
5044 static int
5045 xfr_transfer_lookup_host(struct auth_xfer* xfr, struct module_env* env)
5046 {
5047 	struct sockaddr_storage addr;
5048 	socklen_t addrlen = 0;
5049 	struct auth_master* master = xfr->task_transfer->lookup_target;
5050 	struct query_info qinfo;
5051 	uint16_t qflags = BIT_RD;
5052 	uint8_t dname[LDNS_MAX_DOMAINLEN+1];
5053 	struct edns_data edns;
5054 	sldns_buffer* buf = env->scratch_buffer;
5055 	if(!master) return 0;
5056 	if(extstrtoaddr(master->host, &addr, &addrlen)) {
5057 		/* not needed, host is in IP addr format */
5058 		return 0;
5059 	}
5060 	if(master->allow_notify)
5061 		return 0; /* allow-notifies are not transferred from, no
5062 		lookup is needed */
5063 
5064 	/* use mesh_new_callback to probe for non-addr hosts,
5065 	 * and then wait for them to be looked up (in cache, or query) */
5066 	qinfo.qname_len = sizeof(dname);
5067 	if(sldns_str2wire_dname_buf(master->host, dname, &qinfo.qname_len)
5068 		!= 0) {
5069 		log_err("cannot parse host name of master %s", master->host);
5070 		return 0;
5071 	}
5072 	qinfo.qname = dname;
5073 	qinfo.qclass = xfr->dclass;
5074 	qinfo.qtype = LDNS_RR_TYPE_A;
5075 	if(xfr->task_transfer->lookup_aaaa)
5076 		qinfo.qtype = LDNS_RR_TYPE_AAAA;
5077 	qinfo.local_alias = NULL;
5078 	if(verbosity >= VERB_ALGO) {
5079 		char buf1[512];
5080 		char buf2[LDNS_MAX_DOMAINLEN+1];
5081 		dname_str(xfr->name, buf2);
5082 		snprintf(buf1, sizeof(buf1), "auth zone %s: master lookup"
5083 			" for task_transfer", buf2);
5084 		log_query_info(VERB_ALGO, buf1, &qinfo);
5085 	}
5086 	edns.edns_present = 1;
5087 	edns.ext_rcode = 0;
5088 	edns.edns_version = 0;
5089 	edns.bits = EDNS_DO;
5090 	edns.opt_list = NULL;
5091 	if(sldns_buffer_capacity(buf) < 65535)
5092 		edns.udp_size = (uint16_t)sldns_buffer_capacity(buf);
5093 	else	edns.udp_size = 65535;
5094 
5095 	/* unlock xfr during mesh_new_callback() because the callback can be
5096 	 * called straight away */
5097 	lock_basic_unlock(&xfr->lock);
5098 	if(!mesh_new_callback(env->mesh, &qinfo, qflags, &edns, buf, 0,
5099 		&auth_xfer_transfer_lookup_callback, xfr)) {
5100 		lock_basic_lock(&xfr->lock);
5101 		log_err("out of memory lookup up master %s", master->host);
5102 		return 0;
5103 	}
5104 	lock_basic_lock(&xfr->lock);
5105 	return 1;
5106 }
5107 
5108 /** initiate TCP to the target and fetch zone.
5109  * returns true if that was successfully started, and timeout setup. */
5110 static int
5111 xfr_transfer_init_fetch(struct auth_xfer* xfr, struct module_env* env)
5112 {
5113 	struct sockaddr_storage addr;
5114 	socklen_t addrlen = 0;
5115 	struct auth_master* master = xfr->task_transfer->master;
5116 	char *auth_name = NULL;
5117 	struct timeval t;
5118 	int timeout;
5119 	if(!master) return 0;
5120 	if(master->allow_notify) return 0; /* only for notify */
5121 
5122 	/* get master addr */
5123 	if(xfr->task_transfer->scan_addr) {
5124 		addrlen = xfr->task_transfer->scan_addr->addrlen;
5125 		memmove(&addr, &xfr->task_transfer->scan_addr->addr, addrlen);
5126 	} else {
5127 		if(!authextstrtoaddr(master->host, &addr, &addrlen, &auth_name)) {
5128 			/* the ones that are not in addr format are supposed
5129 			 * to be looked up.  The lookup has failed however,
5130 			 * so skip them */
5131 			char zname[255+1];
5132 			dname_str(xfr->name, zname);
5133 			log_err("%s: failed lookup, cannot transfer from master %s",
5134 				zname, master->host);
5135 			return 0;
5136 		}
5137 	}
5138 
5139 	/* remove previous TCP connection (if any) */
5140 	if(xfr->task_transfer->cp) {
5141 		comm_point_delete(xfr->task_transfer->cp);
5142 		xfr->task_transfer->cp = NULL;
5143 	}
5144 	if(!xfr->task_transfer->timer) {
5145 		xfr->task_transfer->timer = comm_timer_create(env->worker_base,
5146 			auth_xfer_transfer_timer_callback, xfr);
5147 		if(!xfr->task_transfer->timer) {
5148 			log_err("malloc failure");
5149 			return 0;
5150 		}
5151 	}
5152 	timeout = AUTH_TRANSFER_TIMEOUT;
5153 #ifndef S_SPLINT_S
5154         t.tv_sec = timeout/1000;
5155         t.tv_usec = (timeout%1000)*1000;
5156 #endif
5157 
5158 	if(master->http) {
5159 		/* perform http fetch */
5160 		/* store http port number into sockaddr,
5161 		 * unless someone used unbound's host@port notation */
5162 		xfr->task_transfer->on_ixfr = 0;
5163 		if(strchr(master->host, '@') == NULL)
5164 			sockaddr_store_port(&addr, addrlen, master->port);
5165 		xfr->task_transfer->cp = outnet_comm_point_for_http(
5166 			env->outnet, auth_xfer_transfer_http_callback, xfr,
5167 			&addr, addrlen, -1, master->ssl, master->host,
5168 			master->file);
5169 		if(!xfr->task_transfer->cp) {
5170 			char zname[255+1], as[256];
5171 			dname_str(xfr->name, zname);
5172 			addr_to_str(&addr, addrlen, as, sizeof(as));
5173 			verbose(VERB_ALGO, "cannot create http cp "
5174 				"connection for %s to %s", zname, as);
5175 			return 0;
5176 		}
5177 		comm_timer_set(xfr->task_transfer->timer, &t);
5178 		if(verbosity >= VERB_ALGO) {
5179 			char zname[255+1], as[256];
5180 			dname_str(xfr->name, zname);
5181 			addr_to_str(&addr, addrlen, as, sizeof(as));
5182 			verbose(VERB_ALGO, "auth zone %s transfer next HTTP fetch from %s started", zname, as);
5183 		}
5184 		return 1;
5185 	}
5186 
5187 	/* perform AXFR/IXFR */
5188 	/* set the packet to be written */
5189 	/* create new ID */
5190 	xfr->task_transfer->id = (uint16_t)(ub_random(env->rnd)&0xffff);
5191 	xfr_create_ixfr_packet(xfr, env->scratch_buffer,
5192 		xfr->task_transfer->id, master);
5193 
5194 	/* connect on fd */
5195 	xfr->task_transfer->cp = outnet_comm_point_for_tcp(env->outnet,
5196 		auth_xfer_transfer_tcp_callback, xfr, &addr, addrlen,
5197 		env->scratch_buffer, -1,
5198 		auth_name != NULL, auth_name);
5199 	if(!xfr->task_transfer->cp) {
5200 		char zname[255+1], as[256];
5201  		dname_str(xfr->name, zname);
5202 		addr_to_str(&addr, addrlen, as, sizeof(as));
5203 		verbose(VERB_ALGO, "cannot create tcp cp connection for "
5204 			"xfr %s to %s", zname, as);
5205 		return 0;
5206 	}
5207 	comm_timer_set(xfr->task_transfer->timer, &t);
5208 	if(verbosity >= VERB_ALGO) {
5209 		char zname[255+1], as[256];
5210  		dname_str(xfr->name, zname);
5211 		addr_to_str(&addr, addrlen, as, sizeof(as));
5212 		verbose(VERB_ALGO, "auth zone %s transfer next %s fetch from %s started", zname,
5213 			(xfr->task_transfer->on_ixfr?"IXFR":"AXFR"), as);
5214 	}
5215 	return 1;
5216 }
5217 
5218 /** perform next lookup, next transfer TCP, or end and resume wait time task */
5219 static void
5220 xfr_transfer_nexttarget_or_end(struct auth_xfer* xfr, struct module_env* env)
5221 {
5222 	log_assert(xfr->task_transfer->worker == env->worker);
5223 
5224 	/* are we performing lookups? */
5225 	while(xfr->task_transfer->lookup_target) {
5226 		if(xfr_transfer_lookup_host(xfr, env)) {
5227 			/* wait for lookup to finish,
5228 			 * note that the hostname may be in unbound's cache
5229 			 * and we may then get an instant cache response,
5230 			 * and that calls the callback just like a full
5231 			 * lookup and lookup failures also call callback */
5232 			if(verbosity >= VERB_ALGO) {
5233 				char zname[255+1];
5234 				dname_str(xfr->name, zname);
5235 				verbose(VERB_ALGO, "auth zone %s transfer next target lookup", zname);
5236 			}
5237 			lock_basic_unlock(&xfr->lock);
5238 			return;
5239 		}
5240 		xfr_transfer_move_to_next_lookup(xfr, env);
5241 	}
5242 
5243 	/* initiate TCP and fetch the zone from the master */
5244 	/* and set timeout on it */
5245 	while(!xfr_transfer_end_of_list(xfr)) {
5246 		xfr->task_transfer->master = xfr_transfer_current_master(xfr);
5247 		if(xfr_transfer_init_fetch(xfr, env)) {
5248 			/* successfully started, wait for callback */
5249 			lock_basic_unlock(&xfr->lock);
5250 			return;
5251 		}
5252 		/* failed to fetch, next master */
5253 		xfr_transfer_nextmaster(xfr);
5254 	}
5255 	if(verbosity >= VERB_ALGO) {
5256 		char zname[255+1];
5257 		dname_str(xfr->name, zname);
5258 		verbose(VERB_ALGO, "auth zone %s transfer failed, wait", zname);
5259 	}
5260 
5261 	/* we failed to fetch the zone, move to wait task
5262 	 * use the shorter retry timeout */
5263 	xfr_transfer_disown(xfr);
5264 
5265 	/* pick up the nextprobe task and wait */
5266 	if(xfr->task_nextprobe->worker == NULL)
5267 		xfr_set_timeout(xfr, env, 1, 0);
5268 	lock_basic_unlock(&xfr->lock);
5269 }
5270 
5271 /** add addrs from A or AAAA rrset to the master */
5272 static void
5273 xfr_master_add_addrs(struct auth_master* m, struct ub_packed_rrset_key* rrset,
5274 	uint16_t rrtype)
5275 {
5276 	size_t i;
5277 	struct packed_rrset_data* data;
5278 	if(!m || !rrset) return;
5279 	if(rrtype != LDNS_RR_TYPE_A && rrtype != LDNS_RR_TYPE_AAAA)
5280 		return;
5281 	data = (struct packed_rrset_data*)rrset->entry.data;
5282 	for(i=0; i<data->count; i++) {
5283 		struct auth_addr* a;
5284 		size_t len = data->rr_len[i] - 2;
5285 		uint8_t* rdata = data->rr_data[i]+2;
5286 		if(rrtype == LDNS_RR_TYPE_A && len != INET_SIZE)
5287 			continue; /* wrong length for A */
5288 		if(rrtype == LDNS_RR_TYPE_AAAA && len != INET6_SIZE)
5289 			continue; /* wrong length for AAAA */
5290 
5291 		/* add and alloc it */
5292 		a = (struct auth_addr*)calloc(1, sizeof(*a));
5293 		if(!a) {
5294 			log_err("out of memory");
5295 			return;
5296 		}
5297 		if(rrtype == LDNS_RR_TYPE_A) {
5298 			struct sockaddr_in* sa;
5299 			a->addrlen = (socklen_t)sizeof(*sa);
5300 			sa = (struct sockaddr_in*)&a->addr;
5301 			sa->sin_family = AF_INET;
5302 			sa->sin_port = (in_port_t)htons(UNBOUND_DNS_PORT);
5303 			memmove(&sa->sin_addr, rdata, INET_SIZE);
5304 		} else {
5305 			struct sockaddr_in6* sa;
5306 			a->addrlen = (socklen_t)sizeof(*sa);
5307 			sa = (struct sockaddr_in6*)&a->addr;
5308 			sa->sin6_family = AF_INET6;
5309 			sa->sin6_port = (in_port_t)htons(UNBOUND_DNS_PORT);
5310 			memmove(&sa->sin6_addr, rdata, INET6_SIZE);
5311 		}
5312 		if(verbosity >= VERB_ALGO) {
5313 			char s[64];
5314 			addr_to_str(&a->addr, a->addrlen, s, sizeof(s));
5315 			verbose(VERB_ALGO, "auth host %s lookup %s",
5316 				m->host, s);
5317 		}
5318 		/* append to list */
5319 		a->next = m->list;
5320 		m->list = a;
5321 	}
5322 }
5323 
5324 /** callback for task_transfer lookup of host name, of A or AAAA */
5325 void auth_xfer_transfer_lookup_callback(void* arg, int rcode, sldns_buffer* buf,
5326 	enum sec_status ATTR_UNUSED(sec), char* ATTR_UNUSED(why_bogus),
5327 	int ATTR_UNUSED(was_ratelimited))
5328 {
5329 	struct auth_xfer* xfr = (struct auth_xfer*)arg;
5330 	struct module_env* env;
5331 	log_assert(xfr->task_transfer);
5332 	lock_basic_lock(&xfr->lock);
5333 	env = xfr->task_transfer->env;
5334 	if(env->outnet->want_to_quit) {
5335 		lock_basic_unlock(&xfr->lock);
5336 		return; /* stop on quit */
5337 	}
5338 
5339 	/* process result */
5340 	if(rcode == LDNS_RCODE_NOERROR) {
5341 		uint16_t wanted_qtype = LDNS_RR_TYPE_A;
5342 		struct regional* temp = env->scratch;
5343 		struct query_info rq;
5344 		struct reply_info* rep;
5345 		if(xfr->task_transfer->lookup_aaaa)
5346 			wanted_qtype = LDNS_RR_TYPE_AAAA;
5347 		memset(&rq, 0, sizeof(rq));
5348 		rep = parse_reply_in_temp_region(buf, temp, &rq);
5349 		if(rep && rq.qtype == wanted_qtype &&
5350 			FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NOERROR) {
5351 			/* parsed successfully */
5352 			struct ub_packed_rrset_key* answer =
5353 				reply_find_answer_rrset(&rq, rep);
5354 			if(answer) {
5355 				xfr_master_add_addrs(xfr->task_transfer->
5356 					lookup_target, answer, wanted_qtype);
5357 			} else {
5358 				if(verbosity >= VERB_ALGO) {
5359 					char zname[255+1];
5360 					dname_str(xfr->name, zname);
5361 					verbose(VERB_ALGO, "auth zone %s host %s type %s transfer lookup has nodata", zname, xfr->task_transfer->lookup_target->host, (xfr->task_transfer->lookup_aaaa?"AAAA":"A"));
5362 				}
5363 			}
5364 		} else {
5365 			if(verbosity >= VERB_ALGO) {
5366 				char zname[255+1];
5367 				dname_str(xfr->name, zname);
5368 				verbose(VERB_ALGO, "auth zone %s host %s type %s transfer lookup has no answer", zname, xfr->task_transfer->lookup_target->host, (xfr->task_transfer->lookup_aaaa?"AAAA":"A"));
5369 			}
5370 		}
5371 	} else {
5372 		if(verbosity >= VERB_ALGO) {
5373 			char zname[255+1];
5374 			dname_str(xfr->name, zname);
5375 			verbose(VERB_ALGO, "auth zone %s host %s type %s transfer lookup failed", zname, xfr->task_transfer->lookup_target->host, (xfr->task_transfer->lookup_aaaa?"AAAA":"A"));
5376 		}
5377 	}
5378 	if(xfr->task_transfer->lookup_target->list &&
5379 		xfr->task_transfer->lookup_target == xfr_transfer_current_master(xfr))
5380 		xfr->task_transfer->scan_addr = xfr->task_transfer->lookup_target->list;
5381 
5382 	/* move to lookup AAAA after A lookup, move to next hostname lookup,
5383 	 * or move to fetch the zone, or, if nothing to do, end task_transfer */
5384 	xfr_transfer_move_to_next_lookup(xfr, env);
5385 	xfr_transfer_nexttarget_or_end(xfr, env);
5386 }
5387 
5388 /** check if xfer (AXFR or IXFR) packet is OK.
5389  * return false if we lost connection (SERVFAIL, or unreadable).
5390  * return false if we need to move from IXFR to AXFR, with gonextonfail
5391  * 	set to false, so the same master is tried again, but with AXFR.
5392  * return true if fine to link into data.
5393  * return true with transferdone=true when the transfer has ended.
5394  */
5395 static int
5396 check_xfer_packet(sldns_buffer* pkt, struct auth_xfer* xfr,
5397 	int* gonextonfail, int* transferdone)
5398 {
5399 	uint8_t* wire = sldns_buffer_begin(pkt);
5400 	int i;
5401 	if(sldns_buffer_limit(pkt) < LDNS_HEADER_SIZE) {
5402 		verbose(VERB_ALGO, "xfr to %s failed, packet too small",
5403 			xfr->task_transfer->master->host);
5404 		return 0;
5405 	}
5406 	if(!LDNS_QR_WIRE(wire)) {
5407 		verbose(VERB_ALGO, "xfr to %s failed, packet has no QR flag",
5408 			xfr->task_transfer->master->host);
5409 		return 0;
5410 	}
5411 	if(LDNS_TC_WIRE(wire)) {
5412 		verbose(VERB_ALGO, "xfr to %s failed, packet has TC flag",
5413 			xfr->task_transfer->master->host);
5414 		return 0;
5415 	}
5416 	/* check ID */
5417 	if(LDNS_ID_WIRE(wire) != xfr->task_transfer->id) {
5418 		verbose(VERB_ALGO, "xfr to %s failed, packet wrong ID",
5419 			xfr->task_transfer->master->host);
5420 		return 0;
5421 	}
5422 	if(LDNS_RCODE_WIRE(wire) != LDNS_RCODE_NOERROR) {
5423 		char rcode[32];
5424 		sldns_wire2str_rcode_buf((int)LDNS_RCODE_WIRE(wire), rcode,
5425 			sizeof(rcode));
5426 		/* if we are doing IXFR, check for fallback */
5427 		if(xfr->task_transfer->on_ixfr) {
5428 			if(LDNS_RCODE_WIRE(wire) == LDNS_RCODE_NOTIMPL ||
5429 				LDNS_RCODE_WIRE(wire) == LDNS_RCODE_SERVFAIL ||
5430 				LDNS_RCODE_WIRE(wire) == LDNS_RCODE_REFUSED ||
5431 				LDNS_RCODE_WIRE(wire) == LDNS_RCODE_FORMERR) {
5432 				verbose(VERB_ALGO, "xfr to %s, fallback "
5433 					"from IXFR to AXFR (with rcode %s)",
5434 					xfr->task_transfer->master->host,
5435 					rcode);
5436 				xfr->task_transfer->ixfr_fail = 1;
5437 				*gonextonfail = 0;
5438 				return 0;
5439 			}
5440 		}
5441 		verbose(VERB_ALGO, "xfr to %s failed, packet with rcode %s",
5442 			xfr->task_transfer->master->host, rcode);
5443 		return 0;
5444 	}
5445 	if(LDNS_OPCODE_WIRE(wire) != LDNS_PACKET_QUERY) {
5446 		verbose(VERB_ALGO, "xfr to %s failed, packet with bad opcode",
5447 			xfr->task_transfer->master->host);
5448 		return 0;
5449 	}
5450 	if(LDNS_QDCOUNT(wire) > 1) {
5451 		verbose(VERB_ALGO, "xfr to %s failed, packet has qdcount %d",
5452 			xfr->task_transfer->master->host,
5453 			(int)LDNS_QDCOUNT(wire));
5454 		return 0;
5455 	}
5456 
5457 	/* check qname */
5458 	sldns_buffer_set_position(pkt, LDNS_HEADER_SIZE);
5459 	for(i=0; i<(int)LDNS_QDCOUNT(wire); i++) {
5460 		size_t pos = sldns_buffer_position(pkt);
5461 		uint16_t qtype, qclass;
5462 		if(pkt_dname_len(pkt) == 0) {
5463 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5464 				"malformed dname",
5465 				xfr->task_transfer->master->host);
5466 			return 0;
5467 		}
5468 		if(dname_pkt_compare(pkt, sldns_buffer_at(pkt, pos),
5469 			xfr->name) != 0) {
5470 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5471 				"wrong qname",
5472 				xfr->task_transfer->master->host);
5473 			return 0;
5474 		}
5475 		if(sldns_buffer_remaining(pkt) < 4) {
5476 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5477 				"truncated query RR",
5478 				xfr->task_transfer->master->host);
5479 			return 0;
5480 		}
5481 		qtype = sldns_buffer_read_u16(pkt);
5482 		qclass = sldns_buffer_read_u16(pkt);
5483 		if(qclass != xfr->dclass) {
5484 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5485 				"wrong qclass",
5486 				xfr->task_transfer->master->host);
5487 			return 0;
5488 		}
5489 		if(xfr->task_transfer->on_ixfr) {
5490 			if(qtype != LDNS_RR_TYPE_IXFR) {
5491 				verbose(VERB_ALGO, "xfr to %s failed, packet "
5492 					"with wrong qtype, expected IXFR",
5493 				xfr->task_transfer->master->host);
5494 				return 0;
5495 			}
5496 		} else {
5497 			if(qtype != LDNS_RR_TYPE_AXFR) {
5498 				verbose(VERB_ALGO, "xfr to %s failed, packet "
5499 					"with wrong qtype, expected AXFR",
5500 				xfr->task_transfer->master->host);
5501 				return 0;
5502 			}
5503 		}
5504 	}
5505 
5506 	/* check parse of RRs in packet, store first SOA serial
5507 	 * to be able to detect last SOA (with that serial) to see if done */
5508 	/* also check for IXFR 'zone up to date' reply */
5509 	for(i=0; i<(int)LDNS_ANCOUNT(wire); i++) {
5510 		size_t pos = sldns_buffer_position(pkt);
5511 		uint16_t tp, rdlen;
5512 		if(pkt_dname_len(pkt) == 0) {
5513 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5514 				"malformed dname in answer section",
5515 				xfr->task_transfer->master->host);
5516 			return 0;
5517 		}
5518 		if(sldns_buffer_remaining(pkt) < 10) {
5519 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5520 				"truncated RR",
5521 				xfr->task_transfer->master->host);
5522 			return 0;
5523 		}
5524 		tp = sldns_buffer_read_u16(pkt);
5525 		(void)sldns_buffer_read_u16(pkt); /* class */
5526 		(void)sldns_buffer_read_u32(pkt); /* ttl */
5527 		rdlen = sldns_buffer_read_u16(pkt);
5528 		if(sldns_buffer_remaining(pkt) < rdlen) {
5529 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5530 				"truncated RR rdata",
5531 				xfr->task_transfer->master->host);
5532 			return 0;
5533 		}
5534 
5535 		/* RR parses (haven't checked rdata itself), now look at
5536 		 * SOA records to see serial number */
5537 		if(xfr->task_transfer->rr_scan_num == 0 &&
5538 			tp != LDNS_RR_TYPE_SOA) {
5539 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5540 				"malformed zone transfer, no start SOA",
5541 				xfr->task_transfer->master->host);
5542 			return 0;
5543 		}
5544 		if(xfr->task_transfer->rr_scan_num == 1 &&
5545 			tp != LDNS_RR_TYPE_SOA) {
5546 			/* second RR is not a SOA record, this is not an IXFR
5547 			 * the master is replying with an AXFR */
5548 			xfr->task_transfer->on_ixfr_is_axfr = 1;
5549 		}
5550 		if(tp == LDNS_RR_TYPE_SOA) {
5551 			uint32_t serial;
5552 			if(rdlen < 22) {
5553 				verbose(VERB_ALGO, "xfr to %s failed, packet "
5554 					"with SOA with malformed rdata",
5555 					xfr->task_transfer->master->host);
5556 				return 0;
5557 			}
5558 			if(dname_pkt_compare(pkt, sldns_buffer_at(pkt, pos),
5559 				xfr->name) != 0) {
5560 				verbose(VERB_ALGO, "xfr to %s failed, packet "
5561 					"with SOA with wrong dname",
5562 					xfr->task_transfer->master->host);
5563 				return 0;
5564 			}
5565 
5566 			/* read serial number of SOA */
5567 			serial = sldns_buffer_read_u32_at(pkt,
5568 				sldns_buffer_position(pkt)+rdlen-20);
5569 
5570 			/* check for IXFR 'zone has SOA x' reply */
5571 			if(xfr->task_transfer->on_ixfr &&
5572 				xfr->task_transfer->rr_scan_num == 0 &&
5573 				LDNS_ANCOUNT(wire)==1) {
5574 				verbose(VERB_ALGO, "xfr to %s ended, "
5575 					"IXFR reply that zone has serial %u,"
5576 					" fallback from IXFR to AXFR",
5577 					xfr->task_transfer->master->host,
5578 					(unsigned)serial);
5579 				xfr->task_transfer->ixfr_fail = 1;
5580 				*gonextonfail = 0;
5581 				return 0;
5582 			}
5583 
5584 			/* if first SOA, store serial number */
5585 			if(xfr->task_transfer->got_xfr_serial == 0) {
5586 				xfr->task_transfer->got_xfr_serial = 1;
5587 				xfr->task_transfer->incoming_xfr_serial =
5588 					serial;
5589 				verbose(VERB_ALGO, "xfr %s: contains "
5590 					"SOA serial %u",
5591 					xfr->task_transfer->master->host,
5592 					(unsigned)serial);
5593 			/* see if end of AXFR */
5594 			} else if(!xfr->task_transfer->on_ixfr ||
5595 				xfr->task_transfer->on_ixfr_is_axfr) {
5596 				/* second SOA with serial is the end
5597 				 * for AXFR */
5598 				*transferdone = 1;
5599 				verbose(VERB_ALGO, "xfr %s: last AXFR packet",
5600 					xfr->task_transfer->master->host);
5601 			/* for IXFR, count SOA records with that serial */
5602 			} else if(xfr->task_transfer->incoming_xfr_serial ==
5603 				serial && xfr->task_transfer->got_xfr_serial
5604 				== 1) {
5605 				xfr->task_transfer->got_xfr_serial++;
5606 			/* if not first soa, if serial==firstserial, the
5607 			 * third time we are at the end, for IXFR */
5608 			} else if(xfr->task_transfer->incoming_xfr_serial ==
5609 				serial && xfr->task_transfer->got_xfr_serial
5610 				== 2) {
5611 				verbose(VERB_ALGO, "xfr %s: last IXFR packet",
5612 					xfr->task_transfer->master->host);
5613 				*transferdone = 1;
5614 				/* continue parse check, if that succeeds,
5615 				 * transfer is done */
5616 			}
5617 		}
5618 		xfr->task_transfer->rr_scan_num++;
5619 
5620 		/* skip over RR rdata to go to the next RR */
5621 		sldns_buffer_skip(pkt, (ssize_t)rdlen);
5622 	}
5623 
5624 	/* check authority section */
5625 	/* we skip over the RRs checking packet format */
5626 	for(i=0; i<(int)LDNS_NSCOUNT(wire); i++) {
5627 		uint16_t rdlen;
5628 		if(pkt_dname_len(pkt) == 0) {
5629 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5630 				"malformed dname in authority section",
5631 				xfr->task_transfer->master->host);
5632 			return 0;
5633 		}
5634 		if(sldns_buffer_remaining(pkt) < 10) {
5635 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5636 				"truncated RR",
5637 				xfr->task_transfer->master->host);
5638 			return 0;
5639 		}
5640 		(void)sldns_buffer_read_u16(pkt); /* type */
5641 		(void)sldns_buffer_read_u16(pkt); /* class */
5642 		(void)sldns_buffer_read_u32(pkt); /* ttl */
5643 		rdlen = sldns_buffer_read_u16(pkt);
5644 		if(sldns_buffer_remaining(pkt) < rdlen) {
5645 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5646 				"truncated RR rdata",
5647 				xfr->task_transfer->master->host);
5648 			return 0;
5649 		}
5650 		/* skip over RR rdata to go to the next RR */
5651 		sldns_buffer_skip(pkt, (ssize_t)rdlen);
5652 	}
5653 
5654 	/* check additional section */
5655 	for(i=0; i<(int)LDNS_ARCOUNT(wire); i++) {
5656 		uint16_t rdlen;
5657 		if(pkt_dname_len(pkt) == 0) {
5658 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5659 				"malformed dname in additional section",
5660 				xfr->task_transfer->master->host);
5661 			return 0;
5662 		}
5663 		if(sldns_buffer_remaining(pkt) < 10) {
5664 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5665 				"truncated RR",
5666 				xfr->task_transfer->master->host);
5667 			return 0;
5668 		}
5669 		(void)sldns_buffer_read_u16(pkt); /* type */
5670 		(void)sldns_buffer_read_u16(pkt); /* class */
5671 		(void)sldns_buffer_read_u32(pkt); /* ttl */
5672 		rdlen = sldns_buffer_read_u16(pkt);
5673 		if(sldns_buffer_remaining(pkt) < rdlen) {
5674 			verbose(VERB_ALGO, "xfr to %s failed, packet with "
5675 				"truncated RR rdata",
5676 				xfr->task_transfer->master->host);
5677 			return 0;
5678 		}
5679 		/* skip over RR rdata to go to the next RR */
5680 		sldns_buffer_skip(pkt, (ssize_t)rdlen);
5681 	}
5682 
5683 	return 1;
5684 }
5685 
5686 /** Link the data from this packet into the worklist of transferred data */
5687 static int
5688 xfer_link_data(sldns_buffer* pkt, struct auth_xfer* xfr)
5689 {
5690 	/* alloc it */
5691 	struct auth_chunk* e;
5692 	e = (struct auth_chunk*)calloc(1, sizeof(*e));
5693 	if(!e) return 0;
5694 	e->next = NULL;
5695 	e->len = sldns_buffer_limit(pkt);
5696 	e->data = memdup(sldns_buffer_begin(pkt), e->len);
5697 	if(!e->data) {
5698 		free(e);
5699 		return 0;
5700 	}
5701 
5702 	/* alloc succeeded, link into list */
5703 	if(!xfr->task_transfer->chunks_first)
5704 		xfr->task_transfer->chunks_first = e;
5705 	if(xfr->task_transfer->chunks_last)
5706 		xfr->task_transfer->chunks_last->next = e;
5707 	xfr->task_transfer->chunks_last = e;
5708 	return 1;
5709 }
5710 
5711 /** task transfer.  the list of data is complete. process it and if failed
5712  * move to next master, if succeeded, end the task transfer */
5713 static void
5714 process_list_end_transfer(struct auth_xfer* xfr, struct module_env* env)
5715 {
5716 	int ixfr_fail = 0;
5717 	if(xfr_process_chunk_list(xfr, env, &ixfr_fail)) {
5718 		/* it worked! */
5719 		auth_chunks_delete(xfr->task_transfer);
5720 
5721 		/* we fetched the zone, move to wait task */
5722 		xfr_transfer_disown(xfr);
5723 
5724 		if(xfr->notify_received && (!xfr->notify_has_serial ||
5725 			(xfr->notify_has_serial &&
5726 			xfr_serial_means_update(xfr, xfr->notify_serial)))) {
5727 			uint32_t sr = xfr->notify_serial;
5728 			int has_sr = xfr->notify_has_serial;
5729 			/* we received a notify while probe/transfer was
5730 			 * in progress.  start a new probe and transfer */
5731 			xfr->notify_received = 0;
5732 			xfr->notify_has_serial = 0;
5733 			xfr->notify_serial = 0;
5734 			if(!xfr_start_probe(xfr, env, NULL)) {
5735 				/* if we couldn't start it, already in
5736 				 * progress; restore notify serial,
5737 				 * while xfr still locked */
5738 				xfr->notify_received = 1;
5739 				xfr->notify_has_serial = has_sr;
5740 				xfr->notify_serial = sr;
5741 				lock_basic_unlock(&xfr->lock);
5742 			}
5743 			return;
5744 		} else {
5745 			/* pick up the nextprobe task and wait (normail wait time) */
5746 			if(xfr->task_nextprobe->worker == NULL)
5747 				xfr_set_timeout(xfr, env, 0, 0);
5748 		}
5749 		lock_basic_unlock(&xfr->lock);
5750 		return;
5751 	}
5752 	/* processing failed */
5753 	/* when done, delete data from list */
5754 	auth_chunks_delete(xfr->task_transfer);
5755 	if(ixfr_fail) {
5756 		xfr->task_transfer->ixfr_fail = 1;
5757 	} else {
5758 		xfr_transfer_nextmaster(xfr);
5759 	}
5760 	xfr_transfer_nexttarget_or_end(xfr, env);
5761 }
5762 
5763 /** callback for the task_transfer timer */
5764 void
5765 auth_xfer_transfer_timer_callback(void* arg)
5766 {
5767 	struct auth_xfer* xfr = (struct auth_xfer*)arg;
5768 	struct module_env* env;
5769 	int gonextonfail = 1;
5770 	log_assert(xfr->task_transfer);
5771 	lock_basic_lock(&xfr->lock);
5772 	env = xfr->task_transfer->env;
5773 	if(env->outnet->want_to_quit) {
5774 		lock_basic_unlock(&xfr->lock);
5775 		return; /* stop on quit */
5776 	}
5777 
5778 	verbose(VERB_ALGO, "xfr stopped, connection timeout to %s",
5779 		xfr->task_transfer->master->host);
5780 
5781 	/* see if IXFR caused the failure, if so, try AXFR */
5782 	if(xfr->task_transfer->on_ixfr) {
5783 		xfr->task_transfer->ixfr_possible_timeout_count++;
5784 		if(xfr->task_transfer->ixfr_possible_timeout_count >=
5785 			NUM_TIMEOUTS_FALLBACK_IXFR) {
5786 			verbose(VERB_ALGO, "xfr to %s, fallback "
5787 				"from IXFR to AXFR (because of timeouts)",
5788 				xfr->task_transfer->master->host);
5789 			xfr->task_transfer->ixfr_fail = 1;
5790 			gonextonfail = 0;
5791 		}
5792 	}
5793 
5794 	/* delete transferred data from list */
5795 	auth_chunks_delete(xfr->task_transfer);
5796 	comm_point_delete(xfr->task_transfer->cp);
5797 	xfr->task_transfer->cp = NULL;
5798 	if(gonextonfail)
5799 		xfr_transfer_nextmaster(xfr);
5800 	xfr_transfer_nexttarget_or_end(xfr, env);
5801 }
5802 
5803 /** callback for task_transfer tcp connections */
5804 int
5805 auth_xfer_transfer_tcp_callback(struct comm_point* c, void* arg, int err,
5806 	struct comm_reply* ATTR_UNUSED(repinfo))
5807 {
5808 	struct auth_xfer* xfr = (struct auth_xfer*)arg;
5809 	struct module_env* env;
5810 	int gonextonfail = 1;
5811 	int transferdone = 0;
5812 	log_assert(xfr->task_transfer);
5813 	lock_basic_lock(&xfr->lock);
5814 	env = xfr->task_transfer->env;
5815 	if(env->outnet->want_to_quit) {
5816 		lock_basic_unlock(&xfr->lock);
5817 		return 0; /* stop on quit */
5818 	}
5819 	/* stop the timer */
5820 	comm_timer_disable(xfr->task_transfer->timer);
5821 
5822 	if(err != NETEVENT_NOERROR) {
5823 		/* connection failed, closed, or timeout */
5824 		/* stop this transfer, cleanup
5825 		 * and continue task_transfer*/
5826 		verbose(VERB_ALGO, "xfr stopped, connection lost to %s",
5827 			xfr->task_transfer->master->host);
5828 
5829 		/* see if IXFR caused the failure, if so, try AXFR */
5830 		if(xfr->task_transfer->on_ixfr) {
5831 			xfr->task_transfer->ixfr_possible_timeout_count++;
5832 			if(xfr->task_transfer->ixfr_possible_timeout_count >=
5833 				NUM_TIMEOUTS_FALLBACK_IXFR) {
5834 				verbose(VERB_ALGO, "xfr to %s, fallback "
5835 					"from IXFR to AXFR (because of timeouts)",
5836 					xfr->task_transfer->master->host);
5837 				xfr->task_transfer->ixfr_fail = 1;
5838 				gonextonfail = 0;
5839 			}
5840 		}
5841 
5842 	failed:
5843 		/* delete transferred data from list */
5844 		auth_chunks_delete(xfr->task_transfer);
5845 		comm_point_delete(xfr->task_transfer->cp);
5846 		xfr->task_transfer->cp = NULL;
5847 		if(gonextonfail)
5848 			xfr_transfer_nextmaster(xfr);
5849 		xfr_transfer_nexttarget_or_end(xfr, env);
5850 		return 0;
5851 	}
5852 	/* note that IXFR worked without timeout */
5853 	if(xfr->task_transfer->on_ixfr)
5854 		xfr->task_transfer->ixfr_possible_timeout_count = 0;
5855 
5856 	/* handle returned packet */
5857 	/* if it fails, cleanup and end this transfer */
5858 	/* if it needs to fallback from IXFR to AXFR, do that */
5859 	if(!check_xfer_packet(c->buffer, xfr, &gonextonfail, &transferdone)) {
5860 		goto failed;
5861 	}
5862 	/* if it is good, link it into the list of data */
5863 	/* if the link into list of data fails (malloc fail) cleanup and end */
5864 	if(!xfer_link_data(c->buffer, xfr)) {
5865 		verbose(VERB_ALGO, "xfr stopped to %s, malloc failed",
5866 			xfr->task_transfer->master->host);
5867 		goto failed;
5868 	}
5869 	/* if the transfer is done now, disconnect and process the list */
5870 	if(transferdone) {
5871 		comm_point_delete(xfr->task_transfer->cp);
5872 		xfr->task_transfer->cp = NULL;
5873 		process_list_end_transfer(xfr, env);
5874 		return 0;
5875 	}
5876 
5877 	/* if we want to read more messages, setup the commpoint to read
5878 	 * a DNS packet, and the timeout */
5879 	lock_basic_unlock(&xfr->lock);
5880 	c->tcp_is_reading = 1;
5881 	sldns_buffer_clear(c->buffer);
5882 	comm_point_start_listening(c, -1, AUTH_TRANSFER_TIMEOUT);
5883 	return 0;
5884 }
5885 
5886 /** callback for task_transfer http connections */
5887 int
5888 auth_xfer_transfer_http_callback(struct comm_point* c, void* arg, int err,
5889 	struct comm_reply* repinfo)
5890 {
5891 	struct auth_xfer* xfr = (struct auth_xfer*)arg;
5892 	struct module_env* env;
5893 	log_assert(xfr->task_transfer);
5894 	lock_basic_lock(&xfr->lock);
5895 	env = xfr->task_transfer->env;
5896 	if(env->outnet->want_to_quit) {
5897 		lock_basic_unlock(&xfr->lock);
5898 		return 0; /* stop on quit */
5899 	}
5900 	verbose(VERB_ALGO, "auth zone transfer http callback");
5901 	/* stop the timer */
5902 	comm_timer_disable(xfr->task_transfer->timer);
5903 
5904 	if(err != NETEVENT_NOERROR && err != NETEVENT_DONE) {
5905 		/* connection failed, closed, or timeout */
5906 		/* stop this transfer, cleanup
5907 		 * and continue task_transfer*/
5908 		verbose(VERB_ALGO, "http stopped, connection lost to %s",
5909 			xfr->task_transfer->master->host);
5910 	failed:
5911 		/* delete transferred data from list */
5912 		auth_chunks_delete(xfr->task_transfer);
5913 		if(repinfo) repinfo->c = NULL; /* signal cp deleted to
5914 				the routine calling this callback */
5915 		comm_point_delete(xfr->task_transfer->cp);
5916 		xfr->task_transfer->cp = NULL;
5917 		xfr_transfer_nextmaster(xfr);
5918 		xfr_transfer_nexttarget_or_end(xfr, env);
5919 		return 0;
5920 	}
5921 
5922 	/* if it is good, link it into the list of data */
5923 	/* if the link into list of data fails (malloc fail) cleanup and end */
5924 	if(sldns_buffer_limit(c->buffer) > 0) {
5925 		verbose(VERB_ALGO, "auth zone http queued up %d bytes",
5926 			(int)sldns_buffer_limit(c->buffer));
5927 		if(!xfer_link_data(c->buffer, xfr)) {
5928 			verbose(VERB_ALGO, "http stopped to %s, malloc failed",
5929 				xfr->task_transfer->master->host);
5930 			goto failed;
5931 		}
5932 	}
5933 	/* if the transfer is done now, disconnect and process the list */
5934 	if(err == NETEVENT_DONE) {
5935 		if(repinfo) repinfo->c = NULL; /* signal cp deleted to
5936 				the routine calling this callback */
5937 		comm_point_delete(xfr->task_transfer->cp);
5938 		xfr->task_transfer->cp = NULL;
5939 		process_list_end_transfer(xfr, env);
5940 		return 0;
5941 	}
5942 
5943 	/* if we want to read more messages, setup the commpoint to read
5944 	 * a DNS packet, and the timeout */
5945 	lock_basic_unlock(&xfr->lock);
5946 	c->tcp_is_reading = 1;
5947 	sldns_buffer_clear(c->buffer);
5948 	comm_point_start_listening(c, -1, AUTH_TRANSFER_TIMEOUT);
5949 	return 0;
5950 }
5951 
5952 
5953 /** start transfer task by this worker , xfr is locked. */
5954 static void
5955 xfr_start_transfer(struct auth_xfer* xfr, struct module_env* env,
5956 	struct auth_master* master)
5957 {
5958 	log_assert(xfr->task_transfer != NULL);
5959 	log_assert(xfr->task_transfer->worker == NULL);
5960 	log_assert(xfr->task_transfer->chunks_first == NULL);
5961 	log_assert(xfr->task_transfer->chunks_last == NULL);
5962 	xfr->task_transfer->worker = env->worker;
5963 	xfr->task_transfer->env = env;
5964 
5965 	/* init transfer process */
5966 	/* find that master in the transfer's list of masters? */
5967 	xfr_transfer_start_list(xfr, master);
5968 	/* start lookup for hostnames in transfer master list */
5969 	xfr_transfer_start_lookups(xfr);
5970 
5971 	/* initiate TCP, and set timeout on it */
5972 	xfr_transfer_nexttarget_or_end(xfr, env);
5973 }
5974 
5975 /** disown task_probe.  caller must hold xfr.lock */
5976 static void
5977 xfr_probe_disown(struct auth_xfer* xfr)
5978 {
5979 	/* remove timer (from this worker's event base) */
5980 	comm_timer_delete(xfr->task_probe->timer);
5981 	xfr->task_probe->timer = NULL;
5982 	/* remove the commpoint */
5983 	comm_point_delete(xfr->task_probe->cp);
5984 	xfr->task_probe->cp = NULL;
5985 	/* we don't own this item anymore */
5986 	xfr->task_probe->worker = NULL;
5987 	xfr->task_probe->env = NULL;
5988 }
5989 
5990 /** send the UDP probe to the master, this is part of task_probe */
5991 static int
5992 xfr_probe_send_probe(struct auth_xfer* xfr, struct module_env* env,
5993 	int timeout)
5994 {
5995 	struct sockaddr_storage addr;
5996 	socklen_t addrlen = 0;
5997 	struct timeval t;
5998 	/* pick master */
5999 	struct auth_master* master = xfr_probe_current_master(xfr);
6000 	char *auth_name = NULL;
6001 	if(!master) return 0;
6002 	if(master->allow_notify) return 0; /* only for notify */
6003 	if(master->http) return 0; /* only masters get SOA UDP probe,
6004 		not urls, if those are in this list */
6005 
6006 	/* get master addr */
6007 	if(xfr->task_probe->scan_addr) {
6008 		addrlen = xfr->task_probe->scan_addr->addrlen;
6009 		memmove(&addr, &xfr->task_probe->scan_addr->addr, addrlen);
6010 	} else {
6011 		if(!authextstrtoaddr(master->host, &addr, &addrlen, &auth_name)) {
6012 			/* the ones that are not in addr format are supposed
6013 			 * to be looked up.  The lookup has failed however,
6014 			 * so skip them */
6015 			char zname[255+1];
6016 			dname_str(xfr->name, zname);
6017 			log_err("%s: failed lookup, cannot probe to master %s",
6018 				zname, master->host);
6019 			return 0;
6020 		}
6021 		if (auth_name != NULL) {
6022 			if (addr.ss_family == AF_INET
6023 			&&  (int)ntohs(((struct sockaddr_in *)&addr)->sin_port)
6024 		            == env->cfg->ssl_port)
6025 				((struct sockaddr_in *)&addr)->sin_port
6026 					= htons((uint16_t)env->cfg->port);
6027 			else if (addr.ss_family == AF_INET6
6028 			&&  (int)ntohs(((struct sockaddr_in6 *)&addr)->sin6_port)
6029 		            == env->cfg->ssl_port)
6030                         	((struct sockaddr_in6 *)&addr)->sin6_port
6031 					= htons((uint16_t)env->cfg->port);
6032 		}
6033 	}
6034 
6035 	/* create packet */
6036 	/* create new ID for new probes, but not on timeout retries,
6037 	 * this means we'll accept replies to previous retries to same ip */
6038 	if(timeout == AUTH_PROBE_TIMEOUT)
6039 		xfr->task_probe->id = (uint16_t)(ub_random(env->rnd)&0xffff);
6040 	xfr_create_soa_probe_packet(xfr, env->scratch_buffer,
6041 		xfr->task_probe->id);
6042 	/* we need to remove the cp if we have a different ip4/ip6 type now */
6043 	if(xfr->task_probe->cp &&
6044 		((xfr->task_probe->cp_is_ip6 && !addr_is_ip6(&addr, addrlen)) ||
6045 		(!xfr->task_probe->cp_is_ip6 && addr_is_ip6(&addr, addrlen)))
6046 		) {
6047 		comm_point_delete(xfr->task_probe->cp);
6048 		xfr->task_probe->cp = NULL;
6049 	}
6050 	if(!xfr->task_probe->cp) {
6051 		if(addr_is_ip6(&addr, addrlen))
6052 			xfr->task_probe->cp_is_ip6 = 1;
6053 		else 	xfr->task_probe->cp_is_ip6 = 0;
6054 		xfr->task_probe->cp = outnet_comm_point_for_udp(env->outnet,
6055 			auth_xfer_probe_udp_callback, xfr, &addr, addrlen);
6056 		if(!xfr->task_probe->cp) {
6057 			char zname[255+1], as[256];
6058 			dname_str(xfr->name, zname);
6059 			addr_to_str(&addr, addrlen, as, sizeof(as));
6060 			verbose(VERB_ALGO, "cannot create udp cp for "
6061 				"probe %s to %s", zname, as);
6062 			return 0;
6063 		}
6064 	}
6065 	if(!xfr->task_probe->timer) {
6066 		xfr->task_probe->timer = comm_timer_create(env->worker_base,
6067 			auth_xfer_probe_timer_callback, xfr);
6068 		if(!xfr->task_probe->timer) {
6069 			log_err("malloc failure");
6070 			return 0;
6071 		}
6072 	}
6073 
6074 	/* send udp packet */
6075 	if(!comm_point_send_udp_msg(xfr->task_probe->cp, env->scratch_buffer,
6076 		(struct sockaddr*)&addr, addrlen)) {
6077 		char zname[255+1], as[256];
6078 		dname_str(xfr->name, zname);
6079 		addr_to_str(&addr, addrlen, as, sizeof(as));
6080 		verbose(VERB_ALGO, "failed to send soa probe for %s to %s",
6081 			zname, as);
6082 		return 0;
6083 	}
6084 	if(verbosity >= VERB_ALGO) {
6085 		char zname[255+1], as[256];
6086 		dname_str(xfr->name, zname);
6087 		addr_to_str(&addr, addrlen, as, sizeof(as));
6088 		verbose(VERB_ALGO, "auth zone %s soa probe sent to %s", zname,
6089 			as);
6090 	}
6091 	xfr->task_probe->timeout = timeout;
6092 #ifndef S_SPLINT_S
6093 	t.tv_sec = timeout/1000;
6094 	t.tv_usec = (timeout%1000)*1000;
6095 #endif
6096 	comm_timer_set(xfr->task_probe->timer, &t);
6097 
6098 	return 1;
6099 }
6100 
6101 /** callback for task_probe timer */
6102 void
6103 auth_xfer_probe_timer_callback(void* arg)
6104 {
6105 	struct auth_xfer* xfr = (struct auth_xfer*)arg;
6106 	struct module_env* env;
6107 	log_assert(xfr->task_probe);
6108 	lock_basic_lock(&xfr->lock);
6109 	env = xfr->task_probe->env;
6110 	if(env->outnet->want_to_quit) {
6111 		lock_basic_unlock(&xfr->lock);
6112 		return; /* stop on quit */
6113 	}
6114 
6115 	if(verbosity >= VERB_ALGO) {
6116 		char zname[255+1];
6117 		dname_str(xfr->name, zname);
6118 		verbose(VERB_ALGO, "auth zone %s soa probe timeout", zname);
6119 	}
6120 	if(xfr->task_probe->timeout <= AUTH_PROBE_TIMEOUT_STOP) {
6121 		/* try again with bigger timeout */
6122 		if(xfr_probe_send_probe(xfr, env, xfr->task_probe->timeout*2)) {
6123 			lock_basic_unlock(&xfr->lock);
6124 			return;
6125 		}
6126 	}
6127 	/* delete commpoint so a new one is created, with a fresh port nr */
6128 	comm_point_delete(xfr->task_probe->cp);
6129 	xfr->task_probe->cp = NULL;
6130 
6131 	/* too many timeouts (or fail to send), move to next or end */
6132 	xfr_probe_nextmaster(xfr);
6133 	xfr_probe_send_or_end(xfr, env);
6134 }
6135 
6136 /** callback for task_probe udp packets */
6137 int
6138 auth_xfer_probe_udp_callback(struct comm_point* c, void* arg, int err,
6139 	struct comm_reply* repinfo)
6140 {
6141 	struct auth_xfer* xfr = (struct auth_xfer*)arg;
6142 	struct module_env* env;
6143 	log_assert(xfr->task_probe);
6144 	lock_basic_lock(&xfr->lock);
6145 	env = xfr->task_probe->env;
6146 	if(env->outnet->want_to_quit) {
6147 		lock_basic_unlock(&xfr->lock);
6148 		return 0; /* stop on quit */
6149 	}
6150 
6151 	/* the comm_point_udp_callback is in a for loop for NUM_UDP_PER_SELECT
6152 	 * and we set rep.c=NULL to stop if from looking inside the commpoint*/
6153 	repinfo->c = NULL;
6154 	/* stop the timer */
6155 	comm_timer_disable(xfr->task_probe->timer);
6156 
6157 	/* see if we got a packet and what that means */
6158 	if(err == NETEVENT_NOERROR) {
6159 		uint32_t serial = 0;
6160 		if(check_packet_ok(c->buffer, LDNS_RR_TYPE_SOA, xfr,
6161 			&serial)) {
6162 			/* successful lookup */
6163 			if(verbosity >= VERB_ALGO) {
6164 				char buf[256];
6165 				dname_str(xfr->name, buf);
6166 				verbose(VERB_ALGO, "auth zone %s: soa probe "
6167 					"serial is %u", buf, (unsigned)serial);
6168 			}
6169 			/* see if this serial indicates that the zone has
6170 			 * to be updated */
6171 			if(xfr_serial_means_update(xfr, serial)) {
6172 				/* if updated, start the transfer task, if needed */
6173 				verbose(VERB_ALGO, "auth_zone updated, start transfer");
6174 				if(xfr->task_transfer->worker == NULL) {
6175 					struct auth_master* master =
6176 						xfr_probe_current_master(xfr);
6177 					/* if we have download URLs use them
6178 					 * in preference to this master we
6179 					 * just probed the SOA from */
6180 					if(xfr->task_transfer->masters &&
6181 						xfr->task_transfer->masters->http)
6182 						master = NULL;
6183 					xfr_probe_disown(xfr);
6184 					xfr_start_transfer(xfr, env, master);
6185 					return 0;
6186 
6187 				}
6188 				/* other tasks are running, we don't do this anymore */
6189 				xfr_probe_disown(xfr);
6190 				lock_basic_unlock(&xfr->lock);
6191 				/* return, we don't sent a reply to this udp packet,
6192 				 * and we setup the tasks to do next */
6193 				return 0;
6194 			} else {
6195 				verbose(VERB_ALGO, "auth_zone master reports unchanged soa serial");
6196 				/* we if cannot find updates amongst the
6197 				 * masters, this means we then have a new lease
6198 				 * on the zone */
6199 				xfr->task_probe->have_new_lease = 1;
6200 			}
6201 		} else {
6202 			if(verbosity >= VERB_ALGO) {
6203 				char buf[256];
6204 				dname_str(xfr->name, buf);
6205 				verbose(VERB_ALGO, "auth zone %s: bad reply to soa probe", buf);
6206 			}
6207 		}
6208 	} else {
6209 		if(verbosity >= VERB_ALGO) {
6210 			char buf[256];
6211 			dname_str(xfr->name, buf);
6212 			verbose(VERB_ALGO, "auth zone %s: soa probe failed", buf);
6213 		}
6214 	}
6215 
6216 	/* failed lookup or not an update */
6217 	/* delete commpoint so a new one is created, with a fresh port nr */
6218 	comm_point_delete(xfr->task_probe->cp);
6219 	xfr->task_probe->cp = NULL;
6220 
6221 	/* if the result was not a successfull probe, we need
6222 	 * to send the next one */
6223 	xfr_probe_nextmaster(xfr);
6224 	xfr_probe_send_or_end(xfr, env);
6225 	return 0;
6226 }
6227 
6228 /** lookup a host name for its addresses, if needed */
6229 static int
6230 xfr_probe_lookup_host(struct auth_xfer* xfr, struct module_env* env)
6231 {
6232 	struct sockaddr_storage addr;
6233 	socklen_t addrlen = 0;
6234 	struct auth_master* master = xfr->task_probe->lookup_target;
6235 	struct query_info qinfo;
6236 	uint16_t qflags = BIT_RD;
6237 	uint8_t dname[LDNS_MAX_DOMAINLEN+1];
6238 	struct edns_data edns;
6239 	sldns_buffer* buf = env->scratch_buffer;
6240 	if(!master) return 0;
6241 	if(extstrtoaddr(master->host, &addr, &addrlen)) {
6242 		/* not needed, host is in IP addr format */
6243 		return 0;
6244 	}
6245 	if(master->allow_notify && !master->http &&
6246 		strchr(master->host, '/') != NULL &&
6247 		strchr(master->host, '/') == strrchr(master->host, '/')) {
6248 		return 0; /* is IP/prefix format, not something to look up */
6249 	}
6250 
6251 	/* use mesh_new_callback to probe for non-addr hosts,
6252 	 * and then wait for them to be looked up (in cache, or query) */
6253 	qinfo.qname_len = sizeof(dname);
6254 	if(sldns_str2wire_dname_buf(master->host, dname, &qinfo.qname_len)
6255 		!= 0) {
6256 		log_err("cannot parse host name of master %s", master->host);
6257 		return 0;
6258 	}
6259 	qinfo.qname = dname;
6260 	qinfo.qclass = xfr->dclass;
6261 	qinfo.qtype = LDNS_RR_TYPE_A;
6262 	if(xfr->task_probe->lookup_aaaa)
6263 		qinfo.qtype = LDNS_RR_TYPE_AAAA;
6264 	qinfo.local_alias = NULL;
6265 	if(verbosity >= VERB_ALGO) {
6266 		char buf1[512];
6267 		char buf2[LDNS_MAX_DOMAINLEN+1];
6268 		dname_str(xfr->name, buf2);
6269 		snprintf(buf1, sizeof(buf1), "auth zone %s: master lookup"
6270 			" for task_probe", buf2);
6271 		log_query_info(VERB_ALGO, buf1, &qinfo);
6272 	}
6273 	edns.edns_present = 1;
6274 	edns.ext_rcode = 0;
6275 	edns.edns_version = 0;
6276 	edns.bits = EDNS_DO;
6277 	edns.opt_list = NULL;
6278 	if(sldns_buffer_capacity(buf) < 65535)
6279 		edns.udp_size = (uint16_t)sldns_buffer_capacity(buf);
6280 	else	edns.udp_size = 65535;
6281 
6282 	/* unlock xfr during mesh_new_callback() because the callback can be
6283 	 * called straight away */
6284 	lock_basic_unlock(&xfr->lock);
6285 	if(!mesh_new_callback(env->mesh, &qinfo, qflags, &edns, buf, 0,
6286 		&auth_xfer_probe_lookup_callback, xfr)) {
6287 		lock_basic_lock(&xfr->lock);
6288 		log_err("out of memory lookup up master %s", master->host);
6289 		return 0;
6290 	}
6291 	lock_basic_lock(&xfr->lock);
6292 	return 1;
6293 }
6294 
6295 /** move to sending the probe packets, next if fails. task_probe */
6296 static void
6297 xfr_probe_send_or_end(struct auth_xfer* xfr, struct module_env* env)
6298 {
6299 	/* are we doing hostname lookups? */
6300 	while(xfr->task_probe->lookup_target) {
6301 		if(xfr_probe_lookup_host(xfr, env)) {
6302 			/* wait for lookup to finish,
6303 			 * note that the hostname may be in unbound's cache
6304 			 * and we may then get an instant cache response,
6305 			 * and that calls the callback just like a full
6306 			 * lookup and lookup failures also call callback */
6307 			if(verbosity >= VERB_ALGO) {
6308 				char zname[255+1];
6309 				dname_str(xfr->name, zname);
6310 				verbose(VERB_ALGO, "auth zone %s probe next target lookup", zname);
6311 			}
6312 			lock_basic_unlock(&xfr->lock);
6313 			return;
6314 		}
6315 		xfr_probe_move_to_next_lookup(xfr, env);
6316 	}
6317 	/* probe of list has ended.  Create or refresh the list of of
6318 	 * allow_notify addrs */
6319 	probe_copy_masters_for_allow_notify(xfr);
6320 	if(verbosity >= VERB_ALGO) {
6321 		char zname[255+1];
6322 		dname_str(xfr->name, zname);
6323 		verbose(VERB_ALGO, "auth zone %s probe: notify addrs updated", zname);
6324 	}
6325 	if(xfr->task_probe->only_lookup) {
6326 		/* only wanted lookups for copy, stop probe and start wait */
6327 		xfr->task_probe->only_lookup = 0;
6328 		if(verbosity >= VERB_ALGO) {
6329 			char zname[255+1];
6330 			dname_str(xfr->name, zname);
6331 			verbose(VERB_ALGO, "auth zone %s probe: finished only_lookup", zname);
6332 		}
6333 		xfr_probe_disown(xfr);
6334 		if(xfr->task_nextprobe->worker == NULL)
6335 			xfr_set_timeout(xfr, env, 0, 0);
6336 		lock_basic_unlock(&xfr->lock);
6337 		return;
6338 	}
6339 
6340 	/* send probe packets */
6341 	while(!xfr_probe_end_of_list(xfr)) {
6342 		if(xfr_probe_send_probe(xfr, env, AUTH_PROBE_TIMEOUT)) {
6343 			/* successfully sent probe, wait for callback */
6344 			lock_basic_unlock(&xfr->lock);
6345 			return;
6346 		}
6347 		/* failed to send probe, next master */
6348 		xfr_probe_nextmaster(xfr);
6349 	}
6350 
6351 	/* done with probe sequence, wait */
6352 	if(xfr->task_probe->have_new_lease) {
6353 		/* if zone not updated, start the wait timer again */
6354 		if(verbosity >= VERB_ALGO) {
6355 			char zname[255+1];
6356 			dname_str(xfr->name, zname);
6357 			verbose(VERB_ALGO, "auth_zone %s unchanged, new lease, wait", zname);
6358 		}
6359 		xfr_probe_disown(xfr);
6360 		if(xfr->have_zone)
6361 			xfr->lease_time = *env->now;
6362 		if(xfr->task_nextprobe->worker == NULL)
6363 			xfr_set_timeout(xfr, env, 0, 0);
6364 	} else {
6365 		if(verbosity >= VERB_ALGO) {
6366 			char zname[255+1];
6367 			dname_str(xfr->name, zname);
6368 			verbose(VERB_ALGO, "auth zone %s soa probe failed, wait to retry", zname);
6369 		}
6370 		/* we failed to send this as well, move to the wait task,
6371 		 * use the shorter retry timeout */
6372 		xfr_probe_disown(xfr);
6373 		/* pick up the nextprobe task and wait */
6374 		if(xfr->task_nextprobe->worker == NULL)
6375 			xfr_set_timeout(xfr, env, 1, 0);
6376 	}
6377 
6378 	lock_basic_unlock(&xfr->lock);
6379 }
6380 
6381 /** callback for task_probe lookup of host name, of A or AAAA */
6382 void auth_xfer_probe_lookup_callback(void* arg, int rcode, sldns_buffer* buf,
6383 	enum sec_status ATTR_UNUSED(sec), char* ATTR_UNUSED(why_bogus),
6384 	int ATTR_UNUSED(was_ratelimited))
6385 {
6386 	struct auth_xfer* xfr = (struct auth_xfer*)arg;
6387 	struct module_env* env;
6388 	log_assert(xfr->task_probe);
6389 	lock_basic_lock(&xfr->lock);
6390 	env = xfr->task_probe->env;
6391 	if(env->outnet->want_to_quit) {
6392 		lock_basic_unlock(&xfr->lock);
6393 		return; /* stop on quit */
6394 	}
6395 
6396 	/* process result */
6397 	if(rcode == LDNS_RCODE_NOERROR) {
6398 		uint16_t wanted_qtype = LDNS_RR_TYPE_A;
6399 		struct regional* temp = env->scratch;
6400 		struct query_info rq;
6401 		struct reply_info* rep;
6402 		if(xfr->task_probe->lookup_aaaa)
6403 			wanted_qtype = LDNS_RR_TYPE_AAAA;
6404 		memset(&rq, 0, sizeof(rq));
6405 		rep = parse_reply_in_temp_region(buf, temp, &rq);
6406 		if(rep && rq.qtype == wanted_qtype &&
6407 			FLAGS_GET_RCODE(rep->flags) == LDNS_RCODE_NOERROR) {
6408 			/* parsed successfully */
6409 			struct ub_packed_rrset_key* answer =
6410 				reply_find_answer_rrset(&rq, rep);
6411 			if(answer) {
6412 				xfr_master_add_addrs(xfr->task_probe->
6413 					lookup_target, answer, wanted_qtype);
6414 			} else {
6415 				if(verbosity >= VERB_ALGO) {
6416 					char zname[255+1];
6417 					dname_str(xfr->name, zname);
6418 					verbose(VERB_ALGO, "auth zone %s host %s type %s probe lookup has nodata", zname, xfr->task_probe->lookup_target->host, (xfr->task_probe->lookup_aaaa?"AAAA":"A"));
6419 				}
6420 			}
6421 		} else {
6422 			if(verbosity >= VERB_ALGO) {
6423 				char zname[255+1];
6424 				dname_str(xfr->name, zname);
6425 				verbose(VERB_ALGO, "auth zone %s host %s type %s probe lookup has no address", zname, xfr->task_probe->lookup_target->host, (xfr->task_probe->lookup_aaaa?"AAAA":"A"));
6426 			}
6427 		}
6428 	} else {
6429 		if(verbosity >= VERB_ALGO) {
6430 			char zname[255+1];
6431 			dname_str(xfr->name, zname);
6432 			verbose(VERB_ALGO, "auth zone %s host %s type %s probe lookup failed", zname, xfr->task_probe->lookup_target->host, (xfr->task_probe->lookup_aaaa?"AAAA":"A"));
6433 		}
6434 	}
6435 	if(xfr->task_probe->lookup_target->list &&
6436 		xfr->task_probe->lookup_target == xfr_probe_current_master(xfr))
6437 		xfr->task_probe->scan_addr = xfr->task_probe->lookup_target->list;
6438 
6439 	/* move to lookup AAAA after A lookup, move to next hostname lookup,
6440 	 * or move to send the probes, or, if nothing to do, end task_probe */
6441 	xfr_probe_move_to_next_lookup(xfr, env);
6442 	xfr_probe_send_or_end(xfr, env);
6443 }
6444 
6445 /** disown task_nextprobe.  caller must hold xfr.lock */
6446 static void
6447 xfr_nextprobe_disown(struct auth_xfer* xfr)
6448 {
6449 	/* delete the timer, because the next worker to pick this up may
6450 	 * not have the same event base */
6451 	comm_timer_delete(xfr->task_nextprobe->timer);
6452 	xfr->task_nextprobe->timer = NULL;
6453 	xfr->task_nextprobe->next_probe = 0;
6454 	/* we don't own this item anymore */
6455 	xfr->task_nextprobe->worker = NULL;
6456 	xfr->task_nextprobe->env = NULL;
6457 }
6458 
6459 /** xfer nextprobe timeout callback, this is part of task_nextprobe */
6460 void
6461 auth_xfer_timer(void* arg)
6462 {
6463 	struct auth_xfer* xfr = (struct auth_xfer*)arg;
6464 	struct module_env* env;
6465 	log_assert(xfr->task_nextprobe);
6466 	lock_basic_lock(&xfr->lock);
6467 	env = xfr->task_nextprobe->env;
6468 	if(env->outnet->want_to_quit) {
6469 		lock_basic_unlock(&xfr->lock);
6470 		return; /* stop on quit */
6471 	}
6472 
6473 	/* see if zone has expired, and if so, also set auth_zone expired */
6474 	if(xfr->have_zone && !xfr->zone_expired &&
6475 	   *env->now >= xfr->lease_time + xfr->expiry) {
6476 		lock_basic_unlock(&xfr->lock);
6477 		auth_xfer_set_expired(xfr, env, 1);
6478 		lock_basic_lock(&xfr->lock);
6479 	}
6480 
6481 	xfr_nextprobe_disown(xfr);
6482 
6483 	if(!xfr_start_probe(xfr, env, NULL)) {
6484 		/* not started because already in progress */
6485 		lock_basic_unlock(&xfr->lock);
6486 	}
6487 }
6488 
6489 /** return true if there are probe (SOA UDP query) targets in the master list*/
6490 static int
6491 have_probe_targets(struct auth_master* list)
6492 {
6493 	struct auth_master* p;
6494 	for(p=list; p; p = p->next) {
6495 		if(!p->allow_notify && p->host)
6496 			return 1;
6497 	}
6498 	return 0;
6499 }
6500 
6501 /** start task_probe if possible, if no masters for probe start task_transfer
6502  * returns true if task has been started, and false if the task is already
6503  * in progress. */
6504 static int
6505 xfr_start_probe(struct auth_xfer* xfr, struct module_env* env,
6506 	struct auth_master* spec)
6507 {
6508 	/* see if we need to start a probe (or maybe it is already in
6509 	 * progress (due to notify)) */
6510 	if(xfr->task_probe->worker == NULL) {
6511 		if(!have_probe_targets(xfr->task_probe->masters) &&
6512 			!(xfr->task_probe->only_lookup &&
6513 			xfr->task_probe->masters != NULL)) {
6514 			/* useless to pick up task_probe, no masters to
6515 			 * probe. Instead attempt to pick up task transfer */
6516 			if(xfr->task_transfer->worker == NULL) {
6517 				xfr_start_transfer(xfr, env, spec);
6518 				return 1;
6519 			}
6520 			/* task transfer already in progress */
6521 			return 0;
6522 		}
6523 
6524 		/* pick up the probe task ourselves */
6525 		xfr->task_probe->worker = env->worker;
6526 		xfr->task_probe->env = env;
6527 		xfr->task_probe->cp = NULL;
6528 
6529 		/* start the task */
6530 		/* have not seen a new lease yet, this scan */
6531 		xfr->task_probe->have_new_lease = 0;
6532 		/* if this was a timeout, no specific first master to scan */
6533 		/* otherwise, spec is nonNULL the notified master, scan
6534 		 * first and also transfer first from it */
6535 		xfr_probe_start_list(xfr, spec);
6536 		/* setup to start the lookup of hostnames of masters afresh */
6537 		xfr_probe_start_lookups(xfr);
6538 		/* send the probe packet or next send, or end task */
6539 		xfr_probe_send_or_end(xfr, env);
6540 		return 1;
6541 	}
6542 	return 0;
6543 }
6544 
6545 /** for task_nextprobe.
6546  * determine next timeout for auth_xfer. Also (re)sets timer.
6547  * @param xfr: task structure
6548  * @param env: module environment, with worker and time.
6549  * @param failure: set true if timer should be set for failure retry.
6550  * @param lookup_only: only perform lookups when timer done, 0 sec timeout
6551  */
6552 static void
6553 xfr_set_timeout(struct auth_xfer* xfr, struct module_env* env,
6554 	int failure, int lookup_only)
6555 {
6556 	struct timeval tv;
6557 	log_assert(xfr->task_nextprobe != NULL);
6558 	log_assert(xfr->task_nextprobe->worker == NULL ||
6559 		xfr->task_nextprobe->worker == env->worker);
6560 	/* normally, nextprobe = startoflease + refresh,
6561 	 * but if expiry is sooner, use that one.
6562 	 * after a failure, use the retry timer instead. */
6563 	xfr->task_nextprobe->next_probe = *env->now;
6564 	if(xfr->lease_time && !failure)
6565 		xfr->task_nextprobe->next_probe = xfr->lease_time;
6566 
6567 	if(!failure) {
6568 		xfr->task_nextprobe->backoff = 0;
6569 	} else {
6570 		if(xfr->task_nextprobe->backoff == 0)
6571 				xfr->task_nextprobe->backoff = 3;
6572 		else	xfr->task_nextprobe->backoff *= 2;
6573 		if(xfr->task_nextprobe->backoff > AUTH_TRANSFER_MAX_BACKOFF)
6574 			xfr->task_nextprobe->backoff =
6575 				AUTH_TRANSFER_MAX_BACKOFF;
6576 	}
6577 
6578 	if(xfr->have_zone) {
6579 		time_t wait = xfr->refresh;
6580 		if(failure) wait = xfr->retry;
6581 		if(xfr->expiry < wait)
6582 			xfr->task_nextprobe->next_probe += xfr->expiry;
6583 		else	xfr->task_nextprobe->next_probe += wait;
6584 		if(failure)
6585 			xfr->task_nextprobe->next_probe +=
6586 				xfr->task_nextprobe->backoff;
6587 		/* put the timer exactly on expiry, if possible */
6588 		if(xfr->lease_time && xfr->lease_time+xfr->expiry <
6589 			xfr->task_nextprobe->next_probe &&
6590 			xfr->lease_time+xfr->expiry > *env->now)
6591 			xfr->task_nextprobe->next_probe =
6592 				xfr->lease_time+xfr->expiry;
6593 	} else {
6594 		xfr->task_nextprobe->next_probe +=
6595 			xfr->task_nextprobe->backoff;
6596 	}
6597 
6598 	if(!xfr->task_nextprobe->timer) {
6599 		xfr->task_nextprobe->timer = comm_timer_create(
6600 			env->worker_base, auth_xfer_timer, xfr);
6601 		if(!xfr->task_nextprobe->timer) {
6602 			/* failed to malloc memory. likely zone transfer
6603 			 * also fails for that. skip the timeout */
6604 			char zname[255+1];
6605 			dname_str(xfr->name, zname);
6606 			log_err("cannot allocate timer, no refresh for %s",
6607 				zname);
6608 			return;
6609 		}
6610 	}
6611 	xfr->task_nextprobe->worker = env->worker;
6612 	xfr->task_nextprobe->env = env;
6613 	if(*(xfr->task_nextprobe->env->now) <= xfr->task_nextprobe->next_probe)
6614 		tv.tv_sec = xfr->task_nextprobe->next_probe -
6615 			*(xfr->task_nextprobe->env->now);
6616 	else	tv.tv_sec = 0;
6617 	if(tv.tv_sec != 0 && lookup_only && xfr->task_probe->masters) {
6618 		/* don't lookup_only, if lookup timeout is 0 anyway,
6619 		 * or if we don't have masters to lookup */
6620 		tv.tv_sec = 0;
6621 		if(xfr->task_probe->worker == NULL)
6622 			xfr->task_probe->only_lookup = 1;
6623 	}
6624 	if(verbosity >= VERB_ALGO) {
6625 		char zname[255+1];
6626 		dname_str(xfr->name, zname);
6627 		verbose(VERB_ALGO, "auth zone %s timeout in %d seconds",
6628 			zname, (int)tv.tv_sec);
6629 	}
6630 	tv.tv_usec = 0;
6631 	comm_timer_set(xfr->task_nextprobe->timer, &tv);
6632 }
6633 
6634 /** initial pick up of worker timeouts, ties events to worker event loop */
6635 void
6636 auth_xfer_pickup_initial(struct auth_zones* az, struct module_env* env)
6637 {
6638 	struct auth_xfer* x;
6639 	lock_rw_wrlock(&az->lock);
6640 	RBTREE_FOR(x, struct auth_xfer*, &az->xtree) {
6641 		lock_basic_lock(&x->lock);
6642 		/* set lease_time, because we now have timestamp in env,
6643 		 * (not earlier during startup and apply_cfg), and this
6644 		 * notes the start time when the data was acquired */
6645 		if(x->have_zone)
6646 			x->lease_time = *env->now;
6647 		if(x->task_nextprobe && x->task_nextprobe->worker == NULL) {
6648 			xfr_set_timeout(x, env, 0, 1);
6649 		}
6650 		lock_basic_unlock(&x->lock);
6651 	}
6652 	lock_rw_unlock(&az->lock);
6653 }
6654 
6655 void auth_zones_cleanup(struct auth_zones* az)
6656 {
6657 	struct auth_xfer* x;
6658 	lock_rw_wrlock(&az->lock);
6659 	RBTREE_FOR(x, struct auth_xfer*, &az->xtree) {
6660 		lock_basic_lock(&x->lock);
6661 		if(x->task_nextprobe && x->task_nextprobe->worker != NULL) {
6662 			xfr_nextprobe_disown(x);
6663 		}
6664 		if(x->task_probe && x->task_probe->worker != NULL) {
6665 			xfr_probe_disown(x);
6666 		}
6667 		if(x->task_transfer && x->task_transfer->worker != NULL) {
6668 			auth_chunks_delete(x->task_transfer);
6669 			xfr_transfer_disown(x);
6670 		}
6671 		lock_basic_unlock(&x->lock);
6672 	}
6673 	lock_rw_unlock(&az->lock);
6674 }
6675 
6676 /**
6677  * malloc the xfer and tasks
6678  * @param z: auth_zone with name of zone.
6679  */
6680 static struct auth_xfer*
6681 auth_xfer_new(struct auth_zone* z)
6682 {
6683 	struct auth_xfer* xfr;
6684 	xfr = (struct auth_xfer*)calloc(1, sizeof(*xfr));
6685 	if(!xfr) return NULL;
6686 	xfr->name = memdup(z->name, z->namelen);
6687 	if(!xfr->name) {
6688 		free(xfr);
6689 		return NULL;
6690 	}
6691 	xfr->node.key = xfr;
6692 	xfr->namelen = z->namelen;
6693 	xfr->namelabs = z->namelabs;
6694 	xfr->dclass = z->dclass;
6695 
6696 	xfr->task_nextprobe = (struct auth_nextprobe*)calloc(1,
6697 		sizeof(struct auth_nextprobe));
6698 	if(!xfr->task_nextprobe) {
6699 		free(xfr->name);
6700 		free(xfr);
6701 		return NULL;
6702 	}
6703 	xfr->task_probe = (struct auth_probe*)calloc(1,
6704 		sizeof(struct auth_probe));
6705 	if(!xfr->task_probe) {
6706 		free(xfr->task_nextprobe);
6707 		free(xfr->name);
6708 		free(xfr);
6709 		return NULL;
6710 	}
6711 	xfr->task_transfer = (struct auth_transfer*)calloc(1,
6712 		sizeof(struct auth_transfer));
6713 	if(!xfr->task_transfer) {
6714 		free(xfr->task_probe);
6715 		free(xfr->task_nextprobe);
6716 		free(xfr->name);
6717 		free(xfr);
6718 		return NULL;
6719 	}
6720 
6721 	lock_basic_init(&xfr->lock);
6722 	lock_protect(&xfr->lock, &xfr->name, sizeof(xfr->name));
6723 	lock_protect(&xfr->lock, &xfr->namelen, sizeof(xfr->namelen));
6724 	lock_protect(&xfr->lock, xfr->name, xfr->namelen);
6725 	lock_protect(&xfr->lock, &xfr->namelabs, sizeof(xfr->namelabs));
6726 	lock_protect(&xfr->lock, &xfr->dclass, sizeof(xfr->dclass));
6727 	lock_protect(&xfr->lock, &xfr->notify_received, sizeof(xfr->notify_received));
6728 	lock_protect(&xfr->lock, &xfr->notify_serial, sizeof(xfr->notify_serial));
6729 	lock_protect(&xfr->lock, &xfr->zone_expired, sizeof(xfr->zone_expired));
6730 	lock_protect(&xfr->lock, &xfr->have_zone, sizeof(xfr->have_zone));
6731 	lock_protect(&xfr->lock, &xfr->serial, sizeof(xfr->serial));
6732 	lock_protect(&xfr->lock, &xfr->retry, sizeof(xfr->retry));
6733 	lock_protect(&xfr->lock, &xfr->refresh, sizeof(xfr->refresh));
6734 	lock_protect(&xfr->lock, &xfr->expiry, sizeof(xfr->expiry));
6735 	lock_protect(&xfr->lock, &xfr->lease_time, sizeof(xfr->lease_time));
6736 	lock_protect(&xfr->lock, &xfr->task_nextprobe->worker,
6737 		sizeof(xfr->task_nextprobe->worker));
6738 	lock_protect(&xfr->lock, &xfr->task_probe->worker,
6739 		sizeof(xfr->task_probe->worker));
6740 	lock_protect(&xfr->lock, &xfr->task_transfer->worker,
6741 		sizeof(xfr->task_transfer->worker));
6742 	lock_basic_lock(&xfr->lock);
6743 	return xfr;
6744 }
6745 
6746 /** Create auth_xfer structure.
6747  * This populates the have_zone, soa values, and so on times.
6748  * and sets the timeout, if a zone transfer is needed a short timeout is set.
6749  * For that the auth_zone itself must exist (and read in zonefile)
6750  * returns false on alloc failure. */
6751 struct auth_xfer*
6752 auth_xfer_create(struct auth_zones* az, struct auth_zone* z)
6753 {
6754 	struct auth_xfer* xfr;
6755 
6756 	/* malloc it */
6757 	xfr = auth_xfer_new(z);
6758 	if(!xfr) {
6759 		log_err("malloc failure");
6760 		return NULL;
6761 	}
6762 	/* insert in tree */
6763 	(void)rbtree_insert(&az->xtree, &xfr->node);
6764 	return xfr;
6765 }
6766 
6767 /** create new auth_master structure */
6768 static struct auth_master*
6769 auth_master_new(struct auth_master*** list)
6770 {
6771 	struct auth_master *m;
6772 	m = (struct auth_master*)calloc(1, sizeof(*m));
6773 	if(!m) {
6774 		log_err("malloc failure");
6775 		return NULL;
6776 	}
6777 	/* set first pointer to m, or next pointer of previous element to m */
6778 	(**list) = m;
6779 	/* store m's next pointer as future point to store at */
6780 	(*list) = &(m->next);
6781 	return m;
6782 }
6783 
6784 /** dup_prefix : create string from initial part of other string, malloced */
6785 static char*
6786 dup_prefix(char* str, size_t num)
6787 {
6788 	char* result;
6789 	size_t len = strlen(str);
6790 	if(len < num) num = len; /* not more than strlen */
6791 	result = (char*)malloc(num+1);
6792 	if(!result) {
6793 		log_err("malloc failure");
6794 		return result;
6795 	}
6796 	memmove(result, str, num);
6797 	result[num] = 0;
6798 	return result;
6799 }
6800 
6801 /** dup string and print error on error */
6802 static char*
6803 dup_all(char* str)
6804 {
6805 	char* result = strdup(str);
6806 	if(!result) {
6807 		log_err("malloc failure");
6808 		return NULL;
6809 	}
6810 	return result;
6811 }
6812 
6813 /** find first of two characters */
6814 static char*
6815 str_find_first_of_chars(char* s, char a, char b)
6816 {
6817 	char* ra = strchr(s, a);
6818 	char* rb = strchr(s, b);
6819 	if(!ra) return rb;
6820 	if(!rb) return ra;
6821 	if(ra < rb) return ra;
6822 	return rb;
6823 }
6824 
6825 /** parse URL into host and file parts, false on malloc or parse error */
6826 static int
6827 parse_url(char* url, char** host, char** file, int* port, int* ssl)
6828 {
6829 	char* p = url;
6830 	/* parse http://www.example.com/file.htm
6831 	 * or http://127.0.0.1   (index.html)
6832 	 * or https://[::1@1234]/a/b/c/d */
6833 	*ssl = 1;
6834 	*port = AUTH_HTTPS_PORT;
6835 
6836 	/* parse http:// or https:// */
6837 	if(strncmp(p, "http://", 7) == 0) {
6838 		p += 7;
6839 		*ssl = 0;
6840 		*port = AUTH_HTTP_PORT;
6841 	} else if(strncmp(p, "https://", 8) == 0) {
6842 		p += 8;
6843 	} else if(strstr(p, "://") && strchr(p, '/') > strstr(p, "://") &&
6844 		strchr(p, ':') >= strstr(p, "://")) {
6845 		char* uri = dup_prefix(p, (size_t)(strstr(p, "://")-p));
6846 		log_err("protocol %s:// not supported (for url %s)",
6847 			uri?uri:"", p);
6848 		free(uri);
6849 		return 0;
6850 	}
6851 
6852 	/* parse hostname part */
6853 	if(p[0] == '[') {
6854 		char* end = strchr(p, ']');
6855 		p++; /* skip over [ */
6856 		if(end) {
6857 			*host = dup_prefix(p, (size_t)(end-p));
6858 			if(!*host) return 0;
6859 			p = end+1; /* skip over ] */
6860 		} else {
6861 			*host = dup_all(p);
6862 			if(!*host) return 0;
6863 			p = end;
6864 		}
6865 	} else {
6866 		char* end = str_find_first_of_chars(p, ':', '/');
6867 		if(end) {
6868 			*host = dup_prefix(p, (size_t)(end-p));
6869 			if(!*host) return 0;
6870 		} else {
6871 			*host = dup_all(p);
6872 			if(!*host) return 0;
6873 		}
6874 		p = end; /* at next : or / or NULL */
6875 	}
6876 
6877 	/* parse port number */
6878 	if(p && p[0] == ':') {
6879 		char* end = NULL;
6880 		*port = strtol(p+1, &end, 10);
6881 		p = end;
6882 	}
6883 
6884 	/* parse filename part */
6885 	while(p && *p == '/')
6886 		p++;
6887 	if(!p || p[0] == 0)
6888 		*file = strdup("index.html");
6889 	else	*file = strdup(p);
6890 	if(!*file) {
6891 		log_err("malloc failure");
6892 		return 0;
6893 	}
6894 	return 1;
6895 }
6896 
6897 int
6898 xfer_set_masters(struct auth_master** list, struct config_auth* c,
6899 	int with_http)
6900 {
6901 	struct auth_master* m;
6902 	struct config_strlist* p;
6903 	/* list points to the first, or next pointer for the new element */
6904 	while(*list) {
6905 		list = &( (*list)->next );
6906 	}
6907 	if(with_http)
6908 	  for(p = c->urls; p; p = p->next) {
6909 		m = auth_master_new(&list);
6910 		m->http = 1;
6911 		if(!parse_url(p->str, &m->host, &m->file, &m->port, &m->ssl))
6912 			return 0;
6913 	}
6914 	for(p = c->masters; p; p = p->next) {
6915 		m = auth_master_new(&list);
6916 		m->ixfr = 1; /* this flag is not configurable */
6917 		m->host = strdup(p->str);
6918 		if(!m->host) {
6919 			log_err("malloc failure");
6920 			return 0;
6921 		}
6922 	}
6923 	for(p = c->allow_notify; p; p = p->next) {
6924 		m = auth_master_new(&list);
6925 		m->allow_notify = 1;
6926 		m->host = strdup(p->str);
6927 		if(!m->host) {
6928 			log_err("malloc failure");
6929 			return 0;
6930 		}
6931 	}
6932 	return 1;
6933 }
6934 
6935 #define SERIAL_BITS	32
6936 int
6937 compare_serial(uint32_t a, uint32_t b)
6938 {
6939 	const uint32_t cutoff = ((uint32_t) 1 << (SERIAL_BITS - 1));
6940 
6941 	if (a == b) {
6942 		return 0;
6943 	} else if ((a < b && b - a < cutoff) || (a > b && a - b > cutoff)) {
6944 		return -1;
6945 	} else {
6946 		return 1;
6947 	}
6948 }
6949